From 90901a302c111475a2d593a731c0f6dcf5b7e4f4 Mon Sep 17 00:00:00 2001 From: arcnmx Date: Fri, 17 May 2024 13:29:59 -0700 Subject: [PATCH] feat(bbuddy): evdev barcode scanner client --- .sops.yaml | 8 + ci/packages.nix | 6 +- ci/systems.json | 14 ++ docs/network.adoc | 2 +- modules/nixos/barcodebuddy-scanner.nix | 158 ++++++++++++++++++ modules/nixos/barcodebuddy.nix | 34 ++-- modules/system/exports/barcodebuddy.nix | 27 +++ nixos/access/barcodebuddy.nix | 32 +++- nixos/barcodebuddy-scanner.nix | 94 +++++++++++ nixos/barcodebuddy.nix | 8 +- nixos/secrets/access.yaml | 149 +++++++++-------- nixos/secrets/barcodebuddy.yaml | 153 +++++++++-------- nixos/secrets/nix.yaml | 149 +++++++++-------- outputs.nix | 18 +- overlays/barcodebuddy.nix | 8 +- .../default.nix} | 9 +- packages/barcodebuddy/scanner-python.nix | 47 ++++++ packages/barcodebuddy/scanner.nix | 63 +++++++ packages/default.nix | 2 + systems/logistics/default.nix | 7 +- systems/logistics/nixos.nix | 47 +++--- systems/logistics/secrets.yaml | 57 +++++++ systems/tei/default.nix | 1 + tf/cloudflare_records.tf | 7 + 24 files changed, 847 insertions(+), 253 deletions(-) create mode 100644 modules/nixos/barcodebuddy-scanner.nix create mode 100644 modules/system/exports/barcodebuddy.nix create mode 100644 nixos/barcodebuddy-scanner.nix rename packages/{barcodebuddy.nix => barcodebuddy/default.nix} (79%) create mode 100644 packages/barcodebuddy/scanner-python.nix create mode 100644 packages/barcodebuddy/scanner.nix create mode 100644 systems/logistics/secrets.yaml diff --git a/.sops.yaml b/.sops.yaml index cea91404..c15ddb54 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -14,6 +14,7 @@ keys: - &litterbox_osh age13qgddr326g5je0fpq2r3k940vsr3fh9nlvl9xtcxk3xg2x0k3vsq7pvzaj - &keycloak_osh age1ktmx2szedfnpe5xumnzs8vkk0ffqgga6ved3drtksg9pye6ndsnsnqq488 - &kasen_osh age1fjcafp0j45sz03zq5srnxyq2mujndmn25vceg3wj2cgzymqm73ssmhdgku +- &logistics_osh age1tkkau8vk5h9dh3kemash4eghn7lk84j0hhpmvvf7j6phgcsm9vmsphv0py - &kuwubernetes_osh age1q2yjpxlqkfhsfxumtmax6zsyt669vlr9ffjks3dpkjf3cqdakcwqt2nt66 - &kuwubernetes_cluster age1nmdv4q8hcyj3s6qevrmc9w2vhd4a8tsj5j5e0cry5utex7vqeprslyjvxz creation_rules: @@ -33,6 +34,7 @@ creation_rules: - *litterbox_osh - *keycloak_osh - *kasen_osh + - *logistics_osh - path_regex: 'modules/extern/secrets/.+\.yaml$' shamir_threshold: 1 key_groups: @@ -109,6 +111,12 @@ creation_rules: - pgp: *pgp_common age: - *kasen_osh +- path_regex: 'systems/logistics/secrets\.yaml$' + shamir_threshold: 1 + key_groups: + - pgp: *pgp_common + age: + - *logistics_osh - path_regex: 'systems/[^/]+/secrets\.yaml$' shamir_threshold: 1 key_groups: diff --git a/ci/packages.nix b/ci/packages.nix index 2f1d60aa..9431c9e0 100644 --- a/ci/packages.nix +++ b/ci/packages.nix @@ -15,7 +15,11 @@ in { ]; # build+cache packages customized or added via overlay - barcodebuddy.inputs = packages.x86_64-linux.barcodebuddy; + barcodebuddy.inputs = with packages.x86_64-linux; [ + barcodebuddy + barcodebuddy-scanner + barcodebuddy-scanner-python + ]; samba.inputs = with packages.x86_64-linux; [ legacyPackages.x86_64-linux.pkgs.samba samba-ldap diff --git a/ci/systems.json b/ci/systems.json index 9956adcf..5f85f07a 100644 --- a/ci/systems.json +++ b/ci/systems.json @@ -191,6 +191,20 @@ } } }, + "logistics": { + "network": { + "hostName": "logistics", + "networks": { + "int": null, + "local": { + "address4": "10.1.1.63", + "address6": "fd0a::40c3:23df:e82a:b214", + "macAddress": null + }, + "tail": null + } + } + }, "mediabox": { "network": { "hostName": "mediabox", diff --git a/docs/network.adoc b/docs/network.adoc index 2ae4f450..356176d4 100644 --- a/docs/network.adoc +++ b/docs/network.adoc @@ -33,7 +33,7 @@ keycloak:: `10.1.1.48` kasen:: `10.1.1.49` nue:: `10.1.1.62` -koishi:: `10.1.1.63` +logistics:: `10.1.1.63` satorin:: `10.1.1.64` fire10:: `10.1.1.65` chromecast:: `10.1.1.66` diff --git a/modules/nixos/barcodebuddy-scanner.nix b/modules/nixos/barcodebuddy-scanner.nix new file mode 100644 index 00000000..c718c89c --- /dev/null +++ b/modules/nixos/barcodebuddy-scanner.nix @@ -0,0 +1,158 @@ +{ + config, + lib, + utils, + pkgs, + ... +}: let + inherit (utils) escapeSystemdPath; + inherit (lib.options) mkOption mkEnableOption mkPackageOption; + inherit (lib.modules) mkIf mkMerge mkOptionDefault mkDefault; + inherit (lib.attrsets) mapAttrs' nameValuePair; + inherit (lib.lists) optional isList imap0; + inherit (lib.strings) optionalString concatStringsSep; + inherit (lib.meta) getExe; + cfg = config.services.barcodebuddy-scanner; + toEnvName = key: "BBUDDY_" + key; + toEnvValue = value: + if value == true + then "true" + else if value == false + then "false" + else if isList value + then concatStringsSep ";" (imap0 (i: v: "${toString i}=${toEnvValue v}") value) + else toString value; + toEnvPair = key: value: nameValuePair (toEnvName key) (toEnvValue value); +in { + options.services.barcodebuddy-scanner = with lib.types; { + enable = mkEnableOption "Barcode Buddy scanner"; + package = mkPackageOption pkgs "barcodebuddy-scanner" { + example = "pkgs.barcodebuddy-scanner-python"; + }; + inputDevice = mkOption { + type = nullOr path; + default = null; + example = "/dev/input/event6"; + }; + serverAddress = mkOption { + type = nullOr str; + example = "https://your.bbuddy.url/api/"; + }; + apiKeyPath = mkOption { + type = nullOr path; + }; + user = mkOption { + type = str; + }; + scanCommand = mkOption { + type = nullOr path; + default = null; + }; + udevMatchRules = mkOption { + type = nullOr (listOf str); + default = null; + example = [ + ''ATTRS{idVendor}=="1abc"'' + ]; + }; + }; + + config = let + scannerConfig.services.barcodebuddy-scanner = { + inputDevice = mkIf (cfg.udevMatchRules != null) ( + mkDefault "/dev/barcodebuddy-scanner" + ); + apiKeyPath = mkIf (cfg.serverAddress == null) ( + mkOptionDefault null + ); + }; + localBbuddyConfig = { + services.barcodebuddy-scanner = { + serverAddress = mkOptionDefault null; + user = mkOptionDefault "barcodebuddy"; + }; + systemd.services.barcodebuddy-scanner = let + inherit (config.services) barcodebuddy; + services = + ["phpfpm-barcodebuddy.service"] + ++ optional barcodebuddy.screen.enable "barcodebuddy-websocket.service"; + in + mkIf cfg.enable { + wantedBy = services; + bindsTo = services; + after = services; + environment = mapAttrs' toEnvPair barcodebuddy.settings; + }; + }; + + # https://github.com/Forceu/barcodebuddy/blob/master/example/bbuddy-grabInput.conf + conf.systemd.services.barcodebuddy-scanner = let + RuntimeDirectory = "barcodebuddy-scanner"; + apiKeyFile = "apikey.env"; + prepKeyEnvironment = pkgs.writeShellScript "barcodebuddy-scanner-apikey.sh" '' + set -eu + + printf "API_KEY=$(cat $API_KEY_PATH)\\n" > $RUNTIME_DIRECTORY/${apiKeyFile} + ''; + in { + wantedBy = [ + "multi-user.target" + ]; + environment = mkMerge [ + (mkIf (cfg.serverAddress != null) { + SERVER_ADDRESS = cfg.serverAddress; + }) + (mkIf (cfg.scanCommand != null) { + BARCODE_COMMAND = cfg.scanCommand; + }) + (mkIf (cfg.apiKeyPath != null) { + API_KEY_PATH = cfg.apiKeyPath; + }) + ]; + unitConfig = { + Description = "Grab barcode scans for barcode buddy"; + ConditionPathExists = mkIf (cfg.inputDevice != null) [ + cfg.inputDevice + ]; + }; + serviceConfig = { + inherit RuntimeDirectory; + Type = "exec"; + ExecStart = [ + (getExe cfg.package + optionalString (cfg.inputDevice != null) " ${cfg.inputDevice}") + ]; + ExecStartPre = mkIf (cfg.apiKeyPath != null) [ + "${prepKeyEnvironment}" + ]; + EnvironmentFile = mkIf (cfg.apiKeyPath != null) [ + "-/run/${RuntimeDirectory}/${apiKeyFile}" + ]; + Restart = "on-failure"; + User = cfg.user; + }; + }; + conf.services.udev.extraRules = let + rules = + [ + ''SUBSYSTEM=="input"'' + ''ACTION=="add"'' + ''KERNEL=="event*"'' + ] + ++ cfg.udevMatchRules + ++ [ + ''SYMLINK+="barcodebuddy-scanner"'' + ''OWNER="${cfg.user}"'' + ''MODE="0600"'' + ''TAG+="systemd"'' + ''ENV{SYSTEMD_WANTS}="barcodebuddy-scanner.service"'' + ]; + rulesLine = concatStringsSep ", " rules; + in + mkIf (cfg.udevMatchRules != null) rulesLine; + in + mkMerge [ + scannerConfig + (mkIf config.services.barcodebuddy.enable or false localBbuddyConfig) + (mkIf cfg.enable conf) + ]; +} diff --git a/modules/nixos/barcodebuddy.nix b/modules/nixos/barcodebuddy.nix index 05a62c55..2366764b 100644 --- a/modules/nixos/barcodebuddy.nix +++ b/modules/nixos/barcodebuddy.nix @@ -11,6 +11,7 @@ inherit (lib.attrsets) mapAttrs' nameValuePair; inherit (lib.lists) isList imap0; inherit (lib.strings) concatStringsSep; + inherit (lib.meta) getExe; cfg = config.services.barcodebuddy; toEnvName = key: "BBUDDY_" + key; toEnvValue = value: @@ -166,7 +167,7 @@ in { }; conf.systemd.tmpfiles.rules = [ - "d ${cfg.dataDir} - barcodebuddy nginx - -" + "d ${cfg.dataDir} - barcodebuddy ${config.services.nginx.group} - -" ]; conf.services.phpfpm.pools.barcodebuddy = { @@ -219,19 +220,26 @@ in { extraConfig = cfg.nginxConfig; }; }; - conf.systemd.services.bbuddy-websocket = mkIf cfg.screen.enable { - wantedBy = ["multi-user.target"]; - environment = mapAttrs' toEnvPair cfg.settings; - unitConfig = { - Description = "Run websocket server for barcodebuddy screen feature"; + conf.systemd.services.barcodebuddy-websocket = let + phpService = "phpfpm-barcodebuddy.service"; + in + mkIf cfg.screen.enable { + wantedBy = [phpService]; + bindsTo = [phpService]; + after = [phpService]; + environment = mapAttrs' toEnvPair cfg.settings; + unitConfig = { + Description = "Run websocket server for barcodebuddy screen feature"; + }; + serviceConfig = { + Type = "exec"; + ExecStart = [ + "${getExe config.services.phpfpm.pools.barcodebuddy.phpPackage} ${cfg.package}/wsserver.php" + ]; + Restart = "on-failure"; + User = "barcodebuddy"; + }; }; - serviceConfig = { - ExecStart = "${config.services.phpfpm.pools.barcodebuddy.phpPackage}/bin/php ${cfg.package}/wsserver.php"; - Restart = "on-failure"; - StandardOutput = "null"; - User = "barcodebuddy"; - }; - }; in mkMerge [bbuddyConfig (mkIf cfg.enable conf)]; } diff --git a/modules/system/exports/barcodebuddy.nix b/modules/system/exports/barcodebuddy.nix new file mode 100644 index 00000000..36db6cfa --- /dev/null +++ b/modules/system/exports/barcodebuddy.nix @@ -0,0 +1,27 @@ +{ + lib, + gensokyo-zone, + ... +}: let + inherit (gensokyo-zone.lib) mapAlmostOptionDefaults mkAlmostOptionDefault; + inherit (lib.modules) mkIf; +in { + config.exports.services.barcodebuddy = {config, ...}: { + nixos = { + serviceAttr = "barcodebuddy"; + assertions = mkIf config.enable [ + (nixosConfig: let + cfg = nixosConfig.services.barcodebuddy; + in { + assertion = config.ports.screen.port == cfg.screen.websocketPort; + message = "screen.websocketPort mismatch"; + }) + ]; + }; + defaults.port.listen = mkAlmostOptionDefault "lan"; + ports.screen = mapAlmostOptionDefaults { + port = 47631; + transport = "tcp"; + }; + }; +} diff --git a/nixos/access/barcodebuddy.nix b/nixos/access/barcodebuddy.nix index f1fbed4b..da88151a 100644 --- a/nixos/access/barcodebuddy.nix +++ b/nixos/access/barcodebuddy.nix @@ -3,10 +3,20 @@ lib, ... }: let - inherit (lib.modules) mkIf mkDefault; + inherit (lib.modules) mkIf mkMerge mkDefault; inherit (config.services) barcodebuddy nginx; name.shortServer = mkDefault "bbuddy"; serverName = "@bbuddy_internal"; + websocketPath = "/incl/sse/"; + websocketLocation = { + proxy = { + enable = true; + websocket.enable = true; + }; + extraConfig = '' + proxy_read_timeout 1d; + ''; + }; in { config.services.nginx = { vouch.enable = true; @@ -39,6 +49,12 @@ in { proxy.enable = true; vouch.requireAuth = true; }; + ${websocketPath} = mkMerge [ + websocketLocation + { + vouch.requireAuth = true; + } + ]; }; }; barcodebuddy'local = { @@ -49,15 +65,17 @@ in { upstream = mkDefault nginx.virtualHosts.barcodebuddy.proxy.upstream; host = mkDefault nginx.virtualHosts.barcodebuddy.proxy.host; }; - locations."/" = {config, ...}: { - proxy = { - headers.enableRecommended = true; - redirect = { + locations = { + "/" = {config, ...}: { + proxy = { enable = true; - fromHost = config.proxy.host; + redirect = { + enable = true; + fromHost = config.proxy.host; + }; }; }; - proxyPass = mkDefault nginx.virtualHosts.barcodebuddy.locations."/".proxyPass; + ${websocketPath} = websocketLocation; }; }; }; diff --git a/nixos/barcodebuddy-scanner.nix b/nixos/barcodebuddy-scanner.nix new file mode 100644 index 00000000..0f4b6e68 --- /dev/null +++ b/nixos/barcodebuddy-scanner.nix @@ -0,0 +1,94 @@ +{ + config, + pkgs, + lib, + ... +}: let + inherit (lib.modules) mkIf mkDefault; + inherit (lib.strings) optionalString makeBinPath; + inherit (lib.meta) getExe; + cfg = config.services.barcodebuddy-scanner; + user = "barcodebuddy-scanner"; + notifyEnv = '' + export PATH="$PATH:${makeBinPath [pkgs.libnotify pkgs.dbus pkgs.jq]}" + export DISPLAY=''${DISPLAY-:0} + export XDG_RUNTIME_DIR=/run/user/${toString config.users.users.${cfg.user}.uid} + export DBUS_SESSION_BUS_ADDRESS=unix:path=$XDG_RUNTIME_DIR/bus + ''; + notify-send = '' + timeout 1 notify-send "$@" 2>/dev/null || true + ''; + scanCommand = pkgs.writeShellScriptBin "barcodebuddy-scanner-cmd" '' + set -eu + BARCODE=$1 + SUBMIT_URL="''${SERVER_ADDRESS}action/scan?apikey=''${API_KEY}&add=$BARCODE" + ${optionalString config.services.xserver.enable notifyEnv} + + notify-send() { + ${optionalString config.services.xserver.enable notify-send} + : + } + + echo "Scanned barcode: $BARCODE" >&2 + NOTIF_ID=$(notify-send \ + -p \ + --expire-time $((10*1000)) \ + "Scanning barcode..." \ + "$BARCODE" + ) + + CURL_DATA=$(${getExe pkgs.curl} -fSsL "$SUBMIT_URL") && CURL_RESULT=0 || CURL_RESULT=$? + printf '%s\n' "$CURL_DATA" >&2 + + if [[ $CURL_RESULT -ne 0 ]]; then + notify-send \ + -r "$NOTIF_ID" \ + --expire-time $((60*1000)) \ + "Barcode submission failed" \ + "$(${config.systemd.package}/bin/journalctl -e -o cat -n 8 -u barcodebuddy-scanner.service)" + elif [[ -n $CURL_DATA ]]; then + if RESPONSE_RESULT=$(jq -er .data.result 2>/dev/null <<<"$CURL_DATA"); then + notify-send \ + -r "$NOTIF_ID" \ + --expire-time $((30*1000)) \ + "Scanned Barcode: $BARCODE" \ + "$RESPONSE_RESULT" + fi + else + notify-send \ + -r "$NOTIF_ID" \ + --expire-time $((30*1000)) \ + "Scanned Barcode" \ + "$BARCODE" + fi + + exit $CURL_RESULT + ''; +in { + config.services.barcodebuddy-scanner = { + enable = mkDefault true; + # TODO: use access and possibly int for the URL? + serverAddress = mkDefault "https://bbuddy.local.${config.networking.domain}/api/"; + apiKeyPath = mkDefault config.sops.secrets.barcodebuddy-scanner-apikey.path; + user = mkDefault user; + udevMatchRules = [ + ''ATTRS{idVendor}=="1a86"'' + ''ATTRS{idProduct}=="5456"'' + ]; + scanCommand = mkDefault "${getExe scanCommand}"; + }; + config.users = mkIf cfg.enable { + users.${user} = { + isSystemUser = true; + group = user; + uid = 914; + }; + groups.${user} = { + gid = config.users.users.${user}.uid; + }; + }; + config.sops.secrets.barcodebuddy-scanner-apikey = mkIf cfg.enable { + sopsFile = mkDefault ./secrets/barcodebuddy.yaml; + owner = mkDefault cfg.user; + }; +} diff --git a/nixos/barcodebuddy.nix b/nixos/barcodebuddy.nix index a1fadc5e..0dab0a83 100644 --- a/nixos/barcodebuddy.nix +++ b/nixos/barcodebuddy.nix @@ -11,6 +11,7 @@ in { config.services.barcodebuddy = { enable = mkDefault true; hostName = mkDefault "barcodebuddy'php"; + screen.enable = mkDefault true; reverseProxy = { enable = mkDefault nginx.virtualHosts.${cfg.hostName}.proxied.enable; trustedAddresses = access.cidrForNetwork.allLan.all; @@ -38,7 +39,7 @@ in { phpfpm-barcodebuddy = { inherit gensokyo-zone; }; - bbuddy-websocket = mkIf cfg.screen.enable { + barcodebuddy-websocket = mkIf cfg.screen.enable { inherit gensokyo-zone; }; }; @@ -46,4 +47,9 @@ in { sopsFile = mkDefault ./secrets/barcodebuddy.yaml; owner = mkDefault nginx.user; }; + config.networking.firewall = mkIf cfg.enable { + interfaces.lan.allowedTCPPorts = mkIf cfg.screen.enable [ + cfg.screen.websocketPort + ]; + }; } diff --git a/nixos/secrets/access.yaml b/nixos/secrets/access.yaml index a014fcad..09ece61d 100644 --- a/nixos/secrets/access.yaml +++ b/nixos/secrets/access.yaml @@ -9,120 +9,129 @@ sops: - recipient: age12ze362pu5mza6ef9akrptr7hfe4auaqul4rkta7kyy2tnrstqensgmujeq enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJYkVhMFBvL295L1YzVTFH - THJET1dUUmdoK2J1cnhtU0dNQ2FoYmhKcUZvCnAzMXlYVXVqbHFUSzNZbXNwWFBE - Y1dJSHI3Zm4rQlkxd1cwTVc0NC9VU00KLS0tIGJDekc0aTMvNXR6WTlORmhnSy9G - d3JiSlZ4M0JvcENMS2p0MXNjSzFNOHMKu3Gycd8du0uf8mjVGN/coZT48YZMfz0U - Vqh57J9/w6mBX/3tukA06WcrUoghNLCIyBLRrCqKNjFD5jjbkVnaqg== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBOeHdUUXF0bFRBMitCNlZP + MnpwOEl6MXoxa1hOK2lUNTN4WlhmOE9oeDIwCmE1aWFNR3l5ZVJtdnE5SXJwdStT + SmVic3Q0NytuOUVnenlTU2NONm4xSm8KLS0tIFk1V080VmZQc0xKbzMzOXhVdS8z + aHdwajZIdVNaWFVsTXVmdENaVEg0ajgK5kcDNpT9/PkUBRF7F3pmB2N1cdxLa5L7 + m6W5mgasL3qTAE58AjunZTxPCXt162/Qh/zHuWCb7NJtXfm6Kaur0w== -----END AGE ENCRYPTED FILE----- - recipient: age176uyyyk7veqnzmm8xzwfhf0u23m6hm02cldlfkldunqe6std0gcq6lg057 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBWazNTUGZpYjk5K0RvU2Qv - S1NwY1JxcVNFSW1Cc1dZVWhrMkpSODBWbFRJCjIwcFRwSkU1dExDKzVEd3NFc0hk - Ri9jbGNIeWlMOHFFOG1ROXpUNC9MZ0kKLS0tIHVkMVkrSytwSlcyZTZnM01NcFVj - M3ZQZ2hNc3ZvM1Q5UitHTkV6bVlEYVEKfSOP04BRzkLx+2AurZhyxWNLfYYSiAl5 - 2b3PDltHFQPIBkEebZOuGHfAk2vR+J+Cmt+GeTqnUBSiqsZ+Dflg9g== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBuaGJFUVN0RW1zWlZoZzNm + VVFaOWRDd2tDY0t0TVowQmZXbGpKdTRYaGxrCnhySW8vOWNMY0QzK0w1MC9pbWF3 + NFY3UDVFYTBsczRwRDM0bE40enZpOW8KLS0tIFYyWWYzU3RNOEowMjJoR2FEYnBz + cllUS3hVcTJLbmxWSFp6T2licmxWcEUKZWBQvHoXq3yYrUzNeUNj4RYmWHVHtCfT + BZYEceCVd4UD9OChzNvzb9+6RUHnyNppyPDJU59JQkF+2GQ83PTm9w== -----END AGE ENCRYPTED FILE----- - recipient: age15hmlkd9p5rladsjzpmvrh6u34xvggu9mzdsdxdj3ms43tltxeuhq4g7g9k enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBMRGJTdmdxVWg5UG9zVFZP - cnRkUGRITXlmL3Z3ZHVwMmlCci9BNVAyM1ZBCnp3dHRyd0lKdUQ1eHFsdUNRK3BB - ZDUvNzV0Z3VBRy82YnhMaE5pRmlNbzQKLS0tIHJlSEgyTUpYRVcrZWpYdSs3Wkdm - citpcm9IblFRdWdhVkhIVGlQR2VFWkUKEXg6hX4wuaUAsjuVO6IachtJtSZDzE0+ - 03k189xkLnJPfr6LHhEtiJzOyUtn5/vqx0W1Lkt0klmK7B1KrKqUQw== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBCQnA0bDBVV2Z2eWswMDBX + K1JuTllXS0JYRjErVmlXTi9MZHJqL1lNMERRClMzempwMThHbjIrbnJCZlRjUFpO + TXJETGhLY1VsVUxFUFQ2VHVPTkJkRnMKLS0tIHhhY0VLK3hPY0w0aFVtMzE5NlJl + MmhteWhvNjZUOXlheWFPSEU4aDJHMVUKesm1vP+d7BeWFlzwmo3amN+mchvsMSZ7 + LIlImbqoVG/5d41TZcSA5YQL5m5NKX+bB7AWlWgcs1pffDR5L2+AQA== -----END AGE ENCRYPTED FILE----- - recipient: age10t6kc5069cyky929vvxk8aznqyxpkx3k5h5rmlyz83xtjmr22ahqe8mzes enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxOUMyMGpiNmV6Y0Rwb1RL - WU15bE9mQkFEaWxwQUVqeHg3VmpzWWFUdzM4ClFQTVpicWVSVURCLzFMR01ieUJu - S3FDQTlWTWZZdnRUZERqSm5BV25UYUkKLS0tIHIxWWpudVhLVE5YUGtHY2d2ZzJV - QXIzR20wMFB6OWQ3WEtIRUVlTlNheUEKInMjMoPI80gdp8kf3Wc5Qdz3DtDPKinu - KNQk1gJUxr2NtORSB7ZkkzH0EUqcNnwQja0ecolBo/btGj3I6UeRFw== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQblE3U21FcVFNUy94S2pi + S2VqWlZhRkZrKzI0SnB3d3hSRU1CNHc5cFdRClZHbnVDMnZneW5SSDdjNzNJNlRJ + cEVsdjJUNEtXSjE3NXY5UmltY0djak0KLS0tIFNEQXZZRTdKWXQ4TysxdTRNU2ZQ + cGczbWJRZzlybkdudDBXQm5kb3BvcU0KncP4sZInviyjOZQtW6049SAsdpfqljws + +2B5sfFq8Pp3WF+G6CLyLnAyGfB6lwLji2ISD6+bNuQnHQ3ur1TT3g== -----END AGE ENCRYPTED FILE----- - recipient: age1a2quf2ekkj94ygu7wgvhrvh44fwn32c0l2cwvgvjh23wst90s54szdsvgr enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB0S1pWcSsvS0x2aEs4R2lC - YXN0dGZuMmkvZzVCQXVyYUlsK0c0UTBtTFZNCkk2VUsyazEvblJtb0dGdzZwTjhu - V2RDaDdpTVFEMzlRQkl3REV0ekZha1kKLS0tIFpEeDdJSFJSS2lNYVo2Rm5nQWJD - S3o1WXh3ODZkN0pqRW50eUdMbWk2UDAKJL92IRFWli5UuVW9kvmO+vtnXiLGbPHr - pO8Z19/8ugOo/BDlIirVDhSedYjrkEQQNZIbLTshaogxh9eynmAbpw== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBmUDBlYlRqd05MREtxd0tE + M2U2bFFzWE1zRk9HQldvM3NRVzgyNndtV3lJCkp4UzVsMi9QUklqSldjOG1qNkFw + Qnk4U2pSUERiZDk2WFpLZW80ckRtNVEKLS0tIEVGOUNYRjhGeXJmUmY5ZytJOFpB + UXNrYjFyREZIbmFzT21CekVmcXM0Zk0KowJTfkwIHUt8JO3a4p8fMKrypGOFK1BX + MCIBcxy7dOjYJsQh/NACcorNizatzKLiTHp1BpyI+twu7xPvPXqZmw== -----END AGE ENCRYPTED FILE----- - recipient: age16klpkaut5759dut8mdm3jn0rnp8w6kxyvs9n6ntqrdsayjtd7upqlvw489 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKRTVhTlNManBnTjllRW83 - WVZSWHY2NVpYNXFxN1dPUkdnZW5mY0RCVEdVClBBZ2txd3VKTTFraVBqNEJFbysw - V1FFK1VhQ0YvMm5qS3hOaFZjMzBSWVEKLS0tIGhGWVM5QzBRTmxuSEdTNUxFRTh3 - Y0xsZmo0RW5QVUJkKy9tUDRoMWJMQjgKr9jxjvTI71kvJ7Eexhhq8Fdu0fDwUqDb - TRcVTP1xgUeMYnEgq/w4GVZcZY+aLMiPdph5FKikoGo3EGmwJjIMyA== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBCQ1JFNUh5WC9NQysvUk1z + ei9FeVNnYkIvMG5mQVk1YlBuVEtPTWhJNmlZClFxZmpTUjJPL01ZMGJyNDc5TnF0 + R1pNQXU2VFY2bmREeUJnSU8zeVpTR2MKLS0tIFlhUnVYVzY4NTMwdGV1Smt2NFBL + SEd5SmxGbmp5Z21La3JTMVErZlBTVjAKxZWxpX/yMqCouGfKchQkTEZ21+UjsuZ1 + 9LIywgZEwVTUtNwt/gNnG5cKofCgZCoTxdbcnihc394RPFZCQ5XGNQ== -----END AGE ENCRYPTED FILE----- - recipient: age13qgddr326g5je0fpq2r3k940vsr3fh9nlvl9xtcxk3xg2x0k3vsq7pvzaj enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0NHAyT2tJcTJpaDMrRFJJ - bmJHcHhLQWRNQ2JXWldqTWxvdHdlL2dmWTMwCnMrUHMwZUNzM1Q5a0FGTTM5UHB1 - dDNpVEhlMzUyd3VGdHpnQS9GQUpvUUEKLS0tIHh2MmRROGpyY05zdlNSamh1MjlR - cWZrb20xQkY3ck5aQ3kvaFM2ZTdEWGsK7XB0Nkx0PRT32J2wWlCBG0Ms0yD+x578 - rJ62h7s/diH/Al+I1+VqOdtEIrW/2R8XzRzXy6vaXAWiRKYFVjOw0A== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBUMFdBRGh2VmU1ZzlOQkN5 + U0tpUVEzWlQyZzJqNEhkZmIzU2FpSlFOZTJjCkdTUnRZSE9oOVF0dnNma0ZJUnJU + NHFIWDVyNGNNTHh2cWdGK3U0U3VuQlEKLS0tIEUvV1puWUIwOTNwQjQ0Z2xHa1pP + NlBXTXdtZjVrcW1tZkcvNzVFTUM5eFEKkEPbMLQ7LlzztCHIHnRti29EZObV4iK8 + mzM1B/boga9QbNV6yvZBsdlCbvew7oDwO2IP2QmRAgxk3wr6mfvkOQ== -----END AGE ENCRYPTED FILE----- - recipient: age1ktmx2szedfnpe5xumnzs8vkk0ffqgga6ved3drtksg9pye6ndsnsnqq488 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0eVgyOFRVODJWTUQ2N0RI - ZklrSGdPNmljQkJPc3lIUitSNWxDWkNxc21NCnpWMmY1S1lHR1loVWQ5dGFMMlJS - cW9IVkE2Mk9vRDhPOThSekF4VnJ1dUUKLS0tIFd0TkNSYWxBZ2RaNE14UnlBOWtK - WFlwemFRK2NYQm5IczdaY3UzMUxLUk0KBGPbsH3ufRLCFIXUsFrRuVCIC5C/HJ3v - xWfpI4GnRBAl25RR0K99AvlNl3XneEQvVcyLVyPsxVLIoUQzEBEH4g== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBCUTJVKzFSUml2aWYyTHkz + YzhSSEppY1BVbGYwTlhxbCtmbitZd0g3aTAwCm5zMmdHajFVaml1ZjA0bWlaRnAv + WTBaK0lqNi80TDEvbUFrcWR3TjJJdTAKLS0tIGxhVWlJamtOVTZKZ1d6WWlVcmNs + NGZNRTBMS0ZiQmdUNHR5UWNid1FRQjAKlMS9gsktS6iJsuVtzQ0ahH3x4pJhQoUg + xrZbsvAqze8CVeflijuRpjKEaCMX4dcJBtb/WXG4uZ9BRbqwh4CAjQ== -----END AGE ENCRYPTED FILE----- - recipient: age1fjcafp0j45sz03zq5srnxyq2mujndmn25vceg3wj2cgzymqm73ssmhdgku enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBnYko2dXNxN3R1bUhnRkZ5 - eWx5dmtCd3BJdVN3WWxhUGpEdEdaY1VyMm1nCkI0K3hmQk9qVVlrWWRVNXpoVnNq - ZHo4dnRzS29aRDJrdUs0a0VwV0NrMXMKLS0tIEdkWUdpdnRjUjVTVEJlcGozVmpi - eGx5YUpDMUxWVVlPdk1RRm9oaHNDbGMKXodkdcuKNpQrSvQ/2kkiEGWidmRtp+3/ - bDnyhWgRTq/bGVRmuK6VAdkN/mL1GBKvz/RMMFVdK4hDcFET7u5dug== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBXR1plZHZGSnFsVmgzUmox + K2YyZGt1MHpNeWY3ejcxVXVkRjNGQUp4TFVzCmJQWExWTlhVYTZaTm1UallnZmN6 + YXFTQVIwRUE0dFovU29UL0xtdVpHY00KLS0tIDBBb3Q3QTdzdmdpek1KNTR3VC8r + d3l2R1pUQmNWY1pSZVo5M3o3STY4aVEKb1dpYgaDEF2zKWj45YSQH3z3PKbEHeQG + y9ncAS9i8IuDr9BvkrsyRKebcYnDMpmAC6NofIrO1eheLAM6WFj85w== + -----END AGE ENCRYPTED FILE----- + - recipient: age1tkkau8vk5h9dh3kemash4eghn7lk84j0hhpmvvf7j6phgcsm9vmsphv0py + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJRCtRWGNmWG9VNVJlNXZy + UkRWaTdLd0xuVGVZOHZBZDFYTlZGaE84VGowCm8ySXdZdnhIUW1HUHhxOEE4Q0Mx + QmhUenQ4MW9HR3lkVk5kZm90dTQvZUUKLS0tIHBpbUxDK2NhckZOblRkSStGd3pq + UmF0NmJvZVhHWG9Ia0VnVFh4Z0d6YjgKsJ1N6frQwEtzFMaks6p67uqWkqjAik8X + xHUAjVLSWK+xvcvJG0bRTSdyzzu79BXMytsa+U3H7hixiAvaC7047w== -----END AGE ENCRYPTED FILE----- lastmodified: "2024-05-01T16:50:29Z" mac: ENC[AES256_GCM,data:humfCS9LaB0pcAObLZH+8huTED1/eW6ZtR7PVZ33JPrTJhc9ttorbsfsVPGjsd52I0RT4cNNk9iRDGSqNvgCP+BdvOyILDRA0kxKvF3XLX76Iw0v5jWlPBUts0Hi5ch9Mzn5abN/w3E/5D7z1OMQN11kroJtVpnQMdPDza/qK4g=,iv:UNHN2BYkC0AShqtB7gRLIBYqYwASqVbYhA2RC1dSWYE=,tag:Qo/1LczVrlTHFvWkCG3GIw==,type:str] pgp: - - created_at: "2024-05-13T20:30:26Z" + - created_at: "2024-05-17T23:51:12Z" enc: |- -----BEGIN PGP MESSAGE----- - hQIMA82M54yws73UAQ//SLtt3YZ5qSrcqiT5zalPS3UXskojlZlc0vlJmKN/m3Ht - iLPt2rxNqNkKE4EWUc1AT5s08aushPDEPhILcLMoKO9EzruLS2+KlRRfYRgVEa+N - Iu7xjyvOvtpb1Wg8srgfQbgH4GcKueiQjMOiQD8hcfvm3gml6iFYMqGEl93dcJDR - 15EOL93nG0nEs/StZr4ZR8jSuF3h2MwsYjJvHBuvyMgn9a4wSB5PCBXHmph9RhjK - V89q2L6VROdoDXKtTbPveqktEcTBExRO4twnvAnDp4Y16KamPV+sf0RPi1lKDP3Z - n0SFg3yhJjlIYPoOzCulDNTZjEHDNaYNMw60juPW5tLxDkZYRiZACvLYvNGhm2ke - l00MiK4YRX8pQeVk/TiAvLh32jW99X/znbGrL+JEfjEJlUikWVgyfGEccqocsG9P - cPTx/ErxDUa74tgCQXxBnU+tFTRYDSXcvqalfD81/1KQtiafu25oAb7qu7CUtFaQ - bMw7KsjND6A8zyJfClZMho4rzc551rQF6/xMBEAnyqs5gSkctJ/v01lAKzztHZCe - M2+5acWSUKCx2YnKAiQG+3jtRx6LFKS/lmvP3uyALndc6lJnmvE484RrY1lHDfdE - xpJcHK5X9cTwip8kK5+GrHbZz+zv/CiqnmiwQpNG7wlZ/WsG6HB6aCHHuezWsmfS - XAHPTUROKnRoJz3W9q8RI0N/+H24vrIIPydMBw0JQn5Yws2TmYhCloBM622XQ/OI - G61pUiglAcPbs62ftar282z4aqFHrV29xgrLNN6D303u08QdwGkacWDZCVP6 - =4xiQ + hQIMA82M54yws73UAQ/+P7O9U0ST8CQWff1LrD6ChJA9c1F5z3/2TYCNvxy2PZrs + 62r9/pS7oH7i9cTFiEiEB7trv5xcoTSV4wkdiOQEA503rWfhePsSj437sQ3Y3GY6 + ofvEgSpBmOiJXyEHqSGbm9zQM0OOmRZwesKVNbttzWfpDTfAkDUvno8F+nexdwai + OcyBR+woVvlCpG/JmM/DL0fvsTYsaa9CGSlX6v5Gl3miIyAEwZuSVrXH/yCjHUXo + qH7BZbO9PX4XRiTsDrxvAa2lnigfbXGFaCugJYAraBOANF0tDYdqvuoDdnHzPXAj + cgOWzXLKZg54LyIyIpB3BtPqgku6Eiv1qrqCscR1UhwhzooJlQxBccejBsdI3lgj + wL4/Ox5Qze22EiTfB7den1F7fcKzg4YV5EvN6KYMjJ0BsKBR3BWceK8VAs/KYOL9 + amg8jVr7GevfEnE7UiHzn5poIoOumV+dNgWAHK7aaEvLfp5wGMpCp6F5wpFK7RvC + JHfn2ACyN7XpDkCrKyg6dRRDpa/TvOdayydVCBeZN14oVdhgArm3zeDx79+WD1kD + bSdBzd04iYQ09P1Xm8N5q7KAh3pl7f9HRe+sYalkUVpUOD3nGGVEm8R/ePi35Kee + kQ04PgshsUyuMiaA1PaaiDYPyMzBkZmqbLH94eQ0AJWJuqFFve3lsvSFnGC9tyfS + XAFX6O+T+XAzlxwPwngvkeb73cT+Xh79kc+qvSsXStPE10ZmGGA8av3TKw7bG9nF + B2Vlv6VXxqPNwV5a7NbnlQF0rDa5knZUWN0BSp/OvfThf1uXOCWEsu1XNFxE + =gnsY -----END PGP MESSAGE----- fp: CD8CE78CB0B3BDD4 - - created_at: "2024-05-13T20:30:26Z" + - created_at: "2024-05-17T23:51:12Z" enc: |- -----BEGIN PGP MESSAGE----- - hQEMA2W9MER3HLb7AQgAlSL/7pQDNiT95e8VWs6LimiQVULZkVY7uN8uIuNmBk9U - 9+wMLQooqjSB06OCaaBSCVVPJZgwCnwV5xaBqIRmSaXZdY0zkBhR6RFc/iLyXQbl - kd/AmS+9aTl4vAtCm08L2Un0zx0MBGVZ9Qw2ouOpFizRrX6TvaYxws0D+ycAvX4M - b21hS2pCjbSIOLbGS3HlSLCqujlRxI7hcGbOIfCqHt4nWt69JOU3sQBSXEltBop4 - CjED2cY/bjvLQ58CGSrthOu95pql0dl4uOT49j6AROWiumm6bIsTmrYHukb1QsVO - GadTjeiCXUKsDhNRtscgrVVIZB5yWrhOX9R/KhyR2tJcAVND6vtnZ9GX4LM7Dh39 - kcnZsJz2DvjmAp92zbDTx0nSD7+X4wAjoXxlkZ/kCQASQ1kKdiRc/3Loq2lGJzSM - XbO3wVy2whtczRa7Ya9axnM+yuChlAoEfWtnzHQ= - =IlrG + hQEMA2W9MER3HLb7AQf+KemMaAwgglqOOKqiGVU479l8Ilw3TJdLDMBqigbKGW7I + X0w37IELtw1LTvgo8cjWjkPM2gN7Fc61/2hrLwaqq+2uaG9ClDWNBcCf+QAN2Wty + 01Gv96BQJkwRzAUIxZUWp2qHJn4E/TOxpcVeR8laxvfEnLl/QzcGhaqydyESSXdX + EsI4aKIv1NgtWEzt9ZFFWI9TanVUahicq5Igi/gXZDrWxElHLurmH2DdqKeED7cd + k4lizTCIrPYJmc9T8qK7CCdSOIIZcR7j6oZl+tC0O83TEpij/cy0Dalg0bffE2NZ + ygmiVgTUpa7zHr4rD0FUGIrUL9qC2vxHVd7UUFqkINJcAVce2Kne8watFEQOW5lq + DrhY377M4Hu85SCufT7f8CimXYGRpb5/rnaVYCIXKq/7Cj068Ylmwf40OtlI7Btf + uY8JrTuxcYcszvIbbu6vaPhH6b7Jixn6/9Q6Zho= + =awWo -----END PGP MESSAGE----- fp: 65BD3044771CB6FB unencrypted_suffix: _unencrypted diff --git a/nixos/secrets/barcodebuddy.yaml b/nixos/secrets/barcodebuddy.yaml index e6f83d2c..ff7c68c7 100644 --- a/nixos/secrets/barcodebuddy.yaml +++ b/nixos/secrets/barcodebuddy.yaml @@ -1,4 +1,5 @@ barcodebuddy-fastcgi-params: ENC[AES256_GCM,data:82HrXLAfR/vH7QtqaKOq/1B5/h0Qd0PRTK7W+DBtBLmaXMkGkV41vyohqnPblNJiIZHzkWPcmhdqcf2hhAKRxf3fn8LfMMk2FLKSVOqqQBlyFU/ZjNQymlTrr0ltmFDGskW5gsTMJUIAp6oILCfcIYKSYVDqjab6Gd7IG/mf95Pj9Moj5seft8wSoTd0lOajHn4dJ3Y4ZzcVZzaFrumxhxvLZpN7Rr0X7fnWtlpyTTnhPZ58fRvLlV+md5oQRz2h5KJ3HSlibWCm4yiDhUERNQ==,iv:vJ/afsq1FesiLdBDCe+nDvt4MjJ2ZofnV/+FeurNnrM=,tag:4DwuLh8CrPo8CK5zxsA2gA==,type:str] +barcodebuddy-scanner-apikey: ENC[AES256_GCM,data:/zgkkyPGRHBh6NxxZ2B1Qc9kVkmJPAqOjtxO4GJlxg==,iv:2sOLX4e0zl/WPE1fuJq+ZR6EkuMLv9AeuslQ93hBlGI=,tag:jdxenevtwuzgH9Gq1Xpo8g==,type:str] sops: shamir_threshold: 1 kms: [] @@ -9,111 +10,129 @@ sops: - recipient: age12ze362pu5mza6ef9akrptr7hfe4auaqul4rkta7kyy2tnrstqensgmujeq enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBvYVJGSFBRRnNnN0VFY3hj - elBraEpLWjhBZnhNWFpSU2w2bWo0YUpFQ0RvCkJNSUVucHRQYnViQnlyQi85c2NN - MEIyTjRCV2lFOFU5UmRPT1BZeUtNeGMKLS0tIDBVRVV0K1hOeVZOZWZxNzZGeVZ2 - b1NZMDNvNnBkU012NERxODRGWUhGeEEKYU1FtcFfOEVAyHd4kPJQTHSjIrghZJRx - Y56m4F4ZLUjHTdW67t0B6n8HMxkd9FkPMNcdevXjo1EJje7OkTFPbQ== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA5NW1DbXAwV2txOGtPTm9v + YlExWDlodzl2T01uQVcxWFg4Uy8yenFzY3c4CnNPcGU3TlhsWWZyL2JIQnRsenAv + ODJ0RXFuUDV2Y0EvdFBHV2dLY3k5WGcKLS0tIDFBMkNkdVVFRGRIalV6c1AxTHlk + U1pZSkdLVFJYLzd6UkU2djVsK2pmUmMKi34ebbrv8oEP6LpP9bQ5j11cFagm8WqE + Uqi0uDzrXdregLAa+FqnP23deGssz+hXssJ5sQR1OmZWGe7k0lCJ8w== -----END AGE ENCRYPTED FILE----- - recipient: age176uyyyk7veqnzmm8xzwfhf0u23m6hm02cldlfkldunqe6std0gcq6lg057 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBPeDJsSDBJSU5QeDZzWGRG - VjVsSW9xNU1NSVRLYzlqMWdrYllMeTV1eVY0ClBVOUt0VzkvYVFHY2pvYjNLOWRU - bXIySGtvckRlbzZ0dWFIYWpsUlpsYXcKLS0tIGk3bTFYYm4veHU5WVM3RmlHSlZG - SU5ZSklscGp4VTBBSnFMMWp4Q2RoSG8KZs+4ZqdkbxljhlqXShO3hazTBYyMZpR6 - 7kFuV3SA/NawP+1rRunB68PG2OgZAsOdEMghQcDjvXUCDPnolVWElg== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQWW5TcTVLTHVaMThodnVY + WExMSzZaWG9qMjZWQ1FaYVZhVUJYNlhGQ2dZClh5NURNejRjSWhNazk5QUdQWW9z + S3FRT2Rab1FsUkVHQldWMFp6Ni9LbzQKLS0tIERJVmhXanZZQm1pTDFYaDVDKzFj + V2hLQ3ZkUzVyZ1c3N2cwRWlhbVpFeWMK/I1PM2a9DkDKY97W/EBj5aU/ZX+EzM3q + a9I34OffXwKf8SKW88DEImQtvb8d4Vc1mp9QqvP+0c7/OGmGdvEgKQ== -----END AGE ENCRYPTED FILE----- - recipient: age15hmlkd9p5rladsjzpmvrh6u34xvggu9mzdsdxdj3ms43tltxeuhq4g7g9k enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBjTHFDcHpBcFEvUDg5TEg4 - QVdCNG9xeUViQ3AyOGxyYWJudVNzZFNxWmpJCjVsa0FzSzNyTmsrRXRESXhpMi9v - WHZ2RERMQUNoc0h1R0hFRkRkK29yRUkKLS0tIDdKdHlZUGVXM0ZQNnZ0Sk11clZ1 - ajRGNWRvZ2FjV215dUcxZjM1Y3U1L2MK2F3SM/aDXAxBYMySZcBxTstYEQ6fU9lg - SSsH2QX6XkHsC8LExGzEW/OPSAf7tfxKmGiMM/YHmKo0XkthjMdw5Q== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAwT2J3OHJrZFZWUzVmQnAr + RlVCam53VHI4RDVwbWJZUzZoWEpoZEdYT2w4CnNPSUZUeEprUDNuS3NXSEszckdW + STd5NHBMRGtEelpRVWczQWFkZGNkZVkKLS0tIGNMRGVqbGliZDFRVW4zRVY3Q3Qw + MTRITm52R2J4d3Jhc1A0RGVlNEx4M2sKj8TWJVFW4R7q6YvaOP+RrnkA1bSQoFEO + nkboZkxSdy8SPrdExyL76AYAjTvzkLnBl7iwmJNLh58L9X8/FtzEgg== -----END AGE ENCRYPTED FILE----- - recipient: age10t6kc5069cyky929vvxk8aznqyxpkx3k5h5rmlyz83xtjmr22ahqe8mzes enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKSnBMSGJtWHZyNHZEVzdo - M1VtNU9lcWViZnFjT0FFMHltMFdEL0R0Mm5VCnBZb0ljcHNpSVY5em5sN3lJc0dx - QXZuM3BONzVzcUtOb3hVbGF5MFJlT00KLS0tIGp2YmZ4MUVWc01ESjhsSll1UWFo - eVU2TGs3QzhOcU00UjhQWjBZU1VDeUkK/E/ff/ZTOmMmxhwAbAA1K/HOXGx9bhdE - HD079kH0nAD4+lBA2lzDz8CDKVOU0QNratxZwOJd4yZUm917We4kQA== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4VzNQSSsxbmFyZW8vSzBW + SzJNTGlNZTVQZnlUbHl6UHkrRWdaTjhrMG1JCmdKRkNUU3hwMStJdHV2dHk1WG03 + b2hMS2JDdy82WmJmaVE1eW80QlRRN28KLS0tIHNnaE1Kd3k3TGFRL3B4U2pXR0Ev + RFFROHpKTmpzMFJFbG10eXpMbVFUSlEKXuWw8svYK2JFxWTufpBnUBbEdXQcgska + nmnTVgf1yAZJmERIWX73NBmmqaG9bf39mpSOeyPJU6YazjIHBK/RzQ== -----END AGE ENCRYPTED FILE----- - recipient: age1a2quf2ekkj94ygu7wgvhrvh44fwn32c0l2cwvgvjh23wst90s54szdsvgr enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA3M2FydGVtVFlQdVFWd25C - NHE4emhCU2pxRmYreG9HQU8vUmFSSXZEZEdZCnRzQnhGZjllUGZFdmhuRHNxWXJz - Sk9saDVrRjAyanpuZ21oZlNWeGNMZncKLS0tIEx3M21tTjR6UXhlcHE4VG56NllH - WG5uOVA4bmhjaWFpTmtLRXpRSTN5YjAKHb1ztknE6la54ffLnRGM4ellP5vmvSI+ - SkaXCjzArtbvIDFHL3bp8mpMN6qLpLUgPsI2a2KsED+pX3dcyBNqzA== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBXL1FnL0hyYTZFemoyd1RJ + Z2FIT3RqZ3dpQWNqSm9JWk5KdmpIb21idjBRCkI2em1zVkoyV2xmdTFremVHdFN4 + ekxuSjRVNDVrYnRqNlRFcWFuYzdtY3MKLS0tIGNrazdYUVNLczZoQWNsK1pRT1hX + cXNLS29lRkFNaVVQd1Q2QThOaFloeDgKUGpYIXAU2BCGwMMJwYJJj8D214abO8VI + aWrOlWu8YwUV/5hhu/9+IGa4sa2DhSewILAT8pqE5GRiIQKucRiuyQ== -----END AGE ENCRYPTED FILE----- - recipient: age16klpkaut5759dut8mdm3jn0rnp8w6kxyvs9n6ntqrdsayjtd7upqlvw489 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB1dUpWOGZub0JtMjhNd2Uv - WkJRaEhsaVlpMDM1alFHT1JZakVKakozcWo0ClV0NmgydWZyazE2WFBEU05HUlpq - amJiMXpnZG0rNkNjSllrZkZ2cE95bXMKLS0tIEw4cnI2bWNyTncwT3RRQ3JTVTN3 - NzMxS2lHcUJHUE51WmNWNlRSQ2hoaE0KMrBo1vqsWBK0j90+xqGKUktfaxzFnfQe - mUzZZGJBr+wQlPiv2WzlD0eYu4KLy+JxibY6bSIj0bFynO9Z5VsSNQ== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQbjIvcExEMW1adEJOMWxq + VDRyenNKZ09yM29QZHltSXlYSVhlcUI3MVI0CmdZZkpFdjJUdWp4dG8vTjk4RFVn + TjVkL3hOb3dtazYxeGNmNzhSUXFaTncKLS0tIE1iT3NMcXkvWWw2bGNUazVldlBo + U2VwbkZXMFJtVGZ2WnpaWVF0RTRkQkUK1paX9AlIzO32N3bOVN39FIiTfvE3hi0N + vfcWR8OL5re3klFcF2+vKyZgNwP0NoBG28kvdqaKRoquIapG/XV47w== -----END AGE ENCRYPTED FILE----- - recipient: age13qgddr326g5je0fpq2r3k940vsr3fh9nlvl9xtcxk3xg2x0k3vsq7pvzaj enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBYc0lORWVBQ29NUnJwWWtp - RXo2ejZubFJhL0JES0QrZzZMR05GVGpPWXhFCnh0SUdveWYwTmdQcGNhZnE4anNi - VXM0OWhtSEl6Vm1VYW9Pd0c5SHV3VHcKLS0tIFdNNjc3Vk9qS3FVd0tFaWxvSjFL - U2tCd2U0MWd5L0pIM21GRi9zM1NZWkkKRxMlIlsx6B5ygAVPqawyRG5vfnz/kuPJ - YxNkh3aUkvaIagnMZ/bzjNYV7y6cnBl4M3rzrvHncR0zp9/6QH4jbA== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDM0M1ZEErMnNZOHF3aTMx + TmZ4N3BKTWlpZ2pnaEZrRGt6SGRiNXZoVndvCnB0bm5ZYjlWQnBGbGYrYVRVZ0FO + TUl0WWgzM3o4NlJzb0pEZzNUOWhCN3cKLS0tIE1vOXVjN0dGOUJVak14RjAwUjZT + b1JSYkJQblczTUlpaTVXL3c4Q0p5ZncKi59UQvPAVLszjNjG7zya6+yuzKFtJ008 + GDQ3bA2XFIZXQ3inrlpWwNFKJ6UHrr5eSzJNmN98/OHsyTtVlMW44w== -----END AGE ENCRYPTED FILE----- - recipient: age1ktmx2szedfnpe5xumnzs8vkk0ffqgga6ved3drtksg9pye6ndsnsnqq488 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBMUUpVbm40THgwS0IyeE14 - RjV3aDAyZk9tSjF0Rk4vUzdhMnBnUmxsaUFzCkZKOGxWdGcrYmlPTmI2dVBIOVhG - RXBzMlF5WTlsZlhCQmo1cHdYRmJ5OFkKLS0tIDl1bzRLWnk0aUdHM2hQSUVqNmMw - YVp2UnlUeVVuMjE1L0VsdEJQdmtlQWcKwuFHmj4KpUk/LGxKu2sHOmN8QsuiZat+ - p4FswX4i4PDPmZAHYLt69MJIKUDlm3iN/A5Hfa6mX6R4NZjryNdD2w== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2cWV4ZmI3MGs3NkpHZHkw + c0tnQnNiS0lBUkJqYUdUS3hvOE00dlZ4dkNZCitlV3ZuMFhqYjdCbFY3WnhmUFRT + VEMwT3J1eFRXY1M2VktlVytFQSs2ek0KLS0tIGEzV0lDOWFoaG14czJpS0RHaW95 + bDN5WWlZUTF0ZFB6N0JzRzNIN1kvZ2sKsEx7BU6IU4E1pmVCfz9UIdCZHWnP6LMC + V+pxBy9jHbpxgXQ1i+fURNhzbU9DAuQ7zn5EIzwcC7dBl3dFGR/kVg== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-03-23T19:16:11Z" - mac: ENC[AES256_GCM,data:Jtbmq/04a6ar1D07UIb+xEbRmbBKCEY9G2UEmE3JX/xjnpFj10qFRHB1DX+sVtltjYDhWdtyVx/rWNg/QDcsC7aBelyUH2GamHSIHXFfQ+C5C0KySv+Fqur/px86wIn9jIzyohzQa0Vd4wiODrCtMpwnFx1PCaRk3/BSnrvkoOE=,iv:WAKYsjRuhpSK8ZdI60bU4mDjn80CMynnR/81Z5iILuI=,tag:wn4RMpLnKj0funHp//GGQg==,type:str] + - recipient: age1fjcafp0j45sz03zq5srnxyq2mujndmn25vceg3wj2cgzymqm73ssmhdgku + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBXVmhDbnRqRUtZNDMrdHRQ + WU5sSit4OXR0Y3JZM1NPdXp2WUFCVm9ZU0RnCmhiVWxzZ2srNVBIR01mRjJJQVJZ + WlQxMVEwMnFHYVNDeUdGZ1pWREQyclUKLS0tIEJaeVZTZkxpRHBXM01uMzlnMGk4 + V3JCYW1teENRc3pSazhjK3ZQVitrU0UKhTiULx5S1blAJ/VRZEf8wXD0ighbutcR + XwZ2XSa/3zD9dQVlYt5WrzJzm/bL9fwfR5UfsUWnG8Gte7N7VaJLTg== + -----END AGE ENCRYPTED FILE----- + - recipient: age1tkkau8vk5h9dh3kemash4eghn7lk84j0hhpmvvf7j6phgcsm9vmsphv0py + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBWdzM4OXVtTHFpSll2YkFL + QTdqUzBvY29RWlhSYjBlRTNCVjAxeE9tY1RzCm1FVXAxWDBWZHEveGNKY05pVjZF + M0tjOGtrTEx5c0haSk1yK05jTGlGeUkKLS0tIG8wQ2l2VjNoQmFING9xWGFKUEJ1 + N2U5WC9QUndPcHZuNFdCZU0xaTRPREkKuJ9q2dMlE0U5aMu2ISe+GKN03pH56NWA + MALb90dsH1Y5R4SY1DjKtvwijGMACwAlV+48hNmRN2O20uPP1XlPMw== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2024-05-17T23:12:11Z" + mac: ENC[AES256_GCM,data:lWD0qcuzMjb0hnoNkKTzrEjJUgOSLuVmTLMa0Dy3Pp79nAFF3wfDlLeTcRaaIdzOF4gZMi671xsoAHGfgStnV3SGqIfXlIAp/JMykNlfpILlbitG9Pkc7C45JR/wvr2qo1Fxn8tNqxeJYtHsKTfpw39bgr98S0LU676sDlzLxME=,iv:cMOxjJqrOQor38VdK73st7A4+OG7cNFT9hoBNwf9640=,tag:nl9DSdq52E7CO60gbnsGIg==,type:str] pgp: - - created_at: "2024-03-22T14:22:11Z" + - created_at: "2024-05-17T23:52:18Z" enc: |- -----BEGIN PGP MESSAGE----- - hQIMA82M54yws73UARAAqF6X9la78YtUjZntDu6j/s/A7+uNO5vIGRwUBathX4K4 - BQR9JRHMLiloAQCwGMjYUQBcGBlkTYZDh5ToN15YgaU7OLkcPKqWWkNHrmuhhbha - HoUVrznU3iqsN4ZyQ7d8Z2WcgulkRO07hiEks8F21Vzdu6r+pU4F4+A+SqnlyfRQ - jGiOO1OBmxeYUGbthOcW1wxFByYd+uUKnY+59U/eJxWIXgKhIPbdPPcPdMGF+P46 - OuLdK8fHMY50lzfn/fa8IlKAM95bsvwxH8PfGKShQCQde1va3xcB+N9uoJvTFZ9t - PkmDd7iFKlbN2SGmxI4pBlHanvJ94eB8afGH96aTIQj700vMH95oTvKKnSJWZvUz - U1a3pRsnxSqgQ+Dont8VxrhlRyHw3z7GCOE0+Jhau7xY6hN8KpT16gSGAZ5FZ8zs - sXkeZcAf5vJPpLsrxIU9XEHY7+zzMyAYOw2MfuMOQhJR9UDlV+gjetIy3CcW6qAR - rBg05xJ2Nt6MUNuWdjcMkemME8uJN9a4rn6GkG80h4K4OBnr2+YYWH76bleTkAGx - aie2XzURPE/xhDBFAXXUGycgd2h1vLt6cDqgDvmLVUssVCdbZszX31vGabA+/dlX - eTdNRsseQC4j9HaTECIFDDvQzWGl3vpFD0EGgvQt8U6Q3xCgXfEOrxP2th/ogE3S - XgHz/dGQpfMgvNdYoQ2uYBB6i4k14z7u6sQOPsc6hYTUqaQfx7VH+ji7Pgx9OG0G - UlkEpWG8brPffzkz+OcrgH8lm+9+E51z/dzdEDSUa1zMyvD1iXr1eXUUDt8sUbA= - =TG+W + hQIMA82M54yws73UAQ//ZRL8I8zZEEbQiMv6l8oC5ST/M+DOCpb/39L3adXphxV+ + 2JHTew4P71U/GCDYpVn2OIpag1s2iYxLk2XSJgw3fJ6xKbIQt+Srke22TEG4GHmB + 01O6X/5yWsU2kF5XcTzYj8LJTSYmDOa3/VQ6XxDd3MQeQ+GxQIK1mMi/8pWPsycm + Jjr+b6Lv3ac0DZ8LAek3WrA9zbvtq5FFSPxyDlNs9oBVPoEpBZ1nn8LqjrNfuQ24 + /lg6OEOJYqgfquJuA/GbyR7Q6lfe9HhwIXU7d0nLnvqtM+VovChpFgSKcOMedIXe + qg4IbP1iBlVPR/bmkf9SEuTHW82xfrtYUnNqFskWJCNnrOtGGwJ+SGndHhHA0jgh + X0S9DTEiqihRP3F7V3FmZLxdmZBIiAvpPSXDhCbdoK0sNmSo7o89WlgCK6Gp6KwB + lOvhtQK94HHNdsFH820JwVlTyXMSXpOKi+Rf60S03LMyRGSDw8Y86aNAsTrUD+nA + xpFc6gCji7v6r1rzLta2Bs6dWvDQhRrCm2M0+Hfm0ufJt+t9WylK6mCvBLDRcXqP + sVl0NLGQ0oOHAP5JGjSJYTXKOMjTp0LoxRefgoHALy2dM79OzNK8xtDpHEoAii4v + kgFd9rAY68sSr2uK0Iw68cYMtOn9i7VOpi+4OotCMeaWhPN2ErSkB65YNNfnZWfS + XgExtmG6TbihX17bwHz1hUwZFqScZIrl39FG2QTjapuq2qZ2n2e8N2QlRG08O15f + QJd4J1pVpcCO0KFJM/Bv57fA0X+zdmYEOkTAU3NPJ6cNrdQVwZPAOMZWOTc2W2o= + =B3YX -----END PGP MESSAGE----- fp: CD8CE78CB0B3BDD4 - - created_at: "2024-03-22T14:22:11Z" + - created_at: "2024-05-17T23:52:18Z" enc: |- -----BEGIN PGP MESSAGE----- - hQEMA2W9MER3HLb7AQf+NBCAbsV4DtDVLUAzlb2Z49Fi4tZlEBbcf/vg8fvoS2Y7 - uGjlkp/t5fc2YoZuZ8gWbzAg2Y4mIs0NgeLcZffAzcZAOOZ24qRYdnIwHNnqR0Ca - dSqbYbcXO3yGMDDsSFjcL7l9O/YqR+WntwJBPuhfjVuJ0lNXXYg6r0hVyfVQmAv5 - x0xLuYttTxCSy4iDfStpTpeiQTFTrqFccBVZZJiIG9TyqQZNRXnrCKXvwZ49nxVE - vGMyf6bVPXhqEDjwJ534HvV3AGovwPt8t8OE4ohnau5VVwpqF0U+Jn8tvmvFti5B - T6BMtPBkDvSEk+rk7qv4Ak/GwooJ4PgCwVuVVXGXCNJeAUuK5g38Q14p3lBFOt7W - u9xhH7c/FsPTAHz221OUi5AXfIZIFsgQVcu2JyzlzgzIC66tzOf2mUrhWRmVD+NY - CyfrZcE3N4C7392MTqFnemJtbYDOJ+YRW7pCMzEoBQ== - =z+BG + hQEMA2W9MER3HLb7AQf/SOAgJJUiwX0QVpsTnKp6vBEBjMNdc+zxnQ4knEP1zyHp + RASJUDx0yciRyDkEzjFwInA8DwPyZadN3wK3sQL6+lHHCvXSNwTDVawCVNlWH5vt + Iv3Qhat+xBacSHfNvTDtl5T9uI0gwbx/q8D175IIxIQoTF9+grOVdwjtuGo6F0lI + XiBGEbgMYWXgx6AnOBllXnN2/E9Hck8ljVLT77svTevrClaZYHI99iZPWH9SVn9l + O4RMOrepOmyRdw0WSsO2CmdZTc2MzzG9ZP92znztYVq89yq3DALsbhI5uRer8lqo + ADfFyVSwHJiyLWzurnTgzLzcIYnHL5rhbChWVQaP6tJeAZpDJ+UWHHHkTHNPXEUO + DfYH12xeQjLurKvPIvpx7WfRubPyiOSpOWJtePfF0R5ubwKQdJ5g6fngeV8KLK4y + qry29SRYHm3C3ResTOYNxbJtIiWJCTseT3BjE8losg== + =y5+f -----END PGP MESSAGE----- fp: 65BD3044771CB6FB unencrypted_suffix: _unencrypted diff --git a/nixos/secrets/nix.yaml b/nixos/secrets/nix.yaml index b869a2ec..2451bcb3 100644 --- a/nixos/secrets/nix.yaml +++ b/nixos/secrets/nix.yaml @@ -9,120 +9,129 @@ sops: - recipient: age12ze362pu5mza6ef9akrptr7hfe4auaqul4rkta7kyy2tnrstqensgmujeq enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB4QkpqSTQ5YnRVRElnUUpw - Njk4SlRwT2srSEFGeFZwRUtkWE5SNWpMMTJNCkNBSU1yd2RmUlpFRzFtZThWSDYz - OHZ6SWdsY2J4aStoZHBMUGhzelYyOWcKLS0tIDNadTB3WEpldVBzZHFhS0ZVeVNP - cXBrUFlFQVgzNFNoWS81c2x2YXpoZU0KTfLd64jGWDtptsMbrXnpEb1MpYCYO8xN - ihaQxLimPZhYwU6HitjZBLWDoYtZ6RX8qQAsJLiH+qzxepQavfqptw== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBSdC9LTG5rSzlMTjl6eEtH + cUZGSzdiZjJaOFZ6ZHNHZzI2NWNQRW0yVkE0CjVBTUFsbHM2WDhBMkxtS1ZGNVVY + VEdvUGlJcG5mZkNPTEdEcmtsSXltSWcKLS0tIG9HRlVCczJaVEhSbkUycTQ0VEx3 + V2VZMzE5WXZJelNTcHVOejNCY1JZUjQKFnmZcdkHGoOQz/gQY1pIf+vZhtUx1IYU + yoiJ9mxyISK3DLZjqxl1+wr4BrqXd9smu3oCAFKTVc15/d1weIy2GA== -----END AGE ENCRYPTED FILE----- - recipient: age176uyyyk7veqnzmm8xzwfhf0u23m6hm02cldlfkldunqe6std0gcq6lg057 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB2NWYwYUN6Y1NSOWI1UUtP - L2FRY1JoT0lFdkpGTzFweGlOMjBsWUdjdmtJCmFmMW5ISm9NbGdYRXdTY1p0eVFZ - dUQ1V1pQK2IzOWlKaHlaM1dCR1ZwdVkKLS0tIDB3RUNOanI0QnNRNGo2cDJqdzBq - d1JtbUFJRHdLZDc2S3VQcCtHYlQ1SGsKFsJSSr3nyxwPnrb4RH0fctsl9C5V3cf6 - 9lxh5qtDEa2JWrSx4QDRGXRPPG/BiB4aYmE/KgyM9mSQPG4VX9M7/w== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAya01EQllVZDh3QUJhZjF5 + WEVlT3RWb29qTnRsQU9wakgwZ0F1TGtsM2prCjJFQ1R0dzZqdzhpVEVVSmRmZUZr + cWt6VkdYK1pjYjRYMkM4OVNNcUo4WmcKLS0tIDZqRVNRVTNWbXRJZ09COUdVODlL + Y1dzYUV1MkJuT3c2SzV3emFRSFh4ZWsKV9bWXhxB44JJnTpoK1lQ4aU9Pp1kzpYO + /ks233leKMbZcjcS7MduaBrxoGFPp6rPQIpT3y3buzbqyViwEAQxyw== -----END AGE ENCRYPTED FILE----- - recipient: age15hmlkd9p5rladsjzpmvrh6u34xvggu9mzdsdxdj3ms43tltxeuhq4g7g9k enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVNEdwamRsK0JsMmpsSjlF - L3Z5ODh5am10QVgrclVjMExockUrczVrT1d3CnhaVTdsOEhmWm5tMUxCN21NRE5I - ZkxkTW1UK2Q1MlBxRFBaVUxsa0JKUTQKLS0tIHYwOGFXNmQrUzk4ZHpzNFlmcGU0 - aExEMVpoZ2F0K1d1MkpMNDFaMXNUV2MKYu5Dif3BfpMPD4w8log8bBEtxS09f7T7 - bXH/sS6QWBS8F+syHZzUN4KHlBUHwZ5fKrj05sasLcLOojEULRdPvQ== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrSmRtYmtNK3N0QjNEMzg2 + UlBPcVMxZGJaUTFzbTNmb055d1JoRjZQSFFnCmEzS1JzbXA5aXNFKzZUQ3AxQ3dU + VUZtQ1hlTExHY3c2aUU4eFpBR0JUY2cKLS0tIDJPZUwveDF5aWI2ZzFDSktNd1hi + bUdHSlhudlFIYmVmMWNxeGJjZW01R3MK0cIIaIU+egJCw3IHgNcaiQMxXOMhFfKd + aTDYHCNdeURXicwW5EgncDeAWv5YNsm3DSPGqjLsEt90e5Dn01EHlQ== -----END AGE ENCRYPTED FILE----- - recipient: age10t6kc5069cyky929vvxk8aznqyxpkx3k5h5rmlyz83xtjmr22ahqe8mzes enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBCQWh1MHBoK2hBeUdmLzh4 - RythV2xud3FldXo3aWlWSGJ0cnRaTGRacmgwClk1cTZUZThtU01IZWtEdGlqbWRj - NVhDNjRldlVEMlYyMDhsZWNsc2dLb0kKLS0tIGpyTU54RHBMU0FBM0NIOVhtK0RJ - S05MM0VjVVpudE9DTnJLWGs3NnVkNTgKGB85U/EWrFXGwPM/x8GWFYCh2vPK4chS - UFRp2JH2v9W9dQHk8dhmxxQPCglsm+u9KeDTCgYp1HLtzTXy9G7qWA== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB1Q2hJc0dEVTVLUFcyTHFo + STQxaEJXWVIxOHlaQUJsN2N2ZjhVZjc2WFNBCitWT1drZEhPQlJSZDlRVjEvTHo0 + MFZ0ZWlKWU1EWHRBeE1FdHhXWkhDcjAKLS0tIHd0bXNHeXBvZE5Ka0FlQitOVGt0 + OVQxTFdjNWg2UkZJWVRuOGovcFBId1UKYBqlh4HxPH8nUp70WICdhqzNOUBwEdzR + u7zcoAlLvASgt5LGbK6UIVDpq/rJo+B8WExkJzVZOgysko0lOVPB3w== -----END AGE ENCRYPTED FILE----- - recipient: age1a2quf2ekkj94ygu7wgvhrvh44fwn32c0l2cwvgvjh23wst90s54szdsvgr enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJN0RST3VZRndtMGNzbDZ2 - encxOTB0Wk5QZy9xZHZPYkMvZlVaeHZ6MG5rCnpENWZoRm5KSU1VTHhOWTcrY1BU - VDlKc2wwU284aTJZYnluR3F5V1pMMXMKLS0tIEM5bmZjbzhLbGhRajVVRUlrZ3BJ - Y0tWQUduTWg0VEVtZ3JQQ2tqd280NG8KMbnuJdgzBnkPSye5tOW82nR7KlRrW1rM - s7S3iU2PcW0uFCbHX+HOoL8p8yifTCPd/FHct5fuKepZoCtYwf0ItA== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBTM3I5b3U2TWFaS0JLc1or + Wm5CdlFKWmM3T1V0OVA4anZWSzZ6cUlsM0NVCkZKbHc3OFBWNnJ5Mm9vS25VL0RU + VXN1OVBxMURicnJmYzNrSVBtZTJTQTQKLS0tIEd1eFd5OEM0OTN6VURwVExVdUdC + T2lHNDBXMWYreHgranFTQ3VteWkvbTQKomNdn+nzcLLHtbXquhYpL6Sbc4CCRQ8V + /sc9jypEORwLyOIU4E/S2fQl59WH8IqPpno4kEQuqDWdXY0qDyH3rg== -----END AGE ENCRYPTED FILE----- - recipient: age16klpkaut5759dut8mdm3jn0rnp8w6kxyvs9n6ntqrdsayjtd7upqlvw489 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBOejFLY1hKd3F4bnpDSEQ3 - Y1hKcGNZRUtVOVNnVmZNUFN3WncvTUtkc3lJCkRSWElDVHpEdmRkU09pSy9lUzBz - VFYwSHRsMTBqc21nbVY5OVRiL3FidjgKLS0tIGpOeEpDbVQyRlF1Zyt1U0h0SmIw - V01XVWg2MzdkRnUyZno1dk04OHM5alUKrghJcr7M4JRLat314LWfJ1weiSfIVYeI - ZtUCyrbqnuxnviS4ouTZhU6mCcwLITkVg3CKfFmUs4mJL9w2kuRWnA== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0ejFNekRhWWlnckV2TWJy + M01UR1p5NzhGbVcxdnZ3dVJDckIvMmZCUFhJCmkvNEVGTFRkYXY1WUUvQXl3RFJ0 + WklwNHJsb0RqUklpY05hM3EwVUtlZVkKLS0tIHQzeGtKRnlCSU9EOXk4dDQyWmNO + TlNIVUE3NWhnNkxnMi8vM0Zka2t0U1UKy+NyDUQAoYtOu38GLFFQfkaJnDlKQeDb + ouGcne7EcGLQZlFf8xJ/Zhc6ETHo0xxJqQwcHIM+oiEhzU9vJobzHQ== -----END AGE ENCRYPTED FILE----- - recipient: age13qgddr326g5je0fpq2r3k940vsr3fh9nlvl9xtcxk3xg2x0k3vsq7pvzaj enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBzTXVuc2dTdnVpM1owMHg5 - cVoxR0NKVHE1RmNpZEpvMmdvRXI2TDVQdTBrClFKMmZ1cW9tcHRQV3F1ekNBYWtj - TjJWdE1DWWZZVmhDM00vclFDd2xlaDQKLS0tICs1K3ZkbXZ6UVZ0VlZQdGJuN1JO - WFh4RFl4N2Y4R0ZYNXZlMG9HaTI3ZG8KrcNtQvEBSKCQbRxarrVhXgbISr+JHdmy - W5S5aF9qXx501Tj3zJgrCWaP+7Po8XG83LFZ9cj/KnMqkikS+ydcwg== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBRRFRpSXVOUmtwTys5aGhG + QnVuUHVOdkhzcHZ0WlUxOWYyVHNSRnlFZ2w0CnVaeGVsUFBIVDlSY01pejNaZ1VD + b09TTU1XQW1sazNJUUNEem84d1gvL1UKLS0tIFNZRllyZW5oNHZlc1VNWFk4WTlB + RWJOUUh2QVp5UFpnRFVtT0tHcTV2MDQK8k5JNTZqyMkcql0eFYqeYBUpqplXs2Tj + fZJH9m2AvOMTJmsHqckM7fggUEN4xp/y+giAyu/apTuMI9iVzolYEw== -----END AGE ENCRYPTED FILE----- - recipient: age1ktmx2szedfnpe5xumnzs8vkk0ffqgga6ved3drtksg9pye6ndsnsnqq488 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBCK0d2ZE1ZQ0xiTmtoRXhN - dk1TMGltcjlxUVdBbkpKU05Zd1FrRHg0cndvCjIyalRxcWhNeFQ0UGJVSUpuR2lN - clVqMDdkUHAxdEtPc1RTVndKVDdRRzAKLS0tIHVmdlBhUjRSRDVoRUF6bnFNdFlP - ZVI1Ny9jenZWVW9GMkdOMU1XTmtpN28KfTFGcLkGvvqDFyIVX5dIN0l0SCSjlt+i - A2G+UJnGTGZm32gLVVWhfh2iK4y3QXPwvxxgifQ+ZoguSzuGz2rRqg== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBoR0MyWFpXdXQvNE8vYTlj + OEl6UkxZNEV6bjRlR2czdlpWckFkWTliRlRZCmI5b1BTdE0xcWtEMmdEcTRhdWVp + eGxOMitMZzlkS0svUWhsL2paNUlxNkkKLS0tIEVJZUk4VWxyV2JhYVZrWCtoUHZD + cVJML2VmRnJ1ZzdObjJIenJVOURDelkKbpN5imF6oARePpn2tWpUA2CoKnDUf6RU + tHfX/5XvAXxClyhWNg5Y7j3VOGpNJW6IKTiwYdE4SFLQVkqrWPM/Kw== -----END AGE ENCRYPTED FILE----- - recipient: age1fjcafp0j45sz03zq5srnxyq2mujndmn25vceg3wj2cgzymqm73ssmhdgku enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxRmRnbkQvMGZWL2FkbEFy - dEN5dFY2R080ZHRlakUySGhaY00yMVFIRVhVCmIzOGQ1bUpLNXlvU1Z4ZHpucjEr - ei80YnhqSzhXT0w3M0tpb0U4UldTWlkKLS0tIG1iWVJYbmNxMEJGZjlKR2R0NFp6 - dFJBUXY1eTFpQk1uMG9PUnVHN3NtZGcKYgtAHBFc8cUjP/qJa8X4amEC76NffW2e - xHwa6sbFMSS0Sw0Z5SDCBdv6F48k6Yfb7ALHlbX9GzJxCTTbY/FsVQ== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB2UHhVTlhMTXFnQlJaNXNl + cHlGeWNaRHY0VjVJbldaZW5Ma1VqOXRSWDFjClo3NTUwWUpMRE05RkJOTnFLWnky + RDlqU0czY01BU3QxR1Q2aGdKQ1I4QVkKLS0tIFZ2aWtZaTRDNUJkb3I0UWQ4dHFw + SzBkalJiekJZUUdZQ250bE0wcXVtOWcKvxfSG1On0ZgFL5rQd8w0mccvyDgcXFQ/ + ni/55aM1icWb8AlaYIA7bI1pVMI+l/IYfCJ8ofIzx3wRu04+IYCeJg== + -----END AGE ENCRYPTED FILE----- + - recipient: age1tkkau8vk5h9dh3kemash4eghn7lk84j0hhpmvvf7j6phgcsm9vmsphv0py + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQSGYwWHdZRFZCV2NiMVQ0 + cThiWUxkeW03c1ZSeW9pOUdzSytqRkd1QWpFCk1uRk80TmRkYjh5UFJUSkRaQmIr + WU5Ud3lUTm1Ya2E2aE9NbVR4YTl6c2MKLS0tIE8vUHk5eGcwWk40ZDNjS1NuOFdQ + RDNYcGswSFVHOGVTbmFzOUMvNlF6dkkKoFSsWGmqm+f//8O0BVwqWUsP+rktTfie + /x1ZLcMHHIuSvWdhL1FVOAf6Hcyh+ZAHpY9lKKwC2vWvyfwGdHIrvA== -----END AGE ENCRYPTED FILE----- lastmodified: "2024-03-14T03:48:48Z" mac: ENC[AES256_GCM,data:u7G4YsCFxUkgOsKLRurxlEl358aLdBdFOrOtO9TUu0JUHRx8QjPcYgfHgHFXqNTfJs+0kVvcbAzNJxNAIMWRQrVDy3+i3YFlyTcDAh6CufkIXRM6fxnX1YHzZGEtC7bpBASTpSgGJzVt7XqGrqE7v8H+q63MugjHYsKtmIG7lO0=,iv:0Zrw4+Cmfv6bjn3lYoinkYdj/TinALpyOFP7Nd8w9MA=,tag:8gi04GcF6JCBwfmVEulSmA==,type:str] pgp: - - created_at: "2024-05-13T20:31:41Z" + - created_at: "2024-05-17T23:51:15Z" enc: |- -----BEGIN PGP MESSAGE----- - hQIMA82M54yws73UAQ/+NDXHPt8JBAf/m/nxLpF/j0aqWkyvwy30brq6ByFf3/Py - qE37Q3yFYdnxwNa8r5uwow+CQfBfrV1FfwCoLikFVtPfO9zSdpP+61gwuW6FNPnm - hmjkAk3NFQriFs7DaXPtiwMbiPF3PsWb6yfXzUzousqpSQWr/9QyJLfqRidx1cFN - QcZsHj3N0YnOXuiIdSy9kQ5Kog9uhgP85kUB881wQ/Me2DWq2UxcgBspIK8T53u/ - NM+odhNY150ISQUHiu4UMKClMo7Z9wduWylWgBLe/zvTh9hXd0qnMbiYFTHcF/do - PfdYeYyvCjLW8QncLfsnm3CuKk+T2Wv0VVQk/QAvt4LAcxhoDNEzVp+csZIapgHO - 1KH4Kp2NhEVMr0ssaZJdDosKM9jAWO+AWc7eHPSkujq+Xp9nYo/gUEJQ8qLxu9ZJ - J/1Nm3q7CdaoXuGjk8OlxbOaym5eHOODGRbdQt9CdHP+uDg9BLQOgsVNAC14b+O2 - MhTKDu6u0A5cAlwxOCDLS7+sZRNE+W/ovkdFJFeYp4TbKLQVw/7qjXTGS7YSW2lJ - iutXyGIY/JZ9PoLRNl74I3mtBO5x6gna2d9JV3karaQG7df5TfafbT8VSWoF0YGp - xFWQgGOKsHSZng5XjepgYj0HaJAeNjxUb9l++h4xXjLDEJEyn2jT+Y5jRIhhMVfS - XgF7Ha4RcsFvooCef6evXTtpwfOUzryT6bUP3ZpVbo5yDJ+0IDqD1Tu9dkHeM1Pg - omLTazYIoorZW11YfA1bVZVaCu+8wPZV6Vi9uqds6QEpCbGXzKmJn6JIj80i/aU= - =BTfV + hQIMA82M54yws73UARAAhnJObbYMSHgfmH57+fDXIbJu2e9xSiRlRVlMi6qyVm1d + LMwzX/zu+gNdOzhoo1EmKcMJXyD5usCjeiuuO+YvU5s+Z6cRfQJEJN7wiZ9cDGc0 + noNt97pDuixA1TDu3Adw3MQh4jDh9ZViQIn4T9QcskiET75Q1AlyWiQ4nVB7hQ04 + /scAJ6TEQYThxuNcw58q6mKnGpZnvs7/mmShI+3O4CKC6Lny2EwVhWbHVGnzbQzO + n5Ms2JbNPJvUbfyq0AVdqd5c0/NzIVtkG3FU4YkvqjMfDtHGHQ8ysLPpyqphqHXW + AfXSIrM5bEPe8JTR9AeV1a08XI97yQ/iHL+C1NFXVrQuq80CTFj+Qg9uDXIf9uXr + s4hDR+EMj6Ai4YQmqWW2Hsf9EQhKtscjyhvAlGxU4hiBFdLe/plu6t7woYxY7iAO + 5JuZ/guBycVZ6B6ntdS4tZVnNDBRdT2vF2S0EgnzHZLl1TWDdARhU81vyldrgX6w + nqyF0HaOr9cCPzh2PTSEu75AHtNTuo9zPBb+1V44Ozi8b/pgqezw8HdP+AFM8zW4 + Ai9/tSChsY5W5WO4jf3/S4r7jeJP/w66lUK/FN/YCNcJuxGpkCH9W6/d63ixeQyQ + oPMXYw8NE8tw3UDVXbbf9jjWgKiyIlW+MM0Tg46bYP1CczTpUq9zfppMiGW2IQPS + XgGZYywe3YTZVP+uIcK+SQPEsmX7Qih2oUDy4XL1DJT3w9RxpAs9aZQbt6ZC2rLM + o8jaW036OEjuJDa5qcaiGZyCZVrJxjDaWyW63a4EjO6wJFDnv0AWBeI6hNPo2lU= + =r5Pt -----END PGP MESSAGE----- fp: CD8CE78CB0B3BDD4 - - created_at: "2024-05-13T20:31:41Z" + - created_at: "2024-05-17T23:51:15Z" enc: |- -----BEGIN PGP MESSAGE----- - hQEMA2W9MER3HLb7AQgAw8VwWKfJckGHp5wzvUdkIq4AFhGH2Sc04mi4eVLYsiZU - wy+tOmNU3/rB/Y0WuyfCd68EQTa0UKKid2PC3viDsoNpqYBvbwjOTZkEgIWUUHtu - 08jFmrOIitOA3CniFioDLT04DnenMD6K16yqCprz8JwFv0DD9Y0BlkHXjzsKXeBV - YA4etbSSksgb/71JvNx369+iAgFc6gdAvlCPMbctbrHemeORe1069PHXm9EA7aVy - nrancnGyjq40EItpHeP9Uuj8tWV9c04zhC3mA7lCyCfytYWaPIOGMnzywhsoA18M - O2gbletY8io6TkhUxxyOBxqhvI8ceGqkskMxSUBaHtJeAWpPZT4t96L/uH8PBPGs - eg2iXE7hWcibcUiDDvB6mKywtQLtR3hvezYw+bQj5SEYfSvQnCM3oyRbsQKmqYbl - 5uJ0sdyIg8JxiyahGAep7036fQYmr7pvGRk8Y0M6NA== - =6YPL + hQEMA2W9MER3HLb7AQgAscM0vJUROfr8FwnKR1qgsVvQieYeB6KYjRMEy8gepu9D + 6KqOs1CVX6PrRr/6+dtpYANt4KEi2l6L0jQmhe41fteUaFucJ+aa44UEimw2O2V1 + djnkRfE2PkDBeN33Gn2BEn+ACXdGrsek/L8CgltTy3y0hBQJJVOCcYYEITryZDdw + EJTyxVV+pCpnNqLtLiszSww2t0Ub+hD0H/efX/TS/55gy+DYDkgtfXaXlrw59vjA + XWk/YlMB5JhJhIE1ETqbGs18FwFYMUc6vljSFFooSc96ILrcrMlnK6e7yoR7OHgg + Y1UFvp5u6bfSMnHoBgtenjrry5hCiVV1MWA2TxMnDdJeAfKpafPO9d7t3fpOteBv + gxbUHAxqqxTupXznsQQFS5j8dgV+ucyArhrfWVAkjsFS1g824VRAv1Lms5SmIX+B + IVcadrjjF9npKfiKbMw0u7Rn5ZeLdtCAReBQoOMXSQ== + =bMWY -----END PGP MESSAGE----- fp: 65BD3044771CB6FB unencrypted_suffix: _unencrypted diff --git a/outputs.nix b/outputs.nix index eb29450a..c35d0500 100644 --- a/outputs.nix +++ b/outputs.nix @@ -62,7 +62,23 @@ in { inherit (outputs) devShells legacyPackages packages checks; inherit (systems) deploy nixosConfigurations; inherit (tree.impure) overlays; - nixosModules = treeToModulesOutput tree.impure.modules.extern.nixos; + nixosModules = with tree.impure.modules; + treeToModulesOutput extern.nixos + // { + inherit (nixos) barcodebuddy barcodebuddy-scanner minecraft-bedrock vouch; + network = { + __functor = network: _: { + imports = [network.netgroups network.namespace network.resolve]; + }; + inherit (nixos.network) netgroups namespace resolve; + }; + sssd = { + __functor = sssd: _: { + imports = [sssd.sssd sssd.pam]; + }; + inherit (nixos.sssd) sssd pam genso; + }; + }; homeModules = treeToModulesOutput tree.impure.modules.extern.home; miscModules = treeToModulesOutput tree.impure.modules.extern.misc; lib = import ./lib.nix { diff --git a/overlays/barcodebuddy.nix b/overlays/barcodebuddy.nix index 8a4fe9c5..baa0e510 100644 --- a/overlays/barcodebuddy.nix +++ b/overlays/barcodebuddy.nix @@ -1,4 +1,10 @@ final: prev: let in { - barcodebuddy = final.callPackage ../packages/barcodebuddy.nix {}; + barcodebuddy = final.callPackage ../packages/barcodebuddy {}; + barcodebuddy-scanner = final.callPackage ../packages/barcodebuddy/scanner.nix { + php = final.php83; + }; + barcodebuddy-scanner-python = final.callPackage ../packages/barcodebuddy/scanner-python.nix { + php = final.php83; + }; } diff --git a/packages/barcodebuddy.nix b/packages/barcodebuddy/default.nix similarity index 79% rename from packages/barcodebuddy.nix rename to packages/barcodebuddy/default.nix index 17afb22d..6576488c 100644 --- a/packages/barcodebuddy.nix +++ b/packages/barcodebuddy/default.nix @@ -6,16 +6,18 @@ }: let inherit (lib.strings) removePrefix; inherit (lib.trivial) importJSON; - lock = importJSON ../flake.lock; + lock = importJSON ../../flake.lock; inherit (lock.nodes) barcodebuddy; in stdenvNoCC.mkDerivation { pname = "barcodebuddy"; version = removePrefix "v" barcodebuddy.original.ref; + src = fetchFromGitHub { inherit (barcodebuddy.locked) repo owner rev; sha256 = barcodebuddy.locked.narHash; }; + skipConfigure = true; skipBuild = true; @@ -27,4 +29,9 @@ in runHook postInstall ''; + + meta = { + homepage = "https://github.com/Forceu/barcodebuddy"; + license = lib.licenses.agpl3Plus; + }; } diff --git a/packages/barcodebuddy/scanner-python.nix b/packages/barcodebuddy/scanner-python.nix new file mode 100644 index 00000000..bead2b09 --- /dev/null +++ b/packages/barcodebuddy/scanner-python.nix @@ -0,0 +1,47 @@ +{ + stdenvNoCC, + makeWrapper, + barcodebuddy, + barcodebuddy-scanner, + screen, + lib, + enableRequests ? true, + enablePhp ? false, + php, + python3, + ... +}: let + inherit (lib.lists) optional optionals; + inherit (lib.strings) makeBinPath; + python = python3.withPackages ( + p: + [p.evdev] + ++ optional enableRequests p.requests + ); +in + stdenvNoCC.mkDerivation { + pname = "barcodebuddy-scanner.py"; + inherit (barcodebuddy) version src; + inherit (barcodebuddy-scanner) patches meta; + + skipConfigure = true; + skipBuild = true; + + nativeBuildInputs = [ + makeWrapper + ]; + + buildInputs = [python]; + + scannerPath = makeBinPath ( + optionals enablePhp [screen php] + ); + ${ + if enablePhp + then "barcodebuddyScript" + else null + } = "${barcodebuddy}/index.php"; + + scannerSource = "example/grabInput.py"; + inherit (barcodebuddy-scanner) installPhase postInstall; + } diff --git a/packages/barcodebuddy/scanner.nix b/packages/barcodebuddy/scanner.nix new file mode 100644 index 00000000..28c736c3 --- /dev/null +++ b/packages/barcodebuddy/scanner.nix @@ -0,0 +1,63 @@ +{ + stdenvNoCC, + fetchpatch, + makeWrapper, + barcodebuddy, + curl, + evtest, + screen, + lib, + enableCurl ? true, + enablePhp ? false, + php, + ... +}: let + inherit (lib.lists) optional optionals; + inherit (lib.strings) makeBinPath; +in + stdenvNoCC.mkDerivation { + pname = "barcodebuddy-scanner"; + inherit (barcodebuddy) version src; + + patches = [ + (fetchpatch { + name = "barcodebuddy-grab-input.patch"; + url = "https://github.com/gensokyo-zone/barcodebuddy/commit/9497d88b7971f2b47c9dcc32183721e059cd6d1d.patch"; + sha256 = "sha256-1HV5VMlXR4VoMo01KhlZ3bTdVLMJ08qzFqhqK4hBHdg="; + }) + ]; + + skipConfigure = true; + skipBuild = true; + + nativeBuildInputs = [ + makeWrapper + ]; + + scannerSource = "example/grabInput.sh"; + scannerPath = makeBinPath ( + [evtest] + ++ optional enableCurl curl + ++ optionals enablePhp [screen php] + ); + + installPhase = '' + runHook preInstall + + install -Dm 0755 $scannerSource $out/bin/barcodebuddy-grab-input + + runHook postInstall + ''; + + postInstall = '' + wrapProgram $out/bin/barcodebuddy-grab-input \ + --set-default SCRIPT_LOCATION "''${barcodebuddyScript-/var/www/html/barcodebuddy/index.php}" \ + --prefix PATH : "$scannerPath" + ''; + + meta = + barcodebuddy.meta + // { + mainProgram = "barcodebuddy-grab-input"; + }; + } diff --git a/packages/default.nix b/packages/default.nix index 762e7389..59dc56dc 100644 --- a/packages/default.nix +++ b/packages/default.nix @@ -50,6 +50,8 @@ krb5-ldap nfs-utils-ldap barcodebuddy + barcodebuddy-scanner + barcodebuddy-scanner-python openwebrxplus systemd2mqtt ; diff --git a/systems/logistics/default.nix b/systems/logistics/default.nix index 2cacca00..0eb73660 100644 --- a/systems/logistics/default.nix +++ b/systems/logistics/default.nix @@ -4,10 +4,15 @@ _: { modules = [ ./nixos.nix ]; - deploy.hostname = "10.1.1.63"; exports = { services = { sshd.enable = true; }; }; + network.networks = { + local = { + slaac.postfix = "40c3:23df:e82a:b214"; + address4 = "10.1.1.63"; + }; + }; } diff --git a/systems/logistics/nixos.nix b/systems/logistics/nixos.nix index ad73f094..21ac530c 100644 --- a/systems/logistics/nixos.nix +++ b/systems/logistics/nixos.nix @@ -1,20 +1,25 @@ # Edit this configuration file to define what should be installed on # your system. Help is available in the nixos.nix(5) man page # and in the NixOS manual (accessible by running ‘nixos-help’). - -{ config, pkgs, ... }: - { - imports = - [ # Include the results of the hardware scan. - ./hardware-configuration.nix - ]; + config, + pkgs, + meta, + ... +}: { + imports = let + inherit (meta) nixos; + in [ + nixos.sops + nixos.base + nixos.barcodebuddy-scanner + ./hardware-configuration.nix + ]; # Bootloader. boot.loader.systemd-boot.enable = true; boot.loader.efi.canTouchEfiVariables = true; - networking.hostName = "nixos"; # Define your hostname. # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. # Configure network proxy if necessary @@ -24,12 +29,6 @@ # Enable networking networking.networkmanager.enable = true; - # Set your time zone. - time.timeZone = "America/Vancouver"; - - # Select internationalisation properties. - i18n.defaultLocale = "en_CA.UTF-8"; - # Enable the X11 windowing system. services.xserver.enable = true; @@ -39,8 +38,10 @@ # Configure keymap in X11 services.xserver = { - layout = "us"; - xkbVariant = ""; + xkb = { + layout = "us"; + variant = ""; + }; }; # Enable CUPS to print documents. @@ -68,11 +69,13 @@ # Define a user account. Don't forget to set a password with ‘passwd’. users.users.logistics = { + uid = 1000; isNormalUser = true; description = "Logistics"; - extraGroups = [ "networkmanager" "wheel" ]; + extraGroups = ["networkmanager" "wheel"]; + hashedPasswordFile = config.sops.secrets.logistics-user-password.path; packages = with pkgs; [ - # thunderbird + # thunderbird ]; }; @@ -99,6 +102,8 @@ # List services that you want to enable: + services.barcodebuddy-scanner.user = "logistics"; + # Enable the OpenSSH daemon. services.openssh.enable = true; @@ -108,6 +113,11 @@ # Or disable the firewall altogether. # networking.firewall.enable = false; + sops = { + defaultSopsFile = ./secrets.yaml; + secrets.logistics-user-password = {}; + }; + # This value determines the NixOS release from which the default # settings for stateful data, like file locations and database versions # on your system were taken. It‘s perfectly fine and recommended to leave @@ -115,5 +125,4 @@ # Before changing this value read the documentation for this option # (e.g. man nixos.nix or on https://nixos.org/nixos/options.html). system.stateVersion = "23.11"; # Did you read the comment? - } diff --git a/systems/logistics/secrets.yaml b/systems/logistics/secrets.yaml new file mode 100644 index 00000000..c328001b --- /dev/null +++ b/systems/logistics/secrets.yaml @@ -0,0 +1,57 @@ +logistics-user-password: ENC[AES256_GCM,data:2n7OFQT4ZTrjzwVuuejP2sJxenP0dXzooWfr3Y+g6u5fM5tkGm5+Oa76VfLrFZtjwJUj3Q9BP1L1/ISPVZxnujxDwJW7mDtvKg==,iv:Q/UAxMQypP2Y6CzQxboI5dN6l95KECuJa2pB+Dcivvs=,tag:B1ahOzNzR8mU30qECWZtqA==,type:str] +sops: + shamir_threshold: 1 + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1tkkau8vk5h9dh3kemash4eghn7lk84j0hhpmvvf7j6phgcsm9vmsphv0py + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBjYk9IbTZjTFVsU28rN0Rh + ZE1wbzlrbjJkNFpXM2VnRytGb2V4QlVUaFcwCnNRaUtLTDFjbGF4TURhcW9LNXUw + aFAyeWRtU1NSaFI5UzMva1N2NTFsME0KLS0tIHhUNS9jK2hPamgrR0RjZ2xGajFG + dFVET2hqU0NTTmtKc0dKSGFSdnhMTGcKreJqNeHczADUmMgHOHhy+pa7S5hZvTUt + TXycS6WHfBjiG221yoxyr/L/wPCHKTatVMmcxHhTPBKyzOBYZL3dzQ== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2024-05-18T00:10:16Z" + mac: ENC[AES256_GCM,data:XmvgNXygTjC3ra13KvluZNUZt8XTGN75OVsnNX+pK/ZXbK/+qt9/Q/1thSOhkg8pLzfLYm9KXqRlVYHTrK+Wr2jko/mVdr9i8IgkVS5pJfvmvIjG7tW5nN88XjfFWAs5fnuvtSvJ2eJKzC5/kgWRwOMXdEfnodiZllqcqznvDAo=,iv:VbJvo8TgU78SOWAvlQ/bH4XY/w1ISaQG7X1UzNZ6InU=,tag:LRrfSssmIgDxuagy0gfbpg==,type:str] + pgp: + - created_at: "2024-05-18T00:09:19Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMA82M54yws73UAQ/8C2v2raqvfKJAkTBOY2hFj8n3TeC6y6GdnHubFSlHiEHH + uuVnlRnRVBOXytMiVq5WdY4ryW2lj1L5RR3xVkMsKgykQjotSodjdv0gYXw3ymp8 + z7IVbWYY7u2xO7oscqSHOY5kgQmQOnNSy5RppcD+WOu3osWInsEa3BMvWmfa1JWx + qkkUIOVG0E/mxc6z/FUCuKMV5vKAMATPUpxFxNo7U4nseX1Wz6W5s/P6O7W7Mx94 + DA68s8z3pLRj7jOjM/jZGj2Hg4wBqYdQ6xb0N6GaYDll4zH1nDJdB5eeyd0rO1V1 + UdEwqcuWZQ34PVFu9sqEgVY3V5ugK6oQp7jIEOYBL5pawmxnDxDVUhE+CvfOBQdN + zEhzsV5SshGwRQMzc2+mU1b/6niKWRQIN03jKv1cZ1r+FEGdt6bTeOx4D4+dJo1h + WFESDAsuE12gbzc3tOgDX9yMQU9spa7vcLVLEkn8wnFhHJNkdvmTzKNT4vvShAcq + mbpOe3EE03watP9Eg1vyczkQd5wHDCMiU+a6ewlxFbYCyvEOa31n9mUV6k/NMlhF + FFk/U3WAJ8EXHMmWSSNf91vqT5R3UBdZ5nOfJ+W6u6GO9yDs/1LcsJMyxhVf6Jpz + CB1n9BlSLjfF3Yu/gZ+75E2WqHCDDAKwxIU3y+q3bKYXBGd5AnYvH0Xuv6oa3gTS + XgErI7vjtfKztf77RnXOrSXn0uaP4HjSqmNCl0WLFiICRB17ZrlSgDtI/nF82+hj + OELdclxPfpZjWbF9mHW5bJPnAkcRsgVqwIjU8YY5x/CXDLc5BWBwKp2oMSLzIfg= + =NSbc + -----END PGP MESSAGE----- + fp: CD8CE78CB0B3BDD4 + - created_at: "2024-05-18T00:09:19Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQEMA2W9MER3HLb7AQf/UKlYZ3sPQA0GIQahBvPxYaHZqAElGN5PgQhV1AZMm6ev + ZlXR6z2t4qbV/4rEGNJlBh2d/xwn7BENnJuDf/XiQlzMxpqOVp06V8EToS0xp9Uk + cAglQm5EwTMSEfcNP6f2wKn6S17exbmodk2zhmXzB2f0mxF9scbLfUjC7t4sGfhe + A4M3e4ZZ+mSIEk1XD8AAQKEwbnxdineqgVTrIzTtejryaVXPdeJv0M7cgOXJhglv + rQjNInN/ITrKCWjzYvhVFAleozAku1yzw5GiVAsSl0wQQ9nMIBX9zK17S5d8UK9I + IXNSfK2RVHLenlffI00a0yxgqEWfgJafB8Ov4glym9JeAR6wUPdxr34ZA/AkX0hF + NJABFE5PFqtYDn8hV6+zOSuPIpAPtvrCLb2G4z9mEn9ItmLscJfsaRJKFfpWKHTt + TSuFNluSvvUWW6OvbGvZbgZlp2yu/PHjOT3i6DXKxw== + =E1Vw + -----END PGP MESSAGE----- + fp: 65BD3044771CB6FB + unencrypted_suffix: _unencrypted + version: 3.8.1 diff --git a/systems/tei/default.nix b/systems/tei/default.nix index 1ab09242..709d5ee7 100644 --- a/systems/tei/default.nix +++ b/systems/tei/default.nix @@ -17,6 +17,7 @@ _: { tailscale.enable = true; home-assistant.enable = true; zigbee2mqtt.enable = true; + barcodebuddy.enable = true; postgresql.enable = true; }; }; diff --git a/tf/cloudflare_records.tf b/tf/cloudflare_records.tf index eae1d9f4..61f1f6e8 100644 --- a/tf/cloudflare_records.tf +++ b/tf/cloudflare_records.tf @@ -108,6 +108,13 @@ module "kasen_system_records" { ] } +module "logistics_system_records" { + source = "./system/records" + zone_id = cloudflare_zone.gensokyo-zone_zone.id + zone_zone = cloudflare_zone.gensokyo-zone_zone.zone + net_data = local.systems.logistics.network +} + module "litterbox_system_records" { source = "./system/records" zone_id = cloudflare_zone.gensokyo-zone_zone.id