From b5e6127bb365913eb8f34812759b783aa422aed1 Mon Sep 17 00:00:00 2001 From: lelgenio Date: Wed, 19 Feb 2025 17:04:03 -0300 Subject: [PATCH 01/56] rainbow: remove gitlab runner --- flake.nix | 1 - secrets/secrets.nix | 3 --- system/rainbow-gitlab-runner.nix | 22 ---------------------- system/secrets.nix | 1 - 4 files changed, 27 deletions(-) delete mode 100644 system/rainbow-gitlab-runner.nix diff --git a/flake.nix b/flake.nix index 0126f65..636724e 100644 --- a/flake.nix +++ b/flake.nix @@ -147,7 +147,6 @@ inherit system specialArgs; modules = [ ./hosts/double-rainbow.nix - ./system/rainbow-gitlab-runner.nix ] ++ common_modules; }; pixie = lib.nixosSystem { diff --git a/secrets/secrets.nix b/secrets/secrets.nix index f64fb4b..6504054 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -2,9 +2,6 @@ let main_ssh_public_key = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCxR/w+38b2lX90yNBqhq3mUmkn1WGu6GAPhN1tVp2ZjYRJNV/+5gWCnTtOWYtDx35HmK/spQ2Qy8X9ttkzORa24fysNx1Iqn/TiXhD7eIJjbGPnrOpIKTkW5/uB3SD/P5NBSa06//BaqJU4sBlG79hoXRpod052hQtdpTVDiMCIV+iboWPKqopmJJfWdBtVnHXs9rep0htPRExxGslImFk7Z6xjcaHyCpIQZPlOGf+sGsmUU7jRqzvZFV8ucIdbnAlMHrU4pepNFhuraESyZVTa/bi9sw0iozXp5Q5+5thMebEslmT1Z771kI4sieDy+O4r8c0Sx2/VY1UAzcpq1faggc3YB01MTh+tiEC6xdMvZLrQGL1NBWjHleMyL53GU5ERluC0vXJF3Hv3BGGBDfXWbrEm5n06DHr2apRVJGC0LwiQ7Woud1X4V4X1pKSusxCVMjT2lmcOwV6YhKhB2sowJc1OdMx4+tL0UWE+YKSZgBHfolwk6ml0F4EO9nnUHc= lelgenio@i15"; in { - "rainbow-gitlab-runner-thoreb-itinerario-registrationConfigFile.age".publicKeys = [ - main_ssh_public_key - ]; "monolith-gitlab-runner-thoreb-itinerario-registrationConfigFile.age".publicKeys = [ main_ssh_public_key ]; diff --git a/system/rainbow-gitlab-runner.nix b/system/rainbow-gitlab-runner.nix deleted file mode 100644 index 52e573a..0000000 --- a/system/rainbow-gitlab-runner.nix +++ /dev/null @@ -1,22 +0,0 @@ -{ - config, - pkgs, - lib, - ... -}: -let - inherit (pkgs.callPackage ./gitlab-runner.nix { }) mkNixRunner; -in -{ - boot.kernel.sysctl."net.ipv4.ip_forward" = true; - virtualisation.docker.enable = true; - services.gitlab-runner = { - enable = true; - settings.concurrent = 6; - services = { - thoreb-telemetria-nix = mkNixRunner config.age.secrets.gitlab-runner-thoreb-telemetria-registrationConfigFile.path; - thoreb-itinerario-nix = mkNixRunner config.age.secrets.rainbow-gitlab-runner-thoreb-itinerario-registrationConfigFile.path; - }; - }; - systemd.services.gitlab-runner.serviceConfig.Nice = 10; -} diff --git a/system/secrets.nix b/system/secrets.nix index ca11fb4..fdf14e8 100644 --- a/system/secrets.nix +++ b/system/secrets.nix @@ -6,7 +6,6 @@ secrets.monolith-gitlab-runner-thoreb-itinerario-registrationConfigFile.file = ../secrets/monolith-gitlab-runner-thoreb-itinerario-registrationConfigFile.age; secrets.gitlab-runner-thoreb-telemetria-registrationConfigFile.file = ../secrets/gitlab-runner-thoreb-telemetria-registrationConfigFile.age; secrets.monolith-forgejo-runner-token.file = ../secrets/monolith-forgejo-runner-token.age; - secrets.rainbow-gitlab-runner-thoreb-itinerario-registrationConfigFile.file = ../secrets/rainbow-gitlab-runner-thoreb-itinerario-registrationConfigFile.age; secrets.monolith-nix-serve-privkey.file = ../secrets/monolith-nix-serve-privkey.age; secrets.phantom-forgejo-mailer-password.file = ../secrets/phantom-forgejo-mailer-password.age; }; From 00c686512c2d724d1a2f9632b361bd12a0dd6518 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Leonardo=20Eug=C3=AAnio?= Date: Fri, 28 Feb 2025 17:58:29 -0300 Subject: [PATCH 02/56] gaming: add corectrl --- hosts/monolith/amdgpu.nix | 1 - system/gaming.nix | 8 ++++++++ user/sway/default.nix | 1 - 3 files changed, 8 insertions(+), 2 deletions(-) diff --git a/hosts/monolith/amdgpu.nix b/hosts/monolith/amdgpu.nix index 4c26afa..765e081 100644 --- a/hosts/monolith/amdgpu.nix +++ b/hosts/monolith/amdgpu.nix @@ -14,7 +14,6 @@ in boot.initrd.kernelModules = [ "amdgpu" ]; boot.kernelParams = [ "video=DP-1:1920x1080@144" - "amdgpu.ppfeaturemask=0xfffd7fff" # enable undervolting ]; systemd.services.amd-fan-control = { diff --git a/system/gaming.nix b/system/gaming.nix index e32c640..e79353e 100644 --- a/system/gaming.nix +++ b/system/gaming.nix @@ -59,5 +59,13 @@ }; }; }; + + programs.corectrl = { + enable = true; + gpuOverclock = { + enable = true; + ppfeaturemask = "0xffffffff"; + }; + }; }; } diff --git a/user/sway/default.nix b/user/sway/default.nix index 325cad5..04193aa 100644 --- a/user/sway/default.nix +++ b/user/sway/default.nix @@ -113,7 +113,6 @@ in for_window [title=.*] inhibit_idle fullscreen exec swaymsg workspace 2 exec_always systemctl --user restart waybar.service - exec corectrl --minimize-systray ''; }; services.gammastep = { From 57f6eb38348f0581e2b493631884c0e6563f1f11 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Leonardo=20Eug=C3=AAnio?= Date: Sat, 1 Mar 2025 12:11:18 -0300 Subject: [PATCH 03/56] update --- flake.lock | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/flake.lock b/flake.lock index f62cca1..573ab5e 100644 --- a/flake.lock +++ b/flake.lock @@ -551,11 +551,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1740367490, - "narHash": "sha256-WGaHVAjcrv+Cun7zPlI41SerRtfknGQap281+AakSAw=", + "lastModified": 1740560979, + "narHash": "sha256-Vr3Qi346M+8CjedtbyUevIGDZW8LcA1fTG0ugPY/Hic=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "0196c0175e9191c474c26ab5548db27ef5d34b05", + "rev": "5135c59491985879812717f4c9fea69604e7f26f", "type": "github" }, "original": { @@ -612,11 +612,11 @@ }, "nixpkgs_5": { "locked": { - "lastModified": 1740339700, - "narHash": "sha256-cbrw7EgQhcdFnu6iS3vane53bEagZQy/xyIkDWpCgVE=", + "lastModified": 1740603184, + "narHash": "sha256-t+VaahjQAWyA+Ctn2idyo1yxRIYpaDxMgHkgCNiMJa4=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "04ef94c4c1582fd485bbfdb8c4a8ba250e359195", + "rev": "f44bd8ca21e026135061a0a57dcf3d0775b67a49", "type": "github" }, "original": { @@ -937,11 +937,11 @@ }, "vpsadminos": { "locked": { - "lastModified": 1740082937, - "narHash": "sha256-HcTWGIzG2leM0gZabg9lkY7iLwvAe49lqXEzez/Rp/s=", + "lastModified": 1740754923, + "narHash": "sha256-o7Qo5kkjVgBL9CVqNJKnkcDbRkpD0UAp82G/mJ086Xw=", "owner": "vpsfreecz", "repo": "vpsadminos", - "rev": "521427c69173bc443de940ba88d4f58d5fa8d8e2", + "rev": "3a9df8fbe84b680ad0a38ec85e8e9c8a4f095ca3", "type": "github" }, "original": { From 9fd65b02bae1adf71deb7b8c9cdbaeda1db3596e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Leonardo=20Eug=C3=AAnio?= Date: Sat, 1 Mar 2025 12:11:23 -0300 Subject: [PATCH 04/56] factorio: update --- pkgs/factorio-headless/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/factorio-headless/default.nix b/pkgs/factorio-headless/default.nix index 2aaaba4..531e69b 100644 --- a/pkgs/factorio-headless/default.nix +++ b/pkgs/factorio-headless/default.nix @@ -1,10 +1,10 @@ { factorio-headless, pkgs }: factorio-headless.overrideAttrs (_: rec { - version = "2.0.28"; + version = "2.0.32"; src = pkgs.fetchurl { name = "factorio_headless_x64-${version}.tar.xz"; url = "https://www.factorio.com/get-download/${version}/headless/linux64"; - hash = "sha256-6pk3tq3HoY4XpOHmSZLsOJQHSXs25oKAuxT83UyITdM="; + hash = "sha256-KmECrkLcxej+kjvWi80yalaeNZEqzeEhMB5dTS2FZBc="; }; }) From 553ea251faa56dd49ed37e40e81788c3d499f9a1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Leonardo=20Eug=C3=AAnio?= Date: Wed, 5 Mar 2025 14:53:07 -0300 Subject: [PATCH 05/56] secrets: add sops --- .sops.yaml | 18 ++++++++++ flake.lock | 21 ++++++++++++ flake.nix | 7 ++++ hosts/phantom/default.nix | 13 ++++++++ secrets/phantom/default.yaml | 30 +++++++++++++++++ secrets/test.yaml | 65 ++++++++++++++++++++++++++++++++++++ system/configuration.nix | 10 +++++- system/secrets.nix | 2 +- system/sops.nix | 12 +++++++ 9 files changed, 176 insertions(+), 2 deletions(-) create mode 100644 .sops.yaml create mode 100644 secrets/phantom/default.yaml create mode 100644 secrets/test.yaml create mode 100644 system/sops.nix diff --git a/.sops.yaml b/.sops.yaml new file mode 100644 index 0000000..699e3c1 --- /dev/null +++ b/.sops.yaml @@ -0,0 +1,18 @@ +keys: + - &lelgenio-gpg 0FECE8316E74BA6F44EFC21A2F8F21CE8721456B + - &lelgenio-ssh ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCxR/w+38b2lX90yNBqhq3mUmkn1WGu6GAPhN1tVp2ZjYRJNV/+5gWCnTtOWYtDx35HmK/spQ2Qy8X9ttkzORa24fysNx1Iqn/TiXhD7eIJjbGPnrOpIKTkW5/uB3SD/P5NBSa06//BaqJU4sBlG79hoXRpod052hQtdpTVDiMCIV+iboWPKqopmJJfWdBtVnHXs9rep0htPRExxGslImFk7Z6xjcaHyCpIQZPlOGf+sGsmUU7jRqzvZFV8ucIdbnAlMHrU4pepNFhuraESyZVTa/bi9sw0iozXp5Q5+5thMebEslmT1Z771kI4sieDy+O4r8c0Sx2/VY1UAzcpq1faggc3YB01MTh+tiEC6xdMvZLrQGL1NBWjHleMyL53GU5ERluC0vXJF3Hv3BGGBDfXWbrEm5n06DHr2apRVJGC0LwiQ7Woud1X4V4X1pKSusxCVMjT2lmcOwV6YhKhB2sowJc1OdMx4+tL0UWE+YKSZgBHfolwk6ml0F4EO9nnUHc= lelgenio@i15 + - &monolith-ssh age1ecyynwv93lfu7crjjp8l47defv07quzfzaktwurpep7jc9eha5pscg7lrw + - &phantom-ssh age1m4mqcd2kmuhfr8a22rvh02c68jkakhdfmuqgtusuv0czk4jvna7sz79p3y + +creation_rules: + - path_regex: secrets/[^/]+\.(yaml|json|env|ini)$ + key_groups: + - pgp: + - *lelgenio-gpg + age: + - *lelgenio-ssh + - *monolith-ssh + - path_regex: secrets/phantom/[^/]+\.(yaml|json|env|ini)$ + key_groups: + - age: + - *phantom-ssh diff --git a/flake.lock b/flake.lock index 573ab5e..cabf4cf 100644 --- a/flake.lock +++ b/flake.lock @@ -722,6 +722,7 @@ "nixpkgs-unstable": "nixpkgs-unstable", "plymouth-themes": "plymouth-themes", "ranger-icons": "ranger-icons", + "sops-nix": "sops-nix", "tlauncher": "tlauncher", "tomater": "tomater", "treefmt-nix": "treefmt-nix", @@ -775,6 +776,26 @@ "type": "github" } }, + "sops-nix": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1741043164, + "narHash": "sha256-9lfmSZLz6eq9Ygr6cCmvQiiBEaPb54pUBcjvbEMPORc=", + "owner": "Mic92", + "repo": "sops-nix", + "rev": "3f2412536eeece783f0d0ad3861417f347219f4d", + "type": "github" + }, + "original": { + "owner": "Mic92", + "repo": "sops-nix", + "type": "github" + } + }, "systems": { "locked": { "lastModified": 1681028828, diff --git a/flake.nix b/flake.nix index 636724e..90ef37e 100644 --- a/flake.nix +++ b/flake.nix @@ -26,6 +26,11 @@ inputs.home-manager.follows = "home-manager"; }; + sops-nix = { + url = "github:Mic92/sops-nix"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + nixos-mailserver = { url = "gitlab:simple-nixos-mailserver/nixos-mailserver/master"; inputs.nixpkgs.follows = "nixpkgs"; @@ -96,10 +101,12 @@ { nixpkgs.pkgs = pkgs; } ./system/configuration.nix ./system/secrets.nix + ./system/sops.nix ./system/greetd.nix { login-manager.greetd.enable = desktop == "sway"; } inputs.agenix.nixosModules.default + inputs.sops-nix.nixosModules.default inputs.home-manager.nixosModules.home-manager inputs.disko.nixosModules.disko ( diff --git a/hosts/phantom/default.nix b/hosts/phantom/default.nix index 45c27d7..9111434 100644 --- a/hosts/phantom/default.nix +++ b/hosts/phantom/default.nix @@ -2,12 +2,16 @@ config, pkgs, inputs, + lib, ... }: { imports = [ inputs.vpsadminos.nixosConfigurations.container inputs.agenix.nixosModules.default + inputs.sops-nix.nixosModules.default + + ../../system/sops.nix ../../system/nix.nix ./hardware-config.nix ./mastodon.nix @@ -57,6 +61,15 @@ identityPaths = [ "/root/.ssh/id_rsa" ]; }; + sops = { + secrets.hello = { }; + defaultSopsFile = lib.mkForce ../../secrets/phantom/default.yaml; + }; + + environment.etc."teste-sops" = { + text = config.sops.secrets.hello.path; + }; + virtualisation.docker = { enable = true; daemon.settings = { diff --git a/secrets/phantom/default.yaml b/secrets/phantom/default.yaml new file mode 100644 index 0000000..a299b34 --- /dev/null +++ b/secrets/phantom/default.yaml @@ -0,0 +1,30 @@ +hello: ENC[AES256_GCM,data:UJAAdOL7wzQ1LduTyW+XK2NtXyw/u/Yz28Bmd7OoBe41FVLKwVfvdI1nAwYuNQ==,iv:7kPT2HF5T498bUJ9hUlz5Ez/jn1g7YIUVbJOTW/CHhQ=,tag:KJhJPg8AStyW4roEbEUJ2g==,type:str] +example_key: ENC[AES256_GCM,data:DcLN+C1BQ6WZg5fRiA==,iv:JC3GTWn4a4RekAHdOQB3YV5+eGa4cUK1JjyTPe8eNHY=,tag:W9CV4rsgHuXyqpWpUxlIQg==,type:str] +#ENC[AES256_GCM,data:RjdYJNz6qGfbsU/AiBeLlQ==,iv:LjRzSjBXp44cGSqUUfRDNLC9cW4Vd7lfsqDWINt31VA=,tag:NzVm1h9CVKE2XXt300aR/g==,type:comment] +example_array: + - ENC[AES256_GCM,data:K9j/t8MDibYO8Frhu1M=,iv:YnrxRnJJwTH6DJC6Bv/d1NUnX2ZPFwsjoji7L1Z+d7s=,tag:Dm7xCUlnjKdXHCuk8lwY8w==,type:str] + - ENC[AES256_GCM,data:0g6ACJzEHBtukwQYYTY=,iv:xLBJWfOYkX7Y28N01CX2+d5QOr9VGAhInH6pa1hNSGE=,tag:tCkCigo4yhi6YKVMe3Z3lQ==,type:str] +example_number: ENC[AES256_GCM,data:R+/m/QVBH9/3DA==,iv:FumBUj97ICrRQmyh5fg8Gu9Lba9oITD1pdsr1I/PCf0=,tag:hguw1gpPI3w64fG1WLnJqA==,type:float] +example_booleans: + - ENC[AES256_GCM,data:VvI5ag==,iv:koMzyWcua75sK19vuk65oywCD61lMyH3xUwue8LTqy4=,tag:2ym1M0FTwevLm7wefTUWAw==,type:bool] + - ENC[AES256_GCM,data:lFEC/S8=,iv:cJWbnmseP/AqJzyORM+VI5y7rK8axVeh7EXoLP7mT/Q=,tag:BaS5HyecokdLCq+LzQxGkg==,type:bool] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1m4mqcd2kmuhfr8a22rvh02c68jkakhdfmuqgtusuv0czk4jvna7sz79p3y + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxQkRWWmYweUNpcDRNbzRW + NnQ4R3JPK0oydm9iL0owS0d6Nm92eTFJZldFCnZpUVUvWi9FYTBDSGNvUUJRZHNz + QStPT0hCc08xUmh4dEdJdmVPRm01V2cKLS0tIEZPMmNKdGUvNnVWYXZNTHA3SkE3 + ZTNJbW9EWktPb2M5TVBNekUrZXVoUFkKLEsQVYVp7fTBRDA7RO8Kjpc5MUPb5U7I + WKZtNhsMZsP+SLgZWBF1PpvcjlDlNA2Z+Hqsrw6vsq6DYpnxToxfZQ== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2025-03-05T22:27:18Z" + mac: ENC[AES256_GCM,data:WSopSnWZ+uOllywd7difaZtJcfxkL7eIf9Kr3GajZKO0+rP6pEHIS+5AbXZy6oKRlCLUPecY/WXFvk3//akpvvXHbf6Jp4fQ/YSuTcYKRQupbDBpOXSlc33QyRl6oEyiMOjxMxa2N2tmq8dmA0NbF9wSDMa5a4eNDoiL5T/sUZ8=,iv:QqbVRApzFF6q24rk8KfKuthj656nEczD9Si4INj+N9A=,tag:tMRNYo+u/jIQ6iX3KqKJdA==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.9.4-unstable diff --git a/secrets/test.yaml b/secrets/test.yaml new file mode 100644 index 0000000..a2a8ee9 --- /dev/null +++ b/secrets/test.yaml @@ -0,0 +1,65 @@ +hello: ENC[AES256_GCM,data:ADXdQUkrnh9lDrsHyInYsPBo21u/mIAH47KhGQsxuz5OshT6CoK+89CILEi9tQ==,iv:b/rnM77z69+pVO3kxQZxI2YzTCRiBwwO5fhcwCB2/CI=,tag:A0FOXIfgIkJawV3QhlJPWQ==,type:str] +example_key: ENC[AES256_GCM,data:gXXl6hhdYNLC1Grmyw==,iv:miSL7Wdewd5zs4A86/r8OW6gK+PGZJ+gaqZRHHxvZos=,tag:Ty+IaoXdMSEThNPRjwhqTA==,type:str] +#ENC[AES256_GCM,data:FLhydTaiOqLRFk+ZrgGx9Q==,iv:TqhX2ylJKFQjdOpmwCER1+gRe4iR+I0hkVkNnYH4ESo=,tag:1BSk9TKqTma4MVUMswwmog==,type:comment] +example_array: + - ENC[AES256_GCM,data:1sIEL3xGDAygUKoodBA=,iv:1DumVv8vDvhT/K0jXM1vHdrFTE7dIxqqjS8CIpWdnc8=,tag:WSs+3a816zVOaGCTElxgFQ==,type:str] + - ENC[AES256_GCM,data:tFi1czQnVgX/nlWrJrs=,iv:isH65ldilVe3EjsKNP/dOKgtWZtHQPw364fPHBI+LEw=,tag:Ka5ywriFptKg3+lIHPEIyA==,type:str] +example_number: ENC[AES256_GCM,data:sxSM8a9oAp+u6g==,iv:KRLfIxZuBsnK+QE4mqm3pyhJmE7Fsd4ykJA++KrOnEQ=,tag:F5EkVUzw06ulr5jZvlTJdg==,type:float] +example_booleans: + - ENC[AES256_GCM,data:PDts2Q==,iv:qtfKg5gmUw2aERJe3gfT15Pk7mWocXwKdJhAzSic1o0=,tag:gn1sWsgt9ihYF8bHAkAQwQ==,type:bool] + - ENC[AES256_GCM,data:o9as7T0=,iv:YXyTB2X9PmTsOd37+BAp2xnT/+Yzyajcn5y1GE1O5rE=,tag:hyXA43jpyAbgH2hg1ivloQ==,type:bool] +sops: + shamir_threshold: 1 + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCxR/w+38b2lX90yNBqhq3mUmkn1WGu6GAPhN1tVp2ZjYRJNV/+5gWCnTtOWYtDx35HmK/spQ2Qy8X9ttkzORa24fysNx1Iqn/TiXhD7eIJjbGPnrOpIKTkW5/uB3SD/P5NBSa06//BaqJU4sBlG79hoXRpod052hQtdpTVDiMCIV+iboWPKqopmJJfWdBtVnHXs9rep0htPRExxGslImFk7Z6xjcaHyCpIQZPlOGf+sGsmUU7jRqzvZFV8ucIdbnAlMHrU4pepNFhuraESyZVTa/bi9sw0iozXp5Q5+5thMebEslmT1Z771kI4sieDy+O4r8c0Sx2/VY1UAzcpq1faggc3YB01MTh+tiEC6xdMvZLrQGL1NBWjHleMyL53GU5ERluC0vXJF3Hv3BGGBDfXWbrEm5n06DHr2apRVJGC0LwiQ7Woud1X4V4X1pKSusxCVMjT2lmcOwV6YhKhB2sowJc1OdMx4+tL0UWE+YKSZgBHfolwk6ml0F4EO9nnUHc= lelgenio@i15 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1yc2EgQnd3eEhnCm4zQnZFV2hJ + cFR0Z0hGeFlQd1Rtb2dDUDRJOVc3dmtWT3FIa2xOV0hRREE4LzVKQ01FTHd6M3kz + M0JLeEtXTXoKZkhnMTNETnZVc2tEbU84NWlGWk5YaUg5NjJDdk9yb01QMTVCOHlh + SDE3c0c0dUV3bXQ4MjAxYWJjYUFscmlORwplOFZLc1JzUzdjU0lCZGUyQWl4b3d0 + L3hmekNSUUZia2FOR0k3TWcyQm9xZytCakFpSGRidEJUZHQzaC9sVlppCmJBSnl0 + VW9Tb2hRME9MdmFlcUw5Z3MyV0k3V1FKQTNQZ3M0UTRLK0FvL3NOUTZ3RDBQY0M5 + UHdnLzU3VkFCME0KWTV4c29NbmIvLzl3WXJvMkhnT1gwTTBRNzV3RVVnRTdiMkpn + WmVWanB5VFpnTmhQMWRibXc4VGdhblAwWkQ1WQo0YnFjcnpnYTZITnVueTlZYzhW + OGs3MmlPcmhtaWZoU3h1T3FkbmpoMFFUN0UwQ1FDTGs5L1hGUHdJbmU5Q3haCjJG + bXAyd1lycGhELzY4ZWR2cEtmcWt4NnhXcjIyREw3cTR5d3ZoQlZySlg4Z2lwRmQ1 + cEF1VGthTkV0ekg4M2UKZS9aN0IxazdjUWhUMnBFSmYrOEdYQWdocWtQcFhtYlpN + M3FyTDdMSmpESncydnFFd3lTcE1FMEg5a1ZoTXVIRgoKLS0tIEsvb090WDRBZFdV + dFRUUms3S0J2b201OExwTy9DZERhZVlqVEdtaThkTE0KFT1RB8s+hEOJk7XGjSak + 34qTDcoBnaF0jPZ5Z0HsUx84G4Nu5teRVeHgVKyC7Iv7Gi9TkYtsdgM+q/3rdSvn + aA== + -----END AGE ENCRYPTED FILE----- + - recipient: age1ecyynwv93lfu7crjjp8l47defv07quzfzaktwurpep7jc9eha5pscg7lrw + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB5eVFsWHZZYkNrdjNraW5q + OTdmbWF6Tm02elk3NGt0TGQ3ZUoxaHp3VGdBCnVqSDRIMlRSOXdTSER2U0tDcjR1 + Tk5FcURQOW90bENWL2Nyck1CU3RBR1UKLS0tIFRZZzlNNWRtUkJmVzBHWTA3L21K + VCsyS0x4Rk83eC9UTHJvM1NJZG9DbTQKbGp6n/45qGA3rgmdxUJQKZdA1zen5kfZ + pXnExsrIhfPDx0oE2jIWGW0N8cizkCJA4k7ROGu56GqIqga9h55VTw== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2025-03-05T21:02:24Z" + mac: ENC[AES256_GCM,data:QfyrJrLERhs14KnuBJ0eCEUqKIBwhmQHROflBAArGlPmyVZU6KLvvOOANv+PJWk9Kt9yPU9Avwt6/e2q0jq9u2OUrvxHbqF4SWvkwhvSoSD3EOe27NGPjDLkVHOdszObo/fT8xglvc6LY8NqL9dXnUoLl58IrY7SE18F7EjrYuE=,iv:rjonQvZQjsr0oC5p3pjh1FAH/7B8SnHpAQ/qFxxfhQs=,tag:/DgHviNrSIzLyjj6ndwY0w==,type:str] + pgp: + - created_at: "2025-03-05T21:28:21Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQEMAzy6JxafzLr5AQf/aiSW1yeJJ3VLiJ6I+vafWPVe702+6IstICKNdTz4AFgo + 2yUkY/alpgkcH1ybAiRQK0lOs63NBL51Pe2XsKAWXTlHVgFU0B6e+7YoDuwPWnTP + dyTASd+++EAbf0l7bIVQbx28Ib5F5DZyB1VMhhGAZXQqURJGQpLrSqzaoMFPGodg + V7whjtOaEmtFKNhNeRIdrnTW2raeKO0J3mQ5nawCekeIHnx22NxCIbhBMsKpF8EH + 3SZSCNiGrrfbLZFHcM/P5N5qEPc53r9Zvpxcwc8NayIS3kUPwLqKmvhCbRW3WOr0 + 2fc8TQgHTWEYSRSYIVw5vPHWs4+3T4cjdGb0atJ4rtJeAUnGlwchAvxLfFFG096r + SDdiJBBZ03r31EJqnplNwwitKyR4jj+HaM/CNmtSFo7c99iA91A7C1PBri+NpuCK + Fr0JVEom4Fm9WY7BMPduiLN77XLB0aaYN7zu7pwdYA== + =4URT + -----END PGP MESSAGE----- + fp: 0FECE8316E74BA6F44EFC21A2F8F21CE8721456B + unencrypted_suffix: _unencrypted + version: 3.9.4 diff --git a/system/configuration.nix b/system/configuration.nix index a227e36..11f327e 100644 --- a/system/configuration.nix +++ b/system/configuration.nix @@ -1,7 +1,7 @@ # Edit this configuration file to define what should be installed on # your system. Help is available in the configuration.nix(5) man page # and in the NixOS manual (accessible by running ‘nixos-help’). -{ pkgs, ... }: +{ pkgs, config, ... }: { imports = [ ./android.nix @@ -29,6 +29,14 @@ zramSwap.enable = true; + sops = { + secrets.hello = { }; + }; + + environment.etc."teste-sops" = { + text = config.sops.secrets.hello.path; + }; + # Enable touchpad support (enabled default in most desktopManager). services.libinput.enable = true; diff --git a/system/secrets.nix b/system/secrets.nix index fdf14e8..588dfe4 100644 --- a/system/secrets.nix +++ b/system/secrets.nix @@ -1,4 +1,4 @@ -{ pkgs, ... }: +{ pkgs, config, ... }: { age = { identityPaths = [ "/root/.ssh/id_rsa" ]; diff --git a/system/sops.nix b/system/sops.nix new file mode 100644 index 0000000..673d1c1 --- /dev/null +++ b/system/sops.nix @@ -0,0 +1,12 @@ +{ pkgs, ... }: +{ + environment.systemPackages = with pkgs; [ + sops-master + gnupg + ]; + + sops = { + defaultSopsFile = ../secrets/test.yaml; + age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; + }; +} From 0bc125c944a18b65b5f390b313b74860375ed9b2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Leonardo=20Eug=C3=AAnio?= Date: Fri, 7 Mar 2025 13:11:42 -0300 Subject: [PATCH 06/56] monolith: add docker-images gitlab runner --- .sops.yaml | 12 ++++++- secrets/monolith/default.yaml | 56 +++++++++++++++++++++++++++++++ secrets/phantom/default.yaml | 46 +++++++++++++++++++++---- system/configuration.nix | 8 ----- system/monolith-gitlab-runner.nix | 14 ++++++++ 5 files changed, 121 insertions(+), 15 deletions(-) create mode 100644 secrets/monolith/default.yaml diff --git a/.sops.yaml b/.sops.yaml index 699e3c1..20a8640 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -12,7 +12,17 @@ creation_rules: age: - *lelgenio-ssh - *monolith-ssh + - path_regex: secrets/monolith/[^/]+\.(yaml|json|env|ini)$ + key_groups: + - pgp: + - *lelgenio-gpg + age: + - *lelgenio-ssh + - *monolith-ssh - path_regex: secrets/phantom/[^/]+\.(yaml|json|env|ini)$ key_groups: - - age: + - pgp: + - *lelgenio-gpg + age: + - *lelgenio-ssh - *phantom-ssh diff --git a/secrets/monolith/default.yaml b/secrets/monolith/default.yaml new file mode 100644 index 0000000..857bc5d --- /dev/null +++ b/secrets/monolith/default.yaml @@ -0,0 +1,56 @@ +gitlab-runners: + docker-images-token: ENC[AES256_GCM,data:GGB/KSkjdAyhFKEspAh91ItbqEDf7K/LZSGSn+Jp7SxRfXpDzHIiMD8XJ9PTkGLeQGN4ug1i2nTYPS7d/P5OALWDU+1NPiV9nPdG0w7GERfu4g==,iv:6roabdOKX9xFMf0hWlECd73+943R+hFLos0e2dOpzns=,tag:LrASFc4DtN7aQ+3oOW/p/w==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCxR/w+38b2lX90yNBqhq3mUmkn1WGu6GAPhN1tVp2ZjYRJNV/+5gWCnTtOWYtDx35HmK/spQ2Qy8X9ttkzORa24fysNx1Iqn/TiXhD7eIJjbGPnrOpIKTkW5/uB3SD/P5NBSa06//BaqJU4sBlG79hoXRpod052hQtdpTVDiMCIV+iboWPKqopmJJfWdBtVnHXs9rep0htPRExxGslImFk7Z6xjcaHyCpIQZPlOGf+sGsmUU7jRqzvZFV8ucIdbnAlMHrU4pepNFhuraESyZVTa/bi9sw0iozXp5Q5+5thMebEslmT1Z771kI4sieDy+O4r8c0Sx2/VY1UAzcpq1faggc3YB01MTh+tiEC6xdMvZLrQGL1NBWjHleMyL53GU5ERluC0vXJF3Hv3BGGBDfXWbrEm5n06DHr2apRVJGC0LwiQ7Woud1X4V4X1pKSusxCVMjT2lmcOwV6YhKhB2sowJc1OdMx4+tL0UWE+YKSZgBHfolwk6ml0F4EO9nnUHc= lelgenio@i15 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1yc2EgQnd3eEhnCldST3lPZXBV + cTVNK3R3RjlFcDQ4UldRT0tsSVJ2N2FkN0hiOVllT2Rrc2NjVWtMbnMrWHVMN1k5 + dExsVHFhMHMKRVVzR1pzeG01Y2FidWNrQ0xjK1FUZktnWTZaWWlWalM5cWhZWE9U + TFU3ZXV3aGp6QkRIZkl4MDFJN2RRQVkrdwpqQlE5ajFTVW15MVVyTkNaS3JiOFph + cGthWWZ4R3Rldjh0a2lnd1dSbUcvSVpDdHJKVk5GVy8vR05WbmhUWFhuCkZsaWk5 + L2dnNE4rNTV6VWpIZlNIMENzZVlKS2NEOFdmSFhsYkFNSHRlTENYeGNtekpDaUN4 + V3l2VWtta3hSVFIKblVDZ1hOdzZQbWswTDB5MXd3dXpXQW44MFhFR0hGZkxjbzlU + WkR5dFhhbVpTUGZwQVR3WXNCUjJWYlAyTU1VeQpkWEdXQjVUemlRdXVxZVE4SGVU + TFlPS0FEV1dRRWU0K1d1ZTRrZGU1MHVKQ0lCemJmcUhOaWtON3ZDbUtad2lXCklt + aFREN3BmdEo1TUw2V2NtQ0QvbE1EQ25OeW5ZaldOY04zQjFQbWRnWjhJaWZKWXJn + UlBTTjV0VkpEY0FhZjQKTURjT004dHEvS24rNGVBSE1KK0ZabTBKb0Z4QTJvS2Fi + czdnWEpUTXJsRVMvdWFzVlJLT281a3JwQi9PMGVDcQoKLS0tIFgvSE14blgvVkxQ + b3N5WWlzdG5hajZaVFVkWVlhOXNZKytmZEZrZVprRHMKXqPgDpKG42KsfKfIAflT + 1meea416Af+WeFhWnw8fBBhApKrMMmYMMjDi1lIOGDz57ydNqtlFqdFtkiQsUC0f + wA== + -----END AGE ENCRYPTED FILE----- + - recipient: age1ecyynwv93lfu7crjjp8l47defv07quzfzaktwurpep7jc9eha5pscg7lrw + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBzTWVYNXNQcHhHSzVBQmhU + ejlOQzJMZ0xEVFVkbzNPQ0hMVHBQWEgzQTFJCkF6ZDNaZ29UM29vWGZqVW10dmlQ + YjNFNXJVMlcxT1ZsMU55cE8vc3VjaXMKLS0tIDZYQTRjMWp5a3hKc2N4alZKZHFt + TGNwNUQxN0VQMHErMGVZbG5CZW9kSGMK9TRcgSJQT73dYoQxrrqFW/FkKExLGT4T + Xagi6Eq4rhT7pvaL4h3vglwbqkLPsHrWRSyhh0sAEIJ1WpvD+cFEMA== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2025-03-07T14:47:44Z" + mac: ENC[AES256_GCM,data:k0yhfVhDmtU8wOZIylaxmmd+8TIXCzCbGhlaQnyeLplH2BDHVnpzAxBJVizS/VtVpAkjMAESndXqW7N6pnGnRWdZPtCxE8KNtz/nUxCZA44cn+mjC+ghKgsgaLuxe4smu0f4u4TK2uFsJqw5J0VGFgMtyKe4AaHujoXWL80zTR0=,iv:xiDrOtto246oPjMw5+ny0qB8HjdMpkzZyPNi3csgMVE=,tag:2xioMXxERDSePdIwPpP7hg==,type:str] + pgp: + - created_at: "2025-03-07T14:42:24Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQEMAzy6JxafzLr5AQf/Y0QIIBN0uY3RUj88u5L0tJqypnKOAlfLOMYPkZ0oomAd + ZowogLWJgWyFC6NTdZRj84GoF2EAMDZqDAwh7shrZSpuhr0rwT7bGMQ4/VSx/Sxs + uCgkzXGMT0DsGjDOw6h17dDLNAnnvViamL1Br3ZXG7gZJXmUhPavL1YXeQciPqjh + FyJLAKeb9sQAFUp0Aexo4fKZSJh//O8jTiz7vl5klpQnDHWzpkcuxqIajIoYFdcL + ioP1GnrsUDfyXh2zfLcggxs/WHU24/C8DZqWai9WqRA08kJpw+aj1835vmUIWM0W + E5TF9h/tOEGw+PGhvwNiEvONhv/tpyLpjoXylbisjtJeAY6Fntxcrssw2cKMimFV + UjBuf2vSmQlNBqU+LE0JOICmRsmnLZTEPXnPqpqBTRV4gj4kTLCJYcaEIFP7uSEd + WlCyyX28ACGThorQEoQ/W2bFfNT/Mi7CNQ8EOckmKg== + =6Qin + -----END PGP MESSAGE----- + fp: 0FECE8316E74BA6F44EFC21A2F8F21CE8721456B + unencrypted_suffix: _unencrypted + version: 3.9.4-unstable diff --git a/secrets/phantom/default.yaml b/secrets/phantom/default.yaml index a299b34..2d744c9 100644 --- a/secrets/phantom/default.yaml +++ b/secrets/phantom/default.yaml @@ -14,17 +14,51 @@ sops: azure_kv: [] hc_vault: [] age: + - recipient: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCxR/w+38b2lX90yNBqhq3mUmkn1WGu6GAPhN1tVp2ZjYRJNV/+5gWCnTtOWYtDx35HmK/spQ2Qy8X9ttkzORa24fysNx1Iqn/TiXhD7eIJjbGPnrOpIKTkW5/uB3SD/P5NBSa06//BaqJU4sBlG79hoXRpod052hQtdpTVDiMCIV+iboWPKqopmJJfWdBtVnHXs9rep0htPRExxGslImFk7Z6xjcaHyCpIQZPlOGf+sGsmUU7jRqzvZFV8ucIdbnAlMHrU4pepNFhuraESyZVTa/bi9sw0iozXp5Q5+5thMebEslmT1Z771kI4sieDy+O4r8c0Sx2/VY1UAzcpq1faggc3YB01MTh+tiEC6xdMvZLrQGL1NBWjHleMyL53GU5ERluC0vXJF3Hv3BGGBDfXWbrEm5n06DHr2apRVJGC0LwiQ7Woud1X4V4X1pKSusxCVMjT2lmcOwV6YhKhB2sowJc1OdMx4+tL0UWE+YKSZgBHfolwk6ml0F4EO9nnUHc= lelgenio@i15 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1yc2EgQnd3eEhnCm9xWXdTQjZU + Znpiak1xdE1kTm56NWI3bUNlQXBFcjhNNFlwbDVUcGhrS2J4Y1M3aXFydjVGYmVI + UmNKVmkrb3cKWHNsa2FZaE4zbnJWYVo1SDhTOEZxM0JMRWJ0ckpySk11V09LMkd5 + bjhQRkpSZG0xYko3aTFqQmVFU3JhSWo1Ugo2Nk0rNzJBNzJvbVJkU0VhSmRRWE5B + RUt4S3h1cFZkZHkxOU5VUTcxN1JBNFlaYTkyZTNSM3JVUjhCUStNODRMCjdJRWlv + d0g4bnlQMzhWSGUxY04vRnUvbTlyWVQ0eWsvbnk4UmxxOHVZblM3bVFETXJiVjRE + b2s1ZFVHaEFNc3EKSDJTYUVSNWtKQS81bUdOcDA0SnZGeE4vQkt6bFZWY1dxNm9S + YVhRdjVCb3RGaC94djZZeFhXaTZSVVYzaUJ6KwoxQXNKcU9Dbk8xYWRvaGJwSXdu + Zzk4Y09zbW54elJHdjJ6OTNyeURwZ3JJL0gvaFVRUmgyRnNBbXFJU1l5U2FwCm56 + bzc0TkVWdnNoWnBMMjlKbnZicmRxdXIwd2hCZGp5dEQ2TnBtdTZCdnJRbzIyZFhV + L1ZpVW9nZmNqQW45c0cKYnIxQTc2aEowTUprZ1pYVCt3L2NsVHJ5SWF1aHZUR1E5 + eGVrcUphWk1vVURBL2J4UlZLQXluNC82YnNhQUFOQgoKLS0tICtOTXVyUzZldUJO + QkN0eUVRSDlDWmthU0VrRUZDb0VBTVFhL24raHJDcGsKcspICwz+f6y21yogiXO3 + Qp7evIuOzfWe6pMtge5BjxWTlzIdi2btFTzuTjgZaOiQd8FIB3iTqBkepUVD49jN + RQ== + -----END AGE ENCRYPTED FILE----- - recipient: age1m4mqcd2kmuhfr8a22rvh02c68jkakhdfmuqgtusuv0czk4jvna7sz79p3y enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxQkRWWmYweUNpcDRNbzRW - NnQ4R3JPK0oydm9iL0owS0d6Nm92eTFJZldFCnZpUVUvWi9FYTBDSGNvUUJRZHNz - QStPT0hCc08xUmh4dEdJdmVPRm01V2cKLS0tIEZPMmNKdGUvNnVWYXZNTHA3SkE3 - ZTNJbW9EWktPb2M5TVBNekUrZXVoUFkKLEsQVYVp7fTBRDA7RO8Kjpc5MUPb5U7I - WKZtNhsMZsP+SLgZWBF1PpvcjlDlNA2Z+Hqsrw6vsq6DYpnxToxfZQ== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3TklEaUl2QkVtVVN5UXlC + cW9RaHNoSnRkV0lKTmtYS0VZQnhyM0o0cUFNCmZWemJuOFVyK1ZFbkR1RUZOTEVB + WmJFemRrd0xIUW43cElkdVJOM052N2cKLS0tIFJpRTNtQ1hjWGJwSFJLRDNRSm4z + WW9MbmZoTllLalpWcFdOa3JpaThPMjQKa5vVGp+L1V2/ScyUe0EaOVw4TB8paS2w + 79VgplKN6HL+f6bL/0rIUOwJ6PDW944bOioKDYvbUCpBnSRYIHnYoQ== -----END AGE ENCRYPTED FILE----- lastmodified: "2025-03-05T22:27:18Z" mac: ENC[AES256_GCM,data:WSopSnWZ+uOllywd7difaZtJcfxkL7eIf9Kr3GajZKO0+rP6pEHIS+5AbXZy6oKRlCLUPecY/WXFvk3//akpvvXHbf6Jp4fQ/YSuTcYKRQupbDBpOXSlc33QyRl6oEyiMOjxMxa2N2tmq8dmA0NbF9wSDMa5a4eNDoiL5T/sUZ8=,iv:QqbVRApzFF6q24rk8KfKuthj656nEczD9Si4INj+N9A=,tag:tMRNYo+u/jIQ6iX3KqKJdA==,type:str] - pgp: [] + pgp: + - created_at: "2025-03-07T16:05:59Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQEMAzy6JxafzLr5AQf/djnT5hse11QoFPbmuu5rmc/0vpOQ79G6MYZtHlXL/HbP + hx0r25yTI6ICayFiO7luovz58saN0BY5K1dCbGB7+nZ8lrKoGE4GhX4k5Cc/KJIO + BTEbTqMJLezkb34FsuXgD9o2udNysC3Bpi/3NbPCYsJkVeCmx1wyEWzWhz51RO4M + WEyKkE0DyJfOpTuY2fofGhaA866firFDrS2SeiU4Dox4au3iR4VYqt6IITmgZdDE + M9LRp3AzOPOUZzpeRcer4ksh8WVDIWPEEL+w+OGo8QpUL3kqHIMVPgXY0kBOR+5s + tVTCLVe7yoimK/oSYkEx9Z3TYRwKV6ggJWahX7VHaNJeAVxIon8Qs8W2L+f1gclK + tPbaE+jCg6AH3apD3ICisxCj0Vvm+NsWMo2skeN2YGyWBCOoeGcG5OhgJtD0cQiw + QxCzywMXujxYYAXJEvhk4YRhaCOMkTTMGNoloWMugg== + =CHH0 + -----END PGP MESSAGE----- + fp: 0FECE8316E74BA6F44EFC21A2F8F21CE8721456B unencrypted_suffix: _unencrypted version: 3.9.4-unstable diff --git a/system/configuration.nix b/system/configuration.nix index 11f327e..f515e43 100644 --- a/system/configuration.nix +++ b/system/configuration.nix @@ -29,14 +29,6 @@ zramSwap.enable = true; - sops = { - secrets.hello = { }; - }; - - environment.etc."teste-sops" = { - text = config.sops.secrets.hello.path; - }; - # Enable touchpad support (enabled default in most desktopManager). services.libinput.enable = true; diff --git a/system/monolith-gitlab-runner.nix b/system/monolith-gitlab-runner.nix index 3e63d98..ce0dc6f 100644 --- a/system/monolith-gitlab-runner.nix +++ b/system/monolith-gitlab-runner.nix @@ -18,7 +18,21 @@ in # nix store will be readable in runner, might be insecure thoreb-telemetria-nix = mkNixRunner config.age.secrets.gitlab-runner-thoreb-telemetria-registrationConfigFile.path; thoreb-itinerario-nix = mkNixRunner config.age.secrets.monolith-gitlab-runner-thoreb-itinerario-registrationConfigFile.path; + + default = { + # File should contain at least these two variables: + # `CI_SERVER_URL` + # `CI_SERVER_TOKEN` + authenticationTokenConfigFile = config.sops.secrets."gitlab-runners/docker-images-token".path; + dockerImage = "debian:stable"; + }; }; }; systemd.services.gitlab-runner.serviceConfig.Nice = 10; + + sops.secrets = { + "gitlab-runners/docker-images-token" = { + sopsFile = ../secrets/monolith/default.yaml; + }; + }; } From b52a8868069bc4662d9da0c1b55d9a4fb29e2751 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Leonardo=20Eug=C3=AAnio?= Date: Fri, 7 Mar 2025 14:56:02 -0300 Subject: [PATCH 07/56] monolith: migrate ci secrets to sops --- secrets/monolith/default.yaml | 8 ++++++-- system/monolith-gitlab-runner.nix | 11 ++++++++--- 2 files changed, 14 insertions(+), 5 deletions(-) diff --git a/secrets/monolith/default.yaml b/secrets/monolith/default.yaml index 857bc5d..46cc388 100644 --- a/secrets/monolith/default.yaml +++ b/secrets/monolith/default.yaml @@ -1,4 +1,8 @@ +forgejo-runners: + git.lelgenio.com-default: ENC[AES256_GCM,data:sEfpBZvgQUkyXPWY4RI0RPJWUbsYK/RGqiYJ5wDSVY9a0EYenyt96QYq6815evq2iQ==,iv:rSWnCOdhfKH4TM9R0/IParYd9laYhWxR+iUhgkVvqfc=,tag:mBcSH/oGDMBgBScvCdn3Zg==,type:str] gitlab-runners: + thoreb-telemetria-nix: ENC[AES256_GCM,data:zrZvG4be08ulpo7itbrprKK5csCMLvzZjrszfMw1XiJP0FyRTUd9nHgHpbAzbjj2KyT7kKngoZAyengvaTEhkT9sUi1pdGnvajAH8BDDOD0g4LJIHFl4,iv:3bSsTzU7gHx+MchuPg9kmb5xEDugmGPje8Jw74NpRJI=,tag:zffRr77lWbyLt7o/mywb5A==,type:str] + thoreb-itinerario-nix: ENC[AES256_GCM,data:UdAAD0V895sFoEYR56sCG2LlpZugJ0K/nwkTygzWOnbTSmBRAcIQ8qVFPZGw+K+XMSLiCyio6Jp7k8AYP0K1VYm+6aEP3OkqR9FCLQTJgXo=,iv:UGUby50BYkn13OzItk6zZmxc5+SnbZZa4bebQHIow2A=,tag:LjDg3deWwdH2T71EtPo6jA==,type:str] docker-images-token: ENC[AES256_GCM,data:GGB/KSkjdAyhFKEspAh91ItbqEDf7K/LZSGSn+Jp7SxRfXpDzHIiMD8XJ9PTkGLeQGN4ug1i2nTYPS7d/P5OALWDU+1NPiV9nPdG0w7GERfu4g==,iv:6roabdOKX9xFMf0hWlECd73+943R+hFLos0e2dOpzns=,tag:LrASFc4DtN7aQ+3oOW/p/w==,type:str] sops: kms: [] @@ -34,8 +38,8 @@ sops: TGNwNUQxN0VQMHErMGVZbG5CZW9kSGMK9TRcgSJQT73dYoQxrrqFW/FkKExLGT4T Xagi6Eq4rhT7pvaL4h3vglwbqkLPsHrWRSyhh0sAEIJ1WpvD+cFEMA== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-03-07T14:47:44Z" - mac: ENC[AES256_GCM,data:k0yhfVhDmtU8wOZIylaxmmd+8TIXCzCbGhlaQnyeLplH2BDHVnpzAxBJVizS/VtVpAkjMAESndXqW7N6pnGnRWdZPtCxE8KNtz/nUxCZA44cn+mjC+ghKgsgaLuxe4smu0f4u4TK2uFsJqw5J0VGFgMtyKe4AaHujoXWL80zTR0=,iv:xiDrOtto246oPjMw5+ny0qB8HjdMpkzZyPNi3csgMVE=,tag:2xioMXxERDSePdIwPpP7hg==,type:str] + lastmodified: "2025-03-07T16:48:32Z" + mac: ENC[AES256_GCM,data:vyO1MMSRCoc8CK1wqXdgvvAiNP4NUXxpF1MPNsz2z9ioeu15ue2AYV+kWH3I94qUOZ93UM+Nbfx1sqN+JKpkbQ7iS8vY1NNwovEYtrp4FInr6esYOIJXSvvf/3wlWoquSaNACQnbjKJKgV05m24+hu/meIXMYs9sn2SxlnetTmg=,iv:W1jokO9Shhle0cWZpR5bonVdLPZAOo76h8sClMUYZbE=,tag:1Pg5f6q6TmBrAmYWuhKaKQ==,type:str] pgp: - created_at: "2025-03-07T14:42:24Z" enc: |- diff --git a/system/monolith-gitlab-runner.nix b/system/monolith-gitlab-runner.nix index ce0dc6f..28a0ecd 100644 --- a/system/monolith-gitlab-runner.nix +++ b/system/monolith-gitlab-runner.nix @@ -1,7 +1,6 @@ { config, pkgs, - lib, ... }: let @@ -16,8 +15,8 @@ in services = { # runner for building in docker via host's nix-daemon # nix store will be readable in runner, might be insecure - thoreb-telemetria-nix = mkNixRunner config.age.secrets.gitlab-runner-thoreb-telemetria-registrationConfigFile.path; - thoreb-itinerario-nix = mkNixRunner config.age.secrets.monolith-gitlab-runner-thoreb-itinerario-registrationConfigFile.path; + thoreb-telemetria-nix = mkNixRunner config.sops.secrets."gitlab-runners/thoreb-telemetria-nix".path; + thoreb-itinerario-nix = mkNixRunner config.sops.secrets."gitlab-runners/thoreb-itinerario-nix".path; default = { # File should contain at least these two variables: @@ -31,6 +30,12 @@ in systemd.services.gitlab-runner.serviceConfig.Nice = 10; sops.secrets = { + "gitlab-runners/thoreb-telemetria-nix" = { + sopsFile = ../secrets/monolith/default.yaml; + }; + "gitlab-runners/thoreb-itinerario-nix" = { + sopsFile = ../secrets/monolith/default.yaml; + }; "gitlab-runners/docker-images-token" = { sopsFile = ../secrets/monolith/default.yaml; }; From 21d747cb71f0c3358c0af8c3279fe62f399f45a1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Leonardo=20Eug=C3=AAnio?= Date: Fri, 7 Mar 2025 18:33:59 -0300 Subject: [PATCH 08/56] monolith: add declarative bitbucket runners --- flake.nix | 1 + secrets/monolith/default.yaml | 9 +++-- system/monolith-bitbucket-runner.nix | 50 ++++++++++++++++++++++++++++ 3 files changed, 58 insertions(+), 2 deletions(-) create mode 100644 system/monolith-bitbucket-runner.nix diff --git a/flake.nix b/flake.nix index 90ef37e..fd1bac2 100644 --- a/flake.nix +++ b/flake.nix @@ -146,6 +146,7 @@ modules = [ ./hosts/monolith ./system/monolith-gitlab-runner.nix + ./system/monolith-bitbucket-runner.nix ./system/monolith-forgejo-runner.nix ./system/nix-serve.nix ] ++ common_modules; diff --git a/secrets/monolith/default.yaml b/secrets/monolith/default.yaml index 46cc388..3e1c99c 100644 --- a/secrets/monolith/default.yaml +++ b/secrets/monolith/default.yaml @@ -4,6 +4,11 @@ gitlab-runners: thoreb-telemetria-nix: ENC[AES256_GCM,data:zrZvG4be08ulpo7itbrprKK5csCMLvzZjrszfMw1XiJP0FyRTUd9nHgHpbAzbjj2KyT7kKngoZAyengvaTEhkT9sUi1pdGnvajAH8BDDOD0g4LJIHFl4,iv:3bSsTzU7gHx+MchuPg9kmb5xEDugmGPje8Jw74NpRJI=,tag:zffRr77lWbyLt7o/mywb5A==,type:str] thoreb-itinerario-nix: ENC[AES256_GCM,data:UdAAD0V895sFoEYR56sCG2LlpZugJ0K/nwkTygzWOnbTSmBRAcIQ8qVFPZGw+K+XMSLiCyio6Jp7k8AYP0K1VYm+6aEP3OkqR9FCLQTJgXo=,iv:UGUby50BYkn13OzItk6zZmxc5+SnbZZa4bebQHIow2A=,tag:LjDg3deWwdH2T71EtPo6jA==,type:str] docker-images-token: ENC[AES256_GCM,data:GGB/KSkjdAyhFKEspAh91ItbqEDf7K/LZSGSn+Jp7SxRfXpDzHIiMD8XJ9PTkGLeQGN4ug1i2nTYPS7d/P5OALWDU+1NPiV9nPdG0w7GERfu4g==,iv:6roabdOKX9xFMf0hWlECd73+943R+hFLos0e2dOpzns=,tag:LrASFc4DtN7aQ+3oOW/p/w==,type:str] +bitbucket-runners: + wopus-runner-1: ENC[AES256_GCM,data:gtH0T5n8qMYpvSv5ciN8+ScGlFDf9xE0FTxNP97vT/qsOCcaItTE+5P+DFcWw46onLED+1c+u0sArFbEsT3f8lyco9b+0l99uOQAxLZQzAXYH8zGye1UnwUtytkci2PHu5c8kTpIWHXyZ1IOYNGWkermeab57ANzOkM1LbkHyAjS6VTh0I60LfAOdHOw5FDFL8d1d9oWxLloOe9USLPqHjC023EpCUT2YuyHoPCTpBu8Kb/2HfV0wkAKaB3dvVrKwXCj+bfP6+bjQ3uMzVO/7jxPmnSGBfvyZ+Hlg5goJ6bSAqQWmnPPnQ96FgQfe8su5ML9qNIp9/7eNiL6Rv6Vhxe0hHbE5wsZ/58grcg/LrugeWJvUJ9THhwcTwO8Pkvwlq0XM9seUY2NV+LCK3bLQ4IWDjWkU1IHg6+nihTcvl1iD6UIGMgqGoB/v05WVzHb+GcE2fFuSuhVHfa5RMyboELOJoFrqZiXGhY=,iv:ZakLafxYQCDd1Zw8T83Xfj+YwAQKna9LC6ognJqtifA=,tag:bwBObfdMIvJfRrOG04NtxA==,type:str] + wopus-runner-2: ENC[AES256_GCM,data:gg8merZMFbf396hdJY7zmKQndT3GzB7NeGZAs3C0au8Zd7OFAg9vcQcFcxNA3kZGJZqmFTR/ycWJwhYr9fhlfFuPhDynVvgJAqoYtvC2MUDiOMD/d3DlfwFjQ6cOGTrvFuY1kkgSFb4OFdrVC1eiTDrGygFmYnYcqTKn/t5Ttqi+cHZNzFzVzdVLvaLCYxltM5g45zn+fXYxYwCfqyb32/M1XTnnwIGiataGxEX5oWhVV4zqeLO4ZIYPSby5AVvIMJ/zqvqaeVVY52GLDcTKrj3thbZxMQLWN3/lOA0uYhi3L/WM8Gx+JMEIbSICcuT7QXu4w4PA+opcx9GnsMCK2/egzS+cNPJ4vGZCdVD/jh6A9zVEJAgXdsHXNXFHmMPt7DcgrCQiub62og4kBY4G/Rcg4UN7sb3v3qyBpGbCGHGRjCFc+wdHpom0yDOG2cwcqfN49pC2R7Ag2BisFQ/5A+DPmKnvGG3kt9s=,iv:5g5XiDecYqi4JNRkZubgPJECBQdZ6rBeojgFe6Etebk=,tag:HRy5bFSbfxKTb5e13lGtgg==,type:str] + wopus-runner-3: ENC[AES256_GCM,data:f9pLYR8t51HtPpLyXysIVaDAhxDrmktJH93E7rb7imtKwK7hRhR8usnvHTcknLfD7BMvStAIYefdGt19u7PrQu6vqc19bEcNbnK5OH4KBP6+X47oMgBYtbIGXH+t3dSDt22fSIoppTwdX7/Kf4vqesfN8K7EunETvFR86oyyKdy15mvXr0XUO4us4HZjnIOBEnOm1P/V8hk5JcCpRuo+8ZYmBe5gzq5pTnqnYlPE1EovM7eDMg72J7ev07h50qvySrAqmNiqDcXfTPQ2TzuHx3XxAYqFybf1L6P9OnLB6RDAlpoFJ0h8dSg2tzC2+amYsBP0UIBK/ZhWvvAjpX+MZrTASjenh/tefDcNdbsXDOr7A4i/261z4rC0r+97INglCN1N/SZg51iBHiRAVV1zibDLfioR5+eBIykWAtjILMoYU+zOcr0E8K0I9jQGMtpnYmvHJqV0DVcdfZpJptrPUUy+lQ/iZVcPpLs=,iv:grzvVsfpUzywjNE4jvTxXKG3TYajrvSsQgfOgtafvIo=,tag:K1B6crN0ckLk0EYBtGHDkw==,type:str] + wopus-runner-4: ENC[AES256_GCM,data:D1Zq0BtPuACnutAbUcj3gYSMLuIZcMuqc/1mEFmitEG0tBFMWhkabS+8lXcp8sb1DM0LTDMEwgMB9FVyFb670MKQNEncqQtaNJtY1BxS3SolovDAM/I+i6YGvd4X8jX99d+7ZNR6xGBWJ/dW8rz4QnIM8Eh3FDOqaFa/ltfyPKP9IZ2uZi67C/n8Q/OSdgMQkt+QxhgJfSghE1iruPwxyGlqv+E4SZNI/fQQMjX0Lh7z02ms58yyMtjO71YbukV/JXFRsdJrqY2wfH/6NlZbsKideoSxluBRVqmbW6KQd7dUT819KbOSu9CFdgThtVCU8qiv3jbAbn8D5xRy4AAOEfSqRLXJoj7otCqr47R/8+0BdS3aztFBjL3lDmprMWZ4+LD55fvczfpxUF9ox1mhcjIvCvZJJL06XsST1XRXa7i2fr4/a/XhCmQgIzar5IYxSC9OjuHp6jLsTaY3ZUgid5W1L1n8uWSmA98=,iv:O9caRG//brERiIhuMrsFdTz6TnPY0rdQnvHEu0P42yM=,tag:hrmwLX/CRhZfammJ2nfTPw==,type:str] sops: kms: [] gcp_kms: [] @@ -38,8 +43,8 @@ sops: TGNwNUQxN0VQMHErMGVZbG5CZW9kSGMK9TRcgSJQT73dYoQxrrqFW/FkKExLGT4T Xagi6Eq4rhT7pvaL4h3vglwbqkLPsHrWRSyhh0sAEIJ1WpvD+cFEMA== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-03-07T16:48:32Z" - mac: ENC[AES256_GCM,data:vyO1MMSRCoc8CK1wqXdgvvAiNP4NUXxpF1MPNsz2z9ioeu15ue2AYV+kWH3I94qUOZ93UM+Nbfx1sqN+JKpkbQ7iS8vY1NNwovEYtrp4FInr6esYOIJXSvvf/3wlWoquSaNACQnbjKJKgV05m24+hu/meIXMYs9sn2SxlnetTmg=,iv:W1jokO9Shhle0cWZpR5bonVdLPZAOo76h8sClMUYZbE=,tag:1Pg5f6q6TmBrAmYWuhKaKQ==,type:str] + lastmodified: "2025-03-07T21:28:04Z" + mac: ENC[AES256_GCM,data:4lOafZQ6PP38CByulzA/J86sw+TpQhj40s1lTRXqUtpt72yH8nQK8dXpw0dNYvDBtDpKRvNTHZubzalEua6n2lCQL7rsZ2+fo6FJ4ht2Kb70dddDcWEyrfyZQ2FaKC5L/QjqM0SbIfPszNvyQ8wIaOoMfNJBis5QOjRSGDAcJm8=,iv:LLT0oJW+3KNe1nKphCK0c5FPIuh8GfnDrvNDCFhP4NM=,tag:rPbVY7L1qxNc3aCfv77FAg==,type:str] pgp: - created_at: "2025-03-07T14:42:24Z" enc: |- diff --git a/system/monolith-bitbucket-runner.nix b/system/monolith-bitbucket-runner.nix new file mode 100644 index 0000000..17d462b --- /dev/null +++ b/system/monolith-bitbucket-runner.nix @@ -0,0 +1,50 @@ +{ + config, + pkgs, + ... +}: + +let + mkRunner = secret: { + image = "docker-public.packages.atlassian.com/sox/atlassian/bitbucket-pipelines-runner:latest"; + volumes = [ + "/tmp:/tmp" + "/var/run/docker.sock:/var/run/docker.sock" + "/var/lib/docker/containers:/var/lib/docker/containers:ro" + ]; + environmentFiles = [ secret ]; + }; + + secretConf = { + sopsFile = ../secrets/monolith/default.yaml; + }; +in +{ + virtualisation.docker = { + enable = true; + daemon.settings = { + # needed by bitbucket runner ??? + log-driver = "json-file"; + log-opts = { + max-size = "10m"; + max-file = "3"; + }; + }; + }; + + virtualisation.oci-containers.backend = "docker"; + + virtualisation.oci-containers.containers = { + bitbucket-runner-1 = mkRunner config.sops.secrets."bitbucket-runners/wopus-runner-1".path; + bitbucket-runner-2 = mkRunner config.sops.secrets."bitbucket-runners/wopus-runner-2".path; + bitbucket-runner-3 = mkRunner config.sops.secrets."bitbucket-runners/wopus-runner-3".path; + bitbucket-runner-4 = mkRunner config.sops.secrets."bitbucket-runners/wopus-runner-4".path; + }; + + sops.secrets = { + "bitbucket-runners/wopus-runner-1" = secretConf; + "bitbucket-runners/wopus-runner-2" = secretConf; + "bitbucket-runners/wopus-runner-3" = secretConf; + "bitbucket-runners/wopus-runner-4" = secretConf; + }; +} From 1a4fd195961977b5b87d218a349205fb8b8e3181 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Leonardo=20Eug=C3=AAnio?= Date: Fri, 7 Mar 2025 19:50:22 -0300 Subject: [PATCH 09/56] sops: switch to id_ed25519 keys --- .sops.yaml | 2 +- secrets/monolith/default.yaml | 52 +++++++++++++------------------- secrets/phantom/default.yaml | 52 +++++++++++++------------------- secrets/test.yaml | 56 ++++++++++++++--------------------- system/sops.nix | 7 +++-- 5 files changed, 71 insertions(+), 98 deletions(-) diff --git a/.sops.yaml b/.sops.yaml index 20a8640..7aa3d88 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -1,6 +1,6 @@ keys: - &lelgenio-gpg 0FECE8316E74BA6F44EFC21A2F8F21CE8721456B - - &lelgenio-ssh ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCxR/w+38b2lX90yNBqhq3mUmkn1WGu6GAPhN1tVp2ZjYRJNV/+5gWCnTtOWYtDx35HmK/spQ2Qy8X9ttkzORa24fysNx1Iqn/TiXhD7eIJjbGPnrOpIKTkW5/uB3SD/P5NBSa06//BaqJU4sBlG79hoXRpod052hQtdpTVDiMCIV+iboWPKqopmJJfWdBtVnHXs9rep0htPRExxGslImFk7Z6xjcaHyCpIQZPlOGf+sGsmUU7jRqzvZFV8ucIdbnAlMHrU4pepNFhuraESyZVTa/bi9sw0iozXp5Q5+5thMebEslmT1Z771kI4sieDy+O4r8c0Sx2/VY1UAzcpq1faggc3YB01MTh+tiEC6xdMvZLrQGL1NBWjHleMyL53GU5ERluC0vXJF3Hv3BGGBDfXWbrEm5n06DHr2apRVJGC0LwiQ7Woud1X4V4X1pKSusxCVMjT2lmcOwV6YhKhB2sowJc1OdMx4+tL0UWE+YKSZgBHfolwk6ml0F4EO9nnUHc= lelgenio@i15 + - &lelgenio-ssh age1zrgu7w8059xydagm60phnffghvfe9h2ca58cx8qwagqpyfuvs9fqw79c8h - &monolith-ssh age1ecyynwv93lfu7crjjp8l47defv07quzfzaktwurpep7jc9eha5pscg7lrw - &phantom-ssh age1m4mqcd2kmuhfr8a22rvh02c68jkakhdfmuqgtusuv0czk4jvna7sz79p3y diff --git a/secrets/monolith/default.yaml b/secrets/monolith/default.yaml index 3e1c99c..8bd8e12 100644 --- a/secrets/monolith/default.yaml +++ b/secrets/monolith/default.yaml @@ -15,50 +15,40 @@ sops: azure_kv: [] hc_vault: [] age: - - recipient: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCxR/w+38b2lX90yNBqhq3mUmkn1WGu6GAPhN1tVp2ZjYRJNV/+5gWCnTtOWYtDx35HmK/spQ2Qy8X9ttkzORa24fysNx1Iqn/TiXhD7eIJjbGPnrOpIKTkW5/uB3SD/P5NBSa06//BaqJU4sBlG79hoXRpod052hQtdpTVDiMCIV+iboWPKqopmJJfWdBtVnHXs9rep0htPRExxGslImFk7Z6xjcaHyCpIQZPlOGf+sGsmUU7jRqzvZFV8ucIdbnAlMHrU4pepNFhuraESyZVTa/bi9sw0iozXp5Q5+5thMebEslmT1Z771kI4sieDy+O4r8c0Sx2/VY1UAzcpq1faggc3YB01MTh+tiEC6xdMvZLrQGL1NBWjHleMyL53GU5ERluC0vXJF3Hv3BGGBDfXWbrEm5n06DHr2apRVJGC0LwiQ7Woud1X4V4X1pKSusxCVMjT2lmcOwV6YhKhB2sowJc1OdMx4+tL0UWE+YKSZgBHfolwk6ml0F4EO9nnUHc= lelgenio@i15 + - recipient: age1zrgu7w8059xydagm60phnffghvfe9h2ca58cx8qwagqpyfuvs9fqw79c8h enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1yc2EgQnd3eEhnCldST3lPZXBV - cTVNK3R3RjlFcDQ4UldRT0tsSVJ2N2FkN0hiOVllT2Rrc2NjVWtMbnMrWHVMN1k5 - dExsVHFhMHMKRVVzR1pzeG01Y2FidWNrQ0xjK1FUZktnWTZaWWlWalM5cWhZWE9U - TFU3ZXV3aGp6QkRIZkl4MDFJN2RRQVkrdwpqQlE5ajFTVW15MVVyTkNaS3JiOFph - cGthWWZ4R3Rldjh0a2lnd1dSbUcvSVpDdHJKVk5GVy8vR05WbmhUWFhuCkZsaWk5 - L2dnNE4rNTV6VWpIZlNIMENzZVlKS2NEOFdmSFhsYkFNSHRlTENYeGNtekpDaUN4 - V3l2VWtta3hSVFIKblVDZ1hOdzZQbWswTDB5MXd3dXpXQW44MFhFR0hGZkxjbzlU - WkR5dFhhbVpTUGZwQVR3WXNCUjJWYlAyTU1VeQpkWEdXQjVUemlRdXVxZVE4SGVU - TFlPS0FEV1dRRWU0K1d1ZTRrZGU1MHVKQ0lCemJmcUhOaWtON3ZDbUtad2lXCklt - aFREN3BmdEo1TUw2V2NtQ0QvbE1EQ25OeW5ZaldOY04zQjFQbWRnWjhJaWZKWXJn - UlBTTjV0VkpEY0FhZjQKTURjT004dHEvS24rNGVBSE1KK0ZabTBKb0Z4QTJvS2Fi - czdnWEpUTXJsRVMvdWFzVlJLT281a3JwQi9PMGVDcQoKLS0tIFgvSE14blgvVkxQ - b3N5WWlzdG5hajZaVFVkWVlhOXNZKytmZEZrZVprRHMKXqPgDpKG42KsfKfIAflT - 1meea416Af+WeFhWnw8fBBhApKrMMmYMMjDi1lIOGDz57ydNqtlFqdFtkiQsUC0f - wA== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBlaFFtOHRBNjZqOXJOV1Bk + SXRhZTdNWklKaTZST2JhU3VFLzBGSWY0QlMwCldwS1hhMDEyZDAxWUlRRXZtTWts + Ti9IOUR2OFdGYkJ4cFRsV0lkbWJvb1EKLS0tIEJUS1ZCZ1M4ZUs5cDhiam5JaEk1 + U1VjNFprNHZWeDhwU3owRXh0MlBFYkUKHPgxz9/w3+JEtOljfyWBPSshfFlVWVys + f15yxlAeWIZVEGqoau7DegVdZiYYIJR2dFBXV1RkKbAwLrbUxAQidg== -----END AGE ENCRYPTED FILE----- - recipient: age1ecyynwv93lfu7crjjp8l47defv07quzfzaktwurpep7jc9eha5pscg7lrw enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBzTWVYNXNQcHhHSzVBQmhU - ejlOQzJMZ0xEVFVkbzNPQ0hMVHBQWEgzQTFJCkF6ZDNaZ29UM29vWGZqVW10dmlQ - YjNFNXJVMlcxT1ZsMU55cE8vc3VjaXMKLS0tIDZYQTRjMWp5a3hKc2N4alZKZHFt - TGNwNUQxN0VQMHErMGVZbG5CZW9kSGMK9TRcgSJQT73dYoQxrrqFW/FkKExLGT4T - Xagi6Eq4rhT7pvaL4h3vglwbqkLPsHrWRSyhh0sAEIJ1WpvD+cFEMA== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB5OWk0cTJ4d25Qd0hrdkFD + a2Fzd1lrMDREclkvRmxUSjFpYXZvRGs2Rm13Cm5aRVZDWE5ZUVR1K2hkZkdKWjYw + K3lKNndBNGFveGVGVWplaHA0MVlYUG8KLS0tIFlVeXhCTGJGUm1HK2RCSFg1RnI3 + aFVxcDFhaGdYekRWRVFIWnRsZndtZFkKgsvxOFHOcO306Z9FkucA1fDOpZA8N1/h + jYmIgcKTFgWoSCvux67lK30jFsYp7sm5z6WxxDYsGcoQ/+pxoUX2jQ== -----END AGE ENCRYPTED FILE----- lastmodified: "2025-03-07T21:28:04Z" mac: ENC[AES256_GCM,data:4lOafZQ6PP38CByulzA/J86sw+TpQhj40s1lTRXqUtpt72yH8nQK8dXpw0dNYvDBtDpKRvNTHZubzalEua6n2lCQL7rsZ2+fo6FJ4ht2Kb70dddDcWEyrfyZQ2FaKC5L/QjqM0SbIfPszNvyQ8wIaOoMfNJBis5QOjRSGDAcJm8=,iv:LLT0oJW+3KNe1nKphCK0c5FPIuh8GfnDrvNDCFhP4NM=,tag:rPbVY7L1qxNc3aCfv77FAg==,type:str] pgp: - - created_at: "2025-03-07T14:42:24Z" + - created_at: "2025-03-07T22:49:16Z" enc: |- -----BEGIN PGP MESSAGE----- - hQEMAzy6JxafzLr5AQf/Y0QIIBN0uY3RUj88u5L0tJqypnKOAlfLOMYPkZ0oomAd - ZowogLWJgWyFC6NTdZRj84GoF2EAMDZqDAwh7shrZSpuhr0rwT7bGMQ4/VSx/Sxs - uCgkzXGMT0DsGjDOw6h17dDLNAnnvViamL1Br3ZXG7gZJXmUhPavL1YXeQciPqjh - FyJLAKeb9sQAFUp0Aexo4fKZSJh//O8jTiz7vl5klpQnDHWzpkcuxqIajIoYFdcL - ioP1GnrsUDfyXh2zfLcggxs/WHU24/C8DZqWai9WqRA08kJpw+aj1835vmUIWM0W - E5TF9h/tOEGw+PGhvwNiEvONhv/tpyLpjoXylbisjtJeAY6Fntxcrssw2cKMimFV - UjBuf2vSmQlNBqU+LE0JOICmRsmnLZTEPXnPqpqBTRV4gj4kTLCJYcaEIFP7uSEd - WlCyyX28ACGThorQEoQ/W2bFfNT/Mi7CNQ8EOckmKg== - =6Qin + hQEMAzy6JxafzLr5AQgAjwQqdeESOfrOuCjfjALdoy3AnNYC+slusdlra58CoRu6 + YFDAivwPHJBRiuVy43Lo7SWnKXMKvLOry589GBY3JGjNV5U1cPWBhMlTubYZmZWl + iel8Bvw4IF5JksMIvLFdDgexLN7wETzzZP9S8750BCgpSrncrw1k/dUedhv5HUjo + N10x6BPjPSmgolA8uxsISHLAUrKcQoeaWvcZFU1ofKywq08HgIySphy6z3Gmv3Qs + 86saZp1rFm5+qHkrDRgL6Oe3Xx30jVkzn9MHPWzZCDPCEvYGJgXX34NGzbX+/nd3 + JB9XkT2YTFi4BLhdHY3EE7e9//PJc5G9RVDZyAF1e9JeAXH2yR5blXbogoy+VMnS + Yn74Uvs+fnYFTDOiuequro5i0uAyxtrCx8fdfwjuh+9SC5p3N2cBv2eT7zLQwQHi + czHlwxmpi/dMB/u83fR4FzuCUt98VXiezIC4yGn25g== + =Yqqx -----END PGP MESSAGE----- fp: 0FECE8316E74BA6F44EFC21A2F8F21CE8721456B unencrypted_suffix: _unencrypted diff --git a/secrets/phantom/default.yaml b/secrets/phantom/default.yaml index 2d744c9..962c6ba 100644 --- a/secrets/phantom/default.yaml +++ b/secrets/phantom/default.yaml @@ -14,50 +14,40 @@ sops: azure_kv: [] hc_vault: [] age: - - recipient: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCxR/w+38b2lX90yNBqhq3mUmkn1WGu6GAPhN1tVp2ZjYRJNV/+5gWCnTtOWYtDx35HmK/spQ2Qy8X9ttkzORa24fysNx1Iqn/TiXhD7eIJjbGPnrOpIKTkW5/uB3SD/P5NBSa06//BaqJU4sBlG79hoXRpod052hQtdpTVDiMCIV+iboWPKqopmJJfWdBtVnHXs9rep0htPRExxGslImFk7Z6xjcaHyCpIQZPlOGf+sGsmUU7jRqzvZFV8ucIdbnAlMHrU4pepNFhuraESyZVTa/bi9sw0iozXp5Q5+5thMebEslmT1Z771kI4sieDy+O4r8c0Sx2/VY1UAzcpq1faggc3YB01MTh+tiEC6xdMvZLrQGL1NBWjHleMyL53GU5ERluC0vXJF3Hv3BGGBDfXWbrEm5n06DHr2apRVJGC0LwiQ7Woud1X4V4X1pKSusxCVMjT2lmcOwV6YhKhB2sowJc1OdMx4+tL0UWE+YKSZgBHfolwk6ml0F4EO9nnUHc= lelgenio@i15 + - recipient: age1zrgu7w8059xydagm60phnffghvfe9h2ca58cx8qwagqpyfuvs9fqw79c8h enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1yc2EgQnd3eEhnCm9xWXdTQjZU - Znpiak1xdE1kTm56NWI3bUNlQXBFcjhNNFlwbDVUcGhrS2J4Y1M3aXFydjVGYmVI - UmNKVmkrb3cKWHNsa2FZaE4zbnJWYVo1SDhTOEZxM0JMRWJ0ckpySk11V09LMkd5 - bjhQRkpSZG0xYko3aTFqQmVFU3JhSWo1Ugo2Nk0rNzJBNzJvbVJkU0VhSmRRWE5B - RUt4S3h1cFZkZHkxOU5VUTcxN1JBNFlaYTkyZTNSM3JVUjhCUStNODRMCjdJRWlv - d0g4bnlQMzhWSGUxY04vRnUvbTlyWVQ0eWsvbnk4UmxxOHVZblM3bVFETXJiVjRE - b2s1ZFVHaEFNc3EKSDJTYUVSNWtKQS81bUdOcDA0SnZGeE4vQkt6bFZWY1dxNm9S - YVhRdjVCb3RGaC94djZZeFhXaTZSVVYzaUJ6KwoxQXNKcU9Dbk8xYWRvaGJwSXdu - Zzk4Y09zbW54elJHdjJ6OTNyeURwZ3JJL0gvaFVRUmgyRnNBbXFJU1l5U2FwCm56 - bzc0TkVWdnNoWnBMMjlKbnZicmRxdXIwd2hCZGp5dEQ2TnBtdTZCdnJRbzIyZFhV - L1ZpVW9nZmNqQW45c0cKYnIxQTc2aEowTUprZ1pYVCt3L2NsVHJ5SWF1aHZUR1E5 - eGVrcUphWk1vVURBL2J4UlZLQXluNC82YnNhQUFOQgoKLS0tICtOTXVyUzZldUJO - QkN0eUVRSDlDWmthU0VrRUZDb0VBTVFhL24raHJDcGsKcspICwz+f6y21yogiXO3 - Qp7evIuOzfWe6pMtge5BjxWTlzIdi2btFTzuTjgZaOiQd8FIB3iTqBkepUVD49jN - RQ== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpSXhsMHQvb0NyUXRkRDE3 + TjVjb2orQktDMGs4U2JUS3hWdmtMdnhuYnhBCi9VU1RVblZPaW14VGxMcjM0N20z + R1pOdUJZc1ZGcjBsTnNaZGhleVR6L1kKLS0tIE5vQkFhVXd0R3ZQSzZkNmVqN1Vj + NERXdlJhVHF0NWpNT29CNlRid2NYMVUKxg7kbP6dOZDUz0uxdC45DZCAa6GQTQ1x + nIb7lvPW4xFIb0bOZuvc7cAbHjf4So+8zvA0MM4mkTmIDpnwGD5Clg== -----END AGE ENCRYPTED FILE----- - recipient: age1m4mqcd2kmuhfr8a22rvh02c68jkakhdfmuqgtusuv0czk4jvna7sz79p3y enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3TklEaUl2QkVtVVN5UXlC - cW9RaHNoSnRkV0lKTmtYS0VZQnhyM0o0cUFNCmZWemJuOFVyK1ZFbkR1RUZOTEVB - WmJFemRrd0xIUW43cElkdVJOM052N2cKLS0tIFJpRTNtQ1hjWGJwSFJLRDNRSm4z - WW9MbmZoTllLalpWcFdOa3JpaThPMjQKa5vVGp+L1V2/ScyUe0EaOVw4TB8paS2w - 79VgplKN6HL+f6bL/0rIUOwJ6PDW944bOioKDYvbUCpBnSRYIHnYoQ== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrcTJGVmZUenNwYVNjRFlU + VXNBeDdpVFVtSTN5TG9VN0Q1WjRFbjlHd0Z3CjFsU1BsNkZ1a1ZkY2lva3lBUWZ3 + YUpqeEo0Tys1bDk0TEpwQTJ2U29kbjgKLS0tIFJDYWpNemY4NXZ0MkM0YWNldDBE + RU1HSUhldHpzeURaUWQvcjBCQ3pMY2cKYL87Njs4e68zu5AXKNF/hxiB3HduS8wz + o0kmGI58DZx17+Cdipw0ab9a9wiu9C9Fn+LaiCcdM/ESXtS79RzdbQ== -----END AGE ENCRYPTED FILE----- lastmodified: "2025-03-05T22:27:18Z" mac: ENC[AES256_GCM,data:WSopSnWZ+uOllywd7difaZtJcfxkL7eIf9Kr3GajZKO0+rP6pEHIS+5AbXZy6oKRlCLUPecY/WXFvk3//akpvvXHbf6Jp4fQ/YSuTcYKRQupbDBpOXSlc33QyRl6oEyiMOjxMxa2N2tmq8dmA0NbF9wSDMa5a4eNDoiL5T/sUZ8=,iv:QqbVRApzFF6q24rk8KfKuthj656nEczD9Si4INj+N9A=,tag:tMRNYo+u/jIQ6iX3KqKJdA==,type:str] pgp: - - created_at: "2025-03-07T16:05:59Z" + - created_at: "2025-03-07T22:49:19Z" enc: |- -----BEGIN PGP MESSAGE----- - hQEMAzy6JxafzLr5AQf/djnT5hse11QoFPbmuu5rmc/0vpOQ79G6MYZtHlXL/HbP - hx0r25yTI6ICayFiO7luovz58saN0BY5K1dCbGB7+nZ8lrKoGE4GhX4k5Cc/KJIO - BTEbTqMJLezkb34FsuXgD9o2udNysC3Bpi/3NbPCYsJkVeCmx1wyEWzWhz51RO4M - WEyKkE0DyJfOpTuY2fofGhaA866firFDrS2SeiU4Dox4au3iR4VYqt6IITmgZdDE - M9LRp3AzOPOUZzpeRcer4ksh8WVDIWPEEL+w+OGo8QpUL3kqHIMVPgXY0kBOR+5s - tVTCLVe7yoimK/oSYkEx9Z3TYRwKV6ggJWahX7VHaNJeAVxIon8Qs8W2L+f1gclK - tPbaE+jCg6AH3apD3ICisxCj0Vvm+NsWMo2skeN2YGyWBCOoeGcG5OhgJtD0cQiw - QxCzywMXujxYYAXJEvhk4YRhaCOMkTTMGNoloWMugg== - =CHH0 + hQEMAzy6JxafzLr5AQf/Zw+EB0lFpbul4KmHL3ndbhQCHzhkMgG6vEyj7EpjHQxE + nwf9kRrTcRh9YdrgR+5PFRnFJ8+L+gZhk+V/GaEPcEUyskOX/YGTSp1u6pXKGEem + TGojrIx0WwcmeCZUn+qCehbC7ZU64NDDmb7VeWnRkMbboU6UVooHUub88VsbnYw2 + XXtXh4G8isrbyAKzUyypnJnEVbKlVqPOL67BYczjyBqMYc1JVLmBy6nP+sv6q/yo + QyDzlunmZtu52dwAL0L6wJF+novLr4W9cso4K5UVv2sp5M8gucuiY2obiB3vNfgO + q9GZTlMWnyDGflM1w+tzpZ/Ke+sM4dSy3cXpZd+MFNJeAaBJ1owjolb4tPUXlt+W + cJ+SFLWxzH8MsPb+Hfxrt8PPCcv67uch/k50PLYs/V/EM59+mgEJe5LY4rMbUSFw + REGL3LA6Cnkl2bUeHlfG7XlztHd/ehmZM2RPKof+Qw== + =htZl -----END PGP MESSAGE----- fp: 0FECE8316E74BA6F44EFC21A2F8F21CE8721456B unencrypted_suffix: _unencrypted diff --git a/secrets/test.yaml b/secrets/test.yaml index a2a8ee9..0f9b6e7 100644 --- a/secrets/test.yaml +++ b/secrets/test.yaml @@ -15,50 +15,40 @@ sops: azure_kv: [] hc_vault: [] age: - - recipient: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCxR/w+38b2lX90yNBqhq3mUmkn1WGu6GAPhN1tVp2ZjYRJNV/+5gWCnTtOWYtDx35HmK/spQ2Qy8X9ttkzORa24fysNx1Iqn/TiXhD7eIJjbGPnrOpIKTkW5/uB3SD/P5NBSa06//BaqJU4sBlG79hoXRpod052hQtdpTVDiMCIV+iboWPKqopmJJfWdBtVnHXs9rep0htPRExxGslImFk7Z6xjcaHyCpIQZPlOGf+sGsmUU7jRqzvZFV8ucIdbnAlMHrU4pepNFhuraESyZVTa/bi9sw0iozXp5Q5+5thMebEslmT1Z771kI4sieDy+O4r8c0Sx2/VY1UAzcpq1faggc3YB01MTh+tiEC6xdMvZLrQGL1NBWjHleMyL53GU5ERluC0vXJF3Hv3BGGBDfXWbrEm5n06DHr2apRVJGC0LwiQ7Woud1X4V4X1pKSusxCVMjT2lmcOwV6YhKhB2sowJc1OdMx4+tL0UWE+YKSZgBHfolwk6ml0F4EO9nnUHc= lelgenio@i15 + - recipient: age1zrgu7w8059xydagm60phnffghvfe9h2ca58cx8qwagqpyfuvs9fqw79c8h enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1yc2EgQnd3eEhnCm4zQnZFV2hJ - cFR0Z0hGeFlQd1Rtb2dDUDRJOVc3dmtWT3FIa2xOV0hRREE4LzVKQ01FTHd6M3kz - M0JLeEtXTXoKZkhnMTNETnZVc2tEbU84NWlGWk5YaUg5NjJDdk9yb01QMTVCOHlh - SDE3c0c0dUV3bXQ4MjAxYWJjYUFscmlORwplOFZLc1JzUzdjU0lCZGUyQWl4b3d0 - L3hmekNSUUZia2FOR0k3TWcyQm9xZytCakFpSGRidEJUZHQzaC9sVlppCmJBSnl0 - VW9Tb2hRME9MdmFlcUw5Z3MyV0k3V1FKQTNQZ3M0UTRLK0FvL3NOUTZ3RDBQY0M5 - UHdnLzU3VkFCME0KWTV4c29NbmIvLzl3WXJvMkhnT1gwTTBRNzV3RVVnRTdiMkpn - WmVWanB5VFpnTmhQMWRibXc4VGdhblAwWkQ1WQo0YnFjcnpnYTZITnVueTlZYzhW - OGs3MmlPcmhtaWZoU3h1T3FkbmpoMFFUN0UwQ1FDTGs5L1hGUHdJbmU5Q3haCjJG - bXAyd1lycGhELzY4ZWR2cEtmcWt4NnhXcjIyREw3cTR5d3ZoQlZySlg4Z2lwRmQ1 - cEF1VGthTkV0ekg4M2UKZS9aN0IxazdjUWhUMnBFSmYrOEdYQWdocWtQcFhtYlpN - M3FyTDdMSmpESncydnFFd3lTcE1FMEg5a1ZoTXVIRgoKLS0tIEsvb090WDRBZFdV - dFRUUms3S0J2b201OExwTy9DZERhZVlqVEdtaThkTE0KFT1RB8s+hEOJk7XGjSak - 34qTDcoBnaF0jPZ5Z0HsUx84G4Nu5teRVeHgVKyC7Iv7Gi9TkYtsdgM+q/3rdSvn - aA== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBvUURIQmZvSVp3aXlFT0RR + VHVBR0drN2JyV1hNUk5sakxGRXl6SEJuOUUwClQ1Q1lRZTR5R3Z4dlZyb29OaTNW + UVcwV3h6UlhtZkg2aFhrUUtIT0tQRmsKLS0tIDlnckhHWXRKcmRwTGUzdHZxWEVh + a3ZSWk0wNm1raXdMYXdKY1hDd2dZWUEK+IFU/9vsHu70XbSJ7sKqFncrZO3NAH8/ + X/XF1VUmIuDfQZYJsDa4HaXe52xvDWTw3/4frG9HutEI2NcvvRpxlw== -----END AGE ENCRYPTED FILE----- - recipient: age1ecyynwv93lfu7crjjp8l47defv07quzfzaktwurpep7jc9eha5pscg7lrw enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB5eVFsWHZZYkNrdjNraW5q - OTdmbWF6Tm02elk3NGt0TGQ3ZUoxaHp3VGdBCnVqSDRIMlRSOXdTSER2U0tDcjR1 - Tk5FcURQOW90bENWL2Nyck1CU3RBR1UKLS0tIFRZZzlNNWRtUkJmVzBHWTA3L21K - VCsyS0x4Rk83eC9UTHJvM1NJZG9DbTQKbGp6n/45qGA3rgmdxUJQKZdA1zen5kfZ - pXnExsrIhfPDx0oE2jIWGW0N8cizkCJA4k7ROGu56GqIqga9h55VTw== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNRGxFWXJVcDZOdzVxaFJG + LzdhN3JKaFhPOVBlblRPNWpDdERPaWhDNkM0CmcvUGxNQ09tNTJndWZTdjFia2pl + RnNWQ0ZKSFhEN0FNbVZlKzlFUlh5QTgKLS0tIFkwc1pJajlyOGNHSTdaM3FQZWFK + NUJpRDlLNXlGOTNBbVRTU0ZMVkhqdUUK1koXmGDGTKoNx1wp4c9EknY9LQ5a7dQP + Zx6OzvtpsxL6KGjH7BeNNcm2zOR4YqnklLq09UsPHElz2upJQzECAQ== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-03-05T21:02:24Z" - mac: ENC[AES256_GCM,data:QfyrJrLERhs14KnuBJ0eCEUqKIBwhmQHROflBAArGlPmyVZU6KLvvOOANv+PJWk9Kt9yPU9Avwt6/e2q0jq9u2OUrvxHbqF4SWvkwhvSoSD3EOe27NGPjDLkVHOdszObo/fT8xglvc6LY8NqL9dXnUoLl58IrY7SE18F7EjrYuE=,iv:rjonQvZQjsr0oC5p3pjh1FAH/7B8SnHpAQ/qFxxfhQs=,tag:/DgHviNrSIzLyjj6ndwY0w==,type:str] + lastmodified: "2025-03-07T22:49:01Z" + mac: ENC[AES256_GCM,data:yma+7wtzVjCzlLOVpqiicjQ9YN1ttzoh8CpcAtjdtVl6gu7/3FXUKYyAWJd+1NUUpK7vN435gOq9/nsig0FRrn0Hgq0+cjFUGS6+6+SPmL97eFvti89gCOeIFhPvBnJQYJLiyVkUcBek4xW+vnt6UgrTy+sD9AT3KHdBlfu3pzY=,iv:ioswFO5KDAL3Bv7MI8V0aWXXxZZIz1M1PyMUbIMnCRI=,tag:5fUBtqz9J2qvY4fUT2ueoQ==,type:str] pgp: - - created_at: "2025-03-05T21:28:21Z" + - created_at: "2025-03-07T22:49:20Z" enc: |- -----BEGIN PGP MESSAGE----- - hQEMAzy6JxafzLr5AQf/aiSW1yeJJ3VLiJ6I+vafWPVe702+6IstICKNdTz4AFgo - 2yUkY/alpgkcH1ybAiRQK0lOs63NBL51Pe2XsKAWXTlHVgFU0B6e+7YoDuwPWnTP - dyTASd+++EAbf0l7bIVQbx28Ib5F5DZyB1VMhhGAZXQqURJGQpLrSqzaoMFPGodg - V7whjtOaEmtFKNhNeRIdrnTW2raeKO0J3mQ5nawCekeIHnx22NxCIbhBMsKpF8EH - 3SZSCNiGrrfbLZFHcM/P5N5qEPc53r9Zvpxcwc8NayIS3kUPwLqKmvhCbRW3WOr0 - 2fc8TQgHTWEYSRSYIVw5vPHWs4+3T4cjdGb0atJ4rtJeAUnGlwchAvxLfFFG096r - SDdiJBBZ03r31EJqnplNwwitKyR4jj+HaM/CNmtSFo7c99iA91A7C1PBri+NpuCK - Fr0JVEom4Fm9WY7BMPduiLN77XLB0aaYN7zu7pwdYA== - =4URT + hQEMAzy6JxafzLr5AQf/Xok7aBMNT6W3LV2Ekx/ccxEZaZ0aVNKHE9aFTz5kBSpu + cXVohu5mEgeXr++HbrsCI821/gfchQ1yzVSLJsSrmZdJ586c3a7pWx2Eo4pcngmy + vb5UWtTBNogABnLz4iTjVQYLjZeNcNhkzW6s3m9PiaX3AvJP9irPcmwIyYpzd9pt + hngnBsdTis52fmvZ6+wOuMyTZU0Iksknom1De8xqgR5ZuO0Vitt19RGbpVhx96AC + t1CUkb5WMFTdpbCFORa/ta9Z7UcKxXTAPsfPkPVG9DnHQ1jSmsJWPDQZxoIJLHuH + SVV+qfRGndOo9fjExCInX6I5wBlrHrdpGtL7VLczV9JeAXYlMJwH63eOyi8hxxtr + KfTJEIALC25uFhoK8bmr30yVZe7thUPMXfht+R5dlHne7+FcBb4k7YLpeN/M40me + CSKk+9YaG7gQIdrfvEXlHSPCPppcKev6ZUspHewhmQ== + =IMON -----END PGP MESSAGE----- fp: 0FECE8316E74BA6F44EFC21A2F8F21CE8721456B unencrypted_suffix: _unencrypted diff --git a/system/sops.nix b/system/sops.nix index 673d1c1..d868153 100644 --- a/system/sops.nix +++ b/system/sops.nix @@ -1,12 +1,15 @@ { pkgs, ... }: { environment.systemPackages = with pkgs; [ - sops-master + sops gnupg ]; sops = { defaultSopsFile = ../secrets/test.yaml; - age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; + age.sshKeyPaths = [ + "/etc/ssh/ssh_host_ed25519_key" + "/home/lelgenio/.ssh/id_ed25519" + ]; }; } From 5a5b544caa6e5f16d064a3c22e16a7895554739f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Leonardo=20Eug=C3=AAnio?= Date: Fri, 7 Mar 2025 19:57:53 -0300 Subject: [PATCH 10/56] swaylock: fix cache miss --- user/sway/swaylock.nix | 2 +- user/variables.nix | 2 ++ 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/user/sway/swaylock.nix b/user/sway/swaylock.nix index 8d0a195..ceb2e6b 100644 --- a/user/sway/swaylock.nix +++ b/user/sway/swaylock.nix @@ -9,7 +9,7 @@ in options.my.swaylock.enable = lib.mkEnableOption { }; config.programs.swaylock.settings = lib.mkIf cfg.enable { - image = toString theme.background; + image = theme.backgroundPath; font = font.interface; font-size = font.size.medium; indicator-thickness = 20; diff --git a/user/variables.nix b/user/variables.nix index cb35123..84823d3 100644 --- a/user/variables.nix +++ b/user/variables.nix @@ -28,6 +28,7 @@ let cursor_theme = "Bibata-Modern-Classic"; background = ./backgrounds/nixos-dark-pattern.png; + backgroundPath = "~/.local/share/backgrounds/nixos-dark-pattern.png"; opacity = 95; opacityHex = "ee"; color = { @@ -59,6 +60,7 @@ let cursor_theme = "Bibata-Modern-Classic"; background = ./backgrounds/nixos-light-pattern.png; + backgroundPath = "~/.local/share/backgrounds/nixos-light-pattern.png"; opacity = 95; opacityHex = "ee"; color = { From 36ec5ef63cd7169df5f4fc52d486ce6999206d83 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Leonardo=20Eug=C3=AAnio?= Date: Sat, 8 Mar 2025 01:19:28 -0300 Subject: [PATCH 11/56] git: update config --- user/git.nix | 31 ++++++++++++++++++++++++++++--- 1 file changed, 28 insertions(+), 3 deletions(-) diff --git a/user/git.nix b/user/git.nix index bfc85c1..9e76e01 100644 --- a/user/git.nix +++ b/user/git.nix @@ -18,15 +18,40 @@ in email = mail.personal.user; }; init.defaultBranch = "main"; + core = { + fsmonitor = true; + untrackedCache = true; + }; commit.verbose = true; - push.autoSetupRemote = true; + fetch = { + prune = true; + pruneTags = true; + all = true; + }; + push = { + autoSetupRemote = true; + default = "simple"; + followTags = true; + }; pull.rebase = true; - merge.conflictStyle = "diff3"; - rerere.enabled = true; + tag.sort = "version:refname"; + merge.conflictStyle = "zdiff3"; + rerere = { + enabled = true; + autoupdate = true; + }; + branch.sort = "-committerdate"; + diff = { + algorithm = "histogram"; + colorMoved = "plain"; + mnemonicPrefix = true; + renames = true; + }; rebase = { abbreviateCommands = true; autoSquash = true; autoStash = true; + updateRefs = true; }; pager = { log = "${pkgs._diffr}/bin/_diffr | ${pkgs.kak-pager}/bin/kak-pager"; From fac1976c9c19eb51a9fb68746fb51b8265fa606d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Leonardo=20Eug=C3=AAnio?= Date: Wed, 12 Mar 2025 11:37:29 -0300 Subject: [PATCH 12/56] phantom: fix mastodon data mount --- hosts/phantom/hardware-config.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hosts/phantom/hardware-config.nix b/hosts/phantom/hardware-config.nix index afea081..7eebde8 100644 --- a/hosts/phantom/hardware-config.nix +++ b/hosts/phantom/hardware-config.nix @@ -5,7 +5,7 @@ options = [ "nofail" ]; }; fileSystems."/var/lib/mastodon" = { - device = "172.16.130.7:/nas/5749/mastodon"; + device = "172.16.131.19:/nas/5749/mastodon"; fsType = "nfs"; options = [ "nofail" ]; }; From 6e5eebe3c18de474f0c0ebbc3fe51794428ba53b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Leonardo=20Eug=C3=AAnio?= Date: Wed, 12 Mar 2025 11:38:39 -0300 Subject: [PATCH 13/56] amdgpu: limit fan speed --- hosts/monolith/amdgpu.nix | 2 +- scripts/amd-fan-control | 33 +++++++++++++++++++++++++++++---- 2 files changed, 30 insertions(+), 5 deletions(-) diff --git a/hosts/monolith/amdgpu.nix b/hosts/monolith/amdgpu.nix index 765e081..2554500 100644 --- a/hosts/monolith/amdgpu.nix +++ b/hosts/monolith/amdgpu.nix @@ -18,7 +18,7 @@ in systemd.services.amd-fan-control = { script = '' - ${lib.getExe pkgs.amd-fan-control} /sys/class/drm/card1/device 60 85 + ${lib.getExe pkgs.amd-fan-control} /sys/class/drm/card1/device 60 90 0 80 ''; serviceConfig = { Restart = "always"; diff --git a/scripts/amd-fan-control b/scripts/amd-fan-control index 1f4c3e7..5b0d7a9 100755 --- a/scripts/amd-fan-control +++ b/scripts/amd-fan-control @@ -39,10 +39,31 @@ if [ -z "$TEMP_MAX" ];then bail "No maximum temperature provided" fi -PWM_MIN=0 -PWM_MAX=255 +PWM_MIN_PCT="$4" +PWM_MAX_PCT="$5" + +if [ -z "$PWM_MIN_PCT" ];then + bail "No minimum fan speed % not provided" +fi + +if [ -z "$PWM_MAX_PCT" ];then + bail "No maximum fan speed % not provided" +fi + +PWM_MIN="$(( $PWM_MIN_PCT * 255 / 100))" +PWM_MAX="$(( $PWM_MAX_PCT * 255 / 100))" echo "Running..." >&2 + +echo "TEMP_MIN=$TEMP_MIN°C" +echo "TEMP_MAX=$TEMP_MAX°C" +echo "FAN_MIN=$PWM_MIN_PCT%" +echo "FAN_MAX=$PWM_MAX_PCT%" + +echo 1 > "$HWMON/pwm1_enable" + +PREV=0 + while true; do TEMPERATURE_RAW=$(cat "$TEMP_INPUT") TEMPERATURE="$(( $TEMPERATURE_RAW / 1000 ))" @@ -55,7 +76,11 @@ while true; do PWM=$PWM_MIN fi - echo 1 > "$HWMON/pwm1_enable" - echo "$PWM" > "$HWMON/pwm1" + AVG="$(( ($PWM * 20 + $PREV * 80) / 100 ))" + + echo "$AVG" + + echo "$AVG" > "$HWMON/pwm1" + PREV="$AVG" sleep .1s done From cef96416d86f962ad52aa996a15815ef455a6ef9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Leonardo=20Eug=C3=AAnio?= Date: Wed, 12 Mar 2025 23:29:31 -0300 Subject: [PATCH 14/56] factorio: 2.0.32 -> 2.0.39 --- pkgs/factorio-headless/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/factorio-headless/default.nix b/pkgs/factorio-headless/default.nix index 531e69b..46064b5 100644 --- a/pkgs/factorio-headless/default.nix +++ b/pkgs/factorio-headless/default.nix @@ -1,10 +1,10 @@ { factorio-headless, pkgs }: factorio-headless.overrideAttrs (_: rec { - version = "2.0.32"; + version = "2.0.39"; src = pkgs.fetchurl { name = "factorio_headless_x64-${version}.tar.xz"; url = "https://www.factorio.com/get-download/${version}/headless/linux64"; - hash = "sha256-KmECrkLcxej+kjvWi80yalaeNZEqzeEhMB5dTS2FZBc="; + hash = "sha256-D4o9DkN5e1/02LhdfDNLCVo/B9mqf4Cx6H+Uk5qT3zQ="; }; }) From 7d15904e7c2a5274287ce480c8ffefa0e6fdea94 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Leonardo=20Eug=C3=AAnio?= Date: Sat, 15 Mar 2025 01:03:19 -0300 Subject: [PATCH 15/56] git: sign commits --- user/git.nix | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/user/git.nix b/user/git.nix index 9e76e01..d411d35 100644 --- a/user/git.nix +++ b/user/git.nix @@ -16,13 +16,17 @@ in user = { name = username; email = mail.personal.user; + signingkey = "2F8F21CE8721456B"; }; init.defaultBranch = "main"; core = { fsmonitor = true; untrackedCache = true; }; - commit.verbose = true; + commit = { + verbose = true; + gpgsign = true; + }; fetch = { prune = true; pruneTags = true; From c51d9ee3f11bbb2bb9ab1dfa67d4754b44fc14e7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Leonardo=20Eug=C3=AAnio?= Date: Wed, 19 Mar 2025 11:47:36 -0300 Subject: [PATCH 16/56] system: add nix-ld --- hosts/monolith/default.nix | 1 + system/configuration.nix | 1 + system/nix-ld.nix | 21 +++++++++++++++++++++ user/dummy.nix | 1 + 4 files changed, 24 insertions(+) create mode 100644 system/nix-ld.nix diff --git a/hosts/monolith/default.nix b/hosts/monolith/default.nix index 410300e..280cc3f 100644 --- a/hosts/monolith/default.nix +++ b/hosts/monolith/default.nix @@ -42,6 +42,7 @@ in }; my.gaming.enable = true; + my.nix-ld.enable = true; boot.extraModulePackages = with config.boot.kernelPackages; [ zenpower ]; diff --git a/system/configuration.nix b/system/configuration.nix index f515e43..2380d22 100644 --- a/system/configuration.nix +++ b/system/configuration.nix @@ -17,6 +17,7 @@ ./locale.nix ./users.nix ./containers.nix + ./nix-ld.nix ./network.nix ../settings ]; diff --git a/system/nix-ld.nix b/system/nix-ld.nix new file mode 100644 index 0000000..33afa69 --- /dev/null +++ b/system/nix-ld.nix @@ -0,0 +1,21 @@ +{ + pkgs, + lib, + config, + ... +}: +{ + options.my.nix-ld.enable = lib.mkEnableOption { }; + + config = lib.mkIf (config.my.nix-ld.enable) { + programs.nix-ld = { + enable = true; + libraries = + with pkgs; + # run appimages + linux games natively + [ fuse ] + ++ (appimageTools.defaultFhsEnvArgs.multiPkgs pkgs) + ++ (appimageTools.defaultFhsEnvArgs.targetPkgs pkgs); + }; + }; +} diff --git a/user/dummy.nix b/user/dummy.nix index 39043dd..91e66cc 100644 --- a/user/dummy.nix +++ b/user/dummy.nix @@ -1,6 +1,7 @@ { lib, ... }: { options.my = { + nix-ld.enable = lib.mkEnableOption { }; android.enable = lib.mkEnableOption { }; media-packages.enable = lib.mkEnableOption { }; containers.enable = lib.mkEnableOption { }; From 35ba974c1b27d54a1b1348412829c440b5a361f3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Leonardo=20Eug=C3=AAnio?= Date: Wed, 19 Mar 2025 11:48:00 -0300 Subject: [PATCH 17/56] system: install aditional appimage support --- system/containers.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/system/containers.nix b/system/containers.nix index 9032a6c..ddd3e38 100644 --- a/system/containers.nix +++ b/system/containers.nix @@ -9,6 +9,7 @@ config = lib.mkIf config.my.containers.enable { services.flatpak.enable = true; + programs.appimage.enable = true; virtualisation.docker = { enable = true; From ca9e0d8653e2f0e1d531bae5b71b3808a6a79bb0 Mon Sep 17 00:00:00 2001 From: lelgenio Date: Thu, 20 Mar 2025 16:40:47 -0300 Subject: [PATCH 18/56] double-rainbow: use nix-ld --- hosts/double-rainbow.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/hosts/double-rainbow.nix b/hosts/double-rainbow.nix index af8c5e4..2270198 100644 --- a/hosts/double-rainbow.nix +++ b/hosts/double-rainbow.nix @@ -19,6 +19,8 @@ in { imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; + my.nix-ld.enable = true; + boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" From d2654ca5bc27fc20439915be4eacaf834a2735a4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Leonardo=20Eug=C3=AAnio?= Date: Fri, 21 Mar 2025 23:23:52 -0300 Subject: [PATCH 19/56] phantom: add travel counter goof --- flake.lock | 17 +++++++++++++++++ flake.nix | 4 ++++ hosts/phantom/goofs.nix | 5 +++++ 3 files changed, 26 insertions(+) diff --git a/flake.lock b/flake.lock index cabf4cf..c1f716c 100644 --- a/flake.lock +++ b/flake.lock @@ -73,6 +73,22 @@ "url": "https://git.lelgenio.com/lelgenio/catboy-spinner" } }, + "contador-da-viagem": { + "flake": false, + "locked": { + "lastModified": 1742597480, + "narHash": "sha256-aN+Kioc4AWPMyJxfz/zFCo2YdP4YxcPqoUcp46z9KcA=", + "ref": "refs/heads/main", + "rev": "29dde9d1965b1f8c1b870185a95859c050ba847d", + "revCount": 3, + "type": "git", + "url": "https://git.lelgenio.com/lelgenio/contador-da-viagem" + }, + "original": { + "type": "git", + "url": "https://git.lelgenio.com/lelgenio/contador-da-viagem" + } + }, "crane": { "inputs": { "flake-compat": "flake-compat", @@ -709,6 +725,7 @@ "inputs": { "agenix": "agenix", "catboy-spinner": "catboy-spinner", + "contador-da-viagem": "contador-da-viagem", "demoji": "demoji", "dhist": "dhist", "disko": "disko", diff --git a/flake.nix b/flake.nix index fd1bac2..8994009 100644 --- a/flake.nix +++ b/flake.nix @@ -56,6 +56,10 @@ wl-crosshair.url = "github:lelgenio/wl-crosshair"; warthunder-leak-counter.url = "git+https://git.lelgenio.com/lelgenio/warthunder-leak-counter"; made-you-look.url = "git+https://git.lelgenio.com/lelgenio/made-you-look"; + contador-da-viagem = { + url = "git+https://git.lelgenio.com/lelgenio/contador-da-viagem"; + flake = false; + }; catboy-spinner = { url = "git+https://git.lelgenio.com/lelgenio/catboy-spinner"; flake = false; diff --git a/hosts/phantom/goofs.nix b/hosts/phantom/goofs.nix index c0b670a..dfb5736 100644 --- a/hosts/phantom/goofs.nix +++ b/hosts/phantom/goofs.nix @@ -43,4 +43,9 @@ forceSSL = true; root = inputs.hello-fonts; }; + services.nginx.virtualHosts."contador-da-viagem.lelgenio.com" = { + enableACME = true; + forceSSL = true; + root = inputs.contador-da-viagem; + }; } From 3c7da418dffaa36c150970d74e20351f9da7f676 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Leonardo=20Eug=C3=AAnio?= Date: Thu, 20 Mar 2025 20:31:27 -0300 Subject: [PATCH 20/56] gnome: install menulibre --- user/gnome.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/user/gnome.nix b/user/gnome.nix index 74951c7..776f095 100644 --- a/user/gnome.nix +++ b/user/gnome.nix @@ -35,6 +35,7 @@ lib.mkIf (config.my.desktop == "gnome") { amberol pitivi keepassxc + menulibre libsForQt5.qt5ct libsForQt5.qtstyleplugin-kvantum From 0f161863fc8eef929aec742ab1c89e1f79293e43 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Leonardo=20Eug=C3=AAnio?= Date: Thu, 20 Mar 2025 20:51:33 -0300 Subject: [PATCH 21/56] firefox: remove header styling --- user/firefox.nix | 41 +---------------------------------------- 1 file changed, 1 insertion(+), 40 deletions(-) diff --git a/user/firefox.nix b/user/firefox.nix index 4b69ad2..7d8d65f 100644 --- a/user/firefox.nix +++ b/user/firefox.nix @@ -127,46 +127,7 @@ in #sidebar-header { display: none !important; } '' else - '' - /* Element | chrome://browser/content/browser.xhtml */ - - #navigator-toolbox { - display: grid; - grid-template-columns: 1fr 50px; - overflow: hidden; - } - - /* Element | chrome://browser/content/browser.xhtml */ - - #nav-bar { - flex: 1; - width: 100%; - grid-column: 1 / 3; - grid-row: 1; - z-index: 0; - padding-right: 29px !important; - } - - /* Element | chrome://browser/content/browser.xhtml */ - - .toolbar-items { - display: none; - } - - /* Element | chrome://browser/content/browser.xhtml */ - - #TabsToolbar { - max-width: 50px; - } - - /* Element | chrome://browser/content/browser.xhtml */ - - #titlebar { - max-width: 50px; - grid-area: 1 / 2; - z-index: 10; - } - ''; + ""; }; }; }; From a432569595c9300db6e882037bd3f1cb1f9623dc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Leonardo=20Eug=C3=AAnio?= Date: Fri, 21 Mar 2025 00:55:53 -0300 Subject: [PATCH 22/56] update --- flake.lock | 60 +++++++++++++++++++++++++++--------------------------- 1 file changed, 30 insertions(+), 30 deletions(-) diff --git a/flake.lock b/flake.lock index c1f716c..e0843d6 100644 --- a/flake.lock +++ b/flake.lock @@ -225,11 +225,11 @@ ] }, "locked": { - "lastModified": 1740485968, - "narHash": "sha256-WK+PZHbfDjLyveXAxpnrfagiFgZWaTJglewBWniTn2Y=", + "lastModified": 1741786315, + "narHash": "sha256-VT65AE2syHVj6v/DGB496bqBnu1PXrrzwlw07/Zpllc=", "owner": "nix-community", "repo": "disko", - "rev": "19c1140419c4f1cdf88ad4c1cfb6605597628940", + "rev": "0d8c6ad4a43906d14abd5c60e0ffe7b587b213de", "type": "github" }, "original": { @@ -243,11 +243,11 @@ "nixpkgs": "nixpkgs_3" }, "locked": { - "lastModified": 1739502527, - "narHash": "sha256-KMLNOCWmqdDeAZV5O1ccRmVqRutDcy4IONJin3lzd0Q=", + "lastModified": 1742179690, + "narHash": "sha256-s/q3OWRe5m7kwDcAs1BhJEj6aHc5bsBxRnLP7DM77xE=", "owner": "lelgenio", "repo": "dzgui-nix", - "rev": "06fcea9445b5a005b40469a69f57f2147398bc94", + "rev": "a6d68720c932ac26d549b24f17c776bd2aeb73b4", "type": "github" }, "original": { @@ -456,11 +456,11 @@ ] }, "locked": { - "lastModified": 1739757849, - "narHash": "sha256-Gs076ot1YuAAsYVcyidLKUMIc4ooOaRGO0PqTY7sBzA=", + "lastModified": 1742234739, + "narHash": "sha256-zFL6zsf/5OztR1NSNQF33dvS1fL/BzVUjabZq4qrtY4=", "owner": "nix-community", "repo": "home-manager", - "rev": "9d3d080aec2a35e05a15cedd281c2384767c2cfe", + "rev": "f6af7280a3390e65c2ad8fd059cdc303426cbd59", "type": "github" }, "original": { @@ -497,11 +497,11 @@ ] }, "locked": { - "lastModified": 1740281615, - "narHash": "sha256-dZWcbAQ1sF8oVv+zjSKkPVY0ebwENQEkz5vc6muXbKY=", + "lastModified": 1742174123, + "narHash": "sha256-pDNzMoR6m1ZSJToZQ6XDTLVSdzIzmFl1b8Pc3f7iV6Y=", "owner": "Mic92", "repo": "nix-index-database", - "rev": "465792533d03e6bb9dc849d58ab9d5e31fac9023", + "rev": "2cfb4e1ca32f59dd2811d7a6dd5d4d1225f0955c", "type": "github" }, "original": { @@ -520,11 +520,11 @@ "nixpkgs-24_11": "nixpkgs-24_11" }, "locked": { - "lastModified": 1740437053, - "narHash": "sha256-exPTta4qI1ka9sk+jPcLogGffJ1OVXnAsTRqpeAXeNw=", + "lastModified": 1742413977, + "narHash": "sha256-NkhM9GVu3HL+MiXtGD0TjuPCQ4GFVJPBZ8KyI2cFDGU=", "owner": "simple-nixos-mailserver", "repo": "nixos-mailserver", - "rev": "c8ec4d5e432f5df4838eacd39c11828d23ce66ec", + "rev": "b4fbffe79c00f19be94b86b4144ff67541613659", "type": "gitlab" }, "original": { @@ -567,11 +567,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1740560979, - "narHash": "sha256-Vr3Qi346M+8CjedtbyUevIGDZW8LcA1fTG0ugPY/Hic=", + "lastModified": 1742422364, + "narHash": "sha256-mNqIplmEohk5jRkqYqG19GA8MbQ/D4gQSK0Mu4LvfRQ=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "5135c59491985879812717f4c9fea69604e7f26f", + "rev": "a84ebe20c6bc2ecbcfb000a50776219f48d134cc", "type": "github" }, "original": { @@ -628,11 +628,11 @@ }, "nixpkgs_5": { "locked": { - "lastModified": 1740603184, - "narHash": "sha256-t+VaahjQAWyA+Ctn2idyo1yxRIYpaDxMgHkgCNiMJa4=", + "lastModified": 1742388435, + "narHash": "sha256-GheQGRNYAhHsvPxWVOhAmg9lZKkis22UPbEHlmZMthg=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "f44bd8ca21e026135061a0a57dcf3d0775b67a49", + "rev": "b75693fb46bfaf09e662d09ec076c5a162efa9f6", "type": "github" }, "original": { @@ -800,11 +800,11 @@ ] }, "locked": { - "lastModified": 1741043164, - "narHash": "sha256-9lfmSZLz6eq9Ygr6cCmvQiiBEaPb54pUBcjvbEMPORc=", + "lastModified": 1742406979, + "narHash": "sha256-r0aq70/3bmfjTP+JZs4+XV5SgmCtk1BLU4CQPWGtA7o=", "owner": "Mic92", "repo": "sops-nix", - "rev": "3f2412536eeece783f0d0ad3861417f347219f4d", + "rev": "1770be8ad89e41f1ed5a60ce628dd10877cb3609", "type": "github" }, "original": { @@ -960,11 +960,11 @@ "nixpkgs": "nixpkgs_6" }, "locked": { - "lastModified": 1739829690, - "narHash": "sha256-mL1szCeIsjh6Khn3nH2cYtwO5YXG6gBiTw1A30iGeDU=", + "lastModified": 1742370146, + "narHash": "sha256-XRE8hL4vKIQyVMDXykFh4ceo3KSpuJF3ts8GKwh5bIU=", "owner": "numtide", "repo": "treefmt-nix", - "rev": "3d0579f5cc93436052d94b73925b48973a104204", + "rev": "adc195eef5da3606891cedf80c0d9ce2d3190808", "type": "github" }, "original": { @@ -975,11 +975,11 @@ }, "vpsadminos": { "locked": { - "lastModified": 1740754923, - "narHash": "sha256-o7Qo5kkjVgBL9CVqNJKnkcDbRkpD0UAp82G/mJ086Xw=", + "lastModified": 1742222981, + "narHash": "sha256-EDhfWimpzUnpH5h/FQ3oYw/Kaq4Cx1E5nRofDQyI3aE=", "owner": "vpsfreecz", "repo": "vpsadminos", - "rev": "3a9df8fbe84b680ad0a38ec85e8e9c8a4f095ca3", + "rev": "14da38b9a49bf156e06f20ed02533a0549e6d487", "type": "github" }, "original": { From 4ebfaca007c8b77d3942979ae49528258d6339d0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Leonardo=20Eug=C3=AAnio?= Date: Sun, 23 Mar 2025 16:30:08 -0300 Subject: [PATCH 23/56] factorio: update backup script filename to fix syncthing integration --- hosts/monolith/factorio-server.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/hosts/monolith/factorio-server.nix b/hosts/monolith/factorio-server.nix index 8ed0324..9648de3 100644 --- a/hosts/monolith/factorio-server.nix +++ b/hosts/monolith/factorio-server.nix @@ -23,11 +23,12 @@ systemd.services.factorio-backup-save = { description = "Backup factorio saves"; script = '' + FILENAME="space-age-$(date --iso=seconds | tr ':' '_').zip" ${lib.getExe pkgs.rsync} \ -av \ --chown=lelgenio \ /var/lib/factorio/saves/default.zip \ - ~lelgenio/Documentos/GameSaves/factorio_saves/space-age-$(date --iso=seconds).zip + ~lelgenio/Documentos/GameSaves/factorio_saves/$FILENAME ''; serviceConfig.Type = "oneshot"; wantedBy = [ "multi-user.target" ]; From 0f61393bf36b14ee0293c191fdefb1b3845c387e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Leonardo=20Eug=C3=AAnio?= Date: Wed, 26 Mar 2025 21:58:24 -0300 Subject: [PATCH 24/56] refactor: move rm-target service and timer to separate file --- user/home.nix | 25 +------------------------ user/rm-target.nix | 26 ++++++++++++++++++++++++++ 2 files changed, 27 insertions(+), 24 deletions(-) create mode 100644 user/rm-target.nix diff --git a/user/home.nix b/user/home.nix index c384c60..271ceee 100644 --- a/user/home.nix +++ b/user/home.nix @@ -44,6 +44,7 @@ inputs.nix-index-database.hmModules.nix-index ../settings ./powerplay-led-idle.nix + ./rm-target.nix ]; my = import ./variables.nix // { @@ -169,30 +170,6 @@ exec nicotine ''; - systemd.user.services.rm-target = { - Unit = { - Description = "Remove directories named 'target'"; - }; - Service = { - Type = "oneshot"; - ExecStart = pkgs.writeShellScript "rm-target" '' - sudo ${pkgs.fd}/bin/fd -td -u '^\.?target$' "$HOME" -x rm -vrf -- - ''; - }; - }; - systemd.user.timers.rm-target = { - Unit = { - Description = "Remove directories named 'target'"; - }; - Timer = { - OnCalendar = "weekly"; - Unit = "rm-target.service"; - }; - Install = { - WantedBy = [ "timers.target" ]; - }; - }; - # This value determines the Home Manager release that your # configuration is compatible with. This helps avoid breakage # when a new Home Manager release introduces backwards diff --git a/user/rm-target.nix b/user/rm-target.nix new file mode 100644 index 0000000..93c6058 --- /dev/null +++ b/user/rm-target.nix @@ -0,0 +1,26 @@ +{ pkgs, lib, ... }: +{ + systemd.user.services.rm-target = { + Unit = { + Description = "Remove directories named 'target'"; + }; + Service = { + Type = "oneshot"; + ExecStart = pkgs.writeShellScript "rm-target" '' + sudo ${pkgs.fd}/bin/fd -td -u '^\.?target$' "$HOME" -x rm -vrf -- + ''; + }; + }; + systemd.user.timers.rm-target = { + Unit = { + Description = "Remove directories named 'target'"; + }; + Timer = { + OnCalendar = "weekly"; + Unit = "rm-target.service"; + }; + Install = { + WantedBy = [ "timers.target" ]; + }; + }; +} From 8cae611cd5612135263723cb8321f6c11340556a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Leonardo=20Eug=C3=AAnio?= Date: Thu, 27 Mar 2025 01:07:27 -0300 Subject: [PATCH 25/56] home: add automatic home-manager cleanup service --- user/home-manager.nix | 28 ++++++++++++++++++++++++++++ user/home.nix | 3 +-- 2 files changed, 29 insertions(+), 2 deletions(-) create mode 100644 user/home-manager.nix diff --git a/user/home-manager.nix b/user/home-manager.nix new file mode 100644 index 0000000..9c8452a --- /dev/null +++ b/user/home-manager.nix @@ -0,0 +1,28 @@ +{ pkgs, lib, ... }: +{ + programs.home-manager.enable = true; + + systemd.user.services.home-manager-expire = { + Unit = { + Description = "Remove old home-manager generations"; + }; + Service = { + Type = "oneshot"; + ExecStart = pkgs.writeShellScript "home-manager-expire" '' + ${lib.getExe pkgs.home-manager} expire-generations 7d + ''; + }; + }; + systemd.user.timers.home-manager-expire = { + Unit = { + Description = "Remove old home-manager generations"; + }; + Timer = { + OnCalendar = "daily"; + Unit = "home-manager-expire.service"; + }; + Install = { + WantedBy = [ "timers.target" ]; + }; + }; +} diff --git a/user/home.nix b/user/home.nix index 271ceee..31e3871 100644 --- a/user/home.nix +++ b/user/home.nix @@ -9,6 +9,7 @@ { imports = [ ./dummy.nix + ./home-manager.nix ./waybar ./helix.nix ./kakoune @@ -58,8 +59,6 @@ home.username = "lelgenio"; home.homeDirectory = "/home/lelgenio"; - # Let Home Manager install and manage itself. - programs.home-manager.enable = true; home.packages = with pkgs; [ terminal From 0a0b8f9e610867fdac84722befd9b13f35f0104e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Leonardo=20Eug=C3=AAnio?= Date: Thu, 27 Mar 2025 21:09:14 -0300 Subject: [PATCH 26/56] gammastep: extract config --- user/sway/default.nix | 6 ++---- user/sway/gammastep.nix | 19 +++++++++++++++++++ 2 files changed, 21 insertions(+), 4 deletions(-) create mode 100644 user/sway/gammastep.nix diff --git a/user/sway/default.nix b/user/sway/default.nix index 04193aa..046ae07 100644 --- a/user/sway/default.nix +++ b/user/sway/default.nix @@ -20,6 +20,7 @@ in ./swayidle.nix ./swaylock.nix ./theme.nix + ./gammastep.nix ]; options.my.sway.enable = lib.mkEnableOption { }; @@ -32,6 +33,7 @@ in my.mpd.enable = true; my.zathura.enable = true; my.waybar.enable = true; + my.gammastep.enable = true; wayland.windowManager.sway = { enable = true; @@ -115,10 +117,6 @@ in exec_always systemctl --user restart waybar.service ''; }; - services.gammastep = { - enable = true; - provider = "geoclue2"; - }; services.kdeconnect = { enable = true; diff --git a/user/sway/gammastep.nix b/user/sway/gammastep.nix new file mode 100644 index 0000000..a5b6917 --- /dev/null +++ b/user/sway/gammastep.nix @@ -0,0 +1,19 @@ +{ config, lib, ... }: +let + cfg = config.my.gammastep; +in +{ + options.my.gammastep.enable = lib.mkEnableOption { }; + + config = lib.mkIf cfg.enable { + services.gammastep = { + enable = true; + dawnTime = "6:00-7:45"; + duskTime = "18:35-20:15"; + temperature = { + day = 6500; + night = 4500; + }; + }; + }; +} From 921413f545403e2ea91e19602831dd9fe5bed020 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Leonardo=20Eug=C3=AAnio?= Date: Fri, 28 Mar 2025 20:22:34 -0300 Subject: [PATCH 27/56] firefox: update userchrome --- user/firefox.nix | 31 ++++++++++++++++++++----------- 1 file changed, 20 insertions(+), 11 deletions(-) diff --git a/user/firefox.nix b/user/firefox.nix index 7d8d65f..5e38a56 100644 --- a/user/firefox.nix +++ b/user/firefox.nix @@ -2,15 +2,22 @@ config, pkgs, lib, - font, ... }: let - inherit (config.my) desktop browser; + inherit (config.my) desktop; + inherit (config.my.theme) color; + bugfixedFirefox = pkgs.firefox-devedition-unwrapped // { requireSigning = false; allowAddonSideload = true; }; + + swayCustomization = '' + #titlebar { display: none !important; } + #TabsToolbar { display: none !important; } + #sidebar-header { display: none !important; } + ''; in { config = { @@ -119,15 +126,17 @@ in "devtools.chrome.enabled" = true; "devtools.debugger.remote-enabled" = true; }; - userChrome = - if desktop == "sway" then - '' - #titlebar { display: none !important; } - #TabsToolbar { display: none !important; } - #sidebar-header { display: none !important; } - '' - else - ""; + userChrome = '' + ${lib.optionalString (desktop == "sway") swayCustomization} + + #sidebar-main { + background-color: ${color.bg}; + } + + #tabbrowser-tabbox { + outline-width: 0 !important; + } + ''; }; }; }; From 9239cbef77d1e3312eb7a8d076cc0d4f671d1fe0 Mon Sep 17 00:00:00 2001 From: lelgenio Date: Wed, 2 Apr 2025 17:11:01 -0300 Subject: [PATCH 28/56] kakoune: add json and yaml formatter --- user/kakoune/filetypes.kak | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/user/kakoune/filetypes.kak b/user/kakoune/filetypes.kak index 7ea774e..01b0175 100644 --- a/user/kakoune/filetypes.kak +++ b/user/kakoune/filetypes.kak @@ -15,6 +15,14 @@ hook global WinSetOption filetype=nix %{ set buffer formatcmd 'nixfmt' } +hook global BufCreate .*\.json %{ + set buffer formatcmd 'prettier --parser json' +} + +hook global BufCreate .*\.ya?ml %{ + set buffer formatcmd 'prettier --parser yaml' +} + hook global BufCreate .*\.html %{ set buffer formatcmd 'prettier --parser html' } From 1054e831d8d48099895bb2edc30fb51662281c11 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Leonardo=20Eug=C3=AAnio?= Date: Mon, 31 Mar 2025 08:05:09 -0300 Subject: [PATCH 29/56] update --- flake.lock | 50 +++++++++++++++++++++++++------------------------- 1 file changed, 25 insertions(+), 25 deletions(-) diff --git a/flake.lock b/flake.lock index e0843d6..69ae3c0 100644 --- a/flake.lock +++ b/flake.lock @@ -76,11 +76,11 @@ "contador-da-viagem": { "flake": false, "locked": { - "lastModified": 1742597480, - "narHash": "sha256-aN+Kioc4AWPMyJxfz/zFCo2YdP4YxcPqoUcp46z9KcA=", + "lastModified": 1742610036, + "narHash": "sha256-sY1iheemazmIVJAnoFtut6cN7HX/C5OMDY54UrmCoqE=", "ref": "refs/heads/main", - "rev": "29dde9d1965b1f8c1b870185a95859c050ba847d", - "revCount": 3, + "rev": "efe5ac4a16de7f78824ac89dc987ef635afa5267", + "revCount": 4, "type": "git", "url": "https://git.lelgenio.com/lelgenio/contador-da-viagem" }, @@ -456,11 +456,11 @@ ] }, "locked": { - "lastModified": 1742234739, - "narHash": "sha256-zFL6zsf/5OztR1NSNQF33dvS1fL/BzVUjabZq4qrtY4=", + "lastModified": 1742655702, + "narHash": "sha256-jbqlw4sPArFtNtA1s3kLg7/A4fzP4GLk9bGbtUJg0JQ=", "owner": "nix-community", "repo": "home-manager", - "rev": "f6af7280a3390e65c2ad8fd059cdc303426cbd59", + "rev": "0948aeedc296f964140d9429223c7e4a0702a1ff", "type": "github" }, "original": { @@ -497,11 +497,11 @@ ] }, "locked": { - "lastModified": 1742174123, - "narHash": "sha256-pDNzMoR6m1ZSJToZQ6XDTLVSdzIzmFl1b8Pc3f7iV6Y=", + "lastModified": 1742701275, + "narHash": "sha256-AulwPVrS9859t+eJ61v24wH/nfBEIDSXYxlRo3fL/SA=", "owner": "Mic92", "repo": "nix-index-database", - "rev": "2cfb4e1ca32f59dd2811d7a6dd5d4d1225f0955c", + "rev": "36dc43cb50d5d20f90a28d53abb33a32b0a2aae6", "type": "github" }, "original": { @@ -567,11 +567,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1742422364, - "narHash": "sha256-mNqIplmEohk5jRkqYqG19GA8MbQ/D4gQSK0Mu4LvfRQ=", + "lastModified": 1743095683, + "narHash": "sha256-gWd4urRoLRe8GLVC/3rYRae1h+xfQzt09xOfb0PaHSk=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "a84ebe20c6bc2ecbcfb000a50776219f48d134cc", + "rev": "5e5402ecbcb27af32284d4a62553c019a3a49ea6", "type": "github" }, "original": { @@ -628,11 +628,11 @@ }, "nixpkgs_5": { "locked": { - "lastModified": 1742388435, - "narHash": "sha256-GheQGRNYAhHsvPxWVOhAmg9lZKkis22UPbEHlmZMthg=", + "lastModified": 1742937945, + "narHash": "sha256-lWc+79eZRyvHp/SqMhHTMzZVhpxkRvthsP1Qx6UCq0E=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "b75693fb46bfaf09e662d09ec076c5a162efa9f6", + "rev": "d02d88f8de5b882ccdde0465d8fa2db3aa1169f7", "type": "github" }, "original": { @@ -800,11 +800,11 @@ ] }, "locked": { - "lastModified": 1742406979, - "narHash": "sha256-r0aq70/3bmfjTP+JZs4+XV5SgmCtk1BLU4CQPWGtA7o=", + "lastModified": 1742700801, + "narHash": "sha256-ZGlpUDsuBdeZeTNgoMv+aw0ByXT2J3wkYw9kJwkAS4M=", "owner": "Mic92", "repo": "sops-nix", - "rev": "1770be8ad89e41f1ed5a60ce628dd10877cb3609", + "rev": "67566fe68a8bed2a7b1175fdfb0697ed22ae8852", "type": "github" }, "original": { @@ -960,11 +960,11 @@ "nixpkgs": "nixpkgs_6" }, "locked": { - "lastModified": 1742370146, - "narHash": "sha256-XRE8hL4vKIQyVMDXykFh4ceo3KSpuJF3ts8GKwh5bIU=", + "lastModified": 1743081648, + "narHash": "sha256-WRAylyYptt6OX5eCEBWyTwOEqEtD6zt33rlUkr6u3cE=", "owner": "numtide", "repo": "treefmt-nix", - "rev": "adc195eef5da3606891cedf80c0d9ce2d3190808", + "rev": "29a3d7b768c70addce17af0869f6e2bd8f5be4b7", "type": "github" }, "original": { @@ -975,11 +975,11 @@ }, "vpsadminos": { "locked": { - "lastModified": 1742222981, - "narHash": "sha256-EDhfWimpzUnpH5h/FQ3oYw/Kaq4Cx1E5nRofDQyI3aE=", + "lastModified": 1743047409, + "narHash": "sha256-WTUW2GZqHknVwEbzF/TeX2eg52414gfl6hXloDDwEsQ=", "owner": "vpsfreecz", "repo": "vpsadminos", - "rev": "14da38b9a49bf156e06f20ed02533a0549e6d487", + "rev": "cf9324b9ff855172bd9de8aa3b8215071c4a0c6f", "type": "github" }, "original": { From caffa85ba020a5f18755c2647224145dd1dbb671 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Leonardo=20Eug=C3=AAnio?= Date: Fri, 4 Apr 2025 21:01:39 -0300 Subject: [PATCH 30/56] ranger: disable preview scripts and vcs support, making it very fast --- user/ranger/rc.conf | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/user/ranger/rc.conf b/user/ranger/rc.conf index 3936f36..ad71849 100644 --- a/user/ranger/rc.conf +++ b/user/ranger/rc.conf @@ -27,10 +27,10 @@ set confirm_on_delete multiple # Use non-default path for file preview script? # ranger ships with scope.sh, a script that calls external programs (see # README.md for dependencies) to preview images, archives, etc. -set preview_script ~/.config/ranger/scope.sh +# set preview_script ~/.config/ranger/scope.sh # Use the external preview script or display simple plain text or image previews? -set use_preview_script true +# set use_preview_script true # Automatically count files in the directory, even before entering them? set automatically_count_files true @@ -40,7 +40,7 @@ set automatically_count_files true set open_all_images true # Be aware of version control systems and display information. -set vcs_aware true +set vcs_aware false # State of the four backends git, hg, bzr, svn. The possible states are # disabled, local (only show local info), enabled (show local and remote From 2d2c3d20075b4b30b96c5970e0ce4582269d9191 Mon Sep 17 00:00:00 2001 From: lelgenio Date: Sat, 5 Apr 2025 14:02:55 -0300 Subject: [PATCH 31/56] kak: fix multiline-edit extension --- user/kakoune/default.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/user/kakoune/default.nix b/user/kakoune/default.nix index a015bd0..fa63e6b 100644 --- a/user/kakoune/default.nix +++ b/user/kakoune/default.nix @@ -82,6 +82,9 @@ in rev = "1cc6baeb14b773916eb9209469aa77b3cfa67a0a"; sha256 = "sha256-3PLxG9UtT0MMSibvTviXQIgTH3rApZ3WSbNCEH3c7HE="; }; + buildInputs = with pkgs; [ + python3Minimal + ]; }) ]; extraConfig = From 310f3b192c157bbac4595a25a7c8e844a20543fc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Leonardo=20Eug=C3=AAnio?= Date: Tue, 8 Apr 2025 21:42:08 -0300 Subject: [PATCH 32/56] qt: cleanup theme config --- user/sway/theme.nix | 29 +---------------------------- 1 file changed, 1 insertion(+), 28 deletions(-) diff --git a/user/sway/theme.nix b/user/sway/theme.nix index 731d12a..0a8a38a 100644 --- a/user/sway/theme.nix +++ b/user/sway/theme.nix @@ -55,7 +55,7 @@ lib.mkIf (desktop == "sway") { qt = { enable = true; platformTheme.name = "gtk3"; - style.name = "qt5ct"; + style.name = "kvantum"; }; dconf.settings = { @@ -70,28 +70,6 @@ lib.mkIf (desktop == "sway") { }; }; - # fonts.fontconfig.enable = true; - xdg.configFile = { - "qt5ct/qt5ct.conf".text = '' - [Appearance] - # color_scheme_path=/nix/store/f07mk0vrm47jxw3y5v99hxncy0w4vcyq-qt5ct-1.5/share/qt5ct/colors/darker.conf - custom_palette=false - icon_theme=${icon_theme} - standard_dialogs=default - style=kvantum-dark - - # [Fonts] - # fixed=@Variant(\0\0\0@\0\0\0\x1c\0H\0\x61\0\x63\0k\0 \0N\0\x65\0r\0\x64\0 \0\x46\0o\0n\0t@(\0\0\0\0\0\0\xff\xff\xff\xff\x5\x1\0\x32\x10) - # general=@Variant(\0\0\0@\0\0\0\x1e\0L\0i\0\x62\0\x65\0r\0\x61\0t\0i\0o\0n\0 \0S\0\x61\0n\0s@(\0\0\0\0\0\0\xff\xff\xff\xff\x5\x1\0\x32\x10) - ''; - "kdedefaults/kdeglobals".text = '' - [General] - ColorScheme=BreezeDark - - [Icons] - Theme=${icon_theme} - ''; - }; services.xsettingsd = { enable = true; settings = { @@ -105,11 +83,6 @@ lib.mkIf (desktop == "sway") { }; home.packages = with pkgs; [ - libsForQt5.qt5ct - libsForQt5.qtstyleplugin-kvantum - qt6Packages.qt6ct - qt6Packages.qtstyleplugin-kvantum - pkgs.bibata-cursors pkgs.orchis_theme_compact pkgs.papirus_red From 7eeb06fbb753b0bf91d8b8b5c4d80a6fd3a6ba16 Mon Sep 17 00:00:00 2001 From: lelgenio Date: Tue, 8 Apr 2025 17:58:25 -0300 Subject: [PATCH 33/56] firefox: remove buggy config --- user/firefox.nix | 6 ------ 1 file changed, 6 deletions(-) diff --git a/user/firefox.nix b/user/firefox.nix index 5e38a56..3f58fa6 100644 --- a/user/firefox.nix +++ b/user/firefox.nix @@ -114,8 +114,6 @@ in "media.ffmpeg.vaapi.enabled" = true; "media.ffvpx.enabled" = true; - "gfx.webrender.all" = true; - # Enable installing non signed extensions "extensions.langpacks.signatures.required" = false; "xpinstall.signatures.required" = false; @@ -145,9 +143,5 @@ in exec firefox ''; }; - home.sessionVariables = { - MOZ_ENABLE_WAYLAND = "1"; - MOZ_DISABLE_RDD_SANDBOX = "1"; - }; }; } From fde4835a77ee84ba6dc37323e2a04fc2b270e3e3 Mon Sep 17 00:00:00 2001 From: lelgenio Date: Mon, 12 May 2025 17:58:13 -0300 Subject: [PATCH 34/56] update --- flake.lock | 72 +++++++++++++++++++++++++++--------------------------- 1 file changed, 36 insertions(+), 36 deletions(-) diff --git a/flake.lock b/flake.lock index 69ae3c0..0213291 100644 --- a/flake.lock +++ b/flake.lock @@ -28,11 +28,11 @@ "systems": "systems" }, "locked": { - "lastModified": 1736955230, - "narHash": "sha256-uenf8fv2eG5bKM8C/UvFaiJMZ4IpUFaQxk9OH5t/1gA=", + "lastModified": 1745630506, + "narHash": "sha256-bHCFgGeu8XjWlVuaWzi3QONjDW3coZDqSHvnd4l7xus=", "owner": "ryantm", "repo": "agenix", - "rev": "e600439ec4c273cf11e06fe4d9d906fb98fa097c", + "rev": "96e078c646b711aee04b82ba01aefbff87004ded", "type": "github" }, "original": { @@ -163,11 +163,11 @@ ] }, "locked": { - "lastModified": 1700795494, - "narHash": "sha256-gzGLZSiOhf155FW7262kdHo2YDeugp3VuIFb4/GGng0=", + "lastModified": 1744478979, + "narHash": "sha256-dyN+teG9G82G+m+PX/aSAagkC+vUv0SgUw3XkPhQodQ=", "owner": "lnl7", "repo": "nix-darwin", - "rev": "4b9b83d5a92e8c1fbfd8eb27eda375908c11ec4d", + "rev": "43975d782b418ebf4969e9ccba82466728c2851b", "type": "github" }, "original": { @@ -225,11 +225,11 @@ ] }, "locked": { - "lastModified": 1741786315, - "narHash": "sha256-VT65AE2syHVj6v/DGB496bqBnu1PXrrzwlw07/Zpllc=", + "lastModified": 1746729224, + "narHash": "sha256-9R4sOLAK1w3Bq54H3XOJogdc7a6C2bLLmatOQ+5pf5w=", "owner": "nix-community", "repo": "disko", - "rev": "0d8c6ad4a43906d14abd5c60e0ffe7b587b213de", + "rev": "85555d27ded84604ad6657ecca255a03fd878607", "type": "github" }, "original": { @@ -456,11 +456,11 @@ ] }, "locked": { - "lastModified": 1742655702, - "narHash": "sha256-jbqlw4sPArFtNtA1s3kLg7/A4fzP4GLk9bGbtUJg0JQ=", + "lastModified": 1746171682, + "narHash": "sha256-EyXUNSa+H+YvGVuQJP1nZskXAowxKYp79RNUsNdQTj4=", "owner": "nix-community", "repo": "home-manager", - "rev": "0948aeedc296f964140d9429223c7e4a0702a1ff", + "rev": "50eee705bbdbac942074a8c120e8194185633675", "type": "github" }, "original": { @@ -497,11 +497,11 @@ ] }, "locked": { - "lastModified": 1742701275, - "narHash": "sha256-AulwPVrS9859t+eJ61v24wH/nfBEIDSXYxlRo3fL/SA=", + "lastModified": 1746330942, + "narHash": "sha256-ShizFaJCAST23tSrHHtFFGF0fwd72AG+KhPZFFQX/0o=", "owner": "Mic92", "repo": "nix-index-database", - "rev": "36dc43cb50d5d20f90a28d53abb33a32b0a2aae6", + "rev": "137fd2bd726fff343874f85601b51769b48685cc", "type": "github" }, "original": { @@ -520,11 +520,11 @@ "nixpkgs-24_11": "nixpkgs-24_11" }, "locked": { - "lastModified": 1742413977, - "narHash": "sha256-NkhM9GVu3HL+MiXtGD0TjuPCQ4GFVJPBZ8KyI2cFDGU=", + "lastModified": 1746740198, + "narHash": "sha256-Sbcl1MkJBOMg9BBENRm++clDuk6SihqBNOkPcKt+EF4=", "owner": "simple-nixos-mailserver", "repo": "nixos-mailserver", - "rev": "b4fbffe79c00f19be94b86b4144ff67541613659", + "rev": "1feca020084017b47bcbf893b33e76585785a840", "type": "gitlab" }, "original": { @@ -567,11 +567,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1743095683, - "narHash": "sha256-gWd4urRoLRe8GLVC/3rYRae1h+xfQzt09xOfb0PaHSk=", + "lastModified": 1746663147, + "narHash": "sha256-Ua0drDHawlzNqJnclTJGf87dBmaO/tn7iZ+TCkTRpRc=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "5e5402ecbcb27af32284d4a62553c019a3a49ea6", + "rev": "dda3dcd3fe03e991015e9a74b22d35950f264a54", "type": "github" }, "original": { @@ -628,11 +628,11 @@ }, "nixpkgs_5": { "locked": { - "lastModified": 1742937945, - "narHash": "sha256-lWc+79eZRyvHp/SqMhHTMzZVhpxkRvthsP1Qx6UCq0E=", + "lastModified": 1746557022, + "narHash": "sha256-QkNoyEf6TbaTW5UZYX0OkwIJ/ZMeKSSoOMnSDPQuol0=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "d02d88f8de5b882ccdde0465d8fa2db3aa1169f7", + "rev": "1d3aeb5a193b9ff13f63f4d9cc169fb88129f860", "type": "github" }, "original": { @@ -643,11 +643,11 @@ }, "nixpkgs_6": { "locked": { - "lastModified": 1735554305, - "narHash": "sha256-zExSA1i/b+1NMRhGGLtNfFGXgLtgo+dcuzHzaWA6w3Q=", + "lastModified": 1745377448, + "narHash": "sha256-jhZDfXVKdD7TSEGgzFJQvEEZ2K65UMiqW5YJ2aIqxMA=", "owner": "nixos", "repo": "nixpkgs", - "rev": "0e82ab234249d8eee3e8c91437802b32c74bb3fd", + "rev": "507b63021ada5fee621b6ca371c4fca9ca46f52c", "type": "github" }, "original": { @@ -800,11 +800,11 @@ ] }, "locked": { - "lastModified": 1742700801, - "narHash": "sha256-ZGlpUDsuBdeZeTNgoMv+aw0ByXT2J3wkYw9kJwkAS4M=", + "lastModified": 1746485181, + "narHash": "sha256-PxrrSFLaC7YuItShxmYbMgSuFFuwxBB+qsl9BZUnRvg=", "owner": "Mic92", "repo": "sops-nix", - "rev": "67566fe68a8bed2a7b1175fdfb0697ed22ae8852", + "rev": "e93ee1d900ad264d65e9701a5c6f895683433386", "type": "github" }, "original": { @@ -960,11 +960,11 @@ "nixpkgs": "nixpkgs_6" }, "locked": { - "lastModified": 1743081648, - "narHash": "sha256-WRAylyYptt6OX5eCEBWyTwOEqEtD6zt33rlUkr6u3cE=", + "lastModified": 1746216483, + "narHash": "sha256-4h3s1L/kKqt3gMDcVfN8/4v2jqHrgLIe4qok4ApH5x4=", "owner": "numtide", "repo": "treefmt-nix", - "rev": "29a3d7b768c70addce17af0869f6e2bd8f5be4b7", + "rev": "29ec5026372e0dec56f890e50dbe4f45930320fd", "type": "github" }, "original": { @@ -975,11 +975,11 @@ }, "vpsadminos": { "locked": { - "lastModified": 1743047409, - "narHash": "sha256-WTUW2GZqHknVwEbzF/TeX2eg52414gfl6hXloDDwEsQ=", + "lastModified": 1746798207, + "narHash": "sha256-KGvQoBdrOCEaxSnvQrQcbDzu4x2aP8ik6RiRxBj43dg=", "owner": "vpsfreecz", "repo": "vpsadminos", - "rev": "cf9324b9ff855172bd9de8aa3b8215071c4a0c6f", + "rev": "29ee8947bda07185e21388a414df88501c3ce83f", "type": "github" }, "original": { From 5dcf7259ed7d383a57f9b4295d93482d6f240035 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Leonardo=20Eug=C3=AAnio?= Date: Mon, 12 May 2025 22:19:33 -0300 Subject: [PATCH 35/56] update --- flake.lock | 42 +++++++++++++++++++++--------------------- 1 file changed, 21 insertions(+), 21 deletions(-) diff --git a/flake.lock b/flake.lock index 0213291..970c204 100644 --- a/flake.lock +++ b/flake.lock @@ -456,11 +456,11 @@ ] }, "locked": { - "lastModified": 1746171682, - "narHash": "sha256-EyXUNSa+H+YvGVuQJP1nZskXAowxKYp79RNUsNdQTj4=", + "lastModified": 1747020534, + "narHash": "sha256-D/6rkiC6w2p+4SwRiVKrWIeYzun8FBg7NlMKMwQMxO0=", "owner": "nix-community", "repo": "home-manager", - "rev": "50eee705bbdbac942074a8c120e8194185633675", + "rev": "b4bbdc6fde16fc2051fcde232f6e288cd22007ca", "type": "github" }, "original": { @@ -497,11 +497,11 @@ ] }, "locked": { - "lastModified": 1746330942, - "narHash": "sha256-ShizFaJCAST23tSrHHtFFGF0fwd72AG+KhPZFFQX/0o=", + "lastModified": 1746934494, + "narHash": "sha256-3n6i+F0sDASjkhbvgFDpPDZGp7z19IrRtjfF9TwJpCA=", "owner": "Mic92", "repo": "nix-index-database", - "rev": "137fd2bd726fff343874f85601b51769b48685cc", + "rev": "e9b21b01e4307176b9718a29ac514838e7f6f4ff", "type": "github" }, "original": { @@ -520,11 +520,11 @@ "nixpkgs-24_11": "nixpkgs-24_11" }, "locked": { - "lastModified": 1746740198, - "narHash": "sha256-Sbcl1MkJBOMg9BBENRm++clDuk6SihqBNOkPcKt+EF4=", + "lastModified": 1746937334, + "narHash": "sha256-7g2GSePdYbpD1v5BxEVSCJ2Ogf4K5rc9sBB81FervUY=", "owner": "simple-nixos-mailserver", "repo": "nixos-mailserver", - "rev": "1feca020084017b47bcbf893b33e76585785a840", + "rev": "da66510f688b7eac54e3cac7c75be4b8dd78ce8b", "type": "gitlab" }, "original": { @@ -567,11 +567,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1746663147, - "narHash": "sha256-Ua0drDHawlzNqJnclTJGf87dBmaO/tn7iZ+TCkTRpRc=", + "lastModified": 1746904237, + "narHash": "sha256-3e+AVBczosP5dCLQmMoMEogM57gmZ2qrVSrmq9aResQ=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "dda3dcd3fe03e991015e9a74b22d35950f264a54", + "rev": "d89fc19e405cb2d55ce7cc114356846a0ee5e956", "type": "github" }, "original": { @@ -628,11 +628,11 @@ }, "nixpkgs_5": { "locked": { - "lastModified": 1746557022, - "narHash": "sha256-QkNoyEf6TbaTW5UZYX0OkwIJ/ZMeKSSoOMnSDPQuol0=", + "lastModified": 1746957726, + "narHash": "sha256-k9ut1LSfHCr0AW82ttEQzXVCqmyWVA5+SHJkS5ID/Jo=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "1d3aeb5a193b9ff13f63f4d9cc169fb88129f860", + "rev": "a39ed32a651fdee6842ec930761e31d1f242cb94", "type": "github" }, "original": { @@ -960,11 +960,11 @@ "nixpkgs": "nixpkgs_6" }, "locked": { - "lastModified": 1746216483, - "narHash": "sha256-4h3s1L/kKqt3gMDcVfN8/4v2jqHrgLIe4qok4ApH5x4=", + "lastModified": 1746989248, + "narHash": "sha256-uoQ21EWsAhyskNo8QxrTVZGjG/dV4x5NM1oSgrmNDJY=", "owner": "numtide", "repo": "treefmt-nix", - "rev": "29ec5026372e0dec56f890e50dbe4f45930320fd", + "rev": "708ec80ca82e2bbafa93402ccb66a35ff87900c5", "type": "github" }, "original": { @@ -975,11 +975,11 @@ }, "vpsadminos": { "locked": { - "lastModified": 1746798207, - "narHash": "sha256-KGvQoBdrOCEaxSnvQrQcbDzu4x2aP8ik6RiRxBj43dg=", + "lastModified": 1746967427, + "narHash": "sha256-lTI7Bg9zgDDWX0kFdR4OoK+I3kAaYt6Jo6jGRvSCn9U=", "owner": "vpsfreecz", "repo": "vpsadminos", - "rev": "29ee8947bda07185e21388a414df88501c3ce83f", + "rev": "cad317d0c2eacd36beb4fce60d6dcced50b71173", "type": "github" }, "original": { From 4c67c260a7deee7f8501c69363970703a560a2d2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Leonardo=20Eug=C3=AAnio?= Date: Thu, 15 May 2025 12:57:15 -0300 Subject: [PATCH 36/56] kakoune: fix prettier formatter config --- user/kakoune/filetypes.kak | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/user/kakoune/filetypes.kak b/user/kakoune/filetypes.kak index 01b0175..9fa33a6 100644 --- a/user/kakoune/filetypes.kak +++ b/user/kakoune/filetypes.kak @@ -16,15 +16,15 @@ hook global WinSetOption filetype=nix %{ } hook global BufCreate .*\.json %{ - set buffer formatcmd 'prettier --parser json' + set buffer formatcmd "prettier --stdin-filepath=%val{buffile}" } hook global BufCreate .*\.ya?ml %{ - set buffer formatcmd 'prettier --parser yaml' + set buffer formatcmd "prettier --stdin-filepath=%val{buffile}" } hook global BufCreate .*\.html %{ - set buffer formatcmd 'prettier --parser html' + set buffer formatcmd "prettier --stdin-filepath=%val{buffile}" } hook global BufCreate .*\.component\.html %{ @@ -43,11 +43,15 @@ hook global BufCreate .*\.php %{ } hook global BufCreate .*\.js %{ - set buffer formatcmd 'prettier --parser babel' + set buffer formatcmd "prettier --stdin-filepath=%val{buffile}" +} + +hook global BufCreate .*\.ts %{ + set buffer formatcmd "prettier --stdin-filepath=%val{buffile}" } hook global BufCreate .*\.scss %{ - set buffer formatcmd 'prettier --parser scss' + set buffer formatcmd "prettier --stdin-filepath=%val{buffile}" } hook global BufCreate .*\.vue %{ From bce7c36693fb088e68db528d38cff47a47987eab Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Leonardo=20Eug=C3=AAnio?= Date: Wed, 21 May 2025 20:14:08 -0300 Subject: [PATCH 37/56] factorio: update server --- pkgs/factorio-headless/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/factorio-headless/default.nix b/pkgs/factorio-headless/default.nix index 46064b5..8d81f1d 100644 --- a/pkgs/factorio-headless/default.nix +++ b/pkgs/factorio-headless/default.nix @@ -1,10 +1,10 @@ { factorio-headless, pkgs }: factorio-headless.overrideAttrs (_: rec { - version = "2.0.39"; + version = "2.0.47"; src = pkgs.fetchurl { name = "factorio_headless_x64-${version}.tar.xz"; url = "https://www.factorio.com/get-download/${version}/headless/linux64"; - hash = "sha256-D4o9DkN5e1/02LhdfDNLCVo/B9mqf4Cx6H+Uk5qT3zQ="; + hash = "sha256-8PMgx3YWpHlCJ+tjenC1VxCPMUGkYzJ2WTIgp2j0miY="; }; }) From e4b2f1cb143bc892e6d653ca6650b1b1c68c2040 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Leonardo=20Eug=C3=AAnio?= Date: Sat, 24 May 2025 00:02:46 -0300 Subject: [PATCH 38/56] tablet: force replacing OpenTabletDriver config --- user/sway/default.nix | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/user/sway/default.nix b/user/sway/default.nix index 046ae07..596fdde 100644 --- a/user/sway/default.nix +++ b/user/sway/default.nix @@ -125,7 +125,10 @@ in services.gpg-agent.pinentryPackage = pkgs.pinentry-all; - xdg.configFile."OpenTabletDriver/settings.json".source = ./open-tablet-driver.json; + xdg.configFile."OpenTabletDriver/settings.json" = { + force = true; + source = ./open-tablet-driver.json; + }; home.packages = with pkgs; [ mySway From 6102f2283a3c624d97fb752c8d6125c8cf89d665 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Leonardo=20Eug=C3=AAnio?= Date: Sat, 24 May 2025 00:03:16 -0300 Subject: [PATCH 39/56] firefox: remove pinned extensions --- user/firefox.nix | 70 +----------------------------------------------- 1 file changed, 1 insertion(+), 69 deletions(-) diff --git a/user/firefox.nix b/user/firefox.nix index 3f58fa6..29d7f07 100644 --- a/user/firefox.nix +++ b/user/firefox.nix @@ -8,11 +8,6 @@ let inherit (config.my) desktop; inherit (config.my.theme) color; - bugfixedFirefox = pkgs.firefox-devedition-unwrapped // { - requireSigning = false; - allowAddonSideload = true; - }; - swayCustomization = '' #titlebar { display: none !important; } #TabsToolbar { display: none !important; } @@ -23,70 +18,7 @@ in config = { programs.firefox = { enable = true; - package = pkgs.wrapFirefox bugfixedFirefox { - nixExtensions = [ - (pkgs.fetchFirefoxAddon { - name = "darkreader"; - url = "https://addons.mozilla.org/firefox/downloads/file/4205543/darkreader-4.9.73.xpi"; - hash = "sha256-fDmf8yVhiGu4Da0Mr6+PYpeSsLcf8e/PEmZ+BaKzjxo="; - }) - (pkgs.fetchFirefoxAddon { - name = "sponsorblock"; - url = "https://addons.mozilla.org/firefox/downloads/file/4202411/sponsorblock-5.4.29.xpi"; - hash = "sha256-7Xqc8cyQNylMe5/dgDOx1f2QDVmz3JshDlTueu6AcSg="; - }) - (pkgs.fetchFirefoxAddon { - name = "tree-style-tab"; - url = "https://addons.mozilla.org/firefox/downloads/file/4197314/tree_style_tab-3.9.19.xpi"; - hash = "sha256-u2f0elVPj5N/QXa+5hRJResPJAYwuT9z0s/0nwmFtVo="; - }) - (pkgs.fetchFirefoxAddon { - name = "ublock-origin"; - url = "https://addons.mozilla.org/firefox/downloads/file/4290466/ublock_origin-1.58.0.xpi"; - hash = "sha256-RwxWmUpxdNshV4rc5ZixWKXcCXDIfFz+iJrGMr0wheo="; - }) - (pkgs.fetchFirefoxAddon { - name = "user_agent_string_switcher"; - url = "https://addons.mozilla.org/firefox/downloads/file/4098688/user_agent_string_switcher-0.5.0.xpi"; - hash = "sha256-ncjaPIxG1PBNEv14nGNQH6ai9QL4WbKGk5oJDbY+rjM="; - }) - - (pkgs.fetchFirefoxAddon { - name = "i-still-dont-care-about-cookies"; - url = "https://github.com/OhMyGuus/I-Still-Dont-Care-About-Cookies/releases/download/v1.1.4/istilldontcareaboutcookies-1.1.4.xpi"; - hash = "sha256-yt6yRiLTuaK4K/QwgkL9gCVGsSa7ndFOHqZvKqIGZ5U="; - }) - - (pkgs.fetchFirefoxAddon { - name = "vimium_ff"; - url = "https://addons.mozilla.org/firefox/downloads/file/4191523/vimium_ff-2.0.6.xpi"; - hash = "sha256-lKLX6IWWtliRdH1Ig33rVEB4DVfbeuMw0dfUPV/mSSI="; - }) - (pkgs.fetchFirefoxAddon { - name = "invidious_redirect"; - url = "https://addons.mozilla.org/firefox/downloads/file/4292924/invidious_redirect_2-1.16.xpi"; - hash = "sha256-ApCc+MNmW9Wd/5seV6npePQVEaszT/rhD9EB7HGiUb8="; - }) - - (pkgs.fetchFirefoxAddon { - name = "substitoot"; - url = "https://addons.mozilla.org/firefox/downloads/file/4236602/substitoot-0.7.2.0.xpi"; - hash = "sha256-1auSqEjkebwRSbmAVUsYwy77dl7TQCOnqgozpoVnqgI="; - }) - - # Locale - (pkgs.fetchFirefoxAddon { - name = "firefox_br"; - url = "https://addons.mozilla.org/firefox/downloads/file/4144369/firefox_br-115.0.20230726.201356.xpi"; - hash = "sha256-8zkqfdW0lX0b62+gAJeq4FFlQ06nXGFAexpH+wg2Cr0="; - }) - (pkgs.fetchFirefoxAddon { - name = "corretor"; - url = "https://addons.mozilla.org/firefox/downloads/file/1176165/corretor-65.2018.12.8.xpi"; - hash = "sha256-/rFQtJHdgemMkGAd+KWuWxVA/BwSIkn6sk0XZE0LrGk="; - }) - ]; - }; + package = pkgs.firefox-devedition; profiles = { dev-edition-default = { isDefault = true; From 18ec0369d7df43df83e4d79937255a6bd34db391 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Leonardo=20Eug=C3=AAnio?= Date: Sat, 24 May 2025 00:05:30 -0300 Subject: [PATCH 40/56] flake: mark flake.lock as binary to git, don't show diffs --- .gitattributes | 1 + 1 file changed, 1 insertion(+) create mode 100644 .gitattributes diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..da8c15f --- /dev/null +++ b/.gitattributes @@ -0,0 +1 @@ +flake.lock binary From 8c5847ff33f7680b5b1a1f342adbf454294bb19a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Leonardo=20Eug=C3=AAnio?= Date: Sat, 24 May 2025 00:08:40 -0300 Subject: [PATCH 41/56] update --- flake.lock | 132 ++++++++++++++++++++++++++++++++++++----------------- 1 file changed, 91 insertions(+), 41 deletions(-) diff --git a/flake.lock b/flake.lock index 970c204..0821cf8 100644 --- a/flake.lock +++ b/flake.lock @@ -28,11 +28,11 @@ "systems": "systems" }, "locked": { - "lastModified": 1745630506, - "narHash": "sha256-bHCFgGeu8XjWlVuaWzi3QONjDW3coZDqSHvnd4l7xus=", + "lastModified": 1747575206, + "narHash": "sha256-NwmAFuDUO/PFcgaGGr4j3ozG9Pe5hZ/ogitWhY+D81k=", "owner": "ryantm", "repo": "agenix", - "rev": "96e078c646b711aee04b82ba01aefbff87004ded", + "rev": "4835b1dc898959d8547a871ef484930675cb47f1", "type": "github" }, "original": { @@ -225,11 +225,11 @@ ] }, "locked": { - "lastModified": 1746729224, - "narHash": "sha256-9R4sOLAK1w3Bq54H3XOJogdc7a6C2bLLmatOQ+5pf5w=", + "lastModified": 1747742835, + "narHash": "sha256-kYL4GCwwznsypvsnA20oyvW8zB/Dvn6K5G/tgMjVMT4=", "owner": "nix-community", "repo": "disko", - "rev": "85555d27ded84604ad6657ecca255a03fd878607", + "rev": "df522e787fdffc4f32ed3e1fca9ed0968a384d62", "type": "github" }, "original": { @@ -297,11 +297,11 @@ "flake-compat_2": { "flake": false, "locked": { - "lastModified": 1696426674, - "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", + "lastModified": 1747046372, + "narHash": "sha256-CIVLLkVgvHYbgI2UpXvIIBJ12HWgX+fjA8Xf8PUmqCY=", "owner": "edolstra", "repo": "flake-compat", - "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", + "rev": "9100a0f413b0c601e0533d1d94ffd501ce2e7885", "type": "github" }, "original": { @@ -433,6 +433,54 @@ "type": "github" } }, + "git-hooks": { + "inputs": { + "flake-compat": [ + "nixos-mailserver", + "flake-compat" + ], + "gitignore": "gitignore", + "nixpkgs": [ + "nixos-mailserver", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1742649964, + "narHash": "sha256-DwOTp7nvfi8mRfuL1escHDXabVXFGT1VlPD1JHrtrco=", + "owner": "cachix", + "repo": "git-hooks.nix", + "rev": "dcf5072734cb576d2b0c59b2ac44f5050b5eac82", + "type": "github" + }, + "original": { + "owner": "cachix", + "repo": "git-hooks.nix", + "type": "github" + } + }, + "gitignore": { + "inputs": { + "nixpkgs": [ + "nixos-mailserver", + "git-hooks", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1709087332, + "narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=", + "owner": "hercules-ci", + "repo": "gitignore.nix", + "rev": "637db329424fd7e46cf4185293b9cc8c88c95394", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "gitignore.nix", + "type": "github" + } + }, "hello-fonts": { "flake": false, "locked": { @@ -456,11 +504,11 @@ ] }, "locked": { - "lastModified": 1747020534, - "narHash": "sha256-D/6rkiC6w2p+4SwRiVKrWIeYzun8FBg7NlMKMwQMxO0=", + "lastModified": 1747688870, + "narHash": "sha256-ypL9WAZfmJr5V70jEVzqGjjQzF0uCkz+AFQF7n9NmNc=", "owner": "nix-community", "repo": "home-manager", - "rev": "b4bbdc6fde16fc2051fcde232f6e288cd22007ca", + "rev": "d5f1f641b289553927b3801580598d200a501863", "type": "github" }, "original": { @@ -497,11 +545,11 @@ ] }, "locked": { - "lastModified": 1746934494, - "narHash": "sha256-3n6i+F0sDASjkhbvgFDpPDZGp7z19IrRtjfF9TwJpCA=", + "lastModified": 1747540584, + "narHash": "sha256-cxCQ413JTUuRv9Ygd8DABJ1D6kuB/nTfQqC0Lu9C0ls=", "owner": "Mic92", "repo": "nix-index-database", - "rev": "e9b21b01e4307176b9718a29ac514838e7f6f4ff", + "rev": "ec179dd13fb7b4c6844f55be91436f7857226dce", "type": "github" }, "original": { @@ -514,17 +562,18 @@ "inputs": { "blobs": "blobs", "flake-compat": "flake-compat_2", + "git-hooks": "git-hooks", "nixpkgs": [ "nixpkgs" ], - "nixpkgs-24_11": "nixpkgs-24_11" + "nixpkgs-25_05": "nixpkgs-25_05" }, "locked": { - "lastModified": 1746937334, - "narHash": "sha256-7g2GSePdYbpD1v5BxEVSCJ2Ogf4K5rc9sBB81FervUY=", + "lastModified": 1747965231, + "narHash": "sha256-BW3ktviEhfCN/z3+kEyzpDKAI8qFTwO7+S0NVA0C90o=", "owner": "simple-nixos-mailserver", "repo": "nixos-mailserver", - "rev": "da66510f688b7eac54e3cac7c75be4b8dd78ce8b", + "rev": "53007af63fade28853408370c4c600a63dd97f41", "type": "gitlab" }, "original": { @@ -550,28 +599,29 @@ "type": "github" } }, - "nixpkgs-24_11": { + "nixpkgs-25_05": { "locked": { - "lastModified": 1734083684, - "narHash": "sha256-5fNndbndxSx5d+C/D0p/VF32xDiJCJzyOqorOYW4JEo=", + "lastModified": 1747610100, + "narHash": "sha256-rpR5ZPMkWzcnCcYYo3lScqfuzEw5Uyfh+R0EKZfroAc=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "314e12ba369ccdb9b352a4db26ff419f7c49fa84", + "rev": "ca49c4304acf0973078db0a9d200fd2bae75676d", "type": "github" }, "original": { - "id": "nixpkgs", - "ref": "nixos-24.11", - "type": "indirect" + "owner": "NixOS", + "ref": "nixos-25.05", + "repo": "nixpkgs", + "type": "github" } }, "nixpkgs-unstable": { "locked": { - "lastModified": 1746904237, - "narHash": "sha256-3e+AVBczosP5dCLQmMoMEogM57gmZ2qrVSrmq9aResQ=", + "lastModified": 1747744144, + "narHash": "sha256-W7lqHp0qZiENCDwUZ5EX/lNhxjMdNapFnbErcbnP11Q=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "d89fc19e405cb2d55ce7cc114356846a0ee5e956", + "rev": "2795c506fe8fb7b03c36ccb51f75b6df0ab2553f", "type": "github" }, "original": { @@ -628,11 +678,11 @@ }, "nixpkgs_5": { "locked": { - "lastModified": 1746957726, - "narHash": "sha256-k9ut1LSfHCr0AW82ttEQzXVCqmyWVA5+SHJkS5ID/Jo=", + "lastModified": 1747862697, + "narHash": "sha256-U4HaNZ1W26cbOVm0Eb5OdGSnfQVWQKbLSPrSSa78KC0=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "a39ed32a651fdee6842ec930761e31d1f242cb94", + "rev": "2baa12ff69913392faf0ace833bc54bba297ea95", "type": "github" }, "original": { @@ -800,11 +850,11 @@ ] }, "locked": { - "lastModified": 1746485181, - "narHash": "sha256-PxrrSFLaC7YuItShxmYbMgSuFFuwxBB+qsl9BZUnRvg=", + "lastModified": 1747603214, + "narHash": "sha256-lAblXm0VwifYCJ/ILPXJwlz0qNY07DDYdLD+9H+Wc8o=", "owner": "Mic92", "repo": "sops-nix", - "rev": "e93ee1d900ad264d65e9701a5c6f895683433386", + "rev": "8d215e1c981be3aa37e47aeabd4e61bb069548fd", "type": "github" }, "original": { @@ -960,11 +1010,11 @@ "nixpkgs": "nixpkgs_6" }, "locked": { - "lastModified": 1746989248, - "narHash": "sha256-uoQ21EWsAhyskNo8QxrTVZGjG/dV4x5NM1oSgrmNDJY=", + "lastModified": 1747912973, + "narHash": "sha256-XgxghfND8TDypxsMTPU2GQdtBEsHTEc3qWE6RVEk8O0=", "owner": "numtide", "repo": "treefmt-nix", - "rev": "708ec80ca82e2bbafa93402ccb66a35ff87900c5", + "rev": "020cb423808365fa3f10ff4cb8c0a25df35065a3", "type": "github" }, "original": { @@ -975,11 +1025,11 @@ }, "vpsadminos": { "locked": { - "lastModified": 1746967427, - "narHash": "sha256-lTI7Bg9zgDDWX0kFdR4OoK+I3kAaYt6Jo6jGRvSCn9U=", + "lastModified": 1748016252, + "narHash": "sha256-P/h9BTZv6r5br/MKkXyEdUdDTU446UaAZzGLQMCMSIw=", "owner": "vpsfreecz", "repo": "vpsadminos", - "rev": "cad317d0c2eacd36beb4fce60d6dcced50b71173", + "rev": "4756a2ecc603c347e3d983663d663e96f22225a9", "type": "github" }, "original": { From 68568255cbb534f779c0dcaa61f184f571dde06a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Leonardo=20Eug=C3=AAnio?= Date: Sat, 24 May 2025 01:08:45 -0300 Subject: [PATCH 42/56] update: 24.11 -> 25.05 --- flake.lock | 18 +++++++++--------- flake.nix | 6 +++--- 2 files changed, 12 insertions(+), 12 deletions(-) diff --git a/flake.lock b/flake.lock index 0821cf8..78b8ed1 100644 --- a/flake.lock +++ b/flake.lock @@ -504,16 +504,16 @@ ] }, "locked": { - "lastModified": 1747688870, - "narHash": "sha256-ypL9WAZfmJr5V70jEVzqGjjQzF0uCkz+AFQF7n9NmNc=", + "lastModified": 1747556831, + "narHash": "sha256-Qb84nbYFFk0DzFeqVoHltS2RodAYY5/HZQKE8WnBDsc=", "owner": "nix-community", "repo": "home-manager", - "rev": "d5f1f641b289553927b3801580598d200a501863", + "rev": "d0bbd221482c2713cccb80220f3c9d16a6e20a33", "type": "github" }, "original": { "owner": "nix-community", - "ref": "release-24.11", + "ref": "release-25.05", "repo": "home-manager", "type": "github" } @@ -578,7 +578,7 @@ }, "original": { "owner": "simple-nixos-mailserver", - "ref": "master", + "ref": "nixos-25.05", "repo": "nixos-mailserver", "type": "gitlab" } @@ -678,16 +678,16 @@ }, "nixpkgs_5": { "locked": { - "lastModified": 1747862697, - "narHash": "sha256-U4HaNZ1W26cbOVm0Eb5OdGSnfQVWQKbLSPrSSa78KC0=", + "lastModified": 1747953325, + "narHash": "sha256-y2ZtlIlNTuVJUZCqzZAhIw5rrKP4DOSklev6c8PyCkQ=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "2baa12ff69913392faf0ace833bc54bba297ea95", + "rev": "55d1f923c480dadce40f5231feb472e81b0bab48", "type": "github" }, "original": { "id": "nixpkgs", - "ref": "nixos-24.11", + "ref": "nixos-25.05", "type": "indirect" } }, diff --git a/flake.nix b/flake.nix index 8994009..05332a4 100644 --- a/flake.nix +++ b/flake.nix @@ -1,10 +1,10 @@ { description = "My system config"; inputs = { - nixpkgs.url = "nixpkgs/nixos-24.11"; + nixpkgs.url = "nixpkgs/nixos-25.05"; nixpkgs-unstable.url = "nixpkgs/nixos-unstable"; - home-manager.url = "github:nix-community/home-manager/release-24.11"; + home-manager.url = "github:nix-community/home-manager/release-25.05"; home-manager.inputs.nixpkgs.follows = "nixpkgs"; vpsadminos.url = "github:vpsfreecz/vpsadminos"; @@ -32,7 +32,7 @@ }; nixos-mailserver = { - url = "gitlab:simple-nixos-mailserver/nixos-mailserver/master"; + url = "gitlab:simple-nixos-mailserver/nixos-mailserver/nixos-25.05"; inputs.nixpkgs.follows = "nixpkgs"; }; From ce66f177fb4b59d2ae3c839abf454ab830d1b84e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Leonardo=20Eug=C3=AAnio?= Date: Sat, 24 May 2025 01:09:18 -0300 Subject: [PATCH 43/56] 25.05: split nerd fonts --- overlays/default.nix | 8 -------- system/fonts.nix | 3 ++- user/sway/theme.nix | 1 - 3 files changed, 2 insertions(+), 10 deletions(-) diff --git a/overlays/default.nix b/overlays/default.nix index 8886897..a032271 100644 --- a/overlays/default.nix +++ b/overlays/default.nix @@ -28,14 +28,6 @@ rec { ]; } ); - nerdfonts_fira_hack = ( - final.nerdfonts.override { - fonts = [ - "FiraCode" - "Hack" - ]; - } - ); } ); diff --git a/system/fonts.nix b/system/fonts.nix index 2815563..73aa8f7 100644 --- a/system/fonts.nix +++ b/system/fonts.nix @@ -5,6 +5,7 @@ noto-fonts noto-fonts-cjk-sans noto-fonts-emoji - nerdfonts_fira_hack + nerd-fonts.fira-code + nerd-fonts.hack ]; } diff --git a/user/sway/theme.nix b/user/sway/theme.nix index 0a8a38a..600f596 100644 --- a/user/sway/theme.nix +++ b/user/sway/theme.nix @@ -92,7 +92,6 @@ lib.mkIf (desktop == "sway") { hack-font font-awesome_5 fira-code - nerdfonts_fira_hack material-wifi-icons ]; } From 707e8143a03ca4b78ed008a4e390cc2175227c7d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Leonardo=20Eug=C3=AAnio?= Date: Sat, 24 May 2025 01:09:54 -0300 Subject: [PATCH 44/56] 25.05: fix defaultLocale string --- hosts/phantom/default.nix | 2 +- system/locale.nix | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/hosts/phantom/default.nix b/hosts/phantom/default.nix index 9111434..1b0d3cb 100644 --- a/hosts/phantom/default.nix +++ b/hosts/phantom/default.nix @@ -53,7 +53,7 @@ # Set your time zone. time.timeZone = "America/Sao_Paulo"; # Select internationalisation properties. - i18n.defaultLocale = "pt_BR.utf8"; + i18n.defaultLocale = "pt_BR.UTF-8"; boot.kernel.sysctl."fs.inotify.max_user_watches" = 1048576; diff --git a/system/locale.nix b/system/locale.nix index 07e7175..e2c7e81 100644 --- a/system/locale.nix +++ b/system/locale.nix @@ -2,7 +2,7 @@ { time.timeZone = "America/Sao_Paulo"; environment.variables.TZ = config.time.timeZone; - i18n.defaultLocale = "pt_BR.utf8"; + i18n.defaultLocale = "pt_BR.UTF-8"; # Configure keymap in X11 services.xserver.xkb = { From d353be3ce81476dba4327c10be990794afc0c5f3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Leonardo=20Eug=C3=AAnio?= Date: Sat, 24 May 2025 01:10:18 -0300 Subject: [PATCH 45/56] 25.05: j4-dmenu-desktop use '--i3-ipc' flag --- scripts/bmenu | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/scripts/bmenu b/scripts/bmenu index c793269..8abad08 100755 --- a/scripts/bmenu +++ b/scripts/bmenu @@ -8,13 +8,10 @@ if test "$argv[1]" = "run" test -n "$argv[2]" && set t "$argv[2]" || set t "terminal" - test -n "$i3SOCK" && set wrapper 'i3-msg exec --' - test -n "$SWAYSOCK" && set wrapper 'swaymsg exec --' - exec j4-dmenu-desktop \ --dmenu="bmenu start -p Iniciar:" \ --term "$t" \ - --wrapper="$wrapper" \ + --i3-ipc \ --no-generic end From dc734b6d62c7624cad55a587f3c290878582c810 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Leonardo=20Eug=C3=AAnio?= Date: Sat, 24 May 2025 01:11:08 -0300 Subject: [PATCH 46/56] 25.05: fix firefox search engine names --- user/firefox.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user/firefox.nix b/user/firefox.nix index 29d7f07..3e5c9df 100644 --- a/user/firefox.nix +++ b/user/firefox.nix @@ -23,7 +23,7 @@ in dev-edition-default = { isDefault = true; search.force = true; - search.default = "DuckDuckGo"; + search.default = "ddg"; settings = { "devtools.theme" = "auto"; "toolkit.legacyUserProfileCustomizations.stylesheets" = true; From 2c70a0e7dec1f64488051586dc09846dbca6a340 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Leonardo=20Eug=C3=AAnio?= Date: Sat, 24 May 2025 01:11:26 -0300 Subject: [PATCH 47/56] 25.05: mako use settings instead of extraConfig --- user/sway/mako.nix | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/user/sway/mako.nix b/user/sway/mako.nix index af6c673..28b5eb4 100644 --- a/user/sway/mako.nix +++ b/user/sway/mako.nix @@ -34,12 +34,13 @@ in defaultTimeout = 10000; - extraConfig = '' - [app-name=volumesh] - default-timeout=5000 - group-by=app-name - format=%s\n%b - ''; + settings = { + "app-name=volumesh" = { + "default-timeout" = "5000"; + "group-by" = "app-name"; + "format" = "%s\\n%b"; + }; + }; # # {{@@ header() @@}} # # text From fba64d38633230de8e3516e5acfc73e130efe6b9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Leonardo=20Eug=C3=AAnio?= Date: Sat, 24 May 2025 01:46:00 -0300 Subject: [PATCH 48/56] firefox: remove unused config --- user/firefox.nix | 11 ----------- 1 file changed, 11 deletions(-) diff --git a/user/firefox.nix b/user/firefox.nix index 3e5c9df..1c891ae 100644 --- a/user/firefox.nix +++ b/user/firefox.nix @@ -1,18 +1,10 @@ { config, pkgs, - lib, ... }: let - inherit (config.my) desktop; inherit (config.my.theme) color; - - swayCustomization = '' - #titlebar { display: none !important; } - #TabsToolbar { display: none !important; } - #sidebar-header { display: none !important; } - ''; in { config = { @@ -27,7 +19,6 @@ in settings = { "devtools.theme" = "auto"; "toolkit.legacyUserProfileCustomizations.stylesheets" = true; - "browser.tabs.inTitlebar" = if desktop == "sway" then 0 else 1; "sidebar.position_start" = false; # Move sidebar to the right # enable media RDD to allow gpu acceleration @@ -57,8 +48,6 @@ in "devtools.debugger.remote-enabled" = true; }; userChrome = '' - ${lib.optionalString (desktop == "sway") swayCustomization} - #sidebar-main { background-color: ${color.bg}; } From 451aeb6725c2b24559b90d38ca653948c2b27a45 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Leonardo=20Eug=C3=AAnio?= Date: Sat, 24 May 2025 19:10:54 -0300 Subject: [PATCH 49/56] 25.05: firefox-devedition fix executable and .desktop name --- user/firefox.nix | 2 +- user/home.nix | 2 +- user/variables.nix | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/user/firefox.nix b/user/firefox.nix index 1c891ae..28ba913 100644 --- a/user/firefox.nix +++ b/user/firefox.nix @@ -61,7 +61,7 @@ in }; wayland.windowManager.sway = { extraConfig = '' - exec firefox + exec firefox-devedition ''; }; }; diff --git a/user/home.nix b/user/home.nix index 31e3871..334e260 100644 --- a/user/home.nix +++ b/user/home.nix @@ -152,7 +152,7 @@ text-editor = lib.mkDefault "kak.desktop"; image-viewer = lib.mkDefault "pqiv.desktop"; video-player = lib.mkDefault "mpv.desktop"; - web-browser = lib.mkDefault "firefox.desktop"; + web-browser = lib.mkDefault "firefox-devedition.desktop"; document-viewer = lib.mkDefault "org.pwmt.zathura.desktop"; file-manager = lib.mkDefault "thunar.desktop"; archive-manager = "engrampa.desktop"; diff --git a/user/variables.nix b/user/variables.nix index 84823d3..65bc69a 100644 --- a/user/variables.nix +++ b/user/variables.nix @@ -116,6 +116,6 @@ rec { dmenu = "bmenu"; desktop = "sway"; - browser = "firefox"; + browser = "firefox-devedition"; editor = "kakoune"; } From a4b900582aa71695bc628a1b063334c5e892af85 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Leonardo=20Eug=C3=AAnio?= Date: Sat, 24 May 2025 19:11:26 -0300 Subject: [PATCH 50/56] 25.05: fix nextcloud dbtype --- hosts/phantom/nextcloud.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hosts/phantom/nextcloud.nix b/hosts/phantom/nextcloud.nix index a7ef9f3..28d76a1 100644 --- a/hosts/phantom/nextcloud.nix +++ b/hosts/phantom/nextcloud.nix @@ -1,7 +1,6 @@ { config, pkgs, - inputs, ... }: { @@ -11,6 +10,7 @@ hostName = "cloud.lelgenio.com"; https = true; config = { + dbtype = "sqlite"; # TODO: move to single postgres db adminpassFile = config.age.secrets.phantom-nextcloud.path; }; }; From 72ddcec77ef098c6204a951f1ef963c6f089e8d0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Leonardo=20Eug=C3=AAnio?= Date: Wed, 28 May 2025 00:07:44 -0300 Subject: [PATCH 51/56] monolith: add wopus gitlab runners --- secrets/monolith/default.yaml | 12 +++++------- system/gitlab-runner.nix | 6 ++++-- system/monolith-gitlab-runner.nix | 17 +++++++++++++++++ 3 files changed, 26 insertions(+), 9 deletions(-) diff --git a/secrets/monolith/default.yaml b/secrets/monolith/default.yaml index 8bd8e12..f354335 100644 --- a/secrets/monolith/default.yaml +++ b/secrets/monolith/default.yaml @@ -4,16 +4,14 @@ gitlab-runners: thoreb-telemetria-nix: ENC[AES256_GCM,data:zrZvG4be08ulpo7itbrprKK5csCMLvzZjrszfMw1XiJP0FyRTUd9nHgHpbAzbjj2KyT7kKngoZAyengvaTEhkT9sUi1pdGnvajAH8BDDOD0g4LJIHFl4,iv:3bSsTzU7gHx+MchuPg9kmb5xEDugmGPje8Jw74NpRJI=,tag:zffRr77lWbyLt7o/mywb5A==,type:str] thoreb-itinerario-nix: ENC[AES256_GCM,data:UdAAD0V895sFoEYR56sCG2LlpZugJ0K/nwkTygzWOnbTSmBRAcIQ8qVFPZGw+K+XMSLiCyio6Jp7k8AYP0K1VYm+6aEP3OkqR9FCLQTJgXo=,iv:UGUby50BYkn13OzItk6zZmxc5+SnbZZa4bebQHIow2A=,tag:LjDg3deWwdH2T71EtPo6jA==,type:str] docker-images-token: ENC[AES256_GCM,data:GGB/KSkjdAyhFKEspAh91ItbqEDf7K/LZSGSn+Jp7SxRfXpDzHIiMD8XJ9PTkGLeQGN4ug1i2nTYPS7d/P5OALWDU+1NPiV9nPdG0w7GERfu4g==,iv:6roabdOKX9xFMf0hWlECd73+943R+hFLos0e2dOpzns=,tag:LrASFc4DtN7aQ+3oOW/p/w==,type:str] + wopus-gitlab-nix: ENC[AES256_GCM,data:asE7J0d58x9VfQFWc07f5T4s5NZ+/VqMQo66EX93J0LbJ4iI5YjvrrIE4pSI1e4Nz/SRQhltaJ0DfSH0+qgjD4wnAONPRi3UlFbSdGWS2bwwRtWe+Nci2krrUFxV2i/ZVE3CwCkNe4mqtII=,iv:gKrD/LhzI+jnDnX6CdxoHfjpiRdrsuRYJF9rTc8SffM=,tag:TczDGSU3gdKmERjBJ7tP/A==,type:str] + wopus-gitlab-docker-images: ENC[AES256_GCM,data:aGbCjQr1VKgg5n4f8vZKgdXcDw/M5JHez9E2TqipBXQ8D0jXdfPg6laNOJUOD+uPBOIGKUBMEg4OtLblCZFVw/V6wJN16wVbwkDU3uELQ8tPmlYSt4fcy4+5sC6+tV4YeMSKA6yIjD+xpkk=,iv:ojBhf2WdkWHruvTbABAAvuGDVOnsUl+qnhvH09L+lgA=,tag:gWhEkvL1qlcge3bSKVDSIg==,type:str] bitbucket-runners: wopus-runner-1: ENC[AES256_GCM,data:gtH0T5n8qMYpvSv5ciN8+ScGlFDf9xE0FTxNP97vT/qsOCcaItTE+5P+DFcWw46onLED+1c+u0sArFbEsT3f8lyco9b+0l99uOQAxLZQzAXYH8zGye1UnwUtytkci2PHu5c8kTpIWHXyZ1IOYNGWkermeab57ANzOkM1LbkHyAjS6VTh0I60LfAOdHOw5FDFL8d1d9oWxLloOe9USLPqHjC023EpCUT2YuyHoPCTpBu8Kb/2HfV0wkAKaB3dvVrKwXCj+bfP6+bjQ3uMzVO/7jxPmnSGBfvyZ+Hlg5goJ6bSAqQWmnPPnQ96FgQfe8su5ML9qNIp9/7eNiL6Rv6Vhxe0hHbE5wsZ/58grcg/LrugeWJvUJ9THhwcTwO8Pkvwlq0XM9seUY2NV+LCK3bLQ4IWDjWkU1IHg6+nihTcvl1iD6UIGMgqGoB/v05WVzHb+GcE2fFuSuhVHfa5RMyboELOJoFrqZiXGhY=,iv:ZakLafxYQCDd1Zw8T83Xfj+YwAQKna9LC6ognJqtifA=,tag:bwBObfdMIvJfRrOG04NtxA==,type:str] wopus-runner-2: ENC[AES256_GCM,data:gg8merZMFbf396hdJY7zmKQndT3GzB7NeGZAs3C0au8Zd7OFAg9vcQcFcxNA3kZGJZqmFTR/ycWJwhYr9fhlfFuPhDynVvgJAqoYtvC2MUDiOMD/d3DlfwFjQ6cOGTrvFuY1kkgSFb4OFdrVC1eiTDrGygFmYnYcqTKn/t5Ttqi+cHZNzFzVzdVLvaLCYxltM5g45zn+fXYxYwCfqyb32/M1XTnnwIGiataGxEX5oWhVV4zqeLO4ZIYPSby5AVvIMJ/zqvqaeVVY52GLDcTKrj3thbZxMQLWN3/lOA0uYhi3L/WM8Gx+JMEIbSICcuT7QXu4w4PA+opcx9GnsMCK2/egzS+cNPJ4vGZCdVD/jh6A9zVEJAgXdsHXNXFHmMPt7DcgrCQiub62og4kBY4G/Rcg4UN7sb3v3qyBpGbCGHGRjCFc+wdHpom0yDOG2cwcqfN49pC2R7Ag2BisFQ/5A+DPmKnvGG3kt9s=,iv:5g5XiDecYqi4JNRkZubgPJECBQdZ6rBeojgFe6Etebk=,tag:HRy5bFSbfxKTb5e13lGtgg==,type:str] wopus-runner-3: ENC[AES256_GCM,data:f9pLYR8t51HtPpLyXysIVaDAhxDrmktJH93E7rb7imtKwK7hRhR8usnvHTcknLfD7BMvStAIYefdGt19u7PrQu6vqc19bEcNbnK5OH4KBP6+X47oMgBYtbIGXH+t3dSDt22fSIoppTwdX7/Kf4vqesfN8K7EunETvFR86oyyKdy15mvXr0XUO4us4HZjnIOBEnOm1P/V8hk5JcCpRuo+8ZYmBe5gzq5pTnqnYlPE1EovM7eDMg72J7ev07h50qvySrAqmNiqDcXfTPQ2TzuHx3XxAYqFybf1L6P9OnLB6RDAlpoFJ0h8dSg2tzC2+amYsBP0UIBK/ZhWvvAjpX+MZrTASjenh/tefDcNdbsXDOr7A4i/261z4rC0r+97INglCN1N/SZg51iBHiRAVV1zibDLfioR5+eBIykWAtjILMoYU+zOcr0E8K0I9jQGMtpnYmvHJqV0DVcdfZpJptrPUUy+lQ/iZVcPpLs=,iv:grzvVsfpUzywjNE4jvTxXKG3TYajrvSsQgfOgtafvIo=,tag:K1B6crN0ckLk0EYBtGHDkw==,type:str] wopus-runner-4: ENC[AES256_GCM,data:D1Zq0BtPuACnutAbUcj3gYSMLuIZcMuqc/1mEFmitEG0tBFMWhkabS+8lXcp8sb1DM0LTDMEwgMB9FVyFb670MKQNEncqQtaNJtY1BxS3SolovDAM/I+i6YGvd4X8jX99d+7ZNR6xGBWJ/dW8rz4QnIM8Eh3FDOqaFa/ltfyPKP9IZ2uZi67C/n8Q/OSdgMQkt+QxhgJfSghE1iruPwxyGlqv+E4SZNI/fQQMjX0Lh7z02ms58yyMtjO71YbukV/JXFRsdJrqY2wfH/6NlZbsKideoSxluBRVqmbW6KQd7dUT819KbOSu9CFdgThtVCU8qiv3jbAbn8D5xRy4AAOEfSqRLXJoj7otCqr47R/8+0BdS3aztFBjL3lDmprMWZ4+LD55fvczfpxUF9ox1mhcjIvCvZJJL06XsST1XRXa7i2fr4/a/XhCmQgIzar5IYxSC9OjuHp6jLsTaY3ZUgid5W1L1n8uWSmA98=,iv:O9caRG//brERiIhuMrsFdTz6TnPY0rdQnvHEu0P42yM=,tag:hrmwLX/CRhZfammJ2nfTPw==,type:str] sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] age: - recipient: age1zrgu7w8059xydagm60phnffghvfe9h2ca58cx8qwagqpyfuvs9fqw79c8h enc: | @@ -33,8 +31,8 @@ sops: aFVxcDFhaGdYekRWRVFIWnRsZndtZFkKgsvxOFHOcO306Z9FkucA1fDOpZA8N1/h jYmIgcKTFgWoSCvux67lK30jFsYp7sm5z6WxxDYsGcoQ/+pxoUX2jQ== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-03-07T21:28:04Z" - mac: ENC[AES256_GCM,data:4lOafZQ6PP38CByulzA/J86sw+TpQhj40s1lTRXqUtpt72yH8nQK8dXpw0dNYvDBtDpKRvNTHZubzalEua6n2lCQL7rsZ2+fo6FJ4ht2Kb70dddDcWEyrfyZQ2FaKC5L/QjqM0SbIfPszNvyQ8wIaOoMfNJBis5QOjRSGDAcJm8=,iv:LLT0oJW+3KNe1nKphCK0c5FPIuh8GfnDrvNDCFhP4NM=,tag:rPbVY7L1qxNc3aCfv77FAg==,type:str] + lastmodified: "2025-05-28T03:04:52Z" + mac: ENC[AES256_GCM,data:THwZcK7nJnCYEUR8CiaQKZ8dQpYbDqnshBBWFzEzPXEWLgFB9+7d6aRh9ZDjZs0rhBTChta3H7YxDJdFh5nAJQy532FJp4S4tBOLHWFZARlKhXngujd0SvxPER55uvxImNFIYX0RDSHUck5jDXCA0tBCmE/Q7DuY7v0+cmRgOV8=,iv:1p3kFMSg0k1n00P6UY5Tttuqvpsb4Se8km5zA9GhAu4=,tag:cDxbHZ+eScDQacwV1sYGIA==,type:str] pgp: - created_at: "2025-03-07T22:49:16Z" enc: |- @@ -52,4 +50,4 @@ sops: -----END PGP MESSAGE----- fp: 0FECE8316E74BA6F44EFC21A2F8F21CE8721456B unencrypted_suffix: _unencrypted - version: 3.9.4-unstable + version: 3.10.2 diff --git a/system/gitlab-runner.nix b/system/gitlab-runner.nix index c50e1b9..b998d17 100644 --- a/system/gitlab-runner.nix +++ b/system/gitlab-runner.nix @@ -1,18 +1,19 @@ { pkgs, lib, ... }: { mkNixRunner = - authenticationTokenConfigFile: with lib; rec { + authenticationTokenConfigFile: with lib; { # File should contain at least these two variables: # `CI_SERVER_URL` # `REGISTRATION_TOKEN` inherit authenticationTokenConfigFile; # 2 dockerImage = "alpine:3.18.2"; - dockerAllowedImages = [ dockerImage ]; dockerVolumes = [ "/etc/nix/nix.conf:/etc/nix/nix.conf:ro" "/nix/store:/nix/store:ro" "/nix/var/nix/db:/nix/var/nix/db:ro" "/nix/var/nix/daemon-socket:/nix/var/nix/daemon-socket:ro" + "/var/run/docker.sock:/var/run/docker.sock" + "/cache" ]; dockerDisableCache = true; preBuildScript = pkgs.writeScript "setup-container" '' @@ -36,6 +37,7 @@ cacert git openssh + docker ] ) } diff --git a/system/monolith-gitlab-runner.nix b/system/monolith-gitlab-runner.nix index 28a0ecd..dd80627 100644 --- a/system/monolith-gitlab-runner.nix +++ b/system/monolith-gitlab-runner.nix @@ -18,6 +18,8 @@ in thoreb-telemetria-nix = mkNixRunner config.sops.secrets."gitlab-runners/thoreb-telemetria-nix".path; thoreb-itinerario-nix = mkNixRunner config.sops.secrets."gitlab-runners/thoreb-itinerario-nix".path; + wopus-gitlab-nix = mkNixRunner config.sops.secrets."gitlab-runners/wopus-gitlab-nix".path; + default = { # File should contain at least these two variables: # `CI_SERVER_URL` @@ -25,6 +27,15 @@ in authenticationTokenConfigFile = config.sops.secrets."gitlab-runners/docker-images-token".path; dockerImage = "debian:stable"; }; + + wopus-gitlab-docker-images = { + # File should contain at least these two variables: + # `CI_SERVER_URL` + # `CI_SERVER_TOKEN` + authenticationTokenConfigFile = + config.sops.secrets."gitlab-runners/wopus-gitlab-docker-images".path; + dockerImage = "debian:stable"; + }; }; }; systemd.services.gitlab-runner.serviceConfig.Nice = 10; @@ -39,5 +50,11 @@ in "gitlab-runners/docker-images-token" = { sopsFile = ../secrets/monolith/default.yaml; }; + "gitlab-runners/wopus-gitlab-nix" = { + sopsFile = ../secrets/monolith/default.yaml; + }; + "gitlab-runners/wopus-gitlab-docker-images" = { + sopsFile = ../secrets/monolith/default.yaml; + }; }; } From 93c88db929bb1072b4b7cf16b2750bd72ba0a808 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Leonardo=20Eug=C3=AAnio?= Date: Wed, 28 May 2025 11:45:38 -0300 Subject: [PATCH 52/56] home: don't set CARGO_HOME and RUSTUP_HOME This was causing issues with using different rust versions in different projects --- user/xdg-dirs.nix | 8 -------- 1 file changed, 8 deletions(-) diff --git a/user/xdg-dirs.nix b/user/xdg-dirs.nix index a9e1c9b..c4036c2 100644 --- a/user/xdg-dirs.nix +++ b/user/xdg-dirs.nix @@ -1,8 +1,5 @@ { config, - pkgs, - lib, - inputs, ... }: let @@ -24,9 +21,4 @@ in videos = "${HOME}/Vídeos"; }; }; - - home.sessionVariables = { - CARGO_HOME = "${config.xdg.dataHome}/cargo"; - RUSTUP_HOME = "${config.xdg.dataHome}/rustup"; - }; } From 53a3cb0a0eb245c25aaa4df1900ea84c7a1b9f53 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Leonardo=20Eug=C3=AAnio?= Date: Wed, 28 May 2025 20:56:59 -0300 Subject: [PATCH 53/56] monolith: fix gitlab-runner config to not override PATH --- system/gitlab-runner.nix | 100 ++++++++++++++++++++------------------- 1 file changed, 51 insertions(+), 49 deletions(-) diff --git a/system/gitlab-runner.nix b/system/gitlab-runner.nix index b998d17..e450b5e 100644 --- a/system/gitlab-runner.nix +++ b/system/gitlab-runner.nix @@ -1,53 +1,55 @@ { pkgs, lib, ... }: +let + installNixScript = pkgs.writeScriptBin "install-nix" '' + mkdir -p -m 0755 /nix/var/log/nix/drvs + mkdir -p -m 0755 /nix/var/nix/gcroots + mkdir -p -m 0755 /nix/var/nix/profiles + mkdir -p -m 0755 /nix/var/nix/temproots + mkdir -p -m 0755 /nix/var/nix/userpool + mkdir -p -m 1777 /nix/var/nix/gcroots/per-user + mkdir -p -m 1777 /nix/var/nix/profiles/per-user + mkdir -p -m 0755 /nix/var/nix/profiles/per-user/root + mkdir -p -m 0700 "$HOME/.nix-defexpr" + + . ${pkgs.nix}/etc/profile.d/nix.sh + + ${pkgs.nix}/bin/nix-env -i ${ + lib.concatStringsSep " " ( + with pkgs; + [ + nix + cacert + git + openssh + docker + ] + ) + } + ''; +in { - mkNixRunner = - authenticationTokenConfigFile: with lib; { - # File should contain at least these two variables: - # `CI_SERVER_URL` - # `REGISTRATION_TOKEN` - inherit authenticationTokenConfigFile; # 2 - dockerImage = "alpine:3.18.2"; - dockerVolumes = [ - "/etc/nix/nix.conf:/etc/nix/nix.conf:ro" - "/nix/store:/nix/store:ro" - "/nix/var/nix/db:/nix/var/nix/db:ro" - "/nix/var/nix/daemon-socket:/nix/var/nix/daemon-socket:ro" - "/var/run/docker.sock:/var/run/docker.sock" - "/cache" - ]; - dockerDisableCache = true; - preBuildScript = pkgs.writeScript "setup-container" '' - mkdir -p -m 0755 /nix/var/log/nix/drvs - mkdir -p -m 0755 /nix/var/nix/gcroots - mkdir -p -m 0755 /nix/var/nix/profiles - mkdir -p -m 0755 /nix/var/nix/temproots - mkdir -p -m 0755 /nix/var/nix/userpool - mkdir -p -m 1777 /nix/var/nix/gcroots/per-user - mkdir -p -m 1777 /nix/var/nix/profiles/per-user - mkdir -p -m 0755 /nix/var/nix/profiles/per-user/root - mkdir -p -m 0700 "$HOME/.nix-defexpr" - - . ${pkgs.nix}/etc/profile.d/nix.sh - - ${pkgs.nix}/bin/nix-env -i ${ - concatStringsSep " " ( - with pkgs; - [ - nix - cacert - git - openssh - docker - ] - ) - } - ''; - environmentVariables = { - ENV = "/etc/profile"; - USER = "root"; - NIX_REMOTE = "daemon"; - PATH = "/nix/var/nix/profiles/default/bin:/nix/var/nix/profiles/default/sbin:/bin:/sbin:/usr/bin:/usr/sbin"; - NIX_SSL_CERT_FILE = "/nix/var/nix/profiles/default/etc/ssl/certs/ca-bundle.crt"; - }; + mkNixRunner = authenticationTokenConfigFile: { + # File should contain at least these two variables: + # `CI_SERVER_URL` + # `REGISTRATION_TOKEN` + inherit authenticationTokenConfigFile; # 2 + dockerImage = "alpine:3.18.2"; + dockerVolumes = [ + "/etc/nix/nix.conf:/etc/nix/nix.conf:ro" + "/nix/store:/nix/store:ro" + "/nix/var/nix/db:/nix/var/nix/db:ro" + "/nix/var/nix/daemon-socket:/nix/var/nix/daemon-socket:ro" + "/tmp:/tmp" + "/var/run/docker.sock:/var/run/docker.sock" + "/var/lib/docker/containers:/var/lib/docker/containers" + "/cache" + ]; + preBuildScript = "\". ${lib.getExe installNixScript}\""; + environmentVariables = { + ENV = "/etc/profile"; + USER = "root"; + NIX_REMOTE = "daemon"; + NIX_SSL_CERT_FILE = "/nix/var/nix/profiles/default/etc/ssl/certs/ca-bundle.crt"; }; + }; } From 218d32153f794affb95996f77bae6455a58bf5d6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Leonardo=20Eug=C3=AAnio?= Date: Wed, 28 May 2025 23:29:28 -0300 Subject: [PATCH 54/56] Revert "firefox: remove pinned extensions" This reverts commit 6102f2283a3c624d97fb752c8d6125c8cf89d665. --- user/firefox.nix | 77 +++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 76 insertions(+), 1 deletion(-) diff --git a/user/firefox.nix b/user/firefox.nix index 28ba913..0403a14 100644 --- a/user/firefox.nix +++ b/user/firefox.nix @@ -5,12 +5,85 @@ }: let inherit (config.my.theme) color; + + bugfixedFirefox = pkgs.firefox-devedition-unwrapped // { + requireSigning = false; + allowAddonSideload = true; + }; in { config = { programs.firefox = { enable = true; - package = pkgs.firefox-devedition; + package = pkgs.wrapFirefox bugfixedFirefox { + nixExtensions = [ + (pkgs.fetchFirefoxAddon { + name = "darkreader"; + url = "https://addons.mozilla.org/firefox/downloads/file/4205543/darkreader-4.9.73.xpi"; + hash = "sha256-fDmf8yVhiGu4Da0Mr6+PYpeSsLcf8e/PEmZ+BaKzjxo="; + }) + (pkgs.fetchFirefoxAddon { + name = "sponsorblock"; + url = "https://addons.mozilla.org/firefox/downloads/file/4202411/sponsorblock-5.4.29.xpi"; + hash = "sha256-7Xqc8cyQNylMe5/dgDOx1f2QDVmz3JshDlTueu6AcSg="; + }) + # (pkgs.fetchFirefoxAddon { + # name = "tree-style-tab"; + # url = "https://addons.mozilla.org/firefox/downloads/file/4197314/tree_style_tab-3.9.19.xpi"; + # hash = "sha256-u2f0elVPj5N/QXa+5hRJResPJAYwuT9z0s/0nwmFtVo="; + # }) + (pkgs.fetchFirefoxAddon { + name = "ublock-origin"; + url = "https://addons.mozilla.org/firefox/downloads/file/4290466/ublock_origin-1.58.0.xpi"; + hash = "sha256-RwxWmUpxdNshV4rc5ZixWKXcCXDIfFz+iJrGMr0wheo="; + }) + (pkgs.fetchFirefoxAddon { + name = "user_agent_string_switcher"; + url = "https://addons.mozilla.org/firefox/downloads/file/4098688/user_agent_string_switcher-0.5.0.xpi"; + hash = "sha256-ncjaPIxG1PBNEv14nGNQH6ai9QL4WbKGk5oJDbY+rjM="; + }) + + (pkgs.fetchFirefoxAddon { + name = "i-still-dont-care-about-cookies"; + url = "https://github.com/OhMyGuus/I-Still-Dont-Care-About-Cookies/releases/download/v1.1.4/istilldontcareaboutcookies-1.1.4.xpi"; + hash = "sha256-yt6yRiLTuaK4K/QwgkL9gCVGsSa7ndFOHqZvKqIGZ5U="; + }) + + (pkgs.fetchFirefoxAddon { + name = "vimium_ff"; + url = "https://addons.mozilla.org/firefox/downloads/file/4191523/vimium_ff-2.0.6.xpi"; + hash = "sha256-lKLX6IWWtliRdH1Ig33rVEB4DVfbeuMw0dfUPV/mSSI="; + }) + (pkgs.fetchFirefoxAddon { + name = "unhook"; + url = "https://addons.mozilla.org/firefox/downloads/file/4263531/youtube_recommended_videos-1.6.7.xpi"; + hash = "sha256-u21ouN9IyOzkTkFSeDz+QBp9psJ1F2Nmsvqp6nh0DRU="; + }) + # (pkgs.fetchFirefoxAddon { + # name = "invidious_redirect"; + # url = "https://addons.mozilla.org/firefox/downloads/file/4292924/invidious_redirect_2-1.16.xpi"; + # hash = "sha256-ApCc+MNmW9Wd/5seV6npePQVEaszT/rhD9EB7HGiUb8="; + # }) + + (pkgs.fetchFirefoxAddon { + name = "substitoot"; + url = "https://addons.mozilla.org/firefox/downloads/file/4236602/substitoot-0.7.2.0.xpi"; + hash = "sha256-1auSqEjkebwRSbmAVUsYwy77dl7TQCOnqgozpoVnqgI="; + }) + + # Locale + (pkgs.fetchFirefoxAddon { + name = "firefox_br"; + url = "https://addons.mozilla.org/firefox/downloads/file/4144369/firefox_br-115.0.20230726.201356.xpi"; + hash = "sha256-8zkqfdW0lX0b62+gAJeq4FFlQ06nXGFAexpH+wg2Cr0="; + }) + (pkgs.fetchFirefoxAddon { + name = "corretor"; + url = "https://addons.mozilla.org/firefox/downloads/file/1176165/corretor-65.2018.12.8.xpi"; + hash = "sha256-/rFQtJHdgemMkGAd+KWuWxVA/BwSIkn6sk0XZE0LrGk="; + }) + ]; + }; profiles = { dev-edition-default = { isDefault = true; @@ -21,6 +94,8 @@ in "toolkit.legacyUserProfileCustomizations.stylesheets" = true; "sidebar.position_start" = false; # Move sidebar to the right + "browser.tabs.groups.enabled" = true; + # enable media RDD to allow gpu acceleration "media.rdd-ffmpeg.enabled" = true; "media.rdd-ffvpx.enabled" = true; From 1d7c1bf0e9762b3919a5fb3d1491c51f566287bf Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Leonardo=20Eug=C3=AAnio?= Date: Fri, 30 May 2025 01:31:19 -0300 Subject: [PATCH 55/56] monolith: switch to kyber io scheduler --- hosts/monolith/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hosts/monolith/default.nix b/hosts/monolith/default.nix index 280cc3f..753047a 100644 --- a/hosts/monolith/default.nix +++ b/hosts/monolith/default.nix @@ -144,7 +144,7 @@ in ACTION=="add" SUBSYSTEM=="usb" ATTR{idVendor}=="046d" ATTR{idProduct}=="c547" ATTR{power/wakeup}="disabled" # Force all disks to use mq-deadline scheduler # For some reason "noop" is used by default which is kinda bad when io is saturated - ACTION=="add|change", KERNEL=="sd[a-z]*[0-9]*|mmcblk[0-9]*p[0-9]*|nvme[0-9]*n[0-9]*p[0-9]*", ATTR{../queue/scheduler}="mq-deadline" + ACTION=="add|change", KERNEL=="sd[a-z]*[0-9]*|mmcblk[0-9]*p[0-9]*|nvme[0-9]*n[0-9]*p[0-9]*", ATTR{../queue/scheduler}="kyber" ''; boot.tmp = { From 22dc422b6308e54973c3fa33a70ba39cd0096e6e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Leonardo=20Eug=C3=AAnio?= Date: Fri, 30 May 2025 17:05:29 -0300 Subject: [PATCH 56/56] gitlab-runner: fix broken cache config --- system/gitlab-runner.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/system/gitlab-runner.nix b/system/gitlab-runner.nix index e450b5e..8db526f 100644 --- a/system/gitlab-runner.nix +++ b/system/gitlab-runner.nix @@ -42,8 +42,8 @@ in "/tmp:/tmp" "/var/run/docker.sock:/var/run/docker.sock" "/var/lib/docker/containers:/var/lib/docker/containers" - "/cache" ]; + dockerDisableCache = true; preBuildScript = "\". ${lib.getExe installNixScript}\""; environmentVariables = { ENV = "/etc/profile";