From 35541ea5aed2fd523c6614ad4492a6c3ae8acb8f Mon Sep 17 00:00:00 2001 From: Lucien Cartier-Tilet Date: Sun, 8 Feb 2026 00:20:44 +0100 Subject: [PATCH] feat(elcafe): add new server configuration --- .sops.yaml | 4 + README.md | 1 - flake.nix | 19 +-- hosts/alys/configuration.nix | 10 +- hosts/elcafe/configuration.nix | 71 ++++++++++++ hosts/elcafe/hardware-configuration.nix | 42 +++++++ hosts/gampo/configuration.nix | 7 +- hosts/marpa/configuration.nix | 10 +- hosts/naromk3/configuration.nix | 10 +- hosts/naromk3/hardware-configuration.nix | 38 +++--- hosts/tilo/configuration.nix | 10 +- secrets/secrets.yaml | 116 +++++++++++-------- system/boot/boot.nix | 2 +- system/dev/docker.nix | 8 ++ system/hardware/default.nix | 4 +- system/network/tailscale.nix | 2 +- system/services/sunshine.nix | 13 ++- system/services/traefik.nix | 31 +++-- system/users/default.nix | 2 + system/users/phundrak.nix | 30 +++-- system/users/root.nix | 17 +++ users/modules/desktop/default.nix | 3 +- users/modules/desktop/qt.nix | 11 -- users/modules/desktop/spotify.nix | 2 +- users/modules/desktop/theme.nix | 43 ++++--- users/modules/desktop/wlr-which-key.nix | 2 +- users/phundrak/home.nix | 2 +- users/phundrak/host/alys.nix | 5 +- users/phundrak/host/elcafe.nix | 8 ++ users/phundrak/host/gampo.nix | 4 +- users/phundrak/host/marpa.nix | 4 +- users/phundrak/host/naromk3.nix | 2 +- users/phundrak/host/tilo.nix | 2 +- {keys => users/phundrak/keys}/id_alys.pub | 0 users/phundrak/keys/id_elcafe.pub | 1 + {keys => users/phundrak/keys}/id_gampo.pub | 0 {keys => users/phundrak/keys}/id_marpa.pub | 0 {keys => users/phundrak/keys}/id_naromk3.pub | 0 {keys => users/phundrak/keys}/id_opn4.pub | 0 {keys => users/phundrak/keys}/id_tilo.pub | 0 users/phundrak/packages.nix | 2 +- 41 files changed, 366 insertions(+), 172 deletions(-) create mode 100644 hosts/elcafe/configuration.nix create mode 100644 hosts/elcafe/hardware-configuration.nix create mode 100644 system/users/root.nix delete mode 100644 users/modules/desktop/qt.nix create mode 100644 users/phundrak/host/elcafe.nix rename {keys => users/phundrak/keys}/id_alys.pub (100%) create mode 100644 users/phundrak/keys/id_elcafe.pub rename {keys => users/phundrak/keys}/id_gampo.pub (100%) rename {keys => users/phundrak/keys}/id_marpa.pub (100%) rename {keys => users/phundrak/keys}/id_naromk3.pub (100%) rename {keys => users/phundrak/keys}/id_opn4.pub (100%) rename {keys => users/phundrak/keys}/id_tilo.pub (100%) diff --git a/.sops.yaml b/.sops.yaml index 3e9676b..3da08f6 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -1,4 +1,6 @@ keys: + - &elcafe age1tkywsvddjj6r6ukuqgz9aql92jfx85rz57dhmkkndysh6yx6p5rs0zj0qr + - &elcafe-host age17p69ktg7yfzgdsk00f32mupe4n4fevdpw2wsv7ft30yvpeseau6s7t0zdg - &gampo age1ajemtm502nn2n4q7v4j8meyd5mxtcqngkkedxq2pqzuwu78zp93qnw8q48 - &gampo-host age197lfdanym647wdaz9uy8hrfqjwj9fs8rm7vs3fsrctceu8mr9gms2jedhz - &marpa age17pn6suvz2f7zmrm9zxj5hr0putvcvdamqxqt7ewhncgg6ccgmp2qr00xm2 @@ -19,3 +21,5 @@ creation_rules: - *tilo-host - *NaroMk3 - *NaroMk3-host + - *elcafe + - *elcafe-host diff --git a/README.md b/README.md index 7ff28c3..7d1dcbf 100644 --- a/README.md +++ b/README.md @@ -20,7 +20,6 @@ - **hosts/**: Contains the host-specific NixOS configurations. - **system/**: Holds system-wide configuration modules that can be shared across different hosts. This includes things like boot settings, desktop environments, hardware configurations, networking, packages, security, and system services. - **users/**: Manages user-specific configurations. It's split into `modules` for reusable home-manager configurations and `phundrak` for my personal configuration. -- **keys/**: Public keys for various machines. - **secrets/**: Encrypted secrets managed with `sops-nix`. ## Usage diff --git a/flake.nix b/flake.nix index 133473c..ffe0d81 100644 --- a/flake.nix +++ b/flake.nix @@ -94,6 +94,7 @@ defaultUserModules = [ inputs.sops-nix.homeManagerModules.sops inputs.spicetify.homeManagerModules.default + inputs.caelestia-shell.homeManagerModules.default ]; withUserModules = modules: nixpkgs.lib.lists.flatten (defaultUserModules ++ [modules]); in { @@ -101,19 +102,17 @@ inherit extraSpecialArgs pkgs; modules = withUserModules ./users/phundrak/host/alys.nix; }; + "phundrak@elcafe" = home-manager.lib.homeManagerConfiguration { + inherit extraSpecialArgs pkgs; + modules = withUserModules ./users/phundrak/host/elcafe.nix; + }; "phundrak@gampo" = home-manager.lib.homeManagerConfiguration { inherit extraSpecialArgs pkgs; - modules = withUserModules [ - inputs.caelestia-shell.homeManagerModules.default - ./users/phundrak/host/marpa.nix - ]; + modules = withUserModules ./users/phundrak/host/marpa.nix; }; "phundrak@marpa" = home-manager.lib.homeManagerConfiguration { inherit extraSpecialArgs pkgs; - modules = withUserModules [ - inputs.caelestia-shell.homeManagerModules.default - ./users/phundrak/host/marpa.nix - ]; + modules = withUserModules ./users/phundrak/host/marpa.nix; }; "phundrak@NaroMk3" = home-manager.lib.homeManagerConfiguration { inherit extraSpecialArgs pkgs; @@ -136,6 +135,10 @@ inherit specialArgs; modules = withSystemModules ./hosts/alys/configuration.nix; }; + elcafe = nixpkgs.lib.nixosSystem { + inherit specialArgs; + modules = withSystemModules ./hosts/elcafe/configuration.nix; + }; gampo = nixpkgs.lib.nixosSystem { inherit specialArgs; modules = withSystemModules ./hosts/gampo/configuration.nix; diff --git a/hosts/alys/configuration.nix b/hosts/alys/configuration.nix index 78dcdcb..542fe8a 100644 --- a/hosts/alys/configuration.nix +++ b/hosts/alys/configuration.nix @@ -20,10 +20,7 @@ domain = "phundrak.com"; id = "41157110"; }; - packages.nix = { - gc.automatic = true; - trusted-users = ["root" "phundrak"]; - }; + packages.nix.gc.automatic = true; services = { endlessh.enable = true; ssh = { @@ -34,7 +31,10 @@ }; users = { root.disablePassword = true; - phundrak.enable = true; + phundrak = { + enable = true; + trusted = true; + }; }; }; system.stateVersion = "23.11"; diff --git a/hosts/elcafe/configuration.nix b/hosts/elcafe/configuration.nix new file mode 100644 index 0000000..776363c --- /dev/null +++ b/hosts/elcafe/configuration.nix @@ -0,0 +1,71 @@ +{ + inputs, + config, + ... +}: { + imports = [ + ./hardware-configuration.nix + inputs.home-manager.nixosModules.default + ../../system + ]; + + sops.secrets = { + "elcafe/traefik/env".restartUnits = ["traefik.service"]; + "elcafe/traefik/dynamic".restartUnits = ["traefik.service"]; + }; + + mySystem = { + boot = { + kernel = { + hardened = true; + cpuVendor = "intel"; + }; + grub = { + enable = true; + device = "/dev/sdh"; + }; + zfs = { + enable = true; + pools = ["tank"]; + }; + }; + dev.docker = { + enable = true; + storage = "/tank/docker/"; + }; + misc.keymap = "fr"; + networking = { + hostname = "elcafe"; + id = "501c7fb9"; + }; + packages.nix.gc.automatic = true; + services = { + endlessh.enable = true; + ssh = { + enable = true; + allowedUsers = ["phundrak"]; + passwordAuthentication = true; + }; + traefik = { + enable = false; + environmentFiles = [config.sops.secrets."elcafe/traefik/env".path]; + dynamicConfigFile = config.sops.secrets."elcafe/traefik/dynamic".path; + }; + }; + users = { + root.disablePassword = true; + phundrak = { + enable = true; + trusted = true; + }; + }; + }; + + # This value determines the NixOS release from which the default + # settings for stateful data, like file locations and database versions + # on your system were taken. It's perfectly fine and recommended to leave + # this value at the release version of the first install of this system. + # Before changing this value read the documentation for this option + # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). + system.stateVersion = "23.11"; # Did you read the comment? +} diff --git a/hosts/elcafe/hardware-configuration.nix b/hosts/elcafe/hardware-configuration.nix new file mode 100644 index 0000000..c629cb0 --- /dev/null +++ b/hosts/elcafe/hardware-configuration.nix @@ -0,0 +1,42 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ + config, + lib, + modulesPath, + ... +}: { + imports = [ + (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot = { + initrd = { + availableKernelModules = ["ahci" "xhci_pci" "ehci_pci" "megaraid_sas" "usbhid" "usb_storage" "sd_mod" "sr_mod"]; + kernelModules = []; + }; + kernelModules = ["kvm-intel"]; + extraModulePackages = []; + }; + + fileSystems."/" = { + device = "/dev/disk/by-uuid/d2e703f7-90e0-43e7-9872-ce036f201c4b"; + fsType = "ext4"; + }; + + swapDevices = []; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.eno1.useDHCP = lib.mkDefault true; + # networking.interfaces.eno2.useDHCP = lib.mkDefault true; + # networking.interfaces.eno3.useDHCP = lib.mkDefault true; + # networking.interfaces.eno4.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} diff --git a/hosts/gampo/configuration.nix b/hosts/gampo/configuration.nix index 4ad2c4b..c0ad715 100644 --- a/hosts/gampo/configuration.nix +++ b/hosts/gampo/configuration.nix @@ -49,8 +49,8 @@ appimage.enable = true; flatpak.enable = true; nix = { + gc.automatic = true; nix-ld.enable = true; - trusted-users = ["root" "phundrak"]; }; }; programs.steam.enable = true; @@ -60,7 +60,10 @@ }; users = { root.disablePassword = true; - phundrak.enable = true; + phundrak = { + enable = true; + trusted = true; + }; }; }; diff --git a/hosts/marpa/configuration.nix b/hosts/marpa/configuration.nix index 0b20fdf..844a018 100644 --- a/hosts/marpa/configuration.nix +++ b/hosts/marpa/configuration.nix @@ -98,10 +98,7 @@ packages = { appimage.enable = true; flatpak.enable = true; - nix = { - nix-ld.enable = true; - trusted-users = ["root" "phundrak"]; - }; + nix.nix-ld.enable = true; }; programs.steam.enable = true; services = { @@ -116,7 +113,10 @@ }; users = { root.disablePassword = true; - phundrak.enable = true; + phundrak = { + enable = true; + trusted = true; + }; }; }; diff --git a/hosts/naromk3/configuration.nix b/hosts/naromk3/configuration.nix index 35132a2..81bfa56 100644 --- a/hosts/naromk3/configuration.nix +++ b/hosts/naromk3/configuration.nix @@ -29,10 +29,7 @@ ]; }; }; - packages.nix = { - gc.automatic = true; - trusted-users = ["phundrak"]; - }; + packages.nix.gc.automatic = true; services = { endlessh.enable = false; ssh = { @@ -44,7 +41,10 @@ }; users = { root.disablePassword = true; - phundrak.enable = true; + phundrak = { + enable = true; + trusted = true; + }; }; }; diff --git a/hosts/naromk3/hardware-configuration.nix b/hosts/naromk3/hardware-configuration.nix index e0fe34d..6cdb47e 100644 --- a/hosts/naromk3/hardware-configuration.nix +++ b/hosts/naromk3/hardware-configuration.nix @@ -10,25 +10,31 @@ (modulesPath + "/profiles/qemu-guest.nix") ]; - boot.initrd.availableKernelModules = ["ahci" "xhci_pci" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod"]; - boot.initrd.kernelModules = []; - boot.kernelModules = []; - boot.extraModulePackages = []; - - fileSystems."/" = { - device = "/dev/disk/by-uuid/28b965a5-940b-4990-87fe-039c9f373bf0"; - fsType = "ext4"; + boot = { + initrd = { + availableKernelModules = ["ahci" "xhci_pci" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod"]; + kernelModules = []; + }; + kernelModules = []; + extraModulePackages = []; }; - fileSystems."/boot" = { - device = "/dev/disk/by-uuid/EBAD-6B85"; - fsType = "vfat"; - options = ["fmask=0022" "dmask=0022"]; - }; + fileSystems = { + "/" = { + device = "/dev/disk/by-uuid/28b965a5-940b-4990-87fe-039c9f373bf0"; + fsType = "ext4"; + }; - fileSystems."/tank" = { - device = "/dev/disk/by-uuid/ed00871e-a14a-428f-b6e4-5b56febd756a"; - fsType = "ext4"; + "/boot" = { + device = "/dev/disk/by-uuid/EBAD-6B85"; + fsType = "vfat"; + options = ["fmask=0022" "dmask=0022"]; + }; + + "/tank" = { + device = "/dev/disk/by-uuid/ed00871e-a14a-428f-b6e4-5b56febd756a"; + fsType = "ext4"; + }; }; swapDevices = []; diff --git a/hosts/tilo/configuration.nix b/hosts/tilo/configuration.nix index 6fb426e..7faf614 100644 --- a/hosts/tilo/configuration.nix +++ b/hosts/tilo/configuration.nix @@ -30,10 +30,7 @@ ]; }; }; - packages.nix = { - gc.automatic = true; - trusted-users = ["root" "phundrak"]; - }; + packages.nix.gc.automatic = true; services = { calibre.enable = true; endlessh.enable = true; @@ -50,7 +47,10 @@ }; users = { root.disablePassword = true; - phundrak.enable = true; + phundrak = { + enable = true; + trusted = true; + }; }; }; diff --git a/secrets/secrets.yaml b/secrets/secrets.yaml index fcbb9a4..818e17c 100644 --- a/secrets/secrets.yaml +++ b/secrets/secrets.yaml @@ -1,85 +1,107 @@ -extraHosts: ENC[AES256_GCM,data:buAUbxVALT7zjwYfySVQ7E6RsI4EaVBUFN/ZXOuSaj42DLoLPM45PSgkxjner9o4g6a3s58Snp3siO8l0KPSTYyPUPBZ7dgbCcsWp5t8Q3K111d4TPTlx+gcluK5BvwNvFB4esRXJOgpm5jK498COKq/UZJECM0D5Emid0CKkzZynUYdbQeHkQEKIXV2LxJNro87xHtU/l11nox37Na0+t+eqp8/jcQh9pGnKmppPhviJeCy6GoiDPNFHDalQUmd204gi6EaTx0p3r7gRK61RfTwSCiX1Y7N5muzPvJQJt8lwgqznw5Etjud8wn6HF+fmb/BbYtioO9TjOVJnjVOlB4iUMApx3XY4VOuBPJm7D9ET+2J8Umw4OD5pB9A5WF+gVseAqYYNZYpe2hlHBoXMw4IZh8qOgxR/noE71PHxRe5gSB/2Hq0lKwG0e8lyFEeJKZdXsl47CtQE39RfC/+ik2COaRmYxY8fHHs2/yTylopv/pSM6K2TGF5B3dwVS18LU5AR48C1Ip7CseMgjgAWvjQ43KBc+P74a+237tlRFlFsU3HNk9Hk4fF53DPUX67+l42W6sNcgrszFHb/dm939qDKYqdNcWEjaaVSdDo34I6NGhmTUI7FxCVYipe,iv:SehibPtT3k9Ufen8Gri3HcFthUe0S7dMT+486fwOK0w=,tag:oatCeFr2j3EPHwXc6eU66w==,type:str] +elcafe: + traefik: + env: ENC[AES256_GCM,data:HUdWGYoEPp2v8dnDuVsl7YmPxuBfHmXzGrvKWeiqPlmAwMqVZrZ1j8on/7QKvYDJoTJ40XY2qNynSA==,iv:Vgc/fZERnNp7hSMeRd9EgB3IenKAFTAhwC0bk8CX4DE=,tag:SdfhOST/o29Lt1zRdXXRyQ==,type:str] + dynamic: ENC[AES256_GCM,data:BKsjTfqpZhrocHOUfxjCNS61DVb1oSdPW99IrwmNjpFcs68WvyfD0+QZ9F362L88CQDTnDSXWAbc7mcBtxhqfhkjtsdxkhtLHMGG0WxlnYungTnROh9EDJRLNyjy/RCYWOIVOXIEUE5lLwnQkboZLEiruw1Ri+r27WYmGpD5DaR4XWDankb6BQPJA6f2ziPyynjNYZaRhMIQUDFLM3QRAXPYD00eaYIQtx253z8Uocz4LpOw2JReAQkI2zc+6Oe1O4fP/Cg8klF0owR6NkNUWoIUVwLqFmU7Yr45VO+T/f96Ev0hlDaMklxYJGNOS8kRbSqpaiuMCmL2mQ6rsZGFVfdMdImSL2j51lrPFJCsg/hNGXHAxQ0/OpHtcZz/cwn5nSHBXg6gX21kOpkWGY1+BRA15X0k5sUqXkZWjkP9wkSCV6pQTbr8a3GrX2VvGwguAC4EpTCkCobXw/d9a7bMfZFeJqFhwjpU/dfBi6OjF7bniOQ7k3+5RZRDqAxJiPaBk7NKVN1FzUCvFBjKifbfICOJaPJr1CmayNuBZtsSlj0MXBYx8D8oShzhsCo/+pyni4poMYyfNC9jQKWCBsjKEa6eWb1+TfOHv4W+lSlBFg3vGm4NDxCPnACKWlhKB4WoJGRHqnp809XF2fqP4lZN8S7+sB2rhNlr2CICk9oM80FNmW/8TTtIgbpfEeFeJwNTM+S95cFSqaIRg3kfcqB/bHG37BYthcL1SC85/lxhL2LJ/O0qXxbioyxVAaBIumAO8BB1qrdbOozHZZAU1IIKylDWMWUoJMyMdhMGnOxxxWcbV2jPUXUv03DYNp3G/5F2Hlr+h0bPIJEFZ2kb14wTK+25MsgfBgky26f8qjNwROqKA+bPeB2yUKSSCJb//PzzE4xyqu1mq2/1zTal0eSRTCEnAUCj0wDqCLBMO6GnL0PS4PtGJ9n/IbOjFXZeixWGJzUTcmxPAmsClH6FV8brEMVs5bfrjLieXQvcn0b8b9/1W2jV4dJGUE1TxUQ2B92VG7PrA39O/FO8tQJZrAMXO9iMv495w0Nxbt0HYN6wsFTUwlQ+3DCXxgmmVBqVSf1OtHuhxcznl1oR+sgPSgBRLVB22mv5677ErQGCWp1luyPSF6xvhIaKe9BDwxBwJ+RsqSn4w5t1qJM9uYqFunSJPY5439B4zWG+lUy1ZDNn1oHUaX3hZUhzc9tEm+0CWFNXxH2hiRFb2nYP6Pv/GNqjZCsflY0YYty0UJBqRELGpUO3Sd+zbyJmWtvDjto726/0jHB/jb0RVThUem0PzWmmIUth0ucKp0M7zqEWNyVPbvWOK6rWQW9eaW87bFeMhrD1PC+U0ilq9DKG1J3ldc0lEBrguc4fk72T3I62pw5KdGnsmB+FjAc8kdTFKhM52ylChsAnJGFu0LyBUgjGIzZ03XkO8RbYs/wzc9VQOvyikvB67wImXMu8PJDzMxXnu58y7C4U86kvLdUfYm5bz+MxZmXsDA1L7C4si6oLf7rOCfLLc4A1a/X/aMSk330SARW/UAZ/NaFDXhotYXZUSbr41Z6b0qRPZjjZfOkdeKxTp+r07+8oJpPOaIaaOIlNRkGyRCnbCGvJ4CuUfTQuywIefBHlawGzhsDvOKorWYTuim7MbJcd19bYMG6k8qqTQlNeHjZJaDLKJ/rnSAIGDSNYRP4uUUo0gqSp82E9bXUUn5VuFSPcJ55uvFXZD0f6tLZGIyUuG5tqw3xNQF2cA+4ZXzbxi6VIZQ+ahZELkoBR+dVXQ0yGkDJusNf61A1lfI2bd7JQnJ7YVhbF1gXNnDXdWO0F8zsnZyhSSJY3ZoXLdYn+v39+AxQvE3mpX7zNsk7+0WUHuqAh6JG6OBt7jF5OVwD3bfuQfDhPlfD7YOU5/C+rekDGXmfZOMXxadvQgWFcpHdgbV7NwKqdgj6pJDVoGO8/4HGtlb94/o6dtXzfheSLUhCUZ2Im81yduu8386fCYLHX/ZsP+CuuC2wlXQaSCgoODRXXDz7jsRcQNfW2ohmFT9iDn95NI5ylCgt49t2Cr06ft7Pd0tWjh69VQ8TjNlfqm3Sxlf/Gb9ihwOOytmbDv4bNKhpRIPC0jIZv3aaA7vgdLCbySVeMo1tfMx3Xvf6q8XqlsQ/HgwBxAMmjakIAukNwtU74oJ2AYpIO/Oc47081JR2sVtGWer6l7C8KMy9O0xYtABsofkc9kHQWtAvn82sSQTuI/UgD5ttfdfVZZaanHek3vgJyTYI3sPQDVJ6SXrC0a+fqMlTL7Jux/0B70gK1z46j5C54IBCChNa4CwXhvxofyoDgyF6DVC2qZxoKXGl1veQKJh68q9hCiDlYEpiwuRCs3j6uSUG4Rssc9TKfdY3AQltVrhykEORVEgZe1HWmlms=,iv:3G3geSZRziwGiKcUMVNZ7j5s/4YA6Uk7wCSb4aFNSMo=,tag:FxARskR9+wdV7/xCKP8UdA==,type:str] +extraHosts: ENC[AES256_GCM,data:4lp7w0snYle7vGVLJq3zlTxoC8eVpaSreW3P8Aq+O6oRJoWo3IASpwi7zSx6nxmLo5LGPeupVXfy3xOkG9d5QFNU2uU6vXKvOnnm6wrpS+UcYp/4U/z+R3rFnFsI5PsCgmlL1bSUFCFkXlrLDIyoW50Q/DLXDS8QaUYAtto1DcRUXc9j8RnunYF38HFlAOD/Xa4DY048pvZu8TMsmLQjM5txZnZBq4+P8aBjY3SF+K9cqZ+SgQkU+gdGo0/S/N5OUZJ3ATJ6mglPl/Nplw/Dh9HvC7jEMJZKrVzWiYquTOn0/IytqOCS2SkhsmVMRqf06hpvhlz6sFXzkDfxKMIRTULEkjZDkZ7QioSbLeqmQePSg7xs28SvToiVKSpg0PxeH5LvJE73hgX3ATUXA2BmRvqQuqBwLaDU6TPm8xkYe7qbabaN5oFtXCI/XydZTao5Glqw/BZQRTise/qGgn3Bfl/ieMYQOqCMEdHzR0Beipur6spliGFC4YnwL3Nh4CO6qOB/j61a7rqY6nLyo54jWtjvHX42pTuGWhvhGH1z4NRZqcKks+KCMB4PcCXgul1hrb04wLXYVu7R/7QqOACp4SZBUFZCj+izcsnB1sKdKliL87VBUkwOSF+1JUCY,iv:5A3jCWLkooCkuOMiybbeQ9+TRA7CoiW3qbzmJLVarSc=,tag:qLsGhrFHs65Vesj4Ot4I/g==,type:str] mopidy: - spotify: ENC[AES256_GCM,data:89vPpgJ53eYou01qgxfqxOO6G/raBA0Vzck31PLchE4Jhi6HcNnoW4wwhHW3pG0AfCu5sE1CuryhRpWTc62fXIBoenKiCiU7chFhBF0UNq3Fcie26l6hdEx+XYVcM/MNBBbkb8VZq1mR0sgGmUESuZVzeI3LMykF,iv:n+LxuijWCZGW2YacrYQ2QIF2BTSilLmJ72piFRK25vw=,tag:iOQatj2UJdlMvn6C40IILg==,type:str] - bandcamp: ENC[AES256_GCM,data:Sas5Sk0gNaq2E1XnsK8lvaZEzsaFZKY+zDxvgTiqTm2hrI2BnWieRWcZV6u1yRKjLAhh1rdSYhnZJHWUGIAY9qnFOk4vUVUHLtxnkxO/bJN/sykc4qwXRg4/NNap+8TcsN/S1AFJYKmXYn1Otx/02wbMEzHIuw==,iv:VGC7COqF3goMyyJvasiT0yVxOk4QKLOuXd2FbHjuRwk=,tag:pvyX4Q+dvlWFkdSJzTlgwA==,type:str] -emailPassword: ENC[AES256_GCM,data:RXmfWKIm5CzZrqhT6bAPZdijByO1NvrSwN1YO4/huVQnQh5p1g==,iv:lh/mxH5sPce+to6TsK2f0SrpHJuuGUiKWzrNmQfJcY0=,tag:EyR7Nml7Jyh4Modsq7DuBw==,type:str] + spotify: ENC[AES256_GCM,data:6i9BzQmlndnROuT1H2zgN/3I6hBiFf14BlcS+XL2PbTiiEQZe2yE3tnZo3KXU9S5CjS3MwxsVdytKOFMQt2s1bVjcibBhJzoKEQByaapdzn1mK3kQLdJfhPf4Hf9YZV9Dlc60ngS7ESLZakdFVlj4rlbV5XReLhK,iv:fYd78r4U0kTyq1TZjBVXkjdNiOQ29gLJ53kwTXsi8W0=,tag:oWaeOuzdHWS4joZAdeA2pg==,type:str] + bandcamp: ENC[AES256_GCM,data:3uWlk1W6pgExsUkLpqpFXpMceYEdMfWMxNUq8iGEyq8/P3OAjzg7pvvPBGcVwmh4jSgNilRiqmmGrtYLwdqPUMlmbFB56K6ZLDIcC2yg2SRfulYcObvimOkIkx7ITr1u6jSzjMkTR5ekIlzlPBxFQzEfBbgdrQ==,iv:IY1VH/8vjNCPz8LGbYbyr5U3FcmhV+YhK3fHnLfWiak=,tag:lB78PRuEuFen54csc7jHIQ==,type:str] +emailPassword: ENC[AES256_GCM,data:RUuXzEfkqu1hEg12vBko17MtvdcFIxPofB+nFOuuMdWqjqJgEg==,iv:725/ttk8jHmSIj16gqvLykOu8D8rUbzzvOyxyZx8Jds=,tag:jv1ZO14WsKyWFsfqzRzZPg==,type:str] ssh: - hosts: ENC[AES256_GCM,data:CnSHwOiLbrA3C902LrkyLKvZOd4Lv1RCBF+IVVbNcx1aCibpMHlFN6Ov+CFNrHG1ZVd3tarnZdGX5kScJJa0khDOVtrUF1gtvifqn1A9tUDP2M+iu3JrVxDw6cPeVyoxWL1hwuWwfO3zgApBGT3CvzAy9V85cNEdS7ukx08VRTgnM6rXYLJKLvjwaDnhnB43Am8XpZQkI0I6DkhCAQuGCrxsqtEE/mQXItZUGlOp/Al8B1XEs35b16odMJEextf85bnzpYYbpV9n4OCMTgoZ8ciQgTbi7u9FD8vmKs5W15pZvL4sxFIcbegn29SvRd7sfsotQ6xNgXHqAQtTa+VcUPA7bSjDw5KHs0iC8AkxdHwGL1kY0GSb992BIZ7PqKdNRLAikttGslFM98Ce6fpHQXj3soYYMdsm9vj7av1+P4N6SQ2cmhpVDrbnrmXQ5MT5gbQlecu32b0Yqf6rfjGyZ+SCZmMzTwAsEpHSnIgYPin38ztDsMMPaouxaTR8V1TXK715ITtA9ojrZhTBbWlaJWVybicc6tT164ZDKyurGdPHf2KrakkVYZghuCkWZWM/yc4GoW1o7/XxWnwQDkUvte8kPDwB2Rvc1jjG6SFvhdXouIqfNNxrdbSoFURBuouZIbfamVqU3MfSF0JRBrpRerA5tqrWYOPL4rXqsqGWyQ==,iv:92tBq0zjlJ44Ia5ug2zk9PgspWzA6QlT0A+j9T74T7U=,tag:XTB7zG14DsPw1uNXTpD7Bg==,type:str] + hosts: ENC[AES256_GCM,data:WTgCxNIyKTwFxDVlWkJcxrvUjYuVionDQSWgSqSc0SZ5mGbl228mv7Z6mXvwbN78+jIwTuuUtfmTsDoaUaSqyIReaXFsrIHAoCGoSMbJ10RiAbyDfCEH9vbHamAX22Ccfnyh7eUOb3AsAQo/pJs/95bdCpKEPy4SXcpB0tc+KpgrEijVLpRJFyB6UGl+2qg/hVfo8no5l4tZMUBxzS5KEU7pEEcA/SLfdVMM/4+aeVmJudxJPi3RsqnA8qORVpvJC0y/ln71OrFdRVrX4e47NEXzX2Hfr+hiFbW190xBp6a/kZypQl4vk4fzn8RUathQMOVmf1r4v7eJOYRWeGeZinZtQNe7SFWtiYc0pTbQ6GNyOMwzk3bMjlyzhlrTe1MqFqVbAHSsKk6ydpcjtXt4DgQ93IL4BU6emJu7HBFBOuQ9QWEvDubhB/0Y68BWUqGqY/2lPdllGJrXL87h5KJrLHSMyUX4mF9Je84aC0cv1N3d78kepo2wCz7jrfsxixT+qN7ufu/TurLloC6y2skOCmB+gcRo79Jzk4LRi+Zf+RWnWiXw5HsZWwO7so5JIDlgApkERif6vwup12jhdu+ZxcqFfjMt1wEFceS8YGNvUl0XWPgvmM9kdqn/4XXOYCnysbpcfZaBMGDOBUlbhLUybHdDzvGYV/kMU5m8xoXAjA==,iv:Gf2f71TluSEQtiHf7CIHE2tFX8N4Y17AjP1PnNuWuNA=,tag:sGmZR1lKbbOeEhPvrHHO8Q==,type:str] sops: age: - recipient: age1ajemtm502nn2n4q7v4j8meyd5mxtcqngkkedxq2pqzuwu78zp93qnw8q48 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLMG1wWDcrSjN0NjEzY05q - YVBWbXJ1ZTlMYkdxZmRMakNZdm9qQnFxYzBFClMzS3RUVzM1aVRoazhXNkxwZFdv - OVVIQWlWS0dLS2puN0ZZVjNwaGpWeE0KLS0tIGtaVWJoZmN3bnFtbWt6RmhvUnpK - NnlaM2VmdnRVQitxUXZueGxXeWdhQlkK99cfnUusVZO/icWY2pDLExVveLtf1xPp - 43QVMMWTnkF8fS1SyM6KT7T12gFOeCIxa06IDKs1AIvuOuaq6OxEhw== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2S3VaTmg3b2QxMGtVeStr + WWRpb0RhVFNWM3RJNEV4ZTdRVmJUa2d6YVZrCnFTOWwwTlNhc2hqM2pwZ1hkcWd1 + QlE2N0FtSGFFR1NHbzFOSzI5Um4rVTQKLS0tIEFaMHprc3Jlclk3MGtvc2NzZ3cr + blMrcWVSVFB3TVc0aTQ0RUYvbDFJS0kKmGisf9VDK2RPA1uQCK5udt7sdeDyh344 + IKhPHzEHAHjKEkE6sWc6TB/l8K3IfL9zdHQZ9ZqTvCiS8CBZOwPQeg== -----END AGE ENCRYPTED FILE----- - recipient: age197lfdanym647wdaz9uy8hrfqjwj9fs8rm7vs3fsrctceu8mr9gms2jedhz enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2SjlaZGdmNWZOKzRUYU5B - NlpDeEREOUlkamhINnREeVFoYUJqSkNlc1U0CkU2QUpBTi9DUDI0RmV3M3U3Vmgv - UTJ5ZXBlaEcxeUtzUjcwcGw0MG9xKzAKLS0tIFpWeHRMWDlDekVMOWtLWFR2S05y - MHNUYUlJVHc4cnRwdGpKYXJOUE9ydWcKrJmvP3y+xVMGvS17iIzAzrKjvO4LAFOH - mQV2c2WwZpNFYb63zwKKVxxRsTMCZjQviMXywCB7GRuUk1/aCEjZyA== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBTRzRqTzlzVWpGMVFEbjV5 + R1RXS1RBMzZGaGZjUkFZc3RLb2JkSzlRQlJZCnp5c0pMOHBZUkhralArcUhLSmx5 + Uk41cGRUR3RxR1FYVHBWU3d6ZXJpcFUKLS0tIFdLclpadHV0QlRuYmJhYVZGWVc5 + eHRMV2o0TXhoVkcyaXZqU0tsR0o2eDQKdYwEuPeQ1fntKQKIlOlxet+SJ0rT5I1y + WDpfGZUVvghx5dwdd6EMq3sQUeoFSfjrlgIAwNtHRwMC19A68ubzhQ== -----END AGE ENCRYPTED FILE----- - recipient: age17pn6suvz2f7zmrm9zxj5hr0putvcvdamqxqt7ewhncgg6ccgmp2qr00xm2 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvMlUrWnFoZGZuZi8yVUJW - R1lJeUYydHZCMWZFeTZBNGVVRDQxTmlGZ0RjCmVKZ3BocEVLTUl3M1VoWjRvTi96 - SzNaWUIrUkxpVjZPVytJTmNEV2g5SkkKLS0tIDlyY1E4T1cxSXNuZDFtT3lhdFVl - c2pDd2hCUE9RWHRCN1pXZ2prRk9iNFEKFWnDpPTFbi/l+aJnILF5NWwXLdpzzA7P - RWoYja2qWNyIH8+6p+hazvezEVOpGECK5EVCH1dkLv52utuznmwsYg== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxUEtOZ3Zac01HTjVZVXNF + endFNVprclpJMmh1eTA2ZmVJRTJlbjI3dEVNCjA4K2U5QWlOdkI0R3JwbVpNRWJG + T0VQWS9uS2UrRVk0YU9VcGhSUkJ6S2sKLS0tIGJZY1VSM1o3QUR5Mk9vNmhsRWxr + YURQR2kxdExKR00vYVJMVVQxekdVOE0KDkPOMeCo1MoM5R89t1rsMWR/bGIx592Z + wvbVmE/El4Z0QzuvXl0XK3CFlKGuwgNw5TvtQ9QZP1aAL3yN0+T5oQ== -----END AGE ENCRYPTED FILE----- - recipient: age1cnnpnglkvgw5ffv8qpgwpqvj203lh4uwt698y9mxjwklxt8nysmsa8hepn enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtMkZ6dC84cHY5ZGtOd0cv - RERqSXI3ejB2andMcldDVmp2SjNVc1hzZlIwCmVoWEFwMXdtVUU3dTVZZ05mRkhB - Z2ZCMnY3SUlkV0xRQUVlUDE3VE1aTzgKLS0tIHdiYXh1aE5nb3FSZTlpdVNZOUlF - ZEpsL25rcGFZaXBaTXFKbjd2UFpYRzQKNytlpy3cD1OC3FOSfSADjMMzD9qcsLrg - A4w6NqhU8E1DJBln/AiElZ58AhzAb5okPsKRGWMQSb73XN0pLLRwXw== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQQTV1dkxMK3dxbGhiTGJG + bkVQTUFOU1I4SXAyV21PdThSZFNOTTA0cmpFCkpXcmRXdlE0eVRYWWErQUxSWFN4 + bjI5bkU1NE84V1FTNVZiYUpLSnhSL2cKLS0tIFl6YmxmM1JLSlpxcDcxTnRnT1k3 + M25EQU5zckVMa1VSK29iYW5PbHRJcVEK6+gstHbcPBdeRNvZa21nZB5sT1SdHWHs + 8St5tYl5I3CxNWFgFjOrHqteRKc+ZTcj3euAJ6Wathbw0YMiA3gz0Q== -----END AGE ENCRYPTED FILE----- - recipient: age1g68hxv73llkyc7etzh499ztcrt93pwawy0n8p93px4taqu58mehsp88vjq enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB4M1hKditZLytKeVErbit5 - UEwyQW13bG1jakphRVA1WEd0WUtFa0I1UUc0ClV6NlUwRkZpZlhmY2t4RVliVExK - a2k4RkFFampEUUFkQVhvSWJwd1JPVVEKLS0tIDVzdGV4NFFveStkVUROWE1mUHAz - Z3R3MTRIRVZPc0pNVVhHYWhaSXdtbW8KorG+7fRAt1RT1fUD8Z4b2CJaIwCb+1br - Wt1E8hWeYVoHGnZuuJgrorv/GnqpRDkMrXix/qqGKuBlAgTDab5eYg== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBYRGYyUGhlL2NJelZTQ1g0 + UEhJMFlkVmdlU1E2cGE2UHF2dytVYmhQMlIwCmdrOEZjUUFrQjMzK2FxVjF0NGY1 + UStNT3ZXbEJlUGxzSXlBTmYwUzRIalEKLS0tIHFuWWIrTGN6eUxyNEhybHIydzRp + cUFid1RwRXA4cExWd3poK2hEaVd5Q00KjjiEiQw2OxcGv/qDudLmbM6aysYhLTxi + Qjmh133pyznFs+pLVLdYnId42zvojAeuJD9cJYxuwwgPA2ZlKdSVrg== -----END AGE ENCRYPTED FILE----- - recipient: age1awytvphvty4f9wmdn86xnjg9kgetqjx8qlwj5d2882t4fyyzy58s3vg5k4 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxTDRWRUJNelRPMitSTm1H - U1FTY0xsTXZrWnF2VXdsQWNLcE5zeHJ6bGg4CkRZckY3Q0hBNTgxMUVDdUh3YWZS - STgwOEZ5cGFkVHFEOWNnNjNONDZIZm8KLS0tIGg1TUZjbmQ5MFU2bG1sZFcycnRR - cDVwRVIxeTVmcmJLekpXcG13cTZJVG8KwXR0NOiHcd0njWwRWzEyGf0vb1kXp766 - FhBxX0RoUToq/UgTQGBWvEODrZTnNd/zXr1J8gA1TeacTEbkoWEkpA== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBRbUs1Qm1hUnJldDNZNUR0 + N3d0YXp5NWtjV0xvc1ZrM3ArZllIbmJtRXpnCnp2TVRyQVFqNC9kWXpBa0NnbW9X + VVFONnNleG9wN2IwdkhSWjBObmVGd3cKLS0tIHVDVmVNazdLWUpOQVlTNFRwL1c5 + bkdsaXNINEZpZjdMdHAwdElpWFQ0aW8K0guO/BF8hp1LDToVBFY5JKdz8WXOwK2P + prGKdxPsTAfW8xTq97LHHRsLC7+4TVXnjF4LS4SM8EXIX9KCl5FIGA== -----END AGE ENCRYPTED FILE----- - recipient: age1erkn7dd022e90ktyj66aux9j9xvl0uzd6ru5cmrjsvcm5rtr5pfs7q6k9h enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBZQUwxenU2aFN5My9wcHpu - c2prSCtvbW4xanlxZGhDT1dpT0V2ZUtmcGlvCkNrRkJ2OXVOSFhFcGxSYUdJMHBn - M2VydHhVSW5MWTdvTW8vSWlXT3ZnV1UKLS0tIGpydEc5TXNpdXc4czVvNk54K0JO - RTlDblJHcUczdmtOdGc4VjUrYk1PTWMKVM07fdDfLWf4T3ELq8G4jsPhR4ZukOjP - SATCHMTn3wG4qeGTI4R+4m4iqa3k7CFJUJapmBNHqXWOZeO5w9IonA== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB4ZEVtVzM0dFhJYWd5UXZO + ajIzSFp1VENuSjlaYSs4ZUdBSS90aEoyM25JCnhrd0lyUVN0dEV5a2tQUjZwSlFx + eVlLT1kyejhuZDdGeHpDQnRMTllCSHMKLS0tIHZVS1JDVzBaaG1Oend1eDFiT1F4 + NU1vREt6SXBWYU1xdW1JSm1uUGZQRVEKtaDeDNo817rXXoMkBHo0MZWtm4LayqwC + NN8vbhGcgT+M+ehnmZ1HdPk8VWRvlQ+SMpG+a6DjK8BjYtAWcO16RQ== -----END AGE ENCRYPTED FILE----- - recipient: age16crkeglm3j3f6rveylytuerptjf9mwtv3hl89ywkmnnvdkntfchsuvrsk5 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA1SUtkZysyMU05Q0tlSHZh - V21acktNUTA1SjBMNFJtcE9XVHVFWWFvcEhNCm9hRFY3QjZkTk05UTJXZkpyTytE - N01WS3E1TERmcVlCTEluT2RoODR0RFUKLS0tIHpoNmkxNlc0YmcvTHBZNUZPRks0 - VkdKMUVOemNhUnpYSFFocnZRQmxPaUEKgCne7JJRIuvFtDMtaqO21IKjRoDW8D+3 - V5tGfZOQADuef3n8ZG1j5t1OtNNBu4PjpxZynGx3/nR7+FThsK4vMg== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB6eUFYSC82YVM1WVEwc2Fz + aEl3TG5oOFU5MUFhQ0JhbC9yRVYxOFo0bUVJCnpwQzMyZmN4ZTlNVW5pZTY5bkdY + bjhaSnFxS0Vrb3pHTlJkWjVvczBSOG8KLS0tIHlsbjhxODdvcnd4c21aWUNpK01M + ZW1hTUFtVE15QzVIVU93ZExlUWZjYzAKUZj+/NtMHCPjFFqbJ/8b2ASljV6GEk6p + FbqV9LezRZrfl9GXBVUpB4Oeb9v2yp151aSda07/AG5YO0/jRAV/Bg== -----END AGE ENCRYPTED FILE----- - lastmodified: "2026-01-25T02:54:23Z" - mac: ENC[AES256_GCM,data:nIOwiSAT3YCRabbPwfO2XBFhb/qH5cFLsMUQUCUa7trBnLeerzWLpngB96T0ZkDmsVsdJLhfv5ZWWZlgIg+K9uIww+DzvK48B3+EyVpNCJ4cDfgz3gZXlnp41Eu8LSklQ+sk9lVFEbHNPPhbTliXma9Kr1ldkdP035lQmYXUz6Y=,iv:sp7oiTUvO/FchubMlCuaaWDpNO9+aLIyehjS9+8pEPw=,tag:/PvIJTM17nFi5YIq0b1LyQ==,type:str] + - recipient: age1tkywsvddjj6r6ukuqgz9aql92jfx85rz57dhmkkndysh6yx6p5rs0zj0qr + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxdjFYN01HcXZMNVBJckVm + eklKZHAxeWgvVlcwWk9yWUJpcFFBUnpUV0FZCi85dGE2L3d3OS9CdW5sL0pZTTM2 + SFJkcUN0emh6S3hMenhCcXBhNWF6eVUKLS0tIExwNEVyRmpGRXRLMjgxY1dqbkxQ + bk04K1luNnJVTjZQY25KRXNSVG0venMK7uM4tqqmq/o4QgMlE/x/FXkQsPRkofNO + I6C93RYgp1OcGPH14Kmp5lXtK4/pdToaRnVXPGenDQJsFhwWCEI+Fg== + -----END AGE ENCRYPTED FILE----- + - recipient: age17p69ktg7yfzgdsk00f32mupe4n4fevdpw2wsv7ft30yvpeseau6s7t0zdg + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBsOTFXaHE0SDRCTnE4di9N + S2JIbHF2a1pzNzU4UFIvQmpZMVpOUjJqd0RJClVxcTd3d05aRDN1RGVmWVpQS2lI + L1RVU3FUM3d4SU9pYXlwSko2RW5uWjgKLS0tIEplR1l1bGlad3p1ZkNBbFY3YmlM + dUpXZis2N2VyN0ZFbjlPRXdwRFQ1aHMKm1Mk6MPKxFmwdATCYUANRSY5rHKgmQer + LBlqqWKt1JiIUAYtazQeQ6KYxmjVlQPY7AZw2t+EhBEPrqbTL3vOiw== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2026-02-08T14:11:39Z" + mac: ENC[AES256_GCM,data:fRnv6X2PTwbkde0SJHXegU0QiixfjZlfvje/tfgotfLLmnwDsB0Pxl0tw4DkCcQ3GZKDbxC5WR4g+Jz1B/D79WYo8jEKsf7OCBgyw3HhPhsg7lgJ9Qa/NVR1PfwZBn6u5/nj1kuLgQe9ZSV/UmUIu5I1LEY8IGVoJOEJkr/ZVRg=,iv:E4qRUs/u8T3VpyJxGyqifmTQaf/+bG7uN6sbbb2cwQY=,tag:+bQhdMlw7hGcvINQJTP8lw==,type:str] unencrypted_suffix: _unencrypted version: 3.11.0 diff --git a/system/boot/boot.nix b/system/boot/boot.nix index 02714c4..0e83822 100644 --- a/system/boot/boot.nix +++ b/system/boot/boot.nix @@ -44,7 +44,7 @@ in { grub = { enable = mkEnableOption "Does the system use GRUB? (Disables systemd-boot)"; device = mkOption { - type = types.str; + type = types.path; description = "The GRUB device"; default = ""; }; diff --git a/system/dev/docker.nix b/system/dev/docker.nix index eed390b..5d35adf 100644 --- a/system/dev/docker.nix +++ b/system/dev/docker.nix @@ -12,6 +12,11 @@ in { podman.enable = mkEnableOption "Enable Podman rather than Docker"; nvidia.enable = mkEnableOption "Activate Nvidia support"; autoprune.enable = mkEnableOption "Enable autoprune"; + storage = mkOption { + type = types.nullOr types.path; + default = null; + example = "/path/to/docker/storage"; + }; }; config = mkIf cfg.enable { @@ -29,6 +34,9 @@ in { enable = true; enableNvidia = cfg.nvidia.enable; autoPrune.enable = cfg.autoprune.enable; + daemon.settings = mkIf (cfg.storage != null) { + "data-root" = cfg.storage; + }; }; podman = mkIf cfg.podman.enable { enable = true; diff --git a/system/hardware/default.nix b/system/hardware/default.nix index 33a45d6..bc5875d 100644 --- a/system/hardware/default.nix +++ b/system/hardware/default.nix @@ -1,8 +1,10 @@ -{ +{lib, ...}: { imports = [ ./amdgpu.nix ./bluetooth.nix ./sound.nix ./input ]; + + hardware.enableAllFirmware = lib.mkDefault true; } diff --git a/system/network/tailscale.nix b/system/network/tailscale.nix index 90e6c76..e79e190 100644 --- a/system/network/tailscale.nix +++ b/system/network/tailscale.nix @@ -13,7 +13,7 @@ in { }; }; config.services.tailscale = { - enable = cfg.enable; + inherit (cfg) enable; extraSetFlags = [ "--accept-dns" "--accept-routes" diff --git a/system/services/sunshine.nix b/system/services/sunshine.nix index 0c7d846..319f0ab 100644 --- a/system/services/sunshine.nix +++ b/system/services/sunshine.nix @@ -15,7 +15,12 @@ in { autoStart = cfg.autostart; capSysAdmin = true; openFirewall = true; - settings.sunshine_name = config.mySystem.networking.hostname; + settings = { + sunshine_name = config.mySystem.networking.hostname; + locale = "en_GB"; + system_tray = "enabled"; + output_name = 1; + }; applications.apps = [ { name = "Desktop"; @@ -42,6 +47,12 @@ in { { name = "OpenMW"; cmd = "openmw"; + image-path = "/home/phundrak/.config/sunshine/covers/igdb_24775.png"; + } + { + name = "Vintage Story"; + cmd = "flatpak run at.vintagestory.VintageStory"; + image-path = "/home/phundrak/.config/sunshine/covers/igdb_69547.png"; } ]; }; diff --git a/system/services/traefik.nix b/system/services/traefik.nix index 3ae3cf4..940a6fa 100644 --- a/system/services/traefik.nix +++ b/system/services/traefik.nix @@ -8,18 +8,28 @@ with lib; let in { options.mySystem.services.traefik = { enable = mkEnableOption "Enable Traefik"; - dataDir = mkOption { - type = types.path; - default = "/tank/traefik"; - }; email = mkOption { type = types.str; default = ""; }; + dataDir = mkOption { + type = types.path; + default = "/tank/traefik"; + example = "/path/to/traefik/data"; + }; + environmentFiles = mkOption { + type = types.listOf types.path; + example = ["/var/traefik/traefik.env"]; + default = []; + }; + dynamicConfigFile = mkOption { + type = types.path; + default = "${cfg.dataDir}/traefik.yaml"; + example = "/var/traefik/dynamic.yaml"; + }; }; config.services.traefik = { - inherit (cfg) enable; - dynamicConfigFile = "${cfg.dataDir}/dynamic_config.toml"; + inherit (cfg) enable dynamicConfigFile environmentFiles; staticConfigOptions = { api.dashboard = true; log = { @@ -29,18 +39,18 @@ in { }; accessLog.filePath = "${cfg.dataDir}/access.log"; entryPoints = { - http = { + web = { address = ":80"; asDefault = true; http.redirections.entrypoint = { - to = "https"; + to = "websecure"; scheme = "https"; }; }; - https = { + websecure = { address = ":443"; asDefault = true; - httpChallenge.entryPoint = "https"; + httpChallenge.entryPoint = "websecure"; }; }; providers.docker = { @@ -53,6 +63,7 @@ in { dnsChallenge = { provider = "cloudflare"; resolvers = ["1.1.1.1:53" "1.0.0.1:53"]; + propagation.delayBeforeChecks = 60; }; }; }; diff --git a/system/users/default.nix b/system/users/default.nix index 5326e0e..e0c591d 100644 --- a/system/users/default.nix +++ b/system/users/default.nix @@ -1,5 +1,7 @@ { imports = [ ./phundrak.nix + ./root.nix ]; + programs.zsh.enable = true; } diff --git a/system/users/phundrak.nix b/system/users/phundrak.nix index c3cf60a..7d3ee38 100644 --- a/system/users/phundrak.nix +++ b/system/users/phundrak.nix @@ -5,27 +5,23 @@ ... }: with lib; let - cfg = config.mySystem.users; + cfg = config.mySystem.users.phundrak; in { - options.mySystem.users = { - root.disablePassword = mkEnableOption "Disables root password"; - phundrak.enable = mkEnableOption "Enables users phundrak"; + options.mySystem.users.phundrak = { + enable = mkEnableOption "Enables user phundrak"; + trusted = mkEnableOption "Mark the user as trusted by Nix"; }; config = { - users.users = { - root = { - hashedPassword = mkIf cfg.root.disablePassword "*"; - shell = pkgs.zsh; - }; - phundrak = mkIf cfg.phundrak.enable { - isNormalUser = true; - description = "Lucien Cartier-Tilet"; - extraGroups = ["networkmanager" "wheel" "docker" "dialout" "podman" "plugdev" "games" "audio" "input"]; - shell = pkgs.zsh; - openssh.authorizedKeys.keyFiles = lib.filesystem.listFilesRecursive ../../keys; - }; + users.users.phundrak = mkIf cfg.enable { + isNormalUser = true; + description = "Lucien Cartier-Tilet"; + extraGroups = ["networkmanager" "wheel" "docker" "dialout" "podman" "plugdev" "games" "audio" "input"]; + shell = pkgs.zsh; + openssh.authorizedKeys.keyFiles = lib.filesystem.listFilesRecursive ../../users/phundrak/keys; + }; + nix.settings = mkIf cfg.trusted { + trusted-users = ["phundrak"]; }; - programs.zsh.enable = true; }; } diff --git a/system/users/root.nix b/system/users/root.nix new file mode 100644 index 0000000..28cf703 --- /dev/null +++ b/system/users/root.nix @@ -0,0 +1,17 @@ +{ + lib, + config, + pkgs, + ... +}: +with lib; let + cfg = config.mySystem.users.root; +in { + options.mySystem.users.root.disablePassword = mkEnableOption "Disables root password"; + config = { + users.users.root = { + hashedPassword = mkIf cfg.disablePassword "*"; + shell = pkgs.zsh; + }; + }; +} diff --git a/users/modules/desktop/default.nix b/users/modules/desktop/default.nix index e1fa511..206794f 100644 --- a/users/modules/desktop/default.nix +++ b/users/modules/desktop/default.nix @@ -13,7 +13,6 @@ in { ./kdeconnect.nix ./kitty.nix ./obs.nix - ./qt.nix ./rofi ./spotify.nix ./swaync.nix @@ -30,10 +29,10 @@ in { kdeconnect.enable = mkDefault cfg.fullDesktop; kitty.enable = mkDefault cfg.fullDesktop; obs.enable = mkDefault cfg.fullDesktop; - qt.enable = mkDefault cfg.fullDesktop; rofi.enable = mkDefault cfg.fullDesktop; spotify.enable = mkDefault cfg.fullDesktop; spotify.spicetify.enable = mkDefault cfg.fullDesktop; + theme.enable = mkDefault cfg.fullDesktop; wlr-which-key.enable = mkDefault cfg.fullDesktop; }; } diff --git a/users/modules/desktop/qt.nix b/users/modules/desktop/qt.nix deleted file mode 100644 index 16ec39a..0000000 --- a/users/modules/desktop/qt.nix +++ /dev/null @@ -1,11 +0,0 @@ -{ - lib, - config, - ... -}: -with lib; let - cfg = config.home.desktop.qt; -in { - options.home.desktop.qt.enable = mkEnableOption "Enable Qt support"; - config.qt.enable = cfg.enable; -} diff --git a/users/modules/desktop/spotify.nix b/users/modules/desktop/spotify.nix index f00b1de..03ea81d 100644 --- a/users/modules/desktop/spotify.nix +++ b/users/modules/desktop/spotify.nix @@ -6,8 +6,8 @@ ... }: with lib; let + inherit (pkgs.stdenv.hostPlatform) system; cfg = config.home.desktop.spotify; - system = pkgs.stdenv.hostPlatform.system; spicePkgs = inputs.spicetify.legacyPackages.${system}; in { options.home.desktop.spotify = { diff --git a/users/modules/desktop/theme.nix b/users/modules/desktop/theme.nix index 6832096..c76fc6f 100644 --- a/users/modules/desktop/theme.nix +++ b/users/modules/desktop/theme.nix @@ -1,26 +1,33 @@ { pkgs, config, + lib, ... -}: { - gtk = { - enable = true; - colorScheme = "dark"; - iconTheme = { - name = "Nordzy-icons"; - package = pkgs.nordzy-icon-theme; +}: +with lib; let + cfg = config.home.desktop.theme; +in { + options.home.desktop.theme.enable = mkEnableOption "Enable theme options"; + config = mkIf cfg.enable { + gtk = { + enable = true; + colorScheme = "dark"; + iconTheme = { + name = "Nordzy-icons"; + package = pkgs.nordzy-icon-theme; + }; + theme = { + package = pkgs.nordic; + name = "Nordic"; + }; }; - theme = { - package = pkgs.nordic; - name = "Nordic"; + home.pointerCursor = { + enable = true; + gtk.enable = true; + hyprcursor.enable = config.home.desktop.hyprland.enable; + name = "Nordzy-cursors"; + package = pkgs.nordzy-cursor-theme; }; + qt.enable = true; }; - home.pointerCursor = { - enable = true; - gtk.enable = true; - hyprcursor.enable = config.home.desktop.hyprland.enable; - name = "Nordzy-cursors"; - package = pkgs.nordzy-cursor-theme; - }; - qt.enable = true; } diff --git a/users/modules/desktop/wlr-which-key.nix b/users/modules/desktop/wlr-which-key.nix index 8882371..0c770d0 100644 --- a/users/modules/desktop/wlr-which-key.nix +++ b/users/modules/desktop/wlr-which-key.nix @@ -21,7 +21,7 @@ # Recursively filter out null values and convert kebab-case keys to snake_case filterNulls = value: if lib.isAttrs value - then lib.mapAttrs' (n: v: lib.nameValuePair (toSnakeCase n) (filterNulls v)) (lib.filterAttrs (n: v: v != null) value) + then lib.mapAttrs' (n: v: lib.nameValuePair (toSnakeCase n) (filterNulls v)) (lib.filterAttrs (_: v: v != null) value) else if lib.isList value then map filterNulls value else value; diff --git a/users/phundrak/home.nix b/users/phundrak/home.nix index 8dd026b..56be3b4 100644 --- a/users/phundrak/home.nix +++ b/users/phundrak/home.nix @@ -78,7 +78,7 @@ parts = lib.strings.splitString " " content; email = lib.lists.last parts; in "${email} namespaces=\"git\" ${content}") - (lib.filesystem.listFilesRecursive ../../keys) + (lib.filesystem.listFilesRecursive ./keys) ); }; }; diff --git a/users/phundrak/host/alys.nix b/users/phundrak/host/alys.nix index affc142..59d411c 100644 --- a/users/phundrak/host/alys.nix +++ b/users/phundrak/host/alys.nix @@ -2,9 +2,6 @@ imports = [../light-home.nix]; home = { cli.nh.flake = "${config.home.homeDirectory}/nixos"; - phundrak.sshKey = { - content = builtins.readFile ../../../keys/id_alys.pub; - # file = "${config.home.homeDirectory}/.ssh/id_ed25519.pub"; - }; + phundrak.sshKey.content = builtins.readFile ../keys/id_alys.pub; }; } diff --git a/users/phundrak/host/elcafe.nix b/users/phundrak/host/elcafe.nix new file mode 100644 index 0000000..9026e7e --- /dev/null +++ b/users/phundrak/host/elcafe.nix @@ -0,0 +1,8 @@ +{ + imports = [../light-home.nix]; + home = { + cli.nh.flake = "/tank/phundrak/.dotfiles"; + dev.editors.emacs.enable = false; + phundrak.sshKey.content = builtins.readFile ../keys/id_elcafe.pub; + }; +} diff --git a/users/phundrak/host/gampo.nix b/users/phundrak/host/gampo.nix index d22918d..66a2fc9 100644 --- a/users/phundrak/host/gampo.nix +++ b/users/phundrak/host/gampo.nix @@ -3,8 +3,6 @@ home = { cli.nh.flake = "${config.home.homeDirectory}/.dotfiles"; desktop.hyprland.host = "gampo"; - phundrak.sshKey = { - content = builtins.readFile ../../../keys/id_gampo.pub; - }; + phundrak.sshKey.content = builtins.readFile ../keys/id_gampo.pub; }; } diff --git a/users/phundrak/host/marpa.nix b/users/phundrak/host/marpa.nix index 4d11e36..ea9197c 100644 --- a/users/phundrak/host/marpa.nix +++ b/users/phundrak/host/marpa.nix @@ -7,8 +7,6 @@ ollama.gpu = "rocm"; }; desktop.hyprland.host = "marpa"; - phundrak.sshKey = { - content = builtins.readFile ../../../keys/id_marpa.pub; - }; + phundrak.sshKey.content = builtins.readFile ../keys/id_marpa.pub; }; } diff --git a/users/phundrak/host/naromk3.nix b/users/phundrak/host/naromk3.nix index 3f5d051..23a1603 100644 --- a/users/phundrak/host/naromk3.nix +++ b/users/phundrak/host/naromk3.nix @@ -2,6 +2,6 @@ imports = [../light-home.nix]; home = { cli.nh.flake = "/home/phundrak/.dotfiles"; - phundrak.sshKey.content = builtins.readFile ../../../keys/id_naromk3.pub; + phundrak.sshKey.content = builtins.readFile ../keys/id_naromk3.pub; }; } diff --git a/users/phundrak/host/tilo.nix b/users/phundrak/host/tilo.nix index d5a496c..09356f5 100644 --- a/users/phundrak/host/tilo.nix +++ b/users/phundrak/host/tilo.nix @@ -2,6 +2,6 @@ imports = [../light-home.nix]; home = { cli.nh.flake = "/tank/phundrak/.dotfiles"; - phundrak.sshKey.content = builtins.readFile ../../../keys/id_tilo.pub; + phundrak.sshKey.content = builtins.readFile ../keys/id_tilo.pub; }; } diff --git a/keys/id_alys.pub b/users/phundrak/keys/id_alys.pub similarity index 100% rename from keys/id_alys.pub rename to users/phundrak/keys/id_alys.pub diff --git a/users/phundrak/keys/id_elcafe.pub b/users/phundrak/keys/id_elcafe.pub new file mode 100644 index 0000000..365acf3 --- /dev/null +++ b/users/phundrak/keys/id_elcafe.pub @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA+UvZISwPdbDUQKbcBksi6dKvsVccvRIbdOE0zDQt60 lucien@phundrak.com diff --git a/keys/id_gampo.pub b/users/phundrak/keys/id_gampo.pub similarity index 100% rename from keys/id_gampo.pub rename to users/phundrak/keys/id_gampo.pub diff --git a/keys/id_marpa.pub b/users/phundrak/keys/id_marpa.pub similarity index 100% rename from keys/id_marpa.pub rename to users/phundrak/keys/id_marpa.pub diff --git a/keys/id_naromk3.pub b/users/phundrak/keys/id_naromk3.pub similarity index 100% rename from keys/id_naromk3.pub rename to users/phundrak/keys/id_naromk3.pub diff --git a/keys/id_opn4.pub b/users/phundrak/keys/id_opn4.pub similarity index 100% rename from keys/id_opn4.pub rename to users/phundrak/keys/id_opn4.pub diff --git a/keys/id_tilo.pub b/users/phundrak/keys/id_tilo.pub similarity index 100% rename from keys/id_tilo.pub rename to users/phundrak/keys/id_tilo.pub diff --git a/users/phundrak/packages.nix b/users/phundrak/packages.nix index 13ef99b..3866793 100644 --- a/users/phundrak/packages.nix +++ b/users/phundrak/packages.nix @@ -5,7 +5,7 @@ ... }: with lib; let - system = pkgs.stdenv.hostPlatform.system; + inherit (pkgs.stdenv.hostPlatform) system; in { programs.bun.enable = true; home.packages = with pkgs; [