fix: nixos-vm evaluation

fix: disable cSpell for vscode
feat: add remote hosts deploy with deploy-rs
2025-03-10 20:07:01 +03:00 · 2025-03-10 20:05:31 +03:00 · 2025-03-10 20:04:25 +03:00 · 2025-03-10 20:02:46 +03:00 · 2025-03-10 20:02:17 +03:00 · 2025-03-10 20:01:44 +03:00
10 changed files with 349 additions and 58 deletions
--- a/.vscode/settings.json
+++ b/.vscode/settings.json
@ -21,5 +21,6 @@
                },
            },
        },
-    }
+    },
+    "cSpell.enabled": false
 }
--- a/flake.lock
+++ b/flake.lock
@ -1280,8 +1280,7 @@
        "nix2container": "nix2container",
        "nixpkgs": "nixpkgs_8",
        "nixpkgs-master": "nixpkgs-master",
-        "sops-nix": "sops-nix",
-        "srvos": "srvos"
+        "sops-nix": "sops-nix"
      }
    },
    "sops-nix": {
@ -1304,26 +1303,6 @@
        "type": "github"
      }
    },
-    "srvos": {
-      "inputs": {
-        "nixpkgs": [
-          "nixpkgs"
-        ]
-      },
-      "locked": {
-        "lastModified": 1741567682,
-        "narHash": "sha256-N2LArmDeNL06fLHvLmbNMG3L2fEi62+Ra4X1NkPKsKQ=",
-        "owner": "nix-community",
-        "repo": "srvos",
-        "rev": "4b726f14b80473a05302cdcd70d3043a183c5276",
-        "type": "github"
-      },
-      "original": {
-        "owner": "nix-community",
-        "repo": "srvos",
-        "type": "github"
-      }
-    },
    "systems": {
      "locked": {
        "lastModified": 1681028828,
--- a/flake.nix
+++ b/flake.nix
@ -55,7 +55,7 @@
  outputs =
    inputs:
    inputs.flake-parts.lib.mkFlake { inherit inputs; } (
-      { self, ... }:
+      { self, withSystem, ... }:
      {
        imports = [
          inputs.devenv.flakeModule
@ -109,37 +109,104 @@

              name = "nixos-config";
              packages = builtins.attrValues {
-                inherit (pkgs) nixfmt-rfc-style sops;
+                inherit (pkgs) deploy-rs nixfmt-rfc-style sops;
              };
              languages.nix = {
                enable = true;
                lsp.package = pkgs.nixd;
              };
-              pre-commit.hooks = {
-                actionlint.enable = true;
-                deadnix.enable = true;
-                flake-checker.enable = true;
-                lychee.enable = true;
-                lychee.args = [
-                  "--exclude"
-                  "^https://.+\\.backblazeb2\\.com"
-                ];
-                markdownlint.enable = true;
-                nixfmt-rfc-style.enable = true;
-                ripsecrets.enable = true;
-                # statix.enable = true;
-                typos.enable = true;
-                yamlfmt.enable = true;
-                yamllint.enable = true;
-                yamllint.args = [
-                  "--config-file"
-                  ".yamllint"
-                  "--format"
-                  "parsable"
-                ];
-              };
+              pre-commit.hooks =
+                let
+                  default = {
+                    enable = true;
+                    excludes = [ "secrets/.*" ];
+                  };
+                in
+                {
+                  actionlint = default;
+                  deadnix = default;
+                  flake-checker = default;
+                  lychee = default // {
+                    args = [
+                      "--exclude-all-private"
+                      "--exclude"
+                      "^https://.*\\.backblazeb2\\.com"
+                      "--exclude"
+                      "^https://.*\\.ataraxiadev\\.com"
+                    ];
+                  };
+                  markdownlint = default;
+                  nixfmt-rfc-style = default;
+                  ripsecrets = default;
+                  typos = default;
+                  yamlfmt = default;
+                  yamllint = default // {
+                    args = [
+                      "--config-file"
+                      ".yamllint"
+                      "--format"
+                      "parsable"
+                    ];
+                  };
+                };
            };
          };
+
+        flake = {
+          # deploy-rs nodes
+          deploy = {
+            # default settings for all deploys
+            fastConnection = true;
+            remoteBuild = false;
+            sshUser = "deploy";
+            sudo = "doas -u";
+            user = "root";
+            # nodes for each system
+            nodes = withSystem "x86_64-linux" (
+              {
+                liteConfigNixpkgs,
+                pkgs,
+                ...
+              }:
+              let
+                # take advantage of the nixpkgs binary cache
+                deployPkgs = import liteConfigNixpkgs {
+                  system = "x86_64-linux";
+                  overlays = [
+                    inputs.deploy-rs.overlay
+                    (_final: prev: {
+                      deploy-rs = {
+                        inherit (pkgs) deploy-rs;
+                        lib = prev.deploy-rs.lib;
+                      };
+                    })
+                  ];
+                };
+                mkDeploy =
+                  name: conf:
+                  pkgs.lib.recursiveUpdate {
+                    profiles.system = {
+                      path = deployPkgs.deploy-rs.lib.activate.nixos self.nixosConfigurations.${name};
+                    };
+                  } conf;
+              in
+              builtins.mapAttrs mkDeploy {
+                redshift = {
+                  hostname = "104.164.54.197";
+                  fastConnection = false;
+                  sshOpts = [
+                    "-p"
+                    "32323"
+                  ];
+                };
+              }
+            );
+          };
+
+          checks = builtins.mapAttrs (
+            _system: deployLib: deployLib.deployChecks self.deploy
+          ) inputs.deploy-rs.lib;
+        };
      }
    );
 }
--- a/hosts/NixOS-VM/default.nix
+++ b/hosts/NixOS-VM/default.nix
@ -5,12 +5,16 @@
 }:
 {
  imports = [
-    "${modulesPath}/profiles/qemu-guest.nix"
-    "${modulesPath}/virtualisation/qemu-vm.nix"
+    (modulesPath + "/profiles/qemu-guest.nix")
+    (modulesPath + "/virtualisation/qemu-vm.nix")
  ];

  ataraxia.defaults.role = "base";

+  boot.kernelParams = [
+    "systemd.setenv=SYSTEMD_SULOGIN_FORCE=1"
+  ];
+
  virtualisation.memorySize = 4096;
  virtualisation.cores = 4;
  virtualisation.resolution.x = 1920;
@ -19,14 +23,6 @@
    "-vga qxl"
    "-display gtk"
  ];
-
-  users.mutableUsers = false;
-  users.users.ataraxia = {
-    isNormalUser = true;
-    extraGroups = [ "wheel" ];
-    hashedPassword = "$y$j9T$ZC44T3XYOPapB26cyPsA4.$8wlYEbwXFszC9nrg0vafqBZFLMPabXdhnzlT3DhUit6";
-    shell = pkgs.bash;
-  };
  users.users.test = {
    isNormalUser = true;
  };
--- a/hosts/redshift/backups.nix
+++ b/hosts/redshift/backups.nix
@ -0,0 +1,77 @@
+{
+  config,
+  inputs,
+  secretsDir,
+  ...
+}:
+{
+  imports = [ inputs.ataraxiasjel-nur.nixosModules.rustic ];
+
+  sops.secrets.rustic-vps-pass.sopsFile = secretsDir + /rustic.yaml;
+  sops.secrets.rustic-backups-s3-env.sopsFile = secretsDir + /rustic.yaml;
+  services.rustic.backups = rec {
+    vps-backup = {
+      backup = true;
+      prune = false;
+      initialize = false;
+      pruneOpts = [ "--repack-cacheable-only=false" ];
+      environmentFile = config.sops.secrets.rustic-backups-s3-env.path;
+      timerConfig = {
+        OnCalendar = "01:00";
+        Persistent = true;
+      };
+      settings =
+        let
+          label = "vps-containers";
+        in
+        {
+          repository = {
+            repository = "opendal:s3";
+            password-file = config.sops.secrets.rustic-vps-pass.path;
+            options = {
+              root = label;
+              bucket = "ataraxia-rustic-backups";
+              region = "eu-central-003";
+              endpoint = "https://s3.eu-central-003.backblazeb2.com";
+            };
+          };
+          repository.options = {
+            timeout = "5min";
+            retry = "10";
+          };
+          backup = {
+            host = config.networking.hostName;
+            label = label;
+            ignore-devid = true;
+            group-by = "label";
+            skip-identical-parent = true;
+            snapshots = [
+              {
+                sources = [
+                  "/var/lib/tailscale"
+                  "/srv/marzban"
+                ];
+              }
+            ];
+          };
+          forget = {
+            filter-labels = [ label ];
+            group-by = "label";
+            prune = true;
+            keep-daily = 4;
+            keep-weekly = 2;
+            keep-monthly = 1;
+          };
+        };
+    };
+    vps-prune = vps-backup // {
+      backup = false;
+      prune = true;
+      createWrapper = false;
+      timerConfig = {
+        OnCalendar = "Mon, 02:00";
+        Persistent = true;
+      };
+    };
+  };
+}
--- a/hosts/redshift/default.nix
+++ b/hosts/redshift/default.nix
@ -8,7 +8,9 @@
  imports = [
    (modulesPath + "/profiles/qemu-guest.nix")

+    ./backups.nix
    ./disk-config.nix
+    ./services.nix
  ];

  ataraxia.defaults.role = "server";
--- a/hosts/redshift/services.nix
+++ b/hosts/redshift/services.nix
@ -0,0 +1,83 @@
+{
+  config,
+  lib,
+  pkgs,
+  secretsDir,
+  ...
+}:
+let
+  cert-key = config.sops.secrets."cert.key".path;
+  cert-pem = config.sops.secrets."cert.pem".path;
+  nginx-conf = config.sops.secrets."nginx.conf".path;
+  marzban-env = config.sops.secrets.marzban.path;
+  cfgOcis = config.services.ocis;
+in
+{
+  # Tailscale exit-node
+  services.tailscale = {
+    enable = true;
+    useRoutingFeatures = "both";
+  };
+
+  # Empty ocis in front
+  networking.firewall.allowedTCPPorts = [
+    80
+    443
+  ];
+  services.ocis.enable = true;
+  services.ocis.url = "https://cloud.ataraxiadev.com";
+  services.ocis.configDir = "/var/lib/ocis/config";
+  systemd.services.ocis.serviceConfig.ReadOnlyPaths = lib.mkForce [ ];
+  systemd.services.ocis.serviceConfig.ExecStartPre = pkgs.writeShellScript "ocis-init" ''
+    ${lib.getExe cfgOcis.package} init --force-overwrite --insecure true --config-path ${config.services.ocis.configDir}
+  '';
+
+  # Marzban
+  sops.secrets =
+    let
+      nginx = {
+        sopsFile = secretsDir + /redshift/nginx.yaml;
+        restartUnits = [ "podman-nginx.service" ];
+      };
+      marzban = {
+        format = "dotenv";
+        sopsFile = secretsDir + /redshift/marzban.env;
+        restartUnits = [ "podman-marzban.service" ];
+      };
+    in
+    {
+      "cert.key" = nginx;
+      "cert.pem" = nginx;
+      "nginx.conf" = nginx;
+      inherit marzban;
+    };
+
+  virtualisation.oci-containers.containers = {
+    marzban = {
+      autoStart = true;
+      # Tags: v0.8.4
+      image = "ghcr.io/gozargah/marzban@sha256:8e422c21997e5d2e3fa231eeff73c0a19193c20fc02fa4958e9368abb9623b8d";
+      environmentFiles = [ marzban-env ];
+      extraOptions = [ "--network=host" ];
+      volumes = [
+        "/srv/marzban:/var/lib/marzban"
+      ];
+    };
+    nginx = {
+      autoStart = true;
+      # Tags: mainline-alpine3.21, mainline-alpine, alpine3.21
+      image = "docker.io/nginx@sha256:e4efffc3236305ae53fb54e5cd76c9ccac0cebf7a23d436a8f91bce6402c2665";
+      extraOptions = [ "--network=host" ];
+      volumes = [
+        "${cert-key}:/etc/ssl/certs/cf-cert.key:ro"
+        "${cert-pem}:/etc/ssl/certs/cf-cert.pem:ro"
+        "${nginx-conf}:/etc/nginx/nginx.conf:ro"
+      ];
+    };
+  };
+
+  systemd.tmpfiles.rules = [
+    "d ${cfgOcis.configDir} 0700 ${cfgOcis.user} ${cfgOcis.group} -"
+    "d /srv/marzban 0755 root root -"
+  ];
+}
--- a/secrets/redshift/marzban.env
+++ b/secrets/redshift/marzban.env
@ -0,0 +1,14 @@
+SUDO_USERNAME=ENC[AES256_GCM,data:4QMSmmaPB10=,iv:KveMQ+EdfltGzQRRA+cm1MaRlsLypOhlWHdCumHLQS4=,tag:v30WjSutCxO9LDv3wFZHMA==,type:str]
+SUDO_PASSWORD=ENC[AES256_GCM,data:IPJGUQiB6jMObUsUdw==,iv:N9cw9aGkmgIYmmrNkQYQ5PFdrmYKC8Tdgr4yb/96U5A=,tag:/yYIC/rKCttSgBBGvjCe2A==,type:str]
+#ENC[AES256_GCM,data:P0rsl7K5MZceskgE/JrUlB7vTlKh0kP5Al1lH1CBUZKeVVGdbfW/VOy6CkNo8QuOUQqkzWocH0TNKzSEBw8et6s=,iv:uxHc50I95zeI/jkC60HOfzgftDBxdQM1/wqb8emrTSc=,tag:JaeHm9KAbh/KS+TIRrfWlw==,type:comment]
+#ENC[AES256_GCM,data:u8NnWvULwXIg0mqTlPoOlpBgWn6LU+zsrd4P,iv:MxUYe7rI7u98wnKD1ichiYeTw/o5+E2c+22qTXRZTSI=,tag:DgkxQNi6EItuRl+av6rH3Q==,type:comment]
+SQLALCHEMY_DATABASE_URL=ENC[AES256_GCM,data:bQJGB/c/pTuAPev2zxcLu1cNg2TmlHH9iY2kQH4qfqRwh/Fcjg==,iv:CeQZ8qcNLiVgtGI/4Egod6VaXamCfAKHi4jrgzXKl9Q=,tag:VX0J3r6RjnS5utJ/UDK1hQ==,type:str]
+XRAY_JSON=ENC[AES256_GCM,data:28Wkv4CG4hpG9h51d2ge3AUO2MdVuRBjPuw1bxFwYqhT,iv:MooWqI5QCmk0JXWdKxA40UIFaaIxG3EakMQ1jBH8TVI=,tag:Fmnqdg9mvRVvm/0O7VNFGw==,type:str]
+sops_age__list_0__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxV1VPQ2V5WjltK0JDUXhU\nWENHRUxFS0M1RjJjekNYeHlSSlhmNmE4eEUwCnpMWStLd1B6Q29DWTJLbURGdTJk\ndHY0RHFRRmFEaFNpOUxROTVWK0V6UmsKLS0tIEI0blZ1SlhBV3lpdGlGTWtWd3F1\nK0hNQjFDMG1sTWJCNFp1OE1kdlpydHcKzjus65hl6IVKdgS18xY20dgG+Blm15NE\nwf31QfHahDdY4r8DviX2/algiELvbTWNBicDOjvoiyhItPRX+9nN3Q==\n-----END AGE ENCRYPTED FILE-----\n
+sops_age__list_0__map_recipient=age1n0prg9vynuwc56gn0xfe5qde8wqcd4uzg5ghhhetu2024ckvjyvqxf49el
+sops_age__list_1__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBUbmlBd3FJcjMyVldhL3BG\nc2s3YnlCenRNdXJ2VVlnU0lTZUU3MUh1TVZFClArSlM5Ylhya2JHT3RQQkZFRXVH\nblgwR0dJdmdOTUxsZERBc3pYbld0NncKLS0tIGc3bTdxbGg5cGdYYThwMkR2RlRF\ndTlNWGhoeXBueVZtbjdYS2JCVVpwSmsKzujU4pXFhI3Sa4TSYZRgkMpOqdKN7+jT\nTi8zqO0oRQAMnIAq+AYiMDIgi/ngiAxo5HeTIM2wZ7oRX6XsPZKH/w==\n-----END AGE ENCRYPTED FILE-----\n
+sops_age__list_1__map_recipient=age1d4mqql020mpne9r3vtt4l9ywfzfq7zpa3mad33syxln2kldkjsxqgju90f
+sops_lastmodified=2024-02-27T16:26:33Z
+sops_mac=ENC[AES256_GCM,data:bWpVRMOaYvvOFMWksVXSPWmG5l/XDCSnnLovuf1cgn98yabzbYheBchhb3sgM3PWG2P/NwnxM3krVPdUMJ7vQVMp5uAph53rVRdmgUDXAEaRGkRzR4nAIi8eDKc1C/a+ifxNjsi2VOS0+rSdWOtUa1jdQx23tvACz1NXGw3G7SI=,iv:s6vfppM8PRA+ryzMvDSklH7HwgbDjCyK0/QHp+/2UNs=,tag:OwtdXGrP9XAREPbvbxqWUw==,type:str]
+sops_unencrypted_suffix=_unencrypted
+sops_version=3.8.1
--- a/secrets/redshift/nginx.yaml
+++ b/secrets/redshift/nginx.yaml
--- a/secrets/rustic.yaml
+++ b/secrets/rustic.yaml
@ -0,0 +1,39 @@
+rustic-backups-s3-env: ENC[AES256_GCM,data:XTUTtAmjBiy5mdlwT53Z9IDycs0s069182Emd0M6TSpPScqce3kxoN+hH8vgaOLU0b1jF3d9pkO0PpwfnUr2IkMpTd7ZKHeqHbYzS4gpKFnkQMhDexHLFBrQIfBrTbCGzspl83q5ksU9ENuY+sdkKXBhn99ja2mAFdfOVyNRttVNwKuv5/e8Bh0ySyTkogOgLyttLWo+pqKuvBP96BvSLOiGqfYBMgZU6uncg4YbdmOWPnvnTRPWHwIAyyXOSv56Sw36XfBkCBhZk2fmDRVJyRkuFthkhb6b2LkxhWFofilJupGTaQUHuZ3Efq9+eS5n1zOnudL7Gp7MmaQ4Hz3tQnzML16pJW1UcyT11uvWl8Zz5h+VlwJAfM7VNVaOs2FjEEy5imcUWurhIgRcrKHYc3mKNk5XYuvCI93aX9/LKEyeGQ==,iv:sPwKIYu/RyZQHYmz7aSYFhmx2ZqlH+RHRbdkOHGCa1s=,tag:eD5vRFkwEw4i97UQyRk6Hw==,type:str]
+rustic-postgresql-s3-env: ENC[AES256_GCM,data:m0G4G+i3fJo34rUGnQ0HOsA1GlOpLnJXDJltXFM5URUFaK1Jh5pGnOsYAiU2410enKafdf5eneW31j9r2GWmEFOoX89+yLmQxe22YnfLcFfaBdskVeaz/6HY2FK5euwdy70ZPNb05uYaS1QXPABJCS8p2APjx9bcz4MPSGgN6Ed/h7NdEU1FXgEfQZj9cysoVN9Qf3zYP4oqTBFVq11bV1yj0dsBMxHmY92aAdwUJWqjk4w2vi90zYxWNYk5PzNCh7qURtfmfNTHfEy55umbDayWjxZAsNgGOtxUsArUNSIU12GeBx7VCxepbNbDiej9fNnNqYvYnRspscag5w0oHSPa8a/qPY+R/imKqLU15xCG2EfnBm310zPyI9o/lgiU9Ua8z4cfuU5FcKr7ICIr5OdupiWy6aC1KYhkBZVViXEz3A==,iv:Hu9Bbynj5D9k2Rj0NWYZuuHQzcrauGyMmPex+T+VKIg=,tag:IAXAGK//SW890ZBKkUr8gw==,type:str]
+rustic-minecraft-s3-env: ENC[AES256_GCM,data:04sIa/w5exYkgUrAiaBuPJ8JaP8pNmAgbbToO54v1jHPCBmcuSLw1ncUi/jqUtJBTvj+8WRYUxe0a0ssPid28N8229yv1IbhDxvoosJj43SEnmbRtgegHLnrtLdd1y6cL6tDj/e2qFgC1LQvnPmkKe9YThyGAc4=,iv:WE1XNQTZGKhw7yN4THL4/gA1CD9oSmJ0TtCtxOcOQbE=,tag:7rHN2i7GGawhHY9ZcjuqIg==,type:str]
+rustic-nas-pass: ENC[AES256_GCM,data:uDiQQRxlpBfbwihXDR32aGjP41iZ,iv:qx6FJEllahkP9BPYFFfv9LHnnVTOl6B7Jv9OSfNkPok=,tag:MBUT77ccG/acr/U/X2zrCA==,type:str]
+rustic-vps-pass: ENC[AES256_GCM,data:LMdVK6j/TV9JLAxwWUtIfF//nf6r,iv:PjOYcNeLjlRx6uoZo+jr0oA9N60NJNNPloc9fc44raw=,tag:AjOzsfVIhDCb5a5D3yIdUA==,type:str]
+rustic-postgresql-pass: ENC[AES256_GCM,data:oUHakvIPSwkNy1lkQ4k14+CWIofO,iv:v3EFeZCkFyeY/ADK8vqYvAD0XDmnQFIq6XGd9B8jvXY=,tag:6+kGWMq+9iVLSf5p/TIp8g==,type:str]
+rustic-workstation-pass: ENC[AES256_GCM,data:dVuq75mlHStFO+k97yV0kUUqFtjF,iv:p2ApGtzHO9XUQJnnSyIMs1Cr6ODIt6RnBf2SXNrRbTk=,tag:b8WRap8QUtQrsYXVYdeRUw==,type:str]
+rustic-minio-secret-key: ENC[AES256_GCM,data:Jkn0mHcLFWS/euPCYtEF3hXN4Jx8PHZHA3RtZiMshuZdZTv0Y+tHteZB2i27Ka+u,iv:R2FEEhe+EoqFDQYbLJ3hrb+ENVvsP2c++WA0z3QQrxA=,tag:bifjyNyNouUhFGV6SpAg7Q==,type:str]
+rclone-s3-sync: ENC[AES256_GCM,data:oBDntYhuThzmImRgpBSsgqDwXs4+wJxAOZKH3vlKfH+9CXYNI1ks92t8Ywr/wltikvXiVbKuztY7Iuqe4Mkl0K9onYYcmrMDqyuLXRV/WPXNaAwyOyFUS17dxcqoyG51T0zzb1l4LH+GTrLw7m7RD7y7XFU/uidAUuBnQHAQpu8xRI/5PLcSaae+KfmoJGpZBX4BawXMHzRKKo462Muw/1FbBQpC0ERvTd34oSke32+Ni3MNdg/nOVyczYIQ+TPNhtgiSNXFJFPaXWMrIh29jhyJv7M2k4nYzNzb3A2miGCxWRDNy7bxZTDeVLgJUZT3KJNyb8BGLhu2v54WSbm01I1pP+//xYSZI0JER4fCZpdGodr2TV6u7YOyVxa1pZ7C7O9T/dd2O9NbgQY1Azc9MhiIXZnT58j72SNvhDNtCloM50R0LYmagCj2alP3Z4W7L+BdtaU58hWFCM2P8EIYbPkz8wK4/i1XARvZU9i+cRWZCoKi+yi0cV2yKOYlFEW0RmO9G3rC6a31YITwfpHhQw9IFuZXwdwZdf4OIuw12BIXfeUQJWqIl4QRSnOSzCggSZngwhoq/r46Oh2Jn9xXuVO6Hlod8pGyxKovO9bGQl3ioIU/KAhKp88k/BDS7YM4HhAEPNjvsSZgRGf21G7Z4ypi6a2grMTGgIKbOA3KEe2CKrSEVq7JRF5m1uAPJ2zrgbBrSwI0qkhGfn+SERMVtyzkIvTQkEQJ/g==,iv:jWhHLIccl1Pgr55xEMd2ED8FS3pvRjnuugMJ0sHnuW4=,tag:upgyBz2AA2zhidFIkcVrpw==,type:str]
+sops:
+    shamir_threshold: 1
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age:
+        - recipient: age1n0prg9vynuwc56gn0xfe5qde8wqcd4uzg5ghhhetu2024ckvjyvqxf49el
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxeWJOVEFXTXJrcGYyWWlp
+            TkxrTmpNanR5QmVaYUlKV1JXYnh0L0ViRmdvCmtTR3hUUExkejBkcVNuYUpqRjdZ
+            dlQ4SkRyL2txM2FSK201SU9adUQ2NUEKLS0tIDN0eDRLZGZWMnFUQWFjZnpjWk9J
+            VjBGTVZpYm1kOWw0aGlNaURvb2Q0aVUKPZ2BkHEWV1qsOcEIvF6iiLV0ZSJ7kGT3
+            B7LZx44DUIFuwEXzmnzKf6BkdFNpCqSqWODxTYHm3UcHU2qshux+0g==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age1d4mqql020mpne9r3vtt4l9ywfzfq7zpa3mad33syxln2kldkjsxqgju90f
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBMMzFGQ3pzbTNoR25pOTRx
+            QUk3TzgzeUhCNzg2ODg2SENZbkJpTDREK2dzCnZQdkxMQ1RhaFdCZDlZellYd25K
+            RTBCNDJWUFoyZTJ3dWtqYlJFSU5uc0UKLS0tIENKYmlKUjB2ZjFmZzZpQ3V4dDQ0
+            eklFdUdEOWlnWndpai94QnFUU1F3NmMKVOQtq31dODV1rK7hZMfw295OkQeXq81u
+            VBQVVcYaup6IynBuQYE9eNL5euMwsV/pCv9N+PC3J6WdhdK336ZCDQ==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2024-06-08T15:01:54Z"
+    mac: ENC[AES256_GCM,data:euc66CxC9LHiJYKiMaEWunIZCHd2ZGl1YcFIJWmv2/x1pMRSnQ85yCL5Fpu8crjaayDYGJJVmMBVeU8trmaoqzYE1pWtUSIQo2QligJ1k8T5erdakSwv6keHrxczS1gEkS1Ygl6xieZUY5mcwY1Wyz7ZMeAeiIpIaraSf8Uydu8=,iv:OMGVEmOHnJbFzVpfCtvt3jrw6vP5dCib/HfcKpbSZ7k=,tag:wTtzNCE6BB3S7x2wWNYq1A==,type:str]
+    pgp: []
+    unencrypted_suffix: _unencrypted
+    version: 3.8.1
Author	SHA1	Message	Date
Dmitriy Kholkin	130b1e9eb3	fix: nixos-vm evaluation	2025-03-10 20:07:01 +03:00
Dmitriy Kholkin	d87b988a06	fix: disable cSpell for vscode	2025-03-10 20:05:31 +03:00
Dmitriy Kholkin	a066ff0960	feat: add remote hosts deploy with deploy-rs	2025-03-10 20:04:25 +03:00
Dmitriy Kholkin	f2de87fcea	fix: remove srvos from flake.lock	2025-03-10 20:02:46 +03:00
Dmitriy Kholkin	040502a480	feat: add backup with rustic for redshift	2025-03-10 20:02:17 +03:00
Dmitriy Kholkin	3f16fdab87	feat: add marzban, nginx, ocis with secrets for redshift	2025-03-10 20:01:44 +03:00
Dmitriy Kholkin	bf9584b0f1	fix: exclude secrets from yaml linting	2025-03-10 20:00:57 +03:00