mjallen/nix-config
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

sops n stuff

Browse Source
This commit is contained in:
mjallen18
2025-03-19 16:11:48 -05:00
parent 172d4a37a8
commit d402c32813
11 changed files with 432 additions and 473 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
.sops.yaml
View File

@@ -3,7 +3,7 @@ keys:
- &matt age157jemphjzg6zmk373vpccuguyw6e75qnkqmz8pcnn2yue85p939swqqhy0
- &matt_pi4 age13g9a4d4jrvckfddpgn8sm4kjtzajr67le56pfdg78ktr5pd09phq32j89u
- &desktop age1jv8ap5zwa49ftv0gg7wqf5ps0e68uuwxe2fekjsn0zkyql964unqyc58rf
- &admin age1xywkclhz9razlgle6xs826qkhgnnmn97azaxv8rcm89za3huhg8qjj2z5h
- &admin age1pm3fehmmk0vmnrscz9vm96rakn46aaldr5ydpscmde3v9x0k3faswwdzxs
- &jallen-nas age1mn2afyp9my7y7hcyzum0wdwt49zufnkt8swnyy8pj30cwzs4zvgsthj0lt
- &pi4 age1llgz23hxtcmfmmfgaffyfr4rcvwv39ntxlj57frdp7t5ct68e9ssn2jhvy
creation_rules:

291
flake.lock generated
View File

@@ -14,11 +14,11 @@
"systems": "systems"
},
"locked": {
"lastModified": 1740601740,
"narHash": "sha256-YQ8lMeT/KkMDavXrqPvoO6pKQdfSSAZBcNp/Cer4vWc=",
"lastModified": 1742246110,
"narHash": "sha256-bjJDxW3Z3clNIkgwEktWhFSpU9UyftisDfK3XYzdRps=",
"owner": "nix-community",
"repo": "authentik-nix",
"rev": "bfcad34becd76d148e1ad537b5dcbd58d858a5bb",
"rev": "04f5e14643b8b37304966767074fbe0efcadab9f",
"type": "github"
},
"original": {
@@ -30,16 +30,16 @@
"authentik-src": {
"flake": false,
"locked": {
"lastModified": 1740599692,
"narHash": "sha256-KZalpsM9rvki9GD+urf8idHOEnvBJtkSvE1b2b4KL/4=",
"lastModified": 1742236492,
"narHash": "sha256-Uz7qldS44pxduLcYKf+cCq4WvjoslDR4PwRqivY/4uI=",
"owner": "goauthentik",
"repo": "authentik",
"rev": "31fe0e59234e487a42012510d1a4e4819b9aba26",
"rev": "3adf79c4939276e108c25c719843b6174e9e22fd",
"type": "github"
},
"original": {
"owner": "goauthentik",
"ref": "version/2025.2.1",
"ref": "version/2025.2.2",
"repo": "authentik",
"type": "github"
}
@@ -53,11 +53,11 @@
"nixpkgs": "nixpkgs"
},
"locked": {
"lastModified": 1742170605,
"narHash": "sha256-GPDSyJT5jS7Aw6R5wgJC49/4gye+L6/CfOkZogmd1H4=",
"lastModified": 1742299811,
"narHash": "sha256-QqQNUZzWXw3Wa+d4ATk54Zybu9gUpbEQL9C1T66xJ5o=",
"owner": "chaotic-cx",
"repo": "nyx",
"rev": "616bb28c9466a8b0124c8a8771022d93e9d914ed",
"rev": "442be6949bb345f5a56f03ec3a9e9dda3c618bf7",
"type": "github"
},
"original": {
@@ -67,6 +67,28 @@
"type": "github"
}
},
"cosmic": {
"inputs": {
"flake-compat": "flake-compat_2",
"nixpkgs": [
"nixpkgs-unstable"
],
"nixpkgs-stable": "nixpkgs-stable"
},
"locked": {
"lastModified": 1742395601,
"narHash": "sha256-WSoI4R/pY/8AY5ulSn03nry9KFGBGFRFcXjhBYYRYtI=",
"owner": "lilyinstarlight",
"repo": "nixos-cosmic",
"rev": "7f8e9de5c8494d209bd618dad4ad81e98b19fabc",
"type": "github"
},
"original": {
"owner": "lilyinstarlight",
"repo": "nixos-cosmic",
"type": "github"
}
},
"crane": {
"locked": {
"lastModified": 1731098351,
@@ -142,6 +164,22 @@
}
},
"flake-compat_2": {
"flake": false,
"locked": {
"lastModified": 1717312683,
"narHash": "sha256-FrlieJH50AuvagamEvWMIE6D2OAnERuDboFDYAED/dE=",
"owner": "nix-community",
"repo": "flake-compat",
"rev": "38fd3954cf65ce6faf3d0d45cd26059e059f07ea",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "flake-compat",
"type": "github"
}
},
"flake-compat_3": {
"flake": false,
"locked": {
"lastModified": 1696426674,
@@ -157,21 +195,6 @@
"type": "github"
}
},
"flake-compat_3": {
"locked": {
"lastModified": 1688025799,
"narHash": "sha256-ktpB4dRtnksm9F5WawoIkEneh1nrEvuxb5lJFt1iOyw=",
"owner": "nix-community",
"repo": "flake-compat",
"rev": "8bf105319d44f6b9f0d764efa4fdef9f1cc9ba1c",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "flake-compat",
"type": "github"
}
},
"flake-parts": {
"inputs": {
"nixpkgs-lib": "nixpkgs-lib"
@@ -263,24 +286,6 @@
"type": "indirect"
}
},
"flake-utils_3": {
"inputs": {
"systems": "systems_3"
},
"locked": {
"lastModified": 1731533236,
"narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"gitignore": {
"inputs": {
"nixpkgs": [
@@ -331,11 +336,11 @@
]
},
"locked": {
"lastModified": 1739757849,
"narHash": "sha256-Gs076ot1YuAAsYVcyidLKUMIc4ooOaRGO0PqTY7sBzA=",
"lastModified": 1742234739,
"narHash": "sha256-zFL6zsf/5OztR1NSNQF33dvS1fL/BzVUjabZq4qrtY4=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "9d3d080aec2a35e05a15cedd281c2384767c2cfe",
"rev": "f6af7280a3390e65c2ad8fd059cdc303426cbd59",
"type": "github"
},
"original": {
@@ -352,11 +357,11 @@
]
},
"locked": {
"lastModified": 1741955947,
"narHash": "sha256-2lbURKclgKqBNm7hVRtWh0A7NrdsibD0EaWhahUVhhY=",
"lastModified": 1742305478,
"narHash": "sha256-iYCinzZnnUeCkZ031qGRwPdwRsqW6o9Y0MgGpA7Zva4=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "4e12151c9e014e2449e0beca2c0e9534b96a26b4",
"rev": "fb74bb76d94a6c55632376c931fc108131260ee9",
"type": "github"
},
"original": {
@@ -405,14 +410,16 @@
"jovian_2": {
"inputs": {
"nix-github-actions": "nix-github-actions_3",
"nixpkgs": "nixpkgs_2"
"nixpkgs": [
"nixpkgs-unstable"
]
},
"locked": {
"lastModified": 1742021951,
"narHash": "sha256-Nxrkvh353BeG6/D8yPq50VCaYnCMKviS7krw4DfzLVU=",
"lastModified": 1742278596,
"narHash": "sha256-ZShdL237Hz+Sog0mzfsCui+kyj+Xd2ka91Dilxlz9j4=",
"owner": "Jovian-Experiments",
"repo": "Jovian-NixOS",
"rev": "ecaf8b6aa7d28cb7b87da334310fbe1ba31f8d64",
"rev": "fd69a59cfab06fe8ac0695377e10573e91b6a3ff",
"type": "github"
},
"original": {
@@ -424,7 +431,7 @@
"lanzaboote": {
"inputs": {
"crane": "crane",
"flake-compat": "flake-compat_2",
"flake-compat": "flake-compat_3",
"flake-parts": "flake-parts_2",
"nixpkgs": [
"nixpkgs-unstable"
@@ -447,25 +454,6 @@
"type": "github"
}
},
"manyfold": {
"inputs": {
"flake-utils": "flake-utils_3",
"nixpkgs": "nixpkgs_3"
},
"locked": {
"lastModified": 1735525498,
"narHash": "sha256-ZHnX/pgRWxeMrOCEKKB4d8dMmz/UEcMSrM0Qo26SJlU=",
"owner": "mjallen18",
"repo": "manyfold-nixos",
"rev": "6926c1f0778636e3e85133b3f898dfb30cb2f38b",
"type": "github"
},
"original": {
"owner": "mjallen18",
"repo": "manyfold-nixos",
"type": "github"
}
},
"napalm": {
"inputs": {
"flake-utils": [
@@ -494,7 +482,9 @@
},
"nix-darwin": {
"inputs": {
"nixpkgs": "nixpkgs_4"
"nixpkgs": [
"nixpkgs-unstable"
]
},
"locked": {
"lastModified": 1742165923,
@@ -577,33 +567,13 @@
"type": "github"
}
},
"nixos-apple-silicon": {
"inputs": {
"flake-compat": "flake-compat_3",
"nixpkgs": "nixpkgs_5",
"rust-overlay": "rust-overlay_2"
},
"locked": {
"lastModified": 1742098834,
"narHash": "sha256-l98XVpNXW6hr0AsxCeQZbdf6EGT8OpHdkWBi7sdel4s=",
"owner": "tpwrules",
"repo": "nixos-apple-silicon",
"rev": "8457960249bcfd34c22838e20eaa7d8261428688",
"type": "github"
},
"original": {
"owner": "tpwrules",
"repo": "nixos-apple-silicon",
"type": "github"
}
},
"nixos-hardware": {
"locked": {
"lastModified": 1742180333,
"narHash": "sha256-SrvP0G0fxz35lvQxBhAeJOl6+BueIsxJ4azMX+l/kAU=",
"lastModified": 1742217307,
"narHash": "sha256-3fwpN7KN226ghLlpO9TR0/WpgQOmOj1e8bieUxpIYSk=",
"owner": "NixOS",
"repo": "nixos-hardware",
"rev": "113cd3916682def185290145924fa30b30bda972",
"rev": "4f4d97d7b7be387286cc9c988760a7ebaa5be1f1",
"type": "github"
},
"original": {
@@ -642,6 +612,22 @@
}
},
"nixpkgs-stable": {
"locked": {
"lastModified": 1742268799,
"narHash": "sha256-IhnK4LhkBlf14/F8THvUy3xi/TxSQkp9hikfDZRD4Ic=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "da044451c6a70518db5b730fe277b70f494188f1",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-24.11",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-stable_2": {
"locked": {
"lastModified": 1730741070,
"narHash": "sha256-edm8WG19kWozJ/GqyYx2VjW99EdhjKwbY3ZwdlPAAlo=",
@@ -657,13 +643,13 @@
"type": "github"
}
},
"nixpkgs-stable_2": {
"nixpkgs-stable_3": {
"locked": {
"lastModified": 1742136038,
"narHash": "sha256-DDe16FJk18sadknQKKG/9FbwEro7A57tg9vB5kxZ8kY=",
"lastModified": 1742268799,
"narHash": "sha256-IhnK4LhkBlf14/F8THvUy3xi/TxSQkp9hikfDZRD4Ic=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "a1185f4064c18a5db37c5c84e5638c78b46e3341",
"rev": "da044451c6a70518db5b730fe277b70f494188f1",
"type": "github"
},
"original": {
@@ -689,66 +675,18 @@
"type": "github"
}
},
"nixpkgs_2": {
"nixpkgs-unstable-small": {
"locked": {
"lastModified": 1739214665,
"narHash": "sha256-26L8VAu3/1YRxS8MHgBOyOM8xALdo6N0I04PgorE7UM=",
"lastModified": 1742362661,
"narHash": "sha256-wonmHfY804hKBC0SA/s3rOhjgNseURTLjpOXfAC2MkE=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "64e75cd44acf21c7933d61d7721e812eac1b5a0a",
"rev": "903d679a5a674158c3f8d823f62680d5664d15c6",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_3": {
"locked": {
"lastModified": 1735291276,
"narHash": "sha256-NYVcA06+blsLG6wpAbSPTCyLvxD/92Hy4vlY9WxFI1M=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "634fd46801442d760e09493a794c4f15db2d0cbb",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_4": {
"locked": {
"lastModified": 1736241350,
"narHash": "sha256-CHd7yhaDigUuJyDeX0SADbTM9FXfiWaeNyY34FL1wQU=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "8c9fd3e564728e90829ee7dbac6edc972971cd0f",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixpkgs-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_5": {
"locked": {
"lastModified": 1741851582,
"narHash": "sha256-cPfs8qMccim2RBgtKGF+x9IBCduRvd/N5F4nYpU0TVE=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "6607cf789e541e7873d40d3a8f7815ea92204f32",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-unstable",
"ref": "nixos-unstable-small",
"repo": "nixpkgs",
"type": "github"
}
@@ -795,7 +733,7 @@
"lanzaboote",
"nixpkgs"
],
"nixpkgs-stable": "nixpkgs-stable"
"nixpkgs-stable": "nixpkgs-stable_2"
},
"locked": {
"lastModified": 1731363552,
@@ -815,18 +753,18 @@
"inputs": {
"authentik-nix": "authentik-nix",
"chaotic": "chaotic",
"cosmic": "cosmic",
"crowdsec": "crowdsec",
"home-manager": "home-manager_2",
"home-manager-stable": "home-manager-stable",
"impermanence": "impermanence",
"jovian": "jovian_2",
"lanzaboote": "lanzaboote",
"manyfold": "manyfold",
"nix-darwin": "nix-darwin",
"nixos-apple-silicon": "nixos-apple-silicon",
"nixos-hardware": "nixos-hardware",
"nixpkgs-stable": "nixpkgs-stable_2",
"nixpkgs-stable": "nixpkgs-stable_3",
"nixpkgs-unstable": "nixpkgs-unstable",
"nixpkgs-unstable-small": "nixpkgs-unstable-small",
"sops-nix": "sops-nix",
"steam-rom-manager": "steam-rom-manager"
}
@@ -869,22 +807,6 @@
"type": "github"
}
},
"rust-overlay_2": {
"flake": false,
"locked": {
"lastModified": 1686795910,
"narHash": "sha256-jDa40qRZ0GRQtP9EMZdf+uCbvzuLnJglTUI2JoHfWDc=",
"owner": "oxalica",
"repo": "rust-overlay",
"rev": "5c2b97c0a9bc5217fc3dfb1555aae0fb756d99f9",
"type": "github"
},
"original": {
"owner": "oxalica",
"repo": "rust-overlay",
"type": "github"
}
},
"sops-nix": {
"inputs": {
"nixpkgs": [
@@ -892,11 +814,11 @@
]
},
"locked": {
"lastModified": 1741861888,
"narHash": "sha256-ynOgXAyToeE1UdLNfrUn/hL7MN0OpIS2BtNdLjpjPf0=",
"lastModified": 1742239755,
"narHash": "sha256-ptn8dR4Uat3UUadGYNnB7CIH9SQm8mK69D2A/twBUXQ=",
"owner": "Mic92",
"repo": "sops-nix",
"rev": "d016ce0365b87d848a57c12ffcfdc71da7a2b55f",
"rev": "787afce414bcce803b605c510b60bf43c11f4b55",
"type": "github"
},
"original": {
@@ -958,21 +880,6 @@
"type": "github"
}
},
"systems_3": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"treefmt-nix": {
"inputs": {
"nixpkgs": [

68
flake.nix
View File

@@ -3,26 +3,35 @@
inputs = {
# nixpgs
nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixos-unstable";
nixpkgs-unstable = {
url = "github:NixOS/nixpkgs/nixos-unstable";
};
# nixpkgs-unstable-small
# nixpkgs-unstable-small.url = "github:NixOS/nixpkgs/nixos-unstable-small";
nixpkgs-unstable-small = {
url = "github:NixOS/nixpkgs/nixos-unstable-small";
};
# nixpgs
nixpkgs-stable.url = "github:NixOS/nixpkgs/nixos-24.11";
nixpkgs-stable = {
url = "github:NixOS/nixpkgs/nixos-24.11";
};
# Authentik
authentik-nix = {
url = "github:nix-community/authentik-nix";
# url = "github:fpletz/authentik-nix/24.11"; # for some reason this is broken in stable and unstable
inputs.nixpkgs.follows = "nixpkgs-stable";
};
# Chaotic-nix
chaotic.url = "github:chaotic-cx/nyx/nyxpkgs-unstable";
chaotic = {
url = "github:chaotic-cx/nyx/nyxpkgs-unstable";
};
# Impermenance
impermanence.url = "github:nix-community/impermanence";
impermanence = {
url = "github:nix-community/impermanence";
};
# Home Manager
home-manager = {
@@ -56,14 +65,16 @@
};
#Apple
nixos-apple-silicon.url = "github:tpwrules/nixos-apple-silicon";
# nixos-apple-silicon.url = "github:mjallen18/nixos-apple-silicon";
# nixos-apple-silicon.url = "git+file:///home/matt/nixos-apple-silicon";
nix-darwin.url = "github:LnL7/nix-darwin";
nix-darwin = {
url = "github:LnL7/nix-darwin";
inputs.nixpkgs.follows = "nixpkgs-unstable";
};
manyfold.url = "github:mjallen18/manyfold-nixos";
jovian.url = "github:Jovian-Experiments/Jovian-NixOS";
# Joviain for steamdeck
jovian = {
url = "github:Jovian-Experiments/Jovian-NixOS";
inputs.nixpkgs.follows = "nixpkgs-unstable";
};
steam-rom-manager = {
url = "github:mjallen18/nix-steam-rom-manager";
@@ -71,17 +82,17 @@
inputs.home-manager.follows = "home-manager";
};
# cosmic = {
# url = "github:lilyinstarlight/nixos-cosmic";
# inputs.nixpkgs.follows = "nixpkgs-unstable";
# };
cosmic = {
url = "github:lilyinstarlight/nixos-cosmic";
inputs.nixpkgs.follows = "nixpkgs-unstable";
};
};
outputs =
{
self,
nixpkgs-unstable,
# nixpkgs-unstable-small,
nixpkgs-unstable-small,
nixpkgs-stable,
chaotic,
lanzaboote,
@@ -90,12 +101,10 @@
home-manager-stable,
nixos-hardware,
nix-darwin,
nixos-apple-silicon,
# cosmic,
cosmic,
authentik-nix,
sops-nix,
crowdsec,
manyfold,
jovian,
steam-rom-manager,
}@inputs:
@@ -167,7 +176,7 @@
{
home-manager.useGlobalPkgs = false;
home-manager.useUserPackages = true;
home-manager.users.admin =
home-manager.users.admin =
{ ... }:
{
imports = [
@@ -206,21 +215,6 @@
];
};
# mac nix
"mac-nixos" = nixpkgs-unstable.lib.nixosSystem {
system = "aarch64-linux";
modules = [
nixos-apple-silicon.nixosModules.apple-silicon-support
./hosts/mac-nixos/configuration.nix
home-manager.nixosModules.home-manager
{
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
home-manager.users.matt = import ./hosts/mac-nixos/home.nix;
}
];
};
# Pi4
"pi4" = nixpkgs-unstable.lib.nixosSystem {
system = "aarch64-linux";

3
hosts/desktop/boot.nix
View File

@@ -3,6 +3,7 @@ let
configLimit = 5;
# default = "@saved";
kernel = pkgs.linuxPackages_cachyos;
pkgsVersion = pkgs.unstable;
in
{
# Configure bootloader with lanzaboot and secureboot
@@ -47,7 +48,7 @@ in
bootspec.enable = true;
};
environment.systemPackages = with pkgs; [
environment.systemPackages = with pkgsVersion; [
edk2-uefi-shell
];
}

13
hosts/desktop/configuration.nix
View File

@@ -12,6 +12,7 @@
let
user = "matt";
passwordFile = config.sops.secrets."desktop/matt_password".path;
pkgsVersion = pkgs.unstable;
in
{
imports = [
@@ -31,12 +32,12 @@ in
nix = {
settings = {
substituters = [
"https://cache.mjallen.dev"
# "https://cache.mjallen.dev"
"https://nix-community.cachix.org"
"https://cache.nixos.org/"
];
trusted-public-keys = [
"cache.mjallen.dev-1:IzFmKCd8/gggI6lcCXsW65qQwiCLGFFN9t9s2iw7Lvc="
# "cache.mjallen.dev-1:IzFmKCd8/gggI6lcCXsW65qQwiCLGFFN9t9s2iw7Lvc="
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
];
warn-dirty = lib.mkForce false;
@@ -72,7 +73,7 @@ in
environment = {
# List packages installed in system profile. To search, run:
# $ nix search wget
systemPackages = with pkgs; [
systemPackages = with pkgsVersion; [
aha
aspell
aspellDicts.en
@@ -96,7 +97,7 @@ in
nil
papirus-icon-theme
pciutils
stable.qemu_full
qemu_full
rclone
rclone-browser
restic
@@ -178,7 +179,7 @@ in
"lp"
]; # Enable sudo for the user.
hashedPasswordFile = passwordFile;
shell = pkgs.zsh;
shell = pkgsVersion.zsh;
};
hardware = {
@@ -190,7 +191,7 @@ in
enable = true;
brscan5.enable = true;
dsseries.enable = false;
extraBackends = [ pkgs.brscan5 ];
extraBackends = [ pkgsVersion.brscan5 ];
};
};
}

23
hosts/desktop/services.nix
View File

@@ -75,6 +75,7 @@ let
if __name__ == "__main__":
main()
'';
pkgsVersion = pkgs.unstable;
in
{
services = {
@@ -165,11 +166,11 @@ in
services = {
fix-wifi = {
enable = lib.mkDefault true;
path = [
pkgs.bash
pkgs.python3
pkgs.networkmanager
pkgs.kmod
path = with pkgsVersion; [
bash
python3
networkmanager
kmod
fixWifiScript
];
wantedBy = [ "multi-user.target" ];
@@ -184,8 +185,8 @@ in
user.services = {
rclone-home-proton = {
enable = lib.mkDefault false;
path = [
pkgs.bash
path = with pkgsVersion; [
bash
pkgs.rclone
];
script = ''
@@ -195,10 +196,10 @@ in
rsync-home = {
enable = lib.mkDefault false;
path = [
pkgs.bash
pkgs.rsync
pkgs.openssh
path = with pkgsVersion; [
bash
rsync
openssh
];
script = ''
rsync -rtpogvPlHzs --ignore-existing --exclude={'/home/matt/Games', '/home/matt/1TB', '/home/matt/Downloads/*', '/home/matt/.cache'} -e ssh /home/matt admin@10.0.1.18:/media/nas/main/backup/desktop-nix/home

178
hosts/desktop/sops.nix
View File

@@ -1,73 +1,121 @@
{ config, ... }:
let
user = "matt";
in
{
sops.defaultSopsFile = ../../secrets/secrets.yaml;
sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
# Permission modes are in octal representation (same as chmod),
# the digits represent: user|group|others
# 7 - full (rwx)
# 6 - read and write (rw-)
# 5 - read and execute (r-x)
# 4 - read only (r--)
# 3 - write and execute (-wx)
# 2 - write only (-w-)
# 1 - execute only (--x)
# 0 - none (---)
# Either a user id or group name representation of the secret owner
# It is recommended to get the user name from `config.users.users.<?name>.name` to avoid misconfiguration
# Either the group id or group name representation of the secret group
# It is recommended to get the group name from `config.users.users.<?name>.group` to avoid misconfiguration
sops = {
defaultSopsFile = ../../secrets/secrets.yaml;
age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
sops.secrets."desktop/matt_password" = { };
sops.secrets."desktop/matt_password".neededForUsers = true;
# ------------------------------
# Secrets
# ------------------------------
secrets = {
"desktop/hass_token" = {
mode = "0777";
};
"desktop/matt_password" = {
neededForUsers = true;
mode = "0600";
owner = config.users.users."${user}".name;
group = config.users.users."${user}".group;
};
"desktop/restic/user" = {
mode = "0644";
};
"desktop/restic/password" = {
mode = "0600";
};
"wifi" = { };
sops.secrets."desktop/hass_token" = { };
sops.secrets."desktop/hass_token".mode = "0777";
# ------------------------------
# SSH keys
# ------------------------------
"ssh-keys-public/desktop-nixos" = {
mode = "0644";
owner = config.users.users."${user}".name;
group = config.users.users."${user}".group;
restartUnits = [ "sshd.service" ];
};
"ssh-keys-private/desktop-nixos" = {
mode = "0600";
owner = config.users.users."${user}".name;
group = config.users.users."${user}".group;
restartUnits = [ "sshd.service" ];
};
"ssh-keys-public/desktop-nixos-root" = {
path = "/root/.ssh/id_ed25519.pub";
mode = "0600";
restartUnits = [ "sshd.service" ];
};
"ssh-keys-private/desktop-nixos-root" = {
path = "/root/.ssh/id_ed25519";
mode = "0600";
restartUnits = [ "sshd.service" ];
};
sops.secrets."desktop/restic/user" = { };
sops.secrets."desktop/restic/password" = { };
sops.templates."restic.env".content = ''
RESTIC_REST_USER=${config.sops.placeholder."desktop/restic/user"}
RESTIC_REST_PASSWORD=${config.sops.placeholder."desktop/restic/password"}
'';
# ------------------------------
# Secureboot keys
# ------------------------------
"secureboot/GUID" = {
path = "/etc/secureboot/GUID";
mode = "0600";
};
"secureboot/keys/db-key" = {
path = "/etc/secureboot/keys/db/db.key";
mode = "0600";
};
"secureboot/keys/db-pem" = {
path = "/etc/secureboot/keys/db/db.pem";
mode = "0600";
};
"secureboot/keys/KEK-key" = {
path = "/etc/secureboot/keys/KEK/KEK.key";
mode = "0600";
};
"secureboot/keys/KEK-pem" = {
path = "/etc/secureboot/keys/KEK/KEK.pem";
mode = "0600";
};
"secureboot/keys/PK-key" = {
path = "/etc/secureboot/keys/PK/PK.key";
mode = "0600";
};
"secureboot/keys/PK-pem" = {
path = "/etc/secureboot/keys/PK/PK.pem";
mode = "0600";
};
};
sops.secrets."wifi" = { };
sops.secrets."ssh-keys-public/desktop-nixos" = {
mode = "0644";
};
sops.secrets."ssh-keys-private/desktop-nixos" = {
mode = "0600";
};
sops.secrets."ssh-keys-public/desktop-nixos-root" = {
path = "/root/.ssh/id_ed25519.pub";
mode = "0600";
};
sops.secrets."ssh-keys-private/desktop-nixos-root" = {
path = "/root/.ssh/id_ed25519";
mode = "0600";
};
sops.secrets."secureboot/GUID" = {
path = "/etc/secureboot/GUID";
mode = "0600";
};
sops.secrets."secureboot/keys/db-key" = {
path = "/etc/secureboot/keys/db/db.key";
mode = "0600";
};
sops.secrets."secureboot/keys/db-pem" = {
path = "/etc/secureboot/keys/db/db.pem";
mode = "0600";
};
sops.secrets."secureboot/keys/KEK-key" = {
path = "/etc/secureboot/keys/KEK/KEK.key";
mode = "0600";
};
sops.secrets."secureboot/keys/KEK-pem" = {
path = "/etc/secureboot/keys/KEK/KEK.pem";
mode = "0600";
};
sops.secrets."secureboot/keys/PK-key" = {
path = "/etc/secureboot/keys/PK/PK.key";
mode = "0600";
};
sops.secrets."secureboot/keys/PK-pem" = {
path = "/etc/secureboot/keys/PK/PK.pem";
mode = "0600";
# ------------------------------
# Templates
# ------------------------------
templates = {
"restic.env" = {
mode = "0600";
content = ''
RESTIC_REST_USER=${config.sops.placeholder."desktop/restic/user"}
RESTIC_REST_PASSWORD=${config.sops.placeholder."desktop/restic/password"}
'';
restartUnits = [
"restic-backups-jallen-nas.service"
"restic-backups-proton-drive.service"
];
};
};
};
}

287
hosts/nas/sops.nix
View File

@@ -1,142 +1,8 @@
{ config, ... }:
let
user = "admin";
in
{
sops.defaultSopsFile = ../../secrets/secrets.yaml;
sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
sops.secrets."jallen-nas/admin_password" = { };
sops.secrets."jallen-nas/admin_password".neededForUsers = true;
sops.secrets."wifi" = { };
sops.secrets."jallen-nas/ups_password" = {
# restartUnits = [ "ups stuff lol" ];
};
sops.secrets."jallen-nas/ups_password".mode = "0777";
sops.secrets."jallen-nas/collabora" = {
restartUnits = [ "podman-collabora.service" ];
};
sops.secrets."jallen-nas/mariadb/db_pass" = {
restartUnits = [ "podman-mariadb.service" ];
};
sops.secrets."jallen-nas/mariadb/root_pass" = {
restartUnits = [ "podman-mariadb.service" ];
};
sops.secrets."jallen-nas/nextcloud/dbpassword" = {
restartUnits = [ "podman-nextcloud.service" ];
};
sops.secrets."jallen-nas/nextcloud/adminpassword" = {
restartUnits = [ "podman-nextcloud.service" ];
};
sops.secrets."jallen-nas/nextcloud/smtppassword" = {
restartUnits = [ "podman-nextcloud.service" ];
};
sops.templates."nextcloud-smtp".content = ''
${config.sops.secrets."jallen-nas/nextcloud/smtppassword".path}
'';
sops.secrets."jallen-nas/manyfold/secretkeybase" = {
restartUnits = [ "podman-manyfold.service" ];
};
sops.secrets."jallen-nas/immich/db-password" = {
restartUnits = [ "podman-immich-postgres.service" ];
};
sops.secrets."jallen-nas/immich/db-name" = {
restartUnits = [ "podman-immich-postgres.service" ];
};
sops.secrets."jallen-nas/immich/db-user" = {
restartUnits = [ "podman-immich-postgres.service" ];
};
sops.secrets."jallen-nas/immich/server-db-password" = {
restartUnits = [ "podman-immich-server.service" ];
};
sops.secrets."jallen-nas/immich/server-db-name" = {
restartUnits = [ "podman-immich-server.service" ];
};
sops.secrets."jallen-nas/immich/server-db-user" = {
restartUnits = [ "podman-immich-server.service" ];
};
sops.secrets."jallen-nas/open-webui" = {
restartUnits = [ "open-webui.service" ];
};
sops.secrets."jallen-nas/netdata-token" = {
restartUnits = [ "netdata.service" ];
};
sops.secrets."jallen-nas/onlyoffice-key" = {
restartUnits = [ "podman-onlyoffice.service" ];
};
sops.secrets."jallen-nas/paperless/secret" = {
restartUnits = [ "container@paperless.service" ];
};
sops.templates."paperless-secret".content = ''
${config.sops.secrets."jallen-nas/paperless/secret".path}
'';
sops.secrets."jallen-nas/paperless/authentik-client-id" = {
restartUnits = [ "container@paperless.service" ];
};
sops.templates."paperless-client-id".content = ''
${config.sops.secrets."jallen-nas/paperless/authentik-client-id".path}
'';
sops.secrets."jallen-nas/paperless/authentik-client-secret" = {
restartUnits = [ "container@paperless.service" ];
};
sops.templates."paperless-client-secret".content = ''
${config.sops.secrets."jallen-nas/paperless/authentik-client-secret".path}
'';
sops.secrets."ssh-keys-public/jallen-nas-root" = {
path = "/root/.ssh/id_ed25519.pub";
mode = "0600";
};
sops.secrets."ssh-keys-private/jallen-nas-root" = {
path = "/root/.ssh/id_ed25519";
mode = "0600";
};
sops.secrets."secureboot/GUID" = {
path = "/etc/secureboot/GUID";
mode = "0600";
};
sops.secrets."secureboot/keys/db-key" = {
path = "/etc/secureboot/keys/db/db.key";
mode = "0600";
};
sops.secrets."secureboot/keys/db-pem" = {
path = "/etc/secureboot/keys/db/db.pem";
mode = "0600";
};
sops.secrets."secureboot/keys/KEK-key" = {
path = "/etc/secureboot/keys/KEK/KEK.key";
mode = "0600";
};
sops.secrets."secureboot/keys/KEK-pem" = {
path = "/etc/secureboot/keys/KEK/KEK.pem";
mode = "0600";
};
sops.secrets."secureboot/keys/PK-key" = {
path = "/etc/secureboot/keys/PK/PK.key";
mode = "0600";
};
sops.secrets."secureboot/keys/PK-pem" = {
path = "/etc/secureboot/keys/PK/PK.pem";
mode = "0600";
};
# Permission modes are in octal representation (same as chmod),
# the digits represent: user|group|others
# 7 - full (rwx)
@@ -147,19 +13,142 @@
# 2 - write only (-w-)
# 1 - execute only (--x)
# 0 - none (---)
sops.secrets."jallen-nas/nextcloud/dbpassword".mode = "0777";
# Either a user id or group name representation of the secret owner
# It is recommended to get the user name from `config.users.users.<?name>.name` to avoid misconfiguration
# sops.secrets."jallen-nas/nextcloud/dbpassword".owner = config.users.users.nix-apps.name;
# # Either the group id or group name representation of the secret group
# # It is recommended to get the group name from `config.users.users.<?name>.group` to avoid misconfiguration
# sops.secrets."jallen-nas/nextcloud/dbpassword".group = config.users.users.jallen-nas.group;
# Either the group id or group name representation of the secret group
# It is recommended to get the group name from `config.users.users.<?name>.group` to avoid misconfiguration
sops = {
defaultSopsFile = ../../secrets/secrets.yaml;
sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
sops.secrets."jallen-nas/nextcloud/adminpassword".mode = "0777";
# sops.secrets."jallen-nas/nextcloud/adminpassword".owner = config.users.users.nix-apps.name;
# sops.secrets."jallen-nas/nextcloud/adminpassword".group = config.users.users.jallen-nas.group;
sops.secrets."jallen-nas/nextcloud/smtppassword".mode = "0777";
# sops.secrets."jallen-nas/nextcloud/smtppassword".owner = config.users.users.nix-apps.name;
# sops.secrets."jallen-nas/nextcloud/smtppassword".group = config.users.users.jallen-nas.group;
# ------------------------------
# Secrets
# ------------------------------
secrets = {
"jallen-nas/admin_password" = {
neededForUsers = true;
mode = "0600";
owner = config.users.users."${user}".name;
group = config.users.users."${user}".group;
};
"wifi" = { };
"jallen-nas/ups_password" = {
mode = "0777";
# restartUnits = [ "ups stuff lol" ];
};
"jallen-nas/collabora" = {
restartUnits = [ "podman-collabora.service" ];
};
"jallen-nas/mariadb/db_pass" = {
restartUnits = [ "podman-mariadb.service" ];
};
"jallen-nas/mariadb/root_pass" = {
restartUnits = [ "podman-mariadb.service" ];
};
"jallen-nas/nextcloud/dbpassword" = {
restartUnits = [ "podman-nextcloud.service" ];
};
"jallen-nas/nextcloud/adminpassword" = {
restartUnits = [ "podman-nextcloud.service" ];
};
"jallen-nas/nextcloud/smtppassword" = {
restartUnits = [ "podman-nextcloud.service" ];
};
"jallen-nas/manyfold/secretkeybase" = {
restartUnits = [ "podman-manyfold.service" ];
};
"jallen-nas/immich/db-password" = {
restartUnits = [ "podman-immich-postgres.service" ];
};
"jallen-nas/immich/db-name" = {
restartUnits = [ "podman-immich-postgres.service" ];
};
"jallen-nas/immich/db-user" = {
restartUnits = [ "podman-immich-postgres.service" ];
};
"jallen-nas/immich/server-db-password" = {
restartUnits = [ "podman-immich-server.service" ];
};
"jallen-nas/immich/server-db-name" = {
restartUnits = [ "podman-immich-server.service" ];
};
"jallen-nas/immich/server-db-user" = {
restartUnits = [ "podman-immich-server.service" ];
};
"jallen-nas/open-webui" = {
restartUnits = [ "open-webui.service" ];
};
"jallen-nas/netdata-token" = {
restartUnits = [ "netdata.service" ];
};
"jallen-nas/onlyoffice-key" = {
restartUnits = [ "podman-onlyoffice.service" ];
};
"jallen-nas/paperless/secret" = {
restartUnits = [ "container@paperless.service" ];
};
secrets."jallen-nas/paperless/authentik-client-id" = {
restartUnits = [ "container@paperless.service" ];
};
"jallen-nas/paperless/authentik-client-secret" = {
restartUnits = [ "container@paperless.service" ];
};
"jallen-nas/nextcloud/dbpassword" = {
mode = "0777";
};
"jallen-nas/nextcloud/adminpassword" = {
mode = "0777";
};
"ssh-keys-public/jallen-nas-root" = {
path = "/root/.ssh/id_ed25519.pub";
mode = "0600";
};
"ssh-keys-private/jallen-nas-root" = {
path = "/root/.ssh/id_ed25519";
mode = "0600";
};
"secureboot/GUID" = {
path = "/etc/secureboot/GUID";
mode = "0600";
};
"secureboot/keys/db-key" = {
path = "/etc/secureboot/keys/db/db.key";
mode = "0600";
};
"secureboot/keys/db-pem" = {
path = "/etc/secureboot/keys/db/db.pem";
mode = "0600";
};
"secureboot/keys/KEK-key" = {
path = "/etc/secureboot/keys/KEK/KEK.key";
mode = "0600";
};
"secureboot/keys/KEK-pem" = {
path = "/etc/secureboot/keys/KEK/KEK.pem";
mode = "0600";
};
"secureboot/keys/PK-key" = {
path = "/etc/secureboot/keys/PK/PK.key";
mode = "0600";
};
"secureboot/keys/PK-pem" = {
path = "/etc/secureboot/keys/PK/PK.pem";
mode = "0600";
};
};
templates = {
"nextcloud-smtp".content = ''
${config.sops.secrets."jallen-nas/nextcloud/smtppassword"}
'';
"paperless-secret".content = ''
${config.sops.secrets."jallen-nas/paperless/secret".path}
'';
"paperless-client-id".content = ''
${config.sops.secrets."jallen-nas/paperless/authentik-client-id".path}
'';
"paperless-client-secret".content = ''
${config.sops.secrets."jallen-nas/paperless/authentik-client-secret".path}
'';
};
};
}

17
secrets/secrets.yaml
View File

@@ -35,12 +35,23 @@ jallen-nas:
nix-serve:
cache-priv-key-pem: ENC[AES256_GCM,data:PkScK3BDIT9YEh3dxnZDu98ofVzUInCU+3CDcAkIPB19mb4IdaCEEGF6op9afQlHfQBEQ0CEOhpzmko23rUKYSiCACA7lviaZRLIrGzR52SuMrzVQklEOJXxpr4i664vVX+MLnUf86u1g3Yp,iv:+0Xbq7+glJaCdeJk3xRIqYND77Qs2m3EWTDpe8EUx+o=,tag:dyS/hYnsDUQSvlOQXkbjqw==,type:str]
cache-pub-key-pem: ENC[AES256_GCM,data:AUC8wUnUKGGqnISgPYS0XyvtLRiaBAv9z+Rva9+eqRdsY1ltdEm2oBeQ8zaTyjtG+Y+5RG9MbEj18OB9sMK/Tg==,iv:2Uv8XLyKwfxzWDGOxc533kj4OqwzDttLwq1nH4I1yWA=,tag:j66BtAyXSayxEqk4VQ1e2g==,type:str]
system-ed25519-pub: ENC[AES256_GCM,data:x4CPDr2hjaUKmbXs/HyDWnDT9xl1Q8y9PqkH8PisLCvCah5hEjfJHMgmJQ/ZIdkGRqLAEk7F+/qFZbVLxkXJLVr4275WMG7MT1kB8kAB76wNjXJH/pcnODpYAHngV01P,iv:Y024HkJvKbw87g6GrmQmTrylRSckNK29fKrUwHs31EY=,tag:X1otvjjX95dah47QRUVZLA==,type:str]
system-ed25519-priv: ENC[AES256_GCM,data:MBzc9CwXcsFlKllbRk4xCVUOBFB/beYKivJ0tDn/iye8/dfHxzAhlekLmxJqt1ciHalrkGDR4F4y50z6pCg1R6413Cnj3o3wcLIG45ULcnLHJavRYKa3SmCmGRLgkYJQ85Mk8kFb03fevR99I/+TuOOaK5lRGXmiY30OqKjqfag5qFHx6ChfXqGXUAkvwNmcI5hSmHuOQcwD8GTsyLCsOrw4JZ/zoPQVn2TETR32+LzkRd2RNEzZ6Kg6f72hUrYmMecADDz5U4ymSv/LA/biloiQSiCq7NghuWmlcOnjz+vT0wMu7Xdu43o5hnqhBLF4eT50o/IAITj0sctgLq4YXKIIVPWdLCtrG/u1ieOPjBUvNZXOU7dAYm9PQCEjKQXuDNWMXhiXX9ADdXmxYcx4rqhVUUINqXZheYDIESnjQ/wc/7g6BeK+LyzJcYnYK/6lSvMB3DCyvTnsoZ8VHB7TrEF3SR+b5A4ywNt49hEjc6ECpm/zeUlnxXb+FkUtHMPa7gA56Hs4zfeBlnDxZH5B9J1cncv+wnZxoBb/,iv:PoZJe7/I0pI5epJloP42kjdElv5j90WjMbanQmdpAWs=,tag:UJwHUOCjUnERM9qMm/lCRQ==,type:str]
system-rsa-pub: ENC[AES256_GCM,data:QE2yLMpkMCaZTXrn5Q1PpMSuWVpno53fZ+1b73uqqKSphku8HKPzVjVbxI11Zd0ZmgcBD4pdhfKSrW43NayXL643AqCBI46FPN5wG29KnW6X25RHt5kb2KgWZAWskK7sWfSsu16w4UxIZc0tRjtwfrv5++MT81yXGodAgtXA3WF9hDhT+NS2k4zB7Vatl7YWCgTSRs8aUSnzgOkDiV7FcvorH93upNrBa55HCXjs2bpovvKlYyvWSYxgPrHmvyj/XBNiiUdQmPty+AqHfMc9TphR4vkmPauOMYB38w1VG9NGgrlUUWAIk7c/1/eGC6Ysi0OqEatOH62qkAKuQJSe+Tr9dGWzSBDXYJfbgrEgE+Iy5GQqCz/MPzh0Hj9w3hJGDbOhNpql4iJhRa2N/mbkf0MzkkPHiDmj1VUrfWm8VyhSm9Pl6y2WSX9aL1euvfnzXjeF5uPhzKCEbmLtxVaXnGWTW+OgsLMnmpPBMp7uRMJyrLkVYOVPjRNCp+5ySsEGw3jRjgLbfboDu3coRL9QTB1CApYiUW7T7m9X2BKOzAqaXSp/ZwEHNyox9tK5ae020ZXz1G3XxL9j6nv7eiLESrvED3pHZazLrkgIx9KcTeA/PEzQSD+dGK49+8Q3RaPBrPLxVDtSN1tBm0K33sCq+IXFLZltgQ/VrpFVRDbhEU5wd+Y5pQRmnQpZx/tRKLJs/pIp5ZI168iQrMhG1kgamL1IY4NHgQcvdFgtTI9apKPqGSUC/YvB5ahNhMcz4uDJWttVaI0NsLTzPSUxEcARzCvjPgIUCap3sNAl0YWelywXdaIwu03y9gsrFbxB/PA1SIdy/z1hvaxWD7E3NE7BZ4PA6Cagrv02XZi36ImXIqUAegvpu80jz5NU0fP8vZO9zOlf30aMOJWbZnQbBn6ffz0ILbluX+8I2hpx54BNNYi4CLBbzeHfOz1MwYQ1SeXVkC6vrD5E6tVahPf0g4smyKEVyz8=,iv:A6uSk95tvvoUCUR+Et9HrI+CYjVpaZEjuQgGGx2kSpg=,tag:Zo3BvyXMmKi2pZ+9bwB/5A==,type:str]
system-rsa-priv: ENC[AES256_GCM,data:foq99EJRjqhg0gdTPPGKYskXHuSmg9+CC73QfzykxGdpcReKRADmHZcRybxu4f/RCYNyn/s55NY84HbjMl7i3KJMdBSGPrzdGWHzwZ8nmhci9pV9mnyprT1DoT3ZeXIxt6VAFMkyz5HnruGraVJBL3oBpfCrbWEaNprsbL69Z+Y09aw2r4fvPNtviv43hoOPE0g5+zk5dUdxvYQtMGj931jUXf8sP0fFlCyBGZJOtCysYvfmGVFlRgcccDIoYIVJFax5PXiDgeErOOXrl8c4K6rSO5H1ZInuh1gvACbZLptxxzuw89hWc4QFkAA3IWd+2P9MGyPKw/vqSy1VmWJJqJE3Hxu0QGdK3L2gQYqCttTiLnfFfbmZU1HAgHp8MBZbO7VKxdfogDchzqdVFBS/2P7kTtbET8z+yxwBdc+ovB3BLUGgUmjObfpqwaHIYISNpFEDkCUVAMYwMdVXYLoZASQ8FkIN+hyce+Wmaw4diAYWAV7uAmBpr9l1oWlWUnbbsLecbsVGrzkhsXw7ijlC7KM5Vqf5l3wU98FYYBWSiaWfBOAtKPP3AukdmRzqbj4DX2mPFJQs3V6awg82gz08X4fEZ1WljtzIthPcVicbuS1AkuSBh/25WGuTr5qtwdS+vdqZm+ePoWvV1loZn9WWFw0n1ZTkjGwHobnjTh4OImLu/oGK7GOxLiJMIyj2xpeKZmknWZA/cqO+UpEQgQ/Hz6UAxnVHS4FSsyU7amceavTUM5+Cd5ocakvBkHLJ+O2V72+LOXqdD19/eI/I76953q+SJPjB0UdeX5+C6M/1Cs2aQosZ5n3MYSobyZvqKE1nAZmcUiJF8Iymr50ccQMRzFrvnSeccKWWeWn2fRDiNZAdIXYc2YruLJgISEvt3aeYnWIzzN/ndtK8C0IuQeXaG2MozQA16cYS5TD+/Au9ZaIMC5WkOUtzyvP+hJ0LHf2Wby9dT7XzeKO5Bo1WB31ks6C3+M9LvitpLjIvloMNR0esPX4F/Uml5UKTijfKMuiiSbR6Qa0fKAisg/io+TJdb4ZhGNr4z7IkiNPN07ZCXfzBC44h5RM0EGE4J4peTnYmPj2K+c9repNp0OvASPmCwDTkwIQp0gJHaRVT+mv2Gmq2nnoaXpb6bSVsys+WazrsETepLk3y5PbnkFziJUF2XJ7dyeeZz/bFm36Uksa0aW82vq1qgYXFEPt9ApBRTF00rDX14Ok2NVy4J9kGPme2XH1I0vYk5bkRXeu9+lLGgT+kew0cLbYckYevOW5htJmYtsX1x2RR9thQXfyNdhI1HhUWC2jM/qZIR3dYP9DORkIxTg09akz5zIrIzXZYpiHts8InkySSJSEssX8gtv6a/esYlWGNycKSJ4ml645VdY4k0LOyyvr9ocOsVudMhCQ8cZtWUrowZshS27jVbMZzvyZiVwamGygnd19TJTAnbVKz19vAShdNkA+XGc97EmjkX8sc0ZEpaL+LJ53HXFs25QeaCvqeoC6uq0RaaljXpQNJPj1Nju6PyS28a+Uydlm/Cv+NTc757Zj/0vdqd32FP1Q7qYnj/Iv1TlTGPHhfXAyP95Ku4Gl3hX4JlqVOKkEsxGzqkVpycvwIWmHE3M8rgnoS3vqqOza2qM57howeUGTkWTm1tblb6pqk4FFMG2kHhp21kfWy6SZ00wZzALsW8XpBpuwUJ6nCNyI44FqI5+1xOeSAvoxhSnx4rrcqctfegZWU1QWBemMi/al8D1pDZOz4V3OgclD74uTnqx4AOh8QmTHOr/1Xc+ZX3snPKq2QfdUdd99Om8JdoN8Khvxp4wmV7RxvAxA/OukmJPhTN8NWv04Pgu81dv4uDD4Qrcogufqnxj6dmUg9lByo6No/qtcf+K3MC3UIay/J6+unlvowzFH3YtkMcQWeuDGBXKy9ZGxTwTsMbDrnJehnUss7i9PApojrSGKh8nujXFeNfca58i2NQyYGDczffviuGj1D0YRB29t+iuPFnTdPK/D0HjVvJEsM6uem+t5yV8Sp03njenxg9ccpCEsBMV243mic/RVIFHUlCDylCA171VED2F+ojU4RUaixxDcge99KkBPkFY8Yh37KIAxjLx/Q0lqLqSnT0G2mNU4CYcECIRUuTCAMNrfzkLIZ2dQdC+AtOtrzAyjMddTtNROvgxQUHsolz0NyKpMNHQRjmNCb3lK9gLkfDqJ6RSwJVJ4wa2bIUJ9IpC8cSFk5zNKy5EmCmBPSPvTP02Q8ryFsoqQJPKe5v7DMV7QKQki8+0QSUOrjkJugDFdfxrY9deBnI0AXlFiqOIJbrMdcIJhSFrXPXlFtgm72lFoeb87D518VH/pafxjBPUwvgnoC6lt6TDl0+ouOkJ6byM7iZoh2vcqk3vcRbYdvPhyIbXnEbbr9p0lQ2Z/AqdXFEgmIaYVZCKLh5hsUdGV0yxsDx6hcmar3Smvt1BITCrMQ+VO+3c0JXKuQhj7uKFjqqjAtuf/oSOzuSROICo5q1u8bZU28MGejuZ/MJAF3EZzDzLQ8LaQhhkNw0klR78Z90Nw/SH0IASgboKPVxS+Eu71Nn1S4wXeuwYCVZdfunfzuunSz5VaOys8fD7aL8Lm0dZ98t6CejcJB/G3fXU4WY2x3WLMsoUrMi5S9SAVF7KEKcaLJpUOMtr3C60Sz75J2ag3cbn80W8rx0OakvFebqRyS0857XDprWxVC/NnwQb3BNF9cnZulNCwkdNOZ24gQREHriZrjre4QJrheVOULLEKayuOJ1LyscIiWzLpOmikrF9ZwhJR562SgH6xuDkpps6toDOfa1tmWrCi/Tu1BLaOGks1hR2tHf5cB+HUSjscl5LObWQvDs/4m6vvY+JMOlKqMi7MjwE5Nz+PZBV+YNZDqSuquzZNWWHeNE3fcYkbjZQz/5S2uV5zTK+Puety0bcm9Xz3MksDbfoTzWejNQJaXfiKzXEfVdnz7TMkqSBSFoiP10zQtHGy+WJ+3qvPdn2kfIauJKxe82FSSg7MrJ33mRdiI3H1WqpzAFQX25z1tNo89aBuS61F0ArXsc3FFLuG+eckuVu9glfHASxLsFqBY22SYOHRLHcc5Yd5m8cHPAS4HAfzbv0ozZy350Mycswo0a4W0Di/dFm/Bmlpeflm7X9l9FZaCXzBPBq4N8x23FnznIe8gzqsjg/RMHwHikza1KNL9388niFm1yh+gpIhR6hPjuMcwPAv9mv72/XVUT5Co4fZnWlc9M14fw9qhQ/7VuJ5HLTQyhzGc3z4NTt3OQWOvyAtLORVmIQ1HuAh8HC2m1Y/4zJ8lEUPkopMJv65EmAo0Sr/+Wudwz18xnn+Y1Ae0NMdHDHqkLAL+mdQYt9Bd22zCfAXSshmCgBq+dLYRNT5ehcZ2IGXD8+BeMIdnMEe8MSu5HmbbPkOxGcWNf6W4/qHzBqRf5CW8iOtFTDvyyM9WaNoZMbQyjh/PR/2g1SGMgk4EOD1irP0XLZHFRNCvOFYQOfn85rCZdLSjlKEGeIk/U1SQUmQVOuda7Nhj1ewBkyZ5qk9jNMvjxum2/6E6JopLGoKraWaHZbjq9a+7PZ8UAlz3erZ0l6Ed1m4CFm6nFOv92+3D6XUtL9ESll27s1WRua2vOhPyUmxrNzpBqZACfXId0yb/X0ZfGpCdAGo01CctGtBF4nVrDbmQUS1MXZ2w3yk3db6HbMRoqyskMBwWvzeQBqapg0jjs9JZD0ANaSCFRydWsA0TRNRUWkiZxGPaOT/sYfgfABVbNt1cD3+SO6+RrpdlRaXLSTEQ4BH0FBDwexGh9Hr7tWYTmiwoWHgws77WBa71CoyebFxFFFLw/+3nHBFC5uA8bFh0DrhGB8DWGnVw2PDp/IKQYpbRn2qQyCSQ/johe579ULXWqb6n6K/hY1ZaBL/p/tGu5UeOMJ+LKs9YPCWTEDCaav1OTHqyBoxxKWBGNPuLkhgSbPW46jCB0k03cGVIXlG9ea9/eT8vHFcUa0Lg780HSmdF5mF0dFXkQuPw0tL5EtoTJAy2k8d4TTe/mDalZx/FRiZudTY6hleCG5IRDKhA4ppestIbPEqZfleEqMZM7g9wqA5WX3Prq0/PcVJNBIEycEIuzgCEUvc9QXLQunAkvzegypOeDE9m1cphr2irmxqY0mBM7PufS1ktIUuFEsp6y44pUGavI+ou1rN94x1ejvhqoSicWjk9gDm6q/JNuegyFJM/yn28nbxdFAjRD4sX9W8klXS//nUJy99bOMd3zg9FbdQUUidDQIClQX0S7Q2dqqA6tjrYSza45lOx17Zzr/5zk6ovbxK06GzL1yppN9p5MDR777+3BFVEUk6boEDLVMW4VLmu08dJ43bP3pseBE7cdA75RS9Io630ZE28KD5dVAflzqHjYkZEybXZq8dRRY5SzXeU7OSUBWKKfzpnF92qZv+lBGtvgjBeyEs41MbXT1WjfDOZiVrAiQhcVPmsy5jolqOv6W1VBpZm/1ImY8WgnFjL7rigSxARwGwm,iv:99ZsuvsGLWcv3Yy/FQSodt+CiMCwYNJxpb9HHRerA94=,tag:MlGCfoKtagAa95ZMOm3Egg==,type:str]
desktop:
matt_password: ENC[AES256_GCM,data:z/Jjzr+/PREpNEQsAVl4soeKAwW3sdteIqjhZT2txQDiR0FvGvEBoE/aYCM9NS7XSCgTeTuOqgBGfq4xDLc5/ZBAl7KoGHmKIQ==,iv:qVONkw8PDI2ydqybqGIU2XFq4+qC1BeXnfwxbxbWBww=,tag:eYOD2EoBn9XMiYOaBDFlRw==,type:str]
hass_token: ENC[AES256_GCM,data:un4uyUPcr6g8IIWlXvTCpQ5hXms9FZxaVQz+fk1HMNRdfToTI7OLv8XyYOZ4NOZk5OJcLUUcu2S6zDKL0nc6PUqKD/8X8Rc4wVxEPoAZHiH3EBwuj3LSQac9m2Qlgs17vdfRGkpCt52h5ayPwItop1eb222MXHnQWPsslWT7RIN+kuzQ8prj7MU3ag6lqH8dDZjYQutskF1VkXWolQZkAG8gGZPK+C0BXB5Kxlpx4nYD/pQs2eKr,iv:qR5Jn4QcDISEcLzwmPa7hj9+u5JcQuzdB0qLxlYeK8s=,tag:tSN0CaQz6WsFSw+0fVrDYA==,type:str]
restic:
user: ENC[AES256_GCM,data:ccJZWRM=,iv:fExPV4GW2aIDfJ12OCOmDYGAzRGhOu+mcRcKXSfqQME=,tag:MVRsGgbfW4tmnAmQP4e1Dw==,type:str]
password: ENC[AES256_GCM,data:CjEpTwCAOoIdlb8=,iv:loIX/SmckPIhn9tcIs/eRAbHrbrDe42GeltgwOCo5YE=,tag:F672YtNS1z+9DOewM/7pHQ==,type:str]
system-ed25519-pub: ENC[AES256_GCM,data:MGTQrs94jUI+CrOf/zAes0YZdj9DZxYMRnaKdWRCPLPPVPKX2CAO6V81CS2zJF/OdBUWQ7Sdm4Ay2mOMZTqKFWfzZAxWiJ955pQ7IFWKs4XgQ35j5S1W1NIbTv2ON+c0,iv:8+I+VXPpNYTAbXIr3kGJZKvHce55JH5f5glFRiSE1ac=,tag:TmV/T1R5Qp2WSSm1XwZf7w==,type:str]
system-ed25519-priv: ENC[AES256_GCM,data:zybeelXlF5nCxZvaOa9V0txc5JUergAv0vyp9YaVozNbT8JfCvRl69h9/NVCOIsucp0TJtnCD2FUYQpPVjVQ4d4F5kWjhQ0MN1PUMUTslLGBY1YKWKY3DRBJFdAgzibgA/5Tn6V8NHLaIoJON9yXXE/glucFj2G+cGIcIV8AAVi1DMFPajZ87p0LFKHe4gBMA1D08qEVSRwfCp3ZiF/THfszN+agxL2+tqfSuNG4sNucojs9y6jlZEw0vEDRVlXzVACSFq35IcKL7AVnabGY/s1Xm+NrtEqtC10MOVhRerZ1i8U6mVssVnu8XFWC/KHOghfODq761bEATts8tePumoDt1RkEyY5fDi0xC0XY1F6JB+1pPKf+BrdtwsZ1Q16YCWOsXX86X4d0EB364vESGhV4sBIvmAcLvO11FAw9RnOXb2XwcAa5iJTAk+qw8H3yNo9lThq7qygl1QnVkHlR8V9fP1Hvs0bbd9/JaMmZ7J6WTkW9zN3kO6rP6K9v7+H2iwnHphc+hdCAeb4NEJ514/Boq4/Nqeov5KnY,iv:6HQJVFhzzs5gDOp57cu2rW01qvLz0ee/iMnkOF5coFQ=,tag:mrENCKBHpMB+WImThj2/yg==,type:str]
system-rsa-pub: ENC[AES256_GCM,data:h6AJEB3k1mhVd2afsov5GkFmJ9iFkAW5iSQpFojFBa4Vup3LkpYKv+sbOaWLTib2Triy2muheU7MD9FsMLa7oTUTvrF2WKL5fKmSExveRP6TQCM/3Yc+no0H3eX2Quh80xWwlAxXiiSFxsqemw3J8Kc5+l/VFQ0+XJcuhErkqe3IaDDJePqxALRJgCbPyZFDw7m0RcaZieMLzs7AvO6I4n/OMXwFmed47lkKsFgeQWKlF6eTYzlObjPbvZNOmUSLqm44t5f90DXjXun8Wxc8RN00HKI6NeU0wChx4xHxdgFYimPn+Aa2peuS8L+Xr8TMKcymUuIa0FREh7yClnoLYbjvMmScBtXrWUu8K0xC87BR+bJMbBnJsm3NDzY9W1a/sPYW6DEai6qQh00OZpp1ONPn7XXOjHF77z9NtO+eErlec2FZH+XKVxmhBe3soDF9k+MmRTmc5g6UbtlQPC9k5EsnAIrnSUP33K4MPJ9Y6o/XBLOhvSw1HR12fX+5oVuwSXe4usyJThFrm6MAk83BSCQ06/GP9kl87x0Gs0DVoXnV5tej1kOsb2fd76vV0oWFh417ROld3/L9KWZU0xKgAXCvC1k+uAeFa7wclDuK/vdtbTl0xKfsYCptmm0Ug9RmCvI4xPysP7OJZCk7FoiJtGCGUYE647Afro9EpaqxGksw6nDFcfw/Ht3Lyzht/ry4S5GDZFvxrnuzmvK5/BgscxS38kND960i/puf1RCBpL4UDfJnkacgPUC/BmgZoRaRSKGmymUqmSinr2HgCQVPXLeyAl4myx+a2U0W8WMW1S6TjEtfKQKyxrr8y8gDOMBYwxBnpy+P30z7NxzDQkyRjNGTwKDncQL3j8vD+Rn3fm0hsdn3nbf+7X4lYd8TTdR1JujkCPUclexf7komJJFvaQVHyUQKSZk/57NNLIHpYsllM8SYMDYfVl+ND3sFfcMQzuOQ/RXOPuN4ZXT/dwnOY6kPN8Y=,iv:v6SDGVU8wK1e1KjhPmKbrzjkgMqM021SeHXwaNlVG7c=,tag:tWI6nhKwYuCa1SEx5ZUInA==,type:str]
system-rsa-priv: ENC[AES256_GCM,data:uak7QI7CKyxpWCBHmHYYzFpK3ouwPNZhPXY9VY+Ju+ou9JerYZF/X5709I5dUu6Vp6r2FDRMjFuWWGrGY9wJ3m91CcFGnOLtDPEykuyjQhYU3xleTZsvtTL0R6lHh7eB/tG7kbTFjhVmURCcGhiwraOScLVl326eDF1ze2WMVoIGjUQi6kWnfb0b8+v76q/eZEkzu2U+jLeochJALvMXH5C+yvucmi1I4e0MzEEMhn3o1vjfshOiPw04pW14C0BuU+ybEaXvzVdMXSbVkcdLO0IcNLXBdpIIymPl0n07SKLUpAbEnlZsQJabEmwIOFxgd/X23tnskz9ZFMberpR2pkZVJfrZPvrKJY3PayIOE1b550T3W7aJBOaU0rIj8jy7xiCATk8Ov1+RoSootjonQfpBaNotgZWebga3MNmdzz76MAWXY14O0NZPpQXWi/tP5KlX35RPd/66aQiz3HW0t0ON4POEozgdu5v3/cNg0MlwbM5zBReH8Dto4v+VfLTaWjciu78NelkDdb9/ZBximb8xAvdyMun7iMXePbsWubXiVuCJySbijReRxHTQ1pIdIcajhbjyqWxV7NozkAy0jPCm88KLMT/IjlSKIbsVcY9vzfQkSD54nN8MQlJcZYlf26q92UrqWjuAEJEDuWkXqmLQPjs4YJ595Eq2LSnt1Ef9Kd0LyoookYDsK60qLSwOpOhuEK3Q7rTK0KHvZ+iVcl0HeT9kcAlqHxSKepW/UsNpa4UIfHypNHG0x3FulierbKGHZbzB+UI/lQ9oZL7XHrZa/ATalWKA4Qfssne1qMqJOVH2VKUq/PkdrkrakDhYR9UI5QWLKaHZQLQbgamAiMHJ4G64tAfoRJu8Zclo6DJUSvNRAxodeqVZMQpAMhdSq0EksGzPD2Tlw6Wyk5Au3DMMn5iGSxtI0aPb0HHh8I4HY/kd8qoIZ543V17kiVJ5g5XfLgCHrgc4kZ3Pi64N6IefpkmCioOVgUGNTDAhbqYY+iKy/K/VOrxIzcOuU+c55d84u9/aFZQmCki095voVGeycsrU/2MP4EYQKoZol2rl4OQWrFYQ2IDY3S3AoICjJCTrWbkPxn4Q6TCiMyCBoTL7mTwe20RhwioxAoElsQjfNoH0P3P2Jeu7ZTaMGoxUQRWYfgo67u+LydjWOvaiQFUBVMJmYKqBbYxlC//wt8nHLuo9+bNXAsEsGsJUvr/5v/tTv0+MRUP9vx4Z6GOBuoBWy1P+wLpz1lyNEcc7k0S9ErJo7RrK8dKjwwfNxozKVAb4HLGFmfI/an1aODfGGYwzkJBJE33XKlSDAu1QjLBdEwPWbGP+mW5+fZ3cfzHPQy+MLu7UkG74iL7gYxzwobC1CBFVMsH0Tg60WTyDcf2B+Wx40TqOPAQ3PexnVLorTYtxKZU55LM9f7MLVvpqYXg+hh6ww1ZvTjD6MvO98nNPw8rg2H+WP9PBz631uYc0A3Dkk1+sycOJAcXVfgKH5olkrubX83j+Z88jpkCXxuACHfEZNcbpb/+oeXRD2DGcKTJhQTV3VhmHP5fNufW8YHxSH61Md3xIjPwbEOE8UBnS6beebGAkfl+OfHpDK7AZGP1i73VeBlp/w990hN+V5Yns42XOadLYNkY24S4FZrxrjZltBK98XdH6G8MmSO7gp+F72OIKNfU+Z1cWq+EdfNcaDu9EXIfoKaTRL4TzP6OXepab2EdRWpQKVasxAqNLWyqxZByN2t7G8OT0L8lBCnCBi6TATrsQJc/VpKktOWWeIWZZWo0plOP04N2sP+MPLSOhX66Tz4zYq4DFidjqtAoTX2+lyAYistsB/Ly+XewYLeQseHNGXKIX95zwIGMKIhr9moX0bIqBUxZc8S/WoMRPyGUMHQpeIOlbSoPI3ZjYUinFEu3vuzovlJkhySn3TB4fQ5830KA7NwpLUcMYYGoJIwOXW/S05T4iWRozZQ84eFCCwnEmmpbTQ+nY4fbChBC4jwrpIIUx6fURErESv9WTTnvd3w20Nk+ZniVPJS1myxcY8xxj0pii4dZkGXBsnye8On6d890eiSIY4ZfGrx/IPXtulDX4vmsYT7tVsKMCZjKpBZvo4ZzE3Lwe8FDkqNn8evRKKnNnnfeOTU7BOfVwRZwWzP2eImBf/J4EcZNlPIlblNhZ+xzsHMa0CszbyiUviWW0T0cn44DxbxJ4aLDb9AnGxIVH9KXE3nuEtkj6QopDhchqXj8+DBrMWaBoNUIJ5MjGsRKU4R5uvuLGSnkj867eBJY5aSeaUAm1NcpOkLgma/IO8VqS7dZjPsJVls8dbr0f1ZAWR2fLwzOLYyJyPlxh38ghpSVWpztgGnoL5YmPrGmJOMbXww7iEc23qI1f9WtfB+TUS8WWc0Yw3RndmX29so3KVdsr48/BylYRvTQG+7+Sjhf0T0dxb/hnvd0hEObsIycRf0SnMws0oivtl1KFijuONSPAZVDc66YSRQh7KJkyptlPNiHHmoLXqtEgfs+SeK3qzwRO1FUyw09AK9VJI21YEMYry1SBEt/GdtLTlKkVS/P8oUhOX8SD9ELOGhTcNktFbyN5Yas8HyY0t38AU7kv4Ska+ZIImTeRCsHoASBLmwqq3tLZLvHpqa+Sn15n+cZn3dEpDQA6zibNSHQb8NK8UaEaOVdirpaKODoU1ICxAC03O+I0vQLk9omeSCSaL6uzsAF/yXnMHNgJi/ctbJx3vs8PSlRy3X09bL3OddJwsZ2jSgoBBvpshnwKFfkfTolZyPg1HB7IVtr53RD2kAiizVHH0cQo9Wkk9fnC5Je1E2BiSJW1mX0l9KuLi2Ms4HIDyysZ5AdpNC3iBB4EUy+7X+bQ0In1z7+zATwc59kS+K7K/pyD2MhbK8FRtfeLZoR6y+RaOizZxtSZ05sT16rGUDG9En7gtiLHn11wJKpXzW4Kqr8/bnPTaLg/ckOpbA3Tr36X+GgFqEA0s09bq6STTOXNIXZh38FSN1OiXHjbc324h9+5HmTvytJW0HBYoOvBzY6HB3Rt+H3NDMwv/cTVkZRDt6dE2oyi88mIbFlMwFUwfOT65sjGZZeXAYCpjcgyQ9KWwsQiAPe7xB6T1ZYMUpp//iiS/V3EgsTo3mZW160tyXJnDaq9kCwUKiFCqu40ZkwPnaKD3qPYXOQix0tx8CZLEsDzTEiLcRSjf974PI2h2HyW4sXMlYDG9l659hZyOUzYsHxsrYioAqQAhthQT+5dG8UkOPcEkNJYEooUq1jehK8GNLMrJZFYzKiL+Te+GRU9U/MRJgOpZgL6lOzlWAH79FIzNQsBh8p1w0uxBYJxtOsQmcLZzqI2B2swgh1x5RZhJzml82T3Tmvo9vxPTIajnlYzagY6g3/DedmXm93hCVEcZbvdP8vbpG9aW340Nwr5VpoKgvOrDsbOZ9zEZpjCQWTIqE35RfPKPp78u6ys9OIU7JVSR+GOvI+pA5hQqk8Zcm4l/JO4KmsynRhtWvMMvug7FcwDUFqBXV9oQBwZuO6g1e4xSV6t9c+nm8Bo1xOKZVQtD6NJCsuF2bXoMnxr0BKzpWPBX/F0xCifak+tJc98cbIyPMi52NmikML8jEnvvoK2h+Fgpqq9OVg30RaCIyJqp3QujI0W1JcihpNq3mDrJz76SP2lo07X7pCVNEAo4OifUv65WwJGoTbC0enKLRaUecRZBFH/SL2V1YSXZoEiejJuO5RIMDaV5xwPTiowWgtdOVnAXr9bZtpDtbyMZXd9wKJuH9pDfi1DqYoCBiKlidiL7lFVKnfMaYeF9Y+qxVU6nzk+hoq4MWabOTnhX+h5fy2PUXrWOsFCL/fLZKSiPps3n97LUjOwL+WK52V+gjP8Fa/UIG6S9zM9XfI+FxMR834KHnh/vnyRYT6+MNeTG+XqGU2/kl2TifTSr6pgWXEtN1c4CpFhYdgwBjC1kjOufdWoz/zHAldN3hUCbyz6yixYvgruqRIEmTohn2cCFoCJ05qBNvtqRMwaR5hgfhVwvL18mycbG5Sc1IeJXrzsrk8NtTzyLPW74CVNkR3ZKTwK7zXO7WU3FhTmdFY6ICcO4ct086Wwi01O8D7Lg0zVOpm4IAQgn/CtIXQUQL0YPDfVMOKj5fOvp/mnnAwHUAZNXefJbNFbFNBxYafP1rxV9EaBpdLyxWdDl/F7dXh8FtP4KeiC9F/hQpuncIdAbupL8ZvJPfB8TPRw1iSzp8BPouKc2NCxZNfp/eQ2FULEzbLYCTwR21VJWgAUbmrLFMw50V8B4OnpB+dQr7iN1fpG+WZmw97uKSJKZXSCtUKbSPDkKqKRb+nphYu3QXuHNCILmrZHE311YaWbv7664xqX2oaE1bFT6hb6gScl9/f1jk+FY698Rsrz+LNw3I7XeGsFxbox49ptBLRK8vUuB2qJ5TBjACxMjRwc199pA4LOZtl1NPDzRUJNsKtTqFBvTiO4OJYWe0idFhve3Yaa80qOlbkEQUDLIXDvoY35LgO9kWTwy5gMJ4og,iv:ugrSrI0mkLhs46wmyOWpBdaPaswiZNUKZ50XS/H0tSI=,tag:xPlFe68BCHz3RlAmjM9qTQ==,type:str]
age-keys-private:
matt-desktop-nix: ENC[AES256_GCM,data:7/UO2Oq096iJHSpwA2cflRoiPWrKFJA2RhcuH0bJKM/MO15GbW1VktPZieEVrj+3KTYnhrWr5mEHx+uekhyL2W98SO0JkIJ/c24=,iv:w9lt2rQzkys2HSR8ls4RKJlkNsAb61a+6eB/joKDEtQ=,tag:OYkFVP9HGHumE/3PUP64PA==,type:str]
admin-jallen-nas: ENC[AES256_GCM,data:lKXCpyB0+wViUYsJgxxe7a4dD24a80xe1XEfvVLoazEb/qmoUClhXU4FI1o8ATvpND4XG/vlq8IsZ3V3Yr2FQSOQTrUxs+Yz1po=,iv:Po0jpfoHNMu4s6EePwD20Kc0HQhnY+YKnwovkqCzviI=,tag:0YHI6cNWV21OH2gMOX/Gmw==,type:str]
ssh-keys-public:
macbook-macos: ENC[AES256_GCM,data:zHNf+gwWuY4lbrdEQm1fUADRwAoR1VTaiUnYQwDzpjqM0OU1jGfq5GF2aB56HK92ByZwHJxtmG1JVzypYZ+xZ/geBHr16VO5lVazXR5aso3NO5rrmAISkCSEJa1g+ZwBC3NbTglzZJX0e/JZe1QQZffi7m2pZ3HuKUF2IC+2qx5LghTm/qMNSiuRra91FmstHN1vJ74lgOcA8IkIAoE0+jDgpSmBqBQWV2cmiyo/JEmDfMIjZNdx4dQ14gP4FAuEGoRxfF3sHw5LhqKd2wgXkOYqvsSzeDuVk1qmI4wSflKcryElJ7jyMEiG5FaPEGibGkgyD7DIK65k67o3H2Y+7doDzahD71LFG7OF1kRq3JuzvL7wOQ51HTP8iFFdHJFIqdQlsORU6qiPE0GVV3zetuJgrFclVLHpVrOL2vPFwSS8Mbpenfp+7O/w4RYdbl0B9gNaiscqrUmnZCKCs5kjNQ7z+p9XmTa90yVgNUEtJLDH+8RMoZGhcg75awBHNW09iRH4pem+p+hZByhY0Ai/R/3e8xbzzJTHML5ypPYPKKypxIKkZajblASh24ymPFD50zaey+Rw5tTZoJFImM6osxrZxnIhqDuGO65wMiU0bulWPeO0vsYlf/SKUFOfo1+ZbBH+WNYtkQaYBk4VcIYN8OGdH4/ySOol+pGw8k6NROLWqgl+JbHvvqq/6loUQSqEFk/7mTt+azOtYZn8+Bipe6ZGikfoVPxxZidqE9KQkU8a3g/rf5lOqcE6TlDLdjiG7ixjzek=,iv:iK5OiEj1fzNkIOcbPeyXB6BVWGWdE9XulzDD/hqjyaM=,tag:mBYYY3Zbr5QQOFqNEXT8oQ==,type:str]
desktop-windows: ENC[AES256_GCM,data:dDxB1LxU5qxxP1/4wINuWn5JB1w8OepYt1rhrojaj7QxqH2rTW3hnlvXSKD/m7lrBcGBPDzjfJcWusSHBkIdb+qEawC4BhDJZSIZHgP+z7hcf8d3QWpcsaI/CIdr92tc8QKU98ocSvXHC9M7i3sVe7wISJHarDBXSqBpfAvM20V5jM1rhyzNUdAyIWTWL58bOZapa37x7weNr3+LOJVSWbIPD/+mOWSduESEBOGBvYcLcgcQf569tuVT06zhJ2YTiE6NYx1VOA80/Jqxs3Hcl0JNtNP5fYIFO5uXX6+Evmw/7HlUzA4/xeEwYIjpYAGnwG+7pm/CsBi0WBAhX96PYs2K+n+GaE3Af+kyfPBDcuqlYYfht6sQmtcQg4u/O9SVxY8hhhATUGqZUnHibwm6YUdpmlRYF6lDiwVP09ln93jN+Q9HGCIv4CCSG2s/2JtEczI2ieMFFDk1siCjE6Bd3vgpt5zSJNJ31F12yTlQ5oSEaFI61rMxbYTRB6r/yWCwLDzyOSWLAawSoJOCld5b4vGSbaK8CojcD87yPgXaqFE5hu6KYZbTR3qejeBjeXQqeq8HhRM6jVvoBhMUxdT3Uqk4Rr4P5RXf6Ip8lNAu0L9CTQBOD89Omac0WK8JKsmPP2qudvYDvSCOhVgRNI7RAuBasbPN4+FFB1rtMHVnuxe9mH5B5eO74kSGPb6G+4u5drCXgAQ+gZ5ncDh2LJAPY/4q3UXe5RtKNcK5rrg0fTJGWK6Nz+h9/Q==,iv:owBLW+yniaAPd+d6BFXlexNCRekZhAwP+oY+S/p5HD4=,tag:ct5BLa470+BYmzddF7s0hg==,type:str]
@@ -48,11 +59,13 @@ ssh-keys-public:
desktop-nixos-root: ENC[AES256_GCM,data:5Fox7sRamK74Toyftdl7JnzbGVJ66hjuWtu6yBZnXEArWJ/BAJKtrHP2zBE9mHkVQC1DmAFlS0ULFVDoCanZRdqt3bb2K7ZZoiGu1u5SyuY8GUtaVlousso37f24us/o,iv:S70s3EvwbPH6GPgq0m7eT18ncHZ6j5+nuNWK1hsRFoc=,tag:QRalnRG1GlOKZs0Utz9CLQ==,type:str]
jallen-nas: ENC[AES256_GCM,data:sOn3hImmDcBs1H8NudqaNnPz3x/bfueEfEMLgGZB4DmWxWbOYSvSNVDM3qRnM6Vmr/h/pHe40g5Q9oNazVFxltJc8gidqxtB6dYEuDOwoYhO0liFuJZnebWWbYHcKHgPEQ==,iv:it7LXuf0BMviBNluREDMW5tMTQJvh5wKXehB+qHEpos=,tag:7r+H5VbsbVvC8MxmMbl83w==,type:str]
jallen-nas-root: ENC[AES256_GCM,data:YcwfZ8Ae3Ch4LPbKEkijVuo2FhlzdApm1XI18upHVw9WkOjfDQjCnHSYXNhOPGYDHFTerd69A4YByNAJmI+ZhUFRk0j8JQyAAqrTqfQEv+bOjoAfXDNcwr2TEr0MpNAB,iv:np7bSSsauo10y/gt58HNNwtRNPaA5iK6+mDke+lmVjw=,tag:YNJhCBjWpYP2YCx8QFy1FA==,type:str]
pi4: ENC[AES256_GCM,data:8k8SVyG1zw7F3aN0RdNauIpmVK5Dy3D+CrA8favzEPpSsrE8kQKupe0lLEkb4nDiVRty0wrDYdu3zbr/IikmvrwglREwCXEeK+PwIVMFysgw5N17BTwFG5M=,iv:ImANnD1Tm3z4p2BlJbm4u+uSnS9IZKfsj3Oo1mKQH3Y=,tag:B0gYd0OAt/Mjs9coBeyCsA==,type:str]
ssh-keys-private:
desktop-nixos: ENC[AES256_GCM,data:nmZyje3ohrq7PUiaPMmD18S5WV5Vwc+cBc3sl8J+lYSPbnKf9vR9XpLi6twaAkJD0KzaPvbKbBmUka20M8j8RAFir0WOYI6c97Ql6r6QxcoJg+h1f1JCDLmPYzMk5bdP5xivkIG0oXIpcYP5aBVbbC7G5+aqTYKJsd553E2wuvqv5PGSXl1hN4q/JC4/DEJx1mJq7j1O+IQAxk1B44+O/Omgd+r6pALWQjA2EdCYk2ReDDF5hlVc/2TIC4vPzVFnPFqt/5LuhOah3HV7xqw8AV73QGMF0KHDYLGH70fgFBD0Wr0uR4jXWmzfhN5bKkNBRuY4A6EyXF57r1Nc4sxpK2ltHSEOuibJWi9R1E+h5rmb65sAMgxkWn6sGL3G5smC0VuLaDrYuyjFx782V9aWUvQr2h2AaU1Z7+h6VL/adq1U4gRkvK8a/+7IsTnSHTzMMnfY7jYIrWjmxNBwUEpqXAZFAFI7qP+29b2fdWYmoup/thvMthCri7NiXsX95Qgf7CQ/+qoKENwZw9TgLtJtbBBks2vEuHcVh7PO,iv:jgiF188WAPqEy8WWaHJImzlLV2NNTFnNHW3Le7aLJ1Y=,tag:iCCDSahE8/LSajZd0Mt3LQ==,type:str]
desktop-nixos-root: ENC[AES256_GCM,data:oIBAoV0MyASXKUf8YhncfvnvXZJsXumWf1t2dibJ8AQZn7AU9RdWrHmToStn0QH3wqqiZH0ZFRnQ5rzCjXz75UTM1CZ0K8SnPDVIgzsExzMSFWz0xXKCPiagR7iDs3E5T341+qG92MAYUoVHEO+LPFE1HItiZyTTgdbJ8tz4My3GXpJ+3ExGAO7nlF1CgCuV++IsU7pW3GAgi1+v+V/lrZxkdZikM1ayYDfMGa5//Tlx55W5zR9GYm4vd4/HwIij/DrEueZAw/4i3WOhd77afosYkboKtZb82m296UfyhJEFeMQvSvjpNvqIc9KStMjxuV07QXE3HZooGRZx6HYJtHHKxf9HcEvgvGNi4nIUoGFb2+pWmWk6Usxo2S6aZM5k96UGrQGdDZzRZZHA2K0gBCVOsdz91M8egsevZEzB6ADxLmkwsobOMRY9Dm91zBMCOI97YestSMQC1ilAevF844c8augaszPRxfwGocuZE+Z99bsQTzJBiTsTgmp1xHaYswP1CLfoeUg8NeDHWmXzIQaqBf96O0kSEWtB,iv:2cTIm3wgcyOgKBUNYZbokI3HRRWTA3/9IHu94KOBUww=,tag:98dLCYVfGcCdXPEDiIV9Uw==,type:str]
jallen-nas: ENC[AES256_GCM,data:7ByZUcsQRcu2HiFVm2kuqXhVLLMzvZiwLV37teBvDBcGSlZnyU+9MmTH1SIxMwGaXVGDcaGyLkUzR5tHE6RgWw/vFyAG2owopxp5iXeQwd2Wij8Y2v0CFlixarRkSduOHPzbgJLAbg3qLDSVOVjVNZLO+qc6W26EpgMjWzxITez+M310VkM0UwH1B3FDOOd9p5p40+WuusR4V+Kubdi6cUxAfGH0XRDhX7zoRNG9X7t9xZCexWeSIl0BlaLkliSCWd3QeiuavXt94fBdEX4cXPh4SG1lRq37MoUShHCd6T8CheMSSV+Clpq7qyfFLVPN+N4RCJbZ1IiutE+7AsWAqDgS0XR0EAa28AE6TJxNGLDtBzBJvLSr/CxkTRho3U8pCqplUYwUmG9S/2WBqMDuK9408bm9Pekq0XdG65s0axhl1cH5V6wi9mBrScjfdO84FLApKhIt6iKnYRImhRudses7Wfgc3iArkqEG4zeq4IOrycHc8eaWrdHCba/2HbI1zZjX+7fDJkruo43Z1RUjDfD8TNF8PRt5fmMH,iv:2XZh1NFe9UZnUVndSgyopXnqCg7gCeDw0lQlYji9/5E=,tag:SWiazbIWlkm5eDKWlHab3A==,type:str]
jallen-nas-root: ENC[AES256_GCM,data:S8FCH5it+4o7YWSoSmR4unUfzoMW4v994aSDVb2DxcZGh4W6DnQ/MjiV98mOt62hzvwMksaRM55wM1Lo0WVPorU1efLi1qZn/Mi/QSqIqZJTdHGWQeak/pZJk27fmqS+5QyDRmErVxxesM92s0Y24SmEBOxlWDlfGNUTIUzjsOk2HmrTFrUCE4A2uu/djhvMaNLry6tIddW5C+bGy+LItrR29tCmA6j76bDW2h7pi8C/BPGnrGEE/p6Vf+VNbE/9xYdqNXf1gbRJ0AenZi0n8AXJUUJAc1qZyTVBpYJRkhGx5JD89W6Xk4J1bZVXv5XHQQ5MPPlkGPv+tXnKTzxYKPl7OXpe6rIMWDUK77vFpOAagr4F27JvHMkhrSv6RAGY28KqX6rljOzZG0CV3/MDssf8pXcyIvVSwxaT6JmbYwqdCHT+/mz2DFwMb6lOync9n24tfyEu0qkAg2bLnOeICQYSre849dvsBDlfQw+Zu1HEkBR55X+BSWaL0godAlRhqJMqPwoHbMNC2Aean0GJ+Ao0oaMILI+Lu9eL,iv:+RvxMeW3J8xNfiU0xGKyQk55MJlwg+RL3Rff7NPexF4=,tag:f4P3dW05wDn4k/ed4xLz9g==,type:str]
pi4: ENC[AES256_GCM,data:FqDWLP7znoM7rYtIy/LCrKUkJDmhjkolDR6RklUzl+0qYUwdjEDsaxOTyEs7/gpZohLqAhJDc9cxDvolOLf0V1Mj0CFpxKGdy7Bvy7WJz1xa1rObi2Ea6cEOpeYJJWy2IW64AJM8d3pLh7sz2Brz96HmG3Bd2ClSl7CDHhOfi1+uFsDqekVnLNbwPMwXtKVKFWNwT83dPHxIzPgaCxoYXMFmxmg3zAcrhPcvATbHXnewgijrh+IaNyERp0EIB/wX6CZsGveMcEk9qZadZvkWRmUgRte4Gf1cyNdsypJkCzrNPb6JGnxKXoT0bfUvUDOFyYzyIuAaMAn1RqQqrMabutg8gNdrmSwqIEmQQwwbkp8PDUFVvo40GNwf1l0Sh6gno6z32zYuUi5gIzVYgtnZi+Ut/QqA1S6FBDnXm5AwCR6QgBG4sKsNwJiLVnLFmxYhXDGKWEBBPl7IKyZc7vnXiAAaBqLXLYMHKeqrcTyXlErVkbgAY2FxJYqVNjgomHaTyy069ULNllc8/3A03par,iv:b9HDOuwZwith6JHDikzh0KvTCMINrHkridp4rq44JS4=,tag:fwJiK/MmV3PCtGU6M1BnGw==,type:str]
secureboot:
GUID: ENC[AES256_GCM,data:EPkYpJAHYEAXRQQKkB6WHXdtdnyoMvPV0BjfxMYfD/F2LrQc,iv:yK+2bSfWHnJ+qTQ2F18Of/qrultrX5cwYLgEZEWj1z4=,tag:D2WTSLS3ZZ5vZ4VQg8ltZA==,type:str]
keys:
@@ -95,8 +108,8 @@ sops:
UGhsN2N0Mjl3UEJvUVlGRlJiN05WaUkKW37lU4G4CLTo6JoHC2OyhKsG/FuO+BiN
pzlVJwzRnmAqwklRbc6RMbQLl2EQrp6KQcgYsUxCMH9OQ/9WJ98dxQ==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-03-18T02:59:14Z"
mac: ENC[AES256_GCM,data:RiEa8ypToJkjjLJ4wW7ttlN5oPovGnjcnb4klf3um6VHgWE2+k8E3Il5Q8S4eS9y4f8Fh5AV+EqTtL+NZyCP+rut7yrGfECcq7CTaTuj9AIGfPT/AMA1yKDVnLUD9r8cJEayaLSJ4SJzy77vjsbbVy5ILOIiE8Ah4HRl0wJs7rs=,iv:Ns3DMy+SAxDaYW7KBrZ5B7HYr/S0DjYO3T0KKDvBU5I=,tag:ANQOpjMvbrbbFvqNkbb8nQ==,type:str]
lastmodified: "2025-03-19T20:25:49Z"
mac: ENC[AES256_GCM,data:/zHLzU9mnf5wJTzQ6xxyBKTOLmVrn68F3V+B8rJz/nFLjGfFxlLvkTLdYfgJ0RDR71wqe/s2Y3cqsMqb09X+YAxL/COJfTNaF+CF73Yhyxjm5bWlPLKzWQkx78awBKh0bldgcUMZoqpaKBT5N5FjQoRrkQX2tILbLkuwLZglUW8=,iv:a7JlujcKqrUxF7PSeHfpIAt3GKRk+MI2zbtLMO0N4dY=,tag:AKuFkKDcqaYQbtZF2YVWUA==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.4

18
share/amd/default.nix
View File

@@ -6,6 +6,7 @@
}:
let
cfg = config.share.hardware.amd;
pkgsVersion = pkgs.unstable;
in
{
imports = [ ./options.nix ];
@@ -14,7 +15,10 @@ in
boot.kernelParams = [ (if cfg.enable then "amdgpu.ppfeaturemask=0xffffffff" else null) ];
# Configure programs
programs.corectrl.enable = cfg.corectrl.enable;
programs.corectrl = {
enable = cfg.corectrl.enable;
package = pkgsVersion.corectrl;
};
# Configure environment
environment = {
@@ -32,8 +36,8 @@ in
graphics = {
enable = true;
enable32Bit = true;
# extraPackages = [ pkgs.unstable.mesa ];
# extraPackages32 = [ pkgs.unstable.pkgsi686Linux.mesa ];
# extraPackages = [ pkgsVersion.mesa ];
# extraPackages32 = [ pkgsVersion.pkgsi686Linux.mesa ];
};
};
@@ -56,9 +60,9 @@ in
# nixpkg is broken so need to manually define
systemd.services.lactd = lib.mkIf cfg.lact.enable {
description = "AMDGPU Control Daemon";
path = [
pkgs.bash
pkgs.lact
path = with pkgsVersion; [
bash
lact
];
script = ''
lact daemon
@@ -69,7 +73,7 @@ in
# Configure environment
environment = {
systemPackages = lib.mkIf cfg.lact.enable [ pkgs.lact ];
systemPackages = with pkgsVersion; lib.mkIf cfg.lact.enable [ lact ];
};
};
}

5
share/gaming/default.nix
View File

@@ -1,6 +1,7 @@
{ lib, config, pkgs, ... }:
let
cfg = config.share.gaming;
pkgsVersion = pkgs.unstable;
in
{
imports = [ ./options.nix ];
@@ -16,7 +17,7 @@ in
remotePlay.openFirewall = true;
# Open ports in the firewall for Source Dedicated Server
dedicatedServer.openFirewall = true;
extraCompatPackages = [ pkgs.proton-ge-bin];
extraCompatPackages = with pkgsVersion; [ proton-ge-bin];
gamescopeSession = {
enable = true;
args = [
@@ -48,7 +49,7 @@ in
nixpkgs.config.packageOverrides = pkgs: {
steam = pkgs.steam.override {
extraPkgs =
pkgs: with pkgs; [
pkgs: with pkgsVersion; [
xorg.libXcursor
xorg.libXi
xorg.libXinerama