diff --git a/.sops.yaml b/.sops.yaml index a716cb1..79707f1 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -7,6 +7,7 @@ keys: - &host-la-00 age1fw2sqaa5s9c8ml6ncsexkj8ar4288387ju92ytjys4awf9aw6smqqz94dh - &host-massicot age1jle2auermhswqtehww9gqada8car5aczrx43ztzqf9wtcld0sfmqzaecta - &host-weilite age17r3fxfmt6hgwe984w4lds9u0cnkf5ttq8hnqt800ayfmx7t8t5gqjddyml + - &host-hk-00 age1w3x5mz2g8jc9aq8cajdpg62f8n5p4qr6jgjlxw9seagyw0t0fsuqvkmym0 creation_rules: - path_regex: machines/calcite/secrets.yaml key_groups: @@ -38,6 +39,11 @@ creation_rules: - age: - *xin - *host-la-00 + - path_regex: machines/dolomite/secrets/hk-00.yaml + key_groups: + - age: + - *xin + - *host-hk-00 - path-regex: machines/weilite/secrets.yaml key_groups: - age: @@ -52,6 +58,7 @@ creation_rules: - *host-sgp-00 - *host-tok-00 - *host-la-00 + - *host-hk-00 - *host-massicot - path_regex: home/xin/secrets.yaml key_groups: diff --git a/flake.lock b/flake.lock index 632d531..b7e6d97 100644 --- a/flake.lock +++ b/flake.lock @@ -116,11 +116,11 @@ }, "catppuccin": { "locked": { - "lastModified": 1728407414, - "narHash": "sha256-B8LaxUP93eh+it8RW1pGq4SsU2kj7f0ipzFuhBvpON8=", + "lastModified": 1730458408, + "narHash": "sha256-JQ+SphQn13bdibKUrBBBznYehXX4xJrxD1ifBp6vSWw=", "owner": "catppuccin", "repo": "nix", - "rev": "96cf8b4a05fb23a53c027621b1147b5cf9e5439f", + "rev": "191fbf2d81a63fad8f62f1233c0051f09b75d0ad", "type": "github" }, "original": { @@ -245,11 +245,11 @@ "nixpkgs-lib": "nixpkgs-lib" }, "locked": { - "lastModified": 1727826117, - "narHash": "sha256-K5ZLCyfO/Zj9mPFldf3iwS6oZStJcU4tSpiXTMYaaL0=", + "lastModified": 1730504689, + "narHash": "sha256-hgmguH29K2fvs9szpq2r3pz2/8cJd2LPS+b4tfNFCwE=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "3d04084d54bedc3d6b8b736c70ef449225c361b1", + "rev": "506278e768c2a08bec68eb62932193e341f55c90", "type": "github" }, "original": { @@ -267,11 +267,11 @@ ] }, "locked": { - "lastModified": 1727826117, - "narHash": "sha256-K5ZLCyfO/Zj9mPFldf3iwS6oZStJcU4tSpiXTMYaaL0=", + "lastModified": 1730504689, + "narHash": "sha256-hgmguH29K2fvs9szpq2r3pz2/8cJd2LPS+b4tfNFCwE=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "3d04084d54bedc3d6b8b736c70ef449225c361b1", + "rev": "506278e768c2a08bec68eb62932193e341f55c90", "type": "github" }, "original": { @@ -373,11 +373,11 @@ ] }, "locked": { - "lastModified": 1728727368, - "narHash": "sha256-7FMyNISP7K6XDSIt1NJxkXZnEdV3HZUXvFoBaJ/qdOg=", + "lastModified": 1730302582, + "narHash": "sha256-W1MIJpADXQCgosJZT8qBYLRuZls2KSiKdpnTVdKBuvU=", "owner": "cachix", "repo": "git-hooks.nix", - "rev": "eb74e0be24a11a1531b5b8659535580554d30b28", + "rev": "af8a16fe5c264f5e9e18bcee2859b40a656876cf", "type": "github" }, "original": { @@ -433,11 +433,11 @@ ] }, "locked": { - "lastModified": 1728791962, - "narHash": "sha256-nr5QiXwQcZmf6/auC1UpX8iAtINMtdi2mH+OkqJQVmU=", + "lastModified": 1730837930, + "narHash": "sha256-0kZL4m+bKBJUBQse0HanewWO0g8hDdCvBhudzxgehqc=", "owner": "nix-community", "repo": "home-manager", - "rev": "64c6325b28ebd708653dd41d88f306023f296184", + "rev": "2f607e07f3ac7e53541120536708e824acccfaa8", "type": "github" }, "original": { @@ -455,11 +455,11 @@ ] }, "locked": { - "lastModified": 1728726232, - "narHash": "sha256-8ZWr1HpciQsrFjvPMvZl0W+b0dilZOqXPoKa2Ux36bc=", + "lastModified": 1730490306, + "narHash": "sha256-AvCVDswOUM9D368HxYD25RsSKp+5o0L0/JHADjLoD38=", "owner": "nix-community", "repo": "home-manager", - "rev": "d57112db877f07387ce7104b5ac346ede556d2d7", + "rev": "1743615b61c7285976f85b303a36cdf88a556503", "type": "github" }, "original": { @@ -489,6 +489,36 @@ "type": "github" } }, + "ixx": { + "inputs": { + "flake-utils": [ + "my-nixvim", + "nixvim", + "nuschtosSearch", + "flake-utils" + ], + "nixpkgs": [ + "my-nixvim", + "nixvim", + "nuschtosSearch", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1729544999, + "narHash": "sha256-YcyJLvTmN6uLEBGCvYoMLwsinblXMkoYkNLEO4WnKus=", + "owner": "NuschtOS", + "repo": "ixx", + "rev": "65c207c92befec93e22086da9456d3906a4e999c", + "type": "github" + }, + "original": { + "owner": "NuschtOS", + "ref": "v0.0.5", + "repo": "ixx", + "type": "github" + } + }, "my-nixvim": { "inputs": { "flake-parts": "flake-parts", @@ -498,11 +528,11 @@ "nixvim": "nixvim" }, "locked": { - "lastModified": 1728878762, - "narHash": "sha256-aYYyuY+IM3d/5NbogZx7ctd8bfNmzHklNIwazSn3jx0=", + "lastModified": 1730642581, + "narHash": "sha256-Tcq+RnctJTm+TUr1fN3ivqYNcd1pJnHYzLDQdgUCX70=", "ref": "refs/heads/master", - "rev": "0df66b4ab6faf481b1a94dd2edef66eec8e1efde", - "revCount": 16, + "rev": "a09d2b94efb5e2d801275a244eedaab0816f3702", + "revCount": 18, "type": "git", "url": "https://git.xinyang.life/xin/nixvim" }, @@ -520,11 +550,11 @@ ] }, "locked": { - "lastModified": 1728385805, - "narHash": "sha256-mUd38b0vhB7yzgAjNOaFz7VY9xIVzlbn3P2wjGBcVV0=", + "lastModified": 1730448474, + "narHash": "sha256-qE/cYKBhzxHMtKtLK3hlSR3uzO1pWPGLrBuQK7r0CHc=", "owner": "lnl7", "repo": "nix-darwin", - "rev": "48b50b3b137be5cfb9f4d006835ce7c3fe558ccc", + "rev": "683d0c4cd1102dcccfa3f835565378c7f3cbe05e", "type": "github" }, "original": { @@ -540,11 +570,11 @@ ] }, "locked": { - "lastModified": 1728790083, - "narHash": "sha256-grMdAd4KSU6uPqsfLzA1B/3pb9GtGI9o8qb0qFzEU/Y=", + "lastModified": 1730604744, + "narHash": "sha256-/MK6QU4iOozJ4oHTfZipGtOgaT/uy/Jm4foCqHQeYR4=", "owner": "Mic92", "repo": "nix-index-database", - "rev": "5c54c33aa04df5dd4b0984b7eb861d1981009b22", + "rev": "cc2ddbf2df8ef7cc933543b1b42b845ee4772318", "type": "github" }, "original": { @@ -564,11 +594,11 @@ ] }, "locked": { - "lastModified": 1728179514, - "narHash": "sha256-mOGZFPYm9SuEXnYiXhgs/JmLu7RofRaMpAYyJiWudkc=", + "lastModified": 1730944043, + "narHash": "sha256-DIYTHa57pQQc9ARiMpJWYkaoiTaQPLH7Y4qK0J10Khk=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "018196c371073d669510fd69dd2f6dc0ec608c41", + "rev": "0a959b25ff573f079ed032f88d8c988561b96a96", "type": "github" }, "original": { @@ -579,11 +609,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1728729581, - "narHash": "sha256-oazkQ/z7r43YkDLLQdMg8oIB3CwWNb+2ZrYOxtLEWTQ=", + "lastModified": 1730919458, + "narHash": "sha256-yMO0T0QJlmT/x4HEyvrCyigGrdYfIXX3e5gWqB64wLg=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "a8dd1b21995964b115b1e3ec639dd6ce24ab9806", + "rev": "e1cc1f6483393634aee94514186d21a4871e78d7", "type": "github" }, "original": { @@ -595,11 +625,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1728492678, - "narHash": "sha256-9UTxR8eukdg+XZeHgxW5hQA9fIKHsKCdOIUycTryeVw=", + "lastModified": 1730200266, + "narHash": "sha256-l253w0XMT8nWHGXuXqyiIC/bMvh1VRszGXgdpQlfhvU=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "5633bcff0c6162b9e4b5f1264264611e950c8ec7", + "rev": "807e9154dcb16384b1b765ebe9cd2bba2ac287fd", "type": "github" }, "original": { @@ -611,23 +641,23 @@ }, "nixpkgs-lib": { "locked": { - "lastModified": 1727825735, - "narHash": "sha256-0xHYkMkeLVQAMa7gvkddbPqpxph+hDzdu1XdGPJR+Os=", + "lastModified": 1730504152, + "narHash": "sha256-lXvH/vOfb4aGYyvFmZK/HlsNsr/0CVWlwYvo2rxJk3s=", "type": "tarball", - "url": "https://github.com/NixOS/nixpkgs/archive/fb192fec7cc7a4c26d51779e9bab07ce6fa5597a.tar.gz" + "url": "https://github.com/NixOS/nixpkgs/archive/cc2f28000298e1269cea6612cd06ec9979dd5d7f.tar.gz" }, "original": { "type": "tarball", - "url": "https://github.com/NixOS/nixpkgs/archive/fb192fec7cc7a4c26d51779e9bab07ce6fa5597a.tar.gz" + "url": "https://github.com/NixOS/nixpkgs/archive/cc2f28000298e1269cea6612cd06ec9979dd5d7f.tar.gz" } }, "nixpkgs-stable": { "locked": { - "lastModified": 1728740863, - "narHash": "sha256-u+rxA79a0lyhG+u+oPBRtTDtzz8kvkc9a6SWSt9ekVc=", + "lastModified": 1730741070, + "narHash": "sha256-edm8WG19kWozJ/GqyYx2VjW99EdhjKwbY3ZwdlPAAlo=", "owner": "nixos", "repo": "nixpkgs", - "rev": "a3f9ad65a0bf298ed5847629a57808b97e6e8077", + "rev": "d063c1dd113c91ab27959ba540c0d9753409edf3", "type": "github" }, "original": { @@ -639,11 +669,11 @@ }, "nixpkgs-stable_2": { "locked": { - "lastModified": 1728156290, - "narHash": "sha256-uogSvuAp+1BYtdu6UWuObjHqSbBohpyARXDWqgI12Ss=", + "lastModified": 1730602179, + "narHash": "sha256-efgLzQAWSzJuCLiCaQUCDu4NudNlHdg2NzGLX5GYaEY=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "17ae88b569bb15590549ff478bab6494dde4a907", + "rev": "3c2f1c4ca372622cb2f9de8016c9a0b1cbd0f37c", "type": "github" }, "original": { @@ -655,11 +685,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1728876479, - "narHash": "sha256-tjVsONpCYX+pOBqpnLsNOcd9DpbzG2Tnm8K/lgTqQc8=", + "lastModified": 1730961289, + "narHash": "sha256-WrHPXxaPWDqu5r/546jf1pdfvEEuf0CIPuo7HjRLDdU=", "owner": "xinyangli", "repo": "nixpkgs", - "rev": "5f7b4a8a49de5fb589a4f67f1ec888382312a490", + "rev": "82596c07592c14102071f72488ace046aa8e93a9", "type": "github" }, "original": { @@ -698,11 +728,11 @@ "treefmt-nix": "treefmt-nix" }, "locked": { - "lastModified": 1728829992, - "narHash": "sha256-722PdOQ4uTTAOyS3Ze4H7LXDNVi9FecKbLEvj3Qu0hM=", + "lastModified": 1730569492, + "narHash": "sha256-NByr7l7JetL9kIrdCOcRqBu+lAkruYXETp1DMiDHNQs=", "owner": "nix-community", "repo": "nixvim", - "rev": "619e24366e8ad34230d65a323d26ca981bfa6927", + "rev": "6f210158b03b01a1fd44bf3968165e6da80635ce", "type": "github" }, "original": { @@ -713,11 +743,11 @@ }, "nur": { "locked": { - "lastModified": 1728878648, - "narHash": "sha256-JYNGkY30+zGclR1zebnyHOtRhWKfKHLw6T4IoqhmJFs=", + "lastModified": 1730959878, + "narHash": "sha256-UZ6oSptjE04ooORHvvR+kiGnr/nhzWgYwGryxUkKAv0=", "owner": "nix-community", "repo": "NUR", - "rev": "23d88faa35dc9de0e35fc3dc2a863c4cf451a8f8", + "rev": "bc4d2a3b71c75d81cc247b1bf991b63f75358004", "type": "github" }, "original": { @@ -729,6 +759,7 @@ "nuschtosSearch": { "inputs": { "flake-utils": "flake-utils_2", + "ixx": "ixx", "nixpkgs": [ "my-nixvim", "nixvim", @@ -736,11 +767,11 @@ ] }, "locked": { - "lastModified": 1728701796, - "narHash": "sha256-FTDCOUnq+gdnHC3p5eisv1X1mMtKJDNMegwpZjRzQKY=", + "lastModified": 1730515563, + "narHash": "sha256-8lklUZRV7nwkPLF3roxzi4C2oyLydDXyAzAnDvjkOms=", "owner": "NuschtOS", "repo": "search", - "rev": "9578d865b081c29ae98131caf7d2f69a42f0ca6e", + "rev": "9e22bd742480916ff5d0ab20ca2522eaa3fa061e", "type": "github" }, "original": { @@ -774,11 +805,11 @@ "nixpkgs-stable": "nixpkgs-stable_2" }, "locked": { - "lastModified": 1728345710, - "narHash": "sha256-lpunY1+bf90ts+sA2/FgxVNIegPDKCpEoWwOPu4ITTQ=", + "lastModified": 1730883027, + "narHash": "sha256-pvXMOJIqRW0trsW+FzRMl6d5PbsM4rWfD5lcKCOrrwI=", "owner": "Mic92", "repo": "sops-nix", - "rev": "06535d0e3d0201e6a8080dd32dbfde339b94f01b", + "rev": "c5ae1e214ff935f2d3593187a131becb289ea639", "type": "github" }, "original": { @@ -871,11 +902,11 @@ ] }, "locked": { - "lastModified": 1727984844, - "narHash": "sha256-xpRqITAoD8rHlXQafYZOLvUXCF6cnZkPfoq67ThN0Hc=", + "lastModified": 1730321837, + "narHash": "sha256-vK+a09qq19QNu2MlLcvN4qcRctJbqWkX7ahgPZ/+maI=", "owner": "numtide", "repo": "treefmt-nix", - "rev": "4446c7a6fc0775df028c5a3f6727945ba8400e64", + "rev": "746901bb8dba96d154b66492a29f5db0693dbfcc", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index 4af8705..7bc10db 100644 --- a/flake.nix +++ b/flake.nix @@ -204,11 +204,25 @@ }; }; + hk-00 = + { ... }: + { + imports = [ machines/dolomite ] ++ sharedColmenaModules; + nixpkgs.system = "x86_64-linux"; + networking.hostName = "hk-00"; + system.stateVersion = "24.05"; + deployment = { + targetHost = "hk-00.video.namely.icu"; + buildOnTarget = false; + tags = [ "proxy" ]; + }; + }; + raspite = { ... }: { deployment = { - targetHost = "raspite.local"; + targetHost = "raspite.coho-tet.ts.net"; buildOnTarget = false; }; nixpkgs.system = "aarch64-linux"; diff --git a/home/xin/calcite.nix b/home/xin/calcite.nix index 20b90e6..b90e361 100644 --- a/home/xin/calcite.nix +++ b/home/xin/calcite.nix @@ -29,7 +29,7 @@ }; home.packages = with pkgs; [ - betterbird + thunderbird remmina ]; diff --git a/machines/calcite/configuration.nix b/machines/calcite/configuration.nix index 4601e8c..7fa91d2 100644 --- a/machines/calcite/configuration.nix +++ b/machines/calcite/configuration.nix @@ -225,6 +225,8 @@ # ==== GUI Softwares ==== # + eudic + # Gnome tweaks gnomeExtensions.paperwm gnomeExtensions.search-light @@ -348,11 +350,11 @@ fontconfig = { defaultFonts = { serif = [ - "Noto Serif CJK SC" + "Source Han Serif SC" "Ubuntu" ]; sansSerif = [ - "Noto Sans CJK SC" + "Source Han Sans SC" "Ubuntu" ]; monospace = [ diff --git a/machines/dolomite/claw.nix b/machines/dolomite/claw.nix new file mode 100644 index 0000000..82bad29 --- /dev/null +++ b/machines/dolomite/claw.nix @@ -0,0 +1,57 @@ +{ + lib, + modulesPath, + ... +}: + +{ + imports = [ + (modulesPath + "/profiles/qemu-guest.nix") + ]; + + options = { + isClaw = lib.mkEnableOption "Lightsail instance"; + }; + + config = { + boot.initrd.availableKernelModules = [ + "uhci_hcd" + "virtio_blk" + "ahci" + "ata_piix" + "virtio_pci" + "xen_blkfront" + "vmw_pvscsi" + ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ ]; + boot.extraModulePackages = [ ]; + boot.loader.grub = { + enable = true; + device = "/dev/vda"; + }; + + fileSystems."/" = { + device = "/dev/disk/by-uuid/fe563e38-9a57-447a-ba57-c3e53ddd84ee"; + fsType = "ext4"; + }; + + swapDevices = [ ]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useNetworkd = true; + systemd.network.networks."10-wan" = { + matchConfig.MACAddress = "00:16:3e:0a:ec:45"; + networkConfig.DHCP = "ipv4"; + dhcpV4Config = { + UseDNS = true; + }; + }; + # networking.interfaces.eth0.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + }; +} diff --git a/machines/dolomite/default.nix b/machines/dolomite/default.nix index 0576114..32e2425 100644 --- a/machines/dolomite/default.nix +++ b/machines/dolomite/default.nix @@ -2,17 +2,20 @@ let awsHosts = [ "tok-00" ]; bwgHosts = [ "la-00" ]; + clawHosts = [ "hk-00" ]; in { imports = [ ../sops.nix ./bandwagon.nix ./lightsail.nix + ./claw.nix ]; config = { isBandwagon = builtins.elem config.networking.hostName bwgHosts; isLightsail = builtins.elem config.networking.hostName awsHosts; + isClaw = builtins.elem config.networking.hostName clawHosts; sops = { secrets = { wg_private_key = { diff --git a/machines/dolomite/secrets/hk-00.yaml b/machines/dolomite/secrets/hk-00.yaml new file mode 100644 index 0000000..91d6540 --- /dev/null +++ b/machines/dolomite/secrets/hk-00.yaml @@ -0,0 +1,31 @@ +wg_private_key: ENC[AES256_GCM,data:M4lSTVf5cCbjuPjabYzGV1RQ0ZarM9vP2V8l1MJbLCKPTKGZV5wi9a3IIzA=,iv:M9jU7/xpzHxV3pYIfZqxGnsnbrx8wKN4zKa4qqyL7ak=,tag:+sQMIpmEwqOsBWBnqN6J1Q==,type:str] +wg_ipv6_local_addr: ENC[AES256_GCM,data:mzZDRHo5bD6Vji4LuvE8vEmQR/J5MeCXuS0DVihJcQdBw/NJ5zdATNVD,iv:5OevY9C3oqPhhksnd5itz8TWorFsm/mjs430c2ki+ZM=,tag:/hixvECSasepzvZdBOoO7g==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1uw059wcwfvd9xuj0hpqzqpeg7qemecspjrsatg37wc7rs2pumfdsgken0c + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBkNmVpY09ZNzhacDdpdVUr + SGc2NGNrRWlMMzE2RVNSN0tHTGNoeVhlWUFRCnpqNy9qMExKUFA0akFnNG1HS0h2 + NXlmWkJMemJkam5oSEFaSENkRTRnczQKLS0tIGNha0RWbGFUWGpROEdoKy9WbC9n + WTUrUjMydHRHODN3TDhyakpHNG1hZjQKR3I8TwUDvvht9ck8YIplCjafhUdvxw7M + VNSjUoacKg0Uu5m777UlBpDdDXBwulrVryFxrKA0Q395+YRJ2Sg0wQ== + -----END AGE ENCRYPTED FILE----- + - recipient: age1w3x5mz2g8jc9aq8cajdpg62f8n5p4qr6jgjlxw9seagyw0t0fsuqvkmym0 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKZC9GU085TmV6b1FsdGFw + OEFJeVM1WFJib1lFM1luQmlQSGt3Ym1PaVVjCkd4TmhIcVB2Nk4xaHdwSVVHOGJJ + TVErNHZ1ZURKMmk2SzJUajFTV0tJSE0KLS0tIG5jVnZHNm55dncvaDdsWXNidDB1 + TURVTjR3RUJzMmxmNVIyTk5rM0YvMU0KP3R78NlGqbRHmSn2WqanPq8Y9m+olBLO + 2CTJI9QQfPACzz9KoEt5hlpqVpsgQT9CGDpyYEwXrFyxFY4QIh5NPw== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2024-10-17T10:52:20Z" + mac: ENC[AES256_GCM,data:lxqZaTqs5d/b/iIZ7BbD2jYJq3fTIbFlbdwKbCAAiXJv8abxN6SjOKuecKEvkJ0Y7qf2e0Cl8lbRwSy5FJb9Wsl9O4LzF0KBu0lssnBtDuZujFldgxJSWB8kQ3vMsPQ+NbmRME3zdKazmuhEwS0h/O6L6KmnfHjtfnDpAjYD+MY=,iv:Xue3R2qGxiw5/hjr9dLiLqeKDTpnwAnx8v9M3qjz5EM=,tag:T67z1oCMoW/ApF6tFJL3dA==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.9.1 diff --git a/machines/raspite/configuration.nix b/machines/raspite/configuration.nix index 049e67e..234d0e9 100644 --- a/machines/raspite/configuration.nix +++ b/machines/raspite/configuration.nix @@ -8,7 +8,10 @@ { imports = [ ./hass.nix ]; - commonSettings.nix.enableMirrors = true; + commonSettings = { + nix.enableMirrors = true; + auth.enable = true; + }; nixpkgs.overlays = [ # Workaround https://github.com/NixOS/nixpkgs/issues/126755#issuecomment-869149243 @@ -33,25 +36,15 @@ # boot.kernelPackages = pkgs.linuxPackages_stable; - custom.kanidm-client = { - enable = true; - uri = "https://auth.xinyang.life"; - asSSHAuth = { - enable = true; - allowedGroups = [ "linux_users" ]; - hardening = true; - }; - sudoers = [ "xin@auth.xinyang.life" ]; - }; - - security.sudo = { - execWheelOnly = true; - wheelNeedsPassword = false; - }; - # fileSystems."/".fsType = lib.mkForce "btrfs"; boot.supportedFilesystems.zfs = lib.mkForce false; - services.dae.enable = false; + services.dae.enable = true; services.dae.configFile = "/var/lib/dae/config.dae"; + + services.tailscale = { + enable = true; + permitCertUid = config.services.caddy.user; + openFirewall = true; + }; } diff --git a/machines/raspite/hass.nix b/machines/raspite/hass.nix index 68d161b..f7b682e 100644 --- a/machines/raspite/hass.nix +++ b/machines/raspite/hass.nix @@ -2,22 +2,21 @@ { services.home-assistant = { enable = true; - extraComponents = [ - "default_config" - "esphome" - "met" - "radio_browser" - ]; openFirewall = false; config = { default_config = { }; http = { - server_host = "::1"; - base_url = "raspite.local:1000"; - use_x_forward_for = true; - trusted_proxies = [ "::1" ]; + server_host = "127.0.0.1"; + use_x_forwarded_for = true; + trusted_proxies = [ "127.0.0.1" ]; }; }; + extraPackages = + python3Packages: with python3Packages; [ + # speed up aiohttp + isal + zlib-ng + ]; }; services.esphome = { @@ -27,23 +26,28 @@ users.groups.dialout.members = config.users.groups.wheel.members; - environment.systemPackages = with pkgs; [ zigbee2mqtt ]; + services.mosquitto = { + enable = true; + }; - networking.firewall.allowedTCPPorts = [ - 1000 - 1001 - ]; + services.zigbee2mqtt = { + enable = true; + settings = { + home-assistant = config.services.home-assistant.enable; + permit_join = true; + serial = { + port = "/dev/ttyUSB0"; + }; + }; + }; + + networking.firewall.allowedTCPPorts = [ 8443 ]; services.caddy = { enable = true; virtualHosts = { - # reverse_proxy ${config.services.home-assistant.config.http.server_host}:${toString config.services.home-assistant.config.http.server_port} - "raspite.local:1000".extraConfig = '' - reverse_proxy http://[::1]:8123 - ''; - - "raspite.local:1001".extraConfig = '' - reverse_proxy ${config.services.esphome.address}:${toString config.services.esphome.port} + "raspite.coho-tet.ts.net".extraConfig = '' + reverse_proxy ${config.services.home-assistant.config.http.server_host}:${toString config.services.home-assistant.config.http.server_port} ''; }; }; diff --git a/machines/secrets.yaml b/machines/secrets.yaml index dec3d21..58dc777 100644 --- a/machines/secrets.yaml +++ b/machines/secrets.yaml @@ -1,13 +1,13 @@ -clash_subscription_link: ENC[AES256_GCM,data:Vwy0c8gOeR1XG/QNp8TGuBe/5kezD7SSStN/iCnihbbJYW78LNfPfvmVAEXjQlf5Ycts2Cb2JHGtWp3rmQQtWBx8LfIewqhNDk9fCywqIv7uSmqVpJNTHfYhjpF6PLvtz51VfTKph+fplZ9dMu23P9g7Wn6dzVizo8DX6xHWN2jDyHza5zkiNrzbmiaLwbLu1dAzvNSI67A=,iv:pZ189IPPCBjscXzEdgQCRdFlls3TniwDfNCd+H1FFaQ=,tag:dpt+3kdx8m1f0X0SHm+ATA==,type:str] -autofs-nas: ENC[AES256_GCM,data:wcrA2t8/i9PaxA1PQ3CDVJZUhVchGV4vCfa5j/ReNahKV3cfDf2owbpeB827sMpjYyyvSH6nri7mra/BLMAPcgySCpZNAgdR9DQZXAQ=,iv:QJzsS5a6vWeoBxkB13yXdVbyn0tt2QTvqj0LaHn6S2g=,tag:TtgubLgWBBzl67MVal5BvQ==,type:str] -autofs-nas-secret: ENC[AES256_GCM,data:OBh8h5CFv1Z4G6bMesna4zmXNASKhYdjFBvg47T9aKBCLDp/xVWnnQj8N7AFGg49wJ+0gYuqb33lIqpSnQ==,iv:UCaGeE8j4RqJzA0xhu3oB2xvzombzQD3fjLKCWd5fDg=,tag:+Oc78ddpLH7R2aT7gW3Ouw==,type:str] -github_public_token: ENC[AES256_GCM,data:AmAfmq5mDGxmHUUlGzD7k50jRTCcnZqqFdYdrMtYysmw6FUjPc1YgsEVNqHOjiEMYbr8Gs+wjVu8BYIuh1wuDzOOfE+ejIbosrOtK4dCapmIzZFlRiK/AyrUCm2qDWUObhJDPMJN4px947VFJ5to5GLifGEXdUGm,iv:PJSFtJBelyc3rzd6hqjMp+ciU2Q3FTOEXsiq5F2KKTY=,tag:MjrTl+4+8SZeBDJpUJtsiw==,type:str] -singbox_sg_server: ENC[AES256_GCM,data:5rogqKm5yiy5Yvz4Vo1a6Q==,iv:Vx9wNTdVHkReux4YeQY+0VkC1Wqg/CRkY7frVY/3e50=,tag:9fVlCP/DadcOvhO3c1oCzw==,type:str] -singbox_jp_server: ENC[AES256_GCM,data:xKTcxkcu1WIsT/wlMpEoqGJK,iv:nXetY339YuOi2jFEb3xkPTglHRMk/quIrQL4ko+8MxY=,tag:+Nwsx65/gdrDhL1ZurR5Ng==,type:str] -singbox_password: ENC[AES256_GCM,data:0tBIzwtNSQqbGlD+CDnQfJigbFVBChEL,iv:W2HaHeSkvmS6jHSnfOJ6tD2QXuUq1A+mfZf7sEXB++E=,tag:5BtYAv1NO70IL4m/uG8QKA==,type:str] -singbox_uuid: ENC[AES256_GCM,data:ufN+vDl/rDASoQL23tHwlr3ybMyrlC/Kd7bT0c5+SP+bc6Zj,iv:+uwt/N9LpFaJK6MjoczyrZ039MDZn4kRmtEoq4OvdFU=,tag:6Yma9+yrISwQoSRDgUbuwA==,type:str] -grafana_cloud_api: ENC[AES256_GCM,data:Pz+tE09dcJa+ZEWS3vtpOtitGCA9Cg/+gOd/0FsF8ooxzPyN9/UMuTcP02aIPW5v7yZCkGJOAXufIyechNf0crgAV/KmwGGwixH7I+1f3sDtGiFZEMnQgrysyfJo0KIrIZ8XP0SyXDs3vKjDU8cUI4+IyucHacWQ1kWdEtINjcPNHRPS2yaMUIvsRn0z8Cs2byMD3ghUHHHOz40CuO6r4A==,iv:cHvbeCmLFmJPNKsl1BBYx9WJP7ZJWi+8c9yHZWc6FTs=,tag:yWXtPokYE4frCmzzzyEqEg==,type:str] -private_dns_address: ENC[AES256_GCM,data:m/u3oc+6ef8dLa7Dpu+5T9TTSdXqJjS9ecA+sPj0r8qX06+QgiQnpmEW4w==,iv:8+qG5rQXAKfrykEjt9qrbtyNaBuKvi7EaIWouRqEipY=,tag:XlMccTKL239/NnAprtqYrg==,type:str] +clash_subscription_link: ENC[AES256_GCM,data:uDaX2BE/qRdfXVtckX0VKpu0LN3j0YaxVIPbQt3tGAfdfqFqlp0IzFgNiZBIEcIltYkeEyqFSA0QnttoMb0QYe9f2rtgjztwk10SOGViGaeFWPfkdlHP04qhm5OOOddi3OwT5rUNwvBU79AdCnLJ9QwqMbOaNm/JTtbkcjf8huxc2UcYAQcY/YNJ7aTEhWIw98Ab85aih+w=,iv:pZ189IPPCBjscXzEdgQCRdFlls3TniwDfNCd+H1FFaQ=,tag:dMmGZvppWtkc82b5dTnJwg==,type:str] +autofs-nas: ENC[AES256_GCM,data:LnCKGKARx6Vd99VwAX/6PXOJwo+a7GP8fNmM9yuuC2xITGxtWCsDdOZL1+IA5LS/gbOYINgQWDzWirJF3LCP27BQeLwXYpD7/UAwwVI=,iv:QJzsS5a6vWeoBxkB13yXdVbyn0tt2QTvqj0LaHn6S2g=,tag:D/JKXQIw1EzIh3wjGhHgHg==,type:str] +autofs-nas-secret: ENC[AES256_GCM,data:gbOizRZAvh79HlJWIWeKTk79Ux311XGL1eIswc0P2U2huCibD/ji3kOlSjZXENG+fJQKNz2AlDTk3g2cQQ==,iv:UCaGeE8j4RqJzA0xhu3oB2xvzombzQD3fjLKCWd5fDg=,tag:II4eEMr7f2TDUl1qUcDYXA==,type:str] +github_public_token: ENC[AES256_GCM,data:6Gt+oJcCRHeoLK7CRndMMbszTXSEbnN0nQzsVOnl/+zB4hxbEPD5k/vkkl+cZ/qmxdxFXV0OOsYvktn44Yv1DMUE3mkB0hcAdoyPwLuYM7W3RpOoW3OktH8DRCUi6msvFp3ykpdmIl9WyjVhc/lMwTaYJQyRh1ue,iv:PJSFtJBelyc3rzd6hqjMp+ciU2Q3FTOEXsiq5F2KKTY=,tag:Y/stRg6kwyjjIFZCXS/peg==,type:str] +singbox_sg_server: ENC[AES256_GCM,data:SF2ja6W4TwThwoug5x2KTA==,iv:Vx9wNTdVHkReux4YeQY+0VkC1Wqg/CRkY7frVY/3e50=,tag:7XA9KSoR0GA6FoYRhCv4BQ==,type:str] +singbox_jp_server: ENC[AES256_GCM,data:S3Bs5yVMzyz6vD51GYElOM5h,iv:nXetY339YuOi2jFEb3xkPTglHRMk/quIrQL4ko+8MxY=,tag:o9d55cZuWmX4NDYexWjvYQ==,type:str] +singbox_password: ENC[AES256_GCM,data:bZ50/gG53D9fyGnQ7ky8VRdNEDhGjbFD,iv:W2HaHeSkvmS6jHSnfOJ6tD2QXuUq1A+mfZf7sEXB++E=,tag:nbr2zNCs3RAr/uidkp08ng==,type:str] +singbox_uuid: ENC[AES256_GCM,data:gYppcUvF5Aj4mBQTMy56kb9JazUM6SeiYLspqiZjbTkPOhhk,iv:+uwt/N9LpFaJK6MjoczyrZ039MDZn4kRmtEoq4OvdFU=,tag:IiBZRfFpjKB/swmJNjodyA==,type:str] +grafana_cloud_api: ENC[AES256_GCM,data:eEvPAwtThK1FMhbrnmSo89+GlWZAF+LQRMLXA2C6f1vR7ZPlXJZGWzjYwDcPlnpiC737/cG14M4kZqvPGBuNub5A83rBS/+FeebvGDIF59L5PC1Ys1jWBB9YRI/L9EU0tvwTTUCvLRA9j28n7Jw7wR6mWXm63XA+OMu8/UbTwbeV/WUQn8vnwqadSUdCnNKJXMsAY+q9t/st0DPm5+aNxA==,iv:cHvbeCmLFmJPNKsl1BBYx9WJP7ZJWi+8c9yHZWc6FTs=,tag:87C+0FVvzDIowE0+QpY1zA==,type:str] +private_dns_address: ENC[AES256_GCM,data:YJxNOH4hsZHResvANEqJRTANhnL4PLp/Pmi/PhgtSTbTKiJKPqudhTEkNg==,iv:8+qG5rQXAKfrykEjt9qrbtyNaBuKvi7EaIWouRqEipY=,tag:VH0w5ZbXcWFGZ9GLavm7/w==,type:str] sops: kms: [] gcp_kms: [] @@ -17,68 +17,77 @@ sops: - recipient: age1uw059wcwfvd9xuj0hpqzqpeg7qemecspjrsatg37wc7rs2pumfdsgken0c enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBMdjlhNVZpUjYzRTVXNG9Y - S0lEUVdoM003YVZoeXYyOXdwY3Rla3VJSkZvCkl0a3FPeVpMY1JTWkdCb3NaeVBQ - dHVSVzg1cDNIS3JnMmYxbUlzbjFicG8KLS0tIHFENDNaZENzSzJQZDVLSVJ5VHBP - aVpJN1dkbEQ2djQyWVdRTUx4NGdaaTgKgfcGovmMgVFHkPLHT7C5bg75LXg8MFK0 - s8IL8qhHif4uzMuFjdw9MzyuQc1bqGzazX5YC1MYLYCOWHRlLq9mXw== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBiRzZVNGFocUN2VzZLTmJz + WlJnUmxhZS92citDRkVZVnJZQU9YWVZORlNjCkgzeWl5dTl1YmpjZGt2anF3dGgr + K1hOSTRmakNrZ2JoNit3NDIzK1FCcWMKLS0tIEdqY3VvR3gxd1JoQlhPR3JvcXBF + K2g4VFpqUEF5RTQ3cmpUSG0xajN2bUUKMuwx5cO1nHokV1NOloXfl9wTBN/+/Rlq + UJKP/qaI23tpyMXN1U40iF20ecO1U5Ad8wAQ61C/tldSVULizDihpw== -----END AGE ENCRYPTED FILE----- - recipient: age1ytwfqfeez3dqtazyjltn7mznccwx3ua8djhned7n8mxqhw4p6e5s97skfa enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBWQXdMdzMxNzE3SHpZR09w - OTFtNzJLdVk5bWlyNGl4RzA4NWFUQTlvbUQ4ClhGZHI3ekJWYnNwamJXWWVtc3do - TXpoWERqT24rMjRtQUJUb2RKSm9BUjQKLS0tIHd6QXUrWVJ5aU52VEtDL01Kd2d2 - V3U4cTNoVzYzdmt5YkpNUmsyUWtCaEkKhxEQVVt2zvVGFGtlfPr0sQ7b0yUDRDOV - CN8nxyO0NiuvEKSkw+KCkcNWNQZDnHTQ3pwWyAohRZk3vB/RSuApCg== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBMYXlwdytVSm1SQzRubHdX + dHhrTWxyamo3OFRraEVRQ3plK1cwUWt0a1JRCkdqaVRTQ0NaTkdoMlpDT3Yyallq + eTd0bDViVTgwZGRTUmlYTzR0Y09iWWcKLS0tIEFlQnFPVFRVNlAxdExMekJ2b295 + UUJkUUZCNUZnbkNFZHVBYXNHQklOL2MKujgh6REuAKu6ZLVA7atiWUqhnvYJnQjb + WsxCa9ZXZRgfbhcNlZ3qIKJpWWI/RMS17+Nm5yIl+2cSqe2UJMjZdg== -----END AGE ENCRYPTED FILE----- - recipient: age1nugzw24upk8pz5lyz2z89qk8se4gpcsg3ypcs58nykncr56sevrsm8qpvj enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBsdlh1Kyt4KzlFR2RkTmFo - S00zK1RDNnJwVzQ4Um93TDBEcnJZUjJLUG00CjloMFdaNm5LU2lRRVpnM0RpN3BR - Ly9pUkxuZHd3NHJRSG1Ha3ZVcE50RkUKLS0tIDN1K0xnb01EL2Q3aG5RV0grdmdl - TWh3ZStZQ3lNYkh2cjJ1RWhLRDJ0KzQK/+R6hFg8ErtT/rkSOCwRdArTPIE/J9Yv - 2qZmREM7q99L5w6lEBTn9SRekowk0ncwIoTxRfn576wyl++b8gBv9Q== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBHNXQ4RVVRd3RYRkhUVExG + SHJON0hwSmJtUkYrd1dldHJRN2tPKzBsNlNjCi9xYVhaanF5TDU2Q0xadXNWR2tN + dHhQVkpRREFlRm5MM2pwVytEaGhHT0EKLS0tIE9sRUtLako3cnAxNm82RDhiWEVM + ZW1IMXkzYkhqbW1ZdVRabUlkK2oxSTgKHC22uQqMq+cJ7vrONkGgoH8snxGef6Ft + QbtoJziERjAhK6B7TOY8AJ3WVRpCzZN70HjLNYa+bMMNOvmlsVxfZg== -----END AGE ENCRYPTED FILE----- - recipient: age13s6rwd3wjk2x5wkn69tdczhl3l5d7mfmlv90efsv4q67jne43qss9tcakx enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJelptN09Oa0NRdTFER2du - clZGM09uMlhpMlZDQ2VvTTZOZ09VWGNwaWpjCmRuMjM3VTRpT3hRaWpEYW5HaWRr - K2pEM3dLYjhSS25hSUtrYkRvYXpCd2MKLS0tIHU2eDlXdVBlZUFTMjYxRTladVJV - cjZ0dGtmM29YdXI5Z1RpVVdRSktBU2MKdR5d6fb2EHX5j51qE5gg0GXKjy4fCpT0 - Q+fZslCPDZqaOX/9kGT874TuW4CC1wttpsCDNIEzrX54SvIGfsVPgg== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAwSmZ5YUpFdzRNdWZVNmxJ + bm5ucUhVeTV2TkE4ZElkZ1N3aXc2eVEwMlRNCmxXRElPb2pGYzJFVnUxQkRtMlNF + cjgwUzh5UWNLTk01U0h2bHNpaXVzZkkKLS0tIDczUkkwTG8rL1V3UU9lenk4V2tl + TUxDd2huTllMRG9MZTJZdzRwaWxqUVEKLA3y+heUA8cK31LZzv5A1wtgf+sauuwE + 7SGU3uYU650tJM3e6Lveo+JOAD7Z1jrAomT5Bub+jjSHnpeFC9yMbA== -----END AGE ENCRYPTED FILE----- - recipient: age1t5nw2jx4dw67jkf72uxcxt72j7lq3xyj35lvl09f8kala90h2g2s2a5yvj enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBmRUhOaVhSMFJFcC9qYytK - dHJ1ZUg1SWRBeTVSeFhDRW1VbG1HWUJaUEhvCnBOaENFUXlJWHAxQ0ZGVGFxQkpC - b3dwb0VJVTR1MUNDT3VQR0tsNE5vUDQKLS0tIEJkbWN5MWRtKzRveldvT2dMR2k1 - djdBQzNvSFNPRDZwN1B1dG5sUzlRdzgK35bNxRGDQw+dtnXcXSXk67kJFce52vqn - srABR9FOYmSfesLKXOdKItLAGffkfB7kuiXO7CvyVTkgJOjBgK6Tnw== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB4enA2bnlrV3ViY1RHaTVS + Ym5VV005NFlXZUl2NDNXYXBoOHh0SGQ0YVNnCm1KdHBSeE9lQzZEM2hFZUwzRitS + K3BEWGhtWmxKc2RJd0FTMEs2b1ArOUkKLS0tIG5kaWc3U0o4SG9teXk5dVZWWjkz + cS9VMU5YbEl3UE5mODJ1THNLVEdVblEKNQF0b9r1XPD819Z6Uy0b9hT4Uek2tNWU + 3z3H7V/UiB1TMW+qgs6BC6bDkDf7oG//qmZEdYF+lDXcNSwai25xyg== -----END AGE ENCRYPTED FILE----- - recipient: age1fw2sqaa5s9c8ml6ncsexkj8ar4288387ju92ytjys4awf9aw6smqqz94dh enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNb2JOOUlGL1pCVXVYZk1j - cWg0NE13WnBUWDA4VTNRdlNmWktRN0lJbkVBCkpHTklwbnFsd0NBOTY5V0JCTVJN - alVFeW41ajlZR2dHZDlrL2FtazB6QU0KLS0tIDhoTXppS0lnZmFJY1lhSDBudVB4 - NHFLdnorOUtJSzVPWldYakppZFJwdlEKbZnT7m6R7H/yLG+tDbQECgQVGX0xT4jC - 67z8k6xbnsT2srhhXk/NHi+/j7AcHhPG6cTO1z8MrxkMikk8ihU1Iw== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBreHJNRXlpOEh6YUxaSmJj + ZDlVdHh2b1p6aEs3eDAvbkk4WExxWmE5bDM0CkZzT2l1K09UbmNFNEpZUVY2NVlB + dVFYbnpvTjlUcTdZejMrelpscXRJQzAKLS0tIEVIaVByVmp0aUU1ZWJLajBhcjRk + QVZMRXBRVVhaY3JKZEJjMTdEeEVqcWMKT+DoevNQAxCrty2VkRDLWGFzs9GsW3F7 + txz73tAceAIiocC1z7IV2TaYULYf7Z75HAje/SOTlGHBIDiVZ0vyLw== -----END AGE ENCRYPTED FILE----- - recipient: age1jle2auermhswqtehww9gqada8car5aczrx43ztzqf9wtcld0sfmqzaecta enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBIaHFOa1ArRW5xWFAyWXlh - enpQUzZKbFFFUzN1cisrd2JGelpXSWppRnhvCmY5VDlSTFhJakt3aU8zYjRrZXVQ - b3o2NlpCeGZZU1ROeW5XOFVpdEZnZXcKLS0tIGZ5M2IxNHp0Qm8rckROdy96a0pG - NjVEaWN3cU1rRjQ2a29wV1g1NzE0UTAKNefzj+p+U735LHqm5lnWGHCARuqvFmgA - 6bxJN9frAMZQIXZSwOTrfpYrTmKcBLcfWxq7LUPluw9HinQnkFpWqg== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBEZEJHQlJqMWxob1lxOUFK + dDZIN3FaNWR1L0gyN3I1MXVXZlpzdlpQUHpjCmIwTWhRamZvSTF3cHZMNk9YUlRv + U2tOK3E5MFBFNERsUHVzVnhsUDFRd00KLS0tIFd1MUpaaFU0bWdVRjJ6NjFwcFZt + bkJGWFFWanFBK1drZlBNcHo0c3Bjc00K/vPBLocRhtcJ3snGYFr+H7qhbg6iSSPP + OSH8WnaM5JmmA9IQlm5uGiG74PHi5sg5d+bwG8pPQtMKN+Ndxh7JIA== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-07-17T03:43:42Z" - mac: ENC[AES256_GCM,data:5dnJSeY8lZrIo/bl8MECwmaQo+fQ+BEun9BQ7tFHUo1lzk4wn2N1RuPMuPLPE1wARfOJR2lUyh+o3froFqQT6EGDhA68ETHxm+NqxbstouK+pSu0WJzg7ImuAuzd8B81xXBTQj6umOZy6oRsgvAYo2C8aEfzs19+kYrAM4bXo7k=,iv:YvtOVDD347fCFvqyTljHOQm6ewSR01WlYVBNVdm/BNc=,tag:r/HzESO6csxzLJMHTRC7bA==,type:str] + - recipient: age1w3x5mz2g8jc9aq8cajdpg62f8n5p4qr6jgjlxw9seagyw0t0fsuqvkmym0 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBlN291MzZOaU4zazhEeXBh + WlhoYmh2ZDBsZmc3cEthdW5paWpXbXQvUG1FCjBLZ0FPVWR3T2pVWTZrRmkxSWUr + MHhkUFFPK1Z0b2t1Z1J0VjlER1JvcGMKLS0tIE45YndxVW4vak1wcEJoZzhHQ0E0 + NzA1cy80ZW5vUFplQzVMZ0txSmVkMUEKFUvgmJNdo9sV33gOx7LVUSCYvIqCNwaP + u+XoWTfg4kp9f4KVTy/8huPsVLhZBUaf6jI10mV2z4QwaLHje4JiHw== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2024-10-17T12:19:12Z" + mac: ENC[AES256_GCM,data:3Z22GxxDjR2FVZ7VnFY/QhQ1i//1WC93GIwK4d51i13OWmcb71UPmmA6O/HlvLdP6goFCj95eRMUEiiVcdKagt1ca6HsDd6bkOEXwdl//fgOHUsgx5SNtA4kVJwK2bJuUvG72aOiLq89qvNprMLslJ47YqS9WM3rudk3Wp/P+og=,iv:GMN806nsrQg0+ZS0AReamzVv2FrLGELfA6x3RLNE/II=,tag:j2Bq9xYETCSL13zHx1BztA==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.9.0 diff --git a/machines/weilite/default.nix b/machines/weilite/default.nix index ea52862..2fdacc1 100644 --- a/machines/weilite/default.nix +++ b/machines/weilite/default.nix @@ -108,9 +108,9 @@ host = "127.0.0.1"; port = 3001; openFirewall = true; - machine-learning.enable = false; + machine-learning.enable = true; environment = { - IMMICH_MACHINE_LEARNING_ENABLED = "false"; + IMMICH_MACHINE_LEARNING_ENABLED = "true"; }; database.enable = true; }; diff --git a/overlays/add-pkgs.nix b/overlays/add-pkgs.nix index 65b2131..35b6981 100644 --- a/overlays/add-pkgs.nix +++ b/overlays/add-pkgs.nix @@ -1,4 +1,3 @@ (final: prev: { oidc-agent = prev.callPackage ./pkgs/oidc-agent { }; - ocis = prev.callPackage ./pkgs/ocis { }; }) diff --git a/overlays/pkgs/ocis/default.nix b/overlays/pkgs/ocis/default.nix deleted file mode 100644 index 1f1aade..0000000 --- a/overlays/pkgs/ocis/default.nix +++ /dev/null @@ -1,85 +0,0 @@ -{ - lib, - stdenvNoCC, - callPackage, - fetchFromGitHub, - buildGoModule, - gnumake, - pnpm, - nodejs, -}: -let - web = callPackage ./web.nix { }; - idp-assets = stdenvNoCC.mkDerivation { - pname = "idp-assets"; - version = "0-unstable-2020-10-14"; - src = fetchFromGitHub { - owner = "owncloud"; - repo = "assets"; - rev = "e8b6aeadbcee1865b9df682e9bd78083842d2b5c"; - hash = "sha256-PzGff2Zx8xmvPYQa4lS4yz2h+y/lerKvUZkYI7XvAUw="; - }; - installPhase = '' - mkdir -p $out/share - cp logo.svg favicon.ico $out/share/ - ''; - dontConfigure = true; - dontBuild = true; - dontFixup = true; - }; -in -buildGoModule rec { - pname = "ocis"; - version = "v5.0.7"; - - vendorHash = null; - - src = fetchFromGitHub { - owner = "owncloud"; - repo = "ocis"; - rev = version; - hash = "sha256-vCEr7UCGEPm0x04U8DpsUNz9c64ZSEIK4SDcitCIDCw="; - }; - - nativeBuildInputs = [ - gnumake - nodejs - pnpm.configHook - ]; - - pnpmDeps = pnpm.fetchDeps { - inherit pname version src; - sourceRoot = "${src.name}/services/idp"; - hash = "sha256-ojrgoyl+xBsgEsx3d3gv5Wf6ziabHoFkEpAoDZcYavo="; - }; - pnpmRoot = "services/idp"; - - buildPhase = '' - runHook preBuild - cp -r ${web}/share/* services/web/assets/ - pnpm -C services/idp build - - mkdir -p services/idp/assets/identifier/static - cp -r ${idp-assets}/share/* services/idp/assets/identifier/static/ - - make -C ocis VERSION=${version} DATE=${version} build - runHook postBuild - ''; - - installPhase = '' - mkdir -p $out/bin/ - cp ocis/bin/ocis $out/bin/ - ''; - - passthru = { - inherit web; - }; - - meta = with lib; { - homepage = "https://github.com/owncloud/ocis"; - description = "ownCloud Infinite Scale Stack"; - mainProgram = "ocis"; - license = licenses.asl20; - maintainers = with maintainers; [ xinyangli ]; - }; -} diff --git a/overlays/pkgs/ocis/web.nix b/overlays/pkgs/ocis/web.nix deleted file mode 100644 index d28340c..0000000 --- a/overlays/pkgs/ocis/web.nix +++ /dev/null @@ -1,40 +0,0 @@ -{ - lib, - stdenvNoCC, - nodejs, - pnpm, - fetchFromGitHub, -}: -stdenvNoCC.mkDerivation rec { - pname = "ocis-web"; - version = "v8.0.5"; - - src = fetchFromGitHub { - owner = "owncloud"; - repo = "web"; - rev = version; - hash = "sha256-hupdtK/V74+X7/eXoDmUjFvSKuhnoOtNQz7o6TLJXG4="; - }; - - nativeBuildInputs = [ pnpm.configHook ]; - - buildInputs = [ nodejs ]; - - buildPhase = '' - pnpm build - ''; - - installPhase = '' - mkdir -p $out/share - cp -r dist/* $out/share/ - ''; - - pnpmDeps = pnpm.fetchDeps { - inherit pname version src; - hash = "sha256-m6yGqUmDor5273JsAlKs52Ug+bc3uhpI8F+MUhULAh4="; - }; - - meta = with lib; { - license = [ licenses.agpl3Only ]; - }; -}