···

       
406
       
 
       
        "type": "github"

     

       
407
       
 
       
      }

     

       
408
       
 
       
    },

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
409
       
 
       
    "gomod2nix": {

     

       
410
       
 
       
      "inputs": {

     

       
411
       
 
       
        "nixpkgs": [

     
···

       
470
       
 
       
        "type": "github"

     

       
471
       
 
       
      }

     

       
472
       
 
       
    },

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
473
       
 
       
    "hyperbib-eeg": {

     

       
474
       
 
       
      "inputs": {

     

       
475
       
 
       
        "flake-utils": "flake-utils_5",

     
···

       
514
       
 
       
        "owner": "RyanGibb",

     

       
515
       
 
       
        "repo": "i3-workspace-history",

     

       
516
       
 
       
        "type": "github"

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
517
       
 
       
      }

     

       
518
       
 
       
    },

     

       
519
       
 
       
    "mirage-opam-overlays": {

     
···

       
1103
       
 
       
        "nixpkgs-sonarr": "nixpkgs-sonarr",

     

       
1104
       
 
       
        "nixpkgs-unstable": "nixpkgs-unstable",

     

       
1105
       
 
       
        "nur": "nur",

     

       
0
       
 
       

     

       
1106
       
 
       
        "timewall": "timewall"

     

       
1107
       
 
       
      }

     

       
1108
       
 
       
    },

     
···

       
1245
       
 
       
      "original": {

     

       
1246
       
 
       
        "owner": "nix-systems",

     

       
1247
       
 
       
        "repo": "default",

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
1248
       
 
       
        "type": "github"

     

       
1249
       
 
       
      }

     

       
1250
       
 
       
    },

     

···

       
406
       
 
       
        "type": "github"

     

       
407
       
 
       
      }

     

       
408
       
 
       
    },

     

       
409
       
+
       
    "gitignore": {

     

       
410
       
+
       
      "inputs": {

     

       
411
       
+
       
        "nixpkgs": [

     

       
412
       
+
       
          "tangled",

     

       
413
       
+
       
          "nixpkgs"

     

       
414
       
+
       
        ]

     

       
415
       
+
       
      },

     

       
416
       
+
       
      "locked": {

     

       
417
       
+
       
        "lastModified": 1709087332,

     

       
418
       
+
       
        "narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=",

     

       
419
       
+
       
        "owner": "hercules-ci",

     

       
420
       
+
       
        "repo": "gitignore.nix",

     

       
421
       
+
       
        "rev": "637db329424fd7e46cf4185293b9cc8c88c95394",

     

       
422
       
+
       
        "type": "github"

     

       
423
       
+
       
      },

     

       
424
       
+
       
      "original": {

     

       
425
       
+
       
        "owner": "hercules-ci",

     

       
426
       
+
       
        "repo": "gitignore.nix",

     

       
427
       
+
       
        "type": "github"

     

       
428
       
+
       
      }

     

       
429
       
+
       
    },

     

       
430
       
 
       
    "gomod2nix": {

     

       
431
       
 
       
      "inputs": {

     

       
432
       
 
       
        "nixpkgs": [

     
···

       
491
       
 
       
        "type": "github"

     

       
492
       
 
       
      }

     

       
493
       
 
       
    },

     

       
494
       
+
       
    "htmx-src": {

     

       
495
       
+
       
      "flake": false,

     

       
496
       
+
       
      "locked": {

     

       
497
       
+
       
        "narHash": "sha256-nm6avZuEBg67SSyyZUhjpXVNstHHgUxrtBHqJgowU08=",

     

       
498
       
+
       
        "type": "file",

     

       
499
       
+
       
        "url": "https://unpkg.com/htmx.org@2.0.4/dist/htmx.min.js"

     

       
500
       
+
       
      },

     

       
501
       
+
       
      "original": {

     

       
502
       
+
       
        "type": "file",

     

       
503
       
+
       
        "url": "https://unpkg.com/htmx.org@2.0.4/dist/htmx.min.js"

     

       
504
       
+
       
      }

     

       
505
       
+
       
    },

     

       
506
       
 
       
    "hyperbib-eeg": {

     

       
507
       
 
       
      "inputs": {

     

       
508
       
 
       
        "flake-utils": "flake-utils_5",

     
···

       
547
       
 
       
        "owner": "RyanGibb",

     

       
548
       
 
       
        "repo": "i3-workspace-history",

     

       
549
       
 
       
        "type": "github"

     

       
550
       
+
       
      }

     

       
551
       
+
       
    },

     

       
552
       
+
       
    "ia-fonts-src": {

     

       
553
       
+
       
      "flake": false,

     

       
554
       
+
       
      "locked": {

     

       
555
       
+
       
        "lastModified": 1686932517,

     

       
556
       
+
       
        "narHash": "sha256-2T165nFfCzO65/PIHauJA//S+zug5nUwPcg8NUEydfc=",

     

       
557
       
+
       
        "owner": "iaolo",

     

       
558
       
+
       
        "repo": "iA-Fonts",

     

       
559
       
+
       
        "rev": "f32c04c3058a75d7ce28919ce70fe8800817491b",

     

       
560
       
+
       
        "type": "github"

     

       
561
       
+
       
      },

     

       
562
       
+
       
      "original": {

     

       
563
       
+
       
        "owner": "iaolo",

     

       
564
       
+
       
        "repo": "iA-Fonts",

     

       
565
       
+
       
        "type": "github"

     

       
566
       
+
       
      }

     

       
567
       
+
       
    },

     

       
568
       
+
       
    "indigo": {

     

       
569
       
+
       
      "flake": false,

     

       
570
       
+
       
      "locked": {

     

       
571
       
+
       
        "lastModified": 1738491661,

     

       
572
       
+
       
        "narHash": "sha256-+njDigkvjH4XmXZMog5Mp0K4x9mamHX6gSGJCZB9mE4=",

     

       
573
       
+
       
        "owner": "oppiliappan",

     

       
574
       
+
       
        "repo": "indigo",

     

       
575
       
+
       
        "rev": "feb802f02a462ac0a6392ffc3e40b0529f0cdf71",

     

       
576
       
+
       
        "type": "github"

     

       
577
       
+
       
      },

     

       
578
       
+
       
      "original": {

     

       
579
       
+
       
        "owner": "oppiliappan",

     

       
580
       
+
       
        "repo": "indigo",

     

       
581
       
+
       
        "type": "github"

     

       
582
       
+
       
      }

     

       
583
       
+
       
    },

     

       
584
       
+
       
    "lucide-src": {

     

       
585
       
+
       
      "flake": false,

     

       
586
       
+
       
      "locked": {

     

       
587
       
+
       
        "narHash": "sha256-5ipNSxTlQ7627lGgsyZxk7vS1sr9RkrlR8/QMj2Zg6s=",

     

       
588
       
+
       
        "type": "file",

     

       
589
       
+
       
        "url": "https://unpkg.com/lucide@0.482.0"

     

       
590
       
+
       
      },

     

       
591
       
+
       
      "original": {

     

       
592
       
+
       
        "type": "file",

     

       
593
       
+
       
        "url": "https://unpkg.com/lucide@0.482.0"

     

       
594
       
 
       
      }

     

       
595
       
 
       
    },

     

       
596
       
 
       
    "mirage-opam-overlays": {

     
···

       
1180
       
 
       
        "nixpkgs-sonarr": "nixpkgs-sonarr",

     

       
1181
       
 
       
        "nixpkgs-unstable": "nixpkgs-unstable",

     

       
1182
       
 
       
        "nur": "nur",

     

       
1183
       
+
       
        "tangled": "tangled",

     

       
1184
       
 
       
        "timewall": "timewall"

     

       
1185
       
 
       
      }

     

       
1186
       
 
       
    },

     
···

       
1323
       
 
       
      "original": {

     

       
1324
       
 
       
        "owner": "nix-systems",

     

       
1325
       
 
       
        "repo": "default",

     

       
1326
       
+
       
        "type": "github"

     

       
1327
       
+
       
      }

     

       
1328
       
+
       
    },

     

       
1329
       
+
       
    "tangled": {

     

       
1330
       
+
       
      "inputs": {

     

       
1331
       
+
       
        "gitignore": "gitignore",

     

       
1332
       
+
       
        "htmx-src": "htmx-src",

     

       
1333
       
+
       
        "ia-fonts-src": "ia-fonts-src",

     

       
1334
       
+
       
        "indigo": "indigo",

     

       
1335
       
+
       
        "lucide-src": "lucide-src",

     

       
1336
       
+
       
        "nixpkgs": [

     

       
1337
       
+
       
          "nixpkgs"

     

       
1338
       
+
       
        ]

     

       
1339
       
+
       
      },

     

       
1340
       
+
       
      "locked": {

     

       
1341
       
+
       
        "lastModified": 1742406297,

     

       
1342
       
+
       
        "narHash": "sha256-cgvmt451qgo44nLYdYkxs02btGyCROj9esDzZRRRU10=",

     

       
1343
       
+
       
        "owner": "RyanGibb",

     

       
1344
       
+
       
        "repo": "tangled",

     

       
1345
       
+
       
        "rev": "396ea88e0c5e7e50de3bc77a3fb72bcb19b64e85",

     

       
1346
       
+
       
        "type": "github"

     

       
1347
       
+
       
      },

     

       
1348
       
+
       
      "original": {

     

       
1349
       
+
       
        "owner": "RyanGibb",

     

       
1350
       
+
       
        "repo": "tangled",

     

       
1351
       
 
       
        "type": "github"

     

       
1352
       
 
       
      }

     

       
1353
       
 
       
    },

     

···

       
21
       
 
       
    nix-rpi5.url = "gitlab:vriska/nix-rpi5?ref=main";

     

       
22
       
 
       
    nur.url = "github:nix-community/NUR/e9e77b7985ef9bdeca12a38523c63d47555cc89b";

     

       
23
       
 
       
    timewall.url = "github:bcyran/timewall/";

     

       
0
       
 
       

     

       
24
       
 
       


     

       
25
       
 
       
    # deduplicate flake inputs

     

       
26
       
 
       
    eilean.inputs.nixpkgs.follows = "nixpkgs";

     
···

       
38
       
 
       
    nix-rpi5.inputs.nixpkgs.follows = "nixpkgs";

     

       
39
       
 
       
    nur.inputs.nixpkgs.follows = "nixpkgs";

     

       
40
       
 
       
    timewall.inputs.nixpkgs.follows = "nixpkgs";

     

       
0
       
 
       

     

       
41
       
 
       
  };

     

       
42
       
 
       


     

       
43
       
 
       
  outputs =

     

···

       
21
       
 
       
    nix-rpi5.url = "gitlab:vriska/nix-rpi5?ref=main";

     

       
22
       
 
       
    nur.url = "github:nix-community/NUR/e9e77b7985ef9bdeca12a38523c63d47555cc89b";

     

       
23
       
 
       
    timewall.url = "github:bcyran/timewall/";

     

       
24
       
+
       
    tangled.url = "github:RyanGibb/tangled/";

     

       
25
       
 
       


     

       
26
       
 
       
    # deduplicate flake inputs

     

       
27
       
 
       
    eilean.inputs.nixpkgs.follows = "nixpkgs";

     
···

       
39
       
 
       
    nix-rpi5.inputs.nixpkgs.follows = "nixpkgs";

     

       
40
       
 
       
    nur.inputs.nixpkgs.follows = "nixpkgs";

     

       
41
       
 
       
    timewall.inputs.nixpkgs.follows = "nixpkgs";

     

       
42
       
+
       
    tangled.inputs.nixpkgs.follows = "nixpkgs";

     

       
43
       
 
       
  };

     

       
44
       
 
       


     

       
45
       
 
       
  outputs =

     

···

       
53
       
 
       
    ../../modules/ryan-website.nix

     

       
54
       
 
       
    ../../modules/alec-website.nix

     

       
55
       
 
       
    ../../modules/fn06-website.nix

     

       
0
       
 
       

     

       
56
       
 
       
  ];

     

       
57
       
 
       


     

       
58
       
 
       
  environment.systemPackages = with pkgs; [

     
···

       
241
       
 
       
          value = "vps";

     

       
242
       
 
       
        }

     

       
243
       
 
       


     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
244
       
 
       
        # generate with

     

       
245
       
 
       
        #   sudo openssl x509 -in /var/lib/acme/mail.freumh.org/fullchain.pem -pubkey -noout | openssl pkey -pubin -outform der | sha256sum | awk '{print "3 1 1", $1}'

     

       
246
       
 
       
        {

     
···

       
406
       
 
       
  security.acme-eon.nginxCerts = [

     

       
407
       
 
       
    "capybara.fn06.org"

     

       
408
       
 
       
    "shrew.freumh.org"

     

       
0
       
 
       

     

       
409
       
 
       
  ];

     

       
410
       
 
       
  services.nginx.virtualHosts."capybara.fn06.org" = {

     

       
411
       
 
       
    forceSSL = true;

     
···

       
508
       
 
       
  networking.firewall.allowedTCPPorts = [ 7001 ];

     

       
509
       
 
       


     

       
510
       
 
       
  services.openssh.openFirewall = true;

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
511
       
 
       
}

     

···

       
53
       
 
       
    ../../modules/ryan-website.nix

     

       
54
       
 
       
    ../../modules/alec-website.nix

     

       
55
       
 
       
    ../../modules/fn06-website.nix

     

       
56
       
+
       
    inputs.tangled.nixosModules.knotserver

     

       
57
       
 
       
  ];

     

       
58
       
 
       


     

       
59
       
 
       
  environment.systemPackages = with pkgs; [

     
···

       
242
       
 
       
          value = "vps";

     

       
243
       
 
       
        }

     

       
244
       
 
       


     

       
245
       
+
       
        {

     

       
246
       
+
       
          name = "knot";

     

       
247
       
+
       
          type = "CNAME";

     

       
248
       
+
       
          value = "vps";

     

       
249
       
+
       
        }

     

       
250
       
+
       


     

       
251
       
 
       
        # generate with

     

       
252
       
 
       
        #   sudo openssl x509 -in /var/lib/acme/mail.freumh.org/fullchain.pem -pubkey -noout | openssl pkey -pubin -outform der | sha256sum | awk '{print "3 1 1", $1}'

     

       
253
       
 
       
        {

     
···

       
413
       
 
       
  security.acme-eon.nginxCerts = [

     

       
414
       
 
       
    "capybara.fn06.org"

     

       
415
       
 
       
    "shrew.freumh.org"

     

       
416
       
+
       
    "knot.freumh.org"

     

       
417
       
 
       
  ];

     

       
418
       
 
       
  services.nginx.virtualHosts."capybara.fn06.org" = {

     

       
419
       
 
       
    forceSSL = true;

     
···

       
516
       
 
       
  networking.firewall.allowedTCPPorts = [ 7001 ];

     

       
517
       
 
       


     

       
518
       
 
       
  services.openssh.openFirewall = true;

     

       
519
       
+
       


     

       
520
       
+
       
  age.secrets.tangled = {

     

       
521
       
+
       
    file = ../../secrets/tangled.age;

     

       
522
       
+
       
    mode = "660";

     

       
523
       
+
       
    owner = "git";

     

       
524
       
+
       
    group = "git";

     

       
525
       
+
       
  };

     

       
526
       
+
       
  services.tangled-knotserver = {

     

       
527
       
+
       
    enable = true;

     

       
528
       
+
       
    repo.mainBranch = "master";

     

       
529
       
+
       
    server.hostname = "knot.freumh.org";

     

       
530
       
+
       
    server = {

     

       
531
       
+
       
      secretFile = config.age.secrets.tangled.path;

     

       
532
       
+
       
      listenAddr = "127.0.0.1:5555";

     

       
533
       
+
       
      internalListenAddr = "127.0.0.1:5444";

     

       
534
       
+
       
    };

     

       
535
       
+
       
  };

     

       
536
       
+
       
  services.nginx.virtualHosts."knot.freumh.org" = {

     

       
537
       
+
       
    forceSSL = true;

     

       
538
       
+
       
    locations."/" = {

     

       
539
       
+
       
      proxyPass = ''

     

       
540
       
+
       
        http://${config.services.tangled-knotserver.server.listenAddr}

     

       
541
       
+
       
      '';

     

       
542
       
+
       
      proxyWebsockets = true;

     

       
543
       
+
       
    };

     

       
544
       
+
       
  };

     

       
545
       
 
       
}

     

···

       
47
       
 
       
    owl

     

       
48
       
 
       
  ];

     

       
49
       
 
       
  "eon-sirref-primary.cap.age".publicKeys = user ++ [ owl ];

     

       
0
       
 
       

     

       
50
       
 
       
}

     

···

       
47
       
 
       
    owl

     

       
48
       
 
       
  ];

     

       
49
       
 
       
  "eon-sirref-primary.cap.age".publicKeys = user ++ [ owl ];

     

       
50
       
+
       
  "tangled.age".publicKeys = user ++ [ owl ];

     

       
51
       
 
       
}

     

···

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

···

       
1
       
+
       
age-encryption.org/v1

     

       
2
       
+
       
-> ssh-ed25519 2wDnOw Ttbl5LTzHDAP3kG7kbRErJr+ayerVYZIWZeLPmZmD0U

     

       
3
       
+
       
Uvon5zchwp3jwP/wHJ5/jIrmDhSVOxGKEhLGPtnQj9w

     

       
4
       
+
       
-> ssh-ed25519 suwb0g N+Z7lyQailIdkJMiCuFapSN3LhYphejMvB0x4Au1zBI

     

       
5
       
+
       
dC6ju3bdhzyLB19/WFwgmr+HxTG9vd2fO/EB/WYjodM

     

       
6
       
+
       
--- s2WjTwvpTi8jhAn0/yqBcTmzh77wbpYulovyEdGE7KQ

     

       
7
       
+
       
G����}w����{� n�od&i,V����U��%�'!R46�{>� )>to�]Hh�����2F��A����Tv�!�;���)R�lM%U=|W"?*��e��"����i�KB�F