diff --git a/flake.nix b/flake.nix index 0f26ba3..08c0c66 100644 --- a/flake.nix +++ b/flake.nix @@ -19,6 +19,7 @@ spicetify-nix.url = "github:Gerg-L/spicetify-nix"; oisd.url = "https://big.oisd.nl/domainswild"; oisd.flake = false; + funkwhale.url = "github:mmai/funkwhale-flake"; }; outputs = diff --git a/hosts/dandelion/variables.nix b/hosts/dandelion/variables.nix deleted file mode 100644 index 241d088..0000000 --- a/hosts/dandelion/variables.nix +++ /dev/null @@ -1,17 +0,0 @@ -{ - lib, - config, - ... -}: let - inherit (lib) mkOption types; - inherit (config.liv) variables; -in { - options.liv.variables.dandelion = { - thisMachine = mkOption { - default = "dandelion.srv.${variables.primaryDomain}"; - type = types.str; - readOnly = true; - description = "Domain of this specific machine"; - }; - }; -} diff --git a/hosts/iris/default.nix b/hosts/iris/default.nix index 3dec566..238bc21 100644 --- a/hosts/iris/default.nix +++ b/hosts/iris/default.nix @@ -46,6 +46,13 @@ gui.enable = true; }; + # Enable ROCM support + hardware.amdgpu.opencl.enable = true; + + environment.systemPackages = with pkgs; [ + pkgs.davinci-resolve + ]; + boot = { kernelParams = [ ]; kernelModules = [ "acpi_call" ]; diff --git a/hosts/lily/default.nix b/hosts/lily/default.nix deleted file mode 100644 index b6d57ce..0000000 --- a/hosts/lily/default.nix +++ /dev/null @@ -1,265 +0,0 @@ -{ - lib, - pkgs, - config, - ... -}: -let - externalInterface = "wan0"; - # networks = config.homelab.networks.local; - # internalInterfaces = lib.mapAttrsToList (_: val: val.interface) networks; - # internalIPs = lib.mapAttrsToList ( - # _: val: lib.strings.removeSuffix ".1" val.cidr + ".0/24" - # ) networks; - commonDhcpOptions = [ - { - name = "domain-name-servers"; - data = "9.9.9.9"; - } - { - name = "time-servers"; - data = "172.16.1.1"; - } - { - name = "domain-name"; - data = "beeping.local"; - } - { - name = "domain-search"; - data = "beeping.local"; - } - ]; -in -{ - imports = [ - ./hardware-configuration.nix - ./variables.nix - ./dns.nix - ./wireguard.nix - ./../../modules/core/default.router.nix - ./../../modules/services/lily.nix - ]; - - liv = { - server.enable = true; - router.enable = true; - }; - - boot = { - loader.grub = { - enable = true; - device = "/dev/sda"; - useOSProber = true; - }; - kernel = { - sysctl = { - # Forward both IPv4 and IPv6 on all interfaces - "net.ipv4.conf.all.forwarding" = true; - "net.ipv6.conf.all.forwarding" = false; - - # By default, do not automatically configure any IPv6 addresses. - # "net.ipv6.conf.all.accept_ra" = 0; - # "net.ipv6.conf.all.autoconf" = 0; - # "net.ipv6.conf.all.use_tempaddr" = 0; - - # Allow IPv6 autoconfiguration and tempory address use on WAN. - "net.ipv6.conf.${externalInterface}.accept_ra" = 2; - "net.ipv6.conf.${externalInterface}.autoconf" = 1; - }; - }; - }; - - # label network interfaces - services.udev.extraRules = '' - SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="00:25:90:47:67:6e", ATTR{type}=="1", NAME="wan0" - SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="00:25:90:47:67:6f", ATTR{type}=="1", NAME="lan0" - SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="00:25:90:63:0f:80", ATTR{type}=="1", NAME="lan1" - SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="00:25:90:63:0f:81", ATTR{type}=="1", NAME="lan2" - ''; - - networking = { - nameservers = [ - "9.9.9.9" - "149.112.112.112" - ]; - interfaces = { - wan0.useDHCP = true; - lan0.useDHCP = false; - lan1.useDHCP = false; - lan2.useDHCP = false; - }; - - firewall = { - enable = false; - allowPing = true; - - # allow ssh on *all* interfaces, even wan. - allowedTCPPorts = lib.mkForce [ 22 ]; - allowedUDPPorts = lib.mkForce [ 22 ]; - - # interface-specific rules - interfaces = { - "lan0" = { - allowedTCPPorts = [ - 22 - 53 - ]; - allowedUDPPorts = [ - 22 - 53 - ]; - }; - }; - }; - - # <100 is trusted; =>100 is untrusted. - vlans = { - lan = { - id = 1; - interface = "lan1"; - }; - servers = { - id = 10; - interface = "lan1"; - }; - management = { - id = 21; - interface = "lan1"; - }; - iot = { - id = 100; - interface = "lan1"; - }; - guest = { - id = 110; - interface = "lan1"; - }; - }; - }; - - services = { - kea.dhcp4 = { - enable = true; - settings = { - lease-database = { - name = "/var/lib/kea/dhcp4.leases"; - persist = true; - type = "memfile"; - }; - interfaces-config = { - interfaces = [ - "lan" - "servers" - "management" - "iot" - "guest" - ]; - }; - option-data = [ - { - name = "domain-name-servers"; - data = ""; - always-send = true; - } - { - name = "routers"; - data = ""; - } - { - name = "domain-name"; - data = "beeping.local"; - } - ]; - - rebind-timer = 2000; - renew-timer = 1000; - valid-lifetime = 43200; - - # option domain-name-servers 9.9.9.9, 149.112.112.112; - # TODO: these should be dynamically generated based on ${config.networking.vlans} - subnet4 = [ - ({ - id = 1; - interface = "lan"; - subnet = "172.16.1.0/24"; - pools = [ { pool = "172.16.1.50 - 172.16.1.254"; } ]; - option-data = [ - { - name = "routers"; - data = "172.16.1.1"; - } - ] ++ commonDhcpOptions; - }) - ({ - id = 10; - interface = "servers"; - subnet = "172.16.10.0/24"; - pools = [ { pool = "172.16.10.50 - 172.16.10.254"; } ]; - option-data = [ - { - name = "routers"; - data = "172.16.10.1"; - } - ] ++ commonDhcpOptions; - }) - ({ - id = 21; - interface = "management"; - subnet = "172.16.21.0/24"; - pools = [ { pool = "172.16.21.50 - 172.16.21.254"; } ]; - option-data = [ - { - name = "routers"; - data = "172.16.21.1"; - } - ] ++ commonDhcpOptions; - }) - ({ - id = 100; - interface = "iot"; - subnet = "172.16.100.0/24"; - pools = [ { pool = "172.16.100.50 - 172.16.100.254"; } ]; - option-data = [ - { - name = "routers"; - data = "172.16.100.1"; - } - ] ++ commonDhcpOptions; - }) - ({ - id = 110; - interface = "guest"; - subnet = "172.16.110.0/24"; - pools = [ { pool = "172.16.110.50 - 172.16.110.254"; } ]; - option-data = [ - { - name = "routers"; - data = "172.16.110.1"; - } - ] ++ commonDhcpOptions; - }) - ]; - }; - }; - avahi = { - enable = true; - reflector = true; - interfaces = [ - "lan" - "iot" - ]; - }; - }; - - networking.hostName = "lily"; - - time.timeZone = "Europe/Amsterdam"; - - environment.systemPackages = with pkgs; [ - kitty.terminfo - tcpdump - dnsutils - bind - ethtool - ]; -} diff --git a/hosts/lily/dns.nix b/hosts/lily/dns.nix deleted file mode 100644 index e92df27..0000000 --- a/hosts/lily/dns.nix +++ /dev/null @@ -1,31 +0,0 @@ -{ lib, config, ... }: -{ - services = { - dnsmasq = { - enable = false; # try some other options first - settings = { - cache-size = 10000; # Specifies the size of the DNS query cache. It will store up to n cached DNS queries to improve response times for frequently accessed domains. - server = [ - "9.9.9.9" - "149.112.112.112" - ]; - domain-needed = true; # Ensures that DNS queries are only forwarded for domains that are not found in the local configuration. - bogus-priv = true; # Blocks DNS queries for private IP address ranges to prevent accidental exposure of private resources. - no-resolv = true; # Prevents dnsmasq from using /etc/resolv.conf for DNS server configuration. - - # configure DHCP server; get leases by running: `cat /var/lib/dnsmasq/dnsmasq.leases` - dhcp-range = [ "br-lan,172.16.10.50,172.16.10.254,24h" ]; - interface = "br-lan"; - dhcp-host = "172.16.10.1"; - - # local sets the local domain name to "n". Combinded with expand-hosts = true, it will add a .local suffix to any local defined name when trying to resolve it. - local = "/local/"; - domain = "local"; - expand-hosts = true; - - no-hosts = true; # Prevents the use of /etc/hosts. This ensures that the local hosts file is not used to override DNS resolution. - address = "/booping.local/172.16.10.1"; - }; - }; - }; -} diff --git a/hosts/lily/hardware-configuration.nix b/hosts/lily/hardware-configuration.nix deleted file mode 100644 index b0c372b..0000000 --- a/hosts/lily/hardware-configuration.nix +++ /dev/null @@ -1,37 +0,0 @@ -# Do not modify this file! It was generated by ‘nixos-generate-config’ -# and may be overwritten by future invocations. Please make changes -# to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, modulesPath, ... }: - -{ - imports = - [ (modulesPath + "/installer/scan/not-detected.nix") - ]; - - boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ]; - boot.initrd.kernelModules = [ ]; - boot.kernelModules = [ "kvm-intel" ]; - boot.extraModulePackages = [ ]; - - fileSystems."/" = - { device = "/dev/disk/by-uuid/75447a73-848e-4b34-a1b3-d5b7a8e804ee"; - fsType = "ext4"; - }; - - swapDevices = - [ { device = "/dev/disk/by-uuid/d4552527-c7c6-4047-929b-aeb3500299e3"; } - ]; - - # Enables DHCP on each ethernet and wireless interface. In case of scripted networking - # (the default) this is the recommended approach. When using systemd-networkd it's - # still possible to use this option, but it's recommended to use it in conjunction - # with explicit per-interface declarations with `networking.interfaces..useDHCP`. - networking.useDHCP = lib.mkDefault true; - # networking.interfaces.eno1.useDHCP = lib.mkDefault true; - # networking.interfaces.eno2.useDHCP = lib.mkDefault true; - # networking.interfaces.enp1s0f0.useDHCP = lib.mkDefault true; - # networking.interfaces.enp1s0f1.useDHCP = lib.mkDefault true; - - nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; - hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; -} diff --git a/hosts/lily/variables.nix b/hosts/lily/variables.nix deleted file mode 100644 index 00f986e..0000000 --- a/hosts/lily/variables.nix +++ /dev/null @@ -1,19 +0,0 @@ -{ - lib, - config, - ... -}: -let - inherit (lib) mkOption types; - inherit (config.liv) variables; -in -{ - options.liv.variables.lily = { - thisMachine = mkOption { - default = "lily.srv.${variables.primaryDomain}"; - type = types.str; - readOnly = true; - description = "Domain of this specific machine"; - }; - }; -} diff --git a/hosts/lily/wireguard.nix b/hosts/lily/wireguard.nix deleted file mode 100644 index 0db3279..0000000 --- a/hosts/lily/wireguard.nix +++ /dev/null @@ -1,3 +0,0 @@ -{ - -} diff --git a/hosts/violet/backups.nix b/hosts/violet/backups.nix deleted file mode 100644 index d8183e5..0000000 --- a/hosts/violet/backups.nix +++ /dev/null @@ -1,54 +0,0 @@ -let - borgbackupMonitor = - { - config, - pkgs, - lib, - ... - }: - with lib; - { - key = "borgbackupMonitor"; - _file = "borgbackupMonitor"; - config.systemd.services = - { - "notify-problems@" = { - enable = true; - serviceConfig.User = "liv"; - environment.SERVICE = "%i"; - script = '' - ${pkgs.curl}/bin/curl -d "$SERVICE FAILED! - service $SERVICE on host $(hostname) failed, run journalctl -u $SERVICE for details." - ''; - }; - } - // flip mapAttrs' config.services.borgbackup.jobs ( - name: value: - nameValuePair "borgbackup-job-${name}" { - unitConfig.OnFailure = "notify-problems@%i.service"; - } - ); - - # optional, but this actually forces backup after boot in case laptop was powered off during scheduled event - # for example, if you scheduled backups daily, your laptop should be powered on at 00:00 - config.systemd.timers = flip mapAttrs' config.services.borgbackup.jobs ( - name: value: - nameValuePair "borgbackup-job-${name}" { - timerConfig.Persistent = true; - } - ); - }; - -in -{ - imports = [ borgbackupMonitor ]; - services = { - borgbackup.jobs.liv-violet = { - paths = "/home/liv"; - encryption.mode = "none"; - environment.BORG_RSH = "ssh -i /home/liv/.ssh/id_ed25519"; - repo = "ssh://liv@100.115.178.50:9123/spinners/rootvol/backups/hosts/violet"; - compression = "auto,zstd"; - startAt = "daily"; - }; - }; -} diff --git a/modules/core/sops.nix b/modules/core/sops.nix index 91bd2f0..cbd6db1 100644 --- a/modules/core/sops.nix +++ b/modules/core/sops.nix @@ -19,11 +19,13 @@ "systemMailerPassword" = { }; "forgejoWorkerSecret" = { }; "minioRootCredentials" = { }; + "atticdEnvironment" = { }; "matrixRegistrationSecret" = { owner = "matrix-synapse"; }; "smbLoginDetails" = { }; "syncplay" = { }; + "funkwhaleDjangoSecret" = { }; } else if (host == "sakura") then { diff --git a/modules/core/sshd.nix b/modules/core/sshd.nix index 1401c15..40edffe 100644 --- a/modules/core/sshd.nix +++ b/modules/core/sshd.nix @@ -20,6 +20,7 @@ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKQtG69zrMFsoHForwZEi66y1tPvctqg1OgjQFrF3OI+ liv@iris" # iris "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINKI2KQn97mykFLIaMUWMftA1txJec9qW56hAMj5/MhE liv@dandelion" # dandelion "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILwDS8tXjGjUtk3eQAaPf0S0f9JgwEGPlNYQ7OvACX1Z liv@imilia" # imilia + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN7Qlz0vKb8EtqiyRRz1PLmcWR9mxq39BaAcUU4Ls2pM liv@myrtle" # myrtle "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO7mHVQp99G0osUAtnVoq5TARR8x5wjCkdbe7ChnzLRa liv@azalea" # linux phone "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ2nsQHyWnrmuQway0ehoMUcYYfhD8Ph/vpD0Tzip1b1 liv@meow" # xz1c diff --git a/modules/home/hyprland/config.nix b/modules/home/hyprland/config.nix index 2652a51..4f09651 100644 --- a/modules/home/hyprland/config.nix +++ b/modules/home/hyprland/config.nix @@ -36,11 +36,12 @@ "mpDris2 &" "foot --server &" "hyprfloat &" + "gsettings set org.gnome.desktop.interface color-scheme 'prefer-dark' &" ]; input = { kb_layout = "us,jp"; - kb_options = "caps:ctrl_modifier"; + kb_options = "caps:ctrl_modifier,compose:ralt"; numlock_by_default = true; follow_mouse = 1; sensitivity = 0; @@ -171,6 +172,7 @@ "$mainMod, Space, togglefloating," "$mainMod, D, exec, bemenu-run -l 5 --ignorecase" "SUPER SHIFT, L, exec, swaylock --image /home/${username}/.local/share/bg.png" + "SUPER, L, exec, swaylock --image /home/${username}/.local/share/bg.png" "$mainMod, E, exec, thunar" "$mainMod SHIFT, B, exec, pkill -SIGUSR1 .waybar-wrapped" "$mainMod, C,exec, hyprpicker -a" @@ -269,6 +271,10 @@ "$mainMod, XF86MonBrightnessDown, exec, brightnessctl set 100%-" ]; + bindl = [ + ",switch:[Lid Switch], exec, hyprlock" + ]; + # mouse binding bindm = [ "$mainMod, mouse:272, movewindow" diff --git a/modules/home/hyprland/default.nix b/modules/home/hyprland/default.nix index 500dd39..5497e22 100644 --- a/modules/home/hyprland/default.nix +++ b/modules/home/hyprland/default.nix @@ -1,9 +1,11 @@ -{ inputs, ... }: +{ inputs, ... }: { - imports = [ (import ./hyprland.nix) ] + imports = + [ (import ./hyprland.nix) ] ++ [ (import ./config.nix) ] ++ [ (import ./scripts.nix) ] ++ [ (import ./variables.nix) ] - # ++ [ (import ./hyprlock.nix) ] + ++ [ (import ./../hyprsunset.nix) ] + ++ [ (import ./../hyprlock.nix) ] ++ [ inputs.hyprland.homeManagerModules.default ]; } diff --git a/modules/home/hyprsunset.nix b/modules/home/hyprsunset.nix new file mode 100644 index 0000000..d78d0ea --- /dev/null +++ b/modules/home/hyprsunset.nix @@ -0,0 +1,16 @@ +{ + services.hyprsunset.enable = true; + + home.file.".config/hypr/hyprsunset.conf".text = '' + max-gamma = 200; + profile { + time = 06:00; + identity = true; + } + profile { + time = 21:00; + temperature = 5500; + gamma = 0.8; + } + ''; +} diff --git a/modules/home/sway/default.nix b/modules/home/sway/default.nix index fb53291..b2a2ced 100644 --- a/modules/home/sway/default.nix +++ b/modules/home/sway/default.nix @@ -198,11 +198,12 @@ in { command = "swaycons &"; } # { command = "wlsunset -S '06:30' -s '19:30' -d 1800 "; } { command = "foot --server &"; } + { command = "gsettings set org.gnome.desktop.interface color-scheme 'prefer-dark'"; } { command = "footclient"; } ]; workspaceAutoBackAndForth = false; }; - # systemd.enable = true; # ??? + # systemd.enable = true; # why would anyone do this??? wrapperFeatures = { gtk = true; }; diff --git a/modules/home/waybar/default.nix b/modules/home/waybar/default.nix index 315e576..2ee9979 100644 --- a/modules/home/waybar/default.nix +++ b/modules/home/waybar/default.nix @@ -295,7 +295,7 @@ }, "battery": { - "bat": "BAT0", + "bat": "BAT1", "interval": 20, "states": { "warning": 20, diff --git a/modules/services/attic.nix b/modules/services/attic.nix new file mode 100644 index 0000000..ca91497 --- /dev/null +++ b/modules/services/attic.nix @@ -0,0 +1,52 @@ +{ config, ... }: +{ + services = { + atticd = { + enable = true; + + # File containing the server token in the following format: + # ATTIC_SERVER_TOKEN_RS256_SECRET_BASE64=<...> + # You can generate the token by running the following command: + # openssl genrsa -traditional 4096 | base64 -w0 + environmentFile = config.sops.secrets.atticdEnvironment.path; + settings = { + # Listen on some port. Replace it! + listen = "[::]:8060"; + # The two lines below should be set to the URL where your Attic cache will be available. + allowed-hosts = [ "cache.liv.town" ]; + # Apparently it's very important this ends in a "/" + api-endpoint = "https://cache.liv.town/"; + jwt = { }; + database = { + # I used Postgres here, but if you leave it empty + # it will use an in-memory SQLite DB instead. + # url = "postgresql://atticd@127.0.0.1/atticd"; + # heartbeat = true; + }; + storage = { + # You could also use S3 here. But nah lol shit's expensive. + type = "local"; + # Leave this empty to use the default path, + # or change it to some path that Attic can write to. + path = "/mnt/nfs/violet/nix"; + }; + }; + }; + anubis.instances.atticd = { + settings = { + TARGET = "http://localhost:8060"; + BIND = ":8061"; + BIND_NETWORK = "tcp"; + }; + }; + nginx.virtualHosts."cache.liv.town" = { + forceSSL = true; + sslCertificate = "/var/lib/acme/liv.town/cert.pem"; + sslCertificateKey = "/var/lib/acme/liv.town/key.pem"; + locations."/" = { + proxyPass = "http://localhost${toString config.services.anubis.instances.atticd.settings.BIND}"; + proxyWebsockets = true; + }; + }; + }; +} diff --git a/modules/services/forgejo.nix b/modules/services/forgejo.nix index 38e10dd..942a874 100644 --- a/modules/services/forgejo.nix +++ b/modules/services/forgejo.nix @@ -46,19 +46,28 @@ in }; secrets.mailer.PASSWD = config.sops.secrets.systemMailerPassword.path; }; - gitea-actions-runner = { - package = pkgs.forgejo-runner; - instances.code-liv-town = { - enable = true; - name = "forgejo-01"; - tokenFile = "${config.sops.secrets.forgejoWorkerSecret.path}"; - url = "https://code.liv.town"; - labels = [ - "node-22:docker://node:22-bookworm" - "nixos-latest:docker://nixos/nix" - ]; - }; - }; + # gitea-actions-runner = { + # package = pkgs.forgejo-runner; + # instances.forgejo-01 = { + # enable = true; + # name = "forgejo-01"; + # tokenFile = "${config.sops.secrets.forgejoWorkerSecret.path}"; + # url = "https://code.liv.town"; + # labels = [ + # "node-22:docker://node:22-bookworm" + # "nixos-latest:docker://nixos/nix" + # # "docker:docker://node:24-alpine" + # # "alpine-latest:docker://node:24-alpine" + # ]; + # settings = { + # log.level = "info"; + # runner = { + # file = ".runner"; + # timeout = "3h"; + # }; + # }; + # }; + # }; anubis.instances.forgejo = { settings = { TARGET = "http://localhost:3050"; diff --git a/modules/services/funkwhale.nix b/modules/services/funkwhale.nix new file mode 100644 index 0000000..247f9cc --- /dev/null +++ b/modules/services/funkwhale.nix @@ -0,0 +1,16 @@ +{ config, inputs, ... }: +{ + nixpkgs.overlays = [ inputs.funkwhale.overlay ]; + services = { + funkwhale = { + enable = true; + hostname = "music.liv.town"; + defaultFromEmail = "notifications@liv.town"; + protocol = "https"; + forceSSL = true; # uncomment when LetsEncrypt needs to access "http:" in order to check domain + api = { + djangoSecretKeyFile = config.sops.secrets.funkwhaleDjangoSecret.path; + }; + }; + }; +} diff --git a/modules/services/ollama.nix b/modules/services/ollama.nix index 8676727..03dd175 100644 --- a/modules/services/ollama.nix +++ b/modules/services/ollama.nix @@ -3,7 +3,7 @@ enable = true; # Optional: preload models, see https://ollama.com/library # loadModels = [ "llama3.2:3b" "deepseek-r1:1.5b"]; - # acceleration = "rocm"; # nope, 5700XT is too old for this + acceleration = "rocm"; # nope, 5700XT is too old for this }; - services.open-webui.enable = false; + services.open-webui.enable = true; } diff --git a/modules/services/violet.nix b/modules/services/violet.nix index 4cf4b48..6705874 100644 --- a/modules/services/violet.nix +++ b/modules/services/violet.nix @@ -3,12 +3,14 @@ imports = [ (import ./invidious.nix) ] ++ [ (import ./anubis.nix) ] + ++ [ (import ./attic.nix) ] ++ [ (import ./borg.nix) ] ++ [ (import ./binternet-proxy.nix) ] ++ [ (import ./bluemap-proxy.nix) ] ++ [ (import ./docker.nix) ] ++ [ (import ./email.nix) ] ++ [ (import ./forgejo.nix) ] + # ++ [ (import ./funkwhale.nix) ] ++ [ (import ./grafana.nix) ] ++ [ (import ./guacamole.nix) ] ++ [ (import ./gokapi.nix) ] diff --git a/secrets/violet/secrets.yaml b/secrets/violet/secrets.yaml index 57aabc9..6c30384 100644 --- a/secrets/violet/secrets.yaml +++ b/secrets/violet/secrets.yaml @@ -1,9 +1,11 @@ systemMailerPassword: ENC[AES256_GCM,data:b1fvCLZMiA9xDu/9BKQGnCTbwj46uixlo37qer66DK09U7CEB8ZBqe+Y+DqjcOJUHHHSo8Qk1XGvGQWypkGICxmxNP8KWvmY42Woh3677APvotUdjW5fVKTgB+Y1m/6/cvXKicJFjbw5LOzZ2/JcXP01KPSkRxWb/X4xzvawSMY=,iv:vbchTqHaH2PB9Mll/s8q4zLhN6ThAsCVvhoggOhj7H4=,tag:6b+TiV1YYHWOn0P9qJZ/bQ==,type:str] -forgejoWorkerSecret: ENC[AES256_GCM,data:kmUjukTJ9SP6nJvfhIMFVTu5vAc9TIfZidUgejC7FSNBDJiP/lVlHw==,iv:jF9LpWLxtBi5i5NCC5nkLeLqJQzOAIY7H1z2NfHqUQI=,tag:3mtTcn+LQEbCESlt34nf9g==,type:str] +forgejoWorkerSecret: ENC[AES256_GCM,data:AEWtWSjEPMbArrPYa6sTjiYp0GiePcTQ4gXKk1LP6UDK7auX1y7eOQ==,iv:TGEerZVCfL0TMka4/vBGb0ejhqxA5GbUpQIRbXnuCNs=,tag:IUKoyT9dmq65oWu/D7K1ag==,type:str] matrixRegistrationSecret: ENC[AES256_GCM,data:xDFYVpBJa+FHWjmLlZspJAzJcoav53nWPoctQ5+gAnDYMurtSCkmoQn8r5j6fOmiy56KQyk8AD2/kT1HeFFNKA==,iv:82eIoh1ePc0VxfTbBPxpwGhYrcdRMI6WjFhlUJhxuHk=,tag:FAYUXUy0lEQU56ni2dxvbg==,type:str] minioRootCredentials: ENC[AES256_GCM,data:/IrpspB6Puy+6scHheBSBp6zQVh8uwpu4nFPLSkueuohSUESPHbRb0w1XAp4V5HraMtOThFqlm0JeBW0XbhY4E8L1P+S3/aMLKjp2voA928l9AjF6sTaSKsO7qh6LEmo90qm9Jo0nDo=,iv:M5NOGfSsl+LggLyEjV49vcWCaYmbG0eJcgwI2v7AKcI=,tag:A+CrDTL+TkEayOqBUII4aQ==,type:str] smbLoginDetails: ENC[AES256_GCM,data:Puv+Vewv0TDpiYM+Uym180CLT+vXKoeSW/uNxAX7f9y0NvG2Uqqglj/HcCMhyQn9GpCIQyb+xidlLWn3Ywdg6ybaf4WN5EdAEXMK/FRQyVIvvOcCcwG+IeUc1Wc5NmM2qEbxLqLNDWxiH8/QsrT9rWWxxx4c4eD1HOpIv9LCuavXXLmKy6JvtxYwtOv4u8ukp+e0uP7pLN7d,iv:XH+6soi7lZiGz9ZGlQb49f44API715ib/Y7Zh3hFnDM=,tag:iz8RYRSwNxrMxy+rqeM07Q==,type:str] syncplay: ENC[AES256_GCM,data:Vrn1GmmUnIikiTKIQtP3qBfZIZRW2Za2Xhhegp7PAulujxumLGMAz9lBnTPBy3uofpayP8NJuU9v8cpU4a4w5A==,iv:s4RFaZwftqmI3BhpO1msvpfO2u3AGlPik7nMX2hjnyE=,tag:13zft7dmd85udoi7CnfWYg==,type:str] +atticdEnvironment: ENC[AES256_GCM,data:ddsrYQn49C5j+lkaTHVBZp2Q4yR6KMTeoYE8wdoBdjQz+7+d0FZTMQagDriNv0nIazNBS/5WrDJ2/L+BOieUuHUfGLLIMICgpo2zzbChTT4Ox63cH/Bkonx09jkAvKEZ9xW7o/L+OTwCsMH7wULFzEFvUdp3m339qk5GEGnjTqgWAiglQHLbaMtEQHnt6IJh1Q3g/h0g+faN2seHSijGzIMIMCBsk7yC54HmuyCl8BhmBNERmJ1s/4X/QXVpKy0pu7be+Ydby80LO8IPyl8+M3PR3DL+q+zOH0LWO55yuVGwAXS/H1ljVz8dThbVLWoTkudn9YB8l4dhXty0exDLyyhqe3dKaCbmN9whR6URfXP20Pn0eYlogXHNBNtdHO7Au9kVOE2m6XvaA1Q14FQqi/ZEQVhwNVTPlvmXGOp6yk7Qj/Z5W8XED1oq/Cx72TK75JQtYRKYVFaGWLB5J4EjaD7ypRURUQTK9+U0MMldXlscucsRIBQeKglgPyWvo9IZeqML6Zn815rVa/pv9Z/SJTgAruqJyJq7q8a6a6RR/m7hfHA0s3te2SvFbPiRYKpy70plCD/u+VxaXtMsmMBIV6iIdS4NjEjVm4OqpOg20KSv2Iq0oYa/UxnbgcGdp0c0zNUYM+POrnIYqosfobQFys3HxIfsD3TawofVJ+p3LFVfnmO83O+n3LbYNvuzBgkeR1rryY4pJBJkNbxPCCQUIhHtuibdI5I+yHwRzPTRvEiRok+vvfS//JKJ6BaUwzkS7ZnwXiU4QcvC4F3yR5d/ADF9MxPoezXuC5Oet9Tw1n2zRlJAs/heZXoE9GXAzrICjeAK1ZdkomJ3n8TnHYpfTPO6n3AnaJ+u0RFZJtbd20JWd1i+jcFQc1xMNkQXCzRL22WJHKQJnJiNGlqqn+V+8L5TkElaubrqzR0KHE9SE5RLzVDrFrAiTFd1/jOE82K/Vaeh0UyVZpNqJxhMV1wg6A3EKeOe/WRSbPOEoqxSjYUImyX6trX5zK5IgsGL0bk1BGMbDfrcOCRGd4qYZxvJ5JAJiWDjkRHrWK5q1peA5c7mEC/VEX02BZqxlHQap0+d4puheRqEEJBrLXgCbOGorxFeoUDQZvBMnMzCowGi3pAsgJRVUqyoB84CtH2joPZVBigjApRRspyEfNjUKUfuNtRXsLnunmqhTlZnCX2JvaDPzSTr/XgxOTJO/PQPACnLtZEL8xWUJV8iM10aUv93eKalro1c6hcAKrPrn/qJ9yawzG23GU6Gouro1PSnf0O9fuPuxw90hssKnGO99QTGMp8wv26OdeqD4iOsyyh/65bYMPwxfL2nS8/GWPvJ8ZyXGALrkkFWZ8PFEEUu29g3T12f7wPqie3RiKtczk1PLFABNErSSOuTySfEDYQJiUH1dKCijhoQztEb4TMqAS/nvPO8tVQgeWIQX6yZBchrLtJ2hM8ZG25TiOooVTXF9HW6G1MMsL/AAhfR/YJFM3aMV6Q1rYBDOf5dFE+U0cjHAl7rtJEEUyl+LxPp+FRO9MrCNsuRm2IsgbhrZ1fe95nUB2VM6vAhsaQbuLoxFUm1LcxuaGbAmbf/EFvwMQXFe1NeoVfBKJpOuBH/b+u8oBwmqGUI0dE8snwKYHtcwF2xD9H8WSkWmF3UtPa4vhtf3BOAPkKlTu0Ouy3QiTfQ6hRhpf4DA90MhwgltNO1Zc6pO3uIaqOK49zvMlb65kbZm14j/CvbRC7Y4h43xIauT/Xc4ynVJdRhYYrZi7tF6QrPNyJ7Xa7veHbxkKXStNH4Xs0vYRPopjctEZa1jOlePO5KCEvyBu3yi5TBtz1OtjI/rZfjG9X4240uKg1vrvBrKQLh1Z7UsPO9AT2NXPyxgxRWTLybiyAl8hoin+47Lwzo3HZLG07PeCCl0oQUpdGYuGPuE/aAwO92QqcQNk234IyehGFcZdthaXXSj5gRimh7W103awzENxop0SQ7HYAY76g29DVH0DDiCa4K8GqyC5ewvuLbbJw24ekK4RU/59pNfOqAD6p1RBJz9gd3lbw0KTcyzf1tbhzAZVK9szenNQESaI9eoGc/2U4rslcPWE8UnJ/sB8LDHnqDYNoAq2U1BW4MF7q9/ZJGD62FCQohNJ/rxQSih4w7mNvtkjW/4KIcXv5lFuSBmB1gkxJvPZTGXGzKfYUDS6juHYWK1MGnteRX5Ium9sScGpwjFV/6qbsiuhmW3rk84vzexX3QEOZcxATAg6mXifdG69dnwAo4U8rAPkMv69Y5okREzzJ79/Shf2JDbdgiY9hs3nBtY721ZcBn5RtAAdFtIci/OS8RZYjnqgrkTAspIigZ+Jj/zlSG4vc5hIrx82BCKYEKzyB8KvfnhgC8AxA//jgZkDTiKcLabvaUSh+9pjpavwGMf6sCswLgCcvmTFNaL3RRrEAL5l3UVKfZg+ZBv4Qr2VVyECvvhnL8+nGae5ujpM5r3M7b6CSRSP0X0bBZAVxTiv+/qkHSZlPivO9YrhnXeoYnwGQKvp/WdVmb9OH/02FDxqSNuLUhSEVb4oRjnmYFchHTIWiXzktOYX1eQV1RQ4v028PuD3h1LGgZ5AeYPvgdRXgdTcPWSwhiznbIUo1mU1dZtiJfpACdwTamtluFWtOU+/gyp0xoEFGKYS+HsFm2Zg5p/Jr7ioQMkNguI5al2XCR0Q0StN53NJYlGy8hudh6f9wHDk/ASEfOlYI20th2VhEk/zA1bdi2xmIYMGYfNN1Iz5MGrvWetEmEoQ4cwJ6AKJdqY1rYnvwybZTN4J24ckxoX2/XEiiRDo4K9X8pJYuCq1jCVO8jfOZ9Xoy+DbPDqLPDsTBWGBcKaSJAZQGgW/YKlM+Hrxpz789reKeMKNJYyHwkFb5/U2eBjzW5jbLZQ1g0VByNOrKHW3hHxezt1jaEageKPiq6kMlqtWK+NOH9OjCs9UJuCgo3WtskSvMrJj4b8IdkGKv2tiu+I6c1U8mGbfntjUHkkMjbN72HTdsADyNZA5TWaqbdaKTxHomWaOgBq7L8h0rCdzEpERO+zJhu5lLi2xP61O+9ZaVMzaDZGUin3Z7D7tUOklU+7NXil4IAD2ZLX+prPIOxrZ9uYACweUOPwWd5PKU9SH6z6tfwleOjLkbdqbxD882sFI73Y4aSxHA/PRBbhN9OnLcGK/VWDzGh/BZo9tSQ+wuQddkmJhKZBxk2bKhDSZVLCYbMyQazTz4Hu8ICtz8aRgvPwGmoMNhcxrtWOPDOCg7WroHzowjcIn3NWK/LAN4L2ENQwYN5zD9HWQR/+gx4yQabPXFZ5WunL5PYWoUcGkWOsCuLjj6H9nvgeKKHZLmY8gO+7+UcTDrzx8bSS0O5Ti6OL34dP3sNFehlI5YBNRnaYOctUT4gbgbZtgDaAxMhZgpP4mMLHfTXagfYpTqP0HG13u20m6LKwe2O9RSNQ6j4beNHhPvcOsKE4XCi1XBfggH+ERSiIdpIlvSp1V4JmcxPfIlCqrOZqk/v575h+RmJoML+r+mDi6VaW6IKNcFUzpVHQz4QGnMf3UzC+MstRquXCXNBN7QAOez5Z6uiDEjTS1U5hH5D6Gpxp8DZCTL4pThIQtzL4aAa5jNE77qrFfdMXbgGtRf3kAEae8mB6NAFoThkbxhL9BT//7w67M0N94nVLp8g3UzGl9ojH7wnxmj/HFXVXuBi9U+PtfMXFWlZmL0SG7ETfJNl5P60FBIfotLVy86hagVEL+ayA0IW+c9ButaLzzXML0z/dniou+vRMchQLbGuTWnFnoh+hhJDkTMVbKrEG5zCm3iHQsl9FTrVa0qfVC5KUalTsu2ueF5BQ3aQTZoWxmf8CeiztxNmLYinNXCxLn5HakmvkNxyt3LRYhiKga28ppP3N8MOLkuTvB+VXA/TA/K5KkJlycATdEFYEfSt/nGHRb2LVztOyVYC9mG6oS0N5dLjToVnpa6BA+Dr9iYT1zIYATgvk3syw7laeqsg88KdofaHUt4NjaPy6BL3r2T1RLQKSoWM9AGTrSQvoqkTjk42bTFWsOtv+3jRQNTj6OT4VDfjWEJ4/UcfzGtJLQsqz7vYm9YAKQOHVTuYG8cU3MZwRcTuCeE0pEcGOT/07ZjM7/y86s2p9f8QCfPr74HPNB6kHLa6tt47jl+wNcBraMSVILsTC2CwC1u8X39KrmyNAprZtPJWC6uzhpO+priWMn6VgdKV9F916FxnX0lg/C/t3/tM5pvsPOEdsp6rrWU6dWXVAniiDEaZmwxK+MRAmLyjZTXNolZ6j7eCW4jRO6s0dwa5FT6Vq8oFv8Gehb5musrVH5so7Ar/rZTDKWXfrUwESIJOcKF/wjBDrliqg4IYQma3dDig4SZOht5X81OzbkbBPG6/3QZGHpz4FhUJlrY3ynoxuMhXzPG5WScIv6our31InTuO7IF6Uh7uM14YldG6eCK5yaAzZrFnSjK0oR8Qcqt/otl5xQc3SqauodXweHiAq5m8VFy2Aqv4vayjAzQ9ce9hE2GCbubAjFY9RSqmaVyNGUrJlnJXCkKmaGWGkdWMn+qs2Y1xX10ffT5dIy9sMVvwLTX056T3uEJEdcAxEUG+Syr6m5nxpqaABVXPfn9oesyzVRh8vAWq2Y9YI4LHMMLg1BB1cg3LM2N8XZl7RdpF4jTf9c7QkzGv/E0LtzvO+UJTNY6V0klvoEP3vrMFqouYJryFsdMFdo0OfZNZFmq6lPQY8DcIa9InI7qqPGB+sbtG6SDpe1VjypF4iJ8iLH9mLHIQN632KaoMaVLO7J3X6jXFNHlzwORYIlzsBeO9VnMTtOKg2o+G25eXb4vGHRBd+PNbGxh1C6R2vsnzMmK4MYuME7BbCDMMcYxCaoq1UnqF3mhzlbj2Uw3mB37EBNHe2zx6d7hKIO28He8skyT0efSspktMZB9XU/2Z9rnJEnSgFKu65UnHT31wvpUg+O8uzdU6/5IfjOZcZL9XJh1cZ0T5JDOizB4A/42CwT8jg0VOVOCMcZx2jhc2GZO+MxU8Uq7wqq3Ov8yQfuI43Yp8fHsWnomX/Y/49oPL//+UnVZGrHCTwjgowjSk2veRthz6b3e3fG9CkXGf9WpYTwofQRsAHs8u7Im8m2DqxNNsasFfR91jbM8/GpeCn0dzFdJlyxXSLyH4H60POUHNGhayory9SiYc8RFjVimGYg9MZ+dKvX+Zy7SJ7oDasoIhN2EOV/2eBSce8caqgShTbCSAC3whEKu37WAKZ3dP5fQiRpkfonockuTliR3pz1Bdpp7Q6SHg+2agwUTuIWDGd3I0jpty5i5s9fgsejJNx+6iZYSlpX2RCz/9Sz0Ks0lZ4bC58urhkcNA19Ogb2jEy1pWLb8/VD3UeEXxnU7OzT6bLmJKH3Jxt5N9e4Y8CSC4DpJygH6dyxR5qkuTRHz8vLtYE8Nmc9Ny42NnhXif+rHi0fn3SrlNtD10bJrKXu0RIuu6vmOGfFjSvibreSzjICgXop27wYFRa5xOCfI4rCaosLs6t8JYklLGyhErLU8WlbPDelEDjhJvPnX+ucrSkVBiJu3Bxet42FG/u94/CYR2gWbjGJzdR09rtt/lADcMh5ZVSsMZviqMFoqEaU0fHIArz2EvcrRR00kuFPeTFIu5eFwxzZ368m4jU+8heg0MBdQKLe5gaQ9tTSdSPX9JxcXgZ0ry4xsOErtzZCODxWKwH0BP5H0p8NXMz0n8E5Cw1YF11v4YjnZlGZZRpSGzh505KkrvLWhjty4WHu2u620wfltJC8iqVCS0AZscT/hK3B1jpxpwtFGulm1gFttOK8usB/uyzw==,iv:EcWY/Msbns1O6Cm4cZQDRZbdDCWr6+QRH9X3/Wl/jAM=,tag:+Iwec3h+bP9r6RVv7GIqOA==,type:str] +funkwhaleDjangoSecret: ENC[AES256_GCM,data:5IQC3gN7nGMaquV/xuIUU/vk64QQ9WQ4nrBUe/I1uulqW9J8c/nM/cPCS9gFRdp7I42LRFObo+sc23OnK3IBxuNBGEk2ZJwdf1/NVY4=,iv:BYqE6LsC7BXe3HH5Iq9LDDnx4vGZdVlugxbZuKHfUyE=,tag:Fyjwkq8Nd9/MSlNCHky38g==,type:str] sops: age: - recipient: age1yzapmznelujajfyrpw5mxmy86ckg377494w5ap4yej39jatewursfxls9w @@ -24,7 +26,7 @@ sops: S3pjSjlhZjZiSDBNakhLVzNKMjd3bWsKC2geLVXFp190lkjxtmZKq8aLN0XMNeAI VqbwIY3a30iuWAaxqf8h1ZuCGJvbAZZBevFZraj9yktRHc54JV3Aww== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-09-19T10:22:44Z" - mac: ENC[AES256_GCM,data:aJcXcdCR9nKbiaGEcGIQxr0kW7D8p2OzC2YDh18AFinWhdUSUDh6B8vkHR3ScIgUOYWc70/vSVsn3+M5JmtH3+mKMwMwSKF2plhicSBGdRELkeeowy6tCZGOVUvRsBhUpynd86qxxvWbJO4Q6mCSNbBQ/cr8493OZWenzB/fedQ=,iv:UqgIWA4ZK3cVn0iepeBPF8KuNREuGKNnijo/oGd4/q0=,tag:CT2uFz+flsZyNAM6SnhveA==,type:str] + lastmodified: "2025-10-24T11:13:12Z" + mac: ENC[AES256_GCM,data:dIGc4xkSmahgewnMRVL+Hox+fcGPMZ1lKRRHve11gQbZpiuRMOjJL+7fhBYtybsr6Tf7NZtToY8HlXap2U+geE4hjNmYbJplqIKIVjdngw5mIMQaAuXqcF+5zOW3LgjwJ5JBM9OX+kp0p5IgD4uTP0iteGJ4BST0e7F7sndHnL4=,iv:cdOz/3vUXaZxsWn7obDsezZ/k8XPOZyoVvoRzjWLDCY=,tag:MCWAN4UPEPQP/iBTequOfA==,type:str] unencrypted_suffix: _unencrypted - version: 3.10.2 + version: 3.11.0