commit 5648fe3686b35a627e1243bfbf6652aac155ff27 Author: Aleksandr Date: Sun Sep 22 11:34:06 2024 +0300 Initial commit diff --git a/.sops.yaml b/.sops.yaml new file mode 100644 index 0000000..0527d0e --- /dev/null +++ b/.sops.yaml @@ -0,0 +1,8 @@ +keys: + - &master age1emnd8nmqzfzeavkzcsk3drn65xky22af6r5wxwvm2k067kkt4adsqxyv2u + +creation_rules: + - path_regex: secrets/[^/]+\.(yaml|json|env|ini)$ + key_groups: + - age: + - *master diff --git a/flake.lock b/flake.lock new file mode 100644 index 0000000..9ab68f6 --- /dev/null +++ b/flake.lock @@ -0,0 +1,86 @@ +{ + "nodes": { + "home-manager": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1726985855, + "narHash": "sha256-NJPGK030Y3qETpWBhj9oobDQRbXdXOPxtu+YgGvZ84o=", + "owner": "nix-community", + "repo": "home-manager", + "rev": "04213d1ce4221f5d9b40bcee30706ce9a91d148d", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "home-manager", + "type": "github" + } + }, + "nixpkgs": { + "locked": { + "lastModified": 1726755586, + "narHash": "sha256-PmUr/2GQGvFTIJ6/Tvsins7Q43KTMvMFhvG6oaYK+Wk=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "c04d5652cfa9742b1d519688f65d1bbccea9eb7e", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs-stable": { + "locked": { + "lastModified": 1725762081, + "narHash": "sha256-vNv+aJUW5/YurRy1ocfvs4q/48yVESwlC/yHzjkZSP8=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "dc454045f5b5d814e5862a6d057e7bb5c29edc05", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "release-24.05", + "repo": "nixpkgs", + "type": "github" + } + }, + "root": { + "inputs": { + "home-manager": "home-manager", + "nixpkgs": "nixpkgs", + "sops-nix": "sops-nix" + } + }, + "sops-nix": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ], + "nixpkgs-stable": "nixpkgs-stable" + }, + "locked": { + "lastModified": 1726524647, + "narHash": "sha256-qis6BtOOBBEAfUl7FMHqqTwRLB61OL5OFzIsOmRz2J4=", + "owner": "Mic92", + "repo": "sops-nix", + "rev": "e2d404a7ea599a013189aa42947f66cede0645c8", + "type": "github" + }, + "original": { + "owner": "Mic92", + "repo": "sops-nix", + "type": "github" + } + } + }, + "root": "root", + "version": 7 +} diff --git a/flake.nix b/flake.nix new file mode 100644 index 0000000..7d03911 --- /dev/null +++ b/flake.nix @@ -0,0 +1,43 @@ +{ + description = "Nero"; + + inputs = { + nixpkgs.url = "github:nixos/nixpkgs?ref=nixos-unstable"; + sops-nix = { + url = "github:Mic92/sops-nix"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + home-manager = { + url = "github:nix-community/home-manager"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + + # hyprland = { + # url = "github:hyprwm/Hyprland?submodules=1"; + # inputs.nixpkgs.follows = "nixpkgs"; + # }; + }; + + outputs = { + nixpkgs, + sops-nix, + home-manager, + ... + }@inputs: { + nixosConfigurations.lil-maid = nixpkgs.lib.nixosSystem { + system = "x86_64-linux"; + + modules = [ + sops-nix.nixosModules.sops + home-manager.nixosModules.home-manager + + ./m + ./lil-maid + ]; + + specialArgs = { + inherit inputs; + }; + }; + }; +} diff --git a/lil-maid/default.nix b/lil-maid/default.nix new file mode 100644 index 0000000..21ec314 --- /dev/null +++ b/lil-maid/default.nix @@ -0,0 +1,35 @@ +{ + maid = { + sys = { + enable = true; + hostname = "lil-maid"; + }; + masters.nero.enable = true; + + sops = { + enable = true; + + viendesu.enable = true; + work.enable = true; + }; + + ly.enable = true; + firefox.enable = true; + vpn.hft.enable = true; + + unfree = [ + "obsidian" + "slack" + "discord" + ]; + }; + + imports = [ + ./modules + + ./hw.nix + ./fs.nix + ]; + + system.stateVersion = "24.05"; +} diff --git a/lil-maid/fs.nix b/lil-maid/fs.nix new file mode 100644 index 0000000..8192311 --- /dev/null +++ b/lil-maid/fs.nix @@ -0,0 +1,22 @@ +{ + fileSystems = { + "/" = + { device = "/dev/disk/by-label/nixos"; + fsType = "btrfs"; + }; + "/boot" = + { device = "/dev/disk/by-label/boot"; + fsType = "vfat"; + options = [ "fmask=0077" "dmask=0077" ]; + }; + "/secrets" = + { device = "/dev/disk/by-label/secrets"; + fsType = "btrfs"; + options = [ "nofail" ]; + }; + }; + + swapDevices = + [ { device = "/dev/disk/by-label/swap"; } + ]; +} diff --git a/lil-maid/hw.nix b/lil-maid/hw.nix new file mode 100644 index 0000000..d3babae --- /dev/null +++ b/lil-maid/hw.nix @@ -0,0 +1,27 @@ +{ pkgs, config, lib, modulesPath, ... }: +{ + imports = + [ (modulesPath + "/installer/scan/not-detected.nix") + ]; + + systemd.tmpfiles.settings = { + "10-secrets" = { + "/secrets".v = { + user = "nero"; + mode = "0760"; + }; + }; + }; + + boot.kernelPackages = pkgs.linuxPackages_latest; + boot.kernelModules = [ "btusb" "kvm-amd" ]; + + boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "thunderbolt" "usb_storage" "sd_mod" ]; + boot.initrd.kernelModules = [ "amdgpu" ]; + boot.extraModulePackages = [ ]; + + networking.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} diff --git a/lil-maid/modules/boot.nix b/lil-maid/modules/boot.nix new file mode 100644 index 0000000..d39e4ca --- /dev/null +++ b/lil-maid/modules/boot.nix @@ -0,0 +1,4 @@ +{ + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; +} diff --git a/lil-maid/modules/default.nix b/lil-maid/modules/default.nix new file mode 100644 index 0000000..be74459 --- /dev/null +++ b/lil-maid/modules/default.nix @@ -0,0 +1,7 @@ +{ + imports = [ + ./boot.nix + ./social.nix + ./stash.nix + ]; +} diff --git a/lil-maid/modules/social.nix b/lil-maid/modules/social.nix new file mode 100644 index 0000000..5efbadd --- /dev/null +++ b/lil-maid/modules/social.nix @@ -0,0 +1,16 @@ +{ pkgs, ... }: +{ + environment.systemPackages = with pkgs; [ + # Slack + slack + + # Telegram + telegram-desktop + + # Discord + (discord.override { + withOpenASAR = true; + withVencord = true; + }) + ]; +} diff --git a/lil-maid/modules/stash.nix b/lil-maid/modules/stash.nix new file mode 100644 index 0000000..3eccb9f --- /dev/null +++ b/lil-maid/modules/stash.nix @@ -0,0 +1,6 @@ +{ pkgs, ... }: +{ + environment.systemPackages = with pkgs; [ + obsidian + ]; +} diff --git a/m/default.nix b/m/default.nix new file mode 100644 index 0000000..e5d5c78 --- /dev/null +++ b/m/default.nix @@ -0,0 +1,14 @@ +{ + imports = [ + ./sops.nix + ./hypr.nix + ./ly.nix + ./sys.nix + ./unfree.nix + ./firefox.nix + ./home + ./vpn + + ./masters + ]; +} diff --git a/m/firefox.nix b/m/firefox.nix new file mode 100644 index 0000000..fd093ae --- /dev/null +++ b/m/firefox.nix @@ -0,0 +1,13 @@ +{ config, lib, ... }: +let + firefox = config.maid.firefox; +in +{ + options.maid.firefox = { + enable = lib.mkEnableOption "firefox"; + }; + + config.programs.firefox = lib.mkIf firefox.enable { + enable = true; + }; +} diff --git a/m/home/default.nix b/m/home/default.nix new file mode 100644 index 0000000..fe534d5 --- /dev/null +++ b/m/home/default.nix @@ -0,0 +1,14 @@ +{ config, lib, ... }: +let + hm = config.maid.hm; +in +{ + options.maid.hm = { + enable = lib.mkEnableOption "home-manager"; + }; + + config.home-manager = lib.mkIf hm.enable { + useGlobalPkgs = true; + useUserPackages = true; + }; +} diff --git a/m/home/helix/default.nix b/m/home/helix/default.nix new file mode 100644 index 0000000..200e7c1 --- /dev/null +++ b/m/home/helix/default.nix @@ -0,0 +1,28 @@ +{ pkgs, ... }: +let + sonokai = import themes/sonokai; + langs = (import ./langs) pkgs; +in +{ + programs.helix = { + enable = true; + + settings = { + theme = "sonokai-andromeda"; + editor.cursor-shape = { + normal = "block"; + insert = "bar"; + select = "underline"; + }; + }; + + languages = { + language-server.rust-analyzer.config = { + rust.analyzerTargetDir = true; + }; + }; + themes = { + sonokai-andromeda = sonokai "andromeda"; + }; + }; +} diff --git a/m/home/helix/langs/default.nix b/m/home/helix/langs/default.nix new file mode 100644 index 0000000..c309441 --- /dev/null +++ b/m/home/helix/langs/default.nix @@ -0,0 +1,15 @@ +{ pkgs, ... }: +rec { + use = name: (import ./${"${name}.nix"}) pkgs; + combine = lhs: rhs: { + lsp = (lhs.lsp or {}) // (rhs.lsp or {}); + entries = (lhs.entries or []) ++ (rhs.entries or []); + }; + + intoHelixFormat = cfg: { + language-server = cfg.lsp; + language = cfg.entries; + }; + useMany = langs: builtins.foldl' combine {} (map use langs); +} + diff --git a/m/home/helix/langs/nix.nix b/m/home/helix/langs/nix.nix new file mode 100644 index 0000000..93a51a3 --- /dev/null +++ b/m/home/helix/langs/nix.nix @@ -0,0 +1,15 @@ +{ pkgs, ... }: +{ + lsp.nixd = { + command = "${pkgs.nixd}/bin/nixd"; + }; + entries = [{ + name = "Nix"; + scope = "source.nix"; + injection-regex = "nix"; + file-types = ["nix"]; + comment-tokens = "#"; + indent = { tab-width = 2; unit = " "; }; + language-servers = [ "nixd" ]; + }]; +} diff --git a/m/home/helix/themes/sonokai/default.nix b/m/home/helix/themes/sonokai/default.nix new file mode 100644 index 0000000..898563c --- /dev/null +++ b/m/home/helix/themes/sonokai/default.nix @@ -0,0 +1,179 @@ +palette: +{ + "attribute" = "purple"; + "comment" = "grey"; + "constant" = "purple"; + "constant.character.escape" = "orange"; + "constant.numeric" = "purple"; + "constructor" = "blue"; + "diagnostic" = { "underlined" = { "style" = "line"; }; }; + "diagnostic.error" = { + "underline" = { + "color" = "red"; + "style" = "curl"; + }; + }; + "diagnostic.hint" = { + "underline" = { + "color" = "blue"; + "style" = "dotted"; + }; + }; + "diagnostic.info" = { + "underline" = { + "color" = "green"; + "style" = "dotted"; + }; + }; + "diagnostic.warning" = { + "underline" = { + "color" = "yellow"; + "style" = "curl"; + }; + }; + "diff.delta" = "orange"; + "diff.minus" = "red"; + "diff.plus" = "green"; + "error" = "red"; + "function" = "green"; + "function.builtin" = "blue"; + "function.macro" = "purple"; + "hint" = "blue"; + "info" = "green"; + "keyword" = "red"; + "keyword.directive" = "purple"; + "label" = "orange"; + "markup.bold" = { "modifiers" = [ "bold" ]; }; + "markup.heading.1" = { + "fg" = "red"; + "modifiers" = [ "bold" ]; + }; + "markup.heading.2" = { + "fg" = "orange"; + "modifiers" = [ "bold" ]; + }; + "markup.heading.3" = { + "fg" = "yellow"; + "modifiers" = [ "bold" ]; + }; + "markup.heading.4" = { + "fg" = "green"; + "modifiers" = [ "bold" ]; + }; + "markup.heading.5" = { + "fg" = "blue"; + "modifiers" = [ "bold" ]; + }; + "markup.heading.6" = { + "fg" = "fg"; + "modifiers" = [ "bold" ]; + }; + "markup.heading.marker" = "grey"; + "markup.italic" = { "modifiers" = [ "italic" ]; }; + "markup.link.text" = "purple"; + "markup.link.url" = { + "fg" = "blue"; + "modifiers" = [ "underlined" ]; + }; + "markup.list" = "red"; + "markup.quote" = "grey"; + "markup.raw" = "green"; + "module" = "blue"; + "namespace" = "blue"; + "operator" = "orange"; + "punctuation" = "grey"; + "punctuation.bracket" = "fg"; + "punctuation.delimiter" = "grey"; + "special" = "orange"; + "string" = "yellow"; + "string.regexp" = "orange"; + "tag" = "yellow"; + "type" = "blue"; + "ui.background" = { "bg" = "bg0"; }; + "ui.background.separator" = "grey"; + "ui.bufferline" = { + "bg" = "bg1"; + "fg" = "grey"; + }; + "ui.bufferline.active" = { + "bg" = "bg4"; + "fg" = "fg"; + "modifiers" = [ "bold" ]; + }; + "ui.cursor" = { + "bg" = "fg"; + "fg" = "bg0"; + }; + "ui.cursor.insert" = { + "bg" = "grey"; + "fg" = "black"; + }; + "ui.cursor.match" = { + "bg" = "diff_yellow"; + "fg" = "orange"; + }; + "ui.cursor.select" = { + "bg" = "blue"; + "fg" = "bg0"; + }; + "ui.cursorline.primary" = { "bg" = "bg1"; }; + "ui.cursorline.secondary" = { "bg" = "bg1"; }; + "ui.help" = { + "bg" = "bg2"; + "fg" = "fg"; + }; + "ui.linenr" = "grey"; + "ui.linenr.selected" = "fg"; + "ui.menu" = { + "bg" = "bg3"; + "fg" = "fg"; + }; + "ui.menu.selected" = { + "bg" = "green"; + "fg" = "bg0"; + }; + "ui.popup" = { + "bg" = "bg2"; + "fg" = "grey"; + }; + "ui.selection" = { "bg" = "bg4"; }; + "ui.statusline" = { + "bg" = "bg3"; + "fg" = "fg"; + }; + "ui.statusline.inactive" = { + "bg" = "bg1"; + "fg" = "grey"; + }; + "ui.statusline.insert" = { + "bg" = "yellow"; + "fg" = "bg0"; + "modifiers" = [ "bold" ]; + }; + "ui.statusline.normal" = { + "bg" = "fg"; + "fg" = "bg0"; + "modifiers" = [ "bold" ]; + }; + "ui.statusline.select" = { + "bg" = "blue"; + "fg" = "bg0"; + "modifiers" = [ "bold" ]; + }; + "ui.text" = "fg"; + "ui.text.focus" = "green"; + "ui.virtual.indent-guide" = { "fg" = "bg4"; }; + "ui.virtual.ruler" = { "bg" = "bg2"; }; + "ui.virtual.whitespace" = { "fg" = "bg4"; }; + "ui.window" = { + "bg" = "bg0"; + "fg" = "grey"; + }; + "variable" = "fg"; + "variable.builtin" = "orange"; + "variable.other.member" = "fg"; + "variable.parameter" = "fg"; + "warning" = "yellow"; + + palette = import (./. + "/palettes/${palette}.nix"); +} diff --git a/m/home/helix/themes/sonokai/palettes/andromeda.nix b/m/home/helix/themes/sonokai/palettes/andromeda.nix new file mode 100644 index 0000000..bc0453e --- /dev/null +++ b/m/home/helix/themes/sonokai/palettes/andromeda.nix @@ -0,0 +1,25 @@ +{ + black = "#181a1c"; + bg0 = "#2b2d3a"; + bg1 = "#333648"; + bg2 = "#363a4e"; + bg3 = "#393e53"; + bg4 = "#3f445b"; + bg_red = "#ff6188"; + diff_red = "#55393d"; + bg_green = "#a9dc76"; + diff_green = "#394634"; + bg_blue = "#77d5f0"; + diff_blue = "#354157"; + diff_yellow = "#4e432f"; + fg = "#e1e3e4"; + red = "#fb617e"; + orange = "#f89860"; + yellow = "#edc763"; + green = "#9ed06c"; + cyan = "#ef9062"; # added for compatibility with `edge` scheme + blue = "#6dcae8"; + purple = "#bb97ee"; + grey = "#7e8294"; + grey_dim = "#5a5e7a"; +} diff --git a/m/hypr.nix b/m/hypr.nix new file mode 100644 index 0000000..c8b5b8d --- /dev/null +++ b/m/hypr.nix @@ -0,0 +1,15 @@ +{ lib, config, inputs, pkgs, ... }: +let + hypr = config.maid.hypr; +in +{ + options.maid.hypr = { + enable = lib.mkEnableOption "hyprland"; + }; + + config.programs.hyprland = lib.mkIf hypr.enable { + enable = true; + package = inputs.hyprland.packages.${pkgs.stdenv.hostPlatform.system}.hyprland; + portalPackage = inputs.hyprland.packages.${pkgs.stdenv.hostPlatform.system}.xdg-desktop-portal-hyprland; + }; +} diff --git a/m/ly.nix b/m/ly.nix new file mode 100644 index 0000000..4ce0861 --- /dev/null +++ b/m/ly.nix @@ -0,0 +1,13 @@ +{ lib, config, ... }: +let + ly = config.maid.ly; +in +{ + options.maid.ly = { + enable = lib.mkEnableOption "ly"; + }; + + config.services.displayManager.ly = lib.mkIf ly.enable { + enable = true; + }; +} diff --git a/m/masters/default.nix b/m/masters/default.nix new file mode 100644 index 0000000..7e53ed6 --- /dev/null +++ b/m/masters/default.nix @@ -0,0 +1,5 @@ +{ + imports = [ + ./nero.nix + ]; +} diff --git a/m/masters/nero.nix b/m/masters/nero.nix new file mode 100644 index 0000000..8989720 --- /dev/null +++ b/m/masters/nero.nix @@ -0,0 +1,38 @@ +{ lib, config, ... }: +let + types = lib.types; + masters = config.maid.masters; + hm = config.maid.hm; + + mkUser = name: { + enable = lib.mkEnableOption name; + override = lib.mkOption { + type = types.attrs; + default = {}; + }; + }; +in +{ + options.maid.masters = { + nero = mkUser "nero"; + }; + + config = lib.mkIf masters.nero.enable { + sops.secrets."users/nero/passwordHash" = { + neededForUsers = true; + sopsFile = ../../secrets/users.yaml; + }; + + home-manager.users.nero = lib.mkIf hm.enable (import nero/home.nix); + + users.users.nero = { + isNormalUser = true; + uid = 1337; + hashedPasswordFile = config.sops.secrets."users/nero/passwordHash".path; + + openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBaWnT7mpLERhm3zIWglNy094a7F7d7cpEImLZYwwWoS nero@lil-maid" + ]; + } // masters.nero.override; + }; +} diff --git a/m/masters/nero/home.nix b/m/masters/nero/home.nix new file mode 100644 index 0000000..84e13ea --- /dev/null +++ b/m/masters/nero/home.nix @@ -0,0 +1,20 @@ +{ pkgs, ... }: +{ + imports = []; + + home.username = "nero"; + home.homeDirectory = "/home/nero"; + home.stateVersion = "24.05"; + + home.file = { + ".cargo/config.toml" = { + text = '' + [net] + git-fetch-with-cli = true + + [target.x86_64-unknown-linux-gnu] + rustflags = ["-C", "link-arg=--ld-path=${pkgs.mold}/bin/mold"] + ''; + }; + }; +} diff --git a/m/sops.nix b/m/sops.nix new file mode 100644 index 0000000..b58b31d --- /dev/null +++ b/m/sops.nix @@ -0,0 +1,28 @@ +{ lib, config, ... }: +let + sops = config.maid.sops; +in +{ + options.maid.sops = { + enable = lib.mkEnableOption "sops"; + + work.enable = lib.mkEnableOption "work secrets"; + viendesu.enable = lib.mkEnableOption "VienDesu!"; + }; + + config.sops = lib.mkIf sops.enable { + age.keyFile = "/var/lib/sops-nix/key.txt"; + + secrets = lib.mkMerge [ + (lib.mkIf sops.viendesu.enable { + "viendesu/shadowsocks/gneg".sopsFile = ../secrets/viendesu.yaml; + "viendesu/shadowsocks/yor".sopsFile = ../secrets/viendesu.yaml; + }) + (lib.mkIf sops.work.enable { + "work/ovpn".sopsFile = ../secrets/work.yaml; + "work/password".sopsFile = ../secrets/work.yaml; + "work/shadowsocks".sopsFile = ../secrets/work.yaml; + }) + ]; + }; +} diff --git a/m/sys.nix b/m/sys.nix new file mode 100644 index 0000000..a99e2d9 --- /dev/null +++ b/m/sys.nix @@ -0,0 +1,22 @@ +{ lib, config, ... }: +let + types = lib.types; + sys = config.maid.sys; +in +{ + options.maid.sys = { + enable = lib.mkEnableOption "whole maid system"; + tz = lib.mkOption { + type = types.str; + default = "Europe/Moscow"; + }; + hostname = lib.mkOption { + type = types.str; + }; + }; + + config = lib.mkIf sys.enable { + time.timeZone = sys.tz; + networking.hostName = sys.hostname; + }; +} diff --git a/m/unfree.nix b/m/unfree.nix new file mode 100644 index 0000000..3f88750 --- /dev/null +++ b/m/unfree.nix @@ -0,0 +1,14 @@ +{ config, lib, ... }: +let + unfree = config.maid.unfree; + types = lib.types; +in +{ + options.maid.unfree = lib.mkOption { + type = types.listOf types.str; + description = "unfree software list"; + default = []; + }; + + config.nixpkgs.config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) config.maid.unfree; +} diff --git a/m/vpn/default.nix b/m/vpn/default.nix new file mode 100644 index 0000000..c22db59 --- /dev/null +++ b/m/vpn/default.nix @@ -0,0 +1,5 @@ +{ + imports = [ + ./hft.nix + ]; +} diff --git a/m/vpn/hft.nix b/m/vpn/hft.nix new file mode 100644 index 0000000..7c84cfc --- /dev/null +++ b/m/vpn/hft.nix @@ -0,0 +1,39 @@ +{ pkgs, lib, config, ... }: +let + types = lib.types; + hft = config.maid.vpn.hft; +in +{ + options.maid.vpn.hft = { + enable = lib.mkEnableOption "OpenVPN HFT"; + autoStart = lib.mkOption { + type = types.bool; + default = false; + description = "Whether to start VPN on system start"; + }; + }; + + config = lib.mkIf hft.enable { + services.openvpn.servers.hft = { + autoStart = hft.autoStart; + updateResolvConf = true; + + config = '' + config ${config.sops.secrets."work/ovpn".path} + askpass ${config.sops.secrets."work/password".path} + ''; + }; + + systemd.services.hft-shadowsocks = { + wantedBy = [ "openvpn-hft.service" ]; + partOf = [ "openvpn-hft.service" ]; + after = [ "network.target" ]; + + description = "Shadowsocks to bypass OpenVPN block"; + serviceConfig = { + Type = "simple"; + ExecStart = ''${pkgs.shadowsocks-rust}/bin/sslocal --config ${config.sops.secrets."work/shadowsocks".path}''; + }; + }; + }; +} diff --git a/secrets/users.yaml b/secrets/users.yaml new file mode 100644 index 0000000..1beef97 --- /dev/null +++ b/secrets/users.yaml @@ -0,0 +1,23 @@ +users: + nero: + passwordHash: ENC[AES256_GCM,data:VFfZsI+sPny7xN7LYjawjocvDj7pmnxsor1WqdxJcrtnM5MYm75WArDZTmfRP/f68S5tflkNJ/RH7s/f9Xr3nHUDb8pYyMrSQA==,iv:wTpo+QaV0tbUgk1/2AO9yKn8DQz2VuQpIMxYdgDYmcM=,tag:Dn+0EJSEksBzcj2V+9ENjA==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1emnd8nmqzfzeavkzcsk3drn65xky22af6r5wxwvm2k067kkt4adsqxyv2u + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBPTUJTY0tsWkFIeFlCN2Vv + TEJuWWpmQXZsL0VQOUxISFF3YzhqSjlZUkR3CmpiQlpOalY0cUlZQ2t2bjRXcTEx + cDREVzZQRlNvWGtJK251cUNPUlZleXcKLS0tIFc1Z0YxTlJHYVdaVVVXOGNQblNx + SGoweUZaK203Y1dXTG9SSWpUNXh0R1EKhRBaSxtt1LTvO9FTRICd9ubl1x+Gw+6R + q/uAYA5XeRozYGjshCe8Zs92LYXMCnoE1I5HQvV9ZsrtpFQOtXbOFA== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2024-09-22T06:59:55Z" + mac: ENC[AES256_GCM,data:aqx36OmpS7LBHvj/jXk4dgvYUB1zl53Iy8EuwiAXxB71rQi1BSCOIENB9d6tJT39VIHpic94AiQk9MWmiMK+xgaMW40gkL4FxnnSLUXonpCZmQzmjcex6a9z0q/7fi3Udv03SuTxhO+myBvRJHgIgcbwpiC4Fy9GLAwbPTJFzb8=,iv:/l3b0l/B94glcoGN1VdBy8PuuBtanJj4FrmCKTpC7Vo=,tag:kRkiQ9W9fcdkhpQJplUxMQ==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.9.0 diff --git a/secrets/viendesu.yaml b/secrets/viendesu.yaml new file mode 100644 index 0000000..9172b02 --- /dev/null +++ b/secrets/viendesu.yaml @@ -0,0 +1,24 @@ +viendesu: + shadowsocks: + gneg: ENC[AES256_GCM,data:SL1x5cfZeOTjjUBsQpvV3LqMQC5X85DGCxK40XUCwthtNj/5/AMw+DyKMp8bYwX3uABOYOv4SCZwKW4qNI62BztOaMLPA/B4V4QuwdrMNDZYmsU4rsdoVMEhBFT9Qrkx4bNWXVz9MJwAqoxgoZ6OQ+8AsXbdaLJ1y0ohaSEg7/RbzzB0SC7ZtQeBZuPctHIHwcF5JnQIWpQk5IFJlTWldwEvhnnnrwlWOZqngIf9+uD23YwPaywSXovzPgxvtHgM,iv:29lJtDiyYC+XgLIkumGbugCvvTXp9gDiOwKRdagDEjU=,tag:fApsukDpsWa+lvOlcotndA==,type:str] + yor: ENC[AES256_GCM,data:/zvONUnhLiozdFHviuShL6RWT7nn6E4eA5PNQuC1NKtCTciZRbOmm6FfC6H6T2naxdXPQBjYV6o7IPFPcGfYXa6XseuFvtWwa7pZp1hTEjt1ah05KMswfG38fO7IhCgwqdFS2kanGKB1wLz3EvE5QNuUyeyIlUg5dOwkfmWYyy2msr6d2MSYGubul8pCwIjMMX94Kks7uvgIupYFvWbcEznC+0NrFLWY05WhVL+iSrjbLCMb884BUvIDz/i9m0AbZ2c=,iv:h6LXc+oYOn3+B6kIo45pX+w4UCMd7cas0oYwPQmrZ7o=,tag:yMsFERDJ78JmShzmIfVFmQ==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1emnd8nmqzfzeavkzcsk3drn65xky22af6r5wxwvm2k067kkt4adsqxyv2u + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBHRHNEbFRKR2xlc0piSjZt + RHpuQmtZUGc1K3ZLSkQxSnVMdXZIZ3VDTVFRCnViTkhmbkozczN6aTBsWno0V0lV + YjMyMXhncVptZEpEdVZ4Mnp3RlRLR00KLS0tIC9PaUlCSDM2cGppb3NGQkRtdlQw + N0V6Ri9xY2Fkc3JkSmVRdndZc3E5a2sKFiwkii+9vEMaObTSwwb2T7WaBH0VP0qp + DHMt9nnKfZNun9nW7PGtQwuomfJ6SHGoKwsC2rlt2UqLcETgbgPF/w== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2024-09-22T07:00:21Z" + mac: ENC[AES256_GCM,data:Z0ESKPPjvE7HRjPa9cedTnqT62tir2Y4FP1E7rPstjk+TEzo/X0XPEesmammO4f9r/UHg3+0fcODSAWi6/uwAGGt8u1ZtDIM9GoBy6zTA7lhAT6B81P4PcUfGD2tloRIOW51jTP9/Can/M/0RA5uG+FWuPbKZGwl4Quy9vLoXz8=,iv:XEcDoBgBMyrp9Q9FkCcIt8PHy8IPT5FCw3i2Sc5JUfA=,tag:cdKA6p+yACN3OCsgscRHUA==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.9.0 diff --git a/secrets/work.yaml b/secrets/work.yaml new file mode 100644 index 0000000..c79c7bb --- /dev/null +++ b/secrets/work.yaml @@ -0,0 +1,24 @@ +work: + shadowsocks: ENC[AES256_GCM,data:MW8+tI5N1N3BIbts4LvcxWsDNruebPIpDhPCcAV426s8fTQDXpUP32XU8Wl76YooJ7P1RxvCnvgTG0UgiP/MZxPkvq7Ss0DzXjxCiQ1UgWVD3fOr4OiMDrPYzxT95HAXhQigDIIz3CS42hIN/JOJvMjT1AMd8EFpgCG4AJYp5OU/+oXtdJ8XKzcJlL3HmvzTz8oAREWdrT4RrZv3RdsiqriDEX9lyCUs1KZ0nnUDEWT0BlK2H+EDXn3N8Jchtfrg/dc=,iv:BAaiHzfVIBB8TdewhByIfwNL3e1KczKMGjm8mEFm3+Y=,tag:BwAw5utafZvKRQMEn/7yNA==,type:str] + password: ENC[AES256_GCM,data:5qxuI746kcvfAGf5Xn7P,iv:cRptb0CCu/oJO54G4R/3xHTUig25VnCmpDXZeLHbBXg=,tag:gEid1MGUazHefOd2BoJhXA==,type:str] + ovpn: ENC[AES256_GCM,data:zGwTt/kzJ6JGfXHw9fhMeWcc/dpBR4d/xT/J7SoRMLEGCuBlRC0/ekYiyKnu7K8KyAIn1o2BjuiiNntTYWwxzWqWUuafapHQnNSTfnvjgM6ha+snVZ8cSepxV/oYfxAVKb4wZteSSeFiu8+KJYdnhCH4DlnSjrs9RRh09y0Lb6WVge+g8lzGMpS/fXUwwPGVbEi1kADphS4sVGPceK7sWwxm0rDnS4HNKpF/AYzNhgcaEzyC6v4AmdUJKPWeF5EpbqAzb4NvjQKDA4FbcU3MMlJ75jBHd0X9zAqTLs3+cFuy/wycEVtSbxLbU7Lor+QDMLQiZ0w1HtcAh74ljr6lLygz8rmmqrgh48TAu7z8o56cnTupLbXHRcNr9fEtz0DO+b3xUvSp4c7nxyk+bYkElnAFi73f4zKqzSMpJHWfSvw4nq9mPsQPDlsJlY84PZDGG/uOgNI7rmctesUQ7wW1qeGR9/zp9mLWJ3BPnTN0J23pvrTzPZ3R5EazqxNzGFjGZVJalvd7W/J1M9DIowaNoBoaa/OgmnFni56PtK4b1y4uK+EczKysz62PZDPdUr0/eNPOCI5uFiR/VopnKtgOEezSsJsIbhCgRce5upQuP6Zr45PiNe+9UFb8+MiPIUEEx2+h+0eGnonEBU/z6KUSPjBFYT56wGOLP0zXiQRXMmCUQ9xCOTJeLbnpGrOjmqoO/f0jA6cPPwA81ikhJP9BTSJcMkEj2CIEBIyNNG0VTdRx3z9oyiBjKeqzU8P95L0YO7sD0qopd+BCOYOedQrSfgk+1gMJ2xzFFRBMcXY595OfMzNctkOacxQAOGfCdBFUSp1rsp46eTG5LlAVyQ+KA0ZmeEvVvHCWPTV/N1y6qM4HfKy62KA7ahmMaznHFBTRMtrVAWontcNH703wj5MGNTpDSPYw6+UBhmpkZoFjSNxzv2+t/xuFBeUij5KaEUEFmQvqfhxPQRZXZa0CC5CbTd4Iwms9Z+cVGltqQqrGw7opgkj7WgpSlnpExy+hgqIS9Erv81SN6r6mLesha/kIJXl829jeFwTB7wuSJK1JX9mHhA841ZtMzWO7zYBCI39N0Fd79PXf7+yExGzM4gSkckObPpgIKsTM0tBCBqQFyaukj8PKv3xp5nIqo1pYOQAY9Lr6zhTZJi6PXGtLpRVGgTUzozS7np8ize3QzYOqiAoilVqMqRmYTGr3t3v+1ETkFKfmDW9lyHYZHuN5oAi/ymTX3iCN9aV9XvjdTY/e9TQOBfPQ7dgpvoFKVEyA4APirF3h6kwzU7eXuhTCqKmWP+wqgWGN6B6B1nb0pnZl5uWM3ed281df2mjysAtLH7cOnT6nQWFTOVs4He4mSTxwBbzLfMua8mI+huhnGM1lLOSHAlNy+J568kwFKuPV7/EHKHCngmN7po1sKKnI53eWqJoSzMgebdYTsT64rHy7HM+Nk33xxHV75SKbnh16m70jDiwKxUQsgn7xxVPpvyRjzfP7ediwAa4I543fziAWc7FZivB0/Cvo2umwFPRg1m9pzbNoEBWtGryw6s0jNB0edD99c/EMoJWv1WDrBU2TSm3KMPQ5EoFJyjszb6aW4QAPYg44Xw77Fnaaht0v57afnbHvVS8GCIXh6Rqs8PQePRKgFHg6GZLGMhMSWYMoaRXX2rQ9KIe+VQ1BilXQcocuBzL8MJktaGKSpjsZ7YXrEm57dlfyqjpckgXYA8wk7wcMyL4dsWC1nTfrPd7n0SZIXvZ+EqR37eRlC8RRFCn2KpL0KzoaoYWvhoq4pvffKYq+9KNw9yYJfqgnuxjxrg8p6izl3cgqEXV6aiDnqaDUv81yvSkspcEMO/hn4gyTgebkcm/P7YHu+aZnhxwehoGIr17uYZVye4bJATrZid5JidvadFlB4kfn4q8ZLpuQSrjrP36RCmVteFsP/BGeAjk/cubXpCe4XR3VRR3Siq6kAWXLYh7hv3N5jrr5vwkzFQvWZmy1RW7NvX2B1YBLqIYYgBf42Hn1Rft8z1bAVEjX58HFK6I+d36qaenNi35WI2M3ufJmkWVyasaDRHMwP25ysYfavSoIiW6STtHx42k11aPakBJD0lLRB3WbrOkFfqPmn87EcTeqbWLeS51eQQ1hUqxIrXdnHDhbgZE/Ke0GBcXqekVR/CTSvFBCwwvjOy6SrwyCnzPOX+Qg6s7x1yJi9Q9S9AALYdsVxOXCO/sn3OAXBLcdyP5MFS2vRvh/5vCBnEQbfRrHTHi7EWty341DseB3PZpOiBSE6A6rUcdEAT8qKxcbZRxpQja1tmdxJGjBCiweYe30bsALifggpyK+n3oxsjjcNwjFlTQ9oaWHSrMSHMEVnQ1IsPqZkcQ2JNbX3WO7+fDKktWGA5TEWoF02S2z5sacb7pRkekElm4EmIDfQsQyCsbQZZmBID5G5JHwz1X9DcyfFWsATrj/qPt3qkTPfKkJ3grn9FZGsNDEePGE7eo7gJ7bIN2s6qF6dnxxtIdRrT/3pVKzuYE1SEfSbVFfJ8KMVe20ac7LL0tKQiqj+INLTSUIQzZg9D8iYVt7mhdPEVL0uvScp2Mu0VRIi28tzqe5znMq/hYiVRbCdod6nHQUdDegFIqpwsUNBJDL/WGXSqo3coO/57JeYYsxkoR7Fge7iAG2hAgylkTfdJzpsusXqBaqxNw5rDGwkXFflv0ZQViROXUc1Yv9wfZli4M9rmC/JIyikzDyRrn+990csrCsi+jNHFXyrPvR2PPWrUYufilun/B70jz+TDJnRRTMw7bKgd26l13+rmmDZj15k98MbbYPoAVpFWwSnKdZge4Xdgp2CNn9qSYnlv5dUUBUMrboMNnQfEUSMAjSZZ44HnDuAwaRzLJsHhHBm7gF17hSdoSVeKmEcUmzLQ68wPT3ravz4z6KmHUTolSF0nqIpeu2wm9SoccRm4qBo6snxU3nkNzEiiLJz3qyLGRuUnDWHmFzSsGRCZ559+Uswe4kzQuz5YTn8hoSy9dylvCvy0pvgp4MvZsFe3N8Yven+L3hohb9s52i1MYRw3jpM+rznrzoJSVpiwOSTfCa1tK9g3XclOFdy88WZDKAh6i/VJI3cERZdXnwucFqvus3OppjiNgwEcpgVfaBcDL/cguHHFAkcj1TxGgzJ4RwmtP93+Kp3XN8+NQMV611p7SwJsXwFlOu4i5MCyMuYUBba0kDcTRyEg1OcM7ZVM7322kyTzu75C+fJDXPrL59xWHU3U9Y9Rhn1Gl1Inhy03bJ+xFp20K2dQfroAAgGf+HTwVWTFzygx5D1DLGsoH8ckdDHYTvOLexjltzxSw8aHSReXo0NfkP6qxFN4NYikzpQ5bx9FWIFL5nmHKRfBlumqyaM4OIvIhAp9kP4+xYdiVJCjzkidW2Kw33hRX7Fbu/2u0ID1pjVYmq72nyj+2+/dOebfYXvCH+rFf3v/U+KQ5F6wRLwwgJCbE28+JolirUt8PxX3+cfeskYtnZs6cEpIrmJmVqCXf9qwP2k9vFT2Bp6oS5ff2ENNiRJWBXkQWivrhS1wuZJ66XNNYa/r1W0kW9twh9vADBIHSzaZtif/SI0lYOt4Nt74Fx9ZqOWwpgmU6JrDiDVxtao5g4AZp81G4gUx6JwoS0HSi3i7/ImfrX+tZG2smjiLHoxPJYLN9uqqHF5IBkPmdlAG+1kqsjsXIgb3zLQBCjTNsd96cFgyT8lXQOGD7Hz31NDBX3FnsTyxOWNzyWpDbFSOh4VlY77eP3y3673qIJ7JPAjLyeutQ7quiqvYtVVyzWN3c1Hbuagd9tz/hl3tPfQn+B1SlSO/5KZROYBN9b4Iqslu5hE7VVPXv2by/qLCAm04daFLpHO+wzPByU02qDDoamA6wHLy8kY/z9Au4A1dm2v0BZ8+xVpbMbFGiou04AAtR/cOFECmNLQiLFaEDq3rkGFbcUXGLm8t52mnO/3FhxO0sw15o7HKRZpCDOMJuWnxjZzPu/wmqWOFh3d1jEWvU+Y6+JR9Lzf9pncLvt/9E83YijgPKVviSwFWG1gc3Ob0HDBZxizk1+cTlncLXKeKOjS65EMdtB9Mo8lcaD2BfTAwDOAK+bH6eICq0pNny95yqAv2p1aFpHqFLe9KrYELjHISl7b0J7oh3Xbwe+wcLZMWwthKkCLOufqOft4HPuCAVjQz2XPeTlc9b3,iv:FEBT6q49/pXSon8NFmPMww6t0oQiDhql4dUq/Hof4rk=,tag:LI/uE+iyFgWK1SPUf3ZiLg==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1emnd8nmqzfzeavkzcsk3drn65xky22af6r5wxwvm2k067kkt4adsqxyv2u + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB6QjhmVHpaTU1JNkFuKzhY + TVZOTVVuQ2pTYURzNXBoTGVSbVFPL2RJRlZJCmptOEw1ckhCWTFpNVc2aGhhY0Fl + aEFMSVpvbGRCckZlcEo0WEtTTHIxOTQKLS0tIG1PZUxSejJ0WGVmV0xIQVJnanpU + QzcyK0h6YldzTkYrZFJXb3YzOG9qK0EKpbeTaXm6pAgAmaUKdu9s/+VBVxzWZwmj + aditPFcdqIhgkSoRoJhBLE7S4QZ6clCmKP4gCWVHg0KgpyKaZgxOFw== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2024-09-22T07:34:53Z" + mac: ENC[AES256_GCM,data:Kml4tDRtBlBCzI4nfgheAhIT4Y6w1jhUMqrCoqcUUus96OUNOgpNQwvxFl0QcWQ2OGkZEZwyggCvmrW52ycCQ16y6W+uuDLeTp3wrkoWCexrOWu7h5boNcIaryDGn8JCpUet799wFG+FfUuSCPRbPyPw+BegpFvu+NQnRp4yLy8=,iv:cN/IKQVlCSNZrffbKfKX/FLADJTLRNBWstoo8nvJEZk=,tag:4LelM6YiZpiQfzMt4O6Qjg==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.9.0