diff --git a/.sops.yaml b/.sops.yaml index 9746bad..748cac2 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -13,7 +13,6 @@ keys: - &fw age1wq82xjyj80htz33x7agxddjfumr3wkwh3r24tasagepxw7ka893sau68df - &fw-new age12msc2c6drsaw0yk2hjlaw0q0lyq0emjx5e8rq7qc7ql689k593kqfmhss2 - &netboot age14uarclad0ty5supc8ep09793xrnwkv8a4h9j0fq8d8lc92n2dadqkf64vw - - &gpd-win4 age1ceg548u5ma6rgu3xgvd254y5xefqrdqfqhcjsjp3255q976fgd2qaua53d creation_rules: - path_regex: ^[^/]+\.yaml$ @@ -28,13 +27,6 @@ creation_rules: - *bitwarden - *dominik - *dominik2 - - path_regex: hosts/gpd-win4/[^/]+\.yaml$ - key_groups: - - age: - - *bitwarden - - *dominik - - *dominik2 - - *gpd-win4 - path_regex: hosts/fw/[^/]+\.yaml$ key_groups: - age: diff --git a/esphome/livingroom-bulb-1.yaml b/esphome/livingroom-bulb-1.yaml index 8de423e..a9b5a3f 100644 --- a/esphome/livingroom-bulb-1.yaml +++ b/esphome/livingroom-bulb-1.yaml @@ -1,43 +1,29 @@ substitutions: - name: "livingroom-bulb-1" + device_name: "livingroom-bulb-1" friendly_name: "Living Room Bulb 1" - room: "Living Room" - device_description: "athom 7w rgbcw light bulb" - project_name: "Athom Technology.Athom RGBCW Bulb" - dns_domain: ".cloonar.smart" - timezone: "" - sntp_update_interval: 6h - sntp_server_1: "0.pool.ntp.org" - sntp_server_2: "1.pool.ntp.org" - sntp_server_3: "2.pool.ntp.org" - log_level: "WARN" esphome: - name: "${name}" - friendly_name: "${friendly_name}" - comment: "${device_description}" - area: "${room}" - name_add_mac_suffix: false - min_version: 2024.6.0 - project: - name: "${project_name}" - version: "${project_version}" + name: ${device_name} + comment: ${friendly_name} + platform: ESP8266 + board: esp01_1m on_boot: - then: - - light.turn_on: - id: rgbww_light - - delay: 100ms - - light.turn_on: - id: rgbww_light - brightness: 20% - - delay: 100ms - - light.turn_on: - id: rgbww_light - red: 100% - green: 50% - blue: 0% - white: 100% - + priority: 300 + then: + - light.turn_on: + id: my_light + - delay: 100ms + - light.turn_on: + id: my_light + brightness: 20% + - delay: 100ms + - light.turn_on: + id: my_light + red: 100% + green: 50% + blue: 0% + white: 100% + interval: - interval: 15s then: @@ -46,25 +32,16 @@ interval: api.connected: # check if api connected else: - light.turn_on: - id: rgbww_light + id: my_light brightness: 100% -esp8266: - board: esp8285 - restore_from_flash: true - -preferences: - flash_write_interval: 1min - +# Enable Home Assistant API api: -ota: - - platform: esphome - logger: -mdns: - disabled: false +ota: + platform: esphome wifi: ssid: !secret wifi_ssid @@ -72,158 +49,32 @@ wifi: fast_connect: True domain: .cloonar.smart -captive_portal: - -dashboard_import: - package_import_url: github://athom-tech/athom-configs/athom-rgbww-light.yaml - -binary_sensor: - - platform: status - name: "Status" - entity_category: diagnostic - -sensor: - - platform: uptime - name: "Uptime Sensor" - id: uptime_sensor - entity_category: diagnostic - internal: true - - - platform: wifi_signal - name: "WiFi Signal dB" - id: wifi_signal_db - update_interval: 60s - entity_category: "diagnostic" - - - platform: copy - source_id: wifi_signal_db - name: "WiFi Signal Percent" - filters: - - lambda: return min(max(2 * (x + 100.0), 0.0), 100.0); - unit_of_measurement: "Signal %" - entity_category: "diagnostic" - device_class: "" - -button: - - platform: restart - name: "Restart" - entity_category: config - - - platform: factory_reset - name: "Factory Reset" - id: Reset - entity_category: config - - - platform: safe_mode - name: "Safe Mode" - internal: false - entity_category: config +light: + - platform: rgbw + id: my_light + name: ${friendly_name} + red: pwm_r + green: pwm_g + blue: pwm_b + white: pwm_w output: - platform: esp8266_pwm - id: red_output - pin: GPIO4 - min_power: 0.000499 - max_power: 1 - - platform: esp8266_pwm - id: green_output - pin: GPIO12 - min_power: 0.000499 - max_power: 1 - - platform: esp8266_pwm - id: blue_output - pin: GPIO14 - min_power: 0.000499 - max_power: 1 - - platform: esp8266_pwm - id: warm_white_output pin: GPIO13 - min_power: 0.000499 - max_power: 0.9 + frequency: 1000 Hz + id: pwm_r + + - platform: esp8266_pwm + pin: GPIO12 + frequency: 1000 Hz + id: pwm_g + + - platform: esp8266_pwm + pin: GPIO14 + frequency: 1000 Hz + id: pwm_b + - platform: esp8266_pwm - id: white_output pin: GPIO5 - min_power: 0.000499 - max_power: 0.9 - -light: - - platform: rgbww - id: rgbww_light - name: "RGBCW_Bulb" - red: red_output - green: green_output - blue: blue_output - warm_white: warm_white_output - cold_white: white_output - cold_white_color_temperature: 6000 K - warm_white_color_temperature: 3000 K - color_interlock: true - -text_sensor: - - platform: wifi_info - ip_address: - name: "IP Address" - entity_category: diagnostic - ssid: - name: "Connected SSID" - entity_category: diagnostic - mac_address: - name: "Mac Address" - entity_category: diagnostic - - # Creates a sensor showing when the device was last restarted - - platform: template - name: 'Last Restart' - id: device_last_restart - icon: mdi:clock - entity_category: diagnostic -# device_class: timestamp - - # Creates a sensor of the uptime of the device, in formatted days, hours, minutes and seconds - - platform: template - name: "Uptime" - entity_category: diagnostic - lambda: |- - int seconds = (id(uptime_sensor).state); - int days = seconds / (24 * 3600); - seconds = seconds % (24 * 3600); - int hours = seconds / 3600; - seconds = seconds % 3600; - int minutes = seconds / 60; - seconds = seconds % 60; - if ( days > 3650 ) { - return { "Starting up" }; - } else if ( days ) { - return { (String(days) +"d " + String(hours) +"h " + String(minutes) +"m "+ String(seconds) +"s").c_str() }; - } else if ( hours ) { - return { (String(hours) +"h " + String(minutes) +"m "+ String(seconds) +"s").c_str() }; - } else if ( minutes ) { - return { (String(minutes) +"m "+ String(seconds) +"s").c_str() }; - } else { - return { (String(seconds) +"s").c_str() }; - } - icon: mdi:clock-start - -time: - - platform: sntp - id: sntp_time - # Define the timezone of the device - timezone: "${timezone}" - # Change sync interval from default 5min to 6 hours (or as set in substitutions) - update_interval: ${sntp_update_interval} - # Set specific sntp servers to use - servers: - - "${sntp_server_1}" - - "${sntp_server_2}" - - "${sntp_server_3}" - # Publish the time the device was last restarted - on_time_sync: - then: - # Update last restart time, but only once. - - if: - condition: - lambda: 'return id(device_last_restart).state == "";' - then: - - text_sensor.template.publish: - id: device_last_restart - state: !lambda 'return id(sntp_time).now().strftime("%a %d %b %Y - %I:%M:%S %p");' \ No newline at end of file + frequency: 1000 Hz + id: pwm_w \ No newline at end of file diff --git a/esphome/livingroom-bulb-2.yaml b/esphome/livingroom-bulb-2.yaml index 9699e3e..0521aca 100644 --- a/esphome/livingroom-bulb-2.yaml +++ b/esphome/livingroom-bulb-2.yaml @@ -1,43 +1,29 @@ substitutions: - name: "livingroom-bulb-2" + device_name: "livingroom-bulb-2" friendly_name: "Living Room Bulb 2" - room: "Living Room" - device_description: "athom 7w rgbcw light bulb" - project_name: "Athom Technology.Athom RGBCW Bulb" - dns_domain: ".cloonar.smart" - timezone: "" - sntp_update_interval: 6h - sntp_server_1: "0.pool.ntp.org" - sntp_server_2: "1.pool.ntp.org" - sntp_server_3: "2.pool.ntp.org" - log_level: "WARN" esphome: - name: "${name}" - friendly_name: "${friendly_name}" - comment: "${device_description}" - area: "${room}" - name_add_mac_suffix: false - min_version: 2024.6.0 - project: - name: "${project_name}" - version: "${project_version}" + name: ${device_name} + comment: ${friendly_name} + platform: ESP8266 + board: esp01_1m on_boot: - then: - - light.turn_on: - id: rgbww_light - - delay: 100ms - - light.turn_on: - id: rgbww_light - brightness: 20% - - delay: 100ms - - light.turn_on: - id: rgbww_light - red: 100% - green: 50% - blue: 0% - white: 100% - + priority: 300 + then: + - light.turn_on: + id: my_light + - delay: 100ms + - light.turn_on: + id: my_light + brightness: 20% + - delay: 100ms + - light.turn_on: + id: my_light + red: 100% + green: 50% + blue: 0% + white: 100% + interval: - interval: 15s then: @@ -46,25 +32,16 @@ interval: api.connected: # check if api connected else: - light.turn_on: - id: rgbww_light + id: my_light brightness: 100% -esp8266: - board: esp8285 - restore_from_flash: true - -preferences: - flash_write_interval: 1min - +# Enable Home Assistant API api: -ota: - - platform: esphome - logger: -mdns: - disabled: false +ota: + platform: esphome wifi: ssid: !secret wifi_ssid @@ -72,158 +49,32 @@ wifi: fast_connect: True domain: .cloonar.smart -captive_portal: - -dashboard_import: - package_import_url: github://athom-tech/athom-configs/athom-rgbww-light.yaml - -binary_sensor: - - platform: status - name: "Status" - entity_category: diagnostic - -sensor: - - platform: uptime - name: "Uptime Sensor" - id: uptime_sensor - entity_category: diagnostic - internal: true - - - platform: wifi_signal - name: "WiFi Signal dB" - id: wifi_signal_db - update_interval: 60s - entity_category: "diagnostic" - - - platform: copy - source_id: wifi_signal_db - name: "WiFi Signal Percent" - filters: - - lambda: return min(max(2 * (x + 100.0), 0.0), 100.0); - unit_of_measurement: "Signal %" - entity_category: "diagnostic" - device_class: "" - -button: - - platform: restart - name: "Restart" - entity_category: config - - - platform: factory_reset - name: "Factory Reset" - id: Reset - entity_category: config - - - platform: safe_mode - name: "Safe Mode" - internal: false - entity_category: config +light: + - platform: rgbw + id: my_light + name: ${friendly_name} + red: pwm_r + green: pwm_g + blue: pwm_b + white: pwm_w output: - platform: esp8266_pwm - id: red_output - pin: GPIO4 - min_power: 0.000499 - max_power: 1 - - platform: esp8266_pwm - id: green_output - pin: GPIO12 - min_power: 0.000499 - max_power: 1 - - platform: esp8266_pwm - id: blue_output - pin: GPIO14 - min_power: 0.000499 - max_power: 1 - - platform: esp8266_pwm - id: warm_white_output pin: GPIO13 - min_power: 0.000499 - max_power: 0.9 + frequency: 1000 Hz + id: pwm_r + + - platform: esp8266_pwm + pin: GPIO12 + frequency: 1000 Hz + id: pwm_g + + - platform: esp8266_pwm + pin: GPIO14 + frequency: 1000 Hz + id: pwm_b + - platform: esp8266_pwm - id: white_output pin: GPIO5 - min_power: 0.000499 - max_power: 0.9 - -light: - - platform: rgbww - id: rgbww_light - name: "RGBCW_Bulb" - red: red_output - green: green_output - blue: blue_output - warm_white: warm_white_output - cold_white: white_output - cold_white_color_temperature: 6000 K - warm_white_color_temperature: 3000 K - color_interlock: true - -text_sensor: - - platform: wifi_info - ip_address: - name: "IP Address" - entity_category: diagnostic - ssid: - name: "Connected SSID" - entity_category: diagnostic - mac_address: - name: "Mac Address" - entity_category: diagnostic - - # Creates a sensor showing when the device was last restarted - - platform: template - name: 'Last Restart' - id: device_last_restart - icon: mdi:clock - entity_category: diagnostic -# device_class: timestamp - - # Creates a sensor of the uptime of the device, in formatted days, hours, minutes and seconds - - platform: template - name: "Uptime" - entity_category: diagnostic - lambda: |- - int seconds = (id(uptime_sensor).state); - int days = seconds / (24 * 3600); - seconds = seconds % (24 * 3600); - int hours = seconds / 3600; - seconds = seconds % 3600; - int minutes = seconds / 60; - seconds = seconds % 60; - if ( days > 3650 ) { - return { "Starting up" }; - } else if ( days ) { - return { (String(days) +"d " + String(hours) +"h " + String(minutes) +"m "+ String(seconds) +"s").c_str() }; - } else if ( hours ) { - return { (String(hours) +"h " + String(minutes) +"m "+ String(seconds) +"s").c_str() }; - } else if ( minutes ) { - return { (String(minutes) +"m "+ String(seconds) +"s").c_str() }; - } else { - return { (String(seconds) +"s").c_str() }; - } - icon: mdi:clock-start - -time: - - platform: sntp - id: sntp_time - # Define the timezone of the device - timezone: "${timezone}" - # Change sync interval from default 5min to 6 hours (or as set in substitutions) - update_interval: ${sntp_update_interval} - # Set specific sntp servers to use - servers: - - "${sntp_server_1}" - - "${sntp_server_2}" - - "${sntp_server_3}" - # Publish the time the device was last restarted - on_time_sync: - then: - # Update last restart time, but only once. - - if: - condition: - lambda: 'return id(device_last_restart).state == "";' - then: - - text_sensor.template.publish: - id: device_last_restart - state: !lambda 'return id(sntp_time).now().strftime("%a %d %b %Y - %I:%M:%S %p");' \ No newline at end of file + frequency: 1000 Hz + id: pwm_w \ No newline at end of file diff --git a/esphome/livingroom-bulb-3.yaml b/esphome/livingroom-bulb-3.yaml index a0ad908..67f29de 100644 --- a/esphome/livingroom-bulb-3.yaml +++ b/esphome/livingroom-bulb-3.yaml @@ -1,54 +1,29 @@ substitutions: - name: "livingroom-bulb-3" + device_name: "livingroom-bulb-3" friendly_name: "Living Room Bulb 3" - room: "Living Room" - device_description: "athom 7w rgbcw light bulb" - project_name: "Athom Technology.Athom RGBCW Bulb" - dns_domain: ".cloonar.smart" - timezone: "" - sntp_update_interval: 6h - sntp_server_1: "0.pool.ntp.org" - sntp_server_2: "1.pool.ntp.org" - sntp_server_3: "2.pool.ntp.org" - log_level: "WARN" - -globals: - - id: fast_boot - type: int - restore_value: yes - initial_value: '0' - - - id: restore_mode - type: int - restore_value: yes - initial_value: "1" esphome: - name: "${name}" - friendly_name: "${friendly_name}" - comment: "${device_description}" - area: "${room}" - name_add_mac_suffix: false - min_version: 2024.6.0 - project: - name: "${project_name}" - version: "${project_version}" + name: ${device_name} + comment: ${friendly_name} + platform: ESP8266 + board: esp01_1m on_boot: - then: - - light.turn_on: - id: rgbww_light - - delay: 100ms - - light.turn_on: - id: rgbww_light - brightness: 20% - - delay: 100ms - - light.turn_on: - id: rgbww_light - red: 100% - green: 50% - blue: 0% - white: 100% - + priority: 300 + then: + - light.turn_on: + id: my_light + - delay: 100ms + - light.turn_on: + id: my_light + brightness: 20% + - delay: 100ms + - light.turn_on: + id: my_light + red: 100% + green: 50% + blue: 0% + white: 100% + interval: - interval: 15s then: @@ -57,25 +32,16 @@ interval: api.connected: # check if api connected else: - light.turn_on: - id: rgbww_light + id: my_light brightness: 100% - -esp8266: - board: esp8285 - restore_from_flash: true - -preferences: - flash_write_interval: 1min - + +# Enable Home Assistant API api: -ota: - - platform: esphome - logger: -mdns: - disabled: false +ota: + platform: esphome wifi: ssid: !secret wifi_ssid @@ -83,158 +49,32 @@ wifi: fast_connect: True domain: .cloonar.smart -captive_portal: - -dashboard_import: - package_import_url: github://athom-tech/athom-configs/athom-rgbww-light.yaml - -binary_sensor: - - platform: status - name: "Status" - entity_category: diagnostic - -sensor: - - platform: uptime - name: "Uptime Sensor" - id: uptime_sensor - entity_category: diagnostic - internal: true - - - platform: wifi_signal - name: "WiFi Signal dB" - id: wifi_signal_db - update_interval: 60s - entity_category: "diagnostic" - - - platform: copy - source_id: wifi_signal_db - name: "WiFi Signal Percent" - filters: - - lambda: return min(max(2 * (x + 100.0), 0.0), 100.0); - unit_of_measurement: "Signal %" - entity_category: "diagnostic" - device_class: "" - -button: - - platform: restart - name: "Restart" - entity_category: config - - - platform: factory_reset - name: "Factory Reset" - id: Reset - entity_category: config - - - platform: safe_mode - name: "Safe Mode" - internal: false - entity_category: config +light: + - platform: rgbw + id: my_light + name: ${friendly_name} + red: pwm_r + green: pwm_g + blue: pwm_b + white: pwm_w output: - platform: esp8266_pwm - id: red_output - pin: GPIO4 - min_power: 0.000499 - max_power: 1 - - platform: esp8266_pwm - id: green_output - pin: GPIO12 - min_power: 0.000499 - max_power: 1 - - platform: esp8266_pwm - id: blue_output - pin: GPIO14 - min_power: 0.000499 - max_power: 1 - - platform: esp8266_pwm - id: warm_white_output pin: GPIO13 - min_power: 0.000499 - max_power: 0.9 + frequency: 1000 Hz + id: pwm_r + + - platform: esp8266_pwm + pin: GPIO12 + frequency: 1000 Hz + id: pwm_g + + - platform: esp8266_pwm + pin: GPIO14 + frequency: 1000 Hz + id: pwm_b + - platform: esp8266_pwm - id: white_output pin: GPIO5 - min_power: 0.000499 - max_power: 0.9 - -light: - - platform: rgbww - id: rgbww_light - name: "RGBCW_Bulb" - red: red_output - green: green_output - blue: blue_output - warm_white: warm_white_output - cold_white: white_output - cold_white_color_temperature: 6000 K - warm_white_color_temperature: 3000 K - color_interlock: true - -text_sensor: - - platform: wifi_info - ip_address: - name: "IP Address" - entity_category: diagnostic - ssid: - name: "Connected SSID" - entity_category: diagnostic - mac_address: - name: "Mac Address" - entity_category: diagnostic - - # Creates a sensor showing when the device was last restarted - - platform: template - name: 'Last Restart' - id: device_last_restart - icon: mdi:clock - entity_category: diagnostic -# device_class: timestamp - - # Creates a sensor of the uptime of the device, in formatted days, hours, minutes and seconds - - platform: template - name: "Uptime" - entity_category: diagnostic - lambda: |- - int seconds = (id(uptime_sensor).state); - int days = seconds / (24 * 3600); - seconds = seconds % (24 * 3600); - int hours = seconds / 3600; - seconds = seconds % 3600; - int minutes = seconds / 60; - seconds = seconds % 60; - if ( days > 3650 ) { - return { "Starting up" }; - } else if ( days ) { - return { (String(days) +"d " + String(hours) +"h " + String(minutes) +"m "+ String(seconds) +"s").c_str() }; - } else if ( hours ) { - return { (String(hours) +"h " + String(minutes) +"m "+ String(seconds) +"s").c_str() }; - } else if ( minutes ) { - return { (String(minutes) +"m "+ String(seconds) +"s").c_str() }; - } else { - return { (String(seconds) +"s").c_str() }; - } - icon: mdi:clock-start - -time: - - platform: sntp - id: sntp_time - # Define the timezone of the device - timezone: "${timezone}" - # Change sync interval from default 5min to 6 hours (or as set in substitutions) - update_interval: ${sntp_update_interval} - # Set specific sntp servers to use - servers: - - "${sntp_server_1}" - - "${sntp_server_2}" - - "${sntp_server_3}" - # Publish the time the device was last restarted - on_time_sync: - then: - # Update last restart time, but only once. - - if: - condition: - lambda: 'return id(device_last_restart).state == "";' - then: - - text_sensor.template.publish: - id: device_last_restart - state: !lambda 'return id(sntp_time).now().strftime("%a %d %b %Y - %I:%M:%S %p");' \ No newline at end of file + frequency: 1000 Hz + id: pwm_w \ No newline at end of file diff --git a/esphome/livingroom-bulb-4.yaml b/esphome/livingroom-bulb-4.yaml index 68c8cb5..cc99bff 100644 --- a/esphome/livingroom-bulb-4.yaml +++ b/esphome/livingroom-bulb-4.yaml @@ -1,54 +1,29 @@ substitutions: - name: "livingroom-bulb-4" + device_name: "livingroom-bulb-4" friendly_name: "Living Room Bulb 4" - room: "Living Room" - device_description: "athom 7w rgbcw light bulb" - project_name: "Athom Technology.Athom RGBCW Bulb" - dns_domain: ".cloonar.smart" - timezone: "" - sntp_update_interval: 6h - sntp_server_1: "0.pool.ntp.org" - sntp_server_2: "1.pool.ntp.org" - sntp_server_3: "2.pool.ntp.org" - log_level: "WARN" - -globals: - - id: fast_boot - type: int - restore_value: yes - initial_value: '0' - - - id: restore_mode - type: int - restore_value: yes - initial_value: "1" esphome: - name: "${name}" - friendly_name: "${friendly_name}" - comment: "${device_description}" - area: "${room}" - name_add_mac_suffix: false - min_version: 2024.6.0 - project: - name: "${project_name}" - version: "${project_version}" + name: ${device_name} + comment: ${friendly_name} + platform: ESP8266 + board: esp01_1m on_boot: - then: - - light.turn_on: - id: rgbww_light - - delay: 100ms - - light.turn_on: - id: rgbww_light - brightness: 20% - - delay: 100ms - - light.turn_on: - id: rgbww_light - red: 100% - green: 50% - blue: 0% - white: 100% - + priority: 300 + then: + - light.turn_on: + id: my_light + - delay: 100ms + - light.turn_on: + id: my_light + brightness: 20% + - delay: 100ms + - light.turn_on: + id: my_light + red: 100% + green: 50% + blue: 0% + white: 100% + interval: - interval: 15s then: @@ -57,25 +32,16 @@ interval: api.connected: # check if api connected else: - light.turn_on: - id: rgbww_light + id: my_light brightness: 100% -esp8266: - board: esp8285 - restore_from_flash: true - -preferences: - flash_write_interval: 1min - +# Enable Home Assistant API api: -ota: - - platform: esphome - logger: -mdns: - disabled: false +ota: + platform: esphome wifi: ssid: !secret wifi_ssid @@ -83,158 +49,32 @@ wifi: fast_connect: True domain: .cloonar.smart -captive_portal: - -dashboard_import: - package_import_url: github://athom-tech/athom-configs/athom-rgbww-light.yaml - -binary_sensor: - - platform: status - name: "Status" - entity_category: diagnostic - -sensor: - - platform: uptime - name: "Uptime Sensor" - id: uptime_sensor - entity_category: diagnostic - internal: true - - - platform: wifi_signal - name: "WiFi Signal dB" - id: wifi_signal_db - update_interval: 60s - entity_category: "diagnostic" - - - platform: copy - source_id: wifi_signal_db - name: "WiFi Signal Percent" - filters: - - lambda: return min(max(2 * (x + 100.0), 0.0), 100.0); - unit_of_measurement: "Signal %" - entity_category: "diagnostic" - device_class: "" - -button: - - platform: restart - name: "Restart" - entity_category: config - - - platform: factory_reset - name: "Factory Reset" - id: Reset - entity_category: config - - - platform: safe_mode - name: "Safe Mode" - internal: false - entity_category: config +light: + - platform: rgbw + id: my_light + name: ${friendly_name} + red: pwm_r + green: pwm_g + blue: pwm_b + white: pwm_w output: - platform: esp8266_pwm - id: red_output - pin: GPIO4 - min_power: 0.000499 - max_power: 1 - - platform: esp8266_pwm - id: green_output - pin: GPIO12 - min_power: 0.000499 - max_power: 1 - - platform: esp8266_pwm - id: blue_output - pin: GPIO14 - min_power: 0.000499 - max_power: 1 - - platform: esp8266_pwm - id: warm_white_output pin: GPIO13 - min_power: 0.000499 - max_power: 0.9 + frequency: 1000 Hz + id: pwm_r + + - platform: esp8266_pwm + pin: GPIO12 + frequency: 1000 Hz + id: pwm_g + + - platform: esp8266_pwm + pin: GPIO14 + frequency: 1000 Hz + id: pwm_b + - platform: esp8266_pwm - id: white_output pin: GPIO5 - min_power: 0.000499 - max_power: 0.9 - -light: - - platform: rgbww - id: rgbww_light - name: "RGBCW_Bulb" - red: red_output - green: green_output - blue: blue_output - warm_white: warm_white_output - cold_white: white_output - cold_white_color_temperature: 6000 K - warm_white_color_temperature: 3000 K - color_interlock: true - -text_sensor: - - platform: wifi_info - ip_address: - name: "IP Address" - entity_category: diagnostic - ssid: - name: "Connected SSID" - entity_category: diagnostic - mac_address: - name: "Mac Address" - entity_category: diagnostic - - # Creates a sensor showing when the device was last restarted - - platform: template - name: 'Last Restart' - id: device_last_restart - icon: mdi:clock - entity_category: diagnostic -# device_class: timestamp - - # Creates a sensor of the uptime of the device, in formatted days, hours, minutes and seconds - - platform: template - name: "Uptime" - entity_category: diagnostic - lambda: |- - int seconds = (id(uptime_sensor).state); - int days = seconds / (24 * 3600); - seconds = seconds % (24 * 3600); - int hours = seconds / 3600; - seconds = seconds % 3600; - int minutes = seconds / 60; - seconds = seconds % 60; - if ( days > 3650 ) { - return { "Starting up" }; - } else if ( days ) { - return { (String(days) +"d " + String(hours) +"h " + String(minutes) +"m "+ String(seconds) +"s").c_str() }; - } else if ( hours ) { - return { (String(hours) +"h " + String(minutes) +"m "+ String(seconds) +"s").c_str() }; - } else if ( minutes ) { - return { (String(minutes) +"m "+ String(seconds) +"s").c_str() }; - } else { - return { (String(seconds) +"s").c_str() }; - } - icon: mdi:clock-start - -time: - - platform: sntp - id: sntp_time - # Define the timezone of the device - timezone: "${timezone}" - # Change sync interval from default 5min to 6 hours (or as set in substitutions) - update_interval: ${sntp_update_interval} - # Set specific sntp servers to use - servers: - - "${sntp_server_1}" - - "${sntp_server_2}" - - "${sntp_server_3}" - # Publish the time the device was last restarted - on_time_sync: - then: - # Update last restart time, but only once. - - if: - condition: - lambda: 'return id(device_last_restart).state == "";' - then: - - text_sensor.template.publish: - id: device_last_restart - state: !lambda 'return id(sntp_time).now().strftime("%a %d %b %Y - %I:%M:%S %p");' \ No newline at end of file + frequency: 1000 Hz + id: pwm_w \ No newline at end of file diff --git a/esphome/livingroom-bulb-5.yaml b/esphome/livingroom-bulb-5.yaml index 4aec363..56f4245 100644 --- a/esphome/livingroom-bulb-5.yaml +++ b/esphome/livingroom-bulb-5.yaml @@ -1,54 +1,29 @@ substitutions: - name: "livingroom-bulb-5" + device_name: "livingroom-bulb-5" friendly_name: "Living Room Bulb 5" - room: "Living Room" - device_description: "athom 7w rgbcw light bulb" - project_name: "Athom Technology.Athom RGBCW Bulb" - dns_domain: ".cloonar.smart" - timezone: "" - sntp_update_interval: 6h - sntp_server_1: "0.pool.ntp.org" - sntp_server_2: "1.pool.ntp.org" - sntp_server_3: "2.pool.ntp.org" - log_level: "WARN" - -globals: - - id: fast_boot - type: int - restore_value: yes - initial_value: '0' - - - id: restore_mode - type: int - restore_value: yes - initial_value: "1" esphome: - name: "${name}" - friendly_name: "${friendly_name}" - comment: "${device_description}" - area: "${room}" - name_add_mac_suffix: false - min_version: 2024.6.0 - project: - name: "${project_name}" - version: "${project_version}" + name: ${device_name} + comment: ${friendly_name} + platform: ESP8266 + board: esp01_1m on_boot: - then: - - light.turn_on: - id: rgbww_light - - delay: 100ms - - light.turn_on: - id: rgbww_light - brightness: 20% - - delay: 100ms - - light.turn_on: - id: rgbww_light - red: 100% - green: 50% - blue: 0% - white: 100% - + priority: 300 + then: + - light.turn_on: + id: my_light + - delay: 100ms + - light.turn_on: + id: my_light + brightness: 20% + - delay: 100ms + - light.turn_on: + id: my_light + red: 100% + green: 50% + blue: 0% + white: 100% + interval: - interval: 15s then: @@ -57,25 +32,16 @@ interval: api.connected: # check if api connected else: - light.turn_on: - id: rgbww_light + id: my_light brightness: 100% -esp8266: - board: esp8285 - restore_from_flash: true - -preferences: - flash_write_interval: 1min - +# Enable Home Assistant API api: -ota: - - platform: esphome - logger: -mdns: - disabled: false +ota: + platform: esphome wifi: ssid: !secret wifi_ssid @@ -83,158 +49,32 @@ wifi: fast_connect: True domain: .cloonar.smart -captive_portal: - -dashboard_import: - package_import_url: github://athom-tech/athom-configs/athom-rgbww-light.yaml - -binary_sensor: - - platform: status - name: "Status" - entity_category: diagnostic - -sensor: - - platform: uptime - name: "Uptime Sensor" - id: uptime_sensor - entity_category: diagnostic - internal: true - - - platform: wifi_signal - name: "WiFi Signal dB" - id: wifi_signal_db - update_interval: 60s - entity_category: "diagnostic" - - - platform: copy - source_id: wifi_signal_db - name: "WiFi Signal Percent" - filters: - - lambda: return min(max(2 * (x + 100.0), 0.0), 100.0); - unit_of_measurement: "Signal %" - entity_category: "diagnostic" - device_class: "" - -button: - - platform: restart - name: "Restart" - entity_category: config - - - platform: factory_reset - name: "Factory Reset" - id: Reset - entity_category: config - - - platform: safe_mode - name: "Safe Mode" - internal: false - entity_category: config +light: + - platform: rgbw + id: my_light + name: ${friendly_name} + red: pwm_r + green: pwm_g + blue: pwm_b + white: pwm_w output: - platform: esp8266_pwm - id: red_output - pin: GPIO4 - min_power: 0.000499 - max_power: 1 - - platform: esp8266_pwm - id: green_output - pin: GPIO12 - min_power: 0.000499 - max_power: 1 - - platform: esp8266_pwm - id: blue_output - pin: GPIO14 - min_power: 0.000499 - max_power: 1 - - platform: esp8266_pwm - id: warm_white_output pin: GPIO13 - min_power: 0.000499 - max_power: 0.9 + frequency: 1000 Hz + id: pwm_r + + - platform: esp8266_pwm + pin: GPIO12 + frequency: 1000 Hz + id: pwm_g + + - platform: esp8266_pwm + pin: GPIO14 + frequency: 1000 Hz + id: pwm_b + - platform: esp8266_pwm - id: white_output pin: GPIO5 - min_power: 0.000499 - max_power: 0.9 - -light: - - platform: rgbww - id: rgbww_light - name: "RGBCW_Bulb" - red: red_output - green: green_output - blue: blue_output - warm_white: warm_white_output - cold_white: white_output - cold_white_color_temperature: 6000 K - warm_white_color_temperature: 3000 K - color_interlock: true - -text_sensor: - - platform: wifi_info - ip_address: - name: "IP Address" - entity_category: diagnostic - ssid: - name: "Connected SSID" - entity_category: diagnostic - mac_address: - name: "Mac Address" - entity_category: diagnostic - - # Creates a sensor showing when the device was last restarted - - platform: template - name: 'Last Restart' - id: device_last_restart - icon: mdi:clock - entity_category: diagnostic -# device_class: timestamp - - # Creates a sensor of the uptime of the device, in formatted days, hours, minutes and seconds - - platform: template - name: "Uptime" - entity_category: diagnostic - lambda: |- - int seconds = (id(uptime_sensor).state); - int days = seconds / (24 * 3600); - seconds = seconds % (24 * 3600); - int hours = seconds / 3600; - seconds = seconds % 3600; - int minutes = seconds / 60; - seconds = seconds % 60; - if ( days > 3650 ) { - return { "Starting up" }; - } else if ( days ) { - return { (String(days) +"d " + String(hours) +"h " + String(minutes) +"m "+ String(seconds) +"s").c_str() }; - } else if ( hours ) { - return { (String(hours) +"h " + String(minutes) +"m "+ String(seconds) +"s").c_str() }; - } else if ( minutes ) { - return { (String(minutes) +"m "+ String(seconds) +"s").c_str() }; - } else { - return { (String(seconds) +"s").c_str() }; - } - icon: mdi:clock-start - -time: - - platform: sntp - id: sntp_time - # Define the timezone of the device - timezone: "${timezone}" - # Change sync interval from default 5min to 6 hours (or as set in substitutions) - update_interval: ${sntp_update_interval} - # Set specific sntp servers to use - servers: - - "${sntp_server_1}" - - "${sntp_server_2}" - - "${sntp_server_3}" - # Publish the time the device was last restarted - on_time_sync: - then: - # Update last restart time, but only once. - - if: - condition: - lambda: 'return id(device_last_restart).state == "";' - then: - - text_sensor.template.publish: - id: device_last_restart - state: !lambda 'return id(sntp_time).now().strftime("%a %d %b %Y - %I:%M:%S %p");' \ No newline at end of file + frequency: 1000 Hz + id: pwm_w \ No newline at end of file diff --git a/esphome/livingroom-bulb-6.yaml b/esphome/livingroom-bulb-6.yaml index 1e86304..f42f662 100644 --- a/esphome/livingroom-bulb-6.yaml +++ b/esphome/livingroom-bulb-6.yaml @@ -1,54 +1,29 @@ substitutions: - name: "livingroom-bulb-6" + device_name: "livingroom-bulb-6" friendly_name: "Living Room Bulb 6" - room: "Living Room" - device_description: "athom 7w rgbcw light bulb" - project_name: "Athom Technology.Athom RGBCW Bulb" - dns_domain: ".cloonar.smart" - timezone: "" - sntp_update_interval: 6h - sntp_server_1: "0.pool.ntp.org" - sntp_server_2: "1.pool.ntp.org" - sntp_server_3: "2.pool.ntp.org" - log_level: "WARN" - -globals: - - id: fast_boot - type: int - restore_value: yes - initial_value: '0' - - - id: restore_mode - type: int - restore_value: yes - initial_value: "1" esphome: - name: "${name}" - friendly_name: "${friendly_name}" - comment: "${device_description}" - area: "${room}" - name_add_mac_suffix: false - min_version: 2024.6.0 - project: - name: "${project_name}" - version: "${project_version}" + name: ${device_name} + comment: ${friendly_name} + platform: ESP8266 + board: esp01_1m on_boot: - then: - - light.turn_on: - id: rgbww_light - - delay: 100ms - - light.turn_on: - id: rgbww_light - brightness: 20% - - delay: 100ms - - light.turn_on: - id: rgbww_light - red: 100% - green: 50% - blue: 0% - white: 100% - + priority: 300 + then: + - light.turn_on: + id: my_light + - delay: 100ms + - light.turn_on: + id: my_light + brightness: 20% + - delay: 100ms + - light.turn_on: + id: my_light + red: 100% + green: 50% + blue: 0% + white: 100% + interval: - interval: 15s then: @@ -57,25 +32,16 @@ interval: api.connected: # check if api connected else: - light.turn_on: - id: rgbww_light + id: my_light brightness: 100% -esp8266: - board: esp8285 - restore_from_flash: true - -preferences: - flash_write_interval: 1min - +# Enable Home Assistant API api: -ota: - - platform: esphome - logger: -mdns: - disabled: false +ota: + platform: esphome wifi: ssid: !secret wifi_ssid @@ -83,158 +49,32 @@ wifi: fast_connect: True domain: .cloonar.smart -captive_portal: - -dashboard_import: - package_import_url: github://athom-tech/athom-configs/athom-rgbww-light.yaml - -binary_sensor: - - platform: status - name: "Status" - entity_category: diagnostic - -sensor: - - platform: uptime - name: "Uptime Sensor" - id: uptime_sensor - entity_category: diagnostic - internal: true - - - platform: wifi_signal - name: "WiFi Signal dB" - id: wifi_signal_db - update_interval: 60s - entity_category: "diagnostic" - - - platform: copy - source_id: wifi_signal_db - name: "WiFi Signal Percent" - filters: - - lambda: return min(max(2 * (x + 100.0), 0.0), 100.0); - unit_of_measurement: "Signal %" - entity_category: "diagnostic" - device_class: "" - -button: - - platform: restart - name: "Restart" - entity_category: config - - - platform: factory_reset - name: "Factory Reset" - id: Reset - entity_category: config - - - platform: safe_mode - name: "Safe Mode" - internal: false - entity_category: config +light: + - platform: rgbw + id: my_light + name: ${friendly_name} + red: pwm_r + green: pwm_g + blue: pwm_b + white: pwm_w output: - platform: esp8266_pwm - id: red_output - pin: GPIO4 - min_power: 0.000499 - max_power: 1 - - platform: esp8266_pwm - id: green_output - pin: GPIO12 - min_power: 0.000499 - max_power: 1 - - platform: esp8266_pwm - id: blue_output - pin: GPIO14 - min_power: 0.000499 - max_power: 1 - - platform: esp8266_pwm - id: warm_white_output pin: GPIO13 - min_power: 0.000499 - max_power: 0.9 + frequency: 1000 Hz + id: pwm_r + + - platform: esp8266_pwm + pin: GPIO12 + frequency: 1000 Hz + id: pwm_g + + - platform: esp8266_pwm + pin: GPIO14 + frequency: 1000 Hz + id: pwm_b + - platform: esp8266_pwm - id: white_output pin: GPIO5 - min_power: 0.000499 - max_power: 0.9 - -light: - - platform: rgbww - id: rgbww_light - name: "RGBCW_Bulb" - red: red_output - green: green_output - blue: blue_output - warm_white: warm_white_output - cold_white: white_output - cold_white_color_temperature: 6000 K - warm_white_color_temperature: 3000 K - color_interlock: true - -text_sensor: - - platform: wifi_info - ip_address: - name: "IP Address" - entity_category: diagnostic - ssid: - name: "Connected SSID" - entity_category: diagnostic - mac_address: - name: "Mac Address" - entity_category: diagnostic - - # Creates a sensor showing when the device was last restarted - - platform: template - name: 'Last Restart' - id: device_last_restart - icon: mdi:clock - entity_category: diagnostic -# device_class: timestamp - - # Creates a sensor of the uptime of the device, in formatted days, hours, minutes and seconds - - platform: template - name: "Uptime" - entity_category: diagnostic - lambda: |- - int seconds = (id(uptime_sensor).state); - int days = seconds / (24 * 3600); - seconds = seconds % (24 * 3600); - int hours = seconds / 3600; - seconds = seconds % 3600; - int minutes = seconds / 60; - seconds = seconds % 60; - if ( days > 3650 ) { - return { "Starting up" }; - } else if ( days ) { - return { (String(days) +"d " + String(hours) +"h " + String(minutes) +"m "+ String(seconds) +"s").c_str() }; - } else if ( hours ) { - return { (String(hours) +"h " + String(minutes) +"m "+ String(seconds) +"s").c_str() }; - } else if ( minutes ) { - return { (String(minutes) +"m "+ String(seconds) +"s").c_str() }; - } else { - return { (String(seconds) +"s").c_str() }; - } - icon: mdi:clock-start - -time: - - platform: sntp - id: sntp_time - # Define the timezone of the device - timezone: "${timezone}" - # Change sync interval from default 5min to 6 hours (or as set in substitutions) - update_interval: ${sntp_update_interval} - # Set specific sntp servers to use - servers: - - "${sntp_server_1}" - - "${sntp_server_2}" - - "${sntp_server_3}" - # Publish the time the device was last restarted - on_time_sync: - then: - # Update last restart time, but only once. - - if: - condition: - lambda: 'return id(device_last_restart).state == "";' - then: - - text_sensor.template.publish: - id: device_last_restart - state: !lambda 'return id(sntp_time).now().strftime("%a %d %b %Y - %I:%M:%S %p");' \ No newline at end of file + frequency: 1000 Hz + id: pwm_w \ No newline at end of file diff --git a/gpd-win-4.md b/gpd-win-4.md deleted file mode 100644 index 21d01a5..0000000 --- a/gpd-win-4.md +++ /dev/null @@ -1,57 +0,0 @@ -I want a wall-mounted docking solution for my GPD Win 4, designed in OpenSCAD 2021.1. Here are the requirements and clarifications: - -Orientation & Fit - -The GPD Win 4 should be inserted upside down (top facing down), with the screen facing the wall. -It slides in from the top and is guided by side rails. -There should be a small clearance so the GPD Win 4 can be easily inserted/removed without excessive friction. -Front Rail (Lip) - -Side Rails: -The dock should have two side rails that run from top to bottom, guiding the GPD Win 4. - -The front is open for airflow. -However, there should be a small lip (front rail) on each side, running from top to bottom and connected to the side rails. This lip prevents the GPD Win 4 from falling out forward. -Back Plate / Wall Mount - -The dock has a solid back plate that mounts to the wall with two countersunk screws. -The default spacing and size of these screws can be parameterized (e.g., an M4 or M3 countersunk hole). -The back plate thickness should be sufficient for strength (e.g., 3–4 mm). -No special side or back vents are needed. -Cable Brackets - -At the bottom, back, inside the dock, there are two brackets, one for a 90° USB-C cable (standard USB-C power) and one for a 90° Oculink flat cable. -The back plate should be open where these two brackets are, so the cables can exit the dock. -Each bracket should have: -An opening on the side facing the wall, to allow the cable to pass behind (i.e., into or through the wall). -A hole for an M3 screw that presses against the cable from the side to lock it in place. -Enough space to seat a 90° connector so it points upwards to plug into the GPD Win 4. -Parametric Design - -The design should be fully parameterized in OpenSCAD, including (but not limited to) the following parameters: -device_width, device_thickness, device_length (for the GPD Win 4) -clearance_x, clearance_y, clearance_z (how much extra space around the device) -wall_plate_thickness -rail_thickness -front_rail_lip_width or front_rail_lip_thickness -wall_mount_screw_hole_diameter, wall_mount_screw_spacing (for countersunk screws) -bracket_inner_width_usbC, bracket_inner_height_usbC (for the USB-C connector dimensions) -bracket_inner_width_oculink, bracket_inner_height_oculink (for the Oculink connector dimensions) -m3_side_screw_hole_diameter (the hole that lets an M3 screw clamp the cable from the side) -Any other geometry parameters (openings for cables, bracket thickness, etc.) -Defaults - -Please choose default dimensions that accurately reflect: -Approximate GPD Win 4 size (if not exact, then close estimates). -Standard 90° USB-C and 90° Oculink connector sizes. -Typical M3 screws for cable clamps. -Countersunk holes for M3 or M4 wall screws (whichever you prefer). -Version - -This must render successfully in OpenSCAD 2021.1. -Summary - -The final output should be an OpenSCAD file that, when the parameters are set to their defaults, produces the described wall-mounted docking station for the GPD Win 4 with side rails, minimal front lip, bracket cutouts for cables, and properly sized holes for screws. - -If any additional measurements or details are needed, please ask. - diff --git a/hosts/fw/channel b/hosts/fw/channel index ced117e..425c774 100644 --- a/hosts/fw/channel +++ b/hosts/fw/channel @@ -1 +1 @@ -https://channels.nixos.org/nixos-24.11 +https://channels.nixos.org/nixos-24.05 diff --git a/hosts/fw/configuration.nix b/hosts/fw/configuration.nix index f1fa1f7..674d81d 100644 --- a/hosts/fw/configuration.nix +++ b/hosts/fw/configuration.nix @@ -26,14 +26,9 @@ ./modules/ddclient.nix # ./modules/wol.nix - # microvm ./modules/microvm.nix ./modules/gitea-vm.nix - # ./modules/vscode-server.nix # Add VS Code Server microvm - - ./modules/ai-mailer.nix - ./modules/wazuh.nix # web ./modules/web @@ -42,9 +37,6 @@ ./modules/gitea.nix ./modules/fwmetrics.nix - # ha customers - ./modules/ha-customers - # ./modules/firefox-sync.nix # home assistant @@ -78,7 +70,6 @@ nixpkgs.config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [ "mongodb" - "ai-mailer" ]; time.timeZone = "Europe/Vienna"; diff --git a/hosts/fw/modules/ai-mailer.nix b/hosts/fw/modules/ai-mailer.nix deleted file mode 100644 index 51d4e21..0000000 --- a/hosts/fw/modules/ai-mailer.nix +++ /dev/null @@ -1,100 +0,0 @@ -{ config, pkgs, ... }: - -{ - users.users.ai-mailer = { - isSystemUser = true; - group = "ai-mailer"; - home = "/var/lib/ai-mailer"; - createHome = true; - description = "AI Mailer service user"; - }; - users.groups.ai-mailer = { }; - - environment.etc."ai-mailer/config.yaml" = { - mode = "0400"; - user = "ai-mailer"; - group = "ai-mailer"; - text = '' - imap: - server: "imap.cloonar.com" - port: 993 - username: "paraclub-test@cloonar.com" - password: "file://${config.sops.secrets.ai-mailer-imap-password.path}" - mailbox_in: "INBOX" - draft_box: "Drafts" - processed_box: "INBOX/Done" - use_tls: true - - ai: - openrouter_api_key: "file://${config.sops.secrets.ai-mailer-openrouter-key.path}" - model: "deepseek/deepseek-r1-distill-llama-70b" - temperature: 0.3 - max_tokens: 100000 - - context: - urls: - - "https://paraclub.cloonar.dev/de/" - - "https://paraclub.cloonar.dev/de/tandemfallschirmspringen/alle-infos/" - - "https://paraclub.cloonar.dev/de/tandemfallschirmspringen/kosten-tandemsprung/" - - "https://paraclub.cloonar.dev/de/ueber-uns/anfahrt/" - - "https://paraclub.cloonar.dev/de/tandemfallschirmspringen/faq/" - - "https://paraclub.cloonar.dev/de/ausbildung/uebersicht/" - - "https://paraclub.cloonar.dev/de/ausbildung/aff-ablauf/" - - "https://paraclub.cloonar.dev/de/ausbildung/kurstermine/" - - "https://paraclub.cloonar.dev/de/ausbildung/anmeldung/" - - "https://paraclub.cloonar.dev/de/ausbildung/kosten/" - - polling: - interval: "30s" - - logging: - level: "info" - file_path: "/var/log/ai-mailer/ai-mailer.log" - ''; - }; - - sops.secrets.ai-mailer-imap-password = { - owner = "ai-mailer"; - }; - - sops.secrets.ai-mailer-openrouter-key = { - owner = "ai-mailer"; - }; - - systemd.services.ai-mailer = { - description = "AI Mail Assistant Service"; - after = [ "network-online.target" ]; - wants = [ "network-online.target" ]; - wantedBy = [ "multi-user.target" ]; - - serviceConfig = { - Type = "simple"; - User = "ai-mailer"; - Group = "ai-mailer"; - WorkingDirectory = "/var/lib/ai-mailer"; - ExecStart = "${pkgs.ai-mailer}/bin/ai-mailer -config /etc/ai-mailer/config.yaml"; - Restart = "always"; - RestartSec = "10s"; - StateDirectory = "ai-mailer"; - LogsDirectory = "ai-mailer"; - RuntimeDirectory = "ai-mailer"; - - # Security settings - NoNewPrivileges = true; - ProtectSystem = "strict"; - ProtectHome = true; - PrivateTmp = true; - PrivateDevices = true; - ProtectKernelTunables = true; - ProtectKernelModules = true; - ProtectControlGroups = true; - RestrictAddressFamilies = [ "AF_INET" "AF_INET6" ]; - RestrictNamespaces = true; - LockPersonality = true; - MemoryDenyWriteExecute = true; - RestrictRealtime = true; - RestrictSUIDSGID = true; - CapabilityBoundingSet = ""; - }; - }; -} diff --git a/hosts/fw/modules/ddclient.nix b/hosts/fw/modules/ddclient.nix index 8217224..eb381de 100644 --- a/hosts/fw/modules/ddclient.nix +++ b/hosts/fw/modules/ddclient.nix @@ -2,7 +2,7 @@ { services.ddclient = { enable = true; - usev4 = "if, if=wan"; + use = "if, if=wan"; protocol = "hetzner"; # server = "https://dns.hetzner.com/api/v1/"; username = "dominik.polakovics@cloonar.com"; @@ -15,7 +15,6 @@ "palworld.cloonar.com" "matrix.cloonar.com" "element.cloonar.com" - "tinder.cloonar.com" ]; }; diff --git a/hosts/fw/modules/dhcp4.nix b/hosts/fw/modules/dhcp4.nix index 8e2ec85..01f6515 100644 --- a/hosts/fw/modules/dhcp4.nix +++ b/hosts/fw/modules/dhcp4.nix @@ -22,7 +22,6 @@ renew-timer = 1000; subnet4 = [ { - id = 96; pools = [ { pool = "${config.networkPrefix}.96.100 - ${config.networkPrefix}.96.240"; @@ -68,7 +67,6 @@ } { - id = 97; pools = [ { pool = "${config.networkPrefix}.97.100 - ${config.networkPrefix}.97.240"; @@ -124,7 +122,6 @@ ]; } { - id = 101; pools = [ { pool = "${config.networkPrefix}.101.100 - ${config.networkPrefix}.101.240"; @@ -155,7 +152,6 @@ ]; } { - id = 99; pools = [ { pool = "${config.networkPrefix}.99.100 - ${config.networkPrefix}.99.240"; @@ -216,7 +212,6 @@ ]; } { - id = 254; pools = [ { pool = "${config.networkPrefix}.254.10 - ${config.networkPrefix}.254.254"; @@ -236,7 +231,6 @@ ]; } { - id = 100; pools = [ { pool = "${config.networkPrefix}.100.100 - ${config.networkPrefix}.100.240"; diff --git a/hosts/fw/modules/gitea.nix b/hosts/fw/modules/gitea.nix index 2454521..34aaaf2 100644 --- a/hosts/fw/modules/gitea.nix +++ b/hosts/fw/modules/gitea.nix @@ -84,9 +84,6 @@ in HTTP_PORT = 3001; DOMAIN = domain; }; - repository = { - DEFAULT_BRANCH = "main"; - }; openid = { ENABLE_OPENID_SIGNIN = false; ENABLE_OPENID_SIGNUP = true; @@ -97,7 +94,6 @@ in ALLOW_ONLY_EXTERNAL_REGISTRATION = true; SHOW_REGISTRATION_BUTTON = false; ENABLE_NOTIFY_MAIL = true; - REQUIRE_SIGNIN_VIEW = false; }; mailer = { ENABLED = true; diff --git a/hosts/fw/modules/ha-customers/default.nix b/hosts/fw/modules/ha-customers/default.nix deleted file mode 100644 index c255cfc..0000000 --- a/hosts/fw/modules/ha-customers/default.nix +++ /dev/null @@ -1,6 +0,0 @@ -{ config, pkgs, ... }: -{ - imports = [ - ./ghetto.nix - ]; -} diff --git a/hosts/fw/modules/ha-customers/ghetto.nix b/hosts/fw/modules/ha-customers/ghetto.nix deleted file mode 100644 index 06546cb..0000000 --- a/hosts/fw/modules/ha-customers/ghetto.nix +++ /dev/null @@ -1,29 +0,0 @@ -{ - lib, - pkgs, - ... -}: let - create_users = host: { - users.users."${host.username}.ghetto.at" = { - createHome = true; - home = "/home/customers/ghetto/" + host.username; - isNormalUser = false; - isSystemUser = true; - group = "sftp_users"; - openssh.authorizedKeys.keys = [ - host.key - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDN/2SAFm50kraB1fepAizox/QRXxB7WbqVbH+5OPalDT47VIJGNKOKhixQoqhABHxEoLxdf/C83wxlCVlPV9poLfDgVkA3Lyt5r3tSFQ6QjjOJAgchWamMsxxyGBedhKvhiEzcr/Lxytnoz3kjDG8fqQJwEpdqMmJoMUfyL2Rqp16u+FQ7d5aJtwO8EUqovhMaNO7rggjPpV/uMOg+tBxxmscliN7DLuP4EMTA/FwXVzcFNbOx3K9BdpMRAaSJt4SWcJO2cS2KHA5n/H+PQI7nz5KN3Yr/upJN5fROhi/SHvK39QOx12Pv7FCuWlc+oR68vLaoCKYhnkl3DnCfc7A7" - ]; - shell = null; - }; - }; - - users = [ - { - username = "fw"; - key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGzJRWe8hsqAVnGSjPrcheloteWMzORoQ5Gj4IfhCROF"; - } - ]; -in { - imports = builtins.map create_users users; -} diff --git a/hosts/fw/modules/home-assistant/default.nix b/hosts/fw/modules/home-assistant/default.nix index 8ae9904..b9b46ed 100644 --- a/hosts/fw/modules/home-assistant/default.nix +++ b/hosts/fw/modules/home-assistant/default.nix @@ -4,7 +4,7 @@ let pkgs-with-home-assistant = import (builtins.fetchGit { name = "new-home-assistant"; url = "https://github.com/nixos/nixpkgs/"; - rev = "18dd725c29603f582cf1900e0d25f9f1063dbf11"; + rev = "41dea55321e5a999b17033296ac05fe8a8b5a257"; }) {}; networkPrefix = config.networkPrefix; in @@ -161,7 +161,7 @@ in }; script = '' set -e - HACS_VERSION="2.0.5" # Replace with the latest version + HACS_VERSION="2.0.1" # Replace with the latest version HACS_DIR="/var/lib/hass/custom_components/hacs" mkdir -p "$HACS_DIR" diff --git a/hosts/fw/modules/home-assistant/light.nix b/hosts/fw/modules/home-assistant/light.nix index dc9e944..51edaff 100644 --- a/hosts/fw/modules/home-assistant/light.nix +++ b/hosts/fw/modules/home-assistant/light.nix @@ -140,8 +140,8 @@ entity_id = "{{ trigger.entity_id }}"; }; data = { - brightness_pct = 30; - color_temp = 450; + brightness_pct = 20; + rgbw_color = [ 255 126 0 255 ]; }; } ]; @@ -372,12 +372,12 @@ all = true; entities = [ "light.livingroom_switch" - "light.livingroom_bulb_1_rgbcw_bulb" - "light.livingroom_bulb_2_rgbcw_bulb" - "light.livingroom_bulb_3_rgbcw_bulb" - "light.livingroom_bulb_4_rgbcw_bulb" - "light.livingroom_bulb_5_rgbcw_bulb" - "light.livingroom_bulb_6_rgbcw_bulb" + "light.living_room_bulb_1" + "light.living_room_bulb_2" + "light.living_room_bulb_3" + "light.living_room_bulb_4" + "light.living_room_bulb_5" + "light.living_room_bulb_6" ]; } { diff --git a/hosts/fw/modules/home-assistant/multimedia.nix b/hosts/fw/modules/home-assistant/multimedia.nix index d864b83..9b10343 100644 --- a/hosts/fw/modules/home-assistant/multimedia.nix +++ b/hosts/fw/modules/home-assistant/multimedia.nix @@ -76,7 +76,7 @@ { service = "automation.turn_off"; target = { - entity_id = "automation.all_multimedia_off"; + entity_id = "automation.all_multimedia_off"; # Replace with your target automation ID }; } { @@ -115,7 +115,7 @@ { service = "automation.turn_on"; target = { - entity_id = "automation.all_multimedia_off"; + entity_id = "automation.all_multimedia_off"; # Replace with your target automation ID }; } ]; @@ -289,9 +289,6 @@ command = "b64:JgDaAAABKZMUERMSExITEhMSExETEhMSExITEhMSExETNxQ2ExITEhMSEzcTNxM3ExITEhM3ExITNxMSEhITEhM3EzcTEhM3EwAFyAABKJQUERMSEhITEhMSExITEhMSEhITEhMSExITNxM3ExITEhMREzcTNxQ3EhITEhM3ExITNxMSExITEhM3EzcTEhM3EwAFyAABKJQUERMSExETEhMSExITEhMSExETEhMSExITNxM3ExITEhMREzcTOBI4ExETEhM3ExITNxMSExITEhM3EzcTEhM3E5IGAA0FAAAAAAAAAAAAAAAAAAA="; }; } - { - delay = 20; - } # turn off tv switch { service = "switch.turn_off"; diff --git a/hosts/fw/modules/setupnetwork.nix b/hosts/fw/modules/setupnetwork.nix index 5c71176..de27e37 100644 --- a/hosts/fw/modules/setupnetwork.nix +++ b/hosts/fw/modules/setupnetwork.nix @@ -26,7 +26,6 @@ }; subnet4 = [ { - id = 110; pools = [ { pool = "${config.networkPrefix}.110.100 - ${config.networkPrefix}.110.240"; diff --git a/hosts/fw/modules/tinder-api.nix b/hosts/fw/modules/tinder-api.nix deleted file mode 100644 index 520cff8..0000000 --- a/hosts/fw/modules/tinder-api.nix +++ /dev/null @@ -1,84 +0,0 @@ -{ config, lib, pkgs, ... }: - -let - cfg = config.services.tinder-api-wrapper; -in { - options.services.tinder-api-wrapper = with lib; { - enable = mkEnableOption "Tinder API wrapper service"; - - port = mkOption { - type = types.port; - default = 8080; - description = "Port to listen on"; - }; - - apiEndpoint = mkOption { - type = types.str; - default = "https://api.gotinder.com"; - description = "Target Tinder API endpoint URL"; - }; - - user = mkOption { - type = types.str; - default = "tinder-api"; - description = "User account to run service."; - }; - - group = mkOption { - type = types.str; - default = "tinder-api"; - description = "Group account to run service."; - }; - }; - - config = lib.mkIf cfg.enable { - nixpkgs.overlays = [ - (self: super: { - tinder-api-wrapper = self.callPackage ../pkgs/tinder-api.nix {}; - }) - ]; - - users.users.${cfg.user} = { - isSystemUser = true; - group = cfg.group; - description = "Tinder API wrapper service user"; - }; - - users.groups.${cfg.group} = {}; - - systemd.services.tinder-api-wrapper = { - description = "Tinder API Wrapper Service"; - wantedBy = [ "multi-user.target" ]; - after = [ "network.target" ]; - - serviceConfig = { - Type = "simple"; - User = cfg.user; - Group = cfg.group; - ExecStart = "${pkgs.tinder-api-wrapper}/bin/server -listen :${toString cfg.port} -target ${cfg.apiEndpoint}"; - Restart = "always"; - RestartSec = "10"; - - # Hardening - NoNewPrivileges = true; - ProtectSystem = "strict"; - ProtectHome = true; - PrivateTmp = true; - PrivateDevices = true; - ProtectHostname = true; - ProtectClock = true; - ProtectKernelTunables = true; - ProtectKernelModules = true; - ProtectKernelLogs = true; - ProtectControlGroups = true; - RestrictAddressFamilies = [ "AF_INET" "AF_INET6" ]; - RestrictNamespaces = true; - LockPersonality = true; - MemoryDenyWriteExecute = true; - RestrictRealtime = true; - RestrictSUIDSGID = true; - RemoveIPC = true; - }; - }; - }; -} diff --git a/hosts/fw/modules/unbound.nix b/hosts/fw/modules/unbound.nix index d4f9012..83745e3 100644 --- a/hosts/fw/modules/unbound.nix +++ b/hosts/fw/modules/unbound.nix @@ -54,9 +54,6 @@ let "\"switch.cloonar.com IN A ${config.networkPrefix}.97.10\"" "\"mopidy.cloonar.com IN A ${config.networkPrefix}.97.21\"" "\"deconz.cloonar.com IN A ${config.networkPrefix}.97.22\"" - "\"wazuh-manager.cloonar.com IN A ${config.networkPrefix}.97.31\"" - "\"wazuh-indexer.cloonar.com IN A ${config.networkPrefix}.97.32\"" - "\"wazuh.cloonar.com IN A ${config.networkPrefix}.97.33\"" "\"brn30055c566237.cloonar.com IN A ${config.networkPrefix}.96.100\"" "\"snapcast.cloonar.com IN A ${config.networkPrefix}.97.21\"" "\"home-assistant.cloonar.com IN A ${config.networkPrefix}.97.20\"" @@ -64,7 +61,6 @@ let "\"matrix.cloonar.com IN A ${config.networkPrefix}.97.5\"" "\"element.cloonar.com IN A ${config.networkPrefix}.97.5\"" "\"support.cloonar.com IN A ${config.networkPrefix}.97.5\"" - "\"tinder.cloonar.com IN A ${config.networkPrefix}.97.5\"" "\"git.cloonar.com IN A ${config.networkPrefix}.97.50\"" "\"sync.cloonar.com IN A ${config.networkPrefix}.97.51\"" diff --git a/hosts/fw/modules/vscode-server.nix b/hosts/fw/modules/vscode-server.nix deleted file mode 100644 index af2c6c9..0000000 --- a/hosts/fw/modules/vscode-server.nix +++ /dev/null @@ -1,40 +0,0 @@ -{config, pkgs, lib, ...}: - -let - hostname = "vscode-server"; - unstable = import (fetchTarball "https://github.com/NixOS/nixpkgs/archive/nixos-unstable.tar.gz") { - config = config.nixpkgs.config; - system = pkgs.system; - }; -in { - microvm.vms.${hostname} = { - autostart = true; - config = { config, pkgs, ... }: { - networking.hostName = hostname; - - services.code-server = { - enable = true; - host = "0.0.0.0"; - port = 8080; - auth = "none"; - extensions = with pkgs.vscode-extensions; [ - github.copilot - ms-azuretools.vscode-docker - ]; - }; - - environment.systemPackages = [ - unstable.ddev - ]; - - # Docker is required for ddev - virtualisation.docker.enable = true; - }; - - interfaces = [{ - type = "tap"; - id = "vm-${hostname}"; - mac = "02:00:00:00:01:01"; - }]; - }; -} \ No newline at end of file diff --git a/hosts/fw/modules/wazuh.nix b/hosts/fw/modules/wazuh.nix deleted file mode 100644 index 58c1281..0000000 --- a/hosts/fw/modules/wazuh.nix +++ /dev/null @@ -1,58 +0,0 @@ -{ config, pkgs, ... }: - -{ - virtualisation.oci-containers.containers = { - # Wazuh Manager Container - wazuh-manager = { - autoStart = false; - image = "docker://wazuh/wazuh-manager:latest"; - volumes = [ - "/var/lib/wazuh:/var/ossec" - ]; - extraOptions = [ - "--network=server" - "--mac-address=10:10:00:00:00:01" - "--ip=${config.networkPrefix}.97.31" - ]; - }; - - # Wazuh Indexer Container (Elasticsearch) - wazuh-indexer = { - autoStart = false; - image = "docker://wazuh/wazuh-indexer:latest"; - volumes = [ - "/var/lib/wazuh-indexer:/usr/share/elasticsearch/data" - ]; - environment = { - "discovery.type" = "single-node"; - }; - extraOptions = [ - "--network=server" - "--mac-address=10:10:00:00:00:02" - "--ip=${config.networkPrefix}.97.32" - ]; - }; - - # Wazuh Dashboard Container (Kibana) - wazuh-dashboard = { - autoStart = false; - image = "docker://wazuh/wazuh-dashboard:latest"; - volumes = [ - "/var/lib/wazuh-indexer:/usr/share/elasticsearch/data" - ]; - environment = { - "discovery.type" = "single-node"; - }; - environment = { - # Optionally, configure to connect to the indexer/manager: - WAZUH_INDEXER_URL = "http://wazuh-indexer.cloonar.com:9200"; - WAZUH_MANAGER_URL = "http://wazuh-manager.cloonar.com:55000"; - }; - extraOptions = [ - "--network=server" - "--mac-address=10:10:00:00:00:03" - "--ip=${config.networkPrefix}.97.33" - ]; - }; - }; -} diff --git a/hosts/fw/modules/web/default.nix b/hosts/fw/modules/web/default.nix index 886f946..3fcfad8 100644 --- a/hosts/fw/modules/web/default.nix +++ b/hosts/fw/modules/web/default.nix @@ -52,13 +52,11 @@ in { ../network-prefix.nix ../../utils/modules/sops.nix ../../utils/modules/lego/lego.nix - ../../modules/tinder-api.nix # ../../utils/modules/borgbackup.nix ./zammad.nix ./proxies.nix ./matrix.nix - ./tinder-api.nix ]; networkPrefix = config.networkPrefix; diff --git a/hosts/fw/modules/web/tinder-api.nix b/hosts/fw/modules/web/tinder-api.nix deleted file mode 100644 index fec8623..0000000 --- a/hosts/fw/modules/web/tinder-api.nix +++ /dev/null @@ -1,28 +0,0 @@ -{ config, pkgs, ... }: - -{ - services.tinder-api-wrapper = { - enable = true; - port = 8080; # default port - apiEndpoint = "https://api.gotinder.com"; - }; - - services.nginx.virtualHosts."tinder.cloonar.com" = { - forceSSL = true; - enableACME = true; - acmeRoot = null; - - locations."/" = { - proxyPass = "http://127.0.0.1:8080"; - proxyWebsockets = true; - extraConfig = - "proxy_set_header X-Forwarded-Proto 'https';" + - "proxy_set_header X-Forwarded-Ssl on;" + - "proxy_connect_timeout 300;" + - "proxy_send_timeout 300;" + - "proxy_read_timeout 300;" + - "send_timeout 300;" - ; - }; - }; -} diff --git a/hosts/fw/pkgs/tinder-api.nix b/hosts/fw/pkgs/tinder-api.nix deleted file mode 100644 index 90abf1c..0000000 --- a/hosts/fw/pkgs/tinder-api.nix +++ /dev/null @@ -1,21 +0,0 @@ -{ lib, buildGoModule, fetchgit }: - -buildGoModule rec { - pname = "tinder-api-wrapper"; - version = "0.1.0"; - - src = fetchgit { - url = "https://git.cloonar.com/dominik.polakovics/tinder-api-wrapper.git"; - rev = "e99b56e4346ac4ae5c1e0747e51ff3a0259440d3"; - sha256 = "sha256-ZGuoFVaTBJcnGiToNvk+MRD+zW9IUQldbbqFVLEfkeU="; - }; - - vendorHash = null; - - meta = with lib; { - description = "Tinder API Wrapper Service"; - homepage = "https://git.cloonar.com/dominik.polakovics/tinder-api-wrapper"; - license = licenses.mit; - maintainers = with maintainers; [ /* add maintainers */ ]; - }; -} diff --git a/hosts/fw/secrets.yaml b/hosts/fw/secrets.yaml index 9f5a619..9c0f73d 100644 --- a/hosts/fw/secrets.yaml +++ b/hosts/fw/secrets.yaml @@ -7,8 +7,6 @@ wg_epicenter_works_key: ENC[AES256_GCM,data:LeLjfwfaz+loWyHYRgIMIPzHzlOnhl9tluKc wg_epicenter_works_psk: ENC[AES256_GCM,data:Den3NDWdP013Or6/2Vll1igUahuRSNW4hu+nDa5vkr93bbveQTaWFT4TD4U=,iv:r3UsD3+3lUIP2X3Grti7wpXTQBXtu1/MdrycEmpZfsI=,tag:ghbAcxmjGVOe9jCZsmFzjA==,type:str] wg_ghetto_at_key: ENC[AES256_GCM,data:OIHmoy3SpIi9aefZnZ1PzpyHbEso18ceoTULf2eQkx1rJbaxC6PD1lma7eQ=,iv:u0eFjHHOBzPTmBvBEQsYY5flcBayiAQKd6e7RyiPwJI=,tag:731C9wvv8bA5fuuQq+weVQ==,type:str] gitea-mailer-password: ENC[AES256_GCM,data:M4qCWNt1oQVJzxThIjocm2frwuVMyx+69TBpke25RwxJxEQnvHL1CM579OVroTm7+gGE/oOJqAwDIepfiDtyM1xm,iv:jayFZMbu3uDimS/rIKZSeoU0MsYwWp880iEMs1oQE4k=,tag:qGDncRkyuCWaELhcxUrqtQ==,type:str] -ai-mailer-imap-password: ENC[AES256_GCM,data:T3V9hS24fwzj1Lx2Za508fYiw8r/GmEDAaX1tGSGQCgcVfxnQ6kfncoGPEU0CGL6Vw==,iv:Z/5LxQpcWwu7U11wtXYlQ/papepm5tzgMhE2heFE7to=,tag:EESXRY7WXpus2q/vd19vbw==,type:str] -ai-mailer-openrouter-key: ENC[AES256_GCM,data:PCe8kt/M+7g087AKzYMY2H5WO4L+NGkHLsh47fMK36kz+Ju5kd/kpmM4GQcDbI3LgWm/P+T0/mv7kGGOL6KLmBFaFmGV/88cGw==,iv:ruVftGvnv+PX1Zd92tfOezpyaMbYrqCrexelyPUYFMc=,tag:z4JVUCfz/frehar6y+fOlQ==,type:str] gitea-runner: ENC[AES256_GCM,data:NYG3qRLiMjmfA+oHYBXBbxpuX2ZjB/VgvLaS7yr5kJeDN/NukB/B3OZcEfsUWgbBS5IsLENESngWTFmK4W3htN4lSqdg/g4UsUr20beNov+pbyPN05rkBYmSCZZFwZ1L9POEE4GF4LuuoNpDlWIw0mrA8oV8MoI4W5QS2IGranBTIQQaYXU5TEGYa4XMVo4oC75iuH6DIq1KD6OgFAfMhm/wlbP8CP/Iaw2K8CNPxktk93pm3OSmggf22Z4JPEnvV25sc9iBkxLkDk9FXYFys0g=,iv:UzL5ncVOC/loJwcFSG1QJHnzLp3il4Hf3qDwLWxrIlo=,tag:w0Zn/E+02KyAsPXZdOLrew==,type:str] gitea-runner-token: ENC[AES256_GCM,data:HpBjLS10w78ihbnAUrlCRGvwrXLBYKH5v/P7XggoUSWLoAazSVQArABxaK7PJas=,iv:q3Y6jV0gmug06O0EYqGVyIJ4AvMGr2ydwY17YKxo0Qw=,tag:Ws5HLbdaeYGGXzDZW/FX4w==,type:str] home-assistant-ldap: ENC[AES256_GCM,data:uZEPbSnkgQYSd8ev6FD8TRHWWr+vusadtMcvP7KKL2AZAV0h1hga5fODN6I5u0DNL9hq2pNM+FwU0E/svWLRww==,iv:IhmUgSu34NaAY+kUZehx40uymydUYYAyte1aGqQ33/8=,tag:BKFCJPr7Vz4EG78ry/ZD7g==,type:str] @@ -59,8 +57,8 @@ sops: WXJpUUxadERyYUExRFMzNzBXaUVET3cKG9ZwWy5YvTr/BAw/i+ZJos5trwRvaW5j eV/SHiEteZZtCuCVFAp3iolE/mJyu97nA2yFwWaLN86h+/xkOJsdqA== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-03-01T22:14:10Z" - mac: ENC[AES256_GCM,data:UWwjvi8jLNgu4l7ldMYtkAATm3y5+BSxbCuPN/e1OC4/3ULYJndqFLfTOMpqQbj2+uHo3onelK4f0MAJuSH0oUx58CclkNBBLE0RXafxbowa7kJtTNDfTboJNqH7rFmhGhqCtHAOOpKBuowqoOUHP5BtzZfucra0Q/pIJt5lma0=,iv:iJEW/mTbizioPSN8G+WqHSipx8P6VCDrVG/Cmk+MBUc=,tag:L4OkeKec5AZdCrpUrnqcOA==,type:str] + lastmodified: "2024-11-20T21:39:00Z" + mac: ENC[AES256_GCM,data:JCFvFwSqnAQCOB76n5pfQsdsaod8bBiVZ2VY+WWBDWi84gQByhqy808E2ZZJSJ1/amUi8dNBeOPNWZIGdieuWJyatrqjWziAl7gXx5u35i77sS6hAD+G/Fc/elgRbjc0VIbplZ7UxBmwo3vkVpI4RqQiQv63MvKHI+TkoY8vFUM=,iv:uy50x8FqqDW7hCLZeHfhFB/dxa3N6kM2Vj9waAZJngg=,tag:Wt1FG0kW4VFZ2fvvAC0T4A==,type:str] pgp: [] unencrypted_suffix: _unencrypted - version: 3.9.4 + version: 3.8.1 diff --git a/hosts/gpd-win4/configuration.nix b/hosts/gpd-win4/configuration.nix index 6ca8d6d..ac6ce7b 100644 --- a/hosts/gpd-win4/configuration.nix +++ b/hosts/gpd-win4/configuration.nix @@ -1,89 +1,21 @@ { config, lib, pkgs, ... }: -let - unstable = import (fetchTarball https://nixos.org/channels/nixos-unstable/nixexprs.tar.xz) { - config = { allowUnfree = true; }; - }; - - impermanence = builtins.fetchTarball "https://github.com/nix-community/impermanence/archive/master.tar.gz"; -in { +{ imports = [ - "${impermanence}/nixos.nix" ./hardware-configuration.nix - # (Optional) comment out if you don’t want Sway as default: - # ./modules/sway/sway.nix - - ./modules/nvim/default.nix + ./sway/sway.nix + ./nvim/default.nix ./utils/bento.nix ./utils/modules/sops.nix ./utils/modules/nur.nix ./utils/modules/autoupgrade.nix ./users + + # Import our new steam-deck-mode module ./modules/steam-deck-mode.nix ]; - nixpkgs.overlays = [ - (import ./utils/overlays/packages.nix) - ]; - - services.gvfs.enable = true; - - fonts.packages = with pkgs; [ - git - git-lfs - open-sans - nix-prefetch - jq - oh-my-zsh - zsh-autosuggestions - zsh-completions - zsh-syntax-highlighting - zsh-history-substring-search - creality-print - ]; - - programs.zsh = { - enable = true; - ohMyZsh = { - enable = true; # Enable Oh My Zsh - theme = "steeef"; # Set theme - plugins = [ "git" ]; # Add plugins - }; - }; - users.defaultUserShell = pkgs.zsh; - - services.fwupd.enable = true; - - environment.persistence."/nix/persist" = { - hideMounts = true; - directories = [ - "/home" - ]; - }; - environment.persistence."/nix/persist/system" = { - hideMounts = true; - directories = [ - "/etc/nixos" - "/root/.ssh" - "/var/bento" - "/var/log" - "/var/lib/bluetooth" - "/var/lib/docker" - "/var/lib/nixos" - "/etc/NetworkManager/system-connections" - ]; - files = [ - "/etc/machine-id" - { file = "/etc/ssh/ssh_host_ed25519_key"; parentDirectory = { mode = "u=rwx,g=,o="; }; } - { file = "/etc/ssh/ssh_host_ed25519_key.pub"; parentDirectory = { mode = "u=rwx,g=,o="; }; } - ]; - }; - - sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; - sops.defaultSopsFile = ./secrets.yaml; - networking.hostName = "gpd-win4"; time.timeZone = "Europe/Vienna"; - nixpkgs.config.allowUnfree = true; nixpkgs.config.allowBroken = true; console.keyMap = "de"; @@ -94,89 +26,19 @@ in { users.users.dominik = { isNormalUser = true; - hashedPassword = "$y$j9T$btz9xel62NjCyLdQRm5ck1$iCm6R7u4wiMeSVfrB6Y.3UwoQJ/rfkXiYSrXI2RTYm/"; - extraGroups = [ "wheel" "disk" "video" "audio" "mysql" "docker" "vboxusers" "networkmanager" "onepassword" "onepassword-cli" "dialout" ]; # Enable ‘sudo’ for the user. + hashedPassword = ""; # Replace with real hash + extraGroups = [ "wheel" "video" "audio" "input" ]; }; powerManagement.cpuFreqGovernor = "powersave"; - virtualisation.docker.enable = true; - sops.secrets.epicenter_vpn_ca = {}; - sops.secrets.epicenter_vpn_cert = {}; - sops.secrets.epicenter_vpn_key = {}; - sops.secrets.wg-cloonar-key = {}; + # In case you want a persistent /home or other directories: + # environment.persistence."/nix/persist" = { + # hideMounts = true; + # directories = [ "/home" ]; + # }; - environment.systemPackages = with pkgs; [ - bento - docker-compose - drone-cli - git-filter-repo - nix-prefetch-git - vim - wget - wireguard-tools - # Fingerprint packages for normal system (enrollment, management) - fprintd - libfprint-2-tod1-goodix - ]; - - environment.variables = { - TERMINAL_COMMAND = "alacritty"; - }; - - services.blueman.enable = true; - - networking.wireguard.interfaces = { - wg0 = { - ips = [ "10.42.98.203/32" ]; - privateKeyFile = config.sops.secrets.wg-cloonar-key.path; - peers = [ - { - publicKey = "TKQVDmBnf9av46kQxLQSBDhAeaK8r1zh8zpU64zuc1Q="; - allowedIPs = [ - "10.42.96.0/20" - "10.254.240.0/24" - "10.254.235.0/24" - "10.14.0.0/16" - "10.25.0.0/16" - ]; - endpoint = "vpn.cloonar.com:51820"; - persistentKeepalive = 25; - } - ]; - postSetup = '' - printf "nameserver 10.42.97.1\nsearch cloonar.com" | ${pkgs.openresolv}/bin/resolvconf -a wg0 -m 0 -x - ''; - }; - }; - - nix = { - settings.auto-optimise-store = true; - settings.experimental-features = [ "nix-command" "flakes" ]; - gc = { - automatic = true; - dates = "weekly"; - options = "--delete-older-than 30d"; - }; - extraOptions = '' - min-free = 104857600 - max-free = 1073741824 - ''; - }; - - services.xserver.enable = true; - services.xserver.displayManager.gdm.enable = true; - services.xserver.desktopManager.gnome.enable = true; - services.displayManager.defaultSession = "gnome"; - - # Enable fprintd for fingerprint authentication in the OS - services.fprintd.enable = true; - - # In some NixOS releases, GDM forcibly sets fprintAuth = false. - # We'll override them with mkForce. Also note that the display manager’s - # PAM config might be "gdm-password" rather than just "gdm". - security.pam.services."login".fprintAuth = lib.mkForce true; - security.pam.services."gdm-password".fprintAuth = lib.mkForce true; - - system.stateVersion = "24.11"; + # This system tries to unify the "Steam Deck Mode" and "Sway" approach + # with toggling via systemd user services. + system.stateVersion = "24.05"; } diff --git a/hosts/gpd-win4/hardware-configuration.nix b/hosts/gpd-win4/hardware-configuration.nix index ac4b317..d8a07ce 100644 --- a/hosts/gpd-win4/hardware-configuration.nix +++ b/hosts/gpd-win4/hardware-configuration.nix @@ -4,54 +4,39 @@ (modulesPath + "/installer/scan/not-detected.nix") ]; - boot.loader.systemd-boot = { - enable = true; - configurationLimit = 5; - }; + boot.loader.systemd-boot.enable = true; boot.loader.efi.canTouchEfiVariables = true; - # Use systemd in the initrd - boot.initrd.systemd.enable = true; - - # Include fingerprint packages in the initrd so you can unlock LUKS with fingerprint - boot.initrd.systemd.packages = [ - pkgs.fprintd - pkgs.libfprint-2-tod1-goodix - ]; - - boot.initrd.availableKernelModules = [ - "nvme" - "xhci_pci" - "thunderbolt" - "usbhid" - "usb_storage" - "sd_mod" - ]; - boot.initrd.kernelModules = []; - boot.kernelModules = [ "amdgpu" "kvm-amd" ]; - boot.extraModulePackages = []; + boot.initrd.kernelModules = [ "amdgpu" "kvm-amd" ]; hardware.cpu.amd.updateMicrocode = lib.mkDefault true; - # Ephemeral root on tmpfs - fileSystems."/" = { - device = "none"; - fsType = "tmpfs"; - options = [ "size=16G" "mode=755" ]; + fileSystems."/" = + { + device = "none"; + fsType = "tmpfs"; + options = [ "size=16G" "mode=755" ]; + }; + fileSystems."/nix" = + { + device = "/dev/disk/by-uuid/856e1ebe-832f-422d-8d91-d43a5d852abb"; + fsType = "f2fs"; + }; + + boot.initrd = { + luks.devices."enc" = { + crypttabExtraOpts = [ "fido2-device=auto" ]; + device = "/dev/disk/by-uuid/08897ecb-23ce-4352-a1fc-fa442b9e0f72"; + }; + systemd.enable = true; }; - fileSystems."/boot" = { - device = "/dev/disk/by-uuid/8BC1-69F5"; - fsType = "vfat"; - options = [ "fmask=0022" "dmask=0022" ]; - }; - fileSystems."/nix" = { - device = "/dev/disk/by-uuid/7530231d-afe3-4571-934b-826d7b1702b2"; - fsType = "f2fs"; - }; - - boot.initrd.luks.devices."luks-1506e138-e941-43e1-a133-06ae3299b62b".device = - "/dev/disk/by-uuid/1506e138-e941-43e1-a133-06ae3299b62b"; + fileSystems."/boot" = + { + device = "/dev/disk/by-uuid/1521-B173"; + fsType = "vfat"; + options = [ "fmask=0022" "dmask=0022" ]; + }; hardware.graphics = { enable = true; diff --git a/hosts/gpd-win4/modules/steam-deck-mode.nix b/hosts/gpd-win4/modules/steam-deck-mode.nix index a3695e1..2c5fe5d 100644 --- a/hosts/gpd-win4/modules/steam-deck-mode.nix +++ b/hosts/gpd-win4/modules/steam-deck-mode.nix @@ -2,59 +2,77 @@ let cfgUser = "dominik"; # Adjust to your username in { + #### 1) Provide two scripts: + #### - `steam-deck-mode.sh`: Runs Steam Big Picture with Gamescope (Wayland). + #### - `sway-session.sh`: Starts Sway. environment.etc."steam-deck-mode.sh".text = '' #!/usr/bin/env bash - # Launches Steam in Big Picture with Gamescope. - # On exit, user service stops, triggering ExecStopPost to start GNOME. + + # This script launches Steam in Big Picture mode under Gamescope (Wayland). + # Once Steam (or Gamescope) exits, the systemd user service stops. + # The ExecStopPost hook in the user service will then start Sway automatically. + + # For safety, kill any existing Steam instance pgrep steam && steam -shutdown || true sleep 1 + + # Use Gamescope in fullscreen mode, exit on Steam exit, run Steam in Gamepad UI exec gamescope -W 1280 -H 800 -f -e -- steam -gamepadui ''; - environment.etc."gnome-session.sh".text = '' + environment.etc."sway-session.sh".text = '' #!/usr/bin/env bash - # Start a GNOME session - exec gnome-session + + # This script starts a Sway session. When Sway exits, the user service stops, + # which triggers ExecStopPost to start Steam Big Picture again. + + exec sway ''; + #### Make these scripts executable via a simple systemd service: systemd.services."make-scripts-executable" = { - description = "Make steam-deck-mode and gnome-session scripts executable"; + description = "Make steam-deck-mode.sh and sway-session.sh executable"; wantedBy = [ "multi-user.target" ]; serviceConfig.ExecStart = [ "${pkgs.coreutils}/bin/chmod +x /etc/steam-deck-mode.sh" - "${pkgs.coreutils}/bin/chmod +x /etc/gnome-session.sh" + "${pkgs.coreutils}/bin/chmod +x /etc/sway-session.sh" ]; }; - # Steam Deck Mode service + #### 2) Create two systemd *user* services: + #### - steam-deck-mode: On stop, automatically start sway + #### - sway: On stop, automatically start steam-deck-mode systemd.user.services."steam-deck-mode" = { - description = "Steam Deck Mode (Gamescope + Steam Big Picture)"; - wantedBy = [ "default.target" ]; + description = "Steam Deck Mode (Wayland Gamescope + Steam Big Picture)"; + wantedBy = [ "default.target" ]; # So we can enable it for the user serviceConfig = { Type = "simple"; ExecStart = "/etc/steam-deck-mode.sh"; - ExecStopPost = "${pkgs.systemd}/bin/systemctl --user start gnome-session"; - Restart = "no"; + # On exit, automatically trigger Sway + ExecStopPost = "${pkgs.systemd}/bin/systemctl --user start sway"; + Restart = "no"; # If Steam crashes, you can change to 'on-failure' if desired }; }; - # GNOME Session (Wayland) service - systemd.user.services."gnome-session" = { - description = "GNOME Session (Wayland)"; - wantedBy = [ ]; + systemd.user.services."sway" = { + description = "Sway WM Session"; + wantedBy = [ ]; # We won't start this on login by default, but from steam or a script serviceConfig = { Type = "simple"; - ExecStart = "/etc/gnome-session.sh"; + ExecStart = "/etc/sway-session.sh"; + # On exit, automatically trigger Steam Deck Mode ExecStopPost = "${pkgs.systemd}/bin/systemctl --user start steam-deck-mode"; Restart = "no"; }; }; - # Quick script to switch from GNOME to Steam Big Picture + #### 3) Provide a script & desktop entry to let you switch from Sway to Game Mode easily + #### (i.e., stop the 'sway' service, which triggers Steam). environment.etc."switch-to-game-mode.sh".text = '' #!/usr/bin/env bash - # Stop GNOME => triggers Steam in ExecStopPost - ${pkgs.systemd}/bin/systemctl --user stop gnome-session + # This script stops Sway, causing the user service to exit + # The ExecStopPost of that service will start steam-deck-mode automatically. + ${pkgs.systemd}/bin/systemctl --user stop sway ''; systemd.services."make-switch-to-game-mode-executable" = { @@ -68,24 +86,21 @@ in { environment.etc."xdg/applications/switch-to-game-mode.desktop".text = '' [Desktop Entry] Name=Switch to Game Mode - Comment=Stop GNOME and start Steam (Gamescope) + Comment=Stop Sway and start Steam Big Picture (Gamescope) Exec=/etc/switch-to-game-mode.sh Terminal=false Type=Application Categories=Game; ''; - # Update to new hardware.graphics.* options - hardware.graphics.enable = true; - hardware.graphics.enable32Bit = true; + #### 4) If you want to start directly in Steam Deck Mode on boot (no display manager), + #### enable auto-login on TTY and run the user service for "dominik". + #### For example (uncomment if you want an immediate console login): + # services.getty.autologinUser = cfgUser; + # systemd.user.services."steam-deck-mode".wantedBy = [ "default.target" ]; # already set + # You'd do 'systemctl --user enable steam-deck-mode' as that user to start it on login. - # Include AMD Vulkan for 64bit & 32bit - hardware.graphics.extraPackages = [ - pkgs.amdvlk - pkgs.driversi686Linux.amdvlk - ]; - - # A recommended set of gaming packages + #### 5) Additional recommended gaming packages if not set elsewhere: environment.systemPackages = with pkgs; [ steam gamemode @@ -93,11 +108,22 @@ in { vulkan-tools vulkan-loader vulkan-headers + # ... ]; - # Move the Steam Deck controller rules to services.udev.extraRules - # services.udev.extraRules = '' - # SUBSYSTEM=="usb", ATTRS{idVendor}=="28de", MODE="0666" - # KERNEL=="uinput", MODE="0660", GROUP="input", OPTIONS+="static_node=uinput" - # ''; + #### 6) Enable 32-bit support for Steam + hardware.opengl.enable = true; + hardware.opengl.driSupport32Bit = true; + hardware.graphics.enable = true; + hardware.graphics.enable32Bit = true; + hardware.graphics.extraPackages = [ + pkgs.amdvlk + pkgs.driversi686Linux.amdvlk + ]; + + #### 7) Optionally handle udev rules for Steam/Controllers if needed + environment.etc."udev/rules.d/99-steamdeck-controller.rules".text = '' + SUBSYSTEM=="usb", ATTRS{idVendor}=="28de", MODE="0666" + KERNEL=="uinput", MODE="0660", GROUP="input", OPTIONS+="static_node=uinput" + ''; } diff --git a/hosts/gpd-win4/secrets.yaml b/hosts/gpd-win4/secrets.yaml deleted file mode 100644 index 4077ef0..0000000 --- a/hosts/gpd-win4/secrets.yaml +++ /dev/null @@ -1,42 +0,0 @@ -epicenter_vpn_ca: ENC[AES256_GCM,data:DUvpuL92zpQkK0auXGdHDw+f5gzjMARMroBknmgR+eq1LV5aISdA0XOCw7d3VFpMtHY+tPM4pDEWlnGJDoHDJBSFAUdmbLkDq2DvoDR1RBbsidmlXpvu7UnL4OyCgrN9G3I65HQmCh64/453T0Y5MZKUiFZXn9SZJgOU3h0qOnAiIKTQADXmUo6imhLuUdPxjwiLkNp8zHNystbfUuZkF15J+TXV9yndy/E8E4sFs4uysK9E+VM84v0q75zTf48cheE+cBGI9xOP5QMvSND6MloyGYUTPZOiQyz8M9AmJObvQFryysKf5Q1W1GBiTz9FVuSsr1IM7meljdBYwfxQaA5MurdsXVFYfdRgL6NyL5x7WOd367pgtBBwuVyT+cygg5ITIBc6YTuT8thp/q0BsJkq1OdVQrLa4PK12Tg2IOUg2Za/tLJxxiNWqs1gAmTWEIGAeJWmNgCZAjJIISwTGcdbpdWqhjAEgaaLf9ZD0hUXQ5MmSO+KXzP7lIGgqCXoMEc7W7rn3R2VkIrvaVgCBK3psTg6+CxoPQwnYbUKgPLG7ys54eECJyRfc8YPH1957Q67pYkVD166ZP/sDJfplOGH19QyFnaaSLRLoXCAfWuO72NwO/fSljN4+pmB6Ev1cRCe4mXicz7TTqGG740VOam/JW4OJCrnHVs67cs9/MsVSNZOsI+x44TKJjaFph4onaodDh5P7e52IkfRnHnjK6FjEvYPasUr9YDqUR3ucHxhD9UqvINDwhp3L/zyFb2HRuO1KzEQLzmG96xiJpJxBVl8GOTeNrK2owOf6cCuh6o3iPaAFjFok26gI1ujX/mPbBigOxB6S0cLOLoA7oA+E6L22nsoYdIwjU4b6Y/DQvndgsZFnycLsSA4TRYHUH1Q51fGU3S/zAlB66rYchsw3JqODD51axxEdo5uu/2a6K9c8BSDo+stHBPmGvty6IorhM+17IGwSVrnxBFbSICja/Mi9eHmkUuUQWaXe5iWiNGYOIe0Xsbu4PQANhDE0f4U1LboVdI46uVhBV36zLSRJ5hUYARdmaz+aUSfNSE20xwCQiqd4U1cb2W6ZRER5WOfNFa8LCjk1YyhDY1yKCbo5tZrYZtmo4T47EuH/2uyW9vPtDlAhpZWmJJ0LEbZMhl9hIEAgGYmhnxPIVItJWHgq4O+YavYWvu1qgbdBC/FZJ8xx0uSy48oKCbuTUbIBUHQ37/6wp+IC+FAoYc2CDgCKzYvYjGrjMr+l/bhWE6KqI2DE/8yG4sOZIyrKNOYRq/aqDRkaeu96bLSYZECoLpohEKRNLTFQ+J8btjGX+xak0HRNEX9bxx8Zs3ml8mDKfh11uy05zPMVU4jaLrc5VtvmNdCg1EffbtEIRhi88aP5K2flRLxvSsYODd8iisqJ3CEqa8/C/FoHhWqgs7vk9UeRs46CJjGQ2Nx7UeQhAK8ey8FwqqSPQ6hp6jFnAv5ha583GZm3G8CsapajioHOpNcyYRhUW/ekdQ1E7DafOLRRO0hdWws8fsP/96uuWJ1Ir1ec2pepmh8s9zCZl/CKSU6+PUjX03Y9buZDnAYao5nDFsF5hgi2nLCTRbHnCh/S5C4NL/Lss2gi/9HdQUWr3KNONgoGbdRNS4MHtK/t9MtxQT8FOS54fM76XLygYZhQEQuDHUr3vaihOPKXncPNx+M4IGd+tsOoGADfpZk7W4OLd5jl8OiCulKvmRXzGCrmyofifh6XBE/EDa97j4eXt/fZPhUh+kv7i39mLKiccPUqpq9WYA/pqlMc84PAsewRerk3Z7jygFb2oX8LwYX2vDer565q+74n/y+oqz/CQ7jypoGBC8f9a16h2e2ZuvjQZ2sUdBB0xKwmLHC5mXLRkJYZ8Myt0Bzp0iVnC8P,iv:0GfL3sG36nsg/4BPw32kKMB78TmbN+mLq/mqEFp0yas=,tag:x+kxJsS+Fn7VO3MlOmqgwQ==,type:str] -epicenter_vpn_cert: ENC[AES256_GCM,data:y94SNCZISKCGbG3dtMZKPntzHvmvAK9fr0+TASNUPp+RG0o7sWRZHrAk+zs4x6tTJpRMCN3VJUzH0bkSHrsKHsYLwVOT5Sb3l7y0CUjjT463NWj1ZipaMU94NRbtDC6Q4sMkFQPaLEefaOhjQu2a2qMx0FkQ9OA3T4f4u5GVN72/PTftHw3SybhptlF5L1e3Q69J3H0uVGRuXmmrws6HcLb2th9sAYPAi82yEimdzPa154DKIRcBY78QVkRz4X7VVyLFY3X34TMvGTmKP7MsW5lApVd/qoML0MkqvrWdEClMWG7i4jMRjSUSRIVr33DE8ds4aBx565tKQ9rVZT7KPZU7IbFqgKP6TQN8w7g5mY3aImPlRMB/xb7V8a+qBScOgBiwCgdAnz+PKGaCwcaBba80q0m/gONkxgVy+QKLLdALjb3iUpKiGvWFLwsKr/hQ1O0h7MBFDTGqWniiXZbyb39HABZNVtKAC/4qouG/G+hP6fpk/+TMtjRNSh6wWtyiYvTeFOtCWfi6YEC7IZFautr3vcu24soA+Q4vFwYr6lIEPnQYlpBCr/TLVzEvxWEjsR8G2RaBSWGm2E0tre8qVSFkJwz+niL8FQgaQTjnsYmJGHFS8sxseGuAakuSH+gzopc75H6y2pEnZrpQMOMyDq0GMkIW8xGk7x5Ewq1DZ8ji13Y8xtnbLqiJkhPc19JDoXdpls/40K4Ymrz6dOO8zxzvW8SHF47gOYvp+a5d3vqwXFZH2qDUvdScV5eATmK8ltfGod9PbZWgFzhp336dkba5aAspXlyzAlRRqrVhvpff+V8cyHTIz9qA8fhXv+v2pN0E/Es1NTJhtQo09OGnZn82lfVyR93hLtr6AgbDggwhvAOlJr/pAt0YZ5FhehhhnH0+ekUJC0YemUMj0QVbpxIWc4rt5n7nqewSHC8feo6Zfc4NHfE8sWemGGm2sUOdf6C2F9k0h+Snwfyu95XIWccMAC/Ii14ciu/nj0L67bbj8XAECjWCIlhhCJcMXlpxfU3lZX7zEy4WH+IqV1399KmtvUssuObBb9uAMwHjZl0l2GVQPo3clDea2ZP5HDO9B3kWRqpvIrjawh4IM73O43jbIDgjNXMijnH0GJu8FH8igS+7JOhRHrOBQiNc0unx6EgAfXHo3v6o8ktzbtRcUwU8k+wldU1cu9ugpVpG9j8O+zvPYkaH+0xfdAdxDKXz+4e8462O5zr3IVRp63CBBNtnTn6fcwnxgD9ouhgyyLBylzrwCmRAODHyukJovkNARWmhcYCAnYhrYf9KqaCoeRLmFq8sLMeiYGDTJ/+PTyheZMHboaoZbUbnRtrvuXQiCHqDKxSan0OACW+oXgCBgZSshj8lb58A+zjpMVy4Wis8s6K9HFpiPSP4tmHxXvOod2+qL/eZBV4LhLoahO0gg3+DUPTeJVO+4I7YZYLVXBhf0OC7z8jMGf8Q4SjO8p6Vufx2KXIEpcITto0IJFsIAv9UVfsKVyvVeuGaGGi8VQWhexdQxjDtoURRts91EFNpJ86o9HPbQCAWXBx9hlnBH2zZntqPd5eVA57s67i1dWpuudD/oBzGn3fBv3Fck9tpArMNSrOtbtl3sBc6Calo/5+HWSY4tz1Hnrlv0/IxD2EcgzH5dFu6klTn3gaMdgd288/kRPDzfdcVGqlvV8rQJjTD1XN48FK/Zp2ydCede+SKLidqrqz1ISXOwsya0ivfc4Vdk3hhnnkTnqZT3qR88Z69X+9QkYCVNaoojTiBoRCekqNDI3Ev8MKp1eX0E3rXT3AG3E7xEFGulhe2C9RdMwQg0QG/Ws7n/CtTeVwpv+JG73TlDnBzoVHN6fqKBVchbGPtcObM90N2itJ/wf3jXefhrrsQudLch+Mwp72YcvCKqOMsrO3egvNxIiLKrrVOI8buo0NJrPoQE3/+rZQFzx2r0AHkrwEUHGUvr2oHDJyXwSY2/7zCYbewN44Zjo7n5ofOhSUsaGJNySHgC6V74gyU0UCUEBnF8fZK/Y6QgdtT9gApHVtJwXRvLig2P11bIlyWZjISRaAVAUAMKdS8ir8l+P3NL8kBZstfpH2eeYFHIWeZ7VrVTs4CaHDzkyMizui0EBfvf5irWeJvIekCWnetfo047QKJvrKr+6239QxH5ni7wlzWxiZNcewaOfCK2SqOvYz6NIRp+/blZuxL2pXhTInB/XxbP2zHH64dC8AVvViU8bI2DR/HhzbbpEylzD4ttvil7hLt6AMpugFrmAgWd6JU5yM9lXoTSprmXZ7awYTLcQlCQu9cUNXF0JdtELA/oQipEEUz+2lRt3B+0abYGVWb,iv:MVId1jgmyhY/iUxnjca5IpYwlzUAsa6Nwchg52AKgRc=,tag:1RASj3dFAYVNphJ4zjXxtA==,type:str] -epicenter_vpn_key: ENC[AES256_GCM,data:Kt33OLiauTrkzSwib2px/rZoQO6tlCzsy2exxIrZb91ukUDo716+JaZ2dB6FEjx/z0jaUEiU8u3lZbq4gkhwXe/hwUnr7pIW+V1InJhuGOAENfnusDkSu6P5pVpE5FNBKYF6u77/h5pdWwI/bHo7Hfi7f1xVtPkAeSqDScprUOVIoEYeJ0AXo0L9xCQVPSIAsdrh2jZQPe1S4iCLqQTTYK5CvP4/1wjwA2C4PheXEK5Z74Xkxd3pRI0cogpt711+ujMbh01siQNs9tk5+pk8vbXV6M5duzQlJar6iF47GsaomFkLNsk4QvTVZ7kKIMWEfOzwgwniI8YGtDgjxCvd13H1agaeDjsboFxR3i5aI0ZKC4sP7aTASDQbWwTQxoFdMlHjbkMvVWAT1CxUw/phUfwA8L5xLBxzauvHgE0B/R2rW5FU+qaDZfyUts9RyIJzaF+bESz6YKV27i1ZQNp00YPH9jy05uYDjPldLo2PLzgLQHMsSwZ60KKlHU68gGtVI7qtH9fpy34h0/6IsCRAJF1mRHEHHzC8Ny4Q7dtN3GenMPVT07dwgEYczONjbtrpyKoLDHnAf5JguUydLIKvcxDwNmfXlaAcOzX9seEO0L+Wy2sjG5SCKjPA0wTwIvpWuthTpTaptde0KDBauzJZZvkx3FnABF5Ho2VHCY9MkQxnc61488rQXv15FNM2WaTKcI97b/kc+PXK0XbvKD1OKJ/fyNloaLPAJKB7Q+Nu9sSK91nyM5WOALhkp/5PiKQhSO75X1qsd2S35mWY6upES887He2rdmNjt0YPVzETVXhDk48OHwNNcqKTG0qs354/bF00lQJ7asQaHZ9vnomZTy3F+vWdadmUntu3r0lz/74ZEA1rWe+CIyINkuGcT0q48FMwlzms6XXYe4qnVjG1Yu/PknI6XfIpEAHN3aR/dVkpvwSDKzJD9mUr18IoXf7mcbRmhc0yAz7dmoT+Z5x+/z4G5u5xmMa9lvtHOnaXn0RhbMQP/Gziy9hB7GySGyztnBxOLghO6pnY17Etxcd+RDGkHb+PAZY2tJi3ObTry10dT3Zcx4aHNp69EcOjTQ1+629jFatFB2dhgIt2JdWbpgwppE2QB0g5cFY3e8s3rdriHfXsZNFt1xF7aaBYBUb/Z29EeC3EGUyV1fjhG0ZMDuZAw/7UEOObWS1Mx+z707OWWwGXy+5BYdSC/sYzUF9aMfGXjfttsqr36Cza9aSia6Qin5vMmJtpLYl1WGA3TjcgnglVhgKmg9DvEijm/pa1gy5hMX9SQgV0SuHtWfGIo+uleBr3n38CGJ8BOVJbZ4pHR4JQWrAjxE5MHIzZRF1UmbxWUoqL73IyTGZQovPrLO+z6rl+Djd7bGcQgpsBd8nJaOG5qoSH3Y40+onrlAz4WmKWPaSAclSgSPdHE4OEHIPzzrzLOaJWrI9B04LG9qMfhtpMNse/O4XT76QBfgaeDtKHO4Pv7T9PjIHYC4dPljkvrthEPQeJwo1zywDw2uu+I+WyxWuEGuR9JByJ8s7vaSLcDSP1BRkAq+i+YDDB4/a9iWmF4db/mKjVn6c+NRJjmugoCPeVbzyAfkxBm0nXVjQpOAsYGvGneAN53xHJmZ4kO91wrx+i+lXfRsnU3pgYYfHOePEhCUZoFXSVCFy0ksZKSHQSZb+v4x6CsvtpomUP6u0LIukZgZEgNsrpHXn4oQ0uzrts9LwKECAjGpgRINdJ6XCD8uxcIE+uuS5wyOWg/m1TmC5MThTwe4UfpxD0erMiqgGSSJ+xWuwmnjSS62XmLHnfe+VWEiLOk/7vWQxLy3bdHSfSXCee76isRcFpRKY+x59/Tj02I3F5onVuqAehtLkL4zUgdavmLmKI/81uKRTcMtXdFnYuCR+4xBZYauVtL3t7yhozhZwSZe/02mBahe61dwhZIIbAbAqivbrw210H5cKi9R9i+dR85ISJTrGFlXwT1EX/kD8BWdWPZrg9s5JD2jzrl56dKu+oeNPCZNuD6qlCaFBytJOixj/WkggyMGtOcy2do7MZZfuswbLLdD8ClzUx2D+nrRfae7Mze0s7KhyArmtjRyAfh8xqD+vTR7/yh8mgp2k5XOBw2bdCqH79ctq50drdBnpLuILKuruO/A1isS6YkjD0vxXQZh3yt5D3iqlAAOHdIzaWf8q0zUQsHp0aOgZG0WSlVPg44oHEG40O+laDu62fgcI4JisL6KwdJIPidw==,iv:pB/cNgmHi14ugi6kd+J6poWXX79LMHiiakNa03ibZ0Q=,tag:nLfjOesXDm5/QtwHznJROw==,type:str] -wg-cloonar-key: ENC[AES256_GCM,data:raK+FXMb2EBzLEYQzDQ9TZSz5v1X+CGV9ghZuA/NoVwn4OnTWWhY9x/wTZA=,iv:kq2qdYAgoHogRoOzUaOc64uJF0ji/XuaLaO0HEp0l4A=,tag:1fKSyzv/FqxLl6Uv3DQv7Q==,type:str] -sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] - age: - - recipient: age14grjcxaq4h55yfnjxvnqhtswxhj9sfdcvyas4lwvpa8py27pjy2sv3g6v7 - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGUG5oZ1BPL1hiRm5zQ3FO - Zks2RWg1ODZGYm4rY05wT2dWTHFCN1FhcEY4ClB5N29SclVxWUpGaHF1V0o1cHVK - TWtoTGFsRHVERWgxczlqdysrRmVDM3cKLS0tIFNISWhUbmV5dERHSXV3ZW5Gd0l3 - bHZHdy9jUHhLSTFUWHBxUTcrT3FoaHcKpKjzC3KDD6TXpbPm/ObztJQzkNnnTnvH - uWzRhQg7lHAKiiz4szzT64WCuisxFAOJP1KrSK9qP5DLBm8aKIDcPA== - -----END AGE ENCRYPTED FILE----- - - recipient: age16veg3fmvpfm7a89a9fc8dvvsxmsthlm70nfxqspr6t8vnf9wkcwsvdq38d - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB4VU1JZ3FkQ2lPVE9KeGMw - c1lRWGlPU1BKbXlJc0lnVURNNjN4bDRNWFZ3CnQyRUE0MXllajgySHRkSTNRZ2U4 - K2w3bWEzNmxrZHRybXdFdnZCTmYySW8KLS0tIFduVUdYdDdVOS83QUxveG5lMDRi - M3E3bDhrM1FvMERESmI2RTdBTVNUMlkKoKhTGUYULeQvqMjwMCanDxD4yflGURgE - ROZe6d8R5Sya+RsS4uzNMs5KkjGeC/xjbNO22uSRennIwCqBaHNmgg== - -----END AGE ENCRYPTED FILE----- - - recipient: age1v6p8dan2t3w9h94fz4flldl32082j3s9x6zqq7u5j66keth9aphsd6pvch - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBMW1zeU5ubDloazBKNFR5 - M0xnbXQySWptOHFEQmQ0VHdvTWVieitYK1drCmI0VW5PVUFaTFo3STF2MUxSOXhC - T1YxY2lFMitKM29rS1FKQWRweStxUlUKLS0tIEFnQTlHcFJEcTAxem5QK2xrTm8r - L21ncjlQdGVDUjI2eXFIb3U2dW13bWsKuEwATNEUWtjuLsH7DQAt6J2l4blTId1W - A1kQ+0dfUKrZ0dsbvUA5L9+haUiK8f5RvapaKW+L2JEn7gW5wJSJEw== - -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-01-26T17:32:33Z" - mac: ENC[AES256_GCM,data:tYmCofgoeDlb1FI8dWNh9hy9tS/H3X4r2HzboKTRnTQqSz6M+nc4g/Gt7eb2OHcRzLqbg9WxanFeDrlOz5jIxKIDV+7PfNlPSPqXIQg/79u3g/qDiwbnSRa3s+2mVIK5GEN+5M5f11KfwHbtHn+bEUALGHPP1gpW6deKBUIITg4=,iv:xQBmQjsNuaTzUGXFrsqiXcKL79nN8nvaLDrnGYwR7rI=,tag:vmA465d7M19c1lc5X1qTqg==,type:str] - pgp: [] - unencrypted_suffix: _unencrypted - version: 3.9.2 diff --git a/hosts/mail/modules/dovecot.nix b/hosts/mail/modules/dovecot.nix index a9ef486..1bbc9c3 100644 --- a/hosts/mail/modules/dovecot.nix +++ b/hosts/mail/modules/dovecot.nix @@ -255,7 +255,7 @@ in "imap-test.${domain}" "imap-02.${domain}" ]; - postRun = "systemctl --no-block restart dovecot2.service"; + postRun = "sleep 2 && systemctl restart dovecot2.service"; }; networking.firewall.allowedTCPPorts = [ diff --git a/hosts/nb/configuration.nix b/hosts/nb/configuration.nix index 6302db1..2328735 100644 --- a/hosts/nb/configuration.nix +++ b/hosts/nb/configuration.nix @@ -18,7 +18,6 @@ in { imports = [ # Include the results of the hardware scan. "${impermanence}/nixos.nix" - # (import ).nixosModules.default ./utils/bento.nix ./utils/modules/sops.nix @@ -26,25 +25,19 @@ in { ./modules/appimage.nix ./modules/sway/sway.nix ./modules/printer.nix - # ./modules/cyberghost.nix + ./modules/cyberghost.nix + ./modules/nvim/default.nix ./utils/modules/autoupgrade.nix - ./modules/puppeteer.nix ./cachix.nix ./users - # coding - ./modules/nvim/default.nix - ./modules/coding.nix - # ./modules/steam.nix ./hardware-configuration.nix ]; - # services.snap.enable = true; - nixpkgs.overlays = [ (import ./utils/overlays/packages.nix) ]; @@ -79,6 +72,24 @@ in { } ]; + services.postgresql= { + enable = true; + ensureDatabases = ["dominik" "flowuser"]; + authentication = pkgs.lib.mkOverride 10 '' + local all all trust + host all all 127.0.0.1/32 trust + host all all ::1/128 trust + ''; + enableTCPIP = true; + ensureUsers = [ + { + name = "dominik"; # Replace with your actual Unix username + ensureClauses.superuser = true; + ensureClauses.login = true; + } + ]; + }; + programs.zsh = { enable = true; ohMyZsh = { @@ -203,21 +214,19 @@ in { git-filter-repo nix-prefetch-git openaudible - openmanus vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default. wget wireguard-tools wineWowPackages.stable wineWowPackages.fonts winetricks - pinentry-curses # ykfde ]; environment.variables = { TERMINAL_COMMAND = "alacritty"; }; - + services.blueman.enable = true; system.stateVersion = "24.05"; # Did you read the comment? @@ -272,14 +281,6 @@ in { }; }; - # pgp - services.pcscd.enable = true; - programs.gnupg.agent = { - enable = true; - enableSSHSupport = true; - pinentryPackage = pkgs.pinentry-curses; - }; - # networking.networkmanager.insertNameservers = [ "9.9.9.9" "149.112.112.11" "2620:fe::fe" "2620:fe::9" ]; # services.avahi.enable = false; # networking.resolvconf.enable = lib.mkForce false; @@ -343,3 +344,4 @@ in { } + diff --git a/hosts/nb/modules/coding.nix b/hosts/nb/modules/coding.nix deleted file mode 100644 index 92ba90d..0000000 --- a/hosts/nb/modules/coding.nix +++ /dev/null @@ -1,10 +0,0 @@ -{ config, pkgs, ... }: -let - unstable = import (fetchTarball https://nixos.org/channels/nixos-unstable/nixexprs.tar.xz) { - config = { allowUnfree = true; }; - }; -in { - environment.systemPackages = with pkgs; [ - unstable.claude-code - ]; -} diff --git a/hosts/nb/modules/development/default.nix b/hosts/nb/modules/development/default.nix deleted file mode 100644 index 37e24cf..0000000 --- a/hosts/nb/modules/development/default.nix +++ /dev/null @@ -1,13 +0,0 @@ -{ config, pkgs, lib, ... }: - -with lib; - -let - unstable = import (fetchTarball https://nixos.org/channels/nixos-unstable/nixexprs.tar.xz) { - config = { allowUnfree = true; }; - }; -in { - imports = [ - ./mcp.nix - ]; -} diff --git a/hosts/nb/modules/development/mcp.nix b/hosts/nb/modules/development/mcp.nix deleted file mode 100644 index bd8cc6d..0000000 --- a/hosts/nb/modules/development/mcp.nix +++ /dev/null @@ -1,11 +0,0 @@ - -{ config, pkgs, lib, ... }: -let -in { - nixpkgs.overlays = [ - (import (builtins.fetchTarball "https://github.com/natsukium/mcp-servers-nix/archive/main.tar.gz")).overlays.default - ]; - environment.systemPackages = with pkgs; [ - mcp-server-fetch - ]; -} diff --git a/hosts/nb/modules/nvim/chatgpt.nix b/hosts/nb/modules/nvim/chatgpt.nix index c3384b5..d81fab1 100644 --- a/hosts/nb/modules/nvim/chatgpt.nix +++ b/hosts/nb/modules/nvim/chatgpt.nix @@ -5,8 +5,8 @@ self: super: { version = "1.0.0"; src = super.fetchgit { url = "https://git.cloonar.com/Cloonar/chatgpt.vim.git"; - rev = "7fb8671840181ca5166fcf7b8a8d5f5e10a5efa7"; - sha256 = "sha256-g4sEUoZqxlliKHj1TAxwNXN400yLN+QB4wV3drmvf9w="; + rev = "aa12bca3abc868b4ebacbd22b6fde83deb656869"; + sha256 = "sha256-eK7GQNHR03fQ7j2ExX9QSA+AIW5c1b8fsat3kbS6f9k="; }; }; }; diff --git a/hosts/nb/modules/nvim/config/lspconfig.lua b/hosts/nb/modules/nvim/config/lspconfig.lua index 47070df..4886a8e 100644 --- a/hosts/nb/modules/nvim/config/lspconfig.lua +++ b/hosts/nb/modules/nvim/config/lspconfig.lua @@ -41,14 +41,5 @@ lspc.yamlls.setup({ }, }); --- autoformat json files with jq -vim.api.nvim_create_autocmd("FileType", { - pattern = "json", - callback = function(ev) - vim.bo[ev.buf].formatprg = “jq” - print("It's a json file") - end, -}) - -- lspc.intelephense.setup() diff --git a/hosts/nb/modules/nvim/default.nix b/hosts/nb/modules/nvim/default.nix index c7509b3..2d882f1 100644 --- a/hosts/nb/modules/nvim/default.nix +++ b/hosts/nb/modules/nvim/default.nix @@ -1,9 +1,4 @@ { pkgs, ... }: -let - unstable = import (fetchTarball https://nixos.org/channels/nixos-unstable/nixexprs.tar.xz) { - config = { allowUnfree = true; }; - }; -in { environment.variables = { EDITOR = "vim"; }; nixpkgs.overlays = [ @@ -14,7 +9,6 @@ in environment.systemPackages = with pkgs; [ nodePackages.typescript-language-server sumneko-lua-language-server - nest nodePackages.intelephense nodePackages.vscode-langservers-extracted nodePackages.yaml-language-server @@ -23,7 +17,6 @@ in ripgrep lua luaPackages.lyaml - unstable.aider-chat (neovim.override { vimAlias = true; configure = { @@ -48,7 +41,6 @@ in dracula-vim friendly-snippets gitsigns-nvim - jq lightline-vim lspkind-nvim mini-icons @@ -75,8 +67,7 @@ in vim-sneak vim-vsnip which-key-nvim - unstable.pkgs.vimPlugins.rest-nvim - aider-nvim + rest-nvim ]; opt = []; }; diff --git a/hosts/nb/modules/puppeteer.nix b/hosts/nb/modules/puppeteer.nix deleted file mode 100644 index c84529b..0000000 --- a/hosts/nb/modules/puppeteer.nix +++ /dev/null @@ -1,35 +0,0 @@ -{ config, pkgs, ... }: { - environment.systemPackages = with pkgs; [ - chromium - nodejs - # Graphics and font dependencies - freetype - fontconfig - # Additional runtime dependencies - alsa-lib - atk - cairo - cups - dbus - expat - gdk-pixbuf - glib - gtk3 - libdrm - libxkbcommon - mesa - nspr - nss - pango - xorg.libX11 - xorg.libXcomposite - xorg.libXdamage - xorg.libXext - xorg.libXfixes - xorg.libXrandr - ]; - - environment.variables = { - PUPPETEER_EXECUTABLE_PATH = "${pkgs.chromium}/bin/chromium"; - }; -} diff --git a/hosts/nb/modules/sway/sway.nix b/hosts/nb/modules/sway/sway.nix index f63e7d6..5514173 100644 --- a/hosts/nb/modules/sway/sway.nix +++ b/hosts/nb/modules/sway/sway.nix @@ -36,7 +36,6 @@ in { # ./rustdesk.nix ./thunderbird.nix ./bitwarden.nix - # ./vscode.nix ]; environment.variables.XCURSOR_SIZE = "24"; @@ -83,11 +82,8 @@ in { fontforge hypnotix - unstable.code-cursor - unstable.windsurf - unstable.codex - # vscode-insiders - # unstable.vscode-fhs + code-cursor + vscode-fhs quickemu @@ -136,20 +132,17 @@ in { mako mqttui moonlight-qt - nautilus netflix networkmanagerapplet nextcloud-client nodejs_22 onlyoffice-bin - obs-studio pavucontrol pcmanfm pinentry rbw rofi-rbw - # unstable.rustdesk - rustdesk-flutter + rustdesk slurp sway swaybg @@ -204,18 +197,5 @@ in { "xdg/waybar/config".text = builtins.readFile ./waybar.conf; "xdg/waybar/style.css".text = builtins.readFile ./waybar.css; "xdg/foot/foot.ini".text = builtins.readFile ./foot.ini; - - # dark mode - "xdg/gtk-2.0/gtkrc".text = "gtk-error-bell=0"; - "xdg/gtk-3.0/settings.ini".text = '' - [Settings] - gtk-error-bell=false - gtk-application-prefer-dark-theme=1 - ''; - "xdg/gtk-4.0/settings.ini".text = '' - [Settings] - gtk-error-bell=false - gtk-application-prefer-dark-theme=1 - ''; }; } diff --git a/hosts/nb/modules/sway/vscode.nix b/hosts/nb/modules/sway/vscode.nix deleted file mode 100644 index 3f0fc78..0000000 --- a/hosts/nb/modules/sway/vscode.nix +++ /dev/null @@ -1,16 +0,0 @@ -{ pkgs, ... }: let - unstable = import (fetchTarball https://nixos.org/channels/nixos-unstable/nixexprs.tar.xz) { - config = { allowUnfree = true; }; - }; - vscode-insiders = (unstable.vscode.override { isInsiders = true; }).overrideAttrs (oldAttrs: rec { - src = (builtins.fetchTarball { - url = "https://update.code.visualstudio.com/1.98.2-insider/linux-x64/insider"; - sha256 = "sha256-tV0VxDLJJPD4jfNEgVh3wMXg899VJxCS5a3putdetkA="; - }); - version = "1.98.0"; - }); -in { - environment.systemPackages = with pkgs; [ - vscode-insiders - ]; -} diff --git a/hosts/nb/secrets.yaml b/hosts/nb/secrets.yaml index 986c2f2..7f41cab 100644 --- a/hosts/nb/secrets.yaml +++ b/hosts/nb/secrets.yaml @@ -4,11 +4,10 @@ epicenter_vpn_key: ENC[AES256_GCM,data:Kt33OLiauTrkzSwib2px/rZoQO6tlCzsy2exxIrZb wg_private_key: ENC[AES256_GCM,data:A80vGf9aMxowC2xME4FIVTmKpSRLNB2tWiUQeP1v8vCRk6Gt8BKYOuXYt04=,iv:vr7qvfr78syrI5pIytjLouPwZcw4xvBTvEUzzv7ibnQ=,tag:qjALlFkd8JocLJqMKFERaw==,type:str] wg_preshared_key: ENC[AES256_GCM,data:bhXoD95ahDRawoHd5Z35FY0G6Xv0PHwWJf300fHQ5jNsGN1TQKHsIswx8YI=,iv:fBsIWkVZUt8pahuO9daaRBIEEIWsSnFW5Velj9uP2ZY=,tag:RvbCYhnRv0OrjTxjsNFW6g==,type:str] wg-cloonar-key: ENC[AES256_GCM,data:ZMEeIZApOD0ij3nPMZeQRwJ4MwVx0sHu08F+m/u6IMHBGid5YwMgxZ7qbLk=,iv:OfIZ9TqBLjToIQi7zRUBATrynBtu0bzXeGVI/EAUPhQ=,tag:mJICT/ak5U76JE/IxJsCKw==,type:str] -cyberghost_user_pass: ENC[AES256_GCM,data:Eaz8iEV9vNZh/bJePmacQ06zU8FfIA==,iv:GcnU10VLVJsoeIU6t6eVjopLsBamvk12DpMbM9BsBv0=,tag:rLYoghkD8O9JepnopJfiuw==,type:str] +wireguard_user_pass: ENC[AES256_GCM,data:pGs/Kx/j8bgVQ2MtnpnvPI+dBrUFew==,iv:oLYuxjbe88RqygmVTAVnwLUmpRyQLdWrLX/kMIK0MHE=,tag:CBOK/rpuJplurt6VKux0Kg==,type:str] cyberghost_ca: ENC[AES256_GCM,data:9PHq2qHLsCvAmJR3S4J2ccNk6ec/LDauR6KoIpvvHX2v7w87m9aoADw9nSbQtuBwJWjSGi/hqUAz4fa/pT6y1TjLiJxUDBmr7axjsc7b9IQMmQCO6zmCK4XR7TkVFWorwdQxJ0HVdXBFAkbzet1EZ4zv9QtwXuXK8MkH50dzI0HVLgX7EtHljnrANJ/EtJ6TsxBvMr7HMhNITUy7iHbiUQvFKanZ3FmwLgCO/K443szXa3+qKQmr4YxKOUqF41QnmpikjksgMw5rfJOhuxe2YTdswt3urWTOtVfRACUjkcivqjWZIz7PCULvJHTwqDDLR+mc1bxxgkyIfElx7Tv7+tjbZxCsWarekPmjg/lETRFxTkg30yyBsgXqFjYbxwBFTjZkkozpnBJbxZDq7VkgEIi3hl1ts1gUsj5Y9v4CDffKwAST18iDgq/Rb831878kujdiMH1qeMOgHVpFtrfjleK2MPjDYcTkXY0sOdOCzkFgFE92/dp2q50er3FTaIq69c8dYR3DkSt/KPVb5Og7j1hKRtGaBpgfEYVqKzB1aMm45ORfmUR9ZPzTZvGzk8jecFL5wxFK69QmP5/cMr29SASdm8repcE002hUJYKp6RALcRpo/e+Cvc5yetvwdFUwnghLgvmyW6CTzn87OsJQJPgl2X/b/iDJrlzaa56QCrH4rmulDf54RS4tQZol2tRAgnSrxhvKOlqSeuVRwczxqOeGNi2Mfel/HIHoc26GONUtHtF0dqCm1ZJvKPr5JOKRguEXcLo4ZSqcMCNg9PcfPBVV7C69K6kmA7+vqRr0I8Qv9Ls8ZDoywZ3L5CsaXYMFaOcTeDaKdmZiQnLPr+NjPuFmHn04EgjgWuk2VHCENB7w7m8nh35xDQaPaZbU0RdNahGJrVdUHKBs43dgCor+SNhnnV0UjjLLpD5off5xdgpxNNXEeNfxq3Y//XoNM4TQzk91em+KScuPW108Rylk0IYavOxIgNettmr7tTEb59UTK92ogEnQKNZOv0S1lEGwzQnD8R6tNUoESWIpyMc2FDlEd7UAuPNXGIebQnleMTNdp0FkJHSKXjhcKXf0WOD36RGw6D6KiX6A/tkO4EvBt0hn3pJ1nfqcZdhrRUivx9quyEWYbiosLduT1jj1q5jy/1nq+sA7bkNrx2af2Hp0h1+8nteWV/4kWCwpX7aEfv7oraoFQM52luF707caKX5hRr3sRK/Kw8ad589EZxDn+R9L9tx+T5ItPBNItNS+1T/dFxDeEEhiIPB5qeubVrwSTo6e+lJ7QErMOfsyIbG8vuIhj3J0nc6Iy6lvdPkCQi3J4/w0WRqLU9X2h0RiQhiwDdogE1bE1oPFUje07uk5FEwyzmfKQxx/4s1hBvFklKtV5LHcXAo+QkirwZYOpyIrNalmIK1CeQ/GGW57AcBNaCLd5W0MXzpai8h2wWtltezqzCz1izGV1SZpgXBqGhi+s7aVgIW4aNiBVhnf2JoIvIuLyZvbAo+45wk2Hh0WXgAxHaZ/mReRyT8BWbjWtIqQKCw4UTbl0kS+xsl2mblRD0nhv7K6d7xuuq+5BnBPhn07aOowwW8qcqzsvcJPMesErpzQy0umg4ODX3J7GEfjjMIoUosRP8gAE+4ReT9y9ApoB3krb5W9WTAfKt1nnMJxiycM0QU2DVaad57N+RNF4MhjyPXDvOM57xDbfzFmoRun+TqGNzmBsblnPkRXqvunRrTW7U+fn8fRBxZAVgrD5LQoUbp9hA1aY0xsM+D8l8xpFH7PRTDqItTkIP7J1IXbVSlc9hkLHVnz9MbdiE+ihjTVXjzkMCVwbMgFza+fSZw0bnnOLNsX5zXl8H5Z6jbkDmoFcaABEQdABY5kgTtE3Hizzzz8rUt9mxku3/Way3mDF5t96qi3rR+CByOz9JIRiAAEXJci2JG9tIgnFM31OA/zmshFVlBO0IYeRvSIF+QYd9ACH2ZUfeUPdQ/Js7fwLFqa9N0yyWIuj/8X8sSLO8b7kk7/2aotdK9RolMRj5pj0+lrr1Gdxk+EdcviHfL8Uig5snIR/tegZIZJLYT9HOIdrFYkTHds7/dQs92EqJNvKZmsA3H8CJoOIST1JyB5AAPn7Ad/qN9f33T6++RUKJTnMDnV/HfEkpIrkjAwQ4mLT+Mc6R1JBaLVPJ1qaH5rzkaZNyI/DX7g0DaMC2FOyAGPLYb2PieOPWXpoRSTvA18UidYu8msk77u/M/S4S4EqAT1dZgmkg9DvetgQ9GGRGQ4t/F2Evr6lGHdZQKC5aAF9GDPAHXbjv9zLllb+dlZR5TLmzrspgBcCzdKhpjKTCEpxLOyFhPzfzzDzOdHI2iQlKkFRmmPC22fKk+OqNFM58dA6qiPEMDcIcKWZ0kCyH0rV4Fpzx8WlBPLD1SoU2HADmz/1CePRK0jywWCd529wvjdEjFYaiWOmqAywxJQG7bvkx+68P4AosqUVvv6mso7L0maQVVFsSPiuR91b7al4luq/QZulZcOG/I8fLDJ3YvQIXHW11NlljHCCKiTh9Q80bJrx/pJxjKz1Ct6AffZshUq5l3TZrC0XWZNg8erO4QnKjSZ3yYivg/77BGj3WQTS6lkhHFNsQe29+seIwbV1zZQNc7l4WNkuiYBDAgXiN4xAthHZZmETWFU/Wqd2gAosTiOstxvN+GMXSjotRxnAMn+Pew5Jly4uh7EvOnGa1k1oq+CzVcTnh1bV6U1br3I55P1saN0QkyC1ua8ATlcEP8tB89IK+SeXOeXk/koSnjoAAuuTFFwsxdBjq+D2SGQ/YXoUkohG4ULvMyPq8CfCKOWWKAS7xAXiVgGrBDIZZ32I9sC+2vJkglKkCX+fr+j9eh8lokqTsfmUB07kTEsl2GmBEEpLwikeEVhM2ZFWzPcBEZS8+pfSe6dm1n6nfUqo1lOi23/FL6AlrfbbjX3iAqBE6vt77RFMqi58RnH8GmR7Zyg3CXfGSPQwqgCiBdymXZaSdi/ybLKhsQ642bb37XceVjtlu4=,iv:8uQbG4ObsDSS0DeKx24lt1vpfeSms2v7KGRQrKoWwds=,tag:2RoiW5VWLXfMgXA4cbnKBg==,type:str] cyberghost_cert: ENC[AES256_GCM,data:hXplfGZvyQDf6m0YFWgtdHCLy0178BZNbDFxoAvj6J/R2Dv27YZQ+kn7au6Z11xFNA1A0K3pQCfzuSeuNtLm6OqHU/QAsXcYF3DQnfrotod1i8FTT+UqLvFTXGp5smUQzpKzzJQHxfMOsXXMMyHwLiytCbpWHapyVJuG2EDdai4MScHqtepqaWsHAj0TYaED3QJFfn6vC3VqHlfe3WMY/fpy7brpAyccjbTYEdYiUOzYzzgjk00Jw1zByLNld5CeuXsiYto+Ce66CK/i7aN9OlDF7F/hibosk1AAPwqAvboGGcervEO1qtNVoKkprzvyHAQyf4HRpSNbsaEFPrzog3YW4vvu6dQlXujQuYF1ZRqCejgUGYSihC/NaZW2O8F3eJKkXVnRQkcbr2GzLRpawQZ6E5i0X5PgSHaFQsGJ5UsANbWY2tJJomQdtmQEsjJDbwG1RTBW9VvMLAdTj2daasixA13inqxbUK2o23tp9HRscSbho2de0lOH+JT+j0j+Mi4VOoCQMWc0Ln1YDFvjZMfUNtlR7Qd1Q2MySAUcGRf4w8Wf3waIb6x+BhBYghdJGsAiV1jyq+Pp8bOLuoTXYhdDI1H4gemtCSemsojPuvXgKQky75uZBRvuGSwHTCFu3WA42xU/bMNaRg8mRZSxQLMqWkWHVLBBFyiHAHjCXicTfsKhU9YQMEm9sA2Ecc3osM38guXU3/jqh0AbEGt4QOy6WMhV/xDy+eLU63vtR7YSD/DY0Nij7OnTG3GbQuyMu22j0zFW1UbX26m/pxESkPv9zQ8ilz6lNj2yxfIJz71pIjWLRrC/797Bdah+bRTeyfAQXsT3AoBuogNARNamcrdPkKQHQGEMY5UjNn/4VoFClXzeZGGeABjxLIk2hvWU10n2OiDmnj30YTrPQvRIXJQGtBNrrlPKwR1FPt8QCkeoFXwxbHQTf+rBllbAgAlfic3yUoT/foqy4c+lbXByaC0aJmwmgA1mJ9j8sFkX2znNtnbkKxesNRXWqeorUUhEafIF3lJ/tg+lwaUNtmy0Ig9NAS59iNklbNASyKjXzMzflI6H7SRsKkFeO48LMWtGH6Jo4QMvZ5sWvZSVaqWOlh1QAMZMxVzpz1eXv5TAsTpfc4anv+MgrpeHsXs3vQv2ytkale2YdukuGBuqlIQcZrw8yC8u+TvAPqDFZUAiyh8uOAwETOvQvNuttRF2qbjiIA8ZVp2Utf+ggaIPf+vE1mtWit4/rrqBSCT0XuR75duWSIS109B4iZer3rhINqIk1XTAzqO0fmyCZriw1c8T/87N4y9Z2MqIXNaLLk+UbYFd4NWuvuHUGSbsQZ8EtkWzaUPPHx/wzIVWu3ajmjUv6QFgSY9PS4eY8xKqqHxt2i98ePwfivhM6G1eBedAutLWF1m1Omjw9k72z30coa/UcfzF0fo2kQVcw8z1kJBuH1WYfk13D77soxcWLFWZ2ropRzFI52XfvXwxiyyd/sVByWt7ZyNDuUyyuyDeU7Tpzbf4N0ek2qfwBlllfTLCePqWcGAJ3zn1vYajyXFYm35YzWZh3oj0CEN1p1udyxUQ3YIvtUHHk4FPSYjuHSu3Hn8vft2gR3CYa4RvkvcxHbmH4WiSBlAlt6Lcv6TYkZ98K0/Z2bX2FMhItFE8bQoy7C+hUXek55aAwB/UQ4Fjf+2xTsckrCig+eSvM0ZJDnon4K+eUbOF6hSGbRzcX1VfqPStyHhtCUxOckccVLbWFv6sYyzuDZyvo/Nmljx3M0CjDZ5u16aVBxk3ycnlSM7WcSl5h7bjbZkZv8W0sWke/bXakBuelcvfpnzkcT0NmRT0awusSxQk+WH2iiiAT8NTijbQC3F6OPB43M9tad14WXg9cyroEcPgsm4hDwl6wsrZeWlQZ4dDwtLPF8mB5Q3cWsttUJHLrTmZJ1HyXThD8Vp9JO4jF10pE+MsDbu6vqSNOFa/X2tho24NkXElZqUXG4wZYrU964wr+pgxEvFsRx0hqeZ4OUThosJJdFGEW50RBP6UPEw7mWelpi3Q/kbVL4ulZ3And2U5N1faQIFbvWk2Kx4RP3Don78I/LLzqI9q6WAQ8HES6ulieDNu81DBd0u9128j3ZVhEBmnKpRHdGqCjA704zidAl8/+wrpgt7GdOW9AD42jU1F0aDuQujsPRszpFagmdlR6psFDOOBA4e1vTqovIrmWxbFtTr1d9oi6Bv5vDmg9d/RzS6Cu6DoSped+9uCATwRBlqP+QCO5Lz2cBuzVcqf8jAkdUlHBJxcz21xPzOJJOnR/Mx70E9h+BVfwWC9S+8REi+lFNq9nvWaAcOcDL3Pnj/GpYbO+quIGtE1RuJqW2uFd4wXiwbrk4qcVbxds0gH5DDQjOtsF9zRgV/Vmno07jJ8dZmpNq/it3Ou5eErZ/Y9BHerRCUBpWQn2r1XhgLV7Uslhunde387/ohQQeT9GlNLm6wyLLa9thhqLFxlvzRWRg+7HkutPlA2N9c/xvixs45SCfWWWKC7QTCVZR2OIxQFB0prfcmRC80nCxBi3ZdX1Oselgi1iEi3+FnqP7DNCjkXJWIasFhiRNcOw91IGKs5yaiFvCIe7kprf8Ew1xun+39H1W0AWdjaBWFSQU7kelyql4qsxh+skLuT4nss5wXh5InrYALZbvJBpBGmUAPNHGPkvcCSCaMeayqpiKoUUW7Wy8EPWY9kI1we+rpN3KhueQHqtus8nLEABduXpi1w6AGfDsslm6nRysllADNB76p/v0j2q5i/lQxM/Ks7pIA/hJGp6RKKmUZg3VlZ/GI/TXz89Ha6XHI4IOGzx15UhHPq5xuCDk2THIy0ryeHIBteVuU8uj+uoZVYMCfjqUxSe4Kvzk1QBrxntAWFb4ObVt+Mdw84YR9p33EQXPiX5JfsUULdsc2VlR7ccvL57c45GFPNGFjUJfR968GJLw3DGx65jtQWHQgUElB7Oy/UJVhdTSReZTULoh0qD0Ol473SmVx6EOcXQSVjfmBGjVkaurs8TY+OFwUQaBBCBN2T/jT+V+Y+qWf18uwaE/w+Nwe+E0QqK6uMYXvBP86QM/pSvjNJKHZZNJfnUOCx0EFml4bRUQROvucJzQLolui/DR4PP2MBRKi6rjhwMTYYCGLGjgSDsQ==,iv:vYJer+NYyRo/jcpGb66askFA42T+TmSfWTm3DKOIIt4=,tag:RlvqzLfvtJN0HloJZTJb1Q==,type:str] cyberghost_key: ENC[AES256_GCM,data:qfPwy1DSooR6eo9O7j6h43wILh4PzxE2X0pdbzh3gw1D98rR8GWEj8sukK/L0TzfGYqYWDPy15OeymaGdm6p1WtevBOlkZtQcXmo7jg3+k0TFUnUctNDm2cOjuKck7CGDFtwbMsOHtCxwhwYouCmes9sQ6KSfolVkutVcvEfI1qhjOvJabsZt4O0P5wB4dQUMQfcPwXYKLuW3xlP2MvIn+Q6XZzfLOqoHnAwQhyxfGsOeMkPV2GXzMsqcCuDhfItU7d1GHzMCOLQsWspwNr1jJd0a56YhY+oPHs+yRSEvzFeL08ZyQjPr7YX/p5w84aJrY7THDlBcAK3d35EQOPvAEghrbmas/aKSxDXPL2W3GKKhok9ztpX6QDywkgwUbetXs+oVUF3sHK+UlyiW4RLPsKoQQPtHYBvgIwtT9ym21PJvgFy4dOJF+XW3CfpZcAOONB2L2mxrhB04CV0is3i+SnQE4tVIqGfQBVrDeuGB/+7Pjy2cW0zkEOAHrwGbdlqG0kgdHFOdbDp2fJl5zTRd9hBhYeXT9mbFtlJ+50KyGOAkJZf9a3O0BwgYRR0sdaEWfOLDMsz5L1DlvzidrChGBwFbHAyuFkjE/hkhddAH+1xiCfRCb+mGqs03rDhIpJbEMZLRZFsLWu+hlXKZ4AXamkuOvkk9KvrYL8KVjkVk1GIIeQqVFE1tiSCtlGeODYblA/5HPTCH1wPrLBNCRS6xkxEwHs/qZx6J0qN6j94lWDWa/Q83g7L3OKL8JTlsyr+D9100veMUVhvo8RiJy85Z7tTqXXEckEWKgnC53dZ1ruILNzupytUYa9rYjNcQ1KXy0dwYbMDQ4kvLCpJtO47pXo1i9V9bDFrYCLipCtyg+s2RUzYOnW4GXpn+de9MDEJ5oOp0pMZ25HG3fpnZDvaIyPyytpyj7apx3VDf62Eq5Rodd49uKuDjlbWDezaaU6MjRqhmpv8dbs7c/7pogZmaztxKTbs+EZ/6l66cek24GS7GjQj0e+N32vY1ACcQUCjg9smCGvhKs0H5kL1YOJkopN9ZWVV9p32p0IsbQHsRebSOHablHT8q6tyYfP6ctHH6BNfoUlfZjHtR52VEiY0OstmnjsJxE2hYPX+l4tpUGNGv18nQ4C2ez3baMWHNXzRTXo+g4zjVkW0Ggi0ecd7I5vR5vUNNA74Hv5Mrd+oAYkf/65XGlTJu5VIM0f7IvlSintmmM0pLB1rmCgnZenlhhbY+0862xS2j1YcZIapox8JT/W2IRUYKnJ7j7B3bc/57JWDzaBM/AukhZvERqdm12fhh9jNrNDjK25HmNwdh4Bsf7IyVqXh/nSsH5MtTCASonn/DG+6pGLwOCxKiQdNmlYD8yiZ2RkSfFs14glr0frUYcgCEOFb18IeF/e6srzKSocRVJqKAoCQhnu4qNMy7YDXpmucnzhWuwcFeKC6gaTKBPj6pxM8OSXM7uqe27So4flZIbNU8yvDp0Ub0LYco/EJGUEL9lwitMydSV0F3gjc8zvEbYMs7qlYg9dD1jxJd5vaPkx59DHCpEMOHn1CjVxazZNvexJLG7j4FBkM6PhF131/C7C4cly8ASLQd5E6nZb54GZdKqDp6MVgipeKJ1Z8A/onBC/Glal1bl6ASeAO2Mkfq7PBJ54CKXaxiQ+TFpCfy7DrOArQzaBJ9s/Gy14EoGfb/o0VuXhj4vwChig16x7vu5MnEFdItPjkfRa638KkILeS4OXm0ae+KKxBUchCwXdRyGK+wn7Kz9E9xOjcKMI/kiDnAB/mTkLC+IA5wRuXgtVyFk3BuvrJaYIHsJVZofP5lYz0JLmXXtPyytI3r/IwSL3B0jupo/KHUZx6MBwjBYG/fKJgTQvvbGDePNFHfk5y/At96P7QZIVO+QlmQg1em0pRpYbO30GVhcDko9LvNG5rLPB7a6SNB/pllOgBjbEKWoNPVwFVe17ILzA2Hl/egkW+wxiJM39bG7Ll1bMN5Q32yNZlUAzWBHDSd4DhM14ock9irRGtLqrhHH0QyMr1WlVoMRXTGT7aMLUBc4IEY7kXnx4Sw/RILqOFZsML6Kz5EEroTR/gzDpr1xYxcIRrRmaBS2YMc6wgfIRstsspMT2kUUT5n3MBJlur2CpyNEpqh5o0oRpACQyqdc9P35BVc5NYdAIg6zYKHtiTpl3I/Py+XDSDT/wC1OrKRJjuw0ES/wgDoygbPxieqdUGCqDkEjuM/UZqmIILAHBBvqniMVB5QLO53NO4lhrTbhmBWDXzw9dpJ77O6In8DmQ6cmuBsOAC1JqlGhFHpp1YMKtlQlOpwsORZSdwc/sfMkai/dXjhoh9Ptpk1fUKH+3AHzd+Ulb6Y7daInVgutnO/XFj832l8WwHzyZPLBTpbRbHeeSQevIHM/x/jLDZlUGVktrN04Dj4CJJstyeETIegzILTrXUhIq/W9cEd9vEdlSRRwTn5Z/E8zfET5fxLWSrMRTTQWOh1jIh7FI+P9d3x0K0fk0CR+vclyvVm506zAgF8KCBPjljDZYgeXyPMJ/icU9QhA72++IGo/XoT81fpB34Zt513PQk4WGmUGhAgiQP1EObnQ/YNaTcdUU8fhvq7YcyUlRA+vfaKMS1S18a8RKfYs0yWxCG4CuCb9pWhRK2ALjNeqYS70dFeeiAHI7UKjV+I5CbtLdIt0/oGDFKokH5xRVl6JkLq8iVPCaCyCOc0FCfBVyPBF3Qaisvh3GyIpCPbx0mp8fDRsiXLJShyqaqC6hpD88PnTDE2mvMyB/bH8Quzh5OrLp2CTDeOvWtg1GxYowiL0CC77ogUQhfM1ut8g+tvjgsmuiXU1uEzpHCsIXnSnUvwJW6tV37S0YUePoVAi6hVJTr60M2s4+0J2IxDnb9h2GVZqmusyQU74cKXJrEOC6r5apkhH2GG2jdVQGn2ETY/b/cbFtI38EtT4IbOa/OQDLf9F0UJPuYi5Ne0mII4asEmWdfco9P5oU4Ssr39WmTfmrBLvEQ0IhPSwKmtZlA1x85FSv5+wKauBYw3GTZa/tsp7E2MHhkyRWG1eMMziceCOrTD7NgRRLQIgN+ejm43i+OdMzi9vjzf1vg+barXOOd34yjY6zqpX9hEAJuxYgT2s8fGj59ljZsqp/qSICBIiImOyjxgKou1nh+AJY0Qs4fIGVTstf7aG540IiOGNTy41sVWdtKBeeahez9FB2lxMZ+A/83IRtmlnMcqXKhIgS7c3ajaRrgjesO/fbHnE557Ocz2A6SdoOn9rqVXD6VGvM2fkbj8no0ooCnvNtQ8JEMu6hyVipSqgRxcZlnW05NGOTtWxV3xRI3RK5tNguYgqqLIQvSARDDgm/HtJoJgom8lqSkLXswGjbxpJ1GP9lWpyov+muy9viwLQZQgEma7w2M0gIB84s3FOuYMIz7pKEDntUO7jRUl5+T8gJoJ9ex32InELTLWgksB8mb4ZuSCOmoISEEaBsPYtSG9wo5bWg5uz0/ToudFf+WRA9JT/MesSzVhehqFx1eMGAKHoRd02oMOtwIzQuc0Xp0DuYBTWOk/aHyRDxfluaFSIyAR/KBkO7fc9jKTu1JJifPCXZWInRXvPogmafCyYicC3gc2ITNumezK+oD8fjbWHW0gDIvk9qQjxhQJz99N0XYiRLTl1SssGMKADMzauPWSMDwn1VQ8t9Yc+NvT9i+9TB5YL7E3XhD3aqqwLbLOlIjvlaEhWeMjoaGlaVaz7u2n6g4zAGcVG5/uocZ2QI7byppVE/8rpjBAs1zQr3A/ajvcgCQ3+3g+sy+3w6C1KmYJj3kyF14FhTDLWekAyX1VlEQCB1BUeB7lc3CuPftTDSRKLU/vOygvIdzLMJdsQu/98qjOawsKwEVSXtSrrLXTcyhHRKvkRhUOOD6z1WRl0UTmSrqnzGraEV737vDQrMzMyq06r3mlV6xnho19F4aH2pHgI0uJcFB7efPz7nxOKtlhoc1BiAb88+sDksRJd7/+4+32hSkFQ/2MfC+wwlryo9NXtgSbUnMBYZqQIW0PfoArFTY6La9mrhPpAZ5HLmj3H6xRGhSyLJGBoW+jDltI6pic6G7oBODfUOmUei+CeQ2JKYGfjMcXmndU1qmR2Wj8ytS7yK/J2SxWRGAgmUiGI0gv5nnoe+aHa20yOL54k9XZLSMin5sghcXzTxtLcNz5sfBUIF3sQzhwYUGR9UfNYx3OkeL0HOXQlcICC6cUFan/zIc+8GXHhxLd6NabTiZiTXdYRuAoJeIt1qNUeK0xvLNm08fHiT3eGXbS7NVjtPTw/nYUx6Ca8LaM9eZBfgNowfn47LvoAuliQP2vLAjuatyjlcC/hFfu9Surfcb9LUM/ZsyMFM=,iv:EgSXZvyWmcBxBkAe6asJ2B12FKaLQPy4tRAtCvkys3M=,tag:B0lyX7IRNHX1CqlvBZaSpg==,type:str] -openai_api_key: ENC[AES256_GCM,data:lH5Jf/xvtRRwuGYPM3g39J5DTQJowSKVqLtObgXRo+GOfpY/BKb46/R25rkWrOUv5pYK8PXmSm7obEkVBfoaYG0WufR6SzGH+R7hjrNgCzBA6g5pxmlE7CWPlPy6C6XqVgblL8aP2vD9qxJmIw8FYCLRgFHt5hK4d+Gd23BeBnkmPWIH23xyRFhCcb891CoiEEdXL5p1LNAOAW5ePmAyavc/Dlk=,iv:lWXy8/LlWeRVSect87/qsG2nOkmL5W7jpw/DVSnAbEs=,tag:n3pWUJ5uEMXtgt/kHG8J8w==,type:str] sops: kms: [] gcp_kms: [] @@ -42,8 +41,8 @@ sops: L21ncjlQdGVDUjI2eXFIb3U2dW13bWsKuEwATNEUWtjuLsH7DQAt6J2l4blTId1W A1kQ+0dfUKrZ0dsbvUA5L9+haUiK8f5RvapaKW+L2JEn7gW5wJSJEw== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-02-05T16:19:21Z" - mac: ENC[AES256_GCM,data:ERVdP6Nk+o7DAVsN24EFr23R/9eF98Vq8O9ov9tiUyKdFcE/N5N0rQg1IyESuVujpOKOp4/WF488/Ez3S9dM0gNfqIctLT5Qw4EmNV+gs1SbtXdFE0eU3KbmFHxFsWRftQSpz0xalXBAAUHMUJfMQf1lyV7+TgGccIkvQB12QDM=,iv:Nsn1ohLkh3NSMbaWnl3UHDKG1lhTSUxNB8M7CIYxwvM=,tag:6PQ7VCb+enUnbRVAKYNR2g==,type:str] + lastmodified: "2025-02-03T12:21:26Z" + mac: ENC[AES256_GCM,data:VvYYibPesUGh5LpR5dXUbJy0mwN9NkBn9CNx+SmWPR+wsaRMGR0Nkhmjmv+WpRGatL+Ka5cGezFFjdOd6urWpcSmL32zcPumVo/CRsZi4JEiuT3qHJkrKM38IPV5WSv1RxQaYwsN4/e5rMdRqeHCLatHbD28LAZxGz1bENCdYbw=,iv:zntGu7xokETUufEK/63ukM+voCEhyuA+hyhVrTNHvrA=,tag:lg2S+e9QL56A/Jaw1Ha0ug==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.9.4 diff --git a/hosts/nb/users/configs/cryptomator.json b/hosts/nb/users/configs/cryptomator.json index 941784b..1d7beea 100644 --- a/hosts/nb/users/configs/cryptomator.json +++ b/hosts/nb/users/configs/cryptomator.json @@ -1,7 +1,7 @@ { "directories" : [ { "id" : "18g3gg35eC6T", - "path" : "/home/dominik/nextcloud.cloonar.com/Documents", + "path" : "/home/dominik/cloud.cloonar.com/Documents", "displayName" : "Documents", "unlockAfterStartup" : true, "revealAfterMount" : true, @@ -14,7 +14,7 @@ "port" : 42427 }, { "id" : "XGtyujeFM_HM", - "path" : "/home/dominik/nextcloud.cloonar.com/Downloads/Downloads", + "path" : "/home/dominik/cloud.cloonar.com/Downloads/Downloads", "displayName" : "Downloads", "unlockAfterStartup" : true, "revealAfterMount" : true, diff --git a/hosts/nb/users/configs/project_history b/hosts/nb/users/configs/project_history index baf8d52..64a6b67 100644 --- a/hosts/nb/users/configs/project_history +++ b/hosts/nb/users/configs/project_history @@ -5,20 +5,10 @@ /home/dominik/projects/cloonar/phishguard /home/dominik/projects/cloonar/phishguard-frontend /home/dominik/projects/cloonar/gitapi -/home/dominik/projects/cloonar/cloonar-assistant -/home/dominik/projects/cloonar/updns - -/home/dominik/projects/cloonar/flow/flow-docs -/home/dominik/projects/cloonar/flow/flow-user-service -/home/dominik/projects/cloonar/flow/flow-billing-service -/home/dominik/projects/cloonar/flow/flow-workflow-orchestration-service -/home/dominik/projects/cloonar/flow/flow-module-registry -/home/dominik/projects/cloonar/flow/flow-workflow-definition -/home/dominik/projects/cloonar/flow/flow-api-gateway - -/home/dominik/projects/home-automation/lego-hetzner-bridge -/home/dominik/projects/home-automation/ghetto-nixos - +/home/dominik/projects/cloonar/flow +/home/dominik/projects/cloonar/flow-docs +/home/dominik/projects/cloonar/flow-api +/home/dominik/projects/cloonar/flow-frontend /home/dominik/projects/cloonar/typo3-basic /home/dominik/projects/cloonar/renovate-config /home/dominik/projects/cloonar/bento @@ -29,14 +19,10 @@ /home/dominik/projects/cloonar/wohnservice-wien /home/dominik/projects/cloonar/wohnservice-gdpr /home/dominik/projects/cloonar/gbv-aktuell -/home/dominik/projects/cloonar/cloonar-technologies-website - /home/dominik/projects/cloonar/paraclub/paraclub-api /home/dominik/projects/cloonar/paraclub/paraclub-frontend /home/dominik/projects/cloonar/paraclub/paraclub-website /home/dominik/projects/cloonar/paraclub/paraclub-module -/home/dominik/projects/cloonar/paraclub/paraclub-ai-mailer - /home/dominik/projects/cloonar/amz/amz-api /home/dominik/projects/cloonar/amz/amz-frontend /home/dominik/projects/cloonar/hilgenberg-website @@ -53,6 +39,5 @@ /home/dominik/projects/epicenter.works/padexporter /home/dominik/projects/epicenter.works/ansible-pull /home/dominik/projects/cloonar/lena-schilling-website -/home/dominik/projects/cloonar/dialog-relations-website /home/dominik/projects/cloonar/imperfect-perfect.com /home/dominik/projects/cloonar/yaapi diff --git a/hosts/nb/users/dominik.nix b/hosts/nb/users/dominik.nix index ad4c827..8ed425e 100644 --- a/hosts/nb/users/dominik.nix +++ b/hosts/nb/users/dominik.nix @@ -3,10 +3,6 @@ let # impermanence = builtins.fetchTarball "https://github.com/nix-community/impermanence/archive/master.tar.gz"; - unstable = import (fetchTarball https://nixos.org/channels/nixos-unstable/nixexprs.tar.xz) { - config = { allowUnfree = true; }; - }; - thunderbirdSettings = { "extensions.activeThemeID" = "thunderbird-compact-dark@mozilla.org"; "browser.theme.content-theme" = 0; @@ -147,17 +143,8 @@ let in { - sops.secrets.openai_api_key = { - owner = "dominik"; - }; programs.fuse.userAllowOther = true; - programs.zsh = { - shellInit = '' - export OPENAI_API_KEY=$(cat ${config.sops.secrets.openai_api_key.path}) - ''; - }; - home-manager.users.dominik = { lib, pkgs, ... }: { # imports = [ "${impermanence}/home-manager.nix" ]; /* The home.stateVersion option does not have a default and must be set */ @@ -167,8 +154,6 @@ in MOZ_ENABLE_WAYLAND = "1"; }; - nixpkgs.config.allowUnfree = true; - programs.bash = { enable = true; @@ -178,19 +163,6 @@ in ''; }; - programs.vscode = { - enable = true; - # package = (unstable.vscode.override { isInsiders = true; }); - package = (pkgs.vscode.override { isInsiders = true; }).overrideAttrs (oldAttrs: rec { - src = builtins.fetchTarball { - url = "https://update.code.visualstudio.com/1.99.0-insider/linux-x64/insider"; - sha256 = "0z3x9m9pndzka9gzm2phnks453d2mwbdid9yd7qw3bvv965h71j5"; - }; - version = "1.99.0"; - }); - }; - - /* Here goes the rest of your home-manager config, e.g. home.packages = [ pkgs.foo ]; */ # home.persistence."/nix/persist/user/dominik" = { # allowOther = true; @@ -235,16 +207,6 @@ in }; }; - dconf = { - enable = true; - - settings = { - "org/gnome/desktop/interface" = { - color-scheme = "prefer-dark"; - }; - }; - }; - systemd.user.services = { signald = { Unit = { @@ -457,7 +419,7 @@ in

<Signature
   firstName="Dominik"
   lastName="Polakovics"
 -   company="Cloonar Technologies GmbH"
 +   company="Cloonar e.U."
   scope="IT Solutions"
  phone="+436688700600"
   email="dominik.polakovics@cloonar.com"
 />

@@ -489,23 +451,6 @@ in realName = "Dominik Polakovics"; address = "dominik.polakovics@epicenter.works"; userName = "dominik.polakovics@epicenter.works"; - signature = { - showSignature = "append"; - text = '' -
-


- epicenter.works – for digital rights
- Dominik Polakovics, Technical Advisor

- - - - - - -
E-Mail:dominik.polakovics@epicenter.works
-
- ''; - }; imap = { host = "mail.epicenter.works"; port = 993; @@ -583,10 +528,10 @@ in home.activation.symlinks = lib.hm.dag.entryAfter ["writeBoundary"] '' PATH="${pkgs.git}/bin:${pkgs.openssh}/bin:$PATH" set +eu - if [ ! -L ~/Documents/Documents ]; then + if [ ! -L ~/Documents ]; then ln -s /home/dominik/.local/share/Cryptomator/mnt/Documents ~/Documents fi - if [ ! -L ~/Downloads/Downloads ]; then + if [ ! -L ~/Downloads ]; then ln -s /home/dominik/.local/share/Cryptomator/mnt/Downloads ~/Downloads fi set -eu @@ -608,15 +553,10 @@ in git clone gitea@git.cloonar.com:Cloonar/phishguard-frontend.git ${persistHome}/projects/cloonar/phishguard-frontend 2>/dev/null git clone gitea@git.cloonar.com:Cloonar/gitapi.git ${persistHome}/projects/cloonar/gitapi 2>/dev/null git clone gitea@git.cloonar.com:Cloonar/ai.nvim.git ${persistHome}/cloonar/ai.nvim 2>/dev/null - git clone gitea@git.cloonar.com:Cloonar/cloonar-assistant.git ${persistHome}/projects/cloonar/cloonar-assistant 2>/dev/null - git clone gitea@git.cloonar.com:Cloonar/updns.git ${persistHome}/projects/cloonar/updns 2>/dev/null - - git clone gitea@git.cloonar.com:Cloonar/flow-docs.git ${persistHome}/projects/cloonar/flow/flow-docs 2>/dev/null - git clone gitea@git.cloonar.com:Cloonar/flow-user-service.git ${persistHome}/projects/cloonar/flow/flow-user-service 2>/dev/null - git clone gitea@git.cloonar.com:Cloonar/flow-billing-service.git ${persistHome}/projects/cloonar/flow/flow-billing-service 2>/dev/null - git clone gitea@git.cloonar.com:Cloonar/flow-module-registry.git ${persistHome}/projects/cloonar/flow/flow-module-registry 2>/dev/null - git clone gitea@git.cloonar.com:Cloonar/flow-workflow-definition.git ${persistHome}/projects/cloonar/flow/flow-workflow-definition 2>/dev/null - git clone gitea@git.cloonar.com:dominik.polakovics/flow-api-gateway.git ${persistHome}/projects/cloonar/flow/flow-api-gateway 2>/dev/null + git clone gitea@git.cloonar.com:Cloonar/flow.git ${persistHome}/projects/cloonar/flow 2>/dev/null + git clone gitea@git.cloonar.com:Cloonar/flow-docs.git ${persistHome}/projects/cloonar/flow-docs 2>/dev/null + git clone gitea@git.cloonar.com:Cloonar/flow-api.git ${persistHome}/projects/cloonar/flow-api 2>/dev/null + git clone gitea@git.cloonar.com:Cloonar/flow-frontend.git ${persistHome}/projects/cloonar/flow-frontend 2>/dev/null git clone gitea@git.cloonar.com:dominik.polakovics/typo3-basic.git ${persistHome}/cloonar/typo3-basic 2>/dev/null git clone gitea@git.cloonar.com:renovate/renovate-config.git ${persistHome}/cloonar/renovate-config 2>/dev/null @@ -628,26 +568,17 @@ in git clone gitea@git.cloonar.com:Cloonar/wohnservice-wien-typo3.git ${persistHome}/projects/cloonar/wohnservice-wien 2>/dev/null git clone gitea@git.cloonar.com:Cloonar/wohnservice-gdpr.git ${persistHome}/projects/cloonar/wohnservice-gdpr 2>/dev/null git clone gitea@git.cloonar.com:Cloonar/gbv-aktuell.git ${persistHome}/projects/cloonar/gbv-aktuell 2>/dev/null - - git clone gitea@git.cloonar.com:Cloonar/cloonar-technologies-website.git ${persistHome}/projects/cloonar/cloonar-technologies-website 2>/dev/null - git clone gitea@git.cloonar.com:Paraclub/api.git ${persistHome}/projects/cloonar/paraclub/paraclub-api 2>/dev/null git clone gitea@git.cloonar.com:Paraclub/frontend.git ${persistHome}/projects/cloonar/paraclub/paraclub-frontend 2>/dev/null git clone gitea@git.cloonar.com:Paraclub/website.git ${persistHome}/projects/cloonar/paraclub/paraclub-website 2>/dev/null git clone gitea@git.cloonar.com:Paraclub/module.git ${persistHome}/projects/cloonar/paraclub/paraclub-module 2>/dev/null - git clone gitea@git.cloonar.com:Paraclub/ai-mailer.git ${persistHome}/projects/cloonar/paraclub/paraclub-ai-mailer 2>/dev/null - git clone gitea@git.cloonar.com:Cloonar/amz-api.git ${persistHome}/projects/cloonar/amz/amz-api 2>/dev/null git clone gitea@git.cloonar.com:Cloonar/amz-frontend.git ${persistHome}/projects/cloonar/amz/amz-frontend 2>/dev/null git clone gitea@git.cloonar.com:hilgenberg/website.git ${persistHome}/projects/cloonar/hilgenberg-website 2>/dev/null git clone gitea@git.cloonar.com:Cloonar/korean-skin.care.git ${persistHome}/projects/cloonar/korean-skin.care 2>/dev/null git clone gitea@git.cloonar.com:Cloonar/lena-schilling-website.git ${persistHome}/projects/cloonar/lena-schilling-website 2>/dev/null - git clone gitea@git.cloonar.com:Cloonar/dialog-relations-website.git ${persistHome}/projects/cloonar/dialog-relations-website 2>/dev/null git clone gitea@git.cloonar.com:Cloonar/imperfect-perfect.com.git ${persistHome}/projects/cloonar/imperfect-perfect.com 2>/dev/null - git clone gitea@git.cloonar.com:Cloonar/lego-hetzner-bridge.git ${persistHome}/projects/home-automation/lego-hetzner-bridge 2>/dev/null - git clone gitea@git.cloonar.com:Cloonar/ghetto-nixos.git ${persistHome}/projects/home-automation/ghetto-nixos 2>/dev/null - git clone gitea@git.cloonar.com:socialgrow.tech/sgt-api.git ${persistHome}/projects/socialgrow.tech/sgt-api 2>/dev/null diff --git a/hosts/web-arm/configuration.nix b/hosts/web-arm/configuration.nix index 3663089..db34b39 100644 --- a/hosts/web-arm/configuration.nix +++ b/hosts/web-arm/configuration.nix @@ -34,7 +34,6 @@ ./sites/gbv-aktuell.at.nix ./sites/matomo.cloonar.com.nix ./sites/support.cloonar.dev.nix - ./sites/stage.cloonar-technologies.at.nix ./sites/cloonar.dev.nix ./sites/paraclub.cloonar.dev.nix @@ -42,11 +41,10 @@ ./sites/tandem.paraclub.cloonar.dev.nix ./sites/module.paraclub.cloonar.dev.nix ./sites/gbv-aktuell.cloonar.dev.nix + ./sites/lena-schilling.cloonar.dev.nix ./sites/stage.myhidden.life.nix ./sites/stage.korean-skin.care.nix ./sites/feeds.jordanrannells.com.nix - ./sites/dialog-relations.cloonar.dev.nix - ./sites/lena-schilling.cloonar.dev.nix ./sites/lena-schilling.at.nix ]; diff --git a/hosts/web-arm/modules/authelia/default.nix b/hosts/web-arm/modules/authelia/default.nix index 57b345d..bea241a 100644 --- a/hosts/web-arm/modules/authelia/default.nix +++ b/hosts/web-arm/modules/authelia/default.nix @@ -1,10 +1,6 @@ -{ config, pkgs, ... }: -let - unstable = import (fetchTarball "https://github.com/NixOS/nixpkgs/archive/nixos-unstable.tar.gz") { - config = config.nixpkgs.config; - system = pkgs.system; - }; -in { +{ config, ... }: + +{ sops.secrets.authelia-jwt-secret = { owner = "authelia-main"; }; @@ -28,7 +24,6 @@ in { }; services.authelia.instances.main = { - package = unstable.authelia; enable = true; secrets = { jwtSecretFile = config.sops.secrets.authelia-jwt-secret.path; diff --git a/hosts/web-arm/modules/web/typo3.nix b/hosts/web-arm/modules/web/typo3.nix index 1e7db9c..8091b86 100644 --- a/hosts/web-arm/modules/web/typo3.nix +++ b/hosts/web-arm/modules/web/typo3.nix @@ -134,8 +134,8 @@ in nameValuePair ("typo3-cron-" + domain) { script = '' set -eu - ${instanceOpts.phpPackage}/bin/php /var/www/${domain}/current/bin/typo3 scheduler:run - ${instanceOpts.phpPackage}/bin/php /var/www/${domain}/current/bin/typo3 ke_search:indexing + ${instanceOpts.phpPackage}/bin/php /var/www/${domain}/.Build/bin/typo3 scheduler:run + ${instanceOpts.phpPackage}/bin/php /var/www/${domain}/.Build/bin/typo3 ke_search:indexing ''; serviceConfig = { Type = "oneshot"; diff --git a/hosts/web-arm/sites/api.paraclub.cloonar.dev.nix b/hosts/web-arm/sites/api.paraclub.cloonar.dev.nix index dd0128d..151ea09 100644 --- a/hosts/web-arm/sites/api.paraclub.cloonar.dev.nix +++ b/hosts/web-arm/sites/api.paraclub.cloonar.dev.nix @@ -31,11 +31,5 @@ ''; phpPackage = pkgs.php82.withExtensions ({ enabled, all }: enabled ++ [ all.imagick ]); - phpOptions = '' - opcache.enable=1 - opcache.memory_consumption=128 - opcache.validate_timestamps=0 - opcache.revalidate_path=0 - ''; }; } diff --git a/hosts/web-arm/sites/cloonar.dev.nix b/hosts/web-arm/sites/cloonar.dev.nix index 3d3732b..50cb7d3 100644 --- a/hosts/web-arm/sites/cloonar.dev.nix +++ b/hosts/web-arm/sites/cloonar.dev.nix @@ -3,11 +3,16 @@ let domain = "cloonar.dev"; dataDir = "/var/www/${domain}"; in { + services.nginx.virtualHosts."${domain}" = { + forceSSL = true; + enableACME = true; + acmeRoot = null; + root = "${dataDir}"; - services.webstack.instances."${domain}" = { - authorizedKeys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM6frP875aOnuFALjgP3ZCySCcYSGqtIzIK80S/L/D/w" - ]; + locations."/favicon.ico".extraConfig = '' + log_not_found off; + access_log off; + ''; locations."/".extraConfig = '' index index.html; @@ -30,22 +35,26 @@ in { } ''; - locations."^~ /vcards/".extraConfig = '' - location ~ /\.env { - deny all; - return 404; - } - - # Determine if the requested file exists - try_files $uri $uri/ /vcards/index.php$is_args$args; - ''; - locations."~* \.(js|jpg|gif|png|webp|css|woff2)$".extraConfig = '' - expires 365d; - add_header Pragma "public"; - add_header Cache-Control "public"; + expires 365d; + add_header Pragma "public"; + add_header Cache-Control "public"; ''; - phpPackage = pkgs.php; + locations."~ [^/]\.php(/|$)".extraConfig = '' + deny all; + ''; }; + users.users."${domain}" = { + isNormalUser = true; + createHome = true; + home = dataDir; + homeMode= "770"; + #home = "/home/${domain}"; + group = "nginx"; + openssh.authorizedKeys.keys = [ + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC1CQqL1hQV3Lb6hqzDt2mgr0IasBRlIrdUCM+QibgKcU1VUWEJTo1nkcwgunnpUROtCQPRtlBZWwdqphKNrpMf3PkCPnjkcQC/2dGcFUXbkGq+5NaMnXpQnt7XAPyqxAT/9nCnXM9y3IBWjL9jN3C4l+yZHuMChi1a3q/6cNNH7WORkC1hq7MMyIvRCh6HDPwq1XCEj0w7O6m0iBmXIwiXyh3ly6ruWmkNQToPc1s2QuIE/w0yXoOF7Ubxtdf/GH2Yu0f+ztJrOveuiLlsNWx596lQwDlYa58ib0nPPtnFVf8od59F/UC8lOFtMsSY/d5ArOnqKjk6iWNaOh15WLr7wj9lrHJkiD+9fgXLyaaxVLt4NYGwyi7SZn7P1lHz6kjFr9UmRvfth6nGGoCvvfQZB8MAE0FhcTHb9fXC1m/NengWf40VQ8woZLZ4mRPWZBxrSnymgFiIvSYSqxnP3QNID4quaQ8sPyXYygbtt38qXAg/Ixyud0vgZN4H/rbW+DE=" + ]; + }; + users.groups.${domain} = {}; } diff --git a/hosts/web-arm/sites/dialog-relations.cloonar.dev.nix b/hosts/web-arm/sites/dialog-relations.cloonar.dev.nix deleted file mode 100644 index 9c1bf20..0000000 --- a/hosts/web-arm/sites/dialog-relations.cloonar.dev.nix +++ /dev/null @@ -1,10 +0,0 @@ -{ pkgs, lib, config, ... }: -{ - services.typo3.instances."dialog-relations.cloonar.dev" = { - acmeRoot = "/var/lib/acme/acme-challenge"; - authorizedKeys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIG1jkPi2LbnzP5hM4Mpt6rh+Vq5pTe63+zS3QvVyA4Ma" - ]; - phpPackage = pkgs.php83; - }; -} diff --git a/hosts/web-arm/sites/dialog-relations.pub b/hosts/web-arm/sites/dialog-relations.pub deleted file mode 100644 index b3433b2..0000000 --- a/hosts/web-arm/sites/dialog-relations.pub +++ /dev/null @@ -1 +0,0 @@ -ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIG1jkPi2LbnzP5hM4Mpt6rh+Vq5pTe63+zS3QvVyA4Ma dominik@nb-01 diff --git a/hosts/web-arm/sites/paraclub.at.nix b/hosts/web-arm/sites/paraclub.at.nix index 3e384b5..e5a4ba3 100644 --- a/hosts/web-arm/sites/paraclub.at.nix +++ b/hosts/web-arm/sites/paraclub.at.nix @@ -16,7 +16,6 @@ in { locations."/".extraConfig = '' index index.html; - error_page 404 /404.html; ''; locations."~* \.(js|jpg|gif|png|webp|css|woff2)$".extraConfig = '' diff --git a/hosts/web-arm/sites/paraclub.cloonar.dev.nix b/hosts/web-arm/sites/paraclub.cloonar.dev.nix index 1208fcd..a18d6b3 100644 --- a/hosts/web-arm/sites/paraclub.cloonar.dev.nix +++ b/hosts/web-arm/sites/paraclub.cloonar.dev.nix @@ -16,7 +16,6 @@ in { locations."/".extraConfig = '' index index.html; - error_page 404 /de/404.html; ''; locations."~* \.(js|jpg|gif|png|webp|css|woff2)$".extraConfig = '' diff --git a/hosts/web-arm/sites/stage.cloonar-technologies.at.nix b/hosts/web-arm/sites/stage.cloonar-technologies.at.nix deleted file mode 100644 index a92cf19..0000000 --- a/hosts/web-arm/sites/stage.cloonar-technologies.at.nix +++ /dev/null @@ -1,43 +0,0 @@ -{ pkgs, lib, config, ... }: -let - domain = "stage.cloonar-technologies.at"; - dataDir = "/var/www/${domain}"; -in { - services.nginx.virtualHosts."${domain}" = { - forceSSL = true; - enableACME = true; - acmeRoot = null; - root = "${dataDir}"; - - locations."/favicon.ico".extraConfig = '' - log_not_found off; - access_log off; - ''; - - locations."/".extraConfig = '' - index index.html; - ''; - - locations."~* \.(js|jpg|gif|png|webp|css|woff2)$".extraConfig = '' - expires 365d; - add_header Pragma "public"; - add_header Cache-Control "public"; - ''; - - locations."~ [^/]\.php(/|$)".extraConfig = '' - deny all; - ''; - }; - users.users."${domain}" = { - isNormalUser = true; - createHome = true; - home = dataDir; - homeMode= "770"; - #home = "/home/${domain}"; - group = "nginx"; - openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ/zRVX9TyYcimkC8lxGjfJAoaL2zHDBH3QnRfUvgYHc" - ]; - }; - users.groups.${domain} = {}; -} diff --git a/utils/modules/autoupgrade.nix b/utils/modules/autoupgrade.nix index 1ff8002..7726dfd 100644 --- a/utils/modules/autoupgrade.nix +++ b/utils/modules/autoupgrade.nix @@ -3,5 +3,5 @@ { system.autoUpgrade.enable = true; system.autoUpgrade.allowReboot = false; - system.autoUpgrade.channel = "https://channels.nixos.org/nixos-24.11"; + system.autoUpgrade.channel = "https://channels.nixos.org/nixos-24.05"; } diff --git a/utils/overlays/packages.nix b/utils/overlays/packages.nix index cffe405..7c57e33 100644 --- a/utils/overlays/packages.nix +++ b/utils/overlays/packages.nix @@ -3,8 +3,4 @@ self: super: { ykfde = (super.callPackage ../pkgs/ykfde { }); creality-print = (super.callPackage ../pkgs/creality-print.nix { }); openaudible = (super.callPackage ../pkgs/openaudible.nix { }); - openmanus = (super.callPackage ../pkgs/openmanus.nix { }); - ai-mailer = self.callPackage ../pkgs/ai-mailer.nix { }; - - # vscode-insiders = (super.callPackage ../pkgs/vscode-insiders.nix { }); } diff --git a/utils/pkgs/ai-mailer.nix b/utils/pkgs/ai-mailer.nix deleted file mode 100644 index 40830d3..0000000 --- a/utils/pkgs/ai-mailer.nix +++ /dev/null @@ -1,32 +0,0 @@ -{ lib, buildGoModule, fetchgit }: - -buildGoModule rec { - pname = "ai-mailer"; - version = "0.1.0"; - - src = fetchgit { - url = "https://git.cloonar.com/Paraclub/ai-mailer.git"; - rev = "8903aa072a482e1e52170c840bf87d8da5d9d9e0"; - sha256 = "sha256-+YPB3tcy2+ZiiwYfg6QzPcrg1gf9ivlLaZRzviwWe90="; - }; - - vendorHash = "sha256-h4RaB891GXAkgObZHYil6BOvbYp6yJSRxRj40Fhchmw="; - - subPackages = [ "cmd/paraclub-ai-mailer" ]; - - preBuild = '' - sed -i 's/go 1.23.5/go 1.22/' go.mod - ''; - - postInstall = '' - mv $out/bin/paraclub-ai-mailer $out/bin/ai-mailer - ln -s $out/bin/ai-mailer $out/bin/paraclub-ai-mailer - ''; - - meta = with lib; { - description = "AI Mail Assistant Service"; - homepage = "https://git.cloonar.com/Paraclub/ai-mailer"; - license = licenses.unfree; # Adjust based on your project's license - maintainers = [ ]; - }; -} diff --git a/utils/pkgs/openmanus.nix b/utils/pkgs/openmanus.nix deleted file mode 100644 index 0bdbae7..0000000 --- a/utils/pkgs/openmanus.nix +++ /dev/null @@ -1,43 +0,0 @@ -{ lib -, fetchFromGitHub -, python312 -, python312Packages -}: - -python312Packages.buildPythonApplication rec { - pname = "openmanus"; - version = "0.1.0"; - - src = fetchFromGitHub { - owner = "mannaandpoem"; - repo = "OpenManus"; - rev = "74f438bde38a47da884ba5de2d20960aa9a57990"; - sha256 = "sha256-zO2UgMxMvE7yk7ILsYnxjBuXrhqlLK42rZNYrxljcg4="; # Replace with actual hash after first build attempt - }; - - propagatedBuildInputs = with python312Packages; [ - openai - python-dotenv - requests - tomli - pydantic - pydantic-settings - numpy - tqdm - pillow - fastapi - uvicorn - gradio - colorlog - ]; - - doCheck = false; - - meta = with lib; { - description = "OpenManus - An open-source framework for building general AI agents"; - homepage = "https://github.com/mannaandpoem/OpenManus"; - license = licenses.mit; - maintainers = with maintainers; [ ]; - mainProgram = "openmanus"; - }; -} \ No newline at end of file diff --git a/utils/pkgs/vscode-insiders.nix b/utils/pkgs/vscode-insiders.nix deleted file mode 100644 index 7c6e102..0000000 --- a/utils/pkgs/vscode-insiders.nix +++ /dev/null @@ -1,100 +0,0 @@ -{ lib, stdenv, makeDesktopItem, makeWrapper, fetchurl -, atomEnv, at-spi2-atk, at-spi2-core, autoPatchelfHook, alsa-lib -, mesa, nss, nspr, systemd, libdrm, libxkbcommon, libX11, libXcomposite -, libXdamage, libXext, libXfixes, libXrandr, expat, libxcb -, libXScrnSaver, libXi, libxshmfence, libGL, libglvnd -, gtk3, pango, cairo, gdk-pixbuf, glib, dbus, cups, SDL2 -, libav_0_8, openssl, bash, findutils, xdg-utils, coreutils -}: - -stdenv.mkDerivation rec { - pname = "vscode-insiders"; - # version = "1.98.2-1708777035"; - version = "1.98.2"; - - src = fetchurl { - # url = "https://az764295.vo.msecnd.net/insider/9319989589821514c6d3dea07e90292d59431d35/code-insider-${version}-linux-x64.tar.gz"; - # url = "https://az764295.vo.msecnd.net/insider/2bdf282f0aa8f3022a0540949724ccf8a909ec45/code-insider-${version}-linux-x64.tar.gz"; - url = "https://update.code.visualstudio.com/${version}/linux-x64/stable"; - hash = "sha256-Mm34T2/laoqxN8MR+H0rHxxA0WAKgc5d/ZvGGC+ETok="; - }; - - buildInputs = [ - atomEnv.packages - at-spi2-atk - at-spi2-core - alsa-lib - mesa - nss - nspr - systemd - libdrm - libxkbcommon - libX11 - libXcomposite - libXdamage - libXext - libXfixes - libXrandr - expat - libxcb - libXScrnSaver - libXi - libxshmfence - libGL - libglvnd - gtk3 - pango - cairo - gdk-pixbuf - glib - dbus - cups - SDL2 - libav_0_8 - openssl - ]; - - nativeBuildInputs = [ autoPatchelfHook makeWrapper ]; - - installPhase = '' - mkdir -p $out/lib/vscode-insiders - cp -r . $out/lib/vscode-insiders - - mkdir -p $out/bin - ln -s $out/lib/vscode-insiders/bin/code-insiders $out/bin/code-insiders - - mkdir -p $out/share/applications - cp ${makeDesktopItem { - name = "code-insiders"; - desktopName = "Visual Studio Code - Insiders"; - comment = "Code Editing. Redefined."; - exec = "code-insiders %F"; - icon = "code-insiders"; - categories = [ "Utility" "TextEditor" "Development" "IDE" ]; - mimeTypes = [ "text/plain" "inode/directory" ]; - startupNotify = true; - startupWMClass = "Code - Insiders"; - }}/share/applications/code-insiders.desktop $out/share/applications/ - - mkdir -p $out/share/pixmaps - cp $out/lib/vscode-insiders/resources/app/resources/linux/code-insiders.png $out/share/pixmaps/ - ''; - - postFixup = '' - wrapProgram $out/bin/code-insiders \ - --prefix PATH : ${lib.makeBinPath [ xdg-utils ]} \ - --prefix LD_LIBRARY_PATH : ${lib.makeLibraryPath buildInputs} - ''; - - meta = with lib; { - description = "Visual Studio Code Insiders - Open Source IDE by Microsoft"; - longDescription = '' - Visual Studio Code Insiders is a new choice of tool that combines the simplicity of a code editor with what developers need for the core edit-build-debug cycle. This is the insiders version, updated daily with the latest changes. - ''; - homepage = "https://code.visualstudio.com/insiders"; - license = licenses.unfree; - maintainers = with maintainers; [ ]; - platforms = [ "x86_64-linux" ]; - }; -}