Compare commits
52 Commits
ab31615211
...
16cf73afb9
Author | SHA1 | Date |
---|---|---|
Simon Bruder | 16cf73afb9 | |
Simon Bruder | 853e817901 | |
Simon Bruder | 7daad927e8 | |
Simon Bruder | ae35e82369 | |
Simon Bruder | 670ff94dda | |
Simon Bruder | 62c26e06a5 | |
Simon Bruder | 5f81e9db4b | |
Simon Bruder | 10f2e5638f | |
Simon Bruder | 1f75062bc2 | |
Simon Bruder | 526db3d97b | |
Simon Bruder | ad209fa0f7 | |
Simon Bruder | 00bada7b12 | |
Simon Bruder | f30318869b | |
Simon Bruder | 709f8d5676 | |
Simon Bruder | 51e8dd4169 | |
Simon Bruder | fc7f0f8648 | |
Simon Bruder | 11d0870f5c | |
Simon Bruder | a1645314f4 | |
Simon Bruder | 47cb7b4b32 | |
Simon Bruder | 07cac97bef | |
Simon Bruder | 4c119f0b80 | |
Simon Bruder | 939df6ae2a | |
Simon Bruder | 8f1d0a149c | |
Simon Bruder | a9f86e7ced | |
Simon Bruder | 3816e6fc5d | |
Simon Bruder | bb8152d772 | |
Simon Bruder | 06958ad544 | |
Simon Bruder | 5375a858bd | |
Simon Bruder | ef2c667bfe | |
Simon Bruder | 7f8859f85b | |
Simon Bruder | c4a9d39a15 | |
Simon Bruder | a5ae1bf7cd | |
Simon Bruder | 74e5dd2639 | |
Simon Bruder | badd33a312 | |
Simon Bruder | db24be0a69 | |
Simon Bruder | 0696d74877 | |
Simon Bruder | d645aca536 | |
Simon Bruder | 4752437cf5 | |
Simon Bruder | 242a2315be | |
Simon Bruder | c944812a68 | |
Simon Bruder | 0e870e7188 | |
Simon Bruder | ef3939403a | |
Simon Bruder | a2cf57ec47 | |
Simon Bruder | f454aafa20 | |
Simon Bruder | c5f3b172f3 | |
Simon Bruder | 7c4b4a5a9b | |
Simon Bruder | 7c26753c04 | |
Simon Bruder | eecb609dab | |
Simon Bruder | 9caef40c21 | |
Simon Bruder | 0d9e100d01 | |
Simon Bruder | a09967c1c4 | |
Simon Bruder | 4ff453a133 |
|
@ -15,7 +15,7 @@ keys:
|
|||
- &mayushii 23EEDF49AAF1B41DCD1CD10F44A37FA8C15053B3
|
||||
- &renge 06a917fc4a2a1b6b0f69a830285075cac85b7035
|
||||
- &nunotaba 3176be14f468c6d43ab2206b4f273abccd49806b
|
||||
- &okarin 868497ac4266a4d137e0718ae5fc3caa3b8107aa
|
||||
- &okarin e7370b48016c961ef8ad792fda66b19d845b3156
|
||||
- &shinobu 28677f2e3584b39f528a779caf445ebb39c882b7
|
||||
- &nazuna 0b8be5d87a10a0e68dda97212c4befad1f9e915c
|
||||
- &yuzuru a1ee5bc0249163a047440ef2649e770ec6ea16e4
|
||||
|
|
|
@ -143,3 +143,10 @@ so always consult the file header and other resources as specified in the REUSE
|
|||
Please note that those licensing terms only apply to the source files in this repository,
|
||||
not any build outputs, like system or package closures.
|
||||
They might be licensed differently, depending on their source.
|
||||
|
||||
If you think you have a compelling reason
|
||||
why you should be able to use part of this repository under a more permissive license,
|
||||
please contact me,
|
||||
so we can figure something out.
|
||||
Please note, that I can only offer this for files that are solely authored by me,
|
||||
as I do not own the rights to other people’s code.
|
||||
|
|
84
flake.lock
84
flake.lock
|
@ -26,11 +26,11 @@
|
|||
"flake-compat": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
"lastModified": 1673956053,
|
||||
"narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=",
|
||||
"lastModified": 1696426674,
|
||||
"narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
|
||||
"owner": "edolstra",
|
||||
"repo": "flake-compat",
|
||||
"rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9",
|
||||
"rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -44,11 +44,11 @@
|
|||
"systems": "systems"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1701680307,
|
||||
"narHash": "sha256-kAuep2h5ajznlPMD9rnQyffWG8EM/C73lejGofXvdM8=",
|
||||
"lastModified": 1710146030,
|
||||
"narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=",
|
||||
"owner": "numtide",
|
||||
"repo": "flake-utils",
|
||||
"rev": "4022d587cbbfd70fe950c1e2083a02621806a725",
|
||||
"rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -65,11 +65,11 @@
|
|||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1660459072,
|
||||
"narHash": "sha256-8DFJjXG8zqoONA1vXtgeKXy68KdJL5UaXR8NtVMUbx8=",
|
||||
"lastModified": 1709087332,
|
||||
"narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=",
|
||||
"owner": "hercules-ci",
|
||||
"repo": "gitignore.nix",
|
||||
"rev": "a20de23b925fd8264fd7fad6454652e142fd7f73",
|
||||
"rev": "637db329424fd7e46cf4185293b9cc8c88c95394",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -85,11 +85,11 @@
|
|||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1704099619,
|
||||
"narHash": "sha256-QRVMkdxLmv+aKGjcgeEg31xtJEIsYq4i1Kbyw5EPS6g=",
|
||||
"lastModified": 1712386041,
|
||||
"narHash": "sha256-dA82pOMQNnCJMAsPG7AXG35VmCSMZsJHTFlTHizpKWQ=",
|
||||
"owner": "nix-community",
|
||||
"repo": "home-manager",
|
||||
"rev": "7e398b3d76bc1503171b1364c9d4a07ac06f3851",
|
||||
"rev": "d6bb9f934f2870e5cbc5b94c79e9db22246141ff",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -106,11 +106,11 @@
|
|||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1704100519,
|
||||
"narHash": "sha256-SgZC3cxquvwTN07vrYYT9ZkfvuhS5Y1k1F4+AMsuflc=",
|
||||
"lastModified": 1712989663,
|
||||
"narHash": "sha256-r2X/DIAyKOLiHoncjcxUk1TENWDTTaigRBaY53Cts/w=",
|
||||
"owner": "nix-community",
|
||||
"repo": "home-manager",
|
||||
"rev": "6e91c5df192395753d8e6d55a0352109cb559790",
|
||||
"rev": "40ab43ae98cb3e6f07eaeaa3f3ed56d589da21b0",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -215,11 +215,11 @@
|
|||
"nixpkgs-stable": "nixpkgs-stable"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1703939133,
|
||||
"narHash": "sha256-Gxe+mfOT6bL7wLC/tuT2F+V+Sb44jNr8YsJ3cyIl4Mo=",
|
||||
"lastModified": 1712897695,
|
||||
"narHash": "sha256-nMirxrGteNAl9sWiOhoN5tIHyjBbVi5e2tgZUgZlK3Y=",
|
||||
"owner": "cachix",
|
||||
"repo": "pre-commit-hooks.nix",
|
||||
"rev": "9d3d7e18c6bc4473d7520200d4ddab12f8402d38",
|
||||
"rev": "40e6053ecb65fcbf12863338a6dcefb3f55f1bf8",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -231,11 +231,11 @@
|
|||
},
|
||||
"nixos-hardware": {
|
||||
"locked": {
|
||||
"lastModified": 1704124233,
|
||||
"narHash": "sha256-lBHs/yUtkcGgapHRS31oOb5NqvnVrikvktGOW8rK+sE=",
|
||||
"lastModified": 1712909959,
|
||||
"narHash": "sha256-7/5ubuwdEbQ7Z+Vqd4u0mM5L2VMNDsBh54visp27CtQ=",
|
||||
"owner": "nixos",
|
||||
"repo": "nixos-hardware",
|
||||
"rev": "f752581d6723a10da7dfe843e917a3b5e4d8115a",
|
||||
"rev": "f58b25254be441cd2a9b4b444ed83f1e51244f1f",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -247,11 +247,11 @@
|
|||
},
|
||||
"nixpkgs": {
|
||||
"locked": {
|
||||
"lastModified": 1703992652,
|
||||
"narHash": "sha256-C0o8AUyu8xYgJ36kOxJfXIroy9if/G6aJbNOpA5W0+M=",
|
||||
"lastModified": 1712741485,
|
||||
"narHash": "sha256-bCs0+MSTra80oXAsnM6Oq62WsirOIaijQ/BbUY59tR4=",
|
||||
"owner": "nixos",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "32f63574c85fbc80e4ba1fbb932cde9619bad25e",
|
||||
"rev": "b2cf36f43f9ef2ded5711b30b1f393ac423d8f72",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -275,11 +275,11 @@
|
|||
"poetry2nix": "poetry2nix"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1704120598,
|
||||
"narHash": "sha256-9g7bZbVHAjMPNUWD2okeOdTmTrC9pkCeVe1zFyvtvqo=",
|
||||
"lastModified": 1712934106,
|
||||
"narHash": "sha256-JubHgaV6HUZarwwq4y2rxJaaj2a6euErJfCqpmhrhWk=",
|
||||
"ref": "refs/heads/master",
|
||||
"rev": "32ef4fd545a29cdcb2613934525b97470818b42e",
|
||||
"revCount": 65,
|
||||
"rev": "2bcb2b6c7b0e04f4ef8e51e00fd93a5e5cb00bf8",
|
||||
"revCount": 66,
|
||||
"type": "git",
|
||||
"url": "https://git.sbruder.de/simon/nixpkgs-overlay"
|
||||
},
|
||||
|
@ -290,43 +290,43 @@
|
|||
},
|
||||
"nixpkgs-stable": {
|
||||
"locked": {
|
||||
"lastModified": 1685801374,
|
||||
"narHash": "sha256-otaSUoFEMM+LjBI1XL/xGB5ao6IwnZOXc47qhIgJe8U=",
|
||||
"lastModified": 1710695816,
|
||||
"narHash": "sha256-3Eh7fhEID17pv9ZxrPwCLfqXnYP006RKzSs0JptsN84=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "c37ca420157f4abc31e26f436c1145f8951ff373",
|
||||
"rev": "614b4613980a522ba49f0d194531beddbb7220d3",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "NixOS",
|
||||
"ref": "nixos-23.05",
|
||||
"ref": "nixos-23.11",
|
||||
"repo": "nixpkgs",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nixpkgs-stable_2": {
|
||||
"locked": {
|
||||
"lastModified": 1703950681,
|
||||
"narHash": "sha256-veU5bE4eLOmi7aOzhE7LfZXcSOONRMay0BKv01WHojo=",
|
||||
"lastModified": 1712437997,
|
||||
"narHash": "sha256-g0whLLwRvgO2FsyhY8fNk+TWenS3jg5UdlWL4uqgFeo=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "0aad9113182747452dbfc68b93c86e168811fa6c",
|
||||
"rev": "e38d7cb66ea4f7a0eb6681920615dfcc30fc2920",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "NixOS",
|
||||
"ref": "release-23.05",
|
||||
"ref": "release-23.11",
|
||||
"repo": "nixpkgs",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nixpkgs-unstable": {
|
||||
"locked": {
|
||||
"lastModified": 1703961334,
|
||||
"narHash": "sha256-M1mV/Cq+pgjk0rt6VxoyyD+O8cOUiai8t9Q6Yyq4noY=",
|
||||
"lastModified": 1712791164,
|
||||
"narHash": "sha256-3sbWO1mbpWsLepZGbWaMovSO7ndZeFqDSdX0hZ9nVyw=",
|
||||
"owner": "nixos",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "b0d36bd0a420ecee3bc916c91886caca87c894e9",
|
||||
"rev": "1042fd8b148a9105f3c0aca3a6177fd1d9360ba5",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -453,11 +453,11 @@
|
|||
"nixpkgs-stable": "nixpkgs-stable_2"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1703991717,
|
||||
"narHash": "sha256-XfBg2dmDJXPQEB8EdNBnzybvnhswaiAkUeeDj7fa/hQ=",
|
||||
"lastModified": 1712617241,
|
||||
"narHash": "sha256-a4hbls4vlLRMciv62YrYT/Xs/3Cubce8WFHPUDWwzf8=",
|
||||
"owner": "Mic92",
|
||||
"repo": "sops-nix",
|
||||
"rev": "cfdbaf68d00bc2f9e071f17ae77be4b27ff72fa6",
|
||||
"rev": "538c114cfdf1f0458f507087b1dcf018ce1c0c4c",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
|
|
@ -1,28 +1,28 @@
|
|||
-----BEGIN PGP PUBLIC KEY BLOCK-----
|
||||
|
||||
xsFNBAAAAAABEACgnoiAZQChPJOD9Bh4VxtX+/KWZXBrw9HhK1aufLH2Q4bS+mrg
|
||||
Te5SgFrfsiiYOvo8O2rESmMIWAHRSGxcdcT09+ZZtZxlxW7dmoUXLaPY+Xft0oDT
|
||||
ekLBs/g3N9qAXYq8XC/YNw0R1FzhComq/enQT2OTcaWES3b2OlFAkn8SVSTTdKgG
|
||||
jfmPPjDuTTYWPDPPmVRhaRkT/AcByyRcEcYxw4Zn+62iY9ZuV8FG0O0UcR2I/vEw
|
||||
KwYxHBC4IiqWvCmeJ3mEcf2NBbLwp2hB79dyo9RN8zxbu2mwrCNNO0hbkJGsxom1
|
||||
NjKh7KZz0eaIpb/WAesimHCaAXcB9ovGiyyHjECmZkvKlAXMttrPkF5QJZW2Iao7
|
||||
jcdcT0CNhC9fUwdBPIVRVjQQPyCWrqZEas+zG0tU8nbMy+uI/rT8ALC0zSgQMVyr
|
||||
YDIM7tYHbuBjgHja8gvwAa116L+uTXzkCTuH3OQHowtuvDjorXDKNs5akqJpAPHF
|
||||
a/fhXzjtY6RfLVp0Hj1+fnwrzMs0D1YdlJEjsBxvpieMTGPXH0YA5ondK/OsHsQD
|
||||
uzUgKzgGpq8Kp7hXhxi8gevHmNgVN1F4CNlTy0qOkFgD8U11Fk9O4svI+OtzslPr
|
||||
/EXRC/faJeFdT20M0BIqhQVWZFiRRMMsHJgZ04mWG40Wysm8esZ3dwS53QARAQAB
|
||||
xsFNBAAAAAABEADJ6iuUnKyoNZU26YWhsIHwTIkhxnNCNDHrq42wSqDgBFU8QyzC
|
||||
Nd8c34QghVGeqCFr/Md5xXMtgCmoNzFCMullb6PwDIYZ+9SP03B2seoqhnRwp1WG
|
||||
twejt/dP3QgOBP3G4Tr8uxcdHFnLDvkzN66QyV+LcnzrEf0Dw/9y31Nuo5TlG7UT
|
||||
cUCg36a3l+1tTlc3VnGwjt5jc59teD619h1s5tU5zMlcgjhFMMVKHXH1oc8zK0Q4
|
||||
va2YyfW+yWZx9Fm9BWF3VLuBdVlPuHVSCZ/Qf/ykDs8nm7Jvwi/I2TQiAeFN7ln9
|
||||
vPAYy4z0SQP/w44kVLCe5Mkw4H53LRocPBgxSflzqnJuuEQGroq0xgbP8+xJ8R0h
|
||||
5WPqLuy86PhslFsuIfKJgzVsNsz3svBxHO6G5bIsVgIjdfT4QPGxVQSvXG0RpdV0
|
||||
HzhUKojENcS2MEB7MJOLu200Ce3tjuaZD+nPUyH9LilNVgEJXMN0+9SfXmzyH1mE
|
||||
ENW6JWUC+oDgweodltJJ2z3kiaXf0GUNWFEv5P0uxkky3nsed4lDmEs0j0nT3YoS
|
||||
0hemgdK8X3ZRMuLAxGLCL0SykmsbOdTTzZ/QCak8/0jI8iko9eDrmJ4rNkrQYT4+
|
||||
TM0JEpI3wA4ksl5WcB2cpM/G8buw/zNTycgbjcKoYL+E2K+L7JeR9F1DgQARAQAB
|
||||
zSlyb290IChJbXBvcnRlZCBmcm9tIFNTSCkgPHJvb3RAbG9jYWxob3N0PsLBYgQT
|
||||
AQgAFgUCAAAAAAkQ5fw8qjuBB6oCGw8CGQEAAOyUEAAHW0hbAjCKylnIaezMqNiG
|
||||
yDwfM+MpNXaqB4sG0UUiIdgSUTk06PN5dlQ0Jfvh1I7P9y8CxqamlqCUXiqqWEOR
|
||||
Am3Q7oxQKQdSDz//2ijWLdNFcT7bxZvNKQ/T78UYka/qmuLHx2jSuakAX2pAUrOf
|
||||
K7mbElSu8LD0y8hIDEyxuzB/aL13sHh1LkOUCSEgZ977EEfIEgPidPwEtGJvEbhN
|
||||
DaP94cLNapv/lWux8+O5dzKi4R7ghXl6IvrP2LPXQSPF7C3mMZ1ZSX1nFxRjALXi
|
||||
xiFbrJFkwEQQmVro/3wX9BZSmt6VnFRKkXnsCLlf9eT0aTmTirtqHgfet0PHqTNt
|
||||
CxrlLKTZFN3ZFropGZ070ESs4i6WZUBpTdsYh/htyo5bWMcHO8J+K+Ttd1M8btM4
|
||||
RtpAc/2UXa4+dVpLOGqdqkmUEJLVLyGnj9wZZgkx3tWGhjnSohCW3YqffQYlXUFn
|
||||
xuiQQ8jKM6luuunMXLt6D9dzOch70z9bnjOm1Z6q/S3PIzn++awzA6N3VTKNuUBP
|
||||
Phs6hlcAeqdQ6Q2EiS5iXKqPdK1nd9cPKzHOJf1fwlaRPSKeCtXUgkjAClu+heEn
|
||||
rst1nggIhCBs+rHc518BVZvISLNVlj5LVwN0mKOk9YPuZItBCGX96WWJZdMHeZk0
|
||||
MsxjN+we2woCXG5SJGYOyA==
|
||||
=UTw1
|
||||
AQgAFgUCAAAAAAkQ2maxnYRbMVYCGw8CGQEAAMkCEAClRHcH4fUUpdXroevY9qpR
|
||||
O6op26pqBZ839HoD9f4kaZXerhURWVGPcV81uUapR5/B8Pk/OK9LskBetDvoc+J1
|
||||
+B3vM34cRIzbSs55BVrx/Mk6Vn9utPoyutlaJ/b5VMCmz4f2zU/XwPbXOzouvVrn
|
||||
uy/bqY7aNz0eoeU7lKXrXc9as+VoJgc3Ty9Tt1vPi8lfTeQfmxUDtoer47dhn89C
|
||||
3fL9R5/4utKt5nRtweOh6+z9T36jNodeHy3VhpuMnUBKsWSQn6Op2sLoeb6FJbh0
|
||||
t5Tz1AZhqjT4HY8bGWK8v2i916BmGseFjge7CECYg9M5MydznHl9z87sBUiruGs4
|
||||
fQTZi8IQySaQ8jCqCx+PB1PYUAsZj4j3o74mx2/erAw8gxBlrme44CuikVdbEKMV
|
||||
qYzW/jVJ6EPobtmq+XN8UzU/arf5/BelcU73sQK9fbvCqi47ZMyjC/3UqZ0O12xt
|
||||
uUjf2IcDl8TyWZ3nSSUV7npXrrT05kC6WMK46TwO9wv8F3v3/35UmonAJt8qp/lw
|
||||
2PNR5W8Sqxr2s+yhkOsh2xwuqBQkdxhqRKeqTv4+kdGAk6ZUmuHmGa1Qni6VsaKT
|
||||
TuNRRTEBfQ0QiqF8+lleT2dP4cKI2vAbI0zvyjX6KvNGRb1VlJw3D6Pa0nXW/YQU
|
||||
NxR1Jvm5bnGfUcnNlzoB4Q==
|
||||
=6o0h
|
||||
-----END PGP PUBLIC KEY BLOCK-----
|
||||
|
|
|
@ -5,67 +5,39 @@ EKpaQ5+0H1NpbW9uIEJydWRlciA8c2ltb25Ac2JydWRlci5kZT6InAQTFgoARAIb
|
|||
AQUJA8JnAAULCQgHAgIiAgYVCgkICwIEFgIDAQIeBwIXgBYhBNSKGsqxzb0XAVFm
|
||||
K7GgtKRYhaAxBQJlrXkpAhkBAAoJELGgtKRYhaAxe14BAMF2Sj/NbHEfPPj/FH0/
|
||||
Pndzxihc7T7JOO9TxwsHMdidAP9eGoz3DgjA4gOtJUDwK70G6XwGnXrY8k42AcNE
|
||||
B0JHBIkCMwQQAQoAHRYhBEfnVZ4DejVlLbv4qo08gvnzCfjsBQJlrZp3AAoJEI08
|
||||
gvnzCfjsE2IP/RZoV3xvTi9ks5mpClnxdofGR4r2IVFw8TMQLSFfAHAtEJQ+R8fx
|
||||
0Yk+yoBNjt6JFKsvVVyVTZsK5cZcECSaX8E5gAYIB0+5S7TAC+DL9lDhWqhJnvOk
|
||||
5nWIM6gdey6H4lmwjMQT9deWFBlHI/4+eEv65B2tlPZH7x2EbXywe5TgAmCAuXBI
|
||||
7YOCebPh66n0ezJkw0SkEmz5+yMfj/vQNQxvRUpGpMEPDAUvIWEJ+Mb1XRuSZlYy
|
||||
Z8fNh0lMuvDf/GAwoFLiQM8ToprYT1vVnZ+IzEHkjYA1/nDTj1rDxiFCz+FCc+/k
|
||||
+7fjbtbmX1rSLu90jQZx3h0JEb9t4Zd0X9aOstVnqTi9pMWWyFcUgA71+21VqbIQ
|
||||
LccjaPZ0YK75on5YaD5ZmtHAl5ZD1VIXL0vnyN/XQYa4GUiN0qVwdG9QSEEe8gu8
|
||||
jjAWClU8BroyOtWamOlQWs/RPZsg1G5Nv5KcPJbw67sWzJZYvJhytRMg9yMWM/uC
|
||||
uSC30u/gA49YP2N32XsxwFo8LAUrqn22/WdgcR1NIhHDjzT4SWSTS/ec5lSB998e
|
||||
xw+41h4hDHwZn75HYi89FytjS0Sc8C4b2GPw8eqbhKHKMlPKJah2enFXkR85AZJ1
|
||||
wJGGhHhUS1mZ9e5SbY5ugtYj8v3Q3RMf47pqSHsO1Z9ojWBpAYforhTEtDFTaW1v
|
||||
biBCcnVkZXIgPHNpbW9uLmJydWRlckBtYWlsYm94LnR1LWRyZXNkZW4uZGU+iJkE
|
||||
ExYKAEEWIQTUihrKsc29FwFRZiuxoLSkWIWgMQUCZa13bQIbAQUJA8JnAAULCQgH
|
||||
AgIiAgYVCgkICwIEFgIDAQIeBwIXgAAKCRCxoLSkWIWgMZSoAQC+oKNXUW2Lm/pe
|
||||
kUVf9hTfXrS/gZjAPW9J00lNMV+beQEA7eG7fR5wzetZl/RImYLGLNNxIkg4SeDT
|
||||
Pf26Tvk9XgyJAjMEEAEKAB0WIQRH51WeA3o1ZS27+KqNPIL58wn47AUCZa2afQAK
|
||||
CRCNPIL58wn47JgND/0aTHhLlT7QGE9O6RV1kS81YeiQD5UvrJcYh9/wb7plXV/R
|
||||
+AJ9QUxnw9SKeyyFGjwQeWIkkdJccq8ov5ekz++ErCsFlQtvhzNMa+ZRRJ5XG1m9
|
||||
dyFUKAvZ9vo5EnYOTO72l3TEel4L3V5t6qeUGdJQoVBC3cmLHJ7Vs92cTrmrQnF6
|
||||
JXVgoj41iSmgnHdf8l0rsHc4/ODYDpZpOQjQj24Teb6Hj8jkjhNejGm6Ackcy6UF
|
||||
KIX4ZDQD2k9SlxDt2LGLjF2rHar4NFYNJwgzO1tMazjTDAV1J9zx44NFaC1dm4oj
|
||||
0Nz/xSYyyYyBoeqIG29qZrmWj5yIee64I+POX5REuLvf//64atEAkvODqg8ZhrXB
|
||||
Jd7BTtsRpUkkzwBv/ZHYJyEwLrUKLXpyx6GejksJ4fX4ftyWAgUOkDI06WI4WnQl
|
||||
WzTOqIWwbub3M53F8eOGvXLUd6PD3p8ARiCFG+5cqRimmd3WZ5g0C9YWnuKRAOrT
|
||||
mrquAFhAeaanp+MRihB9d0nj5Lfx3mtfLAWDHYTj+yXL7de1xJ8p2D4WekJJ9NRJ
|
||||
f8b9d+wswth/1NV/ly64J7aiGpVzE+WcpNGl9pcsisSiXOCGJatPvrl9h6vgU+Oj
|
||||
2HhE5vf9WmvHxkUwut1Tw2cw5KoukugDZWos8AZ671QebmfnebDUsmSfhkOymbgz
|
||||
BGWtd5kWCSsGAQQB2kcPAQEHQNbLdlJZfKhMRcRQUuGbQMQj+GtMr2p8vIX3JUQ7
|
||||
jNltiPUEGBYKACYWIQTUihrKsc29FwFRZiuxoLSkWIWgMQUCZa13mQIbAgUJA8Jn
|
||||
AACBCRCxoLSkWIWgMXYgBBkWCgAdFiEEXzvzUBHrQiHnqtysNH/4aZzaB3YFAmWt
|
||||
d5kACgkQNH/4aZzaB3ZYaQD/WrsAvw1SS8Q5dFc50dSEWQLYBelX114UfGuzMxaA
|
||||
jGEBAPtA+KG/kKbxI+QKUMx4oWcbCUyl5k0z9difkWrIs+sH8p0A/j2fQV8DVJsn
|
||||
fnyFdmEIS14LaLyBTQ411CLkOVI4l5yBAP0Xue1JzV1Spm8Ib5rbAB5l2Q39xwsZ
|
||||
IkGsiN85Wq7cA4j1BBgWCgAmAhsCFiEE1IoayrHNvRcBUWYrsaC0pFiFoDEFAmWu
|
||||
53YFCQHio10AgXYgBBkWCgAdFiEEXzvzUBHrQiHnqtysNH/4aZzaB3YFAmWtd5kA
|
||||
CgkQNH/4aZzaB3ZYaQD/WrsAvw1SS8Q5dFc50dSEWQLYBelX114UfGuzMxaAjGEB
|
||||
APtA+KG/kKbxI+QKUMx4oWcbCUyl5k0z9difkWrIs+sHCRCxoLSkWIWgMbaZAPwI
|
||||
xTyJqS+Jkc0OylTadktVGnlFYEa1t6qKrb4pRjOAIQD9ERVIB3SSzsNpVXG0djhy
|
||||
f+g3vpB5fdFdQC99OyI8PQK4OARlrXfCEgorBgEEAZdVAQUBAQdALPq5WxjDWC8p
|
||||
wx+ah8a8ry6/i34+wvQ3qOWs+1j9C3YDAQgHiH4EGBYKACYWIQTUihrKsc29FwFR
|
||||
ZiuxoLSkWIWgMQUCZa13wgIbDAUJA8JnAAAKCRCxoLSkWIWgMV9XAQDuKPEU5LHt
|
||||
GF0T1eo18OT4aXizqy17bSPQxbcn6MApNwEAtST8XQ5gki8TqeNQi5mXPjAUokcO
|
||||
m6uwogm73VCPOgW4MwRlrXgmFgkrBgEEAdpHDwEBB0BNSrEdKYMC34Wz/wQ3sm+w
|
||||
i5yKm1omkudkClDmC7YqB4h+BBgWCgAmFiEE1IoayrHNvRcBUWYrsaC0pFiFoDEF
|
||||
AmWteCYCGyAFCQHhM4AACgkQsaC0pFiFoDEwGgEA3uVUei5Y8u47o008cvx9dgb7
|
||||
0sWsh9Wf/O0QobCE6SEBANybL7eIdVo7gk/Po0lyiNnPIOmef9Hi6p1JUnWo3LcF
|
||||
uDgEZa147hIKKwYBBAGXVQEFAQEHQNUPZBqZtKL0ddaYG2wUN/vkuuMlrlZOfWbL
|
||||
pJVI4NphAwEIB4h1BBgWCgAnFiEE1IoayrHNvRcBUWYrsaC0pFiFoDEFAmWteO4D
|
||||
GwAEBQkB4TOAAAADxQEA+NbhkOn4hMn3P+/tov7At0jQJjjDYj4tg/9VW1SvwkcB
|
||||
AJEXPOQFLPYhegwq5G+lwlEsxE9LmBMBusML/3p4ZUYEuDMEZa18NBYJKwYBBAHa
|
||||
Rw8BAQdA62nilshWONc3snbvv6mbkTLMhBUPloemiLjknU81UIuIfgQYFgoAJhYh
|
||||
BNSKGsqxzb0XAVFmK7GgtKRYhaAxBQJlrXw0AhsgBQkB4TOAAAoJELGgtKRYhaAx
|
||||
F5wBALp/P2c+FV7WdwnI2f9zZFxmtrSwRbDPBGJ6bvCJ45QaAQCEQ4nF0Qxs2/qb
|
||||
DiRJ0ucWYLlUK9MR4tAXu7E/fsAPCrg4BGWte5MSCisGAQQBl1UBBQEBB0BvaxmN
|
||||
FsORwLciFERl9SldHn3fUXRyyrkDqVM1IfJyVwMBCAeIdQQYFgoAJxYhBNSKGsqx
|
||||
zb0XAVFmK7GgtKRYhaAxBQJlrXuTAxsABAUJAeEzgAAAxJ4BALCSE6rEiOwgnkMG
|
||||
DJtDgdO7nbLciQJWfH6KRx5/wMyjAQCADkDdpJfzH36nfi3plfV1uAi1ZhLVrZu+
|
||||
qUSS9QGfBrgzBGWtfzIWCSsGAQQB2kcPAQEHQPfsufQIdFzWK1B1uelCzt8XJaou
|
||||
blRPn1gjZvumSEr+iH4EGBYKACYWIQTUihrKsc29FwFRZiuxoLSkWIWgMQUCZa1/
|
||||
MgIbIAUJA8JnAAAKCRCxoLSkWIWgMVomAQCa2marlCeyEQQcOz3IFPFYCeth8+e/
|
||||
I6LgogPoVslMjQEA82iFX5eIFtAqaYqtZvm6LQFc0hI8JiQfpHt/FpxqNQI=
|
||||
=1z2B
|
||||
B0JHBLQxU2ltb24gQnJ1ZGVyIDxzaW1vbi5icnVkZXJAbWFpbGJveC50dS1kcmVz
|
||||
ZGVuLmRlPoiZBBMWCgBBFiEE1IoayrHNvRcBUWYrsaC0pFiFoDEFAmWtd20CGwEF
|
||||
CQPCZwAFCwkIBwICIgIGFQoJCAsCBBYCAwECHgcCF4AACgkQsaC0pFiFoDGUqAEA
|
||||
vqCjV1Fti5v6XpFFX/YU3160v4GYwD1vSdNJTTFfm3kBAO3hu30ecM3rWZf0SJmC
|
||||
xizTcSJIOEng0z39uk75PV4MuDMEZa13mRYJKwYBBAHaRw8BAQdA1st2Ull8qExF
|
||||
xFBS4ZtAxCP4a0yvany8hfclRDuM2W2I9QQYFgoAJgIbAhYhBNSKGsqxzb0XAVFm
|
||||
K7GgtKRYhaAxBQJlrud2BQkB4qNdAIF2IAQZFgoAHRYhBF8781AR60Ih56rcrDR/
|
||||
+Gmc2gd2BQJlrXeZAAoJEDR/+Gmc2gd2WGkA/1q7AL8NUkvEOXRXOdHUhFkC2AXp
|
||||
V9deFHxrszMWgIxhAQD7QPihv5Cm8SPkClDMeKFnGwlMpeZNM/XYn5FqyLPrBwkQ
|
||||
saC0pFiFoDG2mQD8CMU8iakviZHNDspU2nZLVRp5RWBGtbeqiq2+KUYzgCEA/REV
|
||||
SAd0ks7DaVVxtHY4cn/oN76QeX3RXUAvfTsiPD0CuDgEZa13whIKKwYBBAGXVQEF
|
||||
AQEHQCz6uVsYw1gvKcMfmofGvK8uv4t+PsL0N6jlrPtY/Qt2AwEIB4h+BBgWCgAm
|
||||
FiEE1IoayrHNvRcBUWYrsaC0pFiFoDEFAmWtd8ICGwwFCQPCZwAACgkQsaC0pFiF
|
||||
oDFfVwEA7ijxFOSx7RhdE9XqNfDk+Gl4s6ste20j0MW3J+jAKTcBALUk/F0OYJIv
|
||||
E6njUIuZlz4wFKJHDpursKIJu91QjzoFuDMEZa14JhYJKwYBBAHaRw8BAQdATUqx
|
||||
HSmDAt+Fs/8EN7JvsIuciptaJpLnZApQ5gu2KgeIfgQYFgoAJhYhBNSKGsqxzb0X
|
||||
AVFmK7GgtKRYhaAxBQJlrXgmAhsgBQkB4TOAAAoJELGgtKRYhaAxMBoBAN7lVHou
|
||||
WPLuO6NNPHL8fXYG+9LFrIfVn/ztEKGwhOkhAQDcmy+3iHVaO4JPz6NJcojZzyDp
|
||||
nn/R4uqdSVJ1qNy3Bbg4BGWteO4SCisGAQQBl1UBBQEBB0DVD2QambSi9HXWmBts
|
||||
FDf75LrjJa5WTn1my6SVSODaYQMBCAeIdQQYFgoAJxYhBNSKGsqxzb0XAVFmK7Gg
|
||||
tKRYhaAxBQJlrXjuAxsABAUJAeEzgAAAA8UBAPjW4ZDp+ITJ9z/v7aL+wLdI0CY4
|
||||
w2I+LYP/VVtUr8JHAQCRFzzkBSz2IXoMKuRvpcJRLMRPS5gTAbrDC/96eGVGBLgz
|
||||
BGWtfDQWCSsGAQQB2kcPAQEHQOtp4pbIVjjXN7J277+pm5EyzIQVD5aHpoi45J1P
|
||||
NVCLiH4EGBYKACYWIQTUihrKsc29FwFRZiuxoLSkWIWgMQUCZa18NAIbIAUJAeEz
|
||||
gAAKCRCxoLSkWIWgMRecAQC6fz9nPhVe1ncJyNn/c2RcZra0sEWwzwRiem7wieOU
|
||||
GgEAhEOJxdEMbNv6mw4kSdLnFmC5VCvTEeLQF7uxP37ADwq4OARlrXuTEgorBgEE
|
||||
AZdVAQUBAQdAb2sZjRbDkcC3IhREZfUpXR5931F0csq5A6lTNSHyclcDAQgHiHUE
|
||||
GBYKACcWIQTUihrKsc29FwFRZiuxoLSkWIWgMQUCZa17kwMbAAQFCQHhM4AAAMSe
|
||||
AQCwkhOqxIjsIJ5DBgybQ4HTu52y3IkCVnx+ikcef8DMowEAgA5A3aSX8x9+p34t
|
||||
6ZX1dbgItWYS1a2bvqlEkvUBnwa4MwRlrX8yFgkrBgEEAdpHDwEBB0D37Ln0CHRc
|
||||
1itQdbnpQs7fFyWqLm5UT59YI2b7pkhK/oh+BBgWCgAmFiEE1IoayrHNvRcBUWYr
|
||||
saC0pFiFoDEFAmWtfzICGyAFCQPCZwAACgkQsaC0pFiFoDFaJgEAmtpmq5QnshEE
|
||||
HDs9yBTxWAnrYfPnvyOi4KID6FbJTI0BAPNohV+XiBbQKmmKrWb5ui0BXNISPCYk
|
||||
H6R7fxacajUC
|
||||
=361S
|
||||
-----END PGP PUBLIC KEY BLOCK-----
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
<!--
|
||||
SPDX-FileCopyrightText: 2023 Simon Bruder <simon@sbruder.de>
|
||||
SPDX-FileCopyrightText: 2023-2024 Simon Bruder <simon@sbruder.de>
|
||||
|
||||
SPDX-License-Identifier: CC-BY-SA-4.0
|
||||
-->
|
||||
|
@ -8,7 +8,7 @@ SPDX-License-Identifier: CC-BY-SA-4.0
|
|||
|
||||
## Hardware
|
||||
|
||||
[Ionos Cloud VPS](https://cloud.ionos.de/server/vps) S (1 Xeon Gold Gold 5120 vCPU, “512 MB” = 443 MiB RAM, 10 GB SSD).
|
||||
[Ionos VPS Linux XS](https://www.ionos.de/server/vps) S (1 Xeon Skylake vCPU, 1 GiB RAM, 10 GB SSD).
|
||||
|
||||
## Purpose
|
||||
|
||||
|
@ -22,32 +22,50 @@ Okabe Rintaro is a mad scientist from *Steins;Gate*
|
|||
|
||||
Much like the namesake,
|
||||
this server requires a “mad scientist” approach to set up.
|
||||
However, it is much easier than setting up its predecessor,
|
||||
which had just above 400 MiB usable memory.
|
||||
|
||||
Ionos does not offer any NixOS installation media.
|
||||
I could only choose between a Debian installation media, Knoppix and GParted.
|
||||
Also, installing with a very low amount of memory is quite hard.
|
||||
I could only choose between various installation media and rescue systems.
|
||||
Also, installing NixOS with a low amount of memory is problematic.
|
||||
|
||||
I therefore created a VM locally with a disk image exactly 10737418240 Bytes in size.
|
||||
On there, I installed NixOS.
|
||||
Because encryption with `argon2id` as PBKDF is quite memory intensive, I had to tune the parameters some.
|
||||
What I settled on was
|
||||
`cryptsetup luksFormat --pbkdf argon2id --iter-time 10000 --pbkdf-memory 250000 /dev/sda3`.
|
||||
Because encryption with `argon2id` as PBKDF is quite memory intensive,
|
||||
I had to tune the parameters to ensure decryption was still possible on the target.
|
||||
This can be done quite easily by interactively running the following command on the build VM:
|
||||
|
||||
To make btrfs use its SSD optimizations,
|
||||
I had to force the kernel to see the device as non-rotational:
|
||||
`echo 0 > /sys/block/dm-0/queue/rotational`
|
||||
cryptsetup luksChangeKey --pbkdf-memory 100747 --pbkdf-parallel 1 --pbkdf-force-iterations 29 /dev/vda3
|
||||
|
||||
Another problem was the usage of VMware by Ionos.
|
||||
The VM I set this up with was obviously using KVM/QEMU,
|
||||
so it needed different kernel modules at boot.
|
||||
What worked was setting it up in the local VM with both libvirt and vmware modules,
|
||||
and then removing the libvirt modules once it was installed on the target.
|
||||
The memory size was obtained by a successful run of `cryptsetup benchmark` inside the initrd on the target.
|
||||
|
||||
However, since those parameters are not ideal,
|
||||
the following should later be run on the target host itself:
|
||||
|
||||
cryptsetup luksChangeKey --pbkdf-parallel 1 -i 10000 /dev/vda3
|
||||
|
||||
This will determine the memory usage automatically,
|
||||
use one thread
|
||||
and set the parameters so that decryption takes 10 seconds (10000 ms).
|
||||
The memory usage will not be as high as it could,
|
||||
but it will be better.
|
||||
|
||||
Getting the disk image onto the server was done
|
||||
by first `rsync`ing the image to another server (to allow for incremental iterations),
|
||||
which then provided it via HTTP.
|
||||
Using the Knoppix live image (booted with `knoppix 2` to avoid starting the gui),
|
||||
it was possible to just `curl http://server/okarin.img > /dev/sda`.
|
||||
Using the Debian installation media in rescue mode
|
||||
(as for some reason most other options tried to cache the file in memory and became very slow)
|
||||
it was possible to write the image to disk with `wget -O /dev/sda http://server/okarin.img`.
|
||||
|
||||
Because of all the pitfalls of this,
|
||||
you probably need more than one try.
|
||||
To make debugging easier on the target, the following option can be set:
|
||||
```nix
|
||||
{ pkgs, ... }:
|
||||
|
||||
{
|
||||
boot.initrd.preLVMCommands = ''
|
||||
${pkgs.bashInteractive}/bin/bash
|
||||
'';
|
||||
}
|
||||
```
|
||||
|
|
|
@ -9,7 +9,6 @@
|
|||
./hardware-configuration.nix
|
||||
../../modules
|
||||
|
||||
./services/static-sites.nix
|
||||
./services/proxy.nix
|
||||
];
|
||||
|
||||
|
@ -22,7 +21,7 @@
|
|||
|
||||
networking.hostName = "okarin";
|
||||
|
||||
system.stateVersion = "22.11";
|
||||
system.stateVersion = "23.11";
|
||||
|
||||
networking.firewall.allowedTCPPorts = [
|
||||
80
|
||||
|
|
|
@ -5,6 +5,10 @@
|
|||
{ lib, modulesPath, ... }:
|
||||
|
||||
{
|
||||
imports = [
|
||||
(modulesPath + "/profiles/qemu-guest.nix")
|
||||
];
|
||||
|
||||
sbruder.machine.isVm = true;
|
||||
|
||||
boot = {
|
||||
|
@ -12,41 +16,34 @@
|
|||
extraModulePackages = [ ];
|
||||
kernelParams = [ "ip=dhcp" ];
|
||||
initrd = {
|
||||
availableKernelModules = [ "aesni_intel" "ahci" "sd_mod" "vmxnet3" "vmw_pvscsi" "vmw_vmci" ];
|
||||
kernelModules = [ "dm-snapshot" "vmw_balloon" ];
|
||||
availableKernelModules = [ "aesni_intel" "ahci" "sd_mod" "sr_mod" "virtio_net" "virtio_pci" "xhci_pci" ];
|
||||
kernelModules = [ ];
|
||||
network = {
|
||||
enable = true; # remote unlocking
|
||||
# for some reason, the DHCP server does not transmit the static route to the gateway in a form udhcpc understands
|
||||
# this works around this, but is arguably quite hacky
|
||||
postCommands = ''
|
||||
ip route add 10.255.255.1 dev eth0
|
||||
ip route add default via 10.255.255.1 dev eth0
|
||||
ip route add 85.215.165.1 dev eth0
|
||||
ip route add default via 85.215.165.1 dev eth0
|
||||
'';
|
||||
};
|
||||
luks.devices."root".device = "/dev/disk/by-uuid/67f2990c-636a-4d80-9f6d-7096fec9e267";
|
||||
luks.devices."root".device = "/dev/disk/by-uuid/1dcb9ee1-5594-4174-98a7-a362da09f131";
|
||||
};
|
||||
loader.grub.device = "/dev/sda";
|
||||
loader.grub.device = "/dev/vda";
|
||||
};
|
||||
|
||||
fileSystems = {
|
||||
"/" = {
|
||||
device = "/dev/disk/by-uuid/8e3082d1-4af3-4d5d-9fde-d30dc7552d41";
|
||||
device = "/dev/disk/by-uuid/3ab8f4a7-952c-4b6c-93c6-7b307d5bb88b";
|
||||
fsType = "btrfs";
|
||||
options = [ "compress=zstd" "discard" "noatime" ];
|
||||
options = [ "compress=zstd" "discard" "noatime" "ssd" ]; # for some reason, the kernel assumes rotational
|
||||
};
|
||||
"/boot" = {
|
||||
device = "/dev/disk/by-uuid/883c77e8-53bf-4330-bd9e-89ef71ad9518";
|
||||
device = "/dev/disk/by-uuid/97aec56b-5fea-4445-83dc-4a20dcf482ce";
|
||||
fsType = "ext2";
|
||||
};
|
||||
};
|
||||
|
||||
swapDevices = [
|
||||
{
|
||||
device = "/dev/disk/by-partuuid/d9cf5716-25c8-4f72-80e3-696e0dfe1079";
|
||||
randomEncryption.enable = true;
|
||||
}
|
||||
];
|
||||
|
||||
zramSwap = {
|
||||
enable = true;
|
||||
memoryPercent = 150;
|
||||
|
@ -63,11 +60,6 @@
|
|||
name = "eth0";
|
||||
DHCP = "yes";
|
||||
domains = [ "sbruder.de" ];
|
||||
address = [ "2001:8d8:1800:8627::1/64" ];
|
||||
gateway = [ "fe80::1" ];
|
||||
networkConfig = {
|
||||
IPv6AcceptRA = "no";
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
|
|
|
@ -1,80 +1,80 @@
|
|||
wg-home-private-key: ENC[AES256_GCM,data:4L8aIvgFi+mBjnyVy5IkPaeJRadJ5NCKZprSkBPwMNiVaIscjAdp2yinBSk=,iv:6pBo+6M4EkEjz184XvisWXEoomqJXa4M8Qa4nJHI65U=,tag:3DEsmA2xxAlx/PSbD3HOIA==,type:str]
|
||||
wg-home-private-key: ENC[AES256_GCM,data:RkdgneGhH7prr/tkvHJeChQku2eXve9pV/SvtwsOjeinYO9veHw0rimdonY=,iv:vK6zNpu8F+TSLDTaif686Awjhs8WS2XJHzMtlvqlsIM=,tag:aKhV+kspVu+0CgPmYersxw==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
azure_kv: []
|
||||
hc_vault: []
|
||||
age: []
|
||||
lastmodified: "2023-05-06T08:49:32Z"
|
||||
mac: ENC[AES256_GCM,data:B7e3sh96p2DlqM2SgHWoJ7RZ2q5tnZ6lohNc7UKmwG1HTkrPKW/6jobW2InQnbZn1bPmCERoJIF9QyUz+OxotTiKIXxSL7BJkkfpIkWy9IgjIeADjevHkplm2rXONiXaM2sD46bPKbuRzuhbCZtNwUH74gTVfKPVLVrzpnPRC74=,iv:TTXlBGhO7xLCC3Ad+xiQKmy4b0n0vuQRaCdoe7vpzSE=,tag:dZCharRGK//w48ePu7d2eQ==,type:str]
|
||||
lastmodified: "2023-12-25T22:06:33Z"
|
||||
mac: ENC[AES256_GCM,data:VbjyqrqDLCBDD9vGOHxSzsr9a5ZFFBJUkBRxJYBLereMDvInPFZnTwplHHkS5TdDFFAsjrcCgpCuPsUIbDdxFUNNtjdIe5JJwFMwT8XEFrgcswMGSKD6mIH2VBWop5pqoAV0eQ3YfKtDyhNHwixR8a+Z+hbGAY01Z19yteo51ZM=,iv:69EeBag+iUEoa18I0w1HeJKRwSQVCMRqUdV2CzUzMnY=,tag:WViKXJExL33jQAIWHUS8xw==,type:str]
|
||||
pgp:
|
||||
- created_at: "2024-01-22T00:20:17Z"
|
||||
- created_at: "2024-01-24T12:19:03Z"
|
||||
enc: |-
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
hF4DLHeEFiC484ASAQdALOHWjRYEy+oURe+ERyiQYDjFPDniV0awCBMahhaLzCMw
|
||||
faMYpJTpirKixpFnPQ1W0aIiQ2/grcEJ4qYyXYG7GrqLcFMQfZOV8humZOLnZNB6
|
||||
hF4Dub78fMESoMASAQdAhpmpD8cyJSauuTHM/RTjLybR1VUGcIY7kLqrB33QLG8w
|
||||
aLu7q0wjY0Rs+7PtJiSKd6O4VOBRrsBmLc7QuBZ4cgBwUfE38g8LuXayuOLZQNb1
|
||||
hF4DM6AcvgVUx2MSAQdARr9S5DSGRJOcv2IgYMzko8fkMHlIR9uIJdJLMdcJER4w
|
||||
RjcC/s5+P0b7wy9bIaAv3vk3FX4hw56QzhqAXcA1zU1kyjEHPnv3qsiiQbcKDjb0
|
||||
1GYBCQIQG5VczwWUidoTYkHgZveZhkVyYIiZc/YQrY6n71OrVnUKaH5kZn1XrMKE
|
||||
zRzcc4XCiu8CaSkQp68eqKeHwI8U5N/LAtjHbACxAq6GHatf/+LvJx4CbUrPZxw2
|
||||
PWZwSFBCZEg=
|
||||
=r7sK
|
||||
hF4DLHeEFiC484ASAQdA4PdmtZTlpcdfuYKSuKN6X4EGjh/l2D8Jxt7dg1y/Z0kw
|
||||
ScG/nWs9hVMFTBeqSM0eHgFfcZhBB/L85eNf9thktTUbcWq0GEUcz5mwUqILtkfA
|
||||
hF4Dub78fMESoMASAQdAMcVZokes0YKtbUZp7b9zq303WXPga5yn8LbhnaRrHycw
|
||||
+ECn4t8y8SXFICpAZ5n+xj5U8MdmdKOzhNQLleFKIHtWdyeUlwFi0qYYP8MRCLTB
|
||||
hF4DM6AcvgVUx2MSAQdAIzXqgZ8WiIxIV05BumWLsyZUChwvDQc47NMd5ehhBEQw
|
||||
I1LY11LTNENypr5q0mhy615kIbsdhpzAVLf4Bkf921zABsfFzuY5zJHqi8SKVm7/
|
||||
1GYBCQIQHPC99/GrpHG703gozt2I0P2XMhlRpzj359qStWaQZ8NBL5Ugo5BLvphf
|
||||
1/WYAlvnH4Uov2TxKdQs65IJSadQgs7lBWB5gqHklZ76E4Q+00oMQxwGjzMdddA/
|
||||
hRlLbnUDE1Q=
|
||||
=ol1Y
|
||||
-----END PGP MESSAGE-----
|
||||
fp: 6CD375BD0741F67E5A289BC333A01CBE0554C763
|
||||
- created_at: "2024-01-22T00:20:17Z"
|
||||
- created_at: "2024-01-24T12:19:03Z"
|
||||
enc: |-
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
hF4DLHeEFiC484ASAQdAGdRYvRfki1zKA2YHnPprf1ld5kJkai4fzxuuH1D3DRQw
|
||||
zt5XhSFMx5ii7C3LIVjGgKnn6A6KTe1Tj314OYtrLeCGV8Eli+eOiSgi4c0nL709
|
||||
hF4Dub78fMESoMASAQdAb38j/KxQlLRJLrtE5mS1XVCmaEIvyJU1uVcSVU3Bdhgw
|
||||
f3iepOZgggHOCiHOCs+UWRmiudwoYqMzXF8G9pb6ESsy01cc1y6mXPh6sftKc6Iz
|
||||
hF4DM6AcvgVUx2MSAQdAhq0ynXfS/eYrDAYdxj/qyEg8c2lHFYSaUVtr6v3B/Rcw
|
||||
Su08ppwK9wSbVaEL6p4NPJ0q9mt/36OsvZNaEWL2i7kkrD6q+2yvaGwh/fPcokWI
|
||||
1GYBCQIQRzg0YDKpmBGZY0sC37nIkUC4blEpFTgl+lma0ZQ9PUfbRP3ijRrxyPv/
|
||||
aNkUpVAVxjh3VnV/NEm2s03x62iO4uiGoU0BUeI8Jjy4Tvuuodvmfpd4wZw7Mq+V
|
||||
B8h2L/JR7Yo=
|
||||
=/wMt
|
||||
hF4DLHeEFiC484ASAQdAaXq+nn0DDx+RAkEC+x+yeP5xbCIdXkR9tQCgWx1s0jkw
|
||||
VRgFkiBa6IsS0vmYknobXkizETtNjEhJ8vNw9nP0zPdjuUZBId2/bJZa7aFdIFRU
|
||||
hF4Dub78fMESoMASAQdAMLbBcLnc+5UVDsx50SgCVjQoHO4JGE53DE6Q+frDEiow
|
||||
rVFbLxWlJ/aw9baRdKUMkIUJftnImUQgolXvEfUjdS/oOdY69r4psLlHLQX11Ow1
|
||||
hF4DM6AcvgVUx2MSAQdAUZV3q/IXwUbRv9EokTe+4o83XzeS1h4GK3/3wjnKDHkw
|
||||
xHFJR2clEMDlaq7Rx3FTr2a7MlzSnzBLtIwdw5b9ytuRvHjD5q7zCf5bihYnvdjV
|
||||
1GYBCQIQFt+CYziUXtEHjJFC1t+S3qkyPRAsVgZL8WlxbKzteW0NOdIZofHx6skG
|
||||
Ebn8aadKcGg534DkwEt5DpIosXKUx4LN5xsCNoU9dHFYMSFE2nzJE4KNFJ8tzRQk
|
||||
G+tyNMgCYhM=
|
||||
=2QnY
|
||||
-----END PGP MESSAGE-----
|
||||
fp: 0C8AF4B4320A511384DF6B5BB9BEFC7CC112A0C0
|
||||
- created_at: "2024-01-22T00:20:17Z"
|
||||
- created_at: "2024-01-24T12:19:03Z"
|
||||
enc: |-
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
hF4DLHeEFiC484ASAQdAoM3SQYYUQq6OGImJaecw42BZOwOec75IWS00ZorR31ww
|
||||
uaRdi54liGiKpjaebhPcLkX+0TKcW0h11kw6X1wrru1JWi3YLbjohv0qCtfa4wpc
|
||||
hF4Dub78fMESoMASAQdASH4+jxa7Qr9AkJpHHPmMx9cj3XyPXLpfzXJ7Yb40pHMw
|
||||
zBiVmQApa4K+ZOVw/vpcSNaN6FufFoDb5IguwHIq+9vILvjvku6YFgAJ4gC76LOP
|
||||
hF4DM6AcvgVUx2MSAQdAZGNp/j1sF0rmHhImhnuhgpn9NgRuFtL+BH5dorvrPwIw
|
||||
mK5LsWHvyBFyC+SDNe4mrRkdia/xPECmcWrbvptGVjqlZnjmUbtrYhG+j5O6/817
|
||||
1GYBCQIQ/du7No+ULrBrjWc3q826ju8AqekySHtteKZclRmcHSNP4UEXcmTEMRNL
|
||||
8lMJYK0G3uA9FXO9+2E39k/nIatBGuoaukW7zCouB3bLARZE00Oqh6qHCWVyFJ/S
|
||||
Gzwk8dC0wdc=
|
||||
=BWUr
|
||||
hF4DLHeEFiC484ASAQdA6ojEbZ8HccTtorNbyw9aVKO73AJy6jTGV/qLt+FWoRgw
|
||||
SsOLiL0UmF1OV7zmXE0ihkWivPqLHtp1U89aYucpAA69DIh4+6M7GUk1xDMxFfRo
|
||||
hF4Dub78fMESoMASAQdAV2z2DgUz2xWopnDzXywdpHb9eMe9ZxdABxpOJ0ECeBww
|
||||
wOC1x+IKIbIRZBDL7jbVUOk1G+GzCL4M7/G7XFSTFYMKvMKkc0Rh69pywFuGaqG8
|
||||
hF4DM6AcvgVUx2MSAQdA7bKGjcW81bzf58FlGGVDy/HjNyuEPNSVZXy0M+/WZAcw
|
||||
3iXR9MecA97bKKKhLyNSdYmYlAjZJVIdwd6vjNWjxaB7BIWTYhudTjHesLMxB0vc
|
||||
1GYBCQIQlp1TDaBVxalDkeCEjDMRFatgJ3CwulzzW9B8qywOooS0BNtNbtTKGwEh
|
||||
AxDL+wdeqkPABQ0wQ8hYGOw5z665jEOC2JbqbQ7N6LPQZRx/MowO2dGT/kKh2U9H
|
||||
VOK1Bc67BzU=
|
||||
=3z3V
|
||||
-----END PGP MESSAGE-----
|
||||
fp: 403215E0F99D2582C7055C512C77841620B8F380
|
||||
- created_at: "2024-01-22T00:20:17Z"
|
||||
- created_at: "2024-01-24T12:19:03Z"
|
||||
enc: |-
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
hQIMA+X8PKo7gQeqARAAhtUvR20r2NV8SNWVuVSopTfCGwaJV99+PEp/l0UjHX6B
|
||||
lpHgQNHegP6YEsAj5HNFEcV3vM+nbC0hbTtcERBZoxTkyDPOaRAyJpNfGniZVxxp
|
||||
jxSr/unCN6aJCbdqJZZZlitq84brMQWUE373Rb9B4cNdTYONabZbzZmwTDyzkVR0
|
||||
ctjmkdBG0upqNn7vukSIg7DM7D9pFolS9142reF7e5jTlxBFWR1Jt+O9A1zypfvq
|
||||
tK2z9C1pM9LDRmUrKJ/HOKwu6P6USeTKFrp7Gfjr1UkmbgNunxgsdI6gwKY38SpJ
|
||||
T+tELs68oC5pGFpZufnYkrGL313HC7Vp/+2+m+W5qXbyNqhDS6uVQHjqz/ROqByb
|
||||
YwJw+x7810nL8+SleXst8oZpxDNDm+TnvWQAH6WiRBSpgVwy945SMvGG+1FLYps2
|
||||
qOsRMjr+titLZAaUpmIh/oDHG/XOpKPQflcc4/V7t2HK6vLX+xvPIQU8Y5TJkr1T
|
||||
nIIh7sMZBUldnUGUfFE3ksP5Gje5OHqK8xoFwYHFGK4QQzXFjPFN2QNvni2z9Y4R
|
||||
LLMvyEavqgIa6AeseqMnLuB2hz6wy/JNU/EPUalNca6RleoVA0DjKgjgDTlhQ5Al
|
||||
a6sRTy+KmXFfzdO97MJJEkNgA1Hbi1/IpREeA50lYtrDqUvhxw+l1V8N7jw+ZWTS
|
||||
VgHYyLUxdmOUsqEgQPVA7jiqWePwFEuEDEDVE+d6CcuvFuHFNV1jJEjit3R0wJOd
|
||||
QpqnfxW4QTD+JFNJgrD7bj4y1Gu9Z6Lg1IBnHnOwDIoCJoAHp0y6
|
||||
=sy/X
|
||||
hQIMA9pmsZ2EWzFWAQ/9Gl4dO83SmvGHyhEfile6G9ZUmhxwU2RFpPwEmjh4CV/v
|
||||
z1k2zgdF200a6tj96977VhjhIG/LZioEi41M1QdIqgkGsKy89DluCY9RDTqMmqzo
|
||||
w65JhI+PQqdQuKlsbUh2VLql7LijoIUxuBPowWG1lULZtEvRuCchM5rLFiBSC2YO
|
||||
DA0T73kC2P89CNZlOllZNnVRCRrxm7IsEO6Mo1yOeJL16mYqC9qGGKnvYEbsSm4n
|
||||
7ZZJvxXGnNzaXisyyjcJNgtsJAUX4TTlPH+Y2jpkhdHUvOkiwVQEokmnqTIKUp0e
|
||||
7Dc6ZXApFQ1DlMMsjLwy+5AQJQZbY4p4jo9rvmON5i5DLPy4rN5yf8W7zwkuy2gN
|
||||
Id53gxDZxHw0+mRsfYRrdOvmfUqqz79TyWVV8bvHR2Mo3shdL1fsWOzTlm66Y9Vt
|
||||
4coJxgUsJEFdnsnXAFep2V18Ypg36b9wQXtZDXWtTg36UliZZ95sUAG2vHQDS50b
|
||||
5XG07m1w8YgQSeiCObteAt4PqxEs1GYWmtRUmr4jvRQQzmVXCQP6+o0QJ5WK9bKl
|
||||
auwT+H7POBJ3l+h9ykvmOidkAzeN7EWIirzvhDHsxvCklGCyo+Y3W5ZaLaFGfc/3
|
||||
pdj1G/REVT6aQMtSuYUsD7QoZeiNNBNJXAtUuUS6mWxch8RnkW718wxYZLvi03jS
|
||||
VgHaVWepbw/q0COmjyofCt1qZH+WMKSAguiQ6PHWAdP3hnzGgd7Qo84W54Fb3m1R
|
||||
da72FFnILc3IYImbJI6QgJxAeS2K95nIWKdSix07c+m0zzFkemnB
|
||||
=F0pC
|
||||
-----END PGP MESSAGE-----
|
||||
fp: 868497ac4266a4d137e0718ae5fc3caa3b8107aa
|
||||
fp: e7370b48016c961ef8ad792fda66b19d845b3156
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.7.3
|
||||
version: 3.8.1
|
||||
|
|
|
@ -6,9 +6,7 @@
|
|||
let
|
||||
proxyMap = {
|
||||
"sbruder.xyz" = "renge";
|
||||
"nitter.sbruder.xyz" = "renge";
|
||||
"iv.sbruder.xyz" = "renge";
|
||||
"libreddit.sbruder.xyz" = "renge";
|
||||
};
|
||||
in
|
||||
{
|
||||
|
|
|
@ -1,20 +0,0 @@
|
|||
# SPDX-FileCopyrightText: 2023-2024 Simon Bruder <simon@sbruder.de>
|
||||
#
|
||||
# SPDX-License-Identifier: AGPL-3.0-or-later
|
||||
|
||||
{ config, ... }:
|
||||
|
||||
{
|
||||
sbruder.static-webserver.vhosts = {
|
||||
"maggus.bayern".user = {
|
||||
name = "maggus";
|
||||
keys = [
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAWGXaMijpnm3RSH/PIVxkBRDIi1f5nMW/aS26g3b71M nils"
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJEF8o2ezSEXwWoAcdoeJs+wsZM/u8x+vtRNU3FXOMIT nils"
|
||||
] ++ config.sbruder.pubkeys.trustedKeys;
|
||||
};
|
||||
"arbeitskampf.work".user = {
|
||||
name = "arbeitskampf";
|
||||
};
|
||||
};
|
||||
}
|
|
@ -33,6 +33,9 @@
|
|||
};
|
||||
wireguard.home.enable = true;
|
||||
infovhost.enable = true;
|
||||
wkd = {
|
||||
enable = true;
|
||||
};
|
||||
};
|
||||
|
||||
networking.hostName = "renge";
|
||||
|
|
|
@ -136,8 +136,10 @@ in
|
|||
{
|
||||
job_name = "knot";
|
||||
static_configs = mkStaticTargets [
|
||||
"okarin.vpn.sbruder.de:9433"
|
||||
"vueko.vpn.sbruder.de:9433"
|
||||
"renge.vpn.sbruder.de:9433"
|
||||
"okarin.vpn.sbruder.de:9433"
|
||||
"yuzuru.vpn.sbruder.de:9433"
|
||||
];
|
||||
relabel_configs = lib.singleton {
|
||||
target_label = "instance";
|
||||
|
|
|
@ -3,11 +3,7 @@
|
|||
# SPDX-License-Identifier: AGPL-3.0-or-later
|
||||
|
||||
{ config, pkgs, ... }:
|
||||
let
|
||||
goneVhost = {
|
||||
locations."~ .*".return = "303 'https://sbruder.xyz/#history'";
|
||||
};
|
||||
in
|
||||
|
||||
{
|
||||
imports = [
|
||||
./blocks.nix
|
||||
|
@ -58,7 +54,4 @@ in
|
|||
};
|
||||
};
|
||||
};
|
||||
|
||||
services.nginx.virtualHosts."nitter.sbruder.xyz" = goneVhost;
|
||||
services.nginx.virtualHosts."libreddit.sbruder.xyz" = goneVhost;
|
||||
}
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
# SPDX-FileCopyrightText: 2023 Simon Bruder <simon@sbruder.de>
|
||||
# SPDX-FileCopyrightText: 2023-2024 Simon Bruder <simon@sbruder.de>
|
||||
#
|
||||
# SPDX-License-Identifier: AGPL-3.0-or-later
|
||||
|
||||
|
@ -9,6 +9,7 @@
|
|||
../../modules
|
||||
|
||||
./services/co2_exporter.nix
|
||||
./services/ntp.nix
|
||||
./services/router
|
||||
./services/snmp-exporter.nix
|
||||
./services/wordclock-dimmer.nix
|
||||
|
|
|
@ -0,0 +1,11 @@
|
|||
# SPDX-FileCopyrightText: 2024 Simon Bruder <simon@sbruder.de>
|
||||
#
|
||||
# SPDX-License-Identifier: AGPL-3.0-or-later
|
||||
|
||||
{
|
||||
services.ntp = {
|
||||
enable = true;
|
||||
};
|
||||
|
||||
networking.firewall.allowedUDPPorts = [ 123 ];
|
||||
}
|
|
@ -1,4 +1,4 @@
|
|||
# SPDX-FileCopyrightText: 2023 Simon Bruder <simon@sbruder.de>
|
||||
# SPDX-FileCopyrightText: 2023-2024 Simon Bruder <simon@sbruder.de>
|
||||
#
|
||||
# SPDX-License-Identifier: AGPL-3.0-or-later
|
||||
|
||||
|
@ -41,16 +41,16 @@ in
|
|||
cfg.vlan);
|
||||
dhcp-option = lib.flatten (lib.mapAttrsToList
|
||||
(name: { subnet, ... }: [
|
||||
# Gateway
|
||||
"tag:br-${name},option:router,${subnet.v4.gateway}"
|
||||
"tag:br-${name},option6:dns-server,${subnet.v6.gateway}"
|
||||
|
||||
# NTP server (runs on gateway)
|
||||
"tag:br-${name},option:ntp-server,${subnet.v4.gateway}"
|
||||
"tag:br-${name},option6:ntp-server,${subnet.v6.gateway}"
|
||||
])
|
||||
cfg.vlan);
|
||||
|
||||
nftset = [
|
||||
"/pool.ntp.org/4#inet#filter#iot_ntp4"
|
||||
"/pool.ntp.org/6#inet#filter#iot_ntp6" # does not work
|
||||
];
|
||||
|
||||
server = [
|
||||
"127.0.0.1#5053"
|
||||
];
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
# SPDX-FileCopyrightText: 2023 Simon Bruder <simon@sbruder.de>
|
||||
# SPDX-FileCopyrightText: 2023-2024 Simon Bruder <simon@sbruder.de>
|
||||
#
|
||||
# SPDX-License-Identifier: AGPL-3.0-or-later
|
||||
|
||||
|
@ -7,16 +7,6 @@ define PHYSICAL_WAN = "enp1s0"
|
|||
define NAT_WAN_IFACES = { $PHYSICAL_WAN }
|
||||
|
||||
table inet filter {
|
||||
# These two sets are dynamically managed by dnsmasq
|
||||
set iot_ntp4 {
|
||||
type ipv4_addr
|
||||
comment "IPv4 addresses of resolved NTP servers"
|
||||
}
|
||||
set iot_ntp6 {
|
||||
type ipv6_addr
|
||||
comment "IPv6 addresses of resolved NTP servers"
|
||||
}
|
||||
|
||||
chain forward {
|
||||
type filter hook forward priority filter; policy drop
|
||||
|
||||
|
@ -31,8 +21,6 @@ table inet filter {
|
|||
iifname "br-lan" oifname $VLAN_BRIDGES counter accept;
|
||||
iifname $VLAN_BRIDGES oifname "br-lan" ct state established,related counter accept
|
||||
|
||||
iifname "br-iot" ip daddr @iot_ntp4 udp dport 123 counter accept
|
||||
iifname "br-iot" ip6 daddr @iot_ntp6 udp dport 123 counter accept
|
||||
iifname $NAT_WAN_IFACES oifname "br-iot" ct state established,related counter accept
|
||||
}
|
||||
}
|
||||
|
|
Binary file not shown.
|
@ -1,7 +1,9 @@
|
|||
# SPDX-FileCopyrightText: 2024 Simon Bruder <simon@sbruder.de>
|
||||
# SPDX-FileCopyrightText: 2023-2024 Simon Bruder <simon@sbruder.de>
|
||||
#
|
||||
# SPDX-License-Identifier: AGPL-3.0-or-later
|
||||
|
||||
{ config, ... }:
|
||||
|
||||
{
|
||||
services.nginx.virtualHosts = {
|
||||
"brennende.autos" = {
|
||||
|
@ -19,9 +21,34 @@
|
|||
};
|
||||
|
||||
sbruder.static-webserver.vhosts = {
|
||||
"arbeitskampf.work".user = {
|
||||
name = "arbeitskampf";
|
||||
};
|
||||
|
||||
"maggus.bayern".user = {
|
||||
name = "maggus";
|
||||
keys = [
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAWGXaMijpnm3RSH/PIVxkBRDIi1f5nMW/aS26g3b71M nils"
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJEF8o2ezSEXwWoAcdoeJs+wsZM/u8x+vtRNU3FXOMIT nils"
|
||||
] ++ config.sbruder.pubkeys.trustedKeys;
|
||||
};
|
||||
|
||||
"psycho-power-papagei.de" = {
|
||||
user.name = "papagei";
|
||||
imprint.enable = true;
|
||||
};
|
||||
|
||||
"salespointframework.org" = {
|
||||
redirects = [
|
||||
"www.salespointframework.org"
|
||||
"salespointframe.work"
|
||||
"www.salespointframe.work"
|
||||
"verkaufspunktrahmenwerk.de"
|
||||
"www.verkaufspunktrahmenwerk.de"
|
||||
"verkaufspuntrahmenwerk.de"
|
||||
"www.verkaufspuntrahmenwerk.de"
|
||||
];
|
||||
user.name = "salespoint";
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
|
@ -7,14 +7,16 @@ let
|
|||
cfg = config.sbruder.knot;
|
||||
|
||||
primaryHost = "vueko";
|
||||
secondaryHosts = [ "okarin" ];
|
||||
secondaryHosts = [ "renge" "okarin" "yuzuru" ];
|
||||
|
||||
isPrimaryHost = config.networking.hostName == primaryHost;
|
||||
isSecondaryHost = lib.elem config.networking.hostName secondaryHosts;
|
||||
|
||||
addresses = {
|
||||
vueko = [ "168.119.176.53" "2a01:4f8:c012:2f4::1" ];
|
||||
okarin = [ "82.165.242.252" "2001:8d8:1800:8627::1" ];
|
||||
renge = [ "152.53.13.113" "2a03:4000:6b:d2::1" ];
|
||||
okarin = [ "85.215.165.213" "2a01:239:24b:1c00::1" ];
|
||||
yuzuru = [ "85.215.73.203" "2a02:247a:272:1600::1" ];
|
||||
};
|
||||
in
|
||||
{
|
||||
|
@ -65,12 +67,7 @@ in
|
|||
id = host;
|
||||
address = hostAddresses;
|
||||
})
|
||||
addresses) ++ lib.optional isPrimaryHost {
|
||||
id = "inwx";
|
||||
# INWX only allows the specification of one primary DNS,
|
||||
# which limits the IP protocol usable for zone transfers to one.
|
||||
address = lib.singleton "185.181.104.96";
|
||||
};
|
||||
addresses);
|
||||
}
|
||||
(lib.mkIf isPrimaryHost {
|
||||
policy = lib.singleton {
|
||||
|
@ -88,7 +85,7 @@ in
|
|||
zonefile-load = "difference-no-serial";
|
||||
journal-content = "all";
|
||||
# secondary
|
||||
notify = [ "inwx" ] ++ secondaryHosts;
|
||||
notify = secondaryHosts;
|
||||
# dnssec
|
||||
dnssec-signing = true;
|
||||
dnssec-policy = "default";
|
||||
|
|
|
@ -35,6 +35,7 @@
|
|||
./cups.nix
|
||||
./docker.nix
|
||||
./fancontrol.nix
|
||||
./flatpak.nix
|
||||
./fonts.nix
|
||||
./games.nix
|
||||
./grub.nix
|
||||
|
@ -67,6 +68,7 @@
|
|||
./udev.nix
|
||||
./unfree.nix
|
||||
./wireguard
|
||||
./wkd
|
||||
];
|
||||
|
||||
config = lib.mkMerge [
|
||||
|
@ -165,5 +167,15 @@
|
|||
(lib.mkIf (!config.sbruder.full) {
|
||||
documentation.enable = lib.mkDefault false;
|
||||
})
|
||||
(lib.mkIf (config.services.resolved.enable) {
|
||||
# With NixOS’s default database order for hosts,
|
||||
# resolving the FQDN with hostname -f always returns “localhost”
|
||||
# when resolved is enabled.
|
||||
# This changes the priority of the files database,
|
||||
# which fixes this.
|
||||
# This workaround was taken from
|
||||
# https://github.com/NixOS/nixpkgs/issues/132646#issuecomment-1782684381
|
||||
system.nssDatabases.hosts = lib.mkOrder 500 [ "files" ];
|
||||
})
|
||||
];
|
||||
}
|
||||
|
|
|
@ -0,0 +1,19 @@
|
|||
# SPDX-FileCopyrightText: 2024 Simon Bruder <simon@sbruder.de>
|
||||
#
|
||||
# SPDX-License-Identifier: AGPL-3.0-or-later
|
||||
#
|
||||
# Flatpak is only used for programs that are not easily installable natively.
|
||||
# They should always be confined as much as possible using Flatseal.
|
||||
#
|
||||
# To make Flatpak work with Flathub,
|
||||
# the following command must be run imperatively:
|
||||
#
|
||||
# flatpak remote-add --if-not-exists flathub https://dl.flathub.org/repo/flathub.flatpakrepo
|
||||
#
|
||||
# The full guide is available on https://flathub.org/setup/NixOS,
|
||||
# though the restart step is not necessary.
|
||||
{ config, lib, ... }:
|
||||
|
||||
lib.mkIf config.sbruder.gui.enable {
|
||||
services.flatpak.enable = true;
|
||||
}
|
|
@ -1,4 +1,4 @@
|
|||
# SPDX-FileCopyrightText: 2021-2023 Simon Bruder <simon@sbruder.de>
|
||||
# SPDX-FileCopyrightText: 2021-2024 Simon Bruder <simon@sbruder.de>
|
||||
#
|
||||
# SPDX-License-Identifier: AGPL-3.0-or-later
|
||||
|
||||
|
@ -95,6 +95,7 @@ lib.mkIf cfg.enable {
|
|||
smtpd_tls_protocols = "!SSLv2, !SSLv3, !TLSv1, !TLSv1.1";
|
||||
smtpd_tls_mandatory_ciphers = "medium";
|
||||
smtpd_tls_loglevel = "1";
|
||||
smtpd_tls_received_header = "yes"; # add TLS connection details to Received header
|
||||
|
||||
tls_medium_cipherlist = listToString [
|
||||
"ECDHE-ECDSA-AES128-GCM-SHA256"
|
||||
|
@ -140,6 +141,7 @@ lib.mkIf cfg.enable {
|
|||
# Postscreen
|
||||
smtpd = {
|
||||
type = "pass";
|
||||
args = [ "-o" "smtpd_discard_ehlo_keywords=silent-discard,dsn" ];
|
||||
};
|
||||
smtp_inet = {
|
||||
# Partially overrides upstream
|
||||
|
|
|
@ -8,7 +8,10 @@
|
|||
enable = config.sbruder.wireguard.home.enable;
|
||||
listenAddress = config.sbruder.wireguard.home.address;
|
||||
enabledCollectors = [ "systemd" ];
|
||||
disabledCollectors = [ "rapl" ];
|
||||
disabledCollectors = [
|
||||
"arp.netlink" # https://github.com/prometheus/node_exporter/issues/2849
|
||||
"rapl"
|
||||
];
|
||||
};
|
||||
|
||||
systemd.services.prometheus-node-exporter.after = [ "wireguard-wg-home.service" ];
|
||||
|
|
|
@ -60,12 +60,12 @@
|
|||
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHUEVBJcEibRdQzp0bDXpPqLGQ8vtQTKTcpGZU07W4eo";
|
||||
};
|
||||
okarin = {
|
||||
hostNames = [ "okarin" "okarin.sbruder.xyz" "okarin.vpn.sbruder.de" ];
|
||||
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOaev8K5KhRovW75IdZ0HYlzvxxo0haeCM0xCVEOuDSa";
|
||||
hostNames = [ "okarin" "okarin.sbruder.de" "okarin.vpn.sbruder.de" ];
|
||||
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJvRAiEAV0Oulii0w3xcHCb0/oHqpA0hz3bn//BQnR8T";
|
||||
};
|
||||
okarin-initrd = {
|
||||
hostNames = [ "[okarin.sbruder.de]:2222" ];
|
||||
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINJbp0kZJEXf1gSVcBsef1Bihd5iCzhzSbjgyrC1SXXT";
|
||||
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKOV+azRrT1zICmDe9D7bm3pOaFzaT+cVXCvxgY1bAbP";
|
||||
};
|
||||
shinobu = {
|
||||
hostNames = [ "shinobu" "shinobu.lan.shinonome-lab.de" "shinobu.vpn.sbruder.de" ];
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
# SPDX-FileCopyrightText: 2020-2023 Simon Bruder <simon@sbruder.de>
|
||||
# SPDX-FileCopyrightText: 2020-2024 Simon Bruder <simon@sbruder.de>
|
||||
#
|
||||
# SPDX-License-Identifier: AGPL-3.0-or-later
|
||||
|
||||
|
@ -50,7 +50,7 @@
|
|||
lm_sensors # temperature sensors
|
||||
parted # partition manager
|
||||
pciutils # lspci
|
||||
reptyr # move process to current terminal
|
||||
(reptyr.overrideAttrs (o: o // { doCheck = false; })) # move process to current terminal # tests fail on qemu-user-aarch64 (TODO 24.05: remove)
|
||||
smartmontools # hard drive monitoring
|
||||
tcpdump # package inspector
|
||||
tio # serial console
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
# SPDX-FileCopyrightText: 2021-2023 Simon Bruder <simon@sbruder.de>
|
||||
# SPDX-FileCopyrightText: 2021-2024 Simon Bruder <simon@sbruder.de>
|
||||
#
|
||||
# SPDX-License-Identifier: AGPL-3.0-or-later
|
||||
|
||||
|
@ -41,9 +41,6 @@ in
|
|||
|
||||
# games (okay if they run sandboxed)
|
||||
"osu-lazer" # also is free except for one dependency
|
||||
"steam"
|
||||
"steam-original"
|
||||
"steam-runtime"
|
||||
]
|
||||
));
|
||||
};
|
||||
|
|
|
@ -33,8 +33,8 @@ let
|
|||
publicKey = "LscDAJR0IjOzNuwX3geYgcvxyvaNhAOc/ojgvGyunT8=";
|
||||
};
|
||||
okarin = {
|
||||
address = "10.80.0.10";
|
||||
publicKey = "KjDdTOVZ9RadDrNjJ11BWsY8SNBmDbuNoKm72wh9uCk=";
|
||||
address = "10.80.0.14";
|
||||
publicKey = "QOxkngtrkuXVMZyqWeGKh2ozn3x7GJsxwrlKje7jDmA=";
|
||||
};
|
||||
shinobu = {
|
||||
address = "10.80.0.12";
|
||||
|
|
|
@ -0,0 +1,49 @@
|
|||
# SPDX-FileCopyrightText: 2024 Simon Bruder <simon@sbruder.de>
|
||||
#
|
||||
# SPDX-License-Identifier: AGPL-3.0-or-later
|
||||
|
||||
{ config, lib, ... }:
|
||||
let
|
||||
cfg = config.sbruder.wkd;
|
||||
|
||||
toFqdn = domain: "openpgpkey.${domain}";
|
||||
in
|
||||
{
|
||||
options.sbruder.wkd = {
|
||||
enable = lib.mkEnableOption "Web Key Directory";
|
||||
domain = lib.mkOption {
|
||||
type = lib.types.str;
|
||||
description = "The main domain to listen on. The actual fqdn will be openpgpkey.<domain>.";
|
||||
default = "sbruder.de";
|
||||
};
|
||||
domains = lib.mkOption {
|
||||
type = lib.types.listOf lib.types.str;
|
||||
description = "Additional domains to serve.";
|
||||
default = [ ];
|
||||
};
|
||||
};
|
||||
|
||||
config = lib.mkIf cfg.enable {
|
||||
sbruder.static-webserver.vhosts."${toFqdn cfg.domain}" = {
|
||||
redirects = map toFqdn cfg.domains;
|
||||
user.name = "wkd";
|
||||
};
|
||||
|
||||
services.nginx.virtualHosts."${toFqdn cfg.domain}" = {
|
||||
locations."^~ /.well-known/openpgpkey" =
|
||||
let
|
||||
# workaround for nginx dropping parent headers
|
||||
# see https://github.com/yandex/gixy/blob/master/docs/en/plugins/addheaderredefinition.md
|
||||
parentHeaders = lib.concatStringsSep "\n" (lib.filter
|
||||
(lib.hasPrefix "add_header ")
|
||||
(lib.splitString "\n" config.services.nginx.commonHttpConfig));
|
||||
in
|
||||
{
|
||||
extraConfig = ''
|
||||
${parentHeaders}
|
||||
add_header Access-Control-Allow-Origin * always;
|
||||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
|
@ -1,4 +1,4 @@
|
|||
# SPDX-FileCopyrightText: 2022-2023 Simon Bruder <simon@sbruder.de>
|
||||
# SPDX-FileCopyrightText: 2022-2024 Simon Bruder <simon@sbruder.de>
|
||||
#
|
||||
# SPDX-License-Identifier: AGPL-3.0-or-later
|
||||
|
||||
|
@ -19,7 +19,7 @@ buildGoModule rec {
|
|||
|
||||
vendorHash = "sha256-CMo6FBzw0/OMKEX12oNqhbF/0dRRFR6W3VRp+EU6Q68=";
|
||||
|
||||
oCheck = false; # no tests
|
||||
doCheck = false; # no tests
|
||||
|
||||
meta = with lib; {
|
||||
license = licenses.mit;
|
||||
|
|
|
@ -25,15 +25,19 @@ SPDX-License-Identifier: CC-BY-SA-4.0
|
|||
<td><a id="matrix" href="#">(requires javascript)</a></td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>GitHub</td>
|
||||
<td>Codeberg</td>
|
||||
<td><a href="https://codeberg.org/sbruder">sbruder</a></td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>(GitHub)</td>
|
||||
<td><a href="https://github.com/sbruder">sbruder</a></td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>GitLab</td>
|
||||
<td>(GitLab)</td>
|
||||
<td><a href="https://gitlab.com/sbruder">sbruder</a></td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>Gitea</td>
|
||||
<td>Forgejo</td>
|
||||
<td><a href="https://git.sbruder.de/simon">git.sbruder.de</a></td>
|
||||
</tr>
|
||||
<tr>
|
||||
|
|
|
@ -61,15 +61,6 @@ def get_color_for_time(time: datetime.time, base=(60, 60, 60)) -> (int, int, int
|
|||
)
|
||||
|
||||
|
||||
def update(client: mqtt.Client):
|
||||
time = datetime.datetime.now().time()
|
||||
color = get_color_for_time(time)
|
||||
print(f"{time}: setting color to {color}")
|
||||
sys.stdout.flush()
|
||||
set_color(client, *color)
|
||||
pass
|
||||
|
||||
|
||||
client = mqtt.Client("wordclock.py")
|
||||
|
||||
user = os.environ["WORDCLOCK_MQTT_USER"]
|
||||
|
@ -83,6 +74,15 @@ host = os.environ["WORDCLOCK_MQTT_HOST"]
|
|||
client.username_pw_set(user, password)
|
||||
client.connect(host, 1883, 60)
|
||||
|
||||
color = (0, 0, 0)
|
||||
|
||||
while True:
|
||||
update(client)
|
||||
time = datetime.datetime.now().time()
|
||||
new_color = get_color_for_time(time)
|
||||
if new_color != color:
|
||||
color = new_color
|
||||
print(f"setting color to {color}")
|
||||
sys.stdout.flush()
|
||||
set_color(client, *color)
|
||||
|
||||
sleep(300)
|
||||
|
|
|
@ -1,98 +1,41 @@
|
|||
# SPDX-FileCopyrightText: 2021-2023 Simon Bruder <simon@sbruder.de>
|
||||
# SPDX-FileCopyrightText: 2021-2024 Simon Bruder <simon@sbruder.de>
|
||||
#
|
||||
# SPDX-License-Identifier: AGPL-3.0-or-later
|
||||
|
||||
#
|
||||
# Steam is installed as a flatpak,
|
||||
# as this seems to be the only method that does not force me
|
||||
# to spend hours debugging various issues with the client.
|
||||
#
|
||||
# Installation instructions for steam:
|
||||
#
|
||||
# 1. Run flatpak install flathub com.valvesoftware.Steam
|
||||
# 2. Use Flatseal to revoke all filesystem permissions,
|
||||
# development syscalls
|
||||
# and bluetooth.
|
||||
# 3. Add GDK_SCALE=2 as an environment variable (hack for sway’s Xwayland)
|
||||
# 4. If you previously used steam-sandbox,
|
||||
# you need to copy the files to the flatpak location.
|
||||
# For this, start steam once (you can close it early),
|
||||
# so it creates the new structure.
|
||||
# Then, run the following commands:
|
||||
# rm -rf ~/.var/app/com.valvesoftware.Steam/.local/share/Steam
|
||||
# mv ~/.local/share/steam-sandbox/.local/share/Steam ~/.var/app/com.valvesoftware.Steam/.local/share/
|
||||
# You might want to copy additional files of games,
|
||||
# that do not store files inside of Steam’s directories.
|
||||
# Afterwards, you can delete ~/.local/share/steam-sandbox
|
||||
#
|
||||
# For MangoHud, the following steps are also necessary:
|
||||
# 1. Run flatpak install org.freedesktop.Platform.VulkanLayer.MangoHud
|
||||
# 2. Add xdg-config/MangoHud:ro as filesystem mount to Steam in Flatseal
|
||||
# 4. For Intel Arc systems,
|
||||
# add /run/wrappers/bin/intel_gpu_top:ro as filiesystem mount
|
||||
# and /run/wrappers/bin to the PATH environment variable in Flatseal
|
||||
# 3. Add MANGOHUD=1 as a launch options to all games where MangoHud should be
|
||||
# available
|
||||
{ lib, nixosConfig, pkgs, ... }:
|
||||
let
|
||||
cfg = nixosConfig.sbruder.games;
|
||||
inherit (nixosConfig.sbruder) unfree;
|
||||
|
||||
steam-sandbox = pkgs.writeShellScriptBin "steam-sandbox" /* bash */ ''
|
||||
set -euo pipefail
|
||||
shopt -s nullglob # make for loop work for glob if files do not exist
|
||||
base_dir="''${XDG_DATA_HOME:-$HOME/.local/share}/steam-sandbox"
|
||||
mkdir -p "$base_dir"/{.local/share,.steam,.config,.factorio,data}
|
||||
bubblewrap_args=(
|
||||
# sandboxing
|
||||
--unshare-all
|
||||
--share-net
|
||||
--die-with-parent
|
||||
--new-session
|
||||
|
||||
# basic filesystem
|
||||
--tmpfs /tmp
|
||||
--proc /proc
|
||||
--dev /dev
|
||||
--dir "$HOME"
|
||||
--dir "$XDG_RUNTIME_DIR"
|
||||
--ro-bind /nix/store /nix/store
|
||||
# path
|
||||
--ro-bind /run/current-system/sw /run/current-system/sw
|
||||
--ro-bind /etc/profiles/per-user/$USER/bin /etc/profiles/per-user/$USER/bin
|
||||
# system-wide configuration
|
||||
--ro-bind /etc/fonts /etc/fonts
|
||||
--ro-bind /etc/localtime /etc/localtime
|
||||
--ro-bind /etc/machine-id /etc/machine-id
|
||||
--ro-bind /etc/os-release /etc/os-release
|
||||
--ro-bind /etc/passwd /etc/passwd
|
||||
--ro-bind /etc/resolv.conf /etc/resolv.conf
|
||||
--ro-bind /etc/ssl/certs /etc/ssl/certs
|
||||
--ro-bind /etc/static /etc/static
|
||||
|
||||
# gui
|
||||
--ro-bind /tmp/.X11-unix /tmp/.X11-unix
|
||||
--ro-bind "$XDG_RUNTIME_DIR/$WAYLAND_DISPLAY" "$XDG_RUNTIME_DIR/$WAYLAND_DISPLAY"
|
||||
--dev-bind /dev/dri /dev/dri
|
||||
--ro-bind /run/opengl-driver /run/opengl-driver
|
||||
--ro-bind-try /run/opengl-driver-32 /run/opengl-driver-32
|
||||
|
||||
# audio
|
||||
--ro-bind "$XDG_RUNTIME_DIR/pulse" "$XDG_RUNTIME_DIR/pulse"
|
||||
--setenv PULSE_SERVER "$XDG_RUNTIME_DIR/pulse/native"
|
||||
--ro-bind "''${XDG_CONFIG_HOME:-$HOME/.config}/pulse/cookie" "''${XDG_CONFIG_HOME:-$HOME/.config}/pulse/cookie"
|
||||
--setenv PULSE_COOKIE "''${XDG_CONFIG_HOME:-$HOME/.config}/pulse/cookie/pulse/cookie"
|
||||
--ro-bind-try /etc/asound.conf /etc/asound.conf
|
||||
--ro-bind-try /etc/alsa/conf.d /etc/alsa/conf.d
|
||||
--ro-bind-try "$XDG_RUNTIME_DIR/pipewire-0" "$XDG_RUNTIME_DIR/pipewire-0"
|
||||
|
||||
# dbus
|
||||
--ro-bind /run/dbus/system_bus_socket /run/dbus/system_bus_socket
|
||||
--ro-bind "$XDG_RUNTIME_DIR/bus" "$XDG_RUNTIME_DIR/bus"
|
||||
|
||||
# shared data
|
||||
--bind "$base_dir/.local/share" "$HOME/.local/share"
|
||||
--bind "$base_dir/.steam" "$HOME/.steam"
|
||||
--bind "$base_dir/.config" "$HOME/.config"
|
||||
--bind "$base_dir/.factorio" "$HOME/.factorio"
|
||||
--bind "$base_dir/data" "$HOME/data"
|
||||
--ro-bind-try "$HOME/.config/MangoHud" "$HOME/.config/MangoHud"
|
||||
|
||||
# input
|
||||
--dev-bind /dev/input /dev/input
|
||||
--dev-bind-try /dev/uinput /dev/uinput
|
||||
--ro-bind /sys /sys # required for discovery
|
||||
)
|
||||
|
||||
for hidraw in /dev/hidraw*; do
|
||||
bubblewrap_args+=(--dev-bind $hidraw $hidraw)
|
||||
done
|
||||
|
||||
|
||||
unset SDL_VIDEODRIVER QT_QPA_PLATFORM # games generally don’t support wayland
|
||||
export PATH="${pkgs.unstable.mangohud}/bin:$PATH"
|
||||
|
||||
${pkgs.bubblewrap}/bin/bwrap \
|
||||
"''${bubblewrap_args[@]}" \
|
||||
''${SANDBOX_COMMAND:-${pkgs.unstable.steam}/bin/steam} \
|
||||
"$@"
|
||||
'';
|
||||
|
||||
steam-sandbox-with-icons = pkgs.runCommand "steam-sandbox-with-icons" { } ''
|
||||
mkdir -p $out/{bin,share}
|
||||
ln -s ${pkgs.steamPackages.steam}/share/icons $out/share
|
||||
ln -s ${pkgs.steamPackages.steam}/share/pixmaps $out/share
|
||||
ln -s ${steam-sandbox}/bin/steam-sandbox $out/bin/steam-sandbox
|
||||
'';
|
||||
in
|
||||
lib.mkIf cfg.enable {
|
||||
home.packages = with pkgs; [
|
||||
|
@ -105,9 +48,7 @@ lib.mkIf cfg.enable {
|
|||
pcsx2
|
||||
] ++ lib.optionals (cfg.performanceIndex >= 8) [
|
||||
unstable.ryujinx
|
||||
unstable.yuzu-mainline
|
||||
] ++ lib.optionals unfree.allowSoftware [
|
||||
unstable.osu-lazer-sandbox
|
||||
steam-sandbox-with-icons
|
||||
];
|
||||
}
|
||||
|
|
|
@ -73,6 +73,7 @@ lib.mkIf nixosConfig.sbruder.gui.enable {
|
|||
|
||||
# Lyrics
|
||||
lyrics_directory = "${config.services.mpd.musicDirectory}/lyrics";
|
||||
follow_now_playing_lyrics = true;
|
||||
|
||||
# Misc
|
||||
external_editor = "nvim";
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
# SPDX-FileCopyrightText: 2020-2023 Simon Bruder <simon@sbruder.de>
|
||||
# SPDX-FileCopyrightText: 2020-2024 Simon Bruder <simon@sbruder.de>
|
||||
#
|
||||
# SPDX-License-Identifier: AGPL-3.0-or-later
|
||||
|
||||
|
@ -54,7 +54,7 @@ in
|
|||
haskell-language-server
|
||||
jdt-language-server
|
||||
unstable.ltex-ls
|
||||
rnix-lsp
|
||||
nixd
|
||||
rust-analyzer
|
||||
(python3.withPackages (ps: with ps; [
|
||||
pyls-isort
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
-- SPDX-FileCopyrightText: 2018-2023 Simon Bruder <simon@sbruder.de>
|
||||
-- SPDX-FileCopyrightText: 2018-2024 Simon Bruder <simon@sbruder.de>
|
||||
--
|
||||
-- SPDX-License-Identifier: AGPL-3.0-or-later
|
||||
|
||||
|
@ -348,7 +348,7 @@ lsp.ltex.setup {
|
|||
lsp.pylsp.setup {
|
||||
on_attach = on_attach,
|
||||
}
|
||||
lsp.rnix.setup {
|
||||
lsp.nixd.setup {
|
||||
on_attach = on_attach,
|
||||
}
|
||||
lsp.rust_analyzer.setup {
|
||||
|
|
|
@ -14,4 +14,9 @@
|
|||
PASSWORD_STORE_DIR = "$HOME/.password-store";
|
||||
};
|
||||
};
|
||||
|
||||
programs.browserpass = {
|
||||
enable = true;
|
||||
browsers = [ "librewolf" ];
|
||||
};
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue