Jo/puzzlevision
1
0
Fork 0
mirror of https://github.com/Jokiller230/puzzlevision.git synced 2025-10-31 05:40:05 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

🎉📝 initialize v2

Browse source
This commit is contained in:
Jo 2025-01-13 18:54:17 +01:00
parent 5087472710
commit 5abbdd12fb
95 changed files with 38 additions and 2693 deletions
Download patch file Download diff file Expand all files Collapse all files

5
.gitignore vendored
View file

@ -1,2 +1,3 @@
### Jetbrains
/.idea
### Buid-VM outputs
*.qcow2
/result

9
.sops.yaml
View file

@ -1,9 +0,0 @@
keys:
- &jo age1gudgza8lv02nwec0pejqpp5t7zu0tzjsfkmvgvy3ckfscr9f4qrq2sl5dv
- &server_absolutesolver age1qcjcwh9tq8pzf2yr7m3hm2n3n3y5rlc30fpkr0eytju9w57ucgcsgcy79d
creation_rules:
- path_regex: secrets/[^/]+\.(yaml|json|env|ini)$
key_groups:
- age:
- *jo
- *server_absolutesolver

9
CHANGELOG.md Normal file
View file

@ -0,0 +1,9 @@
# 0.1.0
* Add README and assets
* Add CHANGELOG
# 0.1.1
* Add goals and improvements to README
* Document nixos-rebuild buid-vm usage

32
README.md
View file

@ -1,15 +1,35 @@
# Puzzlevision
<br>
<div align="center"><img src="assets/puzzlevision.png" width="120px" height="auto"></div>
Non-stop entertainment! The wackiest NixOS configuration to-date.
<h1 align="center">✨ Puzzlevision ✨<br></h1>
<div align="center">Non-stop entertainment! The wackiest NixOS configuration to-date.</div>
<br>
## Deployment
## 🚧 State of development
Version 2.0 is still very much an experiment and not ready to be used in a production
environment. If you must, try running it within a VM using the provided deployment
instructions.
## 🚀 Deployment
To deploy a system run the following command in your terminal of choice.
Run this to apply your system configuration.
```sh
sudo nixos-rebuild switch --flake .#hostname
```
Run this, to apply your home-manager configuration.
If you're interested in a quick way to experiment with this configuration,
you may use the following command to build a VM.
```sh
home-manager switch --flake .#username@hostname
sudo nixos-rebuild build-vm --flake .#hostname
```
## 📝 Goals and improvements
The main goals of this rewritten flake are:
- using flake-parts in place of Snowfall lib
- significantly improving the re-usability of all modules
- avoiding anti-patterns, such as `with lib; with lib.${namespace};`
- improved secrets management
- keeping external assets closer to their related nix file, e.g. wallpapers in
the desktop modules folder

BIN
assets/puzzlevision.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 128 KiB

541
flake.lock generated
View file

@ -1,541 +0,0 @@
{
"nodes": {
"catppuccin": {
"inputs": {
"catppuccin-v1_1": "catppuccin-v1_1",
"catppuccin-v1_2": "catppuccin-v1_2",
"home-manager": "home-manager",
"home-manager-stable": "home-manager-stable",
"nixpkgs": [
"nixpkgs"
],
"nixpkgs-stable": "nixpkgs-stable",
"nuscht-search": "nuscht-search"
},
"locked": {
"lastModified": 1736069220,
"narHash": "sha256-76MaB3COao55nlhWmSmq9PKgu2iGIs54C1cAE0E5J6Y=",
"owner": "catppuccin",
"repo": "nix",
"rev": "8eada392fd6571a747e1c5fc358dd61c14c8704e",
"type": "github"
},
"original": {
"owner": "catppuccin",
"repo": "nix",
"type": "github"
}
},
"catppuccin-v1_1": {
"locked": {
"lastModified": 1734055249,
"narHash": "sha256-pCWJgwo77KD7EJpwynwKrWPZ//dwypHq2TfdzZWqK68=",
"rev": "7221d6ca17ac36ed20588e1c3a80177ac5843fa7",
"revCount": 326,
"type": "tarball",
"url": "https://api.flakehub.com/f/pinned/catppuccin/nix/1.1.1/0193bdc0-b045-7eed-bbec-95611a8ecdf5/source.tar.gz"
},
"original": {
"type": "tarball",
"url": "https://flakehub.com/f/catppuccin/nix/1.1.%2A.tar.gz"
}
},
"catppuccin-v1_2": {
"locked": {
"lastModified": 1734728407,
"narHash": "sha256-Let3uJo4YDyfqbqaw66dpZxhJB2TrDyZWSFd5rpPLJA=",
"rev": "23ee86dbf4ed347878115a78971d43025362fab1",
"revCount": 341,
"type": "tarball",
"url": "https://api.flakehub.com/f/pinned/catppuccin/nix/1.2.0/0193e5e0-33b7-7149-a362-bfe56b20f64e/source.tar.gz"
},
"original": {
"type": "tarball",
"url": "https://flakehub.com/f/catppuccin/nix/1.2.%2A.tar.gz"
}
},
"flake-compat": {
"flake": false,
"locked": {
"lastModified": 1696426674,
"narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-compat_2": {
"flake": false,
"locked": {
"lastModified": 1650374568,
"narHash": "sha256-Z+s0J8/r907g149rllvwhb4pKi8Wam5ij0st8PwAh+E=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "b4a34015c698c7793d592d66adbab377907a2be8",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-utils": {
"inputs": {
"systems": "systems"
},
"locked": {
"lastModified": 1731533236,
"narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils-plus": {
"inputs": {
"flake-utils": "flake-utils_3"
},
"locked": {
"lastModified": 1715533576,
"narHash": "sha256-fT4ppWeCJ0uR300EH3i7kmgRZnAVxrH+XtK09jQWihk=",
"owner": "gytis-ivaskevicius",
"repo": "flake-utils-plus",
"rev": "3542fe9126dc492e53ddd252bb0260fe035f2c0f",
"type": "github"
},
"original": {
"owner": "gytis-ivaskevicius",
"repo": "flake-utils-plus",
"rev": "3542fe9126dc492e53ddd252bb0260fe035f2c0f",
"type": "github"
}
},
"flake-utils_2": {
"inputs": {
"systems": "systems_2"
},
"locked": {
"lastModified": 1705309234,
"narHash": "sha256-uNRRNRKmJyCRC/8y1RqBkqWBLM034y4qN7EprSdmgyA=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "1ef2e671c3b0c19053962c07dbda38332dcebf26",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_3": {
"inputs": {
"systems": "systems_3"
},
"locked": {
"lastModified": 1694529238,
"narHash": "sha256-zsNZZGTGnMOf9YpHKJqMSsa0dXbfmxeoJ7xHlrt+xmY=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "ff7b65b44d01cf9ba6a71320833626af21126384",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"ghostty": {
"inputs": {
"flake-compat": "flake-compat",
"nixpkgs-stable": "nixpkgs-stable_2",
"nixpkgs-unstable": "nixpkgs-unstable",
"zig": "zig"
},
"locked": {
"lastModified": 1736402835,
"narHash": "sha256-SiG2B2KfU4BIOggrJJa9nKoagXtLXWWo9vXJ88a+ls8=",
"owner": "ghostty-org",
"repo": "ghostty",
"rev": "2d7706ec4f7042b9072d3b8ac8ea496dee209bc8",
"type": "github"
},
"original": {
"owner": "ghostty-org",
"repo": "ghostty",
"type": "github"
}
},
"hardware": {
"locked": {
"lastModified": 1736283893,
"narHash": "sha256-BG1FfTexFwNty5VhYjaQLMR6CMPfI3QRcaZrFQYu2EM=",
"owner": "NixOS",
"repo": "nixos-hardware",
"rev": "4f339f6be2b61662f957c2ee9eda0fa597d8a6d6",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "master",
"repo": "nixos-hardware",
"type": "github"
}
},
"home-manager": {
"inputs": {
"nixpkgs": [
"catppuccin",
"nixpkgs"
]
},
"locked": {
"lastModified": 1734622215,
"narHash": "sha256-OOfI0XhSJGHblfdNDhfnn8QnZxng63rWk9eeJ2tCbiI=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "1395379a7a36e40f2a76e7b9936cc52950baa1be",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "home-manager",
"type": "github"
}
},
"home-manager-stable": {
"inputs": {
"nixpkgs": [
"catppuccin",
"nixpkgs-stable"
]
},
"locked": {
"lastModified": 1734366194,
"narHash": "sha256-vykpJ1xsdkv0j8WOVXrRFHUAdp9NXHpxdnn1F4pYgSw=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "80b0fdf483c5d1cb75aaad909bd390d48673857f",
"type": "github"
},
"original": {
"owner": "nix-community",
"ref": "release-24.11",
"repo": "home-manager",
"type": "github"
}
},
"home-manager_2": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1736366465,
"narHash": "sha256-Fo68EF6p/N9GJyHiAUbXtiE7IJlb3IMjK86LuxFMsRU=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "7e00856596891850ba5ad4c5ecd2ed74468c08c5",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "home-manager",
"type": "github"
}
},
"ixx": {
"inputs": {
"flake-utils": [
"catppuccin",
"nuscht-search",
"flake-utils"
],
"nixpkgs": [
"catppuccin",
"nuscht-search",
"nixpkgs"
]
},
"locked": {
"lastModified": 1729958008,
"narHash": "sha256-EiOq8jF4Z/zQe0QYVc3+qSKxRK//CFHMB84aYrYGwEs=",
"owner": "NuschtOS",
"repo": "ixx",
"rev": "9fd01aad037f345350eab2cd45e1946cc66da4eb",
"type": "github"
},
"original": {
"owner": "NuschtOS",
"ref": "v0.0.6",
"repo": "ixx",
"type": "github"
}
},
"nix-flatpak": {
"locked": {
"lastModified": 1711997201,
"narHash": "sha256-J71xzQlVYsjagA4AsVwRazhBh2rZrPpKvxTgs6UzL7c=",
"owner": "gmodena",
"repo": "nix-flatpak",
"rev": "b76fa31346db7fc958a9898f3c594696ca71c4fd",
"type": "github"
},
"original": {
"owner": "gmodena",
"ref": "v0.4.1",
"repo": "nix-flatpak",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1736241350,
"narHash": "sha256-CHd7yhaDigUuJyDeX0SADbTM9FXfiWaeNyY34FL1wQU=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "8c9fd3e564728e90829ee7dbac6edc972971cd0f",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixpkgs-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-stable": {
"locked": {
"lastModified": 1734600368,
"narHash": "sha256-nbG9TijTMcfr+au7ZVbKpAhMJzzE2nQBYmRvSdXUD8g=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "b47fd6fa00c6afca88b8ee46cfdb00e104f50bca",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-24.11",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-stable_2": {
"locked": {
"lastModified": 1733423277,
"narHash": "sha256-TxabjxEgkNbCGFRHgM/b9yZWlBj60gUOUnRT/wbVQR8=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "e36963a147267afc055f7cf65225958633e536bf",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "release-24.11",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-unstable": {
"locked": {
"lastModified": 1733229606,
"narHash": "sha256-FLYY5M0rpa5C2QAE3CKLYAM6TwbKicdRK6qNrSHlNrE=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "566e53c2ad750c84f6d31f9ccb9d00f823165550",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixpkgs-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nuscht-search": {
"inputs": {
"flake-utils": "flake-utils",
"ixx": "ixx",
"nixpkgs": [
"catppuccin",
"nixpkgs"
]
},
"locked": {
"lastModified": 1733773348,
"narHash": "sha256-Y47y+LesOCkJaLvj+dI/Oa6FAKj/T9sKVKDXLNsViPw=",
"owner": "NuschtOS",
"repo": "search",
"rev": "3051be7f403bff1d1d380e4612f0c70675b44fc9",
"type": "github"
},
"original": {
"owner": "NuschtOS",
"repo": "search",
"type": "github"
}
},
"root": {
"inputs": {
"catppuccin": "catppuccin",
"ghostty": "ghostty",
"hardware": "hardware",
"home-manager": "home-manager_2",
"nix-flatpak": "nix-flatpak",
"nixpkgs": "nixpkgs",
"snowfall-lib": "snowfall-lib",
"sops-nix": "sops-nix",
"zen-browser": "zen-browser"
}
},
"snowfall-lib": {
"inputs": {
"flake-compat": "flake-compat_2",
"flake-utils-plus": "flake-utils-plus",
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1736130495,
"narHash": "sha256-4i9nAJEZFv7vZMmrE0YG55I3Ggrtfo5/T07JEpEZ/RM=",
"owner": "snowfallorg",
"repo": "lib",
"rev": "02d941739f98a09e81f3d2d9b3ab08918958beac",
"type": "github"
},
"original": {
"owner": "snowfallorg",
"repo": "lib",
"type": "github"
}
},
"sops-nix": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1736203741,
"narHash": "sha256-eSjkBwBdQk+TZWFlLbclF2rAh4JxbGg8az4w/Lfe7f4=",
"owner": "Mic92",
"repo": "sops-nix",
"rev": "c9c88f08e3ee495e888b8d7c8624a0b2519cb773",
"type": "github"
},
"original": {
"owner": "Mic92",
"repo": "sops-nix",
"type": "github"
}
},
"systems": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"systems_2": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"systems_3": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"zen-browser": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1736267677,
"narHash": "sha256-7FH/gFShKOzf46yKqA4VWAaWxuyHBRnXOdaffbTxVo4=",
"owner": "0xc000022070",
"repo": "zen-browser-flake",
"rev": "c96c6a1ebf1bea782f9528dc316d986a6087ebc0",
"type": "github"
},
"original": {
"owner": "0xc000022070",
"repo": "zen-browser-flake",
"type": "github"
}
},
"zig": {
"inputs": {
"flake-compat": [
"ghostty"
],
"flake-utils": "flake-utils_2",
"nixpkgs": [
"ghostty",
"nixpkgs-stable"
]
},
"locked": {
"lastModified": 1717848532,
"narHash": "sha256-d+xIUvSTreHl8pAmU1fnmkfDTGQYCn2Rb/zOwByxS2M=",
"owner": "mitchellh",
"repo": "zig-overlay",
"rev": "02fc5cc555fc14fda40c42d7c3250efa43812b43",
"type": "github"
},
"original": {
"owner": "mitchellh",
"repo": "zig-overlay",
"type": "github"
}
}
},
"root": "root",
"version": 7
}

76
flake.nix
View file

@ -1,76 +0,0 @@
{
description = "Jo's NixOS configuration";
inputs = {
# Nixpkgs instance.
nixpkgs.url = "github:nixos/nixpkgs/nixpkgs-unstable";
# Snowfall lib imposes an opinionated file-structure, which makes things a little easier sometimes.
snowfall-lib = { url = "github:snowfallorg/lib"; inputs.nixpkgs.follows = "nixpkgs"; };
# Secret management tool
sops-nix = { url = "github:Mic92/sops-nix"; inputs.nixpkgs.follows = "nixpkgs"; };
# Home manager for managing the /home directory.
home-manager = { url = "github:nix-community/home-manager"; inputs.nixpkgs.follows = "nixpkgs"; };
# Hardware specific tweaks and performance optimizations.
hardware = { url = "github:NixOS/nixos-hardware/master"; };
# Catppuccin theme nix configuration.
catppuccin = { url = "github:catppuccin/nix"; inputs.nixpkgs.follows = "nixpkgs"; };
# Declarative management of Flatpak packages.
nix-flatpak = { url = "github:gmodena/nix-flatpak/?ref=v0.4.1"; };
# Apps
zen-browser = { url = "github:0xc000022070/zen-browser-flake"; inputs.nixpkgs.follows = "nixpkgs"; };
ghostty = { url = "github:ghostty-org/ghostty"; };
};
nixConfig = {
extra-substituters = [
"https://nix-community.cachix.org"
"https://cache.nixos.org"
"https://devenv.cachix.org"
"https://shopware.cachix.org"
];
extra-trusted-public-keys = [
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
"cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
"devenv.cachix.org-1:w1cLUi8dv3hnoSPGAuibQv+f9TZLr6cv/Hm9XgU50cw="
"shopware.cachix.org-1:IDifwLVQaaDU2qhlPkJsWJp/Pq0PfzHPIB90hBOhL3k="
];
};
outputs = inputs:
inputs.snowfall-lib.mkFlake {
inherit inputs; # Providing flake inputs to Snowfall Lib.
src = ./.; # "src" must point to the root of the flake.
snowfall = {
# Namespace for this flake's packages, library and overlays.
namespace = "puzzlevision";
meta = {
name = "jos-nixos-configuration"; # Used in certain places, like documentations. No spaces.
title = "Jo's NixOS configuration"; # Basically just for decorational purposes.
};
};
channels-config = {
allowUnfree = true;
};
# Apply some NixOS modules globally.
systems.modules.nixos = with inputs; [
sops-nix.nixosModules.sops
];
# Apply some home-manager modules globally.
homes.modules = with inputs; [
nix-flatpak.homeManagerModules.nix-flatpak
catppuccin.homeManagerModules.catppuccin
];
};
}

19
homes/x86_64-linux/cyn@absolutesolver/default.nix
View file

@ -1,19 +0,0 @@
{
lib,
pkgs,
namespace,
...
}: with lib; with lib.${namespace};
{
# Declare user packages.
home.packages = with pkgs; [
### Runtimes
nodejs_22
bun
### Tools
git
];
home.stateVersion = "24.05";
}

70
homes/x86_64-linux/jo@puzzlevision/default.nix
View file

@ -1,70 +0,0 @@
{
lib,
pkgs,
namespace,
...
}: with lib; with lib.${namespace};
{
puzzlevision = {
themes.catppuccin = {
gtk.enable = true;
};
};
home.file."~/.config/Yubico/u2f_keys".text = ''
jo:gtKwCQKVw5O4IkWg8J8o7vHIo3hStmOqVcnmk97E335DwHnPUMIDTMnD46qEn/1tucTZlYfGABfzVVG+iYeUOA==,fVRFZb9iBiqjOXvk5Gm9ygO/O4huEUR1Uq3DGBlnS1RtqqK0shif8aOlNLkmn8Xe9+x4HYIeNEX4fc8Z7Y2Hgw==,es256,+presence
'';
# Flatpak configuration.
services.flatpak = {
enable = true;
update.auto.enable = true;
uninstallUnmanaged = true;
packages = [];
};
# TODO: look at git-sync for syncing stuff like obsidian vaults.
programs.git-credential-oauth.enable = true;
# Declare user packages.
home.packages = with pkgs; [
### General
qflipper
wineWowPackages.waylandFull
vesktop
lunar-client
steam
g4music
bitwarden-desktop
youtube-music
### Development
avra
avrdude
jetbrains.phpstorm
jetbrains-toolbox
git
nodejs_22
bun
devenv
python39
poetry
nil
zed-editor
bruno
deno
### Work
teams-for-linux
enpass
### Notes & Organisation
obsidian
### Virtual Reality
sidequest
];
home.stateVersion = "24.05";
}

16
lib/module/default.nix
View file

@ -1,16 +0,0 @@
{
lib,
...
}: with lib;
rec {
## Create a NixOS module option. (Stolen from Jake Hamilton)
##
## ```nix
## lib.mkOpt nixpkgs.lib.types.str "My default" "Description of my option."
## ```
##
#@ Type -> Any -> String
mkOpt =
type: default: description:
mkOption { inherit type default description; };
}

8
modules/home/common/ssh/default.nix
View file

@ -1,8 +0,0 @@
{
pkgs,
...
}: {
home.packages = with pkgs; [
openssh
];
}

88
modules/home/desktop/gnome/default.nix
View file

@ -1,88 +0,0 @@
{
lib,
pkgs,
config,
osConfig,
namespace,
...
}: with lib; with lib.${namespace};
let
cfg = config.${namespace}.desktop.gnome;
in
{
options.${namespace}.desktop.gnome = with types; {
enabled-extensions = mkOption {
type = listOf package;
default = with pkgs.gnomeExtensions; [ dash-to-dock user-themes blur-my-shell appindicator unite color-picker clipboard-history ];
example = [ dash-to-dock blur-my-shell ];
description = "Specify gnome extensions to install.";
};
favorite-apps = mkOption {
type = listOf str;
default = ["org.gnome.Nautilus.desktop" "obsidian.desktop" "zen.desktop" "dev.zed.Zed.desktop"];
example = ["org.gnome.Nautilus.desktop" "obsidian.desktop"];
description = "Specify your favorite apps (sorted left to right).";
};
extensions = {
unite = {
show-window-buttons = mkOption {
type = str;
default = "never";
example = "never | maximized | tiled | both | always";
description = "Specify when Unite should display window buttons within the top panel.";
};
hide-window-titlebars = mkOption {
type = str;
default = "maximized";
example = "never | maximized | tiled | both | always";
description = "Specify when Unite should hide window titlebars.";
};
};
blur-my-shell = {
enable-blur = mkOpt bool false "Whether to enable blur-my-shell application blur.";
};
};
wallpaper = mkOpt str (builtins.toString ./wallpapers/abstract/amber-d.jxl) "Specify the path of your prefered Gnome wallpaper.";
};
config = mkIf osConfig.${namespace}.desktop.gnome.enable {
home.packages = cfg.enabled-extensions;
dconf.settings = {
"org/gnome/shell" = {
favorite-apps = cfg.favorite-apps;
enabled-extensions = forEach cfg.enabled-extensions (x: x.extensionUuid);
disabled-extensions = []; # Make sure none of our extensions are disabled on system rebuild
};
"org/gnome/shell/extensions/unite" = mkIf (builtins.elem pkgs.gnomeExtensions.unite cfg.enabled-extensions) {
show-window-buttons = cfg.extensions.unite.show-window-buttons;
hide-window-titlebars = cfg.extensions.unite.hide-window-titlebars;
use-activities-text = false;
extend-left-box = false;
reduce-panel-spacing = false;
show-legacy-tray = false;
show-appmenu-button = false;
show-desktop-name = false;
enable-titlebar-actions = false;
restrict-to-primary-screen = false;
hide-activities-button = "never";
autofocus-windows = true;
notifications-position = "right";
};
"org/gnome/shell/extensions/blur-my-shell/applications" = mkIf cfg.extensions.blur-my-shell.enable-blur {
blur = true;
sigma = 30;
opacity = 230;
enable-all = true;
};
"org/gnome/desktop/background" = {
picture-uri = cfg.wallpaper;
picture-uri-dark = cfg.wallpaper;
};
"org/gnome/desktop/interface" = {
color-scheme = "prefer-dark";
};
};
};
}

BIN
modules/home/desktop/gnome/wallpapers/3d-model.jpg
View file

Binary file not shown.
Side by side

Before

Width:  |  Height:  |  Size: 166 KiB

BIN
modules/home/desktop/gnome/wallpapers/abstract/amber-d.jxl
View file

Binary file not shown.

BIN
modules/home/desktop/gnome/wallpapers/abstract/amber-l.jxl
View file

Binary file not shown.

BIN
modules/home/desktop/gnome/wallpapers/black-hole.png
View file

Binary file not shown.
Side by side

Before

Width:  |  Height:  |  Size: 5 MiB

BIN
modules/home/desktop/gnome/wallpapers/bunnies-road.png
View file

Binary file not shown.
Side by side

Before

Width:  |  Height:  |  Size: 620 KiB

BIN
modules/home/desktop/gnome/wallpapers/cabin-4.png
View file

Binary file not shown.
Side by side

Before

Width:  |  Height:  |  Size: 549 KiB

BIN
modules/home/desktop/gnome/wallpapers/car-wreck.png
View file

Binary file not shown.
Side by side

Before

Width:  |  Height:  |  Size: 554 KiB

BIN
modules/home/desktop/gnome/wallpapers/cat-vibin.png
View file

Binary file not shown.
Side by side

Before

Width:  |  Height:  |  Size: 164 KiB

BIN
modules/home/desktop/gnome/wallpapers/cottages-river.png
View file

Binary file not shown.
Side by side

Before

Width:  |  Height:  |  Size: 4.1 MiB

BIN
modules/home/desktop/gnome/wallpapers/crane.png
View file

Binary file not shown.
Side by side

Before

Width:  |  Height:  |  Size: 1.6 MiB

BIN
modules/home/desktop/gnome/wallpapers/dark-star.jpg
View file

Binary file not shown.
Side by side

Before

Width:  |  Height:  |  Size: 118 KiB

BIN
modules/home/desktop/gnome/wallpapers/dark-waves.jpg
View file

Binary file not shown.
Side by side

Before

Width:  |  Height:  |  Size: 815 KiB

BIN
modules/home/desktop/gnome/wallpapers/flowering-rain.png
View file

Binary file not shown.
Side by side

Before

Width:  |  Height:  |  Size: 3.3 MiB

BIN
modules/home/desktop/gnome/wallpapers/galaxy-waves.jpg
View file

Binary file not shown.
Side by side

Before

Width:  |  Height:  |  Size: 836 KiB

BIN
modules/home/desktop/gnome/wallpapers/keyboard-2.png
View file

Binary file not shown.
Side by side

Before

Width:  |  Height:  |  Size: 2.7 MiB

BIN
modules/home/desktop/gnome/wallpapers/keyboard.png
View file

Binary file not shown.
Side by side

Before

Width:  |  Height:  |  Size: 1.4 MiB

BIN
modules/home/desktop/gnome/wallpapers/lighthouse.jpg
View file

Binary file not shown.
Side by side

Before

Width:  |  Height:  |  Size: 1.4 MiB

BIN
modules/home/desktop/gnome/wallpapers/old-computer.png
View file

Binary file not shown.
Side by side

Before

Width:  |  Height:  |  Size: 707 KiB

BIN
modules/home/desktop/gnome/wallpapers/pixel-reading.png
View file

Binary file not shown.
Side by side

Before

Width:  |  Height:  |  Size: 22 KiB

BIN
modules/home/desktop/gnome/wallpapers/rocket-launch.jpg
View file

Binary file not shown.
Side by side

Before

Width:  |  Height:  |  Size: 760 KiB

BIN
modules/home/desktop/gnome/wallpapers/ship-2.png
View file

Binary file not shown.
Side by side

Before

Width:  |  Height:  |  Size: 3.3 MiB

BIN
modules/home/desktop/gnome/wallpapers/snowflakes.jpg
View file

Binary file not shown.
Side by side

Before

Width:  |  Height:  |  Size: 864 KiB

BIN
modules/home/desktop/gnome/wallpapers/space.png
View file

Binary file not shown.
Side by side

Before

Width:  |  Height:  |  Size: 1,013 KiB

BIN
modules/home/desktop/gnome/wallpapers/voxel-city.jpg
View file

Binary file not shown.
Side by side

Before

Width:  |  Height:  |  Size: 256 KiB

BIN
modules/home/desktop/gnome/wallpapers/voxel-houses-monochrome.png
View file

Binary file not shown.
Side by side

Before

Width:  |  Height:  |  Size: 1.7 MiB

BIN
modules/home/desktop/gnome/wallpapers/wallpaper_swirl_1.png
View file

Binary file not shown.
Side by side

Before

Width:  |  Height:  |  Size: 5 MiB

17
modules/home/palette/default.nix
View file

@ -1,17 +0,0 @@
{
lib,
namespace,
config,
pkgs,
...
}: with lib; with lib.${namespace};
let
palette = (pkgs.lib.importJSON (config.catppuccin.sources.palette + "/palette.json")).${config.catppuccin.flavor}.colors;
in
{
options.palette = mkOption { type = types.attrsOf types.raw; };
config = {
inherit palette;
};
}

23
modules/home/themes/catppuccin/black-box/default.nix
View file

@ -1,23 +0,0 @@
{
lib,
config,
namespace,
...
}:
let
inherit (lib) mkEnableOption mkIf;
cfg = config.${namespace}.themes.catppuccin.black-box;
in
{
options.${namespace}.themes.catppuccin.black-box = {
enable = mkEnableOption "Whether to enable the catppuccin theme for black-box.";
};
config = mkIf cfg.enable {
dconf.settings = {
"com/raggesilver/BlackBox" = {
theme-dark = "Catppuccin Macchiato";
};
};
};
}

6
modules/home/themes/catppuccin/fish/default.nix
View file

@ -1,6 +0,0 @@
{
lib,
...
}: {
home.file.".config/fish/themes/Catppuccin\ Macchiato.theme".source = lib.snowfall.fs.get-file "resources/apps/fish/Catppuccin\ Macchiato.theme";
}

13
modules/home/themes/catppuccin/global/default.nix
View file

@ -1,13 +0,0 @@
{
...
}: {
catppuccin = {
enable = true;
accent = "blue";
flavor = "macchiato";
cursors.enable = true;
cursors.accent = "blue";
cursors.flavor = "macchiato";
};
}

166
modules/home/themes/catppuccin/gnome/default.nix
View file

@ -1,166 +0,0 @@
{
lib,
namespace,
config,
pkgs,
...
}: with lib; with lib.${namespace};
let
# Stolen from Oli @ git.gay, basically just themes default libadwaita components.
css = pkgs.writeTextFile {
name = "gtk-css";
text = ''
@define-color accent_color ${config.palette.maroon.hex};
@define-color accent_bg_color ${config.palette.maroon.hex};
@define-color accent_fg_color ${config.palette.base.hex};
@define-color destructive_color ${config.palette.red.hex};
@define-color destructive_bg_color ${config.palette.red.hex};
@define-color destructive_fg_color ${config.palette.base.hex};
@define-color success_color ${config.palette.green.hex};
@define-color success_bg_color ${config.palette.green.hex};
@define-color success_fg_color ${config.palette.base.hex};
@define-color warning_color ${config.palette.mauve.hex};
@define-color warning_bg_color ${config.palette.mauve.hex};
@define-color warning_fg_color ${config.palette.base.hex};
@define-color error_color ${config.palette.red.hex};
@define-color error_bg_color ${config.palette.red.hex};
@define-color error_fg_color ${config.palette.base.hex};
@define-color window_bg_color ${config.palette.base.hex};
@define-color window_fg_color ${config.palette.text.hex};
@define-color view_bg_color ${config.palette.base.hex};
@define-color view_fg_color ${config.palette.text.hex};
@define-color headerbar_bg_color ${config.palette.mantle.hex};
@define-color headerbar_fg_color ${config.palette.text.hex};
@define-color headerbar_border_color rgba(${builtins.toString config.palette.base.rgb.r}, ${builtins.toString config.palette.base.rgb.g}, ${builtins.toString config.palette.base.rgb.b}, 0.7);
@define-color headerbar_backdrop_color @window_bg_color;
@define-color headerbar_shade_color rgba(0, 0, 0, 0.07);
@define-color headerbar_darker_shade_color rgba(0, 0, 0, 0.07);
@define-color sidebar_bg_color ${config.palette.mantle.hex};
@define-color sidebar_fg_color ${config.palette.text.hex};
@define-color sidebar_backdrop_color @window_bg_color;
@define-color sidebar_shade_color rgba(0, 0, 0, 0.07);
@define-color secondary_sidebar_bg_color @sidebar_bg_color;
@define-color secondary_sidebar_fg_color @sidebar_fg_color;
@define-color secondary_sidebar_backdrop_color @sidebar_backdrop_color;
@define-color secondary_sidebar_shade_color @sidebar_shade_color;
@define-color card_bg_color ${config.palette.mantle.hex};
@define-color card_fg_color ${config.palette.text.hex};
@define-color card_shade_color rgba(0, 0, 0, 0.07);
@define-color dialog_bg_color ${config.palette.mantle.hex};
@define-color dialog_fg_color ${config.palette.text.hex};
@define-color popover_bg_color ${config.palette.mantle.hex};
@define-color popover_fg_color ${config.palette.text.hex};
@define-color popover_shade_color rgba(0, 0, 0, 0.07);
@define-color shade_color rgba(0, 0, 0, 0.07);
@define-color scrollbar_outline_color ${config.palette.surface0.hex};
@define-color blue_1 ${config.palette.blue.hex};
@define-color blue_2 ${config.palette.blue.hex};
@define-color blue_3 ${config.palette.blue.hex};
@define-color blue_4 ${config.palette.blue.hex};
@define-color blue_5 ${config.palette.blue.hex};
@define-color green_1 ${config.palette.green.hex};
@define-color green_2 ${config.palette.green.hex};
@define-color green_3 ${config.palette.green.hex};
@define-color green_4 ${config.palette.green.hex};
@define-color green_5 ${config.palette.green.hex};
@define-color yellow_1 ${config.palette.yellow.hex};
@define-color yellow_2 ${config.palette.yellow.hex};
@define-color yellow_3 ${config.palette.yellow.hex};
@define-color yellow_4 ${config.palette.yellow.hex};
@define-color yellow_5 ${config.palette.yellow.hex};
@define-color orange_1 ${config.palette.peach.hex};
@define-color orange_2 ${config.palette.peach.hex};
@define-color orange_3 ${config.palette.peach.hex};
@define-color orange_4 ${config.palette.peach.hex};
@define-color orange_5 ${config.palette.peach.hex};
@define-color red_1 ${config.palette.red.hex};
@define-color red_2 ${config.palette.red.hex};
@define-color red_3 ${config.palette.red.hex};
@define-color red_4 ${config.palette.red.hex};
@define-color red_5 ${config.palette.red.hex};
@define-color purple_1 ${config.palette.mauve.hex};
@define-color purple_2 ${config.palette.mauve.hex};
@define-color purple_3 ${config.palette.mauve.hex};
@define-color purple_4 ${config.palette.mauve.hex};
@define-color purple_5 ${config.palette.mauve.hex};
@define-color brown_1 ${config.palette.flamingo.hex};
@define-color brown_2 ${config.palette.flamingo.hex};
@define-color brown_3 ${config.palette.flamingo.hex};
@define-color brown_4 ${config.palette.flamingo.hex};
@define-color brown_5 ${config.palette.flamingo.hex};
@define-color light_1 ${config.palette.mantle.hex};
@define-color light_2 ${config.palette.mantle.hex};
@define-color light_3 ${config.palette.mantle.hex};
@define-color light_4 ${config.palette.mantle.hex};
@define-color light_5 ${config.palette.mantle.hex};
@define-color dark_1 ${config.palette.mantle.hex};
@define-color dark_2 ${config.palette.mantle.hex};
@define-color dark_3 ${config.palette.mantle.hex};
@define-color dark_4 ${config.palette.mantle.hex};
@define-color dark_5 ${config.palette.mantle.hex};
'';
};
cfg = config.${namespace}.themes.catppuccin.gtk;
in
{
options.${namespace}.themes.catppuccin.gtk = { enable = mkEnableOption "Enable the Catppuccin theme for GTK"; };
config = mkIf cfg.enable {
home.packages = with pkgs; [
(colloid-gtk-theme.override {
themeVariants = ["default"];
colorVariants = ["dark"];
sizeVariants = ["standard"];
tweaks = ["catppuccin"];
})
];
gtk = {
enable = true;
font = {
name = "Poppins";
size = 12;
package = pkgs.poppins;
};
theme = {
name = "adw-gtk3-dark";
package = pkgs.adw-gtk3;
};
gtk3 = {
extraCss = ''@import url("${css}");'';
extraConfig = {
gtk-application-prefer-dark-theme = 1;
};
};
gtk4 = {
extraCss = ''@import url("${css}");'';
};
};
catppuccin = {
gtk = {
icon = {
enable = true;
accent = "maroon";
flavor = "mocha";
};
};
};
dconf.settings = {
"org/gnome/shell/extensions/user-theme" = {
name = "Colloid-Dark-Catppuccin";
};
"org/gnome/desktop/interface" = {
color-scheme = "prefer-dark";
cursor-theme = "catppuccin-macchiato-blue-cursors";
};
};
};
}

16
modules/home/user/default.nix
View file

@ -1,16 +0,0 @@
{
lib,
namespace,
...
}:
let
inherit (lib.${namespace}) mkOpt;
in
{
options.${namespace}.user = with lib.types; {
name = mkOpt str "Jo" "The user's short name.";
fullName = mkOpt str "Johannes Reckers" "The user's full name.";
email = mkOpt str "reckers.johannes@proton.me" "The user's primary E-Mail address.";
icon = mkOpt str "./icon.jpg" "The path to the users prefered icon.";
};
}

BIN
modules/home/user/icon.jpg
View file

Binary file not shown.
Side by side

Before

Width:  |  Height:  |  Size: 72 KiB

16
modules/nixos/admin/default.nix
View file

@ -1,16 +0,0 @@
{
lib,
namespace,
...
}:
let
inherit (lib) types;
inherit (lib.${namespace}) mkOpt;
in
{
options.${namespace}.admin = with types; {
name = mkOpt str "Jo" "The short name of the system admin.";
full-name = mkOpt str "Johannes Reckers" "The full name of the system admin.";
email = mkOpt str "system@thevoid.cafe" "The E-Mail of the system admin. (Used for system services by default)";
};
}

32
modules/nixos/archetypes/server/default.nix
View file

@ -1,32 +0,0 @@
{
lib,
namespace,
config,
...
}: with lib; with lib.${namespace};
let
cfg = config.${namespace}.archetypes.server;
in {
options.${namespace}.archetypes.server = { enable = mkEnableOption "Enable the server archetype for your current system"; };
config = mkIf cfg.enable {
# Enable modules
puzzlevision = {
common = {
nix = {
enable = true;
use-lix = true;
};
grub.enable = true;
networking.enable = true;
kernel.enable = true;
shell.enable = true;
hardware.enable = true;
locale.enable = true;
};
};
# Enable SSH for remote login
services.openssh.enable = true;
};
}

44
modules/nixos/archetypes/workstation/default.nix
View file

@ -1,44 +0,0 @@
{
lib,
namespace,
config,
...
}: with lib; with lib.${namespace};
let
cfg = config.${namespace}.archetypes.workstation;
in {
options.${namespace}.archetypes.workstation = { enable = mkEnableOption "Enable the workstation archetype for your current system"; };
config = mkIf cfg.enable {
environment.sessionVariables = {
MOZ_ENABLE_WAYLAND = "1"; # Firefox native Wayland support
NIXOS_OZONE_WL = "1"; # Native Wayland in Chromium and Electron based applications
};
# Enable modules
puzzlevision = {
common = {
nix = {
enable = true; # Standard Nix configuration
use-lix = true;
use-nixld = true;
};
grub.enable = true; # Bootloader grub
networking.enable = true; # Networkmanager configuration
kernel.enable = true; # Kernel modifications
bluetooth.enable = true; # Bluetooth support
shell.enable = true; # Shell environment configuration
hardware.enable = true; # Common hardware support and tweaks
fonts.enable = true; # Common fonts and font management tweaks
audio.enable = true; # Audio setup
locale.enable = true; # Locale settings
};
tools = {
cachix.enable = true;
};
desktop.gnome.enable = true;
};
};
}

23
modules/nixos/common/audio/default.nix
View file

@ -1,23 +0,0 @@
{
lib,
namespace,
config,
...
}: with lib; with lib.${namespace};
let
cfg = config.${namespace}.common.audio;
in {
options.${namespace}.common.audio = { enable = mkEnableOption "whether to enable common audio support and tweaks"; };
config = mkIf cfg.enable {
services.pulseaudio.enable = false;
security.rtkit.enable = true;
services.pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
};
};
}

32
modules/nixos/common/bluetooth/default.nix
View file

@ -1,32 +0,0 @@
{
lib,
pkgs,
namespace,
config,
...
}: with lib; with lib.${namespace};
let
cfg = config.${namespace}.common.bluetooth;
in {
options.${namespace}.common.bluetooth = { enable = mkEnableOption "Enable bluetooth support on your current system"; };
config = mkIf cfg.enable {
environment.systemPackages = with pkgs; [ bluez ];
hardware.bluetooth = {
enable = true;
powerOnBoot = true;
package = pkgs.bluez;
settings = {
General = {
ControllerMode = "dual";
FastConnectable = "true";
Experimental = "true";
KernelExperimental = "true";
Disable= "Handsfree";
};
};
};
};
}

30
modules/nixos/common/fonts/default.nix
View file

@ -1,30 +0,0 @@
{
lib,
pkgs,
namespace,
config,
...
}: with lib; with lib.${namespace};
let
cfg = config.${namespace}.common.fonts;
in {
options.${namespace}.common.fonts = with types; {
enable = mkEnableOption "Enable system font management";
fonts = mkOption {
type = listOf package;
default = with pkgs; [ noto-fonts noto-fonts-cjk-sans noto-fonts-cjk-serif noto-fonts-emoji nerd-fonts.bigblue-terminal nerd-fonts.zed-mono monocraft ];
example = [ noto-fonts noto-fonts-emoji ];
description = "Install additional font packages";
};
};
config = mkIf cfg.enable {
environment.variables = {
LOG_ICONS = "true"; # Enable icons in tooling (requires nerdfonts)
};
environment.systemPackages = with pkgs; [ font-manager ];
fonts.packages = cfg.fonts;
};
}

31
modules/nixos/common/grub/default.nix
View file

@ -1,31 +0,0 @@
{
lib,
namespace,
config,
...
}: with lib; with lib.${namespace};
let
cfg = config.${namespace}.common.grub;
in {
options.${namespace}.common.grub = { enable = mkEnableOption "grub"; };
config = mkIf cfg.enable {
boot.loader.systemd-boot.enable = false;
boot.loader.grub = {
enable = true;
devices = [ "nodev" ];
efiInstallAsRemovable = true;
efiSupport = true;
extraEntries = ''
menuentry "Reboot" {
reboot
}
menuentry "Poweroff" {
halt
}
'';
};
};
}

16
modules/nixos/common/hardware/default.nix
View file

@ -1,16 +0,0 @@
{
lib,
namespace,
config,
...
}: with lib; with lib.${namespace};
let
cfg = config.${namespace}.common.hardware;
in {
options.${namespace}.common.hardware = { enable = mkEnableOption "whether to enable common hardware support"; };
config = mkIf cfg.enable {
hardware.sensor.iio.enable = true; # Enable iio-sensor for automatic screen rotation and similar features.
hardware.flipperzero.enable = true; # Enable support for the flipperzero device.
};
}

24
modules/nixos/common/kernel/default.nix
View file

@ -1,24 +0,0 @@
{
lib,
pkgs,
namespace,
config,
...
}: with lib; with lib.${namespace};
let
cfg = config.${namespace}.common.kernel;
in {
options.${namespace}.common.kernel = {
enable = mkEnableOption "Modify the standard kernel settings";
version = mkOption {
type = types.str;
default = "linuxPackages_latest";
example = "linuxPackages_latest";
description = "Set the kernel version to be used by your system";
};
};
config = mkIf cfg.enable {
boot.kernelPackages = pkgs.${cfg.version};
};
}

56
modules/nixos/common/locale/default.nix
View file

@ -1,56 +0,0 @@
{
lib,
namespace,
config,
...
}: with lib; with lib.${namespace};
let
cfg = config.${namespace}.common.locale;
in {
options.${namespace}.common.locale = {
enable = mkEnableOption "whether to enable common locale tweaks";
language = mkOption {
type = types.str;
default = "en_US";
example = "en_US";
description = "Sets the language for most text, doesn't include monetary or measurement settings";
};
country = mkOption {
type = types.str;
default = "de_DE";
example = "de_DE";
description = "Sets the language used for monetary or measurement settings (USD vs Euro, etc...)";
};
keymap = mkOption {
type = types.str;
default = "de";
example = "de";
description = "Sets the keymap to be used by the system";
};
};
config = mkIf cfg.enable {
# Internationalisation properties.
i18n.defaultLocale = "${cfg.language}.UTF-8";
i18n.extraLocaleSettings = {
LC_ADDRESS = "${cfg.country}.UTF-8";
LC_IDENTIFICATION = "${cfg.country}.UTF-8";
LC_MEASUREMENT = "${cfg.country}.UTF-8";
LC_MONETARY = "${cfg.country}.UTF-8";
LC_NAME = "${cfg.country}.UTF-8";
LC_NUMERIC = "${cfg.country}.UTF-8";
LC_PAPER = "${cfg.country}.UTF-8";
LC_TELEPHONE = "${cfg.country}.UTF-8";
LC_TIME = "${cfg.country}.UTF-8";
};
# Set console keymap.
console.keyMap = cfg.keymap;
services.xserver = {
xkb.layout = cfg.keymap;
};
};
}

20
modules/nixos/common/networking/default.nix
View file

@ -1,20 +0,0 @@
{
lib,
namespace,
config,
...
}:
let
inherit (lib) mkIf mkEnableOption;
cfg = config.${namespace}.common.networking;
in {
options.${namespace}.common.networking = {
enable = mkEnableOption "Whether to enable networking through NetworkManager.";
};
config = mkIf cfg.enable {
networking.networkmanager = {
enable = true;
};
};
}

53
modules/nixos/common/nix/default.nix
View file

@ -1,53 +0,0 @@
{
lib,
pkgs,
namespace,
config,
...
}: with lib; with lib.${namespace};
let
cfg = config.${namespace}.common.nix;
in {
options.${namespace}.common.nix = {
enable = mkEnableOption "Overwrite the default Nix configuration.";
use-lix = mkEnableOption "Enable Lix as an alternative to CppNix.";
use-nixld = mkEnableOption "Enable the use of dynamically linked executables on nix based systems.";
};
config = mkIf cfg.enable {
nix = {
settings = {
auto-optimise-store = true;
builders-use-substitutes = true;
experimental-features = [ "nix-command" "flakes" ];
keep-derivations = true;
keep-outputs = true;
max-jobs = "auto";
warn-dirty = false;
};
# Garbage collection configuration.
gc = {
automatic = true;
dates = "daily";
options = "--delete-older-than 3d";
};
extraOptions = ''
extra-substituters = https://devenv.cachix.org
extra-trusted-public-keys = devenv.cachix.org-1:w1cLUi8dv3hnoSPGAuibQv+f9TZLr6cv/Hm9XgU50cw=
'';
package = mkIf cfg.use-lix pkgs.lix; # Enable LIX
};
# Dynamic libraries for unpackaged programs
programs.nix-ld = mkIf cfg.use-nixld {
enable = true;
libraries = with pkgs; [
glibc
libcxx
];
};
};
}

20
modules/nixos/common/shell/default.nix
View file

@ -1,20 +0,0 @@
{
lib,
namespace,
config,
pkgs,
...
}: with lib; with lib.${namespace};
let
cfg = config.${namespace}.common.shell;
in {
options.${namespace}.common.shell = {
enable = mkEnableOption "Modify the standard shell options";
};
config = mkIf cfg.enable {
environment.shells = with pkgs; [ fish ];
users.defaultUserShell = pkgs.fish;
programs.fish.enable = true;
};
}

53
modules/nixos/desktop/gnome/default.nix
View file

@ -1,53 +0,0 @@
{
lib,
pkgs,
namespace,
config,
...
}: with lib; with lib.${namespace};
let
cfg = config.${namespace}.desktop.gnome;
in {
options.${namespace}.desktop.gnome = { enable = mkEnableOption "gnome"; };
config = mkIf cfg.enable {
services.xserver.enable = true;
# Enable GNOME and GDM.
services.xserver.displayManager.gdm.enable = true;
services.xserver.desktopManager.gnome.enable = true;
environment.gnome.excludePackages = with pkgs; [
gnome-tour
gedit
cheese
geary
yelp # Help view
epiphany # Gnome web
gnome-console
gnome-terminal
gnome-music
tali # Poker game
iagno # Go game
hitori # Sudoku game
gnome-contacts
gnome-initial-setup
gnome-system-monitor
];
programs.dconf.enable = true;
services.gnome.gnome-keyring.enable = true;
programs.kdeconnect = {
enable = true;
package = pkgs.gnomeExtensions.gsconnect;
};
environment.systemPackages = with pkgs; [
gnome-tweaks
blackbox-terminal # Terminal app
resources # System resource manager
];
};
}

20
modules/nixos/desktop/plasma/default.nix
View file

@ -1,20 +0,0 @@
{
lib,
namespace,
config,
...
}: with lib; with lib.${namespace};
let
cfg = config.${namespace}.desktop.plasma;
in {
options.${namespace}.desktop.plasma = { enable = mkEnableOption "Whether to enable the KDE Plasma desktop environment"; };
config = mkIf cfg.enable {
services.xserver.enable = true;
services.desktopManager.plasma6.enable = true;
services.displayManager.sddm.enable = true;
programs.kdeconnect.enable = true;
};
}

50
modules/nixos/security/yubikey/default.nix
View file

@ -1,50 +0,0 @@
{
lib,
pkgs,
config,
namespace,
...
}: with lib; with lib.${namespace};
let
cfg = config.${namespace}.security.yubikey;
in
{
options.${namespace}.security.yubikey = with types; {
enable = mkEnableOption "Enable the Yubikey as a security device.";
key-id = mkOption {
type = listOf str;
default = [ "30650551" ];
example = [ "123456" "1234567" ];
description = "Register additional Yubikey IDs.";
};
enable-agent = mkEnableOption "Enable the Yubikey agent";
};
config = mkIf cfg.enable {
environment.systemPackages = with pkgs; [ yubikey-manager yubioath-flutter ];
services.udev.packages = [ pkgs.yubikey-personalization ];
services.pcscd.enable = true;
programs.gnupg.agent = {
enable = true;
enableSSHSupport = true;
};
security.pam.services = {
login.u2fAuth = true;
sudo.u2fAuth = true;
};
services.yubikey-agent.enable = cfg.enable-agent;
programs.ssh.extraConfig = mkIf cfg.enable-agent ''
Host *
IdentityAgent /usr/local/var/run/yubikey-agent.sock
'';
environment.sessionVariables = mkIf cfg.enable-agent {
SSH_AUTH_SOCK = "/usr/local/var/run/yubikey-agent.sock";
};
};
}

47
modules/nixos/services/bluesky/pds/default.nix
View file

@ -1,47 +0,0 @@
{
lib,
namespace,
config,
host,
...
}: with lib; with lib.${namespace};
let
cfg = config.${namespace}.services.bluesky.pds;
in {
options.${namespace}.services.bluesky.pds = {
enable = mkEnableOption "Enable the Bluesky PDS, your own ATproto home!";
};
config = mkIf cfg.enable {
sops.secrets.bluesky-pds = {
sopsFile = lib.snowfall.fs.get-file "secrets/bluesky-pds.service.env";
format = "dotenv";
};
systemd.tmpfiles.rules = [
"d /var/lib/containers/bluesky 0700 root root -"
"d /var/lib/containers/bluesky/pds 0700 root root -"
"d /var/lib/containers/bluesky/pds/blobs 0700 root root -"
];
virtualisation.oci-containers.containers.bluesky-pds = {
image = "ghcr.io/bluesky-social/pds:0.4";
autoStart = true;
hostname = host;
environmentFiles = [
config.sops.secrets.bluesky-pds.path
];
labels = {
"traefik.enable" = "true";
"traefik.http.routers.bluesky-pds.entrypoints" = "websecure";
"traefik.http.routers.bluesky-pds.rule" = "Host(`bsky.thevoid.cafe`) || HostRegexp(`.+\.bsky\.thevoid\.cafe`)";
"traefik.http.middlewares.bluesky-pds-header.headers.customrequestheaders.Host" = "{host}";
"traefik.http.services.bluesky-pds.loadbalancer.server.port" = "2583";
};
volumes = [
"/var/lib/containers/bluesky/pds:/pds"
];
extraOptions = ["--network=proxy"];
};
};
}

30
modules/nixos/services/duckdns/default.nix
View file

@ -1,30 +0,0 @@
{
lib,
namespace,
config,
host,
...
}: with lib; with lib.${namespace};
let
cfg = config.${namespace}.services.duckdns;
in {
options.${namespace}.services.duckdns = {
enable = mkEnableOption "Enable DuckDNS, the dynamic dns service. Will periodically refresh your IP.";
};
config = mkIf cfg.enable {
sops.secrets.duckdns = {
sopsFile = lib.snowfall.fs.get-file "secrets/duckdns.service.env";
format = "dotenv";
};
virtualisation.oci-containers.containers.duckdns = {
image = "lscr.io/linuxserver/duckdns:latest";
autoStart = true;
hostname = host;
environmentFiles = [
config.sops.secrets.duckdns.path
];
};
};
}

56
modules/nixos/services/forgejo/default.nix
View file

@ -1,56 +0,0 @@
{
lib,
config,
namespace,
...
}:
let
inherit (lib) mkEnableOption mkIf;
cfg = config.${namespace}.services.forgejo;
in
{
options.${namespace}.services.forgejo = {
enable = mkEnableOption "Whether to enable the forgejo git service.";
};
config = mkIf cfg.enable {
services.forgejo = {
enable = true;
database = {
type = "postgres";
};
lfs.enable = true;
settings = {
server = {
DOMAIN = "git.thevoid.cafe";
ROOT_URL = "https://git.thevoid.cafe/";
HTTP_PORT = "3030";
};
service.DISABLE_REGISTRATION = true;
actions = {
ENABLED = true;
DEFAULT_ACTIONS_URL = "github";
};
};
};
# TODO: finish this configuration
services.traefik = {
dynamicConfigOptions = {
http = {
routers.forgejo = {
entryPoints = ["websecure"];
rule = "Host(`git.thevoid.cafe`)";
service = "forgejo";
};
services.forgejo.loadbalancer.server = {
url = "http://localhost:3030";
};
};
};
};
};
}

44
modules/nixos/services/homepage/default.nix
View file

@ -1,44 +0,0 @@
{
lib,
namespace,
config,
host,
...
}: with lib; with lib.${namespace};
let
cfg = config.${namespace}.services.homepage;
homepageConfigDirectory = lib.snowfall.fs.get-file "resources/services/homepage";
in {
options.${namespace}.services.homepage = { enable = mkEnableOption "Enable Homepage, an intuitive dashboard for your services."; };
config = mkIf cfg.enable {
systemd.tmpfiles.rules = [
"d /var/lib/containers/homepage 0700 root root -"
"d /var/lib/containers/homepage/config 0700 root root -"
"d /var/lib/containers/homepage/images 0700 root root -"
];
# Copy files from homepageConfigDirectory to the target directory
system.activationScripts.homepage = ''
cp -r ${homepageConfigDirectory}/* /var/lib/containers/homepage/
'';
virtualisation.oci-containers.containers.homepage = {
image = "ghcr.io/gethomepage/homepage:latest";
autoStart = true;
hostname = host;
labels = {
"traefik.enable" = "true";
"traefik.http.routers.homepage.entrypoints" = "websecure";
"traefik.http.routers.homepage.rule" = "Host(`home.thevoid.cafe`)";
"traefik.http.services.homepage.loadbalancer.server.port" = "3000";
};
volumes = [
"/var/lib/containers/homepage/config:/app/config:rw"
"/var/lib/containers/homepage/images:/app/public/images:rw"
"/var/run/docker.sock:/var/run/docker.sock:ro" # Optional, used for docker integration.
];
extraOptions = ["--network=proxy"];
};
};
}

109
modules/nixos/services/sharkey/default.nix
View file

@ -1,109 +0,0 @@
{
lib,
namespace,
config,
host,
...
}: with lib; with lib.${namespace};
let
cfg = config.${namespace}.services.sharkey;
in {
options.${namespace}.services.sharkey = { enable = mkEnableOption "Enable Sharkey, the activitypub-based microblogging service."; };
config = mkIf cfg.enable {
sops.secrets.sharkey-config = {
sopsFile = lib.snowfall.fs.get-file "secrets/default.sharkey.service.yaml";
format = "yaml";
};
sops.secrets.sharkey-docker-config = {
sopsFile = lib.snowfall.fs.get-file "secrets/docker-env.sharkey.service.env";
format = "dotenv";
};
sops.secrets.sharkey-meilisearch-config = {
sopsFile = lib.snowfall.fs.get-file "secrets/meilisearch.sharkey.service.env";
format = "dotenv";
};
systemd.tmpfiles.rules = [
"d /var/lib/containers/sharkey 0700 991 991 -"
];
system.activationScripts.sharkey-web = ''
cp ${config.sops.secrets.sharkey-config.path} /var/lib/containers/sharkey/.config/default.yml
'';
virtualisation.oci-containers.containers.sharkey-web = {
image = "registry.activitypub.software/transfem-org/sharkey:latest";
autoStart = true;
hostname = host;
dependsOn = [ "sharkey-redis" "sharkey-db" ];
environment = {
NODE_ENV = "production";
};
labels = {
"traefik.enable" = "true";
"traefik.http.routers.sharkey.entrypoints" = "websecure";
"traefik.http.routers.sharkey.rule" = "Host(`voxtek.enterprises`)";
"traefik.http.services.sharkey.loadbalancer.server.port" = "3000";
# Homepage labels
"homepage.group" = "Entertainment";
"homepage.name" = "Sharkey";
"homepage.icon" = "/images/logo.png";
"homepage.href" = "https://voxtek.enterprises";
"homepage.description" = "Private VoxTek themed Sharkey instance";
"homepage.ping" = "https://voxtek.enterprises";
"homepage.widget.type" = "mastodon";
"homepage.widget.url" = "https://voxtek.enterprises";
};
volumes = [
"/var/lib/containers/sharkey/files:/sharkey/files:rw"
"/var/lib/containers/sharkey/.config:/sharkey/.config:ro"
];
extraOptions = ["--network=proxy --network=sharknet"];
};
virtualisation.oci-containers.containers.sharkey-redis = {
image = "docker.io/redis:7.0-alpine";
autoStart = true;
hostname = host;
volumes = [
"/var/lib/containers/sharkey/redis:/data:rw"
];
extraOptions = ["--network=sharknet"]; # Todo: implement healthcheck
};
virtualisation.oci-containers.containers.sharkey-meilisearch = {
image = "getmeili/meilisearch:v1.3.4";
autoStart = true;
hostname = host;
volumes = [
"/var/lib/containers/sharkey/meili_data:/meili_data:rw"
];
environment = {
MEILI_NO_ANALYTICS = "true";
MEILI_ENV = "production";
};
environmentFiles = [
config.sops.secrets.sharkey-meilisearch.path
];
extraOptions = ["--network=sharknet"];
};
virtualisation.oci-containers.containers.sharkey-db = {
image = "docker.io/postgres:16.1-alpine";
autoStart = true;
hostname = host;
volumes = [
"/var/lib/containers/sharkey/db:/var/lib/postgresql/data:rw"
];
environmentFiles = [
config.sops.secrets.sharkey-docker-config.path
];
extraOptions = ["--network=sharknet"]; # Todo: implement healthcheck
};
# W.I.P Todo: finish Sharkey service
};
}

110
modules/nixos/services/traefik/default.nix
View file

@ -1,110 +0,0 @@
{
lib,
namespace,
config,
...
}: with lib; with lib.${namespace};
let
cfg = config.${namespace}.services.traefik;
in {
options.${namespace}.services.traefik = {
enable = mkEnableOption "Enable the Traefik service.";
cloudflareEmail = mkOption {
type = types.str;
default = config.${namespace}.admin.email;
example = "system@thevoid.cafe";
description = "Specify the E-Mail associated with your Cloudflare account for ACME.";
};
};
config = mkIf cfg.enable {
networking.firewall.allowedTCPPorts = [80 8080 443]; # http, dashboard, https
systemd.services.traefik = {
environment = {
CF_API_EMAIL = cfg.cloudflareEmail;
};
serviceConfig = {
EnvironmentFile = [config.sops.secrets."services/cloudflare/api_key".path];
};
};
services.traefik = {
enable = true;
group = "docker";
staticConfigOptions = {
log = {
level = "INFO";
filePath = "/var/lib/traefik/traefik.log";
noColor = false;
maxSize = 100;
compress = true;
};
api = {
dashboard = true;
insecure = true;
};
providers = {
docker = {
exposedByDefault = false;
network = "proxy";
};
};
certificatesResolvers = {
letsencrypt = {
acme = {
email = cfg.cloudflareEmail;
storage = "/var/lib/traefik/acme.json";
#caServer = "https://acme-staging-v02.api.letsencrypt.org/directory"; # Uncomment this when testing stuff!
dnsChallenge = {
provider = "cloudflare";
};
};
};
};
entryPoints.web = {
address = ":80";
http.redirections.entryPoint = {
to = "websecure";
scheme = "https";
permanent = true;
};
};
entryPoints.websecure = {
address = ":443";
http.tls = {
certResolver = "letsencrypt";
domains = [
{
main = "voidtales.dev";
sans = ["*.voidtales.dev"];
}
{
main = "voxtek.enterprises";
sans = ["*.voxtek.enterprises"];
}
{
main = "thevoid.cafe";
sans = ["*.thevoid.cafe"];
}
{
main = "reckers.dev";
sans = ["*.reckers.dev"];
}
{
main = "rhysbot.co.uk";
sans = ["*.rhysbot.co.uk"];
}
];
};
};
};
};
};
}

43
modules/nixos/services/vaultwarden/default.nix
View file

@ -1,43 +0,0 @@
{
lib,
namespace,
config,
host,
...
}: with lib; with lib.${namespace};
let
cfg = config.${namespace}.services.vaultwarden;
in {
options.${namespace}.services.vaultwarden = { enable = mkEnableOption "Enable Vaultwarden, a self-hostable password manager."; };
config = mkIf cfg.enable {
sops.secrets.vaultwarden = {
sopsFile = lib.snowfall.fs.get-file "secrets/vaultwarden.service.env";
format = "dotenv";
};
# Ensure directories exists before OCI container is launched.
systemd.tmpfiles.rules = [
"d /var/lib/containers/vaultwarden/data 0700 root root -"
];
# "Inspired" by BreakingTV @ github.com
virtualisation.oci-containers.containers.vaultwarden = {
image = "vaultwarden/server";
autoStart = true;
hostname = host;
labels = {
"traefik.enable" = "true";
"traefik.http.routers.vaultwarden.entrypoints" = "websecure";
"traefik.http.routers.vaultwarden.rule" = "Host(`vault.thevoid.cafe`)";
};
volumes = [
"/var/lib/containers/vaultwarden/data:/data:rw"
];
environmentFiles = [
config.sops.secrets.vaultwarden.path
];
extraOptions = ["--network=proxy"];
};
};
}

17
modules/nixos/tools/cachix/default.nix
View file

@ -1,17 +0,0 @@
{
lib,
pkgs,
namespace,
config,
...
}: with lib; with lib.${namespace};
let
cfg = config.${namespace}.tools.cachix;
in {
options.${namespace}.tools.cachix = { enable = mkEnableOption "Enable the cachix binary cache service on your system."; };
config = mkIf cfg.enable {
environment.systemPackages = with pkgs; [ cachix ];
};
}

30
resources/apps/fish/Catppuccin Macchiato.theme
View file

@ -1,30 +0,0 @@
# name: 'Catppuccin Macchiato'
# url: 'https://github.com/catppuccin/fish'
# preferred_background: 24273a
fish_color_normal cad3f5
fish_color_command 8aadf4
fish_color_param f0c6c6
fish_color_keyword ed8796
fish_color_quote a6da95
fish_color_redirection f5bde6
fish_color_end f5a97f
fish_color_comment 8087a2
fish_color_error ed8796
fish_color_gray 6e738d
fish_color_selection --background=363a4f
fish_color_search_match --background=363a4f
fish_color_option a6da95
fish_color_operator f5bde6
fish_color_escape ee99a0
fish_color_autosuggestion 6e738d
fish_color_cancel ed8796
fish_color_cwd eed49f
fish_color_user 8bd5ca
fish_color_host 8aadf4
fish_color_host_remote a6da95
fish_color_status ed8796
fish_pager_color_progress 6e738d
fish_pager_color_prefix f5bde6
fish_pager_color_completion cad3f5
fish_pager_color_description 6e738d

30
resources/services/homepage/config/bookmarks.yaml
View file

@ -1,30 +0,0 @@
---
# For configuration options and examples, please see:
# https://gethomepage.dev/en/configs/bookmarks
- IT:
- Github:
- abbr: GH
href: https://github.com/
- Codeberg:
- icon: mdi-image-filter-hdr-outline
href: https://codeberg.org/
- Stackoverflow:
- abbr: SO
href: https://stackoverflow.com/
- Social:
- Reddit:
- abbr: RE
href: https://reddit.com/
- Whatsapp:
- icon: mdi-chat-outline
href: https://web.whatsapp.com/
- Fun:
- YouTube:
- icon: mdi-video-vintage
href: https://youtube.com/
- A-Dark-Room:
- icon: mdi-campfire
href: https://adarkroom.doublespeakgames.com/

10
resources/services/homepage/config/docker.yaml
View file

@ -1,10 +0,0 @@
---
# For configuration options and examples, please see:
# https://gethomepage.dev/en/configs/docker/
# my-docker:
# host: 127.0.0.1
# port: 2375
default-docker:
socket: /var/run/docker.sock

14
resources/services/homepage/config/services.yaml
View file

@ -1,14 +0,0 @@
---
# For configuration options and examples, please see:
# https://gethomepage.dev/en/configs/services
- System:
- Fritz!Box:
name: Fritz!Box
icon: avmfritzbox.png
href: http://192.168.178.1
description: Home router configuration
widget:
type: "fritzbox"
url: http://192.168.178.1
ping: http://192.168.178.1

54
resources/services/homepage/config/settings.yaml
View file

@ -1,54 +0,0 @@
---
# For configuration options and examples, please see:
# https://gethomepage.dev/en/configs/settings
title: Jo's Home
background:
image: /images/blossoms.png
blur: md
opacity: 45
favicon: /images/logo.png
theme: dark
color: slate
iconStyle: theme
layout:
Media:
style: row
columns: 1
Utilities:
style: column
columns: 2
Entertainment:
style: column
column: 3
System:
style: column
columns: 3
Development:
style: row
columns: 2
Social:
style: column
columns: 3
IT:
style: column
columns: 3
Fun:
style: column
columns: 3
headerStyle: clean
target: _blank
quicklaunch:
searchDescriptions: true
hideInternetSearch: false
hideVisitURL: false
hideVersion: true
showStats: false

22
resources/services/homepage/config/widgets.yaml
View file

@ -1,22 +0,0 @@
---
# For configuration options and examples, please see:
# https://gethomepage.dev/en/configs/widgets
- resources:
label: System
cpu: true
memory: true
uptime: true
units: metric
- resources:
label: Storage
disk: /
- datetime:
text_size: xl
format:
timeStyle: short
dateStyle: long
hourCycle: h23
locale: de

BIN
resources/services/homepage/images/blossoms.png
View file

Binary file not shown.
Side by side

Before

Width:  |  Height:  |  Size: 5.9 MiB

BIN
resources/services/homepage/images/logo.png
View file

Binary file not shown.
Side by side

Before

Width:  |  Height:  |  Size: 17 KiB

BIN
resources/wallpapers/bass.png
View file

Binary file not shown.
Side by side

Before

Width:  |  Height:  |  Size: 178 KiB

BIN
resources/wallpapers/blossoms.png
View file

Binary file not shown.
Side by side

Before

Width:  |  Height:  |  Size: 5.9 MiB

BIN
resources/wallpapers/catppuccin_blue_cat.png
View file

Binary file not shown.
Side by side

Before

Width:  |  Height:  |  Size: 188 KiB

BIN
resources/wallpapers/hatsune_miku_film_band.png
View file

Binary file not shown.
Side by side

Before

Width:  |  Height:  |  Size: 2.2 MiB

BIN
resources/wallpapers/mocha-vibrant-colours.png
View file

Binary file not shown.
Side by side

Before

Width:  |  Height:  |  Size: 1 MiB

BIN
resources/wallpapers/pixelart_river_boat.png
View file

Binary file not shown.
Side by side

Before

Width:  |  Height:  |  Size: 206 KiB

BIN
resources/wallpapers/pond_sidewalk_dusk.jpg
View file

Binary file not shown.
Side by side

Before

Width:  |  Height:  |  Size: 1.1 MiB

36
secrets/bluesky-pds.service.env
View file

@ -1,36 +0,0 @@
#ENC[AES256_GCM,data:ymMgS47dyPaiR+dlsUTo/QFARGsKD8cbdxKlZBq7k0m0kKzyaL+SqEnI,iv:WSs+8MDiq28oWZ/NvwVfkMeTuP8V9SXC1MSDqe6D8HY=,tag:epOEDkItljcgD/JukD4S5A==,type:comment]
#ENC[AES256_GCM,data:pvDHzvOMTOuNZy/tNaBq5GblwMhio1Wu7W2hg4rzfk1DqXh6lrjhXf7tucutirVrk2bMVVRqLMZf5ZUYaUuOXfOXD0FJ7ts=,iv:na9arv0UPhtjiW4291gR2GJYVcsGM8Hg2uVinmcjF88=,tag:C7FOgkHPB314xXYgJLAFOQ==,type:comment]
PDS_HOSTNAME=ENC[AES256_GCM,data:/PJHZzk+KcNAkXSG4TjCLSQ=,iv:a64llfRwXJy38bSbSs163b0PsJ9hWi31WzMQ2rn4iL4=,tag:ZXKUVFXvqust5eFtitm20A==,type:str]
PDS_PORT=ENC[AES256_GCM,data:w+OLqg==,iv:HO1/XJdfpKUSiQLIXVLU1XrqqfzajNcclqRcSaNpQWo=,tag:UXOHqHS/S71Rwo7ixYizSw==,type:str]
#ENC[AES256_GCM,data:6g/ZfgV8SbqeDyWu6Nu4rQHJEKETTDflSKKr73HAJhovX4RHrkik,iv:2EwvFzAbuxgBeJeTmUDAfcHdzSbzfXFpB8X4XQTS0Bk=,tag:99MvXgGXcDoCBxC0Q21ZhA==,type:comment]
PDS_DATA_DIRECTORY=ENC[AES256_GCM,data:sdidZg==,iv:AgJI8rY7A09RQPU9DZU051Civ4eDe4irtyYwSjgxiko=,tag:R66Pys9x14Ef8jdH/Vtwsg==,type:str]
#ENC[AES256_GCM,data:jnvmS1bF0F+r1hbsNdLqIijZGEkhV9tKSl7IQiHdt2/b812dgEgIDxC27w2FgeB2qO6zf3vD18A=,iv:DYJ+CWqk/b/ALr9TD7HPBf71Rky5hyi9ChffQD0PfMM=,tag:50MIIyqgHdhMSERgP3UG9g==,type:comment]
PDS_BLOBSTORE_DISK_LOCATION=ENC[AES256_GCM,data:kjbRpPC7Xui7qQ==,iv:raibPKnndeK/NACyCqDUVcP1B6jV6knopQbzrKmGY9Q=,tag:xszl7ZhAUdaVZ5iDipR/lA==,type:str]
PDS_BLOB_UPLOAD_LIMIT=ENC[AES256_GCM,data:+KoT3/h4ohc=,iv:vouuiEDd45PcwyyNxdbYzWYZDSG4xaSh0j2SjZsXzw8=,tag:dDbLCEcDnd3m5d+w5SzsEQ==,type:str]
#ENC[AES256_GCM,data:2Hu8altCHAXazYQAixYKYOS6u2brQR3vcPR+rUSSGOFlrB86+EUsXVud17g+ZTY4Fynzxh+FPojGdu9blBsiKdkg9SH/nqflnq6h,iv:FcIASLSlyBbDVQRPL3ySig5S6vDyoOJyZrR3qmK9Ij8=,tag:dETBU1taXpPoBJJ5g9v8lw==,type:comment]
PDS_REPO_SIGNING_KEY_K256_PRIVATE_KEY_HEX=ENC[AES256_GCM,data:O98x9izHHm0pUf0m9TdokgJS8QWJnYt0fAfEfsTaGXLYc5lMlJRZ4S2PeAuYzGR+8hkJ/zKjKAPJRNmkE8qKNQ==,iv:D+w5QVLAw7s+khJ5p3Vzvq9VaPBFO393nJnmla61Fko=,tag:pLQ/VKx74Xp0kXIy63oIzA==,type:str]
PDS_PLC_ROTATION_KEY_K256_PRIVATE_KEY_HEX=ENC[AES256_GCM,data:OSuzQBZqo9GhBN1cqLLbaBWYtPkS6Q+8OY5Elrb9tw4H++9Yv5Z8EluPwl+8yPr+Bwo/px38A9fjrmRYUiZn5w==,iv:Nvn7Mb0VwHSs60g+iQnG/FR/hjAntsEiPX085HKksSg=,tag:cICZ2ceEFK683A+VznPLSw==,type:str]
#ENC[AES256_GCM,data:jfeJPg58+C1pr7bzvgzB7Chc6HhTmZimTvTxQhbHXQxEuyjO6NHi32IwKOClljBL,iv:LWh3Iu3mKhJxVL0kFykFmUhis2f7ANa8B3yF4IPIZHs=,tag:Bma2uzjI5my41yHnTti6Iw==,type:comment]
PDS_JWT_SECRET=ENC[AES256_GCM,data:bXh9dEpV23CXmqnPEAK1wm0eU2SEPk04N3FSJD01Mx4=,iv:Rd52tJGU+V6vGgLlzXBqX5jGidC+KH3C76U1qp2Z5DI=,tag:Fi3j6bYKV9P2xaisRTx13A==,type:str]
PDS_ADMIN_PASSWORD=ENC[AES256_GCM,data:bPIy15HEM0Vjy9JN10Hjc4or9+d2Wd11RCuiKhMK8ns=,iv:KGjGK4iuXAnE8pLwHP9d67otZ4+cjjhJWrWR3oV5X+0=,tag:ub9u0x3XJuo6WQqMAXyRrg==,type:str]
#ENC[AES256_GCM,data:JiFiCQEIK+rTTTMiYwFqCwLPV88UoSWYN+4rWfROBVj111oVg8EtoXJa,iv:rsMuO5IvC94JZbLSxc5WSS3UuWa6E3vBp0tzeT9xZNU=,tag:KTSyE2EPbD3HUFZXWddJjA==,type:comment]
PDS_DID_PLC_URL=ENC[AES256_GCM,data:W4FxI9zuMrr0kMEQ0ugNjpYsSaM5,iv:mlqu2n4Vxja3tLasqmIVzZnvWMOqU4OaYn7lU+agkOM=,tag:cTEIhSv48Rres98kgkuFtg==,type:str]
PDS_BSKY_APP_VIEW_URL=ENC[AES256_GCM,data:fwcz+Z95CIWaohp0d4ZEJB7Lc9c=,iv:28VuOI4a4K5s6dSOYz1Gp4YquqcSRA3PYT1fzNg8P6k=,tag:61JYt0UeDIoHUNNzoDHCAg==,type:str]
PDS_BSKY_APP_VIEW_DID=ENC[AES256_GCM,data:hxos9yGqdQt1cUdHeh4sC4Lpt/c=,iv:EYPROnOlZ653yOQVgWeO0lbKoM0vTDt3N76Qr71g9ek=,tag:I6JvO9/23V4mbJW4XX6lPw==,type:str]
PDS_REPORT_SERVICE_URL=ENC[AES256_GCM,data:+2j/vYlUK/XwDtskOmRpRjKcsK8=,iv:EAnpyCuPoniGNf4hOO8EFOXq2+XlpmbOF0HzpQlHAA0=,tag:sj6XNHUSLsNeYIFa1qP1Mg==,type:str]
PDS_REPORT_SERVICE_DID=ENC[AES256_GCM,data:/RLQ6D76MccWR1yE1OTc91JtwvPwoXjH2kEVvwIfkWE=,iv:Fl7e2qaqj0gcH7pPGCzZTuIQgBvIvxx+BEgbW3/8Jj0=,tag:4eavQt0MDWh2oUjvEBK9Jg==,type:str]
PDS_CRAWLERS=ENC[AES256_GCM,data:X8Gf3BtpQ204i0/AwQbR+GiZOeY=,iv:vdhToyxzwF2PQcB4otI5BMoUcN9pJWvbP1D6T3z0AE0=,tag:T01tI6MRZXwswoB2BqMEfA==,type:str]
#ENC[AES256_GCM,data:p0cLIOdKd+l+dRMiTOWc,iv:NUd8o/h56gtx5oUzawpnh+KvRUcqoflozT4iJKhNVk8=,tag:DqmoDqW2chihKx8dAxgnQw==,type:comment]
PDS_OAUTH_PROVIDER_NAME=ENC[AES256_GCM,data:zdEEWeBrp2v/lzGbUrL6fWWK,iv:R6ISKGGePHJJHo/8tam/9LnY6Sdq73nGBKdlp6+/qes=,tag:Mdg0dOBGyenjxRlaZqxOEw==,type:str]
PDS_OAUTH_PROVIDER_PRIMARY_COLOR=ENC[AES256_GCM,data:y2kXFLgMfQ==,iv:BcmweofuJbqwxuF1NgE4LDdq8wnlywYIZmSt5+rJzDY=,tag:ZSJaqVM22n1slNhC5hiYjw==,type:str]
#ENC[AES256_GCM,data:lXPnReG2UoQ9ZQ==,iv:oVIVFKpbJFFyp+jslT1ZzfXI8lZ62ZNqGJSi148bUek=,tag:kTbWnEDa88X4G7Msgdl2LQ==,type:comment]
LOG_ENABLED=ENC[AES256_GCM,data:aSy6rQ==,iv:N9jI4SOkBKWIpZSPYGadxXWksVQPa2OBR/wPqWffNSY=,tag:kaqz/iTAmN5m7Ba7Q4DrRA==,type:str]
PDS_INVITE_REQUIRED=ENC[AES256_GCM,data:3A==,iv:fCUgZw9k/TXotvhgu/dNiEWsS81iaUqBEoniKZIGfKQ=,tag:elpjSMFQLDSgrQOrO9Zwpw==,type:str]
sops_age__list_0__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBFNE5JNnBlbG5sT2ZES1lj\nbWU2ZlNpZ3YyOHFlWHlISXV2NFpuR0Y5Q2xVCjVNWTlSNy9hS1hhcUY0eHh2b25W\nemdCRWhINzd2WnM5VC9GaHpPUWs5ZXMKLS0tICtNVTJsdmVNOS9GVU5odTd1cS9D\nUmoxTnM1Vm1NUndjaitjaVhTUmQvSE0KRIxuzz43MqcwHe/Lg0bNmLjaIg3XUr0L\nQmvAitUE2yMTqNc+7UK8tyhYYbbm55ZQYExA3036M/JS8DwgbnVVQw==\n-----END AGE ENCRYPTED FILE-----\n
sops_age__list_0__map_recipient=age1gudgza8lv02nwec0pejqpp5t7zu0tzjsfkmvgvy3ckfscr9f4qrq2sl5dv
sops_age__list_1__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB0RHBxSWxRMHdiSGNhS2tz\nNkpaL3lRbHFHWmlBbXV4YSt2MmFGQ2JsYndNCjRSQzBXd25SZ05zR2xXdWwxazgv\nZWVyZ0FkK1hYRW5tQ280Y1Jvc2gvVFUKLS0tIDBjQkh6QzZGVlg2aUUzdHptYjJC\nTlFxc3RjR3RDNWtrRXRCUW1ybitMcEEK1lIlBzdiAH7DJLsX1XxEhykk0a4vOp8F\nK/iEyvAix1MVyt3a0faLfoyqxQY5DBspYkW79A+uvx/44II4O0PBNg==\n-----END AGE ENCRYPTED FILE-----\n
sops_age__list_1__map_recipient=age1qcjcwh9tq8pzf2yr7m3hm2n3n3y5rlc30fpkr0eytju9w57ucgcsgcy79d
sops_lastmodified=2024-10-29T03:45:44Z
sops_mac=ENC[AES256_GCM,data:8oojVGNNYw+BJn7Dy1o2D4QXGzUesje3162rTS7wkxfK9r4qc5f1T9abP0HmEpSKmLODCAZvRQfeOuRJJhppbFSoHnlShjobM0nWdicSr98BmFlKFJ5ltZy9WDqZMna/p4gI+b0pG06I8e9UnrL+pb3sWAH6rUs2+i3pQLFcS78=,iv:yU6DfWhQ4/hpfgWN25SKyMiOEIzxx5+OSeB8Nil2uoY=,tag:MtvLPZgakbqBwGOcDcY+6g==,type:str]
sops_unencrypted_suffix=_unencrypted
sops_version=3.9.1

93
secrets/default.sharkey.service.yaml
View file

@ -1,93 +0,0 @@
#ENC[AES256_GCM,data:eIiG0Tw4yr/XAwttxD+yBG3JUGnRFF/wID54twOK4ehqgixTZRUDUtSAVGBco6JJ0SBTJYeqFDXtvs1jRkIO6t4RyMFkL2QeiMYFr9dOrOiyAbbOM1+Sp2Yi3qSbLtbI0/NETEUEhwIACUn1tfanfMFgZqcKdG4qHIdz12zlYOiyT3D65HnMapRFGj0nfdf0UKlcDXUOCVxZxRhoa2XAColWQozCAmvZJMLfQk/UyPFnnr4wgJyvVCCFeEhu,iv:aqvfnesYkvZ5m/7evwvK2h16I9pvL8KRW2+Qs066Q1s=,tag:BkaxVW83r3RLDk8YbmO3Mw==,type:comment]
#ENC[AES256_GCM,data:JQDxHZFRQiBy9fHlGXKo105G7HXngg==,iv:uaziiobAtGu6Zke21DSGBgcFfiJo7KZ+awFEH7si7rk=,tag:K1EPBlWvIoP1jmzcsLIyvw==,type:comment]
#ENC[AES256_GCM,data:eIiG0Tw4yr/XAwttxD+yBG3JUGnRFF/wID54twOK4ehqgixTZRUDUtSAVGBco6JJ0SBTJYeqFDXtvs1jRkIO6t4RyMFkL2QeiMYFr9dOrOiyAbbOM1+Sp2Yi3qSbLtbI0/NETEUEhwIACUn1tfanfMFgZqcKdG4qHIdz12zlYOiyT3D65HnMapRFGj0nfdf0UKlcDXUOCVxZxRhoa2XAColWQozCAmvZJMLfQk/UyPFnnr4wgJyvVCCFeEhu,iv:aqvfnesYkvZ5m/7evwvK2h16I9pvL8KRW2+Qs066Q1s=,tag:BkaxVW83r3RLDk8YbmO3Mw==,type:comment]
#ENC[AES256_GCM,data:rDT59Ke45ejmMj3zy27VpswSg12HsZbD,iv:Xg1Z4pgygWRLf7SW7UrJwIQQMWFtMBDbj7ivPVKh3KA=,tag:N3Dcr5uuObped2PJOM618Q==,type:comment]
#ENC[AES256_GCM,data:4A1iClcwwlmMPT+33glvbYFkI0J4Lvw/11mqRg5Dc1og7dOtGVF57q1wrRU//dgTkOHl8CA2w8fZmFco9/N75U9aJctLd9rkfp7abZ6qphw+SizAWRrpJf82zir0hygdM+ID1DPhCJAz99lWRfYTTyGFg3/RCt2WvfhVjH2Hs1n+0Kq4eni7BAtFHIVQGu5fHlsb944SgodDiMtiI6egAsteVbcC82fpFTU3rDdd0wi3/oQ=,iv:LKkWLNAjzXqrHcrpcCL3oVUkpdtYZbsrK1eqYyR8qpw=,tag:OEWyqmJtw6HSfmy2+tW7fA==,type:comment]
url: ENC[AES256_GCM,data:RnuJZKUfGRpM5LcOcVJD6DfTGv1DHC/1qmI=,iv:+CDa3FvZn/6dmql2m+Gbh16ceOriIJtYKZR6WcucRv0=,tag:6WpF67maVqAywT7tXPuP7g==,type:str]
#ENC[AES256_GCM,data:Mlf23/juV4DO6iLHE8nkKvcS/F+YqFRC9957Lr++gpwmiRCJDPseGHKMSWXNqBvZFdb9d75O,iv:JVdbkue6gRD/TF6GxoekZ0d45IASh7k2K84/m2FPpIQ=,tag:q/we5yAewp3A2jyybV7VIg==,type:comment]
#ENC[AES256_GCM,data:6dlFfIjmmOK3wcvH3NvuE4rvJmcxYhd1ww==,iv:Ddd68Y346dV9wzxSnEXbItnFoESrZ+5GZH5f5ToSzhs=,tag:pRagpm0hTyHOHixWJtszXw==,type:comment]
#ENC[AES256_GCM,data:wbm6H8e7qJ6FGdkBVx/qzbr+sQiG6w/omYvkEd1y5DuFTMnMzmeEjkty49+OTiXZXYHE1DNuukZgZ5UJd2Wafh5ybqd7048Pt4Qaro8m,iv:APWvYGk59JGUBvzCdKLXvkXZskXD1pvMXYz9o9A9ZRA=,tag:YybRbo5rvjyVDogEcdJn3w==,type:comment]
#ENC[AES256_GCM,data:y1ACTJmNVGBvuK/pFYtChn+nVgnVtwJqTSEXbo7aHM9bpa2bIGKnVprMhoxNj4k9I6udy5DGA9S0vdk6/FyZm7eQWPd4I45Czh53S4x+mAOee49KEdV+F5xgLTwlHdDzI23Ea+ohlzX/17giK9g7OvI3NLK3l6fK+7AgzNmW8xGuaT1mWSqcREmZu0R5xhU=,iv:vhiqqkRWcVuyUD0M37q4iF2McsSjmhb22RS8/ipzlhg=,tag:mwMgq+nxLLA9hBLPnD39Fw==,type:comment]
#ENC[AES256_GCM,data:ObZX9Wg7KmlaYYDY9l8hL2nl9ABGbdb0E5MDMAO5KFAgXZjG0HEX7BoEYZVgjrlruS8fWg==,iv:/v4JRfwb1mWiOT/RlwzdZd1MahGtPQC0LAMuefzcByc=,tag:tUTKoFHj2ExsFFa4/EXhUg==,type:comment]
port: ENC[AES256_GCM,data:4vlNBQ==,iv:Z0cPW5jB93zuYNLzwnFcVQRKtmOWnJ2HIm1YdQ77jXg=,tag:Z4dVFvA/G+LlYKKjlqy5kA==,type:int]
#ENC[AES256_GCM,data:FjORD74M8kk6vbRuaCwqJt1cXJCFKv4LuWNJCY8tdXc/atfdt0SadGno4tKU95oABdsVzAzmo/819l3aoxulDhVa11Cc6Bs3SjjAlMvMsUlAFOqlYXM0,iv:MTcRU2cLS2Ow3HOGSJHagBj7mKRlIWZEORFcKYu954o=,tag:uQMc5LvuXfPRqglXtBsF4A==,type:comment]
#ENC[AES256_GCM,data:Hn2QVKpQwT8ZGJ52LosoqIznRjWpqkWpo7pE1SBmqAtj8USuDO/r5br3BK8KTO2OI0JhIfcsNO161woR1zXgjBP+Ql0Hf0iVz7Y5UbaBJXUoc9W85fcuBgZXd1uJNRWgqHEYTPT500JwQZo/+GvBA1TeTMhinGVaB9k3QvQRieEqqnCcm5YZCdE=,iv:lCyItmFQsd20tiC/F6ss9e98g35lXndZ8+l1HKiUEE4=,tag:HSmkMgS98FuyGcGOFN8cbQ==,type:comment]
db:
host: ENC[AES256_GCM,data:9/8dGL4WGftscg==,iv:uiGO3HNX9Mh1OWeX/nT8xpTEaflzBIQSlX4/POGPPFk=,tag:mDjWsVN8JzoxxSDFicd+iw==,type:str]
port: ENC[AES256_GCM,data:F8Gn4g==,iv:7pePNcsQdZ0WncvNt5zBeqEo3IgZM7+a5Z1eb7DafmY=,tag:C3oykAez+kkE7U2GIuR1xg==,type:int]
#ENC[AES256_GCM,data:KD+HO1HEdCVl9vEg62c=,iv:hD/9zpz4DJw+xMRg2LNdr64KCk3J5EMzp/aFYZGS6Is=,tag:oS0kufLrZHBK6hR+tfcvPA==,type:comment]
db: ENC[AES256_GCM,data:3BEcRu/h,iv:il0mOuQAeZ8WscwwlsFpiLdNN9mkmfLhCknTk0L5m2U=,tag:XynG4kPvR1Z7jb+y7TiQag==,type:str]
#ENC[AES256_GCM,data:UDtm9zc=,iv:TzVK4YfaJ9KgOe3olNqfl/vzpRNSiv0q7LYO8wJD7js=,tag:p45PD7U1BhK9GmcnNRc+3A==,type:comment]
user: ENC[AES256_GCM,data:oLQpofJ0,iv:GSk9Ns5HExTc2L4Og7ggTnyoZOo9/wbxYMqrW7NNO6s=,tag:YOEz5lUikEigrimNlM70BA==,type:str]
pass: ENC[AES256_GCM,data:5wbd3sQr9rmtgorG6+6ry9a9UqoHB+8/AjFfpOnaqtYvVy3PrA==,iv:/YTCSbU1kFwSr3w2n13JbzIaCo9hRwtSfF/00P4u470=,tag:XVJ88UR2zz4bjhCkn7erXQ==,type:str]
dbReplications: ENC[AES256_GCM,data:6z3JZ6o=,iv:lPqo4/H8xSX7TBJz6VlpLc0lQfoLLnyC/qdOuoX+QOQ=,tag:DvKWTntqWWwbDclgYRAdDw==,type:bool]
#ENC[AES256_GCM,data:TXpI1M1csi9FNlsxz5Du+53IhDwPsKyFBPEzwJd1gh1PzSTt4SxJetSSiAH+w/e9H6mBNX5cdmcOEo2LuwtA8zNGZ01wryA3,iv:i3/jvyACkM7eHYOqFrOeOyfzX2h9+oN0IdtZjjGj1SM=,tag:SG/B0pEK9NzTCdlGN1BH6A==,type:comment]
#ENC[AES256_GCM,data:ySwDMVC57IaXd0nbldBvgIR7Q2mUKjhAjgwDN9kFB6ntqpgRVhx1rXVRQmad5nIuCwFcLXKthPqkZL0bzkWWhBWkOgWKcwQsJnepTWFXJhdWbTvpEfXvIA0vKmRkten6FYuqHuONDm5cQlpYJsSTsRxHSOskHVmIhTiTsEX6Rie0U6f1dfh/2B8drlU9NEZ2YdRV,iv:s195UUADD8v3iysVfKxAhacB+5k4qA40fvGyPA0AZL8=,tag:MjZZsiOJ5Nmp+GqdOwna8w==,type:comment]
redis:
host: ENC[AES256_GCM,data:tbN7GWvKIEGzNZnycQ==,iv:BG63xG07/dzXV16dQ/zlAAXctjLpUD2+jVIvRyhwSlw=,tag:HcA39uX5JnM9NoX3dTaVOQ==,type:str]
port: ENC[AES256_GCM,data:HxFo+A==,iv:g60rM9QyHyQagbmTmMjhIEYjUv849VgxuJ1If5aOujE=,tag:xVK2Ga+aNwvh2PgNXZtdqA==,type:int]
#ENC[AES256_GCM,data:N/PpMaIlB3Rj4x3b8/kp7YceW7vhbwJHygokJ4AyAc8L3exmcuSLwYsGPrXiMnqsKpFaW1EDJHnsuYmHyy5tZ7ILGvpHvBqjVcwIUT7HGZ2yJo43HsuwvPpT,iv:wpoYY0nYI03IUilylUeW7fubQeDK+1TTdr5OoT9tmCQ=,tag:OSqvIiLcH8rL/RctjxwaIA==,type:comment]
#ENC[AES256_GCM,data:TsIFxtB/RZjTPRYMxugArUKCoWQXLoTTNftV/Dy3wyx95vUx3a3y4ye8FeEiWXWAZvIaDpGJw0wOBD+/H3cnmGakhnDioMMFP1rNwNKxvaacoR8EmiL6r9jLQgG91amvpxxNZyy1wGuYtPJKimIuOsS8IxLRaE998l3uFQmALWrU,iv:2jA6+wXcrSWY/cLRyQxSeE4W+OSc4hxEPw6ZI1XTdnI=,tag:nuG+IkMnMH21MnOkNoNeQw==,type:comment]
meilisearch:
host: ENC[AES256_GCM,data:S6OibpnDXkANiTE++xYWNwekZg==,iv:YbiOIm0BEy1NL4MrDCLkGFrqxAFblI6ypzhsaCh7Ss4=,tag:N3uwjp6DUOiojLRugvMzXA==,type:str]
port: ENC[AES256_GCM,data:M4kIuA==,iv:3JLcXVb/xavEc2g2FXeCOwIBV9ca/trnL2NbqP68NJA=,tag:qIushZTVxsjOar+n09v4jg==,type:int]
apiKey: ENC[AES256_GCM,data:CEuvxht+9kMwXoqNOWKoRMA2APi0x4RE1eiC3D9Fhl89dozjWPO5lIzNHQ==,iv:/ktXT6PJFiHHOrSGz5uP+8NdnW0rym8bgLwYGORZ/Ug=,tag:DUhNQWlErF2c1GCBdps1tQ==,type:str]
ssl: ENC[AES256_GCM,data:W4L/Oc8=,iv:PoU0HtV2O9A73oRTQiEqxjFXD9fRxxDZo+eWg1Qz//M=,tag:EWyDqsDIWsFqJN5PTuGZ+A==,type:bool]
index: ""
scope: ENC[AES256_GCM,data:4Z0F0flz,iv:T7vH+n6ALnPBmqIibbdW9Neb3ZDMiOuTgjYsBO51Gnk=,tag:u2482hOOcAX0DB6UjMRQjQ==,type:str]
#ENC[AES256_GCM,data:zA0HEDK78mqOSIFpMFx7jr7SfbnYVvVPLXwH1ncFRbt0cqa4DLIkvxWIzlKBkXmQPzIXrjuy,iv:f6iR4UJEG9OqX3wwDBUrzEVpAGvF3YAKvbFUtPkbBHI=,tag:Aafo8LJ86A0upwnjfmn6Dw==,type:comment]
#ENC[AES256_GCM,data:xCM0aAZZ1XXpPnv+XSH3yFimvTk3hk/kR7LFOH9zMBknwSO4NnNdG+gi7sRh6XkiQ3tHVIi8qEwuooeR1d392P3JhhftuBvIxWSVkteDxk6iEO1n/i8sxsCvlla3423NQp8xRn2lce5P9SyAdsuW1buWgawtMp6UBXVu1KlNCsTPmoSq9SluCVfdb2XgBmK5apEpAJ4Pij93U+Kvp5dM,iv:Z05DhKcqtcLKWPDEope3W76ubA5IkRaJzHZ5lvv9w6o=,tag:bYu5p79HiFMSXHwFafkG0Q==,type:comment]
#ENC[AES256_GCM,data:Mlf23/juV4DO6iLHE8nkKvcS/F+YqFRC9957Lr++gpwmiRCJDPseGHKMSWXNqBvZFdb9d75O,iv:JVdbkue6gRD/TF6GxoekZ0d45IASh7k2K84/m2FPpIQ=,tag:q/we5yAewp3A2jyybV7VIg==,type:comment]
#ENC[AES256_GCM,data:Zfc2c01XMNx5bLtRIb3wnag8fk4vACYP,iv:pNw+yAC6Iv43fFXbD1jE4gFVzj80YyHvyQm7DaPxbgg=,tag:3RqhaUMxjz022IyAHwQXrQ==,type:comment]
id: ENC[AES256_GCM,data:SUJPHA==,iv:3UuUuSpqsLhB+lfx9g2b/9ErjzRy67/y6X87BC8efWQ=,tag:uzS5WsuIAWmmvkJn50omtQ==,type:str]
#ENC[AES256_GCM,data:TXpI1M1csi9FNlsxz5Du+53IhDwPsKyFBPEzwJd1gh1PzSTt4SxJetSSiAH+w/e9H6mBNX5cdmcOEo2LuwtA8zNGZ01wryA3,iv:i3/jvyACkM7eHYOqFrOeOyfzX2h9+oN0IdtZjjGj1SM=,tag:SG/B0pEK9NzTCdlGN1BH6A==,type:comment]
#ENC[AES256_GCM,data:0JbVf4fAE7hmWK7RkANGgtZLP1V/LfipKeUIENnsG3vgDwojndX9dkJLChqUVNLLEvnlsNC6Xn6q2/f1m8bDZM5vNWiO8Q10SM4AAbaNXHx2+L42gPw4EgkmyzWSxDMlq7BvrRyJsQzM4W1yH/WS+/EpNbWHwHd80QTnX2O/vyi6Qu0yQOTQeMGKXgUSsjNeLSZP,iv:LSpdsY1p72Dql1yMqdhQUEXuehxp4LZK9/AQp6664Vk=,tag:uSNjFE6rXObxB7vdIa7Kvg==,type:comment]
#ENC[AES256_GCM,data:BQ7ngzrYTh/RKwSKrKdesmnybMijoV8DES7U,iv:OsH12SZa37BpPHKkPQGRvCS4HIY+RFKE6+1ino3CFi8=,tag:gMiXdpEaHdqMDnn9O2ozzQ==,type:comment]
clusterLimit: ENC[AES256_GCM,data:XQ==,iv:AZWCWUGsm6MCwbwLR2DbAQAPaE9sPx1N57I46E0UCMo=,tag:6johJGekQXtambLHNP8VEw==,type:int]
#ENC[AES256_GCM,data:6k9z4r5bKKauLB2PLf5fzA8thUgPvNnJQa4qVPA0P7J/n8puU9STc+sL/rX+ARS8X/anBQw00jb8HTgkAfL/NVyNz7DBlB874sZ7Ib076IphwwnPsw==,iv:truPWFH6uJUncvdygoV/nEN0/RvTfky5sUX+6wOKlzA=,tag:Z9Pf3Cmz4WI3HT74u1cxCg==,type:comment]
maxNoteLength: ENC[AES256_GCM,data:QDyTHA==,iv:UayYHSk5cnsUH6SfBK3qJ9nDQhkLw7xpq7gWYIPLVGs=,tag:cFE49Hzccy0GfwnxQKOiWQ==,type:int]
proxyBypassHosts:
- ENC[AES256_GCM,data:YQBDUjoYfgD9MG6QyQ==,iv:H4cQqMmwQPgBtB7PzC8bRcGP1lV52D5J1hK9VNTp3aA=,tag:3B8S0IlU3R6aj+pJmdjrBA==,type:str]
- ENC[AES256_GCM,data:Jodbs7SDAnLyM0OPEmfahVuc,iv:IK52i2Mg2/C2S3ylAX0XMissIswEvLmZyuCe6cs4jtg=,tag:GQKMe/PsWkWKuqc9k6DiKA==,type:str]
- ENC[AES256_GCM,data:gCxWvKCj2GSPeneYIK9lHMc=,iv:NLmY/Ajc3Vkpicu1ICPuoal1ki+0IECeQNf7qFwMwMU=,tag:2UzcrdiqpvL0AscCDhccNA==,type:str]
- ENC[AES256_GCM,data:MCVnqZP7M85Eg3tY,iv:cAX1ycouIBj89yCDM/XtyQxESj3L2NiRU/2mzWzTKSs=,tag:glZSideoEzODWFAnewrbOA==,type:str]
- ENC[AES256_GCM,data:54K/02Tsyylh+1nTspP1/yk7H0vtr8kQcg==,iv:Ollc3ofaZFBFy2hYxF8/4Z2pb4DtT3ZzEs5t/X1gy+M=,tag:q/XAAeNmz/SNfP91gVLjaA==,type:str]
#ENC[AES256_GCM,data:cSrUxckHey1hcFC99sbQNroyz8mTBcdr6fvsQOsljSLt/r4=,iv:f7Tq4X5AyxiTnuyx/2bp84UEPp7TOLncbTAYk1d3hqQ=,tag:o1OlgB6Fn7e4Xt/KfFj9dw==,type:comment]
#ENC[AES256_GCM,data:nYcPAsVWNZwUKE6YFTT56OG+ZOIJfUOPd8UzAr9jROgYtBbPxsJKhM5VMs/BWoKUC1zkXm0f2MCStdHXEiHhqfLQrI60NjBJiIw60BtFhj6jxEZUWrMrPQRO0+fA5O0yN2h0LDQUknEMEQ==,iv:i8DCJF2ipE4uEWjO9z1V5Da8yOhcR5DsTIPoUliMumQ=,tag:CJ83eBJX7ASp9xCz+l6lWw==,type:comment]
proxyRemoteFiles: ENC[AES256_GCM,data:jOWSAQ==,iv:QEgSLI3qN0Z/9hngcsCitYRD49jFED0vjrPq9AQfm0Y=,tag:b8Ba5aUv9H6q24g8cx6x6A==,type:bool]
#ENC[AES256_GCM,data:Dowaa2s7FCZ4wnhPU5+y6ka1ynFyD9w5PvZwKbNmGgxSImBEFzCWlRC+ev4WeOOl,iv:CQckotLMXJ673l+KikmJLMpC/0NArZAjXY2ntuQlIcY=,tag:uhszxHSOQ7y9G1w/7P+zyg==,type:comment]
signToActivityPubGet: ENC[AES256_GCM,data:QrHNhg==,iv:bILL+oCm/uBAKM4bdQvkzbo1bmzG1pP7OsqEOOJoUXo=,tag:Ef/yodnDY2xma+pHgQJ09w==,type:bool]
#ENC[AES256_GCM,data:n0tU1G/Kp4lURVDfR88KUuM4YEBmRnJrdyGLB/nJ6U36EoF/CYLgjh6TcyM2RE9Iidya2txAT0nqyMwyLAPKKzgJpisI6kFPDZJrhw==,iv:FrinvSFO7wqMy5IhBSxtNTuVtfCh91bHyFQ7bs0QdrY=,tag:UZ+QHzqTlMW6yHDmcTo0MA==,type:comment]
checkActivityPubGetSignature: ENC[AES256_GCM,data:IkKIs0I=,iv:AqMLF71latBnesc0SwyMKczBR25dH+4XzW6hEI3+sIE=,tag:eGefa4pW5U8JGJs0yOJF0g==,type:bool]
customMOTD:
- ENC[AES256_GCM,data:3KoBK2SGOs/bas/BGdja57nUc/AWl3HB3MpLdYLaVojddwUAgJuZs10=,iv:SWp+txRm85JJ2ZLkqGMuebPZa6FLnLgZ72rzVeEwq5M=,tag:iUiUuabYr+JW7NuGCFCWtw==,type:str]
- ENC[AES256_GCM,data:2PMcGRe5x2hX27RkmQhRnK8=,iv:rENl99Pa9LWLqfubgkdz1iQVfxpbtelcGo1kQbjh480=,tag:z06vAscbyAPtbr0wx79TcQ==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1gudgza8lv02nwec0pejqpp5t7zu0tzjsfkmvgvy3ckfscr9f4qrq2sl5dv
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJZ29ZNEpRa2RpOFkyZm5l
aWwzZ2xMbmVRRk5WUkM2YUVzWFVsQ1llclcwCmFocXBiMEZuRkNOclFsSUYzaVpo
aWtJSCtuNjNLQk8wV09JbVhCTjBuNjQKLS0tIC9CVzdlV09JcnpZQW5nVFJvc1RG
UlZtaGh6eDZTMFk3K2JGWTZRdVNDbEUKgJZH8TwrOPG7k56ZNivYiWaQUaqGOC9f
LNtVWzt14/ykrvFEyPGF72z2hBBxsJZDGiMuE2pxejydhJXHP+Eprw==
-----END AGE ENCRYPTED FILE-----
- recipient: age1qcjcwh9tq8pzf2yr7m3hm2n3n3y5rlc30fpkr0eytju9w57ucgcsgcy79d
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBZRFB2SHVWWlJwQWlpWHFJ
NkllYy91TFNweEpJdGUrRW9Gd2ZpMS93bVVFCjFKK0NiOGdiWm1VQ2tsd2NIeTVi
UnIxV1B0eU0weUhTQW5rVkczYi9NSFEKLS0tIEFnUlNucUFIQ0FCaG1MNmFPUUlk
Q3lVbzdwVjRZUHdNdmFpR2FYUmV1YWMKkB/gd2WQdzXHVfSA2otZICGDn4V+jVPU
PLXMh4fbQx0bM3xwaEckrU0/MRYWhTjalqPRkxjvGgAkQeW15Yl/9A==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-09-25T22:12:05Z"
mac: ENC[AES256_GCM,data:HhOmEo9p4FJpoa0P2ccxYtzVRTa+w145VS2ZB3a/bRmrfbBc34JKE2xRQJhLGSgrmTrY2IoNPqaavMGz76fLY0FgT6+mTRZ0EiGKMUmxgpItEimeOBqaVXwWXjTGml5gDpF/DZDsKNWs4j60CxlJwIqvSzd85BAPa4186T/DUIY=,iv:cXfS1Rt4JQMAR0oJGp4cLGWAXJtBdxHI+2AT2C2wP7E=,tag:GoodJgXcTaeouai9+JqKAw==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.0

35
secrets/default.yaml
View file

@ -1,35 +0,0 @@
user:
jo:
password_hash: ENC[AES256_GCM,data:5X6MonLf5AiIpWMSEnmH//7BIh2/qd3a+nVjZiC+yg6Z1LtIaKfMNY8cYFXwkmm84ojcBdmjdtEwPfLrwT+imSy2CFUKV6AuQg==,iv:Hlh5c+EophW3S9dXfNlnzoJ43Z7xd9Ciu6nHtj2/p3s=,tag:dtfGZRjIvElOM6+5ngT75w==,type:str]
services:
cloudflare:
api_key: ENC[AES256_GCM,data:y2CdoiszYf0EHcFzlAUjBN5DINM/HA/2JxMoAvvybTCFQPBYyZnTgR/AqFTulqzv,iv:mIFWq9YetAwYIeXSonWtjx0diV02CBySNsKnmB0ZnYo=,tag:MH0rFfN9f1ZVMKnhTbQwww==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1gudgza8lv02nwec0pejqpp5t7zu0tzjsfkmvgvy3ckfscr9f4qrq2sl5dv
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB4MGdHQ2V4YzAwSG5ZWXJD
ejhVdVpML2J0Q3Z6NzlIanV4anpsSXpXdWw4CkVvTDlYd3k1RldoaVJVV0lSN3JD
bUw3ZGxpREpjKzVEZFd4U0NIV0htWXMKLS0tIDBkZFRYN3p4YTNEMm50VGgwcUlN
dGRtcmY2VytsbThLdzY1UzByQUZyR00K9bBXCTqpmzo1LNT4pmgGtEwad8cmoxyJ
0y3TkHXFZw8KHuyV53sbrDyUreePCXLbjdBChdTSMXCMAZQxews+TQ==
-----END AGE ENCRYPTED FILE-----
- recipient: age1qcjcwh9tq8pzf2yr7m3hm2n3n3y5rlc30fpkr0eytju9w57ucgcsgcy79d
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBXanBCY01yTDZiS3N1YUQ2
SXFkbXVPT1E0M05xeFAyUVY5bUY3dTlTdWpjCjFIU2FVelpJaUJNWFRmbnB5aHg4
bS9LYnU1WFB2KzRjZlZ2SHZKb3B2ZGMKLS0tIGxDcW9uMjF3ZU1pY0g4NlVPcVNu
dnk2Z3N0YzU0eG5nbkkvZC8yQXJhWlEKKVGY0IyA9MMqzc+YohmHzKqHaf8z8t6Z
ag0TBf2uU2ZDiPfNhhDaUdltGiPrk+AlbHSTmrDwZ8T/+A8hHRyGYA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-09-25T22:28:00Z"
mac: ENC[AES256_GCM,data:EcwH/io8R2dVebnYqnIf75Q+riy4i5tFt5n4d3RivWYJkAl0WZNYJiCuUKXQHfbCYGGbxw7wDCjSRkjkCSkjysPiM6PukTthEuk9MimDkk5ScFQYHnumoysZT2BSWKcKw5Njr/zaHdvSnd4aVqqp4oFACh3Gmszja/4cgwxEqsc=,iv:IbK1WdW+qE31Xu1PM7zWRjxFPVRrOR1S+tZQMOo8T2k=,tag:KvhggX7m9kgJ9HsoMV6Ngw==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.0

12
secrets/docker-env.sharkey.service.env
View file

@ -1,12 +0,0 @@
#ENC[AES256_GCM,data:jv29InPyPUbHfv2s,iv:2IAsI6uZGBD6b0qls3akuC1W++xiAQCJCYVUWQ+pc8I=,tag:Gr8vTMs5Ii7QKfSp5mlmJw==,type:comment]
POSTGRES_PASSWORD=ENC[AES256_GCM,data:ITO/XMQEGFKK4W1qduXoarhvmchBB45F7uwYGKRK1ZOziwnQcQ==,iv:dfzGXgrO0q6X8YNerbNALK3QRB6bjSNUJLUNPhsdxpA=,tag:E2VAqsRKHpwkufm6VrinRA==,type:str]
POSTGRES_USER=ENC[AES256_GCM,data:3pD3I2SF,iv:d8Q037umNLA+BXHSC1sdY1CSfAQF/3EvFKiiiPSNA1w=,tag:krqu/9vZ58DRxHGSSIio4g==,type:str]
POSTGRES_DB=ENC[AES256_GCM,data:rIoMmADJ,iv:f5raAiDKU9gHvBrhSotUQYZOaDaUOk8Wknw8F1cDiLs=,tag:ADiSPBMDDb8tF75sW287Dg==,type:str]
sops_age__list_0__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGblJKU2pYb25vMGVKYWoy\nM3pCd2x6OWpoODlDVXVObjUwZzh6b0tQbTI0ClNqQXNtQ2NQUGp4ZXV5T21qQWJa\nWUVTODBPN2tCVk5tOGtQTjlMbDQ2eTgKLS0tIExUSER4WmYvdUs4YWZDTklVdDNy\nMnhMeGNOcFJOR3dGUWNQUXcvbS92ejgK85ws6RC8PqiAWIFAPl+5dzOuwiHH8+OO\nXMqB+K8L4NhM2OKIrde3TqrQ9PS1PhipBd7DT2uLWavttIWZriykmg==\n-----END AGE ENCRYPTED FILE-----\n
sops_age__list_0__map_recipient=age1gudgza8lv02nwec0pejqpp5t7zu0tzjsfkmvgvy3ckfscr9f4qrq2sl5dv
sops_age__list_1__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwSVVQUktzZWQzeXh3eGNM\nR1BRZU9LV2t6ZHRta0dPRjlXVTMvNDNKakZzCjF3a0l4cnNmOXNzTWZkSkxRSytW\nSE9Ra2N4RGJFbGlDSVpRaWFReU16c2MKLS0tIGltTmZXVytZZURVODB3ZzBIQWov\nSTlUZzNBQ1B5M0w0N2ExUEVxSFVMSVUKbLxDZB7Xe9ksiN4M+6/127qJMi4oRrNS\nhzq9ely/rr1Gdq2wXNLE9xn6j4v4j978K6ZajrYofzdIdfyNC4x9kQ==\n-----END AGE ENCRYPTED FILE-----\n
sops_age__list_1__map_recipient=age1qcjcwh9tq8pzf2yr7m3hm2n3n3y5rlc30fpkr0eytju9w57ucgcsgcy79d
sops_lastmodified=2024-09-25T21:31:27Z
sops_mac=ENC[AES256_GCM,data:8B0D8MPrNuH9I2EUEnOXmj5KELY4KvEQCLifF5ktZXoz9y6lxYAAC8NFR0aHO38Gy54Jgs3URf6BiI+9zFVq13CHAwu7b9VRpTdYoWYVVf0FO/J5k4JzVyawxiSGg1Yz6jXODqiKiGBfoJr8w579lKcw3aQAakzCsk5hRcnHdGs=,iv:Iv8QdtUAEUegyRHltFHHyLv5CDSiiqzCfbKc28/nu98=,tag:Oc/wTq9VkM3tEQ/Finiw4g==,type:str]
sops_unencrypted_suffix=_unencrypted
sops_version=3.9.0

14
secrets/duckdns.service.env
View file

@ -1,14 +0,0 @@
PUID=ENC[AES256_GCM,data:bNWr3Q==,iv:zUEGwd7ZNy/sfGmrT8bHVfkb7Zybe6s7NNPkCCn2dns=,tag:TyyuF28Ln4lk2StiP4tyNA==,type:str]
PGID=ENC[AES256_GCM,data:gqFIzA==,iv:Z14/YwAjpS9JUlpXQa2oNGnAGviqQ8Kx+zv/qdyEm8k=,tag:cGjR7py6dpIJSCot4mrwoA==,type:str]
TZ=ENC[AES256_GCM,data:k5lFLLVfAb9e9Dx76w==,iv:XPxFw5O8PtfV2YRWdVowvF7kPc8ZLDyppL6V5Ni33vk=,tag:xuHTleOmEpwwK35hlZXBrw==,type:str]
SUBDOMAINS=ENC[AES256_GCM,data:/S9njZeMpg5If3DXnAosflsq,iv:+27weaPfYLPo07J+kQiJrmmPYRUjiNKOy0tEhEMx9GA=,tag:kF+eaUveyoAqKwWr/eb7hg==,type:str]
TOKEN=ENC[AES256_GCM,data:cVFxL3rtKl9Qr7BoAkd4p2wMRF4uK4lXAq7Z25tbPRzeo25R,iv:IKIh4KTRhPECn35rRVhDoHMMKdKNBOmr2b4K0ZsdLy0=,tag:SkiEoqeWy2/lfg/qtXynCw==,type:str]
LOG_FILE=ENC[AES256_GCM,data:QCv6hLM=,iv:vn6dedbExEliAOHx5L8UCTaxzQNCdrBlwSQIpaQIa8k=,tag:SP3ItrArT7fnHPo4aF3mTw==,type:str]
sops_age__list_0__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAwM2ozVmZFY0ZIRHhHSS93\nU0FSdGswdU0ydW1uMndJam1rVE9ibXVIQ21nCjZSMjQ4MGJuclJrN3VXNk5POWhE\nRXM3a2FjM3Y3SGozMnUxQ043MWdCZTQKLS0tIDBEQ25WalJpUTVLZ0wvK0FXK1hw\nQXhnTzEzZ2RJTldkdkVWZGJDYy9QMHMKyt6bU1cnoGGeAzo/TNEbI4JyZQW4P5Li\nNDTSEaxweY5g0UieQ8Flff/xae6GN+1yL55hWbaDqOugqvw10CWfPA==\n-----END AGE ENCRYPTED FILE-----\n
sops_age__list_0__map_recipient=age1gudgza8lv02nwec0pejqpp5t7zu0tzjsfkmvgvy3ckfscr9f4qrq2sl5dv
sops_age__list_1__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKV3RLZmQ4eXg2dzFKeGRz\nQnp5YUthbXlIb1o5RkN1ZlBLdjZlbEljdUJFCjM4T1N6SlpDNzBSd0ZnOXp6MWxW\nZ2RMTTgvNEFYRmtzRnFLSTlWdlNRTm8KLS0tIHdGWC9rZlRuTWUzOHRKaVVNSnFp\nNVQrQ2JQc3BNMlBqRnhtcURBRkxBNkUKmbcK8z+/4rJqHmmWANc3ZsmaeLWBV7v+\nXMspUQKlZaAfqtw4fKrr2ocyPoIgZlFYN9GmD0jR9tK3Nm96KxgXXA==\n-----END AGE ENCRYPTED FILE-----\n
sops_age__list_1__map_recipient=age1qcjcwh9tq8pzf2yr7m3hm2n3n3y5rlc30fpkr0eytju9w57ucgcsgcy79d
sops_lastmodified=2024-09-25T21:04:04Z
sops_mac=ENC[AES256_GCM,data:sMyMw9qUl6twGdq0J6gHqroRzzBUFK1lHd80IQtatwPp4S5ywsJpqMxEWy3qtL2+Zl1nGCOHoUgke0EBdu8H6Duj9YhDuc8RCIGIkJcDmpVameo/P9hK4pIsCHN8SRB6m2DIgViKaEJNZpFArhCAJjTfJX/8NXX1R5CWakjYCqM=,iv:KfdajXnDyKevtROuTJlswO1Wj3TxaWdASaUHSUMBIgc=,tag:HEBE+NLNm6UavU7GYxkoZA==,type:str]
sops_unencrypted_suffix=_unencrypted
sops_version=3.9.0

9
secrets/meilisearch.sharkey.service.env
View file

@ -1,9 +0,0 @@
MEILI_MASTER_KEY=ENC[AES256_GCM,data:x6pQcyzetnx5qOtPo2orzpoidwuX5rqDYe0b3yrCmxWybrwvvdFFFakksg==,iv:gNQ7XmtGAKfCfD+HGZGR59o4BRFGZptRNreP/jZHkdA=,tag:W+gKXel187H9DNo5EMjieA==,type:str]
sops_age__list_0__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBvWldsZjVhZlVMcFoyNFZN\nSDFmWWRhZzV2VkRBb0pBNkN3T2doNlE5MndrCkZuK2dNNnUrcnVQRjNjTDNXMmhV\nTGxaViszdGV1SFJ4d3hrSUJuTThqR3cKLS0tIFdhcUxObzVLS0MvK0N4bWJROHJP\na2M4clcxeC9LajFLb1Irb1hHT1pRQWsK09rv5ucOcmEUzTswOfcG5uyDkXtFSvNH\nldT7e/JgoA0BjJQRuCrfeHQUuD6bnLxQVORilvQVaLQXxR84kfo4lQ==\n-----END AGE ENCRYPTED FILE-----\n
sops_age__list_0__map_recipient=age1gudgza8lv02nwec0pejqpp5t7zu0tzjsfkmvgvy3ckfscr9f4qrq2sl5dv
sops_age__list_1__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB5akFIYmh1TzZVbFpwbTVM\nMVJDekMvbmVHT3NSaGkyMWhla3hUNXRlUW1jCnl4ZE9BZUFla1hzb0dJMC8yRlJP\nYVNHTEovLzR4SUlkdWRMU3ZjSlA1eEUKLS0tIGZxMlN5aTlZNHVHbHJwNVFyaDRw\nSG5kYVlkYjVDYk95OXNQSHNMZ3lycncKH0AwvzUQBFBj4buwQx9jnndqxglREShg\nlLiPc/PUVwS9DRGiEJufZkjD2HFxJvFQ1T0zF566WT4/ngBQAHoBIQ==\n-----END AGE ENCRYPTED FILE-----\n
sops_age__list_1__map_recipient=age1qcjcwh9tq8pzf2yr7m3hm2n3n3y5rlc30fpkr0eytju9w57ucgcsgcy79d
sops_lastmodified=2024-09-25T21:32:09Z
sops_mac=ENC[AES256_GCM,data:UkvrlEp84kHeSipyJHpiTCa/jGNBN+hUw6q7QrZCpWGi+8b7k0tksf+L4JSu8xMf3D9OWChGrLEs3qwlSIzkDdiLvY95BnaAPteUGoua/YbEn1P4TSErkPoTjC5m1KkWLhUekTuSD+G3ApNZhWaiL4r2YmH8WMByKBviau//BlQ=,iv:SS4kr1gFMqtzJ4Z9PURxLNUI+e8wsk3tUnopwUQIUFc=,tag:vJ/6xLwYXaATjFw6RNiNVg==,type:str]
sops_unencrypted_suffix=_unencrypted
sops_version=3.9.0

10
secrets/vaultwarden.service.env
View file

@ -1,10 +0,0 @@
DOMAIN=ENC[AES256_GCM,data:fgj4eDoC6bV2Ad4FdWnM5CP1Aap8fTr+7wo=,iv:FC3Q4BCF5LtfxvC+eLvTPjgPLQycSGhmDOzempv8Pis=,tag:hjQSBEbTKxfqa7sZfMcfRw==,type:str]
SIGNUPS_ALLOWED=ENC[AES256_GCM,data:kxm/EsQ=,iv:DKBcrtaX0DZjD6XmnKc96vXee0e5AyGl7/K/DRACCHc=,tag:z5hgIwt/rnHq4I21/4wP4A==,type:str]
sops_age__list_0__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB5elVvTExZd0VNTmk4S2ZC\nLzNwbVNUbCsvRHFycjlMUEk0cTlVSEVldnpBCkpwNkwyZThrTWFjdEQxaHJlUDFY\nc0hDNyswbVZNNjJMRHZIY0FPZHdRcm8KLS0tIE9pWjZiVWFDclpxM1hIcnpZcFdq\nbWdueDUyd2I5Y0ZFWEZuN1Y0aXRHV28KCGJWVGEyr/3/14FM8I8KLMziD00DyGWw\neUcyJb8J/151C11Mbm/llic1mC1LlX4oBhtew+IvLTZk6Pf7yhXPnQ==\n-----END AGE ENCRYPTED FILE-----\n
sops_age__list_0__map_recipient=age1gudgza8lv02nwec0pejqpp5t7zu0tzjsfkmvgvy3ckfscr9f4qrq2sl5dv
sops_age__list_1__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBvNzgwUEI1U0x3Q3A4TSts\nbDVoTEM4cTZ5elJNSUpHeU1lbXNFQW5ZT1R3CjhITWRtcUdSc21oWStqMG9Dd1lE\nZmtOaFZkWW9kL1grVFJHVTJ2S3piOXcKLS0tIEFlU0ZFbU9OTENnU3BDdW1rWVBY\nZTlvZ1oyS3JqWEZ5MW44d2pjOHo4QVEKDWsEI68gTJKDDGnqHULG59bz318sEGlv\nInS+dPk9j2/M+YrGDm4v54t2DvAuFwzGjOnmDD6gQYdGXir6D/FNkA==\n-----END AGE ENCRYPTED FILE-----\n
sops_age__list_1__map_recipient=age1qcjcwh9tq8pzf2yr7m3hm2n3n3y5rlc30fpkr0eytju9w57ucgcsgcy79d
sops_lastmodified=2024-09-23T22:30:20Z
sops_mac=ENC[AES256_GCM,data:yBlsJiUnlqLZmHU8xVma8yGC8AzIEqq2X/U+oVwq16eqly4Dd3jJLYz5WLnGnu0i92ge0DcWK3rkiRoz9cg4EsOJ1zR3fzGhNFg6fRoh3qXTo2BP2WywPBUPoe4pdJrp2h6BD/xleI1f5jeP/z4uos4yt0Z5xpBI7um9/A/doNU=,iv:LW1i3ZN6WWtzc6WweqBnXF2uwsYnT/UD5HFmwmmcmQI=,tag:bHL3Dh2j3uT7Ey70crQ5pw==,type:str]
sops_unencrypted_suffix=_unencrypted
sops_version=3.9.0

86
systems/x86_64-linux/absolutesolver/default.nix
View file

@ -1,86 +0,0 @@
{
lib,
pkgs,
inputs,
namespace,
...
}: with lib; with lib.${namespace};
{
imports = [
./hardware-configuration.nix
inputs.hardware.nixosModules.common-pc-laptop
inputs.hardware.nixosModules.common-cpu-intel
inputs.hardware.nixosModules.common-pc-laptop-ssd
];
# Setup Sops
sops.defaultSopsFile = lib.snowfall.fs.get-file "secrets/default.yaml";
sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
sops.age.keyFile = "/var/lib/sops-nix/key.txt";
sops.age.generateKey = true;
# Sops keys
sops.secrets."services/cloudflare/api_key" = {};
# Set hostname
# Todo: move to common/networking module
networking.hostName = "absolutesolver";
# Set timezone.
time.timeZone = "Europe/Berlin";
# Enable docker and set it as the OCI container backend
virtualisation = {
docker.enable = true;
oci-containers.backend = "docker";
};
# Set system configuration
puzzlevision = {
archetypes.server.enable = true;
services = {
traefik = {
enable = true;
cloudflareEmail = "johannesreckers2006@gmail.com";
};
vaultwarden.enable = true;
homepage.enable = true;
duckdns.enable = true;
bluesky.pds.enable = true;
};
};
services.cron = {
enable = true;
systemCronJobs = [
"*/5 * * * * cyn docker exec -u www-data nextcloud-nextcloud-1 php /var/www/html/cron.php"
"*/15 * * * * cyn docker exec -u www-data nextcloud-nextcloud-1 php /var/www/nextcloud/occ preview:pre-generate"
#"*/30 * * * * cyn /home/jo/tools/FediFetcher/FediFetcher.sh"
];
};
# Configure users.
snowfallorg.users.cyn.admin = true;
users.users.cyn.isNormalUser = true;
users.users.cyn.extraGroups = [ "dialout" "docker" ];
# Configure home-manager
home-manager = {
backupFileExtension = "homeManagerBackup";
};
# Install required system packages
environment.systemPackages = with pkgs; [
### General
nano
vim
## Runtimes
nodejs_22
bun
];
system.stateVersion = "24.05";
}

42
systems/x86_64-linux/absolutesolver/hardware-configuration.nix
View file

@ -1,42 +0,0 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usbhid" "sd_mod" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "/dev/disk/by-uuid/3e3d6676-2bd6-44df-a8a7-c5e7647c4e95";
fsType = "btrfs";
options = [ "subvol=@" ];
};
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/1C8C-F906";
fsType = "vfat";
options = [ "fmask=0077" "dmask=0077" ];
};
swapDevices =
[ { device = "/dev/disk/by-uuid/b99e9370-10f7-4589-b7a2-59a256d75926"; }
];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.enp1s0.useDHCP = lib.mkDefault true;
# networking.interfaces.wlp2s0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

92
systems/x86_64-linux/puzzlevision/default.nix
View file

@ -1,92 +0,0 @@
{
lib,
pkgs,
inputs,
namespace,
config,
system,
...
}: with lib; with lib.${namespace};
{
imports = [
./hardware-configuration.nix
inputs.hardware.nixosModules.common-pc-laptop
inputs.hardware.nixosModules.common-cpu-intel
inputs.hardware.nixosModules.common-pc-laptop-ssd
];
# Configure Sops
sops.defaultSopsFile = lib.snowfall.fs.get-file "secrets/default.yaml";
sops.age.keyFile = "/var/lib/sops-nix/key.txt"; # The main AGE key is expected in this location, it is only needed for this system.
# Sops keys
sops.secrets."user/jo/password_hash".neededForUsers = true;
# Set hostname
# Todo: move to common/networking module
networking.hostName = "puzzlevision";
boot = {
# Configure additional kernel modules.
extraModulePackages = [
pkgs.linuxPackages_latest.rtl8821ce # Use custom network-card driver.
];
blacklistedKernelModules = [
"rtw88_8821ce" # Block the default network-card driver.
];
};
# Set timezone.
time.timeZone = "Europe/Berlin";
# Enable the power-profiles-daemon service for improved battery management.
services.power-profiles-daemon.enable = true;
# Enable printing.
services.printing.enable = true;
# Enable docker
virtualisation.docker.enable = true;
# Set system configuration
puzzlevision = {
archetypes.workstation.enable = true;
security.yubikey = {
enable = true;
enable-agent = true;
};
};
# Enable flatpak support.
services.flatpak.enable = true;
# Set trusted users (Primarily used for cachix)
nix.settings.trusted-users = [ "root" "jo" ];
# Configure users.
snowfallorg.users.jo.admin = true;
users.users.jo.isNormalUser = true;
users.users.jo.extraGroups = [ "dialout" "docker" ];
users.users.jo.hashedPasswordFile = config.sops.secrets."user/jo/password_hash".path;
# Configure home-manager
home-manager = {
backupFileExtension = "homeManagerBackup";
};
# Provide users with some sane default packages.
environment.systemPackages = with pkgs; [
### General
nano
inputs.zen-browser.packages."${system}".default
inputs.ghostty.packages.x86_64-linux.default
vlc
## Security
pinentry-tty
gnupg
];
system.stateVersion = "23.05";
}

52
systems/x86_64-linux/puzzlevision/hardware-configuration.nix
View file

@ -1,52 +0,0 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "xhci_pci" "vmd" "nvme" "usbhid" "rtsx_pci_sdmmc" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "/dev/disk/by-uuid/864b1287-89fd-4cc0-98a5-40a3caf804c6";
fsType = "btrfs";
options = [ "subvol=@" ];
};
boot.initrd.luks.devices."luks-5fd4fc76-d5c5-46c3-b952-1a7a7ff3a1fc".device = "/dev/disk/by-uuid/5fd4fc76-d5c5-46c3-b952-1a7a7ff3a1fc";
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/2429-4141";
fsType = "vfat";
options = [ "fmask=0022" "dmask=0022" ];
};
swapDevices = [ ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.br-01571e4eda2f.useDHCP = lib.mkDefault true;
# networking.interfaces.br-20785fae249b.useDHCP = lib.mkDefault true;
# networking.interfaces.br-64a49a5722c1.useDHCP = lib.mkDefault true;
# networking.interfaces.br-71e5fc5962fc.useDHCP = lib.mkDefault true;
# networking.interfaces.br-7df9905783da.useDHCP = lib.mkDefault true;
# networking.interfaces.br-9b746f4e7e2f.useDHCP = lib.mkDefault true;
# networking.interfaces.br-e2f470a56dfe.useDHCP = lib.mkDefault true;
# networking.interfaces.docker0.useDHCP = lib.mkDefault true;
# networking.interfaces.enp0s13f0u4u4.useDHCP = lib.mkDefault true;
# networking.interfaces.veth4e96b46.useDHCP = lib.mkDefault true;
# networking.interfaces.veth96a5ccd.useDHCP = lib.mkDefault true;
# networking.interfaces.wlo1.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}