diff --git a/flake.lock b/flake.lock index a1a98cd..3893c24 100644 --- a/flake.lock +++ b/flake.lock @@ -1,27 +1,5 @@ { "nodes": { - "declarative-jellyfin": { - "inputs": { - "nixpkgs": [ - "nixpkgs" - ], - "systems": "systems", - "treefmt-nix": "treefmt-nix" - }, - "locked": { - "lastModified": 1761143269, - "narHash": "sha256-pebbh3IEl8crA9g0fbHeUvNyawAvhO2kNq8klpUWyk0=", - "owner": "Sveske-Juice", - "repo": "declarative-jellyfin", - "rev": "740743deba3de6bc227d9769adb94d4a14a3f25c", - "type": "github" - }, - "original": { - "owner": "Sveske-Juice", - "repo": "declarative-jellyfin", - "type": "github" - } - }, "deploy-rs": { "inputs": { "flake-compat": "flake-compat", @@ -31,11 +9,11 @@ "utils": "utils" }, "locked": { - "lastModified": 1762286984, - "narHash": "sha256-9I2H9x5We6Pl+DBYHjR1s3UT8wgwcpAH03kn9CqtdQc=", + "lastModified": 1766051518, + "narHash": "sha256-znKOwPXQnt3o7lDb3hdf19oDo0BLP4MfBOYiWkEHoik=", "owner": "serokell", "repo": "deploy-rs", - "rev": "9c870f63e28ec1e83305f7f6cb73c941e699f74f", + "rev": "d5eff7f948535b9c723d60cd8239f8f11ddc90fa", "type": "github" }, "original": { @@ -51,11 +29,11 @@ ] }, "locked": { - "lastModified": 1764017209, - "narHash": "sha256-RoJGCtKExXXkNCZUmmxezG3eOczEOTBw38DaZGSYJC0=", + "lastModified": 1766150702, + "narHash": "sha256-P0kM+5o+DKnB6raXgFEk3azw8Wqg5FL6wyl9jD+G5a4=", "owner": "nix-community", "repo": "disko", - "rev": "ec8eabe00c4ee9a2ddc50162c125f0ec2a7099e1", + "rev": "916506443ecd0d0b4a0f4cf9d40a3c22ce39b378", "type": "github" }, "original": { @@ -80,6 +58,47 @@ "type": "github" } }, + "flake-parts": { + "inputs": { + "nixpkgs-lib": "nixpkgs-lib" + }, + "locked": { + "lastModified": 1763759067, + "narHash": "sha256-LlLt2Jo/gMNYAwOgdRQBrsRoOz7BPRkzvNaI/fzXi2Q=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "2cccadc7357c0ba201788ae99c4dfa90728ef5e0", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, + "jellarr": { + "inputs": { + "flake-parts": "flake-parts", + "nixpkgs": [ + "nixpkgs" + ], + "systems": "systems_2", + "treefmt-nix": "treefmt-nix" + }, + "locked": { + "lastModified": 1766313830, + "narHash": "sha256-l2QT4OfIgvGq+6MxBlxQixvKtgOTbIMf0v9VEof//aE=", + "owner": "venkyr77", + "repo": "jellarr", + "rev": "934a73f1060954904c927fbafd5a84bb6db10e1a", + "type": "github" + }, + "original": { + "owner": "venkyr77", + "repo": "jellarr", + "type": "github" + } + }, "nid": { "inputs": { "nixpkgs": [ @@ -87,11 +106,11 @@ ] }, "locked": { - "lastModified": 1762660502, - "narHash": "sha256-C9F1C31ys0V7mnp4EcDy7L1cLZw/sCTEXqqTtGnvu08=", + "lastModified": 1765267181, + "narHash": "sha256-d3NBA9zEtBu2JFMnTBqWj7Tmi7R5OikoU2ycrdhQEws=", "owner": "nix-community", "repo": "nix-index-database", - "rev": "15c5451c63f4c612874a43846bfe3fa828b03eee", + "rev": "82befcf7dc77c909b0f2a09f5da910ec95c5b78f", "type": "github" }, "original": { @@ -102,11 +121,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1764522689, - "narHash": "sha256-SqUuBFjhl/kpDiVaKLQBoD8TLD+/cTUzzgVFoaHrkqY=", + "lastModified": 1768028080, + "narHash": "sha256-50aDK+8eLvsLK39TzQhKNq50/HcXyP4hyxOYoPoVxjo=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "8bb5646e0bed5dbd3ab08c7a7cc15b75ab4e1d0f", + "rev": "d03088749a110d52a4739348f39a63f84bb0be14", "type": "github" }, "original": { @@ -115,11 +134,26 @@ "type": "indirect" } }, + "nixpkgs-lib": { + "locked": { + "lastModified": 1761765539, + "narHash": "sha256-b0yj6kfvO8ApcSE+QmA6mUfu8IYG6/uU28OFn4PaC8M=", + "owner": "nix-community", + "repo": "nixpkgs.lib", + "rev": "719359f4562934ae99f5443f20aa06c2ffff91fc", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nixpkgs.lib", + "type": "github" + } + }, "root": { "inputs": { - "declarative-jellyfin": "declarative-jellyfin", "deploy-rs": "deploy-rs", "disko": "disko", + "jellarr": "jellarr", "nid": "nid", "nixpkgs": "nixpkgs", "sops-nix": "sops-nix", @@ -133,11 +167,11 @@ ] }, "locked": { - "lastModified": 1762659808, - "narHash": "sha256-2Kv2mANf+FRisqhpfeZ8j9firBxb23ZvEXwdcunbpGI=", + "lastModified": 1768104471, + "narHash": "sha256-HdnXWQsA1EI27IJlaENUEEug58trUrh6+MT0cFiDHmY=", "owner": "Mic92", "repo": "sops-nix", - "rev": "524312bc62e3f34bd9231a2f66622663d3355133", + "rev": "94f9cbd20f680ebb2ad6cdf39da97cbcfaedf004", "type": "github" }, "original": { @@ -156,8 +190,9 @@ "type": "github" }, "original": { - "id": "systems", - "type": "indirect" + "owner": "nix-systems", + "repo": "default", + "type": "github" } }, "systems_2": { @@ -178,16 +213,16 @@ "treefmt-nix": { "inputs": { "nixpkgs": [ - "declarative-jellyfin", + "jellarr", "nixpkgs" ] }, "locked": { - "lastModified": 1749194973, - "narHash": "sha256-eEy8cuS0mZ2j/r/FE0/LYBSBcIs/MKOIVakwHVuqTfk=", + "lastModified": 1762938485, + "narHash": "sha256-AlEObg0syDl+Spi4LsZIBrjw+snSVU4T8MOeuZJUJjM=", "owner": "numtide", "repo": "treefmt-nix", - "rev": "a05be418a1af1198ca0f63facb13c985db4cb3c5", + "rev": "5b4ee75aeefd1e2d5a1cc43cf6ba65eba75e83e4", "type": "github" }, "original": { @@ -198,11 +233,11 @@ }, "unstable": { "locked": { - "lastModified": 1762596750, - "narHash": "sha256-rXXuz51Bq7DHBlfIjN7jO8Bu3du5TV+3DSADBX7/9YQ=", + "lastModified": 1768127708, + "narHash": "sha256-1Sm77VfZh3mU0F5OqKABNLWxOuDeHIlcFjsXeeiPazs=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "b6a8526db03f735b89dd5ff348f53f752e7ddc8e", + "rev": "ffbc9f8cbaacfb331b6017d5a5abb21a492c9a38", "type": "github" }, "original": { @@ -213,7 +248,7 @@ }, "utils": { "inputs": { - "systems": "systems_2" + "systems": "systems" }, "locked": { "lastModified": 1731533236, diff --git a/flake.nix b/flake.nix index b81b7a5..7a937bf 100644 --- a/flake.nix +++ b/flake.nix @@ -10,8 +10,8 @@ sops-nix.url = "github:Mic92/sops-nix"; sops-nix.inputs.nixpkgs.follows = "nixpkgs"; - declarative-jellyfin.url = "github:Sveske-Juice/declarative-jellyfin"; - declarative-jellyfin.inputs.nixpkgs.follows = "nixpkgs"; + jellarr.url = "github:venkyr77/jellarr"; + jellarr.inputs.nixpkgs.follows = "nixpkgs"; deploy-rs.url = "github:serokell/deploy-rs"; deploy-rs.inputs.nixpkgs.follows = "nixpkgs"; @@ -37,7 +37,7 @@ { services.zmotd.enable = true; } # enable my motd service { programs.nix-ld.enable = true; } # use nix-ld cause nixos is a bit dumb - inputs.declarative-jellyfin.nixosModules.default # jellyfin :) + inputs.jellarr.nixosModules.default # jellyfin :) # use comma just in case I need to do some sysadmin stuff inputs.nid.nixosModules.nix-index { programs.nix-index-database.comma.enable = true; } @@ -78,7 +78,7 @@ # and where they get deployed to deploy.nodes = mkNodes { crayon = { hostname = "squi.bid"; }; - blob = { hostname = "192.168.50.159"; }; + blob = { hostname = "10.0.0.92"; }; }; # dev shell to deploy this flake diff --git a/hosts/blob/actual.nix b/hosts/blob/actual.nix new file mode 100644 index 0000000..0c232b1 --- /dev/null +++ b/hosts/blob/actual.nix @@ -0,0 +1,51 @@ +# that name actually sucks ass +# but it manages my money pretty well +# +# see https://github.com/miniluz/nixos-config/blob/8f0e417e34fa5bbb97b13215ee4843f85c6033be/modules/nixos/selfhosting/actual.nix#L13 +# for a good config +# and https://github.com/Jonas-Sander/actual-backup for backups +{ lib, config, ... }: +{ + options.actual.enable = lib.mkEnableOption "enable money management"; + config = lib.mkIf config.actual.enable { + services.gatus.settings.endpoints = [ + { + name = "actual"; + group = "local"; + url = "https://localhost:3000/"; + interval = "30s"; + client.insecure = true; + conditions = [ + "[connected] == true" + "[CERTIFICATE_EXPIRATION] > 48h" + ]; + } + ]; + + users.users.actual = { + isSystemUser = true; + group = "actual"; + }; + users.groups.actual = {}; + + sops.secrets."actual/key".owner = config.users.users.actual.name; + sops.secrets."actual/cert".owner = config.users.users.actual.name; + + services.actual = { + enable = true; + openFirewall = true; + settings = { + https = { + # for people trying to re-create my setup the key and cert were + # generated using the following command: + # openssl req -newkey rsa:4096 -x509 -days 36500 -sha512 -nodes -out certificate.pem -keyout privatekey.pem + # I've set the days to 36500 because I don't intend on being around + # after November 2125, and renewing certs is a pain in the ass on a + # local (and trusted) network + key = config.sops.secrets."actual/key".path; + cert = config.sops.secrets."actual/cert".path; + }; + }; + }; + }; +} diff --git a/hosts/blob/default.nix b/hosts/blob/default.nix index 9a9cd87..28508ea 100644 --- a/hosts/blob/default.nix +++ b/hosts/blob/default.nix @@ -9,6 +9,8 @@ ./jellyfin.nix ./minecraft.nix ./gatus.nix + ./actual.nix + ./git.nix ./ai.nix ]; @@ -16,8 +18,10 @@ boot.loader.efi.canTouchEfiVariables = true; # ai.enable = true; - jellyfin.enable = true; + jellyfin.enable = false; minecraft.enable = true; + actual.enable = true; + git.enable = true; # This value determines the NixOS release with which your system is to be # compatible, in order to avoid breaking some software such as database diff --git a/hosts/blob/git.nix b/hosts/blob/git.nix new file mode 100644 index 0000000..1a5e07d --- /dev/null +++ b/hosts/blob/git.nix @@ -0,0 +1,101 @@ +{ pkgs, config, lib, ... }: +{ + options.git = { + enable = lib.mkEnableOption "enable git server"; + user = lib.mkOption { + type = lib.types.str; + default = "git"; + }; + group = lib.mkOption { + type = lib.types.str; + default = "git"; + }; + cgit = { + name = lib.mkOption { + type = lib.types.str; + default = "home"; + }; + port = lib.mkOption { + type = lib.types.int; + default = 8091; + }; + }; + }; + config = lib.mkIf config.git.enable { + services.gatus.settings.endpoints = [ + { + name = "cgit site"; + group = "local"; + url = "http://localhost:" + builtins.toString config.git.cgit.port; + interval = "5m"; + conditions = [ "[connected] == true" "[RESPONSE_TIME] < 300" ]; + } + ]; + + users.users.${config.git.user} = let + git-shell-wrap = pkgs.writeShellScriptBin "git-shell-wrap" '' + set -euo pipefail + cmd=$1; repo=$2 + + # get the repo normalize, and create it only if the client is sending + # us stuff + if echo "$repo" | grep -q git-receive-pack; then + repo=$(echo "$repo" | cut -d"'" -f 2 | sed 's/\.git$//').git + + # Make sure the repo exists on the server + repos=${config.users.users.${config.git.user}.home} + path=$repos/$repo + if [ ! -d "$path" ]; then + git init --bare "$path" >/dev/null 2>&1 + fi + fi + + # Run git-shell with the original args + exec ${pkgs.git}/bin/git-shell "$@" + ''; + in { + isSystemUser = true; + inherit (config.git) group; + home = "/var/lib/git-server"; + createHome = true; + openssh.authorizedKeys.keys = config.ssh.keys; + packages = [ git-shell-wrap ]; + shell = "${git-shell-wrap}/bin/git-shell-wrap"; + }; + users.groups.${config.git.group} = {}; + + networking.firewall.allowedTCPPorts = [ config.git.cgit.port ]; + services = { + cgit.${config.git.cgit.name} = { + enable = true; + inherit (config.git) user group; + scanPath = config.users.users.${config.git.user}.home; + gitHttpBackend.checkExportOkFiles = false; + settings = { + root-desc = "local git repo store path: ${config.users.users.${config.git.user}.home}"; + snapshots = "all"; + enable-commit-graph = true; + enable-follow-links = true; + enable-http-clone = true; + enable-remote-branches = true; + }; + }; + nginx.virtualHosts.${config.git.cgit.name}.listen = [{ + addr = "0.0.0.0"; + port = config.git.cgit.port; + }]; + + openssh = { + enable = true; + extraConfig = '' + Match user git + AllowTcpForwarding no + AllowAgentForwarding no + PasswordAuthentication no + PermitTTY no + X11Forwarding no + ''; + }; + }; + }; +} diff --git a/hosts/blob/jellyfin.nix b/hosts/blob/jellyfin.nix index 3584f0a..65357df 100644 --- a/hosts/blob/jellyfin.nix +++ b/hosts/blob/jellyfin.nix @@ -18,61 +18,94 @@ } ]; - services.declarative-jellyfin = { + sops.secrets."jellyfin/jellarr-env".owner = config.services.jellarr.user; + sops.secrets."jellyfin/zachary".owner = config.services.jellarr.user; + + services.jellarr = { + enable = true; + environmentFile = config.sops.secrets."jellyfin/jellarr-env".path; + config = { + version = 1; + base_url = "http://localhost:8096"; + startup = { + completeStartupWizard = true; + }; + encoding = { + allowAv1Encoding = false; + allowHevcEncoding = false; + enableDecodingColorDepth10Hevc = true; + enableDecodingColorDepth10HevcRext = true; + enableDecodingColorDepth12HevcRext = true; + enableDecodingColorDepth10Vp9 = true; + enableHardwareEncoding = true; + hardwareAccelerationType = "vaapi"; + hardwareDecodingCodecs = [ + "h264" + "hevc" + "mpeg2video" + "vc1" + "vp8" + "vp9" + "av1" + ]; + vaapiDevice = "/dev/dri/renderD128"; + }; + + system = { + quickConnectAvailable = false; + trickplayOptions = { + enableHwAcceleration = true; + enableHwEncoding = true; + }; + pluginRepositories = [ + { + content.Name = "Jellyfin Stable"; + content.Url = "https://repo.jellyfin.org/files/plugin/manifest.json"; + tag = "RepositoryInfo"; # Needed to generate the correct XML + } + { + content.Name = "Intro Skipper"; + content.Url = "https://intro-skipper.org/manifest.json"; + tag = "RepositoryInfo"; # Needed to generate the correct XML + } + ]; + }; + + libraries = { + virtualFolders = [ + { + name = "Movies"; + collectionType = "movies"; + pathInfos = [{ path = "/mnt/media/movies"; }]; + } + { + name = "Shows"; + collectionType = "tvshows"; + pathInfos = [{ path = "/mnt/media/shows"; }]; + } + ]; + }; + + users = [ + { + name = "zachary"; + passwordFile = config.sops.secrets."jellyfin/zachary".path; + policy = { + isAdministrator = true; + }; + } + ]; + }; + + bootstrap = { + enable = true; + apiKeyFile = config.sops.secrets."jellyfin/jellarr-env".path; + }; + }; + + services.jellyfin = { enable = true; openFirewall = true; - serverId = "0ba4e888503b4524a90285b7ad500256"; # could be anything - system = { - serverName = config.networking.hostName; - trickplayOptions = { - enableHwAcceleration = true; - enableHwEncoding = true; - }; - pluginRepositories = [ - { - content.Name = "Jellyfin Stable"; - content.Url = "https://repo.jellyfin.org/files/plugin/manifest.json"; - tag = "RepositoryInfo"; # Needed to generate the correct XML - } - { - content.Name = "Intro Skipper"; - content.Url = "https://intro-skipper.org/manifest.json"; - tag = "RepositoryInfo"; # Needed to generate the correct XML - } - ]; - }; - users.zachary = { - mutable = false; - permissions.isAdministrator = true; - hashedPasswordFile = config.sops.secrets."jellyfin/zachary".path; - }; - libraries = { - Movies = { - enabled = true; - contentType = "movies"; - pathInfos = ["/mnt/media/movies"]; - }; - Shows = { - enabled = true; - contentType = "tvshows"; - pathInfos = ["/mnt/media/shows"]; - }; - }; - encoding = { - enableHardwareEncoding = true; - hardwareAccelerationType = "vaapi"; - enableDecodingColorDepth10Hevc = true; # enable if your system supports - allowHevcEncoding = true; # enable if your system supports - allowAv1Encoding = true; # enable if your system supports - hardwareDecodingCodecs = [ # enable the codecs your system supports - "h264" - "hevc" - "mpeg2video" - "vc1" - "vp9" - "av1" - ]; - }; }; }; } diff --git a/hosts/crayon/mailserver.nix b/hosts/crayon/mailserver.nix index 1a30bda..db404e2 100644 --- a/hosts/crayon/mailserver.nix +++ b/hosts/crayon/mailserver.nix @@ -30,6 +30,9 @@ "security@zacharyscheiman.com" ]; }; + "spamella@zacharyscheiman.com" = { + hashedPasswordFile = config.sops.secrets."mail/me".path; + }; }; # Use Let's Encrypt certificates. Note that this needs to set up a stripped diff --git a/hosts/crayon/nginx.nix b/hosts/crayon/nginx.nix index 210d015..c751c15 100644 --- a/hosts/crayon/nginx.nix +++ b/hosts/crayon/nginx.nix @@ -7,6 +7,7 @@ let # we have to explicitly pass in arguments because we're using import phpsock = config.services.phpfpm.pools.nginx.socket; inherit pkgs; + inherit config; }); }) <| virtHosts); in { diff --git a/hosts/crayon/www/squi.bid.nix b/hosts/crayon/www/squi.bid.nix index 9ac1c04..8d1363e 100644 --- a/hosts/crayon/www/squi.bid.nix +++ b/hosts/crayon/www/squi.bid.nix @@ -1,7 +1,7 @@ { phpsock, pkgs, ... }: { serverAliases = ["www.squi.bid"]; - root = "/var/www/squi.bid"; # TODO: make declarative + root = "/var/www/squi.bid"; locations = { "/" = { diff --git a/modules/os.nix b/modules/os.nix index dae64ba..480055e 100644 --- a/modules/os.nix +++ b/modules/os.nix @@ -10,7 +10,7 @@ dates = "weekly"; automatic = true; randomizedDelaySec = "45min"; - options = "--delete-older-than 30d"; + options = "--delete-older-than 7d"; }; }; diff --git a/modules/sops.nix b/modules/sops.nix index 8bb471d..42c10f9 100644 --- a/modules/sops.nix +++ b/modules/sops.nix @@ -17,6 +17,8 @@ "mail/me" = {}; "jellyfin/zachary" = {}; "wireguard/crayon" = {}; + "actual/key" = {}; + "actual/cert" = {}; }; }; } diff --git a/secrets.yaml b/secrets.yaml index 4832b5f..65202f3 100644 --- a/secrets.yaml +++ b/secrets.yaml @@ -2,10 +2,15 @@ mail: me: ENC[AES256_GCM,data:egjtukOJ0OQlwuk3nvwpeTaBQXfolZNlsqu9d1G5ryJJB6TvN9iydnJAG2Jn0v6rp3UTdX6dJNYUHQ9duLo7Y/Hn1LSyWEkA6g==,iv:/Xw6fow3kD2lX5wfHTgt9IGemG6kqXoQe0V5TjZK7mU=,tag:KSSN+sdI/CP7bvQF2S2kGQ==,type:str] jellyfin: zachary: ENC[AES256_GCM,data:GIDgfsxhU4fZVjP/cTmTvIA1aeP4lbd3Fz6tbPLdyL37KD+IKERgkxJmGwtt9GNwnJBsHE/xpH8ZAvloS1DykZZtEaqB0H6wuA==,iv:FM0d4tiQPzyoEiqEQF5YvNeClHXOhP+q+TaKGeyg/TE=,tag:v+sYDwQiCX7o+g7plcnQFg==,type:str] + jellarr-env: ENC[AES256_GCM,data:BKbSibSD69MCaKr53fZrz9ICkiCjWiLeSezKrKiqlXnDGyQsfXFasNrAYQuwLse/7ZuoMGwKne9MI8LnTwrgnQiC0lc=,iv:URIeAYzOgutsy9HVc62iVbh1fqCpFXEL7cBBKrXT1ms=,tag:Vt1ilI+QVtLhcbZ0jQtwcQ==,type:str] users: crown: ENC[AES256_GCM,data:6UAYcafxflvbsTXC1N3Ff0hAlWGjveYDUzbcXPSGfPX0uXg++bfjRwYo3JFgfJpJ/KN4MODPSxgjFAFnoZOnkyxk0UDSppDagQ==,iv:PWmxuj2caqRLASjftbl0tovNq2t1WoDoviJXs/OO8yI=,tag:EwJhROsHfj5cPkpxUCy+uw==,type:str] wireguard: crayon: ENC[AES256_GCM,data:pQ4nOzcON+yCqgisBQO8LIdfi9GmXE9YcPzBRgu9Fdzx0R6p4dEK+DVBuDg=,iv:vq0uDgZlLwXVZMwE3xTWZDP20uaAcT4I0D7qLS61ApI=,tag:btVyZREPAgfcC694/Wusmg==,type:str] +actual: + simplefin-token: ENC[AES256_GCM,data:FHfAQkF42euhwW6LVTahCOtCuyuvw9YDrJzzxXcV2I9afamuk1BFPIsWQijFo17BvJDCaUGAiiLATxqTlA0rpIe4OJP+4lypoSQMg/a4jFIKuwiWoMWLCJr6aKn8q58oYjxde4o3XOB8ThiVIe5Ml4wSgBlNJU7woAA7goUwIlVq4QR3FfSHMXLXsrVxypdnapguDKmQYv4f+FTEiHgVt40aj5ggk/avEsd7D3mFc0/pWVbzbGsIIvDgAPT89fNngxpmg1jllb2+3qd3Scy5Ibz03zDaZdN/5IrVyQCPwPgRikxk+Yx5twb7DafmCDXC,iv:qFxE4ZEQXxpzTez/qMyz89MswwJz7qjw2QfuaaJIDoU=,tag:jTKVOBFTg09cECtaOcPL9g==,type:str] + key: ENC[AES256_GCM,data:qRZqxLOkAif7/ALtGCWycAZ1x8rbhCclcfXY9m0vUDWk60+nECWbbuD+7jeO7ddQbsA06LfpdsFZ99MGHB5OoXd1sZHfS1dsTPEW0vG5JIFRVQfNOSdUlCBY/EAwcViXRaTluilQohlhnJhgFQw7syRTKglHrX+VWV9yBf2RB28LPRHgbnz6v5FkEgf0ZcFNiATN1kjBlfQcuvLPxEvgdh5j4BcndZH4KyH3C54ZNA14iw8MUpxDABSJH7YDp+5nNNDPD331aiyB3ttfxm60Iu5DNqUPHHORQWRXFCp9jAKxvVuTX/0FApsFQ9UtU3gI2fmoYUFStdLKBDplLObehb5XG5k7Euz0aoc9PkEaooPy4E6zRhbaJ/PGKD3APDX1wlVghe2+gGeLqDOu47qmyv6+6ysepZvYBkbBC1qjEaplnRLEM83AcYiHs36I/FE/ra4HYis92r0PBno1Si2kySE50AWX7nG52Kfy8jO04P2HzhYffaLvrn2fLb0ruN7RV6IlWYRyARHxsBo/omfmA/G7LCzHAKlgvSaWa/EbyCSNZ+pdCwmy5RA/fzOwnjy+X4waO3agMPVKmHfEKc2WB6AGPpFs22NRoQ/AP+DXvz3bf1o5qSSo4VDaB7+kqwy0FNgZqIcfvkzFUEW6ySiestsbQazb3J5/RPtPqUVoS9dW4Xtzwi2gVJAgbCRXmlJscg36knv02rEBl0rLG+Ex4EM77erBsR0I32nkQZyozMRndy32U/CFJ7PXmqUs7/CGmgP0+76Xca03rl7yykgyq6eBfEY5m9XxS8mh4YD+PzbV6P0HPqpHQqj2DvbzUr2FloX/tgZTDRrfLQ6qZoWds3k67z+0j5IkH4ESARpSF5+9L4DQW5RxbZD7rQR8EZYKI9kRI/Qtz4pYcaekMohiBpL0V8J9dFkcv4O1CtZQo/RWbFITO9tvMOb3eI2jjrpP6A+3Mmw3HyRAFNuKkT55DKtw6IhDHdxVuOmujAkGiMUyFZy4RkkmJpPLpphH7GmHgNKP2wRoAPL3m+7dufEEu8ovulIHWvu+kuR+gKlqlLTO8rbMUqbzLYH6QcwtQy7iamgwRH2ixMsAbQrX6cP9HOqwn9oZ0/kyJw1RZInP5EmYy613pyKSypHtJU8WU1jhcX3Qen/I9VPDGv1YpcDx0aZrAZ9UtYLRsdgSd1rhC+nMtD7Kk60mdBHy4hTI14rWIovQoEwFm2Je3PnKwam5jnVWa215gIIquqJor0YQR7tO+JG21yIFkevDA3a/YgpuuXmYSp+KRrCsEvYeVGHUPQG4HTrmG1MWyRodcO5DdKqmZRCXMLIwPs5YCSF2in1gRDefJuXsgLX6pzo5OMqJzCAC4EiZcYz0fGXvvCmYSEpuO5qjYQA3ZKv/YIKDiubyhgoaLpKnZ7ZOGIpZIk7iJOQx2MS6G1PnZAGfLw7lc2YKMj6qTWrLbfzD+1HoJVSnc9qjC6M2NDVwODSs7cxRaqjtrrD0uvMwHoX/tq6JUR1ZoUg097iuEJc9WzHYaEUNrAuK/29paQRwaUjou6JL4URwwnywmgh0QbBc5DZ9Q0Qhb2NttHFX1moVpKTw4CeXxQwjAXGVkRcth7fon7RI06Bd1B3k+Yxp1HacFBVz4uHCdD7LvRg5OP0odNQqOMqc7HV9EGefazvHP/NXbEXAnd+MVLRpZPm5qgK+O3afUgAfFn5WzRhe5lnhpDnE+kKlr7G8equOjaEyATpvh/X70x77r7Y04vlfC/iXdOPBd/50hC79WKSaamX9uIADIkH1JNdr+TS8eN8JoxUfTrZWYRBEH5ojdjzK4U7uNNRglS64sEXI5ocj/iAtEkqtUL+sTybn70WDgAONum234ugD+8YWZggGGvHENeEFbCMOfVrO7OLqX8ptTgtGobpqegzUlUNbg5hdJELIoqFDTkxWjtO0X0cDmiAFsdQLGyUhSO9rYEgpsObcdA8YxBw2SMX4yjPy9n6J9nJqrK69hbJaJgB10/9AYV3J9t9JkwnjUrXkCvHgHRo43RACgmpIEy6+joBRqnGx9KKMPLi5x9vQINSeKd9z/dz38XBwWHGyg9P7T8Qo/JamWjaXTCfhvWC5y2tu/A79WOVYpNBsA1BlpNhpOd3gPO91s9mXjjObMMIcOoRRXjQPYiznuF65Fs8UO8B9W3VFgTkV1NAILRTHW09xkJRm4jnKbkyYhFqPa4q6+mN+poFxC+bA+rIBD2Du9vQcyLRWD/e2W0cID8Hcn3jnRsGkP/B1HKE33BPgOCZVLq2WdBGOWUOkkPOuXFo54/1XYIHFDQXVydeHAPuRnKjsaOMmIZpJChy9iAI5Hehf+LYqGmB0AAHnSAek8HAXyLXWrKquej1+2Qd1a6Xp1f88h83my/ijvDtyZgTing5aJ6MFRuuzewIR6HqC0YVQgjWdS4vqbWULfwVCqg1gWh4gfc7n7Q8S9id1PYoLqUV586SQ4vpakgTetPiCLa3lav0mxyzgkJA6qWwPu5a57T18fDiRabTTspO+rp4kqR72jBJt0Him5vqc8a5lcDBBJ5z4dHzb5NgaGKeiZQRGGclFDZsqww0BCBSlBYoKM/3RnEnOv8yWvx76CmWGO/rZqMv6Bcd5u+QEx5eX10Qs8cXHgPBdu42EUKNggz/OKGSQKTs+fwJhAdVcw1gzIz9nFoqcTM2qrgk7GFBVUJ9HPXV9KKQjTPSqBjlNxexYkYC0Gb5wqebZJ9ftSgSiXNFrPkpDpSebWeGvcVvXzxEVO+RYGzrItvhYTt8p4NtblQ7/hKsD8qu7ey5jmcdAENqSsDS01/4UOQQivG3WoYctCklpI191cbnddg4v7TYXCTrcRjAixugwv7OQU9bdnpn91sVaAglvKIdau+7PDyYwGHh98Krv+VcWzCakBlSQpUywavaaoBO2GOxWB/E5++UvILWFxXo3MIRfQCu3Iut9Q6aRoFtcxF3+I4wH9CLgG5MEaRVKDKnS1BQUpNwAtT+DoYzdT8roSMH5M1vEC0MdFhoSpL9pek7kFnXYNJKsCmS3VmRuFXcC+f2pqjKmmkyM9jHdLJFpgFua3cyMwYVyNTtL7Xg2w1qJytgvdz8kNGKo0nxj75O3jNAK1zV5csO2/bANO745cpXqwQGRKIEtM0b02n3YS2vXvZKZGkFoKUBJXY6kPaizY1zHxrSvVIVTqo7Vr/ClPNInaqiyof0UiPcfaiYGk/WvJqNSfWewcPUU9fTfUSmbPJkmmg1QEWrsbvHihs2Qmb7m0FzQoAXO2buYtrbj2tKzovoJRWiIeNTCgWmhLMea1MB5/viX1t8ODdYyJrqtwqFKgQgvuUFiBzqMENkTemiIxDxDS2v3T50tBkuGLg748v7s60cHxtBduGm/N5/2lYmiyl6OIKBefxo6klqRKvLh5IvNOU4SlKib6WKU1S4uv5ddEEg8myUlWgbzEEEJwNkeBncm+HtBBYEz6ud6ZE9oCd+U8xa61qFhOnVkXfhDeGeif5hvOPbyn9QFwZa0Obi/QtHbP/JJKmD6fKxEDyGBLiaUGWlJ4tYEuj1Wjahv01N6ZPc419uT6EOM3C7FgLRiTQIfENdmjKEw3A80VfiE+O0RBJpKXACB+wEnPAP/IVpD7RSZRFfD3aQdurH45rinvD8md2ynvMXrqVysnTiHaMBfZGdco6XVw1wgg6Bh9/2q0mp2c3hRkLXuEOfD6C78rmzn480B2V0I9IM0kxsLJTKLvVtMF2EnZDF3h0eGWNwTr8BaYwtCjjTpBSnuIFP3tBB9YYjeYz1fRM2O7IBx1FhEgqwtR/VWQuuB1fm6XQG5NPaW335qq3WwwtKphF8oVD9mPKQwlkqa/qmi57AfdGPjbsBysYb1pS0MixNgLiIHun1RZQNq23hGCJ93m0TD+7MiGMA6gHn61rM8OnXiaexUFspnidf6tww8leFTBr0wYwG9Cv3DEtaxJ7L+0Tw3GXYr5JR5i1WXHGmz6qYUDTAGD4yKqCmzPm/UQnbL8x7nbXnlql5eJGZjqXJGQW+DXjY8aKKakxHum+ziCr/+OSrIL7P2qd8QVGBm2v9OoIkr1FsFkpITEmGwo8TNj17h9rzaXEhtaG4hyipnWTfa/5o3niUDOz3wAVRsxEXycfL0vMcZg7sf6nFKtrsfF0k4M7WKlRbFyyKtpBZB+JiOeF3bCT3FDCw8K0XKzklISB+CF6qZ3Bdo8natv620NgvdGsQAv28YDG77YXt8ez9Vxmat0IfFvEcgpXBH7ey8jAA5spI6iPPmDm2wD6NLYizdpiva8gtx3TYCLuW3n94rgfRerPniuvxT3fHsxT+yxlUCCE0skULYMTUDsRTrRKA=,iv:GkP8nwiu9uYSSfCiNFCOyIYtmGzz4E8OgQ4FE2zlb2A=,tag:HtB0DXWVJXzfTJrF+RtoYQ==,type:str] + cert: ENC[AES256_GCM,data:ch4GfbWQLpiIobynNbUDA2xagy6VBAdDESvPiDgvVcVExmiMVffM4kCQo4HMWESVkuis/+/2Dmmmo7MrjsDbSP5Rv4YtVAcAxiY/iMRE1YedqkB67gjaD/qnoI0Kj984FP5jlzc2ggsfouGrhPdtNpjkDo6iicAldtmhqnD+uFHVwW3zZn6JPFBVddfsU4zb+VmKg/oyJW8xwICuXCJUFW0lLAjxxg1fBOZDbKFjWXmcEN+EikVKQYqE0j/O2qtwx6z9PXgNpMMnda/Jg5ESMJx2Cgksuw7KCjo5gwkJ17gfNR+23icnJyq00zz2bZdzpycJzVF8+tAaAS9itM8EhJrdeWaIBBfD23T3KB84xCjxrhjd9od2uUjfpioXi5EaCeY8OqUaqzY3lz/x8HiZvRqchDktakxiND0k4CTevQoG6nSQbo65QzGXWRhs0NO5ji4sH8lEcDBlsajeVX+2D5fd4vRm8FGy1eirz1IApsXyDWpdeNsJQkc30mg6oqVHIEtj0Vo9C0yak0bmTV3qk8OSSGBUilLtIiGWDJ/iBMNW59q9gj0DG4ylSNCgRA5MR5n42+D9/n6IsuOhAd9ztqs+m5NECsEG4EuggpKXMDY2qkp1dBDUJgTf/KP/1un4V+h7/sbjQHTtxExIXfFNB6MRYtftLGcjWOjtzGnYr/6keOARqW882CjL/9SQz0/sBsXkCgguOjjej8e7ymlNppxZYRK+0NHzrMvOqQTUHis6o1GWamS7HelTF5dGcecJniV/R+QlpXkk78O4X7MljY/hTlur3WSJJ2QupAxw59jwRroGFi5zfZY5udecfX33k/CKzSuwWdiWbYKoYAkssHcb66Xa4nlUvukbcEtNeX7ijl/TXQ4uZMnHFKa43bkccLZqsC+PY9cutv4W0YrKWGLtG+pHZD/2J7g3aZJHl5cyaTpe/wKTjJTw+UFAFvNFmP+Dua/Vjt9rsWikQNXVdtroKZ9Na9e/OlKlnQH2nctkBOttlR2fraoFy7CBNRpLDG10lRo8kpb0lmtshKYVQ8nVReiMbj7ofy2ugrbvvPYQ+vZdEUkLiH/mZRuWwSxpO71stFy0owbcimcJfsmsvrsIEFxzBeY12HngeihrhIAvg6BIRHGoniaKky0ScyyjN6s5WwgQVhtkoLL9op+Yqg/m6auZAtBiRC6lTx0T/UzzJKIACzs56a5J52ztKvK9yv9VNCopD1IqXXgpxYVTIl4x2gFmNSt1LZ9RaPkKZyW250igNhG6Ybggjx00TXxq9rZlmlbVUxQ8wy0OFeHGmBvcS2bCCBHTsRq/kDMPeLzahfgbi0O0KN/dm5qdh61gzTwy3smVgmhOJRyqoV4/pMpYy17irIsDlrUJkOoOik7MaxKMQTNAh/VavhyDV3d9S4DOTgX2J1NZbIcJZf8y6SLPcsPXZb2JOuDiUc/8nAhrW35jydeF875qnypjfxG6UJ6A4WtE6JNw02pcAbD+l8jNa1xMFW0Av8njp05g1O4EhE9iHYRqYyiAYzvx40sR9C1C7V/mDqNzA9IUy7a1q33eAY8lHOe8v8mGbmWsF6xwnquZFdMfh9Ukh2EeGg2TwtU8KEQVmGMyhpkAG0gk8VEg7CO3DC3AykZVNNmP4RTFzlG53zWWY7Bei/kia4/SgLukcRuV9dXhGM8hSryqzjF6SzY8KG6hjhaHRngBbWW0RGp9E5SjxuhGPExhfiJbg8zycEls7yXrNYGOQjjv71w37KpN2EKqrhEAcwdtISJ3/MUO9jk4K4EkbG1DRoEHEu0Z3wcPCGC9bjhtiKX9x6uB0syv2rLT7WzGq1orHaZsWzBXd47ygGCaaOpxoRLWOH7vW2G3TNlw4zibZg6TN8PzH/rYGEJnYtpT6oGNkMAXw3KwDVFWX3dUrsEiJFIGRuVm1gcRU4sb/Qn88JTvlUHbL/67cr7fEhG2ZB2posW9XPH150sRbBBhCqpqssiZV9EsneaR1WfRk5HIadCZvLkwn/xO4llkjUkav/9Y6UHQd32MHCivDXEnVTDjow7kqCy2wcxADxwXiKMEOOBGfB7kZkKW5F50XP9OLbwoYCg1qjBNxqRV+6esreDduIqEvwa5oXkbCRvBLoEkDjaJA2P5cRgRuKPARezdG4qaChqgROmjzdaGoAbgBwAqZBvLKERA7t+IU0/0xs+lj97asTf4CAg7kJNCDgZyeCYGSmSHwCgNf8hYyzHQyiV3VDQSfkeQ5RbeMT5+LscvzCJmGKHoJXnfvGaRToRAZL3YIwbvWPdBUHqgSl4tjZGxQf5ySOC7yyYWkXEKCApIcPBXr+x3yA7v6o5YGrF2YexJwVw646mt2BWtG25niml3PxcIOiDfBcvDEKCEWzw0j9gmbwObUMHmk2cC+VcqumMj9He+CcwEhotnu8a/HSQoeI+BCNnLVi+nuiGD1wIlE6lChXkcwDJxgV2QlNB2zGv5PQKeC+wZj70ZAJrWG0CKEW1EXtpSDQeNeCz3kdqSuCgdY8x/c2AcZ3thv4QwnVVq7oPkfXx3bXkA2RQWQLOfGPQ0tWkuoOuJp88k0P6QELL06qGB0EEDaiOlZ1oy2OZPxa85fVII0yv4lnC/AhBSaw2nKRZnfubiqxIs47tQx5+WumiGOyhPGz9SKC1946kaWX9Kcr5Ff6JSY+M1QirYED+6nWp7YV8m/+NcKNaI1e/tR6etK2c1UC5DGeaLHecq3Ydw5FmmXA==,iv:JP6EyqCQupdLQmES8BnHw8V0LP37lok9evZQoOnb3Jg=,tag:a5MLxJc2F+qzUV0QXTijxg==,type:str] sops: kms: [] gcp_kms: [] @@ -48,8 +53,8 @@ sops: NTUrY2pDQXJuTnREakRWQkFqckN2M2MKSonhOJsqcY/HDY+d25rEPwKSl3FSOpkW EJFXcKKTiJB96Ms5yDGRAtUvbqw/oSBbdGTqe7bE7pQhfj3Y8ECz4w== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-11-26T18:38:21Z" - mac: ENC[AES256_GCM,data:V3lKQj0ZWIPl2RPpnv7tRBG8sH6W9+rfnPy0z6g+3SZGmKtwhcgqVBG/VPMKhuyseNZ4vxE23lD7Ol44PchMgd/OCJqJF6TUl3A4LIqkK8Ji0m0cPcC3hsFaI8rChkWcLse30qcoQov4NbP7yElpf76Bh/NqBFgOqCjDD0Pp/NU=,iv:897reifxaub96UDCKCsWNxabVCSzYLmsIrrkXCxBgoM=,tag:0d4iQhLA/YxR7wrtUVxXqA==,type:str] + lastmodified: "2025-12-18T23:40:12Z" + mac: ENC[AES256_GCM,data:lM5af9T9tVkhkIIC260uy+lQQHru27t2R85allep0GtKqRvlhhCBbCnstylBL+GBuJsUS3koF6ycHSRUFuqJyYmeDO9jjLGtggQJbb03TbRVIn8AU5+0g8ytM8rBoyJ8qDv6tAQddpNhA9WHGbLgnQ0RX8xN5ZqpECHDyFsKeGs=,iv:W96ZhbNOe/jbJCJHwjLWxhYYJOkU1/bR6YGPqjdKavk=,tag:Z9JZ02ssfJeKQ6L6/PNLHQ==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.9.1 diff --git a/shell.nix b/shell.nix index 33db7da..bcb231e 100644 --- a/shell.nix +++ b/shell.nix @@ -73,7 +73,7 @@ pkgs.mkShell { -commit # push flake config to a remote server(s) - nix run github:serokell/deploy-rs . # this needs to be the same version that the flake is using + nix run github:serokell/deploy-rs .#$1 # this needs to be the same version that the flake is using '') ];