···

       
1
       
-
       
# Do not edit this file.  To specify the files to encrypt, create your own

     

       
2
       
-
       
# .gitattributes file in the directory where your files are.

     

       
3
       
-
       
* !filter !diff

     

       
4
       
-
       
*.gpg binary

     

···

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

···

       
1
       
-
       
*.cry filter=git-crypt diff=git-crypt

     

···

       
0
       
 
       

     

···

       
70
       
 
       
        run: nix build .#nixosConfigurations."${{ matrix.host }}".config.system.build.toplevel

     

       
71
       
 
       


     

       
72
       
 
       
      - name: Setup attic and push to cache

     

       
0
       
 
       

     

       
73
       
 
       
        run: |

     

       
74
       
 
       
          nix run github:zhaofengli/attic#default login nbsm https://nonbunary.soopy.moe ${access_token}

     

       
75
       
-
       
          nix run github:zhaofengli/attic#default push gensokyo-${{ matrix.host }} result

     

       
76
       
 
       
        env:

     

       
77
       
 
       
          access_token: ${{ secrets.ATTIC_ACCESS_TOKEN }}

     

       
78
       
 
       
        continue-on-error: true

     

···

       
70
       
 
       
        run: nix build .#nixosConfigurations."${{ matrix.host }}".config.system.build.toplevel

     

       
71
       
 
       


     

       
72
       
 
       
      - name: Setup attic and push to cache

     

       
73
       
+
       
        if: ${{ github.event_name != 'pull_request' }}

     

       
74
       
 
       
        run: |

     

       
75
       
 
       
          nix run github:zhaofengli/attic#default login nbsm https://nonbunary.soopy.moe ${access_token}

     

       
76
       
+
       
          nix run github:zhaofengli/attic#default push gensokyo-systems result

     

       
77
       
 
       
        env:

     

       
78
       
 
       
          access_token: ${{ secrets.ATTIC_ACCESS_TOKEN }}

     

       
79
       
 
       
        continue-on-error: true

     

···

       
1
       
-
       
name: Deploy repo docs page with Jekyll and GH Pages

     

       
2
       
-
       


     

       
3
       
-
       
on:

     

       
4
       
-
       
  # Runs on pushes targeting the default branch

     

       
5
       
-
       
  push:

     

       
6
       
-
       
    branches: ["main"]

     

       
7
       
-
       


     

       
8
       
-
       
  # Allows you to run this workflow manually from the Actions tab

     

       
9
       
-
       
  workflow_dispatch:

     

       
10
       
-
       


     

       
11
       
-
       
# Sets permissions of the GITHUB_TOKEN to allow deployment to GitHub Pages

     

       
12
       
-
       
permissions:

     

       
13
       
-
       
  contents: read

     

       
14
       
-
       
  pages: write

     

       
15
       
-
       
  id-token: write

     

       
16
       
-
       


     

       
17
       
-
       
# Allow only one concurrent deployment, skipping runs queued between the run in-progress and latest queued.

     

       
18
       
-
       
# However, do NOT cancel in-progress runs as we want to allow these production deployments to complete.

     

       
19
       
-
       
concurrency:

     

       
20
       
-
       
  group: "pages"

     

       
21
       
-
       
  cancel-in-progress: false

     

       
22
       
-
       


     

       
23
       
-
       
jobs:

     

       
24
       
-
       
  # Build job

     

       
25
       
-
       
  build:

     

       
26
       
-
       
    runs-on: ubuntu-latest

     

       
27
       
-
       
    steps:

     

       
28
       
-
       
      - name: Checkout

     

       
29
       
-
       
        uses: actions/checkout@v3

     

       
30
       
-
       
      - name: Setup Pages

     

       
31
       
-
       
        uses: actions/configure-pages@v3

     

       
32
       
-
       
      - name: Build with Jekyll

     

       
33
       
-
       
        uses: actions/jekyll-build-pages@v1

     

       
34
       
-
       
        with:

     

       
35
       
-
       
          source: ./

     

       
36
       
-
       
          destination: ./_site

     

       
37
       
-
       
      - name: Upload artifact

     

       
38
       
-
       
        uses: actions/upload-pages-artifact@v2

     

       
39
       
-
       


     

       
40
       
-
       
  # Deployment job

     

       
41
       
-
       
  deploy:

     

       
42
       
-
       
    environment:

     

       
43
       
-
       
      name: github-pages

     

       
44
       
-
       
      url: ${{ steps.deployment.outputs.page_url }}

     

       
45
       
-
       
    runs-on: ubuntu-latest

     

       
46
       
-
       
    needs: build

     

       
47
       
-
       
    steps:

     

       
48
       
-
       
      - name: Deploy to GitHub Pages

     

       
49
       
-
       
        id: deployment

     

       
50
       
-
       
        uses: actions/deploy-pages@v2

     

···

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

···

       
1
       
 
       
name: "Update Flake Lockfile"

     

       
2
       
 
       


     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
3
       
 
       
on:

     

       
4
       
 
       
  workflow_dispatch:

     

       
5
       
 
       
  schedule:

     

···

       
1
       
 
       
name: "Update Flake Lockfile"

     

       
2
       
 
       


     

       
3
       
+
       
permissions:

     

       
4
       
+
       
  pull-requests: write

     

       
5
       
+
       
  contents: write

     

       
6
       
+
       


     

       
7
       
 
       
on:

     

       
8
       
 
       
  workflow_dispatch:

     

       
9
       
 
       
  schedule:

     

···

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

···

       
1
       
+
       
keys:

     

       
2
       
+
       
  # maintainers

     

       
3
       
+
       
  - &soopyc_mpxl7a age10rkyshu0lswdqyvun4cs9cekm9zt4fw5c8ssa38tn3lukgcahcvsltnqx2

     

       
4
       
+
       
  - &soopyc_pgp302 8F3B277901484C6EA7E63F82D539637D518022C6

     

       
5
       
+
       
  # - &soopyc_age302 age1yubikey1qgmfcf0vddslyza7djdekjjk3t3u29d474c5xscmcdye8x3spvhlxxj23xz

     

       
6
       
+
       
  # failed to parse input as Bech32-encoded age public key: malformed recipient "age1yubikey1qgmfcf0vddslyza7djdekjjk3t3u29d474c5xscmcdye8x3spvhlxxj23xz": invalid type "age1yubikey"

     

       
7
       
+
       


     

       
8
       
+
       
  # Hosts

     

       
9
       
+
       
  - &koumakan_ssh age18h7hya5terghrwawgpny28swlat2nqkdrfd4clk0svujqlz9xfusd3zeqt

     

       
10
       
+
       


     

       
11
       
+
       
default_group: &default_group

     

       
12
       
+
       
  pgp:

     

       
13
       
+
       
    - *soopyc_pgp302

     

       
14
       
+
       
  age:

     

       
15
       
+
       
    # - *soopyc_age302

     

       
16
       
+
       
    - *soopyc_mpxl7a

     

       
17
       
+
       


     

       
18
       
+
       
creation_rules:

     

       
19
       
+
       
  - path_regex: creds/sops/koumakan.yaml

     

       
20
       
+
       
    key_groups:

     

       
21
       
+
       
      - <<: *default_group

     

       
22
       
+
       
        age:

     

       
23
       
+
       
          - *koumakan_ssh

     

···

       
0
       
 
       

     

       
0
       
 
       

     

       
1
       
 
       
# Cow

     

       
2
       
 
       
![a yak on some grass](docs/quaritsch-photography-1_6rJHQ2Gmw-unsplash.jpg)

     

       
3
       
 
       


     

···

       
1
       
+
       
[![Check and Build configuration](https://github.com/soopyc/nix-on-koumakan/actions/workflows/build.yaml/badge.svg?branch=main)](https://github.com/soopyc/nix-on-koumakan/actions/workflows/build.yaml)

     

       
2
       
+
       


     

       
3
       
 
       
# Cow

     

       
4
       
 
       
![a yak on some grass](docs/quaritsch-photography-1_6rJHQ2Gmw-unsplash.jpg)

     

       
5
       
 
       


     

···

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

···

       
1
       
+
       
# to use, make sure `sops` is in your path and run

     

       
2
       
+
       
#  git config diff.sopsdiff.textconv "sops -d"

     

       
3
       
+
       
*.yaml diff=sopsdiff

     

···

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

···

       
1
       
+
       
comment_unencrypted: See https://github.com/Mic92/sops-nix/issues/120 for synapse.yaml quirks

     

       
2
       
+
       
synapse.yaml: ENC[AES256_GCM,data:eQsUW4mwbSPzsoi8HIEngfU5x/PEaqPxvx1AXXJJj7WDX9RsPtQOqQJjuTAEPtz32Hm1nob+VVYuzAXXfCO8Cd0CIHG+xlV4cWNc4JB8wj1YgtMJu9J3yC7iv3HMULT0TL8MxmwWYKqSPKIVarLVN5gQl1G1SAfxEK3ET6qtmkmCD8y6ZVM/84fTR5lxpLe82CaplbUHXEHKk51XwGYLSp5IZsPwtMMFhYuaoqCsEVr65IiSozbD4LKddYNQKUlYmkSfThQsoPpe9ixE7+HS11S+LklyP1q3usWTfOPsQS8k5NJdcGkrCH2A4ddjWkDBAzdav3qauYoQEvbMd8BpoDqD/67lKuvoyXqDoPf5sLrQcxcUl8ObTI1I8zWhabGa9uTuiaTd3wYdMhvMvs/KIfPXNDqcBuIY9sR6LQmY2Zb9+FtYiQVnrr0XmzjB59oN023y1xC/xqkgRyXysndhnj4P1Q+PYbOMQi7hwAjM5xMk/mLkpLn41Ju4u0MqDwHSxA/NXbsEBp/u3Tim2jsrMZqjRZwQHt1n/gtMjm2cMTminM99c/fV2fcvAmcNB9u1KWgEte1JjQSRftg7pkaznYlfrQLyCQYghVu3kgeAJCaSPMewHVWOF/onTauNHYFMlJ8VDUuYOnt2LNJUk1Wap5dGfKm7661mTeYB8aw0h3111YEViuGkSp+oM5A8X6CBI6YsYYOWq5Qd+A3fFJVpcf9hhhdx0JsRmR3EZOupIVx5Y4ruuA6ipj/xMDRNfTZjqukpn3Y1s5xTjUYEo3moLdgd1PYxAVIY/KjPn31pmRThGG1NZpYHZ1yjmptVydtqf/tTd32i3e0WjIjUEZD1NE7Z5AiWJ+XAEaE3S804C6QxN1jHZvqIokA9C4HO+R/es1uDyf2KDvxf1It0hMLg7CAnq1AQcbLCDqXXZaqibSRNfv09lO4jZ3vBe3owvd1wGbK513nqC6m2gh8YDYiHdw7UlXMbMP9+,iv:fvaZQ66VKU+uzvn5AwTIFgzz+F2kJ8/QR2AfmynRfGU=,tag:8c/cAMZ6c7h3J+shh7l7tw==,type:str]

     

       
3
       
+
       
matrix-signing-key: ENC[AES256_GCM,data:u6miE2oM3TUXaQ7wc776SwSMaOAxJOVlpl2kBW+AjI/aDH5vcGBp0L0uTpZbVfOtIe+RDNEv5E/mKA==,iv:abvwkrNe324QCbWLwiPY0UwqezS0wbyk2Fvi0vs3SI0=,tag:ZmpDB9LHbezQrxuwHNgpRg==,type:str]

     

       
4
       
+
       
akkoma:

     

       
5
       
+
       
    dist:

     

       
6
       
+
       
        cookie: ENC[AES256_GCM,data:5jpsa4KsOAoCMGAt9laK9ioVTJfuT9+viKva8wDWRnAimVY6jDoNr4+hxVty6yQAAfSJYA7ddTxaSCEjnJtneg==,iv:V8+MpX/IEc57zEfhNGX5f+eMyipraaXDKPDNDOy0Ieo=,tag:+xCy18Ni8F5wYkO/4NbSzw==,type:str]

     

       
7
       
+
       
    endpoint:

     

       
8
       
+
       
        secret_base: ENC[AES256_GCM,data:l34Rj4iIQIykgzTLJolqWLQQz5pcfa0o5U/ZMKeNc2CBQedxiMXYrLSNOx6OuV38aqoOolccJEOSiVjfbTawtg==,iv:/x0ydo2gOPrhIZI7at877bzfFgMpraauozfLq95aHCk=,tag:RQI4aeLiAkAcWYlwLaTj5w==,type:str]

     

       
9
       
+
       
        salt: ENC[AES256_GCM,data:CP4805tG05A=,iv:aSun7ABJdbDQrFcrGQMM9H1/7d5lJqeMwO08gUYrD2A=,tag:ikhxbijsqyBFJs02j2j/vw==,type:str]

     

       
10
       
+
       
        live_view:

     

       
11
       
+
       
            salt: ENC[AES256_GCM,data:4fKLclucoV0=,iv:ZvWKutuMTOm2X8w8a0fOTq+ldrXemayIUY2PUcurY80=,tag:qkIB1gPCI5HO0G0mLEsV+w==,type:str]

     

       
12
       
+
       
    joken_default_signer: ENC[AES256_GCM,data:myCEFUkf8s1YNQAigjxygRYvbwkpsv7cqgs00fARe9nxSFl2wveWM5JcfOnoVPwVBVV2GaAjFe4oMWXkaTPtqg==,iv:Yk1f/fzzbruW64mvTTeiyTlbrOO/G47CKKfr9BLtQ5g=,tag:QLpM22ec+VWtkjx5U/mzCw==,type:str]

     

       
13
       
+
       
    search:

     

       
14
       
+
       
        meili:

     

       
15
       
+
       
            host_unencrypted: https://megumin.soopy.moe/

     

       
16
       
+
       
            key: ENC[AES256_GCM,data:00TLCUneHn7NcSK1joURfIzxNFWyOBf/0/fceOn4RMcMt59dZz9LOvbs3F8B0vcH7tf/eUi3SnhYJNyRdPklyw==,iv:t0kQUCmjhFw8Z2CTmYOPUNFvyiYfsXETU8GSxhRR5KE=,tag:CPjtd7jQzgHJDrsIjHlVFQ==,type:str]

     

       
17
       
+
       
    vapid:

     

       
18
       
+
       
        pub: ENC[AES256_GCM,data:HYMKjhVCW/7DsMfPPssEduuwWnFezH4OOq4hfAovI82RUPsfVEKhgvkI9INY8hArAb/AIfyyxZhVx+bd2QkPlnASz51L7MxPtkPfZNUKqafjlMmK0nwH,iv:154BP5EmBqnKyf9BND2laKV3caVxa34MCRzrsg6/dik=,tag:wHLYdI6oQXPUzbw8dSxgwg==,type:str]

     

       
19
       
+
       
        key: ENC[AES256_GCM,data:t+da4NLEPZBMvq3MQkFEr+Fsj3XMGPMFKUWwbHDWNJAyuUZuiVcn3zX0kw==,iv:yQLu5CFl73GCojMBa2II6OhLrNNinsiVG1aPOAx+HtM=,tag:n0oelXaNFvilyee+MRSB8A==,type:str]

     

       
20
       
+
       
    postgres:

     

       
21
       
+
       
        hostname: ENC[AES256_GCM,data:rFEnhnn/Bw85,iv:GM2SH4Gkvt8tLG8AYIKxfHTZvB1sT+hgIoqkiViH6Es=,tag:yyGY9/nS9WFcJTGXlYpz6Q==,type:str]

     

       
22
       
+
       
        database_unencrypted: akkoma

     

       
23
       
+
       
        username: ENC[AES256_GCM,data:6skzOqv1,iv:OQ6zNmDn0uqKqNKEqOHWY6VBuT/4/CHog7b0Pf0TAPM=,tag:8HLmGykXg2V4t4RHzB8yaA==,type:str]

     

       
24
       
+
       
        password: ENC[AES256_GCM,data:J3OewVKr2A3TlT7ZUTk7tQr4olFs7bKx47Lus4LGbwGAZfNEmyk9coFTeQ8L/EJ0hpLfPfD1OcGBc+p0ZWK/XQ==,iv:UFe/3H/AfTgSlJikHqE1IED3zINjDuOs5niXpGWXGYE=,tag:MvT0z3TMs1dehg4gp54MyQ==,type:str]

     

       
25
       
+
       
    smtp:

     

       
26
       
+
       
        username: ENC[AES256_GCM,data:N7XbQkngWcUGzn/SR4AXCQ==,iv:wBXWtRYawOkjumsvTPcKfvL95CCB+RbsEyJv0YUG3WA=,tag:vGQREe+Cv0ITTxszl21J2g==,type:str]

     

       
27
       
+
       
        password: ENC[AES256_GCM,data:oU/aWkVmDU8WJhmwqOcXJ/EngiF7hvfUzPwpdjwkyh7Dw50dyG5AY7b2+hh6LIv9RZrN4yU+fXPAYr1W21OG/A==,iv:ds8Bg9JSJdNHUXh0FvD5a4pquyRnIXowcsJcVV1TyB4=,tag:JoYqas2RGSv8xyvJT9wHAQ==,type:str]

     

       
28
       
+
       
        relay: ENC[AES256_GCM,data:F2NnRLSTO5kmbWy4fx0=,iv:omnyn+Xa/cjqK+9l5bI573aR2p7UsUvqGX5ZQGf3CD0=,tag:t4u/jLQ1nZchyxf3WrhW6w==,type:str]

     

       
29
       
+
       
sops:

     

       
30
       
+
       
    kms: []

     

       
31
       
+
       
    gcp_kms: []

     

       
32
       
+
       
    azure_kv: []

     

       
33
       
+
       
    hc_vault: []

     

       
34
       
+
       
    age:

     

       
35
       
+
       
        - recipient: age10rkyshu0lswdqyvun4cs9cekm9zt4fw5c8ssa38tn3lukgcahcvsltnqx2

     

       
36
       
+
       
          enc: |

     

       
37
       
+
       
            -----BEGIN AGE ENCRYPTED FILE-----

     

       
38
       
+
       
            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBYMFBMZHdrR2ZMaEErZVlE

     

       
39
       
+
       
            RmRZNnoxRVpVSDc5Rlg3MmhiVkxnK1NkNmljCjBsNE5oejcyOTRJRVVvdzJsMmw3

     

       
40
       
+
       
            SGdyaUM1T0JvN3lDQjd4V054MWc1UjQKLS0tIDVvSndXZ29KSC8yUW5SRjdIcEZL

     

       
41
       
+
       
            WkFkK1hsdzRnMmRBdDI0dWU3a1hBOEUKf+pJ6PAH1tPLXG14ghG4gxHpVN4D6TU1

     

       
42
       
+
       
            GHCvsS5qNW8Cjis/Ubb3PHJfFiN4quN3rLaM/Ivkl5G1gzf9cGSDyQ==

     

       
43
       
+
       
            -----END AGE ENCRYPTED FILE-----

     

       
44
       
+
       
        - recipient: age18h7hya5terghrwawgpny28swlat2nqkdrfd4clk0svujqlz9xfusd3zeqt

     

       
45
       
+
       
          enc: |

     

       
46
       
+
       
            -----BEGIN AGE ENCRYPTED FILE-----

     

       
47
       
+
       
            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBXbVhFQXJ5ZWVVZTJocmpn

     

       
48
       
+
       
            Q1VFc01mcnZLRGtqQVF0VjB3RU1DL0phaFVVCkFmU2w3WlhuTDFHYnF5VC9TM0xz

     

       
49
       
+
       
            VGdSSVpVbkN1Tlh4WnQxdHJkQU42dGMKLS0tIFVnVERoQWk1N1dmdWk0KzA0R1ZG

     

       
50
       
+
       
            cHJ5aWIrQ2Zrb1dhbC9yZ1lIMU1jbzgK4mx+S5bF6KBMe6+TrSZfaBcuWEg9cHyd

     

       
51
       
+
       
            tbJty1zxS9pndA/u3qz5EJxDouiAODvyAR07yeegtEcbw1FlG6W/gA==

     

       
52
       
+
       
            -----END AGE ENCRYPTED FILE-----

     

       
53
       
+
       
    lastmodified: "2023-09-14T17:13:38Z"

     

       
54
       
+
       
    mac: ENC[AES256_GCM,data:Jyx0f+w9fJ+B1lz4jVVkcKxd1xUh3FzxDhk+KaxJLVh0BG/1d8Nx0/cOnxZV1FfJkn5Z2wYiLzBPSvJKe8MjlExOSH1mIAnuXcSP6dvXp21bgX17CXM6OP91Ny6IvwSZriqs6EIpWOkZNdxsEnySwtECoQfgs09ZnA4qmbtb01U=,iv:XHnY20d0WsnaECF1/68eu2/xcGLGeGnzba+/kBxDcc0=,tag:alo+8B2fVHon0lHGsQSUyQ==,type:str]

     

       
55
       
+
       
    pgp:

     

       
56
       
+
       
        - created_at: "2023-09-08T14:11:19Z"

     

       
57
       
+
       
          enc: |-

     

       
58
       
+
       
            -----BEGIN PGP MESSAGE-----

     

       
59
       
+
       


     

       
60
       
+
       
            wV4DAxCcDC4ukRQSAQdA6IXTpPTgsoAuUSW0NqFw4MpqX4j3Wt9IqcGbrDobZGIw

     

       
61
       
+
       
            FFZDSKuMgO7ADZCFoADJ9OWOQBUyE3htwkXWjT/NQdBbVX3nuANbsfRfTdPN5NJt

     

       
62
       
+
       
            0lEB30Vck2fEXQsIGrIeg3pPRBl3U/z7F35tw+79EFZ5yOrAsOzSn3wzNA549/T7

     

       
63
       
+
       
            dEVnej/86D4ZxtMqMjVB2NjsXrphqd7ENozlljMM6QKkjtg=

     

       
64
       
+
       
            =juKF

     

       
65
       
+
       
            -----END PGP MESSAGE-----

     

       
66
       
+
       
          fp: 8F3B277901484C6EA7E63F82D539637D518022C6

     

       
67
       
+
       
    unencrypted_suffix: _unencrypted

     

       
68
       
+
       
    version: 3.7.3

     

···

       
0
       
 
       

     

       
1
       
 
       
# SmartCards

     

       
2
       
 
       
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGvCpt7yWIptJ9XFBhwVIj9zR30OzkWI976B/P5+0whD cardno:13 901 056

     

       
3
       
-
       
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGvCpt7yWIptJ9XFBhwVIj9zR30OzkWI976B/P5+0whD cardno:19 302 295

     

       
4
       
 
       
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICMjRM3BNkLbU57RyfUx7kOlZeBEj/NByr1PfXri82aP cardno:19 302 432

     

       
5
       
 
       


     

       
6
       
 
       
# Static devices

     

···

       
1
       
+
       
# If I had an option, I would not use ecdsa keys.

     

       
2
       
 
       
# SmartCards

     

       
3
       
 
       
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGvCpt7yWIptJ9XFBhwVIj9zR30OzkWI976B/P5+0whD cardno:13 901 056

     

       
4
       
+
       
ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBJxpXpPlPEZPfnw2mIuWJEy/C/5h1bb6pIMeFsHAICQ+lLdEkbBSeDXQuA8feLN0MJw8KaB9jqrJbYgFadV/nVA= YubiKey #19302295 PIV Slot 9a

     

       
5
       
 
       
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICMjRM3BNkLbU57RyfUx7kOlZeBEj/NByr1PfXri82aP cardno:19 302 432

     

       
6
       
 
       


     

       
7
       
 
       
# Static devices

     

···

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

···

       
1
       
+
       
remote_theme: pages-themes/leap-day@v0.2.0

     

       
2
       
+
       
plugins:

     

       
3
       
+
       
- jekyll-remote-theme # add this line to the plugins list if you already have one

     

       
4
       
+
       


     

       
5
       
+
       
title: nix-on-koumakan

     

       
6
       
+
       
show_downloads: false

     

···

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

···

       
1
       
+
       
# documentation

     

       
2
       
+
       
lmao bals

     

       
3
       
+
       


     

       
4
       
+
       
## table of contents

     

       
5
       
+
       
- [tips_n_tricks.md](./tips_n_tricks.md) Tips and tricks for nix

     

       
6
       
+
       
- [utils.md](./utils.md) _utils functions reference

     

···

       
1
       
-
       
# documentation

     

       
2
       
-
       
bals

     

       
0
       
 
       

     

       
0
       
 
       

     

       
3
       
 
       


     

       
4
       
-
       
## table of contents

     

       
5
       
-
       
- [tips_n_tricks.md](./tips_n_tricks.md) Tips and tricks for nix

     

       
6
       
-
       
- [utils.md](./utils.md) _utils functions reference 

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

···

       
1
       
+
       
# Cow

     

       
2
       
+
       
![a yak on some grass](./quaritsch-photography-1_6rJHQ2Gmw-unsplash.jpg)

     

       
3
       
+
       


     

       
4
       
+
       
*Gracefully provided by [Quaritsch Photography](https://unsplash.com/@quaritsch) on Unsplash, via https://unsplash.com/photos/1_6rJHQ2Gmw*

     

       
5
       
 
       


     

       
6
       
+
       
# NixOS Configuration

     

       
7
       
+
       
This is a bare minimum nix configuration for koumakan.

     

       
8
       
+
       


     

       
9
       
+
       
I'm still very, very new to Nix and its ecosystem so pointers to better

     

       
10
       
+
       
way of doing things are very much appreciated.

     

       
11
       
+
       


     

       
12
       
+
       
## docs

     

       
13
       
+
       
documentation and extra tips can be found [here](./docs)

     

       
14
       
+
       


     

       
15
       
+
       
couldn't find what you needed? suffer with me! see the

     

       
16
       
+
       
[How 2 Nix section in this repo.](https://github.com/hlissner/dotfiles#frequently-asked-questions)

     

       
17
       
+
       


     

       
18
       
+
       
✓✓✓✓✓✓✓✓✓✓✓✓✓✓✓✓✓✓✓✓✓✓✓✓✓✓✓✓✓✓✓✓✓✓✓✓✓✓✓✓✓✓✓✓✓✓

     

···

       
2
       
 
       
this document outlines things that i learned from various sources and some pure guesswork

     

       
3
       
 
       


     

       
4
       
 
       
> To learn Nix is to learn to suffer, and to learn the way of numbing the pain

     

       
5
       
-
       
— Cassie circa. 2023

     

       
0
       
 
       

     

       
6
       
 
       


     

       
7
       
 
       
## overriding packages

     

       
8
       
 
       
the pill confused me and i thought i had to make overlays to do overrides but no

     
···

       
147
       
 
       


     

       
148
       
 
       
just don't!!!11 remove the pkgs definition. (note that this only applies to `pkgs = import nixpkgs {};`)

     

       
149
       
 
       


     

       
150
       
-
       
### explanation

     

       
0
       
 
       

     

       
151
       
 
       
> you shouldn't ever really import nixpkgs with an empty attrset either

     

       
152
       
 
       
>

     

       
153
       
 
       
> that causes it to fall back on guessing your system using `builtins.currentSystem`,

     

       
154
       
 
       
> which is impure and so not allowed in pure evaluation mode

     

       
155
       
-
       
— \@getchoo

     

       
156
       
-
       
## Useful links

     

       
0
       
 
       

     

       
0
       
 
       

     

       
157
       
 
       


     

       
158
       
 
       
Builtin stdlib functions search engine: https://noogle.dev/

     

       
159
       
 
       


     

···

       
2
       
 
       
this document outlines things that i learned from various sources and some pure guesswork

     

       
3
       
 
       


     

       
4
       
 
       
> To learn Nix is to learn to suffer, and to learn the way of numbing the pain

     

       
5
       
+
       
>

     

       
6
       
+
       
> — Cassie circa. 2023

     

       
7
       
 
       


     

       
8
       
 
       
## overriding packages

     

       
9
       
 
       
the pill confused me and i thought i had to make overlays to do overrides but no

     
···

       
148
       
 
       


     

       
149
       
 
       
just don't!!!11 remove the pkgs definition. (note that this only applies to `pkgs = import nixpkgs {};`)

     

       
150
       
 
       


     

       
151
       
+
       
explanation

     

       
152
       
+
       


     

       
153
       
 
       
> you shouldn't ever really import nixpkgs with an empty attrset either

     

       
154
       
 
       
>

     

       
155
       
 
       
> that causes it to fall back on guessing your system using `builtins.currentSystem`,

     

       
156
       
 
       
> which is impure and so not allowed in pure evaluation mode

     

       
157
       
+
       
>

     

       
158
       
+
       
> — \@getchoo

     

       
159
       
+
       


     

       
160
       
+
       
# Useful links

     

       
161
       
 
       


     

       
162
       
 
       
Builtin stdlib functions search engine: https://noogle.dev/

     

       
163
       
 
       


     

···

       
1
       
 
       
# utility functions

     

       
2
       
 
       


     

       
3
       
 
       
## `_utils.mkVhost`

     

       
4
       
-
       
make virtual host with sensible defaults

     

       
0
       
 
       

     

       
5
       
 
       


     

       
6
       
 
       
pass in a set to override the defaults.

     

       
7
       
 
       


     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
8
       
 
       
## `_utils.mkSimpleProxy`

     

       
0
       
 
       

     

       
0
       
 
       

     

       
9
       
 
       
make a simple reverse proxy

     

       
10
       
 
       


     

       
11
       
 
       
takes a set:

     
···

       
14
       
 
       
  port,

     

       
15
       
 
       
  protocol ? "http",

     

       
16
       
 
       
  location ? "/",

     

       
17
       
-
       
  websockets ? false

     

       
0
       
 
       

     

       
18
       
 
       
}

     

       
19
       
 
       
```

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

···

       
1
       
 
       
# utility functions

     

       
2
       
 
       


     

       
3
       
 
       
## `_utils.mkVhost`

     

       
4
       
+
       
`attrset -> attrset`

     

       
5
       
+
       
make a virtual host with sensible defaults

     

       
6
       
 
       


     

       
7
       
 
       
pass in a set to override the defaults.

     

       
8
       
 
       


     

       
9
       
+
       
### Example

     

       
10
       
+
       
```nix

     

       
11
       
+
       
services.nginx.virtualHosts."balls.example" = _utils.mkVhost {};

     

       
12
       
+
       
```

     

       
13
       
+
       


     

       
14
       
 
       
## `_utils.mkSimpleProxy`

     

       
15
       
+
       
`attrset -> attrset`

     

       
16
       
+
       


     

       
17
       
 
       
make a simple reverse proxy

     

       
18
       
 
       


     

       
19
       
 
       
takes a set:

     
···

       
22
       
 
       
  port,

     

       
23
       
 
       
  protocol ? "http",

     

       
24
       
 
       
  location ? "/",

     

       
25
       
+
       
  websockets ? false,

     

       
26
       
+
       
  extraConfig ? {}

     

       
27
       
 
       
}

     

       
28
       
 
       
```

     

       
29
       
+
       


     

       
30
       
+
       
It is recommended to override/add attributes with `extraConfig` to

     

       
31
       
+
       
preserve defaults.

     

       
32
       
+
       


     

       
33
       
+
       
Items in `extraConfig` are merged verbatim to the base attrset with defaults.

     

       
34
       
+
       
They are overridden based on their order.

     

       
35
       
+
       


     

       
36
       
+
       
## `_utils.genSecrets`

     

       
37
       
+
       
`namespace[str] -> files[list[str]] -> value[attrset] -> attrset`

     

       
38
       
+
       
a

     

       
39
       
+
       
generate an attrset to be passed into sops.secrets.

     

       
40
       
+
       


     

       
41
       
+
       
### Example

     

       
42
       
+
       
```nix

     

       
43
       
+
       
{ _utils, ... }:

     

       
44
       
+
       
let

     

       
45
       
+
       
  secrets = [

     

       
46
       
+
       
    "secure_secret"

     

       
47
       
+
       
    # this is a directory structure, so secrets will be stored as a file in /run/secrets/service/test/secret.

     

       
48
       
+
       
    "service/test/secret"

     

       
49
       
+
       
  ];

     

       
50
       
+
       
in {

     

       
51
       
+
       
  sops.secrets = _utils.genSecrets "" secrets {}; # it's recommended to use a namespace, but having none is still fine.

     

       
52
       
+
       
  # -> sops.secrets."secure_secret" = {};

     

       
53
       
+
       
  #    sops.secrets."service/test/secret" = {};

     

       
54
       
+
       
  sops.secrets = _utils.genSecrets "balls" ["balls_secret"] {owner = "balls"};

     

       
55
       
+
       
  # -> sops.secrets."balls/balls_secret" = {owner = "balls";};

     

       
56
       
+
       
}

     

       
57
       
+
       
```

     

       
58
       
+
       


     

       
59
       
+
       
See https://github.com/soopyc/nix-on-koumakan/blob/b7983776143c15c91df69ef34ba4264a22047ec6/systems/koumakan/services/fedivese/akkoma.nix#L8-L34 for a more extensive example

     

···

       
119
       
 
       
        "type": "github"

     

       
120
       
 
       
      }

     

       
121
       
 
       
    },

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
122
       
 
       
    "flake-parts": {

     

       
123
       
 
       
      "inputs": {

     

       
124
       
 
       
        "nixpkgs-lib": [

     
···

       
245
       
 
       
    },

     

       
246
       
 
       
    "mystia": {

     

       
247
       
 
       
      "inputs": {

     

       
0
       
 
       

     

       
248
       
 
       
        "nixpkgs": [

     

       
249
       
 
       
          "nixpkgs"

     

       
250
       
 
       
        ]

     

       
251
       
 
       
      },

     

       
252
       
 
       
      "locked": {

     

       
253
       
-
       
        "lastModified": 1693640431,

     

       
254
       
-
       
        "narHash": "sha256-J18gekIkOmEgbZP9Veebj9/0MQZDF2YwMAlaykH/Qsk=",

     

       
255
       
 
       
        "owner": "soopyc",

     

       
256
       
 
       
        "repo": "mystia",

     

       
257
       
-
       
        "rev": "a0e49e52b8c5651340a29cf85d46b64791fb7b78",

     

       
258
       
 
       
        "type": "github"

     

       
259
       
 
       
      },

     

       
260
       
 
       
      "original": {

     
···

       
265
       
 
       
    },

     

       
266
       
 
       
    "nixpkgs": {

     

       
267
       
 
       
      "locked": {

     

       
268
       
-
       
        "lastModified": 1693639988,

     

       
269
       
-
       
        "narHash": "sha256-munyCKe2fzSPJGKz14ud3PMjDYRcsMyS3RjOj01/rNU=",

     

       
270
       
 
       
        "owner": "NixOS",

     

       
271
       
 
       
        "repo": "nixpkgs",

     

       
272
       
-
       
        "rev": "6c72c63dc8aecadc1b960cd4051268c6584b2606",

     

       
273
       
 
       
        "type": "github"

     

       
274
       
 
       
      },

     

       
275
       
 
       
      "original": {

     
···

       
310
       
 
       
        "type": "github"

     

       
311
       
 
       
      }

     

       
312
       
 
       
    },

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
313
       
 
       
    "pre-commit-hooks-nix": {

     

       
314
       
 
       
      "inputs": {

     

       
315
       
 
       
        "flake-compat": [

     
···

       
347
       
 
       
        "home-manager": "home-manager",

     

       
348
       
 
       
        "lanzaboote": "lanzaboote",

     

       
349
       
 
       
        "mystia": "mystia",

     

       
350
       
-
       
        "nixpkgs": "nixpkgs"

     

       
0
       
 
       

     

       
351
       
 
       
      }

     

       
352
       
 
       
    },

     

       
353
       
 
       
    "rust-overlay": {

     
···

       
399
       
 
       
      "original": {

     

       
400
       
 
       
        "owner": "oxalica",

     

       
401
       
 
       
        "repo": "rust-overlay",

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
402
       
 
       
        "type": "github"

     

       
403
       
 
       
      }

     

       
404
       
 
       
    },

     

···

       
119
       
 
       
        "type": "github"

     

       
120
       
 
       
      }

     

       
121
       
 
       
    },

     

       
122
       
+
       
    "flake-compat_3": {

     

       
123
       
+
       
      "flake": false,

     

       
124
       
+
       
      "locked": {

     

       
125
       
+
       
        "lastModified": 1673956053,

     

       
126
       
+
       
        "narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=",

     

       
127
       
+
       
        "owner": "edolstra",

     

       
128
       
+
       
        "repo": "flake-compat",

     

       
129
       
+
       
        "rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9",

     

       
130
       
+
       
        "type": "github"

     

       
131
       
+
       
      },

     

       
132
       
+
       
      "original": {

     

       
133
       
+
       
        "owner": "edolstra",

     

       
134
       
+
       
        "repo": "flake-compat",

     

       
135
       
+
       
        "type": "github"

     

       
136
       
+
       
      }

     

       
137
       
+
       
    },

     

       
138
       
 
       
    "flake-parts": {

     

       
139
       
 
       
      "inputs": {

     

       
140
       
 
       
        "nixpkgs-lib": [

     
···

       
261
       
 
       
    },

     

       
262
       
 
       
    "mystia": {

     

       
263
       
 
       
      "inputs": {

     

       
264
       
+
       
        "flake-compat": "flake-compat_3",

     

       
265
       
 
       
        "nixpkgs": [

     

       
266
       
 
       
          "nixpkgs"

     

       
267
       
 
       
        ]

     

       
268
       
 
       
      },

     

       
269
       
 
       
      "locked": {

     

       
270
       
+
       
        "lastModified": 1694357290,

     

       
271
       
+
       
        "narHash": "sha256-Mai5saiiuBWlQzTreLtIeUJQJN9zMH/UBIKJPOqnasM=",

     

       
272
       
 
       
        "owner": "soopyc",

     

       
273
       
 
       
        "repo": "mystia",

     

       
274
       
+
       
        "rev": "cfe783698ccd18cb27fb2e422917f14b82f7afc4",

     

       
275
       
 
       
        "type": "github"

     

       
276
       
 
       
      },

     

       
277
       
 
       
      "original": {

     
···

       
282
       
 
       
    },

     

       
283
       
 
       
    "nixpkgs": {

     

       
284
       
 
       
      "locked": {

     

       
285
       
+
       
        "lastModified": 1694237756,

     

       
286
       
+
       
        "narHash": "sha256-8T29BDnqRexwVy3jhEzIH9r7ROiF9I6ESVD0QLC6VXk=",

     

       
287
       
 
       
        "owner": "NixOS",

     

       
288
       
 
       
        "repo": "nixpkgs",

     

       
289
       
+
       
        "rev": "1a5bda2b28ea75a96dda2c349fe6d5e7864950ee",

     

       
290
       
 
       
        "type": "github"

     

       
291
       
 
       
      },

     

       
292
       
 
       
      "original": {

     
···

       
327
       
 
       
        "type": "github"

     

       
328
       
 
       
      }

     

       
329
       
 
       
    },

     

       
330
       
+
       
    "nixpkgs-stable_3": {

     

       
331
       
+
       
      "locked": {

     

       
332
       
+
       
        "lastModified": 1693675694,

     

       
333
       
+
       
        "narHash": "sha256-2pIOyQwGyy2FtFAUIb8YeKVmOCcPOTVphbAvmshudLE=",

     

       
334
       
+
       
        "owner": "NixOS",

     

       
335
       
+
       
        "repo": "nixpkgs",

     

       
336
       
+
       
        "rev": "5601118d39ca9105f8e7b39d4c221d3388c0419d",

     

       
337
       
+
       
        "type": "github"

     

       
338
       
+
       
      },

     

       
339
       
+
       
      "original": {

     

       
340
       
+
       
        "owner": "NixOS",

     

       
341
       
+
       
        "ref": "release-23.05",

     

       
342
       
+
       
        "repo": "nixpkgs",

     

       
343
       
+
       
        "type": "github"

     

       
344
       
+
       
      }

     

       
345
       
+
       
    },

     

       
346
       
 
       
    "pre-commit-hooks-nix": {

     

       
347
       
 
       
      "inputs": {

     

       
348
       
 
       
        "flake-compat": [

     
···

       
380
       
 
       
        "home-manager": "home-manager",

     

       
381
       
 
       
        "lanzaboote": "lanzaboote",

     

       
382
       
 
       
        "mystia": "mystia",

     

       
383
       
+
       
        "nixpkgs": "nixpkgs",

     

       
384
       
+
       
        "sops-nix": "sops-nix"

     

       
385
       
 
       
      }

     

       
386
       
 
       
    },

     

       
387
       
 
       
    "rust-overlay": {

     
···

       
433
       
 
       
      "original": {

     

       
434
       
 
       
        "owner": "oxalica",

     

       
435
       
 
       
        "repo": "rust-overlay",

     

       
436
       
+
       
        "type": "github"

     

       
437
       
+
       
      }

     

       
438
       
+
       
    },

     

       
439
       
+
       
    "sops-nix": {

     

       
440
       
+
       
      "inputs": {

     

       
441
       
+
       
        "nixpkgs": [

     

       
442
       
+
       
          "nixpkgs"

     

       
443
       
+
       
        ],

     

       
444
       
+
       
        "nixpkgs-stable": "nixpkgs-stable_3"

     

       
445
       
+
       
      },

     

       
446
       
+
       
      "locked": {

     

       
447
       
+
       
        "lastModified": 1693898833,

     

       
448
       
+
       
        "narHash": "sha256-OIrMAGNYNeLs6IvBynxcXub7aSW3GEUvWNsb7zx6zuU=",

     

       
449
       
+
       
        "owner": "Mic92",

     

       
450
       
+
       
        "repo": "sops-nix",

     

       
451
       
+
       
        "rev": "faf21ac162173c2deb54e5fdeed002a9bd6e8623",

     

       
452
       
+
       
        "type": "github"

     

       
453
       
+
       
      },

     

       
454
       
+
       
      "original": {

     

       
455
       
+
       
        "owner": "Mic92",

     

       
456
       
+
       
        "repo": "sops-nix",

     

       
457
       
 
       
        "type": "github"

     

       
458
       
 
       
      }

     

       
459
       
 
       
    },

     

···

       
1
       
 
       
{

     

       
2
       
 
       
  description = "Gensokyo system configurations";

     

       
3
       
 
       


     

       
4
       
-
       
  nixConfig = rec {

     

       
5
       
 
       
    extra-substituters = [

     

       
6
       
 
       
      "https://nonbunary.soopy.moe/gensokyo-global"

     

       
7
       
 
       
      "https://nonbunary.soopy.moe/gensokyo-systems"

     

       
8
       
 
       
    ];

     

       
9
       
-
       


     

       
10
       
-
       
    extra-trusted-substituters = extra-substituters;

     

       
11
       
 
       


     

       
12
       
 
       
    extra-trusted-public-keys = [

     

       
13
       
 
       
      "gensokyo-global:XiCN0D2XeSxF4urFYTprR+1Nr/5hWyydcETwZtPG6Ec="

     
···

       
34
       
 
       
      url = "github:zhaofengli/attic";

     

       
35
       
 
       
      inputs.nixpkgs.follows = "nixpkgs";

     

       
36
       
 
       
    };

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
37
       
 
       
    mystia = {

     

       
38
       
 
       
      url = "github:soopyc/mystia";

     

       
39
       
 
       
      inputs.nixpkgs.follows = "nixpkgs";

     

       
40
       
 
       
    };

     

       
41
       
 
       
  };

     

       
42
       
 
       


     

       
43
       
-
       
  outputs = { nixpkgs, home-manager, ... }@inputs:

     

       
44
       
-
       
  let

     

       
45
       
-
       
    # pkgs = import nixpkgs {};

     

       
46
       
-
       
    _utils = import ./global/utils.nix {};

     

       
0
       
 
       

     

       
0
       
 
       

     

       
47
       
 
       
    lib = nixpkgs.lib;

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
48
       
 
       
  in {

     

       
49
       
 
       
    nixosConfigurations = {

     

       
50
       
-
       
      koumakan = (import ./systems/koumakan { inherit _utils lib inputs; });

     

       
51
       
 
       
    };

     

       
52
       
 
       


     

       
53
       
-
       
    # formatter.x86_64-linux = pkgs.alejendra;

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
54
       
 
       
  };

     

       
55
       
 
       
}

     

···

       
1
       
 
       
{

     

       
2
       
 
       
  description = "Gensokyo system configurations";

     

       
3
       
 
       


     

       
4
       
+
       
  nixConfig = {

     

       
5
       
 
       
    extra-substituters = [

     

       
6
       
 
       
      "https://nonbunary.soopy.moe/gensokyo-global"

     

       
7
       
 
       
      "https://nonbunary.soopy.moe/gensokyo-systems"

     

       
8
       
 
       
    ];

     

       
0
       
 
       

     

       
0
       
 
       

     

       
9
       
 
       


     

       
10
       
 
       
    extra-trusted-public-keys = [

     

       
11
       
 
       
      "gensokyo-global:XiCN0D2XeSxF4urFYTprR+1Nr/5hWyydcETwZtPG6Ec="

     
···

       
32
       
 
       
      url = "github:zhaofengli/attic";

     

       
33
       
 
       
      inputs.nixpkgs.follows = "nixpkgs";

     

       
34
       
 
       
    };

     

       
35
       
+
       


     

       
36
       
+
       
    sops-nix = {

     

       
37
       
+
       
      url = "github:Mic92/sops-nix";

     

       
38
       
+
       
      inputs.nixpkgs.follows = "nixpkgs";

     

       
39
       
+
       
    };

     

       
40
       
+
       


     

       
41
       
 
       
    mystia = {

     

       
42
       
 
       
      url = "github:soopyc/mystia";

     

       
43
       
 
       
      inputs.nixpkgs.follows = "nixpkgs";

     

       
44
       
 
       
    };

     

       
45
       
 
       
  };

     

       
46
       
 
       


     

       
47
       
+
       
  outputs = {

     

       
48
       
+
       
    nixpkgs,

     

       
49
       
+
       
    home-manager,

     

       
50
       
+
       
    ...

     

       
51
       
+
       
  } @ inputs: let

     

       
52
       
+
       
    utils = import ./global/utils.nix;

     

       
53
       
 
       
    lib = nixpkgs.lib;

     

       
54
       
+
       


     

       
55
       
+
       
    systems = [

     

       
56
       
+
       
      "x86_64-linux"

     

       
57
       
+
       
      "aarch64-linux"

     

       
58
       
+
       
      "x86_64-darwin"

     

       
59
       
+
       
      "aarch64-darwin"

     

       
60
       
+
       
    ];

     

       
61
       
+
       
    forAllSystems = fn: lib.genAttrs systems (s: fn nixpkgs.legacyPackages.${s});

     

       
62
       
 
       
  in {

     

       
63
       
 
       
    nixosConfigurations = {

     

       
64
       
+
       
      koumakan = import ./systems/koumakan {inherit utils lib inputs;};

     

       
65
       
 
       
    };

     

       
66
       
 
       


     

       
67
       
+
       
    devShells = forAllSystems (pkgs: {

     

       
68
       
+
       
      default = pkgs.mkShell {

     

       
69
       
+
       
        packages = [

     

       
70
       
+
       
          (pkgs.python311.withPackages (p: [p.requests]))

     

       
71
       
+
       
        ];

     

       
72
       
+
       
      };

     

       
73
       
+
       
    });

     

       
74
       
+
       


     

       
75
       
+
       
    formatter.x86_64-linux = nixpkgs.legacyPackages.x86_64-linux.alejandra;

     

       
76
       
 
       
  };

     

       
77
       
 
       
}

     

···

       
1
       
-
       
{ pkgs, ... }:

     

       
2
       
-
       
{

     

       
3
       
 
       
  imports = [

     

       
4
       
 
       
    ./upgrade-diff.nix

     

       
0
       
 
       

     

       
5
       
 
       
  ];

     

       
6
       
 
       
  # Set default i18n configuration

     

       
7
       
 
       
  i18n.defaultLocale = "en_US.UTF-8";

     
···

       
10
       
 
       
    keyMap = "us";

     

       
11
       
 
       
  };

     

       
12
       
 
       


     

       
13
       
-
       
  # # Enable crash dumps globally

     

       
14
       
-
       
  # boot.crashDump = {

     

       
15
       
-
       
  #   enable = true;

     

       
16
       
-
       
  #   reservedMemory = "128M";

     

       
17
       
-
       
  # };

     

       
18
       
 
       


     

       
19
       
 
       
  # Lock root account

     

       
20
       
-
       
  users.users.root.shell = pkgs.shadow;  # basically /bin/nologin

     

       
21
       
 
       
}

     

···

       
1
       
+
       
{pkgs, ...}: {

     

       
0
       
 
       

     

       
2
       
 
       
  imports = [

     

       
3
       
 
       
    ./upgrade-diff.nix

     

       
4
       
+
       
    ./system

     

       
5
       
 
       
  ];

     

       
6
       
 
       
  # Set default i18n configuration

     

       
7
       
 
       
  i18n.defaultLocale = "en_US.UTF-8";

     
···

       
10
       
 
       
    keyMap = "us";

     

       
11
       
 
       
  };

     

       
12
       
 
       


     

       
13
       
+
       
  time.timeZone = "Asia/Hong_Kong";

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
14
       
 
       


     

       
15
       
 
       
  # Lock root account

     

       
16
       
+
       
  users.users.root.shell = pkgs.shadow; # basically /bin/nologin

     

       
17
       
 
       
}

     

···

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

···

       
1
       
+
       
inputs:

     

       
2
       
+
       
with inputs; [

     

       
3
       
+
       
  mystia.overlays.default

     

       
4
       
+
       
  attic.overlays.default

     

       
5
       
+
       
]

     

···

       
1
       
-
       
{ pkgs, ... }:

     

       
2
       
-
       
{

     

       
3
       
 
       
  environment.systemPackages = with pkgs; [

     

       
4
       
 
       
    luajit

     

       
5
       
 
       
    binutils

     

···

       
1
       
+
       
{pkgs, ...}: {

     

       
0
       
 
       

     

       
2
       
 
       
  environment.systemPackages = with pkgs; [

     

       
3
       
 
       
    luajit

     

       
4
       
 
       
    binutils

     

···

       
1
       
-
       
{ ... }: 

     

       
2
       
-
       
{

     

       
3
       
 
       
  imports = [

     

       
4
       
 
       
    ./nix.nix

     

       
5
       
 
       
    ./editors.nix

     

···

       
1
       
+
       
{...}: {

     

       
0
       
 
       

     

       
2
       
 
       
  imports = [

     

       
3
       
 
       
    ./nix.nix

     

       
4
       
 
       
    ./editors.nix

     

···

       
1
       
-
       
{ pkgs, ... }:

     

       
2
       
-
       


     

       
3
       
-
       
{

     

       
4
       
 
       
  programs.neovim = {

     

       
5
       
 
       
    enable = true;

     

       
6
       
 
       
    defaultEditor = true;

     

···

       
1
       
+
       
{...}: {

     

       
0
       
 
       

     

       
0
       
 
       

     

       
2
       
 
       
  programs.neovim = {

     

       
3
       
 
       
    enable = true;

     

       
4
       
 
       
    defaultEditor = true;

     

···

       
1
       
-
       
{ pkgs, ... }:

     

       
2
       
-
       


     

       
3
       
-
       
{

     

       
4
       
-
       
  environment.systemPackages = with pkgs; [ gnupg pinentry ];

     

       
5
       
 
       


     

       
6
       
 
       
  programs.gnupg.agent.enable = true;

     

       
7
       
 
       
  # ideally this should be set automatically but in case that doesn't work

     

···

       
1
       
+
       
{pkgs, ...}: {

     

       
2
       
+
       
  environment.systemPackages = with pkgs; [gnupg pinentry];

     

       
0
       
 
       

     

       
0
       
 
       

     

       
3
       
 
       


     

       
4
       
 
       
  programs.gnupg.agent.enable = true;

     

       
5
       
 
       
  # ideally this should be set automatically but in case that doesn't work

     

···

       
1
       
-
       
{ pkgs, ... }:

     

       
2
       
-
       


     

       
3
       
-
       
{

     

       
4
       
 
       
  # Miscellaneous packages that do not have an option.

     

       
5
       
 
       
  # It is recommended to use packages.<package>.enable when possible.

     

       
6
       
 
       


     
···

       
19
       
 
       
    nvd

     

       
20
       
 
       
    just

     

       
21
       
 
       


     

       
0
       
 
       

     

       
22
       
 
       
    git-crypt

     

       
23
       
 
       
  ];

     

       
24
       
 
       


     

···

       
1
       
+
       
{pkgs, ...}: {

     

       
0
       
 
       

     

       
0
       
 
       

     

       
2
       
 
       
  # Miscellaneous packages that do not have an option.

     

       
3
       
 
       
  # It is recommended to use packages.<package>.enable when possible.

     

       
4
       
 
       


     
···

       
17
       
 
       
    nvd

     

       
18
       
 
       
    just

     

       
19
       
 
       


     

       
20
       
+
       
    attic

     

       
21
       
 
       
    git-crypt

     

       
22
       
 
       
  ];

     

       
23
       
 
       


     

···

       
1
       
-
       
{ pkgs, ... }: 

     

       
2
       
-
       


     

       
3
       
-
       
{

     

       
4
       
 
       
  programs.tmux = {

     

       
5
       
 
       
    enable = true;

     

       
6
       
 
       
    newSession = true;

     

···

       
1
       
+
       
{pkgs, ...}: {

     

       
0
       
 
       

     

       
0
       
 
       

     

       
2
       
 
       
  programs.tmux = {

     

       
3
       
 
       
    enable = true;

     

       
4
       
 
       
    newSession = true;

     

···

       
1
       
-
       
{ pkgs, ... }:

     

       
2
       
-
       


     

       
3
       
 
       
# some items are sourced from https://jackson.dev/post/nix-reasonable-defaults/

     

       
4
       
 
       
{

     

       
5
       
 
       
  nix.settings = {

     

       
6
       
 
       
    experimental-features = [

     

       
7
       
 
       
      "nix-command"

     

       
8
       
 
       
      "flakes"

     

       
0
       
 
       

     

       
9
       
 
       
    ];

     

       
10
       
 
       


     

       
11
       
 
       
    substituters = [

     

       
12
       
-
       
      "https://nonbunary.soopy.moe/gensokyo-systems"

     

       
13
       
-
       
      "https://nonbunary.soopy.moe/gensokyo-global"

     

       
14
       
 
       
    ];

     

       
15
       
 
       


     

       
16
       
 
       
    trusted-substituters = [

     

       
17
       
-
       
      "https://nonbunary.soopy.moe/gensokyo-systems"

     

       
18
       
-
       
      "https://nonbunary.soopy.moe/gensokyo-global"

     

       
19
       
 
       
    ];

     

       
20
       
 
       


     

       
21
       
 
       
    trusted-public-keys = [

     

···

       
1
       
+
       
{pkgs, ...}:

     

       
0
       
 
       

     

       
2
       
 
       
# some items are sourced from https://jackson.dev/post/nix-reasonable-defaults/

     

       
3
       
 
       
{

     

       
4
       
 
       
  nix.settings = {

     

       
5
       
 
       
    experimental-features = [

     

       
6
       
 
       
      "nix-command"

     

       
7
       
 
       
      "flakes"

     

       
8
       
+
       
      "repl-flake"

     

       
9
       
 
       
    ];

     

       
10
       
 
       


     

       
11
       
 
       
    substituters = [

     

       
12
       
+
       
      "https://nonbunary.soopy.moe/gensokyo-systems/"

     

       
13
       
+
       
      "https://nonbunary.soopy.moe/gensokyo-global/"

     

       
14
       
 
       
    ];

     

       
15
       
 
       


     

       
16
       
 
       
    trusted-substituters = [

     

       
17
       
+
       
      "https://nonbunary.soopy.moe/gensokyo-systems/"

     

       
18
       
+
       
      "https://nonbunary.soopy.moe/gensokyo-global/"

     

       
19
       
 
       
    ];

     

       
20
       
 
       


     

       
21
       
 
       
    trusted-public-keys = [

     

···

       
1
       
-
       
{ ... }: 

     

       
2
       
-
       
{

     

       
3
       
 
       
  programs.git = {

     

       
4
       
 
       
    enable = true;

     

       
5
       
 
       
    config = {

     

···

       
1
       
+
       
{...}: {

     

       
0
       
 
       

     

       
2
       
 
       
  programs.git = {

     

       
3
       
 
       
    enable = true;

     

       
4
       
 
       
    config = {

     

···

       
1
       
-
       
{ pkgs, ... }:

     

       
2
       
-
       


     

       
3
       
-
       
{

     

       
4
       
 
       
  users.defaultUserShell = pkgs.zsh;

     

       
5
       
 
       
  programs.zsh = {

     

       
6
       
 
       
    enable = true;

     

···

       
1
       
+
       
{pkgs, ...}: {

     

       
0
       
 
       

     

       
0
       
 
       

     

       
2
       
 
       
  users.defaultUserShell = pkgs.zsh;

     

       
3
       
 
       
  programs.zsh = {

     

       
4
       
 
       
    enable = true;

     

···

       
1
       
-
       
{ pkgs, ... }:

     

       
2
       
-
       


     

       
3
       
-
       
{

     

       
4
       
 
       
  # Enable the OpenSSH daemon.

     

       
5
       
 
       
  services.openssh = {

     

       
6
       
 
       
    enable = true;

     

···

       
1
       
+
       
{...}: {

     

       
0
       
 
       

     

       
0
       
 
       

     

       
2
       
 
       
  # Enable the OpenSSH daemon.

     

       
3
       
 
       
  services.openssh = {

     

       
4
       
 
       
    enable = true;

     

···

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

···

       
1
       
+
       
{...}: {

     

       
2
       
+
       
  imports = [

     

       
3
       
+
       
    ./firmware.nix

     

       
4
       
+
       
  ];

     

       
5
       
+
       
}

     

···

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

···

       
1
       
+
       
{...}: {

     

       
2
       
+
       
  hardware.enableRedistributableFirmware = true;

     

       
3
       
+
       
  services.fwupd.enable = true;

     

       
4
       
+
       
}
     

···

       
1
       
 
       
# Thank you https://github.com/luishfonseca/dotfiles/blob/ab7625ec406b48493eda701911ad1cd017ce5bc1/modules/upgrade-diff.nix

     

       
2
       
-
       


     

       
3
       
-
       
{ pkgs, ... }: {

     

       
4
       
 
       
  system.activationScripts.diff = {

     

       
5
       
 
       
    supportsDryActivation = true;

     

       
6
       
 
       
    text = ''

     

···

       
1
       
 
       
# Thank you https://github.com/luishfonseca/dotfiles/blob/ab7625ec406b48493eda701911ad1cd017ce5bc1/modules/upgrade-diff.nix

     

       
2
       
+
       
{pkgs, ...}: {

     

       
0
       
 
       

     

       
3
       
 
       
  system.activationScripts.diff = {

     

       
4
       
 
       
    supportsDryActivation = true;

     

       
5
       
 
       
    text = ''

     

···

       
1
       
 
       
# see /docs/utils.md for a usage guide

     

       
2
       
-
       


     

       
3
       
-
       
{ ... }:

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
4
       
 
       


     

       
5
       
-
       
# let

     

       
6
       
-
       
  # lib = pkgs.lib;

     

       
7
       
-
       
# in

     

       
8
       
-
       
rec {

     

       
9
       
-
       
  mkVhost = opts: {

     

       
10
       
-
       
    # ideally mkOverride/mkDefault would be used, but i have 0 idea how it works.

     

       
11
       
-
       
    forceSSL = true;

     

       
12
       
-
       
    useACMEHost = "global.c.soopy.moe";

     

       
13
       
-
       
    kTLS = true;

     

       
14
       
-
       
  } // opts;

     

       
0
       
 
       

     

       
15
       
 
       


     

       
16
       
 
       
  mkSimpleProxy = {

     

       
17
       
 
       
    port,

     

       
18
       
 
       
    protocol ? "http",

     

       
19
       
 
       
    location ? "/",

     

       
20
       
-
       
    websockets ? false

     

       
21
       
-
       
  }: mkVhost {

     

       
22
       
-
       
    locations."${location}" = {

     

       
23
       
-
       
      proxyPass = "${protocol}://localhost:${toString port}";

     

       
24
       
-
       
      proxyWebsockets = websockets;

     

       
25
       
-
       
    };

     

       
26
       
-
       
  };

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
27
       
 
       
}

     

···

       
1
       
 
       
# see /docs/utils.md for a usage guide

     

       
2
       
+
       
{

     

       
3
       
+
       
  inputs,

     

       
4
       
+
       
  system,

     

       
5
       
+
       
  ...

     

       
6
       
+
       
}: let

     

       
7
       
+
       
  lib = inputs.nixpkgs.lib;

     

       
8
       
+
       
in rec {

     

       
9
       
+
       
  mkVhost = opts:

     

       
10
       
+
       
    lib.mkMerge [

     

       
11
       
+
       
      {

     

       
12
       
+
       
        forceSSL = lib.mkDefault true;

     

       
13
       
+
       
        useACMEHost = lib.mkDefault "global.c.soopy.moe";

     

       
14
       
+
       
        kTLS = lib.mkDefault true;

     

       
15
       
 
       


     

       
16
       
+
       
        locations."/_cgi/error/" = {

     

       
17
       
+
       
          alias = "${inputs.mystia.packages.${system}.staticly}/nginx_error_pages/";

     

       
18
       
+
       
        };

     

       
19
       
+
       
        extraConfig = ''

     

       
20
       
+
       
          error_page 503 /_cgi/error/503.html;

     

       
21
       
+
       
          error_page 502 /_cgi/error/502.html;

     

       
22
       
+
       
          error_page 404 /_cgi/error/404.html;

     

       
23
       
+
       
        '';

     

       
24
       
+
       
      }

     

       
25
       
+
       
      opts

     

       
26
       
+
       
    ];

     

       
27
       
 
       


     

       
28
       
 
       
  mkSimpleProxy = {

     

       
29
       
 
       
    port,

     

       
30
       
 
       
    protocol ? "http",

     

       
31
       
 
       
    location ? "/",

     

       
32
       
+
       
    websockets ? false,

     

       
33
       
+
       
    extraConfig ? {},

     

       
34
       
+
       
  }:

     

       
35
       
+
       
    mkVhost (lib.mkMerge [

     

       
36
       
+
       
      extraConfig

     

       
37
       
+
       
      {

     

       
38
       
+
       
        locations."${location}" = {

     

       
39
       
+
       
          proxyPass = "${protocol}://localhost:${toString port}";

     

       
40
       
+
       
          proxyWebsockets = websockets;

     

       
41
       
+
       
        };

     

       
42
       
+
       
      }

     

       
43
       
+
       
    ]);

     

       
44
       
+
       


     

       
45
       
+
       
  genSecrets = namespace: files: value:

     

       
46
       
+
       
    lib.genAttrs (

     

       
47
       
+
       
      map (x: namespace + lib.optionalString (lib.stringLength namespace != 0) "/" + x) files

     

       
48
       
+
       
    ) (_: value);

     

       
49
       
 
       
}

     

···

       
1
       
 
       
# friendship ended with Makefile

     

       
2
       
 
       
# I LOVE justFILE!!!!!!

     

       
3
       
 
       


     

       
4
       
-
       
default: build

     

       
0
       
 
       

     

       
0
       
 
       

     

       
5
       
 
       


     

       
0
       
 
       

     

       
6
       
 
       
test:

     

       
7
       
 
       
	nixos-rebuild test --flake .#

     

       
8
       
 
       


     

       
9
       
-
       
build:

     

       
10
       
-
       
	nixos-rebuild build --flake .#

     

       
11
       
-
       


     

       
12
       
 
       
switch:

     

       
13
       
 
       
	nixos-rebuild switch --flake .#

     

       
14
       
 
       


     

       
0
       
 
       

     

       
15
       
 
       
utils recipe="list":

     

       
16
       
 
       
  @echo "Running utils/{{recipe}}"

     

       
17
       
 
       
  @cd utils && just {{recipe}}

     

       
18
       
 
       


     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
19
       
 
       
ebuild system:

     

       
20
       
 
       
  nix build -j8 .#nixosConfigurations."{{system}}".config.system.build.toplevel

     

···

       
1
       
 
       
# friendship ended with Makefile

     

       
2
       
 
       
# I LOVE justFILE!!!!!!

     

       
3
       
 
       


     

       
4
       
+
       
# build the current configuration

     

       
5
       
+
       
build:

     

       
6
       
+
       
	nixos-rebuild build --flake .#

     

       
7
       
 
       


     

       
8
       
+
       
# build and test the configuration, but don't switch

     

       
9
       
 
       
test:

     

       
10
       
 
       
	nixos-rebuild test --flake .#

     

       
11
       
 
       


     

       
12
       
+
       
# switch to the current configuration

     

       
0
       
 
       

     

       
0
       
 
       

     

       
13
       
 
       
switch:

     

       
14
       
 
       
	nixos-rebuild switch --flake .#

     

       
15
       
 
       


     

       
16
       
+
       
# run utility programs

     

       
17
       
 
       
utils recipe="list":

     

       
18
       
 
       
  @echo "Running utils/{{recipe}}"

     

       
19
       
 
       
  @cd utils && just {{recipe}}

     

       
20
       
 
       


     

       
21
       
+
       
# update an input in the flake lockfile

     

       
22
       
+
       
update-input input:

     

       
23
       
+
       
  nix flake lock --update-input {{input}}

     

       
24
       
+
       


     

       
25
       
+
       
# build the flake on a non-nixos platform

     

       
26
       
 
       
ebuild system:

     

       
27
       
 
       
  nix build -j8 .#nixosConfigurations."{{system}}".config.system.build.toplevel

     

···

       
1
       
-
       
[]

     

···

       
0
       
 
       

     

···

       
1
       
-
       
{ ... }:

     

       
2
       
-
       


     

       
3
       
-
       
{

     

       
4
       
 
       
  imports = [

     

       
5
       
 
       
    ./global.nix

     

       
6
       
 
       
    ./postgresql.nix

     

       
0
       
 
       

     

       
7
       
 
       
  ];

     

       
8
       
 
       


     

       
9
       
 
       
  security.acme = {

     
···

       
11
       
 
       
      # == lego Configuration ==

     

       
12
       
 
       
      credentialsFile = "/etc/lego/desec";

     

       
13
       
 
       
      dnsProvider = "desec";

     

       
14
       
-
       
      # In an more ideal world we would have an eddsa algo here but oh well

     

       
15
       
-
       
      keyType = "ec256";  # Ensure we use ec keys

     

       
16
       
 
       


     

       
17
       
 
       
      dnsResolver = "8.8.8.8:53";

     

       
18
       
 
       


     

···

       
1
       
+
       
{...}: {

     

       
0
       
 
       

     

       
0
       
 
       

     

       
2
       
 
       
  imports = [

     

       
3
       
 
       
    ./global.nix

     

       
4
       
 
       
    ./postgresql.nix

     

       
5
       
+
       
    ./fediverse.nix

     

       
6
       
 
       
  ];

     

       
7
       
 
       


     

       
8
       
 
       
  security.acme = {

     
···

       
10
       
 
       
      # == lego Configuration ==

     

       
11
       
 
       
      credentialsFile = "/etc/lego/desec";

     

       
12
       
 
       
      dnsProvider = "desec";

     

       
13
       
+
       
      # In a more ideal world we would have an eddsa algo here but oh well

     

       
14
       
+
       
      keyType = "ec256"; # Ensure we use ec keys

     

       
15
       
 
       


     

       
16
       
 
       
      dnsResolver = "8.8.8.8:53";

     

       
17