min
/
infra
1
0
Fork 0
Code Issues 2 Pull Requests Packages Projects Releases Wiki Activity

April 2025 update

This commit is contained in:
minish 2025-04-06 14:27:58 -04:00
parent 06b5916f58
commit da6ae88151
Signed by: min
SSH Key Fingerprint: SHA256:PDf6DSaU0lWsQ57NzQGdm8HUKftULYFYzxPJolepY58
26 changed files with 245 additions and 68 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

120
flake.lock
View File

@ -9,16 +9,15 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1736812363, "lastModified": 1740787854,
"narHash": "sha256-vs6tf4F4LVMDw4nsXkVFMSNC8RAbS7mRxbBscfE/mts=", "narHash": "sha256-psuFa7Ilar3iJaogz6UD8fRPMIk1NFAushM74Ln/SC4=",
"ref": "jemalloc", "ref": "refs/heads/main",
"rev": "015aee89b8519ce94a603d5cd58f1c54ec3ac718", "rev": "9752430f815f27d236a26451d479fdc3a1738060",
"revCount": 67, "revCount": 69,
"type": "git", "type": "git",
"url": "https://git.min.rip/min/breeze.git" "url": "https://git.min.rip/min/breeze.git"
}, },
"original": { "original": {
"ref": "jemalloc",
"type": "git", "type": "git",
"url": "https://git.min.rip/min/breeze.git" "url": "https://git.min.rip/min/breeze.git"
} }
@ -38,6 +37,21 @@
"type": "github" "type": "github"
} }
}, },
"crane_2": {
"locked": {
"lastModified": 1734808813,
"narHash": "sha256-3aH/0Y6ajIlfy7j52FGZ+s4icVX0oHhqBzRdlOeztqg=",
"owner": "ipetkov",
"repo": "crane",
"rev": "72e2d02dbac80c8c86bf6bf3e785536acf8ee926",
"type": "github"
},
"original": {
"owner": "ipetkov",
"repo": "crane",
"type": "github"
}
},
"deploy-rs": { "deploy-rs": {
"inputs": { "inputs": {
"flake-compat": "flake-compat", "flake-compat": "flake-compat",
@ -67,11 +81,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1736199437, "lastModified": 1740485968,
"narHash": "sha256-TdU0a/x8048rbbJmkKWzSY1CtsbbGKNkIJcMdr8Zf4Q=", "narHash": "sha256-WK+PZHbfDjLyveXAxpnrfagiFgZWaTJglewBWniTn2Y=",
"owner": "nix-community", "owner": "nix-community",
"repo": "disko", "repo": "disko",
"rev": "49f8aa791f81ff2402039b3efe0c35b9386c4bcf", "rev": "19c1140419c4f1cdf88ad4c1cfb6605597628940",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -101,11 +115,11 @@
"nixpkgs-lib": "nixpkgs-lib" "nixpkgs-lib": "nixpkgs-lib"
}, },
"locked": { "locked": {
"lastModified": 1736143030, "lastModified": 1738453229,
"narHash": "sha256-+hu54pAoLDEZT9pjHlqL9DNzWz0NbUn8NEAHP7PQPzU=", "narHash": "sha256-7H9XgNiGLKN1G1CgRh0vUL4AheZSYzPm+zmZ7vxbJdo=",
"owner": "hercules-ci", "owner": "hercules-ci",
"repo": "flake-parts", "repo": "flake-parts",
"rev": "b905f6fc23a9051a6e1b741e1438dbfc0634c6de", "rev": "32ea77a06711b758da0ad9bd6a844c5740a87abd",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -132,13 +146,31 @@
"type": "github" "type": "github"
} }
}, },
"flake-utils_2": {
"inputs": {
"systems": "systems_3"
},
"locked": {
"lastModified": 1731533236,
"narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"impermanence": { "impermanence": {
"locked": { "locked": {
"lastModified": 1734945620, "lastModified": 1737831083,
"narHash": "sha256-olIfsfJK4/GFmPH8mXMmBDAkzVQ1TWJmeGT3wBGfQPY=", "narHash": "sha256-LJggUHbpyeDvNagTUrdhe/pRVp4pnS6wVKALS782gRI=",
"owner": "nix-community", "owner": "nix-community",
"repo": "impermanence", "repo": "impermanence",
"rev": "d000479f4f41390ff7cf9204979660ad5dd16176", "rev": "4b3e914cdf97a5b536a889e939fb2fd2b043a170",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -149,11 +181,11 @@
}, },
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1736200483, "lastModified": 1740603184,
"narHash": "sha256-JO+lFN2HsCwSLMUWXHeOad6QUxOuwe9UOAF/iSl1J4I=", "narHash": "sha256-t+VaahjQAWyA+Ctn2idyo1yxRIYpaDxMgHkgCNiMJa4=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "3f0a8ac25fb674611b98089ca3a5dd6480175751", "rev": "f44bd8ca21e026135061a0a57dcf3d0775b67a49",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -165,14 +197,14 @@
}, },
"nixpkgs-lib": { "nixpkgs-lib": {
"locked": { "locked": {
"lastModified": 1735774519, "lastModified": 1738452942,
"narHash": "sha256-CewEm1o2eVAnoqb6Ml+Qi9Gg/EfNAxbRx1lANGVyoLI=", "narHash": "sha256-vJzFZGaCpnmo7I6i416HaBLpC+hvcURh/BQwROcGIp8=",
"type": "tarball", "type": "tarball",
"url": "https://github.com/NixOS/nixpkgs/archive/e9b51731911566bbf7e4895475a87fe06961de0b.tar.gz" "url": "https://github.com/NixOS/nixpkgs/archive/072a6db25e947df2f31aab9eccd0ab75d5b2da11.tar.gz"
}, },
"original": { "original": {
"type": "tarball", "type": "tarball",
"url": "https://github.com/NixOS/nixpkgs/archive/e9b51731911566bbf7e4895475a87fe06961de0b.tar.gz" "url": "https://github.com/NixOS/nixpkgs/archive/072a6db25e947df2f31aab9eccd0ab75d5b2da11.tar.gz"
} }
}, },
"root": { "root": {
@ -183,9 +215,32 @@
"flake-parts": "flake-parts", "flake-parts": "flake-parts",
"impermanence": "impermanence", "impermanence": "impermanence",
"nixpkgs": "nixpkgs", "nixpkgs": "nixpkgs",
"sim-breeze": "sim-breeze",
"sops-nix": "sops-nix" "sops-nix": "sops-nix"
} }
}, },
"sim-breeze": {
"inputs": {
"crane": "crane_2",
"flake-utils": "flake-utils_2",
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1740803896,
"narHash": "sha256-l7r91rD5iM5Vuagoqs0aIgYW68lIEHTf3oPIRoVm5Og=",
"ref": "refs/heads/main",
"rev": "ab744ebb5024dc391a03774571a2cb09bc225a11",
"revCount": 74,
"type": "git",
"url": "ssh://git@git.min.rip/min/sim-breeze.git"
},
"original": {
"type": "git",
"url": "ssh://git@git.min.rip/min/sim-breeze.git"
}
},
"sops-nix": { "sops-nix": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
@ -193,11 +248,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1736203741, "lastModified": 1739262228,
"narHash": "sha256-eSjkBwBdQk+TZWFlLbclF2rAh4JxbGg8az4w/Lfe7f4=", "narHash": "sha256-7JAGezJ0Dn5qIyA2+T4Dt/xQgAbhCglh6lzCekTVMeU=",
"owner": "Mic92", "owner": "Mic92",
"repo": "sops-nix", "repo": "sops-nix",
"rev": "c9c88f08e3ee495e888b8d7c8624a0b2519cb773", "rev": "07af005bb7d60c7f118d9d9f5530485da5d1e975",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -236,6 +291,21 @@
"type": "github" "type": "github"
} }
}, },
"systems_3": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"utils": { "utils": {
"inputs": { "inputs": {
"systems": "systems_2" "systems": "systems_2"

6
flake.nix
View File

@ -17,8 +17,11 @@
impermanence.url = "github:nix-community/impermanence"; impermanence.url = "github:nix-community/impermanence";
breeze.url = "git+https://git.min.rip/min/breeze.git?ref=jemalloc"; breeze.url = "git+https://git.min.rip/min/breeze.git";
breeze.inputs.nixpkgs.follows = "nixpkgs"; breeze.inputs.nixpkgs.follows = "nixpkgs";
sim-breeze.url = "git+ssh://git@git.min.rip/min/sim-breeze.git";
sim-breeze.inputs.nixpkgs.follows = "nixpkgs";
}; };
outputs = inputs @ {self, ...}: outputs = inputs @ {self, ...}:
@ -40,6 +43,7 @@
packages = with pkgs; [ packages = with pkgs; [
sops sops
ssh-to-age ssh-to-age
openssl
# not included: age, gpg, pcscd, scdaemon, etc. # not included: age, gpg, pcscd, scdaemon, etc.
deploy-rs deploy-rs

20
nixos/hosts/default.nix
View File

@ -1,15 +1,18 @@
{inputs, ...}: let {inputs, ...}: let
systems = ["silver"]; systems = makeSystems ["silver"];
inherit (inputs.nixpkgs) lib; inherit (inputs.nixpkgs) lib;
makeNixosConfigurations = systems: makeSystems = systems:
lib.listToAttrs (lib.map lib.listToAttrs (lib.map (name: {
(name: let
system = import ./${name} {inherit inputs;};
in {
inherit name; inherit name;
value = lib.nixosSystem { value = import ./${name} {inherit inputs;};
})
systems);
makeNixosConfigurations = systems:
lib.mapAttrs (name: system:
lib.nixosSystem {
inherit (system) system; inherit (system) system;
modules = modules =
@ -23,9 +26,8 @@
../modules ../modules
]; ];
};
}) })
systems); systems;
makeDeployRsNodes = systems: makeDeployRsNodes = systems:
lib.mapAttrs lib.mapAttrs

2
nixos/hosts/eidola/mounts.nix
View File

@ -1,4 +1,4 @@
{...}: { _: {
environment.persistence."/persist" = { environment.persistence."/persist" = {
hideMounts = true; hideMounts = true;
directories = [ directories = [

2
nixos/hosts/eidola/prometheus.nix
View File

@ -1,4 +1,4 @@
{...}: let _: let
ipInternal = "10.13.1.1"; # TODO: hardcoding ipInternal = "10.13.1.1"; # TODO: hardcoding
in { in {
services.prometheus.exporters = { services.prometheus.exporters = {

2
nixos/hosts/eidola/secrets.nix
View File

@ -1,4 +1,4 @@
{...}: { _: {
sops = { sops = {
defaultSopsFile = ../../../secrets/eidola.yaml; defaultSopsFile = ../../../secrets/eidola.yaml;
age.sshKeyPaths = ["/persist/etc/ssh/ssh_host_ed25519_key"]; age.sshKeyPaths = ["/persist/etc/ssh/ssh_host_ed25519_key"];

2
nixos/hosts/eidola/services/samba.nix
View File

@ -1,4 +1,4 @@
{...}: { _: {
users = { users = {
users = let users = let
shareUser = { shareUser = {

4
nixos/hosts/silver/configuration.nix
View File

@ -5,10 +5,10 @@
}: let }: let
net = { net = {
# TODO: hardcoding (this module *may* be a good place to store values like this, though) # TODO: hardcoding (this module *may* be a good place to store values like this, though)
address = "107.152.41.67"; address = "66.23.198.122";
prefixLength = 24; prefixLength = 24;
subnet = "255.255.255.0"; subnet = "255.255.255.0";
gateway = "107.152.41.1"; gateway = "66.23.198.1";
interface = "eth0"; interface = "eth0";
}; };
in { in {

1
nixos/hosts/silver/default.nix
View File

@ -18,6 +18,7 @@
inputs.disko.nixosModules.disko inputs.disko.nixosModules.disko
inputs.impermanence.nixosModules.impermanence inputs.impermanence.nixosModules.impermanence
inputs.breeze.nixosModules.${system}.breeze inputs.breeze.nixosModules.${system}.breeze
inputs.sim-breeze.nixosModules.${system}.sim-breeze
./configuration.nix ./configuration.nix
]; ];
} }

8
nixos/hosts/silver/disk-config.nix
View File

@ -3,7 +3,7 @@
disk = { disk = {
main = { main = {
type = "disk"; type = "disk";
device = "/dev/vda"; device = "/dev/sda";
content = { content = {
type = "gpt"; type = "gpt";
@ -75,6 +75,12 @@
]; ];
}; };
}; };
swap = {
size = "6G";
content = {
type = "swap";
};
};
persist = { persist = {
size = "100%FREE"; size = "100%FREE";
content = { content = {

2
nixos/hosts/silver/mounts.nix
View File

@ -1,4 +1,4 @@
{...}: { _: {
environment.persistence."/persist" = { environment.persistence."/persist" = {
hideMounts = true; hideMounts = true;
directories = [ directories = [

2
nixos/hosts/silver/prometheus.nix
View File

@ -1,4 +1,4 @@
{...}: let _: let
ipInternal = "10.13.0.1"; # TODO: hardcoding ipInternal = "10.13.0.1"; # TODO: hardcoding
in { in {
services.prometheus.exporters = { services.prometheus.exporters = {

2
nixos/hosts/silver/secrets.nix
View File

@ -1,4 +1,4 @@
{...}: { _: {
sops = { sops = {
defaultSopsFile = ../../../secrets/silver.yaml; defaultSopsFile = ../../../secrets/silver.yaml;
age.sshKeyPaths = ["/persist/etc/ssh/ssh_host_ed25519_key"]; age.sshKeyPaths = ["/persist/etc/ssh/ssh_host_ed25519_key"];

1
nixos/hosts/silver/services/default.nix
View File

@ -4,6 +4,7 @@
./breeze.nix ./breeze.nix
./min-rip.nix ./min-rip.nix
./gitea.nix ./gitea.nix
./sim-breeze.nix
./synapse.nix ./synapse.nix
./nebula.nix ./nebula.nix
./prometheus.nix ./prometheus.nix

2
nixos/hosts/silver/services/gitea.nix
View File

@ -1,5 +1,5 @@
{config, ...}: let {config, ...}: let
sshExposeIp = "107.152.41.67"; # TODO: hardcoding sshExposeIp = "66.23.198.122"; # TODO: hardcoding
sshIntPort = 14022; sshIntPort = 14022;
httpIntPort = 14020; httpIntPort = 14020;
dom = "git.min.rip"; # TODO: hardcoding dom = "git.min.rip"; # TODO: hardcoding

2
nixos/hosts/silver/services/grafana.nix
View File

@ -1,4 +1,4 @@
{...}: let _: let
dom = "graf.min.rip"; dom = "graf.min.rip";
httpIntPort = 14050; httpIntPort = 14050;
in { in {

2
nixos/hosts/silver/services/min-rip.nix
View File

@ -1,4 +1,4 @@
{...}: let _: let
dom = "min.rip"; # TODO: hardcoding dom = "min.rip"; # TODO: hardcoding
in { in {
services.nginx.virtualHosts.${dom} = { services.nginx.virtualHosts.${dom} = {

2
nixos/hosts/silver/services/prometheus.nix
View File

@ -1,4 +1,4 @@
{...}: let _: let
ipSilver = "10.13.0.1"; # TODO: hardcoding ipSilver = "10.13.0.1"; # TODO: hardcoding
ipEidola = "10.13.1.1"; # TODO: hardcoding ipEidola = "10.13.1.1"; # TODO: hardcoding
in { in {

56
nixos/hosts/silver/services/sim-breeze.nix Normal file
View File

@ -0,0 +1,56 @@
{config, ...}: let
httpIntPort = 14012;
dom = "simul.lol";
in {
sops.secrets."svc-sim-breeze-upload_key" = {
owner = "sim-breeze";
group = "sim-breeze";
};
services.nginx.virtualHosts.${dom} = {
forceSSL = true;
enableACME = true;
quic = true;
locations."/" = {
proxyPass = "http://127.0.0.1:${toString httpIntPort}";
};
extraConfig = let
cloudflarePem = ../../../keys/cloudflare.pem;
in ''
ssl_client_certificate ${cloudflarePem};
ssl_verify_client on;
'';
};
systemd.tmpfiles.rules = [
"d /srv/uploads-sim 0750 sim-breeze sim-breeze - -"
];
services.sim-breeze = {
enable = true;
uploadKeyFile = config.sops.secrets."svc-sim-breeze-upload_key".path;
settings = {
engine = {
base_url = "https://${dom}";
max_upload_len = 2147483648;
max_temp_lifetime = 43200;
max_strip_len = 16777216;
disk.save_path = "/srv/uploads-sim";
cache = {
max_length = 268435456;
upload_lifetime = 1800;
scan_freq = 60;
mem_capacity = 4294967296;
};
};
http.listen_on = "127.0.0.1:${toString httpIntPort}";
logger.level = "info";
};
};
}

2
nixos/hosts/silver/services/synapse.nix
View File

@ -42,7 +42,7 @@ in {
]; ];
virtualisation.oci-containers.containers.synapse-db = { virtualisation.oci-containers.containers.synapse-db = {
image = "docker.io/postgres:12-alpine"; image = "docker.io/postgres:17-alpine";
environment = { environment = {
POSTGRES_USER = "synapse"; POSTGRES_USER = "synapse";
POSTGRES_PASSWORD = "synapse"; POSTGRES_PASSWORD = "synapse";

2
nixos/hosts/silver/services/vaultwarden.nix
View File

@ -1,4 +1,4 @@
{...}: let _: let
httpIntAddr = "127.0.0.1"; httpIntAddr = "127.0.0.1";
httpIntPort = 14210; httpIntPort = 14210;
dom = "pw.min.rip"; dom = "pw.min.rip";

35
nixos/keys/cloudflare.pem Normal file
View File

@ -0,0 +1,35 @@
-----BEGIN CERTIFICATE-----
MIIGCjCCA/KgAwIBAgIIV5G6lVbCLmEwDQYJKoZIhvcNAQENBQAwgZAxCzAJBgNV
BAYTAlVTMRkwFwYDVQQKExBDbG91ZEZsYXJlLCBJbmMuMRQwEgYDVQQLEwtPcmln
aW4gUHVsbDEWMBQGA1UEBxMNU2FuIEZyYW5jaXNjbzETMBEGA1UECBMKQ2FsaWZv
cm5pYTEjMCEGA1UEAxMab3JpZ2luLXB1bGwuY2xvdWRmbGFyZS5uZXQwHhcNMTkx
MDEwMTg0NTAwWhcNMjkxMTAxMTcwMDAwWjCBkDELMAkGA1UEBhMCVVMxGTAXBgNV
BAoTEENsb3VkRmxhcmUsIEluYy4xFDASBgNVBAsTC09yaWdpbiBQdWxsMRYwFAYD
VQQHEw1TYW4gRnJhbmNpc2NvMRMwEQYDVQQIEwpDYWxpZm9ybmlhMSMwIQYDVQQD
ExpvcmlnaW4tcHVsbC5jbG91ZGZsYXJlLm5ldDCCAiIwDQYJKoZIhvcNAQEBBQAD
ggIPADCCAgoCggIBAN2y2zojYfl0bKfhp0AJBFeV+jQqbCw3sHmvEPwLmqDLqynI
42tZXR5y914ZB9ZrwbL/K5O46exd/LujJnV2b3dzcx5rtiQzso0xzljqbnbQT20e
ihx/WrF4OkZKydZzsdaJsWAPuplDH5P7J82q3re88jQdgE5hqjqFZ3clCG7lxoBw
hLaazm3NJJlUfzdk97ouRvnFGAuXd5cQVx8jYOOeU60sWqmMe4QHdOvpqB91bJoY
QSKVFjUgHeTpN8tNpKJfb9LIn3pun3bC9NKNHtRKMNX3Kl/sAPq7q/AlndvA2Kw3
Dkum2mHQUGdzVHqcOgea9BGjLK2h7SuX93zTWL02u799dr6Xkrad/WShHchfjjRn
aL35niJUDr02YJtPgxWObsrfOU63B8juLUphW/4BOjjJyAG5l9j1//aUGEi/sEe5
lqVv0P78QrxoxR+MMXiJwQab5FB8TG/ac6mRHgF9CmkX90uaRh+OC07XjTdfSKGR
PpM9hB2ZhLol/nf8qmoLdoD5HvODZuKu2+muKeVHXgw2/A6wM7OwrinxZiyBk5Hh
CvaADH7PZpU6z/zv5NU5HSvXiKtCzFuDu4/Zfi34RfHXeCUfHAb4KfNRXJwMsxUa
+4ZpSAX2G6RnGU5meuXpU5/V+DQJp/e69XyyY6RXDoMywaEFlIlXBqjRRA2pAgMB
AAGjZjBkMA4GA1UdDwEB/wQEAwIBBjASBgNVHRMBAf8ECDAGAQH/AgECMB0GA1Ud
DgQWBBRDWUsraYuA4REzalfNVzjann3F6zAfBgNVHSMEGDAWgBRDWUsraYuA4REz
alfNVzjann3F6zANBgkqhkiG9w0BAQ0FAAOCAgEAkQ+T9nqcSlAuW/90DeYmQOW1
QhqOor5psBEGvxbNGV2hdLJY8h6QUq48BCevcMChg/L1CkznBNI40i3/6heDn3IS
zVEwXKf34pPFCACWVMZxbQjkNRTiH8iRur9EsaNQ5oXCPJkhwg2+IFyoPAAYURoX
VcI9SCDUa45clmYHJ/XYwV1icGVI8/9b2JUqklnOTa5tugwIUi5sTfipNcJXHhgz
6BKYDl0/UP0lLKbsUETXeTGDiDpxZYIgbcFrRDDkHC6BSvdWVEiH5b9mH2BON60z
0O0j8EEKTwi9jnafVtZQXP/D8yoVowdFDjXcKkOPF/1gIh9qrFR6GdoPVgB3SkLc
5ulBqZaCHm563jsvWb/kXJnlFxW+1bsO9BDD6DweBcGdNurgmH625wBXksSdD7y/
fakk8DagjbjKShYlPEFOAqEcliwjF45eabL0t27MJV61O/jHzHL3dknXeE4BDa2j
bA+JbyJeUMtU7KMsxvx82RmhqBEJJDBCJ3scVptvhDMRrtqDBW5JShxoAOcpFQGm
iYWicn46nPDjgTU0bX1ZPpTpryXbvciVL5RkVBuyX2ntcOLDPlZWgxZCBp96x07F
AnOzKgZk4RzZPNAxCXERVxajn/FLcOhglVAKo5H0ac+AitlQ0ip55D2/mf8o72tM
fVQ6VpyjEXdiIXWUq/o=
-----END CERTIFICATE-----

1
nixos/keys/ssh.nix
View File

@ -2,4 +2,5 @@
"ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBLM+RmEfAxC6vYelGWhBj5bCkiwWmbrMs1XqyMNALOilSoW+om9tJbulDSYn9l7woc9UOm8lFZ/x08J3AORbQjI=" "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBLM+RmEfAxC6vYelGWhBj5bCkiwWmbrMs1XqyMNALOilSoW+om9tJbulDSYn9l7woc9UOm8lFZ/x08J3AORbQjI="
"sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIPci/gIUGWdoiLXS8Nq8T6Fvh2Wtpxv6pnqyvbSWvzyoAAAABHNzaDo=" "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIPci/gIUGWdoiLXS8Nq8T6Fvh2Wtpxv6pnqyvbSWvzyoAAAABHNzaDo="
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINIysEjWk8jdsnfF2Ki1U1TENkRLu3ig5tGVlVUnBGTj" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINIysEjWk8jdsnfF2Ki1U1TENkRLu3ig5tGVlVUnBGTj"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIG/Fc8P3CyombtPO/1OnYIx7VMh46XmCjV9WNCoLi77q" # migration
] ]

2
nixos/modules/limits.nix
View File

@ -1,4 +1,4 @@
{...}: { _: {
boot.kernel.sysctl."net.core.rmem_max" = 2500000; boot.kernel.sysctl."net.core.rmem_max" = 2500000;
boot.kernel.sysctl."fs.inotify.max_user_instances" = 1024; boot.kernel.sysctl."fs.inotify.max_user_instances" = 1024;

2
nixos/modules/networking.nix
View File

@ -1,3 +1,3 @@
{...}: { _: {
networking.nameservers = ["1.1.1.1" "1.0.0.1"]; networking.nameservers = ["1.1.1.1" "1.0.0.1"];
} }

7
secrets/silver.yaml
View File

@ -3,6 +3,7 @@ user-pw: ENC[AES256_GCM,data:5qJ/TLLdHyQVTftN882UJZ/FPAbHUGQkw1eXqajCt2Aw2wca5D7
svc-nodemusicbot-env: ENC[AES256_GCM,data:XoTn7WuFbfs8P+MvoMLfwpvUJ4IGGRMhdG1HXdmXGiI9s6ZTlipnIL70MYlih5kKn/wSBR2QDd9i6AErbz3hDUAkCh0tBuiZTDuSctUU0X2PCnrBnbg=,iv:ayrHgGO0zCl7apVKjMGI1MbtkN8V3j6dT0Mv07/KoYQ=,tag:TdAussU7bBg+jxpLufR1sw==,type:str] svc-nodemusicbot-env: ENC[AES256_GCM,data:XoTn7WuFbfs8P+MvoMLfwpvUJ4IGGRMhdG1HXdmXGiI9s6ZTlipnIL70MYlih5kKn/wSBR2QDd9i6AErbz3hDUAkCh0tBuiZTDuSctUU0X2PCnrBnbg=,iv:ayrHgGO0zCl7apVKjMGI1MbtkN8V3j6dT0Mv07/KoYQ=,tag:TdAussU7bBg+jxpLufR1sw==,type:str]
svc-vcnotifier-env: ENC[AES256_GCM,data:8DwT17Aosvu7/Q2ecbir/t9HOtanPlFeBgLOzxtcv2BpCIGTEHqbVk9pegKQKc7lGhj5OrVg4HvNnQNEdEu5fLqB2XpMV8ltS7PL1wEz,iv:CfnXvb2wSRwQAURSLUrV4jofGnFOE6PQan7KPPhERjI=,tag:ve1Dh+63N4B6W7ZtvbDCFA==,type:str] svc-vcnotifier-env: ENC[AES256_GCM,data:8DwT17Aosvu7/Q2ecbir/t9HOtanPlFeBgLOzxtcv2BpCIGTEHqbVk9pegKQKc7lGhj5OrVg4HvNnQNEdEu5fLqB2XpMV8ltS7PL1wEz,iv:CfnXvb2wSRwQAURSLUrV4jofGnFOE6PQan7KPPhERjI=,tag:ve1Dh+63N4B6W7ZtvbDCFA==,type:str]
svc-breeze-upload_key: ENC[AES256_GCM,data:qNNH4/Q0rk2lsMImzpVe54+DbSAOiGjo,iv:rX9zvcPt6qSbPs6sKYO0T8EVaHU/u9QDoT/ISHdQSV4=,tag:kivJyeJGtuBP0l54qJ0t9w==,type:str] svc-breeze-upload_key: ENC[AES256_GCM,data:qNNH4/Q0rk2lsMImzpVe54+DbSAOiGjo,iv:rX9zvcPt6qSbPs6sKYO0T8EVaHU/u9QDoT/ISHdQSV4=,tag:kivJyeJGtuBP0l54qJ0t9w==,type:str]
svc-sim-breeze-upload_key: ENC[AES256_GCM,data:qm93iBzGhqp7IuZ01uZ6PyL5bL45+W0oOeDyQRGEzZw=,iv:5F7BV5Sg6GUxIGQychaEZSeG7xDFF+JdRL83PJULWJA=,tag:W/Q8vGaPoLNnj1Wyvc9Cnw==,type:str]
svc-synapse-synapse-config: ENC[AES256_GCM,data:r8ZYi67CfftGheassCFiLOVcFUho+sNNe0XCkyQETHT6Q/w2jqO9eAVA2EDJyK4Vk3S4MP6ppcGxwocMmTYzkAjmtwf6a7GzUyh14+Lj5VTybvIKOze0wuLlsEUUYgU=,iv:HTnPaS5/ZvdJIMKiTfPffZmemp5IGTo/mIWrpafk/Fk=,tag:2HusbhzmxqsTMz5/78WCRA==,type:str] svc-synapse-synapse-config: ENC[AES256_GCM,data:r8ZYi67CfftGheassCFiLOVcFUho+sNNe0XCkyQETHT6Q/w2jqO9eAVA2EDJyK4Vk3S4MP6ppcGxwocMmTYzkAjmtwf6a7GzUyh14+Lj5VTybvIKOze0wuLlsEUUYgU=,iv:HTnPaS5/ZvdJIMKiTfPffZmemp5IGTo/mIWrpafk/Fk=,tag:2HusbhzmxqsTMz5/78WCRA==,type:str]
svc-gitea-runner-env: ENC[AES256_GCM,data:M2hV8YM03dcBcgpJqbpiW6RGlhDvkfF/ExF+J1GF+39GnOsBWwPKteM5EAUB2Wrl/zRFifgfNLLdYgSEWhJsT1cBLhI3vwE5,iv:9/nvC3sS6XcLxgeKrEg/AaFhptXCm3uvGgSUMAz4p5Y=,tag:A1MnoJP6aekXuWHhlONnkw==,type:str] svc-gitea-runner-env: ENC[AES256_GCM,data:M2hV8YM03dcBcgpJqbpiW6RGlhDvkfF/ExF+J1GF+39GnOsBWwPKteM5EAUB2Wrl/zRFifgfNLLdYgSEWhJsT1cBLhI3vwE5,iv:9/nvC3sS6XcLxgeKrEg/AaFhptXCm3uvGgSUMAz4p5Y=,tag:A1MnoJP6aekXuWHhlONnkw==,type:str]
svc-nebula-key: ENC[AES256_GCM,data:kqVqnsEgEsMGz2Ud0CS4DnVDd7claVoFyB3grV8TWK/mGdtJwysIYsQRmpbwXcOTTfgdX6vLKxJvleLLHFQGTjf/7QwBrmhfUKryd7CEukaZUsmkJAx3fH5y0mMd84nJucyQk5NqXZhyXQNwg9zmyH20XdaLqrdr0dtkQzIf,iv:OHoIHRKJt4kqbQye6SHLD9wVbLl7wTvs5CheIeOObeg=,tag:4AG0sSlOdTrqtXj3UqzaHQ==,type:str] svc-nebula-key: ENC[AES256_GCM,data:kqVqnsEgEsMGz2Ud0CS4DnVDd7claVoFyB3grV8TWK/mGdtJwysIYsQRmpbwXcOTTfgdX6vLKxJvleLLHFQGTjf/7QwBrmhfUKryd7CEukaZUsmkJAx3fH5y0mMd84nJucyQk5NqXZhyXQNwg9zmyH20XdaLqrdr0dtkQzIf,iv:OHoIHRKJt4kqbQye6SHLD9wVbLl7wTvs5CheIeOObeg=,tag:4AG0sSlOdTrqtXj3UqzaHQ==,type:str]
@ -21,8 +22,8 @@ sops:
SFhuV0prbkJUSC9uZjJsV1VCTHVPSjAKfH148Hh3CDFCE1BOgMlA5ROVVoiO4x6+ SFhuV0prbkJUSC9uZjJsV1VCTHVPSjAKfH148Hh3CDFCE1BOgMlA5ROVVoiO4x6+
fpkAQO4rfvcdpi+1NJjAOp0tkxOV4gApo/B/Vd3xPCtR6rVky5/0XQ== fpkAQO4rfvcdpi+1NJjAOp0tkxOV4gApo/B/Vd3xPCtR6rVky5/0XQ==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2024-10-15T20:33:06Z" lastmodified: "2025-03-01T04:01:15Z"
mac: ENC[AES256_GCM,data:0WuZQxRXih9XRWGwT01eiEppEIPfGOjSpKEthmY3v+kumM6ydpueCroxqIuQoLXke8eKzZ6Xg34C2AvHgCdkHTgYbC9wGf9h8cV7L2xD4F9sLQ2scGThCynG0AGcLRXm152wzSdR5dGr1h4p49WO9XGbLEXD/JzfyPIcENDTPAs=,iv:LIPHnjWJYPlvs+VBvrRpczYD6ncwqTs1Jyz+VdWFaxY=,tag:Cdu7pKIzqi5H4Qo1eW66HQ==,type:str] mac: ENC[AES256_GCM,data:1eMZuUzXH1fPIWh32J6RUntb/ki7OTovX/dtQ5uaf6J6r+B6nLR+TvpAdw4P+XLnxtTeVGIZEHb0sXSA9WXcEE90MHIYOPxG/rb/zf0IOGtg/iwfgLFTacaDJsqX4+WwQJgACJ98SbtznyXr0NnP2d4SudIOjkj05subfrOcPYo=,iv:Fzp1iLEtfxhvy14SG1l06mSDplD2KQoOV+t4rUMX9Qw=,tag:6JRywlTUw6V7yajm6lar8g==,type:str]
pgp: pgp:
- created_at: "2024-11-04T02:36:46Z" - created_at: "2024-11-04T02:36:46Z"
enc: |- enc: |-
@ -45,4 +46,4 @@ sops:
-----END PGP MESSAGE----- -----END PGP MESSAGE-----
fp: 78795D9EBD425CBB3E850BC45DF91852CB14CEFF fp: 78795D9EBD425CBB3E850BC45DF91852CB14CEFF
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.8.1 version: 3.9.4