Commit a5ba6c8
Changed files (60)
hosts
modules
hosts
chaser-kevin
chaser-pardofelis
options
os-modules
base
nixos
base
desktop
server
outputs
x86_64-linux
secrets
vars
hosts/chaser-kevin/default.nix
@@ -1,9 +0,0 @@
-{
- nixos-hardware,
- myvars,
- ...
-}: let
- hostName = "kevin";
-in {
- modules.currentHost = hostName;
-}
hosts/chaser-pardofelis/caddy.nix
@@ -1,42 +0,0 @@
-{
- myvars,
- config,
- pkgs,
- nur-hpcesia,
- ...
-}: let
- phanpy = nur-hpcesia.packages.${pkgs.system}.phanpy.overrideAttrs (oldAttrs: {
- PHANPY_WEBSITE = "https://phanpy.trin.one";
- PHANPY_DEFAULT_INSTANCE = "trin.one";
- PHANPY_DISALLOW_ROBOTS = true;
- });
-in {
- services.caddy = {
- virtualHosts = let
- localAddress = {
- authelia = "http://${
- # Assuming address start with `tcp://`.
- builtins.substring 6 (-1) config.services.authelia.instances.main.settings.server.address
- }";
- };
- in {
- "phanpy.trin.one".extraConfig = ''
- encode zstd gzip
- root * ${phanpy}/dist/
- file_server
-
- @needsAuth {
- not path / /favicon.ico /404.html /robots.txt /manifest.webmanifest
- not path_regexp \.(css|js|png|jpg|svg|ico)$
- }
-
- handle @needsAuth {
- forward_auth ${localAddress.authelia} {
- uri /api/authz/forward-auth
- copy_headers Remote-User Remote-Groups Remote-Email Remote-Name
- }
- }
- '';
- };
- };
-}
hosts/chaser-pardofelis/default.nix
@@ -1,19 +0,0 @@
-{
- mylib,
- myvars,
- disko,
- ...
-}:
-#############################################################
-#
-# Pardofelis - NixOS running on a 2C4G VPS
-# My main server hosted by Yecaoyun.
-#
-#############################################################
-let
- hostName = "pardofelis";
-in {
- imports = mylib.scanModules ./.;
-
- modules.currentHost = hostName;
-}
hosts/general.nix
@@ -1,26 +0,0 @@
-{myvars, ...}: {
- modules.my-hosts = {
- kevin.network = {
- enable = "networkmanager";
- iface = "wlp0s20f3";
- useDHCP = true;
- nameservers = myvars.defaultNameservers;
- };
-
- pardofelis = {
- network = {
- enable = "networkd";
- iface = "eth0";
- useDHCP = false;
- nameservers = myvars.defaultNameservers;
- search = ["local"];
- ipv4 = {secretName = "pardofelis-ipv4";};
- ipv6 = {secretName = "pardofelis-ipv6";};
- defaultGateway = {secretName = "pardofelis-gateway";};
- defaultGateway6 = {secretName = "pardofelis-gateway6";};
- };
- hostPublicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO56HKTdzGulisPLhpfUmLQNEgwDqwD9SBLRb5aETffV root@pardofelis";
- sshPorts = [23930];
- };
- };
-}
hosts/README.md
lib/attrs.nix
@@ -1,46 +0,0 @@
-# https://github.com/NixOS/nixpkgs/blob/master/lib/attrsets.nix
-{lib, ...}: {
- # Generate an attribute set from a list.
- #
- # lib.genAttrs [ "foo" "bar" ] (name: "x_" + name)
- # => { foo = "x_foo"; bar = "x_bar"; }
- listToAttrs = lib.genAttrs;
-
- # Update only the values of the given attribute set.
- #
- # mapAttrs
- # (name: value: ("bar-" + value))
- # { x = "a"; y = "b"; }
- # => { x = "bar-a"; y = "bar-b"; }
- inherit (lib.attrsets) mapAttrs;
-
- # Update both the names and values of the given attribute set.
- #
- # mapAttrs'
- # (name: value: nameValuePair ("foo_" + name) ("bar-" + value))
- # { x = "a"; y = "b"; }
- # => { foo_x = "bar-a"; foo_y = "bar-b"; }
- inherit (lib.attrsets) mapAttrs';
-
- # Merge a list of attribute sets into one. smilar to the operator `a // b`, but for a list of attribute sets.
- # NOTE: the later attribute set overrides the former one!
- #
- # mergeAttrsList
- # [ { x = "a"; y = "b"; } { x = "c"; z = "d"; } { g = "e"; } ]
- # => { x = "c"; y = "b"; z = "d"; g = "e"; }
- inherit (lib.attrsets) mergeAttrsList;
-
- # Generate a string from an attribute set.
- #
- # attrsets.foldlAttrs
- # (acc: name: value: acc + "\nexport ${name}=${value}")
- # "# A shell script"
- # { x = "a"; y = "b"; }
- # =>
- # ```
- # # A shell script
- # export x=a
- # export y=b
- # ````
- inherit (lib.attrsets) foldlAttrs;
-}
lib/colmenaSystem.nix
@@ -1,40 +0,0 @@
-# colmena - Remote Deployment via SSH
-{
- lib,
- inputs,
- nixos-modules,
- home-modules ? [],
- myvars,
- system,
- tags,
- ssh-user,
- genSpecialArgs,
- specialArgs ? (genSpecialArgs system),
- ...
-}: let
- inherit (inputs) home-manager;
-in
- {name, ...}: {
- deployment = {
- inherit tags;
- targetUser = ssh-user;
- targetHost = name; # hostName or IP address
- };
-
- imports =
- nixos-modules
- ++ (
- lib.optionals ((lib.lists.length home-modules) > 0)
- [
- home-manager.nixosModules.home-manager
- {
- home-manager.useGlobalPkgs = true;
- home-manager.useUserPackages = true;
- home-manager.backupFileExtension = "home-manager.backup";
-
- home-manager.extraSpecialArgs = specialArgs;
- home-manager.users."${myvars.username}".imports = home-modules;
- }
- ]
- );
- }
lib/default.nix
@@ -1,17 +0,0 @@
-{lib, ...}: {
- colmenaSystem = import ./colmenaSystem.nix;
- nixosSystem = import ./nixosSystem.nix;
-
- attrs = import ./attrs.nix {inherit lib;};
-
- relativeToRoot = lib.path.append ../.;
- scanModules = path:
- builtins.map (f: (path + "/${f}")) (
- builtins.attrNames (
- lib.attrsets.filterAttrs (
- path: _type:
- (_type == "directory") || ((path != "default.nix") && (lib.strings.hasSuffix ".nix" path))
- ) (builtins.readDir path)
- )
- );
-}
lib/nixosSystem.nix
@@ -1,35 +0,0 @@
-{
- inputs,
- lib,
- system,
- genSpecialArgs,
- nixos-modules,
- home-modules ? [],
- specialArgs ? (genSpecialArgs system),
- myvars,
- ...
-}: let
- inherit (inputs) nixpkgs home-manager nur;
-in
- nixpkgs.lib.nixosSystem {
- inherit system specialArgs;
- modules =
- nixos-modules
- ++ [
- nur.modules.nixos.default
- ]
- ++ (
- lib.optionals ((lib.lists.length home-modules) > 0)
- [
- home-manager.nixosModules.home-manager
- {
- home-manager.useGlobalPkgs = true;
- home-manager.useUserPackages = true;
- home-manager.backupFileExtension = "home-manager.backup";
-
- home-manager.extraSpecialArgs = specialArgs;
- home-manager.users."${myvars.username}".imports = home-modules;
- }
- ]
- );
- }
modules/hosts/chaser-kevin/default.nix
@@ -1,9 +1,4 @@
-{
- lib,
- config,
- inputs,
- ...
-}: {
+{config, ...}: {
#############################################################
#
# Kevin - NixOS running on ThinkBook 16P G5 IRX
@@ -44,32 +39,6 @@
++ [config.flake.modules.homeManager."hosts/kevin"];
};
}
- ]
- # TODO: remove below after migrated all config to Dendritic Pattern
- ++ [
- {
- home-manager.extraSpecialArgs =
- inputs
- // {
- mylib = import ../../../lib {inherit lib;};
- myvars = import ../../../vars {inherit lib;};
- pkgs-unstable = import inputs.nixpkgs-unstable {
- inherit (config.flake.meta.host.hosts.kevin) system;
- config.allowUnfree = true;
- };
- pkgs-stable = import inputs.nixpkgs-stable {
- inherit (config.flake.meta.host.hosts.kevin) system;
- config.allowUnfree = true;
- };
- };
- }
- ]
- ++ (map (lib.path.append config.flake.meta.rootPath) [
- "secrets/nixos.nix"
- "os-modules/nixos/desktop.nix"
- "options/nixos/default.nix"
- "hosts/general.nix"
- "hosts/chaser-kevin"
- ]);
+ ];
};
}
modules/hosts/chaser-pardofelis/default.nix
@@ -1,8 +1,4 @@
-{
- config,
- lib,
- ...
-}: {
+{config, ...}: {
flake.meta.host.hosts.pardofelis = {
system = "x86_64-linux";
hostPubKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEuT/WkeA7btTeATmWJ2O9f/A6FI0Gl/1KjPGfHbWD5C root@pardofelis";
@@ -39,13 +35,6 @@
"vaultwarden"
"victoriametrics"
]
- )
- ++ (map (lib.path.append config.flake.meta.rootPath) [
- "secrets/nixos.nix"
- "os-modules/nixos/server/x86_64.nix"
- "options/nixos/default.nix"
- "hosts/general.nix"
- "hosts/chaser-pardofelis"
- ]);
+ );
};
}
modules/services/mihomo/config/core.nix
@@ -0,0 +1,20 @@
+{
+ flake.modules.nixos."services/mihomo" = _: {
+ services.mihomo.config = {
+ mixed-port = 7154;
+ allow-lan = true;
+ mode = "rule";
+ log-level = "warning";
+ ipv6 = false;
+ find-process-mode = "strict";
+ external-controller = "127.0.0.1:9090";
+ unified-delay = true;
+ tcp-concurrent = true;
+ global-client-fingerprint = "chrome";
+ profile = {
+ store-selected = true;
+ store-fake-ip = true;
+ };
+ };
+ };
+}
modules/services/mihomo/config/dns.nix
@@ -0,0 +1,42 @@
+{
+ flake.modules.nixos."services/mihomo" = _: {
+ services.mihomo.config.dns = {
+ enable = true;
+ prefer-h3 = true;
+ ipv6 = false;
+ enhanced-mode = "fake-ip";
+ fake-ip-range = "198.18.0.1/16";
+ fake-ip-filter = [
+ "+.+m2m"
+ "+.$injections.adguard.org"
+ "+.$local.adguard.org"
+ "+.+bogon"
+ "+.+lan"
+ "+.+local"
+ "+.+localdomain"
+ "+.home.arpa"
+ "dns.msftncsi.com"
+ "*.srv.nintendo.net"
+ "*.stun.playstation.net"
+ "xbox.*.microsoft.com"
+ "*.xboxlive.com"
+ "*.turn.twilio.com"
+ "*.stun.twilio.com"
+ "stun.syncthing.net"
+ "stun.*"
+ "*.sslip.io"
+ "*.nip.io"
+ ];
+ respect-rules = true;
+ nameserver = [
+ "system"
+ "https://223.5.5.5/dns-query"
+ "https://doh.pub/dns-query"
+ ];
+ proxy-server-nameserver = [
+ "https://223.5.5.5/dns-query"
+ "https://doh.pub/dns-query"
+ ];
+ };
+ };
+}
modules/services/mihomo/config/provider-mo_jie.age
@@ -0,0 +1,10 @@
+age-encryption.org/v1
+-> X25519 7MneCZw/jQF9xFyfGe3eTukHAehyXoVEWaWb4k5MHEU
+JEvnlJY8eD9Xvkih1bqBsAkX6P69lYEV9Q3SvoPfzKo
+-> R2I}F/-grease 0t(n; $POnHf
+iOp5Z6rLbYcQhWWW51oVpiTrv+54L1jTDZj5QYE73/DRua63gfwgbyYbXxL1M3AI
+R7AwZPFuNVtwFwpu0/psSxgsJ92gg6Bw2ZSTzG0BN6Qeeykt+CNW3w
+--- NQyPsM9u1gzpz6Q1hKlbanJXxMrmqfkHD6xmI1G8XaE
+�N ����͈���U���Pi<�茎��%XBZ���EN�x��O��2!Ǧ�43\��1ֆ�[���e�
+[�RT]�VEb����y/�|P&U�T����ܮ�i��;�$<��5�9`Y�>s���D
+ӟ�
\ No newline at end of file
modules/services/mihomo/config/provider-yi_yuan.age
@@ -0,0 +1,8 @@
+age-encryption.org/v1
+-> X25519 3V3LffKq+D+7fiI6v+PXOSvypjew3ZTIUzQ67y5s/Xk
+yKn0r8B2It8NDkcpllXZrbu6UA3eRT6ObXnDd9Cd6zo
+-> f-O};uW-grease
+ZEQ9xZE5mXYf+OYyIR/ANlb+5i43hSnDL7kd3zpKtp14Ap3T9HS7wSqrFaY0Q8Kv
+m2ntxFPlPzkf+PhjJ+oU2LvnfOtkkH85UoCHc4otYAyjEZyU/fno5ebIP0RkA8I
+--- ybChFblTJuekC6KK23qmetS7uaKDVlbtaWQ0cQu2Pn8
+�D�2U ν`QF����~����)Ws�`����?ʸ\O>�����r��e���A�sse��`�x0n����}�@a�;��:<[o�y�.��f��C��j��Ͼ���U�s����l?
\ No newline at end of file
modules/services/mihomo/config/proxy-groups.nix
@@ -0,0 +1,212 @@
+{
+ flake.modules.nixos."services/mihomo" = _: let
+ FilterHK = "^(?=.*((?i)🇭🇰|香港|\\b(HK|Hong)(\\d+)?\\b))(?!.*((?i)回国|校园|网站|地址|剩余|过期|时间|有效|网址|禁止|邮箱|发布|客服|订阅|节点)).*$";
+ FilterTW = "^(?=.*((?i)🇹🇼|台湾|\\b(TW|Tai|Taiwan)(\\d+)?\\b))(?!.*((?i)回国|校园|网站|地址|剩余|过期|时间|有效|网址|禁止|邮箱|发布|客服|订阅|节点)).*$";
+ FilterJP = "^(?=.*((?i)🇯🇵|日本|川日|东京|大阪|泉日|埼玉|\\b(JP|Japan)(\\d+)?\\b))(?!.*((?i)回国|校园|网站|地址|剩余|过期|时间|有效|网址|禁止|邮箱|发布|客服|订阅|节点)).*$";
+ FilterKR = "^(?=.*((?i)🇰🇷|韩国|韓|首尔|\\b(KR|Korea)(\\d+)?\\b))(?!.*((?i)回国|校园|网站|地址|剩余|过期|时间|有效|网址|禁止|邮箱|发布|客服|订阅|节点)).*$";
+ FilterSG = "^(?=.*((?i)🇸🇬|新加坡|狮|\\b(SG|Singapore)(\\d+)?\\b))(?!.*((?i)回国|校园|网站|地址|剩余|过期|时间|有效|网址|禁止|邮箱|发布|客服|订阅|节点)).*$";
+ FilterUS = "^(?=.*((?i)🇺🇸|美国|波特兰|达拉斯|俄勒冈|凤凰城|费利蒙|硅谷|拉斯维加斯|洛杉矶|圣何塞|圣克拉拉|西雅图|芝加哥|\\b(US|United States)(\\d+)?\\b))(?!.*((?i)回国|校园|网站|地址|剩余|过期|时间|有效|网址|禁止|邮箱|发布|客服|订阅|节点)).*$";
+ FilterUK = "^(?=.*((?i)🇬🇧|英国|伦敦|\\b(UK|United Kingdom)(\\d+)?\\b))(?!.*((?i)回国|校园|网站|地址|剩余|过期|时间|有效|网址|禁止|邮箱|发布|客服|订阅|节点)).*$";
+ FilterFR = "^(?=.*((?i)🇫🇷|法国|\\b(FR|France)(\\d+)?\\b))(?!.*((?i)回国|校园|网站|地址|剩余|过期|时间|有效|网址|禁止|邮箱|发布|客服|订阅|节点)).*$";
+ FilterDE = "^(?=.*((?i)🇩🇪|德国|\\b(DE|Germany)(\\d+)?\\b))(?!.*((?i)回国|校园|网站|地址|剩余|过期|时间|有效|网址|禁止|邮箱|发布|客服|订阅|节点)).*$";
+ FilterOthers = "^(?!.*(🇭🇰|HK|Hong|香港|🇹🇼|TW|Taiwan|Wan|🇯🇵|JP|Japan|日本|🇸🇬|SG|Singapore|狮城|🇺🇸|US|United States|America|美国|🇩🇪|DE|Germany|德国|🇬🇧|UK|United Kingdom|英国|🇰🇷|KR|Korea|韩国|韓|🇫🇷|FR|France|法国)).*$";
+ FilterAll = "^(?=.*(.))(?!.*((?i)群|邀请|返利|循环|官网|客服|网站|网址|获取|订阅|流量|到期|机场|下次|版本|官址|备用|过期|已用|联系|邮箱|工单|贩卖|通知|倒卖|防止|国内|地址|频道|无法|说明|使用|提示|特别|访问|支持|教程|关注|更新|作者|加入|(\\b(USE|USED|TOTAL|EXPIRE|EMAIL|Panel|Channel|Author)\\b|(\\d{4}-\\d{2}-\\d{2}|\\d+G)))).*$";
+
+ Select = {
+ type = "select";
+ url = "http://connectivitycheck.platform.hicloud.com/generate_204";
+ disable-udp = false;
+ hidden = false;
+ include-all = true;
+ };
+ Auto = {
+ type = "url-test";
+ url = "http://connectivitycheck.platform.hicloud.com/generate_204";
+ interval = 300;
+ tolerance = 50;
+ disable-udp = false;
+ hidden = true;
+ include-all = true;
+ };
+ in {
+ services.mihomo.config.proxy-groups =
+ [
+ # 主选择组
+ {
+ name = "🎯 节点选择";
+ type = "select";
+ proxies = ["自动选择" "手动选择" "DIRECT"];
+ url = "http://connectivitycheck.platform.hicloud.com/generate_204";
+ icon = "https://raw.githubusercontent.com/Orz-3/mini/master/Color/Static.png";
+ }
+ # 手动/自动
+ {
+ name = "手动选择";
+ type = "select";
+ proxies = [
+ "🇭🇰 - 手动选择"
+ "🇯🇵 - 手动选择"
+ "🇰🇷 - 手动选择"
+ "🇸🇬 - 手动选择"
+ "🇺🇸 - 手动选择"
+ "🇬🇧 - 手动选择"
+ "🇫🇷 - 手动选择"
+ "🇩🇪 - 手动选择"
+ "🇹🇼 - 手动选择"
+ "Others - 手动选择"
+ ];
+ url = "http://connectivitycheck.platform.hicloud.com/generate_204";
+ icon = "https://raw.githubusercontent.com/Orz-3/mini/master/Color/Cylink.png";
+ }
+ {
+ name = "自动选择";
+ type = "select";
+ proxies = [
+ "🇭🇰 - 自动选择"
+ "🇯🇵 - 自动选择"
+ "🇰🇷 - 自动选择"
+ "🇸🇬 - 自动选择"
+ "🇺🇸 - 自动选择"
+ "🇬🇧 - 自动选择"
+ "🇫🇷 - 自动选择"
+ "🇩🇪 - 自动选择"
+ "🇹🇼 - 自动选择"
+ ];
+ url = "http://connectivitycheck.platform.hicloud.com/generate_204";
+ icon = "https://raw.githubusercontent.com/Orz-3/mini/master/Color/Urltest.png";
+ }
+ # 应用分组
+ {
+ name = "✈️ 电报信息";
+ type = "select";
+ proxies = [
+ "🎯 节点选择"
+ "🇭🇰 - 自动选择"
+ "🇯🇵 - 自动选择"
+ "🇸🇬 - 自动选择"
+ "🇺🇸 - 自动选择"
+ ];
+ icon = "https://raw.githubusercontent.com/Orz-3/mini/master/Color/Telegram.png";
+ }
+ {
+ name = "🤖 AIGC";
+ type = "select";
+ proxies = [
+ "🇺🇸 - 自动选择"
+ "🎯 节点选择"
+ "🇭🇰 - 自动选择"
+ "🇯🇵 - 自动选择"
+ "🇸🇬 - 自动选择"
+ ];
+ icon = "https://raw.githubusercontent.com/Orz-3/mini/master/Color/OpenAI.png";
+ }
+ {
+ name = "🍎 苹果服务";
+ type = "select";
+ proxies = ["DIRECT" "🎯 节点选择" "🇭🇰 - 自动选择" "🇺🇸 - 自动选择"];
+ icon = "https://raw.githubusercontent.com/Orz-3/mini/master/Color/Apple.png";
+ }
+ {
+ name = "Ⓜ️ 微软服务";
+ type = "select";
+ proxies = ["DIRECT" "🎯 节点选择" "🇭🇰 - 自动选择" "🇺🇸 - 自动选择"];
+ icon = "https://raw.githubusercontent.com/Orz-3/mini/master/Color/Microsoft.png";
+ }
+ ]
+ ++ (map (x: Auto // x) [
+ # 自动选择 - 按地区
+ {
+ name = "🇭🇰 - 自动选择";
+ filter = FilterHK;
+ }
+ {
+ name = "🇯🇵 - 自动选择";
+ filter = FilterJP;
+ }
+ {
+ name = "🇰🇷 - 自动选择";
+ filter = FilterKR;
+ }
+ {
+ name = "🇸🇬 - 自动选择";
+ filter = FilterSG;
+ }
+ {
+ name = "🇺🇸 - 自动选择";
+ filter = FilterUS;
+ }
+ {
+ name = "🇬🇧 - 自动选择";
+ filter = FilterUK;
+ }
+ {
+ name = "🇫🇷 - 自动选择";
+ filter = FilterFR;
+ }
+ {
+ name = "🇩🇪 - 自动选择";
+ filter = FilterDE;
+ }
+ {
+ name = "🇹🇼 - 自动选择";
+ filter = FilterTW;
+ }
+ ])
+ ++ (map (x: Select // x) [
+ # 手动选择 - 按地区
+ {
+ name = "🇭🇰 - 手动选择";
+ filter = FilterHK;
+ }
+ {
+ name = "🇯🇵 - 手动选择";
+ filter = FilterJP;
+ }
+ {
+ name = "🇰🇷 - 手动选择";
+ filter = FilterKR;
+ }
+ {
+ name = "🇸🇬 - 手动选择";
+ filter = FilterSG;
+ }
+ {
+ name = "🇺🇸 - 手动选择";
+ filter = FilterUS;
+ }
+ {
+ name = "🇬🇧 - 手动选择";
+ filter = FilterUK;
+ }
+ {
+ name = "🇫🇷 - 手动选择";
+ filter = FilterFR;
+ }
+ {
+ name = "🇩🇪 - 手动选择";
+ filter = FilterDE;
+ }
+ {
+ name = "🇹🇼 - 手动选择";
+ filter = FilterTW;
+ }
+ {
+ name = "Others - 手动选择";
+ filter = FilterOthers;
+ }
+ ])
+ ++ [
+ # 全部节点
+ (Select
+ // {
+ name = "AllIn - 手动选择";
+ filter = FilterAll;
+ })
+ (Auto
+ // {
+ name = "AllIn - 自动选择";
+ filter = FilterAll;
+ })
+ ];
+ };
+}
modules/services/mihomo/config/proxy-providers.nix
@@ -0,0 +1,33 @@
+{lib, ...}: {
+ flake.modules.nixos."services/mihomo" = {config, ...}: let
+ NodeParam = {
+ type = "http";
+ interval = 86400;
+ health-check = {
+ enable = true;
+ url = "http://cp.cloudflare.com";
+ interval = 300;
+ };
+ };
+ in {
+ services.mihomo.config.proxy-providers = lib.mkIf config.services.mihomo.enable {
+ "Node-YiYuan" =
+ NodeParam
+ // {
+ url = config.vaultix.placeholder.mihomo-providers-yi_yuan;
+ path = "./proxy_provider/providers-yi_yuan.yaml";
+ override.additional-prefix = "[YY]";
+ };
+ "Node-MoJie" =
+ NodeParam
+ // {
+ url = config.vaultix.placeholder.mihomo-providers-mo_jie;
+ path = "./proxy_provider/providers-mo_jie.yaml";
+ override.additional-prefix = "[MJ]";
+ };
+ };
+
+ vaultix.secrets.mihomo-providers-yi_yuan.file = ./provider-yi_yuan.age;
+ vaultix.secrets.mihomo-providers-mo_jie.file = ./provider-mo_jie.age;
+ };
+}
modules/services/mihomo/config/rules.nix
@@ -0,0 +1,229 @@
+{
+ flake.modules.nixos."services/mihomo" = {config, ...}: let
+ RuleSet_classical = {
+ type = "http";
+ behavior = "classical";
+ interval = 43200;
+ format = "text";
+ proxy = "🎯 节点选择";
+ };
+ RuleSet_domain = {
+ type = "http";
+ behavior = "domain";
+ interval = 43200;
+ format = "text";
+ proxy = "🎯 节点选择";
+ };
+ RuleSet_ipcidr = {
+ type = "http";
+ behavior = "ipcidr";
+ interval = 43200;
+ format = "text";
+ proxy = "🎯 节点选择";
+ };
+ in {
+ services.mihomo.config = {
+ rules = [
+ # 自订类规则
+ "AND,((DOMAIN-SUFFIX,glacier.mxrouting.net),(DST-PORT,465/993)),DIRECT" # My Domain Email
+ "AND,((RULE-SET,my_hosts),(NOT,((DST-PORT,80/443)))),DIRECT" # My VPS
+
+ # 非 IP 类规则
+ "RULE-SET,reject_non_ip,REJECT"
+ "RULE-SET,reject_domainset,REJECT"
+ "RULE-SET,reject_non_ip_drop,REJECT-DROP"
+ "RULE-SET,reject_non_ip_no_drop,REJECT"
+ "RULE-SET,cdn_domainset,🎯 节点选择"
+ "RULE-SET,cdn_non_ip,🎯 节点选择"
+ "RULE-SET,stream_non_ip,🇺🇸 - 自动选择"
+ "RULE-SET,telegram_non_ip,✈️ 电报信息"
+ "RULE-SET,apple_cdn,DIRECT"
+ "RULE-SET,download_domainset,🎯 节点选择"
+ "RULE-SET,download_non_ip,🎯 节点选择"
+ "RULE-SET,microsoft_cdn_non_ip,DIRECT"
+ "RULE-SET,apple_cn_non_ip,DIRECT"
+ "RULE-SET,apple_services,🍎 苹果服务"
+ "RULE-SET,microsoft_non_ip,Ⓜ️ 微软服务"
+ "RULE-SET,ai_non_ip,🤖 AIGC"
+ "RULE-SET,global_non_ip,🎯 节点选择"
+ "RULE-SET,domestic_non_ip,DIRECT"
+ "RULE-SET,direct_non_ip,DIRECT"
+ "RULE-SET,lan_non_ip,DIRECT"
+
+ # IP 类规则
+ "RULE-SET,reject_ip,REJECT"
+ "RULE-SET,telegram_ip,✈️ 电报信息"
+ "RULE-SET,stream_ip,🇺🇸 - 自动选择"
+ "RULE-SET,lan_ip,DIRECT"
+ "RULE-SET,domestic_ip,DIRECT"
+ "RULE-SET,china_ip,DIRECT"
+ "MATCH,🎯 节点选择"
+ ];
+ rule-providers = {
+ reject_non_ip_no_drop =
+ RuleSet_classical
+ // {
+ url = "https://ruleset.skk.moe/Clash/non_ip/reject-no-drop.txt";
+ path = "./rule_set/sukkaw_ruleset/reject_non_ip_no_drop.txt";
+ };
+ reject_non_ip_drop =
+ RuleSet_classical
+ // {
+ url = "https://ruleset.skk.moe/Clash/non_ip/reject-drop.txt";
+ path = "./rule_set/sukkaw_ruleset/reject_non_ip_drop.txt";
+ };
+ reject_non_ip =
+ RuleSet_classical
+ // {
+ url = "https://ruleset.skk.moe/Clash/non_ip/reject.txt";
+ path = "./rule_set/sukkaw_ruleset/reject_non_ip.txt";
+ };
+ reject_domainset =
+ RuleSet_domain
+ // {
+ url = "https://ruleset.skk.moe/Clash/domainset/reject.txt";
+ path = "./rule_set/sukkaw_ruleset/reject_domainset.txt";
+ };
+ reject_ip =
+ RuleSet_classical
+ // {
+ url = "https://ruleset.skk.moe/Clash/ip/reject.txt";
+ path = "./rule_set/sukkaw_ruleset/reject_ip.txt";
+ };
+ cdn_domainset =
+ RuleSet_domain
+ // {
+ url = "https://ruleset.skk.moe/Clash/domainset/cdn.txt";
+ path = "./rule_set/sukkaw_ruleset/cdn_domainset.txt";
+ };
+ cdn_non_ip =
+ RuleSet_domain
+ // {
+ url = "https://ruleset.skk.moe/Clash/non_ip/cdn.txt";
+ path = "./rule_set/sukkaw_ruleset/cdn_non_ip.txt";
+ };
+ stream_non_ip =
+ RuleSet_classical
+ // {
+ url = "https://ruleset.skk.moe/Clash/non_ip/stream.txt";
+ path = "./rule_set/sukkaw_ruleset/stream_non_ip.txt";
+ };
+ stream_ip =
+ RuleSet_classical
+ // {
+ url = "https://ruleset.skk.moe/Clash/ip/stream.txt";
+ path = "./rule_set/sukkaw_ruleset/stream_ip.txt";
+ };
+ ai_non_ip =
+ RuleSet_classical
+ // {
+ url = "https://ruleset.skk.moe/Clash/non_ip/ai.txt";
+ path = "./rule_set/sukkaw_ruleset/ai_non_ip.txt";
+ };
+ telegram_non_ip =
+ RuleSet_classical
+ // {
+ url = "https://ruleset.skk.moe/Clash/non_ip/telegram.txt";
+ path = "./rule_set/sukkaw_ruleset/telegram_non_ip.txt";
+ };
+ telegram_ip =
+ RuleSet_classical
+ // {
+ url = "https://ruleset.skk.moe/Clash/ip/telegram.txt";
+ path = "./rule_set/sukkaw_ruleset/telegram_ip.txt";
+ };
+ apple_cdn =
+ RuleSet_domain
+ // {
+ url = "https://ruleset.skk.moe/Clash/domainset/apple_cdn.txt";
+ path = "./rule_set/sukkaw_ruleset/apple_cdn.txt";
+ };
+ apple_services =
+ RuleSet_classical
+ // {
+ url = "https://ruleset.skk.moe/Clash/non_ip/apple_services.txt";
+ path = "./rule_set/sukkaw_ruleset/apple_services.txt";
+ };
+ apple_cn_non_ip =
+ RuleSet_classical
+ // {
+ url = "https://ruleset.skk.moe/Clash/non_ip/apple_cn.txt";
+ path = "./rule_set/sukkaw_ruleset/apple_cn_non_ip.txt";
+ };
+ microsoft_cdn_non_ip =
+ RuleSet_classical
+ // {
+ url = "https://ruleset.skk.moe/Clash/non_ip/microsoft_cdn.txt";
+ path = "./rule_set/sukkaw_ruleset/microsoft_cdn_non_ip.txt";
+ };
+ microsoft_non_ip =
+ RuleSet_classical
+ // {
+ url = "https://ruleset.skk.moe/Clash/non_ip/microsoft.txt";
+ path = "./rule_set/sukkaw_ruleset/microsoft_non_ip.txt";
+ };
+ download_domainset =
+ RuleSet_domain
+ // {
+ url = "https://ruleset.skk.moe/Clash/domainset/download.txt";
+ path = "./rule_set/sukkaw_ruleset/download_domainset.txt";
+ };
+ download_non_ip =
+ RuleSet_domain
+ // {
+ url = "https://ruleset.skk.moe/Clash/non_ip/download.txt";
+ path = "./rule_set/sukkaw_ruleset/download_non_ip.txt";
+ };
+ lan_non_ip =
+ RuleSet_classical
+ // {
+ url = "https://ruleset.skk.moe/Clash/non_ip/lan.txt";
+ path = "./rule_set/sukkaw_ruleset/lan_non_ip.txt";
+ };
+ lan_ip =
+ RuleSet_classical
+ // {
+ url = "https://ruleset.skk.moe/Clash/ip/lan.txt";
+ path = "./rule_set/sukkaw_ruleset/lan_ip.txt";
+ };
+ domestic_non_ip =
+ RuleSet_classical
+ // {
+ url = "https://ruleset.skk.moe/Clash/non_ip/domestic.txt";
+ path = "./rule_set/sukkaw_ruleset/domestic_non_ip.txt";
+ };
+ direct_non_ip =
+ RuleSet_classical
+ // {
+ url = "https://ruleset.skk.moe/Clash/non_ip/direct.txt";
+ path = "./rule_set/sukkaw_ruleset/direct_non_ip.txt";
+ };
+ global_non_ip =
+ RuleSet_classical
+ // {
+ url = "https://ruleset.skk.moe/Clash/non_ip/global.txt";
+ path = "./rule_set/sukkaw_ruleset/global_non_ip.txt";
+ };
+ domestic_ip =
+ RuleSet_classical
+ // {
+ url = "https://ruleset.skk.moe/Clash/ip/domestic.txt";
+ path = "./rule_set/sukkaw_ruleset/domestic_ip.txt";
+ };
+ china_ip =
+ RuleSet_ipcidr
+ // {
+ url = "https://ruleset.skk.moe/Clash/ip/china_ip.txt";
+ path = "./rule_set/sukkaw_ruleset/china_ip.txt";
+ };
+ my_hosts = {
+ type = "inline";
+ behavior = "classical";
+ payload = [
+ "IP-CIDR,${config.vaultix.placeholder.hosts-pardofelis-ipv4}/32"
+ ];
+ };
+ };
+ };
+ };
+}
modules/services/mihomo/config/sniffer.nix
@@ -0,0 +1,23 @@
+{
+ flake.modules.nixos."services/mihomo" = _: {
+ services.mihomo.config.sniffer = {
+ enable = true;
+ sniff = {
+ HTTP = {
+ ports = [80 "8080-8880"];
+ override-destination = true;
+ };
+ TLS = {
+ ports = [443 8443];
+ };
+ QUIC = {
+ ports = [443 8443];
+ };
+ };
+ skip-domain = [
+ "Mijia Cloud"
+ "+.push.apple.com"
+ ];
+ };
+ };
+}
modules/services/mihomo/config/tun.nix
@@ -0,0 +1,19 @@
+{
+ flake.modules.nixos."services/mihomo" = _: {
+ services.mihomo.tunMode = true;
+
+ services.mihomo.config.tun = {
+ enable = true;
+ stack = "mixed";
+ device = "ElysianRealm";
+ auto-route = true;
+ auto-detect-interface = true;
+ dns-hijack = [
+ "any:53"
+ "tcp://any:53"
+ ];
+ strict-route = true;
+ mtu = 1500;
+ };
+ };
+}
modules/services/mihomo/default.nix
@@ -1,5 +1,8 @@
{
- flake.modules.nixos."services/mihomo" = _: {
- services.mihomo.enable = true;
+ flake.modules.nixos."services/mihomo" = {pkgs, ...}: {
+ services.mihomo = {
+ enable = true;
+ webui = pkgs.metacubexd;
+ };
};
}
modules/services/mihomo/options.nix
@@ -0,0 +1,36 @@
+{lib, ...}: {
+ flake.modules.nixos."services/mihomo" = {
+ config,
+ pkgs,
+ ...
+ }: let
+ inherit (lib) mkOption types;
+ format = pkgs.formats.yaml {};
+ cfg = config.services.mihomo.config;
+ in {
+ options.services.mihomo.config = mkOption {
+ default = {};
+ type = types.submodule {
+ freeformType = format.type;
+ options = {
+ tun = {
+ enable = mkOption {
+ default = config.options.services.mihomo.tunMode;
+ type = types.bool;
+ };
+ device = mkOption {
+ default = "utun0";
+ type = types.str;
+ };
+ };
+ };
+ };
+ };
+
+ config = {
+ networking.firewall.trustedInterfaces = lib.mkIf config.services.mihomo.tunMode [cfg.tun.device];
+ vaultix.templates."mihomo-config.yaml".content = builtins.toJSON cfg;
+ services.mihomo.configFile = config.vaultix.templates."mihomo-config.yaml".path;
+ };
+ };
+}
options/home/default.nix
@@ -1,3 +0,0 @@
-{mylib, ...}: {
- imports = mylib.scanModules ./.;
-}
options/home/helixSteelEventSystem.nix
@@ -1,44 +0,0 @@
-{
- lib,
- pkgs,
- config,
- helix-steel,
- ...
-}: let
- inherit (lib) mkOption types;
-
- cfg = config.programs.helix.steelEventSystem;
-in {
- options.programs.helix.steelEventSystem = {
- enable = lib.mkEnableOption "Enable Helix Steel event system.";
- steelPackage = lib.mkPackageOption pkgs "steel" {};
- initScm = mkOption {
- type = types.either types.lines types.path;
- default = "";
- };
- helixScm = mkOption {
- type = types.either types.lines types.path;
- default = "";
- };
- };
-
- config = lib.mkIf cfg.enable {
- home.packages = [cfg.steelPackage];
- programs.helix.package = lib.mkDefault helix-steel.packages.${pkgs.system}.default;
-
- xdg.configFile."helix/init.scm" = let
- scm = cfg.initScm;
- in
- lib.mkIf (lib.stringLength scm != 0) {
- source = lib.mkIf (lib.isPath scm) scm;
- text = lib.mkIf (!(lib.isPath scm)) scm;
- };
- xdg.configFile."helix/helix.scm" = let
- scm = cfg.helixScm;
- in
- lib.mkIf (lib.stringLength scm != 0) {
- source = lib.mkIf (lib.isPath scm) scm;
- text = lib.mkIf (!(lib.isPath scm)) scm;
- };
- };
-}
options/nixos/default.nix
@@ -1,3 +0,0 @@
-{mylib, ...}: {
- imports = mylib.scanModules ./.;
-}
options/nixos/hosts.nix
@@ -1,87 +0,0 @@
-{lib, ...}:
-with lib; let
- secretType = types.submodule {
- options = {
- secretName = mkOption {
- type = types.str;
- };
- };
- };
- optSecretType = types.nullOr (types.either types.str secretType);
-
- hostModule = types.submodule {
- options = {
- network = mkOption {
- type = networkModule;
- default = {};
- description = "Network configurations of the host.";
- };
- hostPublicKey = mkOption {
- type = types.nullOr types.str;
- default = null;
- };
- sshPorts = mkOption {
- type = types.listOf types.port;
- default = [22];
- };
- };
- };
-
- networkModule = types.submodule {
- options = {
- enable = mkOption {
- type = types.nullOr (types.enum ["networkmanager" "networkd"]);
- default = null;
- description = "Which network manager to use.";
- };
- iface = mkOption {
- type = types.str;
- };
- useDHCP = mkOption {
- type = types.bool;
- default = false;
- };
- nameservers = mkOption {
- type = types.listOf types.str;
- default = [];
- };
- search = mkOption {
- type = types.listOf types.str;
- default = [];
- };
- ipv4 = mkOption {
- type = optSecretType;
- default = null;
- };
- ipv6 = mkOption {
- type = optSecretType;
- default = null;
- };
- prefixLength4 = mkOption {
- type = types.int;
- default = 24;
- };
- prefixLength6 = mkOption {
- type = types.int;
- default = 64;
- };
- defaultGateway = mkOption {
- type = optSecretType;
- default = null;
- };
- defaultGateway6 = mkOption {
- type = optSecretType;
- default = null;
- };
- };
- };
-in {
- options.modules.my-hosts = mkOption {
- type = types.attrsOf hostModule;
- description = "My nix hosts general configuration";
- default = {};
- };
- options.modules.currentHost = mkOption {
- type = types.str;
- };
-}
options/nixos/mihomo.nix
@@ -1,35 +0,0 @@
-{
- lib,
- config,
- pkgs,
- ...
-}: let
- inherit (lib) mkOption types;
- format = pkgs.formats.yaml {};
- cfg = config.services.mihomo.config;
-in {
- options.services.mihomo.config = mkOption {
- default = {};
- type = types.submodule {
- freeformType = format.type;
- options = {
- tun = {
- enable = mkOption {
- default = config.options.services.mihomo.tunMode;
- type = types.bool;
- };
- device = mkOption {
- default = "utun0";
- type = types.str;
- };
- };
- };
- };
- };
-
- config = {
- networking.firewall.trustedInterfaces = lib.mkIf config.services.mihomo.tunMode [cfg.tun.device];
- sops.templates."mihomo-config.yaml".content = builtins.toJSON cfg;
- services.mihomo.configFile = config.sops.templates."mihomo-config.yaml".path;
- };
-}
os-modules/base/default.nix
@@ -1,3 +0,0 @@
-{mylib, ...}: {
- imports = mylib.scanModules ./.;
-}
os-modules/nixos/base/mihomo/config/default.nix
@@ -1,21 +0,0 @@
-{mylib, ...}: {
- imports = mylib.scanModules ./.;
-
- # See /options/nixos/mihomo.nix
- services.mihomo.config = {
- mixed-port = 7154;
- allow-lan = true;
- mode = "rule";
- log-level = "warning";
- ipv6 = false;
- find-process-mode = "strict";
- external-controller = "127.0.0.1:9090";
- unified-delay = true;
- tcp-concurrent = true;
- global-client-fingerprint = "chrome";
- profile = {
- store-selected = true;
- store-fake-ip = true;
- };
- };
-}
os-modules/nixos/base/mihomo/config/dns.nix
@@ -1,40 +0,0 @@
-{...}: {
- services.mihomo.config.dns = {
- enable = true;
- prefer-h3 = true;
- ipv6 = false;
- enhanced-mode = "fake-ip";
- fake-ip-range = "198.18.0.1/16";
- fake-ip-filter = [
- "+.+m2m"
- "+.$injections.adguard.org"
- "+.$local.adguard.org"
- "+.+bogon"
- "+.+lan"
- "+.+local"
- "+.+localdomain"
- "+.home.arpa"
- "dns.msftncsi.com"
- "*.srv.nintendo.net"
- "*.stun.playstation.net"
- "xbox.*.microsoft.com"
- "*.xboxlive.com"
- "*.turn.twilio.com"
- "*.stun.twilio.com"
- "stun.syncthing.net"
- "stun.*"
- "*.sslip.io"
- "*.nip.io"
- ];
- respect-rules = true;
- nameserver = [
- "system"
- "https://223.5.5.5/dns-query"
- "https://doh.pub/dns-query"
- ];
- proxy-server-nameserver = [
- "https://223.5.5.5/dns-query"
- "https://doh.pub/dns-query"
- ];
- };
-}
os-modules/nixos/base/mihomo/config/proxy-groups.nix
@@ -1,210 +0,0 @@
-{...}: let
- FilterHK = "^(?=.*((?i)🇭🇰|香港|\\b(HK|Hong)(\\d+)?\\b))(?!.*((?i)回国|校园|网站|地址|剩余|过期|时间|有效|网址|禁止|邮箱|发布|客服|订阅|节点)).*$";
- FilterTW = "^(?=.*((?i)🇹🇼|台湾|\\b(TW|Tai|Taiwan)(\\d+)?\\b))(?!.*((?i)回国|校园|网站|地址|剩余|过期|时间|有效|网址|禁止|邮箱|发布|客服|订阅|节点)).*$";
- FilterJP = "^(?=.*((?i)🇯🇵|日本|川日|东京|大阪|泉日|埼玉|\\b(JP|Japan)(\\d+)?\\b))(?!.*((?i)回国|校园|网站|地址|剩余|过期|时间|有效|网址|禁止|邮箱|发布|客服|订阅|节点)).*$";
- FilterKR = "^(?=.*((?i)🇰🇷|韩国|韓|首尔|\\b(KR|Korea)(\\d+)?\\b))(?!.*((?i)回国|校园|网站|地址|剩余|过期|时间|有效|网址|禁止|邮箱|发布|客服|订阅|节点)).*$";
- FilterSG = "^(?=.*((?i)🇸🇬|新加坡|狮|\\b(SG|Singapore)(\\d+)?\\b))(?!.*((?i)回国|校园|网站|地址|剩余|过期|时间|有效|网址|禁止|邮箱|发布|客服|订阅|节点)).*$";
- FilterUS = "^(?=.*((?i)🇺🇸|美国|波特兰|达拉斯|俄勒冈|凤凰城|费利蒙|硅谷|拉斯维加斯|洛杉矶|圣何塞|圣克拉拉|西雅图|芝加哥|\\b(US|United States)(\\d+)?\\b))(?!.*((?i)回国|校园|网站|地址|剩余|过期|时间|有效|网址|禁止|邮箱|发布|客服|订阅|节点)).*$";
- FilterUK = "^(?=.*((?i)🇬🇧|英国|伦敦|\\b(UK|United Kingdom)(\\d+)?\\b))(?!.*((?i)回国|校园|网站|地址|剩余|过期|时间|有效|网址|禁止|邮箱|发布|客服|订阅|节点)).*$";
- FilterFR = "^(?=.*((?i)🇫🇷|法国|\\b(FR|France)(\\d+)?\\b))(?!.*((?i)回国|校园|网站|地址|剩余|过期|时间|有效|网址|禁止|邮箱|发布|客服|订阅|节点)).*$";
- FilterDE = "^(?=.*((?i)🇩🇪|德国|\\b(DE|Germany)(\\d+)?\\b))(?!.*((?i)回国|校园|网站|地址|剩余|过期|时间|有效|网址|禁止|邮箱|发布|客服|订阅|节点)).*$";
- FilterOthers = "^(?!.*(🇭🇰|HK|Hong|香港|🇹🇼|TW|Taiwan|Wan|🇯🇵|JP|Japan|日本|🇸🇬|SG|Singapore|狮城|🇺🇸|US|United States|America|美国|🇩🇪|DE|Germany|德国|🇬🇧|UK|United Kingdom|英国|🇰🇷|KR|Korea|韩国|韓|🇫🇷|FR|France|法国)).*$";
- FilterAll = "^(?=.*(.))(?!.*((?i)群|邀请|返利|循环|官网|客服|网站|网址|获取|订阅|流量|到期|机场|下次|版本|官址|备用|过期|已用|联系|邮箱|工单|贩卖|通知|倒卖|防止|国内|地址|频道|无法|说明|使用|提示|特别|访问|支持|教程|关注|更新|作者|加入|(\\b(USE|USED|TOTAL|EXPIRE|EMAIL|Panel|Channel|Author)\\b|(\\d{4}-\\d{2}-\\d{2}|\\d+G)))).*$";
-
- Select = {
- type = "select";
- url = "http://connectivitycheck.platform.hicloud.com/generate_204";
- disable-udp = false;
- hidden = false;
- include-all = true;
- };
- Auto = {
- type = "url-test";
- url = "http://connectivitycheck.platform.hicloud.com/generate_204";
- interval = 300;
- tolerance = 50;
- disable-udp = false;
- hidden = true;
- include-all = true;
- };
-in {
- services.mihomo.config.proxy-groups =
- [
- # 主选择组
- {
- name = "🎯 节点选择";
- type = "select";
- proxies = ["自动选择" "手动选择" "DIRECT"];
- url = "http://connectivitycheck.platform.hicloud.com/generate_204";
- icon = "https://raw.githubusercontent.com/Orz-3/mini/master/Color/Static.png";
- }
- # 手动/自动
- {
- name = "手动选择";
- type = "select";
- proxies = [
- "🇭🇰 - 手动选择"
- "🇯🇵 - 手动选择"
- "🇰🇷 - 手动选择"
- "🇸🇬 - 手动选择"
- "🇺🇸 - 手动选择"
- "🇬🇧 - 手动选择"
- "🇫🇷 - 手动选择"
- "🇩🇪 - 手动选择"
- "🇹🇼 - 手动选择"
- "Others - 手动选择"
- ];
- url = "http://connectivitycheck.platform.hicloud.com/generate_204";
- icon = "https://raw.githubusercontent.com/Orz-3/mini/master/Color/Cylink.png";
- }
- {
- name = "自动选择";
- type = "select";
- proxies = [
- "🇭🇰 - 自动选择"
- "🇯🇵 - 自动选择"
- "🇰🇷 - 自动选择"
- "🇸🇬 - 自动选择"
- "🇺🇸 - 自动选择"
- "🇬🇧 - 自动选择"
- "🇫🇷 - 自动选择"
- "🇩🇪 - 自动选择"
- "🇹🇼 - 自动选择"
- ];
- url = "http://connectivitycheck.platform.hicloud.com/generate_204";
- icon = "https://raw.githubusercontent.com/Orz-3/mini/master/Color/Urltest.png";
- }
- # 应用分组
- {
- name = "✈️ 电报信息";
- type = "select";
- proxies = [
- "🎯 节点选择"
- "🇭🇰 - 自动选择"
- "🇯🇵 - 自动选择"
- "🇸🇬 - 自动选择"
- "🇺🇸 - 自动选择"
- ];
- icon = "https://raw.githubusercontent.com/Orz-3/mini/master/Color/Telegram.png";
- }
- {
- name = "🤖 AIGC";
- type = "select";
- proxies = [
- "🇺🇸 - 自动选择"
- "🎯 节点选择"
- "🇭🇰 - 自动选择"
- "🇯🇵 - 自动选择"
- "🇸🇬 - 自动选择"
- ];
- icon = "https://raw.githubusercontent.com/Orz-3/mini/master/Color/OpenAI.png";
- }
- {
- name = "🍎 苹果服务";
- type = "select";
- proxies = ["DIRECT" "🎯 节点选择" "🇭🇰 - 自动选择" "🇺🇸 - 自动选择"];
- icon = "https://raw.githubusercontent.com/Orz-3/mini/master/Color/Apple.png";
- }
- {
- name = "Ⓜ️ 微软服务";
- type = "select";
- proxies = ["DIRECT" "🎯 节点选择" "🇭🇰 - 自动选择" "🇺🇸 - 自动选择"];
- icon = "https://raw.githubusercontent.com/Orz-3/mini/master/Color/Microsoft.png";
- }
- ]
- ++ (map (x: Auto // x) [
- # 自动选择 - 按地区
- {
- name = "🇭🇰 - 自动选择";
- filter = FilterHK;
- }
- {
- name = "🇯🇵 - 自动选择";
- filter = FilterJP;
- }
- {
- name = "🇰🇷 - 自动选择";
- filter = FilterKR;
- }
- {
- name = "🇸🇬 - 自动选择";
- filter = FilterSG;
- }
- {
- name = "🇺🇸 - 自动选择";
- filter = FilterUS;
- }
- {
- name = "🇬🇧 - 自动选择";
- filter = FilterUK;
- }
- {
- name = "🇫🇷 - 自动选择";
- filter = FilterFR;
- }
- {
- name = "🇩🇪 - 自动选择";
- filter = FilterDE;
- }
- {
- name = "🇹🇼 - 自动选择";
- filter = FilterTW;
- }
- ])
- ++ (map (x: Select // x) [
- # 手动选择 - 按地区
- {
- name = "🇭🇰 - 手动选择";
- filter = FilterHK;
- }
- {
- name = "🇯🇵 - 手动选择";
- filter = FilterJP;
- }
- {
- name = "🇰🇷 - 手动选择";
- filter = FilterKR;
- }
- {
- name = "🇸🇬 - 手动选择";
- filter = FilterSG;
- }
- {
- name = "🇺🇸 - 手动选择";
- filter = FilterUS;
- }
- {
- name = "🇬🇧 - 手动选择";
- filter = FilterUK;
- }
- {
- name = "🇫🇷 - 手动选择";
- filter = FilterFR;
- }
- {
- name = "🇩🇪 - 手动选择";
- filter = FilterDE;
- }
- {
- name = "🇹🇼 - 手动选择";
- filter = FilterTW;
- }
- {
- name = "Others - 手动选择";
- filter = FilterOthers;
- }
- ])
- ++ [
- # 全部节点
- (Select
- // {
- name = "AllIn - 手动选择";
- filter = FilterAll;
- })
- (Auto
- // {
- name = "AllIn - 自动选择";
- filter = FilterAll;
- })
- ];
-}
os-modules/nixos/base/mihomo/config/proxy-providers.nix
@@ -1,32 +0,0 @@
-{
- lib,
- config,
- ...
-}: let
- NodeParam = {
- type = "http";
- interval = 86400;
- health-check = {
- enable = true;
- url = "http://cp.cloudflare.com";
- interval = 300;
- };
- };
-in {
- services.mihomo.config.proxy-providers = lib.mkIf config.services.mihomo.enable {
- "Node-YiYuan" =
- NodeParam
- // {
- url = config.sops.placeholder."mihomo/providers/yi_yuan";
- path = "./proxy_provider/providers-yi_yuan.yaml";
- override.additional-prefix = "[YY]";
- };
- "Node-MoJie" =
- NodeParam
- // {
- url = config.sops.placeholder."mihomo/providers/mo_jie";
- path = "./proxy_provider/providers-mo_jie.yaml";
- override.additional-prefix = "[MJ]";
- };
- };
-}
os-modules/nixos/base/mihomo/config/rules.nix
@@ -1,227 +0,0 @@
-{config, ...}: let
- RuleSet_classical = {
- type = "http";
- behavior = "classical";
- interval = 43200;
- format = "text";
- proxy = "🎯 节点选择";
- };
- RuleSet_domain = {
- type = "http";
- behavior = "domain";
- interval = 43200;
- format = "text";
- proxy = "🎯 节点选择";
- };
- RuleSet_ipcidr = {
- type = "http";
- behavior = "ipcidr";
- interval = 43200;
- format = "text";
- proxy = "🎯 节点选择";
- };
-in {
- services.mihomo.config = {
- rules = [
- # 自订类规则
- "AND,((DOMAIN-SUFFIX,glacier.mxrouting.net),(DST-PORT,465/993)),DIRECT" # My Domain Email
- "AND,((RULE-SET,my_hosts),(NOT,((DST-PORT,80/443)))),DIRECT" # My VPS
-
- # 非 IP 类规则
- "RULE-SET,reject_non_ip,REJECT"
- "RULE-SET,reject_domainset,REJECT"
- "RULE-SET,reject_non_ip_drop,REJECT-DROP"
- "RULE-SET,reject_non_ip_no_drop,REJECT"
- "RULE-SET,cdn_domainset,🎯 节点选择"
- "RULE-SET,cdn_non_ip,🎯 节点选择"
- "RULE-SET,stream_non_ip,🇺🇸 - 自动选择"
- "RULE-SET,telegram_non_ip,✈️ 电报信息"
- "RULE-SET,apple_cdn,DIRECT"
- "RULE-SET,download_domainset,🎯 节点选择"
- "RULE-SET,download_non_ip,🎯 节点选择"
- "RULE-SET,microsoft_cdn_non_ip,DIRECT"
- "RULE-SET,apple_cn_non_ip,DIRECT"
- "RULE-SET,apple_services,🍎 苹果服务"
- "RULE-SET,microsoft_non_ip,Ⓜ️ 微软服务"
- "RULE-SET,ai_non_ip,🤖 AIGC"
- "RULE-SET,global_non_ip,🎯 节点选择"
- "RULE-SET,domestic_non_ip,DIRECT"
- "RULE-SET,direct_non_ip,DIRECT"
- "RULE-SET,lan_non_ip,DIRECT"
-
- # IP 类规则
- "RULE-SET,reject_ip,REJECT"
- "RULE-SET,telegram_ip,✈️ 电报信息"
- "RULE-SET,stream_ip,🇺🇸 - 自动选择"
- "RULE-SET,lan_ip,DIRECT"
- "RULE-SET,domestic_ip,DIRECT"
- "RULE-SET,china_ip,DIRECT"
- "MATCH,🎯 节点选择"
- ];
- rule-providers = {
- reject_non_ip_no_drop =
- RuleSet_classical
- // {
- url = "https://ruleset.skk.moe/Clash/non_ip/reject-no-drop.txt";
- path = "./rule_set/sukkaw_ruleset/reject_non_ip_no_drop.txt";
- };
- reject_non_ip_drop =
- RuleSet_classical
- // {
- url = "https://ruleset.skk.moe/Clash/non_ip/reject-drop.txt";
- path = "./rule_set/sukkaw_ruleset/reject_non_ip_drop.txt";
- };
- reject_non_ip =
- RuleSet_classical
- // {
- url = "https://ruleset.skk.moe/Clash/non_ip/reject.txt";
- path = "./rule_set/sukkaw_ruleset/reject_non_ip.txt";
- };
- reject_domainset =
- RuleSet_domain
- // {
- url = "https://ruleset.skk.moe/Clash/domainset/reject.txt";
- path = "./rule_set/sukkaw_ruleset/reject_domainset.txt";
- };
- reject_ip =
- RuleSet_classical
- // {
- url = "https://ruleset.skk.moe/Clash/ip/reject.txt";
- path = "./rule_set/sukkaw_ruleset/reject_ip.txt";
- };
- cdn_domainset =
- RuleSet_domain
- // {
- url = "https://ruleset.skk.moe/Clash/domainset/cdn.txt";
- path = "./rule_set/sukkaw_ruleset/cdn_domainset.txt";
- };
- cdn_non_ip =
- RuleSet_domain
- // {
- url = "https://ruleset.skk.moe/Clash/non_ip/cdn.txt";
- path = "./rule_set/sukkaw_ruleset/cdn_non_ip.txt";
- };
- stream_non_ip =
- RuleSet_classical
- // {
- url = "https://ruleset.skk.moe/Clash/non_ip/stream.txt";
- path = "./rule_set/sukkaw_ruleset/stream_non_ip.txt";
- };
- stream_ip =
- RuleSet_classical
- // {
- url = "https://ruleset.skk.moe/Clash/ip/stream.txt";
- path = "./rule_set/sukkaw_ruleset/stream_ip.txt";
- };
- ai_non_ip =
- RuleSet_classical
- // {
- url = "https://ruleset.skk.moe/Clash/non_ip/ai.txt";
- path = "./rule_set/sukkaw_ruleset/ai_non_ip.txt";
- };
- telegram_non_ip =
- RuleSet_classical
- // {
- url = "https://ruleset.skk.moe/Clash/non_ip/telegram.txt";
- path = "./rule_set/sukkaw_ruleset/telegram_non_ip.txt";
- };
- telegram_ip =
- RuleSet_classical
- // {
- url = "https://ruleset.skk.moe/Clash/ip/telegram.txt";
- path = "./rule_set/sukkaw_ruleset/telegram_ip.txt";
- };
- apple_cdn =
- RuleSet_domain
- // {
- url = "https://ruleset.skk.moe/Clash/domainset/apple_cdn.txt";
- path = "./rule_set/sukkaw_ruleset/apple_cdn.txt";
- };
- apple_services =
- RuleSet_classical
- // {
- url = "https://ruleset.skk.moe/Clash/non_ip/apple_services.txt";
- path = "./rule_set/sukkaw_ruleset/apple_services.txt";
- };
- apple_cn_non_ip =
- RuleSet_classical
- // {
- url = "https://ruleset.skk.moe/Clash/non_ip/apple_cn.txt";
- path = "./rule_set/sukkaw_ruleset/apple_cn_non_ip.txt";
- };
- microsoft_cdn_non_ip =
- RuleSet_classical
- // {
- url = "https://ruleset.skk.moe/Clash/non_ip/microsoft_cdn.txt";
- path = "./rule_set/sukkaw_ruleset/microsoft_cdn_non_ip.txt";
- };
- microsoft_non_ip =
- RuleSet_classical
- // {
- url = "https://ruleset.skk.moe/Clash/non_ip/microsoft.txt";
- path = "./rule_set/sukkaw_ruleset/microsoft_non_ip.txt";
- };
- download_domainset =
- RuleSet_domain
- // {
- url = "https://ruleset.skk.moe/Clash/domainset/download.txt";
- path = "./rule_set/sukkaw_ruleset/download_domainset.txt";
- };
- download_non_ip =
- RuleSet_domain
- // {
- url = "https://ruleset.skk.moe/Clash/non_ip/download.txt";
- path = "./rule_set/sukkaw_ruleset/download_non_ip.txt";
- };
- lan_non_ip =
- RuleSet_classical
- // {
- url = "https://ruleset.skk.moe/Clash/non_ip/lan.txt";
- path = "./rule_set/sukkaw_ruleset/lan_non_ip.txt";
- };
- lan_ip =
- RuleSet_classical
- // {
- url = "https://ruleset.skk.moe/Clash/ip/lan.txt";
- path = "./rule_set/sukkaw_ruleset/lan_ip.txt";
- };
- domestic_non_ip =
- RuleSet_classical
- // {
- url = "https://ruleset.skk.moe/Clash/non_ip/domestic.txt";
- path = "./rule_set/sukkaw_ruleset/domestic_non_ip.txt";
- };
- direct_non_ip =
- RuleSet_classical
- // {
- url = "https://ruleset.skk.moe/Clash/non_ip/direct.txt";
- path = "./rule_set/sukkaw_ruleset/direct_non_ip.txt";
- };
- global_non_ip =
- RuleSet_classical
- // {
- url = "https://ruleset.skk.moe/Clash/non_ip/global.txt";
- path = "./rule_set/sukkaw_ruleset/global_non_ip.txt";
- };
- domestic_ip =
- RuleSet_classical
- // {
- url = "https://ruleset.skk.moe/Clash/ip/domestic.txt";
- path = "./rule_set/sukkaw_ruleset/domestic_ip.txt";
- };
- china_ip =
- RuleSet_ipcidr
- // {
- url = "https://ruleset.skk.moe/Clash/ip/china_ip.txt";
- path = "./rule_set/sukkaw_ruleset/china_ip.txt";
- };
- my_hosts = {
- type = "inline";
- behavior = "classical";
- payload = [
- "IP-CIDR,${config.sops.placeholder.pardofelis-ipv4}/32"
- ];
- };
- };
- };
-}
os-modules/nixos/base/mihomo/config/sniffer.nix
@@ -1,21 +0,0 @@
-{...}: {
- services.mihomo.config.sniffer = {
- enable = true;
- sniff = {
- HTTP = {
- ports = [80 "8080-8880"];
- override-destination = true;
- };
- TLS = {
- ports = [443 8443];
- };
- QUIC = {
- ports = [443 8443];
- };
- };
- skip-domain = [
- "Mijia Cloud"
- "+.push.apple.com"
- ];
- };
-}
os-modules/nixos/base/mihomo/config/tun.nix
@@ -1,15 +0,0 @@
-{...}: {
- services.mihomo.config.tun = {
- enable = true;
- stack = "mixed";
- device = "ElysianRealm";
- auto-route = true;
- auto-detect-interface = true;
- dns-hijack = [
- "any:53"
- "tcp://any:53"
- ];
- strict-route = true;
- mtu = 1500;
- };
-}
os-modules/nixos/base/mihomo/default.nix
@@ -1,14 +0,0 @@
-{
- lib,
- config,
- pkgs,
- ...
-}: {
- imports = [./config];
- config = lib.mkIf config.services.mihomo.enable {
- services.mihomo = {
- tunMode = true;
- webui = pkgs.metacubexd;
- };
- };
-}
os-modules/nixos/base/default.nix
@@ -1,3 +0,0 @@
-{mylib, ...}: {
- imports = mylib.scanModules ./.;
-}
os-modules/nixos/desktop/default.nix
@@ -1,3 +0,0 @@
-{mylib, ...}: {
- imports = mylib.scanModules ./.;
-}
os-modules/nixos/desktop/misc.nix
@@ -1,8 +0,0 @@
-{myvars, ...}: {
- services.sunshine = {
- enable = true;
- autoStart = false;
- openFirewall = true;
- capSysAdmin = true;
- };
-}
os-modules/nixos/server/x86_64.nix
@@ -1,6 +0,0 @@
-{lib, ...}: {
- imports = [
- ../base
- ../../base
- ];
-}
os-modules/nixos/desktop.nix
@@ -1,7 +0,0 @@
-{
- imports = [
- ./base
- ../base
- ./desktop
- ];
-}
outputs/x86_64-linux/src/kevin.nix
@@ -1,35 +0,0 @@
-{
- # NOTE: the args not used in this file CAN NOT be removed!
- # because haumea pass argument lazily,
- # and these arguments are used in the functions `mylib.nixosSystem`.
- inputs,
- lib,
- myvars,
- mylib,
- system,
- genSpecialArgs,
- ...
-} @ args: let
- # Kevin - Codename "Deliverance", 1st of Flame-Chasers
- name = "kevin";
- base-modules = {
- nixos-modules = map mylib.relativeToRoot [
- # common
- "secrets/nixos.nix"
- "os-modules/nixos/desktop.nix"
- "options/nixos/default.nix"
- "hosts/general.nix"
- # host specific
- "hosts/chaser-${name}"
- ];
- home-modules = map mylib.relativeToRoot [
- # common
- "home/linux/gui.nix"
- "options/home/default.nix"
- ];
- };
-in {
- nixosConfigurations = {
- "${name}" = mylib.nixosSystem (base-modules // args);
- };
-}
outputs/x86_64-linux/src/pardofelis.nix
@@ -1,40 +0,0 @@
-{
- # NOTE: the args not used in this file CAN NOT be removed!
- # because haumea pass argument lazily,
- # and these arguments are used in the functions like `mylib.nixosSystem`, `mylib.colmenaSystem`, etc.
- inputs,
- lib,
- myvars,
- mylib,
- system,
- genSpecialArgs,
- ...
-} @ args: let
- # Pardofelis - Codename "Reverie", 13th of Flame-Chasers
- name = "pardofelis";
- tags = ["pardo" "vps"];
- ssh-user = "root";
-
- modules = {
- nixos-modules = map mylib.relativeToRoot [
- # common
- "secrets/nixos.nix"
- "os-modules/nixos/server/x86_64.nix"
- "options/nixos/default.nix"
- "hosts/general.nix"
- # host specific
- "hosts/chaser-${name}"
- ];
- home-modules = map mylib.relativeToRoot [
- "home/linux/core.nix"
- "options/home/default.nix"
- ];
- };
-
- systemArgs = modules // args;
-in {
- nixosConfigurations.${name} = mylib.nixosSystem systemArgs;
-
- colmena.${name} =
- mylib.colmenaSystem (systemArgs // {inherit tags ssh-user;});
-}
outputs/x86_64-linux/default.nix
@@ -1,32 +0,0 @@
-{
- lib,
- inputs,
- ...
-} @ args: let
- inherit (inputs) haumea;
-
- # Contains all the flake outputs of this system architecture.
- data = haumea.lib.load {
- src = ./src;
- inputs = args;
- };
- # nix file names is redundant, so we remove it.
- dataWithoutPaths = builtins.attrValues data;
-
- # Merge all the machine's data into a single attribute set.
- outputs = {
- nixosConfigurations = lib.attrsets.mergeAttrsList (map (it: it.nixosConfigurations or {}) dataWithoutPaths);
- packages = lib.attrsets.mergeAttrsList (map (it: it.packages or {}) dataWithoutPaths);
-
- colmenaMeta = {
- nodeNixpkgs = lib.attrsets.mergeAttrsList (map (it: it.colmenaMeta.nodeNixpkgs or {}) dataWithoutPaths);
- nodeSpecialArgs = lib.attrsets.mergeAttrsList (map (it: it.colmenaMeta.nodeSpecialArgs or {}) dataWithoutPaths);
- };
-
- colmena = lib.attrsets.mergeAttrsList (map (it: it.colmena or {}) dataWithoutPaths);
- };
-in
- outputs
- // {
- inherit data;
- }
outputs/default.nix
@@ -1,98 +0,0 @@
-{
- self,
- colmena,
- nixpkgs,
- ...
-} @ inputs: let
- inherit (inputs.nixpkgs) lib;
- mylib = import ../lib {inherit lib;};
- myvars = import ../vars {inherit lib;};
-
- # Add my custom lib, vars, nixpkgs instance, and all the inputs to specialArgs,
- # so that I can use them in all my nixos/home-manager modules.
- genSpecialArgs = system:
- inputs
- // {
- inherit mylib myvars;
-
- # use unstable branch for some packages to get the latest updates
- pkgs-unstable = import inputs.nixpkgs-unstable {
- inherit system; # refer the `system` parameter form outer scope recursively
- config.allowUnfree = true;
- };
- pkgs-stable = import inputs.nixpkgs-stable {
- inherit system;
- config.allowUnfree = true;
- };
- };
-
- # This is the args for all the haumea modules in this folder.
- args = {
- inherit
- inputs
- lib
- mylib
- myvars
- genSpecialArgs
- ;
- };
-
- nixosSystems = {
- x86_64-linux = import ./x86_64-linux (args // {system = "x86_64-linux";});
- };
-
- darwinSystems = {};
- allSystems = nixosSystems // darwinSystems;
- allSystemNames = builtins.attrNames allSystems;
- nixosSystemValues = builtins.attrValues nixosSystems;
- darwinSystemValues = builtins.attrValues darwinSystems;
- allSystemValues = nixosSystemValues ++ darwinSystemValues;
-
- # Helper function to generate a set of attributes for each system
- forAllSystems = func: (nixpkgs.lib.genAttrs allSystemNames func);
-in {
- # Add attribute sets into outputs, for debugging
- debugAttrs = {
- inherit
- nixosSystems
- darwinSystems
- allSystems
- allSystemNames
- ;
- };
-
- # NixOS Hosts
- nixosConfigurations = lib.attrsets.mergeAttrsList (
- map (it: it.nixosConfigurations or {}) nixosSystemValues
- );
-
- # Colmena - remote deployment via SSH
- colmenaHive = colmena.lib.makeHive self.outputs.colmena;
- colmena =
- {
- meta =
- (
- let
- system = "x86_64-linux";
- in {
- # colmena's default nixpkgs & specialArgs
- nixpkgs = import nixpkgs {inherit system;};
- specialArgs = genSpecialArgs system;
- }
- )
- // {
- # per-node nixpkgs & specialArgs
- nodeNixpkgs = lib.attrsets.mergeAttrsList (map (it: it.colmenaMeta.nodeNixpkgs or {}) nixosSystemValues);
- nodeSpecialArgs = lib.attrsets.mergeAttrsList (map (it: it.colmenaMeta.nodeSpecialArgs or {}) nixosSystemValues);
- };
- }
- // lib.attrsets.mergeAttrsList (map (it: it.colmena or {}) nixosSystemValues);
-
- # macOS Hosts
- darwinConfigurations = lib.attrsets.mergeAttrsList (
- map (it: it.darwinConfigurations or {}) darwinSystemValues
- );
-
- # Packages
- packages = forAllSystems (system: allSystems.${system}.packages or {});
-}
secrets/cache/kevin/1574a7d801448f0b4ab98eee874b12bf3949b44cea1acf989495127bcb96a572
@@ -0,0 +1,8 @@
+age-encryption.org/v1
+-> ssh-ed25519 WM7kiQ EJ8ro4r4KYlTuz3wgswWmiwic2g9BPjFxcMtVsV5DAc
+P3Nr0ZV7npDUIuU4GHAFCahbJwcEl0Z8spwDJHM4EJM
+-> J<u-grease 8wE*z@ ?I&Q.^ eDj&j
+eRd8LgkJ/MqimUZken7s
+--- PkpYVAmXz62mT+q5bdsOKOIIpnPhKULH+IVoa16lrLY
+WX:=v��7�����9L�p���Hy������Vm��__�"��j�
��e���J�Fhe����S�
+s��x����X�<�(�����1ڶ�l�i�pG)�#�8��`��D�[�ϟn�[4L;�Zx&8<�
\ No newline at end of file
secrets/cache/kevin/bc7466e6398c92cd6e860b3d4878576f19f36861e6f740efcaab245e92d8d60c
@@ -0,0 +1,8 @@
+age-encryption.org/v1
+-> ssh-ed25519 WM7kiQ SvZqyNkDqKMdkNCFH1/yhthC1tPieZQlIsnI15wHg28
+93AlOpQ+RtzBJV/dz4FGslcSJPbbyo0PxuIO46fvmI0
+-> 8Sv7=&-grease )D R(| lNJ0R|$ D8?w
+XDj5bs3GHg
+--- 5OGHXkcOznFvw8dsfsKjNGlfYA1dkeYXZ+/t1g+fG0g
+�=?;�YO;ɨ6)RG�����wT������
�a�,�+T���vtc�%�&�F
��I�}�z�
+v��O��3���3�����(a�4hs��%���5x-�������sA��'��8-٨���P÷<״>�
\ No newline at end of file
secrets/hosts/pardofelis/default.nix
@@ -1,216 +0,0 @@
-{
- lib,
- config,
- ...
-}: let
- secretFileConf = {
- format = "yaml";
- sopsFile = ./secrets.yaml;
- };
-in
- lib.mkMerge (
- [
- {
- sops.secrets = builtins.listToAttrs (builtins.map (x: {
- name = "pardofelis-${x}";
- value =
- {
- key = x;
- }
- // secretFileConf;
- }) ["ipv4" "ipv6" "gateway" "gateway6"]);
- }
- ]
- ++ lib.map (nvp: {
- sops.secrets.${nvp.name} =
- lib.mkIf
- (config.modules.currentHost == "pardofelis")
- nvp.value;
- }) (
- let
- artalkConf = {
- owner = "root";
- group = "artalk";
- mode = "0440";
- };
- autheliaMainConf = {
- owner = "root";
- group = "authelia-main";
- mode = "0440";
- };
- in [
- {
- name = "freshrss-admin-password";
- value =
- {
- key = "services/freshrss/defaultUserPassword";
- owner = "root";
- group = "freshrss";
- mode = "0440";
- }
- // secretFileConf;
- }
- {
- name = "grafana-admin-password";
- value =
- {
- key = "services/grafana/adminPassword";
- owner = "root";
- group = "grafana";
- mode = "0440";
- }
- // secretFileConf;
- }
- {
- name = "forgejo-mailer-password";
- value =
- {
- key = "services/forgejo/mailerPassword";
- owner = "root";
- group = "forgejo";
- mode = "0440";
- }
- // secretFileConf;
- }
- {
- name = "restic-backup-password";
- value = {key = "services/restic/password";} // secretFileConf;
- }
- {
- name = "forgejo-runner-token";
- value = {key = "services/forgejo-runner/token";} // secretFileConf;
- }
- # === GoToSocial === #
- {
- name = "gotosocial-s3-endpoint";
- value = {key = "services/gotosocial/s3Endpoint";} // secretFileConf;
- }
- {
- name = "gotosocial-s3-access-key";
- value = {key = "services/gotosocial/s3AccessKey";} // secretFileConf;
- }
- {
- name = "gotosocial-s3-secret-key";
- value = {key = "services/gotosocial/s3SecretKey";} // secretFileConf;
- }
- {
- name = "gotosocial-oidc-secret";
- value = {key = "services/gotosocial/oidcSecret";} // secretFileConf;
- }
- {
- name = "gotosocial-smtp-password";
- value = {key = "services/gotosocial/smtpPassword";} // secretFileConf;
- }
- {
- name = "gotosocial-metrics-password";
- value = {key = "services/gotosocial/metricsPassword";} // secretFileConf;
- }
- # === Authelia === #
- {
- name = "authelia-main-oidc-hmac-secret";
- value =
- {key = "services/authelia/main/oidcHmacSecret";}
- // autheliaMainConf
- // secretFileConf;
- }
- {
- name = "authelia-main-oidc-issuer-private-key";
- value =
- {key = "services/authelia/main/oidcIssuerPrivateKey";}
- // autheliaMainConf
- // secretFileConf;
- }
- {
- name = "authelia-main-session-secret";
- value =
- {key = "services/authelia/main/sessionSecret";}
- // autheliaMainConf
- // secretFileConf;
- }
- {
- name = "authelia-main-jwt-secret";
- value =
- {key = "services/authelia/main/jwtSecret";}
- // autheliaMainConf
- // secretFileConf;
- }
- {
- name = "authelia-main-storage-encryption-key";
- value =
- {key = "services/authelia/main/storageEncryptionKey";}
- // autheliaMainConf
- // secretFileConf;
- }
- {
- name = "authelia-main-client-secrets-forgejo";
- value =
- {key = "services/authelia/main/clientSecrets/forgejo";}
- // autheliaMainConf
- // secretFileConf;
- }
- {
- name = "authelia-main-client-secrets-gokapi";
- value =
- {key = "services/authelia/main/clientSecrets/gokapi";}
- // autheliaMainConf
- // secretFileConf;
- }
- {
- name = "authelia-main-client-secrets-gts-trinnon";
- value =
- {key = "services/authelia/main/clientSecrets/gts-trinnon";}
- // autheliaMainConf
- // secretFileConf;
- }
- # === Artalk === #
- {
- name = "artalk-akismet-key";
- value =
- {key = "services/artalk/akismetKey";}
- // artalkConf
- // secretFileConf;
- }
- {
- name = "artalk-app-key";
- value =
- {key = "services/artalk/appKey";}
- // artalkConf
- // secretFileConf;
- }
- {
- name = "artalk-email-password";
- value =
- {key = "services/artalk/emailPassword";}
- // artalkConf
- // secretFileConf;
- }
- {
- name = "artalk-github-client-id";
- value =
- {key = "services/artalk/githubClientId";}
- // artalkConf
- // secretFileConf;
- }
- {
- name = "artalk-github-client-secret";
- value =
- {key = "services/artalk/githubClientSecret";}
- // artalkConf
- // secretFileConf;
- }
- # === Gokapi === #
- {
- name = "gokapi-salt-admin";
- value = {key = "services/gokapi/saltAdmin";} // secretFileConf;
- }
- {
- name = "gokapi-salt-files";
- value = {key = "services/gokapi/saltFiles";} // secretFileConf;
- }
- {
- name = "gokapi-oauth-secret";
- value = {key = "services/gokapi/oauthSecret";} // secretFileConf;
- }
- ]
- )
- )
secrets/hosts/pardofelis/secrets.yaml
@@ -1,79 +0,0 @@
-ipv4: ENC[AES256_GCM,data:EOyIUXJxIKZIjLjh,iv:fS6HCVpATCrOCleA+2ZqiJpQD/CqkOeFhRcgkVLx45I=,tag:7IqJE9v65SxJMcOW3juBIg==,type:str]
-ipv6: ENC[AES256_GCM,data:0tuG+y2elv10AmyLdTh6o1wggdSm9A==,iv:BzGoHn8JLlGpk/Ifn5Qtf7qHSMUzM3lXl2UOF7Eilts=,tag:mSnjqis1Z39j9+WWPQvB6g==,type:str]
-gateway: ENC[AES256_GCM,data:ScDchbNjK1DPkc4Zvw==,iv:AyMa6YkTyEJclJKOqIbWCc4bfr9IXyTrRNJ0cCv0LiE=,tag:bPwlivyWgcpKBd70Pp+z5A==,type:str]
-gateway6: ENC[AES256_GCM,data:0kNmpzpfa1Px+b8thcPU524SZWM=,iv:Rw9+fe1DvG/eE369zEiivy82aiWXRGvzTLBXEdd3BVY=,tag:nS1v2h/b169Q/7E7ywvu0A==,type:str]
-services:
- freshrss:
- defaultUserPassword: ENC[AES256_GCM,data:go37FcBdkPaI3o9ufWWSe4csncSBXl7Sna1lOU9xCxc=,iv:uslyMRqDLmJp9al4kz+F/f8tcyAzpBtnRHRNaz5E+1U=,tag:cs/laSyPWy0GHN3bMO8FRQ==,type:str]
- grafana:
- adminPassword: ENC[AES256_GCM,data:GSD4lXMBxnzbmWluPp0J4Y7EDOnutCZq,iv:MqyKSHZk2RkPEo07SQxYYYZir+DPwWSjwwWVfeP8kqQ=,tag:VVJFT5HQquF6fOp7aOINSA==,type:str]
- forgejo:
- mailerPassword: ENC[AES256_GCM,data:R9zhwWLjxAuZe3+pXXh12GsO01kpseOv,iv:Z+VH4XHj7HHEr+PdWtpa2kL/vXOaaVZl+aqrFm/htoQ=,tag:sEvfPKWxWjTJzVAeND9/kA==,type:str]
- forgejo-runner:
- token: ENC[AES256_GCM,data:gm23RUL8LVnq6prQFjX+mk2NlcURJuRdlOOzDjM6brjPOi4Rxy4dZw==,iv:OsRpBP5SEdHSHiCAVS7FJhAlnuBODc66Ap+Fty9fhZo=,tag:7Ez+qNe/w18DGJT+neZSHA==,type:str]
- gotosocial:
- s3Endpoint: ENC[AES256_GCM,data:zUe0nDSW1T9i3YOq2Cao87nM4I05yquKMLsD7gMKYJ/M8bj9usBiFr3aAOW5mEiATzSy4VtupTDT,iv:UluVNVCcF1LUWYJWlCVS4y197TSuD34MNuUC7Mr+Tjg=,tag:AyLcTDPZoleKSMDX39ApBg==,type:str]
- s3AccessKey: ENC[AES256_GCM,data:2hOwCwYROPZ/ZBs+QHjuaHZR8DZdBoz96Dh0g6ohFpg=,iv:6FGLKG+Y9/8tFqLsC+h7oBbT2HkMBDF1zobv61/a6j0=,tag:0OZ5KpK3P47ZqyEWdUEGRQ==,type:str]
- s3SecretKey: ENC[AES256_GCM,data:zg0JEJvuGDLuEgm1clp7CI4tF47CtLsyR9kn9vr8YJvyDxPL9cSWgGMVffrGFf/AY9q4k7SSrNS047k5SB1nHQ==,iv:0LAatRgKfCrkdvQLfrCLl/BvdwkzH0SSRp17/6ssClA=,tag:U520Cp1+XZMjdW9RpwX2YQ==,type:str]
- oidcSecret: ENC[AES256_GCM,data:SlFx334faSnViGXGHE8P+s/q49PDnTxJpCYdaIZd3KfhfzSvDV6XfodY10wgxs881+Ddcqs3063Z3aVE7CXn9kjFAudhqYt+,iv:AbtfLUpQrLj+0C7mRaKDjCyd9j8/3jyzJ43jaE4GZMw=,tag:PZjhijH3SG6Iiv8wkW5fPg==,type:str]
- smtpPassword: ENC[AES256_GCM,data:77N68yKGZYmwlkNXMFtYSagJVpoy1BvlXYuj7msYVhM=,iv:i+cEF54rNUyADJKgFvDivAm2p5WoIjhpUB9GTTvL400=,tag:gYL1piOzxllAPuWqXNYWcQ==,type:str]
- metricsPassword: ENC[AES256_GCM,data:z2allx8tfOAUtZL1Z0vQaa6wd3ASmTZRhdp2rg4wKaA=,iv:4YFl4D72VIeLdL9toxZeRYNvWyUi8n9P/EXeZ6yqdBM=,tag:k8sIThhEzBFDMiO3TA845Q==,type:str]
- restic:
- password: ENC[AES256_GCM,data:KrT+kv+1hbWnkZUOw+8m5c0bg2JacV/frOUi6zq6wIA=,iv:n5mIZ8FYcpCC3+RsYInfrYfs1WVBkguFmKT3juYzlMI=,tag:w6mN5hNNbdCK/qdW5U/a7w==,type:str]
- artalk:
- appKey: ENC[AES256_GCM,data:YWPX3IMm7tBBELRasgAreQ==,iv:R6XyPY3nbH+N80ye0MVX5QsV1kNQZbPRV8SwCcRhWDY=,tag:PbgpWMY6UobmXPuAQDE6WQ==,type:str]
- akismetKey: ENC[AES256_GCM,data:HU2a/f8lC/s76uLx,iv:8Y8N2wy43rtAlk5ptp9SeIvqhhMzWIjuHspyc3cLOrg=,tag:IrIk0vOs7ovzb6tBMxV+bg==,type:str]
- emailPassword: ENC[AES256_GCM,data:Qx2FxbIEm6Jjmv4ZV1JnMyZRUvHFRXM6,iv:tzNAQkmeMNAvNClnooVOssKNLVkKxczd7T3L/Gb0s4M=,tag:sGSJN6Msr+uMkiz7rBYL1g==,type:str]
- githubClientId: ENC[AES256_GCM,data:ju1RHdc5cx99s+NQXfhk/b80jLI=,iv:84ly8arMzezgoxo61Barey/NaEYWF7c9HY5DS7fl2Gg=,tag:r7pf4jKkhsW+GAiGf2CG9A==,type:str]
- githubClientSecret: ENC[AES256_GCM,data:pyt5ddWBtBA2A8MQDkT4toLgwVwa5VnlWGOwEFldMerYCtw4F9X7Ow==,iv:H2YbbmBTGskZ+1yLTZTICO0bzR9LADN+4Bl+/P1s1TE=,tag:DF9WXdE/isxZUNblpRUv5g==,type:str]
- gokapi:
- saltAdmin: ENC[AES256_GCM,data:oSOq+fA75Iv4GjFqUlcyA7vB1RHE9hUgVtQp0iw9,iv:h0VB/szqUN2KKmd5T7I6diinygw/d7uRfR4bIpado4w=,tag:CAVs81P23jqhiRy8fJEgcA==,type:str]
- saltFiles: ENC[AES256_GCM,data:4OYUZFZr4Z89ufEpT7TCOi87Yk0JAIOPpuBFuGXI,iv:gldYRfNAWhdM0EivqgJ8mGtjbq0omBrgI/j5UBw/0bE=,tag:dAmms78ooZUX8OeEzV9E2Q==,type:str]
- oauthSecret: ENC[AES256_GCM,data:K1rtzHjeJGCKgB0D3kOX3KmrsAkI7nW/EEMjpFEc4tkvY/Fw68VzqvKBPhRnSbiwETEiIvgUm081U+IHFzuI6FEA+okU2jCZ,iv:agXGqOsFvpZF95Zo8YxXcGeet2nIaKWJopxO3ZIGvBo=,tag:BKhcJm5SixS7oYZ+DDYD8w==,type:str]
- authelia:
- main:
- clientSecrets:
- forgejo: ENC[AES256_GCM,data:UvHmLsPzcpibjh9fJL5TawicsgGfhCi7kNO5LexWwWU3je8qTZmt9uWPUSW+MkJoN7Mx4EWG7T3ZqReK1t6/rMeE8zmNHw+ea6AfIpOhNejxTMd0j1CnMrIKnCvSWnXNgTueo0mYQxT7qnsh8Q+VurrOr1TudvNpIjoXISLIQ5yxABo=,iv:WZm/Z4VwcEZ8Ipd3Bw98PkjZdcWYXFt1Uhgq/+wgUSA=,tag:s/nx+8pWAVkTmRyuP07auQ==,type:str]
- gokapi: ENC[AES256_GCM,data:kbICBV5SUIHCCL8RU2/0dHQEugrHvl3YP7r/k1tOlKC0mRh6m3XTgcYKpttEgm+Y3PgK3X6/0wQL7k2jWAQq6pMn5kQ4gH7L6BCdjUiE2TxI1wjOFd4LR2koM9x7LTkgb0md23IoCIG+QbpF/a+tRonmqg+FJh2gH0iwpqt9k3cmP8E=,iv:mKJ2AXJ1o/dcRnWiGMVwamWywjk6SwWxhyDXmQaoopE=,tag:/RXJCkpI85aeoUCCbfejDw==,type:str]
- gts-trinnon: ENC[AES256_GCM,data:2OyqEjl2MrrWbQ4JjwAYVcRvJ0eFJS5JMfAQdQtSkzanQVrlxayT7eQkGOwz0CVOIYH3F1ngeZskAzwvm2id6z0wvmsUTDbaqOMqPqYjB8q39BK/2Dv7NPmP5p6z7hSzZ4hqEHsXu3HGte4vA9nEfyYlJHJb5i886Bvf9fiMUUM4PaA=,iv:/3H4UEP7RcK40Yz+C906tUr5Cv9eiNVLkLpDNz8qNZc=,tag:mRa3rPF7pXw9XF2tuKcokA==,type:str]
- jwtSecret: ENC[AES256_GCM,data:czKoD+m8bu0ioTjXYmGv8ZhQphTgsv3GEAvgY4JsxbhAEDgzR1U/Pm7n3FuoIbCCPI6TQcRN2cB4NrvNNUoqZg==,iv:MZbgnw3GkgkQQNk2i4wNFkqcrsyIqdB1GbfeN+NTlwQ=,tag:MN7dV2BDjXxI3AxOYNie1Q==,type:str]
- oidcHmacSecret: ENC[AES256_GCM,data:BOB1jTSl/yi/rPll1Frd2eFJQdZ+vI2c291Aot50eKZcaLzqA9OwUKY3MlXhyk68RF0p/krFNwRq1c4vhOTrDg==,iv:l5AS24F/Zv2iLf4TYpqR9AOFAzloYEoOVq/SHl2+OuQ=,tag:8nMMAI8TghiMSfDJ+qOYLQ==,type:str]
- sessionSecret: ENC[AES256_GCM,data:kztWuKe/1zcnOypdbKh2SQ5LzS96XdjOngkJGDmtc8JdyJNbDbbAztLvN5FdUtJgo+Ltq6xFMsK5vQfIhmzttg==,iv://+sTH+dyZ18OUP9yJ67xEUhlR7gTLaL6Pich5VT4Qw=,tag:2JEAqUfmIwzSmKEaxBhkAQ==,type:str]
- storageEncryptionKey: ENC[AES256_GCM,data:Izqst2AzXvOG4qi3BYIp4BY2nGfuVEUro3mjrHRtMfY=,iv:CYqOylrTvPGvCTJ8ObCg9um4hWLY4cqRqMBruzCeAko=,tag:IQ9CAr9sGKaZKVbAOeFXVA==,type:str]
- oidcIssuerPrivateKey: ENC[AES256_GCM,data:TRui0p/mI93Rfi6SZuZFuanMTIpQx0ODvkMlgJ8aNsI2SNScAMy+nXcojUE1Fa/TYkKXdUmgol62PIsjXTWGl+onUiyvYC+gMcJUVcNNDbUGruELeUYLFKLCciF8iAO5iuef6rJJIrrb6AHCqoNGuNxy7PL9F4T7LiKNCAv/vn4MxRfS3OEO3svdrDFSNwTieRBvL5RW43LkKwiV4fRSPMDKng6/N5oIU10fslP2tnGa0S14M2EHE4GMbfm0FUlvudCQjVcWoWp9H2h7XGB5ykqUWli5oAJA8JV5wJdRp+ADtWJA2zyPEMTjwis0M1UBdvDZ1h13Kf5Rv07I0V+gKIWFaBgMLQ+Gm8HjHirmibLp1k/LSGy6gDtvNtU8Ps9hiEAAVIyX65O4t74HhtOaDuJl6twi4Olro+8P56oyV6JTTQ2MtwKpJh92rIhClb3vg7pN2Zgug6IwEImwc800iQaxNMBZIMOVEy3u1+TP6HWGHE5wDtqSSZfS7rM/bl5lIhCaeOixvjfj5nOZ7/VousIHpANDR8xi3HZn8AYLI9jx8YGgyjqTucqC9s/6V5LsGLw4hwUR6F+4RqSO1taswzVZv6D9rGDZciMnavvdrECePEz5iR8LnZ3gBvBl3g7rtO832R2aSNlEZZJU9uhi4nAZUUNW5/gDcmLjCJzaBLamwg4UW3IssNlXigoOLNUAkfinZBYetHs8WCx3g0WIxVpxhpPxkR3H80lTP4EP2tMmBh3XfXIdvGrc0UG6oN05D/lTurq3Yvso1r/DBzVkH/JKHENvNvxnKZ6HhDBDjZygYVCcUAWdge5LVq7y+4HpJC9nMjLFQnx0IzfdTcF1j4BDxjyx3m1MgjMUHjT9CnzpSvtyQ+OfDuSWM2s9XWQcxhqP/uzvviXBk5PChLVAQ+CeLXz5LvgbJ3S/AqkZLYsVmQHR90fkp82oRnbTRv8z/VHjazfc8AVXXF06hFTQ3y5F3XSU7ZsgLtk6cZwdOPITg8HGLjRXzciTh3eW/tAp5LcvEAbb9Gbz3tZNHw2ZtDKFmmHH2GYpAgaq/ZoEDYBjySpGddAb/xxWE9YdlPLRYIswYQkyLzCnpNTeCtu3CxYis7gk2p2cL90vWbdEO+XKi55j7oKB1OX8ARKyi6aY5U2lFrE1h4JGUlbF3hI9sY1KZRjkn5uQkuBItbYofOzEu7u3KjGZWdi9ZRnoSYyVpM3zJEr8GWEz6SvtdQCeND0stj7LkGXgmwK8/LG4aVX7qqGjMxe0Tv5B6FXIm9dwjcLVdr+49Eo7NgWxd+4YICk+iclF57xOCtsNAJpAEpyjxnANvRDII0b014g6EJiOR4OlQsGpWod0m3VM8dkCxiQOscONPFzv+P8sIYtCxSjROaFGxYbH1cfLnx6vdOK91A2scDkvUqBFThZK1r9FB2umKKjD9uXYsVy1y/sktPvVHleF/iYRnx2GzT1ZLePC3P9DlPXarqHm+ei3YTDVVeQTkeNMkGjKqH932hdWlWwCmlJAaZKaXzeeFunDAMVzDNUMaE/5QMff6sZwajhz44HJWgLjsYleeNrqsOIKtF5FqNA0/8MXkrZLqmBrctmAaE3VtWFBrtBkhcy4bKv9Nf120+jRsE35T4yKptuF18x+etdzVsJmmo8cDF0YhxV5fgQf9Xixs880DBTp/hXDt2NhvFzA9jaWKJPRXV5DErOYyfZRg99v7qos/dGaNS9U8XWkjpynd7U6iA5sKy8aqLaUsE3cjKpb/cTpL4JY+f+QA/SWf6/oeA+nyUnipIG5UQE1DdY9I9LP4l+3dQSGkTEs3ZQVF778vmDld2X1w3FdeQpmRqjkPkmZw874Iwv7u3b+yhzaYN/6p2Z0W1RHmUTMiuCqgFDNLQgZfXFu7P8kNohkBL2LuVJJcQ2S0xgtQMn4xnc5lBRVLUsTL1RR2pMQJJrmNxPJDUfogofV8DzYthtHMNjvDeK41oD7pk5QsKvtjbN/PuQEpbMBUzUnnDAEQ7QtobOKO/p5dv5JnTDd3tnxqkOYvEYJ90Z58zO7RMQYmeyVfWL3o2hEKTa8rUc62/6FFBw3/sSQSRXCnLKfF/wswP1hS6MdLDHLl30H6I1+pZU+tvU9D/r8VftvTg3wy80dPy9IrRfyYRQkST5EQ3JVD1tCeYkQ8laZ1fEFdWFM1keB3jfWHlEwUSsyLHiDD6ps4IkOqWAlXeO7RnWO2qk4YmU5jrEEtXwmyWXiAPlK1JxwO8YIFWut43t4OVM5XBVCTE4U,iv:SXeiK4/QCqmQpdoOuFZR2cFjoox44YPvw+eKkL9wT+I=,tag:KkdOkpIojnGmTZ0uJEvwcw==,type:str]
-sops:
- age:
- - recipient: age1sur93fevme8az4v6txee9uw7gk8xcpz2u0mfzvayavrcx9zkefxsmcpnln
- enc: |
- -----BEGIN AGE ENCRYPTED FILE-----
- YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0dWpTdEpzMERtZS9xNklU
- OC9UdkJQUXptc25jYURWeXQ5bzdNTlNVUHhBClpDRTNTY0JpMG95L2h2VzZva001
- aTRlSVNDZFJDUVZaVGo5QlYrejRjZ2cKLS0tICtjYVNQRnh5VVZsNkxPT0hpaE1V
- VmVwbXJ5Sm9Ld21iSy9xekVrMmFiS0kK7eEjMN2aAvYHw4bAEKjTEYVbvROAJ2Ln
- oX0q27r7A9l3hfES9DXvXkuxpHOXqJ9JSAhjWdpi/CkkfVt/Wh7hvg==
- -----END AGE ENCRYPTED FILE-----
- - recipient: age1l9acz0cuy455nprryeqyv6ckfqgv3tekuk0kxvvxyunsapwmpvnsmaazhy
- enc: |
- -----BEGIN AGE ENCRYPTED FILE-----
- YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB0aDd4NTNoL0grSmIzV3pZ
- RUw5cTdaSm8yeVhMa0kvTGxZditsQ0h3L2lBCmZsN3FnNnQvc0UzLzVNUkZwcWRO
- RFljRHFnMmtkMkVQOVlDVTR5YUUvOGMKLS0tIHhYWVZkN2VZVXlOVmxjMCt6a1pk
- SENxSmtOQUlWaFg4Tys2MU91UklURW8K8VUSmBV87SBHVtTfJJrEbX3KtxtPT+nd
- a0lbIgNit5pZu5uQVwiuENuPA3K+/3Uo0AIVRxkHJC8ZVqrjXeHhvw==
- -----END AGE ENCRYPTED FILE-----
- lastmodified: "2025-08-28T08:47:14Z"
- mac: ENC[AES256_GCM,data:jg19MkOkEoER9V4gCrvofJzOqYAiABrtZTFCOMoUqY8frxzFYvh3C/AFlBB3WCpB4u86Lo6ZQvt/jA51O56uQx9Y3H8HM2o5A+6OFW21z0K38bVlqk75DnExHXXmYq/GOmVIEGHvi8qceq3p/AbzBOUbncvwpfldrM7elc2hsOI=,iv:5f0eL4k++gD1AeN8b/7CYaoKx+g5JgkCy81j2N7h0aM=,tag:oLV8pojH0TvXAG2TqiBvhA==,type:str]
- pgp:
- - created_at: "2025-08-06T11:08:38Z"
- enc: |-
- -----BEGIN PGP MESSAGE-----
-
- hF4D5u6p5vhM0pQSAQdA/JmCGvWQVDtiM0EOau3YCOyCLrLoguefSla90DfbDGww
- bXZ7xKfCJk3DGNbfjfSGApFDuv5GpkIrsOqYdvvLq4alCNmyH3e5wIe4aUOitRtI
- 0l4BpLXQ86H2vj0yvGLq2xHmqtAstOqPhhu8/jEoqY5jG4pMDuuIlYM05U9F46Aw
- 3w59GTZjh0tdB4miiX3ceMOt5XihzUQElITcIdbbTJQdDH3dOx3S5RBvziOL7T1C
- =bAzt
- -----END PGP MESSAGE-----
- fp: E2D9FA1509BBC65A130929A9E6EEA9E6F84CD294
- unencrypted_suffix: _unencrypted
- version: 3.10.2
secrets/hosts/default.nix
@@ -1,3 +0,0 @@
-{mylib, ...}: {
- imports = mylib.scanModules ./.;
-}
secrets/hosts/README.md
@@ -1,7 +0,0 @@
-# Host secrets
-
-This folder contains host-specific settings, typically the IP address of a VPS.
-
-## IP Secret Management
-
-Define some common host configuration options in `/os-modules/base/hosts.nix` and declare them centrally in `/hosts/general.nix`. In `/os-modules/base/users.nix`, store IP-related secrets in files and import them into `knownHosts`; in `/os-modules/nixos/base/networking.nix`, store IP-related secrets in systemd's drop-in.
\ No newline at end of file
secrets/hosts/README.zh-CN.md
@@ -1,7 +0,0 @@
-# Host secrets
-
-此文件夹下存放主机特定的设置,一般而言是 VPS 的 IP 地址。
-
-## IP 机密管理
-
-通过 `/os-modules/base/hosts.nix` 定义主机的部分通用设置选项,并在 `/hosts/general.nix` 中集中声明。在 `/os-modules/base/users.nix` 中将 IP 相关机密存入文件并引入 `knownHosts` 中;在 `/os-modules/nixos/base/networking.nix` 中将 IP 相关机密存入 systemd 的 drop-in 中。
\ No newline at end of file
secrets/base.nix
@@ -1,31 +0,0 @@
-{
- lib,
- config,
- myvars,
- sops-nix,
- ...
-}: {
- imports =
- [
- sops-nix.nixosModules.sops
- ./hosts
- ]
- ++ (
- builtins.map (k: {
- sops.secrets."rclone-${k}" =
- lib.mkIf
- (config.home-manager.users.${myvars.username}.programs.rclone.enable or true)
- {
- key = "rclone/${k}";
- owner = myvars.username;
- };
- }) ["onedrive-token" "restic-backup-token"]
- );
-
- sops.age = {
- sshKeyPaths = ["/etc/ssh/ssh_host_ed25519_key"];
- generateKey = true;
- };
-
- sops.defaultSopsFile = ./secrets.yaml;
-}
secrets/nixos.nix
@@ -1,24 +0,0 @@
-{
- lib,
- config,
- ...
-}: {
- imports = [./base.nix];
-
- config = lib.mkMerge [
- {
- sops.secrets = {
- "aria2-rpc-secret" = {
- restartUnits = ["aria2.service"];
- };
- };
- }
-
- (lib.mkIf config.services.mihomo.enable {
- sops.secrets = lib.genAttrs [
- "mihomo/providers/yi_yuan"
- "mihomo/providers/mo_jie"
- ] (name: {restartUnits = ["mihomo.service"];});
- })
- ];
-}
secrets/README.md
@@ -1,61 +0,0 @@
-# Secret Management
-
-> [!NOTE]
-> This folder is **not** a module for password management. I use self-hosted [VaultWarden][vaultwarden] for password management.
-
-All my secrets are managed using [sops][sops] and stored under this folder. Secrets can be decrypted using either my PGP key or the host's SSH key (i.e., `/etc/ssh/ssh_host_ed25519_key`) and are stored in the `/run/secrets` directory on the machine.
-
-## Adding a New Host
-
-Get the host's host key, here using the local machine's `/etc/ssh/ssh_host_ed25519_key.pub` as an example. Run `ssh-to-age` to obtain the age key.
-
-```sh
-nix-shell -p ssh-to-age --run 'cat /etc/ssh/ssh_host_ed25519_key.pub | ssh-to-age'
-```
-
-Add the generated age key under the top-level `keys` field in `.sops.yaml`, and reference it under the `key_groups` field in the required items under `creation_rules`. Then use `sops` to update all related secret files.
-
-## Creating Secrets
-
-Open the secret file in the terminal using sops:
-
-```sh
-sops secrets/secrets.yaml
-```
-
-Then edit and add new secret fields:
-
-```yaml
-this: "is a secret"
-and: { a: { nest: secret } }
-```
-
-Next, edit and add the field in `/secrets/base.nix`:
-
-```nix
-let
- mapSecrets = keys:
- builtins.listToAttrs (builtins.map (k: {
- name = k;
- value = {
- format = "yaml";
- sopsFile = ./secrets.yaml;
- };
- })
- keys);
-in {
- sops.secrets = mapSecrets [
- "this"
- "and/a/nest"
- ];
-}
-```
-
-You can then access the secrets elsewhere using `config.sops.secrets.<name>` or `config.sops.placeholder.<name>`.
-
-## Creating a New Secret Type
-
-Add a new regex matching group in the `creation_rules` field of `.sops.yaml`.
-
-[sops]: https://github.com/getsops/sops
-[vaultwarden]: https://github.com/dani-garcia/vaultwarden
\ No newline at end of file
secrets/README.zh-CN.md
@@ -1,61 +0,0 @@
-# 机密管理
-
-> [!NOTE]
-> 此文件夹**不是**关于密码管理的模块,我使用自托管的 [VaultWarden][vaultwarden] 进行密码管理。
-
-我的所有机密都使用 [sops][sops] 进行管理,存储在这一文件夹下。机密可以通过我的 PGP 密钥或主机的 ssh 密钥(也就是 `/etc/ssh/ssh_host_ed25519_key`)进行解密,并存储在机器的 `/run/secrets` 目录下。
-
-## 添加新主机
-
-获取主机的 host key,此处以本机的 `/etc/ssh/ssh_host_ed25519_key.pub` 为例。运行 `ssh-to-age` 获得 age 密钥。
-
-```sh
-nix-shell -p ssh-to-age --run 'cat /etc/ssh/ssh_host_ed25519_key.pub | ssh-to-age'
-```
-
-在 `.sops.yaml` 的顶层 `keys` 字段下添加生成的 age 密钥,并在 `creation_rules` 下需要的项目中的 `key_groups` 字段下引用即可。随后需要使用 `sops` 更新所有相关机密文件。
-
-## 创建机密
-
-在终端中使用 sops 打开机密所在的文件:
-
-```sh
-sops secrets/secrets.yaml
-```
-
-并编辑添加新的机密字段:
-
-```yaml
-this: "is a secret"
-and: { a: { nest: secret } }
-```
-
-随后在 `/secrets/base.nix` 中编辑添加该字段
-
-```nix
-let
- mapSecrets = keys:
- builtins.listToAttrs (builtins.map (k: {
- name = k;
- value = {
- format = "yaml";
- sopsFile = ./secrets.yaml;
- };
- })
- keys);
-in {
- sops.secrets = mapSecrets [
- "this"
- "and/a/nest"
- ];
-}
-```
-
-即可在其他地方通过 `config.sops.secrets.<name>` 或 `config.sops.placeholder.<name>` 来调用机密。
-
-## 创建新机密类型
-
-在 `.sops.yaml` 中的 `creation_rules` 字段添加一个新的正则匹配组即可。
-
-[sops]: https://github.com/getsops/sops
-[vaultwarden]: https://github.com/dani-garcia/vaultwarden
secrets/secrets.yaml
@@ -1,54 +0,0 @@
-github-access-token: ENC[AES256_GCM,data:Ca/NER89MA1sF+bGc6Tcz/OVr7vlu7fh6p0eZWEONQ9HvkNeXN1aB3duWLTCWUTv+qvTYXrNicOTVFpLdlpaq3oJhZno+l6jbDu00DIOFUFyg8VfOXXZYPxlCx/K,iv:e+nTOBn4GAARFDXdWOEGZYMvzgjFUwxfk2BmY/Xm/A4=,tag:UuvOUtZ5LbFyy3JAEux40Q==,type:str]
-mihomo:
- providers:
- yi_yuan: ENC[AES256_GCM,data:rMKpS+O0w8AbdAQQHmt1bB3vQZlmR5xktRkww6NfgIBGIU0d2E8gJJvgcwfRQ4OGeRXTqkfvLHOyoG5xrpguyIWJHkVMPGsLjdoXSU/ZQptt51CL0cD3MJttxiVo8as=,iv:UkBQ5hyF/DLbMeK7wRXArhutUtRV0hl3+bse5y0p6VM=,tag:SlWeeH81+NpkIP6CS3Z9vw==,type:str]
- mo_jie: ENC[AES256_GCM,data:+rFloREiJa9gbnJYsTY2xFlI3b4RXaq+xARo3yq96r0eygIZix2l+NrVhCZnm7W97fLUYEahXdm47wnDKUx/mBhpXxO3io4dzHTBqwDmHcV5gA==,iv:UyC0ULdEUBAan9Fvas2+tj5Ad/QtjdW3wSVO7No1+yo=,tag:vqe5Vn3kkk9WCXcMkf7xKg==,type:str]
-aria2-rpc-secret: ENC[AES256_GCM,data:I6FYN/TRRP2ceQ==,iv:18dOBc/3WTden6Za2IaSoUOX5aY6M0jAwt94il0f5OI=,tag:WZf3xu7EC7cVlZU5urNWzQ==,type:str]
-rclone:
- onedrive-token: ENC[AES256_GCM,data:0y0eThYoeJtJ7I5Y9ZE2N4N8TH01yU7xRXHUhYRcj8uHn185VxHvXIhlKMgmZJCfc6qPAYroWkZtxID64/kXxwbhdfd0kLUwiH0Gnv41tb3KA7cxS3r4yvIStLdaax7Ui7ntwYREgLABdL/UdIzeEO2XNs7PaLYI5mQi06A4pmNIZolHP8xgBXiMeSF4cKR/WXGu0m9Y2bv1ci67BJ/BfNjA+ah3HV8vbk93xW7oc+x+7Vh3tiySy+82iNuuDOPzD9/+ImgY9X3kKZeZCG78QYIlRMmwo44WSh+1Or1DyAw/4Y2rE+qNxi6zGWFjC4c80JLAJh8bOb6Yari9oSBZB9MHNxwY0Xrd4K3g2ipsts22N0iqfH+SOfAgMWuRpZkx7j6kPaLA+fDJJTXQ2GK/LKcHaxYin3RMfVq5RD8nTPLJ/tlMNQUxIS+fkE9HIa3uGerdpGRcdUWGX8q+FqbAw+Hg+b+TEwDBLAE0PLm1NjsMDs/0y7Oe3JduoeKWvsDjkdNvoRemXF/tPtBZp4CXZ5fnqRIxOcD3SXJ3MxXtWJ6o0G536jb/AxcpVxX71774vcAcP5uS6HIq80yZAGeD6MKkpZUAtgKWee5y2FnWoDks0NMLgb4TYbqbTHFBKEBAjXPADeKismt2tGF031E524EizfLF6IbfVYOAK6CMOVerjMsKEaTOmuq0VDOTxZ7udIfLQaKhW/xVAXnmi9m4JdrMLkajcfQNIRGoKOsZF1jALp2h6TznjgVWatJZPPzHfLnRckEhDQ+IxsXtrn1VPaADBvGxiWQdfV2994v0xcjwAbx/BO8B3vqbVscXOLqdAQk0hU+Tn7/28+2jfNn8+3U1qGVUxIJxTIyYvewT+Ef85N6aMcxrkfgY+czqg3BZmnZib4dELBwOT+OdCPxd98fDmTPd4bAeLLpt/9XOYpUQlaT2HH61XoI0OuThHL+5lfzsSEwtbOCegBiVLbuv68bLmV9L9F8GhYCZZCv+fCs72FXI7ZF6FyBbElDlrCnh3wCRbXE24eGROKLOlHuAPXi7oFkfKJQy5k9S0JqpNFBaMis6V0C0Xw2oA7lL4IswSj/dcePwWUkAr6fCF7XEEmVXhWRjucMsrDCT+L0wxbwq0cif7Eo3cMeoAk2/Jidj0BcZgoRChfOeeVU6E1MXqhqFxoqALUf1KEJZ8/puZMxjhIKMd+Pe7T18P+tUQtcrTC41R2U+uF2eUnhpTfY25rwXl67G/PLg/GxJ0h0FBIfWCofxqRWMvTm/g50hbw+ERNn6d/GhHJLc3D7QsGTKv6SwZ2FukpP2hxfDBH1hL+8GVrVmMYDjLh9dlmGAvsymUYsqRGUpTZ85/hBV+ZzedJKrkoOlZWrm5/e9QGSIgpTX4xWy8/vsAYrufIxhehrbU7DZoq2WMxEF0ozC1iJeEl8h7EYFcCNZPaRAhq+7JeNfAQKzLx77JqnoGpY6FlnqDbRUP5ZR+Zz09uH9pt+cwJ1BLj3pNwtrnwknlZtQyRy1XTVv5KIp2q4R10PpiEuIUlO5FswWTyCZot9diV1ff/e5WMxngExRxBUEBsTAbrD8q0BBLspixYuswjyn0BU2dwdxfHnbk9O9JSAAZFPwpRYOXv3kYlRHd8EIW6UC+m6i8UpHofVaAaifiIUSRajqQJT6/EZw3GgEw/azWUtz+8SFyFV1Gx5J2enxuCGJ3UV7+osbmSuHcfo4tSF2zna4OUQ6KEveCSzOdWqSx4gYf7WNnbIcgCEmDPnssCsJmPO1GcSdoGGVHBPFwewZjmen6zWUusNHPbtixVB6HtKL8A71IWTAo1BdBSjclOw0czj9DOPLHQOBjx+GrWNTPyxxflJ5Jbxnm83n4aZk5ldTccef9ayD1ud+kMVWhRRIXn7N9YUQkhv/YMUatqcgAcgwnUmIJ+TmIZq8/0FLH9z+ltDeB0zNMTilyeKPp2Yz6uOtjvVW51gU6lJiRVNYbok9dn7RxcPY0BxUOWPrO993h8D9YxPdiIsSnVlM1fgL2kE1Ir39PXjHuLyGTMWWbhojb9kbMF9xhtjpgRrNmM6InYBB7XJB6tSu4OCcBbrc/BEGWzy6hH1jH7iNTqG0r2Nx6AANhBOXN9KNC9qqs1O3MmxBswOF6dPu0g0nLpfT4TxUNyLpYz0+v/pbokjcBaBjFjVXIKTDRf6/DayUPhKtZn7V1wbOq9169253KnYZhzsfsYKEUCqt/oZkyFZZDAG76tFizieks4ZHx00NV9uOR5kkSem72WDap3p0uqQcZHe7hKs8ppuEs/SMShO3xpV06WQ2prP/Hu2xl20StRuiLqAxDmd5r22BSaHllr2rKCZjUb0V/3TqnEt5CqFF7idD5tpNXWfW3x0271NXokYTZ5ipgSHiueQzhE4XOFUttxCSfD+QZI+83n81i8uZfPSwzWw6LzVKoUZT+0O5wrT61tGtlamYhEKNCoNdbw4ksxLQNEqRVAbJwIe7e0L7sFThlbPaReYWgcBedIVjChM2pWSAxTp14ZxIjGO7lWJKibKo2ySAdSCUfTduULTMzQrVqyWFs6PzHNyiJao6gSpM2XCwegjILitP1CzYgco5B5OTOJLqvCrXyMdgdNb8CU0LZ+Jvz5TmH3g8BMKn0/SCkRNVkEC00xGsG63m,iv:oP3gNO0t97BgN30SQRVcVztW9m364ii7mVwFzcBYLg8=,tag:bN9X8GIy+3DfvxX2uDHqdw==,type:str]
- restic-backup-token: ENC[AES256_GCM,data:PmrgiXfALlCfkq7VCF7MgX5s53s9RiS6ynVjH9fn+rsUpufXnBuf+7o+bV/IsWHFWMrASgPHQvvrqs949aQ0Y+4FCLQFJc0BOKZ7kudF52Xgc9r4ipqGitQp6Gxea9TIjsUdRTPvH77QFsOanDeIiNcc5zuv+HT5NSkuZAbJtMpkAugWqFkEK3Gr/C0cMX+Q8Nj7ZHwn39z50BaC9FWXWfz41G9MkeqQXwA0CZruCvr2FufN10p4/2gPrsUBGB1uXHozl2NKrBL2mmZwGbaQDLcDKM1AoA8CpP4P0qmS9OC2iZZN8Se62oMi/asFGScqHlTnMlvfwr+ig274B3jl8TXmn1pe/9SR+I2ze7/AV9nKHmVBOB0zqYsW7hW3zpuPcdh+f509BFxbmxi6enZPaffSJcjNn6XLXjSPyqYou+sClwQUImmcXSpDfrGhZxs25cltSzQibMubNUY5mVR7FrBA1mFE+w3yEcw33AyQUkqHnaipJllp0NHPFBEaqYiBrg7tULjAcvPim2fHxwj6XXmh+HkXFs+21jwjokMgGQ3mJwmHXQgM+zMkwipzrRBjtbaYTVrMJcCws3LM5gYgp5hyEcq+pxGOgQwh1RBb1UfOfI3hdqSyXrYiyg8RA6qaC1rIpMFWX3x/EAZv+5bsTSRXtDV8bUh1bEgsbLVZFNHk4b+9owgt1NxnUPRiOSBQtdONgPCPWI5qVNH5d30v/yus+EBI9t8Qnyd9pyM1rV9zMt9FOXkNb0O5m/AFdgcyz6lW+uJQdVgewF89Pr+azLb2x2rEbM+ny7oAafM1uK2/x+TlgiseZXAyAtIoDXvtVnTqNDbDLAvc6kqlpfPYKzZayPAaEJGlxNo2QskoO7juvkGswdXygfi01o6pbkpcZfA4yyMGv7slquKWd+0QpXHg318amyhbfzPCS50iosBXPd4qDNlKD4Nj4yljIj3H9qHw1PKPgUu5kM6/afM6p6jCeASD2h5R5dMXYtWyF+Wk+7Zrh3CXr5Js8HO5qmE2DVlULkDjt3vQQLBm6AT55pjL4ufpUhiF8PPuVIIxPLQXC2mppm65fS35XuF2ReWjAoB3Yk3EwFe/eSEmzCvUaPS313DzEUNpAFTMoTK3nk7uecCXXCju1jKwbttA7/ZBB66520UoAYxAy7I080p2CECNKKldu0aD2p1nUzNk5m7Q7e0aF4NQn+aqpPozy5kNtYvcse3JCpZoHSGQ3eHOyzzT6xaTKqHRYtvDuyb3Arwy9gPcLF2ZaMF0JA2ul6J+zZkNaUlsvSMQ2xn5BkWaSJfHigCRY5S1kAwYA7cU2hM6IWUYq5r5N7Ff5v+0+jeMyr75g9luVgkuIjqSGatIsywt2JASTaRrmsC+4FYT0BqFCN6/YAP17BHTrmQyBxyOeJTdLIInZOQ5mREWCEE9LrPuWGijRrIid+4/U9qa2q3e6dYZettg2WERendEE7Ci3eY3e3Rw3xsuTrXlPaqPj7jpO28y6lzCh6Y+K/rFd6h8FZYxXNaw1MDspaxq75QN8LqQvOvu0rm6013ZMzB1nLWsV3kvjJ8o7iSWCPavJ/kQrLrVEEAxNe5WA39SCT3dJZcRg+ONHVuG2ypr0DQz0w8S3LfIBzMoDd2hFw3KWv7Bt9D4nq5gSo3rnROs/zhRquNyz/4C844M+PHBZHPD06BJapLZnbIuAh3fmW4T0+hE2YT9yaLCId3q+XsUiGKuxqch1LBrxmjWjHAGZmky6c2Z2HrFkOTO8306hZ6KVbie0FqRdz6l3iBAvuPp43XWC/TgyXtJcKbuDxNz5swvB9TaWBChitd13xhhpEDYuHmU1YcOPfchcRlS7ezcqkaKpuSM6tIKMfyFr9z6SHmRECr+YGBiWS0/0MHPGL6vviZ2/oL74r8+Z6Q3Rwnku4/DaZFwKtPL2x68bXuYHJZYS09grIaSsQsFkJ+mISg2q3tObhppT5lNFBHIHsO5lZO8m0aw4M630bAqr94wRAcNNfQ9o3cmSCzbNiQHRDZvWxp4E9AGyEu9N1/+IzidPDkfc3CDNxX1wV9WXoS/kmmbXeoXxSDPIkGlz3SkmL/Nv1GrYDtVMT/8mjzqsYQhUDPQTY41LzZlfMaTgsiKVwJ+RFIgw2URabl8xejpAo6t9SJ5QXhFYPHbY6i9oV+hhmbfhtkF2Z5+ZQ9i7p+PO3XDhvJuA1y/b8oTt6IQ0l/xcVgBNlE9xyXoJ6u4bI/6c5bjIydLtY1VaHgWVdAIDTe0G+gk3BwgnJmpNsWatf+zpCn2KCN4obmaBlU5ypm73vPrJr/uArC1+MlU+SyzcABQv+1fk+gRc//DI4OcjYndqoBn5BKU2V74cZ08GgWwqdYRDLXAia2dx2Zxhl2yhLnpB9P6ttMZtZ0uib1jtjO+Vkm9nsjvMQeXVuqBG1FwRa8hhzc0+1xLuR4nZ3AdnvV2rYOya1UAXa+S19mbhzIc03b0zzd8oyA0SgPiJb7zoWxvBSBilvKwcZnO6B87He/8fpLdrxhzGlhQUeDj1TkfRnIPEeXtVvrrF473mqnMAUGs0UCAjObpN407lLp1zkpU3CFTwXPPFhv+FTq5WLackw==,iv:MTbA3m44lzQtRGq6gBDV1DlUzud370jTz2uiI0y5LSw=,tag:nlofOjYpJ1+HV+Dzy1+dsg==,type:str]
-sops:
- age:
- - recipient: age18778pjmwglmame3rjpq355chxue2vr97ysj70fdyygc24prwxqrsttf84g
- enc: |
- -----BEGIN AGE ENCRYPTED FILE-----
- YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBHRDN2OTFFTXgyenZLYU5t
- NExvdEFxLzg3MEtYNys3THNJd1lmbmNVVWlzCmQvaHAwVDBOdUdGNnl5V1NvNkw2
- em1CRTVHTmdndzNtdE0rbUIyeS9xMWMKLS0tIDR0eU9HWDVFQ29hMnVHZGkyV09G
- Nk8yQXQ0S3VmQjdRenBHVkwwUncvZDgK5Sc7RFpQUYDmCLInxbZ0OMbzczXVhdqb
- u4gKAHvtbkbmN9CldeaSTDvSyl0J8p7o3TXG45Nams7/TWip0PPtaA==
- -----END AGE ENCRYPTED FILE-----
- - recipient: age1sur93fevme8az4v6txee9uw7gk8xcpz2u0mfzvayavrcx9zkefxsmcpnln
- enc: |
- -----BEGIN AGE ENCRYPTED FILE-----
- YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBsalNENjQxR3VPNlBwVjN5
- eGVlU2wyT1hQRStPbVlRMUlJRjE1MVRCb0JrCnRPLzgwY0xxYk9tV0tEeDRkeXZZ
- OUNRdTN3bFpsMFpJSElhNWZHNVovWVEKLS0tIE9tMzNMKzExRVN1R1RZY25KQU9x
- cSszNHovc0RQekdFQmN2ZW5xNGNDTGMKKOugb9oY37a8qEHp+fWRxkXEkmWclDvf
- AHZkqiZjutnbWHYN4StFiS+MQHcQ7Q4t13BhtzulhpciatfFC0zEKw==
- -----END AGE ENCRYPTED FILE-----
- - recipient: age1l9acz0cuy455nprryeqyv6ckfqgv3tekuk0kxvvxyunsapwmpvnsmaazhy
- enc: |
- -----BEGIN AGE ENCRYPTED FILE-----
- YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBsS3AvZXJmZml3MWhuYVFh
- NTBuVFhXUjFlQm10aTJjM2tzVTBTQytzZXgwClJUcHNoN0tONllaZXI3M0xlZVQ5
- elp0L0tyOUdrVzZVanJweVRaWkFGUm8KLS0tIGFad2gvVVN3MkpjWWgvRzZoU0Js
- QkhOcmpyejRoRWQybG51V2pORTAxVm8KRfPHwPOiMdTgFF37EMWOLukj3PB/PhKK
- Sx3ytiR8kENbpyNDGyf+yrqlY6gVVbDQDwu0AGX8yCPLHi+YocOyzQ==
- -----END AGE ENCRYPTED FILE-----
- lastmodified: "2025-08-31T14:21:09Z"
- mac: ENC[AES256_GCM,data:xDMCEakkIANLKmhUKoshCzG5vaRMCXboF3FVCrDhhHdhO4jlGBjjW2yJv7WXMBQc8nFwNzpkWa9UnIhDqS08vbQUG+dDUVH5+bbkHpxUgml/yS1bDGzPtUBshBAwqfYUnL7AQfGl/LF0+ZrZoSuTIpQx1B/YlJ8EW1DTdNZjE4o=,iv:xb4dPoBltNEGAWz/ijq+cswKbrNLVqjGvFvnjmF/9Ec=,tag:z3BuH60oMFhSpTtPVR8y3Q==,type:str]
- pgp:
- - created_at: "2025-08-06T11:08:33Z"
- enc: |-
- -----BEGIN PGP MESSAGE-----
-
- hF4D5u6p5vhM0pQSAQdA8DtQ/L8251McKCX0MegXZs/H1vSfhiA97TghnKlUKzow
- mjJ4uEOnoE5W1x5KLpI1Rz79JSD5mW16RFBHPwQdgQrydpnIO2uOVsPlO1Fu2D1e
- 0l4B3bpu5N8b30VF4cpUVayGZ+faJPD2yPZnY//f5JFNx88/LpgESQpXdxKSAAG5
- LzYX5ai0hMOQgRHDpMtoiuuwQ0DEk063WKortUcwNH4zfJS+GjwRowNJDFNur9Kr
- =wSqB
- -----END PGP MESSAGE-----
- fp: E2D9FA1509BBC65A130929A9E6EEA9E6F84CD294
- unencrypted_suffix: _unencrypted
- version: 3.10.2
vars/default.nix
@@ -1,14 +0,0 @@
-{lib}: {
- username = "hpcesia";
- userfullname = "HPCesia";
- useremail = "me@hpcesia.com";
- defaultNameservers = [
- ];
- # generated by `mkpasswd -m scrypt`
- initialHashedPassword = "$7$CU..../....xQnray7Ah6GYybfmtsxmF.$k0F/eaOC2.9gXwXp0jgMrFM.fnMtFqYi3GZFaaJGsl3";
- # Public Keys that can be used to login to all my PC and servers.
- sshAuthorizedKeys = [
- "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIEHQxm2Gym1C94eof7jPj56XR9a+aqCWzwri59njPFbWAAAABHNzaDo= me@hpcesia.com with PicoKey"
- "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIyxd+nyK9cnULmzXIMhE1/rIB3VMsJ6SuWV4Ha8oE0F hpcesia@kevin"
- ];
-}
.gitattributes
@@ -1,1 +0,0 @@
-/secrets/**/secrets.yaml diff=sopsdiffer
\ No newline at end of file
.sops.yaml
@@ -1,21 +0,0 @@
-keys:
- - &admin_hpcesia E2D9FA1509BBC65A130929A9E6EEA9E6F84CD294
- - &user_hpcesia age18778pjmwglmame3rjpq355chxue2vr97ysj70fdyygc24prwxqrsttf84g
- - &chaser_kevin age1sur93fevme8az4v6txee9uw7gk8xcpz2u0mfzvayavrcx9zkefxsmcpnln
- - &chaser_pardofelis age1l9acz0cuy455nprryeqyv6ckfqgv3tekuk0kxvvxyunsapwmpvnsmaazhy
-creation_rules:
- - path_regex: ^secrets/secrets\.yaml$
- key_groups:
- - pgp:
- - *admin_hpcesia
- age:
- - *user_hpcesia
- - *chaser_kevin
- - *chaser_pardofelis
- - path_regex: ^secrets/hosts/pardofelis/secrets\.yaml$
- key_groups:
- - pgp:
- - *admin_hpcesia
- age:
- - *chaser_kevin
- - *chaser_pardofelis