From 9034ae506005d4263637b28b864dbdcd34a31e97 Mon Sep 17 00:00:00 2001 From: Dmitriy Kholkin Date: Thu, 8 Feb 2024 23:21:10 +0300 Subject: [PATCH] deadnix, cleanup --- flake.nix | 3 - machines/AMD-Workstation/boot.nix | 2 +- .../hardware-configuration.nix | 2 +- machines/Dell-Laptop/boot.nix | 2 +- machines/Dell-Laptop/default.nix | 2 +- .../Dell-Laptop/hardware-configuration.nix | 2 +- machines/Home-Hypervisor/autoinstall.nix | 2 +- machines/Home-Hypervisor/default.nix | 5 +- .../hardware-configuration.nix | 2 +- machines/Home-Hypervisor/usb-hdd.nix | 2 +- machines/NixOS-VPS/services/synapse.nix | 2 +- machines/NixOS-VPS/services/tailscale.nix | 2 +- machines/NixOS-VPS/services/tor-bridge.nix | 2 +- machines/NixOS-VPS/services/wireguard.nix | 2 +- modules/applications.nix | 4 +- modules/devices.nix | 2 +- modules/headscale-auth.nix | 2 +- modules/libvirt-guests.nix | 2 +- modules/persist.nix | 109 +----- modules/rustic-postgresql.nix | 2 +- modules/s3-sync.nix | 2 +- modules/steam-compat-tools.nix | 2 +- modules/users.nix | 6 +- patches/authentik-271885.patch | 314 ------------------ patches/tor-bridge.patch | 13 - patches/webhooks.patch | 28 -- profiles/applications-setup.nix | 4 +- profiles/applications/alacritty.nix | 83 ----- profiles/applications/cassowary.nix | 11 +- profiles/applications/element.nix | 2 +- profiles/applications/email.nix | 64 +--- profiles/applications/firefox.nix | 7 +- profiles/applications/games/hoyo.nix | 2 +- profiles/applications/games/steam.nix | 22 +- profiles/applications/games/wine-games.nix | 5 +- profiles/applications/kitty.nix | 6 +- profiles/applications/mpv.nix | 2 +- profiles/applications/nicotine.nix | 2 +- profiles/applications/nnn.nix | 2 +- profiles/applications/packages.nix | 37 +-- profiles/applications/rclone.nix | 9 - profiles/applications/rofi.nix | 2 +- profiles/applications/spotify.nix | 6 +- profiles/applications/sunshine.nix | 10 +- profiles/applications/tor-browser.nix | 14 - profiles/applications/vscode/default.nix | 19 -- profiles/applications/zathura.nix | 2 +- profiles/bluetooth.nix | 2 +- profiles/hardened.nix | 4 +- profiles/hardware.nix | 2 +- profiles/network.nix | 2 +- profiles/nix/default.nix | 2 +- profiles/nix/doas.patch | 23 -- profiles/security/pass-secret-service.nix | 2 +- profiles/security/user.nix | 2 +- profiles/security/vlock.nix | 2 +- profiles/servers/acme.nix | 2 +- profiles/servers/atticd.nix | 2 +- profiles/servers/battery-historian.nix | 2 +- profiles/servers/blocky.nix | 4 +- profiles/servers/fail2ban.nix | 2 +- profiles/servers/gitea.nix | 2 - profiles/servers/headscale.nix | 2 +- profiles/servers/inpx-web.nix | 2 +- profiles/servers/it-tools.nix | 2 +- profiles/servers/joplin-server.nix | 60 ---- profiles/servers/media-stack/caddy.nix | 3 +- profiles/servers/media-stack/jackett.nix | 3 +- profiles/servers/media-stack/jellyfin.nix | 3 +- profiles/servers/media-stack/lidarr.nix | 3 +- profiles/servers/media-stack/medusa.nix | 3 +- profiles/servers/media-stack/qbittorrent.nix | 3 +- profiles/servers/media-stack/radarr.nix | 3 +- profiles/servers/media-stack/recyclarr.nix | 3 +- profiles/servers/media-stack/sonarr.nix | 3 +- profiles/servers/nginx.nix | 2 +- profiles/servers/openbooks.nix | 2 +- profiles/servers/spdf.nix | 2 +- profiles/servers/tinyproxy.nix | 6 +- profiles/servers/vaultwarden.nix | 2 - profiles/servers/vscode-server.nix | 3 +- profiles/servers/webhooks.nix | 4 +- profiles/servers/wiki.nix | 2 +- profiles/themes.nix | 4 +- profiles/vpn.nix | 2 +- profiles/workspace/aria2.nix | 23 +- profiles/workspace/cursor.nix | 2 +- profiles/workspace/gtk.nix | 2 +- profiles/workspace/light.nix | 2 +- profiles/workspace/locale.nix | 2 +- profiles/workspace/misc.nix | 4 +- profiles/workspace/ssh.nix | 2 +- profiles/workspace/waybar/default.nix | 2 +- profiles/workspace/xdg.nix | 2 +- profiles/workspace/zsh/default.nix | 2 +- roles/desktop.nix | 3 - roles/hypervisor.nix | 2 +- secrets/suomi-vps/marzban.env | 16 - secrets/suomi-vps/nginx.yaml | 49 --- 99 files changed, 129 insertions(+), 990 deletions(-) delete mode 100644 patches/authentik-271885.patch delete mode 100644 patches/tor-bridge.patch delete mode 100644 patches/webhooks.patch delete mode 100644 profiles/applications/alacritty.nix delete mode 100644 profiles/applications/rclone.nix delete mode 100644 profiles/applications/tor-browser.nix delete mode 100644 profiles/nix/doas.patch delete mode 100644 profiles/servers/joplin-server.nix delete mode 100644 secrets/suomi-vps/marzban.env delete mode 100644 secrets/suomi-vps/nginx.yaml diff --git a/flake.nix b/flake.nix index e708348..f11367a 100644 --- a/flake.nix +++ b/flake.nix @@ -118,7 +118,6 @@ "rustic-rs-0.7.0.patch" "vaultwarden.patch" "vscode-1.86.0.patch" - "webhooks.patch" ]; sharedOverlays = [ flake-utils-plus.overlay inputs.sops-nix.overlays.default ]; channelsConfig = { @@ -141,7 +140,6 @@ modules = __attrValues self.customModules ++ [ (import (./machines + "/${name}")) { device = name; mainuser = "ataraxia"; } - inputs.vscode-server.nixosModule inputs.sops-nix.nixosModules.sops ]; specialArgs = { inherit inputs; }; @@ -152,7 +150,6 @@ modules = __attrValues self.customModules ++ [ (import (./machines/Home-Hypervisor)) { device = "Home-Hypervisor"; mainuser = "ataraxia"; } - inputs.vscode-server.nixosModule inputs.sops-nix.nixosModules.sops ]; specialArgs = { inherit inputs; }; diff --git a/machines/AMD-Workstation/boot.nix b/machines/AMD-Workstation/boot.nix index cc15a63..8f28469 100644 --- a/machines/AMD-Workstation/boot.nix +++ b/machines/AMD-Workstation/boot.nix @@ -1,4 +1,4 @@ -{ config, pkgs, lib, ... }: +{ pkgs, lib, ... }: let zfs_arc_max = toString (6 * 1024 * 1024 * 1024); in { diff --git a/machines/AMD-Workstation/hardware-configuration.nix b/machines/AMD-Workstation/hardware-configuration.nix index 59f7e08..7e1c22a 100644 --- a/machines/AMD-Workstation/hardware-configuration.nix +++ b/machines/AMD-Workstation/hardware-configuration.nix @@ -1,7 +1,7 @@ # Do not modify this file! It was generated by ‘nixos-generate-config’ # and may be overwritten by future invocations. Please make changes # to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, modulesPath, ... }: +{ config, lib, modulesPath, ... }: { imports = diff --git a/machines/Dell-Laptop/boot.nix b/machines/Dell-Laptop/boot.nix index a9982de..e82ac09 100644 --- a/machines/Dell-Laptop/boot.nix +++ b/machines/Dell-Laptop/boot.nix @@ -1,4 +1,4 @@ -{ config, pkgs, lib, ... }: +{ pkgs, lib, ... }: let zfs_arc_max = toString (2 * 1024 * 1024 * 1024); in { diff --git a/machines/Dell-Laptop/default.nix b/machines/Dell-Laptop/default.nix index fef4693..63a877d 100644 --- a/machines/Dell-Laptop/default.nix +++ b/machines/Dell-Laptop/default.nix @@ -1,4 +1,4 @@ -{ inputs, config, lib, pkgs, ... }: { +{ inputs, config, pkgs, ... }: { imports = with inputs.self; [ ./boot.nix ./hardware-configuration.nix diff --git a/machines/Dell-Laptop/hardware-configuration.nix b/machines/Dell-Laptop/hardware-configuration.nix index 89ad1f3..eddc321 100644 --- a/machines/Dell-Laptop/hardware-configuration.nix +++ b/machines/Dell-Laptop/hardware-configuration.nix @@ -1,7 +1,7 @@ # Do not modify this file! It was generated by ‘nixos-generate-config’ # and may be overwritten by future invocations. Please make changes # to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, modulesPath, ... }: +{ config, lib, modulesPath, ... }: { imports = diff --git a/machines/Home-Hypervisor/autoinstall.nix b/machines/Home-Hypervisor/autoinstall.nix index f7e4738..d53d7b1 100644 --- a/machines/Home-Hypervisor/autoinstall.nix +++ b/machines/Home-Hypervisor/autoinstall.nix @@ -1,4 +1,4 @@ -{ lib, ... }: { +{ ... }: { autoinstall."Home-Hypervisor" = { debug = false; mainuser = "ataraxia"; diff --git a/machines/Home-Hypervisor/default.nix b/machines/Home-Hypervisor/default.nix index 9449509..d603d55 100644 --- a/machines/Home-Hypervisor/default.nix +++ b/machines/Home-Hypervisor/default.nix @@ -1,4 +1,4 @@ -{ modulesPath, inputs, lib, pkgs, config, options, ... }: +{ inputs, lib, pkgs, config, ... }: let persistRoot = config.autoinstall.persist.persistRoot or "/persist"; in { imports = with inputs.self; [ @@ -40,12 +40,11 @@ in { customProfiles.yandex-db (import customProfiles.blocky { - inherit config pkgs; inherit (import ./dns-mapping.nix) dnsmasq-list; }) (import customProfiles.headscale { - inherit config pkgs lib inputs; + inherit config lib inputs; inherit (import ./dns-mapping.nix) headscale-list; }) ]; diff --git a/machines/Home-Hypervisor/hardware-configuration.nix b/machines/Home-Hypervisor/hardware-configuration.nix index 4c9eeec..672afd9 100644 --- a/machines/Home-Hypervisor/hardware-configuration.nix +++ b/machines/Home-Hypervisor/hardware-configuration.nix @@ -1,7 +1,7 @@ # Do not modify this file! It was generated by ‘nixos-generate-config’ # and may be overwritten by future invocations. Please make changes # to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, modulesPath, ... }: +{ config, lib, modulesPath, ... }: { imports = diff --git a/machines/Home-Hypervisor/usb-hdd.nix b/machines/Home-Hypervisor/usb-hdd.nix index 2a22cb1..bde3f50 100644 --- a/machines/Home-Hypervisor/usb-hdd.nix +++ b/machines/Home-Hypervisor/usb-hdd.nix @@ -1,4 +1,4 @@ -{ config, lib, ... }: { +{ ... }: { boot.initrd = rec { luks.devices = { "crypt-nas" = { diff --git a/machines/NixOS-VPS/services/synapse.nix b/machines/NixOS-VPS/services/synapse.nix index 6ab1a4d..94d21ef 100644 --- a/machines/NixOS-VPS/services/synapse.nix +++ b/machines/NixOS-VPS/services/synapse.nix @@ -1,4 +1,4 @@ -{ config, lib, pkgs, inputs, ... }: +{ config, lib, inputs, ... }: let bridge = (import ../hardware/networks.nix).interfaces.main'; external-ip = "83.138.55.118"; diff --git a/machines/NixOS-VPS/services/tailscale.nix b/machines/NixOS-VPS/services/tailscale.nix index c87f8ff..bcaf458 100644 --- a/machines/NixOS-VPS/services/tailscale.nix +++ b/machines/NixOS-VPS/services/tailscale.nix @@ -1,4 +1,4 @@ -{ config, pkgs, lib, ... }: +{ config, ... }: let bridgeName = (import ../hardware/networks.nix).interfaces.main'.bridgeName; tailscalePort = config.services.tailscale.port; diff --git a/machines/NixOS-VPS/services/tor-bridge.nix b/machines/NixOS-VPS/services/tor-bridge.nix index c800d16..8d3d04a 100644 --- a/machines/NixOS-VPS/services/tor-bridge.nix +++ b/machines/NixOS-VPS/services/tor-bridge.nix @@ -1,4 +1,4 @@ -{ config, pkgs, lib, ... }: +{ pkgs, ... }: let inherit (import ../hardware/networks.nix) interfaces; bridgeName = interfaces.main'.bridgeName; diff --git a/machines/NixOS-VPS/services/wireguard.nix b/machines/NixOS-VPS/services/wireguard.nix index 93197bc..1244d94 100644 --- a/machines/NixOS-VPS/services/wireguard.nix +++ b/machines/NixOS-VPS/services/wireguard.nix @@ -1,4 +1,4 @@ -{ config, lib, pkgs, ... }: +{ lib, pkgs, ... }: let inherit (import ../hardware/networks.nix) interfaces wireguardPort wireguardPeers; wireguardIFName = interfaces.wireguard0.ifname; diff --git a/modules/applications.nix b/modules/applications.nix index b954605..f042ea2 100644 --- a/modules/applications.nix +++ b/modules/applications.nix @@ -1,10 +1,10 @@ -{ pkgs, config, lib, ... }: +{ config, lib, ... }: with config.deviceSpecific; { options = with lib; with types; { defaultApplications = mkOption { - type = attrsOf (submodule ({ name, ... }: { + type = attrsOf (submodule ({ ... }: { options = { cmd = mkOption { type = path; }; desktop = mkOption { type = str; }; diff --git a/modules/devices.nix b/modules/devices.nix index 1af1bd8..7a6fd7d 100644 --- a/modules/devices.nix +++ b/modules/devices.nix @@ -1,4 +1,4 @@ -{ pkgs, lib, config, ... }: +{ lib, config, ... }: with lib; with types; { options = { diff --git a/modules/headscale-auth.nix b/modules/headscale-auth.nix index a7ae143..d7d3da2 100644 --- a/modules/headscale-auth.nix +++ b/modules/headscale-auth.nix @@ -5,7 +5,7 @@ with lib; description = mdDoc '' Request headscale auth key. ''; - type = types.attrsOf (types.submodule ({ cfg, name, ... }: { + type = types.attrsOf (types.submodule ({ ... }: { options = { autoStart = mkOption { type = types.bool; diff --git a/modules/libvirt-guests.nix b/modules/libvirt-guests.nix index d19da61..8a6b1c1 100644 --- a/modules/libvirt-guests.nix +++ b/modules/libvirt-guests.nix @@ -44,7 +44,7 @@ let default = "virtiofs"; }; }; - guestsOptions = { name, ... }: { + guestsOptions = { ... }: { options = rec { xmlFile = mkOption { type = with types; nullOr path; diff --git a/modules/persist.nix b/modules/persist.nix index 2940d11..9d5d87d 100644 --- a/modules/persist.nix +++ b/modules/persist.nix @@ -1,4 +1,4 @@ -{ config, pkgs, lib, inputs, ... }: +{ config, lib, inputs, ... }: let cfg = config.persist; @@ -23,110 +23,22 @@ let in { options = let inherit (lib) mkOption mkEnableOption; - inherit (lib.types) listOf path str either submodule enum; - - # defaultPerms = { - # mode = "0755"; - # user = "root"; - # group = "root"; - # }; - # dirPermsOpts = { user, group, mode }: { - # user = mkOption { - # type = str; - # default = user; - # }; - # group = mkOption { - # type = str; - # default = group; - # }; - # mode = mkOption { - # type = str; - # default = mode; - # }; - # }; - # fileOpts = perms: { - # options = { - # file = mkOption { - # type = str; - # }; - # parentDirectory = dirPermsOpts perms; - # }; - # }; - # dirOpts = perms: { - # options = { - # directory = mkOption { - # type = str; - # }; - # } // (dirPermsOpts perms); - # }; - # userDefaultPerms = { - # inherit (defaultPerms) mode; - # user = config.mainuser; - # group = config.users.${userDefaultPerms.user}.group; - # }; - # rootFile = submodule [ - # (fileOpts defaultPerms) - # ]; - # rootDir = submodule [ - # (dirOpts defaultPerms) - # ]; - # userFile = submodule [ - # (fileOpts userDefaultPerms) - # ]; - # userDir = submodule [ - # (dirOpts userDefaultPerms) - # ]; + inherit (lib.types) listOf path str; common = { directories = mkOption { - # type = listOf (either str (submodule { - # options = { - # directory = mkOption { - # type = str; - # default = null; - # }; - # user = mkOption { - # type = str; - # default = "root"; - # }; - # group = mkOption { - # type = str; - # default = "root"; - # }; - # mode = mkOption { - # type = str; - # default = "0755"; - # }; - # }; - # })); - # type = listOf (either str rootDir); type = listOf str; default = [ ]; }; files = mkOption { - # type = listOf (either str rootFile); type = listOf str; default = [ ]; }; homeFiles = mkOption { - # type = listOf (either str userFile); type = listOf str; default = [ ]; }; homeDirectories = mkOption { - # type = listOf (either str (submodule { - # options = { - # directory = mkOption { - # type = str; - # default = null; - # }; - # method = mkOption { - # type = enum [ "bindfs" "symlink" ]; - # default = "bindfs"; - # }; - # }; - # })); - # type = listOf (either str userDir); type = listOf str; default = [ ]; }; @@ -186,23 +98,6 @@ in { }; }; - # fileSystems."/" = lib.mkIf (config.deviceSpecific.devInfo.fileSystem != "zfs") { - # device = "none"; - # options = [ "defaults" "size=2G" "mode=755" ]; - # fsType = "tmpfs"; - # }; - - # boot.initrd = lib.mkIf (config.deviceSpecific.devInfo.fileSystem != "zfs") { - # postMountCommands = - # assert config.fileSystems - # ? ${cfg.persistRoot} - # && config.fileSystems.${cfg.persistRoot}.neededForBoot; '' - # mkdir -p /mnt-root/nix - # mount --bind /mnt-root${cfg.persistRoot}/nix /mnt-root/nix - # chmod 755 /mnt-root - # ''; - # }; - systemd.services.persist-cache-cleanup = lib.mkIf cfg.cache.clean.enable { description = "Cleaning up cache files and directories"; script = '' diff --git a/modules/rustic-postgresql.nix b/modules/rustic-postgresql.nix index d59d574..2224b41 100644 --- a/modules/rustic-postgresql.nix +++ b/modules/rustic-postgresql.nix @@ -5,7 +5,7 @@ with lib; description = mdDoc '' Periodic backups of postgresql database to create with Rustic. ''; - type = types.attrsOf (types.submodule ({ config, name, ... }: { + type = types.attrsOf (types.submodule ({ name, ... }: { options = { dbName = mkOption { type = types.str; diff --git a/modules/s3-sync.nix b/modules/s3-sync.nix index 61a8f65..11d2bc1 100644 --- a/modules/s3-sync.nix +++ b/modules/s3-sync.nix @@ -7,7 +7,7 @@ in { description = mdDoc '' Sync buckets beetween two storages. ''; - type = types.attrsOf (types.submodule ({ config, name, ... }: { + type = types.attrsOf (types.submodule ({ ... }: { options = { rcloneConfigFile = mkOption { type = with types; nullOr path; diff --git a/modules/steam-compat-tools.nix b/modules/steam-compat-tools.nix index 7480bcc..18c850c 100644 --- a/modules/steam-compat-tools.nix +++ b/modules/steam-compat-tools.nix @@ -1,4 +1,4 @@ -{ config, lib, pkgs, ... }: +{ config, lib, ... }: with lib; let cfg = config.programs.steam; in { diff --git a/modules/users.nix b/modules/users.nix index 47e244c..429e2b4 100644 --- a/modules/users.nix +++ b/modules/users.nix @@ -1,7 +1,5 @@ -{ config, lib, pkgs, ... }: -with lib; -with types; { +{ lib, ... }: { options = { - mainuser = mkOption { type = str; }; + mainuser = lib.mkOption { type = lib.types.str; }; }; } \ No newline at end of file diff --git a/patches/authentik-271885.patch b/patches/authentik-271885.patch deleted file mode 100644 index d0f810b..0000000 --- a/patches/authentik-271885.patch +++ /dev/null @@ -1,314 +0,0 @@ -diff --git a/pkgs/by-name/au/authentik/ldap.nix b/pkgs/by-name/au/authentik/ldap.nix -new file mode 100644 -index 000000000000..7945c3021dfd ---- /dev/null -+++ b/pkgs/by-name/au/authentik/ldap.nix -@@ -0,0 +1,18 @@ -+{ lib, buildGoModule, authentik }: -+ -+buildGoModule { -+ pname = "authentik-ldap-outpost"; -+ inherit (authentik) version src; -+ -+ vendorHash = "sha256-8F9emmQmbe7R+xtGrjV5ht0adGasU6WAvLa8Wxr+j8M="; -+ -+ CGO_ENABLED = 0; -+ -+ subPackages = [ "cmd/ldap" ]; -+ -+ meta = authentik.meta // { -+ description = "The authentik ldap outpost. Needed for the extendal ldap API."; -+ homepage = "https://goauthentik.io/docs/providers/ldap/"; -+ mainProgram = "ldap"; -+ }; -+} -diff --git a/pkgs/by-name/au/authentik/outposts.nix b/pkgs/by-name/au/authentik/outposts.nix -new file mode 100644 -index 000000000000..05649628b3e8 ---- /dev/null -+++ b/pkgs/by-name/au/authentik/outposts.nix -@@ -0,0 +1,5 @@ -+{ callPackage }: -+ -+{ -+ ldap = callPackage ./ldap.nix { }; -+} -diff --git a/pkgs/by-name/au/authentik/package.nix b/pkgs/by-name/au/authentik/package.nix -new file mode 100644 -index 000000000000..8fca47e7ec28 ---- /dev/null -+++ b/pkgs/by-name/au/authentik/package.nix -@@ -0,0 +1,248 @@ -+{ lib -+, stdenvNoCC -+, fetchFromGitHub -+, buildNpmPackage -+, buildGoModule -+, runCommand -+, openapi-generator-cli -+, nodejs -+, python3 -+, codespell -+, makeWrapper }: -+ -+let -+ version = "2023.10.6"; -+ -+ src = fetchFromGitHub { -+ owner = "goauthentik"; -+ repo = "authentik"; -+ rev = "version/${version}"; -+ hash = "sha256-N6FeNUlenbBQPAAUSqC+2GWFfte3G+Zfu5KGVJOqNZQ="; -+ }; -+ -+ website = buildNpmPackage { -+ pname = "authentik-website"; -+ inherit version src; -+ npmDepsHash = "sha256-4dgFxEvMnp+35nSQNsEchtN1qoS5X2KzEbLPvMnyR+k="; -+ -+ NODE_ENV = "production"; -+ NODE_OPTIONS = "--openssl-legacy-provider"; -+ -+ postPatch = '' -+ cd website -+ ''; -+ -+ installPhase = '' -+ cp -r help $out -+ ''; -+ -+ npmInstallFlags = [ "--include=dev" ]; -+ npmBuildScript = "build-docs-only"; -+ }; -+ -+ clientapi = stdenvNoCC.mkDerivation { -+ pname = "authentik-client-api"; -+ inherit version src; -+ -+ postPatch = '' -+ rm Makefile -+ -+ substituteInPlace ./scripts/api-ts-config.yaml \ -+ --replace '/local' "$(pwd)/" -+ ''; -+ -+ nativeBuildInputs = [ openapi-generator-cli ]; -+ buildPhase = '' -+ runHook preBuild -+ openapi-generator-cli generate -i ./schema.yml \ -+ -g typescript-fetch -o $out \ -+ -c ./scripts/api-ts-config.yaml \ -+ --additional-properties=npmVersion=${nodejs.pkgs.npm.version} \ -+ --git-repo-id authentik --git-user-id goauthentik -+ runHook postBuild -+ ''; -+ }; -+ -+ webui = buildNpmPackage { -+ pname = "authentik-webui"; -+ inherit version; -+ -+ src = runCommand "authentik-webui-source" {} '' -+ mkdir -p $out/web/node_modules/@goauthentik/ -+ cp -r ${src}/web $out/ -+ ln -s ${src}/website $out/ -+ ln -s ${clientapi} $out/web/node_modules/@goauthentik/api -+ ''; -+ npmDepsHash = "sha256-5aCKlArtoEijGqeYiY3zoV0Qo7/Xt5hSXbmy2uYZpok="; -+ -+ postPatch = '' -+ cd web -+ ''; -+ -+ installPhase = '' -+ runHook preInstall -+ mkdir $out -+ cp -r dist $out/dist -+ cp -r authentik $out/authentik -+ runHook postInstall -+ ''; -+ -+ NODE_ENV = "production"; -+ NODE_OPTIONS = "--openssl-legacy-provider"; -+ -+ npmInstallFlags = [ "--include=dev" ]; -+ }; -+ -+ python = python3.override { -+ self = python; -+ packageOverrides = final: prev: { -+ authentik-django = prev.buildPythonPackage { -+ pname = "authentik-django"; -+ inherit version src; -+ pyproject = true; -+ -+ postPatch = '' -+ substituteInPlace authentik/root/settings.py \ -+ --replace 'Path(__file__).absolute().parent.parent.parent' "\"$out\"" -+ substituteInPlace authentik/lib/default.yml \ -+ --replace '/blueprints' "$out/blueprints" -+ sed -i '/dumb-init/d' pyproject.toml -+ sed -i '/djangorestframework-guardian/d' pyproject.toml -+ ''; -+ -+ nativeBuildInputs = [ prev.poetry-core ]; -+ propagatedBuildInputs = with prev; [ -+ argon2-cffi -+ celery -+ channels -+ channels-redis -+ colorama -+ dacite -+ daphne -+ deepmerge -+ defusedxml -+ django -+ django-filter -+ django-guardian -+ django-model-utils -+ django-prometheus -+ django-redis -+ djangorestframework -+ djangorestframework-guardian2 -+ docker -+ drf-spectacular -+ duo-client -+ facebook-sdk -+ flower -+ geoip2 -+ gunicorn -+ httptools -+ kubernetes -+ ldap3 -+ lxml -+ opencontainers -+ packaging -+ paramiko -+ psycopg -+ pycryptodome -+ pydantic -+ pydantic-scim -+ pyjwt -+ pyyaml -+ requests-oauthlib -+ sentry-sdk -+ structlog -+ swagger-spec-validator -+ twilio -+ twisted -+ ua-parser -+ urllib3 -+ uvicorn -+ uvloop -+ watchdog -+ webauthn -+ websockets -+ wsproto -+ xmlsec -+ zxcvbn -+ jsonpatch -+ ] ++ [ -+ codespell -+ ]; -+ -+ postInstall = '' -+ mkdir -p $out/web $out/website -+ cp -r lifecycle manage.py $out/${prev.python.sitePackages}/ -+ cp -r blueprints $out/ -+ cp -r ${webui}/dist ${webui}/authentik $out/web/ -+ cp -r ${website} $out/website/help -+ ln -s $out/${prev.python.sitePackages}/lifecycle $out/lifecycle -+ ''; -+ }; -+ }; -+ }; -+ -+ inherit (python.pkgs) authentik-django; -+ -+ proxy = buildGoModule { -+ pname = "authentik-proxy"; -+ inherit version src; -+ -+ postPatch = '' -+ substituteInPlace internal/gounicorn/gounicorn.go \ -+ --replace './lifecycle' "${authentik-django}/lifecycle" -+ substituteInPlace web/static.go \ -+ --replace './web' "${authentik-django}/web" -+ substituteInPlace internal/web/static.go \ -+ --replace './web' "${authentik-django}/web" -+ ''; -+ -+ CGO_ENABLED = 0; -+ -+ vendorHash = "sha256-8F9emmQmbe7R+xtGrjV5ht0adGasU6WAvLa8Wxr+j8M="; -+ -+ postInstall = '' -+ mv $out/bin/server $out/bin/authentik -+ ''; -+ -+ subPackages = [ "cmd/server" ]; -+ }; -+ -+in stdenvNoCC.mkDerivation { -+ pname = "authentik"; -+ inherit src version; -+ -+ postPatch = '' -+ rm Makefile -+ patchShebangs lifecycle/ak -+ -+ # This causes issues in systemd services -+ substituteInPlace lifecycle/ak \ -+ --replace 'printf' '>&2 printf' \ -+ --replace '> /dev/stderr' "" -+ ''; -+ -+ installPhase = '' -+ runHook preInstall -+ mkdir -p $out/bin -+ cp -r lifecycle/ak $out/bin/ -+ -+ wrapProgram $out/bin/ak \ -+ --prefix PATH : ${lib.makeBinPath [ (python.withPackages (ps: [ps.authentik-django])) proxy ]} \ -+ --set TMPDIR /dev/shm \ -+ --set PYTHONDONTWRITEBYTECODE 1 \ -+ --set PYTHONUNBUFFERED 1 -+ runHook postInstall -+ ''; -+ -+ nativeBuildInputs = [ makeWrapper ]; -+ -+ meta = with lib; { -+ description = "The authentication glue you need"; -+ changelog = "https://github.com/goauthentik/authentik/releases/tag/version%2F${version}"; -+ homepage = "https://goauthentik.io/"; -+ license = licenses.mit; -+ maintainers = with maintainers; [ jvanbruegge ]; -+ mainProgram = "ak"; -+ }; -+} -diff --git a/pkgs/tools/networking/openapi-generator-cli/default.nix b/pkgs/tools/networking/openapi-generator-cli/default.nix -index 2edba9a26eb6..fed141f9c1e1 100644 ---- a/pkgs/tools/networking/openapi-generator-cli/default.nix -+++ b/pkgs/tools/networking/openapi-generator-cli/default.nix -@@ -33,6 +33,7 @@ let this = stdenv.mkDerivation rec { - homepage = "https://github.com/OpenAPITools/openapi-generator"; - changelog = "https://github.com/OpenAPITools/openapi-generator/releases/tag/v${version}"; - sourceProvenance = with sourceTypes; [ binaryBytecode ]; -+ mainProgram = "openapi-generator-cli"; - license = licenses.asl20; - maintainers = with maintainers; [ shou ]; - }; -diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix -index e0ca2d741d53..20687cbb509a 100644 ---- a/pkgs/top-level/all-packages.nix -+++ b/pkgs/top-level/all-packages.nix -@@ -3374,6 +3374,8 @@ with pkgs; - - authelia = callPackage ../servers/authelia { }; - -+ authentik-outposts = recurseIntoAttrs (callPackages ../by-name/au/authentik/outposts.nix { }); -+ - autoflake = with python3.pkgs; toPythonApplication autoflake; - - autospotting = callPackage ../applications/misc/autospotting { }; diff --git a/patches/tor-bridge.patch b/patches/tor-bridge.patch deleted file mode 100644 index 0b286c5..0000000 --- a/patches/tor-bridge.patch +++ /dev/null @@ -1,13 +0,0 @@ -diff --git a/nixos/modules/services/security/tor.nix b/nixos/modules/services/security/tor.nix -index 4ff941251c99..32c9d8ae046c 100644 ---- a/nixos/modules/services/security/tor.nix -+++ b/nixos/modules/services/security/tor.nix -@@ -854,7 +854,7 @@ in - BridgeRelay = true; - ExtORPort.port = mkDefault "auto"; - ServerTransportPlugin.transports = mkDefault ["obfs4"]; -- ServerTransportPlugin.exec = mkDefault "${pkgs.obfs4}/bin/obfs4proxy managed"; -+ ServerTransportPlugin.exec = mkDefault "${lib.getExe pkgs.obfs4} managed"; - } // optionalAttrs (cfg.relay.role == "private-bridge") { - ExtraInfoStatistics = false; - PublishServerDescriptor = false; diff --git a/patches/webhooks.patch b/patches/webhooks.patch deleted file mode 100644 index 8e49a19..0000000 --- a/patches/webhooks.patch +++ /dev/null @@ -1,28 +0,0 @@ -diff --git a/nixos/modules/services/networking/webhook.nix b/nixos/modules/services/networking/webhook.nix -index 2a78491941c..9e3c816021f 100644 ---- a/nixos/modules/services/networking/webhook.nix -+++ b/nixos/modules/services/networking/webhook.nix -@@ -158,6 +158,11 @@ in { - default = {}; - description = mdDoc "Extra environment variables passed to webhook."; - }; -+ environmentFiles = mkOption { -+ type = types.listOf types.str; -+ default = []; -+ description = mdDoc "Extra environment variables from files passed to webhook."; -+ }; - }; - }; - -@@ -201,7 +206,11 @@ in { - ++ optional cfg.enableTemplates "-template" - ++ optional cfg.verbose "-verbose" - ++ cfg.extraArgs; -+ envFiles = concatMapStringsSep "\n" (envFile: "source " + envFile) cfg.environmentFiles; - in '' -+ set -a -+ ${envFiles} -+ set +a - ${cfg.package}/bin/webhook ${escapeShellArgs args} - ''; - serviceConfig = { diff --git a/profiles/applications-setup.nix b/profiles/applications-setup.nix index 787a3bc..472c8cf 100644 --- a/profiles/applications-setup.nix +++ b/profiles/applications-setup.nix @@ -1,4 +1,4 @@ -{ config, pkgs, lib, ... }: { +{ config, pkgs, ... }: { defaultApplications = { fm = { cmd = "${pkgs.pcmanfm}/bin/pcmanfm"; @@ -50,7 +50,7 @@ enable = true; defaultApplications = with config.defaultApplications; - builtins.mapAttrs (name: value: + builtins.mapAttrs (_name: value: if value ? desktop then [ "${value.desktop}.desktop" ] else value) { "text/html" = browser; "inode/directory" = fm; diff --git a/profiles/applications/alacritty.nix b/profiles/applications/alacritty.nix deleted file mode 100644 index 5d82d7c..0000000 --- a/profiles/applications/alacritty.nix +++ /dev/null @@ -1,83 +0,0 @@ -{ pkgs, lib, config, ... }: -let - thm = config.lib.base16.theme; -in -with config.deviceSpecific; -{ - # defaultApplications.term = lib.mkIf (isDesktop) { - # cmd = "${pkgs.alacritty}/bin/alacritty"; - # desktop = "alacritty"; - # }; - home-manager.users.${config.mainuser} = { - programs.alacritty = { - # enable = isDesktop; - enable = false; - settings = { - font = { - normal = { - family = "${thm.fonts.mono.family}"; - style = "Regular"; - }; - bold = { - family = "${thm.fonts.mono.family}"; - style = "Bold"; - }; - italic = { - family = "${thm.fonts.mono.family}"; - style = "Italic"; - }; - bold_italic = { - family = "${thm.fonts.mono.family}"; - style = "Bold Italic"; - }; - size = thm.fontSizes.small.int; - }; - - window.padding = { - x = 2; - y = 2; - }; - - shell.program = "${pkgs.zsh}/bin/zsh"; - - cursor.style = "Beam"; - - colors = { - primary = { - background = "#${thm.base00-hex}"; - foreground = "#${thm.base05-hex}"; - }; - cursor = { - text = "#${thm.base02-hex}"; - cursor = "#${thm.base00-hex}"; - }; - normal = { - black = "#${thm.base00-hex}"; - red = "#${thm.base08-hex}"; - green = "#${thm.base0B-hex}"; - yellow = "#${thm.base0A-hex}"; - blue = "#${thm.base0D-hex}"; - magenta = "#${thm.base0E-hex}"; - cyan = "#${thm.base0C-hex}"; - white = "#${thm.base05-hex}"; - }; - bright = { - black = "#${thm.base03-hex}"; - red = "#${thm.base09-hex}"; - green = "#${thm.base01-hex}"; - yellow = "#${thm.base02-hex}"; - blue = "#${thm.base04-hex}"; - magenta = "#${thm.base06-hex}"; - cyan = "#${thm.base0F-hex}"; - white = "#${thm.base07-hex}"; - }; - draw_bold_text_with_bright_colors = "false"; - }; - - env = { - WINIT_X11_SCALE_FACTOR = "1.0"; - }; - }; - }; - }; -} \ No newline at end of file diff --git a/profiles/applications/cassowary.nix b/profiles/applications/cassowary.nix index 2bb7045..50e54b9 100644 --- a/profiles/applications/cassowary.nix +++ b/profiles/applications/cassowary.nix @@ -1,14 +1,7 @@ -{ config, pkgs, lib, ... }: { +{ config, pkgs, ... }: { home-manager.users.${config.mainuser} = { - home.packages = [ - pkgs.cassowary-py - ]; - - # xdg.configFile."casualrdh/config.json".text = toJson '' - # ''; - # xdg.desktopEntries + home.packages = [ pkgs.cassowary-py ]; }; - persist.state.homeDirectories = [ ".config/casualrdh" ]; diff --git a/profiles/applications/element.nix b/profiles/applications/element.nix index 0c72fd9..39cbe05 100644 --- a/profiles/applications/element.nix +++ b/profiles/applications/element.nix @@ -1,4 +1,4 @@ -{ config, pkgs, lib, ... }: { +{ config, pkgs, ... }: { home-manager.users.${config.mainuser}.home.packages = [ pkgs.element-desktop ]; diff --git a/profiles/applications/email.nix b/profiles/applications/email.nix index 7291327..6604628 100644 --- a/profiles/applications/email.nix +++ b/profiles/applications/email.nix @@ -1,67 +1,8 @@ -{ config, pkgs, lib, ... }: { - +{ config, pkgs, ... }: { home-manager.users.${config.mainuser} = { - home.packages = [ - # pkgs.himalaya - pkgs.gnome.geary - ]; - - # xdg.configFile."himalaya/config.toml".text = '' - # downloads-dir = "/home/${config.mainuser}/Downloads/mail" - # name = "Dmitriy Kholkin" - # signature = "Regards," - # # email-reading-verify-cmd - # # email-reading-decrypt-cmd - # # email-writing-sign-cmd - # # email-writing-encrypt-cmd - # # notify-cmd - # # notify-query - # # sync - - # [ataraxiadev] - # default = true - # email = "ataraxiadev@ataraxiadev.com" - - # backend = "imap" - # imap-host = "mail.ataraxiadev.com" - # imap-port = 993 - # imap-login = "ataraxiadev@ataraxiadev.com" - # imap-passwd-cmd = "${pkgs.pass}/bin/pass show email/ataraxiadev@ataraxiadev.com" - # imap-ssl = true - # imap-starttls = false - # imap-insecure = false - - # sender = "smtp" - # smtp-host = "mail.ataraxiadev.com" - # smtp-port = 465 - # smtp-login = "ataraxiadev@ataraxiadev.com" - # smtp-passwd-cmd = "${pkgs.pass}/bin/pass show email/ataraxiadev@ataraxiadev.com" - # smtp-ssl = true - # smtp-starttls = false - # smtp-insecure = false - # ''; + home.packages = [ pkgs.gnome.geary ]; }; - # systemd.user.services.himalaya-notify = { - # description = "Himalaya new messages notifier"; - # after = [ "network.target" ]; - # wantedBy = [ "default.target" ]; - - # script = "himalaya notify"; - # environment = { - # PASSWORD_STORE_DIR = config.secretsConfig.password-store; - # GNUPGHOME = config.secretsConfig.gnupgHome; - # }; - # # script = "echo $(pass show email/ataraxiadev@ataraxiadev.com) || echo lol"; - # path = with pkgs; [ himalaya libnotify pass gnupg ]; - # serviceConfig = { - # Restart = lib.mkForce "no"; - # # Restart = "always"; - # RestartSec = 10; - # # Type = "oneshot"; - # }; - # }; - defaultApplications.mail = { cmd = "${pkgs.gnome.geary}/bin/geary"; desktop = "geary"; @@ -72,7 +13,6 @@ ]; persist.state.homeDirectories = [ - ".config/himalaya" ".config/geary" ".local/share/geary" ]; diff --git a/profiles/applications/firefox.nix b/profiles/applications/firefox.nix index 5263c0c..fc7c709 100755 --- a/profiles/applications/firefox.nix +++ b/profiles/applications/firefox.nix @@ -3,8 +3,7 @@ with lib; let thm = config.lib.base16.theme; fonts = config.lib.base16.theme.fonts; - profileName = config.mainuser; - homeDir = config.home-manager.users.${profileName}.home.homeDirectory; + homeDir = config.home-manager.users.${config.mainuser}.home.homeDirectory; mkUserJs = { prefs ? {}, extraPrefs ? "" }: '' ${extraPrefs} @@ -12,10 +11,8 @@ let user_pref("${name}", ${builtins.toJSON value}); '') prefs)} ''; - - in { - services.dbus.packages = [ pkgs.firefox-wayland ]; + services.dbus.packages = [ pkgs.firefox ]; environment.sessionVariables = { MOZ_USE_XINPUT2 = "1"; diff --git a/profiles/applications/games/hoyo.nix b/profiles/applications/games/hoyo.nix index 30b7442..516477a 100644 --- a/profiles/applications/games/hoyo.nix +++ b/profiles/applications/games/hoyo.nix @@ -1,4 +1,4 @@ -{ inputs, config, lib, pkgs, ... }: { +{ inputs, lib, ... }: { imports = [ inputs.aagl.nixosModules.default ]; nix.settings = inputs.aagl.nixConfig; diff --git a/profiles/applications/games/steam.nix b/profiles/applications/games/steam.nix index cb6e03d..58c0466 100644 --- a/profiles/applications/games/steam.nix +++ b/profiles/applications/games/steam.nix @@ -1,4 +1,4 @@ -{ pkgs, lib, config, ... }: { +{ pkgs, ... }: { programs.steam.enable = true; programs.steam.extraCompatPackages = [ pkgs.proton-ge @@ -6,29 +6,13 @@ programs.gamescope.enable = true; programs.gamescope.capSysNice = false; - # startupApplications = [ "steam" ]; - startupApplications = let - gs = pkgs.writeShellScriptBin "gamescope-steam" '' - gamescope --steam --borderless -- steam - ''; - in [ - # "${gs}/bin/gamescope-steam" - "${pkgs.steam}/bin/steam" - ]; - - systemd.user.services.x11-ownership = { - script = '' - doas chown ${config.mainuser} /tmp/.X11-unix - ''; - after = [ "hyprland-session.target" ]; - wantedBy = [ "hyprland-session.target" ]; - }; + startupApplications = [ "${pkgs.steam}/bin/steam" ]; persist.state.homeDirectories = [ ".local/share/Steam" ".steam" ] ++ [ - # Games configs + # Native games config ".config/WarThunder" ".local/share/BeamNG.drive" ]; diff --git a/profiles/applications/games/wine-games.nix b/profiles/applications/games/wine-games.nix index 8734a28..ead713e 100644 --- a/profiles/applications/games/wine-games.nix +++ b/profiles/applications/games/wine-games.nix @@ -1,13 +1,10 @@ -{ pkgs, lib, config, ... }: { +{ pkgs, config, ... }: { home-manager.users.${config.mainuser}.home.packages = [ - # pkgs.lutris pkgs.bottles pkgs.osu-lazer-bin pkgs.realrtcw ]; persist.state.homeDirectories = [ - # ".config/lutris" - # ".local/share/lutris" ".local/share/bottles" ".local/share/osu" ]; diff --git a/profiles/applications/kitty.nix b/profiles/applications/kitty.nix index acb02f9..2da9053 100644 --- a/profiles/applications/kitty.nix +++ b/profiles/applications/kitty.nix @@ -1,7 +1,7 @@ -{ pkgs, lib, config, ... }: +{ pkgs, config, ... }: let thm = config.lib.base16.theme; -in with config.deviceSpecific; +in { defaultApplications.term = { cmd = "${pkgs.kitty}/bin/kitty"; @@ -11,8 +11,6 @@ in with config.deviceSpecific; programs.kitty = { enable = true; font.name = "${thm.fonts.mono.family} ${thm.fontSizes.small.str}"; - # keybindings = '' - # ''; settings = { foreground = "#${thm.base05-hex}"; background = "#${thm.base00-hex}"; diff --git a/profiles/applications/mpv.nix b/profiles/applications/mpv.nix index 6562e4f..3d35074 100644 --- a/profiles/applications/mpv.nix +++ b/profiles/applications/mpv.nix @@ -1,4 +1,4 @@ -{ config, lib, pkgs, ... }: +{ config, ... }: { home-manager.users.${config.mainuser} = { programs.mpv = { diff --git a/profiles/applications/nicotine.nix b/profiles/applications/nicotine.nix index b0435da..e3195f6 100644 --- a/profiles/applications/nicotine.nix +++ b/profiles/applications/nicotine.nix @@ -1,4 +1,4 @@ -{ config, lib, pkgs, ... }: { +{ config, pkgs, ... }: { home-manager.users.${config.mainuser} = { home.packages = [ pkgs.nicotine-plus ]; }; diff --git a/profiles/applications/nnn.nix b/profiles/applications/nnn.nix index 6b1556b..e17b2fc 100644 --- a/profiles/applications/nnn.nix +++ b/profiles/applications/nnn.nix @@ -1,4 +1,4 @@ -{ config, pkgs, lib, ... }: { +{ config, pkgs, ... }: { home-manager.users.${config.mainuser} = { programs.nnn = { enable = true; diff --git a/profiles/applications/packages.nix b/profiles/applications/packages.nix index 7ac18f7..5dbd127 100644 --- a/profiles/applications/packages.nix +++ b/profiles/applications/packages.nix @@ -1,4 +1,4 @@ -{ pkgs, config, lib, inputs, ... }: +{ pkgs, config, lib, ... }: with config.deviceSpecific; { programs.adb.enable = true; @@ -8,6 +8,8 @@ with config.deviceSpecific; { bat comma curl + curlie + duf eza fd glib.out @@ -16,8 +18,10 @@ with config.deviceSpecific; { lm_sensors lnav nix-prefetch-git + nix-prefetch-github p7zip pciutils + rclone ripgrep ripgrep-all sd @@ -26,7 +30,6 @@ with config.deviceSpecific; { unrar unzip usbutils - wget zip # --- tui --- bottom @@ -34,47 +37,37 @@ with config.deviceSpecific; { ncdu procs # --- gui --- - deadbeef feh qimgv xarchiver zathura xdg-utils - # --- awesome-shell --- - # curlie - # duf - # zsh-z ] ++ lib.optionals (!(isVM || isISO)) [ - a2ln - # audacity cachix ffmpeg.bin monero-gui - nodePackages.peerflix nix-tree yt-dlp # ---- gui ---- bitwarden - # foliate - jellyfin-media-player jellyfin-mpv-shim - joplin-desktop # libreoffice obs-studio obs-studio-plugins.obs-vkcapture obsidian + onlyoffice-bin_7_5 pinta qbittorrent sonixd tdesktop tidal-dl + tor-browser-bundle-bin ungoogled-chromium webcord-vencord youtube-to-mpv ] ++ lib.optionals isGaming [ ceserver gamescope - moonlight-qt protonhax protontricks vkBasalt @@ -86,24 +79,24 @@ with config.deviceSpecific; { persist.state.homeDirectories = [ ".config/Bitwarden" ".config/chromium" - ".config/deadbeef" ".config/jellyfin-mpv-shim" - ".config/jellyfin.org" - ".config/joplin-desktop" - ".config/kdeconnect" ".config/libreoffice" + ".config/monero-project" ".config/obs-studio" ".config/obsidian" ".config/pcmanfm" - # ".config/Pinta" + ".config/Pinta" ".config/qBittorrent" - # ".config/qimgv" + ".config/qimgv" + ".config/rclone" ".config/Sonixd" - # ".config/xarchiver" - ".local/share/jellyfinmediaplayer" + ".config/WebCord" + ".config/xarchiver" ".local/share/TelegramDesktop" + ".local/share/tor-browser" ".android" ".anydesk" + ".bitmonero" ".monero" ]; diff --git a/profiles/applications/rclone.nix b/profiles/applications/rclone.nix deleted file mode 100644 index b058219..0000000 --- a/profiles/applications/rclone.nix +++ /dev/null @@ -1,9 +0,0 @@ -{ config, pkgs, lib, ... }: { - home-manager.users.${config.mainuser}.home.packages = [ - pkgs.rclone - ]; - - persist.state.homeDirectories = [ - ".config/rclone" - ]; -} \ No newline at end of file diff --git a/profiles/applications/rofi.nix b/profiles/applications/rofi.nix index 1986890..69c7ffd 100644 --- a/profiles/applications/rofi.nix +++ b/profiles/applications/rofi.nix @@ -1,4 +1,4 @@ -{ pkgs, config, lib, ... }: +{ pkgs, config, ... }: let thm = config.lib.base16.theme; themeFile = config.lib.base16.templateFile { name = "rofi"; }; diff --git a/profiles/applications/spotify.nix b/profiles/applications/spotify.nix index f23e6c7..616ae65 100644 --- a/profiles/applications/spotify.nix +++ b/profiles/applications/spotify.nix @@ -1,12 +1,12 @@ -{ config, lib, pkgs, ... }: { +{ config, pkgs, ... }: { home-manager.users.${config.mainuser}.home.packages = with pkgs; [ spotifywm ]; - + startupApplications = [ "${pkgs.spotifywm}/bin/spotify" ]; - + persist.state.homeDirectories = [ ".config/spotify" ]; diff --git a/profiles/applications/sunshine.nix b/profiles/applications/sunshine.nix index f9ce7a1..b13003a 100644 --- a/profiles/applications/sunshine.nix +++ b/profiles/applications/sunshine.nix @@ -1,4 +1,4 @@ -{ config, lib, pkgs, ... }: { +{ config, pkgs, ... }: { boot.kernelModules = [ "uinput" ]; services.udev.extraRules = '' @@ -23,12 +23,8 @@ }; networking.firewall = { - allowedTCPPorts = [ - 47984 47989 47990 48010 - ]; - allowedUDPPorts = [ - 47998 47999 48000 48002 48010 - ]; + allowedTCPPorts = [ 47984 47989 47990 48010 ]; + allowedUDPPorts = [ 47998 47999 48000 48002 48010 ]; }; persist.state.homeDirectories = [ ".config/sunshine" ]; diff --git a/profiles/applications/tor-browser.nix b/profiles/applications/tor-browser.nix deleted file mode 100644 index 80124b5..0000000 --- a/profiles/applications/tor-browser.nix +++ /dev/null @@ -1,14 +0,0 @@ -{ config, pkgs, lib, ... }: -let - tor-browser = pkgs.writeShellScriptBin "tor-browser" '' - mullvad-exclude ${pkgs.tor-browser-bundle-bin}/bin/tor-browser - ''; -in { - home-manager.users.${config.mainuser}.home.packages = if config.deviceSpecific.vpn.mullvad.enable then [ - tor-browser - ] else [ - pkgs.tor-browser-bundle-bin - ]; - - persist.state.homeDirectories = [ ".local/share/tor-browser" ]; -} \ No newline at end of file diff --git a/profiles/applications/vscode/default.nix b/profiles/applications/vscode/default.nix index 5315aff..d83fc3e 100644 --- a/profiles/applications/vscode/default.nix +++ b/profiles/applications/vscode/default.nix @@ -177,24 +177,5 @@ in ]; }; }; - - home.file.".cache/wal/colors".text = '' - #${thm.base00-hex} - #${thm.base08-hex} - #${thm.base0B-hex} - #${thm.base0A-hex} - #${thm.base0D-hex} - #${thm.base0E-hex} - #${thm.base0C-hex} - #${thm.base05-hex} - #${thm.base03-hex} - #${thm.base08-hex} - #${thm.base0B-hex} - #${thm.base0A-hex} - #${thm.base0D-hex} - #${thm.base0E-hex} - #${thm.base0C-hex} - #${thm.base07-hex} - ''; }; } diff --git a/profiles/applications/zathura.nix b/profiles/applications/zathura.nix index 7cdde38..b17149e 100644 --- a/profiles/applications/zathura.nix +++ b/profiles/applications/zathura.nix @@ -1,4 +1,4 @@ -{ config, pkgs, lib, ... }: +{ config, lib, ... }: let home = config.home-manager.users.${config.mainuser}; zathura-pkg = home.programs.zathura.package; diff --git a/profiles/bluetooth.nix b/profiles/bluetooth.nix index f80a427..49ce460 100644 --- a/profiles/bluetooth.nix +++ b/profiles/bluetooth.nix @@ -1,4 +1,4 @@ -{ config, pkgs, lib, ... }: { +{ config, lib, ... }: { config = lib.mkIf (!config.deviceSpecific.isServer) { services.blueman.enable = true; hardware.bluetooth = { diff --git a/profiles/hardened.nix b/profiles/hardened.nix index e742462..a8defaf 100644 --- a/profiles/hardened.nix +++ b/profiles/hardened.nix @@ -1,4 +1,4 @@ -{ modulesPath, config, pkgs, lib, ... }: { +{ modulesPath, config, lib, ... }: { imports = [ (modulesPath + "/profiles/hardened.nix") ]; @@ -91,7 +91,7 @@ # dhcpcd broken with scudo or graphene malloc nixpkgs.overlays = lib.optionals (config.environment.memoryAllocator.provider != "libc") [ - (final: prev: { + (_final: prev: { dhcpcd = prev.dhcpcd.override { enablePrivSep = false; }; }) ]; diff --git a/profiles/hardware.nix b/profiles/hardware.nix index 4ef123c..6eee5f2 100644 --- a/profiles/hardware.nix +++ b/profiles/hardware.nix @@ -1,4 +1,4 @@ -{ pkgs, config, lib, ... }: +{ pkgs, config, ... }: with config.deviceSpecific; { hardware.cpu.${devInfo.cpu.vendor}.updateMicrocode = true; diff --git a/profiles/network.nix b/profiles/network.nix index 9c5dc1c..1ae36a1 100644 --- a/profiles/network.nix +++ b/profiles/network.nix @@ -1,4 +1,4 @@ -{ pkgs, lib, config, ... }: +{ lib, config, ... }: { networking = { networkmanager.enable = true; diff --git a/profiles/nix/default.nix b/profiles/nix/default.nix index a451bbc..dffdab1 100644 --- a/profiles/nix/default.nix +++ b/profiles/nix/default.nix @@ -1,4 +1,4 @@ -{ config, lib, pkgs, inputs, ... }: { +{ config, lib, inputs, ... }: { nix = { nixPath = lib.mkForce [ "self=/etc/self/compat" "nixpkgs=/etc/nixpkgs" ]; diff --git a/profiles/nix/doas.patch b/profiles/nix/doas.patch deleted file mode 100644 index 1e38a38..0000000 --- a/profiles/nix/doas.patch +++ /dev/null @@ -1,23 +0,0 @@ -From 012a913fbc861029a0f4b100cfd57d3b505a455f Mon Sep 17 00:00:00 2001 -From: ForeverNooob <106961997+ForeverNooob@users.noreply.github.com> -Date: Sun, 30 Oct 2022 08:13:19 +0000 -Subject: [PATCH] Add doas support to the installation script. - -Previously the install errored out and told you to manually add `/nix/` and set the perms if you had `doas` installed instead of `sudo`. Well, not any more! ---- - scripts/install-nix-from-closure.sh | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/scripts/install-nix-from-closure.sh b/scripts/install-nix-from-closure.sh -index d4eed2efe80..d8931e97015 100644 ---- a/scripts/install-nix-from-closure.sh -+++ b/scripts/install-nix-from-closure.sh -@@ -137,7 +137,7 @@ echo "performing a single-user installation of Nix..." >&2 - if ! [ -e "$dest" ]; then - cmd="mkdir -m 0755 $dest && chown $USER $dest" - echo "directory $dest does not exist; creating it by running '$cmd' using sudo" >&2 -- if ! sudo sh -c "$cmd"; then -+ if ! (sudo sh -c "$cmd" || doas sh -c "$cmd") ; then - echo "$0: please manually run '$cmd' as root to create $dest" >&2 - exit 1 - fi diff --git a/profiles/security/pass-secret-service.nix b/profiles/security/pass-secret-service.nix index cabcecf..e1ead2e 100644 --- a/profiles/security/pass-secret-service.nix +++ b/profiles/security/pass-secret-service.nix @@ -1,4 +1,4 @@ -{ config, pkgs, lib, ... }: { +{ config, pkgs, ... }: { environment.systemPackages = [ pkgs.pass-secret-service ]; services.dbus.packages = [ pkgs.pass-secret-service ]; xdg.portal.extraPortals = [ pkgs.pass-secret-service ]; diff --git a/profiles/security/user.nix b/profiles/security/user.nix index be6f30c..f17c681 100644 --- a/profiles/security/user.nix +++ b/profiles/security/user.nix @@ -1,4 +1,4 @@ -{ config, pkgs, lib, ... }: { +{ config, pkgs, ... }: { security.apparmor.enable = true; programs.firejail.enable = true; diff --git a/profiles/security/vlock.nix b/profiles/security/vlock.nix index 9896662..fd95351 100644 --- a/profiles/security/vlock.nix +++ b/profiles/security/vlock.nix @@ -1,4 +1,4 @@ -{ config, pkgs, lib, ... }: { +{ config, lib, ... }: { # FIXME: completely remove sudo security.sudo = { enable = true; diff --git a/profiles/servers/acme.nix b/profiles/servers/acme.nix index 61e8b41..cbb912b 100644 --- a/profiles/servers/acme.nix +++ b/profiles/servers/acme.nix @@ -1,4 +1,4 @@ -{ config, ... }: { +{ ... }: { security.acme = { acceptTerms = true; # defaults.server = "https://acme-staging-v02.api.letsencrypt.org/directory"; # staging diff --git a/profiles/servers/atticd.nix b/profiles/servers/atticd.nix index 0db932d..519ec0c 100644 --- a/profiles/servers/atticd.nix +++ b/profiles/servers/atticd.nix @@ -1,4 +1,4 @@ -{ config, lib, pkgs, inputs, ... }: { +{ config, lib, inputs, ... }: { imports = [ inputs.attic.nixosModules.atticd ]; sops.secrets.atticd.sopsFile = inputs.self.secretsDir + /home-hypervisor/atticd.yaml; sops.secrets.atticd.restartUnits = [ "atticd.service" ]; diff --git a/profiles/servers/battery-historian.nix b/profiles/servers/battery-historian.nix index a449b06..457d870 100644 --- a/profiles/servers/battery-historian.nix +++ b/profiles/servers/battery-historian.nix @@ -1,4 +1,4 @@ -{ config, lib, pkgs, ... }: { +{ ... }: { virtualisation.oci-containers.containers.battery-historian = { autoStart = true; ports = [ "0.0.0.0:9999:9999" ]; diff --git a/profiles/servers/blocky.nix b/profiles/servers/blocky.nix index 21947b6..681b9fb 100644 --- a/profiles/servers/blocky.nix +++ b/profiles/servers/blocky.nix @@ -1,4 +1,4 @@ -{ config, pkgs, dnsmasq-list ? [], ... }: +{ dnsmasq-list ? [], ... }: let nodeAddress = "192.168.0.5"; upstream-dns = "100.64.0.1"; @@ -17,7 +17,7 @@ in { localAddress = "${nodeAddress}/24"; tmpfs = [ "/" ]; bindMounts."/tmp/blocky-authkey".hostPath = "/tmp/blocky-authkey"; - config = { config, pkgs, lib, ... }: + config = { config, lib, ... }: let grafanaPort = config.services.grafana.settings.server.http_port; blockyPort = config.services.blocky.settings.ports.dns; diff --git a/profiles/servers/fail2ban.nix b/profiles/servers/fail2ban.nix index 0859317..297f6a0 100644 --- a/profiles/servers/fail2ban.nix +++ b/profiles/servers/fail2ban.nix @@ -1,4 +1,4 @@ -{ config, pkgs, lib, ... }: { +{ config, ... }: { services.openssh.settings.LogLevel = "VERBOSE"; services.fail2ban = { diff --git a/profiles/servers/gitea.nix b/profiles/servers/gitea.nix index ecac3a7..34a960b 100644 --- a/profiles/servers/gitea.nix +++ b/profiles/servers/gitea.nix @@ -17,8 +17,6 @@ let in { sops.secrets.gitea = gitea-secret; sops.secrets.gitea-mailer = gitea-secret; - # sops.secrets.gitea-secretkey = gitea-secret; - # sops.secrets.gitea-internaltoken = gitea-secret; sops.secrets.gitea-runner-hypervisor = runner-secret [ "gitea-runner-hypervisor.service" ]; persist.state.directories = [ diff --git a/profiles/servers/headscale.nix b/profiles/servers/headscale.nix index 82a309b..38d80ad 100644 --- a/profiles/servers/headscale.nix +++ b/profiles/servers/headscale.nix @@ -1,4 +1,4 @@ -{ config, lib, pkgs, inputs, headscale-list ? {}, ... }: +{ config, lib, inputs, headscale-list ? {}, ... }: let domain = "wg.ataraxiadev.com"; in { diff --git a/profiles/servers/inpx-web.nix b/profiles/servers/inpx-web.nix index a749358..7351f5a 100644 --- a/profiles/servers/inpx-web.nix +++ b/profiles/servers/inpx-web.nix @@ -1,4 +1,4 @@ -{ config, lib, pkgs, ... }: let +{ ... }: let nas-path = "/media/nas/media-stack"; in { virtualisation.oci-containers.containers.inpx-web = { diff --git a/profiles/servers/it-tools.nix b/profiles/servers/it-tools.nix index e38996d..821a027 100644 --- a/profiles/servers/it-tools.nix +++ b/profiles/servers/it-tools.nix @@ -1,4 +1,4 @@ -{ config, lib, pkgs, ... }: { +{ ... }: { virtualisation.oci-containers.containers.it-tools = { autoStart = true; image = "docker.io/corentinth/it-tools:latest"; diff --git a/profiles/servers/joplin-server.nix b/profiles/servers/joplin-server.nix deleted file mode 100644 index 2090dc9..0000000 --- a/profiles/servers/joplin-server.nix +++ /dev/null @@ -1,60 +0,0 @@ -{ config, lib, pkgs, inputs, ... }: -let - joplin-data = "/srv/joplin/data"; - joplin-db-data = "/srv/joplin/postgres"; - joplin-uid = "1001"; - backend = config.virtualisation.oci-containers.backend; - pod-name = "joplin-pod"; - open-ports = [ "127.0.0.1:22300:22300/tcp" ]; -in { - sops.secrets.joplin-env.sopsFile = inputs.self.secretsDir + /home-hypervisor/joplin.yaml; - sops.secrets.joplin-db-env.sopsFile = inputs.self.secretsDir + /home-hypervisor/joplin.yaml; - sops.secrets.joplin-env.restartUnits = [ "${backend}-joplin.service" ]; - sops.secrets.joplin-db-env.restartUnits = [ "${backend}-joplin-db.service" ]; - - # FIXMEL mailer - virtualisation.oci-containers.containers = { - joplin = { - autoStart = true; - dependsOn = [ "joplin-db" ]; - environment = { MAX_TIME_DRIFT = "0"; }; - environmentFiles = [ config.sops.secrets.joplin-env.path ]; - extraOptions = [ "--pod=${pod-name}" ]; - image = "docker.io/ataraxiadev/joplin-server:2.9.17"; - volumes = [ - "${joplin-data}:/home/joplin/data" - "/etc/localtime:/etc/localtime:ro" - ]; - }; - joplin-db = { - autoStart = true; - environmentFiles = [ config.sops.secrets.joplin-db-env.path ]; - extraOptions = [ "--pod=${pod-name}" ]; - image = "docker.io/postgres:13"; - volumes = [ "${joplin-db-data}:/var/lib/postgresql/data" ]; - }; - }; - - systemd.tmpfiles.rules = [ - "d ${joplin-data} 0755 ${joplin-uid} ${joplin-uid} -" - "d ${joplin-db-data} 0700 dhcpcd dhcpcd -" - ]; - - systemd.services."podman-create-${pod-name}" = let - portsMapping = lib.concatMapStrings (port: " -p " + port) open-ports; - start = pkgs.writeShellScript "create-pod-${pod-name}" '' - podman pod exists ${pod-name} || podman pod create -n ${pod-name} ${portsMapping} - ''; - stop = "podman pod rm -i -f ${pod-name}"; - in rec { - path = [ pkgs.coreutils config.virtualisation.podman.package ]; - before = [ "${backend}-joplin.service" "${backend}-joplin-db.service" ]; - requiredBy = before; - serviceConfig = { - Type = "oneshot"; - RemainAfterExit = "yes"; - ExecStart = start; - ExecStop = stop; - }; - }; -} \ No newline at end of file diff --git a/profiles/servers/media-stack/caddy.nix b/profiles/servers/media-stack/caddy.nix index 908f0de..3c0fb4b 100644 --- a/profiles/servers/media-stack/caddy.nix +++ b/profiles/servers/media-stack/caddy.nix @@ -1,6 +1,5 @@ -{ config, lib, pkgs, ... }: +{ pkgs, ... }: let - backend = config.virtualisation.oci-containers.backend; nas-path = "/media/nas/media-stack"; caddyconf = pkgs.writeText "Caddyfile" '' { diff --git a/profiles/servers/media-stack/jackett.nix b/profiles/servers/media-stack/jackett.nix index d3b822c..8948292 100644 --- a/profiles/servers/media-stack/jackett.nix +++ b/profiles/servers/media-stack/jackett.nix @@ -1,6 +1,5 @@ -{ config, lib, pkgs, ... }: +{ ... }: let - backend = config.virtualisation.oci-containers.backend; nas-path = "/media/nas/media-stack"; in { virtualisation.oci-containers.containers.jackett = { diff --git a/profiles/servers/media-stack/jellyfin.nix b/profiles/servers/media-stack/jellyfin.nix index a7643fc..70c7dc2 100644 --- a/profiles/servers/media-stack/jellyfin.nix +++ b/profiles/servers/media-stack/jellyfin.nix @@ -1,6 +1,5 @@ -{ config, lib, pkgs, ... }: +{ config, ... }: let - backend = config.virtualisation.oci-containers.backend; nas-path = "/media/nas/media-stack"; renderGid = toString config.users.groups.render.gid; videoGid = toString config.users.groups.video.gid; diff --git a/profiles/servers/media-stack/lidarr.nix b/profiles/servers/media-stack/lidarr.nix index 8ba56dc..38a3ab3 100644 --- a/profiles/servers/media-stack/lidarr.nix +++ b/profiles/servers/media-stack/lidarr.nix @@ -1,6 +1,5 @@ -{ config, lib, pkgs, ... }: +{ ... }: let - backend = config.virtualisation.oci-containers.backend; nas-path = "/media/nas/media-stack"; in { virtualisation.oci-containers.containers.lidarr = { diff --git a/profiles/servers/media-stack/medusa.nix b/profiles/servers/media-stack/medusa.nix index 8ddfe30..0fad1d4 100644 --- a/profiles/servers/media-stack/medusa.nix +++ b/profiles/servers/media-stack/medusa.nix @@ -1,6 +1,5 @@ -{ config, lib, pkgs, ... }: +{ ... }: let - backend = config.virtualisation.oci-containers.backend; nas-path = "/media/nas/media-stack"; in { virtualisation.oci-containers.containers.medusa = { diff --git a/profiles/servers/media-stack/qbittorrent.nix b/profiles/servers/media-stack/qbittorrent.nix index 0480f8e..42089fa 100644 --- a/profiles/servers/media-stack/qbittorrent.nix +++ b/profiles/servers/media-stack/qbittorrent.nix @@ -1,6 +1,5 @@ -{ config, lib, pkgs, ... }: +{ ... }: let - backend = config.virtualisation.oci-containers.backend; nas-path = "/media/nas/media-stack"; in { virtualisation.oci-containers.containers.qbittorrent = { diff --git a/profiles/servers/media-stack/radarr.nix b/profiles/servers/media-stack/radarr.nix index 5a3a5c2..bd36e8a 100644 --- a/profiles/servers/media-stack/radarr.nix +++ b/profiles/servers/media-stack/radarr.nix @@ -1,6 +1,5 @@ -{ config, lib, pkgs, ... }: +{ ... }: let - backend = config.virtualisation.oci-containers.backend; nas-path = "/media/nas/media-stack"; in { virtualisation.oci-containers.containers.radarr = { diff --git a/profiles/servers/media-stack/recyclarr.nix b/profiles/servers/media-stack/recyclarr.nix index c4c8d23..3cdc213 100644 --- a/profiles/servers/media-stack/recyclarr.nix +++ b/profiles/servers/media-stack/recyclarr.nix @@ -1,6 +1,5 @@ -{ config, lib, pkgs, ... }: +{ ... }: let - backend = config.virtualisation.oci-containers.backend; nas-path = "/media/nas/media-stack"; in { virtualisation.oci-containers.containers.recyclarr = { diff --git a/profiles/servers/media-stack/sonarr.nix b/profiles/servers/media-stack/sonarr.nix index 11e4b90..dedf3c9 100644 --- a/profiles/servers/media-stack/sonarr.nix +++ b/profiles/servers/media-stack/sonarr.nix @@ -1,6 +1,5 @@ -{ config, lib, pkgs, ... }: +{ ... }: let - backend = config.virtualisation.oci-containers.backend; nas-path = "/media/nas/media-stack"; in { virtualisation.oci-containers.containers.sonarr = { diff --git a/profiles/servers/nginx.nix b/profiles/servers/nginx.nix index eafcabf..b6b6d89 100644 --- a/profiles/servers/nginx.nix +++ b/profiles/servers/nginx.nix @@ -1,4 +1,4 @@ -{ config, lib, pkgs, inputs, ... }: +{ config, pkgs, inputs, ... }: let authentik = { proxyPass ? null, proxyWebsockets ? false, root ? {}, rootExtraConfig ? "", locations ? {}, extraConfig ? "", ... }: { extraConfig = '' diff --git a/profiles/servers/openbooks.nix b/profiles/servers/openbooks.nix index 53b752a..16f15d8 100644 --- a/profiles/servers/openbooks.nix +++ b/profiles/servers/openbooks.nix @@ -1,4 +1,4 @@ -{ config, lib, pkgs, ... }: +{ ... }: let nas-path = "/media/nas/media-stack"; in { diff --git a/profiles/servers/spdf.nix b/profiles/servers/spdf.nix index beaaa80..9c6cd0a 100644 --- a/profiles/servers/spdf.nix +++ b/profiles/servers/spdf.nix @@ -1,4 +1,4 @@ -{ config, lib, pkgs, ... }: let +{ ... }: let nas-path = "/media/nas/media-stack"; in { virtualisation.oci-containers.containers.spdf = { diff --git a/profiles/servers/tinyproxy.nix b/profiles/servers/tinyproxy.nix index 35dab30..0398e94 100644 --- a/profiles/servers/tinyproxy.nix +++ b/profiles/servers/tinyproxy.nix @@ -1,4 +1,4 @@ -{ config, pkgs, lib, ... }: { +{ ... }: { containers.tinyproxy = { extraFlags = [ "-U" ]; autoStart = true; @@ -6,8 +6,7 @@ privateNetwork = true; hostBridge = "br0"; localAddress = "192.168.0.6/24"; - # tmpfs = [ "/" ]; # not working with unprivilliged container - config = { config, pkgs, ... }: { + config = { ... }: { services.privoxy = { enable = true; settings = { @@ -22,7 +21,6 @@ defaultGateway = "192.168.0.1"; hostName = "tinyproxy-node"; nameservers = [ "192.168.0.1" ]; - # enableIPv6 = false; useHostResolvConf = false; firewall = { enable = true; diff --git a/profiles/servers/vaultwarden.nix b/profiles/servers/vaultwarden.nix index 703f559..3b09e4e 100644 --- a/profiles/servers/vaultwarden.nix +++ b/profiles/servers/vaultwarden.nix @@ -11,7 +11,6 @@ extendedLogging = true; invitationsAllowed = false; useSyslog = true; - # logFile = "/var/log/vaultwarden.log"; logLevel = "warn"; rocketAddress = "127.0.0.1"; rocketPort = 8812; @@ -29,7 +28,6 @@ websocketEnabled = true; websocketPort = 3012; webVaultEnabled = true; - # rocketWorkers = 10; dataDir = "/var/lib/bitwarden_rs"; }; environmentFile = config.sops.secrets.vaultwarden.path; diff --git a/profiles/servers/vscode-server.nix b/profiles/servers/vscode-server.nix index 49058df..650cb21 100644 --- a/profiles/servers/vscode-server.nix +++ b/profiles/servers/vscode-server.nix @@ -1,4 +1,5 @@ -{ pkgs, ... }: { +{ pkgs, inputs, ... }: { + imports = [ inputs.vscode-server.nixosModule ]; services.vscode-server = { enable = true; nodejsPackage = pkgs.nodejs_18; diff --git a/profiles/servers/webhooks.nix b/profiles/servers/webhooks.nix index e8fbaa0..86b32e1 100644 --- a/profiles/servers/webhooks.nix +++ b/profiles/servers/webhooks.nix @@ -23,14 +23,12 @@ in { home = "/var/lib/webhook"; }; + systemd.services.webhook.serviceConfig.EnvironmentFile = config.sops.secrets.webhook-blog.path; services.webhook = { enable = true; port = 9510; group = "webhook"; user = "webhook"; - environmentFiles = [ - config.sops.secrets.webhook-blog.path - ]; hooksTemplated = { publish-ataraxiadev-blog = '' { diff --git a/profiles/servers/wiki.nix b/profiles/servers/wiki.nix index e788b90..9cad425 100644 --- a/profiles/servers/wiki.nix +++ b/profiles/servers/wiki.nix @@ -1,4 +1,4 @@ -{ config, pkgs, lib, ... }: { +{ ... }: { services.kiwix-serve = { enable = true; port = 8190; diff --git a/profiles/themes.nix b/profiles/themes.nix index 2ce3e89..e5e1000 100644 --- a/profiles/themes.nix +++ b/profiles/themes.nix @@ -1,6 +1,6 @@ -{ config, lib, pkgs, inputs, ... }: { +{ pkgs, ... }: { - config.themes.base16 = with config.deviceSpecific.devInfo; { + config.themes.base16 = { enable = true; # customScheme = { # enable = true; diff --git a/profiles/vpn.nix b/profiles/vpn.nix index a2055c9..f391634 100644 --- a/profiles/vpn.nix +++ b/profiles/vpn.nix @@ -1,4 +1,4 @@ -{ pkgs, lib, config, ... }: +{ lib, config, ... }: let isTailscale = config.deviceSpecific.vpn.tailscale.enable; wg = config.deviceSpecific.vpn.wireguard; diff --git a/profiles/workspace/aria2.nix b/profiles/workspace/aria2.nix index 35fdca4..ac0cc67 100644 --- a/profiles/workspace/aria2.nix +++ b/profiles/workspace/aria2.nix @@ -1,18 +1,17 @@ -{ config, lib, pkgs, ... }: +{ config, ... }: let homeDir = config.home-manager.users.${config.mainuser}.home.homeDirectory; in { # TODO: enable websocket (--rpc-certificate) - services.aria2 = { - enable = true; - downloadDir = "/media/aria2"; - rpcListenPort = 6800; - # FIXME: I can expose this, since i listen rpc only on localhost - # but in future it's better to implement read key from secrets before start daemon - rpcSecret = "secret"; - # listenPortRange = {}; - openPorts = false; + home-manager.users.${config.mainuser} = { + programs.aria2 = { + enable = true; + settings = { + dir = "${homeDir}/Downloads/aria2"; + listen-port = "6881-6999"; + rpc-listen-port = 6800; + }; + }; }; - # networking.firewall.allowedTCPPorts = [ config.services.aria2.rpcListenPort ]; - persist.state.directories = [ "/media/aria2" ]; + } \ No newline at end of file diff --git a/profiles/workspace/cursor.nix b/profiles/workspace/cursor.nix index a3ff3aa..ad485c8 100644 --- a/profiles/workspace/cursor.nix +++ b/profiles/workspace/cursor.nix @@ -1,4 +1,4 @@ -{ pkgs, lib, config, ... }: +{ lib, config, ... }: let thm = config.lib.base16.theme; in { diff --git a/profiles/workspace/gtk.nix b/profiles/workspace/gtk.nix index 0b05f86..a60b101 100644 --- a/profiles/workspace/gtk.nix +++ b/profiles/workspace/gtk.nix @@ -3,7 +3,7 @@ let thm = config.lib.base16.theme; in { nixpkgs.overlays = [ - (self: super: { + (_self: _super: { generated-gtk-theme = pkgs.callPackage "${inputs.rycee}/pkgs/materia-theme" { configBase16 = { diff --git a/profiles/workspace/light.nix b/profiles/workspace/light.nix index 16fab89..97b8b67 100644 --- a/profiles/workspace/light.nix +++ b/profiles/workspace/light.nix @@ -1,4 +1,4 @@ -{ config, pkgs, lib, ... }: { +{ config, pkgs, ... }: { programs.light.enable = config.deviceSpecific.isLaptop; services.actkbd = { enable = config.deviceSpecific.isLaptop; diff --git a/profiles/workspace/locale.nix b/profiles/workspace/locale.nix index d5bab2c..ccfa723 100644 --- a/profiles/workspace/locale.nix +++ b/profiles/workspace/locale.nix @@ -1,4 +1,4 @@ -{ pkgs, config, lib, ... }: +{ config, ... }: let en = "en_US.UTF-8"; ru = "ru_RU.UTF-8"; diff --git a/profiles/workspace/misc.nix b/profiles/workspace/misc.nix index e2c7630..5e09c10 100644 --- a/profiles/workspace/misc.nix +++ b/profiles/workspace/misc.nix @@ -1,4 +1,4 @@ -{ pkgs, lib, config, ... }: +{ lib, config, ... }: with config.deviceSpecific; { environment.sessionVariables = @@ -16,7 +16,7 @@ with config.deviceSpecific; { services.upower.enable = isLaptop; xdg.portal.enable = true; xdg.portal.config.common.default = "*"; - xdg.portal.xdgOpenUsePortal = true; + # xdg.portal.xdgOpenUsePortal = true; home-manager.users.${config.mainuser} = { news.display = "silent"; diff --git a/profiles/workspace/ssh.nix b/profiles/workspace/ssh.nix index 283d5b6..ecd0949 100644 --- a/profiles/workspace/ssh.nix +++ b/profiles/workspace/ssh.nix @@ -1,4 +1,4 @@ -{ pkgs, lib, config, ... }: +{ config, ... }: with config.deviceSpecific; { services.openssh = { enable = true; diff --git a/profiles/workspace/waybar/default.nix b/profiles/workspace/waybar/default.nix index d7bb740..a7ad7e8 100644 --- a/profiles/workspace/waybar/default.nix +++ b/profiles/workspace/waybar/default.nix @@ -1,4 +1,4 @@ -{ config, lib, pkgs, inputs, ... }: +{ config, pkgs, ... }: with config.deviceSpecific; { home-manager.users.${config.mainuser}.programs.waybar = { enable = true; diff --git a/profiles/workspace/xdg.nix b/profiles/workspace/xdg.nix index 422e975..2cb5657 100644 --- a/profiles/workspace/xdg.nix +++ b/profiles/workspace/xdg.nix @@ -1,4 +1,4 @@ -{ config, pkgs, lib, ... }: +{ config, lib, ... }: let dirsToClean = [ "Downloads" diff --git a/profiles/workspace/zsh/default.nix b/profiles/workspace/zsh/default.nix index 9c07b25..96e90ee 100644 --- a/profiles/workspace/zsh/default.nix +++ b/profiles/workspace/zsh/default.nix @@ -1,4 +1,4 @@ -{ pkgs, config, inputs, ... }: { +{ pkgs, config, ... }: { environment.pathsToLink = [ "/share/zsh" ]; environment.sessionVariables.SHELL = "${pkgs.zsh}/bin/zsh"; diff --git a/roles/desktop.nix b/roles/desktop.nix index 8f48f6d..13b491d 100644 --- a/roles/desktop.nix +++ b/roles/desktop.nix @@ -9,7 +9,6 @@ themes virtualisation - alacritty corectrl element email @@ -19,11 +18,9 @@ mangohud mpv packages - rclone rofi spotify steam - tor-browser vscode waydroid zathura diff --git a/roles/hypervisor.nix b/roles/hypervisor.nix index f5792f1..b369e14 100644 --- a/roles/hypervisor.nix +++ b/roles/hypervisor.nix @@ -1,4 +1,4 @@ -{ inputs, pkgs, ... }: { +{ inputs, ... }: { imports = with inputs.self.customProfiles; [ inputs.home-manager.nixosModules.home-manager { home-manager.useGlobalPkgs = true; diff --git a/secrets/suomi-vps/marzban.env b/secrets/suomi-vps/marzban.env deleted file mode 100644 index a7026fe..0000000 --- a/secrets/suomi-vps/marzban.env +++ /dev/null @@ -1,16 +0,0 @@ -SUDO_USERNAME=ENC[AES256_GCM,data:4QMSmmaPB10=,iv:KveMQ+EdfltGzQRRA+cm1MaRlsLypOhlWHdCumHLQS4=,tag:v30WjSutCxO9LDv3wFZHMA==,type:str] -SUDO_PASSWORD=ENC[AES256_GCM,data:IPJGUQiB6jMObUsUdw==,iv:N9cw9aGkmgIYmmrNkQYQ5PFdrmYKC8Tdgr4yb/96U5A=,tag:/yYIC/rKCttSgBBGvjCe2A==,type:str] -TELEGRAM_API_TOKEN=ENC[AES256_GCM,data:8PySjalQnpADCd+3Yt+Iax3DdGq6sxR0PHntgAzKpI+iXsB8TsMqsm6ElORoOw==,iv:y7tmr1jIs/JtMnBcEkGiCxrKkPcgUt6RBSq4GiKXNZ8=,tag:TcdxtPkO4Pvfcku72XCFIg==,type:str] -TELEGRAM_ADMIN_ID=ENC[AES256_GCM,data:nH/VUQNoRqwj,iv:AdBRZqyBVeze8SGn0pmxaBB8CWyo3D1TTaVx7NsEPHI=,tag:MyJwnQhuBCQ7XMS74TevRg==,type:str] -SQLALCHEMY_DATABASE_URL=ENC[AES256_GCM,data:bQJGB/c/pTuAPev2zxcLu1cNg2TmlHH9iY2kQH4qfqRwh/Fcjg==,iv:CeQZ8qcNLiVgtGI/4Egod6VaXamCfAKHi4jrgzXKl9Q=,tag:VX0J3r6RjnS5utJ/UDK1hQ==,type:str] -XRAY_JSON=ENC[AES256_GCM,data:28Wkv4CG4hpG9h51d2ge3AUO2MdVuRBjPuw1bxFwYqhT,iv:MooWqI5QCmk0JXWdKxA40UIFaaIxG3EakMQ1jBH8TVI=,tag:Fmnqdg9mvRVvm/0O7VNFGw==,type:str] -sops_lastmodified=2023-11-22T23:09:38Z -sops_mac=ENC[AES256_GCM,data:m9TLulK7igJtvtuu1Leag5Ky28qxKyELOKGTFZmX8O/VaVwu1EHC07awgf9HJjFlAcIWT6+fkRcnpwse6t4Thh//Yc4YIu8ryJjsRZBLezaR26SOWis41HR/uek/lSLLMMrdIyiU/5RX9i3/rhUjZwCDYzM1yg+rDsxfGIdERCM=,iv:+TXcgj9MsmQmZzYi4JKbgPVLcX0VLKtheq5/ckPRDcY=,tag:Ku+43ZiVCOeUxN3pimv7JQ==,type:str] -sops_pgp__list_0__map_created_at=2023-11-22T22:35:02Z -sops_pgp__list_0__map_enc=-----BEGIN PGP MESSAGE-----\n\nhQEMAwcagTG/Fm6AAQf9FyMBT+jm0pOjuw6aXQSv7Xc8ffKtXYAIUgKsHTTAnqfj\npoDoel7I1toENks/0flFxXjtzp6kBPPmb8aX+CelPv5orIyzMUdJbgZ2D6LINHTD\npW5DmGA7gkegk/gus4qMz+p/zxoJC0EBrr8eVbgIUMi3WVUtG1TofpeaKm+xf61r\nvVJLMn7dHxjmt3qe6RVBAD2bS/tTEUEfGubOWBLUrWq1MElnL0MLZy3936dmMJ5W\nLrurkBfJ7hCIIfJn/7VCBkY93Nk/NjZCF/EdYj2/Dgs0SOqIc5wXGC259/7HhVEJ\nlmBOKYWPzHp4c40AMHld3L3rJ0cOKenTBSfj8g7b1tJYAaB+dW//A/HaL8FrIpxx\nMjS1HyfsFfDM8D8Um+PCe4cktupMmlhuU898rOLwgAX90niRHvhm0IWbLISa1QDx\nPH4SjYB4NWIk5i1eunYm8jjMStNNbRABJg==\n=V9Pe\n-----END PGP MESSAGE----- -sops_pgp__list_0__map_fp=ad382d058c964607b7bbf01b071a8131bf166e80 -sops_pgp__list_1__map_created_at=2023-11-22T22:35:02Z -sops_pgp__list_1__map_enc=-----BEGIN PGP MESSAGE-----\n\nhQIMAyNex7x1cALKAQ//TN89prS2jIW3lvDFdOmFfNKSOo9oNqVJZPKbyRTG4gxL\ndwhPZnCoQd8Sg88TNexfgl/qkQJhU6k/dbx2/nebJXgkQz4GDpmNNVAHacH+A7Sv\n/ZPGDLMdivOF6JVIIBxjdj06KxRfyeTf3Cnb2JqaCjGc312POBOQMZBa/GvfQjC7\n8YhS6TqXu8+MhmWNP9bbTWE1kc7bNeH+1BzraZn5625OQN1kCNj2SEBaZPI1i/MS\nTQxHf0yfIES6lZ/NTB6H0xkxbwcKYbbY47o9dc5BG7uAKPGh9oBnAmH66XuSq260\nuWsRwfdfK8NOEy9nxSk2Yqfgatzx7WkNCEX6l6ztCbSDeruJ56X49vr+xLbw5NyX\n+rgvr1w85uiAzct8f/2QNBq/J0qjoinHvxbUUbLP3LkJzqOoxXV0YEqjx7LHMrEW\nCRn2oiLRZd5ElsbVvDGhpFAoMq2kYa2U3280YRQuH0zFGpUbhS8Q7FtyZOBuw2pz\nYNJwLwsRODNvCeeruYOzLF/ERfZteO7yzj0WWyGPvhIcIvz9mP6JgtDvR+0e15hi\nZ6zyzz5wvpBWEpQaVuNeXxHr4+UJe2iLZN1ATTCJW7dfJyKxBC1yimXPmrJJtQOI\nqUjqIiskgdph0DRPXwgE3sHKYEbUwHb2l1ospnN2AW3RRSyXYgvBo/N91ndazffS\nWAFwVCXJLn7n3BrM8CYozTHsrOHTtMMqRDHKZq2C8GHJMpPb3t6K07CIolmkjMHN\nivdG4dSds8uj4HYwFKlw1ZyMqZApSI/FnLoaOfw9Ur6xKI6U1Z2T2GU=\n=xUz4\n-----END PGP MESSAGE----- -sops_pgp__list_1__map_fp=d286fd9431753cb455537070235ec7bc757002ca -sops_unencrypted_suffix=_unencrypted -sops_version=3.8.1 diff --git a/secrets/suomi-vps/nginx.yaml b/secrets/suomi-vps/nginx.yaml deleted file mode 100644 index 0a82051..0000000 --- a/secrets/suomi-vps/nginx.yaml +++ /dev/null @@ -1,49 +0,0 @@ -cert.key: ENC[AES256_GCM,data:taP6QrBQ/PjsDOgbPynp2YBZWe5eXq4PV6bWRvARzYwCzdSufoJB8V6v0lh9GHUtQxxeVWoU6kJsb55i5zMayZgXm+/BE73f0QHSsdhV4I6tKUaD3JhxSXHbveaHqD4ukqNV3H5qrdHy+FyWq0EcGMDU/bUQppSyU3XkwzbnbRGuwRqCfOWyhwZb9z+9IpFcFcgIJL+qkUqaytCidzorVRcE0y08It6CnbLEbcPwnBlRFJGQAMc87GX6+ZzOj656DO7Dy5I8fwgVz02IclGNKRY4w/GNpaexmNMxK9nESWgGUXGNwWqWsZb3zECo45xUvhI3Ea0Gd/Z4RkCp3ijfa/mXcVuMKc4I1w6E3qaidVXCI5sI0USwo1X2Flod+gOhekdXmiPXB+ZOYC9FR9lKJt5+NUxAc4XonioWttUOI/5FW8TicNMOxx+QrIXwSFTTVYIto6zCOWajptXiWUSi8JlxAV38HXhGG9R5SUob368ZsAeiC/y5VH4y0cWnRA8R80Xs+yQlm6pyTUESgpFFXgZckPZGf5aay9pNdjw5UTOn1raQlpRmKrNpKKkHbpBnHJE4zdhaE7gsSpETm3ofaS4Ds6pqB3FIXRBLVwdyxdgCnOJiGGfPuiHoaLVlgxCtGjXZbU0YPEb7GqR0MPHfapEXU3yKG2Y27T3lXas6wePrKXaLcJIIe2xghnp/Ej55uGVdDnVQRc0cXTgREUZF2J0aeVuTDNoeSOD4k6xYwtAOZ3aWvtGxsEd0YKAtkGnQM/xdSVT10GkXzH3vBeDa6UZ6dmA5TgS5OXbEK4KS9lFoqyLIB7XgTFTZdGhmi59oMyU+kLoXiZfBrTtLCUansT6PLDm9ZgPyhDbuFCc4hE6VBPIzmEkW2B472TClc57A6fppowbHnsGs6/GZL9gSZnsaMmUJB3lLj9cpeqJLqXGmluNy/I9sVEqMwcLL0PuSSqfcPXfhIhFJGrphYT9mVSys2xHLwg1nOe1nETZuedY2PTXnZnpB5x8QxeoedCBR7tbM8M2ma9ZzwJJoDY2ZxL4ix3WOCKPNS625NHxNDrPyG1SGMK7ZIYwNUNWhqMSKre5pmS31OAT30EsKP3xqXwwxZ1UbRQCHZHk1iusClDKL3q7DHgUslA53dbVq0hrvYlDe1BGdd1r8G/wASAk+K/IOjbzLCoo2vv3TmWDjzf2hikncG8R2bbMMtbUk22Q+yY6bhVljkmagCWXb5wvbBYkQfLh+zZy5lPBtW1IfhQPZySYdW6K89dxQF2Bc5xb89MvvinMcOWuO5CwdpiMZe7Dsg3l8ONqHWJsrCGRGCclCUq/mI0eej/euKR923eZ5wU4dx52OWeUVRUooMIGdIWwplgVlBCFReuJxVmR7dJq4LMqQJvbS3MyQ4zi1QYUB1QD7CsNCt5rr08Z+2wY0ggmJDgTRkWGwGr1OHdoiXi+Y6N2YJ0P/OAgyBoICI3Pg+pTWic1rbE59esWSFTr1/mM8NFCqhpa7XgGWcq37fzQ/mCv3Ii3XfxeIYhCTWmThjmnj7TZhu5I3NiUrb1q9gSVDpqfQI4Hu360KpoaOcGfUbs+SuQpzXDcp8QNnz7FVZBugQ+sCi9zgx7d+JFWLhSTb2GFyPkiuNri3+cDIOX9oZNudjQxViX/IszNgsNiXzbBCovzmLm4Fvdk4LV3Ml//Dp+MT5pR+Fkz6hITeWN2sffFuLydV1NTtSzpxWjct8OzbiKIJP6Ks3dM57G2KofxnjA6wIF9zzQUmpkg9FAl7owrQ6niuRhMnz+PZoPU3zaM1TV3fcb/wmoVrCv9+s9TdDwoJ6hurU3RnUMqNC9S93YtdXWPLpImCgDj6tUV6G+WuIaMfiFPOeqtlLR21qEqG7txgXb9pzFEoGe7WZ9vVjV3YnqHpxtD3JmINcD129ld+uDfbiql6fRny6xRIBpassJrnEF2kAkK6qtEXIoojAjeMz6zC7ORgbBWmAKSukfS74G7qDu/HxZdek+/v7WlLhc2m3z8xGEFjTlG/w1MP6iQ/eArDO8qs3pKU7pQe9TdCJ42Jo9yZzkhq7lqWwbi1JdrCrjxTMcECKj0uNKhKOASIZs+IjNm4ntKGjfwYwcbLARJ8nTRZe+V7ZUEx4vc7tWaQzW5WoIw1XswvAVJ4F3RSuqCZ5aky7qtAHqzPEyydWobWm70m4GaRQ8fIsE+GX73dHaOqdUNnuxjkwqdzKXNlyDtgLaePRcZh0M7gZT7T4W3JevO9QYNTBraipmkCckrDnUGD,iv:GlxhTgvvVSkQWDNJEzFeUpT+k1YU2IUXXQFBpI7cU8o=,tag:WO4eBX0P6DY5jfjAW6+QMA==,type:str] -cert.pem: ENC[AES256_GCM,data:WXeZAJtpEBudGBbbSvrsL6ACdltJHRtZ5iv/PuqvUyZED7Ri/g4Qz0HskBWtfXj0+bGM1AsOOb/TJJL/ExUZEjtJsTllCS8nw3m2BJZ8f4fc5THBHXA0n/Vthi8yI39uh3B4ndFVj2+3pbIjp2OiM/HFaTVr/cEtA3t/PUIYuihyTrEjF7D0RG1Ug/vaaJ7LAnylt0RF8D5rRVhv6W2ET8Tmd8XL0LLKXlr9AgDS0XQ0aARBPo3Sq7++qS95pK3jyHXGe4WvuJZ7fikoaPrvP0Jwl+y1XjceG06ACCqmdqFYJFCmijYvKDlgsxyiT6H8ZYottQ0BHJL3aUW5sxEOA/f7AMc7hHNRxC9RnnilQryqBbNzWxZq1ns14uIGcLEspNRxq1HgD51zJC6XdfMMrBdgrWmO9Z4FD0HQQC6MCEnKq01eVg+cOVa7/3AsRwgEyf40JgS+GfAB7wMTVgf0jdf0mI70RgS3dyk2ZycjHOcu9kOaOrMNuQrrZuHHYpyhHAbuueQWQRjdVssmY7xb8yU3nNF8ec+8DXDhlO/8tSfuNW2+C7DMXsOzdyT5yCKiyiIyPUChTUb4pMd9fd28o0LcxpvBO2K+jV/qSC+rrhXmD2h5HD7zMhubYQxYZrDxUK1FHoKI8EvuYZdTAhK+NSUoyy+9QhBlhprAF4t2UQwWb4ykkkdbpLD4BBgbBVzokMZOnnww5RypwCKWBu2ZRhcjXKB5xzGf+Hhjw5aD3M0vx3vZt2XGUpJkf7V7LiYK0SdjF+rlcTPGNomHNBjZPnfDh1gHQCiW6dPAOCUr+tlERmCzAnFq1TTZSD4xLmU3KNsGvVPsGnLdGYkY925o4MmM1hv9jzHI8nk/j+0PbILg7S+lEtq7BSzVogJQXqaqTWWb8FZyNQLVbgqb2mwXsJ2RjVaxmtgbq0iUFDWcJ0+KeBsmKhvzdOBsnP1eKcpJ6UplO9XW0d/xnanTPhlXrJPoJg44fTZOAwC/W1zOAr1XXEC4Vltd60VMGyBH0KnXyih5RS/QT/Inp8WzWdwqj3ezK8MvMD2n9egloho/ni+7xDFdicHR0hGCqCPOsFxdrgMg39Ms0ofwFwgxBwhNyci0zlqgI4+rI+XY4l1lTnt9J57shZEqWuAzZtKXbn/bQMybzy7zguxMA4Z/scJ/ucQk/jH41GjocnIV2HC0Ryo67XiWtiNuJa9Lqz5dnN/Wbc0CMehmchlTMNEs4GpPC6nSSdevbWCEbJ3Mm959pffrbUOw+BezveqYfYSrk14gJDBq3a6fp+45dRz+6EZyceRfAL92Z0AJn90b9zhxHXETsfB9cUtjPMkr9Kq9gLd3ovVmywjITUWXKpiiY5xbNzrWPURq8/STzgNEhHEKBpg93kX0nWM9qhkvVRIYyuHljCp4//G8LCapp0H24LVQAZOJcoD2TyY1oRYdQP0k/zDOjQ/N2nJgkfWrPoV05NbL52dDJG03jBMDrTusiS8t6PC6tEM7sayte61ZxvYx62/1gfnU4nW8VyS/cjtYRw0jLj4ZDAFaVvibQDb0QLCYOzPaJ6Q/qMCCShdxMuETTWpYS4GuOI6wwA03jplZK+o1IK8/nzoB2eUt7AutHh9hUL+KEVuQPfOMiNB4Kw0YQe1gcfwuG5BIHUMHujcY49KNo1YwuFuBwUMBOIP+CvlpRzN6xbhcf7EkNw4uIxmWUeZph2659q3XYuv8T0yxnTH+A4BXfLkvhFMko6Z39UGpTpxqJt4dBuKuz1OJ4sic25R6crb9Qp+xa/zIoxbl67GlTR6T4L9OjLkldHuKm+iqlyXY2hzM8fy52e0eBhQRzluNlXLCcFzOAl8kZzHzGpC9QjHbDzEqdk4Rggr/MuMvswVWhGOn9M2rHdOeOOpwjrTLbe0INGhcIvH910aOmW+OJ5FjOsY1YMZPGiVJ150JKaiVvmmuxloPSF3QeR2M5diV6Yi/WTabn43VKJN7dEPHth7FtliuzROiijP28lkymW1v7VRPGCy59hs6hCNKNCEu7Q5qRbaNaag8zxUL9RDsWgzxpnwBCZznu6Bk2G0ldwADmfqMoz8GMftjpkibfDMNT5XupzNvc1gheBXXZaRLuZ74+z7LWKi4kdIG/tdXQ9ja1OzmsF4j8+aUaApHGZZPWdupZKKBpGAjY/Bqpbfm+vhVCIifGDCYK+HDcHCtaOUpRlYMKtQS0v4PTB34piTh9mMHyHG9bvMYqKpU3x3b9Fsp8JSdCHrAoT9zbxvnAexs7GifFWxyZGyb3HxFltz0omlA+zqSP/HhCGYm4Wpp9Wy0r50WGD8qJSBsbx4iuSyHywL3SY0zgklSmJSqolIaT/efTi+X8p7FJb2usMxVvP5O2DwiuelmzJ4SfYXsCcALyc1+BPY5/lpOtU1w1rarWi1KiGaOTiRYzakjQgmfO47abR2Lrr3Vdz/1kmSqeDCmHXPOrl4GbH+UecLk//FqPstcZiq6eEKZblPEwmre0VeiLHkIV9CJS6u+SYKA/syVt0I+ENV3bIogy5Y9gx9cr/NatJZ0Vs1/3LWV8lbGkbUmO6q5ekBHOrQ1TTfpVFu8/aR9R64plgJ+oadjkNyp8rindgn0iJpQi/mQh4mLiJ9nx3wGX3ZHauUaOJklIPFPR6JlR35b5UvKRpxIgDILKYUqAzbhlQznqFmdnk21Ga0llNK/F//zy4J3/74XeTW2Bm0dfUlZ5ASHV97SZeeFooIL0EBy+JeK4UBg07LHOzYhpKbEX37vIBCwjHFbptf++x1MtFAfqTjDfsVr1gnSEWGM4BDjS4DW2n+A9qJm1sei+SrYGGN6vffdSQwPMmisqVUxSMAtQSTOi2Hg57ttIEqPbelhF1KP3qBnlyBqWcVjsoWb+JfF3D4zjnFwwB61bJqG054mjqzLNNcHsrgjxL97FJwznupq7/avgui+QO+o0Ot2buhe8T+tnVdmTELInLgJJKAUjVOpKn5OF4h4tM/uGLFzY+reYniwxcad6nFUlsKOMoK7//rHiXyUHMAM0jI5hOOa79JcLSIXK35SY89hbSnAsJosAhRkt2vi3pilsFirsTRXOHutYaDlNlyZl7XFhoPgpaKXnW+h55GoBMrqfCnyY2dZYH61zPJDi2OwKpszzU9gfrHCSzeZKv26gmBonRo5fvlTBVKP6sk1MsHxsdkl3tWjSw4lFgvCotIXiCcbYPDLYR2IRe50Tah2dPpL2GIbA0hUpwr9ApZmbgJuzVZY9wZTA4MMA3WV68IXnqCD7J1lJY9su90FbRcud7+50vf3hp9pqqjI4ZM2yVqBfvt156JS07cMlfpOIwIjKx//f3PR+sxkxeSXavs7PEpHxhCZxnfXO9z1kerw5VU2N+yyEHjcZk3SdZNRYZx4WYpWYy/BoAjQWCeOSESYqZZtgOyTrcell5jHDj+Utv3O0ZHuGaN44s34fCLw8FfPPhfGa9ZELNoMARUngEjhJlIBkRa3Xk9tP7ScnhAe3CZ2mDCjbMH7mf4XH0THYsKnq78Oe6wPS9Fdv563CjL9XnDWNBvaPQgVfVgrFyT8jiQR621MQfCFRTI0z3VZB+Qc4fk98Rysys+xv1TDskjcpcBogZmun5uvARALWznb9PeEP5yGARyAVqxbKyoHOkJSwuWdhuHERRWFtRgdiTdEPl9pB9it9FtyCuHa+DR7eHPnbzGg3SHOdEBuGl43pOg3VAlF5ciZ/7l1V+ZcGHFsoRRCByuOEToktNF42BfBoW9/rniuNScUCc6+fokaeBUOdexL1AQBWUf6/PobJkvnf8p6/Jo2vzQnLOrxBvckxvhKye+CSpRl7JFVpjnBB8NHRuHPkYlUUBaPSEaVwZJxXp5ED5WdlJtrIv3HjpGWSuHJWW5+vkXxF172NeUHrKFqqXFWM8tzm0PurhI1bZBlhdm3Zo1+Pw+qnEb1a6r4hmwwGY3MGKsHdQQTCW76CQNK5/+EDJSCpWB0sIV1wiSr45TdQV5/yz/IzBJImeGf3wWOYt5PImVsnXhb2lVu9iW1/HPSoqipnMDOAkx0kpsDY0ZpcQTDhc/BwMmqVaTTJ6p+YlTvco92kUodAYyhL5CIc/YYIxaxrR29W/7QmGQq4Ef+d3SE7kuMqT11xGUNTGhY7swNAXwAmfHcnc+Czzrl2Bt2TA==,iv:LX0eZEsqP8c5TsNXxd/1shJA1WRJY6kgKyt1MrY9aUc=,tag:7KIkQvcAuyurDJ9xE8lwyA==,type:str] -nginx.conf: ENC[AES256_GCM,data:oXfjw5EnMHDmNiaQEkMg7e2a0NcsmZK4G7cFl07aZ5yaG0sUjeUy+1NQvoBMJ/x8wRrvjsdMHUc2LZ0oxp3vII/uQ4QhgdOxXHuTcxYYCgh/YIZXJZollTVVQ5RZQAaW1l2I+Qjc9AWEveyOUtx7mHfNWrsFXf/GAvzAG2dKY3CdCWvU69NXP0H5HZLFEzNdMe9bhnNtsOVedLTuhNLMZ4z8HtLSHLujdsFoZXNowYRgx3PquAFE2tYzk57fV0Hn3oJxPfCkviKLG770wUM/0G1BCwcZMO7Tt7KJP2YKbar/gD7MQSNKjMvwjQiVRejjK0Q/71SOiPCckFZR1/Z5BfW96khoj3q/7CmMKkzB1YO5gXPfI4OktclpmlYdgUGEZl0PlNfp+Gc76vbW9q3Rd/2/apxZ7JNKCosulemiu3nvEjbZmbVxLpI4XSollSwv7Dz9wBbzeQDWeZtzpUXUt54dVH1seixTP4Z6A6j0rW2qvy78l6uFUc8G5xAfsLu5Xwufq/u/nZz7S9FWoYbU4t2I+4ZI2E8l66pIcRBcsvLxGCclLukWX37XnVAEEMJIvr61R63yQoF93YnpwyCJFL+72sXm8CmZGsWEEfN2ZwQBdED8O1nAWiebwcxV7VyOmiUPu2ViWAHVLsPWrTcLEYrYRp5PFTxhlIQT7op5BgUaKoEdkgga7JxB6Wj6qQZO6nVbo7rznv3OLbJ6Clr7Ju/aHcU8sq9EbNPC+65BrFv2w6vUjZz9IXQik9/yZ4NOBo7YMOrdf4zmNzD/xXlr8V55mW/19mO9iMs7rTqbFKx9uocQFt9pUjxgkzEkjKguxi6H38oyyrx6rZL+x/z6s1w/aakR57lknb81C1SUpFVCLi/S/R2ASgQKHrc7zhAX0oO9xyr4BdfilJUJW28Mryr42P83enFP7YcEN9NsycSCq7Lrrc5VlfGshjS7lzzAJJ3xNkpyORus5XhLokI9Oj17fEdB56pun8lWSrvva0gJ6cvPRtk4lSVGZNopySwML8AiMyeqrirtrRE0NKBhndF0v6xji4YEszZks/CscKAbPfLYl9P+DZ5GHaOV4V7E8AE8RfHRqJa3rJjV/ZS3UYBLO4k5vwVheT/rPf37eOdvZ8IaixoGKvFhuXff2hJNB1mokoifR4wAeeHs4XMBnGwL5qlgUedVAXfjAFNXAmBY4QDzmLw3bHIps8xCrzAaQxRWMKGd2pi2FDqlL0po/NvElVihgD8q0NmGrFpXSjCOQTcP6BViickD3sK/cgghC9K+aGYs0PRVZyq9wNYklABGMuH6lAC+Bf22X8Ph23rknoyI/7u5qgSN7mbaevuwmQ2d32+MIOuS+Q6QEpGMR06uahlzkVxE2a9zkWwFWHaq+zQLbX7i8XqVaX3HomGU4kIf7zfSWZomv7JuKrGMfGm1ql7TenJ8UKrAiomoKWyLzgsfOg79HGTgXYhtIOAAuui4xKg0QNWp3RxJ0xHGSo3yjUhKzewNlJ04nQUIN736PUjDIeRf0pEYE4XdqooQOHCfK2AT5+B4dS5Qjuif6HzjeeY6cETHwui+kZty3Yh4rXipQrl4BnWubVG/uAMyIRGXeBjNOw0i1Opfp1VA73xkJShRRJHBaUPU969nRuaWwM/9ZWnOuPA+9d3thALhHpVa1y0Nscxk3+EyvmFH7oXxeSafavSRi0vxKfobiWQCFwFC8cdZQRh10kJbe6YN63B430cO3rICThp2GP9kN6v3g+86WZERy3WUlD9sOTpl9/HguAo8xmROhS5sOursIcTyqooMOuQLW5Zafr98x3EOdI2GBVVuB7O9ldFdqf8puG0rkrWhc4zb/mamL1Zc1lwqC3L4mtg1OG7nDDlyOoHRjXGRcUGLefm31r7D5GdVnlKHkoZknaCKnxQm/JY1NeMY5eRFI8u+4z93R/t6gVLDOLNam7uRFSz4mfooA8TzltQN90fsGyZ4RvT5/I/E6TPJLofzeugcLG2giBHN1FleCmvDJ/dEW4yRU2LX4BRhZTjnJ7OAjh4AE2pOtrRb8dj2XVSVZvBZfpbmTK8JDQ7cIl2xF6t+Zbe9QjXHJ62hEl9c8NgxqQ7u9kj4U1lZcNPOC+DDL+Q0T0G8ogwedZPCQOvXG6nk+F5LPJVfbdWxp8MlBtQm3LPJ6nTYtMAWwEES6pzsNoJuJNRE8NUsbYyAiQbhQkGbRnrYbItbv3/kzuP6s7o3I4ecCa8SOCAm1iAMQu9ZBaJ90GsxYiphO+ou6jZNkTTKFJP3V0NAGWFHv0AJrmB8WMcHhdOXGkSQLZnIh0IYeVRgZfaFhizYE197r49FBOa0PT5shdo7ZFQEQcaMkoiIdkqD8CZmNz6oJQc4+14Jrbyf1HiJMbjOjZk6jSwjQ05x+vOrlrqFJripMH3St0eeIvLI5mBUk2Vp8z6/2ejlyrJCS3/T+ZDN8XKbhIwnSqwHOZe+2TU9NltbMRaWnp5HnFOQMoTrZyTR+t88x7i2KYwjaedXLSulRkeQhyqQ745zE6gLWDZwqPNEr+wf7egUdJdQS48sC26jb0qKfhlbqdAiZFkUgGXc76qNJklz6cXQtt7/T6+Mf05jWzlHZwHBRO2fFCz3q2tvOvVkm48qqJm56RvFwCA0ZgmAPzmV9rKVeh53G2HnrJFNobGhlR2G4vQVURDewHb9a7Bftow4gnll8cQdB6UjYYtGbDU6JDC7URXDLNDkLqyVQ2nR6jCn+UJURo2bnAUP/2gRPE4k2KGlmPj++I11+REYn6qF+PRvQ5jos+m4xKShpj8JIVrVFxSf92WY/qq+fi3CcUHp5PeWDyJDAYDkCg/f0Syo0tyy6Ub8vcGSiWAuFazC4v7nXazSg9xcoozs0jXjGWl1y/PkZtQOtv/DclD5vG4rBvMiLxwi1PRIJK83LLxl+XBKwJujWiOYQR9l0WD2gm2APNzFOSmAJENxi9bHdYP4LAMKuCWnQKBhn9BobvsN0JlQVm7+a7SmF6b1jKF37UhQUWxQsiB+6t3sdoRLbW//+I+8vlKo4qvYbTCFNjalmJL7xIbDX6Z3qjJtYMSRUudhDtha3rAlDFVxADTGvva6/uupJvq0q54nyD6v0RB/t5ZXykfn3gy/ofMu/G8LSHGfSB4fpVqiLX9LRnX8m+6wcWo627uPjaowjC1BfAI/KClUBqrex8fi0ygzcM87Yccx9Aekps9t+BBQ/3Hgqmv2G65kig89DU6Y46hPLX252VcMzb2NjPwEGZfiigxeb/UY9l058Aql1/juw9onHiCmx8fO3GT6GHhELHCoarXor5cTHVAPDUn3GYy01LmKgix1YK8QVBsgalLjrDbNs0+SIjDvNXB4oBWqepg+Z7m1PmpOkd88/E/RfhZBwJrF+SXnOgZUFfAv/vp9sri/SHYK50uEWL46Vi3pFBRXkvmijdWQJ1wb9J0l1wZpqXR07M4BYy1ceM6ywf2LIGcWaDnJKwcW1baMUvopVEETIZT+MQrpfbW3vu8OE1/MmUKNFo2mdPbRSRzvrIf9+7zaCqZmv4DSsyZGtWVSwAP9EJMuR2bVnnSqdtL4IKSFvuivJvuyy6XtKY/7jCzYJvqQMX4AnHRH2T7iIccCnDupPuUq7AGZ9skzNfXa0bxRxol82450/59FgtmNc+IxzIM9Xsj3TPyNJ8ZeSCTzH3NE9+L+JDkJ2JtdgYH0TGMxIfJ56iuXJR3n/MGdsP7KrZa9qydNIhJRV6fJUjBHXnvjKTjXc0lrq7/kg81Bg6uugTxZ4C1RduuedI/HEkDgjDAELBYGVnwQk5Mk6n0yDstgusvkY3nBft/wCpBQLPtLoiXqJgtFJeyOH50+Bo1iDjz+4ncgGewPXqV373GR3AF3Bxz+UOAI7a7WMJYsrKjtSn473sFm/4AqA474iZcCf/Wd25sDbOH7EsQcW2ndlEk985ehn8iyuBGFF+/aWBSDf5mfg6sbGTj/oiS7mwA8t0mHUS3G7uHgMc5Ent+BwMF3C+6VBkFBaWiOj7CXHGqakX8PvvZvbUo6qnQuwH2j9wGRCzUNAzN9AD1DJwHS7G3VDaotVVogagVg/qxCIXmGRE472IAFbO/zv2lzsyw1HS1SlU+2HDSYcGYefZS65f2uSLy2ASYQbdL9BWN62GxvAdxXkZSwZP33p0pjcyuXCkJS5gx7W8i3Qr41YQa3An5Z1MhU1VaZC2YdKRZlvcoPof67aXFP/jg3PxIwpDAfxN1dVg8w4d7Jg4F48wQaBSyhyUF20PTgN98UWEF4rSEQsknAncM7KRo4SXlmktufxFReEGyjG0qvTf3WcP6P9TlmwHrnqj6KDgl69DMG7aRSOGDWFLJNnTiiDNprxCimUMlDGmcLIcXBjYVOEW/QHZhYCJdvA7okSWv0ZXmCP8BzFEnnUs1IiwIHgwP0DgDqMmRDXhhotb1FPCcK5r293/++xTRLtx7bVPW+ZornR8+4vZWH2RtRIKG8R81fEmheqL3p6DLV0/MPD9cyu0Erku22acQBDrRLQMuckjQBPd0J9twNoW40Rx9tctoFi1EicM/ydi5w2aNHaQYLVMYDBcOqC9FzZhxNHoYIV9GmQ3jPxka+9riTABMDlpPZrnAAwWjrTuxFks8g8lhj5DSFsgA+Rhto3gMQLWF9mWZYJASgDlsB23uOjPHpx1LNgtZX1ngwADob1AsT1uZdRkQtvc0iLREce7lKiruhsr3e5PHmnIepFjDXN6QqtpiYHmd1J6DvyV4Z7u7Xn8cDF+5mh//cK34KCpUkZQnJhK9lKNF5J8HUylcPAD4F0Zq/W76Lx5pcVfqGcsMEqpFSW4jiWl3GFN1CKzwpguZlDnqXLsIknYb4B4lPEhr67UOpJsp+9GJhxApBxTMAaBlSHWmZNVaRLaPXeZ9PPXlAUJhr0nreoLnZkEjWotJ0BC/3w+kt2sJTz+H6REU0a5A+ZxVvle9573feA1N59bxSyD6iccqWUGR2tT2sy7XGy88Rb3PylHqqvv1y4g8JRedtilCQNSpicLU8rjfymEM0yNdhJNc/iea3KGEzR97uXBn1eiwptHEaxYvhHFDQoCajjboq6rEgR1p6dF54PrBYAI4Ve/L+DKq6TRUeNwQfPbq9rXR+veSAXREe2FyvOKp/hQbKu3nTqMGd6XznJrZKpuwxZLNBknUGX8t85qPooR7qYyy5Xo5wSyvoG6lBAwtrFSAooUwFE7ZQfzJHMyxd6LRCtEHt3PlgGfYAKixsEvcaNrqi/X81iYDC6SNSkSDs5WhK2y8sgxsH+6obi31rCibYxeIxohzL0Kx0SxFcYllO1fC+nprnbJE9ASFlwezZMNwCyS6rTcPbsQD5M3Al5+I9+n+UjjqFrBvz8k6tRmyB0zf0QPuDyNXEboJIJS0DZxgtvN7MbAfkmEjUjpb4vG8hqyW9qeFzCL2blY4Ye5+ekHHzbWdw7tOmo1TffYbqeXAKj5TmKJvJeLXUJWislUytBKWBsSXx9b5lkBIjoHT7nxPga5MtXdWG3h1LKdGn5CGy9r+G6jmJwpTufHhtha+SQb37UgZoU4dUUE8ASFVOdoD40l++msxeTsPP5PdDWkE4C2eCJZ01jAc90/d95xmObiluQXKYZNgDhNXR7ciKf/zASTcrG1Q9sInO0H5zytvfOcdwIAep5Oi9ZI/3lUe/UZyKuR80fED6/XW8RPb90gbSSOz4xGopbbOsDsjHKdPZ1e8GpnvkPzOu9+Dv1Wtw4qjziFR6VqvXJ3x04IawC+HkXdJ8FG9Ll6jxk/7gLwj7Uo1AoMT3jvKLnGQyD+cfArJKn6uURg0poOecYm78QOZG/SwsWeH4TJszDazfPVchgAd4w/AXAsQ/S2cGuQJZcutcUGi9GylRcYsobuQicH4TKk6zzLEfKP6dLqm6/ASj52FMIFy3x7+g254xRlpFF4yvzZ2dEbm+Hniz6v9yge+CNOlBHJXoFnr3EN3rXBxX8/TojpP0ceE/YHrn3QKWcZoR+uwovvWhPg9pYG2+iJX7Bs6BTVKMZs9019/ew3NEIqeUEW/zhtB6KDVOL60K518FIxgXIAfc87dtYk1N2ExHQ4foAsGksdT6fIcl6IfjiYvszhZ4yVIFRDkPYrpmlFKX4ZNmsU/ajeZm7nLC3pRLwIkqUYDPgsbTAbXevP2nXtWWIA4umQolZkVpxnl99SiQTcsKrf/1s1qPIJhUz1DmPUn+JAOvlkW5FCvhoKvuEOLgV3sh5Uk9/C20JaiDZFYvObKnsfSngFKoG25qgZ68echyOzejIDWzbVFlc/83m7UlfnSm3I3apDHX/oAbqTTqlAogyhMXsD/btXELz133ICuHK4M1UUWeuQTFeuojNI828knA9JFdzS+6j7Tp0aobXV4XPZio5rNxVzCwh4oFaiuxJ6SYqW6655gcCoYHVSq9a9n4tfZ3EohGO/4OW+FeqgtLid/6pU3Roa+X7+NnerK9+eIAkkDrE8V1VBKOBx21j0xEW2E8EX1W1D/rjWd10qqmsZaMlg5sDAykeIu7n5+8DO9L/UQnkgdZ56Cp803H7LjucGbRcS9rDpyay5M0ukpiCUymLA454tdV/AZllnTyFJFEGFdMu02CwS8Nt3IPgu4oRB248oNnqpWuRHSCO0sVG7XsWWzZspu5KtEUKqjdJMfjzou3n35ZVWrMNVUY1bZv7Y3JmKXDGbJwU7EoE/t0m+rKYgRzgAiTFT7c4vddvHjfcACk1ef6Paclg7xXjO9EGgmJVD93KHEbC/WlaubrMscQU3Vpv/eAR/VmNVtOFTV84f2/7HjZk/ey3jVAC4N+v4CYewWZqmZSFKj+YjD1JBkvl4b8KOqdbZQTLl/ceiBTaHz5hmZhtdBiRwBYtCLHmYnLevyhFF9AD39oQFD66aUDuLhQF2fSXFNIgqtJCwWGyulmvmGAJmVhc8wnVX2ORUt1TsF/6gtOejynM4vRNZ43Xy4aYoF87i4xd+vtCbooFOp1Yx4Whz1YXwzC+6zELZZ9nH5Y8Rs2g/kDXdhnJLRYoRT0XYhK7U9KrSw+eMVxdytoQNBu0UoqDUUtakIsad8jkqfcBt6JqX+g77QxG4RSvqoPL4+0RJ9K6OUCVRX98gDFOvLqQrjE7xsag2UPIxSfUK4jHTIIv3+6ALy2WEVTYNPjhtnLD0kKUe8MdtCcCeCAQFFnhLYVOVz/OkRUIUT+KKzNRxrLJeeXgT4fbszl2YBnPnBfnlLscD1xh3lCthA9I+tnWUF47nCpmewyRgvbyBuVw/NTnU+JDPDkGMIQ5G5Hcg==,iv:c/Xe00YIjJis2HpLPdH1f2eOri4wILr7Q33/qvz2MFU=,tag:t71/YC+y1wHcepfjHQXOLw==,type:str] -sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] - age: [] - lastmodified: "2023-11-22T20:29:17Z" - mac: ENC[AES256_GCM,data:USCFtnGc7Olcst9UQPTU0vr069h0LFaG1fZMSEZMMcyTi14q/nj2QoaidFJ3hO6kbrVBTUj29/ek1t9aCh8SuHy9hnl9m8Kpyek34Rd3iO6C7Iy20mn/gctmS2644Wb7px3Uve+B9tId3RHfPs6BNSVJMdpCsluk1xydC5UEKww=,iv:qxQGVCN7BZ9Rq8vLJJZ1uu5tZxcFT/p2ETCgBD/Tvq0=,tag:uTwqs8GumFzCnkT2sWfChw==,type:str] - pgp: - - created_at: "2023-11-22T20:28:22Z" - enc: |- - -----BEGIN PGP MESSAGE----- - - hQEMAwcagTG/Fm6AAQf8CfLozAj1WlKCAPs/KIE5Uk6/lJQdpoNG/52t4b2Y/jSV - yeYWSVyIpD46qT25MpWPDOAhsxX0R5QkFCQ5zr20aWM5jYb1W6PYEheNDv/PPxxT - xqff4daevcu1AiIw7kpRQlvyAJI//YOOH9Uj1xL6Z+KTg8RomeUiWws8MCvhb2xR - J0cRRT7jnZKxvGnqbb7rbSxAEX6VTP45OfFFiY2KXII+o2wQmelgtl2iw7FHN5nl - u3QsPDoQmkOD1ymqpNsS7+D7qSajMFgpykSsxLcwKUsuLKnX7fEsnctJYJ8iqz22 - UQM2qudTdaKR11jxHVgVYQXDbF1TpSjTuznDBavjydJYAdX0IXlknY2R+f/EPeAB - ulKzB80bxcp1CmzlaRKczSnwTeNZiDjV3dRhPPteKaBEKlgLoK/VZ/S2FenO7Udn - NHiP5edJ58nzUzLg1sqmlw1YhIdnRvcIUQ== - =/wEk - -----END PGP MESSAGE----- - fp: ad382d058c964607b7bbf01b071a8131bf166e80 - - created_at: "2023-11-22T20:28:22Z" - enc: |- - -----BEGIN PGP MESSAGE----- - - hQIMAyNex7x1cALKARAAmch8JmE7Nf9WKeb7UMZH86eLFa9dhtawk4qLUJsWqRQV - ncKKa1Vhci1BCMo8nhbgEXQQ6sxvn4ptq9yNv6d2fyjP+mt0mr58n8mVoM4fpUKg - PbPMTvaRYWV+NTC5AGCx+Dj1aRS0EzM+DF1DGiiL8qjWbADpHLR9vHv33eA63CDj - RNj6JtzDs8D25gXiS5HgXCUdiZkzuHF9omOOPrYszMkGZWhq4RPHnDC3trNU/FAK - vAQl667u1FnAwCJ8NdRweRnNqMn1NxHhs5eFbZWRsfQDHlTGTf8IaffNLzQLFcJ2 - hqIgkKGAuJpvYVjzq8n3Vdn5gXCsuk2AHpdmgFHQv+ZYNF7WV91chzAemgPX11CM - DWAxhtTE7ees73qVEXafmmIGGLrgC7uSQ6zz33rFgWAGuCXOjH5fyrDd+2XRQc/f - 2ZDihmLg+/TPIYiVDVJJtqj0DXnEJycIVls3m3s/857kY6opXtLoLML15DYRCWHK - VOLc/A+UfNCttkvZZjCkI7pLXf7WuQEXp1Zl3Mkmtu/reuIP4nrq2TWi7vQFndhf - FdABKWljVakWsbH06HacIBXJe0jAg34gvaeEkfKrWnOBdt4IXQYSHiURwEeIs237 - hYBpoXBigVLlPKREkLePwjaDjim452SR04ETlH4GIG4nffphLY6/03J2en8STI/S - WAHgZXYLepbC5GzzVrTtoGAKQ1jUyBsozQMp+MXaVCbGz0bDfZOxFm93ctw/I8Sy - psvlFdAEUCsaHOcBvysV2NzcLq/eDOatYhxC/fiQtM1YwUyNc45A4fo= - =KUw2 - -----END PGP MESSAGE----- - fp: d286fd9431753cb455537070235ec7bc757002ca - unencrypted_suffix: _unencrypted - version: 3.8.1