diff --git a/flake.nix b/flake.nix index 154e135..c83f22e 100755 --- a/flake.nix +++ b/flake.nix @@ -122,12 +122,23 @@ { home-manager.useGlobalPkgs = true; home-manager.useUserPackages = true; - home-manager.users.matt = { pkgs, ...}: { - imports = [ - ./hosts/desktop/home.nix - steam-rom-manager.homeManagerModules.default - ]; - }; + home-manager.users.matt = + { ... }: + { + imports = [ + ./hosts/desktop/home.nix + steam-rom-manager.homeManagerModules.default + sops-nix.homeManagerModules.sops + ]; + }; + home-manager.users.root = + { ... }: + { + imports = [ + ./share/root-user + sops-nix.homeManagerModules.sops + ]; + }; home-manager.backupFileExtension = "backup"; } @@ -156,7 +167,22 @@ { home-manager.useGlobalPkgs = false; home-manager.useUserPackages = true; - home-manager.users.admin = import ./hosts/nas/home.nix; + home-manager.users.admin = + { ... }: + { + imports = [ + ./hosts/nas/home.nix + sops-nix.homeManagerModules.sops + ]; + }; + home-manager.users.root = + { ... }: + { + imports = [ + ./share/root-user + sops-nix.homeManagerModules.sops + ]; + }; home-manager.backupFileExtension = "backup"; } @@ -167,10 +193,12 @@ crowdsec.nixosModules.crowdsec crowdsec.nixosModules.crowdsec-firewall-bouncer - ({ ... }: - { - nixpkgs.overlays = [ crowdsec.overlays.default ]; - }) + ( + { ... }: + { + nixpkgs.overlays = [ crowdsec.overlays.default ]; + } + ) nixos-hardware.nixosModules.common-pc nixos-hardware.nixosModules.common-cpu-amd @@ -225,12 +253,14 @@ { home-manager.useGlobalPkgs = true; home-manager.useUserPackages = true; - home-manager.users.deck = { pkgs, ...}: { - imports = [ - ./hosts/deck/home.nix - steam-rom-manager.homeManagerModules.default - ]; - }; + home-manager.users.deck = + { ... }: + { + imports = [ + ./hosts/deck/home.nix + steam-rom-manager.homeManagerModules.default + ]; + }; home-manager.backupFileExtension = "backup"; } @@ -279,117 +309,125 @@ ]; }; }; - + # Improved build-all app - apps.x86_64-linux.build-all = let - pkgs = nixpkgs-unstable.legacyPackages.x86_64-linux; - in { - type = "app"; - program = toString (pkgs.writeShellScript "build-all" '' - #!/usr/bin/env bash - set -euo pipefail - - # Get the list of system names directly from flake.nix - # This avoids JSON serialization issues - systems=($(grep -o '"[^"]*"[[:space:]]*=' flake.nix | grep -v '_\|#\|"\.\|\*' | sed 's/"//g' | sed 's/=//g' | xargs)) - - echo "Found systems: ''${systems[@]}" - echo "Building all compatible systems..." - - # Track success/failure - success=() - failure=() - - for system in "''${systems[@]}"; do - echo "Attempting to build $system..." - - # Detect system type without JSON evaluation - if nix eval --raw ".#nixosConfigurations.$system.pkgs.stdenv.hostPlatform.system" 2>/dev/null; then - system_type=$(nix eval --raw ".#nixosConfigurations.$system.pkgs.stdenv.hostPlatform.system" 2>/dev/null || echo "unknown") - - # Only build if we're on the same system type or can cross-compile - if [ "$system_type" = "x86_64-linux" ]; then - echo "Building $system (x86_64-linux)..." - if nix build ".#nixosConfigurations.$system.config.system.build.toplevel" --out-link "./result-$system" --no-link; then - echo "✅ Successfully built $system" + apps.x86_64-linux.build-all = + let + pkgs = nixpkgs-unstable.legacyPackages.x86_64-linux; + in + { + type = "app"; + program = toString ( + pkgs.writeShellScript "build-all" '' + #!/usr/bin/env bash + set -euo pipefail + + # Get the list of system names directly from flake.nix + # This avoids JSON serialization issues + systems=($(grep -o '"[^"]*"[[:space:]]*=' flake.nix | grep -v '_\|#\|"\.\|\*' | sed 's/"//g' | sed 's/=//g' | xargs)) + + echo "Found systems: ''${systems[@]}" + echo "Building all compatible systems..." + + # Track success/failure + success=() + failure=() + + for system in "''${systems[@]}"; do + echo "Attempting to build $system..." + + # Detect system type without JSON evaluation + if nix eval --raw ".#nixosConfigurations.$system.pkgs.stdenv.hostPlatform.system" 2>/dev/null; then + system_type=$(nix eval --raw ".#nixosConfigurations.$system.pkgs.stdenv.hostPlatform.system" 2>/dev/null || echo "unknown") - # Copy to the binary cache - echo "Copying $system to binary cache..." - nix copy --to "https://cache.mjallen.dev?secret-key=/etc/nix/cache-priv-key.pem" ".#nixosConfigurations.$system.config.system.build.toplevel" - success+=("$system") + # Only build if we're on the same system type or can cross-compile + if [ "$system_type" = "x86_64-linux" ]; then + echo "Building $system (x86_64-linux)..." + if nix build ".#nixosConfigurations.$system.config.system.build.toplevel" --out-link "./result-$system" --no-link; then + echo "✅ Successfully built $system" + + # Copy to the binary cache + echo "Copying $system to binary cache..." + nix copy --to "https://cache.mjallen.dev?secret-key=/etc/nix/cache-priv-key.pem" ".#nixosConfigurations.$system.config.system.build.toplevel" + success+=("$system") + else + echo "❌ Failed to build $system" + failure+=("$system") + fi + elif [ "$system_type" = "aarch64-linux" ] && command -v qemu-aarch64-static >/dev/null 2>&1; then + echo "Cross-building $system (aarch64-linux)..." + if nix build ".#nixosConfigurations.$system.config.system.build.toplevel" --system aarch64-linux --out-link "./result-$system" --no-link; then + echo "✅ Successfully built $system" + nix copy --to "https://cache.mjallen.dev?secret-key=/etc/nix/cache-priv-key.pem" ".#nixosConfigurations.$system.config.system.build.toplevel" + success+=("$system") + else + echo "❌ Failed to build $system" + failure+=("$system") + fi + else + echo "⚠️ Skipping $system ($system_type) - incompatible with this host" + failure+=("$system (incompatible)") + fi + elif nix eval --raw ".#darwinConfigurations.$system.system" 2>/dev/null; then + echo "Found Darwin system $system, attempting to build packages..." + if nix build ".#darwinConfigurations.$system.system" --out-link "./result-darwin-$system" --no-link; then + echo "✅ Successfully built $system packages" + nix copy --to "https://cache.mjallen.dev?secret-key=/etc/nix/cache-priv-key.pem" ".#darwinConfigurations.$system.system" + success+=("$system (darwin)") + else + echo "❌ Failed to build $system packages" + failure+=("$system (darwin)") + fi else - echo "❌ Failed to build $system" - failure+=("$system") + echo "⚠️ Skipping $system - could not determine system type" + failure+=("$system (unknown)") fi - elif [ "$system_type" = "aarch64-linux" ] && command -v qemu-aarch64-static >/dev/null 2>&1; then - echo "Cross-building $system (aarch64-linux)..." - if nix build ".#nixosConfigurations.$system.config.system.build.toplevel" --system aarch64-linux --out-link "./result-$system" --no-link; then - echo "✅ Successfully built $system" - nix copy --to "https://cache.mjallen.dev?secret-key=/etc/nix/cache-priv-key.pem" ".#nixosConfigurations.$system.config.system.build.toplevel" - success+=("$system") - else - echo "❌ Failed to build $system" - failure+=("$system") - fi - else - echo "⚠️ Skipping $system ($system_type) - incompatible with this host" - failure+=("$system (incompatible)") + done + + # Summary + echo "" + echo "===== Build Summary =====" + echo "✅ Successfully built: ''${success[*]:-none}" + echo "❌ Failed to build: ''${failure[*]:-none}" + + # Return error code if any builds failed + if [ ''${#failure[@]} -gt 0 ]; then + exit 1 fi - elif nix eval --raw ".#darwinConfigurations.$system.system" 2>/dev/null; then - echo "Found Darwin system $system, attempting to build packages..." - if nix build ".#darwinConfigurations.$system.system" --out-link "./result-darwin-$system" --no-link; then - echo "✅ Successfully built $system packages" - nix copy --to "https://cache.mjallen.dev?secret-key=/etc/nix/cache-priv-key.pem" ".#darwinConfigurations.$system.system" - success+=("$system (darwin)") - else - echo "❌ Failed to build $system packages" - failure+=("$system (darwin)") - fi - else - echo "⚠️ Skipping $system - could not determine system type" - failure+=("$system (unknown)") - fi - done - - # Summary - echo "" - echo "===== Build Summary =====" - echo "✅ Successfully built: ''${success[*]:-none}" - echo "❌ Failed to build: ''${failure[*]:-none}" - - # Return error code if any builds failed - if [ ''${#failure[@]} -gt 0 ]; then - exit 1 - fi - ''); - }; - + '' + ); + }; + # You could also provide a separate script that only lists systems - apps.x86_64-linux.list-systems = let - pkgs = nixpkgs-unstable.legacyPackages.x86_64-linux; - in { - type = "app"; - program = toString (pkgs.writeShellScript "list-systems" '' - #!/usr/bin/env bash - set -euo pipefail - - # Get systems from flake.nix - systems=($(grep -o '"[^"]*"[[:space:]]*=' flake.nix | grep -v '_\|#\|"\.\|\*' | sed 's/"//g' | sed 's/=//g' | xargs)) - - echo "Found systems in flake.nix:" - for system in "''${systems[@]}"; do - # Try to determine if it's a NixOS or Darwin system - if nix eval --raw ".#nixosConfigurations.$system.pkgs.stdenv.hostPlatform.system" 2>/dev/null; then - system_type=$(nix eval --raw ".#nixosConfigurations.$system.pkgs.stdenv.hostPlatform.system" 2>/dev/null) - echo " - $system (NixOS, $system_type)" - elif nix eval --raw ".#darwinConfigurations.$system.system" 2>/dev/null; then - echo " - $system (Darwin)" - else - echo " - $system (unknown type)" - fi - done - ''); - }; + apps.x86_64-linux.list-systems = + let + pkgs = nixpkgs-unstable.legacyPackages.x86_64-linux; + in + { + type = "app"; + program = toString ( + pkgs.writeShellScript "list-systems" '' + #!/usr/bin/env bash + set -euo pipefail + + # Get systems from flake.nix + systems=($(grep -o '"[^"]*"[[:space:]]*=' flake.nix | grep -v '_\|#\|"\.\|\*' | sed 's/"//g' | sed 's/=//g' | xargs)) + + echo "Found systems in flake.nix:" + for system in "''${systems[@]}"; do + # Try to determine if it's a NixOS or Darwin system + if nix eval --raw ".#nixosConfigurations.$system.pkgs.stdenv.hostPlatform.system" 2>/dev/null; then + system_type=$(nix eval --raw ".#nixosConfigurations.$system.pkgs.stdenv.hostPlatform.system" 2>/dev/null) + echo " - $system (NixOS, $system_type)" + elif nix eval --raw ".#darwinConfigurations.$system.system" 2>/dev/null; then + echo " - $system (Darwin)" + else + echo " - $system (unknown type)" + fi + done + '' + ); + }; # Expose the package set, including overlays, for convenience. darwinPackages = self.darwinConfigurations."MacBook-Pro".pkgs; diff --git a/hosts/default.nix b/hosts/default.nix index 3e1b598..9d67503 100755 --- a/hosts/default.nix +++ b/hosts/default.nix @@ -22,6 +22,7 @@ in "nix-command" "flakes" ]; + trusted-users = [ "@wheel" ]; }; # Garbage collect automatically every week @@ -66,10 +67,6 @@ in pulse.enable = lib.mkDefault true; }; - # Disable pulse audio in favor of pipewire - # pulseaudio.enable = lib.mkForce false; - - # Enable Avahi for .local hostname resolution avahi = { enable = lib.mkDefault true; @@ -105,8 +102,6 @@ in zsh.enable = lib.mkDefault true; gnupg.agent = { enable = lib.mkDefault true; - # pinentryPackage = pkgs.pinentry-curses; - # pinentryPackage = lib.mkForce pkgs.pinentry-qt; enableSSHSupport = lib.mkDefault true; }; }; diff --git a/hosts/desktop/boot.nix b/hosts/desktop/boot.nix index 75f087c..5661617 100755 --- a/hosts/desktop/boot.nix +++ b/hosts/desktop/boot.nix @@ -1,7 +1,7 @@ -{ lib, pkgs, ... }: +{ pkgs, ... }: let configLimit = 5; - default = "@saved"; + # default = "@saved"; kernel = pkgs.linuxPackages_cachyos; in { diff --git a/hosts/desktop/configuration.nix b/hosts/desktop/configuration.nix index b5b04b4..cf5f810 100755 --- a/hosts/desktop/configuration.nix +++ b/hosts/desktop/configuration.nix @@ -12,100 +12,19 @@ let user = "matt"; passwordFile = config.sops.secrets."desktop/matt_password".path; - hostname = "matt-nixos"; - - fixWifiScript = pkgs.writeScriptBin "fix-wifi" '' - #!/usr/bin/env python3 - - import subprocess - import socket - import logging - from typing import List, Optional - - def check_internet_connection(hosts_to_check: Optional[List[str]] = None) -> bool: - """ - Check internet connectivity by attempting to connect to reliable hosts. - - :param hosts_to_check: Optional list of hosts to check. - :return: Boolean indicating if internet connection is available - """ - if hosts_to_check is None: - hosts_to_check = [ - "8.8.8.8", # Google DNS - "1.1.1.1", # Cloudflare DNS - "9.9.9.9" # Quad9 DNS - ] - - for host in hosts_to_check: - try: - # Create a socket connection with a 5-second timeout - socket.create_connection((host, 53), timeout=5) - return True - except (socket.error, socket.timeout): - continue - - return False - - def reset_wifi_card() -> bool: - """ - Execute WiFi card reset commands. - - :return: Boolean indicating if reset commands were successful - """ - reset_commands = [ - "echo 1 | sudo -u root tee /sys/bus/pci/devices/0000:09:00.0/reset", - "sudo rmmod iwlwifi", - "sudo modprobe iwlwifi" - ] - - try: - for command in reset_commands: - result = subprocess.run( - command, - shell=True, - check=True, - stdout=subprocess.PIPE, - stderr=subprocess.PIPE, - text=True - ) - print(f"Executed: {command}") - print(f"Output: {result.stdout}") - return True - except subprocess.CalledProcessError as e: - print(f"Error resetting WiFi: {e}") - print(f"Error output: {e.stderr}") - return False - - def main(): - """ - Check internet connection and reset WiFi if not connected. - """ - if not check_internet_connection(): - print("No internet connection detected. Attempting WiFi reset...") - reset_wifi_card() - else: - print("Internet connection is stable. No reset needed.") - - if __name__ == "__main__": - main() - ''; in { imports = [ - # Include the results of the hardware scan. - ../../modules/apps/discover-wrapped - ./hardware-configuration.nix ./boot.nix ./filesystems.nix + ./hardware-configuration.nix + ./networking.nix + ./services.nix ./sops.nix ../default.nix ../../share/amd - # specialisations - # ./cosmic - # ./hyprland ]; - apps.discover-wrapped.enable = lib.mkDefault false; chaotic.mesa-git.enable = true; # Enable nix flakes and nix-command tools @@ -125,99 +44,10 @@ in "nix-command" "flakes" ]; - trusted-users = lib.mkDefault [ - "root" - user - ]; + trusted-users = [ user ]; }; }; - services = { - # Enable Desktop Environment. - xserver = { - desktopManager.gnome.enable = true; - # Enable Desktop Environment. - displayManager = { - gdm.enable = lib.mkForce true; - gdm.wayland = lib.mkForce true; - }; - }; - - # Enable Flatpak - flatpak.enable = lib.mkDefault false; - - # enable auto discovery of printers - avahi = { - enable = lib.mkDefault true; - nssmdns4 = lib.mkDefault true; - openFirewall = lib.mkDefault true; - }; - - restic.backups = { - jallen-nas = { - initialize = true; - createWrapper = true; - inhibitsSleep = true; - environmentFile = config.sops.templates."restic.env".path; - passwordFile = config.sops.secrets."desktop/restic/password".path; - repository = "rest:http://admin:BogieDudie1@10.0.1.18:8008"; - paths = [ - "/home/matt" - ]; - exclude = [ - "/home/matt/Games" - "/home/matt/1TB" - "/home/matt/Downloads" - "/home/matt/Nextcloud" - "/home/matt/.cache" - "/home/matt/.local/share/Steam" - "/home/matt/.var/app/com.valvesoftware.Steam" - "/home/matt/.tmp" - "/home/matt/.thumbnails" - "/home/matt/.compose-cache" - ]; - }; - proton-drive = { - initialize = true; - createWrapper = true; - inhibitsSleep = true; - passwordFile = config.sops.secrets."desktop/restic/password".path; - rcloneConfigFile = "/home/matt/.config/rclone/rclone.conf"; - repository = "rclone:proton-drive:backup-nix"; - paths = [ - "/home/matt" - ]; - exclude = [ - "/home/matt/Games" - "/home/matt/1TB" - "/home/matt/Downloads" - "/home/matt/Nextcloud" - "/home/matt/.cache" - "/home/matt/.local/share/Steam" - "/home/matt/.var/app/com.valvesoftware.Steam" - "/home/matt/.tmp" - "/home/matt/.thumbnails" - "/home/matt/.compose-cache" - ]; - }; - }; - - btrfs = { - autoScrub.enable = lib.mkDefault true; - autoScrub.fileSystems = lib.mkDefault [ - "/nix" - "/root" - "/etc" - "/var/log" - "/home" - ]; - }; - - ratbagd.enable = lib.mkDefault true; - }; - - # xdg.portal.extraPortals = [ pkgs.xdg-desktop-portal-kde ]; - share.hardware.amd = { enable = lib.mkDefault true; lact.enable = lib.mkDefault true; @@ -225,62 +55,6 @@ in share.gaming.enable = true; - systemd = { - services = { - fix-wifi = { - enable = lib.mkDefault true; - path = [ - pkgs.bash - pkgs.python3 - pkgs.networkmanager - pkgs.kmod - fixWifiScript - ]; - wantedBy = [ "multi-user.target" ]; - after = [ "network.target" ]; - serviceConfig = { - Type = "oneshot"; - ExecStart = [ "${fixWifiScript}/bin/fix-wifi" ]; - }; - }; - }; - - user.services = { - rclone-home-proton = { - enable = lib.mkDefault false; - path = [ - pkgs.bash - pkgs.rclone - ]; - script = '' - rclone sync /home/matt proton-drive:backup-nix --exclude '/home/matt/Games/**' --exclude '/home/matt/1TB/**' --exclude '/home/matt/Downloads/**' - ''; - }; - - rsync-home = { - enable = lib.mkDefault false; - path = [ - pkgs.bash - pkgs.rsync - pkgs.openssh - ]; - script = '' - rsync -rtpogvPlHzs --ignore-existing --exclude={'/home/matt/Games', '/home/matt/1TB', '/home/matt/Downloads/*', '/home/matt/.cache'} -e ssh /home/matt admin@10.0.1.18:/media/nas/main/backup/desktop-nix/home - ''; - }; - }; - }; - - # Networking configs - networking = { - hostName = hostname; - - # Enable Network Manager - networkmanager.enable = lib.mkDefault true; - networkmanager.wifi.powersave = lib.mkDefault false; - networkmanager.settings.connectivity.uri = lib.mkDefault "http://nmcheck.gnome.org/check_network_status.txt"; - }; - # Time config time = { hardwareClockInLocalTime = lib.mkDefault false; @@ -289,11 +63,9 @@ in virtualisation.libvirtd.enable = lib.mkDefault true; virtualisation.waydroid.enable = lib.mkDefault true; - programs.gamemode.enable = lib.mkDefault true; - - - programs.coolercontrol = { - enable = true; + programs = { + gamemode.enable = true; + coolercontrol.enable = true; }; # Configure environment @@ -311,7 +83,6 @@ in clinfo direnv efibootmgr - fixWifiScript gparted grsync kmod @@ -341,11 +112,9 @@ in vulkan-tools wget winetricks - # native wayland support (unstable) - wineWowPackages.waylandFull ]; - etc."lact/config.yaml".text = '' + etc."lact/config.yaml".text = '' daemon: log_level: info admin_groups: @@ -375,17 +144,22 @@ in performance_level: auto voltage_offset: 0 power_states: {} - ''; + ''; variables = { STEAM_FORCE_DESKTOPUI_SCALING = "1.0"; GDK_SCALE = "1"; + EDITOR = "code --wait"; + VISUAL = "code --wait"; }; }; # Configure nixpkgs nixpkgs = { - overlays = [ outputs.overlays.nixpkgs-unstable outputs.overlays.nixpkgs-stable ]; + overlays = [ + outputs.overlays.nixpkgs-unstable + outputs.overlays.nixpkgs-stable + ]; config.permittedInsecurePackages = [ # ... ]; diff --git a/hosts/desktop/home.nix b/hosts/desktop/home.nix index b6e573a..0ef7030 100755 --- a/hosts/desktop/home.nix +++ b/hosts/desktop/home.nix @@ -26,12 +26,29 @@ in home.username = "matt"; home.homeDirectory = "/home/matt"; home.stateVersion = "23.11"; - programs.home-manager.enable = true; + + sops = { + age.keyFile = "/home/matt/.config/sops/age/keys.txt"; + defaultSopsFile = "/etc/nixos/secrets/secrets.yaml"; + validateSopsFiles = false; + secrets = { + "ssh-keys-public/desktop-nixos" = { + path = "/home/matt/.ssh/id_ed25519.pub"; + mode = "0644"; + }; + "ssh-keys-private/desktop-nixos" = { + path = "/home/matt/.ssh/id_ed25519"; + mode = "0600"; + }; + }; + }; programs = { fish.enable = false; mangohud.enable = true; java.enable = true; + command-not-found.enable = true; + home-manager.enable = true; zsh = { enable = true; @@ -56,6 +73,7 @@ in "privacy.clearOnShutdown.downloads" = false; # Disable clearing downloads on shutdown "privacy.clearOnShutdown.cache" = false; # Disable clearing cache on shutdown "privacy.clearOnShutdown.cookiesAndStorage" = false; # Disable clearing cookies and storage on shutdown + "privacy.clearOnShutdown.cookies" = false; # Disable clearing cookies on shutdown "privacy.clearOnShutdown_v2.cache" = false; # Disable clearing cache on shutdown "privacy.clearOnShutdown_v2.cookiesAndStorage" = false; # Disable clearing cookies and storage on shutdown "privacy.clearOnShutdown.formdata" = false; # Disable clearing form data on shutdown @@ -63,6 +81,7 @@ in "privacy.clearHistory.cache" = false; # Disable clearing cache on history clear "privacy.clearHistory.cookiesAndStorage" = false; # Disable clearing cookies on history clear "privacy.clearHistory.historyFormDataAndDownloads" = false; # Disable clearing history, form data, and downloads on history clear + "privacy.clearHistory.browsingHistoryAndDownloads" = false; # Disable clearing browsing history and downloads on history clear "privacy.clearSiteData.cache" = false; # Disable clearing cache on site data clear "privacy.clearSiteData.cookiesAndStorage" = false; # Disable clearing cookies on site data clear "services.sync.prefs.sync.privacy.clearOnShutdown.cache" = true; # Enable syncing cache clear on shutdown @@ -78,44 +97,44 @@ in "services.sync.prefs.sync.privacy.clearOnShutdown_v2.downloads" = true; # Enable syncing downloads clear on shutdown "services.sync.prefs.sync.privacy.clearOnShutdown_v2.historyFormDataAndDownloads" = true; # Enable syncing form data clear on shutdown "services.sync.prefs.sync.privacy.clearOnShutdown_v2.siteSettings" = true; # Enable syncing site settings clear on shutdown + "browser.newtabpage.activity-stream.feeds.topsites" = true; # Enable top sites on new tab page + "browser.newtabpage.activity-stream.topSitesRows" = 3; # Set number of rows for top sites on new tab page + }; + }; + + git = { + enable = true; + userName = "mjallen18"; + userEmail = "matt.l.jallen@gmail.com"; + aliases = gitAliases; + }; + + steam-rom-manager = { + enable = true; + steamUsername = "matt"; + + environmentVariables = { + romsDirectory = "/home/matt/Games/roms"; + steamDirectory = "/home/matt/.local/share/Steam"; + }; + + emulators = { + ryujinx = { + enable = true; + }; + pcsx2 = { + enable = true; + }; + "Non-SRM Shortcuts" = { + enable = true; + parserType = "Non-SRM Shortcuts"; + extraArgs = ""; + }; + # Add other emulators as needed }; }; }; - programs.git = { - enable = true; - userName = "mjallen18"; - userEmail = "matt.l.jallen@gmail.com"; - aliases = gitAliases; - }; - - programs.steam-rom-manager = { - enable = true; - steamUsername = "matt"; - - environmentVariables = { - romsDirectory = "/home/matt/Games/roms"; - steamDirectory = "/home/matt/.local/share/Steam"; - }; - - emulators = { - ryujinx = { - enable = true; - }; - pcsx2 = { - enable = true; - }; - "Non-SRM Shortcuts" = { - enable = true; - parserType = "Non-SRM Shortcuts"; - extraArgs = ""; - }; - # Add other emulators as needed - }; - }; - - programs.command-not-found.enable = true; - home.packages = with pkgs; [ age apple-cursor diff --git a/hosts/desktop/networking.nix b/hosts/desktop/networking.nix new file mode 100644 index 0000000..e77e01a --- /dev/null +++ b/hosts/desktop/networking.nix @@ -0,0 +1,15 @@ +{ lib, ... }: +let + hostname = "matt-nixos"; +in +{ + # Networking configs + networking = { + hostName = hostname; + + # Enable Network Manager + networkmanager.enable = lib.mkDefault true; + networkmanager.wifi.powersave = lib.mkDefault false; + networkmanager.settings.connectivity.uri = lib.mkDefault "http://nmcheck.gnome.org/check_network_status.txt"; + }; +} \ No newline at end of file diff --git a/hosts/desktop/services.nix b/hosts/desktop/services.nix new file mode 100644 index 0000000..9826ba2 --- /dev/null +++ b/hosts/desktop/services.nix @@ -0,0 +1,209 @@ +{ config, lib, pkgs, ... }: +let + fixWifiScript = pkgs.writeScriptBin "fix-wifi" '' + #!/usr/bin/env python3 + + import subprocess + import socket + import logging + from typing import List, Optional + + def check_internet_connection(hosts_to_check: Optional[List[str]] = None) -> bool: + """ + Check internet connectivity by attempting to connect to reliable hosts. + + :param hosts_to_check: Optional list of hosts to check. + :return: Boolean indicating if internet connection is available + """ + if hosts_to_check is None: + hosts_to_check = [ + "8.8.8.8", # Google DNS + "1.1.1.1", # Cloudflare DNS + "9.9.9.9" # Quad9 DNS + ] + + for host in hosts_to_check: + try: + # Create a socket connection with a 5-second timeout + socket.create_connection((host, 53), timeout=5) + return True + except (socket.error, socket.timeout): + continue + + return False + + def reset_wifi_card() -> bool: + """ + Execute WiFi card reset commands. + + :return: Boolean indicating if reset commands were successful + """ + reset_commands = [ + "echo 1 | sudo -u root tee /sys/bus/pci/devices/0000:09:00.0/reset", + "sudo rmmod iwlwifi", + "sudo modprobe iwlwifi" + ] + + try: + for command in reset_commands: + result = subprocess.run( + command, + shell=True, + check=True, + stdout=subprocess.PIPE, + stderr=subprocess.PIPE, + text=True + ) + print(f"Executed: {command}") + print(f"Output: {result.stdout}") + return True + except subprocess.CalledProcessError as e: + print(f"Error resetting WiFi: {e}") + print(f"Error output: {e.stderr}") + return False + + def main(): + """ + Check internet connection and reset WiFi if not connected. + """ + if not check_internet_connection(): + print("No internet connection detected. Attempting WiFi reset...") + reset_wifi_card() + else: + print("Internet connection is stable. No reset needed.") + + if __name__ == "__main__": + main() + ''; +in +{ + services = { + # Enable Desktop Environment. + xserver = { + desktopManager.gnome.enable = true; + # Enable Desktop Environment. + displayManager = { + gdm.enable = lib.mkForce true; + gdm.wayland = lib.mkForce true; + }; + }; + + # Enable Flatpak + flatpak.enable = lib.mkDefault false; + + # enable auto discovery of printers + avahi = { + enable = lib.mkDefault true; + nssmdns4 = lib.mkDefault true; + openFirewall = lib.mkDefault true; + }; + + restic.backups = { + jallen-nas = { + initialize = true; + createWrapper = true; + inhibitsSleep = true; + environmentFile = config.sops.templates."restic.env".path; + passwordFile = config.sops.secrets."desktop/restic/password".path; + repository = "rest:http://admin:BogieDudie1@10.0.1.18:8008"; + paths = [ + "/home/matt" + ]; + exclude = [ + "/home/matt/Games" + "/home/matt/1TB" + "/home/matt/Downloads" + "/home/matt/Nextcloud" + "/home/matt/.cache" + "/home/matt/.local/share/Steam" + "/home/matt/.var/app/com.valvesoftware.Steam" + "/home/matt/.tmp" + "/home/matt/.thumbnails" + "/home/matt/.compose-cache" + ]; + }; + proton-drive = { + initialize = true; + createWrapper = true; + inhibitsSleep = true; + passwordFile = config.sops.secrets."desktop/restic/password".path; + rcloneConfigFile = "/home/matt/.config/rclone/rclone.conf"; + repository = "rclone:proton-drive:backup-nix"; + paths = [ + "/home/matt" + ]; + exclude = [ + "/home/matt/Games" + "/home/matt/1TB" + "/home/matt/Downloads" + "/home/matt/Nextcloud" + "/home/matt/.cache" + "/home/matt/.local/share/Steam" + "/home/matt/.var/app/com.valvesoftware.Steam" + "/home/matt/.tmp" + "/home/matt/.thumbnails" + "/home/matt/.compose-cache" + ]; + }; + }; + + btrfs = { + autoScrub.enable = lib.mkDefault true; + autoScrub.fileSystems = lib.mkDefault [ + "/nix" + "/root" + "/etc" + "/var/log" + "/home" + ]; + }; + + ratbagd.enable = lib.mkDefault true; + }; + + systemd = { + services = { + fix-wifi = { + enable = lib.mkDefault true; + path = [ + pkgs.bash + pkgs.python3 + pkgs.networkmanager + pkgs.kmod + fixWifiScript + ]; + wantedBy = [ "multi-user.target" ]; + after = [ "network.target" ]; + serviceConfig = { + Type = "oneshot"; + ExecStart = [ "${fixWifiScript}/bin/fix-wifi" ]; + }; + }; + }; + + user.services = { + rclone-home-proton = { + enable = lib.mkDefault false; + path = [ + pkgs.bash + pkgs.rclone + ]; + script = '' + rclone sync /home/matt proton-drive:backup-nix --exclude '/home/matt/Games/**' --exclude '/home/matt/1TB/**' --exclude '/home/matt/Downloads/**' + ''; + }; + + rsync-home = { + enable = lib.mkDefault false; + path = [ + pkgs.bash + pkgs.rsync + pkgs.openssh + ]; + script = '' + rsync -rtpogvPlHzs --ignore-existing --exclude={'/home/matt/Games', '/home/matt/1TB', '/home/matt/Downloads/*', '/home/matt/.cache'} -e ssh /home/matt admin@10.0.1.18:/media/nas/main/backup/desktop-nix/home + ''; + }; + }; + }; +} \ No newline at end of file diff --git a/hosts/desktop/sops.nix b/hosts/desktop/sops.nix index 9ec11e7..930fe35 100755 --- a/hosts/desktop/sops.nix +++ b/hosts/desktop/sops.nix @@ -17,4 +17,57 @@ ''; sops.secrets."wifi" = { }; + + sops.secrets."ssh-keys-public/desktop-nixos" = { + mode = "0644"; + }; + + sops.secrets."ssh-keys-private/desktop-nixos" = { + mode = "0600"; + }; + + sops.secrets."ssh-keys-public/desktop-nixos-root" = { + path = "/root/.ssh/id_ed25519.pub"; + mode = "0600"; + }; + + sops.secrets."ssh-keys-private/desktop-nixos-root" = { + path = "/root/.ssh/id_ed25519"; + mode = "0600"; + }; + + sops.secrets."secureboot/GUID" = { + path = "/etc/secureboot/GUID"; + mode = "0600"; + }; + + sops.secrets."secureboot/keys/db-key" = { + path = "/etc/secureboot/keys/db/db.key"; + mode = "0600"; + }; + + sops.secrets."secureboot/keys/db-pem" = { + path = "/etc/secureboot/keys/db/db.pem"; + mode = "0600"; + }; + + sops.secrets."secureboot/keys/KEK-key" = { + path = "/etc/secureboot/keys/KEK/KEK.key"; + mode = "0600"; + }; + + sops.secrets."secureboot/keys/KEK-pem" = { + path = "/etc/secureboot/keys/KEK/KEK.pem"; + mode = "0600"; + }; + + sops.secrets."secureboot/keys/PK-key" = { + path = "/etc/secureboot/keys/PK/PK.key"; + mode = "0600"; + }; + + sops.secrets."secureboot/keys/PK-pem" = { + path = "/etc/secureboot/keys/PK/PK.pem"; + mode = "0600"; + }; } diff --git a/hosts/nas/apps/nextcloud/default.nix b/hosts/nas/apps/nextcloud/default.nix index 99eca99..b462668 100755 --- a/hosts/nas/apps/nextcloud/default.nix +++ b/hosts/nas/apps/nextcloud/default.nix @@ -1,7 +1,7 @@ { config, pkgs, ... }: let adminpass = config.sops.secrets."jallen-nas/nextcloud/adminpassword".path; - smtppassword = config.sops.templates."nextcloud-smtp".content; + smtppassword = builtins.readFile config.sops.secrets."jallen-nas/nextcloud/smtppassword".path; nextcloudUserId = config.users.users.nix-apps.uid; nextcloudGroupId = config.users.groups.jallen-nas.gid; nextcloudPackage = pkgs.unstable.nextcloud30; diff --git a/hosts/nas/configuration.nix b/hosts/nas/configuration.nix index a507137..731fecc 100755 --- a/hosts/nas/configuration.nix +++ b/hosts/nas/configuration.nix @@ -3,15 +3,9 @@ # https://search.nixos.org/options and in the NixOS manual (`nixos-help`). { - outputs, - config, pkgs, ... }: -let - user = "admin"; - passwordFile = config.sops.secrets."jallen-nas/admin_password".path; -in { imports = [ # Include the results of the hardware scan. @@ -21,45 +15,15 @@ in ./apps.nix ./grafana.nix ./networking.nix + ./nixpkgs.nix ./ups.nix + ./users.nix ./samba.nix ./services.nix ./sops.nix ../default.nix ]; - nix.settings.experimental-features = [ - "nix-command" - "flakes" - ]; - - # enable cuda support - nixpkgs.config.cudaSupport = true; - nixpkgs.config.allowUnfreePredicate = - p: - builtins.all ( - license: - license.free - || builtins.elem license.shortName [ - "CUDA EULA" - "cuDNN EULA" - "cuTENSOR EULA" - "NVidia OptiX EULA" - ] - ) (if builtins.isList p.meta.license then p.meta.license else [ p.meta.license ]); - - # Cockpit - services.cockpit = { - enable = false; - port = 9090; - settings = { - WebService = { - AllowUnencrypted = true; - }; - }; - }; - - nix.settings.trusted-users = [ "@wheel" ]; powerManagement.cpuFreqGovernor = "powersave"; share.hardware.nvidia = { @@ -86,14 +50,9 @@ in hdd5 UUID=2b4be219-613d-4512-8277-0260989d5377 none tpm2-device=auto ''; - etc.machine-id.source = ./machine-id; - - # List packages installed in system profile. To search, run: - # $ nix search wget - - sessionVariables = { - CACHIX_AGENT_TOKEN = "eyJhbGciOiJIUzI1NiJ9.eyJqdGkiOiJkYmNkZWNjYi04ZTI4LTQwOTAtYWIxOC02MTU5OTYwZTgxMTAiLCJzY29wZXMiOiJjYWNoZSJ9.G-9wCfKc3d8ld_zDJNjTxNWlkS3_yojI-6gaRpUT-i0"; - }; + etc.machine-id.text = '' + 57cdf5fc27f3469f80d0a339f1238aeb + ''; systemPackages = with pkgs; [ authentik @@ -158,115 +117,6 @@ in }; }; - # Configure nixpkgs - nixpkgs = { - overlays = [ - outputs.overlays.nixpkgs-unstable - outputs.overlays.nixpkgs-stable - ]; - - config = { - # Enable non free - allowUnfree = true; - - permittedInsecurePackages = [ - # ... - "authentik-2024.6.4" # todo: remove these - "python3.12-authentik-django-2024.6.4" - "authentik-webui-2024.6.4" - "authentik-client-api-2024.6.4" - "authentik-website-2024.6.4" - "authentik-proxy-2024.6.4" - "aspnetcore-runtime-6.0.36" - "aspnetcore-runtime-wrapped-6.0.36" - "dotnet-sdk-6.0.428" - "dotnet-sdk-wrapped-6.0.428" - ]; - }; - }; - - # Define a user account. Don't forget to set a password with ‘passwd’. - users = { - # See https://search.nixos.org/options?channel=unstable&show=users.mutableUsers&from=0&size=50&sort=relevance&type=packages&query=users.users - mutableUsers = false; - groups.jallen-nas.gid = 1000; # create nas group cause truenas perms - - # Admin account - users."${user}" = { - isNormalUser = true; - linger = true; - extraGroups = [ - "wheel" - "networkmanager" - "docker" - "podman" - "libvirtd" - "nix-apps" - "jallen-nas" - "media" - "nscd" - ]; # Enable ‘sudo’ for the user. - hashedPasswordFile = passwordFile; - shell = pkgs.zsh; - openssh.authorizedKeys.keys = [ - # macBook - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCw9zq8DLGByI5v2gAn95hKNyOsm3g61a2buxu2BBMFysQJgmZPCCLUqRJKhSM5Vm/JOgsAmdpRBRZQoHD+6S844CJHb4v4VIbjkyQgYCuM7Rst2IOZ5QybvsA2/D0nwytZ+HXQqDj2AagUYDbz0gyyIHkDQ5YGBMkvkWz/h1Vci6aoBM7VihEDM4KlWoTVuPeASGM8r5IZ2FS83Djbqo4ov6AYvLMrKB9Z7hmFgH6R3LE0gxOkzbGVXtSuvJyrjvgytoT22UhATjjxSQ9D+YJXXkQoB3lUdg8OoIquUPjMZpl4mR8ffvseWPfcvD1XlD5t+TOHFqKpESO547tlOBYhdpew+NSgAXpamCU6oyV8tDCywLQu2ucxHRn78u6WXzWHkDtffdhzmk6TZaPhWqVHuTGjR4higBgGqUfSaKOMszt+FDRZAr3HtuQ2+zJ8bowK9fW5OqilTtK2HtQqroD9ApegDNbqOz6kGy5IycSXvqPURy/M4lxZxbtBPuemcJs= mattjallen@MacBook-Pro.local" - # desktop windows - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDZ2PYPjZddOzR8OJj16G88KcUhCDLkvrEmpUQP0wKHDUuA27HQQ2ORo66asadwGHY3k1VDZ1ei9l9H++SIIeKOaaUr5yZdktvj4POUNtbd9ZhcS7sZU7BSF+NMDM+h3tImh6z0S7mWvRQOUv3ZM+ZER+5xTWJVG1OOJEpb1drxJk6Qz0wbZKSR7TPNFBLLXlVy7hkNYf07RtDyhCCxNB3hJfa8c+oztnWumwDhDQWLqiUXWIU2QH6iRLGl/WYnujtNvVVaV/Hn3JJkS6MM9dnV3cpoIO0+J7+WfsN9rZ0wXt5yY3GhiGXwmcO5eYVli8lHlLWtK7aYSETyry6CBsLbojzOQO5rSqhpwfF2njAAFAQU0UjLc8PahisIuFKCwHH4iyXXOagiv5K1Mc/0Ak+WhhMPee6vV2p7NTyNpXRvouDbWy5cSRH31WgQ9fK5mIGe5v8nGGqtEhUubUkiOgP+H3UbT2V/nTv/TFKdJcKw+WmizvTrxBmaMjWALlkYl+s= mattl@Jallen-PC" - # desktop nixos - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPTBMydhOc6SnOdB5WrEd7X07DrboAtagCUgXiOJjLov matt@matt-nixos" - ]; - packages = with pkgs; [ - cachix - fastfetch - git - parted - aspell - aspellDicts.en - aspellDicts.en-computers - aspellDicts.en-science - aha - papirus-icon-theme - firefox - swtpm - tigervnc - ]; - }; - - # Nix app account - users.nix-apps = { - isSystemUser = true; - uid = 911; - group = "jallen-nas"; - extraGroups = [ - "jallen-nas" - "docker" - "podman" - ]; # Enable ‘sudo’ for the user. - hashedPasswordFile = passwordFile; - }; - - groups.nut.name = "nut"; - users.upsuser = { - group = "nut"; - isNormalUser = false; - isSystemUser = true; - createHome = true; - home = "/var/lib/nut"; - homeMode = "750"; - hashedPasswordFile = passwordFile; - }; - - users.nextcloud = { - isNormalUser = true; - extraGroups = [ - "jallen-nas" - "nix-apps" - ]; - hashedPasswordFile = passwordFile; - }; - }; - hardware.fancontrol = { enable = false; config = '' @@ -306,8 +156,5 @@ in }; libvirtd.enable = true; - - # tpm.enable = true; - # useSecureBoot = true; }; } diff --git a/hosts/nas/home.nix b/hosts/nas/home.nix index 576b676..fb9aefa 100755 --- a/hosts/nas/home.nix +++ b/hosts/nas/home.nix @@ -1,12 +1,48 @@ { ... }: -{ +let + shellAliases = { + ll = "ls -alh"; + update-boot = "sudo nixos-rebuild boot --max-jobs 10"; + update-switch = "sudo nixos-rebuild switch --max-jobs 10"; + update-flake = "nix flake update ~/nix-config"; + ducks = "du -cksh * | sort -hr | head -n 15"; + }; + gitAliases = { + co = "checkout"; + ci = "commit"; + cia = "commit --amend"; + s = "status"; + st = "status"; + b = "branch"; + p = "pull --rebase"; + pu = "push"; + }; +in +{ home.username = "admin"; home.homeDirectory = "/home/admin"; home.stateVersion = "23.11"; - programs.home-manager.enable = true; + + sops = { + age.keyFile = "/home/admin/.config/sops/age/keys.txt"; + defaultSopsFile = "/etc/nixos/secrets/secrets.yaml"; + validateSopsFiles = false; + secrets = { + "ssh-keys-public/desktop-nixos" = { + path = "/home/admin/.ssh/id_ed25519.pub"; + mode = "0644"; + }; + "ssh-keys-private/desktop-nixos" = { + path = "/home/admin/.ssh/id_ed25519"; + mode = "0600"; + }; + }; + }; programs = { + home-manager.enable = true; + command-not-found.enable = true; fish.enable = false; mangohud.enable = true; java.enable = true; @@ -19,10 +55,7 @@ autosuggestion.enable = true; syntaxHighlighting.enable = true; - shellAliases = { - update = "sudo nixos-rebuild switch"; - ducks = "du -cksh * | sort -hr | head -n 15"; - }; + shellAliases = shellAliases; oh-my-zsh = { enable = true; @@ -30,23 +63,12 @@ theme = "fishy"; }; }; - }; - programs.git = { - enable = true; - userName = "mjallen18"; - userEmail = "matt.l.jallen@gmail.com"; - aliases = { - co = "checkout"; - ci = "commit"; - cia = "commit --amend"; - s = "status"; - st = "status"; - b = "branch"; - p = "pull --rebase"; - pu = "push"; + git = { + enable = true; + userName = "mjallen18"; + userEmail = "matt.l.jallen@gmail.com"; + aliases = gitAliases; }; }; - - programs.command-not-found.enable = true; } diff --git a/hosts/nas/machine-id b/hosts/nas/machine-id deleted file mode 100755 index 9460fa8..0000000 --- a/hosts/nas/machine-id +++ /dev/null @@ -1 +0,0 @@ -57cdf5fc27f3469f80d0a339f1238aeb diff --git a/hosts/nas/nixpkgs.nix b/hosts/nas/nixpkgs.nix new file mode 100644 index 0000000..fa47a23 --- /dev/null +++ b/hosts/nas/nixpkgs.nix @@ -0,0 +1,43 @@ +{ outputs, ... }: +{ + # Configure nixpkgs + nixpkgs = { + overlays = [ + outputs.overlays.nixpkgs-unstable + outputs.overlays.nixpkgs-stable + ]; + + config = { + # Enable non free + allowUnfree = true; + + # enable cuda support + cudaSupport = true; + allowUnfreePredicate = p: + builtins.all ( + license: + license.free + || builtins.elem license.shortName [ + "CUDA EULA" + "cuDNN EULA" + "cuTENSOR EULA" + "NVidia OptiX EULA" + ] + ) (if builtins.isList p.meta.license then p.meta.license else [ p.meta.license ]); + + permittedInsecurePackages = [ + # ... + "authentik-2024.6.4" # todo: remove these + "python3.12-authentik-django-2024.6.4" + "authentik-webui-2024.6.4" + "authentik-client-api-2024.6.4" + "authentik-website-2024.6.4" + "authentik-proxy-2024.6.4" + "aspnetcore-runtime-6.0.36" + "aspnetcore-runtime-wrapped-6.0.36" + "dotnet-sdk-6.0.428" + "dotnet-sdk-wrapped-6.0.428" + ]; + }; + }; +} \ No newline at end of file diff --git a/hosts/nas/services.nix b/hosts/nas/services.nix index 13a03a4..bc98cb7 100755 --- a/hosts/nas/services.nix +++ b/hosts/nas/services.nix @@ -130,6 +130,16 @@ in ''; }; }; + + cockpit = { + enable = false; + port = 9090; + settings = { + WebService = { + AllowUnencrypted = true; + }; + }; + }; tailscale = { enable = true; diff --git a/hosts/nas/sops.nix b/hosts/nas/sops.nix index 7a24e77..ac36e80 100755 --- a/hosts/nas/sops.nix +++ b/hosts/nas/sops.nix @@ -92,6 +92,26 @@ ${config.sops.secrets."jallen-nas/paperless/authentik-client-secret".path} ''; + sops.secrets."ssh-keys-public/desktop-nixos" = { + mode = "0644"; + }; + sops.secrets."ssh-keys-public/desktop-windows" = { + mode = "0644"; + }; + sops.secrets."ssh-keys-public/macbook-macos" = { + mode = "0644"; + }; + + sops.secrets."ssh-keys-public/jallen-nas-root" = { + path = "/root/.ssh/id_ed25519.pub"; + mode = "0600"; + }; + + sops.secrets."ssh-keys-private/jallen-nas-root" = { + path = "/root/.ssh/id_ed25519"; + mode = "0600"; + }; + # Permission modes are in octal representation (same as chmod), # the digits represent: user|group|others # 7 - full (rwx) diff --git a/hosts/nas/users.nix b/hosts/nas/users.nix new file mode 100644 index 0000000..e666839 --- /dev/null +++ b/hosts/nas/users.nix @@ -0,0 +1,93 @@ +{ pkgs, config, ... }: +let + user = "admin"; + passwordFile = config.sops.secrets."jallen-nas/admin_password".path; + authorizedKeyFiles = [ + config.sops.secrets."ssh-keys-public/desktop-nixos".path + config.sops.secrets."ssh-keys-public/desktop-nixos-root".path + config.sops.secrets."ssh-keys-public/desktop-windows".path + config.sops.secrets."ssh-keys-public/macbook-macos".path + ]; +in +{ + + # Define a user account. Don't forget to set a password with ‘passwd’. + users = { + # See https://search.nixos.org/options?channel=unstable&show=users.mutableUsers&from=0&size=50&sort=relevance&type=packages&query=users.users + mutableUsers = false; + groups.jallen-nas.gid = 1000; # create nas group cause truenas perms + + # Admin account + users."${user}" = { + isNormalUser = true; + linger = true; + extraGroups = [ + "wheel" + "networkmanager" + "docker" + "podman" + "libvirtd" + "nix-apps" + "jallen-nas" + "media" + "nscd" + "grafana" + "traefik" + "avahi" + "62900" + "1001" + ]; + hashedPasswordFile = passwordFile; + shell = pkgs.zsh; + openssh.authorizedKeys.keyFiles = authorizedKeyFiles; + packages = with pkgs; [ + cachix + fastfetch + git + parted + aspell + aspellDicts.en + aspellDicts.en-computers + aspellDicts.en-science + aha + papirus-icon-theme + firefox + swtpm + tigervnc + ]; + }; + + # Nix app account + users.nix-apps = { + isSystemUser = true; + uid = 911; + group = "jallen-nas"; + extraGroups = [ + "jallen-nas" + "docker" + "podman" + ]; + hashedPasswordFile = passwordFile; + }; + + groups.nut.name = "nut"; + users.upsuser = { + group = "nut"; + isNormalUser = false; + isSystemUser = true; + createHome = true; + home = "/var/lib/nut"; + homeMode = "750"; + hashedPasswordFile = passwordFile; + }; + + users.nextcloud = { + isNormalUser = true; + extraGroups = [ + "jallen-nas" + "nix-apps" + ]; + hashedPasswordFile = passwordFile; + }; + }; +} \ No newline at end of file diff --git a/hosts/desktop/cosmic/default.nix b/modules/desktop-environments/cosmic/default.nix similarity index 100% rename from hosts/desktop/cosmic/default.nix rename to modules/desktop-environments/cosmic/default.nix diff --git a/hosts/desktop/hyprland/config.nix b/modules/desktop-environments/hyprland/config.nix similarity index 100% rename from hosts/desktop/hyprland/config.nix rename to modules/desktop-environments/hyprland/config.nix diff --git a/hosts/desktop/hyprland/config/btop/default.nix b/modules/desktop-environments/hyprland/config/btop/default.nix similarity index 100% rename from hosts/desktop/hyprland/config/btop/default.nix rename to modules/desktop-environments/hyprland/config/btop/default.nix diff --git a/hosts/desktop/hyprland/config/btop/themes/catppuccin_macchiato.theme b/modules/desktop-environments/hyprland/config/btop/themes/catppuccin_macchiato.theme similarity index 100% rename from hosts/desktop/hyprland/config/btop/themes/catppuccin_macchiato.theme rename to modules/desktop-environments/hyprland/config/btop/themes/catppuccin_macchiato.theme diff --git a/hosts/desktop/hyprland/config/btop/themes/nord.theme b/modules/desktop-environments/hyprland/config/btop/themes/nord.theme similarity index 100% rename from hosts/desktop/hyprland/config/btop/themes/nord.theme rename to modules/desktop-environments/hyprland/config/btop/themes/nord.theme diff --git a/hosts/desktop/hyprland/config/hypr/default.nix b/modules/desktop-environments/hyprland/config/hypr/default.nix similarity index 100% rename from hosts/desktop/hyprland/config/hypr/default.nix rename to modules/desktop-environments/hyprland/config/hypr/default.nix diff --git a/hosts/desktop/hyprland/config/kitty/default.nix b/modules/desktop-environments/hyprland/config/kitty/default.nix similarity index 100% rename from hosts/desktop/hyprland/config/kitty/default.nix rename to modules/desktop-environments/hyprland/config/kitty/default.nix diff --git a/hosts/desktop/hyprland/config/kitty/macchiato.conf b/modules/desktop-environments/hyprland/config/kitty/macchiato.conf similarity index 100% rename from hosts/desktop/hyprland/config/kitty/macchiato.conf rename to modules/desktop-environments/hyprland/config/kitty/macchiato.conf diff --git a/hosts/desktop/hyprland/config/kitty/nord.conf b/modules/desktop-environments/hyprland/config/kitty/nord.conf similarity index 100% rename from hosts/desktop/hyprland/config/kitty/nord.conf rename to modules/desktop-environments/hyprland/config/kitty/nord.conf diff --git a/hosts/desktop/hyprland/config/mako/default.nix b/modules/desktop-environments/hyprland/config/mako/default.nix similarity index 100% rename from hosts/desktop/hyprland/config/mako/default.nix rename to modules/desktop-environments/hyprland/config/mako/default.nix diff --git a/hosts/desktop/hyprland/config/nwg-drawer/drawer.css b/modules/desktop-environments/hyprland/config/nwg-drawer/drawer.css similarity index 100% rename from hosts/desktop/hyprland/config/nwg-drawer/drawer.css rename to modules/desktop-environments/hyprland/config/nwg-drawer/drawer.css diff --git a/hosts/desktop/hyprland/config/nwg-panel/excluded-dirs b/modules/desktop-environments/hyprland/config/nwg-panel/excluded-dirs similarity index 100% rename from hosts/desktop/hyprland/config/nwg-panel/excluded-dirs rename to modules/desktop-environments/hyprland/config/nwg-panel/excluded-dirs diff --git a/hosts/desktop/hyprland/config/nwg-panel/preferred-apps.json b/modules/desktop-environments/hyprland/config/nwg-panel/preferred-apps.json similarity index 100% rename from hosts/desktop/hyprland/config/nwg-panel/preferred-apps.json rename to modules/desktop-environments/hyprland/config/nwg-panel/preferred-apps.json diff --git a/hosts/desktop/hyprland/config/wallpapers/wall.png b/modules/desktop-environments/hyprland/config/wallpapers/wall.png similarity index 100% rename from hosts/desktop/hyprland/config/wallpapers/wall.png rename to modules/desktop-environments/hyprland/config/wallpapers/wall.png diff --git a/hosts/desktop/hyprland/config/waybar/default.nix b/modules/desktop-environments/hyprland/config/waybar/default.nix similarity index 100% rename from hosts/desktop/hyprland/config/waybar/default.nix rename to modules/desktop-environments/hyprland/config/waybar/default.nix diff --git a/hosts/desktop/hyprland/config/waybar/macchiato.css b/modules/desktop-environments/hyprland/config/waybar/macchiato.css similarity index 100% rename from hosts/desktop/hyprland/config/waybar/macchiato.css rename to modules/desktop-environments/hyprland/config/waybar/macchiato.css diff --git a/hosts/desktop/hyprland/config/waybar/nord.css b/modules/desktop-environments/hyprland/config/waybar/nord.css similarity index 100% rename from hosts/desktop/hyprland/config/waybar/nord.css rename to modules/desktop-environments/hyprland/config/waybar/nord.css diff --git a/hosts/desktop/hyprland/config/waybar/scripts/hass.nix b/modules/desktop-environments/hyprland/config/waybar/scripts/hass.nix similarity index 100% rename from hosts/desktop/hyprland/config/waybar/scripts/hass.nix rename to modules/desktop-environments/hyprland/config/waybar/scripts/hass.nix diff --git a/hosts/desktop/hyprland/config/waybar/scripts/hass.py b/modules/desktop-environments/hyprland/config/waybar/scripts/hass.py similarity index 100% rename from hosts/desktop/hyprland/config/waybar/scripts/hass.py rename to modules/desktop-environments/hyprland/config/waybar/scripts/hass.py diff --git a/hosts/desktop/hyprland/config/waybar/scripts/waybar-updates.py b/modules/desktop-environments/hyprland/config/waybar/scripts/waybar-updates.py similarity index 100% rename from hosts/desktop/hyprland/config/waybar/scripts/waybar-updates.py rename to modules/desktop-environments/hyprland/config/waybar/scripts/waybar-updates.py diff --git a/hosts/desktop/hyprland/config/waybar/scripts/waybar-wttr.py b/modules/desktop-environments/hyprland/config/waybar/scripts/waybar-wttr.py similarity index 100% rename from hosts/desktop/hyprland/config/waybar/scripts/waybar-wttr.py rename to modules/desktop-environments/hyprland/config/waybar/scripts/waybar-wttr.py diff --git a/hosts/desktop/hyprland/config/waybar/waybar.css b/modules/desktop-environments/hyprland/config/waybar/waybar.css similarity index 100% rename from hosts/desktop/hyprland/config/waybar/waybar.css rename to modules/desktop-environments/hyprland/config/waybar/waybar.css diff --git a/hosts/desktop/hyprland/config/wlogout/icons/hibernate.png b/modules/desktop-environments/hyprland/config/wlogout/icons/hibernate.png similarity index 100% rename from hosts/desktop/hyprland/config/wlogout/icons/hibernate.png rename to modules/desktop-environments/hyprland/config/wlogout/icons/hibernate.png diff --git a/hosts/desktop/hyprland/config/wlogout/icons/lock.png b/modules/desktop-environments/hyprland/config/wlogout/icons/lock.png similarity index 100% rename from hosts/desktop/hyprland/config/wlogout/icons/lock.png rename to modules/desktop-environments/hyprland/config/wlogout/icons/lock.png diff --git a/hosts/desktop/hyprland/config/wlogout/icons/logout.png b/modules/desktop-environments/hyprland/config/wlogout/icons/logout.png similarity index 100% rename from hosts/desktop/hyprland/config/wlogout/icons/logout.png rename to modules/desktop-environments/hyprland/config/wlogout/icons/logout.png diff --git a/hosts/desktop/hyprland/config/wlogout/icons/reboot.png b/modules/desktop-environments/hyprland/config/wlogout/icons/reboot.png similarity index 100% rename from hosts/desktop/hyprland/config/wlogout/icons/reboot.png rename to modules/desktop-environments/hyprland/config/wlogout/icons/reboot.png diff --git a/hosts/desktop/hyprland/config/wlogout/icons/shutdown.png b/modules/desktop-environments/hyprland/config/wlogout/icons/shutdown.png similarity index 100% rename from hosts/desktop/hyprland/config/wlogout/icons/shutdown.png rename to modules/desktop-environments/hyprland/config/wlogout/icons/shutdown.png diff --git a/hosts/desktop/hyprland/config/wlogout/icons/suspend.png b/modules/desktop-environments/hyprland/config/wlogout/icons/suspend.png similarity index 100% rename from hosts/desktop/hyprland/config/wlogout/icons/suspend.png rename to modules/desktop-environments/hyprland/config/wlogout/icons/suspend.png diff --git a/hosts/desktop/hyprland/config/wlogout/layout b/modules/desktop-environments/hyprland/config/wlogout/layout similarity index 100% rename from hosts/desktop/hyprland/config/wlogout/layout rename to modules/desktop-environments/hyprland/config/wlogout/layout diff --git a/hosts/desktop/hyprland/config/wlogout/style.css b/modules/desktop-environments/hyprland/config/wlogout/style.css similarity index 100% rename from hosts/desktop/hyprland/config/wlogout/style.css rename to modules/desktop-environments/hyprland/config/wlogout/style.css diff --git a/hosts/desktop/hyprland/config/wofi/default.nix b/modules/desktop-environments/hyprland/config/wofi/default.nix similarity index 100% rename from hosts/desktop/hyprland/config/wofi/default.nix rename to modules/desktop-environments/hyprland/config/wofi/default.nix diff --git a/hosts/desktop/hyprland/default.nix b/modules/desktop-environments/hyprland/default.nix similarity index 100% rename from hosts/desktop/hyprland/default.nix rename to modules/desktop-environments/hyprland/default.nix diff --git a/hosts/desktop/hyprland/environment.nix b/modules/desktop-environments/hyprland/environment.nix similarity index 100% rename from hosts/desktop/hyprland/environment.nix rename to modules/desktop-environments/hyprland/environment.nix diff --git a/hosts/desktop/hyprland/home.nix b/modules/desktop-environments/hyprland/home.nix similarity index 100% rename from hosts/desktop/hyprland/home.nix rename to modules/desktop-environments/hyprland/home.nix diff --git a/secrets/secrets.yaml b/secrets/secrets.yaml index b22fefb..36a083c 100755 --- a/secrets/secrets.yaml +++ b/secrets/secrets.yaml @@ -38,6 +38,27 @@ desktop: restic: user: ENC[AES256_GCM,data:ccJZWRM=,iv:fExPV4GW2aIDfJ12OCOmDYGAzRGhOu+mcRcKXSfqQME=,tag:MVRsGgbfW4tmnAmQP4e1Dw==,type:str] password: ENC[AES256_GCM,data:CjEpTwCAOoIdlb8=,iv:loIX/SmckPIhn9tcIs/eRAbHrbrDe42GeltgwOCo5YE=,tag:F672YtNS1z+9DOewM/7pHQ==,type:str] +ssh-keys-public: + macbook-macos: ENC[AES256_GCM,data:zHNf+gwWuY4lbrdEQm1fUADRwAoR1VTaiUnYQwDzpjqM0OU1jGfq5GF2aB56HK92ByZwHJxtmG1JVzypYZ+xZ/geBHr16VO5lVazXR5aso3NO5rrmAISkCSEJa1g+ZwBC3NbTglzZJX0e/JZe1QQZffi7m2pZ3HuKUF2IC+2qx5LghTm/qMNSiuRra91FmstHN1vJ74lgOcA8IkIAoE0+jDgpSmBqBQWV2cmiyo/JEmDfMIjZNdx4dQ14gP4FAuEGoRxfF3sHw5LhqKd2wgXkOYqvsSzeDuVk1qmI4wSflKcryElJ7jyMEiG5FaPEGibGkgyD7DIK65k67o3H2Y+7doDzahD71LFG7OF1kRq3JuzvL7wOQ51HTP8iFFdHJFIqdQlsORU6qiPE0GVV3zetuJgrFclVLHpVrOL2vPFwSS8Mbpenfp+7O/w4RYdbl0B9gNaiscqrUmnZCKCs5kjNQ7z+p9XmTa90yVgNUEtJLDH+8RMoZGhcg75awBHNW09iRH4pem+p+hZByhY0Ai/R/3e8xbzzJTHML5ypPYPKKypxIKkZajblASh24ymPFD50zaey+Rw5tTZoJFImM6osxrZxnIhqDuGO65wMiU0bulWPeO0vsYlf/SKUFOfo1+ZbBH+WNYtkQaYBk4VcIYN8OGdH4/ySOol+pGw8k6NROLWqgl+JbHvvqq/6loUQSqEFk/7mTt+azOtYZn8+Bipe6ZGikfoVPxxZidqE9KQkU8a3g/rf5lOqcE6TlDLdjiG7ixjzek=,iv:iK5OiEj1fzNkIOcbPeyXB6BVWGWdE9XulzDD/hqjyaM=,tag:mBYYY3Zbr5QQOFqNEXT8oQ==,type:str] + desktop-windows: ENC[AES256_GCM,data:dDxB1LxU5qxxP1/4wINuWn5JB1w8OepYt1rhrojaj7QxqH2rTW3hnlvXSKD/m7lrBcGBPDzjfJcWusSHBkIdb+qEawC4BhDJZSIZHgP+z7hcf8d3QWpcsaI/CIdr92tc8QKU98ocSvXHC9M7i3sVe7wISJHarDBXSqBpfAvM20V5jM1rhyzNUdAyIWTWL58bOZapa37x7weNr3+LOJVSWbIPD/+mOWSduESEBOGBvYcLcgcQf569tuVT06zhJ2YTiE6NYx1VOA80/Jqxs3Hcl0JNtNP5fYIFO5uXX6+Evmw/7HlUzA4/xeEwYIjpYAGnwG+7pm/CsBi0WBAhX96PYs2K+n+GaE3Af+kyfPBDcuqlYYfht6sQmtcQg4u/O9SVxY8hhhATUGqZUnHibwm6YUdpmlRYF6lDiwVP09ln93jN+Q9HGCIv4CCSG2s/2JtEczI2ieMFFDk1siCjE6Bd3vgpt5zSJNJ31F12yTlQ5oSEaFI61rMxbYTRB6r/yWCwLDzyOSWLAawSoJOCld5b4vGSbaK8CojcD87yPgXaqFE5hu6KYZbTR3qejeBjeXQqeq8HhRM6jVvoBhMUxdT3Uqk4Rr4P5RXf6Ip8lNAu0L9CTQBOD89Omac0WK8JKsmPP2qudvYDvSCOhVgRNI7RAuBasbPN4+FFB1rtMHVnuxe9mH5B5eO74kSGPb6G+4u5drCXgAQ+gZ5ncDh2LJAPY/4q3UXe5RtKNcK5rrg0fTJGWK6Nz+h9/Q==,iv:owBLW+yniaAPd+d6BFXlexNCRekZhAwP+oY+S/p5HD4=,tag:ct5BLa470+BYmzddF7s0hg==,type:str] + desktop-nixos: ENC[AES256_GCM,data:pAhqnVG6IQ06aDdIgfFwAlPjkx/Nu+oBMOXj423S9ZExTJvOoukm2YEoxDMyWMDbH9PkomcdSImnSUWX/G/F0voPG/wocGsVDvioNlIw3lwVFrEeLWgpTGq9XjOLBJi8,iv:XsKfWf7y8E2Frk9by3o0jOqPH1VATlckOEodBAx8P14=,tag:1yNSSHjppZb66nxLxpCa2A==,type:str] + desktop-nixos-root: ENC[AES256_GCM,data:5Fox7sRamK74Toyftdl7JnzbGVJ66hjuWtu6yBZnXEArWJ/BAJKtrHP2zBE9mHkVQC1DmAFlS0ULFVDoCanZRdqt3bb2K7ZZoiGu1u5SyuY8GUtaVlousso37f24us/o,iv:S70s3EvwbPH6GPgq0m7eT18ncHZ6j5+nuNWK1hsRFoc=,tag:QRalnRG1GlOKZs0Utz9CLQ==,type:str] + jallen-nas: ENC[AES256_GCM,data:sOn3hImmDcBs1H8NudqaNnPz3x/bfueEfEMLgGZB4DmWxWbOYSvSNVDM3qRnM6Vmr/h/pHe40g5Q9oNazVFxltJc8gidqxtB6dYEuDOwoYhO0liFuJZnebWWbYHcKHgPEQ==,iv:it7LXuf0BMviBNluREDMW5tMTQJvh5wKXehB+qHEpos=,tag:7r+H5VbsbVvC8MxmMbl83w==,type:str] + jallen-nas-root: ENC[AES256_GCM,data:YcwfZ8Ae3Ch4LPbKEkijVuo2FhlzdApm1XI18upHVw9WkOjfDQjCnHSYXNhOPGYDHFTerd69A4YByNAJmI+ZhUFRk0j8JQyAAqrTqfQEv+bOjoAfXDNcwr2TEr0MpNAB,iv:np7bSSsauo10y/gt58HNNwtRNPaA5iK6+mDke+lmVjw=,tag:YNJhCBjWpYP2YCx8QFy1FA==,type:str] +ssh-keys-private: + desktop-nixos: ENC[AES256_GCM,data:nmZyje3ohrq7PUiaPMmD18S5WV5Vwc+cBc3sl8J+lYSPbnKf9vR9XpLi6twaAkJD0KzaPvbKbBmUka20M8j8RAFir0WOYI6c97Ql6r6QxcoJg+h1f1JCDLmPYzMk5bdP5xivkIG0oXIpcYP5aBVbbC7G5+aqTYKJsd553E2wuvqv5PGSXl1hN4q/JC4/DEJx1mJq7j1O+IQAxk1B44+O/Omgd+r6pALWQjA2EdCYk2ReDDF5hlVc/2TIC4vPzVFnPFqt/5LuhOah3HV7xqw8AV73QGMF0KHDYLGH70fgFBD0Wr0uR4jXWmzfhN5bKkNBRuY4A6EyXF57r1Nc4sxpK2ltHSEOuibJWi9R1E+h5rmb65sAMgxkWn6sGL3G5smC0VuLaDrYuyjFx782V9aWUvQr2h2AaU1Z7+h6VL/adq1U4gRkvK8a/+7IsTnSHTzMMnfY7jYIrWjmxNBwUEpqXAZFAFI7qP+29b2fdWYmoup/thvMthCri7NiXsX95Qgf7CQ/+qoKENwZw9TgLtJtbBBks2vEuHcVh7PO,iv:jgiF188WAPqEy8WWaHJImzlLV2NNTFnNHW3Le7aLJ1Y=,tag:iCCDSahE8/LSajZd0Mt3LQ==,type:str] + desktop-nixos-root: ENC[AES256_GCM,data:oIBAoV0MyASXKUf8YhncfvnvXZJsXumWf1t2dibJ8AQZn7AU9RdWrHmToStn0QH3wqqiZH0ZFRnQ5rzCjXz75UTM1CZ0K8SnPDVIgzsExzMSFWz0xXKCPiagR7iDs3E5T341+qG92MAYUoVHEO+LPFE1HItiZyTTgdbJ8tz4My3GXpJ+3ExGAO7nlF1CgCuV++IsU7pW3GAgi1+v+V/lrZxkdZikM1ayYDfMGa5//Tlx55W5zR9GYm4vd4/HwIij/DrEueZAw/4i3WOhd77afosYkboKtZb82m296UfyhJEFeMQvSvjpNvqIc9KStMjxuV07QXE3HZooGRZx6HYJtHHKxf9HcEvgvGNi4nIUoGFb2+pWmWk6Usxo2S6aZM5k96UGrQGdDZzRZZHA2K0gBCVOsdz91M8egsevZEzB6ADxLmkwsobOMRY9Dm91zBMCOI97YestSMQC1ilAevF844c8augaszPRxfwGocuZE+Z99bsQTzJBiTsTgmp1xHaYswP1CLfoeUg8NeDHWmXzIQaqBf96O0kSEWtB,iv:2cTIm3wgcyOgKBUNYZbokI3HRRWTA3/9IHu94KOBUww=,tag:98dLCYVfGcCdXPEDiIV9Uw==,type:str] + jallen-nas: ENC[AES256_GCM,data:7ByZUcsQRcu2HiFVm2kuqXhVLLMzvZiwLV37teBvDBcGSlZnyU+9MmTH1SIxMwGaXVGDcaGyLkUzR5tHE6RgWw/vFyAG2owopxp5iXeQwd2Wij8Y2v0CFlixarRkSduOHPzbgJLAbg3qLDSVOVjVNZLO+qc6W26EpgMjWzxITez+M310VkM0UwH1B3FDOOd9p5p40+WuusR4V+Kubdi6cUxAfGH0XRDhX7zoRNG9X7t9xZCexWeSIl0BlaLkliSCWd3QeiuavXt94fBdEX4cXPh4SG1lRq37MoUShHCd6T8CheMSSV+Clpq7qyfFLVPN+N4RCJbZ1IiutE+7AsWAqDgS0XR0EAa28AE6TJxNGLDtBzBJvLSr/CxkTRho3U8pCqplUYwUmG9S/2WBqMDuK9408bm9Pekq0XdG65s0axhl1cH5V6wi9mBrScjfdO84FLApKhIt6iKnYRImhRudses7Wfgc3iArkqEG4zeq4IOrycHc8eaWrdHCba/2HbI1zZjX+7fDJkruo43Z1RUjDfD8TNF8PRt5fmMH,iv:2XZh1NFe9UZnUVndSgyopXnqCg7gCeDw0lQlYji9/5E=,tag:SWiazbIWlkm5eDKWlHab3A==,type:str] + jallen-nas-root: ENC[AES256_GCM,data:S8FCH5it+4o7YWSoSmR4unUfzoMW4v994aSDVb2DxcZGh4W6DnQ/MjiV98mOt62hzvwMksaRM55wM1Lo0WVPorU1efLi1qZn/Mi/QSqIqZJTdHGWQeak/pZJk27fmqS+5QyDRmErVxxesM92s0Y24SmEBOxlWDlfGNUTIUzjsOk2HmrTFrUCE4A2uu/djhvMaNLry6tIddW5C+bGy+LItrR29tCmA6j76bDW2h7pi8C/BPGnrGEE/p6Vf+VNbE/9xYdqNXf1gbRJ0AenZi0n8AXJUUJAc1qZyTVBpYJRkhGx5JD89W6Xk4J1bZVXv5XHQQ5MPPlkGPv+tXnKTzxYKPl7OXpe6rIMWDUK77vFpOAagr4F27JvHMkhrSv6RAGY28KqX6rljOzZG0CV3/MDssf8pXcyIvVSwxaT6JmbYwqdCHT+/mz2DFwMb6lOync9n24tfyEu0qkAg2bLnOeICQYSre849dvsBDlfQw+Zu1HEkBR55X+BSWaL0godAlRhqJMqPwoHbMNC2Aean0GJ+Ao0oaMILI+Lu9eL,iv:+RvxMeW3J8xNfiU0xGKyQk55MJlwg+RL3Rff7NPexF4=,tag:f4P3dW05wDn4k/ed4xLz9g==,type:str] +secureboot: + GUID: ENC[AES256_GCM,data:EPkYpJAHYEAXRQQKkB6WHXdtdnyoMvPV0BjfxMYfD/F2LrQc,iv:yK+2bSfWHnJ+qTQ2F18Of/qrultrX5cwYLgEZEWj1z4=,tag:D2WTSLS3ZZ5vZ4VQg8ltZA==,type:str] + keys: + db-key: ENC[AES256_GCM,data:I0fjDUw86CqMAwEIUF87aIjHzQKvCo058pa9BPvYGGqn1qRIkohU8lLGi2A8eb4l068XF6XdCa3mfOHA5wEKAiiE4DbqRwPZJ61PyvPwsjL9AGaX8LyDd1SMQYXmVEYol4FF8ytIe6SLGs1uXB89koSqPmw4RaoLgRIa9usPjCxh/fgKeF3C02FlvJWtbpPHNuY0qB4oWzRyDCzMiHKNU0/JCcJRYiEmdgK0TTA4jqtjGDcr2pvMQEL58mB9/Tilu6d4aeWG2mhGOw0fGtKWh9DbHHCPpMc4P8oLHbK38xFKnmkS8Hta/d7z+Si67crVslFDKPaE8bIGoehjOZCoSlxLoDRRiuA4/WwCYJgaFO1zKxwcjOXgM7Q6sncq5hGJOArbj97gtxPog2MYXz9aABNsd5OgWxdCJthwwbjOfKxQ8N3V4vi5+vppZ+KQ4g+0rU9wHOq8sMqMKAZNGQiG16I5cKD1uVAdvKKR9ATiMxrAB4Ceil0IIaUDPuPoW+djo6jJhgGT3igGHmOjTiQQqgyN3kHUR0DK6cXEJ+3OjKgCw3ZbNjsENz1WXWdyW0ThVcPZqHJ32ZGY4fS3eI91vuEgT4/xp+TsVPUcQ6AWfMwGn/jwO7vd+/MV7aTLaSQavD52byMIOpMzs0wMtGcr3f6UW33wG5IT7VrvtpX/TGEs+ciGSBcrRcXwGDrAhGFeISw7q72zsXG+ilAKJDKVIjotwPpgBRl4hMyPx18wNVKWALLgXe+WZaET3M9vHzT/G0/4r62StuTB0Pt380Psmp5J3ZnTTDsmpLFPbRkJ1UMqEykoY5i01ZceiyXlcclgUjOrA/knpK8vVerVBS9kMQZqPuMWMclTrPk9N2za3xQZ904hhSVO8vBgrv3HuAu2SxNGt3/Sgm3mdG8Zbm68hg0nfRn4mvE8rQ/WC0mR459jPvra0A6+XCokVK1NdwDMLOb7inb73KDgx693dFqY/q8oGM6/izTsLXlBYQVMF7Mqv7gS3wuWnkKyQkKcLHqbyP0pVYjMaHN8fB2Cic+O6c5Fu/1yQ34l4wSi4TVI/gMr8OKBJ6r2ixepwrOrmzQc1X266VEV0n/zOBQC1wKKtSVKZp85lDVu0lDdKiGQoGsXjYxUF6DvRKcd/uD0TnH7NoT139XKet5ZktlIAXGEBMW2JdkPu5xpk+qW1PsZzifMaOh5Bp/Vs0O2AAma3pvvfrAMbZr+NYIoAVGthRisW4LoVPMII1x3NspT8Emy6d4+6gnUalz2HFhIZ8+8W/TFN/a7uhfjQ2P09cCKaefTDXc391AWxxyZ4IcHf1jX483I6S3x8LsfvZVmyUO99zJllL+Tpc8Au9aYBtikxbcgLrLnyuK02dhsZqWJWqipSFmcXq4lxZMUCRyr/qQtE/ml0FFryJwAZmYooJ9M6kHwCs/Z4asoYERItKRlzLG38hWjK8ghsPUVawnBnL65ds49Y0+1j1J0uTXzR1CsV6LH/TtwEKUhGqVDeDDkagC+T2ZlBRze3Sb+6ZZeVMWTT50gBZyzLp49D+AxEhOuJLqROQdnhcCA2wdlxL/AlX5jw0eRO7a6uIRJi1fOn+s1kEk+vRi1MEtjGv279S/RMVw63R4IPNEwOtrZplWNrdb9V0iodB1OLa0I6jN6YV64YF5Mly5qCcNWHyjK+KEk7mnD/mM2RJeoxKXWR7/Rj7Gjtjv6WVqqzv0EnDouXwOOrbHgA8LctxeEr89foCI1MdwheXE58iZMa/aoP0suabcq6rdSOVKp/0GABA0AXdEYSfbLBtp2pu6pDE41LA7/iqG/U4cYlrN+CvUC48R6kB158RzUjHbmNyp3hu04ueF92xWCl9IuZI3pB3btfs+rOD7dIUmk1LNA9gGeCponV/CqN0mXvppU1wDPmk4w/k2IjhASh1Sky0w+Rk1IK7oDekKhduj61vXYQRVL1M1M8Qi6q65/OAmtKdWVZheI37DKrYbup1fGMuCSK78D20QJ58eFmHKPswLwynxKoDc2uAWJiRmVsS9XJrhpPeZHTP7NYw/sJahANedqvyH3o9CqxE5iCngnrFbXxjzZvyan4TL6IJGJIu2CwOc34XHU5FCBW8jdgtVQt9TFfVMysUJwpSLEruPPZA/PvT3lxurXs0flb0ggX5SVad2AkQ85INuXfXMLSFbfu3gS0ttYjtrS+hLkGnA+FBONdiZ6haY55g7IqdlB8gR+Y93g6QC3U6iAWpmMKVZjDeX7mKwfS2jNXUQhLr8YFi5nN+LyrjlsJWIlK6cBd3Wkdai/xtjp8sVosxesb8UoFxJHca8oz7Gx2YfQpHfabnq2XqFz/6U/vl2YVp0XnrfdefW8YUhM1dlqilxxsAiAHDsy0dPfdNZBeFhnCV33ui25NBkK7Zazo4hJb/xZeqzXW0Qpa/PFv9TdAgGYfPI2xEGafTW6kRaSpq4f11r7dDXsQYCUlZ3hmd2nJkR82OkQ7vgGLfT8oTSkJzh4ETRCC68hEN3DJKfk5D+eTtPUVvCWDXSu3v66if/rv4GD1JZxPYIEcbTgH4jRHwyN6nAeyJj3Ejb2ajONBXa4udcvoDDv5Igfj7u+NClAixW5GSkb5kfqPIcDolddQIXwJj4zMQRTFAoKPEG0dltU9J69vxLgYiifz1Y+oKQ0gc2eckXOkiIw8FvWdw3QBH2AmYzagASxgZXA8+OFylatq+/gjwihet9c17PsnPgUtQm0uxYfPcfke66QBQJkc9tNa0cxOk4qkaDb/gjFdWiF4F7MpoEtpsVMtNMHWflKQw6ESSMj71qA8W4c37bRHFShN6mbHzdm/kZuwTlnuWL2CauuhNH878sdvOS0x7ge0hoTsBpcAd6kTsZ6Gw/5wSF4+5Ig26BJ65rPnHsBi/6lva4YPV06sFRt6tYNyNvxMYo9r5Fsucj/2yIrftiyT+ulEXwQcvtTGPwCl2Cn76wquiGgowxj9Hc3rQ/fKtkyn1l2oO+6JxFN4uFeWmuIysERnzk4CWgOoIXRVWJhsL25ZGs35nSbWqP7Ptdoym9g4SziL0iVHtNoanGDL3E68GOhS+rS4up6NBqPquFOM6kY8lyJDXd9sUR6t9bxXVyCNQrXpL1F6jECRsLPvikKaLUsgfIpm06bufkU1FDGhiTDCj3khnaI7je1vCQ1Lmow1gqxaXk+c31/ZJ+XgIW9RlQTkAbg3nzrAsMuD1ZdS3LXQJCwl/7VJRKNCoGRwIpN3DUonuQ3ydZEoCpXp7OwowjVtn2l4JbSwbuFhYeuORom/ueAlikx4kDU9tYHNC98bjP5wo3NKgxc+jQ/ewm1G1kWCWjoh4csHicYnHAMIZpyA9/LRDGqtCbVLAggmGQNVcqRT1ZxX6LCO9fOVU9o35Rzo/ffsqEeg0WLH70QuG46is4x4ROIlJA0BKCP3/x1WeaRU9WVHBywA6BDD/E9QBGkXl7E+s3vpczHROJcwytVdv0LYlDTSMy9QLE9DVyfxLza7F1xlB8ktr5KRHN0sAE5p4hzPuEK3zK15aL5ANeYX5JVyDC6jDcMBSeqzW2GCloboFivCz5aDYV1a0wqd3TUiuE5OsUYzSw2yh1TCUXoyR3r4Oh9vntLfBLkb8m6FBLJdd8uKVyF71e2rFGsgiFCzZ+CC3QH3ZNdm50YjQ9ABPLj0zLMmKSfqgr3mlCFDOiGoIHVM4cmZL3LmzHz8VO85wCEh+5yKgMf9HT1GodfESQFDQxTdePDGzclut65CGkE16op+nSpUb5mGPfuSrFyKRehSLEcnEUTzrn7u+gukDQNC0uzJMe3P9LfNWjQCMiuHZFgx+ch+qFQRWRgXePB2thSjbLgXXAhEn2nVHs/bfvXx37rSSkzz8dNhcMX6UWMZpwkDnLyRgNsOC/vvey9eODmiBRzKaUTt8JQVgrTOx2TFTwNqVrfdrNxm/vq0bGnQhEP51NHdyNYUHp5ZFDL37T7x1Gw2esCUEoPfkqTps2HXt8CPzV6edRV5CTMtGNZ7+VIsxGkj25WTo7vleXE1r6sEZ9NTpRaE6pRHj9RH22JkeGCDMxKXMda8Hx2YpC1Q8lHsZKo14w8jDA7SKocsQUFriHSWuhcSI9AqEQkNv5++mivl4mosJh/qMX0MHbXXGILJi6iBi2/2cZMGMdaix/Ev0jAJi81Xf07eLgC2Rm4FIzHtbgN2kxAEROBrVqJMkJnqLlLWR9J41SN3HadvqVwlfyaknwZY+SFJjYbqPFihng1QxuLiwbTz/2rlt7xJtIxOQFv6+k3OPp8AMP2fJ9UBXuA1C1gApu3cuS69ybUY2gEqE+y7PR9By4WCTvJbgGf2MTeWSfkgylhOvTKrLdQXFrFAZM=,iv:11gse23Xpm8Oeds4NBNiHheLClCj7wFobRDObckm8HU=,tag:2Vbv2CEGv/biF8xfpPy2NA==,type:str] + db-pem: ENC[AES256_GCM,data:YgYUu5+uYIT4ogysOo8FvU7WYUcEDcXKR3yTp8WIcTUv2bGk124UXWRoaLlose2IV1U2z5GTyyiPwBIq21vrya7luy2rLSWk7ADaXgUotgh7//rbbIk6TLEh45S2wj5IiEpo/C5VSWYGCfcQ+FuDNPdQsxljUnRaJwTxdIYwb2tH6g02syj1Fm10TiJhsqvKPNl8qwIx32HUl1ns8/oJH6Isi+87qgYMdmLocq2x/6d3Ox2YmWDBaeqknhj0uJ1IxZ5YLqXyKlaEJbgl7+/IuyFToQRNMTVJXJ66hyAJMbaiEoolnrHvQXhPV48ibxVyZtMf3Rf40UWuw/A0NAQd0ysRsISyUW1p5FHtS1zDcUbhetmYRCKIEc28ZV4i634KKBi9JQZKH6+cDIPxxRfjj0oR/0aVfX+6eHYs7BKMFEcMHVYMBYKovrhXngkPCYEc0gFb/Ok6sMVSrApU21XGcih/5fLSWlTA65i0Uj5YsfCgAXG6UUujUWrSjmm//k8cpJp9XrHckFs1ali4oixRIXAiV+fnVIXho8mnRB4J33H4B+z7vDlFj6a3jkF8AwUBbNaXXhSvjcgHfmYT5Ej+SnKyqYvOVajAnPVamZTAyIBGIzpa8GirQ8f1BMqDau1i0whxz5Z0sWjKPhCsNzxr1sOO9cPNpmWv8G/YpReupnMepl6GvgnhVJl44AECoPR6AcPNJ12b4LE8jNw/M7K46gqiQhqJ5Cs3ZS8K8/l/875I8BBiDvECLHL+2pjpck/t9/xzQ+9LV50GZtUcKCiNlbxOqiLME+ZUhuf9hVvQ0sM44CWq/ulidBBtiI+k8hnQkZzJFNtpjADzpcjP0/nEw6NSnlzhFIa0N4cMEyX+MyuzU+Dud13vDgNdauSV8dJMHVJlOcwPRDXVOBaerrlR6qjOfTI6U1hpURD+FzgDxx8M7G7O3dQ+yzuG7qZG7HOxOBNE0BbHLcyz0shrZvtFKWjC5DzEdabUZP6D9DHdyDun1PKCLMlYky0fItN+6kkMSfnNCZFTxp5eJno0l92RKU4HKlTJtqo2GkmYq203/gXOKuGqPGkQgWRf0rF2ZMPlmn6g/MczjXYfOqjwCEwRODhMaN1Ni8q/9VQDpqWlsJScs3iBTUPCeSN+bACbZrOLBaWUhVPVmJvnIP6GVkRa9hJ5LPNs/jkmSr5F8xMwpyaiSXUqMw15yl6RKNAHVSJjOqi38AXqCYzeesyNBJx8oX7qdb76vGvlFDn0/5nePhe1O91MZ9cC3rj7w4XgSafRmd1Sx1W9AMlZMYTNwjMm11xojNIEDCSjLB+lD3seXDDI4nl4uNl9AHV6nG8hP41c79hfLULX3vXnBmibwsbpgNTswBLfZ0v5b8fDxepnEGfJCaz2wmE2jYaZOXUOlXbitlzFeTgGnWRtXauo9t7sJmSMPLJgEvinEkMaerAz1uDuOptkjau5o6gZea+STqdwtExOif2GSrOms280WINoOY8OQ65zLTYLVUMKJtQ/SpuyRplH0gKA0gnSmfOO2IKTPtoa7Sm66JfRd+QkGfCzsEq8QwD5Syw0hpD6sJ1oe/ZwoqrLEhNVQ9iddiHrJ/7X0N0N8PQsv/kYiE8nHFDEwFe/TWI4rqkJpeg0J/6FWcu+G79bb0NQ7/zXyL5rLrDwiRt0r0dJX0m+UPKczMTvVeECK3iEV2MCr/CCvJ5QqbrJymUFQ8goyp+3xKC5bQ8BJmcAszztyJvA27FqwW3/JOid1TPfsjigvL1LpUKxi/1CmclUJ+PMyQq3Okv5EOgPf7jLDLq5Q05v10tn8qBRF9lSozBWktDntLNS7YdmbcMYbsVDIO1HoGrPv3ZhM/G8t5OzIaC6iC07g8piEjRh7vNJwM+YvIhlWRRr1ypwiTZez3uBhohCplvcb7nT32udvtSNLuhRSrjoqedK3lAJhGcTkcgUajr9GjZqbW9FMbNOXgb4VuHW+AMgl3Y4gVP3+vTO+9HUgwaZX2ylcHruyF4jVfBK+NiZbRl2KcWMbLxQZzOJ+WPvJIZAvv6J81iFVplINO4ZGmnWoK5Lp7s+BKSqTkRG5EPuEK7w9DN0DIPf99GSs3U2ntfC7qeoP0B/LTUeJ0szYtDhS7dAtyOFYkNF5z+z1Ja5SeVuad11vuF9VLYwTqI5PlsT8ZT3wghWE/GRAgG0c7tQ+8PFDCG6hfhdcyGUNODPZFUYuOhamfau/IZAo0CRNs7Y7Lfj6o8dlXw0XqxXoAKh4FvFmM5QLb09mQ9h/jgxQtiKRZ1sSUxOqXLzytPfTY8sbr6Dpn2/C5zW18Yvh9EbfWmSQaLc4Hh5q3z7A3FmDkXAzpw=,iv:2OpXdGKZMF+KCtRc8t2RQ9rQYClRshB4LNEelaGXmDE=,tag:rSaTSY/cb/OKpxsNeT4KBw==,type:str] + KEK-key: ENC[AES256_GCM,data:8IUgXjy51S356EJDBtywv18UpMGXcLgMsxy/siaiHFEVwPxvJ/VaCb8LwsXXHblyfTYfBdL9dJd7UvB4NPY59Oa+i1bn/3ipFbl4k65YYJ1IzHKBNwdFl4+vKzTcgnr/jmVSXTfXm2v9pBwtJ8VnHcGSmpF3pV+faPv/l7hFVn9GdbgfcwXxSDpRs89Wo0SvWxaQOy6BxwnP9im9JNZgsfdB0+U+mOUFrp+16FDKsV3WzAcvIlO/XE9c4cooGw9UzJwUyq7LgOsfsQVfE06oU3sAoWpeXoXR+llRnICap80Xbei27um0rOjaNY8ejTKsBcI7AdytrvuAeGe4VOz+5IP3vG6xFNe2AQA8oi9hWNQVDtt+v8jSwlQjE5/flQ0HYMxfhS9M8f2uHf1jyJQ+kyqjWaGZXifTwmbzRlH9sXMaIyrKVRWk54ciOqjcQFkAGG+Q8psEZuEHfRFcZ7KjhUpcOAuhc6HsZqHbc80xe2Lxr05h8UmeF0nellQTDZRt45pUlu7Oy5lEDAprqC1SunN1QQ77ZRcjroUrvBbpm2FLyKfhNaMRYHzTZuy0KNfbyOQW59uGdFZnKqHKKXeDZycjbRyku3hPQ/UVS7cdKyH1jUvN/1G//1jdAZvpIPsOyTiwuz828nl8efArKhwi9bLjAsFqc9OnvnohO+5+dCFMej2hKhH78dtADkUreNA8tfH+v28/55ZYU4ypluOBEeBOGBzxeo9LZvbo74/ggt5E+MhNPki5xyV4ka6UpjArbwT7b6sC/BrhdNR2OVD0eGnSJnWzHjMbHzo7IrODyXcmi2jXTgwy4r9P5Nellroj1YoBE/DBdH4fCtI1IUnm3JVwgAzJJW0Ih9U+J7ZU5ia21cH4nzzdn8A6E1jAYLkTmbG8v157l7CuCaWnGrHuO/z323LACAPhM2QK9UEUleNochQKorM2nWq94MB6pfnidtHxC4SfwUX8aRxO3RIJ8h2Yyv/r0TFbBvJUtWXpUhsa7pNzvn9RMU7xXRu+7Q8CYgShJJ/BR6/AL0xnJeiE6NLwoP15Xsmwar2D8akVGwI+yKx0HYFKlWwqYxbZwIYuiha4/qvtGBNvelS7D6ERfBzPXyTzQBqmXKwaqhYOGYlPxgqvTVXb3SM4ZRRM5MGTBSG1AaWnkB8P5KfFEzkWpArsnIXaaq2xfwphKGiu/PeQy3XJNINJxPDWzEgH1g0kPYXLDR/wZ40GESnAi7BGGeujuPgIR03cPhP4GuY96n5/BVFnjKMV5HQEkQADccoNMQFkF+bbPc1duPmKqcnZjGDTfOqBc3G/LVMSIDFMOhCvwQ4CXcP3tfSIyE3W390JmVwHGdXo2Okdlzo1wz0JwL2F0C3SuOt1UifQER7ll6m6aIoRMwdes5nU4RMWtQ8r9Os1GhDWklUG/5IqRQzRqHwwQ+EiR/aQ6gY9ibFs2cQ+bVd88Au9WD2D7lv83AfM1IUWB94uKO4zgVbe9z/W9xB9XJ5wqAqbK+oFCdF2Rqw2nCWgzfTuNKs7QuVEPgSpphwE6jgwkBxKoUclDdEDnrEsYsp7blbisSLXckT2ik0izt/BHr23aKOZ/UAI9Wy+xk560NZzqfIbpxa/phHOEEWqIGtWYXUDB95g+w8XSoC3AkqsluKGBIeEURq5YLJADg3zlyoKgOua54eJ4BcrTC4l9SAPUgtPERYvUb95KLAwUgqXEeEtD20YcKbcXkoIHWw8yxVbkejPitfoNj2zMjMyJxPt7db3BiawmaqTWc/ob8xj/DrCvPIBUaLSX99R6kNpRgXKl9rR/ShFSDj3AHKu0LVnTGpD2726CfddckrvS5VO4/5t9PYcU5zXoM8Nlvx6/sTj9qaIgFCx4jCLcrr3s1xvfzzGizcHm44f1CEZqjuFSrlLdC0MP0JljtkWolkalYdlRQRxVGqJytFeZnlJKgN9ESQQ3o+ahFpaKEvJMBn7evnKq6maAcxK198xdife0OGKT4jvApSyytHXCTiUKokDZGEswQSW23TmH/kuq/fRL00VZERCrAfaIMRDHxmG6SuFZWB8RcPQQkmBa/JFetL97bs83QTcSP2YfZBlYL7x8HTEwusy5dYG489dO0rThUhl+ul7dL3BfN0eQGRQGU59OBxDxN7mp2t2W9NOY0TvhVXiRQpy9KpBFIBpiPQ58RlChfaULPIvoqvyPhIMiNfSJxM2KnysgduVNt8m+Zm2jlDn0yCqXvTd5FPUN9U7p4A/3BVHEWKdnj+oapIA3ds4fGRiV4oxJMVDzgpjtW3G1dN60c4SHnChTen4MgdYQJKvkuVzeDfzrHvEgreIJkchTukQ2vBVnYkdsKNS05rO1xeE8dILvFSTxKqxd+2gSznVc4d47srcET/1nNnItky4upM4snb3dFbl01MO+GcGvJw7NaT0s8YFC7GUtAoP3GBS1hmau8haRRuetT5SFfpWV/ok9FqLOe/+VAq7d07FGFQDkYtOUvx2HBUOoG1o7M/eiGWq8TQKYOdZfHbRLh5k4RST2FYpFmODVJpj70QDWqvkQcFdJF9W+oUwnIJQ7veVVazWlOwoMHnnxxo1To2hcDUC7KMJlDdm12Hlz0mpqH9NMM8TuAaD8B4LgnW3eLg/RnpRBgn5vVlaQ0EgvJHvupU7nBeXeYLbyI6HIxn5S/C5aOxcqC8iawrdZN/PbkqYTUno8xB3uzAQ/H9zal13IC1FUGcYyb/4yFUaY9n3I5psg0w5PKyoCYgQMg+5k5irStLNs7Gb4+hh78FKDBT79QNSYIQsUF8S1qVXz2gJniTnwG+uPhoPVYA7dd8D/YJf9a5kQGY79CyOko1llTyD11UNTW9LNc0/wEtRV7D+vWw3HHVLxRcCmBmSwqPyDmzntxZNMnXOkcR/Yom36pkfGdiNH/mojywZaI22qswsI24p9KJuuLfMSzYN5WT8mx/dW1ICazYHD5HDRnUuxB+7AHy3+18Qo/rvJRrNXEA55L4rl6suVgU/hZMNLJQdPvhkl90tQTyiPmTPHpVO1lZZgf6uNPZP0WMLJCc/1tm5I12Oc862USNObIwr+lowPram8CJYo9HOUkc+YOglbizHQz1N0isKTOHJB7UOBgcAekxScHF/JVmVJa4dS8V6pageqgqMLBrYr1mHWfoul8Sw5n23x4i9SwcybpwdYHkNGp48b1WO/pk8qTz5km2n+i3Sbd5Sa3Ntry8Vv1LIdOBmjE0B3uogonPRGMqEIjgAc4OMuxuELHbHoizkR2OMQMg1DYFLc/3XHUTM+CHqZfp3P8Lygz0caM0kA10ipcu0OH0MCnakijv1wyJwLW7zI9Z74yXE6/4EbDZP6aw+2AKPgJsBsfW0le+AjI2r5/pbUugQIRskmC78nnI33nDuOmjSzXwPgt8bil6jGDehuF/lgIl589wKd1KhMNmBX1iXEzj1kmv/G7mnyAtgEH2Y96mNvur/cheB+1uaEvaQFLMtB+4hFdFXk9V7OtcS8m6diONTrT/ykfqfZXeBYdnFiwy4RJi04gp6YB1M40mcVTRi4w6mG9wzDKlqIh3Latpm8sIHypYcS2pboXZGZCeYRzNX+kHA5qQwp5Txk/rK80WJ1KzwQpfCqEv5Qq14QkoWz4H3LT1Ooib1cTJ43NoVikWShysNbXxs/+D/NcaXR6OIPOREYxQ1qOR3YxJF6iiKU/EqdvxEqa4NjHhkAZzU0/nmy69Lv/DKAuySuwuArlXAIzcULWvTF7i/mkCERCeOOSMzHvlvlh/fMp2Hk35gmVz0fkCi/W9Rr64Abmic8fyG27QFVNNZ0UcT6cwgg9pF4cR+J5WfF0/G+fX6wgLs1pvfwKi4/UUh2220UDiZ3lqQGuAbbh/0L6PoTBdRvPlOhjbiagVRMP9orzH56Xl0jH+hungaBpbZfAbKDWQZ7W0HbDrr3xEC1BAByg02H1C0h7CBV3fF4Ey7RTTuTfXqabPbokMwzG61lkiWAdY2Q3YoxNg58VEzgq3g8KzJOznHwE35m78NLmGC35pBV4Vjp6ZUmpKk33RotUh6EPcpUULyusQWOB11u35An1Tjz9ewr5xB3XfyHSA5avFEkVS6bAv6staC4sEarBQz0ye+eHAXx3UbEo591KBjXT+0zNiLNkUYnOqRdQBXsunLlQTc/Wljcg0eeNs+Am5iCcF1oaDWkBKOMJ7xidhRrAhzhucBqKlNylLOZyUpc+Ru9fPDIikE6J0p7rwFT51v11+OpdcpOniFZ9HcJ5me4ON5uJqxkQtHxOmltXI880FEfGQLeaMHAEBnL/mBAl+ytzJn07xN7bhd/A8L2JPkN4O/EfUvhNPlGLtTD3TOT/nVu6rzSayE5RU=,iv:GHN6e48WgIPTuhbD9tZKMYAMkTfz52uIVmkrSgyK9xg=,tag:Rox5MKDnymWm45kj6aZonw==,type:str] + KEK-pem: ENC[AES256_GCM,data:J9PksUJphiHbVwjghcSi2/xI+yc3NfF6+3gRASSmNbifeDRoGJiMWTbNqDtKgRjA2yeUz5aEuKKrfax5Xpb9BEQ+oKRDZs7UNeeS1qIQSVicaOdE4SAyfiDv2G6N/yIygQdvyfftGFWj468fD3UunhSv3lM+2E/iO0xluWZPPGo0dGcB3lROm9SO8/HY4rTa8+OgXNzC1z+BTOYM9GSjGF+IWLzBuJ3Tw+EeVdgqdBAaXmegBD9Lxtf8jRke7TeaV4pORBCitojEi6LotZiO7uuvl90EFItpwvmXVMbB2uQzaf6Y0Yf4LV/9FagFK4bPh+tC4EwV/MW8AryanFloZS3PN/jAp6SNoAcK52BG/9jBtk7upPguV9JunBlDryIp6IF7Ggr08fXPv8VNsevThWUJY3chsed5voa75Gwm8OvSpkkASZEwl1zjq+XWJwYZYQSmbgx1z7fj/jmlrxOdhmFCBuY5medXTOuSTNbDmhflzApApI383BVUbuZmFHLuIiSFjvcGqF4AYQ/7SVHC+sACkr6JfT0QsPr9p0ruuuq6nimJ9/sTlNy81I+uQV2dyUvaUkLSqVc+EunkEY45DY6UdaAmke3DJALdpiNmyZsh7iYHU0WwlacNSEPcsBjVfTjbQBHXMbN/m2QamtaLsoxOSTWIgeRBCPUrPyq0t0RKXb8VyNhvW96jtEUKw+FukCcjexkMhz+f7kS2KJ8/sJ+rsNgQM1VYMZlItaaVuOuE3CDfz9JEhgV1kqgJQq+vekUYFv1uUIjQOFz4/N2TOmc36Y7Ae/oCuyJWvQU+OSnn7L4sy/7CtipVBgkHpx0z5s818b+sJDLZMEhlMTnG8QA92+MMtEOss8Kmp+jgPcr61t3au1pcwJOlqzlUTA2ZP/8Lyk7CQbcBbnBgod6ncJpo6r4HaHyQoa7vmz2LhD2sieKhZ2ewYwZPXPkyYPJtF1Soj182qP4nEDEPfm1Ut6ltivsl058qGES7pkhimjCuqNf4IFjeNJ4W5w1iES5Gzxw0YsZ3bFjkityMXP9AqalDoW012bJKir3wT+dDzr1OTe+KLkoWnC5os0/sfqltTPhXRhiHCB/QUF/2ZprDI+uEeJgAA4fEQr/zqA9DLtEYpJvKJvhekbg5PbxBMmCPrcmUQaCjW1VAxuJ/HMR25tT1d0Tn+q6WB8/1bd/AWBjqcvk2ewclYjx89yss8YyxxbGCCU7jqTDr1ildOQwiM3osKifbMFNDtMmXEwtVgfx7VqDwNqa4LsIPURrIUlTL/QoPV5BL+c9XsBkxxbH01M/gLoGgYGid3uOSu+8wYHmcyoobK4qRKF75bMJbsfZVBwAH6tCWIdHiKCpyC9mcSPBz6XyKGZneGcixwzMKMqpPqkBXXqleHO5WAE78iwSuQZ7FcfdbbnH3GGQU5tyVbVNS0dMcjdn9ScTEBeHoP8SbBvFnYtydpAlXttOlP2TQQbmCtVqU+qEf1YmI7+00JhC3TvhQpsebAO35JWM5RvB7Mm4tASbma7w3N0cHOOacT88oilegw7wUHX/K2AiSOYJ3COtiNkv3bhOEKyr6TYHYhHbycdbadCjULoHYYjwoFT/0U5kRnMGIihvbE1/7QzmlsCXzdMshGGLDkgX6MNpGpGGKcv652glZ7KvH0VDOyLSv/h4/3WEBqnslVH/Ogtg6FDUiD5v40vHfy3ZQ4xKviVs5K8/TL+UKEDxF+VbtxORLtBKpb2c5YsXH9zrsQ0utcLCbjGTKnvuaU7xpKajKF4S3rzKTeZb88X5UCXlNeGBpi2fWUqA7dHnMG84U/5WW1pSRI/3SXBJvWlLfIRkr1/KyIvb6D5O4Rj4+rya94S74FAAI6EmX/vGB62KEquVTNG7c7L1wEtWNSzbemeOTp5sXnAtiBe2cnyQuY3mzc4CJltaOuTow616iz+3QD29+hTgsaaCodnPGfiGzBJL8xQEcqH+gH+HR2qb/At5nADa7NRWzFS3B/oT0ZdSKb8PtLJaCBBxgaHl6ujXcwgVs+3TYGsYJSUcyaU3tNrEsd0zc0/+j0pqilcjtZuKH8zGPITB1wLXdF2tcI4w3XFtmbgRBKP697oup1zhh0+2S/zYr8fSCvYNkskMiGwGpbK56Bna/5HZs/cGjUT1cS+REBPU+AAz5ZQOGVT5OVDpzkDe7kUQqgzyze0ofSCtSGOw9jwtgh4QdCwF/nGS9H7fqdxArHRUWyeDllidniEkS/7hhWsIuYM9fRIQMbexzw95IIuWWJxSNvssyETmLwsQYwziXm/Akt7zsYHbxMtPY/fyyAIWX/mDjCQcwpVk/fvF4DbSo1R/ZJm5fn62GJdW6GLnGsTqIWUWAoVHklT7K9w==,iv:vLK80RXUW11fdnCmQTZisYfl8BWg1TNDOG3Qi/tA8U8=,tag:0q13mN72N3EQRuQKLqxg8A==,type:str] + PK-key: ENC[AES256_GCM,data:WyFWVrJ8Z2h0QjulNexOxDn+EbRaKf+wtVKSCRggX8M31FxgEejrM2ra5FN+RcGL4HQ511vw1wbICyOdZWQ3Cda8zfBXrAEjzUHoOpfwejK636Cd5AHTSle1qbv8fuqkst8dDUBWr8XwuxuqqUX2AxRZmS7wkI8hIYhGqcHKQDs214b0mB3Vx84w7kxvV4YHNTvLL8FRyxz6sSXEQhzWXOdoIE26oskChuL9bt+GjntXLdR1dcculVvtv33OsbLWaPy9DXfnlrWPSt75Keuptwlnl+6UN1bbdRa0N/O3DbA7+W8K0Pd5qauYE9eKT1ULhCXL8/HopkZVEPENYQVDPZ5DL/YoQqB4kwOPUFytzeA79plLJ2UB2pWUbJkkZklZDvYqYykt0KM1jtnEDLYb7bXCz6THCvL984vEfzIvbPUuXrvRxFE2bpElYn3dVQgHswXbf4Sv5llvpb8RYahnv0QrVhfTmLlOkVQ5sUQHHiY/UPlpfUq5aRufGCiguRaK2zz3vDJn0cuV2GEgcU5FpQyTzmGmHchJ+jAIf62xKnw9efHV7ep1qa9FQGFgkWj1/5E7wI9rObxkWDktUPV7I5T/LyLkXWLfwD9auJBZmKJfVAicvsDyUMJKmH0rw/7Lp9KqyvFASgJJAPzdQD3KGremLNog6aHfDjrdJUcGsc1iftSuAjyHqDMlNb5WKHFkIm8z7TnJmzVs1jbSzCqApRtawehmldtYY82XWpLN7MhbYG2pF5TZjYKAg2Kn4Kbkrb7vHIX93lJ6e41GCj3eEB+nVlkjVWaLwRBM8/n4GXUkNPE5v61i7q7S/4PnadXQbWK5LVYtj2s6hSGE29BVURA6lfqdHLSIcTXYhxe/5UI7VkssrggY/8uPPty1qabWe/geo41uXnaAO1104myQ4Lb+OrJBQjRjd794NkvAiLZsbRDQ0EMDiOmtUqMVmtodH+TTKz8WwG5xeGrIFDG3zmYZY5owFbc8V15vLXZkcDffFzOyxYnv+uykrhMzWWeWg5cXYrsq9PJVg/nQ8mjoaN57WrixpQvsNDWb5sxNE6OQNshQYDngjcaDSWmRutiVKHYgNjVyVDXbtPEIseOXOTcRln2OwhN3EuWH/55mXABkOz+w2MozxCJ14aLhQMjzX98z6YnvqH7wIyXufCzUEloQ1IKfBtn0/GyowhocUTvJlvyQssi69mHC1t0Qrjl/+6gWu04XiKK8shKaOhilT4/w4AHc0YvYXPiVur8ZgGEZX+xXj9KYAbwlyt/NldYigiY7MK7ymd/9mjYqNIa+Nb/AKS0jv/453acV3g5Hu9tNMgLeMejfptuLUK42IOvonqkBOrd3ljRXoUozZF1uG8NPst7G+Uv/HxjaW/8U8Sxal1hjsqwv4FlhYbHhoVu+9gkp06XFK1bLPuHsOIvgEeyWvzVzxO8lGQPQ5NgkAJXuZT29PzsM19gTXGVVykid4lLvV9B0c98FaPbflD3ncRtgYsZHN4U9WKD0WEQuzotTwN/rjpIlZY0OYWjmsAlGUwG2bosoEYve7rrD+/dsus9gW/QoKJ3VuvgK14FW0+JChiw2wjnhr8l/RIwxmhqlG1z8TtsyUgAZr1a09hidGyo6gujeBLAIHcufRvxb6NugahY3Ow/FRtUeGUt8bOTiktKIcHV6kKfS7QOq9PjjBBl2A/KdqqLVoG2UUQeABPbxB8Ea0L/OPG+mbyH4GtIHGVL905/MdkSVlvnUOGKkruogJlPATj+cHs3TDFL/Dc8FBFj8lidmHhdWv2jFBOPwTyAildRHgDH5r3Tkrejma5hoN9kMPD+l/NNolyszhxT5zPzmzjfG3FyklW5srrzI71+3ZTJ4+oi2VVDpBwAVEbNm48vTRvdWkMlAuXZzEdfctj8QMkosGpbnDJAOttzib9D9BnGGg4gq21DyExpG/fZclSVGg7RNV/6IBJU7GhN+uAp3Q2N3FW4aKnKS1SJLuBvjdMIDIzYBxjL9iTUbinmjTuEXCbyfjfDr7utn8yT+4Tj28lAJC3mw+QdmMHAlgicqQHjD/OOSPhxL0pPWuRX+R+9gYDW4SoPAg9vH3qXe11JltaAPjaUR/oQx0ATGiDduYAX7HCEtenDX9NcQL/JA3Sgiu4cefE6o8ipxmZ6WbFXIFirDKHelUvxev0Gy0Nr/DZo6WoCmoEEIT0wWvdchr/HyV+V5QsaoUgxPELOMQnLJ1NZH++AyiANp2YYT3VoQLf9/bNCBjJNTWSXfCNQNbqj1XT6gxp6V4mCU5wwoyhsaXpVXU29MqLKpHdsVzN22l0NDuyNfmUVCZN53JHQW7Rh3kp/GAYKhHp1qyW/lWjO+Xk6TUyFB9jkloMIB5CqCHZGGcJ7dZWAeE8TyEJ/YiM2p8L1/UVLcUYQXcvUYA2msN0/QxSJToEMiymY0GjYIrrdAJWfcpIR6uULrpEQPMfhbpmr1ArwXqIPVzzUFhiuWpI2iSkgdKyKj98jr4fytPSabud+wzhBQv9otYfGoywcXQgFfRaWeUZIk7rJxPfkkpP78NfdNOPbBx2H2HzsoAmbs9o2nfS5HjrWjO9kqoFdQSCXsCWCrUiyajNc1oVj7qF4YTSVMJKcoOBSlYkRgwsjgA2MX5fvvnlCk2sB49VKlL3wNyiqpJHmoDCdRPgUEiu2Y1Tw6iAxXhsXkgJC4yJZ9pd712tCOU6PE6csgVVsCxUBM5YhLCBVAX82jWJBJvWDwZGezjjcXOJKpKYPUQADWqssACGZLtwers06mETlyItkFOBvyrVYHntYS3yj+J6eNNTq2LZXPu72t0sEOFDDHLKy4+PuGhvuCP7p63a+/m6VwF8P1//94j7CeKFxbmq5OFFBDSrxmgGQUN7gnjhD70JOZLbp0DSmEEltsSuCMc6vQgA+pjiLRo0Dzec6Obc3YFOCRnJduNpPx743HyU8i3c1zlmqqI8f/4afAOikFYtocy0sEGnmkIyeiYryDjUU1psUsJRm+yZOQ0e7y32mNL2+Sn2Yn8DZbo9Nycnm567LRUjAzrw9M/jujxQ+Nc8tmhcgeHescYRwVOLxTMeXKcrFtQ95HSnLhL8Qtv70GHusyLUTPQYOyMITddTTAqX6oceDyxa0DLQpEMxn9oRVflZWKuOOWLqqPq34ZIjNwOPdEk9BGPL4j+/0Letk/GHPsv2ZqKq7g8898QI2uAuMoWKMQXbYsQJGBwwCoSJdeAlJZ5qwsNRZ2mwzZWHEWMCyhP807+4xaBytc4Muu3vmwdcKwZYKQWzKGPkm3jq3WJAqsfp+w35ZXEf4xZXpE8uHAMAtyNintTAs6YAuCJKrJ+DM7bJNUjcTdjhm4Kk/QkWbPtRnfaUnLRD8/H8jIwXpLKzSxgV4sq1UGmr2i0QBp1RFh9yWfQY0Nu5UIQF+OU+14IXitix0u/R2Sz6jX42CXha9eXuuwPu6U2z/mNN7vu2KsNwOBItFiI31/7rqxKDZXF3e3aEGsclvxvcytzWrLTpMOson8HTSnyDHouDnLa7i1Buk82BeVGbtBBl9CyI/QMZ0CinighfiUwDZ1PENh23s3O/fXOdBm9R2a1CVucCMoLiGnumxT6C7DNqMEsl2Vm4hTfiTrxJJfkZUG6D6N4ZL8YhVsAB/ercE8BMCxuFOkXzk0dsKwmK/AE1Tth2QaxHqU9BkFK60V9jPdJ6VY0Ph3HPRLP941db6/Ta8FBDxe5qxvYLx5tMUZboD/uviDiEZF2CH3vjytzT93cz6zIA4wwYnPKqZK+uzzKT20RQZszNvnZskReVUfHAFoRC+0mOKXGewR5NFdDhXwo0LEINjTyYuAIS3iD3GywuH5+6A5faZPi6Xoy2jw1g1YAyStQSZdDHW6p3D7AxHDbqOqFxqB7HUsdOkPl5eZ9EmMJc/wBXSuRWDhHFAcZiHB/J6Fhkucigx/PkB51YHXrkvW3zcwum3nkJqdfQjAuEsn6hO4pG6NbZElaNd/DylHIL4kicq/+DoGZ7cCMVMrp+ftu89xAr5mmUVr1TZDiwJg+z7DE7Xla3Vl2i8WQINsXf0lW5HxMGyhmV8kprmyRQcZqJsgM0370jOHCvFAvuKVv/Y3Mr1A6SD0IVhbaylE6xzYEfe0QUZK9viy4jhQwf9Gz2hZl18IykYUKTa+zsxG5mL207CFGvQ2kgNoWMoe1x9dO5NcDHyi2dUWnxinE5y/4mXNJPsxrlr+YTX6x2eOn5c/8kMJGmiBRAyhMqwZh4Z3Vb+76VhMoRXz0vWBpPKdE2T5yqHCpS3Bt/xZM90fjhODmmhrxHTAtPLRzJstkbQtaPnhMF2x0T2NmidpeJ989jNN08bqyCzuYGg+Cjzf64Q=,iv:NpO32iyBdzKGLt7oS86WT7IJrpZeuHcxO0BF4ZoMI1U=,tag:INU0SbXFmQzrAA8TxKqBfA==,type:str] + PK-pem: ENC[AES256_GCM,data:nLgeHrItUVzmSALKG25H6YYxXP9JViAac2in8n4QOT9CYRAi8VlJWbRszddZdKCPboAzmWsk2pSaERHx1UBXVP9vdpPBBlM51SSgEXlVouLVUB9Yw3Yl6bvgRrIxq3/A3bM19E/gnOV78kzA1TiEOeaHQYC0JEZSMOPT8W3es4B9pZ7WN2pUH5b51qUT4yAxjjZIh4dEMaGKMhKgnTH726hYzFB9YglSppvboab9Z+OheRtus8kDJaAgD2enoNK1bPYi/mRVBlhg8UPxEduSntpW47Ro3ooFojGNQBsI8LCGH7un4rgzMsxAVSj6QnPBFQXpTKoxu9hrLihG3NvKzH2af2/WNk7T9LMt9ZQYiXNWfmVhxpWTKLBosrbzdym6x9/O+BcNsRqVzPb/jp0k4+Nozy4yZTyHXMSfis/uElXf5xpenrqx1S+vK8kYbKj/lGyFyHXlYoIKTBrxLHqsKHjBMeGkqLlL91pBlxjT8WE+fV4wgpwhEzy1ikJkZKUoXCTcIsbsOIOuOHnydLTztBSrHS8jK7QKLxJ46bbBQ0Ob349OFRFNla6q6VQGaLfXqbQImzlgBJmQgHs4a2pnoqyUAWTBFmaQsvoRA3XVsRpQlcL0CYMY5cCBg2jUkLhO6W8E6L9I5ud3J6z+7YQFfsRqnV8M6zOxa7XaEqxKb072Z38/t56f/sx8lpPDOAtg9u+ESZ2y+CexcGul50HlV+15PiCs4+MnuxhaUucR8xODAfdssAPs+KmLkovoWZmnwMPYfUZilhSpfEfbLHFgI0v248GLZygLyEO79T6MoNCrPzb0W8z8gObzgKE7RFGHs8gJeHjbZ2c2D65VpmkiWbTOAbDwQczkYoTxv+V3D83eqq8lpodBL8Fi5WCjUvyWgXWv/D1y8FL0nGUt7n1/ETi/DelKrSyYKh/x0zDucbHmStgdRtnmQfHTX/ha7EkKa8Z3oJFok0Kl+q8gggfh2IylNrAZTfcvxL482z2Yan6M0Hztux8q9xwDGivqaM+S81HcaRXJa9zGE4UAjepaOYq/Pt1tYeYDZ5IzZKYzK+0EDZp5khwDhfcZS+TckqWdgzx1OxuQpldKlKUi3u9Rw13lfu3NBukDoeZYl8EyjZVzZylqlSLb30fyVIhm6U2fLjEv4ecfg2ePtHwkMATNUKOQq/pQJPleFxVPa/ZGI3o516Kg6QjTL9jJyB7mlmT0uwa93NGB/MwshqN7FfsYokK5FgpCnA/fU9Y7UDsgu16CogTc7/6cmnLfZaqPzkiLD20pqxb3LgrwsjXwmdsn9t4azDIPZe1fzl7Y8dVCViIQwDlt3ppvC5UtfpDd8aR2PH9nUDTUOeSeSsknhuFrvTtWF79T+/iZzJDWtJ/RByk/IKoTlO2HdRNMfvw7fUTjvWqYh/r86dTGXD4lzKnF1SgHJ963/8Ks9qZJouKKn54hQY4mdfSw6gqAAL2mcW8Q4ZubNZ5cN79vn+lsrE15hY580uv/S+H/0yX7OrW7s3cZGuYhPYy3OpUwZz4V9nCBVZTYAATooYFoxf7snYG19nR4hJ9b11NZR/skpU8gAbG+na2W5FJHAsj3bbcDuXmnErzGt5STU+u1MxIUeCg8dSFQ/Q35fRCnHNiAHEEl8gbSYPwkumk7E77UM2stE1VsK9ZgsyVVlQp5XrdNtc2Z/LxHd0Vd3c43435hycZ/blD9nO7vuISzFfSPAam+WO2VvfF6Hvcr8OTch6gl2cF7KuZMvaK5LlFp2wiC9g620wB305H/nFpMJ72bUTqSvu0hHy7WbCrGw1nYmU5aVQNF42jk3mxQCPW5EPr2CeoVQFAQnFeCCMbe9LEpGKwrALE4LwYeEgHheGqNU0bumEa/vkCmo+dOhTaW25S62LwtvPIm9moya9O5p7TOrBgDhGlIorE5/J9hCGuQK9juTCWU4xdiDRqYn4ZJFSTNIl5de386kNOM7OWyEgKXwHtAhgAp76Wsmrg3IYVC4qO1RsJ4eA1kfV23tStycerC+2i3kIEHuENXFgkLa/gpXByX5w7QlazHhTZC9v/nBYVZTTEEs+TGGbXPZLpLZcUfk3X4iJEmSE3vAMvfiScxyNINGXRvpifgJj2WPfKQpjqQCEdFvLFc4t+a+wZ0HRLBjX7XTCj3CW+nWw+M73K0Ig3j7Yu24i37ZBOrHaNdR6en3ARNC+/t3RzTDrmp+ufIz5kvX7Cxwvoc7BsgnYZt/Yf2s8V26l7lh5+iXQjwc05qfxi9mwEDHNgTH1HFT7bsUsvG1QgD4qcKU+Dq9lPhIRvuyngVrWvxlGnY6svZKH9noPD+dTPuSyDtoHDvRt/oy8g=,iv:l9hEcYU+9qzjYzGJ0Wag3GT+lzXE8JDQNmY+RoxEFls=,tag:QzrJ6ykAX6tXQMf19kB68A==,type:str] sops: kms: [] gcp_kms: [] @@ -71,8 +92,8 @@ sops: UGhsN2N0Mjl3UEJvUVlGRlJiN05WaUkKW37lU4G4CLTo6JoHC2OyhKsG/FuO+BiN pzlVJwzRnmAqwklRbc6RMbQLl2EQrp6KQcgYsUxCMH9OQ/9WJ98dxQ== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-03-13T00:07:47Z" - mac: ENC[AES256_GCM,data:XnjVO3KZT2DwXpB3RY9l5BCKE+Z4Yjm20LxELcMEU1Od4Ytayl8ueet+Kgl7iBixipjwWj6PBR1u8Hb33Iio99g6W56atMeX/c3y6Cxw5KIo2y1Iki5G+cng2kadelZJn3fCcVUjTssfD+tG3BFnk5VGPdcxQPecSAc59WuPZuI=,iv:A1SVfNJ1SBPQZRunRXDL2pRnxNDXsyAGQtvNw5CsdLs=,tag:hzT1cfQYWBbxDMa6KAgn2g==,type:str] + lastmodified: "2025-03-18T02:28:46Z" + mac: ENC[AES256_GCM,data:m6QnoyNBXQG/mZapncFIFZwNp8H8S8TqPrVMqGgY3fp7kxBJpt1qn55ZgvrMO65NjVBSTC0gWOZtZD8caVttkWqfTb8r+nqMerCiby3EqqJMJjCvF8Eg9DQojXmnazoG28shZquoWp1Cb8nZeuPR7C2ChnQ4A3dG2y1qQmntSRY=,iv:aFTDi5GqIt4ruv2IPBkFjUufwYOw9xqPyFJ9kp9+HR0=,tag:haCLuk1a92NtszzfvEYiSQ==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.9.4 diff --git a/share/impermanence/default.nix b/share/impermanence/default.nix index 2c0c81e..80385dc 100755 --- a/share/impermanence/default.nix +++ b/share/impermanence/default.nix @@ -12,7 +12,6 @@ "/var/lib/waydroid" "/var/lib/systemd/coredump" "/etc/NetworkManager/system-connections" - "/etc/secureboot" { directory = "/var/lib/colord"; user = "colord"; diff --git a/share/root-user/default.nix b/share/root-user/default.nix new file mode 100644 index 0000000..8a2e6f4 --- /dev/null +++ b/share/root-user/default.nix @@ -0,0 +1,53 @@ +{ ... }: +let + shellAliases = { + ll = "ls -alh"; + update-boot = "nixos-rebuild boot --max-jobs 10"; + update-switch = "nixos-rebuild switch --max-jobs 10"; + update-flake = "nix flake update /etc/nixos"; + ducks = "du -cksh * | sort -hr | head -n 15"; + }; + + gitAliases = { + co = "checkout"; + ci = "commit"; + cia = "commit --amend"; + s = "status"; + st = "status"; + b = "branch"; + p = "pull --rebase"; + pu = "push"; + }; +in +{ + home.username = "root"; + home.homeDirectory = "/root"; + home.stateVersion = "23.11"; + + programs = { + command-not-found.enable = true; + home-manager.enable = true; + + zsh = { + enable = true; + enableCompletion = true; + autosuggestion.enable = true; + syntaxHighlighting.enable = true; + + shellAliases = shellAliases; + + oh-my-zsh = { + enable = true; + plugins = [ "git" ]; + theme = "fishy"; + }; + }; + + git = { + enable = true; + userName = "mjallen18"; + userEmail = "matt.l.jallen@gmail.com"; + aliases = gitAliases; + }; + }; +} \ No newline at end of file