chore: adds device to grub on hazel

chore: disable disko as initial config is done
chore: update hazel's configuration
2025-12-06 07:34:16 +01:00 · 2025-07-30 16:48:18 +02:00 · 2025-07-30 16:47:32 +02:00 · 2025-07-30 16:46:08 +02:00 · 2025-07-30 16:36:26 +02:00 · 2025-07-30 16:33:52 +02:00
15 changed files with 488 additions and 189 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1,2 +1 @@
 modules/services/matrix/default.nix
 result
--- a/.sops.yaml
+++ b/.sops.yaml
@ -3,6 +3,10 @@ keys:
  - &violet age1zegau3chyn53tqvkwud6tuyggpkazc88pdkqv8cknavaudu49enqm2f0h3
 creation_rules:
  - path_regex: secrets/secrets.yaml
    key_groups:
      - age:
          - *sakura
  - path_regex: secrets/violet/secrets.yaml
    key_groups:
      - age:
          - *sakura
--- a/flake.lock
+++ b/flake.lock
@ -54,6 +54,25 @@
        "type": "github"
      }
    },
    "disko": {
      "inputs": {
        "nixpkgs": "nixpkgs_2"
      },
      "locked": {
        "lastModified": 1746728054,
        "narHash": "sha256-eDoSOhxGEm2PykZFa/x9QG5eTH0MJdiJ9aR00VAofXE=",
        "owner": "nix-community",
        "repo": "disko",
        "rev": "ff442f5d1425feb86344c028298548024f21256d",
        "type": "github"
      },
      "original": {
        "owner": "nix-community",
        "ref": "latest",
        "repo": "disko",
        "type": "github"
      }
    },
    "fenix": {
      "inputs": {
        "nixpkgs": [
@ -231,7 +250,7 @@
    },
    "hypr-contrib": {
      "inputs": {
-        "nixpkgs": "nixpkgs_2"
+        "nixpkgs": "nixpkgs_3"
      },
      "locked": {
        "lastModified": 1753252360,
@ -518,7 +537,7 @@
      "inputs": {
        "hyprutils": "hyprutils_2",
        "hyprwayland-scanner": "hyprwayland-scanner_2",
-        "nixpkgs": "nixpkgs_3",
+        "nixpkgs": "nixpkgs_4",
        "systems": "systems_2"
      },
      "locked": {
@ -541,7 +560,7 @@
        "hyprlang": "hyprlang_2",
        "hyprutils": "hyprutils_3",
        "hyprwayland-scanner": "hyprwayland-scanner_3",
-        "nixpkgs": "nixpkgs_4",
+        "nixpkgs": "nixpkgs_5",
        "systems": "systems_3"
      },
      "locked": {
@ -784,29 +803,45 @@
        "type": "github"
      }
    },
-    "nixpkgs_2": {
+    "nixpkgs_10": {
      "locked": {
-        "lastModified": 1712163089,
+        "lastModified": 1753432016,
-        "narHash": "sha256-Um+8kTIrC19vD4/lUCN9/cU9kcOsD1O1m+axJqQPyMM=",
+        "narHash": "sha256-cnL5WWn/xkZoyH/03NNUS7QgW5vI7D1i74g48qplCvg=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "fd281bd6b7d3e32ddfa399853946f782553163b5",
+        "rev": "6027c30c8e9810896b92429f0092f624f7b1aace",
        "type": "github"
      },
      "original": {
        "owner": "NixOS",
-        "ref": "nixos-unstable",
+        "ref": "nixpkgs-unstable",
        "repo": "nixpkgs",
        "type": "github"
      }
    },
    "nixpkgs_2": {
      "locked": {
        "lastModified": 1746576598,
        "narHash": "sha256-FshoQvr6Aor5SnORVvh/ZdJ1Sa2U4ZrIMwKBX5k2wu0=",
        "owner": "NixOS",
        "repo": "nixpkgs",
        "rev": "b3582c75c7f21ce0b429898980eddbbf05c68e55",
        "type": "github"
      },
      "original": {
        "owner": "NixOS",
        "ref": "nixpkgs-unstable",
        "repo": "nixpkgs",
        "type": "github"
      }
    },
    "nixpkgs_3": {
      "locked": {
-        "lastModified": 1748929857,
+        "lastModified": 1712163089,
-        "narHash": "sha256-lcZQ8RhsmhsK8u7LIFsJhsLh/pzR9yZ8yqpTzyGdj+Q=",
+        "narHash": "sha256-Um+8kTIrC19vD4/lUCN9/cU9kcOsD1O1m+axJqQPyMM=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "c2a03962b8e24e669fb37b7df10e7c79531ff1a4",
+        "rev": "fd281bd6b7d3e32ddfa399853946f782553163b5",
        "type": "github"
      },
      "original": {
@ -833,6 +868,22 @@
      }
    },
    "nixpkgs_5": {
      "locked": {
        "lastModified": 1748929857,
        "narHash": "sha256-lcZQ8RhsmhsK8u7LIFsJhsLh/pzR9yZ8yqpTzyGdj+Q=",
        "owner": "NixOS",
        "repo": "nixpkgs",
        "rev": "c2a03962b8e24e669fb37b7df10e7c79531ff1a4",
        "type": "github"
      },
      "original": {
        "owner": "NixOS",
        "ref": "nixos-unstable",
        "repo": "nixpkgs",
        "type": "github"
      }
    },
    "nixpkgs_6": {
      "locked": {
        "lastModified": 1753429684,
        "narHash": "sha256-9h7+4/53cSfQ/uA3pSvCaBepmZaz/dLlLVJnbQ+SJjk=",
@ -848,7 +899,7 @@
        "type": "github"
      }
    },
-    "nixpkgs_6": {
+    "nixpkgs_7": {
      "locked": {
        "lastModified": 1743315132,
        "narHash": "sha256-6hl6L/tRnwubHcA4pfUUtk542wn2Om+D4UnDhlDW9BE=",
@ -864,7 +915,7 @@
        "type": "github"
      }
    },
-    "nixpkgs_7": {
+    "nixpkgs_8": {
      "locked": {
        "lastModified": 1742800061,
        "narHash": "sha256-oDJGK1UMArK52vcW9S5S2apeec4rbfNELgc50LqiPNs=",
@ -880,7 +931,7 @@
        "type": "github"
      }
    },
-    "nixpkgs_8": {
+    "nixpkgs_9": {
      "locked": {
        "lastModified": 1753429684,
        "narHash": "sha256-9h7+4/53cSfQ/uA3pSvCaBepmZaz/dLlLVJnbQ+SJjk=",
@ -896,26 +947,10 @@
        "type": "github"
      }
    },
    "nixpkgs_9": {
      "locked": {
        "lastModified": 1753432016,
        "narHash": "sha256-cnL5WWn/xkZoyH/03NNUS7QgW5vI7D1i74g48qplCvg=",
        "owner": "NixOS",
        "repo": "nixpkgs",
        "rev": "6027c30c8e9810896b92429f0092f624f7b1aace",
        "type": "github"
      },
      "original": {
        "owner": "NixOS",
        "ref": "nixpkgs-unstable",
        "repo": "nixpkgs",
        "type": "github"
      }
    },
    "nixvim": {
      "inputs": {
        "flake-parts": "flake-parts",
-        "nixpkgs": "nixpkgs_6",
+        "nixpkgs": "nixpkgs_7",
        "nixvim": "nixvim_2"
      },
      "locked": {
@ -935,7 +970,7 @@
    "nixvim_2": {
      "inputs": {
        "flake-parts": "flake-parts_2",
-        "nixpkgs": "nixpkgs_7",
+        "nixpkgs": "nixpkgs_8",
        "nuschtosSearch": "nuschtosSearch"
      },
      "locked": {
@ -955,7 +990,7 @@
    "nur": {
      "inputs": {
        "flake-parts": "flake-parts_3",
-        "nixpkgs": "nixpkgs_8"
+        "nixpkgs": "nixpkgs_9"
      },
      "locked": {
        "lastModified": 1753530457,
@ -1021,13 +1056,14 @@
    "root": {
      "inputs": {
        "alejandra": "alejandra",
        "disko": "disko",
        "home-manager": "home-manager",
        "hypr-contrib": "hypr-contrib",
        "hyprland": "hyprland",
        "hyprpicker": "hyprpicker",
        "hyprsunset": "hyprsunset",
        "nixos-hardware": "nixos-hardware",
-        "nixpkgs": "nixpkgs_5",
+        "nixpkgs": "nixpkgs_6",
        "nixvim": "nixvim",
        "nur": "nur",
        "sops-nix": "sops-nix"
@ -1052,7 +1088,7 @@
    },
    "sops-nix": {
      "inputs": {
-        "nixpkgs": "nixpkgs_9"
+        "nixpkgs": "nixpkgs_10"
      },
      "locked": {
        "lastModified": 1752544651,
--- a/flake.nix
+++ b/flake.nix
@ -15,6 +15,7 @@
    nixos-hardware.url = "github:nixos/nixos-hardware";
    nixvim.url = "github:ahwxorg/nixvim-config";
    sops-nix.url = "github:Mic92/sops-nix";
    disko.url = "github:nix-community/disko/latest";
  };
  outputs =
@ -22,6 +23,7 @@
      self,
      nixpkgs,
      sops-nix,
      disko,
      ...
    }@inputs:
    let
@ -116,6 +118,16 @@
            inherit self inputs username;
          };
        };
        hazel = nixpkgs.lib.nixosSystem {
          inherit system;
          modules = [
            (import ./hosts/hazel)
          ];
          specialArgs = {
            host = "hazel";
            inherit self inputs username;
          };
        };
      };
    };
 }
--- a/hosts/hazel/default.nix
+++ b/hosts/hazel/default.nix
@ -0,0 +1,48 @@
 {
  pkgs,
  config,
  lib,
  inputs,
  ...
 }:
 {
  imports = [
    ./hardware-configuration.nix
    # ./disko.nix
    ./../../modules/core/default.server.nix
    # ./../../modules/services/hazel.nix
  ];
  networking.hostName = "hazel";
  nixpkgs.config.permittedInsecurePackages = [
    "jitsi-meet-1.0.8043"
    "olm-3.2.16"
  ];
  time.timeZone = lib.mkForce "Europe/Paris";
  environment.systemPackages = with pkgs; [
    kitty.terminfo
  ];
  services = {
    smartd = {
      enable = true;
      autodetect = true;
    };
  };
  networking.firewall = {
    allowedTCPPorts = [
      9123
    ];
  };
  boot = {
    loader.grub = {
      enable = true;
      device = "/dev/sda";
    };
  };
 }
--- a/hosts/hazel/disko.nix
+++ b/hosts/hazel/disko.nix
@ -0,0 +1,37 @@
 { inputs, ... }:
 {
  imports = [
    inputs.disko.nixosModules.disko
  ];
  disko.devices = {
    disk = {
      my-disk = {
        device = "/dev/sda";
        type = "disk";
        content = {
          type = "gpt";
          partitions = {
            ESP = {
              type = "EF00";
              size = "500M";
              content = {
                type = "filesystem";
                format = "vfat";
                mountpoint = "/boot";
                mountOptions = [ "umask=0077" ];
              };
            };
            root = {
              size = "100%";
              content = {
                type = "filesystem";
                format = "ext4";
                mountpoint = "/";
              };
            };
          };
        };
      };
    };
  };
 }
--- a/hosts/hazel/hardware-configuration.nix
+++ b/hosts/hazel/hardware-configuration.nix
@ -0,0 +1,45 @@
 # Do not modify this file!  It was generated by ‘nixos-generate-config’
 # and may be overwritten by future invocations.  Please make changes
 # to /etc/nixos/configuration.nix instead.
 {
  config,
  lib,
  pkgs,
  modulesPath,
  ...
 }:
 {
  imports = [
    (modulesPath + "/installer/scan/not-detected.nix")
  ];
  boot.initrd.availableKernelModules = [
    "ehci_pci"
    "ahci"
    "usbhid"
    "sd_mod"
  ];
  boot.initrd.kernelModules = [ ];
  boot.kernelModules = [ "kvm-intel" ];
  boot.extraModulePackages = [ ];
  fileSystems."/" = {
    device = "/dev/disk/by-uuid/864dfbec-81f0-460f-b970-27693a0ad0e6";
    fsType = "ext4";
  };
  fileSystems."/boot" = {
    device = "/dev/disk/by-uuid/E141-F5CE";
    fsType = "vfat";
    options = [
      "fmask=0077"
      "dmask=0077"
    ];
  };
  swapDevices = [ ];
  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
 }
--- a/modules/core/sops.nix
+++ b/modules/core/sops.nix
@ -2,18 +2,32 @@
  pkgs,
  inputs,
  username,
  host,
  config,
  ...
 }:
 {
  imports = [ inputs.sops-nix.nixosModules.sops ];
  sops = {
-    defaultSopsFile = ../../secrets/secrets.yaml;
+    defaultSopsFile = ../../secrets/${host}/secrets.yaml;
    defaultSopsFormat = "yaml";
    age.keyFile = "/home/${username}/.config/sops/age/keys.txt";
-    secrets = {
+    secrets =
-      "systemMailerPassword" = { };
+      if (host == "violet") then
-    };
+        {
          "systemMailerPassword" = { };
          "forgejoWorkerSecret" = { };
          "matrixRegistrationSecret" = {
            owner = "matrix-synapse";
          };
        }
      else if (host == "sakura") then
        {
          "systemMailerPassword" = { };
        }
      else
        { };
  };
  environment.systemPackages = with pkgs; [
--- a/modules/home/packages.nix
+++ b/modules/home/packages.nix
@ -1,107 +1,127 @@
 { inputs, pkgs, ... }:
 {
-  home.packages = with pkgs; [
+  inputs,
-    # Environment shit
+  lib,
-    tesseract
+  pkgs,
-    yubikey-touch-detector
+  config,
-    wireguard-tools
+  ...
-    openresolv
+}:
-    xdg-utils
+with lib;
-    killall
+let
-    libnotify
+  guiPkgs =
-    openssl
+    if (config.liv.gui == true) then
-    pamixer
+      [
-    playerctl
+        element-desktop
-    wl-clipboard
+        gajim
-    cliphist
+        signal-desktop
-    poweralertd
+        anki-bin
-    ffmpeg
+        obs-studio
-    zip
+        wdisplays
-    unzip
+        librewolf # main
-    wget
+        ungoogled-chromium # for things that don't work with librewolf
-    xxd
+        nsxiv
-    gcc
+        imv
-    gnumake
+        libreoffice
-    python3
+        xfce.thunar
        spotify
        spotify-player
        thunderbird
        lxqt.pavucontrol-qt
        mpv
        plasma5Packages.kdeconnect-kde
        # onthespot-overlay
-    # CLI shit
+        # Gaming
-    termpdfpy
+        lunar-client
-    vimv
+      ]
-    iamb
+    else
-    pass
+      [
-    lm_sensors
+        killall
-    neofetch
+      ];
-    hyfetch
+in
-    glow
+{
-    eva
+  home.packages =
-    exiftool
+    with pkgs;
-    translate-shell
+    [
-    progress
+      # Environment shit
-    pwgen
+      tesseract
-    jq
+      yubikey-touch-detector
-    tmux
+      wireguard-tools
-    htop
+      openresolv
-    eza
+      xdg-utils
-    file
+      killall
-    fzf
+      libnotify
-    lazygit
+      openssl
-    gitleaks
+      pamixer
-    ripgrep
+      playerctl
-    yt-dlp
+      wl-clipboard
-    spotify-player
+      cliphist
-    nodejs_22
+      poweralertd
-    yarn
+      ffmpeg
-    cargo
+      zip
-    rustc
+      unzip
-    wikit
+      wget
-    reader
+      xxd
-    nmap
+      gcc
-    speedtest-go
+      gnumake
-    delta
+      python3
    powertop
    android-tools
    sshpass
-    # Install pip packages
+      # CLI shit
-    # python3
+      termpdfpy
-    # python3Packages.pip
+      vimv
-    # (writeShellScriptBin "install-pip-packages" '' # This script does not run, yet.
+      iamb
-    #   pip install --user --break-system-packages <package>
+      pass
-    # '')
+      lm_sensors
      neofetch
      hyfetch
      glow
      eva
      exiftool
      translate-shell
      progress
      pwgen
      jq
      tmux
      htop
      eza
      file
      fzf
      lazygit
      gitleaks
      ripgrep
      yt-dlp
      nodejs_22
      yarn
      cargo
      rustc
      wikit
      reader
      nmap
      speedtest-go
      delta
      powertop
      android-tools
      sshpass
      net-tools
      nmap
-    # GUI shit
+      # Install pip packages
-    element-desktop
+      # python3
-    gajim
+      # python3Packages.pip
-    signal-desktop
+      # (writeShellScriptBin "install-pip-packages" '' # This script does not run, yet.
-    anki-bin
+      #   pip install --user --break-system-packages <package>
-    obs-studio
+      # '')
    wdisplays
    librewolf # main
    ungoogled-chromium # for things that don't work with librewolf
    nsxiv
    imv
    libreoffice
    xfce.thunar
    spotify
    thunderbird
    lxqt.pavucontrol-qt
    mpv
    plasma5Packages.kdeconnect-kde
    # onthespot-overlay
-    # Gaming
+      inputs.alejandra.defaultPackage.${system}
-    lunar-client
+      inputs.nixvim.packages.${pkgs.system}.default
      mermaid-cli
      gnuplot
-    inputs.alejandra.defaultPackage.${system}
+      # Email/calendar/etc
-    inputs.nixvim.packages.${pkgs.system}.default
+      neomutt
-    mermaid-cli
+      w3m
-    gnuplot
+      khard
-
+      khal
-    # Email/calendar/etc
+      vdirsyncer
-    neomutt
+    ]
-    w3m
+    ++ guiPkgs;
    khard
    khal
    vdirsyncer
  ];
 }
--- a/modules/services/forgejo.nix
+++ b/modules/services/forgejo.nix
@ -9,57 +9,64 @@ let
  srv = cfg.settings.server;
 in
 {
  services.forgejo = {
    enable = true;
    # database.type = "postgres";
    # Enable support for Git Large File Storage
    lfs.enable = true;
    settings = {
      server = {
        DOMAIN = "code.liv.town";
        # You need to specify this to remove the port from URLs in the web UI.
        ROOT_URL = "https://${srv.DOMAIN}/";
        HTTP_PORT = 3050;
      };
      # You can temporarily allow registration to create an admin user.
      service.DISABLE_REGISTRATION = true;
      # Add support for actions, based on act: https://github.com/nektos/act
      actions = {
        ENABLED = true;
        DEFAULT_ACTIONS_URL = "github";
      };
      # Sending emails is completely optional
      # You can send a test email from the web UI at:
      # Profile Picture > Site Administration > Configuration >  Mailer Configuration
      # mailer = {
      #   ENABLED = true;
      #   SMTP_ADDR = "mail.example.com";
      #   FROM = "noreply@${srv.DOMAIN}";
      #   USER = "noreply@${srv.DOMAIN}";
      # };
    };
    # mailerPasswordFile = config.age.secrets.forgejo-mailer-password.path;
  };
  # gitea-actions-runner = {
  #   package = pkgs.forgejo-runner;
  #   instances.my-forgejo-instance = {
  #     enable = true;
  #     name = "forgejo-01";
  #     token = ""; # TODO: fill in tokens etc
  #     url = "https://code.liv.town";
  #     labels = [
  #       "node-22:docker://node:22-bookworm"
  #       "nixos-latest:docker://nixos/nix"
  #     ];
  #   };
  # };
  services = {
    forgejo = {
      enable = true;
      # database.type = "postgres";
      # Enable support for Git Large File Storage
      lfs.enable = true;
      settings = {
        server = {
          DOMAIN = "code.liv.town";
          # You need to specify this to remove the port from URLs in the web UI.
          ROOT_URL = "https://${srv.DOMAIN}/";
          HTTP_PORT = 3050;
        };
        # You can temporarily allow registration to create an admin user.
        service.DISABLE_REGISTRATION = true;
        # Add support for actions, based on act: https://github.com/nektos/act
        actions = {
          ENABLED = true;
          DEFAULT_ACTIONS_URL = "github";
        };
        # TODO: run own email server that sends users emails!
        # You can send a test email from the web UI at:
        # Profile Picture > Site Administration > Configuration >  Mailer Configuration
        mailer = {
          ENABLED = true;
          SMTP_ADDR = "smtp.migadu.com";
          FROM = config.liv.variables.senderEmail;
          USER = config.liv.variables.senderEmail;
        };
      };
      mailerPasswordFile = config.sops.secrets.systemMailerPassword.path;
    };
    gitea-actions-runner = {
      package = pkgs.forgejo-runner;
      instances.code-liv-town = {
        enable = true;
        name = "forgejo-01";
        tokenFile = "${config.sops.secrets.forgejoWorkerSecret.path}";
        url = "https://code.liv.town";
        labels = [
          "node-22:docker://node:22-bookworm"
          "nixos-latest:docker://nixos/nix"
        ];
      };
    };
    anubis.instances.forgejo = {
      settings = {
        TARGET = "http://localhost:3050";
        BIND = ":3051";
        BIND_NETWORK = "tcp";
      };
    };
    nginx.virtualHosts."code.liv.town" = {
      forceSSL = true;
      sslCertificate = "/var/lib/acme/liv.town/cert.pem";
      sslCertificateKey = "/var/lib/acme/liv.town/key.pem";
      locations."/" = {
-        proxyPass = "http://localhost:3050";
+        proxyPass = "http://localhost${toString config.services.anubis.instances.forgejo.settings.BIND}";
        proxyWebsockets = true;
      };
    };
--- a/modules/services/matrix/secrets.yaml
+++ b/modules/services/matrix/secrets.yaml
@ -1,3 +0,0 @@
 registration_shared_secret: ""
 report_stats: false
--- a/modules/services/monitoring.nix
+++ b/modules/services/monitoring.nix
@ -1,4 +1,4 @@
-{ config, ... }:
+{ config, host, ... }:
 {
  services = {
    prometheus = {
@ -10,6 +10,15 @@
          enabledCollectors = [ "systemd" ];
          port = 9002;
        };
        smokeping = {
          enable = true;
          hosts = [
            "172.16.10.1"
            "172.16.10.2"
            "9.9.9.9"
            "149.112.112.112"
          ];
        };
      };
      scrapeConfigs = [
        {
@ -20,6 +29,14 @@
            }
          ];
        }
        {
          job_name = "${host} - smokeping";
          static_configs = [
            {
              targets = [ "127.0.0.1:${toString config.services.prometheus.exporters.smokeping.port}" ];
            }
          ];
        }
      ];
    };
  };
--- a/modules/services/vaultwarden.nix
+++ b/modules/services/vaultwarden.nix
@ -0,0 +1,34 @@
 { config, ... }:
 {
  services.vaultwarden = {
    enable = true;
    dbBackend = "sqlite";
    config = {
      SIGNUPS_ALLOWED = false;
      ENABLE_WEBSOCKET = true;
      SENDS_ALLOWED = true;
      INVITATIONS_ENABLED = true;
      EMERGENCY_ACCESS_ALLOWED = true;
      EMAIL_ACCESS_ALLOWED = true;
      DOMAIN = "https://passwords.liv.town";
      ROCKET_ADDRESS = "0.0.0.0";
      ROCKET_PORT = 8003;
    };
  };
  services.nginx = {
    enable = true;
    recommendedProxySettings = true;
    recommendedTlsSettings = true;
    virtualHosts = {
      "passwords.liv.town" = {
        forceSSL = true;
        sslCertificate = "/var/lib/acme/liv.town/cert.pem";
        sslCertificateKey = "/var/lib/acme/liv.town/key.pem";
        locations."/" = {
          proxyPass = "http://127.0.0.1:${toString config.services.vaultwarden.config.ROCKET_PORT}/";
          proxyWebsockets = true;
        };
      };
    };
  };
 }
--- a/modules/services/violet.nix
+++ b/modules/services/violet.nix
@ -19,7 +19,9 @@
    ++ [ (import ./monitoring.nix) ]
    ++ [ (import ./ntfy.nix) ]
    ++ [ (import ./nginx.nix) ]
    ++ [ (import ./nix-serve.nix) ]
    ++ [ (import ./radicale.nix) ]
    ++ [ (import ./remote-build.nix) ]
    ++ [ (import ./readarr.nix) ]
    ++ [ (import ./sharkey-proxy.nix) ]
    # ++ [ (import ./komga.nix) ]
--- a/secrets/violet/secrets.yaml
+++ b/secrets/violet/secrets.yaml
@ -0,0 +1,27 @@
 systemMailerPassword: ENC[AES256_GCM,data:b1fvCLZMiA9xDu/9BKQGnCTbwj46uixlo37qer66DK09U7CEB8ZBqe+Y+DqjcOJUHHHSo8Qk1XGvGQWypkGICxmxNP8KWvmY42Woh3677APvotUdjW5fVKTgB+Y1m/6/cvXKicJFjbw5LOzZ2/JcXP01KPSkRxWb/X4xzvawSMY=,iv:vbchTqHaH2PB9Mll/s8q4zLhN6ThAsCVvhoggOhj7H4=,tag:6b+TiV1YYHWOn0P9qJZ/bQ==,type:str]
 forgejoWorkerSecret: ENC[AES256_GCM,data:kmUjukTJ9SP6nJvfhIMFVTu5vAc9TIfZidUgejC7FSNBDJiP/lVlHw==,iv:jF9LpWLxtBi5i5NCC5nkLeLqJQzOAIY7H1z2NfHqUQI=,tag:3mtTcn+LQEbCESlt34nf9g==,type:str]
 matrixRegistrationSecret: ENC[AES256_GCM,data:xDFYVpBJa+FHWjmLlZspJAzJcoav53nWPoctQ5+gAnDYMurtSCkmoQn8r5j6fOmiy56KQyk8AD2/kT1HeFFNKA==,iv:82eIoh1ePc0VxfTbBPxpwGhYrcdRMI6WjFhlUJhxuHk=,tag:FAYUXUy0lEQU56ni2dxvbg==,type:str]
 sops:
    age:
        - recipient: age1yzapmznelujajfyrpw5mxmy86ckg377494w5ap4yej39jatewursfxls9w
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBXeG8vNWltdmJGcHhpMFVv
            L2loTVRWeUVQMjdFbXlLdDZ4NWd2czlMa1JVClErdlhXdlJKSDFrakhqVjRQMlBx
            RStBKzI3bHkzWlZrdkFTZFZvRjN0eFUKLS0tIGJFaTRkVGhSbmZSbEdYZEFWV2Fz
            bytGVUhvL1dKNk41cytPajJMUFdXQmMKbJZ7RDB5MXqotaLrWABIKFs2wEZtIAVm
            +k+ykISzj/XhhCt2J4IWbhPqRDlivsOLvQF1srNgk02/laE+0Nz5Pg==
            -----END AGE ENCRYPTED FILE-----
        - recipient: age1zegau3chyn53tqvkwud6tuyggpkazc88pdkqv8cknavaudu49enqm2f0h3
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxMWV2NkVGSWR3UzBPWmFQ
            S2lQRm9zZENGc29mN1VxT3hsb2c5d3k3ZGw4Ck5JWlpXQUU0WnhXT2ZocFZFSlkr
            WjhZM214YVBDR3UzcU9SQ09ucWJDSUUKLS0tIE00aXVkeTQ5eG1TTTA2UnBuVnVB
            S3pjSjlhZjZiSDBNakhLVzNKMjd3bWsKC2geLVXFp190lkjxtmZKq8aLN0XMNeAI
            VqbwIY3a30iuWAaxqf8h1ZuCGJvbAZZBevFZraj9yktRHc54JV3Aww==
            -----END AGE ENCRYPTED FILE-----
    lastmodified: "2025-07-30T12:37:11Z"
    mac: ENC[AES256_GCM,data:pGnJaFRqa3sjouALSjy8+ClhqE+RNR4b5SMLKB356WtnHtALrGnd/RzPTMyLLTOht1td1Fk5jY8WoUy225qqfI1yy0Mne+qtnFqd9++XTmiY1b7ARBeNvvM/mMuZyp34Mz8WLx+imrLcX6TAlpRZ/SWtv5BE9nleHCwpNvFpqfc=,iv:q8bKIFQd6dRSDBk3qhipOK0E/4NZgIcVCo4Mwu9Ddf8=,tag:JjL3sFxSMx4dp1Swt2lbvg==,type:str]
    unencrypted_suffix: _unencrypted
    version: 3.10.2
Author	SHA1	Message	Date
Ahwx	274232c66b	chore: adds device to `grub` on `hazel`	2025-07-30 16:48:18 +02:00
Ahwx	cb3b12b879	chore: disable `disko` as initial config is done	2025-07-30 16:47:32 +02:00
Ahwx	81344ed402	chore: update `hazel`'s configuration	2025-07-30 16:46:08 +02:00
Ahwx	5813c632bf	fix: make `config` input available so it can find `config.liv.gui`	2025-07-30 16:36:26 +02:00
Ahwx	962f396596	feat: write cursed package function	2025-07-30 16:33:52 +02:00
Ahwx	efb7abb67e	chore: adds `disko` and `hazel` host	2025-07-30 16:33:22 +02:00
Ahwx	b3e155851f	chore: merge remote-tracking branch 'refs/remotes/origin/master'	2025-07-30 16:32:33 +02:00
Ahwx	45be0c928d	feat: adds disk layout for `hazel`	2025-07-30 16:25:24 +02:00
Ahwx	13228786c8	feat: adds `hardware-configuration.nix` for `hazel`	2025-07-30 16:25:01 +02:00
Ahwx	3e1692f454	feat: adds `hazel` host	2025-07-30 16:24:31 +02:00
Ahwx	5930179d51	chore: merge remote-tracking branch 'refs/remotes/origin/master'	2025-07-30 15:04:22 +02:00
Ahwx	4358dd95b9	chore: remove things from gitignore	2025-07-30 14:49:53 +02:00
Ahwx	146176af45	chore: remove unused files	2025-07-30 14:49:19 +02:00
Ahwx	11992d9506	sops: update	2025-07-30 14:37:59 +02:00
Ahwx	525b24ac25	feat: set correct owner for `matrix-synapse` key	2025-07-30 14:37:35 +02:00
Ahwx	a042d3790d	sops: update	2025-07-30 14:23:14 +02:00
Ahwx	550fa87fbc	feat: adds `prometheus` exporter for `smokeping` to see latency	2025-07-30 14:20:03 +02:00
Ahwx	3aa990e203	chore: remove `smokeping` from `violet` as it is now a `prometheus` module	2025-07-30 14:17:17 +02:00
Ahwx	b663614fa5	feat: update `forgejo` settings to include `mailer` and `gitea-actions-runner` configuration now that we have `sops-nix`	2025-07-30 13:54:14 +02:00
Ahwx	d8d6bc67d8	feat: adds `vaultwarden` configuration	2025-07-30 13:38:07 +02:00
Ahwx	783b52e681	feat: enable some services for `violet`	2025-07-30 13:37:50 +02:00
Ahwx	d1c0a81809	feat: adds key group for `violet`	2025-07-30 13:24:40 +02:00
Ahwx	fdc031ea4d	feat: write cursed function so that secrets are host-based	2025-07-30 13:24:21 +02:00
`@ -1,2 +1 @@`
	`modules/services/matrix/default.nix`
	`result`	`result`
		`@ -1,3 +0,0 @@`
			`registration_shared_secret: ""`

			`report_stats: false`