From 50066a4d208b83e63d5ebb4bc64e740e78deae59 Mon Sep 17 00:00:00 2001 From: Grisha Shipunov Date: Tue, 31 Dec 2024 13:52:57 +0000 Subject: [PATCH] revert toaster --- .sops.yaml | 7 + flake.nix | 15 ++ hosts/toaster/amd-new-pstate.nix | 5 + hosts/toaster/amd.nix | 16 ++ hosts/toaster/default.nix | 63 +++++++ hosts/toaster/hardware-configuration.nix | 94 ++++++++++ hosts/toaster/irc.nix | 9 + hosts/toaster/network-vpns.nix | 210 +++++++++++++++++++++++ hosts/toaster/network.nix | 57 ++++++ hosts/toaster/secrets.nix | 20 +++ hosts/toaster/secure-boot.nix | 12 ++ hosts/toaster/stateful-network.nix | 39 +++++ hosts/toaster/zfs.nix | 19 ++ modules/chromium.nix | 34 ++++ modules/desktop-software.nix | 19 ++ modules/dvb-dump-nfs-automount.nix | 26 +++ modules/emacs.nix | 29 ++++ modules/gnome.nix | 116 +++++++++++++ modules/gnupg.nix | 18 ++ modules/hw-accel-intel.nix | 21 +++ modules/mail/default.nix | 133 ++++++++++++++ modules/mail/mbsyncrc | 97 +++++++++++ modules/radio.nix | 39 +++++ modules/science.nix | 17 ++ modules/sway.nix | 166 ++++++++++++++++++ modules/tlp.nix | 14 ++ modules/vscode.nix | 22 +++ pkgs/imhex.nix | 75 ++++++++ pkgs/slick.nix | 24 +++ secrets/toaster/secrets.yaml | 52 ++++++ 30 files changed, 1468 insertions(+) create mode 100644 hosts/toaster/amd-new-pstate.nix create mode 100644 hosts/toaster/amd.nix create mode 100644 hosts/toaster/default.nix create mode 100644 hosts/toaster/hardware-configuration.nix create mode 100644 hosts/toaster/irc.nix create mode 100644 hosts/toaster/network-vpns.nix create mode 100644 hosts/toaster/network.nix create mode 100644 hosts/toaster/secrets.nix create mode 100644 hosts/toaster/secure-boot.nix create mode 100644 hosts/toaster/stateful-network.nix create mode 100644 hosts/toaster/zfs.nix create mode 100644 modules/chromium.nix create mode 100644 modules/desktop-software.nix create mode 100644 modules/dvb-dump-nfs-automount.nix create mode 100644 modules/emacs.nix create mode 100644 modules/gnome.nix create mode 100644 modules/gnupg.nix create mode 100644 modules/hw-accel-intel.nix create mode 100644 modules/mail/default.nix create mode 100644 modules/mail/mbsyncrc create mode 100644 modules/radio.nix create mode 100644 modules/science.nix create mode 100644 modules/sway.nix create mode 100644 modules/tlp.nix create mode 100644 modules/vscode.nix create mode 100644 pkgs/imhex.nix create mode 100644 pkgs/slick.nix create mode 100644 secrets/toaster/secrets.yaml diff --git a/.sops.yaml b/.sops.yaml index 00388d5..2a071ce 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -3,6 +3,7 @@ keys: - &cirrus age1qm70jkg7us4ft4x3nh7kwxlul022kteescjj83ywvjhysj6nsq5sw7l6p8 - &dishwasher age18t2dc53m7a53996fwcmuanwjtxxvvgkntpmdvd3q42pnkch6rajqnm4up8 - &nextcloud age1ds7zgenz9a664jqx5308m6q5mgtavzmelg239xsj8mdh64pmqa9qtkffmk + - &toaster age1qyj95tsntreefqeetawqy5pf26456s9c0v3tzz8yzs706c0jsg6qv56jzk - &music age1aj7mgq8jxv0n5rnpqtgu4l56ymqyq86qacn3jp7ve2emk0eheuaqgm4rtt - &news age1dwem3slsm04jpmje2ru5n7fujkmz2kvhdat5htx2xnc2yqtyefeqchwx7f creation_rules: @@ -24,6 +25,12 @@ creation_rules: - *admin_oxa age: - *nextcloud + - path_regex: secrets/toaster/[^/]+\.yaml$ + key_groups: + - pgp: + - *admin_oxa + age: + - *toaster - path_regex: secrets/music/[^/]+\.yaml$ key_groups: - pgp: diff --git a/flake.nix b/flake.nix index 406b568..ecffdfd 100644 --- a/flake.nix +++ b/flake.nix @@ -32,7 +32,22 @@ , ... }: + flake-utils.lib.eachDefaultSystem + (system: + let + pkgs = nixpkgs.legacyPackages.${system}; + in + { + packages.slick = pkgs.callPackage "${self}/pkgs/slick.nix" { }; + # packages.imhex = pkgs.libsForQt5.callPackage "${self}/pkgs/imhex.nix" { }; + }) + // { + overlays.default = _final: prev: { + inherit (self.packages.${prev.system}) + slick; + }; + nixosConfigurations = { cirrus = nixpkgs.lib.nixosSystem { system = "x86_64-linux"; diff --git a/hosts/toaster/amd-new-pstate.nix b/hosts/toaster/amd-new-pstate.nix new file mode 100644 index 0000000..179cce3 --- /dev/null +++ b/hosts/toaster/amd-new-pstate.nix @@ -0,0 +1,5 @@ +{ ... }: +{ + # use new amd pstate driver + boot.kernelParams = [ "amd_pstate=active" ]; +} diff --git a/hosts/toaster/amd.nix b/hosts/toaster/amd.nix new file mode 100644 index 0000000..07aa493 --- /dev/null +++ b/hosts/toaster/amd.nix @@ -0,0 +1,16 @@ +{ pkgs, config, ... }: { + boot.initrd.kernelModules = [ "amdgpu" ]; + + hardware.opengl = { + driSupport = true; + driSupport32Bit = true; + extraPackages = with pkgs; [ + rocm-opencl-icd + rocm-opencl-runtime + amdvlk + ]; + extraPackages32 = with pkgs; [ + driversi686Linux.amdvlk + ]; + }; +} diff --git a/hosts/toaster/default.nix b/hosts/toaster/default.nix new file mode 100644 index 0000000..cac9bad --- /dev/null +++ b/hosts/toaster/default.nix @@ -0,0 +1,63 @@ +{ pkgs, ... }: { + imports = [ + ./amd.nix + ./amd-new-pstate.nix + ./hardware-configuration.nix + ./irc.nix + ./stateful-network.nix + ./secrets.nix + ./secure-boot.nix + ./zfs.nix + ]; + + nixpkgs.config.allowUnfree = true; + + # Use the systemd-boot EFI boot loader. + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; + hardware.enableAllFirmware = true; + + # update the firmware + services.fwupd.enable = true; + + # Set your time zone. + time.timeZone = "Europe/Amsterdam"; + + # Select internationalisation properties. + i18n = { + defaultLocale = "en_US.UTF-8"; + supportedLocales = [ "all" ]; + }; + + users.users.grue = { + extraGroups = [ + "wheel" + "video" + "plugdev" + "dialout" + "bluetooth" + "libvirtd" + ]; + group = "users"; + home = "/home/grue"; + isNormalUser = true; + uid = 1000; + }; + + programs.steam.enable = true; + + environment.systemPackages = with pkgs; [ + factorio + ]; + + services.emacs.defaultEditor = false; + + # This value determines the NixOS release from which the default + # settings for stateful data, like file locations and database versions + # on your system were taken. It‘s perfectly fine and recommended to leave + # this value at the release version of the first install of this system. + # Before changing this value read the documentation for this option + # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). + system.stateVersion = "23.05"; # Did you read the comment? + +} diff --git a/hosts/toaster/hardware-configuration.nix b/hosts/toaster/hardware-configuration.nix new file mode 100644 index 0000000..7e3b087 --- /dev/null +++ b/hosts/toaster/hardware-configuration.nix @@ -0,0 +1,94 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ + (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "usb_storage" "sd_mod" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ "kvm-amd" ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { + device = "toasterpool/nixos/root"; + fsType = "zfs"; + options = [ "zfsutil" ]; + }; + + fileSystems."/nix" = + { + device = "toasterpool/nixos/nix"; + fsType = "zfs"; + options = [ "zfsutil" ]; + }; + + fileSystems."/var" = + { + device = "toasterpool/userdata/var"; + fsType = "zfs"; + options = [ "zfsutil" ]; + }; + + fileSystems."/var/lib" = + { + device = "toasterpool/userdata/var/lib"; + fsType = "zfs"; + options = [ "zfsutil" ]; + }; + + fileSystems."/var/log" = + { + device = "toasterpool/userdata/var/log"; + fsType = "zfs"; + options = [ "zfsutil" ]; + }; + + fileSystems."/home" = + { + device = "toasterpool/userdata/home"; + fsType = "zfs"; + options = [ "zfsutil" ]; + }; + + fileSystems."/home/grue" = + { + device = "toasterpool/userdata/home/grue"; + fsType = "zfs"; + options = [ "zfsutil" ]; + }; + + fileSystems."/boot" = + { + device = "/dev/disk/by-uuid/7663-6239"; + fsType = "vfat"; + options = [ "X-mount.mkdir" ]; + }; + + swapDevices = [ + { + device = "/dev/disk/by-id/nvme-eui.ace42e002621ff2b2ee4ac0000000001-part2"; + randomEncryption = true; + } + ]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + + networking.interfaces.enp1s0f0.useDHCP = lib.mkDefault true; + #networking.interfaces.wlp2s0.useDHCP = lib.mkDefault true; + networking.interfaces.wlan0.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; + + # services.fprintd.enable = true; +} diff --git a/hosts/toaster/irc.nix b/hosts/toaster/irc.nix new file mode 100644 index 0000000..85398ab --- /dev/null +++ b/hosts/toaster/irc.nix @@ -0,0 +1,9 @@ +{ config, pkgs, ... }: { + environment.systemPackages = [ pkgs.senpai ]; + + sops.secrets = { + "irc/senpai" = { + owner = config.users.users.grue.name; + }; + }; +} diff --git a/hosts/toaster/network-vpns.nix b/hosts/toaster/network-vpns.nix new file mode 100644 index 0000000..888d8bb --- /dev/null +++ b/hosts/toaster/network-vpns.nix @@ -0,0 +1,210 @@ +{ config, ... }: { + + systemd.network = { + # Wireguard + # Dump-dvb + netdevs."30-wg-dumpdvb" = { + netdevConfig = { + Kind = "wireguard"; + Name = "wg-dumpdvb"; + Description = "dvb.solutions enterprise network"; + }; + wireguardConfig = { + PrivateKeyFile = config.sops.secrets."wg/dvb".path; + }; + wireguardPeers = [ + { + wireguardPeerConfig = { + PublicKey = "WDvCObJ0WgCCZ0ORV2q4sdXblBd8pOPZBmeWr97yphY="; + Endpoint = "academicstrokes.com:51820"; + AllowedIPs = [ "10.13.37.0/24" ]; + PersistentKeepalive = 25; + }; + } + ]; + }; + networks."30-wg-dumpdvb" = { + matchConfig.Name = "wg-dumpdvb"; + networkConfig = { + Address = "10.13.37.3/24"; + IPv6AcceptRA = true; + }; + routes = [ + { routeConfig = { Gateway = "10.13.37.1"; Destination = "10.13.37.0/24"; }; } + ]; + }; + + # oxalab + netdevs."10-wg-oxalab" = { + netdevConfig = { + Kind = "wireguard"; + Name = "wg-oxalab"; + Description = "lab of oxa"; + }; + wireguardConfig = { + PrivateKeyFile = config.sops.secrets."wg/oxalab".path; + }; + wireguardPeers = [ + { + wireguardPeerConfig = { + PublicKey = "5nCVC21BL+1r70OGwA4Q6Z/gcPLC3+ZF8sTurdn7N0E="; + Endpoint = "95.216.166.21:51820"; + AllowedIPs = [ "10.66.66.0/24" ]; + PersistentKeepalive = 25; + }; + } + ]; + }; + networks."10-wg-oxalab" = { + matchConfig.Name = "wg-oxalab"; + networkConfig = { + Address = "10.66.66.10/24"; + IPv6AcceptRA = true; + }; + routes = [ + { routeConfig = { Gateway = "10.66.66.1"; Destination = "10.66.66.1/24"; }; } + ]; + }; + + + # zentralwerk + netdevs."10-wg-zentralwerk" = { + netdevConfig = { + Kind = "wireguard"; + Name = "wg-zentralwerk"; + Description = "Tunnel to the best basement in Dresden"; + }; + wireguardConfig = { + PrivateKeyFile = config.sops.secrets."wg/zw".path; + RouteTable = "off"; + }; + wireguardPeers = [ + { + wireguardPeerConfig = { + PublicKey = "PG2VD0EB+Oi+U5/uVMUdO5MFzn59fAck6hz8GUyLMRo="; + Endpoint = "81.201.149.152:1337"; + AllowedIPs = [ "172.20.72.0/21" "172.22.90.0/24" "172.22.99.0/24" ]; + PersistentKeepalive = 25; + }; + } + ]; + }; + networks."10-wg-zentralwerk" = { + matchConfig.Name = "wg-zentralwerk"; + networkConfig = { + Address = "172.20.76.226/21"; + IPv6AcceptRA = true; + DNS = "172.20.73.8"; + Domains = [ + "~hq.c3d2.de" + "~serv.zentralwerk.org" + "~hq.zentralwerk.org" + "~cluster.zentralwerk.org" + ]; + }; + routes = [ + { + routeConfig = { + Gateway = "172.20.76.225"; + Destination = "172.20.72.0/21"; + Metric = 1023; + }; + } + { + routeConfig = { + Gateway = "172.20.76.225"; + Destination = "172.20.90.0/24"; + Metric = 1023; + }; + } + { + routeConfig = { + Gateway = "172.20.76.225"; + Destination = "172.22.99.0/24"; + Metric = 1023; + }; + } + + ]; + }; + + # VPN + netdevs."10-wg-mullvad" = { + netdevConfig = { + Kind = "wireguard"; + Name = "wg-mullvad"; + }; + wireguardConfig = { + PrivateKeyFile = config.sops.secrets."wg/mullvad".path; + FirewallMark = 34952; # 0x8888 + RouteTable = "off"; + }; + wireguardPeers = [ + { + wireguardPeerConfig = { + PublicKey = "BChJDLOwZu9Q1oH0UcrxcHP6xxHhyRbjrBUsE0e07Vk="; + Endpoint = "169.150.196.15:51820"; + AllowedIPs = [ "0.0.0.0/0" "::0/0" ]; + }; + } + ]; + }; + networks."10-wg-mullvad" = { + matchConfig.Name = "wg-mullvad"; + address = [ "10.66.157.228/32" "fc00:bbbb:bbbb:bb01::3:9de3/128" ]; + networkConfig = { + DNS = "10.64.0.1"; + DNSDefaultRoute = true; + Domains = [ "~." ]; + }; + routes = map + (gate: { + routeConfig = { + Gateway = gate; + Table = 1000; + }; + }) [ + "0.0.0.0" + "::" + ]; + + routingPolicyRules = [ + { + routingPolicyRuleConfig = { + Family = "both"; + FirewallMark = 34952; # 0x8888 + InvertRule = true; + Table = "1000"; + Priority = 100; + }; + } + { + routingPolicyRuleConfig = { + Family = "both"; + SuppressPrefixLength = 0; + Table = "main"; + Priority = 90; + }; + } + ] ++ map + (net: { + # only route global addresses over VPN + routingPolicyRuleConfig = { + Priority = 80; + To = net; + }; + }) [ + # Mullvad endpoint + "169.150.196.15/32" + # "10.0.0.0/8" + "10.13.37.0/24" + "10.66.66.0/24" + # "172.16.0.0/12" + "172.16.0.0/12" + # "182.168.0.0/16" + "182.168.0.0/16" + # "fc00::/7" + ]; + }; + }; +} diff --git a/hosts/toaster/network.nix b/hosts/toaster/network.nix new file mode 100644 index 0000000..26def6b --- /dev/null +++ b/hosts/toaster/network.nix @@ -0,0 +1,57 @@ +{ config, pkgs, ... }: { + environment.systemPackages = with pkgs; [ iwgtk ]; + + networking = { + hostName = "toaster"; + firewall.enable = true; + networkmanager.enable = false; + useNetworkd = true; + wireguard.enable = true; + wireless.iwd.enable = true; + }; + + services.resolved = { + enable = true; + dnssec = "allow-downgrade"; + fallbackDns = [ + "9.9.9.9" + "2620:fe::fe" + "149.112.112.112" + "2620:fe::9" + ]; + }; + + # workaround for networkd waiting for shit + systemd.services.systemd-networkd-wait-online.serviceConfig.ExecStart = [ + "" # clear old command + "${config.systemd.package}/lib/systemd/systemd-networkd-wait-online --any" + ]; + + systemd.network = { + enable = true; + + networks."10-ether" = { + matchConfig.MACAddress = "e8:80:88:2f:c6:70"; + networkConfig = { + DHCP = "yes"; + IPv6AcceptRA = true; + }; + }; + networks."10-dock" = { + matchConfig.Name = "enp5s0f4u1u1"; + networkConfig = { + DHCP = "yes"; + IPv6AcceptRA = true; + }; + dhcpV4Config = { RouteMetric = 666; }; + }; + networks."10-wlan" = { + # matchConfig.MACAddress = "04:7b:cb:2a:aa:8c"; + matchConfig.Name = "wlan0"; + networkConfig = { + DHCP = "yes"; + IPv6AcceptRA = true; + }; + }; + }; +} diff --git a/hosts/toaster/secrets.nix b/hosts/toaster/secrets.nix new file mode 100644 index 0000000..4cf23d7 --- /dev/null +++ b/hosts/toaster/secrets.nix @@ -0,0 +1,20 @@ +{ config, ... }: +{ + sops.defaultSopsFile = ../../secrets/toaster/secrets.yaml; + sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; + + sops.secrets = { + "wg/zw" = { + owner = config.users.users.systemd-network.name; + }; + "wg/dvb" = { + owner = config.users.users.systemd-network.name; + }; + "wg/mullvad" = { + owner = config.users.users.systemd-network.name; + }; + "wg/oxalab" = { + owner = config.users.users.systemd-network.name; + }; + }; +} diff --git a/hosts/toaster/secure-boot.nix b/hosts/toaster/secure-boot.nix new file mode 100644 index 0000000..d18e1cb --- /dev/null +++ b/hosts/toaster/secure-boot.nix @@ -0,0 +1,12 @@ +{ pkgs, lib, ... }: { + boot = { + bootspec.enable = true; + loader.systemd-boot.enable = lib.mkForce false; + lanzaboote = { + enable = true; + pkiBundle = "/etc/secureboot"; + }; + }; + + environment.systemPackages = [ pkgs.sbctl ]; +} diff --git a/hosts/toaster/stateful-network.nix b/hosts/toaster/stateful-network.nix new file mode 100644 index 0000000..2bb0e04 --- /dev/null +++ b/hosts/toaster/stateful-network.nix @@ -0,0 +1,39 @@ +{ pkgs, ... }: { + users.users.grue.extraGroups = [ "networkmanager" ]; + + networking = { + hostName = "toaster"; + firewall.enable = true; + wireguard.enable = true; + }; + + services.resolved = { + enable = true; + dnssec = "allow-downgrade"; + fallbackDns = [ + "9.9.9.9" + "2620:fe::fe" + "149.112.112.112" + "2620:fe::9" + ]; + }; + + # fixup the rpfilter fucking up the networkmanager wireguard + networking.firewall = { + # if packets are still dropped, they will show up in dmesg + logReversePathDrops = true; + # wireguard trips rpfilter up + extraCommands = '' + ip46tables -t mangle -I nixos-fw-rpfilter -p udp -m udp --sport 51820 -j RETURN + ip46tables -t mangle -I nixos-fw-rpfilter -p udp -m udp --dport 51820 -j RETURN + ip46tables -t mangle -I nixos-fw-rpfilter -p udp -m udp --sport 1337 -j RETURN + ip46tables -t mangle -I nixos-fw-rpfilter -p udp -m udp --dport 1337 -j RETURN + ''; + extraStopCommands = '' + ip46tables -t mangle -D nixos-fw-rpfilter -p udp -m udp --sport 51820 -j RETURN || true + ip46tables -t mangle -D nixos-fw-rpfilter -p udp -m udp --dport 51820 -j RETURN || true + ip46tables -t mangle -D nixos-fw-rpfilter -p udp -m udp --sport 1337 -j RETURN || true + ip46tables -t mangle -D nixos-fw-rpfilter -p udp -m udp --dport 1337 -j RETURN || true + ''; + }; +} diff --git a/hosts/toaster/zfs.nix b/hosts/toaster/zfs.nix new file mode 100644 index 0000000..f4bdeea --- /dev/null +++ b/hosts/toaster/zfs.nix @@ -0,0 +1,19 @@ +{ pkgs, ... }: { + services.fstrim.enable = true; + services.zfs = { + autoSnapshot.enable = true; + trim.enable = true; + autoScrub = { + enable = true; + pools = [ "toasterpool" ]; + }; + }; + networking.hostId = "dca22577"; + boot = { + kernelPackages = pkgs.zfs.latestCompatibleLinuxPackages; + supportedFilesystems = [ "zfs" ]; + kernelParams = [ "nohibernate" ]; + plymouth.enable = false; + tmp.useTmpfs = true; + }; +} diff --git a/modules/chromium.nix b/modules/chromium.nix new file mode 100644 index 0000000..4a0f453 --- /dev/null +++ b/modules/chromium.nix @@ -0,0 +1,34 @@ +{ config, pkgs, ... }: + +{ + environment.systemPackages = with pkgs; [ + chromium + ]; + + nixpkgs.config.chromium.commandLineArgs = "--enable-features=UseOzonePlatform --ozone-platform=wayland --force-dark-mode --ignore-gpu-blocklist --enable-gpu-rasterization --enable-zero-copy --enable-native-gpu-memory-buffers --enable-features=VaapiVideoDecoder,VaapiVideoEncoder,CanvasOopRasterization,WebUIDarkMode"; + + programs.chromium = { + enable = true; + extensions = [ + "pkehgijcmpdhfbdbbnkijodmdjhbjlgp" # privacy badger + "ekhagklcjbdpajgpjgmbionohlpdbjgc" # zotero connector + "nngceckbapebfimnlniiiahkandclblb" # bitwarden + "cjpalhdlnbpafiamejdnhcphjbkeiagm" # ublock origin + ]; + extraOpts = { + "BrowserSignin" = 0; + "SyncDisabled" = true; + "PasswordManagerEnabled" = false; + "TranslateEnabled" = false; + "AutofillAddressEnabled" = false; + "AutofillCreditCardEnabled" = false; + "AutoplayAllowed" = false; + "DefaultNotificationSetting" = 2; + "BackgroundModeEnabled" = false; + # "DefaultSearchProviderEnabled" = true; + # "DefaultSearchProviderSearchURL" = "https://google.com/search?q={searchTerms}"; + # "DefaultSearchProviderSearchURL" = "https://duckduckgo.com/?q={searchTerms}"; + "SearchSuggestEnable" = false; + }; + }; +} diff --git a/modules/desktop-software.nix b/modules/desktop-software.nix new file mode 100644 index 0000000..669270b --- /dev/null +++ b/modules/desktop-software.nix @@ -0,0 +1,19 @@ +{ pkgs, ... }: +{ + environment.systemPackages = with pkgs; [ + blender + dino + ffmpeg-full + firefox-wayland + fluffychat + gimp + inkscape + kicad + signal-desktop + tdesktop + tor-browser-bundle-bin + wl-clipboard + yt-dlp + libreoffice + ]; +} diff --git a/modules/dvb-dump-nfs-automount.nix b/modules/dvb-dump-nfs-automount.nix new file mode 100644 index 0000000..2dce2ea --- /dev/null +++ b/modules/dvb-dump-nfs-automount.nix @@ -0,0 +1,26 @@ +{ pkgs, lib, ... }: +{ + + environment.systemPackages = with pkgs; [ nfs-utils ]; + services.rpcbind.enable = true; + + systemd.mounts = [{ + type = "nfs"; + mountConfig = { + Options = "noatime"; + }; + what = "10.13.37.5:/"; + where = "/mnt/dvb"; + }]; + + systemd.automounts = [{ + wantedBy = [ "multi-user.target" ]; + requires = [ "wg-quick-wg-dvb.service" ]; + automountConfig = { + TimeoutIdleSec = "600"; + }; + where = "/mnt/dvb"; + }]; +} + + diff --git a/modules/emacs.nix b/modules/emacs.nix new file mode 100644 index 0000000..74113dd --- /dev/null +++ b/modules/emacs.nix @@ -0,0 +1,29 @@ +{ pkgs, inputs, lib, ... }: + +{ + environment.systemPackages = with pkgs; [ + direnv + ]; + + nixpkgs.overlays = [ + inputs.emacs-overlay.overlay + ]; + + services.emacs = { + install = true; + enable = false; + package = with pkgs; ((emacsPackagesFor (emacs-pgtk.overrideAttrs (old: { + passthru = old.passthru // { + treeSitter = true; + }; + }))).emacsWithPackages (epkgs: with epkgs; [ + # treesitter bits + treesit-grammars.with-all-grammars + + vterm + pdf-tools + ])); + defaultEditor = lib.mkDefault true; + }; + +} diff --git a/modules/gnome.nix b/modules/gnome.nix new file mode 100644 index 0000000..6af207e --- /dev/null +++ b/modules/gnome.nix @@ -0,0 +1,116 @@ +{ config, pkgs, ... }: { + + imports = [ + ./desktop-software.nix + ]; + environment.systemPackages = with pkgs; [ + amberol + celluloid + gnome-console + gnome-obfuscate + gnome.gnome-boxes + gnome.gnome-tweaks + nextcloud-client + qbittorrent + spotify + ]; + + environment.gnome.excludePackages = with pkgs; [ + gnome.totem + gnome.geary + gnome.gnome-music + gnome-console + ]; + + + services.gnome = { + evolution-data-server.enable = true; + gnome-keyring.enable = true; + gnome-online-accounts.enable = true; + }; + + programs = { + seahorse.enable = true; + gnupg.agent.pinentryFlavor = "gnome3"; + evolution = { + enable = true; + plugins = [ pkgs.evolution-ews ]; + }; + }; + + qt = { + enable = true; + platformTheme = "gnome"; + style = "adwaita-dark"; + }; + + services.xserver = { + enable = true; + desktopManager.gnome.enable = true; + displayManager.gdm = { + enable = true; + wayland = true; + }; + }; + + # Enable sound. + security.rtkit.enable = true; + hardware.pulseaudio = { + enable = false; + zeroconf.discovery.enable = true; + extraClientConf = '' + autospawn=yes + ''; + }; + services.pipewire = { + enable = true; + alsa.enable = true; + pulse.enable = true; + }; + + programs.zsh.vteIntegration = true; + programs.bash.vteIntegration = true; + + fonts.fonts = with pkgs; [ + (nerdfonts.override { fonts = [ "FiraCode" "DroidSansMono" ]; }) + monoid + font-awesome + dejavu_fonts + julia-mono + uw-ttyp0 + gohufont + spleen + terminus_font + creep + corefonts + dina-font + fira + fira-mono + hack-font + liberation_ttf + noto-fonts + noto-fonts-cjk + noto-fonts-emoji + noto-fonts-extra + proggyfonts + symbola + open-sans + twemoji-color-font + twitter-color-emoji + iosevka-bin + ]; + + fonts.enableDefaultFonts = true; + fonts.fontconfig = { + enable = true; + allowBitmaps = true; + useEmbeddedBitmaps = true; + defaultFonts.emoji = [ + "Twitter Color Emoji" + "Noto Color Emoji" + ]; + }; + + hardware.bluetooth.enable = true; + +} diff --git a/modules/gnupg.nix b/modules/gnupg.nix new file mode 100644 index 0000000..6d52e66 --- /dev/null +++ b/modules/gnupg.nix @@ -0,0 +1,18 @@ +{ config, pkgs, ... }: + +{ + environment.systemPackages = with pkgs; [ + gnupg + opensc + + yubikey-personalization-gui + ]; + + # smartcard support + services.pcscd.enable = false; + hardware.gpgSmartcards.enable = true; + programs.gnupg.agent = { + enable = true; + enableSSHSupport = true; + }; +} diff --git a/modules/hw-accel-intel.nix b/modules/hw-accel-intel.nix new file mode 100644 index 0000000..a48a93e --- /dev/null +++ b/modules/hw-accel-intel.nix @@ -0,0 +1,21 @@ +# overrides to enable [sometimes] wonky intel acceleration +{ config, pkgs, ... }: + +{ + nixpkgs.config.packageOverrides = pkgs: { + vaapiIntel = pkgs.vaapiIntel.override { enableHybridCodec = true; }; + }; + + hardware.opengl = { + enable = true; + extraPackages = with pkgs; [ + vaapiVdpau + vaapiIntel + libvdpau-va-gl + intel-media-driver + ]; + }; + + boot.initrd.kernelModules = [ "i915" ]; + +} diff --git a/modules/mail/default.nix b/modules/mail/default.nix new file mode 100644 index 0000000..5225480 --- /dev/null +++ b/modules/mail/default.nix @@ -0,0 +1,133 @@ +{ config, pkgs, ... }: +let + mbsyncConf = ./mbsyncrc; +in +{ + environment.systemPackages = with pkgs; [ + isync + msmtp + neomutt + notmuch + alot + w3m + links2 + ]; + + environment.shellAliases = { + mutt = "neomutt"; + }; + + sops.secrets = { + "mail/oxapentane.com" = { + owner = config.users.users.grue.name; + }; + "mail/shipunov.xyz" = { + owner = config.users.users.grue.name; + }; + "mail/dvb.solutions" = { + owner = config.users.users.grue.name; + }; + "mail/tlm.solutions" = { + owner = config.users.users.grue.name; + }; + }; + + programs.msmtp = { + enable = true; + setSendmail = true; + extraConfig = '' + account mail@oxapentane.com + host smtp.migadu.com + port 587 + from *@oxapentane.com + user mail@oxapentane.com + passwordeval cat ${config.sops.secrets."mail/oxapentane.com".path} + auth on + tls on + tls_trust_file /etc/ssl/certs/ca-certificates.crt + logfile ~/.msmtp.log + + account grigory@shipunov.xyz + host smtp.migadu.com + port 587 + from *@shipunov.xyz + user grigory@shipunov.xyz + passwordeval cat ${config.sops.secrets."mail/shipunov.xyz".path} + auth on + tls on + tls_trust_file /etc/ssl/certs/ca-certificates.crt + logfile ~/.msmtp.log + + account dump@dvb.solutions + host smtp.migadu.com + port 587 + from dump@dvb.solutions + user dump@dvb.solutions + passwordeval cat ${config.sops.secrets."mail/dvb.solutions".path} + auth on + tls on + tls_trust_file /etc/ssl/certs/ca-certificates.crt + logfile ~/.msmtp.log + + account grigory@tlm.solutions + host smtp.migadu.com + port 587 + from grigory@tlm.solutions + user grigory@tlm.solutions + passwordeval cat ${config.sops.secrets."mail/tlm.solutions".path} + auth on + tls on + tls_trust_file /etc/ssl/certs/ca-certificates.crt + logfile ~/.msmtp.log + ''; + }; + + + systemd.user = { + + # Service and timer to sync imap to local maildir + services.mbsync = { + enable = true; + after = [ "graphical.target" "network-online.target" ]; + script = '' + ${pkgs.isync}/bin/mbsync -q -a --config=${mbsyncConf} + ''; + serviceConfig = { + Type = "oneshot"; + }; + }; + + timers.mbsync = { + enable = true; + wantedBy = [ "timers.target" ]; + timerConfig = { + Unit = "mbsync.service"; + OnBootSec = "5m"; + OnUnitInactiveSec = "11m"; + }; + }; + + # service and timer to flush the msmtp queue + services.flush-msmtpq = { + enable = true; + after = [ "graphical.target" "network-online.target" ]; + script = '' + ${pkgs.msmtp}/bin/msmtp-queue -r + ''; + serviceConfig = { + Type = "oneshot"; + }; + }; + + timers.flush-msmtpq = { + enable = true; + wantedBy = [ "timers.target" ]; + timerConfig = { + Unit = "flush-msmtpq.service"; + OnBootSec = "11m"; + OnUnitInactiveSec = "13m"; + }; + }; + + }; +} diff --git a/modules/mail/mbsyncrc b/modules/mail/mbsyncrc new file mode 100644 index 0000000..f34f390 --- /dev/null +++ b/modules/mail/mbsyncrc @@ -0,0 +1,97 @@ +IMAPStore mail@oxapentane.com-remote +Host imap.migadu.com +Port 993 +User mail@oxapentane.com +PassCmd "cat /run/secrets/mail/oxapentane.com" +AuthMechs LOGIN +SSLType IMAPS + +MaildirStore mail@oxapentane.com-local +Subfolders Verbatim +Path /home/grue/mail/mail@oxapentane.com/ +Inbox /home/grue/mail/mail@oxapentane.com/INBOX + +Channel mail@oxapentane.com +Expunge Both +Master :mail@oxapentane.com-remote: +Slave :mail@oxapentane.com-local: +Create Both +SyncState * +Patterns * +MaxMessages 0 +ExpireUnread no +# End profile + + +IMAPStore grigory@shipunov.xyz-remote +Host imap.migadu.com +Port 993 +User grigory@shipunov.xyz +PassCmd "cat /run/secrets/mail/shipunov.xyz" +AuthMechs LOGIN +SSLType IMAPS + +MaildirStore grigory@shipunov.xyz-local +Subfolders Verbatim +Path /home/grue/mail/grigory@shipunov.xyz/ +Inbox /home/grue/mail/grigory@shipunov.xyz/INBOX + +Channel grigory@shipunov.xyz +Expunge Both +Master :grigory@shipunov.xyz-remote: +Slave :grigory@shipunov.xyz-local: +Create Both +SyncState * +Patterns * +MaxMessages 0 +ExpireUnread no +# End profile + + +IMAPStore dump@dvb.solutions-remote +Host imap.migadu.com +Port 993 +User dump@dvb.solutions +PassCmd "cat /run/secrets/mail/dvb.solutions" +AuthMechs LOGIN +SSLType IMAPS + +MaildirStore dump@dvb.solutions-local +Subfolders Verbatim +Path /home/grue/mail/dump@dvb.solutions/ +Inbox /home/grue/mail/dump@dvb.solutions/INBOX + +Channel dump@dvb.solutions +Expunge Both +Master :dump@dvb.solutions-remote: +Slave :dump@dvb.solutions-local: +Create Both +SyncState * +Patterns * +MaxMessages 0 +ExpireUnread no +# End profile + +IMAPStore grigory@tlm.solutions-remote +Host imap.migadu.com +Port 993 +User grigory@tlm.solutions +PassCmd "cat /run/secrets/mail/tlm.solutions" +AuthMechs LOGIN +SSLType IMAPS + +MaildirStore grigory@tlm.solutions-local +Subfolders Verbatim +Path /home/grue/mail/grigory@tlm.solutions/ +Inbox /home/grue/mail/grigory@tlm.solutions/INBOX + +Channel grigory@tlm.solutions +Expunge Both +Master :grigory@tlm.solutions-remote: +Slave :grigory@tlm.solutions-local: +Create Both +SyncState * +Patterns * +MaxMessages 0 +ExpireUnread no +# End profile diff --git a/modules/radio.nix b/modules/radio.nix new file mode 100644 index 0000000..7df20bf --- /dev/null +++ b/modules/radio.nix @@ -0,0 +1,39 @@ +{ lib, pkgs, ... }: + +{ + environment.systemPackages = with pkgs; [ + gnuradio + gqrx + cubicsdr + sdrangel + multimon-ng + sox + + libusb1 + rtl-sdr + hackrf + soapyhackrf + + sigdigger + suscan + sigutils + ]; + + hardware = { + rtl-sdr.enable = true; + hackrf.enable = true; + }; + + services.udev.extraRules = '' + # MCH2022 Badge + SUBSYSTEM=="usb", ATTR{idVendor}=="16d0", ATTR{idProduct}=="0f9a", MODE="0666" + + #Flipper Zero serial port + SUBSYSTEMS=="usb", ATTRS{idVendor}=="0483", ATTRS{idProduct}=="5740", ATTRS{manufacturer}=="Flipper Devices Inc.", TAG+="uaccess" + #Flipper Zero DFU + SUBSYSTEMS=="usb", ATTRS{idVendor}=="0483", ATTRS{idProduct}=="df11", ATTRS{manufacturer}=="STMicroelectronics", TAG+="uaccess" + #Flipper ESP32s2 BlackMagic + SUBSYSTEMS=="usb", ATTRS{idVendor}=="303a", ATTRS{idProduct}=="40??", ATTRS{manufacturer}=="Flipper Devices Inc.", TAG+="uaccess" + ''; + +} diff --git a/modules/science.nix b/modules/science.nix new file mode 100644 index 0000000..b6ce66b --- /dev/null +++ b/modules/science.nix @@ -0,0 +1,17 @@ +{ config, pkgs, ... }: +{ + environment.systemPackages = with pkgs; [ + (rWrapper.override { + packages = with rPackages; [ + ggplot2 + swirl + dplyr + data_table + ]; + }) + gnuplot + zotero + python3Full + paraview + ]; +} diff --git a/modules/sway.nix b/modules/sway.nix new file mode 100644 index 0000000..834b38c --- /dev/null +++ b/modules/sway.nix @@ -0,0 +1,166 @@ +# General Desktop-related config +{ pkgs, ... }: +{ + imports = [ + ./desktop-software.nix + ]; + environment.systemPackages = with pkgs; [ + screen-message + qbittorrent + gajim + imv + swayimg + mpv + evince + brightnessctl + pulsemixer + cmus + termusic + gsettings-desktop-schemas + xdg-utils + nextcloud-client + foot + qt5.qtwayland + bashmount + gnome.nautilus + audacity + ]; + + #on the desktop, we need nice fonts ^^ + fonts.fonts = with pkgs; [ + monoid + font-awesome + dejavu_fonts + julia-mono + uw-ttyp0 + gohufont + spleen + terminus_font + creep + corefonts + dina-font + fira + fira-mono + hack-font + liberation_ttf + noto-fonts + noto-fonts-cjk + noto-fonts-emoji + noto-fonts-extra + proggyfonts + symbola + open-sans + twemoji-color-font + twitter-color-emoji + iosevka + ]; + + fonts.enableDefaultFonts = true; + fonts.fontconfig = { + enable = true; + allowBitmaps = true; + useEmbeddedBitmaps = true; + defaultFonts.emoji = [ + "Noto Color Emoji" + "Twitter Color Emoji" + ]; + }; + + # Enable sound. + security.rtkit.enable = true; + + services.avahi = { + enable = true; + nssmdns = true; + }; + + services.pipewire = { + enable = true; + alsa.enable = true; + pulse.enable = true; + }; + hardware.pulseaudio.zeroconf.discovery.enable = true; + + hardware.bluetooth = { + enable = true; + package = pkgs.bluez; + }; + + programs.zsh.vteIntegration = true; + programs.bash.vteIntegration = true; + services.upower.enable = true; + + services.acpid.enable = true; + programs.light.enable = true; + + services.blueman.enable = true; + + programs.xwayland.enable = true; + programs.sway = { + enable = true; + wrapperFeatures.gtk = true; + extraSessionCommands = '' + export SDL_VIDEODRIVER=wayland + export QT_QPA_PLATFORM=wayland-egl + export QT_WAYLAND_DISABLE_WINDOWDECORATION="1" + export QT_QPA_PLATFORMTHEME="gnome" + export QT_STYLE_OVERRIDE="adwaita-dark" + ''; + extraPackages = with pkgs; [ + alacritty + pamixer + swaylock + graphicsmagick + swayidle + wl-clipboard + mako + foot + rofi-wayland + grim + slurp + gnome.adwaita-icon-theme + i3status-rust + kanshi + wl-mirror + gammastep + ]; + }; + environment.sessionVariables = { GTK_THEME = "Adwaita:dark"; }; + xdg.portal = { + enable = true; + wlr.enable = true; + extraPortals = [ pkgs.xdg-desktop-portal-gtk ]; + }; + + services.udisks2.enable = true; + environment.shellAliases = { + # mounting shit + mnt = "udisksctl mount -b"; + umnt = "udisksctl unmount -b"; + unlock = "udisksctl unlock -b"; + lock = "udisksctl lock -b"; + # easier navigation + pwc = "pwd|wl-copy"; + cdp = "cd $(wl-paste)"; + }; + + qt = { + enable = true; + platformTheme = "gnome"; + style = "adwaita-dark"; + }; + + services.gnome.gnome-keyring.enable = true; + security.pam.services.greetd.enableGnomeKeyring = true; + + services.greetd = { + enable = true; + settings = { + default_session = { + command = "${pkgs.greetd.tuigreet}/bin/tuigreet --time --greeting \"$(${pkgs.fortune}/bin/fortune -s)\" --cmd ${pkgs.sway}/bin/sway"; + }; + }; + }; + + programs.gnupg.agent.pinentryFlavor = "curses"; +} diff --git a/modules/tlp.nix b/modules/tlp.nix new file mode 100644 index 0000000..b9753a4 --- /dev/null +++ b/modules/tlp.nix @@ -0,0 +1,14 @@ +{ config, pkgs, ... }: + +{ + powerManagement.cpuFreqGovernor = null; + services.power-profiles-daemon.enable = false; + services.tlp = { + enable = true; + settings = { + USB_BLACKLIST = "1d50:604b 1d50:6089 1d50:cc15 1fc9:000c"; + CPU_SCALING_GOVERNOR_ON_AC = "performance"; + CPU_SCALING_GOVERNOR_ON_BAT = "powersave"; + }; + }; +} diff --git a/modules/vscode.nix b/modules/vscode.nix new file mode 100644 index 0000000..0bc26d7 --- /dev/null +++ b/modules/vscode.nix @@ -0,0 +1,22 @@ +{ pkgs, ... }: { +environment.systemPackages = with pkgs; [ + (vscode-with-extensions.override { + vscodeExtensions = with vscode-extensions; [ + bbenoist.nix + ms-python.python + ms-vscode-remote.remote-ssh + rust-lang.rust-analyzer + vscodevim.vim + james-yu.latex-workshop + ms-toolsai.jupyter + ] ++ pkgs.vscode-utils.extensionsFromVscodeMarketplace [ + { + name = "remote-ssh-edit"; + publisher = "ms-vscode-remote"; + version = "0.86.0"; + sha256 = "sha256-JsbaoIekUo2nKCu+fNbGlh5d1Tt/QJGUuXUGP04TsDI="; + } + ]; + }) +]; +} diff --git a/pkgs/imhex.nix b/pkgs/imhex.nix new file mode 100644 index 0000000..9f096fe --- /dev/null +++ b/pkgs/imhex.nix @@ -0,0 +1,75 @@ +{ gcc12Stdenv +, lib +, cmake +, ccache +, glfw +, glm +, magic-vlsi +, mbedtls +, freetype +, dbus +, capstone +, openssl +, pkg-config +, lld +, libGL +, wrapQtAppsHook +, fetchFromGitHub +}: +gcc12Stdenv.mkDerivation rec { + pname = "imhex"; + version = "1.26.2"; + + src = fetchFromGitHub { + owner = "WerWolv"; + repo = "ImHex"; + rev = "v${version}"; + fetchSubmodules = true; + sha256 = "sha256-H2bnRByCUAltngmVWgPW4vW8k5AWecOAzwtBKsjbpTw="; + }; + + nativeBuildInputs = [ + cmake + pkg-config + lld + ]; + + cmakeFlags = [ + "-DCMAKE_BUILD_TYPE=Release" + # "-DCMAKE_INSTALL_PREFIX="/usr"" + "-DCMAKE_C_COMPILER_LAUNCHER=ccache" + "-DCMAKE_CXX_COMPILER_LAUNCHER=ccache" + "-DCMAKE_C_FLAGS=-fuse-ld=lld" + "-DCMAKE_CXX_FLAGS=-fuse-ld=lld" + "-DCMAKE_OBJC_COMPILER_LAUNCHER=ccache" + "-DCMAKE_OBJCXX_COMPILER_LAUNCHER=ccache" + + # looks like the cmake here tries to be "helpful"... + "-DFREETYPE_LIBRARY=${freetype.dev}" + "-DFREETYPE_INCLUDE_DIRS=${freetype.dev}" + "-DOPENGL_opengl_LIBRARY=${libGL.dev}" + "-DOPENGL_glx_LIBRARY=${libGL.dev}" + "-DOPENGL_INCLUDE_DIR=${libGL.dev}" + "-DMBEDTLS_LIBRARY=${mbedtls}" + "-DMBEDTLS_INCLUDE_DIRS=${mbedtls}" + "-DMBEDX509_LIBRARY=${mbedtls}" + "-DMBEDCRYPTO_LIBRARY=${mbedtls}" + + "-DCMAKE_PREFIX_PATH=${glfw}" + "-DCMAKE_LIBRARY_PATH=${magic-vlsi}" + "-DCMAKE_PREFIX_PATH=${dbus.dev}" + ]; + + BuildInputs = [ + ccache + glfw + glm + magic-vlsi + mbedtls + freetype + dbus + openssl + capstone + libGL + ]; +} diff --git a/pkgs/slick.nix b/pkgs/slick.nix new file mode 100644 index 0000000..c476440 --- /dev/null +++ b/pkgs/slick.nix @@ -0,0 +1,24 @@ +{ stdenv, lib, openssl, pkgconfig, fetchFromGitHub, rustPlatform }: + +rustPlatform.buildRustPackage rec { + pname = "slick"; + version = "0.10.0"; + + src = fetchFromGitHub { + owner = "nbari"; + repo = pname; + rev = version; + sha256 = "sha256-GM9OHnySc3RVkfaK7yMf1LqpGdz3emq2H/3tSAph4jw="; + }; + + buildInputs = [ openssl pkgconfig ]; + nativeBuildInputs = [ pkgconfig ]; + + cargoSha256 = "sha256-2WxFprq+AcXGXDMjMQvqKTkeWQEWM/z2Fz6qYPtSFGw="; + + meta = with lib; { + description = "Async ZSH prompt"; + homepage = "https://github.com/nbari/slick"; + license = licenses.bsd3; + }; +} diff --git a/secrets/toaster/secrets.yaml b/secrets/toaster/secrets.yaml new file mode 100644 index 0000000..f6d50fc --- /dev/null +++ b/secrets/toaster/secrets.yaml @@ -0,0 +1,52 @@ +wg: + mullvad: ENC[AES256_GCM,data:9wgZKgcVGBIkNrfeurwDOCWLE6t2z7bN5KaUAeiRAcGRKO5uAkVCp0kpWZc=,iv:c1XM8GXEeAuDM47pTA5Pa6lPCI0fwau1uZdSaDcBykI=,tag:pSjmhHw7mt7hGTLpXFPsHQ==,type:str] + zw: ENC[AES256_GCM,data:CXrLvV+b9DUfmr+CwH8dBTHvDHtgVmiF9g+QpzFqMcc91yQDzQqT1d4AQSk=,iv:Wdj11qlGWGm2XSieFZ4csqdIyR0epzPCkeWyUUmjJbk=,tag:UO07WUwr138B5TtMGujvew==,type:str] + oxalab: ENC[AES256_GCM,data:YRN3fSzukqgDK3Bf5O7I8U3QmJAINCsjSseOZfzM/4xGXfGbBNeH3UmD0PI=,iv:U3kXH1HdT4OWcFZ+40a5W+jQ1hdS4UYYXxxyy+SqHEU=,tag:w65VyfylSKnM7c50BRCVgQ==,type:str] + dvb: ENC[AES256_GCM,data:1+IM6ORPtlIroeekaJSkOwYArh0fN6ycJNaXo680pE2Xv4DUBrIlh8q3V2A=,iv:btf3IpM4Wntkf3RYPwUdhH+4WUUqZp0zYp0aj2sdGM0=,tag:MDvS4CWYQLdp2YGs3/5Htw==,type:str] +mail: + oxapentane.com: ENC[AES256_GCM,data:HW1xcclr5CiUFVF8As79ZZH1c14sl4T0l18=,iv:leAVYaQkMuJewkCZc3fTUUNzZ9BDjV5CuT84bzvhrrs=,tag:Mm8OB8gLbmUwKSLugTR6GA==,type:str] + shipunov.xyz: ENC[AES256_GCM,data:cg+P+FrZ2icjfhwDGKGyUH9DejSZHpNs2bcSBPyz8g==,iv:XZFaSXnGmTL9j2sEyt5Q7+pe6rr+WA/0UGq/2Gl5DTI=,tag:oq+5EuJWJKwK3h0/e6Uozw==,type:str] + dvb.solutions: ENC[AES256_GCM,data:GSjPIPA5TGMWfhdRzTsiHPfXFVGLVSpJvJG+I++i,iv:EBlk00wqADCuYTzuVcuX9kSn6TVBfN12UlcXyps6TtE=,tag:G7rKTngN4v2FtuhQEMdUQQ==,type:str] + tlm.solutions: ENC[AES256_GCM,data:ncTMh/jw+YmcmcVU/c1I36vV1CwtmtYwfyDUx9w9,iv:vPnmdvDnEJ9FF4rDkSfPnLWebleSgI/yG7qOgJfq5ic=,tag:z4w4LOGf2v0TBSxrHULBsw==,type:str] +irc: + senpai: ENC[AES256_GCM,data:PvvYDSbmjeS2EUV8Jw2YVvFTBu/0fhuHFXXkkTUq,iv:e8toiG9ldrTfJc3ZrMO3qfSxmefiFgrD/o2x3EP3uis=,tag:QVdTuAEVFR6zoebJxeLyTw==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1qyj95tsntreefqeetawqy5pf26456s9c0v3tzz8yzs706c0jsg6qv56jzk + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBTVmx5T0ROT1ZPZ2JmUHhn + bWZ3UlZvQTR1Y0VOSXJsSy9makswR1VTSDBZCjZmOVZQdkF3b0tkWmo2aGcrOWZs + ZDBwRVFSK3BTdVlpWUpNVW5qWWFVZjQKLS0tIFJOdWxOSGR2SXdlWXBDTkMvUDlG + T3F6NXpBbEFxemVzM0lxbEdKMlVzYlEK9YPSglPYmsk3fH7qduK/FVFIWnHaQ6O1 + ZJsgmz/5H7TPbSoy6mfyROQY+b7amJDSAAqhLazKYI22yP3Gnkmmbg== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2023-02-09T19:44:17Z" + mac: ENC[AES256_GCM,data:zOB88rp+cjB+RFOrAnvdNEkKxYRKidmQOBwXI+cOwAfl/FBvGt68u08PjLEEABZvfrehLPgHQL9pnmTAuu6k49CezWCW/23F9GkswZlxji1qS40jl9XgeV7WfluWke78a9FW9MuAP2CpB5tZcAIcO6Q6Ngk1NVDBYX2R7D0fAeI=,iv:ETarRq0uwU3Kuoxf8lLgcLWm7MivFQ3W1EKIKFCho/s=,tag:V00p6PknQoV1t1R7UoiZOA==,type:str] + pgp: + - created_at: "2023-01-09T22:45:17Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + wcFMA7zUOKwzpAE7AQ//SREB1bVNjocJIdu1OsRi/98r/Sq66jvfvv9qN4iarhX6 + nULcylhQgxMAEaY2af1aWfzH8aVOQFfFWQaFLNCs44TkSa9MCPxPrqRI4qCPl9os + V6l9IVOhmv/HIDlHvTOfsFYZjE9LOtA5y3VrQqLBG4zjpTczcQxlrHgeSZyDrS9i + eqTiVVwdiZurFUMoety63S82u62YjtEwgHbFYdKnodEPygZvU5LFftmTRdDRNCII + i6tJRe70HTg2gNBxQEwh/DTcyQBaUkermhDaok0ABW6BFfrwzaxaUXexqFAqk7XK + fpWNGUX4w8ExtZ6XH/6vlu17yhej4VP9EuHzlZTPPjBPRcdPXETo3QShB+tH4hvw + aPgOfJaneVM+MpwgVW66qWmQt7NpaHLRo2tjvZnvuVXlg/AnuphaXpfafRja2DEj + hMH+FAIiQr5tFLf9ur8VltdeOsjWj7NbfWYEGm9UW0eHC5r/NuEZiQVt7BKWPU70 + DcZdN9f3Scs9mpNuD/CGhf4Oj4L0tkgt/x2mirkSQcB0lui8s1/joCCV/7cZ30jB + /FHATHlo6RW1S8uGVcb1dkfsv4ki+4bvh1ZxZRuQg9rNlPWyHEIG6VJSMmgC7e9Y + P1NS/WF35BybvXFR3UVJca9qciRvPzcRo/4sEJtuPbwXpAqHR4OavHJhmb4ZDYfS + UQE6svFmutqwRPC2WSk0Knxh5o/bUYrliT6FU01xwkkIo5SgahDe0XJeXS3poQEs + htM7FZ7w0PjcRa66cul5j5FjDI4R7ZcFupv6RF84ImP5hw== + =3z9H + -----END PGP MESSAGE----- + fp: DD0998E6CDF294537FC604F991FA5E5BF9AA901C + unencrypted_suffix: _unencrypted + version: 3.7.3