knazarov/nixos
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Add videos.knazarov.com and some emacs changes

Browse source
This commit is contained in:
Konstantin Nazarov 2023-10-26 00:31:53 +01:00
parent 8fd7e4c619
commit 92c25e624a
Signed by: knazarov
GPG key ID: 4CFE0A42FA409C22
15 changed files with 425 additions and 91 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
.sops.yaml
View file

@ -3,6 +3,7 @@ keys:
- &server_mira age1le98v5v0xnlnc4y0ydgj9kwfftt8g5wduws8zsadgc97pj0fzecs55tjvz - &server_mira age1le98v5v0xnlnc4y0ydgj9kwfftt8g5wduws8zsadgc97pj0fzecs55tjvz
- &server_framework age1rkmhgep2jhdnma24x7ufzr686cwq6p3nk7mmedykan0d7c36xaus2y58sw - &server_framework age1rkmhgep2jhdnma24x7ufzr686cwq6p3nk7mmedykan0d7c36xaus2y58sw
- &server_knazarovcom age1esdg28lplhhvrj6vmqu9x0adyxj5trp2dp7my3k57kjhkstkk9cqkg5qkj - &server_knazarovcom age1esdg28lplhhvrj6vmqu9x0adyxj5trp2dp7my3k57kjhkstkk9cqkg5qkj
- &server_videos age16md2hayuu3txmv5xykkdwdnwn4ep2yg9kcrrkwzxphzjlnu6g3uqsk45re
creation_rules: creation_rules:
- path_regex: secrets\.yaml$ - path_regex: secrets\.yaml$
key_groups: key_groups:
@ -18,3 +19,10 @@ creation_rules:
- *admin_knazarov - *admin_knazarov
age: age:
- *server_knazarovcom - *server_knazarovcom
- path_regex: secrets-videos\.yaml$
key_groups:
- pgp:
- *admin_knazarov
age:
- *server_videos

71
configuration.nix
View file

@ -5,6 +5,19 @@
{ config, lib, nixpkgs, pkgs, home-manager, ... }: { config, lib, nixpkgs, pkgs, home-manager, ... }:
let my_python = (pkgs.python3.withPackages (ps: with ps; [ git_plan ])); let my_python = (pkgs.python3.withPackages (ps: with ps; [ git_plan ]));
my_emacs =
(pkgs.emacsWithPackagesFromUsePackage {
config = ./emacs.el;
defaultInitFile = true;
package = pkgs.emacs29-pgtk.overrideAttrs (old: { withTreeSitter = true; });
alwaysEnsure = true;
extraEmacsPackages = epkgs: [
pkgs.mu
epkgs.treesit-grammars.with-all-grammars
];
});
in { in {
imports = [ imports = [
#./gnupg.nix #./gnupg.nix
@ -13,6 +26,7 @@ in {
nix.extraOptions = '' nix.extraOptions = ''
!include ${config.sops.secrets.github_token.path} !include ${config.sops.secrets.github_token.path}
bash-prompt = (nix:$name)\040\[\033[1;32m\][\u@\h:\w]\$\[\033[0m\]\040 bash-prompt = (nix:$name)\040\[\033[1;32m\][\u@\h:\w]\$\[\033[0m\]\040
extra-sandbox-paths = /nix/var/cache/ccache
''; '';
sops = { sops = {
@ -82,7 +96,7 @@ in {
users.users.knazarov = { users.users.knazarov = {
isNormalUser = true; isNormalUser = true;
description = "Konstantin Nazarov"; description = "Konstantin Nazarov";
extraGroups = [ "networkmanager" "wheel" config.users.groups.keys.name ]; extraGroups = [ "networkmanager" "wheel" config.users.groups.keys.name];
packages = with pkgs; [ ]; packages = with pkgs; [ ];
openssh.authorizedKeys.keys = [ openssh.authorizedKeys.keys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDGxebDydOcs7URJjXFHMU++ruaZOJpXbK4ixH19pWTsX7WtxxriZxD4+RQ3oyllGG/8sEFzEe0NoTHUPU6YrBpfwT/ekGDmCJHtvZ+rZs+cRQd6tObfAUip1B1Mcvhuaj0prnrbfohOuHpvQ/L8TogIKuHgczDmud4KGUu0mxCsUHbD5tlKpsgN+dJXkvjxsO7JhhF9JpFTrYAU0gTuBPTt3ynpnZKrE1NgnE0iy+CEr/v41dLqxw3fUjT3nOFUQ1l/VKTw5mLt5Iw7XmBLuFGLRAVrwzXxeBCfYqKGYgY4QV8HCcVpcqC8zWmRskiRetzQ/5HwRagm4yZr0I+LZ305nGB0cSJzLWXXOUF6SDg2cqAXFpF/o2LoFCmaV5h3jmCGOUrowF7oV4mYwBMWfabrbZx21z/R56GkAOOEKc2h+Qh5wIj4yayX081SkqJK3J9+3vGG4VvXnwGnPnWQFqrzeedyV74maffGBGFYm0UOcD+oG6EwM+7MEUBpJm9m4c= knazarov" "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDGxebDydOcs7URJjXFHMU++ruaZOJpXbK4ixH19pWTsX7WtxxriZxD4+RQ3oyllGG/8sEFzEe0NoTHUPU6YrBpfwT/ekGDmCJHtvZ+rZs+cRQd6tObfAUip1B1Mcvhuaj0prnrbfohOuHpvQ/L8TogIKuHgczDmud4KGUu0mxCsUHbD5tlKpsgN+dJXkvjxsO7JhhF9JpFTrYAU0gTuBPTt3ynpnZKrE1NgnE0iy+CEr/v41dLqxw3fUjT3nOFUQ1l/VKTw5mLt5Iw7XmBLuFGLRAVrwzXxeBCfYqKGYgY4QV8HCcVpcqC8zWmRskiRetzQ/5HwRagm4yZr0I+LZ305nGB0cSJzLWXXOUF6SDg2cqAXFpF/o2LoFCmaV5h3jmCGOUrowF7oV4mYwBMWfabrbZx21z/R56GkAOOEKc2h+Qh5wIj4yayX081SkqJK3J9+3vGG4VvXnwGnPnWQFqrzeedyV74maffGBGFYm0UOcD+oG6EwM+7MEUBpJm9m4c= knazarov"
@ -155,20 +169,12 @@ in {
graphviz graphviz
fzf fzf
nixfmt nixfmt
my_emacs
libreoffice
#network-manager-applet #network-manager-applet
(clang-tools.override { (clang-tools.override {
llvmPackages = llvmPackages_16; llvmPackages = llvmPackages_16;
}) # mainly for clang-format }) # mainly for clang-format
(emacsWithPackagesFromUsePackage {
config = ./emacs.el;
defaultInitFile = true;
package = emacs29-pgtk.overrideAttrs (old: { withTreeSitter = true; });
alwaysEnsure = true;
extraEmacsPackages = epkgs: [
pkgs.mu
epkgs.treesit-grammars.with-all-grammars
];
})
# wget # wget
my_python my_python
]; ];
@ -186,23 +192,23 @@ in {
services.fwupd.enable = true; services.fwupd.enable = true;
services.gnome.gnome-keyring.enable = true; services.gnome.gnome-keyring.enable = true;
services.emacs.package = nixpkgs.emacsUnstablePgtk; #services.emacs.package = nixpkgs.emacsUnstablePgtk;
# Enables wayland support in electron apps (e.g. slack) # Enables wayland support in electron apps (e.g. slack)
environment.sessionVariables.NIXOS_OZONE_WL = "1"; environment.sessionVariables.NIXOS_OZONE_WL = "1";
# Set default browser to qutebrowser in electron apps # Set default browser to qutebrowser in electron apps
environment.sessionVariables.DEFAULT_BROWSER = #environment.sessionVariables.DEFAULT_BROWSER =
"${pkgs.qutebrowser}/bin/qutebrowser"; #"${pkgs.qutebrowser}/bin/qutebrowser";
# Set default browser to qutebrowser everywhere else # Set default browser to qutebrowser everywhere else
xdg.mime.defaultApplications = { #xdg.mime.defaultApplications = {
"text/html" = "org.qutebrowser.qutebrowser.desktop"; #"text/html" = "org.qutebrowser.qutebrowser.desktop";
"x-scheme-handler/http" = "org.qutebrowser.qutebrowser.desktop"; #"x-scheme-handler/http" = "org.qutebrowser.qutebrowser.desktop";
"x-scheme-handler/https" = "org.qutebrowser.qutebrowser.desktop"; #"x-scheme-handler/https" = "org.qutebrowser.qutebrowser.desktop";
"x-scheme-handler/about" = "org.qutebrowser.qutebrowser.desktop"; #"x-scheme-handler/about" = "org.qutebrowser.qutebrowser.desktop";
"x-scheme-handler/unknown" = "org.qutebrowser.qutebrowser.desktop"; #"x-scheme-handler/unknown" = "org.qutebrowser.qutebrowser.desktop";
}; #};
# Enable screen sharing on Wayland # Enable screen sharing on Wayland
xdg = { xdg = {
@ -339,6 +345,11 @@ in {
# }; # };
}; };
services.jellyfin = {
enable = true;
openFirewall = true;
};
networking.firewall.allowedTCPPorts = [ networking.firewall.allowedTCPPorts = [
# Syncthing # Syncthing
8384 8384
@ -390,6 +401,12 @@ in {
source ''${EMACS_VTERM_PATH}/etc/emacs-vterm-bash.sh source ''${EMACS_VTERM_PATH}/etc/emacs-vterm-bash.sh
fi fi
''; '';
shellAliases = {
nn = "notes.sh -n";
ne =
''notes.sh -l | fzf --tac --with-nth="2..-1" | xargs -o notes.sh -e'';
};
}; };
gtk = { gtk = {
@ -488,6 +505,13 @@ in {
}]; }];
}; };
services.emacs = {
enable = true;
package = my_emacs;
client.enable = true;
};
wayland.windowManager.sway = { wayland.windowManager.sway = {
enable = true; enable = true;
xwayland = true; xwayland = true;
@ -505,8 +529,10 @@ in {
"exec pactl set-source-mute @DEFAULT_SOURCE@ toggle"; "exec pactl set-source-mute @DEFAULT_SOURCE@ toggle";
"XF86MonBrightnessUp" = "exec brightnessctl s +5%"; "XF86MonBrightnessUp" = "exec brightnessctl s +5%";
"XF86MonBrightnessDown" = "exec brightnessctl s 5%-"; "XF86MonBrightnessDown" = "exec brightnessctl s 5%-";
#"Mod4+Return" =
#"exec emacs --eval '(progn (setq confirm-kill-processes nil) (vterm))'";
"Mod4+Return" = "Mod4+Return" =
"exec emacs --eval '(progn (setq confirm-kill-processes nil) (vterm))'"; "exec emacsclient -c";
"Mod4+space" = "Mod4+space" =
"exec ${pkgs.foot}/bin/foot -T mylauncher -a mylauncher ${pkgs.q-sh}/bin/q"; "exec ${pkgs.foot}/bin/foot -T mylauncher -a mylauncher ${pkgs.q-sh}/bin/q";
"Mod4+p" = "Mod4+p" =
@ -535,6 +561,7 @@ in {
}; };
}; };
extraConfig = '' extraConfig = ''
for_window [title="as_toolbar"] floating enable
for_window [title="mylauncher"] floating enable for_window [title="mylauncher"] floating enable
for_window [title="Firefox.*Sharing Indicator"] floating enable; for_window [title="Firefox.*Sharing Indicator"] floating enable;
default_border pixel 3 default_border pixel 3

27
emacs.el
View file

@ -105,6 +105,10 @@
(use-package hide-mode-line) (use-package hide-mode-line)
(add-hook 'vterm-mode-hook #'hide-mode-line-mode) (add-hook 'vterm-mode-hook #'hide-mode-line-mode)
;; Disable "when done with this frame..." message when running
;; emacsclient
(setq server-client-instructions nil)
;; -------- Cursor and movement -------- ;; -------- Cursor and movement --------
;; On emacs mac port use Alt as meta key ;; On emacs mac port use Alt as meta key
@ -182,6 +186,18 @@
'(font . "Source Code Pro-11")) '(font . "Source Code Pro-11"))
)) ))
(add-to-list 'default-frame-alist
'(font . "Source Code Pro-11"))
;; Configure fonts when running in daemon mode
(defun my-configure-font (frame)
"Configure font given initial non-daemon FRAME.
Intended for `after-make-frame-functions'."
(add-to-list 'default-frame-alist
'(font . "Source Code Pro-11"))
(remove-hook 'after-make-frame-functions #'my-configure-font))
(add-hook 'after-make-frame-functions #'my-configure-font)
;; -------- Packages -------- ;; -------- Packages --------
@ -882,6 +898,14 @@ If vterm is not running yet, start it. Then, show the main
window, unless BACKGROUND (prefix-argument) is non-nil. window, unless BACKGROUND (prefix-argument) is non-nil.
" t nil) " t nil)
(defun vterm-new ()
(interactive)
(setq current-prefix-arg '(4)) ; C-u
(call-interactively 'vterm))
;; EAT terminal
(use-package eat)
;; lua ;; lua
@ -971,6 +995,9 @@ window, unless BACKGROUND (prefix-argument) is non-nil.
(use-package terraform-mode) (use-package terraform-mode)
;; Bash
(add-hook 'sh-mode-hook (lambda () (setq indent-tabs-mode t)))
;; Nix ;; Nix

36
flake.lock
View file

@ -11,11 +11,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1695464766, "lastModified": 1697769700,
"narHash": "sha256-u1rpF4ypWlZ80dvXWG9QpeMsbKNV1NdIrOUijnsqV2Y=", "narHash": "sha256-ox9E90lRTKim6rb92kOfvqed+0jOmqgKpsAItsVdGdk=",
"owner": "nix-community", "owner": "nix-community",
"repo": "emacs-overlay", "repo": "emacs-overlay",
"rev": "d073b90d4942257caa847becd802875391daadf5", "rev": "7e236c963a46bc712971f9f6ff78f4ea50b64c0f",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -90,11 +90,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1695939862, "lastModified": 1698008546,
"narHash": "sha256-YKDlS3HCXiMflP5i/uEQnZf2henO10beetINHj80hmU=", "narHash": "sha256-d/NKtADAQIWD55192MgRY+d2sSYczkbnQWKie8JOE4Q=",
"owner": "~knazarov", "owner": "~knazarov",
"repo": "knazarov.com", "repo": "knazarov.com",
"rev": "ea70e4a202b4fdc0e5e20c5fce9a631093d3cf35", "rev": "f7eab37ffcd60bc3beea83986a49e8cca66c24a5",
"type": "sourcehut" "type": "sourcehut"
}, },
"original": { "original": {
@ -105,11 +105,11 @@
}, },
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1695479676, "lastModified": 1697795961,
"narHash": "sha256-YMcMXZ6xFA05egIwfUBh106AvaTHu3DBFQCnGuJx84Y=", "narHash": "sha256-0ebo3Aq3uhqcd9653sL3CPr6ANlfX3PwPBtGyvh4mgk=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "805fee6f38428d7ef2ee59b36cf910003cabed71", "rev": "585a8b12b1ab3f5cfd7aec0b3958b754ef63bad2",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -120,11 +120,11 @@
}, },
"nixpkgs-stable": { "nixpkgs-stable": {
"locked": { "locked": {
"lastModified": 1695272228, "lastModified": 1697655685,
"narHash": "sha256-4uw2OdJPVyjdB+xcDst9SecrNIpxKXJ2usN3M5HVa7o=", "narHash": "sha256-79Kuv+QdgsVc+rkibuAgWHnh8IXrLBTOKg5nM0Qvux0=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "55ac2a9d2024f15c56adf20da505b29659911da8", "rev": "80c1aab725151632ddc2a20caeb914e76dd0673c",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -141,11 +141,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1696081283, "lastModified": 1696170164,
"narHash": "sha256-ldiJ3gWOvW/aq3zwetnSg1pjU7PfKYVsQWxIZGM/NNA=", "narHash": "sha256-ew+zhK/okYJdOdl3yWcRzi0NHfVbnXzS+EjlOf8vN6k=",
"owner": "~knazarov", "owner": "~knazarov",
"repo": "notes.sh", "repo": "notes.sh",
"rev": "38e2883be54cd6634d83888f8f8545ddb44b9556", "rev": "342615a128cf96f1d6cb69a9c09e408d9ff0ab11",
"type": "sourcehut" "type": "sourcehut"
}, },
"original": { "original": {
@ -198,11 +198,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1695284550, "lastModified": 1697339241,
"narHash": "sha256-z9fz/wz9qo9XePEvdduf+sBNeoI9QG8NJKl5ssA8Xl4=", "narHash": "sha256-ITsFtEtRbCBeEH9XrES1dxZBkE1fyNNUfIyQjQ2AYQs=",
"owner": "Mic92", "owner": "Mic92",
"repo": "sops-nix", "repo": "sops-nix",
"rev": "2f375ed8702b0d8ee2430885059d5e7975e38f78", "rev": "51186b8012068c417dac7c31fb12861726577898",
"type": "github" "type": "github"
}, },
"original": { "original": {

1
flake.nix
View file

@ -84,6 +84,7 @@
mira = node ./nodes/mira; mira = node ./nodes/mira;
framework = node ./nodes/framework; framework = node ./nodes/framework;
knazarovcom = server ./nodes/knazarovcom; knazarovcom = server ./nodes/knazarovcom;
videos = server ./nodes/videos;
}; };
}; };
} }

46
nodes/knazarovcom/configuration.nix
View file

@ -1,29 +1,22 @@
{ config, pkgs, ... }: { config, pkgs, ... }:
{ {
imports = imports = [ ./hardware-configuration.nix ];
[
./hardware-configuration.nix
];
boot.loader.grub.enable = true; boot.loader.grub.enable = true;
networking.hostName = "knazarovcom"; networking.hostName = "knazarovcom";
boot.loader.grub.device = "/dev/vda"; boot.loader.grub.device = "/dev/vda";
users.users.knazarov = { users.users.knazarov = {
isNormalUser = true; isNormalUser = true;
extraGroups = [ "wheel" ]; extraGroups = [ "wheel" ];
openssh.authorizedKeys.keys = [ openssh.authorizedKeys.keys = [
"sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIJkgpPDojl4RtsuFLIsHkH/19s3trYljdn/Jmbb3FCHNAAAABHNzaDo= knazarov@framework" "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIJkgpPDojl4RtsuFLIsHkH/19s3trYljdn/Jmbb3FCHNAAAABHNzaDo= knazarov@framework"
"sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIO7W7yDKxAj9u1hu3zsZMJW+0HUnA/C/rkbuzkQantkaAAAABHNzaDo= knazarov@mira"]; "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIO7W7yDKxAj9u1hu3zsZMJW+0HUnA/C/rkbuzkQantkaAAAABHNzaDo= knazarov@mira"
];
}; };
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [ vim sops goaccess ];
vim
sops
goaccess
];
services.openssh.enable = true; services.openssh.enable = true;
services.openssh.settings = { services.openssh.settings = {
@ -49,10 +42,15 @@
~*(MJ12bot|IonCrawl|webprosbot|Sogou|paloaltonetworks|CensysInspect) 1; ~*(MJ12bot|IonCrawl|webprosbot|Sogou|paloaltonetworks|CensysInspect) 1;
~*(DotBot|ev-crawler|InternetMeasurement|CheckMarkNetwork|panscient) 1; ~*(DotBot|ev-crawler|InternetMeasurement|CheckMarkNetwork|panscient) 1;
~*(gdnplus|PunkMap|pdrlabs|SurdotlyBot|researchscan|serpstatbot) 1; ~*(gdnplus|PunkMap|pdrlabs|SurdotlyBot|researchscan|serpstatbot) 1;
~*(MegaIndex) 1; ~*(MegaIndex|DongleEmulatorBot|TinyTestBot) 1;
} }
''; '';
virtualHosts = { virtualHosts = {
"www.knazarov.com" = {
enableACME = true;
forceSSL = true;
globalRedirect = "knazarov.com";
};
"knazarov.com" = { "knazarov.com" = {
enableACME = true; enableACME = true;
forceSSL = true; forceSSL = true;
@ -94,17 +92,14 @@
"matrix.knazarov.com" = { "matrix.knazarov.com" = {
enableACME = true; enableACME = true;
forceSSL = true; forceSSL = true;
locations."/_matrix" = { locations."/_matrix" = { proxyPass = "http://127.0.0.1:8008"; };
proxyPass = "http://127.0.0.1:8008";
};
};
"turn.knazarov.com" = {
enableACME = true;
}; };
"turn.knazarov.com" = { enableACME = true; };
}; };
}; };
security.acme.acceptTerms = true; security.acme.acceptTerms = true;
security.acme.certs = { security.acme.certs = {
"www.knazarov.com".email = "mail@knazarov.com";
"knazarov.com".email = "mail@knazarov.com"; "knazarov.com".email = "mail@knazarov.com";
"vmatveeva.com".email = "mail@knazarov.com"; "vmatveeva.com".email = "mail@knazarov.com";
"matrix.knazarov.com".email = "mail@knazarov.com"; "matrix.knazarov.com".email = "mail@knazarov.com";
@ -122,9 +117,7 @@
global = { global = {
server_name = "knazarov.com"; server_name = "knazarov.com";
private_key = config.sops.secrets.matrix_key.path; private_key = config.sops.secrets.matrix_key.path;
jetstream = { jetstream = { storage_path = "/var/lib/dendrite/nats"; };
storage_path = "/var/lib/dendrite/nats";
};
}; };
client_api.registration_shared_secret = "$REGISTRATION_SHARED_SECRET"; client_api.registration_shared_secret = "$REGISTRATION_SHARED_SECRET";
client_api.turn = { client_api.turn = {
@ -161,7 +154,7 @@
sops.defaultSopsFile = ./secrets.yaml; sops.defaultSopsFile = ./secrets.yaml;
sops.secrets = { sops.secrets = {
example_key = {}; example_key = { };
matrix_key = { matrix_key = {
mode = "0440"; mode = "0440";
group = config.users.groups.keys.name; group = config.users.groups.keys.name;
@ -178,11 +171,14 @@
networking.firewall = { networking.firewall = {
allowedTCPPorts = [ allowedTCPPorts = [
80 443 80
3478 5349 # coturn 443
3478
5349 # coturn
]; ];
allowedUDPPorts = [ allowedUDPPorts = [
3478 5349 # coturn 3478
5349 # coturn
]; ];
allowedUDPPortRanges = [{ allowedUDPPortRanges = [{
from = config.services.coturn.min-port; from = config.services.coturn.min-port;

7
nodes/mira/configuration.nix
View file

@ -19,4 +19,11 @@ in
boot.initrd.luks.devices."luks-8aa0584a-df60-42c3-adc2-d88b85544c85".device = "/dev/disk/by-uuid/8aa0584a-df60-42c3-adc2-d88b85544c85"; boot.initrd.luks.devices."luks-8aa0584a-df60-42c3-adc2-d88b85544c85".device = "/dev/disk/by-uuid/8aa0584a-df60-42c3-adc2-d88b85544c85";
boot.initrd.luks.devices."luks-8aa0584a-df60-42c3-adc2-d88b85544c85".keyFile = "/crypto_keyfile.bin"; boot.initrd.luks.devices."luks-8aa0584a-df60-42c3-adc2-d88b85544c85".keyFile = "/crypto_keyfile.bin";
hardware.opengl = {
enable = true;
extraPackages = with pkgs; [
vaapiVdpau
libvdpau-va-gl
];
};
} }

40
nodes/mira/hardware-configuration.nix
View file

@ -5,34 +5,32 @@
let let
in in {
{ imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "ahci" "usb_storage" "usbhid" "sd_mod" ]; boot.initrd.availableKernelModules =
[ "nvme" "xhci_pci" "ahci" "usb_storage" "usbhid" "sd_mod" ];
boot.initrd.kernelModules = [ ]; boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-amd"]; boot.kernelModules = [ "kvm-amd" ];
boot.kernelParams = [ "mem_sleep_default=deep" ]; boot.kernelParams = [ "mem_sleep_default=deep" ];
fileSystems."/" = fileSystems."/" = {
{ device = "/dev/disk/by-uuid/1a71ab59-b65c-4866-a76c-a1372cc30cb8"; device = "/dev/disk/by-uuid/1a71ab59-b65c-4866-a76c-a1372cc30cb8";
fsType = "ext4"; fsType = "ext4";
}; };
boot.initrd.luks.devices."luks-ad5fe721-9e57-45ae-bc7a-9724590d97e8".device = "/dev/disk/by-uuid/ad5fe721-9e57-45ae-bc7a-9724590d97e8"; boot.initrd.luks.devices."luks-ad5fe721-9e57-45ae-bc7a-9724590d97e8".device =
"/dev/disk/by-uuid/ad5fe721-9e57-45ae-bc7a-9724590d97e8";
fileSystems."/boot/efi" = fileSystems."/boot/efi" = {
{ device = "/dev/disk/by-uuid/36AD-6828"; device = "/dev/disk/by-uuid/36AD-6828";
fsType = "vfat"; fsType = "vfat";
}; };
swapDevices = swapDevices =
[ { device = "/dev/disk/by-uuid/9ea6aaab-0e78-411f-90fa-5161d897419b"; } [{ device = "/dev/disk/by-uuid/9ea6aaab-0e78-411f-90fa-5161d897419b"; }];
];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's # (the default) this is the recommended approach. When using systemd-networkd it's
@ -43,8 +41,10 @@ in
# networking.interfaces.enp21s0u4.useDHCP = lib.mkDefault true; # networking.interfaces.enp21s0u4.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; hardware.cpu.amd.updateMicrocode =
lib.mkDefault config.hardware.enableRedistributableFirmware;
# for mira # for mira
hardware.system76.enableAll = true; hardware.system76.enableAll = true;
} }

143
nodes/videos/configuration.nix Normal file
View file

@ -0,0 +1,143 @@
{ config, pkgs, ... }:
{
imports = [ ./hardware-configuration.nix ];
boot.loader.grub.enable = true;
networking.hostName = "videos";
boot.loader.grub.device = "/dev/vda";
users.users.knazarov = {
isNormalUser = true;
extraGroups = [ "wheel" ];
openssh.authorizedKeys.keys = [
"sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIJkgpPDojl4RtsuFLIsHkH/19s3trYljdn/Jmbb3FCHNAAAABHNzaDo= knazarov@framework"
"sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIO7W7yDKxAj9u1hu3zsZMJW+0HUnA/C/rkbuzkQantkaAAAABHNzaDo= knazarov@mira"
];
};
environment.systemPackages = with pkgs; [ vim sops goaccess ];
services.openssh.enable = true;
services.openssh.settings = {
PermitRootLogin = "no";
PasswordAuthentication = false;
};
security.pam.enableSSHAgentAuth = true;
security.sudo.wheelNeedsPassword = false;
nix.settings.trusted-users = [ "@wheel" ];
services.nginx = {
enable = true;
clientMaxBodySize = "1024m";
virtualHosts = {
#"www.videos.knazarov.com" = {
#enableACME = true;
#forceSSL = true;
#globalRedirect = "videos.knazarov.com";
#};
"videos.knazarov.com" = {
enableACME = true;
forceSSL = true;
locations."/" = { proxyPass = "http://127.0.0.1:9000"; };
};
};
};
security.acme.acceptTerms = true;
security.acme.certs = {
#"www.videos.knazarov.com".email = "mail@knazarov.com";
"videos.knazarov.com".email = "mail@knazarov.com";
};
networking.interfaces.ens3 = {
ipv4.addresses = [{
address = "107.189.7.30";
prefixLength = 24;
}];
ipv6.addresses = [{
address = "2605:6400:0030:eb21:c7c2:1dfa:e144:b0a9";
prefixLength = 64;
}];
};
services.postgresql = {
enable = true;
enableTCPIP = true;
authentication = ''
hostnossl peertube_local peertube_test 127.0.0.1/32 md5
'';
initialScript = config.sops.secrets.postgresql_init.path;
};
services.redis.servers.peertube = {
enable = true;
bind = "0.0.0.0";
requirePassFile = config.sops.secrets.redis_password.path;
port = 31638;
};
services.peertube = {
enable = true;
localDomain = "videos.knazarov.com";
configureNginx = true;
enableWebHttps = true;
listenWeb = 443;
secrets.secretsFile = config.sops.secrets.peertube_secrets.path;
database = {
host = "127.0.0.1";
name = "peertube_local";
user = "peertube_test";
passwordFile = config.sops.secrets.postgresql_password.path;
};
redis = {
host = "127.0.0.1";
port = 31638;
passwordFile = config.sops.secrets.redis_password_peertube.path;
};
settings = {
listen.hostname = "0.0.0.0";
instance.name = "Konstantin Nazarov's Videos";
};
};
sops.defaultSopsFile = ./secrets-videos.yaml;
sops.secrets = {
postgresql_password = {
mode = "0440";
group = config.users.groups.peertube.name;
};
postgresql_init = {
mode = "0440";
group = config.users.groups.postgres.name;
};
redis_password = {
mode = "0440";
group = config.users.groups.redis-peertube.name;
};
redis_password_peertube = {
mode = "0440";
group = config.users.groups.peertube.name;
};
peertube_secrets = {
mode = "0440";
group = config.users.groups.peertube.name;
};
};
networking.defaultGateway = "107.189.7.1";
networking.nameservers = [ "107.189.0.68" ];
networking.firewall = {
allowedTCPPorts = [ 80 443 22 ];
allowedUDPPorts = [ ];
allowedUDPPortRanges = [ ];
};
# networking.firewall.allowedUDPPorts = [ ... ];
system.stateVersion = "23.05";
}

33
nodes/videos/hardware-configuration.nix Normal file
View file

@ -0,0 +1,33 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[ (modulesPath + "/profiles/qemu-guest.nix")
];
boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "virtio_scsi" "sr_mod" "virtio_blk" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-amd" ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "/dev/disk/by-uuid/a1fbd9ef-8b11-45d0-8763-c16000fd2860";
fsType = "ext4";
};
swapDevices =
[ { device = "/dev/disk/by-uuid/e237bab4-fe76-4823-817b-d9999748d7d0"; }
];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.ens3.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
}

4
nodes/videos/host-metadata.nix Normal file
View file

@ -0,0 +1,4 @@
{
system = "x86_64-linux";
host = "knazarovcom";
}

45
nodes/videos/secrets-videos.yaml Normal file
View file

@ -0,0 +1,45 @@
postgresql_init: ENC[AES256_GCM,data:q2aDuTt+9IBYBvKknCfl48R+pInE6nEBagjX+kfLGhZeeD40JypaVENVkhgWd6lgFof9WNNSuRF80IXQPbsmx2UU+nDQN6c6y5oyePsSl96mnuxC7BTq5ySbH784YlR5r6m112iOiKixJIveztUZrpbVq9jbpOd77noT1+VmWZjgtleRzaxy7ucB0685GBSHAhS0gub4BrS2CvrU+UNklu/X+GuZcLqDMIuSemRauTyd2Lqzpj1JNxgd49lDill3aO/w2eG69G4Jn2Ot3Va79FfFvZvYdZpz5qCkPlZXkbgAd0U+XvucFxU6g4zOrdqbA8OMwuraUpzAh1erCyPdn6nlz/KYAajZyGTTL8ViqyUSTuemSn1To7ko5VF2n4xsxfcROpm9Zr4phGjpeoVs+8Ya,iv:k291En6bZxAQREnk1Gp7bk+ffI+RFKUXi+azratVQts=,tag:RF0OLZEKwoPgWF2NQz8aag==,type:str]
postgresql_password: ENC[AES256_GCM,data:sVs1nK4m2g3e9IPONacQNxg8leSHhcke4Q==,iv:Wj1QmjqRpR3MVkMxsiOTmOp+F45u6/G/uXGn1/U8CLg=,tag:RewivpcrTZxDfkRVSHlWsg==,type:str]
redis_password: ENC[AES256_GCM,data:0sRW8zg6ST9fZJi7lC9HuMcjEeObtXJPjw==,iv:L0iee1c0CtsIPEhIYVCRjAQPRzGsAVGlSHQDQ6Ypw3E=,tag:Fbm4C4WxusiolsQdmxWKKA==,type:str]
redis_password_peertube: ENC[AES256_GCM,data:MBbfvWovKhVqQS8dWKlBSKCFtnLGl5sZIQ==,iv:f9+vuE4QtZ2udQZLUKQAgTn9XfG8crHqIicKDQHZEkg=,tag:oxk7xj2rLx28OIkudsOWzQ==,type:str]
peertube_secrets: ENC[AES256_GCM,data:oFkwr2gg+bzTC/iaZ2GzQQ7b7NK7eZs9JW96Jv7Evaar9wbfYJRpAuoHfYf0pzMRJ3qvNfchXfa7D5cddx24SQ==,iv:Bdcjq1GMhmh+wl80jFAeQ2UDeD2jGBlnXQrAo5eZuEs=,tag:SzUwJ/jJPFsXfMH+vNjGSQ==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age16md2hayuu3txmv5xykkdwdnwn4ep2yg9kcrrkwzxphzjlnu6g3uqsk45re
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB2Rys2czUvN2lPQm9mQ0Zj
ZVViQnYvWW04N2dFd0k2RHBIeUlPMW54R1dvCnNHaUpsSFBMSWFrRVJKdXpxM0ZN
RzBnaWxOWEdJcFJMZEs0SW5vb0NaUTgKLS0tIFEvZ1Nsd3RiUys5RTVLWjJPS2dZ
dmkwMjZxNmJQVEx6OTRKa0c0RWRVdmMKMbFRo4DH2npvGXuhgYaXm39qIK7TxzEF
FEmqf4TG6g2mgthnkH/fHkr5WTJBjlTlRBnxkepFygFpb3405RiWaw==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2023-10-25T22:30:12Z"
mac: ENC[AES256_GCM,data:49o705lbbI4r3l7WFlitd2bBcIEoqOvmNk+UvtNkoKy7q2cQySUpPNSGrV4nzdhfUhWBti5ntzXdsJpGYDhtf9VOVub39oYtnHsgTM9tv9CRZlHJgsKNmJaousQR9oRZw4Ju32yLDzspvi2fNH//bN80IkiBmVayg2Z/ea4tWAk=,iv:/YCU8HOIh2XY29+3lPSl3m74b0K+WTOd7aUnGY+oHsk=,tag:Tb6p+EtihV4X9ZP54aqyjQ==,type:str]
pgp:
- created_at: "2023-10-25T22:19:47Z"
enc: |-
-----BEGIN PGP MESSAGE-----
wcFMAz3KbDTqPV7IARAAmXxEKOOguwKskZErr79loGEboZL0YLJhujsslvIhYBXL
PyWcTBAHOYuCM1M3Vpg3k84/sRYXplRaBohnAgLTMVz1ZC6STSypGEtK9WLGy2TG
1KNp5VhDVEdUWj1ldU5K3NGTwA++rMpB7O/lnKmcDFTHYe6GL5a9unE895Ecz9fX
JdTV9cJvvMmjAs3X2y7tYXwQydGQ4yQI3dqXAS0Xtsl90fH4XIIYPl2rHFX8BNam
L+k2+uFrrFrFYP9vGj2D6I6kJTeoBoAk7wGG0kUN+U3ykpZL9o58+drNVi+ZSv3b
JgQ1wssh77L8jmRneUb/BjpX5AlbIMq/pJZw5ZZuu9SDEukxvMFypwr91TaHZFfG
sZ262bMt+U5+hytVj3QsRX+SJI9UfYF1W+HLSiTzckkjw06OTLdffoI6g6vDGLg+
bS8UvlAay0TLprf1NKlsC98wevabU1mYW9CnKCykt3e9B6Oc8DdjKISezzc4McbR
R158vnDZITJW9owGgUZC45p2zlpWowfLfXnnttyLsqjSKzqELvax7u7xbIbDQ2sX
mtgIJOLu8hMlIlC/JgO86t7t3A1xbvYszo3zCO1czfkSAIIIHX/xsehaJxAZ8l3y
pMwzNAIVcBMN2qfICYa2ehbB2V2HMoROdHvQzbRJLj2VE5JCucCbLTTbZ6sLs1/S
UQFTUGIKsPIhmucuT4t69WVEY+mIx/1UP2Kp15RttSRdmhFaa0sWQn5BGau83lB0
NMu3iDgq/tvOlE7JHxLAnCcGnm76ARYU9BGrB06rbOmM2A==
=0sBJ
-----END PGP MESSAGE-----
fp: DDB4423999505236CF585F9B0560020C9C577C1B
unencrypted_suffix: _unencrypted
version: 3.7.3

41
pgp_keys/nemo.asc Normal file
View file

@ -0,0 +1,41 @@
-----BEGIN PGP PUBLIC KEY BLOCK-----
mQGNBF11TxgBDAC+wWm/Ica/y7PU9rD6R22PUxFWJ893qfWrHRNhZZV9b+Cx9WkX
S9WZwnk7w5EKM9zrkSYuJlplxU+xQapdJx+wWikhT3419JsBrKdixel+ugc5upxN
Nr68l2XNH6EYgADL8gcMGsH+MplxnNTvtcOgwXHkMxtxOCHYZPZBkjYXXaqJO5a/
asw6HT8Ne8M/jeOtjm3T03iNatnyZyH3IiFjjibGtMLIVVlbd9tJonpgQXHlxQjx
Qo6kO/SZ5LQNsvoV2Lkz3knxh/2P50eKpsLrD4usu9foAbBXRRT6uqyzBgGcVdB8
2PW2TfMx25lsXBNKcikRTxhymVIXOKOYdau/HvSHdya3aME3Vt0rEqZhL+oI58oO
en7kPpxqXFq7BV9SkcwPKY+NV87BLHeBIW1pxvX5sszMd23HJ8nAH9ElXqbfOAOn
OPKpERgotugqPIzPr70C6/IZ6BTK0mNM0XjS1I1RZI88TlyXh20IEUk19GWu1jLU
KPelR+xVEMVvojMAEQEAAbQlTWlraGFpbCBLb21hcm92IDxuZW1vQG5pbC5mb3Vu
ZGF0aW9uPokB1AQTAQgAPgIbAwULCQgHAgYVCgkICwIEFgIDAQIeAQIXgBYhBGOB
4LBSwPoHQei88woTEQJoGppDBQJj3wegBQkSz/eAAAoJEAoTEQJoGppDA0cMAIsw
rezpf2gW/hEl11+PCIOlIDpyAQQ93YWRfkzheRmTuiZSjuMVydPb+Aa0IUrL00zC
eRPzgP/HpJ+n9l45+WsJS3xcU0GLtJlNqvskjG9BN72eWoT69eIiHkEbSZuXIEUJ
agC2wOHhHV7ClOWq5voFxIbemKlN6pkZ8NFueZJ+TxnevJIL7lM7t5+GrB59hxEq
ceH9hkUGxRfQthXYem9lzm9jb4/bJrDwTLOv16Vuzij/6sr6DsqTIWlIZ8MvUkXV
pJk9Jjk0HNGU1aRsuVHkCnUSPpA7QVTrlGXD5CF1nTKhtQaJ0I2CsyGdx8l4DC36
D2EBxGqdSh70xtWQ0FYn68zNSv4MvhaQNlkDtVo0jDiTX2WoqTrSuCbnQ2+HY/Bu
I8kx+Cy9tN3isvodm8bKNCQxopfWFQC0rjg04xFiQ6ej1GTpuZfAa2FfwotcyYSr
e6Nq8sIxITLhu4PqZWI0ybJHOGRqX8st4no6f1mdhf1ccLlNXKKqJJsle6nh/LkB
jQRddU8YAQwA54U/ODkn99+xBmAKgtXnYlMtBnKzwGO5zRazRjiZ4CD07UwRdOGM
N15LHePDXf5GNnc7KXVlQLu+5ixswNkTkLnaJutzfSho5HwwsRqV+LdxX/3WQ6GP
wtLsPX3r0HUY+noA9wJou6bFCu+RB70ptWsQCtuifBDtOYcrDow/f2ne0ZtAIgiz
zSUyqVV6If68JPuMmIfwg8enNIolyFo7UwDwOieX09lxaMcNhuuGen2uftYieqBD
GxlRc6s2LFpbo3gVX47DlnhXjsiYc2ccrp0/PsWMZlvlX/Ktfj3qdUZkfPwUCJMx
6q6nEHG7mY98XWSCZe4o3XjUyz7pWAW0AU9ZsM+IxVUsaBwy/MEqtmBLbJ14i2Sp
1tQqtigiaBUONYs+XW8G0A3ZO8jfReK3BF2HW41BGPiogrlG3dxWOpjAp5K2/Wdm
1eFZpn4N4Yuo+l6p/ahRynB4tZR8PFd4QmcwcQz//Ghrg0MIpLSFGw9UPEegtYiP
E6okZjJDu/btABEBAAGJAbwEGAEIACYWIQRjgeCwUsD6B0HovPMKExECaBqaQwUC
XXVPGAIbDAUJB4YfgAAKCRAKExECaBqaQ7xlC/9GX/8BGlnQyEqUXoHKD9aasqxV
d2NmA3C/OUKgZZqmErmPVouApVhE4nYJQHLeaCOoZdEzBXrRVebMXbsvDQZy5xwa
OWjSaSJc7aQq/JA/Ij6x2NGlvPvrWGtpXel0Ws2pAohB5jSfMsMs5C2/dKL8pKOn
cR6gDVH7VTRjt53CMFXsOk9R2bV5i3lfwgKH5/TtiNSxGteiiECwr9epx+wvp2hl
1EOijoPeCVQnIpR8AiPBe57zaM++hzuoKJb7RxPzyeRdU27KJbENtW/ejOGw7KnV
sdeFHK2KAD3ESdnWPp7upll2h4zjxMbhvLWH6BSuW4SRZam+Ur0tDlD4XZZcE7WM
Vo4/F5qcFakmUH9yISIhhjkjwXE49oRf2wP85gv0le+uTNOd0FtqegltzUQkBDq4
wBLjY5aXT0IdaIJnXFgHc4WiGZpCMoTJECjGC0RV2tO+2b5n3Ly/6z71Y7thDKVD
GJmEFZCof+JXVbKiQ97v429IN+o3lv+9BuMgGSM=
=2x6g
-----END PGP PUBLIC KEY BLOCK-----

6
secrets.yaml
View file

@ -2,7 +2,7 @@ hello: ENC[AES256_GCM,data:+LPt8J+Ks1m10+zZ2Q96r3K2W6Yeng7M7+c2TYDQ+/4AJl6Xc6hVn
fastmail_password: ENC[AES256_GCM,data:tHr8PqIg9DigRBu2bgjUeg==,iv:NI9bENFPuKcOt1cd2kg2DKU22J1dJ+3mK7UoceZagR4=,tag:oEgeQb1iLKisOqHi9Ds7xg==,type:str] fastmail_password: ENC[AES256_GCM,data:tHr8PqIg9DigRBu2bgjUeg==,iv:NI9bENFPuKcOt1cd2kg2DKU22J1dJ+3mK7UoceZagR4=,tag:oEgeQb1iLKisOqHi9Ds7xg==,type:str]
github_token: ENC[AES256_GCM,data:E1+wrI5VUlnsqfKNH6fY7IXqHIiagAByLYCfIfdd2+HcvniAvZzaIyKB3nma5eks3csN5A9XgYXRb09lELroW00obmIWbWZPdFhDccHRtVOqFq/r+x27O/3MAkDqID5mc8xD8SqWUibr9UZfXjFcXC4bx7+a4pyy45akz9RLIJRVKDzxMBGmZ/wQcuFS9uy2Pv2yWRL7q4olzvc/kzNFRWCLU7ThIAJSIx//NluOE8xjsA==,iv:Cdc2wwGdXprch1hHd0CwJM6vUAYmfhI4FpcKjcoIZYY=,tag:so8BJtjHGcGzayPqMwy43A==,type:str] github_token: ENC[AES256_GCM,data:E1+wrI5VUlnsqfKNH6fY7IXqHIiagAByLYCfIfdd2+HcvniAvZzaIyKB3nma5eks3csN5A9XgYXRb09lELroW00obmIWbWZPdFhDccHRtVOqFq/r+x27O/3MAkDqID5mc8xD8SqWUibr9UZfXjFcXC4bx7+a4pyy45akz9RLIJRVKDzxMBGmZ/wQcuFS9uy2Pv2yWRL7q4olzvc/kzNFRWCLU7ThIAJSIx//NluOE8xjsA==,iv:Cdc2wwGdXprch1hHd0CwJM6vUAYmfhI4FpcKjcoIZYY=,tag:so8BJtjHGcGzayPqMwy43A==,type:str]
mullvad_account: ENC[AES256_GCM,data:CO4wl2vNAMEC9oy37nIrpw==,iv:a3w64u8XQ/tihIDxIPPtdZ6F7dldLPvRzGUs1MpVe4M=,tag:HQxJVuGEvI0fVj8yGptbdA==,type:str] mullvad_account: ENC[AES256_GCM,data:CO4wl2vNAMEC9oy37nIrpw==,iv:a3w64u8XQ/tihIDxIPPtdZ6F7dldLPvRzGUs1MpVe4M=,tag:HQxJVuGEvI0fVj8yGptbdA==,type:str]
git_plan_config: ENC[AES256_GCM,data:K1jtHTmSDrWeld/0WWDTToDUnnDmXiQqiX7q/xKnxPYcC4ZLo7roIkz1OfnIlcML7sk3ZIBEf1rFI7AdXQWbJouQP7R0IPN2gOBZxC9JoaTNftuYY1lfdjuaTDVpMJtZuWHFtk6Oc+LZ7TH24TnHXbw3H9JFmZSeb+Ztl2n0gINNWrWdw4HrN/puouHQl4H7bLsDhD33X5lv/nOsE0KR52/F8Iae0Tvud7Yk69b+xcirlaAP5xxvHRh03jfxQtiYpIU5v8Qv2U9aL7k625uJLswdM/7DLlvplTV4zbdnf2j6VvTerGd4NmewVwQEfr/hzJg+0avClD2o9mNZNNpV/gMTtVrZgJsWGQocA1HVXaazxFvlb9LsFe9PI0MTlxr/AHpW1F33eHaSP7HAWJ5GGTwK1W7FQRf4L8P6ozAOQeESeJIfF4Zeoh8FC/6ZrqtwVNhyGMat2EaSgPNISnfOTYu1mWBebQ+spsy4yt9S/t5oFkLuD2KpxLohj2PaOVk3p03DQXoCCf5m67ODvuCFG8lEV8xaXtfFRR9WjB7KJx1SZbUvTE8Hnzos6UTUqMnAG/X0WiTRgK5kaH7FUMhK7eElBY9/CQg9Q9qWPy8mbZQmvgejcDYsxmsL04oNGVyaSN+HyJi6sS6KkICKtRNJYEF9K/VExBEqWBWRPhe88ESu7oEnziOkzoz0BdJix10lxNgiN/t/+XNMrDCMqeCLxyYq9XDn4Pr+4mXKHOwGbofwSlAp9HJLa+yi/F4sleDW9WvYFUdFleweAij10KDQ6N/XOSKOe4quH6BXCJZC+8Aig4DRlosMdtSkqPGny1DD1mQYdyVbL1c9oP4XVUklF/fKt1qH8g+ORLUMX6IefM7W8aKwyTQImcbiL+ZWjs7YH+JdJ2uYOhY4WL+0bAdLD5lGuQu9yoO7LvcxzBz22RrF4/85BshNVVU=,iv:ZDmaGvR1Eiu1NtXP1wXPvvrcm375QKinjcjHrgSj/OQ=,tag:b7y1N3thEYVQFHz7HIGz8w==,type:str] git_plan_config: ENC[AES256_GCM,data:2D7EgJF6Peh0j+h/c02U2qGWLwrPWRGX6YeAremV4lbea1PCrsydxoRAAd5NGIg50zFL2IpIQTqiDDFNXZe9ZzEYlKBukARuM/T/QexR0jP7bELm3CmxkoMS/ZDilFvWFnZfyYOhNiFFPDpH3qFwn+Sk19I24GsPsO/mPjVFdyiAKpKLggu0EsuDcbORvbe7o/uzJHxE3Ph2u6jS61L5dByPThiY0an84Lujz05Xwe0dJuv6yHmzbHvvrnfOovybJAWwk41XyaQylq5Ld0op/InRskhBPn8bW+aVhTiVpYTR6Ve5hCjveim+FLFkgSZQIPxNZWKkUaDeyC6jCyQ8lu0MARbLWdmsZwMW6cM7iKGOodzlx4QPQFLaSZokNz4f+rQPqrD/0cidGD6alhRqSWL5XsIlGlrtPBwgBGdFbwrns+lkAZYFOjiCG+cnWUdhIJbHAK1QJAuV5DMyU/9en0ESKo6zrQZc0vpA0Uf1lhqC4QInw7+e6yE1GqxlbhaVmlo6hc9AVRxLVFiSr0e9wBMbdyISCr/dsoq7Z8whGipePA05OApX3f3Zv5A2nv434eQ/C3y/cld/lLpvV5O7yKJKoZHSnDvViiydQWEzkSVgaOPwCDZzcYJlOVVZz+Nnyx7YF4fhUeRcnBsQhl/eYTmdvTPbXbkoyuol9ikFehWsws0hdiElBCYdtxLIC/VpMjMBKdHexBgG1i1JVPHOK4KPgZNYFy1/wbBINRx4iPN5NIakkSERhe7RHKqkatSp1o614AImBaoW+yIsG2uM9up1pkNDgt4hyhW9kMftrv6Po2uhq46Cf6nxX8j8cepqKOigxt2E8ajnMqWKQ937RtyoCccRw65ligAXOaL5RAWiyrggXR6mpcnWTNQkjgFh5lsgmTNXA3O/ItkICfekr0uDl4kRagG89NWaYmRfFCUg49m8vJ2OaF8Fy+Ae2NKjdi5lOdEWk/5ydPzgq8zw4ek=,iv:O4CsEXqMDd6ow/V21ULhfi+qlxjcaWc2TelrAy72JDY=,tag:mo7uUQmolaDCSpN8s8vkYQ==,type:str]
git_plan_credentials: ENC[AES256_GCM,data:d4egK2w4TGIDNaI2Wc3ViOBnH7/WpdeS1EoYe4/oaM4iayBXOEQMvT9qIgu/Hml34gvbBN9lRmlNkESVh7YpwO5wACkkRcO/0ZTyP8XzFUUo0IfUh1iHPjEQOF7vygW/woqBiQgFPRws9F+g6BW8aSQrBgvBF5IeNLhFBvSJUvTft1xEsNwFnkWnfZ2JWmYqLjEggoUEqtXMRw9KKcqm4DNXIzxmA8wSzDriIzeCVuSEV8sJD21saFPPaLw/jupLTLdWp5F8rAxLGa6e9coCNu8vSuqUgfv0jFET71bNw28xPrN38A/PIlUcR9MXe1SGqKAFxEv134ZkJr78g1PIWNoVDrmIlMpV6dYRLKM1FOcpAhJorIXooIl6quCdg2/U5onP8cQ7lt2LsEG5APKj7pz7huatdwM/CgxrcqPVb0E2Lk5c+wi3Rf9/Jz3BqcWQm3bwkHwivWyCD1Nw+qRXLFSfXGTovSBsxX0j4LbdP0o4iPuj068DGawpYC/AfcKfOCmh8aInQhGCQtIq14QGffU9GbW37gHu,iv:ZzOUYu3s+kfwbKajA+6fdu2EysipjoKD49muLNFBZ58=,tag:e0RI7rA8eLQI8h5L4pvS1A==,type:str] git_plan_credentials: ENC[AES256_GCM,data:d4egK2w4TGIDNaI2Wc3ViOBnH7/WpdeS1EoYe4/oaM4iayBXOEQMvT9qIgu/Hml34gvbBN9lRmlNkESVh7YpwO5wACkkRcO/0ZTyP8XzFUUo0IfUh1iHPjEQOF7vygW/woqBiQgFPRws9F+g6BW8aSQrBgvBF5IeNLhFBvSJUvTft1xEsNwFnkWnfZ2JWmYqLjEggoUEqtXMRw9KKcqm4DNXIzxmA8wSzDriIzeCVuSEV8sJD21saFPPaLw/jupLTLdWp5F8rAxLGa6e9coCNu8vSuqUgfv0jFET71bNw28xPrN38A/PIlUcR9MXe1SGqKAFxEv134ZkJr78g1PIWNoVDrmIlMpV6dYRLKM1FOcpAhJorIXooIl6quCdg2/U5onP8cQ7lt2LsEG5APKj7pz7huatdwM/CgxrcqPVb0E2Lk5c+wi3Rf9/Jz3BqcWQm3bwkHwivWyCD1Nw+qRXLFSfXGTovSBsxX0j4LbdP0o4iPuj068DGawpYC/AfcKfOCmh8aInQhGCQtIq14QGffU9GbW37gHu,iv:ZzOUYu3s+kfwbKajA+6fdu2EysipjoKD49muLNFBZ58=,tag:e0RI7rA8eLQI8h5L4pvS1A==,type:str]
sops: sops:
kms: [] kms: []
@ -28,8 +28,8 @@ sops:
U3loV2xDMkM5SWNXRDJobDloL0FVUUkK3OP7KvcKkE8mJ880dm6LMFZUxELjl8/P U3loV2xDMkM5SWNXRDJobDloL0FVUUkK3OP7KvcKkE8mJ880dm6LMFZUxELjl8/P
6+q8qAYiAvl0Cbd4GzkNpUuBbLlFFWfFmC0vbgg8gyZ6xI5AFhHAPw== 6+q8qAYiAvl0Cbd4GzkNpUuBbLlFFWfFmC0vbgg8gyZ6xI5AFhHAPw==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2023-09-04T08:56:05Z" lastmodified: "2023-10-03T11:01:33Z"
mac: ENC[AES256_GCM,data:j90tHJC29wq5E5c68/NFKLsjid+Pr90HtAQHNPfOpWKEQapYAYcLBf9OYpJvSh3errLEEVOl/aoIoycDxI0vb6gX98In4hRXP9QkJO2ew/PyDOEKGMxaoYSKnfslB0VaEHPrC3LLAm/1qtuWWSLJT02WPke8iU2KtaQgCpc1XiY=,iv:2AeIHxbIi1UqB9d2EEgHD7PWKdh8Ystt6p+N63fDSGg=,tag:789IAWnTi2L3OWxHLPSVSQ==,type:str] mac: ENC[AES256_GCM,data:4x92WpoJ7RzT8FvpiacrlO+/7iJ1p9Do7iE4SU33aV4ASZt6spWpX+gkTEIaEo2lrJ7n1jPzFsPSjdguKBeg7RnMyIcuo010x32/ueBNSun57NU6Ay3XaP1FJ06LffMu7QmX2mJAZQG4BmITEwDUhNvE/0nAIqRfHVqYJywvvlI=,iv:l6C8uPmsPh9rh3pc5iWVXUBmd9nNvGNEAMkwjmRX9ag=,tag:54ojG4YTdaBuvedZBK7y+Q==,type:str]
pgp: pgp:
- created_at: "2023-06-10T01:03:11Z" - created_at: "2023-06-10T01:03:11Z"
enc: |- enc: |-

8
switch.sh
View file

@ -1,9 +1,11 @@
#!/usr/bin/env bash #!/usr/bin/env bash
if [ "$1" = "mira" ]; then if [ "$1" = "mira" ]; then
nixos-rebuild switch --use-remote-sudo --flake `pwd`#mira nixos-rebuild switch --use-remote-sudo --flake `pwd`#mira
elif [ "$1" = "framework" ]; then elif [ "$1" = "framework" ]; then
NIX_SSHOPTS="-t" nixos-rebuild switch --target-host framework --use-remote-sudo --flake `pwd`#framework NIX_SSHOPTS="-t" nixos-rebuild switch --target-host framework --use-remote-sudo --flake `pwd`#framework
elif [ "$1" = "knazarovcom" ]; then elif [ "$1" = "knazarovcom" ]; then
nixos-rebuild switch --target-host knazarov.com --use-remote-sudo --flake `pwd`#knazarovcom nixos-rebuild switch --target-host knazarov.com --use-remote-sudo --flake `pwd`#knazarovcom
elif [ "$1" = "videos" ]; then
nixos-rebuild switch --target-host 107.189.7.30 --use-remote-sudo --flake `pwd`#videos
fi fi