Compare commits
68 Commits
d9173abb79
...
main
| Author | SHA1 | Date | |
|---|---|---|---|
a507412e0e
|
|||
|
3ecac708c3
|
|||
|
7b8c02a19e
|
|||
|
38aff239a0
|
|||
|
f58a14541f
|
|||
|
6183c17722
|
|||
|
ac43ae77cc
|
|||
|
ccfcb5ec7f
|
|||
|
30db860308
|
|||
|
35b24b54fd
|
|||
|
5aaeb78e9c
|
|||
|
f4307bd301
|
|||
|
1ff4017cd6
|
|||
|
e31b3a36d7
|
|||
|
765d3d3919
|
|||
|
4503ca8cc8
|
|||
|
22abedaf52
|
|||
|
cdadeee69a
|
|||
|
dafa424d2d
|
|||
|
005b0bb5e4
|
|||
|
a4b746fd9c
|
|||
|
defc49c48a
|
|||
|
72198292ab
|
|||
|
e066118d2b
|
|||
|
d14137fedd
|
|||
|
c9d5a5a966
|
|||
|
5c46a41206
|
|||
|
bbe4fe6f76
|
|||
|
87a362c9c7
|
|||
|
6b1e91b0f5
|
|||
|
86371ba451
|
|||
|
3d945eb6af
|
|||
|
df43e5550b
|
|||
|
04ad800a88
|
|||
|
afafcb92ad
|
|||
|
f5b8d4fde5
|
|||
|
7ae9292871
|
|||
|
4b0c646ef3
|
|||
|
c2ffa8c929
|
|||
|
a5238adc25
|
|||
|
c9f76587b3
|
|||
|
8fc9873beb
|
|||
|
6b0c1057eb
|
|||
|
a53ad5a5ae
|
|||
|
9ea7912596
|
|||
|
39a6c16cea
|
|||
|
1b059d60a2
|
|||
|
2f90fe4b5e
|
|||
|
be94d1a35a
|
|||
|
365872d879
|
|||
|
56a6133b36
|
|||
|
9ef3beccb8
|
|||
|
a23f972a35
|
|||
|
4012f8229c
|
|||
|
adf5861cf9
|
|||
|
ea5496e870
|
|||
|
73a52e35d0
|
|||
|
1ce8c86b0d
|
|||
|
578d029c1a
|
|||
|
732720117d
|
|||
|
d9b0c54edc
|
|||
|
5c489491ad
|
|||
|
398b1e7470
|
|||
|
46685f03d7
|
|||
|
49d2768cfe
|
|||
|
d3bd7ef416
|
|||
|
6d38e964e3
|
|||
|
8b57a7580a
|
@ -1,10 +1,10 @@
|
||||
keys:
|
||||
- &walkah age16yv7atd8n880ja98pksqqvunu2yw00660lkh4n0sg39j5vt3dujshyu95j
|
||||
- &plato age12m47c7xvqttncps0e79pwamzqa4nmnxekwumtwcv5ju6q74fufaqp9d0xh
|
||||
- &agent age1vc8svd5277rjkgzg7frf04uaa45w3crhfvg628rqyrqmxul3q9nsjz6yxk
|
||||
- &form age1ulmzprdmcd8r0w47a0nrrlg8melkjk6evl2rc54yh6lxkcfas36q6wrsv9
|
||||
- &matter age1lfjkch3pqaq3uwmjxyucpm2tws6llxqqjglj4yn49jkwkf50xvmqrl974e
|
||||
- &purpose age1jnf94uq5ap96vk7nfk3qkr38ylhletc6pskj0ypc470d7gmt0qeqskdy5z
|
||||
- &agent age1pn2hnqvgt7rvfglxddlj3jwrm79rvmutmexkpxv4frdnznlel33qvfy6u5
|
||||
- &form age1mnrl9u8vpdjncge33pg7quakl0qdf5dlfgch87jhrs0wrvup4s0s5xh7ly
|
||||
- &matter age1tt0gwcm03zmpelerpph49knn8f6t8z7aq9una2qys76kf4rwxpnquxkvz3
|
||||
- &purpose age1px55dk5n3whfdyshzyxqmyjvqdmv9au6myx6w67jw3cqp9sdx9rsa6xep9
|
||||
- &socrates age12wakcnv487c5rkgv7z6umzywrqwcy6dgguq0dug6lxp64scjsq6sspkmgz
|
||||
creation_rules:
|
||||
- path_regex: secrets/[^/]+\.yaml$
|
||||
|
||||
@ -10,4 +10,5 @@
|
||||
)
|
||||
{
|
||||
src = ./.;
|
||||
}).defaultNix
|
||||
}
|
||||
).defaultNix
|
||||
|
||||
384
flake.lock
generated
384
flake.lock
generated
@ -7,50 +7,28 @@
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1726188813,
|
||||
"narHash": "sha256-Vop/VRi6uCiScg/Ic+YlwsdIrLabWUJc57dNczp0eBc=",
|
||||
"owner": "lnl7",
|
||||
"lastModified": 1750618568,
|
||||
"narHash": "sha256-w9EG5FOXrjXGfbqCcQg9x1lMnTwzNDW5BMXp8ddy15E=",
|
||||
"owner": "nix-darwin",
|
||||
"repo": "nix-darwin",
|
||||
"rev": "21fe31f26473c180390cfa81e3ea81aca0204c80",
|
||||
"rev": "1dd19f19e4b53a1fd2e8e738a08dd5fe635ec7e5",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "lnl7",
|
||||
"owner": "nix-darwin",
|
||||
"ref": "master",
|
||||
"repo": "nix-darwin",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"deploy-rs": {
|
||||
"inputs": {
|
||||
"flake-compat": "flake-compat",
|
||||
"nixpkgs": [
|
||||
"nixpkgs"
|
||||
],
|
||||
"utils": "utils"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1718194053,
|
||||
"narHash": "sha256-FaGrf7qwZ99ehPJCAwgvNY5sLCqQ3GDiE/6uLhxxwSY=",
|
||||
"owner": "serokell",
|
||||
"repo": "deploy-rs",
|
||||
"rev": "3867348fa92bc892eba5d9ddb2d7a97b9e127a8a",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "serokell",
|
||||
"repo": "deploy-rs",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"flake-compat": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
"lastModified": 1696426674,
|
||||
"narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
|
||||
"lastModified": 1747046372,
|
||||
"narHash": "sha256-CIVLLkVgvHYbgI2UpXvIIBJ12HWgX+fjA8Xf8PUmqCY=",
|
||||
"owner": "edolstra",
|
||||
"repo": "flake-compat",
|
||||
"rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
|
||||
"rev": "9100a0f413b0c601e0533d1d94ffd501ce2e7885",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@ -75,40 +53,6 @@
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"flake-compat_3": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
"lastModified": 1696426674,
|
||||
"narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
|
||||
"owner": "edolstra",
|
||||
"repo": "flake-compat",
|
||||
"rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "edolstra",
|
||||
"repo": "flake-compat",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"flake-utils": {
|
||||
"inputs": {
|
||||
"systems": "systems_2"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1710146030,
|
||||
"narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=",
|
||||
"owner": "numtide",
|
||||
"repo": "flake-utils",
|
||||
"rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "numtide",
|
||||
"repo": "flake-utils",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"gitignore": {
|
||||
"inputs": {
|
||||
"nixpkgs": [
|
||||
@ -137,11 +81,11 @@
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1726308872,
|
||||
"narHash": "sha256-d4vwO5N4RsLnCY7k5tY9xbdYDWQsY3RDMeUoIa4ms2A=",
|
||||
"lastModified": 1750690749,
|
||||
"narHash": "sha256-x6fRPeqdgDKVTCyvbp4J8Q5UQ3DV3oWYSoyM444N8cY=",
|
||||
"owner": "nix-community",
|
||||
"repo": "home-manager",
|
||||
"rev": "6c1a461a444e6ccb3f3e42bb627b510c3a722a57",
|
||||
"rev": "05b8c9506452349d8be854ac46e5a7630fa7917d",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@ -150,13 +94,47 @@
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"libcamera-src": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
"lastModified": 1725630279,
|
||||
"narHash": "sha256-KH30jmHfxXq4j2CL7kv18DYECJRp9ECuWNPnqPZajPA=",
|
||||
"owner": "raspberrypi",
|
||||
"repo": "libcamera",
|
||||
"rev": "69a894c4adad524d3063dd027f5c4774485cf9db",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "raspberrypi",
|
||||
"repo": "libcamera",
|
||||
"rev": "69a894c4adad524d3063dd027f5c4774485cf9db",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"libpisp-src": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
"lastModified": 1724944683,
|
||||
"narHash": "sha256-Fo2UJmQHS855YSSKKmGrsQnJzXog1cdpkIOO72yYAM4=",
|
||||
"owner": "raspberrypi",
|
||||
"repo": "libpisp",
|
||||
"rev": "28196ed6edcfeda88d23cc5f213d51aa6fa17bb3",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "raspberrypi",
|
||||
"ref": "v1.0.7",
|
||||
"repo": "libpisp",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nixlib": {
|
||||
"locked": {
|
||||
"lastModified": 1725757153,
|
||||
"narHash": "sha256-c1a6iLmCVPFI9EUVMrBN8xdmFxFXEjcVwiTSVmqajOs=",
|
||||
"lastModified": 1736643958,
|
||||
"narHash": "sha256-tmpqTSWVRJVhpvfSN9KXBvKEXplrwKnSZNAoNPf/S/s=",
|
||||
"owner": "nix-community",
|
||||
"repo": "nixpkgs.lib",
|
||||
"rev": "68584f89dd0eb16fea5d80ae127f3f681f6a5df7",
|
||||
"rev": "1418bc28a52126761c02dd3d89b2d8ca0f521181",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@ -173,11 +151,11 @@
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1726102718,
|
||||
"narHash": "sha256-u89QyfjtXryLHrO3Wre4kuWK5KDKiXe8lgRi6+cUOEw=",
|
||||
"lastModified": 1747663185,
|
||||
"narHash": "sha256-Obh50J+O9jhUM/FgXtI3he/QRNiV9+J53+l+RlKSaAk=",
|
||||
"owner": "nix-community",
|
||||
"repo": "nixos-generators",
|
||||
"rev": "5ae384b83b91080f0fead6bc1add1cff8277cb3f",
|
||||
"rev": "ee07ba0d36c38e9915c55d2ac5a8fb0f05f2afcc",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@ -186,29 +164,13 @@
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nixos-hardware": {
|
||||
"locked": {
|
||||
"lastModified": 1725885300,
|
||||
"narHash": "sha256-5RLEnou1/GJQl+Wd+Bxaj7QY7FFQ9wjnFq1VNEaxTmc=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixos-hardware",
|
||||
"rev": "166dee4f88a7e3ba1b7a243edb1aca822f00680e",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "NixOS",
|
||||
"ref": "master",
|
||||
"repo": "nixos-hardware",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nixpkgs": {
|
||||
"locked": {
|
||||
"lastModified": 1726206720,
|
||||
"narHash": "sha256-tI7141IHDABMNgz4iXDo8agCp0SeTLbaIZ2DRndwcmk=",
|
||||
"lastModified": 1750605355,
|
||||
"narHash": "sha256-xT8cPLTxlktxI9vSdoBlAVK7dXgd8IK59j7ZwzkkhnI=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "673d99f1406cb09b8eb6feab4743ebdf70046557",
|
||||
"rev": "3078b9a9e75f1790e6d6ef9955fdc6a2d1740cc6",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@ -218,88 +180,215 @@
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nixpkgs-stable": {
|
||||
"nixpkgs_2": {
|
||||
"locked": {
|
||||
"lastModified": 1720386169,
|
||||
"narHash": "sha256-NGKVY4PjzwAa4upkGtAMz1npHGoRzWotlSnVlqI40mo=",
|
||||
"lastModified": 1736061677,
|
||||
"narHash": "sha256-DjkQPnkAfd7eB522PwnkGhOMuT9QVCZspDpJJYyOj60=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "194846768975b7ad2c4988bdb82572c00222c0d7",
|
||||
"rev": "cbd8ec4de4469333c82ff40d057350c30e9f7d36",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "NixOS",
|
||||
"ref": "nixos-24.05",
|
||||
"repo": "nixpkgs",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nixpkgs-stable_2": {
|
||||
"locked": {
|
||||
"lastModified": 1725762081,
|
||||
"narHash": "sha256-vNv+aJUW5/YurRy1ocfvs4q/48yVESwlC/yHzjkZSP8=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "dc454045f5b5d814e5862a6d057e7bb5c29edc05",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "NixOS",
|
||||
"ref": "release-24.05",
|
||||
"ref": "nixos-24.11",
|
||||
"repo": "nixpkgs",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"pre-commit-hooks": {
|
||||
"inputs": {
|
||||
"flake-compat": "flake-compat_3",
|
||||
"flake-compat": "flake-compat_2",
|
||||
"gitignore": "gitignore",
|
||||
"nixpkgs": [
|
||||
"nixpkgs"
|
||||
],
|
||||
"nixpkgs-stable": "nixpkgs-stable"
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1725513492,
|
||||
"narHash": "sha256-tyMUA6NgJSvvQuzB7A1Sf8+0XCHyfSPRx/b00o6K0uo=",
|
||||
"lastModified": 1750684550,
|
||||
"narHash": "sha256-uLtw0iF9mQ94L831NOlQLPX9wm0qzd5yim3rcwACEoM=",
|
||||
"owner": "cachix",
|
||||
"repo": "pre-commit-hooks.nix",
|
||||
"rev": "7570de7b9b504cfe92025dd1be797bf546f66528",
|
||||
"repo": "git-hooks.nix",
|
||||
"rev": "fae816c55a75675f30d18c9cbdecc13b970d95d4",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "cachix",
|
||||
"repo": "pre-commit-hooks.nix",
|
||||
"repo": "git-hooks.nix",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"raspberry-pi-nix": {
|
||||
"inputs": {
|
||||
"libcamera-src": "libcamera-src",
|
||||
"libpisp-src": "libpisp-src",
|
||||
"nixpkgs": "nixpkgs_2",
|
||||
"rpi-bluez-firmware-src": "rpi-bluez-firmware-src",
|
||||
"rpi-firmware-nonfree-src": "rpi-firmware-nonfree-src",
|
||||
"rpi-firmware-src": "rpi-firmware-src",
|
||||
"rpi-linux-6_12_17-src": "rpi-linux-6_12_17-src",
|
||||
"rpi-linux-6_6_78-src": "rpi-linux-6_6_78-src",
|
||||
"rpi-linux-stable-src": "rpi-linux-stable-src",
|
||||
"rpicam-apps-src": "rpicam-apps-src"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1742223591,
|
||||
"narHash": "sha256-ZNTz8r5jlJ1jvpqf5+aUYgpnYJSVX0iP14doOc1Hm0E=",
|
||||
"owner": "nix-community",
|
||||
"repo": "raspberry-pi-nix",
|
||||
"rev": "3e8100d5e976a6a2be363015cb33463af9ef441a",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "nix-community",
|
||||
"repo": "raspberry-pi-nix",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"root": {
|
||||
"inputs": {
|
||||
"darwin": "darwin",
|
||||
"deploy-rs": "deploy-rs",
|
||||
"flake-compat": "flake-compat_2",
|
||||
"flake-utils": "flake-utils",
|
||||
"flake-compat": "flake-compat",
|
||||
"home-manager": "home-manager",
|
||||
"nixos-generators": "nixos-generators",
|
||||
"nixos-hardware": "nixos-hardware",
|
||||
"nixpkgs": "nixpkgs",
|
||||
"pre-commit-hooks": "pre-commit-hooks",
|
||||
"sops-nix": "sops-nix"
|
||||
"raspberry-pi-nix": "raspberry-pi-nix",
|
||||
"sops-nix": "sops-nix",
|
||||
"systems": "systems"
|
||||
}
|
||||
},
|
||||
"rpi-bluez-firmware-src": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
"lastModified": 1708969706,
|
||||
"narHash": "sha256-KakKnOBeWxh0exu44beZ7cbr5ni4RA9vkWYb9sGMb8Q=",
|
||||
"owner": "RPi-Distro",
|
||||
"repo": "bluez-firmware",
|
||||
"rev": "78d6a07730e2d20c035899521ab67726dc028e1c",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "RPi-Distro",
|
||||
"ref": "bookworm",
|
||||
"repo": "bluez-firmware",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"rpi-firmware-nonfree-src": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
"lastModified": 1723266537,
|
||||
"narHash": "sha256-T7eTKXqY9cxEMdab8Snda4CEOrEihy5uOhA6Fy+Mhnw=",
|
||||
"owner": "RPi-Distro",
|
||||
"repo": "firmware-nonfree",
|
||||
"rev": "4b356e134e8333d073bd3802d767a825adec3807",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "RPi-Distro",
|
||||
"ref": "bookworm",
|
||||
"repo": "firmware-nonfree",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"rpi-firmware-src": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
"lastModified": 1728405098,
|
||||
"narHash": "sha256-4gnK0KbqFnjBmWia9Jt2gveVWftmHrprpwBqYVqE/k0=",
|
||||
"owner": "raspberrypi",
|
||||
"repo": "firmware",
|
||||
"rev": "7bbb5f80d20a2335066a8781459c9f33e5eebc64",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "raspberrypi",
|
||||
"ref": "1.20241008",
|
||||
"repo": "firmware",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"rpi-linux-6_12_17-src": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
"lastModified": 1740765145,
|
||||
"narHash": "sha256-hoCsGc4+RC/2LmxDtswLBL5ZhWlw4vSiL4Vkl39r2MU=",
|
||||
"owner": "raspberrypi",
|
||||
"repo": "linux",
|
||||
"rev": "5985ce32e511f4e8279a841a1b06a8c7d972b386",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "raspberrypi",
|
||||
"ref": "rpi-6.12.y",
|
||||
"repo": "linux",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"rpi-linux-6_6_78-src": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
"lastModified": 1740503700,
|
||||
"narHash": "sha256-Y8+ot4Yi3UKwlZK3ap15rZZ16VZDvmeFkD46+6Ku7bE=",
|
||||
"owner": "raspberrypi",
|
||||
"repo": "linux",
|
||||
"rev": "2e071057fded90e789c0101498e45a1778be93fe",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "raspberrypi",
|
||||
"ref": "rpi-6.6.y",
|
||||
"repo": "linux",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"rpi-linux-stable-src": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
"lastModified": 1728403745,
|
||||
"narHash": "sha256-phCxkuO+jUGZkfzSrBq6yErQeO2Td+inIGHxctXbD5U=",
|
||||
"owner": "raspberrypi",
|
||||
"repo": "linux",
|
||||
"rev": "5aeecea9f4a45248bcf564dec924965e066a7bfd",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "raspberrypi",
|
||||
"ref": "stable_20241008",
|
||||
"repo": "linux",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"rpicam-apps-src": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
"lastModified": 1727515047,
|
||||
"narHash": "sha256-qCYGrcibOeGztxf+sd44lD6VAOGoUNwRqZDdAmcTa/U=",
|
||||
"owner": "raspberrypi",
|
||||
"repo": "rpicam-apps",
|
||||
"rev": "a8ccf9f3cd9df49875dfb834a2b490d41d226031",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "raspberrypi",
|
||||
"ref": "v1.5.2",
|
||||
"repo": "rpicam-apps",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"sops-nix": {
|
||||
"inputs": {
|
||||
"nixpkgs": [
|
||||
"nixpkgs"
|
||||
],
|
||||
"nixpkgs-stable": "nixpkgs-stable_2"
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1726218807,
|
||||
"narHash": "sha256-z7CoWbSOtsOz8TmRKDnobURkKfv6nPZCo3ayolNuQGc=",
|
||||
"lastModified": 1750119275,
|
||||
"narHash": "sha256-Rr7Pooz9zQbhdVxux16h7URa6mA80Pb/G07T4lHvh0M=",
|
||||
"owner": "Mic92",
|
||||
"repo": "sops-nix",
|
||||
"rev": "f30b1bac192e2dc252107ac8a59a03ad25e1b96e",
|
||||
"rev": "77c423a03b9b2b79709ea2cb63336312e78b72e2",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@ -322,39 +411,6 @@
|
||||
"repo": "default",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"systems_2": {
|
||||
"locked": {
|
||||
"lastModified": 1681028828,
|
||||
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
|
||||
"owner": "nix-systems",
|
||||
"repo": "default",
|
||||
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "nix-systems",
|
||||
"repo": "default",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"utils": {
|
||||
"inputs": {
|
||||
"systems": "systems"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1701680307,
|
||||
"narHash": "sha256-kAuep2h5ajznlPMD9rnQyffWG8EM/C73lejGofXvdM8=",
|
||||
"owner": "numtide",
|
||||
"repo": "flake-utils",
|
||||
"rev": "4022d587cbbfd70fe950c1e2083a02621806a725",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "numtide",
|
||||
"repo": "flake-utils",
|
||||
"type": "github"
|
||||
}
|
||||
}
|
||||
},
|
||||
"root": "root",
|
||||
|
||||
66
flake.nix
66
flake.nix
@ -3,16 +3,11 @@
|
||||
|
||||
inputs = {
|
||||
nixpkgs.url = "github:NixOS/nixpkgs/nixpkgs-unstable";
|
||||
nixos-hardware.url = "github:NixOS/nixos-hardware/master";
|
||||
flake-utils.url = "github:numtide/flake-utils";
|
||||
|
||||
deploy-rs = {
|
||||
url = "github:serokell/deploy-rs";
|
||||
inputs.nixpkgs.follows = "nixpkgs";
|
||||
};
|
||||
systems.url = "github:nix-systems/default";
|
||||
raspberry-pi-nix.url = "github:nix-community/raspberry-pi-nix";
|
||||
|
||||
darwin = {
|
||||
url = "github:lnl7/nix-darwin/master";
|
||||
url = "github:nix-darwin/nix-darwin/master";
|
||||
inputs.nixpkgs.follows = "nixpkgs";
|
||||
};
|
||||
|
||||
@ -32,7 +27,7 @@
|
||||
};
|
||||
|
||||
pre-commit-hooks = {
|
||||
url = "github:cachix/pre-commit-hooks.nix";
|
||||
url = "github:cachix/git-hooks.nix";
|
||||
inputs.nixpkgs.follows = "nixpkgs";
|
||||
};
|
||||
|
||||
@ -42,26 +37,49 @@
|
||||
};
|
||||
};
|
||||
|
||||
outputs = { self, nixpkgs, flake-utils, deploy-rs, pre-commit-hooks, ... }@inputs:
|
||||
flake-utils.lib.eachDefaultSystem
|
||||
(system:
|
||||
let
|
||||
pkgs = import nixpkgs {
|
||||
inherit system;
|
||||
overlays = [ self.overlays.default ];
|
||||
};
|
||||
in
|
||||
{
|
||||
checks = import ./nix/checks.nix { inherit self pkgs deploy-rs system pre-commit-hooks; };
|
||||
devShells = import ./nix/shells.nix { inherit self pkgs system; };
|
||||
formatter = pkgs.nixpkgs-fmt;
|
||||
})
|
||||
outputs =
|
||||
{
|
||||
self,
|
||||
nixpkgs,
|
||||
pre-commit-hooks,
|
||||
systems,
|
||||
...
|
||||
}@inputs:
|
||||
let
|
||||
forAllSystems =
|
||||
fn: nixpkgs.lib.genAttrs (import systems) (system: fn system nixpkgs.legacyPackages.${system});
|
||||
in
|
||||
{
|
||||
checks = forAllSystems (
|
||||
system: pkgs:
|
||||
import ./nix/checks.nix {
|
||||
inherit
|
||||
self
|
||||
pkgs
|
||||
pre-commit-hooks
|
||||
system
|
||||
;
|
||||
}
|
||||
);
|
||||
devShells = forAllSystems (system: pkgs: import ./nix/shells.nix { inherit self pkgs system; });
|
||||
formatter = forAllSystems (_: pkgs: pkgs.nixfmt-tree);
|
||||
}
|
||||
// {
|
||||
hosts = import ./nix/hosts.nix;
|
||||
overlays.default = nixpkgs.lib.composeManyExtensions [ ];
|
||||
|
||||
darwinConfigurations = import ./nix/darwin.nix inputs;
|
||||
nixosConfigurations = import ./nix/nixos.nix inputs;
|
||||
deploy = import ./nix/deploy.nix inputs;
|
||||
|
||||
nixConfig = {
|
||||
extra-substituters = [
|
||||
"https://walkah.cachix.org"
|
||||
"https://nix-community.cachix.org"
|
||||
];
|
||||
extra-trusted-public-keys = [
|
||||
"walkah.cachix.org-1:D8cO78JoJC6UPV1ZMgd1V5znpk3jNUERGIeAKN15hxo="
|
||||
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
|
||||
];
|
||||
};
|
||||
};
|
||||
}
|
||||
|
||||
@ -1,11 +1,15 @@
|
||||
{ self, system, deploy-rs, pre-commit-hooks, ... }:
|
||||
{
|
||||
system,
|
||||
pre-commit-hooks,
|
||||
...
|
||||
}:
|
||||
{
|
||||
pre-commit-check = pre-commit-hooks.lib.${system}.run {
|
||||
src = ./.;
|
||||
hooks = {
|
||||
deadnix.enable = true;
|
||||
nixpkgs-fmt.enable = true;
|
||||
nixfmt-rfc-style.enable = true;
|
||||
statix.enable = true;
|
||||
};
|
||||
};
|
||||
} // (deploy-rs.lib.${system}.deployChecks self.deploy)
|
||||
}
|
||||
|
||||
@ -1,6 +1,12 @@
|
||||
{ self, darwin, home-manager, ... }:
|
||||
{
|
||||
self,
|
||||
darwin,
|
||||
home-manager,
|
||||
...
|
||||
}:
|
||||
let
|
||||
mkDarwin = hostName: modules:
|
||||
mkDarwin =
|
||||
hostName: modules:
|
||||
let
|
||||
hostSystem = self.hosts.${hostName}.system;
|
||||
in
|
||||
|
||||
@ -1,39 +0,0 @@
|
||||
{ self, nixpkgs, deploy-rs, ... }:
|
||||
let
|
||||
mkDeploy = hostName:
|
||||
let
|
||||
inherit (self.hosts.${hostName}) type address system sshUser;
|
||||
pkgs = import nixpkgs { inherit system; };
|
||||
deployPkgs = import nixpkgs {
|
||||
inherit system;
|
||||
overlays = [
|
||||
deploy-rs.overlays.default
|
||||
(_self: super: {
|
||||
deploy-rs = {
|
||||
inherit (pkgs) deploy-rs; inherit (super.deploy-rs) lib;
|
||||
};
|
||||
})
|
||||
];
|
||||
};
|
||||
inherit (deployPkgs.deploy-rs.lib) activate;
|
||||
in
|
||||
{
|
||||
hostname = address;
|
||||
profiles.system = {
|
||||
user = "root";
|
||||
inherit sshUser;
|
||||
path = activate.${type} self."${type}Configurations".${hostName};
|
||||
};
|
||||
};
|
||||
in
|
||||
{
|
||||
nodes = {
|
||||
socrates = mkDeploy "socrates";
|
||||
plato = mkDeploy "plato";
|
||||
agent = mkDeploy "agent";
|
||||
form = mkDeploy "form";
|
||||
matter = mkDeploy "matter";
|
||||
purpose = mkDeploy "purpose";
|
||||
epicurus = mkDeploy "epicurus";
|
||||
};
|
||||
}
|
||||
@ -13,37 +13,37 @@
|
||||
};
|
||||
agent = {
|
||||
type = "nixos";
|
||||
address = "100.95.167.126";
|
||||
address = "100.103.219.26";
|
||||
system = "aarch64-linux";
|
||||
sshUser = "root";
|
||||
};
|
||||
form = {
|
||||
type = "nixos";
|
||||
address = "100.87.220.71";
|
||||
address = "100.104.247.27";
|
||||
system = "aarch64-linux";
|
||||
sshUser = "root";
|
||||
};
|
||||
matter = {
|
||||
type = "nixos";
|
||||
address = "100.126.255.109";
|
||||
address = "100.95.77.67";
|
||||
system = "aarch64-linux";
|
||||
sshUser = "root";
|
||||
};
|
||||
purpose = {
|
||||
type = "nixos";
|
||||
address = "100.74.59.80";
|
||||
address = "100.117.49.15";
|
||||
system = "aarch64-linux";
|
||||
sshUser = "root";
|
||||
};
|
||||
epicurus = {
|
||||
type = "darwin";
|
||||
address = "100.66.26.116";
|
||||
address = "100.75.26.104";
|
||||
system = "aarch64-darwin";
|
||||
sshUser = "walkah";
|
||||
};
|
||||
heraclitus = {
|
||||
type = "darwin";
|
||||
address = "100.107.57.128";
|
||||
address = "100.72.149.31";
|
||||
system = "aarch64-darwin";
|
||||
};
|
||||
}
|
||||
|
||||
@ -1,18 +1,52 @@
|
||||
{ pkgs, nixos-hardware, ... }:
|
||||
{ pkgs, raspberry-pi-nix, ... }:
|
||||
|
||||
{
|
||||
imports = [
|
||||
# Include the results of the hardware scan.
|
||||
./hardware-configuration.nix
|
||||
nixos-hardware.nixosModules.raspberry-pi-4
|
||||
../../modules/base/nixos.nix
|
||||
|
||||
raspberry-pi-nix.nixosModules.raspberry-pi
|
||||
../../modules/ipfs/cluster.nix
|
||||
../../modules/k3s/agent.nix
|
||||
../../modules/sops
|
||||
];
|
||||
|
||||
hardware = {
|
||||
raspberry-pi."4".poe-hat.enable = true;
|
||||
# See: https://github.com/NixOS/nixos-hardware/issues/858
|
||||
boot.initrd.systemd.tpm2.enable = false;
|
||||
|
||||
boot.kernelParams = [
|
||||
"cgroup_enable=memory"
|
||||
"cgroup_enable=cpuset"
|
||||
"cgroup_memory=1"
|
||||
];
|
||||
|
||||
raspberry-pi-nix.board = "bcm2711";
|
||||
hardware.raspberry-pi.config = {
|
||||
all = {
|
||||
dt-overlays = {
|
||||
rpi-poe = {
|
||||
enable = true;
|
||||
params = {
|
||||
poe_fan_temp0 = {
|
||||
enable = true;
|
||||
value = 50000;
|
||||
};
|
||||
poe_fan_temp1 = {
|
||||
enable = true;
|
||||
value = 60000;
|
||||
};
|
||||
poe_fan_temp2 = {
|
||||
enable = true;
|
||||
value = 70000;
|
||||
};
|
||||
poe_fan_temp3 = {
|
||||
enable = true;
|
||||
value = 80000;
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
time.timeZone = "America/Toronto";
|
||||
@ -33,5 +67,9 @@
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ0mE4MyMnfd1b2nlBJT7kpZ6Vov+ILuGNfzdp5ZBNQe walkah@walkah.net"
|
||||
];
|
||||
|
||||
environment.systemPackages = with pkgs; [ libraspberrypi raspberrypi-eeprom ];
|
||||
environment.systemPackages = with pkgs; [
|
||||
libraspberrypi
|
||||
raspberrypi-eeprom
|
||||
];
|
||||
security.sudo.wheelNeedsPassword = false;
|
||||
}
|
||||
|
||||
@ -7,15 +7,4 @@
|
||||
../../modules/builder
|
||||
../../modules/dev
|
||||
];
|
||||
|
||||
# List packages installed in system profile. To search by name, run:
|
||||
# $ nix-env -qaP | grep wget
|
||||
# environment.systemPackages = with pkgs; [ emacs-nox ];
|
||||
|
||||
# Use a custom configuration.nix location.
|
||||
# $ darwin-rebuild switch -I darwin-config=$HOME/.config/nixpkgs/darwin/configuration.nix
|
||||
# environment.darwinConfig = "$HOME/.config/nixpkgs/darwin/configuration.nix";
|
||||
|
||||
# Auto upgrade nix package and the daemon service.
|
||||
services.nix-daemon.enable = true;
|
||||
}
|
||||
|
||||
@ -4,25 +4,30 @@ _:
|
||||
homebrew = {
|
||||
taps = [
|
||||
"homebrew/cask"
|
||||
"homebrew/cask-fonts"
|
||||
"homebrew/services"
|
||||
];
|
||||
|
||||
brews = [ "code-server" "coreutils" "mosh" ];
|
||||
brews = [
|
||||
"btop"
|
||||
"code-server"
|
||||
"coreutils"
|
||||
"mas"
|
||||
"mosh"
|
||||
];
|
||||
|
||||
casks = [
|
||||
"1password"
|
||||
"docker"
|
||||
"docker-desktop"
|
||||
"font-jetbrains-mono"
|
||||
"font-jetbrains-mono-nerd-font"
|
||||
"gpg-suite"
|
||||
"plex-media-server"
|
||||
"stats"
|
||||
"synology-drive"
|
||||
"tailscale-app"
|
||||
];
|
||||
|
||||
masApps = {
|
||||
Tailscale = 1475387142;
|
||||
Xcode = 497799835;
|
||||
};
|
||||
};
|
||||
|
||||
@ -1,4 +1,4 @@
|
||||
{ pkgs, ... }:
|
||||
{ ... }:
|
||||
{
|
||||
imports = [
|
||||
./homebrew.nix
|
||||
@ -8,16 +8,6 @@
|
||||
../../modules/builder
|
||||
];
|
||||
|
||||
nixpkgs.config.allowBroken = true;
|
||||
|
||||
# List packages installed in system profile. To search by name, run:
|
||||
# $ nix-env -qaP | grep wget
|
||||
# environment.systemPackages = with pkgs; [ emacs ];
|
||||
environment.systemPackages = with pkgs; [ emacs-macport ];
|
||||
|
||||
# Auto upgrade nix package and the daemon service.
|
||||
services.nix-daemon.enable = true;
|
||||
|
||||
system = {
|
||||
defaults = {
|
||||
dock = {
|
||||
|
||||
@ -4,36 +4,71 @@ _:
|
||||
homebrew = {
|
||||
taps = [
|
||||
"homebrew/cask"
|
||||
"homebrew/cask-fonts"
|
||||
"homebrew/cask-versions"
|
||||
"homebrew/services"
|
||||
"walkah/tap"
|
||||
"1password/tap"
|
||||
"fission-codes/fission"
|
||||
"d12frosted/emacs-plus"
|
||||
"dracula/install"
|
||||
"heroku/brew"
|
||||
];
|
||||
|
||||
brews = [ "coreutils" "fontconfig" "ipfs" ];
|
||||
brews = [
|
||||
"asdf"
|
||||
"awscli"
|
||||
"biome"
|
||||
"btop"
|
||||
"cmake"
|
||||
"cocoapods"
|
||||
"coreutils"
|
||||
"drone-cli"
|
||||
"doppler"
|
||||
"emacs-plus"
|
||||
"fontconfig"
|
||||
"gcc"
|
||||
"gh"
|
||||
"helm"
|
||||
"heroku"
|
||||
"ipfs"
|
||||
"kind"
|
||||
"kubernetes-cli"
|
||||
"kustomize"
|
||||
"libtool"
|
||||
"mas"
|
||||
"mr"
|
||||
"ollama"
|
||||
"opentofu"
|
||||
"podman"
|
||||
"ripgrep"
|
||||
"tea"
|
||||
"terminal-notifier"
|
||||
"watchman"
|
||||
];
|
||||
|
||||
casks = [
|
||||
"1password"
|
||||
"1password-cli"
|
||||
"actual"
|
||||
"android-studio"
|
||||
"balenaetcher"
|
||||
"beeper"
|
||||
"brave-browser"
|
||||
"bruno"
|
||||
"bunch"
|
||||
"calibre"
|
||||
"discord"
|
||||
"docker"
|
||||
"docker-desktop"
|
||||
"dracula-xcode"
|
||||
"element"
|
||||
"fantastical"
|
||||
"figma"
|
||||
"firefox@developer-edition"
|
||||
"font-jetbrains-mono"
|
||||
"font-jetbrains-mono-nerd-font"
|
||||
"ghostty"
|
||||
"google-chrome"
|
||||
"google-cloud-sdk"
|
||||
"gpg-suite"
|
||||
"hazel"
|
||||
"iterm2"
|
||||
"jordanbaird-ice"
|
||||
"logi-options+"
|
||||
"logitech-camera-settings"
|
||||
@ -43,6 +78,7 @@ _:
|
||||
"obsidian"
|
||||
"opal-composer"
|
||||
"plexamp"
|
||||
"podman-desktop"
|
||||
"raycast"
|
||||
"slack"
|
||||
"sonos"
|
||||
@ -50,9 +86,11 @@ _:
|
||||
"stats"
|
||||
"steam"
|
||||
"synology-drive"
|
||||
"todoist"
|
||||
"tailscale-app"
|
||||
"todoist-app"
|
||||
"visual-studio-code"
|
||||
"zoom"
|
||||
"zulu@17"
|
||||
];
|
||||
|
||||
masApps = {
|
||||
@ -61,7 +99,6 @@ _:
|
||||
DayOne = 1055511498;
|
||||
Drafts = 1435957248;
|
||||
HomeAssistant = 1099568401;
|
||||
Tailscale = 1475387142;
|
||||
Xcode = 497799835;
|
||||
};
|
||||
};
|
||||
|
||||
@ -13,11 +13,11 @@ in
|
||||
../../modules/drone
|
||||
../../modules/drone/runner-docker.nix
|
||||
../../modules/gitea
|
||||
../../modules/k3s/server.nix
|
||||
../../modules/matrix
|
||||
../../modules/minecraft
|
||||
../../modules/postgresql
|
||||
../../modules/sops
|
||||
../../modules/traefik
|
||||
];
|
||||
boot = {
|
||||
binfmt.emulatedSystems = [ "aarch64-linux" ];
|
||||
@ -56,7 +56,11 @@ in
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC5spf4diguK+w7iYLFr565++6DjHukWfvpN2ru9dCRk nixbuild"
|
||||
];
|
||||
|
||||
environment.systemPackages = with pkgs; [ cifs-utils pinentry weechat ];
|
||||
environment.systemPackages = with pkgs; [
|
||||
cifs-utils
|
||||
pinentry
|
||||
weechat
|
||||
];
|
||||
fileSystems = {
|
||||
"/mnt/downloads" = {
|
||||
device = "//parthenon/Downloads";
|
||||
@ -82,7 +86,6 @@ in
|
||||
};
|
||||
};
|
||||
|
||||
|
||||
power.ups = {
|
||||
enable = true;
|
||||
mode = "netserver";
|
||||
@ -144,27 +147,36 @@ in
|
||||
scrapeConfigs = [
|
||||
{
|
||||
job_name = "node";
|
||||
static_configs = [{
|
||||
targets = [
|
||||
"plato:9100"
|
||||
"agent:9100"
|
||||
"form:9100"
|
||||
"matter:9100"
|
||||
"purpose:9100"
|
||||
"socrates:9100"
|
||||
];
|
||||
}];
|
||||
static_configs = [
|
||||
{
|
||||
targets = [
|
||||
"plato:9100"
|
||||
"agent:9100"
|
||||
"form:9100"
|
||||
"matter:9100"
|
||||
"purpose:9100"
|
||||
"socrates:9100"
|
||||
];
|
||||
}
|
||||
];
|
||||
}
|
||||
{
|
||||
job_name = "coredns";
|
||||
static_configs = [{ targets = [ "plato:9153" ]; }];
|
||||
static_configs = [ { targets = [ "plato:9153" ]; } ];
|
||||
}
|
||||
{
|
||||
job_name = "ipfs";
|
||||
metrics_path = "/debug/metrics/prometheus";
|
||||
static_configs = [{
|
||||
targets = [ "agent:5001" "form:5001" "matter:5001" "purpose:5001" ];
|
||||
}];
|
||||
static_configs = [
|
||||
{
|
||||
targets = [
|
||||
"agent:5001"
|
||||
"form:5001"
|
||||
"matter:5001"
|
||||
"purpose:5001"
|
||||
];
|
||||
}
|
||||
];
|
||||
}
|
||||
];
|
||||
};
|
||||
@ -173,7 +185,9 @@ in
|
||||
};
|
||||
};
|
||||
|
||||
walkah.coredns = { enable = true; };
|
||||
walkah.coredns = {
|
||||
enable = true;
|
||||
};
|
||||
|
||||
virtualisation.docker = {
|
||||
enable = true;
|
||||
@ -182,5 +196,11 @@ in
|
||||
enable = true;
|
||||
flags = [ "--all" ];
|
||||
};
|
||||
daemon.settings = {
|
||||
dns = [
|
||||
"1.1.1.1"
|
||||
"1.0.0.1"
|
||||
];
|
||||
};
|
||||
};
|
||||
}
|
||||
|
||||
@ -18,7 +18,10 @@
|
||||
"sr_mod"
|
||||
];
|
||||
initrd.kernelModules = [ ];
|
||||
kernelModules = [ "kvm-intel" "wl" ];
|
||||
kernelModules = [
|
||||
"kvm-intel"
|
||||
"wl"
|
||||
];
|
||||
extraModulePackages = [ config.boot.kernelPackages.broadcom_sta ];
|
||||
};
|
||||
|
||||
@ -32,7 +35,6 @@
|
||||
fsType = "vfat";
|
||||
};
|
||||
|
||||
swapDevices =
|
||||
[{ device = "/dev/disk/by-uuid/3a812874-3def-4e46-b20d-cd55fa7bdd5f"; }];
|
||||
swapDevices = [ { device = "/dev/disk/by-uuid/3a812874-3def-4e46-b20d-cd55fa7bdd5f"; } ];
|
||||
|
||||
}
|
||||
|
||||
@ -1,4 +1,5 @@
|
||||
{ pkgs, ... }: {
|
||||
{ pkgs, ... }:
|
||||
{
|
||||
imports = [
|
||||
./hardware-configuration.nix
|
||||
./networking.nix # generated at runtime by nixos-infect
|
||||
@ -26,14 +27,20 @@
|
||||
hostName = "socrates";
|
||||
firewall = {
|
||||
allowPing = true;
|
||||
allowedTCPPorts = [ 80 443 ];
|
||||
allowedTCPPorts = [
|
||||
80
|
||||
443
|
||||
];
|
||||
trustedInterfaces = [ "tailscale0" ];
|
||||
checkReversePath = "loose";
|
||||
};
|
||||
};
|
||||
|
||||
nix = {
|
||||
settings.trusted-users = [ "@wheel" "root" ];
|
||||
settings.trusted-users = [
|
||||
"@wheel"
|
||||
"root"
|
||||
];
|
||||
};
|
||||
|
||||
security = {
|
||||
|
||||
@ -2,5 +2,8 @@
|
||||
{
|
||||
imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
|
||||
boot.loader.grub.device = "/dev/vda";
|
||||
fileSystems."/" = { device = "/dev/vda1"; fsType = "ext4"; };
|
||||
fileSystems."/" = {
|
||||
device = "/dev/vda1";
|
||||
fsType = "ext4";
|
||||
};
|
||||
}
|
||||
|
||||
@ -1,4 +1,5 @@
|
||||
{ lib, ... }: {
|
||||
{ lib, ... }:
|
||||
{
|
||||
# This file was populated at runtime with the networking
|
||||
# details gathered from the active system.
|
||||
networking = {
|
||||
@ -28,14 +29,18 @@
|
||||
prefixLength = 64;
|
||||
}
|
||||
];
|
||||
ipv4.routes = [{
|
||||
address = "167.99.176.1";
|
||||
prefixLength = 32;
|
||||
}];
|
||||
ipv6.routes = [{
|
||||
address = "2604:a880:cad:d0::1";
|
||||
prefixLength = 32;
|
||||
}];
|
||||
ipv4.routes = [
|
||||
{
|
||||
address = "167.99.176.1";
|
||||
prefixLength = 32;
|
||||
}
|
||||
];
|
||||
ipv6.routes = [
|
||||
{
|
||||
address = "2604:a880:cad:d0::1";
|
||||
prefixLength = 32;
|
||||
}
|
||||
];
|
||||
};
|
||||
|
||||
};
|
||||
|
||||
@ -41,9 +41,15 @@ in
|
||||
};
|
||||
|
||||
"Pleroma.Web.Endpoint" = {
|
||||
secret_key_base = { _secret = secrets.akkoma-secret-key-base.path; };
|
||||
signing_salt = { _secret = secrets.akkoma-signing-salt.path; };
|
||||
live_view.signing_salt = { _secret = secrets.akkoma-signing-salt.path; };
|
||||
secret_key_base = {
|
||||
_secret = secrets.akkoma-secret-key-base.path;
|
||||
};
|
||||
signing_salt = {
|
||||
_secret = secrets.akkoma-signing-salt.path;
|
||||
};
|
||||
live_view.signing_salt = {
|
||||
_secret = secrets.akkoma-signing-salt.path;
|
||||
};
|
||||
url = {
|
||||
host = "walkah.social";
|
||||
scheme = "https";
|
||||
@ -57,12 +63,18 @@ in
|
||||
};
|
||||
":web_push_encryption" = {
|
||||
":vapid_details" = {
|
||||
private_key = { _secret = secrets.akkoma-vapid-private-key.path; };
|
||||
public_key = { _secret = secrets.akkoma-vapid-public-key.path; };
|
||||
private_key = {
|
||||
_secret = secrets.akkoma-vapid-private-key.path;
|
||||
};
|
||||
public_key = {
|
||||
_secret = secrets.akkoma-vapid-public-key.path;
|
||||
};
|
||||
};
|
||||
};
|
||||
":joken" = {
|
||||
":default_signer" = { _secret = secrets.akkoma-joken-signer.path; };
|
||||
":default_signer" = {
|
||||
_secret = secrets.akkoma-joken-signer.path;
|
||||
};
|
||||
};
|
||||
};
|
||||
nginx = null; # doing this manually
|
||||
|
||||
@ -1,5 +1,4 @@
|
||||
_:
|
||||
{
|
||||
_: {
|
||||
services.nginx = {
|
||||
enable = true;
|
||||
virtualHosts = {
|
||||
|
||||
@ -13,11 +13,13 @@ _:
|
||||
settings = {
|
||||
substituters = [
|
||||
"https://walkah.cachix.org"
|
||||
"https://nix-community.cachix.org"
|
||||
"https://cache.garnix.io"
|
||||
];
|
||||
|
||||
trusted-public-keys = [
|
||||
"walkah.cachix.org-1:D8cO78JoJC6UPV1ZMgd1V5znpk3jNUERGIeAKN15hxo="
|
||||
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
|
||||
"cache.garnix.io:CTFPyKSLcx5RMJKfLo5EEPUObbA78b0YQ2DTCJXqr9g="
|
||||
];
|
||||
};
|
||||
|
||||
@ -1,9 +1,13 @@
|
||||
{ ... }: {
|
||||
{ ... }:
|
||||
{
|
||||
|
||||
imports = [ ./common.nix ../../users ];
|
||||
imports = [
|
||||
./common.nix
|
||||
../../users
|
||||
];
|
||||
|
||||
nix = {
|
||||
configureBuildUsers = true;
|
||||
enable = true;
|
||||
|
||||
extraOptions = ''
|
||||
extra-platforms = x86_64-darwin aarch64-darwin
|
||||
@ -18,7 +22,10 @@
|
||||
options = "--delete-older-than 30d";
|
||||
};
|
||||
settings = {
|
||||
trusted-users = [ "root" "@admin" ];
|
||||
trusted-users = [
|
||||
"root"
|
||||
"@admin"
|
||||
];
|
||||
};
|
||||
};
|
||||
|
||||
@ -42,5 +49,8 @@
|
||||
};
|
||||
};
|
||||
|
||||
system.stateVersion = 4;
|
||||
system = {
|
||||
primaryUser = "walkah";
|
||||
stateVersion = 4;
|
||||
};
|
||||
}
|
||||
|
||||
@ -1,8 +1,18 @@
|
||||
{ config, pkgs, ... }: {
|
||||
{ config, pkgs, ... }:
|
||||
{
|
||||
|
||||
imports = [ ./common.nix ../monitoring ../../users ];
|
||||
imports = [
|
||||
./common.nix
|
||||
../monitoring
|
||||
../../users
|
||||
];
|
||||
|
||||
documentation = {
|
||||
enable = false;
|
||||
};
|
||||
|
||||
environment.systemPackages = with pkgs; [
|
||||
btop
|
||||
htop
|
||||
inetutils
|
||||
vim
|
||||
@ -18,7 +28,10 @@
|
||||
settings = {
|
||||
auto-optimise-store = true;
|
||||
|
||||
trusted-users = [ "root" "walkah" ];
|
||||
trusted-users = [
|
||||
"root"
|
||||
"walkah"
|
||||
];
|
||||
};
|
||||
};
|
||||
|
||||
@ -28,15 +41,22 @@
|
||||
|
||||
services = {
|
||||
openssh.enable = true;
|
||||
tailscale.enable = true;
|
||||
tailscale = {
|
||||
enable = true;
|
||||
extraSetFlags = [ "--webclient" ];
|
||||
};
|
||||
};
|
||||
|
||||
system = {
|
||||
autoUpgrade = {
|
||||
enable = true;
|
||||
flake = "github:walkah/athens#${config.networking.hostName}";
|
||||
dates = "daily";
|
||||
randomizedDelaySec = "5m";
|
||||
dates = "hourly";
|
||||
flags = [
|
||||
"--option"
|
||||
"tarball-ttl"
|
||||
"0"
|
||||
];
|
||||
};
|
||||
stateVersion = "23.05";
|
||||
};
|
||||
|
||||
@ -4,27 +4,20 @@ _: {
|
||||
buildMachines = [
|
||||
{
|
||||
hostName = "plato";
|
||||
systems = [ "x86_64-linux" "aarch64-linux" ];
|
||||
systems = [
|
||||
"x86_64-linux"
|
||||
"aarch64-linux"
|
||||
];
|
||||
maxJobs = 6;
|
||||
supportedFeatures = [ "benchmark" "big-parallel" "kvm" ];
|
||||
supportedFeatures = [
|
||||
"benchmark"
|
||||
"big-parallel"
|
||||
"kvm"
|
||||
];
|
||||
}
|
||||
];
|
||||
extraOptions = ''
|
||||
builders-use-substitutes = true
|
||||
'';
|
||||
linux-builder = {
|
||||
enable = true;
|
||||
ephemeral = true;
|
||||
maxJobs = 4;
|
||||
speedFactor = 2;
|
||||
config = {
|
||||
virtualisation = {
|
||||
darwin-builder = {
|
||||
memorySize = 8 * 1024;
|
||||
};
|
||||
cores = 4;
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
||||
|
||||
@ -8,7 +8,7 @@ _:
|
||||
forceSSL = true;
|
||||
enableACME = true;
|
||||
locations."/" = {
|
||||
proxyPass = "http://100.66.26.116:8080";
|
||||
proxyPass = "http://100.75.26.104:8080";
|
||||
proxyWebsockets = true;
|
||||
};
|
||||
};
|
||||
|
||||
@ -1,7 +1,8 @@
|
||||
{ config, lib, ... }:
|
||||
with lib;
|
||||
|
||||
let cfg = config.walkah.coredns;
|
||||
let
|
||||
cfg = config.walkah.coredns;
|
||||
in
|
||||
{
|
||||
options.walkah.coredns = {
|
||||
|
||||
@ -10,10 +10,10 @@ $ORIGIN walkah.lab.
|
||||
socrates IN A 100.103.57.96
|
||||
plato IN A 100.111.208.75
|
||||
; aristotle
|
||||
agent IN A 100.95.167.126
|
||||
form IN A 100.87.220.71
|
||||
matter IN A 100.126.255.109
|
||||
purpose IN A 100.74.59.80
|
||||
agent IN A 100.103.219.26
|
||||
form IN A 100.104.247.27
|
||||
matter IN A 100.95.77.67
|
||||
purpose IN A 100.117.49.15
|
||||
|
||||
parthenon IN A 100.106.65.39
|
||||
epicurus IN A 100.66.26.116
|
||||
epicurus IN A 100.75.26.104
|
||||
|
||||
@ -2,35 +2,10 @@
|
||||
|
||||
{
|
||||
environment.systemPackages = with pkgs; [
|
||||
# Cloud
|
||||
awscli2
|
||||
google-cloud-sdk
|
||||
doppler
|
||||
|
||||
# Git / CI
|
||||
drone-cli
|
||||
mr
|
||||
tea
|
||||
|
||||
# NodeJS
|
||||
bun
|
||||
nodejs
|
||||
pnpm
|
||||
|
||||
# Golang
|
||||
go
|
||||
|
||||
# k8s
|
||||
chart-testing
|
||||
k9s
|
||||
kind
|
||||
kubectl
|
||||
kubernetes-helm
|
||||
|
||||
# Nix
|
||||
cachix
|
||||
nixd
|
||||
nixf
|
||||
nixpkgs-fmt
|
||||
nixfmt-rfc-style
|
||||
];
|
||||
}
|
||||
|
||||
@ -1,4 +1,5 @@
|
||||
{ pkgs, config, ... }: {
|
||||
{ pkgs, config, ... }:
|
||||
{
|
||||
sops.secrets.drone = {
|
||||
owner = "drone";
|
||||
};
|
||||
|
||||
@ -1,4 +1,5 @@
|
||||
{ pkgs, config, ... }: {
|
||||
{ pkgs, config, ... }:
|
||||
{
|
||||
systemd.services.drone-runner-docker = {
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
serviceConfig = {
|
||||
|
||||
@ -36,14 +36,14 @@
|
||||
"/etc/passwd:/etc/passwd"
|
||||
"/etc/group:/etc/group"
|
||||
"/nix/var/nix/profiles/system/etc/nix:/etc/nix"
|
||||
"${config.environment.etc."ssl/certs/ca-certificates.crt".source}:/etc/ssl/certs/ca-certificates.crt"
|
||||
"${config.environment.etc."ssh/ssh_known_hosts".source}:/etc/ssh/ssh_known_hosts"
|
||||
"${
|
||||
builtins.toFile "ssh_config" ''
|
||||
Host eve.thalheim.io
|
||||
ForwardAgent yes
|
||||
''
|
||||
}:/etc/ssh/ssh_config"
|
||||
config.environment.etc."ssl/certs/ca-certificates.crt".source
|
||||
}:/etc/ssl/certs/ca-certificates.crt"
|
||||
"${config.environment.etc."ssh/ssh_known_hosts".source}:/etc/ssh/ssh_known_hosts"
|
||||
"${builtins.toFile "ssh_config" ''
|
||||
Host eve.thalheim.io
|
||||
ForwardAgent yes
|
||||
''}:/etc/ssh/ssh_config"
|
||||
"/etc/machine-id"
|
||||
# channels are dynamic paths in the nix store, therefore we need to bind mount the whole thing
|
||||
"/nix/"
|
||||
|
||||
@ -1,6 +1,7 @@
|
||||
{ config, ... }:
|
||||
|
||||
let cfg = config.services.gitea;
|
||||
let
|
||||
cfg = config.services.gitea;
|
||||
in
|
||||
{
|
||||
users.users.git = {
|
||||
@ -20,9 +21,15 @@ in
|
||||
lfs.enable = true;
|
||||
|
||||
settings = {
|
||||
log = { LEVEL = "Error"; };
|
||||
other = { SHOW_FOOTER_VERSION = false; };
|
||||
repository = { DEFAULT_BRANCH = "main"; };
|
||||
log = {
|
||||
LEVEL = "Error";
|
||||
};
|
||||
other = {
|
||||
SHOW_FOOTER_VERSION = false;
|
||||
};
|
||||
repository = {
|
||||
DEFAULT_BRANCH = "main";
|
||||
};
|
||||
server = {
|
||||
DOMAIN = "walkah.dev";
|
||||
HTTP_ADDR = "0.0.0.0";
|
||||
@ -30,8 +37,12 @@ in
|
||||
ROOT_URL = "https://walkah.dev/";
|
||||
SSH_DOMAIN = "git.walkah.dev";
|
||||
};
|
||||
service = { DISABLE_REGISTRATION = true; };
|
||||
session = { COOKIE_SECURE = true; };
|
||||
service = {
|
||||
DISABLE_REGISTRATION = true;
|
||||
};
|
||||
session = {
|
||||
COOKIE_SECURE = true;
|
||||
};
|
||||
};
|
||||
|
||||
dump.enable = false;
|
||||
|
||||
@ -3,14 +3,17 @@
|
||||
{
|
||||
imports = [
|
||||
./default.nix
|
||||
../../services/ipfs-cluster.nix
|
||||
];
|
||||
|
||||
services = {
|
||||
kubo = {
|
||||
enable = true;
|
||||
settings = {
|
||||
Discovery = { MDNS = { Enabled = true; }; };
|
||||
Discovery = {
|
||||
MDNS = {
|
||||
Enabled = true;
|
||||
};
|
||||
};
|
||||
Swarm = {
|
||||
AddrFilters = null;
|
||||
ConnMgr = {
|
||||
|
||||
@ -17,8 +17,14 @@ _:
|
||||
"/ip6/::/udp/4001/quic"
|
||||
];
|
||||
};
|
||||
API = { HTTPHeaders = { Access-Control-Allow-Origin = [ "*" ]; }; };
|
||||
Routing = { Type = "dht"; };
|
||||
API = {
|
||||
HTTPHeaders = {
|
||||
Access-Control-Allow-Origin = [ "*" ];
|
||||
};
|
||||
};
|
||||
Routing = {
|
||||
Type = "dht";
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
@ -3,22 +3,22 @@
|
||||
let
|
||||
peers = [
|
||||
{
|
||||
ID = "12D3KooWMQSgdfa4tUrDhkFx4zP3ZpgT1ryj9KH5RGUae62Vsc7y";
|
||||
Addrs = [ "/ip4/100.95.167.126/tcp/4001" ];
|
||||
ID = "12D3KooWEVoGdqsakyi3bgE8ivvRzcgTjiirFNS2FbUMw6HSjZF9";
|
||||
Addrs = [ "/ip4/100.103.219.26/tcp/4001" ];
|
||||
}
|
||||
{
|
||||
ID = "12D3KooWMqSiDukubKNKrK7J4PaF3mfNnZFVAd3Lh7qj3Y3e5bcN";
|
||||
Addrs = [ "/ip4/100.87.220.71/tcp/4001" ];
|
||||
ID = "12D3KooWC5ncgKeJV2G6QBdGMkT2gLbeviaDxpYR7V6NVTsma3C5";
|
||||
Addrs = [ "/ip4/100.104.247.27/tcp/4001" ];
|
||||
|
||||
}
|
||||
{
|
||||
ID = "12D3KooWGmNRyqP969QbyP8NLVRZNK2i6yCcP6N6N2r2DCG4H34v";
|
||||
Addrs = [ "/ip4/100.126.255.109/tcp/4001" ];
|
||||
ID = "12D3KooW9xeqfnnNWafiDkLXWjC5YdUnBrG5tJDd3tnm86kqVwhA";
|
||||
Addrs = [ "/ip4/100.95.77.67/tcp/4001" ];
|
||||
|
||||
}
|
||||
{
|
||||
ID = "12D3KooWFkR8nsG5pzffoAfMzmwBcSakXxnogVa6inRxUbpfN5ua";
|
||||
Addrs = [ "/ip4/100.74.59.80/tcp/4001" ];
|
||||
ID = "12D3KooWLYPckqA4JACJ4vioWc4tYuPjmfLMbgviECnWqazjSgK9";
|
||||
Addrs = [ "/ip4/100.117.49.15/tcp/4001" ];
|
||||
|
||||
}
|
||||
];
|
||||
@ -40,9 +40,17 @@ in
|
||||
kubo = {
|
||||
enable = true;
|
||||
settings = {
|
||||
Discovery = { MDNS = { Enabled = false; }; };
|
||||
Peering = { Peers = peers; };
|
||||
Swarm = { AddrFilters = null; };
|
||||
Discovery = {
|
||||
MDNS = {
|
||||
Enabled = false;
|
||||
};
|
||||
};
|
||||
Peering = {
|
||||
Peers = peers;
|
||||
};
|
||||
Swarm = {
|
||||
AddrFilters = null;
|
||||
};
|
||||
};
|
||||
};
|
||||
nginx = {
|
||||
@ -50,14 +58,18 @@ in
|
||||
virtualHosts."walkah.cloud" = {
|
||||
forceSSL = true;
|
||||
enableACME = true;
|
||||
locations."/" = { proxyPass = "http://127.0.0.1:8080"; };
|
||||
locations."/" = {
|
||||
proxyPass = "http://127.0.0.1:8080";
|
||||
};
|
||||
};
|
||||
|
||||
# Hosted Sites
|
||||
virtualHosts."walkah.net" = {
|
||||
forceSSL = true;
|
||||
enableACME = true;
|
||||
locations."/" = { proxyPass = "http://127.0.0.1:8080"; };
|
||||
locations."/" = {
|
||||
proxyPass = "http://127.0.0.1:8080";
|
||||
};
|
||||
serverAliases = [
|
||||
"www.walkah.net"
|
||||
];
|
||||
|
||||
12
nix/modules/k3s/agent.nix
Normal file
12
nix/modules/k3s/agent.nix
Normal file
@ -0,0 +1,12 @@
|
||||
_:
|
||||
let
|
||||
hosts = import ../../hosts.nix;
|
||||
in
|
||||
{
|
||||
imports = [ ./common.nix ];
|
||||
|
||||
services.k3s = {
|
||||
role = "agent";
|
||||
serverAddr = "https://${hosts.plato.address}:6443";
|
||||
};
|
||||
}
|
||||
18
nix/modules/k3s/common.nix
Normal file
18
nix/modules/k3s/common.nix
Normal file
@ -0,0 +1,18 @@
|
||||
{ config, ... }:
|
||||
let
|
||||
hostname = config.networking.hostName;
|
||||
hosts = import ../../hosts.nix;
|
||||
in
|
||||
{
|
||||
services.k3s = {
|
||||
enable = true;
|
||||
tokenFile = config.sops.secrets.k3s-token.path;
|
||||
extraFlags = [
|
||||
"--node-external-ip=${hosts.${hostname}.address}"
|
||||
];
|
||||
};
|
||||
sops.secrets.k3s-token = {
|
||||
owner = "root";
|
||||
mode = "0400";
|
||||
};
|
||||
}
|
||||
7
nix/modules/k3s/server.nix
Normal file
7
nix/modules/k3s/server.nix
Normal file
@ -0,0 +1,7 @@
|
||||
{
|
||||
imports = [ ./common.nix ];
|
||||
services.k3s = {
|
||||
role = "server";
|
||||
clusterInit = true;
|
||||
};
|
||||
}
|
||||
@ -1,10 +1,6 @@
|
||||
{ config, pkgs, ... }:
|
||||
|
||||
{
|
||||
environment.systemPackages = with pkgs; [
|
||||
matrix-synapse-tools.synadm
|
||||
];
|
||||
|
||||
services = {
|
||||
postgresql = {
|
||||
enable = true;
|
||||
@ -17,7 +13,10 @@
|
||||
LC_CTYPE = "C";
|
||||
'';
|
||||
};
|
||||
postgresqlBackup.databases = [ "matrix" "matrix-syncv3" ];
|
||||
postgresqlBackup.databases = [
|
||||
"matrix"
|
||||
"matrix-syncv3"
|
||||
];
|
||||
|
||||
matrix-synapse = {
|
||||
enable = true;
|
||||
@ -28,40 +27,38 @@
|
||||
enable_registration = false;
|
||||
database = {
|
||||
name = "psycopg2";
|
||||
args = { database = "matrix"; };
|
||||
args = {
|
||||
database = "matrix";
|
||||
};
|
||||
};
|
||||
listeners = [{
|
||||
bind_addresses = [
|
||||
"0.0.0.0"
|
||||
];
|
||||
port = 8008;
|
||||
type = "http";
|
||||
tls = false;
|
||||
x_forwarded = true;
|
||||
resources = [{
|
||||
compress = false;
|
||||
names = [ "client" "federation" ];
|
||||
}];
|
||||
}];
|
||||
listeners = [
|
||||
{
|
||||
bind_addresses = [
|
||||
"0.0.0.0"
|
||||
];
|
||||
port = 8008;
|
||||
type = "http";
|
||||
tls = false;
|
||||
x_forwarded = true;
|
||||
resources = [
|
||||
{
|
||||
compress = false;
|
||||
names = [
|
||||
"client"
|
||||
"federation"
|
||||
];
|
||||
}
|
||||
];
|
||||
}
|
||||
];
|
||||
};
|
||||
extraConfigFiles = [
|
||||
config.sops.secrets.matrix-registration-secret.path
|
||||
];
|
||||
};
|
||||
|
||||
matrix-sliding-sync = {
|
||||
enable = true;
|
||||
settings = {
|
||||
SYNCV3_SERVER = "https://matrix.walkah.chat";
|
||||
SYNCV3_BINDADDR = "0.0.0.0:8088";
|
||||
};
|
||||
environmentFile = config.sops.secrets.matrix-sliding-sync-secret.path;
|
||||
};
|
||||
};
|
||||
|
||||
sops.secrets.matrix-registration-secret = {
|
||||
owner = "matrix-synapse";
|
||||
};
|
||||
|
||||
sops.secrets.matrix-sliding-sync-secret = { };
|
||||
}
|
||||
|
||||
@ -7,13 +7,17 @@
|
||||
"matrix.walkah.chat" = {
|
||||
forceSSL = true;
|
||||
enableACME = true;
|
||||
locations."/" = { proxyPass = "http://100.111.208.75:8008"; };
|
||||
locations."/" = {
|
||||
proxyPass = "http://100.111.208.75:8008";
|
||||
};
|
||||
};
|
||||
|
||||
"syncv3.walkah.chat" = {
|
||||
forceSSL = true;
|
||||
enableACME = true;
|
||||
locations."/" = { proxyPass = "http://100.111.208.75:8088"; };
|
||||
locations."/" = {
|
||||
proxyPass = "http://100.111.208.75:8088";
|
||||
};
|
||||
};
|
||||
|
||||
"walkah.chat" = {
|
||||
@ -21,7 +25,10 @@
|
||||
enableACME = true;
|
||||
locations = {
|
||||
"= /.well-known/matrix/server".extraConfig =
|
||||
let server = { "m.server" = "matrix.walkah.chat:443"; };
|
||||
let
|
||||
server = {
|
||||
"m.server" = "matrix.walkah.chat:443";
|
||||
};
|
||||
in
|
||||
''
|
||||
default_type application/json;
|
||||
@ -31,8 +38,12 @@
|
||||
"= /.well-known/matrix/client".extraConfig =
|
||||
let
|
||||
client = {
|
||||
"m.homeserver" = { "base_url" = "https://matrix.walkah.chat"; };
|
||||
"org.matrix.msc3575.proxy" = { "url" = "https://syncv3.walkah.chat"; };
|
||||
"m.homeserver" = {
|
||||
"base_url" = "https://matrix.walkah.chat";
|
||||
};
|
||||
"org.matrix.msc3575.proxy" = {
|
||||
"url" = "https://syncv3.walkah.chat";
|
||||
};
|
||||
};
|
||||
in
|
||||
''
|
||||
@ -40,7 +51,9 @@
|
||||
add_header Access-Control-Allow-Origin *;
|
||||
return 200 '${builtins.toJSON client}';
|
||||
'';
|
||||
"/" = { root = pkgs.element-web; };
|
||||
"/" = {
|
||||
root = pkgs.element-web;
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
@ -21,6 +21,7 @@ _: {
|
||||
puffpuffpassion = "72e0d040-fa54-47e8-a6e7-162fdaa0cac5";
|
||||
rafadoodle = "9a7c860e-e269-4c38-b2f7-ca5533c27e98";
|
||||
camylamb = "c9fcbfa1-89da-4cf9-97fe-b9e5290a4eb4";
|
||||
shortychark = "3f420f61-867f-4651-a849-d2e54f8c220d";
|
||||
};
|
||||
};
|
||||
}
|
||||
|
||||
@ -1,4 +1,5 @@
|
||||
{ pkgs, config, ... }: {
|
||||
{ pkgs, config, ... }:
|
||||
{
|
||||
services = {
|
||||
postgresql = {
|
||||
enable = true;
|
||||
|
||||
@ -1,51 +0,0 @@
|
||||
{ config, ... }:
|
||||
|
||||
{
|
||||
services.traefik = {
|
||||
enable = true;
|
||||
group = "docker";
|
||||
environmentFiles = [
|
||||
config.sops.secrets.traefik.path
|
||||
];
|
||||
staticConfigOptions = {
|
||||
api = {
|
||||
dashboard = true;
|
||||
insecure = true;
|
||||
};
|
||||
certificatesResolvers = {
|
||||
myresolver = {
|
||||
acme = {
|
||||
email = "walkah@walkah.net";
|
||||
storage = "/var/lib/traefik/acme.json";
|
||||
dnsChallenge = {
|
||||
provider = "cloudflare";
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
entryPoints = {
|
||||
web = {
|
||||
address = ":80";
|
||||
http = {
|
||||
redirections = {
|
||||
entryPoint = {
|
||||
to = "websecure";
|
||||
scheme = "https";
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
websecure = {
|
||||
address = ":443";
|
||||
};
|
||||
};
|
||||
providers = {
|
||||
docker = { };
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
sops.secrets.traefik = {
|
||||
owner = "traefik";
|
||||
};
|
||||
}
|
||||
@ -1,11 +1,18 @@
|
||||
{ self, nixpkgs, home-manager, nixos-hardware, sops-nix, ... }:
|
||||
{
|
||||
self,
|
||||
nixpkgs,
|
||||
home-manager,
|
||||
raspberry-pi-nix,
|
||||
sops-nix,
|
||||
...
|
||||
}:
|
||||
let
|
||||
mkSystem = hostName: modules:
|
||||
mkSystem =
|
||||
hostName: modules:
|
||||
let
|
||||
hostSystem = self.hosts.${hostName}.system;
|
||||
in
|
||||
nixpkgs.lib.nixosSystem {
|
||||
system = hostSystem;
|
||||
modules = [
|
||||
home-manager.nixosModules.home-manager
|
||||
(_: {
|
||||
@ -13,8 +20,9 @@ let
|
||||
nixpkgs.overlays = [ self.overlays.default ];
|
||||
nixpkgs.config.allowUnfree = true;
|
||||
})
|
||||
{ nixpkgs.hostPlatform = hostSystem; }
|
||||
] ++ modules;
|
||||
specialArgs = { inherit nixos-hardware sops-nix; };
|
||||
specialArgs = { inherit raspberry-pi-nix sops-nix; };
|
||||
};
|
||||
in
|
||||
{
|
||||
|
||||
@ -1,8 +1,6 @@
|
||||
matrix-registration-secret: ENC[AES256_GCM,data:Sn3pGBq4U3Tgw0pYaetnBLRiNdFGnMxAxyfrxhF9kFDMFijKSy9XBj71M5XxV4shYQyPvu2WDnPR1YvyoQVlv8cEoXhX7++JlYsp/2ZfKIzp4iMxh24z57Cw8vg=,iv:/zxlIeI9gWWCHbejYgz8pjjOrukKome0/bmcXuG3/yE=,tag:3fc3c96H3pO1FUO7p3T4gw==,type:str]
|
||||
matrix-sliding-sync-secret: ENC[AES256_GCM,data:jZvU3VhOLhM7bU3DkITB+TXROcImaKCcqoECGVQ63fADVrs42mGwnzLeQ9HxI6jLCuNMLKm0juXslUATA51wP3ta0z/1KiwX7q2Fwj4D/w==,iv:BYn7DAcpFOeTQNz9KnkAMIppmypFTllPLfK35n7hB9A=,tag:K6+fSRkMdSOHvrb+spVI3w==,type:str]
|
||||
ipfs-cluster-secret: ENC[AES256_GCM,data:fmZ1USrJlR8fbulr1Kn8LDkMl/c6OkIN5M5q4X0MLO77K8zPwTXm0+M8ZHfq36rnuxBV0gsTiYBn47DSQLaDkONOPuEu99EGuIYZ9qZQVaZ/RC12ej6bpHaaX3m3j48szOXwJdoyDWlP32ZFanMznO8+EwAz5ccNV03ck/Rh/qpq9pWt/QjNhqtAkwFkooGB0aWRdHlillsB/SGQJk/moweIQk3qz2Ya4cN21Cxfssd08TDacjNCUekIgZ/xuXV7j8dCV/qiAOJEfaHn,iv:bAEDTTeQvg+sE67nEuSZhxqJBZVXFRNIPOZGkPYy9dY=,tag:82eBLePaqu7tYu0MtefMOQ==,type:str]
|
||||
drone: ENC[AES256_GCM,data:UKh2qyZq5eTiEpdbGve+fCQZzSx/j+wUv9eHT/ToU9b51rwA7XJQC4g3rvljBL9X7DFVVdsWOdG6y1eRGImdelJ5hwxa8oK5CBpaGLGjd9+Hm8SS+Q+PAFDW6fdsPtDDgK5jjykcIlJ7u9mjCffFsCGw3UWfHxnniCnIba9e499XU+VR6l96U3oGOsrr0XO/d2zwrOm3mvXQL1P3cE+se4/UDKrdABGfKWyGqZ9xgi6Q7PTSmRv4AtpwpgF1URBvPVqs6yoexWetksLv+Xk5H50EeucbMOA+oUSJ06fUMECFRF9thRrdUbtK,iv:CiZz6NSksNMGmZxWS7uE69O6UnvTkRWbeBwC1bUqR9o=,tag:qcLmseQgkjMVv2uNXPFHzw==,type:str]
|
||||
traefik: ENC[AES256_GCM,data:SEjgraDDpdJnaOEZVi/0Vtr3J/jQ3zC2kZaMmMRKhRd77EkXC6eeSbOaORv30QSXcfipm8INT45TKZfRSdbnoV6XbgAqLyLmef3LkmMt+eA=,iv:bbns12ZiqeBha0eWEARMixFfPDHzF8PBjUEeEdkwf6Q=,tag:ft2k2CQk7VmfWiGhhyHVfQ==,type:str]
|
||||
akkoma-secret-key-base: ENC[AES256_GCM,data:OQBGkyjhDeNz40bBMMqLU7S6s4r6CtatOxJ5RNdba5m5NQO+JJ5/sEuOjJrJ29oRGjHFYwmUcAB9vptWdGZdcA==,iv:oYh9fh12cNYJOgC8DAxyYxw8dp1Fmd1CijNpgmn/AV8=,tag:E9W/5TWPjIgjE3o/QAky0A==,type:str]
|
||||
akkoma-signing-salt: ENC[AES256_GCM,data:KtOdcHM8XLY=,iv:RXvLlSyPzK6HYFxwyKEnDw1llmfNC5ambqvGiAkVxnA=,tag:LLna293WAYoBlr0j3U6zkg==,type:str]
|
||||
akkoma-vapid-private-key: ENC[AES256_GCM,data:D8Dh53yOgKrcsttJ36xyV1locXBV2BB2EG/rOfIctCbOItdsodtpMCAwRg==,iv:xzheaTo0b3szYGvZmc3ucPi9lYXJStznAUyWNQ9TATE=,tag:tHV5DUFuvq2F9yRFmHrQXQ==,type:str]
|
||||
@ -10,6 +8,7 @@ akkoma-vapid-public-key: ENC[AES256_GCM,data:HnUAyTq7dwa+A9L1X3YyxkiJ71BoZis5TdE
|
||||
akkoma-joken-signer: ENC[AES256_GCM,data:6GbXC7teDXxr0z7eBLm9EvJv59Bvd1FqRuBGntAH9YzM79MVUMsx4JnCZ+bPR9hLiIVgITeAc5djk2tiJewh6w==,iv:q7A8f7kocb1Go7acFkVSxdmhObPxpGlfbPgfrOXHEjg=,tag:lS4UNS1ivVZdmm8AMS/1MQ==,type:str]
|
||||
filesystems-parthenon: ENC[AES256_GCM,data:dYO+QjvWhR3oXrDfAEaUvTLx147NIDFcPUa7p3Jv558ynqmmEnVZ3+fVMUQVIw==,iv:ASmXqNA8/TZvSRo31CFAzt6StsZzZpVFvz15LN5+QmQ=,tag:Wx6kDCXqZ1iSmxpggBKVxA==,type:str]
|
||||
upsmon: ENC[AES256_GCM,data:Rlqkhh7w8S9jD3mwUdkt3g==,iv:hiMkbAhea1f6r5gGTRw49ebepMtTYBVyH+bHwp/T61Q=,tag:cbaxIDuD4JNeCC5MiMGl6w==,type:str]
|
||||
k3s-token: ENC[AES256_GCM,data:dyyFY/ruyCfAdQmmdD1eDPKhBWkbgElbFQgMjGALrM8OeTXRiiV18AwG1ZGtw+j3CBmladwBf0+gcfC0ojKHlA==,iv:j4IOIZegDMJik6shOhUZGyI0N8TD1yMDcOacArgM05Q=,tag:t91uRzF8RgxLF/f2M+9Wgg==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
@ -19,68 +18,68 @@ sops:
|
||||
- recipient: age16yv7atd8n880ja98pksqqvunu2yw00660lkh4n0sg39j5vt3dujshyu95j
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBPZlFKbFY4YjNnN3hhNTNw
|
||||
V1N0ZVh6ZDJrSng4M1pBMWxqZTJmcUJLWUdNCm55K2RpVSs0NHNGK1F4K28xTk9q
|
||||
UHVESitPSEs2eEZCT3RreWpVam80ZmMKLS0tIHJ4Q3pHOFVTOStBUGprR0FvRHhl
|
||||
VzhmT3BzYy8veHhaZUtUSmxCZDh5V1kKsjFBNoqtUD44d8ImP/DcvS+gBkQJi/Vt
|
||||
0NlkRRhWndFGss6gkcf7aIObHw9kAlU6RsspJt5Wte6ZLHj3eATkfA==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBOT3gyL29ETGNYSTNBMHhx
|
||||
RUVNRmdpZm9TZTdJNTJCOSt5blZ3T2JLVlhVCldaTjhaanBrWTVIOWJQQ1VJUTUw
|
||||
alJuRjhOU2wxWEF1RG0vZE9LVU1JcHMKLS0tIGF0VlRDeldsSFFZNzVHaWJGTUtC
|
||||
WlhMcDM3RlF5Y3FkRXczbWNHQWNrVjAKx77NlnVTab75G2QTiuEmAyI10m2ZbMjc
|
||||
IyVWoRabZY96J/HYiZaURZY5Aq10Opa9vTp0xXL0FxLwF0Bclr7J+Q==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age12m47c7xvqttncps0e79pwamzqa4nmnxekwumtwcv5ju6q74fufaqp9d0xh
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBTbVlQY1kzb3RxZG90RWlG
|
||||
eUNBZlZPNUhEZXBqcFFUdTVXWUgyOFllMjB3Cm9lS09tdXZuYmpzUWJDSnI1OTlG
|
||||
NDBlcWFBSDg3UnB2YVlMRUduTXZsaUUKLS0tIFkwTWxRNnVER3g1VVYzbURKM2ha
|
||||
b09tcStFNWlrRVdBSFhZMVRaYkFGSE0KeHfPNNADsP6v0H9PihaKEDXWjun8ORsb
|
||||
uQKLTz8wKTUk8JIFfY1g5iUqNxG+XvOQrSx/8Cepz+h/2sn3sAcaXw==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBzY3hRcjZsZDBjb1FtWElx
|
||||
ODV3Q0g2Q0QveEUrMkRIZlJSbDBBdjlHZ25ZCmxvcngwN1V4RkJLL1NzWkw4bjNF
|
||||
OXdXMlo1KzZIV3BtUWtXOGdzQ1l1RnMKLS0tIFJjY3JtOHNwTldrM0dqbnkvSThM
|
||||
QW0zMzJtMzNSaEJldzJITDAvZExtcFUKTovVFKkl40WdXOji8xWKZ8eZcEXU64uz
|
||||
4K7fqyhchzu+PB1xVMYeSahIYTh2oZGSKXi8nnTBwz2cPLJmy/8Biw==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1vc8svd5277rjkgzg7frf04uaa45w3crhfvg628rqyrqmxul3q9nsjz6yxk
|
||||
- recipient: age1pn2hnqvgt7rvfglxddlj3jwrm79rvmutmexkpxv4frdnznlel33qvfy6u5
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBuWFYzS1B1NVZBZDFNTXRv
|
||||
TS9EOUd5Umw2c2pmUmhzb0ViUUsrZTBNQ0JnClZvajN4ODNYME11aXFiSmxZUlV3
|
||||
eDlhTWFxSkF1UWlGVS9jZkk2SmlsKzQKLS0tIGE0TmNucGNiV2VJV1FnZmw4TEJy
|
||||
aHpTLzdFeGZ6MVkzTmRjZit0U1I0Zk0Kd6DJlpqsqwwlAXC8Tl0AhijCQ8gHtFwX
|
||||
VeTC0PsUdMxEoTq3mg4aM0M5AML4txDKRpFH4XkH9G6lgU9hNebXUA==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKYlZtbC9sSXhzYUU2bnBZ
|
||||
ZmpKUk5BcHdGbTJ3b0xhRTVxMXIxOXJYSmpNCkdWQ3hJV0t0OVcwNmYwaVh5V3VJ
|
||||
ellsaGRyNnVEaTkxUFNReG4yTUprQUkKLS0tIHNqdjdmQjh3cHlwb0M2bGk0b2NG
|
||||
eGV5Vk54dzNWSlFGTWc1akxHUmhiQ28KzAs/krsXZxcRQpefv5ncqbZ6D9Mr8HDl
|
||||
9Ir35JL2HhZv3wtMUK9TQVINmbPiPGf9mzVoiCQ7Nq9J80wzt/A53Q==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1ulmzprdmcd8r0w47a0nrrlg8melkjk6evl2rc54yh6lxkcfas36q6wrsv9
|
||||
- recipient: age1mnrl9u8vpdjncge33pg7quakl0qdf5dlfgch87jhrs0wrvup4s0s5xh7ly
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAyS21pT3U4R3pjU255QVdV
|
||||
NXgrTDhVT3IvVVQ4N051TkdFT3NJMWozRFhvCnloNmRROTdMZHpkSDB6L25vVWlX
|
||||
RWNTM2czYmNKcUI5NTVZdmwvRWhmQ00KLS0tIElJTmI4aC9xVHk4dHF4cWtEQ0RQ
|
||||
VTJzUUtIaklZVVVNS3JLOWZSbXJYWDgKHcnC1EQ9qSfCgnoNPUa1/fTWJd8zhSAA
|
||||
+5aMUt6Ff4FF3I3e+CIbbTHZdpjgLoO3BgAYFMwn7iImjGDYTuSHQA==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBTeDI0QXE4L0tBWDd3dmVI
|
||||
TlN3RlBNYjNCUkZMWGUwVEtkZHU4UTVYdWw4CnMvT09sU0EyVllSM1VSRXhsL2FF
|
||||
NnVGQ0hyRTFjdjBWSjVpNXNuc3I4RTAKLS0tIEIveW00Ky9jbnozTGZqZk4zeEdp
|
||||
ZnBaRUJMSy9sSTIwUzR0U1JsRFhJWnMKOyIeYJquwLWqmLVqMNRCLK1U/10ILBEu
|
||||
FX+kU8c5qrpsSoMjNfy/h9QCF/5u+9CV/9wHw2HONN0CAwWlYrDgdw==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1lfjkch3pqaq3uwmjxyucpm2tws6llxqqjglj4yn49jkwkf50xvmqrl974e
|
||||
- recipient: age1tt0gwcm03zmpelerpph49knn8f6t8z7aq9una2qys76kf4rwxpnquxkvz3
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBiR1JnZzhpQzdYTll5cFhQ
|
||||
em83Zjh0TjhIZmhRd3hHTVkwendPNzFNMUZJClNqb08vQjVTdjgvblN2YTJsOGZM
|
||||
VU1udXh1NmFOS284ZFJQanNQN1JGbUkKLS0tICtla1RRdHo0TE54bm1YUGJ0R3Jw
|
||||
WTdQMXdFMFJidTFyY3o3a080MUU0c3MKtG/7ruQyF9g++O3YHAhJO8MzflCtjYw3
|
||||
HgzCF68X14ow/47/oKOPjlM19L8lO4a/sDtQ5RevDWn/+RQLY8mUlQ==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB6a2JmV1hQb0FHekpzVWVL
|
||||
d1RzdEoxVmZWQ25XT2hkYmtESFIrNFc1N1Y0Cmx4dEZrRnhDZDlGRXJPVGRpa0l5
|
||||
akhKR3dlTS9SblFrTndBakVIemwrRFEKLS0tICsraW83aFlvRzRKVHdQcjhLUjFB
|
||||
K29DeVBqWUs0ejRUVUd2SkpVYzd1UEkK0/AHkZ7gKouHi26nsZsr4CpmDu+jbKx6
|
||||
BA7VAwCI0nBP5sOgNXbsmYhgyAlaz28tybNXV+QzCnJiyTXhZM5F8w==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1jnf94uq5ap96vk7nfk3qkr38ylhletc6pskj0ypc470d7gmt0qeqskdy5z
|
||||
- recipient: age1px55dk5n3whfdyshzyxqmyjvqdmv9au6myx6w67jw3cqp9sdx9rsa6xep9
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBPKzB6a0pyUTRWeExLaUFu
|
||||
NzlsaEFDNFdkUFZQbmFiTDRObFIrZjBmd1dnCnBqa2l5N01CZ3Voay9vTTgyRmtk
|
||||
V0JYM3NwVVlBVWwxS2o1QVpKSE9SRk0KLS0tIGNaWGxoczh0UG4wOGY1azlnWEtm
|
||||
VGh2SVVSMDh5VnBoOWc1Mi92R1hPLzAKaCkUGHbc1rR6vMZX97cqH4OLhyM+MmMc
|
||||
jPJ2pbrmdZwjHmBVhZUHb+Ow8x8lyERW6Z1mbr1F6eEd5of6dVJ23w==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBiS1BMUFU5T05PM2Z1Zk96
|
||||
N3FYTWp3bWtwMDZ4QVdVMEVLaTFueE9Od1JJCjdtMUNRa1JGWUkxRTZueS9vSGdx
|
||||
NG9TVHF5T3lYbUZxa1FWY2RldHV1ZVkKLS0tIHNqbEZlSk9zR1FpWmNMQy8rayt6
|
||||
SStpZHdKZGN0NGNieldPY2JTcnJ4ZW8Kz5u/fJjkwi8vJh3CB7K0S7+b9gzOhsvW
|
||||
+0lfMGT+Dtbchq8O1wsCoBfe8I5kV2QlXJxTU7o4BASFKfNzX9E4gA==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age12wakcnv487c5rkgv7z6umzywrqwcy6dgguq0dug6lxp64scjsq6sspkmgz
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4UzQ0OFBPZ1BFY0VGSHNF
|
||||
V0tpTFZIdkVtbHE2RkVSZ2lqYi95eGwzbW5jCm9BS0tLZDhwRGhIRExNTjVvVDNy
|
||||
RzUwWmdBMEUyMUpQSWhKK21ZWUNPeEUKLS0tIG9KdlpXaDFLckVhVlBQaWJxeVJm
|
||||
dFZacUhiZDFxK0xZMDJJeCtQUmtuSGcKVz2TOsyw5F4mpFgbZnkWPjQPB7nSKkzd
|
||||
96r8RHs8CrlSpBUP6TG6Q+Tz77G1XIgcZrN9EVyYCQB7zOukIdZ5zw==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVa2pHd2dvNHBwcW85SnNy
|
||||
aSt4ZElQdGZLMW5GNnIyc2NxY1J2MEk1c0RjCmJiMEY5cklnWVVHN25ST2JSWEhT
|
||||
WWcvVG9TRVlVdWFzcjhENFZCMUhXVHMKLS0tIFpWcURkWFExU200TlR1N2NIak4z
|
||||
WlZuY2ExWWJ1VzBpY2kzaUZCcVJMZHcKoqKBQEe+3UnAhqbc7Nq8zgEVoFFjryaY
|
||||
c8ALKqMIaMjAeA8ZU4ZTIu13pMYcJ+gAlPATt0vmsTn0Q0XIiudpJQ==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2024-08-25T17:15:30Z"
|
||||
mac: ENC[AES256_GCM,data:ZvvD8D4Lv3vbz4Le5/aUjlRbKA3Iqr7f6hSPBRg7t4+3ohBkOn1HMV8UjXUt8ixnUBTAw4/FfT0nzGKB9p2dzRGif8mPB85y//ZPUfQ6DDfUp7gZkMlo5Dnr2rvNQDoFH3bb+L99UDqh9UYUp3SkGnR0VXF1TfUOoCfu0hfzzDo=,iv:onc7AXgH9K6Qxjur6MBRdCdtJcrP6TGtTNdZll9grrQ=,tag:7PjPlc4W4Xrk3M1WckXoqg==,type:str]
|
||||
lastmodified: "2025-03-10T18:41:36Z"
|
||||
mac: ENC[AES256_GCM,data:nAUaEMxYGZc+hzeFo2sjQNBPuVw9GKjDAL9R9uJl9ySWNOLtSjl150qkAYjfqfIpsiyRtnSBfP1UxvKHjbAv5Fu9Bmkv+1rv6T8d9nK541DrT1IJ/F/sdw+Vqf/xJss1pvZLP/KhLT5wfvyPrk3VeKWx5f7BI/VzCsU1MNukZdY=,iv:ooxqCvIogeyXiHC10BJUYu9PCTZr/bnUJHiUzg2bjw4=,tag:Wt+vmIVPmlTOxAQ6rHnxdg==,type:str]
|
||||
pgp: []
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.9.0
|
||||
version: 3.9.4
|
||||
|
||||
@ -1,120 +0,0 @@
|
||||
## From https://github.com/NixOS/nixpkgs/pull/100871
|
||||
{ config, lib, pkgs, ... }:
|
||||
with lib;
|
||||
let
|
||||
cfg = config.services.ipfs-cluster;
|
||||
|
||||
# secret is by envvar, not flag
|
||||
initFlags = toString [
|
||||
(optionalString (cfg.initPeers != [ ]) "--peers")
|
||||
(lib.strings.concatStringsSep "," cfg.initPeers)
|
||||
];
|
||||
in
|
||||
{
|
||||
###### interface
|
||||
options = {
|
||||
services.ipfs-cluster = {
|
||||
enable = mkEnableOption
|
||||
"Pinset orchestration for IPFS - requires ipfs daemon to be useful";
|
||||
|
||||
user = mkOption {
|
||||
type = types.str;
|
||||
default = "ipfs";
|
||||
description = "User under which the ipfs-cluster daemon runs.";
|
||||
};
|
||||
|
||||
group = mkOption {
|
||||
type = types.str;
|
||||
default = "ipfs";
|
||||
description = "Group under which the ipfs-cluster daemon runs.";
|
||||
};
|
||||
|
||||
consensus = mkOption {
|
||||
type = types.enum [ "raft" "crdt" ];
|
||||
description = "Consensus protocol - 'raft' or 'crdt'. https://cluster.ipfs.io/documentation/guides/consensus/";
|
||||
};
|
||||
|
||||
dataDir = mkOption {
|
||||
type = types.str;
|
||||
default = "/var/lib/ipfs-cluster";
|
||||
description = "The data dir for ipfs-cluster.";
|
||||
};
|
||||
|
||||
initPeers = mkOption {
|
||||
type = types.listOf types.str;
|
||||
default = [ ];
|
||||
description = "Peer addresses to initialize with on first run.";
|
||||
};
|
||||
|
||||
openSwarmPort = mkOption {
|
||||
type = types.bool;
|
||||
description = "Open swarm port, secured by the cluster secret. This does not expose the API or proxy. https://cluster.ipfs.io/documentation/guides/security/";
|
||||
};
|
||||
|
||||
secretFile = mkOption {
|
||||
type = types.nullOr types.path;
|
||||
default = null;
|
||||
description = ''
|
||||
File containing the cluster secret in the format of EnvironmentFile as described by
|
||||
<citerefentry><refentrytitle>systemd.exec</refentrytitle>
|
||||
<manvolnum>5</manvolnum></citerefentry>. For example:
|
||||
<programlisting>
|
||||
CLUSTER_SECRET=<replaceable>...</replaceable>
|
||||
</programlisting>
|
||||
|
||||
if null, a new secret will be generated on first run.
|
||||
A secret in the correct format can also be generated by: openssl rand -hex 32
|
||||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
###### implementation
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
environment.systemPackages = [ pkgs.ipfs-cluster ];
|
||||
systemd = {
|
||||
tmpfiles.rules =
|
||||
[ "d '${cfg.dataDir}' - ${cfg.user} ${cfg.group} - -" ];
|
||||
|
||||
services.ipfs-cluster-init = {
|
||||
path = [ "/run/wrappers" pkgs.ipfs-cluster ];
|
||||
environment.IPFS_CLUSTER_PATH = cfg.dataDir;
|
||||
wantedBy = [ "default.target" ];
|
||||
|
||||
serviceConfig = {
|
||||
# "" clears exec list (man systemd.service -> execStart)
|
||||
ExecStart = [
|
||||
""
|
||||
"${pkgs.ipfs-cluster}/bin/ipfs-cluster-service init --consensus ${cfg.consensus} ${initFlags}"
|
||||
];
|
||||
Type = "oneshot";
|
||||
RemainAfterExit = true;
|
||||
User = cfg.user;
|
||||
Group = cfg.group;
|
||||
} // optionalAttrs (cfg.secretFile != null) {
|
||||
EnvironmentFile = cfg.secretFile;
|
||||
};
|
||||
unitConfig.ConditionDirectoryNotEmpty = "!${cfg.dataDir}";
|
||||
};
|
||||
|
||||
services.ipfs-cluster = {
|
||||
environment.IPFS_CLUSTER_PATH = cfg.dataDir;
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
|
||||
wants = [ "ipfs-cluster-init.service" ];
|
||||
after = [ "ipfs-cluster-init.service" ];
|
||||
|
||||
serviceConfig = {
|
||||
ExecStart =
|
||||
[ "" "${pkgs.ipfs-cluster}/bin/ipfs-cluster-service daemon" ];
|
||||
User = cfg.user;
|
||||
Group = cfg.group;
|
||||
} // optionalAttrs (cfg.secretFile != null) {
|
||||
EnvironmentFile = cfg.secretFile;
|
||||
};
|
||||
};
|
||||
};
|
||||
networking.firewall.allowedTCPPorts = mkIf cfg.openSwarmPort [ 9094 9096 ];
|
||||
};
|
||||
}
|
||||
@ -1,8 +1,13 @@
|
||||
{ system, pkgs, self, ... }: {
|
||||
{
|
||||
system,
|
||||
pkgs,
|
||||
self,
|
||||
...
|
||||
}:
|
||||
{
|
||||
default = pkgs.mkShell {
|
||||
name = "athens";
|
||||
buildInputs = with pkgs; [
|
||||
deploy-rs
|
||||
deadnix
|
||||
doctl
|
||||
nixd
|
||||
|
||||
@ -1,18 +1,23 @@
|
||||
{ lib, pkgs, ... }:
|
||||
|
||||
{
|
||||
users.users.walkah = {
|
||||
home = if pkgs.stdenv.isDarwin then "/Users/walkah" else "/home/walkah";
|
||||
shell = pkgs.zsh;
|
||||
openssh.authorizedKeys.keys = [
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ0mE4MyMnfd1b2nlBJT7kpZ6Vov+ILuGNfzdp5ZBNQe walkah@walkah.net"
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM8YMax7PGIrcPNIHkpuNRFgn3HJK6Wepm+ycZWO6jfR walkah@walkah-ipadpro11"
|
||||
];
|
||||
} // lib.optionalAttrs pkgs.stdenv.isLinux {
|
||||
extraGroups = [ "wheel" "docker" ];
|
||||
group = "walkah";
|
||||
isNormalUser = true;
|
||||
};
|
||||
users.users.walkah =
|
||||
{
|
||||
home = if pkgs.stdenv.isDarwin then "/Users/walkah" else "/home/walkah";
|
||||
shell = pkgs.zsh;
|
||||
openssh.authorizedKeys.keys = [
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ0mE4MyMnfd1b2nlBJT7kpZ6Vov+ILuGNfzdp5ZBNQe walkah@walkah.net"
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM8YMax7PGIrcPNIHkpuNRFgn3HJK6Wepm+ycZWO6jfR walkah@walkah-ipadpro11"
|
||||
];
|
||||
}
|
||||
// lib.optionalAttrs pkgs.stdenv.isLinux {
|
||||
extraGroups = [
|
||||
"wheel"
|
||||
"docker"
|
||||
];
|
||||
group = "walkah";
|
||||
isNormalUser = true;
|
||||
};
|
||||
users.groups.walkah = { };
|
||||
|
||||
home-manager = {
|
||||
|
||||
@ -1,20 +1,28 @@
|
||||
{ lib, pkgs, ... }: {
|
||||
{ lib, pkgs, ... }:
|
||||
{
|
||||
home = {
|
||||
username = "walkah";
|
||||
# homeDirectory = if pkgs.stdenv.isDarwin then "/Users/walkah" else "/home/walkah";
|
||||
|
||||
packages = with pkgs; [
|
||||
chezmoi
|
||||
bat
|
||||
direnv
|
||||
eza
|
||||
fd
|
||||
fzf
|
||||
git
|
||||
htop
|
||||
jq
|
||||
starship
|
||||
tmux
|
||||
];
|
||||
|
||||
activation.chezmoi = lib.hm.dag.entryAfter [ "installPackages" ] ''
|
||||
$DRY_RUN_CMD ${pkgs.chezmoi}/bin/chezmoi init --apply walkah/dotfiles
|
||||
export SSL_CERT_FILE="${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt";
|
||||
export PATH="${pkgs.git}/bin:${pkgs.openssh}/bin:$PATH"
|
||||
if [ ! -d $HOME/.local/share/chezmoi ]; then
|
||||
$DRY_RUN_CMD ${pkgs.chezmoi}/bin/chezmoi init --apply walkah/dotfiles
|
||||
else
|
||||
$DRY_RUN_CMD ${pkgs.chezmoi}/bin/chezmoi update --apply
|
||||
fi
|
||||
'';
|
||||
|
||||
stateVersion = "24.05";
|
||||
|
||||
77
terraform/.terraform.lock.hcl
generated
77
terraform/.terraform.lock.hcl
generated
@ -1,50 +1,49 @@
|
||||
# This file is maintained automatically by "tofu init".
|
||||
# Manual edits may be lost in future updates.
|
||||
|
||||
provider "registry.opentofu.org/digitalocean/digitalocean" {
|
||||
version = "2.30.0"
|
||||
constraints = "~> 2.0"
|
||||
provider "registry.opentofu.org/cloudflare/cloudflare" {
|
||||
version = "4.52.0"
|
||||
constraints = "~> 4.0"
|
||||
hashes = [
|
||||
"h1:2IS8Ng87PDjkNzTfIF6RzyHQywNOBO8iYwDOiAxk8IM=",
|
||||
"zh:0a6f0d7ac89c6f1835df9f8dc4464eb42893449a4d4f3a9e832472a3e4184c03",
|
||||
"zh:299b78108f01f3ddcc35424ed20b79a810610612e3ee13958d7cd45a16d53628",
|
||||
"zh:2dfcc11c79f058f76aa0545f842dede804cdc1cd40f48c3573312b7f93882923",
|
||||
"zh:33271b4d8c75cef65b7f3d2bc3afbaa412849cea49593715806b25a9ffc8d03e",
|
||||
"zh:448de7e2d46c4619cb98921c70b6a35a91256329457d27023a813c01635dfe65",
|
||||
"zh:53bc104ae2bacbcaa5b0a4ce2caf06c1ac942c6114f2b5a12869d020c7580cc6",
|
||||
"zh:54ee5aafe43b12b87901036d13fc399f511d4f5f6fef784a07a695bdeed300f1",
|
||||
"zh:563ac07ff6d3379d23749e930007179a63e3b13317b214db5b8faf43fef21aea",
|
||||
"zh:8f6a53f53b880f20e1f3953727c91888bf06aad5ba28dba9a69621b042cf2eb0",
|
||||
"zh:9089f77da041e64e112e3efe2c013d7cb032362544724a672579919471a78571",
|
||||
"zh:951fa4e16d05bb3e717a1f3ac0b91487eb554088fc0f96e188586e729a925d3b",
|
||||
"zh:a287a3fc416a3e8b4794ed89bd24978b5d53ae110091ab7986c609a9e048c847",
|
||||
"zh:b09ee82f32c819c477117b7692888e7d4b5a403316c3bab3bd55bae1133438b1",
|
||||
"zh:c00fccb3699abc6277eb7750b0b85d8cd1f0a0f84c41d388e90ef039a830a5ca",
|
||||
"zh:ce95cfc5e67276f8ded53cf8a5872720f17d1b0a1cbdef844a773d302524adef",
|
||||
"zh:deb5add87e3040d18bfc111ec82cf61c3ebc1ebea1d594562952058ae061970c",
|
||||
"h1:Pi5M+GeoMSN2eJ6QnIeXjBf19O+rby/74CfB2ocpv20=",
|
||||
"zh:19be1a91c982b902c42aba47766860dfa5dc151eed1e95fd39ca642229381ef0",
|
||||
"zh:1de451c4d1ecf7efbe67b6dace3426ba810711afdd644b0f1b870364c8ae91f8",
|
||||
"zh:352b4a2120173298622e669258744554339d959ac3a95607b117a48ee4a83238",
|
||||
"zh:3c6f1346d9154afbd2d558fabb4b0150fc8d559aa961254144fe1bc17fe6032f",
|
||||
"zh:4c4c92d53fb535b1e0eff26f222bbd627b97d3b4c891ec9c321268676d06152f",
|
||||
"zh:53276f68006c9ceb7cdb10a6ccf91a5c1eadd1407a28edb5741e84e88d7e29e8",
|
||||
"zh:7925a97773948171a63d4f65bb81ee92fd6d07a447e36012977313293a5435c9",
|
||||
"zh:7dfb0a4496cfe032437386d0a2cd9229a1956e9c30bd920923c141b0f0440060",
|
||||
"zh:890df766e9b839623b1f0437355032a3c006226a6c200cd911e15ee1a9014e9f",
|
||||
"zh:8d4aa79f0a414bb4163d771063c70cd991c8fac6c766e685bac2ee12903c5bd6",
|
||||
"zh:a67540c13565616a7e7e51ee9366e88b0dc60046e1d75c72680e150bd02725bb",
|
||||
"zh:a936383a4767f5393f38f622e92bf2d0c03fe04b69c284951f27345766c7b31b",
|
||||
"zh:d4887d73c466ff036eecf50ad6404ba38fd82ea4855296b1846d244b0f13c380",
|
||||
"zh:e9093c8bd5b6cd99c81666e315197791781b8f93afa14fc2e0f732d1bb2a44b7",
|
||||
"zh:efd3b3f1ec59a37f635aa1d4efcf178734c2fcf8ddb0d56ea690bec342da8672",
|
||||
]
|
||||
}
|
||||
|
||||
provider "registry.terraform.io/digitalocean/digitalocean" {
|
||||
version = "2.29.0"
|
||||
provider "registry.opentofu.org/digitalocean/digitalocean" {
|
||||
version = "2.49.2"
|
||||
constraints = "~> 2.0"
|
||||
hashes = [
|
||||
"h1:mJrr4YaOsB7bWfCSJZneiXB6JMnVNnFxYRmQ8vKaOSQ=",
|
||||
"zh:0af0a1a2de818c5dc8ee7ad4dc4731452848e84cfa0c1ce514af1c7aad15c53c",
|
||||
"zh:27229f3162b4142be48554f56227265982f3b74e4c79fa5d2528c8a3912d1e19",
|
||||
"zh:31d6e73bfe12231fa0ab3bbeef0e4aa9822a2008ae2a1a8b22557bdada4af7a3",
|
||||
"zh:6e7417413e96b87a11d47e9acbc88e6d707a6ab23a7de6b584fc600d9d3cbf00",
|
||||
"zh:9faf40798a698b80e8d56e502c220856d2d5f55d5137b9cf5371f2fdaeadd70a",
|
||||
"zh:b9ab9caf21b3f928fdd891e749fd8d33f6d441b39a08d725edf58cf8027a9b7b",
|
||||
"zh:be32b3a35474f8acbab4d0ad8676810fa05a87918cc1874b53672159005016c0",
|
||||
"zh:c2e8f7c08cad44b46e2e5580183e1ef2a4f1803347de136d1a35f333973a25f0",
|
||||
"zh:cf0aba5b5042c762da489050716815652f809f3ef0ededb0f981f11691dbef03",
|
||||
"zh:d1c0874c0ae0aa1eae86dbd131978796303599709c35b5dee926887d375f4cc8",
|
||||
"zh:d4eecb61e763950a5a0f40cddc7a58345419a522b783aae7b0703309a354bb0c",
|
||||
"zh:d866df86dd78eb2a9e54ebff637301522766710bb6dc7f8e330f1146822b62ee",
|
||||
"zh:da51541ef96d0a5745740dc623bff3ccfb6b098b548d78cf5e9d95a15c69963a",
|
||||
"zh:ede343be1528b468feae3a1cbf781e223f63ce33446a008a42f2fb799a23b436",
|
||||
"zh:f20a60e2cecd29bbcc73d59e95aca368e2c55b7648f1923df2c0f7578026b048",
|
||||
"zh:fccaf963f2db1e271e9d28276172910ca6b95471b8e0dfac758daf0495ce17f5",
|
||||
"h1:JzS2Y+M1FEMa7/wbKqiCsLSfcUC/HAg9Cq+3HeJuZgo=",
|
||||
"zh:0fdf521cd264fa17ade903673a96e30b017da1970950d7566d8efaeb7eeaa051",
|
||||
"zh:1457402e4c5e588e1fc7dc4f360e994c06ab84b4822186e5d67cccef80d817de",
|
||||
"zh:1b5f1e524cc74c8c9bfe214950972c054ddb24424b396b2c25a932938408dde5",
|
||||
"zh:293f45fbed53f41b18b4212dee571617cd2968793aedb477958a0b01d640cfbc",
|
||||
"zh:316dd02bc81d6aeea5fd38c0fe6819fc13696a5f239111e93f9c9730491c2df4",
|
||||
"zh:32fa7a2a88a50f93025d9ece6b7d755e5c7931fc14f8336341c0939616224523",
|
||||
"zh:52a977f7ecd480ca03a4a6821afa2de893966a8baa38834b1570ec2ae5b71ec9",
|
||||
"zh:8c733467ff87aa98495a1c8cdb83d6c6fbaa93a329ff6611ef8ff11d86801321",
|
||||
"zh:93352fe00a2ada0f188e8669c61283b708a602e10aa7d5ddda9302b24b47fe14",
|
||||
"zh:9357cf59572b21c4b9d85c6cb22facf9d82cf037f8674b884b3a7be66a06f598",
|
||||
"zh:a3286ecb621e052fba29c26737b093329c5bcd99d7d7c8fc470ce4695b129abd",
|
||||
"zh:b66b7b8e37c3614a3e4083b118e6d0de63b90029471a94e5cbb7f44c6d36330d",
|
||||
"zh:d06dd42935819ea454516edd24f980ca6c1e18ebb3c3e47f8ff4f4ef68fb06e4",
|
||||
"zh:d89490c30f3e4f097d71af5075b126e5ec13983f3072275a5c0c468bf0df8a57",
|
||||
"zh:de7d8114938c52920426ae94451edb26ba98583712545c480a69308506ec6a72",
|
||||
"zh:f6a55d865a3f4ec3a79359bd30e4ef6e2742f1e02a1d934e44b41b092155fc45",
|
||||
]
|
||||
}
|
||||
|
||||
17
terraform/cloudflare_dns.tf
Normal file
17
terraform/cloudflare_dns.tf
Normal file
@ -0,0 +1,17 @@
|
||||
locals {
|
||||
account_id = "273a4698f673c012fd50161e46ceafdb"
|
||||
}
|
||||
|
||||
resource "cloudflare_zone" "walkah_codes" {
|
||||
account_id = local.account_id
|
||||
zone = "walkah.codes"
|
||||
}
|
||||
|
||||
resource "cloudflare_record" "walkah_codes" {
|
||||
zone_id = cloudflare_zone.walkah_codes.id
|
||||
name = "walkah.codes"
|
||||
type = "A"
|
||||
proxied = true
|
||||
content = digitalocean_droplet.socrates.ipv4_address
|
||||
}
|
||||
|
||||
@ -1,7 +1,11 @@
|
||||
terraform {
|
||||
required_version = ">= 1.3.0"
|
||||
required_version = ">= 1.8.0"
|
||||
|
||||
required_providers {
|
||||
cloudflare = {
|
||||
source = "cloudflare/cloudflare"
|
||||
version = "~> 4.0"
|
||||
}
|
||||
digitalocean = {
|
||||
source = "digitalocean/digitalocean"
|
||||
version = "~> 2.0"
|
||||
@ -9,8 +13,9 @@ terraform {
|
||||
}
|
||||
}
|
||||
|
||||
variable "do_token" {}
|
||||
|
||||
provider "cloudflare" {
|
||||
api_token = var.cloudflare_token
|
||||
}
|
||||
provider "digitalocean" {
|
||||
token = var.do_token
|
||||
}
|
||||
|
||||
6
terraform/variables.tf
Normal file
6
terraform/variables.tf
Normal file
@ -0,0 +1,6 @@
|
||||
variable "cloudflare_token" {
|
||||
type = string
|
||||
}
|
||||
variable "do_token" {
|
||||
type = string
|
||||
}
|
||||
Reference in New Issue
Block a user