xin/nixos-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

agate: added

Browse source
This commit is contained in:
xinyangli 2025-05-05 12:33:23 +08:00
parent 37c29252a3
commit 6f1ae9dcba
No known key found for this signature in database
10 changed files with 284 additions and 56 deletions
Download patch file Download diff file Expand all files Collapse all files

2
.sops.yaml
View file

@ -9,6 +9,7 @@ keys:
- &host-fra-00 age18u4mqrhqkrpcytxfxfex6aeap04u38emhy6u4wrp5k62sz2vae4qm5jj7s
- &host-biotite age1v5h946jfke6ae8pcgz52mhj26cacqcpl9dmmrrkf37x55rnq2v3szqctvv
- &host-thorite age12ng08vjx5jde5ncqutwkd5vm4ygfwy33mzhzwe0lkxzglulgpqusc89r96
- &host-agate age1x79t4crvt8qj34vn052s0kaj80z87np83adqra953yjpydrzkqqspt6zcj
creation_rules:
- path_regex: machines/secrets.yaml
key_groups:
@ -22,6 +23,7 @@ creation_rules:
- *host-hk-00
- *host-fra-00
- *host-la-00
- *host-agate
- path_regex: machines/calcite/secrets.yaml
key_groups:
- age:

20
flake.nix
View file

@ -126,6 +126,10 @@
weilite = [
./machines/weilite
];
agate = [
disko.nixosModules.disko
./machines/agate
];
calcite = [
nixos-hardware.nixosModules.asus-zephyrus-ga401
catppuccin.nixosModules.catppuccin
@ -184,7 +188,17 @@
system ? null,
}:
nixpkgs.lib.nixosSystem {
modules = sharedNixosModules ++ nodeNixosModules.${hostname};
modules =
sharedNixosModules
++ nodeNixosModules.${hostname}
++ [
(
{ lib, ... }:
{
networking.hostName = lib.mkDefault hostname;
}
)
];
};
# TODO:
mkColmenaHive =
@ -306,6 +320,10 @@
hostname = "weilite";
};
agate = mkNixos {
hostname = "agate";
};
baryte = mkNixos {
hostname = "baryte";
};

5
garnix.yaml
View file

@ -7,3 +7,8 @@ builds:
- homeConfigurations.aarch64-linux.*
- darwinConfigurations.*
- nixosConfigurations.*
- exclude:
- nixosConfigurations.osmium
- nixosConfigurations.raspite
- nixosConfigurations.agate
- nixosConfigurations.baryte

67
machines/agate/default.nix Normal file
View file

@ -0,0 +1,67 @@
{ lib, ... }:
{
imports = [
./hardware-configuration.nix
./disk-config.nix
./services
];
boot.loader.grub = {
enable = true;
efiSupport = true;
efiInstallAsRemovable = true;
devices = lib.mkForce [ ];
mirroredBoots = [
{
devices = [
"/dev/disk/by-partlabel/disk-ssd1-system_p1"
];
path = "/boot0";
}
{
devices = [
"/dev/disk/by-partlabel/disk-ssd2-system_p2"
];
path = "/boot1";
}
];
};
users.users.root.hashedPassword = "$y$j9T$vgLUF3/R0RJpDu7e22fSW.$CPomHsuRziERtNGUnnMZZDQG.Vj7LCe5PUOSbvkwSV3";
commonSettings = {
auth.enable = true;
nix = {
enable = true;
};
comin.enable = true;
network.localdns.enable = true;
};
system.stateVersion = "25.05";
time.timeZone = "Asia/Shanghai";
nix.settings = {
max-jobs = 8;
cores = 16;
};
services.tailscale = {
enable = true;
openFirewall = true;
permitCertUid = "caddy";
};
custom.prometheus.exporters = {
enable = true;
blackbox = {
enable = true;
};
node = {
enable = true;
};
};
custom.monitoring = {
promtail.enable = true;
};
}

91
machines/agate/disk-config.nix Normal file
View file

@ -0,0 +1,91 @@
{
disko.devices = {
disk = {
ssd1 = {
type = "disk";
device = "/dev/disk/by-path/pci-0004:49:00.0-sas-exp0x500e004aaaaaaa1f-phy1-lun-0";
content = {
type = "gpt";
partitions = {
BOOT = {
size = "1M";
type = "EF02";
};
ESP = {
size = "500M";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot0";
};
};
system_p1 = {
size = "100%";
};
};
};
};
ssd2 = {
type = "disk";
device = "/dev/disk/by-path/pci-0004:49:00.0-sas-exp0x500e004aaaaaaa1f-phy2-lun-0";
content = {
type = "gpt";
partitions = {
BOOT = {
size = "1M";
type = "EF02";
};
ESP = {
size = "500M";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot1";
};
};
system_p2 = {
size = "100%";
content = {
type = "btrfs";
extraArgs = [
"-f"
"-d raid1"
"/dev/disk/by-partlabel/disk-ssd1-system_p1"
];
subvolumes = {
# Subvolume name is different from mountpoint
"/rootfs" = {
mountpoint = "/";
};
# Subvolume name is the same as the mountpoint
"/home" = {
mountOptions = [ "compress=zstd" ];
mountpoint = "/home";
};
# Parent is not mounted so the mountpoint must be set
"/nix" = {
mountOptions = [
"compress=zstd"
"noatime"
];
mountpoint = "/nix";
};
"/persistent" = {
mountOptions = [
"noatime"
# Lots of dbs in /var/lib, let's disable cow
"nodatacow"
];
mountpoint = "/var/lib";
};
};
};
};
};
};
};
};
};
}

23
machines/agate/hardware-configuration.nix Normal file
View file

@ -0,0 +1,23 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "mpt3sas" "sr_mod" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ ];
boot.extraModulePackages = [ ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux";
}

5
machines/agate/services/default.nix Normal file
View file

@ -0,0 +1,5 @@
{
imports = [
./hydra.nix
];
}

8
machines/agate/services/hydra.nix Normal file
View file

@ -0,0 +1,8 @@
{
services.hydra = {
enable = true;
hydraURL = "http://agate.coho-tet.ts.net:3000/";
notificationSender = "hydra@localhost";
buildMachinesFiles = [ ];
};
}

114
machines/secrets.yaml
View file

@ -1,97 +1,101 @@
prometheus:
metrics_username: ENC[AES256_GCM,data:/CQfOA==,iv:BjhB+uLfjmYHdgpc/+tDJXJ8C1EK9kngQWbo4NleOmE=,tag:JCdqyqGLRh09T25vmufiZw==,type:str]
metrics_password: ENC[AES256_GCM,data:q/xMPuNtlcUFewMdVu6w2Q==,iv:xLohdb5tdxevYFckZoacjSJp2rZ53QKLxK6u3mc3mDw=,tag:B4LrObH1DsnnD5CcuOPOyg==,type:str]
metrics_username: ENC[AES256_GCM,data:7kcwPg==,iv:BjhB+uLfjmYHdgpc/+tDJXJ8C1EK9kngQWbo4NleOmE=,tag:wGLoVcsVxgFjorIMsV4mjw==,type:str]
metrics_password: ENC[AES256_GCM,data:qGbdk5tRmBw1rYHkmid87w==,iv:xLohdb5tdxevYFckZoacjSJp2rZ53QKLxK6u3mc3mDw=,tag:+cVF89YF35hA+fPvEQNgHA==,type:str]
dae:
sub: ENC[AES256_GCM,data:kruAGgIBwiN508hwczGeVmh6Jr4Mg9BNEWSBNfYnBCCOrkSM1I5GRuG8EZqTq1+Ib+TRN8cgaqCEk2mpZ+7po1FjW1K8M0EBj9QvQCs7a+QVSmP6qS14WY1B,iv:iMhxWb0IR+3jOP2+7GmQTe0Ia1yhycji4hcTTMK57GI=,tag:V/nZgi7AWHU2Kp5WGhaGAw==,type:str]
sub: ENC[AES256_GCM,data:wCv8je47gBa2bb2aWCbUYHIuxGxkXUfJUvogwviYUNJJZJCdL5Q2qJX+tXOL4JRkzicRzFfiPEa3rcYIfoB6DC7caDPevpepHtTENzI3YKppiz0KIXedUWr+,iv:iMhxWb0IR+3jOP2+7GmQTe0Ia1yhycji4hcTTMK57GI=,tag:e8X4PTiY/60W6XbFLOmSBQ==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1uw059wcwfvd9xuj0hpqzqpeg7qemecspjrsatg37wc7rs2pumfdsgken0c
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA5SjAzOEozUzh1bzVvaHgr
T2xsVUszTHVSdWIyM3B5TFhtUEFMeVZlYzNrCk5IOWFNbTErbTVkQnNlVllMZWlV
Q2lHZXRIdzBiRFRSZnNUVWd2NXVXVGcKLS0tIERhcjh3VVlqSGxHUHpnc1JzVksv
VXpQVVVCUC9xR3crWm9rTk13LzVhK1EKwiuvwx3ZhcDE+9w7/dR4PrZSSoJMvklT
m7I32dMRk0o9zcl5KYU5L9Hwb+z+EBE34raoGKBF5K4aQcbZQUX3Cw==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBOdjRiWCtvUWNSTVJlNmh5
RDIzMW5rZmc4ZW9DbWs1cnVWbG16WDJhTkMwCkk5MENTTUJENDFwcFJ3K2Y3cW1Z
ZFhzNSs1ZHRtd25za3pJUFJoYTU0WGcKLS0tIHVjSmZiTFIxTmdOcFVKTVdMOXg5
bjdhUFNjWlhFcitUaUZpOURzY1MvdlUKl6tM+siqmAN25lyobnPymIhniJkylZcy
yWw/iEj6l7dNrwCr5Ofb6llTPMIJeA7Y0wKPhp2ott13hBUUSeBDRg==
-----END AGE ENCRYPTED FILE-----
- recipient: age1ytwfqfeez3dqtazyjltn7mznccwx3ua8djhned7n8mxqhw4p6e5s97skfa
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA5R1ZIRlN2b3M2OUQ0T2cw
eE5DTm9KY1NUY1p5eDhLNG4xMDVkVjRyWDNRClp3MTRWeGJMYTczcC9YQTNZdkxx
ejJ3QnhjcUcyUldUNEVqVUh6Z2grd00KLS0tIDVvbDZWbmZPZVhDNHM1K1kzaE95
aHJqSU16dlJiRGl0VWNMVXVYMmhPb2MKMboq9ShGIJMFVENgLPlQdwdtTOjVb0CC
4ttM3xWnYkf8416a0OYFrda5l1kfJJzQakbk/tbGcTu1yTcd+6lOtA==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBbHIwSmlYQWdDV20rQjdI
OVVNUmcwcFZaZzlWa1QxaERoV0oydzZHR2pZCjV4K2llR1lCNGZzRWVidExyTW1i
RTlBZzF1UHFFT0JzT3hnK28zeWN2UlEKLS0tIFFQVUJUVk5HcTRSQXczbDlsRTli
R3QrSVNXbnM3VjVvMHRvNGVTMFBPam8K1rJaII3N4xN8ArmEzSt5boqFrcKBbYWD
T9sBOVitKudgGRbXirPdUbWHq//gP6bkpwGrh5cJA30jDXaTuEq31g==
-----END AGE ENCRYPTED FILE-----
- recipient: age17r3fxfmt6hgwe984w4lds9u0cnkf5ttq8hnqt800ayfmx7t8t5gqjddyml
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVby8wYS9pa0szTlVUS3FI
VWhjaCtyUzNLbkw2VXRlWkVMZlRkeXJMZGlRCnBTWklnZ0Uzd2lTMGt1M2wxZ0px
NFl2RW5hSUZVdHI0aVFRMHJtMFQ3ODAKLS0tIFlYOHVRYVFGbkcvUWRmQitQQnI5
bG5vemMvcWdpOEtxNGRpS0doQmtuUFkK8Hxl//kOtbEw3jf96ZZ4G1Yb94f4Jeb4
TfPs7O/ESJY8ovNsoXRQEt99vOR5D1wBzyZBY9E3f2ZzY/uBmup0cw==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB4VGdpcHE0MGk2VU1hcDQ1
SVB0TUY1dkNQZGRtSElPajVCUktVbGZuTHpjCnI4NGl0dEdXdXhxZmN1SHkyL25U
RGJiT1I4dHJscjZvdDdDZkVzdnZ1M0UKLS0tIG9lUGlwbmQvZ05IN1NMMFVQVWls
WlBIQVVPVWpTdm5pQ3NCSWIxazRKUHMK8SmC1itCVyr8KXBSLVVpiHwt7Hl9Vps3
sc8cqv/Ou0LWz5MlqCGtiO5zKIQABCIAhmMMw9UDrqkYHyLCOhaGlw==
-----END AGE ENCRYPTED FILE-----
- recipient: age1jle2auermhswqtehww9gqada8car5aczrx43ztzqf9wtcld0sfmqzaecta
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBPSmRYMkNIdERJZVBxV1p1
emlqOTBpN3l2WXkzNjRRcFI5NUZDZnQ1WXdnCkRVbm8xais5aGVCTmtSTGxaTXlT
L2ZWQ0p5WFZNRWl5SWVkRUYwc2R3b1UKLS0tIEZEck4yMmJUQWVvNHRJQnpCQTBo
cDJsaG83MTdXWVd2NUpLczhjWTBBZVUK5BxBIYVqkqVLw9LTbnJ8SQWN2i4USdI8
8m/hZFXTJ4GI0f795DEmbcZq9xET14aQqta0wSASqwP/5Ld1mo0a0w==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxZE05NGI3WlpNWXlGdlkx
OW5QK0NzbTl0RmJjQythRWdZdUJkczhLZ1NjCjFTVng5L1dnYTBYZ3R2RHhiVGxC
MHZ1Yi9IRUJySEZBazJ2ZnhYeElWWXcKLS0tIEhVV2lUSzZZbitKd1NaS2J6UzE2
QlFpVGV4YkJUbFA4Y2RVQm9JeVJMK0EKDwXNkNgAmsNMYvSpHVmSn098+Eurr3jp
KHtqLGRGq2EHK2Edo4gktXS39KhpYhhKTEMNiAJ8Tx2BG+edGKAJyg==
-----END AGE ENCRYPTED FILE-----
- recipient: age12ng08vjx5jde5ncqutwkd5vm4ygfwy33mzhzwe0lkxzglulgpqusc89r96
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAwSkhjRTdBWklZUEpUanM0
Wjl4b2c3K0g0ZUxxMlRrUFhhZzhNRXhPVnpvCmpNWVBNTXNYczV3aWhCd05FOGJ0
YlNobFhWdStGbDRZV2NlUWV6ZFRVNEkKLS0tIGd1RUR4K21GOEQ0aWtqRi9RREpE
RXBXcXFYUDVXVzN4Q25zSklFU21wbFkKQuTHkgFC5HRPO7/PuVhJzbbHOTPaFXvN
+Y31AK3OAVdUETMEuJ2mk50Bi5BiiUeOnnv1bZ6O+iX0o20ysUseTg==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLZGs5SnE5R0N5ZkpKRXky
c3JSK3F6NzZJbHI3WWNZbk1nY0UwUW4vNUNnCmV5eTJVRTdJc25VaXVJY05GeUFo
UUFxNDM1M3pXaUVVekJJZ2tNV1UxNEUKLS0tIDdEN1BFWDF4cXRoS01VSHhPRjlu
ZjZCc2krMkxOWDkwMWM0WC9qQWZPNEUKt9s9SNkkoVOuGKW9AkGB6XYf7a90EeZD
b0q/P/mKVGYghwXjEQ89ipS+rF3BMlWXRwd6T8mb6NRLmseyt0dqyw==
-----END AGE ENCRYPTED FILE-----
- recipient: age1v5h946jfke6ae8pcgz52mhj26cacqcpl9dmmrrkf37x55rnq2v3szqctvv
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBnc3NOZFRYT1VnaVZSaTRi
WnluSEk4d1U5TWx2REZRZ3VCRVp2ZzlKY0NvCjNlUnIwdWVqSnlQOWp1dlJ5THlW
c2xTNHhnaE94a2ZTeXJjQTVxeGRLTmsKLS0tIFV4c2NZK1ZnL2xtUlVvSksxNi9o
L3dodkJXVjZrekVldTVsRFRxSFlrTmMKiokjgIRIsI8D2aFP/Qem4iGzC4yr5lm2
ZwggC/UfD56ysTEqrVaDnR7f5fSqZLWdstPJn7I/vr5CwKRMbMPYSA==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBIaGNVc1BvbnZNbFlFL2pL
L3JOczFGNnlQVnpuMkVJZlRVU2hhcCtKNGhJCk9ZUFlYOERXWWlBMG4yVENUbk1P
UWJnNWpBeDVjRG1GdDBreWMzUVIzaHcKLS0tIFZFUmE2NE5wTXBIZWI4cjlFYk12
TERkUkROTWpKTUF3ZUk2TFVRaVFTNVkKHaBMq9jHPM5e+4naO6aC3s6NMspe/v6e
sCZti+gw1pa3Sdlc9qZD6ZWN4G0UDJnRSxPNIxO7n3wMPWkMVQiztw==
-----END AGE ENCRYPTED FILE-----
- recipient: age1p2dlc8gfgyrvtta6mty2pezjycn244gmvh456qd3wvkfwesp253qnwyta9
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpN0llOTBJU1pNNVFxVWxt
aFdKdStKL1ZlZ0p6WFRQbHpGNnpmdlJXdG1FCkx5eDhZWWJvQ2xSWEJqWnZ6NmNt
Y0MzNDg5QzVSbEZteW1LNlFyRFg5Q0EKLS0tIDBrT0dEZlBoTExYcGRNZjZ5Znpz
cnE4YWRTMmRsTENhOTl5R2dYSzQwazAKvnTvZz842Mg5AVlIoYHI2BG+0/hO5zIv
jRVJri98fgGterXADTPmeoY3p+fFQggTPhs/5s5GSQxd5aiX8vvvrA==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBYUHJzUzhwbHhYMUNkbVRV
MkdBd3c3cC9ZQ0x1ZHlzUUo4MHA5TkIzQmdvCkk0S3VMRkllbk9VS1R6d1BCTENr
K29XQXpYSlV2YWJLbGdsbFM0UGZLZjQKLS0tIGRNR3U4MDFJektXMkg0R3I1Rkpt
M1A2VlBmZ1V0UXltNW5zNTBqRDJKMVUKVOwFinUC3scboLI2qrYUAxLecMmz5V4w
A8maHLb8SlDea0KM0NJjoYlBXgVG2OnQ0HaUJzGkQTWwCPUk/o3MGA==
-----END AGE ENCRYPTED FILE-----
- recipient: age18u4mqrhqkrpcytxfxfex6aeap04u38emhy6u4wrp5k62sz2vae4qm5jj7s
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBPQWljdGg4VTlDdGhoblpk
LytxK2FnQVI1dzB2bnFaWUtoUVNGS3lpU3prCnRwUTNnZVVXTnZ6eCtScTk5YzI3
TGM2MmNhaHQ3NXAzMk0rcnJoTlp5STQKLS0tIEp2U3YvUUhXTkt3VFczY3J1LzMv
ZzM0VHpqamRIZVROS2lQdXFhQTNBekEKEySldC+VvZvPY398ZVkB5s73bT3QbuLh
IqTv+wbkbjlvZJUavVyycY5SwMXkSX3ge9W/64mt/RDs88gSXFS+Sw==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDNlZ6U3BMeE1NV2Q3UHRw
YzVpYVVVSURGTzI3VEY4V09iWDh3ZU04dFRjCkZaWFRhV0tJd3hZYnFFZmVYenVp
QTNlZ1RYazRWeVI2R0VYTE9EbWNFVEkKLS0tIDJQU1BDYW80ZDBid2dYWGNEeXlZ
ZU03cFpZQjlVOUdzT3FHTiswZmk1ajQKxRqo2ZZKIDTHIjOM0r/ZorgRq4Gm0UsQ
wFojWJQC52DTwF7oAKojb+93of5qDBVnXlN5YM12T1XnifVHk6Kc5A==
-----END AGE ENCRYPTED FILE-----
- recipient: age1fw2sqaa5s9c8ml6ncsexkj8ar4288387ju92ytjys4awf9aw6smqqz94dh
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4bGppem15NlVod2hCRkM5
MzY1aUZOdEVzRzdEYTRNakdMQWJlRkk0eEZzClRLSnRrQUoreU5MVG40KzRKSGcw
bUU4ZnpLU0VtOWxXVllrSW5lN0NWb0kKLS0tIE1iemRlVVpieEhxRnlIb2dFUHZr
am04NVRtU2N6SThYZWdXVE5RZ1B2aE0KVcHvB5k2Gcu/St0P8WPFzlCtuZthZTKo
hwVc0lC6Xxt25hriaUFinwnyvcjxrLCx0Nq7f9Zn16nJcza5kev1nQ==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDM3FTdXdCM3Z3b2NLR1Bw
OC9HdDlraktMMUxRM3ovSXpScnhEM2U2a1I0CnkwSVZjSVI1UXBUTWJIVFlXRG9t
K1ZhbUtWYzFxSUU2dmMvbkFKVHRLYTAKLS0tIGloNC9JWG9pSTZmNjI0TitSUWQr
NzYyU1UrbS9Fc1ZicTR2NXNIYmpsdXMK5CEi9eLOMyZrs32rEEMAl65LFqN75Iow
bApHV33LVxIYnbBYdPnHKGWj7U5VOPO3krq6q4pW4PViMotUx4BWow==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-04-10T03:53:49Z"
mac: ENC[AES256_GCM,data:ioiGVfCWOn8Hc5EpCtcDTF4YoKtsMAchBlRM0C00WQbM9Ss3571Oly4jtymshDVbDFbH+y0gYcEXn8Fs5XYjd0rIa6mbaISLvPlG+P34SqHcVsh6eDU15z0vTAncbOHrok+/xAmg64WtiBxteMaWPsTVngCrmPYS247eCav+Jpo=,iv:K7PiHNn2IS0pGUh1F75TjliHMk8l6PaHmDshSPPA4BE=,tag:Jd/lHdeWUDQa5AwSwFCeSw==,type:str]
pgp: []
- recipient: age1x79t4crvt8qj34vn052s0kaj80z87np83adqra953yjpydrzkqqspt6zcj
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDK01iTkVEU3QvbUY0UUR1
VGQ2djZENnY3TU0wQ3BZa1JhZlduUWwySXlzCjhqM1MrWDV3bW1lUThHU2RXZE9P
VDBZZlNKZVBIdmE1RkVRbTZ2MTM5a2sKLS0tIHdOV004VEtWZ3ZhSXBkejlDSVp0
MHJubDlRVW40TDVJNnNqQktKcGVVYWcK1nCRXYjyLpNdj2Mnjgop5R6DSpRUSxDT
VstIwZiQgACPKcP7H2dFSPNDaaAH1YqZzqr7ILLV6jYRApZFte/SRw==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-05-01T16:16:05Z"
mac: ENC[AES256_GCM,data:sXZm1YVBaF//vU5Vtou4HOvKMZ9L6i9YCH6DASiEE6VQYQ6aN3RI5bf25c9C4Lx7ARxsqCFz1pUVGiSd6AIAx1swSZHwC0nRz77GW9B8S1Gn+uyvVdbhP7xYfJ3XP8jFPJetKQLYIIynjdT7uUA833ZydmtaUC85j+Kmw7aEIoQ=,iv:rXkqJqJX43bLxrjT19mP4qO/fpZboVLN3nbQ7RrJWto=,tag:5ZPThu4YCT0K8GJMmYK6Yg==,type:str]
unencrypted_suffix: _unencrypted
version: 3.9.4

5
note.md
View file

@ -2,6 +2,10 @@
Demonstrate disk usage by nix-store path.
## Tools
- new sops key should be added by using `sops updatekeys`
## TODO
- [x] change caddy admin to unix socket
- [ ] admin config persist = false
@ -9,3 +13,4 @@ Demonstrate disk usage by nix-store path.
- [ ] backup all directories under /var/lib/forgejo
- [ ] collect caddy access logs with promtail (waiting for caddy v2.9.0 release after which log file mode can be set)
- [ ] update "https" to "https-file" with dae 1.0.0
- [ ] move away from dnspod