From cf0cee79373067a36faf151208cf024f188fefc0 Mon Sep 17 00:00:00 2001 From: Kat Inskip Date: Wed, 9 Oct 2024 10:58:02 -0400 Subject: [PATCH] feat: cleaning up... --- common/overlay.nix | 7 +- flake.lock | 78 +++++++++---------- nixos/profiles/server/loader-config-limit.nix | 8 ++ nixos/servers/matrix/signal.nix | 2 +- nixos/servers/matrix/slack.nix | 2 +- nixos/servers/matrix/whatsapp.nix | 2 +- nixos/servers/weechat/secrets.yaml | 9 ++- pkgs.nix | 7 +- systems/koishi.nix | 31 ++++---- systems/yukari.nix | 4 +- tf/kw-monica.tf | 8 -- tf/kw-rss.tf | 8 -- tf/kw-vaultwarden.tf | 8 -- tf/oci_servers.tf | 18 +++++ 14 files changed, 103 insertions(+), 89 deletions(-) create mode 100644 nixos/profiles/server/loader-config-limit.nix delete mode 100644 tf/kw-monica.tf delete mode 100644 tf/kw-rss.tf delete mode 100644 tf/kw-vaultwarden.tf diff --git a/common/overlay.nix b/common/overlay.nix index 260734f2..1f9c92bf 100644 --- a/common/overlay.nix +++ b/common/overlay.nix @@ -5,6 +5,11 @@ }: { nixpkgs = { overlays = import tree.overlays {inherit inputs tree;}; - config.allowUnfree = true; + config = { + allowUnfree = true; + permittedInsecurePackages = [ + "olm-3.2.16" + ]; + }; }; } diff --git a/flake.lock b/flake.lock index 9d44112b..67cb6266 100644 --- a/flake.lock +++ b/flake.lock @@ -5,11 +5,11 @@ "nixpkgs": "nixpkgs" }, "locked": { - "lastModified": 1725576462, - "narHash": "sha256-yQwN6aO63V7TlFohZ2y1HqbRiA787W4MEbE4FqcC4vQ=", + "lastModified": 1726806296, + "narHash": "sha256-X3EotqjO1hG00h57txRyVkrPnL8/tRxdawNbslxUe24=", "owner": "arcnmx", "repo": "nixexprs", - "rev": "02731f711e232ef0ffa5d7707b1a91a7dfb0cdb8", + "rev": "f6a043fc560b62ce6f207818087736e8c88a912a", "type": "github" }, "original": { @@ -110,11 +110,11 @@ ] }, "locked": { - "lastModified": 1726032244, - "narHash": "sha256-3VvRGPkpBJobQrFD3slQzMAwZlo4/UwxT8933U5tRVM=", + "lastModified": 1727999297, + "narHash": "sha256-LTJuQPCsSItZ/8TieFeP30iY+uaLoD0mT0tAj1gLeyQ=", "owner": "lnl7", "repo": "nix-darwin", - "rev": "f4f18f3d7229845e1c9d517457b7a0b90a38b728", + "rev": "8c8388ade72e58efdeae71b4cbb79e872c23a56b", "type": "github" }, "original": { @@ -137,11 +137,11 @@ ] }, "locked": { - "lastModified": 1718194053, - "narHash": "sha256-FaGrf7qwZ99ehPJCAwgvNY5sLCqQ3GDiE/6uLhxxwSY=", + "lastModified": 1727447169, + "narHash": "sha256-3KyjMPUKHkiWhwR91J1YchF6zb6gvckCAY1jOE+ne0U=", "owner": "serokell", "repo": "deploy-rs", - "rev": "3867348fa92bc892eba5d9ddb2d7a97b9e127a8a", + "rev": "aa07eb05537d4cd025e2310397a6adcedfe72c76", "type": "github" }, "original": { @@ -289,11 +289,11 @@ ] }, "locked": { - "lastModified": 1726036828, - "narHash": "sha256-ZQHbpyti0jcAKnwQY1lwmooecLmSG6wX1JakQ/eZNeM=", + "lastModified": 1728306985, + "narHash": "sha256-l/KpcWTv2SjxCnqFs5GYhvjeVYd40WQV4/F2+w9btd4=", "owner": "nix-community", "repo": "home-manager", - "rev": "8a1671642826633586d12ac3158e463c7a50a112", + "rev": "3ac39b2a8b7cbfc0f96628d8a84867c885bc988b", "type": "github" }, "original": { @@ -370,11 +370,11 @@ ] }, "locked": { - "lastModified": 1726105276, - "narHash": "sha256-L6AA5NEh3V4CBlwUkE7+A5tHbh+T1LvswMXDGygnhwA=", + "lastModified": 1728006367, + "narHash": "sha256-Bdf5twzinaacnn1JBogvxq0S8Ytm+25mWD2cfJ7fvpo=", "owner": "Infinidoge", "repo": "nix-minecraft", - "rev": "16419da635ec6a436e705541776cea757be47c36", + "rev": "a3a7888df1b87bdababfd9f0b00b574ee4c2e204", "type": "github" }, "original": { @@ -390,11 +390,11 @@ ] }, "locked": { - "lastModified": 1725765290, - "narHash": "sha256-hwX53i24KyWzp2nWpQsn8lfGQNCP0JoW/bvQmcR1DPY=", + "lastModified": 1728263287, + "narHash": "sha256-GJDtsxz2/zw6g/Nrp4XVWBS5IaZ7ZUkuvxPOBEDe7pg=", "owner": "Mic92", "repo": "nix-index-database", - "rev": "642275444c5a9defce57219c944b3179bf2adaa9", + "rev": "5fce10c871bab6d7d5ac9e5e7efbb3a2783f5259", "type": "github" }, "original": { @@ -405,11 +405,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1725885300, - "narHash": "sha256-5RLEnou1/GJQl+Wd+Bxaj7QY7FFQ9wjnFq1VNEaxTmc=", + "lastModified": 1728269138, + "narHash": "sha256-oKxDImsOvgUZMY4NwXVyUc/c1HiU2qInX+b5BU0yXls=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "166dee4f88a7e3ba1b7a243edb1aca822f00680e", + "rev": "ecfcd787f373f43307d764762e139a7cdeb9c22b", "type": "github" }, "original": { @@ -450,11 +450,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1725983898, - "narHash": "sha256-4b3A9zPpxAxLnkF9MawJNHDtOOl6ruL0r6Og1TEDGCE=", + "lastModified": 1728018373, + "narHash": "sha256-NOiTvBbRLIOe5F6RbHaAh6++BNjsb149fGZd1T4+KBg=", "owner": "nixos", "repo": "nixpkgs", - "rev": "1355a0cbfeac61d785b7183c0caaec1f97361b43", + "rev": "bc947f541ae55e999ffdb4013441347d83b00feb", "type": "github" }, "original": { @@ -466,11 +466,11 @@ }, "nur": { "locked": { - "lastModified": 1726110014, - "narHash": "sha256-uu/Bsk8vKbNPVNuxMRflbAgKVFgiValeqovbWpoFSjU=", + "lastModified": 1728329881, + "narHash": "sha256-3qPiZMj2fEqRofx3OTBJ31wKGFybZahKvLTwtp7FFO0=", "owner": "nix-community", "repo": "NUR", - "rev": "fe5681cead5e579577a2a33f3a44d887de244c68", + "rev": "d98334ad3e13d3db0ac5bdd94f0a8fbbcf27539f", "type": "github" }, "original": { @@ -489,11 +489,11 @@ ] }, "locked": { - "lastModified": 1725914634, - "narHash": "sha256-U74hu15xSb6JNySMOwyJrsh4uk1DVa182bdHLeHdYMc=", + "lastModified": 1727917089, + "narHash": "sha256-XWNBGf8Z03sqA5/m99X6XTFbHGNuVx1gMaMQJbdDIrY=", "owner": "pjones", "repo": "plasma-manager", - "rev": "60becd0e994e25b372c8d0500fc944396f6c1085", + "rev": "bc14b17bff1557de8f103172508f896a87bb9cdb", "type": "github" }, "original": { @@ -621,11 +621,11 @@ ] }, "locked": { - "lastModified": 1725922448, - "narHash": "sha256-ruvh8tlEflRPifs5tlpa0gkttzq4UtgXkJQS7FusgFE=", + "lastModified": 1728230538, + "narHash": "sha256-sbsMJOZgykaSdFbxLKghc0QMtolzl4P5nqpttBA3d5M=", "owner": "Mic92", "repo": "sops-nix", - "rev": "cede1a08039178ac12957733e97ab1006c6b6892", + "rev": "2750ed784e93e745a33fb55be7c2657adfb57c00", "type": "github" }, "original": { @@ -718,11 +718,11 @@ ] }, "locked": { - "lastModified": 1710146030, - "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=", + "lastModified": 1726560853, + "narHash": "sha256-X6rJYSESBVr3hBoH0WbKE5KvhPU5bloyZ2L4K60/fPQ=", "owner": "numtide", "repo": "flake-utils", - "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a", + "rev": "c1dfcf08411b08f6b8615f7d8971a2bfa81d5e8a", "type": "github" }, "original": { @@ -744,11 +744,11 @@ ] }, "locked": { - "lastModified": 1725882169, - "narHash": "sha256-v5L+Dh6KdyycIgcdIc6SQ1fRNNvFJmYz02+fyeptA2o=", + "lastModified": 1728299182, + "narHash": "sha256-wzxKH5DyG+uyhnGtP8YmN3LCYtEyYR/4fhjKVY2Rtxg=", "owner": "nix-community", "repo": "NixOS-WSL", - "rev": "34b95b3962f5b3436d4bae5091d1b2ff7c1eb180", + "rev": "830b6a752d0097c2043985ff4c1203aba07b268d", "type": "github" }, "original": { diff --git a/nixos/profiles/server/loader-config-limit.nix b/nixos/profiles/server/loader-config-limit.nix new file mode 100644 index 00000000..ec8ad9e6 --- /dev/null +++ b/nixos/profiles/server/loader-config-limit.nix @@ -0,0 +1,8 @@ +_: { + boot = { + loader = { + grub.configurationLimit = 1; + systemd-boot.configurationLimit = 1; + }; + }; +} diff --git a/nixos/servers/matrix/signal.nix b/nixos/servers/matrix/signal.nix index 4084de8c..d25f66ad 100644 --- a/nixos/servers/matrix/signal.nix +++ b/nixos/servers/matrix/signal.nix @@ -32,7 +32,7 @@ shared_secret = "disable"; }; permissions = { - "kittywit.ch" = "full"; + "kittywit.ch" = "user"; "@kat:kittywit.ch" = "admin"; "@signal:kittywit.ch" = "admin"; }; diff --git a/nixos/servers/matrix/slack.nix b/nixos/servers/matrix/slack.nix index ac433f8e..0d39309e 100644 --- a/nixos/servers/matrix/slack.nix +++ b/nixos/servers/matrix/slack.nix @@ -3,7 +3,7 @@ sopsFile = ./slack.yaml; }; services.mautrix-slack = { - inherit (config.services.matrix-synapse) enable; + #inherit (config.services.matrix-synapse) enable; environmentFile = config.sops.secrets.mautrix-slack-environment.path; settings = { homeserver = { diff --git a/nixos/servers/matrix/whatsapp.nix b/nixos/servers/matrix/whatsapp.nix index b073ae38..9c445bed 100644 --- a/nixos/servers/matrix/whatsapp.nix +++ b/nixos/servers/matrix/whatsapp.nix @@ -3,7 +3,7 @@ sopsFile = ./whatsapp.yaml; }; services.mautrix-whatsapp = { - inherit (config.services.matrix-synapse) enable; + #inherit (config.services.matrix-synapse) enable; environmentFile = config.sops.secrets.mautrix-whatsapp-environment.path; settings = { homeserver = { diff --git a/nixos/servers/weechat/secrets.yaml b/nixos/servers/weechat/secrets.yaml index faed4a1a..11286d60 100644 --- a/nixos/servers/weechat/secrets.yaml +++ b/nixos/servers/weechat/secrets.yaml @@ -1,7 +1,8 @@ -weechat-secret: ENC[AES256_GCM,data:nioUJ1t/qHdDpAy3vM2q1MMHPzbbGT/wPDRsUrEG2aqjX8Xpo3bQzW6k49oiiOpW8O+GX7jSbGp7qL1GSvnVnfIomZvgbXfdXbZEsB9tdmGKc9nWJ9irpyV/HpSyLaewf9PTmlVSdwD8maLrkzR52ZuNsu8TdKWFybbZy6qCh4mMB0GWlThlQ6lpXE9KXzhMuRgWQYtsWLa4x7v95GxZ5WvM/hhx85qoo+gRWjUuEIGlGwaK6ju7fHkuhhBJIYQn5ctkQMlegcw0TdVWeSuS1vC8Tv/+6oLSbPFE+5K83kv85LTlLE433esIHD0LZW55u2MqSukSu2drdlSgtfrIXk3KkS6dM5MWur1Off+Ii+w4mG62sKjqL2sg/Y1QFX4rOeDZY38SRpSP3mTK/xuwSbaz1r19nqyd7N6/+UZg9eVH1EeLph2scT3m223mTDVIPZ6efCn3HSx6Ej8e+UAM/Grnt/m5wzvadlocjIrVQ+FqIZnV0BZOKyHWFutYnpPMKfHEUWPrDAEdhlSPjD3GzsbjXCv+iW+EZ9d6CjqCLHW/bFAWs3N8TNYVBqy5Wd//NRZuu3XYrvtV7CCCaucXb3NVyvLKvA73Wt/rUg/ydcV//4iuL695q7o9g5sVKU/S8HxXCLoiZhDvFrrIXIWCFk3lWQ1/CkQHUJZpVf8+ybIa1T54lvbe25nfdbECs/niLaekeP+blLynAageJl8sRz1Yz7lqBEMsF2NmZMM+xkstbE+M6jbtBYbKf2LeOtR8IEjpvgCWncuW0BMesgvTCHGKHGC5cArdy91nFuCXThsqNs9n58LHxR7czbfesbqx40bTc4rg56W7GsatN6bTdk/bqjVQx7Pm9OK3+UczFlCIOe5MrZFm8JrUPZRtIbbbCz2PGfLfyvFdQVTvPQvg/ofJIFD8P92EKajZ4Aw7l5ERkgcuGLx4mWtDOozzKATtdJWzTa6kmU4k0+G12Ih9djXTwTDQGoL33Jr5Z9Z2oQflasXZ342EiCjVsjQQbhHrEzYt5CPtxOeNtIWesJbdP55SGgze5lE001E5NRc4lfuEAPzsRqbFcKhA0ad4iR9vqYNpNEgZIeIyen42bki/FIHPfSp9NipdCz4epKQWU8MIjXzlh2spQQXSk/uTNGafYGzdrRXsPnefQ1Qy0TvtxhOMKfsbGfUOabjeWUxgWueLcVPkT+S70TXxbaPbq7MDr5aLjwf+VVPt/ixqgENGrF5O11toGXDN0AN3+yyJHzz8KMm1dCnMtysW4qU71DK19lBeDdeke3obX/qpaZeh37+UE/AljdWWUOLBReh7vu2OWCUvjbcuAJJUEGSFA/2NrChxB51/XTGIbbQw+gx13F4LYjhxewTU1VBAHrnVSCaQfoj6hK42Qv2kSzLu,iv:Kd7Kt1ikOmUGqTHFOHQ0mWk7kXEFvy3Gzna7YbqRenY=,tag:OOzgjyRPgS+tsg2/KeMQbA==,type:str] +weechat-secret: ENC[AES256_GCM,data:tVl8Bbqx09oiONxR206vQu1V+2uZoIiWZEzrEWZ4H+sdgeZkzu8jvphshpIrRMU9eZ3FYa9mQIdbXXNJaiy7WFFSMoo6rEzPodAidOqMNjGR4X9vevbXg1FbwTkKpwtWiH+XJoj4ijfFhTXzX7fo63WDOoe0SZee3C1PgdFX00pD/G1MHg0J1pevBvQKuMV++zdX7Vd6mLV6LZBVWsUMckvbhzNjP6f5M4OTTRTrsftA0ow4DpB83QGtWcj6IjY1nBFOyDcqeO+0usIX72a4nOMF7bACunXTK2peN3kEDGjlYyhmw3wKPVYMM25Y3JX3BIkznUC/H1BM/XJf5zlFW1+9a5RZMwLDykMbMkEJjARXJ4zkja6jBjU=,iv:KrvHlr/WyBx1ZD50IGpL+oy5p2aOWAN3HSPdwUjLopM=,tag:6GYbQWq0MN6z/lU3TXN8ZA==,type:str] liberachat-cert: ENC[AES256_GCM,data:o/9UJHC20mmjdPf2Ip2RX7V09/LezOsm/D71BHXVOYxwxt0ij5x/vXyzOgw1cELYfh/572lH8PwAW/je2m3FEYKEyL7Dzmc3HDFfYdIxvnpMltW/tlGb/1VDAvVGByUxD5QZa5LHArkcL0NYq4Cb37MlPsBQxAgWj4KyYBcFF3vzggdgEmk2U5Ph7Zx1OaT/fganI8LlzCnQZ/5LH8ruUVv+eqTv9xIIJvkwmO7zzztLQyxfKVU74AuiYVgTQz4u0v+/ZMNeldfdne1tlY4OaQWK1eluL2C1UVRx8UDSTPnBEI8XR6RW8LctDX3rizM9BEXqu3b3yUZdHvR28mmHKvMZDm93WzH7/YOtv7KJut9QK91tG3viPBVe+l0v/n4rsYna5OUQHhbbuSMh0ruXRMthiBFEm3R00eiX0kzjVV81k+9/LOZYWmafNXwlAZ1+fW6r7fFNWsNgXe41JzpHoQEw1n+Br6MODhrxS/GwaZ/gmBh8dReU3mfevzD2RN7w8ESmGFlYeOppD7okprF8BKaEGNYr12Hcwl0EFPiosY3i8x3ZCP28ysFs6mBBpPCLw5icmrXcVuM4QaeYFoosoTIXlIQKcowl+MNw3toKlnV9AlncWn05XngXkOuS28/b/ts1mHSErD02YEFEc4M1VYN+Tc/I+l0WfOeIdmhL4GSwZfHNdPVz2wsnoYZdfmB9hpApxtNjAvKrjJcYhtoM6HbY+DVIZQ5nYyhnLwgBnYHMqP0m7Xb3/bPhEnZXJf7DIMV5c5XL0aOxPqi/jPQRKzc88zoaAA8izz2k69SrSr6DaUGie1W/qGyz/i1yT2SQZfYUfI00R5mcmCcC8ubfJ53ShkmH1x4n2Tyjt9ZwU/QymvZaDwN9C2yqnWV1VTGsN1JmXL5tAC4j1TOmRhdMnHOzEyNPcNVKXL3W39dlXnQKIRi+dgPewsu5/kFW5e9obP2+JkT8mfF2Sliev2dg0XnT/F/YoykmpKOwPQ57FQA9ubyMcbcAfSyc4vpWKGuLp0jJ5qZeQ6zOfXZf1o3Os2uNE/UK+PbY1/1SlvCtoGhNCGyQl4auSEoTqm7XNwo9kKoxODiEPM7dQfI+w2m1jxpm1K7JpaW38bOOwSZLrUW5s7G2kNDeAUUkCdGU3YZHvFyuMBobdGCQa2R2p0fT7BiwpdD1gq5QQYXHcumHH46hCpABfas3S8ZqxkCne0ZCmyZvbBoQvYt7liIxeWCnVVXaZyPWW4dMsvipEGyx5FNV3zda/Bj92Cq4jAfUjqWZmnpLc3lUtDR/hCD1KWGsaP+UFuYRdLWFzmypC2s1SjaHa5lq9mP8XG9uQUAsmk/YB0WIyhXOm+x31dIhcup0COxx3nddEeW++tG6fiPhcGRWkfYofYPGEn70U//j+vNrsII31HWXSbVEHUiT1f6FyHm1NQqZDP5M7sIL2CeMuo2FtG/fZGWfznUppCqkUbkpPTAGJ8oJrhQJwYoejQC10o4qp2QZHS8/SqtLyqboSIGUvVBXj40xIBp8U7WfwIZj71S27gGGbZEG6S+xJbosCYNvz7CdvZagunkP9aUZ9kzBbGkBw7WVqaUG4w1czkSztU5lEaJdXGxncC6qQ2lBlv+1boWQO9iekL7CAlhC0plGj3QNvVlfTxbodWEZ29hw/FCR1ddbvthpnDQi3hFGD+i5cx+drsu3fyXg0Kxi6ZVFuANfkN49+HC8qCe+vxQtMBgd0I51iBn3/2WF2Gl6QxDETtGkdONkIdyn+wpizmt1HQMMH0LHrPqaGAyKf0iz84X+5y9L8owgTRehRSon9jVGjgbH+s+DtSx8f2N+gHlpOIvEjDuIHW7Bvv42OAz/s2zBPytbMe9I9wFDbXpT87vUJlq5k0q83T580w9MlT2p7shDIR3GfKoNEOYR1YXvwgoR3vrAV/1c8qmHo/Qv1rqxzEDI2+5EkXIPrIy4I3gGwdu177ZPJELeKWAPUYCg+TZOxsp4+YAkoAyj7nLJdyHg1TZ21+hgH2/OyhjFjF45dkTykAW9vOofT2MrzG2ih7LXbsDb58MHfD6TBkpSH8gn+Xom8sfHIHVQPtbiMdkshEEeX/6HsL06dHF0QUHDmgBNaNVh9KBD09QE/YdtJOABCyyO4dMRZIRs10TPHH260wTpV9lHfIy7T0/iNQAZMkWsifE8oOyRJZMjRIJlDeQJKNC4Wtv9ruEZVN0QO58O6Y69AGQAnyIqHZAVthcoUunKkhuFBVc1AFz/zxS14FMnbF83cYU/piOtOayK6kk4uaclgEgPzOstPVpijh2tMfx243HxIFzwWvEr15PT1NU0KgV0/kOFMWu0vYu7QSmGXSEZNza/a6z8jPhn4IjYbDF08gbwQgFQs2TmYogee2xGFNnYWX8sFhnglgJoyB0a4mogM3foeNmHzx7iuCV2jKdqSWXY5pnAlaNtpIkVsycKrh5dFqtuO+BZBXmfu9eEaM5anzQGBz/XoO/z+0qY+yBurhaQeXDfYa+WiTdSZHFQiIVrE0sPyQlJ8dp3Qh99hHApKiZ9WN2Ab93V6PEMzVp4k5dmjmPd5GgpsjcWSh6uT60OcUMFs37XXSKjXT9+tHVX1CKy/TaXLGJ9hpOad5h+etvwWX1y0mr7tyqNTDxOTpcbk0aIl7wTnBqOT66tiMn04NcbY0t6bIcH983iEex8I4ES4pbjEHVox36dr924hs/P8wr/Gn3a0TnUzI8+KOZcBA4dIjS6uA7krWg+5ko4ya8qkTkiKJqAk4fZk7O4Jqqrf+dI4UiWGR/mDcapdCIjWkgEKK8Br8kpVFWq7I2dD3o4JMQ8JtsB5DgWrGiwewT0cJITG2qAB8hYCyPF6ZumT6iSk7dTCLfZxID66m+zSRW0LF6FV/kbnrfaWeZvijkHeH7/SN5y1OI1Oim/aXPGS/oQmJMjmV2xzMBmaHpCY6nF0Lx1LbavW0WJdFPbIj50Hufan/cyvG5c2ZB0Vg3gNg0Ruz+RtsH4iJtjonuDbQ37pwBSe3Opi36bq44rszHNLPwLgNAQiQwkxygys8ZS995ZdXEEAt/prh5Zh6eF+d3/rI0EWe9P80G0x4TkgLMM4A29ipT0ylidS0+AtFQr8eNk1rcRP+/aw3p1BIP4AgPHB2eA7AFCwMs/Cce/n1OGK++pS0H7kXIERMO40YIQXKhijExqyarS6D/Ob+DobrUq2AZIobO6M5iZgjy/Y76aPu5UTR6pF34Tu5di2HFLBMfCcQRsleN+gJUwqVDmRRuszXwBk4F6eVph6SKZVVkUVLferLIO83dboh8R56IKLasmg4WrXbcwBHZmOIoFWUvRwwxqC5wHgeG5dKK25XBFAmC8m9a1vbfZ00YA9pXyHEmpwYT3ePIfx8DvAgrmIED5E53qs5Gs0d9JUh6ja4TkN7/H9SRiLMN9slTmxPoQ1xhqzRUrQh+SD42qG7dpe2qlEsUfBuY1p4Pxvpn5kzZlmbRzlD0qPjL4YSuPQEEoCvPkYysOFwDtV82/FafPqBG2gQLF//3G7qNCT1UHPObboWCkTim2/IMA3rmLochbUoBM0KLrP7BQQubR8rv57lfjw15P1Z7ApppKnhZsMw1J/RvgH5OgK5X57rBe6SJl31RqX62FkO9GWQLG0rPgEsa93sd3zI4tiTTX/snU69uiW017xQ==,iv:DHnR0ZMEuZtY2Gx2xgomnEWH6F/qzkErJ9KwInGLlIM=,tag:Wx84gTr29eO/BvyRjnXC/A==,type:str] espernet-cert: ENC[AES256_GCM,data:3N91QUBnRUDlK1ndxw0434TzEEkb0Y3qte5UpjH96RyyRN6oeImC8Z0rjGGWGSNTF8Xrd+TPMWj4WpYQQwuZVAANwd5u/Itbs84alQI8ltaM4uvTz9KxNRvwY6FTi7lWrjzVWi4Sc7/wax8gh1ra6B7Q0BhDqWa2Lvucgo0NPU0XMO26W3O+sVzKcveNb/wCuDIgbgH9bJcJkkJ7st/zeEkQhj3cI7FYBXqTixKcN3JVI/1FX72VA9rhMIYlUV4CcJb/sNxZOIMP0XzjH+IcPZJdFz6Kob/dA6BYIwW8e0uVWEeE8RRSrKq/8FhbuN03oSo0z9TgOcldH0qgXF82eC/tmfkI6G6bkyu9sMzOtrQbb9Nl19IhUXYq/BYKosWer/Dnc2q/tR1qsFBirZiA6Gi+9GZxUZrWAlyBYuWTKCWU6hiUk2tGBcKg1VbxGY2H4Md2i6SRedGOS6VA/HJLyEjh8YDej3XR9EYFP02OwLs6+4MNBcrdOEEWmkxW0EEuS5KF2SZ142hhsHZ8NIDnolKsSOwFqRuKhgnAMsB9+IQSzkSSak5MbVcnAsJsmkqhTKvf0idco2tFGaJeJjjXVi1Knr0NXJX0yku/mA1BWvb119KP9vHNxxc2QKaa2MJeqpXR92cB2XBrtR9pSAm8RVTLRyFWCQxtuvKumO+3cPJPfocfuIocK9FRE8SfwnFvHL0frwK9FI9MaJRcMJqOgUv20p/OTGBoEpoKUhHUPmPqaSWVyi+3jEE+Va3idB4HeOgKA9P/FeVhnZf7SP28fEEI3A0805gDVlhcbx7Y1ZPrrNJv8VXAfwG2//H1Z9/TV9oruRjSR2S0tNLqV2vQGpHBPt1ZPF14lZwybAM0pRldZk3DasWEdZuSv9n8bHHv6cGhHsmrZdVb55oGW5uGEksdUGyXB0aRlXVFDkAiM5nTuNqZN8+EWyu+P6xH/em6wSWpeQE5t1tlqLqpaDU5O2tkVuqHcsllSou9k5p8PmY/bf5K1eGSPUVFAt+9v7+gQoofIQ12TpYCadOSYY7uCiukoiEFMYFyAvzY5QIiSWw07MF+jsBmeb3gWPqRH3tCHUBakkpVCV5ICRhItQcnb2Ins7jmthz7tvhD3pvrXDk7/sj5MwqByzfAyn6RqWJVp5D+GymQqYDhigPPInRqln0XBpywpaXMsWRx0UsnmCOGGJn0tFKq/k4SpwVlqf2VhQB73KtyP/K01AXmiVlfd1mbiAMw2N5qu1OpAt7SrfgXgXBTnd9eztamBMwKpMuXsfWdmycjnbzNYvhkCiy76AvQ8vgAT5udQWiliXrxsXubA0uhRAfZ/UGgRjiGPcw5fuBFnh7aB0FCYFhjBaoMwptHx92uTOis2gPEhn4K8Ex2xFMGlWC68RqvKXR/e3PNgVThTeXFN0xo8OObL2/2rtsvt476Aj+hENrAEZwW4Btc4vDJELw9KddnCIH5xeMdiDW+sjIh4Adj+H5C5Nt2U252DQExrprNksNqSTvZ8Coe4qQLB/cjyh5kOjIfNbaeaMXpikfgAV51pfbAGUUHrz5J7Tf36u5GLGHbETt3bTmyeyO0fZfKvw2UqAZaWaLn7C95n3dgkpoq2Gn2dA2LasgqQ+5EBcn93Oa923FKBdxE65UB/MXJPQkCDXBOCBai4I56wXC0QHDXaRlshvl+PQy76fSacyXlcTwcgoRFn7AVUTtlm/jo/4yGCfBzMWvITh6ppEzg5ls8txnm02CWP7ihoJaY317TJdOkon0qvkG2EXSOmdcX5nAJkPDg4Z4s2wVyEBqtRUzPVAQaCaqZRPseUHsfJzBYjcZV85dV0iw+McFQm7uEqjS+yCDXul5fRzx2g4IdslDf11glwb5pA1AVsA57jT41ByiFOXgJszURjvV0ZxP0vLfsQixa4uhYiZsQu+XGkdgDiS+/ENaUhRw9t0YfO+o8kxFKWm5wUgMpv3w8+9BOjlehg5iWR1J65qpk3QwGZ0PNDboNA79VPDYzbDGTR1uELe4hhxBs9xMTPWpXsRPVg19KVJowNIz4IOSxG7qM2H4J/Q7lxxl/f8tJ4IlIvCNp2SdI8eNABSqJDBcl0N4z5h9OweFTZwmkSzoTtHRnJwu0MpSMQQeEcrjqQgdCPhuY06TI8g+F9b35OvCEzUjP04W5VQVdl/TmJiIePsFZEaKlMUbwV47PyTp9Yq+GmPwVco5oIYWlDBId3r6vNuY5TkAtvfblcIqy2D0PCXVd0AWfO4baBZzBxZKu8x/ma2zY0cUon8HsXDkekfhlY5h4UgVwvTXZoprOfBzgEui7a8Hyilb0eUv6H0Lr5K+lLpcF4sKWa2BzyGbKP1gmjjr5tR+Mz11xKIta+mj+sVTuK3DY9xEBxvZpGiBRFrh4A7g4oW3ED+E5+o1uVOCL1zAp6dba9fINHfrvtpjHL5zy6x0snaBy+Bqn18EJg33/Y4slFe1IYJXQGTQ9rLkq1lDB3rHT0UjYrDepDpm/PH1JGa9QV5jvHxSDJhSakOC2/PojrJWk0jUHgXxONqscg1N2USU37iVE595iU6M+YoPStLds/AxZK02Hl+zsypHcF6Yc4h60wmxmRLnOPxMychb/jVJ+DjnKlGgavIg1alOl7nsCPhJfr3DfbZd/RAz9crR5sXkUpJN7uoI6b/MB5BMLIZ7dNKt64tLP6bXfpfT/v4NcfG/yzVXVy0cldKG9CRPGm70vFYqzP2P2IQTXPw0gBxn2SwJ1h2JeVdBkvqcUmcNS67jQsfZIJu+gN1VFinY15JNBxeEbd65+BQFbKGfCcQ2kLo9Q28TRERmc3yJkE8C4Vrzgvm+TDyFU23Zenm+ys5nhT3AlOQ6umEw07xp9cGMoSE0H4K9yPRppa0+UvNeM8suo1MlfTdmAKRmz9NGYGXskhcjwav74XJyvGp9AoA/l0pgQoD+snp+pahjFFlq7Y6rzqjvWattVo/U4OoeItvl69ueys7jdl4egSyRjL1NAsr2k9m8ZEKDDNY8WGQ/8+UXQI89wMQEeQBFUOnEPfsX9u+Djjz78/AfIMxI2ny7aS+idDoPyIomdRQqkL+88ZMSdgfyyUuvR5qfa2ge0bAgp1HskHDBBjjG3bTpL7gZKALpeinIn0+mBmCMlp/XL8akGxqWTpwFckYWB4A0FJ7DHTunjgQpwr+ajgaI52Y1OiPay9YwzUZ1jUFymMX+hNOSfdbqiG9hUAxC6iwck1bqZLkEy/M31KrQFFKfgnQ2ks7LrRgrmgTpiP4RpTzCpKBniYcD/Xz5ERVMbMndzHMzAqYddcSZyI1NplH9lct7q8yU2fcQu+jRdkqTBe8XOPugrwA9a4UP9aGmDWZE4Kxp8NtSgYY3ZDEEsg7O9whSMr0i2fqceNKwt4cwbyo+lnCqF4/lB5yJ82vx7Vcl7YukOEiS168g1prB9RdpnD0dItRM7VHXhc63SLt8j53cqXpDql10z6Q55R6aVej6gGHyPrIVZiFmCSovz5r+/YAoqAKLqxBYGs3ipfW/ZIf6iLkpaHCeyOZ8s/2T/iuFRPQRIr7+DtGeSeBnt3uAjJrEQ/AKn9M3HxVcajTGQBWBG5AKfiiYG6lPHRRz2/KoRM24lSHlS6ASXOuBp3cyKbcDWtdRZ0k7b72Y+c8cuGyiIaMee4Pr5GQed0mWjWm7vj8kN3ng=,iv:QpBIeLDM16NRjI4Atq6PaDrlDm35B2r6kOl/gk1lc0U=,tag:PW1I7HL1QWW0jK8jSZ3sIg==,type:str] softnet-cert: ENC[AES256_GCM,data:0acY4OVWvOCc/+rh8aOyoA71Si8nLy+4DY0IMa+sTz8+WKQMqXyAs0XviPcVetMJuCVngwl63dWzDIgkuGZiNDachm39cfBllJBZbiK/rlSpGFDvJ/ulKYWA31vjr/SR2drdUpaTVzYfwVSagV6trVihqMOlkbraCliYg5oN6hllcKXTr8wdNOrfJA/Yl2JkPnH89dH6lVC014FQ/XPh31kLNu2YpflrddQBUNzahRYfLkh693LKgYArOl2UexuEyt4Rt/m2vJEWScPUDLn46cH1NI93/zEG0WGjDP7zcRE7lV0NtfmwXWW95cmn/B+Zjnw27XPPi+ME2NvRbZ5URTohxA8rMh1jrajoRQ19ZFwSrK9LZjtp+/UQqci5lLHKp/hGZ+q9bauoooA17iSNrdbbCqMUdNgSCULfFcIKLJemuvF5DsjfjI8UvipuMlwhZ1xWeJhwAChB3dvelJe6zBFdtQLRdj1kzL7Te1V382dLfQZ4qpMKP0fM3hMSzEJpd8oEYsPAN3yjj9TI0aFcejog+E+Lt5N7g+MLz/jnCB5d+2GxAVZZWj6w2/nKY2pmwUfuPuIos4l/iR/IISC8ruhbjm1E50hHrNo2fvWkAafHvW8lHfVxE1lfiXl395ypkGJOTjRFfMzRYCJ/+jDg6urbBEFBlPnDwraHBGQJs49E4xM6oPD2fDQ7KqWSPl/XBjQWgdZ4SZnLNvrOXv1pi2lGj+T6JZj8OuT9+OuS/bXR1+jvxr3PYKUFnymMwy54NGq2107uCKw64obxeLHa+3brtUGuSZ1S0KzBMju3rQIHGnFw9dM7prx6peI1exJMJboIGAkKZmLmcmrACgFchGR2EbS9iyI+WagfSox1J4vk2lH5kWFuxnrZ9bNvP6n8PxrLZKxh9Z+rOQ3HvpAgErx5XfhiRzH4KWFv2Cv4gqTRa+2Eg/5n+KHSQpj0XOa77/AzATOuO0/9YDObKFgYICogkSH9OIl3Jia8onHc47pnfoHoEOyv12XqWJhxKB5t0IdTNBmaconSWWXg7iFYmEZvdSQ7V5PKuMZp7JlnBI9kehAFMRYASXItkYRWHMBarCw=,iv:Lo8RT166ArCg9FhHyrpLHvBf0DPrSoWCb4NnFxnm6DY=,tag:sVbXgO1//JHXvvidyvgUuw==,type:str] +removed: ENC[AES256_GCM,data:ou1tCt8doBvf+s6jI6bAxjeuK7rj+nhS2b6XA4EKJgpNxhXeJcYRQOJz5RKO0FszmjX7g3Lozp7tMmcCzHTQOllaVUg2RGzJwQSrKu91EyUXpAOds9FvBeeCRSu9rlrApqofzODdD8yxej+2AjIMbfL4hShaXxxEWCcALrCdEbURnBOvDnIGSKanaa8tNqzAx3ZTceVMNLdQNxK8bV3OeMcocxBZ6KISK65K8aUtoGiBG65iWaQU/EXV1Jo1xI3/2qgMWZ5RXLxGgN0WxJQdlI6n9slSZQIIzB2WFiujdl9azZKarxz+1EPVZH1xFvaZa6PPBgiq7/NkxuxdLgkXIDtNG5c7s70hzbGV2JQL8JYiizq7ZCQwR97R8TyNu1NMHGJ5MZJFQjDEl0MBliQgr3LIU1uvVdACQHPUvkPdE0P+iVN/vyEnZr0jbFRj5jsw65g1/qXIjlTggNIf1cAF42KhXtNB5Jb0J98ohajCorgNCjmzHj5hftwXAO3lfI1yTMGVTKI9cEStykrgfZl+smpGNlLvvodaBNXvHn/CzemzpLBfV0/iRPB1auqVKMMxMjTxPmDtfUyjqRnbEEySx6AnoAkgIGQr/9Hvth9tMeEn67qukBz8tAs0t/k/+azWCAypjXhRRY/oLu1HRwhIFLR73fS13MDJCXptnGbYHRUcqh7ijGIJgazagHffLu3eDsjeYoaBkg1S+My19dQM9bIDf0QaY5Su3rCuBeQU5MRPpthvtqj+7tS04HDyLmTHZlkFxPCgLd2O6FFIOXREyjZLqD7yHMaOuWQuZXncN807VBRSoTmjKIoT1kBrd6IpH9Gk9R+7C2mUHoszgFtaHjQjVZB1JjwSLfiSmU+zFVO4BpnSnEwwzApUEgthhY4UajAwNggM5L3rO3MfgfBrl65dRbHpqaexWtnZIox4XBiSBbWHfb0YqsuBmfcz763V9k2hQBLnS14bsU63rdvh8OiFjgLD9Ra9+Gx5WyHTxZfrXbm6xhRgjWLx5DVDKu6Jonkg/A==,iv:5ikaalISsPJ+4YON2IxIQkD++32jqBi5c13rcUQpE44=,tag:t9pS04MxQwQLlFt5PNi3jA==,type:str] sops: shamir_threshold: 1 kms: [] @@ -45,8 +46,8 @@ sops: cDE0NlhaTTJjRHRwWFNVYTZlZVhWWVkKKLSGcTpffyMD6f/Kn/MhdB89GipwKJBS HTQhBc9IE7AiFrHxgP5tIg4vEWNLJDumbpXVD+jXCtdyB72PGP9iKA== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-06-01T16:03:40Z" - mac: ENC[AES256_GCM,data:PSDqu33GEDKxydb6sYKN4/uZhJntO7OthN5DKkzHGUNTxLsAy9VoYDhjz3PuQLbPuxMcGZfit95HDM5pxbrAnDqPV9m+NL+Gpa6hBIl0gD+O6cYcjGhy/ABSnSGu1HebCtdhneZik0Oe/3HCSIf+SF+m54cqwJ+plVLDEAZD2FM=,iv:2nIUj37lafjVNQ7ubDaO06jx3Hdmz5RcZQy/Aexf1HE=,tag:wL0kmVTbFXhyrzu14C2eZg==,type:str] + lastmodified: "2024-10-07T23:24:18Z" + mac: ENC[AES256_GCM,data:qMoo60ydezJZoQX2LYmzwwvQpKvfxJ5QEBqnCVy5UxNijpfhwmY7qQL7AZy0QNTrCXn/EwpjVScGo10EZwu2hyDyMpzerO2g+I3eCReIZQJmK8b4rsqLqCZFueuFVGDSHixj3M/peCuDx0f70ixurOEm3L8HmBwHGjEfY/jQD/8=,iv:/yHfkEEKOxw12sdmAKWUdOdcC2QqjI9eQ6IwnpV8QFU=,tag:wu5aPYyTy5ZDNKk+ggoTKA==,type:str] pgp: - created_at: "2024-05-13T17:25:37Z" enc: |- @@ -69,4 +70,4 @@ sops: -----END PGP MESSAGE----- fp: CD8CE78CB0B3BDD4 unencrypted_suffix: _unencrypted - version: 3.8.1 + version: 3.9.0 diff --git a/pkgs.nix b/pkgs.nix index 67fc92ad..51161811 100644 --- a/pkgs.nix +++ b/pkgs.nix @@ -8,6 +8,11 @@ in inputs.utils.lib.eachDefaultSystem (system: { pkgs = import inputs.nixpkgs { inherit system overlays; - config.allowUnfree = true; + config = { + allowUnfree = true; + permittedInsecurePackages = [ + "olm-3.2.16" + ]; + }; }; }) diff --git a/systems/koishi.nix b/systems/koishi.nix index ddc83651..b8001724 100644 --- a/systems/koishi.nix +++ b/systems/koishi.nix @@ -31,16 +31,22 @@ _: let kde ]); - fileSystems = { - "/" = { - device = "/dev/disk/by-uuid/861e8815-9327-4e49-915b-73a3b0bdfa25"; - fsType = "bcachefs"; - }; - "/boot" = { - device = "/dev/disk/by-uuid/DD84-303D"; - fsType = "vfat"; - }; - }; + fileSystems."/" = + { device = "/dev/disk/by-uuid/ea521d6e-386f-4e6d-adde-c4be376cf19b"; + fsType = "xfs"; + }; + + boot.initrd.luks.devices."cryptmapper".device = "/dev/disk/by-uuid/16296ac6-b8b2-4c4e-94f6-c06ea84d6fbb"; + + fileSystems."/boot" = + { device = "/dev/disk/by-uuid/C6C8-14D2"; + fsType = "vfat"; + options = [ "fmask=0022" "dmask=0022" ]; + }; + + swapDevices = + [ { device = "/dev/disk/by-uuid/7486e618-214b-47ff-87a7-0d53099a05b4"; } + ]; boot = { extraModprobeConfig = "options snd_hda_intel power_save=0"; @@ -54,6 +60,7 @@ _: let IdentityAgent /run/user/1000/gnupg/S.gpg-agent.ssh ''; + boot.loader.grub.useOSProber = true; nix = { buildMachines = [ { @@ -93,10 +100,6 @@ _: let hardware.bolt.enable = true; }; - swapDevices = [ - {device = "/dev/disk/by-uuid/04bd322e-dca0-43b8-b588-cc0ef1b1488e";} - ]; - boot = { supportedFilesystems = ["ntfs" "xfs"]; }; diff --git a/systems/yukari.nix b/systems/yukari.nix index 73774fe6..57571730 100644 --- a/systems/yukari.nix +++ b/systems/yukari.nix @@ -18,11 +18,8 @@ _: let web postgres matrix - vaultwarden public-directory weechat - tt-rss - monica ]); boot = { @@ -78,6 +75,7 @@ _: let in { arch = "x86_64"; type = "NixOS"; + deploy.hostname = "yukari.gensokyo.zone"; modules = [ hostConfig ]; diff --git a/tf/kw-monica.tf b/tf/kw-monica.tf deleted file mode 100644 index c119935f..00000000 --- a/tf/kw-monica.tf +++ /dev/null @@ -1,8 +0,0 @@ -resource "cloudflare_record" "monica" { - name = "monica" - proxied = false - ttl = 3600 - type = "CNAME" - value = "yukari.gensokyo.zone" - zone_id = local.zone_ids.kittywitch -} \ No newline at end of file diff --git a/tf/kw-rss.tf b/tf/kw-rss.tf deleted file mode 100644 index 76cf1929..00000000 --- a/tf/kw-rss.tf +++ /dev/null @@ -1,8 +0,0 @@ -resource "cloudflare_record" "rss" { - name = "rss" - proxied = false - ttl = 3600 - type = "CNAME" - value = "yukari.gensokyo.zone" - zone_id = local.zone_ids.kittywitch -} \ No newline at end of file diff --git a/tf/kw-vaultwarden.tf b/tf/kw-vaultwarden.tf deleted file mode 100644 index e955b752..00000000 --- a/tf/kw-vaultwarden.tf +++ /dev/null @@ -1,8 +0,0 @@ -resource "cloudflare_record" "vaultwarden" { - name = "vault" - proxied = false - ttl = 3600 - type = "CNAME" - value = "yukari.gensokyo.zone" - zone_id = local.zone_ids.kittywitch -} \ No newline at end of file diff --git a/tf/oci_servers.tf b/tf/oci_servers.tf index ae6f2968..14adef81 100644 --- a/tf/oci_servers.tf +++ b/tf/oci_servers.tf @@ -33,3 +33,21 @@ output "mei_public_ipv4" { output "mai_public_ipv4" { value = module.oci_servers.micro_public_ipv4s[1] } + +locals { + server_ips = { + daiyousei = module.oci_servers.flex_public_ipv4 + mei = module.oci_servers.micro_public_ipv4s[0] + mai = module.oci_servers.micro_public_ipv4s[1] + } +} + +resource "cloudflare_record" "oci" { + for_each = local.server_ips + name = each.key + proxied = false + ttl = 3600 + type = "CNAME" + value = each.value + zone_id = local.zone_ids.inskip +}