tristan/nix
1
0
Fork 0
Code Projects Releases Packages Activity

Merge branch 'alpine/master' into framework/master

Browse source
This commit is contained in:
tristan 2025-04-29 16:29:27 +01:00
commit 01f1ee2c96
20 changed files with 472 additions and 134 deletions
Download patch file Download diff file Expand all files Collapse all files

4
.sops.yaml
View file

@ -6,3 +6,7 @@ creation_rules:
key_groups: key_groups:
- age: - age:
- *alpine - *alpine
- path_regex: certs/.*.key
key_groups:
- age:
- *alpine

48
certs/alpine.prawn-justice.ts.net.crt Normal file
View file

@ -0,0 +1,48 @@
-----BEGIN CERTIFICATE-----
MIIDljCCAxygAwIBAgISBBQT2OlSax8juBh/IQex2igaMAoGCCqGSM49BAMDMDIx
CzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQDEwJF
NTAeFw0yNDEwMTMwMTQ4MDFaFw0yNTAxMTEwMTQ4MDBaMCYxJDAiBgNVBAMTG2Fs
cGluZS5wcmF3bi1qdXN0aWNlLnRzLm5ldDBZMBMGByqGSM49AgEGCCqGSM49AwEH
A0IABNB7TDo//14hkP6lbTpMessnFDWiXCQ55C/+rPRuMK0kxMV9Uj9hVCaq6YI1
Nxug1DBmQvAVtMNho60wCUR0ocijggIcMIICGDAOBgNVHQ8BAf8EBAMCB4AwHQYD
VR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0O
BBYEFL+YrMuDYngdndFxmQ8DyIaF5FZuMB8GA1UdIwQYMBaAFJ8rX888IU+dBLft
KyzExnCL0tcNMFUGCCsGAQUFBwEBBEkwRzAhBggrBgEFBQcwAYYVaHR0cDovL2U1
Lm8ubGVuY3Iub3JnMCIGCCsGAQUFBzAChhZodHRwOi8vZTUuaS5sZW5jci5vcmcv
MCYGA1UdEQQfMB2CG2FscGluZS5wcmF3bi1qdXN0aWNlLnRzLm5ldDATBgNVHSAE
DDAKMAgGBmeBDAECATCCAQMGCisGAQQB1nkCBAIEgfQEgfEA7wB2AD8XS0/XIkdY
lB1lHIS+DRLtkDd/H4Vq68G/KIXs+GRuAAABkoPFMKkAAAQDAEcwRQIhAMB1F+1H
QkW08Lu2AQr8bcYCqg43niOw2EHl9cTqIMngAiBOQz14/mZsA09MjLO4QSgnC8pW
wSHaf791o2N/HPHWiAB1ABNK3xq1mEIJeAxv70x6kaQWtyNJzlhXat+u2qfCq+Ai
AAABkoPFMagAAAQDAEYwRAIgR3BMtNMq8ubpJQanyZ5VPkX7OCIVyjmWD/iQDKHo
VkUCIBXczglskWwyZEwhCv1lNmgCfZmIF32rywaEsKBjQ/2QMAoGCCqGSM49BAMD
A2gAMGUCMQCruWjBoT4D97a/TQACEWs2UZ5ZUm+RmZS7VA4kVm9Q1bFFrftD1FEQ
dB88W+jYPN8CMAervvI7Jb19X+wDktnp958XUodwOhhd0NNvQ4HS/TEUxSDV04Xb
FahrrdXWaqt3nQ==
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIEVzCCAj+gAwIBAgIRAIOPbGPOsTmMYgZigxXJ/d4wDQYJKoZIhvcNAQELBQAw
TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh
cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMjQwMzEzMDAwMDAw
WhcNMjcwMzEyMjM1OTU5WjAyMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNTGV0J3Mg
RW5jcnlwdDELMAkGA1UEAxMCRTUwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAQNCzqK
a2GOtu/cX1jnxkJFVKtj9mZhSAouWXW0gQI3ULc/FnncmOyhKJdyIBwsz9V8UiBO
VHhbhBRrwJCuhezAUUE8Wod/Bk3U/mDR+mwt4X2VEIiiCFQPmRpM5uoKrNijgfgw
gfUwDgYDVR0PAQH/BAQDAgGGMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcD
ATASBgNVHRMBAf8ECDAGAQH/AgEAMB0GA1UdDgQWBBSfK1/PPCFPnQS37SssxMZw
i9LXDTAfBgNVHSMEGDAWgBR5tFnme7bl5AFzgAiIyBpY9umbbjAyBggrBgEFBQcB
AQQmMCQwIgYIKwYBBQUHMAKGFmh0dHA6Ly94MS5pLmxlbmNyLm9yZy8wEwYDVR0g
BAwwCjAIBgZngQwBAgEwJwYDVR0fBCAwHjAcoBqgGIYWaHR0cDovL3gxLmMubGVu
Y3Iub3JnLzANBgkqhkiG9w0BAQsFAAOCAgEAH3KdNEVCQdqk0LKyuNImTKdRJY1C
2uw2SJajuhqkyGPY8C+zzsufZ+mgnhnq1A2KVQOSykOEnUbx1cy637rBAihx97r+
bcwbZM6sTDIaEriR/PLk6LKs9Be0uoVxgOKDcpG9svD33J+G9Lcfv1K9luDmSTgG
6XNFIN5vfI5gs/lMPyojEMdIzK9blcl2/1vKxO8WGCcjvsQ1nJ/Pwt8LQZBfOFyV
XP8ubAp/au3dc4EKWG9MO5zcx1qT9+NXRGdVWxGvmBFRAajciMfXME1ZuGmk3/GO
koAM7ZkjZmleyokP1LGzmfJcUd9s7eeu1/9/eg5XlXd/55GtYjAM+C4DG5i7eaNq
cm2F+yxYIPt6cbbtYVNJCGfHWqHEQ4FYStUyFnv8sjyqU8ypgZaNJ9aVcWSICLOI
E1/Qv/7oKsnZCWJ926wU6RqG1OYPGOi1zuABhLw61cuPVDT28nQS/e6z95cJXq0e
K1BcaJ6fJZsmbjRgD5p3mvEf5vdQM7MCEvU0tHbsx2I5mHHJoABHb8KVBgWp/lcX
GWiWaeOyB7RP+OfDtvi2OsapxXiV7vNVs7fMlrRjY1joKaqmmycnBvAq14AEbtyL
sVfOS66B8apkeFX2NY4XPEYV4ZSCe8VHPrdrERk2wILG3T/EGmSIkCYVUMSnjmJd
VQD9F6Na/+zmXCc=
-----END CERTIFICATE-----

20
certs/alpine.prawn-justice.ts.net.key Normal file
View file

@ -0,0 +1,20 @@
{
"data": "ENC[AES256_GCM,data:8ILElQXr1whCq6/Jvh2+0RN23cKn4Hd6GHd4/1pwfPzp+dzCcKe3gN4LY4NwTNM3fCeW2gX3DWHqXJxGxxjhlpLnFuEu9Q6eVAhjBIAEdUOAaOefQgBsY805hJ2+3oaASO1gTW64M4Rb7twhlJvtzfvl6dy5JuASv/mp3qlpmoIitFe0h1EAi0QkG5y1K7bDrmca7g9PhdelnJeIBAj9vjevtQAtJe3C1G/R3kfCLnPJQAC1BDBt97CXCux8uWgqSjH4ndp6c2cJH9UK87rB/w1+7ihSQGAfEAHNrdXMCSkcC9w=,iv:GiLNz81b7gLQZiX01wXQlYRogXwdyqX7HwOfVLUQHoo=,tag:MC6YZkidZHePXWTiUogJkQ==,type:str]",
"sops": {
"kms": null,
"gcp_kms": null,
"azure_kv": null,
"hc_vault": null,
"age": [
{
"recipient": "age106vffwu4y8cx90y0rtzajgpafl8jq7ty5hf6pur2gjsuq3g2lf5qjmdq0q",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBFbVI0M0o3TEFObEQ0RVJo\ncFp4djEvTzdndFV0OU5PKyt6WlpRYlowUlZBCkJYZm9JS1VZRGhwQ1c0K1JBVHIy\nelJNd3E1eUlPUDVGdUd3YzJrenFUY3cKLS0tIGhWWUt2TUthR1BncjN4UW9kQ1Vl\nM3JuVkUvZkZoM1ZabXhnRG1lRktrazAKesQXHUogJ0bo34Ibp5JxqaG7OCrbUteh\nrIyWr1bUQruhffOVJo+SQzKtNMwA2XwwU1xJb4YbBUXwe9/4G8KpqQ==\n-----END AGE ENCRYPTED FILE-----\n"
}
],
"lastmodified": "2024-10-13T03:10:45Z",
"mac": "ENC[AES256_GCM,data:iY5zcanENCJLwwaK0Gz/HZTAXvwbHDK5AZ7buHVjg22jQlFKlg46abBy1KIBOzurH7Z8i7lLSSF1DFzGbR63NjEWFiv4hJsDuFgvLxFm/GxERl+JnadKaaooYQavkE99J1uiPIr7BCZppC+MdvqG1IqkSeLO737KLniisprKe1g=,iv:VtHXpnZVoTpmLcmSVxvCZSxongAXwelE02OA/5afQ9k=,tag:y2GmUBzg6tspfjZi8TyhuQ==,type:str]",
"pgp": null,
"unencrypted_suffix": "_unencrypted",
"version": "3.9.0"
}
}

7
flake.nix
View file

@ -44,7 +44,6 @@
./nixos/programs/hyprland.nix ./nixos/programs/hyprland.nix
]; ];
home-modules = [ home-modules = [
./home/programs/mpd.nix
./home/programs/graphical.nix ./home/programs/graphical.nix
./home/programs/gamer.nix ./home/programs/gamer.nix
./home/programs/personal/. ./home/programs/personal/.
@ -61,7 +60,6 @@
./nixos/programs/hyprland.nix ./nixos/programs/hyprland.nix
]; ];
home-modules = [ home-modules = [
./home/programs/mpd.nix
./home/programs/work.nix ./home/programs/work.nix
./home/programs/graphical.nix ./home/programs/graphical.nix
./home/desktop/cosmic/laptop.nix ./home/desktop/cosmic/laptop.nix
@ -89,16 +87,17 @@
./nixos/services/forgejo.nix ./nixos/services/forgejo.nix
./nixos/services/vaultwarden.nix ./nixos/services/vaultwarden.nix
./nixos/services/jellyfin.nix ./nixos/services/jellyfin.nix
./nixos/services/mpd.nix
./nixos/services/prometheus.nix ./nixos/services/prometheus.nix
./nixos/services/grafana.nix ./nixos/services/grafana.nix
./nixos/services/synapse.nix ./nixos/services/loki.nix
./nixos/services/synapse/.
./nixos/services/mautrix/whatsapp.nix ./nixos/services/mautrix/whatsapp.nix
./nixos/services/mautrix/signal.nix ./nixos/services/mautrix/signal.nix
./nixos/services/nextcloud.nix ./nixos/services/nextcloud.nix
./nixos/services/ntfy.nix ./nixos/services/ntfy.nix
./nixos/services/authentik.nix ./nixos/services/authentik.nix
./nixos/services/monero.nix ./nixos/services/monero.nix
./nixos/services/arr.nix
]; ];
}; };

28
hardware/alpine.nix
View file

@ -59,13 +59,10 @@ in {
fsType = "fuse.mergerfs"; fsType = "fuse.mergerfs";
depends = ["/mnt/disk1" "/mnt/disk2" "/mnt/disk3"]; depends = ["/mnt/disk1" "/mnt/disk2" "/mnt/disk3"];
options = [ options = [
"direct_io"
"use_ino"
"allow_other"
"minfreespace=50G" "minfreespace=50G"
"fsname=mergerfs" "fsname=mergerfs"
"category.create=mfs" "category.create=mfs"
"func.mkdir=epall" "dropcacheonclose=true"
]; ];
}; };
@ -113,9 +110,13 @@ in {
]; ];
}; };
virtualisation.oci-containers.backend = "podman";
virtualisation = { virtualisation = {
podman = { podman = {
enable = true; enable = true;
autoPrune.enable = true;
defaultNetwork.settings.dns_enabled = true;
}; };
}; };
@ -136,6 +137,7 @@ in {
globalRedirect = "tristans.cloud"; globalRedirect = "tristans.cloud";
}; };
"tristans.cloud" = { "tristans.cloud" = {
default = true;
forceSSL = true; forceSSL = true;
enableACME = true; enableACME = true;
root = "/srv/www/tristans.cloud"; root = "/srv/www/tristans.cloud";
@ -147,14 +149,15 @@ in {
defaults.email = "tristan@tristans.cloud"; defaults.email = "tristan@tristans.cloud";
}; };
sops.secrets."namecheap" = {};
services.ddclient = { services.ddclient = {
# enable = true; enable = true;
protocol = "duckdns"; protocol = "namecheap";
use = "if, if=enp4s0"; usev4 = "webv4, webv4=ipify-ipv4";
ssl = true; usev6 = "";
username = ""; username = "tristans.cloud";
passwordFile = "/home/tristan/duckdnstoken"; passwordFile = config.sops.secrets."namecheap".path;
domains = ["tlbean"]; domains = ["@" "*"];
}; };
services.mpd = { services.mpd = {
@ -164,4 +167,7 @@ in {
services.grafana.settings.server = { services.grafana.settings.server = {
http_port = 3001; # forgejo and grafana default to 3000 http_port = 3001; # forgejo and grafana default to 3000
}; };
systemd.services.NetworkManager-wait-online.enable = false;
} }

3
nixos/default.nix
View file

@ -8,9 +8,6 @@
}: let }: let
user = config.user; user = config.user;
in { in {
imports = [
./modules/podman.nix
];
nix = { nix = {
settings = { settings = {

77
nixos/services/arr.nix Normal file
View file

@ -0,0 +1,77 @@
{config, lib, ...}: let
inherit (config) sops;
inherit (sops) templates placeholder;
in {
nixpkgs.config.permittedInsecurePackages = [
"aspnetcore-runtime-6.0.36"
"aspnetcore-runtime-wrapped-6.0.36"
"dotnet-sdk-6.0.428"
"dotnet-sdk-wrapped-6.0.428"
];
users.groups.media = {};
services.jackett = {
enable = true;
};
services.lidarr = {
enable = true;
group = "media";
};
services.sonarr = {
enable = true;
group = "media";
};
services.radarr = {
enable = true;
group = "media";
};
services.jellyseerr.enable = true;
sops.secrets.sonarr-sslkey = {
sopsFile = ../../certs/alpine.prawn-justice.ts.net.key;
format = "binary";
owner = "nginx";
};
# this was fun to figure out, but pointless atm.
services.nginx.virtualHosts."alpine.prawn-justice.ts.net" = {
forceSSL = true;
sslCertificateKey = config.sops.secrets.sonarr-sslkey.path;
sslCertificate = ../../certs/alpine.prawn-justice.ts.net.crt;
};
# probably easier if i just put this in a nixos-container
virtualisation.oci-containers.containers.transmission = {
autoStart = false;
image = "docker.io/haugene/transmission-openvpn:5.3.1";
ports = ["9091:9091"];
volumes = [
"/mnt/storage/downloads:/data"
"/home/tristan/pods/transmission/config:/config"
"/mnt/storage/media/unsorted:/data/completed"
];
environmentFiles = [ templates."transmission/env".path ];
environment = {
PUID = "1000";
GUID = "1000";
LOCAL_NETWORK = "100.0.0.0/8";
};
privileged = true;
capabilities = {
"NET_ADMIN" = true;
"NET_RAW" = true;
"MKNOD" = true;
};
};
sops.secrets = {
"transmission/auth/OPENVPN_PROVIDER" = {};
"transmission/auth/OPENVPN_CONFIG" = {};
"transmission/auth/OPENVPN_USERNAME" = {};
"transmission/auth/OPENVPN_PASSWORD" = {};
};
sops.templates."transmission/env" = {
owner = "tristan";
content = ''
OPENVPN_PROVIDER="${placeholder."transmission/auth/OPENVPN_PROVIDER"}"
OPENVPN_CONFIG="${placeholder."transmission/auth/OPENVPN_CONFIG"}"
OPENVPN_USERNAME="${placeholder."transmission/auth/OPENVPN_USERNAME"}"
OPENVPN_PASSWORD="${placeholder."transmission/auth/OPENVPN_PASSWORD"}"
'';
};
}

28
nixos/services/authentik.nix
View file

@ -9,7 +9,8 @@
port = "5437"; port = "5437";
}; };
authentik-config = { authentik-config = {
image = "ghcr.io/goauthentik/server:2023.10.7"; autoStart = true;
image = "ghcr.io/goauthentik/server:2025.2.4";
volumes = ["/home/tristan/pods/authentik/media:/media"]; volumes = ["/home/tristan/pods/authentik/media:/media"];
environment = { environment = {
AUTHENTIK_POSTGRESQL__USER = postgres.user; AUTHENTIK_POSTGRESQL__USER = postgres.user;
@ -20,7 +21,8 @@
AUTHENTIK_EMAIL__FROM = "Authentik <tristan@tristans.cloud>"; AUTHENTIK_EMAIL__FROM = "Authentik <tristan@tristans.cloud>";
AUTHENTIK_DEFAULT_USER_CHANGE_USERNAME = "false"; AUTHENTIK_DEFAULT_USER_CHANGE_USERNAME = "false";
}; };
envFile = templates."authentik/environment".path; environmentFiles = [templates."authentik/environment".path];
dependsOn = ["authentik-redis" "authentik-postgres"];
}; };
in { in {
sops.secrets = { sops.secrets = {
@ -50,26 +52,29 @@ in {
''; '';
}; };
}; };
virtualisation.oci-containers.containers = {
podman.authentik-redis = { authentik-redis = {
image = "redis:latest"; autoStart = true;
image = "redis:7.2-alpine";
ports = ["${redis_port}:6379"]; ports = ["${redis_port}:6379"];
volumes = ["authentik-redis:/data"];
}; };
podman.authentik-server = authentik-server =
authentik-config authentik-config
// { // {
command = "server"; cmd = ["server"];
ports = ["${authentik_port}:9000" "9084:9300"]; ports = ["${authentik_port}:9000" "9084:9300"];
}; };
podman.authentik-worker = authentik-worker =
authentik-config authentik-config
// { // {
command = "worker"; cmd = ["worker"];
}; };
podman.authentik-postgres = { authentik-postgres = {
autoStart = true;
image = "docker.io/postgres:14-alpine"; image = "docker.io/postgres:14-alpine";
ports = ["${postgres.port}:5432"]; ports = ["${postgres.port}:5432"];
volumes = ["/home/tristan/pods/authentik/db:/var/lib/postgresql/data"]; volumes = ["/home/tristan/pods/authentik/db:/var/lib/postgresql/data"];
@ -77,7 +82,8 @@ in {
POSTGRES_USER = postgres.user; POSTGRES_USER = postgres.user;
POSTGRES_DB = postgres.db; POSTGRES_DB = postgres.db;
}; };
envFile = templates."authentik/postgres_env".path; environmentFiles = [templates."authentik/postgres_env".path];
};
}; };
services.nginx.virtualHosts."auth.tristans.cloud" = { services.nginx.virtualHosts."auth.tristans.cloud" = {

27
nixos/services/grafana.nix
View file

@ -1,6 +1,15 @@
{config, ...}: let {config, lib, pkgs, ...}: let
cfg = config.services.grafana; cfg = config.services.grafana;
secrets = config.sops.secrets; secrets = config.sops.secrets;
mkDashboards = dashboards: pkgs.symlinkJoin {
name = "dashboards";
paths = map mkDashboard dashboards;
};
mkDashboard = {name, url, sha256}: pkgs.writeTextFile {
inherit name;
text = builtins.readFile ( builtins.fetchurl {inherit url sha256;} );
destination = "/dash/${name}.json";
};
in { in {
sops.secrets."grafana/oidc_client_secret" = { sops.secrets."grafana/oidc_client_secret" = {
owner = "grafana"; owner = "grafana";
@ -25,6 +34,22 @@ in {
role_attribute_path = "contains(groups[*], 'Grafana Admins') && 'Admin' || contains(groups[*], 'Grafana Editors') && 'Editor' || 'Viewer'"; role_attribute_path = "contains(groups[*], 'Grafana Admins') && 'Admin' || contains(groups[*], 'Grafana Editors') && 'Editor' || 'Viewer'";
}; };
}; };
provision.dashboards.settings.providers = [{
name = "Node Exporter";
type = "file";
options.path = mkDashboards [
{
name = "node-exporter";
url = "https://grafana.com/api/dashboards/1860/revisions/37/download";
sha256 = "sha256:0qza4j8lywrj08bqbww52dgh2p2b9rkhq5p313g72i57lrlkacfl";
}
{
name = "synapse";
url = "https://raw.githubusercontent.com/element-hq/synapse/refs/heads/master/contrib/grafana/synapse.json";
sha256 = "sha256:07qlr0waw9phmyd38bv22bn5v303w3397b89l44l3lzwhpnhs16s";
}
];
}];
}; };
services.nginx.virtualHosts = { services.nginx.virtualHosts = {
${cfg.settings.server.domain} = { ${cfg.settings.server.domain} = {

2
nixos/services/jellyfin.nix
View file

@ -1,6 +1,8 @@
{ {
services.jellyfin = { services.jellyfin = {
enable = true; enable = true;
group = "media"; # access to user stuff
openFirewall = true;
}; };
services.nginx.virtualHosts."movies.tristans.cloud" = { services.nginx.virtualHosts."movies.tristans.cloud" = {
forceSSL = true; forceSSL = true;

98
nixos/services/loki.nix Normal file
View file

@ -0,0 +1,98 @@
{config, ...}: let
inherit (config.services) loki;
in {
services.loki = {
enable = true;
configuration = {
auth_enabled = false;
server.http_listen_port = 3100;
schema_config.configs = [
{
from = "2024-10-12";
object_store = "filesystem";
store = "tsdb";
schema = "v13";
index = {
prefix = "index_";
period = "24h";
};
}
];
storage_config."filesystem".directory = "/tmp/loki/chunks";
common = {
ring = {
instance_addr = "127.0.0.1";
kvstore.store = "inmemory";
};
replication_factor = 1;
path_prefix = "/tmp/loki";
};
limits_config = {
ingestion_rate_strategy = "local";
ingestion_rate_mb = 24;
ingestion_burst_size_mb = 36;
};
};
};
services.prometheus.scrapeConfigs = [{
job_name = "loki";
static_configs = [
{
targets = ["localhost:3100"];
}
];
}];
services.promtail = {
enable = true;
# https://grafana.com/docs/loki/latest/send-data/promtail/configuration/
configuration = {
server = {
http_listen_port = 9080;
grpc_listen_port = 0;
};
clients = [
{url = "http://localhost:3100/loki/api/v1/push";}
];
scrape_configs = [
{
job_name = "system";
journal = {
path = "/var/log/journal/";
};
relabel_configs = [
{
source_labels = ["__journal_message"];
target_label = "message";
regex = "(.+)";
}
{
source_labels = ["__journal__systemd_unit"];
target_label = "systemd_unit";
regex = "(.+)";
}
{
source_labels = ["__journal__systemd_user_unit"];
target_label = "systemd_user_unit";
regex = "(.+)";
}
{
source_labels = ["__journal__transport"];
target_label = "transport";
regex = "(.+)";
}
{
source_labels = ["__journal__priority_keyword"];
target_label = "severity";
regex = "(.+)";
}
];
}
];
};
};
services.grafana.provision.datasources.settings.datasources = [{
name = "Loki";
type = "loki";
url = "http://localhost:${toString loki.configuration.server.http_listen_port}";
}];
}

45
nixos/services/mautrix/signal.nix
View file

@ -1,9 +1,44 @@
{config, ...}: let {config, lib, ...}: let
inherit (config) sops;
inherit (sops) templates placeholder;
inherit (import ./lib.nix) toAppRegistration; inherit (import ./lib.nix) toAppRegistration;
inherit (config.sops) templates placeholder;
in { in {
virtualisation.oci-containers.containers.mautrix-signal = {
image = "dock.mau.dev/mautrix/signal:v0.7.1";
dependsOn = ["mautrix-signal-psql"];
volumes = [
"/home/tristan/pods/signal-bridge/mautrix-signal:/data:z"
];
ports = [
"29328:29328"
"8000:8000"
];
};
# when you get around to backing this up
# 1. stop the server.
# 2. backup the db.
# 3. migrate to newer version of postgres
# 4. migrate db to local
virtualisation.oci-containers.containers.mautrix-signal-psql = {
image = "docker.io/postgres:14-alpine";
# ports = [ "127.0.0.1:5435:5432" ];
ports = [ "5435:5432" ];
volumes = [ "/home/tristan/pods/signal-bridge/db:/var/lib/postgresql/data" ];
environmentFiles = [templates."mautrix-signal/psql.env".path];
};
sops.templates = {
"mautrix-signal/psql.env" = {
owner = config.users.users.nobody.name;
content = lib.strings.toShellVars {
POSTGRES_PASSWORD = placeholder."mautrix-signal/postgres_password";
POSTGRES_USER = "signald";
POSTGRES_DB = "signald";
};
};
};
sops.secrets = { sops.secrets = {
"mautrix-signal/postgres_password" = {};
"mautrix-signal/as_token" = {}; "mautrix-signal/as_token" = {};
"mautrix-signal/hs_token" = {}; "mautrix-signal/hs_token" = {};
}; };
@ -20,10 +55,8 @@ in {
}; };
}; };
}; };
# mautrix-signal server currently in ansible/podman
services.matrix-synapse.settings.app_service_config_files = [ services.matrix-synapse.settings.app_service_config_files = [
templates."mautrix-signal/appservice.yaml".path templates."mautrix-signal/appservice.yaml".path
]; ];
} }

44
nixos/services/mautrix/whatsapp.nix
View file

@ -1,34 +1,17 @@
{config, ...}: let {config, ...}:
inherit (config) sops; {
inherit (sops) templates placeholder; # TODO: totally borked for some reason. DB migration?
inherit (import ./lib.nix) toAppRegistration; nixpkgs.config.permittedInsecurePackages = [
in { "olm-3.2.16"
sops.secrets = { ];
"mautrix-whatsapp/as_token" = {};
"mautrix-whatsapp/hs_token" = {};
};
sops.templates = {
"mautrix-whatsapp/appservice.yaml" = {
owner = "matrix-synapse";
content = toAppRegistration {
id = "whatsapp";
port = config.services.mautrix-whatsapp.settings.appservice.port;
as_token = placeholder."mautrix-whatsapp/as_token";
hs_token = placeholder."mautrix-whatsapp/hs_token";
sender_localpart = "Gx8tLTHsxVlrdD3qibaPdaP9t7GhfciV";
"de.sorunome.msc2409.push_ephemeral" = true;
};
};
# "mautrix-whatsapp/env".content = ''
# MAUTRIX_WHATSAPP_APPSERVICE_AS_TOKEN=${placeholder."mautrix-whatsapp/as_token"}
# MAUTRIX_WHATSAPP_APPSERVICE_HS_TOKEN=${placeholder."mautrix-whatsapp/hs_token"}
# '';
};
services.mautrix-whatsapp = { services.mautrix-whatsapp = {
enable = true; enable = true;
# environmentFile = templates."mautrix-whatsapp/env".path; registerToSynapse = true;
settings = { settings = {
appservice.database = {
type = "sqlite3";
uri = "/var/lib/mautrix-whatsapp/mautrix-whatsapp.db";
};
homeserver = { homeserver = {
address = "http://localhost:8008"; address = "http://localhost:8008";
domain = "tristans.cloud"; domain = "tristans.cloud";
@ -46,9 +29,4 @@ in {
}; };
}; };
}; };
services.matrix-synapse.settings.app_service_config_files = [
templates."mautrix-whatsapp/appservice.yaml".path
# "/var/lib/mautrix-whatsapp/whatsapp-registration.yaml"
];
} }

1
nixos/services/monero.nix
View file

@ -10,6 +10,7 @@
confirm-external-bind=1 confirm-external-bind=1
out-peers=64 # This will enable much faster sync and tx awareness; the default 8 is suboptimal nowadays out-peers=64 # This will enable much faster sync and tx awareness; the default 8 is suboptimal nowadays
in-peers=1024 # The default is unlimited; we prefer to put a cap on this in-peers=1024 # The default is unlimited; we prefer to put a cap on this
zmq-pub=tcp://localhost:18083
''; '';
}; };
} }

20
nixos/services/mpd.nix
View file

@ -2,6 +2,26 @@
services.mpd = { services.mpd = {
enable = true; enable = true;
network.listenAddress = "0.0.0.0"; network.listenAddress = "0.0.0.0";
extraConfig = ''
audio_output {
type "fifo"
name "snapcast"
path "${config.services.snapserver.streams.mpd.location}"
format "${config.services.snapserver.streams.mpd.sampleFormat}"
mixer_type "software"
}
'';
}; };
networking.firewall.allowedTCPPorts = [config.services.mpd.network.port]; networking.firewall.allowedTCPPorts = [config.services.mpd.network.port];
services.snapserver = {
enable = true;
openFirewall = true;
buffer = 1000;
streams.mpd = {
type = "pipe";
location = "/run/snapserver/mpd";
sampleFormat = "44100:16:2";
codec = "pcm";
};
};
} }

16
nixos/services/nextcloud.nix
View file

@ -1,6 +1,7 @@
{ {
config, config,
pkgs, pkgs,
lib,
... ...
}: let }: let
nextcloud = config.services.nextcloud; nextcloud = config.services.nextcloud;
@ -27,6 +28,7 @@ in {
services.nextcloud = { services.nextcloud = {
enable = true; enable = true;
https = true; https = true;
package = pkgs.nextcloud30;
hostName = "files.${config.networking.domain}"; hostName = "files.${config.networking.domain}";
configureRedis = true; configureRedis = true;
database.createLocally = true; database.createLocally = true;
@ -35,6 +37,7 @@ in {
dbtype = "pgsql"; dbtype = "pgsql";
}; };
secretFile = sops.templates."nextcloud/secrets.json".path; secretFile = sops.templates."nextcloud/secrets.json".path;
phpOptions."opcache.interned_strings_buffer" = "23";
settings = { settings = {
maintenance_window_start = 2; maintenance_window_start = 2;
default_phone_region = "GB"; default_phone_region = "GB";
@ -78,17 +81,10 @@ in {
notes notes
maps maps
previewgenerator previewgenerator
deck
news
oidc_login
; ;
oidc_login = pkgs.fetchNextcloudApp {
sha256 = "sha256-cN5azlThKPKRVip14yfUNR85of5z+N6NVI7sg6pSGQI=";
url = "https://github.com/pulsejet/nextcloud-oidc-login/releases/download/v3.0.2/oidc_login.tar.gz";
license = "agpl3Only";
};
news = pkgs.fetchNextcloudApp {
sha256 = "sha256-aePXUn57U+1e01dntxFuzWZ8ILzwbnsAOs60Yz/6zUU=";
url = "https://github.com/nextcloud/news/releases/download/25.0.0-alpha4/news.tar.gz";
license = "agpl3Only";
};
}; };
maxUploadSize = "5G"; maxUploadSize = "5G";
}; };

5
nixos/services/prometheus.nix
View file

@ -34,4 +34,9 @@ in {
}; };
}; };
}; };
services.grafana.provision.datasources.settings.datasources = [{
name = "Prometheus";
type = "prometheus";
url = "http://localhost:${toString prometheus.port}";
}];
} }

13
nixos/services/synapse.nix → nixos/services/synapse/default.nix
View file

@ -16,6 +16,8 @@
inherit (config.services) matrix-synapse matrix-sliding-sync; inherit (config.services) matrix-synapse matrix-sliding-sync;
inherit (sops) secrets templates; inherit (sops) secrets templates;
in { in {
imports = [./metrics.nix];
services.postgresql.enable = true; services.postgresql.enable = true;
services.postgresql.initialScript = pkgs.writeText "synapse-init.sql" '' services.postgresql.initialScript = pkgs.writeText "synapse-init.sql" ''
CREATE ROLE "matrix-synapse" WITH LOGIN PASSWORD 'synapse'; CREATE ROLE "matrix-synapse" WITH LOGIN PASSWORD 'synapse';
@ -66,7 +68,7 @@ in {
server_name = domain; server_name = domain;
baseurl = "https://${domain}"; baseurl = "https://${domain}";
oidc_providers = []; oidc_providers = [];
settings.listeners = [ listeners = [
{ {
inherit port; inherit port;
bind_addresses = ["localhost"]; bind_addresses = ["localhost"];
@ -84,12 +86,6 @@ in {
}; };
}; };
services.matrix-sliding-sync = {
enable = true;
environmentFile = templates."synapse/sliding_sync_env".path;
settings.SYNCV3_SERVER = "https://${domain}";
};
services.nginx.virtualHosts = { services.nginx.virtualHosts = {
${domain} = { ${domain} = {
locations."= /.well-known/matrix/server".extraConfig = mkWellKnown { locations."= /.well-known/matrix/server".extraConfig = mkWellKnown {
@ -97,7 +93,6 @@ in {
}; };
locations."= /.well-known/matrix/client".extraConfig = mkWellKnown { locations."= /.well-known/matrix/client".extraConfig = mkWellKnown {
"m.homeserver".base_url = "https://${fqdn}"; "m.homeserver".base_url = "https://${fqdn}";
"org.matrix.msc3575.proxy"."url" = "https://${fqdn}";
}; };
locations."= /.well-known/matrix/support".extraConfig = mkWellKnown { locations."= /.well-known/matrix/support".extraConfig = mkWellKnown {
admins = [ admins = [
@ -110,14 +105,12 @@ in {
}; };
locations."/_matrix".proxyPass = "http://localhost:${toString port}"; locations."/_matrix".proxyPass = "http://localhost:${toString port}";
locations."/_synapse/client".proxyPass = "http://localhost:${toString port}"; locations."/_synapse/client".proxyPass = "http://localhost:${toString port}";
locations."/_matrix/client/unstable/org.matrix.msc3575/sync".proxyPass = "http://${toString matrix-sliding-sync.settings.SYNCV3_BINDADDR}";
}; };
${fqdn} = { ${fqdn} = {
enableACME = true; enableACME = true;
forceSSL = true; forceSSL = true;
locations."/_matrix".proxyPass = "http://localhost:${toString port}"; locations."/_matrix".proxyPass = "http://localhost:${toString port}";
locations."/_synapse/client".proxyPass = "http://localhost:${toString port}"; locations."/_synapse/client".proxyPass = "http://localhost:${toString port}";
locations."/_matrix/client/unstable/org.matrix.msc3575/sync".proxyPass = "http://${toString matrix-sliding-sync.settings.SYNCV3_BINDADDR}";
}; };
}; };
} }

25
nixos/services/synapse/metrics.nix Normal file
View file

@ -0,0 +1,25 @@
let
port = 9008;
in {
services.prometheus.scrapeConfigs = [{
job_name = "synapse";
metrics_path = "/_synapse/metrics";
static_configs = [{
targets = ["localhost:${toString port}"];
}];
}];
services.matrix-synapse.settings = {
enable_metrics = true;
listeners = [
{
port = port;
type = "metrics";
bind_addresses = ["127.0.0.1"];
tls = false;
resources = []; # unneeded with type: metrics, just to make the nix module happy
}
];
};
# Grafana rules?
# https://github.com/element-hq/synapse/tree/master/contrib/prometheus/
}

65
secrets/secrets.yaml
View file

@ -1,33 +1,38 @@
nextcloud: nextcloud:
admin_password: ENC[AES256_GCM,data:ZBc/Z5F/DWPM78XhO3mVxEfEYjPoXHgqfg==,iv:ih9YuI+k4ksKBOhpezoJ/L5ac7P/JGLqs2B6ZuqZrj0=,tag:IDFU9NQoXHR1Ph5YtLC4lQ==,type:str] admin_password: ENC[AES256_GCM,data:oE7SeKE40NsLF5FrxKJheyzSXLcL8Hs1+w==,iv:ih9YuI+k4ksKBOhpezoJ/L5ac7P/JGLqs2B6ZuqZrj0=,tag:tRTNDAaAvRe7FSMMCneYkA==,type:str]
oidc_client_secret: ENC[AES256_GCM,data:nIVLfC+22fEurR6FXdUwz4+rPuXzlM5HG4lnRI/m1lOaiw+C9DA3WV15DP5IXMn6BeBmDMnXbfdGt0hoV32y8bkfcals0C4wUitI63sYRJ6+f+N85IeAolfvYi+6gCwKZZhwRZdZJOQVOoFH8bvC0zLz6dzjL1/C5POX4C57URs=,iv:uV6KssluRg4+aOg7DPewK9c3eIkY3y/7ij7uYBLx9Kw=,tag:gEvApHIStThboRsP0YEoFw==,type:str] oidc_client_secret: ENC[AES256_GCM,data:dTQlsiPvKPRETEy1cg7RIWxeapFOdoMqp1xpVnYFd8zxRyZGIYJNlSZAkc4ZZIMM76jrAnMw7jVArqCX/pma0GMxb4GqITYAHJfe6yVPZYVY9UHUeCQpwwdIMUxYJqYgcCL4VFn7tdtc6vITl+b0KH0GBFQWg07ROJCGfFiICa4=,iv:uV6KssluRg4+aOg7DPewK9c3eIkY3y/7ij7uYBLx9Kw=,tag:UM7fvtjscORH0BxoiUm++Q==,type:str]
grafana: grafana:
oidc_client_secret: ENC[AES256_GCM,data:XU81XrM/aTZ/RDc3UPunOFQdfjJldKw3usMA5NfQkgxJYSq5NSu1ZQXsMuly4xbcYULiuUtkTAnb7Xzge+yIDoLfrZHab4mQgtLeK6hzZgLHYeSSEtQCXEYsL0p6ulA2OLrW6KoKl/o1EjiA+8htimgc7yNatdo6pBwwUXZFxpQ=,iv:de2P5uu1t0si7s7BqG4ukvouxH1TlCxgR28wRsz7i/I=,tag:1u0Wd9HRzbJRQtNbwDHOIQ==,type:str] oidc_client_secret: ENC[AES256_GCM,data:vC/9eABn0slzgiaI372dhD46ggU+dsjgA9B7Kv2SLS15OWFBwqRnRhGxNYO6Iwev656t2RwZlJwbQwS8sIrnFD3NU+IEGMvz4sVWbSj7tHxojNo3+Ne8Kg7b03AlBYcEmYqTIx94Nbx8DsZtFRGAIuFYDpEpVxC9jWgPtqB21OE=,iv:de2P5uu1t0si7s7BqG4ukvouxH1TlCxgR28wRsz7i/I=,tag:wToLDNtOafhuMe9thxZDuQ==,type:str]
anki: anki:
password: ENC[AES256_GCM,data:dZsz/Z0rdP8vVFEGlck=,iv:rLjrfKXnz7hiYSOOY+uTGQCmvMLZbo3Xle+069hAB+A=,tag:sNuvL9tGBXs9OPoFVfjdSw==,type:str] password: ENC[AES256_GCM,data:Lz9WwJ/JgboJEqnClj4=,iv:rLjrfKXnz7hiYSOOY+uTGQCmvMLZbo3Xle+069hAB+A=,tag:PrWQlZYREWGQJwPVFX0byQ==,type:str]
synapse: synapse:
postgres: ENC[AES256_GCM,data:pP/Clrcd/dTjI81Wr9I=,iv:nx3eVKH1DXGk3tipbzlIGGyZB3/bJP5TSVMFVNHTIPs=,tag:3PbODZtFlb9XtuBfO/Ey/g==,type:str] postgres: ENC[AES256_GCM,data:/jukTywBVoRi8KkDpAA=,iv:nx3eVKH1DXGk3tipbzlIGGyZB3/bJP5TSVMFVNHTIPs=,tag:DDmnJ1yiiZcGqvGj6uTG7w==,type:str]
oidc_client_secret: ENC[AES256_GCM,data:GXEHHAf5pi/34DY8rUtb1r+0w9HdH2LfeYzREq9BssbspORGd2lOGW22kpUWQzMP/LN8qqx0+EDxlnUuz6MbKofdDPO53Ghrkv7eKsgHdI4g8NbneOEIe4Uurjsg+ibn2EIAWP6HsdwDoLPpS260HyciHJz15i8OpyPatv+bhUc=,iv:pigc8d/LPwy/mBrlUzOFR1nIUrulYZ67nq4bI4Mn+MI=,tag:5fQj8XiXmlC0/T4Muht7bA==,type:str] oidc_client_secret: ENC[AES256_GCM,data:QdTHn5n+VcZ7EpZRI9EGHm+F5CWWr72nEqyJC4itEnSM+MZfnp941rRBUefU067VCf/mZR8UWkMJYATR2wcQTGluF73nHOeV8c1XUwT0TXNgPNhPdXisRcZF8OCYzU9HmdMKieiH/Bmc/mSXU3AZuTe9UXhf0CyVs1HgoENyfJQ=,iv:pigc8d/LPwy/mBrlUzOFR1nIUrulYZ67nq4bI4Mn+MI=,tag:nKDeJBp9VhzS3fOx64N0kA==,type:str]
signing_key: ENC[AES256_GCM,data:AuXyep/aoKn0EoXFgphhlwyvqiwnmRAbGsjzQtCHOVe1Nsdd1aZZdmANt3NXbNJbtjbowIYGbYTizQ==,iv:jKfEBdXSIrg1WQRvWxi+CUiO2mXOfULkg/i3YSD4d9k=,tag:EZJnoZVyrjb0fcRbvyuiPg==,type:str] signing_key: ENC[AES256_GCM,data:f3EEHTnY5qm2TUKEXMLsrMt9qhJaz9VzRwGFV9+xUP32fwxwbZc/EopOVJ03OvQwG695at+26MRWcQ==,iv:jKfEBdXSIrg1WQRvWxi+CUiO2mXOfULkg/i3YSD4d9k=,tag:EYhdgGZkx0qZqAqlA/RJuQ==,type:str]
sliding_sync_secret: ENC[AES256_GCM,data:EureGgSONw+29RnTBcG7+Hpjs3mOk1Zr75glc582Tr9ITFfMczAdfY0FlWQgDxiPnl3o2GqlvdQ2CwDmpVGUVQ==,iv:JUKLrxrYQmCF15o+PwY1PzNW1h9FrGxdbSFGCzm3RdA=,tag:/TMv9LcCRLoTw3MDmpE0oQ==,type:str] sliding_sync_secret: ENC[AES256_GCM,data:zog0Bw+GyNnaLKtxhH3p4nMYtT6CcJ6bpaq1UagIxuywKjxSJkjKdmWXDrQ+mgswvc8rZ1GRDTsuYJmjcr3JwQ==,iv:JUKLrxrYQmCF15o+PwY1PzNW1h9FrGxdbSFGCzm3RdA=,tag:EXxXOAVbGAemOBFRhXKPqg==,type:str]
mautrix-whatsapp:
as_token: ENC[AES256_GCM,data:x1iIfwaRdSzC7wo684FY5ZCytj+uQSS2k8UZ/Sm/0gy7jnjsb6Eyl0I5tdNf7mYk2gdTtfmc+dVThOP3aGIZXQ==,iv:hvVr1MZfpLewomTW5pUhOvrQ2fEkQy4LNnfqslkeFgQ=,tag:5eUZLn5Bd2D5GWyIx9xevw==,type:str]
hs_token: ENC[AES256_GCM,data:y8q41zg1NFco0fs7Q/yZVIPCdrUsB8/CRiffBpAVWsH0vCCHQvBs6VUGZmZwJVySkxSfFqBdCc/TF38SPwhxCg==,iv:sJ0cldlCTpGRMYT0u9ZGFVI70m3VBCZqn/l4cwUDyAI=,tag:D0QE2TQxLNnEv6/ECCLnRw==,type:str]
mautrix-signal: mautrix-signal:
as_token: ENC[AES256_GCM,data:wu9ohlIUn6dBYxa7jZzG9DRVRrBCnmXsc7txntF6U6eW6rpe/bvKWDR5/db1ZtMxAv/MZrTephJ81yqtr8aDsw==,iv:L+Pj1Mg5SlaKs0kb68qPzJX1FI7mV8boh4OonfWBy8o=,tag:J6F3CP5OJbyPBr5iVWhg0w==,type:str] as_token: ENC[AES256_GCM,data:13EBWO8ZD2LjkFLI3Clvn4qU1u+rCrPwlvwLaNDlKt3Zf2YxCvM3m1dprj5FyF3fNETSgzbMe6tXsHcxjMi5ag==,iv:L+Pj1Mg5SlaKs0kb68qPzJX1FI7mV8boh4OonfWBy8o=,tag:nIsr0NdIDU2a3DYGm7OXeA==,type:str]
hs_token: ENC[AES256_GCM,data:8OAHb5+k7uRW5EtjrNiTFjG1lf3txePHjpVYaDtJ1MfbtU8jN/T50PENPwFHR9iJSh2Zma7PGgFjwlWHGQEW8A==,iv:YoHj7qGYVA8C8HL8XLcarHwkVrdc7dQHecYF0yxvqwM=,tag:3y/K1iztmWrWR34/3vjopA==,type:str] hs_token: ENC[AES256_GCM,data:PJkY4F3Nu6C79v3FaEw6sVr7Y+IIjLJbc2h+L7pEFYyfyolWPMTeQf85Js1zbGEsRLWvyJTAQXdg68KldYCg2Q==,iv:YoHj7qGYVA8C8HL8XLcarHwkVrdc7dQHecYF0yxvqwM=,tag:xoxt0sprxTpHhf4XLfrCaA==,type:str]
postgres_password: ENC[AES256_GCM,data:k+BHWgiNXQeujuShmDgu3anjLgcd,iv:J8sUNC6S/RsMhu3LW37xp5sddJxicfVaOrsfsptp/W4=,tag:7RB6j19tBEp7Z+VSEUR4mQ==,type:str]
mautrix-instagram: mautrix-instagram:
as_token: ENC[AES256_GCM,data:pNO76BcGejQdCc5X4f/UvSsBIPU6QZCCQTJvwVIXRf3rnb9ewWNMEtYXlqj886yh3g5SgqQ4Uhqby/7vrMxREA==,iv:uYU7ACk4wEPzqUCpt5KBt5Y8LoVIdAlNvdWj5Jm94qM=,tag:vJHOhwJBPlgUPu1SFqI4ew==,type:str] as_token: ENC[AES256_GCM,data:DP/VQGK2DO4ixT/3wLBhvKxCcauEgXmDD4vW8k5uJFXAq7gtUXasLIYZ6pkUx0Vzd5kT/XZMhFOJyOT2Cyv38Q==,iv:uYU7ACk4wEPzqUCpt5KBt5Y8LoVIdAlNvdWj5Jm94qM=,tag:RoOhGoQ2BeDe0n6/w4TuPA==,type:str]
hs_token: ENC[AES256_GCM,data:m1CK8Ae6QyJKgDZm904xMpZ1KgKxEUpmQ1jdKOkjexgwAWjjtYF+RVximtcXwxPg/0jkbK/LMlxA89ic+zajiA==,iv:YLed92mS+2Cpud2f8Gq+zlpSVyPo7RVNGOUPCIRDi94=,tag:rRwhYn88ZZwm5sDI1etR2g==,type:str] hs_token: ENC[AES256_GCM,data:ljzZE6uwHq7jH5oIej4TWMeFtDolRSCg1oNr7xkjK7t3EpZrkg2YVOvWJtf/B+43cx7/BzVftBM4NOElQfRUDA==,iv:YLed92mS+2Cpud2f8Gq+zlpSVyPo7RVNGOUPCIRDi94=,tag:KEqa64BqbG7lmpV2sTqHkg==,type:str]
authentik: authentik:
postgres_password: ENC[AES256_GCM,data:mdUFP92PQEsvXpgES/iG+zmse0AKJ2c1KdMQDWDWWzWAOn3YSAYJX/N0IIljoGNC,iv:UxFDFYWNBQospGoHlrvLQJyypIszPqpkeJy1IGr6/7I=,tag:99LWrGMaYpfTl0PM4AQaKg==,type:str] postgres_password: ENC[AES256_GCM,data:jUVLMW1kFABZ3uWeWp4oWGOQDm7IBpF1BKNg/h88UqbpgakSCVuF+GIOSTxpSdc0,iv:UxFDFYWNBQospGoHlrvLQJyypIszPqpkeJy1IGr6/7I=,tag:IIN24+k4k37IszNFK1+rRg==,type:str]
secret_key: ENC[AES256_GCM,data:JWcHd5FLhFt7gitVyv0l5Fc/sVrBlro026CPKrECPRGQHwjWQWsXTbKisM0vCKdB,iv:WN/LXUNrd+DbxfxwotedlYnyzE2D1c6C2e0UgCXUWX8=,tag:CAo6tX5RGdg67giMWa459g==,type:str] secret_key: ENC[AES256_GCM,data:qYS0HIImVKnMS9ywEJK2E0WLHgcWIYTZVapA/fL79abqK1qKPeVIQ3u/SqwkGBgg,iv:WN/LXUNrd+DbxfxwotedlYnyzE2D1c6C2e0UgCXUWX8=,tag:E5ABLXy5vDxDPdBGR5HoLg==,type:str]
mail: mail:
host: ENC[AES256_GCM,data:TpJCxb8/qtGHA7ZQNFxRfzY0jz82,iv:+hjhL2jbMP9NWYub/etBhFXxAfzoIEneepRw5uHL8bs=,tag:J5Rb6BiFKqgqxZPFSGtXhA==,type:str] host: ENC[AES256_GCM,data:FGKGHXYVwbDp17nYwrQtvGp0FYuK,iv:+hjhL2jbMP9NWYub/etBhFXxAfzoIEneepRw5uHL8bs=,tag:Uy3BihID9/h1Y7874KqHMw==,type:str]
port: ENC[AES256_GCM,data:1DfD,iv:I3dK4v/h5nFLNk4yihQxkJiyAir9MLDAQIeGbSn3j+I=,tag:Xu8E6PN7u9YRVnFMWq85DQ==,type:str] port: ENC[AES256_GCM,data:q3NZ,iv:I3dK4v/h5nFLNk4yihQxkJiyAir9MLDAQIeGbSn3j+I=,tag:TAZg45IQF/dlLrH1vjBlmA==,type:str]
username: ENC[AES256_GCM,data:yF3a6yJbvscUM8HRL9/Df5ZU4j5a3g==,iv:LkZh8eaBZ+Z3+bjpyB3MkWTRpjtk3/bszseT9KCfDmM=,tag:sdAp283HiwYWlVLc7c4waw==,type:str] username: ENC[AES256_GCM,data:DJ8D7TY2o2PimB0WX4L6gEJr7M6XRQ==,iv:LkZh8eaBZ+Z3+bjpyB3MkWTRpjtk3/bszseT9KCfDmM=,tag:Nf7ePRKAqk+xRpKSem/QSw==,type:str]
password: ENC[AES256_GCM,data:queuYRYekTyynd6fxK4RNImMzQeR7xfNg9u96Fr+1tw=,iv:Rn30tJAoahkMr2ISDbyHClHDdjSF41MqtTwlSGUQELw=,tag:/sfAJXvFwvv3AMxTCONmkg==,type:str] password: ENC[AES256_GCM,data:GqR8lvyF21djWQT0smHQb42FOt56ZHPnLYS0ekoyyH0=,iv:Rn30tJAoahkMr2ISDbyHClHDdjSF41MqtTwlSGUQELw=,tag:ab7k7Afi5Dfw4NkLbF/cUg==,type:str]
ssl: ENC[AES256_GCM,data:K2pczQ==,iv:Us4kZfQ2wIx/qJXDaPDuUNvGU2F+U8EtV21SPbTebe8=,tag:lUY9pGQ7dtxIJqOOtIMA8Q==,type:str] ssl: ENC[AES256_GCM,data:swCVBQ==,iv:Us4kZfQ2wIx/qJXDaPDuUNvGU2F+U8EtV21SPbTebe8=,tag:Zuc0y6aTyjQBe4ZV7zy3NA==,type:str]
transmission:
auth:
OPENVPN_PROVIDER: ENC[AES256_GCM,data:cgYUsQ==,iv:KXddHlOwqbn97SmLkdRIDrqiAAihfXNpG64uD80UnKI=,tag:s6tkiawsfOOXV3ZMltL4MQ==,type:str]
OPENVPN_CONFIG: ENC[AES256_GCM,data:mHMLA2Rqte+aEGstKCan3fNPEqwb,iv:wvLx3rWNcDVek6bmXBu+39AlnXpviNNwCItLAWWVDzY=,tag:1ArWMperFmOFSCdehWibNg==,type:str]
OPENVPN_USERNAME: ENC[AES256_GCM,data:RQ+hGLE6YEgN/aaa2TLpkg==,iv:oG794WxGe0t1ZI0PyC45ZgCPA0Ar2m/dSVDdMYBKJvY=,tag:CGnEu8ds0s4aH4ImCrNWNQ==,type:str]
OPENVPN_PASSWORD: ENC[AES256_GCM,data:Jw==,iv:uGAaXFWfpSaeqY7yC9cR9iqblH3E3hudnrnIlOvdRCg=,tag:P1XJ2SBY82z9YZP9J/n5SA==,type:str]
namecheap: ENC[AES256_GCM,data:PTEQK8+G1FfmvRk9IxrAZjCAhiKdV0AA+JxaJRZvbHU=,iv:xTrJzPooM0xzs9xgkNGWKRzRHeIIhMGa8EYW2/41ZvA=,tag:KHdLKuip439QNeAiBwreqg==,type:str]
sops: sops:
kms: [] kms: []
gcp_kms: [] gcp_kms: []
@ -37,14 +42,14 @@ sops:
- recipient: age106vffwu4y8cx90y0rtzajgpafl8jq7ty5hf6pur2gjsuq3g2lf5qjmdq0q - recipient: age106vffwu4y8cx90y0rtzajgpafl8jq7ty5hf6pur2gjsuq3g2lf5qjmdq0q
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4a3EwTXQwV3hxNW1zNXow YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDc1R5TFAvZFFMbTJqWVl5
Q1UxRHcwaVdhNHo5N0QvbE1maTkxdFBKZUJvCnpVYklIamlic1A4SDluQnhod2Z3 STA0YjBRSmk2N1dvUG9ETWYvRTNXMTFoYUVJCk81dmM2c0JLcnpzUjBsazZrenRK
MTVxRlJLVWd5dkZlTjE1OGRIZVo4QmsKLS0tIHI4bm01WjNucUlvYzFTSzhNSkQ3 YXZkQ2pqRTNrTDBFK1FrQ3BRNmI0STQKLS0tIHpseXFsSlhLNVhHeFNhVXNEcmM3
NUFIN3NPU2pTZ0NZRXdQY0xhWlI5T3cKd5XCj1aNsD+7+MfiAPGb1iAW9AgzyagG S3ZwcHhkdEEvY0pINDloand5S0NycHcKEpIt5EeIKhLQK7f74sWVN/x5gzh/Jq7x
A7cwF9kQwWWLud9z4v6epuDkqGF+7uIy7N/CwBaEgi8+AS8o27wo4g== UUN5QtysRbWVGnWRxdNB8LIMjDJY9jRojycdQfSNebaz5ZLjEp8dZQ==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2024-05-08T21:41:24Z" lastmodified: "2025-01-18T02:00:29Z"
mac: ENC[AES256_GCM,data:BMM/NP/ls0VdkL1jOqPeEmfxwoQR1Yi5DM2xb1p+Z3u9oo61Tkc2v2G7G9jWMfa2UwVlqYOGIZlwNj2ONhWhDDZBVTd3tTEbssbizNTUWGX7cQBfQm9K0/Mk+qXdug7AfjKnVXZlEbD7QLfqhz7sl/tDaPS9sstnivJENi2sIYI=,iv:nOoc+kiSbf89qJMtGYLURVToh6bCnEjg7zVQivzate4=,tag:ogEOMkRafxKLFX0N9hbOSw==,type:str] mac: ENC[AES256_GCM,data:x3J0tRfNynM2qlB4YUUAUMYI/94opN1kJ1j0kOyeZ1GZHx+EA4dQZif4nPQOERo+5xRt8C4YXVDZEnCjD1TpQE6LYik0n0iY+84sY5fSr2SYiXzq2P72Tk7BzBklI9/zjndeJLJbydTJDMzOCvdEWIfHYZsHODnKXBO9pYwjAqU=,iv:z+QD93t72S2w0CqMV5sQk9oK9LMnQAxyaiExmqEcSp0=,tag:dbtyHUQ+n2EQvHEkQa7zrw==,type:str]
pgp: [] pgp: []
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.8.1 version: 3.9.2