diff --git a/flake.lock b/flake.lock index 5b04fe4..d804b99 100644 --- a/flake.lock +++ b/flake.lock @@ -9,16 +9,15 @@ ] }, "locked": { - "lastModified": 1736812363, - "narHash": "sha256-vs6tf4F4LVMDw4nsXkVFMSNC8RAbS7mRxbBscfE/mts=", - "ref": "jemalloc", - "rev": "015aee89b8519ce94a603d5cd58f1c54ec3ac718", - "revCount": 67, + "lastModified": 1740787854, + "narHash": "sha256-psuFa7Ilar3iJaogz6UD8fRPMIk1NFAushM74Ln/SC4=", + "ref": "refs/heads/main", + "rev": "9752430f815f27d236a26451d479fdc3a1738060", + "revCount": 69, "type": "git", "url": "https://git.min.rip/min/breeze.git" }, "original": { - "ref": "jemalloc", "type": "git", "url": "https://git.min.rip/min/breeze.git" } @@ -38,6 +37,21 @@ "type": "github" } }, + "crane_2": { + "locked": { + "lastModified": 1734808813, + "narHash": "sha256-3aH/0Y6ajIlfy7j52FGZ+s4icVX0oHhqBzRdlOeztqg=", + "owner": "ipetkov", + "repo": "crane", + "rev": "72e2d02dbac80c8c86bf6bf3e785536acf8ee926", + "type": "github" + }, + "original": { + "owner": "ipetkov", + "repo": "crane", + "type": "github" + } + }, "deploy-rs": { "inputs": { "flake-compat": "flake-compat", @@ -67,11 +81,11 @@ ] }, "locked": { - "lastModified": 1736199437, - "narHash": "sha256-TdU0a/x8048rbbJmkKWzSY1CtsbbGKNkIJcMdr8Zf4Q=", + "lastModified": 1740485968, + "narHash": "sha256-WK+PZHbfDjLyveXAxpnrfagiFgZWaTJglewBWniTn2Y=", "owner": "nix-community", "repo": "disko", - "rev": "49f8aa791f81ff2402039b3efe0c35b9386c4bcf", + "rev": "19c1140419c4f1cdf88ad4c1cfb6605597628940", "type": "github" }, "original": { @@ -101,11 +115,11 @@ "nixpkgs-lib": "nixpkgs-lib" }, "locked": { - "lastModified": 1736143030, - "narHash": "sha256-+hu54pAoLDEZT9pjHlqL9DNzWz0NbUn8NEAHP7PQPzU=", + "lastModified": 1738453229, + "narHash": "sha256-7H9XgNiGLKN1G1CgRh0vUL4AheZSYzPm+zmZ7vxbJdo=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "b905f6fc23a9051a6e1b741e1438dbfc0634c6de", + "rev": "32ea77a06711b758da0ad9bd6a844c5740a87abd", "type": "github" }, "original": { @@ -132,13 +146,31 @@ "type": "github" } }, + "flake-utils_2": { + "inputs": { + "systems": "systems_3" + }, + "locked": { + "lastModified": 1731533236, + "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, "impermanence": { "locked": { - "lastModified": 1734945620, - "narHash": "sha256-olIfsfJK4/GFmPH8mXMmBDAkzVQ1TWJmeGT3wBGfQPY=", + "lastModified": 1737831083, + "narHash": "sha256-LJggUHbpyeDvNagTUrdhe/pRVp4pnS6wVKALS782gRI=", "owner": "nix-community", "repo": "impermanence", - "rev": "d000479f4f41390ff7cf9204979660ad5dd16176", + "rev": "4b3e914cdf97a5b536a889e939fb2fd2b043a170", "type": "github" }, "original": { @@ -149,11 +181,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1736200483, - "narHash": "sha256-JO+lFN2HsCwSLMUWXHeOad6QUxOuwe9UOAF/iSl1J4I=", + "lastModified": 1740603184, + "narHash": "sha256-t+VaahjQAWyA+Ctn2idyo1yxRIYpaDxMgHkgCNiMJa4=", "owner": "nixos", "repo": "nixpkgs", - "rev": "3f0a8ac25fb674611b98089ca3a5dd6480175751", + "rev": "f44bd8ca21e026135061a0a57dcf3d0775b67a49", "type": "github" }, "original": { @@ -165,14 +197,14 @@ }, "nixpkgs-lib": { "locked": { - "lastModified": 1735774519, - "narHash": "sha256-CewEm1o2eVAnoqb6Ml+Qi9Gg/EfNAxbRx1lANGVyoLI=", + "lastModified": 1738452942, + "narHash": "sha256-vJzFZGaCpnmo7I6i416HaBLpC+hvcURh/BQwROcGIp8=", "type": "tarball", - "url": "https://github.com/NixOS/nixpkgs/archive/e9b51731911566bbf7e4895475a87fe06961de0b.tar.gz" + "url": "https://github.com/NixOS/nixpkgs/archive/072a6db25e947df2f31aab9eccd0ab75d5b2da11.tar.gz" }, "original": { "type": "tarball", - "url": "https://github.com/NixOS/nixpkgs/archive/e9b51731911566bbf7e4895475a87fe06961de0b.tar.gz" + "url": "https://github.com/NixOS/nixpkgs/archive/072a6db25e947df2f31aab9eccd0ab75d5b2da11.tar.gz" } }, "root": { @@ -183,9 +215,32 @@ "flake-parts": "flake-parts", "impermanence": "impermanence", "nixpkgs": "nixpkgs", + "sim-breeze": "sim-breeze", "sops-nix": "sops-nix" } }, + "sim-breeze": { + "inputs": { + "crane": "crane_2", + "flake-utils": "flake-utils_2", + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1740803896, + "narHash": "sha256-l7r91rD5iM5Vuagoqs0aIgYW68lIEHTf3oPIRoVm5Og=", + "ref": "refs/heads/main", + "rev": "ab744ebb5024dc391a03774571a2cb09bc225a11", + "revCount": 74, + "type": "git", + "url": "ssh://git@git.min.rip/min/sim-breeze.git" + }, + "original": { + "type": "git", + "url": "ssh://git@git.min.rip/min/sim-breeze.git" + } + }, "sops-nix": { "inputs": { "nixpkgs": [ @@ -193,11 +248,11 @@ ] }, "locked": { - "lastModified": 1736203741, - "narHash": "sha256-eSjkBwBdQk+TZWFlLbclF2rAh4JxbGg8az4w/Lfe7f4=", + "lastModified": 1739262228, + "narHash": "sha256-7JAGezJ0Dn5qIyA2+T4Dt/xQgAbhCglh6lzCekTVMeU=", "owner": "Mic92", "repo": "sops-nix", - "rev": "c9c88f08e3ee495e888b8d7c8624a0b2519cb773", + "rev": "07af005bb7d60c7f118d9d9f5530485da5d1e975", "type": "github" }, "original": { @@ -236,6 +291,21 @@ "type": "github" } }, + "systems_3": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, "utils": { "inputs": { "systems": "systems_2" diff --git a/flake.nix b/flake.nix index d8e57dd..7c84579 100644 --- a/flake.nix +++ b/flake.nix @@ -17,8 +17,11 @@ impermanence.url = "github:nix-community/impermanence"; - breeze.url = "git+https://git.min.rip/min/breeze.git?ref=jemalloc"; + breeze.url = "git+https://git.min.rip/min/breeze.git"; breeze.inputs.nixpkgs.follows = "nixpkgs"; + + sim-breeze.url = "git+ssh://git@git.min.rip/min/sim-breeze.git"; + sim-breeze.inputs.nixpkgs.follows = "nixpkgs"; }; outputs = inputs @ {self, ...}: @@ -40,6 +43,7 @@ packages = with pkgs; [ sops ssh-to-age + openssl # not included: age, gpg, pcscd, scdaemon, etc. deploy-rs diff --git a/nixos/hosts/default.nix b/nixos/hosts/default.nix index a62b9fe..f7074ac 100644 --- a/nixos/hosts/default.nix +++ b/nixos/hosts/default.nix @@ -1,32 +1,34 @@ {inputs, ...}: let - systems = ["silver"]; + systems = makeSystems ["silver"]; inherit (inputs.nixpkgs) lib; - makeNixosConfigurations = systems: - lib.listToAttrs (lib.map - (name: let - system = import ./${name} {inherit inputs;}; - in { + makeSystems = systems: + lib.listToAttrs (lib.map (name: { inherit name; - value = lib.nixosSystem { - inherit (system) system; - - modules = - system.modules - ++ [ - { - _module.args = { - inherit inputs; - }; - } - - ../modules - ]; - }; + value = import ./${name} {inherit inputs;}; }) systems); + makeNixosConfigurations = systems: + lib.mapAttrs (name: system: + lib.nixosSystem { + inherit (system) system; + + modules = + system.modules + ++ [ + { + _module.args = { + inherit inputs; + }; + } + + ../modules + ]; + }) + systems; + makeDeployRsNodes = systems: lib.mapAttrs (name: system: { diff --git a/nixos/hosts/eidola/mounts.nix b/nixos/hosts/eidola/mounts.nix index 28d54ce..7664881 100644 --- a/nixos/hosts/eidola/mounts.nix +++ b/nixos/hosts/eidola/mounts.nix @@ -1,4 +1,4 @@ -{...}: { +_: { environment.persistence."/persist" = { hideMounts = true; directories = [ diff --git a/nixos/hosts/eidola/prometheus.nix b/nixos/hosts/eidola/prometheus.nix index 6df3b74..041482e 100644 --- a/nixos/hosts/eidola/prometheus.nix +++ b/nixos/hosts/eidola/prometheus.nix @@ -1,4 +1,4 @@ -{...}: let +_: let ipInternal = "10.13.1.1"; # TODO: hardcoding in { services.prometheus.exporters = { diff --git a/nixos/hosts/eidola/secrets.nix b/nixos/hosts/eidola/secrets.nix index 3f0718f..cef65a7 100644 --- a/nixos/hosts/eidola/secrets.nix +++ b/nixos/hosts/eidola/secrets.nix @@ -1,4 +1,4 @@ -{...}: { +_: { sops = { defaultSopsFile = ../../../secrets/eidola.yaml; age.sshKeyPaths = ["/persist/etc/ssh/ssh_host_ed25519_key"]; diff --git a/nixos/hosts/eidola/services/samba.nix b/nixos/hosts/eidola/services/samba.nix index 2e7c258..7fde87a 100644 --- a/nixos/hosts/eidola/services/samba.nix +++ b/nixos/hosts/eidola/services/samba.nix @@ -1,4 +1,4 @@ -{...}: { +_: { users = { users = let shareUser = { diff --git a/nixos/hosts/silver/configuration.nix b/nixos/hosts/silver/configuration.nix index c85d60c..2509e00 100644 --- a/nixos/hosts/silver/configuration.nix +++ b/nixos/hosts/silver/configuration.nix @@ -5,10 +5,10 @@ }: let net = { # TODO: hardcoding (this module *may* be a good place to store values like this, though) - address = "107.152.41.67"; + address = "66.23.198.122"; prefixLength = 24; subnet = "255.255.255.0"; - gateway = "107.152.41.1"; + gateway = "66.23.198.1"; interface = "eth0"; }; in { diff --git a/nixos/hosts/silver/default.nix b/nixos/hosts/silver/default.nix index 2e0bcaf..9b0c7d6 100644 --- a/nixos/hosts/silver/default.nix +++ b/nixos/hosts/silver/default.nix @@ -18,6 +18,7 @@ inputs.disko.nixosModules.disko inputs.impermanence.nixosModules.impermanence inputs.breeze.nixosModules.${system}.breeze + inputs.sim-breeze.nixosModules.${system}.sim-breeze ./configuration.nix ]; } diff --git a/nixos/hosts/silver/disk-config.nix b/nixos/hosts/silver/disk-config.nix index f46d17a..e0e962f 100644 --- a/nixos/hosts/silver/disk-config.nix +++ b/nixos/hosts/silver/disk-config.nix @@ -3,7 +3,7 @@ disk = { main = { type = "disk"; - device = "/dev/vda"; + device = "/dev/sda"; content = { type = "gpt"; @@ -75,6 +75,12 @@ ]; }; }; + swap = { + size = "6G"; + content = { + type = "swap"; + }; + }; persist = { size = "100%FREE"; content = { diff --git a/nixos/hosts/silver/mounts.nix b/nixos/hosts/silver/mounts.nix index 3992116..6175f7c 100644 --- a/nixos/hosts/silver/mounts.nix +++ b/nixos/hosts/silver/mounts.nix @@ -1,4 +1,4 @@ -{...}: { +_: { environment.persistence."/persist" = { hideMounts = true; directories = [ diff --git a/nixos/hosts/silver/prometheus.nix b/nixos/hosts/silver/prometheus.nix index ca4bb87..f4f69c6 100644 --- a/nixos/hosts/silver/prometheus.nix +++ b/nixos/hosts/silver/prometheus.nix @@ -1,4 +1,4 @@ -{...}: let +_: let ipInternal = "10.13.0.1"; # TODO: hardcoding in { services.prometheus.exporters = { diff --git a/nixos/hosts/silver/secrets.nix b/nixos/hosts/silver/secrets.nix index d759f5c..a249628 100644 --- a/nixos/hosts/silver/secrets.nix +++ b/nixos/hosts/silver/secrets.nix @@ -1,4 +1,4 @@ -{...}: { +_: { sops = { defaultSopsFile = ../../../secrets/silver.yaml; age.sshKeyPaths = ["/persist/etc/ssh/ssh_host_ed25519_key"]; diff --git a/nixos/hosts/silver/services/default.nix b/nixos/hosts/silver/services/default.nix index a0cc096..3111574 100644 --- a/nixos/hosts/silver/services/default.nix +++ b/nixos/hosts/silver/services/default.nix @@ -4,6 +4,7 @@ ./breeze.nix ./min-rip.nix ./gitea.nix + ./sim-breeze.nix ./synapse.nix ./nebula.nix ./prometheus.nix diff --git a/nixos/hosts/silver/services/gitea.nix b/nixos/hosts/silver/services/gitea.nix index 96a50a6..39a8b3c 100644 --- a/nixos/hosts/silver/services/gitea.nix +++ b/nixos/hosts/silver/services/gitea.nix @@ -1,5 +1,5 @@ {config, ...}: let - sshExposeIp = "107.152.41.67"; # TODO: hardcoding + sshExposeIp = "66.23.198.122"; # TODO: hardcoding sshIntPort = 14022; httpIntPort = 14020; dom = "git.min.rip"; # TODO: hardcoding diff --git a/nixos/hosts/silver/services/grafana.nix b/nixos/hosts/silver/services/grafana.nix index 0573c98..5a207c8 100644 --- a/nixos/hosts/silver/services/grafana.nix +++ b/nixos/hosts/silver/services/grafana.nix @@ -1,4 +1,4 @@ -{...}: let +_: let dom = "graf.min.rip"; httpIntPort = 14050; in { diff --git a/nixos/hosts/silver/services/min-rip.nix b/nixos/hosts/silver/services/min-rip.nix index 9ced5f9..c41bc37 100644 --- a/nixos/hosts/silver/services/min-rip.nix +++ b/nixos/hosts/silver/services/min-rip.nix @@ -1,4 +1,4 @@ -{...}: let +_: let dom = "min.rip"; # TODO: hardcoding in { services.nginx.virtualHosts.${dom} = { diff --git a/nixos/hosts/silver/services/prometheus.nix b/nixos/hosts/silver/services/prometheus.nix index 1abde89..972e1a6 100644 --- a/nixos/hosts/silver/services/prometheus.nix +++ b/nixos/hosts/silver/services/prometheus.nix @@ -1,4 +1,4 @@ -{...}: let +_: let ipSilver = "10.13.0.1"; # TODO: hardcoding ipEidola = "10.13.1.1"; # TODO: hardcoding in { diff --git a/nixos/hosts/silver/services/sim-breeze.nix b/nixos/hosts/silver/services/sim-breeze.nix new file mode 100644 index 0000000..8c1cb63 --- /dev/null +++ b/nixos/hosts/silver/services/sim-breeze.nix @@ -0,0 +1,56 @@ +{config, ...}: let + httpIntPort = 14012; + dom = "simul.lol"; +in { + sops.secrets."svc-sim-breeze-upload_key" = { + owner = "sim-breeze"; + group = "sim-breeze"; + }; + + services.nginx.virtualHosts.${dom} = { + forceSSL = true; + enableACME = true; + + quic = true; + + locations."/" = { + proxyPass = "http://127.0.0.1:${toString httpIntPort}"; + }; + + extraConfig = let + cloudflarePem = ../../../keys/cloudflare.pem; + in '' + ssl_client_certificate ${cloudflarePem}; + ssl_verify_client on; + ''; + }; + + systemd.tmpfiles.rules = [ + "d /srv/uploads-sim 0750 sim-breeze sim-breeze - -" + ]; + + services.sim-breeze = { + enable = true; + uploadKeyFile = config.sops.secrets."svc-sim-breeze-upload_key".path; + + settings = { + engine = { + base_url = "https://${dom}"; + max_upload_len = 2147483648; + max_temp_lifetime = 43200; + max_strip_len = 16777216; + + disk.save_path = "/srv/uploads-sim"; + cache = { + max_length = 268435456; + upload_lifetime = 1800; + scan_freq = 60; + mem_capacity = 4294967296; + }; + }; + + http.listen_on = "127.0.0.1:${toString httpIntPort}"; + logger.level = "info"; + }; + }; +} diff --git a/nixos/hosts/silver/services/synapse.nix b/nixos/hosts/silver/services/synapse.nix index 41b7d77..aeff697 100644 --- a/nixos/hosts/silver/services/synapse.nix +++ b/nixos/hosts/silver/services/synapse.nix @@ -42,7 +42,7 @@ in { ]; virtualisation.oci-containers.containers.synapse-db = { - image = "docker.io/postgres:12-alpine"; + image = "docker.io/postgres:17-alpine"; environment = { POSTGRES_USER = "synapse"; POSTGRES_PASSWORD = "synapse"; diff --git a/nixos/hosts/silver/services/vaultwarden.nix b/nixos/hosts/silver/services/vaultwarden.nix index 75eaf61..6fdff6e 100644 --- a/nixos/hosts/silver/services/vaultwarden.nix +++ b/nixos/hosts/silver/services/vaultwarden.nix @@ -1,4 +1,4 @@ -{...}: let +_: let httpIntAddr = "127.0.0.1"; httpIntPort = 14210; dom = "pw.min.rip"; diff --git a/nixos/keys/cloudflare.pem b/nixos/keys/cloudflare.pem new file mode 100644 index 0000000..0684b9e --- /dev/null +++ b/nixos/keys/cloudflare.pem @@ -0,0 +1,35 @@ +-----BEGIN CERTIFICATE----- +MIIGCjCCA/KgAwIBAgIIV5G6lVbCLmEwDQYJKoZIhvcNAQENBQAwgZAxCzAJBgNV +BAYTAlVTMRkwFwYDVQQKExBDbG91ZEZsYXJlLCBJbmMuMRQwEgYDVQQLEwtPcmln +aW4gUHVsbDEWMBQGA1UEBxMNU2FuIEZyYW5jaXNjbzETMBEGA1UECBMKQ2FsaWZv +cm5pYTEjMCEGA1UEAxMab3JpZ2luLXB1bGwuY2xvdWRmbGFyZS5uZXQwHhcNMTkx +MDEwMTg0NTAwWhcNMjkxMTAxMTcwMDAwWjCBkDELMAkGA1UEBhMCVVMxGTAXBgNV +BAoTEENsb3VkRmxhcmUsIEluYy4xFDASBgNVBAsTC09yaWdpbiBQdWxsMRYwFAYD +VQQHEw1TYW4gRnJhbmNpc2NvMRMwEQYDVQQIEwpDYWxpZm9ybmlhMSMwIQYDVQQD +ExpvcmlnaW4tcHVsbC5jbG91ZGZsYXJlLm5ldDCCAiIwDQYJKoZIhvcNAQEBBQAD +ggIPADCCAgoCggIBAN2y2zojYfl0bKfhp0AJBFeV+jQqbCw3sHmvEPwLmqDLqynI +42tZXR5y914ZB9ZrwbL/K5O46exd/LujJnV2b3dzcx5rtiQzso0xzljqbnbQT20e +ihx/WrF4OkZKydZzsdaJsWAPuplDH5P7J82q3re88jQdgE5hqjqFZ3clCG7lxoBw +hLaazm3NJJlUfzdk97ouRvnFGAuXd5cQVx8jYOOeU60sWqmMe4QHdOvpqB91bJoY +QSKVFjUgHeTpN8tNpKJfb9LIn3pun3bC9NKNHtRKMNX3Kl/sAPq7q/AlndvA2Kw3 +Dkum2mHQUGdzVHqcOgea9BGjLK2h7SuX93zTWL02u799dr6Xkrad/WShHchfjjRn +aL35niJUDr02YJtPgxWObsrfOU63B8juLUphW/4BOjjJyAG5l9j1//aUGEi/sEe5 +lqVv0P78QrxoxR+MMXiJwQab5FB8TG/ac6mRHgF9CmkX90uaRh+OC07XjTdfSKGR +PpM9hB2ZhLol/nf8qmoLdoD5HvODZuKu2+muKeVHXgw2/A6wM7OwrinxZiyBk5Hh +CvaADH7PZpU6z/zv5NU5HSvXiKtCzFuDu4/Zfi34RfHXeCUfHAb4KfNRXJwMsxUa ++4ZpSAX2G6RnGU5meuXpU5/V+DQJp/e69XyyY6RXDoMywaEFlIlXBqjRRA2pAgMB +AAGjZjBkMA4GA1UdDwEB/wQEAwIBBjASBgNVHRMBAf8ECDAGAQH/AgECMB0GA1Ud +DgQWBBRDWUsraYuA4REzalfNVzjann3F6zAfBgNVHSMEGDAWgBRDWUsraYuA4REz +alfNVzjann3F6zANBgkqhkiG9w0BAQ0FAAOCAgEAkQ+T9nqcSlAuW/90DeYmQOW1 +QhqOor5psBEGvxbNGV2hdLJY8h6QUq48BCevcMChg/L1CkznBNI40i3/6heDn3IS +zVEwXKf34pPFCACWVMZxbQjkNRTiH8iRur9EsaNQ5oXCPJkhwg2+IFyoPAAYURoX +VcI9SCDUa45clmYHJ/XYwV1icGVI8/9b2JUqklnOTa5tugwIUi5sTfipNcJXHhgz +6BKYDl0/UP0lLKbsUETXeTGDiDpxZYIgbcFrRDDkHC6BSvdWVEiH5b9mH2BON60z +0O0j8EEKTwi9jnafVtZQXP/D8yoVowdFDjXcKkOPF/1gIh9qrFR6GdoPVgB3SkLc +5ulBqZaCHm563jsvWb/kXJnlFxW+1bsO9BDD6DweBcGdNurgmH625wBXksSdD7y/ +fakk8DagjbjKShYlPEFOAqEcliwjF45eabL0t27MJV61O/jHzHL3dknXeE4BDa2j +bA+JbyJeUMtU7KMsxvx82RmhqBEJJDBCJ3scVptvhDMRrtqDBW5JShxoAOcpFQGm +iYWicn46nPDjgTU0bX1ZPpTpryXbvciVL5RkVBuyX2ntcOLDPlZWgxZCBp96x07F +AnOzKgZk4RzZPNAxCXERVxajn/FLcOhglVAKo5H0ac+AitlQ0ip55D2/mf8o72tM +fVQ6VpyjEXdiIXWUq/o= +-----END CERTIFICATE----- \ No newline at end of file diff --git a/nixos/keys/ssh.nix b/nixos/keys/ssh.nix index 31b406f..f4be2b5 100644 --- a/nixos/keys/ssh.nix +++ b/nixos/keys/ssh.nix @@ -2,4 +2,5 @@ "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBLM+RmEfAxC6vYelGWhBj5bCkiwWmbrMs1XqyMNALOilSoW+om9tJbulDSYn9l7woc9UOm8lFZ/x08J3AORbQjI=" "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIPci/gIUGWdoiLXS8Nq8T6Fvh2Wtpxv6pnqyvbSWvzyoAAAABHNzaDo=" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINIysEjWk8jdsnfF2Ki1U1TENkRLu3ig5tGVlVUnBGTj" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIG/Fc8P3CyombtPO/1OnYIx7VMh46XmCjV9WNCoLi77q" # migration ] diff --git a/nixos/modules/limits.nix b/nixos/modules/limits.nix index 437b041..649593d 100644 --- a/nixos/modules/limits.nix +++ b/nixos/modules/limits.nix @@ -1,4 +1,4 @@ -{...}: { +_: { boot.kernel.sysctl."net.core.rmem_max" = 2500000; boot.kernel.sysctl."fs.inotify.max_user_instances" = 1024; diff --git a/nixos/modules/networking.nix b/nixos/modules/networking.nix index 4eb31e4..afa9b90 100644 --- a/nixos/modules/networking.nix +++ b/nixos/modules/networking.nix @@ -1,3 +1,3 @@ -{...}: { +_: { networking.nameservers = ["1.1.1.1" "1.0.0.1"]; } diff --git a/secrets/silver.yaml b/secrets/silver.yaml index c217771..2ca6a7c 100644 --- a/secrets/silver.yaml +++ b/secrets/silver.yaml @@ -3,6 +3,7 @@ user-pw: ENC[AES256_GCM,data:5qJ/TLLdHyQVTftN882UJZ/FPAbHUGQkw1eXqajCt2Aw2wca5D7 svc-nodemusicbot-env: ENC[AES256_GCM,data:XoTn7WuFbfs8P+MvoMLfwpvUJ4IGGRMhdG1HXdmXGiI9s6ZTlipnIL70MYlih5kKn/wSBR2QDd9i6AErbz3hDUAkCh0tBuiZTDuSctUU0X2PCnrBnbg=,iv:ayrHgGO0zCl7apVKjMGI1MbtkN8V3j6dT0Mv07/KoYQ=,tag:TdAussU7bBg+jxpLufR1sw==,type:str] svc-vcnotifier-env: ENC[AES256_GCM,data:8DwT17Aosvu7/Q2ecbir/t9HOtanPlFeBgLOzxtcv2BpCIGTEHqbVk9pegKQKc7lGhj5OrVg4HvNnQNEdEu5fLqB2XpMV8ltS7PL1wEz,iv:CfnXvb2wSRwQAURSLUrV4jofGnFOE6PQan7KPPhERjI=,tag:ve1Dh+63N4B6W7ZtvbDCFA==,type:str] svc-breeze-upload_key: ENC[AES256_GCM,data:qNNH4/Q0rk2lsMImzpVe54+DbSAOiGjo,iv:rX9zvcPt6qSbPs6sKYO0T8EVaHU/u9QDoT/ISHdQSV4=,tag:kivJyeJGtuBP0l54qJ0t9w==,type:str] +svc-sim-breeze-upload_key: ENC[AES256_GCM,data:qm93iBzGhqp7IuZ01uZ6PyL5bL45+W0oOeDyQRGEzZw=,iv:5F7BV5Sg6GUxIGQychaEZSeG7xDFF+JdRL83PJULWJA=,tag:W/Q8vGaPoLNnj1Wyvc9Cnw==,type:str] svc-synapse-synapse-config: ENC[AES256_GCM,data:r8ZYi67CfftGheassCFiLOVcFUho+sNNe0XCkyQETHT6Q/w2jqO9eAVA2EDJyK4Vk3S4MP6ppcGxwocMmTYzkAjmtwf6a7GzUyh14+Lj5VTybvIKOze0wuLlsEUUYgU=,iv:HTnPaS5/ZvdJIMKiTfPffZmemp5IGTo/mIWrpafk/Fk=,tag:2HusbhzmxqsTMz5/78WCRA==,type:str] svc-gitea-runner-env: ENC[AES256_GCM,data:M2hV8YM03dcBcgpJqbpiW6RGlhDvkfF/ExF+J1GF+39GnOsBWwPKteM5EAUB2Wrl/zRFifgfNLLdYgSEWhJsT1cBLhI3vwE5,iv:9/nvC3sS6XcLxgeKrEg/AaFhptXCm3uvGgSUMAz4p5Y=,tag:A1MnoJP6aekXuWHhlONnkw==,type:str] svc-nebula-key: ENC[AES256_GCM,data:kqVqnsEgEsMGz2Ud0CS4DnVDd7claVoFyB3grV8TWK/mGdtJwysIYsQRmpbwXcOTTfgdX6vLKxJvleLLHFQGTjf/7QwBrmhfUKryd7CEukaZUsmkJAx3fH5y0mMd84nJucyQk5NqXZhyXQNwg9zmyH20XdaLqrdr0dtkQzIf,iv:OHoIHRKJt4kqbQye6SHLD9wVbLl7wTvs5CheIeOObeg=,tag:4AG0sSlOdTrqtXj3UqzaHQ==,type:str] @@ -21,8 +22,8 @@ sops: SFhuV0prbkJUSC9uZjJsV1VCTHVPSjAKfH148Hh3CDFCE1BOgMlA5ROVVoiO4x6+ fpkAQO4rfvcdpi+1NJjAOp0tkxOV4gApo/B/Vd3xPCtR6rVky5/0XQ== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-10-15T20:33:06Z" - mac: ENC[AES256_GCM,data:0WuZQxRXih9XRWGwT01eiEppEIPfGOjSpKEthmY3v+kumM6ydpueCroxqIuQoLXke8eKzZ6Xg34C2AvHgCdkHTgYbC9wGf9h8cV7L2xD4F9sLQ2scGThCynG0AGcLRXm152wzSdR5dGr1h4p49WO9XGbLEXD/JzfyPIcENDTPAs=,iv:LIPHnjWJYPlvs+VBvrRpczYD6ncwqTs1Jyz+VdWFaxY=,tag:Cdu7pKIzqi5H4Qo1eW66HQ==,type:str] + lastmodified: "2025-03-01T04:01:15Z" + mac: ENC[AES256_GCM,data:1eMZuUzXH1fPIWh32J6RUntb/ki7OTovX/dtQ5uaf6J6r+B6nLR+TvpAdw4P+XLnxtTeVGIZEHb0sXSA9WXcEE90MHIYOPxG/rb/zf0IOGtg/iwfgLFTacaDJsqX4+WwQJgACJ98SbtznyXr0NnP2d4SudIOjkj05subfrOcPYo=,iv:Fzp1iLEtfxhvy14SG1l06mSDplD2KQoOV+t4rUMX9Qw=,tag:6JRywlTUw6V7yajm6lar8g==,type:str] pgp: - created_at: "2024-11-04T02:36:46Z" enc: |- @@ -45,4 +46,4 @@ sops: -----END PGP MESSAGE----- fp: 78795D9EBD425CBB3E850BC45DF91852CB14CEFF unencrypted_suffix: _unencrypted - version: 3.8.1 + version: 3.9.4