diff --git a/.gitignore b/.gitignore
index 861c323..640abff 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,8 +1,7 @@
.direnv
.VSCodeCounter
-result
+result*
*.bak
*.qcow2
*.raw
-*.img
-vm-scripts/**
\ No newline at end of file
+*.img
\ No newline at end of file
diff --git a/.sops.yaml b/.sops.yaml
index b8d321a..ecba04c 100644
--- a/.sops.yaml
+++ b/.sops.yaml
@@ -1,6 +1,5 @@
keys:
- &ataraxia ad382d058c964607b7bbf01b071a8131bf166e80
- - &suomi-vps d286fd9431753cb455537070235ec7bc757002ca
- &nixos-vps 20d2e2b90c6aa179585b6b6b34cafb9db82f1d40
- &home-hypervisor a32018133c7afbfd05d5b2795f3b89af369520c6
creation_rules:
@@ -8,14 +7,8 @@ creation_rules:
key_groups:
- pgp:
- *ataraxia
- - *suomi-vps
- *nixos-vps
- *home-hypervisor
- - path_regex: secrets/suomi-vps/[^/]+\.(yaml|json|env|ini)$
- key_groups:
- - pgp:
- - *ataraxia
- - *suomi-vps
- path_regex: secrets/nixos-vps/[^/]+\.(yaml|json|env|ini)$
key_groups:
- pgp:
diff --git a/.vscodeignore b/.vscodeignore
index 70207d7..191aacb 100644
--- a/.vscodeignore
+++ b/.vscodeignore
@@ -1,2 +1,2 @@
-result/**
-result
\ No newline at end of file
+result*
+result*/**
\ No newline at end of file
diff --git a/todo.md b/TODO.md
similarity index 87%
rename from todo.md
rename to TODO.md
index 1dfca5a..50f4cd6 100644
--- a/todo.md
+++ b/TODO.md
@@ -1,14 +1,14 @@
# TODO
+* move some profiles to modules (like vpn.nix)
+* use sops for all occurrences of hashedPassword
+* auto-import gpg keys
+* wait headscale start until authentik
+* auto-login to tailscale for hypervisor
* config qbittorrent
-* telegram theme
-* use theme engine from https://github.com/SenchoPens/base16.nix (?)
* fix waybar config
-* Firejail all the things (maybe not...)
* change writeShellScript and writeShellScriptBin to writeShellApplication
-* add asserts to autoinstall module
* fix mime, fix aria2
-* add updateScript to my packages
* move overlay and packages to root folder
* Change all 'latest' tags in docker container to digest: "statping/statping@sha256:aaaaa"
* or add cmd to all containers: "--pull=newer"
diff --git a/flake.nix b/flake.nix
index 7a7c413..75689f5 100644
--- a/flake.nix
+++ b/flake.nix
@@ -241,17 +241,6 @@
specialArgs = { inherit inputs; };
format = "install-iso";
};
- Flakes-ISO-Aarch64 = nixos-generators.nixosGenerate {
- system = "aarch64-linux";
- modules = [
- (import (./machines/Flakes-ISO))
- { device = "Flakes-ISO"; mainuser = "ataraxia"; }
- ./machines/Arch-Builder-VM/autoinstall.nix
- self.customModules.autoinstall
- ];
- specialArgs = { inherit inputs; };
- format = "install-iso";
- };
};
};
diff --git a/machines/AMD-Workstation/boot.nix b/machines/AMD-Workstation/boot.nix
index bfe38b9..2e85e21 100644
--- a/machines/AMD-Workstation/boot.nix
+++ b/machines/AMD-Workstation/boot.nix
@@ -3,7 +3,7 @@ let
zfs_arc_max = toString (6 * 1024 * 1024 * 1024);
in {
boot = {
- zfs.enableUnstable = false; # For now, unstable zfs will downgrade kernel
+ zfs.enableUnstable = false;
kernelPackages = pkgs.linuxPackages_lqx;
initrd = {
diff --git a/machines/AMD-Workstation/default.nix b/machines/AMD-Workstation/default.nix
index f522020..910fc49 100644
--- a/machines/AMD-Workstation/default.nix
+++ b/machines/AMD-Workstation/default.nix
@@ -4,7 +4,6 @@
./hardware-configuration.nix
customRoles.workstation
- # customProfiles.stable-diffusion
customProfiles.a2ln-server
customProfiles.act
customProfiles.attic
@@ -21,12 +20,6 @@
security.pki.certificateFiles = [ ../../misc/mitmproxy-ca-cert.pem ];
virtualisation.libvirt.guests = {
- win2k22 = {
- autoStart = false;
- user = config.mainuser;
- group = "libvirtd";
- xmlFile = ./vm/win2k22.xml;
- };
win10 = {
autoStart = true;
user = config.mainuser;
@@ -39,44 +32,15 @@
group = "libvirtd";
xmlFile = ./vm/win10-server.xml;
};
- fedora-build = {
- autoStart = false;
- user = config.mainuser;
- group = "libvirtd";
- uefi = true;
- memory = 32 * 1024;
- sharedMemory = true;
- cpu = { cores = 6; threads = 2; };
- devices = {
- disks = [
- { diskFile = "/media/libvirt/images/fedora-build.qcow2"; targetName = "vda"; }
- { diskFile = "/media/libvirt/images/android-zfs.qcow2"; targetName = "sda"; bus = "scsi"; }
- ];
- network.macAddress = "52:54:00:f7:be:ef";
- };
- };
};
deviceSpecific.devInfo = {
- cpu = {
- vendor = "amd";
- clock = 3700;
- cores = 12;
- };
- drive = {
- type = "ssd";
- speed = 6000;
- size = 1000;
- };
- gpu = {
- vendor = "amd";
- };
- bigScreen = true;
+ cpu.vendor = "amd";
+ drive.type = "ssd";
+ gpu.vendor = "amd";
ram = 48;
fileSystem = "zfs";
};
- deviceSpecific.isHost = true;
- deviceSpecific.isShared = false;
deviceSpecific.isGaming = true;
deviceSpecific.enableVirtualisation = true;
# VPN
@@ -84,17 +48,13 @@
secrets.wg-ataraxia.services = [ "wg-quick-wg0.service" ];
networking.wg-quick.interfaces.wg0.autostart = false;
networking.wg-quick.interfaces.wg0.configFile = config.secrets.wg-ataraxia.decrypted;
-
- hardware.firmware = [ pkgs.rtl8761b-firmware ];
- programs.nix-ld.enable = true;
-
+ # Mount
secrets.files-veracrypt = { };
environment.etc.crypttab = {
text = ''
files-veracrypt /dev/disk/by-partuuid/15fa11a1-a6d8-4962-9c03-74b209d7c46a /var/secrets/files-veracrypt tcrypt-veracrypt
'';
};
-
fileSystems = {
"/media/win-sys" = {
fsType = "ntfs";
@@ -117,10 +77,10 @@
};
powerManagement.cpuFreqGovernor = "schedutil";
-
+ hardware.firmware = [ pkgs.rtl8761b-firmware ];
services.openssh.settings.PermitRootLogin = lib.mkForce "without-password";
services.ratbagd.enable = true;
-
+ # Networking
networking.firewall.allowedTCPPorts = [ 8000 5900 52736 ];
networking.nameservers = [ "192.168.0.1" ];
networking.defaultGateway = "192.168.0.1";
@@ -133,6 +93,7 @@
}];
};
+ programs.nix-ld.enable = true;
home-manager.users.${config.mainuser} = {
home.packages = [
inputs.nixos-generators.packages.${pkgs.hostPlatform.system}.nixos-generate
diff --git a/machines/AMD-Workstation/passthrough/default.nix b/machines/AMD-Workstation/passthrough/default.nix
deleted file mode 100644
index 5870cee..0000000
--- a/machines/AMD-Workstation/passthrough/default.nix
+++ /dev/null
@@ -1,35 +0,0 @@
-{ config, ... }: {
-systemd.services.libvirtd = {
- path = let
- env = pkgs.buildEnv {
- name = "qemu-hook-env";
- paths = with pkgs; [
- libvirt bash util-linux pciutils ripgrep
- procps coreutils systemd kmod gawk
- ];
- };
- in [ env ];
- };
-
- system.activationScripts.libvirt-hooks.text = ''
- ln -Tfs /etc/libvirt/hooks /var/lib/libvirt/hooks
- ln -Tfs /etc/libvirt/vgabios /var/lib/libvirt/vgabios
- '';
-
- environment.etc = {
- "libvirt/hooks/qemu".source = ./passthrough/qemu;
- "libvirt/hooks/qemu.d/win10/vfio-script.sh".source = ./passthrough/vfio-script.sh;
- "libvirt/vgabios/navi22.rom".source = ./passthrough/navi22.rom;
- };
-
- systemd.services.hyprland-logout = {
- script = "hyprctl dispatch exit";
- serviceConfig = {
- Type = "oneshot";
- User = config.mainuser;
- };
- path = [
- config.home-manager.users.${config.mainuser}.wayland.windowManager.hyprland.package
- ];
- };
-}
\ No newline at end of file
diff --git a/machines/AMD-Workstation/passthrough/navi22.rom b/machines/AMD-Workstation/passthrough/navi22.rom
deleted file mode 100755
index c982648..0000000
Binary files a/machines/AMD-Workstation/passthrough/navi22.rom and /dev/null differ
diff --git a/machines/AMD-Workstation/passthrough/qemu b/machines/AMD-Workstation/passthrough/qemu
deleted file mode 100644
index 19237dd..0000000
--- a/machines/AMD-Workstation/passthrough/qemu
+++ /dev/null
@@ -1,18 +0,0 @@
-#!/bin/bash
-
-OBJECT="$1"
-OPERATION="$2"
-
-if [[ $OBJECT == "win10" ]]; then
- case "$OPERATION" in
- "prepare")
- # systemctl start libvirt-nosleep@"$OBJECT" 2>&1 | tee -a /var/log/libvirt/custom_hooks.log
- /etc/libvirt/hooks/qemu.d/win10/vfio-script.sh start 2>&1 | tee -a /var/log/libvirt/vfio-script.log
- ;;
-
- "release")
- # systemctl stop libvirt-nosleep@"$OBJECT" 2>&1 | tee -a /var/log/libvirt/custom_hooks.log
- /etc/libvirt/hooks/qemu.d/win10/vfio-script.sh stop 2>&1 | tee -a /var/log/libvirt/vfio-script.log
- ;;
- esac
-fi
diff --git a/machines/AMD-Workstation/passthrough/vfio-script.sh b/machines/AMD-Workstation/passthrough/vfio-script.sh
deleted file mode 100644
index 59c2e46..0000000
--- a/machines/AMD-Workstation/passthrough/vfio-script.sh
+++ /dev/null
@@ -1,140 +0,0 @@
-#!/bin/bash
-
-# Helpful to read output when debugging
-#set -x
-
-##------------------------------------------------------------------------
-## Alpha version: 0.4V
-## Author: AM(Tobias Rieper)
-## Last Edit: 08-01-2023
-## Works with AMD GPU with systemd.
-## Note: CPU Pinning is disable by default. Check Read Me To enable it ;-)
-##-------------------------------------------------------------------------
-
-#Variables
-Gen_Vars() {
-NULL="/dev/null"
-#Delays
-Delay_1="1"
-Delay_2="2"
-Delay_3="3"
-Delay_4="4"
-Delay_5="5"
-##
-#Virsh Commands
-PCI="pci_0000_"
-REMOVE="nodedev-detach"
-ADD="nodedev-reattach"
-##
-#Video and Audio
-VIDEO=$(lspci -nn | grep VGA | head -1 | cut -d " " -f1 | tr ":." "_")
-VIDEO1=$(lspci -nn | grep VGA | head -1 | cut -d " " -f1)
-AUDIO=$(lspci -nn | grep "HDMI Audio" | head -1 | cut -d " " -f1 | tr ":." "_")
-AUDIO1=$(lspci -nn | grep "HDMI Audio" | head -1 | cut -d " " -f1)
-##
-#Display Manager
-DM1=$(grep '/usr/s\?bin' /etc/systemd/system/display-manager.service | tr "/" "\n" | tail -1)
-DM2=$(ps auxf | awk '{print $11}' | grep -e "dm" | head -1 | tr "/" "\n" | tail -1)
-##
-#RTC Wake Timer
-TIME="+8sec"
-##
-#CoolDown Delay
-Delay_8="8"
-##
-#Loop Variables
-declare -i Loop
-Loop=1
-declare -i TimeOut
-TimeOut=5
-##
-# Helpful to read output when debugging
-set -x
-}
-Kill_DM() {
- #Just to make sure the session is dead.
- # for i in $(ls /home); do echo $i; killall -u $i;kill -9 $(ps -s -U $i | awk '{print $2}' | grep -Ev "pid");done
- #Fn to Stop The Display Manager
- # systemctl start hyprland-logout
- hyprctl dispatch exittex = (pkgs.texlive.combine {
- inherit (pkgs.texlive) scheme-medium
- # dvisvgm dvipng # for preview and export as html
- luatex latexmk t2 tempora ccaption soul
- float makecell multirow enumitem cyrillic
- babel babel-russian metafont hyphen-russian
- greek-fontenc;
- });
- #Don't Touch this Delay
- sleep $Delay_2
- #Unbinding VT Consoles if currently bound (adapted from https://www.kernel.org/doc/Documentation/fb/fbcon.txt)
- for i in /sys/class/vtconsole/*;
- do
- echo 0 > $i/bind
- done
-}
-
-IF_AMD() {
- if [ "lsmod | grep "amdgpu" &> /dev/null" ]; then
- lsmod | grep amdgpu | cut -d " " -f1 >/tmp/amd-modules
- #Syncing Disk and clearing The Caches(RAM)
- sync; echo 1 > /proc/sys/vm/drop_caches
- #Un-Binding GPU From driver
- sleep $Delay_2
- echo "0000:$VIDEO1" > "/sys/bus/pci/devices/0000:$VIDEO1/driver/unbind"
- echo "0000:$AUDIO1" > "/sys/bus/pci/devices/0000:$AUDIO1/driver/unbind"
- #Waiting for AMD GPU To Fininsh
- while ! (dmesg | grep "amdgpu 0000:$VIDEO1" | tail -5 | grep "amdgpu: finishing device."); do echo "Loop-1"; if [ "$Loop" -le "$TimeOut" ]; then echo "Waiting"; TimeOut+=1; echo "Try: $TimeOut"; sleep 1; else break;fi; done
- ## Removing Video and Audio
- virsh $REMOVE "$PCI$VIDEO"
- sleep 1
- virsh $REMOVE "$PCI$AUDIO"
- modprobe -r amdgpu
- #Reseting The Loop Counter
- Loop=1
- #Making Sure that AMD GPU is Un-Loaded
- while (lsmod | grep amdgpu); do echo "Loop-3"; if [ "$Loop" -le "$TimeOut" ]; then echo "AMD GPU in use"; lsmod | grep amdgpu | awk '{print $1}' | while read AM; do modprobe -r $AM; done;TimeOut+=1; echo "AMDGPU try: $TimeOut"; sleep 1; else echo "Fail To Remove AMD GPU";rmmod amdgpu; break;fi;done
- #may the force be with you
- #rmmod -f amdgpu
- #garbage collection
- unset Loop
- unset TimeOut
- #Putting System To a quick sleep cycle to make sure that amd graphic card is Properly reset
- rtcwake -m mem --date $TIME
-
- fi
-}
-CPU_Pining() {
-if [[ "$*" == "enable" ]]
-then
- systemctl set-property --runtime -- user.slice AllowedCPUs=0,8
- systemctl set-property --runtime -- system.slice AllowedCPUs=0,8
- systemctl set-property --runtime -- init.scope AllowedCPUs=0,8
- echo "CPU Pining Enabled"
-elif [[ "$*" == "disable" ]]
-then
- systemctl set-property --runtime -- user.slice AllowedCPUs=0-11
- systemctl set-property --runtime -- system.slice AllowedCPUs=0-11
- systemctl set-property --runtime -- init.scope AllowedCPUs=0-11
- echo "CPU Pining Disable"
-fi
-}
-# Main Init
-if [[ "$*" == "start" ]]
-then
- Gen_Vars
- Kill_DM
- IF_AMD
- #CPU_Pining "enable"
- echo "Start Done"
-elif [[ "$*" == "stop" ]]
-then
- Gen_Vars
- #CPU_Pining "disable"
- echo "1" | tee -a /sys/bus/pci/devices/0000:$AUDIO1/remove
- echo "1" | tee -a /sys/bus/pci/devices/0000:$VIDEO1/remove
- rtcwake -m mem --date $TIME
- sleep $Delay_3
- echo "1" | tee -a /sys/bus/pci/rescan
- # systemctl restart `cat /var/tmp/Last-DM`
- echo "Stop Done"
-fi
diff --git a/machines/AMD-Workstation/vm/win2k22.xml b/machines/AMD-Workstation/vm/win2k22.xml
deleted file mode 100644
index 2cc8339..0000000
--- a/machines/AMD-Workstation/vm/win2k22.xml
+++ /dev/null
@@ -1,201 +0,0 @@
-
- win2k22
- dcd41663-1e1d-40d0-9020-46f4e25e2777
-
-
-
-
-
- 4194304
- 4194304
-
-
-
-
- 2
-
- hvm
- /run/libvirt/nix-ovmf/OVMF_CODE.fd
- /var/lib/libvirt/qemu/nvram/win2k22_VARS.fd
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- destroy
- restart
- destroy
-
-
-
-
-
- /run/libvirt/nix-emulators/qemu-system-x86_64
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
diff --git a/machines/Arch-Builder-VM/autoinstall.nix b/machines/Arch-Builder-VM/autoinstall.nix
deleted file mode 100644
index 691d669..0000000
--- a/machines/Arch-Builder-VM/autoinstall.nix
+++ /dev/null
@@ -1,17 +0,0 @@
-{ ... }: {
- autoinstall.Arch-Builder-VM = {
- mainuser = "ataraxia";
- flakesPath = "/home/nixos/nixos-config";
- partitioning.useEntireDisk = true;
- partitioning.disk = "/dev/disk/by-id/ata-QEMU_HARDDISK_QM00003";
- partitioning.nullifyDisk = false;
- partitioning.createBootPool = true;
- swapPartition.enable = true;
- swapPartition.size = "2GiB";
- efiMountPoint = "/efi";
- bootSize = "512MiB";
- efiSize = "128MiB";
- zfsOpts.ashift = 13;
- persist.enable = false;
- };
-}
diff --git a/machines/Arch-Builder-VM/default.nix b/machines/Arch-Builder-VM/default.nix
deleted file mode 100644
index acea9fe..0000000
--- a/machines/Arch-Builder-VM/default.nix
+++ /dev/null
@@ -1,122 +0,0 @@
-{ inputs, config, lib, pkgs, ... }: {
- imports = with inputs.self; [ ./hardware-configuration.nix ];
-
- options = {
- device = lib.mkOption { type = lib.types.str; };
- mainuser = lib.mkOption { type = lib.types.str; };
- };
-
- config = let
- zfs_arc_max = toString (1 * 1024 * 1024 * 1024);
- in {
- networking.wireless.enable = false;
- networking.networkmanager.enable = false;
- networking.hostName = config.device;
-
- documentation.nixos.enable = lib.mkForce false;
- programs.command-not-found.enable = lib.mkForce false;
- xdg.autostart.enable = lib.mkForce false;
- xdg.icons.enable = lib.mkForce false;
- xdg.mime.enable = lib.mkForce false;
- xdg.sounds.enable = lib.mkForce false;
- services.udisks2.enable = lib.mkForce false;
- nix.optimise.automatic = false;
-
- fonts.enableDefaultPackages = lib.mkForce false;
- fonts.packages = [ (pkgs.nerdfonts.override { fonts = [ "FiraCode" "VictorMono" ]; }) ];
-
- security.polkit.enable = true;
-
- boot = {
- kernelParams = [
- "zswap.enabled=0" "quiet" "scsi_mod.use_blk_mq=1"
- "zfs.metaslab_lba_weighting_enabled=0"
- "zfs.zfs_arc_max=${zfs_arc_max}"
- ];
- kernelPackages = config.boot.zfs.package.latestCompatibleLinuxPackages;
- cleanTmpDir = true;
- zfs.forceImportAll = false;
-
- initrd.supportedFilesystems = [ "zfs" ];
- loader = {
- grub = {
- enable = true;
- device = "nodev";
- copyKernels = true;
- efiSupport = true;
- useOSProber = false;
- zfsSupport = true;
- };
- efi.canTouchEfiVariables = true;
- efi.efiSysMountPoint = "/efi";
- generationsDir.copyKernels = true;
- };
-
- tmp.useTmpfs = true;
- tmp.tmpfsSize = "16G";
- };
-
- zramSwap = {
- enable = true;
- algorithm = "zstd";
- memoryPercent = 150;
- };
-
- environment.systemPackages = with pkgs; [
- git kitty bat micro bottom nix-index-update pwgen comma
- ];
- nix = {
- nixPath = lib.mkForce [ "self=/etc/self/compat" "nixpkgs=/etc/nixpkgs" ];
- registry.self.flake = inputs.self;
- registry.nixpkgs.flake = inputs.nixpkgs;
- extraOptions = ''
- experimental-features = nix-command flakes
- flake-registry = ${inputs.flake-registry}/flake-registry.json
- '';
- };
- environment.etc.nixpkgs.source = inputs.nixpkgs;
- environment.etc.self.source = inputs.self;
-
- services.openssh = {
- enable = true;
- settings.PasswordAuthentication = false;
- settings.PermitRootLogin = lib.mkForce "without-password";
- settings.X11Forwarding = false;
- extraConfig = "StreamLocalBindUnlink yes";
- ports = [ 22 ];
- };
-
- security.apparmor.enable = true;
- programs.firejail.enable = true;
- users.mutableUsers = false;
- users.users.${config.mainuser} = {
- isNormalUser = true;
- extraGroups = [
- "docker"
- "kvm"
- "libvirtd"
- "lxd"
- "networkmanager"
- "podman"
- "qemu-libvirtd"
- "systemd-journal"
- "wheel"
- ];
- description = "AtaraxiaDev";
- uid = 1000;
- hashedPassword = "$y$j9T$ZC44T3XYOPapB26cyPsA4.$8wlYEbwXFszC9nrg0vafqBZFLMPabXdhnzlT3DhUit6";
- };
- systemd.services."user@" = { serviceConfig = { Restart = "always"; }; };
- services.getty.autologinUser = config.mainuser;
-
- users.users.${config.mainuser}.openssh.authorizedKeys.keys = [
- "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC+xd8ClJPvJuAdYC9HlNnjiubEtYfvnKjYr9ROV+UmPVvI3ZITF24OaMI+fxgR0EqGfcUzSGom8528IB53Q3aFMIAaA0vKjW+jrByyB2l/k/+ttpLbH75c9WyOpAcUDTen8BhHKPyXOHoJ1jLu7GFmtPZ+mZo8thFB/VIRrwECHd8DnF0drsSCorkRp1bZC7bAHgztaYHNBUoAVGgJ7nLwW7DotlgbUEDiPJHXOxd/c/ZlXIB/cfUUqF+L5ThbMPhMcwRMspLy+nQdmHhih9k6SkvYqJoNqHT5/XeShb0RkIzvUWT2CYTPop5kAY5mMnatVTOY1FZPhHzk3G8MhOQ3r/elM/ecZxmjL8uozMN9kRGf1IL4DgQZfVqQRILdNSQGb0tfeiyirNZe1RlDw9UvMnZJOw0EkiC9lSSRhBWXXxAmxRrbNFTPQSp+/kiIGDmp2AsGhD11CfTDEU3wcLEUPBUqp1FYSzHncJyEKGy2Dpa5xaUJ0cuyGL4W3WHDXa4sTfY+AIXbQTD88Ujdsbfzyd6lrikG4D/crCurXissrh7q9DuYKWRI24cp5bw9lG33U1EXisnZqFyZNwMAmSj2QEGsHCwSevn0FgyRa2WYXgpZ9hfgY4le+ZSMo2JTosQ6DjGyxMDyQAHJ/ismTTzL67Q2p6U+73toYm62Qqdspw== (none)"
- "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDP0/DReYSAfkucroMTdELzTORsGhhbEa+W0FDFBnwViHuoqoKvetCOkW657icexc5v/j6Ghy3+Li9twbHnEDzUJVtNtauhGMjOcUYt6pTbeJ09CGSAh+orxzeY4vXp7ANb91xW8yRn/EE4ALxqbLsc/D7TUMl11fmf0UW+kLgU5TcUYVSLMjQqBpD1Lo7lXLrImloDxe5fwoBDT09E59r9tq6+/3aHz8mpKRLsIQIV0Av00BRJ+/OVmZuBd9WS35rfkpUYmpEVInSJy3G4O6kCvY/zc9Bnh67l4kALZZ0+6W23kBGrzaRfaOtCEcscwfIu+6GXiHOL33rrMNNinF0T2942jGc18feL6P/LZCzqz8bGdFNxT43jAGPeDDcrJEWAJZFO3vVTP65dTRTHQG2KlQMzS7tcif6YUlY2JLJIb61ZfLoShH/ini/tqsGT0Be1f3ndOFt48h4XMW1oIF+EXaHYeO2UJ6855m8Wpxs4bP/jX6vMV38IvvnHy4tWD50= alukard@AMD-Workstation"
- ];
-
- users.users.root.openssh.authorizedKeys.keys =
- config.users.users.nixos.openssh.authorizedKeys.keys;
-
- system.stateVersion = "22.11";
- };
-}
\ No newline at end of file
diff --git a/machines/Arch-Builder-VM/system b/machines/Arch-Builder-VM/system
deleted file mode 100644
index ab65297..0000000
--- a/machines/Arch-Builder-VM/system
+++ /dev/null
@@ -1 +0,0 @@
-aarch64-linux
\ No newline at end of file
diff --git a/machines/Dell-Laptop/default.nix b/machines/Dell-Laptop/default.nix
index 4024e49..068af04 100644
--- a/machines/Dell-Laptop/default.nix
+++ b/machines/Dell-Laptop/default.nix
@@ -8,20 +8,9 @@
];
deviceSpecific.devInfo = {
- cpu = {
- vendor = "intel";
- clock = 1600;
- cores = 8;
- };
- drive = {
- type = "ssd";
- speed = 2000;
- size = 250;
- };
- gpu = {
- vendor = "intel";
- };
- bigScreen = false;
+ cpu.vendor = "intel";
+ drive.type = "ssd";
+ gpu.vendor = "intel";
ram = 16;
fileSystem = "zfs";
};
diff --git a/machines/Home-Hypervisor/boot.nix b/machines/Home-Hypervisor/boot.nix
index c10d1ed..ca40280 100644
--- a/machines/Home-Hypervisor/boot.nix
+++ b/machines/Home-Hypervisor/boot.nix
@@ -22,31 +22,13 @@ in {
# # '';
};
initrd = {
- # kernelModules = [
- # "mmc_core" "mmc_block" "sdhci" "sdhci-pci"
- # "vfat" "nls_cp437" "nls_iso8859_1"
- # ];
- # postDeviceCommands = let
- # SDUUID = "E54A-5461";
- # in pkgs.lib.mkBefore ''
- # mkdir -m 0755 -p /key
- # sleep 2 # To make sure the usb key has been loaded
- # mount -n -t vfat -o ro `findfs UUID=${SDUUID}` /key
- # '';
- # availableKernelModules = [ "tg3" ]; # for dell-laptop
- # postMountCommands = ''
- # '';
luks.devices = {
"cryptboot" = {
- # preLVM = false;
preLVM = true;
- # keyFile = "/key/keyfile0";
keyFile = "/keyfile0.bin";
allowDiscards = true;
bypassWorkqueues = config.deviceSpecific.isSSD;
fallbackToPassword = true;
- # postOpenCommands = "";
- # preOpenCommands = "";
};
"cryptroot" = {
preLVM = true;
diff --git a/machines/Home-Hypervisor/default.nix b/machines/Home-Hypervisor/default.nix
index 1f29f3d..ff504df 100644
--- a/machines/Home-Hypervisor/default.nix
+++ b/machines/Home-Hypervisor/default.nix
@@ -50,23 +50,14 @@ in {
];
deviceSpecific.devInfo = {
- cpu = {
- vendor = "intel";
- clock = 2300;
- cores = 4;
- };
- drive = {
- type = "ssd";
- speed = 500;
- size = 500;
- };
- gpu = { vendor = "other"; };
- bigScreen = false;
+ cpu.vendor = "intel";
+ drive.type = "ssd";
+ gpu.vendor = "other";
ram = 12;
fileSystem = "zfs";
};
deviceSpecific.enableVirtualisation = true;
- deviceSpecific.vpn.mullvad.enable = false;
+ deviceSpecific.vpn.tailscale.enable = true;
deviceSpecific.isServer = true;
zramSwap = {
@@ -75,15 +66,12 @@ in {
memoryPercent = 150;
};
- services.tailscale.enable = true;
- services.tailscale.useRoutingFeatures = "client";
# Impermanence
persist = {
enable = true;
cache.clean.enable = true;
state = {
files = [ "/etc/machine-id" ];
- directories = [ "/var/lib/tailscale" ];
};
};
fileSystems."/home".neededForBoot = true;
@@ -111,7 +99,6 @@ in {
[ (pkgs.nerdfonts.override { fonts = [ "FiraCode" "VictorMono" ]; }) ];
security.polkit.enable = true;
- # security.pam.enableSSHAgentAuth = true;
services.zfs = {
autoScrub.enable = true;
@@ -142,29 +129,19 @@ in {
}];
};
networking.extraHosts = ''
+ 127.0.0.1 auth.ataraxiadev.com
127.0.0.1 code.ataraxiadev.com
127.0.0.1 cache.ataraxiadev.com
+ 127.0.0.1 s3.ataraxiadev.com
'';
- # networking.proxy.default = "http://127.0.0.1:3128";
-
nix.optimise.automatic = false;
services.logind.lidSwitch = "lock";
services.logind.lidSwitchDocked = "lock";
services.logind.lidSwitchExternalPower = "lock";
- services.timesyncd.enable = lib.mkForce false;
- services.openntpd.enable = true;
- networking.timeServers = [
- "0.ru.pool.ntp.org"
- "1.ru.pool.ntp.org"
- "2.ru.pool.ntp.org"
- "3.ru.pool.ntp.org"
- "0.europe.pool.ntp.org"
- "1.europe.pool.ntp.org"
- "2.europe.pool.ntp.org"
- "3.europe.pool.ntp.org"
- ] ++ options.networking.timeServers.default;
+ systemd.services.systemd-timesyncd.wantedBy = [ "multi-user.target" ];
+ systemd.timers.systemd-timesyncd = { timerConfig.OnCalendar = "hourly"; };
home-manager.users.${config.mainuser} = {
home.file.".config/libvirt/libvirt.conf".text = ''
@@ -185,6 +162,7 @@ in {
rclone
repgrep
restic
+ rsync
rustic-rs
smartmontools
];
diff --git a/machines/Home-Hypervisor/virtualisation.nix b/machines/Home-Hypervisor/virtualisation.nix
index c117e6f..804d709 100644
--- a/machines/Home-Hypervisor/virtualisation.nix
+++ b/machines/Home-Hypervisor/virtualisation.nix
@@ -10,7 +10,6 @@
enable = true;
extraPackages = [ pkgs.zfs ];
dockerSocket.enable = true;
- # defaultNetwork.settings.dns_enabled = true;
};
containers.registries.search = [
"docker.io" "gcr.io" "quay.io"
@@ -42,7 +41,6 @@
ovmf.enable = true;
ovmf.packages = [
pkgs.OVMFFull.fd
- # pkgs.pkgsCross.aarch64-multiplatform.OVMF.fd
];
runAsRoot = false;
};
diff --git a/machines/NixOS-VPS/default.nix b/machines/NixOS-VPS/default.nix
index ab13393..f19348a 100644
--- a/machines/NixOS-VPS/default.nix
+++ b/machines/NixOS-VPS/default.nix
@@ -145,11 +145,11 @@
];
# Locale
- i18n.defaultLocale = "en_GB.UTF-8";
+ i18n.defaultLocale = "en_US.UTF-8";
i18n.extraLocaleSettings = {
- LANGUAGE = "en_GB.UTF-8";
- LC_ALL = "en_GB.UTF-8";
- LC_TIME = "en_GB.UTF-8";
+ LANGUAGE = "en_US.UTF-8";
+ LC_ALL = "en_US.UTF-8";
+ LC_TIME = "en_US.UTF-8";
LC_ADDRESS = "ru_RU.UTF-8";
LC_MONETARY = "ru_RU.UTF-8";
LC_PAPER = "ru_RU.UTF-8";
@@ -158,8 +158,8 @@
environment.sessionVariables = {
XKB_DEFAULT_LAYOUT = "us,ru";
XKB_DEFAULT_OPTIONS = "grp:win_space_toggle";
- LANGUAGE = "en_GB.UTF-8";
- LC_ALL = "en_GB.UTF-8";
+ LANGUAGE = "en_US.UTF-8";
+ LC_ALL = "en_US.UTF-8";
};
# Hardened
diff --git a/modules/libvirt-guests/default.nix b/modules/libvirt-guests.nix
similarity index 100%
rename from modules/libvirt-guests/default.nix
rename to modules/libvirt-guests.nix
diff --git a/modules/passthrough/default.nix b/modules/passthrough/default.nix
deleted file mode 100644
index d4391ed..0000000
--- a/modules/passthrough/default.nix
+++ /dev/null
@@ -1,3 +0,0 @@
-{
- imports = [ ./virtualisation.nix ./vfio.nix ];
-}
diff --git a/modules/passthrough/vfio.nix b/modules/passthrough/vfio.nix
deleted file mode 100644
index fecf8dc..0000000
--- a/modules/passthrough/vfio.nix
+++ /dev/null
@@ -1,95 +0,0 @@
-{ lib, pkgs, config, ... }:
-with lib;
-let
- cfg = config.virtualisation.vfio;
- cfg-libvirtd = config.virtualisation.libvirtd;
- boolToZeroOne = x: if x then "1" else "0";
- aclString = with lib.strings;
- concatMapStringsSep ''
- ,
- '' escapeNixString cfg.deviceACL;
-in {
- options.virtualisation = {
- vfio = {
- enable = mkEnableOption "VFIO Configuration";
- IOMMUType = mkOption {
- type = types.enum [ "intel" "amd" ];
- example = "intel";
- description = "Type of the IOMMU used";
- };
- devices = mkOption {
- type = types.listOf (types.strMatching "[0-9a-f]{4}:[0-9a-f]{4}");
- default = [ ];
- example = [ "10de:1b80" "10de:10f0" ];
- description = "PCI IDs of devices to bind to vfio-pci";
- };
- disableEFIfb = mkOption {
- type = types.bool;
- default = false;
- example = true;
- description = "Disables the usage of the EFI framebuffer on boot.";
- };
- blacklistNvidia = mkOption {
- type = types.bool;
- default = false;
- description = "Add Nvidia GPU modules to blacklist";
- };
- ignoreMSRs = mkOption {
- type = types.bool;
- default = false;
- example = true;
- description =
- "Enables or disables kvm guest access to model-specific registers";
- };
- };
- libvirtd = {
- deviceACL = mkOption {
- type = types.listOf types.str;
- default = [ ];
- };
- clearEmulationCapabilities = mkOption {
- type = types.bool;
- default = true;
- };
- };
- };
-
- config = lib.mkIf cfg.enable {
- services.udev.extraRules = ''
- SUBSYSTEM=="vfio", OWNER="root", GROUP="kvm"
- '';
-
- boot.kernelParams = (if cfg.IOMMUType == "intel" then [
- "intel_iommu=on"
- "intel_iommu=igfx_off"
- ] else [ "amd_iommu=on" ])
- ++ (optional (builtins.length cfg.devices > 0)
- ("vfio-pci.ids=" + builtins.concatStringsSep "," cfg.devices))
- ++ (optionals cfg.applyACSpatch [
- "pcie_acs_override=downstream,multifunction"
- "pci=nomsi"
- ]) ++ (optional cfg.disableEFIfb "video=efifb:off")
- ++ (optionals cfg.ignoreMSRs [
- "kvm.ignore_msrs=1"
- "kvm.report_ignored_msrs=0"
- ]);
-
- boot.kernelModules = [ "vfio_virqfd" "vfio_pci" "vfio_iommu_type1" "vfio" ];
- boot.initrd.kernelModules =
- [ "vfio_virqfd" "vfio_pci" "vfio_iommu_type1" "vfio" ];
- boot.blacklistedKernelModules =
- optionals cfg.blacklistNvidia [ "nvidia" "nouveau" ];
-
- users.users."qemu-libvirtd" = {
- extraGroups = optionals (!cfg-libvirtd.qemu.runAsRoot) [ "kvm" "input" ];
- };
- virtualisation.libvirtd.qemu.verbatimConfig = ''
- clear_emulation_capabilities = ${
- boolToZeroOne cfg-libvirtd.clearEmulationCapabilities
- }
- cgroup_device_acl = [
- ${aclString}
- ]
- '';
- };
-}
diff --git a/modules/passthrough/virtualisation.nix b/modules/passthrough/virtualisation.nix
deleted file mode 100644
index d0c6f0a..0000000
--- a/modules/passthrough/virtualisation.nix
+++ /dev/null
@@ -1,66 +0,0 @@
-{ lib, pkgs, config, ... }:
-with lib;
-let
- cfg = config.virtualisation;
- tmpfileEntry = name: f: "f /dev/shm/${name} ${f.mode} ${f.user} ${f.group} -";
-in {
- options.virtualisation = {
- sharedMemoryFiles = mkOption {
- type = types.attrsOf (types.submodule ({ name, ... }: {
- options = {
- name = mkOption {
- visible = false;
- default = name;
- type = types.str;
- };
- user = mkOption {
- type = types.str;
- default = "root";
- description = "Owner of the memory file";
- };
- group = mkOption {
- type = types.str;
- default = "root";
- description = "Group of the memory file";
- };
- mode = mkOption {
- type = types.str;
- default = "0600";
- description = "Group of the memory file";
- };
- };
- }));
- default = { };
- };
- hugepages = {
- enable = mkEnableOption "Hugepages";
-
- defaultPageSize = mkOption {
- type = types.strMatching "[0-9]*[kKmMgG]";
- default = "1M";
- description =
- "Default size of huge pages. You can use suffixes K, M, and G to specify KB, MB, and GB.";
- };
- pageSize = mkOption {
- type = types.strMatching "[0-9]*[kKmMgG]";
- default = "1M";
- description =
- "Size of huge pages that are allocated at boot. You can use suffixes K, M, and G to specify KB, MB, and GB.";
- };
- numPages = mkOption {
- type = types.ints.positive;
- default = 1;
- description = "Number of huge pages to allocate at boot.";
- };
- };
- };
-
- config.systemd.tmpfiles.rules =
- mapAttrsToList tmpfileEntry cfg.sharedMemoryFiles;
-
- config.boot.kernelParams = optionals cfg.hugepages.enable [
- "default_hugepagesz=${cfg.hugepages.defaultPageSize}"
- "hugepagesz=${cfg.hugepages.pageSize}"
- "hugepages=${toString cfg.hugepages.numPages}"
- ];
-}
diff --git a/modules/seadrive.nix b/modules/seadrive.nix
deleted file mode 100644
index 2cf9edd..0000000
--- a/modules/seadrive.nix
+++ /dev/null
@@ -1,126 +0,0 @@
-{ config, lib, pkgs, ... }:
-with lib;
-let
- cfg = config.services.seadrive;
- format = pkgs.formats.ini { };
-
- settings = {
- account = {
- server = cfg.settings.server;
- username = cfg.settings.username;
- token = "#token#";
- is_pro = cfg.settings.isPro;
- };
- general = {
- client_name = cfg.settings.clientName;
- };
- cache = {
- size_limit = cfg.settings.sizeLimit;
- clean_cache_interval = cfg.settings.cleanCacheInterval;
- };
- };
-
- configFile = format.generate "seadrive.conf" settings;
-
- startScript = pkgs.writeShellScript "start-seadrive" ''
- token=$(head -n1 ${cfg.settings.tokenFile})
- cp -f ${configFile} ${cfg.stateDir}/seadrive.conf
- sed -e "s,#token#,$token,g" -i "${cfg.stateDir}/seadrive.conf"
- chmod 440 "${cfg.stateDir}/seadrive.conf"
-
- mkdir -p ${cfg.mountPoint} || true
-
- ${cfg.package}/bin/seadrive -c ${cfg.stateDir}/seadrive.conf -f -d ${cfg.stateDir}/data -l ${cfg.stateDir}/logs ${cfg.mountPoint}
- '';
-in {
- options.services.seadrive = {
- enable = mkEnableOption "Seadrive";
-
- settings = mkOption {
- default = { };
- description = lib.mdDoc ''
- '';
-
- type = types.submodule {
- freeformType = format.type;
-
- options = {
- server = mkOption {
- type = types.str;
- default = "";
- description = lib.mdDoc "";
- };
- username = mkOption {
- type = types.str;
- default = "";
- description = lib.mdDoc "";
- };
- tokenFile = mkOption {
- type = types.str;
- default = "";
- description = lib.mdDoc "";
- };
- isPro = mkOption {
- type = types.bool;
- default = false;
- description = lib.mdDoc "";
- };
- clientName = mkOption {
- type = types.str;
- default = config.networking.hostName;
- description = lib.mdDoc "";
- };
- sizeLimit = mkOption {
- type = types.str;
- default = "10GB";
- description = lib.mdDoc "";
- };
- cleanCacheInterval = mkOption {
- type = types.int;
- default = 10;
- description = lib.mdDoc "";
- };
- };
- };
- };
-
- package = mkOption {
- type = types.package;
- description = lib.mdDoc "Which package to use for the seadrive.";
- default = pkgs.seadrive-fuse;
- defaultText = literalExpression "pkgs.seadrive-fuse";
- };
-
- mountPoint = mkOption {
- type = types.str;
- default = "/media/seadrive";
- description = lib.mdDoc "";
- };
-
- stateDir = mkOption {
- type = types.str;
- default = "~/.seadrive";
- description = lib.mdDoc "";
- };
- };
-
- config = mkIf cfg.enable {
- systemd.user.services.seadrive = rec {
- serviceConfig.ExecStart = startScript;
- after = [ "seadrive-mkdir.service" ];
- wants = after;
- wantedBy = [ "default.target" ];
- };
-
- systemd.services.seadrive-mkdir = rec {
- serviceConfig.Type = "oneshot";
- script = ''
- mkdir -p ${cfg.mountPoint} > /dev/null 2>&1
- chown ${config.mainuser}:users ${cfg.mountPoint} > /dev/null 2>&1
- '';
- after = [ "network-online.target" ];
- wants = after;
- wantedBy = [ "default.target" ];
- };
- };
-}
\ No newline at end of file
diff --git a/patches/269584.patch b/patches/269584.patch
deleted file mode 100644
index 35438b0..0000000
--- a/patches/269584.patch
+++ /dev/null
@@ -1,30 +0,0 @@
-From 369c508fae6ab9909c943e5e078e524ea58cb227 Mon Sep 17 00:00:00 2001
-From: Sascha Grunert
-Date: Fri, 24 Nov 2023 08:59:05 +0100
-Subject: [PATCH] crun: 1.11.1 -> 1.12
-
-Signed-off-by: Sascha Grunert
----
- pkgs/applications/virtualization/crun/default.nix | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/pkgs/applications/virtualization/crun/default.nix b/pkgs/applications/virtualization/crun/default.nix
-index 77c36d3f81c069..6b513dae9e1e92 100644
---- a/pkgs/applications/virtualization/crun/default.nix
-+++ b/pkgs/applications/virtualization/crun/default.nix
-@@ -39,13 +39,13 @@ let
- in
- stdenv.mkDerivation rec {
- pname = "crun";
-- version = "1.11.1";
-+ version = "1.12";
-
- src = fetchFromGitHub {
- owner = "containers";
- repo = pname;
- rev = version;
-- hash = "sha256-D4Y+n/6R2v3U/BhYQitsHd6ckda1vfAzciFbTM/1J80=";
-+ hash = "sha256-61E/71axlN5H1KpAkWFm7jOETlmmy2qh7R+JrVZlMIQ=";
- fetchSubmodules = true;
- };
-
diff --git a/profiles/bluetooth.nix b/profiles/bluetooth.nix
index 9487cc0..f80a427 100644
--- a/profiles/bluetooth.nix
+++ b/profiles/bluetooth.nix
@@ -3,7 +3,6 @@
services.blueman.enable = true;
hardware.bluetooth = {
enable = true;
- # package = pkgs.bluez;
settings = {
General = { Experimental = true; };
};
diff --git a/profiles/network.nix b/profiles/network.nix
index 8f14ecc..9c5dc1c 100644
--- a/profiles/network.nix
+++ b/profiles/network.nix
@@ -1,35 +1,11 @@
{ pkgs, lib, config, ... }:
-with config.deviceSpecific;
{
networking = {
networkmanager.enable = true;
- # wireless = {
- # # enable = isLaptop;
- # interfaces = lib.mkIf (config.device == "Dell-Laptop") [
- # "wlo1"
- # ];
- # networks.Alukard_5GHz = {
- # pskRaw = "feee27000fb0d7118d498d4d867416d04d1d9a1a7b5dbdbd888060bbde816fe4";
- # priority = 1;
- # };
- # networks.Alukard.pskRaw =
- # "5ef5fe07c1f062e4653fce9fe138cc952c20e284ae1ca50babf9089b5cba3a5a";
- # networks.AlukardAP_5GHz = {
- # pskRaw = "d1733d7648467a8a9cae9880ef10a2ca934498514b4da13b53f236d7c68b8317";
- # priority = 1;
- # };
- # networks.AlukardAP.pskRaw = "b8adc07cf1a9c7a7a5946c2645283b27ab91a8af4c065e5f9cde03ed1815811c";
- # };
- # networks.SladkiySon.pskRaw =
- # "86b1c8c60d3e99145bfe90e0af9bf552540d34606bb0d00b314f5b5960e46496";
- # userControlled.enable = true;
- # };
-
firewall = {
enable = true;
allowPing = true;
};
-
usePredictableInterfaceNames = true;
hostName = config.device;
};
diff --git a/profiles/nix/default.nix b/profiles/nix/default.nix
index 5269277..a451bbc 100644
--- a/profiles/nix/default.nix
+++ b/profiles/nix/default.nix
@@ -46,19 +46,6 @@
trusted-users = [ "root" config.mainuser "deploy" "@wheel" ];
use-xdg-base-directories = true;
};
-
- buildMachines = [
- {
- hostName = "nix-builder";
- maxJobs = 8;
- sshUser = "ataraxia";
- sshKey = config.secrets.ssh-builder.decrypted;
- systems = [ "x86_64-linux" "i686-linux" "aarch64-linux" ];
- supportedFeatures = [ "nixos-test" "benchmark" "big-parallel" "kvm" ];
- }
- ];
-
- distributedBuilds = lib.mkIf (config.device != "AMD-Workstation") true;
};
environment.etc.nixpkgs.source = inputs.nixpkgs;
diff --git a/profiles/security/user.nix b/profiles/security/user.nix
index 50e3d7d..be6f30c 100644
--- a/profiles/security/user.nix
+++ b/profiles/security/user.nix
@@ -27,7 +27,6 @@
"systemd-journal"
"smbuser"
"video"
- # "wheel" # remove?
];
description = "AtaraxiaDev";
uid = 1000;
diff --git a/profiles/sound/default.nix b/profiles/sound/default.nix
index 34f18ba..6574297 100644
--- a/profiles/sound/default.nix
+++ b/profiles/sound/default.nix
@@ -1,10 +1,6 @@
{ config, lib, pkgs, ... }: {
- # sound.enable = true;
-
imports = [
./pipewire.nix
./easyeffects
];
-
-
}
\ No newline at end of file
diff --git a/profiles/sound/pipewire.nix b/profiles/sound/pipewire.nix
index e4db400..6e5fb91 100644
--- a/profiles/sound/pipewire.nix
+++ b/profiles/sound/pipewire.nix
@@ -6,43 +6,6 @@
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
- # TODO: create drop-in files in /etc/pipewire/pipewire.conf.d/
- # config.pipewire-pulse = {
- # "context.modules" = [
- # {
- # "name" = "libpipewire-module-rtkit";
- # "args" = {};
- # "flags" = [
- # "ifexists"
- # "nofail"
- # ];
- # }
- # {
- # "name" = "libpipewire-module-protocol-native";
- # }
- # {
- # "name" = "libpipewire-module-client-node";
- # }
- # {
- # "name" = "libpipewire-module-adapter";
- # }
- # {
- # "name" = "libpipewire-module-metadata";
- # }
- # {
- # "name" = "libpipewire-module-protocol-pulse";
- # "args" = {
- # "server.address" = [
- # "unix:native"
- # "tcp:127.0.0.1:8888" # IPv4 on a single address
- # ];
- # "vm.overrides" = {
- # "pulse.min.quantum" = "1024/48000";
- # };
- # };
- # }
- # ];
- # };
};
environment.etc = {
@@ -58,15 +21,6 @@
};
home-manager.users.${config.mainuser} = {
- xdg.configFile."wireplumber/bluetooth.lua.d/51-bluez-config.lua".text = ''
- bluez_monitor.properties = {
- ["bluez5.enable-sbc-xq"] = true,
- ["bluez5.enable-msbc"] = true,
- ["bluez5.hw-volume"] = "[ hfp_ag hsp_ag a2dp_source a2dp_sink ]",
- ["bluez5.headset-roles"] = "[ hsp_hs hsp_ag hfp_hf hfp_ag a2dp_sink ]",
- ["bluez5.reconnect-profiles"] = "[ hsp_hs hfp_hf a2dp_sink ]",
- }
- '';
home.packages = [ pkgs.pavucontrol pkgs.pulseaudio ];
};
diff --git a/profiles/workspace/copyq.nix b/profiles/workspace/copyq.nix
deleted file mode 100644
index 5d4fff2..0000000
--- a/profiles/workspace/copyq.nix
+++ /dev/null
@@ -1,10 +0,0 @@
-{ config, pkgs, ... }: {
- environment.systemPackages = [ pkgs.copyq ];
- home-manager.users.${config.mainuser} = {
- wayland.windowManager.hyprland.extraConfig = ''
- windowrule=float,title=(.*CopyQ)
- '';
- };
- startupApplications = [ "${pkgs.copyq}/bin/copyq" ];
- persist.state.homeDirectories = [ ".config/copyq" ];
-}
\ No newline at end of file
diff --git a/profiles/workspace/git.nix b/profiles/workspace/git.nix
index 2df8a7e..d85f01b 100644
--- a/profiles/workspace/git.nix
+++ b/profiles/workspace/git.nix
@@ -9,13 +9,13 @@
signByDefault = true;
key = "922DA6E758A0FE4CFAB4E4B2FD266B810DF48DF2";
};
- ignores = [ ".envrc" ".direnv" "*~" ".#*" "#*#" ];
+ ignores = [ ".direnv" "*~" ".#*" "#*#" ];
extraConfig = {
core = {
editor = "code --wait";
};
init = {
- defaultBranch = "master";
+ defaultBranch = "dev";
};
pull.rebase = true;
};
diff --git a/profiles/workspace/gpg.nix b/profiles/workspace/gpg.nix
index ed2cccc..68c7601 100644
--- a/profiles/workspace/gpg.nix
+++ b/profiles/workspace/gpg.nix
@@ -14,7 +14,6 @@ with config.deviceSpecific; {
"E6A6377C3D0827C36428A290199FDB3B91414AFE"
];
};
-
systemd.user.services.gpg-agent = {
Service = {
Environment = lib.mkForce [
diff --git a/profiles/workspace/hyprland/default.nix b/profiles/workspace/hyprland/default.nix
index 67d61e6..aff7dd4 100644
--- a/profiles/workspace/hyprland/default.nix
+++ b/profiles/workspace/hyprland/default.nix
@@ -25,28 +25,36 @@ let
in with config.deviceSpecific; with lib; {
imports = [ inputs.hyprland.nixosModules.default ];
- programs.hyprland.enable = true;
+ programs.ydotool.enable = true;
+ services.udiskie.enable = !isServer;
+ services.gammastep = {
+ enable = !isServer;
+ latitude = config.location.latitude;
+ longitude = config.location.longitude;
+ temperature.day = 6500;
+ temperature.night = 3000;
+ };
+ systemd.user.services.gammastep = {
+ Install.WantedBy = lib.mkForce [];
+ };
+ programs.hyprland.enable = true;
home-manager.users.${config.mainuser} = {
imports = [
inputs.hyprland.homeManagerModules.default
];
-
home.packages = [ pkgs.wl-clipboard hyprpaper-pkg ];
-
home.file.".config/hypr/hyprpaper.conf".text = ''
preload = ${/. + ../../../misc/wallpaper.png}
wallpaper = ,${/. + ../../../misc/wallpaper.png}
ipc = off
'';
-
programs.zsh.loginExtra = lib.mkAfter ''
[[ "$(tty)" == /dev/tty1 ]] && {
pass unlock
exec Hyprland 2> /home/${config.mainuser}/projects/hyprland.debug.log
}
'';
-
wayland.windowManager.hyprland = {
enable = true;
enableNvidiaPatches = false;
diff --git a/profiles/workspace/kde/default.nix b/profiles/workspace/kde/default.nix
index 776fad7..a7ba977 100644
--- a/profiles/workspace/kde/default.nix
+++ b/profiles/workspace/kde/default.nix
@@ -7,18 +7,10 @@ with config.lib.base16.theme; {
qt.enable = false;
environment.sessionVariables = {
- # QT_XFT = "true";
- # QT_SELECT = "5";
- # KDE_SESSION_VERSION = "5";
- # QT_SCALE_FACTOR = "1";
- # QT_AUTO_SCREEN_SCALE_FACTOR = "0";
- # QT_QPA_PLATFORMTHEME = "qt5ct";
KDEDIRS =
"/run/current-system/sw:/run/current-system/sw/share/kservices5:/run/current-system/sw/share/kservicetypes5:/run/current-system/sw/share/kxmlgui5";
};
home-manager.users.${config.mainuser} = {
- services.kdeconnect.enable = true;
-
xdg.configFile."kdeglobals".text = lib.generators.toGitINI {
"Colors:Button" = {
BackgroundAlternate = base01-hex;
diff --git a/profiles/workspace/locale.nix b/profiles/workspace/locale.nix
index 55d2a68..c3dda05 100644
--- a/profiles/workspace/locale.nix
+++ b/profiles/workspace/locale.nix
@@ -1,10 +1,10 @@
{ pkgs, config, lib, ... }:
with config.deviceSpecific; {
- i18n.defaultLocale = "en_GB.UTF-8";
+ i18n.defaultLocale = "en_US.UTF-8";
i18n.extraLocaleSettings = {
- LANGUAGE = "en_GB.UTF-8";
- LC_ALL = "en_GB.UTF-8";
- LC_TIME = "en_GB.UTF-8";
+ LANGUAGE = "en_US.UTF-8";
+ LC_ALL = "en_US.UTF-8";
+ LC_TIME = "en_US.UTF-8";
LC_ADDRESS = "ru_RU.UTF-8";
LC_MONETARY = "ru_RU.UTF-8";
LC_PAPER = "ru_RU.UTF-8";
@@ -13,8 +13,8 @@ with config.deviceSpecific; {
environment.sessionVariables = {
XKB_DEFAULT_LAYOUT = "us,ru";
XKB_DEFAULT_OPTIONS = "grp:win_space_toggle";
- LANGUAGE = "en_GB.UTF-8";
- LC_ALL = "en_GB.UTF-8";
+ LANGUAGE = "en_US.UTF-8";
+ LC_ALL = "en_US.UTF-8";
};
time.timeZone = "Europe/Moscow";
@@ -27,7 +27,7 @@ with config.deviceSpecific; {
home-manager.users.${config.mainuser} = {
home.language = let
- en = "en_GB.UTF-8";
+ en = "en_US.UTF-8";
ru = "ru_RU.UTF-8";
in {
address = ru;
diff --git a/profiles/workspace/mako.nix b/profiles/workspace/mako.nix
index 6210bc5..cf4dce6 100644
--- a/profiles/workspace/mako.nix
+++ b/profiles/workspace/mako.nix
@@ -25,30 +25,6 @@
progressColor = "over #${theme.base0B-hex}";
iconPath = "${theme.iconPackage}/share/icons/${theme.iconTheme}";
maxIconSize = 24;
- # extraConfig = let
- # play = sound:
- # "mpv ${pkgs.sound-theme-freedesktop}/share/sounds/freedesktop/stereo/${sound}.oga";
- # in ''
- # on-notify=exec ${play "message"}
- # [app-name=yubikey-touch-detector]
- # on-notify=exec ${play "service-login"}
- # [app-name=command_complete summary~="✘.*"]
- # on-notify=exec ${play "dialog-warning"}
- # [app-name=command_complete summary~="✓.*"]
- # on-notify=exec ${play "bell"}
- # [category=osd]
- # on-notify=none
- # [mode=do-not-disturb]
- # invisible=1
- # [mode=do-not-disturb summary="Do not disturb: on"]
- # invisible=0
- # [mode=concentrate]
- # invisible=1
- # [mode=concentrate urgency=critical]
- # invisible=0
- # [mode=concentrate summary="Concentrate mode: on"]
- # invisible=0
- # '';
};
};
}
diff --git a/profiles/workspace/misc.nix b/profiles/workspace/misc.nix
index 3f7f54c..fc348c5 100644
--- a/profiles/workspace/misc.nix
+++ b/profiles/workspace/misc.nix
@@ -11,7 +11,6 @@ with config.deviceSpecific; {
LIBVIRT_DEFAULT_URI = "qemu:///system";
};
- programs.ydotool.enable = true;
services.journald.extraConfig = "Compress=false";
services.gvfs.enable = !isServer;
services.upower.enable = isLaptop;
@@ -19,17 +18,7 @@ with config.deviceSpecific; {
home-manager.users.${config.mainuser} = {
news.display = "silent";
systemd.user.startServices = true;
- services.udiskie.enable = !isServer;
- services.gammastep = {
- enable = !isServer;
- latitude = config.location.latitude;
- longitude = config.location.longitude;
- temperature.day = 6500;
- temperature.night = 3000;
- };
- systemd.user.services.gammastep = {
- Install.WantedBy = lib.mkForce [];
- };
+
xdg.configFile."nixpkgs/config.nix".text = ''
{ allowUnfree = true; android_sdk.accept_license = true; }
'';
diff --git a/profiles/workspace/nix-index.nix b/profiles/workspace/nix-index.nix
index 07a35be..e92d8f5 100644
--- a/profiles/workspace/nix-index.nix
+++ b/profiles/workspace/nix-index.nix
@@ -1,25 +1,29 @@
{ config, lib, pkgs, ... }: {
+ systemd.services = let
+ service = user: group: {
+ wantedBy = [ "multi-user.target" ];
+ wants = [ "network-online.target" ];
+ after = [ "network-online.target" ];
+ path = [ pkgs.nix-index-update ];
+ serviceConfig = {
+ Type = "oneshot";
+ ExecStart = lib.getExe pkgs.nix-index-update;
+ User = user;
+ Group = group;
+ };
+ };
+ in {
+ "nix-index-update-root" = service "root" "root";
+ "nix-index-update-${config.mainuser}" = service config.mainuser "users";
+ };
home-manager.users.${config.mainuser} = {
programs.nix-index = {
enable = true;
enableZshIntegration = true;
};
-
home.packages = [
pkgs.nix-index-update
];
-
- # systemd.user.services.nix-index-update = {
- # Service = {
- # ExecStart = lib.getExe pkgs.nix-index-update;
- # Type = "oneshot";
- # };
- # Unit.After = [ "network.target" ];
- # Install.WantedBy = [ "default.target" ];
- # };
};
programs.command-not-found.enable = lib.mkForce false;
-
- # FIXME
- # persist.derivative.homeDirectories = [ ".cache/nix-index" ];
}
\ No newline at end of file
diff --git a/profiles/workspace/seadrive.nix b/profiles/workspace/seadrive.nix
deleted file mode 100644
index 0b4dc22..0000000
--- a/profiles/workspace/seadrive.nix
+++ /dev/null
@@ -1,19 +0,0 @@
-{ config, pkgs, lib, ... }: {
- # secrets.seadrive.owner = config.mainuser;
- secrets.seadrive-token.owner = config.mainuser;
- services.seadrive = {
- enable = true;
- mountPoint = "/media/seadrive";
- stateDir = "~/.config/seadrive";
- settings = {
- server = "https://file.ataraxiadev.com";
- username = "ataraxiadev@ataraxiadev.com";
- tokenFile = config.secrets.seadrive-token.decrypted;
- isPro = false;
- clientName = config.networking.hostName;
- sizeLimit = "4GB";
- cleanCacheInterval = 10;
- };
- };
- persist.state.homeDirectories = [ ".config/seadrive" ];
-}
\ No newline at end of file
diff --git a/profiles/workspace/ssh.nix b/profiles/workspace/ssh.nix
index 56c0100..283d5b6 100644
--- a/profiles/workspace/ssh.nix
+++ b/profiles/workspace/ssh.nix
@@ -14,18 +14,6 @@ with config.deviceSpecific; {
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDP0/DReYSAfkucroMTdELzTORsGhhbEa+W0FDFBnwViHuoqoKvetCOkW657icexc5v/j6Ghy3+Li9twbHnEDzUJVtNtauhGMjOcUYt6pTbeJ09CGSAh+orxzeY4vXp7ANb91xW8yRn/EE4ALxqbLsc/D7TUMl11fmf0UW+kLgU5TcUYVSLMjQqBpD1Lo7lXLrImloDxe5fwoBDT09E59r9tq6+/3aHz8mpKRLsIQIV0Av00BRJ+/OVmZuBd9WS35rfkpUYmpEVInSJy3G4O6kCvY/zc9Bnh67l4kALZZ0+6W23kBGrzaRfaOtCEcscwfIu+6GXiHOL33rrMNNinF0T2942jGc18feL6P/LZCzqz8bGdFNxT43jAGPeDDcrJEWAJZFO3vVTP65dTRTHQG2KlQMzS7tcif6YUlY2JLJIb61ZfLoShH/ini/tqsGT0Be1f3ndOFt48h4XMW1oIF+EXaHYeO2UJ6855m8Wpxs4bP/jX6vMV38IvvnHy4tWD50= alukard@AMD-Workstation"
];
- secrets.ssh-builder = {};
- programs.ssh.extraConfig = ''
- Host nix-builder
- hostname 192.168.0.100
- user ataraxia
- identitiesOnly yes
- identityFile ${config.secrets.ssh-builder.decrypted}
- Host hypervisor
- hostname 192.168.0.10
- user ataraxia
- '';
-
home-manager.users.${config.mainuser} = {
programs.ssh = {
enable = true;
@@ -33,26 +21,6 @@ with config.deviceSpecific; {
"*" = {
compression = false;
};
- "hypervisor" = {
- hostname = "192.168.0.10";
- user = config.mainuser;
- };
- "matrix.pve" = {
- hostname = "192.168.0.11";
- user = config.mainuser;
- };
- "nixos.pve" = {
- hostname = "192.168.0.12";
- user = config.mainuser;
- };
- "dell.ataraxia" = {
- hostname = "192.168.0.101";
- user = config.mainuser;
- };
- "amd.ataraxia" = {
- hostname = "192.168.0.100";
- user = config.mainuser;
- };
};
extraConfig = ''
Match host * exec "gpg-connect-agent UPDATESTARTUPTTY /bye"
diff --git a/profiles/workspace/xdg.nix b/profiles/workspace/xdg.nix
index e5a359e..422e975 100644
--- a/profiles/workspace/xdg.nix
+++ b/profiles/workspace/xdg.nix
@@ -1,4 +1,10 @@
-{ config, pkgs, lib, ... }: {
+{ config, pkgs, lib, ... }:
+let
+ dirsToClean = [
+ "Downloads"
+ ];
+ olderThanDays = "14";
+in {
home-manager.users.${config.mainuser} = {
xdg.enable = true;
xdg.userDirs.enable = true;
@@ -8,16 +14,15 @@
systemd.user.services.cleanup-home-dirs = let
home-conf = config.home-manager.users.${config.mainuser};
- days = "30";
- folders = map (x: home-conf.home.homeDirectory + "/" + x) [ "Downloads" ];
+ directories = map (x: home-conf.home.homeDirectory + "/" + x) dirsToClean;
in {
serviceConfig.Type = "oneshot";
script = ''
${builtins.concatStringsSep "\n" (map (x:
"find ${
lib.escapeShellArg x
- } -mtime +${days} -exec rm -rv {} + -depth;")
- folders)}
+ } -mtime +${olderThanDays} -exec rm -rv {} + -depth;")
+ directories)}
'';
wantedBy = [ "default.target" ];
};
diff --git a/profiles/workspace/zsh/default.nix b/profiles/workspace/zsh/default.nix
index 507361d..b6b5c8b 100644
--- a/profiles/workspace/zsh/default.nix
+++ b/profiles/workspace/zsh/default.nix
@@ -10,7 +10,6 @@
programs = {
zsh = {
enable = true;
- # enableAutosuggestions = true;
enableCompletion = true;
oh-my-zsh = {
enable = true;
@@ -61,8 +60,9 @@
"_" = "doas";
"clr" = "clear";
"rcp" = "${pkgs.rsync}/bin/rsync -ah --partial --no-whole-file --info=progress2";
- "ncg" = "doas nix-collect-garbage";
- "ncgd" = "doas nix-collect-garbage -d";
+ "rrcp" = "_ ${pkgs.rsync}/bin/rsync -ah --partial --no-whole-file --info=progress2";
+ "ncg" = "_ nix-collect-garbage";
+ "ncgd" = "_ nix-collect-garbage -d";
"weather" = "curl wttr.in/Volzhskiy";
"rede" = "systemctl --user start gammastep.service &";
"redd" = "systemctl --user stop gammastep.service &";
@@ -75,14 +75,12 @@
"nr" = "nix run";
"e" = "$EDITOR";
"q" = "${pkgs.libqalculate}/bin/qalc";
- # "grep" = "${pkgs.ripgrep}/bin/rg";
"man" = "${pkgs.pinfo}/bin/pinfo";
"l" = "${pkgs.eza}/bin/eza -lahgF@ --git --group-directories-first";
"tree" = "${pkgs.eza}/bin/eza -T";
"ltree" = "${pkgs.eza}/bin/eza -lhgFT@ --git";
"atree" = "${pkgs.eza}/bin/eza -aT";
"latree" = "${pkgs.eza}/bin/eza -lahgFT@ --git";
- # "gif2webm" = "(){ ${pkgs.ffmpeg.bin}/bin/ffmpeg -i $1 -c:v libvpx-vp9 -crf 20 -b:v 0 $1.webm ;}";
"t" = "${pkgs.translate-shell}/bin/trans";
"steam-gamescope" = "gamescope -b --steam -- steam -pipewire-dmabuf";
};
@@ -121,6 +119,13 @@
done
7z a ~/backup/$(basename "$1").7z "$@" -m0=zstd -mx3 -xr@/tmp/7z-exclude.lst
}
+ gif2webm() {
+ file="$1"
+ dir=$(dirname $1)
+ file="$(basename $file)"
+ file="''${file%.*}"
+ ffmpeg -i "$1" -c:v libvpx-vp9 -b:v 0 -crf 30 -an "$dir/$file.webm"
+ }
XDG_DATA_DIRS=$XDG_DATA_DIRS:$GSETTINGS_SCHEMAS_PATH
diff --git a/roles/base.nix b/roles/base.nix
index e65176b..ce854e8 100644
--- a/roles/base.nix
+++ b/roles/base.nix
@@ -17,6 +17,7 @@
user
ssh
vlock
+ vpn
zsh
];
}
diff --git a/roles/desktop.nix b/roles/desktop.nix
index 6653512..09be06d 100644
--- a/roles/desktop.nix
+++ b/roles/desktop.nix
@@ -9,7 +9,6 @@
sound
themes
virtualisation
- vpn
alacritty
corectrl
@@ -32,7 +31,6 @@
zathura
aria2
- copyq
cursor
direnv
fonts
diff --git a/ci.sh b/scripts/ci.sh
similarity index 100%
rename from ci.sh
rename to scripts/ci.sh
diff --git a/secrets/backup-conf.yaml b/secrets/backup-conf.yaml
index 0e59fc9..d470887 100644
--- a/secrets/backup-conf.yaml
+++ b/secrets/backup-conf.yaml
@@ -10,79 +10,59 @@ sops:
lastmodified: "2024-01-19T11:27:22Z"
mac: ENC[AES256_GCM,data:EskxLpbdlrpB5yvUsyzgjoozqwPgDnqPLSkA8WcHmreqR+v1mEM/xY2GAije2TA4Bg7WGSKEBonuapk5hMHtehXy7+9iytdloDNQtXJWAoOy2PLd55E7shUdBVilEAa2mCUz5VDBz9jXMtlW0jv13W4iwXQ9ixKmzaUr/JSpnCk=,iv:t2MBxAtKrMOG/BoBOszkTu+o4bELfmU2cVLbvZK+BZw=,tag:u6E7DZDrC58zbpYf9tqDYA==,type:str]
pgp:
- - created_at: "2024-01-19T11:39:40Z"
+ - created_at: "2024-01-21T14:49:26Z"
enc: |-
-----BEGIN PGP MESSAGE-----
- hQEMAwcagTG/Fm6AAQf9GHyWG9uFys96UFgblo2g48BkvqjE0E2PCwwXlop1s6Uh
- pN7Rpcckfurmx3DaSMXBjIfY2R8M6Wain0Jpf2TzBQ0IdOF4l9p6jakFFXgaWV5a
- boW7Fznnido8Zdx5sgMnehKImDM3L/v8eYlD+Eyn94ZCBYbtwCMFfWKtWSAbpl0o
- 399th+JpHoFvKKTI/wDKjz4jUJqFC5Hks9HOhIKCdz2dlkPLd9UCfeJi5q2p1NV+
- 3B+MtYIO/Zn3BuFmb1+vky9TL5r3IYkIaqHZuuQGaUBXn1B8sfrGEjvz/ya3+cJ7
- i3SXHJ2X2C6kIGXXkYhemaFkVzEF+12eiLsUmG3BItJYATwwqAnVm/HDCY/VKUTd
- +dEr2r9C+0oBxEqVO/F4oejqO2nmQnGQCKi1+bhGANmQrwEYbkTBfDYn0bfTDEMl
- D5SRIgYZCgp6LnVe9F6Sk9zeDAF4ft3gbg==
- =sTEw
+ hQEMAwcagTG/Fm6AAQf9Fx8EVyhEVBxQJO1BwmTXDcGKoB7jbd2Y5XSzy39OpiXz
+ 0tCidCqp0m3ruL8K+R7sLTMmxsIIwtiu1dJ8BQFMlQ9HGarhQmuYOWzf2I/8nv2p
+ tMK3sW93NwFs4kWTeh9rKKMb+KCQKGSDYVmvjhxdBQw4VHOJLMAU+AcT35DPR2/e
+ fYD3s1BKKVJ9QoWB9e6RYYuis2UoBuX5yT3jSfUeyYJwuZ7gVzjH4GQ9fpDYhPJn
+ Z+qGeEbi7yYWh2KgcI7vw8rOLZvcHtzQGfAaOt4P4lh1yIr+1NkLfq02sDn0+Qd7
+ FhSi6NQqkBT7dReXY2o3g5Bei3or3/subFUzkZrO99JYAUskAk7Q5VuYCRXCrgx/
+ zrF2gAdkI3hLUdKtWInJKPgxQ65YAoXCv7qI8cs46fS75FGQ5dRzOjifrBV61rGM
+ 4P0evJNhOvSVve8k/3Tz6ITOwidTptmstA==
+ =jaPO
-----END PGP MESSAGE-----
fp: ad382d058c964607b7bbf01b071a8131bf166e80
- - created_at: "2024-01-19T11:39:40Z"
+ - created_at: "2024-01-21T14:49:26Z"
enc: |-
-----BEGIN PGP MESSAGE-----
- hQIMAyNex7x1cALKAQ/8CNjH5k/sDtgBUm9DCKaIPCL2SYrhXrksrlZDPY+PaPZ4
- WaSRYpfYjzyQof8HxhMBSVQXA763HAz2mlq8Y8ySsgVQf5OyWU+xK+aYE/rmz+P4
- vzRjI8PYeBqCJ52G2RTpd9ddQsvuoB+U2IJ8dsG3jVKW5JPcwC7O5JU7JIadebRD
- TYSZISarvOyOjxP4YO7pYFQxT7BdAIKx0hYGZxfIni40XQrUbOvRUC3D+qzW00tA
- bsn3NihF7FJpJmC74T9JTeC21sN5TDbMzSYzDcr5+9m5pQJJtzJkrzb+fz9n10j1
- zOr45bay8OeoZHgRsUupAoOC9bxm0ZY2Jju9upv+EDnXL0sCtdYl8qTlty3FOrOd
- wCT6IUmJfp6cexSBj6pekiSuPr2xm0Q5FW/gb12fxlVRxpFI6c+ZwZfS4Zwbjsuu
- Lpl5SF3Wx4KSMeMhH8MbQWt1ROr7Qr1pnWjKPPIZxZRnuP+L2ldvhan58NOS/3Yn
- Hixx+IcA5b5wotLgL8pmu+iItJXMq3TAIoeST9KjAUCS1+YNNOxHG7XM7g45kjMd
- icowmFrj1ec9zX8bcm+yaUXX/D9JqO6+fS0GgAUEwxnCu+uu7xYvQLwJmsENo8sn
- oJw89ixp8Vlsr2oNPcRXVuY7v1AsoyqFEcmy7wtLMo4gutfPBqPYvs5kclXaemrS
- WAHfVCM3M71940Wp6Ti49RcePJy8XZTuPAN7NSHg2KZTbpCcqo2XaBZnfDtYi7+I
- iwiSbCovg/aLWjb4xtHEn9RjJARFLpw50UDg5dbk+exU5skeoVvLq+4=
- =T51N
- -----END PGP MESSAGE-----
- fp: d286fd9431753cb455537070235ec7bc757002ca
- - created_at: "2024-01-19T11:39:40Z"
- enc: |-
- -----BEGIN PGP MESSAGE-----
-
- hQIMAzTK+524Lx1AARAAgUzT1i9Jy9IcXPw8ybgJ+/DMyQ9OHfQ+Lykb1ylE7m5n
- vVg+AuDLuRYp7Es/Y2jD3K9QKZiPdrcFt99Dd3TVK2FMjnLdLspdJybVl3pquJ9a
- oE0pTNLDtoV4lN96BD3CAFvvMvfDOaXyNDUF07k7TsAbibfU6j5QSdXUGaKqSaKp
- SPm8sKKD/VDBBPzXt/M0Pv+zHwKjwbpkbE4Sfqc8ArwftEu/yeqxiIWCnpURAeWf
- CkdIWFYAPhCKXn+0grGw++oBVPeMHMDrugMSNyzWx4pkNBezbchckRnmOfzQzYYg
- Hnxjq+1ozVa+eRJfBrFwY942g6c3SKtkVNOe5ZuSGER8xJbp1zmNVGZnm0Barqkp
- wudaBnztd4wPPKdd7XALJDO2KVQJk3uIi6J2dxxTF91qMMupIHKDGwh54OSdqayX
- 64oh0NRPDk97GezSr254X3NGxcY0t5BMt3TSOoUUOcybxEU/fhiE9KzcUEi1VNzm
- unFUGdbNYQrpjTOdKFA4xtY9o97g98yZvYYS8dtxcx2Q4hMla06Y9aRBeMBJe3Um
- kIZTonVbwCesP+mJ+lUiXusJcF5Smr6LZvL/E/472nFTsy3+25rLOPQUb6XVKU1h
- sjiVRPfhVf30WBxk6BJP94yzJZF2YW8eCRsJ4rmgIN6VeL9oneOXHI2T52DYEgnS
- WAGScD1Z7MwCEiMB2Zh1vpJWOBMUAfq3FznHLNxx7fCKaggEM0/qAq4oCRZi0SFL
- v/oJUxtWWKpoNicO4KGuHZIr96JhI4P7YcpaT9DKLdy7hkwA7rmr604=
- =ARNh
+ hQIMAzTK+524Lx1AAQ//Z6haefoamhJHaNDYDo+YhWlk7NVz+51P8Z/IO6wOUa3c
+ EFjuZM47r+x9OgPQgJ5UjrRXE4NjWvFEhWm4+LWmd/q/liwFLHfNAWjmNdKxIM4N
+ tHEF8Lau3W4X73AXw7f1SC/4+IP3ykhT2M0mDYhg0t8Xdl6Wi9y6T+NcuwOYx+HA
+ qo/lROX+j2p9KL+p/fZKPh+OMnD83H3LzEQ/NgQ1gP/6BaCwRTLsViJh3G56iWVp
+ W4DstTj4dLwwbSvdKWuxczG+j9L6YzVpcCToWQLhEaLgpbs1ABoQYDofAvNXNRqN
+ 49MHRmTE400ddXXR1Mtkp19CSk/3Ai7su0tIKu0NFWGAXCSe8+U4t0Z7I/c6d0K8
+ v1mrahdjkUwEFbJ0nVGOspnkK+yI6mcxI2c8Q1otfNhQLEZ1KBxhf2xLDQJyzPk5
+ WmlwmbNnuli+WOSTCdz+BcpprjY50osQvSGb6v/3oQpNXQhCOmtrTMfWVh7FOOZ6
+ Z3ipaYsakO3blyDiigOanjGRnrnJ2k1mn+bualVt5qu+be1QkDfXNVZXfq5X2M/E
+ mGa0jY0csjT2pfWIIsvu7BPPVzo+fx2fu3QaB7OGU572JIDGYYGKUUJ+YlMXvPLT
+ 3zf4aihmmyq+pl1rydBjAkR/wD+GR2VCAK6cg09amUxYZvgafqkYEHDHA2j6elDS
+ WAHRfpkn/tLxNhiLASu0YVp4xUAU0Zmj81raIdImBtGUU6wuBVBBjzzueQcCSPNA
+ ULXHhHI3BrfaqRNUE/t3CSNSo/2Pr9gGP04nhB27kZqHpLEXwWUweZQ=
+ =6PEl
-----END PGP MESSAGE-----
fp: 20d2e2b90c6aa179585b6b6b34cafb9db82f1d40
- - created_at: "2024-01-19T11:39:40Z"
+ - created_at: "2024-01-21T14:49:26Z"
enc: |-
-----BEGIN PGP MESSAGE-----
- hQIMA187ia82lSDGARAAkxgDFQREsA4XDxn1Jm63JxPf4yIyZn0mgqPmGPKOkk9i
- SLuRXBGvD+VHAE/e/AZNGzR3B8VBl8ueF6ZFcZHna2SE8wWqFFk+a3VLRZpavj0p
- 5swfvaveZlOPrKMPlo3EHSLZmOe91DPMD9/5xeez6gNzL3y+HGvcTgpothiBbg4f
- FDbxdFL409pKHOhL5g4qzrTvBt6mhTu+h9bd6LRnQzV0XOfIbG2qA8I4ydnYe0sX
- DncxkEUk1c/2XpdNVOAl9HrEfjP1Nb3AGNJwqjlSiEUEibYIcXz/AnZ1d1ej0PfO
- boi4+wuUmuJY+pn+2CZaVWvGrQsocErB/lsB7C0pxNhZKfyyvf4GuMY191ez2lnW
- AP2IEL/tXm7LTEMs0am8fo/+btkmNm2gnta1BNfP2B1BFBQH5YNrB1/ZfzG9K35E
- TyIlB6em5ghzAUeiDRqnOPqQkW9hyfjDsxDLjiOTALmX7QOkQ0s37nUI8mVs2MaQ
- RMDIjicvvnXz9r6m+X60bpqNPw6y23kc/nB8WNIvWOERuS7nNY2KgI0rfKagNjuj
- eoRHVv8YsM4IDJS092PbGzhekrGSQqvrVauPzL6Xdl4rESs/jXVajdyi9CAET14E
- ul5SK1ofIuHAf1Jc3siAMg5IxGIx5xJZDC5Q+NfMgqtBfr+jtIfJp8cSOCBfUyPS
- WAERvNTcoNGi+bnPcZWcxWesjEZw+3yacUnSZLApbAZa+yNb5lMiXqkeUwYRx5Kg
- Lzxc0n+VvwquAI/qVKvwjCKcDcUJolpOy37JVFltq8FcwHv6ArQ8X7E=
- =TV0x
+ hQIMA187ia82lSDGAQ/+M2lwcOdoyCcB2u57IThqM6o31ciA0Qj9DfJnh36pZz4x
+ XGe+cWCQ9N3mohGUvNxzt+1HDMH/y+VLoOFqVIq7VpdnyDk6hm9dhnIhAWaBPVQR
+ 00OJZm7gNlFiOOsaQdxvPrQ7RE1u2lwm5yoX6SAeVd3fYaDtxdESA7IEylb7N+cz
+ 8Rzkqbt28Up8QApkHUMI3tSHsN98uVuvixEIWZPFVwVPRrozOaR14M+5WIsdBSEz
+ hL4WzQwhvMfWzAOlUliDQ1U5W5mV2e/bkrAOcJJw0HRzD7q88cqTxNDHCywPOI2D
+ UUf0sj+evMXNrMTDRw+tqedRLJa+3deWwCLZWZEEpYHOLLZ8P6SF3wC4JVhIZxmD
+ PWkWyB4DXlOv8zdm+fbUBPMY0Z5bxwaQTrR4oW7zgBXC1Jew1bLBvFg3sZ6OzHoA
+ W/Ra3TE1Mql45iuqx8sHcpP8SPdRfQmboAnwl+DB/ogTjd+YXN+nTvkcxGUcN1I6
+ Hln37NX0BxoGXCT0zjcocE11CRcDheTM7knbLimynTDrZOIziWHEySojNfdrKf1z
+ bhGPopaDUjwqVpwSYWxadht4d1yYK9Ug+jBo8mV0XyMlqHcrYXPc8G0CSm/vq/Rh
+ ts+KuLlD2oe8saMif8IzEQQem+0QD8W3PdLJFLKOg4hM+bqQWS3I8jIbqF0nH/HS
+ WAHpZIVfwdC2nkkSymvHdPjVxqv0ylG+/ucBV17zai5K+HYCaDnsz+HwkoIjn+BS
+ VGI7jQWoT3fY58bWzURoFqNcFWbbqM7NRChKSICTdnZnICu+6oxds+4=
+ =ODJl
-----END PGP MESSAGE-----
fp: a32018133c7afbfd05d5b2795f3b89af369520c6
unencrypted_suffix: _unencrypted