Compare commits
2 commits
fcbbf4b8e4
...
9d72e1ec8a
| Author | SHA1 | Date | |
|---|---|---|---|
9d72e1ec8a
|
|||
|
e20755851c
|
13 changed files with 346 additions and 111 deletions
131
flake.lock
generated
131
flake.lock
generated
|
|
@ -1,27 +1,5 @@
|
||||||
{
|
{
|
||||||
"nodes": {
|
"nodes": {
|
||||||
"declarative-jellyfin": {
|
|
||||||
"inputs": {
|
|
||||||
"nixpkgs": [
|
|
||||||
"nixpkgs"
|
|
||||||
],
|
|
||||||
"systems": "systems",
|
|
||||||
"treefmt-nix": "treefmt-nix"
|
|
||||||
},
|
|
||||||
"locked": {
|
|
||||||
"lastModified": 1761143269,
|
|
||||||
"narHash": "sha256-pebbh3IEl8crA9g0fbHeUvNyawAvhO2kNq8klpUWyk0=",
|
|
||||||
"owner": "Sveske-Juice",
|
|
||||||
"repo": "declarative-jellyfin",
|
|
||||||
"rev": "740743deba3de6bc227d9769adb94d4a14a3f25c",
|
|
||||||
"type": "github"
|
|
||||||
},
|
|
||||||
"original": {
|
|
||||||
"owner": "Sveske-Juice",
|
|
||||||
"repo": "declarative-jellyfin",
|
|
||||||
"type": "github"
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"deploy-rs": {
|
"deploy-rs": {
|
||||||
"inputs": {
|
"inputs": {
|
||||||
"flake-compat": "flake-compat",
|
"flake-compat": "flake-compat",
|
||||||
|
|
@ -31,11 +9,11 @@
|
||||||
"utils": "utils"
|
"utils": "utils"
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1762286984,
|
"lastModified": 1766051518,
|
||||||
"narHash": "sha256-9I2H9x5We6Pl+DBYHjR1s3UT8wgwcpAH03kn9CqtdQc=",
|
"narHash": "sha256-znKOwPXQnt3o7lDb3hdf19oDo0BLP4MfBOYiWkEHoik=",
|
||||||
"owner": "serokell",
|
"owner": "serokell",
|
||||||
"repo": "deploy-rs",
|
"repo": "deploy-rs",
|
||||||
"rev": "9c870f63e28ec1e83305f7f6cb73c941e699f74f",
|
"rev": "d5eff7f948535b9c723d60cd8239f8f11ddc90fa",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
|
@ -51,11 +29,11 @@
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1764017209,
|
"lastModified": 1766150702,
|
||||||
"narHash": "sha256-RoJGCtKExXXkNCZUmmxezG3eOczEOTBw38DaZGSYJC0=",
|
"narHash": "sha256-P0kM+5o+DKnB6raXgFEk3azw8Wqg5FL6wyl9jD+G5a4=",
|
||||||
"owner": "nix-community",
|
"owner": "nix-community",
|
||||||
"repo": "disko",
|
"repo": "disko",
|
||||||
"rev": "ec8eabe00c4ee9a2ddc50162c125f0ec2a7099e1",
|
"rev": "916506443ecd0d0b4a0f4cf9d40a3c22ce39b378",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
|
@ -80,6 +58,47 @@
|
||||||
"type": "github"
|
"type": "github"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
|
"flake-parts": {
|
||||||
|
"inputs": {
|
||||||
|
"nixpkgs-lib": "nixpkgs-lib"
|
||||||
|
},
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1763759067,
|
||||||
|
"narHash": "sha256-LlLt2Jo/gMNYAwOgdRQBrsRoOz7BPRkzvNaI/fzXi2Q=",
|
||||||
|
"owner": "hercules-ci",
|
||||||
|
"repo": "flake-parts",
|
||||||
|
"rev": "2cccadc7357c0ba201788ae99c4dfa90728ef5e0",
|
||||||
|
"type": "github"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"owner": "hercules-ci",
|
||||||
|
"repo": "flake-parts",
|
||||||
|
"type": "github"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"jellarr": {
|
||||||
|
"inputs": {
|
||||||
|
"flake-parts": "flake-parts",
|
||||||
|
"nixpkgs": [
|
||||||
|
"nixpkgs"
|
||||||
|
],
|
||||||
|
"systems": "systems_2",
|
||||||
|
"treefmt-nix": "treefmt-nix"
|
||||||
|
},
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1766313830,
|
||||||
|
"narHash": "sha256-l2QT4OfIgvGq+6MxBlxQixvKtgOTbIMf0v9VEof//aE=",
|
||||||
|
"owner": "venkyr77",
|
||||||
|
"repo": "jellarr",
|
||||||
|
"rev": "934a73f1060954904c927fbafd5a84bb6db10e1a",
|
||||||
|
"type": "github"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"owner": "venkyr77",
|
||||||
|
"repo": "jellarr",
|
||||||
|
"type": "github"
|
||||||
|
}
|
||||||
|
},
|
||||||
"nid": {
|
"nid": {
|
||||||
"inputs": {
|
"inputs": {
|
||||||
"nixpkgs": [
|
"nixpkgs": [
|
||||||
|
|
@ -87,11 +106,11 @@
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1762660502,
|
"lastModified": 1765267181,
|
||||||
"narHash": "sha256-C9F1C31ys0V7mnp4EcDy7L1cLZw/sCTEXqqTtGnvu08=",
|
"narHash": "sha256-d3NBA9zEtBu2JFMnTBqWj7Tmi7R5OikoU2ycrdhQEws=",
|
||||||
"owner": "nix-community",
|
"owner": "nix-community",
|
||||||
"repo": "nix-index-database",
|
"repo": "nix-index-database",
|
||||||
"rev": "15c5451c63f4c612874a43846bfe3fa828b03eee",
|
"rev": "82befcf7dc77c909b0f2a09f5da910ec95c5b78f",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
|
@ -102,11 +121,11 @@
|
||||||
},
|
},
|
||||||
"nixpkgs": {
|
"nixpkgs": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1764522689,
|
"lastModified": 1768028080,
|
||||||
"narHash": "sha256-SqUuBFjhl/kpDiVaKLQBoD8TLD+/cTUzzgVFoaHrkqY=",
|
"narHash": "sha256-50aDK+8eLvsLK39TzQhKNq50/HcXyP4hyxOYoPoVxjo=",
|
||||||
"owner": "NixOS",
|
"owner": "NixOS",
|
||||||
"repo": "nixpkgs",
|
"repo": "nixpkgs",
|
||||||
"rev": "8bb5646e0bed5dbd3ab08c7a7cc15b75ab4e1d0f",
|
"rev": "d03088749a110d52a4739348f39a63f84bb0be14",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
|
@ -115,11 +134,26 @@
|
||||||
"type": "indirect"
|
"type": "indirect"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
|
"nixpkgs-lib": {
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1761765539,
|
||||||
|
"narHash": "sha256-b0yj6kfvO8ApcSE+QmA6mUfu8IYG6/uU28OFn4PaC8M=",
|
||||||
|
"owner": "nix-community",
|
||||||
|
"repo": "nixpkgs.lib",
|
||||||
|
"rev": "719359f4562934ae99f5443f20aa06c2ffff91fc",
|
||||||
|
"type": "github"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"owner": "nix-community",
|
||||||
|
"repo": "nixpkgs.lib",
|
||||||
|
"type": "github"
|
||||||
|
}
|
||||||
|
},
|
||||||
"root": {
|
"root": {
|
||||||
"inputs": {
|
"inputs": {
|
||||||
"declarative-jellyfin": "declarative-jellyfin",
|
|
||||||
"deploy-rs": "deploy-rs",
|
"deploy-rs": "deploy-rs",
|
||||||
"disko": "disko",
|
"disko": "disko",
|
||||||
|
"jellarr": "jellarr",
|
||||||
"nid": "nid",
|
"nid": "nid",
|
||||||
"nixpkgs": "nixpkgs",
|
"nixpkgs": "nixpkgs",
|
||||||
"sops-nix": "sops-nix",
|
"sops-nix": "sops-nix",
|
||||||
|
|
@ -133,11 +167,11 @@
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1762659808,
|
"lastModified": 1768104471,
|
||||||
"narHash": "sha256-2Kv2mANf+FRisqhpfeZ8j9firBxb23ZvEXwdcunbpGI=",
|
"narHash": "sha256-HdnXWQsA1EI27IJlaENUEEug58trUrh6+MT0cFiDHmY=",
|
||||||
"owner": "Mic92",
|
"owner": "Mic92",
|
||||||
"repo": "sops-nix",
|
"repo": "sops-nix",
|
||||||
"rev": "524312bc62e3f34bd9231a2f66622663d3355133",
|
"rev": "94f9cbd20f680ebb2ad6cdf39da97cbcfaedf004",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
|
@ -156,8 +190,9 @@
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
"id": "systems",
|
"owner": "nix-systems",
|
||||||
"type": "indirect"
|
"repo": "default",
|
||||||
|
"type": "github"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"systems_2": {
|
"systems_2": {
|
||||||
|
|
@ -178,16 +213,16 @@
|
||||||
"treefmt-nix": {
|
"treefmt-nix": {
|
||||||
"inputs": {
|
"inputs": {
|
||||||
"nixpkgs": [
|
"nixpkgs": [
|
||||||
"declarative-jellyfin",
|
"jellarr",
|
||||||
"nixpkgs"
|
"nixpkgs"
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1749194973,
|
"lastModified": 1762938485,
|
||||||
"narHash": "sha256-eEy8cuS0mZ2j/r/FE0/LYBSBcIs/MKOIVakwHVuqTfk=",
|
"narHash": "sha256-AlEObg0syDl+Spi4LsZIBrjw+snSVU4T8MOeuZJUJjM=",
|
||||||
"owner": "numtide",
|
"owner": "numtide",
|
||||||
"repo": "treefmt-nix",
|
"repo": "treefmt-nix",
|
||||||
"rev": "a05be418a1af1198ca0f63facb13c985db4cb3c5",
|
"rev": "5b4ee75aeefd1e2d5a1cc43cf6ba65eba75e83e4",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
|
@ -198,11 +233,11 @@
|
||||||
},
|
},
|
||||||
"unstable": {
|
"unstable": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1762596750,
|
"lastModified": 1768127708,
|
||||||
"narHash": "sha256-rXXuz51Bq7DHBlfIjN7jO8Bu3du5TV+3DSADBX7/9YQ=",
|
"narHash": "sha256-1Sm77VfZh3mU0F5OqKABNLWxOuDeHIlcFjsXeeiPazs=",
|
||||||
"owner": "NixOS",
|
"owner": "NixOS",
|
||||||
"repo": "nixpkgs",
|
"repo": "nixpkgs",
|
||||||
"rev": "b6a8526db03f735b89dd5ff348f53f752e7ddc8e",
|
"rev": "ffbc9f8cbaacfb331b6017d5a5abb21a492c9a38",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
|
@ -213,7 +248,7 @@
|
||||||
},
|
},
|
||||||
"utils": {
|
"utils": {
|
||||||
"inputs": {
|
"inputs": {
|
||||||
"systems": "systems_2"
|
"systems": "systems"
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1731533236,
|
"lastModified": 1731533236,
|
||||||
|
|
|
||||||
|
|
@ -10,8 +10,8 @@
|
||||||
sops-nix.url = "github:Mic92/sops-nix";
|
sops-nix.url = "github:Mic92/sops-nix";
|
||||||
sops-nix.inputs.nixpkgs.follows = "nixpkgs";
|
sops-nix.inputs.nixpkgs.follows = "nixpkgs";
|
||||||
|
|
||||||
declarative-jellyfin.url = "github:Sveske-Juice/declarative-jellyfin";
|
jellarr.url = "github:venkyr77/jellarr";
|
||||||
declarative-jellyfin.inputs.nixpkgs.follows = "nixpkgs";
|
jellarr.inputs.nixpkgs.follows = "nixpkgs";
|
||||||
|
|
||||||
deploy-rs.url = "github:serokell/deploy-rs";
|
deploy-rs.url = "github:serokell/deploy-rs";
|
||||||
deploy-rs.inputs.nixpkgs.follows = "nixpkgs";
|
deploy-rs.inputs.nixpkgs.follows = "nixpkgs";
|
||||||
|
|
@ -37,7 +37,7 @@
|
||||||
|
|
||||||
{ services.zmotd.enable = true; } # enable my motd service
|
{ services.zmotd.enable = true; } # enable my motd service
|
||||||
{ programs.nix-ld.enable = true; } # use nix-ld cause nixos is a bit dumb
|
{ programs.nix-ld.enable = true; } # use nix-ld cause nixos is a bit dumb
|
||||||
inputs.declarative-jellyfin.nixosModules.default # jellyfin :)
|
inputs.jellarr.nixosModules.default # jellyfin :)
|
||||||
# use comma just in case I need to do some sysadmin stuff
|
# use comma just in case I need to do some sysadmin stuff
|
||||||
inputs.nid.nixosModules.nix-index
|
inputs.nid.nixosModules.nix-index
|
||||||
{ programs.nix-index-database.comma.enable = true; }
|
{ programs.nix-index-database.comma.enable = true; }
|
||||||
|
|
@ -78,7 +78,7 @@
|
||||||
# and where they get deployed to
|
# and where they get deployed to
|
||||||
deploy.nodes = mkNodes {
|
deploy.nodes = mkNodes {
|
||||||
crayon = { hostname = "squi.bid"; };
|
crayon = { hostname = "squi.bid"; };
|
||||||
blob = { hostname = "192.168.50.159"; };
|
blob = { hostname = "10.0.0.92"; };
|
||||||
};
|
};
|
||||||
|
|
||||||
# dev shell to deploy this flake
|
# dev shell to deploy this flake
|
||||||
|
|
|
||||||
51
hosts/blob/actual.nix
Normal file
51
hosts/blob/actual.nix
Normal file
|
|
@ -0,0 +1,51 @@
|
||||||
|
# that name actually sucks ass
|
||||||
|
# but it manages my money pretty well
|
||||||
|
#
|
||||||
|
# see https://github.com/miniluz/nixos-config/blob/8f0e417e34fa5bbb97b13215ee4843f85c6033be/modules/nixos/selfhosting/actual.nix#L13
|
||||||
|
# for a good config
|
||||||
|
# and https://github.com/Jonas-Sander/actual-backup for backups
|
||||||
|
{ lib, config, ... }:
|
||||||
|
{
|
||||||
|
options.actual.enable = lib.mkEnableOption "enable money management";
|
||||||
|
config = lib.mkIf config.actual.enable {
|
||||||
|
services.gatus.settings.endpoints = [
|
||||||
|
{
|
||||||
|
name = "actual";
|
||||||
|
group = "local";
|
||||||
|
url = "https://localhost:3000/";
|
||||||
|
interval = "30s";
|
||||||
|
client.insecure = true;
|
||||||
|
conditions = [
|
||||||
|
"[connected] == true"
|
||||||
|
"[CERTIFICATE_EXPIRATION] > 48h"
|
||||||
|
];
|
||||||
|
}
|
||||||
|
];
|
||||||
|
|
||||||
|
users.users.actual = {
|
||||||
|
isSystemUser = true;
|
||||||
|
group = "actual";
|
||||||
|
};
|
||||||
|
users.groups.actual = {};
|
||||||
|
|
||||||
|
sops.secrets."actual/key".owner = config.users.users.actual.name;
|
||||||
|
sops.secrets."actual/cert".owner = config.users.users.actual.name;
|
||||||
|
|
||||||
|
services.actual = {
|
||||||
|
enable = true;
|
||||||
|
openFirewall = true;
|
||||||
|
settings = {
|
||||||
|
https = {
|
||||||
|
# for people trying to re-create my setup the key and cert were
|
||||||
|
# generated using the following command:
|
||||||
|
# openssl req -newkey rsa:4096 -x509 -days 36500 -sha512 -nodes -out certificate.pem -keyout privatekey.pem
|
||||||
|
# I've set the days to 36500 because I don't intend on being around
|
||||||
|
# after November 2125, and renewing certs is a pain in the ass on a
|
||||||
|
# local (and trusted) network
|
||||||
|
key = config.sops.secrets."actual/key".path;
|
||||||
|
cert = config.sops.secrets."actual/cert".path;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
||||||
|
|
@ -9,6 +9,8 @@
|
||||||
./jellyfin.nix
|
./jellyfin.nix
|
||||||
./minecraft.nix
|
./minecraft.nix
|
||||||
./gatus.nix
|
./gatus.nix
|
||||||
|
./actual.nix
|
||||||
|
./git.nix
|
||||||
./ai.nix
|
./ai.nix
|
||||||
];
|
];
|
||||||
|
|
||||||
|
|
@ -16,8 +18,10 @@
|
||||||
boot.loader.efi.canTouchEfiVariables = true;
|
boot.loader.efi.canTouchEfiVariables = true;
|
||||||
|
|
||||||
# ai.enable = true;
|
# ai.enable = true;
|
||||||
jellyfin.enable = true;
|
jellyfin.enable = false;
|
||||||
minecraft.enable = true;
|
minecraft.enable = true;
|
||||||
|
actual.enable = true;
|
||||||
|
git.enable = true;
|
||||||
|
|
||||||
# This value determines the NixOS release with which your system is to be
|
# This value determines the NixOS release with which your system is to be
|
||||||
# compatible, in order to avoid breaking some software such as database
|
# compatible, in order to avoid breaking some software such as database
|
||||||
|
|
|
||||||
101
hosts/blob/git.nix
Normal file
101
hosts/blob/git.nix
Normal file
|
|
@ -0,0 +1,101 @@
|
||||||
|
{ pkgs, config, lib, ... }:
|
||||||
|
{
|
||||||
|
options.git = {
|
||||||
|
enable = lib.mkEnableOption "enable git server";
|
||||||
|
user = lib.mkOption {
|
||||||
|
type = lib.types.str;
|
||||||
|
default = "git";
|
||||||
|
};
|
||||||
|
group = lib.mkOption {
|
||||||
|
type = lib.types.str;
|
||||||
|
default = "git";
|
||||||
|
};
|
||||||
|
cgit = {
|
||||||
|
name = lib.mkOption {
|
||||||
|
type = lib.types.str;
|
||||||
|
default = "home";
|
||||||
|
};
|
||||||
|
port = lib.mkOption {
|
||||||
|
type = lib.types.int;
|
||||||
|
default = 8091;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
config = lib.mkIf config.git.enable {
|
||||||
|
services.gatus.settings.endpoints = [
|
||||||
|
{
|
||||||
|
name = "cgit site";
|
||||||
|
group = "local";
|
||||||
|
url = "http://localhost:" + builtins.toString config.git.cgit.port;
|
||||||
|
interval = "5m";
|
||||||
|
conditions = [ "[connected] == true" "[RESPONSE_TIME] < 300" ];
|
||||||
|
}
|
||||||
|
];
|
||||||
|
|
||||||
|
users.users.${config.git.user} = let
|
||||||
|
git-shell-wrap = pkgs.writeShellScriptBin "git-shell-wrap" ''
|
||||||
|
set -euo pipefail
|
||||||
|
cmd=$1; repo=$2
|
||||||
|
|
||||||
|
# get the repo normalize, and create it only if the client is sending
|
||||||
|
# us stuff
|
||||||
|
if echo "$repo" | grep -q git-receive-pack; then
|
||||||
|
repo=$(echo "$repo" | cut -d"'" -f 2 | sed 's/\.git$//').git
|
||||||
|
|
||||||
|
# Make sure the repo exists on the server
|
||||||
|
repos=${config.users.users.${config.git.user}.home}
|
||||||
|
path=$repos/$repo
|
||||||
|
if [ ! -d "$path" ]; then
|
||||||
|
git init --bare "$path" >/dev/null 2>&1
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Run git-shell with the original args
|
||||||
|
exec ${pkgs.git}/bin/git-shell "$@"
|
||||||
|
'';
|
||||||
|
in {
|
||||||
|
isSystemUser = true;
|
||||||
|
inherit (config.git) group;
|
||||||
|
home = "/var/lib/git-server";
|
||||||
|
createHome = true;
|
||||||
|
openssh.authorizedKeys.keys = config.ssh.keys;
|
||||||
|
packages = [ git-shell-wrap ];
|
||||||
|
shell = "${git-shell-wrap}/bin/git-shell-wrap";
|
||||||
|
};
|
||||||
|
users.groups.${config.git.group} = {};
|
||||||
|
|
||||||
|
networking.firewall.allowedTCPPorts = [ config.git.cgit.port ];
|
||||||
|
services = {
|
||||||
|
cgit.${config.git.cgit.name} = {
|
||||||
|
enable = true;
|
||||||
|
inherit (config.git) user group;
|
||||||
|
scanPath = config.users.users.${config.git.user}.home;
|
||||||
|
gitHttpBackend.checkExportOkFiles = false;
|
||||||
|
settings = {
|
||||||
|
root-desc = "local git repo store path: ${config.users.users.${config.git.user}.home}";
|
||||||
|
snapshots = "all";
|
||||||
|
enable-commit-graph = true;
|
||||||
|
enable-follow-links = true;
|
||||||
|
enable-http-clone = true;
|
||||||
|
enable-remote-branches = true;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
nginx.virtualHosts.${config.git.cgit.name}.listen = [{
|
||||||
|
addr = "0.0.0.0";
|
||||||
|
port = config.git.cgit.port;
|
||||||
|
}];
|
||||||
|
|
||||||
|
openssh = {
|
||||||
|
enable = true;
|
||||||
|
extraConfig = ''
|
||||||
|
Match user git
|
||||||
|
AllowTcpForwarding no
|
||||||
|
AllowAgentForwarding no
|
||||||
|
PasswordAuthentication no
|
||||||
|
PermitTTY no
|
||||||
|
X11Forwarding no
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
||||||
|
|
@ -18,12 +18,41 @@
|
||||||
}
|
}
|
||||||
];
|
];
|
||||||
|
|
||||||
services.declarative-jellyfin = {
|
sops.secrets."jellyfin/jellarr-env".owner = config.services.jellarr.user;
|
||||||
|
sops.secrets."jellyfin/zachary".owner = config.services.jellarr.user;
|
||||||
|
|
||||||
|
services.jellarr = {
|
||||||
enable = true;
|
enable = true;
|
||||||
openFirewall = true;
|
environmentFile = config.sops.secrets."jellyfin/jellarr-env".path;
|
||||||
serverId = "0ba4e888503b4524a90285b7ad500256"; # could be anything
|
config = {
|
||||||
|
version = 1;
|
||||||
|
base_url = "http://localhost:8096";
|
||||||
|
startup = {
|
||||||
|
completeStartupWizard = true;
|
||||||
|
};
|
||||||
|
encoding = {
|
||||||
|
allowAv1Encoding = false;
|
||||||
|
allowHevcEncoding = false;
|
||||||
|
enableDecodingColorDepth10Hevc = true;
|
||||||
|
enableDecodingColorDepth10HevcRext = true;
|
||||||
|
enableDecodingColorDepth12HevcRext = true;
|
||||||
|
enableDecodingColorDepth10Vp9 = true;
|
||||||
|
enableHardwareEncoding = true;
|
||||||
|
hardwareAccelerationType = "vaapi";
|
||||||
|
hardwareDecodingCodecs = [
|
||||||
|
"h264"
|
||||||
|
"hevc"
|
||||||
|
"mpeg2video"
|
||||||
|
"vc1"
|
||||||
|
"vp8"
|
||||||
|
"vp9"
|
||||||
|
"av1"
|
||||||
|
];
|
||||||
|
vaapiDevice = "/dev/dri/renderD128";
|
||||||
|
};
|
||||||
|
|
||||||
system = {
|
system = {
|
||||||
serverName = config.networking.hostName;
|
quickConnectAvailable = false;
|
||||||
trickplayOptions = {
|
trickplayOptions = {
|
||||||
enableHwAcceleration = true;
|
enableHwAcceleration = true;
|
||||||
enableHwEncoding = true;
|
enableHwEncoding = true;
|
||||||
|
|
@ -41,38 +70,42 @@
|
||||||
}
|
}
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
users.zachary = {
|
|
||||||
mutable = false;
|
|
||||||
permissions.isAdministrator = true;
|
|
||||||
hashedPasswordFile = config.sops.secrets."jellyfin/zachary".path;
|
|
||||||
};
|
|
||||||
libraries = {
|
libraries = {
|
||||||
Movies = {
|
virtualFolders = [
|
||||||
enabled = true;
|
{
|
||||||
contentType = "movies";
|
name = "Movies";
|
||||||
pathInfos = ["/mnt/media/movies"];
|
collectionType = "movies";
|
||||||
};
|
pathInfos = [{ path = "/mnt/media/movies"; }];
|
||||||
Shows = {
|
}
|
||||||
enabled = true;
|
{
|
||||||
contentType = "tvshows";
|
name = "Shows";
|
||||||
pathInfos = ["/mnt/media/shows"];
|
collectionType = "tvshows";
|
||||||
};
|
pathInfos = [{ path = "/mnt/media/shows"; }];
|
||||||
};
|
}
|
||||||
encoding = {
|
|
||||||
enableHardwareEncoding = true;
|
|
||||||
hardwareAccelerationType = "vaapi";
|
|
||||||
enableDecodingColorDepth10Hevc = true; # enable if your system supports
|
|
||||||
allowHevcEncoding = true; # enable if your system supports
|
|
||||||
allowAv1Encoding = true; # enable if your system supports
|
|
||||||
hardwareDecodingCodecs = [ # enable the codecs your system supports
|
|
||||||
"h264"
|
|
||||||
"hevc"
|
|
||||||
"mpeg2video"
|
|
||||||
"vc1"
|
|
||||||
"vp9"
|
|
||||||
"av1"
|
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
|
||||||
|
users = [
|
||||||
|
{
|
||||||
|
name = "zachary";
|
||||||
|
passwordFile = config.sops.secrets."jellyfin/zachary".path;
|
||||||
|
policy = {
|
||||||
|
isAdministrator = true;
|
||||||
|
};
|
||||||
|
}
|
||||||
|
];
|
||||||
|
};
|
||||||
|
|
||||||
|
bootstrap = {
|
||||||
|
enable = true;
|
||||||
|
apiKeyFile = config.sops.secrets."jellyfin/jellarr-env".path;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
services.jellyfin = {
|
||||||
|
enable = true;
|
||||||
|
openFirewall = true;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -30,6 +30,9 @@
|
||||||
"security@zacharyscheiman.com"
|
"security@zacharyscheiman.com"
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
"spamella@zacharyscheiman.com" = {
|
||||||
|
hashedPasswordFile = config.sops.secrets."mail/me".path;
|
||||||
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
# Use Let's Encrypt certificates. Note that this needs to set up a stripped
|
# Use Let's Encrypt certificates. Note that this needs to set up a stripped
|
||||||
|
|
|
||||||
|
|
@ -7,6 +7,7 @@ let
|
||||||
# we have to explicitly pass in arguments because we're using import
|
# we have to explicitly pass in arguments because we're using import
|
||||||
phpsock = config.services.phpfpm.pools.nginx.socket;
|
phpsock = config.services.phpfpm.pools.nginx.socket;
|
||||||
inherit pkgs;
|
inherit pkgs;
|
||||||
|
inherit config;
|
||||||
});
|
});
|
||||||
}) <| virtHosts);
|
}) <| virtHosts);
|
||||||
in {
|
in {
|
||||||
|
|
|
||||||
|
|
@ -1,7 +1,7 @@
|
||||||
{ phpsock, pkgs, ... }:
|
{ phpsock, pkgs, ... }:
|
||||||
{
|
{
|
||||||
serverAliases = ["www.squi.bid"];
|
serverAliases = ["www.squi.bid"];
|
||||||
root = "/var/www/squi.bid"; # TODO: make declarative
|
root = "/var/www/squi.bid";
|
||||||
|
|
||||||
locations = {
|
locations = {
|
||||||
"/" = {
|
"/" = {
|
||||||
|
|
|
||||||
|
|
@ -10,7 +10,7 @@
|
||||||
dates = "weekly";
|
dates = "weekly";
|
||||||
automatic = true;
|
automatic = true;
|
||||||
randomizedDelaySec = "45min";
|
randomizedDelaySec = "45min";
|
||||||
options = "--delete-older-than 30d";
|
options = "--delete-older-than 7d";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -17,6 +17,8 @@
|
||||||
"mail/me" = {};
|
"mail/me" = {};
|
||||||
"jellyfin/zachary" = {};
|
"jellyfin/zachary" = {};
|
||||||
"wireguard/crayon" = {};
|
"wireguard/crayon" = {};
|
||||||
|
"actual/key" = {};
|
||||||
|
"actual/cert" = {};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -2,10 +2,15 @@ mail:
|
||||||
me: ENC[AES256_GCM,data:egjtukOJ0OQlwuk3nvwpeTaBQXfolZNlsqu9d1G5ryJJB6TvN9iydnJAG2Jn0v6rp3UTdX6dJNYUHQ9duLo7Y/Hn1LSyWEkA6g==,iv:/Xw6fow3kD2lX5wfHTgt9IGemG6kqXoQe0V5TjZK7mU=,tag:KSSN+sdI/CP7bvQF2S2kGQ==,type:str]
|
me: ENC[AES256_GCM,data:egjtukOJ0OQlwuk3nvwpeTaBQXfolZNlsqu9d1G5ryJJB6TvN9iydnJAG2Jn0v6rp3UTdX6dJNYUHQ9duLo7Y/Hn1LSyWEkA6g==,iv:/Xw6fow3kD2lX5wfHTgt9IGemG6kqXoQe0V5TjZK7mU=,tag:KSSN+sdI/CP7bvQF2S2kGQ==,type:str]
|
||||||
jellyfin:
|
jellyfin:
|
||||||
zachary: ENC[AES256_GCM,data:GIDgfsxhU4fZVjP/cTmTvIA1aeP4lbd3Fz6tbPLdyL37KD+IKERgkxJmGwtt9GNwnJBsHE/xpH8ZAvloS1DykZZtEaqB0H6wuA==,iv:FM0d4tiQPzyoEiqEQF5YvNeClHXOhP+q+TaKGeyg/TE=,tag:v+sYDwQiCX7o+g7plcnQFg==,type:str]
|
zachary: ENC[AES256_GCM,data:GIDgfsxhU4fZVjP/cTmTvIA1aeP4lbd3Fz6tbPLdyL37KD+IKERgkxJmGwtt9GNwnJBsHE/xpH8ZAvloS1DykZZtEaqB0H6wuA==,iv:FM0d4tiQPzyoEiqEQF5YvNeClHXOhP+q+TaKGeyg/TE=,tag:v+sYDwQiCX7o+g7plcnQFg==,type:str]
|
||||||
|
jellarr-env: ENC[AES256_GCM,data:BKbSibSD69MCaKr53fZrz9ICkiCjWiLeSezKrKiqlXnDGyQsfXFasNrAYQuwLse/7ZuoMGwKne9MI8LnTwrgnQiC0lc=,iv:URIeAYzOgutsy9HVc62iVbh1fqCpFXEL7cBBKrXT1ms=,tag:Vt1ilI+QVtLhcbZ0jQtwcQ==,type:str]
|
||||||
users:
|
users:
|
||||||
crown: ENC[AES256_GCM,data:6UAYcafxflvbsTXC1N3Ff0hAlWGjveYDUzbcXPSGfPX0uXg++bfjRwYo3JFgfJpJ/KN4MODPSxgjFAFnoZOnkyxk0UDSppDagQ==,iv:PWmxuj2caqRLASjftbl0tovNq2t1WoDoviJXs/OO8yI=,tag:EwJhROsHfj5cPkpxUCy+uw==,type:str]
|
crown: ENC[AES256_GCM,data:6UAYcafxflvbsTXC1N3Ff0hAlWGjveYDUzbcXPSGfPX0uXg++bfjRwYo3JFgfJpJ/KN4MODPSxgjFAFnoZOnkyxk0UDSppDagQ==,iv:PWmxuj2caqRLASjftbl0tovNq2t1WoDoviJXs/OO8yI=,tag:EwJhROsHfj5cPkpxUCy+uw==,type:str]
|
||||||
wireguard:
|
wireguard:
|
||||||
crayon: ENC[AES256_GCM,data:pQ4nOzcON+yCqgisBQO8LIdfi9GmXE9YcPzBRgu9Fdzx0R6p4dEK+DVBuDg=,iv:vq0uDgZlLwXVZMwE3xTWZDP20uaAcT4I0D7qLS61ApI=,tag:btVyZREPAgfcC694/Wusmg==,type:str]
|
crayon: ENC[AES256_GCM,data:pQ4nOzcON+yCqgisBQO8LIdfi9GmXE9YcPzBRgu9Fdzx0R6p4dEK+DVBuDg=,iv:vq0uDgZlLwXVZMwE3xTWZDP20uaAcT4I0D7qLS61ApI=,tag:btVyZREPAgfcC694/Wusmg==,type:str]
|
||||||
|
actual:
|
||||||
|
simplefin-token: ENC[AES256_GCM,data:FHfAQkF42euhwW6LVTahCOtCuyuvw9YDrJzzxXcV2I9afamuk1BFPIsWQijFo17BvJDCaUGAiiLATxqTlA0rpIe4OJP+4lypoSQMg/a4jFIKuwiWoMWLCJr6aKn8q58oYjxde4o3XOB8ThiVIe5Ml4wSgBlNJU7woAA7goUwIlVq4QR3FfSHMXLXsrVxypdnapguDKmQYv4f+FTEiHgVt40aj5ggk/avEsd7D3mFc0/pWVbzbGsIIvDgAPT89fNngxpmg1jllb2+3qd3Scy5Ibz03zDaZdN/5IrVyQCPwPgRikxk+Yx5twb7DafmCDXC,iv:qFxE4ZEQXxpzTez/qMyz89MswwJz7qjw2QfuaaJIDoU=,tag:jTKVOBFTg09cECtaOcPL9g==,type:str]
|
||||||
|
key: ENC[AES256_GCM,data:qRZqxLOkAif7/ALtGCWycAZ1x8rbhCclcfXY9m0vUDWk60+nECWbbuD+7jeO7ddQbsA06LfpdsFZ99MGHB5OoXd1sZHfS1dsTPEW0vG5JIFRVQfNOSdUlCBY/EAwcViXRaTluilQohlhnJhgFQw7syRTKglHrX+VWV9yBf2RB28LPRHgbnz6v5FkEgf0ZcFNiATN1kjBlfQcuvLPxEvgdh5j4BcndZH4KyH3C54ZNA14iw8MUpxDABSJH7YDp+5nNNDPD331aiyB3ttfxm60Iu5DNqUPHHORQWRXFCp9jAKxvVuTX/0FApsFQ9UtU3gI2fmoYUFStdLKBDplLObehb5XG5k7Euz0aoc9PkEaooPy4E6zRhbaJ/PGKD3APDX1wlVghe2+gGeLqDOu47qmyv6+6ysepZvYBkbBC1qjEaplnRLEM83AcYiHs36I/FE/ra4HYis92r0PBno1Si2kySE50AWX7nG52Kfy8jO04P2HzhYffaLvrn2fLb0ruN7RV6IlWYRyARHxsBo/omfmA/G7LCzHAKlgvSaWa/EbyCSNZ+pdCwmy5RA/fzOwnjy+X4waO3agMPVKmHfEKc2WB6AGPpFs22NRoQ/AP+DXvz3bf1o5qSSo4VDaB7+kqwy0FNgZqIcfvkzFUEW6ySiestsbQazb3J5/RPtPqUVoS9dW4Xtzwi2gVJAgbCRXmlJscg36knv02rEBl0rLG+Ex4EM77erBsR0I32nkQZyozMRndy32U/CFJ7PXmqUs7/CGmgP0+76Xca03rl7yykgyq6eBfEY5m9XxS8mh4YD+PzbV6P0HPqpHQqj2DvbzUr2FloX/tgZTDRrfLQ6qZoWds3k67z+0j5IkH4ESARpSF5+9L4DQW5RxbZD7rQR8EZYKI9kRI/Qtz4pYcaekMohiBpL0V8J9dFkcv4O1CtZQo/RWbFITO9tvMOb3eI2jjrpP6A+3Mmw3HyRAFNuKkT55DKtw6IhDHdxVuOmujAkGiMUyFZy4RkkmJpPLpphH7GmHgNKP2wRoAPL3m+7dufEEu8ovulIHWvu+kuR+gKlqlLTO8rbMUqbzLYH6QcwtQy7iamgwRH2ixMsAbQrX6cP9HOqwn9oZ0/kyJw1RZInP5EmYy613pyKSypHtJU8WU1jhcX3Qen/I9VPDGv1YpcDx0aZrAZ9UtYLRsdgSd1rhC+nMtD7Kk60mdBHy4hTI14rWIovQoEwFm2Je3PnKwam5jnVWa215gIIquqJor0YQR7tO+JG21yIFkevDA3a/YgpuuXmYSp+KRrCsEvYeVGHUPQG4HTrmG1MWyRodcO5DdKqmZRCXMLIwPs5YCSF2in1gRDefJuXsgLX6pzo5OMqJzCAC4EiZcYz0fGXvvCmYSEpuO5qjYQA3ZKv/YIKDiubyhgoaLpKnZ7ZOGIpZIk7iJOQx2MS6G1PnZAGfLw7lc2YKMj6qTWrLbfzD+1HoJVSnc9qjC6M2NDVwODSs7cxRaqjtrrD0uvMwHoX/tq6JUR1ZoUg097iuEJc9WzHYaEUNrAuK/29paQRwaUjou6JL4URwwnywmgh0QbBc5DZ9Q0Qhb2NttHFX1moVpKTw4CeXxQwjAXGVkRcth7fon7RI06Bd1B3k+Yxp1HacFBVz4uHCdD7LvRg5OP0odNQqOMqc7HV9EGefazvHP/NXbEXAnd+MVLRpZPm5qgK+O3afUgAfFn5WzRhe5lnhpDnE+kKlr7G8equOjaEyATpvh/X70x77r7Y04vlfC/iXdOPBd/50hC79WKSaamX9uIADIkH1JNdr+TS8eN8JoxUfTrZWYRBEH5ojdjzK4U7uNNRglS64sEXI5ocj/iAtEkqtUL+sTybn70WDgAONum234ugD+8YWZggGGvHENeEFbCMOfVrO7OLqX8ptTgtGobpqegzUlUNbg5hdJELIoqFDTkxWjtO0X0cDmiAFsdQLGyUhSO9rYEgpsObcdA8YxBw2SMX4yjPy9n6J9nJqrK69hbJaJgB10/9AYV3J9t9JkwnjUrXkCvHgHRo43RACgmpIEy6+joBRqnGx9KKMPLi5x9vQINSeKd9z/dz38XBwWHGyg9P7T8Qo/JamWjaXTCfhvWC5y2tu/A79WOVYpNBsA1BlpNhpOd3gPO91s9mXjjObMMIcOoRRXjQPYiznuF65Fs8UO8B9W3VFgTkV1NAILRTHW09xkJRm4jnKbkyYhFqPa4q6+mN+poFxC+bA+rIBD2Du9vQcyLRWD/e2W0cID8Hcn3jnRsGkP/B1HKE33BPgOCZVLq2WdBGOWUOkkPOuXFo54/1XYIHFDQXVydeHAPuRnKjsaOMmIZpJChy9iAI5Hehf+LYqGmB0AAHnSAek8HAXyLXWrKquej1+2Qd1a6Xp1f88h83my/ijvDtyZgTing5aJ6MFRuuzewIR6HqC0YVQgjWdS4vqbWULfwVCqg1gWh4gfc7n7Q8S9id1PYoLqUV586SQ4vpakgTetPiCLa3lav0mxyzgkJA6qWwPu5a57T18fDiRabTTspO+rp4kqR72jBJt0Him5vqc8a5lcDBBJ5z4dHzb5NgaGKeiZQRGGclFDZsqww0BCBSlBYoKM/3RnEnOv8yWvx76CmWGO/rZqMv6Bcd5u+QEx5eX10Qs8cXHgPBdu42EUKNggz/OKGSQKTs+fwJhAdVcw1gzIz9nFoqcTM2qrgk7GFBVUJ9HPXV9KKQjTPSqBjlNxexYkYC0Gb5wqebZJ9ftSgSiXNFrPkpDpSebWeGvcVvXzxEVO+RYGzrItvhYTt8p4NtblQ7/hKsD8qu7ey5jmcdAENqSsDS01/4UOQQivG3WoYctCklpI191cbnddg4v7TYXCTrcRjAixugwv7OQU9bdnpn91sVaAglvKIdau+7PDyYwGHh98Krv+VcWzCakBlSQpUywavaaoBO2GOxWB/E5++UvILWFxXo3MIRfQCu3Iut9Q6aRoFtcxF3+I4wH9CLgG5MEaRVKDKnS1BQUpNwAtT+DoYzdT8roSMH5M1vEC0MdFhoSpL9pek7kFnXYNJKsCmS3VmRuFXcC+f2pqjKmmkyM9jHdLJFpgFua3cyMwYVyNTtL7Xg2w1qJytgvdz8kNGKo0nxj75O3jNAK1zV5csO2/bANO745cpXqwQGRKIEtM0b02n3YS2vXvZKZGkFoKUBJXY6kPaizY1zHxrSvVIVTqo7Vr/ClPNInaqiyof0UiPcfaiYGk/WvJqNSfWewcPUU9fTfUSmbPJkmmg1QEWrsbvHihs2Qmb7m0FzQoAXO2buYtrbj2tKzovoJRWiIeNTCgWmhLMea1MB5/viX1t8ODdYyJrqtwqFKgQgvuUFiBzqMENkTemiIxDxDS2v3T50tBkuGLg748v7s60cHxtBduGm/N5/2lYmiyl6OIKBefxo6klqRKvLh5IvNOU4SlKib6WKU1S4uv5ddEEg8myUlWgbzEEEJwNkeBncm+HtBBYEz6ud6ZE9oCd+U8xa61qFhOnVkXfhDeGeif5hvOPbyn9QFwZa0Obi/QtHbP/JJKmD6fKxEDyGBLiaUGWlJ4tYEuj1Wjahv01N6ZPc419uT6EOM3C7FgLRiTQIfENdmjKEw3A80VfiE+O0RBJpKXACB+wEnPAP/IVpD7RSZRFfD3aQdurH45rinvD8md2ynvMXrqVysnTiHaMBfZGdco6XVw1wgg6Bh9/2q0mp2c3hRkLXuEOfD6C78rmzn480B2V0I9IM0kxsLJTKLvVtMF2EnZDF3h0eGWNwTr8BaYwtCjjTpBSnuIFP3tBB9YYjeYz1fRM2O7IBx1FhEgqwtR/VWQuuB1fm6XQG5NPaW335qq3WwwtKphF8oVD9mPKQwlkqa/qmi57AfdGPjbsBysYb1pS0MixNgLiIHun1RZQNq23hGCJ93m0TD+7MiGMA6gHn61rM8OnXiaexUFspnidf6tww8leFTBr0wYwG9Cv3DEtaxJ7L+0Tw3GXYr5JR5i1WXHGmz6qYUDTAGD4yKqCmzPm/UQnbL8x7nbXnlql5eJGZjqXJGQW+DXjY8aKKakxHum+ziCr/+OSrIL7P2qd8QVGBm2v9OoIkr1FsFkpITEmGwo8TNj17h9rzaXEhtaG4hyipnWTfa/5o3niUDOz3wAVRsxEXycfL0vMcZg7sf6nFKtrsfF0k4M7WKlRbFyyKtpBZB+JiOeF3bCT3FDCw8K0XKzklISB+CF6qZ3Bdo8natv620NgvdGsQAv28YDG77YXt8ez9Vxmat0IfFvEcgpXBH7ey8jAA5spI6iPPmDm2wD6NLYizdpiva8gtx3TYCLuW3n94rgfRerPniuvxT3fHsxT+yxlUCCE0skULYMTUDsRTrRKA=,iv:GkP8nwiu9uYSSfCiNFCOyIYtmGzz4E8OgQ4FE2zlb2A=,tag:HtB0DXWVJXzfTJrF+RtoYQ==,type:str]
|
||||||
|
cert: ENC[AES256_GCM,data:ch4GfbWQLpiIobynNbUDA2xagy6VBAdDESvPiDgvVcVExmiMVffM4kCQo4HMWESVkuis/+/2Dmmmo7MrjsDbSP5Rv4YtVAcAxiY/iMRE1YedqkB67gjaD/qnoI0Kj984FP5jlzc2ggsfouGrhPdtNpjkDo6iicAldtmhqnD+uFHVwW3zZn6JPFBVddfsU4zb+VmKg/oyJW8xwICuXCJUFW0lLAjxxg1fBOZDbKFjWXmcEN+EikVKQYqE0j/O2qtwx6z9PXgNpMMnda/Jg5ESMJx2Cgksuw7KCjo5gwkJ17gfNR+23icnJyq00zz2bZdzpycJzVF8+tAaAS9itM8EhJrdeWaIBBfD23T3KB84xCjxrhjd9od2uUjfpioXi5EaCeY8OqUaqzY3lz/x8HiZvRqchDktakxiND0k4CTevQoG6nSQbo65QzGXWRhs0NO5ji4sH8lEcDBlsajeVX+2D5fd4vRm8FGy1eirz1IApsXyDWpdeNsJQkc30mg6oqVHIEtj0Vo9C0yak0bmTV3qk8OSSGBUilLtIiGWDJ/iBMNW59q9gj0DG4ylSNCgRA5MR5n42+D9/n6IsuOhAd9ztqs+m5NECsEG4EuggpKXMDY2qkp1dBDUJgTf/KP/1un4V+h7/sbjQHTtxExIXfFNB6MRYtftLGcjWOjtzGnYr/6keOARqW882CjL/9SQz0/sBsXkCgguOjjej8e7ymlNppxZYRK+0NHzrMvOqQTUHis6o1GWamS7HelTF5dGcecJniV/R+QlpXkk78O4X7MljY/hTlur3WSJJ2QupAxw59jwRroGFi5zfZY5udecfX33k/CKzSuwWdiWbYKoYAkssHcb66Xa4nlUvukbcEtNeX7ijl/TXQ4uZMnHFKa43bkccLZqsC+PY9cutv4W0YrKWGLtG+pHZD/2J7g3aZJHl5cyaTpe/wKTjJTw+UFAFvNFmP+Dua/Vjt9rsWikQNXVdtroKZ9Na9e/OlKlnQH2nctkBOttlR2fraoFy7CBNRpLDG10lRo8kpb0lmtshKYVQ8nVReiMbj7ofy2ugrbvvPYQ+vZdEUkLiH/mZRuWwSxpO71stFy0owbcimcJfsmsvrsIEFxzBeY12HngeihrhIAvg6BIRHGoniaKky0ScyyjN6s5WwgQVhtkoLL9op+Yqg/m6auZAtBiRC6lTx0T/UzzJKIACzs56a5J52ztKvK9yv9VNCopD1IqXXgpxYVTIl4x2gFmNSt1LZ9RaPkKZyW250igNhG6Ybggjx00TXxq9rZlmlbVUxQ8wy0OFeHGmBvcS2bCCBHTsRq/kDMPeLzahfgbi0O0KN/dm5qdh61gzTwy3smVgmhOJRyqoV4/pMpYy17irIsDlrUJkOoOik7MaxKMQTNAh/VavhyDV3d9S4DOTgX2J1NZbIcJZf8y6SLPcsPXZb2JOuDiUc/8nAhrW35jydeF875qnypjfxG6UJ6A4WtE6JNw02pcAbD+l8jNa1xMFW0Av8njp05g1O4EhE9iHYRqYyiAYzvx40sR9C1C7V/mDqNzA9IUy7a1q33eAY8lHOe8v8mGbmWsF6xwnquZFdMfh9Ukh2EeGg2TwtU8KEQVmGMyhpkAG0gk8VEg7CO3DC3AykZVNNmP4RTFzlG53zWWY7Bei/kia4/SgLukcRuV9dXhGM8hSryqzjF6SzY8KG6hjhaHRngBbWW0RGp9E5SjxuhGPExhfiJbg8zycEls7yXrNYGOQjjv71w37KpN2EKqrhEAcwdtISJ3/MUO9jk4K4EkbG1DRoEHEu0Z3wcPCGC9bjhtiKX9x6uB0syv2rLT7WzGq1orHaZsWzBXd47ygGCaaOpxoRLWOH7vW2G3TNlw4zibZg6TN8PzH/rYGEJnYtpT6oGNkMAXw3KwDVFWX3dUrsEiJFIGRuVm1gcRU4sb/Qn88JTvlUHbL/67cr7fEhG2ZB2posW9XPH150sRbBBhCqpqssiZV9EsneaR1WfRk5HIadCZvLkwn/xO4llkjUkav/9Y6UHQd32MHCivDXEnVTDjow7kqCy2wcxADxwXiKMEOOBGfB7kZkKW5F50XP9OLbwoYCg1qjBNxqRV+6esreDduIqEvwa5oXkbCRvBLoEkDjaJA2P5cRgRuKPARezdG4qaChqgROmjzdaGoAbgBwAqZBvLKERA7t+IU0/0xs+lj97asTf4CAg7kJNCDgZyeCYGSmSHwCgNf8hYyzHQyiV3VDQSfkeQ5RbeMT5+LscvzCJmGKHoJXnfvGaRToRAZL3YIwbvWPdBUHqgSl4tjZGxQf5ySOC7yyYWkXEKCApIcPBXr+x3yA7v6o5YGrF2YexJwVw646mt2BWtG25niml3PxcIOiDfBcvDEKCEWzw0j9gmbwObUMHmk2cC+VcqumMj9He+CcwEhotnu8a/HSQoeI+BCNnLVi+nuiGD1wIlE6lChXkcwDJxgV2QlNB2zGv5PQKeC+wZj70ZAJrWG0CKEW1EXtpSDQeNeCz3kdqSuCgdY8x/c2AcZ3thv4QwnVVq7oPkfXx3bXkA2RQWQLOfGPQ0tWkuoOuJp88k0P6QELL06qGB0EEDaiOlZ1oy2OZPxa85fVII0yv4lnC/AhBSaw2nKRZnfubiqxIs47tQx5+WumiGOyhPGz9SKC1946kaWX9Kcr5Ff6JSY+M1QirYED+6nWp7YV8m/+NcKNaI1e/tR6etK2c1UC5DGeaLHecq3Ydw5FmmXA==,iv:JP6EyqCQupdLQmES8BnHw8V0LP37lok9evZQoOnb3Jg=,tag:a5MLxJc2F+qzUV0QXTijxg==,type:str]
|
||||||
sops:
|
sops:
|
||||||
kms: []
|
kms: []
|
||||||
gcp_kms: []
|
gcp_kms: []
|
||||||
|
|
@ -48,8 +53,8 @@ sops:
|
||||||
NTUrY2pDQXJuTnREakRWQkFqckN2M2MKSonhOJsqcY/HDY+d25rEPwKSl3FSOpkW
|
NTUrY2pDQXJuTnREakRWQkFqckN2M2MKSonhOJsqcY/HDY+d25rEPwKSl3FSOpkW
|
||||||
EJFXcKKTiJB96Ms5yDGRAtUvbqw/oSBbdGTqe7bE7pQhfj3Y8ECz4w==
|
EJFXcKKTiJB96Ms5yDGRAtUvbqw/oSBbdGTqe7bE7pQhfj3Y8ECz4w==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
lastmodified: "2025-11-26T18:38:21Z"
|
lastmodified: "2025-12-18T23:40:12Z"
|
||||||
mac: ENC[AES256_GCM,data:V3lKQj0ZWIPl2RPpnv7tRBG8sH6W9+rfnPy0z6g+3SZGmKtwhcgqVBG/VPMKhuyseNZ4vxE23lD7Ol44PchMgd/OCJqJF6TUl3A4LIqkK8Ji0m0cPcC3hsFaI8rChkWcLse30qcoQov4NbP7yElpf76Bh/NqBFgOqCjDD0Pp/NU=,iv:897reifxaub96UDCKCsWNxabVCSzYLmsIrrkXCxBgoM=,tag:0d4iQhLA/YxR7wrtUVxXqA==,type:str]
|
mac: ENC[AES256_GCM,data:lM5af9T9tVkhkIIC260uy+lQQHru27t2R85allep0GtKqRvlhhCBbCnstylBL+GBuJsUS3koF6ycHSRUFuqJyYmeDO9jjLGtggQJbb03TbRVIn8AU5+0g8ytM8rBoyJ8qDv6tAQddpNhA9WHGbLgnQ0RX8xN5ZqpECHDyFsKeGs=,iv:W96ZhbNOe/jbJCJHwjLWxhYYJOkU1/bR6YGPqjdKavk=,tag:Z9JZ02ssfJeKQ6L6/PNLHQ==,type:str]
|
||||||
pgp: []
|
pgp: []
|
||||||
unencrypted_suffix: _unencrypted
|
unencrypted_suffix: _unencrypted
|
||||||
version: 3.9.1
|
version: 3.9.1
|
||||||
|
|
|
||||||
|
|
@ -73,7 +73,7 @@ pkgs.mkShell {
|
||||||
-commit
|
-commit
|
||||||
|
|
||||||
# push flake config to a remote server(s)
|
# push flake config to a remote server(s)
|
||||||
nix run github:serokell/deploy-rs . # this needs to be the same version that the flake is using
|
nix run github:serokell/deploy-rs .#$1 # this needs to be the same version that the flake is using
|
||||||
'')
|
'')
|
||||||
];
|
];
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue