Compare commits

...

44 Commits

Author SHA1 Message Date
imxyy1soope1 12d2b3ff49 chore: update flake.lock 2026-07-01 14:14:35 +08:00
imxyy1soope1 02953206f7 tombi: move to modules/coding/langs/toml.nix 2026-07-01 14:14:35 +08:00
imxyy1soope1 84485d9e8a python: pyright -> pyrefly 2026-06-19 15:29:05 +08:00
imxyy1soope1 7a84ae3b7a chore: update flake.lock 2026-06-19 15:28:57 +08:00
imxyy1soope1 7dc99f00cc chore: update secrets 2026-06-13 19:19:36 +08:00
imxyy1soope1 6149a5119d chore: update flake.lock 2026-06-13 17:19:49 +08:00
imxyy1soope1 bd6643edaf update ly config 2026-06-13 11:57:10 +08:00
imxyy1soope1 577aec6587 fix corrupted ly display 2026-06-13 11:57:10 +08:00
imxyy1soope1 c79a19d5ee remove getty-autologin 2026-06-13 11:57:10 +08:00
imxyy1soope1 cfe29e07ac workaround for EDITOR="nano" 2026-06-13 11:57:06 +08:00
imxyy1soope1 2b773af620 add codex 2026-06-06 22:09:47 +08:00
imxyy1soope1 ee9e812579 chore: update secrets 2026-06-06 22:09:38 +08:00
imxyy1soope1 00fd2e7ab9 fix sudo configuration 2026-06-06 21:19:34 +08:00
imxyy1soope1 2f90d7f0d0 doas -> sudo 2026-06-06 21:13:10 +08:00
imxyy1soope1 be6c838f19 update neovim config 2026-06-06 19:48:11 +08:00
imxyy1soope1 8dc7a7b90a chore: update secrets 2026-06-06 17:07:05 +08:00
imxyy1soope1 a3433735b7 update flake.lock; sddm -> ly 2026-06-06 16:42:57 +08:00
imxyy1soope1 df37f04bdc refactor: eliminate "_2"s
script: https://gist.github.com/lxl66566/697db0cccd04b7247dc9a0cfb96d328c
2026-05-30 23:35:21 +08:00
imxyy1soope1 67ceb5faab neovim: use tombi 2026-05-30 16:19:38 +08:00
imxyy1soope1 51a6bd3367 chore: update flake.lock 2026-05-30 16:19:13 +08:00
imxyy1soope1 3d2c6297a6 chore: update flake.lock 2026-05-23 16:19:24 +08:00
imxyy1soope1 2c9b2dc2b6 chore: update flake.lock; fastfetch -> fastfetchMinimal 2026-05-17 11:06:43 +08:00
imxyy1soope1 6c216af91e revert noctalia-shell update 2026-05-16 20:38:39 +08:00
imxyy1soope1 8e6d52b6b5 chore: update flake.lock; update noctalia-shell 2026-05-16 20:14:59 +08:00
imxyy1soope1 dbd97e0034 use kde to manage qt style 2026-05-04 11:41:05 +08:00
imxyy1soope1 39a9318f11 enable carapace command-line completion 2026-05-03 15:23:45 +08:00
imxyy1soope1 9117816216 enable nix-direnv 2026-05-03 15:23:36 +08:00
imxyy1soope1 0207a9cf3e init nix-racer substituter proxy 2026-05-03 13:10:47 +08:00
imxyy1soope1 f4b3db924f server: drop minio 2026-04-30 22:10:45 +08:00
imxyy1soope1 a1b5bee3e8 fix(server): nextcloud notify push 2026-04-30 21:54:46 +08:00
imxyy1soope1 e867539857 chore: fix server 2026-04-30 21:54:30 +08:00
imxyy1soope1 a1142405bc chore: update flake.lock 2026-04-30 21:53:27 +08:00
imxyy1soope1 91e1c07dcd nvim: unlazy guess-indent.lua 2026-04-26 16:52:59 +08:00
imxyy1soope1 ad7b2dd727 angrr: update settings 2026-04-25 10:30:00 +08:00
imxyy1soope1 7490e1b512 firefox: xdg 2026-04-25 10:29:47 +08:00
imxyy1soope1 43dcdfab27 chore: update flake.lock 2026-04-25 10:29:30 +08:00
imxyy1soope1 3a47cc56b7 use llm-agents.nix 2026-04-19 11:09:28 +08:00
imxyy1soope1 0cefd0799d niri: enable blur 2026-04-19 10:49:00 +08:00
imxyy1soope1 850f014a08 persist opencode 2026-04-19 10:26:07 +08:00
imxyy1soope1 8c10af7f58 update flake.lock; refactor impermanence; other minor fixes 2026-04-18 15:33:32 +08:00
imxyy1soope1 12c56e2283 chore: fmt 2026-04-18 12:25:33 +08:00
imxyy1soope1 de495a1195 feat(server): mautrix-telegram & mautrix-signal 2026-04-18 12:24:58 +08:00
imxyy1soope1 4cb4a6c48d feat(server): persist ~/.claude ~/.claude.json 2026-04-18 12:24:05 +08:00
imxyy1soope1 54d6eb73c5 chore: update secrets 2026-04-11 22:27:22 +08:00
63 changed files with 3818 additions and 1266 deletions
Generated
+354 -450
View File
File diff suppressed because it is too large Load Diff
+47 -7
View File
@@ -20,6 +20,7 @@
nixos-wsl = {
url = "github:nix-community/NixOS-WSL";
inputs.nixpkgs.follows = "nixpkgs";
inputs.flake-compat.follows = "flake-compat";
};
# Flake organization tools
@@ -40,11 +41,11 @@
# Useful modules
# keep-sorted start block=yes
catppuccin = {
url = "github:catppuccin/nix";
impermanence = {
url = "github:nix-community/impermanence";
inputs.nixpkgs.follows = "nixpkgs";
inputs.home-manager.follows = "home-manager";
};
impermanence.url = "github:nix-community/impermanence";
# TODO: sops-nix: remove pr patch once merged
# https://github.com/Mic92/sops-nix/pull/779
sops-nix = {
@@ -54,6 +55,8 @@
stylix = {
url = "github:danth/stylix";
inputs.nixpkgs.follows = "nixpkgs";
inputs.flake-parts.follows = "flake-parts";
inputs.systems.follows = "systems";
};
system76-scheduler-niri = {
url = "github:Kirottu/system76-scheduler-niri";
@@ -66,6 +69,9 @@
angrr = {
url = "github:linyinfeng/angrr";
inputs.nixpkgs.follows = "nixpkgs";
inputs.flake-compat.follows = "flake-compat";
inputs.flake-parts.follows = "flake-parts";
inputs.treefmt-nix.follows = "treefmt";
};
darkly = {
url = "github:Bali10050/Darkly";
@@ -78,15 +84,35 @@
go-musicfox = {
url = "github:imxyy1soope1/go-musicfox";
inputs.nixpkgs.follows = "nixpkgs";
inputs.flake-parts.follows = "flake-parts";
inputs.devenv.follows = "devenv";
inputs.nix2container.inputs.flake-utils.follows = "flake-utils";
};
llm-agents = {
url = "github:numtide/llm-agents.nix";
# Not followed intentionally (binary cache)
# inputs.nixpkgs.follows = "nixpkgs";
inputs.flake-parts.follows = "flake-parts";
inputs.systems.follows = "systems";
inputs.treefmt-nix.follows = "treefmt";
};
niri = {
url = "github:sodiboo/niri-flake";
inputs.nixpkgs.follows = "nixpkgs";
inputs.nixpkgs-stable.follows = "nixpkgs-stable";
};
niri.url = "github:sodiboo/niri-flake";
noctalia = {
url = "github:noctalia-dev/noctalia-shell/v4.7.5";
inputs.nixpkgs.follows = "nixpkgs";
inputs.noctalia-qs.inputs.treefmt-nix.follows = "";
inputs.noctalia-qs.inputs.nixpkgs.follows = "nixpkgs";
inputs.noctalia-qs.inputs.systems.follows = "systems";
inputs.noctalia-qs.inputs.treefmt-nix.follows = "treefmt";
};
zen = {
url = "github:0xc000022070/zen-browser-flake";
inputs.nixpkgs.follows = "nixpkgs";
inputs.home-manager.follows = "home-manager";
};
zen.inputs.nixpkgs.follows = "nixpkgs";
zen.url = "github:0xc000022070/zen-browser-flake";
# keep-sorted end
# Misc
@@ -99,6 +125,20 @@
flake = false;
};
my-templates.url = "git+https://git.imxyy.top/imxyy1soope1/flake-templates";
# Flattened indirect dependencies
flake-compat.url = "github:edolstra/flake-compat";
flake-utils = {
url = "github:numtide/flake-utils";
inputs.systems.follows = "systems";
};
systems.url = "github:nix-systems/default";
devenv = {
url = "github:cachix/devenv";
inputs.nixpkgs.follows = "nixpkgs";
inputs.flake-parts.follows = "flake-parts";
inputs.flake-compat.follows = "flake-compat";
};
};
outputs =
-1
View File
@@ -126,7 +126,6 @@ in
# Upstream modules
# keep-sorted start
inputs.angrr.nixosModules.angrr
inputs.catppuccin.nixosModules.catppuccin
inputs.home-manager.nixosModules.default
inputs.impermanence.nixosModules.impermanence
inputs.niri.nixosModules.niri
+1 -1
View File
@@ -14,11 +14,11 @@
inputs.fenix.overlays.default
inputs.angrr.overlays.default
(final: prev: {
darkly-qt5 = inputs.darkly.packages.${final.stdenv.hostPlatform.system}.darkly-qt5;
darkly-qt6 = inputs.darkly.packages.${final.stdenv.hostPlatform.system}.darkly-qt6;
noctalia-shell = inputs.noctalia.packages.${final.stdenv.hostPlatform.system}.default;
})
inputs.llm-agents.overlays.shared-nixpkgs
];
config.allowUnfree = true;
flake.setNixPath = false;
+5 -42
View File
@@ -31,13 +31,12 @@ in
services.btrfs.autoScrub.enable = true;
networking.hostId = "10ca95b4";
fileSystems."/" = {
my.persist.btrfs = {
device = btrfs;
fsType = "btrfs";
options = [
"compress=zstd"
"subvol=root"
];
mountPoint = "/nix/persist";
persistSubvol = "persist";
rootSubvol = "root";
zstdCompress = true;
};
fileSystems."/nix" = {
@@ -49,42 +48,6 @@ in
];
};
my.persist.location = "/nix/persist";
fileSystems."/nix/persist" = {
device = btrfs;
fsType = "btrfs";
options = [
"compress=zstd"
"subvol=persist"
];
neededForBoot = true;
};
boot.initrd.postDeviceCommands = lib.mkAfter ''
mkdir /btrfs_tmp
mount ${btrfs} /btrfs_tmp
mkdir -p /btrfs_tmp/old_roots
if [[ -e /btrfs_tmp/root ]]; then
timestamp=$(date --date="@$(stat -c %Y /btrfs_tmp/root)" "+%Y-%m-%-d_%H:%M:%S")
mv /btrfs_tmp/root "/btrfs_tmp/old_roots/$timestamp"
fi
delete_subvolume_recursively() {
IFS=$'\n'
for i in $(btrfs subvolume list -o "$1" | cut -f 9- -d ' '); do
delete_subvolume_recursively "/btrfs_tmp/$i"
done
btrfs subvolume delete "$1"
}
for i in $(find /btrfs_tmp/old_roots/ -maxdepth 1 -mtime +14); do
delete_subvolume_recursively "$i"
done
btrfs subvolume create /btrfs_tmp/root
umount /btrfs_tmp
'';
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/32AA-2998";
fsType = "vfat";
+1
View File
@@ -8,6 +8,7 @@
coding.langs.lua.enable = true;
coding.langs.rust.enable = true;
coding.langs.js.enable = true;
coding.agents.enable = true;
fonts.enable = lib.mkForce false;
persist = {
enable = true;
+36
View File
@@ -95,7 +95,12 @@
displayname_template = "{displayname} (Telegram)";
permissions = {
"@imxyy_soope_:imxyy.top" = "admin";
"*" = "relaybot";
};
relaybot = {
whitelist = [ ];
};
relay_user_distinguishers = [ ];
};
telegram = {
# borrowed from https://github.com/telegramdesktop/tdesktop/blob/9bdc19e2fd4d497c8f403891848383a88faadc25/snap/snapcraft.yaml#L134-L135
@@ -104,4 +109,35 @@
};
};
};
sops.secrets.mautrix-signal = {
sopsFile = secrets.mautrix-signal;
restartUnits = [ "mautrix-signal.service" ];
format = "dotenv";
owner = "mautrix-signal";
group = "mautrix-signal";
};
services.mautrix-signal = {
enable = true;
environmentFile = config.sops.secrets.mautrix-signal.path;
settings = {
homeserver = {
address = "http://127.0.0.1:8094";
domain = "imxyy.top";
};
appservice = {
address = "http://127.0.0.1:8102";
hostname = "127.0.0.1";
port = 8102;
bot_username = "signalbot";
};
bridge = {
username_template = "signal_{userid}";
alias_template = "signal_{groupname}";
displayname_template = "{displayname} (Signal)";
permissions = {
"@imxyy_soope_:imxyy.top" = "admin";
};
};
};
};
}
-20
View File
@@ -1,20 +0,0 @@
{ config, secrets, ... }:
{
sops.secrets.minio-env = {
sopsFile = secrets.minio;
restartUnits = [ "minio.service" ];
format = "dotenv";
};
services.minio = {
enable = true;
listenAddress = ":9000";
consoleAddress = ":9001";
region = "cn-south-gz";
configDir = "/mnt/nas/minio/config";
dataDir = [
"/mnt/nas/minio/data"
];
rootCredentialsFile = config.sops.secrets.minio-env.path;
};
}
+6
View File
@@ -73,6 +73,12 @@ in
"pm.max_spare_servers" = "12";
};
};
# Fixes `The following x-forwarded-for header was received by Nextcloud: "10.88.0.1"`
systemd.services.nextcloud-notify_push = {
environment = {
NEXTCLOUD_URL = lib.mkForce "http://127.0.0.1:8084";
};
};
services.nginx.virtualHosts."nextcloud.imxyy.top" = {
listen = [
{
+5 -42
View File
@@ -30,13 +30,12 @@ in
};
};
fileSystems."/" = {
my.persist.btrfs = {
device = btrfs;
fsType = "btrfs";
options = [
"compress=zstd"
"subvol=root"
];
mountPoint = "/nix/persist";
persistSubvol = "persist";
rootSubvol = "root";
zstdCompress = true;
};
fileSystems."/nix" = {
@@ -48,42 +47,6 @@ in
];
};
my.persist.location = "/nix/persist";
fileSystems."/nix/persist" = {
device = btrfs;
fsType = "btrfs";
options = [
"compress=zstd"
"subvol=persist"
];
neededForBoot = true;
};
boot.initrd.postDeviceCommands = lib.mkAfter ''
mkdir /btrfs_tmp
mount ${btrfs} /btrfs_tmp
mkdir -p /btrfs_tmp/old_roots
if [[ -e /btrfs_tmp/root ]]; then
timestamp=$(date --date="@$(stat -c %Y /btrfs_tmp/root)" "+%Y-%m-%-d_%H:%M:%S")
mv /btrfs_tmp/root "/btrfs_tmp/old_roots/$timestamp"
fi
delete_subvolume_recursively() {
IFS=$'\n'
for i in $(btrfs subvolume list -o "$1" | cut -f 9- -d ' '); do
delete_subvolume_recursively "/btrfs_tmp/$i"
done
btrfs subvolume delete "$1"
}
for i in $(find /btrfs_tmp/old_roots/ -maxdepth 1 -mtime +14); do
delete_subvolume_recursively "$i"
done
btrfs subvolume create /btrfs_tmp/root
umount /btrfs_tmp
'';
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/96D3-93B0";
fsType = "vfat";
-7
View File
@@ -131,13 +131,6 @@
".config/dconf"
".config/pip"
".config/sunshine"
".gemini"
".claude"
".claude-code-router"
];
homeFiles = [
".claude.json"
];
};
};
+5 -42
View File
@@ -37,13 +37,12 @@ in
];
};
fileSystems."/" = {
my.persist.btrfs = {
device = btrfs;
fsType = "btrfs";
options = [
"compress=zstd"
"subvol=root"
];
mountPoint = "/nix/persist";
persistSubvol = "persistent";
rootSubvol = "root";
zstdCompress = true;
};
fileSystems."/nix" = {
@@ -52,17 +51,6 @@ in
options = [ "compress=zstd" ];
};
my.persist.location = "/nix/persist";
fileSystems."/nix/persist" = {
device = btrfs;
fsType = "btrfs";
options = [
"compress=zstd"
"subvol=persistent"
];
neededForBoot = true;
};
fileSystems."/swap" = {
device = btrfs;
fsType = "btrfs";
@@ -73,31 +61,6 @@ in
neededForBoot = true;
};
boot.initrd.postDeviceCommands = lib.mkAfter ''
mkdir /btrfs_tmp
mount ${btrfs} /btrfs_tmp
mkdir -p /btrfs_tmp/old_roots
if [[ -e /btrfs_tmp/root ]]; then
timestamp=$(date --date="@$(stat -c %Y /btrfs_tmp/root)" "+%Y-%m-%-d_%H:%M:%S")
mv /btrfs_tmp/root "/btrfs_tmp/old_roots/$timestamp"
fi
delete_subvolume_recursively() {
IFS=$'\n'
for i in $(btrfs subvolume list -o "$1" | cut -f 9- -d ' '); do
delete_subvolume_recursively "/btrfs_tmp/$i"
done
btrfs subvolume delete "$1"
}
for i in $(find /btrfs_tmp/old_roots/ -maxdepth 1 -mtime +14); do
delete_subvolume_recursively "$i"
done
btrfs subvolume create /btrfs_tmp/root
umount /btrfs_tmp
'';
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/B7DC-E9AC";
fsType = "vfat";
-13
View File
@@ -78,12 +78,6 @@
};
my = {
autologin = {
enable = true;
user = username;
ttys = [ 6 ];
};
gpg.enable = true;
cli.all.enable = true;
coding.all.enable = true;
@@ -161,13 +155,6 @@
".config/dconf"
".config/pip"
".config/sunshine"
".gemini"
".claude"
".claude-code-router"
];
homeFiles = [
".claude.json"
];
};
};
+1 -1
View File
@@ -67,7 +67,7 @@ in
aria2
bat
comma
fastfetch
fastfetch.minimal
fd
fzf
jq
+1
View File
@@ -12,6 +12,7 @@ in
zsh.enable = true;
fish.enable = true;
starship.enable = true;
carapace.enable = true;
};
};
}
+17
View File
@@ -0,0 +1,17 @@
{ config, lib, ... }:
let
cfg = config.my.cli.shell.carapace;
in
{
options.my.cli.shell.carapace = {
enable = lib.mkEnableOption "carapace completer";
};
config = lib.mkIf cfg.enable {
my.hm = {
programs.carapace = {
enable = true;
};
};
};
}
+1 -1
View File
@@ -32,7 +32,7 @@ in
shellAliases = {
la = "lsd -lah";
ls = "lsd";
svim = "doasedit";
svim = "sudoedit";
nf = "fastfetch";
};
interactiveShellInit = lib.mkBefore ''
+1 -1
View File
@@ -51,7 +51,7 @@ in
};
shellAliases = {
ls = "lsd";
svim = "doasedit";
svim = "sudoedit";
nf = "fastfetch";
};
};
+37
View File
@@ -0,0 +1,37 @@
{
config,
lib,
pkgs,
...
}:
let
cfg = config.my.coding.agents;
in
{
options.my.coding.agents = {
enable = lib.mkEnableOption "LLM coding agents";
};
config = lib.mkIf cfg.enable {
my.hm = {
home.packages = with pkgs.llm-agents; [
codex
claude-code
opencode
];
};
my.persist = {
homeDirs = [
".claude"
".config/opencode"
".local/share/opencode"
".codex"
];
homeFiles = [
".claude.json"
];
};
};
}
+1
View File
@@ -11,6 +11,7 @@ in
my.coding = {
editor.all.enable = true;
langs.all.enable = true;
agents.enable = true;
misc.enable = true;
};
};
+5 -1
View File
@@ -14,6 +14,8 @@ in
};
config = lib.mkIf cfg.enable {
# workaround
environment.sessionVariables.EDITOR = "nvim";
my.hm = {
xdg.configFile."nvim".source = impure.mkImpureLink ./nvim;
programs.neovim = {
@@ -24,6 +26,7 @@ in
vimdiffAlias = true;
withPython3 = false;
withRuby = false;
sideloadInitLua = true;
extraPackages = with pkgs; [
# treesitter
tree-sitter
@@ -33,10 +36,11 @@ in
ripgrep # telescope
# language servers
vscode-json-languageserver
vscode-langservers-extracted
taplo
typos-lsp
# render-markdown.nvim
python3Packages.pylatexenc
];
@@ -1,44 +1,43 @@
{
"Comment.nvim": { "branch": "master", "commit": "e30b7f2008e52442154b66f7c519bfd2f1e32acb" },
"LuaSnip": { "branch": "master", "commit": "a62e1083a3cfe8b6b206e7d3d33a51091df25357" },
"blink.cmp": { "branch": "main", "commit": "456d38d1cd3743926f329204c2340f3e7840aad6" },
"LuaSnip": { "branch": "master", "commit": "0abc8f390b278c3b4aabc4c004ac8a088b65cf24" },
"blink.cmp": { "branch": "main", "commit": "3db7326f54b73df4789e0fd6274bedda33975fea" },
"blink.lib": { "branch": "main", "commit": "b127d48bf8e9ac9cf41f6e0fbead317503f76558" },
"bufferline.nvim": { "branch": "main", "commit": "655133c3b4c3e5e05ec549b9f8cc2894ac6f51b3" },
"friendly-snippets": { "branch": "main", "commit": "6cd7280adead7f586db6fccbd15d2cac7e2188b9" },
"gitsigns.nvim": { "branch": "main", "commit": "8d82c240f190fc33723d48c308ccc1ed8baad69d" },
"gitsigns.nvim": { "branch": "main", "commit": "25050e4ed39e628282831d4cbecb1850454ce915" },
"glance.nvim": { "branch": "master", "commit": "bf86d8b79dce808e65fdb6e9269d0b4ed6d2eefc" },
"guess-indent.nvim": { "branch": "main", "commit": "84a4987ff36798c2fc1169cbaff67960aed9776f" },
"indent-blankline.nvim": { "branch": "master", "commit": "d28a3f70721c79e3c5f6693057ae929f3d9c0a03" },
"inlay-hints.nvim": { "branch": "master", "commit": "11be32be3761c6263df2311afb6baa0de0863967" },
"inlay-hints.nvim": { "branch": "master", "commit": "297a65ab9543eb0850c1a55df4bb89e22cfec504" },
"lazy.nvim": { "branch": "main", "commit": "306a05526ada86a7b30af95c5cc81ffba93fef97" },
"lazydev.nvim": { "branch": "main", "commit": "ff2cbcba459b637ec3fd165a2be59b7bbaeedf0d" },
"leap.nvim": { "branch": "main", "commit": "b960d5038c5c505c52e56a54490f9bbb1f0e6ef6" },
"leap.nvim": { "branch": "main", "commit": "d3641f9aa86e7460b14d9f4479e7454f88cc6b2d" },
"lspkind.nvim": { "branch": "master", "commit": "c7274c48137396526b59d86232eabcdc7fed8a32" },
"lualine.nvim": { "branch": "master", "commit": "f5d2a8570f8b736ddb9bb4be504355bcd6e15ec8" },
"mini.nvim": { "branch": "main", "commit": "69b7433355664cf76898eb86a12a019f39bd86d1" },
"neo-tree.nvim": { "branch": "main", "commit": "84c75e7a7e443586f60508d12fc50f90d9aee14e" },
"lualine.nvim": { "branch": "master", "commit": "221ce6b2d999187044529f49da6554a92f740a96" },
"mini.nvim": { "branch": "main", "commit": "b2ac6522f7a54b475d9fad711b938eefc6d3d0a6" },
"neo-tree.nvim": { "branch": "main", "commit": "83e7a2982fd12b9c3d35bc39dd5877cd91a02a61" },
"noice.nvim": { "branch": "main", "commit": "7bfd942445fb63089b59f97ca487d605e715f155" },
"nui.nvim": { "branch": "main", "commit": "de740991c12411b663994b2860f1a4fd0937c130" },
"nvim-autopairs": { "branch": "master", "commit": "59bce2eef357189c3305e25bc6dd2d138c1683f5" },
"nvim-autopairs": { "branch": "master", "commit": "7b9923abad60b903ece7c52940e1321d39eccc79" },
"nvim-colorizer.lua": { "branch": "master", "commit": "a065833f35a3a7cc3ef137ac88b5381da2ba302e" },
"nvim-lspconfig": { "branch": "master", "commit": "cb5bc0b2b35a6d513e3298d285db81453e791f4f" },
"nvim-lspconfig": { "branch": "master", "commit": "229b79051b380377664edc4cbd534930154921a1" },
"nvim-notify": { "branch": "master", "commit": "8701bece920b38ea289b457f902e2ad184131a5d" },
"nvim-osc52": { "branch": "main", "commit": "04cfaba1865ae5c53b6f887c3ca7304973824fb2" },
"nvim-tmux-navigation": { "branch": "main", "commit": "4898c98702954439233fdaf764c39636681e2861" },
"nvim-treesitter": { "branch": "main", "commit": "4916d6592ede8c07973490d9322f187e07dfefac" },
"nvim-treesitter-textobjects": { "branch": "main", "commit": "851e865342e5a4cb1ae23d31caf6e991e1c99f1e" },
"nvim-web-devicons": { "branch": "master", "commit": "c72328a5494b4502947a022fe69c0c47e53b6aa6" },
"outline.nvim": { "branch": "main", "commit": "c293eb56db880a0539bf9d85b4a27816960b863e" },
"nvim-web-devicons": { "branch": "master", "commit": "dfbfaa967a6f7ec50789bead7ef87e336c1fa63c" },
"outline.nvim": { "branch": "main", "commit": "2a132953b944561d45b52e4541ebfff71934a742" },
"pest.vim": { "branch": "master", "commit": "60cae7ea1beb644ed40081a3ec213ea9061aba09" },
"plenary.nvim": { "branch": "master", "commit": "74b06c6c75e4eeb3108ec01852001636d85a932b" },
"rainbow-delimiters.nvim": { "branch": "master", "commit": "aab6caaffd79b8def22ec4320a5344f7c42f58d2" },
"rainbow-delimiters.nvim": { "branch": "master", "commit": "a798325b7f36acc62741d1029930a7b96d4dd4bf" },
"registers": { "branch": "main", "commit": "c217f8f369e0886776cda6c94eab839b30a8940d" },
"render-markdown.nvim": { "branch": "main", "commit": "54d4b5431e9634ee3d8d30784e017239b5b89d41" },
"ripgrep": { "branch": "master", "commit": "4519153e5e461527f4bca45b042fff45c4ec6fb9" },
"telescope.nvim": { "branch": "master", "commit": "f7c673b8e46e8f233ff581d3624a517d33a7e264" },
"render-markdown.nvim": { "branch": "main", "commit": "5adf0895310c1904e5abfaad40a2baad7fe44a07" },
"ripgrep": { "branch": "master", "commit": "82313cf95849bfe425109ad9506a52154879b1b1" },
"telescope.nvim": { "branch": "master", "commit": "7d324792b7943e4aa16ad007212e6acc6f9fe335" },
"todo-comments.nvim": { "branch": "main", "commit": "31e3c38ce9b29781e4422fc0322eb0a21f4e8668" },
"tokyonight.nvim": { "branch": "main", "commit": "cdc07ac78467a233fd62c493de29a17e0cf2b2b6" },
"treesitter-autoinstall.nvim": { "branch": "main", "commit": "b60bd6b84ec9bd3ce6447e51bff6ffc6142f60b7" },
"trouble.nvim": { "branch": "main", "commit": "bd67efe408d4816e25e8491cc5ad4088e708a69a" },
"vim-floaterm": { "branch": "master", "commit": "0ab5eb8135dc884bc543a819ac7033c15e72a76b" },
"vim-floaterm": { "branch": "master", "commit": "bb4ba7952e906408e1f83b215f55ffe57efcade6" },
"vim-repeat": { "branch": "master", "commit": "65846025c15494983dafe5e3b46c8f88ab2e9635" }
}
@@ -80,8 +80,9 @@ local servers = {
html = {},
java_language_server = {},
jsonls = {},
pyright = {},
taplo = {},
pyrefly = {},
-- taplo = {},
tombi = {},
ts_ls = {},
typos_lsp = {},
-- keep-sorted end
@@ -95,14 +95,12 @@ local plugins = {
},
{
url = "https://gitlab.com/HiPhish/rainbow-delimiters.nvim",
event = "VeryLazy",
config = function()
require("plugins.rainbow-delimiters")
end,
},
{
"lukas-reineke/indent-blankline.nvim",
event = "VeryLazy",
dependencies = { "https://gitlab.com/HiPhish/rainbow-delimiters.nvim" },
config = function()
require("ibl").setup(require("plugins.indent-blankline"))
@@ -110,13 +108,11 @@ local plugins = {
},
{
"norcalli/nvim-colorizer.lua",
event = "VeryLazy",
opt = {},
},
{
"neovim/nvim-lspconfig",
dependencies = { "saghen/blink.cmp" },
event = "VeryLazy",
config = function()
require("plugins.lsp.lspconfig")
require("plugins.lsp.others")
@@ -178,7 +174,6 @@ local plugins = {
},
{
"saghen/blink.cmp",
event = "VeryLazy",
dependencies = {
{
"L3MON4D3/LuaSnip",
@@ -198,6 +193,7 @@ local plugins = {
},
},
},
"saghen/blink.lib",
},
config = function()
require("blink.cmp").setup(require("plugins.cmp.cmp"))
@@ -205,7 +201,6 @@ local plugins = {
},
{
"numToStr/Comment.nvim",
event = "VeryLazy",
opts = {},
},
{
@@ -221,7 +216,6 @@ local plugins = {
},
{
"lewis6991/gitsigns.nvim",
event = "VeryLazy",
config = function()
require("gitsigns").setup(require("plugins.gitsigns"))
end,
@@ -273,7 +267,6 @@ local plugins = {
},
{
"alexghergh/nvim-tmux-navigation",
event = "VeryLazy",
config = function()
require("nvim-tmux-navigation").setup(require("plugins.tmuxnav"))
end,
@@ -299,7 +292,6 @@ local plugins = {
},
{
"folke/noice.nvim",
event = "VeryLazy",
dependencies = {
"MunifTanjim/nui.nvim",
"rcarriga/nvim-notify",
@@ -314,31 +306,14 @@ local plugins = {
},
{
"voldikss/vim-floaterm",
event = "VeryLazy",
config = function()
require("plugins.floaterm")
end,
},
{
"folke/todo-comments.nvim",
event = "VeryLazy",
opts = {},
},
{
"ojroques/nvim-osc52",
event = "VeryLazy",
config = function()
require("osc52").setup({
tmux_passthrough = true,
})
local function copy()
if vim.v.event.operator == "y" and vim.v.event.regname == "+" then
require("osc52").copy_register("+")
end
end
vim.api.nvim_create_autocmd("TextYankPost", { callback = copy })
end,
},
{
"pest-parser/pest.vim",
ft = "pest",
@@ -347,12 +322,11 @@ local plugins = {
{
"nmac427/guess-indent.nvim",
event = "VeryLazy",
opts = {},
},
{
"tversteeg/registers.nvim",
"https://codeberg.org/fosk/registers.nvim",
cmd = "Registers",
config = true,
keys = {
@@ -1,9 +1,9 @@
--- @type TSConfig
M = {
install_dir = vim.fn.stdpath('data') .. '/site',
install_dir = vim.fn.stdpath("data") .. "/site",
}
vim.api.nvim_create_autocmd('FileType', {
vim.api.nvim_create_autocmd("FileType", {
callback = function()
-- Enable treesitter highlighting and disable regex syntax
pcall(vim.treesitter.start)
+1 -4
View File
@@ -14,10 +14,7 @@ in
config = lib.mkIf cfg.enable {
my.hm = {
programs.vscode = {
enable = true;
package = pkgs.vscodium-wayland;
};
programs.vscodium.enable = true;
};
my.persist.homeDirs = [
".config/VSCodium"
+1
View File
@@ -18,6 +18,7 @@ in
java.enable = true;
qml.enable = true;
typst.enable = true;
toml.enable = true;
};
};
}
+1 -1
View File
@@ -16,7 +16,7 @@ in
my.hm.home.packages = with pkgs; [
go
gotools
gopls
(lib.hiPrio gopls)
];
my.persist.homeDirs = [
"go"
+1 -1
View File
@@ -16,7 +16,7 @@ in
my.hm.home.packages = with pkgs; [
python3
uv
pyright
pyrefly
];
};
}
+20
View File
@@ -0,0 +1,20 @@
{
config,
lib,
pkgs,
...
}:
let
cfg = config.my.coding.langs.toml;
in
{
options.my.coding.langs.toml = {
enable = lib.mkEnableOption "TOML";
};
config = lib.mkIf cfg.enable {
my.hm.home.packages = with pkgs; [
tombi
];
};
}
+1
View File
@@ -21,6 +21,7 @@ in
];
programs.direnv = {
enable = true;
nix-direnv.enable = true;
config = {
global = {
warn_timeout = 0;
+1
View File
@@ -0,0 +1 @@
/target
+2105
View File
File diff suppressed because it is too large Load Diff
+13
View File
@@ -0,0 +1,13 @@
[package]
name = "nix-racer"
version = "0.1.0"
edition = "2024"
[dependencies]
axum = "0.8"
reqwest = { version = "0.13", features = ["rustls"] }
serde = { version = "1.0.228", features = ["derive"] }
tokio = { version = "1.52", features = ["full"] }
toml = "1.1"
tracing = "0.1"
tracing-subscriber = { version = "0.3", features = ["env-filter"] }
+29
View File
@@ -0,0 +1,29 @@
{
lib,
rustPlatform,
}:
rustPlatform.buildRustPackage {
pname = "nix-racer";
version = "0.1.0";
src = lib.fileset.toSource {
root = ./.;
fileset = lib.fileset.unions [
./Cargo.toml
./Cargo.lock
./src
];
};
cargoLock = {
lockFile = ./Cargo.lock;
};
meta = {
description = "Nix substituter proxy with parallel cache queries and latency-aware selection";
mainProgram = "nix-racer";
license = lib.licenses.mit;
platforms = lib.platforms.unix;
};
}
+64
View File
@@ -0,0 +1,64 @@
use reqwest::Url;
use serde::{Deserialize, Deserializer, de::Error};
use std::net::{SocketAddr, SocketAddrV4};
#[derive(Debug, Clone, Deserialize)]
pub struct AppConfig {
#[serde(default = "default_listen")]
pub listen: SocketAddr,
pub substituters: Vec<Substituter>,
}
impl Default for AppConfig {
fn default() -> Self {
Self {
listen: default_listen(),
substituters: vec![
Substituter {
url: "https://mirror.sjtu.edu.cn/nix-channels/store",
penalty: 0,
},
Substituter {
url: "https://mirrors.ustc.edu.cn/nix-channels/store",
penalty: 0,
},
Substituter {
url: "https://cache.nixos.org",
penalty: 100,
},
],
}
}
}
fn default_listen() -> SocketAddr {
SocketAddr::V4(SocketAddrV4::new([127, 0, 0, 1].into(), 2048))
}
#[derive(Debug, Clone)]
pub struct Substituter {
pub url: &'static str,
pub penalty: u32,
}
impl<'de> Deserialize<'de> for Substituter {
fn deserialize<D>(deserializer: D) -> Result<Self, D::Error>
where
D: Deserializer<'de>,
{
#[derive(Debug, Clone, Deserialize)]
struct ShadowSubstituter {
url: String,
#[serde(default)]
penalty: u32,
}
let sub = <ShadowSubstituter as Deserialize>::deserialize(deserializer);
sub.and_then(|ShadowSubstituter { url, penalty }| {
let url = match Url::parse(&url) {
Ok(url) => Ok(Box::leak(url.to_string().into_boxed_str())),
Err(err) => Err(<D::Error as Error>::custom(err.to_string())),
}?;
Ok(Substituter { url, penalty })
})
}
}
+212
View File
@@ -0,0 +1,212 @@
use std::{
collections::HashMap,
sync::Arc,
time::{Duration, Instant},
};
use axum::{
Router,
extract::{Path, State},
http::{StatusCode, header},
response::{IntoResponse, Redirect},
routing::get,
};
use reqwest::Client;
use tokio::task::JoinSet;
use tracing_subscriber::{EnvFilter, layer::SubscriberExt as _, util::SubscriberInitExt as _};
mod config;
use config::*;
#[derive(Clone)]
struct AppState {
client: Client,
config: Arc<AppConfig>,
}
#[tokio::main]
async fn main() {
tracing_subscriber::registry()
.with(tracing_subscriber::fmt::layer())
.with(
EnvFilter::builder()
.with_env_var("NIX_RACER_LOG")
.with_default_directive("nix_racer=debug".parse().unwrap())
.from_env()
.unwrap(),
)
.init();
let config: Arc<AppConfig> = match std::fs::read_to_string("/etc/nix/nix-racer.toml") {
Ok(file) => toml::from_str::<AppConfig>(&file).unwrap_or_else(|x| {
tracing::warn!("Failed to parse config file ({x}), fallback to default configuration");
AppConfig::default()
}),
Err(err) if err.kind() == std::io::ErrorKind::NotFound => {
tracing::info!("Config file not found, fallback to default configuration");
AppConfig::default()
}
Err(err) => {
tracing::warn!("Failed to read config file ({err}), fallback to default configuration");
AppConfig::default()
}
}
.into();
if config.substituters.is_empty() {
tracing::error!("No substituters found");
std::process::exit(1);
}
let listen = config.listen;
let client = Client::builder()
.timeout(Duration::from_secs(5))
.pool_idle_timeout(Duration::from_secs(90))
.build()
.unwrap();
let state = AppState { client, config };
let listener = tokio::net::TcpListener::bind(listen).await.unwrap();
let app = Router::new()
.route("/nix-cache-info", get(nix_cache_info_handler))
.route("/{*path}", get(proxy_handler))
.with_state(state);
tracing::info!("Smart Nix Proxy listening on http://{listen}");
axum::serve(listener, app).await.unwrap();
}
async fn nix_cache_info_handler() -> impl IntoResponse {
let info = "StoreDir: /nix/store\nWantMassQuery: 1\nPriority: 30\n";
([(header::CONTENT_TYPE, "text/x-nix-cache-info")], info)
}
async fn proxy_handler(
Path(path): Path<String>,
State(state): State<AppState>,
) -> impl IntoResponse {
if !path.ends_with(".narinfo") {
let redirect_url = format!("{}/{}", state.config.substituters[0].url, path);
return Redirect::temporary(&redirect_url).into_response();
}
let start_time = Instant::now();
let mut set = JoinSet::new();
let mut penalties = HashMap::new();
for upstream in state.config.substituters.iter() {
let url = format!("{}/{}", upstream.url, path);
let client = state.client.clone();
let base_url = upstream.url;
let handle = set.spawn(async move {
let max_retries = 2;
let mut delay = Duration::from_millis(50);
for attempt in 0..=max_retries {
match client.get(&url).send().await {
Ok(resp) if resp.status().is_success() => {
let bytes = resp.bytes().await.map_err(|_| "Body error")?;
let text = String::from_utf8_lossy(&bytes);
let mut new_text = String::with_capacity(text.len() + 64);
for line in text.lines() {
if let Some(rel_url) = line.strip_prefix("URL: ") {
if rel_url.starts_with("http://") || rel_url.starts_with("https://")
{
new_text.push_str(line);
} else {
new_text.push_str(&format!("URL: {}/{}", base_url, rel_url));
}
} else {
new_text.push_str(line);
}
new_text.push('\n');
}
return Ok((new_text.into_bytes(), base_url));
}
Ok(resp) if resp.status() == StatusCode::NOT_FOUND => return Err("404"),
Err(_) => {
if attempt == max_retries {
return Err("Max retries");
}
tokio::time::sleep(delay).await;
delay *= 2;
}
_ => return Err("Other HTTP Error"),
}
}
Err("Unreachable")
});
penalties.insert(handle.id(), upstream.penalty);
}
struct ProxyResult {
score: Duration,
body: Vec<u8>,
url: &'static str,
}
let mut best_result: Option<ProxyResult> = None;
loop {
let min_active_penalty = penalties.values().min().copied();
if let Some(ProxyResult { score, .. }) = best_result {
if let Some(min_p) = min_active_penalty {
if start_time.elapsed() + Duration::from_millis(u64::from(min_p)) >= score {
break;
}
} else {
break;
}
} else if min_active_penalty.is_none() {
break;
}
let timeout_dur = if let Some(ProxyResult { score, .. }) = best_result {
score.saturating_sub(start_time.elapsed())
} else {
Duration::from_secs(86400)
};
if timeout_dur.is_zero() && best_result.is_some() {
break;
}
let res = tokio::time::timeout(timeout_dur, set.join_next_with_id()).await;
match res {
Ok(Some(Ok((task_id, task_res)))) => {
let penalty = penalties.remove(&task_id).unwrap();
if let Ok((body, url)) = task_res {
let score = start_time.elapsed() + Duration::from_millis(u64::from(penalty));
if best_result.as_ref().is_none_or(|best| score < best.score) {
best_result = Some(ProxyResult { score, body, url })
}
}
}
Ok(Some(Err(join_err))) => {
penalties.remove(&join_err.id());
}
Ok(None) => break,
Err(_) => break,
}
}
if let Some(ProxyResult { score, body, url }) = best_result {
tracing::debug!("Winner for {}: {} (Score: {:?})", path, url, score,);
(
StatusCode::OK,
[(header::CONTENT_TYPE, "text/x-nix-narinfo")],
body,
)
.into_response()
} else {
(StatusCode::NOT_FOUND, "Not Found").into_response()
}
}
+115 -9
View File
@@ -32,23 +32,103 @@ in
nh
];
environment.etc = lib.mapAttrs' (name: value: {
environment.etc =
(lib.mapAttrs' (name: value: {
name = "nix/path/${name}";
value.source = value.flake;
}) config.nix.registry;
}) config.nix.registry)
// {
"nix/nix-racer.toml".source = (pkgs.formats.toml { }).generate "nix-racer.toml" {
listen = "127.0.0.1:2048";
substituters = [
# {
# penalty = 0;
# url = "https://mirror.sjtu.edu.cn/nix-channels/store";
# }
{
penalty = 0;
url = "https://mirrors.sjtug.sjtu.edu.cn/nix-channels/store";
}
{
penalty = 50;
url = "https://mirrors.ustc.edu.cn/nix-channels/store";
}
{
penalty = 0;
url = "https://nix-community.cachix.org";
}
{
penalty = 0;
url = "https://cache.numtide.com";
}
{
penalty = 100;
url = "https://cache.nixos.org";
}
];
};
};
systemd.services.nix-racer = {
description = "Nix substituter proxy with parallel cache queries and latency-aware selection";
wantedBy = [ "multi-user.target" ];
after = [ "network-online.target" ];
wants = [ "network-online.target" ];
serviceConfig = {
Type = "simple";
ExecStart = "${lib.getExe (pkgs.callPackage ./nix-racer/_package.nix { })}";
Restart = "on-failure";
RestartSec = 5;
DynamicUser = true;
CapabilityBoundingSet = [ "" ];
DeviceAllow = "";
LockPersonality = true;
MemoryDenyWriteExecute = true;
NoNewPrivileges = true;
PrivateDevices = true;
PrivateTmp = true;
ProtectClock = true;
ProtectControlGroups = true;
ProtectHome = true;
ProtectHostname = true;
ProtectKernelLogs = true;
ProtectKernelModules = true;
ProtectKernelTunables = true;
ProtectSystem = "strict";
RestrictAddressFamilies = [
"AF_INET"
"AF_INET6"
];
RestrictNamespaces = true;
RestrictRealtime = true;
RestrictSUIDSGID = true;
SystemCallArchitectures = "native";
SystemCallFilter = [
"@system-service"
"~@resources"
"~@privileged"
];
UMask = "0077";
};
};
nix.settings = {
experimental-features = "nix-command flakes pipe-operators";
substituters = [
"https://mirror.sjtu.edu.cn/nix-channels/store"
substituters = lib.mkForce [
"http://127.0.0.1:2048"
"https://mirrors.sjtug.sjtu.edu.cn/nix-channels/store"
"https://mirrors.ustc.edu.cn/nix-channels/store"
"https://nix-community.cachix.org"
"https://cache.garnix.io"
"https://cache.numtide.com"
"https://cache.nixos.org"
# "https://mirrors.ustc.edu.cn/nix-channels/store"
# "https://mirrors.sjtug.sjtu.edu.cn/nix-channels/store"
# "https://nix-community.cachix.org"
];
trusted-public-keys = [
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
"cache.garnix.io:CTFPyKSLcx5RMJKfLo5EEPUObbA78b0YQ2DTCJXqr9g="
"niks3.numtide.com-1:DTx8wZduET09hRmMtKdQDxNNthLQETkc/yaX7M4qK0g="
];
download-buffer-size = 536870912; # 512 MiB
warn-dirty = false;
@@ -92,7 +172,33 @@ in
services.angrr = {
enable = true;
settings = {
period = "1month";
temporary-root-policies = {
direnv = {
path-regex = "/\\.direnv/";
period = "14d";
};
result = {
path-regex = "/result[^/]*$";
period = "3d";
};
};
profile-policies = {
system = {
profile-paths = [ "/nix/var/nix/profiles/system" ];
keep-since = "14d";
keep-latest-n = 5;
keep-booted-system = true;
keep-current-system = true;
};
user = {
profile-paths = [
"~/.local/state/nix/profiles/profile"
"/nix/var/nix/profiles/per-user/root/profile"
];
keep-since = "14d";
keep-latest-n = 5;
};
};
};
};
};
+82 -5
View File
@@ -10,15 +10,35 @@ in
{
options.my.persist = {
enable = lib.mkEnableOption "persist";
location = lib.mkOption {
btrfs = lib.mkOption {
type = lib.types.submodule (
{ ... }:
{
options = {
device = lib.mkOption {
type = lib.types.str;
};
zstdCompress = lib.mkOption {
type = lib.types.bool;
default = true;
};
persistSubvol = lib.mkOption {
type = lib.types.str;
};
rootSubvol = lib.mkOption {
type = lib.types.str;
default = "root";
};
mountPoint = lib.mkOption {
type = lib.types.str;
default = "/nix/persist";
example = lib.literalExpression ''
"/persistent"
'';
description = lib.mdDoc ''
Persistent location
'';
};
};
}
);
};
homeDirs = lib.mkOption {
default = [ ];
@@ -69,8 +89,65 @@ in
};
config = lib.mkIf cfg.enable {
fileSystems.${cfg.btrfs.mountPoint} = {
device = cfg.btrfs.device;
fsType = "btrfs";
options = [
"subvol=${cfg.btrfs.persistSubvol}"
]
++ lib.optionals cfg.btrfs.zstdCompress [
"compress=zstd"
];
neededForBoot = true;
};
fileSystems."/" = {
device = cfg.btrfs.device;
fsType = "btrfs";
options = [
"subvol=${cfg.btrfs.rootSubvol}"
]
++ lib.optionals cfg.btrfs.zstdCompress [
"compress=zstd"
];
};
boot.initrd.systemd.services.wipe-root = {
description = "Rollback BTRFS rootfs";
wantedBy = [ "initrd.target" ];
before = [ "sysroot.mount" ];
after = [ "initrd-root-device.target" ];
unitConfig.DefaultDependencies = "no";
serviceConfig.Type = "oneshot";
script = ''
mkdir -p /btrfs_tmp
mount ${cfg.btrfs.device} /btrfs_tmp
mkdir -p /btrfs_tmp/old_roots
if [ -e /btrfs_tmp/root ]; then
timestamp=$(date -d "@$(stat -c %Y /btrfs_tmp/root)" "+%Y-%m-%d_%H:%M:%S" 2>/dev/null || date "+%Y-%m-%d_%H:%M:%S")
mv /btrfs_tmp/root "/btrfs_tmp/old_roots/$timestamp"
fi
delete_subvolume_recursively() {
IFS=$(printf '\n')
for i in $(btrfs subvolume list -o "$1" | cut -f 9- -d ' '); do
delete_subvolume_recursively "/btrfs_tmp/$i"
done
btrfs subvolume delete "$1"
}
for i in $(find /btrfs_tmp/old_roots/ -maxdepth 1 -mtime +14); do
delete_subvolume_recursively "$i"
done
btrfs subvolume create /btrfs_tmp/${cfg.btrfs.rootSubvol}
umount /btrfs_tmp
'';
};
programs.fuse.userAllowOther = true;
environment.persistence.${cfg.location} = {
environment.persistence.${cfg.btrfs.mountPoint} = {
hideMounts = true;
directories = cfg.nixosDirs;
files = cfg.nixosFiles;
+7 -55
View File
@@ -2,6 +2,7 @@
config,
lib,
pkgs,
hostname,
username,
userdesc,
secrets,
@@ -38,67 +39,18 @@ in
};
users.users.root.hashedPasswordFile = lib.mkDefault config.sops.secrets.imxyy-nix-hashed-password.path;
security.sudo.enable = false;
security.doas = {
security.sudo = {
enable = true;
extraRules = [
{
users = [ username ];
noPass = true;
keepEnv = true;
users = [ "imxyy" ];
commands = lib.singleton {
command = "ALL";
options = lib.optionals (hostname == "imxyy-nix") [ "NOPASSWD" ];
};
}
];
};
environment.shellAliases = {
sudoedit = "doasedit";
};
environment.systemPackages = [
(pkgs.writeShellScriptBin "sudo" ''exec doas "$@"'')
(pkgs.writeShellScriptBin "doasedit" ''
if [ -n "''${2}" ]; then
printf 'Expected only one argument\n'
exit 1
elif [ -z "''${1}" ]; then
printf 'No file path provided\n'
exit 1
elif [ "$(id -u)" -eq 0 ]; then
printf 'Cannot be run as root\n'
exit 1
fi
set -eu
tempdir="$(mktemp -d)"
trap 'rm -rf $tempdir' EXIT
srcfile="$(doas realpath "$1")"
if doas [ -f "$srcfile" ]; then
doas cp -a "$srcfile" "$tempdir"/file
doas cp -a "$tempdir"/file "$tempdir"/edit
# make sure that the file is editable by user
doas chown "$USER":"$USER" "$tempdir"/edit
chmod 600 "$tempdir"/edit
else
# create file with "regular" system permissions (root:root 644)
touch "$tempdir"/file
doas chown root:root "$tempdir"/file
fi
$EDITOR "$tempdir"/edit
doas tee "$tempdir"/file 1>/dev/null < "$tempdir"/edit
if doas cmp -s "$tempdir/file" "$srcfile"; then
printf 'Skipping write; no changes.\n'
exit 0
else
doas mv -f "$tempdir"/file "$srcfile"
exit 0
fi
'')
];
nix.settings.trusted-users = [
"root"
+5 -2
View File
@@ -8,9 +8,12 @@ in
};
config = lib.mkIf cfg.enable {
my.hm.programs.firefox.enable = true;
my.hm.programs.firefox = {
enable = true;
configPath = "${config.my.hm.xdg.configHome}/mozilla/firefox";
};
my.persist.homeDirs = [
".mozilla"
".config/mozilla"
];
};
}
+1 -2
View File
@@ -2,7 +2,6 @@
config,
lib,
pkgs,
hostname,
...
}:
let
@@ -16,7 +15,7 @@ in
config = lib.mkIf cfg.enable {
my.hm.programs.zen-browser = {
enable = true;
nativeMessagingHosts = [ pkgs.firefoxpwa ];
nativeMessagingHosts = [ pkgs.master.firefoxpwa ];
policies = {
# find more options here: https://mozilla.github.io/policy-templates/
DisableAppUpdate = true;
+17 -1
View File
@@ -13,7 +13,23 @@ in
};
config = lib.mkIf cfg.enable {
my.hm.home.packages = [ pkgs.splayer ];
nixpkgs.config.permittedInsecurePackages = (
lib.warn
''
SPlayer still using pnpm 10.29.2. Check
https://github.com/NixOS/nixpkgs/issues/535580#issuecomment-4809489104
''
[
"pnpm-10.29.2"
]
);
my.hm.home.packages = [
# (pkgs.master.splayer.override {
# pnpm_10_29_2 = pkgs.pnpm_10;
# })
pkgs.splayer
];
my.persist.homeDirs = [
".config/SPlayer"
];
+11 -22
View File
@@ -2,6 +2,7 @@
config,
lib,
pkgs,
impure,
...
}:
let
@@ -13,19 +14,6 @@ in
};
config = lib.mkIf cfg.enable {
catppuccin.sddm = {
enable = true;
font = "Jetbrains Mono";
fontSize = "18";
};
services.displayManager.sddm = {
package = pkgs.kdePackages.sddm;
settings.Theme = {
CursorTheme = "breeze-dark";
CursorSize = 24;
};
};
my.hm = {
stylix = {
enable = true;
@@ -81,20 +69,21 @@ in
#QT
qt = {
enable = true;
style.package = with pkgs; [
darkly-qt5
platformTheme.name = "kde";
style = {
package = with pkgs; [
darkly-qt6
];
platformTheme.name = "qtct";
name = "Darkly";
};
};
xdg.configFile = {
"qt5ct/qt5ct.conf".source = pkgs.replaceVars ./qtct/qt5ct.conf {
darker = pkgs.libsForQt5.qt5ct + /share/qt5ct/colors/darker.conf;
};
"qt6ct/qt6ct.conf".source = pkgs.replaceVars ./qtct/qt6ct.conf {
darker = pkgs.qt6Packages.qt6ct + /share/qt6ct/colors/darker.conf;
};
kdeglobals.source = impure.mkImpureLink ./kdeglobals;
plasmarc.text = ''
[Theme]
name=darkly
'';
};
};
};
+140
View File
@@ -0,0 +1,140 @@
[ColorEffects:Disabled]
ChangeSelectionColor=
Color=36,36,36
ColorAmount=0.5
ColorEffect=3
ContrastAmount=0.5
ContrastEffect=0
Enable=
IntensityAmount=0
IntensityEffect=0
[ColorEffects:Inactive]
ChangeSelectionColor=true
Color=51,51,51
ColorAmount=0.4
ColorEffect=3
ContrastAmount=0.4
ContrastEffect=0
Enable=true
IntensityAmount=-0.2
IntensityEffect=0
[Colors:Button]
BackgroundAlternate=77,77,77
BackgroundNormal=50,50,50
DecorationFocus=52,120,218
DecorationHover=0,161,236
ForegroundActive=61,174,233
ForegroundInactive=199,199,199
ForegroundLink=0,100,255
ForegroundNegative=218,68,83
ForegroundNeutral=246,116,0
ForegroundNormal=241,241,241
ForegroundPositive=36,173,89
ForegroundVisited=115,115,158
[Colors:Complementary]
BackgroundAlternate=59,64,69
BackgroundNormal=49,54,59
DecorationFocus=30,146,255
DecorationHover=61,174,230
ForegroundActive=246,116,0
ForegroundInactive=175,176,179
ForegroundLink=61,174,230
ForegroundNegative=237,21,21
ForegroundNeutral=201,206,59
ForegroundNormal=239,240,241
ForegroundPositive=17,209,22
ForegroundVisited=61,174,230
[Colors:Selection]
BackgroundAlternate=29,153,243
BackgroundNormal=27,145,213
DecorationFocus=52,120,218
DecorationHover=0,161,236
ForegroundActive=252,252,252
ForegroundInactive=241,241,241
ForegroundLink=0,100,255
ForegroundNegative=218,68,83
ForegroundNeutral=246,116,0
ForegroundNormal=241,241,241
ForegroundPositive=36,173,89
ForegroundVisited=115,115,158
[Colors:Tooltip]
BackgroundAlternate=77,77,77
BackgroundNormal=59,59,59
DecorationFocus=52,120,218
DecorationHover=0,161,236
ForegroundActive=61,174,233
ForegroundInactive=199,199,199
ForegroundLink=0,100,255
ForegroundNegative=218,68,83
ForegroundNeutral=246,116,0
ForegroundNormal=239,240,241
ForegroundPositive=36,173,89
ForegroundVisited=115,115,158
[Colors:View]
BackgroundAlternate=54,54,54
BackgroundNormal=44,44,44
DecorationFocus=52,120,218
DecorationHover=0,161,236
ForegroundActive=61,174,233
ForegroundInactive=199,199,199
ForegroundLink=0,100,255
ForegroundNegative=218,68,83
ForegroundNeutral=246,116,0
ForegroundNormal=241,241,241
ForegroundPositive=36,173,89
ForegroundVisited=115,115,158
[Colors:Window]
BackgroundAlternate=77,77,77
BackgroundNormal=34,34,34
DecorationFocus=52,120,218
DecorationHover=0,161,236
ForegroundActive=61,174,233
ForegroundInactive=199,199,199
ForegroundLink=0,100,255
ForegroundNegative=218,68,83
ForegroundNeutral=246,116,0
ForegroundNormal=239,240,241
ForegroundPositive=36,173,89
ForegroundVisited=115,115,158
[General]
ColorScheme=Darkly
[Icons]
Theme=Papirus-Dark
[KDE]
contrast=0
frameContrast=0.2
[KFileDialog Settings]
Allow Expansion=false
Automatically select filename extension=true
Breadcrumb Navigation=true
Decoration position=2
Show Full Path=false
Show Inline Previews=true
Show Preview=false
Show Speedbar=true
Show hidden files=false
Sort by=Name
Sort directories first=true
Sort hidden files last=false
Sort reversed=false
Speedbar Width=154
View Style=DetailTree
[WM]
activeBackground=34,34,34
activeBlend=255,255,255
activeForeground=204,204,204
inactiveBackground=44,44,44
inactiveBlend=44,44,44
inactiveForeground=144,144,144
+41
View File
@@ -0,0 +1,41 @@
include "generated-config.kdl"
layout {
border {
on
}
}
blur {
passes 3
offset 4
noise 0.02
saturation 1.5
}
window-rule {
draw-border-with-background false
geometry-corner-radius 14.000000 14.000000 14.000000 14.000000
clip-to-geometry true
background-effect {
xray true
blur true
}
}
window-rule {
match is-floating=true
background-effect {
xray false
}
}
window-rule {
match app-id="kitty|foot|Alacritty|ghostty"
opacity 0.8
}
window-rule {
match app-id="org.gnome.Nautilus"
opacity 0.6
}
+9 -31
View File
@@ -3,6 +3,7 @@
lib,
pkgs,
assets,
impure,
...
}:
let
@@ -10,7 +11,11 @@ let
in
{
config = lib.mkIf config.my.desktop.wm.niri.enable {
my.hm.programs.niri.settings = {
my.hm = {
xdg.configFile.niri-config.target = lib.mkForce "niri/generated-config.kdl";
xdg.configFile."niri/config.kdl".source = impure.mkImpureLink ./config.kdl;
programs.niri.settings = {
input = {
focus-follows-mouse = {
enable = true;
@@ -76,34 +81,9 @@ in
matches = [ { namespace = "^wallpaper$"; } ];
place-within-backdrop = true;
}
{
matches = [ { namespace = "^waybar$"; } ];
opacity = 0.99;
}
];
overview.workspace-shadow.enable = false;
window-rules = [
{
geometry-corner-radius = {
bottom-left = 14.;
bottom-right = 14.;
top-left = 14.;
top-right = 14.;
};
clip-to-geometry = true;
draw-border-with-background = false;
}
{
matches = [ { app-id = "kitty|foot|Alacritty|ghostty|wofi"; } ];
opacity = 0.8;
}
{
matches = [ { app-id = "org.gnome.Nautilus"; } ];
opacity = 0.6;
}
];
environment.NIXOS_OZONE_WL = "1";
spawn-at-startup = lib.mkBefore (
@@ -139,12 +119,8 @@ in
"cliphist"
"store"
]
# TODO: Is there a better way?
[
"systemctl"
"restart"
"--user"
"noctalia-shell.service"
"noctalia-shell"
]
]
);
@@ -358,5 +334,7 @@ in
}) (lib.range 0 9)
);
};
};
};
}
+7 -3
View File
@@ -15,14 +15,19 @@ in
};
config = lib.mkIf cfg.enable {
niri-flake.cache.enable = false;
programs.niri = {
enable = true;
package = pkg;
};
services.displayManager = {
sddm = {
ly = {
enable = true;
wayland.enable = true;
settings = {
animation = "matrix";
session_log = ".local/state/ly-session.log";
shell = false;
};
};
};
@@ -77,7 +82,6 @@ in
programs.noctalia-shell = {
enable = true;
systemd.enable = true;
# modified from official Tokyo-Night theme
colors = {
mError = "#f7768e";
-77
View File
@@ -1,77 +0,0 @@
{
config,
lib,
pkgs,
...
}:
with lib;
let
cfg = config.my.autologin;
gettycfg = config.services.getty;
baseArgs = [
"--login-program"
"${gettycfg.loginProgram}"
]
++ optionals (gettycfg.loginOptions != null) [
"--login-options"
gettycfg.loginOptions
]
++ gettycfg.extraArgs;
gettyCmd = args: "@${pkgs.util-linux}/sbin/agetty agetty ${escapeShellArgs baseArgs} ${args}";
forAllAutologinTTYs =
config:
attrsets.mergeAttrsList (map (ttynum: { "getty@tty${toString ttynum}" = config; }) cfg.ttys);
autologinModule = types.submodule {
options = {
enable = mkEnableOption "autologin";
user = mkOption {
type = types.str;
default = "";
example = "foo";
description = mdDoc ''
Username of the account that will be automatically logged in at the console.
'';
};
ttys = mkOption {
type = types.listOf types.int;
default = [ 6 ];
description = mdDoc ''
TTY numbers for autologin.user to login to.
'';
};
};
};
in
{
###### interface
options = {
my.autologin = mkOption {
type = autologinModule;
default = { };
};
};
###### implementation
config = mkIf cfg.enable {
systemd.services = forAllAutologinTTYs {
overrideStrategy = "asDropin"; # needed for templates to work
serviceConfig.ExecStart = [
""
(gettyCmd "--noclear --keep-baud %I 115200,38400,9600 -a ${cfg.user} $TERM")
];
};
};
}
+1 -1
View File
@@ -17,7 +17,7 @@ in
sshKeyFile = lib.mkOption {
type = lib.types.str;
default = "${
if config.my.persist.enable then config.my.persist.location else ""
if config.my.persist.enable then config.my.persist.btrfs.mountPoint else ""
}/home/${username}/.ssh/id_ed25519";
};
};
+3 -1
View File
@@ -10,6 +10,9 @@
grub.enable = false;
timeout = 0;
};
boot.kernel.sysctl = {
"kernel.printk" = "3 4 1 3";
};
security.pam.loginLimits = [
{
@@ -42,6 +45,5 @@
# Desktop persistence
my.persist = {
enable = lib.mkDefault true;
location = lib.mkDefault "/nix/persist";
};
}
-1
View File
@@ -21,6 +21,5 @@
# Server persistence
my.persist = {
enable = lib.mkDefault true;
location = lib.mkDefault "/nix/persist";
};
}
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
+4 -4
View File
@@ -1,5 +1,5 @@
{
"data": "ENC[AES256_GCM,data:woTNsrZnU3IclRXuh41H82YHeFa6U8aT+ILtjUQ9P80Rz7sUwGinh7z+5bNJkhdTub4BZ+ySl8Ov0XfDKWClT4AmbcRCuwwN8BfOJ59v+fyzsBSu8Y7wXSPciY+T/4rn60HlnVCyjX23dMNWwuN08bS/4iDw+/Ur80/3li2Azl5+37y/S2ZbFU0FP3OCy/G5+rGI0IFTCzRMfB/wpDhesxGzi1epKWvFx0q1Qnv0SiaZlo8mpG+G997mltBMlVkmAiNq57VAVs1ZBDAOf56q1UUHMtExAQt0zad5YWZeBgXQYWG8AFgOhSBiqjpFkUkfysv1mYqWnA7Ej/fD/H8e1uckC6KT9m4w1l71JmIkuUMW8PN/66cGYwZ/gMrZTAwlaVqiYPE1ppmnvrQxukQMgj40y27sWauMK+biPRNTrkU7egjH0IHCHHE49vq3VDFa48SAYXiBCHV+e/Gy9Em1ImRn2lCzAoKUtI5ilccg6MyUbug+1aDWx5NBkhpVw751HyLiSjNyphzVZewo9hGun2F+Fl9NdhM5xpq4tM9bbnsm0y44Vt8FJU0dmY6lfq1qqI3MjLg14iET/WLTorxH0i1iJUYy8Z6FJ7ArGUv6qw7ECNH0ZeUiNk0vICniyRlr+9JGFiHesX5oajXVxOp6vA6FnA4j1jeUvOLViiRc8DxLZziyA7ZdKDXwPJ4JKA==,iv:Df76Q6DoA6lI6xv7nnN6bjsaMPK7dnM/WvVd/O4h6qs=,tag:Yi/inQbd1wCY+PPbq0By9w==,type:str]",
"data": "ENC[AES256_GCM,data:RZyNbgY+zGJWxLDUaEIYYLOMkNiFvkVTBTqjzyP6M/iiQFEQKYarUFxgBXU71aVl00/J8ykP5F6d9am9BqcmH/m/mlrLSlXk9Uh9KcnAJl/qzV0q64hyrA3rPO0HS8ipsaWPQqeUMc5U7cfwViviW0HASRbT07ihC3JzgwVa9ReDHcbxzY8m7PN8D5KpIkxItppGnCfe54kqdEg4Fn8vlMSnWbvpdV2XZ9r9klqu09ZRQ3QSaUTLNIAK+IG/AtgmeerZpUbFu9oKPB9ztqUYMZWlNV7g4h0uaz9UkM7T6HSn83m7JawKSabdTiTNL1ePu9/nuAx7+2vRgtnXBO4YTXu8ZRtcB5OmNCVOyM75gM/+gzYJwLfwPTx8GUi6TdoHV90myoE+TNr6jYao8N0yR/YgKEkT3YH7AmV1NKPkJjMOFG2AbpDgsX19WBo1ySVLKMurLUbTjLSIXkjCuVcw3pRVI3iXNlidogEoBSsyRN0qFnQ1V1LAAL55pM7a/Jelmm2ZNGomX/LXR24X1eM6t12rO8FgpUGTP7bdFAL02CEcydw0HsDRQd30ZKfPS/vTIYvxgx4TlM/L2E5E5s53xJZJ79LnPUgyKGdvKJcUIZm91OblRD44RmtQcZBlMRoZcc8UR81rV3/v+BsOw6xv8b7C+zDGHB5pTzEy7cc24jZwoF8JBeaJC0KK0tb3kQ==,iv:BPbyZwghZ4t7VTkXkPP80fg/7SFIbBTXLmH23yeWr9Q=,tag:XE8w5BN5coSaOGvN0J0m1A==,type:str]",
"sops": {
"age": [
{
@@ -15,9 +15,9 @@
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFhGYmtrZyBSSEdH\nOGZDWDFhMzB2aVErTDU0Vk1WbnBSa0hmTGNMaXI3aTBuQWMvQkRJCnFpYkRFblZV\nRzF1eGdmTzFQcGhTWFZKdmhyNzRHdEFFSjh2Tnl1NXlpSkUKLS0tIHFLSVJiRkpw\nV2taUVdlS1h1V1Y4aE5JUWVmK1d5UjRleVY1Y0VvcmQrMnMKpD5nffC057mv+1wz\nXL8bOS3vBFoupi7IbKw56e0nGkRuMq+Hf2eCKZDRRlLbIi353xXFki7PKDk7ltu9\n2olKQQ==\n-----END AGE ENCRYPTED FILE-----\n"
}
],
"lastmodified": "2026-01-30T13:42:20Z",
"mac": "ENC[AES256_GCM,data:xZmGhEqVh5SIcIfaqOSs1YV23QHXachtBx40C+oyasFvUBhqcniuDHcuFQSmzteywC6jH3r91ilppPjWERz6ml5cfHzBdkbirpbWJg5Hqj+yLz3f98tGkAMmZyc/zc6XkM9BbWQI+R3R9bEaFZ95bnzNeno0EwneEM4aGW1ZsKI=,iv:oz197xm93q7aG3utudgMr3nVdS1IcmTxfnhy7Jc1N9o=,tag:Ar4s0Yjb/xApc0YgpikKtg==,type:str]",
"lastmodified": "2026-04-11T11:27:59Z",
"mac": "ENC[AES256_GCM,data:aDtrtC+ZD/XCaq9B0aW7btIdrHVthcJ68+MXIIAzejIbGXbqOkk/o7xOyYGsKsCHkiJP+ppjHKKt8ase5CSieCCsosdOUoPForLEaBhu0y7QTRKMBxKhD+xMlsCgR6djKx42Z4gs3/qjox836JJV8x72HllbtTu/WzwaCR9qt50=,iv:qy2JSu/dSZE2xWmxOtzvGBjcu0BjYNVDdOMm+UDV+CI=,tag:4CfF54eYLtQkeA8X5COyxA==,type:str]",
"unencrypted_suffix": "_unencrypted",
"version": "3.11.0"
"version": "3.12.2"
}
}
+4 -4
View File
@@ -1,5 +1,5 @@
{
"data": "ENC[AES256_GCM,data:TroErAaIJCpWgVkxmoCgxCekphwh5x9oiFXnENXoiXiAaWnUWSB9y2sNbuGTxq8ngWt9pnZ4ZWWCiLaMvk1b/rjJCZzF3mJh/SuzqUkrayspTPcSTbQVHOHlrH7TKVSBJDQCZmAw0k4E0unSxoujEOorymzTY8ZxJTuSu3ugOez7Z48bDTgv4xMG9CvJku/HKakg/DgrAGaTXgfwal4hSB/9inNd9e1uq4clrkDhsN+zg6uJ+EHre/MUkf2MaIG5EI3y904+jm5Zvm5gTynPCjbVvVyjjXenGOwzS3fkxSVJjDvZItn3QZpKC/OqyrrX+c0zEiQMK880E1Ru4f13QphgWoMkthtdNSRoJqKHuK8UJ5onlfOmLkfQjKQ5cIYWgyI7dq5Rfx2yGbNMNEwAQodN3AC5NaLHdcFbs9Yi2VSAKbv5aEifizHYy3HgjxYcSW0EM53/Sn/CL8G2HK7ei7qeYbTT9bFbpgbPYiUeBuaN2Jfx13Mh5yWs98NhhIltjWtrtvvtBrBf7tPo2nAGVW781MaGF5uS44WVjxMMrFPq6WHRB9pwop5AS475h6ihmUIx4Pg/3JFV1uLXtvEeNuiBOULrwdkt1MXRxz6uiYux3WdWpljq1AIvRCLN3Ehi8VYEWyvEbP3gMp9EeOeJYXZ07hFV5dJCJTF7V1sP8GOCWmj0Ro61CEH13OA8V97M8Vi6ZdQg/o+Q,iv:1/HTU2AHTRSPun59Xa28yjlg312bTdDkiicQzO8515E=,tag:T/wEKWpWbhri1ZttG1JRwg==,type:str]",
"data": "ENC[AES256_GCM,data:EJjv/wFOznFk/cAv0CoOgHP0rT1ODGzDTF2X4m3rkoRuLMTnHioc6ne4FL2sbO0pVy796Yvi7CdILYo7yHFzw7Ea+1+Gqh4abbgMBDtgKturDEMotG+prYVq5pvx8POO8KDZ4E6EaZarGGTSLgzQnF3rxN4rSSxE/AbTdln6uITa8Q61UMOY9E8RCsWyO4wY+BwGI1FBPaEOKCqQmdq69h4db/m8pkAWdDczZwKht5GSLIQuEPmpONTPPRI6ny9y2I4lVIPaSoNYWSUKiOMRkSItSjk+Vo47iACFW40mSdeayXmilHQk1uBcUKaPqtbm9eSkZa9OAaTTaSzPiwbfiVmS4KN6oDO/3Vx14DBsaokfW8wl0uyq4hTgfyVUL8ArC5SPlAW4flHxgTt0HzK8+GBA4cGak9qf5vH9wloccV2UkX1e7YUkRj1p+rZl/HnvmVatfGlkgwcniORmSzYNcDmr8OneWVkTpUTwrT31ZLlkHftBpTuhP0NE5AIXGBDy1TIHrOkE9Q4BxDcKuTj2mM8AHKrkejl5nofHNw4NpKGRpvZjdN7A2H4tF7+e9x9VxX7kkPNrQ1MqaQjspOKztN5BL261nKPG/4jnxnyL5gB1xWMn/ifuUB4FM9meUDscN/xQQCnHU4uy5NEE5qO74vIywGmQiXDnAjLSi8nSGNHFhbg5B3vAqxpJH5m/Xa+phgP9aqkdYDP5,iv:4qLwVMpsCynVNJa4FeiIfwsGoBvCg0JgJl8oqoVA3U8=,tag:lIBZCdeR7LX/S0OyJ7KkYw==,type:str]",
"sops": {
"age": [
{
@@ -15,9 +15,9 @@
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFhGYmtrZyBFZ1J2\nNk9yWUNaemVBOFRiVmdmWGdRWVN0UG5Hc1lZRTBiaHdnS0E2UlN3CitPUmdjdVdu\nS1FXbjVCRkxZUk5KdW0xRzNheWJ1TWVYcUJMK3k0TlRFSWsKLS0tIFJSTlN4a29x\nWG8zUlcvYmlZQkQwT3hlWFlOVUIwSkt3SE5RTzhQWVIxUkUKVSMJtNCEZ1KpcUgQ\nkuTFjaBHvizq980kkbNbD4FgeCAPZ3CwXA8/nKhN03iPeFqwX5AsO0n3+ge/qMnO\nkoRc/Q==\n-----END AGE ENCRYPTED FILE-----\n"
}
],
"lastmodified": "2026-01-30T13:42:30Z",
"mac": "ENC[AES256_GCM,data:KuB/Zdzy5gKDayUY0YhSNrKMnG1tdzRnxZvsTjj79lYoZzQ/9Tw1mAmn3vBjJx/aZtpXusxN12uxP1vzqFoAOpvbXGTDRv7fhCaq1CSayWSrhddwRlAIaQ6tUAOOu/fcoofTB6KWJNFhhDwn+o5lF48cgp1m7SL+op1NDkXBoK0=,iv:J0jUA9LfBoT1hBgoItqYdM6MmRhamTZCo9/TJKF18ck=,tag:SynvQk7+D83JAikLH4HNSg==,type:str]",
"lastmodified": "2026-04-11T11:27:20Z",
"mac": "ENC[AES256_GCM,data:ShLwbQvfJVDXyhu6Yf1m93BVQ8s39ATOAugtP3iO0dwqJSd1mR7njh+2emoFIIy3Bn7RkgJVcLuuj4oWWZ6v4nPemSrCwwj1hPSMU1EjqRFGjPaHGj8S7KmKldanHpUCXMuEKoCDT5B2ye9kmANAitn6X8GhoWb7NcCvkW4C7pw=,iv:tMv/P24PNioV9Ot8U1avbifGq1EJHkqIpyUX01Q+1uw=,tag:heOlnL+Abjbg8CGQmEmmsA==,type:str]",
"unencrypted_suffix": "_unencrypted",
"version": "3.11.0"
"version": "3.12.2"
}
}
+4 -4
View File
@@ -1,5 +1,5 @@
{
"data": "ENC[AES256_GCM,data:pOo8Rmhpw99QVkUKR/MHo1MoRfKzWgiqXxxX22g2ZzjvinCO9X/N6m63I1XlpiOMVmpEvzFtvQXfaZy7a4D4qLmpa48jsEgGLPm8QXbPFpXNCAVLKU10msKxw/m04dZbB6fJADvG5TM6wMFmsETLl0wMPXPffW2SI4CysSZsmSXUZKGAKjr4sPkUCDW9iiCKTo75r5eLVE3HH8j1OeIknzTDX4zJkoci70pVm7CnKi7bjt515cbq3V9aug7U34I79UlGOB0NWNEU10KodbjnZlY56+K0UBsz5ao+BwRIbxf40a5QUXd0bluqzHENpXlsUja0eSKG1kWFsB+ek5S48GA1SjRkXpStvZoHpUZ7YjeENdqvS1rjteUkrexSB0h3PntJmreERcZoO+MJYVsa5MpF8VkEz6oI9v+ECUA70YEZw7IszsHhq3NnR21aUTok/S23XpbEbxFuKdseQ+8VrBI6z+udIS8o579xcLBXSDhe9vvrdqjMw4enQI03/eKWMjUD8e5r6VbzSaNIQAeh+D9A0CR8EceyFcccY9/XfB2iPzVK1F/PaiAh6oMxWRnyj2wg3GWVoxNHsOKloWfPN68X30V5izvIWlmStRfjvC7yakEde8B6V3PabO8rQlezuasNCvqKIw==,iv:eKRT3L7YXMpJa+QGy7MuB73RsjVIZlaXbc2A2UKrZzw=,tag:7YZ2pqP0xUo9N2ByTEwW/g==,type:str]",
"data": "ENC[AES256_GCM,data:SyqN/4fc7lm3Ef3b2jQ/na5g8bkHq8hwJGMBrJwD4LsZpF3NHWhOpgnsd2BmxVrMEtVidyDEkEGH/xkb5eOgCmqzlkocVwwCwNRutFJxnPePtOGIvnBoIiLgMRl4XLhBMyNeGfLSZCpq8F2U2KuAnsSNV7ZaF/uGyrcykXw21w30HigDQsAbrRKpaz4TMtEdBPjsGhif7/r/HXDD+c6KOikcvVbAtsUJzplHUtSzP0KkjN7BeEfrLkLiMJwWOSn2hc8ITtY/uyUkUDR/7+l/GGCMmucHrnJHrTWkjI3okToC/fSOd0oPV5tOkI1GoAdz2eZ6bR1dq7xcQceKepqf7cC2oXowAG3xQcSGWUvyrbdhZ8NtLhpzFVcFlazdG80e59CjkvfUWv5YyAnwbSRjBanAnm/TjaP+UnhXqd03mzcqrrglvwcIFRnshu2GQCWXg0If+q2pbyafdqjAi1yPleJZa+QZ8OQkjfG/HUeLyZe6QPIpzJ4wDyA98piI8VAJsPfBsQiFdsT1dtNeroDesy6fypbHtZgkm8kWlJEdutcUzSm+sFVTeLjyifrehiTrGQJfRzFrDjStd43hkVCRuDjmCd6JVxKk1Eqg5isF9GPrpyAgLwQt01RaRnLB/m70pytW6prUmw==,iv:c5sJKTvsBEvV4x+o6LUjJzDGb2JiM4cHkz+IoDSygc0=,tag:3tdJnCQawrawd5jVrls8Qw==,type:str]",
"sops": {
"age": [
{
@@ -15,9 +15,9 @@
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFhGYmtrZyB5RjZU\nR0RVcTg3L3RQSmZnQnJhNm5vaW5URkNySUNORVJTRzVyWVVHdHdvCkd6Y2tvV1Av\nSjF6NkVNNjdKWnZyNi96bU9sY2VkalJNdWpxQUcyT2R3MFkKLS0tIEpkeFpWUE9t\nY0ROMS84QmM2U3M5aUN3ZkdQZi9JYnZCRzl4eDg4NzlrUW8KcuCDvvHFl/oyjVAo\nDlH1OOwPELWVWqckshUkX1MCMW+Qcv5R52jICVlyBVsyb+eiX4Bxgo4KM352KhWB\n5hPnIg==\n-----END AGE ENCRYPTED FILE-----\n"
}
],
"lastmodified": "2026-01-30T13:42:54Z",
"mac": "ENC[AES256_GCM,data:dRhW2TK8VoeAAgxieq13N9DOpDebn23pzSGVOUR1CREv7xBlQNbbG5oZ8wtOMmVPtYYITsbrP+83Bvc3hAgF+TJ5Q+bUIc79YrpKE4JQpIkF54XWuQS+xr6CQViRu9IkNSAINSDBGC/h7TQJbU+VynUbwTTJWdDwFOZRDCWxlXY=,iv:33D22OwdZ/0p5PTy6iPjoiOOHqMA12NTCYSWSUMTQ6U=,tag:Kal99S7ufV+JsTspWaX7OQ==,type:str]",
"lastmodified": "2026-04-11T11:27:37Z",
"mac": "ENC[AES256_GCM,data:b0n/SPZj06qfPOiHvNPw6bmkpka5oqYUL+Hs2X0tLZUsE5QkXvRFq7VxJDakc76EAMBkwjOyHXAAjKx/memZXBwXhUvCpGUNt4lwNxPect5kl3+HHSVAHrmqIH5hccImXNLayBcr4VlRGiXAZwWiS26td1PHq6EzkR1nNCz9nfE=,iv:YO0TqCST3ZkP/2NaBbkAPkHbFCD2kXPMu6ms0ySzAIE=,tag:0BO+AnbEzCUGP2lNW7/31w==,type:str]",
"unencrypted_suffix": "_unencrypted",
"version": "3.11.0"
"version": "3.12.2"
}
}
+4 -4
View File
@@ -1,5 +1,5 @@
{
"data": "ENC[AES256_GCM,data:bNSkFEL7BCq7LJYzK1X0Fn8To+So2+QTSFUN1DZDFlvekywoebj7txSM7jSQKYC3+Henond0MRRsriVOHu61i/k/i7fjOHPi93of4ny5wcS+t3NrFvN3RufNjQqe8CD+y4mDaUge8GGrFBWhtQV+1uw5hbXFOIq8l9JqkfJ8y6bhBi/fznCdO847zvZ0hAesjmrE/tflWn/T7pkNnfrVFOJR0FnXsVavlAVbSxtsrppaZPOgJFNwJ4ch6rP5PxHSyCpsbkak9H2nJOWJdXKGobKG3g01YCjgYMOX9rIfOnFcCBNyZWPGLx9ZT0h4XsHWM++L9lCNHjy4Z40wyl7YMq797HlKEcGEv2RM2KsfO/66836v3JzT6ZAO32otCbSa8e5vaYSKBZVZM/wrzNcE/XTNDRAQij3a3+bZtZDnxhZSQ3FJQVGm4agCbbO8Dqx7buWHGhgMmxnR6ClC3Ilgm9GHAWKXPBCDT3IEgc6S2g5MVKurKcR2Abffl/mN6KQjNocbIXKMu+dvInuW+30Mit5dp/dYBmWIrRqKO/hQtwDFp6jLHo4O+7h7/2YJDlh07W+ejT7vJy1+C0K4eAXSoGTahSgo61Y2F8LKHGBwAxl8N4ri0jKKOH7wB4pkyU+ryjQaeFhB6g==,iv:8f9JchFynDlOnYjrJiK/9ltkykaw5J8rWDwt+QFwzOc=,tag:owaHraC+WUQKn7hMXHcCaQ==,type:str]",
"data": "ENC[AES256_GCM,data:xZFoibSkPakh2VMwyrj0+7Epgo3kcJ92TV5/xg8BE3k+cefghPQzXfkIJWsqwgWoDSaHBpb0L6R5TyzAtSrmPEmyM409jiI0I7TtzZDMi+tp4YgF7cC0kW8rU7GwfKwreRm5+B3B093EO0jVfL+Qd7uab8/DZY/Qw3Ys8Q5AFQI4vav8dHP4pLWqINEA9gpzzGWfuVBVX2v8GKr7o/2sYNhw76jDcpOrY0O91hPe85ybzG7Acn9Of5hGgSAz7J4NI0SZecTTDWec7GfdOYPlQnBJTSPRe0fT0aMpP8KfTmWmr1GttgK6HeqL/kPy1MiyfuMNfbse9oJZBIq8puM6UFj+cerG+86UbEFS09zO87p3/uCxmPaPYGEl53Y/LMtLNMy/m96hsQtvwiu7yJXLLco9K1i5sCRvQZ6gZ+YYEimCdJQBYu7E8sh2hNwyeV5O6O0fsVGmP0L1v1S5Ea+QrX+1OXG/hhP8pLgco5IVKo9nQ2SKVmHil6/ONz97KmYKbP247w9qWGCBRj1LQ6DTw5LlUcakHfG+M1BUCW7sl1kqIAvvUwDzQiQhxXTJQcBQoXI3aG41Plrn8RW0zjBdyFhpDuABtg1kmWiliNA3YXyu6sy42ARieYJ8I3L2FKgA91HMiWDK9g==,iv:gg3DqBfY/h6oGJy3BdG2AgwSx781daXRk8NADPUH1P4=,tag:6M49wP/dVh8fWoD+Ij9+5A==,type:str]",
"sops": {
"age": [
{
@@ -15,9 +15,9 @@
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFhGYmtrZyA4RjNs\nWlYvc0tEN2hOUTA5SEV6MUhTeFViRTBqVWJLcGVDZ0JROCtONlQ0CnU0Z2FWQUlw\nakt0dk1nbVFHaVlyMjBqS3hCSDdHZEYwT0pXaXhOclFvSjgKLS0tIG9ZZUQ2dTI5\nWFVJanhac0QxVHM2b04wNE1jcHdHa3JJYzBlTE1iS1ZPTHcKZPvA9MwYT4JfG3/F\nqSI09TWeEv7TAWGeZr6OS++egtpdVoM3hF8s1B1TZb3bf/BMqo49NEkvD56pOKvo\no0jjHw==\n-----END AGE ENCRYPTED FILE-----\n"
}
],
"lastmodified": "2026-01-30T13:42:41Z",
"mac": "ENC[AES256_GCM,data:SRxuYiRBCgdYid5GlYDoPbhPWuNPq2A+ItvIuEg8H2RZPpovbdDaj1wO7Jkioy+s5bbf4d8eha3v7hXOmU8cMJ7VdTfQXbJlYMGvGoW14G3d13lT8pyb1goswatF4U9CkSBDVLyyCARloLQQD4jfrts7kvdif/Z8kikStpvsHw0=,iv:h7pf0aAVAEkw1b0W9aYIEYVdq43tByngFI0z1xw3lqE=,tag:/URMCOLxBWxLdXNDr5e0Ig==,type:str]",
"lastmodified": "2026-04-11T11:27:08Z",
"mac": "ENC[AES256_GCM,data:2wToD3ihDP4FMMcqZk/DPRaZMdscsUKHxcObDKyr+ZV7Dz4/EuLU3gAZEjlqNXqBOjqh7sMf5U3QWSimQ5ZdVE4XAl7GCCbi2UITcTiyot2ZraU264wcQAxhNck2J32zJcAUSOK/3w8s6gCkb/u9HqORMPn/N89eAsO1ZvZ2ikY=,iv:1yw3lTrKRat5J0p1kSjBE64atrUz9XvKzcpZD/ffW2I=,tag:1TWz+U2IhNm9q0IHhUeWQg==,type:str]",
"unencrypted_suffix": "_unencrypted",
"version": "3.11.0"
"version": "3.12.2"
}
}
+11
View File
@@ -0,0 +1,11 @@
MAUTRIX_SIGNAL_BRIDGE_LOGIN_SHARED_SECRET=ENC[AES256_GCM,data:1ruOcaLzDndGuCed9yhlBJb6kxpkBvSDl8uPZNsIa7EHVN7xLrquo5hCW7pMneTmJbulvVM5wm321WAaeTOj0jx/gkkCnh0duja2,iv:IVtdYE67ArlQN94q/TlY3oFzoYHBQxuPLu8ClDu0798=,tag:zjnFtvBdryZSiL6Y3J4g1A==,type:str]
sops_age__list_0__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDltTWRrUSAyUGVr\neFhRVERqUy9pRkFNRUVvQ3NMNFlnZEtQVnNhaWZJbzJUUWN4cG1ZCkduU2NJYnIz\nWm9vWHpGS2hPL1ZNdlhHRWJDaGJYOVFucXA3QktLV1VOdDAKLS0tIDROd2dtMm4v\nN1ZETmxkemk5RFNsU3AzTEphYlVKMTVzajFQNytRRGNBUmMKEwwN7MnPNP0ze0XJ\nm7QTQJhnd9QihXpGVYWKneL2Ef2YU1FZGUPOez9syDRepY/tl8jSFo77+aCLJ2/H\nPzM/4Q==\n-----END AGE ENCRYPTED FILE-----\n
sops_age__list_0__map_recipient=ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOEFLUkyeaK8ZPPZdVNEmtx8zvoxi7xqS2Z6oxRBuUPO
sops_age__list_1__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IHJNY1d1ZyA0S0VJ\nTlVpOStxVU1rZ0E2MVVNWmI0d0VxMStSeFJ3dnpONTR3N044dWg0CnZBOFpDbkw3\nWjJ6ZHRQaDNaV2JDNHRYWkdSOVFBSDF5M0kvOExaSnBCeGcKLS0tIGJOSCtHRlNt\ncmpYTmN4dklYWEp1WjR0Uk16VkJjRFNqb2hQNEZHSkdSa1EKpO1hMZr1NTzrEbCr\nycIvP4J3U9X1iTAL2/R98lOhUVPWlu7QN1GWvQIyB3TInTIpKNVV1Q8nkrq8GSFG\n6QHTCA==\n-----END AGE ENCRYPTED FILE-----\n
sops_age__list_1__map_recipient=ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB28jpN+h5euh3NtdN+A+EtqgIatC22e4i1TPTioKire
sops_age__list_2__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFhGYmtrZyBWbk1h\ndVhCL2kyczUvR09YY3lvYXlmeExjdHYvd1dNQktHcUFVeWdYeFQ4CmJQSTVjY1Bq\nLzh1ZnpEWVJvaUZCeU0rMk5UWXBmMmNDMi9xTERlSlIyd1kKLS0tIHJaYlpaQmtE\nd21nQThCTXBVU0RJRnV0OHFTcWZYeSt4eWlmQVVyUWNSdGsKaPXqoSWS87MOHETx\nl7dbIo4maAV+eXbAbEYF2dZzw+Fea5vTrfsg1QQ4YVNGib7o8nvG2vouMyqq6vI3\n37HGfg==\n-----END AGE ENCRYPTED FILE-----\n
sops_age__list_2__map_recipient=ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMb5G/ieEYBOng66YeyttBQLThyM6W//z2POsNyq4Rw/
sops_lastmodified=2026-04-15T09:41:45Z
sops_mac=ENC[AES256_GCM,data:yh+dEf2fPHMBLppZ7/oMk7iBZnKJ3Jsiq7H6Kla5/r3/ERHZl1d1TPWwIOAwcc4yOiVKCAgXxN+mY/w9Nn0AbfpXUDYgQPoWMZPuAC97eXsCutzOM6GXdmxuIL3Glah4dAYP6Bj34nuKpp4+G6m08Eni65wQJUYRyY6JQHnc5Kc=,iv:Xmnm2VjIVxtIH5TSnWnHQUq22DbubdrZshWZzX+NeF0=,tag:LD8HBRa/vWERhrA3DzMzIg==,type:str]
sops_unencrypted_suffix=_unencrypted
sops_version=3.12.2
+4 -3
View File
@@ -1,13 +1,14 @@
MAUTRIX_TELEGRAM_APPSERVICE_AS_TOKEN=ENC[AES256_GCM,data:B+gL1Ai045XiEcBkFcaEwByEdHgCrbc00Efd/WEb/s1l3rhIqdEmdyhnpqYJQojDQ8cQfYb1gMOW38sZ0GL4zA==,iv:F3Y92S3rM1qUrRN0cR5SFep+ExeP90l/oiWmrDk4yfc=,tag:CZrujwoVdGFiDKMxgM1tCg==,type:str]
MAUTRIX_TELEGRAM_APPSERVICE_HS_TOKEN=ENC[AES256_GCM,data:LDNVwG4cOqgb7stZFCAbzBpqTvt+kcuItaVGrM6Zd1wpxTZJ+sHQTf7acCh1obxdw1S13j8Kw2FsmBk4ojkWtQ==,iv:WJrt9G6BhZTuCxxC9A2AlRvon/MlCa9Y5dGNZ2DO7Mw=,tag:H0SLY4E/G1eJ0Tua+/zxww==,type:str]
MAUTRIX_TELEGRAM_BRIDGE_LOGIN_SHARED_SECRET_MAP=ENC[AES256_GCM,data:UcpnOqYwa3fFvU6/A+qUMfB784FuX/wBoilS3lZs3HHLazr9a12m9xivVs+9Kd7l+5xi5VqtQf9ZyF6EjGIeAFc4BFpADx2uvL7HP5kZ2WLGky/un1w=,iv:9ZtTU/iPhOX30uSbx7h3IMUcnCh127lE18Z3gkiydzo=,tag:DzHPBeKl9C28shR6c6t6mA==,type:str]
MAUTRIX_TELEGRAM_TELEGRAM_BOT_TOKEN=ENC[AES256_GCM,data:Gurr78m30j5bhutgJxGCZL4EC5Il0dOCiKnqTG+JskULiwn+82ejo4W+iygvkA==,iv:0DmEq8HmS3S1pKHb47gsZ6/m2Gr2jP6dlw3ytDPfRhE=,tag:8QmMUgv6KigJT4jA4caLFQ==,type:str]
sops_age__list_0__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDltTWRrUSAyUGVr\neFhRVERqUy9pRkFNRUVvQ3NMNFlnZEtQVnNhaWZJbzJUUWN4cG1ZCkduU2NJYnIz\nWm9vWHpGS2hPL1ZNdlhHRWJDaGJYOVFucXA3QktLV1VOdDAKLS0tIDROd2dtMm4v\nN1ZETmxkemk5RFNsU3AzTEphYlVKMTVzajFQNytRRGNBUmMKEwwN7MnPNP0ze0XJ\nm7QTQJhnd9QihXpGVYWKneL2Ef2YU1FZGUPOez9syDRepY/tl8jSFo77+aCLJ2/H\nPzM/4Q==\n-----END AGE ENCRYPTED FILE-----\n
sops_age__list_0__map_recipient=ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOEFLUkyeaK8ZPPZdVNEmtx8zvoxi7xqS2Z6oxRBuUPO
sops_age__list_1__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IHJNY1d1ZyA0S0VJ\nTlVpOStxVU1rZ0E2MVVNWmI0d0VxMStSeFJ3dnpONTR3N044dWg0CnZBOFpDbkw3\nWjJ6ZHRQaDNaV2JDNHRYWkdSOVFBSDF5M0kvOExaSnBCeGcKLS0tIGJOSCtHRlNt\ncmpYTmN4dklYWEp1WjR0Uk16VkJjRFNqb2hQNEZHSkdSa1EKpO1hMZr1NTzrEbCr\nycIvP4J3U9X1iTAL2/R98lOhUVPWlu7QN1GWvQIyB3TInTIpKNVV1Q8nkrq8GSFG\n6QHTCA==\n-----END AGE ENCRYPTED FILE-----\n
sops_age__list_1__map_recipient=ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB28jpN+h5euh3NtdN+A+EtqgIatC22e4i1TPTioKire
sops_age__list_2__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFhGYmtrZyBWbk1h\ndVhCL2kyczUvR09YY3lvYXlmeExjdHYvd1dNQktHcUFVeWdYeFQ4CmJQSTVjY1Bq\nLzh1ZnpEWVJvaUZCeU0rMk5UWXBmMmNDMi9xTERlSlIyd1kKLS0tIHJaYlpaQmtE\nd21nQThCTXBVU0RJRnV0OHFTcWZYeSt4eWlmQVVyUWNSdGsKaPXqoSWS87MOHETx\nl7dbIo4maAV+eXbAbEYF2dZzw+Fea5vTrfsg1QQ4YVNGib7o8nvG2vouMyqq6vI3\n37HGfg==\n-----END AGE ENCRYPTED FILE-----\n
sops_age__list_2__map_recipient=ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMb5G/ieEYBOng66YeyttBQLThyM6W//z2POsNyq4Rw/
sops_lastmodified=2025-08-22T02:52:07Z
sops_mac=ENC[AES256_GCM,data:ahjIUwIKPUfqTSl704AekBIVTTe8n0YUbMyVKxFSZb5ZoaQ3KRVgWPWCAn9n/Qwpa1oHWvVcqqbTd+wrxqmkpOgFCfg72ZWdPsSbzg6RGcUVHlg5r2b9DE7Pq+qDtgNBVkmdmlCAY2+mQTepXv8fGbWltu6tzdqOvsOBwfSw694=,iv:OJ2M6X23k5LokCrx4Ekz2a5+hUGV66YNjlFBQZdrkSA=,tag:2xjX3CX45kkpYt+skEgKOw==,type:str]
sops_lastmodified=2026-04-13T07:43:39Z
sops_mac=ENC[AES256_GCM,data:xZVKnXOP27j7fiFaiTQbKDCYKg2ywPfzqY0TSJK6C28MAANXYqTBSvDKBmrw64bNQrf1hcUNV3nqqVGMjCPDg2NkY4bWYPYpGKMKZEQ0WmMeR5Dudlryi2+ga9f9fG9vs0u8YJGJvMnob2EvfpPKI5tPBiCLc8AC5vCVlxrRvTM=,iv:PqI752mqSn7oZV4vwS/t/whRTUG1GTnYwmLP2GOqHdg=,tag:C4cso3fEjmX9jqEFDWrDIQ==,type:str]
sops_unencrypted_suffix=_unencrypted
sops_version=3.10.2
sops_version=3.12.2
+18 -9
View File
@@ -9,6 +9,14 @@ external-controller-cors:
allow-origins:
- ENC[AES256_GCM,data:Ow==,iv:C2R4gooPGj4lranMXP6Uu+nCbGhVk1S37dBKbYgdsRU=,tag:onXhjT4c/qMoayForPKwEQ==,type:str]
allow-private-network: ENC[AES256_GCM,data:mxDrog==,iv:L4hT2zLieK7nQnp5GvdHTsnSkeTz61v77nr281lAcag=,tag:jCQgs+0aDrl7BSZYxI7qUw==,type:bool]
dns:
enable: ENC[AES256_GCM,data:Rp3LZg==,iv:NHk64bGDFmimNmXDk9n9ZqLFVbO8cyWVqivRSDxUowk=,tag:Y5IhMI7n2JtcXfFnEY77PQ==,type:bool]
default-nameserver:
- ENC[AES256_GCM,data:eEwdzhx+ysGj,iv:FZ6vsFPP5dnfcImydU46J8vA9GYbejP3zEXHA6D+6J0=,tag:lmG+OzJwFtBKHraF4PsCjQ==,type:str]
proxy-server-nameserver:
- ENC[AES256_GCM,data:n3PMmscYUm2eXFe3/uNsKPF0rwyQBtGTsA==,iv:FMOP4qohNNqfLIo7U6mk5qxBm0eXVFCbI0KD7kfw1/Y=,tag:N6H/gESlK1Cr5J2T3Mxldg==,type:str]
- ENC[AES256_GCM,data:G5eodgYoIwtWDMnuEg2srdwCJqQi+OAsyPtp4OvT,iv:5maumIhsmc/QE1ey4rufm6Y8G4OqG3qyY0Ybv/24LoI=,tag:heYvV2IVsIMRBEwQwlJlWg==,type:str]
- ENC[AES256_GCM,data:3CbO5pelMlvJxgoawFkEmARs8Xwgw87eKg==,iv:A21aiwBT98NT0VQ2vaepx/F8AG8rWawNWdch+yVDYCM=,tag:OkTMbH5QnXbxf8NQyer8pA==,type:str]
proxies:
- type: ENC[AES256_GCM,data:82CKWRU=,iv:MmoXN4hqcC2BE93Tfex3swEj50XK6jmjLIWAyRs8WRI=,tag:faiVNIHjq0fRMLiiJoWamg==,type:str]
name: ENC[AES256_GCM,data:mLelhl+5dSLY5TIjoTw=,iv:cJtCH/fMib1KapWVQGsRgy5yRCUC5EZq4RdahEb7NyQ=,tag:ree+OgPt6ixLigZVo06dwQ==,type:str]
@@ -32,6 +40,7 @@ proxy-providers:
url: ENC[AES256_GCM,data:aTVsXCfaCkdZes1CW8SJVQFiTZ/KbYky6ei0FKSmeCF8/TbaLIKKR46FX2yQ8682fdcLGcAB8ekblQ==,iv:7OQ69sjVWNyOrPVlA8DWTAbw/LIVzFFm5dK4FBcwvyk=,tag:gLVzTM5PypNLpaIOiPYc/Q==,type:str]
proxy: ENC[AES256_GCM,data:BIEXrZQ=,iv:ZzEEJmLgbOhBTcZEgPfsL0AC72GpydlFTKhJ4+fgTec=,tag:v8URxwAU5wSHD5GPr/sTfw==,type:str]
exclude-filter: ENC[AES256_GCM,data:Uc9L0zm7TWGAgIQq6thwK4evIuYoEJyRJ2M=,iv:CbJp7BcobOfkxyY7/fvaECif57yhPZ1/IuPjLwYUwUQ=,tag:xtGissYFtBX3OVinstWRug==,type:str]
interval: ENC[AES256_GCM,data:fNfSoA==,iv:wYzKqRsdez6gUGQJOgRnqjOzKtNidMKHYNBBrYtPWfk=,tag:woWqs7uC2nSEkvnROTVFRA==,type:int]
proxy-groups:
- name: ENC[AES256_GCM,data:O6LAzFQ=,iv:a+dfdy14adLlYbJQ5wAQLsD5hxuEXKW8Y/erhBVAREE=,tag:79++dpg2E2Mtc8y63nRcHw==,type:str]
type: ENC[AES256_GCM,data:JR3d3D1p,iv:n0u8vayA0PVDM7yvh2pk36S8EeqMnZRN8TZlwNnEC3U=,tag:ZmxXOralviL2xyd8+hN3ZA==,type:str]
@@ -43,8 +52,7 @@ rules:
- ENC[AES256_GCM,data:S6yGMmG4UUUWE04=,iv:FWz0kNu0hhQ+PyIMSxl6NPX/INluS7jAO9loX+E+jlE=,tag:tXK35hMiYDU8X0yl+0PRuQ==,type:str]
sops:
age:
- recipient: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOEFLUkyeaK8ZPPZdVNEmtx8zvoxi7xqS2Z6oxRBuUPO
enc: |
- enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDltTWRrUSA2Zkxs
SGh4Ulp1UklKeDU4M2xtcWZPRGxNUGt4eGVQQ29LcjB2YXJGRVVnClZLSmRra0Qx
@@ -53,8 +61,8 @@ sops:
sF/MYEjihktzyngzTLyuwHYYb1xqTbpmjFNzJfbW7+LJJSPQ9cu6W7DcZGIsSe0e
VNycmg==
-----END AGE ENCRYPTED FILE-----
- recipient: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB28jpN+h5euh3NtdN+A+EtqgIatC22e4i1TPTioKire
enc: |
recipient: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOEFLUkyeaK8ZPPZdVNEmtx8zvoxi7xqS2Z6oxRBuUPO
- enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IHJNY1d1ZyBXVDk0
bjZhMnRabGVLSHorWmRhd0NjTVF2VTZQVzZSeEkzK3c5WDBoM0FVCjB3cTB6NTYy
@@ -63,8 +71,8 @@ sops:
dQxXWnexmkLryDtddH1sdCdQh8e9D1IJFjuOD8JzsyWToWFuo01Cw27VLWGAGnFD
GZpp+A==
-----END AGE ENCRYPTED FILE-----
- recipient: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMb5G/ieEYBOng66YeyttBQLThyM6W//z2POsNyq4Rw/
enc: |
recipient: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB28jpN+h5euh3NtdN+A+EtqgIatC22e4i1TPTioKire
- enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFhGYmtrZyBzVFdr
TTNiK1VIRUk4N2l6TDcyMmw5U3ZRMzR2QlMrcy9XL1RLOCtzNUdnCnkvRmdmZ2gz
@@ -73,7 +81,8 @@ sops:
FY9SvbPWXVTcJiLwjpcD8tSMdqcTHTJXcLAWSCjyFF91ihBUanQ7TcdXvZTGfdY0
pOoJmg==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2026-02-11T03:50:06Z"
mac: ENC[AES256_GCM,data:SqQbTjyvC7ev2egnq9swpQcLjVW1yZ0Yiv6DzNTupUVkl8yP4L6pGJ9P0EiuX/JFPFhAv+x61uudGNUUEu2pPdgHO80glBriATM54o7KILVkrm5TYQVZbD9YsAQsmPw3etVeaMk1a6dgIExW8+DG+KLq/qI/fJk1K0mWv9RR940=,iv:fwqW6E9vVFcLVm4mdI/zZlNeq55yz2AyKKvvx9D1nFA=,tag:qoyhpooNb/taN64s926nRw==,type:str]
recipient: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMb5G/ieEYBOng66YeyttBQLThyM6W//z2POsNyq4Rw/
lastmodified: "2026-06-13T04:02:11Z"
mac: ENC[AES256_GCM,data:VWXa9HdGyPBkLQH5lgqioYbd3VxvL7PjuwiHrX353W+G4Lu/VaMHAz9AFN495cLyCm1dB4VwC773JmLNYKbCzHswQr4tpkp7AlIhvCbt+S0L5ZXLxOlVMd0vONGxQOQHhxQnRONXg9K2i7rTfTjGBdY1o/alswfsNrhaL7g/+OY=,iv:Z3MNOcTU9AQ8yEQgYxXKmv+09cXbF1RalrNXqJYTGUs=,tag:K1kps0EPAKYbQradY02yOQ==,type:str]
unencrypted_suffix: _unencrypted
version: 3.11.0
version: 3.13.1
-12
View File
@@ -1,12 +0,0 @@
MINIO_ROOT_USER=ENC[AES256_GCM,data:sBnNpnA=,iv:Z2K8Cg/4DW+MxcKIFVMRWlFj2/qqFLCDnzJF6Uq8eLE=,tag:Y+A/FZm/3k35+bNgl89xPQ==,type:str]
MINIO_ROOT_PASSWORD=ENC[AES256_GCM,data:sgYwUxp2Ao6nlUJ8RE7V9Bz1ZG4=,iv:LJJg62vCiguOp8aHCSYOTMtW3vjvXy+RnwghKJmaTR4=,tag:TnyxLzshfe53e2vav1QblQ==,type:str]
sops_age__list_0__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDltTWRrUSA3SWtI\nTHVINjFPbkRMa0ZhNkxYRjBHQm5xcERGUjRJT0NsRk1kSWViNEhjClk0UlhvL2N4\nTERoQXBMSENUTEF2U2ZBRzI0QnM2dnFuVlVaVWJZRVNGL0UKLS0tIGkwVW1xc2lF\nUHFCekRuMDEwNW1jWmFLT3BUeS8rQ2FLSnBoamRjc045UzQKfaFKjKVUX15FN6MO\nti9ZpA7+uJpt04cblGutAEdttXdLRbiJe67nJCOkCC8U7czP1X1G2Yi1IeVxqrx+\ngdBDaQ==\n-----END AGE ENCRYPTED FILE-----\n
sops_age__list_0__map_recipient=ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOEFLUkyeaK8ZPPZdVNEmtx8zvoxi7xqS2Z6oxRBuUPO
sops_age__list_1__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IHJNY1d1ZyB5RGM1\nWndtcTVNaHdqakw1NThLTFZFRjdkaERiNXVIVkdxRDdiWTZZcFVjCkd5QWFBUFVt\nOWJucThyWVlhZjNvZnVHTTYzYlRjMFRiMFBrTXp3ZjJXSkUKLS0tIE41RUFOZ0Vx\nMWpkcWc0Rk11bTlaKzlmdVBteTRaVHlkTkpiS2d1YzF6Z28KT/QaHJyhhd9g77vo\n7XwkaHN8CJq8IxwMId7rJuAKi56zTXOoDfBlIYwssVN4FRdCSF4HzIR8ztBJ/MgH\nJIafKA==\n-----END AGE ENCRYPTED FILE-----\n
sops_age__list_1__map_recipient=ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB28jpN+h5euh3NtdN+A+EtqgIatC22e4i1TPTioKire
sops_age__list_2__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFhGYmtrZyBic292\naStPcmRoeko3ei81THdDay9iUUUycVpxbmUwNmJhNW55SG0rbkVrCngxS0YrSzNF\nMlhpcHU1OGJBOThiZHdYZWZ4YjhicGViL1pzZElUdnhWNXMKLS0tIHlVRnhsUEhy\nV3JoRjM0SGl2dGdaWkIxNGJLS29CVXhTcGd3bm45NDBpRlUKmp9EuXD/iU7yxkFs\nLDk/NN1VvLKSU3RqtuAxbXPIzizNCxaBs/1MQtLIxRkEQvOno+MNyN7JHLFmb+lQ\nmwqPBA==\n-----END AGE ENCRYPTED FILE-----\n
sops_age__list_2__map_recipient=ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMb5G/ieEYBOng66YeyttBQLThyM6W//z2POsNyq4Rw/
sops_lastmodified=2025-03-09T02:24:31Z
sops_mac=ENC[AES256_GCM,data:ium37/C2+zybZDnSlhr6RmB3RiGmjVx4BbHXsfdZ6T+5/DFtkvduhuu0QxLReVBIZ/yYJgttTJq4wIqbUWMvsy2OafCB2piqISe0FAk2KfcM8kqfKFbLFghjkn6Nu1l331MKt/PMLy47ilS5i0Sh3QyD28/pe/tw4vpF3Vz8VjQ=,iv:vLoax3u4RCsisoSUIxy0EA+d2P/WfcPxfXM27QqmVpU=,tag:oCiXH1E9a9NBNbUikNvuBg==,type:str]
sops_unencrypted_suffix=_unencrypted
sops_version=3.9.4
+2
View File
@@ -1,3 +1,5 @@
#:schema https://raw.githubusercontent.com/crate-ci/typos/refs/heads/master/config.schema.json
[files]
extend-exclude = [
"secrets"