diff --git a/.sops.yaml b/.sops.yaml index ad2d8e4..638f70a 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -9,6 +9,7 @@ keys: - &host-fra-00 age18u4mqrhqkrpcytxfxfex6aeap04u38emhy6u4wrp5k62sz2vae4qm5jj7s - &host-biotite age1v5h946jfke6ae8pcgz52mhj26cacqcpl9dmmrrkf37x55rnq2v3szqctvv - &host-thorite age12ng08vjx5jde5ncqutwkd5vm4ygfwy33mzhzwe0lkxzglulgpqusc89r96 + - &host-agate age1x79t4crvt8qj34vn052s0kaj80z87np83adqra953yjpydrzkqqspt6zcj creation_rules: - path_regex: machines/secrets.yaml key_groups: @@ -22,6 +23,7 @@ creation_rules: - *host-hk-00 - *host-fra-00 - *host-la-00 + - *host-agate - path_regex: machines/calcite/secrets.yaml key_groups: - age: diff --git a/flake.nix b/flake.nix index 40e914f..3c9127c 100644 --- a/flake.nix +++ b/flake.nix @@ -126,6 +126,10 @@ weilite = [ ./machines/weilite ]; + agate = [ + disko.nixosModules.disko + ./machines/agate + ]; calcite = [ nixos-hardware.nixosModules.asus-zephyrus-ga401 catppuccin.nixosModules.catppuccin @@ -184,7 +188,17 @@ system ? null, }: nixpkgs.lib.nixosSystem { - modules = sharedNixosModules ++ nodeNixosModules.${hostname}; + modules = + sharedNixosModules + ++ nodeNixosModules.${hostname} + ++ [ + ( + { lib, ... }: + { + networking.hostName = lib.mkDefault hostname; + } + ) + ]; }; # TODO: mkColmenaHive = @@ -306,6 +320,10 @@ hostname = "weilite"; }; + agate = mkNixos { + hostname = "agate"; + }; + baryte = mkNixos { hostname = "baryte"; }; diff --git a/garnix.yaml b/garnix.yaml index 74ba8f3..75b090f 100644 --- a/garnix.yaml +++ b/garnix.yaml @@ -7,3 +7,8 @@ builds: - homeConfigurations.aarch64-linux.* - darwinConfigurations.* - nixosConfigurations.* + - exclude: + - nixosConfigurations.osmium + - nixosConfigurations.raspite + - nixosConfigurations.agate + - nixosConfigurations.baryte diff --git a/machines/agate/default.nix b/machines/agate/default.nix new file mode 100644 index 0000000..e626b76 --- /dev/null +++ b/machines/agate/default.nix @@ -0,0 +1,67 @@ +{ lib, ... }: +{ + imports = [ + ./hardware-configuration.nix + ./disk-config.nix + ./services + ]; + + boot.loader.grub = { + enable = true; + efiSupport = true; + efiInstallAsRemovable = true; + devices = lib.mkForce [ ]; + mirroredBoots = [ + { + devices = [ + "/dev/disk/by-partlabel/disk-ssd1-system_p1" + ]; + path = "/boot0"; + } + { + devices = [ + "/dev/disk/by-partlabel/disk-ssd2-system_p2" + ]; + path = "/boot1"; + } + ]; + }; + + users.users.root.hashedPassword = "$y$j9T$vgLUF3/R0RJpDu7e22fSW.$CPomHsuRziERtNGUnnMZZDQG.Vj7LCe5PUOSbvkwSV3"; + + commonSettings = { + auth.enable = true; + nix = { + enable = true; + }; + comin.enable = true; + network.localdns.enable = true; + }; + system.stateVersion = "25.05"; + time.timeZone = "Asia/Shanghai"; + + nix.settings = { + max-jobs = 8; + cores = 16; + }; + + services.tailscale = { + enable = true; + openFirewall = true; + permitCertUid = "caddy"; + }; + + custom.prometheus.exporters = { + enable = true; + blackbox = { + enable = true; + }; + node = { + enable = true; + }; + }; + + custom.monitoring = { + promtail.enable = true; + }; +} diff --git a/machines/agate/disk-config.nix b/machines/agate/disk-config.nix new file mode 100644 index 0000000..67aa8e2 --- /dev/null +++ b/machines/agate/disk-config.nix @@ -0,0 +1,91 @@ +{ + disko.devices = { + disk = { + ssd1 = { + type = "disk"; + device = "/dev/disk/by-path/pci-0004:49:00.0-sas-exp0x500e004aaaaaaa1f-phy1-lun-0"; + content = { + type = "gpt"; + partitions = { + BOOT = { + size = "1M"; + type = "EF02"; + }; + ESP = { + size = "500M"; + type = "EF00"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot0"; + }; + }; + system_p1 = { + size = "100%"; + }; + }; + }; + }; + ssd2 = { + type = "disk"; + device = "/dev/disk/by-path/pci-0004:49:00.0-sas-exp0x500e004aaaaaaa1f-phy2-lun-0"; + content = { + type = "gpt"; + partitions = { + BOOT = { + size = "1M"; + type = "EF02"; + }; + ESP = { + size = "500M"; + type = "EF00"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot1"; + }; + }; + system_p2 = { + size = "100%"; + content = { + type = "btrfs"; + extraArgs = [ + "-f" + "-d raid1" + "/dev/disk/by-partlabel/disk-ssd1-system_p1" + ]; + subvolumes = { + # Subvolume name is different from mountpoint + "/rootfs" = { + mountpoint = "/"; + }; + # Subvolume name is the same as the mountpoint + "/home" = { + mountOptions = [ "compress=zstd" ]; + mountpoint = "/home"; + }; + # Parent is not mounted so the mountpoint must be set + "/nix" = { + mountOptions = [ + "compress=zstd" + "noatime" + ]; + mountpoint = "/nix"; + }; + "/persistent" = { + mountOptions = [ + "noatime" + # Lots of dbs in /var/lib, let's disable cow + "nodatacow" + ]; + mountpoint = "/var/lib"; + }; + }; + }; + }; + }; + }; + }; + }; + }; +} diff --git a/machines/agate/hardware-configuration.nix b/machines/agate/hardware-configuration.nix new file mode 100644 index 0000000..0b363b7 --- /dev/null +++ b/machines/agate/hardware-configuration.nix @@ -0,0 +1,23 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = [ "mpt3sas" "sr_mod" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ ]; + boot.extraModulePackages = [ ]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux"; +} diff --git a/machines/agate/services/default.nix b/machines/agate/services/default.nix new file mode 100644 index 0000000..61f5866 --- /dev/null +++ b/machines/agate/services/default.nix @@ -0,0 +1,5 @@ +{ + imports = [ + ./hydra.nix + ]; +} diff --git a/machines/agate/services/hydra.nix b/machines/agate/services/hydra.nix new file mode 100644 index 0000000..3f95483 --- /dev/null +++ b/machines/agate/services/hydra.nix @@ -0,0 +1,8 @@ +{ + services.hydra = { + enable = true; + hydraURL = "http://agate.coho-tet.ts.net:3000/"; + notificationSender = "hydra@localhost"; + buildMachinesFiles = [ ]; + }; +} diff --git a/machines/secrets.yaml b/machines/secrets.yaml index cacbc47..03a6178 100644 --- a/machines/secrets.yaml +++ b/machines/secrets.yaml @@ -1,97 +1,101 @@ prometheus: - metrics_username: ENC[AES256_GCM,data:/CQfOA==,iv:BjhB+uLfjmYHdgpc/+tDJXJ8C1EK9kngQWbo4NleOmE=,tag:JCdqyqGLRh09T25vmufiZw==,type:str] - metrics_password: ENC[AES256_GCM,data:q/xMPuNtlcUFewMdVu6w2Q==,iv:xLohdb5tdxevYFckZoacjSJp2rZ53QKLxK6u3mc3mDw=,tag:B4LrObH1DsnnD5CcuOPOyg==,type:str] + metrics_username: ENC[AES256_GCM,data:7kcwPg==,iv:BjhB+uLfjmYHdgpc/+tDJXJ8C1EK9kngQWbo4NleOmE=,tag:wGLoVcsVxgFjorIMsV4mjw==,type:str] + metrics_password: ENC[AES256_GCM,data:qGbdk5tRmBw1rYHkmid87w==,iv:xLohdb5tdxevYFckZoacjSJp2rZ53QKLxK6u3mc3mDw=,tag:+cVF89YF35hA+fPvEQNgHA==,type:str] dae: - sub: ENC[AES256_GCM,data:kruAGgIBwiN508hwczGeVmh6Jr4Mg9BNEWSBNfYnBCCOrkSM1I5GRuG8EZqTq1+Ib+TRN8cgaqCEk2mpZ+7po1FjW1K8M0EBj9QvQCs7a+QVSmP6qS14WY1B,iv:iMhxWb0IR+3jOP2+7GmQTe0Ia1yhycji4hcTTMK57GI=,tag:V/nZgi7AWHU2Kp5WGhaGAw==,type:str] + sub: ENC[AES256_GCM,data:wCv8je47gBa2bb2aWCbUYHIuxGxkXUfJUvogwviYUNJJZJCdL5Q2qJX+tXOL4JRkzicRzFfiPEa3rcYIfoB6DC7caDPevpepHtTENzI3YKppiz0KIXedUWr+,iv:iMhxWb0IR+3jOP2+7GmQTe0Ia1yhycji4hcTTMK57GI=,tag:e8X4PTiY/60W6XbFLOmSBQ==,type:str] sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] age: - recipient: age1uw059wcwfvd9xuj0hpqzqpeg7qemecspjrsatg37wc7rs2pumfdsgken0c enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA5SjAzOEozUzh1bzVvaHgr - T2xsVUszTHVSdWIyM3B5TFhtUEFMeVZlYzNrCk5IOWFNbTErbTVkQnNlVllMZWlV - Q2lHZXRIdzBiRFRSZnNUVWd2NXVXVGcKLS0tIERhcjh3VVlqSGxHUHpnc1JzVksv - VXpQVVVCUC9xR3crWm9rTk13LzVhK1EKwiuvwx3ZhcDE+9w7/dR4PrZSSoJMvklT - m7I32dMRk0o9zcl5KYU5L9Hwb+z+EBE34raoGKBF5K4aQcbZQUX3Cw== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBOdjRiWCtvUWNSTVJlNmh5 + RDIzMW5rZmc4ZW9DbWs1cnVWbG16WDJhTkMwCkk5MENTTUJENDFwcFJ3K2Y3cW1Z + ZFhzNSs1ZHRtd25za3pJUFJoYTU0WGcKLS0tIHVjSmZiTFIxTmdOcFVKTVdMOXg5 + bjdhUFNjWlhFcitUaUZpOURzY1MvdlUKl6tM+siqmAN25lyobnPymIhniJkylZcy + yWw/iEj6l7dNrwCr5Ofb6llTPMIJeA7Y0wKPhp2ott13hBUUSeBDRg== -----END AGE ENCRYPTED FILE----- - recipient: age1ytwfqfeez3dqtazyjltn7mznccwx3ua8djhned7n8mxqhw4p6e5s97skfa enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA5R1ZIRlN2b3M2OUQ0T2cw - eE5DTm9KY1NUY1p5eDhLNG4xMDVkVjRyWDNRClp3MTRWeGJMYTczcC9YQTNZdkxx - ejJ3QnhjcUcyUldUNEVqVUh6Z2grd00KLS0tIDVvbDZWbmZPZVhDNHM1K1kzaE95 - aHJqSU16dlJiRGl0VWNMVXVYMmhPb2MKMboq9ShGIJMFVENgLPlQdwdtTOjVb0CC - 4ttM3xWnYkf8416a0OYFrda5l1kfJJzQakbk/tbGcTu1yTcd+6lOtA== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBbHIwSmlYQWdDV20rQjdI + OVVNUmcwcFZaZzlWa1QxaERoV0oydzZHR2pZCjV4K2llR1lCNGZzRWVidExyTW1i + RTlBZzF1UHFFT0JzT3hnK28zeWN2UlEKLS0tIFFQVUJUVk5HcTRSQXczbDlsRTli + R3QrSVNXbnM3VjVvMHRvNGVTMFBPam8K1rJaII3N4xN8ArmEzSt5boqFrcKBbYWD + T9sBOVitKudgGRbXirPdUbWHq//gP6bkpwGrh5cJA30jDXaTuEq31g== -----END AGE ENCRYPTED FILE----- - recipient: age17r3fxfmt6hgwe984w4lds9u0cnkf5ttq8hnqt800ayfmx7t8t5gqjddyml enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVby8wYS9pa0szTlVUS3FI - VWhjaCtyUzNLbkw2VXRlWkVMZlRkeXJMZGlRCnBTWklnZ0Uzd2lTMGt1M2wxZ0px - NFl2RW5hSUZVdHI0aVFRMHJtMFQ3ODAKLS0tIFlYOHVRYVFGbkcvUWRmQitQQnI5 - bG5vemMvcWdpOEtxNGRpS0doQmtuUFkK8Hxl//kOtbEw3jf96ZZ4G1Yb94f4Jeb4 - TfPs7O/ESJY8ovNsoXRQEt99vOR5D1wBzyZBY9E3f2ZzY/uBmup0cw== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB4VGdpcHE0MGk2VU1hcDQ1 + SVB0TUY1dkNQZGRtSElPajVCUktVbGZuTHpjCnI4NGl0dEdXdXhxZmN1SHkyL25U + RGJiT1I4dHJscjZvdDdDZkVzdnZ1M0UKLS0tIG9lUGlwbmQvZ05IN1NMMFVQVWls + WlBIQVVPVWpTdm5pQ3NCSWIxazRKUHMK8SmC1itCVyr8KXBSLVVpiHwt7Hl9Vps3 + sc8cqv/Ou0LWz5MlqCGtiO5zKIQABCIAhmMMw9UDrqkYHyLCOhaGlw== -----END AGE ENCRYPTED FILE----- - recipient: age1jle2auermhswqtehww9gqada8car5aczrx43ztzqf9wtcld0sfmqzaecta enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBPSmRYMkNIdERJZVBxV1p1 - emlqOTBpN3l2WXkzNjRRcFI5NUZDZnQ1WXdnCkRVbm8xais5aGVCTmtSTGxaTXlT - L2ZWQ0p5WFZNRWl5SWVkRUYwc2R3b1UKLS0tIEZEck4yMmJUQWVvNHRJQnpCQTBo - cDJsaG83MTdXWVd2NUpLczhjWTBBZVUK5BxBIYVqkqVLw9LTbnJ8SQWN2i4USdI8 - 8m/hZFXTJ4GI0f795DEmbcZq9xET14aQqta0wSASqwP/5Ld1mo0a0w== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxZE05NGI3WlpNWXlGdlkx + OW5QK0NzbTl0RmJjQythRWdZdUJkczhLZ1NjCjFTVng5L1dnYTBYZ3R2RHhiVGxC + MHZ1Yi9IRUJySEZBazJ2ZnhYeElWWXcKLS0tIEhVV2lUSzZZbitKd1NaS2J6UzE2 + QlFpVGV4YkJUbFA4Y2RVQm9JeVJMK0EKDwXNkNgAmsNMYvSpHVmSn098+Eurr3jp + KHtqLGRGq2EHK2Edo4gktXS39KhpYhhKTEMNiAJ8Tx2BG+edGKAJyg== -----END AGE ENCRYPTED FILE----- - recipient: age12ng08vjx5jde5ncqutwkd5vm4ygfwy33mzhzwe0lkxzglulgpqusc89r96 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAwSkhjRTdBWklZUEpUanM0 - Wjl4b2c3K0g0ZUxxMlRrUFhhZzhNRXhPVnpvCmpNWVBNTXNYczV3aWhCd05FOGJ0 - YlNobFhWdStGbDRZV2NlUWV6ZFRVNEkKLS0tIGd1RUR4K21GOEQ0aWtqRi9RREpE - RXBXcXFYUDVXVzN4Q25zSklFU21wbFkKQuTHkgFC5HRPO7/PuVhJzbbHOTPaFXvN - +Y31AK3OAVdUETMEuJ2mk50Bi5BiiUeOnnv1bZ6O+iX0o20ysUseTg== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLZGs5SnE5R0N5ZkpKRXky + c3JSK3F6NzZJbHI3WWNZbk1nY0UwUW4vNUNnCmV5eTJVRTdJc25VaXVJY05GeUFo + UUFxNDM1M3pXaUVVekJJZ2tNV1UxNEUKLS0tIDdEN1BFWDF4cXRoS01VSHhPRjlu + ZjZCc2krMkxOWDkwMWM0WC9qQWZPNEUKt9s9SNkkoVOuGKW9AkGB6XYf7a90EeZD + b0q/P/mKVGYghwXjEQ89ipS+rF3BMlWXRwd6T8mb6NRLmseyt0dqyw== -----END AGE ENCRYPTED FILE----- - recipient: age1v5h946jfke6ae8pcgz52mhj26cacqcpl9dmmrrkf37x55rnq2v3szqctvv enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBnc3NOZFRYT1VnaVZSaTRi - WnluSEk4d1U5TWx2REZRZ3VCRVp2ZzlKY0NvCjNlUnIwdWVqSnlQOWp1dlJ5THlW - c2xTNHhnaE94a2ZTeXJjQTVxeGRLTmsKLS0tIFV4c2NZK1ZnL2xtUlVvSksxNi9o - L3dodkJXVjZrekVldTVsRFRxSFlrTmMKiokjgIRIsI8D2aFP/Qem4iGzC4yr5lm2 - ZwggC/UfD56ysTEqrVaDnR7f5fSqZLWdstPJn7I/vr5CwKRMbMPYSA== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBIaGNVc1BvbnZNbFlFL2pL + L3JOczFGNnlQVnpuMkVJZlRVU2hhcCtKNGhJCk9ZUFlYOERXWWlBMG4yVENUbk1P + UWJnNWpBeDVjRG1GdDBreWMzUVIzaHcKLS0tIFZFUmE2NE5wTXBIZWI4cjlFYk12 + TERkUkROTWpKTUF3ZUk2TFVRaVFTNVkKHaBMq9jHPM5e+4naO6aC3s6NMspe/v6e + sCZti+gw1pa3Sdlc9qZD6ZWN4G0UDJnRSxPNIxO7n3wMPWkMVQiztw== -----END AGE ENCRYPTED FILE----- - recipient: age1p2dlc8gfgyrvtta6mty2pezjycn244gmvh456qd3wvkfwesp253qnwyta9 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpN0llOTBJU1pNNVFxVWxt - aFdKdStKL1ZlZ0p6WFRQbHpGNnpmdlJXdG1FCkx5eDhZWWJvQ2xSWEJqWnZ6NmNt - Y0MzNDg5QzVSbEZteW1LNlFyRFg5Q0EKLS0tIDBrT0dEZlBoTExYcGRNZjZ5Znpz - cnE4YWRTMmRsTENhOTl5R2dYSzQwazAKvnTvZz842Mg5AVlIoYHI2BG+0/hO5zIv - jRVJri98fgGterXADTPmeoY3p+fFQggTPhs/5s5GSQxd5aiX8vvvrA== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBYUHJzUzhwbHhYMUNkbVRV + MkdBd3c3cC9ZQ0x1ZHlzUUo4MHA5TkIzQmdvCkk0S3VMRkllbk9VS1R6d1BCTENr + K29XQXpYSlV2YWJLbGdsbFM0UGZLZjQKLS0tIGRNR3U4MDFJektXMkg0R3I1Rkpt + M1A2VlBmZ1V0UXltNW5zNTBqRDJKMVUKVOwFinUC3scboLI2qrYUAxLecMmz5V4w + A8maHLb8SlDea0KM0NJjoYlBXgVG2OnQ0HaUJzGkQTWwCPUk/o3MGA== -----END AGE ENCRYPTED FILE----- - recipient: age18u4mqrhqkrpcytxfxfex6aeap04u38emhy6u4wrp5k62sz2vae4qm5jj7s enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBPQWljdGg4VTlDdGhoblpk - LytxK2FnQVI1dzB2bnFaWUtoUVNGS3lpU3prCnRwUTNnZVVXTnZ6eCtScTk5YzI3 - TGM2MmNhaHQ3NXAzMk0rcnJoTlp5STQKLS0tIEp2U3YvUUhXTkt3VFczY3J1LzMv - ZzM0VHpqamRIZVROS2lQdXFhQTNBekEKEySldC+VvZvPY398ZVkB5s73bT3QbuLh - IqTv+wbkbjlvZJUavVyycY5SwMXkSX3ge9W/64mt/RDs88gSXFS+Sw== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDNlZ6U3BMeE1NV2Q3UHRw + YzVpYVVVSURGTzI3VEY4V09iWDh3ZU04dFRjCkZaWFRhV0tJd3hZYnFFZmVYenVp + QTNlZ1RYazRWeVI2R0VYTE9EbWNFVEkKLS0tIDJQU1BDYW80ZDBid2dYWGNEeXlZ + ZU03cFpZQjlVOUdzT3FHTiswZmk1ajQKxRqo2ZZKIDTHIjOM0r/ZorgRq4Gm0UsQ + wFojWJQC52DTwF7oAKojb+93of5qDBVnXlN5YM12T1XnifVHk6Kc5A== -----END AGE ENCRYPTED FILE----- - recipient: age1fw2sqaa5s9c8ml6ncsexkj8ar4288387ju92ytjys4awf9aw6smqqz94dh enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4bGppem15NlVod2hCRkM5 - MzY1aUZOdEVzRzdEYTRNakdMQWJlRkk0eEZzClRLSnRrQUoreU5MVG40KzRKSGcw - bUU4ZnpLU0VtOWxXVllrSW5lN0NWb0kKLS0tIE1iemRlVVpieEhxRnlIb2dFUHZr - am04NVRtU2N6SThYZWdXVE5RZ1B2aE0KVcHvB5k2Gcu/St0P8WPFzlCtuZthZTKo - hwVc0lC6Xxt25hriaUFinwnyvcjxrLCx0Nq7f9Zn16nJcza5kev1nQ== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDM3FTdXdCM3Z3b2NLR1Bw + OC9HdDlraktMMUxRM3ovSXpScnhEM2U2a1I0CnkwSVZjSVI1UXBUTWJIVFlXRG9t + K1ZhbUtWYzFxSUU2dmMvbkFKVHRLYTAKLS0tIGloNC9JWG9pSTZmNjI0TitSUWQr + NzYyU1UrbS9Fc1ZicTR2NXNIYmpsdXMK5CEi9eLOMyZrs32rEEMAl65LFqN75Iow + bApHV33LVxIYnbBYdPnHKGWj7U5VOPO3krq6q4pW4PViMotUx4BWow== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-04-10T03:53:49Z" - mac: ENC[AES256_GCM,data:ioiGVfCWOn8Hc5EpCtcDTF4YoKtsMAchBlRM0C00WQbM9Ss3571Oly4jtymshDVbDFbH+y0gYcEXn8Fs5XYjd0rIa6mbaISLvPlG+P34SqHcVsh6eDU15z0vTAncbOHrok+/xAmg64WtiBxteMaWPsTVngCrmPYS247eCav+Jpo=,iv:K7PiHNn2IS0pGUh1F75TjliHMk8l6PaHmDshSPPA4BE=,tag:Jd/lHdeWUDQa5AwSwFCeSw==,type:str] - pgp: [] + - recipient: age1x79t4crvt8qj34vn052s0kaj80z87np83adqra953yjpydrzkqqspt6zcj + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDK01iTkVEU3QvbUY0UUR1 + VGQ2djZENnY3TU0wQ3BZa1JhZlduUWwySXlzCjhqM1MrWDV3bW1lUThHU2RXZE9P + VDBZZlNKZVBIdmE1RkVRbTZ2MTM5a2sKLS0tIHdOV004VEtWZ3ZhSXBkejlDSVp0 + MHJubDlRVW40TDVJNnNqQktKcGVVYWcK1nCRXYjyLpNdj2Mnjgop5R6DSpRUSxDT + VstIwZiQgACPKcP7H2dFSPNDaaAH1YqZzqr7ILLV6jYRApZFte/SRw== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2025-05-01T16:16:05Z" + mac: ENC[AES256_GCM,data:sXZm1YVBaF//vU5Vtou4HOvKMZ9L6i9YCH6DASiEE6VQYQ6aN3RI5bf25c9C4Lx7ARxsqCFz1pUVGiSd6AIAx1swSZHwC0nRz77GW9B8S1Gn+uyvVdbhP7xYfJ3XP8jFPJetKQLYIIynjdT7uUA833ZydmtaUC85j+Kmw7aEIoQ=,iv:rXkqJqJX43bLxrjT19mP4qO/fpZboVLN3nbQ7RrJWto=,tag:5ZPThu4YCT0K8GJMmYK6Yg==,type:str] unencrypted_suffix: _unencrypted version: 3.9.4 diff --git a/note.md b/note.md index 6302b94..21a05dd 100644 --- a/note.md +++ b/note.md @@ -2,6 +2,10 @@ Demonstrate disk usage by nix-store path. +## Tools + +- new sops key should be added by using `sops updatekeys` + ## TODO - [x] change caddy admin to unix socket - [ ] admin config persist = false @@ -9,3 +13,4 @@ Demonstrate disk usage by nix-store path. - [ ] backup all directories under /var/lib/forgejo - [ ] collect caddy access logs with promtail (waiting for caddy v2.9.0 release after which log file mode can be set) - [ ] update "https" to "https-file" with dae 1.0.0 +- [ ] move away from dnspod