AtaraxiaDev/nixos-config
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

huge cleanup and refactoring
Some checks failed
Build ISO / build (push) Has been cancelled

Browse Source
This commit is contained in:
Dmitriy Kholkin 2024-01-21 19:29:36 +03:00
parent 8615929e23
commit e965d93842
Signed by: AtaraxiaDev
GPG Key ID: FD266B810DF48DF2
49 changed files with 136 additions and 1294 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
.gitignore vendored
View File

@ -1,8 +1,7 @@
.direnv
.VSCodeCounter
result
result*
*.bak
*.qcow2
*.raw
*.img
vm-scripts/**
*.img

7
.sops.yaml
View File

@ -1,6 +1,5 @@
keys:
- &ataraxia ad382d058c964607b7bbf01b071a8131bf166e80
- &suomi-vps d286fd9431753cb455537070235ec7bc757002ca
- &nixos-vps 20d2e2b90c6aa179585b6b6b34cafb9db82f1d40
- &home-hypervisor a32018133c7afbfd05d5b2795f3b89af369520c6
creation_rules:
@ -8,14 +7,8 @@ creation_rules:
key_groups:
- pgp:
- *ataraxia
- *suomi-vps
- *nixos-vps
- *home-hypervisor
- path_regex: secrets/suomi-vps/[^/]+\.(yaml|json|env|ini)$
key_groups:
- pgp:
- *ataraxia
- *suomi-vps
- path_regex: secrets/nixos-vps/[^/]+\.(yaml|json|env|ini)$
key_groups:
- pgp:

4
.vscodeignore
View File

@ -1,2 +1,2 @@
result/**
result
result*
result*/**

10
todo.md → TODO.md
View File

@ -1,14 +1,14 @@
# TODO
* move some profiles to modules (like vpn.nix)
* use sops for all occurrences of hashedPassword
* auto-import gpg keys
* wait headscale start until authentik
* auto-login to tailscale for hypervisor
* config qbittorrent
* telegram theme
* use theme engine from https://github.com/SenchoPens/base16.nix (?)
* fix waybar config
* Firejail all the things (maybe not...)
* change writeShellScript and writeShellScriptBin to writeShellApplication
* add asserts to autoinstall module
* fix mime, fix aria2
* add updateScript to my packages
* move overlay and packages to root folder
* Change all 'latest' tags in docker container to digest: "statping/statping@sha256:aaaaa"
* or add cmd to all containers: "--pull=newer"

11
flake.nix
View File

@ -241,17 +241,6 @@
specialArgs = { inherit inputs; };
format = "install-iso";
};
Flakes-ISO-Aarch64 = nixos-generators.nixosGenerate {
system = "aarch64-linux";
modules = [
(import (./machines/Flakes-ISO))
{ device = "Flakes-ISO"; mainuser = "ataraxia"; }
./machines/Arch-Builder-VM/autoinstall.nix
self.customModules.autoinstall
];
specialArgs = { inherit inputs; };
format = "install-iso";
};
};
};

2
machines/AMD-Workstation/boot.nix
View File

@ -3,7 +3,7 @@ let
zfs_arc_max = toString (6 * 1024 * 1024 * 1024);
in {
boot = {
zfs.enableUnstable = false; # For now, unstable zfs will downgrade kernel
zfs.enableUnstable = false;
kernelPackages = pkgs.linuxPackages_lqx;
initrd = {

53
machines/AMD-Workstation/default.nix
View File

@ -4,7 +4,6 @@
./hardware-configuration.nix
customRoles.workstation
# customProfiles.stable-diffusion
customProfiles.a2ln-server
customProfiles.act
customProfiles.attic
@ -21,12 +20,6 @@
security.pki.certificateFiles = [ ../../misc/mitmproxy-ca-cert.pem ];
virtualisation.libvirt.guests = {
win2k22 = {
autoStart = false;
user = config.mainuser;
group = "libvirtd";
xmlFile = ./vm/win2k22.xml;
};
win10 = {
autoStart = true;
user = config.mainuser;
@ -39,44 +32,15 @@
group = "libvirtd";
xmlFile = ./vm/win10-server.xml;
};
fedora-build = {
autoStart = false;
user = config.mainuser;
group = "libvirtd";
uefi = true;
memory = 32 * 1024;
sharedMemory = true;
cpu = { cores = 6; threads = 2; };
devices = {
disks = [
{ diskFile = "/media/libvirt/images/fedora-build.qcow2"; targetName = "vda"; }
{ diskFile = "/media/libvirt/images/android-zfs.qcow2"; targetName = "sda"; bus = "scsi"; }
];
network.macAddress = "52:54:00:f7:be:ef";
};
};
};
deviceSpecific.devInfo = {
cpu = {
vendor = "amd";
clock = 3700;
cores = 12;
};
drive = {
type = "ssd";
speed = 6000;
size = 1000;
};
gpu = {
vendor = "amd";
};
bigScreen = true;
cpu.vendor = "amd";
drive.type = "ssd";
gpu.vendor = "amd";
ram = 48;
fileSystem = "zfs";
};
deviceSpecific.isHost = true;
deviceSpecific.isShared = false;
deviceSpecific.isGaming = true;
deviceSpecific.enableVirtualisation = true;
# VPN
@ -84,17 +48,13 @@
secrets.wg-ataraxia.services = [ "wg-quick-wg0.service" ];
networking.wg-quick.interfaces.wg0.autostart = false;
networking.wg-quick.interfaces.wg0.configFile = config.secrets.wg-ataraxia.decrypted;
hardware.firmware = [ pkgs.rtl8761b-firmware ];
programs.nix-ld.enable = true;
# Mount
secrets.files-veracrypt = { };
environment.etc.crypttab = {
text = ''
files-veracrypt /dev/disk/by-partuuid/15fa11a1-a6d8-4962-9c03-74b209d7c46a /var/secrets/files-veracrypt tcrypt-veracrypt
'';
};
fileSystems = {
"/media/win-sys" = {
fsType = "ntfs";
@ -117,10 +77,10 @@
};
powerManagement.cpuFreqGovernor = "schedutil";
hardware.firmware = [ pkgs.rtl8761b-firmware ];
services.openssh.settings.PermitRootLogin = lib.mkForce "without-password";
services.ratbagd.enable = true;
# Networking
networking.firewall.allowedTCPPorts = [ 8000 5900 52736 ];
networking.nameservers = [ "192.168.0.1" ];
networking.defaultGateway = "192.168.0.1";
@ -133,6 +93,7 @@
}];
};
programs.nix-ld.enable = true;
home-manager.users.${config.mainuser} = {
home.packages = [
inputs.nixos-generators.packages.${pkgs.hostPlatform.system}.nixos-generate

35
machines/AMD-Workstation/passthrough/default.nix
View File

@ -1,35 +0,0 @@
{ config, ... }: {
systemd.services.libvirtd = {
path = let
env = pkgs.buildEnv {
name = "qemu-hook-env";
paths = with pkgs; [
libvirt bash util-linux pciutils ripgrep
procps coreutils systemd kmod gawk
];
};
in [ env ];
};
system.activationScripts.libvirt-hooks.text = ''
ln -Tfs /etc/libvirt/hooks /var/lib/libvirt/hooks
ln -Tfs /etc/libvirt/vgabios /var/lib/libvirt/vgabios
'';
environment.etc = {
"libvirt/hooks/qemu".source = ./passthrough/qemu;
"libvirt/hooks/qemu.d/win10/vfio-script.sh".source = ./passthrough/vfio-script.sh;
"libvirt/vgabios/navi22.rom".source = ./passthrough/navi22.rom;
};
systemd.services.hyprland-logout = {
script = "hyprctl dispatch exit";
serviceConfig = {
Type = "oneshot";
User = config.mainuser;
};
path = [
config.home-manager.users.${config.mainuser}.wayland.windowManager.hyprland.package
];
};
}

BIN
machines/AMD-Workstation/passthrough/navi22.rom
View File

Binary file not shown.

18
machines/AMD-Workstation/passthrough/qemu
View File

@ -1,18 +0,0 @@
#!/bin/bash
OBJECT="$1"
OPERATION="$2"
if [[ $OBJECT == "win10" ]]; then
case "$OPERATION" in
"prepare")
# systemctl start libvirt-nosleep@"$OBJECT" 2>&1 | tee -a /var/log/libvirt/custom_hooks.log
/etc/libvirt/hooks/qemu.d/win10/vfio-script.sh start 2>&1 | tee -a /var/log/libvirt/vfio-script.log
;;
"release")
# systemctl stop libvirt-nosleep@"$OBJECT" 2>&1 | tee -a /var/log/libvirt/custom_hooks.log
/etc/libvirt/hooks/qemu.d/win10/vfio-script.sh stop 2>&1 | tee -a /var/log/libvirt/vfio-script.log
;;
esac
fi

140
machines/AMD-Workstation/passthrough/vfio-script.sh
View File

@ -1,140 +0,0 @@
#!/bin/bash
# Helpful to read output when debugging
#set -x
##------------------------------------------------------------------------
## Alpha version: 0.4V
## Author: AM(Tobias Rieper)
## Last Edit: 08-01-2023
## Works with AMD GPU with systemd.
## Note: CPU Pinning is disable by default. Check Read Me To enable it ;-)
##-------------------------------------------------------------------------
#Variables
Gen_Vars() {
NULL="/dev/null"
#Delays
Delay_1="1"
Delay_2="2"
Delay_3="3"
Delay_4="4"
Delay_5="5"
##
#Virsh Commands
PCI="pci_0000_"
REMOVE="nodedev-detach"
ADD="nodedev-reattach"
##
#Video and Audio
VIDEO=$(lspci -nn | grep VGA | head -1 | cut -d " " -f1 | tr ":." "_")
VIDEO1=$(lspci -nn | grep VGA | head -1 | cut -d " " -f1)
AUDIO=$(lspci -nn | grep "HDMI Audio" | head -1 | cut -d " " -f1 | tr ":." "_")
AUDIO1=$(lspci -nn | grep "HDMI Audio" | head -1 | cut -d " " -f1)
##
#Display Manager
DM1=$(grep '/usr/s\?bin' /etc/systemd/system/display-manager.service | tr "/" "\n" | tail -1)
DM2=$(ps auxf | awk '{print $11}' | grep -e "dm" | head -1 | tr "/" "\n" | tail -1)
##
#RTC Wake Timer
TIME="+8sec"
##
#CoolDown Delay
Delay_8="8"
##
#Loop Variables
declare -i Loop
Loop=1
declare -i TimeOut
TimeOut=5
##
# Helpful to read output when debugging
set -x
}
Kill_DM() {
#Just to make sure the session is dead.
# for i in $(ls /home); do echo $i; killall -u $i;kill -9 $(ps -s -U $i | awk '{print $2}' | grep -Ev "pid");done
#Fn to Stop The Display Manager
# systemctl start hyprland-logout
hyprctl dispatch exittex = (pkgs.texlive.combine {
inherit (pkgs.texlive) scheme-medium
# dvisvgm dvipng # for preview and export as html
luatex latexmk t2 tempora ccaption soul
float makecell multirow enumitem cyrillic
babel babel-russian metafont hyphen-russian
greek-fontenc;
});
#Don't Touch this Delay
sleep $Delay_2
#Unbinding VT Consoles if currently bound (adapted from https://www.kernel.org/doc/Documentation/fb/fbcon.txt)
for i in /sys/class/vtconsole/*;
do
echo 0 > $i/bind
done
}
IF_AMD() {
if [ "lsmod | grep "amdgpu" &> /dev/null" ]; then
lsmod | grep amdgpu | cut -d " " -f1 >/tmp/amd-modules
#Syncing Disk and clearing The Caches(RAM)
sync; echo 1 > /proc/sys/vm/drop_caches
#Un-Binding GPU From driver
sleep $Delay_2
echo "0000:$VIDEO1" > "/sys/bus/pci/devices/0000:$VIDEO1/driver/unbind"
echo "0000:$AUDIO1" > "/sys/bus/pci/devices/0000:$AUDIO1/driver/unbind"
#Waiting for AMD GPU To Fininsh
while ! (dmesg | grep "amdgpu 0000:$VIDEO1" | tail -5 | grep "amdgpu: finishing device."); do echo "Loop-1"; if [ "$Loop" -le "$TimeOut" ]; then echo "Waiting"; TimeOut+=1; echo "Try: $TimeOut"; sleep 1; else break;fi; done
## Removing Video and Audio
virsh $REMOVE "$PCI$VIDEO"
sleep 1
virsh $REMOVE "$PCI$AUDIO"
modprobe -r amdgpu
#Reseting The Loop Counter
Loop=1
#Making Sure that AMD GPU is Un-Loaded
while (lsmod | grep amdgpu); do echo "Loop-3"; if [ "$Loop" -le "$TimeOut" ]; then echo "AMD GPU in use"; lsmod | grep amdgpu | awk '{print $1}' | while read AM; do modprobe -r $AM; done;TimeOut+=1; echo "AMDGPU try: $TimeOut"; sleep 1; else echo "Fail To Remove AMD GPU";rmmod amdgpu; break;fi;done
#may the force be with you
#rmmod -f amdgpu
#garbage collection
unset Loop
unset TimeOut
#Putting System To a quick sleep cycle to make sure that amd graphic card is Properly reset
rtcwake -m mem --date $TIME
fi
}
CPU_Pining() {
if [[ "$*" == "enable" ]]
then
systemctl set-property --runtime -- user.slice AllowedCPUs=0,8
systemctl set-property --runtime -- system.slice AllowedCPUs=0,8
systemctl set-property --runtime -- init.scope AllowedCPUs=0,8
echo "CPU Pining Enabled"
elif [[ "$*" == "disable" ]]
then
systemctl set-property --runtime -- user.slice AllowedCPUs=0-11
systemctl set-property --runtime -- system.slice AllowedCPUs=0-11
systemctl set-property --runtime -- init.scope AllowedCPUs=0-11
echo "CPU Pining Disable"
fi
}
# Main Init
if [[ "$*" == "start" ]]
then
Gen_Vars
Kill_DM
IF_AMD
#CPU_Pining "enable"
echo "Start Done"
elif [[ "$*" == "stop" ]]
then
Gen_Vars
#CPU_Pining "disable"
echo "1" | tee -a /sys/bus/pci/devices/0000:$AUDIO1/remove
echo "1" | tee -a /sys/bus/pci/devices/0000:$VIDEO1/remove
rtcwake -m mem --date $TIME
sleep $Delay_3
echo "1" | tee -a /sys/bus/pci/rescan
# systemctl restart `cat /var/tmp/Last-DM`
echo "Stop Done"
fi

201
machines/AMD-Workstation/vm/win2k22.xml
View File

@ -1,201 +0,0 @@
<domain type='kvm'>
<name>win2k22</name>
<uuid>dcd41663-1e1d-40d0-9020-46f4e25e2777</uuid>
<metadata>
<libosinfo:libosinfo xmlns:libosinfo="http://libosinfo.org/xmlns/libvirt/domain/1.0">
<libosinfo:os id="http://microsoft.com/win/2k22"/>
</libosinfo:libosinfo>
</metadata>
<memory unit='KiB'>4194304</memory>
<currentMemory unit='KiB'>4194304</currentMemory>
<memoryBacking>
<source type='memfd'/>
<access mode='shared'/>
</memoryBacking>
<vcpu placement='static'>2</vcpu>
<os>
<type arch='x86_64' machine='pc-q35-7.2'>hvm</type>
<loader readonly='yes' type='pflash'>/run/libvirt/nix-ovmf/OVMF_CODE.fd</loader>
<nvram>/var/lib/libvirt/qemu/nvram/win2k22_VARS.fd</nvram>
</os>
<features>
<acpi/>
<apic/>
<hyperv mode='custom'>
<relaxed state='on'/>
<vapic state='on'/>
<spinlocks state='on' retries='8191'/>
<vpindex state='on'/>
<synic state='on'/>
</hyperv>
<vmport state='off'/>
</features>
<cpu mode='host-passthrough' check='none' migratable='on'>
<topology sockets='1' dies='1' cores='1' threads='2'/>
</cpu>
<clock offset='localtime'>
<timer name='rtc' tickpolicy='catchup'/>
<timer name='pit' tickpolicy='delay'/>
<timer name='hpet' present='no'/>
<timer name='hypervclock' present='yes'/>
</clock>
<on_poweroff>destroy</on_poweroff>
<on_reboot>restart</on_reboot>
<on_crash>destroy</on_crash>
<pm>
<suspend-to-mem enabled='no'/>
<suspend-to-disk enabled='no'/>
</pm>
<devices>
<emulator>/run/libvirt/nix-emulators/qemu-system-x86_64</emulator>
<disk type='file' device='disk'>
<driver name='qemu' type='qcow2' discard='unmap'/>
<source file='/media/libvirt/images/win2k22.qcow2'/>
<target dev='vdb' bus='virtio'/>
<boot order='1'/>
<address type='pci' domain='0x0000' bus='0x05' slot='0x00' function='0x0'/>
</disk>
<disk type='file' device='cdrom'>
<driver name='qemu' type='raw'/>
<target dev='sdb' bus='sata'/>
<readonly/>
<boot order='2'/>
<address type='drive' controller='0' bus='0' target='0' unit='1'/>
</disk>
<controller type='usb' index='0' model='qemu-xhci' ports='15'>
<address type='pci' domain='0x0000' bus='0x02' slot='0x00' function='0x0'/>
</controller>
<controller type='pci' index='0' model='pcie-root'/>
<controller type='pci' index='1' model='pcie-root-port'>
<model name='pcie-root-port'/>
<target chassis='1' port='0x10'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x0' multifunction='on'/>
</controller>
<controller type='pci' index='2' model='pcie-root-port'>
<model name='pcie-root-port'/>
<target chassis='2' port='0x11'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x1'/>
</controller>
<controller type='pci' index='3' model='pcie-root-port'>
<model name='pcie-root-port'/>
<target chassis='3' port='0x12'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x2'/>
</controller>
<controller type='pci' index='4' model='pcie-root-port'>
<model name='pcie-root-port'/>
<target chassis='4' port='0x13'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x3'/>
</controller>
<controller type='pci' index='5' model='pcie-root-port'>
<model name='pcie-root-port'/>
<target chassis='5' port='0x14'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x4'/>
</controller>
<controller type='pci' index='6' model='pcie-root-port'>
<model name='pcie-root-port'/>
<target chassis='6' port='0x15'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x5'/>
</controller>
<controller type='pci' index='7' model='pcie-root-port'>
<model name='pcie-root-port'/>
<target chassis='7' port='0x16'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x6'/>
</controller>
<controller type='pci' index='8' model='pcie-root-port'>
<model name='pcie-root-port'/>
<target chassis='8' port='0x17'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x7'/>
</controller>
<controller type='pci' index='9' model='pcie-root-port'>
<model name='pcie-root-port'/>
<target chassis='9' port='0x18'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x0' multifunction='on'/>
</controller>
<controller type='pci' index='10' model='pcie-root-port'>
<model name='pcie-root-port'/>
<target chassis='10' port='0x19'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x1'/>
</controller>
<controller type='pci' index='11' model='pcie-root-port'>
<model name='pcie-root-port'/>
<target chassis='11' port='0x1a'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x2'/>
</controller>
<controller type='pci' index='12' model='pcie-root-port'>
<model name='pcie-root-port'/>
<target chassis='12' port='0x1b'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x3'/>
</controller>
<controller type='pci' index='13' model='pcie-root-port'>
<model name='pcie-root-port'/>
<target chassis='13' port='0x1c'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x4'/>
</controller>
<controller type='pci' index='14' model='pcie-root-port'>
<model name='pcie-root-port'/>
<target chassis='14' port='0x1d'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x5'/>
</controller>
<controller type='sata' index='0'>
<address type='pci' domain='0x0000' bus='0x00' slot='0x1f' function='0x2'/>
</controller>
<controller type='virtio-serial' index='0'>
<address type='pci' domain='0x0000' bus='0x03' slot='0x00' function='0x0'/>
</controller>
<filesystem type='mount' accessmode='passthrough'>
<driver type='virtiofs' queue='1024'/>
<binary path='/run/current-system/sw/bin/virtiofsd' xattr='on'>
<cache mode='always'/>
</binary>
<source dir='/media/libvirt/viofs'/>
<target dir='vfio-fs'/>
<address type='pci' domain='0x0000' bus='0x04' slot='0x00' function='0x0'/>
</filesystem>
<interface type='network'>
<mac address='52:54:00:f9:d0:37'/>
<source network='default'/>
<model type='virtio'/>
<address type='pci' domain='0x0000' bus='0x01' slot='0x00' function='0x0'/>
</interface>
<serial type='pty'>
<target type='isa-serial' port='0'>
<model name='isa-serial'/>
</target>
</serial>
<console type='pty'>
<target type='serial' port='0'/>
</console>
<channel type='spicevmc'>
<target type='virtio' name='com.redhat.spice.0'/>
<address type='virtio-serial' controller='0' bus='0' port='1'/>
</channel>
<input type='tablet' bus='usb'>
<address type='usb' bus='0' port='1'/>
</input>
<input type='mouse' bus='ps2'/>
<input type='keyboard' bus='ps2'/>
<graphics type='spice' autoport='yes'>
<listen type='address'/>
<image compression='off'/>
</graphics>
<sound model='ich9'>
<address type='pci' domain='0x0000' bus='0x00' slot='0x1b' function='0x0'/>
</sound>
<audio id='1' type='spice'/>
<video>
<model type='qxl' ram='65536' vram='65536' vgamem='16384' heads='1' primary='yes'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x01' function='0x0'/>
</video>
<redirdev bus='usb' type='spicevmc'>
<address type='usb' bus='0' port='2'/>
</redirdev>
<redirdev bus='usb' type='spicevmc'>
<address type='usb' bus='0' port='3'/>
</redirdev>
<watchdog model='itco' action='reset'/>
<memballoon model='virtio'>
<address type='pci' domain='0x0000' bus='0x06' slot='0x00' function='0x0'/>
</memballoon>
</devices>
</domain>

17
machines/Arch-Builder-VM/autoinstall.nix
View File

@ -1,17 +0,0 @@
{ ... }: {
autoinstall.Arch-Builder-VM = {
mainuser = "ataraxia";
flakesPath = "/home/nixos/nixos-config";
partitioning.useEntireDisk = true;
partitioning.disk = "/dev/disk/by-id/ata-QEMU_HARDDISK_QM00003";
partitioning.nullifyDisk = false;
partitioning.createBootPool = true;
swapPartition.enable = true;
swapPartition.size = "2GiB";
efiMountPoint = "/efi";
bootSize = "512MiB";
efiSize = "128MiB";
zfsOpts.ashift = 13;
persist.enable = false;
};
}

122
machines/Arch-Builder-VM/default.nix
View File

@ -1,122 +0,0 @@
{ inputs, config, lib, pkgs, ... }: {
imports = with inputs.self; [ ./hardware-configuration.nix ];
options = {
device = lib.mkOption { type = lib.types.str; };
mainuser = lib.mkOption { type = lib.types.str; };
};
config = let
zfs_arc_max = toString (1 * 1024 * 1024 * 1024);
in {
networking.wireless.enable = false;
networking.networkmanager.enable = false;
networking.hostName = config.device;
documentation.nixos.enable = lib.mkForce false;
programs.command-not-found.enable = lib.mkForce false;
xdg.autostart.enable = lib.mkForce false;
xdg.icons.enable = lib.mkForce false;
xdg.mime.enable = lib.mkForce false;
xdg.sounds.enable = lib.mkForce false;
services.udisks2.enable = lib.mkForce false;
nix.optimise.automatic = false;
fonts.enableDefaultPackages = lib.mkForce false;
fonts.packages = [ (pkgs.nerdfonts.override { fonts = [ "FiraCode" "VictorMono" ]; }) ];
security.polkit.enable = true;
boot = {
kernelParams = [
"zswap.enabled=0" "quiet" "scsi_mod.use_blk_mq=1"
"zfs.metaslab_lba_weighting_enabled=0"
"zfs.zfs_arc_max=${zfs_arc_max}"
];
kernelPackages = config.boot.zfs.package.latestCompatibleLinuxPackages;
cleanTmpDir = true;
zfs.forceImportAll = false;
initrd.supportedFilesystems = [ "zfs" ];
loader = {
grub = {
enable = true;
device = "nodev";
copyKernels = true;
efiSupport = true;
useOSProber = false;
zfsSupport = true;
};
efi.canTouchEfiVariables = true;
efi.efiSysMountPoint = "/efi";
generationsDir.copyKernels = true;
};
tmp.useTmpfs = true;
tmp.tmpfsSize = "16G";
};
zramSwap = {
enable = true;
algorithm = "zstd";
memoryPercent = 150;
};
environment.systemPackages = with pkgs; [
git kitty bat micro bottom nix-index-update pwgen comma
];
nix = {
nixPath = lib.mkForce [ "self=/etc/self/compat" "nixpkgs=/etc/nixpkgs" ];
registry.self.flake = inputs.self;
registry.nixpkgs.flake = inputs.nixpkgs;
extraOptions = ''
experimental-features = nix-command flakes
flake-registry = ${inputs.flake-registry}/flake-registry.json
'';
};
environment.etc.nixpkgs.source = inputs.nixpkgs;
environment.etc.self.source = inputs.self;
services.openssh = {
enable = true;
settings.PasswordAuthentication = false;
settings.PermitRootLogin = lib.mkForce "without-password";
settings.X11Forwarding = false;
extraConfig = "StreamLocalBindUnlink yes";
ports = [ 22 ];
};
security.apparmor.enable = true;
programs.firejail.enable = true;
users.mutableUsers = false;
users.users.${config.mainuser} = {
isNormalUser = true;
extraGroups = [
"docker"
"kvm"
"libvirtd"
"lxd"
"networkmanager"
"podman"
"qemu-libvirtd"
"systemd-journal"
"wheel"
];
description = "AtaraxiaDev";
uid = 1000;
hashedPassword = "$y$j9T$ZC44T3XYOPapB26cyPsA4.$8wlYEbwXFszC9nrg0vafqBZFLMPabXdhnzlT3DhUit6";
};
systemd.services."user@" = { serviceConfig = { Restart = "always"; }; };
services.getty.autologinUser = config.mainuser;
users.users.${config.mainuser}.openssh.authorizedKeys.keys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC+xd8ClJPvJuAdYC9HlNnjiubEtYfvnKjYr9ROV+UmPVvI3ZITF24OaMI+fxgR0EqGfcUzSGom8528IB53Q3aFMIAaA0vKjW+jrByyB2l/k/+ttpLbH75c9WyOpAcUDTen8BhHKPyXOHoJ1jLu7GFmtPZ+mZo8thFB/VIRrwECHd8DnF0drsSCorkRp1bZC7bAHgztaYHNBUoAVGgJ7nLwW7DotlgbUEDiPJHXOxd/c/ZlXIB/cfUUqF+L5ThbMPhMcwRMspLy+nQdmHhih9k6SkvYqJoNqHT5/XeShb0RkIzvUWT2CYTPop5kAY5mMnatVTOY1FZPhHzk3G8MhOQ3r/elM/ecZxmjL8uozMN9kRGf1IL4DgQZfVqQRILdNSQGb0tfeiyirNZe1RlDw9UvMnZJOw0EkiC9lSSRhBWXXxAmxRrbNFTPQSp+/kiIGDmp2AsGhD11CfTDEU3wcLEUPBUqp1FYSzHncJyEKGy2Dpa5xaUJ0cuyGL4W3WHDXa4sTfY+AIXbQTD88Ujdsbfzyd6lrikG4D/crCurXissrh7q9DuYKWRI24cp5bw9lG33U1EXisnZqFyZNwMAmSj2QEGsHCwSevn0FgyRa2WYXgpZ9hfgY4le+ZSMo2JTosQ6DjGyxMDyQAHJ/ismTTzL67Q2p6U+73toYm62Qqdspw== (none)"
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDP0/DReYSAfkucroMTdELzTORsGhhbEa+W0FDFBnwViHuoqoKvetCOkW657icexc5v/j6Ghy3+Li9twbHnEDzUJVtNtauhGMjOcUYt6pTbeJ09CGSAh+orxzeY4vXp7ANb91xW8yRn/EE4ALxqbLsc/D7TUMl11fmf0UW+kLgU5TcUYVSLMjQqBpD1Lo7lXLrImloDxe5fwoBDT09E59r9tq6+/3aHz8mpKRLsIQIV0Av00BRJ+/OVmZuBd9WS35rfkpUYmpEVInSJy3G4O6kCvY/zc9Bnh67l4kALZZ0+6W23kBGrzaRfaOtCEcscwfIu+6GXiHOL33rrMNNinF0T2942jGc18feL6P/LZCzqz8bGdFNxT43jAGPeDDcrJEWAJZFO3vVTP65dTRTHQG2KlQMzS7tcif6YUlY2JLJIb61ZfLoShH/ini/tqsGT0Be1f3ndOFt48h4XMW1oIF+EXaHYeO2UJ6855m8Wpxs4bP/jX6vMV38IvvnHy4tWD50= alukard@AMD-Workstation"
];
users.users.root.openssh.authorizedKeys.keys =
config.users.users.nixos.openssh.authorizedKeys.keys;
system.stateVersion = "22.11";
};
}

1
machines/Arch-Builder-VM/system
View File

@ -1 +0,0 @@
aarch64-linux

17
machines/Dell-Laptop/default.nix
View File

@ -8,20 +8,9 @@
];
deviceSpecific.devInfo = {
cpu = {
vendor = "intel";
clock = 1600;
cores = 8;
};
drive = {
type = "ssd";
speed = 2000;
size = 250;
};
gpu = {
vendor = "intel";
};
bigScreen = false;
cpu.vendor = "intel";
drive.type = "ssd";
gpu.vendor = "intel";
ram = 16;
fileSystem = "zfs";
};

18
machines/Home-Hypervisor/boot.nix
View File

@ -22,31 +22,13 @@ in {
# # '';
};
initrd = {
# kernelModules = [
# "mmc_core" "mmc_block" "sdhci" "sdhci-pci"
# "vfat" "nls_cp437" "nls_iso8859_1"
# ];
# postDeviceCommands = let
# SDUUID = "E54A-5461";
# in pkgs.lib.mkBefore ''
# mkdir -m 0755 -p /key
# sleep 2 # To make sure the usb key has been loaded
# mount -n -t vfat -o ro `findfs UUID=${SDUUID}` /key
# '';
# availableKernelModules = [ "tg3" ]; # for dell-laptop
# postMountCommands = ''
# '';
luks.devices = {
"cryptboot" = {
# preLVM = false;
preLVM = true;
# keyFile = "/key/keyfile0";
keyFile = "/keyfile0.bin";
allowDiscards = true;
bypassWorkqueues = config.deviceSpecific.isSSD;
fallbackToPassword = true;
# postOpenCommands = "";
# preOpenCommands = "";
};
"cryptroot" = {
preLVM = true;

40
machines/Home-Hypervisor/default.nix
View File

@ -50,23 +50,14 @@ in {
];
deviceSpecific.devInfo = {
cpu = {
vendor = "intel";
clock = 2300;
cores = 4;
};
drive = {
type = "ssd";
speed = 500;
size = 500;
};
gpu = { vendor = "other"; };
bigScreen = false;
cpu.vendor = "intel";
drive.type = "ssd";
gpu.vendor = "other";
ram = 12;
fileSystem = "zfs";
};
deviceSpecific.enableVirtualisation = true;
deviceSpecific.vpn.mullvad.enable = false;
deviceSpecific.vpn.tailscale.enable = true;
deviceSpecific.isServer = true;
zramSwap = {
@ -75,15 +66,12 @@ in {
memoryPercent = 150;
};
services.tailscale.enable = true;
services.tailscale.useRoutingFeatures = "client";
# Impermanence
persist = {
enable = true;
cache.clean.enable = true;
state = {
files = [ "/etc/machine-id" ];
directories = [ "/var/lib/tailscale" ];
};
};
fileSystems."/home".neededForBoot = true;
@ -111,7 +99,6 @@ in {
[ (pkgs.nerdfonts.override { fonts = [ "FiraCode" "VictorMono" ]; }) ];
security.polkit.enable = true;
# security.pam.enableSSHAgentAuth = true;
services.zfs = {
autoScrub.enable = true;
@ -142,29 +129,19 @@ in {
}];
};
networking.extraHosts = ''
127.0.0.1 auth.ataraxiadev.com
127.0.0.1 code.ataraxiadev.com
127.0.0.1 cache.ataraxiadev.com
127.0.0.1 s3.ataraxiadev.com
'';
# networking.proxy.default = "http://127.0.0.1:3128";
nix.optimise.automatic = false;
services.logind.lidSwitch = "lock";
services.logind.lidSwitchDocked = "lock";
services.logind.lidSwitchExternalPower = "lock";
services.timesyncd.enable = lib.mkForce false;
services.openntpd.enable = true;
networking.timeServers = [
"0.ru.pool.ntp.org"
"1.ru.pool.ntp.org"
"2.ru.pool.ntp.org"
"3.ru.pool.ntp.org"
"0.europe.pool.ntp.org"
"1.europe.pool.ntp.org"
"2.europe.pool.ntp.org"
"3.europe.pool.ntp.org"
] ++ options.networking.timeServers.default;
systemd.services.systemd-timesyncd.wantedBy = [ "multi-user.target" ];
systemd.timers.systemd-timesyncd = { timerConfig.OnCalendar = "hourly"; };
home-manager.users.${config.mainuser} = {
home.file.".config/libvirt/libvirt.conf".text = ''
@ -185,6 +162,7 @@ in {
rclone
repgrep
restic
rsync
rustic-rs
smartmontools
];

2
machines/Home-Hypervisor/virtualisation.nix
View File

@ -10,7 +10,6 @@
enable = true;
extraPackages = [ pkgs.zfs ];
dockerSocket.enable = true;
# defaultNetwork.settings.dns_enabled = true;
};
containers.registries.search = [
"docker.io" "gcr.io" "quay.io"
@ -42,7 +41,6 @@
ovmf.enable = true;
ovmf.packages = [
pkgs.OVMFFull.fd
# pkgs.pkgsCross.aarch64-multiplatform.OVMF.fd
];
runAsRoot = false;
};

12
machines/NixOS-VPS/default.nix
View File

@ -145,11 +145,11 @@
];
# Locale
i18n.defaultLocale = "en_GB.UTF-8";
i18n.defaultLocale = "en_US.UTF-8";
i18n.extraLocaleSettings = {
LANGUAGE = "en_GB.UTF-8";
LC_ALL = "en_GB.UTF-8";
LC_TIME = "en_GB.UTF-8";
LANGUAGE = "en_US.UTF-8";
LC_ALL = "en_US.UTF-8";
LC_TIME = "en_US.UTF-8";
LC_ADDRESS = "ru_RU.UTF-8";
LC_MONETARY = "ru_RU.UTF-8";
LC_PAPER = "ru_RU.UTF-8";
@ -158,8 +158,8 @@
environment.sessionVariables = {
XKB_DEFAULT_LAYOUT = "us,ru";
XKB_DEFAULT_OPTIONS = "grp:win_space_toggle";
LANGUAGE = "en_GB.UTF-8";
LC_ALL = "en_GB.UTF-8";
LANGUAGE = "en_US.UTF-8";
LC_ALL = "en_US.UTF-8";
};
# Hardened

0
modules/libvirt-guests/default.nix → modules/libvirt-guests.nix
View File

3
modules/passthrough/default.nix
View File

@ -1,3 +0,0 @@
{
imports = [ ./virtualisation.nix ./vfio.nix ];
}

95
modules/passthrough/vfio.nix
View File

@ -1,95 +0,0 @@
{ lib, pkgs, config, ... }:
with lib;
let
cfg = config.virtualisation.vfio;
cfg-libvirtd = config.virtualisation.libvirtd;
boolToZeroOne = x: if x then "1" else "0";
aclString = with lib.strings;
concatMapStringsSep ''
,
'' escapeNixString cfg.deviceACL;
in {
options.virtualisation = {
vfio = {
enable = mkEnableOption "VFIO Configuration";
IOMMUType = mkOption {
type = types.enum [ "intel" "amd" ];
example = "intel";
description = "Type of the IOMMU used";
};
devices = mkOption {
type = types.listOf (types.strMatching "[0-9a-f]{4}:[0-9a-f]{4}");
default = [ ];
example = [ "10de:1b80" "10de:10f0" ];
description = "PCI IDs of devices to bind to vfio-pci";
};
disableEFIfb = mkOption {
type = types.bool;
default = false;
example = true;
description = "Disables the usage of the EFI framebuffer on boot.";
};
blacklistNvidia = mkOption {
type = types.bool;
default = false;
description = "Add Nvidia GPU modules to blacklist";
};
ignoreMSRs = mkOption {
type = types.bool;
default = false;
example = true;
description =
"Enables or disables kvm guest access to model-specific registers";
};
};
libvirtd = {
deviceACL = mkOption {
type = types.listOf types.str;
default = [ ];
};
clearEmulationCapabilities = mkOption {
type = types.bool;
default = true;
};
};
};
config = lib.mkIf cfg.enable {
services.udev.extraRules = ''
SUBSYSTEM=="vfio", OWNER="root", GROUP="kvm"
'';
boot.kernelParams = (if cfg.IOMMUType == "intel" then [
"intel_iommu=on"
"intel_iommu=igfx_off"
] else [ "amd_iommu=on" ])
++ (optional (builtins.length cfg.devices > 0)
("vfio-pci.ids=" + builtins.concatStringsSep "," cfg.devices))
++ (optionals cfg.applyACSpatch [
"pcie_acs_override=downstream,multifunction"
"pci=nomsi"
]) ++ (optional cfg.disableEFIfb "video=efifb:off")
++ (optionals cfg.ignoreMSRs [
"kvm.ignore_msrs=1"
"kvm.report_ignored_msrs=0"
]);
boot.kernelModules = [ "vfio_virqfd" "vfio_pci" "vfio_iommu_type1" "vfio" ];
boot.initrd.kernelModules =
[ "vfio_virqfd" "vfio_pci" "vfio_iommu_type1" "vfio" ];
boot.blacklistedKernelModules =
optionals cfg.blacklistNvidia [ "nvidia" "nouveau" ];
users.users."qemu-libvirtd" = {
extraGroups = optionals (!cfg-libvirtd.qemu.runAsRoot) [ "kvm" "input" ];
};
virtualisation.libvirtd.qemu.verbatimConfig = ''
clear_emulation_capabilities = ${
boolToZeroOne cfg-libvirtd.clearEmulationCapabilities
}
cgroup_device_acl = [
${aclString}
]
'';
};
}

66
modules/passthrough/virtualisation.nix
View File

@ -1,66 +0,0 @@
{ lib, pkgs, config, ... }:
with lib;
let
cfg = config.virtualisation;
tmpfileEntry = name: f: "f /dev/shm/${name} ${f.mode} ${f.user} ${f.group} -";
in {
options.virtualisation = {
sharedMemoryFiles = mkOption {
type = types.attrsOf (types.submodule ({ name, ... }: {
options = {
name = mkOption {
visible = false;
default = name;
type = types.str;
};
user = mkOption {
type = types.str;
default = "root";
description = "Owner of the memory file";
};
group = mkOption {
type = types.str;
default = "root";
description = "Group of the memory file";
};
mode = mkOption {
type = types.str;
default = "0600";
description = "Group of the memory file";
};
};
}));
default = { };
};
hugepages = {
enable = mkEnableOption "Hugepages";
defaultPageSize = mkOption {
type = types.strMatching "[0-9]*[kKmMgG]";
default = "1M";
description =
"Default size of huge pages. You can use suffixes K, M, and G to specify KB, MB, and GB.";
};
pageSize = mkOption {
type = types.strMatching "[0-9]*[kKmMgG]";
default = "1M";
description =
"Size of huge pages that are allocated at boot. You can use suffixes K, M, and G to specify KB, MB, and GB.";
};
numPages = mkOption {
type = types.ints.positive;
default = 1;
description = "Number of huge pages to allocate at boot.";
};
};
};
config.systemd.tmpfiles.rules =
mapAttrsToList tmpfileEntry cfg.sharedMemoryFiles;
config.boot.kernelParams = optionals cfg.hugepages.enable [
"default_hugepagesz=${cfg.hugepages.defaultPageSize}"
"hugepagesz=${cfg.hugepages.pageSize}"
"hugepages=${toString cfg.hugepages.numPages}"
];
}

126
modules/seadrive.nix
View File

@ -1,126 +0,0 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.services.seadrive;
format = pkgs.formats.ini { };
settings = {
account = {
server = cfg.settings.server;
username = cfg.settings.username;
token = "#token#";
is_pro = cfg.settings.isPro;
};
general = {
client_name = cfg.settings.clientName;
};
cache = {
size_limit = cfg.settings.sizeLimit;
clean_cache_interval = cfg.settings.cleanCacheInterval;
};
};
configFile = format.generate "seadrive.conf" settings;
startScript = pkgs.writeShellScript "start-seadrive" ''
token=$(head -n1 ${cfg.settings.tokenFile})
cp -f ${configFile} ${cfg.stateDir}/seadrive.conf
sed -e "s,#token#,$token,g" -i "${cfg.stateDir}/seadrive.conf"
chmod 440 "${cfg.stateDir}/seadrive.conf"
mkdir -p ${cfg.mountPoint} || true
${cfg.package}/bin/seadrive -c ${cfg.stateDir}/seadrive.conf -f -d ${cfg.stateDir}/data -l ${cfg.stateDir}/logs ${cfg.mountPoint}
'';
in {
options.services.seadrive = {
enable = mkEnableOption "Seadrive";
settings = mkOption {
default = { };
description = lib.mdDoc ''
'';
type = types.submodule {
freeformType = format.type;
options = {
server = mkOption {
type = types.str;
default = "";
description = lib.mdDoc "";
};
username = mkOption {
type = types.str;
default = "";
description = lib.mdDoc "";
};
tokenFile = mkOption {
type = types.str;
default = "";
description = lib.mdDoc "";
};
isPro = mkOption {
type = types.bool;
default = false;
description = lib.mdDoc "";
};
clientName = mkOption {
type = types.str;
default = config.networking.hostName;
description = lib.mdDoc "";
};
sizeLimit = mkOption {
type = types.str;
default = "10GB";
description = lib.mdDoc "";
};
cleanCacheInterval = mkOption {
type = types.int;
default = 10;
description = lib.mdDoc "";
};
};
};
};
package = mkOption {
type = types.package;
description = lib.mdDoc "Which package to use for the seadrive.";
default = pkgs.seadrive-fuse;
defaultText = literalExpression "pkgs.seadrive-fuse";
};
mountPoint = mkOption {
type = types.str;
default = "/media/seadrive";
description = lib.mdDoc "";
};
stateDir = mkOption {
type = types.str;
default = "~/.seadrive";
description = lib.mdDoc "";
};
};
config = mkIf cfg.enable {
systemd.user.services.seadrive = rec {
serviceConfig.ExecStart = startScript;
after = [ "seadrive-mkdir.service" ];
wants = after;
wantedBy = [ "default.target" ];
};
systemd.services.seadrive-mkdir = rec {
serviceConfig.Type = "oneshot";
script = ''
mkdir -p ${cfg.mountPoint} > /dev/null 2>&1
chown ${config.mainuser}:users ${cfg.mountPoint} > /dev/null 2>&1
'';
after = [ "network-online.target" ];
wants = after;
wantedBy = [ "default.target" ];
};
};
}

30
patches/269584.patch
View File

@ -1,30 +0,0 @@
From 369c508fae6ab9909c943e5e078e524ea58cb227 Mon Sep 17 00:00:00 2001
From: Sascha Grunert <sgrunert@redhat.com>
Date: Fri, 24 Nov 2023 08:59:05 +0100
Subject: [PATCH] crun: 1.11.1 -> 1.12
Signed-off-by: Sascha Grunert <sgrunert@redhat.com>
---
pkgs/applications/virtualization/crun/default.nix | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/pkgs/applications/virtualization/crun/default.nix b/pkgs/applications/virtualization/crun/default.nix
index 77c36d3f81c069..6b513dae9e1e92 100644
--- a/pkgs/applications/virtualization/crun/default.nix
+++ b/pkgs/applications/virtualization/crun/default.nix
@@ -39,13 +39,13 @@ let
in
stdenv.mkDerivation rec {
pname = "crun";
- version = "1.11.1";
+ version = "1.12";
src = fetchFromGitHub {
owner = "containers";
repo = pname;
rev = version;
- hash = "sha256-D4Y+n/6R2v3U/BhYQitsHd6ckda1vfAzciFbTM/1J80=";
+ hash = "sha256-61E/71axlN5H1KpAkWFm7jOETlmmy2qh7R+JrVZlMIQ=";
fetchSubmodules = true;
};

1
profiles/bluetooth.nix
View File

@ -3,7 +3,6 @@
services.blueman.enable = true;
hardware.bluetooth = {
enable = true;
# package = pkgs.bluez;
settings = {
General = { Experimental = true; };
};

24
profiles/network.nix
View File

@ -1,35 +1,11 @@
{ pkgs, lib, config, ... }:
with config.deviceSpecific;
{
networking = {
networkmanager.enable = true;
# wireless = {
# # enable = isLaptop;
# interfaces = lib.mkIf (config.device == "Dell-Laptop") [
# "wlo1"
# ];
# networks.Alukard_5GHz = {
# pskRaw = "feee27000fb0d7118d498d4d867416d04d1d9a1a7b5dbdbd888060bbde816fe4";
# priority = 1;
# };
# networks.Alukard.pskRaw =
# "5ef5fe07c1f062e4653fce9fe138cc952c20e284ae1ca50babf9089b5cba3a5a";
# networks.AlukardAP_5GHz = {
# pskRaw = "d1733d7648467a8a9cae9880ef10a2ca934498514b4da13b53f236d7c68b8317";
# priority = 1;
# };
# networks.AlukardAP.pskRaw = "b8adc07cf1a9c7a7a5946c2645283b27ab91a8af4c065e5f9cde03ed1815811c";
# };
# networks.SladkiySon.pskRaw =
# "86b1c8c60d3e99145bfe90e0af9bf552540d34606bb0d00b314f5b5960e46496";
# userControlled.enable = true;
# };
firewall = {
enable = true;
allowPing = true;
};
usePredictableInterfaceNames = true;
hostName = config.device;
};

13
profiles/nix/default.nix
View File

@ -46,19 +46,6 @@
trusted-users = [ "root" config.mainuser "deploy" "@wheel" ];
use-xdg-base-directories = true;
};
buildMachines = [
{
hostName = "nix-builder";
maxJobs = 8;
sshUser = "ataraxia";
sshKey = config.secrets.ssh-builder.decrypted;
systems = [ "x86_64-linux" "i686-linux" "aarch64-linux" ];
supportedFeatures = [ "nixos-test" "benchmark" "big-parallel" "kvm" ];
}
];
distributedBuilds = lib.mkIf (config.device != "AMD-Workstation") true;
};
environment.etc.nixpkgs.source = inputs.nixpkgs;

1
profiles/security/user.nix
View File

@ -27,7 +27,6 @@
"systemd-journal"
"smbuser"
"video"
# "wheel" # remove?
];
description = "AtaraxiaDev";
uid = 1000;

4
profiles/sound/default.nix
View File

@ -1,10 +1,6 @@
{ config, lib, pkgs, ... }: {
# sound.enable = true;
imports = [
./pipewire.nix
./easyeffects
];
}

46
profiles/sound/pipewire.nix
View File

@ -6,43 +6,6 @@
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
# TODO: create drop-in files in /etc/pipewire/pipewire.conf.d/
# config.pipewire-pulse = {
# "context.modules" = [
# {
# "name" = "libpipewire-module-rtkit";
# "args" = {};
# "flags" = [
# "ifexists"
# "nofail"
# ];
# }
# {
# "name" = "libpipewire-module-protocol-native";
# }
# {
# "name" = "libpipewire-module-client-node";
# }
# {
# "name" = "libpipewire-module-adapter";
# }
# {
# "name" = "libpipewire-module-metadata";
# }
# {
# "name" = "libpipewire-module-protocol-pulse";
# "args" = {
# "server.address" = [
# "unix:native"
# "tcp:127.0.0.1:8888" # IPv4 on a single address
# ];
# "vm.overrides" = {
# "pulse.min.quantum" = "1024/48000";
# };
# };
# }
# ];
# };
};
environment.etc = {
@ -58,15 +21,6 @@
};
home-manager.users.${config.mainuser} = {
xdg.configFile."wireplumber/bluetooth.lua.d/51-bluez-config.lua".text = ''
bluez_monitor.properties = {
["bluez5.enable-sbc-xq"] = true,
["bluez5.enable-msbc"] = true,
["bluez5.hw-volume"] = "[ hfp_ag hsp_ag a2dp_source a2dp_sink ]",
["bluez5.headset-roles"] = "[ hsp_hs hsp_ag hfp_hf hfp_ag a2dp_sink ]",
["bluez5.reconnect-profiles"] = "[ hsp_hs hfp_hf a2dp_sink ]",
}
'';
home.packages = [ pkgs.pavucontrol pkgs.pulseaudio ];
};

10
profiles/workspace/copyq.nix
View File

@ -1,10 +0,0 @@
{ config, pkgs, ... }: {
environment.systemPackages = [ pkgs.copyq ];
home-manager.users.${config.mainuser} = {
wayland.windowManager.hyprland.extraConfig = ''
windowrule=float,title=(.*CopyQ)
'';
};
startupApplications = [ "${pkgs.copyq}/bin/copyq" ];
persist.state.homeDirectories = [ ".config/copyq" ];
}

4
profiles/workspace/git.nix
View File

@ -9,13 +9,13 @@
signByDefault = true;
key = "922DA6E758A0FE4CFAB4E4B2FD266B810DF48DF2";
};
ignores = [ ".envrc" ".direnv" "*~" ".#*" "#*#" ];
ignores = [ ".direnv" "*~" ".#*" "#*#" ];
extraConfig = {
core = {
editor = "code --wait";
};
init = {
defaultBranch = "master";
defaultBranch = "dev";
};
pull.rebase = true;
};

1
profiles/workspace/gpg.nix
View File

@ -14,7 +14,6 @@ with config.deviceSpecific; {
"E6A6377C3D0827C36428A290199FDB3B91414AFE"
];
};
systemd.user.services.gpg-agent = {
Service = {
Environment = lib.mkForce [

18
profiles/workspace/hyprland/default.nix
View File

@ -25,28 +25,36 @@ let
in with config.deviceSpecific; with lib; {
imports = [ inputs.hyprland.nixosModules.default ];
programs.hyprland.enable = true;
programs.ydotool.enable = true;
services.udiskie.enable = !isServer;
services.gammastep = {
enable = !isServer;
latitude = config.location.latitude;
longitude = config.location.longitude;
temperature.day = 6500;
temperature.night = 3000;
};
systemd.user.services.gammastep = {
Install.WantedBy = lib.mkForce [];
};
programs.hyprland.enable = true;
home-manager.users.${config.mainuser} = {
imports = [
inputs.hyprland.homeManagerModules.default
];
home.packages = [ pkgs.wl-clipboard hyprpaper-pkg ];
home.file.".config/hypr/hyprpaper.conf".text = ''
preload = ${/. + ../../../misc/wallpaper.png}
wallpaper = ,${/. + ../../../misc/wallpaper.png}
ipc = off
'';
programs.zsh.loginExtra = lib.mkAfter ''
[[ "$(tty)" == /dev/tty1 ]] && {
pass unlock
exec Hyprland 2> /home/${config.mainuser}/projects/hyprland.debug.log
}
'';
wayland.windowManager.hyprland = {
enable = true;
enableNvidiaPatches = false;

8
profiles/workspace/kde/default.nix
View File

@ -7,18 +7,10 @@ with config.lib.base16.theme; {
qt.enable = false;
environment.sessionVariables = {
# QT_XFT = "true";
# QT_SELECT = "5";
# KDE_SESSION_VERSION = "5";
# QT_SCALE_FACTOR = "1";
# QT_AUTO_SCREEN_SCALE_FACTOR = "0";
# QT_QPA_PLATFORMTHEME = "qt5ct";
KDEDIRS =
"/run/current-system/sw:/run/current-system/sw/share/kservices5:/run/current-system/sw/share/kservicetypes5:/run/current-system/sw/share/kxmlgui5";
};
home-manager.users.${config.mainuser} = {
services.kdeconnect.enable = true;
xdg.configFile."kdeglobals".text = lib.generators.toGitINI {
"Colors:Button" = {
BackgroundAlternate = base01-hex;

14
profiles/workspace/locale.nix
View File

@ -1,10 +1,10 @@
{ pkgs, config, lib, ... }:
with config.deviceSpecific; {
i18n.defaultLocale = "en_GB.UTF-8";
i18n.defaultLocale = "en_US.UTF-8";
i18n.extraLocaleSettings = {
LANGUAGE = "en_GB.UTF-8";
LC_ALL = "en_GB.UTF-8";
LC_TIME = "en_GB.UTF-8";
LANGUAGE = "en_US.UTF-8";
LC_ALL = "en_US.UTF-8";
LC_TIME = "en_US.UTF-8";
LC_ADDRESS = "ru_RU.UTF-8";
LC_MONETARY = "ru_RU.UTF-8";
LC_PAPER = "ru_RU.UTF-8";
@ -13,8 +13,8 @@ with config.deviceSpecific; {
environment.sessionVariables = {
XKB_DEFAULT_LAYOUT = "us,ru";
XKB_DEFAULT_OPTIONS = "grp:win_space_toggle";
LANGUAGE = "en_GB.UTF-8";
LC_ALL = "en_GB.UTF-8";
LANGUAGE = "en_US.UTF-8";
LC_ALL = "en_US.UTF-8";
};
time.timeZone = "Europe/Moscow";
@ -27,7 +27,7 @@ with config.deviceSpecific; {
home-manager.users.${config.mainuser} = {
home.language = let
en = "en_GB.UTF-8";
en = "en_US.UTF-8";
ru = "ru_RU.UTF-8";
in {
address = ru;

24
profiles/workspace/mako.nix
View File

@ -25,30 +25,6 @@
progressColor = "over #${theme.base0B-hex}";
iconPath = "${theme.iconPackage}/share/icons/${theme.iconTheme}";
maxIconSize = 24;
# extraConfig = let
# play = sound:
# "mpv ${pkgs.sound-theme-freedesktop}/share/sounds/freedesktop/stereo/${sound}.oga";
# in ''
# on-notify=exec ${play "message"}
# [app-name=yubikey-touch-detector]
# on-notify=exec ${play "service-login"}
# [app-name=command_complete summary~="✘.*"]
# on-notify=exec ${play "dialog-warning"}
# [app-name=command_complete summary~="✓.*"]
# on-notify=exec ${play "bell"}
# [category=osd]
# on-notify=none
# [mode=do-not-disturb]
# invisible=1
# [mode=do-not-disturb summary="Do not disturb: on"]
# invisible=0
# [mode=concentrate]
# invisible=1
# [mode=concentrate urgency=critical]
# invisible=0
# [mode=concentrate summary="Concentrate mode: on"]
# invisible=0
# '';
};
};
}

13
profiles/workspace/misc.nix
View File

@ -11,7 +11,6 @@ with config.deviceSpecific; {
LIBVIRT_DEFAULT_URI = "qemu:///system";
};
programs.ydotool.enable = true;
services.journald.extraConfig = "Compress=false";
services.gvfs.enable = !isServer;
services.upower.enable = isLaptop;
@ -19,17 +18,7 @@ with config.deviceSpecific; {
home-manager.users.${config.mainuser} = {
news.display = "silent";
systemd.user.startServices = true;
services.udiskie.enable = !isServer;
services.gammastep = {
enable = !isServer;
latitude = config.location.latitude;
longitude = config.location.longitude;
temperature.day = 6500;
temperature.night = 3000;
};
systemd.user.services.gammastep = {
Install.WantedBy = lib.mkForce [];
};
xdg.configFile."nixpkgs/config.nix".text = ''
{ allowUnfree = true; android_sdk.accept_license = true; }
'';

30
profiles/workspace/nix-index.nix
View File

@ -1,25 +1,29 @@
{ config, lib, pkgs, ... }: {
systemd.services = let
service = user: group: {
wantedBy = [ "multi-user.target" ];
wants = [ "network-online.target" ];
after = [ "network-online.target" ];
path = [ pkgs.nix-index-update ];
serviceConfig = {
Type = "oneshot";
ExecStart = lib.getExe pkgs.nix-index-update;
User = user;
Group = group;
};
};
in {
"nix-index-update-root" = service "root" "root";
"nix-index-update-${config.mainuser}" = service config.mainuser "users";
};
home-manager.users.${config.mainuser} = {
programs.nix-index = {
enable = true;
enableZshIntegration = true;
};
home.packages = [
pkgs.nix-index-update
];
# systemd.user.services.nix-index-update = {
# Service = {
# ExecStart = lib.getExe pkgs.nix-index-update;
# Type = "oneshot";
# };
# Unit.After = [ "network.target" ];
# Install.WantedBy = [ "default.target" ];
# };
};
programs.command-not-found.enable = lib.mkForce false;
# FIXME
# persist.derivative.homeDirectories = [ ".cache/nix-index" ];
}

19
profiles/workspace/seadrive.nix
View File

@ -1,19 +0,0 @@
{ config, pkgs, lib, ... }: {
# secrets.seadrive.owner = config.mainuser;
secrets.seadrive-token.owner = config.mainuser;
services.seadrive = {
enable = true;
mountPoint = "/media/seadrive";
stateDir = "~/.config/seadrive";
settings = {
server = "https://file.ataraxiadev.com";
username = "ataraxiadev@ataraxiadev.com";
tokenFile = config.secrets.seadrive-token.decrypted;
isPro = false;
clientName = config.networking.hostName;
sizeLimit = "4GB";
cleanCacheInterval = 10;
};
};
persist.state.homeDirectories = [ ".config/seadrive" ];
}

32
profiles/workspace/ssh.nix
View File

@ -14,18 +14,6 @@ with config.deviceSpecific; {
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDP0/DReYSAfkucroMTdELzTORsGhhbEa+W0FDFBnwViHuoqoKvetCOkW657icexc5v/j6Ghy3+Li9twbHnEDzUJVtNtauhGMjOcUYt6pTbeJ09CGSAh+orxzeY4vXp7ANb91xW8yRn/EE4ALxqbLsc/D7TUMl11fmf0UW+kLgU5TcUYVSLMjQqBpD1Lo7lXLrImloDxe5fwoBDT09E59r9tq6+/3aHz8mpKRLsIQIV0Av00BRJ+/OVmZuBd9WS35rfkpUYmpEVInSJy3G4O6kCvY/zc9Bnh67l4kALZZ0+6W23kBGrzaRfaOtCEcscwfIu+6GXiHOL33rrMNNinF0T2942jGc18feL6P/LZCzqz8bGdFNxT43jAGPeDDcrJEWAJZFO3vVTP65dTRTHQG2KlQMzS7tcif6YUlY2JLJIb61ZfLoShH/ini/tqsGT0Be1f3ndOFt48h4XMW1oIF+EXaHYeO2UJ6855m8Wpxs4bP/jX6vMV38IvvnHy4tWD50= alukard@AMD-Workstation"
];
secrets.ssh-builder = {};
programs.ssh.extraConfig = ''
Host nix-builder
hostname 192.168.0.100
user ataraxia
identitiesOnly yes
identityFile ${config.secrets.ssh-builder.decrypted}
Host hypervisor
hostname 192.168.0.10
user ataraxia
'';
home-manager.users.${config.mainuser} = {
programs.ssh = {
enable = true;
@ -33,26 +21,6 @@ with config.deviceSpecific; {
"*" = {
compression = false;
};
"hypervisor" = {
hostname = "192.168.0.10";
user = config.mainuser;
};
"matrix.pve" = {
hostname = "192.168.0.11";
user = config.mainuser;
};
"nixos.pve" = {
hostname = "192.168.0.12";
user = config.mainuser;
};
"dell.ataraxia" = {
hostname = "192.168.0.101";
user = config.mainuser;
};
"amd.ataraxia" = {
hostname = "192.168.0.100";
user = config.mainuser;
};
};
extraConfig = ''
Match host * exec "gpg-connect-agent UPDATESTARTUPTTY /bye"

15
profiles/workspace/xdg.nix
View File

@ -1,4 +1,10 @@
{ config, pkgs, lib, ... }: {
{ config, pkgs, lib, ... }:
let
dirsToClean = [
"Downloads"
];
olderThanDays = "14";
in {
home-manager.users.${config.mainuser} = {
xdg.enable = true;
xdg.userDirs.enable = true;
@ -8,16 +14,15 @@
systemd.user.services.cleanup-home-dirs = let
home-conf = config.home-manager.users.${config.mainuser};
days = "30";
folders = map (x: home-conf.home.homeDirectory + "/" + x) [ "Downloads" ];
directories = map (x: home-conf.home.homeDirectory + "/" + x) dirsToClean;
in {
serviceConfig.Type = "oneshot";
script = ''
${builtins.concatStringsSep "\n" (map (x:
"find ${
lib.escapeShellArg x
} -mtime +${days} -exec rm -rv {} + -depth;")
folders)}
} -mtime +${olderThanDays} -exec rm -rv {} + -depth;")
directories)}
'';
wantedBy = [ "default.target" ];
};

15
profiles/workspace/zsh/default.nix
View File

@ -10,7 +10,6 @@
programs = {
zsh = {
enable = true;
# enableAutosuggestions = true;
enableCompletion = true;
oh-my-zsh = {
enable = true;
@ -61,8 +60,9 @@
"_" = "doas";
"clr" = "clear";
"rcp" = "${pkgs.rsync}/bin/rsync -ah --partial --no-whole-file --info=progress2";
"ncg" = "doas nix-collect-garbage";
"ncgd" = "doas nix-collect-garbage -d";
"rrcp" = "_ ${pkgs.rsync}/bin/rsync -ah --partial --no-whole-file --info=progress2";
"ncg" = "_ nix-collect-garbage";
"ncgd" = "_ nix-collect-garbage -d";
"weather" = "curl wttr.in/Volzhskiy";
"rede" = "systemctl --user start gammastep.service &";
"redd" = "systemctl --user stop gammastep.service &";
@ -75,14 +75,12 @@
"nr" = "nix run";
"e" = "$EDITOR";
"q" = "${pkgs.libqalculate}/bin/qalc";
# "grep" = "${pkgs.ripgrep}/bin/rg";
"man" = "${pkgs.pinfo}/bin/pinfo";
"l" = "${pkgs.eza}/bin/eza -lahgF@ --git --group-directories-first";
"tree" = "${pkgs.eza}/bin/eza -T";
"ltree" = "${pkgs.eza}/bin/eza -lhgFT@ --git";
"atree" = "${pkgs.eza}/bin/eza -aT";
"latree" = "${pkgs.eza}/bin/eza -lahgFT@ --git";
# "gif2webm" = "(){ ${pkgs.ffmpeg.bin}/bin/ffmpeg -i $1 -c:v libvpx-vp9 -crf 20 -b:v 0 $1.webm ;}";
"t" = "${pkgs.translate-shell}/bin/trans";
"steam-gamescope" = "gamescope -b --steam -- steam -pipewire-dmabuf";
};
@ -121,6 +119,13 @@
done
7z a ~/backup/$(basename "$1").7z "$@" -m0=zstd -mx3 -xr@/tmp/7z-exclude.lst
}
gif2webm() {
file="$1"
dir=$(dirname $1)
file="$(basename $file)"
file="''${file%.*}"
ffmpeg -i "$1" -c:v libvpx-vp9 -b:v 0 -crf 30 -an "$dir/$file.webm"
}
XDG_DATA_DIRS=$XDG_DATA_DIRS:$GSETTINGS_SCHEMAS_PATH

1
roles/base.nix
View File

@ -17,6 +17,7 @@
user
ssh
vlock
vpn
zsh
];
}

2
roles/desktop.nix
View File

@ -9,7 +9,6 @@
sound
themes
virtualisation
vpn
alacritty
corectrl
@ -32,7 +31,6 @@
zathura
aria2
copyq
cursor
direnv
fonts

0
ci.sh → scripts/ci.sh
View File

100
secrets/backup-conf.yaml
View File

@ -10,79 +10,59 @@ sops:
lastmodified: "2024-01-19T11:27:22Z"
mac: ENC[AES256_GCM,data:EskxLpbdlrpB5yvUsyzgjoozqwPgDnqPLSkA8WcHmreqR+v1mEM/xY2GAije2TA4Bg7WGSKEBonuapk5hMHtehXy7+9iytdloDNQtXJWAoOy2PLd55E7shUdBVilEAa2mCUz5VDBz9jXMtlW0jv13W4iwXQ9ixKmzaUr/JSpnCk=,iv:t2MBxAtKrMOG/BoBOszkTu+o4bELfmU2cVLbvZK+BZw=,tag:u6E7DZDrC58zbpYf9tqDYA==,type:str]
pgp:
- created_at: "2024-01-19T11:39:40Z"
- created_at: "2024-01-21T14:49:26Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQEMAwcagTG/Fm6AAQf9GHyWG9uFys96UFgblo2g48BkvqjE0E2PCwwXlop1s6Uh
pN7Rpcckfurmx3DaSMXBjIfY2R8M6Wain0Jpf2TzBQ0IdOF4l9p6jakFFXgaWV5a
boW7Fznnido8Zdx5sgMnehKImDM3L/v8eYlD+Eyn94ZCBYbtwCMFfWKtWSAbpl0o
399th+JpHoFvKKTI/wDKjz4jUJqFC5Hks9HOhIKCdz2dlkPLd9UCfeJi5q2p1NV+
3B+MtYIO/Zn3BuFmb1+vky9TL5r3IYkIaqHZuuQGaUBXn1B8sfrGEjvz/ya3+cJ7
i3SXHJ2X2C6kIGXXkYhemaFkVzEF+12eiLsUmG3BItJYATwwqAnVm/HDCY/VKUTd
+dEr2r9C+0oBxEqVO/F4oejqO2nmQnGQCKi1+bhGANmQrwEYbkTBfDYn0bfTDEMl
D5SRIgYZCgp6LnVe9F6Sk9zeDAF4ft3gbg==
=sTEw
hQEMAwcagTG/Fm6AAQf9Fx8EVyhEVBxQJO1BwmTXDcGKoB7jbd2Y5XSzy39OpiXz
0tCidCqp0m3ruL8K+R7sLTMmxsIIwtiu1dJ8BQFMlQ9HGarhQmuYOWzf2I/8nv2p
tMK3sW93NwFs4kWTeh9rKKMb+KCQKGSDYVmvjhxdBQw4VHOJLMAU+AcT35DPR2/e
fYD3s1BKKVJ9QoWB9e6RYYuis2UoBuX5yT3jSfUeyYJwuZ7gVzjH4GQ9fpDYhPJn
Z+qGeEbi7yYWh2KgcI7vw8rOLZvcHtzQGfAaOt4P4lh1yIr+1NkLfq02sDn0+Qd7
FhSi6NQqkBT7dReXY2o3g5Bei3or3/subFUzkZrO99JYAUskAk7Q5VuYCRXCrgx/
zrF2gAdkI3hLUdKtWInJKPgxQ65YAoXCv7qI8cs46fS75FGQ5dRzOjifrBV61rGM
4P0evJNhOvSVve8k/3Tz6ITOwidTptmstA==
=jaPO
-----END PGP MESSAGE-----
fp: ad382d058c964607b7bbf01b071a8131bf166e80
- created_at: "2024-01-19T11:39:40Z"
- created_at: "2024-01-21T14:49:26Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMAyNex7x1cALKAQ/8CNjH5k/sDtgBUm9DCKaIPCL2SYrhXrksrlZDPY+PaPZ4
WaSRYpfYjzyQof8HxhMBSVQXA763HAz2mlq8Y8ySsgVQf5OyWU+xK+aYE/rmz+P4
vzRjI8PYeBqCJ52G2RTpd9ddQsvuoB+U2IJ8dsG3jVKW5JPcwC7O5JU7JIadebRD
TYSZISarvOyOjxP4YO7pYFQxT7BdAIKx0hYGZxfIni40XQrUbOvRUC3D+qzW00tA
bsn3NihF7FJpJmC74T9JTeC21sN5TDbMzSYzDcr5+9m5pQJJtzJkrzb+fz9n10j1
zOr45bay8OeoZHgRsUupAoOC9bxm0ZY2Jju9upv+EDnXL0sCtdYl8qTlty3FOrOd
wCT6IUmJfp6cexSBj6pekiSuPr2xm0Q5FW/gb12fxlVRxpFI6c+ZwZfS4Zwbjsuu
Lpl5SF3Wx4KSMeMhH8MbQWt1ROr7Qr1pnWjKPPIZxZRnuP+L2ldvhan58NOS/3Yn
Hixx+IcA5b5wotLgL8pmu+iItJXMq3TAIoeST9KjAUCS1+YNNOxHG7XM7g45kjMd
icowmFrj1ec9zX8bcm+yaUXX/D9JqO6+fS0GgAUEwxnCu+uu7xYvQLwJmsENo8sn
oJw89ixp8Vlsr2oNPcRXVuY7v1AsoyqFEcmy7wtLMo4gutfPBqPYvs5kclXaemrS
WAHfVCM3M71940Wp6Ti49RcePJy8XZTuPAN7NSHg2KZTbpCcqo2XaBZnfDtYi7+I
iwiSbCovg/aLWjb4xtHEn9RjJARFLpw50UDg5dbk+exU5skeoVvLq+4=
=T51N
-----END PGP MESSAGE-----
fp: d286fd9431753cb455537070235ec7bc757002ca
- created_at: "2024-01-19T11:39:40Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMAzTK+524Lx1AARAAgUzT1i9Jy9IcXPw8ybgJ+/DMyQ9OHfQ+Lykb1ylE7m5n
vVg+AuDLuRYp7Es/Y2jD3K9QKZiPdrcFt99Dd3TVK2FMjnLdLspdJybVl3pquJ9a
oE0pTNLDtoV4lN96BD3CAFvvMvfDOaXyNDUF07k7TsAbibfU6j5QSdXUGaKqSaKp
SPm8sKKD/VDBBPzXt/M0Pv+zHwKjwbpkbE4Sfqc8ArwftEu/yeqxiIWCnpURAeWf
CkdIWFYAPhCKXn+0grGw++oBVPeMHMDrugMSNyzWx4pkNBezbchckRnmOfzQzYYg
Hnxjq+1ozVa+eRJfBrFwY942g6c3SKtkVNOe5ZuSGER8xJbp1zmNVGZnm0Barqkp
wudaBnztd4wPPKdd7XALJDO2KVQJk3uIi6J2dxxTF91qMMupIHKDGwh54OSdqayX
64oh0NRPDk97GezSr254X3NGxcY0t5BMt3TSOoUUOcybxEU/fhiE9KzcUEi1VNzm
unFUGdbNYQrpjTOdKFA4xtY9o97g98yZvYYS8dtxcx2Q4hMla06Y9aRBeMBJe3Um
kIZTonVbwCesP+mJ+lUiXusJcF5Smr6LZvL/E/472nFTsy3+25rLOPQUb6XVKU1h
sjiVRPfhVf30WBxk6BJP94yzJZF2YW8eCRsJ4rmgIN6VeL9oneOXHI2T52DYEgnS
WAGScD1Z7MwCEiMB2Zh1vpJWOBMUAfq3FznHLNxx7fCKaggEM0/qAq4oCRZi0SFL
v/oJUxtWWKpoNicO4KGuHZIr96JhI4P7YcpaT9DKLdy7hkwA7rmr604=
=ARNh
hQIMAzTK+524Lx1AAQ//Z6haefoamhJHaNDYDo+YhWlk7NVz+51P8Z/IO6wOUa3c
EFjuZM47r+x9OgPQgJ5UjrRXE4NjWvFEhWm4+LWmd/q/liwFLHfNAWjmNdKxIM4N
tHEF8Lau3W4X73AXw7f1SC/4+IP3ykhT2M0mDYhg0t8Xdl6Wi9y6T+NcuwOYx+HA
qo/lROX+j2p9KL+p/fZKPh+OMnD83H3LzEQ/NgQ1gP/6BaCwRTLsViJh3G56iWVp
W4DstTj4dLwwbSvdKWuxczG+j9L6YzVpcCToWQLhEaLgpbs1ABoQYDofAvNXNRqN
49MHRmTE400ddXXR1Mtkp19CSk/3Ai7su0tIKu0NFWGAXCSe8+U4t0Z7I/c6d0K8
v1mrahdjkUwEFbJ0nVGOspnkK+yI6mcxI2c8Q1otfNhQLEZ1KBxhf2xLDQJyzPk5
WmlwmbNnuli+WOSTCdz+BcpprjY50osQvSGb6v/3oQpNXQhCOmtrTMfWVh7FOOZ6
Z3ipaYsakO3blyDiigOanjGRnrnJ2k1mn+bualVt5qu+be1QkDfXNVZXfq5X2M/E
mGa0jY0csjT2pfWIIsvu7BPPVzo+fx2fu3QaB7OGU572JIDGYYGKUUJ+YlMXvPLT
3zf4aihmmyq+pl1rydBjAkR/wD+GR2VCAK6cg09amUxYZvgafqkYEHDHA2j6elDS
WAHRfpkn/tLxNhiLASu0YVp4xUAU0Zmj81raIdImBtGUU6wuBVBBjzzueQcCSPNA
ULXHhHI3BrfaqRNUE/t3CSNSo/2Pr9gGP04nhB27kZqHpLEXwWUweZQ=
=6PEl
-----END PGP MESSAGE-----
fp: 20d2e2b90c6aa179585b6b6b34cafb9db82f1d40
- created_at: "2024-01-19T11:39:40Z"
- created_at: "2024-01-21T14:49:26Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMA187ia82lSDGARAAkxgDFQREsA4XDxn1Jm63JxPf4yIyZn0mgqPmGPKOkk9i
SLuRXBGvD+VHAE/e/AZNGzR3B8VBl8ueF6ZFcZHna2SE8wWqFFk+a3VLRZpavj0p
5swfvaveZlOPrKMPlo3EHSLZmOe91DPMD9/5xeez6gNzL3y+HGvcTgpothiBbg4f
FDbxdFL409pKHOhL5g4qzrTvBt6mhTu+h9bd6LRnQzV0XOfIbG2qA8I4ydnYe0sX
DncxkEUk1c/2XpdNVOAl9HrEfjP1Nb3AGNJwqjlSiEUEibYIcXz/AnZ1d1ej0PfO
boi4+wuUmuJY+pn+2CZaVWvGrQsocErB/lsB7C0pxNhZKfyyvf4GuMY191ez2lnW
AP2IEL/tXm7LTEMs0am8fo/+btkmNm2gnta1BNfP2B1BFBQH5YNrB1/ZfzG9K35E
TyIlB6em5ghzAUeiDRqnOPqQkW9hyfjDsxDLjiOTALmX7QOkQ0s37nUI8mVs2MaQ
RMDIjicvvnXz9r6m+X60bpqNPw6y23kc/nB8WNIvWOERuS7nNY2KgI0rfKagNjuj
eoRHVv8YsM4IDJS092PbGzhekrGSQqvrVauPzL6Xdl4rESs/jXVajdyi9CAET14E
ul5SK1ofIuHAf1Jc3siAMg5IxGIx5xJZDC5Q+NfMgqtBfr+jtIfJp8cSOCBfUyPS
WAERvNTcoNGi+bnPcZWcxWesjEZw+3yacUnSZLApbAZa+yNb5lMiXqkeUwYRx5Kg
Lzxc0n+VvwquAI/qVKvwjCKcDcUJolpOy37JVFltq8FcwHv6ArQ8X7E=
=TV0x
hQIMA187ia82lSDGAQ/+M2lwcOdoyCcB2u57IThqM6o31ciA0Qj9DfJnh36pZz4x
XGe+cWCQ9N3mohGUvNxzt+1HDMH/y+VLoOFqVIq7VpdnyDk6hm9dhnIhAWaBPVQR
00OJZm7gNlFiOOsaQdxvPrQ7RE1u2lwm5yoX6SAeVd3fYaDtxdESA7IEylb7N+cz
8Rzkqbt28Up8QApkHUMI3tSHsN98uVuvixEIWZPFVwVPRrozOaR14M+5WIsdBSEz
hL4WzQwhvMfWzAOlUliDQ1U5W5mV2e/bkrAOcJJw0HRzD7q88cqTxNDHCywPOI2D
UUf0sj+evMXNrMTDRw+tqedRLJa+3deWwCLZWZEEpYHOLLZ8P6SF3wC4JVhIZxmD
PWkWyB4DXlOv8zdm+fbUBPMY0Z5bxwaQTrR4oW7zgBXC1Jew1bLBvFg3sZ6OzHoA
W/Ra3TE1Mql45iuqx8sHcpP8SPdRfQmboAnwl+DB/ogTjd+YXN+nTvkcxGUcN1I6
Hln37NX0BxoGXCT0zjcocE11CRcDheTM7knbLimynTDrZOIziWHEySojNfdrKf1z
bhGPopaDUjwqVpwSYWxadht4d1yYK9Ug+jBo8mV0XyMlqHcrYXPc8G0CSm/vq/Rh
ts+KuLlD2oe8saMif8IzEQQem+0QD8W3PdLJFLKOg4hM+bqQWS3I8jIbqF0nH/HS
WAHpZIVfwdC2nkkSymvHdPjVxqv0ylG+/ucBV17zai5K+HYCaDnsz+HwkoIjn+BS
VGI7jQWoT3fY58bWzURoFqNcFWbbqM7NRChKSICTdnZnICu+6oxds+4=
=ODJl
-----END PGP MESSAGE-----
fp: a32018133c7afbfd05d5b2795f3b89af369520c6
unencrypted_suffix: _unencrypted