steveej/infra
1
0
Fork 0
Code Issues 2 Pull requests Projects Releases Packages Wiki Activity Actions

chore: bump and reconfigure treefmt-nix, include just fmt

Browse source
This commit is contained in:
steveej 2025-02-14 16:46:28 +01:00
parent e658e27576
commit c0daa9e6e9
13 changed files with 419 additions and 407 deletions
Download patch file Download diff file Expand all files Collapse all files

7
.vscode/settings.json vendored
View file

@ -11,11 +11,10 @@
"ignored": ["unused_binding", "unused_with"]
},
"formatting": {
"command": ["treefmt-nix", "--stdin", ".nil.nix"]
"command": ["treefmt", "--stdin", ".nil.nix"]
}
}
},
"[nix]": {
"editor.defaultFormatter": "jnoortheen.nix-ide"
}
"treefmt.command": "treefmt",
"treefmt.config": ""
}

432
Justfile
View file

@ -2,316 +2,316 @@
# echo "{{invocation_directory()}}/nix/variables/versions.tmpl.nix"
_usage:
just -l
just -l
# Re-render the default versions
update-default-versions:
nix flake update
nix flake update
_get_nix_path versionsPath:
echo $(set -x; nix-build --no-link --show-trace {{invocation_directory()}}/nix/default.nix -A channelSources --argstr versionsPath {{versionsPath}})
echo $(set -x; nix-build --no-link --show-trace {{ invocation_directory() }}/nix/default.nix -A channelSources --argstr versionsPath {{ versionsPath }})
_device recipe dir +moreargs="":
#!/usr/bin/env bash
set -ex
unset NIX_PATH
source $(just -v _get_nix_path {{invocation_directory()}}/{{dir}}/versions.nix)
$(set -x; nix-build --no-link --show-trace $(dirname {{dir}})/default.nix -A recipes.{{recipe}} --argstr dir {{dir}} {{moreargs}})
#!/usr/bin/env bash
set -ex
unset NIX_PATH
source $(just -v _get_nix_path {{ invocation_directory() }}/{{ dir }}/versions.nix)
$(set -x; nix-build --no-link --show-trace $(dirname {{ dir }})/default.nix -A recipes.{{ recipe }} --argstr dir {{ dir }} {{ moreargs }})
_render_templates:
#!/usr/bin/env bash
set -ex
if ! ip route get 1.1.1.1; then
echo No route to WAN. Skipping template rendering...
else
source $(just -v _get_nix_path {{invocation_directory()}}/nix/variables/versions.nix)
# nix/scripts/pre-eval-fixed.sh nix/home-manager/profiles/dotfiles/vcsh{.tmpl,}.nix
fi
#!/usr/bin/env bash
set -ex
if ! ip route get 1.1.1.1; then
echo No route to WAN. Skipping template rendering...
else
source $(just -v _get_nix_path {{ invocation_directory() }}/nix/variables/versions.nix)
# nix/scripts/pre-eval-fixed.sh nix/home-manager/profiles/dotfiles/vcsh{.tmpl,}.nix
fi
rebuild-remote-device device +rebuildargs="dry-activate":
#!/usr/bin/env bash
set -ex
nix run .#colmena -- apply --impure --on {{device}} {{rebuildargs}}
#!/usr/bin/env bash
set -ex
nix run .#colmena -- apply --impure --on {{ device }} {{ rebuildargs }}
# Rebuild this device's NixOS
rebuild-this-device +rebuildargs="dry-activate":
nix run .#colmena -- apply-local --impure --sudo {{rebuildargs}}
nix run .#colmena -- apply-local --impure --sudo {{ rebuildargs }}
# Re-render the versions of a remote device and rebuild its environment
update-remote-device devicename +rebuildargs='build':
#!/usr/bin/env bash
set -e
#!/usr/bin/env bash
set -e
(
set -xe
cd nix/os/devices/{{devicename}}
nix flake update
)
(
set -xe
cd nix/os/devices/{{ devicename }}
nix flake update
)
just -v rebuild-remote-device {{devicename}} {{rebuildargs}}
just -v rebuild-remote-device {{ devicename }} {{ rebuildargs }}
git commit -v nix/os/devices/{{devicename}}/flake.{nix,lock} -m "nix/os/devices/{{devicename}}: bump versions"
git commit -v nix/os/devices/{{ devicename }}/flake.{nix,lock} -m "nix/os/devices/{{ devicename }}: bump versions"
# Re-render the versions of the current device and rebuild its environment
update-this-device rebuild-mode='switch' +moreargs='':
#!/usr/bin/env bash
set -e
#!/usr/bin/env bash
set -e
(
set -xe
cd nix/os/devices/$(hostname -s)
nix flake update
)
(
set -xe
cd nix/os/devices/$(hostname -s)
nix flake update
)
just -v rebuild-this-device {{rebuild-mode}} {{moreargs}}
just -v rebuild-this-device {{ rebuild-mode }} {{ moreargs }}
git commit -v nix/os/devices/$(hostname -s)/flake.{nix,lock} -m "nix/os/devices/$(hostname -s): bump versions"
git commit -v nix/os/devices/$(hostname -s)/flake.{nix,lock} -m "nix/os/devices/$(hostname -s): bump versions"
# Rebuild an offline system
rebuild-disk device:
#!/usr/bin/env bash
set -xe
#!/usr/bin/env bash
set -xe
just -v disk-mount {{device}}
trap "set +e; just -v disk-umount {{device}}" EXIT
just -v disk-install {{device}}
just -v disk-mount {{ device }}
trap "set +e; just -v disk-umount {{ device }}" EXIT
just -v disk-install {{ device }}
# Re-render the versions of the given offline system and reinstall it in offline-mode
update-disk dir:
#!/usr/bin/env bash
set -exuo pipefail
#!/usr/bin/env bash
set -exuo pipefail
dir={{dir}}
dir={{ dir }}
template={{dir}}/versions.tmpl.nix
outfile={{dir}}/versions.nix
template={{ dir }}/versions.tmpl.nix
outfile={{ dir }}/versions.nix
if ! test -e ${template}; then
template="$(just _DEFAULT_VERSION_TMPL)"
fi
if ! test -e ${template}; then
template="$(just _DEFAULT_VERSION_TMPL)"
fi
esh -o ${outfile} ${template}
if ! test "$(git diff ${outfile})"; then
echo Already on latest versions
exit 0
fi
esh -o ${outfile} ${template}
if ! test "$(git diff ${outfile})"; then
echo Already on latest versions
exit 0
fi
export SYSREBUILD_LOG=.{{dir}}_sysrebuild.log
just -v rebuild-disk {{dir}} || {
echo ERROR: Update of {{dir}} failed, reverting ${outfile}...
exit 1
}
export SYSREBUILD_LOG=.{{ dir }}_sysrebuild.log
just -v rebuild-disk {{ dir }} || {
echo ERROR: Update of {{ dir }} failed, reverting ${outfile}...
exit 1
}
git commit -v ${outfile} -m "${dir}: bump versions"
git commit -v ${outfile} -m "${dir}: bump versions"
# Iterate on a qtile config by running it inside Xephyr. (un-/grab the mouse with Ctrl + Shift-L)
hm-iterate-qtile:
#!/usr/bin/env bash
set -xe
home-manager switch || just -v rebuild-this-device switch
Xephyr -ac -br -resizeable :1 &
XEPHYR_PID=$!
echo ${XEPHYR_PID}
DISPLAY=:1 $(grep qtile ~/.xsession) &
echo "Xephyr started. un-/grab the mouse with Ctrl + Shift-L"
wait $!
kill ${XEPHYR_PID}
#!/usr/bin/env bash
set -xe
home-manager switch || just -v rebuild-this-device switch
Xephyr -ac -br -resizeable :1 &
XEPHYR_PID=$!
echo ${XEPHYR_PID}
DISPLAY=:1 $(grep qtile ~/.xsession) &
echo "Xephyr started. un-/grab the mouse with Ctrl + Shift-L"
wait $!
kill ${XEPHYR_PID}
# !!! DANGERIOUS !!! This wipes the disk which is configured for the given device.
disk-prepare dir:
just -v _device diskPrepare {{dir}}
just -v _device diskPrepare {{ dir }}
disk-relabel dir previous:
just -v _device diskRelabel {{dir}} --argstr previousDiskId {{previous}}
just -v _device diskRelabel {{ dir }} --argstr previousDiskId {{ previous }}
# Mount the target disk specified by device configuration directory. The 'dir' argument points to a device configuration, e.g. 'nix/os/devices/steveej-live-mmc-SL32G_0x259093f6'
disk-mount dir:
just -v _device diskMount {{dir}}
just -v _device diskMount {{ dir }}
# Unmount target disk, specified by device configuration directory
disk-umount dir:
just -v _device diskUmount {{dir}}
just -v _device diskUmount {{ dir }}
# Perform an offline installation on the mounted target disk, specified by device configuration directory
disk-install dir: _render_templates
just -v _device diskInstall {{dir}}
just -v _device diskInstall {{ dir }}
verify-n-unlock sshserver attempts="10":
#!/usr/bin/env bash
set -e
env \
GETPW="just _get_pass_entry Infrastructure/VPS/{{sshserver}} DRIVE_PW" \
SSHOPTS="$(just _get_pass_entry Infrastructure/VPS/{{sshserver}} SSHOPTS)" \
VNCSOCK="$(just _get_pass_entry Infrastructure/VPS/{{sshserver}} VNCSOCK)" \
VNCPW="$(just _get_pass_entry Infrastructure/VPS/{{sshserver}} VNCPW)" \
\
just _verify-n-unlock {{sshserver}} {{attempts}}
#!/usr/bin/env bash
set -e
env \
GETPW="just _get_pass_entry Infrastructure/VPS/{{ sshserver }} DRIVE_PW" \
SSHOPTS="$(just _get_pass_entry Infrastructure/VPS/{{ sshserver }} SSHOPTS)" \
VNCSOCK="$(just _get_pass_entry Infrastructure/VPS/{{ sshserver }} VNCSOCK)" \
VNCPW="$(just _get_pass_entry Infrastructure/VPS/{{ sshserver }} VNCPW)" \
\
just _verify-n-unlock {{ sshserver }} {{ attempts }}
_verify-n-unlock sshserver attempts:
#!/usr/bin/env bash
set -e
: ${VNCSOCK:?VNCSOCK must be set}
: ${VNCPW:?VNCPW must be set}
#!/usr/bin/env bash
set -e
: ${VNCSOCK:?VNCSOCK must be set}
: ${VNCPW:?VNCPW must be set}
export MAGICK_ARGS="-filter Catrom -density 72 -resample 300 -contrast -normalize -despeckle -type grayscale -sharpen 1 -posterize 3 -negate -gamma 100 -blur 1x65535"
export TESS_ARGS="-c debug_file=/dev/null --psm 4"
export MAGICK_ARGS="-filter Catrom -density 72 -resample 300 -contrast -normalize -despeckle -type grayscale -sharpen 1 -posterize 3 -negate -gamma 100 -blur 1x65535"
export TESS_ARGS="-c debug_file=/dev/null --psm 4"
function send() {
local what="${1:?need something to send}"
ssh -4 ${SSHOPTS:?need sshopts} root@{{sshserver}} "echo -e ${what}>> /dev/tty0" &>/dev/null
}
function send() {
local what="${1:?need something to send}"
ssh -4 ${SSHOPTS:?need sshopts} root@{{ sshserver }} "echo -e ${what}>> /dev/tty0" &>/dev/null
}
function expect() {
local what="${1:?need something to expect}"
vncdo --server=${VNCSOCK} --password=${VNCPW} --disable-desktop-resizing --nocursor capture $PWD/screenshot.bmp
convert ${MAGICK_ARGS} screenshot.bmp screenshot.tiff
tesseract ${TESS_ARGS} screenshot.tiff screenshot
grep --quiet "${what}" screenshot.txt
}
function expect() {
local what="${1:?need something to expect}"
vncdo --server=${VNCSOCK} --password=${VNCPW} --disable-desktop-resizing --nocursor capture $PWD/screenshot.bmp
convert ${MAGICK_ARGS} screenshot.bmp screenshot.tiff
tesseract ${TESS_ARGS} screenshot.tiff screenshot
grep --quiet "${what}" screenshot.txt
}
function send_and_expect() {
local send="${1:?need something to send}"
local expect="${2:?need something to expect}"
if ! send "${send}"; then
echo warning: cannot send > /dev/stderr
return -1
fi
expect "${expect}"
}
function send_and_expect() {
local send="${1:?need something to send}"
local expect="${2:?need something to expect}"
if ! send "${send}"; then
echo warning: cannot send > /dev/stderr
return -1
fi
expect "${expect}"
}
trap 'E=$?; set +e; rm screenshot.*; echo Exiting...; kill $(jobs -p | cut -d " " -f 4); exit $E' EXIT
trap 'E=$?; set +e; rm screenshot.*; echo Exiting...; kill $(jobs -p | cut -d " " -f 4); exit $E' EXIT
for i in `seq 1 {{attempts}}`; do
echo Attempt $i...
expect="$(pwgen -0 12)"
send="'\0033\0143'${expect}"
if send_and_expect "${send}" "${expect}"; then
pipe=$(mktemp -u)
mkfifo ${pipe}
exec 3<>${pipe}
rm ${pipe}
for i in `seq 1 {{ attempts }}`; do
echo Attempt $i...
expect="$(pwgen -0 12)"
send="'\0033\0143'${expect}"
if send_and_expect "${send}" "${expect}"; then
pipe=$(mktemp -u)
mkfifo ${pipe}
exec 3<>${pipe}
rm ${pipe}
echo Verification succeeded at attempt $i. Unlocking remote drive...
ssh -4 ${SSHOPTS} root@{{sshserver}} "cryptsetup-askpass" <&3 &>/dev/null &
eval ${GETPW} | head -n1 >&3
echo Verification succeeded at attempt $i. Unlocking remote drive...
ssh -4 ${SSHOPTS} root@{{ sshserver }} "cryptsetup-askpass" <&3 &>/dev/null &
eval ${GETPW} | head -n1 >&3
for j in `seq 1 120`; do
sleep 0.5
if expect '— success'; then
echo Unlock successful.
exit 0
fi
done
for j in `seq 1 120`; do
sleep 0.5
if expect '— success'; then
echo Unlock successful.
exit 0
fi
done
echo Unlock failed...
exit 1
fi
done
echo Verification failed {{attempts}} times. Giving up...
exit 1
echo Unlock failed...
exit 1
fi
done
echo Verification failed {{ attempts }} times. Giving up...
exit 1
_get_pass_entry path key:
pass show {{path}}| grep -E "^{{key}}:" | sed -E 's/^[^:]+: *//g'
pass show {{ path }}| grep -E "^{{ key }}:" | sed -E 's/^[^:]+: *//g'
run-with-channels +cmds:
#!/usr/bin/env bash
source $(just -v _get_nix_path {{invocation_directory()}}/nix/variables/versions.nix)
{{cmds}}
#!/usr/bin/env bash
source $(just -v _get_nix_path {{ invocation_directory() }}/nix/variables/versions.nix)
{{ cmds }}
install-config config root:
sudo just run-with-channels nixos-install -I nixos-config={{invocation_directory()}}/{{config}} --root {{root}} --no-root-passwd
sudo just run-with-channels nixos-install -I nixos-config={{ invocation_directory() }}/{{ config }} --root {{ root }} --no-root-passwd
# Switch between gpg-card capable devices which have a copy of the same key
switch-gpg-card:
#!/usr/bin/env bash
#
# Derived from https://github.com/drduh/YubiKey-Guide/issues/19.
#
# Connect the new device and then run this script to make it known to gnupg.
#
set -xe
KEY_ID=$(gpg --card-status | rg sec | rg -o '[0-9A-Z]{16}')
#!/usr/bin/env bash
#
# Derived from https://github.com/drduh/YubiKey-Guide/issues/19.
#
# Connect the new device and then run this script to make it known to gnupg.
#
set -xe
KEY_ID=$(gpg --card-status | rg sec | rg -o '[0-9A-Z]{16}')
# export pubkey and ownertrust
gpg2 --output "${KEY_ID}".pubkey --export "${KEY_ID}"
# if this fails the trust in the key is missing and can be fixed with `gpg --edit-key ${KEY_ID}`
gpg2 --export-ownertrust | rg "${KEY_ID}" > "${KEY_ID}".ownertrust
# export pubkey and ownertrust
gpg2 --output "${KEY_ID}".pubkey --export "${KEY_ID}"
# if this fails the trust in the key is missing and can be fixed with `gpg --edit-key ${KEY_ID}`
gpg2 --export-ownertrust | rg "${KEY_ID}" > "${KEY_ID}".ownertrust
# delete the key
gpg --yes --delete-secret-and-public-keys "${KEY_ID}"
# delete the key
gpg --yes --delete-secret-and-public-keys "${KEY_ID}"
# import pubkey and ownertrust back and cleanup
gpg2 --import "${KEY_ID}".pubkey
gpg2 --import-ownertrust < "${KEY_ID}".ownertrust
rm "${KEY_ID}".{pubkey,ownertrust}
# import pubkey and ownertrust back and cleanup
gpg2 --import "${KEY_ID}".pubkey
gpg2 --import-ownertrust < "${KEY_ID}".ownertrust
rm "${KEY_ID}".{pubkey,ownertrust}
# refresh the gpg agent
gpg-connect-agent "scd serialno" "learn --force" /bye
gpg --card-status
# refresh the gpg agent
gpg-connect-agent "scd serialno" "learn --force" /bye
gpg --card-status
# Connect to `remote` UUID, and turn it into a short name
uuid-to-device-name remote:
#!/usr/bin/env bash
set -e -o pipefail
ssh {{remote}} 'nix run nixpkgs.dmidecode -c dmidecode -s system-uuid' | xxhsum --quiet -H1 | awk '{print $1}'
#!/usr/bin/env bash
set -e -o pipefail
ssh {{ remote }} 'nix run nixpkgs.dmidecode -c dmidecode -s system-uuid' | xxhsum --quiet -H1 | awk '{print $1}'
test-connection:
#! /usr/bin/env nix-shell
#! nix-shell -p curl zsh
#! nix-shell -i zsh
#! nix-shell --pure
#! /usr/bin/env nix-shell
#! nix-shell -p curl zsh
#! nix-shell -i zsh
#! nix-shell --pure
while true; do
FAILURE="false"
output=$(
echo "$(date)\n---"
for url in \
"https://172.16.0.1:65443/0.7/gui/#/login/" \
"https://192.168.0.1" \
"http://172.172.171.9" \
"https://172.172.171.10:65443" \
"https://172.172.171.11:65443" \
"https://172.172.171.13:443" \
"https://172.172.171.14:443" \
"http://172.172.171.15:22" \
"http://172.172.171.16:22" \
"https://crates.io" \
"https://holo.host" \
; \
do
print "trying ${url}": $(
curl_output=$(curl --http0.9 -k --head --connect-timeout 0.5 ${url} 2>&1)
# if [ $? -ne 0 ]; then
if [[ "$curl_output" == *timeout* ]]; then
echo failure: $(echo ${curl_output} | tail -n1)
# BUG: outer FAILURE is not set by this
FAILURE="true"
else
echo success
fi
)
done
)
clear
echo ${output}
while true; do
FAILURE="false"
output=$(
echo "$(date)\n---"
for url in \
"https://172.16.0.1:65443/0.7/gui/#/login/" \
"https://192.168.0.1" \
"http://172.172.171.9" \
"https://172.172.171.10:65443" \
"https://172.172.171.11:65443" \
"https://172.172.171.13:443" \
"https://172.172.171.14:443" \
"http://172.172.171.15:22" \
"http://172.172.171.16:22" \
"https://crates.io" \
"https://holo.host" \
; \
do
print "trying ${url}": $(
curl_output=$(curl --http0.9 -k --head --connect-timeout 0.5 ${url} 2>&1)
# if [ $? -ne 0 ]; then
if [[ "$curl_output" == *timeout* ]]; then
echo failure: $(echo ${curl_output} | tail -n1)
# BUG: outer FAILURE is not set by this
FAILURE="true"
else
echo success
fi
)
done
)
clear
echo ${output}
if [[ ${FAILURE} == "true" ]]; then
echo something failed
tracepath -m5 -n1 172.16.0.1
tracepath -m5 -n1 192.168.0.1
fi
if [[ ${FAILURE} == "true" ]]; then
echo something failed
tracepath -m5 -n1 172.16.0.1
tracepath -m5 -n1 192.168.0.1
fi
sleep 5
done
sleep 5
done
cachix-use name:
nix run nixpkgs/nixos-unstable#cachix -- use {{name}} -m nixos -d nix/os/
nix run nixpkgs/nixos-unstable#cachix -- use {{ name }} -m nixos -d nix/os/
update-sops-keys:
for file in $(egrep -lr '"?sops"?:') secrets; do sops updatekeys -y $file; done
for file in $(egrep -lr '"?sops"?:') secrets; do sops updatekeys -y $file; done
deploy-router0-dmz0:
NIX_SSHOPTS="-o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o CheckHostIP=no" nixos-rebuild switch --impure --flake .\#router0-dmz0 --target-host root@192.168.20.1
NIX_SSHOPTS="-o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o CheckHostIP=no" nixos-rebuild switch --impure --flake .\#router0-dmz0 --target-host root@192.168.20.1
ttyusb:
screen -fa /dev/ttyUSB0 115200
screen -fa /dev/ttyUSB0 115200

15
flake.nix
View file

@ -278,7 +278,6 @@
};
};
local-xwayland = pkgs.writeShellScriptBin "local-xwayland" ''
set -x
${pkgs.wayland-proxy-virtwl}/bin/wayland-proxy-virtwl \
@ -287,7 +286,7 @@
--x-display=0 \
# --x-unscale=3 \
--verbose
'';
'';
in
{
dcpj4110dwDriver = dcpj4110dw.driver;
@ -355,6 +354,13 @@
shellcheck.enable = true;
prettier.enable = true;
just = {
enable = true;
includes = [
"*/Justfile"
"Justfile"
];
};
} // pkgs.lib.optionalAttrs (pkgs.system != "riscv64-linux") { shellcheck.enable = true; };
settings = {
@ -410,7 +416,10 @@
;
};
in
all // { default = all.develop; };
all
// {
default = all.develop;
};
};
}
);

10
nix/devShells.nix
View file

@ -93,11 +93,11 @@
self.nixosConfigurations.sj-srv1.config.containers.webserver.config.services.kanidm.serverSettings.origin;
shellHook = builtins.concatStringsSep "\n" [
(self.inputs.nixago.lib.${pkgs.system}.make {
data = self'.formatter.settings;
output = "treefmt.toml";
format = "toml";
}).shellHook
# (self.inputs.nixago.lib.${pkgs.system}.make {
# data = self'.formatter.settings;
# output = "treefmt.toml";
# format = "toml";
# }).shellHook
];
};
}

15
nix/home-manager/programs/firefox.nix
View file

@ -162,7 +162,10 @@ let
"devtools.debugger.remote-enabled" = true;
# disable translations for some languages
"browser.translations.neverTranslateLanguages" = ["en" "de"];
"browser.translations.neverTranslateLanguages" = [
"en"
"de"
];
"browser.translations.automaticallyPopup" = false;
# enable pipewire (and libcamera) sources
@ -300,12 +303,14 @@ let
in
{
nixpkgs.overlays = [
repoFlake.inputs.nur.overlay
repoFlake.inputs.nur.overlay
];
nixpkgs.config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [
"youtube-recommended-videos"
];
nixpkgs.config.allowUnfreePredicate =
pkg:
builtins.elem (lib.getName pkg) [
"youtube-recommended-videos"
];
programs.librewolf = {
enable = false;

11
nix/os/devices/router0-dmz0/flake.nix
View file

@ -13,12 +13,11 @@
srvos.url = "github:numtide/srvos";
srvos.inputs.nixpkgs.follows = "nixpkgs";
nixos-sbc.url =
"github:nakato/nixos-sbc"
# "github:steveej-forks/nakato_nixos-sbc//bpi-r3_kernel-6.12"
# "github:steveej-forks/nakato_nixos-sbc//bpi-r3_kernel-6.13"
# "github:steveej-forks/nakato_nixos-sbc/kernel-6.9_and_cross-compile"
# "github:steveej-forks/nakato_nixos-sbc/kernel-6.10_and_cross-compile"
nixos-sbc.url = "github:nakato/nixos-sbc"
# "github:steveej-forks/nakato_nixos-sbc//bpi-r3_kernel-6.12"
# "github:steveej-forks/nakato_nixos-sbc//bpi-r3_kernel-6.13"
# "github:steveej-forks/nakato_nixos-sbc/kernel-6.9_and_cross-compile"
# "github:steveej-forks/nakato_nixos-sbc/kernel-6.10_and_cross-compile"
# "git+file:///home/steveej/src/others/nakato_nixos-sbc/"
;
nixos-sbc.inputs.nixpkgs.follows = "nixpkgs";

1
nix/os/devices/steveej-x13s/configuration.nix
View file

@ -6,7 +6,6 @@
config,
nodeName,
system,
packages',
...
}:
{

9
nix/os/devices/steveej-x13s/flake.nix
View file

@ -15,8 +15,7 @@
inputs.nixpkgs.follows = "nixpkgs";
};
nixos-x13s.url =
"git+https://forgejo.www.stefanjunker.de/steveej/nixos-x13s.git?ref=bump"
nixos-x13s.url = "git+https://forgejo.www.stefanjunker.de/steveej/nixos-x13s.git?ref=bump"
# 6.13-rc2
# "git+https://forgejo.www.stefanjunker.de/steveej/nixos-x13s.git?ref=bump&rev=c95058f8aa1b361df3874429c5dc0f694f9cba78"
# 6.11.0
@ -89,8 +88,10 @@
inherit mkNixosConfiguration;
};
overlays.default = _final: _previous: {
};
overlays.default =
_final: _previous:
{
};
nixosConfigurations = {
native = mkNixosConfiguration { system = nativeSystem; };

2
nix/os/profiles/install-medium/iso/Justfile
View file

@ -1,2 +1,2 @@
build:
nix-build '<nixpkgs/nixos>' -A config.system.build.isoImage -I nixos-config=iso.nix
nix-build '<nixpkgs/nixos>' -A config.system.build.isoImage -I nixos-config=iso.nix

66
secrets/router0-dmz0/secrets.yaml
View file

@ -17,37 +17,37 @@ wg1-privatekey: ENC[AES256_GCM,data:Q3zb6oLhBqW+D063S37O2vZD3PSn3yIYWWkOtZwvpmMm
wg1-publickey: ENC[AES256_GCM,data:7svFjRVdWBmrUt2qzHSmgBo4HPwJR6I6p3rZg2U+h1uVhQwCnUCH6JATVZs=,iv:xWUKpjmmrf/U8T8XmdL4Ox+aqkftnh8oeORCkhtJoBU=,tag:+k+E13X+EbZxfiq0MoGIEg==,type:str]
wg1-peer0-psk: ENC[AES256_GCM,data:egtyccOYD4NAUTunpvVXTJwjtSdJJT8v5O9Wl7NoCKy2eDzrQvrEEK8Zzts=,iv:D7EQkj2Oz2JJIF6slTLq3A4esKN6VfkOA+odHvjSeUE=,tag:z/blOUXX1JOyqtXgMldnlg==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1qju6ms625tlgcjwc9p447seu2p8gu0cr63e5gv5y0wx9mvgmre9slxzzs0
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBRNE9VK05aYlRKcXRBak1h
Sk5GS08zUE93U2VSL2FYTTllS3Fjb2I5R1ZZCjFtL1RZUWVvbzdlcnBCN1NJbE5S
QW9paVFDaldhSVh2eitoaStpZU94T2MKLS0tIHV4ajZFdEl0TjFNNXhhTlFBaGMz
S0Y0WjA5eXovc2pUUzdUY0ZEZVN1dkUKNuvEcQ5lmVUNan4fj0tfwXc3JUfV8opV
KCBiiPEIBRwryWg7CLo7qgFU9nRTnA7Wjjo2vnh9nLLnIjNSmc/ECQ==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-02-05T09:44:59Z"
mac: ENC[AES256_GCM,data:P2bEHq4ZBg2Y8RPmUSuIOxWxJdYTUpTD5nXv3vqAHOU0t5ZlyOjFUPYejGBLdvd++v+plwo4lYG4/JJ3/LFIM/n2f1kFOOPSIt6yox6oYHHzJRly2kBfyIpUz4q+1c/xhMjpcQdAlWEdIQLm80BMUpny9y2KhVYot9TvTNTSkxM=,iv:uso8kcW8gildOD7FF1Xvage2dccQ8GkMI6nDCaUw2qc=,tag:urKtsRoGqwoZzk7DuMCINw==,type:str]
pgp:
- created_at: "2024-12-24T19:36:20Z"
enc: |-
-----BEGIN PGP MESSAGE-----
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1qju6ms625tlgcjwc9p447seu2p8gu0cr63e5gv5y0wx9mvgmre9slxzzs0
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBRNE9VK05aYlRKcXRBak1h
Sk5GS08zUE93U2VSL2FYTTllS3Fjb2I5R1ZZCjFtL1RZUWVvbzdlcnBCN1NJbE5S
QW9paVFDaldhSVh2eitoaStpZU94T2MKLS0tIHV4ajZFdEl0TjFNNXhhTlFBaGMz
S0Y0WjA5eXovc2pUUzdUY0ZEZVN1dkUKNuvEcQ5lmVUNan4fj0tfwXc3JUfV8opV
KCBiiPEIBRwryWg7CLo7qgFU9nRTnA7Wjjo2vnh9nLLnIjNSmc/ECQ==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-02-05T09:44:59Z"
mac: ENC[AES256_GCM,data:P2bEHq4ZBg2Y8RPmUSuIOxWxJdYTUpTD5nXv3vqAHOU0t5ZlyOjFUPYejGBLdvd++v+plwo4lYG4/JJ3/LFIM/n2f1kFOOPSIt6yox6oYHHzJRly2kBfyIpUz4q+1c/xhMjpcQdAlWEdIQLm80BMUpny9y2KhVYot9TvTNTSkxM=,iv:uso8kcW8gildOD7FF1Xvage2dccQ8GkMI6nDCaUw2qc=,tag:urKtsRoGqwoZzk7DuMCINw==,type:str]
pgp:
- created_at: "2024-12-24T19:36:20Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQEMA0SHG/zF3227AQf/RIzNBL+pVy3msNL8iuGdPXywQhS4JPgP9QqiYu8hqTsw
ja/jx8ShJmLjC5i7D8nwwbUyY1DJTSdHcRblcsROgo4DgthdtuprJlSQIPZhaW5Q
Rbo52yT1LkzypUcSQFIDY2QFpPw2zL3ZmPyIwg7YCI3seNQckv93nZQzpLx2Ifad
hLU0+C8tU94z+sgqLq0OVryZb6taQP/h41niFKHZtemnykA03JIbCmyl1HZDEtRJ
1xSFpAKAtfzdhR5SfrGYtSBj7FysanfSEi4Gxxp7VcfqBVYTHAOsDLFnFCEwr13H
sopUdgCeZdZTBFgzS+AVb0zcHti/YJ9xUNrIKJXwAdJcAS9w3Y4MqcbEdcFp/CD5
W8w7WZjHm8ly0qm2DgyQmd3040V64mt5cDe7+8YRqu5cZILyKpRGwUx3ES0eJ+g3
g2P8+l5NEvzTX3ldXHObOUVebLouZrxd6UjWvUo=
=mYf/
-----END PGP MESSAGE-----
fp: 6F7069FE6B96E894E60EC45C6EEFA706CB17E89B
unencrypted_suffix: _unencrypted
version: 3.9.1
hQEMA0SHG/zF3227AQf/RIzNBL+pVy3msNL8iuGdPXywQhS4JPgP9QqiYu8hqTsw
ja/jx8ShJmLjC5i7D8nwwbUyY1DJTSdHcRblcsROgo4DgthdtuprJlSQIPZhaW5Q
Rbo52yT1LkzypUcSQFIDY2QFpPw2zL3ZmPyIwg7YCI3seNQckv93nZQzpLx2Ifad
hLU0+C8tU94z+sgqLq0OVryZb6taQP/h41niFKHZtemnykA03JIbCmyl1HZDEtRJ
1xSFpAKAtfzdhR5SfrGYtSBj7FysanfSEi4Gxxp7VcfqBVYTHAOsDLFnFCEwr13H
sopUdgCeZdZTBFgzS+AVb0zcHti/YJ9xUNrIKJXwAdJcAS9w3Y4MqcbEdcFp/CD5
W8w7WZjHm8ly0qm2DgyQmd3040V64mt5cDe7+8YRqu5cZILyKpRGwUx3ES0eJ+g3
g2P8+l5NEvzTX3ldXHObOUVebLouZrxd6UjWvUo=
=mYf/
-----END PGP MESSAGE-----
fp: 6F7069FE6B96E894E60EC45C6EEFA706CB17E89B
unencrypted_suffix: _unencrypted
version: 3.9.1

228
secrets/shared-users.yaml
View file

@ -10,118 +10,118 @@ sharedUsers-radicale: ENC[AES256_GCM,data:Mn1QIwQDX0ZnZ0Jbk1RYY60k+XbbGPYYf+NG3x
sharedUsers-elias: ENC[AES256_GCM,data:RsGDCguYkqegKhkO20lr8HjrTABAaNJmDiGK3DhhbX1sOLMweZwDtESvYjCfAOzWpiAaFh0BqevMkuUcEYQTBubSX+X0EZ0dFrdbVxIe7lq7Dosds98SqKLL4zWqe2y2qsphvj+oAz7Utg==,iv:JXIbyqAUt1OcB+bvgK6H2NU6Ip4nWRJ1/Hje75FfHC4=,tag:kPFALVkf1GbRj1J85SZm6Q==,type:str]
sharedUsers-justyna: ENC[AES256_GCM,data:BGVp2QppWWaYHK3rwLlyy7SOWxSqKGsn7lemWe0KUzgiQc6D8ivYvXdGaAhJNvhgVTxlK6BZOacG4NESWf5hi7sN8AkwTT/6pa9WzhQQGNnwZIaVulXeddzFlebbh8pAt0WYV82DRejX3Q==,iv:RMysIp0pMnCLhWogWiGq4IpZA43sd0DPj3jeV0oRkY8=,tag:VvXPzyGAoATlSedvV2prJA==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age17jxphuql70wjkd84azn62ltx9ky69hyvkac23lm8f2j92lznf9hseqq0vl
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB6T2hmV3BOU0M1MTloWktK
YTRXS3lTcERncjNpaFlhRlljNWlJQURmdW1FCmQzNEFFZ2VxTmdmZ21idzZEUHVZ
clFMZU1tTG9kWkNFVzdXK0NYQjVMMnMKLS0tIHVwRzlpR2VwcXlCdUxUbTN4YWcy
Y3dqOXlTeDZRU3YycUtqTXpKcWt4bk0KT71rTNU/kZci9u3NahgR3/fL6IHHxVdu
unIWav0e6cZVQXKw29Pji966zuB5Rv0vb+5LAYsXzC0E6vtiC7kwzA==
-----END AGE ENCRYPTED FILE-----
- recipient: age1y9urllccdcemlv7g5z4peuzeh5ah0a8nu6cnkvym8v2vfhqjd5jql483c6
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxM0NiZ1RIekpsY2pDVEh0
MldzL0Zna045QVY5TnAwYU1rTitQMkxOZ1M4Ck80a2dnTlFxYkZyKzE3emFTa29R
THNTblJuU1g0Zlg1RlhMV0JsY3ZpR0UKLS0tIGhLWFZOcS9za0Riak9QUVZ1dGhZ
SnVNUTJFWnVHTDZKZzFBME5ZZzFBWE0K6jMchwT9eJOqyBhSiyg0XS69KxWc2Xx1
SJS0acLF+Lcrw0xEr856846P/bH+l/SY4Ii7Mv0b38GOb5KPGra3cA==
-----END AGE ENCRYPTED FILE-----
- recipient: age1pmznn2tjpelpmxjxqef48rse5ujggf9kcr8x5vewuadqcw03aavqwy54zm
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBENVQ5MHZ3VXBMbUdBTHFN
Z09QTDdyWFpHUG9LWGdqZXhBRm90ZnBsNFhJClJpaTFCaSt6Q0E1UlR0WEljWjVv
UE1LUDZ1by9zYmhibGJHRGpKT2RhbzQKLS0tIEhKYTlTcmw2NDBDVGluc1N0Y2Rl
d2dsU0ZnMFVlYnJtai9UWDJROG9JTWcKeCVOvRWUJutoFOhDLni2CpgKUUvxTFUS
NNozeDy27P+ZZFDHxBGPoJhJmAKt7Vs4FpdAYJM1xeZWd4BgakdUZw==
-----END AGE ENCRYPTED FILE-----
- recipient: age1ye4fa0v37shz8q4e5uf9cp2avygcp9jtetmnj2sv9y9mqc7gjyksq2cjy8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBIMWxSQ3ovamNoaFovcDRi
NGVRRGNZZDJoVWdhMDBhRU9VZHNzMUkzV1RFCjgzQ1FDdSsyMWYrZC9iZXBDa1NJ
dThoNms4aW5iQVBzK21URXkrQjFQR3cKLS0tIDFmR2o4OEpxZnJheGJTWHRMNDBV
djkrN0xTR25zeEVjYnpMbllZRHcySGsKvPzezvh4MF5TvrqEAg5z/nDRw8iviIx0
wcnO7RQZGSZ71Cv0T11dIpAixUE90l5b6xHKdaeS8vtYFTKdw8FjKg==
-----END AGE ENCRYPTED FILE-----
- recipient: age13cyvxrd28j68f97q2dwsn62q5dy8tdxtq86ql2dxv2ncwfrf63dsmkj7n3
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB5ZW9HdjNSTE5xWlVWY01R
bXAyWVZhcjlkbFVneXhaVnZOQkQ5amszeDJJCjVWa3lLSWhBUDYyd1N1QlZ3T2Fs
QkN2MDViUGwyV0w4NGJiZHhaQ0VjcW8KLS0tIFNkZnNJbXpFOVZsdjREbWFwQ1RB
RTVML1czWWk1QkYzMlVwOWVXNVRwancKKngA02rNH1ZN2jvJ4QZcN07djYzzqoPo
OFeFoOHOKNz3Obwlxv6eW1bd0AP/MT7VR+cTDdaAxwNf8I1gEC9bjw==
-----END AGE ENCRYPTED FILE-----
- recipient: age1qju6ms625tlgcjwc9p447seu2p8gu0cr63e5gv5y0wx9mvgmre9slxzzs0
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBkdG5NWlVURFA0TDhWak5u
R0tmR3JiMThtNnpqM05yQWZTdVAxZTQ4TEcwCndjSlYvMTg1NlRvSHhmdmNMRzhS
MjgwMU5ZcnVnWVplY1lOc1JQNFkxMDQKLS0tIHhHenE2SmdFcC95ampNbmdOSDJX
ZnJLR0RKZ3FrOUxRSU11dlh5ZzBidmcK7PsJYwMJpv9YoaYiN+U20HA2opK2IUnF
elU57b01ZOZM5nfpnyZBdqZO6VRDAZC2h81z+BCNXUQus4SSNQi0aw==
-----END AGE ENCRYPTED FILE-----
- recipient: age18dmqd7r7fanrfmdxsvwgv9psvhs3hw5ydpvw0na0dv3dlrg4rs3q2wpvgv
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB2bzBRSi9qOEsxR0Z4RTNt
U0VKT0o3b3I0dXJxSHRSVnFiR3BWOUNTR2ljCmlHWWZnTGJKeWNhTWxKaEVrbWdG
M2twejZqaFU2RU8wemVxWHlpQVJYZWcKLS0tIDA5Y1Q0RWJvbUlGUHpKN1BIMGM2
cGU2bXpEaVNRcko4TVlBMG9KdnJibjQK86rJ3S+JQhD8+gCkr748z1oVy55ukOMv
c408QBFGToOuzvaRbOIb8lhci4ImuSJJE7TZUzgYsADEAaeudDKVtw==
-----END AGE ENCRYPTED FILE-----
- recipient: age10xwq7a4y256yhv02j0u80te0vt4krgfjc68r0uw07t96z7ggmpwqtv38a0
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB5WHJjQThud1IzSHk2Z0Zn
L2NybEJyMVdoRWszb0lZTlcyN1ppa1BOSmdzCitZa2thNkJyWWxKU0IxdnhrVXNI
Q2dXL1BST1hzMy9PZWpVcU1lckcvdVkKLS0tIDd1VXBGRmdkdnV6UHdzbU1UMjVB
WjB5akxEeUd2eS95ZnZHSUFXSmNXWncK3VXZqfKo8jat4gbn/5YSL/cV5qILqV5b
E/OBRFStWmfhuCZJzCDhU9a0QJocW+UkkI4XRzDDaN66gEmZe+u7mA==
-----END AGE ENCRYPTED FILE-----
- recipient: age1dktk5glcuu34u9t6kp3g2vqyj7dy0elray38t8n75mwa6l0s0vdst2cy00
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2cE5lLy9ZNXdXb0owcnZk
S0JRSkc4Q2p4bGxPSG14VjlKZ3NMMUpEd2drClBGU0FyaGJ1WCtHVHRzYTFqRXpz
VWJvTlBEcXg4TVVLZzV4djE2bUhIRVEKLS0tICtSTCtNS2dON0pIMHNzWmE5Q253
c3loYWpFd0h6N3FpdkdpZGdHZjU0aE0K2zsQNBl1jdhLWf1PeGVo+deCc6BwnTo4
tUg59pWQ5BvwMQx0kjhEoa29S1QUU4Or4erPPoHS5teK4Llv0s2gRQ==
-----END AGE ENCRYPTED FILE-----
- recipient: age1v458x2q70yt0a6m6cq5ehemphtrzfzyhmeg3r872vsyyf65asgwstmqqk4
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBUNHNvaU5sUDEvd3JGWUFa
VjZDbm9VMXpjQWhCYTRxbUlEREErT0tDUXpRCnN4YXhVVW8zTi9ZZmVUYWwwRHhH
dXd0dnB5WE9sTDZ2R3d4MlFiWlFZcmsKLS0tIENJSTNvNWV3SlVwRk15RDRpNllQ
YmZuei9iVFMvcytqS3podTZZb2g3S0kK+qGQ8LkLO6v8T718dyD5j5CTC+UwBaCn
9dxkh9MWkKknRL89MHbV9gVG/StiOa+USGqulXEGbapiZ9q1JYCa7A==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-11-16T19:17:41Z"
mac: ENC[AES256_GCM,data:WWOWqwrUtpJWY7o7M6Aac7B9O6tw91yNiL74Fg0TKq4OH/0TGHI7YJK4c9swXs95jctFvFL9qQPTNEENgnqhJyZJGuc2qTsSaKERsSReaV4gURNEm2J2R52EQkyZXRbrn0oSoDazORqRXQo1KvULV75fyIPtsE1OcU/1/TPkWHY=,iv:XwyR6rM+0eTmKg4+vpQx26iKgKm0NL6siKxLoF3MufM=,tag:ks777fUl7uUgn7W48zBoMg==,type:str]
pgp:
- created_at: "2024-12-24T19:36:21Z"
enc: |-
-----BEGIN PGP MESSAGE-----
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age17jxphuql70wjkd84azn62ltx9ky69hyvkac23lm8f2j92lznf9hseqq0vl
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB6T2hmV3BOU0M1MTloWktK
YTRXS3lTcERncjNpaFlhRlljNWlJQURmdW1FCmQzNEFFZ2VxTmdmZ21idzZEUHVZ
clFMZU1tTG9kWkNFVzdXK0NYQjVMMnMKLS0tIHVwRzlpR2VwcXlCdUxUbTN4YWcy
Y3dqOXlTeDZRU3YycUtqTXpKcWt4bk0KT71rTNU/kZci9u3NahgR3/fL6IHHxVdu
unIWav0e6cZVQXKw29Pji966zuB5Rv0vb+5LAYsXzC0E6vtiC7kwzA==
-----END AGE ENCRYPTED FILE-----
- recipient: age1y9urllccdcemlv7g5z4peuzeh5ah0a8nu6cnkvym8v2vfhqjd5jql483c6
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxM0NiZ1RIekpsY2pDVEh0
MldzL0Zna045QVY5TnAwYU1rTitQMkxOZ1M4Ck80a2dnTlFxYkZyKzE3emFTa29R
THNTblJuU1g0Zlg1RlhMV0JsY3ZpR0UKLS0tIGhLWFZOcS9za0Riak9QUVZ1dGhZ
SnVNUTJFWnVHTDZKZzFBME5ZZzFBWE0K6jMchwT9eJOqyBhSiyg0XS69KxWc2Xx1
SJS0acLF+Lcrw0xEr856846P/bH+l/SY4Ii7Mv0b38GOb5KPGra3cA==
-----END AGE ENCRYPTED FILE-----
- recipient: age1pmznn2tjpelpmxjxqef48rse5ujggf9kcr8x5vewuadqcw03aavqwy54zm
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBENVQ5MHZ3VXBMbUdBTHFN
Z09QTDdyWFpHUG9LWGdqZXhBRm90ZnBsNFhJClJpaTFCaSt6Q0E1UlR0WEljWjVv
UE1LUDZ1by9zYmhibGJHRGpKT2RhbzQKLS0tIEhKYTlTcmw2NDBDVGluc1N0Y2Rl
d2dsU0ZnMFVlYnJtai9UWDJROG9JTWcKeCVOvRWUJutoFOhDLni2CpgKUUvxTFUS
NNozeDy27P+ZZFDHxBGPoJhJmAKt7Vs4FpdAYJM1xeZWd4BgakdUZw==
-----END AGE ENCRYPTED FILE-----
- recipient: age1ye4fa0v37shz8q4e5uf9cp2avygcp9jtetmnj2sv9y9mqc7gjyksq2cjy8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBIMWxSQ3ovamNoaFovcDRi
NGVRRGNZZDJoVWdhMDBhRU9VZHNzMUkzV1RFCjgzQ1FDdSsyMWYrZC9iZXBDa1NJ
dThoNms4aW5iQVBzK21URXkrQjFQR3cKLS0tIDFmR2o4OEpxZnJheGJTWHRMNDBV
djkrN0xTR25zeEVjYnpMbllZRHcySGsKvPzezvh4MF5TvrqEAg5z/nDRw8iviIx0
wcnO7RQZGSZ71Cv0T11dIpAixUE90l5b6xHKdaeS8vtYFTKdw8FjKg==
-----END AGE ENCRYPTED FILE-----
- recipient: age13cyvxrd28j68f97q2dwsn62q5dy8tdxtq86ql2dxv2ncwfrf63dsmkj7n3
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB5ZW9HdjNSTE5xWlVWY01R
bXAyWVZhcjlkbFVneXhaVnZOQkQ5amszeDJJCjVWa3lLSWhBUDYyd1N1QlZ3T2Fs
QkN2MDViUGwyV0w4NGJiZHhaQ0VjcW8KLS0tIFNkZnNJbXpFOVZsdjREbWFwQ1RB
RTVML1czWWk1QkYzMlVwOWVXNVRwancKKngA02rNH1ZN2jvJ4QZcN07djYzzqoPo
OFeFoOHOKNz3Obwlxv6eW1bd0AP/MT7VR+cTDdaAxwNf8I1gEC9bjw==
-----END AGE ENCRYPTED FILE-----
- recipient: age1qju6ms625tlgcjwc9p447seu2p8gu0cr63e5gv5y0wx9mvgmre9slxzzs0
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBkdG5NWlVURFA0TDhWak5u
R0tmR3JiMThtNnpqM05yQWZTdVAxZTQ4TEcwCndjSlYvMTg1NlRvSHhmdmNMRzhS
MjgwMU5ZcnVnWVplY1lOc1JQNFkxMDQKLS0tIHhHenE2SmdFcC95ampNbmdOSDJX
ZnJLR0RKZ3FrOUxRSU11dlh5ZzBidmcK7PsJYwMJpv9YoaYiN+U20HA2opK2IUnF
elU57b01ZOZM5nfpnyZBdqZO6VRDAZC2h81z+BCNXUQus4SSNQi0aw==
-----END AGE ENCRYPTED FILE-----
- recipient: age18dmqd7r7fanrfmdxsvwgv9psvhs3hw5ydpvw0na0dv3dlrg4rs3q2wpvgv
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB2bzBRSi9qOEsxR0Z4RTNt
U0VKT0o3b3I0dXJxSHRSVnFiR3BWOUNTR2ljCmlHWWZnTGJKeWNhTWxKaEVrbWdG
M2twejZqaFU2RU8wemVxWHlpQVJYZWcKLS0tIDA5Y1Q0RWJvbUlGUHpKN1BIMGM2
cGU2bXpEaVNRcko4TVlBMG9KdnJibjQK86rJ3S+JQhD8+gCkr748z1oVy55ukOMv
c408QBFGToOuzvaRbOIb8lhci4ImuSJJE7TZUzgYsADEAaeudDKVtw==
-----END AGE ENCRYPTED FILE-----
- recipient: age10xwq7a4y256yhv02j0u80te0vt4krgfjc68r0uw07t96z7ggmpwqtv38a0
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB5WHJjQThud1IzSHk2Z0Zn
L2NybEJyMVdoRWszb0lZTlcyN1ppa1BOSmdzCitZa2thNkJyWWxKU0IxdnhrVXNI
Q2dXL1BST1hzMy9PZWpVcU1lckcvdVkKLS0tIDd1VXBGRmdkdnV6UHdzbU1UMjVB
WjB5akxEeUd2eS95ZnZHSUFXSmNXWncK3VXZqfKo8jat4gbn/5YSL/cV5qILqV5b
E/OBRFStWmfhuCZJzCDhU9a0QJocW+UkkI4XRzDDaN66gEmZe+u7mA==
-----END AGE ENCRYPTED FILE-----
- recipient: age1dktk5glcuu34u9t6kp3g2vqyj7dy0elray38t8n75mwa6l0s0vdst2cy00
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2cE5lLy9ZNXdXb0owcnZk
S0JRSkc4Q2p4bGxPSG14VjlKZ3NMMUpEd2drClBGU0FyaGJ1WCtHVHRzYTFqRXpz
VWJvTlBEcXg4TVVLZzV4djE2bUhIRVEKLS0tICtSTCtNS2dON0pIMHNzWmE5Q253
c3loYWpFd0h6N3FpdkdpZGdHZjU0aE0K2zsQNBl1jdhLWf1PeGVo+deCc6BwnTo4
tUg59pWQ5BvwMQx0kjhEoa29S1QUU4Or4erPPoHS5teK4Llv0s2gRQ==
-----END AGE ENCRYPTED FILE-----
- recipient: age1v458x2q70yt0a6m6cq5ehemphtrzfzyhmeg3r872vsyyf65asgwstmqqk4
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBUNHNvaU5sUDEvd3JGWUFa
VjZDbm9VMXpjQWhCYTRxbUlEREErT0tDUXpRCnN4YXhVVW8zTi9ZZmVUYWwwRHhH
dXd0dnB5WE9sTDZ2R3d4MlFiWlFZcmsKLS0tIENJSTNvNWV3SlVwRk15RDRpNllQ
YmZuei9iVFMvcytqS3podTZZb2g3S0kK+qGQ8LkLO6v8T718dyD5j5CTC+UwBaCn
9dxkh9MWkKknRL89MHbV9gVG/StiOa+USGqulXEGbapiZ9q1JYCa7A==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-11-16T19:17:41Z"
mac: ENC[AES256_GCM,data:WWOWqwrUtpJWY7o7M6Aac7B9O6tw91yNiL74Fg0TKq4OH/0TGHI7YJK4c9swXs95jctFvFL9qQPTNEENgnqhJyZJGuc2qTsSaKERsSReaV4gURNEm2J2R52EQkyZXRbrn0oSoDazORqRXQo1KvULV75fyIPtsE1OcU/1/TPkWHY=,iv:XwyR6rM+0eTmKg4+vpQx26iKgKm0NL6siKxLoF3MufM=,tag:ks777fUl7uUgn7W48zBoMg==,type:str]
pgp:
- created_at: "2024-12-24T19:36:21Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQEMA0SHG/zF3227AQgAqL1QC5kKDaMVQQp9Lboe3krFMW6MxBjilO3BvGYoXHKu
kKP4hJomuF8wqkKzwsXZihIoXmc767/lKG7AIIMnMJjShGgIjSU668l0guuxlGdT
r58W+JvA1Hu6LadQ6iPS5dVJgW0MJj5YGG0+EPljHVjFIXOKJff+09jBv2648kDh
SuuDVwFueX88qgKLnGNw/JWsmG6TRb8WPpbtK0zd30Y/guTRdx57+W4GcLz6zs98
kkU/VwAKy8ghkXlDyG/TBWipgj+xPGvOIRYiddZc6FBE14e5Miyuw4vgtLaYIWpS
aDB0BUbjmCaiVyZ3PF8nzJcUj3thAepkGyGIgPAgCNJcAW0hIzLoYdU9Dt5kxmGf
tCH3/l3nOuqFZ2EFe6xlBuYEfkjCDLMnDD6W4gvJTkOjfYDWuF0TldyfXeGken+J
BYeYA3OGTslhrVlXSPQeY1OqITnbqbPgwLkd7D0=
=Nc6x
-----END PGP MESSAGE-----
fp: 6F7069FE6B96E894E60EC45C6EEFA706CB17E89B
unencrypted_suffix: _unencrypted
version: 3.8.1
hQEMA0SHG/zF3227AQgAqL1QC5kKDaMVQQp9Lboe3krFMW6MxBjilO3BvGYoXHKu
kKP4hJomuF8wqkKzwsXZihIoXmc767/lKG7AIIMnMJjShGgIjSU668l0guuxlGdT
r58W+JvA1Hu6LadQ6iPS5dVJgW0MJj5YGG0+EPljHVjFIXOKJff+09jBv2648kDh
SuuDVwFueX88qgKLnGNw/JWsmG6TRb8WPpbtK0zd30Y/guTRdx57+W4GcLz6zs98
kkU/VwAKy8ghkXlDyG/TBWipgj+xPGvOIRYiddZc6FBE14e5Miyuw4vgtLaYIWpS
aDB0BUbjmCaiVyZ3PF8nzJcUj3thAepkGyGIgPAgCNJcAW0hIzLoYdU9Dt5kxmGf
tCH3/l3nOuqFZ2EFe6xlBuYEfkjCDLMnDD6W4gvJTkOjfYDWuF0TldyfXeGken+J
BYeYA3OGTslhrVlXSPQeY1OqITnbqbPgwLkd7D0=
=Nc6x
-----END PGP MESSAGE-----
fp: 6F7069FE6B96E894E60EC45C6EEFA706CB17E89B
unencrypted_suffix: _unencrypted
version: 3.8.1

18
services/home-ch/router-family.lan/Justfile
View file

@ -1,12 +1,12 @@
_run_ssh_cmd cmd:
ssh root@router-family.lan "{{cmd}}"
ssh root@router-family.lan "{{ cmd }}"
post-setup:
just -v _run_ssh_cmd "opkg update"
just -v _run_ssh_cmd "opkg install luci-ssl luci-app-ddns"
just -v _run_ssh_cmd "opkg install luci-app-samba samba36-server"
just -v _run_ssh_cmd "opkg install block-mount blockd kmod-fs-vfat kmod-usb-storage usbutils kmod-usb-storage-uas kmod-fs-btrfs btrfs-progs"
# multiuser SFTP
just -v _run_ssh_cmd "opkg install openssh-server openssh-sftp-server"
just -v _run_ssh_cmd "opkg install sudo coreutils-readlink"
just -v _run_ssh_cmd "/etc/init.d/uhttpd restart"
just -v _run_ssh_cmd "opkg update"
just -v _run_ssh_cmd "opkg install luci-ssl luci-app-ddns"
just -v _run_ssh_cmd "opkg install luci-app-samba samba36-server"
just -v _run_ssh_cmd "opkg install block-mount blockd kmod-fs-vfat kmod-usb-storage usbutils kmod-usb-storage-uas kmod-fs-btrfs btrfs-progs"
# multiuser SFTP
just -v _run_ssh_cmd "opkg install openssh-server openssh-sftp-server"
just -v _run_ssh_cmd "opkg install sudo coreutils-readlink"
just -v _run_ssh_cmd "/etc/init.d/uhttpd restart"

12
services/home-ch/router-wan.dmz/Justfile
View file

@ -1,9 +1,9 @@
_run_ssh_cmd cmd:
ssh root@router-wan.dmz "{{cmd}}"
ssh root@router-wan.dmz "{{ cmd }}"
post-setup:
just -v _run_ssh_cmd "opkg update"
just -v _run_ssh_cmd "opkg install luci-ssl"
just -v _run_ssh_cmd "opkg install luci-app-mwan3"
# multiuser SFTP
just -v _run_ssh_cmd "/etc/init.d/uhttpd restart"
just -v _run_ssh_cmd "opkg update"
just -v _run_ssh_cmd "opkg install luci-ssl"
just -v _run_ssh_cmd "opkg install luci-app-mwan3"
# multiuser SFTP
just -v _run_ssh_cmd "/etc/init.d/uhttpd restart"