From 92c25e624a99c40eb57e0912c0e1bf3420fee72e Mon Sep 17 00:00:00 2001 From: Konstantin Nazarov Date: Thu, 26 Oct 2023 00:31:53 +0100 Subject: [PATCH] Add videos.knazarov.com and some emacs changes --- .sops.yaml | 8 ++ configuration.nix | 71 ++++++++---- emacs.el | 27 +++++ flake.lock | 36 +++--- flake.nix | 1 + nodes/knazarovcom/configuration.nix | 46 ++++---- nodes/mira/configuration.nix | 7 ++ nodes/mira/hardware-configuration.nix | 40 +++---- nodes/videos/configuration.nix | 143 ++++++++++++++++++++++++ nodes/videos/hardware-configuration.nix | 33 ++++++ nodes/videos/host-metadata.nix | 4 + nodes/videos/secrets-videos.yaml | 45 ++++++++ pgp_keys/nemo.asc | 41 +++++++ secrets.yaml | 6 +- switch.sh | 8 +- 15 files changed, 425 insertions(+), 91 deletions(-) create mode 100644 nodes/videos/configuration.nix create mode 100644 nodes/videos/hardware-configuration.nix create mode 100644 nodes/videos/host-metadata.nix create mode 100644 nodes/videos/secrets-videos.yaml create mode 100644 pgp_keys/nemo.asc diff --git a/.sops.yaml b/.sops.yaml index 317e71d..4df19f1 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -3,6 +3,7 @@ keys: - &server_mira age1le98v5v0xnlnc4y0ydgj9kwfftt8g5wduws8zsadgc97pj0fzecs55tjvz - &server_framework age1rkmhgep2jhdnma24x7ufzr686cwq6p3nk7mmedykan0d7c36xaus2y58sw - &server_knazarovcom age1esdg28lplhhvrj6vmqu9x0adyxj5trp2dp7my3k57kjhkstkk9cqkg5qkj + - &server_videos age16md2hayuu3txmv5xykkdwdnwn4ep2yg9kcrrkwzxphzjlnu6g3uqsk45re creation_rules: - path_regex: secrets\.yaml$ key_groups: @@ -18,3 +19,10 @@ creation_rules: - *admin_knazarov age: - *server_knazarovcom + + - path_regex: secrets-videos\.yaml$ + key_groups: + - pgp: + - *admin_knazarov + age: + - *server_videos diff --git a/configuration.nix b/configuration.nix index 43470d3..ba0ca10 100644 --- a/configuration.nix +++ b/configuration.nix @@ -5,6 +5,19 @@ { config, lib, nixpkgs, pkgs, home-manager, ... }: let my_python = (pkgs.python3.withPackages (ps: with ps; [ git_plan ])); + + my_emacs = + (pkgs.emacsWithPackagesFromUsePackage { + config = ./emacs.el; + defaultInitFile = true; + package = pkgs.emacs29-pgtk.overrideAttrs (old: { withTreeSitter = true; }); + alwaysEnsure = true; + extraEmacsPackages = epkgs: [ + pkgs.mu + epkgs.treesit-grammars.with-all-grammars + ]; + }); + in { imports = [ #./gnupg.nix @@ -13,6 +26,7 @@ in { nix.extraOptions = '' !include ${config.sops.secrets.github_token.path} bash-prompt = (nix:$name)\040\[\033[1;32m\][\u@\h:\w]\$\[\033[0m\]\040 + extra-sandbox-paths = /nix/var/cache/ccache ''; sops = { @@ -82,7 +96,7 @@ in { users.users.knazarov = { isNormalUser = true; description = "Konstantin Nazarov"; - extraGroups = [ "networkmanager" "wheel" config.users.groups.keys.name ]; + extraGroups = [ "networkmanager" "wheel" config.users.groups.keys.name]; packages = with pkgs; [ ]; openssh.authorizedKeys.keys = [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDGxebDydOcs7URJjXFHMU++ruaZOJpXbK4ixH19pWTsX7WtxxriZxD4+RQ3oyllGG/8sEFzEe0NoTHUPU6YrBpfwT/ekGDmCJHtvZ+rZs+cRQd6tObfAUip1B1Mcvhuaj0prnrbfohOuHpvQ/L8TogIKuHgczDmud4KGUu0mxCsUHbD5tlKpsgN+dJXkvjxsO7JhhF9JpFTrYAU0gTuBPTt3ynpnZKrE1NgnE0iy+CEr/v41dLqxw3fUjT3nOFUQ1l/VKTw5mLt5Iw7XmBLuFGLRAVrwzXxeBCfYqKGYgY4QV8HCcVpcqC8zWmRskiRetzQ/5HwRagm4yZr0I+LZ305nGB0cSJzLWXXOUF6SDg2cqAXFpF/o2LoFCmaV5h3jmCGOUrowF7oV4mYwBMWfabrbZx21z/R56GkAOOEKc2h+Qh5wIj4yayX081SkqJK3J9+3vGG4VvXnwGnPnWQFqrzeedyV74maffGBGFYm0UOcD+oG6EwM+7MEUBpJm9m4c= knazarov" @@ -155,20 +169,12 @@ in { graphviz fzf nixfmt + my_emacs + libreoffice #network-manager-applet (clang-tools.override { llvmPackages = llvmPackages_16; }) # mainly for clang-format - (emacsWithPackagesFromUsePackage { - config = ./emacs.el; - defaultInitFile = true; - package = emacs29-pgtk.overrideAttrs (old: { withTreeSitter = true; }); - alwaysEnsure = true; - extraEmacsPackages = epkgs: [ - pkgs.mu - epkgs.treesit-grammars.with-all-grammars - ]; - }) # wget my_python ]; @@ -186,23 +192,23 @@ in { services.fwupd.enable = true; services.gnome.gnome-keyring.enable = true; - services.emacs.package = nixpkgs.emacsUnstablePgtk; + #services.emacs.package = nixpkgs.emacsUnstablePgtk; # Enables wayland support in electron apps (e.g. slack) environment.sessionVariables.NIXOS_OZONE_WL = "1"; # Set default browser to qutebrowser in electron apps - environment.sessionVariables.DEFAULT_BROWSER = - "${pkgs.qutebrowser}/bin/qutebrowser"; + #environment.sessionVariables.DEFAULT_BROWSER = + #"${pkgs.qutebrowser}/bin/qutebrowser"; # Set default browser to qutebrowser everywhere else - xdg.mime.defaultApplications = { - "text/html" = "org.qutebrowser.qutebrowser.desktop"; - "x-scheme-handler/http" = "org.qutebrowser.qutebrowser.desktop"; - "x-scheme-handler/https" = "org.qutebrowser.qutebrowser.desktop"; - "x-scheme-handler/about" = "org.qutebrowser.qutebrowser.desktop"; - "x-scheme-handler/unknown" = "org.qutebrowser.qutebrowser.desktop"; - }; + #xdg.mime.defaultApplications = { + #"text/html" = "org.qutebrowser.qutebrowser.desktop"; + #"x-scheme-handler/http" = "org.qutebrowser.qutebrowser.desktop"; + #"x-scheme-handler/https" = "org.qutebrowser.qutebrowser.desktop"; + #"x-scheme-handler/about" = "org.qutebrowser.qutebrowser.desktop"; + #"x-scheme-handler/unknown" = "org.qutebrowser.qutebrowser.desktop"; + #}; # Enable screen sharing on Wayland xdg = { @@ -339,6 +345,11 @@ in { # }; }; + services.jellyfin = { + enable = true; + openFirewall = true; + }; + networking.firewall.allowedTCPPorts = [ # Syncthing 8384 @@ -390,6 +401,12 @@ in { source ''${EMACS_VTERM_PATH}/etc/emacs-vterm-bash.sh fi ''; + shellAliases = { + nn = "notes.sh -n"; + ne = + ''notes.sh -l | fzf --tac --with-nth="2..-1" | xargs -o notes.sh -e''; + + }; }; gtk = { @@ -488,6 +505,13 @@ in { }]; }; + services.emacs = { + enable = true; + package = my_emacs; + client.enable = true; + + }; + wayland.windowManager.sway = { enable = true; xwayland = true; @@ -505,8 +529,10 @@ in { "exec pactl set-source-mute @DEFAULT_SOURCE@ toggle"; "XF86MonBrightnessUp" = "exec brightnessctl s +5%"; "XF86MonBrightnessDown" = "exec brightnessctl s 5%-"; + #"Mod4+Return" = + #"exec emacs --eval '(progn (setq confirm-kill-processes nil) (vterm))'"; "Mod4+Return" = - "exec emacs --eval '(progn (setq confirm-kill-processes nil) (vterm))'"; + "exec emacsclient -c"; "Mod4+space" = "exec ${pkgs.foot}/bin/foot -T mylauncher -a mylauncher ${pkgs.q-sh}/bin/q"; "Mod4+p" = @@ -535,6 +561,7 @@ in { }; }; extraConfig = '' + for_window [title="as_toolbar"] floating enable for_window [title="mylauncher"] floating enable for_window [title="Firefox.*Sharing Indicator"] floating enable; default_border pixel 3 diff --git a/emacs.el b/emacs.el index ef08503..eb9d7b0 100755 --- a/emacs.el +++ b/emacs.el @@ -105,6 +105,10 @@ (use-package hide-mode-line) (add-hook 'vterm-mode-hook #'hide-mode-line-mode) +;; Disable "when done with this frame..." message when running +;; emacsclient +(setq server-client-instructions nil) + ;; -------- Cursor and movement -------- ;; On emacs mac port use Alt as meta key @@ -182,6 +186,18 @@ '(font . "Source Code Pro-11")) )) +(add-to-list 'default-frame-alist + '(font . "Source Code Pro-11")) + +;; Configure fonts when running in daemon mode +(defun my-configure-font (frame) + "Configure font given initial non-daemon FRAME. +Intended for `after-make-frame-functions'." + (add-to-list 'default-frame-alist + '(font . "Source Code Pro-11")) + (remove-hook 'after-make-frame-functions #'my-configure-font)) + +(add-hook 'after-make-frame-functions #'my-configure-font) ;; -------- Packages -------- @@ -882,6 +898,14 @@ If vterm is not running yet, start it. Then, show the main window, unless BACKGROUND (prefix-argument) is non-nil. " t nil) +(defun vterm-new () + (interactive) + (setq current-prefix-arg '(4)) ; C-u + (call-interactively 'vterm)) + +;; EAT terminal + +(use-package eat) ;; lua @@ -971,6 +995,9 @@ window, unless BACKGROUND (prefix-argument) is non-nil. (use-package terraform-mode) +;; Bash + +(add-hook 'sh-mode-hook (lambda () (setq indent-tabs-mode t))) ;; Nix diff --git a/flake.lock b/flake.lock index 33a1d12..6cf4832 100755 --- a/flake.lock +++ b/flake.lock @@ -11,11 +11,11 @@ ] }, "locked": { - "lastModified": 1695464766, - "narHash": "sha256-u1rpF4ypWlZ80dvXWG9QpeMsbKNV1NdIrOUijnsqV2Y=", + "lastModified": 1697769700, + "narHash": "sha256-ox9E90lRTKim6rb92kOfvqed+0jOmqgKpsAItsVdGdk=", "owner": "nix-community", "repo": "emacs-overlay", - "rev": "d073b90d4942257caa847becd802875391daadf5", + "rev": "7e236c963a46bc712971f9f6ff78f4ea50b64c0f", "type": "github" }, "original": { @@ -90,11 +90,11 @@ ] }, "locked": { - "lastModified": 1695939862, - "narHash": "sha256-YKDlS3HCXiMflP5i/uEQnZf2henO10beetINHj80hmU=", + "lastModified": 1698008546, + "narHash": "sha256-d/NKtADAQIWD55192MgRY+d2sSYczkbnQWKie8JOE4Q=", "owner": "~knazarov", "repo": "knazarov.com", - "rev": "ea70e4a202b4fdc0e5e20c5fce9a631093d3cf35", + "rev": "f7eab37ffcd60bc3beea83986a49e8cca66c24a5", "type": "sourcehut" }, "original": { @@ -105,11 +105,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1695479676, - "narHash": "sha256-YMcMXZ6xFA05egIwfUBh106AvaTHu3DBFQCnGuJx84Y=", + "lastModified": 1697795961, + "narHash": "sha256-0ebo3Aq3uhqcd9653sL3CPr6ANlfX3PwPBtGyvh4mgk=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "805fee6f38428d7ef2ee59b36cf910003cabed71", + "rev": "585a8b12b1ab3f5cfd7aec0b3958b754ef63bad2", "type": "github" }, "original": { @@ -120,11 +120,11 @@ }, "nixpkgs-stable": { "locked": { - "lastModified": 1695272228, - "narHash": "sha256-4uw2OdJPVyjdB+xcDst9SecrNIpxKXJ2usN3M5HVa7o=", + "lastModified": 1697655685, + "narHash": "sha256-79Kuv+QdgsVc+rkibuAgWHnh8IXrLBTOKg5nM0Qvux0=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "55ac2a9d2024f15c56adf20da505b29659911da8", + "rev": "80c1aab725151632ddc2a20caeb914e76dd0673c", "type": "github" }, "original": { @@ -141,11 +141,11 @@ ] }, "locked": { - "lastModified": 1696081283, - "narHash": "sha256-ldiJ3gWOvW/aq3zwetnSg1pjU7PfKYVsQWxIZGM/NNA=", + "lastModified": 1696170164, + "narHash": "sha256-ew+zhK/okYJdOdl3yWcRzi0NHfVbnXzS+EjlOf8vN6k=", "owner": "~knazarov", "repo": "notes.sh", - "rev": "38e2883be54cd6634d83888f8f8545ddb44b9556", + "rev": "342615a128cf96f1d6cb69a9c09e408d9ff0ab11", "type": "sourcehut" }, "original": { @@ -198,11 +198,11 @@ ] }, "locked": { - "lastModified": 1695284550, - "narHash": "sha256-z9fz/wz9qo9XePEvdduf+sBNeoI9QG8NJKl5ssA8Xl4=", + "lastModified": 1697339241, + "narHash": "sha256-ITsFtEtRbCBeEH9XrES1dxZBkE1fyNNUfIyQjQ2AYQs=", "owner": "Mic92", "repo": "sops-nix", - "rev": "2f375ed8702b0d8ee2430885059d5e7975e38f78", + "rev": "51186b8012068c417dac7c31fb12861726577898", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index 08091db..1102a56 100755 --- a/flake.nix +++ b/flake.nix @@ -84,6 +84,7 @@ mira = node ./nodes/mira; framework = node ./nodes/framework; knazarovcom = server ./nodes/knazarovcom; + videos = server ./nodes/videos; }; }; } diff --git a/nodes/knazarovcom/configuration.nix b/nodes/knazarovcom/configuration.nix index b16fa5f..e8dff2f 100644 --- a/nodes/knazarovcom/configuration.nix +++ b/nodes/knazarovcom/configuration.nix @@ -1,29 +1,22 @@ { config, pkgs, ... }: { - imports = - [ - ./hardware-configuration.nix - ]; + imports = [ ./hardware-configuration.nix ]; boot.loader.grub.enable = true; networking.hostName = "knazarovcom"; boot.loader.grub.device = "/dev/vda"; - users.users.knazarov = { isNormalUser = true; extraGroups = [ "wheel" ]; openssh.authorizedKeys.keys = [ "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIJkgpPDojl4RtsuFLIsHkH/19s3trYljdn/Jmbb3FCHNAAAABHNzaDo= knazarov@framework" - "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIO7W7yDKxAj9u1hu3zsZMJW+0HUnA/C/rkbuzkQantkaAAAABHNzaDo= knazarov@mira"]; + "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIO7W7yDKxAj9u1hu3zsZMJW+0HUnA/C/rkbuzkQantkaAAAABHNzaDo= knazarov@mira" + ]; }; - environment.systemPackages = with pkgs; [ - vim - sops - goaccess - ]; + environment.systemPackages = with pkgs; [ vim sops goaccess ]; services.openssh.enable = true; services.openssh.settings = { @@ -49,10 +42,15 @@ ~*(MJ12bot|IonCrawl|webprosbot|Sogou|paloaltonetworks|CensysInspect) 1; ~*(DotBot|ev-crawler|InternetMeasurement|CheckMarkNetwork|panscient) 1; ~*(gdnplus|PunkMap|pdrlabs|SurdotlyBot|researchscan|serpstatbot) 1; - ~*(MegaIndex) 1; + ~*(MegaIndex|DongleEmulatorBot|TinyTestBot) 1; } ''; virtualHosts = { + "www.knazarov.com" = { + enableACME = true; + forceSSL = true; + globalRedirect = "knazarov.com"; + }; "knazarov.com" = { enableACME = true; forceSSL = true; @@ -94,17 +92,14 @@ "matrix.knazarov.com" = { enableACME = true; forceSSL = true; - locations."/_matrix" = { - proxyPass = "http://127.0.0.1:8008"; - }; - }; - "turn.knazarov.com" = { - enableACME = true; + locations."/_matrix" = { proxyPass = "http://127.0.0.1:8008"; }; }; + "turn.knazarov.com" = { enableACME = true; }; }; }; security.acme.acceptTerms = true; security.acme.certs = { + "www.knazarov.com".email = "mail@knazarov.com"; "knazarov.com".email = "mail@knazarov.com"; "vmatveeva.com".email = "mail@knazarov.com"; "matrix.knazarov.com".email = "mail@knazarov.com"; @@ -122,9 +117,7 @@ global = { server_name = "knazarov.com"; private_key = config.sops.secrets.matrix_key.path; - jetstream = { - storage_path = "/var/lib/dendrite/nats"; - }; + jetstream = { storage_path = "/var/lib/dendrite/nats"; }; }; client_api.registration_shared_secret = "$REGISTRATION_SHARED_SECRET"; client_api.turn = { @@ -161,7 +154,7 @@ sops.defaultSopsFile = ./secrets.yaml; sops.secrets = { - example_key = {}; + example_key = { }; matrix_key = { mode = "0440"; group = config.users.groups.keys.name; @@ -178,11 +171,14 @@ networking.firewall = { allowedTCPPorts = [ - 80 443 - 3478 5349 # coturn + 80 + 443 + 3478 + 5349 # coturn ]; allowedUDPPorts = [ - 3478 5349 # coturn + 3478 + 5349 # coturn ]; allowedUDPPortRanges = [{ from = config.services.coturn.min-port; diff --git a/nodes/mira/configuration.nix b/nodes/mira/configuration.nix index 98ae196..ec4bb59 100644 --- a/nodes/mira/configuration.nix +++ b/nodes/mira/configuration.nix @@ -19,4 +19,11 @@ in boot.initrd.luks.devices."luks-8aa0584a-df60-42c3-adc2-d88b85544c85".device = "/dev/disk/by-uuid/8aa0584a-df60-42c3-adc2-d88b85544c85"; boot.initrd.luks.devices."luks-8aa0584a-df60-42c3-adc2-d88b85544c85".keyFile = "/crypto_keyfile.bin"; + hardware.opengl = { + enable = true; + extraPackages = with pkgs; [ + vaapiVdpau + libvdpau-va-gl + ]; + }; } diff --git a/nodes/mira/hardware-configuration.nix b/nodes/mira/hardware-configuration.nix index 4890840..8e11ef7 100644 --- a/nodes/mira/hardware-configuration.nix +++ b/nodes/mira/hardware-configuration.nix @@ -5,34 +5,32 @@ let -in -{ - imports = - [ (modulesPath + "/installer/scan/not-detected.nix") - ]; +in { + imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; - boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "ahci" "usb_storage" "usbhid" "sd_mod" ]; + boot.initrd.availableKernelModules = + [ "nvme" "xhci_pci" "ahci" "usb_storage" "usbhid" "sd_mod" ]; boot.initrd.kernelModules = [ ]; - boot.kernelModules = [ "kvm-amd"]; + boot.kernelModules = [ "kvm-amd" ]; boot.kernelParams = [ "mem_sleep_default=deep" ]; - fileSystems."/" = - { device = "/dev/disk/by-uuid/1a71ab59-b65c-4866-a76c-a1372cc30cb8"; - fsType = "ext4"; - }; + fileSystems."/" = { + device = "/dev/disk/by-uuid/1a71ab59-b65c-4866-a76c-a1372cc30cb8"; + fsType = "ext4"; + }; - boot.initrd.luks.devices."luks-ad5fe721-9e57-45ae-bc7a-9724590d97e8".device = "/dev/disk/by-uuid/ad5fe721-9e57-45ae-bc7a-9724590d97e8"; + boot.initrd.luks.devices."luks-ad5fe721-9e57-45ae-bc7a-9724590d97e8".device = + "/dev/disk/by-uuid/ad5fe721-9e57-45ae-bc7a-9724590d97e8"; - fileSystems."/boot/efi" = - { device = "/dev/disk/by-uuid/36AD-6828"; - fsType = "vfat"; - }; + fileSystems."/boot/efi" = { + device = "/dev/disk/by-uuid/36AD-6828"; + fsType = "vfat"; + }; swapDevices = - [ { device = "/dev/disk/by-uuid/9ea6aaab-0e78-411f-90fa-5161d897419b"; } - ]; + [{ device = "/dev/disk/by-uuid/9ea6aaab-0e78-411f-90fa-5161d897419b"; }]; # Enables DHCP on each ethernet and wireless interface. In case of scripted networking # (the default) this is the recommended approach. When using systemd-networkd it's @@ -43,8 +41,10 @@ in # networking.interfaces.enp21s0u4.useDHCP = lib.mkDefault true; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; - hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; + hardware.cpu.amd.updateMicrocode = + lib.mkDefault config.hardware.enableRedistributableFirmware; # for mira - hardware.system76.enableAll = true; + hardware.system76.enableAll = true; + } diff --git a/nodes/videos/configuration.nix b/nodes/videos/configuration.nix new file mode 100644 index 0000000..f303bf0 --- /dev/null +++ b/nodes/videos/configuration.nix @@ -0,0 +1,143 @@ +{ config, pkgs, ... }: + +{ + imports = [ ./hardware-configuration.nix ]; + + boot.loader.grub.enable = true; + networking.hostName = "videos"; + boot.loader.grub.device = "/dev/vda"; + + users.users.knazarov = { + isNormalUser = true; + extraGroups = [ "wheel" ]; + openssh.authorizedKeys.keys = [ + "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIJkgpPDojl4RtsuFLIsHkH/19s3trYljdn/Jmbb3FCHNAAAABHNzaDo= knazarov@framework" + "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIO7W7yDKxAj9u1hu3zsZMJW+0HUnA/C/rkbuzkQantkaAAAABHNzaDo= knazarov@mira" + ]; + }; + + environment.systemPackages = with pkgs; [ vim sops goaccess ]; + + services.openssh.enable = true; + services.openssh.settings = { + PermitRootLogin = "no"; + PasswordAuthentication = false; + }; + + security.pam.enableSSHAgentAuth = true; + security.sudo.wheelNeedsPassword = false; + nix.settings.trusted-users = [ "@wheel" ]; + + services.nginx = { + enable = true; + clientMaxBodySize = "1024m"; + virtualHosts = { + #"www.videos.knazarov.com" = { + #enableACME = true; + #forceSSL = true; + #globalRedirect = "videos.knazarov.com"; + #}; + "videos.knazarov.com" = { + enableACME = true; + forceSSL = true; + locations."/" = { proxyPass = "http://127.0.0.1:9000"; }; + }; + }; + }; + security.acme.acceptTerms = true; + security.acme.certs = { + #"www.videos.knazarov.com".email = "mail@knazarov.com"; + "videos.knazarov.com".email = "mail@knazarov.com"; + }; + + + networking.interfaces.ens3 = { + ipv4.addresses = [{ + address = "107.189.7.30"; + prefixLength = 24; + }]; + ipv6.addresses = [{ + address = "2605:6400:0030:eb21:c7c2:1dfa:e144:b0a9"; + prefixLength = 64; + }]; + }; + + services.postgresql = { + enable = true; + enableTCPIP = true; + authentication = '' + hostnossl peertube_local peertube_test 127.0.0.1/32 md5 + ''; + initialScript = config.sops.secrets.postgresql_init.path; + }; + + services.redis.servers.peertube = { + enable = true; + bind = "0.0.0.0"; + requirePassFile = config.sops.secrets.redis_password.path; + port = 31638; + }; + + + services.peertube = { + enable = true; + localDomain = "videos.knazarov.com"; + configureNginx = true; + enableWebHttps = true; + listenWeb = 443; + + secrets.secretsFile = config.sops.secrets.peertube_secrets.path; + database = { + host = "127.0.0.1"; + name = "peertube_local"; + user = "peertube_test"; + passwordFile = config.sops.secrets.postgresql_password.path; + }; + redis = { + host = "127.0.0.1"; + port = 31638; + passwordFile = config.sops.secrets.redis_password_peertube.path; + }; + settings = { + listen.hostname = "0.0.0.0"; + instance.name = "Konstantin Nazarov's Videos"; + }; + }; + + sops.defaultSopsFile = ./secrets-videos.yaml; + sops.secrets = { + postgresql_password = { + mode = "0440"; + group = config.users.groups.peertube.name; + }; + postgresql_init = { + mode = "0440"; + group = config.users.groups.postgres.name; + }; + redis_password = { + mode = "0440"; + group = config.users.groups.redis-peertube.name; + }; + redis_password_peertube = { + mode = "0440"; + group = config.users.groups.peertube.name; + }; + peertube_secrets = { + mode = "0440"; + group = config.users.groups.peertube.name; + }; + }; + + + + networking.defaultGateway = "107.189.7.1"; + networking.nameservers = [ "107.189.0.68" ]; + networking.firewall = { + allowedTCPPorts = [ 80 443 22 ]; + allowedUDPPorts = [ ]; + allowedUDPPortRanges = [ ]; + }; + # networking.firewall.allowedUDPPorts = [ ... ]; + + system.stateVersion = "23.05"; +} diff --git a/nodes/videos/hardware-configuration.nix b/nodes/videos/hardware-configuration.nix new file mode 100644 index 0000000..9264b80 --- /dev/null +++ b/nodes/videos/hardware-configuration.nix @@ -0,0 +1,33 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ (modulesPath + "/profiles/qemu-guest.nix") + ]; + + boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "virtio_scsi" "sr_mod" "virtio_blk" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ "kvm-amd" ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { device = "/dev/disk/by-uuid/a1fbd9ef-8b11-45d0-8763-c16000fd2860"; + fsType = "ext4"; + }; + + swapDevices = + [ { device = "/dev/disk/by-uuid/e237bab4-fe76-4823-817b-d9999748d7d0"; } + ]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.ens3.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; +} diff --git a/nodes/videos/host-metadata.nix b/nodes/videos/host-metadata.nix new file mode 100644 index 0000000..3e5ebe8 --- /dev/null +++ b/nodes/videos/host-metadata.nix @@ -0,0 +1,4 @@ +{ + system = "x86_64-linux"; + host = "knazarovcom"; +} diff --git a/nodes/videos/secrets-videos.yaml b/nodes/videos/secrets-videos.yaml new file mode 100644 index 0000000..cc5bbcc --- /dev/null +++ b/nodes/videos/secrets-videos.yaml @@ -0,0 +1,45 @@ +postgresql_init: ENC[AES256_GCM,data:q2aDuTt+9IBYBvKknCfl48R+pInE6nEBagjX+kfLGhZeeD40JypaVENVkhgWd6lgFof9WNNSuRF80IXQPbsmx2UU+nDQN6c6y5oyePsSl96mnuxC7BTq5ySbH784YlR5r6m112iOiKixJIveztUZrpbVq9jbpOd77noT1+VmWZjgtleRzaxy7ucB0685GBSHAhS0gub4BrS2CvrU+UNklu/X+GuZcLqDMIuSemRauTyd2Lqzpj1JNxgd49lDill3aO/w2eG69G4Jn2Ot3Va79FfFvZvYdZpz5qCkPlZXkbgAd0U+XvucFxU6g4zOrdqbA8OMwuraUpzAh1erCyPdn6nlz/KYAajZyGTTL8ViqyUSTuemSn1To7ko5VF2n4xsxfcROpm9Zr4phGjpeoVs+8Ya,iv:k291En6bZxAQREnk1Gp7bk+ffI+RFKUXi+azratVQts=,tag:RF0OLZEKwoPgWF2NQz8aag==,type:str] +postgresql_password: ENC[AES256_GCM,data:sVs1nK4m2g3e9IPONacQNxg8leSHhcke4Q==,iv:Wj1QmjqRpR3MVkMxsiOTmOp+F45u6/G/uXGn1/U8CLg=,tag:RewivpcrTZxDfkRVSHlWsg==,type:str] +redis_password: ENC[AES256_GCM,data:0sRW8zg6ST9fZJi7lC9HuMcjEeObtXJPjw==,iv:L0iee1c0CtsIPEhIYVCRjAQPRzGsAVGlSHQDQ6Ypw3E=,tag:Fbm4C4WxusiolsQdmxWKKA==,type:str] +redis_password_peertube: ENC[AES256_GCM,data:MBbfvWovKhVqQS8dWKlBSKCFtnLGl5sZIQ==,iv:f9+vuE4QtZ2udQZLUKQAgTn9XfG8crHqIicKDQHZEkg=,tag:oxk7xj2rLx28OIkudsOWzQ==,type:str] +peertube_secrets: ENC[AES256_GCM,data:oFkwr2gg+bzTC/iaZ2GzQQ7b7NK7eZs9JW96Jv7Evaar9wbfYJRpAuoHfYf0pzMRJ3qvNfchXfa7D5cddx24SQ==,iv:Bdcjq1GMhmh+wl80jFAeQ2UDeD2jGBlnXQrAo5eZuEs=,tag:SzUwJ/jJPFsXfMH+vNjGSQ==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age16md2hayuu3txmv5xykkdwdnwn4ep2yg9kcrrkwzxphzjlnu6g3uqsk45re + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB2Rys2czUvN2lPQm9mQ0Zj + ZVViQnYvWW04N2dFd0k2RHBIeUlPMW54R1dvCnNHaUpsSFBMSWFrRVJKdXpxM0ZN + RzBnaWxOWEdJcFJMZEs0SW5vb0NaUTgKLS0tIFEvZ1Nsd3RiUys5RTVLWjJPS2dZ + dmkwMjZxNmJQVEx6OTRKa0c0RWRVdmMKMbFRo4DH2npvGXuhgYaXm39qIK7TxzEF + FEmqf4TG6g2mgthnkH/fHkr5WTJBjlTlRBnxkepFygFpb3405RiWaw== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2023-10-25T22:30:12Z" + mac: ENC[AES256_GCM,data:49o705lbbI4r3l7WFlitd2bBcIEoqOvmNk+UvtNkoKy7q2cQySUpPNSGrV4nzdhfUhWBti5ntzXdsJpGYDhtf9VOVub39oYtnHsgTM9tv9CRZlHJgsKNmJaousQR9oRZw4Ju32yLDzspvi2fNH//bN80IkiBmVayg2Z/ea4tWAk=,iv:/YCU8HOIh2XY29+3lPSl3m74b0K+WTOd7aUnGY+oHsk=,tag:Tb6p+EtihV4X9ZP54aqyjQ==,type:str] + pgp: + - created_at: "2023-10-25T22:19:47Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + wcFMAz3KbDTqPV7IARAAmXxEKOOguwKskZErr79loGEboZL0YLJhujsslvIhYBXL + PyWcTBAHOYuCM1M3Vpg3k84/sRYXplRaBohnAgLTMVz1ZC6STSypGEtK9WLGy2TG + 1KNp5VhDVEdUWj1ldU5K3NGTwA++rMpB7O/lnKmcDFTHYe6GL5a9unE895Ecz9fX + JdTV9cJvvMmjAs3X2y7tYXwQydGQ4yQI3dqXAS0Xtsl90fH4XIIYPl2rHFX8BNam + L+k2+uFrrFrFYP9vGj2D6I6kJTeoBoAk7wGG0kUN+U3ykpZL9o58+drNVi+ZSv3b + JgQ1wssh77L8jmRneUb/BjpX5AlbIMq/pJZw5ZZuu9SDEukxvMFypwr91TaHZFfG + sZ262bMt+U5+hytVj3QsRX+SJI9UfYF1W+HLSiTzckkjw06OTLdffoI6g6vDGLg+ + bS8UvlAay0TLprf1NKlsC98wevabU1mYW9CnKCykt3e9B6Oc8DdjKISezzc4McbR + R158vnDZITJW9owGgUZC45p2zlpWowfLfXnnttyLsqjSKzqELvax7u7xbIbDQ2sX + mtgIJOLu8hMlIlC/JgO86t7t3A1xbvYszo3zCO1czfkSAIIIHX/xsehaJxAZ8l3y + pMwzNAIVcBMN2qfICYa2ehbB2V2HMoROdHvQzbRJLj2VE5JCucCbLTTbZ6sLs1/S + UQFTUGIKsPIhmucuT4t69WVEY+mIx/1UP2Kp15RttSRdmhFaa0sWQn5BGau83lB0 + NMu3iDgq/tvOlE7JHxLAnCcGnm76ARYU9BGrB06rbOmM2A== + =0sBJ + -----END PGP MESSAGE----- + fp: DDB4423999505236CF585F9B0560020C9C577C1B + unencrypted_suffix: _unencrypted + version: 3.7.3 diff --git a/pgp_keys/nemo.asc b/pgp_keys/nemo.asc new file mode 100644 index 0000000..594f620 --- /dev/null +++ b/pgp_keys/nemo.asc @@ -0,0 +1,41 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- + +mQGNBF11TxgBDAC+wWm/Ica/y7PU9rD6R22PUxFWJ893qfWrHRNhZZV9b+Cx9WkX +S9WZwnk7w5EKM9zrkSYuJlplxU+xQapdJx+wWikhT3419JsBrKdixel+ugc5upxN +Nr68l2XNH6EYgADL8gcMGsH+MplxnNTvtcOgwXHkMxtxOCHYZPZBkjYXXaqJO5a/ +asw6HT8Ne8M/jeOtjm3T03iNatnyZyH3IiFjjibGtMLIVVlbd9tJonpgQXHlxQjx +Qo6kO/SZ5LQNsvoV2Lkz3knxh/2P50eKpsLrD4usu9foAbBXRRT6uqyzBgGcVdB8 +2PW2TfMx25lsXBNKcikRTxhymVIXOKOYdau/HvSHdya3aME3Vt0rEqZhL+oI58oO +en7kPpxqXFq7BV9SkcwPKY+NV87BLHeBIW1pxvX5sszMd23HJ8nAH9ElXqbfOAOn +OPKpERgotugqPIzPr70C6/IZ6BTK0mNM0XjS1I1RZI88TlyXh20IEUk19GWu1jLU +KPelR+xVEMVvojMAEQEAAbQlTWlraGFpbCBLb21hcm92IDxuZW1vQG5pbC5mb3Vu +ZGF0aW9uPokB1AQTAQgAPgIbAwULCQgHAgYVCgkICwIEFgIDAQIeAQIXgBYhBGOB +4LBSwPoHQei88woTEQJoGppDBQJj3wegBQkSz/eAAAoJEAoTEQJoGppDA0cMAIsw +rezpf2gW/hEl11+PCIOlIDpyAQQ93YWRfkzheRmTuiZSjuMVydPb+Aa0IUrL00zC +eRPzgP/HpJ+n9l45+WsJS3xcU0GLtJlNqvskjG9BN72eWoT69eIiHkEbSZuXIEUJ +agC2wOHhHV7ClOWq5voFxIbemKlN6pkZ8NFueZJ+TxnevJIL7lM7t5+GrB59hxEq +ceH9hkUGxRfQthXYem9lzm9jb4/bJrDwTLOv16Vuzij/6sr6DsqTIWlIZ8MvUkXV +pJk9Jjk0HNGU1aRsuVHkCnUSPpA7QVTrlGXD5CF1nTKhtQaJ0I2CsyGdx8l4DC36 +D2EBxGqdSh70xtWQ0FYn68zNSv4MvhaQNlkDtVo0jDiTX2WoqTrSuCbnQ2+HY/Bu +I8kx+Cy9tN3isvodm8bKNCQxopfWFQC0rjg04xFiQ6ej1GTpuZfAa2FfwotcyYSr +e6Nq8sIxITLhu4PqZWI0ybJHOGRqX8st4no6f1mdhf1ccLlNXKKqJJsle6nh/LkB +jQRddU8YAQwA54U/ODkn99+xBmAKgtXnYlMtBnKzwGO5zRazRjiZ4CD07UwRdOGM +N15LHePDXf5GNnc7KXVlQLu+5ixswNkTkLnaJutzfSho5HwwsRqV+LdxX/3WQ6GP +wtLsPX3r0HUY+noA9wJou6bFCu+RB70ptWsQCtuifBDtOYcrDow/f2ne0ZtAIgiz +zSUyqVV6If68JPuMmIfwg8enNIolyFo7UwDwOieX09lxaMcNhuuGen2uftYieqBD +GxlRc6s2LFpbo3gVX47DlnhXjsiYc2ccrp0/PsWMZlvlX/Ktfj3qdUZkfPwUCJMx +6q6nEHG7mY98XWSCZe4o3XjUyz7pWAW0AU9ZsM+IxVUsaBwy/MEqtmBLbJ14i2Sp +1tQqtigiaBUONYs+XW8G0A3ZO8jfReK3BF2HW41BGPiogrlG3dxWOpjAp5K2/Wdm +1eFZpn4N4Yuo+l6p/ahRynB4tZR8PFd4QmcwcQz//Ghrg0MIpLSFGw9UPEegtYiP +E6okZjJDu/btABEBAAGJAbwEGAEIACYWIQRjgeCwUsD6B0HovPMKExECaBqaQwUC +XXVPGAIbDAUJB4YfgAAKCRAKExECaBqaQ7xlC/9GX/8BGlnQyEqUXoHKD9aasqxV +d2NmA3C/OUKgZZqmErmPVouApVhE4nYJQHLeaCOoZdEzBXrRVebMXbsvDQZy5xwa +OWjSaSJc7aQq/JA/Ij6x2NGlvPvrWGtpXel0Ws2pAohB5jSfMsMs5C2/dKL8pKOn +cR6gDVH7VTRjt53CMFXsOk9R2bV5i3lfwgKH5/TtiNSxGteiiECwr9epx+wvp2hl +1EOijoPeCVQnIpR8AiPBe57zaM++hzuoKJb7RxPzyeRdU27KJbENtW/ejOGw7KnV +sdeFHK2KAD3ESdnWPp7upll2h4zjxMbhvLWH6BSuW4SRZam+Ur0tDlD4XZZcE7WM +Vo4/F5qcFakmUH9yISIhhjkjwXE49oRf2wP85gv0le+uTNOd0FtqegltzUQkBDq4 +wBLjY5aXT0IdaIJnXFgHc4WiGZpCMoTJECjGC0RV2tO+2b5n3Ly/6z71Y7thDKVD +GJmEFZCof+JXVbKiQ97v429IN+o3lv+9BuMgGSM= +=2x6g +-----END PGP PUBLIC KEY BLOCK----- \ No newline at end of file diff --git a/secrets.yaml b/secrets.yaml index d4273cf..003fec0 100644 --- a/secrets.yaml +++ b/secrets.yaml @@ -2,7 +2,7 @@ hello: ENC[AES256_GCM,data:+LPt8J+Ks1m10+zZ2Q96r3K2W6Yeng7M7+c2TYDQ+/4AJl6Xc6hVn fastmail_password: ENC[AES256_GCM,data:tHr8PqIg9DigRBu2bgjUeg==,iv:NI9bENFPuKcOt1cd2kg2DKU22J1dJ+3mK7UoceZagR4=,tag:oEgeQb1iLKisOqHi9Ds7xg==,type:str] github_token: ENC[AES256_GCM,data:E1+wrI5VUlnsqfKNH6fY7IXqHIiagAByLYCfIfdd2+HcvniAvZzaIyKB3nma5eks3csN5A9XgYXRb09lELroW00obmIWbWZPdFhDccHRtVOqFq/r+x27O/3MAkDqID5mc8xD8SqWUibr9UZfXjFcXC4bx7+a4pyy45akz9RLIJRVKDzxMBGmZ/wQcuFS9uy2Pv2yWRL7q4olzvc/kzNFRWCLU7ThIAJSIx//NluOE8xjsA==,iv:Cdc2wwGdXprch1hHd0CwJM6vUAYmfhI4FpcKjcoIZYY=,tag:so8BJtjHGcGzayPqMwy43A==,type:str] mullvad_account: ENC[AES256_GCM,data:CO4wl2vNAMEC9oy37nIrpw==,iv:a3w64u8XQ/tihIDxIPPtdZ6F7dldLPvRzGUs1MpVe4M=,tag:HQxJVuGEvI0fVj8yGptbdA==,type:str] -git_plan_config: ENC[AES256_GCM,data:K1jtHTmSDrWeld/0WWDTToDUnnDmXiQqiX7q/xKnxPYcC4ZLo7roIkz1OfnIlcML7sk3ZIBEf1rFI7AdXQWbJouQP7R0IPN2gOBZxC9JoaTNftuYY1lfdjuaTDVpMJtZuWHFtk6Oc+LZ7TH24TnHXbw3H9JFmZSeb+Ztl2n0gINNWrWdw4HrN/puouHQl4H7bLsDhD33X5lv/nOsE0KR52/F8Iae0Tvud7Yk69b+xcirlaAP5xxvHRh03jfxQtiYpIU5v8Qv2U9aL7k625uJLswdM/7DLlvplTV4zbdnf2j6VvTerGd4NmewVwQEfr/hzJg+0avClD2o9mNZNNpV/gMTtVrZgJsWGQocA1HVXaazxFvlb9LsFe9PI0MTlxr/AHpW1F33eHaSP7HAWJ5GGTwK1W7FQRf4L8P6ozAOQeESeJIfF4Zeoh8FC/6ZrqtwVNhyGMat2EaSgPNISnfOTYu1mWBebQ+spsy4yt9S/t5oFkLuD2KpxLohj2PaOVk3p03DQXoCCf5m67ODvuCFG8lEV8xaXtfFRR9WjB7KJx1SZbUvTE8Hnzos6UTUqMnAG/X0WiTRgK5kaH7FUMhK7eElBY9/CQg9Q9qWPy8mbZQmvgejcDYsxmsL04oNGVyaSN+HyJi6sS6KkICKtRNJYEF9K/VExBEqWBWRPhe88ESu7oEnziOkzoz0BdJix10lxNgiN/t/+XNMrDCMqeCLxyYq9XDn4Pr+4mXKHOwGbofwSlAp9HJLa+yi/F4sleDW9WvYFUdFleweAij10KDQ6N/XOSKOe4quH6BXCJZC+8Aig4DRlosMdtSkqPGny1DD1mQYdyVbL1c9oP4XVUklF/fKt1qH8g+ORLUMX6IefM7W8aKwyTQImcbiL+ZWjs7YH+JdJ2uYOhY4WL+0bAdLD5lGuQu9yoO7LvcxzBz22RrF4/85BshNVVU=,iv:ZDmaGvR1Eiu1NtXP1wXPvvrcm375QKinjcjHrgSj/OQ=,tag:b7y1N3thEYVQFHz7HIGz8w==,type:str] +git_plan_config: ENC[AES256_GCM,data:2D7EgJF6Peh0j+h/c02U2qGWLwrPWRGX6YeAremV4lbea1PCrsydxoRAAd5NGIg50zFL2IpIQTqiDDFNXZe9ZzEYlKBukARuM/T/QexR0jP7bELm3CmxkoMS/ZDilFvWFnZfyYOhNiFFPDpH3qFwn+Sk19I24GsPsO/mPjVFdyiAKpKLggu0EsuDcbORvbe7o/uzJHxE3Ph2u6jS61L5dByPThiY0an84Lujz05Xwe0dJuv6yHmzbHvvrnfOovybJAWwk41XyaQylq5Ld0op/InRskhBPn8bW+aVhTiVpYTR6Ve5hCjveim+FLFkgSZQIPxNZWKkUaDeyC6jCyQ8lu0MARbLWdmsZwMW6cM7iKGOodzlx4QPQFLaSZokNz4f+rQPqrD/0cidGD6alhRqSWL5XsIlGlrtPBwgBGdFbwrns+lkAZYFOjiCG+cnWUdhIJbHAK1QJAuV5DMyU/9en0ESKo6zrQZc0vpA0Uf1lhqC4QInw7+e6yE1GqxlbhaVmlo6hc9AVRxLVFiSr0e9wBMbdyISCr/dsoq7Z8whGipePA05OApX3f3Zv5A2nv434eQ/C3y/cld/lLpvV5O7yKJKoZHSnDvViiydQWEzkSVgaOPwCDZzcYJlOVVZz+Nnyx7YF4fhUeRcnBsQhl/eYTmdvTPbXbkoyuol9ikFehWsws0hdiElBCYdtxLIC/VpMjMBKdHexBgG1i1JVPHOK4KPgZNYFy1/wbBINRx4iPN5NIakkSERhe7RHKqkatSp1o614AImBaoW+yIsG2uM9up1pkNDgt4hyhW9kMftrv6Po2uhq46Cf6nxX8j8cepqKOigxt2E8ajnMqWKQ937RtyoCccRw65ligAXOaL5RAWiyrggXR6mpcnWTNQkjgFh5lsgmTNXA3O/ItkICfekr0uDl4kRagG89NWaYmRfFCUg49m8vJ2OaF8Fy+Ae2NKjdi5lOdEWk/5ydPzgq8zw4ek=,iv:O4CsEXqMDd6ow/V21ULhfi+qlxjcaWc2TelrAy72JDY=,tag:mo7uUQmolaDCSpN8s8vkYQ==,type:str] git_plan_credentials: ENC[AES256_GCM,data:d4egK2w4TGIDNaI2Wc3ViOBnH7/WpdeS1EoYe4/oaM4iayBXOEQMvT9qIgu/Hml34gvbBN9lRmlNkESVh7YpwO5wACkkRcO/0ZTyP8XzFUUo0IfUh1iHPjEQOF7vygW/woqBiQgFPRws9F+g6BW8aSQrBgvBF5IeNLhFBvSJUvTft1xEsNwFnkWnfZ2JWmYqLjEggoUEqtXMRw9KKcqm4DNXIzxmA8wSzDriIzeCVuSEV8sJD21saFPPaLw/jupLTLdWp5F8rAxLGa6e9coCNu8vSuqUgfv0jFET71bNw28xPrN38A/PIlUcR9MXe1SGqKAFxEv134ZkJr78g1PIWNoVDrmIlMpV6dYRLKM1FOcpAhJorIXooIl6quCdg2/U5onP8cQ7lt2LsEG5APKj7pz7huatdwM/CgxrcqPVb0E2Lk5c+wi3Rf9/Jz3BqcWQm3bwkHwivWyCD1Nw+qRXLFSfXGTovSBsxX0j4LbdP0o4iPuj068DGawpYC/AfcKfOCmh8aInQhGCQtIq14QGffU9GbW37gHu,iv:ZzOUYu3s+kfwbKajA+6fdu2EysipjoKD49muLNFBZ58=,tag:e0RI7rA8eLQI8h5L4pvS1A==,type:str] sops: kms: [] @@ -28,8 +28,8 @@ sops: U3loV2xDMkM5SWNXRDJobDloL0FVUUkK3OP7KvcKkE8mJ880dm6LMFZUxELjl8/P 6+q8qAYiAvl0Cbd4GzkNpUuBbLlFFWfFmC0vbgg8gyZ6xI5AFhHAPw== -----END AGE ENCRYPTED FILE----- - lastmodified: "2023-09-04T08:56:05Z" - mac: ENC[AES256_GCM,data:j90tHJC29wq5E5c68/NFKLsjid+Pr90HtAQHNPfOpWKEQapYAYcLBf9OYpJvSh3errLEEVOl/aoIoycDxI0vb6gX98In4hRXP9QkJO2ew/PyDOEKGMxaoYSKnfslB0VaEHPrC3LLAm/1qtuWWSLJT02WPke8iU2KtaQgCpc1XiY=,iv:2AeIHxbIi1UqB9d2EEgHD7PWKdh8Ystt6p+N63fDSGg=,tag:789IAWnTi2L3OWxHLPSVSQ==,type:str] + lastmodified: "2023-10-03T11:01:33Z" + mac: ENC[AES256_GCM,data:4x92WpoJ7RzT8FvpiacrlO+/7iJ1p9Do7iE4SU33aV4ASZt6spWpX+gkTEIaEo2lrJ7n1jPzFsPSjdguKBeg7RnMyIcuo010x32/ueBNSun57NU6Ay3XaP1FJ06LffMu7QmX2mJAZQG4BmITEwDUhNvE/0nAIqRfHVqYJywvvlI=,iv:l6C8uPmsPh9rh3pc5iWVXUBmd9nNvGNEAMkwjmRX9ag=,tag:54ojG4YTdaBuvedZBK7y+Q==,type:str] pgp: - created_at: "2023-06-10T01:03:11Z" enc: |- diff --git a/switch.sh b/switch.sh index f041a91..221d2db 100755 --- a/switch.sh +++ b/switch.sh @@ -1,9 +1,11 @@ #!/usr/bin/env bash if [ "$1" = "mira" ]; then - nixos-rebuild switch --use-remote-sudo --flake `pwd`#mira + nixos-rebuild switch --use-remote-sudo --flake `pwd`#mira elif [ "$1" = "framework" ]; then - NIX_SSHOPTS="-t" nixos-rebuild switch --target-host framework --use-remote-sudo --flake `pwd`#framework + NIX_SSHOPTS="-t" nixos-rebuild switch --target-host framework --use-remote-sudo --flake `pwd`#framework elif [ "$1" = "knazarovcom" ]; then - nixos-rebuild switch --target-host knazarov.com --use-remote-sudo --flake `pwd`#knazarovcom + nixos-rebuild switch --target-host knazarov.com --use-remote-sudo --flake `pwd`#knazarovcom +elif [ "$1" = "videos" ]; then + nixos-rebuild switch --target-host 107.189.7.30 --use-remote-sudo --flake `pwd`#videos fi