cnst/cnix
1
0
Fork 0
Code Issues Pull Requests Activity

sops changes, and things I cannot remember

Browse Source
This commit is contained in:
cnst
2024-08-09 13:41:41 +02:00
parent dde8787238
commit fe5ce74c33
36 changed files with 895 additions and 217 deletions
Download Patch File Download Diff File Expand all files Collapse all files

89
.cleanup-boot.sh Executable file
View File

@@ -0,0 +1,89 @@
#!/bin/bash
# Script to clean up old initrd and kernel files in /boot/EFI/nixos
# Make sure it's added to flake.nix, then run:
# "nix build .#packages.x86_64-linux.cleanup-boot".
# Number of generations to keep
KEEP_GENERATIONS=5
# Log file for cleanup actions
LOG_FILE="/var/log/cleanup-boot.log"
# Dry run flag
DRY_RUN=false
# Check for dry run argument
if [ "$1" = "--dry-run" ]; then
DRY_RUN=true
fi
# Function to log messages
log() {
echo "$(date '+%Y-%m-%d %H:%M:%S') - $1" | tee -a "$LOG_FILE"
}
# Exit on any error
set -e
log "Starting cleanup script. Keeping the latest $KEEP_GENERATIONS generations."
# List the initrd files in /boot/EFI/nixos sorted by modification time (oldest first)
mapfile -t initrd_files < <(find /boot/EFI/nixos -type f -name 'initrd-*.efi' -printf '%T@ %p\n' | sort -n)
# List the kernel files in /boot/EFI/nixos sorted by modification time (oldest first)
mapfile -t kernel_files < <(find /boot/EFI/nixos -type f -name 'kernel-*.efi' -printf '%T@ %p\n' | sort -n)
# Count the number of initrd and kernel files
initrd_count=${#initrd_files[@]}
kernel_count=${#kernel_files[@]}
log "Found $initrd_count initrd files and $kernel_count kernel files."
# Initialize arrays to hold files to delete
delete_initrd_files=()
delete_kernel_files=()
# If there are fewer than KEEP_GENERATIONS initrd files, don't delete any
if [ "$initrd_count" -le "$KEEP_GENERATIONS" ]; then
log "Fewer than $KEEP_GENERATIONS initrd files found. No initrd files will be deleted."
else
# Get the initrd files to delete
delete_initrd_files=("${initrd_files[@]:0:initrd_count-KEEP_GENERATIONS}")
fi
# If there are fewer than KEEP_GENERATIONS kernel files, don't delete any
if [ "$kernel_count" -le "$KEEP_GENERATIONS" ]; then
log "Fewer than $KEEP_GENERATIONS kernel files found. No kernel files will be deleted."
else
# Get the kernel files to delete
delete_kernel_files=("${kernel_files[@]:0:kernel_count-KEEP_GENERATIONS}")
fi
# Log the files identified for deletion
log "Files identified for deletion:"
for file_entry in "${delete_initrd_files[@]}" "${delete_kernel_files[@]}"; do
file=$(echo "$file_entry" | cut -d' ' -f2-)
log "$file"
done
# Confirm dry run mode
if [ "$DRY_RUN" = true ]; then
log "Dry run mode enabled. No files will be deleted."
fi
# Remove old files
for file_entry in "${delete_initrd_files[@]}" "${delete_kernel_files[@]}"; do
file=$(echo "$file_entry" | cut -d' ' -f2-)
if [ "$DRY_RUN" = false ]; then
if rm -f "$file"; then
log "Deleted: $file"
else
log "Failed to delete: $file"
fi
else
log "Dry run - would delete: $file"
fi
done
log "Cleanup script completed."

1
.gitignore vendored
View File

@@ -1 +1,2 @@
.direnv .direnv
result*

40
.sops.yaml Normal file
View File

@@ -0,0 +1,40 @@
keys:
# Users
- &cnst age1aj6tdyjcxjc3fqda3uvnzy6m49yj4ankvzdstnj3w9dr8hmsccts5vsgd8
- &adam
- &toothpick # Hosts
- &cnix age1rzee3wxh7773p7ytaq3zcl8q4tpsz3l43rdv2wezetgk0dlz0vws9jcpu2
- &adampad
- &toothpc
creation_rules:
- path_regex: secrets/cnix-secrets.(yaml|json|env|ini)$
key_groups:
- age:
- *cnst
- *cnix
- path_regex: secrets/cnst-secrets.(yaml|json|env|ini)$
key_groups:
- age:
- *cnst
- *cnix
- path_regex: secrets/adampad-secrets.(yaml|json|env|ini)$
key_groups:
- age:
- *adam
- *adampad
- path_regex: secrets/adam-secrets.(yaml|json|env|ini)$
key_groups:
- age:
- *adam
- *adampad
- path_regex: secrets/toothpc-secrets.(yaml|json|env|ini)$
key_groups:
- age:
- *toothpick
- *toothpc
- path_regex: secrets/toothpick-secrets.(yaml|json|env|ini)$
key_groups:
- age:
- *toothpick
- *toothpc

364
flake.lock generated
View File

@@ -1,32 +1,5 @@
{ {
"nodes": { "nodes": {
"agenix": {
"inputs": {
"darwin": "darwin",
"home-manager": [
"hm"
],
"nixpkgs": [
"nixpkgs"
],
"systems": [
"systems"
]
},
"locked": {
"lastModified": 1722339003,
"narHash": "sha256-ZeS51uJI30ehNkcZ4uKqT4ZDARPyqrHADSKAwv5vVCU=",
"owner": "ryantm",
"repo": "agenix",
"rev": "3f1dae074a12feb7327b4bf43cbac0d124488bb7",
"type": "github"
},
"original": {
"owner": "ryantm",
"repo": "agenix",
"type": "github"
}
},
"anyrun": { "anyrun": {
"inputs": { "inputs": {
"flake-parts": "flake-parts", "flake-parts": "flake-parts",
@@ -99,6 +72,7 @@
"chaotic": { "chaotic": {
"inputs": { "inputs": {
"compare-to": "compare-to", "compare-to": "compare-to",
"fenix": "fenix",
"flake-schemas": "flake-schemas", "flake-schemas": "flake-schemas",
"home-manager": "home-manager", "home-manager": "home-manager",
"jovian": "jovian", "jovian": "jovian",
@@ -107,12 +81,12 @@
"yafas": "yafas" "yafas": "yafas"
}, },
"locked": { "locked": {
"lastModified": 1722771754, "lastModified": 1723170510,
"narHash": "sha256-NXE43sBXHB5kto5dSH9afFUxug7W8bBZg75UHbydX5E=", "narHash": "sha256-wNF5AqKnCWuUnfJfmaJI1cDxxUrD3JdwfJx8dyZoQuQ=",
"rev": "69263a943d93c7af4429924ef66f3f64e5555089", "rev": "dc407c1618b0892ca94acb857b0cee7383061273",
"revCount": 1315, "revCount": 1329,
"type": "tarball", "type": "tarball",
"url": "https://api.flakehub.com/f/pinned/chaotic-cx/nyx/0.1.1315%2Brev-69263a943d93c7af4429924ef66f3f64e5555089/01911d53-f72d-75af-b463-5fd00a9507df/source.tar.gz" "url": "https://api.flakehub.com/f/pinned/chaotic-cx/nyx/0.1.1329%2Brev-dc407c1618b0892ca94acb857b0cee7383061273/019134ff-40de-7553-8086-c25b2f20a0bf/source.tar.gz"
}, },
"original": { "original": {
"type": "tarball", "type": "tarball",
@@ -154,28 +128,6 @@
"type": "github" "type": "github"
} }
}, },
"darwin": {
"inputs": {
"nixpkgs": [
"agenix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1700795494,
"narHash": "sha256-gzGLZSiOhf155FW7262kdHo2YDeugp3VuIFb4/GGng0=",
"owner": "lnl7",
"repo": "nix-darwin",
"rev": "4b9b83d5a92e8c1fbfd8eb27eda375908c11ec4d",
"type": "github"
},
"original": {
"owner": "lnl7",
"ref": "master",
"repo": "nix-darwin",
"type": "github"
}
},
"devshell": { "devshell": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
@@ -197,6 +149,51 @@
"type": "github" "type": "github"
} }
}, },
"fenix": {
"inputs": {
"nixpkgs": [
"chaotic",
"nixpkgs"
],
"rust-analyzer-src": "rust-analyzer-src"
},
"locked": {
"lastModified": 1723098624,
"narHash": "sha256-TFg+lq7pHgCnsB4nRmMeTxSnZXHvzYJ2IHyEiw8zEF8=",
"owner": "nix-community",
"repo": "fenix",
"rev": "d6022ac563f2f48d8eeff89ca3589c8adc5235f6",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "fenix",
"type": "github"
}
},
"firefox-addons": {
"inputs": {
"flake-utils": "flake-utils",
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"dir": "pkgs/firefox-addons",
"lastModified": 1723176196,
"narHash": "sha256-8FWJ0kJN6yin5Z9BhtPlVaRzj9ljuUdaBT2i/bquJO4=",
"owner": "rycee",
"repo": "nur-expressions",
"rev": "ce877fc7a74fb1abfedcdb4f78e67d930a0841c8",
"type": "gitlab"
},
"original": {
"dir": "pkgs/firefox-addons",
"owner": "rycee",
"repo": "nur-expressions",
"type": "gitlab"
}
},
"firefox-nightly": { "firefox-nightly": {
"inputs": { "inputs": {
"cachix": "cachix", "cachix": "cachix",
@@ -208,11 +205,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1722860994, "lastModified": 1723165499,
"narHash": "sha256-k2IT4qXy3E/mB2yPtWcj981knzLkM5pg+QhpbAB3XtE=", "narHash": "sha256-s5MWrhnqKerja79uFIqgWthudjFmRMxTHY7iZqOPp4g=",
"owner": "nix-community", "owner": "nix-community",
"repo": "flake-firefox-nightly", "repo": "flake-firefox-nightly",
"rev": "f31f964e8c20dccda2095ff073a0afc06b34a52d", "rev": "32f8518e684a4feb842ef25999d2a6dc5f64f2ba",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -379,6 +376,21 @@
} }
}, },
"flake-utils": { "flake-utils": {
"locked": {
"lastModified": 1629284811,
"narHash": "sha256-JHgasjPR0/J1J3DRm4KxM4zTyAj4IOJY8vIl75v/kPI=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "c5d161cc0af116a2e17f54316f0bf43f0819785c",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_2": {
"inputs": { "inputs": {
"systems": "systems_3" "systems": "systems_3"
}, },
@@ -396,7 +408,7 @@
"type": "github" "type": "github"
} }
}, },
"flake-utils_2": { "flake-utils_3": {
"inputs": { "inputs": {
"systems": [ "systems": [
"systems" "systems"
@@ -416,7 +428,7 @@
"type": "github" "type": "github"
} }
}, },
"flake-utils_3": { "flake-utils_4": {
"inputs": { "inputs": {
"systems": "systems_5" "systems": "systems_5"
}, },
@@ -451,11 +463,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1721042469, "lastModified": 1722857853,
"narHash": "sha256-6FPUl7HVtvRHCCBQne7Ylp4p+dpP3P/OYuzjztZ4s70=", "narHash": "sha256-3Zx53oz/MSIyevuWO/SumxABkrIvojnB7g9cimxkhiE=",
"owner": "cachix", "owner": "cachix",
"repo": "git-hooks.nix", "repo": "git-hooks.nix",
"rev": "f451c19376071a90d8c58ab1a953c6e9840527fd", "rev": "06939f6b7ec4d4f465bf3132a05367cccbbf64da",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -510,11 +522,11 @@
}, },
"hardware": { "hardware": {
"locked": { "locked": {
"lastModified": 1722332872, "lastModified": 1723149858,
"narHash": "sha256-2xLM4sc5QBfi0U/AANJAW21Bj4ZX479MHPMPkB+eKBU=", "narHash": "sha256-3u51s7jdhavmEL1ggtd8wqrTH2clTy5yaZmhLvAXTqc=",
"owner": "nixos", "owner": "nixos",
"repo": "nixos-hardware", "repo": "nixos-hardware",
"rev": "14c333162ba53c02853add87a0000cbd7aa230c2", "rev": "107bb46eef1f05e86fc485ee8af9b637e5157988",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -523,6 +535,31 @@
"type": "github" "type": "github"
} }
}, },
"hercules-ci-effects": {
"inputs": {
"flake-parts": [
"nixpak",
"flake-parts"
],
"nixpkgs": [
"nixpak",
"nixpkgs"
]
},
"locked": {
"lastModified": 1719226092,
"narHash": "sha256-YNkUMcCUCpnULp40g+svYsaH1RbSEj6s4WdZY/SHe38=",
"owner": "hercules-ci",
"repo": "hercules-ci-effects",
"rev": "11e4b8dc112e2f485d7c97e1cee77f9958f498f5",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "hercules-ci-effects",
"type": "github"
}
},
"hm": { "hm": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
@@ -530,11 +567,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1722630065, "lastModified": 1723015306,
"narHash": "sha256-QfM/9BMRkCmgWzrPDK+KbgJOUlSJnfX4OvsUupEUZvA=", "narHash": "sha256-jQnFEtH20/OsDPpx71ntZzGdRlpXhUENSQCGTjn//NA=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "afc892db74d65042031a093adb6010c4c3378422", "rev": "b3d5ea65d88d67d4ec578ed11d4d2d51e3de525e",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -551,11 +588,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1722462338, "lastModified": 1723015306,
"narHash": "sha256-ss0G8t8RJVDewA3MyqgAlV951cWRK6EtVhVKEZ7J5LU=", "narHash": "sha256-jQnFEtH20/OsDPpx71ntZzGdRlpXhUENSQCGTjn//NA=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "6e090576c4824b16e8759ebca3958c5b09659ee8", "rev": "b3d5ea65d88d67d4ec578ed11d4d2d51e3de525e",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -626,11 +663,11 @@
"xdph": "xdph" "xdph": "xdph"
}, },
"locked": { "locked": {
"lastModified": 1722800434, "lastModified": 1723143710,
"narHash": "sha256-0lvzOT3dQWlQ+zyOAhKTxFd9BWZw380ILDNpoGdtekA=", "narHash": "sha256-qbjodK+UgnQ2YdtKmuI1XEG84SZlid39rQo6Ap9NTqI=",
"ref": "refs/heads/main", "ref": "refs/heads/main",
"rev": "2b520571e897be2a0e88c8692da607b062000038", "rev": "4b4971c06fb02df00a2bd20b6b47b5d0e7d799a7",
"revCount": 5051, "revCount": 5071,
"submodules": true, "submodules": true,
"type": "git", "type": "git",
"url": "https://github.com/hyprwm/Hyprland" "url": "https://github.com/hyprwm/Hyprland"
@@ -718,6 +755,39 @@
"type": "github" "type": "github"
} }
}, },
"hyprlock": {
"inputs": {
"hyprlang": [
"hyprland",
"hyprlang"
],
"hyprutils": [
"hyprland",
"hyprutils"
],
"nixpkgs": [
"hyprland",
"nixpkgs"
],
"systems": [
"hyprland",
"systems"
]
},
"locked": {
"lastModified": 1722882121,
"narHash": "sha256-gr4mN6BYKqy9JDr/ygDlMGYvEYBCMTDDDVnGNp/EYuw=",
"owner": "hyprwm",
"repo": "hyprlock",
"rev": "9393a3e94d837229714e28041427709756033f5a",
"type": "github"
},
"original": {
"owner": "hyprwm",
"repo": "hyprlock",
"type": "github"
}
},
"hyprutils": { "hyprutils": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
@@ -777,11 +847,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1721993749, "lastModified": 1723016361,
"narHash": "sha256-dGqEQ68GNGmA8+HHzHEqAcW2uGu/AX+sRWcMO99UM8s=", "narHash": "sha256-iEVCAOn7WUdJGrK2EW5hkfl4gBmYl5gVck+MSn6ba44=",
"owner": "Jovian-Experiments", "owner": "Jovian-Experiments",
"repo": "Jovian-NixOS", "repo": "Jovian-NixOS",
"rev": "3bd059992912139d6a12e86ba418f933ec368ef2", "rev": "fc3d12deef508a73c7beef4cd9bebe03acde4ed7",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -815,7 +885,7 @@
}, },
"lib-aggregate": { "lib-aggregate": {
"inputs": { "inputs": {
"flake-utils": "flake-utils", "flake-utils": "flake-utils_2",
"nixpkgs-lib": "nixpkgs-lib" "nixpkgs-lib": "nixpkgs-lib"
}, },
"locked": { "locked": {
@@ -874,11 +944,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1722609272, "lastModified": 1722924007,
"narHash": "sha256-Kkb+ULEHVmk07AX+OhwyofFxBDpw+2WvsXguUS2m6e4=", "narHash": "sha256-+CQDamNwqO33REJLft8c26NbUi2Td083hq6SvAm2xkU=",
"owner": "lnl7", "owner": "lnl7",
"repo": "nix-darwin", "repo": "nix-darwin",
"rev": "f7142b8024d6b70c66fd646e1d099d3aa5bfec49", "rev": "91010a5613ffd7ee23ee9263213157a1c422b705",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -934,6 +1004,30 @@
"type": "github" "type": "github"
} }
}, },
"nixpak": {
"inputs": {
"flake-parts": [
"flake-parts"
],
"hercules-ci-effects": "hercules-ci-effects",
"nixpkgs": [
"nixpkgs-small"
]
},
"locked": {
"lastModified": 1723083542,
"narHash": "sha256-Nkbb3j+P0zMqvZUlV6WbT5erHasZ14NW0TJS3Bb9dVY=",
"owner": "nixpak",
"repo": "nixpak",
"rev": "d36970c58794c90401617accae0eb48868e335e6",
"type": "github"
},
"original": {
"owner": "nixpak",
"repo": "nixpak",
"type": "github"
}
},
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1717196966, "lastModified": 1717196966,
@@ -965,6 +1059,22 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs-small": {
"locked": {
"lastModified": 1723154630,
"narHash": "sha256-TzJYH95nF27y/RGSCGjEu2+OX4TAFdo/HTBx3fabnvM=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "417d7213447540319ff280b004460e9a06859045",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable-small",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-stable": { "nixpkgs-stable": {
"locked": { "locked": {
"lastModified": 1720386169, "lastModified": 1720386169,
@@ -981,13 +1091,29 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs_2": { "nixpkgs-stable_2": {
"locked": { "locked": {
"lastModified": 1722630782, "lastModified": 1721524707,
"narHash": "sha256-hMyG9/WlUi0Ho9VkRrrez7SeNlDzLxalm9FwY7n/Noo=", "narHash": "sha256-5NctRsoE54N86nWd0psae70YSLfrOek3Kv1e8KoXe/0=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "d04953086551086b44b6f3c6b7eeb26294f207da", "rev": "556533a23879fc7e5f98dd2e0b31a6911a213171",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "release-24.05",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_2": {
"locked": {
"lastModified": 1722813957,
"narHash": "sha256-IAoYyYnED7P8zrBFMnmp7ydaJfwTnwcnqxUElC1I26Y=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "cb9a96f23c491c081b38eab96d22fa958043c9fa",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -1046,11 +1172,11 @@
}, },
"nixpkgs_6": { "nixpkgs_6": {
"locked": { "locked": {
"lastModified": 1722630782, "lastModified": 1722813957,
"narHash": "sha256-hMyG9/WlUi0Ho9VkRrrez7SeNlDzLxalm9FwY7n/Noo=", "narHash": "sha256-IAoYyYnED7P8zrBFMnmp7ydaJfwTnwcnqxUElC1I26Y=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "d04953086551086b44b6f3c6b7eeb26294f207da", "rev": "cb9a96f23c491c081b38eab96d22fa958043c9fa",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -1075,11 +1201,11 @@
"treefmt-nix": "treefmt-nix" "treefmt-nix": "treefmt-nix"
}, },
"locked": { "locked": {
"lastModified": 1722857280, "lastModified": 1723192118,
"narHash": "sha256-b5Bal3cElLrS9UtDN81ljQpOsbqBe/7CdWlTKhlswus=", "narHash": "sha256-juQM/w6GY8aHQCBazvyMEPlfnt4pB+ja7WDQOQQYyEY=",
"owner": "nix-community", "owner": "nix-community",
"repo": "nixvim", "repo": "nixvim",
"rev": "5922a48008e5759acb63a12b2de8348ec512760f", "rev": "c46bd820adabaf23acbccbbd226b1941566acb51",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -1090,18 +1216,18 @@
}, },
"nuschtosSearch": { "nuschtosSearch": {
"inputs": { "inputs": {
"flake-utils": "flake-utils_3", "flake-utils": "flake-utils_4",
"nixpkgs": [ "nixpkgs": [
"nixvim", "nixvim",
"nixpkgs" "nixpkgs"
] ]
}, },
"locked": { "locked": {
"lastModified": 1722493084, "lastModified": 1722772237,
"narHash": "sha256-ktjl908zZKWcGdMyz6kX1kHSg7LFFGPYBvTi9FgQleM=", "narHash": "sha256-3eCYmzeLngX8eutIsTZAG8DIvT/0DWQQxiszTQz8n0s=",
"owner": "NuschtOS", "owner": "NuschtOS",
"repo": "search", "repo": "search",
"rev": "3f5abffa5f28b4ac3c9212c81c5e8d2d22876071", "rev": "aa5f6246565cc9b1e697d2c9d6ed2c842b17fff6",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -1139,25 +1265,46 @@
}, },
"root": { "root": {
"inputs": { "inputs": {
"agenix": "agenix",
"anyrun": "anyrun", "anyrun": "anyrun",
"chaotic": "chaotic", "chaotic": "chaotic",
"firefox-addons": "firefox-addons",
"firefox-nightly": "firefox-nightly", "firefox-nightly": "firefox-nightly",
"flake-compat": "flake-compat_2", "flake-compat": "flake-compat_2",
"flake-parts": "flake-parts_2", "flake-parts": "flake-parts_2",
"flake-utils": "flake-utils_2", "flake-utils": "flake-utils_3",
"hardware": "hardware", "hardware": "hardware",
"hm": "hm", "hm": "hm",
"hyprland": "hyprland", "hyprland": "hyprland",
"hyprland-contrib": "hyprland-contrib", "hyprland-contrib": "hyprland-contrib",
"hyprlock": "hyprlock",
"lanzaboote": "lanzaboote", "lanzaboote": "lanzaboote",
"microfetch": "microfetch", "microfetch": "microfetch",
"nix-gaming": "nix-gaming", "nix-gaming": "nix-gaming",
"nixpak": "nixpak",
"nixpkgs": "nixpkgs_6", "nixpkgs": "nixpkgs_6",
"nixpkgs-small": "nixpkgs-small",
"nixvim": "nixvim", "nixvim": "nixvim",
"sops-nix": "sops-nix",
"systems": "systems_6" "systems": "systems_6"
} }
}, },
"rust-analyzer-src": {
"flake": false,
"locked": {
"lastModified": 1723042912,
"narHash": "sha256-Ff4nCgmlSWVOMvRVVf6gTYgmZjGw9EjIFHG0aUFg+D8=",
"owner": "rust-lang",
"repo": "rust-analyzer",
"rev": "935883fd826c46e7e7e6de19cf24377c21f1b2ba",
"type": "github"
},
"original": {
"owner": "rust-lang",
"ref": "nightly",
"repo": "rust-analyzer",
"type": "github"
}
},
"rust-overlay": { "rust-overlay": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
@@ -1179,6 +1326,27 @@
"type": "github" "type": "github"
} }
}, },
"sops-nix": {
"inputs": {
"nixpkgs": [
"nixpkgs"
],
"nixpkgs-stable": "nixpkgs-stable_2"
},
"locked": {
"lastModified": 1722897572,
"narHash": "sha256-3m/iyyjCdRBF8xyehf59QlckIcmShyTesymSb+N4Ap4=",
"owner": "Mic92",
"repo": "sops-nix",
"rev": "8ae477955dfd9cbf5fa4eb82a8db8ddbb94e79d9",
"type": "github"
},
"original": {
"owner": "Mic92",
"repo": "sops-nix",
"type": "github"
}
},
"systems": { "systems": {
"locked": { "locked": {
"lastModified": 1689347949, "lastModified": 1689347949,

61
flake.nix
View File

@@ -9,28 +9,32 @@
./home ./home
./hosts ./hosts
]; ];
perSystem = {pkgs, ...}: { perSystem = {pkgs, ...}: {
devShells = import ./system/nix/shell {inherit pkgs;}; devShells = import ./system/nix/shell {inherit pkgs;};
formatter = pkgs.alejandra; formatter = pkgs.alejandra;
packages.cleanup-boot = pkgs.buildFHSUserEnv {
name = "cleanup-boot";
targetPkgs = pkgs: [pkgs.bash];
runScript = ./.cleanup-boot.sh;
};
}; };
}; };
inputs = { inputs = {
# Nix environs # nix environs
nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
# nixpkgs-small.url = "github:NixOS/nixpkgs/nixos-unstable-small"; nixpkgs-small.url = "github:NixOS/nixpkgs/nixos-unstable-small";
systems.url = "github:nix-systems/default-linux"; systems.url = "github:nix-systems/default-linux";
hardware.url = "github:nixos/nixos-hardware"; hardware.url = "github:nixos/nixos-hardware";
lanzaboote.url = "github:nix-community/lanzaboote"; lanzaboote.url = "github:nix-community/lanzaboote";
# Sandbox wrappers for programs nixpak = {
# nixpak = { url = "github:nixpak/nixpak";
# url = "github:nixpak/nixpak"; inputs = {
# inputs = { nixpkgs.follows = "nixpkgs-small";
# nixpkgs.follows = "nixpkgs-small"; flake-parts.follows = "flake-parts";
# flake-parts.follows = "flake-parts"; };
# }; };
# };
flake-utils = { flake-utils = {
url = "github:numtide/flake-utils"; url = "github:numtide/flake-utils";
inputs.systems.follows = "systems"; inputs.systems.follows = "systems";
@@ -50,11 +54,22 @@
}; };
# cachyos # cachyos
chaotic.url = "https://flakehub.com/f/chaotic-cx/nyx/*.tar.gz"; chaotic.url = "https://flakehub.com/f/chaotic-cx/nyx/*.tar.gz";
# hyprland environ
hyprland.url = "git+https://github.com/hyprwm/Hyprland?submodules=1"; hyprland.url = "git+https://github.com/hyprwm/Hyprland?submodules=1";
hyprland-contrib = { hyprland-contrib = {
url = "github:hyprwm/contrib"; url = "github:hyprwm/contrib";
inputs.nixpkgs.follows = "hyprland/nixpkgs"; inputs.nixpkgs.follows = "hyprland/nixpkgs";
}; };
hyprlock = {
url = "github:hyprwm/hyprlock";
inputs = {
hyprlang.follows = "hyprland/hyprlang";
hyprutils.follows = "hyprland/hyprutils";
nixpkgs.follows = "hyprland/nixpkgs";
systems.follows = "hyprland/systems";
};
};
nix-gaming = { nix-gaming = {
url = "github:fufexan/nix-gaming"; url = "github:fufexan/nix-gaming";
inputs = { inputs = {
@@ -66,24 +81,16 @@
url = "github:nix-community/flake-firefox-nightly"; url = "github:nix-community/flake-firefox-nightly";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
# Schizophrenic Firefox configuration # Third party programs, packaged with nix
# schizofox = { firefox-addons = {
# url = "github:schizofox/schizofox"; url = "gitlab:rycee/nur-expressions?dir=pkgs/firefox-addons";
# inputs = { inputs.nixpkgs.follows = "nixpkgs";
# nixpkgs.follows = "nixpkgs-small"; };
# flake-parts.follows = "flake-parts";
# nixpak.follows = "nixpak";
# };
# };
anyrun.url = "github:anyrun-org/anyrun"; anyrun.url = "github:anyrun-org/anyrun";
microfetch.url = "github:NotAShelf/microfetch"; microfetch.url = "github:NotAShelf/microfetch";
agenix = { sops-nix = {
url = "github:ryantm/agenix"; url = "github:Mic92/sops-nix";
inputs = { inputs.nixpkgs.follows = "nixpkgs";
nixpkgs.follows = "nixpkgs";
home-manager.follows = "hm";
systems.follows = "systems";
};
}; };
}; };
} }

1
home/bin/hyprland/cnst/cfg/inputs.nix
View File

@@ -51,7 +51,6 @@
}; };
misc = { misc = {
vrr = 2; vrr = 2;
no_direct_scanout = false;
mouse_move_enables_dpms = 1; mouse_move_enables_dpms = 1;
key_press_enables_dpms = 0; key_press_enables_dpms = 0;
force_default_wallpaper = 0; force_default_wallpaper = 0;

5
home/bin/neovim/plugins/chatgpt.nix
View File

@@ -1,5 +1,8 @@
{ {config, ...}: {
programs.nixvim.plugins.chatgpt = { programs.nixvim.plugins.chatgpt = {
enable = true; enable = true;
settings = {
api_key_cmd = "cat ${config.sops.secrets.openai_api_key.path}";
};
}; };
} }

2
home/bin/neovim/plugins/default.nix
View File

@@ -13,7 +13,7 @@
./tagbar.nix ./tagbar.nix
./telescope.nix ./telescope.nix
./treesitter.nix ./treesitter.nix
# ./chatgpt.nix ./chatgpt.nix
# ./vimtex.nix # ./vimtex.nix
./nonels.nix ./nonels.nix
./conform.nix ./conform.nix

3
home/bin/neovim/plugins/lsp.nix
View File

@@ -54,6 +54,9 @@
# C# # C#
csharp-ls.enable = true; csharp-ls.enable = true;
# Yaml
yamlls.enable = true;
# Lua # Lua
lua-ls = { lua-ls = {
enable = true; enable = true;

2
home/default.nix
View File

@@ -11,6 +11,8 @@
./usr/share/git/cnst ./usr/share/git/cnst
./usr/share/shell/cnst ./usr/share/shell/cnst
./bin/hyprland/cnst ./bin/hyprland/cnst
./opt/browsers/firefox
./opt/sops
./etc ./etc
./bin ./bin
./opt ./opt

12
home/opt/browsers/chromium/default.nix Normal file
View File

@@ -0,0 +1,12 @@
{pkgs, ...}: {
programs.chromium = {
enable = true;
package = pkgs.ungoogled-chromium;
extensions = [
"gebbhagfogifgggkldgodflihgfeippi" # return youtube dislike
"mnjggcdmjocbbbhaepdhchncahnbgone" # sponsorblock for youtube
"ponfpcnoihfmfllpaingbgckeeldkhle" # enhancer for youtube
"cjpalhdlnbpafiamejdnhcphjbkeiagm" # ublock origin
];
};
}

34
home/opt/browsers/default.nix
View File

@@ -1,34 +0,0 @@
{
pkgs,
lib,
config,
inputs,
...
}: let
firefoxFlake = inputs.firefox-nightly.packages.${pkgs.stdenv.hostPlatform.system};
_firefoxNightly = firefoxFlake.firefox-nightly-bin;
_chromium = pkgs.ungoogled-chromium;
# _mullvad = pkgs.mullvad-browser;
in {
home.packages = lib.mkMerge [
(lib.mkIf (pkgs.hostPlatform.system == "x86_64-linux") (
with pkgs; [
# browsers
_firefoxNightly
pkgs.firefox-bin
# _chromium
]
))
];
programs.chromium = {
enable = true;
package = pkgs.ungoogled-chromium;
extensions = [
"gebbhagfogifgggkldgodflihgfeippi" # return youtube dislike
"mnjggcdmjocbbbhaepdhchncahnbgone" # sponsorblock for youtube
"ponfpcnoihfmfllpaingbgckeeldkhle" # enhancer for youtube
"cjpalhdlnbpafiamejdnhcphjbkeiagm" # ublock origin
];
};
}

32
home/opt/browsers/firefox/default.nix Normal file
View File

@@ -0,0 +1,32 @@
{
inputs,
pkgs,
...
}: {
programs.firefox = {
enable = true;
package = inputs.firefox-nightly.packages.${pkgs.system}.firefox-nightly-bin;
profiles.cnst = {
search = {
force = true;
default = "DuckDuckGo";
privateDefault = "DuckDuckGo";
order = ["DuckDuckGo" "Google"];
};
bookmarks = {};
extensions = with inputs.firefox-addons.packages.${pkgs.system}; [
ublock-origin
sponsorblock
clearurls
return-youtube-dislikes
# enhancer-for-youtube # unfree
];
settings = {
"apz.overscroll.enabled" = true;
"browser.aboutConfig.showWarning" = false;
"general.autoScroll" = true;
"toolkit.legacyUserProfileCustomizations.stylesheets" = true;
};
};
};
}

1
home/opt/default.nix
View File

@@ -1,7 +1,6 @@
{ {
imports = [ imports = [
# shared apps # shared apps
./browsers
./discord ./discord
./utility ./utility
./alacritty ./alacritty

68
home/opt/sops/default.nix Normal file
View File

@@ -0,0 +1,68 @@
{
inputs,
self,
lib,
config,
...
}: let
defaultConfig = {
age = {sshKeyPaths = ["/home/cnst/.ssh/id_ed25519"];};
defaultSopsFile = "${self}/secrets/cnst-secrets.yaml";
secrets = {
openai_api_key = {
format = "yaml";
sopsFile = "${self}/secrets/cnst-secrets.yaml";
};
ssh_user = {
format = "yaml";
sopsFile = "${self}/secrets/cnst-secrets.yaml";
};
};
};
userSpecificConfig = lib.mkMerge [
(lib.mkIf (config.home.username == "toothpick") {
age = {sshKeyPaths = ["/home/toothpick/.ssh/id_ed25519"];};
defaultSopsFile = "${self}/secrets/toothpick-secrets.yaml";
secrets = {
openai_api_key = {
format = "yaml";
sopsFile = "${self}/secrets/toothpick-secrets.yaml";
};
ssh_user = {
format = "yaml";
sopsFile = "${self}/secrets/toothpick-secrets.yaml";
};
};
})
(lib.mkIf (config.home.username == "adam") {
age = {sshKeyPaths = ["/home/adam/.ssh/id_ed25519"];};
defaultSopsFile = "${self}/secrets/adam-secrets.yaml";
secrets = {
openai_api_key = {
format = "yaml";
sopsFile = "${self}/secrets/adam-secrets.yaml";
};
ssh_user = {
format = "yaml";
sopsFile = "${self}/secrets/adam-secrets.yaml";
};
};
})
];
in {
imports = [
inputs.sops-nix.homeManagerModules.sops
];
sops = lib.mkMerge [
{
gnupg = {
home = "~/.gnupg";
sshKeyPaths = [];
};
}
defaultConfig
userSpecificConfig
];
}

3
home/opt/utility/default.nix
View File

@@ -1,5 +1,8 @@
{pkgs, ...}: { {pkgs, ...}: {
programs = { programs = {
ssh = {
enable = true;
};
# image viewer # image viewer
feh = { feh = {
enable = true; enable = true;

7
home/profiles/cnst/default.nix
View File

@@ -1,4 +1,8 @@
{pkgs, ...}: { {
pkgs,
self,
...
}: {
home = { home = {
username = "cnst"; username = "cnst";
homeDirectory = "/home/cnst"; homeDirectory = "/home/cnst";
@@ -43,6 +47,7 @@
json.enable = false; json.enable = false;
manpages.enable = false; manpages.enable = false;
}; };
# age.secrets.secret1.file = "${self}/secrets/openai.age";
# let HM manage itself when in standalone mode # let HM manage itself when in standalone mode
programs.home-manager.enable = true; programs.home-manager.enable = true;

73
home/srv/hypr/lock/default.nix
View File

@@ -1,67 +1,76 @@
{ {
pkgs,
inputs,
...
}: {
programs.hyprlock = { programs.hyprlock = {
enable = true; enable = true;
package = inputs.hyprlock.packages.${pkgs.system}.hyprlock;
settings = { settings = {
general = { general = {
disable_loading_bar = true; disable_loading_bar = true;
hide_cursor = false; hide_cursor = true;
no_fade_in = false; no_fade_in = true;
no_fade_out = true;
ignore_empty_input = true;
immediate_render = true;
}; };
background = [ background = [
{ {
color = "rgba(000000FF)";
monitor = ""; monitor = "";
path = "~/media/images/galaxy.png"; path = "~/media/images/dunes.png";
blur_size = 3;
blur_passes = 2;
} }
]; ];
input-field = [ input-field = [
{ {
monitor = ""; monitor = "";
size = "200, 50"; size = "200, 50";
outline_thickness = 2; outline_thickness = 0;
dots_size = 0.33; dots_size = 0.1;
dots_spacing = 0.15; dots_spacing = 0.3;
dots_center = true; dots_center = true;
dots_rounding = -1; dots_rounding = -1;
outer_color = "rgba(3B3B3B55)"; outer_color = "rgba(0,0,0,0)";
inner_color = "rgba(33333311)"; inner_color = "rgba(0,0,0,0)";
font_color = "rgba(FFFFFFFF)"; font_color = "rgba(FFFFFFFF)";
fade_on_empty = true; fade_on_empty = false;
fade_timeout = 5000; fade_timeout = 0;
fail_text = "";
fail_transition = 0;
placeholder_text = ""; placeholder_text = "";
hide_input = false; hide_input = false;
rounding = -1; rounding = 0;
check_color = "rgb(204, 136, 34)"; check_color = "rgba(0,0,0,0)";
fail_color = "rgb(204, 34, 34)"; fail_color = "rgba(0,0,0,0)";
position = "0, 20";
halign = "center";
valign = "center";
} }
]; ];
label = [ label = [
# date
{
monitor = "";
text = "cmd[update:3600000] date +'%A, %B %d'";
shadow_passes = 1;
shadow_boost = 0.5;
color = "rgba(FFFFFFFF)";
font_size = 25;
font_family = "Input Mono Compressed";
position = "0, 230";
halign = "center";
valign = "center";
}
# clock
{ {
# Clock
monitor = ""; monitor = "";
text = "cmd[update:1000] echo '$TIME'"; text = "cmd[update:1000] echo '$TIME'";
shadow_passes = 1; shadow_passes = 1;
shadow_boost = 0.5; shadow_boost = 0.5;
color = "rgba(FFFFFFFF)"; color = "rgba(FFFFFFFF)";
font_size = 85; font_size = 85;
font_family = "Input Mono";
position = "0, 300";
halign = "center";
valign = "center";
}
{
# Date
monitor = "";
text = "cmd[update:3600000] date +'%a %b %d'";
shadow_passes = 1;
shadow_boost = 0.5;
color = "rgba(FFFFFFFF)";
font_size = 25;
font_family = "Input Mono Compressed"; font_family = "Input Mono Compressed";
position = "0, 300";
position = "0, 230";
halign = "center"; halign = "center";
valign = "center"; valign = "center";
} }

4
home/usr/share/shell/cnst/default.nix
View File

@@ -12,8 +12,8 @@
ll = "ls -l"; ll = "ls -l";
nixupdate = "nh os switch -v -H cnix"; nixupdate = "nh os switch -v -H cnix";
nixup = "nh os switch -H cnix"; nixup = "nh os switch -H cnix";
flakeupdate = "nh os switch -u -v -H cnix"; flakeupdate = "nh os switch -u -v -H cnix && sudo nix run .#cleanup-boot";
flakeup = "nh os switch -u -H cnix"; flakeup = "nh os switch -u -H cnix && sudo nix run .#cleanup-boot";
}; };
history = { history = {
size = 1000; size = 1000;

7
hosts/cnix/default.nix
View File

@@ -8,8 +8,13 @@
in { in {
users.users.cnst = { users.users.cnst = {
isNormalUser = true; isNormalUser = true;
# hashedPasswordFile = config.age.secrets.openai.path;
shell = pkgs.zsh; shell = pkgs.zsh;
# openssh.authorizedKeys.keys = []; openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPTdWHnYsr+sWg1tMSPRUaQhB8msdCoanaJOtP8v1ZBX root@cnix"
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCtk/N0vZIangyccQoDq1e+k+t9gdymaYvjIs+Xh6TIMuDEO2piaiAs5PvIPQI3FPlPG4rQKgJwE3RwTCM1XXX/euhXzzmae32E/eLBF7fOtT0YjA07sXAW+vjKI7xhEdh+3D2Vi59taV/sw8QsNwTYFo1BQjjwqSHN+xhM3myFKEMquTxo6LqfFMR8oLSTyC4qUwk+H2w/6kmVFJa/7qGVhbEpryM/Oj+LMqzG6PYfmWzZ2qPFJ4FWHLTLVstBxpvT4p91lm0Z6aC+4KyYo52vwzEk2U/GGwzzc5DbXgyAzhaU8BM8IWkaRiE7RU8PNM1vRQ05L1JJ1T2o9a92QeZiJxz+3cgV/yZUYOKdZNrfskKpOzdm00yfhznVpI8y1lfgyvd+eJRLLpeOkGnAO3fW7RLLcwVKX6st8gBWf2SKWNFyuWdTU9SJC/sgttiBrsCiBTItKYLE8ihdJLrJn+cIxUoFe6WjZa9bv0WWetiW3g1WgiJeIWnlWERdDsxKfatwkE8mfPJtt6mZio/cLyC16HN57fNkqMqelca9deaXu2hwWBuE0dsOsL6HlhY8lFwQ5P+x7D3gZGpYWMZl35uqDt2AzFGje3Rrzv0NO7UUixeIit6c5BWhSxIpSgpl6065Uo5+jfeQlbaO1Kri4wwCR6VvQ/F0v+4IQZLSzOC3Gw== root@cnix"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJMWwiz9YWBMUKFtAmF3xTEdBW27zkBH8UYaqWWcs70d cnst@cnix"
];
extraGroups = ifTheyExist [ extraGroups = ifTheyExist [
"wheel" "wheel"
"networkmanager" "networkmanager"

1
hosts/cnix/ssh_host_ed25519_key.pub Normal file
View File

@@ -0,0 +1 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPTdWHnYsr+sWg1tMSPRUaQhB8msdCoanaJOtP8v1ZBX root@cnix

6
hosts/cnix/xkb/symbols/hhkbse
View File

@@ -6,7 +6,7 @@ xkb_symbols "hhkbse" {
name[Group1]="Sweden - HHKBse"; name[Group1]="Sweden - HHKBse";
key <AE01> {[ 1, exclam, section, onehalf ]}; key <AE01> {[ 1, exclam, section, onehalf ]};
key <AE02> {[ 2, quotedbl, at, paragraph ]}; key <AE02> {[ 2, quotedbl, at ]};
key <AE03> {[ 3, numbersign, sterling ]}; key <AE03> {[ 3, numbersign, sterling ]};
key <AE04> {[ 4, dollar, currency ]}; key <AE04> {[ 4, dollar, currency ]};
key <AE05> {[ 5, percent, EuroSign, permille ]}; key <AE05> {[ 5, percent, EuroSign, permille ]};
@@ -18,7 +18,7 @@ xkb_symbols "hhkbse" {
key <AE11> {[ plus, question, backslash, plusminus ]}; key <AE11> {[ plus, question, backslash, plusminus ]};
key <AE12> {[ Next, braceleft, Home ]}; key <AE12> {[ Next, braceleft, Home ]};
key <BKSL> {[ Prior, braceright, End ]}; key <BKSL> {[ Prior, braceright, End ]};
key <TLDE> {[ Delete,asciicircum, asterisk ]}; key <TLDE> {[ Delete, bar, asterisk, brokenbar ]};
key <AD01> {[ q, Q ]}; key <AD01> {[ q, Q ]};
key <AD02> {[ w, W ]}; key <AD02> {[ w, W ]};
@@ -31,7 +31,7 @@ xkb_symbols "hhkbse" {
key <AD09> {[ o, O ]}; key <AD09> {[ o, O ]};
key <AD10> {[ p, P, Up, Greek_pi ]}; key <AD10> {[ p, P, Up, Greek_pi ]};
key <AD11> {[ aring, Aring ]}; key <AD11> {[ aring, Aring ]};
key <AD12> {[apostrophe, bar, asciitilde, brokenbar ]}; key <AD12> {[apostrophe,asciicircum, asciitilde ]};
key <AC01> {[ a, A ]}; key <AC01> {[ a, A ]};
key <AC02> {[ s, S ]}; key <AC02> {[ s, S ]};
key <AC03> {[ d, D ]}; key <AC03> {[ d, D ]};

3
hosts/default.nix
View File

@@ -35,9 +35,8 @@
extraSpecialArgs = specialArgs; extraSpecialArgs = specialArgs;
}; };
} }
inputs.chaotic.nixosModules.default inputs.chaotic.nixosModules.default
inputs.agenix.nixosModules.default inputs.sops-nix.nixosModules.sops
]; ];
}; };
toothpc = nixosSystem { toothpc = nixosSystem {

31
secrets/adam-secrets.yaml Normal file
View File

@@ -0,0 +1,31 @@
openai_api_key: ENC[AES256_GCM,data:91O7UcISvIJ6fzZxxj6y/6T7KT04tu4dIsWfVgdqt9/JzplA734lTIixRNmYSxmhgVNCyX2pJn0WO1yH7uEsSj2CHyJxVGAL6h+7zqYFo/UxbXAWy9u1hSfAS0BL6WEXrlVzqdt9JGz0lBTK4qFyuXnnSzhPVG2qQGhenmEq1+UkqdY9,iv:rfyekHDh8UUvbcXgPsfsKA6AjO2z5XSGpeHpwpiuSXw=,tag:dHZhfWoO/e4ZUfSAEOxq0A==,type:str]
ssh_user: ENC[AES256_GCM,data:u6YjlfDAX1zEO5Zd6SYn3C3q/H8knUwMT8Xv4d0YbYnVrainntukSKwO5jwUMay+BfgkWfRBil0/mqxBZjS1E+we3iDxYHTLLWXjQ2QJTzrVJHpu1MFcvYPfjQsocS96i6V8N/eH2fNIjSmys4uBxrLlnlsA3nuC4kvk/6rAq7ndp27eyQH/rx7iorMvyMtfRcKTOSCQNlaHu2WLtH6rxcUg8c+zYhlPR1OkM6I7tWrrw/48Bj7USjdXyNXM18qX05/EetkZdM6vHDWWPYTfVEnoP3K8zjgWXwoX/3amNgvX2wQYS8eSGxdLA5hCvKi1ytl3aEr+QjYn3X+qkqtdk6cvMnx6nyotMWpoJdnaRQqarB3gh0kHWCRjs0ALsWyvn7ShUXYOT3fflX1lXiEjpQp5TbvR+EpB4gicpa60j9s13u43znMqYqnlnGvTGoBXbkz6ZE6EcKXyPq9RuNWyK6X/j3kvAyiemoBkJg4rEURnG2bq9oMMvlZtbp1wkSIAwOPJjuAxOyn7LaQTEaBc,iv:u4AOkMRsT7laSfdYxXSa6LxCmDN2cA1ZBGZMRW/k9A0=,tag:s3r5cNHz02cpXdUrSL1jeQ==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1aj6tdyjcxjc3fqda3uvnzy6m49yj4ankvzdstnj3w9dr8hmsccts5vsgd8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwVHlvWkJRQmlQSWlYU0FR
b0pJQm43VzIrTWd2SzZSMVlra2szTnZPMnpZCkdldldmbm9pRWNCcFQ5eS9pMXhm
NzBmOG96Q0Q0ZHNrR3pCMVJZckIvc1kKLS0tIHViWkFBOEhJekszbmlLVFkwS29t
YTFNY2R6WitlZ0lxenV6eWJaTllJOXcK7LYlzxIZm5x+cv9nrjXdhh2X0UkUMXj9
qLNE3hLDTPD1TjSTjPZqhwn/tu8juvkghpGbP/uTt4HTDQ7AL6LX/g==
-----END AGE ENCRYPTED FILE-----
- recipient: age1rzee3wxh7773p7ytaq3zcl8q4tpsz3l43rdv2wezetgk0dlz0vws9jcpu2
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrM2ZSUGhVS01wTG9Zckh2
ZXNCd3BuQW55TEFqYWFtbTFnK3gwQTZNdGhzCkl0S0RadUxsM0JMa3hxa1FXS0Jx
NWlUdVd3cFpYemk2bWhDYlU2M3NqN3cKLS0tIGJPN0IzY01DYzVHeDNMQytZZUx5
VllLc2hqS1VhN3pQSm9FSFdOSmtpdE0KeMUGzVs1xRcOQfdVFQ6d2it8/iOkKNct
5ItiKjBqsrF3U/gPbXmOcPgxm6/Es+O0h8QQ0+JGYU8hNj/+0cRDrg==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-08-08T16:21:45Z"
mac: ENC[AES256_GCM,data:HZIfU0PQvr/572g+LhdYWmyO5SBUy0xzK5UcwM1PdKt9xYrcy6vC9Sk9VePR2p9f1rZFdw6B5Y2V/O3DG/L5Ct3xV0jHITgOLWjAFyITAxWV8X7FA8SRW4eusv3wuzFT8fTEXvXf8Y4wGozVrWJJIPMwIHOBzBGhM53YkMYEiXQ=,iv:6kkhKvPCewdSadQNd//hDOH0mY66XGkQSZ0KRgz24j8=,tag:Xpu6cTmi1Kvz5FimULzP7A==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.0

31
secrets/adampad-secrets.yaml Normal file
View File

@@ -0,0 +1,31 @@
openai_api_key: ENC[AES256_GCM,data:91O7UcISvIJ6fzZxxj6y/6T7KT04tu4dIsWfVgdqt9/JzplA734lTIixRNmYSxmhgVNCyX2pJn0WO1yH7uEsSj2CHyJxVGAL6h+7zqYFo/UxbXAWy9u1hSfAS0BL6WEXrlVzqdt9JGz0lBTK4qFyuXnnSzhPVG2qQGhenmEq1+UkqdY9,iv:rfyekHDh8UUvbcXgPsfsKA6AjO2z5XSGpeHpwpiuSXw=,tag:dHZhfWoO/e4ZUfSAEOxq0A==,type:str]
ssh_host: ENC[AES256_GCM,data:P2+7Sa7jtbCs67sxBGg03KoEQx91w7ulcMGU0Zlo9IU2mDTqYn4FPL11MjJ0x1yXXmizDPQEdIAdtDTQIuIoM8l3RJf63dx6BqX5KMecT9dEKqP7VtY3ZFQ+vCDVq+VwmRRbZ+uk1B6IxZZ3Do0AQKo9vLWqA/ipZMG/ATvJZmAqs7t3VhKMwc//gCA8/b9bsTyk0BbDrqL8/rfuvY0HT9XvhWGpow8lTOcAzJzbr8FWmQzVQIt/wT3vJK4+guBpZy/beombrVNPYBB2+J/wjidatiIvPJvmgE1UpXn8FzdnXoZTwxgBXWHw05FuenjS448VxYXs7Wx6HRYTk4yjFqnnaNoQ4Y4r1GP5sIgThZT2aTpA3w9v2l7y6U9Ft+cjVURDwk/VvNTCi0WCWdw28C3hYj1jcAs7+M4oqbfLZlEpBC1khCHXyvg7sU5RuEKY59PWRbYIXtFf59Faht7r1mhSWN0A/E45k2ASabaNl28Vfam1xFzoNxGfazchhiL1mQMLyoSjmSZ9vVhtg6te,iv:2Xe6mOFqiEWVql+ZAfztc0OLA1NpG6pYXPXz3+KI2Wg=,tag:auVimKI3E6y8yPt0zTB1JA==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1aj6tdyjcxjc3fqda3uvnzy6m49yj4ankvzdstnj3w9dr8hmsccts5vsgd8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwVHlvWkJRQmlQSWlYU0FR
b0pJQm43VzIrTWd2SzZSMVlra2szTnZPMnpZCkdldldmbm9pRWNCcFQ5eS9pMXhm
NzBmOG96Q0Q0ZHNrR3pCMVJZckIvc1kKLS0tIHViWkFBOEhJekszbmlLVFkwS29t
YTFNY2R6WitlZ0lxenV6eWJaTllJOXcK7LYlzxIZm5x+cv9nrjXdhh2X0UkUMXj9
qLNE3hLDTPD1TjSTjPZqhwn/tu8juvkghpGbP/uTt4HTDQ7AL6LX/g==
-----END AGE ENCRYPTED FILE-----
- recipient: age1rzee3wxh7773p7ytaq3zcl8q4tpsz3l43rdv2wezetgk0dlz0vws9jcpu2
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrM2ZSUGhVS01wTG9Zckh2
ZXNCd3BuQW55TEFqYWFtbTFnK3gwQTZNdGhzCkl0S0RadUxsM0JMa3hxa1FXS0Jx
NWlUdVd3cFpYemk2bWhDYlU2M3NqN3cKLS0tIGJPN0IzY01DYzVHeDNMQytZZUx5
VllLc2hqS1VhN3pQSm9FSFdOSmtpdE0KeMUGzVs1xRcOQfdVFQ6d2it8/iOkKNct
5ItiKjBqsrF3U/gPbXmOcPgxm6/Es+O0h8QQ0+JGYU8hNj/+0cRDrg==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-08-08T16:19:05Z"
mac: ENC[AES256_GCM,data:825FfQxusSCBHBWIH3VyAb06C+WAe/El1gUCngTOZe76gjex1yuSnMRoVPdLTIFbBhwpmal1jfyvpkaVaLvEyhj7dfHrDXbL/4Nzt5FFqYXQ+2bqUoP8uu+tMvaMEqJlTZFv/gYkx3RZy256rFqh1VXQuzejqVqX2JqbnUDj8/Q=,iv:/Ivr6tejZaudXZGcSUKDUi8oh6RJTu+84KzygLeP8VA=,tag:1DsD1l7jhKYojQASnevTjQ==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.0

31
secrets/cnix-secrets.yaml Normal file
View File

@@ -0,0 +1,31 @@
openai_api_key: ENC[AES256_GCM,data:91O7UcISvIJ6fzZxxj6y/6T7KT04tu4dIsWfVgdqt9/JzplA734lTIixRNmYSxmhgVNCyX2pJn0WO1yH7uEsSj2CHyJxVGAL6h+7zqYFo/UxbXAWy9u1hSfAS0BL6WEXrlVzqdt9JGz0lBTK4qFyuXnnSzhPVG2qQGhenmEq1+UkqdY9,iv:rfyekHDh8UUvbcXgPsfsKA6AjO2z5XSGpeHpwpiuSXw=,tag:dHZhfWoO/e4ZUfSAEOxq0A==,type:str]
ssh_host: ENC[AES256_GCM,data:P2+7Sa7jtbCs67sxBGg03KoEQx91w7ulcMGU0Zlo9IU2mDTqYn4FPL11MjJ0x1yXXmizDPQEdIAdtDTQIuIoM8l3RJf63dx6BqX5KMecT9dEKqP7VtY3ZFQ+vCDVq+VwmRRbZ+uk1B6IxZZ3Do0AQKo9vLWqA/ipZMG/ATvJZmAqs7t3VhKMwc//gCA8/b9bsTyk0BbDrqL8/rfuvY0HT9XvhWGpow8lTOcAzJzbr8FWmQzVQIt/wT3vJK4+guBpZy/beombrVNPYBB2+J/wjidatiIvPJvmgE1UpXn8FzdnXoZTwxgBXWHw05FuenjS448VxYXs7Wx6HRYTk4yjFqnnaNoQ4Y4r1GP5sIgThZT2aTpA3w9v2l7y6U9Ft+cjVURDwk/VvNTCi0WCWdw28C3hYj1jcAs7+M4oqbfLZlEpBC1khCHXyvg7sU5RuEKY59PWRbYIXtFf59Faht7r1mhSWN0A/E45k2ASabaNl28Vfam1xFzoNxGfazchhiL1mQMLyoSjmSZ9vVhtg6te,iv:2Xe6mOFqiEWVql+ZAfztc0OLA1NpG6pYXPXz3+KI2Wg=,tag:auVimKI3E6y8yPt0zTB1JA==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1aj6tdyjcxjc3fqda3uvnzy6m49yj4ankvzdstnj3w9dr8hmsccts5vsgd8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwVHlvWkJRQmlQSWlYU0FR
b0pJQm43VzIrTWd2SzZSMVlra2szTnZPMnpZCkdldldmbm9pRWNCcFQ5eS9pMXhm
NzBmOG96Q0Q0ZHNrR3pCMVJZckIvc1kKLS0tIHViWkFBOEhJekszbmlLVFkwS29t
YTFNY2R6WitlZ0lxenV6eWJaTllJOXcK7LYlzxIZm5x+cv9nrjXdhh2X0UkUMXj9
qLNE3hLDTPD1TjSTjPZqhwn/tu8juvkghpGbP/uTt4HTDQ7AL6LX/g==
-----END AGE ENCRYPTED FILE-----
- recipient: age1rzee3wxh7773p7ytaq3zcl8q4tpsz3l43rdv2wezetgk0dlz0vws9jcpu2
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrM2ZSUGhVS01wTG9Zckh2
ZXNCd3BuQW55TEFqYWFtbTFnK3gwQTZNdGhzCkl0S0RadUxsM0JMa3hxa1FXS0Jx
NWlUdVd3cFpYemk2bWhDYlU2M3NqN3cKLS0tIGJPN0IzY01DYzVHeDNMQytZZUx5
VllLc2hqS1VhN3pQSm9FSFdOSmtpdE0KeMUGzVs1xRcOQfdVFQ6d2it8/iOkKNct
5ItiKjBqsrF3U/gPbXmOcPgxm6/Es+O0h8QQ0+JGYU8hNj/+0cRDrg==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-08-08T16:19:05Z"
mac: ENC[AES256_GCM,data:825FfQxusSCBHBWIH3VyAb06C+WAe/El1gUCngTOZe76gjex1yuSnMRoVPdLTIFbBhwpmal1jfyvpkaVaLvEyhj7dfHrDXbL/4Nzt5FFqYXQ+2bqUoP8uu+tMvaMEqJlTZFv/gYkx3RZy256rFqh1VXQuzejqVqX2JqbnUDj8/Q=,iv:/Ivr6tejZaudXZGcSUKDUi8oh6RJTu+84KzygLeP8VA=,tag:1DsD1l7jhKYojQASnevTjQ==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.0

31
secrets/cnst-secrets.yaml Normal file
View File

@@ -0,0 +1,31 @@
openai_api_key: ENC[AES256_GCM,data:91O7UcISvIJ6fzZxxj6y/6T7KT04tu4dIsWfVgdqt9/JzplA734lTIixRNmYSxmhgVNCyX2pJn0WO1yH7uEsSj2CHyJxVGAL6h+7zqYFo/UxbXAWy9u1hSfAS0BL6WEXrlVzqdt9JGz0lBTK4qFyuXnnSzhPVG2qQGhenmEq1+UkqdY9,iv:rfyekHDh8UUvbcXgPsfsKA6AjO2z5XSGpeHpwpiuSXw=,tag:dHZhfWoO/e4ZUfSAEOxq0A==,type:str]
ssh_user: ENC[AES256_GCM,data:u6YjlfDAX1zEO5Zd6SYn3C3q/H8knUwMT8Xv4d0YbYnVrainntukSKwO5jwUMay+BfgkWfRBil0/mqxBZjS1E+we3iDxYHTLLWXjQ2QJTzrVJHpu1MFcvYPfjQsocS96i6V8N/eH2fNIjSmys4uBxrLlnlsA3nuC4kvk/6rAq7ndp27eyQH/rx7iorMvyMtfRcKTOSCQNlaHu2WLtH6rxcUg8c+zYhlPR1OkM6I7tWrrw/48Bj7USjdXyNXM18qX05/EetkZdM6vHDWWPYTfVEnoP3K8zjgWXwoX/3amNgvX2wQYS8eSGxdLA5hCvKi1ytl3aEr+QjYn3X+qkqtdk6cvMnx6nyotMWpoJdnaRQqarB3gh0kHWCRjs0ALsWyvn7ShUXYOT3fflX1lXiEjpQp5TbvR+EpB4gicpa60j9s13u43znMqYqnlnGvTGoBXbkz6ZE6EcKXyPq9RuNWyK6X/j3kvAyiemoBkJg4rEURnG2bq9oMMvlZtbp1wkSIAwOPJjuAxOyn7LaQTEaBc,iv:u4AOkMRsT7laSfdYxXSa6LxCmDN2cA1ZBGZMRW/k9A0=,tag:s3r5cNHz02cpXdUrSL1jeQ==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1aj6tdyjcxjc3fqda3uvnzy6m49yj4ankvzdstnj3w9dr8hmsccts5vsgd8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwVHlvWkJRQmlQSWlYU0FR
b0pJQm43VzIrTWd2SzZSMVlra2szTnZPMnpZCkdldldmbm9pRWNCcFQ5eS9pMXhm
NzBmOG96Q0Q0ZHNrR3pCMVJZckIvc1kKLS0tIHViWkFBOEhJekszbmlLVFkwS29t
YTFNY2R6WitlZ0lxenV6eWJaTllJOXcK7LYlzxIZm5x+cv9nrjXdhh2X0UkUMXj9
qLNE3hLDTPD1TjSTjPZqhwn/tu8juvkghpGbP/uTt4HTDQ7AL6LX/g==
-----END AGE ENCRYPTED FILE-----
- recipient: age1rzee3wxh7773p7ytaq3zcl8q4tpsz3l43rdv2wezetgk0dlz0vws9jcpu2
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrM2ZSUGhVS01wTG9Zckh2
ZXNCd3BuQW55TEFqYWFtbTFnK3gwQTZNdGhzCkl0S0RadUxsM0JMa3hxa1FXS0Jx
NWlUdVd3cFpYemk2bWhDYlU2M3NqN3cKLS0tIGJPN0IzY01DYzVHeDNMQytZZUx5
VllLc2hqS1VhN3pQSm9FSFdOSmtpdE0KeMUGzVs1xRcOQfdVFQ6d2it8/iOkKNct
5ItiKjBqsrF3U/gPbXmOcPgxm6/Es+O0h8QQ0+JGYU8hNj/+0cRDrg==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-08-08T16:21:45Z"
mac: ENC[AES256_GCM,data:HZIfU0PQvr/572g+LhdYWmyO5SBUy0xzK5UcwM1PdKt9xYrcy6vC9Sk9VePR2p9f1rZFdw6B5Y2V/O3DG/L5Ct3xV0jHITgOLWjAFyITAxWV8X7FA8SRW4eusv3wuzFT8fTEXvXf8Y4wGozVrWJJIPMwIHOBzBGhM53YkMYEiXQ=,iv:6kkhKvPCewdSadQNd//hDOH0mY66XGkQSZ0KRgz24j8=,tag:Xpu6cTmi1Kvz5FimULzP7A==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.0

1
secrets/keys/cnst.txt Normal file
View File

@@ -0,0 +1 @@
AGE-SECRET-KEY-1SG89YDGGMZEE9U9YUFTJS8DKFTNSJQXD0TXVDRQE9GD3EXF8YWPQUGEXMH

31
secrets/toothpc-secrets.yaml Normal file
View File

@@ -0,0 +1,31 @@
openai_api_key: ENC[AES256_GCM,data:91O7UcISvIJ6fzZxxj6y/6T7KT04tu4dIsWfVgdqt9/JzplA734lTIixRNmYSxmhgVNCyX2pJn0WO1yH7uEsSj2CHyJxVGAL6h+7zqYFo/UxbXAWy9u1hSfAS0BL6WEXrlVzqdt9JGz0lBTK4qFyuXnnSzhPVG2qQGhenmEq1+UkqdY9,iv:rfyekHDh8UUvbcXgPsfsKA6AjO2z5XSGpeHpwpiuSXw=,tag:dHZhfWoO/e4ZUfSAEOxq0A==,type:str]
ssh_user: ENC[AES256_GCM,data:u6YjlfDAX1zEO5Zd6SYn3C3q/H8knUwMT8Xv4d0YbYnVrainntukSKwO5jwUMay+BfgkWfRBil0/mqxBZjS1E+we3iDxYHTLLWXjQ2QJTzrVJHpu1MFcvYPfjQsocS96i6V8N/eH2fNIjSmys4uBxrLlnlsA3nuC4kvk/6rAq7ndp27eyQH/rx7iorMvyMtfRcKTOSCQNlaHu2WLtH6rxcUg8c+zYhlPR1OkM6I7tWrrw/48Bj7USjdXyNXM18qX05/EetkZdM6vHDWWPYTfVEnoP3K8zjgWXwoX/3amNgvX2wQYS8eSGxdLA5hCvKi1ytl3aEr+QjYn3X+qkqtdk6cvMnx6nyotMWpoJdnaRQqarB3gh0kHWCRjs0ALsWyvn7ShUXYOT3fflX1lXiEjpQp5TbvR+EpB4gicpa60j9s13u43znMqYqnlnGvTGoBXbkz6ZE6EcKXyPq9RuNWyK6X/j3kvAyiemoBkJg4rEURnG2bq9oMMvlZtbp1wkSIAwOPJjuAxOyn7LaQTEaBc,iv:u4AOkMRsT7laSfdYxXSa6LxCmDN2cA1ZBGZMRW/k9A0=,tag:s3r5cNHz02cpXdUrSL1jeQ==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1aj6tdyjcxjc3fqda3uvnzy6m49yj4ankvzdstnj3w9dr8hmsccts5vsgd8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwVHlvWkJRQmlQSWlYU0FR
b0pJQm43VzIrTWd2SzZSMVlra2szTnZPMnpZCkdldldmbm9pRWNCcFQ5eS9pMXhm
NzBmOG96Q0Q0ZHNrR3pCMVJZckIvc1kKLS0tIHViWkFBOEhJekszbmlLVFkwS29t
YTFNY2R6WitlZ0lxenV6eWJaTllJOXcK7LYlzxIZm5x+cv9nrjXdhh2X0UkUMXj9
qLNE3hLDTPD1TjSTjPZqhwn/tu8juvkghpGbP/uTt4HTDQ7AL6LX/g==
-----END AGE ENCRYPTED FILE-----
- recipient: age1rzee3wxh7773p7ytaq3zcl8q4tpsz3l43rdv2wezetgk0dlz0vws9jcpu2
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrM2ZSUGhVS01wTG9Zckh2
ZXNCd3BuQW55TEFqYWFtbTFnK3gwQTZNdGhzCkl0S0RadUxsM0JMa3hxa1FXS0Jx
NWlUdVd3cFpYemk2bWhDYlU2M3NqN3cKLS0tIGJPN0IzY01DYzVHeDNMQytZZUx5
VllLc2hqS1VhN3pQSm9FSFdOSmtpdE0KeMUGzVs1xRcOQfdVFQ6d2it8/iOkKNct
5ItiKjBqsrF3U/gPbXmOcPgxm6/Es+O0h8QQ0+JGYU8hNj/+0cRDrg==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-08-08T16:21:45Z"
mac: ENC[AES256_GCM,data:HZIfU0PQvr/572g+LhdYWmyO5SBUy0xzK5UcwM1PdKt9xYrcy6vC9Sk9VePR2p9f1rZFdw6B5Y2V/O3DG/L5Ct3xV0jHITgOLWjAFyITAxWV8X7FA8SRW4eusv3wuzFT8fTEXvXf8Y4wGozVrWJJIPMwIHOBzBGhM53YkMYEiXQ=,iv:6kkhKvPCewdSadQNd//hDOH0mY66XGkQSZ0KRgz24j8=,tag:Xpu6cTmi1Kvz5FimULzP7A==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.0

31
secrets/toothpick-sercrets.yaml Normal file
View File

@@ -0,0 +1,31 @@
openai_api_key: ENC[AES256_GCM,data:91O7UcISvIJ6fzZxxj6y/6T7KT04tu4dIsWfVgdqt9/JzplA734lTIixRNmYSxmhgVNCyX2pJn0WO1yH7uEsSj2CHyJxVGAL6h+7zqYFo/UxbXAWy9u1hSfAS0BL6WEXrlVzqdt9JGz0lBTK4qFyuXnnSzhPVG2qQGhenmEq1+UkqdY9,iv:rfyekHDh8UUvbcXgPsfsKA6AjO2z5XSGpeHpwpiuSXw=,tag:dHZhfWoO/e4ZUfSAEOxq0A==,type:str]
ssh_user: ENC[AES256_GCM,data:u6YjlfDAX1zEO5Zd6SYn3C3q/H8knUwMT8Xv4d0YbYnVrainntukSKwO5jwUMay+BfgkWfRBil0/mqxBZjS1E+we3iDxYHTLLWXjQ2QJTzrVJHpu1MFcvYPfjQsocS96i6V8N/eH2fNIjSmys4uBxrLlnlsA3nuC4kvk/6rAq7ndp27eyQH/rx7iorMvyMtfRcKTOSCQNlaHu2WLtH6rxcUg8c+zYhlPR1OkM6I7tWrrw/48Bj7USjdXyNXM18qX05/EetkZdM6vHDWWPYTfVEnoP3K8zjgWXwoX/3amNgvX2wQYS8eSGxdLA5hCvKi1ytl3aEr+QjYn3X+qkqtdk6cvMnx6nyotMWpoJdnaRQqarB3gh0kHWCRjs0ALsWyvn7ShUXYOT3fflX1lXiEjpQp5TbvR+EpB4gicpa60j9s13u43znMqYqnlnGvTGoBXbkz6ZE6EcKXyPq9RuNWyK6X/j3kvAyiemoBkJg4rEURnG2bq9oMMvlZtbp1wkSIAwOPJjuAxOyn7LaQTEaBc,iv:u4AOkMRsT7laSfdYxXSa6LxCmDN2cA1ZBGZMRW/k9A0=,tag:s3r5cNHz02cpXdUrSL1jeQ==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1aj6tdyjcxjc3fqda3uvnzy6m49yj4ankvzdstnj3w9dr8hmsccts5vsgd8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwVHlvWkJRQmlQSWlYU0FR
b0pJQm43VzIrTWd2SzZSMVlra2szTnZPMnpZCkdldldmbm9pRWNCcFQ5eS9pMXhm
NzBmOG96Q0Q0ZHNrR3pCMVJZckIvc1kKLS0tIHViWkFBOEhJekszbmlLVFkwS29t
YTFNY2R6WitlZ0lxenV6eWJaTllJOXcK7LYlzxIZm5x+cv9nrjXdhh2X0UkUMXj9
qLNE3hLDTPD1TjSTjPZqhwn/tu8juvkghpGbP/uTt4HTDQ7AL6LX/g==
-----END AGE ENCRYPTED FILE-----
- recipient: age1rzee3wxh7773p7ytaq3zcl8q4tpsz3l43rdv2wezetgk0dlz0vws9jcpu2
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrM2ZSUGhVS01wTG9Zckh2
ZXNCd3BuQW55TEFqYWFtbTFnK3gwQTZNdGhzCkl0S0RadUxsM0JMa3hxa1FXS0Jx
NWlUdVd3cFpYemk2bWhDYlU2M3NqN3cKLS0tIGJPN0IzY01DYzVHeDNMQytZZUx5
VllLc2hqS1VhN3pQSm9FSFdOSmtpdE0KeMUGzVs1xRcOQfdVFQ6d2it8/iOkKNct
5ItiKjBqsrF3U/gPbXmOcPgxm6/Es+O0h8QQ0+JGYU8hNj/+0cRDrg==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-08-08T16:21:45Z"
mac: ENC[AES256_GCM,data:HZIfU0PQvr/572g+LhdYWmyO5SBUy0xzK5UcwM1PdKt9xYrcy6vC9Sk9VePR2p9f1rZFdw6B5Y2V/O3DG/L5Ct3xV0jHITgOLWjAFyITAxWV8X7FA8SRW4eusv3wuzFT8fTEXvXf8Y4wGozVrWJJIPMwIHOBzBGhM53YkMYEiXQ=,iv:6kkhKvPCewdSadQNd//hDOH0mY66XGkQSZ0KRgz24j8=,tag:Xpu6cTmi1Kvz5FimULzP7A==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.0

2
system/default.nix
View File

@@ -20,9 +20,9 @@ let
++ [ ++ [
./opt/gaming.nix ./opt/gaming.nix
./opt/android ./opt/android
./opt/agenix
./opt/gimp ./opt/gimp
./opt/inkscape ./opt/inkscape
./opt/sops
./srv/blueman ./srv/blueman
]; ];
toothpc = toothpc =

14
system/nix/default.nix
View File

@@ -16,7 +16,6 @@
pkgs.git pkgs.git
pkgs.scx pkgs.scx
pkgs.stow pkgs.stow
pkgs.age
]; ];
localBinInPath = true; localBinInPath = true;
}; };
@@ -24,6 +23,7 @@
console.useXkbConfig = true; console.useXkbConfig = true;
nix = { nix = {
package = pkgs.lix;
# pin the registry to avoid downloading and evaling a new nixpkgs version every time # pin the registry to avoid downloading and evaling a new nixpkgs version every time
registry = lib.mapAttrs (_: v: {flake = v;}) inputs; registry = lib.mapAttrs (_: v: {flake = v;}) inputs;
@@ -37,11 +37,17 @@
experimental-features = ["nix-command" "flakes"]; experimental-features = ["nix-command" "flakes"];
flake-registry = "/etc/nix/registry.json"; flake-registry = "/etc/nix/registry.json";
# for direnv GC roots # # for direnv GC roots
keep-derivations = true; # keep-derivations = true;
keep-outputs = true; # keep-outputs = true;
trusted-users = ["root" "@wheel"]; trusted-users = ["root" "@wheel"];
}; };
gc = {
automatic = true;
dates = "weekly";
# Keep the last 3 generations
options = "--delete-older-than +3";
};
}; };
} }

6
system/nix/nh/cnix/default.nix
View File

@@ -3,9 +3,11 @@
programs = { programs = {
nh = { nh = {
enable = true; enable = true;
clean.enable = true;
clean.extraArgs = "--keep-since 4d --keep 3";
flake = "/home/cnst/.nix-config"; flake = "/home/cnst/.nix-config";
# clean = {
# enable = true;
# extraArgs = "--keep-since 4d --keep 3";
# };
}; };
}; };
} }

11
system/opt/agenix/default.nix
View File

@@ -1,3 +1,10 @@
{inputs, ...}: { {
environment.systemPackages = [inputs.agenix.packages.x86_64-linux.default]; inputs,
pkgs,
...
}: {
environment.systemPackages = [
inputs.agenix.packages.x86_64-linux.default
pkgs.age
];
} }

66
system/opt/sops/default.nix Normal file
View File

@@ -0,0 +1,66 @@
{
config,
lib,
pkgs,
self,
...
}: let
defaultConfig = {
defaultSopsFile = "${self}/secrets/cnix-secrets.yaml";
secrets = {
openai_api_key = {
format = "yaml";
sopsFile = "${self}/secrets/cnix-secrets.yaml";
};
ssh_host = {
format = "yaml";
sopsFile = "${self}/secrets/cnix-secrets.yaml";
};
};
};
hostSpecificConfig = lib.mkMerge [
(lib.mkIf (config.networking.hostName == "toothpc") {
defaultSopsFile = "${self}/secrets/toothpc-secrets.yaml";
secrets = {
openai_api_key = {
format = "yaml";
sopsFile = "${self}/secrets/toothpc-secrets.yaml";
};
ssh_host = {
format = "yaml";
sopsFile = "${self}/secrets/toothpc-secrets.yaml";
};
};
})
(lib.mkIf (config.networking.hostName == "adampad") {
defaultSopsFile = "${self}/secrets/adampad-secrets.yaml";
secrets = {
openai_api_key = {
format = "yaml";
sopsFile = "${self}/secrets/adampad-secrets.yaml";
};
ssh_host = {
format = "yaml";
sopsFile = "${self}/secrets/adampad-secrets.yaml";
};
};
})
];
in {
sops = lib.mkMerge [
{
age = {sshKeyPaths = ["/etc/ssh/ssh_host_ed25519_key"];};
gnupg = {
home = "~/.gnupg";
sshKeyPaths = [];
};
}
defaultConfig
hostSpecificConfig
];
environment.systemPackages = [
pkgs.sops
pkgs.age
];
}

5
system/srv/openssh/default.nix
View File

@@ -1,9 +1,8 @@
{ {
services.openssh = { services.openssh = {
enable = true; enable = true;
settings = {
PermitRootLogin = "no";
PasswordAuthentication = false;
}; };
programs.ssh = {
startAgent = true;
}; };
} }