diff --git a/.envrc b/.envrc new file mode 100644 index 00000000..3550a30f --- /dev/null +++ b/.envrc @@ -0,0 +1 @@ +use flake diff --git a/.gitignore b/.gitignore index 13b89b03..71b27799 100644 --- a/.gitignore +++ b/.gitignore @@ -22,3 +22,5 @@ tags tags.lock tags.temp +.direnv +.env diff --git a/README.md b/README.md index 4c1cdfab..83e3141e 100644 --- a/README.md +++ b/README.md @@ -15,7 +15,7 @@ The structure of this repository is meant to allow easy manual deployment. Individual hosts are defined in `/machines/` and will import re-usable parts of the configuration as needed. -Deployment is managed with [lollypops](https://github.com/pinpox/lollypops) +Deployment and management is done with [clan](https://clan.lol). Secrets are stored in [pass](https://www.passwordstore.org/). **TL;DR** To use a host configuration on a fresh install, make sure that: @@ -62,12 +62,6 @@ The services running on each host are documented in the host-specific # Deployment -## Default Deployment - -Deployment is handled with [lollypops](https://github.com/pinpox/lollypops). - -TODO Update/document - ## First Deployment If the system has not been configured to use flakes (e.g. fresh install), the diff --git a/flake.lock b/flake.lock index b0c7914e..705392d3 100644 --- a/flake.lock +++ b/flake.lock @@ -64,18 +64,65 @@ "type": "github" } }, + "clan-core": { + "inputs": { + "disko": "disko", + "flake-parts": "flake-parts", + "nixos-facter-modules": "nixos-facter-modules", + "nixpkgs": [ + "nixpkgs" + ], + "sops-nix": "sops-nix", + "systems": "systems_2", + "treefmt-nix": "treefmt-nix" + }, + "locked": { + "lastModified": 1740461509, + "narHash": "sha256-qB4AFHxdk/QmviT9cLCxOGTgMsvujlVMX470M1lRqP4=", + "ref": "refs/heads/main", + "rev": "b87768d44a518b29c7db76061cddffde499e23fe", + "revCount": 5717, + "type": "git", + "url": "https://git.clan.lol/clan/clan-core" + }, + "original": { + "type": "git", + "url": "https://git.clan.lol/clan/clan-core" + } + }, "disko": { "inputs": { "nixpkgs": [ + "clan-core", "nixpkgs" ] }, "locked": { - "lastModified": 1734088167, - "narHash": "sha256-snPBgTqwn3FPZVdFC5yt7Bnk3squim1vZOZ8CObWykk=", + "lastModified": 1739634831, + "narHash": "sha256-xFnU+uUl48Icas2wPQ+ZzlL2O3n8f6J2LrzNK9f2nng=", "owner": "nix-community", "repo": "disko", - "rev": "65a441502c9382d41ada1adbc9bd31d6c9b00fe2", + "rev": "fa5746ecea1772cf59b3f34c5816ab3531478142", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "disko", + "type": "github" + } + }, + "disko_2": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1736864502, + "narHash": "sha256-ItkIZyebGvNH2dK9jVGzJHGPtb6BSWLN8Gmef16NeY0=", + "owner": "nix-community", + "repo": "disko", + "rev": "0141aabed359f063de7413f80d906e1d98c0c123", "type": "github" }, "original": { @@ -102,6 +149,27 @@ } }, "flake-parts": { + "inputs": { + "nixpkgs-lib": [ + "clan-core", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1738453229, + "narHash": "sha256-7H9XgNiGLKN1G1CgRh0vUL4AheZSYzPm+zmZ7vxbJdo=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "32ea77a06711b758da0ad9bd6a844c5740a87abd", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, + "flake-parts_2": { "inputs": { "nixpkgs-lib": [ "nur", @@ -142,7 +210,7 @@ }, "flake-utils_2": { "inputs": { - "systems": "systems_2" + "systems": "systems_3" }, "locked": { "lastModified": 1710146030, @@ -160,7 +228,7 @@ }, "flake-utils_3": { "inputs": { - "systems": "systems_3" + "systems": "systems_4" }, "locked": { "lastModified": 1692799911, @@ -193,7 +261,7 @@ }, "flake-utils_5": { "inputs": { - "systems": "systems_5" + "systems": "systems_6" }, "locked": { "lastModified": 1705309234, @@ -212,11 +280,11 @@ "forgit": { "flake": false, "locked": { - "lastModified": 1734830319, - "narHash": "sha256-x+Y1o+K6I9DWbn202jNAr40vS71ZAXbS7ztsH+bPGBI=", + "lastModified": 1740402546, + "narHash": "sha256-wYCuCxPv3HGEGaze/+an6ZprCtXu5ThsTCwaIquEy3Y=", "owner": "wfxr", "repo": "forgit", - "rev": "df5191157f552abee3176e0ff760f42bd4cc6d6d", + "rev": "18f1a1e0c3c1d7fddb9161786f61d2c538c5341c", "type": "github" }, "original": { @@ -252,11 +320,11 @@ ] }, "locked": { - "lastModified": 1736336279, - "narHash": "sha256-9Xp2X7ofKY4h39vUbd4coNambsG7Y/9axLFyTXaXOMU=", + "lastModified": 1740432748, + "narHash": "sha256-BCeFtoJ/+LrZc03viRJWHfzAqqG8gPu/ikZeurv05xs=", "owner": "nix-community", "repo": "home-manager", - "rev": "45bcdbc910dc5131943bb6f7edb156617898fd1a", + "rev": "c12dcc9b61429b2ad437a7d4974399ad8f910319", "type": "github" }, "original": { @@ -268,11 +336,11 @@ "indent-blankline-nvim-lua": { "flake": false, "locked": { - "lastModified": 1733296464, - "narHash": "sha256-H3lUQZDvgj3a2STYeMUDiOYPe7rfsy08tJ4SlDd+LuE=", + "lastModified": 1737369467, + "narHash": "sha256-0+boInVEzS2myYil/l+frs8PAa/2eJcVTyXnEk6TGvI=", "owner": "lukas-reineke", "repo": "indent-blankline.nvim", - "rev": "259357fa4097e232730341fa60988087d189193a", + "rev": "e10626f7fcd51ccd56d7ffc00883ba7e0aa28f78", "type": "github" }, "original": { @@ -281,6 +349,26 @@ "type": "github" } }, + "jitsi-matrix-presence": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1737894973, + "narHash": "sha256-a9uJXhH9oFfZOlm3opTxCcZbV3RzaAtYbODMl4aXiDg=", + "owner": "pinpox", + "repo": "jitsi-matrix-presence", + "rev": "046069e9d3ab35716f0938d7d9dda62062dc498b", + "type": "github" + }, + "original": { + "owner": "pinpox", + "repo": "jitsi-matrix-presence", + "type": "github" + } + }, "krops": { "flake": false, "locked": { @@ -369,11 +457,11 @@ ] }, "locked": { - "lastModified": 1736269059, - "narHash": "sha256-VaZlkrcfZOl85fz3o+GnNv+FkMG4RtnZA1eVa6v2TJs=", + "lastModified": 1739824009, + "narHash": "sha256-fcNrCMUWVLMG3gKC5M9CBqVOAnJtyRvGPxptQFl5mVg=", "owner": "nix-community", "repo": "naersk", - "rev": "38a563a865a0218d9f30f14333327aafc40eea75", + "rev": "e5130d37369bfa600144c2424270c96f0ef0e11d", "type": "github" }, "original": { @@ -407,13 +495,48 @@ "type": "github" } }, + "nix-index-database": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1740281615, + "narHash": "sha256-dZWcbAQ1sF8oVv+zjSKkPVY0ebwENQEkz5vc6muXbKY=", + "owner": "nix-community", + "repo": "nix-index-database", + "rev": "465792533d03e6bb9dc849d58ab9d5e31fac9023", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nix-index-database", + "type": "github" + } + }, + "nixos-facter-modules": { + "locked": { + "lastModified": 1738752252, + "narHash": "sha256-/nA3tDdp/2g0FBy8966ppC2WDoyXtUWaHkZWL+N3ZKc=", + "owner": "numtide", + "repo": "nixos-facter-modules", + "rev": "60f8b8f3f99667de6a493a44375e5506bf0c48b1", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "nixos-facter-modules", + "type": "github" + } + }, "nixos-hardware": { "locked": { - "lastModified": 1736283893, - "narHash": "sha256-BG1FfTexFwNty5VhYjaQLMR6CMPfI3QRcaZrFQYu2EM=", + "lastModified": 1740387674, + "narHash": "sha256-pGk/aA0EBvI6o4DeuZsr05Ig/r4uMlSaf5EWUZEWM10=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "4f339f6be2b61662f957c2ee9eda0fa597d8a6d6", + "rev": "d58f642ddb23320965b27beb0beba7236e9117b5", "type": "github" }, "original": { @@ -425,11 +548,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1736012469, - "narHash": "sha256-/qlNWm/IEVVH7GfgAIyP6EsVZI6zjAx1cV5zNyrs+rI=", + "lastModified": 1740367490, + "narHash": "sha256-WGaHVAjcrv+Cun7zPlI41SerRtfknGQap281+AakSAw=", "owner": "nixos", "repo": "nixpkgs", - "rev": "8f3e1f807051e32d8c95cd12b9b421623850a34d", + "rev": "0196c0175e9191c474c26ab5548db27ef5d34b05", "type": "github" }, "original": { @@ -441,11 +564,11 @@ }, "nixpkgs-master": { "locked": { - "lastModified": 1736348064, - "narHash": "sha256-if5MiqGTiRFgbtVZT8D0i9dIrmd+GSglQIQk6Sy7zLw=", + "lastModified": 1740465732, + "narHash": "sha256-uz5JGTM7MLHG/oewCOJKglQMCsIOR2NPGKvj+hTy9Pk=", "owner": "nixos", "repo": "nixpkgs", - "rev": "8a3e14e082b0b40f29778c077b6c23857e614bdb", + "rev": "21b547670c16b105418f480c9a289f1394d06c16", "type": "github" }, "original": { @@ -457,11 +580,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1736012469, - "narHash": "sha256-/qlNWm/IEVVH7GfgAIyP6EsVZI6zjAx1cV5zNyrs+rI=", + "lastModified": 1740367490, + "narHash": "sha256-WGaHVAjcrv+Cun7zPlI41SerRtfknGQap281+AakSAw=", "owner": "nixos", "repo": "nixpkgs", - "rev": "8f3e1f807051e32d8c95cd12b9b421623850a34d", + "rev": "0196c0175e9191c474c26ab5548db27ef5d34b05", "type": "github" }, "original": { @@ -473,16 +596,16 @@ }, "nur": { "inputs": { - "flake-parts": "flake-parts", + "flake-parts": "flake-parts_2", "nixpkgs": "nixpkgs_2", - "treefmt-nix": "treefmt-nix" + "treefmt-nix": "treefmt-nix_2" }, "locked": { - "lastModified": 1736347299, - "narHash": "sha256-uSYYCQoHp5J8oBjeu1PKAF3A2LMUwvT6+F10ELum2mY=", + "lastModified": 1740463875, + "narHash": "sha256-odE6iXaJW0/oSvIbqJ+GB/MF53d3XcfHnqhQe/j6eVM=", "owner": "nix-community", "repo": "NUR", - "rev": "10179cfaae2ad7ec5ae881fc2e49f94bd8a9f9b3", + "rev": "3adf3d3a2c0a4fd2e13f2c11d2718e01c795a10b", "type": "github" }, "original": { @@ -494,11 +617,11 @@ "nvim-cokeline": { "flake": false, "locked": { - "lastModified": 1720767131, - "narHash": "sha256-X++IJsKz0qE8We2/sruRiTexanJvcUFbRKoCO+C7TKU=", + "lastModified": 1737751869, + "narHash": "sha256-O0msAljyNYj4zdFBOCR43QiqHYl1e9c4MASi9MmS+R4=", "owner": "noib3", "repo": "nvim-cokeline", - "rev": "adfd1eb87e0804b6b86126e03611db6f62bb2909", + "rev": "9fbed130683b7b6f73198c09e35ba4b33f547c08", "type": "github" }, "original": { @@ -542,11 +665,11 @@ ] }, "locked": { - "lastModified": 1735401816, - "narHash": "sha256-2slxI+BydNvyKYx7RYXbg2LNqOePW4RBArGEkx6aMK8=", + "lastModified": 1738823175, + "narHash": "sha256-TCKjdUAXu5G8aUH1/wAP0PdnAv2H5cPKG1RWBG4kpo4=", "owner": "pinpox", "repo": "pinpox-neovim", - "rev": "52c110cdbb0d1f7ffcc14243210aba7a4c94cdd3", + "rev": "d5990abe0f3342b18a74c2368c53c3080a9be5e7", "type": "github" }, "original": { @@ -622,11 +745,11 @@ }, "retiolum": { "locked": { - "lastModified": 1731340814, - "narHash": "sha256-2SiSp+UV9c45FPeDUUtjiIOMgyOKYAbpO0IEEjkgb54=", + "lastModified": 1737987273, + "narHash": "sha256-WQCLoDbthUO5PcdYDBxZZQgpQbEXab50EcwChkukxN4=", "ref": "refs/heads/master", - "rev": "30c7f45de25bd35641ba09bd7bbde084804f2b61", - "revCount": 349, + "rev": "514fe96610f745435b89355822691b1961dc4857", + "revCount": 350, "type": "git", "url": "https://git.thalheim.io/Mic92/retiolum" }, @@ -640,18 +763,21 @@ "alertmanager-ntfy": "alertmanager-ntfy", "aoe-taunt-discord-bot": "aoe-taunt-discord-bot", "caddy-patched": "caddy-patched", - "disko": "disko", + "clan-core": "clan-core", + "disko": "disko_2", "flake-compat": "flake-compat", "forgit": "forgit", "go-karma-bot": "go-karma-bot", "home-manager": "home-manager", "indent-blankline-nvim-lua": "indent-blankline-nvim-lua", + "jitsi-matrix-presence": "jitsi-matrix-presence", "krops": "krops", "lollypops": "lollypops", "matrix-hook": "matrix-hook", "mc3000": "mc3000", "naersk": "naersk", "nix-apple-fonts": "nix-apple-fonts", + "nix-index-database": "nix-index-database", "nixos-hardware": "nixos-hardware", "nixpkgs": "nixpkgs", "nixpkgs-master": "nixpkgs-master", @@ -670,6 +796,28 @@ "zsh-colored-man-pages": "zsh-colored-man-pages" } }, + "sops-nix": { + "inputs": { + "nixpkgs": [ + "clan-core", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1736953253, + "narHash": "sha256-shJxzy7qypjq9hpETQ3gJsBZXO5E3KR0INca/xwiVp4=", + "owner": "pinpox", + "repo": "sops-nix", + "rev": "a7c6e64401b6dde13c0de90230cb64087c9d9693", + "type": "github" + }, + "original": { + "owner": "pinpox", + "ref": "lazy-assertions", + "repo": "sops-nix", + "type": "github" + } + }, "systems": { "locked": { "lastModified": 1681028828, @@ -745,6 +893,21 @@ "type": "github" } }, + "systems_6": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, "tfenv": { "flake": false, "locked": { @@ -762,6 +925,27 @@ } }, "treefmt-nix": { + "inputs": { + "nixpkgs": [ + "clan-core", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1739829690, + "narHash": "sha256-mL1szCeIsjh6Khn3nH2cYtwO5YXG6gBiTw1A30iGeDU=", + "owner": "numtide", + "repo": "treefmt-nix", + "rev": "3d0579f5cc93436052d94b73925b48973a104204", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "treefmt-nix", + "type": "github" + } + }, + "treefmt-nix_2": { "inputs": { "nixpkgs": [ "nur", @@ -784,7 +968,7 @@ }, "utils": { "inputs": { - "systems": "systems_4" + "systems": "systems_5" }, "locked": { "lastModified": 1705309234, diff --git a/flake.nix b/flake.nix index 2fde16af..c7a8f105 100644 --- a/flake.nix +++ b/flake.nix @@ -3,28 +3,18 @@ inputs = { - # inovex-mdm = { - # type = "gitlab"; - # host = "gitlab.inovex.de"; - # owner = "ffranzmann"; - # ref = "master"; - # repo = "mdm-linux-inventory-nix"; - # inputs.nixpkgs.follows = "nixpkgs"; - # inputs.mdm-linux-inventory.follows = "mdm-linux-inventory"; - # }; - # - # mdm-linux-inventory = { - # type = "gitlab"; - # host = "gitlab.inovex.de"; - # owner = "inovex-it-mdm"; - # ref = "main"; - # repo = "mdm-linux-inventory"; - # flake = false; - # }; + nix-index-database.url = "github:nix-community/nix-index-database"; + nix-index-database.inputs.nixpkgs.follows = "nixpkgs"; disko.url = "github:nix-community/disko/latest"; disko.inputs.nixpkgs.follows = "nixpkgs"; + jitsi-matrix-presence.url = "github:pinpox/jitsi-matrix-presence"; + jitsi-matrix-presence.inputs.nixpkgs.follows = "nixpkgs"; + + clan-core.url = "git+https://git.clan.lol/clan/clan-core"; + clan-core.inputs.nixpkgs.follows = "nixpkgs"; + caddy-patched = { url = "github:pinpox/nixos-caddy-patched"; inputs.nixpkgs.follows = "nixpkgs"; @@ -32,9 +22,9 @@ nixos-hardware.url = "github:NixOS/nixos-hardware/master"; - nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; + nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable?shallow=1"; - nixpkgs-master.url = "github:nixos/nixpkgs/master"; + nixpkgs-master.url = "github:nixos/nixpkgs/master?shallow=1"; aoe-taunt-discord-bot = { url = "github:pinpox/aoe-taunt-discord-bot"; @@ -61,10 +51,8 @@ inputs.nixpkgs.follows = "nixpkgs"; }; - lollypops = { - url = "github:pinpox/lollypops"; - inputs.nixpkgs.follows = "nixpkgs"; - }; + lollypops.url = "github:pinpox/lollypops"; + lollypops.inputs.nixpkgs.follows = "nixpkgs"; naersk.url = "github:nix-community/naersk/master"; naersk.inputs.nixpkgs.follows = "nixpkgs"; @@ -94,9 +82,7 @@ wallpaper-generator.flake = false; restic-exporter.url = "github:pinpox/restic-exporter"; - restic-exporter.inputs = { - nixpkgs.follows = "nixpkgs"; - }; + restic-exporter.inputs.nixpkgs.follows = "nixpkgs"; alertmanager-ntfy = { url = "github:pinpox/alertmanager-ntfy"; @@ -171,9 +157,72 @@ } ); + # Each subdirectory in ./machines/ is a host config. Clan + # auto-imports all machines from ./machines + clan = clan-core.lib.buildClan { + + # this needs to point at the repository root + inherit self; + + # Make inputs and the flake itself accessible as module parameters. + # Technically, adding the inputs is redundant as they can be also + # accessed with flake-self.inputs.X, but adding them individually + # allows to only pass what is needed to each module. + specialArgs = { + flake-self = self; + } // inputs; + inventory.meta.name = "pinpox-clan"; + + inventory.services = { + /* + restic.clan-backup = { + + # TODO Check only one or 0 server + roles.server.machines = [ "birne" ]; #OK + # roles.server.machines = [ ]; #OK + # roles.server.machines = [ "birne" "other" ]; # Should error + + roles.server.config.directory = "/var/lib/restic"; + + roles.client.machines = [ + "kfbox" + "ahorn" + ]; + + roles.client.config."test" = { + + # If externalDestination is set, we ignore other targets + # externalDestination = "s3:https://s3.us-east-005.backblazeb2.com/pinpox-restic-clan"; + + # Will be ignored, no backup to birne + targetIp = "192.168.7.2"; + }; + }; + */ + + importer.default = { + roles.default.tags = [ "all" ]; + # import all modules from ./modules/ everywhere + roles.default.extraModules = [ + + # Clan modules deployed on all machines + clan-core.clanModules.state-version + + ] ++ (map (m: "modules/${m}") (builtins.attrNames self.nixosModules)); + }; + }; + }; in { + devShells = forAllSystems ( + system: with nixpkgsFor.${system}; { + default = pkgs.mkShell { + packages = [ clan-core.packages.${system}.clan-cli ]; + }; + } + ); + apps = forAllSystems (system: { # For testing: # nix flake update --override-input lollypops ../lollypops @@ -192,7 +241,7 @@ fritzbox_exporter mqtt2prometheus smartmon-script - woodpecker-pipeline + # woodpecker-pipeline manual tfenv ; @@ -207,9 +256,8 @@ # Use nixpkgs-fmt for 'nix fmt' formatter.x86_64-linux = nixpkgs.legacyPackages.x86_64-linux.nixfmt-rfc-style; - # Output all modules in ./modules to flake. Modules should be in - # individual subdirectories and contain a default.nix file - + # Output all modules in ./modules/ to flake. Modules should be in + # individual subdirectories and contain a default.nix file. # Each subdirectory in ./modules/ is a nixos module nixosModules = builtins.listToAttrs ( map (name: { @@ -218,29 +266,9 @@ }) (builtins.attrNames (builtins.readDir ./modules)) ); - # Each subdirectory in ./machines/ is a host config - nixosConfigurations = builtins.listToAttrs ( - map (name: { - inherit name; - value = nixpkgs.lib.nixosSystem { - - # Make inputs and the flake itself accessible as module parameters. - # Technically, adding the inputs is redundant as they can be also - # accessed with flake-self.inputs.X, but adding them individually - # allows to only pass what is needed to each module. - specialArgs = { - flake-self = self; - } // inputs; - - system = "x86_64-linux"; - - modules = [ - (./machines + "/${name}/configuration.nix") - { imports = builtins.attrValues self.nixosModules; } - ]; - }; - }) (builtins.attrNames (builtins.readDir ./machines)) - ); + nixosConfigurations = clan.nixosConfigurations; + + inherit (clan) clanInternals; # Each subdirectory in ./home-manager/profiles/ is a # home-manager profile diff --git a/home-manager/modules/audio-recording/default.nix b/home-manager/modules/audio-recording/default.nix index aa077e29..f128d72b 100644 --- a/home-manager/modules/audio-recording/default.nix +++ b/home-manager/modules/audio-recording/default.nix @@ -29,7 +29,8 @@ in # pw-metadata -n settings 0 clock.force-quantum 1024 # pw-metadata -n settings 0 clock.force-rate 96000 - options.pinpox.defaults.audio-recording.enable = mkEnableOption "audio production setup (DAW and plugins)"; + options.pinpox.defaults.audio-recording.enable = + mkEnableOption "audio production setup (DAW and plugins)"; config = mkIf cfg.enable { diff --git a/home-manager/modules/firefox/default.nix b/home-manager/modules/firefox/default.nix index 11acbcca..1c5ed6bc 100644 --- a/home-manager/modules/firefox/default.nix +++ b/home-manager/modules/firefox/default.nix @@ -86,7 +86,7 @@ in }; }; - extensions = with pkgs.nur.repos.rycee.firefox-addons; [ + extensions.packages = with pkgs.nur.repos.rycee.firefox-addons; [ bitwarden darkreader web-search-navigator diff --git a/home-manager/modules/foot/default.nix b/home-manager/modules/foot/default.nix index 2f26fa13..1b12c449 100644 --- a/home-manager/modules/foot/default.nix +++ b/home-manager/modules/foot/default.nix @@ -30,9 +30,7 @@ in # dpi-aware = "yes"; # Defaults to auto }; - scrollback = { - lines = 10000; - }; + scrollback.lines = 10000; cursor = { style = "beam"; @@ -43,6 +41,8 @@ in colors = { alpha = "0.9"; + # background = "${config.pinpox.colors.White}"; + # foreground = "${config.pinpox.colors.Black}"; background = "${config.pinpox.colors.Black}"; foreground = "${config.pinpox.colors.White}"; diff --git a/home-manager/modules/gtk/banana.nix b/home-manager/modules/gtk/banana.nix new file mode 100644 index 00000000..e14a3ca5 --- /dev/null +++ b/home-manager/modules/gtk/banana.nix @@ -0,0 +1,25 @@ +{ + config, + pkgs, + ... +}: +{ + config = { + home.pointerCursor = { + name = "Banana"; + size = 32; + package = pkgs.banana-cursor; + x11.enable = true; + gtk.enable = true; + }; + + wayland.windowManager.sway.config.seat."*".xcursor_theme = + "${config.gtk.cursorTheme.name} ${toString config.gtk.cursorTheme.size}"; + + gtk.cursorTheme = { + name = "Banana"; + size = 32; + package = pkgs.banana-cursor; + }; + }; +} diff --git a/home-manager/modules/gtk/default.nix b/home-manager/modules/gtk/default.nix index 8afc91f6..94500d68 100644 --- a/home-manager/modules/gtk/default.nix +++ b/home-manager/modules/gtk/default.nix @@ -64,6 +64,8 @@ in { options.pinpox.defaults.gtk.enable = mkEnableOption "gtk defaults"; + imports = [ ./banana.nix ]; + config = mkIf cfg.enable { nixpkgs.overlays = [ @@ -128,7 +130,6 @@ in gtk3 = { extraConfig = { - gtk-cursor-theme-name = "breeze"; gtk-application-prefer-dark-theme = 1; }; }; diff --git a/home-manager/modules/i3/default.nix b/home-manager/modules/i3/default.nix index 901dfb80..c771057b 100644 --- a/home-manager/modules/i3/default.nix +++ b/home-manager/modules/i3/default.nix @@ -128,7 +128,8 @@ in lib.mkOptionDefault { "${modifier}+Shift+Escape" = "exec xkill"; - "${modifier}+p" = "exec ${pkgs.rofi}/bin/rofi -show run -lines 7 -eh 1 -bw 0 -fullscreen -padding 200"; + "${modifier}+p" = + "exec ${pkgs.rofi}/bin/rofi -show run -lines 7 -eh 1 -bw 0 -fullscreen -padding 200"; "${modifier}+Shift+p" = "exec ${pkgs.rofi-pass} -show combi -lines 7 -eh 3 -bw 0 -matching fuzzy"; "${modifier}+Shift+x" = "exec xscreensaver-command -lock"; "${modifier}+Shift+Tab" = "workspace prev"; diff --git a/home-manager/modules/nvim/default.nix b/home-manager/modules/nvim/default.nix index 0e61aeb6..a4c83ce3 100644 --- a/home-manager/modules/nvim/default.nix +++ b/home-manager/modules/nvim/default.nix @@ -2,7 +2,7 @@ config, pkgs, lib, - utils, + pinpox-utils, ... }: @@ -22,7 +22,7 @@ in enable = true; configFile.nixcolors-lua = { target = "nvim/lua/nixcolors.lua"; - source = utils.renderMustache "nixcolors.lua" ./nixcolors.lua.mustache config.pinpox.colors; + source = pinpox-utils.renderMustache "nixcolors.lua" ./nixcolors.lua.mustache config.pinpox.colors; }; }; diff --git a/home-manager/modules/obs-studio/default.nix b/home-manager/modules/obs-studio/default.nix index 9429ed88..922380db 100644 --- a/home-manager/modules/obs-studio/default.nix +++ b/home-manager/modules/obs-studio/default.nix @@ -34,7 +34,10 @@ in enable = true; plugins = with pkgs.obs-studio-plugins; [ obs-pipewire-audio-capture - droidcam-obs + + # TODO add droidcam-obs again when https://github.com/NixOS/nixpkgs/pull/382559 is merged + # droidcam-obs + wlrobs # obs-vintage-filter # obs-teleport diff --git a/home-manager/modules/shell/default.nix b/home-manager/modules/shell/default.nix index f9462969..6cd8e742 100644 --- a/home-manager/modules/shell/default.nix +++ b/home-manager/modules/shell/default.nix @@ -55,11 +55,19 @@ in imports = [ ./starship.nix ./zsh.nix - # ./fish.nix + ./fish.nix ]; config = mkIf cfg.enable { + programs.direnv = { + enable = true; + enableZshIntegration = true; + nix-direnv.enable = true; + # https://direnv.net/man/direnv.toml.1.html + # config = {}; + }; + pinpox.defaults.shell.abbrev-aliases = [ # Aliases expanded only at beginning of lines @@ -105,7 +113,7 @@ in { global = true; alias = "P"; - command = "| tb"; + command = "| paste"; } ]; diff --git a/home-manager/modules/shell/fish.nix b/home-manager/modules/shell/fish.nix index f60d3cb2..d2db242c 100644 --- a/home-manager/modules/shell/fish.nix +++ b/home-manager/modules/shell/fish.nix @@ -24,7 +24,22 @@ line = ''awk "NR == $1" "$2"''; }; - # plugins = [ ]; + plugins = [ + + { + + # https://github.com/gazorby/fifc + + name = "fifc"; + src = pkgs.fetchFromGitHub { + owner = "gazorby"; + repo = "fifc"; + rev = "a01650cd432becdc6e36feeff5e8d657bd7ee84a"; + sha256 = "sha256-Ynb0Yd5EMoz7tXwqF8NNKqCGbzTZn/CwLsZRQXIAVp4="; + }; + } + + ]; shellAbbrs = { @@ -69,15 +84,9 @@ weather = "${pkgs.curl}/bin/curl -4 http://wttr.in/Koeln"; radio = "${pkgs.mpv}/bin/mpv http://lassul.us:8000/radio.ogg"; - # yotp = '' - # ${pkgs.yubikey-manager}/bin/ykman oath accounts code | \ - # ${pkgs.fzf}/bin/fzf | awk '{print $2}' | ${pkgs.xclip}/bin/xclip -sel clip - # ''; - zzz = "systemctl suspend"; serve = "${pkgs.miniserve}/bin/miniserve"; - # "nix-shell -p python38Packages.httpcore --run 'python -m http.server 8080'"; za = "${./zellij-chooser}"; diff --git a/home-manager/modules/shell/zsh.nix b/home-manager/modules/shell/zsh.nix index 2811b80c..588088d5 100644 --- a/home-manager/modules/shell/zsh.nix +++ b/home-manager/modules/shell/zsh.nix @@ -6,6 +6,9 @@ ... }: { + + programs.ranger.enable = true; + programs.zsh = { enable = true; autosuggestion.enable = true; @@ -34,7 +37,21 @@ ) config.pinpox.defaults.shell.abbrev-aliases ); in - abbrevs + builtins.readFile ./zshrc-extra; + abbrevs + + builtins.readFile ./zshrc-extra + + '' + function "="() { printf "%s\n" "$@" | ${pkgs.bc}/bin/bc } + + + function ai() { + echo "$@" | ${pkgs.shell-gpt}/bin/sgpt + } + + function aip() { + wl-paste | ${pkgs.shell-gpt}/bin/sgpt + } + + ''; history = { expireDuplicatesFirst = true; @@ -47,7 +64,8 @@ # Allows addressing directorys by shortname, e.g. `cd ~notes` docs = "$HOME/Documents"; notes = "$HOME/Notes"; - ma = "$HOME/Documents/Info-Master-Hagen/masterarbeit"; + downloads = "$HOME/Downloads"; + nix-config = "/home/pinpox/code/github.com/pinpox/nixos"; }; shellAliases = rec { @@ -61,6 +79,9 @@ la = "${ls} -lbhHigmuSa@ --time-style=long-iso --git --color-scale --icons"; lt = "${ls} --tree --level=2 --icons"; + nb = "nix build --no-link --print-out-paths -L"; + ne = "nix eval --strict --json"; + # Git gs = "${pkgs.git}/bin/git status"; diff --git a/home-manager/modules/shell/zshrc-extra b/home-manager/modules/shell/zshrc-extra index ac2e8d5a..de0aee26 100644 --- a/home-manager/modules/shell/zshrc-extra +++ b/home-manager/modules/shell/zshrc-extra @@ -10,10 +10,6 @@ ttake () { cd $(mktemp -d) } # Use `line 10 /etc/hosts` to get 10th line of file line () { awk "NR == $1" "$2" } -waster() { - jq -Rns '{text: inputs}' | curl -s -H 'Content-Type: application/json' \ - --data-binary @- https://paste.0cx.de | jq -r '. | "https://paste.0cx.de\(.path)"' - } # Bind up and down keys to history matching partial input bindkey "$terminfo[kcuu1]" history-search-backward @@ -35,14 +31,15 @@ zstyle ':completion:*' list-colors ${(s.:.)LS_COLORS} # preview directory's content with eza when completing cd zstyle ':fzf-tab:complete:cd:*' fzf-preview 'eza -1 --color=always $realpath' -# Self-hosted transfer.sh sharing. Expects ~/.netrc with crendentials in this format: -# machine transfer.0cx.de login my-super-user password super-secret-password - +# Wastebin # command | paste -paste () { - cat | curl -n --upload-file - https://transfer.0cx.de/paste.txt -} +function paste() { + jq -Rns '{text: inputs}' | curl -s -H 'Content-Type: application/json' \ + --data-binary @- https://paste.0cx.de | jq -r '. | "https://paste.0cx.de\(.path)"' + } +# Self-hosted transfer.sh sharing. Expects ~/.netrc with crendentials in this format: +# machine transfer.0cx.de login my-super-user password super-secret-password # transfer file.txt transfer () { if [ $# -eq 0 ] @@ -73,3 +70,34 @@ transfer () { curl -n --progress-bar --upload-file "-" "https://transfer.0cx.de/$file_name" | tee /dev/null fi } + +function delta_sidebyside { + if [[ COLUMNS -ge 140 ]]; then + export DELTA_FEATURES='side-by-side' + else + export DELTA_FEATURES='' + fi +} +trap delta_sidebyside WINCH + +function ranger-cd { + tempfile=$(mktemp) + \ranger --choosedir="$tempfile" "${@:-$(pwd)}" < $TTY + test -f "$tempfile" && + if [ "$(cat -- "$tempfile")" != "$(echo -n `pwd`)" ]; then + cd -- "$(cat "$tempfile")" + fi + rm -f -- "$tempfile" +} + +function carry-ranger-cd { + ranger-cd + VISUAL=true zle edit-command-line +} + +autoload -z edit-command-line +zle -N edit-command-line + +zle -N carry-ranger-cd + +bindkey '^L' carry-ranger-cd diff --git a/home-manager/modules/sway/default.nix b/home-manager/modules/sway/default.nix index c54bd680..dde2879a 100644 --- a/home-manager/modules/sway/default.nix +++ b/home-manager/modules/sway/default.nix @@ -38,6 +38,13 @@ in wayland.windowManager.sway = { enable = true; config = rec { + + seat = { + "*" = { + xcursor_theme = "${config.gtk.cursorTheme.name} ${toString config.gtk.cursorTheme.size}"; + }; + }; + keybindings = lib.mkOptionDefault { "${modifier}+Return" = "exec ${pkgs.foot}/bin/foot"; "${modifier}+p" = "exec ${pkgs.wofi}/bin/wofi --show run"; @@ -47,13 +54,14 @@ in "${modifier}+Tab" = "focus next"; # Screen lock - "${modifier}+Shift+l" = "swaylock"; + "${modifier}+Shift+l" = "exec swaylock"; # SwayNotificationCenter "${modifier}+n" = "exec swaync-client -t -sw"; # Scratchpad - "${modifier}+u" = ''[app_id="dropdown"] scratchpad show; [app_id="dropdown"] resize set 98ppt 98ppt; [app_id="dropdown"] move position center''; + "${modifier}+u" = + ''[app_id="dropdown"] scratchpad show; [app_id="dropdown"] resize set 99ppt 98ppt; [app_id="dropdown"] move position center''; }; modifier = "Mod4"; # Win key @@ -83,7 +91,7 @@ in criteria.app_id = "dropdown"; } { - command = "resize set 98ppt 98ppt"; + command = "resize set 99ppt 98ppt"; criteria.app_id = "dropdown"; } { @@ -91,7 +99,7 @@ in criteria.app_id = "dropdown"; } { - command = "border pixel 10"; + command = "border pixel 8"; criteria.app_id = "dropdown"; } ]; diff --git a/home-manager/modules/wezterm/default.nix b/home-manager/modules/wezterm/default.nix index bd73c8d4..4b65b2f7 100644 --- a/home-manager/modules/wezterm/default.nix +++ b/home-manager/modules/wezterm/default.nix @@ -2,7 +2,7 @@ lib, pkgs, config, - utils, + pinpox-utils, ... }: with lib; @@ -26,7 +26,7 @@ in colors_lua = { target = "wezterm/colors.lua"; - source = utils.renderMustache "colors.lua" ./colors.lua.mustache config.pinpox.colors; + source = pinpox-utils.renderMustache "colors.lua" ./colors.lua.mustache config.pinpox.colors; }; wezterm_lua = { diff --git a/home-manager/modules/zellij/default.nix b/home-manager/modules/zellij/default.nix index 57948061..77aadedd 100644 --- a/home-manager/modules/zellij/default.nix +++ b/home-manager/modules/zellij/default.nix @@ -8,10 +8,16 @@ in config = mkIf cfg.enable { programs.zellij = { + enable = true; + # Don't auto-start zellij on new shells + enableZshIntegration = false; + settings = { + keybinds.unbind = "Ctrl q"; + session_serialization = false; theme = "custom"; diff --git a/home-manager/profiles/common.nix b/home-manager/profiles/common.nix index f78795fc..b1248e7b 100644 --- a/home-manager/profiles/common.nix +++ b/home-manager/profiles/common.nix @@ -40,7 +40,7 @@ with lib; # Extra arguments to pass to modules _module.args = { - utils = import ../../utils { inherit pkgs; }; + pinpox-utils = import ../../utils { inherit pkgs; }; }; # Include man-pages diff --git a/home-manager/profiles/desktop/default.nix b/home-manager/profiles/desktop/default.nix index 9967f460..801ebc7a 100644 --- a/home-manager/profiles/desktop/default.nix +++ b/home-manager/profiles/desktop/default.nix @@ -117,6 +117,16 @@ [ swaynotificationcenter + (mpv.override { + scripts = with pkgs.mpvScripts; [ + sponsorblock + quality-menu + visualizer + twitch-chat + mpris + ]; + }) + zotero # From nixpkgs diff --git a/machines/ahorn/configuration.nix b/machines/ahorn/configuration.nix index e1840721..968919c2 100644 --- a/machines/ahorn/configuration.nix +++ b/machines/ahorn/configuration.nix @@ -5,11 +5,16 @@ pkgs, lib, nixos-hardware, - # inovex-mdm, + clan-core, ... }: { + # clan.core.state.userdata.folders = [ + # "/home/pinpox/test-backup" + # "/home/pinpox/test-backup2" + # ]; + # nixpkgs.config.packageOverrides = pkgs: { # vaapiIntel = pkgs.vaapiIntel.override { enableHybridCodec = true; }; # }; @@ -22,10 +27,6 @@ # xorg.xf86videointel # ]; - networking.hosts = { - "192.168.56.107" = [ "status.fernuni" ]; - }; - services.gnome.gnome-keyring.enable = true; hardware.keyboard.qmk.enable = true; @@ -61,19 +62,11 @@ nixos-hardware.nixosModules.lenovo-thinkpad-t480s ./hardware-configuration.nix retiolum.nixosModules.retiolum - # inovex-mdm.nixosModules.default #retiolum.nixosModules.ca ]; - lollypops.secrets.files."inovex-mdm/mdm-create-token" = { }; - - # services.inovex-mdm = { - # enable = true; - # userhome = "/home/pinpox"; - # tokenFile = "${config.lollypops.secrets.files."inovex-mdm/mdm-create-token".path}"; - # screenLockTimeout = "300"; - # }; + clan.core.networking.targetHost = "ahorn"; programs.sway.enable = true; @@ -152,18 +145,6 @@ ipv6 = "42:0:3c46:519d:1696:f464:9756:8727"; }; - lollypops.extraTasks = { - - rebuild-nosecrets = { - desc = "Rebuild without deloying secrets"; - cmds = [ ]; - deps = [ - "deploy-flake" - "rebuild" - ]; - }; - }; - lollypops.secrets.files = { "retiolum/rsa_priv" = { }; "retiolum/ed25519_priv" = { }; diff --git a/machines/birne/configuration.nix b/machines/birne/configuration.nix index a73d643d..aa5fea7c 100644 --- a/machines/birne/configuration.nix +++ b/machines/birne/configuration.nix @@ -5,6 +5,8 @@ lollypops.deployment.ssh.host = "192.168.2.84"; + clan.core.networking.targetHost = "192.168.101.221"; + # The global useDHCP flag is deprecated, therefore explicitly set to false here. # Per-interface useDHCP will be mandatory in the future, so this generated config # replicates the default behaviour. @@ -13,19 +15,20 @@ # Host forwards incoming wg connections to the local network so we can reach LAN devices via wireguard. E.g. for retrieving stats directly from smart-home devices boot.kernel.sysctl."net.ipv4.ip_forward" = 1; - networking.wireguard.interfaces.wg0 = - let - iptables = "${nixpkgs.legacyPackages.x86_64-linux.iptables}/bin/iptables"; - in - { - postSetup = '' - ${iptables} -t nat -A POSTROUTING -s 192.168.7.0/24 -o eno1 -j MASQUERADE; ${iptables} -A FORWARD -i wg0 -j ACCEPT - ''; - - postShutdown = '' - ${iptables} -t nat -D POSTROUTING -s 192.168.7.0/24 -o eno1 -j MASQUERADE; ${iptables} -D FORWARD -i wg0 -j ACCEPT - ''; - }; + + # networking.wireguard.interfaces.wg0 = + # let + # iptables = "${nixpkgs.legacyPackages.x86_64-linux.iptables}/bin/iptables"; + # in + # { + # postSetup = '' + # ${iptables} -t nat -A POSTROUTING -s 192.168.7.0/24 -o eno1 -j MASQUERADE; ${iptables} -A FORWARD -i wg0 -j ACCEPT + # ''; + # + # postShutdown = '' + # ${iptables} -t nat -D POSTROUTING -s 192.168.7.0/24 -o eno1 -j MASQUERADE; ${iptables} -D FORWARD -i wg0 -j ACCEPT + # ''; + # }; pinpox = { diff --git a/machines/kfbox/configuration.nix b/machines/kfbox/configuration.nix index b2e16181..0693855f 100644 --- a/machines/kfbox/configuration.nix +++ b/machines/kfbox/configuration.nix @@ -5,9 +5,12 @@ mc3000, pkgs, retiolum, - radio, + lib, ... }: +let + pinpox-utils = import ../../utils { inherit pkgs lib; }; +in { lollypops.deployment.deploy-method = "archive"; @@ -69,6 +72,7 @@ }; lollypops.deployment.ssh.host = "46.38.242.17"; + clan.core.networking.targetHost = "46.38.242.17"; services.logind.extraConfig = '' RuntimeDirectorySize=20G @@ -95,6 +99,14 @@ }; # Karmabot for IRC channel + + clan.core.vars.generators."go-karma-bot" = pinpox-utils.mkEnvGenerator [ + "IRC_BOT_SERVER" + "IRC_BOT_CHANNEL" + "IRC_BOT_NICK" + "IRC_BOT_PASS" + ]; + lollypops.secrets.files."go-karma-bot/envfile" = { }; services.go-karma-bot.environmentFile = config.lollypops.secrets.files."go-karma-bot/envfile".path; services.go-karma-bot.enable = true; @@ -134,6 +146,7 @@ }; radio.enable = true; + jitsi-matrix-presence.enable = true; hedgedoc.enable = true; screego.enable = true; miniflux.enable = true; @@ -141,7 +154,7 @@ kf-homepage.enable = true; gitea.enable = true; owncast.enable = false; - vikunja.enable = true; + vikunja.enable = false; wastebin.enable = true; }; @@ -208,7 +221,10 @@ "photos-api.0cx.de".extraConfig = "reverse_proxy 127.0.0.1:8080"; - "paste.0cx.de".extraConfig = "reverse_proxy ${config.services.wastebin.settings.WASTEBIN_ADDRESS_PORT}"; + # "matrixpresence.0cx.de".extraConfig = "reverse_proxy 127.0.0.1:8227"; + + "paste.0cx.de".extraConfig = + "reverse_proxy ${config.services.wastebin.settings.WASTEBIN_ADDRESS_PORT}"; }; }; } diff --git a/machines/limette/configuration.nix b/machines/limette/configuration.nix index 6bad1450..6952e107 100644 --- a/machines/limette/configuration.nix +++ b/machines/limette/configuration.nix @@ -2,7 +2,6 @@ pkgs, lib, nixos-hardware, - disko, ... }: { @@ -15,8 +14,6 @@ nixos-hardware.nixosModules.lenovo-thinkpad-x230 # ./hardware-configuration.nix ./disko-config.nix - disko.nixosModules.disko - ]; disko.devices.disk.main.imageSize = "40G"; diff --git a/machines/porree/configuration.nix b/machines/porree/configuration.nix index 0c89ac2c..f584ae66 100644 --- a/machines/porree/configuration.nix +++ b/machines/porree/configuration.nix @@ -26,6 +26,7 @@ }; lollypops.deployment.ssh.host = "94.16.108.229"; + clan.core.networking.targetHost = "94.16.108.229"; # Often hangs systemd.services = { diff --git a/modules/clan-common/default.nix b/modules/clan-common/default.nix new file mode 100644 index 00000000..6d833fdb --- /dev/null +++ b/modules/clan-common/default.nix @@ -0,0 +1,32 @@ +{ + config, + pkgs, + lib, + ... +}: +{ + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + + clan.core.vars.settings.secretStore = "password-store"; + clan.core.vars.settings.passBackend = "passage"; + + environment.systemPackages = [ pkgs.passage ]; + + clan.core.vars.generators."mkpasswd-generator" = { + + files.test-password = { }; + runtimeInputs = with pkgs; [ + coreutils + xkcdpass + ]; + script = '' + mkdir -p $out + xkcdpass > $out/test-password + ''; + }; + + environment.etc."test-password".source = + config.clan.core.vars.generators."mkpasswd-generator".files."test-password".path; + +} diff --git a/modules/dex/default.nix b/modules/dex/default.nix index 01371228..b15df157 100644 --- a/modules/dex/default.nix +++ b/modules/dex/default.nix @@ -18,8 +18,8 @@ in config = mkIf cfg.enable { # Reverse proxy - services.caddy.virtualHosts."${cfg.host - }".extraConfig = "reverse_proxy ${config.services.dex.settings.web.http}"; + services.caddy.virtualHosts."${cfg.host}".extraConfig = + "reverse_proxy ${config.services.dex.settings.web.http}"; # Secrets lollypops.secrets.files."dex/envfile" = { }; @@ -107,14 +107,14 @@ in redirectURIs = [ "https://${config.services.hedgedoc.settings.domain}/auth/oauth2/callback" ]; secretEnv = "CLIENT_SECRET_HEDGEDOC"; } - { - id = "vikunja"; - name = "vikunja"; - redirectURIs = [ - "${config.systemd.services.vikunja-api.environment.VIKUNJA_SERVICE_FRONTENDURL}auth/openid/dex" - ]; - secretEnv = "CLIENT_SECRET_VIKUNJA"; - } + # { + # id = "vikunja"; + # name = "vikunja"; + # redirectURIs = [ + # "${config.systemd.services.vikunja-api.environment.VIKUNJA_SERVICE_FRONTENDURL}auth/openid/dex" + # ]; + # secretEnv = "CLIENT_SECRET_VIKUNJA"; + # } ]; }; }; diff --git a/modules/filebrowser/default.nix b/modules/filebrowser/default.nix index 69cbc3a2..a04ed107 100644 --- a/modules/filebrowser/default.nix +++ b/modules/filebrowser/default.nix @@ -16,8 +16,6 @@ in config = mkIf cfg.enable { - lollypops.secrets.files."filebrowser/envfile" = { }; - # User and group users.users.filebrowser = { isSystemUser = true; @@ -36,6 +34,11 @@ in wantedBy = [ "multi-user.target" ]; after = [ "network.target" ]; description = "Start filebrowser"; + environment = { + FB_ADDRESS = "192.168.7.4"; + FB_PORT = 8787; + FB_SIGNUP = false; + }; serviceConfig = { EnvironmentFile = [ config.secrets.files."filebrowser/envfiles".path ]; # Environment = [ ]; diff --git a/modules/gitea/default.nix b/modules/gitea/default.nix index 4aa5e8d3..c58c2a1d 100644 --- a/modules/gitea/default.nix +++ b/modules/gitea/default.nix @@ -18,8 +18,8 @@ in config = mkIf cfg.enable { # Reverse proxy - services.caddy.virtualHosts."${cfg.host - }".extraConfig = "reverse_proxy ${config.services.gitea.settings.server.HTTP_ADDR}:${builtins.toString config.services.gitea.settings.server.HTTP_PORT}"; + services.caddy.virtualHosts."${cfg.host}".extraConfig = + "reverse_proxy ${config.services.gitea.settings.server.HTTP_ADDR}:${builtins.toString config.services.gitea.settings.server.HTTP_PORT}"; # Backups pinpox.services.restic-client.backup-paths-offsite = [ "/var/lib/gitea" ]; diff --git a/modules/hedgedoc/default.nix b/modules/hedgedoc/default.nix index 452213b1..46320df5 100644 --- a/modules/hedgedoc/default.nix +++ b/modules/hedgedoc/default.nix @@ -8,13 +8,17 @@ in options.pinpox.services.hedgedoc = { enable = mkEnableOption "Hedgedoc server"; }; + config = mkIf cfg.enable { # env file contains: # CMD_SESSION_SECRET # CMD_OAUTH2_CLIENT_ID # CMD_OAUTH2_CLIENT_SECRET= - lollypops.secrets.files."hedgedoc/envfile" = { }; + + clan.core.vars.generators."hedgedoc" = { + files.envfile = { }; + }; systemd.services.hedgedoc.serviceConfig.Environment = [ # Allow creating on-the-fly by url @@ -41,7 +45,9 @@ in # Create system user and group services.hedgedoc = { enable = true; - environmentFile = "${config.lollypops.secrets.files."hedgedoc/envfile".path}"; + + environmentFile = "${config.clan.core.vars.generators."hedgedoc".files."envfile".path}"; + settings = { protocolUseSSL = true; # Use https when loading assets @@ -51,7 +57,6 @@ in domain = "pads.0cx.de"; host = "127.0.0.1"; # port = 3000; # Default - # allowOrigin = [ "localhost" ]; # TODO not sure if neeeded debug = true; db = { diff --git a/modules/http2irc/default.nix b/modules/http2irc/default.nix index f7e10e96..cbfd380a 100644 --- a/modules/http2irc/default.nix +++ b/modules/http2irc/default.nix @@ -60,7 +60,12 @@ in name = "http2irc"; }; - lollypops.secrets.files."http2irc/envfile" = { }; + clan.core.vars.generators."http2irc" = pinpox-utils.mkEnvGenerator [ + "IRC_SASL_PASS" + "IRC_SASL_USER" + "IRC_NICK" + "IRC_BOT_TOKEN" + ]; # Service systemd.services.http2irc = { @@ -68,7 +73,9 @@ in after = [ "network.target" ]; description = "Start http2irc"; serviceConfig = { - EnvironmentFile = [ config.lollypops.secrets.files."http2irc/envfile".path ]; + EnvironmentFile = [ + config.clan.core.vars.generators.http2irc.files."envfile".path + ]; Environment = [ "IRC_TEMPLATE='${templateFile}'" "IRC_CHANNEL='#lounge-rocks'" diff --git a/modules/http2irc/test.md b/modules/http2irc/test.md deleted file mode 100644 index 937dd2a0..00000000 --- a/modules/http2irc/test.md +++ /dev/null @@ -1 +0,0 @@ -Some docs diff --git a/modules/jitsi-matrix-presence/default.nix b/modules/jitsi-matrix-presence/default.nix new file mode 100644 index 00000000..115dbcc0 --- /dev/null +++ b/modules/jitsi-matrix-presence/default.nix @@ -0,0 +1,63 @@ +{ + config, + lib, + pkgs, + jitsi-matrix-presence, + ... +}: +with lib; +let + cfg = config.pinpox.services.jitsi-matrix-presence; + pinpox-utils = import ../../utils { inherit pkgs; }; + mkPres = JITSI_ROOMS: JITSI_SERVER: ROOM_ID: port: { + + wantedBy = [ "multi-user.target" ]; + environment = { + inherit JITSI_ROOMS JITSI_SERVER ROOM_ID; + HOMESERVER_URL = "https://matrix.org"; + USER_ID = "@alertus-maximus:matrix.org"; + LISTEN_ADDRESS = "0.0.0.0:${port}"; + }; + + serviceConfig = { + EnvironmentFile = [ + config.clan.core.vars.generators."jitsi-presence".files."envfile".path + ]; + DynamicUser = true; + ExecStart = "${jitsi-matrix-presence.packages.x86_64-linux.default}/bin/jitsi-presence"; + Restart = "on-failure"; + RestartSec = "5s"; + }; + }; + +in +{ + + options.pinpox.services.jitsi-matrix-presence = { + enable = mkEnableOption "Jitsi presence notification service"; + }; + + config = mkIf cfg.enable { + + networking.firewall.allowedTCPPorts = [ + 8226 + 8227 + 8228 + ]; + + clan.core.vars.generators."jitsi-presence" = pinpox-utils.mkEnvGenerator [ "ACCESS_TOKEN" ]; + + systemd.services.jitsi-matrix-presence-krebs = + mkPres "krebs,nixos" "https://jitsi.lassul.us" "!bohcSYPVoePqBDWlvE:hackint.org" + "8226"; + + systemd.services.jitsi-matrix-presence-clan-lol = + mkPres "space,standup" "https://jitsi.clan.lol" "!HlSSgpBfhsKrEmqAtE:matrix.org" + "8228"; + + systemd.services.jitsi-matrix-presence = + mkPres "clan.lol,space" "https://jitsi.lassul.us" "!HlSSgpBfhsKrEmqAtE:matrix.org" + "8227"; + + }; +} diff --git a/modules/mattermost/default.nix b/modules/mattermost/default.nix deleted file mode 100644 index cb524180..00000000 --- a/modules/mattermost/default.nix +++ /dev/null @@ -1,77 +0,0 @@ -{ - config, - pkgs, - lib, - ... -}: -with lib; -let - cfg = config.pinpox.services.mattermost; -in -{ - - options.pinpox.services.mattermost = { - enable = mkEnableOption "Mattermost server"; - }; - - config = mkIf cfg.enable { - - services.mattermost = { - enable = true; - - siteUrl = "https://mm.0cx.de"; - listenAddress = "127.0.0.1:8065"; - - # TODO reevaluate option on fresh install - # Database was created before this option existed. Also using this - # requires to put add the password to the nix store. - localDatabaseCreate = false; - - extraConfig = { - ServiceSettings = { - EnableEmailInvitations = true; - EnableOAuthServiceProvider = true; - TrustedProxyIPHeader = [ - "X-Forwarded-For" - "X-Real-IP" - ]; - AllowCorsFrom = "*"; - }; - - FileSettings.Directory = "/var/lib/mattermost/files"; - }; - }; - - lollypops.secrets.files."mattermost/envfile" = { }; - - systemd.services.mattermost = { - - serviceConfig = { - - EnvironmentFile = config.lollypops.secrets.files."mattermost/envfile".path; - - Environment = [ - - # TODO Check syntax for header - - # Secret envfile contains: - # MM_EMAILSETTINGS_CONNECTIONSECURITY= - # MM_EMAILSETTINGS_ENABLEPREVIEWMODEBANNER= - # MM_EMAILSETTINGS_ENABLESMTPAUTH= - # MM_EMAILSETTINGS_FEEDBACKEMAIL= - # MM_EMAILSETTINGS_PUSHNOTIFICATIONCONTENTS= - # MM_EMAILSETTINGS_REPLYTOADDRESS= - # MM_EMAILSETTINGS_SENDEMAILNOTIFICATIONS= - # MM_EMAILSETTINGS_SMTPPASSWORD= - # MM_EMAILSETTINGS_SMTPPORT= - # MM_EMAILSETTINGS_SMTPSERVER= - # MM_EMAILSETTINGS_SMTPUSERNAME= - # MM_FILESETTINGS_PUBLICLINKSALT= - # MM_SQLSETTINGS_ATRESTENCRYPTKEY= - # MM_SQLSETTINGS_DATASOURCE= - # MM_EXTRA_SQLSETTINGS_DB_PASSWORD= - ]; - }; - }; - }; -} diff --git a/modules/miniflux/default.nix b/modules/miniflux/default.nix index 30f8e66a..2c108f15 100644 --- a/modules/miniflux/default.nix +++ b/modules/miniflux/default.nix @@ -24,7 +24,8 @@ in services.caddy = { enable = true; - virtualHosts."news.0cx.de".extraConfig = "reverse_proxy ${config.services.miniflux.config.LISTEN_ADDR}"; + virtualHosts."news.0cx.de".extraConfig = + "reverse_proxy ${config.services.miniflux.config.LISTEN_ADDR}"; }; systemd.services.miniflux = { diff --git a/modules/monitoring/prometheus.nix b/modules/monitoring/prometheus.nix index 5391b5c0..d05b36e8 100644 --- a/modules/monitoring/prometheus.nix +++ b/modules/monitoring/prometheus.nix @@ -87,7 +87,7 @@ in # scheme = "http"; # scrape_interval = "60s"; # metrics_path = "/metrics"; - # static_configs = [{ targets = [ + # static_configs = [{ targets = [ # "192.168.2.147" # ]; }]; # } diff --git a/modules/nextcloud/default.nix b/modules/nextcloud/default.nix index ca7e413b..1881ebd4 100644 --- a/modules/nextcloud/default.nix +++ b/modules/nextcloud/default.nix @@ -82,7 +82,7 @@ in # Pin Nextcloud major version. # Refer to upstream docs for updating major versions - package = pkgs.nextcloud29; + package = pkgs.nextcloud30; # Use HTTPS for links https = true; diff --git a/modules/nix-common/default.nix b/modules/nix-common/default.nix index 58793ad3..dd929b11 100644 --- a/modules/nix-common/default.nix +++ b/modules/nix-common/default.nix @@ -4,6 +4,7 @@ lib, flake-self, nixpkgs, + nix-index-database, ... }: with lib; @@ -16,8 +17,13 @@ in enable = mkEnableOption "Nix defaults"; }; + imports = [ nix-index-database.nixosModules.nix-index ]; + config = mkIf cfg.enable { + # Use nix-index-database for comma + programs.nix-index-database.comma.enable = true; + # Generates a .prom file that can be scraped with prometheus to monitor the # current nixpkgs version environment.etc."nix/flake_inputs.prom" = { @@ -75,9 +81,15 @@ in settings = { + auto-allocate-uids = true; + system-features = lib.mkDefault [ "uid-range" ]; + experimental-features = [ "nix-command" "flakes" + + "auto-allocate-uids" + "cgroups" ]; trusted-users = [ "@wheel" ]; diff --git a/modules/owncast/default.nix b/modules/owncast/default.nix index 46b111e0..1eaafe46 100644 --- a/modules/owncast/default.nix +++ b/modules/owncast/default.nix @@ -26,8 +26,8 @@ in services.caddy = { enable = true; - virtualHosts."${cfg.host - }".extraConfig = "reverse_proxy 127.0.0.1:${builtins.toString config.services.owncast.port}"; + virtualHosts."${cfg.host}".extraConfig = + "reverse_proxy 127.0.0.1:${builtins.toString config.services.owncast.port}"; }; }; } diff --git a/modules/radio/default.nix b/modules/radio/default.nix index 291d99e4..0d0349e8 100644 --- a/modules/radio/default.nix +++ b/modules/radio/default.nix @@ -42,7 +42,7 @@ in url = "https://hirschmilch.de:7000/progressive.mp3" [Lassulus Radio] - url = "https://radio.lassul.us/music.mp3" + url = "https://radio.lassul.us/radio.mp3" ''; }; diff --git a/modules/screego/default.nix b/modules/screego/default.nix index 858085f0..1de9a50f 100644 --- a/modules/screego/default.nix +++ b/modules/screego/default.nix @@ -1,4 +1,9 @@ -{ config, lib, ... }: +{ + config, + lib, + pkgs, + ... +}: let cfg = config.pinpox.services.screego; in @@ -24,17 +29,33 @@ in }; }; - lollypops.secrets.files."screego/users" = { }; - lollypops.secrets.files."screego/env" = { }; + clan.core.vars.generators."screego" = { + + files.envfile = { }; + files.users = { }; + files.prometheus-pass = { }; + + runtimeInputs = with pkgs; [ + coreutils + screego + xkcdpass + ]; + + script = '' + echo "SCREEGO_SECRET=$(tr -dc A-Za-z0-9 < /dev/urandom | head -c 40)" > $out/envfile + xkcdpass -n 4 -d - > $out/prometheus-pass + cat $out/prometheus-pass | screego hash --name "prometheus" --pass - > $out/users + ''; + }; systemd.services.screego.serviceConfig.LoadCredential = [ - "users:${config.lollypops.secrets.files."screego/users".path}" + "users:${config.clan.core.vars.generators.screego.files."users".path}" ]; services.screego = { enable = true; openFirewall = true; - environmentFile = "${config.lollypops.secrets.files."screego/env".path}"; + environmentFile = "${config.clan.core.vars.generators.screego.files."envfile".path}"; settings = { # SCREEGO_EXTERNAL_IP = "46.38.242.17"; SCREEGO_EXTERNAL_IP = "dns:screen.${cfg.domain}"; diff --git a/modules/thelounge/default.nix b/modules/thelounge/default.nix index 619021e5..aebaf088 100644 --- a/modules/thelounge/default.nix +++ b/modules/thelounge/default.nix @@ -19,6 +19,11 @@ in extraConfig = { host = "127.0.0.1"; reverseProxy = true; + storagePolicy = { + enabled = true; + maxAgeDays = 365; + deletionPolicy = "everything"; + }; # TODO default network to mattermost brideg # defaults = {}; diff --git a/modules/vikunja/default.nix b/modules/vikunja/default.nix index eab41f42..f9208384 100644 --- a/modules/vikunja/default.nix +++ b/modules/vikunja/default.nix @@ -22,8 +22,8 @@ in config = mkIf cfg.enable { - services.caddy.virtualHosts."${cfg.host - }".extraConfig = "reverse_proxy ${config.systemd.services.vikunja-api.environment.VIKUNJA_SERVICE_INTERFACE}"; + services.caddy.virtualHosts."${cfg.host}".extraConfig = + "reverse_proxy ${config.systemd.services.vikunja-api.environment.VIKUNJA_SERVICE_INTERFACE}"; # Vikunja doesn't allow setting openid configuration parameters (e.g. # openid_secret) via environment variables, so we have to treat the diff --git a/modules/wastebin/default.nix b/modules/wastebin/default.nix index a668cb9a..a46f6742 100644 --- a/modules/wastebin/default.nix +++ b/modules/wastebin/default.nix @@ -1,25 +1,33 @@ -{ config, lib, ... }: +{ + config, + lib, + pkgs, + ... +}: with lib; let cfg = config.pinpox.services.wastebin; in { - options.pinpox.services.wastebin = { - enable = mkEnableOption "wastebin server"; - }; + options.pinpox.services.wastebin.enable = mkEnableOption "wastebin server"; config = mkIf cfg.enable { - # WASTEBIN_PASSWORD_SALT - # WASTEBIN_SIGNING_KEY - lollypops.secrets.files."wastebin/envfile" = { }; + clan.core.vars.generators."wastebin" = { + files.envfile = { }; + runtimeInputs = [ pkgs.coreutils ]; + script = '' + echo "WASTEBIN_PASSWORD_SALT=$(tr -dc A-Za-z0-9 < /dev/urandom | head -c 80)" >> $out/envfile + echo "WASTEBIN_SIGNING_KEY=$(tr -dc A-Za-z0-9 < /dev/urandom | head -c 80)" >> $out/envfile + ''; + }; # Create system user and group services.wastebin = { enable = true; - secretFile = config.lollypops.secrets.files."wastebin/envfile".path; + secretFile = config.clan.core.vars.generators."wastebin".files."envfile".path; settings = { WASTEBIN_ADDRESS_PORT = "127.0.0.1:8088"; @@ -32,11 +40,7 @@ in }; # Reverse proxy - services.caddy = { - enable = true; - virtualHosts = { - "paste.0cx.de".extraConfig = "reverse_proxy ${config.services.wastebin.settings.WASTEBIN_ADDRESS_PORT}"; - }; - }; + services.caddy.virtualHosts."paste.0cx.de".extraConfig = + "reverse_proxy ${config.services.wastebin.settings.WASTEBIN_ADDRESS_PORT}"; }; } diff --git a/overlays/default.nix b/overlays/default.nix index c258335b..9a3f6f1b 100644 --- a/overlays/default.nix +++ b/overlays/default.nix @@ -41,7 +41,6 @@ self: super: { locale lollypops-common lvm-grub - mattermost miniflux minio monitoring diff --git a/utils/default.nix b/utils/default.nix index 351708d7..6ae83ece 100644 --- a/utils/default.nix +++ b/utils/default.nix @@ -1,5 +1,24 @@ { pkgs, ... }: { + + mkEnvGenerator = envs: rec { + files.envfile = { }; + runtimeInputs = [ pkgs.coreutils ]; + prompts = pkgs.lib.genAttrs envs (name: { + persist = false; + }); + + # Invalidate on env change + validation.script = script; + + script = '' + mkdir -p $out + cat <> $out/envfile + ${builtins.concatStringsSep "\n" (map (e: "${e}='$(cat $prompts/${e})'") envs)} + EOT + ''; + }; + renderMustache = name: template: data: # Render handlebars `template` called `name` by converting `data` to JSON diff --git a/vars/per-machine/ahorn/borgbackup/borgbackup.ssh.pub/value b/vars/per-machine/ahorn/borgbackup/borgbackup.ssh.pub/value new file mode 100644 index 00000000..85256510 --- /dev/null +++ b/vars/per-machine/ahorn/borgbackup/borgbackup.ssh.pub/value @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMNx5UavOFnsDNu3N8QSfR/7Jbv9l0uwOpny8Sk0252H nixbld@ahorn diff --git a/vars/per-machine/ahorn/state-version/version/value b/vars/per-machine/ahorn/state-version/version/value new file mode 100644 index 00000000..88b83203 --- /dev/null +++ b/vars/per-machine/ahorn/state-version/version/value @@ -0,0 +1 @@ +20.03 \ No newline at end of file diff --git a/vars/per-machine/birne/restic-server/.validation-hash b/vars/per-machine/birne/restic-server/.validation-hash new file mode 100644 index 00000000..2286539e --- /dev/null +++ b/vars/per-machine/birne/restic-server/.validation-hash @@ -0,0 +1 @@ +b40bd3130574d1d8e07160248cb6f48dcde7cf6aa948fda48bbedf8d0fcb6516 \ No newline at end of file diff --git a/vars/per-machine/birne/state-version/version/value b/vars/per-machine/birne/state-version/version/value new file mode 100644 index 00000000..88b83203 --- /dev/null +++ b/vars/per-machine/birne/state-version/version/value @@ -0,0 +1 @@ +20.03 \ No newline at end of file diff --git a/vars/per-machine/kfbox/go-karma-bot/.validation-hash b/vars/per-machine/kfbox/go-karma-bot/.validation-hash new file mode 100644 index 00000000..ffde3bc7 --- /dev/null +++ b/vars/per-machine/kfbox/go-karma-bot/.validation-hash @@ -0,0 +1 @@ +24d59f70cba7b4ee0c772354f0c041e925448e52431083a8bf37cda6b48b11a0 \ No newline at end of file diff --git a/vars/per-machine/kfbox/hedgedoc/.validation-hash b/vars/per-machine/kfbox/hedgedoc/.validation-hash new file mode 100644 index 00000000..ab4e24cf --- /dev/null +++ b/vars/per-machine/kfbox/hedgedoc/.validation-hash @@ -0,0 +1 @@ +96ba40a19e0a2b2696bb565184f28251d63c35f31f86ed8f85e526f660aa79ae \ No newline at end of file diff --git a/vars/per-machine/kfbox/jitsi-presence/.validation-hash b/vars/per-machine/kfbox/jitsi-presence/.validation-hash new file mode 100644 index 00000000..daa15e8a --- /dev/null +++ b/vars/per-machine/kfbox/jitsi-presence/.validation-hash @@ -0,0 +1 @@ +3ce0ea6332ad94bb81f83a03ee7c89514f4e6b218a43956b03ba4f48e4383432 \ No newline at end of file diff --git a/vars/per-machine/kfbox/state-version/version/value b/vars/per-machine/kfbox/state-version/version/value new file mode 100644 index 00000000..bb7635c7 --- /dev/null +++ b/vars/per-machine/kfbox/state-version/version/value @@ -0,0 +1 @@ +22.05 \ No newline at end of file diff --git a/vars/per-machine/porree/state-version/version/value b/vars/per-machine/porree/state-version/version/value new file mode 100644 index 00000000..88b83203 --- /dev/null +++ b/vars/per-machine/porree/state-version/version/value @@ -0,0 +1 @@ +20.03 \ No newline at end of file diff --git a/vars/shared/restic-ahorn/.validation-hash b/vars/shared/restic-ahorn/.validation-hash new file mode 100644 index 00000000..965d2140 --- /dev/null +++ b/vars/shared/restic-ahorn/.validation-hash @@ -0,0 +1 @@ +86269a0ed9368aab4dec9dc4ff82fe44ff0f9b915443f5bcdc1911ea1afca3fd \ No newline at end of file diff --git a/vars/shared/restic-cert/.validation-hash b/vars/shared/restic-cert/.validation-hash new file mode 100644 index 00000000..7672c101 --- /dev/null +++ b/vars/shared/restic-cert/.validation-hash @@ -0,0 +1 @@ +a3da374e9cad9051dce842a991c18e71feb879b073bca0f4ef291cb33c01a0a7 \ No newline at end of file diff --git a/vars/shared/restic-cert/restic-cert/value b/vars/shared/restic-cert/restic-cert/value new file mode 100644 index 00000000..dbaccbab --- /dev/null +++ b/vars/shared/restic-cert/restic-cert/value @@ -0,0 +1,21 @@ +-----BEGIN CERTIFICATE----- +MIIDgDCCAmigAwIBAgIUDBp2agTh90M4T0oU59HTKguVW+QwDQYJKoZIhvcNAQEL +BQAwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoM +GEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDAeFw0yNTAxMjIxMzE3MTlaFw0yNTAy +MjExMzE3MTlaMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEw +HwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwggEiMA0GCSqGSIb3DQEB +AQUAA4IBDwAwggEKAoIBAQDLq1xdCjYpFoKoNTde+ca+Av3Q2aeeE1iug+GO7mAi +R4WXUlIxBncwvzAqlQBEixsPWsYvL/MND570NvzGfUmfY204fyMb46sMOBAL0Rfi +/gVaVXLErTGJrOGPUdZgWpdLAATbwMVLqUawKM66lcr+A+ftxUjyosTPpQwrq/Zv +arlORTW4Ekzwo9nX9VQ+ZzoRlokay1H/Nzd3no8lY16IKxleuif+l0O96NsUFgZL +VFvZHsGBwn5PfWxXvUDqdRjh3QJ3gbdlFq6+B+znsgkj38jW7YdvPUKYYojXEgk/ +aAaii33RB4SjyCFeaO9QSTxQC3z8dxG+R9HXfVqOMD2pAgMBAAGjaDBmMB0GA1Ud +DgQWBBQuz8nhTizE/kt8ePJzj4s8f3BXgDAfBgNVHSMEGDAWgBQuz8nhTizE/kt8 +ePJzj4s8f3BXgDAPBgNVHRMBAf8EBTADAQH/MBMGA1UdEQQMMAqCCCoucmVzdGlj +MA0GCSqGSIb3DQEBCwUAA4IBAQB5knuIq6d3EjfBoiCDJwHFVIjgaWqo7g3Z1Rg7 +GFe4s4HZYMHQcmKFaKDMiqEENstMopUO/iT8dmmeNEIXMuofAVdfd2PJri0hMmCo +jcpswgtOtCHqSE0mALV2R/tEUt0nzSTRbmH1PfDlYfvt8y00kyQLqE8qQwjx+1Pd +ldlxK3b6qZqvfOZzwhvYhRDYON6UFY6u/qc8mF5Qr5qFnzoasz0XDhlhhz5ogvst +I4Wn9Kb9SxKPL42t5jQVinAT+KZ0x3/cIgl20qVOdiQdCx57p3ZdgDru5g6BOyGk +CZ7HRSaXpO8dgDZ5bmR3NNlNwvA2TRT0oLcBR3y1tohbp9Ye +-----END CERTIFICATE----- diff --git a/vars/shared/restic-kfbox/.validation-hash b/vars/shared/restic-kfbox/.validation-hash new file mode 100644 index 00000000..3fdb8909 --- /dev/null +++ b/vars/shared/restic-kfbox/.validation-hash @@ -0,0 +1 @@ +4bfe1766afd037ef15eeeaa180acb87117e957d87631f545782b5f69a1657e79 \ No newline at end of file