knazarov/nixos
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Add videos.knazarov.com and some emacs changes

Browse source
This commit is contained in:
Konstantin Nazarov 2023-10-26 00:31:53 +01:00
parent 8fd7e4c619
commit 92c25e624a
Signed by: knazarov
GPG key ID: 4CFE0A42FA409C22
15 changed files with 425 additions and 91 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
.sops.yaml
View file

@ -3,6 +3,7 @@ keys:
- &server_mira age1le98v5v0xnlnc4y0ydgj9kwfftt8g5wduws8zsadgc97pj0fzecs55tjvz
- &server_framework age1rkmhgep2jhdnma24x7ufzr686cwq6p3nk7mmedykan0d7c36xaus2y58sw
- &server_knazarovcom age1esdg28lplhhvrj6vmqu9x0adyxj5trp2dp7my3k57kjhkstkk9cqkg5qkj
- &server_videos age16md2hayuu3txmv5xykkdwdnwn4ep2yg9kcrrkwzxphzjlnu6g3uqsk45re
creation_rules:
- path_regex: secrets\.yaml$
key_groups:
@ -18,3 +19,10 @@ creation_rules:
- *admin_knazarov
age:
- *server_knazarovcom
- path_regex: secrets-videos\.yaml$
key_groups:
- pgp:
- *admin_knazarov
age:
- *server_videos

69
configuration.nix
View file

@ -5,6 +5,19 @@
{ config, lib, nixpkgs, pkgs, home-manager, ... }:
let my_python = (pkgs.python3.withPackages (ps: with ps; [ git_plan ]));
my_emacs =
(pkgs.emacsWithPackagesFromUsePackage {
config = ./emacs.el;
defaultInitFile = true;
package = pkgs.emacs29-pgtk.overrideAttrs (old: { withTreeSitter = true; });
alwaysEnsure = true;
extraEmacsPackages = epkgs: [
pkgs.mu
epkgs.treesit-grammars.with-all-grammars
];
});
in {
imports = [
#./gnupg.nix
@ -13,6 +26,7 @@ in {
nix.extraOptions = ''
!include ${config.sops.secrets.github_token.path}
bash-prompt = (nix:$name)\040\[\033[1;32m\][\u@\h:\w]\$\[\033[0m\]\040
extra-sandbox-paths = /nix/var/cache/ccache
'';
sops = {
@ -155,20 +169,12 @@ in {
graphviz
fzf
nixfmt
my_emacs
libreoffice
#network-manager-applet
(clang-tools.override {
llvmPackages = llvmPackages_16;
}) # mainly for clang-format
(emacsWithPackagesFromUsePackage {
config = ./emacs.el;
defaultInitFile = true;
package = emacs29-pgtk.overrideAttrs (old: { withTreeSitter = true; });
alwaysEnsure = true;
extraEmacsPackages = epkgs: [
pkgs.mu
epkgs.treesit-grammars.with-all-grammars
];
})
# wget
my_python
];
@ -186,23 +192,23 @@ in {
services.fwupd.enable = true;
services.gnome.gnome-keyring.enable = true;
services.emacs.package = nixpkgs.emacsUnstablePgtk;
#services.emacs.package = nixpkgs.emacsUnstablePgtk;
# Enables wayland support in electron apps (e.g. slack)
environment.sessionVariables.NIXOS_OZONE_WL = "1";
# Set default browser to qutebrowser in electron apps
environment.sessionVariables.DEFAULT_BROWSER =
"${pkgs.qutebrowser}/bin/qutebrowser";
#environment.sessionVariables.DEFAULT_BROWSER =
#"${pkgs.qutebrowser}/bin/qutebrowser";
# Set default browser to qutebrowser everywhere else
xdg.mime.defaultApplications = {
"text/html" = "org.qutebrowser.qutebrowser.desktop";
"x-scheme-handler/http" = "org.qutebrowser.qutebrowser.desktop";
"x-scheme-handler/https" = "org.qutebrowser.qutebrowser.desktop";
"x-scheme-handler/about" = "org.qutebrowser.qutebrowser.desktop";
"x-scheme-handler/unknown" = "org.qutebrowser.qutebrowser.desktop";
};
#xdg.mime.defaultApplications = {
#"text/html" = "org.qutebrowser.qutebrowser.desktop";
#"x-scheme-handler/http" = "org.qutebrowser.qutebrowser.desktop";
#"x-scheme-handler/https" = "org.qutebrowser.qutebrowser.desktop";
#"x-scheme-handler/about" = "org.qutebrowser.qutebrowser.desktop";
#"x-scheme-handler/unknown" = "org.qutebrowser.qutebrowser.desktop";
#};
# Enable screen sharing on Wayland
xdg = {
@ -339,6 +345,11 @@ in {
# };
};
services.jellyfin = {
enable = true;
openFirewall = true;
};
networking.firewall.allowedTCPPorts = [
# Syncthing
8384
@ -390,6 +401,12 @@ in {
source ''${EMACS_VTERM_PATH}/etc/emacs-vterm-bash.sh
fi
'';
shellAliases = {
nn = "notes.sh -n";
ne =
''notes.sh -l | fzf --tac --with-nth="2..-1" | xargs -o notes.sh -e'';
};
};
gtk = {
@ -488,6 +505,13 @@ in {
}];
};
services.emacs = {
enable = true;
package = my_emacs;
client.enable = true;
};
wayland.windowManager.sway = {
enable = true;
xwayland = true;
@ -505,8 +529,10 @@ in {
"exec pactl set-source-mute @DEFAULT_SOURCE@ toggle";
"XF86MonBrightnessUp" = "exec brightnessctl s +5%";
"XF86MonBrightnessDown" = "exec brightnessctl s 5%-";
#"Mod4+Return" =
#"exec emacs --eval '(progn (setq confirm-kill-processes nil) (vterm))'";
"Mod4+Return" =
"exec emacs --eval '(progn (setq confirm-kill-processes nil) (vterm))'";
"exec emacsclient -c";
"Mod4+space" =
"exec ${pkgs.foot}/bin/foot -T mylauncher -a mylauncher ${pkgs.q-sh}/bin/q";
"Mod4+p" =
@ -535,6 +561,7 @@ in {
};
};
extraConfig = ''
for_window [title="as_toolbar"] floating enable
for_window [title="mylauncher"] floating enable
for_window [title="Firefox.*Sharing Indicator"] floating enable;
default_border pixel 3

27
emacs.el
View file

@ -105,6 +105,10 @@
(use-package hide-mode-line)
(add-hook 'vterm-mode-hook #'hide-mode-line-mode)
;; Disable "when done with this frame..." message when running
;; emacsclient
(setq server-client-instructions nil)
;; -------- Cursor and movement --------
;; On emacs mac port use Alt as meta key
@ -182,6 +186,18 @@
'(font . "Source Code Pro-11"))
))
(add-to-list 'default-frame-alist
'(font . "Source Code Pro-11"))
;; Configure fonts when running in daemon mode
(defun my-configure-font (frame)
"Configure font given initial non-daemon FRAME.
Intended for `after-make-frame-functions'."
(add-to-list 'default-frame-alist
'(font . "Source Code Pro-11"))
(remove-hook 'after-make-frame-functions #'my-configure-font))
(add-hook 'after-make-frame-functions #'my-configure-font)
;; -------- Packages --------
@ -882,6 +898,14 @@ If vterm is not running yet, start it. Then, show the main
window, unless BACKGROUND (prefix-argument) is non-nil.
" t nil)
(defun vterm-new ()
(interactive)
(setq current-prefix-arg '(4)) ; C-u
(call-interactively 'vterm))
;; EAT terminal
(use-package eat)
;; lua
@ -971,6 +995,9 @@ window, unless BACKGROUND (prefix-argument) is non-nil.
(use-package terraform-mode)
;; Bash
(add-hook 'sh-mode-hook (lambda () (setq indent-tabs-mode t)))
;; Nix

36
flake.lock
View file

@ -11,11 +11,11 @@
]
},
"locked": {
"lastModified": 1695464766,
"narHash": "sha256-u1rpF4ypWlZ80dvXWG9QpeMsbKNV1NdIrOUijnsqV2Y=",
"lastModified": 1697769700,
"narHash": "sha256-ox9E90lRTKim6rb92kOfvqed+0jOmqgKpsAItsVdGdk=",
"owner": "nix-community",
"repo": "emacs-overlay",
"rev": "d073b90d4942257caa847becd802875391daadf5",
"rev": "7e236c963a46bc712971f9f6ff78f4ea50b64c0f",
"type": "github"
},
"original": {
@ -90,11 +90,11 @@
]
},
"locked": {
"lastModified": 1695939862,
"narHash": "sha256-YKDlS3HCXiMflP5i/uEQnZf2henO10beetINHj80hmU=",
"lastModified": 1698008546,
"narHash": "sha256-d/NKtADAQIWD55192MgRY+d2sSYczkbnQWKie8JOE4Q=",
"owner": "~knazarov",
"repo": "knazarov.com",
"rev": "ea70e4a202b4fdc0e5e20c5fce9a631093d3cf35",
"rev": "f7eab37ffcd60bc3beea83986a49e8cca66c24a5",
"type": "sourcehut"
},
"original": {
@ -105,11 +105,11 @@
},
"nixpkgs": {
"locked": {
"lastModified": 1695479676,
"narHash": "sha256-YMcMXZ6xFA05egIwfUBh106AvaTHu3DBFQCnGuJx84Y=",
"lastModified": 1697795961,
"narHash": "sha256-0ebo3Aq3uhqcd9653sL3CPr6ANlfX3PwPBtGyvh4mgk=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "805fee6f38428d7ef2ee59b36cf910003cabed71",
"rev": "585a8b12b1ab3f5cfd7aec0b3958b754ef63bad2",
"type": "github"
},
"original": {
@ -120,11 +120,11 @@
},
"nixpkgs-stable": {
"locked": {
"lastModified": 1695272228,
"narHash": "sha256-4uw2OdJPVyjdB+xcDst9SecrNIpxKXJ2usN3M5HVa7o=",
"lastModified": 1697655685,
"narHash": "sha256-79Kuv+QdgsVc+rkibuAgWHnh8IXrLBTOKg5nM0Qvux0=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "55ac2a9d2024f15c56adf20da505b29659911da8",
"rev": "80c1aab725151632ddc2a20caeb914e76dd0673c",
"type": "github"
},
"original": {
@ -141,11 +141,11 @@
]
},
"locked": {
"lastModified": 1696081283,
"narHash": "sha256-ldiJ3gWOvW/aq3zwetnSg1pjU7PfKYVsQWxIZGM/NNA=",
"lastModified": 1696170164,
"narHash": "sha256-ew+zhK/okYJdOdl3yWcRzi0NHfVbnXzS+EjlOf8vN6k=",
"owner": "~knazarov",
"repo": "notes.sh",
"rev": "38e2883be54cd6634d83888f8f8545ddb44b9556",
"rev": "342615a128cf96f1d6cb69a9c09e408d9ff0ab11",
"type": "sourcehut"
},
"original": {
@ -198,11 +198,11 @@
]
},
"locked": {
"lastModified": 1695284550,
"narHash": "sha256-z9fz/wz9qo9XePEvdduf+sBNeoI9QG8NJKl5ssA8Xl4=",
"lastModified": 1697339241,
"narHash": "sha256-ITsFtEtRbCBeEH9XrES1dxZBkE1fyNNUfIyQjQ2AYQs=",
"owner": "Mic92",
"repo": "sops-nix",
"rev": "2f375ed8702b0d8ee2430885059d5e7975e38f78",
"rev": "51186b8012068c417dac7c31fb12861726577898",
"type": "github"
},
"original": {

1
flake.nix
View file

@ -84,6 +84,7 @@
mira = node ./nodes/mira;
framework = node ./nodes/framework;
knazarovcom = server ./nodes/knazarovcom;
videos = server ./nodes/videos;
};
};
}

44
nodes/knazarovcom/configuration.nix
View file

@ -1,29 +1,22 @@
{ config, pkgs, ... }:
{
imports =
[
./hardware-configuration.nix
];
imports = [ ./hardware-configuration.nix ];
boot.loader.grub.enable = true;
networking.hostName = "knazarovcom";
boot.loader.grub.device = "/dev/vda";
users.users.knazarov = {
isNormalUser = true;
extraGroups = [ "wheel" ];
openssh.authorizedKeys.keys = [
"sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIJkgpPDojl4RtsuFLIsHkH/19s3trYljdn/Jmbb3FCHNAAAABHNzaDo= knazarov@framework"
"sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIO7W7yDKxAj9u1hu3zsZMJW+0HUnA/C/rkbuzkQantkaAAAABHNzaDo= knazarov@mira"];
"sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIO7W7yDKxAj9u1hu3zsZMJW+0HUnA/C/rkbuzkQantkaAAAABHNzaDo= knazarov@mira"
];
};
environment.systemPackages = with pkgs; [
vim
sops
goaccess
];
environment.systemPackages = with pkgs; [ vim sops goaccess ];
services.openssh.enable = true;
services.openssh.settings = {
@ -49,10 +42,15 @@
~*(MJ12bot|IonCrawl|webprosbot|Sogou|paloaltonetworks|CensysInspect) 1;
~*(DotBot|ev-crawler|InternetMeasurement|CheckMarkNetwork|panscient) 1;
~*(gdnplus|PunkMap|pdrlabs|SurdotlyBot|researchscan|serpstatbot) 1;
~*(MegaIndex) 1;
~*(MegaIndex|DongleEmulatorBot|TinyTestBot) 1;
}
'';
virtualHosts = {
"www.knazarov.com" = {
enableACME = true;
forceSSL = true;
globalRedirect = "knazarov.com";
};
"knazarov.com" = {
enableACME = true;
forceSSL = true;
@ -94,17 +92,14 @@
"matrix.knazarov.com" = {
enableACME = true;
forceSSL = true;
locations."/_matrix" = {
proxyPass = "http://127.0.0.1:8008";
};
};
"turn.knazarov.com" = {
enableACME = true;
locations."/_matrix" = { proxyPass = "http://127.0.0.1:8008"; };
};
"turn.knazarov.com" = { enableACME = true; };
};
};
security.acme.acceptTerms = true;
security.acme.certs = {
"www.knazarov.com".email = "mail@knazarov.com";
"knazarov.com".email = "mail@knazarov.com";
"vmatveeva.com".email = "mail@knazarov.com";
"matrix.knazarov.com".email = "mail@knazarov.com";
@ -122,9 +117,7 @@
global = {
server_name = "knazarov.com";
private_key = config.sops.secrets.matrix_key.path;
jetstream = {
storage_path = "/var/lib/dendrite/nats";
};
jetstream = { storage_path = "/var/lib/dendrite/nats"; };
};
client_api.registration_shared_secret = "$REGISTRATION_SHARED_SECRET";
client_api.turn = {
@ -178,11 +171,14 @@
networking.firewall = {
allowedTCPPorts = [
80 443
3478 5349 # coturn
80
443
3478
5349 # coturn
];
allowedUDPPorts = [
3478 5349 # coturn
3478
5349 # coturn
];
allowedUDPPortRanges = [{
from = config.services.coturn.min-port;

7
nodes/mira/configuration.nix
View file

@ -19,4 +19,11 @@ in
boot.initrd.luks.devices."luks-8aa0584a-df60-42c3-adc2-d88b85544c85".device = "/dev/disk/by-uuid/8aa0584a-df60-42c3-adc2-d88b85544c85";
boot.initrd.luks.devices."luks-8aa0584a-df60-42c3-adc2-d88b85544c85".keyFile = "/crypto_keyfile.bin";
hardware.opengl = {
enable = true;
extraPackages = with pkgs; [
vaapiVdpau
libvdpau-va-gl
];
};
}

28
nodes/mira/hardware-configuration.nix
View file

@ -5,34 +5,32 @@
let
in
{
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")
];
in {
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "ahci" "usb_storage" "usbhid" "sd_mod" ];
boot.initrd.availableKernelModules =
[ "nvme" "xhci_pci" "ahci" "usb_storage" "usbhid" "sd_mod" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-amd" ];
boot.kernelParams = [ "mem_sleep_default=deep" ];
fileSystems."/" =
{ device = "/dev/disk/by-uuid/1a71ab59-b65c-4866-a76c-a1372cc30cb8";
fileSystems."/" = {
device = "/dev/disk/by-uuid/1a71ab59-b65c-4866-a76c-a1372cc30cb8";
fsType = "ext4";
};
boot.initrd.luks.devices."luks-ad5fe721-9e57-45ae-bc7a-9724590d97e8".device = "/dev/disk/by-uuid/ad5fe721-9e57-45ae-bc7a-9724590d97e8";
boot.initrd.luks.devices."luks-ad5fe721-9e57-45ae-bc7a-9724590d97e8".device =
"/dev/disk/by-uuid/ad5fe721-9e57-45ae-bc7a-9724590d97e8";
fileSystems."/boot/efi" =
{ device = "/dev/disk/by-uuid/36AD-6828";
fileSystems."/boot/efi" = {
device = "/dev/disk/by-uuid/36AD-6828";
fsType = "vfat";
};
swapDevices =
[ { device = "/dev/disk/by-uuid/9ea6aaab-0e78-411f-90fa-5161d897419b"; }
];
[{ device = "/dev/disk/by-uuid/9ea6aaab-0e78-411f-90fa-5161d897419b"; }];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
@ -43,8 +41,10 @@ in
# networking.interfaces.enp21s0u4.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
hardware.cpu.amd.updateMicrocode =
lib.mkDefault config.hardware.enableRedistributableFirmware;
# for mira
hardware.system76.enableAll = true;
}

143
nodes/videos/configuration.nix Normal file
View file

@ -0,0 +1,143 @@
{ config, pkgs, ... }:
{
imports = [ ./hardware-configuration.nix ];
boot.loader.grub.enable = true;
networking.hostName = "videos";
boot.loader.grub.device = "/dev/vda";
users.users.knazarov = {
isNormalUser = true;
extraGroups = [ "wheel" ];
openssh.authorizedKeys.keys = [
"sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIJkgpPDojl4RtsuFLIsHkH/19s3trYljdn/Jmbb3FCHNAAAABHNzaDo= knazarov@framework"
"sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIO7W7yDKxAj9u1hu3zsZMJW+0HUnA/C/rkbuzkQantkaAAAABHNzaDo= knazarov@mira"
];
};
environment.systemPackages = with pkgs; [ vim sops goaccess ];
services.openssh.enable = true;
services.openssh.settings = {
PermitRootLogin = "no";
PasswordAuthentication = false;
};
security.pam.enableSSHAgentAuth = true;
security.sudo.wheelNeedsPassword = false;
nix.settings.trusted-users = [ "@wheel" ];
services.nginx = {
enable = true;
clientMaxBodySize = "1024m";
virtualHosts = {
#"www.videos.knazarov.com" = {
#enableACME = true;
#forceSSL = true;
#globalRedirect = "videos.knazarov.com";
#};
"videos.knazarov.com" = {
enableACME = true;
forceSSL = true;
locations."/" = { proxyPass = "http://127.0.0.1:9000"; };
};
};
};
security.acme.acceptTerms = true;
security.acme.certs = {
#"www.videos.knazarov.com".email = "mail@knazarov.com";
"videos.knazarov.com".email = "mail@knazarov.com";
};
networking.interfaces.ens3 = {
ipv4.addresses = [{
address = "107.189.7.30";
prefixLength = 24;
}];
ipv6.addresses = [{
address = "2605:6400:0030:eb21:c7c2:1dfa:e144:b0a9";
prefixLength = 64;
}];
};
services.postgresql = {
enable = true;
enableTCPIP = true;
authentication = ''
hostnossl peertube_local peertube_test 127.0.0.1/32 md5
'';
initialScript = config.sops.secrets.postgresql_init.path;
};
services.redis.servers.peertube = {
enable = true;
bind = "0.0.0.0";
requirePassFile = config.sops.secrets.redis_password.path;
port = 31638;
};
services.peertube = {
enable = true;
localDomain = "videos.knazarov.com";
configureNginx = true;
enableWebHttps = true;
listenWeb = 443;
secrets.secretsFile = config.sops.secrets.peertube_secrets.path;
database = {
host = "127.0.0.1";
name = "peertube_local";
user = "peertube_test";
passwordFile = config.sops.secrets.postgresql_password.path;
};
redis = {
host = "127.0.0.1";
port = 31638;
passwordFile = config.sops.secrets.redis_password_peertube.path;
};
settings = {
listen.hostname = "0.0.0.0";
instance.name = "Konstantin Nazarov's Videos";
};
};
sops.defaultSopsFile = ./secrets-videos.yaml;
sops.secrets = {
postgresql_password = {
mode = "0440";
group = config.users.groups.peertube.name;
};
postgresql_init = {
mode = "0440";
group = config.users.groups.postgres.name;
};
redis_password = {
mode = "0440";
group = config.users.groups.redis-peertube.name;
};
redis_password_peertube = {
mode = "0440";
group = config.users.groups.peertube.name;
};
peertube_secrets = {
mode = "0440";
group = config.users.groups.peertube.name;
};
};
networking.defaultGateway = "107.189.7.1";
networking.nameservers = [ "107.189.0.68" ];
networking.firewall = {
allowedTCPPorts = [ 80 443 22 ];
allowedUDPPorts = [ ];
allowedUDPPortRanges = [ ];
};
# networking.firewall.allowedUDPPorts = [ ... ];
system.stateVersion = "23.05";
}

33
nodes/videos/hardware-configuration.nix Normal file
View file

@ -0,0 +1,33 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[ (modulesPath + "/profiles/qemu-guest.nix")
];
boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "virtio_scsi" "sr_mod" "virtio_blk" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-amd" ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "/dev/disk/by-uuid/a1fbd9ef-8b11-45d0-8763-c16000fd2860";
fsType = "ext4";
};
swapDevices =
[ { device = "/dev/disk/by-uuid/e237bab4-fe76-4823-817b-d9999748d7d0"; }
];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.ens3.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
}

4
nodes/videos/host-metadata.nix Normal file
View file

@ -0,0 +1,4 @@
{
system = "x86_64-linux";
host = "knazarovcom";
}

45
nodes/videos/secrets-videos.yaml Normal file
View file

@ -0,0 +1,45 @@
postgresql_init: ENC[AES256_GCM,data:q2aDuTt+9IBYBvKknCfl48R+pInE6nEBagjX+kfLGhZeeD40JypaVENVkhgWd6lgFof9WNNSuRF80IXQPbsmx2UU+nDQN6c6y5oyePsSl96mnuxC7BTq5ySbH784YlR5r6m112iOiKixJIveztUZrpbVq9jbpOd77noT1+VmWZjgtleRzaxy7ucB0685GBSHAhS0gub4BrS2CvrU+UNklu/X+GuZcLqDMIuSemRauTyd2Lqzpj1JNxgd49lDill3aO/w2eG69G4Jn2Ot3Va79FfFvZvYdZpz5qCkPlZXkbgAd0U+XvucFxU6g4zOrdqbA8OMwuraUpzAh1erCyPdn6nlz/KYAajZyGTTL8ViqyUSTuemSn1To7ko5VF2n4xsxfcROpm9Zr4phGjpeoVs+8Ya,iv:k291En6bZxAQREnk1Gp7bk+ffI+RFKUXi+azratVQts=,tag:RF0OLZEKwoPgWF2NQz8aag==,type:str]
postgresql_password: ENC[AES256_GCM,data:sVs1nK4m2g3e9IPONacQNxg8leSHhcke4Q==,iv:Wj1QmjqRpR3MVkMxsiOTmOp+F45u6/G/uXGn1/U8CLg=,tag:RewivpcrTZxDfkRVSHlWsg==,type:str]
redis_password: ENC[AES256_GCM,data:0sRW8zg6ST9fZJi7lC9HuMcjEeObtXJPjw==,iv:L0iee1c0CtsIPEhIYVCRjAQPRzGsAVGlSHQDQ6Ypw3E=,tag:Fbm4C4WxusiolsQdmxWKKA==,type:str]
redis_password_peertube: ENC[AES256_GCM,data:MBbfvWovKhVqQS8dWKlBSKCFtnLGl5sZIQ==,iv:f9+vuE4QtZ2udQZLUKQAgTn9XfG8crHqIicKDQHZEkg=,tag:oxk7xj2rLx28OIkudsOWzQ==,type:str]
peertube_secrets: ENC[AES256_GCM,data:oFkwr2gg+bzTC/iaZ2GzQQ7b7NK7eZs9JW96Jv7Evaar9wbfYJRpAuoHfYf0pzMRJ3qvNfchXfa7D5cddx24SQ==,iv:Bdcjq1GMhmh+wl80jFAeQ2UDeD2jGBlnXQrAo5eZuEs=,tag:SzUwJ/jJPFsXfMH+vNjGSQ==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age16md2hayuu3txmv5xykkdwdnwn4ep2yg9kcrrkwzxphzjlnu6g3uqsk45re
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB2Rys2czUvN2lPQm9mQ0Zj
ZVViQnYvWW04N2dFd0k2RHBIeUlPMW54R1dvCnNHaUpsSFBMSWFrRVJKdXpxM0ZN
RzBnaWxOWEdJcFJMZEs0SW5vb0NaUTgKLS0tIFEvZ1Nsd3RiUys5RTVLWjJPS2dZ
dmkwMjZxNmJQVEx6OTRKa0c0RWRVdmMKMbFRo4DH2npvGXuhgYaXm39qIK7TxzEF
FEmqf4TG6g2mgthnkH/fHkr5WTJBjlTlRBnxkepFygFpb3405RiWaw==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2023-10-25T22:30:12Z"
mac: ENC[AES256_GCM,data:49o705lbbI4r3l7WFlitd2bBcIEoqOvmNk+UvtNkoKy7q2cQySUpPNSGrV4nzdhfUhWBti5ntzXdsJpGYDhtf9VOVub39oYtnHsgTM9tv9CRZlHJgsKNmJaousQR9oRZw4Ju32yLDzspvi2fNH//bN80IkiBmVayg2Z/ea4tWAk=,iv:/YCU8HOIh2XY29+3lPSl3m74b0K+WTOd7aUnGY+oHsk=,tag:Tb6p+EtihV4X9ZP54aqyjQ==,type:str]
pgp:
- created_at: "2023-10-25T22:19:47Z"
enc: |-
-----BEGIN PGP MESSAGE-----
wcFMAz3KbDTqPV7IARAAmXxEKOOguwKskZErr79loGEboZL0YLJhujsslvIhYBXL
PyWcTBAHOYuCM1M3Vpg3k84/sRYXplRaBohnAgLTMVz1ZC6STSypGEtK9WLGy2TG
1KNp5VhDVEdUWj1ldU5K3NGTwA++rMpB7O/lnKmcDFTHYe6GL5a9unE895Ecz9fX
JdTV9cJvvMmjAs3X2y7tYXwQydGQ4yQI3dqXAS0Xtsl90fH4XIIYPl2rHFX8BNam
L+k2+uFrrFrFYP9vGj2D6I6kJTeoBoAk7wGG0kUN+U3ykpZL9o58+drNVi+ZSv3b
JgQ1wssh77L8jmRneUb/BjpX5AlbIMq/pJZw5ZZuu9SDEukxvMFypwr91TaHZFfG
sZ262bMt+U5+hytVj3QsRX+SJI9UfYF1W+HLSiTzckkjw06OTLdffoI6g6vDGLg+
bS8UvlAay0TLprf1NKlsC98wevabU1mYW9CnKCykt3e9B6Oc8DdjKISezzc4McbR
R158vnDZITJW9owGgUZC45p2zlpWowfLfXnnttyLsqjSKzqELvax7u7xbIbDQ2sX
mtgIJOLu8hMlIlC/JgO86t7t3A1xbvYszo3zCO1czfkSAIIIHX/xsehaJxAZ8l3y
pMwzNAIVcBMN2qfICYa2ehbB2V2HMoROdHvQzbRJLj2VE5JCucCbLTTbZ6sLs1/S
UQFTUGIKsPIhmucuT4t69WVEY+mIx/1UP2Kp15RttSRdmhFaa0sWQn5BGau83lB0
NMu3iDgq/tvOlE7JHxLAnCcGnm76ARYU9BGrB06rbOmM2A==
=0sBJ
-----END PGP MESSAGE-----
fp: DDB4423999505236CF585F9B0560020C9C577C1B
unencrypted_suffix: _unencrypted
version: 3.7.3

41
pgp_keys/nemo.asc Normal file
View file

@ -0,0 +1,41 @@
-----BEGIN PGP PUBLIC KEY BLOCK-----
mQGNBF11TxgBDAC+wWm/Ica/y7PU9rD6R22PUxFWJ893qfWrHRNhZZV9b+Cx9WkX
S9WZwnk7w5EKM9zrkSYuJlplxU+xQapdJx+wWikhT3419JsBrKdixel+ugc5upxN
Nr68l2XNH6EYgADL8gcMGsH+MplxnNTvtcOgwXHkMxtxOCHYZPZBkjYXXaqJO5a/
asw6HT8Ne8M/jeOtjm3T03iNatnyZyH3IiFjjibGtMLIVVlbd9tJonpgQXHlxQjx
Qo6kO/SZ5LQNsvoV2Lkz3knxh/2P50eKpsLrD4usu9foAbBXRRT6uqyzBgGcVdB8
2PW2TfMx25lsXBNKcikRTxhymVIXOKOYdau/HvSHdya3aME3Vt0rEqZhL+oI58oO
en7kPpxqXFq7BV9SkcwPKY+NV87BLHeBIW1pxvX5sszMd23HJ8nAH9ElXqbfOAOn
OPKpERgotugqPIzPr70C6/IZ6BTK0mNM0XjS1I1RZI88TlyXh20IEUk19GWu1jLU
KPelR+xVEMVvojMAEQEAAbQlTWlraGFpbCBLb21hcm92IDxuZW1vQG5pbC5mb3Vu
ZGF0aW9uPokB1AQTAQgAPgIbAwULCQgHAgYVCgkICwIEFgIDAQIeAQIXgBYhBGOB
4LBSwPoHQei88woTEQJoGppDBQJj3wegBQkSz/eAAAoJEAoTEQJoGppDA0cMAIsw
rezpf2gW/hEl11+PCIOlIDpyAQQ93YWRfkzheRmTuiZSjuMVydPb+Aa0IUrL00zC
eRPzgP/HpJ+n9l45+WsJS3xcU0GLtJlNqvskjG9BN72eWoT69eIiHkEbSZuXIEUJ
agC2wOHhHV7ClOWq5voFxIbemKlN6pkZ8NFueZJ+TxnevJIL7lM7t5+GrB59hxEq
ceH9hkUGxRfQthXYem9lzm9jb4/bJrDwTLOv16Vuzij/6sr6DsqTIWlIZ8MvUkXV
pJk9Jjk0HNGU1aRsuVHkCnUSPpA7QVTrlGXD5CF1nTKhtQaJ0I2CsyGdx8l4DC36
D2EBxGqdSh70xtWQ0FYn68zNSv4MvhaQNlkDtVo0jDiTX2WoqTrSuCbnQ2+HY/Bu
I8kx+Cy9tN3isvodm8bKNCQxopfWFQC0rjg04xFiQ6ej1GTpuZfAa2FfwotcyYSr
e6Nq8sIxITLhu4PqZWI0ybJHOGRqX8st4no6f1mdhf1ccLlNXKKqJJsle6nh/LkB
jQRddU8YAQwA54U/ODkn99+xBmAKgtXnYlMtBnKzwGO5zRazRjiZ4CD07UwRdOGM
N15LHePDXf5GNnc7KXVlQLu+5ixswNkTkLnaJutzfSho5HwwsRqV+LdxX/3WQ6GP
wtLsPX3r0HUY+noA9wJou6bFCu+RB70ptWsQCtuifBDtOYcrDow/f2ne0ZtAIgiz
zSUyqVV6If68JPuMmIfwg8enNIolyFo7UwDwOieX09lxaMcNhuuGen2uftYieqBD
GxlRc6s2LFpbo3gVX47DlnhXjsiYc2ccrp0/PsWMZlvlX/Ktfj3qdUZkfPwUCJMx
6q6nEHG7mY98XWSCZe4o3XjUyz7pWAW0AU9ZsM+IxVUsaBwy/MEqtmBLbJ14i2Sp
1tQqtigiaBUONYs+XW8G0A3ZO8jfReK3BF2HW41BGPiogrlG3dxWOpjAp5K2/Wdm
1eFZpn4N4Yuo+l6p/ahRynB4tZR8PFd4QmcwcQz//Ghrg0MIpLSFGw9UPEegtYiP
E6okZjJDu/btABEBAAGJAbwEGAEIACYWIQRjgeCwUsD6B0HovPMKExECaBqaQwUC
XXVPGAIbDAUJB4YfgAAKCRAKExECaBqaQ7xlC/9GX/8BGlnQyEqUXoHKD9aasqxV
d2NmA3C/OUKgZZqmErmPVouApVhE4nYJQHLeaCOoZdEzBXrRVebMXbsvDQZy5xwa
OWjSaSJc7aQq/JA/Ij6x2NGlvPvrWGtpXel0Ws2pAohB5jSfMsMs5C2/dKL8pKOn
cR6gDVH7VTRjt53CMFXsOk9R2bV5i3lfwgKH5/TtiNSxGteiiECwr9epx+wvp2hl
1EOijoPeCVQnIpR8AiPBe57zaM++hzuoKJb7RxPzyeRdU27KJbENtW/ejOGw7KnV
sdeFHK2KAD3ESdnWPp7upll2h4zjxMbhvLWH6BSuW4SRZam+Ur0tDlD4XZZcE7WM
Vo4/F5qcFakmUH9yISIhhjkjwXE49oRf2wP85gv0le+uTNOd0FtqegltzUQkBDq4
wBLjY5aXT0IdaIJnXFgHc4WiGZpCMoTJECjGC0RV2tO+2b5n3Ly/6z71Y7thDKVD
GJmEFZCof+JXVbKiQ97v429IN+o3lv+9BuMgGSM=
=2x6g
-----END PGP PUBLIC KEY BLOCK-----

6
secrets.yaml
View file

@ -2,7 +2,7 @@ hello: ENC[AES256_GCM,data:+LPt8J+Ks1m10+zZ2Q96r3K2W6Yeng7M7+c2TYDQ+/4AJl6Xc6hVn
fastmail_password: ENC[AES256_GCM,data:tHr8PqIg9DigRBu2bgjUeg==,iv:NI9bENFPuKcOt1cd2kg2DKU22J1dJ+3mK7UoceZagR4=,tag:oEgeQb1iLKisOqHi9Ds7xg==,type:str]
github_token: ENC[AES256_GCM,data:E1+wrI5VUlnsqfKNH6fY7IXqHIiagAByLYCfIfdd2+HcvniAvZzaIyKB3nma5eks3csN5A9XgYXRb09lELroW00obmIWbWZPdFhDccHRtVOqFq/r+x27O/3MAkDqID5mc8xD8SqWUibr9UZfXjFcXC4bx7+a4pyy45akz9RLIJRVKDzxMBGmZ/wQcuFS9uy2Pv2yWRL7q4olzvc/kzNFRWCLU7ThIAJSIx//NluOE8xjsA==,iv:Cdc2wwGdXprch1hHd0CwJM6vUAYmfhI4FpcKjcoIZYY=,tag:so8BJtjHGcGzayPqMwy43A==,type:str]
mullvad_account: ENC[AES256_GCM,data:CO4wl2vNAMEC9oy37nIrpw==,iv:a3w64u8XQ/tihIDxIPPtdZ6F7dldLPvRzGUs1MpVe4M=,tag:HQxJVuGEvI0fVj8yGptbdA==,type:str]
git_plan_config: ENC[AES256_GCM,data:K1jtHTmSDrWeld/0WWDTToDUnnDmXiQqiX7q/xKnxPYcC4ZLo7roIkz1OfnIlcML7sk3ZIBEf1rFI7AdXQWbJouQP7R0IPN2gOBZxC9JoaTNftuYY1lfdjuaTDVpMJtZuWHFtk6Oc+LZ7TH24TnHXbw3H9JFmZSeb+Ztl2n0gINNWrWdw4HrN/puouHQl4H7bLsDhD33X5lv/nOsE0KR52/F8Iae0Tvud7Yk69b+xcirlaAP5xxvHRh03jfxQtiYpIU5v8Qv2U9aL7k625uJLswdM/7DLlvplTV4zbdnf2j6VvTerGd4NmewVwQEfr/hzJg+0avClD2o9mNZNNpV/gMTtVrZgJsWGQocA1HVXaazxFvlb9LsFe9PI0MTlxr/AHpW1F33eHaSP7HAWJ5GGTwK1W7FQRf4L8P6ozAOQeESeJIfF4Zeoh8FC/6ZrqtwVNhyGMat2EaSgPNISnfOTYu1mWBebQ+spsy4yt9S/t5oFkLuD2KpxLohj2PaOVk3p03DQXoCCf5m67ODvuCFG8lEV8xaXtfFRR9WjB7KJx1SZbUvTE8Hnzos6UTUqMnAG/X0WiTRgK5kaH7FUMhK7eElBY9/CQg9Q9qWPy8mbZQmvgejcDYsxmsL04oNGVyaSN+HyJi6sS6KkICKtRNJYEF9K/VExBEqWBWRPhe88ESu7oEnziOkzoz0BdJix10lxNgiN/t/+XNMrDCMqeCLxyYq9XDn4Pr+4mXKHOwGbofwSlAp9HJLa+yi/F4sleDW9WvYFUdFleweAij10KDQ6N/XOSKOe4quH6BXCJZC+8Aig4DRlosMdtSkqPGny1DD1mQYdyVbL1c9oP4XVUklF/fKt1qH8g+ORLUMX6IefM7W8aKwyTQImcbiL+ZWjs7YH+JdJ2uYOhY4WL+0bAdLD5lGuQu9yoO7LvcxzBz22RrF4/85BshNVVU=,iv:ZDmaGvR1Eiu1NtXP1wXPvvrcm375QKinjcjHrgSj/OQ=,tag:b7y1N3thEYVQFHz7HIGz8w==,type:str]
git_plan_config: ENC[AES256_GCM,data:2D7EgJF6Peh0j+h/c02U2qGWLwrPWRGX6YeAremV4lbea1PCrsydxoRAAd5NGIg50zFL2IpIQTqiDDFNXZe9ZzEYlKBukARuM/T/QexR0jP7bELm3CmxkoMS/ZDilFvWFnZfyYOhNiFFPDpH3qFwn+Sk19I24GsPsO/mPjVFdyiAKpKLggu0EsuDcbORvbe7o/uzJHxE3Ph2u6jS61L5dByPThiY0an84Lujz05Xwe0dJuv6yHmzbHvvrnfOovybJAWwk41XyaQylq5Ld0op/InRskhBPn8bW+aVhTiVpYTR6Ve5hCjveim+FLFkgSZQIPxNZWKkUaDeyC6jCyQ8lu0MARbLWdmsZwMW6cM7iKGOodzlx4QPQFLaSZokNz4f+rQPqrD/0cidGD6alhRqSWL5XsIlGlrtPBwgBGdFbwrns+lkAZYFOjiCG+cnWUdhIJbHAK1QJAuV5DMyU/9en0ESKo6zrQZc0vpA0Uf1lhqC4QInw7+e6yE1GqxlbhaVmlo6hc9AVRxLVFiSr0e9wBMbdyISCr/dsoq7Z8whGipePA05OApX3f3Zv5A2nv434eQ/C3y/cld/lLpvV5O7yKJKoZHSnDvViiydQWEzkSVgaOPwCDZzcYJlOVVZz+Nnyx7YF4fhUeRcnBsQhl/eYTmdvTPbXbkoyuol9ikFehWsws0hdiElBCYdtxLIC/VpMjMBKdHexBgG1i1JVPHOK4KPgZNYFy1/wbBINRx4iPN5NIakkSERhe7RHKqkatSp1o614AImBaoW+yIsG2uM9up1pkNDgt4hyhW9kMftrv6Po2uhq46Cf6nxX8j8cepqKOigxt2E8ajnMqWKQ937RtyoCccRw65ligAXOaL5RAWiyrggXR6mpcnWTNQkjgFh5lsgmTNXA3O/ItkICfekr0uDl4kRagG89NWaYmRfFCUg49m8vJ2OaF8Fy+Ae2NKjdi5lOdEWk/5ydPzgq8zw4ek=,iv:O4CsEXqMDd6ow/V21ULhfi+qlxjcaWc2TelrAy72JDY=,tag:mo7uUQmolaDCSpN8s8vkYQ==,type:str]
git_plan_credentials: ENC[AES256_GCM,data:d4egK2w4TGIDNaI2Wc3ViOBnH7/WpdeS1EoYe4/oaM4iayBXOEQMvT9qIgu/Hml34gvbBN9lRmlNkESVh7YpwO5wACkkRcO/0ZTyP8XzFUUo0IfUh1iHPjEQOF7vygW/woqBiQgFPRws9F+g6BW8aSQrBgvBF5IeNLhFBvSJUvTft1xEsNwFnkWnfZ2JWmYqLjEggoUEqtXMRw9KKcqm4DNXIzxmA8wSzDriIzeCVuSEV8sJD21saFPPaLw/jupLTLdWp5F8rAxLGa6e9coCNu8vSuqUgfv0jFET71bNw28xPrN38A/PIlUcR9MXe1SGqKAFxEv134ZkJr78g1PIWNoVDrmIlMpV6dYRLKM1FOcpAhJorIXooIl6quCdg2/U5onP8cQ7lt2LsEG5APKj7pz7huatdwM/CgxrcqPVb0E2Lk5c+wi3Rf9/Jz3BqcWQm3bwkHwivWyCD1Nw+qRXLFSfXGTovSBsxX0j4LbdP0o4iPuj068DGawpYC/AfcKfOCmh8aInQhGCQtIq14QGffU9GbW37gHu,iv:ZzOUYu3s+kfwbKajA+6fdu2EysipjoKD49muLNFBZ58=,tag:e0RI7rA8eLQI8h5L4pvS1A==,type:str]
sops:
kms: []
@ -28,8 +28,8 @@ sops:
U3loV2xDMkM5SWNXRDJobDloL0FVUUkK3OP7KvcKkE8mJ880dm6LMFZUxELjl8/P
6+q8qAYiAvl0Cbd4GzkNpUuBbLlFFWfFmC0vbgg8gyZ6xI5AFhHAPw==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2023-09-04T08:56:05Z"
mac: ENC[AES256_GCM,data:j90tHJC29wq5E5c68/NFKLsjid+Pr90HtAQHNPfOpWKEQapYAYcLBf9OYpJvSh3errLEEVOl/aoIoycDxI0vb6gX98In4hRXP9QkJO2ew/PyDOEKGMxaoYSKnfslB0VaEHPrC3LLAm/1qtuWWSLJT02WPke8iU2KtaQgCpc1XiY=,iv:2AeIHxbIi1UqB9d2EEgHD7PWKdh8Ystt6p+N63fDSGg=,tag:789IAWnTi2L3OWxHLPSVSQ==,type:str]
lastmodified: "2023-10-03T11:01:33Z"
mac: ENC[AES256_GCM,data:4x92WpoJ7RzT8FvpiacrlO+/7iJ1p9Do7iE4SU33aV4ASZt6spWpX+gkTEIaEo2lrJ7n1jPzFsPSjdguKBeg7RnMyIcuo010x32/ueBNSun57NU6Ay3XaP1FJ06LffMu7QmX2mJAZQG4BmITEwDUhNvE/0nAIqRfHVqYJywvvlI=,iv:l6C8uPmsPh9rh3pc5iWVXUBmd9nNvGNEAMkwjmRX9ag=,tag:54ojG4YTdaBuvedZBK7y+Q==,type:str]
pgp:
- created_at: "2023-06-10T01:03:11Z"
enc: |-

2
switch.sh
View file

@ -6,4 +6,6 @@ elif [ "$1" = "framework" ]; then
NIX_SSHOPTS="-t" nixos-rebuild switch --target-host framework --use-remote-sudo --flake `pwd`#framework
elif [ "$1" = "knazarovcom" ]; then
nixos-rebuild switch --target-host knazarov.com --use-remote-sudo --flake `pwd`#knazarovcom
elif [ "$1" = "videos" ]; then
nixos-rebuild switch --target-host 107.189.7.30 --use-remote-sudo --flake `pwd`#videos
fi