comparing df8de94c2deb0ac37c4209a36badb1824b5e13dc and main on pyrox.dev/nix

+2 -1

.envrc

···

       4
       4
        
       

     

       5
       5
        
       export NH_NOM=1

     

       6
       6
        
       export NH_LOG=nh=info

     

       7
       7
       -
       export NH_FLAKE=$(pwd)

     

       7
       7
       +
       NH_FLAKE=$(pwd)

     

       8
       8
       +
       export NH_FLAKE

     

       8
       9
        
       

     

       9
       10
        
       use flake . --accept-flake-config

+31

.nvim.lua

···

       1
       1
       +
       local nvim_lsp = require("lspconfig")

     

       2
       2
       +
       nvim_lsp.nixd.setup({

     

       3
       3
       +
         cmd = { "nixd" },

     

       4
       4
       +
         settings = {

     

       5
       5
       +
           nixd = {

     

       6
       6
       +
             nixpkgs = {

     

       7
       7
       +
               expr = "import <nixpkgs> { }",

     

       8
       8
       +
             },

     

       9
       9
       +
             formatting = {

     

       10
       10
       +
               command = { "treefmt" },

     

       11
       11
       +
             },

     

       12
       12
       +
             options = {

     

       13
       13
       +
               nixos = {

     

       14
       14
       +
                 expr = "(builtins.getFlake (builtins.toString ./.)).nixosConfigurations.zaphod.options",

     

       15
       15
       +
               },

     

       16
       16
       +
               home_manager = {

     

       17
       17
       +
                 expr = "(builtins.getFlake (builtins.toString ./.)).nixosConfigurations.zaphod.options.home-manager.users.type.getSubOptions []",

     

       18
       18
       +
               },

     

       19
       19
       +
               flake_parts = {

     

       20
       20
       +
                 expr = "(builtins.getFlake (builtins.toString ./.)).debug.options",

     

       21
       21
       +
               },

     

       22
       22
       +
               flake_parts_perSystem = {

     

       23
       23
       +
                 expr = "(builtins.getFlake (builtins.toString ./.)).currentSystem.options",

     

       24
       24
       +
               },

     

       25
       25
       +
               my_modules = {

     

       26
       26
       +
                 exper = "(pkgs.lib.evalModules { modules = (builtins.getFlake (builtins.toString ./.)).nixosModules; }).options",

     

       27
       27
       +
               },

     

       28
       28
       +
             },

     

       29
       29
       +
           },

     

       30
       30
       +
         },

     

       31
       31
       +
       })

.shellcheckrc

···

       1
       1
       +
       disable=SC2148

+4 -3

Justfile

···

       2
       2
        
       alias s := switch

     

       3
       3
        
       

     

       4
       4
        
       build:

     

       5
       5
       -
         nixos-rebuild-ng build --flake . --accept-flake-config --verbose --show-trace \

     

       6
       6
       -
         && nvd diff /run/current-system result

     

       5
       5
       +
           nixos-rebuild-ng build --flake . --accept-flake-config --verbose --show-trace \

     

       6
       6
       +
             --max-jobs 3 --cores 6 \

     

       7
       7
       +
           && nvd diff /run/current-system result

     

       7
       8
        
       

     

       8
       9
        
       switch:

     

       9
       9
       -
         nixos-rebuild-ng switch --flake . --accept-flake-config --verbose --show-trace --sudo

     

       10
       10
       +
           nixos-rebuild-ng switch --flake . --accept-flake-config --verbose --show-trace --sudo

+30 -18

README.md

···

       1
       1
        
       # PyroConf, a custom Nix config

     

       2
       2
        
       

     

       3
       3
        
       ## No Place Like ~

     

       4
       4
       -
       This is PyroNet's (relatively) production-grade NixOS config repo. It contains configurations for 3 different machines, as well as `home-manager` configurations.

     

       5
       4
        
       

     

       6
       6
       -
       I try to keep the configuration organized. All home-manager related items go in `/home`, host configurations go in `/hosts`, and custom packages are in `/pkgs`, among other folders.

     

       5
       5
       +
       This is PyroNet's (relatively) production-grade NixOS config repo. It contains configurations for 3 different machines,

     

       6
       6
       +
       as well as `home-manager` configurations.

     

       7
       7
        
       

     

       8
       8
       -
       My machines serve production infra for *.pyrox.dev domains. There are a few exceptions:

     

       9
       9
       -
       * [My blog](https://blog.pyrox.dev), and the [root domain](https://pyrox.dev) which are served by [OMG.LOL](https://omg.lol).

     

       10
       10
       -
       I highly recommend their services, as you get a great domain name at a company that cares about you. If you do sign up, consider using [my referral link](https://omg.lol?refer=py), as I get 3 months of service credit if you sign up through it.

     

       8
       8
       +
       I try to keep the configuration organized. All home-manager related items go in `/home`, host configurations go in

     

       9
       9
       +
       `/hosts`, and custom packages are in `/pkgs`, among other folders.

     

       10
       10
       +
       

     

       11
       11
       +
       My machines serve production infra for \*.pyrox.dev domains. There are a few exceptions:

     

       12
       12
       +
       

     

       13
       13
       +
       - [My blog](https://blog.pyrox.dev), and the [root domain](https://pyrox.dev) which are served by

     

       14
       14
       +
         [OMG.LOL](https://omg.lol). I highly recommend their services, as you get a great domain name at a company that cares

     

       15
       15
       +
         about you. If you do sign up, consider using [my referral link](https://omg.lol?refer=py), as I get 3 months of

     

       16
       16
       +
         service credit if you sign up through it.

     

       11
       17
        
       

     

       12
       18
        
       There are some services I run that many homelabs do not. They are:

     

       13
       13
       -
       * Authoritative DNS for my domains, run on `prefect`.

     

       14
       14
       -
       * A Tailscale tunnel from `marvin` to `prefect` which allows me to run services on `marvin` while having them be externally accessible.

     

       15
       15
       -
       * Email services for my domains, also run on `prefect`, with all email data backed up hourly to `marvin`, ensuring data reliability.

     

       16
       16
       -
       * Connections to the [DN42](https://dn42.us) network, run on `prefect`.

     

       19
       19
       +
       

     

       20
       20
       +
       - Authoritative DNS for my domains, run on `prefect`.

     

       21
       21
       +
       - A Tailscale tunnel from `marvin` to `prefect` which allows me to run services on `marvin` while having them be

     

       22
       22
       +
         externally accessible.

     

       23
       23
       +
       - Email services for my domains, also run on `prefect`, with all email data backed up hourly to `marvin`, ensuring data

     

       24
       24
       +
         reliability.

     

       25
       25
       +
       - Connections to the [DN42](https://dn42.us) network, run on `prefect`.

     

       17
       26
        
       

     

       18
       27
        
       I also run many typical homelab services, such as:

     

       19
       19
       -
       * [Vaultwarden](https://github.com/danigarcia/vaultwarden) for passwords

     

       20
       20
       -
       * [Jellyfin](https://jellyfin.org) for media

     

       21
       21
       -
       * [Authentik](https://goauthentik.io) for central auth

     

       22
       22
       -
       * And many more

     

       28
       28
       +
       

     

       29
       29
       +
       - [Vaultwarden](https://github.com/danigarcia/vaultwarden) for passwords

     

       30
       30
       +
       - [Jellyfin](https://jellyfin.org) for media

     

       31
       31
       +
       - [Authentik](https://goauthentik.io) for central auth

     

       32
       32
       +
       - And many more

     

       23
       33
        
       

     

       24
       34
        
       # Contact

     

       25
       25
       -
       If you have any questions about any of the services I run, or would like to reach out, my contact info is on my profile [here](https://pyrox.dev)

     

       35
       35
       +
       

     

       36
       36
       +
       If you have any questions about any of the services I run, or would like to reach out, my contact info is on my profile

     

       37
       37
       +
       [here](https://pyrox.dev)

     

       26
       38
        
       

     

       27
       39
        
       # License

     

       28
       28
       -
       Copyright (c) 2023 Pyrox and PyroNet. All rights reserved.

     

       29
       29
       -
       This Source Code Form is subject to the terms of the Mozilla Public

     

       30
       30
       -
       License, v. 2.0. If a copy of the MPL was not distributed with this

     

       31
       31
       -
       file, You can obtain one at <http://mozilla.org/MPL/2.0/>.

     

       40
       40
       +
       

     

       41
       41
       +
       Copyright (c) 2023 Pyrox and PyroNet. All rights reserved. This Source Code Form is subject to the terms of the Mozilla

     

       42
       42
       +
       Public License, v. 2.0. If a copy of the MPL was not distributed with this file, You can obtain one at

     

       43
       43
       +
       <http://mozilla.org/MPL/2.0/>.

-2

TODO.md

···

       18
       18
        
       - [ ] Move all Docker containers to using native versions of databases, redis, etc.

     

       19
       19
        
         - Ensures higher performance and reduces the number of running containers.

     

       20
       20
        
         - https://github.com/felschr/nixos-config/blob/main/services/immich.nix for an example of how to do it

     

       21
       21
       -
       - [ ] Add Archivebox service(needs custom module)

     

       22
       22
       -
       - [ ] Add Immich service

     

       23
       21
        
       

     

       24
       22
        
       ## Zaphod

     

       25
       23

+7 -3

devShells/default/default.nix

···

       4
       4
        
       }:

     

       5
       5
        
       pkgs.mkShellNoCC {

     

       6
       6
        
         packages = [

     

       7
       7
       +
           # keep-sorted start

     

       7
       8
        
           pkgs.deadnix

     

       8
       9
        
           pkgs.just

     

       9
       10
        
           pkgs.nil

     

       11
       11
       +
           pkgs.nix-output-monitor

     

       10
       12
        
           pkgs.nix-tree

     

       13
       13
       +
           pkgs.nix-update

     

       11
       14
        
           pkgs.nixd

     

       12
       12
       -
           pkgs.nix-output-monitor

     

       13
       15
        
           pkgs.nixfmt-rfc-style

     

       14
       14
       -
           pkgs.statix

     

       16
       16
       +
           pkgs.nixos-rebuild-ng

     

       15
       17
        
           pkgs.nvd

     

       16
       16
       -
           pkgs.nixos-rebuild-ng

     

       18
       18
       +
           pkgs.statix

     

       19
       19
       +
           pkgs.tokei

     

       20
       20
       +
           # keep-sorted endd

     

       17
       21
        
         ];

     

       18
       22
        
       }

+1 -4

devShells/default.nix

···

       1
       1
       -
       {

     

       2
       2
       -
         ...

     

       3
       3
       -
       }:

     

       4
       4
       -
       {

     

       1
       1
       +
       _: {

     

       5
       2
        
         perSystem =

     

       6
       3
        
           { pkgs, ... }:

     

       7
       4
        
           {

+170 -77

flake.lock

···

       1
       1
        
       {

     

       2
       2
        
         "nodes": {

     

       3
       3
       +
           "actor-typeahead-src": {

     

       4
       4
       +
             "flake": false,

     

       5
       5
       +
             "locked": {

     

       6
       6
       +
               "lastModified": 1762835797,

     

       7
       7
       +
               "narHash": "sha256-heizoWUKDdar6ymfZTnj3ytcEv/L4d4fzSmtr0HlXsQ=",

     

       8
       8
       +
               "ref": "refs/heads/main",

     

       9
       9
       +
               "rev": "677fe7f743050a4e7f09d4a6f87bbf1325a06f6b",

     

       10
       10
       +
               "revCount": 6,

     

       11
       11
       +
               "type": "git",

     

       12
       12
       +
               "url": "https://tangled.org/@jakelazaroff.com/actor-typeahead"

     

       13
       13
       +
             },

     

       14
       14
       +
             "original": {

     

       15
       15
       +
               "type": "git",

     

       16
       16
       +
               "url": "https://tangled.org/@jakelazaroff.com/actor-typeahead"

     

       17
       17
       +
             }

     

       18
       18
       +
           },

     

       3
       19
        
           "agenix": {

     

       4
       20
        
             "inputs": {

     

       5
       21
        
               "darwin": "darwin",

     
···

       25
       41
        
               "type": "github"

     

       26
       42
        
             }

     

       27
       43
        
           },

     

       44
       44
       +
           "bird": {

     

       45
       45
       +
             "inputs": {

     

       46
       46
       +
               "flake-utils": "flake-utils",

     

       47
       47
       +
               "nixpkgs": [

     

       48
       48
       +
                 "dn42",

     

       49
       49
       +
                 "nixpkgs"

     

       50
       50
       +
               ]

     

       51
       51
       +
             },

     

       52
       52
       +
             "locked": {

     

       53
       53
       +
               "lastModified": 1757884119,

     

       54
       54
       +
               "narHash": "sha256-RF0Em7PjDRaQ5cBFgc3fL22qgDVbv2HoVW1TDRaaSNo=",

     

       55
       55
       +
               "owner": "NuschtOS",

     

       56
       56
       +
               "repo": "bird.nix",

     

       57
       57
       +
               "rev": "f8d18c2c8eebd477987001a9c0af50a9ca7909e5",

     

       58
       58
       +
               "type": "github"

     

       59
       59
       +
             },

     

       60
       60
       +
             "original": {

     

       61
       61
       +
               "owner": "NuschtOS",

     

       62
       62
       +
               "repo": "bird.nix",

     

       63
       63
       +
               "type": "github"

     

       64
       64
       +
             }

     

       65
       65
       +
           },

     

       28
       66
        
           "buildbot-nix": {

     

       29
       67
        
             "inputs": {

     

       30
       68
        
               "flake-parts": [

     
···

       37
       75
        
               "treefmt-nix": []

     

       38
       76
        
             },

     

       39
       77
        
             "locked": {

     

       40
       40
       -
               "lastModified": 1761641036,

     

       41
       41
       -
               "narHash": "sha256-WyoAA5qBHimmWj0tuJMnkIq4o8dB01st6smx3ZzI/L0=",

     

       78
       78
       +
               "lastModified": 1763946641,

     

       79
       79
       +
               "narHash": "sha256-kPP7k2b+Dkd91yJO01y3l1F0t+Mqvv8+FrPfjcCwszg=",

     

       42
       80
        
               "owner": "nix-community",

     

       43
       81
        
               "repo": "buildbot-nix",

     

       44
       44
       -
               "rev": "3cd0114c633815095fde7a3126e1dbd6ad2e673f",

     

       82
       82
       +
               "rev": "cd32d1c420320383bfcc80c1b0b402b6a7eccc23",

     

       45
       83
        
               "type": "github"

     

       46
       84
        
             },

     

       47
       85
        
             "original": {

     
···

       61
       99
        
               ]

     

       62
       100
        
             },

     

       63
       101
        
             "locked": {

     

       64
       64
       -
               "lastModified": 1762651107,

     

       65
       65
       -
               "narHash": "sha256-V++8JREoP1TC6ROYByMAKx/cSyxza0tp1tUNOpq5Z4k=",

     

       102
       102
       +
               "lastModified": 1764466211,

     

       103
       103
       +
               "narHash": "sha256-rBK+usqfAP9ZuEthw9wMCwTKQgKUMmziuzrrkpDZdzY=",

     

       66
       104
        
               "owner": "caelestia-dots",

     

       67
       105
        
               "repo": "shell",

     

       68
       68
       -
               "rev": "c0ea060ffecd3f38233652556d3085d094082400",

     

       106
       106
       +
               "rev": "40813e520582c5df11f6d4c870a31900fe171cce",

     

       69
       107
        
               "type": "github"

     

       70
       108
        
             },

     

       71
       109
        
             "original": {

     
···

       85
       123
        
               ]

     

       86
       124
        
             },

     

       87
       125
        
             "locked": {

     

       88
       88
       -
               "lastModified": 1762480719,

     

       89
       89
       -
               "narHash": "sha256-TjTMNmndJJIxP/N6owC/CoAPiRuM99fNaQbZqHDtwLw=",

     

       126
       126
       +
               "lastModified": 1764381410,

     

       127
       127
       +
               "narHash": "sha256-WR/oQQjveFqQxo8oHngZuOVgBQINDgPe+lCXLeNhAAg=",

     

       90
       128
        
               "owner": "caelestia-dots",

     

       91
       129
        
               "repo": "cli",

     

       92
       92
       -
               "rev": "9323fbf1b497204e17dff103cf412daf04a5c723",

     

       130
       130
       +
               "rev": "ed12d4cb82600872a82feb577711be1148c7af35",

     

       93
       131
        
               "type": "github"

     

       94
       132
        
             },

     

       95
       133
        
             "original": {

     
···

       103
       141
        
               "nixpkgs": "nixpkgs"

     

       104
       142
        
             },

     

       105
       143
        
             "locked": {

     

       106
       106
       -
               "lastModified": 1762510976,

     

       107
       107
       -
               "narHash": "sha256-KGoSj8qMOOPaNE48RTtuNBbqOvKLTeklnRHWWvE/TXo=",

     

       144
       144
       +
               "lastModified": 1764325801,

     

       145
       145
       +
               "narHash": "sha256-LQ7tsrXs1wuB6KBwUctL3JlUsG/FWI2pCI6NkoO52dk=",

     

       108
       146
        
               "owner": "catppuccin",

     

       109
       147
        
               "repo": "nix",

     

       110
       110
       -
               "rev": "728cb0a667ce37bb0c68557dba819c7fb54ff1c8",

     

       148
       148
       +
               "rev": "a696fed6b9b6aa89ef495842cdca3fc2a7cef0de",

     

       111
       149
        
               "type": "github"

     

       112
       150
        
             },

     

       113
       151
        
             "original": {

     
···

       162
       200
        
           "dms": {

     

       163
       201
        
             "inputs": {

     

       164
       202
        
               "dgop": "dgop",

     

       165
       165
       -
               "dms-cli": "dms-cli",

     

       166
       203
        
               "nixpkgs": [

     

       167
       204
        
                 "nixpkgs"

     

       168
       205
        
               ]

     

       169
       206
        
             },

     

       170
       207
        
             "locked": {

     

       171
       171
       -
               "lastModified": 1762714442,

     

       172
       172
       -
               "narHash": "sha256-ptdW/V1X9td4Ym3ZO6NzXHU55nKzogQI1CUbqVP1PwU=",

     

       208
       208
       +
               "lastModified": 1764553800,

     

       209
       209
       +
               "narHash": "sha256-kHlx3E3K2UNWI1Hpbyl5zieoOVevZfwz8P/OcyViDHY=",

     

       173
       210
        
               "owner": "AvengeMedia",

     

       174
       211
        
               "repo": "DankMaterialShell",

     

       175
       175
       -
               "rev": "0197961175ba8e4ed56f90a9a2a6d35f87a2f51a",

     

       212
       212
       +
               "rev": "7959a795753d9f646cfb9e21cfb778adf7e5c933",

     

       176
       213
        
               "type": "github"

     

       177
       214
        
             },

     

       178
       215
        
             "original": {

     
···

       181
       218
        
               "type": "github"

     

       182
       219
        
             }

     

       183
       220
        
           },

     

       184
       184
       -
           "dms-cli": {

     

       185
       185
       -
             "inputs": {

     

       186
       186
       -
               "nixpkgs": [

     

       187
       187
       -
                 "dms",

     

       188
       188
       -
                 "nixpkgs"

     

       189
       189
       -
               ]

     

       190
       190
       -
             },

     

       191
       191
       -
             "locked": {

     

       192
       192
       -
               "lastModified": 1762491516,

     

       193
       193
       -
               "narHash": "sha256-oGLH5Gje/p2Hc1kO3m8P5eAZ7JldBI30EmwzEET4cNU=",

     

       194
       194
       -
               "owner": "AvengeMedia",

     

       195
       195
       -
               "repo": "danklinux",

     

       196
       196
       -
               "rev": "050cf28a2963a7698ed4759736fe5fe77eee7cc2",

     

       197
       197
       -
               "type": "github"

     

       198
       198
       -
             },

     

       199
       199
       -
             "original": {

     

       200
       200
       -
               "owner": "AvengeMedia",

     

       201
       201
       -
               "repo": "danklinux",

     

       202
       202
       -
               "type": "github"

     

       203
       203
       -
             }

     

       204
       204
       -
           },

     

       205
       221
        
           "dms-plugins": {

     

       206
       222
        
             "flake": false,

     

       207
       223
        
             "locked": {

     

       208
       208
       -
               "lastModified": 1762624195,

     

       209
       209
       -
               "narHash": "sha256-zZigP1wet5mwZiXcAuzbWo4gPhPOOYLvG0DOOaWAJgQ=",

     

       224
       224
       +
               "lastModified": 1764085668,

     

       225
       225
       +
               "narHash": "sha256-KtOu12NVLdyho9T4EXJaReNhFO98nAXpemkb6yeOvwE=",

     

       210
       226
        
               "owner": "AvengeMedia",

     

       211
       227
        
               "repo": "dms-plugins",

     

       212
       212
       -
               "rev": "759584dfe660d2f8af0c25f91884e0eb397d2424",

     

       228
       228
       +
               "rev": "3bc66f186a8184cb8eca5fdfc0699cb4a828cd90",

     

       213
       229
        
               "type": "github"

     

       214
       230
        
             },

     

       215
       231
        
             "original": {

     
···

       250
       266
        
               "type": "github"

     

       251
       267
        
             }

     

       252
       268
        
           },

     

       269
       269
       +
           "dn42": {

     

       270
       270
       +
             "inputs": {

     

       271
       271
       +
               "bird": "bird",

     

       272
       272
       +
               "nixpkgs": [

     

       273
       273
       +
                 "nixpkgs"

     

       274
       274
       +
               ]

     

       275
       275
       +
             },

     

       276
       276
       +
             "locked": {

     

       277
       277
       +
               "lastModified": 1764646680,

     

       278
       278
       +
               "narHash": "sha256-HEVzGL23bev8CuZXbLgDZRWy+mD/qPZhRBpjag7G/dU=",

     

       279
       279
       +
               "owner": "pyrox0",

     

       280
       280
       +
               "repo": "dn43.nix",

     

       281
       281
       +
               "rev": "c8b68602cf1ef696e6a9f9c25e8c177d4101331b",

     

       282
       282
       +
               "type": "github"

     

       283
       283
       +
             },

     

       284
       284
       +
             "original": {

     

       285
       285
       +
               "owner": "pyrox0",

     

       286
       286
       +
               "repo": "dn43.nix",

     

       287
       287
       +
               "type": "github"

     

       288
       288
       +
             }

     

       289
       289
       +
           },

     

       253
       290
        
           "easy-hosts": {

     

       254
       291
        
             "locked": {

     

       255
       292
        
               "lastModified": 1755470564,

     
···

       299
       336
        
               "nixpkgs-lib": "nixpkgs-lib"

     

       300
       337
        
             },

     

       301
       338
        
             "locked": {

     

       302
       302
       -
               "lastModified": 1762440070,

     

       303
       303
       -
               "narHash": "sha256-xxdepIcb39UJ94+YydGP221rjnpkDZUlykKuF54PsqI=",

     

       339
       339
       +
               "lastModified": 1763759067,

     

       340
       340
       +
               "narHash": "sha256-LlLt2Jo/gMNYAwOgdRQBrsRoOz7BPRkzvNaI/fzXi2Q=",

     

       304
       341
        
               "owner": "hercules-ci",

     

       305
       342
        
               "repo": "flake-parts",

     

       306
       306
       -
               "rev": "26d05891e14c88eb4a5d5bee659c0db5afb609d8",

     

       343
       343
       +
               "rev": "2cccadc7357c0ba201788ae99c4dfa90728ef5e0",

     

       307
       344
        
               "type": "github"

     

       308
       345
        
             },

     

       309
       346
        
             "original": {

     
···

       332
       369
        
           },

     

       333
       370
        
           "flake-utils_2": {

     

       334
       371
        
             "inputs": {

     

       335
       335
       -
               "systems": "systems_4"

     

       372
       372
       +
               "systems": "systems_3"

     

       373
       373
       +
             },

     

       374
       374
       +
             "locked": {

     

       375
       375
       +
               "lastModified": 1731533236,

     

       376
       376
       +
               "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",

     

       377
       377
       +
               "owner": "numtide",

     

       378
       378
       +
               "repo": "flake-utils",

     

       379
       379
       +
               "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",

     

       380
       380
       +
               "type": "github"

     

       381
       381
       +
             },

     

       382
       382
       +
             "original": {

     

       383
       383
       +
               "owner": "numtide",

     

       384
       384
       +
               "repo": "flake-utils",

     

       385
       385
       +
               "type": "github"

     

       386
       386
       +
             }

     

       387
       387
       +
           },

     

       388
       388
       +
           "flake-utils_3": {

     

       389
       389
       +
             "inputs": {

     

       390
       390
       +
               "systems": "systems_5"

     

       336
       391
        
             },

     

       337
       392
        
             "locked": {

     

       338
       393
        
               "lastModified": 1694529238,

     
···

       353
       408
        
               "nixpkgs": [

     

       354
       409
        
                 "nixpkgs"

     

       355
       410
        
               ],

     

       356
       356
       -
               "systems": "systems_3"

     

       411
       411
       +
               "systems": "systems_4"

     

       357
       412
        
             },

     

       358
       413
        
             "locked": {

     

       359
       359
       -
               "lastModified": 1760925941,

     

       360
       360
       -
               "narHash": "sha256-M+EJsr6z05heKk6iuh3RWZS+9gAMBwG9IyryACVpOy0=",

     

       414
       414
       +
               "lastModified": 1764170522,

     

       415
       415
       +
               "narHash": "sha256-4c9jCOfkKNRHJLXgOIcVcNSaw/XaiVaqesaLJn86wGA=",

     

       361
       416
        
               "owner": "tailscale",

     

       362
       417
        
               "repo": "golink",

     

       363
       363
       -
               "rev": "42765dea97afa9f9f5ea167fb0df6f5372d78481",

     

       418
       418
       +
               "rev": "6821994de926c565d3ef9fbf3cb0e0fcb780f4be",

     

       364
       419
        
               "type": "github"

     

       365
       420
        
             },

     

       366
       421
        
             "original": {

     
···

       371
       426
        
           },

     

       372
       427
        
           "gomod2nix": {

     

       373
       428
        
             "inputs": {

     

       374
       374
       -
               "flake-utils": "flake-utils_2",

     

       429
       429
       +
               "flake-utils": "flake-utils_3",

     

       375
       430
        
               "nixpkgs": [

     

       376
       431
        
                 "tangled",

     

       377
       432
        
                 "nixpkgs"

     
···

       393
       448
        
           },

     

       394
       449
        
           "hardware": {

     

       395
       450
        
             "locked": {

     

       396
       396
       -
               "lastModified": 1762463231,

     

       397
       397
       -
               "narHash": "sha256-hv1mG5j5PTbnWbtHHomzTus77pIxsc4x8VrMjc7+/YE=",

     

       451
       451
       +
               "lastModified": 1764440730,

     

       452
       452
       +
               "narHash": "sha256-ZlJTNLUKQRANlLDomuRWLBCH5792x+6XUJ4YdFRjtO4=",

     

       398
       453
        
               "owner": "nixos",

     

       399
       454
        
               "repo": "nixos-hardware",

     

       400
       400
       -
               "rev": "52113c4f5cfd1e823001310e56d9c8d0699a6226",

     

       455
       455
       +
               "rev": "9154f4569b6cdfd3c595851a6ba51bfaa472d9f3",

     

       401
       456
        
               "type": "github"

     

       402
       457
        
             },

     

       403
       458
        
             "original": {

     
···

       438
       493
        
               ]

     

       439
       494
        
             },

     

       440
       495
        
             "locked": {

     

       441
       441
       -
               "lastModified": 1762704774,

     

       442
       442
       -
               "narHash": "sha256-iodz4xQbULkHqetbPu5BCSWsVEzZiiNSv0/dzfH4XiE=",

     

       496
       496
       +
               "lastModified": 1764544324,

     

       497
       497
       +
               "narHash": "sha256-GVBGjO7UsmzLrlOJV8NlKSxukHaHencrJqWkCA6FkqI=",

     

       443
       498
        
               "owner": "nix-community",

     

       444
       499
        
               "repo": "home-manager",

     

       445
       445
       -
               "rev": "be4a9233dd3f6104c9b0fdd3d56f953eb519a4c7",

     

       500
       500
       +
               "rev": "e4e25a8c310fa45f2a8339c7972dc43d2845a612",

     

       446
       501
        
               "type": "github"

     

       447
       502
        
             },

     

       448
       503
        
             "original": {

     
···

       557
       612
        
               ]

     

       558
       613
        
             },

     

       559
       614
        
             "locked": {

     

       560
       560
       -
               "lastModified": 1762660502,

     

       561
       561
       -
               "narHash": "sha256-C9F1C31ys0V7mnp4EcDy7L1cLZw/sCTEXqqTtGnvu08=",

     

       615
       615
       +
               "lastModified": 1764475780,

     

       616
       616
       +
               "narHash": "sha256-77jL5H5x51ksLiOUDjY0ZK8e2T4ZXLhj3ap8ETvknWI=",

     

       562
       617
        
               "owner": "Mic92",

     

       563
       618
        
               "repo": "nix-index-database",

     

       564
       564
       -
               "rev": "15c5451c63f4c612874a43846bfe3fa828b03eee",

     

       619
       619
       +
               "rev": "5a3ff8c1a09003f399f43d5742d893c0b1ab8af0",

     

       565
       620
        
               "type": "github"

     

       566
       621
        
             },

     

       567
       622
        
             "original": {

     
···

       572
       627
        
           },

     

       573
       628
        
           "nixpkgs": {

     

       574
       629
        
             "locked": {

     

       575
       575
       -
               "lastModified": 1762111121,

     

       576
       576
       -
               "narHash": "sha256-4vhDuZ7OZaZmKKrnDpxLZZpGIJvAeMtK6FKLJYUtAdw=",

     

       630
       630
       +
               "lastModified": 1763966396,

     

       631
       631
       +
               "narHash": "sha256-6eeL1YPcY1MV3DDStIDIdy/zZCDKgHdkCmsrLJFiZf0=",

     

       577
       632
        
               "owner": "NixOS",

     

       578
       633
        
               "repo": "nixpkgs",

     

       579
       579
       -
               "rev": "b3d51a0365f6695e7dd5cdf3e180604530ed33b4",

     

       634
       634
       +
               "rev": "5ae3b07d8d6527c42f17c876e404993199144b6a",

     

       580
       635
        
               "type": "github"

     

       581
       636
        
             },

     

       582
       637
        
             "original": {

     
···

       603
       658
        
           },

     

       604
       659
        
           "nixpkgs-stalwart-fix": {

     

       605
       660
        
             "locked": {

     

       606
       606
       -
               "lastModified": 1755293787,

     

       607
       607
       -
               "narHash": "sha256-L+msFwg9jXAj4JmDFQF9BIg2kQhgUzexVmDYePfKMW8=",

     

       661
       661
       +
               "lastModified": 1762728499,

     

       662
       662
       +
               "narHash": "sha256-XtT/8ID3gz9RGk8ITBnktmodq5/ZG6tF60XSfuKSmro=",

     

       608
       663
        
               "owner": "pyrox0",

     

       609
       664
        
               "repo": "nixpkgs",

     

       610
       610
       -
               "rev": "52f6d43ca3db097cde5d0bfb30db0af5bdf41103",

     

       665
       665
       +
               "rev": "b5178ff139339638e98a1e5833add22b047f96d0",

     

       611
       666
        
               "type": "github"

     

       612
       667
        
             },

     

       613
       668
        
             "original": {

     
···

       619
       674
        
           },

     

       620
       675
        
           "nixpkgs_2": {

     

       621
       676
        
             "locked": {

     

       622
       622
       -
               "lastModified": 315532800,

     

       623
       623
       -
               "narHash": "sha256-RpDoXu4dMzS4Q3qq3vdlTXbL8ZLn42i5QPD5X0RPqT0=",

     

       624
       624
       -
               "rev": "e1ebeec86b771e9d387dd02d82ffdc77ac753abc",

     

       677
       677
       +
               "lastModified": 1764527385,

     

       678
       678
       +
               "narHash": "sha256-gpwyCnyi2or0InBXe+4I9YeED3Uly3EGH58qvVnchBY=",

     

       679
       679
       +
               "rev": "23258e03aaa49b3a68597e3e50eb0cbce7e42e9d",

     

       625
       680
        
               "type": "tarball",

     

       626
       626
       -
               "url": "https://releases.nixos.org/nixpkgs/nixpkgs-25.11pre890836.e1ebeec86b77/nixexprs.tar.xz"

     

       681
       681
       +
               "url": "https://releases.nixos.org/nixpkgs/nixpkgs-26.05pre904683.23258e03aaa4/nixexprs.tar.xz"

     

       627
       682
        
             },

     

       628
       683
        
             "original": {

     

       629
       684
        
               "type": "tarball",

     
···

       653
       708
        
               ]

     

       654
       709
        
             },

     

       655
       710
        
             "locked": {

     

       656
       656
       -
               "lastModified": 1761897390,

     

       657
       657
       -
               "narHash": "sha256-er4gYrIoThYLjlsOMTysoRfn67d1Gci+ZpqDrtQxrA0=",

     

       711
       711
       +
               "lastModified": 1764482797,

     

       712
       712
       +
               "narHash": "sha256-ynV90KoBrPe38YFlKAHtPFk4Ee3IANUsIFGxRaq7H/s=",

     

       658
       713
        
               "owner": "quickshell-mirror",

     

       659
       714
        
               "repo": "quickshell",

     

       660
       660
       -
               "rev": "fc704e6b5d445899a1565955268c91942a4f263f",

     

       715
       715
       +
               "rev": "d24e8e9736287d01ee73ef9d573d2bc316a62d5c",

     

       661
       716
        
               "type": "github"

     

       662
       717
        
             },

     

       663
       718
        
             "original": {

     
···

       676
       731
        
               "dms-plugins": "dms-plugins",

     

       677
       732
        
               "dms-power-usage": "dms-power-usage",

     

       678
       733
        
               "dms-wp-shuffler": "dms-wp-shuffler",

     

       734
       734
       +
               "dn42": "dn42",

     

       679
       735
        
               "easy-hosts": "easy-hosts",

     

       680
       736
        
               "flake-compat": "flake-compat",

     

       681
       737
        
               "flake-parts": "flake-parts",

     

       682
       682
       -
               "flake-utils": "flake-utils",

     

       738
       738
       +
               "flake-utils": "flake-utils_2",

     

       683
       739
        
               "golink": "golink",

     

       684
       740
        
               "hardware": "hardware",

     

       685
       741
        
               "home-manager": "home-manager",

     
···

       688
       744
        
               "nixpkgs": "nixpkgs_2",

     

       689
       745
        
               "nixpkgs-stalwart-fix": "nixpkgs-stalwart-fix",

     

       690
       746
        
               "quickshell": "quickshell",

     

       691
       691
       -
               "tangled": "tangled"

     

       747
       747
       +
               "tangled": "tangled",

     

       748
       748
       +
               "treefmt-nix": "treefmt-nix"

     

       692
       749
        
             }

     

       693
       750
        
           },

     

       694
       751
        
           "sqlite-lib-src": {

     
···

       764
       821
        
               "type": "github"

     

       765
       822
        
             }

     

       766
       823
        
           },

     

       824
       824
       +
           "systems_5": {

     

       825
       825
       +
             "locked": {

     

       826
       826
       +
               "lastModified": 1681028828,

     

       827
       827
       +
               "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",

     

       828
       828
       +
               "owner": "nix-systems",

     

       829
       829
       +
               "repo": "default",

     

       830
       830
       +
               "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",

     

       831
       831
       +
               "type": "github"

     

       832
       832
       +
             },

     

       833
       833
       +
             "original": {

     

       834
       834
       +
               "owner": "nix-systems",

     

       835
       835
       +
               "repo": "default",

     

       836
       836
       +
               "type": "github"

     

       837
       837
       +
             }

     

       838
       838
       +
           },

     

       767
       839
        
           "tangled": {

     

       768
       840
        
             "inputs": {

     

       841
       841
       +
               "actor-typeahead-src": "actor-typeahead-src",

     

       769
       842
        
               "flake-compat": "flake-compat_2",

     

       770
       843
        
               "gomod2nix": "gomod2nix",

     

       771
       844
        
               "htmx-src": "htmx-src",

     
···

       778
       851
        
               "sqlite-lib-src": "sqlite-lib-src"

     

       779
       852
        
             },

     

       780
       853
        
             "locked": {

     

       781
       781
       -
               "lastModified": 1762522051,

     

       782
       782
       -
               "narHash": "sha256-qDVJ2sEQL0TJbWer6ByhhQrzHE1bZI3U1mmCk0sPZqo=",

     

       854
       854
       +
               "lastModified": 1764494836,

     

       855
       855
       +
               "narHash": "sha256-u1i7aMo0fTQ6WVdOZhG2fo/gEx2Fq8+3URmuqEBZGWI=",

     

       783
       856
        
               "ref": "refs/heads/master",

     

       784
       784
       -
               "rev": "2e5a4cde904d86825cefe5971e68f1bdfb1dd36f",

     

       785
       785
       -
               "revCount": 1614,

     

       857
       857
       +
               "rev": "d37f774fb8c60aa2bd0cb965c9884457d0afb660",

     

       858
       858
       +
               "revCount": 1689,

     

       786
       859
        
               "type": "git",

     

       787
       860
        
               "url": "https://tangled.org/@tangled.org/core"

     

       788
       861
        
             },

     

       789
       862
        
             "original": {

     

       790
       863
        
               "type": "git",

     

       791
       864
        
               "url": "https://tangled.org/@tangled.org/core"

     

       865
       865
       +
             }

     

       866
       866
       +
           },

     

       867
       867
       +
           "treefmt-nix": {

     

       868
       868
       +
             "inputs": {

     

       869
       869
       +
               "nixpkgs": [

     

       870
       870
       +
                 "nixpkgs"

     

       871
       871
       +
               ]

     

       872
       872
       +
             },

     

       873
       873
       +
             "locked": {

     

       874
       874
       +
               "lastModified": 1762938485,

     

       875
       875
       +
               "narHash": "sha256-AlEObg0syDl+Spi4LsZIBrjw+snSVU4T8MOeuZJUJjM=",

     

       876
       876
       +
               "owner": "numtide",

     

       877
       877
       +
               "repo": "treefmt-nix",

     

       878
       878
       +
               "rev": "5b4ee75aeefd1e2d5a1cc43cf6ba65eba75e83e4",

     

       879
       879
       +
               "type": "github"

     

       880
       880
       +
             },

     

       881
       881
       +
             "original": {

     

       882
       882
       +
               "owner": "numtide",

     

       883
       883
       +
               "repo": "treefmt-nix",

     

       884
       884
       +
               "type": "github"

     

       792
       885
        
             }

     

       793
       886
        
           }

     

       794
       887
        
         },

+33 -3

flake.nix

···

       50
       50
        
           ctp = {

     

       51
       51
        
             url = "github:catppuccin/nix";

     

       52
       52
        
           };

     

       53
       53
       +
           dn42 = {

     

       54
       54
       +
             url = "github:pyrox0/dn43.nix";

     

       55
       55
       +
             inputs.nixpkgs.follows = "nixpkgs";

     

       56
       56
       +
           };

     

       53
       57
        
           dms = {

     

       54
       58
        
             url = "github:AvengeMedia/DankMaterialShell";

     

       55
       59
        
             inputs.nixpkgs.follows = "nixpkgs";

     
···

       94
       98
        
           tangled = {

     

       95
       99
        
             url = "git+https://tangled.org/@tangled.org/core";

     

       96
       100
        
           };

     

       101
       101
       +
           treefmt-nix = {

     

       102
       102
       +
             url = "github:numtide/treefmt-nix";

     

       103
       103
       +
             inputs.nixpkgs.follows = "nixpkgs";

     

       104
       104
       +
           };

     

       97
       105
        
         };

     

       98
       106
        
       

     

       99
       107
        
         outputs =

     
···

       108
       116
        
             imports = [

     

       109
       117
        
               inputs.easy-hosts.flakeModule

     

       110
       118
        
               inputs.home-manager.flakeModules.home-manager

     

       111
       111
       -
               ./packages

     

       119
       119
       +
               inputs.treefmt-nix.flakeModule

     

       120
       120
       +
               ./packages.nix

     

       112
       121
        
               ./lib

     

       113
       122
        
               ./overlays

     

       114
       123
        
               ./devShells

     
···

       126
       135
        
             # Per-system stuff

     

       127
       136
        
             perSystem =

     

       128
       137
        
               {

     

       129
       129
       -
                 pkgs,

     

       130
       138
        
                 system,

     

       131
       139
        
                 ...

     

       132
       140
        
               }:

     
···

       141
       149
        
                     allowUnfree = true;

     

       142
       150
        
                   };

     

       143
       151
        
                 };

     

       144
       144
       -
                 formatter = pkgs.nixfmt;

     

       152
       152
       +
                 treefmt = {

     

       153
       153
       +
                   programs = {

     

       154
       154
       +
                     deadnix = {

     

       155
       155
       +
                       enable = true;

     

       156
       156
       +
                       no-underscore = true;

     

       157
       157
       +
                     };

     

       158
       158
       +
                     jsonfmt.enable = true;

     

       159
       159
       +
                     jsonfmt.excludes = [ ".zed/settings.json" ];

     

       160
       160
       +
                     just.enable = true;

     

       161
       161
       +
                     keep-sorted.enable = true;

     

       162
       162
       +
                     mdformat.enable = true;

     

       163
       163
       +
                     mdformat.settings.wrap = 120;

     

       164
       164
       +
                     nixf-diagnose.enable = true;

     

       165
       165
       +
                     nixfmt.enable = true;

     

       166
       166
       +
                     nixfmt.indent = 2;

     

       167
       167
       +
                     nixfmt.width = 120;

     

       168
       168
       +
                     shellcheck.enable = true;

     

       169
       169
       +
                     statix.enable = true;

     

       170
       170
       +
                     stylua.enable = true;

     

       171
       171
       +
                     taplo.enable = true;

     

       172
       172
       +
                     yamlfmt.enable = true;

     

       173
       173
       +
                   };

     

       174
       174
       +
                 };

     

       145
       175
        
               };

     

       146
       176
        
             # Enable debugging for nixd

     

       147
       177
        
             debug = true;

+1 -1

homeModules/profiles/base/default.nix

···

       10
       10
        
       {

     

       11
       11
        
         options.py.profiles.base.enable = lib.mkEnableOption "Base Home Profile";

     

       12
       12
        
         config = lib.mkIf cfg.enable {

     

       13
       13
       -
           home.stateVersion = "25.11";

     

       13
       13
       +
           home.stateVersion = "26.05";

     

       14
       14
        
           home.language = {

     

       15
       15
        
             base = "en_US.utf8";

     

       16
       16
        
           };

+7 -1

homeModules/profiles/cli/rbw-config.json

···

       1
       1
       -
       {"email":"pyrox@pyrox.dev","base_url":"https://bw.pyrox.dev","identity_url":null,"lock_timeout":3600,"pinentry":"pinentry"}

     

       1
       1
       +
       {

     

       2
       2
       +
         "email": "pyrox@pyrox.dev",

     

       3
       3
       +
         "base_url": "https://bw.pyrox.dev",

     

       4
       4
       +
         "identity_url": null,

     

       5
       5
       +
         "lock_timeout": 3600,

     

       6
       6
       +
         "pinentry": "pinentry"

     

       7
       7
       +
       }

+14 -11

homeModules/profiles/desktop/default.nix

···

       6
       6
        
       }:

     

       7
       7
        
       let

     

       8
       8
        
         cfg = config.py.profiles.desktop;

     

       9
       9
       -
         shell = cfg.shell;

     

       9
       9
       +
         inherit (cfg) shell;

     

       10
       10
        
         inherit (lib) mkIf mkDefault mkEnableOption;

     

       11
       11
       +
       

     

       12
       12
       +
         mkShellOption =

     

       13
       13
       +
           name: var:

     

       14
       14
       +
           lib.mkOption {

     

       15
       15
       +
             type = lib.types.bool;

     

       16
       16
       +
             default = if (shell == var) then true else false;

     

       17
       17
       +
             description = "Enable ${name}";

     

       18
       18
       +
             readOnly = true;

     

       19
       19
       +
             visible = false;

     

       20
       20
       +
             internal = true;

     

       21
       21
       +
           };

     

       11
       22
        
       in

     

       12
       23
        
       {

     

       13
       24
        
         options.py.profiles.desktop = {

     
···

       20
       31
        
             default = "caelestia";

     

       21
       32
        
             description = "The desktop shell to use in the graphical environment";

     

       22
       33
        
           };

     

       23
       23
       -
           caelestia = lib.mkOption {

     

       24
       24
       -
             type = lib.types.bool;

     

       25
       25
       -
             default = (if (shell == "caelestia") then true else false);

     

       26
       26
       -
             description = "Enable caelestia shell";

     

       27
       27
       -
           };

     

       28
       28
       -
           dms = lib.mkOption {

     

       29
       29
       -
             type = lib.types.bool;

     

       30
       30
       -
             default = (if (shell == "dms") then true else false);

     

       31
       31
       -
             description = "Enable DMS";

     

       32
       32
       -
           };

     

       34
       34
       +
           caelestia = mkShellOption "Caelestia shell" "caelestia";

     

       35
       35
       +
           dms = mkShellOption "DMS" "dms";

     

       33
       36
        
         };

     

       34
       37
        
         config = mkIf cfg.enable {

     

       35
       38
        
           py.profiles.base.enable = true;

+8 -2

homeModules/programs/caelestia/caelestia-cli.json

···

       21
       21
        
                   "class": "equibop"

     

       22
       22
        
                 }

     

       23
       23
        
               ],

     

       24
       24
       -
               "command": ["equibop"],

     

       24
       24
       +
               "command": [

     

       25
       25
       +
                 "equibop"

     

       26
       26
       +
               ],

     

       25
       27
        
               "move": true

     

       26
       28
        
             }

     

       27
       29
        
           },

     
···

       37
       39
        
                   }

     

       38
       40
        
                 }

     

       39
       41
        
               ],

     

       40
       40
       -
               "command": ["ghostty", "-e", "btop"]

     

       42
       42
       +
               "command": [

     

       43
       43
       +
                 "ghostty",

     

       44
       44
       +
                 "-e",

     

       45
       45
       +
                 "btop"

     

       46
       46
       +
               ]

     

       41
       47
        
             }

     

       42
       48
        
           }

     

       43
       49
        
         }

+62 -16

homeModules/programs/caelestia/caelestia-shell.json

···

       128
       128
        
         },

     

       129
       129
        
         "general": {

     

       130
       130
        
           "apps": {

     

       131
       131
       -
             "audio": ["pwvucontrol"],

     

       132
       132
       -
             "explorer": ["thunar"],

     

       133
       133
       -
             "playback": ["mpv"],

     

       134
       134
       -
             "terminal": ["ghostty"]

     

       131
       131
       +
             "audio": [

     

       132
       132
       +
               "pwvucontrol"

     

       133
       133
       +
             ],

     

       134
       134
       +
             "explorer": [

     

       135
       135
       +
               "thunar"

     

       136
       136
       +
             ],

     

       137
       137
       +
             "playback": [

     

       138
       138
       +
               "mpv"

     

       139
       139
       +
             ],

     

       140
       140
       +
             "terminal": [

     

       141
       141
       +
               "ghostty"

     

       142
       142
       +
             ]

     

       135
       143
        
           },

     

       136
       144
        
           "battery": {

     

       137
       145
        
             "criticalLevel": 3,

     
···

       167
       175
        
           "actionPrefix": ">",

     

       168
       176
        
           "actions": [

     

       169
       177
        
             {

     

       170
       170
       -
               "command": ["autocomplete", "calc"],

     

       178
       178
       +
               "command": [

     

       179
       179
       +
                 "autocomplete",

     

       180
       180
       +
                 "calc"

     

       181
       181
       +
               ],

     

       171
       182
        
               "dangerous": false,

     

       172
       183
        
               "description": "Do simple math equations (powered by Qalc)",

     

       173
       184
        
               "enabled": true,

     
···

       178
       189
        
               "name": "Wallpaper",

     

       179
       190
        
               "icon": "image",

     

       180
       191
        
               "description": "Change the current wallpaper",

     

       181
       181
       -
               "command": ["autocomplete", "wallpaper"],

     

       192
       192
       +
               "command": [

     

       193
       193
       +
                 "autocomplete",

     

       194
       194
       +
                 "wallpaper"

     

       195
       195
       +
               ],

     

       182
       196
        
               "enabled": true,

     

       183
       197
        
               "dangerous": false

     

       184
       198
        
             },

     
···

       186
       200
        
               "name": "Random",

     

       187
       201
        
               "icon": "casino",

     

       188
       202
        
               "description": "Switch to a random wallpaper",

     

       189
       189
       -
               "command": ["caelestia", "wallpaper", "-r"],

     

       203
       203
       +
               "command": [

     

       204
       204
       +
                 "caelestia",

     

       205
       205
       +
                 "wallpaper",

     

       206
       206
       +
                 "-r"

     

       207
       207
       +
               ],

     

       190
       208
        
               "enabled": true,

     

       191
       209
        
               "dangerous": false

     

       192
       210
        
             },

     

       193
       211
        
             {

     

       194
       194
       -
               "command": ["systemctl", "poweroff"],

     

       212
       212
       +
               "command": [

     

       213
       213
       +
                 "systemctl",

     

       214
       214
       +
                 "poweroff"

     

       215
       215
       +
               ],

     

       195
       216
        
               "dangerous": true,

     

       196
       217
        
               "description": "Shutdown the system",

     

       197
       218
        
               "enabled": true,

     
···

       199
       220
        
               "name": "Shutdown"

     

       200
       221
        
             },

     

       201
       222
        
             {

     

       202
       202
       -
               "command": ["systemctl", "reboot"],

     

       223
       223
       +
               "command": [

     

       224
       224
       +
                 "systemctl",

     

       225
       225
       +
                 "reboot"

     

       226
       226
       +
               ],

     

       203
       227
        
               "dangerous": true,

     

       204
       228
        
               "description": "Reboot the system",

     

       205
       229
        
               "enabled": true,

     
···

       207
       231
        
               "name": "Reboot"

     

       208
       232
        
             },

     

       209
       233
        
             {

     

       210
       210
       -
               "command": ["loginctl", "terminate-user", ""],

     

       234
       234
       +
               "command": [

     

       235
       235
       +
                 "loginctl",

     

       236
       236
       +
                 "terminate-user",

     

       237
       237
       +
                 ""

     

       238
       238
       +
               ],

     

       211
       239
        
               "dangerous": true,

     

       212
       240
        
               "description": "Log out of the current session",

     

       213
       241
        
               "enabled": true,

     
···

       215
       243
        
               "name": "Logout"

     

       216
       244
        
             },

     

       217
       245
        
             {

     

       218
       218
       -
               "command": ["loginctl", "lock-session"],

     

       246
       246
       +
               "command": [

     

       247
       247
       +
                 "loginctl",

     

       248
       248
       +
                 "lock-session"

     

       249
       249
       +
               ],

     

       219
       250
        
               "dangerous": false,

     

       220
       251
        
               "description": "Lock the current session",

     

       221
       252
        
               "enabled": true,

     
···

       223
       254
        
               "name": "Lock"

     

       224
       255
        
             },

     

       225
       256
        
             {

     

       226
       226
       -
               "command": ["systemctl", "suspend"],

     

       257
       257
       +
               "command": [

     

       258
       258
       +
                 "systemctl",

     

       259
       259
       +
                 "suspend"

     

       260
       260
       +
               ],

     

       227
       261
        
               "dangerous": false,

     

       228
       262
        
               "description": "Suspend",

     

       229
       263
        
               "enabled": true,

     
···

       287
       321
        
         },

     

       288
       322
        
         "session": {

     

       289
       323
        
           "commands": {

     

       290
       290
       -
             "hibernate": ["systemctl", "suspend"],

     

       291
       291
       -
             "logout": ["loginctl", "terminate-user"],

     

       292
       292
       -
             "reboot": ["systemctl", "reboot"],

     

       293
       293
       -
             "shutdown": ["systemctl", "poweroff"]

     

       324
       324
       +
             "hibernate": [

     

       325
       325
       +
               "systemctl",

     

       326
       326
       +
               "suspend"

     

       327
       327
       +
             ],

     

       328
       328
       +
             "logout": [

     

       329
       329
       +
               "loginctl",

     

       330
       330
       +
               "terminate-user"

     

       331
       331
       +
             ],

     

       332
       332
       +
             "reboot": [

     

       333
       333
       +
               "systemctl",

     

       334
       334
       +
               "reboot"

     

       335
       335
       +
             ],

     

       336
       336
       +
             "shutdown": [

     

       337
       337
       +
               "systemctl",

     

       338
       338
       +
               "poweroff"

     

       339
       339
       +
             ]

     

       294
       340
        
           },

     

       295
       341
        
           "dragThreshold": 30,

     

       296
       342
        
           "enabled": true,

homeModules/programs/default.nix

···

       1
       1
        
       {

     

       2
       2
        
         imports = [

     

       3
       3
       +
           # keep-sorted start

     

       3
       4
        
           ./caelestia

     

       4
       5
        
           ./chromium

     

       5
       6
        
           ./dms

     
···

       17
       18
        
           ./starship

     

       18
       19
        
           ./vscodium

     

       19
       20
        
           ./zed-editor

     

       21
       21
       +
           # keep-sorted end

     

       20
       22
        
         ];

     

       21
       23
        
       }

+1 -1

homeModules/programs/helix/default.nix

···

       5
       5
        
       {

     

       6
       6
        
         options.py.programs.helix.enable = lib.mkEnableOption "helix editor";

     

       7
       7
        
         config.catppuccin.helix = {

     

       8
       8
       -
           enable = cfg.enable;

     

       8
       8
       +
           inherit (cfg) enable;

     

       9
       9
        
           useItalics = cfg.enable;

     

       10
       10
        
         };

     

       11
       11
        
         config.programs.helix = lib.mkIf cfg.enable {

+6 -6

homeModules/programs/neovim/default.nix

···

       24
       24
        
             pkgs.gcc

     

       25
       25
        
             pkgs.go

     

       26
       26
        
             pkgs.nodejs

     

       27
       27
       -
           ]

     

       28
       28
       -
           ++ lib.optionals config.py.profiles.gui.enable [

     

       29
       29
       -
             pkgs.ffmpegthumbnailer

     

       30
       30
       -
             pkgs.fontpreview

     

       31
       31
       -
             pkgs.poppler

     

       32
       32
       -
             pkgs.ueberzug

     

       27
       27
       +
             # ]

     

       28
       28
       +
             # ++ lib.optionals config.py.profiles.gui.enable [

     

       29
       29
       +
             #   pkgs.ffmpegthumbnailer

     

       30
       30
       +
             #   pkgs.fontpreview

     

       31
       31
       +
             #   pkgs.poppler

     

       32
       32
       +
             #   pkgs.ueberzug

     

       33
       33
        
           ];

     

       34
       34
        
         };

     

       35
       35
        
       }

+2 -3

homeModules/wayland/default.nix

···

       7
       7
        
       }:

     

       8
       8
        
       let

     

       9
       9
        
         c = osConfig.py.programs.hyprland;

     

       10
       10
       -
         cfg = config.wayland.windowManager.hyprland;

     

       11
       10
        
       in

     

       12
       11
        
       {

     

       13
       12
        
         imports = [

     
···

       17
       16
        
         config = {

     

       18
       17
        
           catppuccin.hyprland.enable = c.enable;

     

       19
       18
        
           wayland.windowManager.hyprland = {

     

       20
       20
       -
             enable = c.enable;

     

       19
       19
       +
             inherit (c) enable;

     

       21
       20
        
             # Per https://nix-community.github.io/home-manager/options.xhtml#opt-wayland.windowManager.hyprland.package

     

       22
       21
        
             package = null;

     

       23
       22
        
             systemd = {

     

       24
       23
        
               enable = true;

     

       25
       24
        
               enableXdgAutostart = true;

     

       26
       25
        
             };

     

       27
       27
       -
             settings = (import ./settings.nix { inherit lib config; });

     

       26
       26
       +
             settings = import ./settings.nix { inherit lib config; };

     

       28
       27
        
             plugins = [

     

       29
       28
        
               pkgs.hyprlandPlugins.hy3

     

       30
       29
        
             ];

+1 -1

homeModules/wayland/hypridle.nix

···

       12
       12
        
           settings = {

     

       13
       13
        
             general = {

     

       14
       14
        
               lock_cmd = "loginctl lock-session";

     

       15
       15
       -
               before_sleep_cmd = "loginctl lock-session";

     

       15
       15
       +
               # before_sleep_cmd = "loginctl lock-session";

     

       16
       16
        
               after_sleep_cmd = "hyprctl dispatch dpms on";

     

       17
       17
        
               inhibit_sleep = 3;

     

       18
       18
        
             };

+2 -2

homeModules/wayland/settings.nix

···

       1
       1
        
       { config, lib, ... }:

     

       2
       2
        
       let

     

       3
       3
       -
         shell = config.py.profiles.desktop.shell;

     

       4
       4
       -
         keybinds = (import ./keybindings.nix { inherit lib shell; });

     

       3
       3
       +
         inherit (config.py.profiles.desktop) shell;

     

       4
       4
       +
         keybinds = import ./keybindings.nix { inherit lib shell; };

     

       5
       5
        
         monitors = import ./monitors.nix;

     

       6
       6
        
         variables = import ./variables.nix;

     

       7
       7
        
         plugins = import ./plugins.nix;

hosts/default.nix

···

       40
       40
        
                 "server"

     

       41
       41
        
                 "vps"

     

       42
       42
        
               ];

     

       43
       43
       +
               modules = [

     

       44
       44
       +
                 inputs.dn42.nixosModules.default

     

       45
       45
       +
               ];

     

       43
       46
        
             };

     

       44
       47
        
             thought = {

     

       45
       48
        
               deployable = true;

+4 -5

hosts/marvin/default.nix

···

       8
       8
        
           ./hardware.nix

     

       9
       9
        
       

     

       10
       10
        
           # Running Services

     

       11
       11
       +
           # keep-sorted start

     

       11
       12
        
           ./services/anubis.nix

     

       12
       12
       -
           # ./services/authentik.nix

     

       13
       13
        
           ./services/avahi.nix

     

       14
       14
        
           ./services/bots.nix

     

       15
       15
        
           ./services/deemix.nix

     
···

       17
       17
        
           ./services/git.nix

     

       18
       18
        
           ./services/golink.nix

     

       19
       19
        
           ./services/grafana.nix

     

       20
       20
       -
           # ./services/iceshrimp.nix

     

       20
       20
       +
           ./services/immich.nix

     

       21
       21
        
           ./services/jellyfin.nix

     

       22
       22
        
           ./services/matrix.nix

     

       23
       23
        
           ./services/miniflux.nix

     

       24
       24
       +
           ./services/nextcloud

     

       24
       25
        
           ./services/nginx.nix

     

       25
       25
       -
           ./services/nextcloud

     

       26
       26
        
           ./services/pinchflat.nix

     

       27
       27
       -
           ./services/pingvin-share.nix

     

       28
       27
        
           ./services/planka.nix

     

       29
       28
        
           ./services/pocket-id.nix

     

       30
       29
        
           ./services/podman.nix

     

       31
       30
        
           ./services/postgres.nix

     

       32
       31
        
           ./services/prometheus.nix

     

       33
       33
       -
           # ./services/redlib.nix

     

       34
       32
        
           ./services/scrutiny.nix

     

       35
       33
        
           ./services/syncthing.nix

     

       36
       34
        
           ./services/tailscale.nix

     

       37
       35
        
           ./services/tangled.nix

     

       38
       36
        
           ./services/vaultwarden.nix

     

       39
       37
        
           ./services/zfs.nix

     

       38
       38
       +
           # keep-sorted end

     

       40
       39
        
         ];

     

       41
       40
        
         nix.settings.max-jobs = 12;

     

       42
       41
        
         networking = {

hosts/marvin/services/anubis.nix

···

       1
       1
        
       {

     

       2
       2
        
         config,

     

       3
       3
       +
         self',

     

       3
       4
        
         ...

     

       4
       5
        
       }:

     

       5
       6
        
       {

     
···

       15
       16
        
               ED25519_PRIVATE_KEY_HEX_FILE = config.age.secrets.anubis-key.path;

     

       16
       17
        
               OG_PASSTHROUGH = true;

     

       17
       18
        
               OG_CACHE_CONSIDER_HOST = true;

     

       19
       19
       +
               POLICY_FNAME = "${self'.packages.anubis-files}/policies/default.yaml";

     

       18
       20
        
             };

     

       19
       21
        
           };

     

       20
       22
        
           age.secrets.anubis-key = {

-92

hosts/marvin/services/authentik.nix

···

       1
       1
       -
       {

     

       2
       2
       -
         config,

     

       3
       3
       -
         self,

     

       4
       4
       -
         ...

     

       5
       5
       -
       }:

     

       6
       6
       -
       let

     

       7
       7
       -
         d = self.lib.data.services.authentik;

     

       8
       8
       -
       in

     

       9
       9
       -
       {

     

       10
       10
       -
         virtualisation.oci-containers.containers =

     

       11
       11
       -
           let

     

       12
       12
       -
             authentikVersion = "2025.4";

     

       13
       13
       -
             base = {

     

       14
       14
       -
               environmentFiles = [ config.age.secrets.authentik-env.path ];

     

       15
       15
       -
               extraOptions = [ "--network=authentik" ];

     

       16
       16
       -
             };

     

       17
       17
       -
             authentikBase = base // {

     

       18
       18
       -
               image = "ghcr.io/goauthentik/server:${authentikVersion}";

     

       19
       19
       -
               environment = {

     

       20
       20
       -
                 AUTHENTIK_REDIS__HOST = "authentik-redict";

     

       21
       21
       -
       

     

       22
       22
       -
                 # Postgres Settings

     

       23
       23
       -
                 AUTHENTIK_POSTGRESQL__HOST = "authentik-db";

     

       24
       24
       -
                 AUTHENTIK_POSTGRESQL__PORT = "5432";

     

       25
       25
       -
                 AUTHENTIK_POSTGRESQL__USER = "authentik";

     

       26
       26
       -
                 AUTHENTIK_POSTGRESQL__NAME = "authentik";

     

       27
       27
       -
                 AUTHENTIK_POSTGRESQL__PASSWORD = "\${PG_PASS}";

     

       28
       28
       -
       

     

       29
       29
       -
                 # Disable error reporting

     

       30
       30
       -
                 AUTHENTIK_ERROR_REPORTING__ENABLED = "false";

     

       31
       31
       -
       

     

       32
       32
       -
                 # Avatars are an attribute based on an uploaded file

     

       33
       33
       -
                 AUTHENTIK_AVATARS = "attributes.user.avatar";

     

       34
       34
       -
       

     

       35
       35
       -
                 # Email Settings

     

       36
       36
       -
                 AUTHENTIK_EMAIL__HOST = "mail.pyrox.dev";

     

       37
       37
       -
                 AUTHENTIK_EMAIL__USERNAME = "auth@pyrox.dev";

     

       38
       38
       -
                 AUTHENTIK_EMAIL__PORT = "465";

     

       39
       39
       -
                 AUTHENTIK_EMAIL__USE_TLS = "true";

     

       40
       40
       -
                 AUTHENTIK_EMAIL__FROM = "PyroServ Auth <auth@pyrox.dev>";

     

       41
       41
       -
               };

     

       42
       42
       -
             };

     

       43
       43
       -
             authentikVols = [

     

       44
       44
       -
               "/var/lib/authentik/media:/media"

     

       45
       45
       -
               "/var/lib/authentik/templates:/templates"

     

       46
       46
       -
             ];

     

       47
       47
       -
           in

     

       48
       48
       -
           {

     

       49
       49
       -
             authentik-db = base // {

     

       50
       50
       -
               image = "postgres:17-alpine";

     

       51
       51
       -
               volumes = [ "/var/lib/authentik/db:/var/lib/postgresql/data" ];

     

       52
       52
       -
               environment = {

     

       53
       53
       -
                 POSTGRES_PASSWORD = "\${PG_PASS}";

     

       54
       54
       -
                 POSTGRES_USER = "authentik";

     

       55
       55
       -
                 POSTGRES_DB = "authentik";

     

       56
       56
       -
               };

     

       57
       57
       -
             };

     

       58
       58
       -
             authentik-redict = {

     

       59
       59
       -
               image = "registry.redict.io/redict:alpine";

     

       60
       60
       -
               extraOptions = [ "--network=authentik" ];

     

       61
       61
       -
             };

     

       62
       62
       -
             authentik-server = authentikBase // {

     

       63
       63
       -
               cmd = [ "server" ];

     

       64
       64
       -
               ports = [

     

       65
       65
       -
                 "${toString d.port}:9000"

     

       66
       66
       -
                 "6943:9443"

     

       67
       67
       -
                 "9301:9300"

     

       68
       68
       -
               ];

     

       69
       69
       -
               volumes = authentikVols ++ [ "/var/lib/authentik/custom.css:/web/dist/custom.css" ];

     

       70
       70
       -
             };

     

       71
       71
       -
             authentik-worker = authentikBase // {

     

       72
       72
       -
               cmd = [ "worker" ];

     

       73
       73
       -
               volumes = authentikVols ++ [ "/var/lib/authentik/certs:/certs" ];

     

       74
       74
       -
             };

     

       75
       75
       -
             authentik-ldap = base // {

     

       76
       76
       -
               image = "ghcr.io/goauthentik/ldap:${authentikVersion}";

     

       77
       77
       -
               ports = [

     

       78
       78
       -
                 "389:3389"

     

       79
       79
       -
                 "636:6636"

     

       80
       80
       -
               ];

     

       81
       81
       -
               environment = {

     

       82
       82
       -
                 AUTHENTIK_HOST = "https://${d.extUrl}";

     

       83
       83
       -
                 AUTHENTIK_INSECURE = "false";

     

       84
       84
       -
               };

     

       85
       85
       -
             };

     

       86
       86
       -
           };

     

       87
       87
       -
         age.secrets.authentik-env = {

     

       88
       88
       -
           file = ./secrets/authentik-env.age;

     

       89
       89
       -
           owner = "thehedgehog";

     

       90
       90
       -
           group = "misc";

     

       91
       91
       -
         };

     

       92
       92
       -
       }

-5

hosts/marvin/services/bookstack.nix

···

       1
       1
       -
       {

     

       2
       2
       -
         services.bookstack = {

     

       3
       3
       -
           enable = true;

     

       4
       4
       -
         };

     

       5
       5
       -
       }

+1 -1

hosts/marvin/services/gdq-cals.nix

···

       19
       19
        
             description = "GDQ Calendar Updater";

     

       20
       20
        
             path = [ pyWithLibs ];

     

       21
       21
        
             serviceConfig = {

     

       22
       22
       -
               ExecStart = "${lib.getExe pyWithLibs} gdq_cal_ics_exporter.py--fatales --gcal --disable_general";

     

       22
       22
       +
               ExecStart = "${lib.getExe pyWithLibs} gdq_cal_ics_exporter.py --fatales --gcal --disable_general";

     

       23
       23
        
               Type = "oneshot";

     

       24
       24
        
               WorkingDirectory = "/home/thehedgehog/gdq-cals/";

     

       25
       25
        
               User = "thehedgehog";

+5 -5

hosts/marvin/services/git.nix

···

       41
       41
        
           };

     

       42
       42
        
           settings = {

     

       43
       43
        
             DEFAULT = {

     

       44
       44
       -
               APP_NAME = "PyroNet Git";

     

       44
       44
       +
               APP_NAME = "dishNet Git";

     

       45
       45
        
               RUN_MODE = "prod";

     

       46
       46
        
             };

     

       47
       47
        
             attachment = {

     

       48
       48
        
               MAX_SIZE = 200;

     

       49
       49
        
             };

     

       50
       50
       -
             log."logger.router.MODE" = "";

     

       50
       50
       +
             log.LOGGER_ROUTER_MODE = "";

     

       51
       51
        
             mailer = {

     

       52
       52
        
               ENABLED = true;

     

       53
       53
       -
               FROM = "PyroNet Git <git@pyrox.dev>";

     

       53
       53
       +
               FROM = "dishNet Git <git@pyrox.dev>";

     

       54
       54
        
               PROTOCOL = "smtps";

     

       55
       55
        
               SMTP_ADDR = "mail.pyrox.dev";

     

       56
       56
        
               SMTP_PORT = 465;

     
···

       66
       66
        
             };

     

       67
       67
        
             "ui.meta" = {

     

       68
       68
        
               AUTHOR = "dish";

     

       69
       69
       -
               DESCRIPTION = "PyroNet Git Services";

     

       69
       69
       +
               DESCRIPTION = "dishNet Git Services";

     

       70
       70
        
             };

     

       71
       71
        
             metrics = {

     

       72
       72
        
               ENABLED = true;

     
···

       85
       85
        
               ISSUE_INDEXER_PATH = "indexers/issues.bleve";

     

       86
       86
        
               # Enable repo indexing

     

       87
       87
        
               REPO_INDEXER_ENABLED = true;

     

       88
       88
       -
               REPO_INDEXER_REPO_TYPES = "sources,forks,templates,mirrors";

     

       88
       88
       +
               REPO_INDEXER_REPO_TYPES = "sources,forks";

     

       89
       89
        
               REPO_INDEXER_TYPE = "bleve";

     

       90
       90
        
               REPO_INDEXER_PATH = "indexers/repos.bleve";

     

       91
       91
        
             };

+4 -4

hosts/marvin/services/grafana.nix

···

       40
       40
        
             };

     

       41
       41
        
             smtp = {

     

       42
       42
        
               enabled = true;

     

       43
       43
       -
               user = "grafana@thehedgehog.me";

     

       44
       44
       -
               from_address = "grafana@thehedgehog.me";

     

       45
       45
       -
               host = "smtp.migadu.com:465";

     

       43
       43
       +
               user = "grafana@pyrox.dev";

     

       44
       44
       +
               from_address = "grafana@pyrox.dev";

     

       45
       45
       +
               host = "mail.pyrox.dev:465";

     

       46
       46
        
               password = "$__file{${config.age.secrets.grafana-smtp-password.path}}";

     

       47
       47
        
             };

     

       48
       48
        
           };

     
···

       62
       62
        
         services.anubis.instances.grafana = {

     

       63
       63
        
           settings = {

     

       64
       64
        
             BIND = ":${toString d.anubis}";

     

       65
       65
       -
             POLICY_FNAME = "${self'.packages.anubis-files}/policies/grafana.yaml";

     

       65
       65
       +
             POLICY_FNAME = "${self'.packages.anubis-files}/policies/default.yaml";

     

       66
       66
        
             TARGET = "http://localhost:${toString d.port}";

     

       67
       67
        
           };

     

       68
       68
        
         };

-97

hosts/marvin/services/iceshrimp.nix

···

       1
       1
       -
       {

     

       2
       2
       -
         config,

     

       3
       3
       -
         inputs,

     

       4
       4
       -
         pkgs,

     

       5
       5
       -
         lib,

     

       6
       6
       -
         self,

     

       7
       7
       -
         ...

     

       8
       8
       -
       }:

     

       9
       9
       -
       let

     

       10
       10
       -
       

     

       11
       11
       -
         d = self.lib.data.services.iceshrimp;

     

       12
       12
       -
       

     

       13
       13
       -
         package = inputs.iceshrimp.packages.x86_64-linux.iceshrimp-pre.overrideAttrs rec {

     

       14
       14
       -
           version = "2023.12.8-pyrox1";

     

       15
       15
       -
           src = pkgs.fetchgit {

     

       16
       16
       -
             url = "https://iceshrimp.dev/pyrox/iceshrimp";

     

       17
       17
       -
             hash = "sha256-hxZ3rVVAiAMFAYhZ2o+WhlMuhjbt5EyHKOl1VyyL5RA=";

     

       18
       18
       -
             rev = "v${version}";

     

       19
       19
       -
             fetchLFS = true;

     

       20
       20
       -
             deepClone = false;

     

       21
       21
       -
           };

     

       22
       22
       -
           patches = [ ];

     

       23
       23
       -
         };

     

       24
       24
       -
       in

     

       25
       25
       -
       {

     

       26
       26
       -
         services.iceshrimp = {

     

       27
       27
       -
           inherit package;

     

       28
       28
       -
           enable = false;

     

       29
       29
       -
           secretConfig = config.age.secrets.iceshrimp-secret-config.path;

     

       30
       30
       -
           dbPasswordFile = config.age.secrets.iceshrimp-db-password.path;

     

       31
       31
       -
           createDb = true;

     

       32
       32
       -
           configureNginx.enable = false;

     

       33
       33
       -
           settings = {

     

       34
       34
       -
             inherit (d) port;

     

       35
       35
       -
             url = "https://${d.extUrl}";

     

       36
       36
       -
             accountDomain = "pyrox.dev";

     

       37
       37
       -
             redis.port = 6997;

     

       38
       38
       -
             maxNoteLength = 16384;

     

       39
       39
       -
             maxCaptionLength = 8192;

     

       40
       40
       -
             clusterLimit = 4;

     

       41
       41
       -
             deliverJobConcurrency = 192;

     

       42
       42
       -
             inboxJobConcurrency = 32;

     

       43
       43
       -
             deliverJobPerSec = 256;

     

       44
       44
       -
             inboxJobPerSec = 32;

     

       45
       45
       -
             outgoingAddressFamily = "dual";

     

       46
       46
       -
             # See the withdrawal patches for obliterate info

     

       47
       47
       -
             enableObliterate = true;

     

       48
       48
       -
             obliterateJobPerSec = 16;

     

       49
       49
       -
             obliterateJobMaxAttempts = 3;

     

       50
       50
       -
             mediaCleanup = {

     

       51
       51
       -
               cron = true;

     

       52
       52
       -
               maxAgeDays = 30;

     

       53
       53
       -
               cleanAvatars = true;

     

       54
       54
       -
               cleanHeaders = true;

     

       55
       55
       -
             };

     

       56
       56
       -
             htmlCache = {

     

       57
       57
       -
               ttl = "6h";

     

       58
       58
       -
               prewarm = true;

     

       59
       59
       -
               dbFallback = true;

     

       60
       60
       -
             };

     

       61
       61
       -
             wordMuteCache.ttl = "24h";

     

       62
       62
       -
             isManagedHosting = true;

     

       63
       63
       -
             email = {

     

       64
       64
       -
               managed = true;

     

       65
       65
       -
               address = "social@pyrox.dev";

     

       66
       66
       -
               host = "mail.pyrox.dev";

     

       67
       67
       -
               port = 465;

     

       68
       68
       -
               user = "social@pyrox.dev";

     

       69
       69
       -
               useImplicitSslTls = true;

     

       70
       70
       -
             };

     

       71
       71
       -
             objectStorage = {

     

       72
       72
       -
               managed = true;

     

       73
       73
       -
               baseUrl = "https://pool.jortage.com/socialpyroxdev";

     

       74
       74
       -
               bucket = "socialpyroxdev";

     

       75
       75
       -
               prefix = "mkmedia";

     

       76
       76
       -
               endpoint = "pool-api.jortage.com";

     

       77
       77
       -
               region = "jort";

     

       78
       78
       -
               useSsl = true;

     

       79
       79
       -
               connnectOverProxy = false;

     

       80
       80
       -
               setPublicReadOnUpload = false;

     

       81
       81
       -
               s3ForcePathStyle = true;

     

       82
       82
       -
             };

     

       83
       83
       -
           };

     

       84
       84
       -
         };

     

       85
       85
       -
         age.secrets = lib.mkIf config.services.iceshrimp.enable {

     

       86
       86
       -
           iceshrimp-secret-config = {

     

       87
       87
       -
             inherit (config.services.iceshrimp) group;

     

       88
       88
       -
             file = ./secrets/iceshrimp-secret-config.age;

     

       89
       89
       -
             owner = config.services.iceshrimp.user;

     

       90
       90
       -
           };

     

       91
       91
       -
           iceshrimp-db-password = {

     

       92
       92
       -
             file = ./secrets/iceshrimp-db-password.age;

     

       93
       93
       -
             owner = "postgres";

     

       94
       94
       -
             group = "postgres";

     

       95
       95
       -
           };

     

       96
       96
       -
         };

     

       97
       97
       -
       }

+223

hosts/marvin/services/immich-config.json

···

       1
       1
       +
       {

     

       2
       2
       +
         "backup": {

     

       3
       3
       +
           "database": {

     

       4
       4
       +
             "cronExpression": "0 02 * * *",

     

       5
       5
       +
             "enabled": true,

     

       6
       6
       +
             "keepLastAmount": 14

     

       7
       7
       +
           }

     

       8
       8
       +
         },

     

       9
       9
       +
         "ffmpeg": {

     

       10
       10
       +
           "accel": "vaapi",

     

       11
       11
       +
           "accelDecode": true,

     

       12
       12
       +
           "acceptedAudioCodecs": ["aac", "mp3", "libopus"],

     

       13
       13
       +
           "acceptedContainers": ["mov", "ogg", "webm"],

     

       14
       14
       +
           "acceptedVideoCodecs": ["h264"],

     

       15
       15
       +
           "bframes": -1,

     

       16
       16
       +
           "cqMode": "auto",

     

       17
       17
       +
           "crf": 23,

     

       18
       18
       +
           "gopSize": 0,

     

       19
       19
       +
           "maxBitrate": "0",

     

       20
       20
       +
           "preferredHwDevice": "auto",

     

       21
       21
       +
           "preset": "veryfast",

     

       22
       22
       +
           "refs": 0,

     

       23
       23
       +
           "targetAudioCodec": "aac",

     

       24
       24
       +
           "targetResolution": "720",

     

       25
       25
       +
           "targetVideoCodec": "h264",

     

       26
       26
       +
           "temporalAQ": false,

     

       27
       27
       +
           "threads": 0,

     

       28
       28
       +
           "tonemap": "hable",

     

       29
       29
       +
           "transcode": "required",

     

       30
       30
       +
           "twoPass": false

     

       31
       31
       +
         },

     

       32
       32
       +
         "image": {

     

       33
       33
       +
           "colorspace": "p3",

     

       34
       34
       +
           "extractEmbedded": false,

     

       35
       35
       +
           "fullsize": {

     

       36
       36
       +
             "enabled": false,

     

       37
       37
       +
             "format": "jpeg",

     

       38
       38
       +
             "quality": 80

     

       39
       39
       +
           },

     

       40
       40
       +
           "preview": {

     

       41
       41
       +
             "format": "jpeg",

     

       42
       42
       +
             "quality": 80,

     

       43
       43
       +
             "size": 1440

     

       44
       44
       +
           },

     

       45
       45
       +
           "thumbnail": {

     

       46
       46
       +
             "format": "webp",

     

       47
       47
       +
             "quality": 80,

     

       48
       48
       +
             "size": 250

     

       49
       49
       +
           }

     

       50
       50
       +
         },

     

       51
       51
       +
         "job": {

     

       52
       52
       +
           "backgroundTask": {

     

       53
       53
       +
             "concurrency": 5

     

       54
       54
       +
           },

     

       55
       55
       +
           "faceDetection": {

     

       56
       56
       +
             "concurrency": 2

     

       57
       57
       +
           },

     

       58
       58
       +
           "library": {

     

       59
       59
       +
             "concurrency": 5

     

       60
       60
       +
           },

     

       61
       61
       +
           "metadataExtraction": {

     

       62
       62
       +
             "concurrency": 5

     

       63
       63
       +
           },

     

       64
       64
       +
           "migration": {

     

       65
       65
       +
             "concurrency": 5

     

       66
       66
       +
           },

     

       67
       67
       +
           "notifications": {

     

       68
       68
       +
             "concurrency": 5

     

       69
       69
       +
           },

     

       70
       70
       +
           "ocr": {

     

       71
       71
       +
             "concurrency": 1

     

       72
       72
       +
           },

     

       73
       73
       +
           "search": {

     

       74
       74
       +
             "concurrency": 5

     

       75
       75
       +
           },

     

       76
       76
       +
           "sidecar": {

     

       77
       77
       +
             "concurrency": 5

     

       78
       78
       +
           },

     

       79
       79
       +
           "smartSearch": {

     

       80
       80
       +
             "concurrency": 2

     

       81
       81
       +
           },

     

       82
       82
       +
           "thumbnailGeneration": {

     

       83
       83
       +
             "concurrency": 3

     

       84
       84
       +
           },

     

       85
       85
       +
           "videoConversion": {

     

       86
       86
       +
             "concurrency": 1

     

       87
       87
       +
           },

     

       88
       88
       +
           "workflow": {

     

       89
       89
       +
             "concurrency": 5

     

       90
       90
       +
           }

     

       91
       91
       +
         },

     

       92
       92
       +
         "library": {

     

       93
       93
       +
           "scan": {

     

       94
       94
       +
             "cronExpression": "0 0 * * *",

     

       95
       95
       +
             "enabled": true

     

       96
       96
       +
           },

     

       97
       97
       +
           "watch": {

     

       98
       98
       +
             "enabled": false

     

       99
       99
       +
           }

     

       100
       100
       +
         },

     

       101
       101
       +
         "logging": {

     

       102
       102
       +
           "enabled": true,

     

       103
       103
       +
           "level": "log"

     

       104
       104
       +
         },

     

       105
       105
       +
         "machineLearning": {

     

       106
       106
       +
           "availabilityChecks": {

     

       107
       107
       +
             "enabled": true,

     

       108
       108
       +
             "interval": 30000,

     

       109
       109
       +
             "timeout": 2000

     

       110
       110
       +
           },

     

       111
       111
       +
           "clip": {

     

       112
       112
       +
             "enabled": true,

     

       113
       113
       +
             "modelName": "ViT-B-16-SigLIP2__webli"

     

       114
       114
       +
           },

     

       115
       115
       +
           "duplicateDetection": {

     

       116
       116
       +
             "enabled": true,

     

       117
       117
       +
             "maxDistance": 0.01

     

       118
       118
       +
           },

     

       119
       119
       +
           "enabled": true,

     

       120
       120
       +
           "facialRecognition": {

     

       121
       121
       +
             "enabled": true,

     

       122
       122
       +
             "maxDistance": 0.5,

     

       123
       123
       +
             "minFaces": 7,

     

       124
       124
       +
             "minScore": 0.7,

     

       125
       125
       +
             "modelName": "buffalo_l"

     

       126
       126
       +
           },

     

       127
       127
       +
           "ocr": {

     

       128
       128
       +
             "enabled": true,

     

       129
       129
       +
             "maxResolution": 736,

     

       130
       130
       +
             "minDetectionScore": 0.5,

     

       131
       131
       +
             "minRecognitionScore": 0.8,

     

       132
       132
       +
             "modelName": "EN__PP-OCRv5_mobile"

     

       133
       133
       +
           },

     

       134
       134
       +
           "urls": ["http://localhost:3003"]

     

       135
       135
       +
         },

     

       136
       136
       +
         "map": {

     

       137
       137
       +
           "darkStyle": "https://tiles.immich.cloud/v1/style/dark.json",

     

       138
       138
       +
           "enabled": true,

     

       139
       139
       +
           "lightStyle": "https://tiles.immich.cloud/v1/style/light.json"

     

       140
       140
       +
         },

     

       141
       141
       +
         "metadata": {

     

       142
       142
       +
           "faces": {

     

       143
       143
       +
             "import": false

     

       144
       144
       +
           }

     

       145
       145
       +
         },

     

       146
       146
       +
         "newVersionCheck": {

     

       147
       147
       +
           "enabled": false

     

       148
       148
       +
         },

     

       149
       149
       +
         "nightlyTasks": {

     

       150
       150
       +
           "clusterNewFaces": true,

     

       151
       151
       +
           "databaseCleanup": true,

     

       152
       152
       +
           "generateMemories": true,

     

       153
       153
       +
           "missingThumbnails": true,

     

       154
       154
       +
           "startTime": "00:00",

     

       155
       155
       +
           "syncQuotaUsage": true

     

       156
       156
       +
         },

     

       157
       157
       +
         "notifications": {

     

       158
       158
       +
           "smtp": {

     

       159
       159
       +
             "enabled": true,

     

       160
       160
       +
             "from": "dishNet Photos <immich@pyrox.dev>",

     

       161
       161
       +
             "replyTo": "",

     

       162
       162
       +
             "transport": {

     

       163
       163
       +
               "host": "mail.pyrox.dev",

     

       164
       164
       +
               "ignoreCert": false,

     

       165
       165
       +
               "port": 25,

     

       166
       166
       +
               "secure": true,

     

       167
       167
       +
               "username": "immich@pyrox.dev"

     

       168
       168
       +
             }

     

       169
       169
       +
           }

     

       170
       170
       +
         },

     

       171
       171
       +
         "oauth": {

     

       172
       172
       +
           "autoLaunch": false,

     

       173
       173
       +
           "autoRegister": true,

     

       174
       174
       +
           "buttonText": "Login with Pocket-ID",

     

       175
       175
       +
           "clientId": "f1312240-d9fc-4336-aca6-b98316867848",

     

       176
       176
       +
           "defaultStorageQuota": null,

     

       177
       177
       +
           "enabled": true,

     

       178
       178
       +
           "issuerUrl": "https://auth.pyrox.dev",

     

       179
       179
       +
           "mobileOverrideEnabled": false,

     

       180
       180
       +
           "mobileRedirectUri": "",

     

       181
       181
       +
           "profileSigningAlgorithm": "none",

     

       182
       182
       +
           "roleClaim": "immich_role",

     

       183
       183
       +
           "scope": "openid email profile immich_role",

     

       184
       184
       +
           "signingAlgorithm": "RS256",

     

       185
       185
       +
           "storageLabelClaim": "preferred_username",

     

       186
       186
       +
           "storageQuotaClaim": "immich_quota",

     

       187
       187
       +
           "timeout": 30000,

     

       188
       188
       +
           "tokenEndpointAuthMethod": "client_secret_post"

     

       189
       189
       +
         },

     

       190
       190
       +
         "passwordLogin": {

     

       191
       191
       +
           "enabled": true

     

       192
       192
       +
         },

     

       193
       193
       +
         "reverseGeocoding": {

     

       194
       194
       +
           "enabled": true

     

       195
       195
       +
         },

     

       196
       196
       +
         "server": {

     

       197
       197
       +
           "externalDomain": "https://img.pyrox.dev",

     

       198
       198
       +
           "loginPageMessage": "",

     

       199
       199
       +
           "publicUsers": true

     

       200
       200
       +
         },

     

       201
       201
       +
         "storageTemplate": {

     

       202
       202
       +
           "enabled": false,

     

       203
       203
       +
           "hashVerificationEnabled": true,

     

       204
       204
       +
           "template": "{{y}}/{{y}}-{{MM}}-{{dd}}/{{filename}}"

     

       205
       205
       +
         },

     

       206
       206
       +
         "templates": {

     

       207
       207
       +
           "email": {

     

       208
       208
       +
             "albumInviteTemplate": "",

     

       209
       209
       +
             "albumUpdateTemplate": "",

     

       210
       210
       +
             "welcomeTemplate": ""

     

       211
       211
       +
           }

     

       212
       212
       +
         },

     

       213
       213
       +
         "theme": {

     

       214
       214
       +
           "customCss": ""

     

       215
       215
       +
         },

     

       216
       216
       +
         "trash": {

     

       217
       217
       +
           "days": 30,

     

       218
       218
       +
           "enabled": true

     

       219
       219
       +
         },

     

       220
       220
       +
         "user": {

     

       221
       221
       +
           "deleteDelay": 7

     

       222
       222
       +
         }

     

       223
       223
       +
       }

+51

hosts/marvin/services/immich.nix

···

       1
       1
       +
       {

     

       2
       2
       +
         self,

     

       3
       3
       +
         config,

     

       4
       4
       +
         lib,

     

       5
       5
       +
         ...

     

       6
       6
       +
       }:

     

       7
       7
       +
       let

     

       8
       8
       +
         d = self.lib.data.services.immich;

     

       9
       9
       +
       in

     

       10
       10
       +
       {

     

       11
       11
       +
         services = {

     

       12
       12
       +
           immich = {

     

       13
       13
       +
             inherit (d) port;

     

       14
       14
       +
             enable = true;

     

       15
       15
       +
             host = "0.0.0.0";

     

       16
       16
       +
             redis.enable = true;

     

       17
       17
       +
             mediaLocation = "/var/media/photos/";

     

       18
       18
       +
             accelerationDevices = [ "/dev/dri/renderD128" ];

     

       19
       19
       +
             settings = lib.recursiveUpdate (builtins.fromJSON (builtins.readFile ./immich-config.json)) {

     

       20
       20
       +
               oauth.clientSecret._secret = config.age.secrets.immich-oauth-secret.path;

     

       21
       21
       +
               notifications.smtp.transport.password._secret = config.age.secrets.immich-mail-pw.path;

     

       22
       22
       +
               server.externalDomain = "https://${d.extUrl}";

     

       23
       23
       +
             };

     

       24
       24
       +
           };

     

       25
       25
       +
           immich-public-proxy = {

     

       26
       26
       +
             enable = true;

     

       27
       27
       +
             port = d.pubProxy;

     

       28
       28
       +
             immichUrl = "http://localhost:${toString d.port}";

     

       29
       29
       +
             settings.ipp = {

     

       30
       30
       +
               downloadedFilename = 1;

     

       31
       31
       +
             };

     

       32
       32
       +
           };

     

       33
       33
       +
         };

     

       34
       34
       +
         systemd.services.immich-public-proxy.environment.PUBLIC_BASE_URL = "https://${d.extUrl}";

     

       35
       35
       +
         users.users.immich.extraGroups = [

     

       36
       36
       +
           "video"

     

       37
       37
       +
           "render"

     

       38
       38
       +
         ];

     

       39
       39
       +
         age.secrets = {

     

       40
       40
       +
           immich-oauth-secret = {

     

       41
       41
       +
             file = ./secrets/immich/oauth-secret.age;

     

       42
       42
       +
             owner = "immich";

     

       43
       43
       +
             group = "immich";

     

       44
       44
       +
           };

     

       45
       45
       +
           immich-mail-pw = {

     

       46
       46
       +
             file = ./secrets/immich/mail-pw.age;

     

       47
       47
       +
             owner = "immich";

     

       48
       48
       +
             group = "immich";

     

       49
       49
       +
           };

     

       50
       50
       +
         };

     

       51
       51
       +
       }

-2

hosts/marvin/services/miniflux.nix

···

       1
       1
        
       {

     

       2
       2
        
         config,

     

       3
       3
       -
         self',

     

       4
       3
        
         self,

     

       5
       4
        
         ...

     

       6
       5
        
       }:

     
···

       33
       32
        
         services.anubis.instances.miniflux = {

     

       34
       33
        
           settings = {

     

       35
       34
        
             BIND = ":${toString d.anubis}";

     

       36
       36
       -
             POLICY_FNAME = "${self'.packages.anubis-files}/policies/miniflux.yaml";

     

       37
       35
        
             TARGET = "http://localhost:${toString d.port}";

     

       38
       36
        
           };

     

       39
       37
        
         };

-11

hosts/marvin/services/minio.nix

···

       1
       1
       -
       { config, ... }:

     

       2
       2
       -
       {

     

       3
       3
       -
         services.minio = {

     

       4
       4
       -
           enable = true;

     

       5
       5
       -
           region = "us-east-1";

     

       6
       6
       -
           browser = true;

     

       7
       7
       -
           listenAddress = ":6990";

     

       8
       8
       -
           consoleAddress = ":6991";

     

       9
       9
       -
           rootCredentialsFile = config.age.secrets.minio-root.path;

     

       10
       10
       -
         };

     

       11
       11
       -
       }

+1 -1

hosts/marvin/services/nextcloud/office.nix

···

       5
       5
        
       {

     

       6
       6
        
         services.collabora-online = {

     

       7
       7
        
           enable = true;

     

       8
       8
       -
           port = d.port;

     

       8
       8
       +
           inherit (d) port;

     

       9
       9
        
           settings = {

     

       10
       10
        
             ssl.enable = false;

     

       11
       11
        
             ssl.termination = true;

+1 -1

hosts/marvin/services/pinchflat.nix

···

       12
       12
        
       {

     

       13
       13
        
         services.pinchflat = {

     

       14
       14
        
           enable = true;

     

       15
       15
       -
           port = d.port;

     

       15
       15
       +
           inherit (d) port;

     

       16
       16
        
           secretsFile = age.pinchflat-secrets.path;

     

       17
       17
        
           mediaDir = "/var/media/youtube";

     

       18
       18
        
           extraConfig = {

-130

hosts/marvin/services/pingvin-share.nix

···

       1
       1
       -
       {

     

       2
       2
       -
         config,

     

       3
       3
       -
         pkgs,

     

       4
       4
       -
         self',

     

       5
       5
       -
         self,

     

       6
       6
       -
         ...

     

       7
       7
       -
       }:

     

       8
       8
       -
       let

     

       9
       9
       -
         d = self.lib.data.services.pingvin-share;

     

       10
       10
       -
         cfg = config.services.pingvin-share;

     

       11
       11
       -
         configFormat = pkgs.formats.yaml { };

     

       12
       12
       -
         configFile = configFormat.generate "config.yaml" {

     

       13
       13
       -
           general = {

     

       14
       14
       -
             appName = "dishNet Share";

     

       15
       15
       -
             appUrl = "https://share.pyrox.dev";

     

       16
       16
       -
             secureCookies = "true";

     

       17
       17
       -
             showHomePage = "false";

     

       18
       18
       -
           };

     

       19
       19
       -
           share = {

     

       20
       20
       -
             allowRegistration = "false";

     

       21
       21
       -
             allowUnauthenticatedShares = "false";

     

       22
       22
       -
             maxSize = "10000000000";

     

       23
       23
       -
           };

     

       24
       24
       -
           email.enableShareEmailRecipients = "true";

     

       25
       25
       -
           smtp = {

     

       26
       26
       -
             enabled = "true";

     

       27
       27
       -
             host = "mail.pyrox.dev";

     

       28
       28
       -
             port = "465";

     

       29
       29
       -
             email = "share@pyrox.dev";

     

       30
       30
       -
             username = "share@pyrox.dev";

     

       31
       31
       -
             password = "SMTP_PASSWORD";

     

       32
       32
       -
           };

     

       33
       33
       -
           ldap.enabled = "false";

     

       34
       34
       -
           legal.enabled = "false";

     

       35
       35
       -
           s3.enabled = "false";

     

       36
       36
       -
           oauth = {

     

       37
       37
       -
             ignoreTotp = "true";

     

       38
       38
       -
             oidc-enabled = "true";

     

       39
       39
       -
             oidc-clientSecret = "CLIENT_SECRET";

     

       40
       40
       -
             oidc-clientId = "d83006a6-9b08-47eb-af56-418065db09b5";

     

       41
       41
       -
             oidc-discoveryUri = "https://auth.pyrox.dev/.well-known/openid-configuration";

     

       42
       42
       -
             oidc-signOut = "false";

     

       43
       43
       -
             oidc-scope = "openid email profile groups";

     

       44
       44
       -
             oidc-rolePath = "groups";

     

       45
       45
       -
             oidc-roleAdminAccess = "admins";

     

       46
       46
       -
           };

     

       47
       47
       -
           initUser.enabled = false;

     

       48
       48
       -
         };

     

       49
       49
       -
       in

     

       50
       50
       -
       {

     

       51
       51
       -
         virtualisation.oci-containers.containers = {

     

       52
       52
       -
           pingvin-share-server = {

     

       53
       53
       -
             image = "ghcr.io/stonith404/pingvin-share:latest";

     

       54
       54
       -
             ports = [

     

       55
       55
       -
               "${toString d.port}:3000"

     

       56
       56
       -
               "${toString d.be-port}:8080"

     

       57
       57
       -
             ];

     

       58
       58
       -
             volumes = [

     

       59
       59
       -
               "/var/lib/pingvin-share/data:/opt/app/backend/data"

     

       60
       60
       -
               "/var/lib/pingvin-share/data/images:/opt/app/frontend/public/img"

     

       61
       61
       -
               "/var/lib/pingvin-share/config.yaml:/opt/app/config.yaml"

     

       62
       62
       -
             ];

     

       63
       63
       -
             environment = {

     

       64
       64
       -
               API_URL = "https://share.pyrox.dev";

     

       65
       65
       -
               PUID = "962";

     

       66
       66
       -
               PGID = "959";

     

       67
       67
       -
             };

     

       68
       68
       -
           };

     

       69
       69
       -
         };

     

       70
       70
       -
         users.users.pingvin = {

     

       71
       71
       -
           uid = 962;

     

       72
       72
       -
           group = cfg.group;

     

       73
       73
       -
           isSystemUser = true;

     

       74
       74
       -
         };

     

       75
       75
       -
         users.groups.pingvin = {

     

       76
       76
       -
           gid = 959;

     

       77
       77
       -
         };

     

       78
       78
       -
       

     

       79
       79
       -
         services = {

     

       80
       80
       -
           pingvin-share = {

     

       81
       81
       -
             enable = false;

     

       82
       82
       -
             backend.port = d.be-port;

     

       83
       83
       -
             frontend.port = d.port;

     

       84
       84
       -
             hostname = "share.pyrox.dev";

     

       85
       85
       -
             https = true;

     

       86
       86
       -
           };

     

       87
       87
       -
           anubis.instances = {

     

       88
       88
       -
             pingvin-share-be = {

     

       89
       89
       -
               settings = {

     

       90
       90
       -
                 BIND = ":${toString d.be-anubis}";

     

       91
       91
       -
                 POLICY_FNAME = "${self'.packages.anubis-files}/policies/pingvin-share.yaml";

     

       92
       92
       -
                 TARGET = "http://localhost:${toString d.be-port}";

     

       93
       93
       -
               };

     

       94
       94
       -
             };

     

       95
       95
       -
             pingvin-share-fe = {

     

       96
       96
       -
               settings = {

     

       97
       97
       -
                 BIND = ":${toString d.anubis}";

     

       98
       98
       -
                 POLICY_FNAME = "${self'.packages.anubis-files}/policies/pingvin-share.yaml";

     

       99
       99
       -
                 TARGET = "http://localhost:${toString d.port}";

     

       100
       100
       -
               };

     

       101
       101
       -
             };

     

       102
       102
       -
           };

     

       103
       103
       -
         };

     

       104
       104
       -
         systemd.services.init-pingvin-config = {

     

       105
       105
       -
           enable = true;

     

       106
       106
       -
           description = "Pingvin Share configuration setup";

     

       107
       107
       -
           wantedBy = [ "multi-user.target" ];

     

       108
       108
       -
           before = [

     

       109
       109
       -
             "docker-pingvin-share-server.service"

     

       110
       110
       -
           ];

     

       111
       111
       -
           path = [ pkgs.gnused ];

     

       112
       112
       -
           script = ''

     

       113
       113
       -
             rm ${cfg.dataDir}/config.yaml

     

       114
       114
       -
             cp ${configFile} ${cfg.dataDir}/config.yaml

     

       115
       115
       -
             sed -i "s/SMTP_PASSWORD/\"$SMTP_PASSWORD\"/" ${cfg.dataDir}/config.yaml

     

       116
       116
       -
             sed -i "s/CLIENT_SECRET/\"$CLIENT_SECRET\"/" ${cfg.dataDir}/config.yaml

     

       117
       117
       -
           '';

     

       118
       118
       -
           serviceConfig = {

     

       119
       119
       -
             EnvironmentFile = config.age.secrets.pingvin-secrets.path;

     

       120
       120
       -
             User = cfg.user;

     

       121
       121
       -
             Group = cfg.group;

     

       122
       122
       -
             ReadWritePaths = [ "${cfg.dataDir}" ];

     

       123
       123
       -
           };

     

       124
       124
       -
         };

     

       125
       125
       -
         age.secrets.pingvin-secrets = {

     

       126
       126
       -
           file = ./secrets/pingvin-secrets.age;

     

       127
       127
       -
           owner = cfg.user;

     

       128
       128
       -
           group = cfg.group;

     

       129
       129
       -
         };

     

       130
       130
       -
       }

+97 -34

hosts/marvin/services/planka.nix

···

       1
       1
        
       {

     

       2
       2
       +
         lib,

     

       2
       3
        
         config,

     

       4
       4
       +
         self,

     

       3
       5
        
         self',

     

       4
       4
       -
         self,

     

       6
       6
       +
         pkgs,

     

       5
       7
        
         ...

     

       6
       8
        
       }:

     

       7
       9
        
       let

     

       8
       8
       -
         dataDir = "/var/lib/planka";

     

       9
       10
        
         d = self.lib.data.services.planka;

     

       11
       11
       +
       

     

       12
       12
       +
         commonServiceConfig = {

     

       13
       13
       +
           EnvironmentFile = config.age.secrets.planka-env.path;

     

       14
       14
       +
           StateDirectory = "planka";

     

       15
       15
       +
           WorkingDirectory = "/var/lib/planka";

     

       16
       16
       +
           User = "planka";

     

       17
       17
       +
           Group = "planka";

     

       18
       18
       +
       

     

       19
       19
       +
           # Hardening

     

       20
       20
       +
           LockPersonality = true;

     

       21
       21
       +
           NoNewPrivileges = true;

     

       22
       22
       +
           PrivateDevices = true;

     

       23
       23
       +
           PrivateMounts = true;

     

       24
       24
       +
           PrivateTmp = true;

     

       25
       25
       +
           PrivateUsers = true;

     

       26
       26
       +
           ProtectClock = true;

     

       27
       27
       +
           ProtectControlGroups = true;

     

       28
       28
       +
           ProtectHome = true;

     

       29
       29
       +
           ProtectHostname = true;

     

       30
       30
       +
           ProtectKernelLogs = true;

     

       31
       31
       +
           ProtectKernelModules = true;

     

       32
       32
       +
           ProtectKernelTunables = true;

     

       33
       33
       +
           ProtectProc = "invisible";

     

       34
       34
       +
           RemoveIPC = true;

     

       35
       35
       +
           RestrictRealtime = true;

     

       36
       36
       +
           RestrictSUIDSGID = true;

     

       37
       37
       +
           UMask = "0660";

     

       38
       38
       +
           RestrictAddressFamilies = [

     

       39
       39
       +
             "AF_UNIX"

     

       40
       40
       +
             "AF_INET"

     

       41
       41
       +
             "AF_INET6"

     

       42
       42
       +
           ];

     

       43
       43
       +
         };

     

       10
       44
        
       in

     

       11
       45
        
       {

     

       12
       12
       -
         virtualisation.oci-containers.containers = {

     

       13
       13
       -
           planka-server = {

     

       14
       14
       -
             image = "ghcr.io/plankanban/planka:2.0.0-rc.4";

     

       15
       15
       -
             ports = [ "${toString d.port}:1337" ];

     

       16
       16
       -
             environment = {

     

       17
       17
       -
               BASE_URL = "https://${d.extUrl}";

     

       18
       18
       -
               DATABASE_URL = "postgresql://planka@planka-db/planka";

     

       19
       19
       -
               # Default Admin

     

       20
       20
       -
               DEFAULT_ADMIN_EMAIL = "pyrox@pyrox.dev";

     

       21
       21
       -
               DEFAULT_ADMIN_USERNAME = "pyrox";

     

       22
       22
       -
               TRUST_PROXY = "true";

     

       23
       23
       -
               DEFAULT_LANGUAGE = "en-US";

     

       46
       46
       +
         systemd = {

     

       47
       47
       +
           tmpfiles.settings = {

     

       48
       48
       +
             "10-planka"."/var/lib/planka".d = {

     

       49
       49
       +
               group = "planka";

     

       50
       50
       +
               user = "planka";

     

       51
       51
       +
               mode = "0755";

     

       24
       52
        
             };

     

       25
       25
       -
             environmentFiles = [ config.age.secrets.planka-env.path ];

     

       26
       26
       -
             volumes = [

     

       27
       27
       -
               "${dataDir}/user-avatars:/app/public/user-avatars"

     

       28
       28
       -
               "${dataDir}/project-background-images:/app/public/project-background-images"

     

       29
       29
       -
               "${dataDir}/attachments:/app/private/attachments"

     

       30
       30
       -
               "${dataDir}/favicons:/app/public/favicons"

     

       31
       31
       -
               "${dataDir}/background-images:/app/public/background-images"

     

       32
       32
       -
             ];

     

       33
       33
       -
             extraOptions = [ "--network=planka" ];

     

       34
       53
        
           };

     

       35
       35
       -
           planka-db = {

     

       36
       36
       -
             image = "postgres:16-alpine";

     

       37
       37
       -
             volumes = [ "${dataDir}/db:/var/lib/postgresql/data" ];

     

       38
       38
       -
             environment = {

     

       39
       39
       -
               POSTGRES_USER = "planka";

     

       40
       40
       -
               POSTGRES_DB = "planka";

     

       41
       41
       -
               POSTGRES_HOST_AUTH_METHOD = "trust";

     

       54
       54
       +
           services = {

     

       55
       55
       +
             planka-init-db = {

     

       56
       56
       +
               wantedBy = [ "multi-user.target" ];

     

       57
       57
       +
               after = [ "postgres.target" ];

     

       58
       58
       +
               description = "Planka Kanban Database Init Script";

     

       59
       59
       +
               path = [

     

       60
       60
       +
                 pkgs.nodejs

     

       61
       61
       +
               ];

     

       62
       62
       +
               script = ''

     

       63
       63
       +
                 if [ ! -f /var/lib/planka/db-init-ran ]; then

     

       64
       64
       +
                   node run ${self'.packages.planka}/lib/node_modules/planka/db/init.js && \

     

       65
       65
       +
                   touch /var/lib/planka/db-init-ran

     

       66
       66
       +
                 fi

     

       67
       67
       +
               '';

     

       68
       68
       +
               serviceConfig = commonServiceConfig // {

     

       69
       69
       +
                 Type = "oneshot";

     

       70
       70
       +
                 SyslogIdentifier = "planka-init-db";

     

       71
       71
       +
               };

     

       72
       72
       +
             };

     

       73
       73
       +
             planka-server = {

     

       74
       74
       +
               after = [ "planka-init-db.service" ];

     

       75
       75
       +
               wantedBy = [ "multi-user.target" ];

     

       76
       76
       +
               description = "Planka Kanban Server";

     

       77
       77
       +
               documentation = [ "https://docs.planka.cloud" ];

     

       78
       78
       +
               environment = {

     

       79
       79
       +
                 DATABASE_URL = "postgresql://%2Frun%2Fpostgresql/planka";

     

       80
       80
       +
                 DEFAULT_ADMIN_EMAIL = "pyrox@pyrox.dev";

     

       81
       81
       +
                 DEFAULT_ADMIN_USERNAME = "pyrox";

     

       82
       82
       +
                 TRUST_PROXY = "true";

     

       83
       83
       +
                 DEFAULT_LANGUAGE = "en-US";

     

       84
       84
       +
                 BASE_URL = "https://${d.extUrl}";

     

       85
       85
       +
                 NODE_ENV = "production";

     

       86
       86
       +
               };

     

       87
       87
       +
               serviceConfig = commonServiceConfig // {

     

       88
       88
       +
                 Type = "simple";

     

       89
       89
       +
                 ExecStart = "${lib.getExe self'.packages.planka} --port ${toString d.port}";

     

       90
       90
       +
                 SyslogIdentifier = "planka";

     

       91
       91
       +
               };

     

       42
       92
        
             };

     

       43
       43
       -
             extraOptions = [ "--network=planka" ];

     

       44
       93
        
           };

     

       45
       94
        
         };

     

       95
       95
       +
         users.users.planka = {

     

       96
       96
       +
           isSystemUser = true;

     

       97
       97
       +
           group = "planka";

     

       98
       98
       +
         };

     

       99
       99
       +
         users.groups.planka = { };

     

       100
       100
       +
         services.postgresql = {

     

       101
       101
       +
           ensureUsers = [

     

       102
       102
       +
             {

     

       103
       103
       +
               name = "planka";

     

       104
       104
       +
               ensureDBOwnership = true;

     

       105
       105
       +
               ensureClauses.login = true;

     

       106
       106
       +
             }

     

       107
       107
       +
           ];

     

       108
       108
       +
           ensureDatabases = [ "planka" ];

     

       109
       109
       +
         };

     

       46
       110
        
         age.secrets.planka-env = {

     

       47
       111
        
           file = ./secrets/planka-env.age;

     

       48
       48
       -
           owner = "thehedgehog";

     

       49
       49
       -
           group = "misc";

     

       112
       112
       +
           owner = "planka";

     

       113
       113
       +
           group = "planka";

     

       50
       114
        
         };

     

       51
       115
        
         services.anubis.instances.planka = {

     

       52
       116
        
           settings = {

     

       53
       117
        
             COOKIE_DOMAIN = ".cs2a.club";

     

       54
       118
        
             BIND = ":${toString d.anubis}";

     

       55
       55
       -
             POLICY_FNAME = "${self'.packages.anubis-files}/policies/planka.yaml";

     

       56
       119
        
             TARGET = "http://localhost:${toString d.port}";

     

       57
       120
        
           };

     

       58
       121
        
         };

-2

hosts/marvin/services/pocket-id.nix

···

       1
       1
        
       {

     

       2
       2
        
         config,

     

       3
       3
       -
         self',

     

       4
       3
        
         self,

     

       5
       4
        
         ...

     

       6
       5
        
       }:

     
···

       43
       42
        
           pocket-id = {

     

       44
       43
        
             settings = {

     

       45
       44
        
               BIND = ":${toString d.anubis}";

     

       46
       46
       -
               POLICY_FNAME = "${self'.packages.anubis-files}/policies/pocket-id.yaml";

     

       47
       45
        
               TARGET = "http://localhost:${toString d.port}";

     

       48
       46
        
             };

     

       49
       47
        
           };

+23 -23

hosts/marvin/services/postgres.nix

···

       1
       1
       -
       { pkgs, config, ... }:

     

       2
       2
       -
       let

     

       3
       3
       -
         cfg = config.services.postgresql;

     

       4
       4
       -
       in

     

       1
       1
       +
       { pkgs, ... }:

     

       2
       2
       +
       # let

     

       3
       3
       +
       #   cfg = config.services.postgresql;

     

       4
       4
       +
       # in

     

       5
       5
        
       {

     

       6
       6
        
         services.postgresql = {

     

       7
       7
        
           enable = true;

     
···

       28
       28
        
             max_parallel_maintenance_workers = 4;

     

       29
       29
        
           };

     

       30
       30
        
         };

     

       31
       31
       -
         systemd.timers.pg-autovacuum = {

     

       32
       32
       -
           description = "Timer for Postgres Autovacuum";

     

       33
       33
       -
           timerConfig = {

     

       34
       34
       -
             OnCalendar = "*-*-* 01:00:00";

     

       35
       35
       -
             Unit = "pg-autovacuum.service";

     

       36
       36
       -
           };

     

       37
       37
       -
         };

     

       38
       38
       -
         systemd.services.pg-autovacuum = {

     

       39
       39
       -
           description = "Vacuum all Postgres databases.";

     

       40
       40
       -
           requisite = [ "postgresql.service" ];

     

       41
       41
       -
           wantedBy = [ "multi-user.target" ];

     

       42
       42
       -
           serviceConfig = {

     

       43
       43
       -
             Type = "oneshot";

     

       44
       44
       -
             User = "postgres";

     

       45
       45
       -
             Group = "postgres";

     

       46
       46
       -
             SyslogIdentifier = "pg-autovacuum";

     

       47
       47
       -
             ExecStart = "${cfg.package}/bin/vacuumdb --all --echo --jobs=6 --parallel=5 --analyze --verbose";

     

       48
       48
       -
           };

     

       49
       49
       -
         };

     

       31
       31
       +
         # systemd.timers.pg-autovacuum = {

     

       32
       32
       +
         #   description = "Timer for Postgres Autovacuum";

     

       33
       33
       +
         #   timerConfig = {

     

       34
       34
       +
         #     OnCalendar = "*-*-* 01:00:00";

     

       35
       35
       +
         #     Unit = "pg-autovacuum.service";

     

       36
       36
       +
         #   };

     

       37
       37
       +
         # };

     

       38
       38
       +
         # systemd.services.pg-autovacuum = {

     

       39
       39
       +
         #   description = "Vacuum all Postgres databases.";

     

       40
       40
       +
         #   requisite = [ "postgresql.service" ];

     

       41
       41
       +
         #   wantedBy = [ "multi-user.target" ];

     

       42
       42
       +
         #   serviceConfig = {

     

       43
       43
       +
         #     Type = "oneshot";

     

       44
       44
       +
         #     User = "postgres";

     

       45
       45
       +
         #     Group = "postgres";

     

       46
       46
       +
         #     SyslogIdentifier = "pg-autovacuum";

     

       47
       47
       +
         #     ExecStart = "${cfg.package}/bin/vacuumdb --all --echo --jobs=6 --parallel=5 --analyze --verbose";

     

       48
       48
       +
         #   };

     

       49
       49
       +
         # };

     

       50
       50
        
       }

-14

hosts/marvin/services/prosody.nix

···

       1
       1
       -
       {

     

       2
       2
       -
         # deadnix: skip

     

       3
       3
       -
         config,

     

       4
       4
       -
         # deadnix: skip

     

       5
       5
       -
         pkgs,

     

       6
       6
       -
         # deadnix: skip

     

       7
       7
       -
         lib,

     

       8
       8
       -
         ...

     

       9
       9
       -
       }:

     

       10
       10
       -
       {

     

       11
       11
       -
         services.prosody = {

     

       12
       12
       -
           enable = true;

     

       13
       13
       -
         };

     

       14
       14
       -
       }

-12

hosts/marvin/services/redlib.nix

···

       1
       1
       -
       { pkgs, self, ... }:

     

       2
       2
       -
       let

     

       3
       3
       -
         d = self.lib.data.services.redlib;

     

       4
       4
       -
       in

     

       5
       5
       -
       {

     

       6
       6
       -
         services.libreddit = {

     

       7
       7
       -
           inherit (d) port;

     

       8
       8
       -
           enable = true;

     

       9
       9
       -
           package = pkgs.redlib;

     

       10
       10
       -
           openFirewall = false;

     

       11
       11
       -
         };

     

       12
       12
       -
       }

+1 -1

hosts/marvin/services/scrutiny.nix

···

       9
       9
        
           settings = {

     

       10
       10
        
             web = {

     

       11
       11
        
               listen = {

     

       12
       12
       -
                 port = d.port;

     

       12
       12
       +
                 inherit (d) port;

     

       13
       13
        
               };

     

       14
       14
        
               influxdb.tls.insecure_skip_verify = true;

     

       15
       15
        
             };

-23

hosts/marvin/services/secrets/iceshrimp-db-password.age

···

       1
       1
       -
       age-encryption.org/v1

     

       2
       2
       -
       -> ssh-ed25519 iqBxIA g+DkjSGDd+i/sdqRCuU2I2Qzmq4Q+FI7wSyfkdM9q0Q

     

       3
       3
       -
       cG52xAS/VPjCNgHdky0/jbMvF5tF+cB8BxFNCHYlf2s

     

       4
       4
       -
       -> ssh-rsa fFaiTA

     

       5
       5
       -
       r5mQer6QBi+HdSS16OLHfv/oh0hbug5drdX/BuQHMORogiDfHEM03K6pmg9064Ep

     

       6
       6
       -
       CJgl6z3IS9hlLX7cSq2kVSvP9gk+l5AmI+pMZkJyT9ED43g6wtRI7yiy1ALO0rqB

     

       7
       7
       -
       z/CPaoLkFNFlt7sDg5rijAB+t6DNAxULfFj8KR3b+NvGrrW6Vbaio+T5mg1A2PTd

     

       8
       8
       -
       60eEfuqdn9dHVI82FQFmai1LwoyButrUNn3UiP8aIdvFUueixcqsAXSK1zjPJZ5B

     

       9
       9
       -
       VeAkshwhB9+HKMH1cyRa6LUbzJYxAQBhkgTFqS/r64h3ZAYHTc0lY44VtVhbnEQI

     

       10
       10
       -
       76PBEOcQXXjvPR6yvbcVZfpqCkqfo9hb7wogPfJiRMjKM/qlpR19KOf21T0hsV6q

     

       11
       11
       -
       b7nYf01yBscx6GKXREkZoxgpo6iLLzVQqU5SzQgs7nxW089JdJ62WoZvJwTxv2G8

     

       12
       12
       -
       AdzImnsw73q55MgOYtv/A3hGM8O1Jw4Q4UfMSS43xB+cuvtlEmSqi5mFh0gPbqQR

     

       13
       13
       -
       LN8+OcDLz0SR8U6xHj9ufXfhHc4nwO8iZpzav5nZXMEb3Gmva3k8U+nnmuPKqsrL

     

       14
       14
       -
       VxFmGNxqmWPfxO0FJC/cxLKME/Lj2MU9r6KT8RQ00BjHUfoDgbFzHVLqIEbIE+Vr

     

       15
       15
       -
       /Glcmz/Ecrt3kTwfAhEDpj6g0XVNHt7HA+r4SDWjI00

     

       16
       16
       -
       -> ssh-ed25519 wpmdHA LUF/UncaQTEMQepVAhEqFm345dICeW3d3QGhiflTSH8

     

       17
       17
       -
       ImxpR4innOw1jMSF4gvmOGRDl0BzqAhOyz+GFstsJG4

     

       18
       18
       -
       -> Cg-grease k7q9

     

       19
       19
       -
       MLRf60C4nbEc9XHo26cg7UYySbZtOMP2kZtZmvLiS1XFeIqQaR0RgRcUOoTblYzo

     

       20
       20
       -
       KQ

     

       21
       21
       -
       --- PV6HHY8kDdpFcgNu83K/cwz4qQCW38jcHkTOkCunxrk

     

       22
       22
       -
       �*ǜ�lq��^��fʀ���l�� R��C}Մ�ɧ���F�ĩ�&�~h�

     

       23
       23
       -
       ̟�r��6ʞac,����lc�
>

hosts/marvin/services/secrets/iceshrimp-secret-config.age

This is a binary file and will not be displayed.

+19

hosts/marvin/services/secrets/immich/mail-pw.age

···

       1
       1
       +
       age-encryption.org/v1

     

       2
       2
       +
       -> ssh-ed25519 iqBxIA 3PVJMF6BgxuDxN9NAEYqcZaYEUhK9TB5XprRyW13Kx0

     

       3
       3
       +
       AIQQG+4/9SVPcfq9ZtL/JsWDmLvW03UiAJaJ1nHSckQ

     

       4
       4
       +
       -> ssh-rsa fFaiTA

     

       5
       5
       +
       ZPBI1w2a48Md+Rt92ssVcfxN26zTLCEalT+jG8SJBv07ouOzd4ibPq65m6uOQU/+

     

       6
       6
       +
       EEgHe23fGsPP4oISWDUgVFxesLA3wjsTWmbVrkrBzGQNeNnevIRMcJu7vWDtby/+

     

       7
       7
       +
       dVxPQIoXH0jPlcDQCm2lwOGD+du+Nb4PnVseRPDaXRypKKmx+J057FQemYBk4OWx

     

       8
       8
       +
       yUfbKV2gHHcuRTVUQG6XAQwWvhh4e25fyc+MzKZNPUK4c/SVibjAsUH+Edd+NaV5

     

       9
       9
       +
       yxku5k4TFZkU69sl2zCdgWfYVTowTGYGyf4Kf+I/kl9m13zIk9vRpocgt4APaJnv

     

       10
       10
       +
       p+KxJvbYRiprWl+IzZg6TwXY5mA1IbvlppR4aak1pwaIE76CgF5mGNDGkviGndtP

     

       11
       11
       +
       +eCMIocp6lk2U0dJEYkBtmjNbxFh3dxOcirgdNDypYPlZTSGvSRGhpL4nUJRsR+l

     

       12
       12
       +
       A7rJ5aHH2B4Vi93zgSV0PWiWSA7899bzgN1kQKKIgYln6Tl8UxQSNt5L3L4VajuW

     

       13
       13
       +
       3UqCltyGWt/926BMS+GrDZSWCEtVsDs5XQqDKEx6D+iviHZJXniI+RhH/eM7FLjp

     

       14
       14
       +
       iXgCRkBIALo2lOiScpr2rtfGDViq3Nh64cIslEPiewjVFTCxkxH+LuQ1stukrNki

     

       15
       15
       +
       IF0+pZ65rgatMAdnZRFXfRxmywKD99z4WRHAxvYloXc

     

       16
       16
       +
       -> ssh-ed25519 wpmdHA SQlzD3yqbnoF0JHqPFFDUugbm8jlBsdntLzF/WlJbjo

     

       17
       17
       +
       FggpB1k5xbq62QNlwkocwjiWhEqNjHAxR/GwoPhXbC8

     

       18
       18
       +
       --- 1g4f2OQbS5iXm/cqBamEWuapvZHorxfX7wHizfPcYsc

     

       19
       19
       +
       �z�92�LN=9���$O���fP���E���~�.��}7�eڰq��y�N�I�L����"%�V�lz'�أ�

+19

hosts/marvin/services/secrets/immich/oauth-secret.age

···

       1
       1
       +
       age-encryption.org/v1

     

       2
       2
       +
       -> ssh-ed25519 iqBxIA 4osfKV5/wFT7mCdc4TjP7pJHdD8wzV7VKKiBSGRqImk

     

       3
       3
       +
       wU6RSxJh8SBbXbiwCl4lXD/m1THoAg5n1Y7pyKFPiec

     

       4
       4
       +
       -> ssh-rsa fFaiTA

     

       5
       5
       +
       RTHaBLsBWbDEmY80LktVL/C6CeFinLm3/4t/hoWmbzLLoElBL86EGVdrE5ovjUYl

     

       6
       6
       +
       j5+ZacmqahwjCtF/ZGBt8MFkWOK9u90YDfLp+kb2ILVy/E+CcQ3xPpH9bf83pPl/

     

       7
       7
       +
       aZmttaRlhnhSDYVXB0lHx3u/cCrYhTf6TjEoVGZ/XrLW0BRmO6GSwcmTrachZzdJ

     

       8
       8
       +
       je+pf2ug//mnAJR0y4MxjGlNPD/Vaj/UiaFQjPT+7ZvUUSkbv/QpPqyhhosFA11e

     

       9
       9
       +
       1EGp21ppwUnJSNdYh2vulpQGurB5bPlv6Y8FpcFKivq/qKmA4ydyER3NcCca5Ly+

     

       10
       10
       +
       01jQ1HRqWylYJj7K4hnxSjnNlOXCrJATuPJYoNdt2U1DnolUAqL6JIP/qNmYx8Fb

     

       11
       11
       +
       ZrfFINBmPsNc9XJn14T4J+VB6e68ODBOvZdbzoBQOWAObnP5OH+zLYCB3II+aLPp

     

       12
       12
       +
       Zo5WsNBBdZih4EbO0Y9PNWBjyCzxqs7zXPg1PjjDVHN/tIpSGnqoCqCPGuePhgRV

     

       13
       13
       +
       h1gnP/lqOW2U1oL004hi3etsUsk3kXHjr35GXMVBeay+3uGXkZqhNYYSluQnJSrs

     

       14
       14
       +
       rzahZZ8/q0FDdlUixWHb2uQjL1XMTqUcw8wPsUak8shkx8s7GPKNxtEKFcK46jk4

     

       15
       15
       +
       ac9TCyee4HzPC/SWkLGFl0bt9s9lGTBSNQrVzogY/sg

     

       16
       16
       +
       -> ssh-ed25519 wpmdHA C6npqn5aqimGJlo+UlvYOoqXSu/hW1JVNAmBPP1Vvjk

     

       17
       17
       +
       gWzXqL92jI83iqSr3dydJo+UAz5OGBo6kw6QC4KRWgM

     

       18
       18
       +
       --- ltHFDmeAbJsQtyY4CKFEz8OGAkPkue/8upHNOOQgn5I

     

       19
       19
       +
       ��O�ӌ#&`���P�IZ�#�[��+�tdeG�ui�����?n"��(��b� ]s�	y줔���

-20

hosts/marvin/services/secrets/pingvin-secrets.age

···

       1
       1
       -
       age-encryption.org/v1

     

       2
       2
       -
       -> ssh-ed25519 iqBxIA HdZwcvp9cLpqrUp0M7sK7ipTslMxK0EYqFfS8xtYeDk

     

       3
       3
       -
       Ud7ismLtRG4RlugV3P5wRNjRe8HcJW0rAz/adadWCNc

     

       4
       4
       -
       -> ssh-rsa fFaiTA

     

       5
       5
       -
       KwjETLhUBpq8Hfp41rg3++syweOB+yNIIdd0KeS2YjxjbDfgwzRVoM+wlB/C3b4X

     

       6
       6
       -
       W0561y9+wsnB5A6k/peXLASfVodw30vI9LdW+nHejQr9v/UooXPztoJNrfgaKUow

     

       7
       7
       -
       PsLbLUj+M8Y4i22GRKrY6rrCfJk8F4a+2b0PzDc1EqUcZOjMV7aE+fQ4U7+FD1jv

     

       8
       8
       -
       xGmrKNRXNUL1j5GpPAi7E7YXuGj2SxjZOiisKqyep5KTEFyIJ04lrN/rtbi2vkEJ

     

       9
       9
       -
       ejAFg2jIvxAWiEzEUbjOLFzeIdpb8pPqQJ3OUF4U0crT/r5dxmJKxB0J7ktS6eEY

     

       10
       10
       -
       NZ4/CtY/kLXjo9sWc6G2UtWAm+myXKsxETxFtp/RQ6LXMjS+3xbzGvkAoY/fzVMt

     

       11
       11
       -
       zLGdOV0X/paLb1jGl9CHkflq7qrpkdgqc6I5nmsOCRLHrsiVWLaCVCvu2T1fpjCh

     

       12
       12
       -
       tP+Mwdjv5ONXduoGUOxjCT8IVv7ceTt93S/9cZakpDIFJ38I1XymrjuFLfbhLMVK

     

       13
       13
       -
       VMfo9cLhWyz2/DAKA4gKnmagUhnYO2vdNBzzM9dg0/ysrLoX71ujEcxB0tx21pkE

     

       14
       14
       -
       eB3LEfFH94Izzn9crNJ1YMUFCpFayedN2uQjv89LN2oHx+mUKemXCdl+AV2sLP7P

     

       15
       15
       -
       pi4/UDjKOcIeK8cSvqJtsemjUn7QJdOamH4/IpgFh5o

     

       16
       16
       -
       -> ssh-ed25519 wpmdHA X+4vtGSjMeIuSearcEfYA8Mv5kmghhItcE1n5BPWLSo

     

       17
       17
       -
       uYkj1VkPXs8mJu99J4GFth6LyqhWymEH5fsN0+5TDsw

     

       18
       18
       -
       --- Ql8rRuZH0kS1eDQ9EYB7mW+GvcHtjXcW/Wu1ZGhjpKI

     

       19
       19
       -
       虌d0dj̭�ھ�f����� g�D�+�q��W��d������%5��1�?�U��)�tܫ��[

     

       20
       20
       -
       S�DV�+��U�".� q�i�,g{}#y�@���3O/M~��CЎBV�š� }�=����*#�7�?Q��

+2 -3

hosts/marvin/services/secrets/secrets.nix

···

       27
       27
        
         "golink-authkey.age".publicKeys = marvinDefault;

     

       28
       28
        
         "grafana-admin-password.age".publicKeys = marvinDefault;

     

       29
       29
        
         "grafana-smtp-password.age".publicKeys = marvinDefault;

     

       30
       30
       -
         "iceshrimp-secret-config.age".publicKeys = marvinDefault;

     

       31
       31
       -
         "iceshrimp-db-password.age".publicKeys = marvinDefault;

     

       30
       30
       +
         "immich/oauth-secret.age".publicKeys = marvinDefault;

     

       31
       31
       +
         "immich/mail-pw.age".publicKeys = marvinDefault;

     

       32
       32
        
         "jellyfin-exporter-config.age".publicKeys = marvinDefault;

     

       33
       33
        
         "minio-root.age".publicKeys = marvinDefault;

     

       34
       34
        
         "miniflux-admin.age".publicKeys = marvinDefault;

     

       35
       35
        
         "../nextcloud/nextcloud-admin-pw.age".publicKeys = marvinDefault;

     

       36
       36
        
         "nix-serve-priv.age".publicKeys = marvinDefault;

     

       37
       37
        
         "pinchflat-secrets.age".publicKeys = marvinDefault;

     

       38
       38
       -
         "pingvin-secrets.age".publicKeys = marvinDefault;

     

       39
       38
        
         "planka-env.age".publicKeys = marvinDefault;

     

       40
       39
        
         "pocket-id-secrets.age".publicKeys = marvinDefault;

     

       41
       40
        
         "vaultwarden-vars.age".publicKeys = marvinDefault;

+2 -24

hosts/marvin/services/vaultwarden.nix

···

       1
       1
        
       {

     

       2
       2
       -
         pkgs,

     

       3
       2
        
         config,

     

       4
       3
        
         self,

     

       5
       4
        
         self',

     
···

       24
       23
        
             rocketAddress = "0.0.0.0";

     

       25
       24
        
             rocketCliColors = false;

     

       26
       25
        
             rocketPort = d.port;

     

       27
       27
       -
             websocketEnabled = true;

     

       28
       28
       -
             ipHeader = "X-Real-IP";

     

       29
       26
        
             reloadTemplates = false;

     

       30
       27
        
             logTimestampFormat = "%Y-%m-%d %H:%M:%S.%3f";

     

       31
       28
        
             # # Ratelimiting

     
···

       37
       34
        
       

     

       38
       35
        
             # Logging

     

       39
       36
        
             useSyslog = true;

     

       40
       40
       -
             logLevel = "info";

     

       41
       37
        
             extendedLogging = true;

     

       42
       38
        
       

     

       43
       39
        
             # Features

     
···

       47
       43
        
       

     

       48
       44
        
             # Invitations

     

       49
       45
        
             invitationsAllowed = true;

     

       50
       50
       -
             invitationOrgName = "PyroNet Vault";

     

       46
       46
       +
             invitationOrgName = "dishNet Vault";

     

       51
       47
        
             invitationExpirationHours = 168;

     

       52
       48
        
       

     

       53
       49
        
             # Database

     
···

       56
       52
        
             # Signups

     

       57
       53
        
             signupsAllowed = false;

     

       58
       54
        
             signupsVerify = true;

     

       59
       59
       -
             signupsVerifyResendTime = 3600;

     

       60
       60
       -
             signupsVerifyResendLimit = 5;

     

       61
       55
        
             signupsDomainWhitelist = "pyrox.dev";

     

       62
       56
        
       

     

       63
       57
        
             # Passwords

     
···

       68
       62
        
       

     

       69
       63
        
             # Mail

     

       70
       64
        
             smtpFrom = "vault@pyrox.dev";

     

       71
       71
       -
             smtpFromName = "PyroNet Vault <vault@pyrox.dev>";

     

       65
       65
       +
             smtpFromName = "dishNet Vault <vault@pyrox.dev>";

     

       72
       66
        
             smtpUsername = "vault@pyrox.dev";

     

       73
       67
        
             smtpSecurity = "force_tls";

     

       74
       68
        
             smtpPort = 465;

     
···

       77
       71
        
             smtpTimeout = 20;

     

       78
       72
        
             smtpEmbedImages = true;

     

       79
       73
        
             useSendmail = false;

     

       80
       80
       -
             smtpDebug = false;

     

       81
       81
       -
             smtpAcceptInvalidCerts = false;

     

       82
       82
       -
             smtpAcceptInvalidHostnames = false;

     

       83
       74
        
       

     

       84
       75
        
             # Authentication

     

       85
       85
       -
             authenticatorDisableTimeDrift = false;

     

       86
       86
       -
             disable2faRemember = false;

     

       87
       76
        
             incomplete2faTimeLimit = 5;

     

       88
       77
        
             # # Email 2FA

     

       89
       89
       -
             emailAttemptsLimit = 3;

     

       90
       78
        
             emailExpirationTime = 180;

     

       91
       79
        
             emailTokenSize = 7;

     

       92
       80
        
             requireDeviceEmail = true;

     

       93
       93
       -
       

     

       94
       94
       -
             # Icons

     

       95
       95
       -
             disableIconDownload = false;

     

       96
       96
       -
             iconService = "internal";

     

       97
       97
       -
             iconRedirectCode = 302;

     

       98
       98
       -
             iconDownloadTimeout = 10;

     

       99
       99
       -
             iconBlacklistNonGlobalIps = true;

     

       100
       100
       -
             # # 30 Day TTL

     

       101
       101
       -
             iconCacheTtl = 30 * 24 * 60 * 60;

     

       102
       102
       -
             iconCacheNegttl = 30 * 24 * 60 * 60;

     

       103
       81
        
       

     

       104
       82
        
             # Misc Settings

     

       105
       83
        
             trashAutoDeleteDays = 14;

-23

hosts/marvin/services/webmentiond.nix

···

       1
       1
       -
       { config, self, ... }:

     

       2
       2
       -
       let

     

       3
       3
       -
         d = self.lib.data.services.webmentiond;

     

       4
       4
       -
         p = toString d.port;

     

       5
       5
       -
       in

     

       6
       6
       -
       {

     

       7
       7
       -
         virtualisation.oci-containers.containers.webmentiond = {

     

       8
       8
       -
           image = "zerok/webmentiond:latest";

     

       9
       9
       -
           volumes = [ "/var/lib/webmentiond:/data" ];

     

       10
       10
       -
           environmentFiles = [ config.age.secrets.webmentiond-env.path ];

     

       11
       11
       -
           ports = [ "${p}:${p}" ];

     

       12
       12
       -
           cmd = [

     

       13
       13
       -
             "--addr 0.0.0.0:${p}"

     

       14
       14
       -
             "--public-url https://${d.extUrl}"

     

       15
       15
       -
             "--auth-admin-emails pyrox@pyrox.dev"

     

       16
       16
       -
           ];

     

       17
       17
       -
         };

     

       18
       18
       -
         config.age.secrets = {

     

       19
       19
       -
           webmentiond-env.path = ./secrets/webmentiond-env.age;

     

       20
       20
       -
           owner = "thehedgehog";

     

       21
       21
       -
           group = "misc";

     

       22
       22
       -
         };

     

       23
       23
       -
       }

+4 -4

hosts/prefect/bootloader.nix

···

       32
       32
        
           supportedFilesystems = fileSystems;

     

       33
       33
        
           kernelPackages = pkgs.linuxPackages_6_1;

     

       34
       34
        
           kernel.sysctl = {

     

       35
       35
       -
             "net.ipv4.ip_forward" = 1;

     

       36
       36
       -
             "net.ipv6.conf.all.forwarding" = 1;

     

       37
       37
       -
             "net.ipv4.conf.default.rp_filter" = 0;

     

       38
       38
       -
             "net.ipv4.conf.all.rp_filter" = 0;

     

       35
       35
       +
             "net.ipv4.ip_forward" = true;

     

       36
       36
       +
             "net.ipv6.conf.all.forwarding" = true;

     

       37
       37
       +
             "net.ipv4.conf.default.rp_filter" = false;

     

       38
       38
       +
             "net.ipv4.conf.all.rp_filter" = false;

     

       39
       39
        
           };

     

       40
       40
        
         };

     

       41
       41
        
         services.udev.extraRules = ''

-1

hosts/prefect/default.nix

-109

hosts/prefect/dn42/bgp.nix

···

       1
       1
       -
       _: {

     

       2
       2
       -
         sessions = [

     

       3
       3
       -
           # Chrismoos

     

       4
       4
       -
           {

     

       5
       5
       -
             multi = true;

     

       6
       6
       -
             multihop = false;

     

       7
       7
       -
             gracefulRestart = true;

     

       8
       8
       -
             name = "chrismoos";

     

       9
       9
       -
             neigh = "fe80::1588%wg42_chris";

     

       10
       10
       -
             as = "4242421588";

     

       11
       11
       -
             link = "1";

     

       12
       12
       -
           }

     

       13
       13
       -
           # Kioubit

     

       14
       14
       -
           {

     

       15
       15
       -
             multi = true;

     

       16
       16
       -
             multihop = false;

     

       17
       17
       -
             gracefulRestart = true;

     

       18
       18
       -
             name = "kioubit";

     

       19
       19
       -
             neigh = "fe80::ade0%wg42_kioubit";

     

       20
       20
       -
             as = "4242423914";

     

       21
       21
       -
             link = "3";

     

       22
       22
       -
           }

     

       23
       23
       -
           # IEDON

     

       24
       24
       -
           {

     

       25
       25
       -
             multi = true;

     

       26
       26
       -
             multihop = false;

     

       27
       27
       -
             gracefulRestart = true;

     

       28
       28
       -
             name = "ideon";

     

       29
       29
       -
             neigh = "fe80::2189:e8%wg42_iedon";

     

       30
       30
       -
             as = "4242422189";

     

       31
       31
       -
             link = "5";

     

       32
       32
       -
           }

     

       33
       33
       -
           # SUNNET

     

       34
       34
       -
           {

     

       35
       35
       -
             multi = true;

     

       36
       36
       -
             multihop = false;

     

       37
       37
       -
             gracefulRestart = true;

     

       38
       38
       -
             name = "sunnet";

     

       39
       39
       -
             neigh = "fe80::3088:193%wg42_sunnet";

     

       40
       40
       -
             as = "4242423088";

     

       41
       41
       -
             link = "3";

     

       42
       42
       -
           }

     

       43
       43
       -
           # C4TG1RL5

     

       44
       44
       -
           {

     

       45
       45
       -
             multi = true;

     

       46
       46
       -
             multihop = false;

     

       47
       47
       -
             gracefulRestart = true;

     

       48
       48
       -
             name = "c4tg1rl5";

     

       49
       49
       -
             neigh = "fe80::4242%wg42_catgirls";

     

       50
       50
       -
             as = "4242421411";

     

       51
       51
       -
             link = "6";

     

       52
       52
       -
           }

     

       53
       53
       -
           # Potat0

     

       54
       54
       -
           {

     

       55
       55
       -
             multi = true;

     

       56
       56
       -
             multihop = false;

     

       57
       57
       -
             gracefulRestart = true;

     

       58
       58
       -
             name = "potato";

     

       59
       59
       -
             neigh = "fe80::1816%wg42_potato";

     

       60
       60
       -
             as = "4242421816";

     

       61
       61
       -
             link = "2";

     

       62
       62
       -
           }

     

       63
       63
       -
           # Uffsalot-v6

     

       64
       64
       -
           {

     

       65
       65
       -
             multi = false;

     

       66
       66
       -
             v4 = false;

     

       67
       67
       -
             v6 = true;

     

       68
       68
       -
             multihop = false;

     

       69
       69
       -
             gracefulRestart = true;

     

       70
       70
       -
             name = "uffsalot_v6";

     

       71
       71
       -
             neigh = "fe80::780%wg42_uffsalot";

     

       72
       72
       -
             as = "4242420780";

     

       73
       73
       -
             link = "5";

     

       74
       74
       -
           }

     

       75
       75
       -
           # Uffsalot-v6

     

       76
       76
       -
           {

     

       77
       77
       -
             multi = false;

     

       78
       78
       -
             v4 = true;

     

       79
       79
       -
             v6 = false;

     

       80
       80
       -
             multihop = false;

     

       81
       81
       -
             gracefulRestart = true;

     

       82
       82
       -
             name = "uffsalot_v4";

     

       83
       83
       -
             neigh = "172.20.191.129";

     

       84
       84
       -
             as = "4242420780";

     

       85
       85
       -
             link = "5";

     

       86
       86
       -
           }

     

       87
       87
       -
           # Bandura

     

       88
       88
       -
           {

     

       89
       89
       -
             multi = true;

     

       90
       90
       -
             multihop = false;

     

       91
       91
       -
             gracefulRestart = true;

     

       92
       92
       -
             name = "bandura";

     

       93
       93
       -
             neigh = "fe80::2926%wg42_bandura";

     

       94
       94
       -
             as = "4242422923";

     

       95
       95
       -
             link = "4";

     

       96
       96
       -
           }

     

       97
       97
       -
           # Bluemedia

     

       98
       98
       -
           {

     

       99
       99
       -
             multi = true;

     

       100
       100
       -
             multihop = false;

     

       101
       101
       -
             gracefulRestart = true;

     

       102
       102
       -
             name = "bluemedia";

     

       103
       103
       -
             neigh = "fe80::42:3343:20:1%wg42_bluemedia";

     

       104
       104
       -
             as = "4242423343";

     

       105
       105
       -
             link = "5";

     

       106
       106
       -
           }

     

       107
       107
       -
         ];

     

       108
       108
       -
         extraConfig = "";

     

       109
       109
       -
       }

-315

hosts/prefect/dn42/bird.conf

···

       1
       1
       -
       log stderr all;

     

       2
       2
       -
       debug protocols all;

     

       3
       3
       -
       timeformat protocol iso long;

     

       4
       4
       -
       ################################################

     

       5
       5
       -
       #               Variable header                #

     

       6
       6
       -
       ################################################

     

       7
       7
       -
       

     

       8
       8
       -
       define OWNAS =  4242422459;

     

       9
       9
       -
       define OWNIP =  172.20.43.96;

     

       10
       10
       -
       define OWNIPv6 = fd21:1500:66b0::1;

     

       11
       11
       -
       define OWNNET = 172.20.43.96/27;

     

       12
       12
       -
       define OWNNETv6 = fd21:1500:66b0::/48;

     

       13
       13
       -
       define OWNNETSET = [172.20.43.96/29+];

     

       14
       14
       -
       define OWNNETSETv6 = [fd21:1500:66b0::/48+];

     

       15
       15
       -
       define DN42_REGION = 42;

     

       16
       16
       -
       

     

       17
       17
       -
       ################################################

     

       18
       18
       -
       #                 Header end                   #

     

       19
       19
       -
       ################################################

     

       20
       20
       -
       

     

       21
       21
       -
       router id OWNIP;

     

       22
       22
       -
       

     

       23
       23
       -
       protocol device {

     

       24
       24
       -
           scan time 10;

     

       25
       25
       -
       }

     

       26
       26
       -
       

     

       27
       27
       -
       /*

     

       28
       28
       -
        *  Utility functions

     

       29
       29
       -
        */

     

       30
       30
       -
       

     

       31
       31
       -
       function is_self_net() {

     

       32
       32
       -
         return net ~ OWNNETSET;

     

       33
       33
       -
       }

     

       34
       34
       -
       

     

       35
       35
       -
       function is_self_net_v6() {

     

       36
       36
       -
         return net ~ OWNNETSETv6;

     

       37
       37
       -
       }

     

       38
       38
       -
       

     

       39
       39
       -
       function is_valid_network() {

     

       40
       40
       -
         return net ~ [

     

       41
       41
       -
           172.20.0.0/14{21,29}, # dn42

     

       42
       42
       -
           172.20.0.0/24{28,32}, # dn42 Anycast

     

       43
       43
       -
           172.21.0.0/24{28,32}, # dn42 Anycast

     

       44
       44
       -
           172.22.0.0/24{28,32}, # dn42 Anycast

     

       45
       45
       -
           172.23.0.0/24{28,32}, # dn42 Anycast

     

       46
       46
       -
           172.31.0.0/16+,       # ChaosVPN

     

       47
       47
       -
           10.100.0.0/14+,       # ChaosVPN

     

       48
       48
       -
           10.127.0.0/16{16,32}, # neonetwork

     

       49
       49
       -
           10.0.0.0/8{15,24}     # Freifunk.net

     

       50
       50
       -
         ];

     

       51
       51
       -
       }

     

       52
       52
       -
       

     

       53
       53
       -
       roa4 table dn42_roa;

     

       54
       54
       -
       roa6 table dn42_roa_v6;

     

       55
       55
       -
       

     

       56
       56
       -
       protocol static {

     

       57
       57
       -
           roa4 { table dn42_roa; };

     

       58
       58
       -
           include "/etc/bird/roa_dn42.conf";

     

       59
       59
       -
       };

     

       60
       60
       -
       

     

       61
       61
       -
       protocol static {

     

       62
       62
       -
           roa6 { table dn42_roa_v6; };

     

       63
       63
       -
           include "/etc/bird/roa_dn42_v6.conf";

     

       64
       64
       -
       };

     

       65
       65
       -
       

     

       66
       66
       -
       function is_valid_network_v6() {

     

       67
       67
       -
         return net ~ [

     

       68
       68
       -
           fd00::/8{44,64} # ULA address space as per RFC 4193

     

       69
       69
       -
         ];

     

       70
       70
       -
       }

     

       71
       71
       -
       

     

       72
       72
       -
       protocol kernel {

     

       73
       73
       -
           scan time 20;

     

       74
       74
       -
       

     

       75
       75
       -
           ipv6 {

     

       76
       76
       -
               import none;

     

       77
       77
       -
               export filter {

     

       78
       78
       -
                   if source = RTS_STATIC then reject;

     

       79
       79
       -
                   krt_prefsrc = OWNIPv6;

     

       80
       80
       -
                   accept;

     

       81
       81
       -
               };

     

       82
       82
       -
           };

     

       83
       83
       -
       };

     

       84
       84
       -
       

     

       85
       85
       -
       protocol kernel {

     

       86
       86
       -
           scan time 20;

     

       87
       87
       -
           ipv4 {

     

       88
       88
       -
               import none;

     

       89
       89
       -
               export filter {

     

       90
       90
       -
                   if source = RTS_STATIC then reject;

     

       91
       91
       -
                   krt_prefsrc = OWNIP;

     

       92
       92
       -
                   accept;

     

       93
       93
       -
               };

     

       94
       94
       -
           };

     

       95
       95
       -
       }

     

       96
       96
       -
       

     

       97
       97
       -
       protocol static {

     

       98
       98
       -
           route OWNNET reject;

     

       99
       99
       -
       

     

       100
       100
       -
           ipv4 {

     

       101
       101
       -
               import all;

     

       102
       102
       -
               export none;

     

       103
       103
       -
           };

     

       104
       104
       -
       }

     

       105
       105
       -
       

     

       106
       106
       -
       protocol static {

     

       107
       107
       -
           route OWNNETv6 reject;

     

       108
       108
       -
       

     

       109
       109
       -
           ipv6 {

     

       110
       110
       -
               import all;

     

       111
       111
       -
               export none;

     

       112
       112
       -
           };

     

       113
       113
       -
       }

     

       114
       114
       -
       

     

       115
       115
       -
       template bgp dnpeers {

     

       116
       116
       -
           local as OWNAS;

     

       117
       117
       -
           path metric 1;

     

       118
       118
       -
       }

     

       119
       119
       -
       

     

       120
       120
       -
       protocol ospf v3 {

     

       121
       121
       -
               ipv4 {

     

       122
       122
       -
                       export filter {

     

       123
       123
       -
                               if source = RTS_STATIC || source = RTS_BGP then reject;

     

       124
       124
       -
                               accept;

     

       125
       125
       -
                       };

     

       126
       126
       -
               };

     

       127
       127
       -
       

     

       128
       128
       -
               area 0 {

     

       129
       129
       -
                       interface "lo" {

     

       130
       130
       -
                               stub;

     

       131
       131
       -
                       };

     

       132
       132
       -
       

     

       133
       133
       -
                       interface "ospf_*"{

     

       134
       134
       -
                   		type pointopoint;

     

       135
       135
       -
                       };

     

       136
       136
       -
               };

     

       137
       137
       -
       }

     

       138
       138
       -
       

     

       139
       139
       -
       protocol ospf v3 {

     

       140
       140
       -
               ipv6 {

     

       141
       141
       -
                       export filter {

     

       142
       142
       -
                               if source = RTS_STATIC || source = RTS_BGP then reject;

     

       143
       143
       -
                               accept;

     

       144
       144
       -
                       };

     

       145
       145
       -
               };

     

       146
       146
       -
       

     

       147
       147
       -
               area 0 {

     

       148
       148
       -
                       interface "lo" {

     

       149
       149
       -
                               stub;

     

       150
       150
       -
                       };

     

       151
       151
       -
       

     

       152
       152
       -
                       interface "ospf_*" {

     

       153
       153
       -
                               type pointopoint;

     

       154
       154
       -
                       };

     

       155
       155
       -
       

     

       156
       156
       -
               };

     

       157
       157
       -
       }

     

       158
       158
       -
       

     

       159
       159
       -
       

     

       160
       160
       -
       function update_latency(int link_latency) {

     

       161
       161
       -
         bgp_community.add((64511, link_latency));

     

       162
       162
       -
              if (64511, 9) ~ bgp_community then { bgp_community.delete([(64511, 1..8)]); return 9; }

     

       163
       163
       -
         else if (64511, 8) ~ bgp_community then { bgp_community.delete([(64511, 1..7)]); return 8; }

     

       164
       164
       -
         else if (64511, 7) ~ bgp_community then { bgp_community.delete([(64511, 1..6)]); return 7; }

     

       165
       165
       -
         else if (64511, 6) ~ bgp_community then { bgp_community.delete([(64511, 1..5)]); return 6; }

     

       166
       166
       -
         else if (64511, 5) ~ bgp_community then { bgp_community.delete([(64511, 1..4)]); return 5; }

     

       167
       167
       -
         else if (64511, 4) ~ bgp_community then { bgp_community.delete([(64511, 1..3)]); return 4; }

     

       168
       168
       -
         else if (64511, 3) ~ bgp_community then { bgp_community.delete([(64511, 1..2)]); return 3; }

     

       169
       169
       -
         else if (64511, 2) ~ bgp_community then { bgp_community.delete([(64511, 1..1)]); return 2; }

     

       170
       170
       -
         else return 1;

     

       171
       171
       -
       }

     

       172
       172
       -
       

     

       173
       173
       -
       function update_bandwidth(int link_bandwidth) {

     

       174
       174
       -
         bgp_community.add((64511, link_bandwidth));

     

       175
       175
       -
              if (64511, 21) ~ bgp_community then { bgp_community.delete([(64511, 22..29)]); return 21; }

     

       176
       176
       -
         else if (64511, 22) ~ bgp_community then { bgp_community.delete([(64511, 23..29)]); return 22; }

     

       177
       177
       -
         else if (64511, 23) ~ bgp_community then { bgp_community.delete([(64511, 24..29)]); return 23; }

     

       178
       178
       -
         else if (64511, 24) ~ bgp_community then { bgp_community.delete([(64511, 25..29)]); return 24; }

     

       179
       179
       -
         else if (64511, 25) ~ bgp_community then { bgp_community.delete([(64511, 26..29)]); return 25; }

     

       180
       180
       -
         else if (64511, 26) ~ bgp_community then { bgp_community.delete([(64511, 27..29)]); return 26; }

     

       181
       181
       -
         else if (64511, 27) ~ bgp_community then { bgp_community.delete([(64511, 28..29)]); return 27; }

     

       182
       182
       -
         else if (64511, 28) ~ bgp_community then { bgp_community.delete([(64511, 29..29)]); return 28; }

     

       183
       183
       -
         else return 29;

     

       184
       184
       -
       }

     

       185
       185
       -
       

     

       186
       186
       -
       function update_crypto(int link_crypto) {

     

       187
       187
       -
         bgp_community.add((64511, link_crypto));

     

       188
       188
       -
              if (64511, 31) ~ bgp_community then { bgp_community.delete([(64511, 32..34)]); return 31; }

     

       189
       189
       -
         else if (64511, 32) ~ bgp_community then { bgp_community.delete([(64511, 33..34)]); return 32; }

     

       190
       190
       -
         else if (64511, 33) ~ bgp_community then { bgp_community.delete([(64511, 34..34)]); return 33; }

     

       191
       191
       -
         else return 34;

     

       192
       192
       -
       }

     

       193
       193
       -
       

     

       194
       194
       -
       function get_region() {

     

       195
       195
       -
       if (64511, 41) ~ bgp_community then { return 41; }

     

       196
       196
       -
       else if (64511, 42) ~ bgp_community then { return 42; }

     

       197
       197
       -
       else if (64511, 43) ~ bgp_community then { return 43; }

     

       198
       198
       -
       else if (64511, 44) ~ bgp_community then { return 44; }

     

       199
       199
       -
       else if (64511, 45) ~ bgp_community then { return 45; }

     

       200
       200
       -
       else if (64511, 46) ~ bgp_community then { return 46; }

     

       201
       201
       -
       else if (64511, 47) ~ bgp_community then { return 47; }

     

       202
       202
       -
       else if (64511, 48) ~ bgp_community then { return 48; }

     

       203
       203
       -
       else if (64511, 49) ~ bgp_community then { return 49; }

     

       204
       204
       -
       else if (64511, 50) ~ bgp_community then { return 50; }

     

       205
       205
       -
       else if (64511, 51) ~ bgp_community then { return 51; }

     

       206
       206
       -
       else if (64511, 52) ~ bgp_community then { return 52; }

     

       207
       207
       -
       else if (64511, 53) ~ bgp_community then { return 53; }

     

       208
       208
       -
       else return DN42_REGION;

     

       209
       209
       -
       }

     

       210
       210
       -
       

     

       211
       211
       -
       

     

       212
       212
       -
       function calculate_local_pref(int dn42_latency)

     

       213
       213
       -
       int pref;

     

       214
       214
       -
       {

     

       215
       215
       -
               pref = 100;

     

       216
       216
       -
               if (is_self_net() || is_self_net_v6()) then {

     

       217
       217
       -
                               pref = 2000;

     

       218
       218
       -
               }

     

       219
       219
       -
               else if (bgp_path.len = 1) then {

     

       220
       220
       -
                       pref = 1000;

     

       221
       221
       -
               }

     

       222
       222
       -
               else if (DN42_REGION = get_region()) then {

     

       223
       223
       -
                       pref= 500;

     

       224
       224
       -
               }

     

       225
       225
       -
       	else {

     

       226
       226
       -
       		if (DN42_REGION > get_region()) then {

     

       227
       227
       -
       			pref = 500 - ((DN42_REGION - get_region()) * 10);

     

       228
       228
       -
       	        }

     

       229
       229
       -
       		else {

     

       230
       230
       -
       			pref = 500 - ((get_region() - DN42_REGION) * 10);

     

       231
       231
       -
       		}

     

       232
       232
       -
               }

     

       233
       233
       -
               pref = pref - 10*dn42_latency - 10* bgp_path.len;

     

       234
       234
       -
               if pref > 2000 then {

     

       235
       235
       -
                       pref = 10;

     

       236
       236
       -
               }

     

       237
       237
       -
               return pref;

     

       238
       238
       -
       }

     

       239
       239
       -
       

     

       240
       240
       -
       function update_flags(int link_latency; int link_bandwidth; int link_crypto)

     

       241
       241
       -
       int dn42_latency;

     

       242
       242
       -
       int dn42_bandwidth;

     

       243
       243
       -
       int dn42_crypto;

     

       244
       244
       -
       {

     

       245
       245
       -
         dn42_latency = update_latency(link_latency);

     

       246
       246
       -
         dn42_bandwidth = update_bandwidth(link_bandwidth) - 20;

     

       247
       247
       -
         dn42_crypto = update_crypto(link_crypto) - 30;

     

       248
       248
       -
         if dn42_bandwidth > 5 then dn42_bandwidth = 5;

     

       249
       249
       -
         bgp_local_pref = calculate_local_pref(dn42_latency);

     

       250
       250
       -
         return true;

     

       251
       251
       -
       }

     

       252
       252
       -
       

     

       253
       253
       -
       

     

       254
       254
       -
       function dn42_import_filter(int link_latency; int link_bandwidth; int link_crypto) {

     

       255
       255
       -
         if (is_valid_network() && !is_self_net()) || (is_valid_network_v6() && !is_self_net_v6()) then {

     

       256
       256
       -
           if roa_check(dn42_roa, net, bgp_path.last) != ROA_VALID && roa_check(dn42_roa_v6, net, bgp_path.last) != ROA_VALID  then {

     

       257
       257
       -
             print "[dn42] Import : ROA check failed for ", net, " ASN ", bgp_path.last, " on ", proto;

     

       258
       258
       -
             reject;

     

       259
       259
       -
           }

     

       260
       260
       -
           update_flags(link_latency, link_bandwidth, link_crypto);

     

       261
       261
       -
           if (65535, 666) ~ bgp_community then dest = RTD_BLACKHOLE;

     

       262
       262
       -
           accept;

     

       263
       263
       -
         }

     

       264
       264
       -
         print "[dn42] Import : Invalid Network for ", net, " ASN ", bgp_path.last, " on ", proto;

     

       265
       265
       -
         reject;

     

       266
       266
       -
       }

     

       267
       267
       -
       

     

       268
       268
       -
       function dn42_export_filter(int link_latency; int link_bandwith; int link_crypto) {

     

       269
       269
       -
         if is_valid_network() || is_valid_network_v6() then {

     

       270
       270
       -
       #    if roa_check(dn42_roa, net, bgp_path.last) != ROA_VALID && roa_check(dn42_roa_v6, net, bgp_path.last) != ROA_VALID  then {

     

       271
       271
       -
       #      print "[dn42] Export : ROA check failed for ", net, " ASN ", bgp_path.last, " on ", proto;

     

       272
       272
       -
       #      reject;

     

       273
       273
       -
       #    }

     

       274
       274
       -
           if source = RTS_STATIC then bgp_community.add((64511, DN42_REGION));

     

       275
       275
       -
           update_flags(link_latency, link_bandwith, link_crypto);

     

       276
       276
       -
           accept;

     

       277
       277
       -
         }

     

       278
       278
       -
         reject;

     

       279
       279
       -
       }

     

       280
       280
       -
       

     

       281
       281
       -
       protocol bgp route_collector from dnpeers {

     

       282
       282
       -
         neighbor fd42:4242:2601:ac12::1 as 4242422602;

     

       283
       283
       -
         multihop;

     

       284
       284
       -
         ipv4 {

     

       285
       285
       -
           # export all available paths to the collector

     

       286
       286
       -
           add paths tx;

     

       287
       287
       -
       

     

       288
       288
       -
           # import/export filters

     

       289
       289
       -
           import none;

     

       290
       290
       -
           export filter {

     

       291
       291
       -
             # export all valid routes

     

       292
       292
       -
             if ( is_valid_network() && source ~ [ RTS_STATIC, RTS_BGP ] )

     

       293
       293
       -
             then {

     

       294
       294
       -
               accept;

     

       295
       295
       -
             }

     

       296
       296
       -
             reject;

     

       297
       297
       -
           };

     

       298
       298
       -
         };

     

       299
       299
       -
       

     

       300
       300
       -
         ipv6 {

     

       301
       301
       -
           # export all available paths to the collector

     

       302
       302
       -
           add paths tx;

     

       303
       303
       -
       

     

       304
       304
       -
           # import/export filters

     

       305
       305
       -
           import none;

     

       306
       306
       -
           export filter {

     

       307
       307
       -
             # export all valid routes

     

       308
       308
       -
             if ( is_valid_network_v6() && source ~ [ RTS_STATIC, RTS_BGP ] )

     

       309
       309
       -
             then {

     

       310
       310
       -
               accept;

     

       311
       311
       -
             }

     

       312
       312
       -
             reject;

     

       313
       313
       -
           };

     

       314
       314
       -
         };

     

       315
       315
       -
       }

+56 -20

hosts/prefect/dn42/default.nix

···

       1
       1
       -
       { pkgs, ... }:

     

       1
       1
       +
       { pkgs, config, ... }:

     

       2
       2
       +
       let

     

       3
       3
       +
         cfg42 = config.dn42;

     

       4
       4
       +
       in

     

       2
       5
        
       {

     

       3
       6
        
         imports = [

     

       4
       4
       -
           ./services.nix

     

       5
       5
       -
           ./wireguard.nix

     

       7
       7
       +
           ./peers

     

       6
       8
        
         ];

     

       7
       7
       -
         networking.interfaces.lo = {

     

       8
       8
       -
           ipv4.addresses = [

     

       9
       9
       -
             {

     

       10
       10
       -
               address = "172.20.43.96";

     

       11
       11
       -
               prefixLength = 32;

     

       12
       12
       -
             }

     

       13
       13
       -
           ];

     

       14
       14
       -
           ipv6.addresses = [

     

       15
       15
       -
             {

     

       16
       16
       -
               address = "fd21:1500:66b0::1";

     

       17
       17
       -
               prefixLength = 128;

     

       18
       18
       -
             }

     

       19
       19
       -
             {

     

       20
       20
       -
               address = "fe80::1";

     

       21
       21
       -
               prefixLength = 128;

     

       22
       22
       -
             }

     

       23
       23
       -
           ];

     

       9
       9
       +
         networking = {

     

       10
       10
       +
           interfaces.lo = {

     

       11
       11
       +
             ipv4.addresses = [

     

       12
       12
       +
               {

     

       13
       13
       +
                 address = "172.20.43.96";

     

       14
       14
       +
                 prefixLength = 32;

     

       15
       15
       +
               }

     

       16
       16
       +
             ];

     

       17
       17
       +
             ipv6.addresses = [

     

       18
       18
       +
               {

     

       19
       19
       +
                 address = "fd21:1500:66b0::1";

     

       20
       20
       +
                 prefixLength = 128;

     

       21
       21
       +
               }

     

       22
       22
       +
               {

     

       23
       23
       +
                 address = "fe80::1";

     

       24
       24
       +
                 prefixLength = 128;

     

       25
       25
       +
               }

     

       26
       26
       +
             ];

     

       27
       27
       +
           };

     

       24
       28
        
         };

     

       29
       29
       +
       

     

       25
       30
        
         environment.systemPackages = with pkgs; [

     

       26
       31
        
           dnsutils

     

       27
       32
        
           mtr

     

       28
       33
        
           tcpdump

     

       29
       34
        
           wireguard-tools

     

       30
       35
        
         ];

     

       36
       36
       +
         dn42 = {

     

       37
       37
       +
           enable = true;

     

       38
       38
       +
           # ASN corresponding to DN42 PYRONET

     

       39
       39
       +
           as = 4242422459;

     

       40
       40
       +
           # Communities config

     

       41
       41
       +
           # https://dn42.dev/howto/BGP-communities

     

       42
       42
       +
           region = 42;

     

       43
       43
       +
           country = 1840;

     

       44
       44
       +
           routerId = cfg42.addr.v4;

     

       45
       45
       +
           # Primary IP Addresses

     

       46
       46
       +
           addr = {

     

       47
       47
       +
             v4 = "172.20.43.96";

     

       48
       48
       +
             v6 = "fd21:1500:66b0::1";

     

       49
       49
       +
           };

     

       50
       50
       +
           # Owned IP Ranges

     

       51
       51
       +
           nets = {

     

       52
       52
       +
             v4 = [ "172.20.43.96/27" ];

     

       53
       53
       +
             v6 = [ "fd21:1500:66b0::/48" ];

     

       54
       54
       +
           };

     

       55
       55
       +
           # Enable StayRTR

     

       56
       56
       +
           # https://github.com/bgp/stayrtr

     

       57
       57
       +
           stayrtr.enable = true;

     

       58
       58
       +
           # Peer with GRC

     

       59
       59
       +
           # https://dn42.dev/services/Route-Collector

     

       60
       60
       +
           collector.enable = true;

     

       61
       61
       +
       

     

       62
       62
       +
           wg.tunnelDefaults = {

     

       63
       63
       +
             privateKeyFile = "/run/agenix/dn42-privkey";

     

       64
       64
       +
             localAddrs.v4 = cfg42.addr.v4;

     

       65
       65
       +
           };

     

       66
       66
       +
         };

     

       31
       67
        
       }

+25

hosts/prefect/dn42/peers/bandura.nix

···

       1
       1
       +
       { dn42Types, ... }:

     

       2
       2
       +
       {

     

       3
       3
       +
         config.dn42 = {

     

       4
       4
       +
           peers.bandura = {

     

       5
       5
       +
             as = 4242422923;

     

       6
       6
       +
             addr.v6 = "fe80::2926";

     

       7
       7
       +
             interface = "wg42_bandura";

     

       8
       8
       +
             extendedNextHop = true;

     

       9
       9
       +
             # My side

     

       10
       10
       +
             srcAddr.v6 = "fe80::11";

     

       11
       11
       +
             # Communities

     

       12
       12
       +
             crypto = dn42Types.crypto.safePFS;

     

       13
       13
       +
             latency = dn42Types.latency."55ms";

     

       14
       14
       +
             bandwidth = dn42Types.bandwidth."1000mb";

     

       15
       15
       +
             transit = true;

     

       16
       16
       +
           };

     

       17
       17
       +
           wg.tunnels.bandura = {

     

       18
       18
       +
             listenPort = 44923;

     

       19
       19
       +
             peerPubKey = "xPW1/cWYDkk/IAss1GbdwVMW7fzKtyHA+qrfCriOB2k=";

     

       20
       20
       +
             peerEndpoint = "aurora.mk16.de:52459";

     

       21
       21
       +
             peerAddrs.v6 = "fe80::2926";

     

       22
       22
       +
             localAddrs.v6 = "fe80::11";

     

       23
       23
       +
           };

     

       24
       24
       +
         };

     

       25
       25
       +
       }

+26

hosts/prefect/dn42/peers/catgirls.nix

···

       1
       1
       +
       { dn42Types, ... }:

     

       2
       2
       +
       {

     

       3
       3
       +
         config.dn42 = {

     

       4
       4
       +
           peers.catgirls = {

     

       5
       5
       +
             as = 4242421411;

     

       6
       6
       +
             addr.v6 = "fe80::2189:124";

     

       7
       7
       +
             interface = "wg42_catgirls";

     

       8
       8
       +
             extendedNextHop = true;

     

       9
       9
       +
             # My side

     

       10
       10
       +
             srcAddr.v6 = "fe80::111";

     

       11
       11
       +
             # Communities

     

       12
       12
       +
             crypto = dn42Types.crypto.safePFS;

     

       13
       13
       +
             latency = dn42Types.latency."148ms";

     

       14
       14
       +
             bandwidth = dn42Types.bandwidth."1000mb";

     

       15
       15
       +
             transit = true;

     

       16
       16
       +
           };

     

       17
       17
       +
           wg.tunnels.catgirls = {

     

       18
       18
       +
             enable = false;

     

       19
       19
       +
             listenPort = 43411;

     

       20
       20
       +
             peerPubKey = "";

     

       21
       21
       +
             peerEndpoint = "";

     

       22
       22
       +
             peerAddrs.v6 = "fe80::111";

     

       23
       23
       +
             localAddrs.v6 = "fe80::7";

     

       24
       24
       +
           };

     

       25
       25
       +
         };

     

       26
       26
       +
       }

+26

hosts/prefect/dn42/peers/chrismoos.nix

···

       1
       1
       +
       { dn42Types, ... }:

     

       2
       2
       +
       {

     

       3
       3
       +
         config.dn42 = {

     

       4
       4
       +
           peers.chrismoos = {

     

       5
       5
       +
             as = 4242421588;

     

       6
       6
       +
             addr.v6 = "fe80::1588";

     

       7
       7
       +
             interface = "wg42_chrismoos";

     

       8
       8
       +
             extendedNextHop = true;

     

       9
       9
       +
             # My side

     

       10
       10
       +
             srcAddr.v6 = "fe80::100";

     

       11
       11
       +
             # Communities

     

       12
       12
       +
             crypto = dn42Types.crypto.safePFS;

     

       13
       13
       +
             latency = dn42Types.latency."2.7ms";

     

       14
       14
       +
             bandwidth = dn42Types.bandwidth."1000mb";

     

       15
       15
       +
             transit = true;

     

       16
       16
       +
           };

     

       17
       17
       +
           wg.tunnels.chrismoos = {

     

       18
       18
       +
             listenPort = 43588;

     

       19
       19
       +
             peerPubKey = "itmJ4Z8V1aNN368P6kMzuQM+GdzWbBKZjJiXrgSeGlw=";

     

       20
       20
       +
             peerEndpoint = "us-qas01.dn42.tech9.io:58768";

     

       21
       21
       +
             peerAddrs.v4 = "172.20.16.143";

     

       22
       22
       +
             peerAddrs.v6 = "fe80::1588";

     

       23
       23
       +
             localAddrs.v6 = "fe80::100";

     

       24
       24
       +
           };

     

       25
       25
       +
         };

     

       26
       26
       +
       }

+29

hosts/prefect/dn42/peers/darkpoint.nix

···

       1
       1
       +
       { dn42Types, ... }:

     

       2
       2
       +
       let

     

       3
       3
       +
         peerv6 = "fe80::150";

     

       4
       4
       +
         localv6 = "fe80::113";

     

       5
       5
       +
       in

     

       6
       6
       +
       {

     

       7
       7
       +
         config.dn42 = {

     

       8
       8
       +
           peers.darkpoint = {

     

       9
       9
       +
             as = 4242420150;

     

       10
       10
       +
             addr.v6 = peerv6;

     

       11
       11
       +
             interface = "wg42_darkpoint";

     

       12
       12
       +
             extendedNextHop = true;

     

       13
       13
       +
             # My side

     

       14
       14
       +
             srcAddr.v6 = localv6;

     

       15
       15
       +
             # Communities

     

       16
       16
       +
             crypto = dn42Types.crypto.safePFS;

     

       17
       17
       +
             latency = dn42Types.latency."2.7ms";

     

       18
       18
       +
             bandwidth = dn42Types.bandwidth."1000mb";

     

       19
       19
       +
             transit = true;

     

       20
       20
       +
           };

     

       21
       21
       +
           wg.tunnels.darkpoint = {

     

       22
       22
       +
             listenPort = 42150;

     

       23
       23
       +
             peerPubKey = "1o0XfQvBM1gqknqzfuOnVmf2RjRTHuyMZYNipSSb2TQ=";

     

       24
       24
       +
             peerEndpoint = "iad.darkpoint.xyz:22459";

     

       25
       25
       +
             peerAddrs.v6 = peerv6;

     

       26
       26
       +
             localAddrs.v6 = localv6;

     

       27
       27
       +
           };

     

       28
       28
       +
         };

     

       29
       29
       +
       }

+23

hosts/prefect/dn42/peers/default.nix

···

       1
       1
       +
       _:

     

       2
       2
       +
       let

     

       3
       3
       +
         dn42Types = import ../types.nix;

     

       4
       4
       +
       in

     

       5
       5
       +
       {

     

       6
       6
       +
         # Port numbers are 42000 + `last 4 digits of ASN`

     

       7
       7
       +
         imports = [

     

       8
       8
       +
           # keep-sorted start

     

       9
       9
       +
           (import ./bandura.nix { inherit dn42Types; })

     

       10
       10
       +
           # (import ./catgirls.nix { inherit dn42Types; })

     

       11
       11
       +
           (import ./chrismoos.nix { inherit dn42Types; })

     

       12
       12
       +
           (import ./darkpoint.nix { inherit dn42Types; })

     

       13
       13
       +
           (import ./iedon.nix { inherit dn42Types; })

     

       14
       14
       +
           (import ./kioubit.nix { inherit dn42Types; })

     

       15
       15
       +
           (import ./lare.nix { inherit dn42Types; })

     

       16
       16
       +
           (import ./potato.nix { inherit dn42Types; })

     

       17
       17
       +
           (import ./prefixlabs.nix { inherit dn42Types; })

     

       18
       18
       +
           (import ./routedbits.nix { inherit dn42Types; })

     

       19
       19
       +
           (import ./sunnet.nix { inherit dn42Types; })

     

       20
       20
       +
           (import ./uffsalot.nix { inherit dn42Types; })

     

       21
       21
       +
           # keep-sorted end

     

       22
       22
       +
         ];

     

       23
       23
       +
       }

+26

hosts/prefect/dn42/peers/iedon.nix

···

       1
       1
       +
       { dn42Types, ... }:

     

       2
       2
       +
       {

     

       3
       3
       +
         config.dn42 = {

     

       4
       4
       +
           peers.iedon = {

     

       5
       5
       +
             as = 4242422189;

     

       6
       6
       +
             addr.v6 = "fe80::2189:124";

     

       7
       7
       +
             interface = "wg42_iedon";

     

       8
       8
       +
             extendedNextHop = true;

     

       9
       9
       +
             # My side

     

       10
       10
       +
             srcAddr.v6 = "fe80::6";

     

       11
       11
       +
             # Communities

     

       12
       12
       +
             crypto = dn42Types.crypto.safePFS;

     

       13
       13
       +
             latency = dn42Types.latency."20ms";

     

       14
       14
       +
             bandwidth = dn42Types.bandwidth."1000mb";

     

       15
       15
       +
             transit = true;

     

       16
       16
       +
           };

     

       17
       17
       +
           wg.tunnels.iedon = {

     

       18
       18
       +
             listenPort = 44198;

     

       19
       19
       +
             peerPubKey = "2Wmv10a9eVSni9nfZ7YPsyl3ZC5z7vHq0sTZGgk5WGo=";

     

       20
       20
       +
             peerEndpoint = "us-nyc.dn42.iedon.net:48883";

     

       21
       21
       +
             peerAddrs.v4 = "172.23.91.124";

     

       22
       22
       +
             peerAddrs.v6 = "fe80::2189:124";

     

       23
       23
       +
             localAddrs.v6 = "fe80::6";

     

       24
       24
       +
           };

     

       25
       25
       +
         };

     

       26
       26
       +
       }

+27

hosts/prefect/dn42/peers/kioubit.nix

···

       1
       1
       +
       { dn42Types, ... }:

     

       2
       2
       +
       {

     

       3
       3
       +
         config.dn42 = {

     

       4
       4
       +
           peers.kioubit = {

     

       5
       5
       +
             as = 4242423914;

     

       6
       6
       +
             addr.v6 = "fe80::ade0";

     

       7
       7
       +
             interface = "wg42_kioubit";

     

       8
       8
       +
             extendedNextHop = true;

     

       9
       9
       +
             # My side

     

       10
       10
       +
             srcAddr.v6 = "fe80::ade1";

     

       11
       11
       +
             # Communities

     

       12
       12
       +
             crypto = dn42Types.crypto.safePFS;

     

       13
       13
       +
             latency = dn42Types.latency."7.3ms";

     

       14
       14
       +
             bandwidth = dn42Types.bandwidth."1000mb";

     

       15
       15
       +
             transit = true;

     

       16
       16
       +
           };

     

       17
       17
       +
           wg.tunnels.kioubit = {

     

       18
       18
       +
             listenPort = 45914;

     

       19
       19
       +
             peerPubKey = "6Cylr9h1xFduAO+5nyXhFI1XJ0+Sw9jCpCDvcqErF1s=";

     

       20
       20
       +
             peerEndpoint = "us2.g-load.eu:22459";

     

       21
       21
       +
             peerAddrs.v4 = "172.20.53.98";

     

       22
       22
       +
             peerAddrs.v6 = "fe80::ade0";

     

       23
       23
       +
             localAddrs.v4 = "192.168.220.70";

     

       24
       24
       +
             localAddrs.v6 = "fe80::ade1";

     

       25
       25
       +
           };

     

       26
       26
       +
         };

     

       27
       27
       +
       }

+25

hosts/prefect/dn42/peers/lare.nix

···

       1
       1
       +
       { dn42Types, ... }:

     

       2
       2
       +
       {

     

       3
       3
       +
         config.dn42 = {

     

       4
       4
       +
           peers.lare = {

     

       5
       5
       +
             as = 4242423035;

     

       6
       6
       +
             addr.v6 = "fe80::3035:137";

     

       7
       7
       +
             interface = "wg42_lare";

     

       8
       8
       +
             extendedNextHop = true;

     

       9
       9
       +
             # My side

     

       10
       10
       +
             srcAddr.v6 = "fe80::112";

     

       11
       11
       +
             # Communities

     

       12
       12
       +
             crypto = dn42Types.crypto.safePFS;

     

       13
       13
       +
             latency = dn42Types.latency."20ms";

     

       14
       14
       +
             bandwidth = dn42Types.bandwidth."1000mb";

     

       15
       15
       +
             transit = true;

     

       16
       16
       +
           };

     

       17
       17
       +
           wg.tunnels.lare = {

     

       18
       18
       +
             listenPort = 45035;

     

       19
       19
       +
             peerPubKey = "AREskFoxP2cd6DXoJ7druDsiWKX+8TwrkQqfi4JxRRw=";

     

       20
       20
       +
             peerEndpoint = "use2.dn42.lare.cc:22459";

     

       21
       21
       +
             peerAddrs.v6 = "fe80::3035:137";

     

       22
       22
       +
             localAddrs.v6 = "fe80::112";

     

       23
       23
       +
           };

     

       24
       24
       +
         };

     

       25
       25
       +
       }

+26

hosts/prefect/dn42/peers/potato.nix

···

       1
       1
       +
       { dn42Types, ... }:

     

       2
       2
       +
       {

     

       3
       3
       +
         config.dn42 = {

     

       4
       4
       +
           peers.potato = {

     

       5
       5
       +
             as = 4242421816;

     

       6
       6
       +
             addr.v6 = "fe80::1816";

     

       7
       7
       +
             interface = "wg42_potato";

     

       8
       8
       +
             extendedNextHop = true;

     

       9
       9
       +
             # My side

     

       10
       10
       +
             srcAddr.v6 = "fe80::111";

     

       11
       11
       +
             # Communities

     

       12
       12
       +
             crypto = dn42Types.crypto.safePFS;

     

       13
       13
       +
             latency = dn42Types.latency."148ms";

     

       14
       14
       +
             bandwidth = dn42Types.bandwidth."1000mb";

     

       15
       15
       +
             transit = true;

     

       16
       16
       +
           };

     

       17
       17
       +
           wg.tunnels.potato = {

     

       18
       18
       +
             enable = false;

     

       19
       19
       +
             listenPort = 43816;

     

       20
       20
       +
             peerPubKey = "LUwqKS6QrCPv510Pwt1eAIiHACYDsbMjrkrbGTJfviU=";

     

       21
       21
       +
             peerEndpoint = "las.node.potat0.cc:22459";

     

       22
       22
       +
             peerAddrs.v6 = "fe80::1816";

     

       23
       23
       +
             localAddrs.v6 = "fe80::9";

     

       24
       24
       +
           };

     

       25
       25
       +
         };

     

       26
       26
       +
       }

+26

hosts/prefect/dn42/peers/prefixlabs.nix

···

       1
       1
       +
       { dn42Types, ... }:

     

       2
       2
       +
       {

     

       3
       3
       +
         config.dn42 = {

     

       4
       4
       +
           peers.prefixlabs = {

     

       5
       5
       +
             as = 4242421240;

     

       6
       6
       +
             addr.v6 = "fe80::1240:2";

     

       7
       7
       +
             interface = "wg42_prefixlabs";

     

       8
       8
       +
             extendedNextHop = true;

     

       9
       9
       +
             # My side

     

       10
       10
       +
             srcAddr.v6 = "fe80::240";

     

       11
       11
       +
             # Communities

     

       12
       12
       +
             crypto = dn42Types.crypto.safePFS;

     

       13
       13
       +
             latency = dn42Types.latency."7.3ms";

     

       14
       14
       +
             bandwidth = dn42Types.bandwidth."1000mb";

     

       15
       15
       +
             transit = true;

     

       16
       16
       +
           };

     

       17
       17
       +
           wg.tunnels.prefixlabs = {

     

       18
       18
       +
             listenPort = 43240;

     

       19
       19
       +
             peerPubKey = "uRYzFGi+/B6pD0FR2SW3G/OzC5LPJXePNIt0s+nJfW0=";

     

       20
       20
       +
             peerEndpoint = "us-01.prefixlabs.net:22459";

     

       21
       21
       +
             peerAddrs.v4 = "172.20.209.11";

     

       22
       22
       +
             peerAddrs.v6 = "fe80::1240:2";

     

       23
       23
       +
             localAddrs.v6 = "fe80::240";

     

       24
       24
       +
           };

     

       25
       25
       +
         };

     

       26
       26
       +
       }

+26

hosts/prefect/dn42/peers/routedbits.nix

···

       1
       1
       +
       { dn42Types, ... }:

     

       2
       2
       +
       {

     

       3
       3
       +
         config.dn42 = {

     

       4
       4
       +
           peers.routedbits = {

     

       5
       5
       +
             as = 4242420207;

     

       6
       6
       +
             addr.v6 = "fe80::207";

     

       7
       7
       +
             interface = "wg42_routedbits";

     

       8
       8
       +
             extendedNextHop = true;

     

       9
       9
       +
             # My side

     

       10
       10
       +
             srcAddr.v6 = "fe80::5";

     

       11
       11
       +
             # Communities

     

       12
       12
       +
             crypto = dn42Types.crypto.safePFS;

     

       13
       13
       +
             latency = dn42Types.latency."2.7ms";

     

       14
       14
       +
             bandwidth = dn42Types.bandwidth."1000mb";

     

       15
       15
       +
             transit = true;

     

       16
       16
       +
           };

     

       17
       17
       +
           wg.tunnels.routedbits = {

     

       18
       18
       +
             listenPort = 42207;

     

       19
       19
       +
             peerPubKey = "/RLM4EcF8b7FKKcxnvHIYyDoES59HXIBqhKEWt4yRy0=";

     

       20
       20
       +
             peerEndpoint = "router.iad1.routedbits.com:52459";

     

       21
       21
       +
             peerAddrs.v4 = "172.20.19.73";

     

       22
       22
       +
             peerAddrs.v6 = "fe80::207";

     

       23
       23
       +
             localAddrs.v6 = "fe80::5";

     

       24
       24
       +
           };

     

       25
       25
       +
         };

     

       26
       26
       +
       }

+26

hosts/prefect/dn42/peers/sunnet.nix

···

       1
       1
       +
       { dn42Types, ... }:

     

       2
       2
       +
       {

     

       3
       3
       +
         config.dn42 = {

     

       4
       4
       +
           peers.sunnet = {

     

       5
       5
       +
             as = 4242423088;

     

       6
       6
       +
             addr.v6 = "fe80::3088:193";

     

       7
       7
       +
             interface = "wg42_sunnet";

     

       8
       8
       +
             extendedNextHop = true;

     

       9
       9
       +
             # My side

     

       10
       10
       +
             srcAddr.v6 = "fe80::abcd";

     

       11
       11
       +
             # Communities

     

       12
       12
       +
             crypto = dn42Types.crypto.safePFS;

     

       13
       13
       +
             latency = dn42Types.latency."148ms";

     

       14
       14
       +
             bandwidth = dn42Types.bandwidth."1000mb";

     

       15
       15
       +
             transit = true;

     

       16
       16
       +
           };

     

       17
       17
       +
           wg.tunnels.sunnet = {

     

       18
       18
       +
             listenPort = 45088;

     

       19
       19
       +
             peerPubKey = "QSAeFPotqFpF6fFe3CMrMjrpS5AL54AxWY2w1+Ot2Bo=";

     

       20
       20
       +
             peerEndpoint = "lax1-us.dn42.6700.cc:22459";

     

       21
       21
       +
             peerAddrs.v4 = "172.21.100.193";

     

       22
       22
       +
             peerAddrs.v6 = "fe80::3088:193";

     

       23
       23
       +
             localAddrs.v6 = "fe80::abcd";

     

       24
       24
       +
           };

     

       25
       25
       +
         };

     

       26
       26
       +
       }

+26

hosts/prefect/dn42/peers/uffsalot.nix

···

       1
       1
       +
       { dn42Types, ... }:

     

       2
       2
       +
       {

     

       3
       3
       +
         config.dn42 = {

     

       4
       4
       +
           peers.uffsalot = {

     

       5
       5
       +
             as = 4242420780;

     

       6
       6
       +
             addr.v6 = "fe80::780";

     

       7
       7
       +
             interface = "wg42_uffsalot";

     

       8
       8
       +
             extendedNextHop = true;

     

       9
       9
       +
             # My side

     

       10
       10
       +
             srcAddr.v6 = "fe80::10";

     

       11
       11
       +
             # Communities

     

       12
       12
       +
             crypto = dn42Types.crypto.safePFS;

     

       13
       13
       +
             latency = dn42Types.latency."148ms";

     

       14
       14
       +
             bandwidth = dn42Types.bandwidth."1000mb";

     

       15
       15
       +
             transit = true;

     

       16
       16
       +
           };

     

       17
       17
       +
           wg.tunnels.uffsalot = {

     

       18
       18
       +
             listenPort = 42780;

     

       19
       19
       +
             peerPubKey = "7V65FxvD9AQetyUr0qSiu+ik8samB4Atrw2ekvC0xQM=";

     

       20
       20
       +
             peerEndpoint = "dn42-de-fra4.brand-web.net:42459";

     

       21
       21
       +
             peerAddrs.v4 = "172.20.191.129";

     

       22
       22
       +
             peerAddrs.v6 = "fe80::780";

     

       23
       23
       +
             localAddrs.v6 = "fe80::10";

     

       24
       24
       +
           };

     

       25
       25
       +
         };

     

       26
       26
       +
       }

-71

hosts/prefect/dn42/services.nix

···

       1
       1
       -
       { pkgs, lib, ... }:

     

       2
       2
       -
       let

     

       3
       3
       -
         script = pkgs.writeShellScriptBin "update-roa" ''

     

       4
       4
       -
           mkdir -p /etc/bird/

     

       5
       5
       -
           ${pkgs.curl}/bin/curl -sfSLR {-o,-z}/etc/bird/roa_dn42_v6.conf https://dn42.burble.com/roa/dn42_roa_bird2_6.conf

     

       6
       6
       -
           ${pkgs.curl}/bin/curl -sfSLR {-o,-z}/etc/bird/roa_dn42.conf https://dn42.burble.com/roa/dn42_roa_bird2_4.conf

     

       7
       7
       -
           ${pkgs.bird2}/bin/birdc c

     

       8
       8
       -
           ${pkgs.bird2}/bin/birdc reload in all

     

       9
       9
       -
         '';

     

       10
       10
       -
         bgp = import ./bgp.nix { };

     

       11
       11
       -
       in

     

       12
       12
       -
       {

     

       13
       13
       -
         systemd = {

     

       14
       14
       -
           timers.dn42-roa = {

     

       15
       15
       -
             description = "Trigger a ROA table update";

     

       16
       16
       -
       

     

       17
       17
       -
             timerConfig = {

     

       18
       18
       -
               OnBootSec = "5m";

     

       19
       19
       -
               OnUnitInactiveSec = "1h";

     

       20
       20
       -
               Unit = "dn42-roa.service";

     

       21
       21
       -
             };

     

       22
       22
       -
       

     

       23
       23
       -
             wantedBy = [ "timers.target" ];

     

       24
       24
       -
             before = [ "bird.service" ];

     

       25
       25
       -
           };

     

       26
       26
       -
           services = {

     

       27
       27
       -
             dn42-roa = {

     

       28
       28
       -
               after = [ "network.target" ];

     

       29
       29
       -
               description = "DN42 ROA Updated";

     

       30
       30
       -
               unitConfig = {

     

       31
       31
       -
                 Type = "one-shot";

     

       32
       32
       -
               };

     

       33
       33
       -
               serviceConfig = {

     

       34
       34
       -
                 ExecStart = "${script}/bin/update-roa";

     

       35
       35
       -
               };

     

       36
       36
       -
             };

     

       37
       37
       -
           };

     

       38
       38
       -
         };

     

       39
       39
       -
       

     

       40
       40
       -
         services = {

     

       41
       41
       -
           bird = {

     

       42
       42
       -
             enable = true;

     

       43
       43
       -
             package = pkgs.bird2;

     

       44
       44
       -
             checkConfig = false;

     

       45
       45
       -
             config =

     

       46
       46
       -
               builtins.readFile ./bird.conf

     

       47
       47
       -
               + lib.concatStrings (

     

       48
       48
       -
                 builtins.map (

     

       49
       49
       -
                   x:

     

       50
       50
       -
                   "\n      protocol bgp ${x.name} from dnpeers {\n        ${

     

       51
       51
       -
                     if x.multihop then "multihop;" else ""

     

       52
       52
       -
                   }\n        ${

     

       53
       53
       -
                     if x.gracefulRestart then "graceful restart on;" else ""

     

       54
       54
       -
                   }\n        neighbor ${x.neigh} as ${x.as};\n        ${

     

       55
       55
       -
                     if x.multi || x.v4 then

     

       56
       56
       -
                       "\n        ipv4 {\n                extended next hop on;\n                import where dn42_import_filter(${x.link},25,34);\n                export where dn42_export_filter(${x.link},25,34);\n                import keep filtered;\n        };\n        "

     

       57
       57
       -
                     else

     

       58
       58
       -
                       ""

     

       59
       59
       -
                   }\n        ${

     

       60
       60
       -
                     if x.multi || x.v6 then

     

       61
       61
       -
                       "\n        ipv6 {\n                extended next hop on;\n                import where dn42_import_filter(${x.link},25,34);\n                export where dn42_export_filter(${x.link},25,34);\n                import keep filtered;\n        };\n        "

     

       62
       62
       -
                     else

     

       63
       63
       -
                       ""

     

       64
       64
       -
                   }\n    }\n        "

     

       65
       65
       -
                 ) bgp.sessions

     

       66
       66
       -
               )

     

       67
       67
       -
               + bgp.extraConfig;

     

       68
       68
       -
           };

     

       69
       69
       -
         };

     

       70
       70
       -
         users.users.thehedgehog.extraGroups = [ "bird2" ];

     

       71
       71
       -
       }

-86

hosts/prefect/dn42/tunnels.nix

···

       1
       1
       -
       { tunnel, ... }:

     

       2
       2
       -
       let

     

       3
       3
       -
         # deadnix: skip

     

       4
       4
       -
         defaultPubKey = "e6kp9sca4XIzncKa9GEQwyOnMjje299Xg9ZdgXWMwHg=";

     

       5
       5
       -
         defaultPrivKeyFile = "/run/agenix/dn42-privkey";

     

       6
       6
       -
         defaultLocalIPv4 = "172.20.43.96";

     

       7
       7
       -
       in

     

       8
       8
       -
       {

     

       9
       9
       -
         wg42_chris =

     

       10
       10
       -
           # Ports 485-486 available

     

       11
       11
       -
       

     

       12
       12
       -
           tunnel 487 defaultPrivKeyFile "itmJ4Z8V1aNN368P6kMzuQM+GdzWbBKZjJiXrgSeGlw=" defaultLocalIPv4

     

       13
       13
       -
             "fe80::100"

     

       14
       14
       -
             "us-qas01.dn42.tech9.io:52322"

     

       15
       15
       -
             "wg42_chris"

     

       16
       16
       -
             "172.20.16.143"

     

       17
       17
       -
             "fe80::1588";

     

       18
       18
       -
       

     

       19
       19
       -
         wg42_kioubit =

     

       20
       20
       -
           tunnel 488 defaultPrivKeyFile "6Cylr9h1xFduAO+5nyXhFI1XJ0+Sw9jCpCDvcqErF1s=" defaultLocalIPv4

     

       21
       21
       -
             "fe80::3"

     

       22
       22
       -
             "us2.g-load.eu:22459"

     

       23
       23
       -
             "wg42_kioubit"

     

       24
       24
       -
             "172.20.53.98"

     

       25
       25
       -
             "fe80::ade0";

     

       26
       26
       -
       

     

       27
       27
       -
         # Ports 489-490 available

     

       28
       28
       -
       

     

       29
       29
       -
         wg42_iedon =

     

       30
       30
       -
           tunnel 491 defaultPrivKeyFile "Sz0UhewjDk2yRKI0QL9rB+5daWpXFVlbbz9cLfVVLn4=" defaultLocalIPv4

     

       31
       31
       -
             "fe80::6"

     

       32
       32
       -
             "us-sjc.dn42.kuu.moe:35470"

     

       33
       33
       -
             "wg42_iedon"

     

       34
       34
       -
             "172.23.91.117"

     

       35
       35
       -
             "fe80::2189:e8";

     

       36
       36
       -
       

     

       37
       37
       -
         wg42_sunnet =

     

       38
       38
       -
           tunnel 492 defaultPrivKeyFile "QSAeFPotqFpF6fFe3CMrMjrpS5AL54AxWY2w1+Ot2Bo=" defaultLocalIPv4

     

       39
       39
       -
             "fe80::abcd"

     

       40
       40
       -
             "v6.lax1-us.dn42.6700.cc:22459"

     

       41
       41
       -
             "wg42_sunnet"

     

       42
       42
       -
             "172.21.100.193"

     

       43
       43
       -
             "fe80::3088:193";

     

       44
       44
       -
       

     

       45
       45
       -
         wg42_catgirls =

     

       46
       46
       -
           tunnel 493 defaultPrivKeyFile "jo8eAfY8LeA4FAEJ4laYYMNkMd4z3oO/zN5DN0Mo+RQ=" defaultLocalIPv4

     

       47
       47
       -
             "fe80::7"

     

       48
       48
       -
             "karx.xyz:22459"

     

       49
       49
       -
             "wg42_catgirls"

     

       50
       50
       -
             ""

     

       51
       51
       -
             "fe80::4242";

     

       52
       52
       -
       

     

       53
       53
       -
         # Port 494 Available

     

       54
       54
       -
       

     

       55
       55
       -
         wg42_potato =

     

       56
       56
       -
           tunnel 495 defaultPrivKeyFile "LUwqKS6QrCPv510Pwt1eAIiHACYDsbMjrkrbGTJfviU=" defaultLocalIPv4

     

       57
       57
       -
             "fe80::9"

     

       58
       58
       -
             "las.node.potat0.cc:22459"

     

       59
       59
       -
             "wg42_potato"

     

       60
       60
       -
             ""

     

       61
       61
       -
             "fe80::1816";

     

       62
       62
       -
       

     

       63
       63
       -
         wg42_uffsalot =

     

       64
       64
       -
           tunnel 496 defaultPrivKeyFile "7V65FxvD9AQetyUr0qSiu+ik8samB4Atrw2ekvC0xQM=" defaultLocalIPv4

     

       65
       65
       -
             "fe80::10"

     

       66
       66
       -
             "dn42-de-fra4.brand-web.net:42459"

     

       67
       67
       -
             "wg42_uffsalot"

     

       68
       68
       -
             "172.20.191.129"

     

       69
       69
       -
             "fe80::780";

     

       70
       70
       -
       

     

       71
       71
       -
         wg42_bandura =

     

       72
       72
       -
           tunnel 497 defaultPrivKeyFile "xPW1/cWYDkk/IAss1GbdwVMW7fzKtyHA+qrfCriOB2k=" defaultLocalIPv4

     

       73
       73
       -
             "fe80::11"

     

       74
       74
       -
             "aurora.mk16.de:52459"

     

       75
       75
       -
             "wg42_bandura"

     

       76
       76
       -
             ""

     

       77
       77
       -
             "fe80::2926";

     

       78
       78
       -
       

     

       79
       79
       -
         wg42_bluemedia =

     

       80
       80
       -
           tunnel 498 defaultPrivKeyFile "7HNg2+uMI2WfntN+WlMnlTDG6xra/Dusee82cuXWMBY=" defaultLocalIPv4

     

       81
       81
       -
             "fe80::12"

     

       82
       82
       -
             "de-fra01.dn42.bluemedia.dev:22459"

     

       83
       83
       -
             "wg42_bluemedia"

     

       84
       84
       -
             "172.22.167.82"

     

       85
       85
       -
             "fe80::42:3343:20:1";

     

       86
       86
       -
       }

+63

hosts/prefect/dn42/types.nix

···

       1
       1
       +
       # DN42 Community Standard BGP Communities

     

       2
       2
       +
       # See main lists here: https://dn42.dev/howto/BGP-communities

     

       3
       3
       +
       {

     

       4
       4
       +
         latency = {

     

       5
       5
       +
           "2.7ms" = 1;

     

       6
       6
       +
           "7.3ms" = 2;

     

       7
       7
       +
           "20ms" = 3;

     

       8
       8
       +
           "55ms" = 4;

     

       9
       9
       +
           "148ms" = 5;

     

       10
       10
       +
           "403ms" = 6;

     

       11
       11
       +
           "1097ms" = 7;

     

       12
       12
       +
           "2981ms" = 8;

     

       13
       13
       +
           "gt2981" = 9;

     

       14
       14
       +
         };

     

       15
       15
       +
         bandwidth = {

     

       16
       16
       +
           "0.1mb" = 21;

     

       17
       17
       +
           "1mb" = 22;

     

       18
       18
       +
           "10mb" = 23;

     

       19
       19
       +
           "100mb" = 24;

     

       20
       20
       +
           "1000mb" = 25;

     

       21
       21
       +
         };

     

       22
       22
       +
         crypto = {

     

       23
       23
       +
           unencrypted = 31;

     

       24
       24
       +
           unsafeVPN = 32;

     

       25
       25
       +
           safeNoPFS = 33;

     

       26
       26
       +
           safePFS = 34;

     

       27
       27
       +
         };

     

       28
       28
       +
         region = {

     

       29
       29
       +
           europe = 41;

     

       30
       30
       +
           northAmericaEast = 42;

     

       31
       31
       +
           northAmericaCentral = 43;

     

       32
       32
       +
           northAmericaWest = 44;

     

       33
       33
       +
           centralAmerica = 45;

     

       34
       34
       +
           southAmericaEast = 46;

     

       35
       35
       +
           southAmericaWest = 47;

     

       36
       36
       +
           africaNorth = 48;

     

       37
       37
       +
           africaSouth = 49;

     

       38
       38
       +
           asiaSouth = 50;

     

       39
       39
       +
           asiaSouthEast = 51;

     

       40
       40
       +
           asiaEast = 52;

     

       41
       41
       +
           pacificOceania = 53;

     

       42
       42
       +
           antarctica = 54;

     

       43
       43
       +
           asiaNorth = 55;

     

       44
       44
       +
           asiaWest = 56;

     

       45
       45
       +
           centralAsia = 57;

     

       46
       46
       +
         };

     

       47
       47
       +
         country = {

     

       48
       48
       +
           canada = 1124;

     

       49
       49
       +
           china = 1156;

     

       50
       50
       +
           taiwan = 1158;

     

       51
       51
       +
           france = 1250;

     

       52
       52
       +
           germany = 1276;

     

       53
       53
       +
           hongKong = 1344;

     

       54
       54
       +
           japan = 1392;

     

       55
       55
       +
           netherlands = 1528;

     

       56
       56
       +
           norway = 1578;

     

       57
       57
       +
           russianFederation = 1643;

     

       58
       58
       +
           singapore = 1702;

     

       59
       59
       +
           switzerland = 1756;

     

       60
       60
       +
           unitedKingdom = 1826;

     

       61
       61
       +
           unitedStatesOfAmerica = 1840;

     

       62
       62
       +
         };

     

       63
       63
       +
       }

-59

hosts/prefect/dn42/wireguard.nix

···

       1
       1
       -
       { pkgs, lib, ... }:

     

       2
       2
       -
       let

     

       3
       3
       -
         defaultLocalIPv4 = "172.20.43.96/32";

     

       4
       4
       -
         defaultLocalIPv6 = "fe80::1/64";

     

       5
       5
       -
         privKeyFile = "/run/agenix/dn42-privkey";

     

       6
       6
       -
         # deadnix: skip

     

       7
       7
       -
         defaultPubKey = "e6kp9sca4XIzncKa9GEQwyOnMjje299Xg9ZdgXWMwHg=";

     

       8
       8
       -
       in

     

       9
       9
       -
       {

     

       10
       10
       -
         environment.systemPackages = [ pkgs.wireguard-tools ];

     

       11
       11
       -
       

     

       12
       12
       -
         networking.wireguard.interfaces = import ./tunnels.nix rec {

     

       13
       13
       -
           customTunnel =

     

       14
       14
       -
             listenPort: privKeyFile: peerPubKey: endpoint: name: peerIPv4: peerIPv6: localIPv4: localIPv6: isOspf: {

     

       15
       15
       -
               inherit listenPort;

     

       16
       16
       -
               privateKeyFile = privKeyFile;

     

       17
       17
       -
               allowedIPsAsRoutes = false;

     

       18
       18
       -
               peers = [

     

       19
       19
       -
                 {

     

       20
       20
       -
                   inherit endpoint;

     

       21
       21
       -
                   publicKey = peerPubKey;

     

       22
       22
       -
                   allowedIPs = [

     

       23
       23
       -
                     "0.0.0.0/0"

     

       24
       24
       -
                     "::/0"

     

       25
       25
       -
                   ];

     

       26
       26
       -
                   dynamicEndpointRefreshSeconds = 5;

     

       27
       27
       -
                   persistentKeepalive = 15;

     

       28
       28
       -
                 }

     

       29
       29
       -
               ];

     

       30
       30
       -
               postSetup =

     

       31
       31
       -
                 ''

     

       32
       32
       -
                   ${

     

       33
       33
       -
                     if peerIPv4 != "" then

     

       34
       34
       -
                       "${pkgs.iproute2}/bin/ip addr add ${localIPv4} peer ${peerIPv4} dev ${name}"

     

       35
       35
       -
                     else

     

       36
       36
       -
                       ""

     

       37
       37
       -
                   }

     

       38
       38
       -
                   ${

     

       39
       39
       -
                     if peerIPv6 != "" then

     

       40
       40
       -
                       "${pkgs.iproute2}/bin/ip -6 addr add ${localIPv6} peer ${peerIPv6} dev ${name}"

     

       41
       41
       -
                     else

     

       42
       42
       -
                       ""

     

       43
       43
       -
                   }

     

       44
       44
       -
                 ''

     

       45
       45
       -
                 + lib.optionalString isOspf "${pkgs.iproute2}/bin/ip -6 addr add ${defaultLocalIPv6} dev ${name}";

     

       46
       46
       -
             };

     

       47
       47
       -
           # deadnix: skip

     

       48
       48
       -
           tunnel =

     

       49
       49
       -
             listenPort: privKey: peerPubKey: localIPv4: localIPv6: endpoint: name: peerIPv4: peerIPv6:

     

       50
       50
       -
             customTunnel listenPort privKeyFile peerPubKey endpoint name peerIPv4 peerIPv6 localIPv4 localIPv6

     

       51
       51
       -
               false;

     

       52
       52
       -
           # deadnix: skip

     

       53
       53
       -
           ospf =

     

       54
       54
       -
             listenPort: privKey: peerPubKey: endpoint: name: peerIPv4: peerIPv6: ULAIPv6:

     

       55
       55
       -
             customTunnel listenPort privKeyFile peerPubKey endpoint name peerIPv4 peerIPv6 defaultLocalIPv4

     

       56
       56
       -
               ULAIPv6

     

       57
       57
       -
               true;

     

       58
       58
       -
         };

     

       59
       59
       -
       }

+2 -17

hosts/prefect/firewall.nix

···

       28
       28
        
           ];

     

       29
       29
        
           allowedUDPPortRanges = [

     

       30
       30
        
             {

     

       31
       31
       -
               from = 480;

     

       32
       32
       -
               to = 510;

     

       31
       31
       +
               from = 42000;

     

       32
       32
       +
               to = 52000;

     

       33
       33
        
             }

     

       34
       34
        
           ];

     

       35
       35
        
           trustedInterfaces = [

     

       36
       36
       -
             "tailscale0"

     

       37
       36
        
             "wg0"

     

       38
       38
       -
       

     

       39
       39
       -
             # DN42 Interfaces

     

       40
       40
       -
             "wg42_bandura"

     

       41
       41
       -
             "wg42_bluemedia"

     

       42
       42
       -
             "wg42_catgirls"

     

       43
       43
       -
             "wg42_chris"

     

       44
       44
       -
             "wg42_iedon"

     

       45
       45
       -
             "wg42_kioubit"

     

       46
       46
       -
             "wg42_liki"

     

       47
       47
       -
             "wg42_lutoma"

     

       48
       48
       -
             "wg42_potato"

     

       49
       49
       -
             "wg42_sunnet"

     

       50
       50
       -
             "wg42_uffsalot"

     

       51
       51
       -
             "wg42_usman"

     

       52
       37
        
           ];

     

       53
       38
        
           extraForwardRules = ''

     

       54
       39
        
             meta iifname "wg42_*" meta oifname "wg42_*" accept

-1

hosts/prefect/secrets/secrets.nix

···

       1
       1
        
       let

     

       2
       2
        
         yubi-back = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDTVGi3PItsbUhFgnFZlqo1iUggL4npMg94+9FsyhEPfShcQwJK2/jJzjv5S9KPuk3cY7aoqyVFLbnasSBZPXmscJmOiVNvtWvHoC3QPXvf3IAcVZ5KOLpY2NJlPx/pAb31C6ewtg8v3VlyhL4zEp6M+AGwXX51tFDh2GnYD+7SNF+aMhKCrX63syAhgPy3F8mZ2RIDLAu+lsYlwdpWRkSEv9kcjX/6+3QgUWjfPBaKEeYID22ihSuj7+AiuAt0gM4q0TY/Hpcx+qDLonrIuBnm1hMZDgbv//D0sHIUxJQkGTKTEbkZxoh0Qri7UV/V6l3mETaG40deuemMU7RFY7Khl8RajNZ+9z0FdquS/HCt8+fYQk6eLneJrMIQ1bI4awrtblG3P2Yf2QUu+H3kfCQe44R3WjUugTbNtumVgyQBzl2dzlIVn1pZBeyZy70XCgbaFKkDR8Y/qZiUoZ0afP3vTOXhkn5UBfutTKwUiSGh3S8Ge5YhNgKHWE2eQp1ckEm0IMJV/q5Nsw/yBBXj/kfD8ekz96LQ+gP5JFLq4EaipXI7FM4aZNOBUZU1l/sCEuq7m997nrBucTKqGm7Ho3rq7bgdj4f6GyUJXSMOM1cN61LLrRumZGGTH8WghVL7ligxZyNFcQoudR8jfpf4mrgRxipQOe1A2umvuufMr+l/bw==";

     

       3
       3
       -
         yubi-main = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBBsOIMMZVmleClXfqUMrnmyh8PFuyiJqHKEZ51Xy746";

     

       4
       3
        
         prefect = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP532AB5mkNvE29MkDDY8HEf8ZdktGWiI0PzLrvbmLQe";

     

       5
       4
        
         ssh-new = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAxOg9nOtfbedq9AlnXNVUfyU8Mwfj4IB7HX/4VoWeXP";

     

       6
       5
        
         default = [

+10 -15

hosts/prefect/services/caddy.nix

···

       1
       1
        
       { pkgs, self, ... }:

     

       2
       2
        
       let

     

       3
       3
        
         pns = self.lib.data.services;

     

       4
       4
       -
         mail = self.lib.data.mail;

     

       4
       4
       +
         inherit (self.lib.data) mail;

     

       5
       5
        
         marvin = "http://${self.lib.data.hosts.marvin.ts.ip4}";

     

       6
       6
        
         marvinIP = self.lib.data.hosts.marvin.ts.ip4;

     

       7
       7
       -
         tsNet = self.lib.data.tsNet;

     

       7
       7
       +
         inherit (self.lib.data) tsNet;

     

       8
       8
        
       in

     

       9
       9
        
       {

     

       10
       10
        
         services.caddy = {

     
···

       67
       67
        
             # Authentication

     

       68
       68
        
             ${pns.pocket-id.extUrl} = {

     

       69
       69
        
               extraConfig = ''

     

       70
       70
       -
                 reverse_proxy / ${marvin}:${toString pns.pocket-id.port} {

     

       71
       71
       -
                   header_up X-Real-IP {remote_host}

     

       72
       72
       -
                   header_up X-Http-Version {http.request.proto}

     

       73
       73
       -
                 }

     

       70
       70
       +
                 reverse_proxy ${marvin}:${toString pns.pocket-id.port}

     

       74
       71
        
               '';

     

       75
       72
        
             };

     

       76
       73
        
       

     
···

       214
       211
        
               '';

     

       215
       212
        
             };

     

       216
       213
        
       

     

       217
       217
       -
             # Pingvin Share

     

       218
       218
       -
             ${pns.pingvin-share.extUrl} = {

     

       214
       214
       +
             # Immich

     

       215
       215
       +
             ${pns.immich.extUrl} = {

     

       219
       216
        
               extraConfig = ''

     

       220
       220
       -
                 reverse_proxy /api/* ${marvin}:${toString pns.pingvin-share.be-anubis} {

     

       221
       221
       -
                   header_up X-Real-IP {remote_host}

     

       222
       222
       -
                   header_up X-Http-Version {http.request.proto}

     

       223
       223
       -
                 }

     

       224
       224
       -
                 reverse_proxy /* ${marvin}:${toString pns.pingvin-share.anubis} {

     

       225
       225
       -
                   header_up X-Real-IP {remote_host}

     

       226
       226
       -
                   header_up X-Http-Version {http.request.proto}

     

       217
       217
       +
                 @public path /share /share/*

     

       218
       218
       +
                 handle @public {

     

       219
       219
       +
                   reverse_proxy ${marvin}:${toString pns.immich.pubProxy}

     

       227
       220
        
                 }

     

       221
       221
       +
                 reverse_proxy ${marvin}:${toString pns.immich.port}

     

       228
       222
        
               '';

     

       229
       223
        
             };

     

       224
       224
       +
       

     

       230
       225
        
             # Tangled Services

     

       231
       226
        
             ${pns.tangled-knot.extUrl} = {

     

       232
       227
        
               extraConfig = ''

-1

hosts/prefect/services/mailserver/default.nix

···

       8
       8
        
         d = self.lib.data.mail;

     

       9
       9
        
         cfg = config.services.stalwart-mail;

     

       10
       10
        
         sec = config.age.secrets;

     

       11
       11
       -
         creds = config.services.stalwart-mail.credentials;

     

       12
       11
        
         credsDir = "/run/credentials/stalwart-mail.service";

     

       13
       12
        
         certDir = config.security.acme.certs."pyroxdev-mail".directory;

     

       14
       13
        
         isAuthenticated = d: {

-1

hosts/prefect/services/tailscale.nix

···

       6
       6
        
         networking.firewall = {

     

       7
       7
        
           trustedInterfaces = [ "tailscale0" ];

     

       8
       8
        
           allowedUDPPorts = [ config.services.tailscale.port ];

     

       9
       9
       -
           checkReversePath = "loose";

     

       10
       9
        
         };

     

       11
       10
        
       }

-10

hosts/thought/secrets/secrets.nix

···

       1
       1
       -
       let

     

       2
       2
       -
         # deadnix: skip

     

       3
       3
       -
         yubi-back = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDTVGi3PItsbUhFgnFZlqo1iUggL4npMg94+9FsyhEPfShcQwJK2/jJzjv5S9KPuk3cY7aoqyVFLbnasSBZPXmscJmOiVNvtWvHoC3QPXvf3IAcVZ5KOLpY2NJlPx/pAb31C6ewtg8v3VlyhL4zEp6M+AGwXX51tFDh2GnYD+7SNF+aMhKCrX63syAhgPy3F8mZ2RIDLAu+lsYlwdpWRkSEv9kcjX/6+3QgUWjfPBaKEeYID22ihSuj7+AiuAt0gM4q0TY/Hpcx+qDLonrIuBnm1hMZDgbv//D0sHIUxJQkGTKTEbkZxoh0Qri7UV/V6l3mETaG40deuemMU7RFY7Khl8RajNZ+9z0FdquS/HCt8+fYQk6eLneJrMIQ1bI4awrtblG3P2Yf2QUu+H3kfCQe44R3WjUugTbNtumVgyQBzl2dzlIVn1pZBeyZy70XCgbaFKkDR8Y/qZiUoZ0afP3vTOXhkn5UBfutTKwUiSGh3S8Ge5YhNgKHWE2eQp1ckEm0IMJV/q5Nsw/yBBXj/kfD8ekz96LQ+gP5JFLq4EaipXI7FM4aZNOBUZU1l/sCEuq7m997nrBucTKqGm7Ho3rq7bgdj4f6GyUJXSMOM1cN61LLrRumZGGTH8WghVL7ligxZyNFcQoudR8jfpf4mrgRxipQOe1A2umvuufMr+l/bw==";

     

       4
       4
       -
         # deadnix: skip

     

       5
       5
       -
         yubi-main = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBBsOIMMZVmleClXfqUMrnmyh8PFuyiJqHKEZ51Xy746";

     

       6
       6
       -
         # deadnix: skip

     

       7
       7
       -
         backup = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCyTiGctsHaTUlRJn2XQ/745dD0UWGWO8W0en8J5rf7BLI8lL/hPUmbNt45vC5754LXcBjnp1t/1FNgiGhvNZIWJpC+elBmhyMhg8z1exRZPD+as7XaH7scnij2vSbSphQFUqH433ggAGe77x5bc7wKFp9n7vj8G1u0JJxMEe1M7kNFY0+ShNtaHna3LxiQOVcW7qVlNKZP8Ol1V7kZLblRADCJMTYOXDIbktA8bbGRfGhbNjJGkL665qz36haYwb2i6A4sC7Y583N8ro8hIDG/ByJqwbl/Sz4rSxkT6G4+OdBvS6sa7TovNXHjmQCculMIltdog7UhgyBsim1sTzxAen3YyFRi1Cz/kLM0oH39m/W4IoMvJcNZCJ3ItLgy+lEVMd87jVOqfuq/hyjHVI0wJtU2Si2HTxv7aKL8gPzqXwbNH+nhkhlQ0ZH8zKVBunOgLDgsmGIky5X/T3bpWZpIoFkOR7AYrId/5dOeGM3pHhHb6woZ3SRubZ43Ah/VdJM=";

     

       8
       8
       -
         # deadnix: skip

     

       9
       9
       -
         thought = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGkJcLykggEp427h2IywoiR74Yl3N+FU6Pwx9ZFQ3vjq";

     

       10
       10
       -
       in

     

       11
       1
        
       {

     

       12
       2
        
         imports = [ ../../common/secrets/secrets.nix ];

     

       13
       3
        
         # "headscale-oidc-secret.age".publicKeys = [ prefect yubi-main yubi-back ];

-1

hosts/zaphod/packages.nix

···

       14
       14
        
           pkgs.nixpkgs-track

     

       15
       15
        
           pkgs.pmutils

     

       16
       16
        
           pkgs.qbittorrent

     

       17
       17
       -
           pkgs.scrcpy

     

       18
       17
        
           pkgs.steam-run

     

       19
       18
        
           # Tools for working with Framework computers

     

       20
       19
        
           pkgs.framework-tool-tui

-1

hosts/zaphod/services/greeter.nix

···

       7
       7
        
             hide_version_string = true;

     

       8
       8
        
           };

     

       9
       9
        
         };

     

       10
       10
       -
         security.pam.services.ly.fprintAuth = false;

     

       11
       10
        
       }

+1 -2

hosts/zaphod/services/misc.nix

···

       4
       4
        
           blueman.enable = false;

     

       5
       5
        
           fstrim.enable = lib.mkDefault true;

     

       6
       6
        
           tlp.enable = lib.mkDefault (

     

       7
       7
       -
             (lib.versionOlder (lib.versions.majorMinor lib.version) "21.05")

     

       8
       8
       -
             || !config.services.power-profiles-daemon.enable

     

       7
       7
       +
             (lib.versionOlder (lib.versions.majorMinor lib.version) "21.05") || !config.services.power-profiles-daemon.enable

     

       9
       8
        
           );

     

       10
       9
        
           libinput.enable = lib.mkDefault true;

     

       11
       10
        
           logind.settings.Login = {

lib/data/services.toml

···

       5
       5
        
       # anubis: What port the anubis service for this domain will use, int

     

       6
       6
        
       # tsHost: (optional) What Tailscale host this service will run on, for services only available via Tailscale.

     

       7
       7
        
       # # Should only be set if this is available externally, if at all, since TS-only services aren't able to be scraped.

     

       8
       8
       +
       # Current lowest unassigned port: 6938

     

       8
       9
        
       [authentik]

     

       9
       10
        
       port = 6908

     

       10
       11
        
       host = "marvin"

     
···

       43
       44
        
       port = 6923

     

       44
       45
        
       host = "marvin"

     

       45
       46
        
       extUrl = "soc.pyrox.dev"

     

       47
       47
       +
       

     

       48
       48
       +
       [immich]

     

       49
       49
       +
       port = 6936

     

       50
       50
       +
       host = "marvin"

     

       51
       51
       +
       extUrl = "img.pyrox.dev"

     

       52
       52
       +
       pubProxy = 6937

     

       46
       53
        
       

     

       47
       54
        
       [jellyfin]

     

       48
       55
        
       port = 8096

+1 -4

lib/default.nix

···

       1
       1
       -
       {

     

       2
       2
       -
         ...

     

       3
       3
       -
       }:

     

       4
       4
       -
       {

     

       1
       1
       +
       _: {

     

       5
       2
        
         flake = {

     

       6
       3
        
           lib.data = import ./data;

     

       7
       4
        
         };

+1 -1

lib/deploy/default.nix

···

       8
       8
        
       let

     

       9
       9
        
         inherit (inputs) deploy-rs;

     

       10
       10
        
       in

     

       11
       11
       -
       rec {

     

       11
       11
       +
       {

     

       12
       12
        
         ## Create deployment configuration for use with deploy-rs.

     

       13
       13
        
         ##

     

       14
       14
        
         ## ```nix

+1 -1

nixosModules/default-config/default.nix

···

       14
       14
        
           ./users.nix

     

       15
       15
        
         ];

     

       16
       16
        
         system = {

     

       17
       17
       -
           stateVersion = "25.05";

     

       17
       17
       +
           stateVersion = "26.05";

     

       18
       18
        
           disableInstallerTools = true;

     

       19
       19
        
           tools.nixos-rebuild.enable = true;

     

       20
       20
        
         };

+2 -4

nixosModules/default-config/nixConfig.nix

···

       15
       15
        
       {

     

       16
       16
        
         nix = {

     

       17
       17
        
           enable = true;

     

       18
       18
       -
           # We use `nh.clean` instead, so this is disabled

     

       19
       19
       -
           gc.automatic = false;

     

       18
       18
       +
           gc.automatic = true;

     

       20
       19
        
           registry = lib.mapAttrs (_: v: { flake = v; }) flakeInputs;

     

       21
       20
        
           settings = {

     

       22
       21
        
             # Don't auto-accept flake-defined nix settings, they're a CVE waiting to happen.

     
···

       58
       57
        
             keep-going = true;

     

       59
       58
        
             # More direnv gc root stuff

     

       60
       59
        
             keep-outputs = true;

     

       61
       61
       -
             # Show fewer log lines from failed builds since I get them from nh

     

       62
       62
       -
             log-lines = 10;

     

       60
       60
       +
             log-lines = 20;

     

       63
       61
        
             # Limit the max amount of builds

     

       64
       62
        
             max-jobs = lib.mkDefault 4;

     

       65
       63
        
             # Extra system features

-1

nixosModules/default-config/programs/default.nix

···

       1
       1
        
       {

     

       2
       2
        
         imports = [

     

       3
       3
        
           ./ssh.nix

     

       4
       4
       -
           ./nh.nix

     

       5
       4
        
         ];

     

       6
       5
        
         programs.fish.enable = true;

     

       7
       6
        
       }

-8

nixosModules/default-config/programs/nh.nix

···

       1
       1
       -
       { pkgs, ... }:

     

       2
       2
       -
       {

     

       3
       3
       -
         programs.nh = {

     

       4
       4
       -
           enable = true;

     

       5
       5
       -
           clean.enable = true;

     

       6
       6
       -
           clean.extraArgs = "-k 5";

     

       7
       7
       -
         };

     

       8
       8
       -
       }

+3 -4

nixosModules/default.nix

···

       1
       1
       -
       {

     

       2
       2
       -
         ...

     

       3
       3
       -
       }:

     

       4
       4
       -
       {

     

       1
       1
       +
       _: {

     

       5
       2
        
         flake.nixosModules = {

     

       6
       3
        
           # Top-level

     

       7
       4
        
           defaultConfig = import ./default-config;

     

       8
       5
        
           defaultUsers = import ./default-users;

     

       9
       6
        
           profiles = import ./profiles;

     

       7
       7
       +
       

     

       8
       8
       +
           dn42Wireguard = import ./dn42Wireguard;

     

       10
       9
        
       

     

       11
       10
        
           # Programs

     

       12
       11
        
           chromium = import ./programs/chromium;

+125

nixosModules/dn42Wireguard/default.nix

···

       1
       1
       +
       {

     

       2
       2
       +
         config,

     

       3
       3
       +
         lib,

     

       4
       4
       +
         pkgs,

     

       5
       5
       +
         ...

     

       6
       6
       +
       }:

     

       7
       7
       +
       let

     

       8
       8
       +
         inherit (lib) types;

     

       9
       9
       +
         cfg = config.networking.dn42.wg;

     

       10
       10
       +
       

     

       11
       11
       +
         tunnelDef = {

     

       12
       12
       +
           options = {

     

       13
       13
       +
             enable = lib.mkOption {

     

       14
       14
       +
               description = "Whether to enable this wireguard tunnel";

     

       15
       15
       +
               type = types.bool;

     

       16
       16
       +
               default = true;

     

       17
       17
       +
               example = false;

     

       18
       18
       +
             };

     

       19
       19
       +
             listenPort = lib.mkOption {

     

       20
       20
       +
               description = "The port this tunnel listens on";

     

       21
       21
       +
               type = types.port;

     

       22
       22
       +
               example = 42000;

     

       23
       23
       +
             };

     

       24
       24
       +
             privateKeyFile = lib.mkOption {

     

       25
       25
       +
               description = "Path to the tunnel's private key";

     

       26
       26
       +
               type = types.nullOr types.path;

     

       27
       27
       +
               example = "/path/to/private/key";

     

       28
       28
       +
               default = null;

     

       29
       29
       +
             };

     

       30
       30
       +
             peerPubKey = lib.mkOption {

     

       31
       31
       +
               description = "Public key of the peer you're connecting to";

     

       32
       32
       +
               type = types.str;

     

       33
       33
       +
               example = "e6kp9sca4XIzncKa9GEQwyOnMjje299Xg9ZdgXWMwHg=";

     

       34
       34
       +
             };

     

       35
       35
       +
             peerEndpoint = lib.mkOption {

     

       36
       36
       +
               description = "The endpoint of the peer you're connecting to";

     

       37
       37
       +
               type = types.str;

     

       38
       38
       +
               example = "example.com:42000";

     

       39
       39
       +
             };

     

       40
       40
       +
             peerAddrs = {

     

       41
       41
       +
               v4 = lib.mkOption {

     

       42
       42
       +
                 description = "The peer IPv4 address to connect to in the tunnel";

     

       43
       43
       +
                 type = types.nullOr types.str;

     

       44
       44
       +
                 example = "192.168.1.1";

     

       45
       45
       +
                 default = null;

     

       46
       46
       +
               };

     

       47
       47
       +
               v6 = lib.mkOption {

     

       48
       48
       +
                 description = "The peer IPv6 address to connect to in the tunnel";

     

       49
       49
       +
                 type = types.nullOr types.str;

     

       50
       50
       +
                 example = "fe80::42";

     

       51
       51
       +
                 default = null;

     

       52
       52
       +
               };

     

       53
       53
       +
             };

     

       54
       54
       +
             localAddrs = {

     

       55
       55
       +
               v4 = lib.mkOption {

     

       56
       56
       +
                 description = "The local IPv4 address to listen on in the tunnel";

     

       57
       57
       +
                 type = types.nullOr types.str;

     

       58
       58
       +
                 example = "192.168.1.1";

     

       59
       59
       +
                 default = null;

     

       60
       60
       +
               };

     

       61
       61
       +
               v6 = lib.mkOption {

     

       62
       62
       +
                 description = "The local IPv6 address to listen on in the tunnel";

     

       63
       63
       +
                 type = types.nullOr types.str;

     

       64
       64
       +
                 example = "fe80::42";

     

       65
       65
       +
                 default = null;

     

       66
       66
       +
               };

     

       67
       67
       +
             };

     

       68
       68
       +
           };

     

       69
       69
       +
         };

     

       70
       70
       +
       in

     

       71
       71
       +
       {

     

       72
       72
       +
         options.networking.dn42.wg = {

     

       73
       73
       +
           tunnelDefaults = lib.mkOption {

     

       74
       74
       +
             description = "The default settings to apply to all tunnels";

     

       75
       75
       +
             type = types.submodule tunnelDef;

     

       76
       76
       +
           };

     

       77
       77
       +
           tunnels = lib.mkOption {

     

       78
       78
       +
             description = "DN42 WireGuard tunnels configuration";

     

       79
       79
       +
             type = types.attrsOf (types.submodule tunnelDef);

     

       80
       80
       +
           };

     

       81
       81
       +
         };

     

       82
       82
       +
         config.networking = {

     

       83
       83
       +
           wireguard.interfaces = lib.mapAttrs' (

     

       84
       84
       +
             name: value:

     

       85
       85
       +
             let

     

       86
       86
       +
               # Merge defaults with tunnel config, right side has priority

     

       87
       87
       +
               # so tunnel config overrides defaults

     

       88
       88
       +
               fc = cfg.tunnelDefaults // (lib.filterAttrs (_: v: v != null) value);

     

       89
       89
       +
             in

     

       90
       90
       +
             lib.nameValuePair "wg42_${name}" {

     

       91
       91
       +
               inherit (fc) listenPort privateKeyFile;

     

       92
       92
       +
               allowedIPsAsRoutes = false;

     

       93
       93
       +
               peers = [

     

       94
       94
       +
                 {

     

       95
       95
       +
                   endpoint = fc.peerEndpoint;

     

       96
       96
       +
                   publicKey = fc.peerPubKey;

     

       97
       97
       +
                   allowedIPs = [

     

       98
       98
       +
                     "0.0.0.0/0"

     

       99
       99
       +
                     "::/0"

     

       100
       100
       +
                   ];

     

       101
       101
       +
                   dynamicEndpointRefreshSeconds = 5;

     

       102
       102
       +
                   persistentKeepalive = 15;

     

       103
       103
       +
                 }

     

       104
       104
       +
               ];

     

       105
       105
       +
               postSetup = ''

     

       106
       106
       +
                 ${lib.optionalString (

     

       107
       107
       +
                   fc.peerAddrs.v4 != null && fc.localAddrs.v4 != null

     

       108
       108
       +
                 ) "${pkgs.iproute2}/bin/ip addr add ${fc.localAddrs.v4} peer ${fc.peerAddrs.v4} dev wg42_${name}"}

     

       109
       109
       +
                 ${lib.optionalString (

     

       110
       110
       +
                   fc.peerAddrs.v6 != null && fc.localAddrs.v6 != null

     

       111
       111
       +
                 ) "${pkgs.iproute2}/bin/ip addr add ${fc.localAddrs.v6} peer ${fc.peerAddrs.v6} dev wg42_${name}"}

     

       112
       112
       +
               '';

     

       113
       113
       +
             }

     

       114
       114
       +
           ) (lib.filterAttrs (_: v: v.enable) cfg.tunnels);

     

       115
       115
       +
           firewall = {

     

       116
       116
       +
             trustedInterfaces = lib.mapAttrsToList (name: _: "wg42_" + name) (lib.filterAttrs (_: v: v.enable) cfg.tunnels);

     

       117
       117
       +
             checkReversePath = false;

     

       118
       118
       +
             extraInputRules = ''

     

       119
       119
       +
               ip saddr 172.20.0.0/14 accept

     

       120
       120
       +
               ip6 saddr fd00::/8 accept

     

       121
       121
       +
               ip6 saddr fe80::/64 accept

     

       122
       122
       +
             '';

     

       123
       123
       +
           };

     

       124
       124
       +
         };

     

       125
       125
       +
       }

+1 -1

nixosModules/homes/pyrox/default.nix

···

       9
       9
        
             inputs.self.homeModules.allModules

     

       10
       10
        
             {

     

       11
       11
        
               home.username = "pyrox";

     

       12
       12
       -
               home.stateVersion = "25.11";

     

       12
       12
       +
               home.stateVersion = "26.05";

     

       13
       13
        
               py.profiles.server.enable = lib.mkDefault true;

     

       14
       14
        
               py.profiles.desktop.enable = lib.mkDefault false;

     

       15
       15
        
             }

+1 -1

nixosModules/homes/thehedgehog/default.nix

···

       9
       9
        
             inputs.self.homeModules.allModules

     

       10
       10
        
             {

     

       11
       11
        
               home.username = "thehedgehog";

     

       12
       12
       -
               home.stateVersion = "25.11";

     

       12
       12
       +
               home.stateVersion = "26.05";

     

       13
       13
        
               py.profiles.server.enable = lib.mkDefault true;

     

       14
       14
        
               py.profiles.desktop.enable = lib.mkDefault false;

     

       15
       15
        
             }

nixosModules/homes/thehedgehog-zaphod/default.nix

···

       2
       2
        
         pkgs,

     

       3
       3
        
         lib,

     

       4
       4
        
         inputs,

     

       5
       5
       +
         self',

     

       5
       6
        
         ...

     

       6
       7
        
       }:

     

       7
       8
        
       let

     
···

       12
       13
        
           home.packages = [

     

       13
       14
        
             pkgs.mindustry

     

       14
       15
        
             pkgs.signal-desktop

     

       16
       16
       +
             self'.packages.glide-browser-bin

     

       15
       17
        
           ];

     

       16
       18
        
           home.sessionVariables = {

     

       17
       19
        
             QT_QPA_PLATFORM = "wayland;xcb";

-2

nixosModules/programs/firefox/extensions.nix

···

       32
       32
        
         "{30280527-c46c-4e03-bb16-2e3ed94fa57c}" = mkAMO "protondb-for-steam";

     

       33
       33
        
         "redirector@einaregilsson.com" = mkAMO "redirector";

     

       34
       34
        
         "{a4c4eda4-fb84-4a84-b4a1-f7c1cbf2a1ad}" = mkAMO "refined-github-";

     

       35
       35
       -
         "{762f9885-5a13-4abd-9c77-433dcd38b8fd}" = mkAMO "return-youtube-dislikes";

     

       36
       36
       -
         "{48748554-4c01-49e8-94af-79662bf34d50}" = mkAMO "privacy-pass";

     

       37
       35
        
         "sponsorBlocker@ajay.app" = mkAMO "sponsorblock";

     

       38
       36
        
         "firefox-extension@steamdb.info" = mkAMO "steam-database";

     

       39
       37
        
         "{7a7a4a92-a2a0-41d1-9fd7-1e92480d612d}" = mkAMO "styl-us" // {

+4 -6

nixosModules/programs/misc/default.nix

···

       38
       38
        
             };

     

       39
       39
        
             wireshark.enable = mkIf cfg.wireshark.enable true;

     

       40
       40
        
           };

     

       41
       41
       -
           environment.systemPackages =

     

       42
       42
       -
             [ ]

     

       43
       43
       -
             ++ lib.optionals cfg.steam.enable [

     

       44
       44
       -
               pkgs.steamtinkerlaunch

     

       45
       45
       -
               pkgs.protonplus

     

       46
       46
       -
             ];

     

       41
       41
       +
           environment.systemPackages = lib.optionals cfg.steam.enable [

     

       42
       42
       +
             pkgs.steamtinkerlaunch

     

       43
       43
       +
             pkgs.protonplus

     

       44
       44
       +
           ];

     

       47
       45
        
         };

     

       48
       46
        
       }

-1

nixosModules/programs/neovim/default.nix

-2

nixosModules/services/forgejo-runner/default.nix

···

       26
       26
        
             };

     

       27
       27
        
             cache = {

     

       28
       28
        
               enabled = true;

     

       29
       29
       -
               dir = "/var/lib/forgejo/runners/cache/";

     

       30
       30
       -
               host = "";

     

       31
       29
        
               port = 0;

     

       32
       30
        
             };

     

       33
       31
        
             container = {

optnix.toml

···

       1
       1
       +
       [scopes.flake-parts]

     

       2
       2
       +
       description = "flake-parts config"

     

       3
       3
       +
       options-list-cmd = "nix eval --json .#debug.options-doc"

     

       4
       4
       +
       evaluator = "nix eval .#debug.config.{{ .Option }}"

+1 -1

overlays/cinny/default.nix

···

       1
       1
       -
       _: final: prev: {

     

       1
       1
       +
       _: _final: prev: {

     

       2
       2
        
         cinny-unwrapped = prev.cinny-unwrapped.overrideAttrs (old: {

     

       3
       3
        
           patches = (old.patches or [ ]) ++ [ ./nix-commands.patch ];

     

       4
       4
        
         });

+1 -1

overlays/hy3-fixes/default.nix

···

       1
       1
       -
       final: prev: {

     

       1
       1
       +
       _final: prev: {

     

       2
       2
        
         hyprlandPlugins = prev.hyprlandPlugins // {

     

       3
       3
        
           hy3 = prev.hyprlandPlugins.hy3.overrideAttrs (old: {

     

       4
       4
        
             patches = (old.patches or [ ]) ++ [

+1 -1

overlays/openssh-fixperms/default.nix

···

       1
       1
       -
       final: prev: {

     

       1
       1
       +
       _final: prev: {

     

       2
       2
        
         openssh-patched = prev.openssh.overrideAttrs (old: {

     

       3
       3
        
           patches = (old.patches or [ ]) ++ [ ./permfix.patch ];

     

       4
       4
        
           doCheck = false;

-20

packages/anubis-files/default.nix

···

       1
       1
       -
       {

     

       2
       2
       -
         stdenv,

     

       3
       3
       -
         ...

     

       4
       4
       -
       }:

     

       5
       5
       -
       stdenv.mkDerivation {

     

       6
       6
       -
         pname = "pyronet-anubis-files";

     

       7
       7
       -
         version = "1.0.0";

     

       8
       8
       -
       

     

       9
       9
       -
         src = ./src;

     

       10
       10
       -
       

     

       11
       11
       -
         buildPhase = ''

     

       12
       12
       -
           substituteInPlace policies/*.yaml \

     

       13
       13
       -
             --replace-fail "CUSTOM" $out/rules

     

       14
       14
       -
         '';

     

       15
       15
       -
       

     

       16
       16
       -
         installPhase = ''

     

       17
       17
       -
           mkdir $out

     

       18
       18
       -
           cp -r * $out/

     

       19
       19
       -
         '';

     

       20
       20
       -
       }

+20

packages/anubis-files/package.nix

···

       1
       1
       +
       {

     

       2
       2
       +
         stdenv,

     

       3
       3
       +
         ...

     

       4
       4
       +
       }:

     

       5
       5
       +
       stdenv.mkDerivation {

     

       6
       6
       +
         pname = "pyronet-anubis-files";

     

       7
       7
       +
         version = "1.0.0";

     

       8
       8
       +
       

     

       9
       9
       +
         src = ./src;

     

       10
       10
       +
       

     

       11
       11
       +
         buildPhase = ''

     

       12
       12
       +
           substituteInPlace policies/*.yaml \

     

       13
       13
       +
             --replace-fail "CUSTOM" $out

     

       14
       14
       +
         '';

     

       15
       15
       +
       

     

       16
       16
       +
         installPhase = ''

     

       17
       17
       +
           mkdir $out

     

       18
       18
       +
           cp -r * $out/

     

       19
       19
       +
         '';

     

       20
       20
       +
       }

+56

packages/anubis-files/src/policies/default.yaml

···

       1
       1
       +
       bots:

     

       2
       2
       +
         - import: CUSTOM/policies/meta/base.yaml

     

       3
       3
       +
       dnsbl: false

     

       4
       4
       +
       openGraph:

     

       5
       5
       +
         enabled: true

     

       6
       6
       +
         considerHost: false

     

       7
       7
       +
         ttl: 24h

     

       8
       8
       +
       status_codes:

     

       9
       9
       +
         CHALLENGE: 200

     

       10
       10
       +
         DENY: 200

     

       11
       11
       +
       thresholds:

     

       12
       12
       +
         - name: minimal-suspicion

     

       13
       13
       +
           expression: weight <= 0

     

       14
       14
       +
           action: ALLOW

     

       15
       15
       +
         - name: mild-suspicion

     

       16
       16
       +
           expression:

     

       17
       17
       +
             all:

     

       18
       18
       +
               - weight > 0

     

       19
       19
       +
               - weight < 10

     

       20
       20
       +
           action: CHALLENGE

     

       21
       21
       +
           challenge:

     

       22
       22
       +
             # https://anubis.techaro.lol/docs/admin/configuration/challenges/metarefresh

     

       23
       23
       +
             algorithm: metarefresh

     

       24
       24
       +
             difficulty: 1

     

       25
       25
       +
             report_as: 1

     

       26
       26
       +
         - name: moderate-suspicion

     

       27
       27
       +
           expression:

     

       28
       28
       +
             all:

     

       29
       29
       +
               - weight >= 10

     

       30
       30
       +
               - weight < 20

     

       31
       31
       +
           action: CHALLENGE

     

       32
       32
       +
           challenge:

     

       33
       33
       +
             # https://anubis.techaro.lol/docs/admin/configuration/challenges/proof-of-work

     

       34
       34
       +
             algorithm: fast

     

       35
       35
       +
             difficulty: 2 # two leading zeros, very fast for most clients

     

       36
       36
       +
             report_as: 2

     

       37
       37
       +
         - name: mild-proof-of-work

     

       38
       38
       +
           expression:

     

       39
       39
       +
             all:

     

       40
       40
       +
               - weight >= 20

     

       41
       41
       +
               - weight < 30

     

       42
       42
       +
           action: CHALLENGE

     

       43
       43
       +
           challenge:

     

       44
       44
       +
             # https://anubis.techaro.lol/docs/admin/configuration/challenges/proof-of-work

     

       45
       45
       +
             algorithm: fast

     

       46
       46
       +
             difficulty: 4

     

       47
       47
       +
             report_as: 4

     

       48
       48
       +
         # For clients that are browser like and have gained many points from custom rules

     

       49
       49
       +
         - name: extreme-suspicion

     

       50
       50
       +
           expression: weight >= 30

     

       51
       51
       +
           action: CHALLENGE

     

       52
       52
       +
           challenge:

     

       53
       53
       +
             # https://anubis.techaro.lol/docs/admin/configuration/challenges/proof-of-work

     

       54
       54
       +
             algorithm: fast

     

       55
       55
       +
             difficulty: 6

     

       56
       56
       +
             report_as: 5

+59 -6

packages/anubis-files/src/policies/forgejo.yaml

···

       1
       1
        
       bots:

     

       2
       2
       -
         - import: (data)/bots/ai-robots-txt.yaml

     

       3
       3
       -
         - import: CUSTOM/block/alibaba-cloud.yaml

     

       2
       2
       +
         - import: CUSTOM/policies/meta/base.yaml

     

       4
       3
        
         - import: (data)/clients/git.yaml

     

       5
       5
       -
         - import: (data)/common/keep-internet-working.yaml

     

       6
       4
        
         - import: (data)/apps/gitea-rss-feeds.yaml

     

       7
       7
       -
         - import: (data)/crawlers/internet-archive.yaml

     

       8
       8
       -
         - import: (data)/crawlers/kagibot.yaml

     

       9
       9
       -
         - import: CUSTOM/challenge/generic-browser.yaml

     

       5
       5
       +
       

     

       6
       6
       +
         # Allow forgejo runner connections from localhost and tailscale

     

       7
       7
       +
         - name: forgejo-runner

     

       8
       8
       +
           user_agent_regex: connect-go

     

       9
       9
       +
           action: ALLOW

     

       10
       10
        
       

     

       11
       11
        
       dnsbl: false

     

       12
       12
       +
       openGraph:

     

       13
       13
       +
         enabled: true

     

       14
       14
       +
         considerHost: false

     

       15
       15
       +
         ttl: 24h

     

       16
       16
       +
       status_codes:

     

       17
       17
       +
         CHALLENGE: 200

     

       18
       18
       +
         DENY: 200

     

       19
       19
       +
       thresholds:

     

       20
       20
       +
         - name: minimal-suspicion

     

       21
       21
       +
           expression: weight <= 0

     

       22
       22
       +
           action: ALLOW

     

       23
       23
       +
         - name: mild-suspicion

     

       24
       24
       +
           expression:

     

       25
       25
       +
             all:

     

       26
       26
       +
               - weight > 0

     

       27
       27
       +
               - weight < 10

     

       28
       28
       +
           action: CHALLENGE

     

       29
       29
       +
           challenge:

     

       30
       30
       +
             # https://anubis.techaro.lol/docs/admin/configuration/challenges/metarefresh

     

       31
       31
       +
             algorithm: metarefresh

     

       32
       32
       +
             difficulty: 1

     

       33
       33
       +
             report_as: 1

     

       34
       34
       +
         - name: moderate-suspicion

     

       35
       35
       +
           expression:

     

       36
       36
       +
             all:

     

       37
       37
       +
               - weight >= 10

     

       38
       38
       +
               - weight < 20

     

       39
       39
       +
           action: CHALLENGE

     

       40
       40
       +
           challenge:

     

       41
       41
       +
             # https://anubis.techaro.lol/docs/admin/configuration/challenges/proof-of-work

     

       42
       42
       +
             algorithm: fast

     

       43
       43
       +
             difficulty: 2 # two leading zeros, very fast for most clients

     

       44
       44
       +
             report_as: 2

     

       45
       45
       +
         - name: mild-proof-of-work

     

       46
       46
       +
           expression:

     

       47
       47
       +
             all:

     

       48
       48
       +
               - weight >= 20

     

       49
       49
       +
               - weight < 30

     

       50
       50
       +
           action: CHALLENGE

     

       51
       51
       +
           challenge:

     

       52
       52
       +
             # https://anubis.techaro.lol/docs/admin/configuration/challenges/proof-of-work

     

       53
       53
       +
             algorithm: fast

     

       54
       54
       +
             difficulty: 4

     

       55
       55
       +
             report_as: 4

     

       56
       56
       +
         # For clients that are browser like and have gained many points from custom rules

     

       57
       57
       +
         - name: extreme-suspicion

     

       58
       58
       +
           expression: weight >= 30

     

       59
       59
       +
           action: CHALLENGE

     

       60
       60
       +
           challenge:

     

       61
       61
       +
             # https://anubis.techaro.lol/docs/admin/configuration/challenges/proof-of-work

     

       62
       62
       +
             algorithm: fast

     

       63
       63
       +
             difficulty: 6

     

       64
       64
       +
             report_as: 5

-7

packages/anubis-files/src/policies/grafana.yaml

···

       1
       1
       -
       bots:

     

       2
       2
       -
         - import: (data)/bots/ai-robots-txt.yaml

     

       3
       3
       -
         - import: CUSTOM/block/alibaba-cloud.yaml

     

       4
       4
       -
         - import: (data)/common/keep-internet-working.yaml

     

       5
       5
       -
         - import: CUSTOM/challenge/generic-browser.yaml

     

       6
       6
       -
       

     

       7
       7
       -
       dnsbl: false

+54

packages/anubis-files/src/policies/meta/base.yaml

···

       1
       1
       +
       # keep-sorted start

     

       2
       2
       +
       - import: (data)/bots/_deny-pathological.yaml

     

       3
       3
       +
       - import: (data)/bots/aggressive-brazilian-scrapers.yaml

     

       4
       4
       +
       - import: (data)/clients/x-firefox-ai.yaml

     

       5
       5
       +
       - import: (data)/common/keep-internet-working.yaml

     

       6
       6
       +
       - import: (data)/common/rfc-violations.yaml

     

       7
       7
       +
       - import: (data)/crawlers/_allow-good.yaml

     

       8
       8
       +
       - import: (data)/meta/ai-block-aggressive.yaml

     

       9
       9
       +
       # keep-sorted end

     

       10
       10
       +
       - name: realistic-browser-catchall

     

       11
       11
       +
         expression:

     

       12
       12
       +
           all:

     

       13
       13
       +
             - '"User-Agent" in headers'

     

       14
       14
       +
             - '( userAgent.contains("Firefox") ) || ( userAgent.contains("Chrome") ) || ( userAgent.contains("Safari") )'

     

       15
       15
       +
             - '"Accept" in headers'

     

       16
       16
       +
             - '"Sec-Fetch-Dest" in headers'

     

       17
       17
       +
             - '"Sec-Fetch-Mode" in headers'

     

       18
       18
       +
             - '"Sec-Fetch-Site" in headers'

     

       19
       19
       +
             - '"Accept-Encoding" in headers'

     

       20
       20
       +
             - '( headers["Accept-Encoding"].contains("zstd") || headers["Accept-Encoding"].contains("br") )'

     

       21
       21
       +
             - '"Accept-Language" in headers'

     

       22
       22
       +
         action: WEIGH

     

       23
       23
       +
         weight:

     

       24
       24
       +
           adjust: -10

     

       25
       25
       +
           # The Upgrade-Insecure-Requests header is typically sent by browsers, but not always

     

       26
       26
       +
       - name: upgrade-insecure-requests

     

       27
       27
       +
         expression: '"Upgrade-Insecure-Requests" in headers'

     

       28
       28
       +
         action: WEIGH

     

       29
       29
       +
         weight:

     

       30
       30
       +
           adjust: -2

     

       31
       31
       +
       # Chrome should behave like Chrome

     

       32
       32
       +
       - name: chrome-is-proper

     

       33
       33
       +
         expression:

     

       34
       34
       +
           all:

     

       35
       35
       +
             - userAgent.contains("Chrome")

     

       36
       36
       +
             - '"Sec-Ch-Ua" in headers'

     

       37
       37
       +
             - 'headers["Sec-Ch-Ua"].contains("Chromium")'

     

       38
       38
       +
             - '"Sec-Ch-Ua-Mobile" in headers'

     

       39
       39
       +
             - '"Sec-Ch-Ua-Platform" in headers'

     

       40
       40
       +
         action: WEIGH

     

       41
       41
       +
         weight:

     

       42
       42
       +
           adjust: -5

     

       43
       43
       +
       - name: should-have-accept

     

       44
       44
       +
         expression: '!("Accept" in headers)'

     

       45
       45
       +
         action: WEIGH

     

       46
       46
       +
         weight:

     

       47
       47
       +
           adjust: 5

     

       48
       48
       +
       # Generic catchall rule

     

       49
       49
       +
       - name: generic-browser

     

       50
       50
       +
         user_agent_regex: >-

     

       51
       51
       +
           Mozilla|Opera|Chrome|Chromium

     

       52
       52
       +
         action: WEIGH

     

       53
       53
       +
         weight:

     

       54
       54
       +
           adjust: 10

packages/anubis-files/src/policies/meta/openGraph.yaml

This is a binary file and will not be displayed.

-7

packages/anubis-files/src/policies/miniflux.yaml

···

       1
       1
       -
       bots:

     

       2
       2
       -
         - import: (data)/bots/ai-robots-txt.yaml

     

       3
       3
       -
         - import: CUSTOM/block/alibaba-cloud.yaml

     

       4
       4
       -
         - import: (data)/common/keep-internet-working.yaml

     

       5
       5
       -
         - import: CUSTOM/challenge/generic-browser.yaml

     

       6
       6
       -
       

     

       7
       7
       -
       dnsbl: false

+50 -7

packages/anubis-files/src/policies/nextcloud-office.yaml

···

       1
       1
        
       bots:

     

       2
       2
       -
         - import: (data)/bots/ai-robots-txt.yaml

     

       3
       3
       -
         - import: CUSTOM/block/alibaba-cloud.yaml

     

       4
       4
       -
       

     

       2
       2
       +
         - import: CUSTOM/policies/meta/base.yaml

     

       5
       3
        
         # Allow requests from the nextcloud server to bypass checks

     

       6
       4
        
         - name: allow-nextcloud-server

     

       7
       5
        
           user_agent_regex: ^Nextcloud Server / richdocuments$

     

       8
       6
        
           action: ALLOW

     

       9
       9
       -
       

     

       10
       10
       -
         - import: (data)/common/keep-internet-working.yaml

     

       11
       11
       -
         - import: CUSTOM/challenge/generic-browser.yaml

     

       12
       12
       -
       

     

       13
       7
        
       dnsbl: false

     

       8
       8
       +
       status_codes:

     

       9
       9
       +
         CHALLENGE: 200

     

       10
       10
       +
         DENY: 200

     

       11
       11
       +
       thresholds:

     

       12
       12
       +
         - name: minimal-suspicion

     

       13
       13
       +
           expression: weight <= 0

     

       14
       14
       +
           action: ALLOW

     

       15
       15
       +
         - name: mild-suspicion

     

       16
       16
       +
           expression:

     

       17
       17
       +
             all:

     

       18
       18
       +
               - weight > 0

     

       19
       19
       +
               - weight < 10

     

       20
       20
       +
           action: CHALLENGE

     

       21
       21
       +
           challenge:

     

       22
       22
       +
             # https://anubis.techaro.lol/docs/admin/configuration/challenges/metarefresh

     

       23
       23
       +
             algorithm: metarefresh

     

       24
       24
       +
             difficulty: 1

     

       25
       25
       +
             report_as: 1

     

       26
       26
       +
         - name: moderate-suspicion

     

       27
       27
       +
           expression:

     

       28
       28
       +
             all:

     

       29
       29
       +
               - weight >= 10

     

       30
       30
       +
               - weight < 20

     

       31
       31
       +
           action: CHALLENGE

     

       32
       32
       +
           challenge:

     

       33
       33
       +
             # https://anubis.techaro.lol/docs/admin/configuration/challenges/proof-of-work

     

       34
       34
       +
             algorithm: fast

     

       35
       35
       +
             difficulty: 2 # two leading zeros, very fast for most clients

     

       36
       36
       +
             report_as: 2

     

       37
       37
       +
         - name: mild-proof-of-work

     

       38
       38
       +
           expression:

     

       39
       39
       +
             all:

     

       40
       40
       +
               - weight >= 20

     

       41
       41
       +
               - weight < 30

     

       42
       42
       +
           action: CHALLENGE

     

       43
       43
       +
           challenge:

     

       44
       44
       +
             # https://anubis.techaro.lol/docs/admin/configuration/challenges/proof-of-work

     

       45
       45
       +
             algorithm: fast

     

       46
       46
       +
             difficulty: 4

     

       47
       47
       +
             report_as: 4

     

       48
       48
       +
         # For clients that are browser like and have gained many points from custom rules

     

       49
       49
       +
         - name: extreme-suspicion

     

       50
       50
       +
           expression: weight >= 30

     

       51
       51
       +
           action: CHALLENGE

     

       52
       52
       +
           challenge:

     

       53
       53
       +
             # https://anubis.techaro.lol/docs/admin/configuration/challenges/proof-of-work

     

       54
       54
       +
             algorithm: fast

     

       55
       55
       +
             difficulty: 6

     

       56
       56
       +
             report_as: 5

+54 -12

packages/anubis-files/src/policies/nextcloud.yaml

···

       1
       1
        
       bots:

     

       2
       2
       -
         # Block scrapers and abusive cloud providers

     

       3
       3
       -
         - import: (data)/bots/ai-robots-txt.yaml

     

       4
       4
       -
         - import: CUSTOM/block/alibaba-cloud.yaml

     

       5
       5
       -
       

     

       2
       2
       +
         - import: CUSTOM/policies/meta/base.yaml

     

       6
       3
        
         # Allow android apps that I use

     

       7
       4
        
         - name: allow-android-apps

     

       8
       5
        
           user_agent_regex: Nextcloud-android|DAVx5|ICSx5

     

       9
       6
        
           action: ALLOW

     

       10
       10
       -
       

     

       11
       7
        
         # Allow the Thunderbird Filelink app

     

       12
       8
        
         - name: allow-thunderbird-filelink

     

       13
       9
        
           user_agent_regex: ^Filelink for \*cloud.*$

     

       14
       10
        
           action: ALLOW

     

       15
       15
       -
       

     

       16
       11
        
         # Allow anyone accessing the **authenticated** DAV endpoint.

     

       17
       12
        
         - name: allow-dav

     

       18
       13
        
           path_regex: ^/remote.php/dav/.*$

     

       19
       14
        
           action: ALLOW

     

       20
       20
       -
       

     

       21
       15
        
         # Allow public shares so that I can more easily send them

     

       22
       16
        
         - name: allow-public-shares

     

       23
       17
        
           path_regex: ^/s/.*$

     

       24
       18
        
           action: ALLOW

     

       25
       25
       -
       

     

       26
       19
        
         # Allow clients to load assets to not break public shares

     

       27
       20
        
         - name: allow-assets

     

       28
       21
        
           action: ALLOW

     
···

       39
       32
        
               - 'path.startsWith("/apps/theming/")'

     

       40
       33
        
               # Public DAV endpoint

     

       41
       34
        
               - 'path.startsWith("/public.php/dav/files/")'

     

       42
       42
       -
       

     

       43
       43
       -
         - import: (data)/common/keep-internet-working.yaml

     

       44
       44
       -
         - import: CUSTOM/challenge/generic-browser.yaml

     

       45
       45
       -
       

     

       46
       35
        
       dnsbl: false

     

       36
       36
       +
       openGraph:

     

       37
       37
       +
         enabled: true

     

       38
       38
       +
         considerHost: false

     

       39
       39
       +
         ttl: 24h

     

       40
       40
       +
       status_codes:

     

       41
       41
       +
         CHALLENGE: 200

     

       42
       42
       +
         DENY: 200

     

       43
       43
       +
       thresholds:

     

       44
       44
       +
         - name: minimal-suspicion

     

       45
       45
       +
           expression: weight <= 0

     

       46
       46
       +
           action: ALLOW

     

       47
       47
       +
         - name: mild-suspicion

     

       48
       48
       +
           expression:

     

       49
       49
       +
             all:

     

       50
       50
       +
               - weight > 0

     

       51
       51
       +
               - weight < 10

     

       52
       52
       +
           action: CHALLENGE

     

       53
       53
       +
           challenge:

     

       54
       54
       +
             # https://anubis.techaro.lol/docs/admin/configuration/challenges/metarefresh

     

       55
       55
       +
             algorithm: metarefresh

     

       56
       56
       +
             difficulty: 1

     

       57
       57
       +
             report_as: 1

     

       58
       58
       +
         - name: moderate-suspicion

     

       59
       59
       +
           expression:

     

       60
       60
       +
             all:

     

       61
       61
       +
               - weight >= 10

     

       62
       62
       +
               - weight < 20

     

       63
       63
       +
           action: CHALLENGE

     

       64
       64
       +
           challenge:

     

       65
       65
       +
             # https://anubis.techaro.lol/docs/admin/configuration/challenges/proof-of-work

     

       66
       66
       +
             algorithm: fast

     

       67
       67
       +
             difficulty: 2 # two leading zeros, very fast for most clients

     

       68
       68
       +
             report_as: 2

     

       69
       69
       +
         - name: mild-proof-of-work

     

       70
       70
       +
           expression:

     

       71
       71
       +
             all:

     

       72
       72
       +
               - weight >= 20

     

       73
       73
       +
               - weight < 30

     

       74
       74
       +
           action: CHALLENGE

     

       75
       75
       +
           challenge:

     

       76
       76
       +
             # https://anubis.techaro.lol/docs/admin/configuration/challenges/proof-of-work

     

       77
       77
       +
             algorithm: fast

     

       78
       78
       +
             difficulty: 4

     

       79
       79
       +
             report_as: 4

     

       80
       80
       +
         # For clients that are browser like and have gained many points from custom rules

     

       81
       81
       +
         - name: extreme-suspicion

     

       82
       82
       +
           expression: weight >= 30

     

       83
       83
       +
           action: CHALLENGE

     

       84
       84
       +
           challenge:

     

       85
       85
       +
             # https://anubis.techaro.lol/docs/admin/configuration/challenges/proof-of-work

     

       86
       86
       +
             algorithm: fast

     

       87
       87
       +
             difficulty: 6

     

       88
       88
       +
             report_as: 5

-7

packages/anubis-files/src/policies/pingvin-share.yaml

···

       1
       1
       -
       bots:

     

       2
       2
       -
         - import: (data)/bots/ai-robots-txt.yaml

     

       3
       3
       -
         - import: CUSTOM/block/alibaba-cloud.yaml

     

       4
       4
       -
         - import: (data)/common/keep-internet-working.yaml

     

       5
       5
       -
         - import: CUSTOM/challenge/generic-browser.yaml

     

       6
       6
       -
       

     

       7
       7
       -
       dnsbl: false

-7

packages/anubis-files/src/policies/planka.yaml

···

       1
       1
       -
       bots:

     

       2
       2
       -
         - import: (data)/bots/ai-robots-txt.yaml

     

       3
       3
       -
         - import: CUSTOM/block/alibaba-cloud.yaml

     

       4
       4
       -
         - import: (data)/common/keep-internet-working.yaml

     

       5
       5
       -
         - import: CUSTOM/challenge/generic-browser.yaml

     

       6
       6
       -
       

     

       7
       7
       -
       dnsbl: false

-7

packages/anubis-files/src/policies/pocket-id.yaml

···

       1
       1
       -
       bots:

     

       2
       2
       -
         - import: (data)/bots/ai-robots-txt.yaml

     

       3
       3
       -
         - import: CUSTOM/block/alibaba-cloud.yaml

     

       4
       4
       -
         - import: (data)/common/keep-internet-working.yaml

     

       5
       5
       -
         - import: CUSTOM/challenge/generic-browser.yaml

     

       6
       6
       -
       

     

       7
       7
       -
       dnsbl: false

+54 -7

packages/anubis-files/src/policies/vaultwarden.yaml

···

       1
       1
        
       bots:

     

       2
       2
       -
         - import: (data)/bots/ai-robots-txt.yaml

     

       3
       3
       -
         - import: CUSTOM/block/alibaba-cloud.yaml

     

       4
       4
       -
       

     

       2
       2
       +
         - import: CUSTOM/policies/meta/base.yaml

     

       5
       3
        
         # Allow bitwarden apps

     

       6
       4
        
         - name: allow-bitwarden-mobile

     

       7
       5
        
           user_agent_regex: Bitwarden_Mobile

     
···

       9
       7
        
         - name: allow-bitwarden-webext

     

       10
       8
        
           user_agent_regex: Mozilla

     

       11
       9
        
           action: ALLOW

     

       12
       12
       -
       

     

       13
       13
       -
         - import: (data)/common/keep-internet-working.yaml

     

       14
       14
       -
         - import: CUSTOM/challenge/generic-browser.yaml

     

       15
       15
       -
       

     

       16
       10
        
       dnsbl: false

     

       11
       11
       +
       openGraph:

     

       12
       12
       +
         enabled: true

     

       13
       13
       +
         considerHost: false

     

       14
       14
       +
         ttl: 24h

     

       15
       15
       +
       status_codes:

     

       16
       16
       +
         CHALLENGE: 200

     

       17
       17
       +
         DENY: 200

     

       18
       18
       +
       thresholds:

     

       19
       19
       +
         - name: minimal-suspicion

     

       20
       20
       +
           expression: weight <= 0

     

       21
       21
       +
           action: ALLOW

     

       22
       22
       +
         - name: mild-suspicion

     

       23
       23
       +
           expression:

     

       24
       24
       +
             all:

     

       25
       25
       +
               - weight > 0

     

       26
       26
       +
               - weight < 10

     

       27
       27
       +
           action: CHALLENGE

     

       28
       28
       +
           challenge:

     

       29
       29
       +
             # https://anubis.techaro.lol/docs/admin/configuration/challenges/metarefresh

     

       30
       30
       +
             algorithm: metarefresh

     

       31
       31
       +
             difficulty: 1

     

       32
       32
       +
             report_as: 1

     

       33
       33
       +
         - name: moderate-suspicion

     

       34
       34
       +
           expression:

     

       35
       35
       +
             all:

     

       36
       36
       +
               - weight >= 10

     

       37
       37
       +
               - weight < 20

     

       38
       38
       +
           action: CHALLENGE

     

       39
       39
       +
           challenge:

     

       40
       40
       +
             # https://anubis.techaro.lol/docs/admin/configuration/challenges/proof-of-work

     

       41
       41
       +
             algorithm: fast

     

       42
       42
       +
             difficulty: 2 # two leading zeros, very fast for most clients

     

       43
       43
       +
             report_as: 2

     

       44
       44
       +
         - name: mild-proof-of-work

     

       45
       45
       +
           expression:

     

       46
       46
       +
             all:

     

       47
       47
       +
               - weight >= 20

     

       48
       48
       +
               - weight < 30

     

       49
       49
       +
           action: CHALLENGE

     

       50
       50
       +
           challenge:

     

       51
       51
       +
             # https://anubis.techaro.lol/docs/admin/configuration/challenges/proof-of-work

     

       52
       52
       +
             algorithm: fast

     

       53
       53
       +
             difficulty: 4

     

       54
       54
       +
             report_as: 4

     

       55
       55
       +
         # For clients that are browser like and have gained many points from custom rules

     

       56
       56
       +
         - name: extreme-suspicion

     

       57
       57
       +
           expression: weight >= 30

     

       58
       58
       +
           action: CHALLENGE

     

       59
       59
       +
           challenge:

     

       60
       60
       +
             # https://anubis.techaro.lol/docs/admin/configuration/challenges/proof-of-work

     

       61
       61
       +
             algorithm: fast

     

       62
       62
       +
             difficulty: 6

     

       63
       63
       +
             report_as: 5

-828

packages/anubis-files/src/rules/block/alibaba-cloud.yaml

···

       1
       1
       -
       - name: alibaba-cloud

     

       2
       2
       -
         action: DENY

     

       3
       3
       -
         remote_addresses:

     

       4
       4
       -
           [

     

       5
       5
       -
             "45.196.28.0/24",

     

       6
       6
       -
             "161.117.128.0/17",

     

       7
       7
       -
             "8.209.42.0/23",

     

       8
       8
       -
             "47.89.125.0/24",

     

       9
       9
       -
             "8.222.48.0/20",

     

       10
       10
       -
             "47.79.16.0/21",

     

       11
       11
       -
             "149.129.16.0/23",

     

       12
       12
       -
             "8.212.0.0/17",

     

       13
       13
       -
             "47.89.0.0/19",

     

       14
       14
       -
             "47.240.128.0/17",

     

       15
       15
       -
             "8.213.176.0/20",

     

       16
       16
       -
             "47.77.8.0/22",

     

       17
       17
       -
             "47.79.96.0/19",

     

       18
       18
       -
             "47.246.198.0/23",

     

       19
       19
       -
             "47.91.128.0/17",

     

       20
       20
       -
             "47.89.104.0/21",

     

       21
       21
       -
             "47.89.102.0/24",

     

       22
       22
       -
             "8.222.96.0/19",

     

       23
       23
       -
             "170.33.31.0/24",

     

       24
       24
       -
             "8.215.168.0/24",

     

       25
       25
       -
             "8.222.40.0/21",

     

       26
       26
       -
             "47.235.1.0/24",

     

       27
       27
       -
             "240b:400f::/32",

     

       28
       28
       -
             "170.33.32.0/24",

     

       29
       29
       -
             "8.208.0.0/18",

     

       30
       30
       -
             "47.79.24.0/21",

     

       31
       31
       -
             "47.91.16.0/20",

     

       32
       32
       -
             "47.252.0.0/17",

     

       33
       33
       -
             "8.213.176.0/21",

     

       34
       34
       -
             "8.212.0.0/18",

     

       35
       35
       -
             "8.211.192.0/18",

     

       36
       36
       -
             "47.79.54.0/23",

     

       37
       37
       -
             "47.235.18.0/24",

     

       38
       38
       -
             "47.88.0.0/17",

     

       39
       39
       -
             "43.96.21.0/24",

     

       40
       40
       -
             "47.235.22.0/24",

     

       41
       41
       -
             "240b:4001::/33",

     

       42
       42
       -
             "47.79.64.0/20",

     

       43
       43
       -
             "139.95.4.0/23",

     

       44
       44
       -
             "47.254.128.0/19",

     

       45
       45
       -
             "47.81.64.0/18",

     

       46
       46
       -
             "47.77.128.0/18",

     

       47
       47
       -
             "240b:4009::/33",

     

       48
       48
       -
             "47.246.90.0/23",

     

       49
       49
       -
             "47.89.32.0/19",

     

       50
       50
       -
             "205.204.125.0/24",

     

       51
       51
       -
             "47.79.56.0/23",

     

       52
       52
       -
             "240b:400c:100::/41",

     

       53
       53
       -
             "47.235.26.0/23",

     

       54
       54
       -
             "8.209.64.0/19",

     

       55
       55
       -
             "8.222.16.0/20",

     

       56
       56
       -
             "47.235.12.0/23",

     

       57
       57
       -
             "116.251.64.0/18",

     

       58
       58
       -
             "139.95.64.0/24",

     

       59
       59
       -
             "47.235.31.0/24",

     

       60
       60
       -
             "8.208.32.0/19",

     

       61
       61
       -
             "240b:400c:f00::/48",

     

       62
       62
       -
             "47.235.6.0/24",

     

       63
       63
       -
             "47.246.160.0/21",

     

       64
       64
       -
             "47.246.196.0/22",

     

       65
       65
       -
             "2404:2280:3000::/37",

     

       66
       66
       -
             "47.74.0.0/21",

     

       67
       67
       -
             "240b:4007:8000::/33",

     

       68
       68
       -
             "47.91.0.0/20",

     

       69
       69
       -
             "2400:3200:baba::/48",

     

       70
       70
       -
             "198.11.137.0/24",

     

       71
       71
       -
             "47.84.168.0/21",

     

       72
       72
       -
             "240b:4006:1020::/44",

     

       73
       73
       -
             "149.129.192.0/18",

     

       74
       74
       -
             "8.219.40.0/21",

     

       75
       75
       -
             "43.96.3.0/24",

     

       76
       76
       -
             "240b:4004::/32",

     

       77
       77
       -
             "47.77.64.0/20",

     

       78
       78
       -
             "47.83.48.0/21",

     

       79
       79
       -
             "47.77.104.0/21",

     

       80
       80
       -
             "240b:4001:8000::/33",

     

       81
       81
       -
             "43.96.5.0/24",

     

       82
       82
       -
             "240b:400c:180::/41",

     

       83
       83
       -
             "43.96.25.0/24",

     

       84
       84
       -
             "47.77.96.0/21",

     

       85
       85
       -
             "8.211.160.0/19",

     

       86
       86
       -
             "47.245.32.0/19",

     

       87
       87
       -
             "8.215.0.0/16",

     

       88
       88
       -
             "47.79.32.0/20",

     

       89
       89
       -
             "8.213.160.0/21",

     

       90
       90
       -
             "47.74.0.0/19",

     

       91
       91
       -
             "43.96.4.0/24",

     

       92
       92
       -
             "170.33.75.0/24",

     

       93
       93
       -
             "8.211.128.0/18",

     

       94
       94
       -
             "8.217.0.0/16",

     

       95
       95
       -
             "47.81.0.0/19",

     

       96
       96
       -
             "47.82.96.0/19",

     

       97
       97
       -
             "47.83.56.0/21",

     

       98
       98
       -
             "203.107.64.0/24",

     

       99
       99
       -
             "240b:4006:1020::/45",

     

       100
       100
       -
             "240b:4004::/33",

     

       101
       101
       -
             "47.242.0.0/15",

     

       102
       102
       -
             "47.80.128.0/17",

     

       103
       103
       -
             "8.215.0.0/17",

     

       104
       104
       -
             "240b:4000::/32",

     

       105
       105
       -
             "47.246.192.0/23",

     

       106
       106
       -
             "47.246.176.0/21",

     

       107
       107
       -
             "8.212.224.0/19",

     

       108
       108
       -
             "47.90.0.0/17",

     

       109
       109
       -
             "170.33.107.0/24",

     

       110
       110
       -
             "47.237.32.0/20",

     

       111
       111
       -
             "47.240.0.0/16",

     

       112
       112
       -
             "47.253.0.0/16",

     

       113
       113
       -
             "161.117.0.0/16",

     

       114
       114
       -
             "47.77.12.0/22",

     

       115
       115
       -
             "47.88.128.0/17",

     

       116
       116
       -
             "8.220.147.0/24",

     

       117
       117
       -
             "47.236.0.0/16",

     

       118
       118
       -
             "149.129.192.0/19",

     

       119
       119
       -
             "170.33.73.0/24",

     

       120
       120
       -
             "47.87.160.0/19",

     

       121
       121
       -
             "47.79.0.0/20",

     

       122
       122
       -
             "47.246.153.0/24",

     

       123
       123
       -
             "47.235.29.0/24",

     

       124
       124
       -
             "47.81.128.0/18",

     

       125
       125
       -
             "43.96.35.0/24",

     

       126
       126
       -
             "8.212.128.0/18",

     

       127
       127
       -
             "8.219.0.0/16",

     

       128
       128
       -
             "47.246.155.0/24",

     

       129
       129
       -
             "8.216.64.0/18",

     

       130
       130
       -
             "8.213.253.0/24",

     

       131
       131
       -
             "8.220.116.0/24",

     

       132
       132
       -
             "8.222.128.0/18",

     

       133
       133
       -
             "240b:400e:8000::/33",

     

       134
       134
       -
             "43.96.33.0/24",

     

       135
       135
       -
             "47.77.192.0/18",

     

       136
       136
       -
             "47.81.32.0/19",

     

       137
       137
       -
             "47.77.8.0/21",

     

       138
       138
       -
             "47.79.16.0/20",

     

       139
       139
       -
             "240b:400f:8000::/33",

     

       140
       140
       -
             "47.246.145.0/24",

     

       141
       141
       -
             "47.88.128.0/18",

     

       142
       142
       -
             "170.33.104.0/24",

     

       143
       143
       -
             "8.219.0.0/17",

     

       144
       144
       -
             "47.82.0.0/18",

     

       145
       145
       -
             "139.95.10.0/23",

     

       146
       146
       -
             "47.238.0.0/16",

     

       147
       147
       -
             "240b:4006:1002::/47",

     

       148
       148
       -
             "8.221.188.0/22",

     

       149
       149
       -
             "8.213.251.0/24",

     

       150
       150
       -
             "47.254.192.0/19",

     

       151
       151
       -
             "47.79.32.0/21",

     

       152
       152
       -
             "8.212.128.0/19",

     

       153
       153
       -
             "47.246.83.0/24",

     

       154
       154
       -
             "47.87.64.0/19",

     

       155
       155
       -
             "8.222.192.0/18",

     

       156
       156
       -
             "170.33.68.0/24",

     

       157
       157
       -
             "240b:400c:f01::/48",

     

       158
       158
       -
             "170.33.136.0/24",

     

       159
       159
       -
             "2400:b200:4101::/48",

     

       160
       160
       -
             "2401:8680:4100::/48",

     

       161
       161
       -
             "240b:400c::/32",

     

       162
       162
       -
             "47.89.92.0/22",

     

       163
       163
       -
             "8.223.128.0/18",

     

       164
       164
       -
             "47.89.124.0/23",

     

       165
       165
       -
             "47.74.32.0/19",

     

       166
       166
       -
             "47.244.0.0/17",

     

       167
       167
       -
             "43.96.80.0/24",

     

       168
       168
       -
             "8.211.104.0/21",

     

       169
       169
       -
             "8.213.224.0/19",

     

       170
       170
       -
             "47.86.0.0/17",

     

       171
       171
       -
             "8.222.64.0/21",

     

       172
       172
       -
             "240b:400e::/33",

     

       173
       173
       -
             "161.117.143.0/24",

     

       174
       174
       -
             "47.246.152.0/23",

     

       175
       175
       -
             "47.246.93.0/24",

     

       176
       176
       -
             "240b:4006:1010::/45",

     

       177
       177
       -
             "47.254.224.0/19",

     

       178
       178
       -
             "8.209.40.0/22",

     

       179
       179
       -
             "149.129.64.0/18",

     

       180
       180
       -
             "43.96.20.0/24",

     

       181
       181
       -
             "240b:4000:8000::/33",

     

       182
       182
       -
             "47.251.0.0/16",

     

       183
       183
       -
             "240b:4002::/32",

     

       184
       184
       -
             "8.222.16.0/21",

     

       185
       185
       -
             "203.107.66.0/24",

     

       186
       186
       -
             "8.222.24.0/21",

     

       187
       187
       -
             "47.89.128.0/19",

     

       188
       188
       -
             "240b:400c:8000::/33",

     

       189
       189
       -
             "8.218.128.0/17",

     

       190
       190
       -
             "8.216.128.0/17",

     

       191
       191
       -
             "47.91.128.0/18",

     

       192
       192
       -
             "8.221.64.0/18",

     

       193
       193
       -
             "2404:2280:4000::/36",

     

       194
       194
       -
             "8.211.80.0/21",

     

       195
       195
       -
             "8.217.128.0/17",

     

       196
       196
       -
             "8.220.229.0/24",

     

       197
       197
       -
             "170.33.66.0/24",

     

       198
       198
       -
             "47.237.0.0/16",

     

       199
       199
       -
             "47.235.28.0/23",

     

       200
       200
       -
             "170.33.74.0/24",

     

       201
       201
       -
             "47.90.64.0/18",

     

       202
       202
       -
             "47.246.82.0/23",

     

       203
       203
       -
             "8.209.38.0/23",

     

       204
       204
       -
             "240b:4005:8000::/33",

     

       205
       205
       -
             "8.220.128.0/18",

     

       206
       206
       -
             "139.95.14.0/23",

     

       207
       207
       -
             "8.216.192.0/18",

     

       208
       208
       -
             "8.218.0.0/16",

     

       209
       209
       -
             "47.91.192.0/18",

     

       210
       210
       -
             "8.221.48.0/21",

     

       211
       211
       -
             "149.129.8.0/21",

     

       212
       212
       -
             "43.91.0.0/16",

     

       213
       213
       -
             "8.223.64.0/18",

     

       214
       214
       -
             "8.216.148.0/24",

     

       215
       215
       -
             "8.222.80.0/21",

     

       216
       216
       -
             "2401:b180:4100::/48",

     

       217
       217
       -
             "47.91.0.0/19",

     

       218
       218
       -
             "47.246.154.0/24",

     

       219
       219
       -
             "47.246.152.0/24",

     

       220
       220
       -
             "47.250.64.0/18",

     

       221
       221
       -
             "8.216.128.0/18",

     

       222
       222
       -
             "170.33.72.0/24",

     

       223
       223
       -
             "139.95.12.0/23",

     

       224
       224
       -
             "240b:400c::/40",

     

       225
       225
       -
             "8.221.128.0/18",

     

       226
       226
       -
             "43.96.32.0/24",

     

       227
       227
       -
             "47.90.128.0/17",

     

       228
       228
       -
             "47.251.0.0/17",

     

       229
       229
       -
             "43.96.34.0/24",

     

       230
       230
       -
             "47.245.0.0/18",

     

       231
       231
       -
             "47.85.112.0/23",

     

       232
       232
       -
             "8.209.56.0/21",

     

       233
       233
       -
             "8.213.252.0/24",

     

       234
       234
       -
             "47.77.128.0/17",

     

       235
       235
       -
             "139.95.2.0/23",

     

       236
       236
       -
             "43.96.69.0/24",

     

       237
       237
       -
             "161.117.126.0/24",

     

       238
       238
       -
             "47.75.0.0/16",

     

       239
       239
       -
             "47.89.82.0/23",

     

       240
       240
       -
             "47.89.224.0/19",

     

       241
       241
       -
             "8.209.0.0/20",

     

       242
       242
       -
             "47.246.128.0/22",

     

       243
       243
       -
             "8.221.0.0/21",

     

       244
       244
       -
             "139.95.8.0/23",

     

       245
       245
       -
             "47.253.128.0/17",

     

       246
       246
       -
             "156.236.12.0/24",

     

       247
       247
       -
             "203.107.65.0/24",

     

       248
       248
       -
             "47.241.128.0/17",

     

       249
       249
       -
             "8.222.88.0/21",

     

       250
       250
       -
             "47.87.128.0/18",

     

       251
       251
       -
             "47.254.128.0/18",

     

       252
       252
       -
             "8.221.192.0/18",

     

       253
       253
       -
             "240b:4001::/32",

     

       254
       254
       -
             "47.235.16.0/24",

     

       255
       255
       -
             "240b:4007::/32",

     

       256
       256
       -
             "47.235.13.0/24",

     

       257
       257
       -
             "47.235.24.0/23",

     

       258
       258
       -
             "47.91.80.0/20",

     

       259
       259
       -
             "43.96.11.0/24",

     

       260
       260
       -
             "47.235.5.0/24",

     

       261
       261
       -
             "8.209.160.0/19",

     

       262
       262
       -
             "47.246.88.0/23",

     

       263
       263
       -
             "47.77.4.0/22",

     

       264
       264
       -
             "156.236.17.0/24",

     

       265
       265
       -
             "8.209.224.0/19",

     

       266
       266
       -
             "14.1.115.0/24",

     

       267
       267
       -
             "149.129.96.0/19",

     

       268
       268
       -
             "47.254.192.0/18",

     

       269
       269
       -
             "47.245.192.0/18",

     

       270
       270
       -
             "8.208.0.0/16",

     

       271
       271
       -
             "47.83.0.0/16",

     

       272
       272
       -
             "47.87.96.0/19",

     

       273
       273
       -
             "47.252.64.0/18",

     

       274
       274
       -
             "47.89.192.0/18",

     

       275
       275
       -
             "47.89.122.0/24",

     

       276
       276
       -
             "47.85.114.0/23",

     

       277
       277
       -
             "2404:2280:1000::/36",

     

       278
       278
       -
             "47.81.128.0/17",

     

       279
       279
       -
             "47.246.147.0/24",

     

       280
       280
       -
             "47.87.64.0/18",

     

       281
       281
       -
             "47.235.9.0/24",

     

       282
       282
       -
             "47.52.0.0/17",

     

       283
       283
       -
             "47.246.156.0/22",

     

       284
       284
       -
             "47.246.96.0/22",

     

       285
       285
       -
             "47.74.0.0/18",

     

       286
       286
       -
             "8.214.0.0/17",

     

       287
       287
       -
             "47.246.192.0/22",

     

       288
       288
       -
             "47.246.150.0/24",

     

       289
       289
       -
             "43.91.0.0/17",

     

       290
       290
       -
             "170.33.138.0/24",

     

       291
       291
       -
             "8.213.0.0/18",

     

       292
       292
       -
             "47.90.192.0/18",

     

       293
       293
       -
             "47.85.0.0/16",

     

       294
       294
       -
             "47.235.24.0/22",

     

       295
       295
       -
             "47.235.16.0/23",

     

       296
       296
       -
             "47.85.128.0/17",

     

       297
       297
       -
             "103.81.186.0/23",

     

       298
       298
       -
             "8.221.0.0/18",

     

       299
       299
       -
             "43.96.7.0/24",

     

       300
       300
       -
             "47.79.56.0/21",

     

       301
       301
       -
             "240b:4013::/32",

     

       302
       302
       -
             "47.89.108.0/22",

     

       303
       303
       -
             "47.235.28.0/24",

     

       304
       304
       -
             "47.246.82.0/24",

     

       305
       305
       -
             "47.91.48.0/20",

     

       306
       306
       -
             "185.78.106.0/23",

     

       307
       307
       -
             "47.84.160.0/21",

     

       308
       308
       -
             "140.205.1.0/24",

     

       309
       309
       -
             "47.88.43.0/24",

     

       310
       310
       -
             "47.83.32.0/21",

     

       311
       311
       -
             "47.91.64.0/19",

     

       312
       312
       -
             "43.96.100.0/24",

     

       313
       313
       -
             "43.96.72.0/24",

     

       314
       314
       -
             "47.87.0.0/18",

     

       315
       315
       -
             "8.210.0.0/16",

     

       316
       316
       -
             "47.88.192.0/18",

     

       317
       317
       -
             "47.88.42.0/24",

     

       318
       318
       -
             "170.33.92.0/24",

     

       319
       319
       -
             "149.129.32.0/19",

     

       320
       320
       -
             "47.52.128.0/17",

     

       321
       321
       -
             "47.246.108.0/22",

     

       322
       322
       -
             "8.221.56.0/21",

     

       323
       323
       -
             "47.253.0.0/17",

     

       324
       324
       -
             "110.76.23.0/24",

     

       325
       325
       -
             "170.33.65.0/24",

     

       326
       326
       -
             "240b:4006::/48",

     

       327
       327
       -
             "47.245.0.0/19",

     

       328
       328
       -
             "47.77.64.0/19",

     

       329
       329
       -
             "8.209.39.0/24",

     

       330
       330
       -
             "47.77.96.0/20",

     

       331
       331
       -
             "47.80.128.0/18",

     

       332
       332
       -
             "170.33.83.0/24",

     

       333
       333
       -
             "47.77.32.0/19",

     

       334
       334
       -
             "8.212.64.0/18",

     

       335
       335
       -
             "43.96.40.0/24",

     

       336
       336
       -
             "2400:b200:4102::/48",

     

       337
       337
       -
             "43.96.81.0/24",

     

       338
       338
       -
             "8.214.0.0/16",

     

       339
       339
       -
             "161.117.128.0/24",

     

       340
       340
       -
             "43.96.75.0/24",

     

       341
       341
       -
             "8.215.160.0/24",

     

       342
       342
       -
             "47.77.0.0/22",

     

       343
       343
       -
             "47.239.0.0/16",

     

       344
       344
       -
             "47.89.76.0/22",

     

       345
       345
       -
             "47.82.14.0/23",

     

       346
       346
       -
             "43.91.128.0/17",

     

       347
       347
       -
             "47.89.88.0/22",

     

       348
       348
       -
             "47.79.8.0/21",

     

       349
       349
       -
             "240b:4004:8000::/33",

     

       350
       350
       -
             "47.246.140.0/22",

     

       351
       351
       -
             "43.96.74.0/24",

     

       352
       352
       -
             "161.117.127.0/24",

     

       353
       353
       -
             "8.212.192.0/19",

     

       354
       354
       -
             "240b:4006:1000::/44",

     

       355
       355
       -
             "47.80.192.0/18",

     

       356
       356
       -
             "47.79.48.0/21",

     

       357
       357
       -
             "47.254.64.0/18",

     

       358
       358
       -
             "47.246.144.0/23",

     

       359
       359
       -
             "47.246.92.0/24",

     

       360
       360
       -
             "47.246.66.0/24",

     

       361
       361
       -
             "47.246.150.0/23",

     

       362
       362
       -
             "47.91.96.0/20",

     

       363
       363
       -
             "47.89.98.0/23",

     

       364
       364
       -
             "47.77.80.0/20",

     

       365
       365
       -
             "8.210.240.0/24",

     

       366
       366
       -
             "8.213.0.0/17",

     

       367
       367
       -
             "47.250.99.0/24",

     

       368
       368
       -
             "47.88.41.0/24",

     

       369
       369
       -
             "47.80.32.0/19",

     

       370
       370
       -
             "47.250.0.0/17",

     

       371
       371
       -
             "43.96.8.0/24",

     

       372
       372
       -
             "14.1.112.0/22",

     

       373
       373
       -
             "240b:4006:1008::/45",

     

       374
       374
       -
             "8.211.224.0/19",

     

       375
       375
       -
             "47.84.144.0/21",

     

       376
       376
       -
             "47.88.109.0/24",

     

       377
       377
       -
             "2400:3200::/48",

     

       378
       378
       -
             "47.56.0.0/16",

     

       379
       379
       -
             "8.220.192.0/18",

     

       380
       380
       -
             "8.223.0.0/17",

     

       381
       381
       -
             "8.222.72.0/21",

     

       382
       382
       -
             "47.246.69.0/24",

     

       383
       383
       -
             "240b:4002:8000::/33",

     

       384
       384
       -
             "43.96.66.0/24",

     

       385
       385
       -
             "47.246.92.0/23",

     

       386
       386
       -
             "47.246.136.0/22",

     

       387
       387
       -
             "205.204.117.0/24",

     

       388
       388
       -
             "8.222.80.0/20",

     

       389
       389
       -
             "47.85.112.0/22",

     

       390
       390
       -
             "47.79.128.0/19",

     

       391
       391
       -
             "240b:400d:8000::/33",

     

       392
       392
       -
             "170.33.64.0/24",

     

       393
       393
       -
             "8.222.56.0/21",

     

       394
       394
       -
             "240b:400d::/33",

     

       395
       395
       -
             "8.222.64.0/20",

     

       396
       396
       -
             "47.75.128.0/17",

     

       397
       397
       -
             "8.209.48.0/21",

     

       398
       398
       -
             "47.57.0.0/16",

     

       399
       399
       -
             "139.95.0.0/23",

     

       400
       400
       -
             "47.79.192.0/18",

     

       401
       401
       -
             "170.33.30.0/24",

     

       402
       402
       -
             "47.77.152.0/21",

     

       403
       403
       -
             "8.212.192.0/18",

     

       404
       404
       -
             "8.213.128.0/19",

     

       405
       405
       -
             "47.77.6.0/23",

     

       406
       406
       -
             "47.246.32.0/22",

     

       407
       407
       -
             "140.205.122.0/24",

     

       408
       408
       -
             "47.244.0.0/16",

     

       409
       409
       -
             "47.246.158.0/23",

     

       410
       410
       -
             "8.209.192.0/19",

     

       411
       411
       -
             "170.33.77.0/24",

     

       412
       412
       -
             "8.216.69.0/24",

     

       413
       413
       -
             "8.213.192.0/19",

     

       414
       414
       -
             "47.77.16.0/22",

     

       415
       415
       -
             "47.235.10.0/24",

     

       416
       416
       -
             "202.144.199.0/24",

     

       417
       417
       -
             "47.254.0.0/17",

     

       418
       418
       -
             "43.98.128.0/17",

     

       419
       419
       -
             "240b:400c::/41",

     

       420
       420
       -
             "47.250.128.0/17",

     

       421
       421
       -
             "47.89.101.0/24",

     

       422
       422
       -
             "47.90.128.0/18",

     

       423
       423
       -
             "240b:4013:8000::/33",

     

       424
       424
       -
             "8.209.44.0/23",

     

       425
       425
       -
             "240b:400c:80::/41",

     

       426
       426
       -
             "161.117.129.0/24",

     

       427
       427
       -
             "47.91.64.0/20",

     

       428
       428
       -
             "8.209.36.0/24",

     

       429
       429
       -
             "8.221.8.0/21",

     

       430
       430
       -
             "47.82.32.0/19",

     

       431
       431
       -
             "47.77.4.0/23",

     

       432
       432
       -
             "47.79.72.0/21",

     

       433
       433
       -
             "8.212.160.0/19",

     

       434
       434
       -
             "170.33.80.0/24",

     

       435
       435
       -
             "47.246.156.0/23",

     

       436
       436
       -
             "8.220.192.0/19",

     

       437
       437
       -
             "47.246.68.0/24",

     

       438
       438
       -
             "47.254.160.0/19",

     

       439
       439
       -
             "47.82.56.0/21",

     

       440
       440
       -
             "8.223.128.0/17",

     

       441
       441
       -
             "47.74.128.0/18",

     

       442
       442
       -
             "47.77.24.0/23",

     

       443
       443
       -
             "170.33.93.0/24",

     

       444
       444
       -
             "47.89.72.0/23",

     

       445
       445
       -
             "47.84.152.0/21",

     

       446
       446
       -
             "240b:400e::/32",

     

       447
       447
       -
             "149.129.224.0/19",

     

       448
       448
       -
             "2400:b200:4103::/48",

     

       449
       449
       -
             "47.87.32.0/19",

     

       450
       450
       -
             "47.86.0.0/16",

     

       451
       451
       -
             "47.235.4.0/24",

     

       452
       452
       -
             "139.95.6.0/23",

     

       453
       453
       -
             "47.252.67.0/24",

     

       454
       454
       -
             "47.246.123.0/24",

     

       455
       455
       -
             "47.81.96.0/19",

     

       456
       456
       -
             "43.96.10.0/24",

     

       457
       457
       -
             "8.223.0.0/18",

     

       458
       458
       -
             "240b:4005::/32",

     

       459
       459
       -
             "47.246.130.0/23",

     

       460
       460
       -
             "47.91.96.0/19",

     

       461
       461
       -
             "240b:400b::/33",

     

       462
       462
       -
             "47.246.132.0/23",

     

       463
       463
       -
             "8.213.184.0/21",

     

       464
       464
       -
             "47.246.124.0/24",

     

       465
       465
       -
             "8.209.64.0/18",

     

       466
       466
       -
             "2404:2280:3000::/36",

     

       467
       467
       -
             "47.89.78.0/23",

     

       468
       468
       -
             "47.250.128.0/18",

     

       469
       469
       -
             "47.79.128.0/20",

     

       470
       470
       -
             "240b:4011::/33",

     

       471
       471
       -
             "47.244.128.0/17",

     

       472
       472
       -
             "47.246.151.0/24",

     

       473
       473
       -
             "8.211.226.0/24",

     

       474
       474
       -
             "47.88.135.0/24",

     

       475
       475
       -
             "47.80.0.0/18",

     

       476
       476
       -
             "43.96.88.0/24",

     

       477
       477
       -
             "47.235.6.0/23",

     

       478
       478
       -
             "205.204.111.0/24",

     

       479
       479
       -
             "240b:4006:1000::/45",

     

       480
       480
       -
             "47.250.0.0/18",

     

       481
       481
       -
             "47.89.76.0/23",

     

       482
       482
       -
             "47.89.99.0/24",

     

       483
       483
       -
             "8.211.0.0/17",

     

       484
       484
       -
             "47.89.123.0/24",

     

       485
       485
       -
             "8.209.128.0/19",

     

       486
       486
       -
             "47.246.160.0/20",

     

       487
       487
       -
             "43.99.0.0/16",

     

       488
       488
       -
             "47.236.0.0/15",

     

       489
       489
       -
             "240b:400e:fffe::/48",

     

       490
       490
       -
             "47.80.96.0/19",

     

       491
       491
       -
             "47.246.184.0/21",

     

       492
       492
       -
             "47.235.8.0/24",

     

       493
       493
       -
             "8.222.48.0/21",

     

       494
       494
       -
             "47.89.94.0/23",

     

       495
       495
       -
             "47.245.64.0/18",

     

       496
       496
       -
             "47.77.128.0/21",

     

       497
       497
       -
             "47.74.192.0/18",

     

       498
       498
       -
             "2404:2280:4000::/37",

     

       499
       499
       -
             "8.211.88.0/21",

     

       500
       500
       -
             "8.213.192.0/18",

     

       501
       501
       -
             "8.223.192.0/18",

     

       502
       502
       -
             "240b:4002::/33",

     

       503
       503
       -
             "149.129.64.0/19",

     

       504
       504
       -
             "47.241.0.0/16",

     

       505
       505
       -
             "240b:4006:1018::/45",

     

       506
       506
       -
             "8.216.0.0/17",

     

       507
       507
       -
             "149.129.0.0/21",

     

       508
       508
       -
             "47.254.0.0/18",

     

       509
       509
       -
             "8.220.64.0/18",

     

       510
       510
       -
             "43.96.22.0/24",

     

       511
       511
       -
             "170.33.33.0/24",

     

       512
       512
       -
             "47.91.32.0/19",

     

       513
       513
       -
             "47.246.76.0/22",

     

       514
       514
       -
             "47.246.68.0/23",

     

       515
       515
       -
             "47.246.146.0/23",

     

       516
       516
       -
             "47.254.113.0/24",

     

       517
       517
       -
             "47.89.128.0/18",

     

       518
       518
       -
             "47.77.144.0/21",

     

       519
       519
       -
             "47.89.104.0/22",

     

       520
       520
       -
             "8.211.96.0/21",

     

       521
       521
       -
             "47.80.0.0/19",

     

       522
       522
       -
             "47.246.104.0/22",

     

       523
       523
       -
             "47.80.64.0/18",

     

       524
       524
       -
             "161.117.0.0/17",

     

       525
       525
       -
             "170.33.88.0/24",

     

       526
       526
       -
             "47.77.2.0/23",

     

       527
       527
       -
             "47.241.0.0/17",

     

       528
       528
       -
             "47.79.224.0/19",

     

       529
       529
       -
             "170.33.105.0/24",

     

       530
       530
       -
             "47.82.12.0/23",

     

       531
       531
       -
             "47.246.146.0/24",

     

       532
       532
       -
             "8.213.144.0/20",

     

       533
       533
       -
             "43.99.0.0/17",

     

       534
       534
       -
             "47.89.88.0/23",

     

       535
       535
       -
             "8.220.64.0/19",

     

       536
       536
       -
             "47.89.90.0/23",

     

       537
       537
       -
             "47.235.19.0/24",

     

       538
       538
       -
             "8.215.128.0/17",

     

       539
       539
       -
             "47.235.21.0/24",

     

       540
       540
       -
             "47.81.192.0/18",

     

       541
       541
       -
             "8.211.0.0/18",

     

       542
       542
       -
             "47.246.72.0/22",

     

       543
       543
       -
             "8.211.64.0/18",

     

       544
       544
       -
             "203.107.68.0/24",

     

       545
       545
       -
             "59.82.136.0/23",

     

       546
       546
       -
             "8.209.44.0/22",

     

       547
       547
       -
             "8.209.36.0/23",

     

       548
       548
       -
             "47.89.0.0/18",

     

       549
       549
       -
             "8.216.0.0/18",

     

       550
       550
       -
             "47.246.104.0/21",

     

       551
       551
       -
             "240b:400b::/32",

     

       552
       552
       -
             "47.246.72.0/21",

     

       553
       553
       -
             "8.214.128.0/17",

     

       554
       554
       -
             "8.209.48.0/20",

     

       555
       555
       -
             "170.33.86.0/24",

     

       556
       556
       -
             "110.76.21.0/24",

     

       557
       557
       -
             "8.209.128.0/18",

     

       558
       558
       -
             "8.222.96.0/20",

     

       559
       559
       -
             "47.89.100.0/24",

     

       560
       560
       -
             "47.89.192.0/19",

     

       561
       561
       -
             "8.213.128.0/20",

     

       562
       562
       -
             "2400:b200:4100::/48",

     

       563
       563
       -
             "8.208.0.0/17",

     

       564
       564
       -
             "170.33.90.0/24",

     

       565
       565
       -
             "47.83.0.0/17",

     

       566
       566
       -
             "240b:400c:100::/40",

     

       567
       567
       -
             "170.33.82.0/24",

     

       568
       568
       -
             "8.222.32.0/21",

     

       569
       569
       -
             "47.246.86.0/23",

     

       570
       570
       -
             "47.52.0.0/16",

     

       571
       571
       -
             "47.79.192.0/19",

     

       572
       572
       -
             "2404:2280:1800::/37",

     

       573
       573
       -
             "8.222.112.0/20",

     

       574
       574
       -
             "170.33.24.0/24",

     

       575
       575
       -
             "47.89.92.0/23",

     

       576
       576
       -
             "47.78.0.0/17",

     

       577
       577
       -
             "47.84.0.0/16",

     

       578
       578
       -
             "240b:400b:8000::/33",

     

       579
       579
       -
             "8.209.38.0/24",

     

       580
       580
       -
             "47.235.7.0/24",

     

       581
       581
       -
             "47.235.23.0/24",

     

       582
       582
       -
             "47.237.34.0/24",

     

       583
       583
       -
             "47.79.144.0/20",

     

       584
       584
       -
             "43.96.71.0/24",

     

       585
       585
       -
             "5.181.224.0/23",

     

       586
       586
       -
             "47.246.88.0/22",

     

       587
       587
       -
             "47.246.96.0/21",

     

       588
       588
       -
             "47.82.0.0/19",

     

       589
       589
       -
             "8.209.40.0/23",

     

       590
       590
       -
             "47.77.48.0/20",

     

       591
       591
       -
             "8.209.16.0/20",

     

       592
       592
       -
             "240b:4009::/32",

     

       593
       593
       -
             "47.246.176.0/20",

     

       594
       594
       -
             "47.250.192.0/18",

     

       595
       595
       -
             "47.246.168.0/21",

     

       596
       596
       -
             "47.89.160.0/19",

     

       597
       597
       -
             "8.222.32.0/20",

     

       598
       598
       -
             "223.5.5.0/24",

     

       599
       599
       -
             "47.81.0.0/18",

     

       600
       600
       -
             "47.89.96.0/24",

     

       601
       601
       -
             "47.77.0.0/23",

     

       602
       602
       -
             "43.96.24.0/24",

     

       603
       603
       -
             "8.221.128.0/17",

     

       604
       604
       -
             "47.246.144.0/24",

     

       605
       605
       -
             "47.246.125.0/24",

     

       606
       606
       -
             "240b:400e:ffff::/48",

     

       607
       607
       -
             "47.84.0.0/17",

     

       608
       608
       -
             "170.33.106.0/24",

     

       609
       609
       -
             "156.227.20.0/24",

     

       610
       610
       -
             "170.33.35.0/24",

     

       611
       611
       -
             "240b:4006:1028::/45",

     

       612
       612
       -
             "170.33.78.0/24",

     

       613
       613
       -
             "198.11.128.0/18",

     

       614
       614
       -
             "8.210.0.0/17",

     

       615
       615
       -
             "47.83.40.0/21",

     

       616
       616
       -
             "47.89.80.0/23",

     

       617
       617
       -
             "43.98.0.0/16",

     

       618
       618
       -
             "47.88.0.0/18",

     

       619
       619
       -
             "47.89.74.0/23",

     

       620
       620
       -
             "43.96.67.0/24",

     

       621
       621
       -
             "47.79.48.0/20",

     

       622
       622
       -
             "2404:2280:3800::/37",

     

       623
       623
       -
             "47.235.11.0/24",

     

       624
       624
       -
             "8.220.160.0/19",

     

       625
       625
       -
             "43.96.84.0/24",

     

       626
       626
       -
             "8.221.208.0/21",

     

       627
       627
       -
             "139.95.18.0/23",

     

       628
       628
       -
             "47.246.84.0/22",

     

       629
       629
       -
             "47.77.16.0/21",

     

       630
       630
       -
             "170.33.69.0/24",

     

       631
       631
       -
             "47.78.128.0/17",

     

       632
       632
       -
             "8.220.96.0/19",

     

       633
       633
       -
             "8.209.0.0/19",

     

       634
       634
       -
             "240b:400d::/32",

     

       635
       635
       -
             "205.204.102.0/23",

     

       636
       636
       -
             "47.87.128.0/19",

     

       637
       637
       -
             "47.83.128.0/17",

     

       638
       638
       -
             "8.218.0.0/17",

     

       639
       639
       -
             "47.235.10.0/23",

     

       640
       640
       -
             "8.208.128.0/17",

     

       641
       641
       -
             "170.33.137.0/24",

     

       642
       642
       -
             "8.209.37.0/24",

     

       643
       643
       -
             "8.220.128.0/19",

     

       644
       644
       -
             "47.79.112.0/20",

     

       645
       645
       -
             "47.243.0.0/16",

     

       646
       646
       -
             "47.246.196.0/23",

     

       647
       647
       -
             "170.33.79.0/24",

     

       648
       648
       -
             "47.252.0.0/18",

     

       649
       649
       -
             "47.87.0.0/19",

     

       650
       650
       -
             "2404:2280:2000::/36",

     

       651
       651
       -
             "47.79.58.0/23",

     

       652
       652
       -
             "170.33.34.0/24",

     

       653
       653
       -
             "47.246.132.0/22",

     

       654
       654
       -
             "240b:4012::/48",

     

       655
       655
       -
             "47.91.112.0/20",

     

       656
       656
       -
             "47.77.32.0/20",

     

       657
       657
       -
             "240b:4005::/33",

     

       658
       658
       -
             "8.222.8.0/21",

     

       659
       659
       -
             "47.246.194.0/23",

     

       660
       660
       -
             "2404:2280:1000::/37",

     

       661
       661
       -
             "8.221.200.0/21",

     

       662
       662
       -
             "43.96.23.0/24",

     

       663
       663
       -
             "47.82.64.0/18",

     

       664
       664
       -
             "147.139.128.0/17",

     

       665
       665
       -
             "8.211.192.0/19",

     

       666
       666
       -
             "47.251.128.0/17",

     

       667
       667
       -
             "240b:4011::/32",

     

       668
       668
       -
             "8.222.0.0/20",

     

       669
       669
       -
             "47.235.12.0/24",

     

       670
       670
       -
             "43.99.128.0/17",

     

       671
       671
       -
             "47.246.80.0/24",

     

       672
       672
       -
             "47.246.67.0/24",

     

       673
       673
       -
             "47.246.122.0/24",

     

       674
       674
       -
             "156.245.1.0/24",

     

       675
       675
       -
             "8.210.128.0/17",

     

       676
       676
       -
             "8.213.64.0/18",

     

       677
       677
       -
             "45.199.179.0/24",

     

       678
       678
       -
             "47.235.0.0/22",

     

       679
       679
       -
             "47.246.136.0/21",

     

       680
       680
       -
             "8.213.164.0/22",

     

       681
       681
       -
             "8.209.192.0/18",

     

       682
       682
       -
             "47.77.24.0/22",

     

       683
       683
       -
             "47.82.64.0/19",

     

       684
       684
       -
             "47.244.73.0/24",

     

       685
       685
       -
             "47.89.72.0/22",

     

       686
       686
       -
             "47.76.128.0/17",

     

       687
       687
       -
             "47.76.0.0/16",

     

       688
       688
       -
             "47.245.128.0/17",

     

       689
       689
       -
             "47.75.0.0/17",

     

       690
       690
       -
             "47.245.96.0/19",

     

       691
       691
       -
             "47.235.20.0/24",

     

       692
       692
       -
             "47.79.52.0/23",

     

       693
       693
       -
             "47.79.80.0/20",

     

       694
       694
       -
             "47.82.32.0/21",

     

       695
       695
       -
             "47.251.224.0/22",

     

       696
       696
       -
             "47.74.128.0/17",

     

       697
       697
       -
             "223.6.6.0/24",

     

       698
       698
       -
             "47.246.128.0/23",

     

       699
       699
       -
             "147.139.128.0/18",

     

       700
       700
       -
             "47.246.84.0/23",

     

       701
       701
       -
             "240b:4007::/33",

     

       702
       702
       -
             "170.33.85.0/24",

     

       703
       703
       -
             "43.96.102.0/24",

     

       704
       704
       -
             "43.98.0.0/17",

     

       705
       705
       -
             "203.107.67.0/24",

     

       706
       706
       -
             "8.222.0.0/21",

     

       707
       707
       -
             "2404:2280:2800::/37",

     

       708
       708
       -
             "43.96.101.0/24",

     

       709
       709
       -
             "170.33.84.0/24",

     

       710
       710
       -
             "8.219.128.0/17",

     

       711
       711
       -
             "47.80.64.0/19",

     

       712
       712
       -
             "43.96.85.0/24",

     

       713
       713
       -
             "43.96.96.0/24",

     

       714
       714
       -
             "43.96.73.0/24",

     

       715
       715
       -
             "47.246.100.0/22",

     

       716
       716
       -
             "47.79.60.0/23",

     

       717
       717
       -
             "47.77.26.0/23",

     

       718
       718
       -
             "8.222.128.0/17",

     

       719
       719
       -
             "161.117.138.0/24",

     

       720
       720
       -
             "47.235.18.0/23",

     

       721
       721
       -
             "47.235.0.0/23",

     

       722
       722
       -
             "240b:4006:1010::/44",

     

       723
       723
       -
             "47.76.0.0/17",

     

       724
       724
       -
             "8.221.216.0/21",

     

       725
       725
       -
             "47.82.8.0/23",

     

       726
       726
       -
             "2404:2280:4800::/37",

     

       727
       727
       -
             "170.33.29.0/24",

     

       728
       728
       -
             "47.245.128.0/18",

     

       729
       729
       -
             "47.79.80.0/21",

     

       730
       730
       -
             "47.89.221.0/24",

     

       731
       731
       -
             "198.11.184.0/21",

     

       732
       732
       -
             "240b:4009:8000::/33",

     

       733
       733
       -
             "8.215.162.0/23",

     

       734
       734
       -
             "8.211.128.0/19",

     

       735
       735
       -
             "47.79.83.0/24",

     

       736
       736
       -
             "2408:4009:500::/48",

     

       737
       737
       -
             "47.81.64.0/19",

     

       738
       738
       -
             "8.208.0.0/19",

     

       739
       739
       -
             "47.240.0.0/17",

     

       740
       740
       -
             "47.79.64.0/21",

     

       741
       741
       -
             "47.90.0.0/18",

     

       742
       742
       -
             "43.96.70.0/24",

     

       743
       743
       -
             "149.129.0.0/20",

     

       744
       744
       -
             "240b:400c::/33",

     

       745
       745
       -
             "2408:4000:1000::/48",

     

       746
       746
       -
             "170.33.76.0/24",

     

       747
       747
       -
             "205.204.96.0/19",

     

       748
       748
       -
             "47.88.64.0/18",

     

       749
       749
       -
             "8.209.96.0/19",

     

       750
       750
       -
             "47.79.104.0/21",

     

       751
       751
       -
             "47.82.10.0/23",

     

       752
       752
       -
             "47.79.88.0/21",

     

       753
       753
       -
             "47.245.64.0/19",

     

       754
       754
       -
             "139.95.16.0/23",

     

       755
       755
       -
             "47.77.20.0/22",

     

       756
       756
       -
             "240b:400f::/33",

     

       757
       757
       -
             "47.235.2.0/23",

     

       758
       758
       -
             "8.221.0.0/17",

     

       759
       759
       -
             "8.213.160.0/22",

     

       760
       760
       -
             "8.215.169.0/24",

     

       761
       761
       -
             "170.33.81.0/24",

     

       762
       762
       -
             "47.89.124.0/24",

     

       763
       763
       -
             "47.235.30.0/24",

     

       764
       764
       -
             "47.79.62.0/23",

     

       765
       765
       -
             "43.96.68.0/24",

     

       766
       766
       -
             "47.246.120.0/24",

     

       767
       767
       -
             "8.221.192.0/21",

     

       768
       768
       -
             "8.221.184.0/22",

     

       769
       769
       -
             "47.77.136.0/21",

     

       770
       770
       -
             "8.220.224.0/19",

     

       771
       771
       -
             "156.240.76.0/23",

     

       772
       772
       -
             "8.208.141.0/24",

     

       773
       773
       -
             "2404:2280:2000::/37",

     

       774
       774
       -
             "47.84.128.0/17",

     

       775
       775
       -
             "47.85.0.0/17",

     

       776
       776
       -
             "8.217.0.0/17",

     

       777
       777
       -
             "47.89.84.0/24",

     

       778
       778
       -
             "47.238.0.0/15",

     

       779
       779
       -
             "47.86.128.0/17",

     

       780
       780
       -
             "240b:4011:8000::/33",

     

       781
       781
       -
             "240b:4006:1000::/47",

     

       782
       782
       -
             "47.246.134.0/23",

     

       783
       783
       -
             "47.79.96.0/20",

     

       784
       784
       -
             "47.79.0.0/21",

     

       785
       785
       -
             "47.89.103.0/24",

     

       786
       786
       -
             "47.89.97.0/24",

     

       787
       787
       -
             "240b:4000::/33",

     

       788
       788
       -
             "47.242.0.0/16",

     

       789
       789
       -
             "47.56.0.0/15",

     

       790
       790
       -
             "47.91.32.0/20",

     

       791
       791
       -
             "147.139.192.0/18",

     

       792
       792
       -
             "240b:4013::/33",

     

       793
       793
       -
             "47.79.40.0/21",

     

       794
       794
       -
             "8.209.46.0/23",

     

       795
       795
       -
             "47.82.48.0/21",

     

       796
       796
       -
             "47.82.40.0/21",

     

       797
       797
       -
             "47.87.192.0/22",

     

       798
       798
       -
             "47.87.192.0/23",

     

       799
       799
       -
             "47.87.194.0/23",

     

       800
       800
       -
             "47.87.196.0/22",

     

       801
       801
       -
             "47.87.196.0/23",

     

       802
       802
       -
             "47.87.198.0/23",

     

       803
       803
       -
             "240b:400c:ffff::/48",

     

       804
       804
       -
             "47.87.208.0/23",

     

       805
       805
       -
             "47.87.210.0/23",

     

       806
       806
       -
             "47.87.208.0/22",

     

       807
       807
       -
             "47.87.222.0/23",

     

       808
       808
       -
             "47.87.216.0/23",

     

       809
       809
       -
             "47.87.200.0/23",

     

       810
       810
       -
             "47.87.220.0/23",

     

       811
       811
       -
             "47.87.216.0/22",

     

       812
       812
       -
             "47.87.224.0/22",

     

       813
       813
       -
             "47.87.204.0/22",

     

       814
       814
       -
             "47.87.212.0/23",

     

       815
       815
       -
             "47.87.226.0/23",

     

       816
       816
       -
             "47.87.200.0/22",

     

       817
       817
       -
             "47.87.206.0/23",

     

       818
       818
       -
             "43.100.0.0/16",

     

       819
       819
       -
             "47.87.212.0/22",

     

       820
       820
       -
             "47.87.218.0/23",

     

       821
       821
       -
             "47.87.214.0/23",

     

       822
       822
       -
             "43.100.0.0/15",

     

       823
       823
       -
             "47.87.204.0/23",

     

       824
       824
       -
             "47.87.220.0/22",

     

       825
       825
       -
             "43.101.0.0/16",

     

       826
       826
       -
             "47.87.224.0/23",

     

       827
       827
       -
             "47.87.202.0/23",

     

       828
       828
       -
           ]

-4

packages/anubis-files/src/rules/challenge/generic-browser.yaml

···

       1
       1
       -
       - name: generic-browser

     

       2
       2
       -
         user_agent_regex: >-

     

       3
       3
       -
           Mozilla|Opera

     

       4
       4
       -
         action: CHALLENGE

+26

packages/bgutil-pot-server/librusty_v8.nix

···

       1
       1
       +
       # COPIED FROM nixpkgs/pkgs/by-name/router

     

       2
       2
       +
       {

     

       3
       3
       +
         lib,

     

       4
       4
       +
         stdenv,

     

       5
       5
       +
         fetchurl,

     

       6
       6
       +
       }:

     

       7
       7
       +
       

     

       8
       8
       +
       let

     

       9
       9
       +
         fetch_librusty_v8 =

     

       10
       10
       +
           args:

     

       11
       11
       +
           fetchurl {

     

       12
       12
       +
             name = "librusty_v8-${args.version}";

     

       13
       13
       +
             url = "https://github.com/denoland/rusty_v8/releases/download/v${args.version}/librusty_v8_release_${stdenv.hostPlatform.rust.rustcTarget}.a";

     

       14
       14
       +
             sha256 = args.shas.${stdenv.hostPlatform.system};

     

       15
       15
       +
             meta = {

     

       16
       16
       +
               inherit (args) version;

     

       17
       17
       +
               sourceProvenance = with lib.sourceTypes; [ binaryNativeCode ];

     

       18
       18
       +
             };

     

       19
       19
       +
           };

     

       20
       20
       +
       in

     

       21
       21
       +
       fetch_librusty_v8 {

     

       22
       22
       +
         version = "130.0.7";

     

       23
       23
       +
         shas = {

     

       24
       24
       +
           x86_64-linux = "sha256-pkdsuU6bAkcIHEZUJOt5PXdzK424CEgTLXjLtQ80t10=";

     

       25
       25
       +
         };

     

       26
       26
       +
       }

+49

packages/bgutil-pot-server/package.nix

···

       1
       1
       +
       {

     

       2
       2
       +
         lib,

     

       3
       3
       +
         callPackage,

     

       4
       4
       +
         rustPlatform,

     

       5
       5
       +
         fetchFromGitHub,

     

       6
       6
       +
         pkg-config,

     

       7
       7
       +
         openssl,

     

       8
       8
       +
         _experimental-update-script-combinators,

     

       9
       9
       +
         nix-update-script,

     

       10
       10
       +
       }:

     

       11
       11
       +
       rustPlatform.buildRustPackage (finalAttrs: {

     

       12
       12
       +
         pname = "bgutil-pot-server";

     

       13
       13
       +
         version = "0.6.0";

     

       14
       14
       +
       

     

       15
       15
       +
         src = fetchFromGitHub {

     

       16
       16
       +
           owner = "jim60105";

     

       17
       17
       +
           repo = "bgutil-ytdlp-pot-provider-rs";

     

       18
       18
       +
           tag = "v${finalAttrs.version}";

     

       19
       19
       +
           hash = "sha256-kEu5WqOymH8yAyMhGKtVPOq3qlTRpFU/FO71uWEX/e8=";

     

       20
       20
       +
         };

     

       21
       21
       +
       

     

       22
       22
       +
         cargoHash = "sha256-fJZeyIsFUfpWeC1MWsU1hANb6cqC9xHQOnhcohEMTeM=";

     

       23
       23
       +
       

     

       24
       24
       +
         nativeBuildInputs = [

     

       25
       25
       +
           pkg-config

     

       26
       26
       +
         ];

     

       27
       27
       +
       

     

       28
       28
       +
         buildInputs = [

     

       29
       29
       +
           openssl

     

       30
       30
       +
         ];

     

       31
       31
       +
       

     

       32
       32
       +
         env.RUSTY_V8_ARCHIVE = callPackage ./librusty_v8.nix { };

     

       33
       33
       +
       

     

       34
       34
       +
         doCheck = false;

     

       35
       35
       +
       

     

       36
       36
       +
         passthru.updateScript = _experimental-update-script-combinators.sequence [

     

       37
       37
       +
           (nix-update-script { })

     

       38
       38
       +
           ./update-librusty.sh

     

       39
       39
       +
         ];

     

       40
       40
       +
       

     

       41
       41
       +
         meta = {

     

       42
       42
       +
           changelog = "https://github.com/jim60105/bgutil-ytdlp-pot-provider-rs/releases/tag/v${finalAttrs.version}";

     

       43
       43
       +
           description = "Proof-of-origin token provider plugin for yt-dlp in Rust";

     

       44
       44
       +
           homepage = "https://github.com/jim60105/bgutil-ytdlp-pot-provider-rs";

     

       45
       45
       +
           license = lib.licenses.gpl3Plus;

     

       46
       46
       +
           maintainers = with lib.maintainers; [ pyrox0 ];

     

       47
       47
       +
           mainProgram = "bgutil-pot";

     

       48
       48
       +
         };

     

       49
       49
       +
       })

+45

packages/bgutil-pot-server/update-librusty.sh

···

       1
       1
       +
       #!/usr/bin/env nix-shell

     

       2
       2
       +
       #!nix-shell -i bash -p gnugrep gnused nix jq

     

       3
       3
       +
       # shellcheck shell=bash

     

       4
       4
       +
       # COPIED FROM nixpkgs/pkgs/by-name/wi/windmill

     

       5
       5
       +
       

     

       6
       6
       +
       set -eu -o pipefail

     

       7
       7
       +
       

     

       8
       8
       +
       echo "librusty_v8: UPDATING"

     

       9
       9
       +
       

     

       10
       10
       +
       BGUTIL_LATEST_VERSION=$(curl ${GITHUB_TOKEN:+-u ":$GITHUB_TOKEN"} --silent --fail --location "https://api.github.com/repos/jim60105/bgutil-ytdlp-pot-provider-rs/releases/latest" | jq --raw-output .tag_name)

     

       11
       11
       +
       CARGO_LOCK=$(curl ${GITHUB_TOKEN:+-u ":$GITHUB_TOKEN"} --silent --fail --location "https://github.com/jim60105/bgutil-ytdlp-pot-provider-rs/raw/$BGUTIL_LATEST_VERSION/Cargo.lock")

     

       12
       12
       +
       

     

       13
       13
       +
       PACKAGE_DIR=$(dirname "$(readlink --canonicalize-existing "${BASH_SOURCE[0]}")")

     

       14
       14
       +
       OUTPUT_FILE="$PACKAGE_DIR/librusty_v8.nix"

     

       15
       15
       +
       NEW_VERSION=$(echo "$CARGO_LOCK" | grep --after-context 5 'name = "v8"' | grep 'version =' | sed -E 's/version = "//;s/"//')

     

       16
       16
       +
       

     

       17
       17
       +
       CURRENT_VERSION=""

     

       18
       18
       +
       if [ -f "$OUTPUT_FILE" ]; then

     

       19
       19
       +
         CURRENT_VERSION="$(grep 'version =' "$OUTPUT_FILE" | sed -E 's/version = "//;s/"//')"

     

       20
       20
       +
       fi

     

       21
       21
       +
       

     

       22
       22
       +
       if [ "$CURRENT_VERSION" == "$NEW_VERSION" ]; then

     

       23
       23
       +
         echo "No update needed, $CURRENT_VERSION is already latest"

     

       24
       24
       +
         exit 0

     

       25
       25
       +
       fi

     

       26
       26
       +
       

     

       27
       27
       +
       x86Hash="$(nix-prefetch-url --type sha256 https://github.com/denoland/rusty_v8/releases/download/v"$NEW_V")"

     

       28
       28
       +
       TEMP_FILE="$OUTPUT_FILE.tmp"

     

       29
       29
       +
       cat >"$TEMP_FILE" <<EOF

     

       30
       30
       +
       # COPIED FROM nixpkgs/pkgs/by-name/wi/windmill

     

       31
       31
       +
       # auto-generated file -- DO NOT EDIT!

     

       32
       32
       +
       { fetchLibrustyV8 }:

     

       33
       33
       +
       

     

       34
       34
       +
       fetchLibrustyV8 {

     

       35
       35
       +
         version = "$NEW_VERSION";

     

       36
       36
       +
         shas = {

     

       37
       37
       +
           # NOTE; Follows supported platforms of package (see meta.platforms attribute)!

     

       38
       38
       +
           x86_64-linux = "$(nix hash convert --hash-algo sha256 --from nix32 "$x86Hash")";

     

       39
       39
       +
         };

     

       40
       40
       +
       }

     

       41
       41
       +
       EOF

     

       42
       42
       +
       

     

       43
       43
       +
       mv "$TEMP_FILE" "$OUTPUT_FILE"

     

       44
       44
       +
       

     

       45
       45
       +
       echo "librusty_v8: UPDATE DONE"

-31

packages/default.nix

···

       1
       1
       -
       { ... }:

     

       2
       2
       -
       {

     

       3
       3
       -
       

     

       4
       4
       -
         perSystem =

     

       5
       5
       -
           {

     

       6
       6
       -
             pkgs,

     

       7
       7
       -
             lib,

     

       8
       8
       -
             ...

     

       9
       9
       -
           }:

     

       10
       10
       -
           let

     

       11
       11
       -
             packages = lib.makeScope pkgs.newScope (_: {

     

       12
       12
       -
               anubis-files = pkgs.callPackage ./anubis-files { };

     

       13
       13
       -
               doc2dash = pkgs.callPackage ./doc2dash { };

     

       14
       14
       -
               jellyfin-exporter = pkgs.callPackage ./jellyfin-exporter { };

     

       15
       15
       -
               pingvin-share-config = pkgs.callPackage ./pingvin-share-config { };

     

       16
       16
       -
       

     

       17
       17
       -
             });

     

       18
       18
       -
           in

     

       19
       19
       -
           {

     

       20
       20
       -
             legacyPackages = packages;

     

       21
       21
       -
             packages = lib.filterAttrs (

     

       22
       22
       -
               _: pkg:

     

       23
       23
       -
               let

     

       24
       24
       -
                 isDerivation = lib.isDerivation pkg;

     

       25
       25
       -
                 availableOnHost = lib.meta.availableOn pkgs.stdenv.hostPlatform pkg;

     

       26
       26
       -
                 isBroken = pkg.meta.broken or false;

     

       27
       27
       -
               in

     

       28
       28
       -
               isDerivation && !isBroken && availableOnHost

     

       29
       29
       -
             ) packages;

     

       30
       30
       -
           };

     

       31
       31
       -
       }

-24

packages/doc2dash/default.nix

···

       1
       1
       -
       {

     

       2
       2
       -
         fetchFromGitHub,

     

       3
       3
       -
         python3Packages,

     

       4
       4
       -
       }: python3Packages.buildPythonApplication rec {

     

       5
       5
       -
         pname = "doc2dash";

     

       6
       6
       -
         version = "3.1.0";

     

       7
       7
       -
         pyproject = true;

     

       8
       8
       -
       

     

       9
       9
       -
         src = fetchFromGitHub {

     

       10
       10
       -
           owner = "hynek";

     

       11
       11
       -
           repo = "doc2dash";

     

       12
       12
       -
           rev = version;

     

       13
       13
       -
           hash = "sha256-u6K+BDc9tUxq4kCekTaqQLtNN/OLVc3rh14sVSfPtoQ=";

     

       14
       14
       -
         };

     

       15
       15
       -
       

     

       16
       16
       -
         build-system = with python3Packages; [ hatchling hatch-vcs hatch-fancy-pypi-readme];

     

       17
       17
       -
       

     

       18
       18
       -
         dependencies = with python3Packages; [attrs beautifulsoup4 click rich];

     

       19
       19
       -
       

     

       20
       20
       -
         nativeCheckInputs = with python3Packages; [

     

       21
       21
       -
           pytestCheckHook

     

       22
       22
       -
           pytest-cov-stub

     

       23
       23
       -
         ];

     

       24
       24
       -
       }

+34

packages/doc2dash/package.nix

···

       1
       1
       +
       {

     

       2
       2
       +
         fetchFromGitHub,

     

       3
       3
       +
         python3Packages,

     

       4
       4
       +
       }:

     

       5
       5
       +
       python3Packages.buildPythonApplication rec {

     

       6
       6
       +
         pname = "doc2dash";

     

       7
       7
       +
         version = "3.1.0";

     

       8
       8
       +
         pyproject = true;

     

       9
       9
       +
       

     

       10
       10
       +
         src = fetchFromGitHub {

     

       11
       11
       +
           owner = "hynek";

     

       12
       12
       +
           repo = "doc2dash";

     

       13
       13
       +
           rev = version;

     

       14
       14
       +
           hash = "sha256-u6K+BDc9tUxq4kCekTaqQLtNN/OLVc3rh14sVSfPtoQ=";

     

       15
       15
       +
         };

     

       16
       16
       +
       

     

       17
       17
       +
         build-system = with python3Packages; [

     

       18
       18
       +
           hatchling

     

       19
       19
       +
           hatch-vcs

     

       20
       20
       +
           hatch-fancy-pypi-readme

     

       21
       21
       +
         ];

     

       22
       22
       +
       

     

       23
       23
       +
         dependencies = with python3Packages; [

     

       24
       24
       +
           attrs

     

       25
       25
       +
           beautifulsoup4

     

       26
       26
       +
           click

     

       27
       27
       +
           rich

     

       28
       28
       +
         ];

     

       29
       29
       +
       

     

       30
       30
       +
         nativeCheckInputs = with python3Packages; [

     

       31
       31
       +
           pytestCheckHook

     

       32
       32
       +
           pytest-cov-stub

     

       33
       33
       +
         ];

     

       34
       34
       +
       }

+147

packages/glide-browser-bin/package.nix

···

       1
       1
       +
       {

     

       2
       2
       +
         lib,

     

       3
       3
       +
         stdenv,

     

       4
       4
       +
         fetchurl,

     

       5
       5
       +
         # keep-sorted start

     

       6
       6
       +
         adwaita-icon-theme,

     

       7
       7
       +
         alsa-lib,

     

       8
       8
       +
         autoPatchelfHook,

     

       9
       9
       +
         copyDesktopItems,

     

       10
       10
       +
         curl,

     

       11
       11
       +
         dbus-glib,

     

       12
       12
       +
         gtk3,

     

       13
       13
       +
         hicolor-icon-theme,

     

       14
       14
       +
         libXtst,

     

       15
       15
       +
         libva,

     

       16
       16
       +
         makeBinaryWrapper,

     

       17
       17
       +
         makeDesktopItem,

     

       18
       18
       +
         patchelfUnstable,

     

       19
       19
       +
         pciutils,

     

       20
       20
       +
         pipewire,

     

       21
       21
       +
         wrapGAppsHook3,

     

       22
       22
       +
         # keep-sorted end

     

       23
       23
       +
         nix-update-script,

     

       24
       24
       +
         ...

     

       25
       25
       +
       }:

     

       26
       26
       +
       stdenv.mkDerivation (finalAttrs: {

     

       27
       27
       +
         pname = "glide-browser";

     

       28
       28
       +
         version = "0.1.55a";

     

       29
       29
       +
       

     

       30
       30
       +
         src = fetchurl {

     

       31
       31
       +
           url = "https://github.com/glide-browser/glide/releases/download/${finalAttrs.version}/glide.linux-x86_64.tar.xz";

     

       32
       32
       +
           hash = "sha256-mjk8KmB/T5ZpB9AMQw1mtb9VbMXVX2VV4N+hWpWkSYI=";

     

       33
       33
       +
         };

     

       34
       34
       +
       

     

       35
       35
       +
         nativeBuildInputs = [

     

       36
       36
       +
           # keep-sorted start

     

       37
       37
       +
           autoPatchelfHook

     

       38
       38
       +
           copyDesktopItems

     

       39
       39
       +
           makeBinaryWrapper

     

       40
       40
       +
           patchelfUnstable

     

       41
       41
       +
           wrapGAppsHook3

     

       42
       42
       +
           # keep-sorted end

     

       43
       43
       +
         ];

     

       44
       44
       +
       

     

       45
       45
       +
         buildInputs = [

     

       46
       46
       +
           # keep-sorted start

     

       47
       47
       +
           adwaita-icon-theme

     

       48
       48
       +
           alsa-lib

     

       49
       49
       +
           dbus-glib

     

       50
       50
       +
           gtk3

     

       51
       51
       +
           hicolor-icon-theme

     

       52
       52
       +
           libXtst

     

       53
       53
       +
           # keep-sorted end

     

       54
       54
       +
         ];

     

       55
       55
       +
       

     

       56
       56
       +
         runtimeDependencies = [

     

       57
       57
       +
           # keep-sorted start

     

       58
       58
       +
           curl

     

       59
       59
       +
           libva.out

     

       60
       60
       +
           pciutils

     

       61
       61
       +
           # keep-sorted end

     

       62
       62
       +
         ];

     

       63
       63
       +
       

     

       64
       64
       +
         appendRunpaths = [ "${pipewire}/lib" ];

     

       65
       65
       +
       

     

       66
       66
       +
         # Firefox uses "relrhack" to manually process relocations from a fixed offset

     

       67
       67
       +
         patchelfFlags = [ "--no-clobber-old-sections" ];

     

       68
       68
       +
       

     

       69
       69
       +
         installPhase = ''

     

       70
       70
       +
           runHook preInstall

     

       71
       71
       +
       

     

       72
       72
       +
           mkdir -p $out/bin $out/share/icons/hicolor/ $out/lib/glide-browser-bin-${finalAttrs.version}

     

       73
       73
       +
           cp -t $out/lib/glide-browser-bin-${finalAttrs.version} -r *

     

       74
       74
       +
           chmod +x $out/lib/glide-browser-bin-${finalAttrs.version}/glide

     

       75
       75
       +
           iconDir=$out/share/icons/hicolor

     

       76
       76
       +
           browserIcons=$out/lib/glide-browser-bin-${finalAttrs.version}/browser/chrome/icons/default

     

       77
       77
       +
       

     

       78
       78
       +
           for i in 16 32 48 64 128; do

     

       79
       79
       +
             iconSizeDir="$iconDir/''${i}x$i/apps"

     

       80
       80
       +
             mkdir -p $iconSizeDir

     

       81
       81
       +
             cp $browserIcons/default$i.png $iconSizeDir/glide-browser.png

     

       82
       82
       +
           done

     

       83
       83
       +
       

     

       84
       84
       +
       

     

       85
       85
       +
           ln -s $out/lib/glide-browser-bin-${finalAttrs.version}/glide $out/bin/glide

     

       86
       86
       +
           ln -s $out/bin/glide $out/bin/glide-browser

     

       87
       87
       +
       

     

       88
       88
       +
           runHook postInstall

     

       89
       89
       +
         '';

     

       90
       90
       +
       

     

       91
       91
       +
         desktopItems = [

     

       92
       92
       +
           (makeDesktopItem {

     

       93
       93
       +
             name = "glide-browser-bin";

     

       94
       94
       +
             exec = "glide-browser --name glide-browser %U";

     

       95
       95
       +
             icon = "glide-browser";

     

       96
       96
       +
             desktopName = "Glide Browser";

     

       97
       97
       +
             genericName = "Web Browser";

     

       98
       98
       +
             terminal = false;

     

       99
       99
       +
             startupNotify = true;

     

       100
       100
       +
             startupWMClass = "glide-browser";

     

       101
       101
       +
             categories = [

     

       102
       102
       +
               "Network"

     

       103
       103
       +
               "WebBrowser"

     

       104
       104
       +
             ];

     

       105
       105
       +
             mimeTypes = [

     

       106
       106
       +
               "text/html"

     

       107
       107
       +
               "text/xml"

     

       108
       108
       +
               "application/xhtml+xml"

     

       109
       109
       +
               "application/vnd.mozilla.xul+xml"

     

       110
       110
       +
               "x-scheme-handler/http"

     

       111
       111
       +
               "x-scheme-handler/https"

     

       112
       112
       +
             ];

     

       113
       113
       +
             actions = {

     

       114
       114
       +
               new-window = {

     

       115
       115
       +
                 name = "New Window";

     

       116
       116
       +
                 exec = "glide-browser --new-window %U";

     

       117
       117
       +
               };

     

       118
       118
       +
               new-private-window = {

     

       119
       119
       +
                 name = "New Private Window";

     

       120
       120
       +
                 exec = "glide-browser --private-window %U";

     

       121
       121
       +
               };

     

       122
       122
       +
               profile-manager-window = {

     

       123
       123
       +
                 name = "Profile Manager";

     

       124
       124
       +
                 exec = "glide-browser --ProfileManager";

     

       125
       125
       +
               };

     

       126
       126
       +
             };

     

       127
       127
       +
           })

     

       128
       128
       +
         ];

     

       129
       129
       +
       

     

       130
       130
       +
         passthru.updateScript = nix-update-script {

     

       131
       131
       +
           extraArgs = [

     

       132
       132
       +
             "--url"

     

       133
       133
       +
             "https://github.com/glide-browser/glide"

     

       134
       134
       +
           ];

     

       135
       135
       +
         };

     

       136
       136
       +
       

     

       137
       137
       +
         meta = {

     

       138
       138
       +
           changelog = "https://glide-browser.app/changelog#${finalAttrs.version}";

     

       139
       139
       +
           description = "Extensible and keyboard-focused web browser, based on Firefox (binary package)";

     

       140
       140
       +
           homepage = "https://glide-browser.app/";

     

       141
       141
       +
           license = lib.licenses.mpl20;

     

       142
       142
       +
           sourceProvenance = [ lib.sourceTypes.binaryNativeCode ];

     

       143
       143
       +
           platforms = [ "x86_64-linux" ];

     

       144
       144
       +
           maintainers = with lib.maintainers; [ pyrox0 ];

     

       145
       145
       +
           mainProgram = "glide-browser";

     

       146
       146
       +
         };

     

       147
       147
       +
       })

-34

packages/jellyfin-exporter/default.nix

···

       1
       1
       -
       {

     

       2
       2
       -
         lib,

     

       3
       3
       -
         buildGoModule,

     

       4
       4
       -
         fetchFromGitHub,

     

       5
       5
       -
         ...

     

       6
       6
       -
       }:

     

       7
       7
       -
       buildGoModule (finalAttrs: {

     

       8
       8
       -
         pname = "jellyfin-exporter";

     

       9
       9
       -
         version = "1.3.8";

     

       10
       10
       -
       

     

       11
       11
       -
         src = fetchFromGitHub {

     

       12
       12
       -
           owner = "rebelcore";

     

       13
       13
       -
           repo = "jellyfin_exporter";

     

       14
       14
       -
           tag = "v${finalAttrs.version}";

     

       15
       15
       -
           hash = "sha256-7fIrjcy6y/Ayj43WeuPNCx3uVJyl5Wf6bWs5ta2PpWc=";

     

       16
       16
       -
         };

     

       17
       17
       -
       

     

       18
       18
       -
         # We need to patch the tests since we don't move the binary to `$GOPATH/bin`, but to `$out/bin` instead.

     

       19
       19
       -
         postPatch = ''

     

       20
       20
       -
           substituteInPlace jellyfin_exporter_test.go \

     

       21
       21
       -
             --replace-fail "GOPATH" "out"

     

       22
       22
       -
         '';

     

       23
       23
       -
       

     

       24
       24
       -
         vendorHash = "sha256-JSOKDbefQyDLNy2y1oW7HUplQw8uhhOGZ+ueWyUYYQ0=";

     

       25
       25
       -
       

     

       26
       26
       -
         meta = {

     

       27
       27
       -
           changelog = "https://github.com/rebelcore/jellyfin_exporter/blob/v${finalAttrs.version}/CHANGELOG.md";

     

       28
       28
       -
           description = "Jellyfin Media System metrics exporter for prometheus";

     

       29
       29
       -
           homepage = "https://github.com/rebelcore/jellyfin_exporter";

     

       30
       30
       -
           license = lib.licenses.asl20;

     

       31
       31
       -
           maintainers = with lib.maintainers; [ pyrox0 ];

     

       32
       32
       -
           mainProgram = "jellyfin_exporter";

     

       33
       33
       -
         };

     

       34
       34
       -
       })

+34

packages/jellyfin-exporter/package.nix

···

       1
       1
       +
       {

     

       2
       2
       +
         lib,

     

       3
       3
       +
         buildGoModule,

     

       4
       4
       +
         fetchFromGitHub,

     

       5
       5
       +
         ...

     

       6
       6
       +
       }:

     

       7
       7
       +
       buildGoModule (finalAttrs: {

     

       8
       8
       +
         pname = "jellyfin-exporter";

     

       9
       9
       +
         version = "1.3.9";

     

       10
       10
       +
       

     

       11
       11
       +
         src = fetchFromGitHub {

     

       12
       12
       +
           owner = "rebelcore";

     

       13
       13
       +
           repo = "jellyfin_exporter";

     

       14
       14
       +
           tag = "v${finalAttrs.version}";

     

       15
       15
       +
           hash = "sha256-oHPzdV+Fe7XmSyRWm5jh7oGqlY9uyLy7u9tCTlkfhQk=";

     

       16
       16
       +
         };

     

       17
       17
       +
       

     

       18
       18
       +
         # We need to patch the tests since we don't move the binary to `$GOPATH/bin`, but to `$out/bin` instead.

     

       19
       19
       +
         postPatch = ''

     

       20
       20
       +
           substituteInPlace jellyfin_exporter_test.go \

     

       21
       21
       +
             --replace-fail "GOPATH" "out"

     

       22
       22
       +
         '';

     

       23
       23
       +
       

     

       24
       24
       +
         vendorHash = "sha256-Z3XM4vTsm5R/Me1jR9oqLcWqmEn1bd653UNvDKLM80g=";

     

       25
       25
       +
       

     

       26
       26
       +
         meta = {

     

       27
       27
       +
           changelog = "https://github.com/rebelcore/jellyfin_exporter/blob/v${finalAttrs.version}/CHANGELOG.md";

     

       28
       28
       +
           description = "Jellyfin Media System metrics exporter for prometheus";

     

       29
       29
       +
           homepage = "https://github.com/rebelcore/jellyfin_exporter";

     

       30
       30
       +
           license = lib.licenses.asl20;

     

       31
       31
       +
           maintainers = with lib.maintainers; [ pyrox0 ];

     

       32
       32
       +
           mainProgram = "jellyfin_exporter";

     

       33
       33
       +
         };

     

       34
       34
       +
       })

-19

packages/pingvin-share-config/default.nix

···

       1
       1
       -
       {

     

       2
       2
       -
         pkgs,

     

       3
       3
       -
         stdenv,

     

       4
       4
       -
         settings ? { },

     

       5
       5
       -
         ...

     

       6
       6
       -
       }:

     

       7
       7
       -
       let

     

       8
       8
       -
         format = pkgs.formats.yaml { };

     

       9
       9
       -
         file = format.generate "config.yaml" settings;

     

       10
       10
       -
       in

     

       11
       11
       -
       stdenv.mkDerivation {

     

       12
       12
       -
         pname = "pingvin-share-config";

     

       13
       13
       -
         version = "1.0.0";

     

       14
       14
       -
       

     

       15
       15
       -
         installPhase = ''

     

       16
       16
       -
           mkdir $out

     

       17
       17
       -
           cp ${file} $out/config.yaml

     

       18
       18
       -
         '';

     

       19
       19
       -
       }

+138

packages/planka/package.nix

···

       1
       1
       +
       {

     

       2
       2
       +
         lib,

     

       3
       3
       +
         stdenv,

     

       4
       4
       +
         fetchFromGitHub,

     

       5
       5
       +
         fetchNpmDeps,

     

       6
       6
       +
         nix-update-script,

     

       7
       7
       +
         npmHooks,

     

       8
       8
       +
         dart-sass,

     

       9
       9
       +
         nodejs,

     

       10
       10
       +
         python3,

     

       11
       11
       +
       }:

     

       12
       12
       +
       let

     

       13
       13
       +
         version = "2.0.0-rc.4";

     

       14
       14
       +
         src = fetchFromGitHub {

     

       15
       15
       +
           owner = "plankanban";

     

       16
       16
       +
           repo = "planka";

     

       17
       17
       +
           tag = "v${version}";

     

       18
       18
       +
           hash = "sha256-RUOIOXrpoNGxoKwUlgkPsk4kTnA95E+iwYIjBzSBoTA=";

     

       19
       19
       +
         };

     

       20
       20
       +
         meta = {

     

       21
       21
       +
           description = "Kanban-style project mastering tool for everyone";

     

       22
       22
       +
           homepage = "https://docs.planka.cloud/";

     

       23
       23
       +
           license = {

     

       24
       24
       +
             fullName = "Planka Community License";

     

       25
       25
       +
             url = "https://github.com/plankanban/planka/blob/master/LICENSE.md";

     

       26
       26
       +
             free = false;

     

       27
       27
       +
             redistributable = true;

     

       28
       28
       +
           };

     

       29
       29
       +
           maintainers = with lib.maintainers; [ pyrox0 ];

     

       30
       30
       +
         };

     

       31
       31
       +
       

     

       32
       32
       +
         frontend = stdenv.mkDerivation (finalAttrs: {

     

       33
       33
       +
           pname = "planka-frontend";

     

       34
       34
       +
           inherit version src meta;

     

       35
       35
       +
       

     

       36
       36
       +
           sourceRoot = "${finalAttrs.src.name}/client";

     

       37
       37
       +
       

     

       38
       38
       +
           npmDeps = fetchNpmDeps {

     

       39
       39
       +
             inherit (finalAttrs) src sourceRoot;

     

       40
       40
       +
             hash = "sha256-XtVwO8253XBVtG0jrikeVr1yaS1PpphCbN5B6jz54qc=";

     

       41
       41
       +
           };

     

       42
       42
       +
       

     

       43
       43
       +
           npmFlags = [

     

       44
       44
       +
             "--ignore-scripts"

     

       45
       45
       +
           ];

     

       46
       46
       +
       

     

       47
       47
       +
           nativeBuildInputs = [

     

       48
       48
       +
             npmHooks.npmConfigHook

     

       49
       49
       +
             nodejs

     

       50
       50
       +
             dart-sass

     

       51
       51
       +
           ];

     

       52
       52
       +
       

     

       53
       53
       +
           buildPhase = ''

     

       54
       54
       +
             runHook preBuild

     

       55
       55
       +
       

     

       56
       56
       +
             npx patch-package

     

       57
       57
       +
       

     

       58
       58
       +
             # Replace dart path in sass-embedded since node_modules doesn't have the native binary

     

       59
       59
       +
             substituteInPlace node_modules/sass-embedded/dist/lib/src/compiler-path.js \

     

       60
       60
       +
               --replace-fail 'compilerCommand = (() => {' 'compilerCommand = (() => { return ["${lib.getExe dart-sass}"];'

     

       61
       61
       +
       

     

       62
       62
       +
             npm run build

     

       63
       63
       +
       

     

       64
       64
       +
             runHook postBuild

     

       65
       65
       +
           '';

     

       66
       66
       +
       

     

       67
       67
       +
           installPhase = ''

     

       68
       68
       +
             runHook preInstall

     

       69
       69
       +
       

     

       70
       70
       +
             mkdir $out/

     

       71
       71
       +
             mv dist $out/dist

     

       72
       72
       +
       

     

       73
       73
       +
             runHook postInstall

     

       74
       74
       +
           '';

     

       75
       75
       +
         });

     

       76
       76
       +
       

     

       77
       77
       +
         serverPython = python3.withPackages (ps: [ ps.apprise ]);

     

       78
       78
       +
       in

     

       79
       79
       +
       stdenv.mkDerivation (finalAttrs: {

     

       80
       80
       +
         pname = "planka";

     

       81
       81
       +
         inherit version src;

     

       82
       82
       +
       

     

       83
       83
       +
         sourceRoot = "${finalAttrs.src.name}/server";

     

       84
       84
       +
       

     

       85
       85
       +
         npmDeps = fetchNpmDeps {

     

       86
       86
       +
           inherit (finalAttrs) src sourceRoot;

     

       87
       87
       +
           hash = "sha256-yW9uzPALGdPrrUV129ToXayLyeLbAK9mCl2emCPYUdc=";

     

       88
       88
       +
         };

     

       89
       89
       +
       

     

       90
       90
       +
         npmFlags = [ "--ignore-scripts" ];

     

       91
       91
       +
       

     

       92
       92
       +
         nativeBuildInputs = [

     

       93
       93
       +
           npmHooks.npmConfigHook

     

       94
       94
       +
           nodejs

     

       95
       95
       +
         ];

     

       96
       96
       +
       

     

       97
       97
       +
         buildInputs = [

     

       98
       98
       +
           serverPython

     

       99
       99
       +
           nodejs

     

       100
       100
       +
         ];

     

       101
       101
       +
       

     

       102
       102
       +
         preBuild = ''

     

       103
       103
       +
           # Patch notifs helper to use nixpkgs' python

     

       104
       104
       +
           substituteInPlace api/helpers/utils/send-notifications.js \

     

       105
       105
       +
             --replace-fail '(`$' '(`' \

     

       106
       106
       +
             --replace-fail "{sails.config.appPath}/.venv/bin/python3" "${lib.getExe serverPython}"

     

       107
       107
       +
         '';

     

       108
       108
       +
       

     

       109
       109
       +
         buildPhase = ''

     

       110
       110
       +
           runHook preBuild

     

       111
       111
       +
       

     

       112
       112
       +
           npx patch-package

     

       113
       113
       +
       

     

       114
       114
       +
           runHook postBuild

     

       115
       115
       +
         '';

     

       116
       116
       +
       

     

       117
       117
       +
         installPhase = ''

     

       118
       118
       +
           runHook preInstall

     

       119
       119
       +
       

     

       120
       120
       +
           npm prune --omit=dev --no-save $npmFlags "$${npmFlagsArray[@]}"

     

       121
       121
       +
           find node_modules -maxdepth 1 -type d -empty -delete

     

       122
       122
       +
       

     

       123
       123
       +
           mkdir -p $out/lib/node_modules/planka

     

       124
       124
       +
           mkdir $out/bin

     

       125
       125
       +
           mv * $out/lib/node_modules/planka

     

       126
       126
       +
           cp -t $out/lib/node_modules/planka/public -r ${frontend}/dist/*

     

       127
       127
       +
           cp ${frontend}/dist/index.html $out/lib/node_modules/planka/views/index.html

     

       128
       128
       +
       

     

       129
       129
       +
           ln -s $out/lib/node_modules/planka/start.sh $out/bin/planka

     

       130
       130
       +
       

     

       131
       131
       +
           runHook postInstall

     

       132
       132
       +
         '';

     

       133
       133
       +
       

     

       134
       134
       +
         passthru.updateScript = nix-update-script { extraArgs = [ "--version=unstable" ]; };

     

       135
       135
       +
         meta = meta // {

     

       136
       136
       +
           mainProgram = "planka";

     

       137
       137
       +
         };

     

       138
       138
       +
       })

+26

packages.nix

···

       1
       1
       +
       {

     

       2
       2
       +
         perSystem =

     

       3
       3
       +
           {

     

       4
       4
       +
             pkgs,

     

       5
       5
       +
             lib,

     

       6
       6
       +
             ...

     

       7
       7
       +
           }:

     

       8
       8
       +
           let

     

       9
       9
       +
             packages = lib.packagesFromDirectoryRecursive {

     

       10
       10
       +
               inherit (pkgs) callPackage;

     

       11
       11
       +
               directory = ./packages;

     

       12
       12
       +
             };

     

       13
       13
       +
           in

     

       14
       14
       +
           {

     

       15
       15
       +
             legacyPackages = packages;

     

       16
       16
       +
             packages = lib.filterAttrs (

     

       17
       17
       +
               _: pkg:

     

       18
       18
       +
               let

     

       19
       19
       +
                 isDerivation = lib.isDerivation pkg;

     

       20
       20
       +
                 availableOnHost = lib.meta.availableOn pkgs.stdenv.hostPlatform pkg;

     

       21
       21
       +
                 isBroken = pkg.meta.broken or false;

     

       22
       22
       +
               in

     

       23
       23
       +
               isDerivation && !isBroken && availableOnHost

     

       24
       24
       +
             ) packages;

     

       25
       25
       +
           };

     

       26
       26
       +
       }

Compare changes