diff --git a/flake.lock b/flake.lock index 3893c24..a1a98cd 100644 --- a/flake.lock +++ b/flake.lock @@ -1,5 +1,27 @@ { "nodes": { + "declarative-jellyfin": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ], + "systems": "systems", + "treefmt-nix": "treefmt-nix" + }, + "locked": { + "lastModified": 1761143269, + "narHash": "sha256-pebbh3IEl8crA9g0fbHeUvNyawAvhO2kNq8klpUWyk0=", + "owner": "Sveske-Juice", + "repo": "declarative-jellyfin", + "rev": "740743deba3de6bc227d9769adb94d4a14a3f25c", + "type": "github" + }, + "original": { + "owner": "Sveske-Juice", + "repo": "declarative-jellyfin", + "type": "github" + } + }, "deploy-rs": { "inputs": { "flake-compat": "flake-compat", @@ -9,11 +31,11 @@ "utils": "utils" }, "locked": { - "lastModified": 1766051518, - "narHash": "sha256-znKOwPXQnt3o7lDb3hdf19oDo0BLP4MfBOYiWkEHoik=", + "lastModified": 1762286984, + "narHash": "sha256-9I2H9x5We6Pl+DBYHjR1s3UT8wgwcpAH03kn9CqtdQc=", "owner": "serokell", "repo": "deploy-rs", - "rev": "d5eff7f948535b9c723d60cd8239f8f11ddc90fa", + "rev": "9c870f63e28ec1e83305f7f6cb73c941e699f74f", "type": "github" }, "original": { @@ -29,11 +51,11 @@ ] }, "locked": { - "lastModified": 1766150702, - "narHash": "sha256-P0kM+5o+DKnB6raXgFEk3azw8Wqg5FL6wyl9jD+G5a4=", + "lastModified": 1764017209, + "narHash": "sha256-RoJGCtKExXXkNCZUmmxezG3eOczEOTBw38DaZGSYJC0=", "owner": "nix-community", "repo": "disko", - "rev": "916506443ecd0d0b4a0f4cf9d40a3c22ce39b378", + "rev": "ec8eabe00c4ee9a2ddc50162c125f0ec2a7099e1", "type": "github" }, "original": { @@ -58,47 +80,6 @@ "type": "github" } }, - "flake-parts": { - "inputs": { - "nixpkgs-lib": "nixpkgs-lib" - }, - "locked": { - "lastModified": 1763759067, - "narHash": "sha256-LlLt2Jo/gMNYAwOgdRQBrsRoOz7BPRkzvNaI/fzXi2Q=", - "owner": "hercules-ci", - "repo": "flake-parts", - "rev": "2cccadc7357c0ba201788ae99c4dfa90728ef5e0", - "type": "github" - }, - "original": { - "owner": "hercules-ci", - "repo": "flake-parts", - "type": "github" - } - }, - "jellarr": { - "inputs": { - "flake-parts": "flake-parts", - "nixpkgs": [ - "nixpkgs" - ], - "systems": "systems_2", - "treefmt-nix": "treefmt-nix" - }, - "locked": { - "lastModified": 1766313830, - "narHash": "sha256-l2QT4OfIgvGq+6MxBlxQixvKtgOTbIMf0v9VEof//aE=", - "owner": "venkyr77", - "repo": "jellarr", - "rev": "934a73f1060954904c927fbafd5a84bb6db10e1a", - "type": "github" - }, - "original": { - "owner": "venkyr77", - "repo": "jellarr", - "type": "github" - } - }, "nid": { "inputs": { "nixpkgs": [ @@ -106,11 +87,11 @@ ] }, "locked": { - "lastModified": 1765267181, - "narHash": "sha256-d3NBA9zEtBu2JFMnTBqWj7Tmi7R5OikoU2ycrdhQEws=", + "lastModified": 1762660502, + "narHash": "sha256-C9F1C31ys0V7mnp4EcDy7L1cLZw/sCTEXqqTtGnvu08=", "owner": "nix-community", "repo": "nix-index-database", - "rev": "82befcf7dc77c909b0f2a09f5da910ec95c5b78f", + "rev": "15c5451c63f4c612874a43846bfe3fa828b03eee", "type": "github" }, "original": { @@ -121,11 +102,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1768028080, - "narHash": "sha256-50aDK+8eLvsLK39TzQhKNq50/HcXyP4hyxOYoPoVxjo=", + "lastModified": 1764522689, + "narHash": "sha256-SqUuBFjhl/kpDiVaKLQBoD8TLD+/cTUzzgVFoaHrkqY=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "d03088749a110d52a4739348f39a63f84bb0be14", + "rev": "8bb5646e0bed5dbd3ab08c7a7cc15b75ab4e1d0f", "type": "github" }, "original": { @@ -134,26 +115,11 @@ "type": "indirect" } }, - "nixpkgs-lib": { - "locked": { - "lastModified": 1761765539, - "narHash": "sha256-b0yj6kfvO8ApcSE+QmA6mUfu8IYG6/uU28OFn4PaC8M=", - "owner": "nix-community", - "repo": "nixpkgs.lib", - "rev": "719359f4562934ae99f5443f20aa06c2ffff91fc", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "nixpkgs.lib", - "type": "github" - } - }, "root": { "inputs": { + "declarative-jellyfin": "declarative-jellyfin", "deploy-rs": "deploy-rs", "disko": "disko", - "jellarr": "jellarr", "nid": "nid", "nixpkgs": "nixpkgs", "sops-nix": "sops-nix", @@ -167,11 +133,11 @@ ] }, "locked": { - "lastModified": 1768104471, - "narHash": "sha256-HdnXWQsA1EI27IJlaENUEEug58trUrh6+MT0cFiDHmY=", + "lastModified": 1762659808, + "narHash": "sha256-2Kv2mANf+FRisqhpfeZ8j9firBxb23ZvEXwdcunbpGI=", "owner": "Mic92", "repo": "sops-nix", - "rev": "94f9cbd20f680ebb2ad6cdf39da97cbcfaedf004", + "rev": "524312bc62e3f34bd9231a2f66622663d3355133", "type": "github" }, "original": { @@ -190,9 +156,8 @@ "type": "github" }, "original": { - "owner": "nix-systems", - "repo": "default", - "type": "github" + "id": "systems", + "type": "indirect" } }, "systems_2": { @@ -213,16 +178,16 @@ "treefmt-nix": { "inputs": { "nixpkgs": [ - "jellarr", + "declarative-jellyfin", "nixpkgs" ] }, "locked": { - "lastModified": 1762938485, - "narHash": "sha256-AlEObg0syDl+Spi4LsZIBrjw+snSVU4T8MOeuZJUJjM=", + "lastModified": 1749194973, + "narHash": "sha256-eEy8cuS0mZ2j/r/FE0/LYBSBcIs/MKOIVakwHVuqTfk=", "owner": "numtide", "repo": "treefmt-nix", - "rev": "5b4ee75aeefd1e2d5a1cc43cf6ba65eba75e83e4", + "rev": "a05be418a1af1198ca0f63facb13c985db4cb3c5", "type": "github" }, "original": { @@ -233,11 +198,11 @@ }, "unstable": { "locked": { - "lastModified": 1768127708, - "narHash": "sha256-1Sm77VfZh3mU0F5OqKABNLWxOuDeHIlcFjsXeeiPazs=", + "lastModified": 1762596750, + "narHash": "sha256-rXXuz51Bq7DHBlfIjN7jO8Bu3du5TV+3DSADBX7/9YQ=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "ffbc9f8cbaacfb331b6017d5a5abb21a492c9a38", + "rev": "b6a8526db03f735b89dd5ff348f53f752e7ddc8e", "type": "github" }, "original": { @@ -248,7 +213,7 @@ }, "utils": { "inputs": { - "systems": "systems" + "systems": "systems_2" }, "locked": { "lastModified": 1731533236, diff --git a/flake.nix b/flake.nix index 7a937bf..b81b7a5 100644 --- a/flake.nix +++ b/flake.nix @@ -10,8 +10,8 @@ sops-nix.url = "github:Mic92/sops-nix"; sops-nix.inputs.nixpkgs.follows = "nixpkgs"; - jellarr.url = "github:venkyr77/jellarr"; - jellarr.inputs.nixpkgs.follows = "nixpkgs"; + declarative-jellyfin.url = "github:Sveske-Juice/declarative-jellyfin"; + declarative-jellyfin.inputs.nixpkgs.follows = "nixpkgs"; deploy-rs.url = "github:serokell/deploy-rs"; deploy-rs.inputs.nixpkgs.follows = "nixpkgs"; @@ -37,7 +37,7 @@ { services.zmotd.enable = true; } # enable my motd service { programs.nix-ld.enable = true; } # use nix-ld cause nixos is a bit dumb - inputs.jellarr.nixosModules.default # jellyfin :) + inputs.declarative-jellyfin.nixosModules.default # jellyfin :) # use comma just in case I need to do some sysadmin stuff inputs.nid.nixosModules.nix-index { programs.nix-index-database.comma.enable = true; } @@ -78,7 +78,7 @@ # and where they get deployed to deploy.nodes = mkNodes { crayon = { hostname = "squi.bid"; }; - blob = { hostname = "10.0.0.92"; }; + blob = { hostname = "192.168.50.159"; }; }; # dev shell to deploy this flake diff --git a/hosts/blob/actual.nix b/hosts/blob/actual.nix deleted file mode 100644 index 0c232b1..0000000 --- a/hosts/blob/actual.nix +++ /dev/null @@ -1,51 +0,0 @@ -# that name actually sucks ass -# but it manages my money pretty well -# -# see https://github.com/miniluz/nixos-config/blob/8f0e417e34fa5bbb97b13215ee4843f85c6033be/modules/nixos/selfhosting/actual.nix#L13 -# for a good config -# and https://github.com/Jonas-Sander/actual-backup for backups -{ lib, config, ... }: -{ - options.actual.enable = lib.mkEnableOption "enable money management"; - config = lib.mkIf config.actual.enable { - services.gatus.settings.endpoints = [ - { - name = "actual"; - group = "local"; - url = "https://localhost:3000/"; - interval = "30s"; - client.insecure = true; - conditions = [ - "[connected] == true" - "[CERTIFICATE_EXPIRATION] > 48h" - ]; - } - ]; - - users.users.actual = { - isSystemUser = true; - group = "actual"; - }; - users.groups.actual = {}; - - sops.secrets."actual/key".owner = config.users.users.actual.name; - sops.secrets."actual/cert".owner = config.users.users.actual.name; - - services.actual = { - enable = true; - openFirewall = true; - settings = { - https = { - # for people trying to re-create my setup the key and cert were - # generated using the following command: - # openssl req -newkey rsa:4096 -x509 -days 36500 -sha512 -nodes -out certificate.pem -keyout privatekey.pem - # I've set the days to 36500 because I don't intend on being around - # after November 2125, and renewing certs is a pain in the ass on a - # local (and trusted) network - key = config.sops.secrets."actual/key".path; - cert = config.sops.secrets."actual/cert".path; - }; - }; - }; - }; -} diff --git a/hosts/blob/default.nix b/hosts/blob/default.nix index 28508ea..9a9cd87 100644 --- a/hosts/blob/default.nix +++ b/hosts/blob/default.nix @@ -9,8 +9,6 @@ ./jellyfin.nix ./minecraft.nix ./gatus.nix - ./actual.nix - ./git.nix ./ai.nix ]; @@ -18,10 +16,8 @@ boot.loader.efi.canTouchEfiVariables = true; # ai.enable = true; - jellyfin.enable = false; + jellyfin.enable = true; minecraft.enable = true; - actual.enable = true; - git.enable = true; # This value determines the NixOS release with which your system is to be # compatible, in order to avoid breaking some software such as database diff --git a/hosts/blob/git.nix b/hosts/blob/git.nix deleted file mode 100644 index 1a5e07d..0000000 --- a/hosts/blob/git.nix +++ /dev/null @@ -1,101 +0,0 @@ -{ pkgs, config, lib, ... }: -{ - options.git = { - enable = lib.mkEnableOption "enable git server"; - user = lib.mkOption { - type = lib.types.str; - default = "git"; - }; - group = lib.mkOption { - type = lib.types.str; - default = "git"; - }; - cgit = { - name = lib.mkOption { - type = lib.types.str; - default = "home"; - }; - port = lib.mkOption { - type = lib.types.int; - default = 8091; - }; - }; - }; - config = lib.mkIf config.git.enable { - services.gatus.settings.endpoints = [ - { - name = "cgit site"; - group = "local"; - url = "http://localhost:" + builtins.toString config.git.cgit.port; - interval = "5m"; - conditions = [ "[connected] == true" "[RESPONSE_TIME] < 300" ]; - } - ]; - - users.users.${config.git.user} = let - git-shell-wrap = pkgs.writeShellScriptBin "git-shell-wrap" '' - set -euo pipefail - cmd=$1; repo=$2 - - # get the repo normalize, and create it only if the client is sending - # us stuff - if echo "$repo" | grep -q git-receive-pack; then - repo=$(echo "$repo" | cut -d"'" -f 2 | sed 's/\.git$//').git - - # Make sure the repo exists on the server - repos=${config.users.users.${config.git.user}.home} - path=$repos/$repo - if [ ! -d "$path" ]; then - git init --bare "$path" >/dev/null 2>&1 - fi - fi - - # Run git-shell with the original args - exec ${pkgs.git}/bin/git-shell "$@" - ''; - in { - isSystemUser = true; - inherit (config.git) group; - home = "/var/lib/git-server"; - createHome = true; - openssh.authorizedKeys.keys = config.ssh.keys; - packages = [ git-shell-wrap ]; - shell = "${git-shell-wrap}/bin/git-shell-wrap"; - }; - users.groups.${config.git.group} = {}; - - networking.firewall.allowedTCPPorts = [ config.git.cgit.port ]; - services = { - cgit.${config.git.cgit.name} = { - enable = true; - inherit (config.git) user group; - scanPath = config.users.users.${config.git.user}.home; - gitHttpBackend.checkExportOkFiles = false; - settings = { - root-desc = "local git repo store path: ${config.users.users.${config.git.user}.home}"; - snapshots = "all"; - enable-commit-graph = true; - enable-follow-links = true; - enable-http-clone = true; - enable-remote-branches = true; - }; - }; - nginx.virtualHosts.${config.git.cgit.name}.listen = [{ - addr = "0.0.0.0"; - port = config.git.cgit.port; - }]; - - openssh = { - enable = true; - extraConfig = '' - Match user git - AllowTcpForwarding no - AllowAgentForwarding no - PasswordAuthentication no - PermitTTY no - X11Forwarding no - ''; - }; - }; - }; -} diff --git a/hosts/blob/jellyfin.nix b/hosts/blob/jellyfin.nix index 65357df..3584f0a 100644 --- a/hosts/blob/jellyfin.nix +++ b/hosts/blob/jellyfin.nix @@ -18,94 +18,61 @@ } ]; - sops.secrets."jellyfin/jellarr-env".owner = config.services.jellarr.user; - sops.secrets."jellyfin/zachary".owner = config.services.jellarr.user; - - services.jellarr = { + services.declarative-jellyfin = { enable = true; - environmentFile = config.sops.secrets."jellyfin/jellarr-env".path; - config = { - version = 1; - base_url = "http://localhost:8096"; - startup = { - completeStartupWizard = true; + openFirewall = true; + serverId = "0ba4e888503b4524a90285b7ad500256"; # could be anything + system = { + serverName = config.networking.hostName; + trickplayOptions = { + enableHwAcceleration = true; + enableHwEncoding = true; }; - encoding = { - allowAv1Encoding = false; - allowHevcEncoding = false; - enableDecodingColorDepth10Hevc = true; - enableDecodingColorDepth10HevcRext = true; - enableDecodingColorDepth12HevcRext = true; - enableDecodingColorDepth10Vp9 = true; - enableHardwareEncoding = true; - hardwareAccelerationType = "vaapi"; - hardwareDecodingCodecs = [ - "h264" - "hevc" - "mpeg2video" - "vc1" - "vp8" - "vp9" - "av1" - ]; - vaapiDevice = "/dev/dri/renderD128"; - }; - - system = { - quickConnectAvailable = false; - trickplayOptions = { - enableHwAcceleration = true; - enableHwEncoding = true; - }; - pluginRepositories = [ - { - content.Name = "Jellyfin Stable"; - content.Url = "https://repo.jellyfin.org/files/plugin/manifest.json"; - tag = "RepositoryInfo"; # Needed to generate the correct XML - } - { - content.Name = "Intro Skipper"; - content.Url = "https://intro-skipper.org/manifest.json"; - tag = "RepositoryInfo"; # Needed to generate the correct XML - } - ]; - }; - - libraries = { - virtualFolders = [ - { - name = "Movies"; - collectionType = "movies"; - pathInfos = [{ path = "/mnt/media/movies"; }]; - } - { - name = "Shows"; - collectionType = "tvshows"; - pathInfos = [{ path = "/mnt/media/shows"; }]; - } - ]; - }; - - users = [ + pluginRepositories = [ { - name = "zachary"; - passwordFile = config.sops.secrets."jellyfin/zachary".path; - policy = { - isAdministrator = true; - }; + content.Name = "Jellyfin Stable"; + content.Url = "https://repo.jellyfin.org/files/plugin/manifest.json"; + tag = "RepositoryInfo"; # Needed to generate the correct XML + } + { + content.Name = "Intro Skipper"; + content.Url = "https://intro-skipper.org/manifest.json"; + tag = "RepositoryInfo"; # Needed to generate the correct XML } ]; }; - - bootstrap = { - enable = true; - apiKeyFile = config.sops.secrets."jellyfin/jellarr-env".path; + users.zachary = { + mutable = false; + permissions.isAdministrator = true; + hashedPasswordFile = config.sops.secrets."jellyfin/zachary".path; + }; + libraries = { + Movies = { + enabled = true; + contentType = "movies"; + pathInfos = ["/mnt/media/movies"]; + }; + Shows = { + enabled = true; + contentType = "tvshows"; + pathInfos = ["/mnt/media/shows"]; + }; + }; + encoding = { + enableHardwareEncoding = true; + hardwareAccelerationType = "vaapi"; + enableDecodingColorDepth10Hevc = true; # enable if your system supports + allowHevcEncoding = true; # enable if your system supports + allowAv1Encoding = true; # enable if your system supports + hardwareDecodingCodecs = [ # enable the codecs your system supports + "h264" + "hevc" + "mpeg2video" + "vc1" + "vp9" + "av1" + ]; }; - }; - - services.jellyfin = { - enable = true; - openFirewall = true; }; }; } diff --git a/hosts/crayon/mailserver.nix b/hosts/crayon/mailserver.nix index db404e2..1a30bda 100644 --- a/hosts/crayon/mailserver.nix +++ b/hosts/crayon/mailserver.nix @@ -30,9 +30,6 @@ "security@zacharyscheiman.com" ]; }; - "spamella@zacharyscheiman.com" = { - hashedPasswordFile = config.sops.secrets."mail/me".path; - }; }; # Use Let's Encrypt certificates. Note that this needs to set up a stripped diff --git a/hosts/crayon/nginx.nix b/hosts/crayon/nginx.nix index c751c15..210d015 100644 --- a/hosts/crayon/nginx.nix +++ b/hosts/crayon/nginx.nix @@ -7,7 +7,6 @@ let # we have to explicitly pass in arguments because we're using import phpsock = config.services.phpfpm.pools.nginx.socket; inherit pkgs; - inherit config; }); }) <| virtHosts); in { diff --git a/hosts/crayon/www/squi.bid.nix b/hosts/crayon/www/squi.bid.nix index 8d1363e..9ac1c04 100644 --- a/hosts/crayon/www/squi.bid.nix +++ b/hosts/crayon/www/squi.bid.nix @@ -1,7 +1,7 @@ { phpsock, pkgs, ... }: { serverAliases = ["www.squi.bid"]; - root = "/var/www/squi.bid"; + root = "/var/www/squi.bid"; # TODO: make declarative locations = { "/" = { diff --git a/modules/os.nix b/modules/os.nix index 480055e..dae64ba 100644 --- a/modules/os.nix +++ b/modules/os.nix @@ -10,7 +10,7 @@ dates = "weekly"; automatic = true; randomizedDelaySec = "45min"; - options = "--delete-older-than 7d"; + options = "--delete-older-than 30d"; }; }; diff --git a/modules/sops.nix b/modules/sops.nix index 42c10f9..8bb471d 100644 --- a/modules/sops.nix +++ b/modules/sops.nix @@ -17,8 +17,6 @@ "mail/me" = {}; "jellyfin/zachary" = {}; "wireguard/crayon" = {}; - "actual/key" = {}; - "actual/cert" = {}; }; }; } diff --git a/secrets.yaml b/secrets.yaml index 65202f3..4832b5f 100644 --- a/secrets.yaml +++ b/secrets.yaml @@ -2,15 +2,10 @@ mail: me: ENC[AES256_GCM,data:egjtukOJ0OQlwuk3nvwpeTaBQXfolZNlsqu9d1G5ryJJB6TvN9iydnJAG2Jn0v6rp3UTdX6dJNYUHQ9duLo7Y/Hn1LSyWEkA6g==,iv:/Xw6fow3kD2lX5wfHTgt9IGemG6kqXoQe0V5TjZK7mU=,tag:KSSN+sdI/CP7bvQF2S2kGQ==,type:str] jellyfin: zachary: ENC[AES256_GCM,data:GIDgfsxhU4fZVjP/cTmTvIA1aeP4lbd3Fz6tbPLdyL37KD+IKERgkxJmGwtt9GNwnJBsHE/xpH8ZAvloS1DykZZtEaqB0H6wuA==,iv:FM0d4tiQPzyoEiqEQF5YvNeClHXOhP+q+TaKGeyg/TE=,tag:v+sYDwQiCX7o+g7plcnQFg==,type:str] - jellarr-env: ENC[AES256_GCM,data:BKbSibSD69MCaKr53fZrz9ICkiCjWiLeSezKrKiqlXnDGyQsfXFasNrAYQuwLse/7ZuoMGwKne9MI8LnTwrgnQiC0lc=,iv:URIeAYzOgutsy9HVc62iVbh1fqCpFXEL7cBBKrXT1ms=,tag:Vt1ilI+QVtLhcbZ0jQtwcQ==,type:str] users: crown: ENC[AES256_GCM,data:6UAYcafxflvbsTXC1N3Ff0hAlWGjveYDUzbcXPSGfPX0uXg++bfjRwYo3JFgfJpJ/KN4MODPSxgjFAFnoZOnkyxk0UDSppDagQ==,iv:PWmxuj2caqRLASjftbl0tovNq2t1WoDoviJXs/OO8yI=,tag:EwJhROsHfj5cPkpxUCy+uw==,type:str] wireguard: crayon: ENC[AES256_GCM,data:pQ4nOzcON+yCqgisBQO8LIdfi9GmXE9YcPzBRgu9Fdzx0R6p4dEK+DVBuDg=,iv:vq0uDgZlLwXVZMwE3xTWZDP20uaAcT4I0D7qLS61ApI=,tag:btVyZREPAgfcC694/Wusmg==,type:str] -actual: - simplefin-token: ENC[AES256_GCM,data:FHfAQkF42euhwW6LVTahCOtCuyuvw9YDrJzzxXcV2I9afamuk1BFPIsWQijFo17BvJDCaUGAiiLATxqTlA0rpIe4OJP+4lypoSQMg/a4jFIKuwiWoMWLCJr6aKn8q58oYjxde4o3XOB8ThiVIe5Ml4wSgBlNJU7woAA7goUwIlVq4QR3FfSHMXLXsrVxypdnapguDKmQYv4f+FTEiHgVt40aj5ggk/avEsd7D3mFc0/pWVbzbGsIIvDgAPT89fNngxpmg1jllb2+3qd3Scy5Ibz03zDaZdN/5IrVyQCPwPgRikxk+Yx5twb7DafmCDXC,iv:qFxE4ZEQXxpzTez/qMyz89MswwJz7qjw2QfuaaJIDoU=,tag:jTKVOBFTg09cECtaOcPL9g==,type:str] - key: ENC[AES256_GCM,data:qRZqxLOkAif7/ALtGCWycAZ1x8rbhCclcfXY9m0vUDWk60+nECWbbuD+7jeO7ddQbsA06LfpdsFZ99MGHB5OoXd1sZHfS1dsTPEW0vG5JIFRVQfNOSdUlCBY/EAwcViXRaTluilQohlhnJhgFQw7syRTKglHrX+VWV9yBf2RB28LPRHgbnz6v5FkEgf0ZcFNiATN1kjBlfQcuvLPxEvgdh5j4BcndZH4KyH3C54ZNA14iw8MUpxDABSJH7YDp+5nNNDPD331aiyB3ttfxm60Iu5DNqUPHHORQWRXFCp9jAKxvVuTX/0FApsFQ9UtU3gI2fmoYUFStdLKBDplLObehb5XG5k7Euz0aoc9PkEaooPy4E6zRhbaJ/PGKD3APDX1wlVghe2+gGeLqDOu47qmyv6+6ysepZvYBkbBC1qjEaplnRLEM83AcYiHs36I/FE/ra4HYis92r0PBno1Si2kySE50AWX7nG52Kfy8jO04P2HzhYffaLvrn2fLb0ruN7RV6IlWYRyARHxsBo/omfmA/G7LCzHAKlgvSaWa/EbyCSNZ+pdCwmy5RA/fzOwnjy+X4waO3agMPVKmHfEKc2WB6AGPpFs22NRoQ/AP+DXvz3bf1o5qSSo4VDaB7+kqwy0FNgZqIcfvkzFUEW6ySiestsbQazb3J5/RPtPqUVoS9dW4Xtzwi2gVJAgbCRXmlJscg36knv02rEBl0rLG+Ex4EM77erBsR0I32nkQZyozMRndy32U/CFJ7PXmqUs7/CGmgP0+76Xca03rl7yykgyq6eBfEY5m9XxS8mh4YD+PzbV6P0HPqpHQqj2DvbzUr2FloX/tgZTDRrfLQ6qZoWds3k67z+0j5IkH4ESARpSF5+9L4DQW5RxbZD7rQR8EZYKI9kRI/Qtz4pYcaekMohiBpL0V8J9dFkcv4O1CtZQo/RWbFITO9tvMOb3eI2jjrpP6A+3Mmw3HyRAFNuKkT55DKtw6IhDHdxVuOmujAkGiMUyFZy4RkkmJpPLpphH7GmHgNKP2wRoAPL3m+7dufEEu8ovulIHWvu+kuR+gKlqlLTO8rbMUqbzLYH6QcwtQy7iamgwRH2ixMsAbQrX6cP9HOqwn9oZ0/kyJw1RZInP5EmYy613pyKSypHtJU8WU1jhcX3Qen/I9VPDGv1YpcDx0aZrAZ9UtYLRsdgSd1rhC+nMtD7Kk60mdBHy4hTI14rWIovQoEwFm2Je3PnKwam5jnVWa215gIIquqJor0YQR7tO+JG21yIFkevDA3a/YgpuuXmYSp+KRrCsEvYeVGHUPQG4HTrmG1MWyRodcO5DdKqmZRCXMLIwPs5YCSF2in1gRDefJuXsgLX6pzo5OMqJzCAC4EiZcYz0fGXvvCmYSEpuO5qjYQA3ZKv/YIKDiubyhgoaLpKnZ7ZOGIpZIk7iJOQx2MS6G1PnZAGfLw7lc2YKMj6qTWrLbfzD+1HoJVSnc9qjC6M2NDVwODSs7cxRaqjtrrD0uvMwHoX/tq6JUR1ZoUg097iuEJc9WzHYaEUNrAuK/29paQRwaUjou6JL4URwwnywmgh0QbBc5DZ9Q0Qhb2NttHFX1moVpKTw4CeXxQwjAXGVkRcth7fon7RI06Bd1B3k+Yxp1HacFBVz4uHCdD7LvRg5OP0odNQqOMqc7HV9EGefazvHP/NXbEXAnd+MVLRpZPm5qgK+O3afUgAfFn5WzRhe5lnhpDnE+kKlr7G8equOjaEyATpvh/X70x77r7Y04vlfC/iXdOPBd/50hC79WKSaamX9uIADIkH1JNdr+TS8eN8JoxUfTrZWYRBEH5ojdjzK4U7uNNRglS64sEXI5ocj/iAtEkqtUL+sTybn70WDgAONum234ugD+8YWZggGGvHENeEFbCMOfVrO7OLqX8ptTgtGobpqegzUlUNbg5hdJELIoqFDTkxWjtO0X0cDmiAFsdQLGyUhSO9rYEgpsObcdA8YxBw2SMX4yjPy9n6J9nJqrK69hbJaJgB10/9AYV3J9t9JkwnjUrXkCvHgHRo43RACgmpIEy6+joBRqnGx9KKMPLi5x9vQINSeKd9z/dz38XBwWHGyg9P7T8Qo/JamWjaXTCfhvWC5y2tu/A79WOVYpNBsA1BlpNhpOd3gPO91s9mXjjObMMIcOoRRXjQPYiznuF65Fs8UO8B9W3VFgTkV1NAILRTHW09xkJRm4jnKbkyYhFqPa4q6+mN+poFxC+bA+rIBD2Du9vQcyLRWD/e2W0cID8Hcn3jnRsGkP/B1HKE33BPgOCZVLq2WdBGOWUOkkPOuXFo54/1XYIHFDQXVydeHAPuRnKjsaOMmIZpJChy9iAI5Hehf+LYqGmB0AAHnSAek8HAXyLXWrKquej1+2Qd1a6Xp1f88h83my/ijvDtyZgTing5aJ6MFRuuzewIR6HqC0YVQgjWdS4vqbWULfwVCqg1gWh4gfc7n7Q8S9id1PYoLqUV586SQ4vpakgTetPiCLa3lav0mxyzgkJA6qWwPu5a57T18fDiRabTTspO+rp4kqR72jBJt0Him5vqc8a5lcDBBJ5z4dHzb5NgaGKeiZQRGGclFDZsqww0BCBSlBYoKM/3RnEnOv8yWvx76CmWGO/rZqMv6Bcd5u+QEx5eX10Qs8cXHgPBdu42EUKNggz/OKGSQKTs+fwJhAdVcw1gzIz9nFoqcTM2qrgk7GFBVUJ9HPXV9KKQjTPSqBjlNxexYkYC0Gb5wqebZJ9ftSgSiXNFrPkpDpSebWeGvcVvXzxEVO+RYGzrItvhYTt8p4NtblQ7/hKsD8qu7ey5jmcdAENqSsDS01/4UOQQivG3WoYctCklpI191cbnddg4v7TYXCTrcRjAixugwv7OQU9bdnpn91sVaAglvKIdau+7PDyYwGHh98Krv+VcWzCakBlSQpUywavaaoBO2GOxWB/E5++UvILWFxXo3MIRfQCu3Iut9Q6aRoFtcxF3+I4wH9CLgG5MEaRVKDKnS1BQUpNwAtT+DoYzdT8roSMH5M1vEC0MdFhoSpL9pek7kFnXYNJKsCmS3VmRuFXcC+f2pqjKmmkyM9jHdLJFpgFua3cyMwYVyNTtL7Xg2w1qJytgvdz8kNGKo0nxj75O3jNAK1zV5csO2/bANO745cpXqwQGRKIEtM0b02n3YS2vXvZKZGkFoKUBJXY6kPaizY1zHxrSvVIVTqo7Vr/ClPNInaqiyof0UiPcfaiYGk/WvJqNSfWewcPUU9fTfUSmbPJkmmg1QEWrsbvHihs2Qmb7m0FzQoAXO2buYtrbj2tKzovoJRWiIeNTCgWmhLMea1MB5/viX1t8ODdYyJrqtwqFKgQgvuUFiBzqMENkTemiIxDxDS2v3T50tBkuGLg748v7s60cHxtBduGm/N5/2lYmiyl6OIKBefxo6klqRKvLh5IvNOU4SlKib6WKU1S4uv5ddEEg8myUlWgbzEEEJwNkeBncm+HtBBYEz6ud6ZE9oCd+U8xa61qFhOnVkXfhDeGeif5hvOPbyn9QFwZa0Obi/QtHbP/JJKmD6fKxEDyGBLiaUGWlJ4tYEuj1Wjahv01N6ZPc419uT6EOM3C7FgLRiTQIfENdmjKEw3A80VfiE+O0RBJpKXACB+wEnPAP/IVpD7RSZRFfD3aQdurH45rinvD8md2ynvMXrqVysnTiHaMBfZGdco6XVw1wgg6Bh9/2q0mp2c3hRkLXuEOfD6C78rmzn480B2V0I9IM0kxsLJTKLvVtMF2EnZDF3h0eGWNwTr8BaYwtCjjTpBSnuIFP3tBB9YYjeYz1fRM2O7IBx1FhEgqwtR/VWQuuB1fm6XQG5NPaW335qq3WwwtKphF8oVD9mPKQwlkqa/qmi57AfdGPjbsBysYb1pS0MixNgLiIHun1RZQNq23hGCJ93m0TD+7MiGMA6gHn61rM8OnXiaexUFspnidf6tww8leFTBr0wYwG9Cv3DEtaxJ7L+0Tw3GXYr5JR5i1WXHGmz6qYUDTAGD4yKqCmzPm/UQnbL8x7nbXnlql5eJGZjqXJGQW+DXjY8aKKakxHum+ziCr/+OSrIL7P2qd8QVGBm2v9OoIkr1FsFkpITEmGwo8TNj17h9rzaXEhtaG4hyipnWTfa/5o3niUDOz3wAVRsxEXycfL0vMcZg7sf6nFKtrsfF0k4M7WKlRbFyyKtpBZB+JiOeF3bCT3FDCw8K0XKzklISB+CF6qZ3Bdo8natv620NgvdGsQAv28YDG77YXt8ez9Vxmat0IfFvEcgpXBH7ey8jAA5spI6iPPmDm2wD6NLYizdpiva8gtx3TYCLuW3n94rgfRerPniuvxT3fHsxT+yxlUCCE0skULYMTUDsRTrRKA=,iv:GkP8nwiu9uYSSfCiNFCOyIYtmGzz4E8OgQ4FE2zlb2A=,tag:HtB0DXWVJXzfTJrF+RtoYQ==,type:str] - cert: ENC[AES256_GCM,data:ch4GfbWQLpiIobynNbUDA2xagy6VBAdDESvPiDgvVcVExmiMVffM4kCQo4HMWESVkuis/+/2Dmmmo7MrjsDbSP5Rv4YtVAcAxiY/iMRE1YedqkB67gjaD/qnoI0Kj984FP5jlzc2ggsfouGrhPdtNpjkDo6iicAldtmhqnD+uFHVwW3zZn6JPFBVddfsU4zb+VmKg/oyJW8xwICuXCJUFW0lLAjxxg1fBOZDbKFjWXmcEN+EikVKQYqE0j/O2qtwx6z9PXgNpMMnda/Jg5ESMJx2Cgksuw7KCjo5gwkJ17gfNR+23icnJyq00zz2bZdzpycJzVF8+tAaAS9itM8EhJrdeWaIBBfD23T3KB84xCjxrhjd9od2uUjfpioXi5EaCeY8OqUaqzY3lz/x8HiZvRqchDktakxiND0k4CTevQoG6nSQbo65QzGXWRhs0NO5ji4sH8lEcDBlsajeVX+2D5fd4vRm8FGy1eirz1IApsXyDWpdeNsJQkc30mg6oqVHIEtj0Vo9C0yak0bmTV3qk8OSSGBUilLtIiGWDJ/iBMNW59q9gj0DG4ylSNCgRA5MR5n42+D9/n6IsuOhAd9ztqs+m5NECsEG4EuggpKXMDY2qkp1dBDUJgTf/KP/1un4V+h7/sbjQHTtxExIXfFNB6MRYtftLGcjWOjtzGnYr/6keOARqW882CjL/9SQz0/sBsXkCgguOjjej8e7ymlNppxZYRK+0NHzrMvOqQTUHis6o1GWamS7HelTF5dGcecJniV/R+QlpXkk78O4X7MljY/hTlur3WSJJ2QupAxw59jwRroGFi5zfZY5udecfX33k/CKzSuwWdiWbYKoYAkssHcb66Xa4nlUvukbcEtNeX7ijl/TXQ4uZMnHFKa43bkccLZqsC+PY9cutv4W0YrKWGLtG+pHZD/2J7g3aZJHl5cyaTpe/wKTjJTw+UFAFvNFmP+Dua/Vjt9rsWikQNXVdtroKZ9Na9e/OlKlnQH2nctkBOttlR2fraoFy7CBNRpLDG10lRo8kpb0lmtshKYVQ8nVReiMbj7ofy2ugrbvvPYQ+vZdEUkLiH/mZRuWwSxpO71stFy0owbcimcJfsmsvrsIEFxzBeY12HngeihrhIAvg6BIRHGoniaKky0ScyyjN6s5WwgQVhtkoLL9op+Yqg/m6auZAtBiRC6lTx0T/UzzJKIACzs56a5J52ztKvK9yv9VNCopD1IqXXgpxYVTIl4x2gFmNSt1LZ9RaPkKZyW250igNhG6Ybggjx00TXxq9rZlmlbVUxQ8wy0OFeHGmBvcS2bCCBHTsRq/kDMPeLzahfgbi0O0KN/dm5qdh61gzTwy3smVgmhOJRyqoV4/pMpYy17irIsDlrUJkOoOik7MaxKMQTNAh/VavhyDV3d9S4DOTgX2J1NZbIcJZf8y6SLPcsPXZb2JOuDiUc/8nAhrW35jydeF875qnypjfxG6UJ6A4WtE6JNw02pcAbD+l8jNa1xMFW0Av8njp05g1O4EhE9iHYRqYyiAYzvx40sR9C1C7V/mDqNzA9IUy7a1q33eAY8lHOe8v8mGbmWsF6xwnquZFdMfh9Ukh2EeGg2TwtU8KEQVmGMyhpkAG0gk8VEg7CO3DC3AykZVNNmP4RTFzlG53zWWY7Bei/kia4/SgLukcRuV9dXhGM8hSryqzjF6SzY8KG6hjhaHRngBbWW0RGp9E5SjxuhGPExhfiJbg8zycEls7yXrNYGOQjjv71w37KpN2EKqrhEAcwdtISJ3/MUO9jk4K4EkbG1DRoEHEu0Z3wcPCGC9bjhtiKX9x6uB0syv2rLT7WzGq1orHaZsWzBXd47ygGCaaOpxoRLWOH7vW2G3TNlw4zibZg6TN8PzH/rYGEJnYtpT6oGNkMAXw3KwDVFWX3dUrsEiJFIGRuVm1gcRU4sb/Qn88JTvlUHbL/67cr7fEhG2ZB2posW9XPH150sRbBBhCqpqssiZV9EsneaR1WfRk5HIadCZvLkwn/xO4llkjUkav/9Y6UHQd32MHCivDXEnVTDjow7kqCy2wcxADxwXiKMEOOBGfB7kZkKW5F50XP9OLbwoYCg1qjBNxqRV+6esreDduIqEvwa5oXkbCRvBLoEkDjaJA2P5cRgRuKPARezdG4qaChqgROmjzdaGoAbgBwAqZBvLKERA7t+IU0/0xs+lj97asTf4CAg7kJNCDgZyeCYGSmSHwCgNf8hYyzHQyiV3VDQSfkeQ5RbeMT5+LscvzCJmGKHoJXnfvGaRToRAZL3YIwbvWPdBUHqgSl4tjZGxQf5ySOC7yyYWkXEKCApIcPBXr+x3yA7v6o5YGrF2YexJwVw646mt2BWtG25niml3PxcIOiDfBcvDEKCEWzw0j9gmbwObUMHmk2cC+VcqumMj9He+CcwEhotnu8a/HSQoeI+BCNnLVi+nuiGD1wIlE6lChXkcwDJxgV2QlNB2zGv5PQKeC+wZj70ZAJrWG0CKEW1EXtpSDQeNeCz3kdqSuCgdY8x/c2AcZ3thv4QwnVVq7oPkfXx3bXkA2RQWQLOfGPQ0tWkuoOuJp88k0P6QELL06qGB0EEDaiOlZ1oy2OZPxa85fVII0yv4lnC/AhBSaw2nKRZnfubiqxIs47tQx5+WumiGOyhPGz9SKC1946kaWX9Kcr5Ff6JSY+M1QirYED+6nWp7YV8m/+NcKNaI1e/tR6etK2c1UC5DGeaLHecq3Ydw5FmmXA==,iv:JP6EyqCQupdLQmES8BnHw8V0LP37lok9evZQoOnb3Jg=,tag:a5MLxJc2F+qzUV0QXTijxg==,type:str] sops: kms: [] gcp_kms: [] @@ -53,8 +48,8 @@ sops: NTUrY2pDQXJuTnREakRWQkFqckN2M2MKSonhOJsqcY/HDY+d25rEPwKSl3FSOpkW EJFXcKKTiJB96Ms5yDGRAtUvbqw/oSBbdGTqe7bE7pQhfj3Y8ECz4w== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-12-18T23:40:12Z" - mac: ENC[AES256_GCM,data:lM5af9T9tVkhkIIC260uy+lQQHru27t2R85allep0GtKqRvlhhCBbCnstylBL+GBuJsUS3koF6ycHSRUFuqJyYmeDO9jjLGtggQJbb03TbRVIn8AU5+0g8ytM8rBoyJ8qDv6tAQddpNhA9WHGbLgnQ0RX8xN5ZqpECHDyFsKeGs=,iv:W96ZhbNOe/jbJCJHwjLWxhYYJOkU1/bR6YGPqjdKavk=,tag:Z9JZ02ssfJeKQ6L6/PNLHQ==,type:str] + lastmodified: "2025-11-26T18:38:21Z" + mac: ENC[AES256_GCM,data:V3lKQj0ZWIPl2RPpnv7tRBG8sH6W9+rfnPy0z6g+3SZGmKtwhcgqVBG/VPMKhuyseNZ4vxE23lD7Ol44PchMgd/OCJqJF6TUl3A4LIqkK8Ji0m0cPcC3hsFaI8rChkWcLse30qcoQov4NbP7yElpf76Bh/NqBFgOqCjDD0Pp/NU=,iv:897reifxaub96UDCKCsWNxabVCSzYLmsIrrkXCxBgoM=,tag:0d4iQhLA/YxR7wrtUVxXqA==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.9.1 diff --git a/shell.nix b/shell.nix index bcb231e..33db7da 100644 --- a/shell.nix +++ b/shell.nix @@ -73,7 +73,7 @@ pkgs.mkShell { -commit # push flake config to a remote server(s) - nix run github:serokell/deploy-rs .#$1 # this needs to be the same version that the flake is using + nix run github:serokell/deploy-rs . # this needs to be the same version that the flake is using '') ];