xun/nixos-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

some reorganizing

Browse source
This commit is contained in:
xunuwu 2025-01-16 10:08:58 +01:00
parent df9e8ae8bf
commit 113e015135
Signed by: xun
SSH key fingerprint: SHA256:Uot/1WoAjWAeqLOHA5vYy4phhVydsH7jCPmBjaPZfgI
182 changed files with 443 additions and 449 deletions
Download patch file Download diff file Expand all files Collapse all files

38
sys/machines/hopper/default.nix Normal file
View file

@ -0,0 +1,38 @@
{
inputs,
systemProfiles,
...
}: {
imports = with systemProfiles; [
inputs.hardware.nixosModules.common-cpu-intel
inputs.vpn-confinement.nixosModules.default
./hardware.nix
./lab
secrets.default
secrets.hopper
core.security
core.locale
core.tools
core.ssh
core.deploy
nix.default # TODO slim this down
network.tailscale
network.avahi
network.networkd
# services.syncthing # TODO make syncthing not rely on having "xun" user
];
networking.hostName = "hopper";
swapDevices = [];
networking.interfaces.eno1.wakeOnLan.enable = true;
system.stateVersion = "23.11";
}

58
sys/machines/hopper/hardware.nix Normal file
View file

@ -0,0 +1,58 @@
{config, ...}: {
nixpkgs.hostPlatform.system = "x86_64-linux";
## nvidia gpu
#services.xserver.videoDrivers = ["nvidia"];
#hardware.nvidia = {
# modesetting.enable = true;
# package = config.boot.kernelPackages.nvidiaPackages.stable;
#};
boot = {
blacklistedKernelModules = [
"xhci_pci" # was causing issues (100% udevd cpu usage)
];
initrd = {
availableKernelModules = [
"ehci_pci"
"ahci"
"usb_storage"
"usbhid"
"sd_mod"
];
kernelModules = [];
};
kernelModules = ["kvm-intel" "wireguard"];
extraModulePackages = [];
loader = {
systemd-boot = {
enable = true;
configurationLimit = 10;
};
efi.canTouchEfiVariables = true;
};
};
fileSystems = {
"/" = {
device = "/dev/disk/by-uuid/1297e638-f2ff-49a2-a362-314ac7eeaabc";
fsType = "btrfs";
options = ["subvol=root" "compress=zstd" "autodefrag" "noatime"];
};
"/home" = {
device = "/dev/disk/by-uuid/1297e638-f2ff-49a2-a362-314ac7eeaabc";
fsType = "btrfs";
options = ["subvol=home" "compress=zstd"];
};
"/nix" = {
device = "/dev/disk/by-uuid/1297e638-f2ff-49a2-a362-314ac7eeaabc";
fsType = "btrfs";
options = ["subvol=nix" "compress=zstd" "noatime"];
};
"/boot" = {
device = "/dev/disk/by-uuid/8D4C-2F05";
fsType = "vfat";
};
};
}

572
sys/machines/hopper/lab/default.nix Normal file
View file

@ -0,0 +1,572 @@
## TODO look into sops-nix placeholders
## reference: https://github.com/javigomezo/nixos/blob/b3ebe8d570ea9b37aea8bb3a343f6e16e054e322/services/network/authelia/user_database.nix
{
pkgs,
inputs,
config,
lib,
...
}: let
l = lib // builtins;
domain = "xunuwu.xyz";
caddyPort = 8336;
slskdUiPort = 23488;
caddyLocal = 8562;
ncPort = 46523;
kanidmPort = 8300;
in {
imports = [
./samba.nix
];
## TODO use kanidm
## TODO use impermanence
## TODO setup fail2ban mayb
users.groups.media = {};
users.users.media = {
isSystemUser = true;
group = "media";
};
security.acme = {
acceptTerms = true;
defaults.email = "xunuwu@gmail.com";
certs = {
${domain} = {
domain = "*.${domain}";
dnsProvider = "cloudflare";
reloadServices = ["caddy.service"];
credentialFiles.CF_DNS_API_TOKEN_FILE = config.sops.secrets.cloudflare.path;
extraDomainNames = [domain];
};
"kanidm.${domain}" = {
domain = "kanidm.${domain}";
group = "kanidm";
dnsProvider = "cloudflare";
reloadServices = ["caddy.service" "kanidm.service"];
credentialFiles.CF_DNS_API_TOKEN_FILE = config.sops.secrets.cloudflare.path;
};
};
};
## make sure vpn connection is reasonably fast
## god, there has to be a proper, not horrible way of doing this
# systemd.services."wg-speedcheck" = {
# serviceConfig = {
# Type = "oneshot";
# ExecCondition = "${config.systemd.package}/bin/systemctl is-active wg.service"; # horrible, horrible hack, theres 100% a better way
# ExecStart = pkgs.writers.writeBash "wg-speedcheck.sh" ''
# echo "running test in netns"
# vpn_result=$( ${pkgs.iproute2}/bin/ip netns exec wg ${pkgs.speedtest-cli}/bin/speedtest --json )
# vpn_download=$( echo "$vpn_result" | ${l.getExe pkgs.jq} '.download' )
# vpn_upload=$( echo "$vpn_result" | ${l.getExe pkgs.jq} '.upload' )
#
# echo "running test outside of netns"
# normal_result=$( ${pkgs.speedtest-cli}/bin/speedtest --json )
# normal_download=$( echo "$normal_result" | ${l.getExe pkgs.jq} '.download' )
# normal_upload=$( echo "$normal_result" | ${l.getExe pkgs.jq} '.upload' )
#
# download_ratio_is_more_than_half=$( echo "$vpn_download / $normal_download > 0.5" | ${l.getExe pkgs.bc} -l | tr -d '\n' )
# upload_ratio_is_more_than_half=$( echo "$vpn_upload / $normal_upload > 0.5" | ${l.getExe pkgs.bc} -l | tr -d '\n' )
#
# if [[ "$upload_ratio_is_more_than_half" == "0" || "$download_ratio_is_more_than_half" == "0" ]]; then
# echo "ratio is insufficient, restarting vpn"
# systemctl restart wg.service
# exit
# fi
# echo "ratio is sufficient"
# '';
# };
# };
# systemd.timers."wg-speedcheck" = {
# wantedBy = ["timers.target"];
# timerConfig = {
# OnCalendar = "0/2:00:00";
# Unit = "wg-speedcheck.service";
# };
# };
vpnNamespaces."wg" = {
enable = true;
wireguardConfigFile = config.sops.secrets.wireguard.path;
accessibleFrom = [
"192.168.0.0/24"
];
# Forwarded to my vpn, for making things accessible from outside
openVPNPorts = [
{
port = caddyPort;
protocol = "tcp";
}
{
port = config.services.slskd.settings.soulseek.listen_port;
protocol = "both";
}
{
port = config.services.transmission.settings.peer-port;
protocol = "both";
}
];
# From inside of the vpn namespace to outside of it, for making things inside accessible to LAN
portMappings = let
passthrough = [
caddyPort
slskdUiPort
1900 # jellyfin discovery
7359 # jellyfin discovery
config.services.transmission.settings.rpc-port
80 # homepage
];
in (l.map (x: {
from = x;
to = x;
})
passthrough);
};
networking.firewall = {
allowedUDPPorts = [1900 7359]; # Jellyfin auto-discovery
allowedTCPPorts = [
# caddy lan ports
80
443
2345
];
};
systemd.services.caddy.vpnConfinement = {
enable = true;
vpnNamespace = "wg";
};
services.caddy = {
enable = true;
virtualHosts = builtins.mapAttrs (n: v:
{
useACMEHost = domain;
hostName = "${n}.${domain}:${toString caddyPort}";
}
// v) {
jellyfin.extraConfig = "reverse_proxy localhost:8096"; # TODO setup proper auth
kanidm = {
useACMEHost = null;
# hostName = "kanidm.xunuwu.xyz:${toString caddyPort}";
extraConfig = ''
reverse_proxy https://127.0.0.1:${toString kanidmPort} {
header_up Host {upstream_hostport}
header_down Access-Control-Allow-Origin "*"
transport http {
tls_server_name ${config.services.kanidm.serverSettings.domain}
}
}
'';
};
slskd = {
useACMEHost = null;
hostName = ":${toString slskdUiPort}";
extraConfig = ''
reverse_proxy localhost:${toString config.services.slskd.settings.web.port}
'';
};
dash = {
useACMEHost = null;
hostName = ":80";
extraConfig = "reverse_proxy localhost:${toString config.services.homepage-dashboard.listenPort}";
};
# nextcloud.extraConfig = "reverse_proxy localhost:${toString ncPort}";
other = {
hostName = ":${toString caddyPort}";
extraConfig = ''
respond 404 {
body "uhh that doesnt exist, i hope this isnt my fault.."
}
'';
};
};
};
# systemd.services.authentik.vpnConfinement = {
# enable = true;
# vpnNamespace = "wg";
# };
# services = {
# authentik = {
# enable = true;
# environmentFile = config.sops.secrets.authentik.path;
# settings = {
# disable_startup_analytics = true;
# avatars = "initials";
# };
# };
# authentik-ldap = {
# enable = true;
# };
# };
# services.keycloak = {
# enable = true;
# settings = {
# hostname = "keycloak.${domain}";
# };
# database.passwordFile = config.sops.secrets."keycloak/db".path;
# };
# needed for deploying secrets
users.users.lldap = {
group = "lldap";
isSystemUser = true;
};
users.groups.lldap = {};
services.lldap = {
enable = true;
environment = {
LLDAP_JWT_SECRET_FILE = config.sops.secrets."lldap/jwt".path;
LLDAP_LDAP_USER_PASS_FILE = config.sops.secrets."lldap/password".path;
};
settings = {
ldap_base_dn = "dc=xunuwu,dc=xyz";
};
};
# services.nextcloud = {
# enable = true;
# appstoreEnable = true;
# autoUpdateApps.enable = true;
# https = true;
# hostName = "localhost";
# package = pkgs.nextcloud30;
# database.createLocally = true;
# configureRedis = true;
# extraAppsEnable = true;
# extraApps = {
# inherit (config.services.nextcloud.package.packages.apps) calendar;
# };
#
# config = {
# adminuser = "admin";
# adminpassFile = config.sops.secrets."nextcloud/admin_pass".path;
# dbtype = "pgsql";
# # commented so we just use the default sqlite
# # dbhost = "/run/postgresql";
# # dbtype = "pgsql";
# };
# settings = {
# default_phone_region = "SE";
# trusted_domains = ["127.0.0.1" "nextcloud.${domain}"];
# };
# };
# systemd.services.nginx.vpnConfinement = {
# enable = true;
# vpnNamespace = "wg";
# };
#
# services.nginx.virtualHosts."${config.services.nextcloud.hostName}".listen = [
# {
# addr = "127.0.0.1";
# port = ncPort; # NOT an exposed port
# }
# ];
# systemd.services.phpfpm-nextcloud.vpnConfinement = {
# enable = true;
# vpnNamespace = "wg";
# };
#
# systemd.services.nextcloud-setup = {
# requires = ["postgresql.service"];
# after = ["postgresql.service"];
# };
systemd.services.homepage-dashboard.vpnConfinement = {
enable = true;
vpnNamespace = "wg";
};
services.homepage-dashboard = {
enable = true;
widgets = [
{
resources = {
cpu = true;
disk = "/";
memory = true;
};
}
];
services = [
{
"Obtaining" = [
{
"transmission" = {
href = "http://${config.networking.hostName}:9091";
icon = "transmission";
};
}
{
"slskd" = {
href = "http://${config.networking.hostName}:23488";
icon = "slskd";
};
}
];
}
{
"Services" = [
{
"jellyfin" = {
href = "https://jellyfin.xunuwu.xyz";
icon = "jellyfin";
};
}
{
"lldap" = {
href = "http://${config.networking.hostName}:${toString config.services.lldap.settings.http_port}";
icon = "lldap";
};
}
# {
# "nextcloud" = {
# href = "https://nextcloud.xunuwu.xyz";
# icon = "nextcloud";
# };
# }
];
}
];
};
systemd.services.jellyfin.vpnConfinement = {
enable = true;
vpnNamespace = "wg";
};
services.jellyfin = {
enable = true;
};
services.prometheus = {
enable = true;
port = 9001;
extraFlags = ["--storage.tsdb.retention.time=30d"];
scrapeConfigs = [
{
job_name = "node";
static_configs = lib.singleton {
targets = ["127.0.0.1:${toString config.services.prometheus.exporters.node.port}"];
};
}
{
job_name = "systemd";
static_configs = lib.singleton {
targets = ["127.0.0.1:${toString config.services.prometheus.exporters.systemd.port}"];
};
}
{
job_name = "tailscale_client";
static_configs = lib.singleton {
targets = ["100.100.100.100"];
};
}
# TODO figure out why i cant connect to slskd locally
# {
# job_name = "slskd";
# static_configs = lib.singleton {
# targets = ["127.0.0.1:${toString slskdUiPort}"];
# };
# }
];
};
services.prometheus.exporters = {
node = {
enable = true;
enabledCollectors = ["systemd"];
};
systemd.enable = true;
# wireguard = {
# enable = true;
# wireguardConfig = config.sops.secrets.wireguard.path;
# };
# nextcloud = {
# enable = true;
# tokenFile = config.sops.secrets."prometheus/nextcloud".path;
# url = "https://nextcloud.${domain}";
# };
};
systemd.services.slskd.vpnConfinement = {
enable = true;
vpnNamespace = "wg";
};
services.slskd = {
enable = true;
environmentFile = config.sops.secrets.slskd.path;
domain = null; # why isnt this the default?
settings = {
metrics = {
enabled = true;
authentication.disabled = true;
};
remote_file_management = true;
shares.directories = ["/media/library/music"];
soulseek = {
listen_port = 14794;
description = "";
};
global = {
upload = {
slots = 50;
speed_limit = 10000;
};
download.speed_limit = 10000;
};
};
};
systemd.services.transmission.vpnConfinement = {
enable = true;
vpnNamespace = "wg";
};
services.transmission = {
enable = true;
package = pkgs.transmission_4;
performanceNetParameters = true;
settings = let
mbit = 125;
in {
speed-limit-up-enabled = true;
speed-limit-up = 100 * mbit;
speed-limit-down-enabled = true;
speed-limit-down = 150 * mbit;
rpc-authentication-required = true;
peer-port = 11936;
rpc-bind-address = "0.0.0.0";
rpc-whitelist = "127.0.0.1,192.168.\*.\*";
};
credentialsFile = config.sops.secrets.transmission.path;
};
# TODO use this for sso with some things maybe
# services.tailscaleAuth = {
# enable = true;
# user = config.services.caddy.user;
# group = config.services.caddy.group;
# };
systemd.services.kanidm = {
vpnConfinement = {
enable = true;
vpnNamespace = "wg";
};
serviceConfig = {
InaccessiblePaths = lib.mkForce [];
};
};
boot.kernel.sysctl."fs.inotify.max_user_watches" = 524288;
services.kanidm = {
package = pkgs.kanidm_1_4.override {enableSecretProvisioning = true;};
enableServer = true;
serverSettings = {
domain = "kanidm.${domain}";
origin = "https://kanidm.${domain}";
bindaddress = "127.0.0.1:${toString kanidmPort}";
ldapbindaddress = "[::1]:3636";
trust_x_forward_for = true;
tls_chain = "${config.security.acme.certs."kanidm.${domain}".directory}/fullchain.pem";
tls_key = "${config.security.acme.certs."kanidm.${domain}".directory}/key.pem";
};
provision = {
enable = true;
adminPasswordFile = config.sops.secrets."kanidm/admin_pass".path;
idmAdminPasswordFile = config.sops.secrets."kanidm/idm_admin_pass".path;
persons = {
"xun" = {
displayName = "xun";
legalName = "xun";
mailAddresses = ["xunuwu@gmail.com"];
groups = [];
};
};
};
};
# systemd.services.kanidm = {
# vpnConfinement = {
# enable = true;
# vpnNamespace = "wg";
# };
# serviceConfig = {
# RestartSec = "60";
# SupplementaryGroups = [config.security.acme.certs.${domain}.group];
# PrivateNetwork = l.mkOverride 40 false;
# ProtectControlGroups = l.mkForce false;
# RestrictNamespaces = l.mkForce false;
# LockPersonality = l.mkForce false;
# CapabilityBoundingSet = l.mkForce [];
# # TemporaryFileSystem = l.mkForce [];
# };
# };
#
# services.kanidm = {
# package = pkgs.kanidm.override {enableSecretProvisioning = true;};
#
# enableServer = true;
# serverSettings = let
# subdomain = "kanidm";
# kdomain = "${subdomain}.${domain}";
# certDir = config.security.acme.certs.${domain}.directory;
# in {
# domain = kdomain;
# origin = "https://${kdomain}";
# bindaddress = "0.0.0.0:${toString kanidmPort}";
# # ldapbindaddress = "[::1]:636";
# trust_x_forward_for = true;
# tls_chain = "${certDir}/fullchain.pem";
# tls_key = "${certDir}/key.pem";
# ## TODO online_backup mayb
# };
#
# provision = {
# enable = true;
#
# adminPasswordFile = config.sops.secrets."kanidm/admin_pass".path;
# idmAdminPasswordFile = config.sops.secrets."kanidm/idm_admin_pass".path;
#
# persons = let
# mainUser = "xun";
# mail = "xunuwu@gmail.com";
# in {
# ${mainUser} = {
# displayName = mainUser;
# legalName = mainUser;
# mailAddresses = [mail];
# groups = [
# "slskd.access"
# "slskd.admins"
# ];
# };
# };
#
# groups = {
# "slskd.access" = {};
# "slskd.admins" = {};
# };
#
# # systems.oath2 = {
# # slskd = {
# # displayName = "slskd";
# # originUrl = "https://";
# # };
# # };
# };
# };
## TODO: add forgejo
}

65
sys/machines/hopper/lab/samba.nix Normal file
View file

@ -0,0 +1,65 @@
{config, ...}: {
# only used for samba
users.groups.xun = {};
users.users.xun = {
isSystemUser = true;
group = "xun";
extraGroups = ["transmission" "vault" "media"];
};
users.groups.vault = {};
systemd.tmpfiles.rules = [
"d /srv/vault 0770 root vault -"
];
services.samba = {
enable = true;
openFirewall = true;
settings = {
global = {
"log level" = 6;
"log file" = "/var/log/samba/samba.log";
"server string" = config.networking.hostName;
"hosts allow" = "192.168.50.0/24";
"map to guest" = "bad user";
};
transmission = {
path = "/var/lib/transmission";
browseable = "yes";
"read only" = "yes";
"guest ok" = "no";
"create mask" = "0664";
"directory mask" = "0775";
};
vault = {
path = "/srv/vault";
browseable = "yes";
"read only" = "no";
"guest ok" = "no";
"create mask" = "0660";
"directory mask" = "0770";
"force user" = "xun";
"force group" = "xun";
};
slskd = {
path = "/var/lib/slskd";
browseable = "yes";
"read only" = "no";
"guest ok" = "no";
"create mask" = "0660";
"directory mask" = "0770";
"force user" = "slskd";
"force group" = "slskd";
};
library = {
path = "media/library";
browseable = "yes";
"read only" = "no";
"guest ok" = "no";
"create mask" = "0666";
"directory mask" = "0777";
"force user" = "media";
"force group" = "media";
};
};
};
}

41
sys/machines/kidney/default.nix Normal file
View file

@ -0,0 +1,41 @@
{
specialArgs,
systemProfiles,
homeSuites,
...
}: {
imports = with systemProfiles; [
./wsl.nix
./hardware.nix
./fonts.nix
core.tools
core.users
core.locale
programs.tools
programs.zsh
programs.home-manager
hardware.graphics
services.flatpak
services.xdg-portals
nix.default
nix.gc
{
home-manager = {
users.xun.imports = [
homeSuites.kidney
{home.stateVersion = "24.05";}
];
extraSpecialArgs = specialArgs;
};
}
];
networking.hostName = "kidney";
system.stateVersion = "24.05";
}

18
sys/machines/kidney/fonts.nix Normal file
View file

@ -0,0 +1,18 @@
{
pkgs,
self,
...
}: {
fonts = {
packages = with pkgs; [
font-awesome
iosevka
emacs-all-the-icons-fonts
self.packages.${pkgs.system}.cartograph-cf
];
enableDefaultPackages = false;
fontconfig.defaultFonts = {
monospace = ["Iosevka"];
};
};
}

3
sys/machines/kidney/hardware.nix Normal file
View file

@ -0,0 +1,3 @@
{
nixpkgs.hostPlatform.system = "x86_64-linux";
}

11
sys/machines/kidney/wsl.nix Normal file
View file

@ -0,0 +1,11 @@
{inputs, ...}: {
imports = [
inputs.nixos-wsl.nixosModules.default
];
wsl = {
enable = true;
defaultUser = "xun";
startMenuLaunchers = true;
};
}

107
sys/machines/nixdesk/default.nix Normal file
View file

@ -0,0 +1,107 @@
{
lib,
inputs,
systemProfiles,
specialArgs,
self,
homeSuites,
...
}: {
imports = with systemProfiles; [
./hardware.nix
./hibernate-boot.nix
./samba-mount.nix
inputs.stylix.nixosModules.stylix
secrets.default
secrets.nixdesk
core.security
core.users
core.ssh
core.locale
nix.default
programs.zsh
core.tools
core.compat
core.boot
core.docs
core.gvfs
nix.gc
hardware.graphics
hardware.steam-hardware
hardware.bluetooth
hardware.qmk
network.networkd
network.avahi
network.localsend
network.tailscale
network.goldberg
desktop.sway
programs.dconf
programs.fonts
programs.home-manager
# programs.qt
programs.adb
programs.kanidm
programs.openrgb
programs.tools
programs.thunar
programs.corectrl
services.default
services.pipewire
services.flatpak
services.syncthing
services.waydroid
services.virt-manager
services.sunshine
# network.wifi
themes.dark
programs.gamemode
programs.gamescope
programs.steam
programs.RE
{
home-manager = {
backupFileExtension = "hm-backup";
users.xun.imports = [
homeSuites.nixdesk
inputs.sops-nix.homeManagerModules.sops
{home.stateVersion = "23.11";}
];
extraSpecialArgs = specialArgs;
};
}
];
networking.hostName = "nixdesk";
nixpkgs.config = {
rocmSupport = true;
allowUnfreePredicate = pkg:
builtins.elem (lib.getName pkg) [
"steam"
"steam-unwrapped"
"discord"
"obsidian"
"rider"
"android-studio-stable"
];
android_sdk.accept_license = true;
};
networking.interfaces.eno1.wakeOnLan.enable = true;
system.stateVersion = "23.11";
}

88
sys/machines/nixdesk/hardware.nix Normal file
View file

@ -0,0 +1,88 @@
{
inputs,
config,
pkgs,
lib,
...
}: {
imports = [
inputs.hardware.nixosModules.common-cpu-amd
inputs.hardware.nixosModules.common-gpu-amd
inputs.hardware.nixosModules.common-pc-ssd
inputs.hardware.nixosModules.gigabyte-b550
];
boot = {
kernelPackages = pkgs.linuxPackages_latest;
initrd = {
availableKernelModules = [
"nvme"
"xhci_pci"
"ahci"
"usb_storage"
"usbhid"
"sd_mod"
];
kernelModules = ["amdgpu"];
};
kernelModules = ["kvm-amd"];
extraModulePackages = with config.boot.kernelPackages; [
rtl88xxau-aircrack # usb wifi card
];
loader = {
timeout = 10;
systemd-boot = {
enable = true;
consoleMode = "max";
configurationLimit = 120;
editor = false;
};
efi = {
canTouchEfiVariables = true;
efiSysMountPoint = "/boot";
};
};
};
fileSystems = {
"/" = {
device = "/dev/disk/by-uuid/d87276c0-ef9c-422e-b2de-effc1b47c654";
fsType = "btrfs";
options = ["subvol=root" "compress=zstd"];
};
"/home" = {
device = "/dev/disk/by-uuid/d87276c0-ef9c-422e-b2de-effc1b47c654";
fsType = "btrfs";
options = ["subvol=home" "compress=zstd"];
};
"/nix" = {
device = "/dev/disk/by-uuid/d87276c0-ef9c-422e-b2de-effc1b47c654";
fsType = "btrfs";
options = ["subvol=nix" "compress=zstd" "noatime"];
};
"/.swapvol" = {
device = "/dev/disk/by-uuid/d87276c0-ef9c-422e-b2de-effc1b47c654";
fsType = "btrfs";
options = ["subvol=swap" "noatime"];
};
"/boot" = {
device = "/dev/disk/by-uuid/588B-CB97";
fsType = "vfat";
};
};
boot.resumeDevice = "/dev/disk/by-uuid/d87276c0-ef9c-422e-b2de-effc1b47c654";
# btrfs inspect-internal map-swapfile -r /.swapvol/swapfile
boot.kernelParams = ["resume_offset=76293376"];
swapDevices = lib.singleton {
device = "/.swapvol/swapfile";
};
hardware.enableRedistributableFirmware = true;
services.xserver.videoDrivers = ["amdgpu"];
nixpkgs.hostPlatform.system = "x86_64-linux";
hardware.cpu.amd.updateMicrocode = true;
}

28
sys/machines/nixdesk/hibernate-boot.nix Normal file
View file

@ -0,0 +1,28 @@
{pkgs, ...}: {
# hibernate and reboot to firmware
# this allows me to save linux state and boot into another os (such as windows)
# make sure not to mount any filesystems from the other os or you risk losing data
environment.systemPackages = [
(pkgs.writeShellScriptBin "hib-boot" ''
set -e
if [ ! -v 1 ]; then
echo "no argument provided"
echo "please provide the id for the os you want to boot"
echo "these are the valid id's:"
echo ""
${pkgs.efibootmgr}/bin/efibootmgr
exit
fi
if [ ! -w /sys/power/disk -o ! -w /sys/power/state ]; then
echo "you lack permission to write to /sys/power/{disk,state}, are you not running this script as root?"
exit
fi
${pkgs.efibootmgr}/bin/efibootmgr -n "$1" >/dev/null
echo reboot >/sys/power/disk
echo disk >/sys/power/state
'')
];
}

72
sys/machines/nixdesk/samba-mount.nix Normal file
View file

@ -0,0 +1,72 @@
{
config,
pkgs,
...
}: {
environment.systemPackages = [pkgs.cifs-utils];
systemd.mounts = [
{
description = "smb hopper transmission download directory";
what = "//192.168.50.97/transmission"; # hopper local ip
where = "/server/transmission";
type = "cifs";
options = "uid=xun,gid=users,credentials=${config.sops.secrets.samba.path}";
}
{
description = "smb hopper vault";
what = "//192.168.50.97/vault"; # hopper local ip
where = "/server/vault";
type = "cifs";
options = "uid=xun,gid=users,credentials=${config.sops.secrets.samba.path}";
}
{
description = "smb hopper library";
what = "//192.168.50.97/library"; # hopper local ip
where = "/server/library";
type = "cifs";
options = "uid=xun,gid=users,credentials=${config.sops.secrets.samba.path},vers=3.0";
}
{
description = "smb hopper slskd files";
what = "//192.168.50.97/slskd"; # hopper local ip
where = "/server/slskd";
type = "cifs";
options = "uid=xun,gid=users,credentials=${config.sops.secrets.samba.path}";
}
];
systemd.automounts = [
{
requires = ["network-online.target"];
where = "/server/transmission";
wantedBy = ["multi-user.target"];
automountConfig = {
TimeoutIdleSec = "10min";
};
}
{
requires = ["network-online.target"];
where = "/server/vault";
wantedBy = ["multi-user.target"];
automountConfig = {
TimeoutIdleSec = "10min";
};
}
{
requires = ["network-online.target"];
where = "/server/library";
wantedBy = ["multi-user.target"];
automountConfig = {
TimeoutIdleSec = "10min";
};
}
{
requires = ["network-online.target"];
where = "/server/slskd";
wantedBy = ["multi-user.target"];
automountConfig = {
TimeoutIdleSec = "10min";
};
}
];
}

22
sys/profiles/core/boot.nix Normal file
View file

@ -0,0 +1,22 @@
{config, ...}: {
boot = {
initrd = {
systemd.enable = true;
};
consoleLogLevel = 3;
kernelParams = [
"quiet"
"systemd.show_status=auto"
"rd.udev.log_level=3"
];
loader = {
# systemd-boot on UEFI
efi.canTouchEfiVariables = true;
systemd-boot.enable = true;
};
plymouth.enable = true;
};
}

65
sys/profiles/core/compat.nix Normal file
View file

@ -0,0 +1,65 @@
{pkgs, ...}: let
list-of-libraries = with pkgs; [
alsa-lib
at-spi2-atk
at-spi2-core
atk
cairo
cups
curl
dbus
expat
fontconfig
freetype
fuse3
gdk-pixbuf
glib
gtk3
icu
libGL
libappindicator-gtk3
libdrm
libglvnd
libnotify
libpulseaudio
libunwind
libusb1
libuuid
libxkbcommon
libxml2
mesa
nspr
nss
openssl
pango
pipewire
stdenv.cc.cc
systemd
vulkan-loader
xorg.libX11
xorg.libXScrnSaver
xorg.libXcomposite
xorg.libXcursor
xorg.libXdamage
xorg.libXext
xorg.libXfixes
xorg.libXi
xorg.libXrandr
xorg.libXrender
xorg.libXtst
xorg.libxcb
xorg.libxkbfile
xorg.libxshmfence
zlib
];
in {
programs.appimage = {
enable = true;
package = pkgs.appimage-run.override {
extraPkgs = p: list-of-libraries;
};
};
programs.nix-ld.enable = true;
programs.nix-ld.libraries = list-of-libraries;
}

25
sys/profiles/core/deploy.nix Normal file
View file

@ -0,0 +1,25 @@
{
lib,
self,
...
}: {
nix.settings.trusted-users = ["deploy"]; # trust closures created by our user
users.groups.deploy = {};
users.users.deploy = {
isSystemUser = false;
isNormalUser = true; # i want a home directory for some things
useDefaultShell = true;
group = "deploy";
extraGroups = ["wheel"];
hashedPassword = lib.mkForce null;
hashedPasswordFile = lib.mkForce null;
password = lib.mkForce null;
passwordFile = lib.mkForce null;
openssh.authorizedKeys.keyFiles = [
(self + /sshKeys/xun_nixdesk)
];
};
}

11
sys/profiles/core/docs.nix Normal file
View file

@ -0,0 +1,11 @@
{pkgs, ...}: {
documentation = {
dev.enable = true;
# man.generateCaches = true; # this does slow down builds by quite a lot
};
environment.systemPackages = with pkgs; [
linux-manual
man-pages
man-pages-posix
];
}

3
sys/profiles/core/gvfs.nix Normal file
View file

@ -0,0 +1,3 @@
{
services.gvfs.enable = true;
}

11
sys/profiles/core/locale.nix Normal file
View file

@ -0,0 +1,11 @@
{lib, ...}: {
i18n = {
defaultLocale = "en_US.UTF-8";
supportedLocales = [
"en_US.UTF-8/UTF-8"
];
};
services.xserver.xkb.layout = "eu";
time.timeZone = lib.mkDefault "Europe/Berlin";
}

65
sys/profiles/core/security.nix Normal file
View file

@ -0,0 +1,65 @@
# security tweaks borrowed from @hlissner
{
boot.kernel.sysctl = {
# The Magic SysRq key is a key combo that allows users connected to the
# system console of a Linux kernel to perform some low-level commands.
# Disable it, since we don't need it, and is a potential security concern.
"kernel.sysrq" = 0;
## TCP hardening
# Prevent bogus ICMP errors from filling up logs.
"net.ipv4.icmp_ignore_bogus_error_responses" = 1;
# Reverse path filtering causes the kernel to do source validation of
# packets received from all interfaces. This can mitigate IP spoofing.
"net.ipv4.conf.default.rp_filter" = 1;
"net.ipv4.conf.all.rp_filter" = 1;
# Do not accept IP source route packets (we're not a router)
"net.ipv4.conf.all.accept_source_route" = 0;
"net.ipv6.conf.all.accept_source_route" = 0;
# Don't send ICMP redirects (again, we're not a router)
"net.ipv4.conf.all.send_redirects" = 0;
"net.ipv4.conf.default.send_redirects" = 0;
# Refuse ICMP redirects (MITM mitigations)
"net.ipv4.conf.all.accept_redirects" = 0;
"net.ipv4.conf.default.accept_redirects" = 0;
"net.ipv4.conf.all.secure_redirects" = 0;
"net.ipv4.conf.default.secure_redirects" = 0;
"net.ipv6.conf.all.accept_redirects" = 0;
"net.ipv6.conf.default.accept_redirects" = 0;
# Protects against SYN flood attacks
"net.ipv4.tcp_syncookies" = 1;
# Incomplete protection again TIME-WAIT assassination
"net.ipv4.tcp_rfc1337" = 1;
## TCP optimization
# TCP Fast Open is a TCP extension that reduces network latency by packing
# data in the senders initial TCP SYN. Setting 3 = enable TCP Fast Open for
# both incoming and outgoing connections:
"net.ipv4.tcp_fastopen" = 3;
# Bufferbloat mitigations + slight improvement in throughput & latency
"net.ipv4.tcp_congestion_control" = "bbr";
"net.core.default_qdisc" = "cake";
};
boot.kernelModules = ["tcp_bbr"];
# Change me later!
#users.users.root.initialPassword = "nixos";
security = {
# allow wayland lockers to unlock the screen
pam.services.swaylock.text = "auth include login";
# userland niceness
rtkit.enable = true;
# don't ask for password for wheel group
sudo.wheelNeedsPassword = false;
# allow running as any id without them being listed in /etc/passwd
# this might be a security problem but whatever
sudo.extraConfig = ''
Defaults runas_allow_unknown_id
'';
};
}

22
sys/profiles/core/ssh.nix Normal file
View file

@ -0,0 +1,22 @@
{lib, ...}: {
services.openssh = {
enable = lib.mkDefault true;
settings = {
# Use only public keys
PasswordAuthentication = lib.mkForce false;
KbdInteractiveAuthentication = lib.mkForce false;
# root login is never welcome, except for remote builders
PermitRootLogin = lib.mkForce "prohibit-password";
};
startWhenNeeded = lib.mkDefault true;
openFirewall = lib.mkDefault true;
hostKeys = [
{
path = "/etc/ssh/ssh_host_ed25519_key";
type = "ed25519";
}
];
};
}

7
sys/profiles/core/tools.nix Normal file
View file

@ -0,0 +1,7 @@
{pkgs, ...}: {
environment.systemPackages = with pkgs; [
htop
btop
vim
];
}

16
sys/profiles/core/users.nix Normal file
View file

@ -0,0 +1,16 @@
{pkgs, ...}: {
users.users.xun = {
isNormalUser = true;
initialPassword = "nixos";
shell = pkgs.zsh;
extraGroups = [
"wheel"
"input"
"kvm"
"libvirt"
"video"
"render"
"audio"
];
};
}

9
sys/profiles/desktop/sway.nix Normal file
View file

@ -0,0 +1,9 @@
{
programs.sway = {
enable = true;
wrapperFeatures = {
base = true;
gtk = true;
};
};
}

5
sys/profiles/hardware/bluetooth.nix Normal file
View file

@ -0,0 +1,5 @@
{
hardware.bluetooth = {
enable = true;
};
}

6
sys/profiles/hardware/graphics.nix Normal file
View file

@ -0,0 +1,6 @@
{
hardware.graphics = {
enable = true;
enable32Bit = true;
};
}

3
sys/profiles/hardware/qmk.nix Normal file
View file

@ -0,0 +1,3 @@
{
hardware.keyboard.qmk.enable = true;
}

3
sys/profiles/hardware/steam-hardware.nix Normal file
View file

@ -0,0 +1,3 @@
{
hardware.steam-hardware.enable = true;
}

13
sys/profiles/network/avahi.nix Normal file
View file

@ -0,0 +1,13 @@
{
# network discovery, mDNS
services.avahi = {
enable = true;
nssmdns4 = true;
publish = {
enable = true;
domain = true;
userServices = true;
};
openFirewall = true;
};
}

6
sys/profiles/network/goldberg.nix Normal file
View file

@ -0,0 +1,6 @@
{
networking.firewall = {
allowedTCPPorts = [47584];
allowedUDPPorts = [47584];
};
}

8
sys/profiles/network/localsend.nix Normal file
View file

@ -0,0 +1,8 @@
{pkgs, ...}: {
environment.systemPackages = with pkgs; [
localsend
];
networking.firewall.allowedTCPPorts = [53317];
networking.firewall.allowedUDPPorts = [53317];
}

11
sys/profiles/network/networkd.nix Normal file
View file

@ -0,0 +1,11 @@
{
networking.useNetworkd = true;
systemd.network = {
enable = true;
};
services.resolved = {
enable = true;
dnssec = "true";
domains = ["~."];
};
}

7
sys/profiles/network/tailscale.nix Normal file
View file

@ -0,0 +1,7 @@
{
services.tailscale = {
enable = true;
openFirewall = true;
useRoutingFeatures = "client";
};
}

5
sys/profiles/network/wifi.nix Normal file
View file

@ -0,0 +1,5 @@
{
networking.wireless = {
iwd.enable = true;
};
}

34
sys/profiles/nix/default.nix Normal file
View file

@ -0,0 +1,34 @@
{
config,
pkgs,
inputs,
lib,
...
}: {
imports = [
./substituters.nix
];
# git is needed for flakes
environment.systemPackages = [pkgs.git];
nix = {
# pin the registry to avoid downloading and evaling a new nixpkgs version every time
registry = lib.mapAttrs (_: v: {flake = v;}) inputs;
# set the path for channels compat
nixPath = lib.mapAttrsToList (key: _: "${key}=flake:${key}") config.nix.registry;
settings = {
#auto-optimise-store = true;
builders-use-substitutes = true;
experimental-features = ["flakes" "nix-command" "pipe-operators" "no-url-literals"];
# for direnv GC roots
keep-outputs = true;
keep-derivations = true;
trusted-users = ["root" "@wheel"];
};
};
}

7
sys/profiles/nix/gc.nix Normal file
View file

@ -0,0 +1,7 @@
{
nix.gc = {
automatic = true;
options = "--delete-older-than 14d";
};
nix.optimise.automatic = true;
}

14
sys/profiles/nix/substituters.nix Normal file
View file

@ -0,0 +1,14 @@
{
nix.settings = {
substituters = [
# high priority since it's almost always used
"https://cache.nixos.org?priority=10"
"https://nix-community.cachix.org"
];
trusted-public-keys = [
"cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
];
};
}

24
sys/profiles/programs/RE/default.nix Normal file
View file

@ -0,0 +1,24 @@
# patchelf --replace-needed libbinaryninjacore.so.1 ${symlinkJoin} $out/opt/binaryninja
{
pkgs,
self,
...
}: {
environment.systemPackages = with pkgs; [
(ghidra.withExtensions (ps:
with ps; [
gnudisassembler
machinelearning
]))
self.packages.${pkgs.system}.binaryninja-personal
self.packages.${pkgs.system}.ida-pro
# (pkgs.callPackage ./il2cppdumper {})
# (pkgs.callPackage ./ilspy {})
gdb
];
networking.hosts = {
"0.0.0.0" = ["master.binary.ninja"]; # idk my binary ninja crack [AMPED] told me to
};
}

33
sys/profiles/programs/RE/il2cppdumper/default.nix Normal file
View file

@ -0,0 +1,33 @@
{
buildDotnetModule,
dotnetCorePackages,
fetchFromGitHub,
}:
buildDotnetModule rec {
pname = "il2cppdumper";
version = "6.7.46";
src = fetchFromGitHub {
owner = "Perfare";
repo = pname;
rev = "v${version}";
sha256 = "sha256-pMxxwBpuZ2EuP7O99XTJcnS3Dq8MdxvUGQHJ0U3bnTY=";
};
projectFile = "Il2CppDumper/Il2CppDumper.csproj";
nugetDeps = ./deps.nix;
dotnet-sdk = with dotnetCorePackages; combinePackages [sdk_7_0 sdk_6_0];
dotnet-runtime = dotnetCorePackages.runtime_7_0;
dotnetBuildFlags = [
"-f"
"net7.0"
];
dotnetInstallFlags = dotnetBuildFlags;
executables = [
"Il2CppDumper"
];
}

22
sys/profiles/programs/RE/il2cppdumper/deps.nix Normal file
View file

@ -0,0 +1,22 @@
{fetchNuGet}: [
(fetchNuGet {
pname = "Microsoft.AspNetCore.App.Ref";
version = "6.0.31";
sha256 = "0hki4z9x60vzcg53s8cxnig4g1xnpqcj629r2cg5q1xw0sknfp5d";
})
(fetchNuGet {
pname = "Microsoft.NETCore.App.Host.linux-x64";
version = "6.0.31";
sha256 = "10s0p30qzfn9zibp1ldnqar87hqs47ni3rwqpvwx4jn3589cl9sn";
})
(fetchNuGet {
pname = "Microsoft.NETCore.App.Ref";
version = "6.0.31";
sha256 = "19a4ainxj8jxij7ckglbmlnvrjxp72xfgx0r6lbglzh9dhsakwm7";
})
(fetchNuGet {
pname = "Mono.Cecil";
version = "0.11.4";
sha256 = "1yxa7mh432s7g7p9r7scqxvxjk5ypwc567qdbf0gmk8fbf0d3f8y";
})
]

27
sys/profiles/programs/RE/ilspy/default.nix Normal file
View file

@ -0,0 +1,27 @@
{
buildDotnetModule,
dotnetCorePackages,
fetchFromGitHub,
powershell,
}:
buildDotnetModule rec {
pname = "ilspy";
version = "9.0-preview2";
src = fetchFromGitHub {
owner = "icsharpcode";
repo = "ILSpy";
rev = "v${version}";
sha256 = "sha256-JaFyKq5ZyHLvodY2/Ybwb/FmDeWQ5BawmA1ss+Qry20=";
};
buildInputs = [
powershell
];
projectFile = "ICSharpCode.ILSpyCmd/ICSharpCode.ILSpyCmd.csproj";
dotnet-sdk = dotnetCorePackages.sdk_8_0;
dotnet-runtime = dotnetCorePackages.runtime_8_0;
nugetDeps = ./deps.nix;
}

374
sys/profiles/programs/RE/ilspy/deps.nix Normal file
View file

@ -0,0 +1,374 @@
# This file was automatically generated by passthru.fetch-deps.
# Please dont edit it manually, your changes might get overwritten!
{fetchNuGet}: [
(fetchNuGet {
pname = "K4os.Compression.LZ4";
version = "1.3.8";
sha256 = "0813zra3gp35z9nwzqps534v2b34d8hsmmxy1hcrkamq0ckzfr1s";
})
(fetchNuGet {
pname = "McMaster.Extensions.CommandLineUtils";
version = "4.1.1";
sha256 = "0jp4q30lfh42y3h8057y2icllnil7cbigkry4l514wbayj8jwp9b";
})
(fetchNuGet {
pname = "McMaster.Extensions.Hosting.CommandLine";
version = "4.1.1";
sha256 = "0w18sn248pga1g83z5qakdfvzp8729h9da01kd14xg5l115jngj3";
})
(fetchNuGet {
pname = "Microsoft.Build.Tasks.Git";
version = "8.0.0";
sha256 = "0055f69q3hbagqp8gl3nk0vfn4qyqyxsxyy7pd0g7wm3z28byzmx";
})
(fetchNuGet {
pname = "Microsoft.Extensions.Configuration";
version = "8.0.0";
sha256 = "080kab87qgq2kh0ijry5kfdiq9afyzb8s0k3jqi5zbbi540yq4zl";
})
(fetchNuGet {
pname = "Microsoft.Extensions.Configuration.Abstractions";
version = "6.0.0";
sha256 = "0w6wwxv12nbc3sghvr68847wc9skkdgsicrz3fx4chgng1i3xy0j";
})
(fetchNuGet {
pname = "Microsoft.Extensions.Configuration.Abstractions";
version = "8.0.0";
sha256 = "1jlpa4ggl1gr5fs7fdcw04li3y3iy05w3klr9lrrlc7v8w76kq71";
})
(fetchNuGet {
pname = "Microsoft.Extensions.Configuration.Binder";
version = "8.0.0";
sha256 = "1m0gawiz8f5hc3li9vd5psddlygwgkiw13d7div87kmkf4idza8r";
})
(fetchNuGet {
pname = "Microsoft.Extensions.Configuration.CommandLine";
version = "8.0.0";
sha256 = "026f7f2iv6ph2dc5rnslll0bly8qcx5clmh2nn9hgyqjizzc4qvy";
})
(fetchNuGet {
pname = "Microsoft.Extensions.Configuration.EnvironmentVariables";
version = "8.0.0";
sha256 = "13qb8wz3k59ihq0mjcqz1kwrpyzxn5da4dhk2pvcgc42z9kcbf7r";
})
(fetchNuGet {
pname = "Microsoft.Extensions.Configuration.FileExtensions";
version = "8.0.0";
sha256 = "1jrmlfzy4h32nzf1nm5q8bhkpx958b0ww9qx1k1zm4pyaf6mqb04";
})
(fetchNuGet {
pname = "Microsoft.Extensions.Configuration.Json";
version = "8.0.0";
sha256 = "1n3ss26v1lq6b69fxk1vz3kqv9ppxq8ypgdqpd7415xrq66y4bqn";
})
(fetchNuGet {
pname = "Microsoft.Extensions.Configuration.UserSecrets";
version = "8.0.0";
sha256 = "1br01zhzhnxjzqx63bxd25x48y9xs69hcs71pjni8y9kl50zja7z";
})
(fetchNuGet {
pname = "Microsoft.Extensions.DependencyInjection";
version = "8.0.0";
sha256 = "0i7qziz0iqmbk8zzln7kx9vd0lbx1x3va0yi3j1bgkjir13h78ps";
})
(fetchNuGet {
pname = "Microsoft.Extensions.DependencyInjection.Abstractions";
version = "6.0.0";
sha256 = "1vi67fw7q99gj7jd64gnnfr4d2c0ijpva7g9prps48ja6g91x6a9";
})
(fetchNuGet {
pname = "Microsoft.Extensions.DependencyInjection.Abstractions";
version = "8.0.0";
sha256 = "1zw0bpp5742jzx03wvqc8csnvsbgdqi0ls9jfc5i2vd3cl8b74pg";
})
(fetchNuGet {
pname = "Microsoft.Extensions.Diagnostics";
version = "8.0.0";
sha256 = "0ghwkld91k20hcbmzg2137w81mzzdh8hfaapdwckhza0vipya4kw";
})
(fetchNuGet {
pname = "Microsoft.Extensions.Diagnostics.Abstractions";
version = "8.0.0";
sha256 = "15m4j6w9n8h0mj7hlfzb83hd3wn7aq1s7fxbicm16slsjfwzj82i";
})
(fetchNuGet {
pname = "Microsoft.Extensions.FileProviders.Abstractions";
version = "6.0.0";
sha256 = "1fbqmfapxdz77drcv1ndyj2ybvd2rv4c9i9pgiykcpl4fa6dc65q";
})
(fetchNuGet {
pname = "Microsoft.Extensions.FileProviders.Abstractions";
version = "8.0.0";
sha256 = "1idq65fxwcn882c06yci7nscy9i0rgw6mqjrl7362prvvsd9f15r";
})
(fetchNuGet {
pname = "Microsoft.Extensions.FileProviders.Physical";
version = "8.0.0";
sha256 = "05wxjvjbx79ir7vfkri6b28k8zl8fa6bbr0i7gahqrim2ijvkp6v";
})
(fetchNuGet {
pname = "Microsoft.Extensions.FileSystemGlobbing";
version = "8.0.0";
sha256 = "1igf2bqism22fxv7km5yv028r4rg12a4lki2jh4xg3brjkagiv7q";
})
(fetchNuGet {
pname = "Microsoft.Extensions.Hosting";
version = "8.0.0";
sha256 = "1f2af5m1yny8b43251gsj75hjd9ixni1clcldy8cg91z1vxxm8dh";
})
(fetchNuGet {
pname = "Microsoft.Extensions.Hosting.Abstractions";
version = "6.0.0";
sha256 = "1mwjx6li4a82nb589763whpnhf5hfy1bpv1dzqqvczb1lhxhzhlj";
})
(fetchNuGet {
pname = "Microsoft.Extensions.Hosting.Abstractions";
version = "8.0.0";
sha256 = "00d5dwmzw76iy8z40ly01hy9gly49a7rpf7k7m99vrid1kxp346h";
})
(fetchNuGet {
pname = "Microsoft.Extensions.Logging";
version = "8.0.0";
sha256 = "0nppj34nmq25gnrg0wh1q22y4wdqbih4ax493f226azv8mkp9s1i";
})
(fetchNuGet {
pname = "Microsoft.Extensions.Logging.Abstractions";
version = "6.0.0";
sha256 = "0b75fmins171zi6bfdcq1kcvyrirs8n91mknjnxy4c3ygi1rrnj0";
})
(fetchNuGet {
pname = "Microsoft.Extensions.Logging.Abstractions";
version = "8.0.0";
sha256 = "1klcqhg3hk55hb6vmjiq2wgqidsl81aldw0li2z98lrwx26msrr6";
})
(fetchNuGet {
pname = "Microsoft.Extensions.Logging.Configuration";
version = "8.0.0";
sha256 = "1d9b734vnll935661wqkgl7ry60rlh5p876l2bsa930mvfsaqfcv";
})
(fetchNuGet {
pname = "Microsoft.Extensions.Logging.Console";
version = "8.0.0";
sha256 = "1mvp3ipw7k33v2qw2yrvc4vl5yzgpk3yxa94gg0gz7wmcmhzvmkd";
})
(fetchNuGet {
pname = "Microsoft.Extensions.Logging.Debug";
version = "8.0.0";
sha256 = "1h7mg97lj0ss47kq7zwnihh9c6xcrkwrr8ffhc16qcsrh36sg6q0";
})
(fetchNuGet {
pname = "Microsoft.Extensions.Logging.EventLog";
version = "8.0.0";
sha256 = "05vfrxw7mlwlwhsl6r4yrhxk3sd8dv5sl0hdlcpgw62n53incw5x";
})
(fetchNuGet {
pname = "Microsoft.Extensions.Logging.EventSource";
version = "8.0.0";
sha256 = "0gbjll6p03rmw0cf8fp0p8cxzn9awmzv8hvnyqbczrkax5h7p94i";
})
(fetchNuGet {
pname = "Microsoft.Extensions.Options";
version = "8.0.0";
sha256 = "0p50qn6zhinzyhq9sy5svnmqqwhw2jajs2pbjh9sah504wjvhscz";
})
(fetchNuGet {
pname = "Microsoft.Extensions.Options.ConfigurationExtensions";
version = "8.0.0";
sha256 = "04nm8v5a3zp0ill7hjnwnja3s2676b4wffdri8hdk2341p7mp403";
})
(fetchNuGet {
pname = "Microsoft.Extensions.Primitives";
version = "6.0.0";
sha256 = "1kjiw6s4yfz9gm7mx3wkhp06ghnbs95icj9hi505shz9rjrg42q2";
})
(fetchNuGet {
pname = "Microsoft.Extensions.Primitives";
version = "8.0.0";
sha256 = "0aldaz5aapngchgdr7dax9jw5wy7k7hmjgjpfgfv1wfif27jlkqm";
})
(fetchNuGet {
pname = "Microsoft.NETCore.App.Ref";
version = "8.0.0";
sha256 = "0hyvbh86433764qqqhw9i7ga0ax7bbdmzh77jw58pq0ggm41cff9";
})
(fetchNuGet {
pname = "Microsoft.NETCore.Platforms";
version = "1.1.0";
sha256 = "08vh1r12g6ykjygq5d3vq09zylgb84l63k49jc4v8faw9g93iqqm";
})
(fetchNuGet {
pname = "Microsoft.SourceLink.Common";
version = "8.0.0";
sha256 = "0xrr8yd34ij7dqnyddkp2awfmf9qn3c89xmw2f3npaa4wnajmx81";
})
(fetchNuGet {
pname = "Microsoft.SourceLink.GitHub";
version = "8.0.0";
sha256 = "1gdx7n45wwia3yvang3ls92sk3wrymqcx9p349j8wba2lyjf9m44";
})
(fetchNuGet {
pname = "Mono.Cecil";
version = "0.11.5";
sha256 = "1l388sy7ibsq4b2pj08g3di0g8yppq47chd7ip10kwml6mpp1wcw";
})
(fetchNuGet {
pname = "NETStandard.Library";
version = "2.0.3";
sha256 = "1fn9fxppfcg4jgypp2pmrpr6awl3qz1xmnri0cygpkwvyx27df1y";
})
(fetchNuGet {
pname = "Newtonsoft.Json";
version = "13.0.3";
sha256 = "0xrwysmrn4midrjal8g2hr1bbg38iyisl0svamb11arqws4w2bw7";
})
(fetchNuGet {
pname = "NuGet.Common";
version = "6.10.0";
sha256 = "0nizrnilmlcqbm945293h8q3wfqfchb4xi8g50x4kjn0rbpd1kbh";
})
(fetchNuGet {
pname = "NuGet.Configuration";
version = "6.10.0";
sha256 = "1aqaknaawnqx4mnvx9qw73wvj48jjzv0d78dzwl7m9zjlrl9myhz";
})
(fetchNuGet {
pname = "NuGet.Frameworks";
version = "6.10.0";
sha256 = "0hrd8y31zx9a0wps49czw0qgbrakb49zn3abfgylc9xrq990zkqk";
})
(fetchNuGet {
pname = "NuGet.Packaging";
version = "6.10.0";
sha256 = "18s53cvrf51lihmaqqdf48p2qi6ky1l48jv0hvbp76cxwdg7rba4";
})
(fetchNuGet {
pname = "NuGet.Protocol";
version = "6.10.0";
sha256 = "0hmv4q0ks9i34mfgpb13l01la9v3jjllfh1qd3aqv105xrqrdxac";
})
(fetchNuGet {
pname = "NuGet.Versioning";
version = "6.10.0";
sha256 = "1x19njx4x0sw9fz8y5fibi15xfsrw5avir0cx0599yd7p3ykik5g";
})
(fetchNuGet {
pname = "System.Buffers";
version = "4.5.1";
sha256 = "04kb1mdrlcixj9zh1xdi5as0k0qi8byr5mi3p3jcxx72qz93s2y3";
})
(fetchNuGet {
pname = "System.Collections.Immutable";
version = "6.0.0";
sha256 = "1js98kmjn47ivcvkjqdmyipzknb9xbndssczm8gq224pbaj1p88c";
})
(fetchNuGet {
pname = "System.Collections.Immutable";
version = "8.0.0";
sha256 = "0z53a42zjd59zdkszcm7pvij4ri5xbb8jly9hzaad9khlf69bcqp";
})
(fetchNuGet {
pname = "System.ComponentModel.Annotations";
version = "5.0.0";
sha256 = "021h7x98lblq9avm1bgpa4i31c2kgsa7zn4sqhxf39g087ar756j";
})
(fetchNuGet {
pname = "System.ComponentModel.Composition";
version = "8.0.0";
sha256 = "02hmqwrdvqzq4ka4kpf88i7n3qp6lw1xwp7424kg08pa9y69swij";
})
(fetchNuGet {
pname = "System.Composition";
version = "8.0.0";
sha256 = "0y7rp5qwwvh430nr0r15zljw01gny8yvr0gg6w5cmsk3q7q7a3dc";
})
(fetchNuGet {
pname = "System.Composition.AttributedModel";
version = "8.0.0";
sha256 = "16j61piz1jf8hbh14i1i4m2r9vw79gdqhjr4f4i588h52249fxlz";
})
(fetchNuGet {
pname = "System.Composition.Convention";
version = "8.0.0";
sha256 = "10fwp7692a6yyw1p8b923k061zh95a6xs3vzfdmdv5pmf41cxlb7";
})
(fetchNuGet {
pname = "System.Composition.Hosting";
version = "8.0.0";
sha256 = "1gbfimhxx6v6073pblv4rl5shz3kgx8lvfif5db26ak8pl5qj4kb";
})
(fetchNuGet {
pname = "System.Composition.Runtime";
version = "8.0.0";
sha256 = "0snljpgfmg0wlkwilkvn9qjjghq1pjdfgdpnwhvl2qw6vzdij703";
})
(fetchNuGet {
pname = "System.Composition.TypedParts";
version = "8.0.0";
sha256 = "0skwla26d8clfz3alr8m42qbzsrbi7dhg74z6ha832b6730mm4pr";
})
(fetchNuGet {
pname = "System.Diagnostics.DiagnosticSource";
version = "8.0.0";
sha256 = "0nzra1i0mljvmnj1qqqg37xs7bl71fnpl68nwmdajchh65l878zr";
})
(fetchNuGet {
pname = "System.Diagnostics.EventLog";
version = "8.0.0";
sha256 = "1xnvcidh2qf6k7w8ij1rvj0viqkq84cq47biw0c98xhxg5rk3pxf";
})
(fetchNuGet {
pname = "System.Formats.Asn1";
version = "6.0.0";
sha256 = "1vvr7hs4qzjqb37r0w1mxq7xql2b17la63jwvmgv65s1hj00g8r9";
})
(fetchNuGet {
pname = "System.Memory";
version = "4.5.4";
sha256 = "14gbbs22mcxwggn0fcfs1b062521azb9fbb7c113x0mq6dzq9h6y";
})
(fetchNuGet {
pname = "System.Numerics.Vectors";
version = "4.4.0";
sha256 = "0rdvma399070b0i46c4qq1h2yvjj3k013sqzkilz4bz5cwmx1rba";
})
(fetchNuGet {
pname = "System.Reflection.Metadata";
version = "6.0.0";
sha256 = "1x0b289r9yjzdqypi2x3dc8sa66s3b6bpc7l2f8hxrzl6czdg4al";
})
(fetchNuGet {
pname = "System.Reflection.Metadata";
version = "8.0.0";
sha256 = "10a8vm0c3n5cili5nix6bdmiaxr69qisvk356pb81f2s8bgq40bm";
})
(fetchNuGet {
pname = "System.Runtime.CompilerServices.Unsafe";
version = "6.0.0";
sha256 = "0qm741kh4rh57wky16sq4m0v05fxmkjjr87krycf5vp9f0zbahbc";
})
(fetchNuGet {
pname = "System.Security.Cryptography.Pkcs";
version = "6.0.4";
sha256 = "0hh5h38pnxmlrnvs72f2hzzpz4b2caiiv6xf8y7fzdg84r3imvfr";
})
(fetchNuGet {
pname = "System.Security.Cryptography.ProtectedData";
version = "4.4.0";
sha256 = "1q8ljvqhasyynp94a1d7jknk946m20lkwy2c3wa8zw2pc517fbj6";
})
(fetchNuGet {
pname = "System.Text.Encodings.Web";
version = "8.0.0";
sha256 = "1wbypkx0m8dgpsaqgyywz4z760xblnwalb241d5qv9kx8m128i11";
})
(fetchNuGet {
pname = "System.Text.Json";
version = "8.0.0";
sha256 = "134savxw0sq7s448jnzw17bxcijsi1v38mirpbb6zfxmqlf04msw";
})
(fetchNuGet {
pname = "TunnelVisionLabs.ReferenceAssemblyAnnotator";
version = "1.0.0-alpha.160";
sha256 = "1wvfa3098a984kydjgjvx43gncnr89fw20if2gqvz8kqn9pxqjbq";
})
]

3
sys/profiles/programs/adb.nix Normal file
View file

@ -0,0 +1,3 @@
{
programs.adb.enable = true;
}

4
sys/profiles/programs/corectrl.nix Normal file
View file

@ -0,0 +1,4 @@
{
programs.corectrl.enable = true;
users.users.xun.extraGroups = ["corectrl"];
}

6
sys/profiles/programs/dconf.nix Normal file
View file

@ -0,0 +1,6 @@
{
programs = {
# make HM-managed GTK stuff work
dconf.enable = true;
};
}

39
sys/profiles/programs/fonts.nix Normal file
View file

@ -0,0 +1,39 @@
{
pkgs,
self,
...
}: {
fonts = {
packages = with pkgs; [
powerline-fonts
dejavu_fonts
font-awesome
noto-fonts
noto-fonts-emoji
source-code-pro
iosevka
nerd-fonts.symbols-only
nerd-fonts.sauce-code-pro
nerd-fonts.jetbrains-mono
nerd-fonts.iosevka-term
nerd-fonts.iosevka
nerd-fonts.inconsolata
nerd-fonts.fira-code
nerd-fonts.dejavu-sans-mono
nerd-fonts.blex-mono
nerd-fonts._0xproto
self.packages.${pkgs.system}.cartograph-cf
];
# causes more issues than it solves
enableDefaultPackages = false;
# user defined fonts
fontconfig.defaultFonts = {
monospace = ["DejaVu Sans Mono for Powerline"];
sansSerif = ["DejaVu Sans"];
};
};
}

5
sys/profiles/programs/gamemode.nix Normal file
View file

@ -0,0 +1,5 @@
{
programs.gamemode = {
enable = true;
};
}

6
sys/profiles/programs/gamescope.nix Normal file
View file

@ -0,0 +1,6 @@
{
programs.gamescope = {
enable = true;
capSysNice = false; # breaks in steam & heroic
};
}

9
sys/profiles/programs/home-manager.nix Normal file
View file

@ -0,0 +1,9 @@
{inputs, ...}: {
imports = [
inputs.home-manager.nixosModules.default
];
home-manager = {
useGlobalPkgs = true;
useUserPackages = true;
};
}

7
sys/profiles/programs/kanidm.nix Normal file
View file

@ -0,0 +1,7 @@
{pkgs, ...}: {
services.kanidm = {
enableClient = true;
package = pkgs.kanidm_1_4;
clientSettings.uri = "https://kanidm.xunuwu.xyz";
};
}

3
sys/profiles/programs/openrgb.nix Normal file
View file

@ -0,0 +1,3 @@
{
services.hardware.openrgb.enable = true;
}

7
sys/profiles/programs/qt.nix Normal file
View file

@ -0,0 +1,7 @@
{
qt = {
enable = true;
platformTheme = "gtk2";
style = "gtk2";
};
}

23
sys/profiles/programs/steam.nix Normal file
View file

@ -0,0 +1,23 @@
{pkgs, ...}: {
programs.steam = {
enable = true;
remotePlay.openFirewall = true;
localNetworkGameTransfers.openFirewall = true;
extraCompatPackages = with pkgs; [
proton-ge-bin
];
## Fixes gamescope (NOTE: no clue what this means)
extraPackages = with pkgs; [
xorg.libXcursor
xorg.libXi
xorg.libXinerama
xorg.libXScrnSaver
libpng
libpulseaudio
libvorbis
stdenv.cc.cc.lib
libkrb5
keyutils
];
};
}

9
sys/profiles/programs/thunar.nix Normal file
View file

@ -0,0 +1,9 @@
{pkgs, ...}: {
services.tumbler.enable = true; # image thumbnails
programs.thunar = {
enable = true;
plugins = with pkgs.xfce; [
thunar-archive-plugin
];
};
}

24
sys/profiles/programs/tools.nix Normal file
View file

@ -0,0 +1,24 @@
{pkgs, ...}: {
environment.systemPackages = with pkgs; [
vim
htop
btop
wget
ripgrep
nethogs
ffmpeg-full
parted
busybox
file
lm_sensors
fd # find replacement
graphviz-nox
p7zip
unar
jq
openssl # for generating passwords
yt-dlp
inotify-tools
dig
];
}

20
sys/profiles/programs/zsh.nix Normal file
View file

@ -0,0 +1,20 @@
{
# enable zsh autocompletion for system packages (systemd, etc)
environment.pathsToLink = ["/share/zsh"];
programs = {
less = {
enable = true;
envVariables.LESS = "--mouse";
};
zsh = {
enable = true;
autosuggestions.enable = true;
syntaxHighlighting = {
enable = true;
highlighters = ["main" "brackets" "pattern"];
};
};
};
}

6
sys/profiles/secrets/default.nix Normal file
View file

@ -0,0 +1,6 @@
{inputs, ...}: {
imports = [
inputs.sops-nix.nixosModules.sops
./global
];
}

8
sys/profiles/secrets/global/default.nix Normal file
View file

@ -0,0 +1,8 @@
{
sops.secrets = {
tailscale-auth = {
key = "tailscale-auth";
sopsFile = ./tailscale-auth.yaml;
};
};
}

39
sys/profiles/secrets/global/tailscale-auth.yaml Normal file
View file

@ -0,0 +1,39 @@
tailscale-auth: ENC[AES256_GCM,data:8+XTTS0YoJpQPYMhES6YTWGehQH992cfIjFed+kl2sXZ551PyvaA4Y0/7CuNM9udJe2ba2yte3DkN+AILWk=,iv:EK6ifjTYD4Y5zEjfty0eJyfDaQO8ooOHXdCcEAF3W0w=,tag:wfbrkPqHFk8dJaDkNeaChg==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age17pdqkpfh6kc6wm7gxzdnwf6vphlwddv9yfpdu3j76e24y3amd9tq3avfc8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBHNjdjOTlnamxOZkhtUlRF
VTdpVVZYS3ptVEJ6cDJZSytCblhFRW1ITlZVCnVObmZHVW5mckpVSFZ2ZStsdVBU
SDZqME9odzRyK2R3SHNDR3g1MzNtT28KLS0tIDJCQ3V2eEtIU0g5NHE1R0lHVXRt
Y3VIZkh6V0JYQXlXaW9TMldNYVNUZTgKZxeO1era8Ozf8EOgBOUScBn3wPAjYSeW
BhO/LDqyb2edMLI/vDu3KeCkd8VOlGJTgk4E3jaqQ8PCYTQj50OWqQ==
-----END AGE ENCRYPTED FILE-----
- recipient: age155sscpw0x36t6s9usdrz7relpxqrtqnk98mrc7s0qcv2n0v3zd7sfl2xn8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBzdkt3eFBVQTY4eGR4QXhr
WnJ1eTQwZmhZdjR6Q1NSQk9mRE51VG0zODJFCkg4TjBBaXd5bmNUOUNwSVNwYTdM
cXV5WDB5L3pWWE96MHJicjE1MXorcmMKLS0tIFVZUmlSRTV5TFk0Z0QyKzhTSlJU
MmZrRWF5TDlFMWZZZDlvZFdnMDFMOGcKUVhuMvgB3ssoRuZ6yOkfLHKLR2Z1X7Bq
cIiet0ypbAKt1sYpPl5L+xs5m3vnuNZQnUvv8gdW7VlepVmLR0IFEQ==
-----END AGE ENCRYPTED FILE-----
- recipient: age15mgf89h220puhz48rjpwxwu4n2h4edur60w6cd8gku2hh4e5kqpsghvnyw
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBiR0doT0kxRXlwa2taY25P
WVJxZ3E0R1IwbWJVOG5OSlRtTDVqZ0R3dlhjCjFsN1NUc2hqYWlSTGJ4RGp1Y21F
djFkNzNzM0ZzMmhtd291OWtSWEZWWjgKLS0tIFJ2VnlCeHZibDUwYk05QzBYdkR3
eVpKdlRpSnprclN4Wm4wVHpjYzVnSEUK49UF2IeDXzF9PiISIo0QjltkoFIa6Y8D
w2DJIys0Pfw5kGrVTLAgHMOMYmss4EdD4mwY+DQYWHqxTX0P2TKM9w==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-10-17T00:06:06Z"
mac: ENC[AES256_GCM,data:EWKH7alUhTJWmHd1Y/hrtN7N2rc9DnIUxRghgGL6YwXz4kk1VoTlzEACw9NTv0qrQSfTVbFmD5f24vvdlrn7/SERmacv3GOe1/OM6kC11MTgO8rUCCwUGa+c5ublke7DQW/wQR7ay9a4pHRHf1DVBB3PrO7+A34CYWGP6gt0jcM=,iv:YzccaJSS14OPqEUftQUOhnFnF0vUNAtRvdCaDuZFoMM=,tag:R/fKcXST7LbzTahXD4uO6Q==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.1

34
sys/profiles/secrets/hopper/authelia.yaml Normal file
View file

@ -0,0 +1,34 @@
jwt_secret: ENC[AES256_GCM,data:O0LXijtmUCoBKiQgptto6/dhcCRgP9EAXPhnmb0Dw4Gk/8irELo413FPlnc9EPyFvQTelNgJWZEUsgPUxN5uVjVTr/819hyNX37+sTr0COD9VXUprvkYOGHQ/7UmjK5UZPcgIzEPWwmU4xmsbh4dIgrKT55JCniBVQevvwGYq28=,iv:Fx5oSFiiZt6jKnApvahK92n/lATcJ7IBH7e5TdQCMRY=,tag:kaaV+2WLH22eZXx9WyHrTA==,type:str]
session_secret: ENC[AES256_GCM,data:lFkt5MasAri5ddS2JU9sNLTgHSSAelmvshX7jk5LEhWLcfTryoCdMHSiaqJpAY5NC0DgLPslyAyLtUgrAxTZqL/qHmSw4Q9XfxoWGk1IM4NERb0myOOTgmhcT4ImUEIROZHXNpgEUQ9c1stasix5uu5c1swUieZrDI7j79Xn5DWufzHc+SxaQwIggsLGpOazJO/UmBdGiX/uju2D/arp1okMClk8DcLWZtLdEs4V1Cqz5Yv21aeK/47DKy4rClqDB+8NNXk5ayA5wXa0DrvW7H+a+/ra6TRMcevMZBsjbvbRc2P654mpDt5XB3DMyoucYOHzUasymlYUMmUUtYFRhNaLWfgifAQJG8N+z1COe/DjWzhUOKfKNZQM7S0h61nh5RwLGh+PHMae0G7fLNTcNS7r8BxiIIF4wXJRmtxfnNY4GrQAtfatrHi6lbnrBzA7SsjaheK27/DVXZdUhkc6xxeIA3n+G9e4FSDC8aP6gKHPO8nDBzIEw21E0UtuNO7QYqw3NFwNX30ys+dw89S6RyZzJd9CHodYzmGHB9jlXJnu9aOsqmEUOuWD8Wwez9ogUQY5Uls/MbyXzX5dIEHeofPxzzQYepvMRmlNNyrWjQYmFqw8TblM1S8/dnI0FzmescPIKSdA/H5oEo8X9InpHbuEd2hOR0mQdDXoKFBw+ig=,iv:5yM3rohayzhGN1k8Njm/r8lggfaQDIeLNoVC3Vkc95s=,tag:JOH6xBEPFCYMHLSCNgFW9g==,type:str]
encryption_key: ENC[AES256_GCM,data:VBPBoNaL5l3/MWNW/97m0RXX7dANgHEgoIU4+S3Z7gMtZjFqscfN612CkWM5t4h6Ojej/J8WuslnoDgEK14Efr3byvnVOayFHUxb8U8Y1sGQ7DqW28v+3QXttd2agrVATGoiErVUVH5lUqmtIRzugQuWi707fq8A9D3OU/L26+O+/sBJjfvj+es9Vyq120ri1njtZvQzVDUoKjyTQOiPCOsyEX2C6rws1BT9UQr7EY73e5xEpiBczwq+A9eRVH77/Hqr8t0otbcxPn9rubUFPy9bOxTnqG/eXmm2vtPQXGRdQ3fUzvQgBSxjxkssoWK/MRaXaL6Xs37mfiUc/7KX3Ua49G53jC18HfFmfklnP9xmtORFk/zWTj4+eB3QKt9/mtg6E8iZUlI16S/PYyuB6d37Oy0iuAHatwDqJBSZdnPl/ZXW8NuaZCKGLFMojqBXPxOTxZ/88KJcEI2MEuueBsS62L9Gb7g0jSjsNfTEmA5lCGHQ4rbeG/SahrbAzPKMWTTIgV5va9XY1e1amweTGSjed5nk+XB9ih6Z0MZ+da4RghjnHexOBqEewhDICUHd4Xyfyl3SqJKpBtGOCBW5tfkjy2kIWVL5KB4cB1FhHq9fvATDcG4qCV5ptZPgnGbqsme970UHO7CNTAso1ju8Nk9GT/46y/4oPCxU6DS9gy2oN0hxbut4mpJ+RyGEthtpQ+caSPsjsTx5yx33LUCqw19H1mRqzZo23tSzAcGvLZiHt3c3/S1QRNGOIqJmTz2Q41JOVBjqPF4W/ZgfZgax+vASRDMre7S6TlSMfUGU1i99vzFkELmfDiXVTpbj+Jq0/kIxdaf6RkfvvqA20CfNysSsD7RoLqy7CyTilwjJVHliGqR7T8RG4aJJVZdBBPsXkkPa5281pUO0lX/v48gw/UOqcswcSf0uV9MRidR/Rmb/u6PBNuIRjjUl0U94ZtiO8925gSLFGwFhrrz3NsjkCOzUIyDObh6EImNbzsjWBmiCTetr2huYhK4JkW/BarC75zfhsEFiU9Sv0PKcymgGZ4gm0aFcIyWyyim3YxGI80otIZLu1oGid7YX6ddzWZPrTq8bK9GmxsiNLtfPCahA5EDYKDXoIHcc+eWjzJijoTNaGCAElNK2/kY3cO9zpviib36eYO1C6X5VYrMivTTdvsm935PNmESG1CYaDiAekpvZTDBsCJYm7RCBAPoAfR8IOeZdZah73QAplpQlTo+lxbb/M/SuPO2JMWFpn5aWSgHKj0X0mqtQ8q78KJ7cUtYJV1BkWLnAEmeudq4NqB02PkortEkJb9Jjgj7+iZNbuJxvrdhEixsOAwOw9UbFOIO3q7mV9D39r+PhQ1JNqP7HJA==,iv:fArn1NcxTjBUrWfYYGoeWh7P8rdDhK9zHdrtRrvVxzA=,tag:sGsAX8qOWK4qBIZh8LZj8w==,type:str]
storage_password: ENC[AES256_GCM,data:XH5szvA2s6WpBWauGjJCB0KHGti947/3Y/xGOCAvpc52JEaIrGP9/29ETw2omVVxvhlrg15vsca760Spa2VkpyO4pZOC1vUEmK00uAsNSwDzE5Xt9QGa3res1MthD5lKxRk+2IZBpMnoZYkX3Q11kvSpbyYwOpdFpK5ZU3M962yGs9JKGuDTofzT41Pz08fVXgVs2gGiYTjY+1k4OUzHPqBDRd4fRvlMxepKUJ5hIJlLFq5ncIyXYeDCbv+TDoX/Nw/SBl5cysQxjEnFSKF0ZegKt8u1TTjYL5Ag5378up9xwYtaBGHde1H3Mwq37cLUXOessPo0ftTuhZfa/Vz6mLace/QZoNCz/fnQSO56bIps0+RLqakrctajditJWX6yq3Y3tA1x7FqI+r83jriv334UToDE/LupUlTLax24cy/w34KW1l6sNkjqUwT8UPf3CcYIVSqhmNBMa71EQJFelXGQJyLfCsepe5IlNqFfXiY8Ywe/ncnx0sPCTQG43gN5PcUwNV15/EzOIyg4xp0CtgRBK/dnlVlQ019DaD0s3jwczfcyzC5xLWoguNu3mtm32KwkayMno0Y7timH0E7AwaYW6uLdSo5p582O5zbUcMVlGYUXLa27Y6madAPGZEonhZ9IvrpFrNCG7VVcKiBxdC7OzSn3VWiOoZ+d52m6bAAeIiy1wp3En2PcOqO+b4soc7RTy+acFypupB9//N0xd8Yq+VdALHa4tQGvT5oc0OlAIdMcF7oU0nGiyQKE495Q5/MtcilYseaQq0c2vp82y9YndlinzOnj7JinerXXfAUdTREPH6FvNR3Y6cdPKqgM89esrDJJum7L6eFUq5ozoqwxvOGv1CKEA+LgD9pXuXAPSdqiwZeEBD5P4fuLik5heKHJwcmgIaja7Vd5ni3cSQsLnwU/m2aQ5WmJe+7REbykYmC6J2+EinSm7CWYpq3EqKFmFsSoTbEpjL6ghOtjB4cD0A0fK5RJhU5nbpFC/whSg+6SPGe7w7RZa3suQ41QLY9MgwNKPDGDqwPQP4SnbBVYiQnyCJHj8ZDyWN38LMahEzjJT9leo9yr9h3hjvYdouNN4BTCFajgoQ38eapd9HqeTWBYbg5TOC+JOI3/tG5HYWNI/kI9jWrgIu4belvrnsdPMo0O7FIHiEKQWg/b6v0kBkeG7h+OHgs/qzq7GSz0rOoNgEBqHa2eVTwtmnMZgC3fJ78/QdRCbW+I5YsmFEZIcT4JSXnjFlPjsoFnhpHS5DcdCsY7YnY6006SprYF43lPunRFbpfPPSr4Zpn/G009M5ZasiHNzPPsr7leiDBkugGPtBaEEy+Fnct4bfc1JD6F+FHtTp+iGE0pT5wZCQ==,iv:SiRzgXm4hUSW+o80AA60oAIJus2FSZvL/Ly0bktT5XI=,tag:NuD9XVd4TNFOIo0jdHeSyQ==,type:str]
lldap_password: ENC[AES256_GCM,data:KbJam6qANZDc270gM7Umz1aABIW9N7xcz50PzhsX//dl97k6idDsDASd/33G7KxFCpVPtAQuhT3MLFuGQ+aFjy+YDasL6t8UdlR905CVbi2APH0pexqamhMpf1ZiMbYosdh0wAk5ZOJoWLdOZwVHUBWMgyRtEwc3i85Mla4CDvQ=,iv:PRoSle4GztDQv6QYeNsvHanREEZqs51t84Sa1qJh6Ys=,tag:XDTvZoHBbFtty61b9lugSA==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age17pdqkpfh6kc6wm7gxzdnwf6vphlwddv9yfpdu3j76e24y3amd9tq3avfc8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAwaW4xdnBaSlh3anBzWUli
K2UrOUhMT1EvRmhVdVk5L1RVczdmM1FKUTE4CkIxWVFmYW1FYTN1WkdtSElraUpn
OFcweXBpSWpsSEQxYkt3WU9vMlo5OVEKLS0tIEFVTVFVTjNXbnoxNW5WNXY1NlNC
bGkzYllBRW9EdnBEQzBQbUJSVVJsRDgKmpwBLgT732TnzsDYmDwajn1VCZ26LAKf
eC3nJLzkfXX81axUuxozpATatUZlf9NXcS0gX92N0uJ7/6d1t9HPhg==
-----END AGE ENCRYPTED FILE-----
- recipient: age15mgf89h220puhz48rjpwxwu4n2h4edur60w6cd8gku2hh4e5kqpsghvnyw
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBhWEV6RDVoamYxZ28rUElw
dHVoQzYvYjdYNFZjTmRIY1pET2VzdHdsdVdNClZoUDFNQkg4UDhFS0paVUVGOUpS
bjNpazRzZVFJazM2NWFyazVla0dxeVkKLS0tIDU4T3pNOFE4VHBCdXpEUUZNUlNu
OTBTbDlXaHZnanJSbUlLUmRTaDc0eE0K0AEhDK731gOTp5AjocYgPEdXnr76m8PF
JoT4IWr2WYs5W/JgC8c4wIc4C9D4O8c+/mnE1RsG6EUXAz5ufMQcGw==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-10-01T04:33:16Z"
mac: ENC[AES256_GCM,data:JOpFhUp35Qh47yO0RySQGx9BHQfa8IrsiQarFNlid26D9jrDyF55Y5Wt88JgzPjGKVGhj+lJCz/vBGZ6wF8EVrT5Zd56cdKf5f7oOVF8s/sHl0O8MCstAUUazF8lP3SHRqZg4ZK45cFFt8ScFJd8KpCttiQY7xhjxyxCfUJ5E/U=,iv:cRedV+y5xEL8PB4gYzdEAmhqZ049geoPXHI6awqoi4Y=,tag:LvEb6Dc4flup2yEKPOnU2A==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.0

24
sys/profiles/secrets/hopper/authentik Normal file
View file

@ -0,0 +1,24 @@
{
"data": "ENC[AES256_GCM,data:fxTl3v/kAs4ZP8TR8UKzI+GcgUH1v+ieoKFF2FCGxSNT37l9zAr7MCnFgarxxfw9quMofg//PdFYPbboHmwRl1B2,iv:jj7hRM+OOqOoM2wvskCBtYawq5+0RojJcUe9d8bCr/8=,tag:QrI/Y/TTPzvhMi6n7UeIbQ==,type:str]",
"sops": {
"kms": null,
"gcp_kms": null,
"azure_kv": null,
"hc_vault": null,
"age": [
{
"recipient": "age17pdqkpfh6kc6wm7gxzdnwf6vphlwddv9yfpdu3j76e24y3amd9tq3avfc8",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB5N1pRYTdVUmUrZzF1Rmd2\nTnArVWRrYU45NWlmRlBrYitycXpXQVBSWHpjCjc5Yy80UzhmZkIxUEJkTms1TkFn\nUm9WVG5lQVp4YXk1aWVxSmhSOWtXdzgKLS0tIDQyYmxPV0x3cTBRMGJxdlc3L1pi\nd1N5b0xjRVloOStPN2VEbFpUL3RmZEUK77mnYZQ0dsVrqPFU/SPVMjj0ck5Qgd7u\na/Sw+dUQnVOokvbtYGMLt9K3wbRq/HWLBumZc9Y5sjALF5uBFw6XOA==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age15mgf89h220puhz48rjpwxwu4n2h4edur60w6cd8gku2hh4e5kqpsghvnyw",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBhd2FRL29rOUExa3RLVkE5\nNUxmeVVqRDlPSjNyS0d2MG9jYTlnSms1TFV3CjdIYWc1WExmaEJla1NsTGY0NW5E\nWnBxZ0pnaU9yS2lLTENieVBFeUlQbnMKLS0tIFprYVZoNjNwclYrdVQzZVgzSjFn\nMGV5bCtVSDRqYnlJL3BGOWpVaFRCSmsKh7D5NrErKlZPVseq0keoineIdaKAQeaw\nEu0DW3httU5wS1fHFwYChBaGsZie9GykW5Fvpq73o5TZRz2u8dmf6A==\n-----END AGE ENCRYPTED FILE-----\n"
}
],
"lastmodified": "2024-11-27T08:04:50Z",
"mac": "ENC[AES256_GCM,data:Weq2W0PFoCVMzP6CssTXoPQLA1sd1kTp51Wm5Yu0YkcFHrYfGaoiPE7n5tbsKWm3GpCqwVmU6W4lKrOlIkPe3flgO7qA3w+NtnCBkIhJstXgrDlCoHzwiP7FT0szXUDDFn8ALiA7dvd1zG3NCaymjt2zARrdFzBwA/kJBm/Vrcc=,iv:3ufxRlUlGT7O6/q0pn5ifSPCPvTZJIRNweSJKtHb+eY=,tag:jid9ltE//PrenBSjouz4Fw==,type:str]",
"pgp": null,
"unencrypted_suffix": "_unencrypted",
"version": "3.9.1"
}
}

24
sys/profiles/secrets/hopper/betanin Normal file
View file

@ -0,0 +1,24 @@
{
"data": "ENC[AES256_GCM,data:TmpYiFqXu3yz4IluJ9DVH0TU05YL1NBsEcRb73vx4j45Q/aWQPA7V18+xz79t9HbFWekaLe9tPMgeiVF5uuK8qSufg==,iv:KBf+q3YSO+38HdkRt0/Hmp5Jhaw/2Cl4PzYkhtsRoM4=,tag:ZSySMXU11lvA+Tv3NKc64Q==,type:str]",
"sops": {
"kms": null,
"gcp_kms": null,
"azure_kv": null,
"hc_vault": null,
"age": [
{
"recipient": "age17pdqkpfh6kc6wm7gxzdnwf6vphlwddv9yfpdu3j76e24y3amd9tq3avfc8",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqakZYMWl2YnlmZUZ2SFFn\nczJKVzU5QUsxeVJDdllja1hObmd3d1ZvbTJNCjRHUDhVTTZzNmtZSTk5SGUzaXhl\nNTJLdmNOUnd2OFpzZ21Jb0R6czdYT1UKLS0tIGdlUklWeEdaVnJENlZmRzVlTTJk\nQ1dZZkhhYnlEcXNuc2xLanZLK05HZFEK0/sUYuJ6bwWVgEUz0ST02ugITRJ/ynIs\nSWqP4EKaDH5Zc/H93TJexIdz12CgO9gurmdpa2w7z1Fn0lW/z+iQRg==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age15mgf89h220puhz48rjpwxwu4n2h4edur60w6cd8gku2hh4e5kqpsghvnyw",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB4cFRKMEQxMnlsZlpWUVMr\nMUtOTjF6RWRZdHdMbzh4ZGpkelc3cEZyRWxrClVOSy9kNXB6OGpVNHhSRnQrdU5y\nV3JiVDNVTThpSTVzSnliY1ZBOFFQY28KLS0tIHd1NEo2VTd0WXJ4eU9KdjlKSHpJ\nOC9XRDhaNmNOOEJoOS8remF6d2szTncKG/uzlIbBX7gFBcUTXzstarnBeiUB0Cdn\nQjT1nFNFGR09WDtJROuTPYS6GFmEmlGwX84dGsIQpIjyN3XPSzsrxQ==\n-----END AGE ENCRYPTED FILE-----\n"
}
],
"lastmodified": "2024-05-18T18:34:30Z",
"mac": "ENC[AES256_GCM,data:ay8ylTBNXr37TCDqDAkbQ4NcCklv8tUJUUpQZTQCgMHHWtCr0wLCyTUPNUOoHOkjJPAZtDuAXVuG5UPGv93gdZOVXlWpFfZt2Je6YBhcP3HLYXgLNLoPPhqqwnyz30ec7Ux4sx7SyLFWPe+0vV0wv8VFzoI731nhgY88McofvC8=,iv:tCZ/uYsu5rWRf3CburxHOx+3+scZZ0JwLEn/BqCoGsY=,tag:rlkeDvJcUASA4kaizCtj7w==,type:str]",
"pgp": null,
"unencrypted_suffix": "_unencrypted",
"version": "3.8.1"
}
}

24
sys/profiles/secrets/hopper/brawlstars Normal file
View file

@ -0,0 +1,24 @@
{
"data": "ENC[AES256_GCM,data:XWblMpIi2edSjyCDYqJPJlOm4odclXgvSYW5YFYrnzMXUHalWkKhpuJ2/LmlmA6yw+atarnS1FH7CfdBgXooAxFpHx1krmJ+RxnbQ1q+vRSLWXeQnoobUGyIdzluTqbnPzM+Y5z5CQk16pEeSc6iJ/JbCc4dGHeuyNnJNZTkD3WVS9Uz4zBXToBP6/IWr/XPz+gxcaBfbXP/2zdUYWpPpT9xLqGk75INQaf20G8fYv4ThqgMeRe8S6dpWSzF8RptVCY/GAs1agMNm2Ya21W5e4ju3dxYm0dt1wM7lTU2TnLNdeugOtAE5/4H3aIFKlcc4zRS6voUzL658URcYH3HxaOqP6kQCSiV7cc2kS4nb/UvopzlTWlWS0+yxWJkqsrbdOrsgx4YnH5TxL2EirzfqcvfBhLd01q5v+SUGMwKNqTFcc6DcNT09s5PUV2D4xqQJzozWMSrUcVZ3LTQpuXmGzz1TJfozOaz5ZHul6B82Opx/XbJTzbJAXDgBOZfaidsDhGG0oKm+1eOWYIOXNVSoDy1n3fdOIxiOKNzBoxLCFlogmBXICRDhVmMgXydCYHpv8lGxd2uEHHx8YuRWgh44z/TNt94TS/0PBy7Y4A7i/sUUORLVRrNBkIZBTC7kcDItvdS6a0PRaVUUGV6OSDa8QV4FwSZJOBdXhOUUQWmbo1g9I0B3TMzfUdZLG+894PjVwAq5cODMkYcpeoV6xbB27iI/yX5erKfRQ4kGelmPLC1/Y9V2dB1KiPTTQ==,iv:KwJ2aN5mhXJjxL/toMSbRJqvuPgclAWJK5YdoU7us5A=,tag:HQcjTFAtTZrKCXau4/QqSA==,type:str]",
"sops": {
"kms": null,
"gcp_kms": null,
"azure_kv": null,
"hc_vault": null,
"age": [
{
"recipient": "age17pdqkpfh6kc6wm7gxzdnwf6vphlwddv9yfpdu3j76e24y3amd9tq3avfc8",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBvRVhvM0I0Uk5uSEQ3TjBv\ncExIS3YxbjRXY0kvd3JyTmhwWHZkaXU1a0Y0CkNmcFFvbS8wL05UM1A5K1M0Y1Bj\nRjYxVFREZjVKMjV4UW5TSlNUZTNrZk0KLS0tIGp6UVBlQzAzYUw5bnNIVjg1WkFN\nQnozRlhUYnVNM2RDdDFlcmFQZk5BQ3cKA8Pjse8ase9Xzg3kd2U8AKotlaIcSdux\nq8EL6rtmYmvpRV02vUYQxWxxj983BtKkR4pndd6o+MBNau4JgdYYEg==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age15mgf89h220puhz48rjpwxwu4n2h4edur60w6cd8gku2hh4e5kqpsghvnyw",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKeGJFSTJ0WnVkL0MxUUxn\nVWZ2UWFnSHR4a21kbFRtSWJ3NkhJVzlxVG44Cm85VmVpdWFROUFOYm9sUGxZUkg2\ncEljOGllTGRTMlFzRmNPV1B2WThYcWcKLS0tIG9MclVPT3Z2K1RadDR4bEdYbytn\nUVBYRVRjN0pqOXNYZyt5VVA1RVZGNEEKDwlbaCimx8n4FPN3cJ3yR4QE7m3VUBSX\n2o3KmrlRI5/N4CaKuTNI3GjPXUbtrC/+shV1fsqo1tE0XE3U6qB+og==\n-----END AGE ENCRYPTED FILE-----\n"
}
],
"lastmodified": "2024-05-03T20:12:24Z",
"mac": "ENC[AES256_GCM,data:M+XkQx/Ix5yEEtDoBD9RDYkFXHntkfOIFc4FlJgIXbJcArE52NkLuZSy7ZVvVoByeg6FlHr5Wj5EgHIcpIbUe31GW+2kCNh3LYaqUMRZmtxcP0Hk+4axgo2mCpp4us43W8AHkBu0weJmvQTixBUMXfP39Mdm/Qp3Wz6q+pCNPlY=,iv:mosXJmbrbXWwY5YH8lVG3lNmUZG9XD9yWvmBF+qyVRU=,tag:UWohiixM4e71GyAQCkS3Qg==,type:str]",
"pgp": null,
"unencrypted_suffix": "_unencrypted",
"version": "3.8.1"
}
}

24
sys/profiles/secrets/hopper/cloudflare Normal file
View file

@ -0,0 +1,24 @@
{
"data": "ENC[AES256_GCM,data:fwRCAES+TxczDPwrdzg6RG87PL1GrwaczA2uzD7PBX2q90ysnf+nFSI=,iv:akE8xpL7Pc4DA0WPMrtoawySxtYhx6L0UhrpkCpgTzw=,tag:c9omuljQ4rxrN4PzMq+MZA==,type:str]",
"sops": {
"kms": null,
"gcp_kms": null,
"azure_kv": null,
"hc_vault": null,
"age": [
{
"recipient": "age17pdqkpfh6kc6wm7gxzdnwf6vphlwddv9yfpdu3j76e24y3amd9tq3avfc8",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqYlFaNmRuMUkzelJ4UkYz\nNXF1N2x5bjZVa0QvMmU2MDF6eVNDY3hsY0djClZETVpxT0Q3bCtJWFY5dU1HZi9i\nS1l4VWRCbldaeXVIVnM3c2t6YW03VWMKLS0tIFFIWE1TUjYzcHF4ckhXWGlkZEVK\nWnFlUUtrc1hsWFc0a0JzQTFyenZEY3cKcEma0LZKhlnvyKDIISTBDPAWkmTlUcOs\n73B8Hxtj3EDvEjUGimdu+oZPfHQuElgSMiOU0Zs0OwAvItOHg2NfKA==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age15mgf89h220puhz48rjpwxwu4n2h4edur60w6cd8gku2hh4e5kqpsghvnyw",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwc0RSUHYyRWx2ZFVXVEc3\nUjUvZDdmWWJXNWtIWGVWWnNsbFA0OUpiSlE0ClhsaEpGeXpQOThYYmt1NkFLWlpy\nQUIwNERva1pReG5McmloR2gzQ09nWFUKLS0tIFUrSlZMdTFtV2hnL29Ua2lUTkQ0\nWTZTNVI5US81OVNoWndoSHdURE5uc28Kwegugtt4GjCUlj+f/1Dghy7Q1DsD4Vli\nmoPkciYTrbMhngi7n2Ya8+K5JU+q3Rfn0c9TjElEZP40dNiJF6+f/g==\n-----END AGE ENCRYPTED FILE-----\n"
}
],
"lastmodified": "2024-04-13T19:03:19Z",
"mac": "ENC[AES256_GCM,data:G9ZJ4fOek3RPLicg99SFS2HwBBIxqXy1NzOB8USIpjufcB9ncIypVh2ckEOiwSR4CBRIkAjnjnKaCRN0q/fHZhw5dQOwSto6nB+MQ4HMNNTErEK5tmGlN/y79+uGeYBPe7jyhsI6dIksXxHPS8VuMGFdtcXmw+nWjizeuLPP5kQ=,iv:PxP74PTFylp+P2MzNLsaVcilpkBQeYlIieoCpAIBVtE=,tag:mzo2jbPqXP0EpQgMypqvQA==,type:str]",
"pgp": null,
"unencrypted_suffix": "_unencrypted",
"version": "3.8.1"
}
}

24
sys/profiles/secrets/hopper/code-server Normal file
View file

@ -0,0 +1,24 @@
{
"data": "ENC[AES256_GCM,data:e/taTwDXTyDPREs4C8rCQmMRfphkOfOWIq1evkfWSSvB53wTLQlnHuaOoj0e+Cj7cS7trO/YlS323HjUsL4G+p8hiw4GiWzlP9UE7mJFPNnCurEG0JRKJsqeDji3rqpabQ==,iv:vJRO7sjwCIqS3VsWn50KOOeHVMxpscsgU9TEzEUvoyY=,tag:RLIg8+PokOGBWRIW2QCcsA==,type:str]",
"sops": {
"kms": null,
"gcp_kms": null,
"azure_kv": null,
"hc_vault": null,
"age": [
{
"recipient": "age17pdqkpfh6kc6wm7gxzdnwf6vphlwddv9yfpdu3j76e24y3amd9tq3avfc8",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBUY2xXRkxjd0JqNWNuS1pu\ndVNUeE5JaWN2QkRUZzBPdnNCZjg5K0kxRnp3ClErcHk0MTB6aGpWYjcvb1NIWWVC\nY2NYbVNxRWVRbk4zdXNmcXpkRHRXbHMKLS0tIGQyekRtYkZOYmRVaVRVclFEK01Y\nZFdFZjlkTmFpU0lyZEs0Qkl5aHhEV0kK9bTzLFDrLCVGJiPLCwPLBtZm1Wl9pmqC\nMcMhpaWFPrV9VBbTXtHYoojDrwc+dHDvWIskBixhf7P7R+dOOpchhw==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age15mgf89h220puhz48rjpwxwu4n2h4edur60w6cd8gku2hh4e5kqpsghvnyw",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLQnlTVGdMV0xhb215b1I5\nc2tqTHhHeDBMK29Eclp6NjVELy9reUYwTjA4ClBrVS9hWWhCeUsxbEJSNG9NRmZl\nQnZGVHdXM2svM1Iyc3NTT294NWk1RDAKLS0tIEZjUStFZDJoOHFrc0hsaUMrNXl4\nQys1M2xpRVhkUmI4U0taQllSWC93YXMKDJdRDZGGP/RFqquIY6m676vOL0CxEkrd\npIpZ88Y9/2oX0FUHxm8vV/xHXyKfWm5lU4xEcJ1tBV/Zm0jLbLQTMw==\n-----END AGE ENCRYPTED FILE-----\n"
}
],
"lastmodified": "2024-02-26T14:40:16Z",
"mac": "ENC[AES256_GCM,data:HdBVk9jF3snPRsp0Q8HJHuP9H0IN+FKXfTzqyb9B6+Fx9zfzJdMavFrbKeLLCCknAKLYArAtYDhjsoEGTabWnnw3vB5Xp88DdtQfCgblQ6vCpiTa0XuFPcbRfgyPfbLACXWuUAKpvuNpzMripi2cPWI1U8+LF0IDYdBDeG4PXsM=,iv:NYxkK5Fz8f1zTROc8uLuuUN1NO4MHt4ldF488vKj29k=,tag:9fT5fWje/KNCWebzNTPDIQ==,type:str]",
"pgp": null,
"unencrypted_suffix": "_unencrypted",
"version": "3.8.1"
}
}

115
sys/profiles/secrets/hopper/default.nix Normal file
View file

@ -0,0 +1,115 @@
## TODO use defaultSopsFile mayb
{config, ...}: let
# autheliaUser = config.services.authelia.instances.main.user;
in {
sops.secrets = {
wireguard = {
format = "binary";
sopsFile = ./wireguard;
};
grafana-pass = {
format = "binary";
sopsFile = ./grafana-pass;
};
wireguard-config = {
format = "binary";
sopsFile = ./wireguard-config;
};
slskd = {
format = "binary";
sopsFile = ./slskd;
# restartUnits = ["podman-slskd.service"];
};
cloudflare = {
format = "binary";
sopsFile = ./cloudflare;
};
jackett = {
format = "binary";
sopsFile = ./jackett;
restartUnits = ["podman-qbittorrent.service"];
};
betanin = {
format = "binary";
sopsFile = ./betanin;
restartUnits = ["podman-betanin.service"];
};
transmission = {
format = "binary";
sopsFile = ./transmission;
};
authentik = {
format = "binary";
sopsFile = ./authentik;
};
"kanidm/admin_pass" = {
sopsFile = ./kanidm.yaml;
owner = "kanidm";
};
"kanidm/idm_admin_pass" = {
sopsFile = ./kanidm.yaml;
owner = "kanidm";
};
# "keycloak/db" = {
# sopsFile = ./keycloak.yaml;
# owner = "keycloak";
# };
#
"lldap/jwt" = {
sopsFile = ./lldap.yaml;
owner = "lldap";
};
"lldap/password" = {
sopsFile = ./lldap.yaml;
owner = "lldap";
};
# authelia
authelia_lldap_password = {
format = "yaml";
sopsFile = ./authelia.yaml;
key = "lldap_password";
# owner = autheliaUser;
};
authelia_jwt_secret = {
format = "yaml";
sopsFile = ./authelia.yaml;
key = "jwt_secret";
# owner = autheliaUser;
};
authelia_session_secret = {
format = "yaml";
sopsFile = ./authelia.yaml;
key = "session_secret";
#owner = autheliaUser;
};
authelia_encryption_key = {
format = "yaml";
sopsFile = ./authelia.yaml;
key = "encryption_key";
#owner = autheliaUser;
};
authelia_storage_password = {
format = "yaml";
sopsFile = ./authelia.yaml;
key = "storage_password";
#owner = autheliaUser;
};
brawlstars-api-key = {
format = "binary";
sopsFile = ./brawlstars;
};
wakapi = {
format = "binary";
sopsFile = ./wakapi;
mode = "004";
};
};
}

24
sys/profiles/secrets/hopper/grafana-pass Normal file
View file

@ -0,0 +1,24 @@
{
"data": "ENC[AES256_GCM,data:+jzTvF67htgSLx3//yu4CeH76/lQdxwcJSSplJm9eaVNs91PXF7hnZrEVyjIvMLi8lwOTSrH7SZJXOvZsoLRZHDdWC88+H32jsjVOopJgowAAQHuiKyQJjCACN5OBslKgTQEYo4eKpC8A1fliKf0fwJW+HY9pC9WUbZUkbpc9scMrZJIVb2Tm6UQoPoiEn9PbrC8tgGT1lOEk5EeiMgYg1JbEL7hcn1epuyYPYw45TV4SDLlnvo=,iv:qscpjBl/ifRGmjSHLUZ5rgC8oW86k1ca6JMna+VOFdM=,tag:Bsl3nrKTHrt27Xq/eLDLvg==,type:str]",
"sops": {
"kms": null,
"gcp_kms": null,
"azure_kv": null,
"hc_vault": null,
"age": [
{
"recipient": "age17pdqkpfh6kc6wm7gxzdnwf6vphlwddv9yfpdu3j76e24y3amd9tq3avfc8",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBYejVUVmNCQW9hSm40dzll\nT0Q2STNrNEt0OG5GcXlYMUpHaHpZZFdoejI0Cks2aDJ5b2R5d1BMSSt6UlVVelNL\nai9NRVNreGRZNHFvOVFJcTcra3M1K2sKLS0tIGFvc09pTDN6TGJuMU5XWG1ZT3c5\nWnJsa2k3U1pleUNuZmVzYnRpakxqalEKdNWuvPa9fm+UOiiZ0fb05Cw084z+tz5q\nnC8kK1ZAWvLKPgb3yNhfzrmVbdCfxvxnGYmV3f1SkVFaZv1XMJQCtQ==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age15mgf89h220puhz48rjpwxwu4n2h4edur60w6cd8gku2hh4e5kqpsghvnyw",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA3STVBMjcvMklVOFRuSThM\nWmtoOGxBYVVVVzFFVzNTSzl1TEEwckxsU0VJClFvcU9BbzlWZURSclNFek16L2I0\ndU95VS8vQlZqL0FIak9XMjBmWFdEVlkKLS0tIEJtb0FaZjZFaGE0S0MwNEQ1RnU4\nRUFSWG9LR3BoS21ENTMranhTQmcvTk0Kgm8BjUznYhzRbYwlettBVVK6r0bYkFFi\ngulgnbUSol7nm+eTsDLASZtm7V5Ms20Hv1/SKRry7Jr8zYZjWUqJ1w==\n-----END AGE ENCRYPTED FILE-----\n"
}
],
"lastmodified": "2024-09-30T09:41:29Z",
"mac": "ENC[AES256_GCM,data:DvGuAiiSDScG2sWLq/SMCDvJ9JtS4nO+jqVnDmvRyjz14bRyiOSW/5p1vIaOgqPpuGKJ5OM+drlOdJpz8Co17OesQWWTH1GxRBkF3GkInG9xlY/PwlW/4R3mw1+3NIUE4xy0J1szU/27n4v4ToQ92Nn6NLe1fqZBH921xq9PcYA=,iv:1/pIrLsgLYea7MhxcchiliIDvNMTCjmLr2G8yhAMX6E=,tag:HcT47ZSCWkfju2kTitgdAg==,type:str]",
"pgp": null,
"unencrypted_suffix": "_unencrypted",
"version": "3.9.0"
}
}

24
sys/profiles/secrets/hopper/jackett Normal file
View file

@ -0,0 +1,24 @@
{
"data": "ENC[AES256_GCM,data:1p3OQ+qlo1ewqD4VPvVsyqZecL87sHbEQGyJ3Fepvahe3NsMmsDL4k04bBmsQLpd3fVj65WTtYv7cC5Cjy83AMcHVaX8/AVWh/9qdijmWlmp7RNwGgdyPMs48gM1677X8mUt7AohmlI7A+y6/zaUQl2C/FSGXYJaMOVkeSayMRHu+B0nBIVxNXo=,iv:69xkQvwZND3qfIeRJmOiJ9rp02Y1a/xexcj7IyWlT2w=,tag:GYC0JL1QTouVDPXQsaSH0Q==,type:str]",
"sops": {
"kms": null,
"gcp_kms": null,
"azure_kv": null,
"hc_vault": null,
"age": [
{
"recipient": "age17pdqkpfh6kc6wm7gxzdnwf6vphlwddv9yfpdu3j76e24y3amd9tq3avfc8",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDMElTQis1R2VCSjAyWlUv\nVUtFSlZBT3V5YVdpc08xUUl6KzRTZEQ3QUQ4Ckp3clF5N21TMzJqNnJMakhwR2VU\ncm9GSG5SRjdLNWNwdUpuWWxka0lBaVkKLS0tIDVIckttQ3EyQTBEZnBxM21pZFpy\nZjYvcXpMWTVldXdhUmx3RzJNWmdMN0EKceUMr48QXIm1/6CiQg7J54nMSSuHd1fU\nKsL0//t6nmcnuZDWqsxTw4V8/i18KLqB8DfI3Naca1kiT/Eswhq/mA==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age15mgf89h220puhz48rjpwxwu4n2h4edur60w6cd8gku2hh4e5kqpsghvnyw",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB0bWNkQ2MvdG5zWmZXVkhJ\nUmwrZEM0UkRMUkk4dGV3bGoxRk1DU3UwalJJCi9JRktZOG9aRFdPcHZWdjVwa0o4\nZXkzN1hCVkFEOURhbjRla0JIcDJLcXcKLS0tIDAySitMSHpqY0ZnbHU5UjBxYU1a\nL0JaemNyT2REUThtNDEwREUvSDd0ekUK3J7gYbDWZjHJ5+QCE9nUKQI3LsU7yZK4\nGtrCM8JFhNUrglhhtBiIyez2O5BiDpqpflc/jcTaz0Eq+PkNzX35WQ==\n-----END AGE ENCRYPTED FILE-----\n"
}
],
"lastmodified": "2024-04-08T19:29:32Z",
"mac": "ENC[AES256_GCM,data:fOYBWvnmxQZ/Il+OP9BYbdJ1d58INKjQ7UVHARNkCju+GQ9qfl2tlqhQ/x759aSiPatiVDA/PyXBMBPCIIJA6gaBoitDfoXEwMoNLApcT+LMw1oDLbxBoZRivOKKlDktHEE3FFKTH9Wz1RsG74d5NptacLxvZqgdPLUyVIJQkV4=,iv:nT+twZfMM057UlamPjveu55NdMXseu+HGL2TjuetSAA=,tag:dZXtoqLmgASx8Hz9Af/rJA==,type:str]",
"pgp": null,
"unencrypted_suffix": "_unencrypted",
"version": "3.8.1"
}
}

32
sys/profiles/secrets/hopper/kanidm.yaml Normal file
View file

@ -0,0 +1,32 @@
kanidm:
admin_pass: ENC[AES256_GCM,data:FjF48e3KmP/I0Mb4/tfdI9jNRIrqlqVQ3JvDC2c+i+hE+omIQeKYxuU2cjaIBRO9B5CfGBhoip14fhe7Ubtga4IXiJLdnRczk6fQOIKrgDMjDSJvs06i04jeqg7lx9BChK5AzE+aRzSyuu95dyTmlPKUyf4D/G5x99B1KtRf/hY=,iv:no8/rZz30EdVwfc5r6lm/SuAA02JJaIPyHEWQEjOFus=,tag:6ValsFgRNmi9O01qZyUk8Q==,type:str]
idm_admin_pass: ENC[AES256_GCM,data:sCtefK4kxzMw7s+3f48PAnGNYQYum4DyjgeyYLUCPhq1vOHGBzgDcFaYrGvf5ID2/0kEUlT7lYKgtSU37DGY5zCGEbG5diD2lMBZ6BW64f1qpgx+0opOQjcAkKPrVtmHYm9iCvU8pZXvha0nDzS0Z2ZJM3ejUCW7omLTSLHzKFs=,iv:X88hU0Sd22Iky3cZTh/m1AjZybGe4MAIBJ1isnYQEPk=,tag:UTw98CWvj8+xRrYuifU/Tw==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age17pdqkpfh6kc6wm7gxzdnwf6vphlwddv9yfpdu3j76e24y3amd9tq3avfc8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBFTWxhUzF0QXZmME1jcUR0
TUZ3WFFDT0VmdE1mUTZsTXlwZGlncHNuS1cwCjRpR1ZsMlFEQWNVd2VLMVlaMlVB
ZUp0Y2FEQTU3Yk1TR3ZzeE0rdmVJM1kKLS0tIDZZbjl0VHhiNzRta0MvUUtla3Y0
OW96QUl3dTM4Ynhab1ZlclZ5S0wvL0kKw+VSMQNTYB+7dJxhGttf7/Ol/rWhM56r
ga6NOMewGceUwiX9WEH89dsbRpnRq72SXmkt70w4dUVTdrwLm5oXqg==
-----END AGE ENCRYPTED FILE-----
- recipient: age15mgf89h220puhz48rjpwxwu4n2h4edur60w6cd8gku2hh4e5kqpsghvnyw
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBIQi9rV0Ivdk52eEh4OTVG
bmtmdHhtYVRvYzc5WDRmSy9qNFNLQzZpZ25FCjNzVWJ5U2pDU1hYTThzK1BQWms5
TUxhdDhrblN3YVYrZDVERGRqSzNBZUUKLS0tIFg2Rkc1bFBTVEhXa0FVbzZhZyts
eERtNXRlV0RTb2xyc1cvNm9oN2RGeWcK6f6acq1P3Ds/SS7vrye2gE1/bUvEqe2D
gXkYQGsNWxyT3MAXTK09m59D4TqHEfYUykO5pCmAH8tiHN3pxJXEZw==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-11-27T09:47:11Z"
mac: ENC[AES256_GCM,data:EDCfpkGnl06wOXwbcg8cQBlj+OV7/KsiVhGzx0Qm8/kOB8CVvjumK/LQZC6FG+oJDs5TBDRGlM8uJIJL54wpDn7F3YgO6KR9d2hmorL2mza8rsxHH1T9BpQCXp0ENPiQKN2EZ5vLnjTOvYRJK1w/pMDKr6tdwILlcEYlWfSUuEo=,iv:OxANZ49WSfh31H9FxLkJSg22oTfZctWazEEv941orlw=,tag:xouSzvJATMzua7q0Eq07uQ==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.1

30
sys/profiles/secrets/hopper/keycloak.yaml Normal file
View file

@ -0,0 +1,30 @@
db: ENC[AES256_GCM,data:aO/UVjVSJTk0XhDf2M+B9WzO1PkRv2Y0oFtj/kZBFv+hmhsCy4l7tg/FtpduZWK9SueWAX+k7a52UwV5YXDbLt7ldW9gS8bN6XZZbiDj/rBNgiJBF/ILrA==,iv:5KzLZ456gdD7L87NAMXWdZ/LyQW0SzKqdvMZ7BbaMic=,tag:0mD1tXDO4Hc2Y0LmrFWWwg==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age17pdqkpfh6kc6wm7gxzdnwf6vphlwddv9yfpdu3j76e24y3amd9tq3avfc8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQelJoTzZ6YzJsQS9UVkxG
QzVIVTBtdmZpWTlwcFNwMm0yYzFvOHVIRjNvCjc5bmJxVkVmR2hSUDAybVZzOEQr
OEZ6bU4xNnhpcnFjM1I3MXh6elloMGMKLS0tIHZXODNIc2dIeWlxYmJNbTdDZHJP
SG5BVXc1UFQrdWxaa0xRZUdDdVVJS3cK3XATi+vFRe+0p977oCkprA+c+GkDIWNb
9+sAS789Bgjf/z9s2TOKyBWFawZWHDbhwz+4MG0d5ELQIhdoma9RAg==
-----END AGE ENCRYPTED FILE-----
- recipient: age15mgf89h220puhz48rjpwxwu4n2h4edur60w6cd8gku2hh4e5kqpsghvnyw
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBFQlVscjh0SEx0V3dWV1Fw
aUxLNndnYkNGMHJUczJ2djgxczdMNW5DZWhRCkZYdTBJbTF5MWVTRzcyb0tGL3Nu
UlFpSzlzVVNoTVprRTd0Rjc1ZUhraGsKLS0tIFJ5S3cvaDJoSHNmamtrdFdxYklo
Rlhtd21GUUl6WkRaV0NtNWlqMy9sSzgKBF3Gj10sIuLdWrSphZfoVnjdQbIiy9IO
3rQAuIw1osKIf6TA2qJ0P8RGX4OgfhM8Ofst0S7+SqgglOl0LkXS+w==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-11-27T08:56:28Z"
mac: ENC[AES256_GCM,data:gf+TwvZXThH9B5sQGhb49dDfQwpZy3kIwlVfLn6qCbe46evwsXPucp657KBWju+i0p8ByR7IhALEK/U/GX9FBK4Qspw9y0NRMRvyk3zVRszUxUz3z32IEnYvTCapP7lIdeAVppUow6tL3XdgZGyni2H3liUilqiZ6NGw0VlvtpU=,iv:wTMAaiB0Wd5szU9g7Pd0OV04ddlnn/p50lbO1rmmAZU=,tag:huRsSwiBThgxm3SX5k0U/A==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.1

32
sys/profiles/secrets/hopper/lldap.yaml Normal file
View file

@ -0,0 +1,32 @@
lldap:
jwt: ENC[AES256_GCM,data:kFvBDxZzZw3rgk7yhEc6LB+vqLJktwtc3xJlSxnm/kURXM0yh/uqhfjr+7PJF5CZ24rH/eEolLKnLbxMh196y3/vZx54RI9gEx6L6P+XcLffUp+QQUvlTrcIdhS+NuwdI0cFIuhBsIde/AFGzTouQlHLQg/cofHneP5CbCpUcOByvJKwHQtL0aelDx2WTQsgoRkCe9FBd8ORUfbwowb6ooBO+M3vQMY1t3JCsOH54IRylLietKyLJqkzSoozD9Icxk7E6Q6V8YZRVlKOVFhRBn89oHbh+eiIxDMWhe/38UDimYeS1re+kTtZZv1IuzOW8r/LWmbeqS3H9MClj6x6EQ==,iv:Sff5shR5CocdHdUxKwBiyRIT9d6U83k+1Cm83Gdu0dA=,tag:Pa31iMzZyUwUX+i2LrdhXg==,type:str]
password: ENC[AES256_GCM,data:mwPwme/th/mzjxFha/4atBSi/xpg5pEhiKl1j1Dy98KJt4MxH2qz5Y2W/xjS5StEz0x6wLu8+LNsPqMyw+FlE3/sf15oD5ehvcMUbVCokeSAwCjri+Kut+T+nY1h5vStogXHtvMQAd5nvp5SFji4qYBXfuyRE/nfhUTi4ik/q+rDSY6e8yvSrGz48NWRKjfYAYp9DYgBDSW2AF07qQb/bRHMe7MAEC766b6S/M1AUzv35yFGoxtCki7wrUXWiz7VFmJiX3gNlCbcuE2/TXGWlQWVkS/1l+TyTVb2RcAdRZyQcwVvurOF//EmA45ktMHreh9FVGwoIGPTR5ThS1p3LA==,iv:xMp63D4ELTSVidg7GEzQTeAW2M8KNKaasEqkLiJMN+0=,tag:j63xikfu6H1DfKHEO+Ak4g==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age17pdqkpfh6kc6wm7gxzdnwf6vphlwddv9yfpdu3j76e24y3amd9tq3avfc8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKU3ZOQnE3bStmdVlOWWVU
cVNyRFp4STR4MFRhNmpVNmpVUUFCc3dFNnhFCjVtU2J0cGhVRVN5MFFobTMrQzI1
VWoyaStZR1BPM1R4TUs4VjNVR3JrWTAKLS0tIFk2ZTJyN0ZpVFdtZFFKNjRacnFn
bitxRG03RU43ZENId1dIL3RWQVlQT1kKpGj5BKFO+iX8WaHbGOlUSfOp8bIJS3wS
6Kqt1qkEPywYHgwd/amuELbkthu7mxCx4k45EEaN5gILyONGYJxR2g==
-----END AGE ENCRYPTED FILE-----
- recipient: age15mgf89h220puhz48rjpwxwu4n2h4edur60w6cd8gku2hh4e5kqpsghvnyw
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBiejQxVXlVM29ldDNWbnlC
OTl3SmttaVlIUCtTK3ZteVRCY1JHYUg3cXhZCnNDY3JON1luUDcrS01xMVRGWVkx
Q1YvRzFpRnpybnE5SnM5NGxqUWVpQ2cKLS0tIFpIcEsxVkpRSW5KcmoxMVMrUW13
WFgzK1BpVks3YmcxT3gxYzl3eHpySFEKJwsayqczYl2bFViRTWlP1p2OomPA1NnE
EKU51AINXIYfnNaXzMKWEj52yoVLvtKiA/rdJeVVOOopwD+qa/lRkw==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-11-21T17:19:18Z"
mac: ENC[AES256_GCM,data:6r8Y79Z04G+govQEwHe+ASatz1tMkn+c/M482tyOK3UoJGkV3XghrEs2M9s3QiFF3yG/HJ3naIG6DNDlqZdVKzNDdBBIlMsFFi0nxCKDpr1t+kFfljblw0rVKDE2jd+W6BSPF9hTmNQEoCrOiXNuIUdJdKTB1b4oJMp+hLGq+gg=,iv:WOmnVRRVF0agBf4Bftk+h0tZuPqxHn5M4mdwEbxqANU=,tag:Q9Nn6N4J5vGKemx3m5wNfA==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.1

24
sys/profiles/secrets/hopper/serverenv Normal file
View file

@ -0,0 +1,24 @@
{
"data": "ENC[AES256_GCM,data:GOiWi8l61RgpVeKWrlfwxWMbda8FgJGlHXl910qpblaTsxbrIe+aZoEqVyaSST/N4kip7m2fQsCaX5C827XKR16CZ1c5R/3oql8gDcu6lrkDTIbbttN/RUVfX6LD1Y0b,iv:nwZWzKpz4y7+LKDHoojMWBKOvybZeo/d/ZSzsMujXTI=,tag:SHnv4RuNrsQpQ30x1gjIOQ==,type:str]",
"sops": {
"kms": null,
"gcp_kms": null,
"azure_kv": null,
"hc_vault": null,
"age": [
{
"recipient": "age17pdqkpfh6kc6wm7gxzdnwf6vphlwddv9yfpdu3j76e24y3amd9tq3avfc8",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4clpZQ0doNGJwRkI3QXdX\na0RpWnJoSjlveUhzK1lPaXRYRnlhcFZPZVE0Cm1xamVNMWxVeVhXdmhWZTE3TDJa\nZnUxdWdwVU5Bd3czS2FRb3pkWDFrcEUKLS0tIG5BS2ZDN21Tbm9FNnZoRUIvV0N2\nQmY2UHowS24yS0hYTXJMKzJJdDgrTlkKW80YjK/+FF1jjqNFoJLUTtZENRS7D5Bq\nFq7Vmu/untXqA7yqojI9Og7pdWyAnAf737kq6XusCBA3KMz5C+BgMg==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age15mgf89h220puhz48rjpwxwu4n2h4edur60w6cd8gku2hh4e5kqpsghvnyw",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBkTmJYZzIra3RIWHFyT0RJ\nZ0JoeGduL1RmYWN2SC9Ua0RIN0dWSEN4QjB3CjgzMi9sN3RETTArRnIwNGZkM3FD\nZUJFVHpEdE5YVHhQRmoxY3VWWnFQdG8KLS0tIFo3Sy9qNE1nV2dWV1hSZEhLUENJ\nUk9walpjTUp6aXUvYjlIR2c2dlNscXMK3ZT6xLYaKtwxfEqhhxN9fgr4sBYMSHiY\nnfcj5NNxOYgY8q6Z7oJ9Yzk+8Jrv7SS/eIMCt+rk9+UOu3xl+r/TBw==\n-----END AGE ENCRYPTED FILE-----\n"
}
],
"lastmodified": "2024-02-16T22:49:25Z",
"mac": "ENC[AES256_GCM,data:1V7ZORlvxVVynY7rkKxkEw8MLonW5BwdGqvZ8C9Y9QNIu/udVmQvFMOxHVkdTcYOgk/4pYK/jKNkaPCPtjfJvhnSQ3ZKfOQJWfTVhq+Ba8f2HYc2qLUDupyMtjhBY7W2Pt9yAlJHxpozblCnGty958yy7Z0V0NiiO9ETA837fUQ=,iv:IqAr2BETDyPSdhzYWKEts+9AK5coOGY5/99QZ6HufyA=,tag:3oes+CnEb4zcdNp7QQOahg==,type:str]",
"pgp": null,
"unencrypted_suffix": "_unencrypted",
"version": "3.8.1"
}
}

24
sys/profiles/secrets/hopper/slskd Normal file
View file

@ -0,0 +1,24 @@
{
"data": "ENC[AES256_GCM,data:VWw1v50MSG502oxaUFK9DabhlcxeBHgLtHwT3UjUndaMfhghc/BYswJ3t4kSI7Hi8ORrpro3onH6jMa0AbHdgFf8S1Iqk6z/asQ1SVN8xzYEgFDJ/U9A9/cSI0Kq65/LLds9Vkyk8mK3FgP6eAoBpn4TrwcwULMx9zYIzURUUb7BgLGsZU0NlD70TWQmFTL7SDzqyOXX34P3eCcX/DUwTW8oRFCy4zy73xqGb8OILhi3Afvn79G84fkCspOoEGPFgbW7PNxkUXP2l/J4pcqjkYNMr+9hTJfacKVUMg7XhQJwombge1JU+XLHcZeo1mZQWhZXHXV8Wj0s72Q3GYT97U8YDhmI,iv:pP9OBOeTPwsBjxpezQs9DAM2tdxrNBmqQL8G1SilVeE=,tag:xSh0vswSv9xk2IeHHpBblQ==,type:str]",
"sops": {
"kms": null,
"gcp_kms": null,
"azure_kv": null,
"hc_vault": null,
"age": [
{
"recipient": "age17pdqkpfh6kc6wm7gxzdnwf6vphlwddv9yfpdu3j76e24y3amd9tq3avfc8",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwakcvTWdqUjY4elZUNFNu\nR2R6OHRvN1pNeGdHMUVGMXVVODBEcUJrTVJjClZTZG10UVNWR2NqVkhVMHo5c01M\nd0pPVnptVTdxMjhYVGNVZkdsRERRZlUKLS0tIHd3WmgzUUxVYkVDcTRoeUgwbktk\nVm9QNzBnTWxmM2t1MVByZ3FLaTNweDQK4VQWPRkKKnNyjQ0X2HZ8ACsTZsTrGKyw\nIV0qQujXDj0WVX9NtL2BcjbCIIENJH5pFp8XKQZ+mikqPGmHeunSgw==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age15mgf89h220puhz48rjpwxwu4n2h4edur60w6cd8gku2hh4e5kqpsghvnyw",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBOWXNpZlpySndGK1hRR2ZF\nUXdZZVhJVC9YMy96N3BzSVBJQzBOMEliMm1ZCi9ZWTgvOXcxSXdvMldYZXdsbjlX\nc0VDZTZNY3dSUHFMVmNZbWY0dzl4VkkKLS0tIFRtSzhJdFdLVHAzTVdBMmd3T3ho\naDI2WnBnT1FGUkgxQ0NrenpIYWZRM2MKN6hXjBR+jS4UkYy1SS5uHtlHTugfxCwW\nAErlX+kU0g0uBIQbHExNSr0/Xjk+bIRNqSg2O0CfxULxbQRtZrsqMA==\n-----END AGE ENCRYPTED FILE-----\n"
}
],
"lastmodified": "2024-11-21T17:18:26Z",
"mac": "ENC[AES256_GCM,data:oijVU+zW83/b8HVKT//NLHHGcXegA52oaCyOeh5fNR2kPuI8keNxBMIc+GN/Ybvn3ilyw05XVEWuW3AFT5qZXzJJkLIw6bs+d/QAHjA80H8VI4585d7CP5vRGXnK1TtT8QB2v/RnOPkwJo6R0wJu4YOBPEGN+vPCgbGOT+kNMEc=,iv:iQwrI41lE65m9028L68COreL7nAJKQbwtGaIrQrlPWM=,tag:n4urrzVUnR6R/ZZqOyHOzQ==,type:str]",
"pgp": null,
"unencrypted_suffix": "_unencrypted",
"version": "3.9.1"
}
}

24
sys/profiles/secrets/hopper/transmission Normal file
View file

@ -0,0 +1,24 @@
{
"data": "ENC[AES256_GCM,data:r/cojq4Krb+3JeDL+5P5wUlpehJHCRYR2fUAnGJoGSFMi2jMxQ4/rasSqZJlNxisReusu2cECUZT3LpjzUFZONsHQtHs0iC+xWMVZasJwxnWu62vLxQoJhTb/2EvnTKpV47WhAJeiaeVbFURKVCST6Z6xET/0kFxFB92iVFLIFWMfByMBMq34+xW41+fboOLA5vsWyNTcIQC2fVKc7wyi8Iq0ge+yAONm3QA2Qd24psuC5Dv,iv:sLLbYhE6tshYZo2HWGzNNmcDxb0ziPsDg+lsX6G92Ds=,tag:VRslfMCy1/GNGJ3vG9d+aQ==,type:str]",
"sops": {
"kms": null,
"gcp_kms": null,
"azure_kv": null,
"hc_vault": null,
"age": [
{
"recipient": "age17pdqkpfh6kc6wm7gxzdnwf6vphlwddv9yfpdu3j76e24y3amd9tq3avfc8",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJNVpReEZBb0tsT0QyczBv\nTVVTcEdaN0hoTUY5ZWhEU2NWcjlEa0VsOUdVClFONjhncXduNEdaWlBFTUF4TUFU\nWVJmQTN5dmV2dGJkenZVaXMrbWxuZW8KLS0tIGEveFBPc0hrS3FvVFdTZGQ2TW1r\nS3NWNTBFbGtJYlpnTUNUN1IrMTZKd3MKBtEbUpRAfnbyyXXOLDIvEd7aQaKKWvqh\n8z/s5a/yWGdh4VB90FRZol8Te0Ahu3hYBWiaUWE8dELeAb0Joakm0A==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age15mgf89h220puhz48rjpwxwu4n2h4edur60w6cd8gku2hh4e5kqpsghvnyw",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA5dGh1VmFjM0FqRlEzMUoy\nblVscWNHQWkzTmVDV2hEaU9NNGtIOE5CbkRJCjcvTXdIaElqMmNrY2Q0RThUNWZr\ndDJvZzVVU01mUGJoR004MnRmZ2ZHKzgKLS0tIHUxSHJLc3RBWXdBT2pXU0lNZjVS\nSDdMeVppSkR5UXYyY0pUMVFjbllvVncKAp62v5o/vMgrbygJ1+5QWriRNbrdel5x\nPJAikvtzttEotMSVBww1Qj9T9H+NxfywqMT3PleZLeixz0eSr8vBAw==\n-----END AGE ENCRYPTED FILE-----\n"
}
],
"lastmodified": "2024-11-08T12:20:18Z",
"mac": "ENC[AES256_GCM,data:yjPmnEZOLT63kPaf8I634/QNHIoz76/KbrcbqlbxhageGf49vHSmoQabA+nZ+X0e4QKYJamP2w03SHaTkBiAWPibmy4DxIxaZONGDNZyB0kXwgQHVMJS4ioYitPlzkOxuuNA0YywJ0zfQr2UL7f8Pnjv5Ce9fJX1ywfNGZ2SJXg=,iv:Pew7Icme84LO5cwtVkUJ4wVF0mwJiNrlT6ulKHCb8/o=,tag:/98B67+gAEMM/BKWLULPfQ==,type:str]",
"pgp": null,
"unencrypted_suffix": "_unencrypted",
"version": "3.9.1"
}
}

24
sys/profiles/secrets/hopper/wakapi Normal file
View file

File diff suppressed because one or more lines are too long

24
sys/profiles/secrets/hopper/wireguard Normal file
View file

@ -0,0 +1,24 @@
{
"data": "ENC[AES256_GCM,data:3Qqz1+i3r/gerpHk8YhxjRbpVGYao3VfuFD4Tnmz+IeTY/KeNzkwmWsj/rY//q2oFBcBhfqhRXSEsDjcWho2eRiMY9bP0jAdNEawtsaQRBX5SSb7rvgFuuDrPRtpl18jjfTQTMKHv+yURB/Pgq1k14NMhW0zNSmpa2SmoHlxAxXMPmh20dDpBZHlGLiqDrw/l0piU7jLjk6ZYH/Li8sivuZk8MdPyWXhNEOjcyT+ZHopZcMsFfG7Dg/zbMrtgq4pspVdkcpjdcP8ReQUO2ByosC3epoT+sfS+TE/+OY3RNacAlaHiDz1T0JnTyhQij5e3n6gGlIGbBpQNDQUESbdWJshaiEcA1dv+lHUo6ka7d5qvFTtoIValQ1wegj5684bNR45h6PcVU5oPFyb9SwgHTSSN8GL+rjMtXIrkGFwQWNym+hVtp60iudUOecozkWa1oNuURGt2Y4uk2sk4yZbaHQ0mNiP6mEgAZ7qCNVQCmK9N8WXylFpUN4oWkGf5muSjMzmtbOMTFhRXJ83BbFqg83DNxzsqm5hnKQD2jME,iv:VNAXFEqc1eGHGalPeqS+mrJE8wiLkeMtOUcakll50Co=,tag:B5Otrgusj6m0sISkTDX21g==,type:str]",
"sops": {
"kms": null,
"gcp_kms": null,
"azure_kv": null,
"hc_vault": null,
"age": [
{
"recipient": "age17pdqkpfh6kc6wm7gxzdnwf6vphlwddv9yfpdu3j76e24y3amd9tq3avfc8",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBnU0lRS0I5cXh1V0xjb1RS\nVTlla014WWVybmNOTml5ejdOaTFiWWpTbFc4CmdVZHdvazhoNnlaeG5ibTBZREdG\nTjd4cXBjSGpsdTQyb1lMQloxWUZhZjgKLS0tIHRxa0o1TERZNlYyQUQzZUhnTnhT\nWUxEM2dnWGZmV2d6SXJVSXQ2bU1Ic2cKbPQwJSlna6Vysi2TznU3ovmWQXBbwryF\nM2dlOwPjv+lWM1DLfJRR3zUCugTuz0xjdTDLZlo1F/aaeWiAPm5j1w==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age15mgf89h220puhz48rjpwxwu4n2h4edur60w6cd8gku2hh4e5kqpsghvnyw",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB2VDl2dnFCbUtRdnlDTGVv\ndzBwUTh1OXRONDlGK2hXZ29YRytLbU9sNXlFClViaG9xRGw2OHZLTmZEQk9nSXU5\nZHI2aWVNSXp2Z2JxakpKUkkzQ21XZzQKLS0tIEpSM3Z4dW9VeVVEQ2JKYU5EK0hP\nYzBnK2d6TkF4VGJ6dlBrc291ZDFBYW8KtEnivQ5aj9FhnNHRL3jEQPYxSuO8QAuz\n9tIXoiU13+GOmvn8XG25cZjUIgCamd9c/uBVXFYFx3muGlmBwvn9cQ==\n-----END AGE ENCRYPTED FILE-----\n"
}
],
"lastmodified": "2024-11-23T20:49:13Z",
"mac": "ENC[AES256_GCM,data:eKOk1q9JUC5lQAywpILihx3UM4HFtdYUzxviT/EHBQ+FjADoOV9ajwrRiy35TuJQiIs7UM+pI1/2iz7PvrvAjzPxS0OF+ujrMxstScvalqzuQEuJirR+56ZksUl4ZEX770z/NRiY4bZvkbFo59dxrK/a4w/cdeDiEGgM/2eo80w=,iv:SmEyjcC7gSaQkZnxERpTGBDey9TjCuDvyvv3I0c88Ww=,tag:qBnFjMYU0uAQqWXshfuL8Q==,type:str]",
"pgp": null,
"unencrypted_suffix": "_unencrypted",
"version": "3.9.1"
}
}

24
sys/profiles/secrets/hopper/wireguard-config Normal file
View file

@ -0,0 +1,24 @@
{
"data": "ENC[AES256_GCM,data:GhwIkO2APhN+Ozgsj3YtCq40nd1x5IC9R2mbgmzwddT3yEBLQCadSZ3jvXwzJT5KlXXNlf+Wr6wRjRf1ICsVtt+HvbAkp6YmPbsiZZaBR5KqVCKZxhJQm00eOi9mP13RR1Mo+OWzGqu2uGCezG/HocgQoEoCDRTT4EL81jEuBra1j5WjAmFrmJjSTELbwJD1Qu9IKxh0Mu7dTMbb/Roc8ES++NR1Tt/TG4Ljgly0XBtib2sLWIJov5afEzwW0FpwMqHE8gqP+korlIXaEIqIqFGGwTHS54EoZPGmDrQfRYMuQrsNz8xWhuFOEqpd0/KKIb/UjZCc2NYf0pFuCxtQmOGofMFGaTFu8x6T1gehPprWJTf2q1ImYl0yc5aU+lyragr7j1PIowa2SkGu8TMeIDdga4Qusn78tSnycVakPqQE/pJ+xeStLC9Cg4IW6gRvKg0ByzFDgmXcNyPiXu9iGBecRDSNuWsheJUPV8h5qnQBlR4gyWhYXLh3E1549leQw2soG+iGXzOXC9UKwolzCmhXeuI=,iv:j9OIb4P+wSicxghVbuh6C7Sv6KLqjwFQ7uYLCGMeEPU=,tag:hqRxr0p7CPiSfPP9GMLfuA==,type:str]",
"sops": {
"kms": null,
"gcp_kms": null,
"azure_kv": null,
"hc_vault": null,
"age": [
{
"recipient": "age17pdqkpfh6kc6wm7gxzdnwf6vphlwddv9yfpdu3j76e24y3amd9tq3avfc8",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJVlpJdUdEZ1lNT240WHZt\nVnFlSzFQMjhMc0F1LzBvWExnc1dEL0RPTGxnCmFKeU5zOThOcVc4REhNeDh4Y004\nbDFuSVBtL0MvQ3RnS3VZakN0cGVJbEEKLS0tIFFuWTJRbFg1OHA4dnBvWEdQZElm\nNENNSEpPWEtqWS84R3lhNmRCYTdFSDQKsY0PV+8vYLGcU/KxeQZMWCkbkGUfR1gh\n8Tdt7Jo8Xvd4HFwf8a0XegxMxqQk8FE/44RnkwG8xf6HHXLuXxkmlg==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age15mgf89h220puhz48rjpwxwu4n2h4edur60w6cd8gku2hh4e5kqpsghvnyw",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBaHR6bXdSZWlEemwrQklY\nRjFFU0VWZGNZYUxaaXVndjNpQ1FrUStQNnlNCkVpRmFIV3lvTHBSSnVwK1BhWGwx\nOTkycVVlNDdwdUlzbG5Tb1ZDMFExbjgKLS0tIEY0bVp5akRzeitrZ3ZEaVdueVM5\nVUp4bDhaVk1SWWxXM1pJdWs3UGtVNUkKIScfgHBYmQJE52GtVd32PEuA2/oBl30x\nclfnEzkCCAayBnFFoulY1LkNGelfJMr1/cTK/i9S8Qlts0Vn2mTBnA==\n-----END AGE ENCRYPTED FILE-----\n"
}
],
"lastmodified": "2024-09-29T13:16:47Z",
"mac": "ENC[AES256_GCM,data:DcUk4FtCLgPf8YrlngmnCrflMpqL97QUI5s1eZTaK0ghvD3Ae0qlZ7whcUdalROhO2vsi5XHvDAXMSDhtbfnrEnuTJpwilONMRs66G8mJc9/fnGUAfEBNiZve8FXki+vjaiYjmCVX8VWGMq2NP3Ax4DR7+/obOjOKA9m1CThNH4=,iv:sT8H/ZK7TXOGq054w4jUWqVB/l/nHzXtg9DQJ4HF9Ps=,tag:S6RH3STimNR9KSeRP5V7gA==,type:str]",
"pgp": null,
"unencrypted_suffix": "_unencrypted",
"version": "3.9.0"
}
}

31
sys/profiles/secrets/hopper/wireguard.yaml Normal file
View file

@ -0,0 +1,31 @@
PrivateKey: ENC[AES256_GCM,data:Eh8XY8HqxCr4kdutL99GBhNJEjT/QP2pHQhTe/O8juiKPHslzcen+x9JeJM=,iv:MC+g84kqoFqaD0N/WvKoEgy1kl/Z2SgMqpm3AqjJ1mA=,tag:trvHpJbSI6CHNp4ihwpiIg==,type:str]
PresharedKey: ENC[AES256_GCM,data:fT9RIvz/gXAop5UDlbWwVV1yHErbDW4ff5j2Xo1g1nVTPGzbDHZPtZD9+ts=,iv:sHrGX8gxPVkAydmalgUuZHKUn3O82eo7/vv7lA5hqDQ=,tag:/vb/zgrm/dXm1LBzojrlGw==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age17pdqkpfh6kc6wm7gxzdnwf6vphlwddv9yfpdu3j76e24y3amd9tq3avfc8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAzYU05MHNPUmYwUlJ0empa
QzBJdUt6WENYNUp5ZVZ4ZjZ4cFl6eENXREhJCjIxcmRQbEpHNWU4VHFobFZJVlhM
eDE4bmMrZ1BnTlJoZXVpVFVWaW5sek0KLS0tIGxVZjNIMmVoUEVQaDdQcE9PWjht
NzkyYS9zY3Z5OG1ib0ZyN3FkYjlZOFEKmvYIrVv5qmwh+XEmKeCjcTGbWufg0PH0
Vrws+EngJk5ceYTmiGK1k1/9CNPG+0sdUgr4VrVv6DFKTzOgWB/YVA==
-----END AGE ENCRYPTED FILE-----
- recipient: age15mgf89h220puhz48rjpwxwu4n2h4edur60w6cd8gku2hh4e5kqpsghvnyw
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB4eXpMT1kzTE1zTzQ3aFp0
NHNVcFVVTXRVSEQ0QUZrK1FCTDI5WWNQbkNvCkoyUVdPVHlUdlM2RUtIOGFGQWRY
ZjJpTml5aE91MW5VTWZveGhVNXhETFEKLS0tIGM0ZDJVOWl3NVYwYTNLZEFaalY3
QUp4aFBaYjc3YUp6UVkwZk9UVjNvWDgK+WBJxWWLtg+lTn7CkVqvJwnE6mZRImhL
k61Fabbqpm0FGtnOgQW2mVndd1jJEsCvJxfGix91nbXJLjImPXnlTQ==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-02-10T17:04:29Z"
mac: ENC[AES256_GCM,data:h4gfNcQX9dnm38JBvN3wCEbUefLqO7GdjmcX/7LHQIgVllo6nuPWrThJBYCSU7apwMkGiN+UfJu4+QBgqHTot2Ctiu6jCtMb3bszGDx8pagJTNYlXAsaR9i1/RHgorBfgDwvkMWucTas4/ceIi+P+wv7u63TA7A2TDj7xRTVXoo=,iv:yBO9KwUqtIwXA/UrFhII7x+CyStW1okAh47MNGOwStI=,tag:0xw7Lt1qr7J0Ba8Mzb+IYA==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.8.1

24
sys/profiles/secrets/nixdesk/brawlstars Normal file
View file

@ -0,0 +1,24 @@
{
"data": "ENC[AES256_GCM,data:1XGfHkj/Q0PLetEQQpw2FqQaHKwl3YI52iU8Gr+rGI0dAESdRqbs9vmE44heaSXxDzVqQ2ILMKb0lQvJ9ClzOLnms5DU0nAGxX3JxLJPtvJSpMwSV18pPjkQHj9h4sjNZXkxZ9dT9bxM0mhgYFMQLK+KOJhZHDQztKza7An9y1wtnrVJ5/6I4VgIVHn7C4gFXhNE4AM51WUA4Mp7NsMevjr7EFXPiHw5JjwHeWDWNAmi4h1YTqulLd+zw85OYymx+PJYaX7yjoZmT7N28SvOQ1z9HtFXhvYR15IHt1iTEBMhhwGd72JAVLm2ANBA+Udu7M9EureaKsXoeHhZRKTk/0p0OSWzpNlzsM4nW5gvOSjF135qel2mK4m/FIZ/3KKnQKkeTaSfY3gGNlYXBEL+/TK7Wj7bJiaC4j6R6ejt6Vtc0V9NqOB0d5e7FQlXWaFYnQ/iiaC8sdcVRjqNDDSnHHsFUVhZ8dcrDpKhkPRwjLxEyuWuex5m3dk0xFZDd8GIEZDjsk8BkoqaU9uKnolhtLzwU0H7qhoJgJDhqsi+ig0a/DrghmvVYifzaxqo5yaLQ8oJ1ATsu4J8cvDCnbOlpvRMy/Jmb6/ecAeBQ760+Uk2tXzh7zkRHjreSap8RSorEXa2/7B8gLGQIAW5GiZrVbCEc7gRJvxbVgTsce71qn+mMFlZO/m4sHsCKSF63RqR8QHMkOlInGFx3zib6+kYn7yjR6FkvYPgTGhhg5Yx0iyWaVjmwqEBxp5FVw==,iv:vkhJHqZmnEvRydNc1Am36V2mur+Ov8WlXSPLENAMmSU=,tag:FKeqOLirz3kPMVqUDc1QEQ==,type:str]",
"sops": {
"kms": null,
"gcp_kms": null,
"azure_kv": null,
"hc_vault": null,
"age": [
{
"recipient": "age17pdqkpfh6kc6wm7gxzdnwf6vphlwddv9yfpdu3j76e24y3amd9tq3avfc8",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBkYmVpQjBzQkhxeS9mcmt3\nYThET0FnaWZDLzliT2d0Mng3OUZmTXlhNmtBCkNoUW13enphanlhMVJ4TEJLQSt1\nY0pNVHRLYnRpeFlzTUQrQ0FGU1ViUWsKLS0tIFpzYnAzd2pxYzJVM3lWd1ZBTTh2\nTEdFS1hYMjR3UkR1SE52M2tSZStYNXcKhFZmD/xAdvVUEoc0ysR0BuzIDtXvkWyF\nPcMcjIf/1QYcuhyFXYD7KwwdsEOW+cRiLw0LHuAgLqrC05QzbO6maw==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age155sscpw0x36t6s9usdrz7relpxqrtqnk98mrc7s0qcv2n0v3zd7sfl2xn8",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA1elpxbGd5N0x5aXVKZHZ6\nVDRaUmRTaUlXdXV6TUR0ai9LR0RqdkczMlZ3Cmk2VUVibWZGT3kvZDVIS0loS1ha\nNjlnL1pOS1h6Y0FwR2IvYmcxaGRmWVEKLS0tIFN5cDl2Z0d1RmVVWktHbDBMNFpT\ncWszTUZlRFdUK2UyQ3BseW9YMEJvR1EKGQn97YqzQK2hdXhUJFmrcK41nDDOsFvY\nY8eXYvDaAFkNCFBoazPXkINVycn+9qpvu21hi8XSM1UePf5eXlBqbQ==\n-----END AGE ENCRYPTED FILE-----\n"
}
],
"lastmodified": "2024-05-12T00:49:47Z",
"mac": "ENC[AES256_GCM,data:wIDgEom4PTmHx670db0pBiQl7PyHZ9Yy9nzVg5ITXyu6WJZLaMuuoW3pUxtkB+52ZR8r66M4/fuahk6NiGlhVLCxAY+3KZk2RbwWnD43xZQ/DMQ4WOZ9e8x/rozsPsrD3QxGsZodOLxaWg3QLT4VpGDtb+zzrQn1SIMqlOMxAMk=,iv:Ira7zU+hj/cUruhhUu33PPMxVQdfm4GoPEKaq6fdtI8=,tag:h6ihTBuQl5dZCU7ZWU2vYA==,type:str]",
"pgp": null,
"unencrypted_suffix": "_unencrypted",
"version": "3.8.1"
}
}

24
sys/profiles/secrets/nixdesk/cloudflare Normal file
View file

@ -0,0 +1,24 @@
{
"data": "ENC[AES256_GCM,data:Eb0jA3q6hBv4YuntX0LELXK9bMFrW4QddXaF+HIfEffXSQiOH0fSfKE=,iv:nqyr1YtiHOGFbfm8+QuRLDiBNNLa3QNUYOKkPRueG8I=,tag:XwFR/TkhsxDQpFgal8tj1Q==,type:str]",
"sops": {
"kms": null,
"gcp_kms": null,
"azure_kv": null,
"hc_vault": null,
"age": [
{
"recipient": "age17pdqkpfh6kc6wm7gxzdnwf6vphlwddv9yfpdu3j76e24y3amd9tq3avfc8",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBRamRORTV5OTF6OVhLMHNC\nWUN4cllEQUFPeEI4cmJZeFFKdHErSUYrbHlNCnFWSWNXbC9lejFkTzF4M0lZM2NQ\nZ1BOUGFtQk1RODg0OHp3RDR3KzVSNU0KLS0tIEJwNWIvcFZtdTdkb3VSTkFXMFdz\nZ1JYU09lTkR4ZjJEa1lpOWd0MlI1cFkKKsKAvnhw2v8EOixvKvV7v211Itedg1tw\nRAo5XecUEZyTqKLyEooCTq/KM2X0rR+tFpzo9bt5t6zMwwJc2OwS2w==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age155sscpw0x36t6s9usdrz7relpxqrtqnk98mrc7s0qcv2n0v3zd7sfl2xn8",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBzaEk2b2c1RXNHNUZpeDM1\nQmJrQXVuT1RrYUJDZFVJYjBOSytUWFhIWnpVCjJtN2lZaXNQZVY0a1ZLeUpFcmVQ\nMTA1Q2VCc2FnWlZGUWd0Z0UyZFVsWDQKLS0tIG50L3hYWkNObVRMZHlxcEJjM1p4\nSHNxbkg1Z0FjeUpDTW1zMGdUbFFodWcK8P0t0q8xvvus7Lcjt1CtwNrGAQlV1mHl\n5O4M4zsJGlQeBqvf/2EZWqy0HkdGqIhUDHeo+ho6P2LgUrGTGdmOFA==\n-----END AGE ENCRYPTED FILE-----\n"
}
],
"lastmodified": "2024-04-17T20:07:21Z",
"mac": "ENC[AES256_GCM,data:7gs2+Ksd8JFrAAx/rTaQ7W6MLtuWAdoGzA5TtqO6fbiR+cz8UiH2Exr1xbR8sNY0El8P99nnV66M0Yt+ARJP7xd9o4NJYVdOenScISaMFHWW6EjiEWqv/JKI/JoGdXpRObu3LnuRR0rEp36REoc48s68UWwEGnpMdEpdqSZvMqg=,iv:qON9slK2y0W7K9FOwZAkNJhY+91DD4w70aLD9bMPAWs=,tag:8+cQrp6FM7y+76DsrSQndQ==,type:str]",
"pgp": null,
"unencrypted_suffix": "_unencrypted",
"version": "3.8.1"
}
}

28
sys/profiles/secrets/nixdesk/default.nix Normal file
View file

@ -0,0 +1,28 @@
{
sops.secrets = {
wireguard = {
format = "binary";
sopsFile = ./wireguard;
};
wireguard-preshared = {
key = "PresharedKey";
sopsFile = ./wireguard.yaml;
};
wireguard-private = {
key = "PrivateKey";
sopsFile = ./wireguard.yaml;
};
cloudflare = {
format = "binary";
sopsFile = ./cloudflare;
};
brawlstars-api-key = {
format = "binary";
sopsFile = ./brawlstars;
};
samba = {
format = "binary";
sopsFile = ./samba;
};
};
}

24
sys/profiles/secrets/nixdesk/samba Normal file
View file

@ -0,0 +1,24 @@
{
"data": "ENC[AES256_GCM,data:IwlFjjTZqyL7QJaM1aBi5De0xPZ6T3/fQb+gIcyRP+sgyazLn4MEFABgoCKxTJaNhl4ld2HPA+uGxLOGavTwAxOPpCSxnfTPiPsDrIob9M+ssdVEinBb28E2GIp1ZEbwL7d+AsLstlI3k9JLNaWwqqC4uUb23cWl5/pXELI3ung5BytXGsGXBM/UqW7ce9VA6OQuCvcZiA==,iv:kt1FZBbOktLblC1Wnj4+apXB4dBMyY5Lk1XygdT9c58=,tag:gO8tkX+udOgiV+He2GIOrQ==,type:str]",
"sops": {
"kms": null,
"gcp_kms": null,
"azure_kv": null,
"hc_vault": null,
"age": [
{
"recipient": "age17pdqkpfh6kc6wm7gxzdnwf6vphlwddv9yfpdu3j76e24y3amd9tq3avfc8",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBaNnFIQStPV0d4TE0ya1F5\nSGRtckdUalBXVWI3TlkwY00zaUpESGlqem1jCjZJKzZaSDR1QW5ZWkVTS1hWcFEr\nMTJrTTYzRFFXUk9xbVM5aVphNDV5TjQKLS0tIDloRkMwSUNwM1RQN0lTQm81U21w\ndEdGN0R3Q1NKZmZjY0xCNFlKT3FkY0EKea+Gn8QJeu4iVZdx2WTRO1GOmC2IAeGt\njaMAek1JC9cOkzq0InCr8T4u2+R8ZNCNxf4B3uwRUQVBaVn1HV8Jsw==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age155sscpw0x36t6s9usdrz7relpxqrtqnk98mrc7s0qcv2n0v3zd7sfl2xn8",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVMjNzVVhnZ3htWHEyV3NI\nV001YmtrYTFjQ2lZQWc3V3kvdDdUZ1M5cldzClE1SFVrV0lIc3lWaHVxYnBQS3N5\nbFp5dnJxZFhHdllXYko0b25OdWl5dnMKLS0tIEk1b3FPUG94dWJmS01qWUdnbkVy\nVThNODQvVXlQQ3FZaC8rdlFoOHhPVmsKbcGBJoLMFgpcIQsjlxeAViwne9ri/1WT\n56zPt9+f54K6W7hzJ7pVAG4+IYeWfaybMoPyIWTsTq9tlI6cc8MIag==\n-----END AGE ENCRYPTED FILE-----\n"
}
],
"lastmodified": "2024-10-21T08:11:03Z",
"mac": "ENC[AES256_GCM,data:4t/N1HbvMbXpF7pO0In8V3BKxK/6bz2BmFsH0DGTPNFZ9ZUNntOsOBtjjOhnRfbPY+Bl7JAQnHIVoAtyi6JavXpyH1WmzIpvpBUCWraIoKcD2XzrfraLEJazV6wIVE/vaBk9A6L54KivCXzMp35SDyIlWt6GBfyZJX64le2l5Ck=,iv:NVxByBu+6KNTKVnbjINOqQMgNI85lJxAKfeMFsVNz+0=,tag:mXeFyajv517gC095Wc80WQ==,type:str]",
"pgp": null,
"unencrypted_suffix": "_unencrypted",
"version": "3.9.1"
}
}

24
sys/profiles/secrets/nixdesk/wireguard Normal file
View file

@ -0,0 +1,24 @@
{
"data": "ENC[AES256_GCM,data:fwjhJg9Tgf1bLSolaOuqNccNibuo8g4P4j1mkiVbsQaE/2+3NxZem0aVPmeoevW2nev3DNt3qFdfpOZX3KXniYJSpIf8mxluB1m2c+Zf51eBg/rQSfNtSljFC++Jjc1RyL1XfVIlxZvq8V26AnJZbH6cqkX+phVsO6J/qSyKEBq+rXIZZO3iwby/II5z8ehYtGPJaliCfwv5FLltPul2p+fySQF4UtUWLEKIAGnN3m81GcaLoQZdIMTsEYowHVjs350xv+oBfGNOK5QHKEUBeU9vxvEbyQTvQ4sIjs4RdncqfPkJJQG90TB95LsBmEIuynhD5NS2S2A3Bk4W0zCRdEugOl6U0+4PeiD3t3DeejWpao55+woEvkItSP8RmiGkGrkj1NavUiGiMNztp94zqD3NAg1RHxRPlW/nf5JjUpwmxRNh2G4lMqxG+zXuRV34FjZmKESsGsrCyXg+WUB0BSkXzVZAuvfHfBnPjrC2yakPKpheSqhBRKMHCUKCZ+ESdDKaGxKX2JYaZuSmUEs=,iv:N8VjPOYF63fa+tpwDaPDz6+hkyiKAvY81yrgcs0QRJE=,tag:qcF8HjEuXdrrzwZ1bxCNyw==,type:str]",
"sops": {
"kms": null,
"gcp_kms": null,
"azure_kv": null,
"hc_vault": null,
"age": [
{
"recipient": "age17pdqkpfh6kc6wm7gxzdnwf6vphlwddv9yfpdu3j76e24y3amd9tq3avfc8",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxdGlGNXBLZFNuenRlOFVt\nRHdXRUplaTNpRWhTamJxODZqV2lhRVE0bWtzCnpjT3VVVk1DUGxiSUhYdjRUb0hR\nZ2Y0dWw3TS83ZWg5Q1RTR215Sm1sVUkKLS0tIGFGNU94WjR3aU42VmpJekI5Szd4\nN2V1Nm1qT0xZWVdCL3lacW1qOTdrRTQKgDypLo9NN6KYO4yR5yXKbyxMP2/jXQ6R\nqM07tmwjJ4e6Cqeb3SyThbezBjBEER8ntaW4TfVlNsoULvtLCMAuKQ==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age155sscpw0x36t6s9usdrz7relpxqrtqnk98mrc7s0qcv2n0v3zd7sfl2xn8",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBjL2NSTnVYY05pcVNyT1g4\nT0hvanphU29Dd0dvMXZ4TjdVV2R4WnpxY1JVCmVQVlcwbE9EbmxPZWhTK3RudUJG\nQVhjZ2lzUmo1VjlNejlLejVkSXZhTFkKLS0tIFpaQ1JtTm9NOWIrWFdlZWlDTXBo\nRFVKNVVyRWlxZWtqUHVsVGFsRUtWeW8KHVaiwFMs7wTn7j/PZXqrpEtEJTTRaFi2\nK65QMNkbB8DCvmO950X+lpCkuCHXpTgI+yvzLgD2zvZurlu6h9zZDg==\n-----END AGE ENCRYPTED FILE-----\n"
}
],
"lastmodified": "2024-04-17T20:38:26Z",
"mac": "ENC[AES256_GCM,data:TbfcsR134LA02u6/bQRHDYev5AcMj0Tq04SyH78eQu+bg5658qdeAcXX5GD6GvgEBR+O4hghzq3pDoQ8BvMIQDI1kx0YTrH0rSs84j60d4Jjw96KmRMIqvFbBHuvzHfw7+6cnNRJ+lvSv4Xca46XSrviu7UvcUGLBklAfZca8Ls=,iv:TfV52tbDfxnmmWgGWTcCwQp3iWL1PYCkvNrqDp55VP8=,tag:LQZI+BLE5a9FaBrRU6cnGg==,type:str]",
"pgp": null,
"unencrypted_suffix": "_unencrypted",
"version": "3.8.1"
}
}

31
sys/profiles/secrets/nixdesk/wireguard.yaml Normal file
View file

@ -0,0 +1,31 @@
PrivateKey: ENC[AES256_GCM,data:4OLJJ190rSspZKGBqpA7aZaRLVEzIjgksjqU6jHX0NvWncB/w5R3s9C3Fw0=,iv:Knn+jsapxttRCnDaokRqXsk5QIkr8zoDNta/4F/Czxo=,tag:V14n+An7kRCjIx9CI17yCg==,type:str]
PresharedKey: ENC[AES256_GCM,data:5HqALbtJQO5Ti/HHE0rcIhDhe1k2+w9zctgKuaMW77Nbi9Tzp1NWzKh0mOw=,iv:spuk2ARDIcxHndzvuGprsNkafH/ODdDJCTXoRaflKCQ=,tag:2GybJv7z69P2AE0eOh/Nhg==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age17pdqkpfh6kc6wm7gxzdnwf6vphlwddv9yfpdu3j76e24y3amd9tq3avfc8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBsUXo0SGhieVdkREZqUzZQ
Sk1mQXJ5U2ZnTXlHSG5UQnlXYnh4clFjRGw0Clh5S2ZXQkltUXhhY2x3NWo5VVBp
SXBtWWwvbW50WTVoWFJ3TmQwZXVmeFEKLS0tIDErQXBiYjg4VzVrTzkvTW5ORmtJ
cUxubFFNVWRLRW5QOHl4MDVodHNVVzQK76+hxVKXLRPcP2B9oNsS7sDdd5TvcV9x
D6wiytAnk9Z1PvwwWkIUMg4CJPLmf4iBsnT/EBNQyWuOiVe023OrcA==
-----END AGE ENCRYPTED FILE-----
- recipient: age155sscpw0x36t6s9usdrz7relpxqrtqnk98mrc7s0qcv2n0v3zd7sfl2xn8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBhNWg3Rmd3eWF3MDNPTW05
YlY5OExZbDBQaDkvaWNWbU1LeDloYUxUa0JNCmRHNGxtbDJQK0kxTDd1djZVUjEy
Si92MWxQTGRjRVcwNTZOY20yOUgrelEKLS0tIFYzeGZOeWhqdHRTUlBJR21pOHN6
am1zRUZ1RmEyVWs5MTlZR1hZMWNFakEKZtqE4oWCuruWVKNfqD3Iji8+VP8yF0A3
NwmAuhKV6qUXoYVHSvnINONtSeGO0sjwHTLBi0HnpjNd/iSvsX7B8w==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-02-28T20:22:52Z"
mac: ENC[AES256_GCM,data:G2JGvYM6fCQSz+e7Nz+/cyBqEGaXNtxxc3UsQvSqgHV3iNhmkUrdO95o3tS2Hq4jedwXrw6WDwsZ8YnYFl+nv56vu19BdupDuHlmRcl0phw5NVk43Rxa8qzJ0HoeUSEfxXaKwSmjWgWT2ZUWq2hY5D19gdL703H22W/H8opBEzw=,iv:1gaRfhenp7be6eoZYx/OOU+VhAcGLnbQHppmuKW1jXk=,tag:Tgg5pUoryB3aqeAponPPkA==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.8.1

10
sys/profiles/services/default.nix Normal file
View file

@ -0,0 +1,10 @@
{
services = {
dbus.implementation = "broker";
psd = {
enable = true;
resyncTimer = "10m";
};
};
}

3
sys/profiles/services/flatpak.nix Normal file
View file

@ -0,0 +1,3 @@
{
services.flatpak.enable = true;
}

12
sys/profiles/services/gnome-services.nix Normal file
View file

@ -0,0 +1,12 @@
{pkgs, ...}: {
services = {
dbus.packages = with pkgs; [
gcr
gnome.gnome-settings-daemon
];
gnome.gnome-keyring.enable = true;
gvfs.enable = true;
};
}

27
sys/profiles/services/pipewire.nix Normal file
View file

@ -0,0 +1,27 @@
{lib, ...}: {
services.pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
jack.enable = true;
pulse.enable = true;
# https://wiki.archlinux.org/title/PipeWire#Noticeable_audio_delay_or_audible_pop/crack_when_starting_playback
wireplumber.extraConfig."51-disable-suspension.conf" = {
"monitor.alsa.rules" = lib.singleton {
matches = [
{"node.name" = "~alsa_input.*";}
{"node.name" = "~alsa_output.*";}
];
actions.update-props."session.suspend-timeout.seconds" = 0;
};
"monitor.bluez.rules" = lib.singleton {
matches = [
{"node.name" = "~bluez_input.*";}
{"node.name" = "~bluez_output.*";}
];
actions.update-props."session.suspend-timeout-seconds" = 0;
};
};
};
}

7
sys/profiles/services/sunshine.nix Normal file
View file

@ -0,0 +1,7 @@
{
services.sunshine = {
enable = true;
capSysAdmin = true;
openFirewall = true;
};
}

56
sys/profiles/services/syncthing.nix Normal file
View file

@ -0,0 +1,56 @@
let
devices = {
"nixdesk" = {
id = "XXABQZC-CO6OM2E-EMB3QIJ-NF5I3WU-CCQPPRY-7BX4ZSS-WIU4WW2-WXFWVQR";
autoAcceptFolders = true;
};
"redmi-note-10-pro" = {
id = "WJPE56U-56LPOYB-IAENGSW-IFQ4A6J-66JX73I-ONXX4PY-QXJK6IF-UZHVWA7";
autoAcceptFolders = true;
};
"hopper" = {
id = "DK3RPET-ACMULD2-TLQS6YM-XWUMS3N-JRNDNME-YTM3H4X-P7QVUKB-N3PL5QF";
autoAcceptFolders = true;
};
"school-probook" = {
id = "ZYNRRWE-SIJLPMQ-5LJDWCY-BF5VMRM-FQRFEW4-L7PKA23-HVJADTV-FZYRSQM";
autoAcceptFolders = true;
};
};
in {
services.syncthing = {
enable = true;
openDefaultPorts = true;
user = "xun";
group = "users";
dataDir = "/home/xun/.local/share/syncthing";
configDir = "/home/xun/.config/syncthing";
overrideDevices = true;
settings = {
inherit devices;
folders = {
"~/secrets" = {
devices = builtins.attrNames devices;
versioning = {
type = "trashcan";
params.cleanoutDays = "180";
};
id = "sfw9y-yusup";
};
"~/docs/xun-megavault" = {
devices = builtins.attrNames devices;
id = "1zkf-wf5r";
versioning = {
type = "simple";
params.keep = "15";
};
};
};
};
settings.options.urAccepted = -1; # disable usage reporting
settings.gui.insecureSkipHostcheck = true;
settings.gui.insecureAdminAccess = true;
};
}

6
sys/profiles/services/virt-manager.nix Normal file
View file

@ -0,0 +1,6 @@
{pkgs, ...}: {
virtualisation.libvirtd.enable = true;
programs.virt-manager.enable = true;
boot.kernelParams = ["amd_iommu=on" "iommu=pt"];
environment.systemPackages = [pkgs.libvirt];
}

3
sys/profiles/services/waydroid.nix Normal file
View file

@ -0,0 +1,3 @@
{
virtualisation.waydroid.enable = true;
}

11
sys/profiles/services/xdg-portals.nix Normal file
View file

@ -0,0 +1,11 @@
{pkgs, ...}: {
xdg.portal = {
enable = true;
extraPortals = with pkgs; [
xdg-desktop-portal-gtk
];
config = {
common.default = ["gtk"];
};
};
}

31
sys/profiles/themes/dark.nix Normal file
View file

@ -0,0 +1,31 @@
{
pkgs,
self,
...
}: {
stylix = {
enable = true;
autoEnable = true;
base16Scheme = "${pkgs.base16-schemes}/share/themes/da-one-black.yaml";
image = pkgs.fetchurl {
url = "https://i.imgur.com/j9xld8Y.png";
hash = "sha256-ou7+S4QFC7Gabbwv9PKcQLLT/1J26FJM7qRVbjLUoRU=";
};
polarity = "dark";
cursor = {
package = pkgs.whitesur-cursors;
name = "whitesur-cursors";
size = 16;
};
fonts = {
sizes = {
terminal = 9;
applications = 10;
};
};
};
fonts.packages = [
self.packages.${pkgs.system}.cartograph-cf
];
}