Spaenny/nix-config
Spaenny/nix-config
1
0
Fork 0
Code Activity

add sops, add secrets, add cinny, add restic, add invidious container

Browse source
This commit is contained in:
Philipp 2025-02-28 18:15:42 +01:00
parent e27291baef
commit d0ca050172
Signed by: Philipp
GPG key ID: 9EBD8439AFBAB750
16 changed files with 348 additions and 297 deletions
Download patch file Download diff file Expand all files Collapse all files

15
.sops.yaml Normal file
View file

@ -0,0 +1,15 @@
keys:
- &primary age132m0pg4utk3cjve2lgcjffvz7cevl0fq5krufu9sgud7wu2wgurqk49kgl
creation_rules:
- path_regex: secrets/invidious-db.env
key_groups:
- age:
- *primary
- path_regex: secrets/invidious-config.yaml
key_groups:
- age:
- *primary
- path_regex: secrets/blarm-restic.yaml
key_groups:
- age:
- *primary

35
flake.lock generated
View file

@ -247,6 +247,22 @@
"type": "github"
}
},
"nixpkgs_3": {
"locked": {
"lastModified": 1731763621,
"narHash": "sha256-ddcX4lQL0X05AYkrkV2LMFgGdRvgap7Ho8kgon3iWZk=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "c69a9bffbecde46b4b939465422ddc59493d3e4d",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixpkgs-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nmd": {
"flake": false,
"locked": {
@ -319,6 +335,7 @@
"nvf": "nvf",
"plasma-manager": "plasma-manager",
"snowfall-lib": "snowfall-lib",
"sops-nix": "sops-nix",
"stable": "stable"
}
},
@ -366,6 +383,24 @@
"type": "github"
}
},
"sops-nix": {
"inputs": {
"nixpkgs": "nixpkgs_3"
},
"locked": {
"lastModified": 1739262228,
"narHash": "sha256-7JAGezJ0Dn5qIyA2+T4Dt/xQgAbhCglh6lzCekTVMeU=",
"owner": "Mic92",
"repo": "sops-nix",
"rev": "07af005bb7d60c7f118d9d9f5530485da5d1e975",
"type": "github"
},
"original": {
"owner": "Mic92",
"repo": "sops-nix",
"type": "github"
}
},
"stable": {
"locked": {
"lastModified": 1740162160,

2
flake.nix
View file

@ -9,6 +9,8 @@
inputs.nixpkgs.follows = "nixpkgs";
};
sops-nix.url = "github:Mic92/sops-nix";
snowfall-lib = {
url = "github:snowfallorg/lib";
inputs.nixpkgs.follows = "nixpkgs";

6
homes/x86_64-linux/philipp/default.nix
View file

@ -1,9 +1,11 @@
{
lib, namespace, ...
lib,
namespace,
...
}:
with lib.${namespace};
{
home.activation.removeBrowserBackups = lib.hm.dag.entryAfter ["checkLinkTargets"] ''
home.activation.removeBrowserBackups = lib.hm.dag.entryAfter [ "checkLinkTargets" ] ''
if [ -d "/home/philipp/.librewolf/philipp" ]; then
rm -f /home/philipp/.librewolf/philipp/search.json.mozlz4.backup
fi

24
modules/home/apps/cinny/default.nix Normal file
View file

@ -0,0 +1,24 @@
{
config,
lib,
pkgs,
namespace,
...
}:
with lib;
with lib.${namespace};
let
cfg = config.${namespace}.apps.cinny;
in
{
options.${namespace}.apps.cinny = with types; {
enable = mkBoolOpt false "Whether or not to enable cinny.";
};
config = mkIf cfg.enable {
home.packages = with pkgs; [
cinny-desktop
];
};
}

30
modules/nixos/services/invidious/default.nix
View file

@ -1,30 +0,0 @@
{
lib,
config,
pkgs,
namespace,
...
}:
with lib;
with lib.${namespace};
let
cfg = config.${namespace}.services.invidious;
in
{
options.${namespace}.services.invidious = {
enable = mkEnableOption "Invidious";
domain = mkOption {
type = types.string;
default = "localhost";
description = "Domain to use for absolute URLs";
};
};
config = mkIf cfg.enable {
services.invidious = {
enable = true;
domain = cfg.domain;
extraSettingsFile = "/var/lib/invidious/settings.yml";
};
};
}

48
modules/nixos/services/restic/default.nix Normal file
View file

@ -0,0 +1,48 @@
{
lib,
config,
pkgs,
namespace,
...
}:
with lib;
with lib.${namespace};
let
cfg = config.${namespace}.services.restic;
in
{
options.${namespace}.services.restic = {
enable = mkBoolOpt false "Restic";
};
config = mkIf cfg.enable {
sops.secrets.restic_url = {
format = "yaml";
sopsFile = ../../../../secrets/blarm-restic.yaml;
key = "restic/url";
};
sops.secrets.restic_password = {
format = "yaml";
sopsFile = ../../../../secrets/blarm-restic.yaml;
key = "restic/password";
};
services.restic.backups = {
borgbase = {
initialize = true;
exclude = [ "/home/*/.cache" ];
passwordFile = "/run/secrets/restic_password";
repository = "$(cat /run/secrets/restic_url)";
paths = [
"/home"
"/var/lib/"
];
timerConfig = {
OnCalendar = "00:10";
RandomizedDelaySec = "1h";
};
};
};
environment.systemPackages = with pkgs; [ restic ];
};
}

2
modules/nixos/system/gnupg/default.nix
View file

@ -12,7 +12,7 @@ let
in
{
options.${namespace}.system.gnupg = with types; {
enable = mkBoolOpt false "Whether or not to manage fonts.";
enable = mkBoolOpt false "Whether or not to enable gnupg.";
};
config = mkIf cfg.enable {

24
modules/nixos/system/sops/default.nix Normal file
View file

@ -0,0 +1,24 @@
{
config,
inputs,
lib,
namespace,
...
}:
with lib;
with lib.${namespace};
let
cfg = config.${namespace}.system.sops;
in
{
imports = [ inputs.sops-nix.nixosModules.sops ];
options.${namespace}.system.sops = with types; {
enable = mkBoolOpt false "Whether or not to enable sops support.";
};
config = mkIf cfg.enable {
sops.age.keyFile = "/home/philipp/.config/sops/age/keys.txt";
};
}

246
modules/nixos/virtualisation/podman/invidious/config/config.yml
View file

@ -1,246 +0,0 @@
#########################################
#
# Database and other external servers
#
#########################################
##
## Database configuration with separate parameters.
## This setting is MANDATORY, unless 'database_url' is used.
##
db:
user: philipp
password: s3cr3tp4ssw0rd
host: invidious-db
port: 5432
dbname: invidious
##
## Enable automatic table integrity check. This will create
## the required tables and columns if anything is missing.
##
## Accepted values: true, false
## Default: false
##
check_tables: true
##
## Path to an external signature resolver, used to emulate
## the Youtube client's Javascript. If no such server is
## available, some videos will not be playable.
##
## Accepted values: a path to a UNIX socket or "<IP>:<Port>"
## Default: <none>
##
signature_server: signature-helper:12999
#########################################
#
# Server config
#
#########################################
# -----------------------------
# Network (inbound)
# -----------------------------
##
## Port to listen on for incoming connections.
##
## Note: Ports lower than 1024 requires either root privileges
## (not recommended) or the "CAP_NET_BIND_SERVICE" capability
## (See https://stackoverflow.com/a/414258 and `man capabilities`)
##
## Accepted values: 1-65535
## Default: 3000
##
port: 3000
##
## Interface address to listen on for incoming connections.
##
## Accepted values: a valid IPv4 or IPv6 address.
## default: 0.0.0.0 (listen on all interfaces)
##
host_binding: 0.0.0.0
##
## Domain name under which this instance is hosted. This is
## used to craft absolute URLs to the instance (e.g in the API).
## The domain MUST be defined if your instance is accessed from
## a domain name (like 'example.com').
##
## Accepted values: a fully qualified domain name (FQDN)
## Default: <none>
##
domain: inv.monapona.dev
##
## Tell Invidious that it is behind a proxy that provides only
## HTTPS, so all links must use the https:// scheme. This
## setting MUST be set to true if invidious is behind a
## reverse proxy serving HTTPs.
##
## Accepted values: true, false
## Default: false
##
https_only: true
# -----------------------------
# Network (outbound)
# -----------------------------
##
## Send Google session informations. This is useful when Invidious is blocked
## by the message "This helps protect our community."
## See https://github.com/iv-org/invidious/issues/4734.
##
## Warning: These strings gives much more identifiable information to Google!
##
## Accepted values: String
## Default: <none>
##
po_token: ""
visitor_data: ""
# -----------------------------
# Users and accounts
# -----------------------------
##
## Enable/Disable the captcha challenge on the login page.
##
## Note: this is a basic captcha challenge that doesn't
## depend on any third parties.
##
## Accepted values: true, false
## Default: true
##
captcha_enabled: false
##
## List of usernames that will be granted administrator rights.
## A user with administrator rights will be able to change the
## server configuration options listed below in /preferences,
## in addition to the usual user preferences.
##
## Server-wide settings:
## - popular_enabled
## - captcha_enabled
## - login_enabled
## - registration_enabled
## - statistics_enabled
## Default user preferences:
## - default_home
## - feed_menu
##
## Accepted values: an array of strings
## Default: [""]
##
admins: ["spaenny"]
##
## Note: This parameter is mandatory and should be a random string.
## Such random string can be generated on linux with the following
## command: `pwgen 20 1`
##
## Accepted values: a string
## Default: <none>
##
hmac_key: "gNcPHs+DWI4TTZLtHh3EbXWeISHsgUgBFnGpgW4yU9Q="
#########################################
#
# Default user preferences
#
#########################################
default_user_preferences:
##
## Default geographical location for content.
##
## Accepted values:
## AE, AR, AT, AU, AZ, BA, BD, BE, BG, BH, BO, BR, BY, CA, CH, CL, CO, CR,
## CY, CZ, DE, DK, DO, DZ, EC, EE, EG, ES, FI, FR, GB, GE, GH, GR, GT, HK,
## HN, HR, HU, ID, IE, IL, IN, IQ, IS, IT, JM, JO, JP, KE, KR, KW, KZ, LB,
## LI, LK, LT, LU, LV, LY, MA, ME, MK, MT, MX, MY, NG, NI, NL, NO, NP, NZ,
## OM, PA, PE, PG, PH, PK, PL, PR, PT, PY, QA, RO, RS, RU, SA, SE, SG, SI,
## SK, SN, SV, TH, TN, TR, TW, TZ, UA, UG, US, UY, VE, VN, YE, ZA, ZW
##
## Default: US
##
region: DE
##
## Default feed to display on the home page.
##
## Note: setting this option to "Popular" has no
## effect when 'popular_enabled' is set to false.
##
## Accepted values: Popular, Trending, Subscriptions, Playlists, <none>
## Default: Popular
##
default_home: Subscriptions
# -----------------------------
# Video player behavior
# -----------------------------
##
## Automatically play videos on page load.
##
## Accepted values: true, false
## Default: false
##
autoplay: true
##
## Automatically load the "next" video (either next in
## playlist or proposed) when the current video ends.
##
## Accepted values: true, false
## Default: false
##
continue: true
# -----------------------------
# Video playback settings
# -----------------------------
##
## Default video quality.
##
## Accepted values: dash, hd720, medium, small
## Default: hd720
##
quality: dash
##
## Default dash video quality.
##
## Note: this setting only takes effet if the
## 'quality' parameter is set to "dash".
##
## Accepted values:
## auto, best, 4320p, 2160p, 1440p, 1080p,
## 720p, 480p, 360p, 240p, 144p, worst
## Default: auto
##
quality_dash: best
##
## Save the playback position
## Allow to continue watching at the previous position when
## watching the same video.
##
## Accepted values: true, false
## Default: false
##
save_player_pos: true

3
modules/nixos/virtualisation/podman/invidious/config/db.env
View file

@ -1,3 +0,0 @@
POSTGRES_USER=philipp
POSTGRES_PASSWORD=s3cr3tp4ssw0rd
POSTGRES_DB=invidious

21
modules/nixos/virtualisation/podman/invidious/default.nix
View file

@ -1,6 +1,5 @@
{
lib,
pkgs,
config,
namespace,
...
@ -16,6 +15,18 @@ in
};
config = mkIf cfg.enable {
sops.secrets.invidious-db = {
format = "dotenv";
sopsFile = ../../../../../secrets/invidious-db.env;
key = "";
};
sops.secrets.invidious-config = {
format = "yaml";
sopsFile = ../../../../../secrets/invidious-config.yaml;
key = "";
};
security.unprivilegedUsernsClone = true;
virtualisation = {
@ -36,9 +47,7 @@ in
invidious = {
image = "quay.io/invidious/invidious:latest-arm64";
hostname = "invidious";
volumes = [
"/home/philipp/nix-config/modules/nixos/virtualisation/podman/invidious/config/config.yml:/invidious/config/config.yml"
];
volumes = [ "/run/secrets/invidious-config:/invidious/config/config.yml" ];
ports = [
"192.168.1.202:3000:3000"
"[fd00:192:168:1::202]:3000:3000"
@ -61,9 +70,7 @@ in
"/home/philipp/nix-config/modules/nixos/virtualisation/podman/invidious/config/sql:/config/sql"
"/home/philipp/nix-config/modules/nixos/virtualisation/podman/invidious/init-invidious-db.sh:/docker-entrypoint-initdb.d/init-invidious-db.sh"
];
environmentFiles = [
/home/philipp/nix-config/modules/nixos/virtualisation/podman/invidious/config/db.env
];
environmentFiles = [ /run/secrets/invidious-db ];
};
};
};

23
secrets/blarm-restic.yaml Normal file
View file

@ -0,0 +1,23 @@
restic:
url: ENC[AES256_GCM,data:VhPf0ftgjxjYic0UkT8UgHRlEFB5P4erN7mJ9yvBvBXam13vUesqDPviupvsgGthWWqBMFAYjsdqhgB5sifkkKE=,iv:KI3r42yAzid5oB3HhYha66YOuUKbq3rF72e48dlmhcI=,tag:g9BFJRZ6i6ub2hW1R4L+kg==,type:str]
password: ENC[AES256_GCM,data:9ilFmtQ3YEgfruzHwiY=,iv:tjlMqoRpqVHUJUtfz7pLLP+F1EpPuGPa77uaWr92ybk=,tag:P5Qek8+um+EF6OV4RC0xGg==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age132m0pg4utk3cjve2lgcjffvz7cevl0fq5krufu9sgud7wu2wgurqk49kgl
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVVkNINjZmRGNjbzdyV2ZD
ck5kckFqb21TbnBuM21vT0pCeXp2STFFTXpFCk5TRWd4V2FmY0VlVFQ1d3FOd0pF
YWpKNC9pbWNYaVBiMUwvYnlZTGVxR1EKLS0tIExWZ0paZ0p6U3hORkZOa3hYWGpD
T2l6WGpxSHFlL1doNkh5Y3Y4dmEyWE0KRPn0lw3Ao+7HtFxRHxMaWszSYfQe0QED
ogLnro6X/a18AUhq5kTArYryzBblGsPwaoruBjrLOG9OkKaGuaWNJA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-02-27T22:26:49Z"
mac: ENC[AES256_GCM,data:ANN25JdIXhzImyo1I6MkB8wMHck6sipGeQ0Y5R//h8koy4arenO18oD8HDcmrjXNqWaiOQ+3HzENHG4i4CsRq29HGPmIAUiJMNkTbJbX/775o+P0OPd5yqQ+0CL5pYpAfLuksV1GazTTT01rBhmwIwvu1QSJubfYekkZAnf/GUA=,iv:vgoIylxQCmRLV4nwoElPSyPxljdSYJJYD5YMu/llDG4=,tag:fpXz2Glaci8VA0sKJQIKjg==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.4

123
secrets/invidious-config.yaml Normal file
View file

@ -0,0 +1,123 @@
channel_threads: ENC[AES256_GCM,data:AQ==,iv:UMs5NzRhz3OZj3g0a8pJlQKTDNSqSgBIrRMSEDemKbc=,tag:xOUf8o9ZcwmyLyjAWuWh8A==,type:int]
channel_refresh_interval: ENC[AES256_GCM,data:Ad4=,iv:OUnqHGL52cboVtrIY0QbFHXI9FGBZWCaDzX6u5NX3BQ=,tag:PUNsFMwaGejdOnfi7ElcwQ==,type:int]
feed_threads: ENC[AES256_GCM,data:DA==,iv:/aukY6D8aUiaUlRbYQh8IvRL+SUrm3EzHoiL9V9My98=,tag:z6YKJB2T6PiJ91k49N71qA==,type:int]
output: ENC[AES256_GCM,data:yw2I2rwU,iv:d6iaFXhqAqLPRb3i8S/mX9ytmB1KbZeltX8kRi+A6d0=,tag:mBd/yh34eT4GbIsKsIuoEA==,type:str]
log_level: ENC[AES256_GCM,data:mf9jLQ==,iv:m0IJHSYEINnWAe7kbh57pce8k6sqg3l7VRXdYaAUwwI=,tag:HsJ94jCJ/ZPoDWd+iIjnvA==,type:str]
colorize_logs: ENC[AES256_GCM,data:lbjj0VI=,iv:0AvriEveScwERhC2xGBKDXxNf78Vht+siFk2T4cYOZk=,tag:gB09LQgZFGcxJ1wGVkM9dg==,type:bool]
db:
user: ENC[AES256_GCM,data:22MhzRJF3w==,iv:oenmhbP4WpUBs8ENrv4yZh/7hfIbqTsTuniGduU7+K8=,tag:wsB5/gb2rVvABlcNIMa0qQ==,type:str]
password: ENC[AES256_GCM,data:8vVn63hJQjtNQ5zYSoQ=,iv:3YqFCljz4j7ErxKzuQOXJUVKHe6CbRXiWQbgKnY+/gU=,tag:oC9zioyyLCsQqpztJcpJGA==,type:str]
host: ENC[AES256_GCM,data:9CnRoynti5iPjAbw,iv:QSaU+e4oiF8X8sT2qeoylhOzD3FtlYN0A+X3lkZrlhw=,tag:GKmdlnpSVKm3Em4SMoeuAA==,type:str]
port: ENC[AES256_GCM,data:14CIdw==,iv:LojU5NnDvlgbDynbhWLDfiwOxLeAhhlJEPCxfnrdits=,tag:71JY9O8ivuiAZcHVRb9o7g==,type:int]
dbname: ENC[AES256_GCM,data:aTfj82IPdesj,iv:bQ6h4RDQBQGtcABZ0pAL5WTJ8BzAGPSv+cei2dzKBAE=,tag:dDnqO1LDb5IKEK5/uob1pw==,type:str]
database_url: ENC[AES256_GCM,data:qs9dlAUyGfdtG2Dm9baksAS0tgErUOC6UPO4TBF1E9d0kPiCXO35saBe3wNHpnSeu/I3BgEkjvGEKWhLCw==,iv:hWY189n47YkAaLhdHNSzXMZoIM9XKlbGKygOKFs/e/s=,tag:+bOJUwEsjxniv6CNGjl8Xw==,type:str]
full_refresh: ENC[AES256_GCM,data:UqvNQm8=,iv:T1mi4Rfb7lM+KkUtNKXQGRgJqclKUrxvIl1oO1Imiok=,tag:W5vjIf+o1znvY5KfBIuY2g==,type:bool]
https_only: ENC[AES256_GCM,data:Q1EM2Q==,iv:rAp/2fJDcKFSw9AQUtha0cPwYkyQKLukwUDN+wj9n/o=,tag:pcg182ttzWyxA5uOhCu4Vw==,type:bool]
hmac_key: ENC[AES256_GCM,data:dK1vwU6F6oHaV2wDzyL6kR5BVHmaiHLbRl/FfS0l4EnBeogYaRo6Y/0wQac=,iv:r4Z7CCxXQ9FXLHTjgwoz2muvYhDlwxnwP9tTOXiUr/g=,tag:eg2G3g5SaF2giygkGmkRjw==,type:str]
domain: ENC[AES256_GCM,data:ohgsVQ6TjV20xpgvkEJeJA==,iv:uqzjWp21IyAc69udlKZ06Zy/WZo7C8lRypIugqTPG7A=,tag:hO1RlOpYyQF4Z3wvLCLBqg==,type:str]
use_pubsub_feeds: ENC[AES256_GCM,data:Psged44=,iv:e7psNKmp1gOtmW6uHAIAK/UMZ7eujzsdEx101S49zjw=,tag:MSWwaS9tdpD1DrPBToq2Vw==,type:bool]
popular_enabled: ENC[AES256_GCM,data:sd1pkg==,iv:eCVP3hbkCIuAIyxvrZSZ965nsDjRPR+yl37AwJN562Y=,tag:jNktqKvoXBUU+g3pM0zqZw==,type:bool]
captcha_enabled: ENC[AES256_GCM,data:AWLykZk=,iv:/LgWLW2JyVIiYgc8hFzKDrgxP+ODsQ/4yuOlSOO4NVA=,tag:ZO1KSEuU69qtKEUOXBPiRA==,type:bool]
login_enabled: ENC[AES256_GCM,data:Vjpvpw==,iv:BgCiJdELxzGTvQwYEcE635/J8exYeoLL1wWu74G/cOk=,tag:4FYsy/pjAfhPEb8C3Ar69g==,type:bool]
registration_enabled: ENC[AES256_GCM,data:GXl2rA==,iv:2xU01AvXAmRknLjMzT/Hja8lJF6ZG8PE5tY4BsKqg38=,tag:50ljE+WXs5cPF98BkOCxgQ==,type:bool]
statistics_enabled: ENC[AES256_GCM,data:U+FiREM=,iv:9n5K2kQ8L+E+b5FjW4ZvYgUuKymmU8TzFviqHD6KAEs=,tag:i8m9fZ6ZhwE8HHHw5TGcuA==,type:bool]
admins:
- ENC[AES256_GCM,data:LSERwu4QmA==,iv:Na7MRLPQ/tlQfTleoQueU7fimMepY91ZDtoHk6E31rQ=,tag:O0s0g9P+L1aaIFmnHfcFAA==,type:str]
external_port: ENC[AES256_GCM,data:VD86,iv:f2Hn552dx5/5KOev/s0oeMmjSxFG/C3hUpsSoypSuiw=,tag:pe9BGwYbJR+QFKZpvQ72jQ==,type:int]
default_user_preferences:
annotations: ENC[AES256_GCM,data:x9V0kC0=,iv:XQYXcyXb+My5YuqEPjEIFOf+s0Ci4ZrBRFjPCBs7I5Q=,tag:6gJhMVgXGXo4uDwvLTpQng==,type:bool]
annotations_subscribed: ENC[AES256_GCM,data:Bkn+MEs=,iv:wysRHNNvWn8ARuVS1C4LKv4iUUXfHGORYhlyIaFkmuI=,tag:dN13dJR236Mt7LvaBQFbYQ==,type:bool]
preload: ENC[AES256_GCM,data:zgWsMw==,iv:Rae7cOBzepq0XghliL0UeB22WbnNShxADGqKZs7zef0=,tag:R0w49L3u7p0/UykapeUTAg==,type:bool]
autoplay: ENC[AES256_GCM,data:inUUUw==,iv:QmoY6zMexE8vutXDm4dnDWPQy+WxdGpSCu5wlS/xLxU=,tag:SWoUJNUssofusItww6TkXg==,type:bool]
captions:
- ""
- ""
- ""
comments:
- ENC[AES256_GCM,data:5QWsC3hWvA==,iv:Y06tHI7s7Ra9hVhiQ+D+SrkSV5RpPBsjdlaiFONvx/A=,tag:rt3Qr5cmCj/ZE8JqWe5Ltg==,type:str]
- ""
continue: ENC[AES256_GCM,data:whITcQ==,iv:ipBq04R+HfebnGs/4HilztYWsAzwhPfeudFAY7uCxGU=,tag:MBQZw6v3jbRHFSAGhYnSFg==,type:bool]
continue_autoplay: ENC[AES256_GCM,data:lByZfw==,iv:0G588Qxg6wh1zURujh3uWLuSmbVheDAFUCYpjI58rHk=,tag:nSeghxUAgDcnXfAWHRnk2g==,type:bool]
dark_mode: ""
latest_only: ENC[AES256_GCM,data:HJ/jvjg=,iv:1VTsYz42xWroGch8biMBp9q4beG1qgQK3aWVq1c7Yhk=,tag:zv0Cz6i4rz7iqmcBPpHW9Q==,type:bool]
listen: ENC[AES256_GCM,data:3hPDRR8=,iv:Jw+DMM9G7lEOtIGbTOEPPNb9dlLo+8aqVRtMLmwuno4=,tag:ZWfZOJ6kSbzqa0QNH67A3g==,type:bool]
local: ENC[AES256_GCM,data:HrjOmLk=,iv:lUdKPUkSSYCRLEfBknw0pmD2rbFySumNO8l4APwtfGk=,tag:Zp3JIOeB/BlJT+PyGbt2Qw==,type:bool]
locale: ENC[AES256_GCM,data:hh8AueI=,iv:AifIXipoCuBZSFR7w+Bb/AlbBGJceYZ08wSCwrgs4OI=,tag:kxzIVuh/Z1sdKV9qK06dfA==,type:str]
watch_history: ENC[AES256_GCM,data:N8u54g==,iv:SCcWzjGCC0Ba4lGW8FXTIJE/dL1uEvcayoC8z9yPr6k=,tag:N7x5FTUAj/J5AxbLopL2TA==,type:bool]
max_results: ENC[AES256_GCM,data:yQc=,iv:n+sdfNUUzNBtbxF7RAupO+KwEsg9ggvzGLYcAh30bxA=,tag:hzq0Adh8eh2FQY+lkz701A==,type:int]
notifications_only: ENC[AES256_GCM,data:OJDFpRA=,iv:Gc8wnmSK0IcZYtr2OH9QHrPOLsFmj9HUNgjs3QIqsjs=,tag:a+8iFPqbiuRIjKwH5Qva9A==,type:bool]
player_style: ENC[AES256_GCM,data:R/ixf7YI9NUd,iv:1VcI6bSQaKWTvFIA6rnKH+7MsaTDvnkKzdol3BlNk/U=,tag:LXEJB+k+XY6VpmDgQOB6cg==,type:str]
quality: ENC[AES256_GCM,data:3CxtnQ==,iv:nVJBIAfoagBPim6a8pzDxsjNWrSCIEA8rA96JxXUNXk=,tag:vQ7IXKaXJ/EQxRMQjUpZcg==,type:str]
quality_dash: ENC[AES256_GCM,data:ibvXLw==,iv:nj2dmnqXDOMiexNS8Ex4wo23ncNXyfRGCgB+VQYgpNM=,tag:JFsQMn693AAUUuKqk8B3FA==,type:str]
default_home: ENC[AES256_GCM,data:5ddakzlUqtaQsBjT/g==,iv:bS9CVAkKBKVark0Zr+flnjPY7P813tITxbDgZ7z3MTc=,tag:u+oLYhb8+fprf4YRBM5y4A==,type:str]
feed_menu:
- ENC[AES256_GCM,data:HrxrnCKYng==,iv:8HWKgOOx4joZwM23Mq18uM8/U+DrEhpGNkpPAuStoeQ=,tag:50jPGafqMsr0Z6sjewmQVA==,type:str]
- ENC[AES256_GCM,data:yFqy/UffH/Q=,iv:lvDdfkGrGPGwusWSpisvRHbiBa7vRidO3qUCShmyAdc=,tag:ORJfOGRkifjKOKr3IfWfuQ==,type:str]
- ENC[AES256_GCM,data:EQlPg7yhT1oYutwkvw==,iv:WIkbVWJ1KVwZeAxYVkFXDMPeHWWWQ/ZfqjtL7gc+/L8=,tag:xsCY2ZmMGJq40tc/meHnrA==,type:str]
- ENC[AES256_GCM,data:BH6t90r+drmo,iv:gzFPgxDNaAhDesO+5TdbpXQpkcmHgAxy4u3YclWLn78=,tag:edxGwrDeWXhJVtkCuoCaUA==,type:str]
automatic_instance_redirect: ENC[AES256_GCM,data:s1lAFEY=,iv:JbnsgN1KclKXdnytBGb8V80HS6UZ1RWcDfkg+V+QalU=,tag:TXzUKi8SaggBEfjjS9guFQ==,type:bool]
region: ENC[AES256_GCM,data:tQM=,iv:h4Um9nVCHulSbgNnu66mfQqlDNSbA9iIHJC4dAufhn0=,tag:+SpTRcm1uuUvD8Fyg8Xk/g==,type:str]
related_videos: ENC[AES256_GCM,data:5qWPfA==,iv:AhHzCyDtdX5Cx73mj+0svFBk+pBpKscl/5L+p3LrlCg=,tag:DxeI9ca5e7l3PhINGHJ04g==,type:bool]
sort: ENC[AES256_GCM,data:8KM1eZY7Zpm5,iv:V+kSD7GeJjcuxAC6YIr9Yz6seMSS4VB3n8uetU9/j88=,tag:mYAVivMni9QqxZOiPx5TDA==,type:str]
speed: ENC[AES256_GCM,data:ug==,iv:9x1/XrSeV/jQso6fA7mggW/odV9Dtat5pEAJtKi9oaU=,tag:m1s+zVSM7Z1HYCEORU71eg==,type:float]
thin_mode: ENC[AES256_GCM,data:kC+/qqA=,iv:70JQmFFqE4tVLOhEhTqn6o4+Z6TcNPE4GchxUWpPEnM=,tag:oSQ+c2/3jlwfb8QWYztYLA==,type:bool]
unseen_only: ENC[AES256_GCM,data:1uBKEeM=,iv:c5DG4Yf+NrqogOYrC2lYYYtPUDe3P/Th28YlmCs4oiE=,tag:qM/6RaOPHJC+GsgijS96WQ==,type:bool]
video_loop: ENC[AES256_GCM,data:0pNxRg4=,iv:aWfDKRHZte5oCY4QIoB+t2q07Do0cKWABoaIE0TahLY=,tag:gpTriuKShm5VGiYyMFhrTg==,type:bool]
extend_desc: ENC[AES256_GCM,data:VLlU0d8=,iv:nPZcRu31m6igC2c/PKzRWF8Uwdlxd6C4gqr0qtqBBDA=,tag:byfDuLh5AuG9BSyrCyiH+g==,type:bool]
volume: ENC[AES256_GCM,data:faKp,iv:VzgdgxeP1/Up35xI+lzaODn8H2eBLyZU0zGp9qjkGj8=,tag:JXJTwe4KeMZqmEUpE0nd8Q==,type:int]
vr_mode: ENC[AES256_GCM,data:ZePSng==,iv:vRFUt/q6spkPzCa65s+sPiIKERrvuS1LSxybIYYccfA=,tag:5IhKDwZGyTXxVuRfN7psRg==,type:bool]
show_nick: ENC[AES256_GCM,data:+WN1jg==,iv:vdaal5qpnNLr6Fx0PgXx4B1lNzFzJFmwB5B1YwJ95dc=,tag:2DEV5Vx2vE/0g5vcmBBE+Q==,type:bool]
save_player_pos: ENC[AES256_GCM,data:9KOHcA==,iv:gUWTE44T7kqepJTu+EHmcDs/A4oWXNTGXjhMLuGfxEA=,tag:z/0UvMUR8pXre6Xs5DewaA==,type:bool]
dmca_content: []
check_tables: ENC[AES256_GCM,data:7zqhIw==,iv:IpTDl0T7nGIUoKbIf0FVvP5e6OXgdkxSx/UWQOT1vNQ=,tag:juZedzQp56sGkBEGYyJ2DQ==,type:bool]
cache_annotations: ENC[AES256_GCM,data:t4BZqig=,iv:Tl03bEbcjEmmCurzFw9u5bl5QRBi4H3Hem3wS0HLCTE=,tag:UcNa4tq7yPOYVTFSJipdmw==,type:bool]
hsts: ENC[AES256_GCM,data:91lKsw==,iv:Rb9gSvV36/AKXatUHSeLHOAq3tdqFPtNnPueehlUogk=,tag:nrU2T+hQPXbSrhxuIO4vKQ==,type:bool]
disable_proxy: ENC[AES256_GCM,data:ZTTpJ18=,iv:ieeLe5Jlt+je1pkGNSdOCwF6wDwmQXlIg6hVSCcDfsI=,tag:fEtEskFdzji99gOM8zmeew==,type:bool]
enable_user_notifications: ENC[AES256_GCM,data:A/aIhA==,iv:7OpUbvY57lRUt+QVcKHPGpUI/YnNTj4sE3heWkiYZV8=,tag:LxgFhFzfJ7m9rwRl94RnwA==,type:bool]
force_resolve: null
signature_server: ENC[AES256_GCM,data:5PzFXfKq4kO//dfIntXEz86pM8GD4Q==,iv:3auXhAGlP79lRNFDJmpn5oK/l11Qcu1Jok71x2QadXc=,tag:M/zr0DGiNs74Peud+dAxRQ==,type:str]
port: ENC[AES256_GCM,data:PlXCKw==,iv:U0s6cA9d9YI1xHa4vqP5xFNGZ4sBAv0e/ao012gmx5U=,tag:yANlE2j3mxjepaUj6DMc+g==,type:int]
host_binding: ENC[AES256_GCM,data:Ld6bF95Wxw==,iv:bfxSfNMMw8ZihADhLsASbg58nzV+1abmRhcPd7sEQ7k=,tag:LMmXKu4I3fWOIqBoLMRGNA==,type:str]
pool_size: ENC[AES256_GCM,data:e1qc,iv:rdMTdMNzkiu/BPPy0PhWP3WjFikpL5FGDeL7MHsi4v8=,tag:nyayJ+49Skhemw9bJnxUrw==,type:int]
use_innertube_for_captions: ENC[AES256_GCM,data:pNUxJWY=,iv:zShwBRgrtptWjSWfM3M5r1OHPRIRxn+LSZA0SgNEdk4=,tag:RLqN0OkSOTkj9g2ltYec0w==,type:bool]
visitor_data: ENC[AES256_GCM,data:s6r4dU8T+AsJDgrdJHZHCTpQsH2JlHbW52sMoxJ7LACWEBaVd+PtFt5YbM/bJNFO,iv:QOvOJ0ORKWtTIRp8eHCESrvPzQUnQgPODDOVry71f+0=,tag:zhLnpFF1CByaIT5WlYKYgQ==,type:str]
po_token: ENC[AES256_GCM,data:6SlD2/+4ZhuaZQ6SYZtjF+kqByORolkzxFcQgpzX9pRksZ95Lvgu7/6KXFq08oWY2FDFJS72gXih0D2aPX+JgAlfdYNL40Oa4oOisNEhnAKVTh/8zG55LM7c6+Juc4K/f/J22tteNr4dVxvf/7gsmm5+XL/msHi5ZkjckpauZOdq2XPTSr/m99Z9DGrraxv61nbHY4ie/lyGm4/JlLhLxQ==,iv:PZ7awQYIUryGRSDh46sEV6rmDxdjn+L7j0+Zy7IX9w8=,tag:81yxZez07oLq6BTZLJzDdw==,type:str]
cookies: ""
playlist_length_limit: ENC[AES256_GCM,data:uS1R,iv:64OdDxfuGx3kjjwkgq0STYjqhoxBQpeysu9VPFLv2Nk=,tag:BVssIKHnlQJVrRGrvq2nGA==,type:int]
jobs:
clear_expired_items:
enable: ENC[AES256_GCM,data:xH06BQ==,iv:hZjjrWzRkrUI6bU0sO0MHBA0AU+kAGIFWYf+8FjDJ9s=,tag:jEzCBAAOjcNHlA/6WjI6mg==,type:bool]
instance_list_refresh:
enable: ENC[AES256_GCM,data:lz4Ylg==,iv:HHvmrWSwBHe21LbpPxvIYmNRCQYUCoBcESCrBI3V+SQ=,tag:qxTJ2zX0VYuu/m/15rSLXQ==,type:bool]
notification:
enable: ENC[AES256_GCM,data:NRFmlw==,iv:AR5QGepJ16BITCeRbN9MxWomQEI4JXehuP9cd9ABxH4=,tag:Cxuto/6jtEVAaOvZZL8R/g==,type:bool]
pull_popular_videos:
enable: ENC[AES256_GCM,data:M3DS1Q==,iv:QclNR/OJoaUcaozedj7QeClV8xVy48Fz3Xy2KTb8e3M=,tag:EDz05Kj96egj2UrabdQKQw==,type:bool]
refresh_channels:
enable: ENC[AES256_GCM,data:ICMXfA==,iv:xdW8viTWGMsjwPYeh5u7MjEXxO0LgGh4QT418D+K4nA=,tag:VyzS1O+5oKHz+MeaRflVhQ==,type:bool]
refresh_feeds:
enable: ENC[AES256_GCM,data:exdk+g==,iv:u2jIajt8MRh7CqPNlysmyWMwpYN0gfoXZ4xnFhyfNb4=,tag:2DcP8PlywobzeWaPRDduSQ==,type:bool]
statistics_refresh:
enable: ENC[AES256_GCM,data:kPtx+A==,iv:GDG/TCrQminzi1w35IGs5yEil8qvT736FOuuoBw25sE=,tag:cveZUnBPd+I00s/ChQLXAA==,type:bool]
subscribe_to_feeds:
enable: ENC[AES256_GCM,data:M55jsg==,iv:dVaHutqV9WihAHlVXMSyl+OE/tBIWHE74sX0sioiWG8=,tag:ZXP06yS5ea0XLcr2mzehJA==,type:bool]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age132m0pg4utk3cjve2lgcjffvz7cevl0fq5krufu9sgud7wu2wgurqk49kgl
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQNVZtMURSVDByRVhMOUVQ
V2V5blRtL092bkp0TlJRRG9KRUlRRUhKcVE4CmYyUlkrUEU4VE1DVWJlM2YzckE1
RzV6M1p5Tk9lSzBjZ2JaNld4SUkwbnMKLS0tIFBiRDBLYzB2TVdtZUI3RmtoNFVm
ZUcxTXRMUWJaaE12eE9jSUtMbm40bncKDhbq/YynM7XLSX9SorMcFflLa+uC94zk
sLXityG5r8abl7pIc5LPzOieinNIDh5Riv/1gDrObqvWbHIo5ZZa5w==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-02-27T22:21:43Z"
mac: ENC[AES256_GCM,data:SZvgwodmlCTSUc7aYVeYg24RkcEJUqZtxEx0MAVpfsT9cj/FSPLa8qeHO3k9otQgZ8564CLtmAFyeZOs0DcpGUdPMJy1Y28elJSBKSl+lyqX19gm133BxOF+qWxebdb+RQpZyUvRLiTAqTc2NkS4RjGJrs4zMF8klvv+FznkEW4=,iv:W2hVSRxVbKN1pSN4xNWrl1u3fchg18dxDduFtJ4Tt74=,tag:nf1y7Io9OngeVeWECc/azA==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.4

9
secrets/invidious-db.env Normal file
View file

@ -0,0 +1,9 @@
POSTGRES_USER=ENC[AES256_GCM,data:PVPAeSrscw==,iv:R6GU70VGP5OHW2N9wIjDAWJrb9beH45l+jkkR9ZTB1U=,tag:o+yOt625gykWmCztRr4unQ==,type:str]
POSTGRES_PASSWORD=ENC[AES256_GCM,data:TAz5ZMv93FwvZKCFBqM=,iv:Qoau8wnNLridLcMDUImAd0eklAevKfFetkG9eJOOenk=,tag:Y58I++MF2/rRTEZvk5kKoA==,type:str]
POSTGRES_DB=ENC[AES256_GCM,data:T1Fr3wZZFQ4K,iv:9u9kwm9mfgq82ljVe9wawuzpqbIOmA4bnMv246Wh/II=,tag:F9/cMt648T5e0X/IbqIQoA==,type:str]
sops_age__list_0__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBoeWV0TE5JV09LVGREWHVm\nL3ZrZHRCbVBCaUFlNjRXUXVoM04renBad3dJCnZ5SEowYmEyczA2N2tOc3AzSVNZ\nSElZWUlJU2pBc1o0NnpYanV6aXJBT1EKLS0tIFJDaUQvYitub1dvRXpFajd0bWI3\nNHhiUU5Pc3ZWd3VQTnpNeFdsNHB3bjQKt7SSRCS4+vhmKu70duQSiQge0UnC3EEb\njtCm1TU5OhVvglKMbf/964ivNXMN8ShnxEx8/Oro+/Etjrolk4sGTQ==\n-----END AGE ENCRYPTED FILE-----\n
sops_age__list_0__map_recipient=age132m0pg4utk3cjve2lgcjffvz7cevl0fq5krufu9sgud7wu2wgurqk49kgl
sops_lastmodified=2025-02-27T22:11:10Z
sops_mac=ENC[AES256_GCM,data:aLxWZ4e0udg889PGsOxAFSwz04hGkEucq8S5xn9PgIEbFzN18Gp50Pi2Q3sNcX2UTqAuCtPB85jgZ1UvNutekaD6fi++eVCcedoQDmV5xpQcFoHa76n/nuh5klMJgOsY1xV7CIdSzbrPbswskeLzLvXZCxxRnWK16EyexBDhzR4=,iv:go3WFH2EvxK2qWVcjMQKeloIIah+l0JJyks7x8eoJVY=,tag:nbKLzehcpfV5DfnsP1T8HA==,type:str]
sops_unencrypted_suffix=_unencrypted
sops_version=3.9.4

34
systems/aarch64-linux/blarm/default.nix
View file

@ -1,10 +1,11 @@
{
lib,
namespaces,
pkgs,
namespace,
modulesPath,
...
}:
with lib.${namespaces};
with lib.${namespace};
{
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
@ -20,12 +21,15 @@ with lib.${namespaces};
networking.networkmanager.enable = true;
networking.defaultGateway.address = "192.168.1.1";
networking.defaultGateway.interface = "end0";
networking.interfaces.end0.ipv4.addresses = [
{
address = "192.168.1.202";
prefixLength = 32;
}
];
networking.interfaces.end0 = {
useDHCP = true;
ipv4.addresses = [
{
address = "192.168.1.202";
prefixLength = 32;
}
];
};
networking.interfaces.end0.ipv6.addresses = [
{
address = "fd00:192:168:1::202";
@ -49,6 +53,14 @@ with lib.${namespaces};
# Select internationalisation properties.
i18n.defaultLocale = "en_US.UTF-8";
snowfallorg.users.philipp = {
create = true;
admin = true;
home = {
enable = true;
};
};
users.users.philipp = {
isNormalUser = true;
description = "Philipp Böhm";
@ -69,6 +81,12 @@ with lib.${namespaces};
awesome-flake.container.technitium = enabled;
awesome-flake.container.invidious = enabled;
awesome-flake.cli.neovim = enabled;
awesome-flake.services.restic = enabled;
awesome-flake.system.sops = enabled;
environment.systemPackages = with pkgs; [
git
];
system.stateVersion = "24.11";