chore: update before migration
This commit is contained in:
@@ -14,21 +14,22 @@ in {
|
||||
settings = {
|
||||
http = {address = "127.0.0.1:${toString port}";};
|
||||
users = mapAttrsToList (name: password: {inherit name password;}) {
|
||||
"admin" = "$2y$10$1oOiKeJJFSmdc8s8QYUZeeNCHLBAb51BbpLdDjoexUI/0KDHlV8d6";
|
||||
"admin" = "$2y$10$8KrO4gmaUUNsJ8q92A0GsOhLgkP2CyAhC4Tc6KSLAxk.S5BLhKGlm";
|
||||
};
|
||||
theme = "dark";
|
||||
dns = {
|
||||
bootstrap_dns = [
|
||||
"1.1.1.1"
|
||||
"8.8.8.8"
|
||||
"9.9.9.9"
|
||||
];
|
||||
bind_hosts = [
|
||||
"127.0.0.1"
|
||||
(elemAt config.networking.interfaces."eno1".ipv4.addresses 0).address
|
||||
"100.86.139.22"
|
||||
"0.0.0.0"
|
||||
];
|
||||
upstram_dns = [
|
||||
# "9.9.9.9"
|
||||
"9.9.9.9"
|
||||
];
|
||||
fallback_dns = [
|
||||
"1.1.1.1"
|
||||
"8.8.8.8"
|
||||
];
|
||||
@@ -43,27 +44,29 @@ in {
|
||||
}))
|
||||
]);
|
||||
parental_enabled = false;
|
||||
protection_enabled = true;
|
||||
filtering_enabled = true;
|
||||
safe_search.enabled = false;
|
||||
safebrowsing_enabled = false;
|
||||
blocked_services = {
|
||||
ids = ["youtube"];
|
||||
schedule =
|
||||
(mapAttrs (n: v: {
|
||||
start = elemAt v 0;
|
||||
end = elemAt v 1;
|
||||
}) rec {
|
||||
sat = ["0s" "24h"];
|
||||
sun = sat;
|
||||
mon = ["18h" "24h"];
|
||||
tue = mon;
|
||||
wed = mon;
|
||||
thu = mon;
|
||||
fri = mon;
|
||||
})
|
||||
// {
|
||||
time_zone = config.time.timeZone;
|
||||
};
|
||||
};
|
||||
# blocked_services = {
|
||||
# ids = ["youtube"];
|
||||
# schedule =
|
||||
# (mapAttrs (n: v: {
|
||||
# start = elemAt v 0;
|
||||
# end = elemAt v 1;
|
||||
# }) rec {
|
||||
# sat = ["0s" "24h"];
|
||||
# sun = sat;
|
||||
# mon = ["18h" "24h"];
|
||||
# tue = mon;
|
||||
# wed = mon;
|
||||
# thu = mon;
|
||||
# fri = mon;
|
||||
# })
|
||||
# // {
|
||||
# time_zone = config.time.timeZone;
|
||||
# };
|
||||
# };
|
||||
};
|
||||
filters =
|
||||
imap (id: url: {
|
||||
@@ -83,6 +86,7 @@ in {
|
||||
];
|
||||
user_rules = [
|
||||
"@@||bearblog.dev^$important"
|
||||
"@@||blogspot.com^$important"
|
||||
"@@||neocities.org^$important"
|
||||
"@@||tailscale.com^$important"
|
||||
"@@||torproject.org^$important"
|
||||
|
||||
15
capytal/admin.nix
Normal file
15
capytal/admin.nix
Normal file
@@ -0,0 +1,15 @@
|
||||
{...}: {
|
||||
services.dex = {
|
||||
enable = true;
|
||||
settings = rec {
|
||||
issuer = "https://idadmin.capytal.cc";
|
||||
storage.type = "sqlite3";
|
||||
web.http = "127.0.0.1:9630";
|
||||
frontend = {
|
||||
issuer = issuer;
|
||||
theme = "dark";
|
||||
};
|
||||
enablePasswordDB = true;
|
||||
};
|
||||
};
|
||||
}
|
||||
@@ -4,7 +4,9 @@
|
||||
settings = {
|
||||
global = {
|
||||
server_name = "capytal.cc";
|
||||
allow_registration = false;
|
||||
|
||||
allow_registration = true;
|
||||
registration_token = "abaduh";
|
||||
|
||||
allow_encryption = true;
|
||||
allow_federation = false;
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
{...}: {
|
||||
imports = [
|
||||
# ./admin.nix
|
||||
./peertube.nix
|
||||
./videos.nix
|
||||
./analytics.nix
|
||||
./forge.nix
|
||||
./websites.nix
|
||||
|
||||
@@ -175,11 +175,10 @@ in {
|
||||
enable = true;
|
||||
name = "Gitea Runner (${config.networking.hostName}) 1";
|
||||
url = gitea.settings.server.ROOT_URL;
|
||||
# url = "http://127.0.0.1:${toString gitea.settings.server.HTTP_PORT}";
|
||||
tokenFile = config.sops.secrets."gitea/actions/token".path;
|
||||
labels = [
|
||||
"node-latest:docker://node:25-bullseye"
|
||||
"alpine-latest:docker://data.forgejo.org/oci/alpine:3.23"
|
||||
"golang-latest:docker://data.forgejo.org/oci/golang:1.25-alpine3.23"
|
||||
"nix-latest:docker://code.capytal.cc/images/nix:2.31.3"
|
||||
];
|
||||
};
|
||||
};
|
||||
@@ -235,124 +234,20 @@ in {
|
||||
in {
|
||||
":${toString (gitea.settings.server.HTTP_PORT + 1)}" = {
|
||||
extraConfig = ''
|
||||
reverse_proxy http://localhost${config.services.anubis.instances."gitea".settings.BIND} {
|
||||
header_up X-Http-Version {http.request.proto}
|
||||
header_up X-Real-Ip {remote_host}
|
||||
request_body {
|
||||
max_size 1GiB
|
||||
}
|
||||
reverse_proxy http://localhost:${toString gitea.settings.server.HTTP_PORT}
|
||||
'';
|
||||
# extraConfig = ''
|
||||
# reverse_proxy http://localhost${config.services.anubis.instances."gitea".settings.BIND} {
|
||||
# header_up X-Http-Version {http.request.proto}
|
||||
# header_up X-Real-Ip {remote_host}
|
||||
# }
|
||||
# '';
|
||||
};
|
||||
# Old ports used by legacy https://forge.capytal.company
|
||||
":9961" = redir;
|
||||
":9962" = redir;
|
||||
};
|
||||
|
||||
# services.forgejo = {
|
||||
# enable = true;
|
||||
# package = pkgs.forgejo;
|
||||
# settings = let
|
||||
# initList = l: (lib.strings.concatStringsSep "," l);
|
||||
# in {
|
||||
# DEFAULT = {
|
||||
# APP_NAME = "Capytal Code";
|
||||
# };
|
||||
# actions = {
|
||||
# ENABLED = true;
|
||||
# DEFAULT_ACTIONS_URL = "https://data.forgejo.org";
|
||||
# };
|
||||
# admin = {
|
||||
# DISABLE_REGULAR_ORG_CREATION = true;
|
||||
# USER_DISABLED_FEATURES = "deletion manage_ssh_keys manage_gpg_keys";
|
||||
# EXTERNAL_USER_DISABLED_FEATURES = "deletion manage_ssh_keys manage_gpg_keys";
|
||||
# };
|
||||
# database = {
|
||||
# HOST = "127.0.0.1:${toString config.services.postgresql.settings.port}";
|
||||
# NAME = "forgejo";
|
||||
# USER = "forgejo";
|
||||
# SSL_MODE = "disable";
|
||||
# };
|
||||
# repository = {
|
||||
# DEFAULT_REPO_UNITS = initList [
|
||||
# "repo.code"
|
||||
# "repo.issues"
|
||||
# "repo.pulls"
|
||||
# ];
|
||||
# };
|
||||
# security = {
|
||||
# REVERSE_PROXY_TRUSTED_PROXIES = "127.0.0.0/8,::1/128";
|
||||
# };
|
||||
# server = rec {
|
||||
# HTTP_PORT = 9960;
|
||||
# DOMAIN = "forge.capytal.company";
|
||||
# ROOT_URL = "https://${DOMAIN}";
|
||||
# };
|
||||
# service = {
|
||||
# DISABLE_REGISTRATION = true;
|
||||
# };
|
||||
# storage = {
|
||||
# STORAGE_TYPE = "minio";
|
||||
# MINIO_USE_SSL = false;
|
||||
# MINIO_ENDPOINT = "127.0.0.1:3461";
|
||||
# MINIO_BUCKET = "forgejo";
|
||||
# MINIO_LOCATION = config.services.garage.settings.s3_api.s3_region;
|
||||
# };
|
||||
# ui = {
|
||||
# # DEFAULT_THEME = "capytal-dark";
|
||||
# };
|
||||
# };
|
||||
# secrets = {
|
||||
# storage = {
|
||||
# MINIO_ACCESS_KEY_ID = "${config.sops.secrets."forgejo/s3/key".path}";
|
||||
# MINIO_SECRET_ACCESS_KEY = "${config.sops.secrets."forgejo/s3/secret".path}";
|
||||
# };
|
||||
# };
|
||||
# };
|
||||
|
||||
# services.gitea-actions-runner = {
|
||||
# package = pkgs.forgejo-actions-runner;
|
||||
# instances = {
|
||||
# "forgejo-runner-1" = {
|
||||
# enable = true;
|
||||
# name = "Forgejo Runner (${config.networking.hostName}) 1";
|
||||
# url = config.services.forgejo.settings.server.ROOT_URL;
|
||||
# tokenFile = config.sops.secrets."forgejo/actions/token".path;
|
||||
# labels = [
|
||||
# "alpine-3.22:docker://data.forgejo.org/oci/alpine:3.22"
|
||||
# "golang-1.24:docker://data.forgejo.org/oci/golang:1.24-alpine3.22"
|
||||
# "node-24:docker://node:24-bullseye"
|
||||
# ];
|
||||
# };
|
||||
# };
|
||||
# };
|
||||
#
|
||||
# users.users."${cfg.user}".packages = [
|
||||
# (pkgs.symlinkJoin {
|
||||
# paths = [pkgs.forgejo];
|
||||
# buildInputs = [pkgs.makeWrapper];
|
||||
# postFixup = ''
|
||||
# wrapProgram $out/bin/gitea \
|
||||
# --add-flags --config '${cfg.customDir}/conf/app.ini'
|
||||
# '';
|
||||
# inherit (pkgs.forgejo) name pname meta;
|
||||
# })
|
||||
# ];
|
||||
#
|
||||
# services.anubis.instances."forgejo" = {
|
||||
# settings = {
|
||||
# BIND = ":${toString (cfg.settings.server.HTTP_PORT + 2)}";
|
||||
# BIND_NETWORK = "tcp";
|
||||
# METRICS_BIND = ":${toString (cfg.settings.server.HTTP_PORT + 3)}";
|
||||
# METRICS_BIND_NETWORK = "tcp";
|
||||
# SERVE_ROBOTS_TXT = true;
|
||||
# TARGET = "http://localhost:${toString cfg.settings.server.HTTP_PORT}";
|
||||
# ED25519_PRIVATE_KEY_HEX_FILE = config.sops.secrets."anubis/forgejo/hex_file".path;
|
||||
# };
|
||||
# };
|
||||
|
||||
# services.caddy.virtualHosts.":${toString (cfg.settings.server.HTTP_PORT + 1)}" = {
|
||||
# extraConfig = ''
|
||||
# reverse_proxy http://localhost${config.services.anubis.instances."forgejo".settings.BIND} {
|
||||
# header_up X-Real-Ip {remote_host}
|
||||
# }
|
||||
# '';
|
||||
# };
|
||||
}
|
||||
|
||||
69
capytal/forge2.nix
Normal file
69
capytal/forge2.nix
Normal file
@@ -0,0 +1,69 @@
|
||||
{
|
||||
config,
|
||||
inputs,
|
||||
lib,
|
||||
self,
|
||||
pkgs,
|
||||
...
|
||||
}: let
|
||||
appview = config.services.tangled.appview;
|
||||
in {
|
||||
imports = [
|
||||
inputs.tangled.nixosModules.appview
|
||||
inputs.tangled.nixosModules.knot
|
||||
inputs.tangled.nixosModules.spindle
|
||||
];
|
||||
|
||||
# services.tangled.appview = {
|
||||
# enable = true;
|
||||
# port = 9974;
|
||||
# appviewHost = "https://code.capytal.cc";
|
||||
# appviewName = "Capytal Code";
|
||||
# dev = true;
|
||||
# redis = {
|
||||
# };
|
||||
# };
|
||||
#
|
||||
# services.anubis.instances."tangled-appview" = {
|
||||
# settings = {
|
||||
# BIND = ":${toString (appview.port + 2)}";
|
||||
# BIND_NETWORK = "tcp";
|
||||
# METRICS_BIND = ":${toString (appview.port + 3)}";
|
||||
# METRICS_BIND_NETWORK = "tcp";
|
||||
# SERVE_ROBOTS_TXT = true;
|
||||
# TARGET = "http://localhost:${toString appview.port}";
|
||||
# ED25519_PRIVATE_KEY_HEX_FILE = config.sops.secrets."anubis/gitea/hex_file".path;
|
||||
# };
|
||||
# };
|
||||
#
|
||||
# services.caddy.virtualHosts = {
|
||||
# ":${toString (appview.port + 1)}" = {
|
||||
# extraConfig = ''
|
||||
# reverse_proxy http://localhost${config.services.anubis.instances."tangled-appview".settings.BIND} {
|
||||
# header_up X-Http-Version {http.request.proto}
|
||||
# header_up X-Real-Ip {remote_host}
|
||||
# }
|
||||
# '';
|
||||
# };
|
||||
# };
|
||||
|
||||
services.tangled.knot = {
|
||||
enable = true;
|
||||
# appviewEndpoint = "https://code-tangled.capytal.cc";
|
||||
stateDir = "/var/lib/tangled/knot";
|
||||
git = {
|
||||
userName = "Capytal Code";
|
||||
userEmail = "noreply@capytal.cc";
|
||||
};
|
||||
motd = ''
|
||||
Capytal Code's private knot for https://code-tangled.capytal.cc
|
||||
'';
|
||||
server = {
|
||||
listenAddr = "0.0.0.0:9774";
|
||||
internalListenAddr = "0.0.0.0:9374";
|
||||
owner = "did:plc:lchdsl3qhubjldzk2tlcnfth";
|
||||
hostname = "knot-code.capytal.cc";
|
||||
dev = true;
|
||||
};
|
||||
};
|
||||
}
|
||||
@@ -50,9 +50,9 @@
|
||||
};
|
||||
in {
|
||||
services.peertube = {
|
||||
enable = true;
|
||||
# localDomain = "watch.capytal.cc";
|
||||
localDomain = "watch-test.capytal.cc";
|
||||
enable = false;
|
||||
localDomain = "watch.capytal.cc";
|
||||
# localDomain = "watch-test.capytal.cc";
|
||||
listenWeb = 9945;
|
||||
listenHttp = 9945;
|
||||
enableWebHttps = false;
|
||||
@@ -65,7 +65,26 @@ in {
|
||||
redis.createLocally = true;
|
||||
configureNginx = true;
|
||||
settings = {
|
||||
admin.email = "contact@capytal.cc";
|
||||
contact_form.enabled = false;
|
||||
signup.enabled = false;
|
||||
instance = {
|
||||
name = "Capytal Creators";
|
||||
short_description = "Watch all Capytal Creators' videos and content.";
|
||||
description = "Watch all Capytal Creators' videos and content.";
|
||||
languages = ["en" "pt"];
|
||||
categories = [
|
||||
1 # Music
|
||||
2 # Films
|
||||
4 # Art
|
||||
7 # Gaming
|
||||
8 # People
|
||||
10 # Entertainment
|
||||
13 # Education
|
||||
15 # Science & Technology
|
||||
];
|
||||
server_country = "Brazil";
|
||||
};
|
||||
object_storage = {
|
||||
enabled = true;
|
||||
endpoint = "localhost:3461";
|
||||
@@ -103,7 +122,7 @@ in {
|
||||
|
||||
# TODO: Commit this to upstream nixpkgs?
|
||||
# HACK: services.peertube.database.createLocally option doesn't respect port
|
||||
systemd.services.peertube-init-db = {
|
||||
systemd.services.peertube-init-db = lib.mkIf cfg.enable {
|
||||
description = "Initialization database for PeerTube daemon";
|
||||
after = [
|
||||
"network.target"
|
||||
@@ -137,7 +156,7 @@ in {
|
||||
// cfgService;
|
||||
};
|
||||
|
||||
services.anubis.instances."peertube" = {
|
||||
services.anubis.instances."peertube" = lib.mkIf cfg.enable {
|
||||
settings = {
|
||||
BIND = ":${toString (cfg.listenWeb + 2)}";
|
||||
BIND_NETWORK = "tcp";
|
||||
@@ -149,7 +168,7 @@ in {
|
||||
};
|
||||
};
|
||||
|
||||
services.caddy.virtualHosts = {
|
||||
services.caddy.virtualHosts = lib.mkIf cfg.enable {
|
||||
":${toString (cfg.listenWeb + 1)}" = {
|
||||
extraConfig = ''
|
||||
reverse_proxy http://localhost${config.services.anubis.instances."peertube".settings.BIND} {
|
||||
|
||||
@@ -8,11 +8,12 @@
|
||||
in {
|
||||
imports = [
|
||||
inputs.capytalcc.nixosModules.default
|
||||
inputs.guzone.nixosModules.guzone
|
||||
inputs.keikoswork.nixosModules.default
|
||||
];
|
||||
|
||||
services.capytalcc.web = {
|
||||
enable = true;
|
||||
enable = false;
|
||||
port = 9900;
|
||||
};
|
||||
services.caddy.virtualHosts.":${toString (cfg-capytal.port + 1)}" = {
|
||||
@@ -21,18 +22,26 @@ in {
|
||||
'';
|
||||
};
|
||||
|
||||
services.keikos.web = {
|
||||
services.guzone = {
|
||||
enable = true;
|
||||
port = 9910;
|
||||
envFile = config.sops.secrets."keiko/env_file".path;
|
||||
};
|
||||
services.caddy.virtualHosts.":${toString (cfg-keikos.port + 1)}" = {
|
||||
services.caddy.virtualHosts.":${toString (config.services.guzone.port + 1)}" = {
|
||||
extraConfig = ''
|
||||
reverse_proxy http://localhost:${toString cfg-keikos.port}
|
||||
reverse_proxy http://localhost:${toString (config.services.guzone.port)}
|
||||
'';
|
||||
};
|
||||
services.caddy.virtualHosts.":${toString (cfg-keikos.port + 2)}" = {
|
||||
extraConfig = ''
|
||||
|
||||
services.keikos.web = {
|
||||
enable = true;
|
||||
port = 9920;
|
||||
envFile = config.sops.secrets."keiko/env_file".path;
|
||||
};
|
||||
services.caddy.virtualHosts = {
|
||||
":${toString (cfg-keikos.port + 1)}".extraConfig = ''
|
||||
reverse_proxy http://localhost:${toString cfg-keikos.port}
|
||||
'';
|
||||
":${toString (cfg-keikos.port + 2)}".extraConfig = ''
|
||||
redir https://kois.work{uri} permanent
|
||||
'';
|
||||
};
|
||||
|
||||
77
flake.lock
generated
77
flake.lock
generated
@@ -527,6 +527,24 @@
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"guzone": {
|
||||
"inputs": {
|
||||
"nixpkgs": "nixpkgs_7"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1771767546,
|
||||
"narHash": "sha256-PK0tWwnuCJQyqVXVa/WTBpueaOvStC8FXLN3y7hrtV8=",
|
||||
"ref": "refs/heads/main",
|
||||
"rev": "d300de4601fba3a6a79a3e0ef47d3a0b339c111e",
|
||||
"revCount": 85,
|
||||
"type": "git",
|
||||
"url": "https://code.capytal.cc/dot013/guz.one"
|
||||
},
|
||||
"original": {
|
||||
"type": "git",
|
||||
"url": "https://code.capytal.cc/dot013/guz.one"
|
||||
}
|
||||
},
|
||||
"hercules-ci-effects": {
|
||||
"inputs": {
|
||||
"flake-parts": [
|
||||
@@ -921,7 +939,7 @@
|
||||
"keikoswork": {
|
||||
"inputs": {
|
||||
"gitignore": "gitignore_2",
|
||||
"nixpkgs": "nixpkgs_7",
|
||||
"nixpkgs": "nixpkgs_8",
|
||||
"templ": "templ"
|
||||
},
|
||||
"locked": {
|
||||
@@ -940,7 +958,7 @@
|
||||
},
|
||||
"loreddev-gitea": {
|
||||
"inputs": {
|
||||
"nixpkgs": "nixpkgs_9"
|
||||
"nixpkgs": "nixpkgs_10"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1765921137,
|
||||
@@ -1108,6 +1126,22 @@
|
||||
}
|
||||
},
|
||||
"nixpkgs_10": {
|
||||
"locked": {
|
||||
"lastModified": 1765779637,
|
||||
"narHash": "sha256-KJ2wa/BLSrTqDjbfyNx70ov/HdgNBCBBSQP3BIzKnv4=",
|
||||
"owner": "nixos",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "1306659b587dc277866c7b69eb97e5f07864d8c4",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "nixos",
|
||||
"ref": "nixos-unstable",
|
||||
"repo": "nixpkgs",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nixpkgs_11": {
|
||||
"locked": {
|
||||
"lastModified": 1765762245,
|
||||
"narHash": "sha256-3iXM/zTqEskWtmZs3gqNiVtRTsEjYAedIaLL0mSBsrk=",
|
||||
@@ -1204,6 +1238,22 @@
|
||||
}
|
||||
},
|
||||
"nixpkgs_7": {
|
||||
"locked": {
|
||||
"lastModified": 1771008912,
|
||||
"narHash": "sha256-gf2AmWVTs8lEq7z/3ZAsgnZDhWIckkb+ZnAo5RzSxJg=",
|
||||
"owner": "nixos",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "a82ccc39b39b621151d6732718e3e250109076fa",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "nixos",
|
||||
"ref": "nixos-unstable",
|
||||
"repo": "nixpkgs",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nixpkgs_8": {
|
||||
"locked": {
|
||||
"lastModified": 1734119587,
|
||||
"narHash": "sha256-AKU6qqskl0yf2+JdRdD0cfxX4b9x3KKV5RqA6wijmPM=",
|
||||
@@ -1219,7 +1269,7 @@
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nixpkgs_8": {
|
||||
"nixpkgs_9": {
|
||||
"locked": {
|
||||
"lastModified": 1724322575,
|
||||
"narHash": "sha256-kRYwAdYsaICNb2WYcWtBFG6caSuT0v/vTAyR8ap0IR0=",
|
||||
@@ -1235,22 +1285,6 @@
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nixpkgs_9": {
|
||||
"locked": {
|
||||
"lastModified": 1765779637,
|
||||
"narHash": "sha256-KJ2wa/BLSrTqDjbfyNx70ov/HdgNBCBBSQP3BIzKnv4=",
|
||||
"owner": "nixos",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "1306659b587dc277866c7b69eb97e5f07864d8c4",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "nixos",
|
||||
"ref": "nixos-unstable",
|
||||
"repo": "nixpkgs",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nur": {
|
||||
"inputs": {
|
||||
"flake-parts": [
|
||||
@@ -1329,10 +1363,11 @@
|
||||
"inputs": {
|
||||
"capytalcc": "capytalcc",
|
||||
"dot013-nix": "dot013-nix",
|
||||
"guzone": "guzone",
|
||||
"home-manager": "home-manager_3",
|
||||
"keikoswork": "keikoswork",
|
||||
"loreddev-gitea": "loreddev-gitea",
|
||||
"nixpkgs": "nixpkgs_10",
|
||||
"nixpkgs": "nixpkgs_11",
|
||||
"nixpkgs-unstable": "nixpkgs-unstable_2",
|
||||
"sops-nix": "sops-nix_2"
|
||||
}
|
||||
@@ -1480,7 +1515,7 @@
|
||||
"inputs": {
|
||||
"gitignore": "gitignore_3",
|
||||
"gomod2nix": "gomod2nix",
|
||||
"nixpkgs": "nixpkgs_8",
|
||||
"nixpkgs": "nixpkgs_9",
|
||||
"xc": "xc"
|
||||
},
|
||||
"locked": {
|
||||
|
||||
@@ -18,6 +18,11 @@
|
||||
inputs.nixpkgs.follows = "nixpkgs";
|
||||
};
|
||||
|
||||
guzone = {
|
||||
url = "git+https://code.capytal.cc/dot013/guz.one";
|
||||
# inputs.nixpkgs.follows = "nixpkgs";
|
||||
};
|
||||
|
||||
keikoswork = {
|
||||
url = "git+https://code.capytal.cc/guz013/keikos.work";
|
||||
# inputs.nixpkgs.follows = "nixpkgs";
|
||||
|
||||
27
secrets.nix
27
secrets.nix
@@ -28,6 +28,8 @@ with lib; {
|
||||
"" = [
|
||||
# Cloudflared
|
||||
"cloudflared/tunnel_env"
|
||||
# Livekit
|
||||
"livekit/key_file"
|
||||
];
|
||||
|
||||
# Anubis
|
||||
@@ -63,17 +65,32 @@ with lib; {
|
||||
];
|
||||
|
||||
# Peertube
|
||||
${config.services.peertube.user} = [
|
||||
"peertube/database/password"
|
||||
"peertube/environment"
|
||||
"peertube/secretsFile"
|
||||
];
|
||||
# ${config.services.peertube.user} = [
|
||||
# "peertube/database/password"
|
||||
# "peertube/environment"
|
||||
# "peertube/secretsFile"
|
||||
# ];
|
||||
|
||||
# PostgreSQL
|
||||
${config.users.users.postgres.name} = [
|
||||
"postgresql/initialScript"
|
||||
];
|
||||
|
||||
# Mautrix Discord
|
||||
${config.users.users.mautrix-discord.name} = [
|
||||
"mautrix_discord/env_file"
|
||||
];
|
||||
|
||||
# Mautrix Meta
|
||||
${config.users.users.mautrix-meta-default.name} = [
|
||||
"mautrix_meta/env_file"
|
||||
];
|
||||
|
||||
# Mautrix Whatsapp
|
||||
${config.users.users.mautrix-whatsapp.name} = [
|
||||
"mautrix_whatsapp/env_file"
|
||||
];
|
||||
|
||||
# Nextcloud
|
||||
${config.services.phpfpm.pools.nextcloud.user} = [
|
||||
"nextcloud/adminpass"
|
||||
|
||||
16
secrets.yaml
16
secrets.yaml
@@ -43,6 +43,8 @@ guz:
|
||||
password: ENC[AES256_GCM,data:zlO5xSFho7TXjFv62lgFir9SAgn+UE6XjdNEvIAgmQG9oDkthfgxO84wYdI0mQDwRIIs2PmSdBRfo0DPc3hji+ySCrItolPL8g==,iv:MZfhTxwfcbmXh5C6DkQhnY9NQGdE8zEwwvFOHQiUgKY=,tag:JjJN2bYcSXNN3ueGj5RNLg==,type:str]
|
||||
keiko:
|
||||
env_file: ENC[AES256_GCM,data:dgHWczdwDxz3yV66F+4lMTRIMvHDBYZ6ycVARQPVT7GcYhelA/5uNks3Sdn1n8vgie7TmZBT9mGv+ePtP4+GMyHo/bOJqvjcXyU9dB30CwxuYOCPefitbKxHwIJxkMJqmXvNr3pl2u0mZWUu3mdGMLI9fF3z8/Tk0xM/g4ZezLGaXcRhUSdQPDiOFt2VKA5IrERnpRP0ey5Jx3tf,iv:gpLQdIBGgMCgR0B7jEZDF+3t85nsOVkdxubBUR+QOWA=,tag:eTgQ2uvWsGPEXkpzj/3Szw==,type:str]
|
||||
livekit:
|
||||
key_file: ENC[AES256_GCM,data:3XqWy8l//Ic+c8qi9tnE552dLtDZTkY/KY4Ex9vwdnOHZy5Ag2SlQV8DJjl1HhoCtIP9cy4vTQMIdsRQVQ==,iv:g7X/S1YqearbvtuE2J4l2F0xD3SkTU7ytYrTRNP5k6w=,tag:AbxOfEPTcgl2swlssLm2tQ==,type:str]
|
||||
postgresql:
|
||||
initialScript: ENC[AES256_GCM,data:9ByABGVJgE7+CpWTiRLvN8PM2N4UjRylcFR7zjSeROkpkJQfxaJas0G2kLo9wRXVbp82NlIb8A5kd7pFCfF/GC7G7bqfIiR65yevLJ+SScEnhx2YSd5U1dTNwgaK48Q2b9aACn5qOVCwA0WgKkUZMBH2G6u/9VCHjFWXnoVX1YqQ1IwiCE4aSwGdiSykMQXldLnVDB/CDhir7x6/M+jroW+hrkrmXVXZbM5JRTz4foUEafhjFInZXbPKJl+rgNv//DAG4tYWCOljruRVmtKo9CJm277/8C2jd5NwVUFsBmDuvIQjrSBo25r7UMV+US7JJO2gjw/81QraNy95nTxdIAphTqV4W1eeZIxWwDKul6WvyNwTsa/Zw8nUHmlf1i7NWiy+YaqJHrPWXPnytTNLuFsm34sU5Jair4l4LRkzUW/+wZk3977xbmVbUwimywO7,iv:rOP9dSSnWiJKe30hxD4+klj/JZygcEsskf+71zn5Eu4=,tag:nz11prtg2DiK+EODarIYFA==,type:str]
|
||||
peertube:
|
||||
@@ -50,6 +52,14 @@ peertube:
|
||||
password: ENC[AES256_GCM,data:PUHAXOXMwDVFc7cHihhizQ==,iv:FgUKffolNJrK/hqTnm0ciYdQDl6VjCXeEp+tyfa+Wmo=,tag:Mcxjlcd4Hr+x91Cx4/9p7w==,type:str]
|
||||
secretsFile: ENC[AES256_GCM,data:3ZlvLnxollbqo7tLKbq81cGcYkbVqhmRe/3h0XOyPDgXtOvaiVKkUeIbbTmhdai4ueQcEF5U7xn0Lc8FZqLE2Q==,iv:H2quDSKPaVNLq91nqHxVvOh/611Ej2prAf1Rd3/8AOQ=,tag:CGqTSJNqiaFoFR21PabwRA==,type:str]
|
||||
environment: ENC[AES256_GCM,data:z4C957prGW1EoDnnjO1DiW6d4qlIkBwAdE/wXDVSvgwWczz2u6YgDPA+QuIC2OkfcSzlz5kslCoBLtVubiQRnjgUJhXAFXfilD0+cLq82Kak9LAZAkuGyhivTGmNg0rpOh9qamns5hpXXlbu8/VFyCX/XWv6gN0P3GeS+As7QNhm7M9O,iv:qb5kAhljVF45+bluZ6t3kNHZ2+C3g/8pnDjVe+1v6bs=,tag:GYmtgfcyCTxHNpq4rHSXvg==,type:str]
|
||||
matrix:
|
||||
dp: ENC[AES256_GCM,data:K3C8WDz1I5gRifnkae+8Mgk5sp8rrmNkHE9NH87LX6L24RVT+oiFbz5WKPndQdQrzRprAondvDmbQXSr85Z80LV+r7w8xlbGtfaFDzvCHiFbLrhL1sXBxmHFjF8+HzeVNoQnymXt+V3vCesiWAVwf9SMHWBHr+oYjLtWRmMqUWj1BkzyB88R4HZLnHhX78aVB85kEOXAfBu4m6C0DAs5KqweDWu0T6vgExOqjeIysHIsQYZDGI8A+Dw69tadFeBlZcvC1kfUnQdsiF/tnS/P5j6dQ0Dxtw3wSpbnClN65OOf4BldQrD48Te7p83zidzBhCZ51vVTbCiTKqZON06fT2X8JtCYsncVxjmjyRMUxWE/I3AFA8+e7TZmpBX5reBbq1szR3+mKFGQYcvN8bA2XOCAdrrS48YhFLcZb85ruPTUf3DK0LNwt94nbR3ltVfVZOa5PubAuqBc2Saklu9LYVAhYvMqT263iMqkDCtWysyS3nXBF4s2esBIXD8KKQoyWymYkPQ1nGHB0TxsGUtDih5yuxFUfIjWJf9NTpX8MQAKR3ItM9G7zY/txb2HpG/eA5mfFbKdQQoSq0dthdjsMp/6lqNIUFXIR7UJVcSLbKU+SfEJuodEhQG0+aaRnN/NjdgnHkegx8K/bEY7iVvou9PGdTHVzWOReGyah4GkvGKl/9sovQfmqBiPdQlkrJxNzOFU9eGKNhq30W7yy3H3ZGjlO61Q827CNaz8o0rit4AoJtWrWStB/WEKIKBs8f8/sgJhN0sNVWPhNk26sUazhiyvOn6RKZhP6w1y9WwQ99SWTndiEL0ijepM3HBAYL1RS4F/+SJ/CXErO28yX0HiakoMlDB5fmTiK1AHFnF0D4cnw7j2yESDp2oLnSd+/2PNGEStTUnheE6OP+n32vStzSp4T+Ack3HCRQ92T+JztVYhJK8jV1OrRqh08qQmwXVUJdm4DYztETmL0vAw9QzFmBNrrTiotO1T5ORYBqBZ9MSQ7kcQ1+tORkV6/29KcOpd23v+84APzdF3A2iqTJv57MtBaVh6+/cokgUQRmXPrf7KkEsP11RHROuVG7hkTv5pAUuKXjltg0aEOL3R3OE1iueLz7ZynBe2O7Uk/o2AuM8DGq7Ou2JHjicJbiqrqmY/i3TfMJ3FdkIKipcj3+7p1tf8u99NTngBhy9v7hhnqLOKytUktyd46g0hwR1qib3zpDSB7yFjXb5dJWkPBwYT6MsubqrKBQ/5ms2QTGkUMVsZ5TmdIh4=,iv:jJJoqj33E/lwY3+CgdplnfYrYuHdpzkSC0dAJBEK2F0=,tag:Mcw+onFN8WNp0AVPE7Vujg==,type:str]
|
||||
mautrix_discord:
|
||||
env_file: ENC[AES256_GCM,data:Hqkwb7TmKgVWn724zjM4yGMaRR3tV2LemIN3KowENBS1j2QI+2n+7/LeIu+VJ7k1RQaQMJC/eGoDVV0APQ7WM6PsMsYp8wwf1w==,iv:JMnXDOx0j4gxW5zkcTMhOBLTs0A9SazLm3iBi9+HfrA=,tag:a2nwGGxp1WaWoglO11RB+Q==,type:str]
|
||||
mautrix_meta:
|
||||
env_file: ENC[AES256_GCM,data:JfozoksXzKuABmqk9O93ItjXq61W09eJ4Z/I0fBwjnUXlLEsvT0YhXxS2pqsEMbnIOuzxmlMldSxoukGGarLVzWODokRathxKKNTVtYIzJfwT5wWzDu4vWubgUk4yfAgt6omZEibRfBtzwkGB2wtyg55DR9+E7fc774mvZC68gch1RPKCTkJ6xhj/AUcOXA7A0YvciurheakQEry/o9I/wt625BW3grhTcrNmfdn56kTKJ/JvMGz/fUQ1uYC/Qci/4sb39O6MosqguU+YcH+kwxgj+tpnD6eeS1/pvSzMSSysN/At6KUyb3TVzMGIlA=,iv:8DIN4DtwxgEjO3jFKEwjJftJV3kEe9bgFwpVpVykaQM=,tag:e+VzN0fnUttErPY5PtDctQ==,type:str]
|
||||
mautrix_whatsapp:
|
||||
env_file: ENC[AES256_GCM,data:wFP5rAzLZH4Lw0DX9FqFlIYl6R4hpiJ0PaylMDreSiN7K9OuBsaJDVhiaBzZM3XAYkLTy4ED4naZmW3wJiUc/H9IFXYY6NfWUlg/pAsfr5CUV3YxX9uu6QobNwUVY3cACvQ9D1YQjpc1VBMrqYE4DJNWk3rC5KHnVIYJgUjKNA+vOwEqCLt3wVE7HTQFoMj4nzAe0QU4qLHWy25LANQ2stk=,iv:04tYKOGbuJzKjZJR2x07Goovh80BBy7QJ4LKOwVdBRM=,tag:E1u75beb6N7WJyjZ4tDlLQ==,type:str]
|
||||
nextcloud:
|
||||
adminpass: ENC[AES256_GCM,data:RY2BsFDSttpr,iv:Mv22/Ht4Uq0miQjKgbnu37UCk/wZMyc6t9jrWkyXsxI=,tag:ScYTA46R0ZpkeqjhRsYzYg==,type:str]
|
||||
s3:
|
||||
@@ -66,7 +76,7 @@ sops:
|
||||
amRmVkVoS2RqeEs3OXZVeTlsZUVEV28K1WcbGJHT8LMah5b7NN1psiucTl1OfZYO
|
||||
4T3RDSQMB3qj1TGQSdixjwRRKbMGtL3LXnvkNd+caVi5Z9OkF1O9Yg==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2025-11-30T16:31:04Z"
|
||||
mac: ENC[AES256_GCM,data:74FbU0xXoMhVt+gYFnl3T3GeWdAzXTR7f3SZztTRwtgyEIX/ktvZsKXaAUstTbz5zjybBr5zlwwXKSIL2bM3R5oSva7LVNTkbLBPSad8/O8iQtq8BSKVVHFhvjBfAbpVmZVlUgNzUCS2X+bZwHO3Tl0KgEYozXPQa66jwTUVF0w=,iv:XebXM0AP+53qxWJMKSjqVJsdwWXwglcGmx1mqKgzcf8=,tag:yniIwNDOrSY7KFYDggb+/g==,type:str]
|
||||
lastmodified: "2026-03-31T18:42:38Z"
|
||||
mac: ENC[AES256_GCM,data:UaZRfVrPwTFUckYvUMWxtWrzuve3kYpDZ50VxqEmU5lEQxc0fSokHG1EX/SimfzGJm+Ps2GEswHDDbMkE4Qin5UBYEyFgZ/+opuAr+FUtt8vRg8H9ACuCELLYakc425Zb6l05EBnuCPdwbmAkOTy+4MGp6dFXQIqDPTpevdygKg=,iv:BcG7TjW9mI0IfsFjk1wbL5j/2Pba68EhYjSvobsEQRU=,tag:0pu10n18YqdiU96cFYQ5bA==,type:str]
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.10.2
|
||||
version: 3.11.0
|
||||
|
||||
Reference in New Issue
Block a user