From 17f93ea60bbe45fe30081e4a8b9900d15eded27b Mon Sep 17 00:00:00 2001 From: Hadi <112569860+anotherhadi@users.noreply.github.com> Date: Fri, 7 Jun 2024 21:21:03 +0200 Subject: [PATCH] Add heaven (my server) --- flake.nix | 30 ++++++- home/apps/{default.nix => laptop.nix} | 0 home/apps/server.nix | 1 + home/{home.nix => laptop.nix} | 7 +- home/scripts/{default.nix => laptop.nix} | 0 home/scripts/nixy/default.nix | 30 +++++-- home/scripts/server.nix | 1 + home/server.nix | 41 ++++++++++ home/system/default.nix | 4 - home/system/laptop.nix | 4 + home/system/server.nix | 1 + home/system/sops/{default.nix => laptop.nix} | 1 + home/system/sops/server.nix | 14 ++++ home/themes/{default.nix => laptop.nix} | 0 home/themes/server.nix | 1 + {nixos => hosts/laptop}/configuration.nix | 2 +- {nixos => hosts/laptop}/fonts.nix | 0 .../laptop}/hardware-configuration.nix | 0 {nixos => hosts/laptop}/nvidia.nix | 0 {nixos => hosts/laptop}/prime.nix | 0 {nixos => hosts/laptop}/tuigreet.nix | 0 hosts/server/configuration.nix | 79 +++++++++++++++++++ hosts/server/openssh.nix | 25 ++++++ secrets/secrets.yaml | 7 +- variables.nix | 7 ++ 25 files changed, 238 insertions(+), 17 deletions(-) rename home/apps/{default.nix => laptop.nix} (100%) create mode 100644 home/apps/server.nix rename home/{home.nix => laptop.nix} (87%) rename home/scripts/{default.nix => laptop.nix} (100%) create mode 100644 home/scripts/server.nix create mode 100644 home/server.nix delete mode 100644 home/system/default.nix create mode 100644 home/system/laptop.nix create mode 100644 home/system/server.nix rename home/system/sops/{default.nix => laptop.nix} (91%) create mode 100644 home/system/sops/server.nix rename home/themes/{default.nix => laptop.nix} (100%) create mode 100644 home/themes/server.nix rename {nixos => hosts/laptop}/configuration.nix (98%) rename {nixos => hosts/laptop}/fonts.nix (100%) rename {nixos => hosts/laptop}/hardware-configuration.nix (100%) rename {nixos => hosts/laptop}/nvidia.nix (100%) rename {nixos => hosts/laptop}/prime.nix (100%) rename {nixos => hosts/laptop}/tuigreet.nix (100%) create mode 100644 hosts/server/configuration.nix create mode 100644 hosts/server/openssh.nix diff --git a/flake.nix b/flake.nix index e89f28e..21c1e91 100644 --- a/flake.nix +++ b/flake.nix @@ -24,19 +24,20 @@ outputs = inputs@{ nixpkgs, home-manager, sops-nix, hyprland, spicetify-nix, ... }: { nixosConfigurations = { + nixy = nixpkgs.lib.nixosSystem { system = "x86_64-linux"; modules = [ - ./nixos/configuration.nix - ./nixos/fonts.nix - ./nixos/tuigreet.nix + ./hosts/laptop/configuration.nix + ./hosts/laptop/fonts.nix + ./hosts/laptop/tuigreet.nix { _module.args = { inherit inputs; }; } home-manager.nixosModules.home-manager { home-manager = { useGlobalPkgs = true; useUserPackages = true; - users."hadi" = import ./home/home.nix; # CHANGE ME + users."hadi" = import ./home/laptop.nix; # CHANGE ME extraSpecialArgs = { inherit inputs; inherit spicetify-nix; @@ -47,6 +48,27 @@ } ]; }; + + heaven = nixpkgs.lib.nixosSystem { + system = "x86_64-linux"; + modules = [ + ./hosts/server/configuration.nix + { _module.args = { inherit inputs; }; } + home-manager.nixosModules.home-manager + { + home-manager = { + useGlobalPkgs = true; + useUserPackages = true; + users."hadi" = import ./home/server.nix; # CHANGE ME + extraSpecialArgs = { + inherit inputs; + inherit sops-nix; + }; + }; + } + ]; + }; + }; }; } diff --git a/home/apps/default.nix b/home/apps/laptop.nix similarity index 100% rename from home/apps/default.nix rename to home/apps/laptop.nix diff --git a/home/apps/server.nix b/home/apps/server.nix new file mode 100644 index 0000000..ad229b2 --- /dev/null +++ b/home/apps/server.nix @@ -0,0 +1 @@ +{ imports = [ ./lf ./neofetch ./nvim ]; } diff --git a/home/home.nix b/home/laptop.nix similarity index 87% rename from home/home.nix rename to home/laptop.nix index a9ef02b..b19293e 100644 --- a/home/home.nix +++ b/home/laptop.nix @@ -2,7 +2,12 @@ let variable = import ../variables.nix; in { - imports = [ ./themes ./system ./scripts ./apps ]; + imports = [ + ./themes/laptop.nix + ./system/laptop.nix + ./scripts/laptop.nix + ./apps/laptop.nix + ]; home = { username = variable.username; diff --git a/home/scripts/default.nix b/home/scripts/laptop.nix similarity index 100% rename from home/scripts/default.nix rename to home/scripts/laptop.nix diff --git a/home/scripts/nixy/default.nix b/home/scripts/nixy/default.nix index c76df1e..ebbe610 100644 --- a/home/scripts/nixy/default.nix +++ b/home/scripts/nixy/default.nix @@ -7,10 +7,6 @@ let sudo nixos-rebuild switch --flake ${homedir}/.config/nixos#nixy ''; - nixy-edit = pkgs.writeShellScriptBin "nixy-edit" '' - $EDITOR ${homedir}/.config/nixos/ - ''; - nixy-upgrade = pkgs.writeShellScriptBin "nixy-upgrade" '' sudo nixos-rebuild switch --upgrade --flake ${homedir}/.config/nixos#nixy ''; @@ -27,13 +23,37 @@ let sudo /run/current-system/bin/switch-to-configuration boot ''; + heaven-rebuild = pkgs.writeShellScriptBin "heaven-rebuild" '' + sudo nixos-rebuild switch --flake ${homedir}/.config/nixos#heaven + ''; + + heaven-upgrade = pkgs.writeShellScriptBin "heaven-upgrade" '' + sudo nixos-rebuild switch --upgrade --flake ${homedir}/.config/nixos#heaven + ''; + + heaven-update = pkgs.writeShellScriptBin "heaven-update" '' + cd ${homedir}/.config/nixos && sudo nix flake update + ''; + + heaven-gc = pkgs.writeShellScriptBin "heaven-gc" '' + cd ${homedir}/.config/nixos && sudo nix-collect-garbage -d + ''; + + heaven-cb = pkgs.writeShellScriptBin "heaven-cb" '' + sudo /run/current-system/bin/switch-to-configuration boot + ''; + in { home.packages = with pkgs; [ nixy-rebuild - nixy-edit nixy-upgrade nixy-update nixy-gc nixy-cb + heaven-rebuild + heaven-upgrade + heaven-update + heaven-gc + heaven-cb ]; } diff --git a/home/scripts/server.nix b/home/scripts/server.nix new file mode 100644 index 0000000..cc73fbb --- /dev/null +++ b/home/scripts/server.nix @@ -0,0 +1 @@ +{ imports = [ ./nixy ./nerdfetch ./compress ]; } diff --git a/home/server.nix b/home/server.nix new file mode 100644 index 0000000..2fe35f9 --- /dev/null +++ b/home/server.nix @@ -0,0 +1,41 @@ +{ pkgs, ... }: +let variable = import ../variables.nix; +in { + + imports = [ + ./themes/server.nix + ./system/server.nix + ./scripts/server.nix + ./apps/server.nix + ]; + + home = { + username = variable.username; + homeDirectory = variable.homeDirectory; + + packages = with pkgs; [ + btop + + # Dev + go + cargo + nodejs + python3 + jq + + # Utils + sops # Secrets + age # Secrets + fd + bc + gcc + zip + unzip + wget + curl + ]; + + stateVersion = variable.server.stateVersion; + }; + programs.home-manager.enable = true; +} diff --git a/home/system/default.nix b/home/system/default.nix deleted file mode 100644 index 4e2920f..0000000 --- a/home/system/default.nix +++ /dev/null @@ -1,4 +0,0 @@ -{ - imports = - [ ./git ./dunst ./hyprland ./shell ./sops ./waybar ./wlogout ./sops ]; -} diff --git a/home/system/laptop.nix b/home/system/laptop.nix new file mode 100644 index 0000000..3bfc86b --- /dev/null +++ b/home/system/laptop.nix @@ -0,0 +1,4 @@ +{ + imports = + [ ./git ./dunst ./hyprland ./shell ./sops/laptop.nix ./waybar ./wlogout ]; +} diff --git a/home/system/server.nix b/home/system/server.nix new file mode 100644 index 0000000..613d51b --- /dev/null +++ b/home/system/server.nix @@ -0,0 +1 @@ +{ imports = [ ./git ./shell ./sops/server.nix ]; } diff --git a/home/system/sops/default.nix b/home/system/sops/laptop.nix similarity index 91% rename from home/system/sops/default.nix rename to home/system/sops/laptop.nix index 773d39a..e7f047c 100644 --- a/home/system/sops/default.nix +++ b/home/system/sops/laptop.nix @@ -10,6 +10,7 @@ gk = { path = "/home/hadi/.ssh/github"; }; glk = { path = "/home/hadi/.ssh/gitlab"; }; silicon = { path = "/home/hadi/.ssh/silicon"; }; + heaven = { path = "/home/hadi/.ssh/heaven"; }; }; }; diff --git a/home/system/sops/server.nix b/home/system/sops/server.nix new file mode 100644 index 0000000..4ce6750 --- /dev/null +++ b/home/system/sops/server.nix @@ -0,0 +1,14 @@ +{ sops-nix, ... }: { + imports = [ sops-nix.homeManagerModules.sops ]; + + sops = { + age.keyFile = "/home/hadi/.config/sops/age/keys.txt"; + defaultSopsFile = ../../../secrets/secrets.yaml; + secrets = { + gts = { path = "/home/hadi/.ssh/gts"; }; + sshconfigheaven = { path = "/home/hadi/.ssh/config"; }; + }; + }; + + systemd.user.services.mbsync.Unit.After = [ "sops-nix.service" ]; +} diff --git a/home/themes/default.nix b/home/themes/laptop.nix similarity index 100% rename from home/themes/default.nix rename to home/themes/laptop.nix diff --git a/home/themes/server.nix b/home/themes/server.nix new file mode 100644 index 0000000..9dafb8b --- /dev/null +++ b/home/themes/server.nix @@ -0,0 +1 @@ +{ ... }: { imports = [ ./wip.nix ./config/load_colors.nix ]; } diff --git a/nixos/configuration.nix b/hosts/laptop/configuration.nix similarity index 98% rename from nixos/configuration.nix rename to hosts/laptop/configuration.nix index 0c0ae01..8dcc946 100644 --- a/nixos/configuration.nix +++ b/hosts/laptop/configuration.nix @@ -1,6 +1,6 @@ { pkgs, config, ... }: let - variable = import ../variables.nix; + variable = import ../../variables.nix; imports = [ ./hardware-configuration.nix ]; # Weird variable name to avoid conflict with the `imports` variable... secondImports = diff --git a/nixos/fonts.nix b/hosts/laptop/fonts.nix similarity index 100% rename from nixos/fonts.nix rename to hosts/laptop/fonts.nix diff --git a/nixos/hardware-configuration.nix b/hosts/laptop/hardware-configuration.nix similarity index 100% rename from nixos/hardware-configuration.nix rename to hosts/laptop/hardware-configuration.nix diff --git a/nixos/nvidia.nix b/hosts/laptop/nvidia.nix similarity index 100% rename from nixos/nvidia.nix rename to hosts/laptop/nvidia.nix diff --git a/nixos/prime.nix b/hosts/laptop/prime.nix similarity index 100% rename from nixos/prime.nix rename to hosts/laptop/prime.nix diff --git a/nixos/tuigreet.nix b/hosts/laptop/tuigreet.nix similarity index 100% rename from nixos/tuigreet.nix rename to hosts/laptop/tuigreet.nix diff --git a/hosts/server/configuration.nix b/hosts/server/configuration.nix new file mode 100644 index 0000000..077f4b0 --- /dev/null +++ b/hosts/server/configuration.nix @@ -0,0 +1,79 @@ +{ pkgs, config, ... }: +let variable = import ../../variables.nix; +in { + imports = [ ./hardware-configuration.nix ./openssh.nix ]; + + boot = { + loader.efi.canTouchEfiVariables = true; + loader.systemd-boot = { + enable = true; + consoleMode = "auto"; + }; + tmp.cleanOnBoot = true; + }; + + networking.hostName = variable.server.hostName; + + time.timeZone = variable.timeZone; + i18n.defaultLocale = variable.defaultLocale; + i18n.extraLocaleSettings = { + LC_ADDRESS = variable.extraLocale; + LC_IDENTIFICATION = variable.extraLocale; + LC_MEASUREMENT = variable.extraLocale; + LC_MONETARY = variable.extraLocale; + LC_NAME = variable.extraLocale; + LC_NUMERIC = variable.extraLocale; + LC_PAPER = variable.extraLocale; + LC_TELEPHONE = variable.extraLocale; + LC_TIME = variable.extraLocale; + }; + + users.users.${variable.username} = { + isNormalUser = true; + description = "${variable.username} account"; + extraGroups = [ "wheel" ]; + }; + + console.keyMap = variable.keyboardLayout; + + programs.zsh.enable = true; + users.defaultUserShell = pkgs.zsh; + + # Allow unfree packages + nixpkgs.config.allowUnfree = true; + + security.rtkit.enable = true; + + nix = { + settings = { + auto-optimise-store = true; + experimental-features = [ "nix-command" "flakes" ]; + }; + gc = if variable.server.enableAutoGarbageCollector then { + automatic = true; + persistent = true; + dates = "weekly"; + options = "--delete-older-than 7d"; + } else + { }; + }; + + system.autoUpgrade = if variable.server.enableAutoUpgrade then { + enable = true; + dates = "04:00"; + flake = "${config.users.users.${variable.username}.home}/.config/nixos"; + flags = [ "--update-input" "nixpkgs" "--commit-lock-file" ]; + allowReboot = false; + } else + { }; + + nix.settings = { + substituters = [ "https://hyprland.cachix.org" ]; + trusted-public-keys = + [ "hyprland.cachix.org-1:a7pgxzMz7+chwVL3/pzj6jIBMioiJM7ypFP8PwtkuGc=" ]; + }; + + services.dbus.enable = true; + + system.stateVersion = variable.server.stateVersion; +} diff --git a/hosts/server/openssh.nix b/hosts/server/openssh.nix new file mode 100644 index 0000000..0fbd68f --- /dev/null +++ b/hosts/server/openssh.nix @@ -0,0 +1,25 @@ +{ + services.openssh = { + enable = true; + permitRootLogin = "no"; + passwordAuthentication = true; + ports = [ 22 ]; + banner = '' + HEAVEN: + + This system is for the use of authorized users only. Individuals using this + computer system without authority, or in excess of their authority, are + subject to having all of their activities on this system monitored and + recorded by system personnel. + + In the course of monitoring individuals improperly using this system, or in + the course of system maintenance, the activities of authorized users may also + be monitored. + + Anyone using this system expressly consents to such monitoring and is advised + that if such monitoring reveals possible evidence of criminal activity, + system personnel may provide the evidence of such monitoring to law + enforcement officials. + ''; + }; +} diff --git a/secrets/secrets.yaml b/secrets/secrets.yaml index 0e9e20e..ead7a3b 100644 --- a/secrets/secrets.yaml +++ b/secrets/secrets.yaml @@ -1,8 +1,11 @@ sshconfig: ENC[AES256_GCM,data:8Py74wNMCbaXWtnp0bAf7I+u2KwDI/yuzStKvPwB9MUtrvKeCLDxtDfTkemDUm7yENTvOErJavHQQGhsNfPqO4mbhm5w3xSGn9IJ+/p0QrSmKLsE789WPC+UJhGo/FtSk3SHPue8um4N8AB7u/+RaSaqd8n9RRplKcU0xuqn8t5TgONbsExb9ad5F3gcSSv2mutcFRde2OXqI0GU+xyrlsxkTTn6I3/YR51bvsUtk97iRz1e9My/EbhTSY30J8DNB2p8MxqaGLY3O/3o8IfUBHpgrhqghdXfP5HunhCV/xWn9c6WvbMNZ8tP3/SVTv9uvzDvDzdxtw6vFHZETZ6RIDQG1DLj2TEsNnV5xqMAI3pQyMgQRLZr/rqcorhYKvVzrwLiiG66KS/caW35U2I2UXr+WEdrb/6yiJifyfPEzduG8mndAUNaUJXprUsnUeJHxru1Dv4gqbX6JzBh3PXRs1W4bhWF//3/KtuUuQxd1dK0Batk5T3NGwzwiIwHdE6EkfUGiViDU5iP/K8k8QfiLaUMDDHSByVDnEKMRolvBMDx6dFQXVYewnP3CcN4Om9QLI7IS+Sqan4bzxojZDSDELSquQrp7yDUu1m2yNc0EsDSnLO+fQrFH+ismj7w1Y0WnbEczzm++G7zYHko4LLXVKm/N60=,iv:64bp52rf/7m5elXZwWAUjhVW9La4jPYVcnrN6FpEEQM=,tag:SzhPN1Tx05l5M1XrRxzFzA==,type:str] +sshconfigheaven: ENC[AES256_GCM,data:avOWd3yfj+5W8wd6YF6GgnkTvCHL3JHSMvDSVrJSopkRxrZjr+t1F38UCrwOjwJR5WjjK2sRhjb5y/+oWVekDMgSHgvNz7qVvwDqemc9aCSGx9AaNrwI9etdlxxSnpIjNwuv3JJ/ey1tRd0NtRCn0ZED9Q==,iv:DwKL2SXK4THkauzaM92p042O7AoBkX7O80Sg3xvqjCc=,tag:m6YvIGFaZ5iTlJvFEwQmyA==,type:str] gk: ENC[AES256_GCM,data:cDNhKne49s23V/ew0BqSmR6G0yGcKWHLljZreKbgGqkuhuHzTyVK//Ac0N4mAY8iT91TKXVAeEkXnyKCo+aCAasABm0+zWGf5KOHInYuay8fSXbMeZdu1Me+IjAWnKeNrR3A7Ji+oFGMuHVzOBSt29Iz5NwwRdDbrTprtjPWzNMu+pg6d8n1+bxqaUoKkFzoR7QDjOUkJQfzeEsMplm84rTSXVDri2p2OqvtD9ZcvmzBeQtc0BCYhsLBkq98o7bxdqAHBoFiri+EVusYynAQ/GuMY8vGlP9hCXzJhg9zMUSuLhk8Vs4mgkfKzfllsr+FeVA/AOU041yCt2tbjRZQT3arqWNFy07uvB+mues4c5kX88wZMxA1E0/r7aktdhTVAgVCLxAr5w643LHRbnGkqzYabqCkpxC2A9IR4nMBVDchIdGjLw2NlTE9Y0c26fZkver6H9r+d1WXdNVaekF0jTzTOOziEftVI8ocNBY3HKiXK1jUZV1rre3OBn3T/eT+zEkTaB83z4Ytmpps6U8U,iv:YXS2maDUgxVZI8BhJjJ4MuvnyDKVMGEtmnkiLw61NB8=,tag:A/8xH24bXbDsndM9LbG+Ig==,type:str] oxk: ENC[AES256_GCM,data:r2iFIACiVp12rRZbwT80ho0GUhBG6KhsjBxQ9QJr5BXZgHfrAWf8Ly0aqwnMLXvy3Fq8T6sjY6k5gFwRS3cbmONU9UKGJ1pvGfrKMQ2oIc5smqnyE3rD32dXkPs7w0t/hCMoH15Dne+G8Wp9izY+VdA3fA3As9TisQHRpST5vu62a4yURsMsU1BTWsrOZNcHs54AirX411rX2u3NYWh2oag+tw6r74RNKKmfCo1rWx0vxm+FiqJLhGkahw9CSnPqsMkZOmrqRil4bKYoKPLaZZ06u76ILM1J0rBX6nnQeWTJ0VhSBgAl17HtOYsptR3AnsQGNuIjhDWnX46sKGslX64TRMvMb4lCLXmpVJ9UHWr1qU0vG5NWLvcGJz75TKS9UDIazEcN/GECSGU+AhNzhM6O5W5uBXzEW/pToz5OTxaKgsEPXeIC7ZgBENDFE98Cd4NcACuPA6Ud5uTK0145pLszJd5Wflf0pqqYp5TKshd44VWixK1zoDk4x5cEn3dBx3uwkTOgtdSd0L/Wgp4NUmGLWOFvvNjj2Bu4UqmnTdyQDFdlD9V0iLC5zcHsV5+UFZMjuYZgHXD4tde82/TN8WAmVPddvm7TXgUj2UgWUjq8Xum8tMDhyuM57jTRlRG7pYW19XYPying38uVH2dpx05y0pFXjkVCbD7ooZA42B7L40KQTuaA0h4JaG7niUGfIQ1QfzGTJkN6YEXTec/3IPkDZrwSnXo3nlujX51WMuQeXgJDaRhs7n9kucJtNWhddbuCnyG+Ocj6WMPcEIa5ynpAfwH/P0UUVD7YK/VNj3wP4DYPG2xKii4HpYPxOEydbFeWIK9JW9EDvR9A03UT4wasK/PI05s2/Bcwd0UheaGS8JzmQ7QUp4ierphbbMkG/eRyAqc5HJ8JoqgXV3v5+wTBJt1HsI2oHaqiKQGYs8Hoh0kIyoL0JsKbq/PhKMOWGU24H+nXv8OBL/Eg9hL92fIjlryK+lJIEyE+GeSwDncfd74nk9IpOVg7qw1omTmpEOrCU48uetiNlSjuzOUQyVVWo3Vp0aT6iOQ7gWuRcGrAAlNozOM3IrrFFyjaE81WyjSrQH0l/I6lXpP9DBoWcM0Dvh4PyX0aqku5qePQZQcegxvDKf2zxYG6p1UMlXl/XXlfhS6lX2V13MCO3lSZWD2kxFTfciPMRyCrA0YACPJyOn+NBQ2WnsvYuyGny5RhQ67Ct+bWQS+swBYFYY7fNy11oy1d9/cu39BOAmmQd31dvEOf1pJ4vWysFp4IQ9dbmOXkw7kltWhfd+PBFtgCXZFJkdTCyB8cHh+WADR5VN1dmAT4eKq140g8s+ZVIHMwtaZzWHyLJ0eGeJ5RA+hVuyb34093jRimQVS0AO7qJCSJmyfnI5rZwWy+9oPtLe5PsJGhZvOWNfh7sB6ggqCfsLAE3gD4i3lBoFYRTtA1b7EP5A3IZMPaxlAWOZeDWLPl9KHp8C6XlT4pUDPdI40LTdmq28N+fH6Pn5odNRd7GxSn/biQDDVo1ujDummpdnQBQOFBAlq0L8YLXHa3pYYxlisyMME+KD+f/rMLQDlkOtCcIRUfEW/LjK1mZcoZjOU8CHVaQUYPPjQcUogNzhCwvfuLiMmeyeGWcksmizpgAktuJnJpxj092tP08UzS3fGSKlOXzXznWMWSF9/Lw1ijOqQMki6aoku4oBiVOfv4vSaNIMxMjkDst1vne5LO2wUo6On2OcnRIZiA/tedkor/Os8BYuFGuQTY5SiZ9aRERl8PYiyC4V6B+PgofgbXUfBAebkTaTUKkprREokzJ6YkzD9omCKbMZttIYnqCj4btgVDRL23XJbg9ITdDqn1VZKnE2PPzdnQxvp9QxoDEhabjrS7J/QgE+L1GPPG3K1MC9DBATb2nALmBMG/RqjauZFgNPOuJmgDmJOXLaMwYRZDmUZHokioQp2SybCYnJMGGM7dmku7r4+EY11eKAkW4zZdwQX0xTAmjf9hVdPUJi6Wbb5qCbGfVYviqZZHWrRDLya4miC4ZpkeeyLp9g3xMyrwAFY+2NVhxkDlSjW9oCNpDUbiCjATN+uHRpJ/kME15kTqTVYquwsezIwMPWukZZwtINXCpmyUGVdcuT7Haw6XKNIhDEVEeIIXetIOHjYJfwCqvz7etYzMIDGwWKNB2PBOUbLn0Wg7cU0Vg4HVt83f8stmSFppcm4CaVtosYICNCGu5vJzHbFc4ljPWKzFgP4Zc5jGd+BLUARjLBljuQ4inFKfPtHY6y/0A+iBHBLvT8ymSVwl5INuW99Z6hTYpFkz4mEV2I9+uoc7mIQa9dLLpbQYCXV8l2vTz+a5rCKK0v4eLZ/yNkh2zik50T9PyW2c1RZ9dHxNJD0jwdiu7wgAqptVNKMs+nQchI1DDHuZgwCH8qokzOOJZizJnWxfBautpXhHpLbiNh9EgOJTHleiZZPVnIp6urah5Rn6ux7JZ+hxyAzpCBJK3zrkep/vUFeYDb0qfIRxSplUrxCcdaWFq5WnWDMNUOa2sIn5QflXVEQy9+sWABddUl6GA2nMSGiT/QWmIGC7mm/1c2bG/A409KeYmtMmnbh7LjfTyBYAM1w97jQD9usqFCedhTOStUejnSPlv92pvT8ETQJpqAZgaEJdmXZZcsCgEGCqJhqF1y3qTiGsK3JiOzHsrWKBgVm5HkUSZONQmUC3PpNGCEe5mVCWLI+cEgmZsdbdVVDyU/lmKcrR25e+82asf9bAWYLdOrINSg8RLKHYejFrP3TRO048jF3CGyrF44UA2PiAn1eR2kY0mB7VL+HKfJ9goC0IqUQ0f4r+rQtTqkTqk9Nd+S0lCNTbIwPbgNbbOzztipbAYT1KbUWHfMSfLcLHI2C36h3PEup8owHqayWd0jqk0cFKIWJKphxEB2dcnDKSuJd8OL8NX0D5O5vt5clRFEih3BSC/TwxlbTuyKffwrDFotnZnVnuLWSIJlZo4n51Ugk2V/x8ZO6djAzG28MTdGLKtPBRmJ8kMIg8pJ1B0vKHP/dJTklN841HcN/lYL6CGU6XLAQdAokOneNHiQSb88Ybl9o8Bl2S6br/psH1yeJI7MjsnJTomVQGNAW5oHJqcxW+97aP39EKJsVGBFWKSewZHZsOL9iEu7pBUierCeuZif/tzOodfwaXkL8aLHga3xyb2z/U5vQM/4psrsUjIpa64duKJ0edMTDhAicqy9D0ABjIn0WJ4Cob4LFqu+w62I+2OGY52UTuKfPduMVnMPXIYq1afDwhum6PZBlGJxIJuCL66q2lM/pCcq3pcgIJ5MlmZQKBmMHgDHx/sQvcNFffBjJEmAN3twHOed/9yZJBcq6WZiHxQpwDWCUD+RGOdqWFKvclSKSwl+eGfVR43CFFYi0A5Tfm2EjItG+aCLvtwb1/YB/dzEkaBIsqOHv3/f6b9nHNJf55PbooJs6o+ScJroxJaCBl57zQ5y1Af07G8LVcIP/8N1rM+QAeypkkPYw567cGMdoGfL1HY+FRYr8Ko4KdNQgFx1FqhL5x0uOw560O3Pe0eqz0TGN+QitMlATBEz2+o9BFqBoP4yMd5zYIfoAqX1ZYN3fnYy6ORS3roMPyvZs6gdE55eafihpMWmW6G/LJH+Lshpm0f5fL/Q9kyoP2/eCrptyAAjSBcxBOF6tzZEJ2bJz/Vq2QYTNQet5OzCJPf1XtRphkA6bK+ZfvMjzD2Yj5pohXLfYb87cX/N4oJR/PduUaeV5LKAM3AtP4d7uwEQk+VmibzGQd5mPZf62i9wZvwNdgS7HxB0qw3sWR8rKE+Zi542/ZVxVSVvGer5JlAto7prImtdXXEdwZbx6duTBSSjWYuLtQzs+RJlu7u0EjpNX1VGA7je5mG4nD5JTH9fgEUrPtYlNYvRzPwLRE1EmQvkHsCfDK9WT8lrRMiWsIsrBsBE3sQB38VdHYaXm8+L8BCCPNUMczd0M0pLianIcRERwZnmhpBynWlXtvVblPyK1jCmOQ4JnW4FNbJRu/RSVZeaI/nUzndW4fXxKVJl7pqOan1rkLVCNoe7qQ09n4FRtmlNYuET6GeYw32/ez3AJydSynemJ5U8WMT00dNoxXfbaPO3Jj5gXwatkwtcsHlONw18/uV5+/y56uPb2mpwWl9dDHetFvSSkfPLbZrA54LhVWUc7hzmRxTsFvaQwgtmnTMH2bbCiPPPwkQFb4+5l65OgTZQoZIhgWFri5IwfqjD2/Es93CSGs9aVM+OV0RsYei1C5lUmGbQIU/iaivo4xp6pd83cXMhkEGs0+POeVVbBuV+Djkp3gu9GVzRMN6dMwzTjKQWj/1+trnb2y87T6nvx4hZsrapLNTnw0K+v86lci7MzPiI5V/v0khxzMC7A56NdjAMnmXbRA7XQ7pinBMXfOxfPTp+smJTJsYhOZKEQx+JkSUh3tX5kBqlB50QnaYL8EMPbWSEQ9cozQLPqLn/qJKqzHsSy4fc9Fliq02A1gNRIlNJB6IBPgJbLr8FESj+w9zvFyb3vQYDZaDwdlCy2K1DsNP+gM/nSIcyMgwDpiImRRYJDY3Hot5kawDonoWag=,iv:wvGN3wh+t3vhepc8FQRcuFnHWnde9Gw97YvGsTjge0c=,tag:ILrkx/cGPbhXjVLFkAnhcQ==,type:str] glk: ENC[AES256_GCM,data:N/ius8Rd2q6BeaCGqaI9TIYEvSmYwqMroxnyWr4xYa+cZONhAGPS4qS9CMwy18JcwEJlUj38gW9e3/X1RbLnjAFGlN5KTsWYOsmn9Jqk+PsF6NHOvUyw+rUxYFPwX5C3ZVLKjP/OK+mX5R/JwxrgsMkn0CDs6GCe4GupB39DaJq4KXGfjQSqDT/ZCVBOKPeHhzg/0Izt3U5yw7vW51nBQKlgazo54WSxq+/AX0zSf3TufMm26UMQBRbsRWPkeUrh8bO9cjpFlYUx5svzSAIRYuZR2FTqlkPdVuNpFWjHoERyw0jMy5jt59i9pQNztZ7kBjxAcMbjW6FIMxGMJGRPJUuq87oWBmS0NowSfN+Khz/szbrkrClrTNM9kIIzugB0KtagEO3wKcAkHBUs85OQep6H3hkCp1gBk8g0UPfuUdgncr41vliJDqgMhaNc+DVGOnMPnxYyyEDkyySpC+ApkgrwMBQVarNWWw8v/r4ADWQiaMZJv3Uk0x7uNa62Cn9vohHA8rmYsyACAW1xFnwH,iv:Dr9SRsZ5I9nOCJFMHp+EIJ4w0I9gqHo7KBbPruo2thw=,tag:SvwkXGWGQZChauXYaKUZQw==,type:str] silicon: ENC[AES256_GCM,data:7gyAj0rfRtggcwveC82UGaj0ZfKymKmf+fhErjFGaIlxyeOG2jgIHpa2ckb2GDiXMLjUAMBiFOISzXut8aERg30DZnAKam7XnuRK3Ue6w9e9Wzb7sSAAI1iFINNFDf2fGdTEpObyXejvjHUcLk2hY/BusCCiqW3dIuSxFtIaIOcuaRAMI/7UkhhyWihwJaP3ZiovFHpBds3d2538ahJy9cUHnShwDcTi/cXph2DNjFTTZE8mlGTrNQ0wRoXgi0o9GNwHcDi+CgFg0WoR5yma00BuFtEN0ymt6vES0mrtuZBhn52HXO32oFKajqssyQe4e9gxREUw89W64xMiYBmBInP9Fq+9uT/7yxhrKP3BaFZi9AVNJtHVu/UkwxOxwUCvt18IvSkRgOH+ayH+qCUOZxtuPcfrjiGk7QEgNfNvegKzlNjaeKeew4pA8Yz2tm4QWgpm0+SilSwuzF8wxHcHspYdBtMzNEHg1dyC7uuwygkMkRcR9f1XCUR1tiB+rBeXoOKoIynD819wkhvJSKGR1+aBgjnJF09wd1tVus3yk3FYqzPevHlxH4M79Cs1QXAlVhligL3uvEfYQ+TM,iv:JXivO8dSxrIhezChQhYrsexJg0dwc68Nn2jOwiQhADk=,tag:iZiwrQDoB5ABZ0iziVwTQg==,type:str] +heaven: ENC[AES256_GCM,data:vkp1rptFv7FHo8Rgk1TXS8GgYzgxlmWqB5xvFSjZB3gm3XFVqLei2WsxYsE/pKWb0l3Xqu98uE5bnRvsNcWzLRCmlF/ByVtcXZrovD4kHXrsq0MhBPLRvKAfAOnCsmw/6/rCy1IlRWuH2OHMhgG4Mv47nf0mMcgM+2mr3kVvxKf6dNyK0eQ9D+pOjr/jZrkaHZJZ0UA2iMIl16BWQSLVRQhbOSDzYGfYr/LfXWHsJPhy3TiSK+jHC2JUpD3pYy1Hf9u/fTDmrwOkshZGdMUzIatVHZpcxF/ZV/S8YxGSeJhnmoZ3sgdZ7gKDhpsntOKZGQ5SP/sZobjqhGjSkN+7m4aX9MCnlPx0H/YB5iGG9mNTbkmpGKXm2btWFCtkkzycSHwoQaPD+c4zmBo2AmeeS1ullVJZl/vgocqN0EFkmDzCRTpUIyUwXBhGu2wjPFRmUrqbs0PoD8mq+U3jbROkg+pct/sx6vUnG0oWqGN+LIaWcPl7CrlgWbArysBtYxq8fHhVrav2KalBa5VULtZM,iv:1sjPiHi1eXtrrwwS6sXQIz+0Bc21E3d+H4Gu4WC4yfY=,tag:8GaFXWM46EYlp9vljnaGqA==,type:str] +gts: ENC[AES256_GCM,data:1A3ibn9TdIh5oQjHpcSTg2GBSA5QsVVreXIAFAspNILbe/Rpo3XPIqa26GRqLLjywzeAIfu926N17kxL+bmRHHU23ltceG0f2h+rF6iaWjjv2PvfHEAZbNDcR7yDdmODCXRpIIArorXi76hmX0mFX7DI5Gc9ytD930gKeIp1dhs7tTCddwAJTBra9oC4ga0YDEHzzAtfT35s0hRC4u7LJdvBElaVKJFkxCqx62y6zB1OgCcv8oSDibvC+71LA0/krdVnwbK77TIm23LiaCoXP5IizjR7h5VWf0gmepW/ED4xaRHxDUqhfUAumIeSW+kvp2TDZ4T/qvIwgafMyxZ9jZozBy1VI50IMkJl9KeZJZaB3FHE3x7UxwBzvO8E7svK+33fUU/o7TX4Qtq2UUPNG2aGjyfR956ezrWGMz5+Tl6wtATBuKckUSxmLorKjL/soTk/SA2uSFI09CPJ0Rg0D3LeMh5IgzEVgt8KPoR+yQUNmt1z7D9zurnonJ6EvYJKatOv9okwt52EmuhaTcre,iv:1ZBT7UQty8oC5bxbzdkkgbi6zEPzd9fBy8kY5MJukmg=,tag:zOWkS3BIN7DnniWSGywxdQ==,type:str] sops: kms: [] gcp_kms: [] @@ -18,8 +21,8 @@ sops: cmVxVC8rVDlWMUdZaGw3bmdOaWZGS1EKYahBlc8XpB5UdKZQkvxbLcKQ/xkFJjWo FSfQWnjhe/a7BJtJEcKZkjOQU0mYqlSu+uT2RA9diCQeRUJPRF+nAw== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-03-30T12:18:51Z" - mac: ENC[AES256_GCM,data:1In95F2dr8eZf0Cs49FKnpky4ZtlbH0Dzl8b47QKhUyu3mCAW6/Ldn5cYuqcgr372m1a8yaMlfdvFOkMaUQ3xJ85Nfm4IUi2v6/5fYuu6ix2pNx16SA/r8IWLvWYNdppAgpEK4aHm70Ljwhoa9xJ4jcBaE337/+cQsW9+jILheQ=,iv:fySW0RPb6oF/Nf1Ug+1d5n1jBN1bm9uqDivQTR8N9zk=,tag:kl4WU1jVdjQiwh6yNqJCNw==,type:str] + lastmodified: "2024-06-07T19:20:13Z" + mac: ENC[AES256_GCM,data:wUSkCTZXJt7qGbwljRs1Na/ae/KBng57dCZ+NuovpvvlMbKuNQ0igu8BWItLkhm1miQgHW5fcz3/XWazx3lsVuRIjwh9NqZ3IWdZGZ78WqecqsbVJH952bcT6Ma2dFZpr7wD/lzkZIagv3zan/PFp8tfzbH3ceIrJh0nqJ/bW1Y=,iv:PHtzoZKP1+5XAKgZC6KBHIMT74ETwsOVRf4l6dDcyDU=,tag:HZwskd5MAoeHvWHEg3/dvw==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.8.1 diff --git a/variables.nix b/variables.nix index e65dfc1..e6af3ac 100644 --- a/variables.nix +++ b/variables.nix @@ -20,4 +20,11 @@ enableNextcloud = true; enableNvidia = true; enablePrime = true; + + server = { + hostName = "heaven"; + stateVersion = "24.05"; + enableAutoUpgrade = false; + enableAutoGarbageCollector = false; + }; }