add vscode

add local mysql and postgresql server
add secrets for cyberghost vp
2025-02-04 11:52:44 +01:00 · 2025-02-04 11:52:38 +01:00 · 2025-02-04 11:52:23 +01:00 · 2025-02-04 11:52:12 +01:00 · 2025-02-04 11:52:02 +01:00 · 2025-02-04 11:51:54 +01:00
14 changed files with 233 additions and 17 deletions
--- a/.chatgpt_config.yaml
+++ b/.chatgpt_config.yaml
@@ -3,8 +3,104 @@ default_prompt_blocks:
  - "basic-prompt"
  - "secure-coding"
 initial_prompt: |
-  You are a NixOS expert.
-  You are tasked with maintaining the configuration for the infrastructure of a company.
-  Keep best practices in mind and make sure the configuration is secure.
-directories:
-  - "hosts/nb"
+  You are helping me build or refine a NixOS configuration (potentially with Nix Flakes). Please keep the following points in mind when generating or explaining code:
+
+  1. **Project & Directory Structure**  
+     - For single-host configurations, you may have a simple structure like:
+       ```
+       /etc/nixos/
+       ├── configuration.nix
+       ├── hardware-configuration.nix
+       └── other-module.nix
+       ```
+     - For multi-host setups or more complex deployments, consider **modules** in a dedicated folder:
+       ```
+       my-nix-config/
+       ├── flake.nix             # (if using Flakes)
+       ├── hosts/
+       │   ├── hostname1/
+       │   │   └── configuration.nix
+       │   └── hostname2/
+       │       └── configuration.nix
+       ├── modules/
+       │   ├── networking.nix
+       │   ├── services.nix
+       │   ├── users.nix
+       │   └── ...
+       └── hardware/
+           └── hardware-configuration-<machine>.nix
+       ```
+     - Split large configurations into multiple `.nix` files or modules for clarity. Import them in a top-level `configuration.nix` or `flake.nix`.  
+
+  2. **Nix Flakes (Optional)**  
+     - If using Flakes, include a top-level `flake.nix` defining your outputs:
+       - `outputs.nixosConfigurations.<hostname> = { ... }`
+     - Reference your system with something like `nixos-rebuild switch --flake .#<hostname>`.  
+     - Keep pinned inputs (e.g., `nixpkgs` at a particular commit) in your `flake.lock` to ensure reproducibility.  
+
+  3. **System Configuration & Modules**  
+     - Place typical NixOS settings (e.g., `networking.hostName`, `time.timeZone`, `environment.systemPackages`, etc.) in `configuration.nix` or a modular file structure.  
+     - Use [NixOS modules](https://nixos.org/manual/nixos/stable/index.html#sec-writing-modules) to separate concerns. For example:
+       - `networking.nix` for network settings,  
+       - `users.nix` for user/group management,  
+       - `services.nix` for enabling/configuring system services.  
+     - If you have custom logic or package overlays, keep them in separate files (e.g., `overlays.nix`).  
+
+  4. **Home Manager Integration (Optional)**  
+     - For user-level configuration (e.g., dotfiles, user-specific packages), consider integrating [Home Manager](https://nix-community.github.io/home-manager/) either as a standalone or via Flakes.  
+     - Keep Home Manager configs in a separate `home.nix` file, referencing it in your main configuration or flake outputs.  
+
+  5. **Security & Secrets Management**  
+     - Avoid committing plain-text secrets (passwords, tokens) to version control.  
+     - Consider using [sops-nix](https://github.com/Mic92/sops-nix) or other secret management solutions to encrypt sensitive files.  
+     - Enable recommended security settings, such as:  
+       - `security.sudo.wheelNeedsPassword = true`  
+       - `security.rtkit.enable = true`  
+       - `users.users.<name>.extraGroups` to limit privileges.  
+     - Regularly update your `nixpkgs` channel or flake inputs for the latest security patches.  
+
+  6. **System Services & Daemons**  
+     - Use built-in NixOS modules for services (e.g., `services.nginx`, `services.postgresql`, etc.) instead of manual configuration whenever possible.  
+     - For each service, ensure you:
+       - Set `enable = true;` if it’s needed,  
+       - Provide configuration in the same module file or a dedicated file if it’s complex.  
+     - Keep service-specific secrets (e.g., database passwords) out of the main config by referencing environment variables or a secret management solution.  
+
+  7. **Package Management & Overlays**  
+     - Place packages you need system-wide into `environment.systemPackages`.  
+     - For overriding or extending packages from `nixpkgs`, use the [overlays](https://nixos.wiki/wiki/Overlays) mechanism:
+       ```nix
+       self: super: {
+         myPackage = super.callPackage ./pkgs/my-package { };
+       }
+       ```
+     - Maintain a dedicated `overlays/` folder if you have multiple custom overlays.  
+
+  8. **Customization & Extensions**  
+     - Use `environment.etc` or NixOS options to create or manage custom config files in `/etc/`.  
+     - For advanced use cases, you can define your own modules to unify logic for related settings or services.  
+     - Document each module with comments about what it configures and why.  
+
+  9. **Testing & Deployment**  
+     - Use the `nixos-rebuild test` command to evaluate changes without fully switching.  
+     - If using Flakes, run `nixos-rebuild test --flake .#<hostname>`.  
+     - Test critical services after switching (e.g., `systemctl status service-name`).  
+     - Consider building virtual machines via `nixos-rebuild build-vm` or [NixOS tests](https://nixos.org/manual/nixos/stable/index.html#sec-nixos-tests) to validate complex changes.  
+
+  10. **Output Format**  
+      - Present any generated Nix configuration as well-structured `.nix` files, referencing them in a central place (`configuration.nix` or `flake.nix`).  
+      - When explaining your reasoning, describe which modules or options you chose and why (e.g., “I separated `networking.nix` to isolate network settings from system services.”).  
+      - If you modify existing files, specify precisely which lines or sections have changed, and why you made those changes.  
+
+  Please follow these guidelines to ensure the generated or explained NixOS configuration adheres to best practices for maintainability, modularity, and security.
+
+debug: false
+improved_debug: false
+  
+preview_changes: false
+interactive_file_selection: false
+partial_acceptance: false
+
+enable_debug_commands: false
+prompt_char_limit: 300000
+enable_step_by_step: true
--- a/.gitignore
+++ b/.gitignore
@@ -5,3 +5,4 @@ raspberry/.env
 raspberry/result

 esphome/trash
+esphome/.esphome
--- a/fleet.nix
+++ b/fleet.nix
@@ -39,6 +39,10 @@
      username = "fw-new";
      key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILnb9todh2b+c3iCmEz72smRwL37aZf3Xs3voT7+PLTP";
    }
+    {
+      username = "gpd-win4";
+      key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILjfS2DtS8PQgkf86dU+EVu5t+r/QlCWmY7+RPYprQrO";
+    }
  ];
 in {
  imports = builtins.map create_users users;
--- a/hosts/fw/modules/wireguard.nix
+++ b/hosts/fw/modules/wireguard.nix
@@ -21,6 +21,10 @@
          publicKey = "nkm10abmwt2G8gJXnpqel6QW5T8aSaxiqqGjE8va/A0=";
          allowedIPs = [ "${config.networkPrefix}.98.202/32" ];
        }
+        { # GPD Win 4
+          publicKey = "HE4eX4IMKG8eRDzcriy6XdIPV71uBY5VTqjKzfHPsFI=";
+          allowedIPs = [ "${config.networkPrefix}.98.203/32" ];
+        }
      ];
    };
    wg_epicenter = {
--- a/hosts/mail/modules/dovecot.nix
+++ b/hosts/mail/modules/dovecot.nix
@@ -255,7 +255,7 @@ in
      "imap-test.${domain}"
      "imap-02.${domain}"
    ];
-    postRun = "systemctl restart dovecot2.service";
+    postRun = "sleep 2 && systemctl restart dovecot2.service";
  };

  networking.firewall.allowedTCPPorts = [
--- a/hosts/mail/modules/openldap.nix
+++ b/hosts/mail/modules/openldap.nix
@@ -12,7 +12,7 @@ in {
    urlList = [ "ldap:///" "ldaps:///" ];

    settings.attrs = {
-      olcLogLevel = "-1";
+      olcLogLevel = "256";

      olcTLSCACertificateFile = "/var/lib/acme/ldap.${domain}/full.pem";
      olcTLSCertificateFile = "/var/lib/acme/ldap.${domain}/cert.pem";
--- a/hosts/nb/configuration.nix
+++ b/hosts/nb/configuration.nix
@@ -25,6 +25,7 @@ in {
      ./modules/appimage.nix
      ./modules/sway/sway.nix
      ./modules/printer.nix
+      ./modules/cyberghost.nix
      ./modules/nvim/default.nix
      ./utils/modules/autoupgrade.nix

@@ -57,6 +58,38 @@ in {
    creality-print
  ];

+  services.mysql = {
+    enable = true;              # Enable the MySQL service
+    package = pkgs.mariadb;     # Use MariaDB as the package
+    dataDir = "/var/lib/mysql"; # Specify the data directory
+  };
+  services.mysql.ensureUsers = [
+    {
+      name = "dominik";
+      ensurePermissions = {
+        "*.*" = "ALL PRIVILEGES";
+      };
+    }
+  ];
+
+  services.postgresql= {
+    enable = true;
+    ensureDatabases = ["dominik" "flowuser"];
+    authentication = pkgs.lib.mkOverride 10 ''
+      local all all trust
+      host all all 127.0.0.1/32 trust
+      host all all ::1/128 trust
+    '';
+    enableTCPIP = true;
+    ensureUsers = [
+      {
+        name = "dominik";  # Replace with your actual Unix username
+        ensureClauses.superuser = true;
+        ensureClauses.login = true;
+      }
+    ];
+  };
+
  programs.zsh = {
    enable = true;
    ohMyZsh = {
@@ -123,6 +156,7 @@ in {
      "/var/lib/docker"
      "/var/lib/flatpak"
      "/var/lib/nixos"
+      "/var/lib/mysql"
      "/etc/NetworkManager/system-connections"
    ];
    files = [
--- a/hosts/nb/modules/cyberghost.nix
+++ b/hosts/nb/modules/cyberghost.nix
@@ -0,0 +1,58 @@
+{ config, pkgs, ... }: {
+
+  sops.secrets.cyberghost_user_pass = {};
+  sops.secrets.cyberghost_ca = {};
+  sops.secrets.cyberghost_cert = {};
+  sops.secrets.cyberghost_key = {};
+
+  environment.systemPackages = with pkgs; [
+    openvpn
+    networkmanager
+    networkmanager-openvpn
+  ];
+
+  environment.etc =
+    let
+      conn = (pkgs.formats.ini { }).generate "cyberghost.nmconnection" {
+        connection = {
+          id = "cyberghost vpn";
+          autoconnect = false;
+          type = "vpn";
+          uuid = "f47ac10b-58cc-4372-a567-0e02b2c3d479";
+        };
+
+        vpn = {
+          service-type = "org.freedesktop.NetworkManager.openvpn";
+          password-flags = 0;
+          auth-user-pass = config.sops.secrets.cyberghost_user_pass.path;
+          ca = config.sops.secrets.cyberghost_ca.path;
+          cert = config.sops.secrets.cyberghost_cert.path;
+          key = config.sops.secrets.cyberghost_key.path;
+          comp-lzo = "yes";
+        };
+
+        ethernet.auto-negotiate = true;
+
+        ipv4 = {
+          may-fail = false;
+          method = "auto";
+          never-default = false;
+          route1 = "10.42.0.0/16,0.0.0.0,100";
+          route-data = "10.42.0.0/16,0.0.0.0,100";
+          ignore-auto-routes = true;
+          ignore-auto-dns = true;
+        };
+
+        ipv6 = {
+          method = "ignore";
+        };
+      };
+
+    in
+    {
+      "NetworkManager/system-connections/${conn.name}" = {
+        source = conn;
+        mode = "0600";
+      };
+    };
+}
--- a/hosts/nb/modules/nvim/chatgpt.nix
+++ b/hosts/nb/modules/nvim/chatgpt.nix
@@ -5,8 +5,8 @@ self: super: {
      version = "1.0.0";
      src = super.fetchgit {
        url = "https://git.cloonar.com/Cloonar/chatgpt.vim.git";
-        rev = "59540981edeebd7faf9894e2ba40cbe4fb02f31c";
-        sha256 = "sha256-uBfdR8ezwrcPJeCs+hAnz0w7nE9N8rfqST/SuGlcoTs=";
+        rev = "aa12bca3abc868b4ebacbd22b6fde83deb656869";
+        sha256 = "sha256-eK7GQNHR03fQ7j2ExX9QSA+AIW5c1b8fsat3kbS6f9k=";
      };
    };
  };
--- a/hosts/nb/modules/nvim/config/lspconfig.lua
+++ b/hosts/nb/modules/nvim/config/lspconfig.lua
@@ -25,7 +25,7 @@ local capabilities = vim.lsp.protocol.make_client_capabilities()
 capabilities.textDocument.completion.completionItem.snippetSupport = true
 capabilities = require('cmp_nvim_lsp').default_capabilities(capabilities)

-local servers = { 'ts_ls', 'lua', 'cssls', 'yamlls', 'intelephense' }
+local servers = { 'ts_ls', 'lua', 'cssls', 'yamlls', 'intelephense', 'gopls' }
 for _, lsp in pairs(servers) do
  require('lspconfig')[lsp].setup {
    -- on_attach = on_attach,
--- a/hosts/nb/modules/sway/sway.nix
+++ b/hosts/nb/modules/sway/sway.nix
@@ -83,6 +83,7 @@ in {
    hypnotix

    code-cursor
+    vscode-fhs

    quickemu

--- a/hosts/nb/secrets.yaml
+++ b/hosts/nb/secrets.yaml
@@ -4,6 +4,10 @@ epicenter_vpn_key: ENC[AES256_GCM,data:Kt33OLiauTrkzSwib2px/rZoQO6tlCzsy2exxIrZb
 wg_private_key: ENC[AES256_GCM,data:A80vGf9aMxowC2xME4FIVTmKpSRLNB2tWiUQeP1v8vCRk6Gt8BKYOuXYt04=,iv:vr7qvfr78syrI5pIytjLouPwZcw4xvBTvEUzzv7ibnQ=,tag:qjALlFkd8JocLJqMKFERaw==,type:str]
 wg_preshared_key: ENC[AES256_GCM,data:bhXoD95ahDRawoHd5Z35FY0G6Xv0PHwWJf300fHQ5jNsGN1TQKHsIswx8YI=,iv:fBsIWkVZUt8pahuO9daaRBIEEIWsSnFW5Velj9uP2ZY=,tag:RvbCYhnRv0OrjTxjsNFW6g==,type:str]
 wg-cloonar-key: ENC[AES256_GCM,data:ZMEeIZApOD0ij3nPMZeQRwJ4MwVx0sHu08F+m/u6IMHBGid5YwMgxZ7qbLk=,iv:OfIZ9TqBLjToIQi7zRUBATrynBtu0bzXeGVI/EAUPhQ=,tag:mJICT/ak5U76JE/IxJsCKw==,type:str]
+wireguard_user_pass: ENC[AES256_GCM,data:pGs/Kx/j8bgVQ2MtnpnvPI+dBrUFew==,iv:oLYuxjbe88RqygmVTAVnwLUmpRyQLdWrLX/kMIK0MHE=,tag:CBOK/rpuJplurt6VKux0Kg==,type:str]
+cyberghost_ca: ENC[AES256_GCM,data:9PHq2qHLsCvAmJR3S4J2ccNk6ec/LDauR6KoIpvvHX2v7w87m9aoADw9nSbQtuBwJWjSGi/hqUAz4fa/pT6y1TjLiJxUDBmr7axjsc7b9IQMmQCO6zmCK4XR7TkVFWorwdQxJ0HVdXBFAkbzet1EZ4zv9QtwXuXK8MkH50dzI0HVLgX7EtHljnrANJ/EtJ6TsxBvMr7HMhNITUy7iHbiUQvFKanZ3FmwLgCO/K443szXa3+qKQmr4YxKOUqF41QnmpikjksgMw5rfJOhuxe2YTdswt3urWTOtVfRACUjkcivqjWZIz7PCULvJHTwqDDLR+mc1bxxgkyIfElx7Tv7+tjbZxCsWarekPmjg/lETRFxTkg30yyBsgXqFjYbxwBFTjZkkozpnBJbxZDq7VkgEIi3hl1ts1gUsj5Y9v4CDffKwAST18iDgq/Rb831878kujdiMH1qeMOgHVpFtrfjleK2MPjDYcTkXY0sOdOCzkFgFE92/dp2q50er3FTaIq69c8dYR3DkSt/KPVb5Og7j1hKRtGaBpgfEYVqKzB1aMm45ORfmUR9ZPzTZvGzk8jecFL5wxFK69QmP5/cMr29SASdm8repcE002hUJYKp6RALcRpo/e+Cvc5yetvwdFUwnghLgvmyW6CTzn87OsJQJPgl2X/b/iDJrlzaa56QCrH4rmulDf54RS4tQZol2tRAgnSrxhvKOlqSeuVRwczxqOeGNi2Mfel/HIHoc26GONUtHtF0dqCm1ZJvKPr5JOKRguEXcLo4ZSqcMCNg9PcfPBVV7C69K6kmA7+vqRr0I8Qv9Ls8ZDoywZ3L5CsaXYMFaOcTeDaKdmZiQnLPr+NjPuFmHn04EgjgWuk2VHCENB7w7m8nh35xDQaPaZbU0RdNahGJrVdUHKBs43dgCor+SNhnnV0UjjLLpD5off5xdgpxNNXEeNfxq3Y//XoNM4TQzk91em+KScuPW108Rylk0IYavOxIgNettmr7tTEb59UTK92ogEnQKNZOv0S1lEGwzQnD8R6tNUoESWIpyMc2FDlEd7UAuPNXGIebQnleMTNdp0FkJHSKXjhcKXf0WOD36RGw6D6KiX6A/tkO4EvBt0hn3pJ1nfqcZdhrRUivx9quyEWYbiosLduT1jj1q5jy/1nq+sA7bkNrx2af2Hp0h1+8nteWV/4kWCwpX7aEfv7oraoFQM52luF707caKX5hRr3sRK/Kw8ad589EZxDn+R9L9tx+T5ItPBNItNS+1T/dFxDeEEhiIPB5qeubVrwSTo6e+lJ7QErMOfsyIbG8vuIhj3J0nc6Iy6lvdPkCQi3J4/w0WRqLU9X2h0RiQhiwDdogE1bE1oPFUje07uk5FEwyzmfKQxx/4s1hBvFklKtV5LHcXAo+QkirwZYOpyIrNalmIK1CeQ/GGW57AcBNaCLd5W0MXzpai8h2wWtltezqzCz1izGV1SZpgXBqGhi+s7aVgIW4aNiBVhnf2JoIvIuLyZvbAo+45wk2Hh0WXgAxHaZ/mReRyT8BWbjWtIqQKCw4UTbl0kS+xsl2mblRD0nhv7K6d7xuuq+5BnBPhn07aOowwW8qcqzsvcJPMesErpzQy0umg4ODX3J7GEfjjMIoUosRP8gAE+4ReT9y9ApoB3krb5W9WTAfKt1nnMJxiycM0QU2DVaad57N+RNF4MhjyPXDvOM57xDbfzFmoRun+TqGNzmBsblnPkRXqvunRrTW7U+fn8fRBxZAVgrD5LQoUbp9hA1aY0xsM+D8l8xpFH7PRTDqItTkIP7J1IXbVSlc9hkLHVnz9MbdiE+ihjTVXjzkMCVwbMgFza+fSZw0bnnOLNsX5zXl8H5Z6jbkDmoFcaABEQdABY5kgTtE3Hizzzz8rUt9mxku3/Way3mDF5t96qi3rR+CByOz9JIRiAAEXJci2JG9tIgnFM31OA/zmshFVlBO0IYeRvSIF+QYd9ACH2ZUfeUPdQ/Js7fwLFqa9N0yyWIuj/8X8sSLO8b7kk7/2aotdK9RolMRj5pj0+lrr1Gdxk+EdcviHfL8Uig5snIR/tegZIZJLYT9HOIdrFYkTHds7/dQs92EqJNvKZmsA3H8CJoOIST1JyB5AAPn7Ad/qN9f33T6++RUKJTnMDnV/HfEkpIrkjAwQ4mLT+Mc6R1JBaLVPJ1qaH5rzkaZNyI/DX7g0DaMC2FOyAGPLYb2PieOPWXpoRSTvA18UidYu8msk77u/M/S4S4EqAT1dZgmkg9DvetgQ9GGRGQ4t/F2Evr6lGHdZQKC5aAF9GDPAHXbjv9zLllb+dlZR5TLmzrspgBcCzdKhpjKTCEpxLOyFhPzfzzDzOdHI2iQlKkFRmmPC22fKk+OqNFM58dA6qiPEMDcIcKWZ0kCyH0rV4Fpzx8WlBPLD1SoU2HADmz/1CePRK0jywWCd529wvjdEjFYaiWOmqAywxJQG7bvkx+68P4AosqUVvv6mso7L0maQVVFsSPiuR91b7al4luq/QZulZcOG/I8fLDJ3YvQIXHW11NlljHCCKiTh9Q80bJrx/pJxjKz1Ct6AffZshUq5l3TZrC0XWZNg8erO4QnKjSZ3yYivg/77BGj3WQTS6lkhHFNsQe29+seIwbV1zZQNc7l4WNkuiYBDAgXiN4xAthHZZmETWFU/Wqd2gAosTiOstxvN+GMXSjotRxnAMn+Pew5Jly4uh7EvOnGa1k1oq+CzVcTnh1bV6U1br3I55P1saN0QkyC1ua8ATlcEP8tB89IK+SeXOeXk/koSnjoAAuuTFFwsxdBjq+D2SGQ/YXoUkohG4ULvMyPq8CfCKOWWKAS7xAXiVgGrBDIZZ32I9sC+2vJkglKkCX+fr+j9eh8lokqTsfmUB07kTEsl2GmBEEpLwikeEVhM2ZFWzPcBEZS8+pfSe6dm1n6nfUqo1lOi23/FL6AlrfbbjX3iAqBE6vt77RFMqi58RnH8GmR7Zyg3CXfGSPQwqgCiBdymXZaSdi/ybLKhsQ642bb37XceVjtlu4=,iv:8uQbG4ObsDSS0DeKx24lt1vpfeSms2v7KGRQrKoWwds=,tag:2RoiW5VWLXfMgXA4cbnKBg==,type:str]
+cyberghost_cert: ENC[AES256_GCM,data:hXplfGZvyQDf6m0YFWgtdHCLy0178BZNbDFxoAvj6J/R2Dv27YZQ+kn7au6Z11xFNA1A0K3pQCfzuSeuNtLm6OqHU/QAsXcYF3DQnfrotod1i8FTT+UqLvFTXGp5smUQzpKzzJQHxfMOsXXMMyHwLiytCbpWHapyVJuG2EDdai4MScHqtepqaWsHAj0TYaED3QJFfn6vC3VqHlfe3WMY/fpy7brpAyccjbTYEdYiUOzYzzgjk00Jw1zByLNld5CeuXsiYto+Ce66CK/i7aN9OlDF7F/hibosk1AAPwqAvboGGcervEO1qtNVoKkprzvyHAQyf4HRpSNbsaEFPrzog3YW4vvu6dQlXujQuYF1ZRqCejgUGYSihC/NaZW2O8F3eJKkXVnRQkcbr2GzLRpawQZ6E5i0X5PgSHaFQsGJ5UsANbWY2tJJomQdtmQEsjJDbwG1RTBW9VvMLAdTj2daasixA13inqxbUK2o23tp9HRscSbho2de0lOH+JT+j0j+Mi4VOoCQMWc0Ln1YDFvjZMfUNtlR7Qd1Q2MySAUcGRf4w8Wf3waIb6x+BhBYghdJGsAiV1jyq+Pp8bOLuoTXYhdDI1H4gemtCSemsojPuvXgKQky75uZBRvuGSwHTCFu3WA42xU/bMNaRg8mRZSxQLMqWkWHVLBBFyiHAHjCXicTfsKhU9YQMEm9sA2Ecc3osM38guXU3/jqh0AbEGt4QOy6WMhV/xDy+eLU63vtR7YSD/DY0Nij7OnTG3GbQuyMu22j0zFW1UbX26m/pxESkPv9zQ8ilz6lNj2yxfIJz71pIjWLRrC/797Bdah+bRTeyfAQXsT3AoBuogNARNamcrdPkKQHQGEMY5UjNn/4VoFClXzeZGGeABjxLIk2hvWU10n2OiDmnj30YTrPQvRIXJQGtBNrrlPKwR1FPt8QCkeoFXwxbHQTf+rBllbAgAlfic3yUoT/foqy4c+lbXByaC0aJmwmgA1mJ9j8sFkX2znNtnbkKxesNRXWqeorUUhEafIF3lJ/tg+lwaUNtmy0Ig9NAS59iNklbNASyKjXzMzflI6H7SRsKkFeO48LMWtGH6Jo4QMvZ5sWvZSVaqWOlh1QAMZMxVzpz1eXv5TAsTpfc4anv+MgrpeHsXs3vQv2ytkale2YdukuGBuqlIQcZrw8yC8u+TvAPqDFZUAiyh8uOAwETOvQvNuttRF2qbjiIA8ZVp2Utf+ggaIPf+vE1mtWit4/rrqBSCT0XuR75duWSIS109B4iZer3rhINqIk1XTAzqO0fmyCZriw1c8T/87N4y9Z2MqIXNaLLk+UbYFd4NWuvuHUGSbsQZ8EtkWzaUPPHx/wzIVWu3ajmjUv6QFgSY9PS4eY8xKqqHxt2i98ePwfivhM6G1eBedAutLWF1m1Omjw9k72z30coa/UcfzF0fo2kQVcw8z1kJBuH1WYfk13D77soxcWLFWZ2ropRzFI52XfvXwxiyyd/sVByWt7ZyNDuUyyuyDeU7Tpzbf4N0ek2qfwBlllfTLCePqWcGAJ3zn1vYajyXFYm35YzWZh3oj0CEN1p1udyxUQ3YIvtUHHk4FPSYjuHSu3Hn8vft2gR3CYa4RvkvcxHbmH4WiSBlAlt6Lcv6TYkZ98K0/Z2bX2FMhItFE8bQoy7C+hUXek55aAwB/UQ4Fjf+2xTsckrCig+eSvM0ZJDnon4K+eUbOF6hSGbRzcX1VfqPStyHhtCUxOckccVLbWFv6sYyzuDZyvo/Nmljx3M0CjDZ5u16aVBxk3ycnlSM7WcSl5h7bjbZkZv8W0sWke/bXakBuelcvfpnzkcT0NmRT0awusSxQk+WH2iiiAT8NTijbQC3F6OPB43M9tad14WXg9cyroEcPgsm4hDwl6wsrZeWlQZ4dDwtLPF8mB5Q3cWsttUJHLrTmZJ1HyXThD8Vp9JO4jF10pE+MsDbu6vqSNOFa/X2tho24NkXElZqUXG4wZYrU964wr+pgxEvFsRx0hqeZ4OUThosJJdFGEW50RBP6UPEw7mWelpi3Q/kbVL4ulZ3And2U5N1faQIFbvWk2Kx4RP3Don78I/LLzqI9q6WAQ8HES6ulieDNu81DBd0u9128j3ZVhEBmnKpRHdGqCjA704zidAl8/+wrpgt7GdOW9AD42jU1F0aDuQujsPRszpFagmdlR6psFDOOBA4e1vTqovIrmWxbFtTr1d9oi6Bv5vDmg9d/RzS6Cu6DoSped+9uCATwRBlqP+QCO5Lz2cBuzVcqf8jAkdUlHBJxcz21xPzOJJOnR/Mx70E9h+BVfwWC9S+8REi+lFNq9nvWaAcOcDL3Pnj/GpYbO+quIGtE1RuJqW2uFd4wXiwbrk4qcVbxds0gH5DDQjOtsF9zRgV/Vmno07jJ8dZmpNq/it3Ou5eErZ/Y9BHerRCUBpWQn2r1XhgLV7Uslhunde387/ohQQeT9GlNLm6wyLLa9thhqLFxlvzRWRg+7HkutPlA2N9c/xvixs45SCfWWWKC7QTCVZR2OIxQFB0prfcmRC80nCxBi3ZdX1Oselgi1iEi3+FnqP7DNCjkXJWIasFhiRNcOw91IGKs5yaiFvCIe7kprf8Ew1xun+39H1W0AWdjaBWFSQU7kelyql4qsxh+skLuT4nss5wXh5InrYALZbvJBpBGmUAPNHGPkvcCSCaMeayqpiKoUUW7Wy8EPWY9kI1we+rpN3KhueQHqtus8nLEABduXpi1w6AGfDsslm6nRysllADNB76p/v0j2q5i/lQxM/Ks7pIA/hJGp6RKKmUZg3VlZ/GI/TXz89Ha6XHI4IOGzx15UhHPq5xuCDk2THIy0ryeHIBteVuU8uj+uoZVYMCfjqUxSe4Kvzk1QBrxntAWFb4ObVt+Mdw84YR9p33EQXPiX5JfsUULdsc2VlR7ccvL57c45GFPNGFjUJfR968GJLw3DGx65jtQWHQgUElB7Oy/UJVhdTSReZTULoh0qD0Ol473SmVx6EOcXQSVjfmBGjVkaurs8TY+OFwUQaBBCBN2T/jT+V+Y+qWf18uwaE/w+Nwe+E0QqK6uMYXvBP86QM/pSvjNJKHZZNJfnUOCx0EFml4bRUQROvucJzQLolui/DR4PP2MBRKi6rjhwMTYYCGLGjgSDsQ==,iv:vYJer+NYyRo/jcpGb66askFA42T+TmSfWTm3DKOIIt4=,tag:RlvqzLfvtJN0HloJZTJb1Q==,type:str]
+cyberghost_key: ENC[AES256_GCM,data:qfPwy1DSooR6eo9O7j6h43wILh4PzxE2X0pdbzh3gw1D98rR8GWEj8sukK/L0TzfGYqYWDPy15OeymaGdm6p1WtevBOlkZtQcXmo7jg3+k0TFUnUctNDm2cOjuKck7CGDFtwbMsOHtCxwhwYouCmes9sQ6KSfolVkutVcvEfI1qhjOvJabsZt4O0P5wB4dQUMQfcPwXYKLuW3xlP2MvIn+Q6XZzfLOqoHnAwQhyxfGsOeMkPV2GXzMsqcCuDhfItU7d1GHzMCOLQsWspwNr1jJd0a56YhY+oPHs+yRSEvzFeL08ZyQjPr7YX/p5w84aJrY7THDlBcAK3d35EQOPvAEghrbmas/aKSxDXPL2W3GKKhok9ztpX6QDywkgwUbetXs+oVUF3sHK+UlyiW4RLPsKoQQPtHYBvgIwtT9ym21PJvgFy4dOJF+XW3CfpZcAOONB2L2mxrhB04CV0is3i+SnQE4tVIqGfQBVrDeuGB/+7Pjy2cW0zkEOAHrwGbdlqG0kgdHFOdbDp2fJl5zTRd9hBhYeXT9mbFtlJ+50KyGOAkJZf9a3O0BwgYRR0sdaEWfOLDMsz5L1DlvzidrChGBwFbHAyuFkjE/hkhddAH+1xiCfRCb+mGqs03rDhIpJbEMZLRZFsLWu+hlXKZ4AXamkuOvkk9KvrYL8KVjkVk1GIIeQqVFE1tiSCtlGeODYblA/5HPTCH1wPrLBNCRS6xkxEwHs/qZx6J0qN6j94lWDWa/Q83g7L3OKL8JTlsyr+D9100veMUVhvo8RiJy85Z7tTqXXEckEWKgnC53dZ1ruILNzupytUYa9rYjNcQ1KXy0dwYbMDQ4kvLCpJtO47pXo1i9V9bDFrYCLipCtyg+s2RUzYOnW4GXpn+de9MDEJ5oOp0pMZ25HG3fpnZDvaIyPyytpyj7apx3VDf62Eq5Rodd49uKuDjlbWDezaaU6MjRqhmpv8dbs7c/7pogZmaztxKTbs+EZ/6l66cek24GS7GjQj0e+N32vY1ACcQUCjg9smCGvhKs0H5kL1YOJkopN9ZWVV9p32p0IsbQHsRebSOHablHT8q6tyYfP6ctHH6BNfoUlfZjHtR52VEiY0OstmnjsJxE2hYPX+l4tpUGNGv18nQ4C2ez3baMWHNXzRTXo+g4zjVkW0Ggi0ecd7I5vR5vUNNA74Hv5Mrd+oAYkf/65XGlTJu5VIM0f7IvlSintmmM0pLB1rmCgnZenlhhbY+0862xS2j1YcZIapox8JT/W2IRUYKnJ7j7B3bc/57JWDzaBM/AukhZvERqdm12fhh9jNrNDjK25HmNwdh4Bsf7IyVqXh/nSsH5MtTCASonn/DG+6pGLwOCxKiQdNmlYD8yiZ2RkSfFs14glr0frUYcgCEOFb18IeF/e6srzKSocRVJqKAoCQhnu4qNMy7YDXpmucnzhWuwcFeKC6gaTKBPj6pxM8OSXM7uqe27So4flZIbNU8yvDp0Ub0LYco/EJGUEL9lwitMydSV0F3gjc8zvEbYMs7qlYg9dD1jxJd5vaPkx59DHCpEMOHn1CjVxazZNvexJLG7j4FBkM6PhF131/C7C4cly8ASLQd5E6nZb54GZdKqDp6MVgipeKJ1Z8A/onBC/Glal1bl6ASeAO2Mkfq7PBJ54CKXaxiQ+TFpCfy7DrOArQzaBJ9s/Gy14EoGfb/o0VuXhj4vwChig16x7vu5MnEFdItPjkfRa638KkILeS4OXm0ae+KKxBUchCwXdRyGK+wn7Kz9E9xOjcKMI/kiDnAB/mTkLC+IA5wRuXgtVyFk3BuvrJaYIHsJVZofP5lYz0JLmXXtPyytI3r/IwSL3B0jupo/KHUZx6MBwjBYG/fKJgTQvvbGDePNFHfk5y/At96P7QZIVO+QlmQg1em0pRpYbO30GVhcDko9LvNG5rLPB7a6SNB/pllOgBjbEKWoNPVwFVe17ILzA2Hl/egkW+wxiJM39bG7Ll1bMN5Q32yNZlUAzWBHDSd4DhM14ock9irRGtLqrhHH0QyMr1WlVoMRXTGT7aMLUBc4IEY7kXnx4Sw/RILqOFZsML6Kz5EEroTR/gzDpr1xYxcIRrRmaBS2YMc6wgfIRstsspMT2kUUT5n3MBJlur2CpyNEpqh5o0oRpACQyqdc9P35BVc5NYdAIg6zYKHtiTpl3I/Py+XDSDT/wC1OrKRJjuw0ES/wgDoygbPxieqdUGCqDkEjuM/UZqmIILAHBBvqniMVB5QLO53NO4lhrTbhmBWDXzw9dpJ77O6In8DmQ6cmuBsOAC1JqlGhFHpp1YMKtlQlOpwsORZSdwc/sfMkai/dXjhoh9Ptpk1fUKH+3AHzd+Ulb6Y7daInVgutnO/XFj832l8WwHzyZPLBTpbRbHeeSQevIHM/x/jLDZlUGVktrN04Dj4CJJstyeETIegzILTrXUhIq/W9cEd9vEdlSRRwTn5Z/E8zfET5fxLWSrMRTTQWOh1jIh7FI+P9d3x0K0fk0CR+vclyvVm506zAgF8KCBPjljDZYgeXyPMJ/icU9QhA72++IGo/XoT81fpB34Zt513PQk4WGmUGhAgiQP1EObnQ/YNaTcdUU8fhvq7YcyUlRA+vfaKMS1S18a8RKfYs0yWxCG4CuCb9pWhRK2ALjNeqYS70dFeeiAHI7UKjV+I5CbtLdIt0/oGDFKokH5xRVl6JkLq8iVPCaCyCOc0FCfBVyPBF3Qaisvh3GyIpCPbx0mp8fDRsiXLJShyqaqC6hpD88PnTDE2mvMyB/bH8Quzh5OrLp2CTDeOvWtg1GxYowiL0CC77ogUQhfM1ut8g+tvjgsmuiXU1uEzpHCsIXnSnUvwJW6tV37S0YUePoVAi6hVJTr60M2s4+0J2IxDnb9h2GVZqmusyQU74cKXJrEOC6r5apkhH2GG2jdVQGn2ETY/b/cbFtI38EtT4IbOa/OQDLf9F0UJPuYi5Ne0mII4asEmWdfco9P5oU4Ssr39WmTfmrBLvEQ0IhPSwKmtZlA1x85FSv5+wKauBYw3GTZa/tsp7E2MHhkyRWG1eMMziceCOrTD7NgRRLQIgN+ejm43i+OdMzi9vjzf1vg+barXOOd34yjY6zqpX9hEAJuxYgT2s8fGj59ljZsqp/qSICBIiImOyjxgKou1nh+AJY0Qs4fIGVTstf7aG540IiOGNTy41sVWdtKBeeahez9FB2lxMZ+A/83IRtmlnMcqXKhIgS7c3ajaRrgjesO/fbHnE557Ocz2A6SdoOn9rqVXD6VGvM2fkbj8no0ooCnvNtQ8JEMu6hyVipSqgRxcZlnW05NGOTtWxV3xRI3RK5tNguYgqqLIQvSARDDgm/HtJoJgom8lqSkLXswGjbxpJ1GP9lWpyov+muy9viwLQZQgEma7w2M0gIB84s3FOuYMIz7pKEDntUO7jRUl5+T8gJoJ9ex32InELTLWgksB8mb4ZuSCOmoISEEaBsPYtSG9wo5bWg5uz0/ToudFf+WRA9JT/MesSzVhehqFx1eMGAKHoRd02oMOtwIzQuc0Xp0DuYBTWOk/aHyRDxfluaFSIyAR/KBkO7fc9jKTu1JJifPCXZWInRXvPogmafCyYicC3gc2ITNumezK+oD8fjbWHW0gDIvk9qQjxhQJz99N0XYiRLTl1SssGMKADMzauPWSMDwn1VQ8t9Yc+NvT9i+9TB5YL7E3XhD3aqqwLbLOlIjvlaEhWeMjoaGlaVaz7u2n6g4zAGcVG5/uocZ2QI7byppVE/8rpjBAs1zQr3A/ajvcgCQ3+3g+sy+3w6C1KmYJj3kyF14FhTDLWekAyX1VlEQCB1BUeB7lc3CuPftTDSRKLU/vOygvIdzLMJdsQu/98qjOawsKwEVSXtSrrLXTcyhHRKvkRhUOOD6z1WRl0UTmSrqnzGraEV737vDQrMzMyq06r3mlV6xnho19F4aH2pHgI0uJcFB7efPz7nxOKtlhoc1BiAb88+sDksRJd7/+4+32hSkFQ/2MfC+wwlryo9NXtgSbUnMBYZqQIW0PfoArFTY6La9mrhPpAZ5HLmj3H6xRGhSyLJGBoW+jDltI6pic6G7oBODfUOmUei+CeQ2JKYGfjMcXmndU1qmR2Wj8ytS7yK/J2SxWRGAgmUiGI0gv5nnoe+aHa20yOL54k9XZLSMin5sghcXzTxtLcNz5sfBUIF3sQzhwYUGR9UfNYx3OkeL0HOXQlcICC6cUFan/zIc+8GXHhxLd6NabTiZiTXdYRuAoJeIt1qNUeK0xvLNm08fHiT3eGXbS7NVjtPTw/nYUx6Ca8LaM9eZBfgNowfn47LvoAuliQP2vLAjuatyjlcC/hFfu9Surfcb9LUM/ZsyMFM=,iv:EgSXZvyWmcBxBkAe6asJ2B12FKaLQPy4tRAtCvkys3M=,tag:B0lyX7IRNHX1CqlvBZaSpg==,type:str]
 sops:
    kms: []
    gcp_kms: []
@@ -37,8 +41,8 @@ sops:
            L21ncjlQdGVDUjI2eXFIb3U2dW13bWsKuEwATNEUWtjuLsH7DQAt6J2l4blTId1W
            A1kQ+0dfUKrZ0dsbvUA5L9+haUiK8f5RvapaKW+L2JEn7gW5wJSJEw==
            -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2022-11-30T08:33:24Z"
-    mac: ENC[AES256_GCM,data:/vJdDVpv+iM66wANeLLl+CPtg2j1OCyKlGHhsQQT/RphUj4IlIsjKj+j59lmM6bRBfebTTRt1scFgz8CCPoyfSH0KrAyPLPs1SPxZT6Le87PkmO2rfH0MpNCrBDUdtpMgKs+kbxSzbqnh6X3+juXnOL3oUB3K0cdF6hAr4cP5xU=,iv:3IxaC/8y8FwKxO3mPP7f/byjYih3O6zZU6HJK2cAPvw=,tag:g8crhgnYs670wLPcC3HIhw==,type:str]
+    lastmodified: "2025-02-03T12:21:26Z"
+    mac: ENC[AES256_GCM,data:VvYYibPesUGh5LpR5dXUbJy0mwN9NkBn9CNx+SmWPR+wsaRMGR0Nkhmjmv+WpRGatL+Ka5cGezFFjdOd6urWpcSmL32zcPumVo/CRsZi4JEiuT3qHJkrKM38IPV5WSv1RxQaYwsN4/e5rMdRqeHCLatHbD28LAZxGz1bENCdYbw=,iv:zntGu7xokETUufEK/63ukM+voCEhyuA+hyhVrTNHvrA=,tag:lg2S+e9QL56A/Jaw1Ha0ug==,type:str]
    pgp: []
    unencrypted_suffix: _unencrypted
-    version: 3.7.3
+    version: 3.9.4
--- a/hosts/nb/users/configs/project_history
+++ b/hosts/nb/users/configs/project_history
@@ -1,8 +1,14 @@
 /home/dominik/projects/cloonar/chatgpt.vim
+/home/dominik/projects/cloonar/ai.nvim
 /home/dominik/projects/cloonar/gitea.nvim
 /home/dominik/projects/cloonar/glazewm
 /home/dominik/projects/cloonar/phishguard
 /home/dominik/projects/cloonar/phishguard-frontend
+/home/dominik/projects/cloonar/gitapi
+/home/dominik/projects/cloonar/flow
+/home/dominik/projects/cloonar/flow-docs
+/home/dominik/projects/cloonar/flow-api
+/home/dominik/projects/cloonar/flow-frontend
 /home/dominik/projects/cloonar/typo3-basic
 /home/dominik/projects/cloonar/renovate-config
 /home/dominik/projects/cloonar/bento
@@ -11,6 +17,7 @@
 /home/dominik/projects/cloonar/cloonar-nixos
 /home/dominik/projects/cloonar/cloonar-website
 /home/dominik/projects/cloonar/wohnservice-wien
+/home/dominik/projects/cloonar/wohnservice-gdpr
 /home/dominik/projects/cloonar/gbv-aktuell
 /home/dominik/projects/cloonar/paraclub/paraclub-api
 /home/dominik/projects/cloonar/paraclub/paraclub-frontend
--- a/hosts/nb/users/dominik.nix
+++ b/hosts/nb/users/dominik.nix
@@ -256,7 +256,7 @@ in
          (createChromiumExtension {
            # ublock origin
            id = "cjpalhdlnbpafiamejdnhcphjbkeiagm";
-            sha256 = "sha256:1i0668xhq5iflb4fn0ghwp79iz6mwspgxdqwp6incbvsyzr596kg";
+            sha256 = "sha256:0ycnkna72n969crgxfy2lc1qbndjqrj46b9gr5l9b7pgfxi5q0ll";
            version = "1.61.0";
          })
          (createChromiumExtension {
@@ -268,13 +268,13 @@ in
          (createChromiumExtension {
            # privacy badger
            id = "pkehgijcmpdhfbdbbnkijodmdjhbjlgp";
-            sha256 = "sha256:0jsqa7v2zdjwwp4gfl98yda6vsii374fl1bwqjynnilj7ah8610z";
+            sha256 = "sha256:1nnr5l7lpci76vixdfgkhagbycypvww7rg5pm6vjjdn45iw082w9";
            version = "2024.7.17";
          })
          (createChromiumExtension {
            # Bitwarden
            id = "nngceckbapebfimnlniiiahkandclblb";
-            sha256 = "sha256:1j3x0p9gmbgh8iala0sq2g3h41rc19r8g47652x688lh6as0cikv";
+            sha256 = "sha256:1fsgv42nw2rwwh69ipkkq4fs52l6sz5pq3qlv5psa8r1fiidm8zd";
            version = "2024.10.1";
          })
          (createChromiumExtension {
@@ -292,7 +292,7 @@ in
          (createChromiumExtension {
            # BrainTool
            id = "fialfmcgpibjgdoeodaondepigiiddio";
-            sha256 = "sha256:0b59dv6hd8dmi6qmkijc4v61m03wgkx102dm178z5g0wwrvhk2jm";
+            sha256 = "sha256:1ny8kxb0cag121wavcjzc6vid1lqgblwvb50rfwb7rdh6gbxfni5";
            version = "1.0.3";
          })
        ];
@@ -551,6 +551,12 @@ in
      git clone git@github.com:dpolakovics/glazewm.git ${persistHome}/cloonar/glazewm 2>/dev/null
      git clone gitea@git.cloonar.com:Cloonar/phishguard.git ${persistHome}/projects/cloonar/phishguard 2>/dev/null
      git clone gitea@git.cloonar.com:Cloonar/phishguard-frontend.git ${persistHome}/projects/cloonar/phishguard-frontend 2>/dev/null
+      git clone gitea@git.cloonar.com:Cloonar/gitapi.git ${persistHome}/projects/cloonar/gitapi 2>/dev/null
+      git clone gitea@git.cloonar.com:Cloonar/ai.nvim.git ${persistHome}/cloonar/ai.nvim 2>/dev/null
+      git clone gitea@git.cloonar.com:Cloonar/flow.git ${persistHome}/projects/cloonar/flow 2>/dev/null
+      git clone gitea@git.cloonar.com:Cloonar/flow-docs.git ${persistHome}/projects/cloonar/flow-docs 2>/dev/null
+      git clone gitea@git.cloonar.com:Cloonar/flow-api.git ${persistHome}/projects/cloonar/flow-api 2>/dev/null
+      git clone gitea@git.cloonar.com:Cloonar/flow-frontend.git ${persistHome}/projects/cloonar/flow-frontend 2>/dev/null

      git clone gitea@git.cloonar.com:dominik.polakovics/typo3-basic.git ${persistHome}/cloonar/typo3-basic 2>/dev/null
      git clone gitea@git.cloonar.com:renovate/renovate-config.git ${persistHome}/cloonar/renovate-config 2>/dev/null
@@ -560,6 +566,7 @@ in
      git clone gitea@git.cloonar.com:Cloonar/nixos.git ${persistHome}/projects/cloonar/cloonar-nixos 2>/dev/null
      git clone gitea@git.cloonar.com:Cloonar/website.git ${persistHome}/projects/cloonar/cloonar-website 2>/dev/null
      git clone gitea@git.cloonar.com:Cloonar/wohnservice-wien-typo3.git ${persistHome}/projects/cloonar/wohnservice-wien 2>/dev/null
+      git clone gitea@git.cloonar.com:Cloonar/wohnservice-gdpr.git ${persistHome}/projects/cloonar/wohnservice-gdpr 2>/dev/null
      git clone gitea@git.cloonar.com:Cloonar/gbv-aktuell.git ${persistHome}/projects/cloonar/gbv-aktuell 2>/dev/null
      git clone gitea@git.cloonar.com:Paraclub/api.git ${persistHome}/projects/cloonar/paraclub/paraclub-api 2>/dev/null
      git clone gitea@git.cloonar.com:Paraclub/frontend.git ${persistHome}/projects/cloonar/paraclub/paraclub-frontend 2>/dev/null
Author	SHA1	Message	Date
Dominik Polakovics	e2add63337	add vscode	2025-02-04 11:52:44 +01:00
Dominik Polakovics	7de9b583d5	add local mysql and postgresql server	2025-02-04 11:52:38 +01:00
Dominik Polakovics	406c0f539e	add secrets for cyberghost vp	2025-02-04 11:52:23 +01:00
Dominik Polakovics	1651b8a550	add cyberghost vpn for chatgpt	2025-02-04 11:52:12 +01:00
Dominik Polakovics	ff2fdd3c08	add new projects	2025-02-04 11:52:02 +01:00
Dominik Polakovics	35ad68fbbe	add go to lsp and update chatgpt.vim	2025-02-04 11:51:54 +01:00
Dominik Polakovics	bd4503c035	fix ldap logging and add sleep to certificate renewal postRun	2025-02-04 11:51:38 +01:00
Dominik Polakovics	c423af5498	add host to wireguard	2025-02-04 11:51:20 +01:00