lytedev/dotfiles
Archived
1
0
Fork 1
Code Issues Pull requests Releases Wiki Activity

Merge remote-tracking branch 'origin/main'

Browse source
This commit is contained in:
Daniel Flanagan 2023-08-10 09:47:40 -05:00
commit 5289c6de6f
Signed by: lytedev
GPG key ID: 5B2020A0F9921EF4
15 changed files with 659 additions and 81 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
common/fish/config.fish
View file

@ -42,13 +42,17 @@ if test -f /nix/var/nix/profiles/default/etc/profile.d/nix-daemon.sh
set --prepend --export --global fish_user_paths $HOME/.nix-profile/bin /nix/var/nix/profiles/default/bin
end
if has_command nnn
source $DOTFILES_PATH/common/nnn/config.fish
if has_command direnv
direnv hook fish | source
end
# everything after this is ONLY relevant to interactive shells
status --is-interactive || exit
if has_command nnn
source $DOTFILES_PATH/common/nnn/config.fish
end
for f in prompt key-bindings
source $FISH_PATH/$f.fish
end

5
common/helix/languages.toml
View file

@ -6,6 +6,11 @@ auto-format = true
name = "html"
auto-format = false
[[language]]
name = "nix"
auto-format = true
formatter = { command = "nixpkgs-fmt", args = [] }
[[language]]
name = "fish"
auto-format = true

4
os/linux/nix/.sops.yaml
View file

@ -2,11 +2,11 @@ keys:
- &daniel age1stdue5q5teskee057ced6rh9pzzr93xsy66w4sc3zu49rgxl7cjshztt45 # pass age-key | rg '# pub'
- &sshd-at-beefcake age1k8s590x34ghz7yrjyrgzkd24j252srf0mhfy34halp4frwr065csrlt2ev # ssh beefcake "nix-shell -p ssh-to-age --run 'cat /etc/ssh/ssh_host_ed25519_key.pub | ssh-to-age'"
creation_rules:
- path_regex: secrets/[^/]+\.(yaml|json|env|ini)$
- path_regex: secrets/[^/]+\.(ya?ml|json|env|ini)$
key_groups:
- age:
- *daniel
- path_regex: secrets/beefcake/[^/]+\.(yaml|json|env|ini)$
- path_regex: secrets/beefcake/[^/]+\.(ya?ml|json|env|ini)$
key_groups:
- age:
- *daniel

75
os/linux/nix/daniel.nix Normal file
View file

@ -0,0 +1,75 @@
{ pkgs, ... }: {
home.username = "daniel";
home.homeDirectory = "/home/daniel/.home";
home.stateVersion = "23.05";
programs.home-manager.enable = true;
programs.direnv.enable = true;
programs.nix-direnv.enable = true;
programs.fish.enable = true;
programs.nix-index = {
enable = true;
enableFishIntegration = true;
};
home.pointerCursor = {
name = "Catppuccin-Mocha-Sapphire-Cursors";
package = pkgs.catppuccin-cursors.mochaSapphire;
size = 64; # TODO: this doesn't seem to work -- at least in Sway
};
programs.firefox = {
enable = true;
package = (pkgs.firefox.override { extraNativeMessagingHosts = [ pkgs.passff-host ]; });
# extensions = with pkgs.nur.repos.rycee.firefox-addons; [
# ublock-origin
# ]; # TODO: would be nice to have _all_ my firefox stuff managed here instead of Firefox Sync maybe?
profiles = {
daniel = {
id = 0;
settings = {
"general.smoothScroll" = true;
};
extraConfig = ''
user_pref("toolkit.legacyUserProfileCustomizations.stylesheets", true);
// user_pref("full-screen-api.ignore-widgets", true);
user_pref("media.ffmpeg.vaapi.enabled", true);
user_pref("media.rdd-vpx.enabled", true);
'';
userChrome = ''
/* Remove close button*/ .titlebar-buttonbox-container{ display:none }
#webrtcIndicator {
display: none;
}
#main-window[tabsintitlebar="true"]:not([extradragspace="true"]) #TabsToolbar>.toolbar-items {
opacity: 0;
pointer-events: none;
}
#main-window:not([tabsintitlebar="true"]) #TabsToolbar {
visibility: collapse !important;
}
'';
# userContent = ''
# '';
};
};
};
# wayland.windowManager.sway = {
# enable = true;
# }; # TODO: would be nice to have my sway config declared here instead of symlinked in by dotfiles scripts?
# maybe we can share somehow so things for nix-y systems and non-nix-y systems alike
}

36
os/linux/nix/flake.lock
View file

@ -6,11 +6,11 @@
"nixpkgs": "nixpkgs"
},
"locked": {
"lastModified": 1690530040,
"narHash": "sha256-xuEvYkll4AB++/aatW3x8eXCsv9Kz7rujfOK3uzxTIQ=",
"lastModified": 1690574004,
"narHash": "sha256-1bF8WGiYe9AwhVaRN2VcyIPmQsnxRL5BPQC1hAe3K64=",
"ref": "refs/heads/master",
"rev": "8aab004307252563e0b2c8de55e13bdf9891c892",
"revCount": 63,
"rev": "02bf4481bc8d057a7ef4ae01467f8bd574ccb1c1",
"revCount": 71,
"type": "git",
"url": "ssh://gitea@git.lyte.dev/lytedev/api.lyte.dev.git"
},
@ -19,6 +19,27 @@
"url": "ssh://gitea@git.lyte.dev/lytedev/api.lyte.dev.git"
}
},
"disko": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1690739034,
"narHash": "sha256-roW02IaiQ3gnEEDMCDWL5YyN+C4nBf/te6vfL7rG0jk=",
"owner": "nix-community",
"repo": "disko",
"rev": "4015740375676402a2ee6adebc3c30ea625b9a94",
"type": "github"
},
"original": {
"owner": "nix-community",
"ref": "master",
"repo": "disko",
"type": "github"
}
},
"flake-utils": {
"inputs": {
"systems": "systems"
@ -92,11 +113,11 @@
},
"nixpkgs_2": {
"locked": {
"lastModified": 1690370995,
"narHash": "sha256-9z//23jGegLJrf3ITStLwVf715O39dq5u48Kr/XW14U=",
"lastModified": 1691252436,
"narHash": "sha256-SKKPKYOnFcwqECehxoFBMLv29CZXC5qCDuETSuXd82g=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "f3fbbc36b4e179a5985b9ab12624e9dfe7989341",
"rev": "9607b9149c9d81fdf3dc4f3bcc278da146ffbd77",
"type": "github"
},
"original": {
@ -109,6 +130,7 @@
"root": {
"inputs": {
"api-lyte-dev": "api-lyte-dev",
"disko": "disko",
"home-manager": "home-manager",
"nixpkgs": "nixpkgs_2",
"sops-nix": "sops-nix"

30
os/linux/nix/flake.nix
View file

@ -1,17 +1,14 @@
# Welcome to my nix config! I'm just getting started with flakes, so please
# forgive the mess.
# TODO: would be nice to get hardware congigs in here as well
# TODO: declarative disks with https://github.com/nix-community/disko
# TODO: home-manager?
{
inputs = {
nixpkgs.url = "github:NixOS/nixpkgs/nixos-23.05";
# TODO: this could be a tarball? fully recompiling this on every change suuuucks
# TODO: this could be a release tarball? fully recompiling this on every change suuuucks
api-lyte-dev.url = "git+ssh://gitea@git.lyte.dev/lytedev/api.lyte.dev.git";
home-manager = {
@ -21,6 +18,13 @@
inputs.nixpkgs.follows = "nixpkgs";
};
disko = {
url = "github:nix-community/disko/master"; # NOTE: lock update!
# use the version of nixpkgs we specified above rather than the one HM would ordinarily use
inputs.nixpkgs.follows = "nixpkgs";
};
sops-nix = {
url = "github:Mic92/sops-nix";
inputs.nixpkgs.follows = "nixpkgs";
@ -45,6 +49,24 @@
}
];
};
thinker = inputs.nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
specialArgs = { inherit inputs; };
modules = [
inputs.disko.nixosModules.disko
./machines/thinker-disks.nix
{ _module.args.disks = [ "/dev/nvme0n1" ]; }
./machines/thinker.nix
inputs.home-manager.nixosModules.home-manager
inputs.sops-nix.nixosModules.sops
{
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
home-manager.users.daniel = import ./daniel.nix;
}
];
};
};
};
}

87
os/linux/nix/machines/beefcake.nix
View file

@ -5,53 +5,61 @@
{ config, pkgs, ... }: rec {
nix.settings.experimental-features = [ "nix-command" "flakes" ];
imports = [
# <sops-nix/modules/sops>
./beefcake-hardware.nix
];
services.api-lyte-dev = {
services.api-lyte-dev = rec {
enable = true;
port = 5757;
stateDir = "/var/lib/api-lyte-dev";
configFile = sops.secrets.api-lyte-dev.path;
configFile = sops.secrets."api.lyte.dev".path;
user = "api-lyte-dev";
group = user;
};
systemd.services.api-lyte-dev.environment.LOG_LEVEL = "debug";
sops = {
defaultSopsFile = ../secrets/beefcake/example.yaml;
defaultSopsFile = ../secrets/beefcake/secrets.yml;
age = {
sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
keyFile = "/var/lib/sops-nix/key.txt";
generateKey = true;
};
secrets = {
api-lyte-dev = {
sopsFile = ../secrets/beefcake/api-lyte-dev.json;
format = "json";
# example-key = {
# # see these and other options' documentation here:
# # https://github.com/Mic92/sops-nix#set-secret-permissionowner-and-allow-services-to-access-it
# # set permissions:
# # mode = "0440";
# # owner = config.users.users.nobody.name;
# # group = config.users.users.nobody.group;
# # restart service when a secret changes or is newly initialized
# # restartUnits = [ "home-assistant.service" ];
# # symlink to certain directories
# path = "/var/lib/my-example-key/secrets.yaml";
# # for use as a user password
# # neededForUsers = true;
# };
# subdirectory
# "myservice/my_subdir/my_secret" = { };
"api.lyte.dev" = {
path = "${services.api-lyte-dev.stateDir}/secrets.json";
# TODO: would be cool to assert that it's correctly-formatted JSON?
mode = "0440";
owner = services.api-lyte-dev.user;
group = services.api-lyte-dev.group;
};
example-key = {
# see these and other options' documentation here:
# https://github.com/Mic92/sops-nix#set-secret-permissionowner-and-allow-services-to-access-it
# set permissions:
# mode = "0440";
# owner = config.users.users.nobody.name;
# group = config.users.users.nobody.group;
# restart service when a secret changes or is newly initialized
# restartUnits = [ "home-assistant.service" ];
# symlink to certain directories
path = "/var/lib/my-example-key/secrets.yaml";
# for use as a user password
# neededForUsers = true;
};
"myservice/my_subdir/my_secret" = { };
plausible-admin-password = {};
plausible-erlang-cookie = {};
plausible-secret-key-base = {};
};
};
@ -312,23 +320,25 @@
services.clickhouse.enable = true;
services.plausible = {
enable = false; # TODO: enable this and fix access? probably need a proper secrets management system that integrates with nix (sops-nix?)
# otherwise we can probably chown these files to a group that plausible has access to for reading
releaseCookiePath = "/root/plausible-erlang-cookie";
enable = true;
releaseCookiePath = config.sops.secrets.plausible-erlang-cookie.path;
database = {
clickhouse.setup = true;
postgres.setup = true;
postgres = {
setup = false;
dbname = "plausible";
};
};
server = {
baseUrl = "http://beefcake.hare-cod.ts.net:8899";
disableRegistration = true;
port = 8899;
secretKeybaseFile = "/root/plusible-secret-key-base";
secretKeybaseFile = config.sops.secrets.plausible-secret-key-base.path;
};
adminUser = {
activate = true;
activate = false;
email = "daniel@lyte.dev";
passwordFile = "/root/plausible-admin-password";
passwordFile = config.sops.secrets.plausible-admin-password.path;
};
};
@ -357,21 +367,22 @@
authentication = pkgs.lib.mkOverride 10 ''
#type database DBuser auth-method
local all postgres peer map=superuser_map
local all daniel peer map=superuser_map
local sameuser all peer map=superuser_map
local plausible plausible peer map=superuser_map
local plausible plausible peer map=superuser_map
# lan ipv4
host all all 10.0.0.0/24 trust
# tailnet ipv4
host all all 100.64.0.0/10 trust
host all all 100.64.0.0/10 trust
'';
identMap = ''
# ArbitraryMapName systemUser DBUser
superuser_map root postgres
superuser_map postgres postgres
superuser_map daniel postgres
superuser_map root postgres
superuser_map postgres postgres
superuser_map daniel postgres
# Let other names login as themselves
superuser_map /^(.*)$ \1
'';

60
os/linux/nix/machines/thinker-disks.nix Normal file
View file

@ -0,0 +1,60 @@
{ disks ? [ "/dev/vda" ], ... }: {
disko.devices = {
disk = {
vdb = {
type = "disk";
device = builtins.elemAt disks 0;
content = {
type = "gpt";
partitions = {
ESP = {
label = "EFI";
name = "ESP";
size = "512M";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
mountOptions = [
"defaults"
];
};
};
luks = {
size = "100%";
content = {
type = "luks";
name = "crypted";
extraOpenArgs = [ "--allow-discards" ];
# if you want to use the key for interactive login be sure there is no trailing newline
# for example use `echo -n "password" > /tmp/secret.key`
keyFile = "/tmp/secret.key"; # Interactive
# settings.keyFile = "/tmp/password.key";
# additionalKeyFiles = ["/tmp/additionalSecret.key"];
content = {
type = "btrfs";
extraArgs = [ "-f" ];
subvolumes = {
"/root" = {
mountpoint = "/";
mountOptions = [ "compress=zstd" "noatime" ];
};
"/home" = {
mountpoint = "/home";
mountOptions = [ "compress=zstd" "noatime" ];
};
"/nix" = {
mountpoint = "/nix";
mountOptions = [ "compress=zstd" "noatime" ];
};
};
};
};
};
};
};
};
};
};
}

27
os/linux/nix/machines/thinker-hardware.nix Normal file
View file

@ -0,0 +1,27 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, modulesPath, ... }:
{
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "usb_storage" "sd_mod" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ ];
boot.extraModulePackages = [ ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.enp0s31f6.useDHCP = lib.mkDefault true;
# networking.interfaces.wlp3s0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

328
os/linux/nix/machines/thinker.nix Normal file
View file

@ -0,0 +1,328 @@
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running `nixos-help`).
{ pkgs, nixpkgs, ... }:
let
dbus-sway-environment = pkgs.writeTextFile {
name = "dbus-sway-environment";
destination = "/bin/dbus-sway-environment";
executable = true;
text = ''
dbus-update-activation-environment --systemd WAYLAND_DISPLAY XDG_CURRENT_DESKTOP=sway
systemctl --user stop wireplumber xdg-desktop-portal xdg-desktop-portal-wlr
systemctl --user start wireplumber xdg-desktop-portal xdg-desktop-portal-wlr
'';
};
# TODO: hibernation?
# TODO: fonts? right now, I'm just installing to ~/.local/share/fonts
configure-gtk = pkgs.writeTextFile {
name = "configure-gtk";
destination = "/bin/configure-gtk";
executable = true;
text =
let
schema = pkgs.gsettings-desktop-schemas;
datadir = "${schema}/share/gsettings-schemas/${schema.name}";
in
''
export XDG_DATA_DIRS="${datadir}:$XDG_DATA_DIRS
gnome_schema = org.gnome.desktop.interface
gsettings set $gnome_schema gtk-theme 'Catppuccin-Mocha'
'';
};
in
{
imports =
[
# Include the results of the hardware scan.
./thinker-hardware.nix
];
nix.settings.experimental-features = [ "nix-command" "flakes" ];
# Use the systemd-boot EFI boot loader.
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
nixpkgs.config = {
allowUnfree = true;
packageOverrides = pkgs: {
vaapiIntel = pkgs.vaapiIntel.override { enableHybridCodec = true; };
};
};
hardware.opengl = {
enable = true;
driSupport32Bit = true;
driSupport = true;
extraPackages = with pkgs; [
intel-media-driver # LIBVA_DRIVER_NAME=iHD
vaapiIntel # LIBVA_DRIVER_NAME=i965 (older but works better for Firefox/Chromium)
vaapiVdpau
libvdpau-va-gl
];
};
xdg.portal = {
enable = true;
wlr.enable = true;
};
programs.sway = {
enable = true;
wrapperFeatures.gtk = true;
};
networking.hostName = "thinker"; # Define your hostname.
# Pick only one of the below networking options.
# networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.
networking.networkmanager.enable = true;
security.polkit.enable = true;
security.rtkit.enable = true;
programs.fish.enable = true;
users.defaultUserShell = pkgs.fish;
services.pipewire = {
enable = true;
wireplumber.enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
# pulse.support32Bit = true;
jack.enable = true;
};
# Set your time zone.
time.timeZone = "America/Chicago";
# Configure network proxy if necessary
# networking.proxy.default = "http://user:password@proxy:port/";
# networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
# Select internationalisation properties.
i18n.defaultLocale = "en_US.UTF-8";
console = {
font = "Lat2-Terminus16";
useXkbConfig = true;
};
# Enable the X11 windowing system.
# services.xserver.enable = true;
# Configure keymap in X11
services.xserver.layout = "us";
services.xserver.xkbOptions = "ctrl:nocaps";
# Enable CUPS to print documents.
# services.printing.enable = true;
# Enable sound.
# sound.enable = true;
# hardware.pulseaudio.support32Bit = true;
hardware.pulseaudio.support32Bit = true;
# Enable touchpad support (enabled default in most desktopManager).
# services.xserver.libinput.enable = true;
# Define a user account. Don't forget to set a password with passwd.
users.users.daniel = {
isNormalUser = true;
home = "/home/daniel/.home";
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAPLXOjupz3ScYjgrF+ehrbp9OvGAWQLI6fplX6w9Ijb daniel@lyte.dev"
];
extraGroups = [ "wheel" "video" ];
packages = [ ];
};
services.dbus.enable = true;
# List packages installed in system profile. To search, run:
# $ nix search wget
# TODO: my font?
# TODO: wayland screensharing
# TODO: wireplumber?
environment.systemPackages = with pkgs; [
age
bat
bind
bottom
brightnessctl
broot
clang
curl
delta
dog
dtach
dua
exa
fd
feh
file
fwupd
gcc
gimp
git
git-lfs
grim
helix
hexyl
htop
inkscape
inotify-tools
iputils
killall
kitty
krita
libinput
libinput-gestures
libnotify
lutris
gnumake
mako
mosh
nmap
nnn
nil
nixpkgs-fmt
noto-fonts
pamixer
(pass.withExtensions (exts: [ exts.pass-otp ]))
pavucontrol
pciutils
pgcli
playerctl
pulseaudio
pulsemixer
rclone
restic
ripgrep
rsync
rtx
sd
skim
slurp
sops
steam
swaybg
swayidle
swaylock
traceroute
unzip
vlc
vulkan-tools
watchexec
waybar
wget
wireplumber
wine
wl-clipboard
wofi
xh
zathura
zstd
];
services.pcscd.enable = true;
services.gnome.gnome-keyring.enable = true;
programs.gnupg.agent = {
enable = true;
pinentryFlavor = "gnome3";
enableSSHSupport = true;
};
programs.thunar.enable = true;
services.tailscale = {
enable = true;
};
environment.variables = {
EDITOR = "hx";
};
# Some programs need SUID wrappers, can be configured further or are
# started in user sessions.
# programs.mtr.enable = true;
# programs.gnupg.agent = {
# enable = true;
# enableSSHSupport = true;
# };
# List services that you want to enable:
services.openssh = {
enable = true;
settings = {
PasswordAuthentication = false;
};
listenAddresses = [
{ addr = "0.0.0.0"; port = 22; }
];
};
services.postgresql = {
enable = true;
ensureDatabases = [ "daniel" ];
ensureUsers = [
{
name = "daniel";
ensurePermissions = {
"DATABASE daniel" = "ALL PRIVILEGES";
};
}
];
enableTCPIP = true;
package = pkgs.postgresql_15;
authentication = pkgs.lib.mkOverride 10 ''
#type database DBuser auth-method
local all postgres peer map=superuser_map
local all daniel peer map=superuser_map
local sameuser all peer map=superuser_map
# lan ipv4
host all all 10.0.0.0/24 trust
host all all 127.0.0.1/32 trust
# tailnet ipv4
host all all 100.64.0.0/10 trust
'';
identMap = ''
# ArbitraryMapName systemUser DBUser
superuser_map root postgres
superuser_map postgres postgres
superuser_map daniel postgres
# Let other names login as themselves
superuser_map /^(.*)$ \1
'';
};
# Open ports in the firewall.
networking.firewall.allowedTCPPorts = [ 22 ];
networking.firewall.allowedUDPPorts = [ ];
# Or disable the firewall altogether.
# networking.firewall.enable = false;
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. It's perfectly fine and recommended to leave
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "23.05"; # Did you read the comment?
}

0
os/linux/nix/machines/virt.nix
View file

26
os/linux/nix/secrets/beefcake/api-lyte-dev.json
View file

@ -1,26 +0,0 @@
{
"DISCORD_BOT_TOKEN": "ENC[AES256_GCM,data:oRMz8tyyFO/ztTUQTjz+X4VLPJDkpDM8Jn6gCbvZk4FzDHpHI784msX3UPGJFE9ZbvVc5etpXYTMeCQ=,iv:Q0LqiD3+2U48LLb91yrC/hXdXf1jS+Dq7xEtq9qwhAo=,tag:rsNykECJ15SskVOnQxrONg==,type:str]",
"DISCORD_OWNER_USER_ID": "ENC[AES256_GCM,data:ImAA85aKgOwdoLSdXTJ6Fodd,iv:1DjAgq5OU56kee6PMRjsHOVCEcQ7XZ3HAWMv51A+OnY=,tag:KfjwuZuWKGOjD2Zi/V1zMw==,type:str]",
"OPENAI_TOKEN": "ENC[AES256_GCM,data:mM0D+UXD0cu45gfEeLKaJioHcJ8lM5TA1ao+IzYHdGc8L1IBNiKN+/D8rkr6wFwrpBQQ,iv:99UAkefC+PlAU5bJILQExZAoHR48RhMvvMVJbXRyIwE=,tag:NLYoaJcjFRsjGwmwu37qwA==,type:str]",
"sops": {
"kms": null,
"gcp_kms": null,
"azure_kv": null,
"hc_vault": null,
"age": [
{
"recipient": "age1stdue5q5teskee057ced6rh9pzzr93xsy66w4sc3zu49rgxl7cjshztt45",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBWdXdGQ1Y4UHMzdnpNQ2tJ\nQzNTNHpCN3JyRVdPTmYwQ0ZSQ1E1czZMVnkwCnc0M2ZXbHVscWJIYXA3ejArMTB3\neXZnYWV3b1Q5VzlrRWFMbUVmb3pLNVEKLS0tIGtXVGYrTnh4dCtvVWdVd21VZWQr\nOEdSZk5CYXJDUHBwbFhIZW1Ob0dQU00K7Vc9lRZAljJ4HjHyQqcj82wIRT4MMkuV\n9105iqIbCLW+3Jc9BQkDgq6lIdZ62xhuHMa0vycvD/DOKJuyUwerAQ==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age1k8s590x34ghz7yrjyrgzkd24j252srf0mhfy34halp4frwr065csrlt2ev",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB5WWpXeFR6YVZDcXkxcTUz\nbm9KTkF6bVhybDJYR3RuNVlScit2eHAxNmdBCnlPZzB3azA1Nzlhbm84N1czNDZJ\ndjdpdkcvRVgzcTg0UnBOdmo0bnB5eFUKLS0tIFVNZzk3WlEwQTNrVUtFZU5YM2Q3\nRmZDUUw4eHBOZXpwN3B2SDlXZmtPT2sKCgvPtxgRehJmfz4b1qIQLauwh8SddVK3\ndAtU8W5UcNYiDd8de2is2mxzcuNzvD3R0BorrO1SSpulQSdPj6gabw==\n-----END AGE ENCRYPTED FILE-----\n"
}
],
"lastmodified": "2023-07-28T07:39:26Z",
"mac": "ENC[AES256_GCM,data:IfjCRLyAPQpMMGqDLFxkw/McYdWeNwVayvcMhzU6XDnC79LFYhUcAw2927pnHawezS6qI1Aaj5rY8eT93MZ5K3Gk1JW0S/wuitmUGvOT0VaRbVskqd9VFgg/5bcFntfpKUDgwmvs7vfDfdFY0v0S2cAQ5nP9GAkcet4+stCYzOM=,iv:CqMhU52vSdhL9jOnaD3mZ2tmo8c3u4dOvr9qsZY/v0U=,tag:wnmTTnW2iq5dowoTROICcA==,type:str]",
"pgp": null,
"unencrypted_suffix": "_unencrypted",
"version": "3.7.3"
}
}

43
os/linux/nix/secrets/beefcake/secrets.yml Normal file
View file

@ -0,0 +1,43 @@
hello: ENC[AES256_GCM,data:zFcid19gJKCNO6uThYyDzQ+KCxsBC/Fjma9AhyddOraK9siZtcpBWyPhnIkq9Q==,iv:1j1sEZcZS5+NUbIRHNE5L41lDMuLGAqWw9QJNOmtxuE=,tag:dDPq3rGesiA7khX/GPMVhQ==,type:str]
example_key: ENC[AES256_GCM,data:EyQzVVXEgm20i62hFA==,iv:Z/gQF3lUcg7Ox66yWgBhi9aJqkN9nwIhcprSbC+fbdI=,tag:enULK/yFVQjNpRk0u4RFAg==,type:str]
#ENC[AES256_GCM,data:S7g4kg1/4oztGaattpyo1Q==,iv:/JYp8w/ONJLIRXfiyhc7us4BZ+eg6UZeMWYHWSYXiGE=,tag:Ec02qXNPU+TsKf55cV/nlA==,type:comment]
example_array:
- ENC[AES256_GCM,data:ava5NqrxDX3u3Tr8vZQ=,iv:Q+c2aZx3buUKNUf8NeMxWsSsXtqk4PLbYM0PzVrgyKs=,tag:kVCv9FMQTkQwvGfH4t3HCg==,type:str]
- ENC[AES256_GCM,data:ZHOtZT1VPqGUmOG2t3g=,iv:NI/xo4/ws3VSR+Bc3D0ClPqqfKyTHTfyvb48xAPEBvs=,tag:2DddoLwa8i5CdVIxbA+HUA==,type:str]
example_number: ENC[AES256_GCM,data:AifVPuuPnEw2lQ==,iv:/L/vG2znNlM35u4ZGM31bweTeuXc0qH136tCVK/xOEs=,tag:h60Zz1zQaDZqEO8+I/vZYg==,type:float]
example_booleans:
- ENC[AES256_GCM,data:GD3U7Q==,iv:ahTK9d6m8lQkjd2sS9Yo6V3EyFWoyEbeQG6Uke4hF40=,tag:rykfnfaLz39V+SJbomu5Zw==,type:bool]
- ENC[AES256_GCM,data:hK/CtTQ=,iv:EFXdBumvMKdaXdd97vUBIMKIaw1rMfUt+/irkRZGc4Y=,tag:JofhZ5SS+jzRe6WJmP34Xg==,type:bool]
plausible-admin-password: ENC[AES256_GCM,data:dC9olypZgMLdPOsmjthOaa/fMLtbGBlF9A==,iv:GU2ccj10TKQ0KW9b9X9AgYnvhS/wMVqYTyxr6Xt50Gk=,tag:ypQ0VtutVD8wgdfm40QZkw==,type:str]
plausible-erlang-cookie: ENC[AES256_GCM,data:zhmC+D6EjIE8Rw91lIrMqY0QIazTX1e1jBzcZJP/76B9VvHWZ5bCkP1+KdfCY0lk3wIEq5vRfb8=,iv:RNNjlV3OFtXn1N0a5fEb/3FWzcHX19wtCLMdaVlKNJ0=,tag:8iU5oFVbzd0eMe5Mo1PiAw==,type:str]
plausible-secret-key-base: ENC[AES256_GCM,data:ylakPGzY4S9640krl0fxYgm0Getf0+I7zthyTqTD/IpVhz5xgYBYx3Y2lSNa9Oi9yQ7+f9OdOBC6nc7n6MuUBg==,iv:YLPax/cRjMdIFti26gJd8COKr+3jXNZ7HCA5VvQVyAo=,tag:LHqYi590oEIp1IihLcFTtw==,type:str]
api.lyte.dev: ENC[AES256_GCM,data:14C5GQ41m/g7qHPzxlYoWjKWDOcm7MEDkuSofiuLfRNc/nji61t1eDbKX3d+SQL1UBchJFoBrWrUxnf0mUERhED1196z8vUq2jKEkcqKCAUS3soECInlb8zcxTcxaTFjYSjp1vUBdAn05AqLsF+hh9Bsm4fMQYjnHEZke9EmPZhuTlUdZa4eLv3+L3xAPHk2QIHQhdsjcTjGAZRMZOgTEcCvtGlb5pQuo11XmR2JzwzOXMC51WFDeOIWMAdO80yQBAdILso7rp1Nts/lwF0Bc9t7bNdHyoVTOA==,iv:jWGqUpXOTb/O972qXOqeX0EMFQLDKwaNHBqlpuGrZOk=,tag:uwB/jlAgESkLZ+vJ/OeV0A==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1stdue5q5teskee057ced6rh9pzzr93xsy66w4sc3zu49rgxl7cjshztt45
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDOHpnQlJkTWlUNXlxNzVY
WkF4ci9hTzg3S0tJM2RZMGlIcC9nNlgrdjEwCjRvaDBpb1ZoOWNtNkE1NDVXQVJY
UGZyZ2FpalQyUlpSU056TFRpUXlBNTgKLS0tIFNCSWdiQ25yNDdsdUtlUGZLS0h1
N3Z4NWRvcXN2a2xKMjlRM2lPZEhhekEKtolJt3EAZXlqq6UKV43Z2EJW4hkfZMJ8
06Se+Eim/PS3H1gjRdZ9SV45ghRmLy2OSMKTJxN78HFcJeDpp5CQnA==
-----END AGE ENCRYPTED FILE-----
- recipient: age1k8s590x34ghz7yrjyrgzkd24j252srf0mhfy34halp4frwr065csrlt2ev
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJTittdVRqRTRWSlBpRnpY
NmlIKzdoOFNxSnNoTFpwRVN3UGdJaHhRMldjCmRrRlo5V1luN0dabFBCWDhZaU9V
c05VeUxMQi9oM3czaDFFUEw3aHp4T1EKLS0tIHFqTVlXTnE5ZkoxRk9ESGo3MzAr
b0lTRjVCMU9ELzdvbFBJZ0tHbGtsYkEKLEcXCEikC3T3hfVOYKtWcNSGmfg28y+f
nGC4dQh9EciEbk1ZBbN3i6YSNULDoMSH172KBmRyt1ogr1ZPyCNqtg==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2023-07-28T21:11:56Z"
mac: ENC[AES256_GCM,data:V/Gdc3LEwlNlfSqUzQFHFmtJQVaQ5wGXZmzoBpwHzhyHQpEkezHBwhq4XTCuXH5XPpjmWvih/dAbOn9EBA6gvPSX1DB0j/JvHvK9b8+BpjlL4xtnYaBql2eQgCWLKqzZMGCnbwONWi+1sjowK1ac4zPnXhEr52EIES31hV8KHKU=,iv:4NzQxve+iKhRcQVxfXbDsQz1sBU+pnm9x/HQnv2TLgc=,tag:zLYKf+tEUsXApNdc1hLjhw==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.7.3

2
os/linux/nix/sway/config Normal file
View file

@ -0,0 +1,2 @@
exec dbus-sway-environment
exec configure-gtk

9
os/linux/sway/lock
View file

@ -19,6 +19,11 @@ line-color=111111cc
line-uses-ring
ring-color=111111cc
ring-clear-color=f4bf75
ring-clear-color=f9e2af
ring-ver-color=66d9ef
ring-wrong-color=f92672
ring-wrong-color=f38ba8
text-color=ffffff
text-clear-color=ffffff
text-ver-color=ffffff
text-wrong-color=f38ba8