comparing chrome and main on nobbz.dev/nixos-config

+47 -46

.github/workflows/flake-update.yml

··· 7 7 8 8 jobs: 9 9 generate_matrix: 10 - runs-on: ubuntu-20.04 10 + runs-on: ubuntu-24.04 11 11 outputs: 12 12 packages: ${{ steps.gen_packages.outputs.packages }} 13 13 checks: ${{ steps.gen_checks.outputs.checks }} 14 14 steps: 15 15 - name: Clone repository 16 - uses: actions/checkout@v3 16 + uses: actions/checkout@v4 17 17 with: 18 - token: "${{ secrets.GITHUB_TOKEN }}" 18 + token: "${{ secrets.TEST_TOKEN }}" 19 19 - name: Install nix 20 - uses: cachix/install-nix-action@v20 20 + uses: cachix/install-nix-action@v31 21 21 with: 22 22 extra_nix_config: | 23 23 auto-optimise-store = true 24 - access-tokens = github.com=${{ secrets.GITHUB_TOKEN }} 24 + access-tokens = github.com=${{ secrets.TEST_TOKEN }} 25 25 experimental-features = nix-command flakes 26 26 substituters = https://cache.nixos.org/ https://nix-community.cachix.org 27 27 trusted-public-keys = cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY= nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs= 28 - install_url: https://releases.nixos.org/nix/nix-2.12.0/install 28 + install_url: https://releases.nixos.org/nix/nix-2.25.0/install 29 29 - name: Generate flake.json 30 30 run: | 31 31 nix flake show --json > flake.json ··· 39 39 printf "::set-output name=checks::%s" "$checks" 40 40 41 41 update_flake: 42 - runs-on: ubuntu-20.04 42 + runs-on: ubuntu-24.04 43 43 steps: 44 44 - name: Clone repository 45 - uses: actions/checkout@v3 45 + uses: actions/checkout@v4 46 46 with: 47 - token: "${{ secrets.GITHUB_TOKEN }}" 47 + token: "${{ secrets.TEST_TOKEN }}" 48 48 - name: Install nix 49 - uses: cachix/install-nix-action@v20 49 + uses: cachix/install-nix-action@v31 50 50 with: 51 51 extra_nix_config: | 52 52 auto-optimise-store = true 53 - access-tokens = github.com=${{ secrets.GITHUB_TOKEN }} 53 + access-tokens = github.com=${{ secrets.TEST_TOKEN }} 54 54 experimental-features = nix-command flakes 55 55 substituters = https://cache.nixos.org/ https://nix-community.cachix.org 56 56 trusted-public-keys = cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY= nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs= 57 - install_url: https://releases.nixos.org/nix/nix-2.12.0/install 57 + install_url: https://releases.nixos.org/nix/nix-2.25.0/install 58 58 - name: Set up git 59 59 run: | 60 60 git config user.email gitbot@nobbz.dev ··· 62 62 - name: Update the flake 63 63 run: nix flake update 64 64 - name: Store flake.lock 65 - uses: actions/upload-artifact@v3 65 + uses: actions/upload-artifact@v4 66 66 with: 67 67 name: flake_lock 68 68 path: flake.lock 69 69 70 70 build_flake: 71 - runs-on: ubuntu-20.04 71 + runs-on: ubuntu-24.04 72 72 needs: [generate_matrix, update_flake] 73 73 strategy: 74 74 fail-fast: false ··· 78 78 steps: 79 79 # - name: Prepare store folder 80 80 # run: sudo mkdir -p /nix 81 - # - name: Free diskspace 82 - # uses: easimon/maximize-build-space@master 83 - # with: 84 - # build-mount-path: /nix 85 - # remove-dotnet: true 86 - # remove-android: true 87 - # remove-haskell: true 81 + - name: Free diskspace 82 + uses: easimon/maximize-build-space@master 83 + with: 84 + build-mount-path: /nix 85 + root-reserve-mb: 5120 86 + remove-dotnet: true 87 + remove-android: true 88 + remove-haskell: true 88 89 - name: Clone repository 89 - uses: actions/checkout@v3 90 + uses: actions/checkout@v4 90 91 with: 91 - token: "${{ secrets.GITHUB_TOKEN }}" 92 + token: "${{ secrets.TEST_TOKEN }}" 92 93 - name: Install nix 93 - uses: cachix/install-nix-action@v20 94 + uses: cachix/install-nix-action@v31 94 95 with: 95 96 extra_nix_config: | 96 97 auto-optimise-store = true 97 - access-tokens = github.com=${{ secrets.GITHUB_TOKEN }} 98 + access-tokens = github.com=${{ secrets.TEST_TOKEN }} 98 99 experimental-features = nix-command flakes 99 100 substituters = https://cache.nixos.org/ https://nix-community.cachix.org 100 101 trusted-public-keys = cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY= nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs= 101 - install_url: https://releases.nixos.org/nix/nix-2.12.0/install 102 + install_url: https://releases.nixos.org/nix/nix-2.25.0/install 102 103 - name: Set up cachix 103 104 uses: cachix/cachix-action@master # pathsToPush, please update once we have v11! 104 105 with: ··· 106 107 signingKey: "${{ secrets.CACHIX_SIGNING_KEY }}" 107 108 pathsToPush: result 108 109 - name: Restore flake.lock 109 - uses: actions/download-artifact@v3 110 + uses: actions/download-artifact@v4 110 111 with: 111 112 name: flake_lock 112 113 - name: Build everything 113 114 run: nix build .#${{ matrix.package }} 114 115 115 116 build_checks: 116 - runs-on: ubuntu-20.04 117 + runs-on: ubuntu-24.04 117 118 needs: [generate_matrix, update_flake] 118 119 strategy: 119 120 fail-fast: false ··· 122 123 check: ${{fromJson(needs.generate_matrix.outputs.checks)}} 123 124 steps: 124 125 - name: Clone repository 125 - uses: actions/checkout@v3 126 + uses: actions/checkout@v4 126 127 with: 127 - token: "${{ secrets.GITHUB_TOKEN }}" 128 + token: "${{ secrets.TEST_TOKEN }}" 128 129 - name: Install nix 129 - uses: cachix/install-nix-action@v20 130 + uses: cachix/install-nix-action@v31 130 131 with: 131 132 extra_nix_config: | 132 133 auto-optimise-store = true 133 - access-tokens = github.com=${{ secrets.GITHUB_TOKEN }} 134 + access-tokens = github.com=${{ secrets.TEST_TOKEN }} 134 135 experimental-features = nix-command flakes 135 136 substituters = https://cache.nixos.org/ https://nix-community.cachix.org 136 137 trusted-public-keys = cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY= nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs= 137 - install_url: https://releases.nixos.org/nix/nix-2.12.0/install 138 + install_url: https://releases.nixos.org/nix/nix-2.25.0/install 138 139 - name: Set up cachix 139 140 uses: cachix/cachix-action@master # pathsToPush, please update once we have v11! 140 141 with: ··· 142 143 signingKey: "${{ secrets.CACHIX_SIGNING_KEY }}" 143 144 skipPush: true 144 145 - name: Restore flake.lock 145 - uses: actions/download-artifact@v3 146 + uses: actions/download-artifact@v4 146 147 with: 147 148 name: flake_lock 148 149 - name: Build everything 149 150 run: nix build .#checks.x86_64-linux.${{ matrix.check }} --no-link 150 151 151 152 check_flake: 152 - runs-on: ubuntu-20.04 153 + runs-on: ubuntu-24.04 153 154 needs: [update_flake] 154 155 continue-on-error: true 155 156 steps: 156 157 - name: Clone repository 157 - uses: actions/checkout@v3 158 + uses: actions/checkout@v4 158 159 with: 159 - token: "${{ secrets.GITHUB_TOKEN }}" 160 + token: "${{ secrets.TEST_TOKEN }}" 160 161 - name: Install nix 161 - uses: cachix/install-nix-action@v20 162 + uses: cachix/install-nix-action@v31 162 163 with: 163 164 extra_nix_config: | 164 165 auto-optimise-store = true 165 - access-tokens = github.com=${{ secrets.GITHUB_TOKEN }} 166 + access-tokens = github.com=${{ secrets.TEST_TOKEN }} 166 167 experimental-features = nix-command flakes 167 168 substituters = https://cache.nixos.org/ https://nix-community.cachix.org 168 169 trusted-public-keys = cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY= nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs= 169 - install_url: https://releases.nixos.org/nix/nix-2.12.0/install 170 + install_url: https://releases.nixos.org/nix/nix-2.25.0/install 170 171 - name: Restore flake.lock 171 - uses: actions/download-artifact@v3 172 + uses: actions/download-artifact@v4 172 173 with: 173 174 name: flake_lock 174 175 - name: Build everything ··· 176 177 nix flake check --keep-going 177 178 178 179 push_update: 179 - runs-on: ubuntu-20.04 180 + runs-on: ubuntu-24.04 180 181 permissions: write-all 181 182 needs: [update_flake, build_flake, build_checks, check_flake] 182 183 steps: 183 184 - name: Clone repository 184 - uses: actions/checkout@v3 185 + uses: actions/checkout@v4 185 186 with: 186 - token: "${{ secrets.GITHUB_TOKEN }}" 187 + token: "${{ secrets.TEST_TOKEN }}" 187 188 - name: Restore flake.lock 188 - uses: actions/download-artifact@v3 189 + uses: actions/download-artifact@v4 189 190 with: 190 191 name: flake_lock 191 192 - name: Set up git ··· 206 207 --title "Auto update $(date -I)") 207 208 gh pr merge $PR --merge --delete-branch 208 209 env: 209 - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} 210 + GITHUB_TOKEN: ${{ secrets.TEST_TOKEN }}

+119

.github/workflows/pull-check.yml

··· 1 + name: PullRequest checker 2 + 3 + on: 4 + pull_request: 5 + 6 + jobs: 7 + generate_matrix: 8 + runs-on: ubuntu-24.04 9 + outputs: 10 + packages: ${{ steps.gen_packages.outputs.packages }} 11 + checks: ${{ steps.gen_checks.outputs.checks }} 12 + steps: 13 + - name: Clone repository 14 + uses: actions/checkout@v4 15 + with: 16 + token: "${{ secrets.TEST_TOKEN }}" 17 + - name: Install nix 18 + uses: cachix/install-nix-action@v31 19 + with: 20 + extra_nix_config: | 21 + auto-optimise-store = true 22 + access-tokens = github.com=${{ secrets.TEST_TOKEN }} 23 + experimental-features = nix-command flakes 24 + substituters = https://cache.nixos.org/ https://nix-community.cachix.org https://nobbz.cachix.org 25 + trusted-public-keys = cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY= nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs= nobbz.cachix.org-1:fODxpqE4ni+pFDSuj2ybYZbMUjmxNTjA7rtUNHW61Ok= 26 + install_url: https://releases.nixos.org/nix/nix-2.25.0/install 27 + - name: Generate flake.json 28 + run: | 29 + nix flake show --json > flake.json 30 + - id: gen_packages 31 + run: | 32 + packages=$(jq -c '.packages."x86_64-linux" | keys' < flake.json) 33 + printf "packages=%s" "$packages" >> $GITHUB_OUTPUT 34 + - id: gen_checks 35 + run: | 36 + checks=$(jq -c '.checks."x86_64-linux" | keys' < flake.json) 37 + printf "checks=%s" "$checks" >> $GITHUB_OUTPUT 38 + 39 + build_flake: 40 + runs-on: ubuntu-24.04 41 + needs: [generate_matrix] 42 + strategy: 43 + fail-fast: false 44 + max-parallel: 5 45 + matrix: 46 + package: ${{fromJson(needs.generate_matrix.outputs.packages)}} 47 + steps: 48 + - name: Free diskspace 49 + uses: easimon/maximize-build-space@master 50 + with: 51 + build-mount-path: /nix 52 + root-reserve-mb: 5120 53 + remove-dotnet: true 54 + remove-android: true 55 + remove-haskell: true 56 + - name: Clone repository 57 + uses: actions/checkout@v4 58 + with: 59 + token: "${{ secrets.TEST_TOKEN }}" 60 + - name: Install nix 61 + uses: cachix/install-nix-action@v31 62 + with: 63 + extra_nix_config: | 64 + auto-optimise-store = true 65 + access-tokens = github.com=${{ secrets.TEST_TOKEN }} 66 + experimental-features = nix-command flakes 67 + substituters = https://cache.nixos.org/ https://nix-community.cachix.org https://nobbz.cachix.org 68 + trusted-public-keys = cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY= nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs= nobbz.cachix.org-1:fODxpqE4ni+pFDSuj2ybYZbMUjmxNTjA7rtUNHW61Ok= 69 + install_url: https://releases.nixos.org/nix/nix-2.25.0/install 70 + - name: Build everything 71 + run: nix build .#${{ matrix.package }} 72 + 73 + build_checks: 74 + runs-on: ubuntu-24.04 75 + needs: [generate_matrix] 76 + strategy: 77 + fail-fast: false 78 + max-parallel: 5 79 + matrix: 80 + check: ${{fromJson(needs.generate_matrix.outputs.checks)}} 81 + steps: 82 + - name: Clone repository 83 + uses: actions/checkout@v4 84 + with: 85 + token: "${{ secrets.TEST_TOKEN }}" 86 + - name: Install nix 87 + uses: cachix/install-nix-action@v31 88 + with: 89 + extra_nix_config: | 90 + auto-optimise-store = true 91 + access-tokens = github.com=${{ secrets.TEST_TOKEN }} 92 + experimental-features = nix-command flakes 93 + substituters = https://cache.nixos.org/ https://nix-community.cachix.org https://nobbz.cachix.org 94 + trusted-public-keys = cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY= nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs= nobbz.cachix.org-1:fODxpqE4ni+pFDSuj2ybYZbMUjmxNTjA7rtUNHW61Ok= 95 + install_url: https://releases.nixos.org/nix/nix-2.25.0/install 96 + - name: Build everything 97 + run: nix build .#checks.x86_64-linux.${{ matrix.check }} --no-link 98 + 99 + check_flake: 100 + runs-on: ubuntu-24.04 101 + continue-on-error: true 102 + steps: 103 + - name: Clone repository 104 + uses: actions/checkout@v4 105 + with: 106 + token: "${{ secrets.TEST_TOKEN }}" 107 + - name: Install nix 108 + uses: cachix/install-nix-action@v31 109 + with: 110 + extra_nix_config: | 111 + auto-optimise-store = true 112 + access-tokens = github.com=${{ secrets.TEST_TOKEN }} 113 + experimental-features = nix-command flakes 114 + substituters = https://cache.nixos.org/ https://nix-community.cachix.org https://nobbz.cachix.org 115 + trusted-public-keys = cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY= nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs= nobbz.cachix.org-1:fODxpqE4ni+pFDSuj2ybYZbMUjmxNTjA7rtUNHW61Ok= 116 + install_url: https://releases.nixos.org/nix/nix-2.25.0/install 117 + - name: run the checks 118 + run: | 119 + nix flake check --keep-going

+12

.sops.yaml

··· 2 2 - &admin_nobbz age1wpwkf2g475umw3wwns57r8ucykvy6lflpc7uphs0mx9exsj04quqpy7t6r 3 3 - &host_mimas age10jl78vwyqk622dpn2890l9jl4et3p7lsr8wh8vusem3j8jdxle8qg000qa 4 4 - &user_nmelzer_mimas age1w6xjgskpxnlpleswumdhtt7x8zx35qn329yz3x7ftqdcmcxrrvnqnuf9d6 5 + - &user_nmelzer_phoebe age1vr0uq6mwv844yvm8pe7qxjxpqrekgel3lqfzuuqtfzj0ehz3hphqzsxjna 5 6 creation_rules: 6 7 - path_regex: secrets/[^/]+\.yaml$ 7 8 key_groups: ··· 18 19 - age: 19 20 - *admin_nobbz 20 21 - *user_nmelzer_mimas 22 + - path_regex: secrets/phoebe/nmelzer/[^/]+ 23 + key_groups: 24 + - age: 25 + - *admin_nobbz 26 + - *user_nmelzer_phoebe 27 + - path_regex: secrets/users/nmelzer/[^/]+$ 28 + key_groups: 29 + - age: 30 + - *admin_nobbz 31 + - *user_nmelzer_mimas 32 + - *user_nmelzer_phoebe

+25

README.md

··· 1 + Hosts 2 + ===== 3 + 4 + > [!CAUTION] 5 + > This hosts system and home configurations are public for your own learning and 6 + > research. They are not meant to be used with any hardware other than mine. 7 + > Trying to build and deploy them to other systems without appropriate changes 8 + > can render your machines unbootable and damage data. 9 + 10 + > [!NOTE] 11 + > I do not provide copy/pastable commands that would build/switch/install any 12 + > of these configurations because I mean what I wrote in the block before! 13 + 14 + A list of all hosts currently in use by me. this covers all the 15 + devices i can name on my behalf. Not all devices in this list are 16 + managed through nix or even run it. 17 + 18 + * `mimas`: My currently used main host. 19 + * ~~`enceladeus`~~: A secondary laptop, rarely used but still updated. 20 + * ~~`thetys`~~: A nixos VM solely used in the office for work related things, discontinued 21 + * ~~`dione`~~: company provided android phone, discontinued 22 + * `rhea`: self owned phone 23 + * ~~`titan`~~: MacOS VM to play and experiment with, discontinued 24 + * ~~`hyperion`~~: Linux-Aarch64 VM to play and experiment with, discontinued 25 + * `phoebe`: TuxedoOS (Ubuntu derivative) laptop, HM only.

-13

README.org

··· 1 - * Hosts 2 - 3 - A list of all hosts currently in use by me. this covers all the 4 - devices i can name on my behalf. Not all devices in this list are 5 - managed through nix or even run it. 6 - 7 - + =mimas= :: My currently used main host. 8 - + =enceladeus= :: A secondary laptop, rarely used but still updated. 9 - + =thetys= :: A nixos VM solely used in the office for work related things, discontinued 10 - + =dione= :: company provided android phone, discontinued 11 - + =rhea= :: self owned phone 12 - + =titan= :: MacOS VM to play and experiment with 13 - + =hyperion= :: Linux-Aarch64 VM to play and experiment with

+2 -3

checks/default.nix

··· 1 1 inputs: let 2 - pkgs = inputs.unstable.legacyPackages.x86_64-linux; 3 - apkgs = inputs.alejandra.packages.x86_64-linux; 2 + pkgs = inputs.nixpkgs.legacyPackages.x86_64-linux; 4 3 5 - callPackage = pkgs.lib.callPackageWith (pkgs // apkgs // {inherit (inputs) self;}); 4 + callPackage = pkgs.lib.callPackageWith (pkgs // {inherit (inputs) self;}); 6 5 in { 7 6 alejandra = callPackage ./alejandra.nix {}; 8 7 statix = callPackage ./statix.nix {};

+321 -509

flake.lock

··· 1 1 { 2 2 "nodes": { 3 - "alejandra": { 4 - "inputs": { 5 - "fenix": "fenix", 6 - "flakeCompat": "flakeCompat", 7 - "nixpkgs": "nixpkgs" 8 - }, 9 - "locked": { 10 - "lastModified": 1660510326, 11 - "narHash": "sha256-xFumnivtVwu5fFBOrTxrv6fv3geHKF04RGP23EsDVaI=", 12 - "owner": "kamadorueda", 13 - "repo": "alejandra", 14 - "rev": "ef03f7ef74ec97fd91a016a51c9c9667fb315652", 15 - "type": "github" 16 - }, 17 - "original": { 18 - "owner": "kamadorueda", 19 - "ref": "3.0.0", 20 - "repo": "alejandra", 21 - "type": "github" 22 - } 23 - }, 24 - "alejandra_2": { 3 + "cargo2nix": { 25 4 "inputs": { 26 - "fenix": "fenix_2", 27 - "flakeCompat": "flakeCompat_2", 5 + "flake-compat": "flake-compat_3", 6 + "flake-utils": "flake-utils_3", 28 7 "nixpkgs": [ 29 8 "switcher", 30 - "dream2nix", 31 - "nixpkgs" 32 - ] 33 - }, 34 - "locked": { 35 - "lastModified": 1658427149, 36 - "narHash": "sha256-ToD/1z/q5VHsLMrS2h96vjJoLho59eNRtknOUd19ey8=", 37 - "owner": "kamadorueda", 38 - "repo": "alejandra", 39 - "rev": "f5a22afd2adfb249b4e68e0b33aa1f0fb73fb1be", 40 - "type": "github" 41 - }, 42 - "original": { 43 - "owner": "kamadorueda", 44 - "repo": "alejandra", 45 - "type": "github" 46 - } 47 - }, 48 - "crane": { 49 - "flake": false, 50 - "locked": { 51 - "lastModified": 1670900067, 52 - "narHash": "sha256-VXVa+KBfukhmWizaiGiHRVX/fuk66P8dgSFfkVN4/MY=", 53 - "owner": "ipetkov", 54 - "repo": "crane", 55 - "rev": "59b31b41a589c0a65e4a1f86b0e5eac68081468b", 56 - "type": "github" 57 - }, 58 - "original": { 59 - "owner": "ipetkov", 60 - "repo": "crane", 61 - "type": "github" 62 - } 63 - }, 64 - "devshell": { 65 - "flake": false, 66 - "locked": { 67 - "lastModified": 1663445644, 68 - "narHash": "sha256-+xVlcK60x7VY1vRJbNUEAHi17ZuoQxAIH4S4iUFUGBA=", 69 - "owner": "numtide", 70 - "repo": "devshell", 71 - "rev": "e3dc3e21594fe07bdb24bdf1c8657acaa4cb8f66", 72 - "type": "github" 73 - }, 74 - "original": { 75 - "owner": "numtide", 76 - "repo": "devshell", 77 - "type": "github" 78 - } 79 - }, 80 - "dream2nix": { 81 - "inputs": { 82 - "alejandra": "alejandra_2", 83 - "all-cabal-json": [ 84 - "switcher", 85 9 "nixpkgs" 86 10 ], 87 - "crane": "crane", 88 - "devshell": "devshell", 89 - "flake-parts": [ 90 - "switcher", 91 - "flake-parts" 92 - ], 93 - "flake-utils-pre-commit": "flake-utils-pre-commit", 94 - "ghc-utils": "ghc-utils", 95 - "gomod2nix": "gomod2nix", 96 - "mach-nix": "mach-nix", 97 - "nix-pypi-fetcher": "nix-pypi-fetcher", 98 - "nixpkgs": [ 11 + "rust-overlay": [ 99 12 "switcher", 100 - "nixpkgs" 101 - ], 102 - "poetry2nix": "poetry2nix", 103 - "pre-commit-hooks": "pre-commit-hooks", 104 - "pruned-racket-catalog": "pruned-racket-catalog" 13 + "rust-overlay" 14 + ] 105 15 }, 106 16 "locked": { 107 - "lastModified": 1677289985, 108 - "narHash": "sha256-lUp06cTTlWubeBGMZqPl9jODM99LpWMcwxRiscFAUJg=", 109 - "owner": "nix-community", 110 - "repo": "dream2nix", 111 - "rev": "28b973a8d4c30cc1cbb3377ea2023a76bc3fb889", 17 + "lastModified": 1705129117, 18 + "narHash": "sha256-LgdDHibvimzYhxBK3kxCk2gAL7k4Hyigl5KI0X9cijA=", 19 + "owner": "cargo2nix", 20 + "repo": "cargo2nix", 21 + "rev": "ae19a9e1f8f0880c088ea155ab66cee1fa001f59", 112 22 "type": "github" 113 23 }, 114 24 "original": { 115 - "owner": "nix-community", 116 - "repo": "dream2nix", 25 + "owner": "cargo2nix", 26 + "repo": "cargo2nix", 117 27 "type": "github" 118 28 } 119 29 }, 120 30 "emacs": { 121 31 "inputs": { 122 - "flake-utils": "flake-utils", 123 32 "nixpkgs": [ 124 - "master" 33 + "nixpkgs" 34 + ], 35 + "nixpkgs-stable": [ 36 + "nixpkgs" 125 37 ] 126 38 }, 127 39 "locked": { 128 - "lastModified": 1679104561, 129 - "narHash": "sha256-JVyv+GeyJr7Zlxjt54sjHo90KpUGSUiVs/6tUBUuvQc=", 40 + "lastModified": 1749090069, 41 + "narHash": "sha256-uN3Mp+o7IfVT9H/OuwEtJ17NktCaF4t9Ond3TKt+BE4=", 130 42 "owner": "nix-community", 131 43 "repo": "emacs-overlay", 132 - "rev": "65c5d30a355533e3f0b7b6f0417270744978134e", 44 + "rev": "c17506666090e412a50b01c57944386ab81d2aa8", 133 45 "type": "github" 134 46 }, 135 47 "original": { ··· 138 50 "type": "github" 139 51 } 140 52 }, 141 - "fenix": { 142 - "inputs": { 143 - "nixpkgs": [ 144 - "alejandra", 145 - "nixpkgs" 146 - ], 147 - "rust-analyzer-src": "rust-analyzer-src" 148 - }, 53 + "flake-compat": { 54 + "flake": false, 149 55 "locked": { 150 - "lastModified": 1657607339, 151 - "narHash": "sha256-HaqoAwlbVVZH2n4P3jN2FFPMpVuhxDy1poNOR7kzODc=", 152 - "owner": "nix-community", 153 - "repo": "fenix", 154 - "rev": "b814c83d9e6aa5a28d0cf356ecfdafb2505ad37d", 56 + "lastModified": 1733328505, 57 + "narHash": "sha256-NeCCThCEP3eCl2l/+27kNNK7QrwZB1IJCrXfrbv5oqU=", 58 + "owner": "edolstra", 59 + "repo": "flake-compat", 60 + "rev": "ff81ac966bb2cae68946d5ed5fc4994f96d0ffec", 155 61 "type": "github" 156 62 }, 157 63 "original": { 158 - "owner": "nix-community", 159 - "repo": "fenix", 64 + "owner": "edolstra", 65 + "repo": "flake-compat", 160 66 "type": "github" 161 67 } 162 68 }, 163 - "fenix_2": { 164 - "inputs": { 165 - "nixpkgs": [ 166 - "switcher", 167 - "dream2nix", 168 - "alejandra", 169 - "nixpkgs" 170 - ], 171 - "rust-analyzer-src": "rust-analyzer-src_2" 172 - }, 69 + "flake-compat_2": { 70 + "flake": false, 173 71 "locked": { 174 - "lastModified": 1657607339, 175 - "narHash": "sha256-HaqoAwlbVVZH2n4P3jN2FFPMpVuhxDy1poNOR7kzODc=", 176 - "owner": "nix-community", 177 - "repo": "fenix", 178 - "rev": "b814c83d9e6aa5a28d0cf356ecfdafb2505ad37d", 72 + "lastModified": 1696426674, 73 + "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", 74 + "owner": "edolstra", 75 + "repo": "flake-compat", 76 + "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", 179 77 "type": "github" 180 78 }, 181 79 "original": { 182 - "owner": "nix-community", 183 - "repo": "fenix", 80 + "owner": "edolstra", 81 + "repo": "flake-compat", 184 82 "type": "github" 185 83 } 186 84 }, 187 - "flake-compat": { 85 + "flake-compat_3": { 188 86 "flake": false, 189 87 "locked": { 190 - "lastModified": 1673956053, 191 - "narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=", 88 + "lastModified": 1696426674, 89 + "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", 192 90 "owner": "edolstra", 193 91 "repo": "flake-compat", 194 - "rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9", 92 + "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", 195 93 "type": "github" 196 94 }, 197 95 "original": { ··· 202 100 }, 203 101 "flake-utils": { 204 102 "locked": { 205 - "lastModified": 1667395993, 206 - "narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=", 103 + "lastModified": 1659877975, 104 + "narHash": "sha256-zllb8aq3YO3h8B/U0/J1WBgAL8EX5yWf5pMj3G0NAmc=", 207 105 "owner": "numtide", 208 106 "repo": "flake-utils", 209 - "rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f", 107 + "rev": "c0e246b9b83f637f4681389ecabcb2681b4f3af0", 210 108 "type": "github" 211 109 }, 212 110 "original": { ··· 215 113 "type": "github" 216 114 } 217 115 }, 218 - "flake-utils-pre-commit": { 116 + "flake-utils_2": { 117 + "inputs": { 118 + "systems": "systems" 119 + }, 219 120 "locked": { 220 - "lastModified": 1644229661, 221 - "narHash": "sha256-1YdnJAsNy69bpcjuoKdOYQX0YxZBiCYZo4Twxerqv7k=", 121 + "lastModified": 1681202837, 122 + "narHash": "sha256-H+Rh19JDwRtpVPAWp64F+rlEtxUWBAQW28eAi3SRSzg=", 222 123 "owner": "numtide", 223 124 "repo": "flake-utils", 224 - "rev": "3cecb5b042f7f209c56ffd8371b2711a290ec797", 125 + "rev": "cfacdce06f30d2b68473a46042957675eebb3401", 225 126 "type": "github" 226 127 }, 227 128 "original": { ··· 230 131 "type": "github" 231 132 } 232 133 }, 233 - "flake-utils_2": { 134 + "flake-utils_3": { 135 + "inputs": { 136 + "systems": "systems_2" 137 + }, 234 138 "locked": { 235 - "lastModified": 1678901627, 236 - "narHash": "sha256-U02riOqrKKzwjsxc/400XnElV+UtPUQWpANPlyazjH0=", 139 + "lastModified": 1694529238, 140 + "narHash": "sha256-zsNZZGTGnMOf9YpHKJqMSsa0dXbfmxeoJ7xHlrt+xmY=", 237 141 "owner": "numtide", 238 142 "repo": "flake-utils", 239 - "rev": "93a2b84fc4b70d9e089d029deacc3583435c2ed6", 143 + "rev": "ff7b65b44d01cf9ba6a71320833626af21126384", 240 144 "type": "github" 241 145 }, 242 146 "original": { ··· 245 149 "type": "github" 246 150 } 247 151 }, 248 - "flake-utils_3": { 152 + "gen-luarc": { 153 + "inputs": { 154 + "flake-parts": [ 155 + "nvim", 156 + "parts" 157 + ], 158 + "git-hooks": "git-hooks", 159 + "luvit-meta": "luvit-meta", 160 + "nixpkgs": [ 161 + "nvim", 162 + "nixpkgs" 163 + ] 164 + }, 249 165 "locked": { 250 - "lastModified": 1676283394, 251 - "narHash": "sha256-XX2f9c3iySLCw54rJ/CZs+ZK6IQy7GXNY4nSOyu2QG4=", 252 - "owner": "numtide", 253 - "repo": "flake-utils", 254 - "rev": "3db36a8b464d0c4532ba1c7dda728f4576d6d073", 166 + "lastModified": 1724097937, 167 + "narHash": "sha256-Q4tgm8ZHAQUdvsNft86MqIbHQAm7OF7RT/wwYWXqSdY=", 168 + "owner": "mrcjkb", 169 + "repo": "nix-gen-luarc-json", 170 + "rev": "b36b69c4ded9f31b079523bc452e23458734cf00", 255 171 "type": "github" 256 172 }, 257 173 "original": { 258 - "owner": "numtide", 259 - "repo": "flake-utils", 174 + "owner": "mrcjkb", 175 + "repo": "nix-gen-luarc-json", 260 176 "type": "github" 261 177 } 262 178 }, 263 - "flakeCompat": { 264 - "flake": false, 179 + "git-hooks": { 180 + "inputs": { 181 + "flake-compat": "flake-compat_2", 182 + "gitignore": "gitignore", 183 + "nixpkgs": [ 184 + "nvim", 185 + "gen-luarc", 186 + "nixpkgs" 187 + ], 188 + "nixpkgs-stable": "nixpkgs-stable" 189 + }, 265 190 "locked": { 266 - "lastModified": 1650374568, 267 - "narHash": "sha256-Z+s0J8/r907g149rllvwhb4pKi8Wam5ij0st8PwAh+E=", 268 - "owner": "edolstra", 269 - "repo": "flake-compat", 270 - "rev": "b4a34015c698c7793d592d66adbab377907a2be8", 191 + "lastModified": 1723803910, 192 + "narHash": "sha256-yezvUuFiEnCFbGuwj/bQcqg7RykIEqudOy/RBrId0pc=", 193 + "owner": "cachix", 194 + "repo": "git-hooks.nix", 195 + "rev": "bfef0ada09e2c8ac55bbcd0831bd0c9d42e651ba", 271 196 "type": "github" 272 197 }, 273 198 "original": { 274 - "owner": "edolstra", 275 - "repo": "flake-compat", 199 + "owner": "cachix", 200 + "repo": "git-hooks.nix", 276 201 "type": "github" 277 202 } 278 203 }, 279 - "flakeCompat_2": { 280 - "flake": false, 204 + "git-hooks-nix": { 205 + "inputs": { 206 + "flake-compat": [ 207 + "nix" 208 + ], 209 + "gitignore": [ 210 + "nix" 211 + ], 212 + "nixpkgs": [ 213 + "nix", 214 + "nixpkgs" 215 + ], 216 + "nixpkgs-stable": [ 217 + "nix", 218 + "nixpkgs" 219 + ] 220 + }, 281 221 "locked": { 282 - "lastModified": 1650374568, 283 - "narHash": "sha256-Z+s0J8/r907g149rllvwhb4pKi8Wam5ij0st8PwAh+E=", 284 - "owner": "edolstra", 285 - "repo": "flake-compat", 286 - "rev": "b4a34015c698c7793d592d66adbab377907a2be8", 222 + "lastModified": 1734279981, 223 + "narHash": "sha256-NdaCraHPp8iYMWzdXAt5Nv6sA3MUzlCiGiR586TCwo0=", 224 + "owner": "cachix", 225 + "repo": "git-hooks.nix", 226 + "rev": "aa9f40c906904ebd83da78e7f328cd8aeaeae785", 287 227 "type": "github" 288 228 }, 289 229 "original": { 290 - "owner": "edolstra", 291 - "repo": "flake-compat", 230 + "owner": "cachix", 231 + "repo": "git-hooks.nix", 292 232 "type": "github" 293 233 } 294 234 }, 295 - "ghc-utils": { 296 - "flake": false, 297 - "locked": { 298 - "lastModified": 1662774800, 299 - "narHash": "sha256-1Rd2eohGUw/s1tfvkepeYpg8kCEXiIot0RijapUjAkE=", 300 - "ref": "refs/heads/master", 301 - "rev": "bb3a2d3dc52ff0253fb9c2812bd7aa2da03e0fea", 302 - "revCount": 1072, 303 - "type": "git", 304 - "url": "https://gitlab.haskell.org/bgamari/ghc-utils" 235 + "gitignore": { 236 + "inputs": { 237 + "nixpkgs": [ 238 + "nvim", 239 + "gen-luarc", 240 + "git-hooks", 241 + "nixpkgs" 242 + ] 305 243 }, 306 - "original": { 307 - "type": "git", 308 - "url": "https://gitlab.haskell.org/bgamari/ghc-utils" 309 - } 310 - }, 311 - "gomod2nix": { 312 - "flake": false, 313 244 "locked": { 314 - "lastModified": 1627572165, 315 - "narHash": "sha256-MFpwnkvQpauj799b4QTBJQFEddbD02+Ln5k92QyHOSk=", 316 - "owner": "tweag", 317 - "repo": "gomod2nix", 318 - "rev": "67f22dd738d092c6ba88e420350ada0ed4992ae8", 245 + "lastModified": 1709087332, 246 + "narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=", 247 + "owner": "hercules-ci", 248 + "repo": "gitignore.nix", 249 + "rev": "637db329424fd7e46cf4185293b9cc8c88c95394", 319 250 "type": "github" 320 251 }, 321 252 "original": { 322 - "owner": "tweag", 323 - "repo": "gomod2nix", 253 + "owner": "hercules-ci", 254 + "repo": "gitignore.nix", 324 255 "type": "github" 325 256 } 326 257 }, 327 258 "home-manager": { 328 259 "inputs": { 329 260 "nixpkgs": [ 330 - "unstable" 331 - ], 332 - "utils": "utils" 261 + "nixpkgs" 262 + ] 333 263 }, 334 264 "locked": { 335 - "lastModified": 1679067095, 336 - "narHash": "sha256-G2dJQURL/CCi+8RP6jNJG8VqgtzEMCA+6mNodd3VR6E=", 265 + "lastModified": 1749062139, 266 + "narHash": "sha256-gGGLujmeWU+ZjFzfMvFMI0hp9xONsSbm88187wJr82Q=", 337 267 "owner": "nix-community", 338 268 "repo": "home-manager", 339 - "rev": "3239e0b40f242f47bf6c0c37b2fd35ab3e76e370", 269 + "rev": "86b95fc1ed2b9b04a451a08ccf13d78fb421859c", 340 270 "type": "github" 341 271 }, 342 272 "original": { ··· 345 275 "type": "github" 346 276 } 347 277 }, 348 - "lowdown-src": { 278 + "luvit-meta": { 349 279 "flake": false, 350 280 "locked": { 351 - "lastModified": 1633514407, 352 - "narHash": "sha256-Dw32tiMjdK9t3ETl5fzGrutQTzh2rufgZV4A/BbxuD4=", 353 - "owner": "kristapsdz", 354 - "repo": "lowdown", 355 - "rev": "d2c2b44ff6c27b936ec27358a2653caaef8f73b8", 356 - "type": "github" 357 - }, 358 - "original": { 359 - "owner": "kristapsdz", 360 - "repo": "lowdown", 361 - "type": "github" 362 - } 363 - }, 364 - "mach-nix": { 365 - "flake": false, 366 - "locked": { 367 - "lastModified": 1634711045, 368 - "narHash": "sha256-m5A2Ty88NChLyFhXucECj6+AuiMZPHXNbw+9Kcs7F6Y=", 369 - "owner": "DavHau", 370 - "repo": "mach-nix", 371 - "rev": "4433f74a97b94b596fa6cd9b9c0402104aceef5d", 372 - "type": "github" 373 - }, 374 - "original": { 375 - "id": "mach-nix", 376 - "type": "indirect" 377 - } 378 - }, 379 - "master": { 380 - "locked": { 381 - "lastModified": 1679105836, 382 - "narHash": "sha256-VqWNbewPjGCi7Ecs23WdYoBE0qhm6jK0SzNry+dMksY=", 383 - "owner": "nixos", 384 - "repo": "nixpkgs", 385 - "rev": "29b574db13810b54f84fcb60220798fe0e4351ce", 386 - "type": "github" 387 - }, 388 - "original": { 389 - "owner": "nixos", 390 - "ref": "master", 391 - "repo": "nixpkgs", 392 - "type": "github" 393 - } 394 - }, 395 - "nil": { 396 - "inputs": { 397 - "flake-utils": "flake-utils_3", 398 - "nixpkgs": "nixpkgs_2", 399 - "rust-overlay": "rust-overlay" 400 - }, 401 - "locked": { 402 - "lastModified": 1678728829, 403 - "narHash": "sha256-KbA8uakGfjfvRH+Td/VegiLdHrnqIZHkMTQ5XBjL2dE=", 404 - "owner": "oxalica", 405 - "repo": "nil", 406 - "rev": "e7045f1779fd202a3316f84b864c304f339cccea", 281 + "lastModified": 1705776742, 282 + "narHash": "sha256-zAAptV/oLuLAAsa2zSB/6fxlElk4+jNZd/cPr9oxFig=", 283 + "owner": "Bilal2453", 284 + "repo": "luvit-meta", 285 + "rev": "ce76f6f6cdc9201523a5875a4471dcfe0186eb60", 407 286 "type": "github" 408 287 }, 409 288 "original": { 410 - "owner": "oxalica", 411 - "repo": "nil", 289 + "owner": "Bilal2453", 290 + "repo": "luvit-meta", 412 291 "type": "github" 413 292 } 414 293 }, 415 294 "nix": { 416 295 "inputs": { 417 296 "flake-compat": "flake-compat", 418 - "lowdown-src": "lowdown-src", 419 - "nixpkgs": "nixpkgs_3", 297 + "flake-parts": [ 298 + "parts" 299 + ], 300 + "git-hooks-nix": "git-hooks-nix", 301 + "nixpkgs": "nixpkgs", 302 + "nixpkgs-23-11": "nixpkgs-23-11", 420 303 "nixpkgs-regression": "nixpkgs-regression" 421 304 }, 422 305 "locked": { 423 - "lastModified": 1679065027, 424 - "narHash": "sha256-sRxUSFqGLkXyYGVfRN1eN+xXjGamBnfbC+rV+3fTC8w=", 306 + "lastModified": 1749012568, 307 + "narHash": "sha256-7IltFTct/oe6pGkwB6f/1WhWA65hFnsBY6XaGjodf3k=", 425 308 "owner": "nixos", 426 309 "repo": "nix", 427 - "rev": "790dd2555b8a324035af8b03aad582a25f7a0ecd", 310 + "rev": "4751cbef6303d10479f3db1b13db69197d9c3446", 428 311 "type": "github" 429 312 }, 430 313 "original": { ··· 433 316 "type": "github" 434 317 } 435 318 }, 436 - "nix-pypi-fetcher": { 437 - "flake": false, 319 + "nix-gl": { 320 + "inputs": { 321 + "flake-utils": "flake-utils", 322 + "nixpkgs": [ 323 + "nixpkgs" 324 + ] 325 + }, 438 326 "locked": { 439 - "lastModified": 1669065297, 440 - "narHash": "sha256-UStjXjNIuIm7SzMOWvuYWIHBkPUKQ8Id63BMJjnIDoA=", 441 - "owner": "DavHau", 442 - "repo": "nix-pypi-fetcher", 443 - "rev": "a9885ac6a091576b5195d547ac743d45a2a615ac", 327 + "lastModified": 1713543440, 328 + "narHash": "sha256-lnzZQYG0+EXl/6NkGpyIz+FEOc/DSEG57AP1VsdeNrM=", 329 + "owner": "nix-community", 330 + "repo": "nixgl", 331 + "rev": "310f8e49a149e4c9ea52f1adf70cdc768ec53f8a", 444 332 "type": "github" 445 333 }, 446 334 "original": { 447 - "owner": "DavHau", 448 - "repo": "nix-pypi-fetcher", 335 + "owner": "nix-community", 336 + "repo": "nixgl", 449 337 "type": "github" 450 338 } 451 339 }, 452 340 "nixos-vscode-server": { 453 341 "inputs": { 454 - "nixpkgs": "nixpkgs_4" 342 + "flake-utils": "flake-utils_2", 343 + "nixpkgs": [ 344 + "nixpkgs" 345 + ] 455 346 }, 456 347 "locked": { 457 - "lastModified": 1676501444, 458 - "narHash": "sha256-H+uQetkzd5GIga56HmCDwl5eihdQgeN2jVdNrkXzDyo=", 348 + "lastModified": 1729422940, 349 + "narHash": "sha256-DlvJv33ml5UTKgu4b0HauOfFIoDx6QXtbqUF3vWeRCY=", 459 350 "owner": "msteen", 460 351 "repo": "nixos-vscode-server", 461 - "rev": "57f1716bc625d2892579294cc207956679e3d94c", 352 + "rev": "8b6db451de46ecf9b4ab3d01ef76e59957ff549f", 462 353 "type": "github" 463 354 }, 464 355 "original": { ··· 469 360 }, 470 361 "nixpkgs": { 471 362 "locked": { 472 - "lastModified": 1657425264, 473 - "narHash": "sha256-3aHvoI2e8vJKw3hvnHECaBpSsL5mxVsVtaLCnTdNcH8=", 474 - "owner": "nixos", 363 + "lastModified": 1747179050, 364 + "narHash": "sha256-qhFMmDkeJX9KJwr5H32f1r7Prs7XbQWtO0h3V0a0rFY=", 365 + "owner": "NixOS", 475 366 "repo": "nixpkgs", 476 - "rev": "de5b3dd17034e6106e75746e81618e5bd408de8a", 367 + "rev": "adaa24fbf46737f3f1b5497bf64bae750f82942e", 477 368 "type": "github" 478 369 }, 479 370 "original": { 480 - "owner": "nixos", 481 - "ref": "nixos-unstable-small", 371 + "owner": "NixOS", 372 + "ref": "nixos-unstable", 482 373 "repo": "nixpkgs", 483 374 "type": "github" 484 375 } 485 376 }, 486 - "nixpkgs-2211": { 377 + "nixpkgs-23-11": { 487 378 "locked": { 488 - "lastModified": 1678972866, 489 - "narHash": "sha256-YV8BcNWfNVgS449B6hFYFUg4kwVIQMNehZP+FNDs1LY=", 490 - "owner": "nixos", 379 + "lastModified": 1717159533, 380 + "narHash": "sha256-oamiKNfr2MS6yH64rUn99mIZjc45nGJlj9eGth/3Xuw=", 381 + "owner": "NixOS", 491 382 "repo": "nixpkgs", 492 - "rev": "cd34d6ed7ba7d5c4e44b04a53dc97edb52f2766c", 383 + "rev": "a62e6edd6d5e1fa0329b8653c801147986f8d446", 493 384 "type": "github" 494 385 }, 495 386 "original": { 496 - "owner": "nixos", 497 - "ref": "nixos-22.11", 387 + "owner": "NixOS", 498 388 "repo": "nixpkgs", 389 + "rev": "a62e6edd6d5e1fa0329b8653c801147986f8d446", 499 390 "type": "github" 500 391 } 501 392 }, 502 - "nixpkgs-insync-v3": { 393 + "nixpkgs-emmy": { 503 394 "locked": { 504 - "lastModified": 1674552486, 505 - "narHash": "sha256-FK9Y4P5Q7lzq9hjXIflr9oW+Cxw+5gxP/dN9+R/bHnA=", 506 - "owner": "nixos", 395 + "lastModified": 1719675406, 396 + "narHash": "sha256-bZgaUZikDI7ZS1EY0jjZnbcO4vNeSRhIekb17FyUMf0=", 397 + "owner": "NixOS", 507 398 "repo": "nixpkgs", 508 - "rev": "32fdc268e921994e3f38088486ddfe765d11df93", 399 + "rev": "2feb215c297f2c9ae272336f55d54a962d71a9ff", 509 400 "type": "github" 510 401 }, 511 402 "original": { 512 - "owner": "nixos", 513 - "ref": "32fdc268e921994e3f38088486ddfe765d11df93", 403 + "owner": "NixOS", 404 + "ref": "pull/323401/head", 514 405 "repo": "nixpkgs", 515 406 "type": "github" 516 407 } 517 408 }, 518 - "nixpkgs-lib": { 409 + "nixpkgs-pre-rust": { 519 410 "locked": { 520 - "dir": "lib", 521 - "lastModified": 1678375444, 522 - "narHash": "sha256-XIgHfGvjFvZQ8hrkfocanCDxMefc/77rXeHvYdzBMc8=", 523 - "owner": "NixOS", 411 + "lastModified": 1723634395, 412 + "narHash": "sha256-K1ohl/M/HWXqieqNtsF39FbWqtaNX/mUgulrqcOO1KU=", 413 + "owner": "nixos", 524 414 "repo": "nixpkgs", 525 - "rev": "130fa0baaa2b93ec45523fdcde942f6844ee9f6e", 415 + "rev": "57d0d4a8f3025e2b902d2b4403bcece26ad1ea74", 526 416 "type": "github" 527 417 }, 528 418 "original": { 529 - "dir": "lib", 530 - "owner": "NixOS", 531 - "ref": "nixos-unstable", 419 + "owner": "nixos", 420 + "ref": "57d0d4a8f302", 532 421 "repo": "nixpkgs", 533 422 "type": "github" 534 423 } ··· 551 440 }, 552 441 "nixpkgs-stable": { 553 442 "locked": { 554 - "lastModified": 1678582009, 555 - "narHash": "sha256-J8QzUOOv3/y97q19pGOz28gLC3lAUy1c4bWpsi5D460=", 443 + "lastModified": 1720386169, 444 + "narHash": "sha256-NGKVY4PjzwAa4upkGtAMz1npHGoRzWotlSnVlqI40mo=", 556 445 "owner": "NixOS", 557 446 "repo": "nixpkgs", 558 - "rev": "c34fc09c77172c4189df4594a0749e25a23cdd9b", 447 + "rev": "194846768975b7ad2c4988bdb82572c00222c0d7", 559 448 "type": "github" 560 449 }, 561 450 "original": { 562 451 "owner": "NixOS", 563 - "ref": "release-22.11", 564 - "repo": "nixpkgs", 565 - "type": "github" 566 - } 567 - }, 568 - "nixpkgs-unstable": { 569 - "locked": { 570 - "lastModified": 1678898370, 571 - "narHash": "sha256-xTICr1j+uat5hk9FyuPOFGxpWHdJRibwZC+ATi0RbtE=", 572 - "owner": "nixos", 573 - "repo": "nixpkgs", 574 - "rev": "ac718d02867a84b42522a0ece52d841188208f2c", 575 - "type": "github" 576 - }, 577 - "original": { 578 - "owner": "nixos", 579 - "ref": "nixos-unstable", 452 + "ref": "nixos-24.05", 580 453 "repo": "nixpkgs", 581 454 "type": "github" 582 455 } 583 456 }, 584 457 "nixpkgs_2": { 585 458 "locked": { 586 - "lastModified": 1678298120, 587 - "narHash": "sha256-iaV5xqgn29xy765Js3EoZePQyZIlLZA3pTYtTnKkejg=", 459 + "lastModified": 1748929857, 460 + "narHash": "sha256-lcZQ8RhsmhsK8u7LIFsJhsLh/pzR9yZ8yqpTzyGdj+Q=", 588 461 "owner": "nixos", 589 462 "repo": "nixpkgs", 590 - "rev": "1e383aada51b416c6c27d4884d2e258df201bc11", 463 + "rev": "c2a03962b8e24e669fb37b7df10e7c79531ff1a4", 591 464 "type": "github" 592 465 }, 593 466 "original": { 594 467 "owner": "nixos", 595 - "ref": "nixpkgs-unstable", 468 + "ref": "nixos-unstable", 596 469 "repo": "nixpkgs", 597 470 "type": "github" 598 471 } 599 472 }, 600 473 "nixpkgs_3": { 601 474 "locked": { 602 - "lastModified": 1670461440, 603 - "narHash": "sha256-jy1LB8HOMKGJEGXgzFRLDU1CBGL0/LlkolgnqIsF0D8=", 475 + "lastModified": 1744868846, 476 + "narHash": "sha256-5RJTdUHDmj12Qsv7XOhuospjAjATNiTMElplWnJE9Hs=", 604 477 "owner": "NixOS", 605 478 "repo": "nixpkgs", 606 - "rev": "04a75b2eecc0acf6239acf9dd04485ff8d14f425", 479 + "rev": "ebe4301cbd8f81c4f8d3244b3632338bbeb6d49c", 607 480 "type": "github" 608 481 }, 609 482 "original": { 610 483 "owner": "NixOS", 611 - "ref": "nixos-22.11-small", 484 + "ref": "nixpkgs-unstable", 612 485 "repo": "nixpkgs", 613 486 "type": "github" 614 487 } 615 488 }, 616 489 "nixpkgs_4": { 617 490 "locked": { 618 - "lastModified": 1672441588, 619 - "narHash": "sha256-jx5kxOyeObnVD44HRebKYL3cjWrcKhhcDmEYm0/naDY=", 620 - "owner": "NixOS", 621 - "repo": "nixpkgs", 622 - "rev": "6a0d2701705c3cf6f42c15aa92b7885f1f8a477f", 623 - "type": "github" 624 - }, 625 - "original": { 626 - "id": "nixpkgs", 627 - "type": "indirect" 628 - } 629 - }, 630 - "nixpkgs_5": { 631 - "locked": { 632 - "lastModified": 1678500213, 633 - "narHash": "sha256-A5s2rXawJ+dCThkMXoMuYW8dgyUmkElcyfVJUot/Vr0=", 491 + "lastModified": 1728538411, 492 + "narHash": "sha256-f0SBJz1eZ2yOuKUr5CA9BHULGXVSn6miBuUWdTyhUhU=", 634 493 "owner": "NixOS", 635 494 "repo": "nixpkgs", 636 - "rev": "2ce9b9842b5e63884dfc3dea6689769e2a1ea309", 495 + "rev": "b69de56fac8c2b6f8fd27f2eca01dcda8e0a4221", 637 496 "type": "github" 638 497 }, 639 498 "original": { ··· 643 502 "type": "github" 644 503 } 645 504 }, 646 - "parts": { 505 + "nvim": { 647 506 "inputs": { 648 - "nixpkgs-lib": "nixpkgs-lib" 507 + "gen-luarc": "gen-luarc", 508 + "nixpkgs": [ 509 + "nixpkgs" 510 + ], 511 + "nixpkgs-emmy": "nixpkgs-emmy", 512 + "parts": [ 513 + "parts" 514 + ], 515 + "wrapper-manager": "wrapper-manager" 649 516 }, 650 517 "locked": { 651 - "lastModified": 1678379998, 652 - "narHash": "sha256-TZdfNqftHhDuIFwBcN9MUThx5sQXCTeZk9je5byPKRw=", 653 - "owner": "hercules-ci", 654 - "repo": "flake-parts", 655 - "rev": "c13d60b89adea3dc20704c045ec4d50dd964d447", 518 + "lastModified": 1748686149, 519 + "narHash": "sha256-RdLAPiha8lr1wQiL158p4DTFhLcWcjRv6ioCTd3athQ=", 520 + "owner": "nobbz", 521 + "repo": "nobbz-vim", 522 + "rev": "a22303075cac32d83edfd79ef79c0386a38b02ce", 656 523 "type": "github" 657 524 }, 658 525 "original": { 659 - "owner": "hercules-ci", 660 - "repo": "flake-parts", 526 + "owner": "nobbz", 527 + "repo": "nobbz-vim", 661 528 "type": "github" 662 529 } 663 530 }, 664 - "poetry2nix": { 665 - "flake": false, 666 - "locked": { 667 - "lastModified": 1666918719, 668 - "narHash": "sha256-BkK42fjAku+2WgCOv2/1NrPa754eQPV7gPBmoKQBWlc=", 669 - "owner": "nix-community", 670 - "repo": "poetry2nix", 671 - "rev": "289efb187123656a116b915206e66852f038720e", 672 - "type": "github" 673 - }, 674 - "original": { 675 - "owner": "nix-community", 676 - "ref": "1.36.0", 677 - "repo": "poetry2nix", 678 - "type": "github" 679 - } 680 - }, 681 - "pre-commit-hooks": { 531 + "parts": { 682 532 "inputs": { 683 - "flake-utils": [ 684 - "switcher", 685 - "dream2nix", 686 - "flake-utils-pre-commit" 687 - ], 688 - "nixpkgs": [ 689 - "switcher", 690 - "dream2nix", 533 + "nixpkgs-lib": [ 691 534 "nixpkgs" 692 535 ] 693 536 }, 694 537 "locked": { 695 - "lastModified": 1646153636, 696 - "narHash": "sha256-AlWHMzK+xJ1mG267FdT8dCq/HvLCA6jwmx2ZUy5O8tY=", 697 - "owner": "cachix", 698 - "repo": "pre-commit-hooks.nix", 699 - "rev": "b6bc0b21e1617e2b07d8205e7fae7224036dfa4b", 538 + "lastModified": 1748821116, 539 + "narHash": "sha256-F82+gS044J1APL0n4hH50GYdPRv/5JWm34oCJYmVKdE=", 540 + "owner": "hercules-ci", 541 + "repo": "flake-parts", 542 + "rev": "49f0870db23e8c1ca0b5259734a02cd9e1e371a1", 700 543 "type": "github" 701 544 }, 702 545 "original": { 703 - "owner": "cachix", 704 - "repo": "pre-commit-hooks.nix", 546 + "owner": "hercules-ci", 547 + "repo": "flake-parts", 705 548 "type": "github" 706 549 } 707 550 }, 708 551 "programsdb": { 709 552 "inputs": { 710 553 "nixpkgs": [ 711 - "unstable" 554 + "nixpkgs" 712 555 ], 713 - "utils": "utils_2" 556 + "utils": "utils" 714 557 }, 715 558 "locked": { 716 - "lastModified": 1679084303, 717 - "narHash": "sha256-6CdXnOOs1QMoK1RDRvBxrXKibV6UGtSx8MofyA/1gbw=", 559 + "lastModified": 1749055058, 560 + "narHash": "sha256-OgCTSX0WXPpEi/ukjbBRrElSo+TR2/pzCCcY5yfou58=", 718 561 "owner": "wamserma", 719 562 "repo": "flake-programs-sqlite", 720 - "rev": "7ace1d509fa07fb065073abe7fe620d63012f97a", 563 + "rev": "78d23d728abddce902528922f93967f0630f1cfe", 721 564 "type": "github" 722 565 }, 723 566 "original": { ··· 726 569 "type": "github" 727 570 } 728 571 }, 729 - "pruned-racket-catalog": { 730 - "flake": false, 731 - "locked": { 732 - "lastModified": 1672537287, 733 - "narHash": "sha256-SuOvXVcLfakw18oJB/PuRMyvGyGG1+CQD3R+TGHIv44=", 734 - "owner": "nix-community", 735 - "repo": "pruned-racket-catalog", 736 - "rev": "c8b89557fb53b36efa2ee48a769c7364df0f6262", 737 - "type": "github" 738 - }, 739 - "original": { 740 - "owner": "nix-community", 741 - "ref": "catalog", 742 - "repo": "pruned-racket-catalog", 743 - "type": "github" 744 - } 745 - }, 746 572 "root": { 747 573 "inputs": { 748 - "alejandra": "alejandra", 749 574 "emacs": "emacs", 750 - "flake-utils": "flake-utils_2", 751 575 "home-manager": "home-manager", 752 - "master": "master", 753 - "nil": "nil", 754 576 "nix": "nix", 577 + "nix-gl": "nix-gl", 755 578 "nixos-vscode-server": "nixos-vscode-server", 756 - "nixpkgs": [ 757 - "nixpkgs-unstable" 579 + "nixpkgs": "nixpkgs_2", 580 + "nixpkgs-insync-v3": [ 581 + "nixpkgs" 758 582 ], 759 - "nixpkgs-2211": "nixpkgs-2211", 760 - "nixpkgs-insync-v3": "nixpkgs-insync-v3", 761 - "nixpkgs-unstable": "nixpkgs-unstable", 583 + "nixpkgs-pre-rust": "nixpkgs-pre-rust", 584 + "nvim": "nvim", 762 585 "parts": "parts", 763 586 "programsdb": "programsdb", 764 587 "sops-nix": "sops-nix", 765 - "stable": [ 766 - "nixpkgs-2211" 767 - ], 768 - "switcher": "switcher", 769 - "unstable": [ 770 - "nixpkgs-unstable" 771 - ] 772 - } 773 - }, 774 - "rust-analyzer-src": { 775 - "flake": false, 776 - "locked": { 777 - "lastModified": 1657557289, 778 - "narHash": "sha256-PRW+nUwuqNTRAEa83SfX+7g+g8nQ+2MMbasQ9nt6+UM=", 779 - "owner": "rust-lang", 780 - "repo": "rust-analyzer", 781 - "rev": "caf23f29144b371035b864a1017dbc32573ad56d", 782 - "type": "github" 783 - }, 784 - "original": { 785 - "owner": "rust-lang", 786 - "ref": "nightly", 787 - "repo": "rust-analyzer", 788 - "type": "github" 789 - } 790 - }, 791 - "rust-analyzer-src_2": { 792 - "flake": false, 793 - "locked": { 794 - "lastModified": 1657557289, 795 - "narHash": "sha256-PRW+nUwuqNTRAEa83SfX+7g+g8nQ+2MMbasQ9nt6+UM=", 796 - "owner": "rust-lang", 797 - "repo": "rust-analyzer", 798 - "rev": "caf23f29144b371035b864a1017dbc32573ad56d", 799 - "type": "github" 800 - }, 801 - "original": { 802 - "owner": "rust-lang", 803 - "ref": "nightly", 804 - "repo": "rust-analyzer", 805 - "type": "github" 588 + "switcher": "switcher" 806 589 } 807 590 }, 808 591 "rust-overlay": { 809 592 "inputs": { 810 - "flake-utils": [ 811 - "nil", 812 - "flake-utils" 813 - ], 814 - "nixpkgs": [ 815 - "nil", 816 - "nixpkgs" 817 - ] 593 + "nixpkgs": "nixpkgs_4" 818 594 }, 819 595 "locked": { 820 - "lastModified": 1678415622, 821 - "narHash": "sha256-tems1jHETCYEen8QrW61yVVX0F4zOGy4ImB43iDc7bY=", 596 + "lastModified": 1734402816, 597 + "narHash": "sha256-cgQ8mjUJz7J3fp97lnvl0dSJ6vLt8yzUSmw3B7QKw94=", 822 598 "owner": "oxalica", 823 599 "repo": "rust-overlay", 824 - "rev": "9f687941160108f89dd8bd2c650d32c15a35c7c7", 600 + "rev": "e38fbd6e56e8cd1d61c65a21bbb7785e966707b4", 825 601 "type": "github" 826 602 }, 827 603 "original": { ··· 832 608 }, 833 609 "sops-nix": { 834 610 "inputs": { 835 - "nixpkgs": "nixpkgs_5", 836 - "nixpkgs-stable": "nixpkgs-stable" 611 + "nixpkgs": "nixpkgs_3" 837 612 }, 838 613 "locked": { 839 - "lastModified": 1678590185, 840 - "narHash": "sha256-scvu8HegWwbcvPKjh6M1DnpPYAv4EnP1krsRPItoQ+E=", 614 + "lastModified": 1747603214, 615 + "narHash": "sha256-lAblXm0VwifYCJ/ILPXJwlz0qNY07DDYdLD+9H+Wc8o=", 841 616 "owner": "Mic92", 842 617 "repo": "sops-nix", 843 - "rev": "9e98f7a442b0e318de9cce757675c2ab922bdf2b", 618 + "rev": "8d215e1c981be3aa37e47aeabd4e61bb069548fd", 844 619 "type": "github" 845 620 }, 846 621 "original": { ··· 851 626 }, 852 627 "switcher": { 853 628 "inputs": { 854 - "dream2nix": "dream2nix", 629 + "cargo2nix": "cargo2nix", 855 630 "flake-parts": [ 856 631 "parts" 857 632 ], 858 633 "nixpkgs": [ 859 - "unstable" 860 - ] 634 + "nixpkgs" 635 + ], 636 + "rust-overlay": "rust-overlay" 861 637 }, 862 638 "locked": { 863 - "lastModified": 1679091082, 864 - "narHash": "sha256-0fCRH+7nJifsmIpNpMOuB9bPYX9Lr53Z4hMr1w5ppLE=", 639 + "lastModified": 1734435961, 640 + "narHash": "sha256-HIw4Naoc0Gcl9VOT4JkagzKDvAdBwyzlq2majy5pSks=", 865 641 "owner": "nobbz", 866 642 "repo": "nix-switcher", 867 - "rev": "1b05a91480b599ef77262d4a4d3b2e097060e5b9", 643 + "rev": "6f12e77ff6b46d53a5e58567803f94708e15660e", 868 644 "type": "github" 869 645 }, 870 646 "original": { ··· 874 650 "type": "github" 875 651 } 876 652 }, 653 + "systems": { 654 + "locked": { 655 + "lastModified": 1681028828, 656 + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", 657 + "owner": "nix-systems", 658 + "repo": "default", 659 + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", 660 + "type": "github" 661 + }, 662 + "original": { 663 + "owner": "nix-systems", 664 + "repo": "default", 665 + "type": "github" 666 + } 667 + }, 668 + "systems_2": { 669 + "locked": { 670 + "lastModified": 1681028828, 671 + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", 672 + "owner": "nix-systems", 673 + "repo": "default", 674 + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", 675 + "type": "github" 676 + }, 677 + "original": { 678 + "owner": "nix-systems", 679 + "repo": "default", 680 + "type": "github" 681 + } 682 + }, 877 683 "utils": { 878 684 "locked": { 879 - "lastModified": 1676283394, 880 - "narHash": "sha256-XX2f9c3iySLCw54rJ/CZs+ZK6IQy7GXNY4nSOyu2QG4=", 685 + "lastModified": 1678901627, 686 + "narHash": "sha256-U02riOqrKKzwjsxc/400XnElV+UtPUQWpANPlyazjH0=", 881 687 "owner": "numtide", 882 688 "repo": "flake-utils", 883 - "rev": "3db36a8b464d0c4532ba1c7dda728f4576d6d073", 689 + "rev": "93a2b84fc4b70d9e089d029deacc3583435c2ed6", 884 690 "type": "github" 885 691 }, 886 692 "original": { ··· 889 695 "type": "github" 890 696 } 891 697 }, 892 - "utils_2": { 698 + "wrapper-manager": { 699 + "inputs": { 700 + "nixpkgs": [ 701 + "nvim", 702 + "nixpkgs" 703 + ] 704 + }, 893 705 "locked": { 894 - "lastModified": 1667395993, 895 - "narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=", 896 - "owner": "numtide", 897 - "repo": "flake-utils", 898 - "rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f", 706 + "lastModified": 1747562021, 707 + "narHash": "sha256-XfF+5zjoWbAcAiGNb++og6yDGJRwWYpADr9P6WuieQA=", 708 + "owner": "viperml", 709 + "repo": "wrapper-manager", 710 + "rev": "f2b0bec5140403cf24cae96f6764d97b5d59b0e2", 899 711 "type": "github" 900 712 }, 901 713 "original": { 902 - "owner": "numtide", 903 - "repo": "flake-utils", 714 + "owner": "viperml", 715 + "repo": "wrapper-manager", 904 716 "type": "github" 905 717 } 906 718 }

+49 -43

flake.nix

··· 1 1 { 2 - inputs = { 3 - nixpkgs-2211.url = "github:nixos/nixpkgs/nixos-22.11"; 4 - nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable"; 5 - master.url = "github:nixos/nixpkgs/master"; 6 - nixpkgs-insync-v3.url = "github:nixos/nixpkgs?ref=32fdc268e921994e3f38088486ddfe765d11df93"; 7 - 8 - switcher.url = "github:nobbz/nix-switcher?ref=main"; 9 - switcher.inputs.nixpkgs.follows = "unstable"; 10 - switcher.inputs.flake-parts.follows = "parts"; 11 - 12 - parts.url = "github:hercules-ci/flake-parts"; 13 - 14 - programsdb.url = "github:wamserma/flake-programs-sqlite"; 15 - programsdb.inputs.nixpkgs.follows = "unstable"; 16 - 17 - # The following is required to make flake-parts work. 18 - nixpkgs.follows = "nixpkgs-unstable"; 19 - unstable.follows = "nixpkgs-unstable"; 20 - stable.follows = "nixpkgs-2211"; 21 - 22 - nix.url = "github:nixos/nix"; 23 - 24 - nil.url = "github:oxalica/nil"; 25 - 26 - home-manager.url = "github:nix-community/home-manager"; 27 - home-manager.inputs.nixpkgs.follows = "unstable"; 28 - 29 - flake-utils.url = "github:numtide/flake-utils"; 30 - 31 - emacs.url = "github:nix-community/emacs-overlay"; 32 - emacs.inputs.nixpkgs.follows = "master"; 33 - 34 - nixos-vscode-server.url = "github:msteen/nixos-vscode-server"; 35 - 36 - sops-nix.url = "github:Mic92/sops-nix"; 37 - 38 - alejandra.url = "github:kamadorueda/alejandra/3.0.0"; 39 - }; 40 - 41 2 outputs = {parts, ...} @ inputs: 42 3 parts.lib.mkFlake {inherit inputs;} { 43 4 systems = ["x86_64-linux" "aarch64-linux" "aarch64-darwin"]; 5 + 6 + _module.args.npins = import ./npins; 44 7 45 8 imports = [ 46 9 ./parts/auxiliary.nix 47 10 ./parts/home_configs.nix 11 + ./parts/home_modules.nix 12 + ./parts/nixos_modules.nix 48 13 ./parts/system_configs.nix 49 14 50 15 ./nixos/configurations 51 16 ./home/configurations 17 + 18 + ./home/modules 19 + ./nixos/modules 52 20 53 21 ./packages 54 22 ]; 55 23 56 24 flake = { 57 - nixosModules = import ./nixos/modules inputs; 58 - 59 - homeModules = import ./home/modules inputs; 60 - 61 25 mixedModules = import ./mixed inputs; 62 26 63 27 checks.x86_64-linux = import ./checks inputs; 64 28 }; 65 29 }; 30 + 31 + inputs = { 32 + nixpkgs.url = "github:nixos/nixpkgs?ref=nixos-unstable"; 33 + # nixpkgs-insync-v3.url = "github:nixos/nixpkgs?ref=32fdc268e921994e3f38088486ddfe765d11df93"; 34 + nixpkgs-insync-v3.follows = "nixpkgs"; 35 + nixpkgs-pre-rust.url = "github:nixos/nixpkgs?ref=57d0d4a8f302"; 36 + 37 + nvim.url = "github:nobbz/nobbz-vim"; 38 + nvim.inputs.parts.follows = "parts"; 39 + nvim.inputs.nixpkgs.follows = "nixpkgs"; 40 + 41 + switcher.url = "github:nobbz/nix-switcher?ref=main"; 42 + switcher.inputs.nixpkgs.follows = "nixpkgs"; 43 + switcher.inputs.flake-parts.follows = "parts"; 44 + 45 + parts.url = "github:hercules-ci/flake-parts"; 46 + parts.inputs.nixpkgs-lib.follows = "nixpkgs"; 47 + 48 + programsdb.url = "github:wamserma/flake-programs-sqlite"; 49 + programsdb.inputs.nixpkgs.follows = "nixpkgs"; 50 + 51 + nix.url = "github:nixos/nix"; 52 + nix.inputs.flake-parts.follows = "parts"; 53 + # a libgit2 in the current version fails to build with the nix provided patches. 54 + # therefore using upstreams pin for now. 55 + # nix.inputs.nixpkgs.follows = "nixpkgs"; 56 + 57 + nix-gl.url = "github:nix-community/nixgl"; 58 + nix-gl.inputs.nixpkgs.follows = "nixpkgs"; 59 + 60 + home-manager.url = "github:nix-community/home-manager"; 61 + home-manager.inputs.nixpkgs.follows = "nixpkgs"; 62 + 63 + emacs.url = "github:nix-community/emacs-overlay"; 64 + emacs.inputs.nixpkgs.follows = "nixpkgs"; 65 + emacs.inputs.nixpkgs-stable.follows = "nixpkgs"; 66 + 67 + nixos-vscode-server.url = "github:msteen/nixos-vscode-server"; 68 + nixos-vscode-server.inputs.nixpkgs.follows = "nixpkgs"; 69 + 70 + sops-nix.url = "github:Mic92/sops-nix"; 71 + }; 66 72 }

+1 -7

home/configurations/default.nix

··· 1 1 _: { 2 2 nobbz.homeConfigurations."nmelzer@mimas".system = "x86_64-linux"; 3 - nobbz.homeConfigurations."nmelzer@enceladeus".system = "x86_64-linux"; 4 - nobbz.homeConfigurations."nmelzer@hyperion".system = "aarch64-linux"; 5 - 6 - nobbz.homeConfigurations."nmelzer@Titan.local" = { 7 - system = "aarch64-darwin"; 8 - hostname = "titan"; 9 - }; 3 + nobbz.homeConfigurations."nmelzer@phoebe".system = "x86_64-linux"; 10 4 }

-37

home/configurations/nmelzer@enceladeus.nix

··· 1 - {self, ...}: { 2 - config, 3 - pkgs, 4 - lib, 5 - ... 6 - }: { 7 - config = { 8 - nixpkgs.allowedUnfree = ["google-chrome" "vscode"]; 9 - 10 - nixpkgs.config.contentAddressedByDefault = false; 11 - 12 - activeProfiles = ["browsing" "development"]; 13 - 14 - xsession.windowManager.awesome.autostart = [ 15 - "${pkgs.blueman}/bin/blueman-applet" 16 - "${pkgs.networkmanagerapplet}/bin/nm-applet" 17 - ]; 18 - 19 - programs.emacs.enable = lib.mkForce false; 20 - 21 - services.rustic = { 22 - enable = true; 23 - globs = let 24 - mkHome = e: "${config.home.homeDirectory}/${e}"; 25 - mkIgnore = e: "!${e}"; 26 - 27 - home = map mkHome [".cache" ".cabal" ".cargo" ".emacs.d/eln-cache" ".emacs.d/.cache" ".gem" ".gradle" ".hex" ".kube" ".local" ".m2" ".minikube" ".minishift" ".mix" ".mozilla" "npm" ".opam" ".rancher" ".vscode-oss" "go/pkg"]; 28 - patterns = ["_build" "deps" "result" "target" ".elixir_ls" "ccls-cache" ".direnv"]; 29 - in 30 - map mkIgnore (home ++ patterns); 31 - oneFileSystem = true; 32 - repo = "rest:https://restic.mimas.internal.nobbz.dev/nobbz"; 33 - }; 34 - 35 - home.packages = [pkgs.vscode]; 36 - }; 37 - }

-42

home/configurations/nmelzer@hyperion.nix

··· 1 - { 2 - unstable, 3 - self, 4 - ... 5 - }: { 6 - config, 7 - pkgs, 8 - lib, 9 - ... 10 - }: { 11 - config = { 12 - nixpkgs.allowedUnfree = ["vscode"]; 13 - # nixpkgs.config.allowBroken = true; 14 - 15 - activeProfiles = ["development" "browsing"]; 16 - 17 - dconf.enable = true; 18 - 19 - enabledLanguages = []; 20 - 21 - xsession.enable = lib.mkForce false; 22 - xsession.windowManager.awesome.enable = lib.mkForce false; 23 - xsession.numlock.enable = lib.mkForce false; 24 - 25 - programs.emacs.splashScreen = false; 26 - 27 - home.packages = builtins.attrValues { 28 - inherit (pkgs) vscode keepassxc nix-output-monitor; 29 - inherit (pkgs.gnome) gnome-tweaks; 30 - inherit (self.packages.aarch64-linux) gnucash-de; 31 - }; 32 - 33 - programs.htop = { 34 - settings = { 35 - detailed_cpu_time = true; 36 - }; 37 - }; 38 - }; 39 - # environment.pathsToLink = [ "/share/zsh" ]; 40 - } 41 - # /nix/store/7skqa8vxfydq7w3cix55ffvkmjb3b5da-python-2.7.18 42 -

-93

home/configurations/nmelzer@mimas.nix

··· 1 - { 2 - unstable, 3 - self, 4 - ... 5 - }: { 6 - config, 7 - pkgs, 8 - ... 9 - }: { 10 - config = { 11 - nixpkgs.allowedUnfree = ["google-chrome" "vscode" "discord"]; 12 - nixpkgs.config.allowBroken = true; 13 - 14 - activeProfiles = ["browsing" "development"]; 15 - 16 - sops.age.sshKeyPaths = ["${config.home.homeDirectory}/.ssh/id_ed25519"]; 17 - sops.defaultSopsFile = "${self}/secrets/mimas/nmelzer/default.yaml"; 18 - 19 - sops.secrets.rustic.path = "${config.xdg.configHome}/rustic/password"; 20 - sops.secrets.gh_hosts.path = "${config.xdg.configHome}/gh/hosts.yml"; 21 - 22 - dconf.enable = true; 23 - 24 - enabledLanguages = ["nix"]; 25 - 26 - programs.emacs.splashScreen = false; 27 - 28 - home.packages = builtins.attrValues { 29 - inherit (pkgs) keybase-gui freerdp vscode keepassxc nix-output-monitor discord; 30 - inherit (pkgs.gnome) gnome-tweaks; 31 - inherit (self.packages.x86_64-linux) gnucash-de; 32 - }; 33 - 34 - programs.obs-studio.enable = true; 35 - programs.htop = { 36 - settings = { 37 - detailed_cpu_time = true; 38 - }; 39 - # meters.right = [ 40 - # { kind = "Battery"; mode = 1; } 41 - # "Tasks" 42 - # "LoadAverage" 43 - # "Uptime" 44 - # ]; 45 - }; 46 - 47 - xsession.windowManager.awesome.autostart = [ 48 - "${pkgs.blueman}/bin/blueman-applet" 49 - "${pkgs.networkmanagerapplet}/bin/nm-applet" 50 - ]; 51 - 52 - services = { 53 - keybase.enable = true; 54 - kbfs.enable = true; 55 - insync.enable = true; 56 - playerctld.enable = true; 57 - 58 - rustic = { 59 - enable = true; 60 - passwordFile = config.sops.secrets.rustic.path; 61 - globs = let 62 - mkHome = e: "${config.home.homeDirectory}/${e}"; 63 - mkIgnore = e: "!${e}"; 64 - 65 - home = map mkHome [".cache" ".cabal" ".cargo" ".emacs.d/eln-cache" ".emacs.d/.cache" ".gem" ".gradle" ".hex" ".kube" ".local" ".m2" ".minikube" ".minishift" ".mix" ".mozilla" "npm" ".opam" ".rancher" ".vscode-oss" "go/pkg" "timmelzer@gmail.com/restic_repos"]; 66 - patterns = ["_build" "Cache" "deps" "result" "target" ".elixir_ls" "ccls-cache" ".direnv" "direnv" "node_modules"]; 67 - in 68 - map mkIgnore (home ++ patterns); 69 - oneFileSystem = true; 70 - repo = "rest:https://restic.mimas.internal.nobbz.dev/nobbz"; 71 - }; 72 - }; 73 - 74 - systemd.user.services = { 75 - rustic.Unit.After = ["sops-nix.service"]; 76 - keybase-gui = { 77 - Unit = { 78 - Description = "Keybase GUI"; 79 - Requires = ["keybase.service" "kbfs.service"]; 80 - After = ["keybase.service" "kbfs.service"]; 81 - }; 82 - Service = { 83 - ExecStart = "${pkgs.keybase-gui}/share/keybase/Keybase"; 84 - PrivateTmp = true; 85 - # Slice = "keybase.slice"; 86 - }; 87 - }; 88 - }; 89 - }; 90 - # environment.pathsToLink = [ "/share/zsh" ]; 91 - } 92 - # /nix/store/7skqa8vxfydq7w3cix55ffvkmjb3b5da-python-2.7.18 93 -

-20

home/configurations/nmelzer@titan.nix

··· 1 - {self, ...}: { 2 - pkgs, 3 - lib, 4 - ... 5 - }: { 6 - nixpkgs.allowedUnfree = []; 7 - 8 - activeProfiles = ["base" "development"]; 9 - enabledLanguages = []; 10 - 11 - xsession.enable = lib.mkForce false; 12 - xsession.windowManager.awesome.enable = lib.mkForce false; 13 - xsession.numlock.enable = lib.mkForce false; 14 - 15 - gtk.theme.package = lib.mkForce null; 16 - 17 - home.packages = builtins.attrValues { 18 - inherit (pkgs) neovim; 19 - }; 20 - }

+130

home/configurations/nmelzer_at_mimas.nix

··· 1 + {self, ...}: { 2 + config, 3 + pkgs, 4 + lib, 5 + ... 6 + }: { 7 + nixpkgs.allowedUnfree = ["google-chrome" "vscode" "discord" "obsidian"]; 8 + 9 + activeProfiles = ["browsing" "development"]; 10 + 11 + sops.age.sshKeyPaths = ["${config.home.homeDirectory}/.ssh/id_ed25519"]; 12 + sops.defaultSopsFile = "${self}/secrets/mimas/nmelzer/default.yaml"; 13 + 14 + sops.secrets.rustic.path = "${config.xdg.configHome}/rustic/password"; 15 + 16 + dconf.enable = true; 17 + 18 + home.packages = builtins.attrValues { 19 + inherit (pkgs) keybase-gui freerdp keepassxc nix-output-monitor discord; 20 + inherit (pkgs) obsidian; 21 + inherit (pkgs) gnome-tweaks; 22 + inherit (pkgs) vscode wezterm; 23 + }; 24 + 25 + programs.obs-studio.enable = true; 26 + programs.obs-studio.plugins = builtins.attrValues { 27 + inherit (pkgs.obs-studio-plugins) obs-backgroundremoval; 28 + }; 29 + programs.htop = { 30 + settings = { 31 + detailed_cpu_time = true; 32 + }; 33 + # meters.right = [ 34 + # { kind = "Battery"; mode = 1; } 35 + # "Tasks" 36 + # "LoadAverage" 37 + # "Uptime" 38 + # ]; 39 + }; 40 + 41 + programs.yazi.enable = true; 42 + 43 + xsession.windowManager.awesome.autostart = [ 44 + "${pkgs.blueman}/bin/blueman-applet" 45 + "${pkgs.networkmanagerapplet}/bin/nm-applet" 46 + ]; 47 + 48 + systemd.user.tmpfiles.rules = [ 49 + "d ${config.home.homeDirectory}/tmp 700 ${config.home.username} users 14d" 50 + ]; 51 + 52 + services = { 53 + keybase.enable = true; 54 + kbfs.enable = true; 55 + insync.enable = true; 56 + playerctld.enable = true; 57 + flameshot.enable = true; 58 + 59 + rustic = { 60 + enable = true; 61 + passwordFile = config.sops.secrets.rustic.path; 62 + globs = let 63 + mkHome = e: "${config.home.homeDirectory}/${e}"; 64 + mkIgnore = e: "!${e}"; 65 + 66 + home = map mkHome ["Downloads" ".cache" ".cabal" ".cargo" ".emacs.d/eln-cache" ".emacs.d/.cache" ".gem" ".gradle" ".hex" ".kube" ".local" ".m2" ".minikube" ".minishift" ".mix" ".mozilla" "npm" ".opam" ".rancher" ".vscode-oss" "go/pkg" "timmelzer@gmail.com/restic_repos" ".local/share/libvirt" ".bitmonero"]; 67 + patterns = ["_build" "Cache" "deps" "result" "target" ".elixir_ls" "ccls-cache" ".direnv" "direnv" "node_modules"]; 68 + in 69 + map mkIgnore (home ++ patterns); 70 + oneFileSystem = true; 71 + repo = "rest:https://restic.mimas.internal.nobbz.dev/nobbz"; 72 + }; 73 + }; 74 + 75 + systemd.user.services = { 76 + rustic.Unit.After = ["sops-nix.service"]; 77 + keybase-gui = { 78 + Unit = { 79 + Description = "Keybase GUI"; 80 + Requires = ["keybase.service" "kbfs.service"]; 81 + After = ["keybase.service" "kbfs.service"]; 82 + }; 83 + Service = { 84 + ExecStart = "${pkgs.keybase-gui}/share/keybase/Keybase"; 85 + PrivateTmp = true; 86 + # Slice = "keybase.slice"; 87 + }; 88 + }; 89 + }; 90 + 91 + xdg.configFile = { 92 + "rustic/mimas-hetzner.toml".text = 93 + # toml 94 + '' 95 + [repository] 96 + repository = "rclone:hetzner-restic:mimas" 97 + password-file = "${config.sops.secrets.rustic.path}" 98 + ''; 99 + "rustic/mimas.toml".text = 100 + # toml 101 + '' 102 + [repository] 103 + repository = "rest:https://restic.mimas.internal.nobbz.dev/mimas" 104 + password-file = "${config.sops.secrets.rustic.path}" 105 + 106 + [copy] 107 + targets = ["mimas-hetzner"] 108 + ''; 109 + 110 + "rustic/nobbz-hetzner.toml".text = 111 + # toml 112 + '' 113 + [repository] 114 + repository = "rclone:hetzner-restic:nobbz" 115 + password-file = "${config.sops.secrets.rustic.path}" 116 + ''; 117 + "rustic/nobbz.toml".text = 118 + # toml 119 + '' 120 + [repository] 121 + repository = "rest:https://restic.mimas.internal.nobbz.dev/nobbz" 122 + password-file = "${config.sops.secrets.rustic.path}" 123 + 124 + [copy] 125 + targets = ["nobbz-hetzner"] 126 + ''; 127 + }; 128 + 129 + home.stateVersion = "20.09"; 130 + }

+93

home/configurations/nmelzer_at_phoebe.nix

··· 1 + { 2 + self, 3 + nix, 4 + ... 5 + }: { 6 + config, 7 + pkgs, 8 + lib, 9 + ... 10 + }: let 11 + sshConfigPath = "${config.home.homeDirectory}/.ssh"; 12 + inherit (lib.hm) dag; 13 + spkgs = self.packages.${pkgs.system}; 14 + in { 15 + nixpkgs.allowedUnfree = ["google-chrome" "vscode" "discord" "obsidian" "slack"]; 16 + nixpkgs.config.permittedInsecurePackages = ["electron-25.9.0"]; 17 + profiles.base.needsGL = true; 18 + 19 + nix.checkConfig = false; 20 + nix.settings.extra-experimental-features = ["flakes" "nix-command"]; 21 + nix.extraOptions = "!include ${config.sops.secrets."access-tokens".path}"; 22 + nix.package = nix.packages.${pkgs.system}.nix-cli; 23 + 24 + activeProfiles = ["development"]; 25 + 26 + sops.age.sshKeyPaths = ["${sshConfigPath}/id_ed25519"]; 27 + sops.defaultSopsFile = "${self}/secrets/phoebe/nmelzer/default.yaml"; 28 + 29 + sops.secrets.ssh.path = "${sshConfigPath}/nightwing_config"; 30 + 31 + sops.secrets."access-tokens" = { 32 + path = "${config.home.homeDirectory}/.config/nix/access-tokens.conf"; 33 + mode = "0400"; 34 + sopsFile = "${self}/secrets/users/nmelzer/default.yaml"; 35 + }; 36 + 37 + sops.secrets."github" = { 38 + path = "${sshConfigPath}/github"; 39 + mode = "0400"; 40 + sopsFile = "${self}/secrets/users/nmelzer/github"; 41 + format = "binary"; 42 + }; 43 + 44 + sops.secrets."gitlab" = { 45 + path = "${sshConfigPath}/gitlab"; 46 + mode = "0400"; 47 + sopsFile = "${self}/secrets/users/nmelzer/gitlab"; 48 + format = "binary"; 49 + }; 50 + 51 + sops.secrets."nobbz_dev" = { 52 + path = "${sshConfigPath}/nobbz_dev"; 53 + mode = "0400"; 54 + sopsFile = "${self}/secrets/users/nmelzer/nobbz_dev"; 55 + format = "binary"; 56 + }; 57 + 58 + dconf.enable = true; 59 + 60 + home.packages = builtins.attrValues { 61 + inherit (pkgs) keepassxc nix-output-monitor discord obsidian vscode slack; 62 + inherit (config.nix) package; 63 + inherit (spkgs) switcher; 64 + }; 65 + 66 + xsession.windowManager.awesome.enable = lib.mkForce false; 67 + xsession.enable = lib.mkForce false; 68 + 69 + services.playerctld.enable = true; 70 + 71 + gtk.gtk2.force = true; 72 + 73 + programs.ssh.includes = [ 74 + config.sops.secrets.ssh.path 75 + ]; 76 + 77 + programs.ssh.matchBlocks = { 78 + # TODO: properly use seperate key 79 + "gitlab.com-bravo" = dag.entryAfter ["gitlab.com"] { 80 + hostname = "gitlab.com"; 81 + addressFamily = "inet"; 82 + identityFile = "~/.ssh/id_ed25519"; 83 + }; 84 + 85 + # TODO: Make the actual hosts identity file configurable by other means. Actually moving all the logic over to `home/modules/profiles/base/default.nix`. 86 + "*.internal.nobbz.dev" = lib.mkForce (dag.entryAfter ["delly-nixos.adoring_suess.zerotier" "tux-nixos.adoring_suess.zerotier" "nixos.adoring_suess.zerotier"] { 87 + identityFile = "~/.ssh/id_ed25519"; 88 + user = "nmelzer"; 89 + }); 90 + }; 91 + 92 + home.stateVersion = "20.09"; 93 + }

+19 -27

home/modules/default.nix

··· 1 - inputs: { 2 - "profiles" = import ./profiles inputs; 3 - "profiles/base" = import ./profiles/base inputs; 4 - "profiles/browsing" = import ./profiles/browsing inputs; 5 - "profiles/development" = import ./profiles/development inputs; 1 + { 2 + nobbz.homeManagerModules = { 3 + "profiles" = ./profiles; 4 + "profiles/base" = ./profiles/base; 5 + "profiles/browsing" = ./profiles/browsing; 6 + "profiles/development" = ./profiles/development; 6 7 7 - "languages" = import ./languages inputs; 8 - "languages/nix" = import ./languages/nix inputs; 9 - 10 - "programs/advcp" = import ./programs/advcp inputs; 11 - "programs/emacs" = import ./programs/emacs inputs; 12 - "programs/emacs/beacon" = import ./programs/emacs/beacon.nix inputs; 13 - "programs/emacs/company" = import ./programs/emacs/company.nix inputs; 14 - "programs/emacs/helm" = import ./programs/emacs/helm.nix inputs; 15 - "programs/emacs/lib" = import ./programs/emacs/lib.nix inputs; 16 - "programs/emacs/lsp" = import ./programs/emacs/lsp.nix inputs; 17 - "programs/emacs/projectile" = import ./programs/emacs/projectile.nix inputs; 18 - "programs/emacs/telephoneline" = import ./programs/emacs/telephoneline.nix inputs; 19 - "programs/emacs/whichkey" = import ./programs/emacs/whichkey inputs; 20 - "programs/exa" = import ./programs/exa inputs; 21 - "programs/nixpkgs" = import ./programs/nixpkgs inputs; 22 - "programs/openshift" = import ./programs/openshift inputs; 23 - "programs/p10k" = import ./programs/p10k inputs; 8 + "programs/advcp" = ./programs/advcp; 9 + "programs/eza" = ./programs/eza; 10 + "programs/ghostty" = ./programs/ghostty; 11 + "programs/nixpkgs" = ./programs/nixpkgs; 12 + "programs/p10k" = ./programs/p10k; 13 + "programs/rbw" = ./programs/rbw; 14 + "programs/wezterm" = ./programs/wezterm; 24 15 25 - "services/insync" = import ./services/insync inputs; 26 - "services/restic" = import ./services/restic inputs; 27 - "services/rustic" = import ./services/rustic inputs; 16 + "services/insync" = ./services/insync; 17 + "services/rustic" = ./services/rustic; 28 18 29 - "misc/awesome" = import ./misc/awesome inputs; 30 - "misc/home" = import ./misc/home inputs; 19 + "misc/awesome" = ./misc/awesome; 20 + "misc/home" = ./misc/home; 21 + "misc/rofi" = ./misc/rofi; 22 + }; 31 23 }

-17

home/modules/languages/default.nix

··· 1 - _: { 2 - config, 3 - lib, 4 - ... 5 - }: let 6 - langsEnabler = let 7 - reducer = l: r: {"${r}".enable = true;} // l; 8 - in 9 - builtins.foldl' reducer {} config.enabledLanguages; 10 - in { 11 - options.enabledLanguages = lib.mkOption { 12 - default = []; 13 - type = lib.types.listOf lib.types.str; 14 - }; 15 - 16 - config = {languages = langsEnabler;}; 17 - }

-37

home/modules/languages/nix/default.nix

··· 1 - _: { 2 - config, 3 - lib, 4 - pkgs, 5 - ... 6 - }: let 7 - cfg = config.languages.nix; 8 - 9 - # rnixLsp = rnix-lsp.defaultPackage.x86_64-linux; 10 - rnixLsp = pkgs.rnix-lsp; 11 - in { 12 - options.languages.nix = { 13 - enable = lib.mkEnableOption "Enable support for the nix language"; 14 - }; 15 - 16 - config = lib.mkIf cfg.enable { 17 - programs.emacs.extraPackages = ep: [ep.lsp-mode ep.nix-mode ep.flycheck]; 18 - 19 - programs.emacs.extraInit = '' 20 - (require 'lsp-mode) 21 - 22 - ;; make lsp-mode aware of nix 23 - (add-to-list 'lsp-language-id-configuration '(nix-mode . "nix")) 24 - (lsp-register-client 25 - (make-lsp-client :new-connection (lsp-stdio-connection '("${rnixLsp}/bin/rnix-lsp")) 26 - :major-modes '(nix-mode) 27 - :server-id 'nix)) 28 - 29 - (add-hook 'nix-mode-hook 30 - (lambda () 31 - (lsp) 32 - (subword-mode) 33 - (company-mode) 34 - (flycheck-mode))) 35 - ''; 36 - }; 37 - }

+39 -11

home/modules/misc/awesome/default.nix

··· 6 6 }: let 7 7 cfg = config.xsession.windowManager.awesome; 8 8 9 - rofi = pkgs.rofi.override { 10 - plugins = [pkgs.rofi-emoji]; 11 - }; 9 + flameshot = lib.getExe pkgs.flameshot; 12 10 13 - self' = self.packages.x86_64-linux; 11 + bls = lib.getExe (pkgs.betterlockscreen.override {withDunst = false;}); 12 + scrot = lib.getExe pkgs.scrot; 13 + 14 + locker = pkgs.writeShellScript "betterlockscreen-with-screenshot" '' 15 + tmpf="$(mktemp -d)" 16 + file="$tmpf/screenshot.png" 17 + ${scrot} -z $file 18 + ${bls} -u $file --display 1 --span --fx blur --blur 1.0 19 + rm -rf $tmpf 20 + ${bls} -l blur --display 1 --span --off 30 21 + ''; 14 22 15 23 mediaKeys = let 16 24 keyMap = let ··· 74 82 options.xsession.windowManager.awesome = { 75 83 terminalEmulator = lib.mkOption { 76 84 type = lib.types.str; 77 - default = "${pkgs.konsole}/bin/konsole"; 85 + default = "${lib.getExe pkgs.wezterm}"; 86 + }; 87 + 88 + lockCommand = lib.mkOption { 89 + type = lib.types.str; 90 + # default = "${lib.getExe pkgs.i3lock}"; 91 + default = "${locker}"; 78 92 }; 79 93 80 94 launcher = lib.mkOption { 81 95 type = lib.types.str; 82 - default = "${rofi}/bin/rofi -modi drun#run#window#ssh#emoji#unicode:${self'."rofi/unicode"}/bin/rofiunicode.sh -show drun -show-icons"; 96 + default = "${pkgs.rofi}/bin/rofi -modi drun -show drun -show-icons"; 97 + }; 98 + 99 + windowSwitcher = lib.mkOption { 100 + type = lib.types.str; 101 + default = "${pkgs.rofi}/bin/rofi -modi window -show window -show-icons"; 102 + }; 103 + 104 + emojiPicker = lib.mkOption { 105 + type = lib.types.str; 106 + default = "${pkgs.rofi}/bin/rofi -modi drun -show drun -show-icons"; 83 107 }; 84 108 85 109 autostart = lib.mkOption { ··· 173 197 -- Create a launcher widget and a main menu 174 198 myawesomemenu = { 175 199 { "launcher", '${cfg.launcher}' }, 200 + { "windows", '${cfg.windowSwitcher}' }, 201 + { "emoji", '${cfg.emojiPicker}' }, 176 202 { "hotkeys", function() return false, hotkeys_popup.show_help end}, 177 203 { "manual", terminal .. " -e man awesome" }, 178 204 { "edit config", editor_cmd .. " " .. awesome.conffile }, 179 - { "lock session", '${pkgs.i3lock}/bin/i3lock' }, 205 + { "lock session", '${cfg.lockCommand}' }, 180 206 { "restart", awesome.restart }, 181 207 { "quit", function() awesome.quit() end} 182 208 } ··· 346 372 end, 347 373 {description = "focus previous by index", group = "client"} 348 374 ), 349 - awful.key({ modkey, }, "w", function () mymainmenu:show() end, 350 - {description = "show main menu", group = "awesome"}), 351 375 352 376 -- Layout manipulation 353 377 awful.key({ modkey, "Shift" }, "j", function () awful.client.swap.byidx( 1) end, ··· 409 433 awful.key({ modkey }, "r", function () awful.screen.focused().mypromptbox:run() end, 410 434 {description = "run prompt", group = "launcher"}), 411 435 412 - awful.key({ modkey }, "d", function () awful.util.spawn('${cfg.launcher}') end), 413 - awful.key({ modkey }, "y", function () awful.util.spawn('${pkgs.i3lock}/bin/i3lock') end), 436 + awful.key({ modkey }, "d", function () awful.util.spawn('${cfg.launcher}') end, {description = "open launcher", group = "launcher"}), 437 + awful.key({ modkey }, "w", function () awful.util.spawn('${cfg.windowSwitcher}') end, {description = "open window selecter", group = "launcher"}), 438 + awful.key({ modkey, "Shift" }, "e", function () awful.util.spawn('${cfg.emojiPicker}') end, {description = "open emoji picker", group = "launcher"}), 439 + 440 + awful.key({ modkey }, "y", function () awful.util.spawn('${cfg.lockCommand}') end, {description = "lock screen", group = "client" }), 441 + awful.key({ modkey }, "b", function () awful.util.spawn('${flameshot} gui') end, {description = "create screenshot", group = "client" }), 414 442 415 443 awful.key({ modkey }, "x", 416 444 function ()

+5 -12

home/modules/misc/home/default.nix

··· 1 - { 2 - nixpkgs-2211, 3 - unstable, 4 - self, 5 - ... 6 - }: { 1 + {self, ...}: { 7 2 config, 8 3 pkgs, 9 4 lib, ··· 25 20 26 21 packages = let 27 22 p = pkgs; 28 - s = self'; 29 23 in [ 30 24 p.cachix 31 - p.element-desktop 32 25 p.exercism 33 - p.nixpkgs-review 34 26 p.tmate 35 - s."dracula/konsole" 27 + 28 + # There is a conflict with the ZSH completion plugin, installed by default 29 + # therefore we need to override here 30 + (lib.setPrio 0 p.nixpkgs-review) 36 31 37 32 p.fira-code 38 33 p.cascadia-code ··· 44 39 exec ${p.timewarrior}/bin/timew "$@" 45 40 '') 46 41 ]; 47 - 48 - stateVersion = "20.09"; 49 42 }; 50 43 }

+22

home/modules/misc/rofi/common.rasi

··· 1 + configuration { 2 + font: "Departure Mono 22"; 3 + terminal: "@TERMINAL@"; 4 + fixed-num-lines: false; 5 + show-icons: true; 6 + drun-show-actions: false; 7 + sidebar-mode: true; 8 + window-format: "{w}\t| {c}\t| {t}"; 9 + 10 + location: 2; 11 + width: 75; 12 + yoffset: 0; 13 + 14 + timeout { 15 + action: "kb-cancel"; 16 + delay: 0; 17 + } 18 + filebrowser { 19 + directories-first: true; 20 + sorting-method: "name"; 21 + } 22 + }

+63

home/modules/misc/rofi/default.nix

··· 1 + {self, ...}: { 2 + pkgs, 3 + lib, 4 + npins, 5 + ... 6 + }: let 7 + self' = self.packages.x86_64-linux; 8 + 9 + common_rasi = pkgs.runCommandNoCC "common.rasi" {preferLocalBuild = true;} '' 10 + substitute ${./common.rasi} $out \ 11 + --subst-var-by TERMINAL ${lib.getExe pkgs.wezterm} 12 + ''; 13 + 14 + catppuccin = pkgs.runCommandNoCC "catppuccin.rasi" {preferLocalBuild = true;} '' 15 + substitute ${npins.catppuccin-rofi}/catppuccin-default.rasi $out \ 16 + --replace-fail '"catppuccin-mocha"' '"${npins.catppuccin-rofi}/themes/catppuccin-mocha.rasi"' 17 + ''; 18 + 19 + writeConfig = name: body: 20 + pkgs.writeText name 21 + # rasi 22 + '' 23 + configuration { 24 + ${body} 25 + } 26 + @theme "${catppuccin}" 27 + @import "${common_rasi}" 28 + ''; 29 + 30 + windowSwitcherConfig = writeConfig "window-switcher-config" ''modes: "window";''; 31 + emojiConfig = writeConfig "emoji-config" ''modes: "emoji#unicode:${self'."rofi/unicode"}/bin/rofiunicode.sh";''; 32 + launcherConfig = writeConfig "launcher-config" '' 33 + modes: "drun#run#ssh"; 34 + ssh-command: "{terminal} ssh {host}"; 35 + ''; 36 + 37 + wrapper = rofi: config: 38 + pkgs.callPackage ({ 39 + rofi, 40 + runCommandNoCC, 41 + makeWrapper, 42 + }: 43 + runCommandNoCC "rofi" { 44 + nativeBuildInputs = [makeWrapper]; 45 + inherit (rofi) meta; 46 + } '' 47 + mkdir -p $out/bin 48 + makeWrapper ${lib.getExe rofi} $out/bin/rofi \ 49 + --add-flags "-config ${config}" 50 + '') {inherit rofi;}; 51 + 52 + launcherPkg = pkgs.rofi; 53 + windowSwitcherPkg = pkgs.rofi; 54 + emojiPkg = pkgs.rofi.override {plugins = [pkgs.rofi-emoji];}; 55 + 56 + launcher = wrapper launcherPkg launcherConfig; 57 + windowSwitcher = wrapper windowSwitcherPkg windowSwitcherConfig; 58 + emoji = wrapper emojiPkg emojiConfig; 59 + in { 60 + xsession.windowManager.awesome.launcher = "${lib.getExe launcher} -show drun"; 61 + xsession.windowManager.awesome.windowSwitcher = "${lib.getExe windowSwitcher} -show window"; 62 + xsession.windowManager.awesome.emojiPicker = "${lib.getExe emoji} -show emoji"; 63 + }

+11

home/modules/profiles/base/colums-fix.patch

··· 1 + --- a/fzf-tab.zsh 2 + +++ b/fzf-tab.zsh 3 + @@ -102,7 +102,7 @@ builtin unalias -m '[^+]*' 4 + 5 + # must run with user options; don't move `emulate -L zsh` above this line 6 + (( $+builtins[fzf-tab-compcap-generate] )) && fzf-tab-compcap-generate -i 7 + - COLUMNS=500 _ftb__main_complete "$@" || ret=$? 8 + + _ftb__main_complete "$@" || ret=$? 9 + (( $+builtins[fzf-tab-compcap-generate] )) && fzf-tab-compcap-generate -o 10 + 11 + emulate -L zsh -o extended_glob

+123 -75

home/modules/profiles/base/default.nix

··· 1 - {self, ...}: { 1 + { 2 + self, 3 + nix, 4 + nvim, 5 + nix-gl, 6 + ... 7 + }: { 2 8 config, 3 9 lib, 4 10 pkgs, 11 + npins, 5 12 ... 6 13 }: let 7 14 cfg = config.profiles.base; 8 15 9 - npins = import ../../../../npins; 10 - 11 - inherit (self.packages.${pkgs.system}) emacs; 12 16 inherit (lib.hm) dag; 13 17 14 18 # TODO: make these a bit more nice, so that repeating the hosts and individual config isn't necessary. ··· 27 31 cp $src $out/_nix 28 32 ''; 29 33 }; 34 + 35 + fzf-tab = pkgs.stdenv.mkDerivation { 36 + pname = "fzf-tab"; 37 + version = "0-unstable-${npins.fzf-tab.revision}"; 38 + 39 + src = npins.fzf-tab; 40 + 41 + # we need this patch due to a bug between fzf-tab and p10k: 42 + # https://github.com/Aloxaf/fzf-tab/issues/176 43 + patches = [./colums-fix.patch]; 44 + 45 + installPhase = '' 46 + mkdir -p $out 47 + cp -rv . $out 48 + ''; 49 + }; 30 50 in { 31 51 options.profiles.base = { 32 52 enable = lib.mkEnableOption "The base profile, should be always enabled"; 53 + 54 + needsGL = lib.mkEnableOption "nix-gl wrappers"; 33 55 }; 34 56 35 57 config = lib.mkIf cfg.enable { 58 + sops.secrets.nix-community = { 59 + path = "${config.home.homeDirectory}/.ssh/nix-community"; 60 + mode = "0400"; 61 + sopsFile = "${self}/secrets/users/nmelzer/nix-community"; 62 + format = "binary"; 63 + }; 64 + 65 + programs.rbw.enable = true; 66 + 36 67 manual.manpages.enable = false; 37 68 38 69 services.vscode-server.enable = lib.mkDefault pkgs.stdenv.isLinux; 39 70 40 - home.sessionVariables = rec { 41 - EDITOR = "emacs -nw"; 42 - VISUAL = "emacs"; 43 - GIT_EDITOR = EDITOR; 71 + home.sessionVariables = { 72 + EDITOR = "nvim"; 44 73 }; 45 74 46 75 gtk.enable = true; 47 - gtk.theme.package = pkgs.gnome.gnome-themes-extra; 76 + gtk.theme.package = pkgs.gnome-themes-extra; 48 77 gtk.theme.name = "Adwaita-dark"; 49 78 79 + services.pueue.enable = true; 80 + 50 81 home.keyboard.layout = "de"; 51 - home.packages = [pkgs.hydra-check] ++ lib.optionals pkgs.stdenv.isLinux [pkgs.dconf]; 82 + home.packages = let 83 + optisave = 84 + pkgs.resholve.writeScriptBin "optisave" { 85 + inputs = builtins.attrValues {inherit (pkgs) fd pv gawk coreutils gnused;}; 86 + interpreter = "${pkgs.bash}/bin/bash"; 87 + execer = [ 88 + # TODO: Make this `might` or `can` in the long run 89 + "cannot:${pkgs.fd}/bin/fd" 90 + ]; 91 + } '' 92 + count=$(fd . /nix/store/.links/ | pv -l | wc -l) 93 + 94 + # TODO: make resholve understant the call to `stat` 95 + saved=$(fd . /nix/store/.links/ -X ${pkgs.coreutils}/bin/stat --format='%h %s' {} \ 96 + | pv -altrpe -s $count \ 97 + | awk '{sum += ($1 - 2) * $2} END {print sum}') 98 + 99 + printf "Currently hardlinking saves %sB (%s B)\n" \ 100 + "$(numfmt --to=iec-i --format='%.2f' ''${saved} \ 101 + | sed -E 's/([0-9])([A-Za-z])/\1 \2/')" \ 102 + "$(numfmt --to=none --format="%'f" ''${saved})" 103 + ''; 104 + neovide = 105 + if cfg.needsGL 106 + then 107 + pkgs.writeShellScriptBin nvim.packages.x86_64-linux.neovide.meta.mainProgram '' 108 + exec ${lib.getExe nix-gl.packages.x86_64-linux.nixGLIntel} ${lib.getExe nvim.packages.x86_64-linux.neovide} "$@" 109 + '' 110 + else nvim.packages.x86_64-linux.neovide; 111 + in 112 + lib.mkMerge [ 113 + [optisave pkgs.departure-mono pkgs.hydra-check nvim.packages.x86_64-linux.neovim neovide] 114 + (lib.mkIf pkgs.stdenv.isLinux [pkgs.dconf]) 115 + ]; 52 116 53 117 # dconf.enable = lib.mkMerge [ 54 118 # (lib.mkIf pkgs.stdenv.isLinux true) ··· 65 129 66 130 programs = { 67 131 advancedCopy.enable = true; 68 - bat.enable = true; 69 132 direnv.enable = true; 70 133 direnv.nix-direnv.enable = true; 71 - exa.enable = true; 134 + direnv.nix-direnv.package = pkgs.nix-direnv.override {nix = nix.packages.${pkgs.system}.default;}; 135 + eza.enable = true; 136 + fzf.enable = true; 72 137 home-manager.enable = true; 73 138 htop.enable = true; 74 139 jq.enable = true; 75 140 p10k.enable = true; 141 + zoxide.enable = true; 142 + 143 + bat = { 144 + enable = true; 145 + 146 + config.theme = "mocha"; 147 + 148 + themes.mocha = { 149 + src = npins.catppuccin-bat; 150 + file = "themes/Catppuccin Mocha.tmTheme"; 151 + }; 152 + }; 76 153 77 154 ssh = { 78 155 enable = true; 79 156 compression = true; 157 + controlMaster = "auto"; 80 158 81 159 matchBlocks = { 82 160 "*.internal.nobbz.dev" = dag.entryAfter zerotierHosts { 83 161 identityFile = "~/.ssh/id_rsa"; 84 162 user = "nmelzer"; 163 + }; 164 + 165 + "build-box.nix-community.org" = { 166 + identityFile = config.sops.secrets.nix-community.path; 167 + user = "nobbz"; 168 + }; 169 + 170 + "aarch64-build-box.nix-community.org" = { 171 + identityFile = config.sops.secrets.nix-community.path; 172 + user = "nobbz"; 85 173 }; 86 174 87 175 "ryzen-ubuntu.adoring_suess.zerotier" = { ··· 110 198 "github.com" = { 111 199 identityFile = "~/.ssh/github"; 112 200 }; 113 - 114 - "*.actum.internal" = { 115 - user = "norbert.melzer"; 116 - identityFile = "~/.ssh/actum-gitlab"; 117 - }; 118 - 119 - "*.vcp.internal" = { 120 - user = "cloudseeds"; 121 - identityFile = "~/.ssh/vogel"; 122 - }; 123 - 124 - "deploy-vogel.custpoc.cloudseeds.de" = 125 - dag.entryBefore [ 126 - "*.custpoc.cloudseeds.de" 127 - "*.cloudseeds.de" 128 - ] 129 - { 130 - user = "cloudseeds"; 131 - identityFile = "~/.ssh/vogel"; 132 - }; 133 - 134 - "repo.cloudseeds.de" = dag.entryBefore ["*.cloudseeds.de"] { 135 - identityFile = "~/.ssh/id_rsa"; 136 - }; 137 - 138 - "*.custpoc.cloudseeds.de" = dag.entryBefore ["*.cloudseeds.de"] { 139 - user = "norbert.melzer"; 140 - identityFile = "~/.ssh/actum-gitlab"; 141 - }; 142 - 143 - "com01.internal.cloudseeds.de" = dag.entryBefore ["*.cloudseeds.de"] { 144 - hostname = "192.168.123.22"; 145 - user = "root"; 146 - }; 147 - 148 - "ironic.internal.cloudseeds.de" = dag.entryBefore ["*.cloudseeds.de"] { 149 - hostname = "192.168.123.31"; 150 - user = "root"; 151 - }; 152 - 153 - "*.cloudseeds.de" = { 154 - user = "norbert.melzer"; 155 - identityFile = "~/.ssh/cloudseeds"; 156 - }; 157 - 158 - "ironic" = { 159 - hostname = "192.168.123.31"; 160 - user = "root"; 161 - identityFile = "~/.ssh/cloudseeds"; 162 - }; 163 201 }; 164 202 }; 165 203 166 - emacs = { 167 - enable = true; 168 - package = emacs; 169 - }; 170 - 171 204 tmux = { 172 205 enable = true; 173 206 174 207 clock24 = true; 175 208 historyLimit = 10000; 176 - terminal = "screen-256color"; 209 + terminal = "tmux-256color"; 210 + 211 + plugins = [ 212 + { 213 + plugin = pkgs.tmuxPlugins.catppuccin; 214 + extraConfig = '' 215 + set -g @catppuccin_flavor "mocha" 216 + set -g @catppuccin_window_status_style "rounded" 217 + ''; 218 + } 219 + ]; 220 + 221 + extraConfig = '' 222 + set -ag terminal-overrides ",xterm-256color:RGB" 223 + ''; 177 224 }; 178 225 179 226 zsh = { 180 227 enable = true; 181 228 182 229 enableCompletion = true; 183 - enableAutosuggestions = true; 230 + autosuggestion.enable = true; 184 231 185 232 autocd = true; 186 233 ··· 190 237 191 238 plugins = [ 192 239 { 240 + name = "fzf-tab"; 241 + src = fzf-tab; 242 + } 243 + { 193 244 name = "nix-zsh-complete.zsh"; 194 245 src = zsh-complete; 195 246 file = "_nix"; ··· 200 251 } 201 252 ]; 202 253 203 - initExtra = '' 254 + initContent = '' 204 255 bindkey "^[[1;5D" backward-word 205 256 bindkey "^[[1;5C" forward-word 206 257 ··· 208 259 ''; 209 260 210 261 sessionVariables = { 211 - # NIX_PATH = builtins.concatStringsSep ":" [ 212 - # "nixpkgs=${inputs.nixpkgs}" 213 - # "nixos-config=/etc/nixos/configuration.nix" 214 - # "/nix/var/nix/profiles/per-user/root/channels" 215 - # ]; 262 + PROMPT_EOL_MARK = "%F{243}¶%f"; 216 263 }; 217 264 218 265 shellAliases.fixstore = "sudo nix-store --verify --check-contents --repair"; 266 + shellAliases.pq = "pueue"; 219 267 }; 220 268 }; 221 269 };

+1 -6

home/modules/profiles/browsing/default.nix

··· 5 5 ... 6 6 }: let 7 7 cfg = config.profiles.browsing; 8 - 9 - graphicalBrowser = 10 - if pkgs.system == "x86_64-linux" 11 - then pkgs.google-chrome 12 - else pkgs.chromium; 13 8 in { 14 9 options.profiles.browsing = { 15 10 enable = ··· 19 14 20 15 config = lib.mkIf cfg.enable { 21 16 nixpkgs.config = {google-chrome = {enableWideVine = true;};}; 22 - home.packages = [graphicalBrowser pkgs.lynx]; 17 + home.packages = with pkgs; [self.packages.${pkgs.system}.google-chrome lynx]; 23 18 }; 24 19 }

+4 -1

home/modules/profiles/default.nix

··· 8 8 in 9 9 builtins.foldl' reducer {} config.activeProfiles; 10 10 in { 11 - options.activeProfiles = lib.mkOption {type = lib.types.listOf lib.types.str;}; 11 + options.activeProfiles = lib.mkOption { 12 + type = lib.types.listOf lib.types.str; 13 + default = []; 14 + }; 12 15 13 16 config.profiles = profileEnabler; 14 17 }

+98 -12

home/modules/profiles/development/default.nix

··· 13 13 }; 14 14 15 15 config = lib.mkIf cfg.enable { 16 - programs.emacs = { 17 - extraPackages = ep: [ep.magit]; 18 - extraInit = '' 19 - ;; prepare magit use from shell 20 - (require 'magit) 21 - (global-git-commit-mode) 16 + programs.jujutsu = { 17 + enable = true; 18 + settings = { 19 + user = { 20 + name = config.programs.git.userName; 21 + email = config.programs.git.userEmail; 22 + }; 22 23 23 - ;; let magit autorefresh on file save within emacs 24 - (add-hook 'after-save-hook 'magit-after-save-refresh-status t) 25 - ''; 24 + ui.diff.tool = [config.programs.git.extraConfig.diff.external "$left" "$right"]; 25 + }; 26 26 }; 27 27 28 28 programs.gh.enable = true; ··· 38 38 inputs = builtins.attrValues {inherit (pkgs) git fzf ripgrep;}; 39 39 interpreter = "${pkgs.bash}/bin/bash"; 40 40 execer = ["cannot:${pkgs.git}/bin/git" "cannot:${pkgs.fzf}/bin/fzf"]; 41 - } '' 41 + } 42 + # bash 43 + '' 42 44 git log --graph --color=always --format="%C(auto)%h%d %s0x09%C(white)%C(bold)%cr" "$@" | 43 45 fzf --ansi --no-sort --reverse --tiebreak=index \ 44 46 --bind=ctrl-s:toggle-sort \ ··· 46 48 {} 47 49 FZF-EOF" 48 50 ''; 51 + gitSwitchFzf = 52 + pkgs.resholve.writeScript "git-switch-fzf" { 53 + inputs = builtins.attrValues {inherit (pkgs) git fzf coreutils gawk;}; 54 + interpreter = "${pkgs.bash}/bin/bash"; 55 + execer = ["cannot:${pkgs.git}/bin/git" "cannot:${pkgs.fzf}/bin/fzf"]; 56 + } 57 + # bash 58 + '' 59 + # Function to determine the ref type 60 + function get_ref_type() { 61 + local ref="$1" 62 + if git show-ref --verify --quiet refs/heads/"$ref"; then 63 + echo "branch" 64 + elif git show-ref --verify --quiet refs/tags/"$ref"; then 65 + echo "tag" 66 + elif git rev-parse --verify --quiet "$ref" >/dev/null; then 67 + echo "commit" 68 + else 69 + echo "unknown" 70 + fi 71 + } 72 + 73 + # Function to select a ref using fzf 74 + function select_ref_with_fzf() { 75 + cat <(git branch --format='%(refname:short) [branch]') \ 76 + <(git tag --format='%(refname:short) [tag]') \ 77 + <(git log --pretty=format:'%h %s [commit]') \ 78 + | fzf 79 + } 80 + 81 + # If the first argument is -c or -C, forward the arguments as-is to git switch 82 + if [ "$#" -ge 2 ] && ([[ "$1" == "-c" ]] || [[ "$1" == "-C" ]]); then 83 + git switch "$@" 84 + else 85 + # If an argument is provided and it's not -c or -C, switch to the specified ref 86 + if [ "$#" -eq 1 ]; then 87 + ref_name="$1" 88 + ref_type=$(get_ref_type "$ref_name") 89 + 90 + if [ "$ref_type" == "unknown" ]; then 91 + echo "Invalid ref: $ref_name" >&2 92 + exit 1 93 + fi 94 + else 95 + # If no argument or only -c/-C is provided, use the fzf selection interface to select a ref 96 + selected_ref=$(select_ref_with_fzf) 97 + 98 + # Extract the ref name and type from the selected_ref string 99 + ref_name=$(echo "$selected_ref" | awk '{print $1}') 100 + ref_type=$(echo "$selected_ref" | awk '{print $NF}' | tr -d '[]') 101 + fi 102 + 103 + # Based on the ref type, issue the appropriate git switch command 104 + case "$ref_type" in 105 + branch) 106 + git switch "$ref_name" 107 + ;; 108 + tag) 109 + git switch --detach "$ref_name" 110 + ;; 111 + commit) 112 + git switch --detach "$ref_name" 113 + ;; 114 + *) 115 + # If an invalid ref type is encountered, print an error message and exit 116 + echo "Invalid ref type: $ref_type" >&2 117 + exit 1 118 + ;; 119 + esac 120 + fi 121 + ''; 49 122 in { 50 123 br = "branch"; 51 124 co = "checkout"; 125 + vommit = "commit"; 126 + vomit = "commit"; 52 127 graph = "log --graph --abbrev-commit --decorate --date=relative --format=format:'%C(bold cyan)%h%C(reset) - %C(green)(%ar)%C(reset)%C(bold yellow)%d%C(reset)%n %C(white)%s%C(reset) %C(dim white)- %an%C(reset)' --all"; 53 128 pl = "pull"; 54 129 ps = "push"; 130 + psf = "push --force-with-lease"; 55 131 root = "rev-parse --show-toplevel"; 56 132 st = "status"; 57 - sw = "switch"; 133 + sw = "!${gitSwitchFzf}"; 58 134 swag = ''!f() { if [ -z "$1" ]; then tag=$(git describe --abbrev=0 --tag); else tag=$(git describe --abbrev=0 --tag "$1"); fi; git switch --detach "''${tag}"; }; f''; 59 135 hopbase = ''!f() { set -o nounset; tag=$(git describe --abbrev=0 --tag "$1") && git rebase -i "''${tag}"; }; f''; 60 136 comfix = "!${mkFixupAlias "fixup"}"; 61 137 comreb = "!${mkFixupAlias "rebase"}"; 138 + show = "show --ext-diff"; 139 + lp = "log -p --ext-diff"; 62 140 }; 63 141 64 142 extraConfig = { 65 143 init.defaultBranch = "main"; 144 + diff.external = lib.getExe pkgs.difftastic; 66 145 pull.rebase = false; 146 + rerere.enabled = true; 67 147 }; 68 148 69 149 ignores = [ ··· 97 177 user.email = "norbert.melzer@cloudseeds.de"; 98 178 }; 99 179 } 180 + { 181 + condition = "gitdir:~/Projects/BravoBike/**"; 182 + contents = { 183 + user.email = "norbert.melzer@bravobike.de"; 184 + }; 185 + } 100 186 ]; 101 187 }; 102 188 103 - home.packages = [pkgs.ripgrep]; 189 + home.packages = [pkgs.ripgrep pkgs.difftastic]; 104 190 }; 105 191 }

-31

home/modules/programs/emacs/beacon.nix

··· 1 - _: { 2 - config, 3 - lib, 4 - ... 5 - }: let 6 - cfg = config.programs.emacs.packages.beacon; 7 - in { 8 - options.programs.emacs.packages.beacon = { 9 - enable = lib.mkOption { 10 - type = lib.types.bool; 11 - default = true; 12 - description = '' 13 - Enable `beacon' for emacs. 14 - ''; 15 - }; 16 - }; 17 - 18 - config = lib.mkIf cfg.enable { 19 - programs.emacs.localPackages."init-beacon" = { 20 - tag = "Setup beacon"; 21 - comments = []; 22 - requires = []; 23 - code = '' 24 - ;; enable the beacon minor mode globally. 25 - (beacon-mode 1) 26 - ''; 27 - }; 28 - 29 - programs.emacs.extraPackages = ep: [ep.beacon]; 30 - }; 31 - }

-38

home/modules/programs/emacs/company.nix

··· 1 - _: { 2 - config, 3 - lib, 4 - ... 5 - }: let 6 - # emacs = config.programs.emacs; 7 - inherit (config.programs) emacs; 8 - in { 9 - config = lib.mkIf emacs.enable { 10 - programs.emacs.extraPackages = ep: [ep.company]; 11 - 12 - programs.emacs.localPackages."init-company" = { 13 - tag = "Setup and initialise company"; 14 - comments = []; 15 - requires = []; 16 - code = '' 17 - ;; company 18 - (setq tab-always-indent 'complete) 19 - (add-to-list 'completion-styles 'initials t) 20 - 21 - ;; (eval-when-compile (require 'company)) 22 - 23 - (add-hook 'after-init-hook 'global-company-mode) 24 - (with-eval-after-load 'company 25 - 26 - ;; (diminish 'company-mode "CMP") 27 - (define-key company-mode-map (kbd "M-+") '("complete" . 'company-complete)) 28 - (define-key company-active-map (kbd "M-+") '("change backend" . 'company-other-backend)) 29 - (define-key company-active-map (kbd "C-n") '("next" . 'company-select-next)) 30 - (define-key company-active-map (kbd "C-p") '("previous" . 'company-select-previous)) 31 - (setq-default company-dabbrev-other-buffers 'all 32 - company-tooltip-align-annotations t 33 - company-minimum-prefix-length 1 34 - company-idle-delay 0.05)) 35 - ''; 36 - }; 37 - }; 38 - }

-179

home/modules/programs/emacs/default.nix

··· 1 - _: { 2 - config, 3 - lib, 4 - pkgs, 5 - ... 6 - }: let 7 - emacsEnabled = config.programs.emacs.enable; 8 - cfg = config.programs.emacs; 9 - 10 - bool2Lisp = b: 11 - if b 12 - then "t" 13 - else "nil"; 14 - 15 - confPackages = let 16 - fileContent = 17 - lib.attrsets.mapAttrs' 18 - (k: v: { 19 - name = "${k}"; 20 - value = { 21 - ep = v.packageRequires; 22 - src = 23 - config.lib.emacs.generatePackage k v.tag v.comments v.requires 24 - v.code; 25 - }; 26 - }) 27 - cfg.localPackages; 28 - derivations = 29 - lib.attrsets.mapAttrs 30 - (k: v: { 31 - # ep = v.ep; 32 - inherit (v) ep; 33 - src = pkgs.writeText "${k}.el" v.src; 34 - }) 35 - fileContent; 36 - in 37 - derivations; 38 - 39 - lispRequires = let 40 - names = lib.attrsets.mapAttrsToList (n: _: n) cfg.localPackages; 41 - sorted = builtins.sort (l: r: l < r) names; 42 - required = builtins.map (r: "(require '${r})") sorted; 43 - in 44 - builtins.concatStringsSep "\n" required; 45 - in { 46 - options.programs.emacs = { 47 - splashScreen = lib.mkOption { 48 - type = lib.types.bool; 49 - default = true; 50 - example = false; 51 - description = '' 52 - Enable the startup screen. 53 - ''; 54 - }; 55 - 56 - localPackages = lib.mkOption { 57 - type = lib.types.attrsOf (lib.types.submodule (_: { 58 - options = { 59 - tag = lib.mkOption {type = lib.types.str;}; 60 - comments = lib.mkOption {type = lib.types.listOf lib.types.str;}; 61 - requires = lib.mkOption {type = lib.types.listOf lib.types.str;}; 62 - code = lib.mkOption {type = lib.types.str;}; 63 - packageRequires = lib.mkOption { 64 - type = lib.types.unspecified; 65 - default = _: []; 66 - }; 67 - }; 68 - })); 69 - }; 70 - 71 - extraInit = lib.mkOption { 72 - type = lib.types.lines; 73 - default = ""; 74 - description = '' 75 - Extra preferences to add to <filename>init.el</filename>. 76 - ''; 77 - }; 78 - 79 - module = lib.mkOption { 80 - description = "Attribute set of modules to link into emacs configuration"; 81 - default = {}; 82 - }; 83 - }; 84 - 85 - config = lib.mkIf emacsEnabled { 86 - programs.emacs.extraInit = '' 87 - ;; adjust the load-path to find further down required files 88 - (add-to-list 'load-path 89 - (expand-file-name "lisp" user-emacs-directory)) 90 - 91 - (fset 'yes-or-no-p 'y-or-n-p) 92 - 93 - ;; Move backups and autosaves out of the way 94 - (setq backup-directory-alist 95 - `((".*" . ,temporary-file-directory))) 96 - (setq auto-save-file-name-transforms 97 - `((".*" ,temporary-file-directory))) 98 - 99 - ;; use a dark theme 100 - (load-theme 'dracula t) 101 - 102 - ;; Set a font 103 - (add-to-list 'default-frame-alist 104 - '(font . "Cascadia Code PL-10")) 105 - 106 - ;; require all those local packages 107 - ${lispRequires} 108 - (require 'pest-mode) 109 - (add-to-list #'auto-mode-alist '("\\.pest\\'" . pest-mode)) 110 - 111 - (global-auto-revert-mode) 112 - (global-whitespace-mode) 113 - (global-linum-mode) 114 - 115 - (setq-default indent-tabs-mode nil) 116 - (setq-default tab-width 2) 117 - (setq-default whitespace-style 118 - '(face 119 - tabs 120 - spaces 121 - trailing 122 - lines-tail 123 - newline 124 - missing-newline-at-eof 125 - space-before-tab 126 - indentation 127 - empty 128 - space-after-tab 129 - space-mark 130 - tab-mark 131 - newline-mark)) 132 - 133 - ;; set splash screen 134 - (setq inhibit-startup-screen ${bool2Lisp (!cfg.splashScreen)}) 135 - ''; 136 - 137 - programs.emacs.extraPackages = ep: 138 - [ 139 - ep.company-go 140 - ep.dracula-theme 141 - ep.docker-compose-mode 142 - ep.dockerfile-mode 143 - ep.go-mode 144 - ep.markdown-mode 145 - ep.yaml-mode 146 - ep.adoc-mode 147 - ep.k8s-mode 148 - ep.buttercup 149 - ep.adoc-mode 150 - ep.hledger-mode 151 - ep.typescript-mode 152 - ep.earthfile-mode 153 - ep.ledger-mode 154 - ep.pest-mode 155 - 156 - # ep.bazel-mode 157 - 158 - # (ep.trivialBuild { pname = "configuration"; src = confPackages; }) 159 - ] 160 - ++ lib.attrsets.mapAttrsToList 161 - (pname: v: 162 - ep.trivialBuild { 163 - inherit pname; 164 - inherit (v) src; 165 - # src = v.src; 166 - packageRequires = v.ep ep; 167 - }) 168 - confPackages; 169 - 170 - home.file = { 171 - ".emacs.d/init.el" = { 172 - text = 173 - config.lib.emacs.generatePackage "init" 174 - "Initialises emacs configuration" [] [] 175 - cfg.extraInit; 176 - }; 177 - }; 178 - }; 179 - }

-33

home/modules/programs/emacs/helm.nix

··· 1 - _: { 2 - config, 3 - lib, 4 - ... 5 - }: let 6 - emacsCfg = config.programs.emacs; 7 - in { 8 - config = lib.mkIf emacsCfg.enable { 9 - programs.emacs = { 10 - localPackages."init-helm" = { 11 - tag = "Setup helm"; 12 - comments = []; 13 - requires = ["helm"]; 14 - packageRequires = ep: [ep.helm ep.helm-rg]; 15 - code = '' 16 - ;; enable and configure auto resize 17 - (helm-autoresize-mode t) 18 - (setq-default 19 - helm-autoresize-max-height 20 ; take at most 20% of the screen 20 - helm-autoresize-min-height 1) ; get as small as necessary 21 - 22 - ;; set up key bindings 23 - (global-set-key (kbd "M-x") 'helm-M-x) 24 - (global-set-key (kbd "C-x C-f") 'helm-find-files) 25 - (global-set-key (kbd "C-x C-b") 'helm-buffers-list) 26 - 27 - ;; enable helm 28 - (helm-mode t) 29 - ''; 30 - }; 31 - }; 32 - }; 33 - }

-60

home/modules/programs/emacs/lib.nix

··· 1 - _: let 2 - generatePackage = { 3 - name, 4 - tagLine, 5 - commentLines, 6 - requireList, 7 - code, 8 - }: let 9 - prelude = generatePrelude {inherit name tagLine commentLines;}; 10 - requires = generateRequires requireList; 11 - postlude = generatePostlude name; 12 - in '' 13 - ${prelude} 14 - 15 - ${requires} 16 - 17 - ${code} 18 - 19 - ${postlude} 20 - ''; 21 - 22 - generatePrelude = { 23 - name, 24 - tagLine, 25 - commentLines, 26 - }: let 27 - generated = "This file is generated! DO NOT CHANGE!"; 28 - comments = 29 - builtins.concatStringsSep "\n" 30 - (builtins.map (l: 31 - if l == "" 32 - then "" 33 - else ";; ${l}") 34 - ([generated] ++ commentLines)); 35 - in '' 36 - ;;; ${name} --- ${tagLine} 37 - 38 - ;;; Commentary: 39 - 40 - ${comments} 41 - 42 - ;;; Code: 43 - ''; 44 - 45 - generatePostlude = name: '' 46 - (provide '${name}) 47 - ;;; ${name}.el ends here 48 - ''; 49 - 50 - generateRequires = list: let 51 - sorted = builtins.sort (l: r: l < r) list; 52 - required = builtins.map (r: "(require '${r})") sorted; 53 - in 54 - builtins.concatStringsSep "\n" required; 55 - in { 56 - config.lib.emacs.generatePackage = name: tagLine: commentLines: requireList: code: 57 - generatePackage { 58 - inherit name code tagLine commentLines requireList; 59 - }; 60 - }

-65

home/modules/programs/emacs/lsp.nix

··· 1 - _: { 2 - config, 3 - lib, 4 - ... 5 - }: let 6 - cfg = config.programs.emacs.lsp-mode; 7 - 8 - mode-hooks = with lib; let 9 - sorted = builtins.sort (l: r: l < r) cfg.languages; 10 - uni = unique sorted; 11 - hooks = builtins.map (l: "'${l}-mode-hook") uni; 12 - add-hooks = builtins.map (h: "(add-hook ${h} #'lsp)") hooks; 13 - in 14 - builtins.concatStringsSep "\n" add-hooks; 15 - in { 16 - options.programs.emacs.lsp-mode = { 17 - enable = lib.mkEnableOption "Enables and installs lsp-mode"; 18 - 19 - languages = lib.mkOption { 20 - type = lib.types.listOf lib.types.str; 21 - default = []; 22 - description = '' 23 - The prefixes of the prog-mode that shall be handled through lsp-mode. 24 - ''; 25 - example = ["erlang"]; 26 - }; 27 - }; 28 - 29 - config = lib.mkIf cfg.enable { 30 - programs.emacs = { 31 - localPackages."init-lsp" = { 32 - tag = "Setup and prepare the LSP mode"; 33 - comments = []; 34 - requires = ["lsp-mode"]; 35 - packageRequires = ep: [ 36 - # ep.company-lsp 37 - ep.helm-lsp 38 - ep.lsp-mode 39 - ep.lsp-origami 40 - ep.lsp-ui 41 - ep.yasnippet 42 - ]; 43 - code = '' 44 - (yas-global-mode t) 45 - 46 - (setq lsp-log-io t) 47 - (setq lsp-ui-sideline-enable t) 48 - (setq lsp-ui-doc-enable t) 49 - (setq lsp-ui-doc-position 'bottom) 50 - 51 - (eval-after-load 'company 52 - '(push 'company-lsp company-backend)) 53 - 54 - (dolist (match 55 - '("[/\\\\].direnv$" 56 - "[/\\\\]node_modules$" 57 - "/nix/store")) 58 - (add-to-list 'lsp-file-watch-ignored match)) 59 - 60 - ${mode-hooks} 61 - ''; 62 - }; 63 - }; 64 - }; 65 - }

-34

home/modules/programs/emacs/polymode/default.nix

··· 1 - { 2 - config, 3 - lib, 4 - ... 5 - }: let 6 - inherit (config.programs) emacs; 7 - in { 8 - config = lib.mkIf emacs.enable { 9 - programs.emacs.extraPackages = ep: [ep.polymode]; 10 - 11 - programs.emacs.localPackages."init-polymode" = { 12 - tag = "Setup and initialise polymode"; 13 - comments = []; 14 - requires = []; 15 - code = '' 16 - ;; polymode 17 - (add-to-list 'auto-mode-alist '("\\.nix$" . poly-nix-mode)) 18 - 19 - (define-hostmode poly-nix-hostmode :mode 'nix-mode) 20 - 21 - (define-innermode poly-elisp-expr-nix-innermode 22 - :mode 'emacs-lisp-mode 23 - :head-matcher (cons "'''\n\$ *;;.*\n\$" 1) 24 - :tail-matcher " *''';$" 25 - :head-mode 'body 26 - :tail-mode 'host) 27 - 28 - (define-polymode poly-nix-mode 29 - :hostmode 'poly-nix-hostmode 30 - :innermodes '(poly-elisp-expr-nix-innermode)) 31 - ''; 32 - }; 33 - }; 34 - }

-25

home/modules/programs/emacs/projectile.nix

··· 1 - _: { 2 - config, 3 - lib, 4 - ... 5 - }: let 6 - emacsCfg = config.programs.emacs; 7 - in { 8 - config = lib.mkIf emacsCfg.enable { 9 - programs.emacs = { 10 - localPackages."init-projectile" = { 11 - tag = "Setup projectile"; 12 - comments = []; 13 - requires = ["projectile" "helm-projectile" "tramp"]; 14 - packageRequires = ep: [ep.projectile ep.helm-projectile]; 15 - code = '' 16 - ;; enable projectile 17 - (projectile-mode t) 18 - (helm-projectile-on) 19 - 20 - (define-key projectile-mode-map (kbd "C-c p") 'projectile-command-map) 21 - ''; 22 - }; 23 - }; 24 - }; 25 - }

-31

home/modules/programs/emacs/telephoneline.nix

··· 1 - _: { 2 - config, 3 - lib, 4 - ... 5 - }: let 6 - ecfg = config.programs.emacs; 7 - in { 8 - config = lib.mkIf ecfg.enable { 9 - programs.emacs.localPackages."init-telephoneline" = { 10 - tag = "Setup telephone line"; 11 - comments = []; 12 - requires = []; 13 - code = '' 14 - ;; set up telephone line 15 - (setq-default 16 - telephone-line-lhs '((accent . (telephone-line-vc-segment 17 - telephone-line-erc-modified-channels-segment 18 - telephone-line-process-segment)) 19 - (nil . (telephone-line-minor-mode-segment 20 - telephone-line-buffer-segment))) 21 - telephone-line-rhs '((nil . (telephone-line-misc-info-segment)) 22 - (accent . (telephone-line-major-mode-segment)) 23 - (accent . (telephone-line-airline-position-segment)))) 24 - 25 - (telephone-line-mode t) 26 - ''; 27 - }; 28 - 29 - programs.emacs.extraPackages = ep: [ep.telephone-line]; 30 - }; 31 - }

-72

home/modules/programs/emacs/whichkey/default.nix

··· 1 - _: { 2 - config, 3 - lib, 4 - ... 5 - }: 6 - with lib; let 7 - cfg = config.programs.emacs.whichkey; 8 - enabled = config.programs.emacs.enable; 9 - 10 - keyReplacementType = types.listOf (types.submodule (_: { 11 - options = { 12 - keys = lib.mkOption { 13 - type = types.str; 14 - description = '' 15 - Keys that shall get a description. 16 - ''; 17 - }; 18 - replace = lib.mkOption { 19 - type = types.str; 20 - description = '' 21 - Human readable description for the keycombination 22 - ''; 23 - }; 24 - }; 25 - })); 26 - 27 - replacements = 28 - lib.concatStringsSep "\n " 29 - (builtins.map ({ 30 - keys, 31 - replace, 32 - ... 33 - }: ''"${keys}" "${replace}"'') 34 - cfg.replacement); 35 - in { 36 - options.programs.emacs.whichkey = { 37 - replacement = lib.mkOption {type = keyReplacementType;}; 38 - }; 39 - 40 - config = lib.mkIf enabled { 41 - programs.emacs = { 42 - whichkey.replacement = [ 43 - { 44 - keys = "C-x C-f"; 45 - replace = "find file"; 46 - } 47 - { 48 - keys = "C-x C-s"; 49 - replace = "write file"; 50 - } 51 - { 52 - keys = "C-x C-c"; 53 - replace = "leave emacs"; 54 - } 55 - ]; 56 - extraPackages = ep: [ep.which-key]; 57 - localPackages."init-whichkey" = { 58 - tag = "Setup and initialise whichkey"; 59 - comments = []; 60 - requires = []; 61 - code = '' 62 - ;; which-key 63 - (which-key-mode t) 64 - (setq-default which-key-idle-delay 0.1) 65 - 66 - (which-key-add-key-based-replacements 67 - ${replacements}) 68 - ''; 69 - }; 70 - }; 71 - }; 72 - }

-16

home/modules/programs/exa/default.nix

··· 1 - _: { 2 - config, 3 - lib, 4 - pkgs, 5 - ... 6 - }: let 7 - cfg = config.programs.exa; 8 - in { 9 - config = lib.mkIf cfg.enable { 10 - home.packages = [pkgs.exa]; 11 - 12 - programs.zsh.shellAliases = { 13 - ll = "exa --header --git --classify --long --binary --group --time-style=long-iso --links --all --all --group-directories-first --sort=name"; 14 - }; 15 - }; 16 - }

+16

home/modules/programs/eza/default.nix

··· 1 + _: { 2 + config, 3 + lib, 4 + pkgs, 5 + ... 6 + }: let 7 + cfg = config.programs.eza; 8 + in { 9 + config = lib.mkIf cfg.enable { 10 + programs.eza.package = pkgs.eza; 11 + programs.zsh.shellAliases = { 12 + ll = "eza --header --git --classify --long --binary --group --time-style=long-iso --links --all --all --group-directories-first --sort=name"; 13 + tree = "eza --tree"; 14 + }; 15 + }; 16 + }

+15

home/modules/programs/ghostty/default.nix

··· 1 + _: {pkgs, ...}: { 2 + xdg.configFile."ghostty/config".text = 3 + # toml 4 + '' 5 + font-family = "Departure Mono" 6 + 7 + ## uncomment once keybindings have been set to something I am familiar 8 + ## with. The bar contains the menu, which I need for splits for now… 9 + # gtk-titlebar = false 10 + 11 + theme = "catppuccin-mocha" 12 + ''; 13 + 14 + home.packages = [pkgs.ghostty]; 15 + }

+1 -1

home/modules/programs/nixpkgs/default.nix

··· 6 6 allowed = config.nixpkgs.allowedUnfree; 7 7 in { 8 8 options.nixpkgs.allowedUnfree = lib.mkOption { 9 - type = lib.types.listOf lib.types.string; 9 + type = lib.types.listOf lib.types.str; 10 10 default = []; 11 11 description = '' 12 12 Allows for unfree packages by their name.

-23

home/modules/programs/openshift/default.nix

··· 1 - _: { 2 - pkgs, 3 - lib, 4 - config, 5 - ... 6 - }: let 7 - cfg = config.programs.openshift; 8 - in { 9 - options.programs.openshift = { 10 - enable = lib.mkEnableOption "Tools to manage openshift instances"; 11 - }; 12 - 13 - config = lib.mkIf cfg.enable { 14 - home.packages = [pkgs.sops pkgs.openshift (lib.setPrio 0 pkgs.kubectl) pkgs.kubernetes-helm]; 15 - 16 - programs.zsh.initExtra = '' 17 - # Enable autocomplete for oc, kubectl and helm 18 - eval "$(${pkgs.openshift}/bin/oc completion zsh)" 19 - eval "$(${pkgs.kubectl}/bin/kubectl completion zsh)" 20 - eval "$(${pkgs.kubernetes-helm}/bin/helm completion zsh)" 21 - ''; 22 - }; 23 - }

+17

home/modules/programs/rbw/default.nix

··· 1 + _: { 2 + config, 3 + lib, 4 + pkgs, 5 + ... 6 + }: let 7 + cfg = config.programs.rbw; 8 + in { 9 + config = lib.mkIf cfg.enable { 10 + programs.rbw.settings = { 11 + inherit (pkgs) pinentry; 12 + 13 + email = "timmelzer@gmail.com"; 14 + base_url = "https://passwords.mimas.internal.nobbz.dev"; 15 + }; 16 + }; 17 + }

+60

home/modules/programs/wezterm/default.nix

··· 1 + _: { 2 + config, 3 + pkgs, 4 + ... 5 + }: { 6 + home.packages = [pkgs.wezterm]; 7 + 8 + xdg.configFile."wezterm/wezterm.lua".text = 9 + # lua 10 + '' 11 + -- Pull in the wezterm API 12 + local wezterm = require 'wezterm' 13 + 14 + -- This table will hold the configuration. 15 + local config = {} 16 + 17 + -- In newer versions of wezterm, use the config_builder which will 18 + -- help provide clearer error messages 19 + if wezterm.config_builder then 20 + config = wezterm.config_builder() 21 + end 22 + 23 + -- This is where you actually apply your config choices 24 + 25 + -- bells 26 + config.audible_bell = "Disabled" 27 + config.visual_bell = { 28 + fade_in_function = "EaseIn", 29 + fade_in_duration_ms = 150, 30 + fade_out_function = "EaseOut", 31 + fade_out_duration_ms = 150, 32 + } 33 + 34 + -- For example, changing the color scheme: 35 + config.color_scheme = "Catppuccin Mocha" 36 + 37 + -- show a scrollbar 38 + config.enable_scroll_bar = true 39 + 40 + -- forbid window size change on change of fontsize 41 + config.adjust_window_size_when_changing_font_size = false 42 + 43 + -- disable ligatures 44 + config.harfbuzz_features = { 'calt=0', 'clig=0', 'liga=0' } 45 + 46 + -- set the font 47 + config.font_dirs = { '${pkgs.departure-mono}/share/fonts/otf' } 48 + config.font_size = 11.0 * 1.25 49 + config.font = wezterm.font("Departure Mono") 50 + 51 + -- setting up keybindings 52 + config.keys = { 53 + -- The default is `C-Z` (so also pressing SHIFT), I prefer to not have SHIFT pressed 54 + { key = 'z', mods = 'CTRL', action = wezterm.action.TogglePaneZoomState, }, 55 + } 56 + 57 + -- and finally, return the configuration to wezterm 58 + return config 59 + ''; 60 + }

+1 -1

home/modules/services/insync/default.nix

··· 21 21 inherit (config.nixpkgs) config; 22 22 }; 23 23 in 24 - ipkgs.insync-v3; 24 + ipkgs.insync; 25 25 description = '' 26 26 The insync package to use. 27 27

-85

home/modules/services/restic/default.nix

··· 1 - {self, ...}: { 2 - config, 3 - lib, 4 - pkgs, 5 - self, 6 - ... 7 - }: let 8 - cfg = config.services.restic; 9 - 10 - bin = "${cfg.package}/bin/restic"; 11 - excludes = builtins.concatStringsSep " " (builtins.map (e: "--exclude=${e}") cfg.exclude); 12 - xFlags = lib.optionalString cfg.oneFileSystem "-x"; 13 - compressFlag = "--compression ${cfg.compression}"; 14 - flags = "${xFlags} ${compressFlag} ${excludes}"; 15 - 16 - command = "${bin} --tag home -vv backup ${flags} %h"; 17 - in { 18 - options.services.restic = { 19 - enable = lib.mkEnableOption "Restic Backup Tool"; 20 - 21 - package = lib.mkOption { 22 - type = lib.types.package; 23 - default = pkgs.restic; 24 - description = "Restic derivation to use"; 25 - }; 26 - 27 - exclude = lib.mkOption { 28 - type = lib.types.listOf lib.types.str; 29 - default = []; 30 - description = "Corresponds to `--exclude`. Use `%h` instead of `~`"; 31 - }; 32 - 33 - oneFileSystem = lib.mkOption { 34 - type = lib.types.bool; 35 - default = false; 36 - description = "If true, exclude other file systems, don't cross filesystem boundaries and subvolumes"; 37 - }; 38 - 39 - repo = lib.mkOption { 40 - type = lib.types.str; 41 - description = "Location of the repository"; 42 - }; 43 - 44 - compression = lib.mkOption { 45 - type = lib.types.enum ["off" "auto" "max"]; 46 - description = "The compression mode to use"; 47 - default = "auto"; 48 - }; 49 - 50 - # TODO: Add options for inlcude, password file, etc 51 - }; 52 - 53 - config = lib.mkIf cfg.enable { 54 - home.packages = [cfg.package]; 55 - 56 - systemd.user.services.restic-backup = { 57 - Unit = { 58 - Description = "Restic Backup Tool"; 59 - StartLimitIntervalSec = "25m"; 60 - StartLimitBurst = "4"; 61 - }; 62 - 63 - Service = { 64 - Environment = [ 65 - "PATH=${lib.makeBinPath [pkgs.openssh]}" 66 - "RESTIC_PASSWORD_FILE=%h/.config/restic/password" 67 - "RESTIC_REPOSITORY=${cfg.repo}" 68 - ]; 69 - Type = "oneshot"; 70 - ExecStart = command; 71 - Restart = "on-failure"; 72 - RestartSec = "2m"; 73 - }; 74 - }; 75 - 76 - systemd.user.timers.restic-backup = { 77 - Unit.Description = "Restic periodic backup"; 78 - Timer = { 79 - Unit = "restic-backup.service"; 80 - OnCalendar = "hourly"; 81 - }; 82 - Install.WantedBy = ["timers.target"]; 83 - }; 84 - }; 85 - }

+46

home/modules/services/rustic/default.nix

··· 18 18 flags = lib.concatStringsSep " " flagList; 19 19 20 20 command = "${bin} backup ${flags} %h"; 21 + 22 + profileModule = { 23 + name, 24 + config, 25 + ... 26 + }: { 27 + enable = lib.mkEnableOption name // {default = true;}; 28 + 29 + repo = lib.mkOption { 30 + type = lib.types.str; 31 + description = "Location of the repository"; 32 + }; 33 + 34 + globs = lib.mkOption { 35 + type = lib.types.listOf lib.types.str; 36 + default = []; 37 + description = "Patterns to apply to backup. Use a hardcoded prefix for the home directory"; 38 + }; 39 + 40 + oneFileSystem = lib.mkOption { 41 + type = lib.types.bool; 42 + default = false; 43 + description = "If true, exclude other file systems, don't cross filesystem boundaries and subvolumes"; 44 + }; 45 + 46 + passwordFile = lib.mkOption { 47 + type = lib.types.path; 48 + default = "${config.xdg.configHome}/rustic/password"; 49 + description = "Location of the password file"; 50 + }; 51 + 52 + source = lib.mkOption { 53 + type = lib.types.path; 54 + description = "Location of the base directory for the backup.Of "; 55 + }; 56 + 57 + settings = lib.mkOption { 58 + type = lib.types.attrsOf lib.types.any; 59 + description = "A nix representation of the profile settings which gets converted to a TOML file"; 60 + }; 61 + }; 21 62 in { 22 63 options.services.rustic = { 23 64 enable = lib.mkEnableOption "rustic"; ··· 49 90 type = lib.types.path; 50 91 default = "${config.xdg.configHome}/rustic/password"; 51 92 description = "Location of the password file"; 93 + }; 94 + 95 + profile = lib.mkOption { 96 + type = lib.types.attrsOf profileModule; 97 + description = "Specifies the backup profile to use and its settings"; 52 98 }; 53 99 }; 54 100

-1

nixos/configurations/bootloader/enceladeus.nix

··· 1 1 { 2 2 # Use the GRUB 2 boot loader. 3 3 boot.loader.grub.enable = true; 4 - boot.loader.grub.version = 2; 5 4 boot.loader.grub.useOSProber = false; 6 5 7 6 # boot.loader.grub.efiSupport = true;

+3

nixos/configurations/bootloader/janus.nix

··· 1 + _: {} 2 + # TODO: Move BL relevant config here! 3 +

-2

nixos/configurations/default.nix

··· 1 1 _: { 2 2 nobbz.nixosConfigurations.mimas.system = "x86_64-linux"; 3 - nobbz.nixosConfigurations.enceladeus.system = "x86_64-linux"; 4 - nobbz.nixosConfigurations.hyperion.system = "aarch64-linux"; 5 3 }

-159

nixos/configurations/enceladeus.nix

··· 1 - # Edit this configuration file to define what should be installed on 2 - # your system. Help is available in the configuration.nix(5) man page 3 - # and in the NixOS manual (accessible by running ‘nixos-help’). 4 - _: { 5 - config, 6 - pkgs, 7 - lib, 8 - ... 9 - }: { 10 - nix.allowedUnfree = ["b43-firmware" "zerotierone"]; 11 - nixpkgs.config.contentAddressedByDefault = false; 12 - 13 - # nixpkgs.hostPlatform.gcc.arch = "core2"; 14 - # nixpkgs.hostPlatform.system = "x86_64-linux"; 15 - # nixpkgs.buildPlatform.gcc.arch = "haswell"; 16 - # nixpkgs.buildPlatform.system = "x86_64-linux"; 17 - 18 - nixpkgs.overlays = [ 19 - # (final: prev: { 20 - # abseil-cpp = nixpkgs.legacyPackages.${final.system}.abseil-cpp; 21 - # #bash = prev.bash.override { stdenv = nixpkgs.legacyPackages.${final.system}.stdenv; }; 22 - # }) 23 - ]; 24 - 25 - services.lvm.boot.thin.enable = true; 26 - boot.kernelPackages = pkgs.linuxPackages_5_15; # TODO: Figure why I have this and nothing newer? 27 - services.lvm.dmeventd.enable = true; 28 - boot.blacklistedKernelModules = ["rtl8xxxu"]; 29 - boot.extraModulePackages = with config.boot.kernelPackages; [ 30 - rtl8192eu 31 - ]; 32 - 33 - boot.kernel.sysctl = { 34 - "vm.swappiness" = 75; 35 - }; 36 - 37 - # The global useDHCP flag is deprecated, therefore explicitly set to false here. 38 - # Per-interface useDHCP will be mandatory in the future, so this generated config 39 - # replicates the default behaviour. 40 - networking.networkmanager.enable = true; 41 - networking.networkmanager.unmanaged = [ 42 - "mac:0c:60:76:3f:c1:31" 43 - ]; 44 - networking.enableB43Firmware = true; 45 - 46 - networking.useDHCP = false; 47 - networking.interfaces.enp0s25.useDHCP = false; 48 - networking.interfaces.wlan0.useDHCP = false; 49 - networking.hostId = "62a007d6"; # required by ZFS 50 - 51 - # Configure network proxy if necessary 52 - # networking.proxy.default = "http://user:password@proxy:port/"; 53 - # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain"; 54 - 55 - # Select internationalisation properties. 56 - i18n.defaultLocale = "en_US.UTF-8"; 57 - console = { 58 - font = "Lat2-Terminus16"; 59 - keyMap = "de"; 60 - }; 61 - 62 - # Set your time zone. 63 - time.timeZone = "Europe/Berlin"; 64 - 65 - # List packages installed in system profile. To search, run: 66 - # $ nix search wget 67 - environment.systemPackages = with pkgs; [ 68 - unison # Sadly required on the host for unison copy to work :( 69 - ]; 70 - 71 - # Some programs need SUID wrappers, can be configured further or are 72 - # started in user sessions. 73 - programs.gnupg.agent = { 74 - enable = true; 75 - enableSSHSupport = true; 76 - }; 77 - programs.zsh.enable = true; 78 - 79 - # List services that you want to enable: 80 - 81 - # Enable the OpenSSH daemon. 82 - services.openssh.enable = true; 83 - 84 - # Open ports in the firewall. 85 - networking.firewall.allowedTCPPorts = [9002]; 86 - # networking.firewall.allowedUDPPorts = [ ... ]; 87 - # Or disable the firewall altogether. 88 - # networking.firewall.enable = false; 89 - networking.firewall.trustedInterfaces = [ 90 - "ztrta4jrxj" 91 - ]; 92 - 93 - # Enable CUPS to print documents. 94 - # services.printing.enable = true; 95 - 96 - # Enable sound. 97 - sound.enable = true; 98 - hardware.pulseaudio.enable = true; 99 - 100 - # Enable the X11 windowing system. 101 - services.xserver.enable = true; 102 - services.xserver.layout = "de"; 103 - # services.xserver.xkbOptions = "eurosign:e"; 104 - 105 - # Enable touchpad support. 106 - services.xserver.libinput.enable = true; 107 - 108 - # Enable the KDE Desktop Environment. 109 - services.xserver.displayManager.lightdm.enable = true; 110 - services.xserver.desktopManager.plasma5.enable = false; 111 - services.xserver.windowManager.awesome.enable = true; 112 - 113 - virtualisation.docker.enable = false; 114 - 115 - # Define a user account. Don't forget to set a password with ‘passwd’. 116 - users.users = { 117 - nmelzer = { 118 - isNormalUser = true; 119 - shell = pkgs.zsh; 120 - extraGroups = ["wheel" "networkmanager"]; 121 - }; 122 - 123 - aroemer = { 124 - isNormalUser = true; 125 - }; 126 - 127 - proemer = { 128 - isNormalUser = true; 129 - }; 130 - }; 131 - 132 - services.prometheus = { 133 - exporters = { 134 - node = { 135 - enable = true; 136 - enabledCollectors = ["systemd"]; 137 - port = 9002; 138 - }; 139 - }; 140 - }; 141 - 142 - # This value determines the NixOS release with which your system is to be 143 - # compatible, in order to avoid breaking some software such as database 144 - # servers. You should change this only after NixOS release notes say you 145 - # should. 146 - system.stateVersion = "19.09"; # Did you read the comment? 147 - 148 - security.sudo.extraRules = [ 149 - { 150 - commands = [ 151 - { 152 - command = "/run/current-system/sw/bin/nixos-rebuild"; 153 - options = ["NOPASSWD"]; 154 - } 155 - ]; 156 - groups = ["wheel"]; 157 - } 158 - ]; 159 - }

+1 -8

nixos/configurations/hardware/enceladeus.nix

··· 1 1 # Do not modify this file! It was generated by ‘nixos-generate-config’ 2 2 # and may be overwritten by future invocations. Please make changes 3 3 # to /etc/nixos/configuration.nix instead. 4 - { 5 - config, 6 - lib, 7 - pkgs, 8 - ... 9 - }: { 10 - imports = []; 11 - 4 + {lib, ...}: { 12 5 boot.initrd.availableKernelModules = ["uhci_hcd" "ehci_pci" "ahci" "firewire_ohci" "usbhid" "usb_storage" "sd_mod" "sr_mod" "sdhci_pci"]; 13 6 boot.initrd.kernelModules = ["dm-snapshot"]; 14 7 boot.kernelModules = ["kvm-intel" "wl"];

-2

nixos/configurations/hardware/hyperion.nix

··· 2 2 # and may be overwritten by future invocations. Please make changes 3 3 # to /etc/nixos/configuration.nix instead. 4 4 { 5 - config, 6 5 lib, 7 - pkgs, 8 6 modulesPath, 9 7 ... 10 8 }: {

+55

nixos/configurations/hardware/janus.nix

··· 1 + # Do not modify this file! It was generated by ‘nixos-generate-config’ 2 + # and may be overwritten by future invocations. Please make changes 3 + # to /etc/nixos/configuration.nix instead. 4 + { 5 + config, 6 + lib, 7 + pkgs, 8 + modulesPath, 9 + ... 10 + }: { 11 + imports = [ 12 + (modulesPath + "/installer/scan/not-detected.nix") 13 + ]; 14 + 15 + boot.initrd.availableKernelModules = ["xhci_pci" "thunderbolt" "nvme" "usb_storage" "sd_mod" "sdhci_pci"]; 16 + boot.initrd.kernelModules = ["dm-snapshot"]; 17 + boot.initrd.luks.devices.cryptroot.device = "/dev/disk/by-partlabel/nixoscrypt"; 18 + boot.kernelModules = ["kvm-intel"]; 19 + boot.extraModulePackages = []; 20 + 21 + fileSystems."/" = { 22 + device = "/dev/mainpool/vdo-root"; 23 + fsType = "xfs"; 24 + }; 25 + 26 + fileSystems."/boot" = { 27 + device = "/dev/nvme0n1p1"; 28 + fsType = "vfat"; 29 + }; 30 + 31 + fileSystems."/nix" = { 32 + device = "/dev/mainpool/vdo-nix"; 33 + fsType = "xfs"; 34 + }; 35 + 36 + fileSystems."/home" = { 37 + device = "/dev/mainpool/vdo-home"; 38 + fsType = "xfs"; 39 + }; 40 + 41 + swapDevices = []; 42 + 43 + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking 44 + # (the default) this is the recommended approach. When using systemd-networkd it's 45 + # still possible to use this option, but it's recommended to use it in conjunction 46 + # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`. 47 + networking.useDHCP = lib.mkDefault true; 48 + # networking.interfaces.enp0s31f6.useDHCP = lib.mkDefault true; 49 + # networking.interfaces.enp56s0u1u1.useDHCP = lib.mkDefault true; 50 + # networking.interfaces.wlp0s20f3.useDHCP = lib.mkDefault true; 51 + 52 + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; 53 + powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; 54 + hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; 55 + }

+8 -3

nixos/configurations/hardware/mimas.nix

··· 2 2 # and may be overwritten by future invocations. Please make changes 3 3 # to /etc/nixos/configuration.nix instead. 4 4 { 5 - config, 6 5 lib, 7 6 pkgs, 8 7 ... ··· 14 13 boot.kernelModules = ["kvm-intel"]; 15 14 boot.kernelParams = ["intel_pstate=active"]; 16 15 boot.extraModulePackages = []; 17 - boot.supportedFilesystems = ["ntfs" "exfat" "avfs"]; 16 + boot.supportedFilesystems = ["ntfs" "exfat" "avfs" "xfs"]; 18 17 19 18 hardware.cpu.intel.updateMicrocode = true; 20 19 hardware.enableRedistributableFirmware = true; ··· 76 75 options = ["nofail"]; 77 76 }; 78 77 78 + fileSystems."/var/lib/actual" = { 79 + device = "/dev/pool/actual"; 80 + fsType = "xfs"; 81 + options = ["nofail"]; 82 + }; 83 + 79 84 fileSystems."/boot" = { 80 85 device = "/dev/disk/by-uuid/7000-3A85"; 81 86 fsType = "vfat"; ··· 91 96 nix.settings.max-jobs = lib.mkDefault 4; 92 97 powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; 93 98 94 - hardware.opengl.extraPackages = with pkgs; [ 99 + hardware.graphics.extraPackages = with pkgs; [ 95 100 vaapiIntel 96 101 vaapiVdpau 97 102 libvdpau-va-gl

-51

nixos/configurations/hyperion.nix

··· 1 - _: {pkgs, ...}: { 2 - nix.allowedUnfree = ["zerotierone"]; 3 - 4 - networking.hostName = "hyperion"; 5 - networking.networkmanager.enable = true; 6 - 7 - time.timeZone = "Europe/Berlin"; 8 - 9 - i18n.defaultLocale = "en_US.UTF-8"; 10 - 11 - services.xserver.enable = true; 12 - 13 - # Enable the LXQT Desktop Environment. 14 - services.xserver.displayManager.lightdm.enable = true; 15 - services.xserver.desktopManager.lxqt.enable = true; 16 - services.xserver.desktopManager.plasma5.enable = true; 17 - services.xserver.desktopManager.enlightenment.enable = true; 18 - 19 - services.qemuGuest.enable = true; 20 - services.spice-vdagentd.enable = true; 21 - 22 - services.openssh.enable = true; 23 - 24 - services.acpid.enable = true; 25 - 26 - # Configure keymap in X11 27 - services.xserver = { 28 - layout = "de"; 29 - xkbVariant = ""; 30 - }; 31 - 32 - # Configure console keymap 33 - console.keyMap = "de"; 34 - 35 - services.printing.enable = true; 36 - 37 - programs.zsh.enable = true; 38 - 39 - users.users.nmelzer = { 40 - isNormalUser = true; 41 - description = "Norbert Melzer"; 42 - extraGroups = ["networkmanager" "wheel"]; 43 - shell = pkgs.zsh; 44 - packages = [ 45 - pkgs.firefox 46 - # thunderbird 47 - ]; 48 - }; 49 - 50 - system.stateVersion = "22.11"; 51 - }

+71

nixos/configurations/mimas/gitea.nix

··· 1 + { 2 + pkgs, 3 + lib, 4 + config, 5 + ... 6 + }: let 7 + writeNuBin = pkgs.writers.writeNuBin.override {makeBinaryWrapper = pkgs.makeShellWrapper;}; 8 + 9 + find = lib.getExe pkgs.findutils; 10 + git = lib.getExe pkgs.git; 11 + systemd-notify = lib.getExe' pkgs.systemd "systemd-notify"; 12 + 13 + gitea-gc-script = 14 + writeNuBin "gitea-gc" 15 + # nu 16 + '' 17 + use std log 18 + 19 + def main [ 20 + repositories_base_folder: string, 21 + ] { 22 + log info $"Performing garbage collection for all repos in ($repositories_base_folder)" 23 + 24 + let repo_paths = run-external ${find} $repositories_base_folder "-maxdepth" 2 "-name" '*.git' | lines 25 + let repo_count = $repo_paths | length 26 + 27 + run-external ${systemd-notify} "--ready" 28 + 29 + $repo_paths | enumerate | each {|itm| 30 + let repo = $itm.item 31 + let idx = $itm.index 32 + 33 + let short_name = $repo | str substring --grapheme-clusters ($repositories_base_folder + "/" | str length)..-1 34 + 35 + log info $"Starting garbage collection for ($short_name)" 36 + run-external ${systemd-notify} $"--status=($idx + 1)/($repo_count): ($short_name)" 37 + run-external ${git} "-C" $repo gc "--aggressive" "--no-quiet" 38 + log info $"Finished garbage collection for ($short_name)" 39 + } 40 + 41 + run-external ${systemd-notify} "--stopping" 42 + 43 + log info "Overall garbage collection suceeded" 44 + } 45 + ''; 46 + in { 47 + systemd = { 48 + services.gitea-gc = { 49 + description = "Garbage Collect gitea repositories"; 50 + restartIfChanged = false; 51 + environment = { 52 + NU_LOG_LEVEL = "DEBUG"; 53 + }; 54 + serviceConfig = { 55 + CPUAccounting = true; 56 + CPUQuota = "200%"; 57 + CPUWeight = "idle"; 58 + ExecStart = "${lib.getExe gitea-gc-script} /var/lib/gitea/repositories"; 59 + NotifyAccess = "all"; 60 + Type = "notify"; 61 + User = config.services.gitea.user; 62 + }; 63 + }; 64 + 65 + timers.gitea-gc = { 66 + description = "Garbage Collection for gitea repositories - timer"; 67 + wantedBy = ["timers.target"]; 68 + timerConfig.OnCalendar = "Mon 01:00:00"; 69 + }; 70 + }; 71 + }

+2 -2

nixos/configurations/mimas/paperless.nix

··· 1 - {nixpkgs-2211, ...}: {config, ...}: { 1 + _: {config, ...}: { 2 2 services.paperless = { 3 3 enable = true; 4 4 address = "0.0.0.0"; 5 5 port = 58080; 6 - extraConfig.PAPERLESS_OCR_LANGUAGE = "deu+eng"; 6 + settings.PAPERLESS_OCR_LANGUAGE = "deu+eng"; 7 7 }; 8 8 9 9 systemd.services.paperless-consumer.after = ["var-lib-paperless.mount"];

+41 -56

nixos/configurations/mimas/restic.nix

··· 6 6 }: let 7 7 resticPort = 9999; 8 8 9 - inherit (pkgs) writeShellScript proot mount umount restic; 9 + inherit (pkgs) proot mount umount restic; 10 10 11 11 pools = { 12 12 gitea = "/var/lib/gitea"; ··· 17 17 18 18 extraPathes = [ 19 19 "/var/lib/nixos" 20 + "/var/lib/redis-paperless" 20 21 ]; 21 22 22 - fileFromList = pkgs.writeText "files-from-verbatim" '' 23 - ${lib.concatStringsSep "\n" pathes} 24 - ''; 25 - 26 23 basePath = "/tmp/backup"; 27 - pathes = extraPathes ++ builtins.attrValues pools; 28 - mounts = lib.flatten (lib.mapAttrsToList (lv: path: ["-b" "${basePath}/${lv}:${path}"]) pools); 24 + mounts = lib.flatten ( 25 + (lib.mapAttrsToList (lv: path: ["-b" "${basePath}/${lv}:${path}"]) pools) 26 + ++ (builtins.map (path: ["-b" "${path}:${path}"]) extraPathes) 27 + ); 29 28 30 29 snaps = lib.mapAttrs' (lv: _: lib.nameValuePair "${lv}_snap" "pool/${lv}") pools; 31 30 lvcreates = lib.concatStringsSep "\n" (lib.mapAttrsToList (name: origin: "lvcreate -s --name ${name} ${origin}") snaps); 32 - lvchanges = lib.concatStringsSep "\n" (lib.mapAttrsToList (name: _: "lvchange -ay -Ky pool/${name}") snaps); 31 + lvactivates = lib.concatStringsSep "\n" (lib.mapAttrsToList (name: _: "lvchange -ay -Ky pool/${name}") snaps); 33 32 mkdirs = lib.concatStringsSep "\n" (lib.mapAttrsToList (lv: _: "mkdir -p ${basePath}/${lv}") pools); 34 33 mountCmds = lib.concatStringsSep "\n" (lib.mapAttrsToList (lv: _: "mount -o ro /dev/pool/${lv}_snap ${basePath}/${lv}") pools); 35 34 36 35 unmountCmds = lib.concatStringsSep "\n" (lib.mapAttrsToList (lv: _: "umount ${basePath}/${lv}") pools); 37 - lvunchanges = lib.concatStringsSep "\n" (lib.mapAttrsToList (name: _: "lvchange -an pool/${name}") snaps); 38 - lvremoves = lib.concatStringsSep "\n" (lib.mapAttrsToList (name: origin: "lvremove pool/${name}") snaps); 36 + uncheckedUnmountCmds = lib.concatStringsSep "\n" (lib.mapAttrsToList (lv: _: "umount ${basePath}/${lv} || true") pools); 37 + lvdeactivates = lib.concatStringsSep "\n" (lib.mapAttrsToList (name: _: "lvs | grep -E '${name}\\s+.*a' && lvchange -an pool/${name}") snaps); 38 + lvremoves = lib.concatStringsSep "\n" (lib.mapAttrsToList (name: _: "lvs | grep -E '${name}' && lvremove pool/${name}") snaps); 39 39 40 40 rest_repo = "rest:https://restic.mimas.internal.nobbz.dev/mimas"; 41 - gdrv_repo = "/home/nmelzer/timmelzer@gmail.com/restic_repos/mimas"; 42 - btwo_repo = "b2:nobbz-restic-services"; 43 41 pass = config.sops.secrets.restic.path; 44 42 45 - script = writeShellScript "restic-services-backup" '' 46 - set -ex 43 + preStart = '' 44 + set -x 45 + 46 + ${uncheckedUnmountCmds} 47 47 48 - # Create the snapshots 48 + ${lvdeactivates} 49 + ${lvremoves} 50 + 49 51 ${lvcreates} 50 - ${lvchanges} 52 + ${lvactivates} 53 + 51 54 ${mkdirs} 55 + 52 56 ${mountCmds} 53 57 58 + /run/wrappers/bin/sudo -u vaultwarden ${pkgs.sqlite}/bin/sqlite3 /var/lib/bitwarden_rs/db.sqlite3 .dump > /var/lib/bitwarden_rs/dump.sql 59 + ''; 60 + 61 + script = '' 62 + set -x 63 + 54 64 # TODO: Make the latter from snapshots as well! 55 - proot ${lib.escapeShellArgs mounts} restic --tag services -vv backup --files-from-verbatim ${fileFromList} 65 + proot ${lib.escapeShellArgs mounts} \ 66 + -b /var/lib/bitwarden_rs:/var/lib/bitwarden_rs \ 67 + -b /nix:/nix \ 68 + -b ''${CREDENTIALS_DIRECTORY}:''${CREDENTIALS_DIRECTORY} \ 69 + -b /etc:/etc \ 70 + -b /tmp:/tmp \ 71 + -r /var/empty \ 72 + restic --tag services -vv backup /var/lib 73 + ''; 74 + 75 + postStart = '' 76 + set -x 56 77 57 78 ${unmountCmds} 58 - ${lvunchanges} 79 + 80 + ${lvdeactivates} 59 81 ${lvremoves} 60 82 61 83 rm -rfv ${basePath} ··· 93 115 }; 94 116 95 117 systemd.services.restic-system-snapshot-backup = { 118 + inherit preStart script postStart; 96 119 path = [proot restic mount umount config.services.lvm.package]; 97 - script = "${script}"; 98 120 serviceConfig.LoadCredential = ["pass:${pass}"]; 99 121 environment = { 100 122 RESTIC_REPOSITORY = rest_repo; ··· 103 125 }; 104 126 serviceConfig = { 105 127 Type = "oneshot"; 106 - }; 107 - }; 108 - 109 - systemd.timers.restic-system-snapshot-sync-and-prune = { 110 - wantedBy = ["timers.target"]; 111 - timerConfig.OnCalendar = "daily"; 112 - }; 113 - 114 - systemd.services.restic-system-snapshot-sync-and-prune = { 115 - path = [restic]; 116 - after = ["run-secrets.d.mount"]; 117 - serviceConfig.Type = "oneshot"; 118 - serviceConfig.LoadCredential = [ 119 - "b2:${config.sops.secrets.backblaze.path}" 120 - "pass:${pass}" 121 - ]; 122 - script = '' 123 - eval $(cat "$CREDENTIALS_DIRECTORY/b2") 124 - 125 - restic copy --repo ${rest_repo} --repo2 ${gdrv_repo} -vvv 126 - restic copy --repo ${rest_repo} --repo2 ${btwo_repo} -vvv 127 - 128 - restic forget --repo ${rest_repo} --keep-hourly 12 --keep-daily 4 --keep-weekly 3 --keep-monthly 7 --keep-yearly 10 129 - restic forget --repo ${gdrv_repo} --keep-daily 30 --keep-weekly 4 --keep-monthly 12 --keep-yearly 20 130 - restic forget --repo ${btwo_repo} --keep-daily 30 --keep-weekly 4 --keep-monthly 12 --keep-yearly 20 131 - 132 - restic prune --repo ${rest_repo} --max-unused 0 133 - restic prune --repo ${gdrv_repo} --max-unused 0 134 - restic prune --repo ${btwo_repo} 135 - 136 - chown -Rv nmelzer:users /home/nmelzer/timmelzer@gmail.com/restic_repos 137 - ''; 138 - environment = { 139 - RESTIC_PASSWORD_FILE = "%d/pass"; 140 - RESTIC_PASSWORD_FILE2 = "%d/pass"; 141 - RESTIC_COMPRESSION = "max"; 142 - XDG_CACHE_HOME = "%C"; 143 128 }; 144 129 }; 145 130 }

+212

nixos/configurations/mimas/rustic-timers.nix

··· 1 + _: { 2 + config, 3 + pkgs, 4 + lib, 5 + ... 6 + }: let 7 + profile_name = template: lib.removeSuffix ".toml" config.sops.templates."${template}".path; 8 + 9 + environment = { 10 + RUSTIC_NO_PROGRESS = "true"; 11 + RUSTIC_CACHE_DIR = "%T/rustic"; 12 + }; 13 + 14 + mimas_template = 15 + # toml 16 + '' 17 + [repository] 18 + repository = "rest:https://restic.mimas.internal.nobbz.dev/mimas" 19 + password-file = "${config.sops.secrets.rustic.path}" 20 + 21 + [copy] 22 + targets = ["${profile_name "mimas_hetzner.toml"}"] 23 + ''; 24 + mimas_hetzner_template = 25 + # toml 26 + '' 27 + [repository] 28 + repository = "opendal:sftp" 29 + password-file = "${config.sops.secrets.rustic.path}" 30 + 31 + [repository.options] 32 + endpoint = "ssh://${config.sops.placeholder.rustic-user}.your-storagebox.de:23" 33 + user = "${config.sops.placeholder.rustic-user}" 34 + key = "/root/.ssh/id_ed25519" 35 + root = "/home/mimas" 36 + ''; 37 + 38 + nobbz_template = 39 + # toml 40 + '' 41 + [repository] 42 + repository = "rest:https://restic.mimas.internal.nobbz.dev/nobbz" 43 + password-file = "${config.sops.secrets.rustic.path}" 44 + 45 + [copy] 46 + targets = ["${profile_name "nobbz_hetzner.toml"}"] 47 + ''; 48 + 49 + nobbz_hetzner_template = 50 + # toml 51 + '' 52 + [repository] 53 + repository = "opendal:sftp" 54 + password-file = "${config.sops.secrets.rustic.path}" 55 + 56 + [repository.options] 57 + endpoint = "ssh://${config.sops.placeholder.rustic-user}.your-storagebox.de:23" 58 + user = "${config.sops.placeholder.rustic-user}" 59 + key = "/root/.ssh/id_ed25519" 60 + root = "/home/nobbz" 61 + ''; 62 + 63 + schedule = { 64 + rustic-mimas-clean = "*-*-* 01:00:00"; 65 + rustic-nobbz-clean = "*-*-* 01:30:00"; 66 + rustic-mimas-hetzner-clean = "*-*-* 02:00:00"; 67 + rustic-nobbz-hetzner-clean = "*-*-* 03:00:00"; 68 + }; 69 + 70 + mkTimer = name: calendar: { 71 + "${name}" = { 72 + wantedBy = ["timers.target"]; 73 + timerConfig.OnCalendar = calendar; 74 + }; 75 + }; 76 + 77 + notify = lib.getExe' pkgs.systemd "systemd-notify"; 78 + in { 79 + sops.secrets.rustic = {}; 80 + sops.secrets.rustic-user = {}; 81 + 82 + sops.templates."mimas.toml".content = mimas_template; 83 + sops.templates."mimas_hetzner.toml".content = mimas_hetzner_template; 84 + sops.templates."nobbz.toml".content = nobbz_template; 85 + sops.templates."nobbz_hetzner.toml".content = nobbz_hetzner_template; 86 + 87 + systemd.timers = lib.pipe schedule [ 88 + (lib.mapAttrsToList mkTimer) 89 + lib.mkMerge 90 + ]; 91 + 92 + systemd.services = { 93 + rustic-mimas-clean = { 94 + path = [pkgs.rustic pkgs.openssh]; 95 + inherit environment; 96 + serviceConfig = { 97 + NotifyAccess = "all"; 98 + Type = "notify"; 99 + }; 100 + script = '' 101 + ${notify} --ready 102 + ${notify} --status=forget 103 + rustic forget -P ${profile_name "mimas.toml"} \ 104 + --keep-last 4 \ 105 + --keep-within-hourly 1d \ 106 + --keep-within-daily 5d \ 107 + --keep-within-weekly 35d \ 108 + --keep-within-monthly 100d \ 109 + --keep-within-yearly 2y 110 + 111 + ${notify} --status=prune 112 + rustic prune -P ${profile_name "mimas.toml"} \ 113 + --max-unused=0B \ 114 + --keep-delete=12h \ 115 + --max-repack=50GiB 116 + 117 + ${notify} --status=copy 118 + rustic copy -P ${profile_name "mimas.toml"} 119 + 120 + ${notify} --stopping --status="" 121 + ''; 122 + }; 123 + 124 + rustic-nobbz-clean = { 125 + path = [pkgs.rustic pkgs.openssh]; 126 + inherit environment; 127 + serviceConfig = { 128 + NotifyAccess = "all"; 129 + Type = "notify"; 130 + }; 131 + script = '' 132 + ${notify} --ready 133 + ${notify} --status=forget 134 + rustic forget -P ${profile_name "nobbz.toml"} \ 135 + --filter-tags home \ 136 + --keep-last 4 \ 137 + --keep-within-hourly 1d \ 138 + --keep-within-daily 5d \ 139 + --keep-within-weekly 35d \ 140 + --keep-within-monthly 100d \ 141 + --keep-within-yearly 2y 142 + 143 + ${notify} --status=prune 144 + rustic prune -P ${profile_name "nobbz.toml"} \ 145 + --max-unused=0B \ 146 + --keep-delete=12h \ 147 + --max-repack=50GiB 148 + 149 + ${notify} --status=copy 150 + rustic copy -P ${profile_name "nobbz.toml"} 151 + 152 + ${notify} --stopping --status="" 153 + ''; 154 + }; 155 + 156 + rustic-nobbz-hetzner-clean = { 157 + path = [pkgs.rustic pkgs.openssh]; 158 + inherit environment; 159 + serviceConfig = { 160 + NotifyAccess = "all"; 161 + Type = "notify"; 162 + }; 163 + script = '' 164 + ${notify} --ready 165 + ${notify} --status=forget 166 + rustic forget -P ${profile_name "nobbz_hetzner.toml"} \ 167 + --keep-last 1 \ 168 + --keep-within-hourly 2h \ 169 + --keep-within-daily 10d \ 170 + --keep-within-weekly 65d \ 171 + --keep-within-monthly 190d \ 172 + --keep-within-yearly 5y 173 + 174 + ${notify} --status=prune 175 + rustic prune -P ${profile_name "nobbz_hetzner.toml"} \ 176 + --max-unused 0B \ 177 + --max-repack 20GiB \ 178 + --keep-delete 11h 179 + 180 + ${notify} --stopping --status="" 181 + ''; 182 + }; 183 + 184 + rustic-mimas-hetzner-clean = { 185 + path = [pkgs.rustic pkgs.openssh]; 186 + inherit environment; 187 + serviceConfig = { 188 + NotifyAccess = "all"; 189 + Type = "notify"; 190 + }; 191 + script = '' 192 + ${notify} --ready 193 + ${notify} --status=forget 194 + rustic forget -P ${profile_name "mimas_hetzner.toml"} \ 195 + --keep-last 1 \ 196 + --keep-within-hourly 2h \ 197 + --keep-within-daily 10d \ 198 + --keep-within-weekly 65d \ 199 + --keep-within-monthly 190d \ 200 + --keep-within-yearly 5y 201 + 202 + ${notify} --status=prune 203 + rustic prune -P ${profile_name "mimas_hetzner.toml"} \ 204 + --max-unused 0B \ 205 + --max-repack 20GiB \ 206 + --keep-delete 11h 207 + 208 + ${notify} --stopping --status="" 209 + ''; 210 + }; 211 + }; 212 + }

+34

nixos/configurations/mimas/vaultwarden.nix

··· 1 + _: {config, ...}: let 2 + host = "passwords.mimas.internal.nobbz.dev"; 3 + wardenPort = 10000; 4 + in { 5 + sops.secrets.warden = {}; 6 + 7 + services.vaultwarden = { 8 + enable = true; 9 + environmentFile = config.sops.secrets.warden.path; 10 + config = { 11 + DOMAIN = "https://${host}"; 12 + DATABASE_MAX_CONNS = "5"; 13 + 14 + # LOG_LEVEL = "debug"; 15 + 16 + ROCKET_ADDRESS = "127.0.0.1"; 17 + ROCKET_PORT = "${toString wardenPort}"; 18 + ROCKET_WORKERS = "5"; 19 + }; 20 + }; 21 + 22 + services.traefik.dynamicConfigOptions.http.routers.warden = { 23 + entryPoints = ["https" "http"]; 24 + rule = "Host(`${host}`)"; 25 + service = "vaultwarden"; 26 + tls.domains = [{main = "*.mimas.internal.nobbz.dev";}]; 27 + tls.certResolver = "mimasWildcard"; 28 + }; 29 + 30 + services.traefik.dynamicConfigOptions.http.services.vaultwarden.loadBalancer = { 31 + passHostHeader = false; 32 + servers = [{url = "http://127.0.0.1:${toString wardenPort}";}]; 33 + }; 34 + }

+53 -35

nixos/configurations/mimas.nix

··· 1 1 # Edit this configuration file to define what should be installed on 2 2 # your system. Help is available in the configuration.nix(5) man page 3 3 # and in the NixOS manual (accessible by running ‘nixos-help’). 4 - { 5 - self, 6 - unstable, 7 - nixpkgs-2211, 8 - ... 9 - } @ inputs: { 4 + {self, ...} @ inputs: { 10 5 config, 11 6 pkgs, 12 7 lib, 13 8 ... 14 9 }: let 15 - upkgs = unstable.legacyPackages.x86_64-linux; 16 - steamPackages = ["steam" "steam-run" "steam-original" "steam-runtime"]; 17 - printerPackages = ["hplip" "samsung-UnifiedLinuxDriver"]; 10 + steamPackages = ["steam" "steam-run" "steam-original" "steam-runtime" "steam-unwrapped"]; 18 11 in { 19 12 imports = [ 13 + (import ./mimas/paperless.nix inputs) 20 14 (import ./mimas/restic.nix inputs) 21 - (import ./mimas/paperless.nix inputs) 15 + (import ./mimas/rustic-timers.nix inputs) 16 + (import ./mimas/vaultwarden.nix inputs) 17 + ./mimas/gitea.nix 22 18 ]; 19 + 20 + services.tailscale.enable = true; 21 + 22 + security.pam.services.i3lock.enable = true; 23 + security.pam.services.i3lock-color.enable = true; 23 24 24 25 sops.age.sshKeyPaths = ["/etc/ssh/ssh_host_ed25519_key"]; 25 26 sops.defaultSopsFile = "${self}/secrets/mimas/default.yaml"; 26 27 27 28 sops.secrets.restic = {}; 28 - sops.secrets.backblaze = {}; 29 + sops.secrets.traefik = {}; 29 30 30 - nix.allowedUnfree = ["zerotierone"] ++ printerPackages ++ steamPackages; 31 + nix.allowedUnfree = ["zerotierone"] ++ steamPackages; 31 32 nix.settings.experimental-features = ["ca-derivations" "impure-derivations"]; 33 + nix.distributedBuilds = true; 34 + # nix.enabledMachines = ["enceladeus"]; 32 35 33 36 security.chromiumSuidSandbox.enable = true; 34 37 ··· 99 102 100 103 # Enable CUPS to print documents. 101 104 services.printing.enable = true; 102 - services.printing.drivers = [pkgs.hplipWithPlugin pkgs.samsung-unified-linux-driver]; 105 + 106 + services.avahi.enable = true; 107 + services.avahi.nssmdns4 = true; 108 + services.avahi.openFirewall = true; 103 109 104 110 services.ratbagd.enable = true; 111 + 112 + programs.partition-manager.enable = true; 113 + # security.polkit.enable = true; 105 114 106 115 # services.hydra = { 107 116 # enable = true; ··· 114 123 # }; 115 124 # networking.firewall.allowedTCPPorts = [ 3000 ]; 116 125 117 - # Enable sound. 118 - sound.enable = true; 119 - hardware.pulseaudio = { 120 - enable = true; 121 - package = pkgs.pulseaudioFull; 122 - }; 126 + # Enable pulse compat. 127 + services.pipewire.pulse.enable = true; 128 + 123 129 hardware.bluetooth.enable = true; 124 130 125 131 # Enable the X11 windowing system. 126 132 services.xserver.enable = true; 127 - services.xserver.layout = "de"; 128 - # services.xserver.xkbOptions = "eurosign:e"; 133 + services.xserver.xkb.layout = "de"; 129 134 130 135 # Enable touchpad support. 131 136 # services.xserver.libinput.enable = true; 132 137 133 138 # Enable the KDE Desktop Environment. 134 - services.xserver.displayManager.sddm.enable = true; 139 + services.displayManager.sddm.enable = true; 135 140 services.xserver.desktopManager.plasma5.enable = true; 136 141 services.xserver.windowManager.awesome.enable = true; 137 142 ··· 146 151 147 152 programs = { 148 153 steam.enable = true; 154 + 149 155 zsh.enable = true; 150 156 zsh.enableCompletion = false; 151 157 }; 152 158 153 - hardware.opengl.driSupport32Bit = true; 154 - hardware.pulseaudio.support32Bit = true; 155 - 156 - hardware.opengl.enable = true; 157 - hardware.opengl.extraPackages = [pkgs.vaapiIntel pkgs.beignet]; 159 + hardware.graphics.enable = true; 160 + hardware.graphics.extraPackages = [pkgs.vaapiIntel]; 158 161 159 162 services.gitea = { 160 163 enable = true; 161 - httpAddress = "127.0.0.1"; 162 - domain = "gitea.mimas.internal.nobbz.dev"; 164 + settings.server.DOMAIN = "gitea.mimas.internal.nobbz.dev"; 165 + settings.server.HTTP_ADDR = "127.0.0.1"; 163 166 settings.server.ROOT_URL = lib.mkForce "https://gitea.mimas.internal.nobbz.dev/"; 164 167 settings."git.timeout".DEFAULT = 3600; # 1 hour 165 168 settings."git.timeout".MIGRATE = 3600; # 1 hour 166 169 settings."git.timeout".MIRROR = 3600; # 1 hour 167 170 settings."git.timeout".CLONE = 3600; # 1 hour 168 171 settings."git.timeout".PULL = 3600; # 1 hour 169 - settings."git.timeout".GC = 3600; 170 - }; # 1 hour 172 + settings."git.timeout".GC = 3600; # 1 hour 173 + }; 171 174 systemd.services.gitea.after = ["var-lib-gitea.mount"]; 172 175 173 176 virtualisation = { ··· 175 178 enable = true; 176 179 # storageDriver = "zfs"; 177 180 # extraOptions = "--storage-opt zfs.fsname=rpool/local/docker"; 178 - package = upkgs.docker; 181 + package = pkgs.docker; 179 182 extraOptions = "--dns 1.1.1.1"; 180 183 }; 181 184 ··· 249 252 250 253 hardware.keyboard.zsa.enable = true; 251 254 hardware.sane.enable = true; 252 - hardware.sane.extraBackends = [pkgs.hplipWithPlugin]; 253 255 254 256 services.traefik.enable = true; 255 - systemd.services.traefik.serviceConfig.EnvironmentFile = "/etc/traefik/env"; 257 + systemd.services.traefik.serviceConfig.EnvironmentFile = [config.sops.secrets.traefik.path]; 256 258 services.traefik.staticConfigOptions = { 257 259 log.level = "DEBUG"; 258 260 ··· 334 336 fritz.loadBalancer.servers = [{url = "http://fritz.box";}]; 335 337 336 338 gitea.loadBalancer.passHostHeader = true; 337 - gitea.loadBalancer.servers = [{url = "http://localhost:${toString config.services.gitea.httpPort}";}]; 339 + gitea.loadBalancer.servers = [{url = "http://localhost:${toString config.services.gitea.settings.server.HTTP_PORT}";}]; 338 340 339 341 grafana.loadBalancer.passHostHeader = true; 340 342 grafana.loadBalancer.servers = [{url = "http://localhost:${toString config.services.grafana.settings.server.http_port}";}]; ··· 385 387 } 386 388 ]; 387 389 }; 390 + 391 + nix.buildMachines = let 392 + communityBuilder = name: system: { 393 + hostName = "${name}.nix-community.org"; 394 + inherit system; 395 + sshKey = "/root/.ssh/id_ed25519"; 396 + sshUser = "NobbZ"; 397 + maxJobs = 8; 398 + protocol = "ssh"; 399 + speedFactor = 4; 400 + supportedFeatures = ["nixos-test" "benchmark" "big-parallel" "kvm"]; 401 + }; 402 + in [ 403 + (communityBuilder "build-box" "x86_64-linux") 404 + (communityBuilder "aarch64-build.box" "aarch64-linux") 405 + ]; 388 406 389 407 # This value determines the NixOS release with which your system is to be 390 408 # compatible, in order to avoid breaking some software such as database

+12 -9

nixos/modules/default.nix

··· 1 - inputs: { 2 - cachix = import ./cachix inputs; 3 - flake = import ./flake.nix inputs; 4 - hostnames = import ./hostnames.nix inputs; 5 - kernel = import ./kernel.nix inputs; 6 - moonlander = import ./moonlander.nix inputs; 7 - nix = import ./nix.nix inputs; 8 - switcher = import ./switcher.nix inputs; 9 - zerotier = import ./zerotier.nix inputs; 1 + { 2 + nobbz.nixosModules = { 3 + cachix = ./cachix; 4 + distributed = ./distributed.nix; 5 + flake = ./flake.nix; 6 + hostnames = ./hostnames.nix; 7 + kernel = ./kernel.nix; 8 + moonlander = ./moonlander.nix; 9 + nix = ./nix.nix; 10 + switcher = ./switcher.nix; 11 + zerotier = ./zerotier.nix; 12 + }; 10 13 }

+58

nixos/modules/distributed.nix

··· 1 + _: { 2 + config, 3 + lib, 4 + ... 5 + }: let 6 + machines = { 7 + # Please try to keep the definitions alphabetically sorted 8 + enceladeus = { 9 + systems = ["i686-linux" "x86_64-linux"]; 10 + supportedFeatures = []; 11 + sshUser = "root"; 12 + sshKey = "/home/nmelzer/.ssh/id_rsa"; # TODO: sopsify 13 + speedFactor = 1; 14 + protocol = "ssh-ng"; 15 + maxJobs = 2; 16 + hostName = "enceladeus"; 17 + }; 18 + 19 + mimas = { 20 + systems = ["i686-linux" "aarch64-linux" "x86_64-linux"]; 21 + supportedFeatures = ["kvm" "big-parallel"]; 22 + sshUser = "root"; 23 + sshKey = "/home/nmelzer/.ssh/id_rsa"; # TODO: sopsify 24 + speedFactor = 8; 25 + protocol = "ssh-ng"; 26 + maxJobs = 4; 27 + hostName = "mimas"; 28 + }; 29 + }; 30 + 31 + names = builtins.attrNames machines; 32 + 33 + inherit (lib.types) listOf enum; 34 + inherit (config.nix) enabledMachines distributedBuilds; 35 + inherit (config.networking) hostName; 36 + 37 + selfRemote = builtins.elem hostName enabledMachines; 38 + in { 39 + options.nix = { 40 + enabledMachines = lib.mkOption { 41 + type = listOf (enum names); 42 + default = []; 43 + description = '' 44 + A list of hosts to use for remote builds. 45 + ''; 46 + }; 47 + }; 48 + 49 + config = lib.mkIf distributedBuilds { 50 + assertions = [ 51 + { 52 + assertion = !selfRemote; 53 + message = "You are not allowed to use yourself as a distributed builder"; 54 + } 55 + ]; 56 + nix.buildMachines = builtins.map (name: builtins.getAttr name machines) enabledMachines; 57 + }; 58 + }

+5 -9

nixos/modules/flake.nix

··· 1 1 { 2 - unstable, 3 - nixpkgs-2211, 4 2 nix, 3 + nixpkgs, 5 4 programsdb, 6 5 ... 7 6 }: { ··· 12 11 }: let 13 12 base = "/etc/nixpkgs/channels"; 14 13 nixpkgsPath = "${base}/nixpkgs"; 15 - nixpkgs2211Path = "${base}/nixpkgs2211"; 16 14 in { 17 15 options.nix.flakes.enable = lib.mkEnableOption "nix flakes"; 18 16 ··· 20 18 programs.command-not-found.dbPath = programsdb.packages.${pkgs.system}.programs-sqlite; 21 19 22 20 nix = { 23 - package = lib.mkDefault nix.packages.${pkgs.system}.nix; # pkgs.nixUnstable; 21 + package = lib.mkDefault nix.packages.${pkgs.system}.nix-cli; 22 + 24 23 settings.experimental-features = ["nix-command" "flakes"]; 25 24 26 - registry.nixpkgs.flake = unstable; 27 - registry.nixpkgs2211.flake = nixpkgs-2211; 25 + registry.nixpkgs.flake = nixpkgs; 28 26 29 27 nixPath = [ 30 28 "nixpkgs=${nixpkgsPath}" 31 - "nixpkgs2211=${nixpkgs2211Path}" 32 29 "/nix/var/nix/profiles/per-user/root/channels" 33 30 ]; 34 31 }; 35 32 36 33 systemd.tmpfiles.rules = [ 37 - "L+ ${nixpkgsPath} - - - - ${unstable}" 38 - "L+ ${nixpkgs2211Path} - - - - ${nixpkgs-2211}" 34 + "L+ ${nixpkgsPath} - - - - ${nixpkgs}" 39 35 ]; 40 36 }; 41 37 }

+5 -1

nixos/modules/kernel.nix

··· 4 4 config, 5 5 ... 6 6 }: let 7 - zfsUsed = lib.lists.elem "zfs" (config.boot.supportedFilesystems ++ config.boot.initrd.supportedFilesystems); 7 + supportedFilesystems = 8 + if builtins.isList config.boot.supportedFilesystems 9 + then config.boot.supportedFilesystems ++ config.boot.initrd.supportedFilesystems 10 + else builtins.attrNames (lib.filterAttrs (_name: value: value) (config.boot.supportedFilesystems // config.boot.initrd.supportedFilesystems)); 11 + zfsUsed = lib.lists.elem "zfs" supportedFilesystems; 8 12 in { 9 13 boot.kernelPackages = lib.mkDefault ( 10 14 if zfsUsed

+2 -1

nixos/modules/nix.nix

··· 10 10 in { 11 11 options.nix = { 12 12 allowedUnfree = lib.mkOption { 13 - type = lib.types.listOf lib.types.string; 13 + type = lib.types.listOf lib.types.str; 14 14 default = []; 15 15 description = '' 16 16 Allows for unfree packages by their name. ··· 22 22 (lib.mkIf (allowed != []) {nixpkgs.config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) allowed;}) 23 23 {nix.settings.auto-optimise-store = lib.mkDefault true;} 24 24 { 25 + nix.settings.trusted-users = lib.mkDefault ["root" "@wheel"]; 25 26 nix.settings.min-free = lib.mkDefault (5 * gibibyte); 26 27 nix.settings.max-free = lib.mkDefault (25 * gibibyte); 27 28 nix.settings.allow-import-from-derivation = lib.mkDefault false;

+13

nixos/modules/prefer-local.patch

··· 1 + diff --git a/src/build-remote/build-remote.cc b/src/build-remote/build-remote.cc 2 + index cfc4baaca..4fbaae4fa 100644 3 + --- a/src/build-remote/build-remote.cc 4 + +++ b/src/build-remote/build-remote.cc 5 + @@ -122,6 +122,8 @@ static int main_build_remote(int argc, char * * argv) 6 + /* It's possible to build this locally right now: */ 7 + bool canBuildLocally = amWilling && couldBuildLocally; 8 + 9 + + if (canBuildLocally) continue; 10 + + 11 + /* Error ignored here, will be caught later */ 12 + mkdir(currentLoad.c_str(), 0777); 13 +

+13 -20

nixos/modules/switcher.nix

··· 3 3 config, 4 4 ... 5 5 }: { 6 - _file = ./switcher.nix; 7 - 8 6 environment.systemPackages = [self.packages."${pkgs.system}".switcher]; 9 7 10 8 security.sudo.extraRules = let 11 9 storePrefix = "/nix/store/*"; 10 + commandPrefix = "/run/current-system/sw"; 12 11 systemName = "nixos-system-${config.networking.hostName}-*"; 12 + nixEnvCmd = "${commandPrefix}/bin/nix-env"; 13 + systemdPath = "${commandPrefix}/bin/systemd-run"; 14 + systemdRunCmd = "${systemdPath} -E LOCALE_ARCHIVE -E NIXOS_INSTALL_BOOTLOADER --collect --no-ask-password --pty --quiet --same-dir --service-type=exec --unit=nixos-rebuild-switch-to-configuration"; 15 + systemdRunEqCmd = "${systemdPath} -E LOCALE_ARCHIVE -E NIXOS_INSTALL_BOOTLOADER= --collect --no-ask-password --pty --quiet --same-dir --service-type=exec --unit=nixos-rebuild-switch-to-configuration"; 16 + options = ["NOPASSWD"]; 17 + mkRule = command: { 18 + commands = [{inherit command options;}]; 19 + groups = ["wheel"]; 20 + }; 13 21 in [ 14 - { 15 - commands = [ 16 - { 17 - command = "${storePrefix}-nix-*/bin/nix-env -p /nix/var/nix/profiles/system --set ${storePrefix}-${systemName}"; 18 - options = ["NOPASSWD"]; 19 - } 20 - ]; 21 - groups = ["wheel"]; 22 - } 23 - { 24 - commands = [ 25 - { 26 - command = "${storePrefix}-${systemName}/bin/switch-to-configuration"; 27 - options = ["NOPASSWD"]; 28 - } 29 - ]; 30 - groups = ["wheel"]; 31 - } 22 + (mkRule "${nixEnvCmd} -p /nix/var/nix/profiles/system --set ${storePrefix}-${systemName}") 23 + (mkRule "${systemdRunCmd} --wait true") 24 + (mkRule "${systemdRunEqCmd} --wait ${storePrefix}-${systemName}/bin/switch-to-configuration switch") 32 25 ]; 33 26 }

+14 -1

nixos/modules/zerotier.nix

··· 1 - _: { 1 + {nixpkgs-pre-rust, ...}: { 2 + config, 3 + pkgs, 4 + ... 5 + }: { 2 6 services.zerotierone.enable = true; 3 7 services.zerotierone.joinNetworks = ["8286ac0e4768c8ae"]; 8 + 9 + services.zerotierone.localConf = {}; 10 + 11 + services.zerotierone.package = 12 + (import nixpkgs-pre-rust { 13 + inherit (config.nixpkgs) config; 14 + inherit (pkgs) system; 15 + }) 16 + .zerotierone; 4 17 }

+33 -9

npins/sources.json

··· 1 1 { 2 2 "pins": { 3 - "konsole": { 3 + "catppuccin-bat": { 4 + "type": "Git", 5 + "repository": { 6 + "type": "GitHub", 7 + "owner": "catppuccin", 8 + "repo": "bat" 9 + }, 10 + "branch": "main", 11 + "revision": "699f60fc8ec434574ca7451b444b880430319941", 12 + "url": "https://github.com/catppuccin/bat/archive/699f60fc8ec434574ca7451b444b880430319941.tar.gz", 13 + "hash": "1lirgwgh2hnz6j60py19bbmhvgaqs7i6wf6702k6n83lgw4aixg9" 14 + }, 15 + "catppuccin-rofi": { 4 16 "type": "Git", 5 17 "repository": { 6 18 "type": "GitHub", 7 - "owner": "dracula", 8 - "repo": "konsole" 19 + "owner": "catppuccin", 20 + "repo": "rofi" 21 + }, 22 + "branch": "main", 23 + "revision": "c24a212a6b07c2d45f32d01d7f10b4d88ddc9f45", 24 + "url": "https://github.com/catppuccin/rofi/archive/c24a212a6b07c2d45f32d01d7f10b4d88ddc9f45.tar.gz", 25 + "hash": "0236bcwad4cmr1fhnywvcnzf7xdmhhwgrkrq8jdg8livhh1h8rjq" 26 + }, 27 + "fzf-tab": { 28 + "type": "Git", 29 + "repository": { 30 + "type": "GitHub", 31 + "owner": "Aloxaf", 32 + "repo": "fzf-tab" 9 33 }, 10 34 "branch": "master", 11 - "revision": "030486c75f12853e9d922b59eb37c25aea4f66f4", 12 - "url": "https://github.com/dracula/konsole/archive/030486c75f12853e9d922b59eb37c25aea4f66f4.tar.gz", 13 - "hash": "123dll2w2mbflgxfgdjg0a3gbr4srnwbyj3zd6wg1hx5miki48xj" 35 + "revision": "6aced3f35def61c5edf9d790e945e8bb4fe7b305", 36 + "url": "https://github.com/Aloxaf/fzf-tab/archive/6aced3f35def61c5edf9d790e945e8bb4fe7b305.tar.gz", 37 + "hash": "1brljd9744wg8p9v3q39kdys33jb03d27pd0apbg1cz0a2r1wqqi" 14 38 }, 15 39 "zsh-syntax-highlighting": { 16 40 "type": "Git", ··· 20 44 "repo": "zsh-syntax-highlighting" 21 45 }, 22 46 "branch": "master", 23 - "revision": "b2c910a85ed84cb7e5108e7cb3406a2e825a858f", 24 - "url": "https://github.com/zsh-users/zsh-syntax-highlighting/archive/b2c910a85ed84cb7e5108e7cb3406a2e825a858f.tar.gz", 25 - "hash": "1b4hqdsfvcg87wm8jpvrh1005nzij2wgl0wbcrvgkcjqmxb2874p" 47 + "revision": "5eb677bb0fa9a3e60f0eff031dc13926e093df92", 48 + "url": "https://github.com/zsh-users/zsh-syntax-highlighting/archive/5eb677bb0fa9a3e60f0eff031dc13926e093df92.tar.gz", 49 + "hash": "1x33gk7hhp07jqq7yjvrsp2vmdbxmadlv3335ixx29bc6h8106r9" 26 50 } 27 51 }, 28 52 "version": 3

+1

packages/advcp/default.nix

··· 7 7 stdenv.mkDerivation rec { 8 8 name = "advcp"; 9 9 version = "9.1"; 10 + strictDeps = true; 10 11 11 12 src = fetchurl { 12 13 name = "source-${name}-${version}.tar.xz";

+8 -23

packages/default.nix

··· 6 6 inputs', 7 7 ... 8 8 }: let 9 - upkgs = inputs'.nixpkgs-unstable.legacyPackages; 10 - 11 - epkgs = upkgs.extend inputs.emacs.overlay; 12 - 13 - nilBase = 14 - if upkgs.stdenv.isLinux 15 - then inputs'.nil.packages.nil 16 - else upkgs.nil; 9 + upkgs = inputs'.nixpkgs.legacyPackages; 17 10 18 - rnil-lsp = upkgs.writeShellScriptBin "rnix-lsp" '' 19 - exec ${nilBase}/bin/nil "$@" 20 - ''; 21 - 22 - nil = upkgs.symlinkJoin { 23 - name = "nil"; 24 - paths = [nilBase rnil-lsp]; 11 + chromePkgs = import inputs.nixpkgs { 12 + inherit system; 13 + config.allowUnfree = true; 14 + config.google-chrome.enableWideVine = true; 25 15 }; 26 16 in { 27 17 packages = lib.mkMerge [ 28 18 { 29 - inherit nil; 30 - 31 19 advcp = upkgs.callPackage ./advcp {}; 32 - "dracula/konsole" = upkgs.callPackage ./dracula/konsole {}; 33 - emacs = epkgs.emacsUnstable; 34 20 "rofi/unicode" = upkgs.callPackage ./rofi-unicode {}; 35 - "zx" = upkgs.nodePackages.zx; 36 - 37 - alejandra = inputs'.alejandra.packages.default; 38 21 } 39 22 (lib.mkIf pkgs.stdenv.isLinux { 40 23 inherit (inputs'.switcher.packages) switcher; 41 - gnucash-de = upkgs.callPackage ./gnucash-de {}; 24 + }) 25 + (lib.mkIf (system == "x86_64-linux") { 26 + inherit (chromePkgs) google-chrome; 42 27 }) 43 28 ]; 44 29 };

-16

packages/dracula/konsole/default.nix

··· 1 - {stdenv}: let 2 - npins = import ../../../npins; 3 - in 4 - stdenv.mkDerivation (self: { 5 - pname = "dracula-konsole-theme"; 6 - version = npins.konsole.revision; 7 - 8 - src = npins.konsole; 9 - 10 - phases = ["unpackPhase" "installPhase"]; 11 - 12 - installPhase = '' 13 - mkdir -p $out/share/konsole 14 - cp Dracula.colorscheme $out/share/konsole 15 - ''; 16 - })

-14

packages/gnucash-de/default.nix

··· 1 - { 2 - runCommand, 3 - makeWrapper, 4 - gnucash, 5 - }: 6 - runCommand "gnucash-de-${gnucash.version}" 7 - { 8 - nativeBuildInputs = [makeWrapper]; 9 - } '' 10 - mkdir -p $out/{bin,share/applications} 11 - makeWrapper ${gnucash}/bin/gnucash $out/bin/gnucash \ 12 - --set LANG de_DE.UTF-8 13 - ln -s ${gnucash}/share/applications/gnucash.desktop $out/share/applications/gnucash.desktop 14 - ''

+1

packages/rofi-unicode/default.nix

··· 8 8 stdenvNoCC.mkDerivation (self: { 9 9 pname = "rofiemoji-rofiunicode"; 10 10 version = "${source.rev}"; 11 + strictDeps = true; 11 12 12 13 src = fetchgit { 13 14 inherit (source) rev url sha256;

+21 -4

parts/auxiliary.nix

··· 1 - {self, ...}: { 1 + _: { 2 2 perSystem = { 3 3 config, 4 4 pkgs, ··· 7 7 system, 8 8 ... 9 9 }: { 10 - formatter = self.packages.${system}.alejandra; 10 + formatter = pkgs.alejandra; 11 + 12 + apps.rotate.meta.description = "rotate keys for sops"; 13 + apps.rotate.program = let 14 + sopsrotate = pkgs.writeShellScript "sops-rotate" '' 15 + file=$1 16 + 17 + printf "Rotating %s...\n" "''${file}" 18 + ${pkgs.sops}/bin/sops -r -i "''${file}" 19 + ''; 20 + rotate = pkgs.writeShellScript "rotate" '' 21 + ${pkgs.git}/bin/git switch -c rotate-$(${pkgs.coreutils}/bin/date -Idate) >/dev/null || true 22 + 23 + ${pkgs.findutils}/bin/find secrets -type f -exec ${sopsrotate} '{}' \; 24 + 25 + ${pkgs.git}/bin/git add secrets 26 + ${pkgs.git}/bin/git commit -m "chore: rotate secrets $(${pkgs.coreutils}/bin/date -Idate)" 27 + ''; 28 + in "${rotate}"; 11 29 12 30 devShells.default = pkgs.mkShell { 13 31 packages = builtins.attrValues { 14 - inherit (self'.packages) nil alejandra; 15 - inherit (inputs'.unstable.legacyPackages) npins sops age ssh-to-age; 32 + inherit (pkgs) npins sops age ssh-to-age nil alejandra; 16 33 }; 17 34 }; 18 35 };

+13 -7

parts/home_configs.nix

··· 1 1 { 2 2 self, 3 - nixpkgs, 4 3 inputs, 5 4 config, 6 5 lib, 6 + npins, 7 7 ... 8 8 }: let 9 9 cfg = config.nobbz.homeConfigurations; 10 10 11 - configs = builtins.mapAttrs (_: config: config.finalHome) cfg; 11 + enabledCfgs = lib.filterAttrs (_: config: config.enable) cfg; 12 12 13 - packages = builtins.attrValues (builtins.mapAttrs (_: config: config.packageModule) cfg); 13 + configs = builtins.mapAttrs (_: config: config.finalHome) enabledCfgs; 14 + 15 + packages = builtins.attrValues (builtins.mapAttrs (_: config: config.packageModule) enabledCfgs); 14 16 in { 15 17 options = { 16 18 nobbz.homeConfigurations = lib.mkOption { ··· 20 22 ... 21 23 }: { 22 24 options = { 25 + enable = lib.mkEnableOption "Enable this home configuration." // {default = true;}; 26 + 23 27 nixpkgs = lib.mkOption { 24 28 type = lib.types.unspecified; 25 29 default = inputs.nixpkgs; ··· 83 87 }; 84 88 }; 85 89 86 - config = { 87 - entryPoint = import "${self}/home/configurations/${config.username}@${config.hostname}.nix" (inputs // {inherit self;}); 90 + config = lib.mkIf config.enable { 91 + entryPoint = import "${self}/home/configurations/${config.username}_at_${config.hostname}.nix" (inputs // {inherit self;}); 88 92 base = 89 93 if lib.strings.hasSuffix "-darwin" config.system 90 94 then "Users" ··· 95 99 [ 96 100 config.entryPoint 97 101 {home = {inherit (config) username homeDirectory;};} 98 - {systemd.user.startServices = "legacy";} 102 + {systemd.user.startServices = "sd-switch";} 103 + {news.display = "silent";} 99 104 inputs.nixos-vscode-server.nixosModules.home 100 105 inputs.sops-nix.homeManagerModules.sops 101 106 ] 102 107 ++ config.modules 103 - ++ builtins.attrValues self.homeModules 108 + ++ builtins.attrValues self.homeManagerModules 104 109 ++ builtins.attrValues self.mixedModules; 105 110 106 111 packageName = "home/config/${name}"; ··· 110 115 111 116 finalHome = inputs.home-manager.lib.homeManagerConfiguration { 112 117 pkgs = config.nixpkgs.legacyPackages.${config.system}; 118 + extraSpecialArgs.npins = npins; 113 119 modules = config.finalModules; 114 120 }; 115 121 };

+21

parts/home_modules.nix

··· 1 + { 2 + self, 3 + inputs, 4 + config, 5 + lib, 6 + ... 7 + }: let 8 + cfg = config.nobbz.homeManagerModules; 9 + 10 + inherit (import ./module_helpers.nix lib inputs) submodule; 11 + 12 + modules = builtins.mapAttrs (_: config: config.wrappedModule) cfg; 13 + in { 14 + options = { 15 + nobbz.homeManagerModules = lib.mkOption { 16 + type = lib.types.attrsOf submodule; 17 + }; 18 + }; 19 + 20 + config.flake.homeManagerModules = modules; 21 + }

+51

parts/module_helpers.nix

··· 1 + lib: inputs: let 2 + inherit (builtins) isString isPath; 3 + 4 + callModule = module: args: let 5 + moduleToImport = 6 + if args == null 7 + then module 8 + else import module args; 9 + in 10 + {imports = [moduleToImport];} 11 + // lib.optionalAttrs (builtins.any (p: p module) [isPath isString]) {_file = module;}; 12 + 13 + from = lib.types.oneOf [lib.types.str lib.types.path]; 14 + 15 + submodule = lib.types.coercedTo from (m: {module = m;}) (lib.types.submodule ({ 16 + name, 17 + config, 18 + ... 19 + }: { 20 + options = { 21 + name = lib.mkOption { 22 + type = lib.types.str; 23 + default = name; 24 + }; 25 + 26 + module = lib.mkOption { 27 + type = lib.types.oneOf [ 28 + lib.types.str 29 + lib.types.path 30 + # TODO: add sets and functions 31 + ]; 32 + }; 33 + 34 + extraArgs = lib.mkOption { 35 + type = lib.types.nullOr (lib.types.attrsOf lib.types.unspecified); 36 + default = inputs; 37 + }; 38 + 39 + wrappedModule = lib.mkOption { 40 + type = lib.types.unspecified; 41 + readOnly = true; 42 + }; 43 + }; 44 + 45 + config = { 46 + wrappedModule = callModule config.module config.extraArgs; 47 + }; 48 + })); 49 + in { 50 + inherit callModule submodule; 51 + }

+21

parts/nixos_modules.nix

··· 1 + { 2 + self, 3 + inputs, 4 + config, 5 + lib, 6 + ... 7 + }: let 8 + cfg = config.nobbz.nixosModules; 9 + 10 + inherit (import ./module_helpers.nix lib inputs) submodule; 11 + 12 + modules = builtins.mapAttrs (_: config: config.wrappedModule) cfg; 13 + in { 14 + options = { 15 + nobbz.nixosModules = lib.mkOption { 16 + type = lib.types.attrsOf submodule; 17 + }; 18 + }; 19 + 20 + config.flake.nixosModules = modules; 21 + }

+3 -4

parts/system_configs.nix

··· 84 84 85 85 finalModules = 86 86 [ 87 - {boot.cleanTmpDir = true;} 87 + {boot.tmp.cleanOnBoot = true;} 88 88 {networking.hostName = name;} 89 89 {nix.flakes.enable = true;} 90 - {system.configurationRevision = self.rev or "dirty";} 90 + {system.configurationRevision = self.rev or "${self.dirtyRev or "unknown"}-dirty";} 91 91 {documentation.man.enable = true;} 92 92 {documentation.man.generateCaches = true;} 93 + {nixpkgs.hostPlatform.system = config.system;} 93 94 inputs.sops-nix.nixosModules.sops 94 95 ] 95 96 ++ config.modules ··· 105 106 packageModule = {${config.system}.${config.packageName} = config.finalPackage;}; 106 107 107 108 finalSystem = config.nixpkgs.lib.nixosSystem { 108 - inherit (config) system; 109 - 110 109 modules = config.finalModules; 111 110 }; 112 111 };

+18 -15

secrets/mimas/default.yaml

··· 1 - restic: ENC[AES256_GCM,data:+4nwZVi6T3yd4Q==,iv:9NdaTuhLR57mv8OaCSyso9cfr8V1iQNuQuWInKyi3bI=,tag:ByjPvjpO9YQHzdSQ48UGxQ==,type:str] 2 - backblaze: ENC[AES256_GCM,data:d/LtXbUVd5d07c3GqEs5oRwQXLFqKapLxKcMGylExw6cDV6w4XtwCNBtm8ohSMd7X3xtHOWVV8W2MiE9KHsqTKk8jAIFOFMwG29k1qAXqiX2fVPUVtYCeezi5oBm+lynr+njNn8=,iv:kGHjUYWYpY5XBVr9EpPMwxaEsFFBwn+aMgmHScK9quo=,tag:WDVLzOqa9WMwmTSUz/DCYQ==,type:str] 1 + restic: ENC[AES256_GCM,data:XMkh9jvehbD3Zg==,iv:9NdaTuhLR57mv8OaCSyso9cfr8V1iQNuQuWInKyi3bI=,tag:Kz08EadPaIWcytF6ASJssw==,type:str] 2 + rustic: ENC[AES256_GCM,data:ETWxyvBz3AlXNp0=,iv:MXlQuvTJa2mZuXeiCX/YYpbqKpT1+RE5TNahBrUMM3Y=,tag:Vl7n0JF5M9Q+xZD32G1njQ==,type:str] 3 + rustic-user: ENC[AES256_GCM,data:2hwYQS4nAA==,iv:y0pbF5axrPRdYRGAmx+kp7jkmSl77R8LQMUKQaiDWak=,tag:8kgcxNtvjmyT9PPc/WjrOg==,type:str] 4 + traefik: ENC[AES256_GCM,data:kMnWaxpt0fLxJeX3oYLQrnZPS+pq/xjqVINleaCfaiXeMlJ8qno0eHBkx82gjldeObvTO1ENFz5k5EJ0ICbnS0ny6qHxeBAMaNVF3dZ+XmKx7w==,iv:ZL90s3YuBmwafBz7VEwCTr2flnkguUxJgPp9OrnyfGA=,tag:UeyiUtdQwOlyQoHObL+80w==,type:str] 5 + warden: ENC[AES256_GCM,data:H3So3oZfZ6MBKsjxJNnxk/6UZi6J5D6H5bCMsb1E7rk/r51qYDe+1z2Gq1o0qqwX0k/O4Dxq7wJPaelLO4kE9bxQHvoT1NJQIZolnYF5G/PMqMKWIE4bxq6uLmxNKBmjOkJLo3hBiOHT8MjD/S6rOkUAB6Mn4YRKqcG+EG1Wz0sw1a+6KcNFMqO9xdcwD44MZYrreexOiwVx6UMPSJc/67fvzJ4ms/E3gQEOq6VvCHpxmk4bujo9ucqajfPGK4ewHqkdn4r0vQvrYxXMBkX7AXcL6CHSZ+ht0Hcw0A+m12GuTSHC0g38Avz5klP3FIruzj7oWcjv6XPBYfk=,iv:OauSp63ywmrkENIqBVGVQ99Ozyom0o+DfSqYaL46Ujg=,tag:ZcYkapCUZZE9DDh0PSfZEg==,type:str] 3 6 sops: 4 7 kms: [] 5 8 gcp_kms: [] ··· 9 12 - recipient: age1wpwkf2g475umw3wwns57r8ucykvy6lflpc7uphs0mx9exsj04quqpy7t6r 10 13 enc: | 11 14 -----BEGIN AGE ENCRYPTED FILE----- 12 - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA1U0xXZjZDN090YkNRRSsw 13 - YlBPR2lQMXM2aHZ4WHRoSjRMUFpmRWJjOHpvCmsrUDZkcFJpRWk5djEvWDJsRE5O 14 - Zm9YdjlDY0VOYTJjRmJIMUl4OWVNbEUKLS0tIElvMERlamNBWjdFRkMzOC9RVnpo 15 - TzJwdjNCRHVFeDNQZVZEM1JXd0hPUFUKQITfkwBEWM41s1396WfuZGbFyZf885t9 16 - +uIQ53TAsmk1hv4noW4tE4d0AFbwE5vgWkFP205Ciq7r6uOkL+wOeg== 15 + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVRkRBcWlnM25ablJBdit2 16 + b0Y1Zy9PM2FjRmg5ajN0YWpsaitJUStTTXlBCnpuL2wvU0hxZFpDREhiTmhnaFFi 17 + LzkxMmVHYWo4TkZOaStJeHZsK3pIZG8KLS0tIC9DSjUyUVk0SG9mNHd0aGdXN1ow 18 + N2Q4QWk3RU83dUxuSG85V1N5TzFkSVEK58cE6fE6mxjRCgtHRMqqahqMkwYeUnhx 19 + F2Bdg5oPPQxoqIf769fZD9L1y/+LZ6Vi4YhJkjfMVFXk6YtEjKJSmQ== 17 20 -----END AGE ENCRYPTED FILE----- 18 21 - recipient: age10jl78vwyqk622dpn2890l9jl4et3p7lsr8wh8vusem3j8jdxle8qg000qa 19 22 enc: | 20 23 -----BEGIN AGE ENCRYPTED FILE----- 21 - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBnbWQ5QUg2RWRISjIrR2Y3 22 - VmZnT0N2SDVPSU5EdFNIT0YvVXF4RUhCNzFFCnFsSDE0OVNWVGFMOWdlVVIwaTh0 23 - cGpya1FMQTdsNlNYNjNUWTNNWVhQM3MKLS0tIFhoU1AvRjBwckxPbE84bW55Y3c3 24 - WTVUbzgrNmwycFUraHBzUlZWR3VCQ1UK27oYZV02fKzJ1sbqtpwnDhmBlkCNo67l 25 - S3HLuh+/rEp4xDUVY6Zcs8ua/u5iSzo0whvUBTYPF6BCVW7/3xL8ww== 24 + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBkY3EzZyt1YXFTTlVhK3Rk 25 + djUvWmVjeDBSajlENCtNc0RZMVRVWUVuRWtBCnFpa0NnVjBvb0J2NCtpYitoMngv 26 + WkxNaDNIQnRSSm0vSXF4a1RYcmNsK2MKLS0tIE5zSkExNVVJYkZsV244eElwMTd0 27 + N3ZuTHhVdFo0aGZVMXFlaTdsRi9lRUUK+K5CUVCdjtMVegVydoKRIb6kpPnfBiy1 28 + FxkXAp3a1qU2WqNvXCSO3gtUwYaMG+MPSCWI1gA3oBjGGtTasHyHsQ== 26 29 -----END AGE ENCRYPTED FILE----- 27 - lastmodified: "2023-02-23T21:11:49Z" 28 - mac: ENC[AES256_GCM,data:qTpbgZ8ZpqbhW8TJul5dVUXur2ZK3SbzJ3wE0b2albjqVz+Y22TIhQAQKDZ8OHGvROVO9B+yKHY9xt54Pth4dpjJftbnhbnmcEZCxG5BybKbBiA5u1sFs7I9EffrM4qgYGugC8tTz/JNNQmRfCAQPjkEKb7i1LB0pYyEop0EKB8=,iv:N2oBn0uGyUKmX+mkdlrrVquDWcTpEjSiNU596R3gm90=,tag:EowbJbM/FVj+e7+wOtGDhw==,type:str] 30 + lastmodified: "2025-03-08T10:44:25Z" 31 + mac: ENC[AES256_GCM,data:iKKmalnJnmm8EkDupTPKmKJydLLYkbAabLy5KJdQfKGvRj6vbJAQHZ3u0Pu2TI0oi5Xv3dtPh7ww04kT0Whe1E97p4t3RPyNCCGNqA8OqQiCPDUn6uqTQwOo1//3xIGFnnRC0VSYrQT0rjebbL96RnWE9XF67TefycxIMHusUXU=,iv:FU6VTW2zkEIlH5P/rr58gmuMnz16TCLP+UtEVkiLueg=,tag:uf7I1GwWxXOT190y8Hddow==,type:str] 29 32 pgp: [] 30 33 unencrypted_suffix: _unencrypted 31 - version: 3.7.3 34 + version: 3.9.4

+14 -15

secrets/mimas/nmelzer/default.yaml

··· 1 - rustic: ENC[AES256_GCM,data:/rH3svpZdz/GKHs=,iv:NHuqnSibmY/RkJrSUWm0TbgG45iSdjso9ABI8SGqUTg=,tag:TeyCRhHEEF9uMy8hs22a4Q==,type:str] 2 - gh_hosts: ENC[AES256_GCM,data:AOaQG+/V0S/MD70HZA1zUiJj2w2dGYOQYnej9dFIS6AHGQi5VUUtBupscd7DZvAsgs0nkEEXL6dngIywaU/ZnlBi5He/7x5H1GPJlEJo3mnt6RvfrNunQztvQMhqPvxxot5/i37B,iv:iFRFCY7y00O3hTi2Ba7stqfVAGPm9M4QRgpbI7X5u1E=,tag:vt38Wm/VToo/c/YV5hAz/A==,type:str] 1 + rustic: ENC[AES256_GCM,data:aYi1wQgLgRL3n40=,iv:NHuqnSibmY/RkJrSUWm0TbgG45iSdjso9ABI8SGqUTg=,tag:k13fNK3kDcylC53d/haqog==,type:str] 3 2 sops: 4 3 kms: [] 5 4 gcp_kms: [] ··· 9 8 - recipient: age1wpwkf2g475umw3wwns57r8ucykvy6lflpc7uphs0mx9exsj04quqpy7t6r 10 9 enc: | 11 10 -----BEGIN AGE ENCRYPTED FILE----- 12 - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSArRTAxMnpBMC94K1Y3c3FQ 13 - YWhrQjdIV1dsMVZIWUxWRkJyQUQ4WWRvdEhJClZhamMvMk5jYWw0ZEVROFNTVmc3 14 - T2JjTFZNd2xyM1NvSW9tcDlGYkhseWMKLS0tIE5MTEZ4WXJ5UzUxUkEvaG9sZ2dO 15 - Z2ltMHlrenhUYXJFbkN5L09BTEV1aUEKI/nMtRFPlOyr4kV3NVDGKX7/TsBofVsV 16 - FDht428Z6dU6AiojXuQ62Iu0wx5Ar8LTwxgmrU03E0CGv2DPhNKGPg== 11 + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3U1ExOVN2aWVRVnB2M3RR 12 + QmxQNDZnSWVWMW1IZWh5YmFmNTZYbGRzSFVRCjdvSGp1WThzc29aNUZQMHJDMThJ 13 + MXNURHJUVVpDQ1hmUDBFamJ3TnRUSzQKLS0tIExXdWNoRm9aL29nUldQemwxOXdV 14 + aktSY1lQZmxkTThpcU82Q0dwSUUzUmcKm2VCJHEUzjz2vXAJH1wOovNqzK6Hkk2z 15 + hoIQzqgfQL3a4WA1q0Oj+R8wBChuRMUAYW4+TWCIAckKKwLqRyzBcQ== 17 16 -----END AGE ENCRYPTED FILE----- 18 17 - recipient: age1w6xjgskpxnlpleswumdhtt7x8zx35qn329yz3x7ftqdcmcxrrvnqnuf9d6 19 18 enc: | 20 19 -----BEGIN AGE ENCRYPTED FILE----- 21 - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBZdGduQ20rMkVRSjVwRk9s 22 - QnVQREhVVkVBTGhUSWUzUlZiRDNaZVNQUVdnCklJQlowSUtDdExMcUdDcldSK0FJ 23 - SFY0cUpSdEUzV2FocEt0cXVjNXdYMmcKLS0tIDNCbGpWU2N6UVlMNG9VZzZ2RkVS 24 - VUgrWE5XdEFtRmF1Z3Q0ZUhYbXFhYWsKPpE3rUzBfqm2cuckrSuUztUExxrA/qpH 25 - Be8drRHDMWbDBv60Ldi3R4phgmIISESHBHwIvdMLyJAozkkLQSqGhQ== 20 + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBSamQ1R0tHZGIxUlN3NWtV 21 + Q1htSVdJMG5rUEN6Rm1QTStONys3YjNiVEdzCmE0bDJCa1VaVTIyK1IvTDBFbVhs 22 + ZWVGSzdwUWpVZTNSYUkvNjNtTERnZHMKLS0tIHRLSnBxTm8rVVo5ME4vS0dKZXF5 23 + MjdaWk9mZEczVGVxZEpnN3pCQTdMOFEKO4oemn8P9PYZVTsJ81oDy17PRAaeu3pn 24 + zxZ5a8/IrS/lZfMJ1vYwlZf0AEgOMTSyjVMNyOkWAgWIq8z1UkrpUA== 26 25 -----END AGE ENCRYPTED FILE----- 27 - lastmodified: "2023-03-12T13:59:40Z" 28 - mac: ENC[AES256_GCM,data:O4XkXzsRa9pw+SpyICQeWkRzxjBi2+GAh4bKQZoBCF2g6e6Hz9KZJef2EAn7qteSNJvdJmB0bzoKg+Z6VO2Hm2RT1BtFKcBRxqA33BHHUEQpIZxnw+P1XpCaiKzJNoJoq5utrpiFOVPE2u6MPZtuhzgB38M8Ru6rXm55n4JRnlI=,iv:EjJuqi/gyNx/6XFNUnuPkYWlunahKrU+5jVM5K7rB2Q=,tag:ff9QkH4BulnDOcj8Kyt2gw==,type:str] 26 + lastmodified: "2025-03-08T10:28:45Z" 27 + mac: ENC[AES256_GCM,data:k+Ui8hxJM/W4vHxZtSkTO86L81ZnzXHcX+VEzef438dfoB6rhIUhz6OaVfLnF6v3RSzRPsYCoDP8L2p1vHAY42ljl4jzZvMqrIYU2N7ATTNFc+m2FO1lcfmKbsOqjkrVQxnux8lwBdD9e2H4/xOB+nAivuCEDd3rihYR0yRYiMI=,iv:yMu0MA0VTdwUsKkZUZAVo91iI9qaT+qOVVI3hlmZC0c=,tag:bbKM/vE0lEpvPHIKWk9llQ==,type:str] 29 28 pgp: [] 30 29 unencrypted_suffix: _unencrypted 31 - version: 3.7.3 30 + version: 3.8.1

+30

secrets/phoebe/nmelzer/default.yaml

··· 1 + ssh: ENC[AES256_GCM,data:Ti7PvRp+ooyu/MHGv90zlACZVzE5EseJUFk5KvxwYbE+bLcEKnTWW8yV+BBa3xoOe50P4X0GeNFHLsaCcCtrjNshNJSxZ3QHt1TQjLABvKrQvpU8BgN3qT3RMo019NMj0+UxWL4/5icaR4XAax+JWCTBXhncqFzyXqcB/IbLLJKKqqFTWe4zYhvQitBDF+oU6nTv/qTtj/6B7XN6byTbGPjTJrEXLotmbvl8ll/LiEkTPmuu,iv:poHvd4U4dJha27Bqf4hA1pFhna29kO/RnFNjJsflpaA=,tag:uUfl6tjzVQQ5oaKOcmUYQA==,type:str] 2 + sops: 3 + kms: [] 4 + gcp_kms: [] 5 + azure_kv: [] 6 + hc_vault: [] 7 + age: 8 + - recipient: age1wpwkf2g475umw3wwns57r8ucykvy6lflpc7uphs0mx9exsj04quqpy7t6r 9 + enc: | 10 + -----BEGIN AGE ENCRYPTED FILE----- 11 + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAwMnNzT2dFWWVPRjh2QUdF 12 + VUZkUzdsQXRISG9kaHVqSGp2UWhCNlN3cVFJCmtQbE9LelRkbW4yU3ZyWG9MdnZB 13 + b1k1QUwrOXBZQTVoRTArNGFtTEJSU0kKLS0tIG5KS3ZFd0hKMEhsSkV4ck5za2VQ 14 + YzFLSjNUVXNRaklnczVKdGQ4V0JYUE0KGVHj8sWKKvVGwMrYmx0Js1uI1DmD028V 15 + R+Y+p8H766496hBt6Eza6r7JhKtLXR5CrcoItq8m+fWU6lu+ElsnAw== 16 + -----END AGE ENCRYPTED FILE----- 17 + - recipient: age1vr0uq6mwv844yvm8pe7qxjxpqrekgel3lqfzuuqtfzj0ehz3hphqzsxjna 18 + enc: | 19 + -----BEGIN AGE ENCRYPTED FILE----- 20 + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBRSTB0dGxWOFhTK0FHcGxI 21 + VkFKV2NkZTlJRVNSZ1dnWVBKQk02YmZ3aERnClZaeTFSYzRJZ3ZWQjNPc1BnanhU 22 + ak1RZ0w0MDExZVlJWVNrYjZxMHZsNEkKLS0tIE9tWHlVMEFpek1VTFdROE8zUFZa 23 + VU9yempBMGVXenkxdkpHZC9YdlFZYm8KsdOmOI4ah0pEjqPt9XnJNxMyFSY4eYsI 24 + UOgJZqRhlG8Y4NL6J1DyJPfeKeIroTAbNoCb65lxWHHWfoPvt3gU3A== 25 + -----END AGE ENCRYPTED FILE----- 26 + lastmodified: "2025-03-08T10:28:45Z" 27 + mac: ENC[AES256_GCM,data:ycmOZIduc6cbx9daCGmLOL6eNSroAkGJw9dSnR79feaplXi6hmvycijcSJkys2vA3m81K2E7MW465GfodkpW1YWT1xW8RPp+WOOlqZvu3qoSu3F2T/VJxx4wCzTaXwvkcY9APAqb+WydN5KQDzakWaJfw+gTP3OS8LTRkYCDtcc=,iv:soCcQcGoi41g+g5X1SVDNH7iH28BCSImZqY1OE/H1Bo=,tag:RGY47osA22GETBuOynX1Dg==,type:str] 28 + pgp: [] 29 + unencrypted_suffix: _unencrypted 30 + version: 3.9.1

+57

secrets/users/nmelzer/default.yaml

··· 1 + access-tokens: ENC[AES256_GCM,data:sLkIWAyispOwNUZJqXfTFVl8NbUcLhWhgLIVI2rahROYHMO3aU/0x8BOtmm0QkPYHA3C7GwzyvatMoASJWrqn6ife48=,iv:BPI8HwuKwfzOMT2gs7U0cpbpP77f+X/HvCcfvIJh9Q4=,tag:Kf2wZ+3xtKhaSY5S1QjTuw==,type:str] 2 + sops: 3 + kms: [] 4 + gcp_kms: [] 5 + azure_kv: [] 6 + hc_vault: [] 7 + age: 8 + - recipient: age1wpwkf2g475umw3wwns57r8ucykvy6lflpc7uphs0mx9exsj04quqpy7t6r 9 + enc: | 10 + -----BEGIN AGE ENCRYPTED FILE----- 11 + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAwcVV6MWRlWjhSQUt6V2E4 12 + R3h5ZTlTei9QaTBnSm0zQXU4Q2dkVFdkL0JRCjVnbHFpQ0VaVis1TENCbVQ0Tm9F 13 + bmxZakNpMmIyTmZTdy9aRDJKNGU0dWMKLS0tIHYwMGJxV3VhNTd3b1gwRUREMWVW 14 + MUVzclBGZmV5d2lZcFJyMzViZGxXbFkKpgyVR4xv8NA6J7keZwVvJX0QSjoTAaW7 15 + 9fu5UR/d/pYIoJswd7jPNdhnClRLnTpJB62RZf+HHzGU2uq6aND1AA== 16 + -----END AGE ENCRYPTED FILE----- 17 + - recipient: age18p8x2cxam2l0trtpyhj4x9amcppp9ruzkqxzgapy9wnfpzl9hgaqlkht86 18 + enc: | 19 + -----BEGIN AGE ENCRYPTED FILE----- 20 + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBXeGFqL0NVaFYxaWVNdVFa 21 + Y3JKdFE3dnh0cFhQRVFqZjdXWHJ6VjV4eVdZCmZQUmJXNDZUbmVvWjRaMk5VSkxL 22 + dFpVTDRqR05xcm5OMDYxc2NjNXNJYTAKLS0tIFNmZ0JsR2MwSzhWeWhwUEx0WlUy 23 + ZlM1NXhPSjdQaGZlVDN1UGZLNDJRNVEKLmyd5dcZhNPKltxgVgHjJR1KQEcYOJ1V 24 + 6jY2Pq1dw8n8CswcThH4GmWBTqttEirFV8tB8CkYvHGk7oJCpX8gIg== 25 + -----END AGE ENCRYPTED FILE----- 26 + - recipient: age1w6xjgskpxnlpleswumdhtt7x8zx35qn329yz3x7ftqdcmcxrrvnqnuf9d6 27 + enc: | 28 + -----BEGIN AGE ENCRYPTED FILE----- 29 + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAwTEZRbk42bk9UdWh5bUFY 30 + MlBoVUFScE0yUlJNeUlDOFNkZTNmZ2ZYZXg4CnV0a3JTOEZmZXdJYmxUOUlQR2pm 31 + QzRmcGhWZW5RcGpLYURTWGoxcEtZVVUKLS0tIHVieWVteHcyMFRUOEZFVVYxN1oz 32 + SklxWSs3RDhtNHdjZ2tZb0ZSRG4ydlkKvjxtjpOtaNmzeGnVqVLbkI8cEh0wKsLH 33 + k5J7At247/4BFnQApfnw2cbeve2aQVsDjO6a6aZwcVrYQrErq/Ltog== 34 + -----END AGE ENCRYPTED FILE----- 35 + - recipient: age1tf0zelmw4lh9gvkl0qycdk83fut9t4q3tfcdzk8cvlyhjp7z0g2q7hklgq 36 + enc: | 37 + -----BEGIN AGE ENCRYPTED FILE----- 38 + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBvemdIMXNVSFNibjBmc3cz 39 + YXR3dHNGVGpUZDhtWGtSZVMwWHdKcU9zQ0VjCnNpdmMzNldvYi91ZWdGTkJyaWlF 40 + R2tBcHg5aXpFR2x3M2Q0RU0vVWU0OUEKLS0tIEZYRWVpc2JLWGEvVExpSktDcFNQ 41 + ZDFySCtOdk1Kdm1yRnlaTzFZRkpvQVUKGZoNU9KJgFOJau7Gxge47txwpAlMh2rQ 42 + 6Hfjf8E1igzLnbjvxQcGa2xVvI95KqhKZZclzPX9Vagl1z3XnoCvSw== 43 + -----END AGE ENCRYPTED FILE----- 44 + - recipient: age1vr0uq6mwv844yvm8pe7qxjxpqrekgel3lqfzuuqtfzj0ehz3hphqzsxjna 45 + enc: | 46 + -----BEGIN AGE ENCRYPTED FILE----- 47 + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB1ci9GbWNmMWU4S1lGelFi 48 + TVAvUUE0TmtxNE9nSURqQjVSb244bnBjdlJBCkY5eHhaRUxiOXA2OFhSTkthR0d4 49 + dDhMUGhNeXA3aHcvemNZczU2bVpsQkkKLS0tIFZEMFFyTGJwWkR6QXFvYnZHVnNs 50 + OUR3N2IyMkxJc3RqcmorUFBOYjRpa2cKPQT3cmtP7I2C38OPaRqxudCXv6CEObnp 51 + DOVPG5JpeQGEu74kK5WTqbWlQU8AToOXmJdc+ru7ea1wAiXZiKEG4Q== 52 + -----END AGE ENCRYPTED FILE----- 53 + lastmodified: "2025-03-08T10:28:45Z" 54 + mac: ENC[AES256_GCM,data:VktkGG1xk+tFtgdmLrM7rLQ+NEqDMATyu0kdm4iRe61mcMppNVR7ZxjP7Ryfz6kkiwAfqrv5g8pzaoHHCJoLAOShgCDdHB49USDVR7OZHp/BiNJkSwSYgSWsWQf4Wxve2lADcGJNrOD/l8jmO9DcUDldLdGEGJeZ6waej3g7z7Q=,iv:FhfHa/LN9UVC8fnilYv2NxlNT+xRRXdsKIejOqug4cc=,tag:mTBuhaR2AxulRrfPSB6F+Q==,type:str] 55 + pgp: [] 56 + unencrypted_suffix: _unencrypted 57 + version: 3.9.1

+36

secrets/users/nmelzer/github

··· 1 + { 2 + "data": "ENC[AES256_GCM,data:WaE9ywj9g4TvMdjrRmKjwxwTuak4gsPENMaP37qdxQTSvp+dhklwaIh+LIAIMhPHYtrhBMNj1viHnaIETwMIB7uUsblKIYa6AOxpi9CU9xPkpBhKGw7vMEfCjlj9rHPjB41W9EN/EDVgY0phYFRF7DSoOa1wpHouKwKbbaO3r8L+ZbN4BOiizquzMOVOxp1b71xsc34WvrAIQc7+0H5f145I+KPAKGkUSMrV7t0RJTC24ENa9Zz7n0NduoLokK/IGXt6tsQNnzdS/DTmLw2W6fVkb5b4uzEvkqgnQOuQilH4CMX+xsuEkUkWqe3E8sUlzvdUszAjfruQUvJDuC//Vvx0vE1Kx70h+8BCqDGPLIs/4aEtW7xfu5B09WOQKByyd86NArZsC6R+sbmTCPD7WLFV9NI7Sg+E1wkPSmtYUYeMTmvPwfNISLKC4KHNm0cp5rb0EhmZTxKu1qId59vNdpjTnTEz0AZAGoVB1pGi45Bb0pUE/n54WsNhuscOVHk2XdYH/BTcEU8VYpLvcNAWFX/a1MWc0Bx21e8Qk/KNZGuATrWLiXIhGxT33bmlm2/Lb+5LS7xwMxomu1g0xGzSzD3z2B9CExekUw7q9VWfAinVecHA8NbMLrajkqGQb7fbcTqXOQqXL6BrQDbaOb/hC/AffYq4SEurvP4BI30E1hArLIlHabLwxBOaNLB/Ii7i51BKWqQGaof01ziAWChptvSic/oN6xnF6CbpXLr1r/z5WoLm4MqEQJ4Qvp+vsAChan/1kG3S93xpgYof3PZsrSpxxfGSJq2qBZq5Xd//6CfHdwhdulaciKi32F0GV+DTkDAWTwOOy5fo8IC3bLnWr8rFo3iS0DhETR2V7s1/w6MU/0iuPz95TrBffNvaI9uSehJaQwI4a3Y2M79nxB9xfgHIsbh4+fef8OFa53snckCCzY74Rsv3Th7HliBLVcpAUNvaw5xFnECFkjq/uJVd3cJ3GnYO01InxRqkHm7Bl4RqA0tctpzM98p6RtidTAZ1RHZD3rwgU/oPoV8a32gcmhdRbm8m1/nBXDg2aoSXYJ9NhGtJ2hK+ufsW+szAv240SVX/JH5vk7w7T6H7n6UcZqxYozjAqawP7hUSB/eYfY3uKJIxUdJmGfnDq+L8/d15Pnbqb6zD9qSHi38OfKUTAe8WONWSiziK9EEO5R1EPAdsZod3CFBx0K/TfrBC2mpCZIUUY1HqIDICsDUoFdzj377tLQqcF6K/b0r0sL5rw8L0I6pZiYCCz4LfaBg+oCJwupTqnm1Lusstw1EZP0Psqt+pabj30wA5JPPbo+EB7X5oK6P9N7b/Hw9MpQNNddTvZk0bHI9l5hUZF/rv6TY/qVVCKcAH06bCbQfPvzV9Q6fc+e6/k401zVplq73+WjiqxUWm9iNhrWodXpLWH7Zj3Tcn/mmWNRYUvJE9IccTd+mQ+rvfAM8om66NH68zISbPlDeBuEUIhUlCihpUOerE5j/SasBuTqnrXNz1Z+aR3LT40r4QH2OMEeBR93pPbsZ2l/2zoqL8t685U8B3nimYAE6bwpdn6tErT3MnO2+R6VKIISaUm29Kang6jfDPgPaOZPVXCN05O35Of555TjbSn2XXsh7jqnnp7qW6zUXCcM2Q470yAlQXF9VAXLTI0zKkTVK5b4g0jNs9IFHXelw4vZNM26L5wsTVsvvjW8TpJm8Hkf/Flv3hjLQql21YyAejxRe/vu4ku80Gglwrqyu6wVdZtL28lqZwt0k06z19JuxbTwyck7cSQpMiHg5Ou/0ThqHJdEbCv10d61Be6bZ/kGaqG7mjzX16BjGJamzrRsW+dB96WGipFfLswFka4slB0Bsn5uA9awhNTR9JJyAk+6LvXDg/YigSYiwpXqcOoSPY8KrfBapNussU9oYPqIumdocMGvIzg9MOqpR4Kl9E/ZOyf0gzomIYqdP7elFNnmcxDmuGBwexqO188w2pRIQ7C/GrCwmarMJfe2ZKozmVAbMPaze9B3lLs2gb059tj6WF2xTJd/3HYxbdmUtMeGIrQkxKhFxBY/+bU8M4rhbR5HZiOJIfqko/lAPPQIB9UMGC0yBfGofaZYndHtJAjf9LKLtj3crHAPd1vsS7zyy8rhGkNGFHJNnYgyvYZT1A3eM36W7MlCnVImgENg50uV6xFFKzruiVLTLhF68bfKRKnncxw2sb0dKBGvVcOFm6At7ZgtM8bX2HIlM+7A==,iv:+pnvwKJLNUD+0tpxurFocDgK0qOGzVsYkcV6b6KYock=,tag:oVCamxWlyuQU7McVwxZUKw==,type:str]", 3 + "sops": { 4 + "kms": null, 5 + "gcp_kms": null, 6 + "azure_kv": null, 7 + "hc_vault": null, 8 + "age": [ 9 + { 10 + "recipient": "age1wpwkf2g475umw3wwns57r8ucykvy6lflpc7uphs0mx9exsj04quqpy7t6r", 11 + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBOSEw0c0dWY0JhdGpMVFo1\nc2kzQm1FdHZIaEtuRG4zYUIyU0Z0QmVOdVZFCkpNTFJpTi9ha1VFb2l5czJONnl4\na3lYU1VmNmpBNzNBdVZEMjNRVjF0RG8KLS0tIFRhTEs1RFF0cTRnNTJqbDVJajh5\naG5UWExpVVl5YjZKUUQrT3gxR09CbVkKc64s7ROfryegUfEr+lS1KkbUDJo7+hso\nBvdJ4EJqS1Uu6H2XugpwBco640PKknJABrkL68LdUGlsUsITqK/MFQ==\n-----END AGE ENCRYPTED FILE-----\n" 12 + }, 13 + { 14 + "recipient": "age18p8x2cxam2l0trtpyhj4x9amcppp9ruzkqxzgapy9wnfpzl9hgaqlkht86", 15 + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGOFBxeFNVU1RTSUNCOG1B\nZGhZQm1WSjR1NmsrYkpBd3A0M3liNlNEYXdZCkJKUkp3TGRsMzMrZ2RvU1YxVU0y\nMDJGT0dwQzM3T2pHZFplcFozYi9Pek0KLS0tIFlEb3VuaVJ1QlJPRWlVVDJaMnV4\nQzNhNzBuL1JZeFljb1hwMkp6NE9hY0EKtSZY/B+DbKkDW6cof3sjud77Qz+S6qO4\n81N0I13ywjMmLKLE/eXKEwRXvZkTV8o4AfkZIZo+JPvMgXcujrTFzA==\n-----END AGE ENCRYPTED FILE-----\n" 16 + }, 17 + { 18 + "recipient": "age1w6xjgskpxnlpleswumdhtt7x8zx35qn329yz3x7ftqdcmcxrrvnqnuf9d6", 19 + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKMHA0ZHRjU2tYSEZna2ZV\nUjFTRDdMV1B1Ny9YbGlXVmEyRUNuMlRWSDFjClR6cjhHaHVKRFFGWEJHdERZZDRw\nQU9sVC9SNGZUUGxrVUdJWlVwbGpBa1EKLS0tIHYyeWZtS2ZjWTVJZWExTkJWdzFJ\na3NDMUNhSEtiamhIVUV6T2luNjI0S1UKIVHr+P3jpJY/k44EEE1RYB/PQxI4E3lw\n1DdyulRw0CvhuxVoZsINckTjgNIfRSeJlqS2OYEYfHPvqg2xcBNlGg==\n-----END AGE ENCRYPTED FILE-----\n" 20 + }, 21 + { 22 + "recipient": "age1tf0zelmw4lh9gvkl0qycdk83fut9t4q3tfcdzk8cvlyhjp7z0g2q7hklgq", 23 + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSArRWhuWVNScC9IK0Vya2oz\nZ1JSRERnSmpJVEVNY3VlWnZLcUFESUxVM2dBCjFSdUtEbTVDZ3V1eERja1hnb09I\nWGNLcmNKcW5wOHFIMjJUWTJrTXh4M2MKLS0tIGI2OFh2ak5PTEV4MFZKWjhIVSsv\nZXA1dFFRY2FjVnI1MnE0TUtJemoxTEkKcCGDk5Mj16JL4/fevQCXYuTdY5ZVE2rb\n7nP+oqXXRTQAMVYsWwWIftNjd2XCM43UkTUKetMktGlcBMd/vNh/Xg==\n-----END AGE ENCRYPTED FILE-----\n" 24 + }, 25 + { 26 + "recipient": "age1vr0uq6mwv844yvm8pe7qxjxpqrekgel3lqfzuuqtfzj0ehz3hphqzsxjna", 27 + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB1RE0rOU1pYWVQOFU0N3da\nd2NmNjlZVWtEdisvcTVJa2ExRzVsK2lFcDNvCnkzb0dTQ1ZkM085VFpLQ09NZXBR\nd2VKNWtmWVp4YVViV2dpeUJyblBoNHcKLS0tIGUybXNsQ2tsaU81MURmKzJ5YThY\nS280YUMyL2JyK2pHMWlRTnNpSjRqNmsKg80xYn2ZE2zjt/t6pSUpXm0umg1+OM3h\niWJzu2RPayXglUc22hIiC08kahueHA+iJ+OPvMkl+NEM0FBMHotGLA==\n-----END AGE ENCRYPTED FILE-----\n" 28 + } 29 + ], 30 + "lastmodified": "2025-03-08T10:28:45Z", 31 + "mac": "ENC[AES256_GCM,data:xbFr0rhkcvO/+fTrGrOLCcmE52QVVxvwEu2Zg2vQ8DIt9aa+8p/aXI5ndY8TDoHsrl27IqZUetTYReXgyNBWuYhCbh6pLlJ/9GBipq+HTtyTuorj/hAREnaWDI049awM9yR6S6jELBSvPfUSKDi8JfBYelO04D9a2VinuAyP8/A=,iv:HzqLaMQbsNhwgBCX2YZj4pNbnLf73hc/IpJ8Hm5+pDQ=,tag:3rBwAgrscRB7hSKKj8ps6Q==,type:str]", 32 + "pgp": null, 33 + "unencrypted_suffix": "_unencrypted", 34 + "version": "3.8.1" 35 + } 36 + }

+36

secrets/users/nmelzer/gitlab

··· 1 + { 2 + "data": "ENC[AES256_GCM,data:Ogl6BZFz2S1TTDdGDckoF2Mb8KD6G+tD1gIKsiiGBJBQFkC62fT/bEPKNEQ1kndIsLQAcsU26tBEn9YhCLyWkeIIcFDSnq58u9La4HVtydpNo8f+jrvWeDqp3lfXPgIMKRUywC499Oa0HtIyUGs5Xf3DuwoaECS/hhNBNUG9gSb2X6iLb0C7mV+Gd66kJf31DX0cm0JFChiwdQyLlxgnxRMeeBeUhXETMQBVPlRtEs1WxUnvn8D8WkHRcZBs+/TRIRaJ3rY7oG62iBAum/UmVBgs3kt5ZfsK9wBkIFuujwd1wVlTZjWkUYnte87G2p2My2khEQX0A9AXatAxRowRUMI/BS7nq51iv4RLGuHEWK/2IOwmfKPShPvUOZsRx+b16GT2/Xeaq5WnIdW2PaBcfYJV4GaLUwFSlsFHq8D1E/DnlD1s3msmoy0IppNwvk4zkK9zdZxoWIhldq1Baa+GpFHhqPjRIgpN9Gd/hulcygvDKr/rrekOiz/xdjBREXvwW2siwnMIr2SfnKLlGYyb+P8KmYXdPgHh2+X8k767b6fzQ6WmoqzeXVlsLtjPHK32nOz0T5eilQYrL5oC1Mi0u+4wmD8QiIS7KvMC/pU6B5lCb0yjpsdLET5gbQ5Xqo0vn4inftGMwHl7HoQbB9bokHhCmZSoI7DQCUjIYlKCHR5we46IZv55RzLCkmMpBlHCjhqn6nK08+Kj34jl65BBx1BjUR/digio29VhCgL8NwYgwk1k2YABVuFJFnCERBPiDLpL9v0zTQzB1Z8qfFpwxmLw/e/4UbqhPl7z2uhlFMkMjF01kgqBpZNzXTEwUm+kWegURdGdo+XJhHs634QuCZKsKExODCw4Lgl5jUCBgSxHYdnqzyN1MH9ws6xrvywAMmzTwMX19gb3q/NGijlX/Ipt5hrOGlmteNuhepW4KVuTanxhdtRfU9CeSBsHxabZkglkl2tQhfaXoW1OwE/Sp/NF4pYfxy09kOqH/c+Yp2j9WGyxrLTnNlS5XNPY+NCVDk31/zQno2hV77EbXK7pW10TThlu0iNOa2X0OhkJEZV9nWhN8QeKwN/Xao8F29JZ0WDYmcXMWrTPAmSsDob2SnQwgEvRpmxxtuum53IYnTxdGZGpL7DBWLdKZBMsJ9bP5vgeHClSHPyjpro1zK4VhxW/U6Yzpi3PCEyx+KpV/v8sG1DnvSReYd5RHga+p2ekYE8zWD0BzeNfvucroKMFcX2erZHYBKliMuAM85jXLXEohMhoOVdLm/1gAPt49LJnz2QFaU91G89QRxSjXaIqNjZdCDM/jE4Oa3qx3P7QtBzKzS9q6EYjvKzoFlo8I33X7CpAZ0PZuJttD3jDLHmmoOaVnIiquq0I7ESBjIbCtzjuerhDEhkaQDlHPUlFthK5Dg21/cPUbKL1xrZLYoOC6UfWa0lkayz8m7+o6NQAEJYJmvGd4pWVPoHPuYKCtmXWHeNNH8GIcGLvwUe87F5LeC/QFe+oPix8FHOfjZS3vzQRTDdEp057UewWMvodChFnZV+73rl1WOHhqGWghi58ghIY7pkhzj76lrMBhRq8ryyefrDq00uVYntoIbetxwH/GducP7JBvNPbFVvRn4/n3u6/3/0ZrdzyuXKtgwW17YP6UOexvQmkzgyBnTVs+JW1hnS/BToIliMtBg6KlUXcQR+0X+6hLF5mms1oPmX7wH1sC01iMKpt/jpnfIhq5tjySaebCahjqDJ7XC3HuvBjCvGmVpLYFWBjJoUX8fnPcaVI50zUtwqofF0BPcsSCg5U8S9vjVB61A9mTqOcH/6p5lThL/8yAii76XRn+tLA8UoabuQs+Z1bPb6DowkMnmT93Ye22NRX6fxFrXyJCr0puRkh2Qn9xbPmcIwx3CxRhO4DmBivtVtZtmYhoxYvcs3dNV/ergk6O7FKwM+q8c6Ia363GAhATHJkNyjxmDZRvaSY7v9CeqMyFmGobp0ZohWyfgXRuMO20CU9Ub7VdIct1mgMslhYSOfW4UStc66tGvozsMdyvnCo5lzjQUBHxOq93HxkSTedP9FB03WFyVWZEH2++nYyc3IsExGnq7ce6YQwL5rPThMNw5Ur09zrf4aX9Rl4mQJaMQyQWES9BfO0fDRIMciZXwWW0FDSlMCeBwesQwlnBpVIjPixsy8r09LMd3LxxPw1pt7vtfJh1R+6y4ye8/1VdVsGBp6AFLTvpaYW/aZUFAr8SP/mVYhlfms=,iv:wutx8cOVSjjC69NzlIrojwRLhs28QvNXRnRJSC6MMb0=,tag:cPf78d+51Op/58UiaM8IqQ==,type:str]", 3 + "sops": { 4 + "kms": null, 5 + "gcp_kms": null, 6 + "azure_kv": null, 7 + "hc_vault": null, 8 + "age": [ 9 + { 10 + "recipient": "age1wpwkf2g475umw3wwns57r8ucykvy6lflpc7uphs0mx9exsj04quqpy7t6r", 11 + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJc1N0MUNwVFNlTEdjUElq\nUWlsTG8vc2xQYitYNWlUTlRGRTVLVzRyY1dBCmlMVG9OcUU5bjhzNDhpWStDaWVn\nRTcxZ1QySFhabklhQzJKL3BqSVVydncKLS0tIGhIamdINjdJZERnbXowZTlNRGtY\nOVVJSEZ1Q2NNNXNXV3UrbldUTy8yTlUKeLwquuhjLHDwzzL8JERFELXD9b6HWlKD\n6YXv+mHaeKtcN0y61uzH2O51U13e79ipex9AeYj8YSIZx1DRiJAg5Q==\n-----END AGE ENCRYPTED FILE-----\n" 12 + }, 13 + { 14 + "recipient": "age18p8x2cxam2l0trtpyhj4x9amcppp9ruzkqxzgapy9wnfpzl9hgaqlkht86", 15 + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBlU2tFSTgwSXFyVEo4YVdO\naUx5R2F3UGxhY0RBbStMNDdpMWZCdkVzMEc4CmcwOVVFbDBGRlZDS3dhdGZNNUtI\nWWNCRDRUelhvVzA2ZFIwZ09QYUhZWk0KLS0tIDRORmpMZk5CcDdOL2pvMW51clA2\naFpFS1k2dW9rY1dQR2hwb2FlMWVrREUKL3F0eiR8lKlDfQMYekRvxUo/c/qDVgKJ\nl5+yOsCMh6iu2u696gRcrnzrZ/aX23TJE98ttYS97DeUjUCc0Dpo1w==\n-----END AGE ENCRYPTED FILE-----\n" 16 + }, 17 + { 18 + "recipient": "age1w6xjgskpxnlpleswumdhtt7x8zx35qn329yz3x7ftqdcmcxrrvnqnuf9d6", 19 + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBHcUhZOU9kQ1FkMWY4TkdS\neStwOThKdkpWa04xYUU4MENrbjZRQ29ya3pZCkpqaHRGeVUyeGdDemZUeXNkMlo5\nTkg3dFNlL3c1NWJNS1FzWUJ3b3FSYkkKLS0tIG9aUkxYTTVDRitCWTh1TmRFMXoy\nU3p6RHk4cUVOOTlDamNSZFdIVmc3STQKdvB/aVmyKhVAA+JKT8aQo1VmDa2WhGl7\nzGIGX77gsjDiy9Jb15Z3KWGu4AP+bonUTmTkUWA5Oiqe1rhOe9MDMA==\n-----END AGE ENCRYPTED FILE-----\n" 20 + }, 21 + { 22 + "recipient": "age1tf0zelmw4lh9gvkl0qycdk83fut9t4q3tfcdzk8cvlyhjp7z0g2q7hklgq", 23 + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBaNWhBaWQycm1EZ0JwKzIv\nSit2UjFhNUsrd00wSzhua2xONXZwZlA1WjMwCk80WG5acXNGTkFEdmxyYlRCNlIv\nc05CY0RQM3Z0ZXZNTkswOXVsaVcwS0EKLS0tIHBrNnpZbFRpY1BuMm5ocnlYWXNZ\nTXdBMkhROGxBM0R1MDdPNHhKM1NYYVUKjZaHwqh/0OKB+ybatAfxEF4OmskYW2E9\nYEjuhy9jdcqi2a3hm2bI6rdSCsemAADJPW2PWsqjNc2TB9QeAK9ZgQ==\n-----END AGE ENCRYPTED FILE-----\n" 24 + }, 25 + { 26 + "recipient": "age1vr0uq6mwv844yvm8pe7qxjxpqrekgel3lqfzuuqtfzj0ehz3hphqzsxjna", 27 + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBTUEJ4ZjV5aUhLNUVxNlZp\nY1N1WUEwNE5odUQ2ZkdqdFV5cjB6WW1LWkRNCndObExzUDB4ZFdsYVVNbUtBbFE2\nSU5kZy9iK3RlY3FLWXFrR1pzZmhYOU0KLS0tIG04dm85SGtMQmZmT2RqTGYyRWlS\nTVhCRVUwWGhUaGdpUExPVjIxUVl1ZzQKkcnzuMCngr9oWFDynRENTlJQEFIbRJV/\nY8THko3rajg5QrIcoDTHeQ85WM6ucapUakAUTbis+Sa9xBoQ2coqDg==\n-----END AGE ENCRYPTED FILE-----\n" 28 + } 29 + ], 30 + "lastmodified": "2025-03-08T10:28:45Z", 31 + "mac": "ENC[AES256_GCM,data:1Y93EdZwSxZ3u+F0umtNc0jxzHHR7CdF2OUDb+DhxhmJrt9dEBoK1pRAN2qkdTMRMu5SDZVh0oilbQQC8HSC0iegpvlJo7lkG/qXyo1ixqEdp/P+mjqZTRqyxt2F/fFTPU9ggXhpQKyJcDgV6fjGm1pyYcTSMsvm0hOyrFq2+fE=,iv:rBYnAsB8PFoK2y0rb3G8YgX7e0yACTSE/AO1fYoRV8Q=,tag:TR6ZqCdPll7zPVSL/qUTzg==,type:str]", 32 + "pgp": null, 33 + "unencrypted_suffix": "_unencrypted", 34 + "version": "3.8.1" 35 + } 36 + }

+36

secrets/users/nmelzer/nix-community

··· 1 + { 2 + "data": "ENC[AES256_GCM,data:beYSt9kq8a7NhS+FQcWQFFz0AjJP+Ybz1o5tYhAXkFo88OlxooLKCEpFgSDmN8jKgoE/IItxuLNVJJmPmo7+QUbQZgZq2Gs5xE5Am40ckfWc5vdGshxa5cPFqt1v+Sq/D6+oMj+8wxRC8zbUXGAH7Pah9Zaht/O/8gYcdnuypokYz6iKn9J713JbKAUHNNK358UUQhkEuVHWIgsWjbe6FylP+GlNtziYm2d4FwhAebuoOmZx3prQidP2qAcuul/FWjvRa5tJX3mEEa/oA1z44Q54jkPyWHvaMbsXMwdmq/3iFL26pMMZJl7FrM5OjfcxsTPNFHZFe9zonVWzffvdgu3KDpNcGTDK2OZRbOszr6kXy3BZYkzt/EMHoqH75mJ+WNCaGIZ41c3MMWBjEr0AkDLrLWA59EcVAJdH0WQ0TaVUErncLG6kR9UfGTMNm6dFs50IJy0PfGISHAKrnNL+2NkAdEVKlhHouP/0nlCqgB9Zg33nWzHniP7e4j2yDz6jfIkoIUjBHuwYPh44MEFE,iv:liL/qeyXe5Wbm3WtMCR8iIUk0O7gdIqYTOS9sBJSyqo=,tag:pkKFZEKNNBvl3/SfjH2nwQ==,type:str]", 3 + "sops": { 4 + "kms": null, 5 + "gcp_kms": null, 6 + "azure_kv": null, 7 + "hc_vault": null, 8 + "age": [ 9 + { 10 + "recipient": "age1wpwkf2g475umw3wwns57r8ucykvy6lflpc7uphs0mx9exsj04quqpy7t6r", 11 + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtZ2c0aUJiRENZM1FNamJX\ndElNRmNsdlRBMFZNeG5vRHdVcjFyWEhYTnhBClJEbWF4ZFkxM3NoS0hXS2tnaTJY\nM29oY2xzQldidzdBcE54c2pTdkhCNncKLS0tIEFLNC94aUZmUkdLc09oSEkrb0VS\nM29wT2h4SEdjUE9CMWtFMmYwSHVSaUEKN9MEDf76Wa5JNjk0DSy8MExMDjyxhpSu\nBCPeuJpyYqac2vpwc09ttV4vqbzRzrGHlMGPpgFkgkYvvzX5lqehkQ==\n-----END AGE ENCRYPTED FILE-----\n" 12 + }, 13 + { 14 + "recipient": "age18p8x2cxam2l0trtpyhj4x9amcppp9ruzkqxzgapy9wnfpzl9hgaqlkht86", 15 + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBXeGZtQ2xERDlxd3l1TzFW\nTFhmRDJnOUJxUW0vemtZM1FORCsyMHFyTkJFCmtvR3I4eWhuSjFrNTJDdkd4Z29k\nRkt4eHM0aWVtNTZuc2txVGNKc2N1SDQKLS0tIEZ4bE5qU3hSSGpXb3lGWHp6MGti\nb2QzWDRYRmluWDllTVNJNmJaMlMxZDAKB0LOonMk7ypELophUHLnR2eEOclM5CgD\nrbgkmmKZPXMSvXLXDoQDICxleDNoFD2mWi4JvwZWZuRpaNs/1KPraw==\n-----END AGE ENCRYPTED FILE-----\n" 16 + }, 17 + { 18 + "recipient": "age1w6xjgskpxnlpleswumdhtt7x8zx35qn329yz3x7ftqdcmcxrrvnqnuf9d6", 19 + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGdTVoVUI4UzM1VmlTZWVy\nblZxZE04TmIxaU1zOGhrREh6NnJaaTIwSjBBClFHejZwdHlFRTQyMC9YOFFsczhI\nMjh6cjJzcklFUGlHV1p6TnJUdzNPVGsKLS0tIFVQTDI1K0Jydno1ZVgrN2p2aDdi\nQ01mR3lNVzRmSEptQklBR0tIbWR0WE0KKND3aAMOLmMLjQV4iexO+XnjZIgZSSOj\nbK3qtICJ7E9lcRgoXtHDJm6+e5BzpBOUVkfX7cKAEWWtbfwrHbYnyA==\n-----END AGE ENCRYPTED FILE-----\n" 20 + }, 21 + { 22 + "recipient": "age1tf0zelmw4lh9gvkl0qycdk83fut9t4q3tfcdzk8cvlyhjp7z0g2q7hklgq", 23 + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBYZTVyRU9DQmNIRm1HWDQy\nUmhQUGVPM21ldGhCSzMydGpMK2JBdUNZU1JrCkpTa1krT1haWGo3OEdnLzFQZzh5\nTkFYb21JZjhGdmZxTjU1U1hRU0hkaGMKLS0tIDl0M3NaeE0vOTlTU0psSnVpYUw1\nYUE3ZGxXUmk0WUZmWUlQdjJNMTRBclEKPCZVzELeRe9jUC+dY/LTFrk0yrk4uWn0\nhNCROYc6jQPAHLhYRnCbWkENCQHfhBrxVLeyzLmELoU5ZdM0KgtPyA==\n-----END AGE ENCRYPTED FILE-----\n" 24 + }, 25 + { 26 + "recipient": "age1vr0uq6mwv844yvm8pe7qxjxpqrekgel3lqfzuuqtfzj0ehz3hphqzsxjna", 27 + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3aU02ZFlIcDFpUXU5ZUg3\nUFZTR0Uya2JDUkw5L29tK3d2cmg2N05XVFRJClZnWVpwVHo3cFp2b0h3QVh0Wk15\nWGFOclBuQVMvcVdMcklGOUVST2JGYVkKLS0tIHFrRUl1aW1OZ1Z2SkF5K3FMRmFu\nQXlDZjdlWVFVZWEzaXN5NnNFc25iRkUKk6/f0mFEON/gplXSDCviVm4+e+duQJlw\nBT1oJflU2VHXK9RJBiUl9sV3tGHF41MeXpt3WoEO1AKMsk8Q3Q++1w==\n-----END AGE ENCRYPTED FILE-----\n" 28 + } 29 + ], 30 + "lastmodified": "2025-03-08T10:28:45Z", 31 + "mac": "ENC[AES256_GCM,data:yenOYHB/Eax95Z8YqLd2kWq6bHUIbDXHj/qQntzLgLmBTUpnWW4DKuyligR3iBH91WD4evWBc+bDU5sMfGuozDQpgynsoIjPiOsNXPlLOURZLQf4tnqPzd4VzSkWsH2Q+b5bQvEteqYwYt9EI0XUxOfIF0X10yrjCM6axV6bsu8=,iv:du8kmJ2P/33SsLOih+5oCMrdvIEgWsFEC4ys51ASLJ4=,tag:4jsUew+WAfIj6pAUTGymLg==,type:str]", 32 + "pgp": null, 33 + "unencrypted_suffix": "_unencrypted", 34 + "version": "3.9.2" 35 + } 36 + }

+36

secrets/users/nmelzer/nobbz_dev

··· 1 + { 2 + "data": "ENC[AES256_GCM,data:JbATH1rQff0rUhJUxXAKwqq+KO8hjLXnwp6uwBwCpQXK1OAD88l/4StWTZ94oSqUwcwjT8DtI2M0DLFdGFQTmmQrrt/Or8XKHnZc1zu5axgJ8H/Ey3m+CFDgz6Wg9rOuc1nz0EBTBk6XIGvyeXc4AMMfUuVDo14ijarTL34JqPy4sB0ayzCGCWZTyxy0VKQoQnYQBK5D2JTqG4P2IjFY4yh/2R+IRmK+MghErz3gKg5ORKPfIqH4rFAszGbUjYZt9TKpVGiidW2lYVn0nqVHHzMgZGokst+jkrcriKQS4CLLLk/zh0Dx0fHo1QrJyRYzry5cFFQVCQZKyTe3nbkuExPbxfm13hROCC7jK+XYgn6T+MowJ4u6/B6F//UgjTLQ9by58lhbG7N1IUbXcgGYpWYib9bavF1ELk2PXdazP+WQJTQXMYT/f++eT80m6PdPbmHVbm1cjVD22SjnMa8g695eTUcvx8jwFbTKVEkE9kMEMOlAG6hVvf6/+8G+xvoCYXu/C35/mf9k6n62ii5QkoPiqT5yKKiGv/GXht+24d9NQGX4f1CF4p/6s3yRfKaOnnOF2MLseY8eYGrlLdGqdr3QWet0cAcraTXP62OH3gBBPhTW0U4N0EciBsX3/9atVxoiq4y9C/SQOYla6MIRRK6NTrWlWLCRif/MOBja+Ya7BG3s51umZgS8v3uPL9OyjpWutRpYvBPkherfHpKKzUUNJx+o/2De0yFtQx659bVddBQ1dBmJPjYkUbSzQBJE767pEyZf1oac88SC0wizxPFLDcI7ZzFvQlO9XYs5pgoO9aZKqYDx97rT6BJeOyUmLE4XhURliQtpL18fRqIqHu6SoAQoLZpjLx9A5JUHyI2iem7FyZJKFVeA/bL1hdXL1hby/VpnuP3PmbGP90Y4FOHPozUsLgBLObqbgf6SMKZBEs7JWWEK4i9A1uYbv7LIvxslqYvB+qwdCDEa+tFfz8TG9pBerJ2oqCpaNbO0UGruvpwJ7HXSpn4VdAXgG5zy4glupIqkGUNoERpYEVJMRZxx4K8ST9OZ+0qwpAOOTXTwYuqkcEw5TNwcoNswUNzu9Ck2/An0307fhOYXjO0D8IDvTDIF5CSESILjASB5H7qhbR4hbUE4G09fIChKi6DLyTP/zMAwWpgUBwxByZGMrttH+EzntFNbgL2EGbbdCfr8Vf7XWHhXT/bNYhlGJp2dkdOOBnV3XdPMIkyl4zJqzzAFySx4cpFTfCQ/zwWOEQN7H58sEsqcUxeYOtnSwccWkuP0+9Z4nrdJrAjq32RLeLSzTJ8cMStB85E3h/Gqx+O0Jw9fA+H4sE49JGkIobiuioz0wC/6uMQvyMBs5cyDvpiWFQ3dj2bKgpCtBVrAlcNG1Q8Hljc55WblkFiQRxVix1xB13yCpFMeNuIdCifGXUbTWuA64H4QjG5/P5KgH5IkT6Ry0wDPGw7CSqMXCXhCiRLsyzByGfy+LMkjL4LZk8GP21+6NlUkc+5j+cNZkjZ22J5LhxIdz4eE7MXSMKTno0iMrvUKYPJe0+NgIrXtprsacHLDyDSXowS3FUPWqPfPLG6vOBfz+99DMumFY1UU6eHSdFHVovBdp50kHnu3LbsiNh4iNvl8rtctgVl7PGRMvU+tF4GtiIrxHt0MRZzQ6WemRVvRIvZBYMXEEjn5p6Xn9Lg5p9HjsnvpjdmJOZCp4CCwYrkm9kzk+f2qwPVy/J6DQBwgr41k0Pd8fbCQjdICkGSU8yJxwCsWvP5I2T5NWrPiUdav0doc2i5fEi02NnDcL1ncChBooqrVjD0mLIbQ9ra9F+f+51RGZO+Y7XjfFH8E2uUb8GS3u/bZbhmoCvouVKHLurOCcmFfs14ZGek0bZT7Q+PHChWzv890MkA1S5A3x9orY6WmhR4Zy86Bsi9PA3YNL59jUQTl0nWknbrxuhPdPcsmCL+DgdSV7E5zesUaeRJi7QuL/GCZ2E8PKKSuh9Kq56pYk8HsYMsrqNqyU80QM8aRc1o++YSq6SLwEmY1Pm8fsssZTjP9PT2RZIXt5LjskQbkA4Q4rECm4JQepx9jHZeFAgo0tDOfAmj7q1QQq3bxEfvRO1dxJ212tvcFpR5ehDO8d4CLyTMqprBvG9/0r2qO8xp7ifJQKHx4CDpiiZaNS9Fyl1QdfqADvrT9z15ucRsmoQuL5zjVdbC05lAie4wswlcOUUvu3qoj6RikDC+xFG6AXd+e33un1v9rT2XmVzz+47WKPCQLfRqCDkNgwpjxUkrgCsiFun3+EhzWxLxzXLIEkVfE8c7eJnQSDu3IEShZ2vF2sT5FFJScN8tf888J7mCgLsHpnWbSplXxa4RMjO1rHD1S04tLC80EPGl/rdaraHmnEtt4mc9boo7IyusR19gotEjRRnZDZJaplDt72IdgC6hBCQM=,iv:iwfQiWkkxmB52x5mVXlhS3pbzKL3/ctoJMctdhHGQuk=,tag:VQ0GWz0xyQiCx/WpYq1itA==,type:str]", 3 + "sops": { 4 + "kms": null, 5 + "gcp_kms": null, 6 + "azure_kv": null, 7 + "hc_vault": null, 8 + "age": [ 9 + { 10 + "recipient": "age1wpwkf2g475umw3wwns57r8ucykvy6lflpc7uphs0mx9exsj04quqpy7t6r", 11 + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtQUpwZ2JXYTUybXc5Tm9T\na1p6azYvbno0NzY0UGNrWnNjQUd3SnJMakV3CjVMemhwQ3NmOWFJSGEzQ2ZsL1pF\najgrM2g2THQ2dkxTUUM0QlpnODRjbUkKLS0tIDZKaFYydnZRYWdxZFIzYnNZbjZ3\nWkxPcWdHbm9ZZnZNNVpIQmZ5djVHTGcKAiKFm4r93FBNXxt/jgofvKS3pn0NbdWW\njDacQ7VUubSqpmHax/s/FNV75g5ynIm8ldOJVoW6lgNxPWxcfucTLA==\n-----END AGE ENCRYPTED FILE-----\n" 12 + }, 13 + { 14 + "recipient": "age18p8x2cxam2l0trtpyhj4x9amcppp9ruzkqxzgapy9wnfpzl9hgaqlkht86", 15 + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLMU5ycnhZSlJyQ0UrRXVo\naVIra1o2TkRmbTFFMHFzeTN2d1NGQUluTVRzCk4wRm41Sy8rNWh4OXI0eUdKdDhH\nRjZwcE80K1NUbGxubGp1akh1WVFTWU0KLS0tIFZraWFpdmU3dlRCMnVtMHN3RnFD\nYmN5dmIwRUlJQktKTmUzZllTb1lOUTQKkJLBrTeUlPaZ1C/pGWu9WQNFCBgsJVqS\nYnPpsvYJiOE/6WmCzB34OVpO8vdrv1mE5jR/Ila3YQVjBt8JHo7Zqw==\n-----END AGE ENCRYPTED FILE-----\n" 16 + }, 17 + { 18 + "recipient": "age1w6xjgskpxnlpleswumdhtt7x8zx35qn329yz3x7ftqdcmcxrrvnqnuf9d6", 19 + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVUEx6UkEveUI1UVRqQm1n\ncE9OcFNnZFM4eU5iM2NpQjQ5R0NteFZOMlhZCk1Kd3JxVy9tTk5oTU1GSUgyTjNO\nY1hmaTZjYmZkZHVnazl3Q1ViT1R6RVUKLS0tIE9udElPWU9vNWpYYWtmMmluTWQ2\nK0hWL25OemxpVStNMFZJUGI4UUc4MmsKs7DTAfnY74yp33cmdyYiF6fPiNgheehm\nRO9PDQ/Yh6wIq/6j/brPsMJLyYrC7+Mjgx/oX5lNmMwTVLBrCe/qdg==\n-----END AGE ENCRYPTED FILE-----\n" 20 + }, 21 + { 22 + "recipient": "age1tf0zelmw4lh9gvkl0qycdk83fut9t4q3tfcdzk8cvlyhjp7z0g2q7hklgq", 23 + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqVW5aVUVpZk14U1pYK2NJ\nRVpGbGdXVzlLQ25PSWYyWjR6bGRCWkIxM3dVCnlGd1h3Z2pJNmNweTgwRmUyL1Bo\nNVBoaFprQWVUK1pQbi9YOTgreFBpcDgKLS0tIFhCUE5WQ2w4R3J1eXVhSFJEOGRp\nMlZpSnovWnpvc3lGemE3WmJkK2xQWVkKkNZaVbq8X99+MXfei0BzbXBwzibERWvR\nV26mOEEYcfv/3/KqCLOjBVCLEE3RSuB9AtniAAFC6Fj0/jHnMzaghQ==\n-----END AGE ENCRYPTED FILE-----\n" 24 + }, 25 + { 26 + "recipient": "age1vr0uq6mwv844yvm8pe7qxjxpqrekgel3lqfzuuqtfzj0ehz3hphqzsxjna", 27 + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQdlIzc3NQM2JkdW1TQzVX\nYVRjR2hEY3NrME9GeHJhbitpQURVbUdoTWlrCm81Wmt5dWpWWlVtaHJKcnNnMVJm\nekZnM0gycDdlZi9ZdUhYMTRpTFhjK28KLS0tIHcrcFQ3SEphOW1oeEsvcDdBUFRI\nU1psVWVldkZ0TXp3QnBmMUxHdm1ocmsKn/oYX+0hYRZvC32KGQ9hNRDMdlxclv5x\nekDM5wPeI9wT/j62bxmykEtNnI40WEpEopz7MSZvRnj6B8zF9boFPw==\n-----END AGE ENCRYPTED FILE-----\n" 28 + } 29 + ], 30 + "lastmodified": "2025-03-08T10:28:45Z", 31 + "mac": "ENC[AES256_GCM,data:7XBQhTfVn9Uq4ZjjpLdMyvw+kDhIJ+dUEjI1j7Lq8QzoxLN7kqWyrotavl4T7x3kbhGseqA/RtuldK5cvw90OK7FVvWD0H5WSsxDCG2zuNRCELmiOEM8O4Iw47J6ye3wY9F+05F7ggG/GrZGJK09YojuZyek4G+/slHfp/Zgxy0=,iv:vAqJx7GT28f4wC0iH0w+K/HRywJlMb6/N/5Lb1/4q80=,tag:L3odjAh/IWuddrzg7vP/Sg==,type:str]", 32 + "pgp": null, 33 + "unencrypted_suffix": "_unencrypted", 34 + "version": "3.8.1" 35 + } 36 + }

Compare changes