commit 7d364cdfac73685a2c0e73ceee6febd752a5dde9 Author: sid Date: Mon Feb 23 20:53:29 2026 +0100 initial commit diff --git a/.forgejo/workflows/build-hosts.yml b/.forgejo/workflows/build-hosts.yml new file mode 100644 index 0000000..c5fd0a9 --- /dev/null +++ b/.forgejo/workflows/build-hosts.yml @@ -0,0 +1,22 @@ +name: Build hosts + +on: + pull_request: + branches: + - master + +jobs: + build-hosts: + runs-on: runner + steps: + - name: Checkout repository + uses: actions/checkout@v4 + + - name: Build rx4 + run: nix build .#nixosConfigurations.rx4.config.system.build.toplevel --impure + + - name: Build sid + run: nix build .#nixosConfigurations.sid.config.system.build.toplevel --impure + + - name: Build vde + run: nix build .#nixosConfigurations.vde.config.system.build.toplevel --impure diff --git a/.forgejo/workflows/deploy-configs.yml b/.forgejo/workflows/deploy-configs.yml new file mode 100644 index 0000000..3daeafc --- /dev/null +++ b/.forgejo/workflows/deploy-configs.yml @@ -0,0 +1,28 @@ +name: Deploy configs + +on: + push: + branches: + - master + +jobs: + deploy-configs: + runs-on: runner + steps: + - name: Checkout repository + uses: actions/checkout@v4 + + - name: Set up SSH + env: + DEPLOY_KEY: ${{ secrets.DEPLOY_SSH_KEY }} + run: | + echo "$DEPLOY_KEY" > ssh_deploy_key + chmod 600 ssh_deploy_key + + cat < ssh_config + Host * + IdentityFile $(pwd)/ssh_deploy_key + EOF + + - name: Deploy configs + run: deploy . --skip-checks diff --git a/.forgejo/workflows/flake-check.yml b/.forgejo/workflows/flake-check.yml new file mode 100644 index 0000000..002f079 --- /dev/null +++ b/.forgejo/workflows/flake-check.yml @@ -0,0 +1,13 @@ +name: Flake check + +on: [pull_request] + +jobs: + flake-check: + runs-on: runner + steps: + - name: Checkout repository + uses: actions/checkout@v4 + + - name: Run flake check + run: nix flake check --impure diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..d5d0e7a --- /dev/null +++ b/.gitignore @@ -0,0 +1,2 @@ +result +target diff --git a/.sops.yaml b/.sops.yaml new file mode 100644 index 0000000..1d0dcf3 --- /dev/null +++ b/.sops.yaml @@ -0,0 +1,21 @@ +keys: + - &host_sid age1ytfze9tv5l80ujqfd66xp97w2u0lq8jrx45ulf0szey8ny0t837sdktdzf + - &host_rx4 age16y79w6d9c607zest8ed8rgxajmqmw86grz8d5e8c34nej36j4gysst8pl9 + - &host_vde age1mc07jayz4dpwenh06fzlcgfzk5t7ln0z3n65emwlm5r7nq59m4jstd7y8u + - &user_sid age19yeqvv28fgrtk6jsh3xyaf0lch86kna6rcz4dwe962yyyyevu30sx474xy +creation_rules: + - path_regex: hosts/sid/secrets/secrets.yaml$ + key_groups: + - age: + - *user_sid + - *host_sid + - path_regex: hosts/rx4/secrets/secrets.yaml$ + key_groups: + - age: + - *user_sid + - *host_rx4 + - path_regex: hosts/vde/secrets/secrets.yaml$ + key_groups: + - age: + - *user_sid + - *host_vde diff --git a/constants.nix b/constants.nix new file mode 100644 index 0000000..68a1e72 --- /dev/null +++ b/constants.nix @@ -0,0 +1,43 @@ +rec { + domain = "sid.ovh"; + hosts = { + sid = { + ip = "100.64.0.6"; + }; + rx4 = { + ip = "100.64.0.10"; + }; + vde = { + ip = "100.64.0.1"; + }; + }; + services = { + docs = { + fqdn = "doc." + domain; + }; + forgejo = { + fqdn = "git." + domain; + port = 3456; + }; + miniflux = { + fqdn = "rss." + domain; + port = 8085; + }; + netdata = { + fqdn = "netdata.sid.tail"; + port = 19999; + }; + open-webui-oci = { + fqdn = "ai." + domain; + port = 8083; + }; + rss-bridge = rec { + subdomain = "rss-bridge"; + fqdn = subdomain + "." + domain; + }; + webdav = { + fqdn = "dav.rx4.tail"; + port = 8080; + }; + }; +} diff --git a/flake.lock b/flake.lock new file mode 100644 index 0000000..cbe9298 --- /dev/null +++ b/flake.lock @@ -0,0 +1,3020 @@ +{ + "nodes": { + "anyrun": { + "inputs": { + "anyrun-provider": "anyrun-provider", + "flake-parts": "flake-parts", + "nixpkgs": [ + "clients", + "nixpkgs" + ], + "systems": "systems" + }, + "locked": { + "lastModified": 1764756094, + "narHash": "sha256-KEEJLERvo04AsPo/SWHFJUmHaGGOVjUoGwA9e8GVIQQ=", + "owner": "anyrun-org", + "repo": "anyrun", + "rev": "cacdf2e00cf95211bd2c7971c4037b21870bc2c9", + "type": "github" + }, + "original": { + "owner": "anyrun-org", + "repo": "anyrun", + "type": "github" + } + }, + "anyrun-provider": { + "inputs": { + "nixpkgs": [ + "clients", + "anyrun", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1764705714, + "narHash": "sha256-4rN2vWicM6Pn6eTo3Nu7IB5isbkc9u4arNMnY2+S8iM=", + "owner": "anyrun-org", + "repo": "anyrun-provider", + "rev": "88a786e6029733a4c02c2c6b1024f65029b0b9cf", + "type": "github" + }, + "original": { + "owner": "anyrun-org", + "repo": "anyrun-provider", + "type": "github" + } + }, + "base16": { + "inputs": { + "fromYaml": "fromYaml" + }, + "locked": { + "lastModified": 1755819240, + "narHash": "sha256-qcMhnL7aGAuFuutH4rq9fvAhCpJWVHLcHVZLtPctPlo=", + "owner": "SenchoPens", + "repo": "base16.nix", + "rev": "75ed5e5e3fce37df22e49125181fa37899c3ccd6", + "type": "github" + }, + "original": { + "owner": "SenchoPens", + "repo": "base16.nix", + "type": "github" + } + }, + "base16-fish": { + "flake": false, + "locked": { + "lastModified": 1765809053, + "narHash": "sha256-XCUQLoLfBJ8saWms2HCIj4NEN+xNsWBlU1NrEPcQG4s=", + "owner": "tomyun", + "repo": "base16-fish", + "rev": "86cbea4dca62e08fb7fd83a70e96472f92574782", + "type": "github" + }, + "original": { + "owner": "tomyun", + "repo": "base16-fish", + "rev": "86cbea4dca62e08fb7fd83a70e96472f92574782", + "type": "github" + } + }, + "base16-fish_2": { + "flake": false, + "locked": { + "lastModified": 1765809053, + "narHash": "sha256-XCUQLoLfBJ8saWms2HCIj4NEN+xNsWBlU1NrEPcQG4s=", + "owner": "tomyun", + "repo": "base16-fish", + "rev": "86cbea4dca62e08fb7fd83a70e96472f92574782", + "type": "github" + }, + "original": { + "owner": "tomyun", + "repo": "base16-fish", + "rev": "86cbea4dca62e08fb7fd83a70e96472f92574782", + "type": "github" + } + }, + "base16-fish_3": { + "flake": false, + "locked": { + "lastModified": 1765809053, + "narHash": "sha256-XCUQLoLfBJ8saWms2HCIj4NEN+xNsWBlU1NrEPcQG4s=", + "owner": "tomyun", + "repo": "base16-fish", + "rev": "86cbea4dca62e08fb7fd83a70e96472f92574782", + "type": "github" + }, + "original": { + "owner": "tomyun", + "repo": "base16-fish", + "rev": "86cbea4dca62e08fb7fd83a70e96472f92574782", + "type": "github" + } + }, + "base16-helix": { + "flake": false, + "locked": { + "lastModified": 1760703920, + "narHash": "sha256-m82fGUYns4uHd+ZTdoLX2vlHikzwzdu2s2rYM2bNwzw=", + "owner": "tinted-theming", + "repo": "base16-helix", + "rev": "d646af9b7d14bff08824538164af99d0c521b185", + "type": "github" + }, + "original": { + "owner": "tinted-theming", + "repo": "base16-helix", + "type": "github" + } + }, + "base16-helix_2": { + "flake": false, + "locked": { + "lastModified": 1760703920, + "narHash": "sha256-m82fGUYns4uHd+ZTdoLX2vlHikzwzdu2s2rYM2bNwzw=", + "owner": "tinted-theming", + "repo": "base16-helix", + "rev": "d646af9b7d14bff08824538164af99d0c521b185", + "type": "github" + }, + "original": { + "owner": "tinted-theming", + "repo": "base16-helix", + "type": "github" + } + }, + "base16-helix_3": { + "flake": false, + "locked": { + "lastModified": 1760703920, + "narHash": "sha256-m82fGUYns4uHd+ZTdoLX2vlHikzwzdu2s2rYM2bNwzw=", + "owner": "tinted-theming", + "repo": "base16-helix", + "rev": "d646af9b7d14bff08824538164af99d0c521b185", + "type": "github" + }, + "original": { + "owner": "tinted-theming", + "repo": "base16-helix", + "type": "github" + } + }, + "base16-vim": { + "flake": false, + "locked": { + "lastModified": 1732806396, + "narHash": "sha256-e0bpPySdJf0F68Ndanwm+KWHgQiZ0s7liLhvJSWDNsA=", + "owner": "tinted-theming", + "repo": "base16-vim", + "rev": "577fe8125d74ff456cf942c733a85d769afe58b7", + "type": "github" + }, + "original": { + "owner": "tinted-theming", + "repo": "base16-vim", + "rev": "577fe8125d74ff456cf942c733a85d769afe58b7", + "type": "github" + } + }, + "base16-vim_2": { + "flake": false, + "locked": { + "lastModified": 1732806396, + "narHash": "sha256-e0bpPySdJf0F68Ndanwm+KWHgQiZ0s7liLhvJSWDNsA=", + "owner": "tinted-theming", + "repo": "base16-vim", + "rev": "577fe8125d74ff456cf942c733a85d769afe58b7", + "type": "github" + }, + "original": { + "owner": "tinted-theming", + "repo": "base16-vim", + "rev": "577fe8125d74ff456cf942c733a85d769afe58b7", + "type": "github" + } + }, + "base16-vim_3": { + "flake": false, + "locked": { + "lastModified": 1732806396, + "narHash": "sha256-e0bpPySdJf0F68Ndanwm+KWHgQiZ0s7liLhvJSWDNsA=", + "owner": "tinted-theming", + "repo": "base16-vim", + "rev": "577fe8125d74ff456cf942c733a85d769afe58b7", + "type": "github" + }, + "original": { + "owner": "tinted-theming", + "repo": "base16-vim", + "rev": "577fe8125d74ff456cf942c733a85d769afe58b7", + "type": "github" + } + }, + "base16_2": { + "inputs": { + "fromYaml": "fromYaml_2" + }, + "locked": { + "lastModified": 1755819240, + "narHash": "sha256-qcMhnL7aGAuFuutH4rq9fvAhCpJWVHLcHVZLtPctPlo=", + "owner": "SenchoPens", + "repo": "base16.nix", + "rev": "75ed5e5e3fce37df22e49125181fa37899c3ccd6", + "type": "github" + }, + "original": { + "owner": "SenchoPens", + "repo": "base16.nix", + "type": "github" + } + }, + "base16_3": { + "inputs": { + "fromYaml": "fromYaml_3" + }, + "locked": { + "lastModified": 1755819240, + "narHash": "sha256-qcMhnL7aGAuFuutH4rq9fvAhCpJWVHLcHVZLtPctPlo=", + "owner": "SenchoPens", + "repo": "base16.nix", + "rev": "75ed5e5e3fce37df22e49125181fa37899c3ccd6", + "type": "github" + }, + "original": { + "owner": "SenchoPens", + "repo": "base16.nix", + "type": "github" + } + }, + "blobs": { + "flake": false, + "locked": { + "lastModified": 1604995301, + "narHash": "sha256-wcLzgLec6SGJA8fx1OEN1yV/Py5b+U5iyYpksUY/yLw=", + "owner": "simple-nixos-mailserver", + "repo": "blobs", + "rev": "2cccdf1ca48316f2cfd1c9a0017e8de5a7156265", + "type": "gitlab" + }, + "original": { + "owner": "simple-nixos-mailserver", + "repo": "blobs", + "type": "gitlab" + } + }, + "clients": { + "inputs": { + "anyrun": "anyrun", + "core": "core", + "gen-dmc": "gen-dmc", + "home-manager": "home-manager_2", + "kidex": "kidex", + "multios-usb": "multios-usb", + "nix-flatpak": "nix-flatpak", + "nixos-hardware": "nixos-hardware", + "nixpkgs": [ + "nixpkgs" + ], + "nixpkgs-old-old-stable": "nixpkgs-old-old-stable", + "nixpkgs-old-stable": "nixpkgs-old-stable", + "nixpkgs-unstable": "nixpkgs-unstable", + "nixvim": "nixvim_2", + "nur": "nur_3", + "pre-commit-hooks": "pre-commit-hooks", + "sops-nix": "sops-nix", + "stylix": "stylix_2", + "winapps": "winapps" + }, + "locked": { + "lastModified": 1770048955, + "narHash": "sha256-Xk4cHjYVHEupUVsPUFpUybTORtYEQBzW3ly+Dx7ktHk=", + "owner": "sid115", + "repo": "nix-config", + "rev": "bd8105ea10d641a4ee5261d2e714871798299ac5", + "type": "github" + }, + "original": { + "owner": "sid115", + "ref": "stable", + "repo": "nix-config", + "type": "github" + } + }, + "core": { + "inputs": { + "flake-schemas": "flake-schemas", + "git-hooks": "git-hooks", + "home-manager": "home-manager", + "nix": "nix", + "nixpkgs": [ + "clients", + "nixpkgs" + ], + "nixvim": "nixvim", + "nur": "nur", + "stylix": "stylix" + }, + "locked": { + "lastModified": 1770025789, + "narHash": "sha256-yDWDVxzHADqdOYuxWb/ELTLCKXYSq70xsrqnb9rxJhc=", + "ref": "release-25.11", + "rev": "59e45421d0f1f0610f67aa4f5fd7dbb575a795ec", + "revCount": 74, + "type": "git", + "url": "https://git.portuus.de/sid/nix-core.git" + }, + "original": { + "ref": "release-25.11", + "type": "git", + "url": "https://git.portuus.de/sid/nix-core.git" + } + }, + "deploy-rs": { + "inputs": { + "flake-compat": "flake-compat_5", + "nixpkgs": [ + "nixpkgs" + ], + "utils": "utils" + }, + "locked": { + "lastModified": 1766051518, + "narHash": "sha256-znKOwPXQnt3o7lDb3hdf19oDo0BLP4MfBOYiWkEHoik=", + "owner": "serokell", + "repo": "deploy-rs", + "rev": "d5eff7f948535b9c723d60cd8239f8f11ddc90fa", + "type": "github" + }, + "original": { + "owner": "serokell", + "repo": "deploy-rs", + "type": "github" + } + }, + "devshell": { + "inputs": { + "nixpkgs": [ + "headplane", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1764011051, + "narHash": "sha256-M7SZyPZiqZUR/EiiBJnmyUbOi5oE/03tCeFrTiUZchI=", + "owner": "numtide", + "repo": "devshell", + "rev": "17ed8d9744ebe70424659b0ef74ad6d41fc87071", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "devshell", + "type": "github" + } + }, + "firefox-gnome-theme": { + "flake": false, + "locked": { + "lastModified": 1764873433, + "narHash": "sha256-1XPewtGMi+9wN9Ispoluxunw/RwozuTRVuuQOmxzt+A=", + "owner": "rafaelmardojai", + "repo": "firefox-gnome-theme", + "rev": "f7ffd917ac0d253dbd6a3bf3da06888f57c69f92", + "type": "github" + }, + "original": { + "owner": "rafaelmardojai", + "repo": "firefox-gnome-theme", + "type": "github" + } + }, + "firefox-gnome-theme_2": { + "flake": false, + "locked": { + "lastModified": 1764873433, + "narHash": "sha256-1XPewtGMi+9wN9Ispoluxunw/RwozuTRVuuQOmxzt+A=", + "owner": "rafaelmardojai", + "repo": "firefox-gnome-theme", + "rev": "f7ffd917ac0d253dbd6a3bf3da06888f57c69f92", + "type": "github" + }, + "original": { + "owner": "rafaelmardojai", + "repo": "firefox-gnome-theme", + "type": "github" + } + }, + "firefox-gnome-theme_3": { + "flake": false, + "locked": { + "lastModified": 1764873433, + "narHash": "sha256-1XPewtGMi+9wN9Ispoluxunw/RwozuTRVuuQOmxzt+A=", + "owner": "rafaelmardojai", + "repo": "firefox-gnome-theme", + "rev": "f7ffd917ac0d253dbd6a3bf3da06888f57c69f92", + "type": "github" + }, + "original": { + "owner": "rafaelmardojai", + "repo": "firefox-gnome-theme", + "type": "github" + } + }, + "flake-compat": { + "flake": false, + "locked": { + "lastModified": 1767039857, + "narHash": "sha256-vNpUSpF5Nuw8xvDLj2KCwwksIbjua2LZCqhV1LNRDns=", + "owner": "NixOS", + "repo": "flake-compat", + "rev": "5edf11c44bc78a0d334f6334cdaf7d60d732daab", + "type": "github" + }, + "original": { + "owner": "NixOS", + "repo": "flake-compat", + "type": "github" + } + }, + "flake-compat_2": { + "flake": false, + "locked": { + "lastModified": 1733328505, + "narHash": "sha256-NeCCThCEP3eCl2l/+27kNNK7QrwZB1IJCrXfrbv5oqU=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "ff81ac966bb2cae68946d5ed5fc4994f96d0ffec", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, + "flake-compat_3": { + "flake": false, + "locked": { + "lastModified": 1767039857, + "narHash": "sha256-vNpUSpF5Nuw8xvDLj2KCwwksIbjua2LZCqhV1LNRDns=", + "owner": "NixOS", + "repo": "flake-compat", + "rev": "5edf11c44bc78a0d334f6334cdaf7d60d732daab", + "type": "github" + }, + "original": { + "owner": "NixOS", + "repo": "flake-compat", + "type": "github" + } + }, + "flake-compat_4": { + "locked": { + "lastModified": 1696426674, + "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", + "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", + "revCount": 57, + "type": "tarball", + "url": "https://api.flakehub.com/f/pinned/edolstra/flake-compat/1.0.1/018afb31-abd1-7bff-a5e4-cff7e18efb7a/source.tar.gz" + }, + "original": { + "type": "tarball", + "url": "https://flakehub.com/f/edolstra/flake-compat/1.tar.gz" + } + }, + "flake-compat_5": { + "flake": false, + "locked": { + "lastModified": 1733328505, + "narHash": "sha256-NeCCThCEP3eCl2l/+27kNNK7QrwZB1IJCrXfrbv5oqU=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "ff81ac966bb2cae68946d5ed5fc4994f96d0ffec", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, + "flake-compat_6": { + "flake": false, + "locked": { + "lastModified": 1761588595, + "narHash": "sha256-XKUZz9zewJNUj46b4AJdiRZJAvSZ0Dqj2BNfXvFlJC4=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "f387cd2afec9419c8ee37694406ca490c3f34ee5", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, + "flake-compat_7": { + "flake": false, + "locked": { + "lastModified": 1761588595, + "narHash": "sha256-XKUZz9zewJNUj46b4AJdiRZJAvSZ0Dqj2BNfXvFlJC4=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "f387cd2afec9419c8ee37694406ca490c3f34ee5", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, + "flake-compat_8": { + "flake": false, + "locked": { + "lastModified": 1767039857, + "narHash": "sha256-vNpUSpF5Nuw8xvDLj2KCwwksIbjua2LZCqhV1LNRDns=", + "owner": "NixOS", + "repo": "flake-compat", + "rev": "5edf11c44bc78a0d334f6334cdaf7d60d732daab", + "type": "github" + }, + "original": { + "owner": "NixOS", + "repo": "flake-compat", + "type": "github" + } + }, + "flake-compat_9": { + "flake": false, + "locked": { + "lastModified": 1733328505, + "narHash": "sha256-NeCCThCEP3eCl2l/+27kNNK7QrwZB1IJCrXfrbv5oqU=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "ff81ac966bb2cae68946d5ed5fc4994f96d0ffec", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, + "flake-parts": { + "inputs": { + "nixpkgs-lib": [ + "clients", + "anyrun", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1763759067, + "narHash": "sha256-LlLt2Jo/gMNYAwOgdRQBrsRoOz7BPRkzvNaI/fzXi2Q=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "2cccadc7357c0ba201788ae99c4dfa90728ef5e0", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, + "flake-parts_10": { + "inputs": { + "nixpkgs-lib": [ + "clients", + "stylix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1767609335, + "narHash": "sha256-feveD98mQpptwrAEggBQKJTYbvwwglSbOv53uCfH9PY=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "250481aafeb741edfe23d29195671c19b36b6dca", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, + "flake-parts_11": { + "inputs": { + "nixpkgs-lib": [ + "synix", + "nix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1733312601, + "narHash": "sha256-4pDvzqnegAfRkPwO3wmwBhVi/Sye1mzps0zHWYnP88c=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "205b12d8b7cd4802fbcb8e8ef6a0f1408781a4f9", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, + "flake-parts_12": { + "inputs": { + "nixpkgs-lib": [ + "synix", + "nixvim", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1765835352, + "narHash": "sha256-XswHlK/Qtjasvhd1nOa1e8MgZ8GS//jBoTqWtrS1Giw=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "a34fae9c08a15ad73f295041fec82323541400a9", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, + "flake-parts_13": { + "inputs": { + "nixpkgs-lib": [ + "synix", + "nur", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1733312601, + "narHash": "sha256-4pDvzqnegAfRkPwO3wmwBhVi/Sye1mzps0zHWYnP88c=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "205b12d8b7cd4802fbcb8e8ef6a0f1408781a4f9", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, + "flake-parts_14": { + "inputs": { + "nixpkgs-lib": [ + "synix", + "stylix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1767609335, + "narHash": "sha256-feveD98mQpptwrAEggBQKJTYbvwwglSbOv53uCfH9PY=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "250481aafeb741edfe23d29195671c19b36b6dca", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, + "flake-parts_2": { + "inputs": { + "nixpkgs-lib": [ + "clients", + "core", + "nix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1733312601, + "narHash": "sha256-4pDvzqnegAfRkPwO3wmwBhVi/Sye1mzps0zHWYnP88c=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "205b12d8b7cd4802fbcb8e8ef6a0f1408781a4f9", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, + "flake-parts_3": { + "inputs": { + "nixpkgs-lib": [ + "clients", + "core", + "nixvim", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1765835352, + "narHash": "sha256-XswHlK/Qtjasvhd1nOa1e8MgZ8GS//jBoTqWtrS1Giw=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "a34fae9c08a15ad73f295041fec82323541400a9", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, + "flake-parts_4": { + "inputs": { + "nixpkgs-lib": [ + "clients", + "core", + "nur", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1733312601, + "narHash": "sha256-4pDvzqnegAfRkPwO3wmwBhVi/Sye1mzps0zHWYnP88c=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "205b12d8b7cd4802fbcb8e8ef6a0f1408781a4f9", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, + "flake-parts_5": { + "inputs": { + "nixpkgs-lib": [ + "clients", + "core", + "stylix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1767609335, + "narHash": "sha256-feveD98mQpptwrAEggBQKJTYbvwwglSbOv53uCfH9PY=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "250481aafeb741edfe23d29195671c19b36b6dca", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, + "flake-parts_6": { + "inputs": { + "nixpkgs-lib": "nixpkgs-lib" + }, + "locked": { + "lastModified": 1749398372, + "narHash": "sha256-tYBdgS56eXYaWVW3fsnPQ/nFlgWi/Z2Ymhyu21zVM98=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "9305fe4e5c2a6fcf5ba6a3ff155720fbe4076569", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, + "flake-parts_7": { + "inputs": { + "nixpkgs-lib": "nixpkgs-lib_2" + }, + "locked": { + "lastModified": 1754487366, + "narHash": "sha256-pHYj8gUBapuUzKV/kN/tR3Zvqc7o6gdFB9XKXIp1SQ8=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "af66ad14b28a127c5c0f3bbb298218fc63528a18", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, + "flake-parts_8": { + "inputs": { + "nixpkgs-lib": [ + "clients", + "nixvim", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1765835352, + "narHash": "sha256-XswHlK/Qtjasvhd1nOa1e8MgZ8GS//jBoTqWtrS1Giw=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "a34fae9c08a15ad73f295041fec82323541400a9", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, + "flake-parts_9": { + "inputs": { + "nixpkgs-lib": [ + "clients", + "nur", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1733312601, + "narHash": "sha256-4pDvzqnegAfRkPwO3wmwBhVi/Sye1mzps0zHWYnP88c=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "205b12d8b7cd4802fbcb8e8ef6a0f1408781a4f9", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, + "flake-schemas": { + "locked": { + "lastModified": 1765542151, + "narHash": "sha256-rzv+NVnOcr9pzd8RnvTscwAHAZmD8FLgxEEmHP1xGTA=", + "owner": "DeterminateSystems", + "repo": "flake-schemas", + "rev": "6f53c45897ef6d9e1f39e8ca9611571ac4aa4f17", + "type": "github" + }, + "original": { + "owner": "DeterminateSystems", + "repo": "flake-schemas", + "type": "github" + } + }, + "flake-schemas_2": { + "locked": { + "lastModified": 1765542151, + "narHash": "sha256-rzv+NVnOcr9pzd8RnvTscwAHAZmD8FLgxEEmHP1xGTA=", + "owner": "DeterminateSystems", + "repo": "flake-schemas", + "rev": "6f53c45897ef6d9e1f39e8ca9611571ac4aa4f17", + "type": "github" + }, + "original": { + "owner": "DeterminateSystems", + "repo": "flake-schemas", + "type": "github" + } + }, + "flake-utils": { + "inputs": { + "systems": "systems_2" + }, + "locked": { + "lastModified": 1731533236, + "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "flake-utils_2": { + "inputs": { + "systems": "systems_5" + }, + "locked": { + "lastModified": 1731533236, + "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "flake-utils_3": { + "inputs": { + "systems": "systems_8" + }, + "locked": { + "lastModified": 1710146030, + "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "flake-utils_4": { + "inputs": { + "systems": "systems_10" + }, + "locked": { + "lastModified": 1731533236, + "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "flake-utils_5": { + "inputs": { + "systems": "systems_11" + }, + "locked": { + "lastModified": 1731533236, + "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "fromYaml": { + "flake": false, + "locked": { + "lastModified": 1731966426, + "narHash": "sha256-lq95WydhbUTWig/JpqiB7oViTcHFP8Lv41IGtayokA8=", + "owner": "SenchoPens", + "repo": "fromYaml", + "rev": "106af9e2f715e2d828df706c386a685698f3223b", + "type": "github" + }, + "original": { + "owner": "SenchoPens", + "repo": "fromYaml", + "type": "github" + } + }, + "fromYaml_2": { + "flake": false, + "locked": { + "lastModified": 1731966426, + "narHash": "sha256-lq95WydhbUTWig/JpqiB7oViTcHFP8Lv41IGtayokA8=", + "owner": "SenchoPens", + "repo": "fromYaml", + "rev": "106af9e2f715e2d828df706c386a685698f3223b", + "type": "github" + }, + "original": { + "owner": "SenchoPens", + "repo": "fromYaml", + "type": "github" + } + }, + "fromYaml_3": { + "flake": false, + "locked": { + "lastModified": 1731966426, + "narHash": "sha256-lq95WydhbUTWig/JpqiB7oViTcHFP8Lv41IGtayokA8=", + "owner": "SenchoPens", + "repo": "fromYaml", + "rev": "106af9e2f715e2d828df706c386a685698f3223b", + "type": "github" + }, + "original": { + "owner": "SenchoPens", + "repo": "fromYaml", + "type": "github" + } + }, + "gen-dmc": { + "inputs": { + "nixpkgs": [ + "clients", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1759167416, + "narHash": "sha256-FOv4Vsng7OUC715tonYRGGY4JhcL3fticvC1YjvGzAI=", + "owner": "kmein", + "repo": "gen-dmc", + "rev": "5a152a7b311cc77de761740bfbb211293d9621d8", + "type": "github" + }, + "original": { + "owner": "kmein", + "ref": "pull/3/head", + "repo": "gen-dmc", + "type": "github" + } + }, + "git-hooks": { + "inputs": { + "flake-compat": "flake-compat", + "gitignore": "gitignore", + "nixpkgs": [ + "clients", + "core", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1768935149, + "narHash": "sha256-S5/BZo4X1D9+U/yJ6xCJyUkXZ8y261q2gPP5Xsq8RPU=", + "owner": "cachix", + "repo": "git-hooks.nix", + "rev": "18cbede9ff6da05b911c5c4802a397c2686ac8fa", + "type": "github" + }, + "original": { + "owner": "cachix", + "repo": "git-hooks.nix", + "type": "github" + } + }, + "git-hooks-nix": { + "inputs": { + "flake-compat": [ + "clients", + "core", + "nix" + ], + "gitignore": [ + "clients", + "core", + "nix" + ], + "nixpkgs": [ + "clients", + "core", + "nix", + "nixpkgs" + ], + "nixpkgs-stable": [ + "clients", + "core", + "nix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1734279981, + "narHash": "sha256-NdaCraHPp8iYMWzdXAt5Nv6sA3MUzlCiGiR586TCwo0=", + "owner": "cachix", + "repo": "git-hooks.nix", + "rev": "aa9f40c906904ebd83da78e7f328cd8aeaeae785", + "type": "github" + }, + "original": { + "owner": "cachix", + "repo": "git-hooks.nix", + "type": "github" + } + }, + "git-hooks-nix_2": { + "inputs": { + "flake-compat": [ + "synix", + "nix" + ], + "gitignore": [ + "synix", + "nix" + ], + "nixpkgs": [ + "synix", + "nix", + "nixpkgs" + ], + "nixpkgs-stable": [ + "synix", + "nix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1734279981, + "narHash": "sha256-NdaCraHPp8iYMWzdXAt5Nv6sA3MUzlCiGiR586TCwo0=", + "owner": "cachix", + "repo": "git-hooks.nix", + "rev": "aa9f40c906904ebd83da78e7f328cd8aeaeae785", + "type": "github" + }, + "original": { + "owner": "cachix", + "repo": "git-hooks.nix", + "type": "github" + } + }, + "git-hooks_2": { + "inputs": { + "flake-compat": [ + "nixos-mailserver", + "flake-compat" + ], + "gitignore": "gitignore_4", + "nixpkgs": [ + "nixos-mailserver", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1763319842, + "narHash": "sha256-YG19IyrTdnVn0l3DvcUYm85u3PaqBt6tI6VvolcuHnA=", + "owner": "cachix", + "repo": "git-hooks.nix", + "rev": "7275fa67fbbb75891c16d9dee7d88e58aea2d761", + "type": "github" + }, + "original": { + "owner": "cachix", + "repo": "git-hooks.nix", + "type": "github" + } + }, + "git-hooks_3": { + "inputs": { + "flake-compat": "flake-compat_8", + "gitignore": "gitignore_6", + "nixpkgs": [ + "synix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1768935149, + "narHash": "sha256-S5/BZo4X1D9+U/yJ6xCJyUkXZ8y261q2gPP5Xsq8RPU=", + "owner": "cachix", + "repo": "git-hooks.nix", + "rev": "18cbede9ff6da05b911c5c4802a397c2686ac8fa", + "type": "github" + }, + "original": { + "owner": "cachix", + "repo": "git-hooks.nix", + "type": "github" + } + }, + "gitignore": { + "inputs": { + "nixpkgs": [ + "clients", + "core", + "git-hooks", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1709087332, + "narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=", + "owner": "hercules-ci", + "repo": "gitignore.nix", + "rev": "637db329424fd7e46cf4185293b9cc8c88c95394", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "gitignore.nix", + "type": "github" + } + }, + "gitignore_2": { + "inputs": { + "nixpkgs": [ + "clients", + "multios-usb", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1709087332, + "narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=", + "owner": "hercules-ci", + "repo": "gitignore.nix", + "rev": "637db329424fd7e46cf4185293b9cc8c88c95394", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "gitignore.nix", + "type": "github" + } + }, + "gitignore_3": { + "inputs": { + "nixpkgs": [ + "clients", + "pre-commit-hooks", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1709087332, + "narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=", + "owner": "hercules-ci", + "repo": "gitignore.nix", + "rev": "637db329424fd7e46cf4185293b9cc8c88c95394", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "gitignore.nix", + "type": "github" + } + }, + "gitignore_4": { + "inputs": { + "nixpkgs": [ + "nixos-mailserver", + "git-hooks", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1709087332, + "narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=", + "owner": "hercules-ci", + "repo": "gitignore.nix", + "rev": "637db329424fd7e46cf4185293b9cc8c88c95394", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "gitignore.nix", + "type": "github" + } + }, + "gitignore_5": { + "inputs": { + "nixpkgs": [ + "pre-commit-hooks", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1709087332, + "narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=", + "owner": "hercules-ci", + "repo": "gitignore.nix", + "rev": "637db329424fd7e46cf4185293b9cc8c88c95394", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "gitignore.nix", + "type": "github" + } + }, + "gitignore_6": { + "inputs": { + "nixpkgs": [ + "synix", + "git-hooks", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1709087332, + "narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=", + "owner": "hercules-ci", + "repo": "gitignore.nix", + "rev": "637db329424fd7e46cf4185293b9cc8c88c95394", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "gitignore.nix", + "type": "github" + } + }, + "gnome-shell": { + "flake": false, + "locked": { + "host": "gitlab.gnome.org", + "lastModified": 1767737596, + "narHash": "sha256-eFujfIUQDgWnSJBablOuG+32hCai192yRdrNHTv0a+s=", + "owner": "GNOME", + "repo": "gnome-shell", + "rev": "ef02db02bf0ff342734d525b5767814770d85b49", + "type": "gitlab" + }, + "original": { + "host": "gitlab.gnome.org", + "owner": "GNOME", + "ref": "gnome-49", + "repo": "gnome-shell", + "type": "gitlab" + } + }, + "gnome-shell_2": { + "flake": false, + "locked": { + "host": "gitlab.gnome.org", + "lastModified": 1767737596, + "narHash": "sha256-eFujfIUQDgWnSJBablOuG+32hCai192yRdrNHTv0a+s=", + "owner": "GNOME", + "repo": "gnome-shell", + "rev": "ef02db02bf0ff342734d525b5767814770d85b49", + "type": "gitlab" + }, + "original": { + "host": "gitlab.gnome.org", + "owner": "GNOME", + "ref": "gnome-49", + "repo": "gnome-shell", + "type": "gitlab" + } + }, + "gnome-shell_3": { + "flake": false, + "locked": { + "host": "gitlab.gnome.org", + "lastModified": 1767737596, + "narHash": "sha256-eFujfIUQDgWnSJBablOuG+32hCai192yRdrNHTv0a+s=", + "owner": "GNOME", + "repo": "gnome-shell", + "rev": "ef02db02bf0ff342734d525b5767814770d85b49", + "type": "gitlab" + }, + "original": { + "host": "gitlab.gnome.org", + "owner": "GNOME", + "ref": "gnome-49", + "repo": "gnome-shell", + "type": "gitlab" + } + }, + "headplane": { + "inputs": { + "devshell": "devshell", + "flake-utils": "flake-utils_4", + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1765690941, + "narHash": "sha256-zueViKsXPonDWUA46ZhDqkF5w2XrB00QBxGTGiG5mV8=", + "owner": "tale", + "repo": "headplane", + "rev": "82cb74b20b78507c0d14fb62cb212a98e5e43163", + "type": "github" + }, + "original": { + "owner": "tale", + "repo": "headplane", + "type": "github" + } + }, + "home-manager": { + "inputs": { + "nixpkgs": [ + "clients", + "core", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1768949235, + "narHash": "sha256-TtjKgXyg1lMfh374w5uxutd6Vx2P/hU81aEhTxrO2cg=", + "owner": "nix-community", + "repo": "home-manager", + "rev": "75ed713570ca17427119e7e204ab3590cc3bf2a5", + "type": "github" + }, + "original": { + "owner": "nix-community", + "ref": "release-25.11", + "repo": "home-manager", + "type": "github" + } + }, + "home-manager_2": { + "inputs": { + "nixpkgs": [ + "clients", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1767910483, + "narHash": "sha256-MOU5YdVu4DVwuT5ztXgQpPuRRBjSjUGIdUzOQr9iQOY=", + "owner": "nix-community", + "repo": "home-manager", + "rev": "82fb7dedaad83e5e279127a38ef410bcfac6d77c", + "type": "github" + }, + "original": { + "owner": "nix-community", + "ref": "release-25.11", + "repo": "home-manager", + "type": "github" + } + }, + "home-manager_3": { + "inputs": { + "nixpkgs": "nixpkgs_2" + }, + "locked": { + "lastModified": 1749657191, + "narHash": "sha256-QLilaHuhGxiwhgceDWESj9gFcKIdEp7+9lRqNGpN8S4=", + "owner": "nix-community", + "repo": "home-manager", + "rev": "faeab32528a9360e9577ff4082de2d35c6bbe1ce", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "home-manager", + "type": "github" + } + }, + "home-manager_4": { + "inputs": { + "nixpkgs": [ + "synix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1768949235, + "narHash": "sha256-TtjKgXyg1lMfh374w5uxutd6Vx2P/hU81aEhTxrO2cg=", + "owner": "nix-community", + "repo": "home-manager", + "rev": "75ed713570ca17427119e7e204ab3590cc3bf2a5", + "type": "github" + }, + "original": { + "owner": "nix-community", + "ref": "release-25.11", + "repo": "home-manager", + "type": "github" + } + }, + "ixx": { + "inputs": { + "flake-utils": [ + "clients", + "core", + "nixvim", + "nuschtosSearch", + "flake-utils" + ], + "nixpkgs": [ + "clients", + "core", + "nixvim", + "nuschtosSearch", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1754860581, + "narHash": "sha256-EM0IE63OHxXCOpDHXaTyHIOk2cNvMCGPqLt/IdtVxgk=", + "owner": "NuschtOS", + "repo": "ixx", + "rev": "babfe85a876162c4acc9ab6fb4483df88fa1f281", + "type": "github" + }, + "original": { + "owner": "NuschtOS", + "ref": "v0.1.1", + "repo": "ixx", + "type": "github" + } + }, + "ixx_2": { + "inputs": { + "flake-utils": [ + "clients", + "nixvim", + "nuschtosSearch", + "flake-utils" + ], + "nixpkgs": [ + "clients", + "nixvim", + "nuschtosSearch", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1754860581, + "narHash": "sha256-EM0IE63OHxXCOpDHXaTyHIOk2cNvMCGPqLt/IdtVxgk=", + "owner": "NuschtOS", + "repo": "ixx", + "rev": "babfe85a876162c4acc9ab6fb4483df88fa1f281", + "type": "github" + }, + "original": { + "owner": "NuschtOS", + "ref": "v0.1.1", + "repo": "ixx", + "type": "github" + } + }, + "ixx_3": { + "inputs": { + "flake-utils": [ + "synix", + "nixvim", + "nuschtosSearch", + "flake-utils" + ], + "nixpkgs": [ + "synix", + "nixvim", + "nuschtosSearch", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1754860581, + "narHash": "sha256-EM0IE63OHxXCOpDHXaTyHIOk2cNvMCGPqLt/IdtVxgk=", + "owner": "NuschtOS", + "repo": "ixx", + "rev": "babfe85a876162c4acc9ab6fb4483df88fa1f281", + "type": "github" + }, + "original": { + "owner": "NuschtOS", + "ref": "v0.1.1", + "repo": "ixx", + "type": "github" + } + }, + "kidex": { + "inputs": { + "flake-parts": "flake-parts_6", + "home-manager": "home-manager_3", + "nixpkgs": [ + "clients", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1763902355, + "narHash": "sha256-7Mf+SN4xJhHcPfG3xLBPHyqci3rBc08dPuHEsnw04sA=", + "owner": "Kirottu", + "repo": "kidex", + "rev": "1a4871641da3be4286c8a5316b44733388943f87", + "type": "github" + }, + "original": { + "owner": "Kirottu", + "repo": "kidex", + "type": "github" + } + }, + "multios-usb": { + "inputs": { + "flake-parts": "flake-parts_7", + "gitignore": "gitignore_2", + "nixpkgs": [ + "clients", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1767500032, + "narHash": "sha256-ALCcBlOOIw6/DaJwrOBEQPzuBgiXU2fWEHrxcY+kOeg=", + "owner": "Mexit", + "repo": "MultiOS-USB", + "rev": "22eb813525f8cb5234773ba5e7130bfcdf72bebf", + "type": "github" + }, + "original": { + "owner": "Mexit", + "repo": "MultiOS-USB", + "type": "github" + } + }, + "nix": { + "inputs": { + "flake-compat": "flake-compat_2", + "flake-parts": "flake-parts_2", + "git-hooks-nix": "git-hooks-nix", + "nixpkgs": "nixpkgs", + "nixpkgs-23-11": "nixpkgs-23-11", + "nixpkgs-regression": "nixpkgs-regression" + }, + "locked": { + "lastModified": 1741125032, + "narHash": "sha256-Yy1Cd3Xm4UJTctYsVQfD5jY5z7pVncvLu8cq0cjjYT4=", + "owner": "DeterminateSystems", + "repo": "nix-src", + "rev": "271926aa5997c3120c8ef0962ce1c7f29fee1a05", + "type": "github" + }, + "original": { + "owner": "DeterminateSystems", + "ref": "flake-schemas", + "repo": "nix-src", + "type": "github" + } + }, + "nix-filter": { + "locked": { + "lastModified": 1731533336, + "narHash": "sha256-oRam5PS1vcrr5UPgALW0eo1m/5/pls27Z/pabHNy2Ms=", + "owner": "numtide", + "repo": "nix-filter", + "rev": "f7653272fd234696ae94229839a99b73c9ab7de0", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "nix-filter", + "type": "github" + } + }, + "nix-flatpak": { + "locked": { + "lastModified": 1767983141, + "narHash": "sha256-7ZCulYUD9RmJIDULTRkGLSW1faMpDlPKcbWJLYHoXcs=", + "owner": "gmodena", + "repo": "nix-flatpak", + "rev": "440818969ac2cbd77bfe025e884d0aa528991374", + "type": "github" + }, + "original": { + "owner": "gmodena", + "ref": "latest", + "repo": "nix-flatpak", + "type": "github" + } + }, + "nix_2": { + "inputs": { + "flake-compat": "flake-compat_9", + "flake-parts": "flake-parts_11", + "git-hooks-nix": "git-hooks-nix_2", + "nixpkgs": "nixpkgs_4", + "nixpkgs-23-11": "nixpkgs-23-11_2", + "nixpkgs-regression": "nixpkgs-regression_2" + }, + "locked": { + "lastModified": 1741125032, + "narHash": "sha256-Yy1Cd3Xm4UJTctYsVQfD5jY5z7pVncvLu8cq0cjjYT4=", + "owner": "DeterminateSystems", + "repo": "nix-src", + "rev": "271926aa5997c3120c8ef0962ce1c7f29fee1a05", + "type": "github" + }, + "original": { + "owner": "DeterminateSystems", + "ref": "flake-schemas", + "repo": "nix-src", + "type": "github" + } + }, + "nixos-hardware": { + "locked": { + "lastModified": 1767185284, + "narHash": "sha256-ljDBUDpD1Cg5n3mJI81Hz5qeZAwCGxon4kQW3Ho3+6Q=", + "owner": "NixOS", + "repo": "nixos-hardware", + "rev": "40b1a28dce561bea34858287fbb23052c3ee63fe", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "master", + "repo": "nixos-hardware", + "type": "github" + } + }, + "nixos-mailserver": { + "inputs": { + "blobs": "blobs", + "flake-compat": "flake-compat_6", + "git-hooks": "git-hooks_2", + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1766537863, + "narHash": "sha256-HEt+wbazRgJYeY+lgj65bxhPyVc4x7NEB2bs5NU6DF8=", + "owner": "simple-nixos-mailserver", + "repo": "nixos-mailserver", + "rev": "23f0a53ca6e58e61e1ea2b86791c69b79c91656d", + "type": "gitlab" + }, + "original": { + "owner": "simple-nixos-mailserver", + "ref": "nixos-25.11", + "repo": "nixos-mailserver", + "type": "gitlab" + } + }, + "nixpkgs": { + "locked": { + "lastModified": 1734359947, + "narHash": "sha256-1Noao/H+N8nFB4Beoy8fgwrcOQLVm9o4zKW1ODaqK9E=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "48d12d5e70ee91fe8481378e540433a7303dbf6a", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "release-24.11", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs-23-11": { + "locked": { + "lastModified": 1717159533, + "narHash": "sha256-oamiKNfr2MS6yH64rUn99mIZjc45nGJlj9eGth/3Xuw=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "a62e6edd6d5e1fa0329b8653c801147986f8d446", + "type": "github" + }, + "original": { + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "a62e6edd6d5e1fa0329b8653c801147986f8d446", + "type": "github" + } + }, + "nixpkgs-23-11_2": { + "locked": { + "lastModified": 1717159533, + "narHash": "sha256-oamiKNfr2MS6yH64rUn99mIZjc45nGJlj9eGth/3Xuw=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "a62e6edd6d5e1fa0329b8653c801147986f8d446", + "type": "github" + }, + "original": { + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "a62e6edd6d5e1fa0329b8653c801147986f8d446", + "type": "github" + } + }, + "nixpkgs-lib": { + "locked": { + "lastModified": 1748740939, + "narHash": "sha256-rQaysilft1aVMwF14xIdGS3sj1yHlI6oKQNBRTF40cc=", + "owner": "nix-community", + "repo": "nixpkgs.lib", + "rev": "656a64127e9d791a334452c6b6606d17539476e2", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nixpkgs.lib", + "type": "github" + } + }, + "nixpkgs-lib_2": { + "locked": { + "lastModified": 1753579242, + "narHash": "sha256-zvaMGVn14/Zz8hnp4VWT9xVnhc8vuL3TStRqwk22biA=", + "owner": "nix-community", + "repo": "nixpkgs.lib", + "rev": "0f36c44e01a6129be94e3ade315a5883f0228a6e", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nixpkgs.lib", + "type": "github" + } + }, + "nixpkgs-old-old-stable": { + "locked": { + "lastModified": 1751274312, + "narHash": "sha256-/bVBlRpECLVzjV19t5KMdMFWSwKLtb5RyXdjz3LJT+g=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "50ab793786d9de88ee30ec4e4c24fb4236fc2674", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-24.11", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs-old-stable": { + "locked": { + "lastModified": 1767313136, + "narHash": "sha256-16KkgfdYqjaeRGBaYsNrhPRRENs0qzkQVUooNHtoy2w=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "ac62194c3917d5f474c1a844b6fd6da2db95077d", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-25.05", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs-old-stable_2": { + "locked": { + "lastModified": 1767313136, + "narHash": "sha256-16KkgfdYqjaeRGBaYsNrhPRRENs0qzkQVUooNHtoy2w=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "ac62194c3917d5f474c1a844b6fd6da2db95077d", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-25.05", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs-regression": { + "locked": { + "lastModified": 1643052045, + "narHash": "sha256-uGJ0VXIhWKGXxkeNnq4TvV3CIOkUJ3PAoLZ3HMzNVMw=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "215d4d0fd80ca5163643b03a33fde804a29cc1e2", + "type": "github" + }, + "original": { + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "215d4d0fd80ca5163643b03a33fde804a29cc1e2", + "type": "github" + } + }, + "nixpkgs-regression_2": { + "locked": { + "lastModified": 1643052045, + "narHash": "sha256-uGJ0VXIhWKGXxkeNnq4TvV3CIOkUJ3PAoLZ3HMzNVMw=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "215d4d0fd80ca5163643b03a33fde804a29cc1e2", + "type": "github" + }, + "original": { + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "215d4d0fd80ca5163643b03a33fde804a29cc1e2", + "type": "github" + } + }, + "nixpkgs-unstable": { + "locked": { + "lastModified": 1768127708, + "narHash": "sha256-1Sm77VfZh3mU0F5OqKABNLWxOuDeHIlcFjsXeeiPazs=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "ffbc9f8cbaacfb331b6017d5a5abb21a492c9a38", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs-unstable_2": { + "locked": { + "lastModified": 1769461804, + "narHash": "sha256-msG8SU5WsBUfVVa/9RPLaymvi5bI8edTavbIq3vRlhI=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "bfc1b8a4574108ceef22f02bafcf6611380c100d", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_2": { + "locked": { + "lastModified": 1749285348, + "narHash": "sha256-frdhQvPbmDYaScPFiCnfdh3B/Vh81Uuoo0w5TkWmmjU=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "3e3afe5174c561dee0df6f2c2b2236990146329f", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_3": { + "locked": { + "lastModified": 1769598131, + "narHash": "sha256-e7VO/kGLgRMbWtpBqdWl0uFg8Y2XWFMdz0uUJvlML8o=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "fa83fd837f3098e3e678e6cf017b2b36102c7211", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-25.11", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_4": { + "locked": { + "lastModified": 1734359947, + "narHash": "sha256-1Noao/H+N8nFB4Beoy8fgwrcOQLVm9o4zKW1ODaqK9E=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "48d12d5e70ee91fe8481378e540433a7303dbf6a", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "release-24.11", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixvim": { + "inputs": { + "flake-parts": "flake-parts_3", + "nixpkgs": [ + "clients", + "core", + "nixpkgs" + ], + "nuschtosSearch": "nuschtosSearch", + "systems": "systems_3" + }, + "locked": { + "lastModified": 1768486829, + "narHash": "sha256-G621Q9cB1roQxK0C6guNjmWX0CmPA5xN46VD2kTdDEk=", + "owner": "nix-community", + "repo": "nixvim", + "rev": "503259b749971f431cb4aca7099cd60eadd7a613", + "type": "github" + }, + "original": { + "owner": "nix-community", + "ref": "nixos-25.11", + "repo": "nixvim", + "type": "github" + } + }, + "nixvim_2": { + "inputs": { + "flake-parts": "flake-parts_8", + "nixpkgs": [ + "clients", + "nixpkgs" + ], + "nuschtosSearch": "nuschtosSearch_2", + "systems": "systems_6" + }, + "locked": { + "lastModified": 1767448089, + "narHash": "sha256-U1fHsZBnFrUil731NHD9Sg5HoiG+eSHau8OFuClhwW0=", + "owner": "nix-community", + "repo": "nixvim", + "rev": "983751b66f255bbea1adc185364e9e7b73f82358", + "type": "github" + }, + "original": { + "owner": "nix-community", + "ref": "nixos-25.11", + "repo": "nixvim", + "type": "github" + } + }, + "nixvim_3": { + "inputs": { + "flake-parts": "flake-parts_12", + "nixpkgs": [ + "synix", + "nixpkgs" + ], + "nuschtosSearch": "nuschtosSearch_3", + "systems": "systems_12" + }, + "locked": { + "lastModified": 1768486829, + "narHash": "sha256-G621Q9cB1roQxK0C6guNjmWX0CmPA5xN46VD2kTdDEk=", + "owner": "nix-community", + "repo": "nixvim", + "rev": "503259b749971f431cb4aca7099cd60eadd7a613", + "type": "github" + }, + "original": { + "owner": "nix-community", + "ref": "nixos-25.11", + "repo": "nixvim", + "type": "github" + } + }, + "nur": { + "inputs": { + "flake-parts": "flake-parts_4", + "nixpkgs": [ + "clients", + "core", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1769002807, + "narHash": "sha256-27JgCsWRnWsI1ZMnrIbmyLm+GCoyDTYILcAVI75SN6g=", + "owner": "nix-community", + "repo": "NUR", + "rev": "818b545699f32a1058961604b4a2783875fe8cde", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "NUR", + "type": "github" + } + }, + "nur_2": { + "inputs": { + "flake-parts": [ + "clients", + "core", + "stylix", + "flake-parts" + ], + "nixpkgs": [ + "clients", + "core", + "stylix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1767886815, + "narHash": "sha256-pB2BBv6X9cVGydEV/9Y8+uGCvuYJAlsprs1v1QHjccA=", + "owner": "nix-community", + "repo": "NUR", + "rev": "4ff84374d77ff62e2e13a46c33bfeb73590f9fef", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "NUR", + "type": "github" + } + }, + "nur_3": { + "inputs": { + "flake-parts": "flake-parts_9", + "nixpkgs": [ + "clients", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1768312260, + "narHash": "sha256-ztSP5kDw+DuxJ4DG/3tW7YK3cu3U8YAqXv6uAOwNyIs=", + "owner": "nix-community", + "repo": "NUR", + "rev": "dc41fee43b5bebb55bc9df70b2201b4cd52bfc16", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "NUR", + "type": "github" + } + }, + "nur_4": { + "inputs": { + "flake-parts": [ + "clients", + "stylix", + "flake-parts" + ], + "nixpkgs": [ + "clients", + "stylix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1767886815, + "narHash": "sha256-pB2BBv6X9cVGydEV/9Y8+uGCvuYJAlsprs1v1QHjccA=", + "owner": "nix-community", + "repo": "NUR", + "rev": "4ff84374d77ff62e2e13a46c33bfeb73590f9fef", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "NUR", + "type": "github" + } + }, + "nur_5": { + "inputs": { + "flake-parts": "flake-parts_13", + "nixpkgs": [ + "synix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1769002807, + "narHash": "sha256-27JgCsWRnWsI1ZMnrIbmyLm+GCoyDTYILcAVI75SN6g=", + "owner": "nix-community", + "repo": "NUR", + "rev": "818b545699f32a1058961604b4a2783875fe8cde", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "NUR", + "type": "github" + } + }, + "nur_6": { + "inputs": { + "flake-parts": [ + "synix", + "stylix", + "flake-parts" + ], + "nixpkgs": [ + "synix", + "stylix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1767886815, + "narHash": "sha256-pB2BBv6X9cVGydEV/9Y8+uGCvuYJAlsprs1v1QHjccA=", + "owner": "nix-community", + "repo": "NUR", + "rev": "4ff84374d77ff62e2e13a46c33bfeb73590f9fef", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "NUR", + "type": "github" + } + }, + "nuschtosSearch": { + "inputs": { + "flake-utils": "flake-utils", + "ixx": "ixx", + "nixpkgs": [ + "clients", + "core", + "nixvim", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1761730856, + "narHash": "sha256-t1i5p/vSWwueZSC0Z2BImxx3BjoUDNKyC2mk24krcMY=", + "owner": "NuschtOS", + "repo": "search", + "rev": "e29de6db0cb3182e9aee75a3b1fd1919d995d85b", + "type": "github" + }, + "original": { + "owner": "NuschtOS", + "repo": "search", + "type": "github" + } + }, + "nuschtosSearch_2": { + "inputs": { + "flake-utils": "flake-utils_2", + "ixx": "ixx_2", + "nixpkgs": [ + "clients", + "nixvim", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1761730856, + "narHash": "sha256-t1i5p/vSWwueZSC0Z2BImxx3BjoUDNKyC2mk24krcMY=", + "owner": "NuschtOS", + "repo": "search", + "rev": "e29de6db0cb3182e9aee75a3b1fd1919d995d85b", + "type": "github" + }, + "original": { + "owner": "NuschtOS", + "repo": "search", + "type": "github" + } + }, + "nuschtosSearch_3": { + "inputs": { + "flake-utils": "flake-utils_5", + "ixx": "ixx_3", + "nixpkgs": [ + "synix", + "nixvim", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1761730856, + "narHash": "sha256-t1i5p/vSWwueZSC0Z2BImxx3BjoUDNKyC2mk24krcMY=", + "owner": "NuschtOS", + "repo": "search", + "rev": "e29de6db0cb3182e9aee75a3b1fd1919d995d85b", + "type": "github" + }, + "original": { + "owner": "NuschtOS", + "repo": "search", + "type": "github" + } + }, + "pre-commit-hooks": { + "inputs": { + "flake-compat": "flake-compat_3", + "gitignore": "gitignore_3", + "nixpkgs": [ + "clients", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1767281941, + "narHash": "sha256-6MkqajPICgugsuZ92OMoQcgSHnD6sJHwk8AxvMcIgTE=", + "owner": "cachix", + "repo": "git-hooks.nix", + "rev": "f0927703b7b1c8d97511c4116eb9b4ec6645a0fa", + "type": "github" + }, + "original": { + "owner": "cachix", + "repo": "git-hooks.nix", + "type": "github" + } + }, + "pre-commit-hooks_2": { + "inputs": { + "flake-compat": "flake-compat_7", + "gitignore": "gitignore_5", + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1765464257, + "narHash": "sha256-dixPWKiHzh80PtD0aLuxYNQ0xP+843dfXG/yM3OzaYQ=", + "owner": "cachix", + "repo": "git-hooks.nix", + "rev": "09e45f2598e1a8499c3594fe11ec2943f34fe509", + "type": "github" + }, + "original": { + "owner": "cachix", + "repo": "git-hooks.nix", + "type": "github" + } + }, + "root": { + "inputs": { + "clients": "clients", + "deploy-rs": "deploy-rs", + "headplane": "headplane", + "nixos-mailserver": "nixos-mailserver", + "nixpkgs": "nixpkgs_3", + "nixpkgs-old-stable": "nixpkgs-old-stable_2", + "nixpkgs-unstable": "nixpkgs-unstable_2", + "pre-commit-hooks": "pre-commit-hooks_2", + "sops-nix": "sops-nix_2", + "synix": "synix" + } + }, + "sops-nix": { + "inputs": { + "nixpkgs": [ + "clients", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1768271704, + "narHash": "sha256-jJqlW8A3OZ5tYbXphF7U8P8g/3Cn8PPwPa4YlJ/9agg=", + "owner": "Mic92", + "repo": "sops-nix", + "rev": "691b8b6713855d0fe463993867291c158472fc6f", + "type": "github" + }, + "original": { + "owner": "Mic92", + "repo": "sops-nix", + "type": "github" + } + }, + "sops-nix_2": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1765684837, + "narHash": "sha256-fJCnsYcpQxxy/wit9EBOK33c0Z9U4D3Tvo3gf2mvHos=", + "owner": "Mic92", + "repo": "sops-nix", + "rev": "94d8af61d8a603d33d1ed3500a33fcf35ae7d3bc", + "type": "github" + }, + "original": { + "owner": "Mic92", + "repo": "sops-nix", + "type": "github" + } + }, + "stylix": { + "inputs": { + "base16": "base16", + "base16-fish": "base16-fish", + "base16-helix": "base16-helix", + "base16-vim": "base16-vim", + "firefox-gnome-theme": "firefox-gnome-theme", + "flake-parts": "flake-parts_5", + "gnome-shell": "gnome-shell", + "nixpkgs": [ + "clients", + "core", + "nixpkgs" + ], + "nur": "nur_2", + "systems": "systems_4", + "tinted-foot": "tinted-foot", + "tinted-kitty": "tinted-kitty", + "tinted-schemes": "tinted-schemes", + "tinted-tmux": "tinted-tmux", + "tinted-zed": "tinted-zed" + }, + "locked": { + "lastModified": 1768493544, + "narHash": "sha256-9qk2W/6GJWLAFXNruK/zdJ0bm3bfP50vJFbtuAjQpa4=", + "owner": "nix-community", + "repo": "stylix", + "rev": "362306faaa7459bebf8eabf135879785f3da9bd2", + "type": "github" + }, + "original": { + "owner": "nix-community", + "ref": "release-25.11", + "repo": "stylix", + "type": "github" + } + }, + "stylix_2": { + "inputs": { + "base16": "base16_2", + "base16-fish": "base16-fish_2", + "base16-helix": "base16-helix_2", + "base16-vim": "base16-vim_2", + "firefox-gnome-theme": "firefox-gnome-theme_2", + "flake-parts": "flake-parts_10", + "gnome-shell": "gnome-shell_2", + "nixpkgs": [ + "clients", + "nixpkgs" + ], + "nur": "nur_4", + "systems": "systems_7", + "tinted-foot": "tinted-foot_2", + "tinted-kitty": "tinted-kitty_2", + "tinted-schemes": "tinted-schemes_2", + "tinted-tmux": "tinted-tmux_2", + "tinted-zed": "tinted-zed_2" + }, + "locked": { + "lastModified": 1767983286, + "narHash": "sha256-zuS1vcjZjtipzH1MgQUp/lRURIp6CXOVjGHQMQ1UBFI=", + "owner": "nix-community", + "repo": "stylix", + "rev": "5ad96253be7ee7f66298d28a24ac8faba8e0fe54", + "type": "github" + }, + "original": { + "owner": "nix-community", + "ref": "release-25.11", + "repo": "stylix", + "type": "github" + } + }, + "stylix_3": { + "inputs": { + "base16": "base16_3", + "base16-fish": "base16-fish_3", + "base16-helix": "base16-helix_3", + "base16-vim": "base16-vim_3", + "firefox-gnome-theme": "firefox-gnome-theme_3", + "flake-parts": "flake-parts_14", + "gnome-shell": "gnome-shell_3", + "nixpkgs": [ + "synix", + "nixpkgs" + ], + "nur": "nur_6", + "systems": "systems_13", + "tinted-foot": "tinted-foot_3", + "tinted-kitty": "tinted-kitty_3", + "tinted-schemes": "tinted-schemes_3", + "tinted-tmux": "tinted-tmux_3", + "tinted-zed": "tinted-zed_3" + }, + "locked": { + "lastModified": 1768493544, + "narHash": "sha256-9qk2W/6GJWLAFXNruK/zdJ0bm3bfP50vJFbtuAjQpa4=", + "owner": "nix-community", + "repo": "stylix", + "rev": "362306faaa7459bebf8eabf135879785f3da9bd2", + "type": "github" + }, + "original": { + "owner": "nix-community", + "ref": "release-25.11", + "repo": "stylix", + "type": "github" + } + }, + "synix": { + "inputs": { + "flake-schemas": "flake-schemas_2", + "git-hooks": "git-hooks_3", + "home-manager": "home-manager_4", + "nix": "nix_2", + "nixpkgs": [ + "nixpkgs" + ], + "nixvim": "nixvim_3", + "nur": "nur_5", + "stylix": "stylix_3" + }, + "locked": { + "lastModified": 1771841888, + "narHash": "sha256-wCjlrbYCHyOU7k/wO1mPRqwkI3lnQgqYsPUu1lO8+wk=", + "ref": "release-25.11", + "rev": "1b85368b46ea8873c6aaaa6ceeef23402f26d824", + "revCount": 25, + "type": "git", + "url": "https://git.sid.ovh/sid/synix.git" + }, + "original": { + "ref": "release-25.11", + "type": "git", + "url": "https://git.sid.ovh/sid/synix.git" + } + }, + "systems": { + "locked": { + "lastModified": 1689347949, + "narHash": "sha256-12tWmuL2zgBgZkdoB6qXZsgJEH9LR3oUgpaQq2RbI80=", + "owner": "nix-systems", + "repo": "default-linux", + "rev": "31732fcf5e8fea42e59c2488ad31a0e651500f68", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default-linux", + "type": "github" + } + }, + "systems_10": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, + "systems_11": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, + "systems_12": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, + "systems_13": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, + "systems_2": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, + "systems_3": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, + "systems_4": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, + "systems_5": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, + "systems_6": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, + "systems_7": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, + "systems_8": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, + "systems_9": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, + "tinted-foot": { + "flake": false, + "locked": { + "lastModified": 1726913040, + "narHash": "sha256-+eDZPkw7efMNUf3/Pv0EmsidqdwNJ1TaOum6k7lngDQ=", + "owner": "tinted-theming", + "repo": "tinted-foot", + "rev": "fd1b924b6c45c3e4465e8a849e67ea82933fcbe4", + "type": "github" + }, + "original": { + "owner": "tinted-theming", + "repo": "tinted-foot", + "rev": "fd1b924b6c45c3e4465e8a849e67ea82933fcbe4", + "type": "github" + } + }, + "tinted-foot_2": { + "flake": false, + "locked": { + "lastModified": 1726913040, + "narHash": "sha256-+eDZPkw7efMNUf3/Pv0EmsidqdwNJ1TaOum6k7lngDQ=", + "owner": "tinted-theming", + "repo": "tinted-foot", + "rev": "fd1b924b6c45c3e4465e8a849e67ea82933fcbe4", + "type": "github" + }, + "original": { + "owner": "tinted-theming", + "repo": "tinted-foot", + "rev": "fd1b924b6c45c3e4465e8a849e67ea82933fcbe4", + "type": "github" + } + }, + "tinted-foot_3": { + "flake": false, + "locked": { + "lastModified": 1726913040, + "narHash": "sha256-+eDZPkw7efMNUf3/Pv0EmsidqdwNJ1TaOum6k7lngDQ=", + "owner": "tinted-theming", + "repo": "tinted-foot", + "rev": "fd1b924b6c45c3e4465e8a849e67ea82933fcbe4", + "type": "github" + }, + "original": { + "owner": "tinted-theming", + "repo": "tinted-foot", + "rev": "fd1b924b6c45c3e4465e8a849e67ea82933fcbe4", + "type": "github" + } + }, + "tinted-kitty": { + "flake": false, + "locked": { + "lastModified": 1735730497, + "narHash": "sha256-4KtB+FiUzIeK/4aHCKce3V9HwRvYaxX+F1edUrfgzb8=", + "owner": "tinted-theming", + "repo": "tinted-kitty", + "rev": "de6f888497f2c6b2279361bfc790f164bfd0f3fa", + "type": "github" + }, + "original": { + "owner": "tinted-theming", + "repo": "tinted-kitty", + "type": "github" + } + }, + "tinted-kitty_2": { + "flake": false, + "locked": { + "lastModified": 1735730497, + "narHash": "sha256-4KtB+FiUzIeK/4aHCKce3V9HwRvYaxX+F1edUrfgzb8=", + "owner": "tinted-theming", + "repo": "tinted-kitty", + "rev": "de6f888497f2c6b2279361bfc790f164bfd0f3fa", + "type": "github" + }, + "original": { + "owner": "tinted-theming", + "repo": "tinted-kitty", + "type": "github" + } + }, + "tinted-kitty_3": { + "flake": false, + "locked": { + "lastModified": 1735730497, + "narHash": "sha256-4KtB+FiUzIeK/4aHCKce3V9HwRvYaxX+F1edUrfgzb8=", + "owner": "tinted-theming", + "repo": "tinted-kitty", + "rev": "de6f888497f2c6b2279361bfc790f164bfd0f3fa", + "type": "github" + }, + "original": { + "owner": "tinted-theming", + "repo": "tinted-kitty", + "type": "github" + } + }, + "tinted-schemes": { + "flake": false, + "locked": { + "lastModified": 1767817087, + "narHash": "sha256-eGE8OYoK6HzhJt/7bOiNV2cx01IdIrHL7gXgjkHRdNo=", + "owner": "tinted-theming", + "repo": "schemes", + "rev": "bd99656235aab343e3d597bf196df9bc67429507", + "type": "github" + }, + "original": { + "owner": "tinted-theming", + "repo": "schemes", + "type": "github" + } + }, + "tinted-schemes_2": { + "flake": false, + "locked": { + "lastModified": 1767817087, + "narHash": "sha256-eGE8OYoK6HzhJt/7bOiNV2cx01IdIrHL7gXgjkHRdNo=", + "owner": "tinted-theming", + "repo": "schemes", + "rev": "bd99656235aab343e3d597bf196df9bc67429507", + "type": "github" + }, + "original": { + "owner": "tinted-theming", + "repo": "schemes", + "type": "github" + } + }, + "tinted-schemes_3": { + "flake": false, + "locked": { + "lastModified": 1767817087, + "narHash": "sha256-eGE8OYoK6HzhJt/7bOiNV2cx01IdIrHL7gXgjkHRdNo=", + "owner": "tinted-theming", + "repo": "schemes", + "rev": "bd99656235aab343e3d597bf196df9bc67429507", + "type": "github" + }, + "original": { + "owner": "tinted-theming", + "repo": "schemes", + "type": "github" + } + }, + "tinted-tmux": { + "flake": false, + "locked": { + "lastModified": 1767489635, + "narHash": "sha256-e6nnFnWXKBCJjCv4QG4bbcouJ6y3yeT70V9MofL32lU=", + "owner": "tinted-theming", + "repo": "tinted-tmux", + "rev": "3c32729ccae99be44fe8a125d20be06f8d7d8184", + "type": "github" + }, + "original": { + "owner": "tinted-theming", + "repo": "tinted-tmux", + "type": "github" + } + }, + "tinted-tmux_2": { + "flake": false, + "locked": { + "lastModified": 1767489635, + "narHash": "sha256-e6nnFnWXKBCJjCv4QG4bbcouJ6y3yeT70V9MofL32lU=", + "owner": "tinted-theming", + "repo": "tinted-tmux", + "rev": "3c32729ccae99be44fe8a125d20be06f8d7d8184", + "type": "github" + }, + "original": { + "owner": "tinted-theming", + "repo": "tinted-tmux", + "type": "github" + } + }, + "tinted-tmux_3": { + "flake": false, + "locked": { + "lastModified": 1767489635, + "narHash": "sha256-e6nnFnWXKBCJjCv4QG4bbcouJ6y3yeT70V9MofL32lU=", + "owner": "tinted-theming", + "repo": "tinted-tmux", + "rev": "3c32729ccae99be44fe8a125d20be06f8d7d8184", + "type": "github" + }, + "original": { + "owner": "tinted-theming", + "repo": "tinted-tmux", + "type": "github" + } + }, + "tinted-zed": { + "flake": false, + "locked": { + "lastModified": 1767488740, + "narHash": "sha256-wVOj0qyil8m+ouSsVZcNjl5ZR+1GdOOAooAatQXHbuU=", + "owner": "tinted-theming", + "repo": "base16-zed", + "rev": "11abb0b282ad3786a2aae088d3a01c60916f2e40", + "type": "github" + }, + "original": { + "owner": "tinted-theming", + "repo": "base16-zed", + "type": "github" + } + }, + "tinted-zed_2": { + "flake": false, + "locked": { + "lastModified": 1767488740, + "narHash": "sha256-wVOj0qyil8m+ouSsVZcNjl5ZR+1GdOOAooAatQXHbuU=", + "owner": "tinted-theming", + "repo": "base16-zed", + "rev": "11abb0b282ad3786a2aae088d3a01c60916f2e40", + "type": "github" + }, + "original": { + "owner": "tinted-theming", + "repo": "base16-zed", + "type": "github" + } + }, + "tinted-zed_3": { + "flake": false, + "locked": { + "lastModified": 1767488740, + "narHash": "sha256-wVOj0qyil8m+ouSsVZcNjl5ZR+1GdOOAooAatQXHbuU=", + "owner": "tinted-theming", + "repo": "base16-zed", + "rev": "11abb0b282ad3786a2aae088d3a01c60916f2e40", + "type": "github" + }, + "original": { + "owner": "tinted-theming", + "repo": "base16-zed", + "type": "github" + } + }, + "utils": { + "inputs": { + "systems": "systems_9" + }, + "locked": { + "lastModified": 1731533236, + "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "winapps": { + "inputs": { + "flake-compat": "flake-compat_4", + "flake-utils": "flake-utils_3", + "nix-filter": "nix-filter", + "nixpkgs": [ + "clients", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1767904990, + "narHash": "sha256-W0KD73Iv3wMEnO7LDE1BJWaRcw969keqwn9hM+TR3SU=", + "owner": "winapps-org", + "repo": "winapps", + "rev": "8b63321f3b14f0f61b1e45772fdafe6ef57d8f98", + "type": "github" + }, + "original": { + "owner": "winapps-org", + "repo": "winapps", + "type": "github" + } + } + }, + "root": "root", + "version": 7 +} diff --git a/flake.nix b/flake.nix new file mode 100644 index 0000000..8a98b1f --- /dev/null +++ b/flake.nix @@ -0,0 +1,136 @@ +{ + description = "NixOS configurations for machines behind sid.ovh."; + + inputs = { + nixpkgs.url = "github:nixos/nixpkgs/nixos-25.11"; + nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable"; + nixpkgs-old-stable.url = "github:nixos/nixpkgs/nixos-25.05"; + + synix.url = "git+https://git.sid.ovh/sid/synix.git?ref=release-25.11"; + # synix.url = "git+file:///home/sid/src/synix"; + synix.inputs.nixpkgs.follows = "nixpkgs"; + + clients.url = "github:sid115/nix-config/stable"; + clients.inputs.nixpkgs.follows = "nixpkgs"; + + deploy-rs.url = "github:serokell/deploy-rs"; + deploy-rs.inputs.nixpkgs.follows = "nixpkgs"; + + nixos-mailserver.url = "gitlab:simple-nixos-mailserver/nixos-mailserver/nixos-25.11"; + nixos-mailserver.inputs.nixpkgs.follows = "nixpkgs"; + + sops-nix.url = "github:Mic92/sops-nix"; + sops-nix.inputs.nixpkgs.follows = "nixpkgs"; + + headplane.url = "github:tale/headplane"; + headplane.inputs.nixpkgs.follows = "nixpkgs"; + + pre-commit-hooks.url = "github:cachix/git-hooks.nix"; + pre-commit-hooks.inputs.nixpkgs.follows = "nixpkgs"; + }; + + outputs = + { + self, + nixpkgs, + ... + }@inputs: + let + inherit (self) outputs; + + supportedSystems = [ + "x86_64-linux" + ]; + + forAllSystems = nixpkgs.lib.genAttrs supportedSystems; + + lib = nixpkgs.lib.extend (final: prev: inputs.synix.lib or { }); + + mkNixosConfiguration = + system: modules: + nixpkgs.lib.nixosSystem { + inherit system modules; + specialArgs = { + inherit inputs outputs lib; + constants = import ./constants.nix; + }; + }; + + mkNode = name: system: { + hostname = name + ".tail"; + profiles.system = { + path = inputs.deploy-rs.lib.${system}.activate.nixos self.nixosConfigurations.${name}; + }; + }; + in + { + packages = forAllSystems (system: import ./pkgs nixpkgs.legacyPackages.${system}); + + overlays = import ./overlays { inherit inputs; }; + + nixosModules = import ./modules/nixos; + + nixosConfigurations = { + rx4 = mkNixosConfiguration "x86_64-linux" [ ./hosts/rx4 ]; + sid = mkNixosConfiguration "x86_64-linux" [ ./hosts/sid ]; + vde = mkNixosConfiguration "x86_64-linux" [ ./hosts/vde ]; + }; + + deploy = { + sshUser = "root"; + sshOpts = [ + "-F" + "ssh_config" + "-p" + "2299" + "-o" + "StrictHostKeyChecking=no" + "-o" + "UserKnownHostsFile=/dev/null" + ]; + nodes = { + rx4 = mkNode "rx4" "x86_64-linux"; + sid = mkNode "sid" "x86_64-linux"; + # vde = mkNode "vde" "x86_64-linux"; # NOTE: offline atm + }; + }; + + formatter = forAllSystems ( + system: + let + pkgs = nixpkgs.legacyPackages.${system}; + config = self.checks.${system}.pre-commit-check.config; + inherit (config) package configFile; + script = '' + ${pkgs.lib.getExe package} run --all-files --config ${configFile} + ''; + in + pkgs.writeShellScriptBin "pre-commit-run" script + ); + + checks = forAllSystems ( + system: + let + pkgs = nixpkgs.legacyPackages.${system}; + flakePkgs = self.packages.${system}; + deployChecks = inputs.deploy-rs.lib.${system}.deployChecks self.deploy; + overlaidPkgs = import nixpkgs { + inherit system; + overlays = [ self.overlays.modifications ]; + }; + in + deployChecks + // { + pre-commit-check = inputs.pre-commit-hooks.lib.${system}.run { + src = ./.; + hooks = { + nixfmt.enable = true; + }; + }; + build-packages = pkgs.linkFarm "flake-packages-${system}" flakePkgs; + build-overlays = pkgs.linkFarm "flake-overlays-${system}" { + }; + } + ); + }; +} diff --git a/hosts/rx4/boot.nix b/hosts/rx4/boot.nix new file mode 100644 index 0000000..6252b08 --- /dev/null +++ b/hosts/rx4/boot.nix @@ -0,0 +1,7 @@ +{ + boot.loader.systemd-boot = { + enable = true; + configurationLimit = 20; + }; + boot.loader.efi.canTouchEfiVariables = true; +} diff --git a/hosts/rx4/default.nix b/hosts/rx4/default.nix new file mode 100644 index 0000000..06c64fc --- /dev/null +++ b/hosts/rx4/default.nix @@ -0,0 +1,26 @@ +{ + inputs, + outputs, + ... +}: + +{ + imports = [ + ./boot.nix + ./hardware.nix + ./networking.nix + ./packages.nix + ./secrets + ./services + + ../../users/sid + + inputs.synix.nixosModules.common + inputs.synix.nixosModules.device.server + + outputs.nixosModules.common + outputs.nixosModules.deploy + ]; + + system.stateVersion = "25.11"; +} diff --git a/hosts/rx4/disks.sh b/hosts/rx4/disks.sh new file mode 100644 index 0000000..b5e5bdd --- /dev/null +++ b/hosts/rx4/disks.sh @@ -0,0 +1,63 @@ +#!/usr/bin/env bash + +SSD='/dev/disk/by-id/nvme-KINGSTON_SNV3SM3500G_50026B7283B1AFB4_1' +MNT='/mnt' +SWAP_GB=8 + +# Helper function to wait for devices +wait_for_device() { + local device=$1 + echo "Waiting for device: $device ..." + while [[ ! -e $device ]]; do + sleep 1 + done + echo "Device $device is ready." +} + +# Function to install a package if it's not already installed +install_if_missing() { + local cmd="$1" + local package="$2" + if ! command -v "$cmd" &> /dev/null; then + echo "$cmd not found, installing $package..." + nix-env -iA "nixos.$package" + fi +} + +install_if_missing "sgdisk" "gptfdisk" +install_if_missing "partprobe" "parted" + +wait_for_device $SSD + +echo "Wiping filesystem on $SSD..." +wipefs -a $SSD + +echo "Clearing partition table on $SSD..." +sgdisk --zap-all $SSD + +echo "Partitioning $SSD..." +sgdisk -n1:1M:+1G -t1:EF00 -c1:BOOT $SSD +sgdisk -n2:0:+"$SWAP_GB"G -t2:8200 -c2:SWAP $SSD +sgdisk -n3:0:0 -t3:8304 -c3:ROOT $SSD +partprobe -s $SSD +udevadm settle + +wait_for_device ${SSD}-part1 +wait_for_device ${SSD}-part2 +wait_for_device ${SSD}-part3 + +echo "Formatting partitions..." +mkfs.vfat -F 32 -n BOOT "${SSD}-part1" +mkswap -L SWAP "${SSD}-part2" +mkfs.ext4 -L ROOT "${SSD}-part3" + +echo "Mounting partitions..." +mount -o X-mount.mkdir "${SSD}-part3" "$MNT" +mkdir -p "$MNT/boot" +mount -t vfat -o fmask=0077,dmask=0077,iocharset=iso8859-1 "${SSD}-part1" "$MNT/boot" + +echo "Enabling swap..." +swapon "${SSD}-part2" + +echo "Partitioning and setup complete:" +lsblk -o NAME,FSTYPE,SIZE,MOUNTPOINT,LABEL diff --git a/hosts/rx4/hardware.nix b/hosts/rx4/hardware.nix new file mode 100644 index 0000000..d6aaf2d --- /dev/null +++ b/hosts/rx4/hardware.nix @@ -0,0 +1,48 @@ +{ + config, + lib, + pkgs, + modulesPath, + ... +}: + +{ + imports = [ + (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = [ + "nvme" + "sd_mod" + "sdhci_pci" + "usb_storage" + "usbhid" + "xhci_pci" + ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ "kvm-intel" ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = { + device = "/dev/disk/by-label/ROOT"; + fsType = "ext4"; + }; + + fileSystems."/boot" = { + device = "/dev/disk/by-label/BOOT"; + fsType = "vfat"; + options = [ + "fmask=0022" + "dmask=0022" + ]; + }; + + swapDevices = [ + { device = "/dev/disk/by-label/SWAP"; } + ]; + + networking.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} diff --git a/hosts/rx4/networking.nix b/hosts/rx4/networking.nix new file mode 100644 index 0000000..aaaa1a6 --- /dev/null +++ b/hosts/rx4/networking.nix @@ -0,0 +1,51 @@ +{ + networking.hostName = "rx4"; + networking.domain = "sid.ovh"; + + # boot.kernel.sysctl = { + # "net.ipv4.conf.all.forwarding" = 1; + # "net.ipv6.conf.all.forwarding" = 1; + # }; + # + # networking.interfaces.enp2s0 = { + # useDHCP = false; + # ipv4.addresses = [ + # { + # address = "192.168.100.1"; + # prefixLength = 24; + # } + # ]; + # }; + # + # networking.nat = { + # enable = true; + # internalInterfaces = [ "enp2s0" ]; + # externalInterface = "enp0s20f0u1"; + # }; + # + # services.dnsmasq = { + # enable = true; + # settings = { + # interface = "enp2s0"; + # bind-interfaces = true; + # dhcp-range = "192.168.100.10,192.168.100.50,24h"; + # dhcp-option = [ + # "3,192.168.100.1" # default Gateway + # "6,192.168.100.1" # DNS + # ]; + # }; + # }; + # + # networking.firewall.interfaces."enp2s0" = { + # allowedUDPPorts = [ + # 53 + # 67 + # ]; + # allowedTCPPorts = [ 53 ]; + # }; + # + # networking.firewall.extraCommands = '' + # iptables -t nat -A POSTROUTING -o tun0 -j MASQUERADE + # iptables -t mangle -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu + # ''; +} diff --git a/hosts/rx4/packages.nix b/hosts/rx4/packages.nix new file mode 100644 index 0000000..e11b1fa --- /dev/null +++ b/hosts/rx4/packages.nix @@ -0,0 +1,7 @@ +{ pkgs, ... }: + +{ + environment.systemPackages = with pkgs; [ + gitMinimal + ]; +} diff --git a/hosts/rx4/secrets/default.nix b/hosts/rx4/secrets/default.nix new file mode 100644 index 0000000..db5b0d9 --- /dev/null +++ b/hosts/rx4/secrets/default.nix @@ -0,0 +1,5 @@ +{ inputs, ... }: + +{ + imports = [ inputs.synix.nixosModules.sops ]; +} diff --git a/hosts/rx4/secrets/secrets.yaml b/hosts/rx4/secrets/secrets.yaml new file mode 100644 index 0000000..2cfc73b --- /dev/null +++ b/hosts/rx4/secrets/secrets.yaml @@ -0,0 +1,42 @@ +tailscale: + auth-key: ENC[AES256_GCM,data:T4w4IbcQRPYEqAWLE0QhZGG7gx50TN8YPvGvtselFKJruOyW3fTQABQ7vbxJeEw8,iv:/STVNXjA4RHdIXtOn8kq0oke+GS3dD14/RxOdbBRZLQ=,tag:8UNhM6PIPq0LoVO9sYiJQw==,type:str] +alditalk: + username: ENC[AES256_GCM,data:QFcW1IIEbALNeagT8Q==,iv:nXDJUPMZc95YSCabTouYqT0Rw5FIlGH/VzizzDr5vmI=,tag:aOqN1bI8lm3dEd1bIEtSew==,type:str] + password: ENC[AES256_GCM,data:JP2I4nYQnKpCKL6qyXHc0kVu5Sc=,iv:QsjmGhLHS7FHsWirpYaRrSNvbo1SjjYtzG8F8GeBS6s=,tag:prjUsIG+tk69GKmq2knasw==,type:str] +netdata: + stream: + rx4: + uuid: ENC[AES256_GCM,data:2X2wlQwU+EdiPB9xXwNgttcrELX+NPKFsrqfi24+EOY0GgZC,iv:CTapkA5NiItbOPM5dl1Q2GOilVcHz0RlTkilEscSmeg=,tag:0BoLmmNriYJNo0YGKR93OA==,type:str] +miniflux: + admin-password: ENC[AES256_GCM,data:a2M7rkxkOLuNM3DIPJe7dUIMMRY=,iv:NlgjXkqtbZOHkzpohr0EKBYrVdhsm+wuQu24o7X91QA=,tag:HAkH50jm9CSW+r44N3cwSg==,type:str] +syncthing: + gui-pw: ENC[AES256_GCM,data:mN4rxYr5DZgvbpIkwSFIuPvviJE=,iv:Kyl3mZFOejVwEwBCKteJQpgbCosREp9C4T4JYhWz6KQ=,tag:6myk9lr/44CH/hyUPgRH0Q==,type:str] +forgejo-runner: + token: ENC[AES256_GCM,data:DZgi6ocpV0MplgQ6Et85vHxmkMfC4qYbLLdyRuj/4z8tJauz1w6DUQ==,iv:+SZYsv6sDn2Nc1WxhTn0dJGN9nXYZw16/HVtXJGXpHc=,tag:8Oa5mC7cUy85+lXHbRcCcg==,type:str] +webdav: + user: ENC[AES256_GCM,data:vCLx,iv:Nra/FprNfd02HpvqOb5uYK+IGRFHhNwnFXWrX71c0C0=,tag:TjbKKOKBTq31o/5MxmqIsA==,type:str] + pass: ENC[AES256_GCM,data:jfIoob6R6OhqKa2EujRzTQbvIlA=,iv:HvB088H2Z2uLCveT4YfNEdkK5VU0lBFD5FrZhx79fg0=,tag:1RnrfeUEURx0C575GTxi9A==,type:str] +sops: + age: + - recipient: age19yeqvv28fgrtk6jsh3xyaf0lch86kna6rcz4dwe962yyyyevu30sx474xy + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQenJrZTFtMlRIK0lIQUFQ + KzdXWEt0ekRxdnREaEx4R1lYU2hINkl6UkJzCkNsbDlvcFlIcVk3aTk2eHNNNVJ5 + QVNtTWZsbTRHVTl5MjBmd05Ed2E5emcKLS0tIExJME56bWZGbVNoTitucEdNT1FC + cE5FZitXSFlFT0xjTENaejFtRyt0QjQKYDiGb/dIBrWwxOrbNPUkNUwSOKK3++gN + SYkc6TsJdLK9WNaIt2IyQiL3FQ28NEs9cm+kg/3PRUkYzWwxRzGXqQ== + -----END AGE ENCRYPTED FILE----- + - recipient: age16y79w6d9c607zest8ed8rgxajmqmw86grz8d5e8c34nej36j4gysst8pl9 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3ZWdBSWQvTERSc3JWRHZz + b3FWKzE5R0NZS253UC9NRlNoT3VYOWwvNVFFCk4rbUpnVFBGMHQ2TUlpWEZYS21m + L0ovMVkxT0IvZms5WGFCMjIxNWFpa00KLS0tIDZuWDZ2NXpwMkNHMWxSU1UwTXlv + NE5yK3ZaOG5PdXNSUnlIUmFSSmRFancKk57hCmo79HvI3hzzgQvgOK7oK5/dcQR8 + f3R4OGF5+212VXEHR/hAEbKzV7CY4y6HhFyrGZ9bUKm1RrxtnVqUyA== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2026-02-14T18:41:58Z" + mac: ENC[AES256_GCM,data:2e546c6VEf7vFGgSM344upn5C7YDGAwi8cLA/RV68ukJMKLvH1gdra4ii77uOaC1sCNan5mV0Kjs5ZVYj81O8PU3WJa9ra8TeAt8F690zTxNWSo1F/4sZxAk8d1WIBoNn4IPkYxi8Ry9+xqK13Q9PvplHc14VArMYC86wU+k5hc=,iv:T3td5G+pdfWzSLDuVkb75uWub6eBPxjqJgOrv3wvaiQ=,tag:vlQJVzFJEDncDzjA3JWM6Q==,type:str] + unencrypted_suffix: _unencrypted + version: 3.11.0 diff --git a/hosts/rx4/services/alditalk-extender.nix b/hosts/rx4/services/alditalk-extender.nix new file mode 100644 index 0000000..8cc85c3 --- /dev/null +++ b/hosts/rx4/services/alditalk-extender.nix @@ -0,0 +1,43 @@ +{ + outputs, + config, + pkgs, + ... +}: + +{ + imports = [ + outputs.nixosModules.alditalk-extender + ]; + + services.alditalk-extender = { + enable = true; + package = pkgs.local.alditalk-true-unlimited; + envFile = config.sops.templates.alditalk-extender.path; + }; + + sops.secrets = { + "alditalk/username" = { + owner = "alditalk"; + group = "alditalk"; + mode = "0400"; + }; + "alditalk/password" = { + owner = "alditalk"; + group = "alditalk"; + mode = "0400"; + }; + }; + + sops.templates = { + alditalk-extender = { + owner = "alditalk"; + group = "alditalk"; + mode = "0400"; + content = '' + USERNAME=${config.sops.placeholder."alditalk/username"} + PASSWORD=${config.sops.placeholder."alditalk/password"} + ''; + }; + }; +} diff --git a/hosts/rx4/services/default.nix b/hosts/rx4/services/default.nix new file mode 100644 index 0000000..af8789d --- /dev/null +++ b/hosts/rx4/services/default.nix @@ -0,0 +1,31 @@ +{ + inputs, + outputs, + ... +}: + +{ + imports = [ + inputs.synix.nixosModules.openssh + inputs.clients.nixosModules.syncthing + + outputs.nixosModules.tailscale + + ./forgejo.nix + ./miniflux.nix + ./netdata.nix + ./nginx.nix + ./open-webui-oci.nix + ./print-server.nix + ./rss-bridge.nix + # ./webdav.nix # FIXME + + # ./alditalk-extender.nix # FIXME + ]; + + # bootstrap + # services.syncthing.enable = true; + # services.syncthing.guiAddress = "0.0.0.0:8384"; + + services.transmission.enable = true; +} diff --git a/hosts/rx4/services/forgejo.nix b/hosts/rx4/services/forgejo.nix new file mode 100644 index 0000000..1086fe0 --- /dev/null +++ b/hosts/rx4/services/forgejo.nix @@ -0,0 +1,29 @@ +{ + outputs, + config, + ... +}: + +{ + imports = [ + outputs.nixosModules.forgejo + outputs.nixosModules.forgejo-runner + ]; + + services.forgejo = { + enable = true; + }; + + services.forgejo-runner = { + enable = true; + url = config.services.forgejo.settings.server.ROOT_URL; + tokenFile = config.sops.templates."forgejo-runner/token".path; + }; + + sops = { + secrets."forgejo-runner/token" = { }; + templates."forgejo-runner/token".content = '' + TOKEN=${config.sops.placeholder."forgejo-runner/token"} + ''; + }; +} diff --git a/hosts/rx4/services/miniflux.nix b/hosts/rx4/services/miniflux.nix new file mode 100644 index 0000000..6329461 --- /dev/null +++ b/hosts/rx4/services/miniflux.nix @@ -0,0 +1,13 @@ +{ inputs, constants, ... }: + +{ + imports = [ inputs.synix.nixosModules.miniflux ]; + + services.miniflux = { + enable = true; + config = { + ADMIN_USERNAME = "sid"; + PORT = constants.services.miniflux.port; + }; + }; +} diff --git a/hosts/rx4/services/netdata.nix b/hosts/rx4/services/netdata.nix new file mode 100644 index 0000000..30d720d --- /dev/null +++ b/hosts/rx4/services/netdata.nix @@ -0,0 +1,54 @@ +{ + config, + constants, + ... +}: + +{ + services.netdata = { + enable = true; + config.global = { + "debug log" = "syslog"; + "access log" = "syslog"; + "error log" = "syslog"; + }; + configDir = { + "stream.conf" = config.sops.templates."netdata/stream.conf".path; + }; + }; + + sops = + let + owner = config.services.netdata.user; + group = config.services.netdata.group; + mode = "0400"; + restartUnits = [ "netdata.service" ]; + in + { + # generate with `uuidgen` + secrets."netdata/stream/rx4/uuid" = { + inherit + owner + group + mode + restartUnits + ; + }; + + templates."netdata/stream.conf" = { + inherit + owner + group + mode + restartUnits + ; + # child node + content = '' + [stream] + enabled = yes + destination = ${constants.hosts.sid.ip}:${builtins.toString constants.services.netdata.port} + api key = ${config.sops.placeholder."netdata/stream/rx4/uuid"} + ''; + }; + }; +} diff --git a/hosts/rx4/services/nginx.nix b/hosts/rx4/services/nginx.nix new file mode 100644 index 0000000..c4c24af --- /dev/null +++ b/hosts/rx4/services/nginx.nix @@ -0,0 +1,37 @@ +{ + inputs, + constants, + config, + ... +}: + +let + cfg = config.services.nginx; +in +{ + imports = [ + inputs.synix.nixosModules.nginx + ]; + + systemd.tmpfiles.rules = [ + "d /var/www 0755 gitea-runner ${cfg.group} -" + ]; + + systemd.services.gitea-runner-default.serviceConfig = { + ReadWritePaths = [ "/var/www" ]; + }; + + services.nginx = { + enable = true; + openFirewall = false; + forceSSL = false; + + virtualHosts = { + "${constants.services.docs.fqdn}" = { + locations."/" = { + root = "/var/www/doc"; + }; + }; + }; + }; +} diff --git a/hosts/rx4/services/open-webui-oci.nix b/hosts/rx4/services/open-webui-oci.nix new file mode 100644 index 0000000..c45ded4 --- /dev/null +++ b/hosts/rx4/services/open-webui-oci.nix @@ -0,0 +1,30 @@ +{ + inputs, + constants, + config, + ... +}: + +{ + imports = [ inputs.synix.nixosModules.open-webui-oci ]; + + services.open-webui-oci = { + enable = true; + externalUrl = "https://" + constants.services.open-webui-oci.fqdn; + port = 8083; + # environmentFile = config.sops.templates."open-webui-oci/environment".path; + # environment = { + # AUDIO_STT_ENGINE = "openai"; + # AUDIO_TTS_ENGINE = "openai"; + # }; + }; + + # sops = { + # secrets."open-webui-oci/stt-api-key" = { }; + # secrets."open-webui-oci/tts-api-key" = { }; + # templates."open-webui-oci/environment".content = '' + # AUDIO_STT_OPENAI_API_KEY=${config.sops.placeholder."open-webui-oci/stt-api-key"} + # AUDIO_TTS_OPENAI_API_KEY=${config.sops.placeholder."open-webui-oci/tts-api-key"} + # ''; + # }; +} diff --git a/hosts/rx4/services/print-server.nix b/hosts/rx4/services/print-server.nix new file mode 100644 index 0000000..64037fd --- /dev/null +++ b/hosts/rx4/services/print-server.nix @@ -0,0 +1,12 @@ +{ + inputs, + ... +}: + +{ + imports = [ + inputs.synix.nixosModules.print-server + ]; + + services.print-server.enable = true; +} diff --git a/hosts/rx4/services/rss-bridge.nix b/hosts/rx4/services/rss-bridge.nix new file mode 100644 index 0000000..d3bd6a3 --- /dev/null +++ b/hosts/rx4/services/rss-bridge.nix @@ -0,0 +1,14 @@ +{ inputs, constants, ... }: + +{ + imports = [ inputs.synix.nixosModules.rss-bridge ]; + + services.rss-bridge = { + enable = true; + reverseProxy = { + enable = true; + subdomain = constants.services.rss-bridge.subdomain; + forceSSL = false; + }; + }; +} diff --git a/hosts/rx4/services/webdav.nix b/hosts/rx4/services/webdav.nix new file mode 100644 index 0000000..46d01a9 --- /dev/null +++ b/hosts/rx4/services/webdav.nix @@ -0,0 +1,86 @@ +{ constants, config, ... }: + +# FIXME: floccus throws error: NetworkError when attempting to fetch resource. + +let + cfg = config.services.webdav; + + inherit (constants.services.webdav) fqdn port; +in +{ + services.webdav = { + enable = true; + environmentFile = config.sops.templates."webdav/env-file".path; + + settings = { + inherit port; + address = "127.0.0.1"; + prefix = "/"; + directory = "/srv/webdav"; + users = [ + { + username = "{env}WEBDAV_USER"; + password = "{env}WEBDAV_PASS"; + permissions = "CRUD"; + } + ]; + }; + }; + + systemd.tmpfiles.rules = [ + "d ${cfg.settings.directory} 0750 ${cfg.user} ${cfg.group} -" + ]; + + networking.firewall.allowedTCPPorts = [ port ]; + + services.nginx = { + enable = true; + virtualHosts."${fqdn}" = { + listen = [ + { + addr = "0.0.0.0"; + inherit port; + } + ]; + locations."/" = { + proxyPass = "http://127.0.0.1:${toString port}"; + extraConfig = '' + add_header 'Access-Control-Allow-Origin' '*' always; + add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, PROPFIND, OPTIONS' always; + add_header 'Access-Control-Allow-Headers' 'Authorization,DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Depth' always; + + if ($request_method = 'OPTIONS') { + add_header 'Access-Control-Allow-Origin' '*'; + add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, PROPFIND, OPTIONS'; + add_header 'Access-Control-Allow-Headers' 'Authorization,DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Depth'; + return 204; + } + ''; + }; + }; + }; + + sops = + let + owner = cfg.user; + group = cfg.group; + mode = "0400"; + in + { + secrets = { + "webdav/user" = { + inherit owner group mode; + }; + "webdav/pass" = { + inherit owner group mode; + }; + }; + templates."webdav/env-file" = { + inherit owner group mode; + content = '' + WEBDAV_USER=${config.sops.placeholder."webdav/user"} + WEBDAV_PASS=${config.sops.placeholder."webdav/pass"} + ''; + }; + }; +} diff --git a/hosts/sid/boot.nix b/hosts/sid/boot.nix new file mode 100644 index 0000000..77a2903 --- /dev/null +++ b/hosts/sid/boot.nix @@ -0,0 +1,9 @@ +{ + boot.loader = { + grub = { + enable = true; + device = "/dev/sda"; + }; + timeout = 1; + }; +} diff --git a/hosts/sid/default.nix b/hosts/sid/default.nix new file mode 100644 index 0000000..b46f387 --- /dev/null +++ b/hosts/sid/default.nix @@ -0,0 +1,28 @@ +{ + inputs, + outputs, + ... +}: + +{ + imports = [ + ./boot.nix + ./hardware.nix + ./packages.nix + ./secrets + ./services + + ../../users/sid + + inputs.synix.nixosModules.common + inputs.synix.nixosModules.device.server + + outputs.nixosModules.common + outputs.nixosModules.deploy + ]; + + networking.hostName = "sid"; + networking.domain = "sid.ovh"; + + system.stateVersion = "24.11"; +} diff --git a/hosts/sid/disks.sh b/hosts/sid/disks.sh new file mode 100644 index 0000000..d672d87 --- /dev/null +++ b/hosts/sid/disks.sh @@ -0,0 +1,74 @@ +#!/usr/bin/env bash + +SSD='/dev/sda' +MNT='/mnt' +SWAP_GB=4 + +# Helper function to wait for devices +wait_for_device() { + local device=$1 + echo "Waiting for device: $device ..." + while [[ ! -e $device ]]; do + sleep 1 + done + echo "Device $device is ready." +} + +swapoff --all +udevadm settle +wait_for_device $SSD + +echo "Wiping filesystem on $SSD..." +wipefs -a $SSD + +echo "Creating new MBR partition table on $SSD..." +fdisk $SSD << EOF +o +w +EOF + +echo "Partitioning $SSD..." +fdisk $SSD << EOF +n +p +1 + ++512M +a +n +p +2 + ++${SWAP_GB}G +t +2 +82 +n +p +3 + + +w +EOF + +partprobe -s $SSD +udevadm settle +wait_for_device "${SSD}1" +wait_for_device "${SSD}2" +wait_for_device "${SSD}3" + +echo "Formatting partitions..." +mkfs.ext4 -L BOOT "${SSD}1" +mkswap -L SWAP "${SSD}2" +mkfs.ext4 -L ROOT "${SSD}3" + +echo "Mounting partitions..." +mount -o X-mount.mkdir "${SSD}3" "$MNT" +mkdir -p "$MNT/boot" +mount "${SSD}1" "$MNT/boot" + +echo "Enabling swap..." +swapon "${SSD}2" + +echo "Partitioning and setup complete:" +lsblk -o NAME,FSTYPE,SIZE,MOUNTPOINT,LABEL diff --git a/hosts/sid/hardware.nix b/hosts/sid/hardware.nix new file mode 100644 index 0000000..a95d46d --- /dev/null +++ b/hosts/sid/hardware.nix @@ -0,0 +1,43 @@ +{ + config, + lib, + pkgs, + modulesPath, + ... +}: + +{ + imports = [ + (modulesPath + "/profiles/qemu-guest.nix") + ]; + + boot.initrd.availableKernelModules = [ + "ahci" + "xhci_pci" + "virtio_pci" + "virtio_scsi" + "sd_mod" + "sr_mod" + ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = { + device = "/dev/disk/by-label/ROOT"; + fsType = "ext4"; + }; + + fileSystems."/boot" = { + device = "/dev/disk/by-label/BOOT"; + fsType = "ext4"; + }; + + swapDevices = [ + { device = "/dev/disk/by-label/SWAP"; } + ]; + + networking.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; +} diff --git a/hosts/sid/packages.nix b/hosts/sid/packages.nix new file mode 100644 index 0000000..96cc691 --- /dev/null +++ b/hosts/sid/packages.nix @@ -0,0 +1,5 @@ +{ pkgs, ... }: + +{ + environment.systemPackages = with pkgs; [ ]; +} diff --git a/hosts/sid/secrets/default.nix b/hosts/sid/secrets/default.nix new file mode 100644 index 0000000..db5b0d9 --- /dev/null +++ b/hosts/sid/secrets/default.nix @@ -0,0 +1,5 @@ +{ inputs, ... }: + +{ + imports = [ inputs.synix.nixosModules.sops ]; +} diff --git a/hosts/sid/secrets/secrets.yaml b/hosts/sid/secrets/secrets.yaml new file mode 100644 index 0000000..9e4f07d --- /dev/null +++ b/hosts/sid/secrets/secrets.yaml @@ -0,0 +1,57 @@ +matrix: + registration-shared-secret: ENC[AES256_GCM,data:RG+o/Maaot5B1fViX9QVEQbfBNWsMyd1Kbql5jiSrI0=,iv:XyoBa/I2KrUI9rJuojNk0ReoUFLz8aIAXwQOxldX6mM=,tag:C823WZrDfzj7ad79Sb5avQ==,type:str] +coturn: + static-auth-secret: ENC[AES256_GCM,data:xSKcBRxCMQAJYH9P1gWfxITI/f9CxJOcjA==,iv:d5Ta71T0uVPQtuuZpAqqIEwYOWcXrSrqiBwQhm7wxc8=,tag:YTEJjahWatvpZTiFqcAwNQ==,type:str] +maubot: + admins: + sid: ENC[AES256_GCM,data:0pTyD0GqmKY6ESX6IAoLneNcVY4=,iv:7ozvabxUek4ZwmobxoVp/l9diNLfSJ7BV0JLAx+maqI=,tag:iAucMU5DLALzX5B8vXzQFg==,type:str] +mautrix-whatsapp: + encryption-pickle-key: ENC[AES256_GCM,data:QdpAcqhtNwtft2PQZ7thN8+Lp1EuGUFVmf8aTOPyUy7/k/QisxJ5GzoVxoU=,iv:cF3fVXPfYiW6drKYOT8Udln35ljUIojSrKzwFI5ldcg=,tag:UeUqV8RP0kMNGUMXn8+Vkw==,type:str] + provisioning-shared-secret: ENC[AES256_GCM,data:RD6bTfwlnNoqSFHKv2+t2PWTKzqHRUtPY4tjpdN8SNFYbjXhTL6hDByfvkY=,iv:t0x0nGHAdkQcTXj/NLzp87PHkQd+KsEWVE3kjVAGQYc=,tag:wt9v22ZGwib22K7vt2XzSw==,type:str] + public-media-signing-key: ENC[AES256_GCM,data:XRK+kqlauhJrihsZcBjYHgffrg4EaL3OjAxzmLMfKgm/Se83vXuolR1om0c=,iv:JrExIjG9FrUqQysGuCwVM56OHV15H+749uaQN7yOOSI=,tag:/XXWajUFpNyms2SvavNy5A==,type:str] + direct-media-server-key: ENC[AES256_GCM,data:xglwy39u5rQEQCjM4PeZWoKfyCE6cukaxCaIaWx2fsjRRAAUlkpvk0rMWKE=,iv:5SRT3cTeluiQu9fGpnBGZVnICf/+T/tbR+HxRUPwOp4=,tag:tge5A8Egl8A4ipSfW1my+g==,type:str] +mautrix-signal: + encryption-pickle-key: ENC[AES256_GCM,data:6VgqXicsAv8Uk97OFSHmAHyL1UJnpZOZ2dE06hn1VmOFqTJTjyUwfmMZm/Q=,iv:25xFUZtl2oYUR/DjJUAVD9iul2edCywEB5sHH5nX1YU=,tag:W1qBvEjA9nJXTk0vgcUj1g==,type:str] + provisioning-shared-secret: ENC[AES256_GCM,data:CThIqVwTS8ofecQx2qA+DBmK5FrGXqju2B69zQOH1iqRZKXb3pWnO+0zP3M=,iv:WpBoqhH4S4PN3XrBmK5bUDKxX9p7ClPzqoPDWtUbfyM=,tag:Hlnra1FpCGblt58uXQv6dA==,type:str] + public-media-signing-key: ENC[AES256_GCM,data:w174hn2Rkw50RsL0Cai86DW8nsko0E2kMge6XAeimQ21pRyGbsemqvYEOV0=,iv:OcimE4Gu2rnEFUQEiMyhOCLXF1YLiTYgMxsNaqDpFV0=,tag:32vnGX7Ia3YS8bFCHpBzkA==,type:str] + direct-media-server-key: ENC[AES256_GCM,data:hRa+7+4HraXPmei/+yIuegllCnwQgTWQalX4+RKY526VBpprLkhLP1VQOGE=,iv:IX38m+cIWSHvz3gze21sEsqhOcappkYMtboslnOfzFU=,tag:2qSJWA31B5oQpdqI4cxY/w==,type:str] +headplane: + cookie_secret: ENC[AES256_GCM,data:FbD5pttQIRB4IgEAapPVhonG5JrhPczeIGuO63a8IGM=,iv:kyAtWzHbSWpC7VHzQNqYTG5Crm2rdSm5i1aIt2q58fg=,tag:EK3upQ+qabQa1QTuKxn6wg==,type:str] + agent_pre_authkey: ENC[AES256_GCM,data:Vj4aVMl8UASDscqN00xmd/J7DkUXq+XEdD1RZ34R2XhGDICWaV1Cj7wZqfoOYScT,iv:JP9l3Z1Hco+LDuw8nKP9hYtAc3QHYuVkULik1QGG83s=,tag:apBbo0uz8ljWEDNCAjQkGA==,type:str] +livekit: + key: ENC[AES256_GCM,data:QgD9fg6KvY/fGVdYVT9Oks/NkXm26oZaBUiVNpPCm0pvtVbzoiTv5BY9Krk=,iv:ayYBfr8s2MSD1EU809K6XGlP6dLcQVJC5vmscpqb2I4=,tag:juYtwZfUa7IV1Qcc+HnYnA==,type:str] +tailscale: + auth-key: ENC[AES256_GCM,data:BhCC0J0DmVaNAQmPo8I1a+0iBTUsZxBhXQlds2SIT5O/Daf2HGYsaGRg3IhVQmoK,iv:ws9B1V0JyfGyamTmc/pMOkMli1kcgKv6xLwXx6XB+r8=,tag:5KmqglMES7XlotIgQX2sdg==,type:str] +netdata: + stream: + rx4: + uuid: ENC[AES256_GCM,data:keIw+LxhS65mh6A4tQ9BWc/gVfiqfmP0AH1Z3uXwqCrrxrsO,iv:Nziivr53hm9nAwpTY4Y65cXTytuhxEV0IUbpWw1v9lE=,tag:hkV5ixwXoGqscyUNwkLafw==,type:str] +mailserver: + accounts: + sid: ENC[AES256_GCM,data:xnU/+8BEewcZcbTWroIgCx5ceSFtDPe0Pq//qt3RWk81QWvbJxdukF4EyBSoQ7AqBhf4nDFZZxd4s8rZ,iv:OFhRxXHWOEC9mKGyK2ePfVGpBCDTfv0L+q3xzbXFefI=,tag:iO52YhFsSvb59RbcgXb+9w==,type:str] +radicale: + sid: ENC[AES256_GCM,data:/OgIrXnGttIymGw98feiUjKPOIlrgRIC0TNCdBnuJOiA0RzbF0b9SMVzwEZiTEmS82g2lSvxQkE4kZjeOgOC0RLvCyZAmtWojq+g1pN0qhEkhwH0Qtu9wNnSYHuRqh2E5nWzHNGl/eF6zQ==,iv:5XtlyXjpB+XrVvJ7IoM7Gu63xA8vYrcJjUjLPmOMAIU=,tag:SAuYl/wzxnINyVWn9nI5yA==,type:str] +sops: + age: + - recipient: age19yeqvv28fgrtk6jsh3xyaf0lch86kna6rcz4dwe962yyyyevu30sx474xy + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSByRUpBMnV5djEraUZRUmRT + RjZncjZBZk1MOU15WlBWRFlxS2RQZS8vU3hzCnRRQS8rVmgxV2dIbDV5MHNJNGI2 + c3drTk5xT2pnS0hVaXk2Uy8vOXhXUFEKLS0tIHFTVERPbklBL2loaDJVWEhOSVk1 + RktRV0hxcklSV254bUx1S0paYkluTEUKYSkCqXl20byCtozRkbVmVlXsa7hNoU7a + TJvxj5Qc44on94thkDaD7RFsWTA3VpFXSzDf4VaOaa7Fi0foVWAdUw== + -----END AGE ENCRYPTED FILE----- + - recipient: age1ytfze9tv5l80ujqfd66xp97w2u0lq8jrx45ulf0szey8ny0t837sdktdzf + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB0djJpOVp0bjNlendlcFdW + VEs0elo1R0FwaGViMmY1dkJDeTBiYllSNUFrCmRlTTM1SDVOZTB5WlJlVEhSaWZX + ck9VT1JyNUFsanZwYWhPUW5iNWs1clkKLS0tIDZzVVBTOUZKRklCd1RnOUpNRDR0 + RzhnczA0S1pxcXZncGpWVHNYQW96L28K+ytH3PPyg4+wibpAQhp02RiSfZ83EDRB + UJ8UV1d+51D0e2A1sI95r2AzDj4jfwUnI+LYDPC/qEpsu5LFLGVyeg== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2026-02-01T22:55:09Z" + mac: ENC[AES256_GCM,data:l+lTLQJ5FRAmvCNIDDFr4gpEvGw0csSKIeI8MnBfM5qsC+wg0d8JSAvBB1m+P/IKLeRoV4AdLuNaflisVoU+dVnk7yX7/lLKt5dfARoFX6zU+u4G4Q6jmpq80CegHFJNWMJE2NAMVrP6m465foWkXlhZIpyT0FBSwtaZkoc74Hg=,iv:H4sxdjPc1C3XxHkHPAooN2cRCHKd4CpzfoH7UM8t/q4=,tag:JHhdlg4g+8kIN0CngGaOaA==,type:str] + unencrypted_suffix: _unencrypted + version: 3.11.0 diff --git a/hosts/sid/services/default.nix b/hosts/sid/services/default.nix new file mode 100644 index 0000000..57d9964 --- /dev/null +++ b/hosts/sid/services/default.nix @@ -0,0 +1,20 @@ +{ + inputs, + outputs, + ... +}: + +{ + imports = [ + inputs.synix.nixosModules.openssh + + outputs.nixosModules.tailscale + + ./headscale.nix + ./mailserver.nix + ./matrix-synapse.nix + ./netdata.nix + ./nginx.nix + ./radicale.nix + ]; +} diff --git a/hosts/sid/services/headscale.nix b/hosts/sid/services/headscale.nix new file mode 100644 index 0000000..c4673cb --- /dev/null +++ b/hosts/sid/services/headscale.nix @@ -0,0 +1,70 @@ +{ + inputs, + ... +}: + +# TODO: use constants.nix + +{ + imports = [ + inputs.synix.nixosModules.headplane + inputs.synix.nixosModules.headscale + ]; + + services.resolved.enable = false; + networking.resolvconf.enable = false; + + networking.nameservers = [ "100.64.0.6" ]; + + services.coredns = { + enable = true; + config = '' + .:53 { + bind 100.64.0.6 + hosts { + 100.64.0.6 sid.tail + 100.64.0.6 netdata.sid.tail + 100.64.0.10 rx4.tail + 100.64.0.10 dav.rx4.tail + 100.64.0.1 vde.tail + fallthrough + } + forward . 1.1.1.1 + cache + log + errors + } + ''; + }; + + services.headplane = { + enable = true; + reverseProxy = { + enable = true; + subdomain = "hp"; + }; + }; + + services.headscale = { + enable = true; + openFirewall = true; + reverseProxy = { + enable = true; + subdomain = "hs"; + }; + settings = { + dns = { + magic_dns = true; + base_domain = "tail"; + search_domains = [ "tail" ]; + override_local_dns = true; + nameservers = { + global = [ "1.1.1.1" ]; + split = { + "tail" = [ "100.64.0.6" ]; + }; + }; + }; + }; + }; +} diff --git a/hosts/sid/services/mailserver.nix b/hosts/sid/services/mailserver.nix new file mode 100644 index 0000000..c6946d8 --- /dev/null +++ b/hosts/sid/services/mailserver.nix @@ -0,0 +1,15 @@ +{ inputs, ... }: + +{ + imports = [ inputs.synix.nixosModules.mailserver ]; + + mailserver = { + enable = true; + stateVersion = 3; + accounts = { + sid = { + aliases = [ "postmaster" ]; + }; + }; + }; +} diff --git a/hosts/sid/services/matrix-synapse.nix b/hosts/sid/services/matrix-synapse.nix new file mode 100644 index 0000000..023ecb1 --- /dev/null +++ b/hosts/sid/services/matrix-synapse.nix @@ -0,0 +1,58 @@ +{ + inputs, + config, + pkgs, + ... +}: + +{ + imports = [ + inputs.synix.nixosModules.baibot + inputs.synix.nixosModules.coturn + inputs.synix.nixosModules.matrix-synapse + inputs.synix.nixosModules.maubot + ]; + + nixpkgs.config.permittedInsecurePackages = [ + "olm-3.2.16" + ]; + + services.baibot = { + enable = true; + package = pkgs.synix.baibot; + }; + + services.coturn = { + enable = true; + sops = true; + openFirewall = true; + }; + + services.matrix-synapse = { + enable = true; + sops = true; + coturn.enable = true; + bridges = { + whatsapp = { + enable = true; + admin = "@sid:sid.ovh"; + }; + signal = { + enable = true; + admin = "@sid:sid.ovh"; + }; + }; + }; + + services.maubot = { + enable = true; + sops = true; + admins = [ + "sid" + ]; + plugins = with config.services.maubot.package.plugins; [ + github + reminder + ]; + }; +} diff --git a/hosts/sid/services/netdata.nix b/hosts/sid/services/netdata.nix new file mode 100644 index 0000000..005f9e1 --- /dev/null +++ b/hosts/sid/services/netdata.nix @@ -0,0 +1,71 @@ +{ + config, + pkgs, + ... +}: + +let + email = "sid@${config.networking.domain}"; +in +{ + services.netdata = { + enable = true; + package = pkgs.netdata.override { + withCloudUi = true; + }; + config.global = { + "debug log" = "syslog"; + "access log" = "syslog"; + "error log" = "syslog"; + }; + configDir = { + "stream.conf" = config.sops.templates."netdata/stream.conf".path; + "health_alarm_notify.conf" = pkgs.writeText "health_alarm_notify.conf" '' + SEND_EMAIL="YES" + sendmail="/run/wrappers/bin/sendmail" + EMAIL_SENDER="netdata@${config.networking.domain}" + DEFAULT_RECIPIENT_EMAIL="${email}" + role_recipients_email[sysadmin]="${email}" + role_recipients_email[domainadmin]="${email}" + role_recipients_email[root]="${email}" + ''; + }; + }; + + systemd.services.netdata.environment = { + NETDATA_USER_CONFIG_DIR = "/etc/netdata/conf.d"; + }; + + sops = + let + owner = config.services.netdata.user; + group = config.services.netdata.group; + mode = "0400"; + restartUnits = [ "netdata.service" ]; + in + { + secrets."netdata/stream/rx4/uuid" = { + inherit + owner + group + mode + restartUnits + ; + }; + + templates."netdata/stream.conf" = { + inherit + owner + group + mode + restartUnits + ; + # parent node + content = '' + [${config.sops.placeholder."netdata/stream/rx4/uuid"}] + enabled = yes + default history = 3600 + ''; + }; + }; +} diff --git a/hosts/sid/services/nginx.nix b/hosts/sid/services/nginx.nix new file mode 100644 index 0000000..d6716a0 --- /dev/null +++ b/hosts/sid/services/nginx.nix @@ -0,0 +1,62 @@ +{ + inputs, + constants, + lib, + ... +}: + +let + ssl = true; + + inherit (lib.utils) mkVirtualHost; +in +{ + imports = [ + inputs.synix.nixosModules.nginx + ]; + + services.nginx = { + enable = true; + openFirewall = true; + forceSSL = ssl; + virtualHosts."${constants.services.docs.fqdn}" = mkVirtualHost { + inherit ssl; + address = constants.hosts.rx4.ip; + port = 80; + }; + virtualHosts."${constants.services.forgejo.fqdn}" = mkVirtualHost { + inherit ssl; + address = constants.hosts.rx4.ip; + port = constants.services.forgejo.port; + }; + virtualHosts."${constants.services.miniflux.fqdn}" = mkVirtualHost { + inherit ssl; + port = constants.services.miniflux.port; + }; + virtualHosts."${constants.services.netdata.fqdn}" = mkVirtualHost { + ssl = false; + port = constants.services.netdata.port; + }; + virtualHosts."${constants.services.open-webui-oci.fqdn}" = mkVirtualHost { + inherit ssl; + address = constants.hosts.rx4.ip; + port = constants.services.open-webui-oci.port; + }; + virtualHosts."${constants.services.rss-bridge.fqdn}" = { + enableACME = ssl; + forceSSL = ssl; + locations."/" = { + proxyPass = "http://${constants.hosts.rx4.ip}"; + }; + }; + # FIXME + # virtualHosts."print.sid.ovh" = { + # enableACME = true; + # forceSSL = true; + # locations."/" = { + # proxyPass = "http://100.64.0.5:631"; + # proxyWebsockets = true; + # }; + # }; + }; +} diff --git a/hosts/sid/services/radicale.nix b/hosts/sid/services/radicale.nix new file mode 100644 index 0000000..6beecdc --- /dev/null +++ b/hosts/sid/services/radicale.nix @@ -0,0 +1,16 @@ +{ inputs, ... }: + +{ + imports = [ inputs.synix.nixosModules.radicale ]; + + services.radicale = { + enable = true; + reverseProxy = { + enable = true; + subdomain = "dav"; + }; + users = [ + "sid" + ]; + }; +} diff --git a/hosts/vde/boot.nix b/hosts/vde/boot.nix new file mode 100644 index 0000000..53a9686 --- /dev/null +++ b/hosts/vde/boot.nix @@ -0,0 +1,7 @@ +{ + boot.loader.systemd-boot = { + enable = true; + configurationLimit = 10; + }; + boot.loader.efi.canTouchEfiVariables = true; +} diff --git a/hosts/vde/default.nix b/hosts/vde/default.nix new file mode 100644 index 0000000..aedca2d --- /dev/null +++ b/hosts/vde/default.nix @@ -0,0 +1,31 @@ +{ + inputs, + outputs, + ... +}: + +{ + imports = [ + ./boot.nix + ./hardware.nix + ./networking.nix + ./packages.nix + ./secrets + ./services + # ./virtualisation.nix + + ../../users/sid + + inputs.synix.nixosModules.common + inputs.synix.nixosModules.device.server + + outputs.nixosModules.common + outputs.nixosModules.deploy + outputs.nixosModules.xfce + ]; + + networking.hostName = "vde"; + networking.domain = "vde.lan"; + + system.stateVersion = "25.11"; +} diff --git a/hosts/vde/disks.sh b/hosts/vde/disks.sh new file mode 100644 index 0000000..6ec9984 --- /dev/null +++ b/hosts/vde/disks.sh @@ -0,0 +1,64 @@ +#!/usr/bin/env bash + +SSD='/dev/disk/by-id/wwn-0x500a0751e280a38c' +MNT='/mnt' +SWAP_GB=16 + +# Helper function to wait for devices +wait_for_device() { + local device=$1 + echo "Waiting for device: $device ..." + while [[ ! -e $device ]]; do + sleep 1 + done + echo "Device $device is ready." +} + +# Function to install a package if it's not already installed +install_if_missing() { + local cmd="$1" + local package="$2" + if ! command -v "$cmd" &> /dev/null; then + echo "$cmd not found, installing $package..." + nix-env -iA "nixos.$package" + fi +} + +install_if_missing "sgdisk" "gptfdisk" +install_if_missing "partprobe" "parted" + +wait_for_device $SSD + +echo "Wiping filesystem on $SSD..." +wipefs -a $SSD + +echo "Clearing partition table on $SSD..." +sgdisk --zap-all $SSD + +echo "Partitioning $SSD..." +sgdisk -n1:1M:+1G -t1:EF00 -c1:BOOT $SSD +sgdisk -n2:0:+"$SWAP_GB"G -t2:8200 -c2:SWAP $SSD +sgdisk -n3:0:0 -t3:8304 -c3:ROOT $SSD +partprobe -s $SSD +udevadm settle + +wait_for_device ${SSD}-part1 +wait_for_device ${SSD}-part2 +wait_for_device ${SSD}-part3 + +echo "Formatting partitions..." +mkfs.vfat -F 32 -n BOOT "${SSD}-part1" +mkswap -L SWAP "${SSD}-part2" +mkfs.ext4 -L ROOT "${SSD}-part3" + +echo "Mounting partitions..." +mount -o X-mount.mkdir "${SSD}-part3" "$MNT" +mkdir -p "$MNT/boot" +mount -t vfat -o fmask=0077,dmask=0077,iocharset=iso8859-1 "${SSD}-part1" "$MNT/boot" + +echo "Enabling swap..." +swapon "${SSD}-part2" + +echo "Partitioning and setup complete:" +lsblk -o NAME,FSTYPE,SIZE,MOUNTPOINT,LABEL + diff --git a/hosts/vde/hardware.nix b/hosts/vde/hardware.nix new file mode 100644 index 0000000..06517aa --- /dev/null +++ b/hosts/vde/hardware.nix @@ -0,0 +1,76 @@ +{ + config, + lib, + pkgs, + modulesPath, + ... +}: + +{ + imports = [ + (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = [ + "xhci_pci" + "ahci" + "usb_storage" + "sd_mod" + ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ "kvm-amd" ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = { + device = "/dev/disk/by-label/ROOT"; + fsType = "ext4"; + }; + + fileSystems."/boot" = { + device = "/dev/disk/by-label/BOOT"; + fsType = "vfat"; + options = [ + "fmask=0022" + "dmask=0022" + ]; + }; + + swapDevices = [ + { device = "/dev/disk/by-label/SWAP"; } + ]; + + networking.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; + + # vesa + # boot.kernelParams = [ "nomodeset" ]; + # services.xserver.videoDrivers = [ "vesa" ]; + + # fbdev + boot.kernelParams = [ "nomodeset" ]; + services.xserver.videoDrivers = [ "fbdev" ]; + + # nouveau + # hardware.graphics.enable = true; + # services.xserver.videoDrivers = [ "nouveau" ]; + + # modesetting + # services.xserver.videoDrivers = [ "modesetting" ]; + # boot.kernelParams = [ + # "video=1280x1024" + # "nouveau.modeset=1" + # "nouveau.noaccel=1" + # "nouveau.config=NvBios=0" + # ]; + + # proprietary drivers + # hardware.graphics.enable = true; + # services.xserver.videoDrivers = [ "nvidia" ]; + # hardware.nvidia.open = false; + # hardware.nvidia.package = config.boot.kernelPackages.nvidia_x11_legacy340; + # nixpkgs.config.allowBroken = true; + # nixpkgs.config.allowUnfree = true; + # nixpkgs.config.nvidia.acceptLicense = true; +} diff --git a/hosts/vde/networking.nix b/hosts/vde/networking.nix new file mode 100644 index 0000000..d105960 --- /dev/null +++ b/hosts/vde/networking.nix @@ -0,0 +1,26 @@ +{ + networking.networkmanager.ensureProfiles.profiles = { + enp34s0-profile = { + connection = { + id = "enp34s0"; + type = "ethernet"; + interface-name = "enp34s0"; + }; + ipv4 = { + method = "auto"; + route-metric = 50; + }; + }; + enp36s0-profile = { + connection = { + id = "enp36s0"; + type = "ethernet"; + interface-name = "enp36s0"; + }; + ipv4 = { + method = "auto"; + route-metric = 200; + }; + }; + }; +} diff --git a/hosts/vde/packages.nix b/hosts/vde/packages.nix new file mode 100644 index 0000000..96cc691 --- /dev/null +++ b/hosts/vde/packages.nix @@ -0,0 +1,5 @@ +{ pkgs, ... }: + +{ + environment.systemPackages = with pkgs; [ ]; +} diff --git a/hosts/vde/secrets/default.nix b/hosts/vde/secrets/default.nix new file mode 100644 index 0000000..5bce936 --- /dev/null +++ b/hosts/vde/secrets/default.nix @@ -0,0 +1,8 @@ +{ inputs, ... }: + +{ + imports = [ inputs.synix.nixosModules.sops ]; + + # sops.secrets."github-runners/vde" = { }; + # sops.secrets."mailserver/accounts/sid" = { }; +} diff --git a/hosts/vde/secrets/secrets.yaml b/hosts/vde/secrets/secrets.yaml new file mode 100644 index 0000000..73ebd46 --- /dev/null +++ b/hosts/vde/secrets/secrets.yaml @@ -0,0 +1,26 @@ +tailscale: + auth-key: ENC[AES256_GCM,data:Fz1XGaQXERn+3EymtWyq9oYqoX0KrcPJelda+addeX+vhqEAxRe5jRdzK8W6329b,iv:HNlz5f7dscDXsPoKZjSiIl2NZOouEJZyzU3kaiX1NUw=,tag:DdIxWKeZ9kfHUkh0/l1sEw==,type:str] +sops: + age: + - recipient: age19yeqvv28fgrtk6jsh3xyaf0lch86kna6rcz4dwe962yyyyevu30sx474xy + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBuNVVVL29xeUQ0WDREREoy + dy83M1ZaYTM4NFlKZUVoVFlrNUEzQmRXMFJjClB2YkZKMUMxWGR4bnRBRzVFSHNG + Z2srYmRDcHhucUFlUVUxN0FGalM3RUEKLS0tIG5HMG5jWFZJcXc4cXB4cThVcmZI + ejVJanRtODh1a1RUQm00OGpoenNqeVUKAuvbRbO9w5KhcNAph+IuSTWxWCu9tF6u + QAVWMoHsMc43FQi72isjL23+nroiNKgxlS9VjSS04K2qvBGl296rtA== + -----END AGE ENCRYPTED FILE----- + - recipient: age1mc07jayz4dpwenh06fzlcgfzk5t7ln0z3n65emwlm5r7nq59m4jstd7y8u + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKQUpaTjRjSU0yaDZSRVBG + SWY1aFIvYzlYbkg1bGpWYXRock1nTHBMRHh3CkVqNlg5aU5rZk1ySmZSbmJEZ3JG + UVhrb1BITkxodmxPU1ZtK2lHcjFSRUUKLS0tIDc1QlMwZlZyNmVJbjNXekYzSkpJ + RjlIQWVIcTY0aUlhelorMDRycVZnOEkK69ZCxeh8IL2LcsjgkBgbIbC6XnDJ8zwd + yCuPYXkYOxeitToIbhHQS4TbgF61/tJqIixqoIe3vG+o112UspGkoQ== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2026-01-12T20:15:19Z" + mac: ENC[AES256_GCM,data:sDbfLjm6ZqkVUMNbB6ikMSlMiXd9Ukf2K8HdAF66JwPB+KQI/rqIRKiSaOEKJ8p1AvpEr86ENlCEZNeslQJAdlqbGy6+VOcbSAz2bfhhXfThaAEgYT9CmXAsJL8lWMI5N2Ti0kiepjk+nMG1bbFyPecHm4AqadMRC/RHprAK4fc=,iv:2UPmmBNATuXvk+LbF9Lwi7Cgi0OFMHr96ONG6bpBDpY=,tag:i5If1ui4XHeuE7BjUEHUCA==,type:str] + unencrypted_suffix: _unencrypted + version: 3.11.0 diff --git a/hosts/vde/services/default.nix b/hosts/vde/services/default.nix new file mode 100644 index 0000000..652a3d1 --- /dev/null +++ b/hosts/vde/services/default.nix @@ -0,0 +1,15 @@ +{ + inputs, + outputs, + ... +}: + +{ + imports = [ + inputs.synix.nixosModules.openssh + + outputs.nixosModules.tailscale + + # ./monero.nix + ]; +} diff --git a/hosts/vde/services/monero.nix b/hosts/vde/services/monero.nix new file mode 100644 index 0000000..4d41151 --- /dev/null +++ b/hosts/vde/services/monero.nix @@ -0,0 +1,19 @@ +{ outputs, ... }: + +{ + imports = [ + outputs.nixosModules.monero + ]; + + services = { + monero = { + enable = true; + mining.address = ""; + }; + xmrig.settings = { + cpu = { + max-threads-hint = 4; + }; + }; + }; +} diff --git a/hosts/vde/virtualisation.nix b/hosts/vde/virtualisation.nix new file mode 100644 index 0000000..1823335 --- /dev/null +++ b/hosts/vde/virtualisation.nix @@ -0,0 +1,5 @@ +{ inputs, ... }: + +{ + imports = [ inputs.synix.nixosModules.virtualisation ]; +} diff --git a/modules/nixos/alditalk-extender/default.nix b/modules/nixos/alditalk-extender/default.nix new file mode 100644 index 0000000..bd26690 --- /dev/null +++ b/modules/nixos/alditalk-extender/default.nix @@ -0,0 +1,75 @@ +{ + config, + lib, + pkgs, + ... +}: + +let + cfg = config.services.alditalk-extender; + + inherit (lib) + getExe + mkEnableOption + mkIf + mkOption + mkPackageOption + types + ; +in +{ + options.services.alditalk-extender = { + enable = mkEnableOption "AldiTalk True Unlimited Extender service"; + + package = mkPackageOption pkgs "alditalk-true-unlimited" { }; + + envFile = mkOption { + type = types.path; + example = "/run/architect/alditalk.env"; + description = '' + Path to the environment file containing USERNAME and PASSWORD. + The file should look like: + USERNAME=0151... + PASSWORD=yourpassword + ''; + }; + }; + + config = mkIf cfg.enable { + users = { + users = { + alditalk = { + isSystemUser = true; + group = "alditalk"; + home = "/var/lib/alditalk"; + createHome = true; + description = "AldiTalk Extender Service User"; + }; + }; + groups.alditalk = { }; + }; + + systemd.services.alditalk-extender = { + description = "AldiTalk True Unlimited Extender"; + after = [ "network.target" ]; + wantedBy = [ "multi-user.target" ]; + + serviceConfig = { + ExecStart = getExe cfg.package; + EnvironmentFile = cfg.envFile; + Environment = "HOME=/var/lib/alditalk"; + + Restart = "always"; + RestartSec = "30s"; + User = "alditalk"; + Group = "alditalk"; + WorkingDirectory = "/var/lib/alditalk"; + + RuntimeDirectory = "alditalk"; + ProtectSystem = "full"; + PrivateTmp = true; + NoNewPrivileges = false; + }; + }; + }; +} diff --git a/modules/nixos/common/default.nix b/modules/nixos/common/default.nix new file mode 100644 index 0000000..eba84dd --- /dev/null +++ b/modules/nixos/common/default.nix @@ -0,0 +1,12 @@ +{ inputs, ... }: + +{ + imports = [ + ./nix.nix + ./overlays.nix + + inputs.synix.nixosModules.device.server + ]; + + nixpkgs.config.allowUnfree = true; +} diff --git a/modules/nixos/common/nix.nix b/modules/nixos/common/nix.nix new file mode 100644 index 0000000..83bed1d --- /dev/null +++ b/modules/nixos/common/nix.nix @@ -0,0 +1,31 @@ +{ + nix = { + # TODO: add distributed build support for portuus.de + # distributedBuilds = true; + # buildMachines = [ + # { + # hostName = "portuus.de"; + # supportedFeatures = [ + # "benchmark" + # "big-parallel" + # "kvm" + # "nixos-test" + # ]; + # maxJobs = 8; + # system = "x86_64-linux"; + # } + # ]; + + settings = { + # binary caches + # substituters = [ + # "https://cache.portuus.de" + # ]; + # trusted-public-keys = [ + # "cache.portuus.de:INZRjwImLIbPbIx8Qp38gTVmSNL0PYE4qlkRzQY2IAU=" + # ]; + + trusted-users = [ "root" ]; + }; + }; +} diff --git a/modules/nixos/common/overlays.nix b/modules/nixos/common/overlays.nix new file mode 100644 index 0000000..348ae08 --- /dev/null +++ b/modules/nixos/common/overlays.nix @@ -0,0 +1,11 @@ +{ outputs, ... }: + +{ + nixpkgs.overlays = [ + outputs.overlays.synix-packages + outputs.overlays.local-packages + outputs.overlays.modifications + outputs.overlays.old-stable-packages + outputs.overlays.unstable-packages + ]; +} diff --git a/modules/nixos/default.nix b/modules/nixos/default.nix new file mode 100644 index 0000000..6739b38 --- /dev/null +++ b/modules/nixos/default.nix @@ -0,0 +1,11 @@ +{ + alditalk-extender = import ./alditalk-extender; + common = import ./common; + deploy = import ./deploy; + forgejo = import ./forgejo; + forgejo-runner = import ./forgejo-runner; + gnome = import ./gnome; + monero = import ./monero; + tailscale = import ./tailscale; + xfce = import ./xfce; +} diff --git a/modules/nixos/deploy/default.nix b/modules/nixos/deploy/default.nix new file mode 100644 index 0000000..0b3f0e8 --- /dev/null +++ b/modules/nixos/deploy/default.nix @@ -0,0 +1,12 @@ +{ lib, ... }: + +{ + # ssh-keygen -t ed25519 -f ./deploy_key -N "" -C "forgejo-deploy-runner" + users.users.root.openssh.authorizedKeys.keyFiles = [ + ./deploy_key.pub + ]; + + nix.settings.trusted-users = [ "root" ]; + + services.openssh.settings.PermitRootLogin = lib.mkForce "prohibit-password"; +} diff --git a/modules/nixos/deploy/deploy_key.pub b/modules/nixos/deploy/deploy_key.pub new file mode 100644 index 0000000..e98f067 --- /dev/null +++ b/modules/nixos/deploy/deploy_key.pub @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICi5KG9LTU7gDWm4mkpkvvNYoQWD3/i0Yq26NYyAav3C forgejo-deploy-runner diff --git a/modules/nixos/forgejo-runner/default.nix b/modules/nixos/forgejo-runner/default.nix new file mode 100644 index 0000000..2547f0e --- /dev/null +++ b/modules/nixos/forgejo-runner/default.nix @@ -0,0 +1,68 @@ +{ + config, + lib, + pkgs, + ... +}: + +let + cfg = config.services.forgejo-runner; + + inherit (lib) + mkEnableOption + mkIf + mkOption + types + ; +in +{ + options.services.forgejo-runner = { + enable = mkEnableOption "Nix-based Forgejo Runner service"; + url = mkOption { + type = types.str; + description = "Forgejo instance URL."; + }; + tokenFile = mkOption { + type = types.path; + description = "Path to EnvironmentFile containing TOKEN=..."; + }; + }; + + config = mkIf cfg.enable { + nix.settings.trusted-users = [ "gitea-runner" ]; + + services.gitea-actions-runner = { + package = pkgs.forgejo-runner; + instances.default = { + enable = true; + name = "${config.networking.hostName}-nix"; + inherit (cfg) url tokenFile; + + labels = [ "host:host" ]; + + hostPackages = with pkgs; [ + bash + coreutils + curl + gitMinimal + gnused + nix + nodejs + openssh + deploy-rs + ]; + + settings = { + log.level = "info"; + runner = { + capacity = 1; + envs = { + NIX_CONFIG = "extra-experimental-features = nix-command flakes"; + NIX_REMOTE = "daemon"; + }; + }; + }; + }; + }; + }; +} diff --git a/modules/nixos/forgejo/default.nix b/modules/nixos/forgejo/default.nix new file mode 100644 index 0000000..6c7a65a --- /dev/null +++ b/modules/nixos/forgejo/default.nix @@ -0,0 +1,63 @@ +{ + config, + lib, + ... +}: + +let + cfg = config.services.forgejo; + + inherit (cfg) settings; + inherit (lib) + getExe + head + mkDefault + mkIf + ; +in +{ + config = mkIf cfg.enable { + services.forgejo = { + database.type = "postgres"; + lfs.enable = true; + settings = { + server = { + DOMAIN = "git.${config.networking.domain}"; + PROTOCOL = "http"; + ROOT_URL = "https://${settings.server.DOMAIN}/"; + HTTP_ADDR = "0.0.0.0"; + HTTP_PORT = 3456; + SSH_PORT = head config.services.openssh.ports; + }; + service = { + DISABLE_REGISTRATION = true; + }; + ui = { + DEFAULT_THEME = "forgejo-dark"; + }; + actions = { + ENABLED = true; + }; + mailer = { + ENABLED = mkDefault false; + SMTP_ADDR = "mail.${config.networking.domain}"; + FROM = "git@${settings.server.DOMAIN}"; + USER = "git@${settings.server.DOMAIN}"; + }; + }; + secrets = { + mailer.PASSWD = mkIf settings.mailer.ENABLED config.sops.secrets."forgejo/mail-pw".path; + }; + }; + + environment.shellAliases = { + forgejo = "sudo -u ${cfg.user} ${getExe cfg.package} --config ${cfg.stateDir}/custom/conf/app.ini"; + }; + + sops.secrets."forgejo/mail-pw" = mkIf settings.mailer.ENABLED { + owner = cfg.user; + group = cfg.group; + mode = "0400"; + }; + }; +} diff --git a/modules/nixos/gnome/default.nix b/modules/nixos/gnome/default.nix new file mode 100644 index 0000000..c074008 --- /dev/null +++ b/modules/nixos/gnome/default.nix @@ -0,0 +1,28 @@ +{ pkgs, ... }: + +{ + services.displayManager.gdm.enable = true; + services.desktopManager.gnome.enable = true; + + services.gnome.core-apps.enable = false; + services.gnome.core-developer-tools.enable = false; + services.gnome.games.enable = false; + services.gnome.gnome-remote-desktop.enable = true; + environment.gnome.excludePackages = with pkgs; [ + gnome-tour + gnome-user-docs + ]; + + # https://github.com/NixOS/nixpkgs/issues/266774#issuecomment-2525412206 + systemd.services.gnome-remote-desktop.wantedBy = [ "graphical.target" ]; + networking.firewall = { + allowedTCPPorts = [ 3389 ]; + allowedUDPPorts = [ 3389 ]; + }; + + programs.firefox.enable = true; + + environment.systemPackages = with pkgs; [ + networkmanagerapplet + ]; +} diff --git a/modules/nixos/monero/default.nix b/modules/nixos/monero/default.nix new file mode 100644 index 0000000..aa3df93 --- /dev/null +++ b/modules/nixos/monero/default.nix @@ -0,0 +1,111 @@ +{ + config, + pkgs, + lib, + ... +}: + +let + cfg = config.services.monero; + sops = config.sops; + + inherit (lib) mkDefault mkIf getExe; +in +{ + config = mkIf cfg.enable { + services.monero = { + environmentFile = sops.templates."monero/environment-file".path; + mining.enable = false; # use XMRig + P2Pool + rpc = { + address = mkDefault "127.0.0.1"; + port = mkDefault 18081; + user = mkDefault "monero"; + password = mkDefault "$MONERO_RPC_PASSWORD"; + }; + extraConfig = '' + zmq-pub=tcp://127.0.0.1:18083 + out-peers=32 + in-peers=64 + prune-blockchain=1 + sync-pruned-blocks=1 + add-priority-node=p2pmd.xmrvsbeast.com:18080 + add-priority-node=nodes.hashvault.pro:18080 + enforce-dns-checkpointing=1 + enable-dns-blocklist=1 + ''; + }; + + systemd.services.p2pool = { + description = "P2Pool Monero Sidechain Node"; + after = [ + "monero.service" + "network.target" + ]; + wantedBy = [ "multi-user.target" ]; + path = [ pkgs.p2pool ]; + + serviceConfig = { + User = "p2pool"; + Group = "p2pool"; + WorkingDirectory = "/var/lib/p2pool"; + ExecStart = "${getExe pkgs.p2pool} --host 127.0.0.1 --wallet ${cfg.mining.address}"; + Restart = "always"; + RestartSec = 10; + NoNewPrivileges = true; + PrivateTmp = true; + ProtectSystem = "strict"; + ProtectHome = true; + }; + }; + + users.users.p2pool = { + isSystemUser = true; + group = "p2pool"; + home = "/var/lib/p2pool"; + createHome = true; + }; + users.groups.p2pool = { }; + + services.xmrig = { + enable = true; + settings = { + autosave = true; + cpu = { + enabled = true; + huge-pages = true; + hw-aes = null; + asm = true; + yield = true; + }; + opencl.enabled = false; + cuda.enabled = false; + pools = [ + { + url = "127.0.0.1:3333"; + user = ""; + pass = ""; + } + ]; + api.enable = true; + }; + }; + + sops = + let + owner = "monero"; + group = "monero"; + mode = "0440"; + in + { + secrets."monero/rpc-password" = { + inherit owner group mode; + }; + templates."monero/environment-file" = { + inherit owner group mode; + content = '' + MONERO_RPC_PASSWORD=${sops.placeholder."monero/rpc-password"} + ''; + }; + }; + }; +} diff --git a/modules/nixos/tailscale/default.nix b/modules/nixos/tailscale/default.nix new file mode 100644 index 0000000..26acd6e --- /dev/null +++ b/modules/nixos/tailscale/default.nix @@ -0,0 +1,11 @@ +{ inputs, ... }: + +{ + imports = [ inputs.synix.nixosModules.tailscale ]; + + services.tailscale = { + enable = true; + enableSSH = true; + loginServer = "https://hs.sid.ovh"; + }; +} diff --git a/modules/nixos/xfce/default.nix b/modules/nixos/xfce/default.nix new file mode 100644 index 0000000..a6a53d4 --- /dev/null +++ b/modules/nixos/xfce/default.nix @@ -0,0 +1,24 @@ +{ pkgs, ... }: + +{ + services.xserver.enable = true; + services.xserver.desktopManager.xterm.enable = false; + services.xserver.desktopManager.xfce.enable = true; + services.xserver.displayManager.lightdm.enable = true; + services.displayManager.defaultSession = "xfce"; + + programs.firefox.enable = true; + + environment.systemPackages = with pkgs; [ + networkmanagerapplet + ]; + + services.xrdp.enable = true; + services.xrdp.defaultWindowManager = "${pkgs.xfce.xfce4-session}/bin/xfce4-session"; + services.xrdp.openFirewall = true; + + systemd.targets.sleep.enable = false; + systemd.targets.suspend.enable = false; + systemd.targets.hibernate.enable = false; + systemd.targets.hybrid-sleep.enable = false; +} diff --git a/overlays/default.nix b/overlays/default.nix new file mode 100644 index 0000000..592341b --- /dev/null +++ b/overlays/default.nix @@ -0,0 +1,35 @@ +{ inputs, ... }: + +{ + # nix-synix-packages accessible through 'pkgs.synix' + synix-packages = final: prev: { synix = inputs.synix.overlays.additions final prev; }; + + # packages in `pkgs/` accessible through 'pkgs.local' + local-packages = final: prev: { local = import ../pkgs { pkgs = final; }; }; + + # https://nixos.wiki/wiki/Overlays + modifications = + final: prev: + let + files = [ + ]; + imports = builtins.map (f: import f final prev) files; + in + builtins.foldl' (a: b: a // b) { } imports // inputs.synix.overlays.modifications final prev; + + # old-stable nixpkgs accessible through 'pkgs.old-stable' + old-stable-packages = final: prev: { + old-stable = import inputs.nixpkgs-old-stable { + inherit (final) system; + inherit (prev) config; + }; + }; + + # unstable nixpkgs accessible through 'pkgs.unstable' + unstable-packages = final: prev: { + unstable = import inputs.nixpkgs-unstable { + system = final.system; + inherit (prev) config; + }; + }; +} diff --git a/pkgs/alditalk-true-unlimited/default.nix b/pkgs/alditalk-true-unlimited/default.nix new file mode 100644 index 0000000..ca9bde9 --- /dev/null +++ b/pkgs/alditalk-true-unlimited/default.nix @@ -0,0 +1,49 @@ +{ + lib, + buildNpmPackage, + fetchFromGitHub, + makeWrapper, + chromium, + nodejs, +}: +buildNpmPackage (finalAttrs: { + pname = "alditalk-true-unlimited"; + version = "1.0.0"; + + src = fetchFromGitHub { + owner = "gommzystudio"; + repo = "AldiTalk-True-Unlimited"; + rev = "d45e39ebffc5c7e2e049d1a6ef17fb28012913f1"; + hash = "sha256-y/zvNxwA4RWFJZwbEo6K32MtqLYKSRJlj7zQ+6Rc6/o="; + }; + + npmDepsHash = "sha256-7X9K4s+uYx2nS4zXPwhRM9CztwNpzNk43wO/b2rQnE0="; + + nativeBuildInputs = [ makeWrapper ]; + + npmFlags = [ "--ignore-scripts" ]; + PUPPETEER_SKIP_CHROMIUM_DOWNLOAD = "1"; + ULIXEE_SKIP_DOWNLOAD = "1"; + + npmBuildScript = "build"; + + preBuild = '' + sed -i 's/const page = await browser.newPage();/const page = await browser.newPage(); await page.setUserAgent(process.env.USER_AGENT || "Mozilla\/5.0 (X11; Linux x86_64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/120.0.0.0 Safari\/537.36");/' src/index.ts + sed -i 's/SHORT_WAIT: 5/SHORT_WAIT: 10/g' src/index.ts + ''; + + postInstall = '' + makeWrapper ${nodejs}/bin/node $out/bin/alditalk-extender \ + --add-flags "$out/lib/node_modules/AldiTalkExtender/dist/index.js" \ + --set PUPPETEER_EXECUTABLE_PATH "${chromium}/bin/chromium" \ + --set CHROME_PATH "${chromium}/bin/chromium" \ + --set USER_AGENT "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36" + ''; + + meta = { + description = "Automatically book AldiTalk 1GB data packages to bypass throttling"; + homepage = "https://github.com/gommzystudio/AldiTalk-True-Unlimited"; + mainProgram = "alditalk-extender"; + platforms = lib.platforms.linux; + }; +}) diff --git a/pkgs/default.nix b/pkgs/default.nix new file mode 100644 index 0000000..9723c6b --- /dev/null +++ b/pkgs/default.nix @@ -0,0 +1,8 @@ +{ + pkgs ? import , + ... +}: + +{ + alditalk-true-unlimited = pkgs.callPackage ./alditalk-true-unlimited { }; +} diff --git a/users/sid/default.nix b/users/sid/default.nix new file mode 100644 index 0000000..6a1b557 --- /dev/null +++ b/users/sid/default.nix @@ -0,0 +1,19 @@ +{ inputs, ... }: + +{ + imports = [ + inputs.synix.nixosModules.normalUsers + ]; + + normalUsers = { + sid = { + extraGroups = [ + "networkmanager" + "wheel" + ]; + sshKeyFiles = [ + ./pubkeys/gpg.pub + ]; + }; + }; +} diff --git a/users/sid/pubkeys/gpg.pub b/users/sid/pubkeys/gpg.pub new file mode 100644 index 0000000..22901a8 --- /dev/null +++ b/users/sid/pubkeys/gpg.pub @@ -0,0 +1 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDYeVnKDUk3SYN70qB6nVEqSCsCiUtObR2OHLexzinmdFU4xxSL76+9SCMFk7EHZpE5JouBBqVjCxEuZpCZUzCaKLFSL6KBQ+nFxqWTLJ2na7lbECXLrk6IlfGqnfPJzy0hcqszqy/MuZXAC2YgiNZfGxAJNY1UqOuaMAub18yHNo/mYfIS6ZDlRXdPEgsEzndTvE6znNQ2WsZk+jH4yRwKqkmEYqIiGRU8K4czCZchMH9vY/dGhi4kM/QJLmjj3pEZCt/d+tI88MkPzE0FagaNELcylmInLTbctv4eCwMn4waKLml53sRqhxkfVO1ZUfBPZq7pBNy90sqe7El3lKYM7n65T0Iry9pSJhvzMm7XkybpWZM834Y78okZEs1opsIZsCWVMXGInAmVs5bPPjrUNDKLqlfIb5fgUqclJiE4Hni5qF4iOSdQ2Xvex04GRwin4owmOKcpHAvAOHufLYjKxy+U4gd4VNzdYuRbr5Qs2kzPNl1JLWu8IKTUKzqpI5xZuDFOby8ZxhFqLZ1FWcIkFUiRVhVbz8GCtTLaMQeNV2ukkfIE4rK2u2UB+DBKEnQbBiRFbyCGhraEen2PvPi/wyE/71+AaOLM/JyYUt/S2+bz5lgugLFwNi9VJM4HgShcwwvzs7i//Hm2lj6Aj+dCPat8IquJ7QSVDUuu746Idw== (none)