mjallen/nix-config
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

so many sops

Browse Source
This commit is contained in:
mjallen18
2025-03-17 21:34:52 -05:00
parent 7741fc575f
commit 32eadb044d
53 changed files with 801 additions and 591 deletions
Download Patch File Download Diff File Expand all files Collapse all files

282
flake.nix
View File

@@ -122,12 +122,23 @@
{
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
home-manager.users.matt = { pkgs, ...}: {
imports = [
./hosts/desktop/home.nix
steam-rom-manager.homeManagerModules.default
];
};
home-manager.users.matt =
{ ... }:
{
imports = [
./hosts/desktop/home.nix
steam-rom-manager.homeManagerModules.default
sops-nix.homeManagerModules.sops
];
};
home-manager.users.root =
{ ... }:
{
imports = [
./share/root-user
sops-nix.homeManagerModules.sops
];
};
home-manager.backupFileExtension = "backup";
}
@@ -156,7 +167,22 @@
{
home-manager.useGlobalPkgs = false;
home-manager.useUserPackages = true;
home-manager.users.admin = import ./hosts/nas/home.nix;
home-manager.users.admin =
{ ... }:
{
imports = [
./hosts/nas/home.nix
sops-nix.homeManagerModules.sops
];
};
home-manager.users.root =
{ ... }:
{
imports = [
./share/root-user
sops-nix.homeManagerModules.sops
];
};
home-manager.backupFileExtension = "backup";
}
@@ -167,10 +193,12 @@
crowdsec.nixosModules.crowdsec
crowdsec.nixosModules.crowdsec-firewall-bouncer
({ ... }:
{
nixpkgs.overlays = [ crowdsec.overlays.default ];
})
(
{ ... }:
{
nixpkgs.overlays = [ crowdsec.overlays.default ];
}
)
nixos-hardware.nixosModules.common-pc
nixos-hardware.nixosModules.common-cpu-amd
@@ -225,12 +253,14 @@
{
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
home-manager.users.deck = { pkgs, ...}: {
imports = [
./hosts/deck/home.nix
steam-rom-manager.homeManagerModules.default
];
};
home-manager.users.deck =
{ ... }:
{
imports = [
./hosts/deck/home.nix
steam-rom-manager.homeManagerModules.default
];
};
home-manager.backupFileExtension = "backup";
}
@@ -279,117 +309,125 @@
];
};
};
# Improved build-all app
apps.x86_64-linux.build-all = let
pkgs = nixpkgs-unstable.legacyPackages.x86_64-linux;
in {
type = "app";
program = toString (pkgs.writeShellScript "build-all" ''
#!/usr/bin/env bash
set -euo pipefail
# Get the list of system names directly from flake.nix
# This avoids JSON serialization issues
systems=($(grep -o '"[^"]*"[[:space:]]*=' flake.nix | grep -v '_\|#\|"\.\|\*' | sed 's/"//g' | sed 's/=//g' | xargs))
echo "Found systems: ''${systems[@]}"
echo "Building all compatible systems..."
# Track success/failure
success=()
failure=()
for system in "''${systems[@]}"; do
echo "Attempting to build $system..."
# Detect system type without JSON evaluation
if nix eval --raw ".#nixosConfigurations.$system.pkgs.stdenv.hostPlatform.system" 2>/dev/null; then
system_type=$(nix eval --raw ".#nixosConfigurations.$system.pkgs.stdenv.hostPlatform.system" 2>/dev/null || echo "unknown")
# Only build if we're on the same system type or can cross-compile
if [ "$system_type" = "x86_64-linux" ]; then
echo "Building $system (x86_64-linux)..."
if nix build ".#nixosConfigurations.$system.config.system.build.toplevel" --out-link "./result-$system" --no-link; then
echo " Successfully built $system"
apps.x86_64-linux.build-all =
let
pkgs = nixpkgs-unstable.legacyPackages.x86_64-linux;
in
{
type = "app";
program = toString (
pkgs.writeShellScript "build-all" ''
#!/usr/bin/env bash
set -euo pipefail
# Get the list of system names directly from flake.nix
# This avoids JSON serialization issues
systems=($(grep -o '"[^"]*"[[:space:]]*=' flake.nix | grep -v '_\|#\|"\.\|\*' | sed 's/"//g' | sed 's/=//g' | xargs))
echo "Found systems: ''${systems[@]}"
echo "Building all compatible systems..."
# Track success/failure
success=()
failure=()
for system in "''${systems[@]}"; do
echo "Attempting to build $system..."
# Detect system type without JSON evaluation
if nix eval --raw ".#nixosConfigurations.$system.pkgs.stdenv.hostPlatform.system" 2>/dev/null; then
system_type=$(nix eval --raw ".#nixosConfigurations.$system.pkgs.stdenv.hostPlatform.system" 2>/dev/null || echo "unknown")
# Copy to the binary cache
echo "Copying $system to binary cache..."
nix copy --to "https://cache.mjallen.dev?secret-key=/etc/nix/cache-priv-key.pem" ".#nixosConfigurations.$system.config.system.build.toplevel"
success+=("$system")
# Only build if we're on the same system type or can cross-compile
if [ "$system_type" = "x86_64-linux" ]; then
echo "Building $system (x86_64-linux)..."
if nix build ".#nixosConfigurations.$system.config.system.build.toplevel" --out-link "./result-$system" --no-link; then
echo " Successfully built $system"
# Copy to the binary cache
echo "Copying $system to binary cache..."
nix copy --to "https://cache.mjallen.dev?secret-key=/etc/nix/cache-priv-key.pem" ".#nixosConfigurations.$system.config.system.build.toplevel"
success+=("$system")
else
echo " Failed to build $system"
failure+=("$system")
fi
elif [ "$system_type" = "aarch64-linux" ] && command -v qemu-aarch64-static >/dev/null 2>&1; then
echo "Cross-building $system (aarch64-linux)..."
if nix build ".#nixosConfigurations.$system.config.system.build.toplevel" --system aarch64-linux --out-link "./result-$system" --no-link; then
echo " Successfully built $system"
nix copy --to "https://cache.mjallen.dev?secret-key=/etc/nix/cache-priv-key.pem" ".#nixosConfigurations.$system.config.system.build.toplevel"
success+=("$system")
else
echo " Failed to build $system"
failure+=("$system")
fi
else
echo " Skipping $system ($system_type) - incompatible with this host"
failure+=("$system (incompatible)")
fi
elif nix eval --raw ".#darwinConfigurations.$system.system" 2>/dev/null; then
echo "Found Darwin system $system, attempting to build packages..."
if nix build ".#darwinConfigurations.$system.system" --out-link "./result-darwin-$system" --no-link; then
echo " Successfully built $system packages"
nix copy --to "https://cache.mjallen.dev?secret-key=/etc/nix/cache-priv-key.pem" ".#darwinConfigurations.$system.system"
success+=("$system (darwin)")
else
echo " Failed to build $system packages"
failure+=("$system (darwin)")
fi
else
echo " Failed to build $system"
failure+=("$system")
echo " Skipping $system - could not determine system type"
failure+=("$system (unknown)")
fi
elif [ "$system_type" = "aarch64-linux" ] && command -v qemu-aarch64-static >/dev/null 2>&1; then
echo "Cross-building $system (aarch64-linux)..."
if nix build ".#nixosConfigurations.$system.config.system.build.toplevel" --system aarch64-linux --out-link "./result-$system" --no-link; then
echo " Successfully built $system"
nix copy --to "https://cache.mjallen.dev?secret-key=/etc/nix/cache-priv-key.pem" ".#nixosConfigurations.$system.config.system.build.toplevel"
success+=("$system")
else
echo " Failed to build $system"
failure+=("$system")
fi
else
echo " Skipping $system ($system_type) - incompatible with this host"
failure+=("$system (incompatible)")
done
# Summary
echo ""
echo "===== Build Summary ====="
echo " Successfully built: ''${success[*]:-none}"
echo " Failed to build: ''${failure[*]:-none}"
# Return error code if any builds failed
if [ ''${#failure[@]} -gt 0 ]; then
exit 1
fi
elif nix eval --raw ".#darwinConfigurations.$system.system" 2>/dev/null; then
echo "Found Darwin system $system, attempting to build packages..."
if nix build ".#darwinConfigurations.$system.system" --out-link "./result-darwin-$system" --no-link; then
echo " Successfully built $system packages"
nix copy --to "https://cache.mjallen.dev?secret-key=/etc/nix/cache-priv-key.pem" ".#darwinConfigurations.$system.system"
success+=("$system (darwin)")
else
echo " Failed to build $system packages"
failure+=("$system (darwin)")
fi
else
echo " Skipping $system - could not determine system type"
failure+=("$system (unknown)")
fi
done
# Summary
echo ""
echo "===== Build Summary ====="
echo " Successfully built: ''${success[*]:-none}"
echo " Failed to build: ''${failure[*]:-none}"
# Return error code if any builds failed
if [ ''${#failure[@]} -gt 0 ]; then
exit 1
fi
'');
};
''
);
};
# You could also provide a separate script that only lists systems
apps.x86_64-linux.list-systems = let
pkgs = nixpkgs-unstable.legacyPackages.x86_64-linux;
in {
type = "app";
program = toString (pkgs.writeShellScript "list-systems" ''
#!/usr/bin/env bash
set -euo pipefail
# Get systems from flake.nix
systems=($(grep -o '"[^"]*"[[:space:]]*=' flake.nix | grep -v '_\|#\|"\.\|\*' | sed 's/"//g' | sed 's/=//g' | xargs))
echo "Found systems in flake.nix:"
for system in "''${systems[@]}"; do
# Try to determine if it's a NixOS or Darwin system
if nix eval --raw ".#nixosConfigurations.$system.pkgs.stdenv.hostPlatform.system" 2>/dev/null; then
system_type=$(nix eval --raw ".#nixosConfigurations.$system.pkgs.stdenv.hostPlatform.system" 2>/dev/null)
echo " - $system (NixOS, $system_type)"
elif nix eval --raw ".#darwinConfigurations.$system.system" 2>/dev/null; then
echo " - $system (Darwin)"
else
echo " - $system (unknown type)"
fi
done
'');
};
apps.x86_64-linux.list-systems =
let
pkgs = nixpkgs-unstable.legacyPackages.x86_64-linux;
in
{
type = "app";
program = toString (
pkgs.writeShellScript "list-systems" ''
#!/usr/bin/env bash
set -euo pipefail
# Get systems from flake.nix
systems=($(grep -o '"[^"]*"[[:space:]]*=' flake.nix | grep -v '_\|#\|"\.\|\*' | sed 's/"//g' | sed 's/=//g' | xargs))
echo "Found systems in flake.nix:"
for system in "''${systems[@]}"; do
# Try to determine if it's a NixOS or Darwin system
if nix eval --raw ".#nixosConfigurations.$system.pkgs.stdenv.hostPlatform.system" 2>/dev/null; then
system_type=$(nix eval --raw ".#nixosConfigurations.$system.pkgs.stdenv.hostPlatform.system" 2>/dev/null)
echo " - $system (NixOS, $system_type)"
elif nix eval --raw ".#darwinConfigurations.$system.system" 2>/dev/null; then
echo " - $system (Darwin)"
else
echo " - $system (unknown type)"
fi
done
''
);
};
# Expose the package set, including overlays, for convenience.
darwinPackages = self.darwinConfigurations."MacBook-Pro".pkgs;

7
hosts/default.nix
View File

@@ -22,6 +22,7 @@ in
"nix-command"
"flakes"
];
trusted-users = [ "@wheel" ];
};
# Garbage collect automatically every week
@@ -66,10 +67,6 @@ in
pulse.enable = lib.mkDefault true;
};
# Disable pulse audio in favor of pipewire
# pulseaudio.enable = lib.mkForce false;
# Enable Avahi for .local hostname resolution
avahi = {
enable = lib.mkDefault true;
@@ -105,8 +102,6 @@ in
zsh.enable = lib.mkDefault true;
gnupg.agent = {
enable = lib.mkDefault true;
# pinentryPackage = pkgs.pinentry-curses;
# pinentryPackage = lib.mkForce pkgs.pinentry-qt;
enableSSHSupport = lib.mkDefault true;
};
};

4
hosts/desktop/boot.nix
View File

@@ -1,7 +1,7 @@
{ lib, pkgs, ... }:
{ pkgs, ... }:
let
configLimit = 5;
default = "@saved";
# default = "@saved";
kernel = pkgs.linuxPackages_cachyos;
in
{

256
hosts/desktop/configuration.nix
View File

@@ -12,100 +12,19 @@
let
user = "matt";
passwordFile = config.sops.secrets."desktop/matt_password".path;
hostname = "matt-nixos";
fixWifiScript = pkgs.writeScriptBin "fix-wifi" ''
#!/usr/bin/env python3
import subprocess
import socket
import logging
from typing import List, Optional
def check_internet_connection(hosts_to_check: Optional[List[str]] = None) -> bool:
"""
Check internet connectivity by attempting to connect to reliable hosts.
:param hosts_to_check: Optional list of hosts to check.
:return: Boolean indicating if internet connection is available
"""
if hosts_to_check is None:
hosts_to_check = [
"8.8.8.8", # Google DNS
"1.1.1.1", # Cloudflare DNS
"9.9.9.9" # Quad9 DNS
]
for host in hosts_to_check:
try:
# Create a socket connection with a 5-second timeout
socket.create_connection((host, 53), timeout=5)
return True
except (socket.error, socket.timeout):
continue
return False
def reset_wifi_card() -> bool:
"""
Execute WiFi card reset commands.
:return: Boolean indicating if reset commands were successful
"""
reset_commands = [
"echo 1 | sudo -u root tee /sys/bus/pci/devices/0000:09:00.0/reset",
"sudo rmmod iwlwifi",
"sudo modprobe iwlwifi"
]
try:
for command in reset_commands:
result = subprocess.run(
command,
shell=True,
check=True,
stdout=subprocess.PIPE,
stderr=subprocess.PIPE,
text=True
)
print(f"Executed: {command}")
print(f"Output: {result.stdout}")
return True
except subprocess.CalledProcessError as e:
print(f"Error resetting WiFi: {e}")
print(f"Error output: {e.stderr}")
return False
def main():
"""
Check internet connection and reset WiFi if not connected.
"""
if not check_internet_connection():
print("No internet connection detected. Attempting WiFi reset...")
reset_wifi_card()
else:
print("Internet connection is stable. No reset needed.")
if __name__ == "__main__":
main()
'';
in
{
imports = [
# Include the results of the hardware scan.
../../modules/apps/discover-wrapped
./hardware-configuration.nix
./boot.nix
./filesystems.nix
./hardware-configuration.nix
./networking.nix
./services.nix
./sops.nix
../default.nix
../../share/amd
# specialisations
# ./cosmic
# ./hyprland
];
apps.discover-wrapped.enable = lib.mkDefault false;
chaotic.mesa-git.enable = true;
# Enable nix flakes and nix-command tools
@@ -125,99 +44,10 @@ in
"nix-command"
"flakes"
];
trusted-users = lib.mkDefault [
"root"
user
];
trusted-users = [ user ];
};
};
services = {
# Enable Desktop Environment.
xserver = {
desktopManager.gnome.enable = true;
# Enable Desktop Environment.
displayManager = {
gdm.enable = lib.mkForce true;
gdm.wayland = lib.mkForce true;
};
};
# Enable Flatpak
flatpak.enable = lib.mkDefault false;
# enable auto discovery of printers
avahi = {
enable = lib.mkDefault true;
nssmdns4 = lib.mkDefault true;
openFirewall = lib.mkDefault true;
};
restic.backups = {
jallen-nas = {
initialize = true;
createWrapper = true;
inhibitsSleep = true;
environmentFile = config.sops.templates."restic.env".path;
passwordFile = config.sops.secrets."desktop/restic/password".path;
repository = "rest:http://admin:BogieDudie1@10.0.1.18:8008";
paths = [
"/home/matt"
];
exclude = [
"/home/matt/Games"
"/home/matt/1TB"
"/home/matt/Downloads"
"/home/matt/Nextcloud"
"/home/matt/.cache"
"/home/matt/.local/share/Steam"
"/home/matt/.var/app/com.valvesoftware.Steam"
"/home/matt/.tmp"
"/home/matt/.thumbnails"
"/home/matt/.compose-cache"
];
};
proton-drive = {
initialize = true;
createWrapper = true;
inhibitsSleep = true;
passwordFile = config.sops.secrets."desktop/restic/password".path;
rcloneConfigFile = "/home/matt/.config/rclone/rclone.conf";
repository = "rclone:proton-drive:backup-nix";
paths = [
"/home/matt"
];
exclude = [
"/home/matt/Games"
"/home/matt/1TB"
"/home/matt/Downloads"
"/home/matt/Nextcloud"
"/home/matt/.cache"
"/home/matt/.local/share/Steam"
"/home/matt/.var/app/com.valvesoftware.Steam"
"/home/matt/.tmp"
"/home/matt/.thumbnails"
"/home/matt/.compose-cache"
];
};
};
btrfs = {
autoScrub.enable = lib.mkDefault true;
autoScrub.fileSystems = lib.mkDefault [
"/nix"
"/root"
"/etc"
"/var/log"
"/home"
];
};
ratbagd.enable = lib.mkDefault true;
};
# xdg.portal.extraPortals = [ pkgs.xdg-desktop-portal-kde ];
share.hardware.amd = {
enable = lib.mkDefault true;
lact.enable = lib.mkDefault true;
@@ -225,62 +55,6 @@ in
share.gaming.enable = true;
systemd = {
services = {
fix-wifi = {
enable = lib.mkDefault true;
path = [
pkgs.bash
pkgs.python3
pkgs.networkmanager
pkgs.kmod
fixWifiScript
];
wantedBy = [ "multi-user.target" ];
after = [ "network.target" ];
serviceConfig = {
Type = "oneshot";
ExecStart = [ "${fixWifiScript}/bin/fix-wifi" ];
};
};
};
user.services = {
rclone-home-proton = {
enable = lib.mkDefault false;
path = [
pkgs.bash
pkgs.rclone
];
script = ''
rclone sync /home/matt proton-drive:backup-nix --exclude '/home/matt/Games/**' --exclude '/home/matt/1TB/**' --exclude '/home/matt/Downloads/**'
'';
};
rsync-home = {
enable = lib.mkDefault false;
path = [
pkgs.bash
pkgs.rsync
pkgs.openssh
];
script = ''
rsync -rtpogvPlHzs --ignore-existing --exclude={'/home/matt/Games', '/home/matt/1TB', '/home/matt/Downloads/*', '/home/matt/.cache'} -e ssh /home/matt admin@10.0.1.18:/media/nas/main/backup/desktop-nix/home
'';
};
};
};
# Networking configs
networking = {
hostName = hostname;
# Enable Network Manager
networkmanager.enable = lib.mkDefault true;
networkmanager.wifi.powersave = lib.mkDefault false;
networkmanager.settings.connectivity.uri = lib.mkDefault "http://nmcheck.gnome.org/check_network_status.txt";
};
# Time config
time = {
hardwareClockInLocalTime = lib.mkDefault false;
@@ -289,11 +63,9 @@ in
virtualisation.libvirtd.enable = lib.mkDefault true;
virtualisation.waydroid.enable = lib.mkDefault true;
programs.gamemode.enable = lib.mkDefault true;
programs.coolercontrol = {
enable = true;
programs = {
gamemode.enable = true;
coolercontrol.enable = true;
};
# Configure environment
@@ -311,7 +83,6 @@ in
clinfo
direnv
efibootmgr
fixWifiScript
gparted
grsync
kmod
@@ -341,11 +112,9 @@ in
vulkan-tools
wget
winetricks
# native wayland support (unstable)
wineWowPackages.waylandFull
];
etc."lact/config.yaml".text = ''
etc."lact/config.yaml".text = ''
daemon:
log_level: info
admin_groups:
@@ -375,17 +144,22 @@ in
performance_level: auto
voltage_offset: 0
power_states: {}
'';
'';
variables = {
STEAM_FORCE_DESKTOPUI_SCALING = "1.0";
GDK_SCALE = "1";
EDITOR = "code --wait";
VISUAL = "code --wait";
};
};
# Configure nixpkgs
nixpkgs = {
overlays = [ outputs.overlays.nixpkgs-unstable outputs.overlays.nixpkgs-stable ];
overlays = [
outputs.overlays.nixpkgs-unstable
outputs.overlays.nixpkgs-stable
];
config.permittedInsecurePackages = [
# ...
];

89
hosts/desktop/home.nix
View File

@@ -26,12 +26,29 @@ in
home.username = "matt";
home.homeDirectory = "/home/matt";
home.stateVersion = "23.11";
programs.home-manager.enable = true;
sops = {
age.keyFile = "/home/matt/.config/sops/age/keys.txt";
defaultSopsFile = "/etc/nixos/secrets/secrets.yaml";
validateSopsFiles = false;
secrets = {
"ssh-keys-public/desktop-nixos" = {
path = "/home/matt/.ssh/id_ed25519.pub";
mode = "0644";
};
"ssh-keys-private/desktop-nixos" = {
path = "/home/matt/.ssh/id_ed25519";
mode = "0600";
};
};
};
programs = {
fish.enable = false;
mangohud.enable = true;
java.enable = true;
command-not-found.enable = true;
home-manager.enable = true;
zsh = {
enable = true;
@@ -56,6 +73,7 @@ in
"privacy.clearOnShutdown.downloads" = false; # Disable clearing downloads on shutdown
"privacy.clearOnShutdown.cache" = false; # Disable clearing cache on shutdown
"privacy.clearOnShutdown.cookiesAndStorage" = false; # Disable clearing cookies and storage on shutdown
"privacy.clearOnShutdown.cookies" = false; # Disable clearing cookies on shutdown
"privacy.clearOnShutdown_v2.cache" = false; # Disable clearing cache on shutdown
"privacy.clearOnShutdown_v2.cookiesAndStorage" = false; # Disable clearing cookies and storage on shutdown
"privacy.clearOnShutdown.formdata" = false; # Disable clearing form data on shutdown
@@ -63,6 +81,7 @@ in
"privacy.clearHistory.cache" = false; # Disable clearing cache on history clear
"privacy.clearHistory.cookiesAndStorage" = false; # Disable clearing cookies on history clear
"privacy.clearHistory.historyFormDataAndDownloads" = false; # Disable clearing history, form data, and downloads on history clear
"privacy.clearHistory.browsingHistoryAndDownloads" = false; # Disable clearing browsing history and downloads on history clear
"privacy.clearSiteData.cache" = false; # Disable clearing cache on site data clear
"privacy.clearSiteData.cookiesAndStorage" = false; # Disable clearing cookies on site data clear
"services.sync.prefs.sync.privacy.clearOnShutdown.cache" = true; # Enable syncing cache clear on shutdown
@@ -78,44 +97,44 @@ in
"services.sync.prefs.sync.privacy.clearOnShutdown_v2.downloads" = true; # Enable syncing downloads clear on shutdown
"services.sync.prefs.sync.privacy.clearOnShutdown_v2.historyFormDataAndDownloads" = true; # Enable syncing form data clear on shutdown
"services.sync.prefs.sync.privacy.clearOnShutdown_v2.siteSettings" = true; # Enable syncing site settings clear on shutdown
"browser.newtabpage.activity-stream.feeds.topsites" = true; # Enable top sites on new tab page
"browser.newtabpage.activity-stream.topSitesRows" = 3; # Set number of rows for top sites on new tab page
};
};
git = {
enable = true;
userName = "mjallen18";
userEmail = "matt.l.jallen@gmail.com";
aliases = gitAliases;
};
steam-rom-manager = {
enable = true;
steamUsername = "matt";
environmentVariables = {
romsDirectory = "/home/matt/Games/roms";
steamDirectory = "/home/matt/.local/share/Steam";
};
emulators = {
ryujinx = {
enable = true;
};
pcsx2 = {
enable = true;
};
"Non-SRM Shortcuts" = {
enable = true;
parserType = "Non-SRM Shortcuts";
extraArgs = "";
};
# Add other emulators as needed
};
};
};
programs.git = {
enable = true;
userName = "mjallen18";
userEmail = "matt.l.jallen@gmail.com";
aliases = gitAliases;
};
programs.steam-rom-manager = {
enable = true;
steamUsername = "matt";
environmentVariables = {
romsDirectory = "/home/matt/Games/roms";
steamDirectory = "/home/matt/.local/share/Steam";
};
emulators = {
ryujinx = {
enable = true;
};
pcsx2 = {
enable = true;
};
"Non-SRM Shortcuts" = {
enable = true;
parserType = "Non-SRM Shortcuts";
extraArgs = "";
};
# Add other emulators as needed
};
};
programs.command-not-found.enable = true;
home.packages = with pkgs; [
age
apple-cursor

15
hosts/desktop/networking.nix Normal file
View File

@@ -0,0 +1,15 @@
{ lib, ... }:
let
hostname = "matt-nixos";
in
{
# Networking configs
networking = {
hostName = hostname;
# Enable Network Manager
networkmanager.enable = lib.mkDefault true;
networkmanager.wifi.powersave = lib.mkDefault false;
networkmanager.settings.connectivity.uri = lib.mkDefault "http://nmcheck.gnome.org/check_network_status.txt";
};
}

209
hosts/desktop/services.nix Normal file
View File

@@ -0,0 +1,209 @@
{ config, lib, pkgs, ... }:
let
fixWifiScript = pkgs.writeScriptBin "fix-wifi" ''
#!/usr/bin/env python3
import subprocess
import socket
import logging
from typing import List, Optional
def check_internet_connection(hosts_to_check: Optional[List[str]] = None) -> bool:
"""
Check internet connectivity by attempting to connect to reliable hosts.
:param hosts_to_check: Optional list of hosts to check.
:return: Boolean indicating if internet connection is available
"""
if hosts_to_check is None:
hosts_to_check = [
"8.8.8.8", # Google DNS
"1.1.1.1", # Cloudflare DNS
"9.9.9.9" # Quad9 DNS
]
for host in hosts_to_check:
try:
# Create a socket connection with a 5-second timeout
socket.create_connection((host, 53), timeout=5)
return True
except (socket.error, socket.timeout):
continue
return False
def reset_wifi_card() -> bool:
"""
Execute WiFi card reset commands.
:return: Boolean indicating if reset commands were successful
"""
reset_commands = [
"echo 1 | sudo -u root tee /sys/bus/pci/devices/0000:09:00.0/reset",
"sudo rmmod iwlwifi",
"sudo modprobe iwlwifi"
]
try:
for command in reset_commands:
result = subprocess.run(
command,
shell=True,
check=True,
stdout=subprocess.PIPE,
stderr=subprocess.PIPE,
text=True
)
print(f"Executed: {command}")
print(f"Output: {result.stdout}")
return True
except subprocess.CalledProcessError as e:
print(f"Error resetting WiFi: {e}")
print(f"Error output: {e.stderr}")
return False
def main():
"""
Check internet connection and reset WiFi if not connected.
"""
if not check_internet_connection():
print("No internet connection detected. Attempting WiFi reset...")
reset_wifi_card()
else:
print("Internet connection is stable. No reset needed.")
if __name__ == "__main__":
main()
'';
in
{
services = {
# Enable Desktop Environment.
xserver = {
desktopManager.gnome.enable = true;
# Enable Desktop Environment.
displayManager = {
gdm.enable = lib.mkForce true;
gdm.wayland = lib.mkForce true;
};
};
# Enable Flatpak
flatpak.enable = lib.mkDefault false;
# enable auto discovery of printers
avahi = {
enable = lib.mkDefault true;
nssmdns4 = lib.mkDefault true;
openFirewall = lib.mkDefault true;
};
restic.backups = {
jallen-nas = {
initialize = true;
createWrapper = true;
inhibitsSleep = true;
environmentFile = config.sops.templates."restic.env".path;
passwordFile = config.sops.secrets."desktop/restic/password".path;
repository = "rest:http://admin:BogieDudie1@10.0.1.18:8008";
paths = [
"/home/matt"
];
exclude = [
"/home/matt/Games"
"/home/matt/1TB"
"/home/matt/Downloads"
"/home/matt/Nextcloud"
"/home/matt/.cache"
"/home/matt/.local/share/Steam"
"/home/matt/.var/app/com.valvesoftware.Steam"
"/home/matt/.tmp"
"/home/matt/.thumbnails"
"/home/matt/.compose-cache"
];
};
proton-drive = {
initialize = true;
createWrapper = true;
inhibitsSleep = true;
passwordFile = config.sops.secrets."desktop/restic/password".path;
rcloneConfigFile = "/home/matt/.config/rclone/rclone.conf";
repository = "rclone:proton-drive:backup-nix";
paths = [
"/home/matt"
];
exclude = [
"/home/matt/Games"
"/home/matt/1TB"
"/home/matt/Downloads"
"/home/matt/Nextcloud"
"/home/matt/.cache"
"/home/matt/.local/share/Steam"
"/home/matt/.var/app/com.valvesoftware.Steam"
"/home/matt/.tmp"
"/home/matt/.thumbnails"
"/home/matt/.compose-cache"
];
};
};
btrfs = {
autoScrub.enable = lib.mkDefault true;
autoScrub.fileSystems = lib.mkDefault [
"/nix"
"/root"
"/etc"
"/var/log"
"/home"
];
};
ratbagd.enable = lib.mkDefault true;
};
systemd = {
services = {
fix-wifi = {
enable = lib.mkDefault true;
path = [
pkgs.bash
pkgs.python3
pkgs.networkmanager
pkgs.kmod
fixWifiScript
];
wantedBy = [ "multi-user.target" ];
after = [ "network.target" ];
serviceConfig = {
Type = "oneshot";
ExecStart = [ "${fixWifiScript}/bin/fix-wifi" ];
};
};
};
user.services = {
rclone-home-proton = {
enable = lib.mkDefault false;
path = [
pkgs.bash
pkgs.rclone
];
script = ''
rclone sync /home/matt proton-drive:backup-nix --exclude '/home/matt/Games/**' --exclude '/home/matt/1TB/**' --exclude '/home/matt/Downloads/**'
'';
};
rsync-home = {
enable = lib.mkDefault false;
path = [
pkgs.bash
pkgs.rsync
pkgs.openssh
];
script = ''
rsync -rtpogvPlHzs --ignore-existing --exclude={'/home/matt/Games', '/home/matt/1TB', '/home/matt/Downloads/*', '/home/matt/.cache'} -e ssh /home/matt admin@10.0.1.18:/media/nas/main/backup/desktop-nix/home
'';
};
};
};
}

53
hosts/desktop/sops.nix
View File

@@ -17,4 +17,57 @@
'';
sops.secrets."wifi" = { };
sops.secrets."ssh-keys-public/desktop-nixos" = {
mode = "0644";
};
sops.secrets."ssh-keys-private/desktop-nixos" = {
mode = "0600";
};
sops.secrets."ssh-keys-public/desktop-nixos-root" = {
path = "/root/.ssh/id_ed25519.pub";
mode = "0600";
};
sops.secrets."ssh-keys-private/desktop-nixos-root" = {
path = "/root/.ssh/id_ed25519";
mode = "0600";
};
sops.secrets."secureboot/GUID" = {
path = "/etc/secureboot/GUID";
mode = "0600";
};
sops.secrets."secureboot/keys/db-key" = {
path = "/etc/secureboot/keys/db/db.key";
mode = "0600";
};
sops.secrets."secureboot/keys/db-pem" = {
path = "/etc/secureboot/keys/db/db.pem";
mode = "0600";
};
sops.secrets."secureboot/keys/KEK-key" = {
path = "/etc/secureboot/keys/KEK/KEK.key";
mode = "0600";
};
sops.secrets."secureboot/keys/KEK-pem" = {
path = "/etc/secureboot/keys/KEK/KEK.pem";
mode = "0600";
};
sops.secrets."secureboot/keys/PK-key" = {
path = "/etc/secureboot/keys/PK/PK.key";
mode = "0600";
};
sops.secrets."secureboot/keys/PK-pem" = {
path = "/etc/secureboot/keys/PK/PK.pem";
mode = "0600";
};
}

2
hosts/nas/apps/nextcloud/default.nix
View File

@@ -1,7 +1,7 @@
{ config, pkgs, ... }:
let
adminpass = config.sops.secrets."jallen-nas/nextcloud/adminpassword".path;
smtppassword = config.sops.templates."nextcloud-smtp".content;
smtppassword = builtins.readFile config.sops.secrets."jallen-nas/nextcloud/smtppassword".path;
nextcloudUserId = config.users.users.nix-apps.uid;
nextcloudGroupId = config.users.groups.jallen-nas.gid;
nextcloudPackage = pkgs.unstable.nextcloud30;

163
hosts/nas/configuration.nix
View File

@@ -3,15 +3,9 @@
# https://search.nixos.org/options and in the NixOS manual (`nixos-help`).
{
outputs,
config,
pkgs,
...
}:
let
user = "admin";
passwordFile = config.sops.secrets."jallen-nas/admin_password".path;
in
{
imports = [
# Include the results of the hardware scan.
@@ -21,45 +15,15 @@ in
./apps.nix
./grafana.nix
./networking.nix
./nixpkgs.nix
./ups.nix
./users.nix
./samba.nix
./services.nix
./sops.nix
../default.nix
];
nix.settings.experimental-features = [
"nix-command"
"flakes"
];
# enable cuda support
nixpkgs.config.cudaSupport = true;
nixpkgs.config.allowUnfreePredicate =
p:
builtins.all (
license:
license.free
|| builtins.elem license.shortName [
"CUDA EULA"
"cuDNN EULA"
"cuTENSOR EULA"
"NVidia OptiX EULA"
]
) (if builtins.isList p.meta.license then p.meta.license else [ p.meta.license ]);
# Cockpit
services.cockpit = {
enable = false;
port = 9090;
settings = {
WebService = {
AllowUnencrypted = true;
};
};
};
nix.settings.trusted-users = [ "@wheel" ];
powerManagement.cpuFreqGovernor = "powersave";
share.hardware.nvidia = {
@@ -86,14 +50,9 @@ in
hdd5 UUID=2b4be219-613d-4512-8277-0260989d5377 none tpm2-device=auto
'';
etc.machine-id.source = ./machine-id;
# List packages installed in system profile. To search, run:
# $ nix search wget
sessionVariables = {
CACHIX_AGENT_TOKEN = "eyJhbGciOiJIUzI1NiJ9.eyJqdGkiOiJkYmNkZWNjYi04ZTI4LTQwOTAtYWIxOC02MTU5OTYwZTgxMTAiLCJzY29wZXMiOiJjYWNoZSJ9.G-9wCfKc3d8ld_zDJNjTxNWlkS3_yojI-6gaRpUT-i0";
};
etc.machine-id.text = ''
57cdf5fc27f3469f80d0a339f1238aeb
'';
systemPackages = with pkgs; [
authentik
@@ -158,115 +117,6 @@ in
};
};
# Configure nixpkgs
nixpkgs = {
overlays = [
outputs.overlays.nixpkgs-unstable
outputs.overlays.nixpkgs-stable
];
config = {
# Enable non free
allowUnfree = true;
permittedInsecurePackages = [
# ...
"authentik-2024.6.4" # todo: remove these
"python3.12-authentik-django-2024.6.4"
"authentik-webui-2024.6.4"
"authentik-client-api-2024.6.4"
"authentik-website-2024.6.4"
"authentik-proxy-2024.6.4"
"aspnetcore-runtime-6.0.36"
"aspnetcore-runtime-wrapped-6.0.36"
"dotnet-sdk-6.0.428"
"dotnet-sdk-wrapped-6.0.428"
];
};
};
# Define a user account. Don't forget to set a password with passwd.
users = {
# See https://search.nixos.org/options?channel=unstable&show=users.mutableUsers&from=0&size=50&sort=relevance&type=packages&query=users.users
mutableUsers = false;
groups.jallen-nas.gid = 1000; # create nas group cause truenas perms
# Admin account
users."${user}" = {
isNormalUser = true;
linger = true;
extraGroups = [
"wheel"
"networkmanager"
"docker"
"podman"
"libvirtd"
"nix-apps"
"jallen-nas"
"media"
"nscd"
]; # Enable sudo for the user.
hashedPasswordFile = passwordFile;
shell = pkgs.zsh;
openssh.authorizedKeys.keys = [
# macBook
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCw9zq8DLGByI5v2gAn95hKNyOsm3g61a2buxu2BBMFysQJgmZPCCLUqRJKhSM5Vm/JOgsAmdpRBRZQoHD+6S844CJHb4v4VIbjkyQgYCuM7Rst2IOZ5QybvsA2/D0nwytZ+HXQqDj2AagUYDbz0gyyIHkDQ5YGBMkvkWz/h1Vci6aoBM7VihEDM4KlWoTVuPeASGM8r5IZ2FS83Djbqo4ov6AYvLMrKB9Z7hmFgH6R3LE0gxOkzbGVXtSuvJyrjvgytoT22UhATjjxSQ9D+YJXXkQoB3lUdg8OoIquUPjMZpl4mR8ffvseWPfcvD1XlD5t+TOHFqKpESO547tlOBYhdpew+NSgAXpamCU6oyV8tDCywLQu2ucxHRn78u6WXzWHkDtffdhzmk6TZaPhWqVHuTGjR4higBgGqUfSaKOMszt+FDRZAr3HtuQ2+zJ8bowK9fW5OqilTtK2HtQqroD9ApegDNbqOz6kGy5IycSXvqPURy/M4lxZxbtBPuemcJs= mattjallen@MacBook-Pro.local"
# desktop windows
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDZ2PYPjZddOzR8OJj16G88KcUhCDLkvrEmpUQP0wKHDUuA27HQQ2ORo66asadwGHY3k1VDZ1ei9l9H++SIIeKOaaUr5yZdktvj4POUNtbd9ZhcS7sZU7BSF+NMDM+h3tImh6z0S7mWvRQOUv3ZM+ZER+5xTWJVG1OOJEpb1drxJk6Qz0wbZKSR7TPNFBLLXlVy7hkNYf07RtDyhCCxNB3hJfa8c+oztnWumwDhDQWLqiUXWIU2QH6iRLGl/WYnujtNvVVaV/Hn3JJkS6MM9dnV3cpoIO0+J7+WfsN9rZ0wXt5yY3GhiGXwmcO5eYVli8lHlLWtK7aYSETyry6CBsLbojzOQO5rSqhpwfF2njAAFAQU0UjLc8PahisIuFKCwHH4iyXXOagiv5K1Mc/0Ak+WhhMPee6vV2p7NTyNpXRvouDbWy5cSRH31WgQ9fK5mIGe5v8nGGqtEhUubUkiOgP+H3UbT2V/nTv/TFKdJcKw+WmizvTrxBmaMjWALlkYl+s= mattl@Jallen-PC"
# desktop nixos
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPTBMydhOc6SnOdB5WrEd7X07DrboAtagCUgXiOJjLov matt@matt-nixos"
];
packages = with pkgs; [
cachix
fastfetch
git
parted
aspell
aspellDicts.en
aspellDicts.en-computers
aspellDicts.en-science
aha
papirus-icon-theme
firefox
swtpm
tigervnc
];
};
# Nix app account
users.nix-apps = {
isSystemUser = true;
uid = 911;
group = "jallen-nas";
extraGroups = [
"jallen-nas"
"docker"
"podman"
]; # Enable sudo for the user.
hashedPasswordFile = passwordFile;
};
groups.nut.name = "nut";
users.upsuser = {
group = "nut";
isNormalUser = false;
isSystemUser = true;
createHome = true;
home = "/var/lib/nut";
homeMode = "750";
hashedPasswordFile = passwordFile;
};
users.nextcloud = {
isNormalUser = true;
extraGroups = [
"jallen-nas"
"nix-apps"
];
hashedPasswordFile = passwordFile;
};
};
hardware.fancontrol = {
enable = false;
config = ''
@@ -306,8 +156,5 @@ in
};
libvirtd.enable = true;
# tpm.enable = true;
# useSecureBoot = true;
};
}

66
hosts/nas/home.nix
View File

@@ -1,12 +1,48 @@
{ ... }:
{
let
shellAliases = {
ll = "ls -alh";
update-boot = "sudo nixos-rebuild boot --max-jobs 10";
update-switch = "sudo nixos-rebuild switch --max-jobs 10";
update-flake = "nix flake update ~/nix-config";
ducks = "du -cksh * | sort -hr | head -n 15";
};
gitAliases = {
co = "checkout";
ci = "commit";
cia = "commit --amend";
s = "status";
st = "status";
b = "branch";
p = "pull --rebase";
pu = "push";
};
in
{
home.username = "admin";
home.homeDirectory = "/home/admin";
home.stateVersion = "23.11";
programs.home-manager.enable = true;
sops = {
age.keyFile = "/home/admin/.config/sops/age/keys.txt";
defaultSopsFile = "/etc/nixos/secrets/secrets.yaml";
validateSopsFiles = false;
secrets = {
"ssh-keys-public/desktop-nixos" = {
path = "/home/admin/.ssh/id_ed25519.pub";
mode = "0644";
};
"ssh-keys-private/desktop-nixos" = {
path = "/home/admin/.ssh/id_ed25519";
mode = "0600";
};
};
};
programs = {
home-manager.enable = true;
command-not-found.enable = true;
fish.enable = false;
mangohud.enable = true;
java.enable = true;
@@ -19,10 +55,7 @@
autosuggestion.enable = true;
syntaxHighlighting.enable = true;
shellAliases = {
update = "sudo nixos-rebuild switch";
ducks = "du -cksh * | sort -hr | head -n 15";
};
shellAliases = shellAliases;
oh-my-zsh = {
enable = true;
@@ -30,23 +63,12 @@
theme = "fishy";
};
};
};
programs.git = {
enable = true;
userName = "mjallen18";
userEmail = "matt.l.jallen@gmail.com";
aliases = {
co = "checkout";
ci = "commit";
cia = "commit --amend";
s = "status";
st = "status";
b = "branch";
p = "pull --rebase";
pu = "push";
git = {
enable = true;
userName = "mjallen18";
userEmail = "matt.l.jallen@gmail.com";
aliases = gitAliases;
};
};
programs.command-not-found.enable = true;
}

1
hosts/nas/machine-id
View File

@@ -1 +0,0 @@
57cdf5fc27f3469f80d0a339f1238aeb

43
hosts/nas/nixpkgs.nix Normal file
View File

@@ -0,0 +1,43 @@
{ outputs, ... }:
{
# Configure nixpkgs
nixpkgs = {
overlays = [
outputs.overlays.nixpkgs-unstable
outputs.overlays.nixpkgs-stable
];
config = {
# Enable non free
allowUnfree = true;
# enable cuda support
cudaSupport = true;
allowUnfreePredicate = p:
builtins.all (
license:
license.free
|| builtins.elem license.shortName [
"CUDA EULA"
"cuDNN EULA"
"cuTENSOR EULA"
"NVidia OptiX EULA"
]
) (if builtins.isList p.meta.license then p.meta.license else [ p.meta.license ]);
permittedInsecurePackages = [
# ...
"authentik-2024.6.4" # todo: remove these
"python3.12-authentik-django-2024.6.4"
"authentik-webui-2024.6.4"
"authentik-client-api-2024.6.4"
"authentik-website-2024.6.4"
"authentik-proxy-2024.6.4"
"aspnetcore-runtime-6.0.36"
"aspnetcore-runtime-wrapped-6.0.36"
"dotnet-sdk-6.0.428"
"dotnet-sdk-wrapped-6.0.428"
];
};
};
}

10
hosts/nas/services.nix
View File

@@ -130,6 +130,16 @@ in
'';
};
};
cockpit = {
enable = false;
port = 9090;
settings = {
WebService = {
AllowUnencrypted = true;
};
};
};
tailscale = {
enable = true;

20
hosts/nas/sops.nix
View File

@@ -92,6 +92,26 @@
${config.sops.secrets."jallen-nas/paperless/authentik-client-secret".path}
'';
sops.secrets."ssh-keys-public/desktop-nixos" = {
mode = "0644";
};
sops.secrets."ssh-keys-public/desktop-windows" = {
mode = "0644";
};
sops.secrets."ssh-keys-public/macbook-macos" = {
mode = "0644";
};
sops.secrets."ssh-keys-public/jallen-nas-root" = {
path = "/root/.ssh/id_ed25519.pub";
mode = "0600";
};
sops.secrets."ssh-keys-private/jallen-nas-root" = {
path = "/root/.ssh/id_ed25519";
mode = "0600";
};
# Permission modes are in octal representation (same as chmod),
# the digits represent: user|group|others
# 7 - full (rwx)

93
hosts/nas/users.nix Normal file
View File

@@ -0,0 +1,93 @@
{ pkgs, config, ... }:
let
user = "admin";
passwordFile = config.sops.secrets."jallen-nas/admin_password".path;
authorizedKeyFiles = [
config.sops.secrets."ssh-keys-public/desktop-nixos".path
config.sops.secrets."ssh-keys-public/desktop-nixos-root".path
config.sops.secrets."ssh-keys-public/desktop-windows".path
config.sops.secrets."ssh-keys-public/macbook-macos".path
];
in
{
# Define a user account. Don't forget to set a password with passwd.
users = {
# See https://search.nixos.org/options?channel=unstable&show=users.mutableUsers&from=0&size=50&sort=relevance&type=packages&query=users.users
mutableUsers = false;
groups.jallen-nas.gid = 1000; # create nas group cause truenas perms
# Admin account
users."${user}" = {
isNormalUser = true;
linger = true;
extraGroups = [
"wheel"
"networkmanager"
"docker"
"podman"
"libvirtd"
"nix-apps"
"jallen-nas"
"media"
"nscd"
"grafana"
"traefik"
"avahi"
"62900"
"1001"
];
hashedPasswordFile = passwordFile;
shell = pkgs.zsh;
openssh.authorizedKeys.keyFiles = authorizedKeyFiles;
packages = with pkgs; [
cachix
fastfetch
git
parted
aspell
aspellDicts.en
aspellDicts.en-computers
aspellDicts.en-science
aha
papirus-icon-theme
firefox
swtpm
tigervnc
];
};
# Nix app account
users.nix-apps = {
isSystemUser = true;
uid = 911;
group = "jallen-nas";
extraGroups = [
"jallen-nas"
"docker"
"podman"
];
hashedPasswordFile = passwordFile;
};
groups.nut.name = "nut";
users.upsuser = {
group = "nut";
isNormalUser = false;
isSystemUser = true;
createHome = true;
home = "/var/lib/nut";
homeMode = "750";
hashedPasswordFile = passwordFile;
};
users.nextcloud = {
isNormalUser = true;
extraGroups = [
"jallen-nas"
"nix-apps"
];
hashedPasswordFile = passwordFile;
};
};
}

0
hosts/desktop/cosmic/default.nix → modules/desktop-environments/cosmic/default.nix
View File

0
hosts/desktop/hyprland/config.nix → modules/desktop-environments/hyprland/config.nix
View File

0
hosts/desktop/hyprland/config/btop/default.nix → modules/desktop-environments/hyprland/config/btop/default.nix
View File

0
hosts/desktop/hyprland/config/btop/themes/catppuccin_macchiato.theme → modules/desktop-environments/hyprland/config/btop/themes/catppuccin_macchiato.theme
View File

0
hosts/desktop/hyprland/config/btop/themes/nord.theme → modules/desktop-environments/hyprland/config/btop/themes/nord.theme
View File

0
hosts/desktop/hyprland/config/hypr/default.nix → modules/desktop-environments/hyprland/config/hypr/default.nix
View File

0
hosts/desktop/hyprland/config/kitty/default.nix → modules/desktop-environments/hyprland/config/kitty/default.nix
View File

0
hosts/desktop/hyprland/config/kitty/macchiato.conf → modules/desktop-environments/hyprland/config/kitty/macchiato.conf
View File

0
hosts/desktop/hyprland/config/kitty/nord.conf → modules/desktop-environments/hyprland/config/kitty/nord.conf
View File

0
hosts/desktop/hyprland/config/mako/default.nix → modules/desktop-environments/hyprland/config/mako/default.nix
View File

0
hosts/desktop/hyprland/config/nwg-drawer/drawer.css → modules/desktop-environments/hyprland/config/nwg-drawer/drawer.css
View File

0
hosts/desktop/hyprland/config/nwg-panel/excluded-dirs → modules/desktop-environments/hyprland/config/nwg-panel/excluded-dirs
View File

0
hosts/desktop/hyprland/config/nwg-panel/preferred-apps.json → modules/desktop-environments/hyprland/config/nwg-panel/preferred-apps.json
View File

0
hosts/desktop/hyprland/config/wallpapers/wall.png → modules/desktop-environments/hyprland/config/wallpapers/wall.png
View File

Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 239 KiB

After

Width:  |  Height:  |  Size: 239 KiB

0
hosts/desktop/hyprland/config/waybar/default.nix → modules/desktop-environments/hyprland/config/waybar/default.nix
View File

0
hosts/desktop/hyprland/config/waybar/macchiato.css → modules/desktop-environments/hyprland/config/waybar/macchiato.css
View File

0
hosts/desktop/hyprland/config/waybar/nord.css → modules/desktop-environments/hyprland/config/waybar/nord.css
View File

0
hosts/desktop/hyprland/config/waybar/scripts/hass.nix → modules/desktop-environments/hyprland/config/waybar/scripts/hass.nix
View File

0
hosts/desktop/hyprland/config/waybar/scripts/hass.py → modules/desktop-environments/hyprland/config/waybar/scripts/hass.py
View File

0
hosts/desktop/hyprland/config/waybar/scripts/waybar-updates.py → modules/desktop-environments/hyprland/config/waybar/scripts/waybar-updates.py
View File

0
hosts/desktop/hyprland/config/waybar/scripts/waybar-wttr.py → modules/desktop-environments/hyprland/config/waybar/scripts/waybar-wttr.py
View File

0
hosts/desktop/hyprland/config/waybar/waybar.css → modules/desktop-environments/hyprland/config/waybar/waybar.css
View File

0
hosts/desktop/hyprland/config/wlogout/icons/hibernate.png → modules/desktop-environments/hyprland/config/wlogout/icons/hibernate.png
View File

Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 10 KiB

After

Width:  |  Height:  |  Size: 10 KiB

0
hosts/desktop/hyprland/config/wlogout/icons/lock.png → modules/desktop-environments/hyprland/config/wlogout/icons/lock.png
View File

Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 4.6 KiB

After

Width:  |  Height:  |  Size: 4.6 KiB

0
hosts/desktop/hyprland/config/wlogout/icons/logout.png → modules/desktop-environments/hyprland/config/wlogout/icons/logout.png
View File

Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 7.6 KiB

After

Width:  |  Height:  |  Size: 7.6 KiB

0
hosts/desktop/hyprland/config/wlogout/icons/reboot.png → modules/desktop-environments/hyprland/config/wlogout/icons/reboot.png
View File

Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 8.4 KiB

After

Width:  |  Height:  |  Size: 8.4 KiB

0
hosts/desktop/hyprland/config/wlogout/icons/shutdown.png → modules/desktop-environments/hyprland/config/wlogout/icons/shutdown.png
View File

Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 9.5 KiB

After

Width:  |  Height:  |  Size: 9.5 KiB

0
hosts/desktop/hyprland/config/wlogout/icons/suspend.png → modules/desktop-environments/hyprland/config/wlogout/icons/suspend.png
View File

Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 11 KiB

After

Width:  |  Height:  |  Size: 11 KiB

0
hosts/desktop/hyprland/config/wlogout/layout → modules/desktop-environments/hyprland/config/wlogout/layout
View File

0
hosts/desktop/hyprland/config/wlogout/style.css → modules/desktop-environments/hyprland/config/wlogout/style.css
View File

0
hosts/desktop/hyprland/config/wofi/default.nix → modules/desktop-environments/hyprland/config/wofi/default.nix
View File

0
hosts/desktop/hyprland/default.nix → modules/desktop-environments/hyprland/default.nix
View File

0
hosts/desktop/hyprland/environment.nix → modules/desktop-environments/hyprland/environment.nix
View File

0
hosts/desktop/hyprland/home.nix → modules/desktop-environments/hyprland/home.nix
View File

25
secrets/secrets.yaml
View File

@@ -38,6 +38,27 @@ desktop:
restic:
user: ENC[AES256_GCM,data:ccJZWRM=,iv:fExPV4GW2aIDfJ12OCOmDYGAzRGhOu+mcRcKXSfqQME=,tag:MVRsGgbfW4tmnAmQP4e1Dw==,type:str]
password: ENC[AES256_GCM,data:CjEpTwCAOoIdlb8=,iv:loIX/SmckPIhn9tcIs/eRAbHrbrDe42GeltgwOCo5YE=,tag:F672YtNS1z+9DOewM/7pHQ==,type:str]
ssh-keys-public:
macbook-macos: ENC[AES256_GCM,data:zHNf+gwWuY4lbrdEQm1fUADRwAoR1VTaiUnYQwDzpjqM0OU1jGfq5GF2aB56HK92ByZwHJxtmG1JVzypYZ+xZ/geBHr16VO5lVazXR5aso3NO5rrmAISkCSEJa1g+ZwBC3NbTglzZJX0e/JZe1QQZffi7m2pZ3HuKUF2IC+2qx5LghTm/qMNSiuRra91FmstHN1vJ74lgOcA8IkIAoE0+jDgpSmBqBQWV2cmiyo/JEmDfMIjZNdx4dQ14gP4FAuEGoRxfF3sHw5LhqKd2wgXkOYqvsSzeDuVk1qmI4wSflKcryElJ7jyMEiG5FaPEGibGkgyD7DIK65k67o3H2Y+7doDzahD71LFG7OF1kRq3JuzvL7wOQ51HTP8iFFdHJFIqdQlsORU6qiPE0GVV3zetuJgrFclVLHpVrOL2vPFwSS8Mbpenfp+7O/w4RYdbl0B9gNaiscqrUmnZCKCs5kjNQ7z+p9XmTa90yVgNUEtJLDH+8RMoZGhcg75awBHNW09iRH4pem+p+hZByhY0Ai/R/3e8xbzzJTHML5ypPYPKKypxIKkZajblASh24ymPFD50zaey+Rw5tTZoJFImM6osxrZxnIhqDuGO65wMiU0bulWPeO0vsYlf/SKUFOfo1+ZbBH+WNYtkQaYBk4VcIYN8OGdH4/ySOol+pGw8k6NROLWqgl+JbHvvqq/6loUQSqEFk/7mTt+azOtYZn8+Bipe6ZGikfoVPxxZidqE9KQkU8a3g/rf5lOqcE6TlDLdjiG7ixjzek=,iv:iK5OiEj1fzNkIOcbPeyXB6BVWGWdE9XulzDD/hqjyaM=,tag:mBYYY3Zbr5QQOFqNEXT8oQ==,type:str]
desktop-windows: ENC[AES256_GCM,data:dDxB1LxU5qxxP1/4wINuWn5JB1w8OepYt1rhrojaj7QxqH2rTW3hnlvXSKD/m7lrBcGBPDzjfJcWusSHBkIdb+qEawC4BhDJZSIZHgP+z7hcf8d3QWpcsaI/CIdr92tc8QKU98ocSvXHC9M7i3sVe7wISJHarDBXSqBpfAvM20V5jM1rhyzNUdAyIWTWL58bOZapa37x7weNr3+LOJVSWbIPD/+mOWSduESEBOGBvYcLcgcQf569tuVT06zhJ2YTiE6NYx1VOA80/Jqxs3Hcl0JNtNP5fYIFO5uXX6+Evmw/7HlUzA4/xeEwYIjpYAGnwG+7pm/CsBi0WBAhX96PYs2K+n+GaE3Af+kyfPBDcuqlYYfht6sQmtcQg4u/O9SVxY8hhhATUGqZUnHibwm6YUdpmlRYF6lDiwVP09ln93jN+Q9HGCIv4CCSG2s/2JtEczI2ieMFFDk1siCjE6Bd3vgpt5zSJNJ31F12yTlQ5oSEaFI61rMxbYTRB6r/yWCwLDzyOSWLAawSoJOCld5b4vGSbaK8CojcD87yPgXaqFE5hu6KYZbTR3qejeBjeXQqeq8HhRM6jVvoBhMUxdT3Uqk4Rr4P5RXf6Ip8lNAu0L9CTQBOD89Omac0WK8JKsmPP2qudvYDvSCOhVgRNI7RAuBasbPN4+FFB1rtMHVnuxe9mH5B5eO74kSGPb6G+4u5drCXgAQ+gZ5ncDh2LJAPY/4q3UXe5RtKNcK5rrg0fTJGWK6Nz+h9/Q==,iv:owBLW+yniaAPd+d6BFXlexNCRekZhAwP+oY+S/p5HD4=,tag:ct5BLa470+BYmzddF7s0hg==,type:str]
desktop-nixos: ENC[AES256_GCM,data:pAhqnVG6IQ06aDdIgfFwAlPjkx/Nu+oBMOXj423S9ZExTJvOoukm2YEoxDMyWMDbH9PkomcdSImnSUWX/G/F0voPG/wocGsVDvioNlIw3lwVFrEeLWgpTGq9XjOLBJi8,iv:XsKfWf7y8E2Frk9by3o0jOqPH1VATlckOEodBAx8P14=,tag:1yNSSHjppZb66nxLxpCa2A==,type:str]
desktop-nixos-root: ENC[AES256_GCM,data:5Fox7sRamK74Toyftdl7JnzbGVJ66hjuWtu6yBZnXEArWJ/BAJKtrHP2zBE9mHkVQC1DmAFlS0ULFVDoCanZRdqt3bb2K7ZZoiGu1u5SyuY8GUtaVlousso37f24us/o,iv:S70s3EvwbPH6GPgq0m7eT18ncHZ6j5+nuNWK1hsRFoc=,tag:QRalnRG1GlOKZs0Utz9CLQ==,type:str]
jallen-nas: ENC[AES256_GCM,data:sOn3hImmDcBs1H8NudqaNnPz3x/bfueEfEMLgGZB4DmWxWbOYSvSNVDM3qRnM6Vmr/h/pHe40g5Q9oNazVFxltJc8gidqxtB6dYEuDOwoYhO0liFuJZnebWWbYHcKHgPEQ==,iv:it7LXuf0BMviBNluREDMW5tMTQJvh5wKXehB+qHEpos=,tag:7r+H5VbsbVvC8MxmMbl83w==,type:str]
jallen-nas-root: ENC[AES256_GCM,data:YcwfZ8Ae3Ch4LPbKEkijVuo2FhlzdApm1XI18upHVw9WkOjfDQjCnHSYXNhOPGYDHFTerd69A4YByNAJmI+ZhUFRk0j8JQyAAqrTqfQEv+bOjoAfXDNcwr2TEr0MpNAB,iv:np7bSSsauo10y/gt58HNNwtRNPaA5iK6+mDke+lmVjw=,tag:YNJhCBjWpYP2YCx8QFy1FA==,type:str]
ssh-keys-private:
desktop-nixos: ENC[AES256_GCM,data:nmZyje3ohrq7PUiaPMmD18S5WV5Vwc+cBc3sl8J+lYSPbnKf9vR9XpLi6twaAkJD0KzaPvbKbBmUka20M8j8RAFir0WOYI6c97Ql6r6QxcoJg+h1f1JCDLmPYzMk5bdP5xivkIG0oXIpcYP5aBVbbC7G5+aqTYKJsd553E2wuvqv5PGSXl1hN4q/JC4/DEJx1mJq7j1O+IQAxk1B44+O/Omgd+r6pALWQjA2EdCYk2ReDDF5hlVc/2TIC4vPzVFnPFqt/5LuhOah3HV7xqw8AV73QGMF0KHDYLGH70fgFBD0Wr0uR4jXWmzfhN5bKkNBRuY4A6EyXF57r1Nc4sxpK2ltHSEOuibJWi9R1E+h5rmb65sAMgxkWn6sGL3G5smC0VuLaDrYuyjFx782V9aWUvQr2h2AaU1Z7+h6VL/adq1U4gRkvK8a/+7IsTnSHTzMMnfY7jYIrWjmxNBwUEpqXAZFAFI7qP+29b2fdWYmoup/thvMthCri7NiXsX95Qgf7CQ/+qoKENwZw9TgLtJtbBBks2vEuHcVh7PO,iv:jgiF188WAPqEy8WWaHJImzlLV2NNTFnNHW3Le7aLJ1Y=,tag:iCCDSahE8/LSajZd0Mt3LQ==,type:str]
desktop-nixos-root: ENC[AES256_GCM,data:oIBAoV0MyASXKUf8YhncfvnvXZJsXumWf1t2dibJ8AQZn7AU9RdWrHmToStn0QH3wqqiZH0ZFRnQ5rzCjXz75UTM1CZ0K8SnPDVIgzsExzMSFWz0xXKCPiagR7iDs3E5T341+qG92MAYUoVHEO+LPFE1HItiZyTTgdbJ8tz4My3GXpJ+3ExGAO7nlF1CgCuV++IsU7pW3GAgi1+v+V/lrZxkdZikM1ayYDfMGa5//Tlx55W5zR9GYm4vd4/HwIij/DrEueZAw/4i3WOhd77afosYkboKtZb82m296UfyhJEFeMQvSvjpNvqIc9KStMjxuV07QXE3HZooGRZx6HYJtHHKxf9HcEvgvGNi4nIUoGFb2+pWmWk6Usxo2S6aZM5k96UGrQGdDZzRZZHA2K0gBCVOsdz91M8egsevZEzB6ADxLmkwsobOMRY9Dm91zBMCOI97YestSMQC1ilAevF844c8augaszPRxfwGocuZE+Z99bsQTzJBiTsTgmp1xHaYswP1CLfoeUg8NeDHWmXzIQaqBf96O0kSEWtB,iv:2cTIm3wgcyOgKBUNYZbokI3HRRWTA3/9IHu94KOBUww=,tag:98dLCYVfGcCdXPEDiIV9Uw==,type:str]
jallen-nas: ENC[AES256_GCM,data:7ByZUcsQRcu2HiFVm2kuqXhVLLMzvZiwLV37teBvDBcGSlZnyU+9MmTH1SIxMwGaXVGDcaGyLkUzR5tHE6RgWw/vFyAG2owopxp5iXeQwd2Wij8Y2v0CFlixarRkSduOHPzbgJLAbg3qLDSVOVjVNZLO+qc6W26EpgMjWzxITez+M310VkM0UwH1B3FDOOd9p5p40+WuusR4V+Kubdi6cUxAfGH0XRDhX7zoRNG9X7t9xZCexWeSIl0BlaLkliSCWd3QeiuavXt94fBdEX4cXPh4SG1lRq37MoUShHCd6T8CheMSSV+Clpq7qyfFLVPN+N4RCJbZ1IiutE+7AsWAqDgS0XR0EAa28AE6TJxNGLDtBzBJvLSr/CxkTRho3U8pCqplUYwUmG9S/2WBqMDuK9408bm9Pekq0XdG65s0axhl1cH5V6wi9mBrScjfdO84FLApKhIt6iKnYRImhRudses7Wfgc3iArkqEG4zeq4IOrycHc8eaWrdHCba/2HbI1zZjX+7fDJkruo43Z1RUjDfD8TNF8PRt5fmMH,iv:2XZh1NFe9UZnUVndSgyopXnqCg7gCeDw0lQlYji9/5E=,tag:SWiazbIWlkm5eDKWlHab3A==,type:str]
jallen-nas-root: ENC[AES256_GCM,data:S8FCH5it+4o7YWSoSmR4unUfzoMW4v994aSDVb2DxcZGh4W6DnQ/MjiV98mOt62hzvwMksaRM55wM1Lo0WVPorU1efLi1qZn/Mi/QSqIqZJTdHGWQeak/pZJk27fmqS+5QyDRmErVxxesM92s0Y24SmEBOxlWDlfGNUTIUzjsOk2HmrTFrUCE4A2uu/djhvMaNLry6tIddW5C+bGy+LItrR29tCmA6j76bDW2h7pi8C/BPGnrGEE/p6Vf+VNbE/9xYdqNXf1gbRJ0AenZi0n8AXJUUJAc1qZyTVBpYJRkhGx5JD89W6Xk4J1bZVXv5XHQQ5MPPlkGPv+tXnKTzxYKPl7OXpe6rIMWDUK77vFpOAagr4F27JvHMkhrSv6RAGY28KqX6rljOzZG0CV3/MDssf8pXcyIvVSwxaT6JmbYwqdCHT+/mz2DFwMb6lOync9n24tfyEu0qkAg2bLnOeICQYSre849dvsBDlfQw+Zu1HEkBR55X+BSWaL0godAlRhqJMqPwoHbMNC2Aean0GJ+Ao0oaMILI+Lu9eL,iv:+RvxMeW3J8xNfiU0xGKyQk55MJlwg+RL3Rff7NPexF4=,tag:f4P3dW05wDn4k/ed4xLz9g==,type:str]
secureboot:
GUID: ENC[AES256_GCM,data:EPkYpJAHYEAXRQQKkB6WHXdtdnyoMvPV0BjfxMYfD/F2LrQc,iv:yK+2bSfWHnJ+qTQ2F18Of/qrultrX5cwYLgEZEWj1z4=,tag:D2WTSLS3ZZ5vZ4VQg8ltZA==,type:str]
keys:
db-key: ENC[AES256_GCM,data:I0fjDUw86CqMAwEIUF87aIjHzQKvCo058pa9BPvYGGqn1qRIkohU8lLGi2A8eb4l068XF6XdCa3mfOHA5wEKAiiE4DbqRwPZJ61PyvPwsjL9AGaX8LyDd1SMQYXmVEYol4FF8ytIe6SLGs1uXB89koSqPmw4RaoLgRIa9usPjCxh/fgKeF3C02FlvJWtbpPHNuY0qB4oWzRyDCzMiHKNU0/JCcJRYiEmdgK0TTA4jqtjGDcr2pvMQEL58mB9/Tilu6d4aeWG2mhGOw0fGtKWh9DbHHCPpMc4P8oLHbK38xFKnmkS8Hta/d7z+Si67crVslFDKPaE8bIGoehjOZCoSlxLoDRRiuA4/WwCYJgaFO1zKxwcjOXgM7Q6sncq5hGJOArbj97gtxPog2MYXz9aABNsd5OgWxdCJthwwbjOfKxQ8N3V4vi5+vppZ+KQ4g+0rU9wHOq8sMqMKAZNGQiG16I5cKD1uVAdvKKR9ATiMxrAB4Ceil0IIaUDPuPoW+djo6jJhgGT3igGHmOjTiQQqgyN3kHUR0DK6cXEJ+3OjKgCw3ZbNjsENz1WXWdyW0ThVcPZqHJ32ZGY4fS3eI91vuEgT4/xp+TsVPUcQ6AWfMwGn/jwO7vd+/MV7aTLaSQavD52byMIOpMzs0wMtGcr3f6UW33wG5IT7VrvtpX/TGEs+ciGSBcrRcXwGDrAhGFeISw7q72zsXG+ilAKJDKVIjotwPpgBRl4hMyPx18wNVKWALLgXe+WZaET3M9vHzT/G0/4r62StuTB0Pt380Psmp5J3ZnTTDsmpLFPbRkJ1UMqEykoY5i01ZceiyXlcclgUjOrA/knpK8vVerVBS9kMQZqPuMWMclTrPk9N2za3xQZ904hhSVO8vBgrv3HuAu2SxNGt3/Sgm3mdG8Zbm68hg0nfRn4mvE8rQ/WC0mR459jPvra0A6+XCokVK1NdwDMLOb7inb73KDgx693dFqY/q8oGM6/izTsLXlBYQVMF7Mqv7gS3wuWnkKyQkKcLHqbyP0pVYjMaHN8fB2Cic+O6c5Fu/1yQ34l4wSi4TVI/gMr8OKBJ6r2ixepwrOrmzQc1X266VEV0n/zOBQC1wKKtSVKZp85lDVu0lDdKiGQoGsXjYxUF6DvRKcd/uD0TnH7NoT139XKet5ZktlIAXGEBMW2JdkPu5xpk+qW1PsZzifMaOh5Bp/Vs0O2AAma3pvvfrAMbZr+NYIoAVGthRisW4LoVPMII1x3NspT8Emy6d4+6gnUalz2HFhIZ8+8W/TFN/a7uhfjQ2P09cCKaefTDXc391AWxxyZ4IcHf1jX483I6S3x8LsfvZVmyUO99zJllL+Tpc8Au9aYBtikxbcgLrLnyuK02dhsZqWJWqipSFmcXq4lxZMUCRyr/qQtE/ml0FFryJwAZmYooJ9M6kHwCs/Z4asoYERItKRlzLG38hWjK8ghsPUVawnBnL65ds49Y0+1j1J0uTXzR1CsV6LH/TtwEKUhGqVDeDDkagC+T2ZlBRze3Sb+6ZZeVMWTT50gBZyzLp49D+AxEhOuJLqROQdnhcCA2wdlxL/AlX5jw0eRO7a6uIRJi1fOn+s1kEk+vRi1MEtjGv279S/RMVw63R4IPNEwOtrZplWNrdb9V0iodB1OLa0I6jN6YV64YF5Mly5qCcNWHyjK+KEk7mnD/mM2RJeoxKXWR7/Rj7Gjtjv6WVqqzv0EnDouXwOOrbHgA8LctxeEr89foCI1MdwheXE58iZMa/aoP0suabcq6rdSOVKp/0GABA0AXdEYSfbLBtp2pu6pDE41LA7/iqG/U4cYlrN+CvUC48R6kB158RzUjHbmNyp3hu04ueF92xWCl9IuZI3pB3btfs+rOD7dIUmk1LNA9gGeCponV/CqN0mXvppU1wDPmk4w/k2IjhASh1Sky0w+Rk1IK7oDekKhduj61vXYQRVL1M1M8Qi6q65/OAmtKdWVZheI37DKrYbup1fGMuCSK78D20QJ58eFmHKPswLwynxKoDc2uAWJiRmVsS9XJrhpPeZHTP7NYw/sJahANedqvyH3o9CqxE5iCngnrFbXxjzZvyan4TL6IJGJIu2CwOc34XHU5FCBW8jdgtVQt9TFfVMysUJwpSLEruPPZA/PvT3lxurXs0flb0ggX5SVad2AkQ85INuXfXMLSFbfu3gS0ttYjtrS+hLkGnA+FBONdiZ6haY55g7IqdlB8gR+Y93g6QC3U6iAWpmMKVZjDeX7mKwfS2jNXUQhLr8YFi5nN+LyrjlsJWIlK6cBd3Wkdai/xtjp8sVosxesb8UoFxJHca8oz7Gx2YfQpHfabnq2XqFz/6U/vl2YVp0XnrfdefW8YUhM1dlqilxxsAiAHDsy0dPfdNZBeFhnCV33ui25NBkK7Zazo4hJb/xZeqzXW0Qpa/PFv9TdAgGYfPI2xEGafTW6kRaSpq4f11r7dDXsQYCUlZ3hmd2nJkR82OkQ7vgGLfT8oTSkJzh4ETRCC68hEN3DJKfk5D+eTtPUVvCWDXSu3v66if/rv4GD1JZxPYIEcbTgH4jRHwyN6nAeyJj3Ejb2ajONBXa4udcvoDDv5Igfj7u+NClAixW5GSkb5kfqPIcDolddQIXwJj4zMQRTFAoKPEG0dltU9J69vxLgYiifz1Y+oKQ0gc2eckXOkiIw8FvWdw3QBH2AmYzagASxgZXA8+OFylatq+/gjwihet9c17PsnPgUtQm0uxYfPcfke66QBQJkc9tNa0cxOk4qkaDb/gjFdWiF4F7MpoEtpsVMtNMHWflKQw6ESSMj71qA8W4c37bRHFShN6mbHzdm/kZuwTlnuWL2CauuhNH878sdvOS0x7ge0hoTsBpcAd6kTsZ6Gw/5wSF4+5Ig26BJ65rPnHsBi/6lva4YPV06sFRt6tYNyNvxMYo9r5Fsucj/2yIrftiyT+ulEXwQcvtTGPwCl2Cn76wquiGgowxj9Hc3rQ/fKtkyn1l2oO+6JxFN4uFeWmuIysERnzk4CWgOoIXRVWJhsL25ZGs35nSbWqP7Ptdoym9g4SziL0iVHtNoanGDL3E68GOhS+rS4up6NBqPquFOM6kY8lyJDXd9sUR6t9bxXVyCNQrXpL1F6jECRsLPvikKaLUsgfIpm06bufkU1FDGhiTDCj3khnaI7je1vCQ1Lmow1gqxaXk+c31/ZJ+XgIW9RlQTkAbg3nzrAsMuD1ZdS3LXQJCwl/7VJRKNCoGRwIpN3DUonuQ3ydZEoCpXp7OwowjVtn2l4JbSwbuFhYeuORom/ueAlikx4kDU9tYHNC98bjP5wo3NKgxc+jQ/ewm1G1kWCWjoh4csHicYnHAMIZpyA9/LRDGqtCbVLAggmGQNVcqRT1ZxX6LCO9fOVU9o35Rzo/ffsqEeg0WLH70QuG46is4x4ROIlJA0BKCP3/x1WeaRU9WVHBywA6BDD/E9QBGkXl7E+s3vpczHROJcwytVdv0LYlDTSMy9QLE9DVyfxLza7F1xlB8ktr5KRHN0sAE5p4hzPuEK3zK15aL5ANeYX5JVyDC6jDcMBSeqzW2GCloboFivCz5aDYV1a0wqd3TUiuE5OsUYzSw2yh1TCUXoyR3r4Oh9vntLfBLkb8m6FBLJdd8uKVyF71e2rFGsgiFCzZ+CC3QH3ZNdm50YjQ9ABPLj0zLMmKSfqgr3mlCFDOiGoIHVM4cmZL3LmzHz8VO85wCEh+5yKgMf9HT1GodfESQFDQxTdePDGzclut65CGkE16op+nSpUb5mGPfuSrFyKRehSLEcnEUTzrn7u+gukDQNC0uzJMe3P9LfNWjQCMiuHZFgx+ch+qFQRWRgXePB2thSjbLgXXAhEn2nVHs/bfvXx37rSSkzz8dNhcMX6UWMZpwkDnLyRgNsOC/vvey9eODmiBRzKaUTt8JQVgrTOx2TFTwNqVrfdrNxm/vq0bGnQhEP51NHdyNYUHp5ZFDL37T7x1Gw2esCUEoPfkqTps2HXt8CPzV6edRV5CTMtGNZ7+VIsxGkj25WTo7vleXE1r6sEZ9NTpRaE6pRHj9RH22JkeGCDMxKXMda8Hx2YpC1Q8lHsZKo14w8jDA7SKocsQUFriHSWuhcSI9AqEQkNv5++mivl4mosJh/qMX0MHbXXGILJi6iBi2/2cZMGMdaix/Ev0jAJi81Xf07eLgC2Rm4FIzHtbgN2kxAEROBrVqJMkJnqLlLWR9J41SN3HadvqVwlfyaknwZY+SFJjYbqPFihng1QxuLiwbTz/2rlt7xJtIxOQFv6+k3OPp8AMP2fJ9UBXuA1C1gApu3cuS69ybUY2gEqE+y7PR9By4WCTvJbgGf2MTeWSfkgylhOvTKrLdQXFrFAZM=,iv:11gse23Xpm8Oeds4NBNiHheLClCj7wFobRDObckm8HU=,tag:2Vbv2CEGv/biF8xfpPy2NA==,type:str]
db-pem: ENC[AES256_GCM,data:YgYUu5+uYIT4ogysOo8FvU7WYUcEDcXKR3yTp8WIcTUv2bGk124UXWRoaLlose2IV1U2z5GTyyiPwBIq21vrya7luy2rLSWk7ADaXgUotgh7//rbbIk6TLEh45S2wj5IiEpo/C5VSWYGCfcQ+FuDNPdQsxljUnRaJwTxdIYwb2tH6g02syj1Fm10TiJhsqvKPNl8qwIx32HUl1ns8/oJH6Isi+87qgYMdmLocq2x/6d3Ox2YmWDBaeqknhj0uJ1IxZ5YLqXyKlaEJbgl7+/IuyFToQRNMTVJXJ66hyAJMbaiEoolnrHvQXhPV48ibxVyZtMf3Rf40UWuw/A0NAQd0ysRsISyUW1p5FHtS1zDcUbhetmYRCKIEc28ZV4i634KKBi9JQZKH6+cDIPxxRfjj0oR/0aVfX+6eHYs7BKMFEcMHVYMBYKovrhXngkPCYEc0gFb/Ok6sMVSrApU21XGcih/5fLSWlTA65i0Uj5YsfCgAXG6UUujUWrSjmm//k8cpJp9XrHckFs1ali4oixRIXAiV+fnVIXho8mnRB4J33H4B+z7vDlFj6a3jkF8AwUBbNaXXhSvjcgHfmYT5Ej+SnKyqYvOVajAnPVamZTAyIBGIzpa8GirQ8f1BMqDau1i0whxz5Z0sWjKPhCsNzxr1sOO9cPNpmWv8G/YpReupnMepl6GvgnhVJl44AECoPR6AcPNJ12b4LE8jNw/M7K46gqiQhqJ5Cs3ZS8K8/l/875I8BBiDvECLHL+2pjpck/t9/xzQ+9LV50GZtUcKCiNlbxOqiLME+ZUhuf9hVvQ0sM44CWq/ulidBBtiI+k8hnQkZzJFNtpjADzpcjP0/nEw6NSnlzhFIa0N4cMEyX+MyuzU+Dud13vDgNdauSV8dJMHVJlOcwPRDXVOBaerrlR6qjOfTI6U1hpURD+FzgDxx8M7G7O3dQ+yzuG7qZG7HOxOBNE0BbHLcyz0shrZvtFKWjC5DzEdabUZP6D9DHdyDun1PKCLMlYky0fItN+6kkMSfnNCZFTxp5eJno0l92RKU4HKlTJtqo2GkmYq203/gXOKuGqPGkQgWRf0rF2ZMPlmn6g/MczjXYfOqjwCEwRODhMaN1Ni8q/9VQDpqWlsJScs3iBTUPCeSN+bACbZrOLBaWUhVPVmJvnIP6GVkRa9hJ5LPNs/jkmSr5F8xMwpyaiSXUqMw15yl6RKNAHVSJjOqi38AXqCYzeesyNBJx8oX7qdb76vGvlFDn0/5nePhe1O91MZ9cC3rj7w4XgSafRmd1Sx1W9AMlZMYTNwjMm11xojNIEDCSjLB+lD3seXDDI4nl4uNl9AHV6nG8hP41c79hfLULX3vXnBmibwsbpgNTswBLfZ0v5b8fDxepnEGfJCaz2wmE2jYaZOXUOlXbitlzFeTgGnWRtXauo9t7sJmSMPLJgEvinEkMaerAz1uDuOptkjau5o6gZea+STqdwtExOif2GSrOms280WINoOY8OQ65zLTYLVUMKJtQ/SpuyRplH0gKA0gnSmfOO2IKTPtoa7Sm66JfRd+QkGfCzsEq8QwD5Syw0hpD6sJ1oe/ZwoqrLEhNVQ9iddiHrJ/7X0N0N8PQsv/kYiE8nHFDEwFe/TWI4rqkJpeg0J/6FWcu+G79bb0NQ7/zXyL5rLrDwiRt0r0dJX0m+UPKczMTvVeECK3iEV2MCr/CCvJ5QqbrJymUFQ8goyp+3xKC5bQ8BJmcAszztyJvA27FqwW3/JOid1TPfsjigvL1LpUKxi/1CmclUJ+PMyQq3Okv5EOgPf7jLDLq5Q05v10tn8qBRF9lSozBWktDntLNS7YdmbcMYbsVDIO1HoGrPv3ZhM/G8t5OzIaC6iC07g8piEjRh7vNJwM+YvIhlWRRr1ypwiTZez3uBhohCplvcb7nT32udvtSNLuhRSrjoqedK3lAJhGcTkcgUajr9GjZqbW9FMbNOXgb4VuHW+AMgl3Y4gVP3+vTO+9HUgwaZX2ylcHruyF4jVfBK+NiZbRl2KcWMbLxQZzOJ+WPvJIZAvv6J81iFVplINO4ZGmnWoK5Lp7s+BKSqTkRG5EPuEK7w9DN0DIPf99GSs3U2ntfC7qeoP0B/LTUeJ0szYtDhS7dAtyOFYkNF5z+z1Ja5SeVuad11vuF9VLYwTqI5PlsT8ZT3wghWE/GRAgG0c7tQ+8PFDCG6hfhdcyGUNODPZFUYuOhamfau/IZAo0CRNs7Y7Lfj6o8dlXw0XqxXoAKh4FvFmM5QLb09mQ9h/jgxQtiKRZ1sSUxOqXLzytPfTY8sbr6Dpn2/C5zW18Yvh9EbfWmSQaLc4Hh5q3z7A3FmDkXAzpw=,iv:2OpXdGKZMF+KCtRc8t2RQ9rQYClRshB4LNEelaGXmDE=,tag:rSaTSY/cb/OKpxsNeT4KBw==,type:str]
KEK-key: ENC[AES256_GCM,data:8IUgXjy51S356EJDBtywv18UpMGXcLgMsxy/siaiHFEVwPxvJ/VaCb8LwsXXHblyfTYfBdL9dJd7UvB4NPY59Oa+i1bn/3ipFbl4k65YYJ1IzHKBNwdFl4+vKzTcgnr/jmVSXTfXm2v9pBwtJ8VnHcGSmpF3pV+faPv/l7hFVn9GdbgfcwXxSDpRs89Wo0SvWxaQOy6BxwnP9im9JNZgsfdB0+U+mOUFrp+16FDKsV3WzAcvIlO/XE9c4cooGw9UzJwUyq7LgOsfsQVfE06oU3sAoWpeXoXR+llRnICap80Xbei27um0rOjaNY8ejTKsBcI7AdytrvuAeGe4VOz+5IP3vG6xFNe2AQA8oi9hWNQVDtt+v8jSwlQjE5/flQ0HYMxfhS9M8f2uHf1jyJQ+kyqjWaGZXifTwmbzRlH9sXMaIyrKVRWk54ciOqjcQFkAGG+Q8psEZuEHfRFcZ7KjhUpcOAuhc6HsZqHbc80xe2Lxr05h8UmeF0nellQTDZRt45pUlu7Oy5lEDAprqC1SunN1QQ77ZRcjroUrvBbpm2FLyKfhNaMRYHzTZuy0KNfbyOQW59uGdFZnKqHKKXeDZycjbRyku3hPQ/UVS7cdKyH1jUvN/1G//1jdAZvpIPsOyTiwuz828nl8efArKhwi9bLjAsFqc9OnvnohO+5+dCFMej2hKhH78dtADkUreNA8tfH+v28/55ZYU4ypluOBEeBOGBzxeo9LZvbo74/ggt5E+MhNPki5xyV4ka6UpjArbwT7b6sC/BrhdNR2OVD0eGnSJnWzHjMbHzo7IrODyXcmi2jXTgwy4r9P5Nellroj1YoBE/DBdH4fCtI1IUnm3JVwgAzJJW0Ih9U+J7ZU5ia21cH4nzzdn8A6E1jAYLkTmbG8v157l7CuCaWnGrHuO/z323LACAPhM2QK9UEUleNochQKorM2nWq94MB6pfnidtHxC4SfwUX8aRxO3RIJ8h2Yyv/r0TFbBvJUtWXpUhsa7pNzvn9RMU7xXRu+7Q8CYgShJJ/BR6/AL0xnJeiE6NLwoP15Xsmwar2D8akVGwI+yKx0HYFKlWwqYxbZwIYuiha4/qvtGBNvelS7D6ERfBzPXyTzQBqmXKwaqhYOGYlPxgqvTVXb3SM4ZRRM5MGTBSG1AaWnkB8P5KfFEzkWpArsnIXaaq2xfwphKGiu/PeQy3XJNINJxPDWzEgH1g0kPYXLDR/wZ40GESnAi7BGGeujuPgIR03cPhP4GuY96n5/BVFnjKMV5HQEkQADccoNMQFkF+bbPc1duPmKqcnZjGDTfOqBc3G/LVMSIDFMOhCvwQ4CXcP3tfSIyE3W390JmVwHGdXo2Okdlzo1wz0JwL2F0C3SuOt1UifQER7ll6m6aIoRMwdes5nU4RMWtQ8r9Os1GhDWklUG/5IqRQzRqHwwQ+EiR/aQ6gY9ibFs2cQ+bVd88Au9WD2D7lv83AfM1IUWB94uKO4zgVbe9z/W9xB9XJ5wqAqbK+oFCdF2Rqw2nCWgzfTuNKs7QuVEPgSpphwE6jgwkBxKoUclDdEDnrEsYsp7blbisSLXckT2ik0izt/BHr23aKOZ/UAI9Wy+xk560NZzqfIbpxa/phHOEEWqIGtWYXUDB95g+w8XSoC3AkqsluKGBIeEURq5YLJADg3zlyoKgOua54eJ4BcrTC4l9SAPUgtPERYvUb95KLAwUgqXEeEtD20YcKbcXkoIHWw8yxVbkejPitfoNj2zMjMyJxPt7db3BiawmaqTWc/ob8xj/DrCvPIBUaLSX99R6kNpRgXKl9rR/ShFSDj3AHKu0LVnTGpD2726CfddckrvS5VO4/5t9PYcU5zXoM8Nlvx6/sTj9qaIgFCx4jCLcrr3s1xvfzzGizcHm44f1CEZqjuFSrlLdC0MP0JljtkWolkalYdlRQRxVGqJytFeZnlJKgN9ESQQ3o+ahFpaKEvJMBn7evnKq6maAcxK198xdife0OGKT4jvApSyytHXCTiUKokDZGEswQSW23TmH/kuq/fRL00VZERCrAfaIMRDHxmG6SuFZWB8RcPQQkmBa/JFetL97bs83QTcSP2YfZBlYL7x8HTEwusy5dYG489dO0rThUhl+ul7dL3BfN0eQGRQGU59OBxDxN7mp2t2W9NOY0TvhVXiRQpy9KpBFIBpiPQ58RlChfaULPIvoqvyPhIMiNfSJxM2KnysgduVNt8m+Zm2jlDn0yCqXvTd5FPUN9U7p4A/3BVHEWKdnj+oapIA3ds4fGRiV4oxJMVDzgpjtW3G1dN60c4SHnChTen4MgdYQJKvkuVzeDfzrHvEgreIJkchTukQ2vBVnYkdsKNS05rO1xeE8dILvFSTxKqxd+2gSznVc4d47srcET/1nNnItky4upM4snb3dFbl01MO+GcGvJw7NaT0s8YFC7GUtAoP3GBS1hmau8haRRuetT5SFfpWV/ok9FqLOe/+VAq7d07FGFQDkYtOUvx2HBUOoG1o7M/eiGWq8TQKYOdZfHbRLh5k4RST2FYpFmODVJpj70QDWqvkQcFdJF9W+oUwnIJQ7veVVazWlOwoMHnnxxo1To2hcDUC7KMJlDdm12Hlz0mpqH9NMM8TuAaD8B4LgnW3eLg/RnpRBgn5vVlaQ0EgvJHvupU7nBeXeYLbyI6HIxn5S/C5aOxcqC8iawrdZN/PbkqYTUno8xB3uzAQ/H9zal13IC1FUGcYyb/4yFUaY9n3I5psg0w5PKyoCYgQMg+5k5irStLNs7Gb4+hh78FKDBT79QNSYIQsUF8S1qVXz2gJniTnwG+uPhoPVYA7dd8D/YJf9a5kQGY79CyOko1llTyD11UNTW9LNc0/wEtRV7D+vWw3HHVLxRcCmBmSwqPyDmzntxZNMnXOkcR/Yom36pkfGdiNH/mojywZaI22qswsI24p9KJuuLfMSzYN5WT8mx/dW1ICazYHD5HDRnUuxB+7AHy3+18Qo/rvJRrNXEA55L4rl6suVgU/hZMNLJQdPvhkl90tQTyiPmTPHpVO1lZZgf6uNPZP0WMLJCc/1tm5I12Oc862USNObIwr+lowPram8CJYo9HOUkc+YOglbizHQz1N0isKTOHJB7UOBgcAekxScHF/JVmVJa4dS8V6pageqgqMLBrYr1mHWfoul8Sw5n23x4i9SwcybpwdYHkNGp48b1WO/pk8qTz5km2n+i3Sbd5Sa3Ntry8Vv1LIdOBmjE0B3uogonPRGMqEIjgAc4OMuxuELHbHoizkR2OMQMg1DYFLc/3XHUTM+CHqZfp3P8Lygz0caM0kA10ipcu0OH0MCnakijv1wyJwLW7zI9Z74yXE6/4EbDZP6aw+2AKPgJsBsfW0le+AjI2r5/pbUugQIRskmC78nnI33nDuOmjSzXwPgt8bil6jGDehuF/lgIl589wKd1KhMNmBX1iXEzj1kmv/G7mnyAtgEH2Y96mNvur/cheB+1uaEvaQFLMtB+4hFdFXk9V7OtcS8m6diONTrT/ykfqfZXeBYdnFiwy4RJi04gp6YB1M40mcVTRi4w6mG9wzDKlqIh3Latpm8sIHypYcS2pboXZGZCeYRzNX+kHA5qQwp5Txk/rK80WJ1KzwQpfCqEv5Qq14QkoWz4H3LT1Ooib1cTJ43NoVikWShysNbXxs/+D/NcaXR6OIPOREYxQ1qOR3YxJF6iiKU/EqdvxEqa4NjHhkAZzU0/nmy69Lv/DKAuySuwuArlXAIzcULWvTF7i/mkCERCeOOSMzHvlvlh/fMp2Hk35gmVz0fkCi/W9Rr64Abmic8fyG27QFVNNZ0UcT6cwgg9pF4cR+J5WfF0/G+fX6wgLs1pvfwKi4/UUh2220UDiZ3lqQGuAbbh/0L6PoTBdRvPlOhjbiagVRMP9orzH56Xl0jH+hungaBpbZfAbKDWQZ7W0HbDrr3xEC1BAByg02H1C0h7CBV3fF4Ey7RTTuTfXqabPbokMwzG61lkiWAdY2Q3YoxNg58VEzgq3g8KzJOznHwE35m78NLmGC35pBV4Vjp6ZUmpKk33RotUh6EPcpUULyusQWOB11u35An1Tjz9ewr5xB3XfyHSA5avFEkVS6bAv6staC4sEarBQz0ye+eHAXx3UbEo591KBjXT+0zNiLNkUYnOqRdQBXsunLlQTc/Wljcg0eeNs+Am5iCcF1oaDWkBKOMJ7xidhRrAhzhucBqKlNylLOZyUpc+Ru9fPDIikE6J0p7rwFT51v11+OpdcpOniFZ9HcJ5me4ON5uJqxkQtHxOmltXI880FEfGQLeaMHAEBnL/mBAl+ytzJn07xN7bhd/A8L2JPkN4O/EfUvhNPlGLtTD3TOT/nVu6rzSayE5RU=,iv:GHN6e48WgIPTuhbD9tZKMYAMkTfz52uIVmkrSgyK9xg=,tag:Rox5MKDnymWm45kj6aZonw==,type:str]
KEK-pem: ENC[AES256_GCM,data:J9PksUJphiHbVwjghcSi2/xI+yc3NfF6+3gRASSmNbifeDRoGJiMWTbNqDtKgRjA2yeUz5aEuKKrfax5Xpb9BEQ+oKRDZs7UNeeS1qIQSVicaOdE4SAyfiDv2G6N/yIygQdvyfftGFWj468fD3UunhSv3lM+2E/iO0xluWZPPGo0dGcB3lROm9SO8/HY4rTa8+OgXNzC1z+BTOYM9GSjGF+IWLzBuJ3Tw+EeVdgqdBAaXmegBD9Lxtf8jRke7TeaV4pORBCitojEi6LotZiO7uuvl90EFItpwvmXVMbB2uQzaf6Y0Yf4LV/9FagFK4bPh+tC4EwV/MW8AryanFloZS3PN/jAp6SNoAcK52BG/9jBtk7upPguV9JunBlDryIp6IF7Ggr08fXPv8VNsevThWUJY3chsed5voa75Gwm8OvSpkkASZEwl1zjq+XWJwYZYQSmbgx1z7fj/jmlrxOdhmFCBuY5medXTOuSTNbDmhflzApApI383BVUbuZmFHLuIiSFjvcGqF4AYQ/7SVHC+sACkr6JfT0QsPr9p0ruuuq6nimJ9/sTlNy81I+uQV2dyUvaUkLSqVc+EunkEY45DY6UdaAmke3DJALdpiNmyZsh7iYHU0WwlacNSEPcsBjVfTjbQBHXMbN/m2QamtaLsoxOSTWIgeRBCPUrPyq0t0RKXb8VyNhvW96jtEUKw+FukCcjexkMhz+f7kS2KJ8/sJ+rsNgQM1VYMZlItaaVuOuE3CDfz9JEhgV1kqgJQq+vekUYFv1uUIjQOFz4/N2TOmc36Y7Ae/oCuyJWvQU+OSnn7L4sy/7CtipVBgkHpx0z5s818b+sJDLZMEhlMTnG8QA92+MMtEOss8Kmp+jgPcr61t3au1pcwJOlqzlUTA2ZP/8Lyk7CQbcBbnBgod6ncJpo6r4HaHyQoa7vmz2LhD2sieKhZ2ewYwZPXPkyYPJtF1Soj182qP4nEDEPfm1Ut6ltivsl058qGES7pkhimjCuqNf4IFjeNJ4W5w1iES5Gzxw0YsZ3bFjkityMXP9AqalDoW012bJKir3wT+dDzr1OTe+KLkoWnC5os0/sfqltTPhXRhiHCB/QUF/2ZprDI+uEeJgAA4fEQr/zqA9DLtEYpJvKJvhekbg5PbxBMmCPrcmUQaCjW1VAxuJ/HMR25tT1d0Tn+q6WB8/1bd/AWBjqcvk2ewclYjx89yss8YyxxbGCCU7jqTDr1ildOQwiM3osKifbMFNDtMmXEwtVgfx7VqDwNqa4LsIPURrIUlTL/QoPV5BL+c9XsBkxxbH01M/gLoGgYGid3uOSu+8wYHmcyoobK4qRKF75bMJbsfZVBwAH6tCWIdHiKCpyC9mcSPBz6XyKGZneGcixwzMKMqpPqkBXXqleHO5WAE78iwSuQZ7FcfdbbnH3GGQU5tyVbVNS0dMcjdn9ScTEBeHoP8SbBvFnYtydpAlXttOlP2TQQbmCtVqU+qEf1YmI7+00JhC3TvhQpsebAO35JWM5RvB7Mm4tASbma7w3N0cHOOacT88oilegw7wUHX/K2AiSOYJ3COtiNkv3bhOEKyr6TYHYhHbycdbadCjULoHYYjwoFT/0U5kRnMGIihvbE1/7QzmlsCXzdMshGGLDkgX6MNpGpGGKcv652glZ7KvH0VDOyLSv/h4/3WEBqnslVH/Ogtg6FDUiD5v40vHfy3ZQ4xKviVs5K8/TL+UKEDxF+VbtxORLtBKpb2c5YsXH9zrsQ0utcLCbjGTKnvuaU7xpKajKF4S3rzKTeZb88X5UCXlNeGBpi2fWUqA7dHnMG84U/5WW1pSRI/3SXBJvWlLfIRkr1/KyIvb6D5O4Rj4+rya94S74FAAI6EmX/vGB62KEquVTNG7c7L1wEtWNSzbemeOTp5sXnAtiBe2cnyQuY3mzc4CJltaOuTow616iz+3QD29+hTgsaaCodnPGfiGzBJL8xQEcqH+gH+HR2qb/At5nADa7NRWzFS3B/oT0ZdSKb8PtLJaCBBxgaHl6ujXcwgVs+3TYGsYJSUcyaU3tNrEsd0zc0/+j0pqilcjtZuKH8zGPITB1wLXdF2tcI4w3XFtmbgRBKP697oup1zhh0+2S/zYr8fSCvYNkskMiGwGpbK56Bna/5HZs/cGjUT1cS+REBPU+AAz5ZQOGVT5OVDpzkDe7kUQqgzyze0ofSCtSGOw9jwtgh4QdCwF/nGS9H7fqdxArHRUWyeDllidniEkS/7hhWsIuYM9fRIQMbexzw95IIuWWJxSNvssyETmLwsQYwziXm/Akt7zsYHbxMtPY/fyyAIWX/mDjCQcwpVk/fvF4DbSo1R/ZJm5fn62GJdW6GLnGsTqIWUWAoVHklT7K9w==,iv:vLK80RXUW11fdnCmQTZisYfl8BWg1TNDOG3Qi/tA8U8=,tag:0q13mN72N3EQRuQKLqxg8A==,type:str]
PK-key: ENC[AES256_GCM,data:WyFWVrJ8Z2h0QjulNexOxDn+EbRaKf+wtVKSCRggX8M31FxgEejrM2ra5FN+RcGL4HQ511vw1wbICyOdZWQ3Cda8zfBXrAEjzUHoOpfwejK636Cd5AHTSle1qbv8fuqkst8dDUBWr8XwuxuqqUX2AxRZmS7wkI8hIYhGqcHKQDs214b0mB3Vx84w7kxvV4YHNTvLL8FRyxz6sSXEQhzWXOdoIE26oskChuL9bt+GjntXLdR1dcculVvtv33OsbLWaPy9DXfnlrWPSt75Keuptwlnl+6UN1bbdRa0N/O3DbA7+W8K0Pd5qauYE9eKT1ULhCXL8/HopkZVEPENYQVDPZ5DL/YoQqB4kwOPUFytzeA79plLJ2UB2pWUbJkkZklZDvYqYykt0KM1jtnEDLYb7bXCz6THCvL984vEfzIvbPUuXrvRxFE2bpElYn3dVQgHswXbf4Sv5llvpb8RYahnv0QrVhfTmLlOkVQ5sUQHHiY/UPlpfUq5aRufGCiguRaK2zz3vDJn0cuV2GEgcU5FpQyTzmGmHchJ+jAIf62xKnw9efHV7ep1qa9FQGFgkWj1/5E7wI9rObxkWDktUPV7I5T/LyLkXWLfwD9auJBZmKJfVAicvsDyUMJKmH0rw/7Lp9KqyvFASgJJAPzdQD3KGremLNog6aHfDjrdJUcGsc1iftSuAjyHqDMlNb5WKHFkIm8z7TnJmzVs1jbSzCqApRtawehmldtYY82XWpLN7MhbYG2pF5TZjYKAg2Kn4Kbkrb7vHIX93lJ6e41GCj3eEB+nVlkjVWaLwRBM8/n4GXUkNPE5v61i7q7S/4PnadXQbWK5LVYtj2s6hSGE29BVURA6lfqdHLSIcTXYhxe/5UI7VkssrggY/8uPPty1qabWe/geo41uXnaAO1104myQ4Lb+OrJBQjRjd794NkvAiLZsbRDQ0EMDiOmtUqMVmtodH+TTKz8WwG5xeGrIFDG3zmYZY5owFbc8V15vLXZkcDffFzOyxYnv+uykrhMzWWeWg5cXYrsq9PJVg/nQ8mjoaN57WrixpQvsNDWb5sxNE6OQNshQYDngjcaDSWmRutiVKHYgNjVyVDXbtPEIseOXOTcRln2OwhN3EuWH/55mXABkOz+w2MozxCJ14aLhQMjzX98z6YnvqH7wIyXufCzUEloQ1IKfBtn0/GyowhocUTvJlvyQssi69mHC1t0Qrjl/+6gWu04XiKK8shKaOhilT4/w4AHc0YvYXPiVur8ZgGEZX+xXj9KYAbwlyt/NldYigiY7MK7ymd/9mjYqNIa+Nb/AKS0jv/453acV3g5Hu9tNMgLeMejfptuLUK42IOvonqkBOrd3ljRXoUozZF1uG8NPst7G+Uv/HxjaW/8U8Sxal1hjsqwv4FlhYbHhoVu+9gkp06XFK1bLPuHsOIvgEeyWvzVzxO8lGQPQ5NgkAJXuZT29PzsM19gTXGVVykid4lLvV9B0c98FaPbflD3ncRtgYsZHN4U9WKD0WEQuzotTwN/rjpIlZY0OYWjmsAlGUwG2bosoEYve7rrD+/dsus9gW/QoKJ3VuvgK14FW0+JChiw2wjnhr8l/RIwxmhqlG1z8TtsyUgAZr1a09hidGyo6gujeBLAIHcufRvxb6NugahY3Ow/FRtUeGUt8bOTiktKIcHV6kKfS7QOq9PjjBBl2A/KdqqLVoG2UUQeABPbxB8Ea0L/OPG+mbyH4GtIHGVL905/MdkSVlvnUOGKkruogJlPATj+cHs3TDFL/Dc8FBFj8lidmHhdWv2jFBOPwTyAildRHgDH5r3Tkrejma5hoN9kMPD+l/NNolyszhxT5zPzmzjfG3FyklW5srrzI71+3ZTJ4+oi2VVDpBwAVEbNm48vTRvdWkMlAuXZzEdfctj8QMkosGpbnDJAOttzib9D9BnGGg4gq21DyExpG/fZclSVGg7RNV/6IBJU7GhN+uAp3Q2N3FW4aKnKS1SJLuBvjdMIDIzYBxjL9iTUbinmjTuEXCbyfjfDr7utn8yT+4Tj28lAJC3mw+QdmMHAlgicqQHjD/OOSPhxL0pPWuRX+R+9gYDW4SoPAg9vH3qXe11JltaAPjaUR/oQx0ATGiDduYAX7HCEtenDX9NcQL/JA3Sgiu4cefE6o8ipxmZ6WbFXIFirDKHelUvxev0Gy0Nr/DZo6WoCmoEEIT0wWvdchr/HyV+V5QsaoUgxPELOMQnLJ1NZH++AyiANp2YYT3VoQLf9/bNCBjJNTWSXfCNQNbqj1XT6gxp6V4mCU5wwoyhsaXpVXU29MqLKpHdsVzN22l0NDuyNfmUVCZN53JHQW7Rh3kp/GAYKhHp1qyW/lWjO+Xk6TUyFB9jkloMIB5CqCHZGGcJ7dZWAeE8TyEJ/YiM2p8L1/UVLcUYQXcvUYA2msN0/QxSJToEMiymY0GjYIrrdAJWfcpIR6uULrpEQPMfhbpmr1ArwXqIPVzzUFhiuWpI2iSkgdKyKj98jr4fytPSabud+wzhBQv9otYfGoywcXQgFfRaWeUZIk7rJxPfkkpP78NfdNOPbBx2H2HzsoAmbs9o2nfS5HjrWjO9kqoFdQSCXsCWCrUiyajNc1oVj7qF4YTSVMJKcoOBSlYkRgwsjgA2MX5fvvnlCk2sB49VKlL3wNyiqpJHmoDCdRPgUEiu2Y1Tw6iAxXhsXkgJC4yJZ9pd712tCOU6PE6csgVVsCxUBM5YhLCBVAX82jWJBJvWDwZGezjjcXOJKpKYPUQADWqssACGZLtwers06mETlyItkFOBvyrVYHntYS3yj+J6eNNTq2LZXPu72t0sEOFDDHLKy4+PuGhvuCP7p63a+/m6VwF8P1//94j7CeKFxbmq5OFFBDSrxmgGQUN7gnjhD70JOZLbp0DSmEEltsSuCMc6vQgA+pjiLRo0Dzec6Obc3YFOCRnJduNpPx743HyU8i3c1zlmqqI8f/4afAOikFYtocy0sEGnmkIyeiYryDjUU1psUsJRm+yZOQ0e7y32mNL2+Sn2Yn8DZbo9Nycnm567LRUjAzrw9M/jujxQ+Nc8tmhcgeHescYRwVOLxTMeXKcrFtQ95HSnLhL8Qtv70GHusyLUTPQYOyMITddTTAqX6oceDyxa0DLQpEMxn9oRVflZWKuOOWLqqPq34ZIjNwOPdEk9BGPL4j+/0Letk/GHPsv2ZqKq7g8898QI2uAuMoWKMQXbYsQJGBwwCoSJdeAlJZ5qwsNRZ2mwzZWHEWMCyhP807+4xaBytc4Muu3vmwdcKwZYKQWzKGPkm3jq3WJAqsfp+w35ZXEf4xZXpE8uHAMAtyNintTAs6YAuCJKrJ+DM7bJNUjcTdjhm4Kk/QkWbPtRnfaUnLRD8/H8jIwXpLKzSxgV4sq1UGmr2i0QBp1RFh9yWfQY0Nu5UIQF+OU+14IXitix0u/R2Sz6jX42CXha9eXuuwPu6U2z/mNN7vu2KsNwOBItFiI31/7rqxKDZXF3e3aEGsclvxvcytzWrLTpMOson8HTSnyDHouDnLa7i1Buk82BeVGbtBBl9CyI/QMZ0CinighfiUwDZ1PENh23s3O/fXOdBm9R2a1CVucCMoLiGnumxT6C7DNqMEsl2Vm4hTfiTrxJJfkZUG6D6N4ZL8YhVsAB/ercE8BMCxuFOkXzk0dsKwmK/AE1Tth2QaxHqU9BkFK60V9jPdJ6VY0Ph3HPRLP941db6/Ta8FBDxe5qxvYLx5tMUZboD/uviDiEZF2CH3vjytzT93cz6zIA4wwYnPKqZK+uzzKT20RQZszNvnZskReVUfHAFoRC+0mOKXGewR5NFdDhXwo0LEINjTyYuAIS3iD3GywuH5+6A5faZPi6Xoy2jw1g1YAyStQSZdDHW6p3D7AxHDbqOqFxqB7HUsdOkPl5eZ9EmMJc/wBXSuRWDhHFAcZiHB/J6Fhkucigx/PkB51YHXrkvW3zcwum3nkJqdfQjAuEsn6hO4pG6NbZElaNd/DylHIL4kicq/+DoGZ7cCMVMrp+ftu89xAr5mmUVr1TZDiwJg+z7DE7Xla3Vl2i8WQINsXf0lW5HxMGyhmV8kprmyRQcZqJsgM0370jOHCvFAvuKVv/Y3Mr1A6SD0IVhbaylE6xzYEfe0QUZK9viy4jhQwf9Gz2hZl18IykYUKTa+zsxG5mL207CFGvQ2kgNoWMoe1x9dO5NcDHyi2dUWnxinE5y/4mXNJPsxrlr+YTX6x2eOn5c/8kMJGmiBRAyhMqwZh4Z3Vb+76VhMoRXz0vWBpPKdE2T5yqHCpS3Bt/xZM90fjhODmmhrxHTAtPLRzJstkbQtaPnhMF2x0T2NmidpeJ989jNN08bqyCzuYGg+Cjzf64Q=,iv:NpO32iyBdzKGLt7oS86WT7IJrpZeuHcxO0BF4ZoMI1U=,tag:INU0SbXFmQzrAA8TxKqBfA==,type:str]
PK-pem: ENC[AES256_GCM,data:nLgeHrItUVzmSALKG25H6YYxXP9JViAac2in8n4QOT9CYRAi8VlJWbRszddZdKCPboAzmWsk2pSaERHx1UBXVP9vdpPBBlM51SSgEXlVouLVUB9Yw3Yl6bvgRrIxq3/A3bM19E/gnOV78kzA1TiEOeaHQYC0JEZSMOPT8W3es4B9pZ7WN2pUH5b51qUT4yAxjjZIh4dEMaGKMhKgnTH726hYzFB9YglSppvboab9Z+OheRtus8kDJaAgD2enoNK1bPYi/mRVBlhg8UPxEduSntpW47Ro3ooFojGNQBsI8LCGH7un4rgzMsxAVSj6QnPBFQXpTKoxu9hrLihG3NvKzH2af2/WNk7T9LMt9ZQYiXNWfmVhxpWTKLBosrbzdym6x9/O+BcNsRqVzPb/jp0k4+Nozy4yZTyHXMSfis/uElXf5xpenrqx1S+vK8kYbKj/lGyFyHXlYoIKTBrxLHqsKHjBMeGkqLlL91pBlxjT8WE+fV4wgpwhEzy1ikJkZKUoXCTcIsbsOIOuOHnydLTztBSrHS8jK7QKLxJ46bbBQ0Ob349OFRFNla6q6VQGaLfXqbQImzlgBJmQgHs4a2pnoqyUAWTBFmaQsvoRA3XVsRpQlcL0CYMY5cCBg2jUkLhO6W8E6L9I5ud3J6z+7YQFfsRqnV8M6zOxa7XaEqxKb072Z38/t56f/sx8lpPDOAtg9u+ESZ2y+CexcGul50HlV+15PiCs4+MnuxhaUucR8xODAfdssAPs+KmLkovoWZmnwMPYfUZilhSpfEfbLHFgI0v248GLZygLyEO79T6MoNCrPzb0W8z8gObzgKE7RFGHs8gJeHjbZ2c2D65VpmkiWbTOAbDwQczkYoTxv+V3D83eqq8lpodBL8Fi5WCjUvyWgXWv/D1y8FL0nGUt7n1/ETi/DelKrSyYKh/x0zDucbHmStgdRtnmQfHTX/ha7EkKa8Z3oJFok0Kl+q8gggfh2IylNrAZTfcvxL482z2Yan6M0Hztux8q9xwDGivqaM+S81HcaRXJa9zGE4UAjepaOYq/Pt1tYeYDZ5IzZKYzK+0EDZp5khwDhfcZS+TckqWdgzx1OxuQpldKlKUi3u9Rw13lfu3NBukDoeZYl8EyjZVzZylqlSLb30fyVIhm6U2fLjEv4ecfg2ePtHwkMATNUKOQq/pQJPleFxVPa/ZGI3o516Kg6QjTL9jJyB7mlmT0uwa93NGB/MwshqN7FfsYokK5FgpCnA/fU9Y7UDsgu16CogTc7/6cmnLfZaqPzkiLD20pqxb3LgrwsjXwmdsn9t4azDIPZe1fzl7Y8dVCViIQwDlt3ppvC5UtfpDd8aR2PH9nUDTUOeSeSsknhuFrvTtWF79T+/iZzJDWtJ/RByk/IKoTlO2HdRNMfvw7fUTjvWqYh/r86dTGXD4lzKnF1SgHJ963/8Ks9qZJouKKn54hQY4mdfSw6gqAAL2mcW8Q4ZubNZ5cN79vn+lsrE15hY580uv/S+H/0yX7OrW7s3cZGuYhPYy3OpUwZz4V9nCBVZTYAATooYFoxf7snYG19nR4hJ9b11NZR/skpU8gAbG+na2W5FJHAsj3bbcDuXmnErzGt5STU+u1MxIUeCg8dSFQ/Q35fRCnHNiAHEEl8gbSYPwkumk7E77UM2stE1VsK9ZgsyVVlQp5XrdNtc2Z/LxHd0Vd3c43435hycZ/blD9nO7vuISzFfSPAam+WO2VvfF6Hvcr8OTch6gl2cF7KuZMvaK5LlFp2wiC9g620wB305H/nFpMJ72bUTqSvu0hHy7WbCrGw1nYmU5aVQNF42jk3mxQCPW5EPr2CeoVQFAQnFeCCMbe9LEpGKwrALE4LwYeEgHheGqNU0bumEa/vkCmo+dOhTaW25S62LwtvPIm9moya9O5p7TOrBgDhGlIorE5/J9hCGuQK9juTCWU4xdiDRqYn4ZJFSTNIl5de386kNOM7OWyEgKXwHtAhgAp76Wsmrg3IYVC4qO1RsJ4eA1kfV23tStycerC+2i3kIEHuENXFgkLa/gpXByX5w7QlazHhTZC9v/nBYVZTTEEs+TGGbXPZLpLZcUfk3X4iJEmSE3vAMvfiScxyNINGXRvpifgJj2WPfKQpjqQCEdFvLFc4t+a+wZ0HRLBjX7XTCj3CW+nWw+M73K0Ig3j7Yu24i37ZBOrHaNdR6en3ARNC+/t3RzTDrmp+ufIz5kvX7Cxwvoc7BsgnYZt/Yf2s8V26l7lh5+iXQjwc05qfxi9mwEDHNgTH1HFT7bsUsvG1QgD4qcKU+Dq9lPhIRvuyngVrWvxlGnY6svZKH9noPD+dTPuSyDtoHDvRt/oy8g=,iv:l9hEcYU+9qzjYzGJ0Wag3GT+lzXE8JDQNmY+RoxEFls=,tag:QzrJ6ykAX6tXQMf19kB68A==,type:str]
sops:
kms: []
gcp_kms: []
@@ -71,8 +92,8 @@ sops:
UGhsN2N0Mjl3UEJvUVlGRlJiN05WaUkKW37lU4G4CLTo6JoHC2OyhKsG/FuO+BiN
pzlVJwzRnmAqwklRbc6RMbQLl2EQrp6KQcgYsUxCMH9OQ/9WJ98dxQ==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-03-13T00:07:47Z"
mac: ENC[AES256_GCM,data:XnjVO3KZT2DwXpB3RY9l5BCKE+Z4Yjm20LxELcMEU1Od4Ytayl8ueet+Kgl7iBixipjwWj6PBR1u8Hb33Iio99g6W56atMeX/c3y6Cxw5KIo2y1Iki5G+cng2kadelZJn3fCcVUjTssfD+tG3BFnk5VGPdcxQPecSAc59WuPZuI=,iv:A1SVfNJ1SBPQZRunRXDL2pRnxNDXsyAGQtvNw5CsdLs=,tag:hzT1cfQYWBbxDMa6KAgn2g==,type:str]
lastmodified: "2025-03-18T02:28:46Z"
mac: ENC[AES256_GCM,data:m6QnoyNBXQG/mZapncFIFZwNp8H8S8TqPrVMqGgY3fp7kxBJpt1qn55ZgvrMO65NjVBSTC0gWOZtZD8caVttkWqfTb8r+nqMerCiby3EqqJMJjCvF8Eg9DQojXmnazoG28shZquoWp1Cb8nZeuPR7C2ChnQ4A3dG2y1qQmntSRY=,iv:aFTDi5GqIt4ruv2IPBkFjUufwYOw9xqPyFJ9kp9+HR0=,tag:haCLuk1a92NtszzfvEYiSQ==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.4

1
share/impermanence/default.nix
View File

@@ -12,7 +12,6 @@
"/var/lib/waydroid"
"/var/lib/systemd/coredump"
"/etc/NetworkManager/system-connections"
"/etc/secureboot"
{
directory = "/var/lib/colord";
user = "colord";

53
share/root-user/default.nix Normal file
View File

@@ -0,0 +1,53 @@
{ ... }:
let
shellAliases = {
ll = "ls -alh";
update-boot = "nixos-rebuild boot --max-jobs 10";
update-switch = "nixos-rebuild switch --max-jobs 10";
update-flake = "nix flake update /etc/nixos";
ducks = "du -cksh * | sort -hr | head -n 15";
};
gitAliases = {
co = "checkout";
ci = "commit";
cia = "commit --amend";
s = "status";
st = "status";
b = "branch";
p = "pull --rebase";
pu = "push";
};
in
{
home.username = "root";
home.homeDirectory = "/root";
home.stateVersion = "23.11";
programs = {
command-not-found.enable = true;
home-manager.enable = true;
zsh = {
enable = true;
enableCompletion = true;
autosuggestion.enable = true;
syntaxHighlighting.enable = true;
shellAliases = shellAliases;
oh-my-zsh = {
enable = true;
plugins = [ "git" ];
theme = "fishy";
};
};
git = {
enable = true;
userName = "mjallen18";
userEmail = "matt.l.jallen@gmail.com";
aliases = gitAliases;
};
};
}