BeiNacht/nixos-config
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: BeiNacht:f6d28652115e981e0b9eb3b43b32c122eb15d4b2
Branches Tags
BeiNacht:master
...
compare: BeiNacht:ebfe4861e276eff0a043524656525340cabacf18
Branches Tags
BeiNacht:master

10 Commits
f6d2865211 ... ebfe4861e2

Author SHA1 Message Date
Alexander Szczepanski
ebfe4861e2 desktop-2025-01-10-08-26-55 2025-01-10 08:26:55 +01:00
Alexander Szczepanski
2400313d72 nixos-virtualbox-2025-01-06-22-20-04 2025-01-06 22:20:04 +01:00
Alexander Szczepanski
13714539c9 thinkpad-2025-01-06-10-40-25 2025-01-06 10:40:25 +01:00
Alexander Szczepanski
8b4ff06e92 framework-2025-01-06-00-56-35 2025-01-06 00:56:35 +01:00
Alexander Szczepanski
0c187430b1 framework-2025-01-01-06-41-24 2025-01-01 06:41:24 +01:00
Alexander Szczepanski
ab67992865 vps-arm-2024-12-28-11-17-27 2024-12-28 11:17:28 +01:00
Alexander Szczepanski
291f04004e mini-2024-12-26-14-02-54 2024-12-26 14:02:54 +01:00
Alexander Szczepanski
ff6f7bf20d vps-arm-2024-12-25-13-44-28 2024-12-25 13:44:28 +01:00
Alexander Szczepanski
b0e8dd0537 framework-2024-12-25-13-24-49 2024-12-25 13:24:49 +01:00
Alexander Szczepanski
82abd6355c framework-2024-12-25-12-37-33 2024-12-25 12:38:38 +01:00
25 changed files with 614 additions and 345 deletions
Expand all files Collapse all files

4
.sops.yaml
View File

@ -8,6 +8,7 @@ keys:
- &mini age1hdv2nz7r5fv6glq7jac27uf864t2668a97ptx52q57yfg4jd7ypqkag7wd
- &nixos-virtualbox age1zs6k39g6kz740z3p9f0r2tc8dwn677zn3v5963g42p6lsljh7y0qzfn9ql
- &nixos-vm age120fg86wv7vrcw6aeuunkzr7nerpwg8w0vu08xp8v8feqawtzqquq4763cw
- &thinkpad age1dmkhlzvxemlufsydaed7vajm4cdpjwmqj3pmpvlljkjzlck8t4rswwph4j
creation_rules:
- path_regex: secrets.yaml$
key_groups:
@ -19,7 +20,8 @@ creation_rules:
- *mini
- *nixos-virtualbox
- *nixos-vm
- path_regex: secrets-desktop.y`aml$
- *thinkpad
- path_regex: secrets-desktop.yaml$
key_groups:
- age:
- *alex

2
README.md
View File

@ -6,7 +6,7 @@
```
nix flake update .
nix flake update
sudo mergerfs -o cache.files=partial,dropcacheonclose=true,category.create=mfs /run/media/alex/disk1:/run/media/alex/disk2:/run/media/alex/disk3 /home/alex/shared/raid

68
configs/common-linux.nix
View File

@ -31,44 +31,44 @@
supportedFilesystems = ["ntfs" "btrfs"];
initrd = {
# postDeviceCommands = pkgs.lib.mkBefore ''
# mkdir -p /mnt
postDeviceCommands = pkgs.lib.mkBefore ''
mkdir -p /mnt
# # We first mount the btrfs root to /mnt
# # so we can manipulate btrfs subvolumes.
# mount -o subvol=/ /dev/mapper/lvm-root /mnt
# We first mount the btrfs root to /mnt
# so we can manipulate btrfs subvolumes.
mount -o subvol=/ /dev/mapper/lvm-root /mnt
# # While we're tempted to just delete /root and create
# # a new snapshot from /root-blank, /root is already
# # populated at this point with a number of subvolumes,
# # which makes `btrfs subvolume delete` fail.
# # So, we remove them first.
# #
# # /root contains subvolumes:
# # - /root/var/lib/portables
# # - /root/var/lib/machines
# #
# # I suspect these are related to systemd-nspawn, but
# # since I don't use it I'm not 100% sure.
# # Anyhow, deleting these subvolumes hasn't resulted
# # in any issues so far, except for fairly
# # benign-looking errors from systemd-tmpfiles.
# btrfs subvolume list -o /mnt/root |
# cut -f9 -d' ' |
# while read subvolume; do
# echo "deleting /$subvolume subvolume..."
# btrfs subvolume delete "/mnt/$subvolume"
# done &&
# echo "deleting /root subvolume..." &&
# btrfs subvolume delete /mnt/root
# While we're tempted to just delete /root and create
# a new snapshot from /root-blank, /root is already
# populated at this point with a number of subvolumes,
# which makes `btrfs subvolume delete` fail.
# So, we remove them first.
#
# /root contains subvolumes:
# - /root/var/lib/portables
# - /root/var/lib/machines
#
# I suspect these are related to systemd-nspawn, but
# since I don't use it I'm not 100% sure.
# Anyhow, deleting these subvolumes hasn't resulted
# in any issues so far, except for fairly
# benign-looking errors from systemd-tmpfiles.
btrfs subvolume list -o /mnt/root |
cut -f9 -d' ' |
while read subvolume; do
echo "deleting /$subvolume subvolume..."
btrfs subvolume delete "/mnt/$subvolume"
done &&
echo "deleting /root subvolume..." &&
btrfs subvolume delete /mnt/root
# echo "restoring blank /root subvolume..."
# btrfs subvolume snapshot /mnt/root-blank /mnt/root
echo "restoring blank /root subvolume..."
btrfs subvolume snapshot /mnt/root-blank /mnt/root
# # Once we're done rolling back to a blank snapshot,
# # we can unmount /mnt and continue on the boot process.
# umount /mnt
# '';
# Once we're done rolling back to a blank snapshot,
# we can unmount /mnt and continue on the boot process.
umount /mnt
'';
};
};

65
configs/filesystem.nix Normal file
View File

@ -0,0 +1,65 @@
{
fileSystems = {
"/" = {
fsType = "btrfs";
options = [
"subvol=root"
"discard=async"
"compress=zstd"
"nodiratime"
"noatime"
];
};
"/home" = {
fsType = "btrfs";
options = [
"subvol=home"
"discard=async"
"compress=zstd"
"nodiratime"
"noatime"
];
};
"/nix" = {
fsType = "btrfs";
options = [
"subvol=nix"
"discard=async"
"compress=zstd"
"nodiratime"
"noatime"
];
};
"/persist" = {
fsType = "btrfs";
options = [
"subvol=persist"
"discard=async"
"compress=zstd"
"nodiratime"
"noatime"
];
neededForBoot = true;
};
"/var/log" = {
fsType = "btrfs";
options = [
"subvol=log"
"discard=async"
"compress=zstd"
"nodiratime"
"noatime"
];
neededForBoot = true;
};
"/boot" = {
fsType = "vfat";
options = ["fmask=0022" "dmask=0022"];
};
};
}

25
configs/libvirtd.nix Normal file
View File

@ -0,0 +1,25 @@
{pkgs, ...}: {
users.extraGroups.libvirtd.members = ["alex"];
virtualisation = {
libvirtd = {
enable = true;
# Used for UEFI boot of Home Assistant OS guest image
qemu.ovmf.enable = true;
};
};
environment = {
systemPackages = with pkgs; [
# For virt-install
virt-manager
# For lsusb
usbutils
];
persistence."/persist" = {
directories = [
"/var/lib/libvirt"
];
};
};
}

2
configs/plasma.nix
View File

@ -52,7 +52,7 @@
kdiskmark
maliit-keyboard
deskflow
# deskflow
];
persistence."/persist" = {

40
configs/services/grafana.nix Normal file
View File

@ -0,0 +1,40 @@
{
config,
lib,
pkgs,
...
}: {
services = {
nginx = {
virtualHosts = {
"grafana.szczepan.ski" = {
forceSSL = true;
enableACME = true;
locations = {
"/" = {
proxyPass = "http://${toString config.services.grafana.settings.server.http_addr}:${toString config.services.grafana.settings.server.http_port}";
proxyWebsockets = true;
recommendedProxySettings = true;
};
};
};
};
};
grafana = {
enable = true;
settings = {
server = {
# Listening Address
http_addr = "127.0.0.1";
# and Port
http_port = 3005;
# Grafana needs to know on which domain and URL it's running
domain = "grafana.szczepan.ski";
# root_url = "https://grafana.szczepan.ski/"; # Not needed if it is `https://your.domain/`
# serve_from_sub_path = true;
};
};
};
};
}

2
configs/user-gui.nix
View File

@ -61,6 +61,8 @@
# kdenlive
# shotcut
telegram-desktop
vorta
kitty

16
configs/user.nix
View File

@ -90,13 +90,15 @@ in {
serverAliveInterval = 60;
forwardAgent = true;
matchBlocks."szczepan.ski" = {hostname = "szczepan.ski";};
matchBlocks."mini" = {hostname = "mini";};
matchBlocks."desktop" = {hostname = "desktop";};
matchBlocks."framework" = {hostname = "framework";};
matchBlocks."nixos-vm" = {
hostname = "127.0.0.1";
port = 1337;
matchBlocks = {
"szczepan.ski" = {hostname = "szczepan.ski";};
"mini" = {hostname = "mini";};
"desktop" = {hostname = "desktop";};
"framework" = {hostname = "framework";};
"nixos-vm" = {
hostname = "127.0.0.1";
port = 1337;
};
};
};

0
configs/virtualization.nix → configs/virtualbox.nix
View File

85
flake.lock generated
View File

@ -5,15 +5,14 @@
"flake-schemas": "flake-schemas",
"home-manager": "home-manager",
"jovian": "jovian",
"nixpkgs": "nixpkgs",
"nixpkgs-small": "nixpkgs-small"
"nixpkgs": "nixpkgs"
},
"locked": {
"lastModified": 1734346739,
"narHash": "sha256-Um5yY36idRodddotyBaI9sQjw/xw5SV6tt3jPRgL330=",
"lastModified": 1736112920,
"narHash": "sha256-MME0HoMWJtk67vW4lop1eTK4//EXJB/hefo6+JbdHZs=",
"owner": "chaotic-cx",
"repo": "nyx",
"rev": "7228d7032f0316dbc69b69584ec07707efbd38c9",
"rev": "aa7b9944e164d9284939b78d05b8cf8df319a5d5",
"type": "github"
},
"original": {
@ -83,11 +82,11 @@
]
},
"locked": {
"lastModified": 1734093295,
"narHash": "sha256-hSwgGpcZtdDsk1dnzA0xj5cNaHgN9A99hRF/mxMtwS4=",
"lastModified": 1736066484,
"narHash": "sha256-uTstP36WaFrw+TEHb8nLF14hFPzQBOhmIxzioHCDaL8=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "66c5d8b62818ec4c1edb3e941f55ef78df8141a8",
"rev": "5ad12b6ea06b84e48f6b677957c74f32d47bdee0",
"type": "github"
},
"original": {
@ -103,11 +102,11 @@
]
},
"locked": {
"lastModified": 1734344598,
"narHash": "sha256-wNX3hsScqDdqKWOO87wETUEi7a/QlPVgpC/Lh5rFOuA=",
"lastModified": 1736089250,
"narHash": "sha256-/LPWMiiJGPHGd7ZYEgmbE2da4zvBW0acmshUjYC3WG4=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "83ecd50915a09dca928971139d3a102377a8d242",
"rev": "172b91bfb2b7f5c4a8c6ceac29fd53a01ef07196",
"type": "github"
},
"original": {
@ -119,11 +118,11 @@
},
"impermanence": {
"locked": {
"lastModified": 1734200366,
"narHash": "sha256-0NursoP4BUdnc+wy+Mq3icHkXu/RgP1Sjo0MJxV2+Dw=",
"lastModified": 1734945620,
"narHash": "sha256-olIfsfJK4/GFmPH8mXMmBDAkzVQ1TWJmeGT3wBGfQPY=",
"owner": "nix-community",
"repo": "impermanence",
"rev": "c6323585fa0035d780e3d8906eb1b24b65d19a48",
"rev": "d000479f4f41390ff7cf9204979660ad5dd16176",
"type": "github"
},
"original": {
@ -141,11 +140,11 @@
]
},
"locked": {
"lastModified": 1734162608,
"narHash": "sha256-m2AX+3eiVqIK6uO7GbGY7SFnkkYOlR5fQiNI0eRvWOQ=",
"lastModified": 1735931035,
"narHash": "sha256-f3WRxasPYVKzrvAlLq+/3FRHQVfxVf5xxf0WWwnO99k=",
"owner": "Jovian-Experiments",
"repo": "Jovian-NixOS",
"rev": "31bdf4c7c91204d65afbde01146deee0259a8fb7",
"rev": "7e530766a5fd9b7577296fedd655f3255f7495d8",
"type": "github"
},
"original": {
@ -162,11 +161,11 @@
"utils": "utils"
},
"locked": {
"lastModified": 1734735212,
"narHash": "sha256-9EJ/XadUCvlKWkLV/YGFFMbjMwi5XZWhW6pbxF/Ytm4=",
"lastModified": 1736087333,
"narHash": "sha256-oNz0gTJfHFysyEXPbSIjUz3KGrQD425Krrfx1S/kBdA=",
"owner": "taj-ny",
"repo": "kwin-effects-forceblur",
"rev": "9a385496e5662f4caca5be463d9c6d5d2ff0fa8e",
"rev": "58e6653603dcccbbc38c582ee5838c536a90807b",
"type": "github"
},
"original": {
@ -182,11 +181,11 @@
]
},
"locked": {
"lastModified": 1733570843,
"narHash": "sha256-sQJAxY1TYWD1UyibN/FnN97paTFuwBw3Vp3DNCyKsMk=",
"lastModified": 1736085891,
"narHash": "sha256-bTl9fcUo767VaSx4Q5kFhwiDpFQhBKna7lNbGsqCQiA=",
"owner": "LnL7",
"repo": "nix-darwin",
"rev": "a35b08d09efda83625bef267eb24347b446c80b8",
"rev": "ba9b3173b0f642ada42b78fb9dfc37ca82266f6c",
"type": "github"
},
"original": {
@ -220,11 +219,11 @@
},
"nixos-hardware": {
"locked": {
"lastModified": 1734352517,
"narHash": "sha256-mfv+J/vO4nqmIOlq8Y1rRW8hVsGH3M+I2ESMjhuebDs=",
"lastModified": 1735388221,
"narHash": "sha256-e5IOgjQf0SZcFCEV/gMGrsI0gCJyqOKShBQU0iiM3Kg=",
"owner": "nixos",
"repo": "nixos-hardware",
"rev": "b12e314726a4226298fe82776b4baeaa7bcf3dcd",
"rev": "7c674c6734f61157e321db595dbfcd8523e04e19",
"type": "github"
},
"original": {
@ -236,11 +235,11 @@
},
"nixpkgs": {
"locked": {
"lastModified": 1734119587,
"narHash": "sha256-AKU6qqskl0yf2+JdRdD0cfxX4b9x3KKV5RqA6wijmPM=",
"lastModified": 1735834308,
"narHash": "sha256-dklw3AXr3OGO4/XT1Tu3Xz9n/we8GctZZ75ZWVqAVhk=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "3566ab7246670a43abd2ffa913cc62dad9cdf7d5",
"rev": "6df24922a1400241dae323af55f30e4318a6ca65",
"type": "github"
},
"original": {
@ -250,29 +249,13 @@
"type": "github"
}
},
"nixpkgs-small": {
"locked": {
"lastModified": 1734838250,
"narHash": "sha256-Xi8ST/QiyuYXc3ujnMYOBuRUaMh6p16XWH6BKARa7xQ=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "da8a31d09dd004be34b5c54eda83f9a27b357726",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable-small",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-unstable": {
"locked": {
"lastModified": 1734119587,
"narHash": "sha256-AKU6qqskl0yf2+JdRdD0cfxX4b9x3KKV5RqA6wijmPM=",
"lastModified": 1736012469,
"narHash": "sha256-/qlNWm/IEVVH7GfgAIyP6EsVZI6zjAx1cV5zNyrs+rI=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "3566ab7246670a43abd2ffa913cc62dad9cdf7d5",
"rev": "8f3e1f807051e32d8c95cd12b9b421623850a34d",
"type": "github"
},
"original": {
@ -302,11 +285,11 @@
]
},
"locked": {
"lastModified": 1733965552,
"narHash": "sha256-GZ4YtqkfyTjJFVCub5yAFWsHknG1nS/zfk7MuHht4Fs=",
"lastModified": 1736064798,
"narHash": "sha256-xJRN0FmX9QJ6+w8eIIIxzBU1AyQcLKJ1M/Gp6lnSD20=",
"owner": "mic92",
"repo": "sops-nix",
"rev": "2d73fc6ac4eba4b9a83d3cb8275096fbb7ab4004",
"rev": "5dc08f9cc77f03b43aacffdfbc8316807773c930",
"type": "github"
},
"original": {

24
flake.nix
View File

@ -105,6 +105,18 @@
];
};
thinkpad = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
specialArgs = {inherit inputs outputs;};
modules = [
impermanence.nixosModules.impermanence
chaotic.nixosModules.default
inputs.nixos-hardware.nixosModules.lenovo-thinkpad-x1-extreme
inputs.sops-nix.nixosModules.sops
./machine/thinkpad/configuration.nix
];
};
mini = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
specialArgs = {inherit inputs outputs;};
@ -125,12 +137,22 @@
./machine/nixos-vm/configuration.nix
];
};
nixos-virtualbox = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
specialArgs = {inherit inputs outputs;};
modules = [
inputs.sops-nix.nixosModules.sops
impermanence.nixosModules.impermanence
./machine/nixos-virtualbox/configuration.nix
];
};
};
darwinConfigurations."MacBook" = nix-darwin.lib.darwinSystem {
system = "aarch64-darwin";
modules = [
./machine/macbook/configuration.nix
./machine/macbook/configuration.nix
# home-manager.darwinModules.home-manager
# {
# home-manager.useGlobalPkgs = true;

12
machine/desktop/configuration.nix
View File

@ -15,7 +15,7 @@ in {
../../configs/games.nix
../../configs/develop.nix
../../configs/hardware.nix
../../configs/virtualization.nix
../../configs/virtualbox.nix
../../configs/plasma.nix
../../configs/user-gui.nix
../../configs/user.nix
@ -36,10 +36,6 @@ in {
owner = config.users.users.alex.name;
group = config.users.users.alex.group;
};
hashedPassword = {
neededForUsers = true;
};
};
};
@ -50,7 +46,6 @@ in {
"big-parallel"
"kvm"
"gccarch-znver3"
# "gccarch-x86-64-v3"
];
max-jobs = 4;
@ -69,6 +64,9 @@ in {
kernelPackages = pkgs.linuxPackages_cachyos;
kernelParams = ["clearcpuid=514" "ip=dhcp"];
kernelModules = ["nct6775"];
kernel.sysctl = {
"vm.nr_hugepages" = 1280;
};
extraModulePackages = with pkgs.linuxPackages_cachyos; [ryzen-smu];
initrd = {
availableKernelModules = ["r8169"];
@ -166,8 +164,6 @@ in {
# cpu.x86.msr = {
# enable = true;
# };
pulseaudio.enable = false;
};
# powerManagement = {

45
machine/desktop/hardware-configuration.nix
View File

@ -7,75 +7,32 @@
}: {
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
../../configs/filesystem.nix
];
fileSystems = {
"/" = {
device = "/dev/disk/by-uuid/87c6b0fb-b921-47d5-a3a1-4b4c0a4f02ad";
fsType = "btrfs";
options = [
"subvol=root"
"discard=async"
"compress=zstd"
"nodiratime"
"noatime"
];
};
"/home" = {
device = "/dev/disk/by-uuid/87c6b0fb-b921-47d5-a3a1-4b4c0a4f02ad";
fsType = "btrfs";
options = [
"subvol=home"
"discard=async"
"compress=zstd"
"nodiratime"
"noatime"
];
};
"/nix" = {
device = "/dev/disk/by-uuid/87c6b0fb-b921-47d5-a3a1-4b4c0a4f02ad";
fsType = "btrfs";
options = [
"subvol=nix"
"discard=async"
"compress=zstd"
"nodiratime"
"noatime"
];
};
"/persist" = {
device = "/dev/disk/by-uuid/87c6b0fb-b921-47d5-a3a1-4b4c0a4f02ad";
fsType = "btrfs";
options = [
"subvol=persist"
"discard=async"
"compress=zstd"
"nodiratime"
"noatime"
];
neededForBoot = true;
};
"/var/log" = {
device = "/dev/disk/by-uuid/87c6b0fb-b921-47d5-a3a1-4b4c0a4f02ad";
fsType = "btrfs";
options = [
"subvol=log"
"discard=async"
"compress=zstd"
"nodiratime"
"noatime"
];
neededForBoot = true;
};
"/boot" = {
device = "/dev/disk/by-uuid/4339-5A4C";
fsType = "vfat";
options = ["fmask=0022" "dmask=0022"];
};
};

4
machine/framework/configuration.nix
View File

@ -15,7 +15,7 @@ in {
../../configs/docker.nix
../../configs/games.nix
../../configs/hardware.nix
../../configs/virtualization.nix
../../configs/virtualbox.nix
../../configs/plasma.nix
../../configs/user-gui.nix
../../configs/user.nix
@ -48,7 +48,7 @@ in {
boot = {
tmp.useTmpfs = false;
kernelPackages = pkgs.linuxPackages_latest;
kernelPackages = pkgs.linuxPackages_6_11;
initrd = {
luks.devices = {

23
machine/framework/hardware-configuration.nix
View File

@ -18,21 +18,16 @@
];
fileSystems = {
# "/" = {
# device = "/dev/disk/by-uuid/20780bfe-5714-4c2f-bf53-7296b76cfbdc";
# fsType = "btrfs";
# options = [
# "subvol=root"
# "discard=async"
# "compress=zstd"
# "nodiratime"
# "noatime"
# ];
# };
"/" = {
device = "none";
fsType = "tmpfs";
options = ["defaults" "size=16G" "mode=755"];
device = "/dev/disk/by-uuid/20780bfe-5714-4c2f-bf53-7296b76cfbdc";
fsType = "btrfs";
options = [
"subvol=root"
"discard=async"
"compress=zstd"
"nodiratime"
"noatime"
];
};
"/home" = {
device = "/dev/disk/by-uuid/20780bfe-5714-4c2f-bf53-7296b76cfbdc";

11
machine/mini/configuration.nix
View File

@ -8,8 +8,9 @@
imports = [
./hardware-configuration.nix
../../configs/borg.nix
../../configs/docker.nix
../../configs/common-linux.nix
../../configs/docker.nix
../../configs/libvirtd.nix
../../configs/user.nix
];
@ -51,9 +52,13 @@
useDHCP = false;
firewall = {enable = false;};
interfaces = {
enp3s0.useDHCP = true;
br0 = {
useDHCP = true;
};
};
bridges.br0.interfaces = ["enp3s0"];
nftables.enable = true;
};
@ -96,7 +101,7 @@
};
locate = {
prunePaths = [ "/mnt" "/nix" ];
prunePaths = ["/mnt" "/nix"];
};
};

17
machine/mini/hardware-configuration.nix
View File

@ -1,10 +1,5 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{
config,
lib,
pkgs,
modulesPath,
...
}: {
@ -12,10 +7,14 @@
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = ["ahci" "xhci_pci" "usbhid" "usb_storage" "sd_mod" "sr_mod"];
boot.initrd.kernelModules = ["dm-snapshot"];
boot.kernelModules = ["kvm-intel"];
boot.extraModulePackages = [];
boot = {
initrd = {
availableKernelModules = ["ahci" "xhci_pci" "usbhid" "usb_storage" "sd_mod" "sr_mod"];
kernelModules = ["dm-snapshot"];
};
kernelModules = ["kvm-intel"];
};
fileSystems = {
"/" = {

74
machine/nixos-virtualbox/configuration.nix
View File

@ -17,15 +17,8 @@
validateSopsFiles = true;
age = {
sshKeyPaths = ["/persist/etc/ssh/ssh_host_ed25519_key"];
keyFile = "/var/lib/sops-nix/key.txt";
generateKey = true;
};
secrets = {
hashedPassword = {
neededForUsers = true;
};
};
};
time.timeZone = "Europe/Berlin";
@ -33,7 +26,43 @@
boot = {
initrd = {
enable = true;
supportedFilesystems = ["btrfs"];
postResumeCommands = lib.mkAfter ''
mkdir -p /mnt
# We first mount the btrfs root to /mnt
# so we can manipulate btrfs subvolumes.
mount -o subvol=/ /dev/sda2 /mnt
# While we're tempted to just delete /root and create
# a new snapshot from /root-blank, /root is already
# populated at this point with a number of subvolumes,
# which makes `btrfs subvolume delete` fail.
# So, we remove them first.
#
# /root contains subvolumes:
# - /root/var/lib/portables
# - /root/var/lib/machines
#
# I suspect these are related to systemd-nspawn, but
# since I don't use it I'm not 100% sure.
# Anyhow, deleting these subvolumes hasn't resulted
# in any issues so far, except for fairly
# benign-looking errors from systemd-tmpfiles.
btrfs subvolume list -o /mnt/root |
cut -f9 -d' ' |
while read subvolume; do
echo "deleting /$subvolume subvolume..."
btrfs subvolume delete "/mnt/$subvolume"
done &&
echo "deleting /root subvolume..." &&
btrfs subvolume delete /mnt/root
echo "restoring blank /root subvolume..."
btrfs subvolume snapshot /mnt/root-blank /mnt/root
# Once we're done rolling back to a blank snapshot,
# we can unmount /mnt and continue on the boot process.
umount /mnt
'';
};
};
@ -42,14 +71,31 @@
hostName = "nixos-virtualbox"; # Define your hostname.
};
nix.settings = {
system-features = [
"nixos-test"
"benchmark"
"big-parallel"
"gccarch-znver3"
];
trusted-substituters = ["https://ai.cachix.org"];
trusted-public-keys = ["ai.cachix.org-1:N9dzRK+alWwoKXQlnn0H6aUx0lU/mspIoz8hMvGvbbc="];
};
# nixpkgs.localSystem = {
# gcc.arch = "znver3";
# gcc.tune = "znver3";
# system = "x86_64-linux";
# };
programs.nix-ld.enable = true;
# services = {
# k3s = {
# enable = true;
# role = "server";
# };
# };
services = {
# k3s = {
# enable = true;
# role = "server";
# };
};
system.stateVersion = "24.11";
}

76
machine/nixos-virtualbox/hardware-configuration.nix
View File

@ -1,56 +1,48 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{
config,
lib,
pkgs,
modulesPath,
...
}: {
imports = [];
boot.initrd.availableKernelModules = ["ata_piix" "ohci_pci" "ehci_pci" "ahci" "sd_mod" "sr_mod"];
boot.initrd.kernelModules = [];
boot.kernelModules = [];
boot.extraModulePackages = [];
fileSystems."/" = {
device = "/dev/disk/by-uuid/3719ec05-eb90-455f-98c0-0313c0bcb964";
fsType = "btrfs";
options = ["subvol=root" "compress=zstd" "noatime"];
};
fileSystems = {
"/" = {
device = "/dev/disk/by-uuid/3719ec05-eb90-455f-98c0-0313c0bcb964";
fsType = "btrfs";
options = ["subvol=root" "compress=zstd" "noatime"];
};
fileSystems."/home" = {
device = "/dev/disk/by-uuid/3719ec05-eb90-455f-98c0-0313c0bcb964";
fsType = "btrfs";
options = ["subvol=home" "compress=zstd" "noatime"];
};
"/home" = {
device = "/dev/disk/by-uuid/3719ec05-eb90-455f-98c0-0313c0bcb964";
fsType = "btrfs";
options = ["subvol=home" "compress=zstd" "noatime"];
};
fileSystems."/nix" = {
device = "/dev/disk/by-uuid/3719ec05-eb90-455f-98c0-0313c0bcb964";
fsType = "btrfs";
options = ["subvol=nix" "compress=zstd" "noatime"];
};
"/nix" = {
device = "/dev/disk/by-uuid/3719ec05-eb90-455f-98c0-0313c0bcb964";
fsType = "btrfs";
options = ["subvol=nix" "compress=zstd" "noatime"];
};
fileSystems."/persist" = {
device = "/dev/disk/by-uuid/3719ec05-eb90-455f-98c0-0313c0bcb964";
fsType = "btrfs";
options = ["subvol=persist" "compress=zstd" "noatime"];
neededForBoot = true;
};
"/persist" = {
device = "/dev/disk/by-uuid/3719ec05-eb90-455f-98c0-0313c0bcb964";
fsType = "btrfs";
options = ["subvol=persist" "compress=zstd" "noatime"];
neededForBoot = true;
};
fileSystems."/var/log" = {
device = "/dev/disk/by-uuid/3719ec05-eb90-455f-98c0-0313c0bcb964";
fsType = "btrfs";
options = ["subvol=log" "compress=zstd" "noatime"];
neededForBoot = true;
};
"/var/log" = {
device = "/dev/disk/by-uuid/3719ec05-eb90-455f-98c0-0313c0bcb964";
fsType = "btrfs";
options = ["subvol=log" "compress=zstd" "noatime"];
neededForBoot = true;
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/6F47-35E9";
fsType = "vfat";
options = ["fmask=0022" "dmask=0022"];
"/boot" = {
device = "/dev/disk/by-uuid/6F47-35E9";
fsType = "vfat";
options = ["fmask=0022" "dmask=0022"];
};
};
swapDevices = [];
@ -62,6 +54,6 @@
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.enp0s3.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
# nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
virtualisation.virtualbox.guest.enable = true;
}

87
machine/thinkpad/configuration.nix Normal file
View File

@ -0,0 +1,87 @@
{
config,
pkgs,
inputs,
outputs,
...
}: {
imports = [
./hardware-configuration.nix
# ../../configs/borg.nix
../../configs/common-linux.nix
../../configs/docker.nix
../../configs/libvirtd.nix
../../configs/user.nix
];
sops = {
defaultSopsFile = ../../secrets/secrets-mini.yaml;
};
boot = {
initrd = {
luks.devices = {
root = {
device = "/dev/disk/by-uuid/7f2eb00d-49d8-416f-a742-5af5ce871483";
preLVM = true;
};
};
};
kernelPackages = pkgs.linuxPackages_latest;
# extraModulePackages = with pkgs.linuxPackages_latest; [rtl88x2bu];
};
time.timeZone = "Europe/Berlin";
networking = {
hostName = "thinkpad";
useDHCP = true;
firewall = {enable = false;};
# interfaces = {
# br0 = {
# useDHCP = true;
# };
# };
# bridges.br0.interfaces = ["enp3s0"];
nftables.enable = true;
wireless = {
enable = true;
networks.Skynet-mobil.psk = "***";
interfaces = [ "wlp0s20f3" ];
};
};
environment = {
# systemPackages = with pkgs; [
# nyx
# snapraid
# mergerfs
# ];
# persistence."/persist" = {
# directories = [
# # "/var/lib/docker"
# "/var/lib/tor"
# ];
# };
};
hardware = {
enableAllFirmware = true;
};
services = {
locate = {
prunePaths = ["/mnt" "/nix"];
};
};
powerManagement = {
enable = true;
powertop.enable = true;
# cpuFreqGovernor = "powersave";
};
system.stateVersion = "24.11";
}

71
machine/thinkpad/hardware-configuration.nix Normal file
View File

@ -0,0 +1,71 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{
config,
lib,
pkgs,
modulesPath,
...
}: {
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = ["xhci_pci" "nvme" "usb_storage" "sd_mod"];
boot.initrd.kernelModules = ["dm-snapshot"];
boot.kernelModules = ["kvm-intel"];
fileSystems."/" = {
device = "/dev/disk/by-uuid/6de51510-623b-4ae4-b0ba-a319057eb6ea";
fsType = "btrfs";
options = ["subvol=root"];
};
fileSystems."/home" = {
device = "/dev/disk/by-uuid/6de51510-623b-4ae4-b0ba-a319057eb6ea";
fsType = "btrfs";
options = ["subvol=home"];
};
fileSystems."/nix" = {
device = "/dev/disk/by-uuid/6de51510-623b-4ae4-b0ba-a319057eb6ea";
fsType = "btrfs";
options = ["subvol=nix"];
};
fileSystems."/persist" = {
device = "/dev/disk/by-uuid/6de51510-623b-4ae4-b0ba-a319057eb6ea";
fsType = "btrfs";
options = ["subvol=persist"];
neededForBoot = true;
};
fileSystems."/var/log" = {
device = "/dev/disk/by-uuid/6de51510-623b-4ae4-b0ba-a319057eb6ea";
fsType = "btrfs";
options = ["subvol=log"];
neededForBoot = true;
};
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/7785-083C";
fsType = "vfat";
options = [ "fmask=0022" "dmask=0022" ];
};
swapDevices = [
{device = "/dev/disk/by-uuid/ded22b9d-440d-46d8-8246-b52deca7a49c";}
];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.enp0s31f6.useDHCP = lib.mkDefault true;
# networking.interfaces.wlp0s20f3.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

46
machine/vps-arm/configuration.nix
View File

@ -11,7 +11,7 @@
../../configs/common-linux.nix
../../configs/docker.nix
../../configs/user.nix
# ../../configs/borg.nix
../../configs/borg.nix
../../configs/services/adguardhome.nix
../../configs/services/atuin.nix
@ -19,6 +19,7 @@
../../configs/services/frigate.nix
../../configs/services/gitea.nix
../../configs/services/goaccess.nix
../../configs/services/grafana.nix
../../configs/services/headscale.nix
../../configs/services/immich.nix
../../configs/services/nextcloud.nix
@ -103,6 +104,7 @@
tor -f ${torRc} &
'';
};
luks.devices = {
root = {
device = "/dev/disk/by-uuid/cad303e1-16d8-4c15-b6c6-1f5bfc498419";
@ -209,6 +211,7 @@
enableACME = true;
globalRedirect = "alexander.szczepan.ski";
};
"alexander.szczepan.ski" = {
forceSSL = true;
enableACME = true;
@ -255,39 +258,14 @@
};
};
# borgbackup.jobs.home = rec {
# compression = "auto,zstd";
# encryption = {
# mode = "repokey-blake2";
# passCommand = "cat ${config.sops.secrets.borg-key.path}";
# };
# extraCreateArgs = "--stats --verbose --checkpoint-interval=600 --exclude-caches";
# extraPruneArgs = [
# "--save-space"
# "--stats"
# ];
# extraCompactArgs = [
# "--cleanup-commits"
# ];
# environment = {
# BORG_RSH = "ssh -i /home/alex/.ssh/id_borg_rsa";
# BORG_BASE_DIR = "/persist/borg";
# };
# readWritePaths = ["/persist/borg"];
# paths = ["/home/alex" "/persist"];
# repo = "ssh://u278697-sub3@u278697.your-storagebox.de:23/./borg-arm";
# startAt = "daily";
# prune.keep = {
# daily = 7;
# weekly = 4;
# monthly = 6;
# };
# exclude = [
# "/home/alex/mounted"
# "/home/alex/.cache"
# "/persist/borg"
# ];
# };
borgbackup.jobs.all = rec {
repo = "ssh://u278697-sub3@u278697.your-storagebox.de:23/./borg";
exclude = [
"/home/alex/mounted"
"/home/alex/.cache"
"/persist/borg"
];
};
journald = {extraConfig = "SystemMaxUse=10G";};
};

81
machine/vps-arm/hardware-configuration.nix
View File

@ -1,8 +1,4 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{
config,
lib,
pkgs,
modulesPath,
@ -12,57 +8,54 @@
(modulesPath + "/profiles/qemu-guest.nix")
];
boot.initrd.availableKernelModules = ["xhci_pci" "virtio_scsi" "sr_mod"];
boot.initrd.kernelModules = ["dm-snapshot"];
boot.kernelModules = [];
boot.extraModulePackages = [];
fileSystems."/" = {
device = "/dev/disk/by-uuid/224bc309-572c-4771-b66e-25d5e13c4917";
fsType = "btrfs";
options = ["subvol=root"];
boot.initrd = {
availableKernelModules = ["xhci_pci" "virtio_scsi" "sr_mod"];
kernelModules = ["dm-snapshot"];
};
fileSystems."/home" = {
device = "/dev/disk/by-uuid/224bc309-572c-4771-b66e-25d5e13c4917";
fsType = "btrfs";
options = ["subvol=home"];
};
fileSystems = {
"/" = {
device = "/dev/disk/by-uuid/224bc309-572c-4771-b66e-25d5e13c4917";
fsType = "btrfs";
options = ["subvol=root"];
};
fileSystems."/nix" = {
device = "/dev/disk/by-uuid/224bc309-572c-4771-b66e-25d5e13c4917";
fsType = "btrfs";
options = ["subvol=nix"];
};
"/home" = {
device = "/dev/disk/by-uuid/224bc309-572c-4771-b66e-25d5e13c4917";
fsType = "btrfs";
options = ["subvol=home"];
};
fileSystems."/persist" = {
device = "/dev/disk/by-uuid/224bc309-572c-4771-b66e-25d5e13c4917";
fsType = "btrfs";
options = ["subvol=persist"];
neededForBoot = true;
};
"/nix" = {
device = "/dev/disk/by-uuid/224bc309-572c-4771-b66e-25d5e13c4917";
fsType = "btrfs";
options = ["subvol=nix"];
};
fileSystems."/var/log" = {
device = "/dev/disk/by-uuid/224bc309-572c-4771-b66e-25d5e13c4917";
fsType = "btrfs";
options = ["subvol=log"];
neededForBoot = true;
};
"/persist" = {
device = "/dev/disk/by-uuid/224bc309-572c-4771-b66e-25d5e13c4917";
fsType = "btrfs";
options = ["subvol=persist"];
neededForBoot = true;
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/DE94-E9C1";
fsType = "vfat";
options = ["fmask=0022" "dmask=0022"];
};
"/var/log" = {
device = "/dev/disk/by-uuid/224bc309-572c-4771-b66e-25d5e13c4917";
fsType = "btrfs";
options = ["subvol=log"];
neededForBoot = true;
};
"/boot" = {
device = "/dev/disk/by-uuid/DE94-E9C1";
fsType = "vfat";
options = ["fmask=0022" "dmask=0022"];
};
};
swapDevices = [
{device = "/dev/disk/by-uuid/3c63b075-76ca-403f-bf75-53269b6bf4fa";}
];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.enp7s0.useDHCP = lib.mkDefault true;

79
secrets/secrets.yaml
View File

@ -8,65 +8,74 @@ sops:
- recipient: age1gjhlw6vkfers3f76yug3alwupe4jckjhg8ncr8kll5gj5g6wlqtqacqa73
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxaVdQQXdOV1ZVSDVUdDBy
ODAzN3RYRi9Sd0pHUlh6bVVwclkwM0daQzNrClZEdU1CYktMQVZ2enBMbFdsTmZ2
SHVRekpwWjlJdm9XNnVrUWZGdncxK2cKLS0tIFhRalByNG1GUy9kTVRqaHBpSUJu
N3hmdFhLU1V1UUJ2SzBYOGk2LzVwb3MKBDHXy9Y5sSlDhmHUoiDdWhStxCiNq0fX
ef6GNTfFWWMT1eigq2av8u/xzUJ0kkUARkcWe14O7EGDga0Lij0ixg==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2ek9ZNkl2cHlsWDJkbkdE
Q2d6a1diWnBHZlNPcmsyYnhnWkhPczJDMDNZCktFclNCVm42MjJDTWE0enI2UzUv
Mi9LYTFqVmhqQ2Vmc1BPRGZMMm9wQ0kKLS0tIHlnSGtNbGxhL1pDK0U2YnNWSWJp
aFUwWDRTS3U1TnU0TVpJaExQNmM1ZlUKDF3TuqTmdWJvlnElL0nHu4/cRx4LAqRA
0/VuwZHdSW1P/Pm06K+OE3Q2hzVYEux/NNduI4gxJLXtL7s3Ux0IsA==
-----END AGE ENCRYPTED FILE-----
- recipient: age1m873zl0umr6huvs7ft98t7dg3wqx7skzgdrd6vjzeh8h6kkgdghsy5atvx
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAzZitER241elRYZHZnRmhY
WUZYN3VCSmlUbHgvMzFXYXpJTCtJOEg3Nm5VCktXOGVsSitsUktkSmZaOWxHcWdx
NEV0dndsRmIxUVZFTUEwS1RIWXdMMmsKLS0tIEo1WnhrR0dCRVVWc3VTVndueEFY
eUFPbEdZa0tnYnYra3dUdE14SHZLdGsKny/grhc64lPMDdJLvHPCHn7ZMPtNksI7
dvRALhDGEgbTfJR4wEZJumx56wZbak+vI3sNYo/RXDggRrKmJCUrDA==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBzUjhuWXk1aTZMdW5rQUVh
aFFsZFJNRFZKcnh6L2pVUjZ4Zy95bGlvdWc4Cng3bmNYbmkzTzc3QlJYRjAwT3Bl
MXV6NjkvY3BteXdacHl6SDIvSU40OTgKLS0tIGp6MGFnNHd1VXdVVDJnVlJnVzZx
b1VpWWd3NlFUR0dLVTVBa3VQaXJXT0EKLjEPsu9vYGEzKq0A9zD4WfMUUFXJ5a2G
KmTdOMS+mE3QMbUSWOujBMw7dmfevfhNtknjfKHJzOBfzRIlmGXqBA==
-----END AGE ENCRYPTED FILE-----
- recipient: age1hcnyvwydfrhl9sz0dv4j5dsv2jzwmxvvhq6w7ejy0y5yxuj034es08gz9s
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNUUROaDkwTVdhellISUQ4
OVNpNUtKUm9OMk1HVVp3TmZlYVRtYTZoQUJJCnhuMG12djd1OXF2RzZjaDFCM1R2
TDNTQU11OFRjdXl5eTlKc1FmUUpJeDAKLS0tIGxQQVlKRTQ4c0xkOTlaUXVIT2Va
bGkrS0lQWE1FdEhnc0x0K0lKKzAzbjgKkOcHJJBS1XfoL2TzseFZTmeJXYXeSK7r
LiBegZy714nyf/AS+b2sNC9uu3oLsjF/Ro4uyLP3Ti81E+pJeU/ImA==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKM0d4bktNdTYzRkxscTQ5
RGtHZzN6Vmg2ditjQzU5ZkJIbnl4aGFkZXhzClF4SlRCcTk2a0szblBoMVJMS0tU
bmJPa0ppUUVmTW54NVpob3hMbzA4dDQKLS0tIGY3YzRkcVEwcXFYbEFRNGdoaHdi
Yjl5d0hFcmVaaStIbFRGeHRld09WcU0KdbvLVxfhkcIDpiAz2rnmmEYOTUzeKV0R
VyOfNBDXAQ6xfay6MOBTgCPOz7cbElL2MFDOv/JdTEqqu3vfHTP/XA==
-----END AGE ENCRYPTED FILE-----
- recipient: age1w3nq2g9ctm43f43lyzfrznywqpqlrk6x9de2qy3sr05mm4yk4u3s05slw4
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA5Y2RqVmZUcUhkUTRKaDZw
RUhBR2dSdVZjdW9MdGNPSXFFclV0UlVzMFUwClpqZzd5Ymh3eVRFcUVBYlVDR2Nu
ZTNsWHBmZTZlekdweVFGdmJjMXJwVWsKLS0tIDBkWDBuZG9vUkhxNlVRYlk3Y3cy
eG9wTHduTFlLQ3ZqK0tSbGtNQ25BVFkKjGrZjEfaViijBm6AQVPOv/fz7cJBxO0J
J5G83XNFeU0zn78iuc9K/EwuSBbTPhjczOu1s7HNJOm26DrP/NrbXg==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBFMVhTaXVCb3dqNTVsTUhJ
dlhMbUlZbXYwcVBiczJaQXRqOEI4UDJqc3hNCk5CWWRIcWg5dmE3QjB4aitHc3pQ
NDJVdmhvTU0vc2dnWmFmU1Rob3J1alUKLS0tIFlmOUhDVUJjbmw5dUFKZ3NTVTJX
a09yd2JQR3ZiM1dreVZJbmpwVlJrcjAKbW4JCzpNg+jhlMAYoldv0l0oJtR+EyI5
RzAc73V9zcyKIqUHOXKW0oUzoly2EEOUUiSAgOZ1jzglyxGfL2zWjw==
-----END AGE ENCRYPTED FILE-----
- recipient: age1hdv2nz7r5fv6glq7jac27uf864t2668a97ptx52q57yfg4jd7ypqkag7wd
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBPcSthSmxOTjREWEZ5QzYy
N0ZZTVlvTjZqamZIb21Rbk05SEIwU0E4MnpvCkRDVXg0clBEWTQ3TXJOSnpZYVM1
R3dwc3J4SmJBenNiT2dIK1J2WTY3eWcKLS0tIFVNQm5zYjB4dFIxMG8wKzlOaStG
MS9Pc2JmUHVFRU1hVjkvM0lZeEU3ajQKhNRTwMgTg3clHKxDQswcpkkkcGNMe3fD
W+Qvp+x9rOSUPgMdB2o5+8rsnzN1u+Pl+SYQ+UiMgKzSPCqJbsKqGg==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBZ2VScHUzVDFYYlhKWVlj
RFc1WGJiKzhUK0x6QW51Yko0QVh0cVBWbTM4Cjdyam0yRG01OTREYlVMVTdTRjZh
RzMxaG9EdVFCUjFRdXM3VE5Qa0d4RWcKLS0tIDFzUzRya21naUhVcklmak0vanBV
bmcvbnpHLzloR0I0Z01jcFpTaVRNWncK0LQfKxfltvCpGWvmPMtmqu+wid30qfL4
NqZhAMNHmCmnzSX0ViQQU0e4Hrd8/2FhJNap5k88ZenyzLWd7ToBuA==
-----END AGE ENCRYPTED FILE-----
- recipient: age1zs6k39g6kz740z3p9f0r2tc8dwn677zn3v5963g42p6lsljh7y0qzfn9ql
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB0aFVKenl6YnFqVmpuQ0hs
SHlEYUVFSm5xTUNxNjhhV3d0NnBrMTB6OEhNCmtZa3o5dzluNTNQL1lXdVlIREJJ
b3FCMGE2NnJMcThzREVkYUVQVnVBWlEKLS0tIDBzemwxdWJwSFhwcUg1YmtCT0Z3
aVlHRXQ4Z3RFd2dUUFNMeUdwV3FFOE0K9HrCceBsDw4KhG9yL2rT/nX6Lyb2Th1K
CUUUF0GGxMNMfwPatooEaM2Nx9izmo7jFDbKgDfWlrp8CLH6W+nlyQ==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0czcrYWFiRklXTFA1aXQ3
WE9BejdSeEdLYXZESXloZWw2ZzV6cDZUNmljCk94eS9TYVB4RlFPTi96eG95bWVL
L21jcGxJUDN1RUMzTVo5RTMvV0NkYWcKLS0tIHRlRkt1bjBGMmo5azFzNk41REZm
MlQzZlNPUitVVG5hb3FBMGdZcHFSVE0K4fcnPvCWFrl6QilgK6dtoeDhznRguoUk
cZbIbDJ3d1WE6ITl7MRCNuixtNTd+UCnCkamF1FKtboP5EvniQ7/zw==
-----END AGE ENCRYPTED FILE-----
- recipient: age120fg86wv7vrcw6aeuunkzr7nerpwg8w0vu08xp8v8feqawtzqquq4763cw
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBnbFIzaWdPZmd5eTdDN1hG
YXBnakprdGU2WlBrY21Rd0NOb3UyQjArcWc4CjhFRUxueWppRkRacmUvbERlbzkz
dDZSSmFFOU9KUmVTQmU2c2J3dnBET2sKLS0tIDNOTmZ0bjNGc1VoNTd0OGFvZU5O
bTA1M3RzclpGOFZHNEJtUmx1NE9ockkK0MnfyVCDLUl7LkgWM1qxbtrl+LL9PuD3
2h5w1gLAKJumHJFbqYcxIo2haTQMgYb6APek0OvEkNlqp+piBo/tGQ==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBSMXcvL2swcFcwZDRxRmtx
SzV4TjhyZ05UWmRaZG1QZm9WY2ZHODdVT2c4CkdxT2ltZnl3Ujk4M3Y2eHJ5VTVz
c1U3QmptTERxQ1pBY1RLL1NRWjhlOFkKLS0tIG5RbTZCL0JrN1dKekFFeXJBN1RR
b2t4V2FuL1lBM3k3Q1Z0M08rTkk1dlEKnm6tg/qKVjzHCQJCcJFuOqKqWYnk78WD
1H2FYyCR4AB/H9W+qgPYsND5sGj3rmqXXaWPWKxO/DeT+i8Ur2btdQ==
-----END AGE ENCRYPTED FILE-----
- recipient: age1dmkhlzvxemlufsydaed7vajm4cdpjwmqj3pmpvlljkjzlck8t4rswwph4j
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBTM2lnTEFUaFZBczJWOTAx
QlNReGFkWWpKT0Q1Q2R4MG8vVkU0OFBCUEdNCkRmNVhyVmtWOVBCdkU2WVVpRkhF
NmZTVHhieVBIYTRVUUZkM2lYeWx1ME0KLS0tIFJiNzR2QVF4ek9lU0hWWnJyRHF5
Z01OdDdUelFLeUNTSVZ4bUNQNDNIZHcKCBRiWCxASpO7tgCIBYOU7DqOxpT6krH7
u66QWXJ2gT0MeVloBv/qrqHv0p2JmECpG393XnHHBC83yNg3SawriA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-08-31T15:55:06Z"
mac: ENC[AES256_GCM,data:KQraWMxoXkcrEHCG6R+M31qRCGMwXekA9hIgyULXLaCjkHHJ1JRovgMD0ujTgZVseLipXBCXzH2RJvErNDhozXyrSEpzU0hBb50c0BCD3yaSPojTFCHDGIt/9qi4YHVnOHBP7jVxrFSGk84TNgMqO16dUNsMu6faEYX8CpkHoZM=,iv:ci/kWQCWuV98YdCtgKqQCOgsfAup/pG4smoWvFXRWX4=,tag:2ivvnVo0+ft3BIts3axMGw==,type:str]