From 4032168d8dae0c7d641f073abf7b285d81e863ff Mon Sep 17 00:00:00 2001 From: fuckwit Date: Sat, 5 Apr 2025 18:24:11 +0200 Subject: [PATCH] cleanup and use wildcard certs --- flake.lock | 82 +----------- flake.nix | 5 - home/framework/default.nix | 1 - nixos/celestia/configuration.nix | 10 +- nixos/primordial/configuration.nix | 195 ++++++++++++++--------------- nixos/primordial/secrets.yaml | 11 +- outputs.nix | 16 --- renovate.json | 2 +- shell.nix | 4 - 9 files changed, 113 insertions(+), 213 deletions(-) diff --git a/flake.lock b/flake.lock index d350417..ad6095b 100644 --- a/flake.lock +++ b/flake.lock @@ -31,45 +31,7 @@ "type": "github" } }, - "deploy": { - "inputs": { - "flake-compat": "flake-compat", - "nixpkgs": [ - "nixpkgs" - ], - "utils": "utils" - }, - "locked": { - "lastModified": 1727447169, - "narHash": "sha256-3KyjMPUKHkiWhwR91J1YchF6zb6gvckCAY1jOE+ne0U=", - "owner": "serokell", - "repo": "deploy-rs", - "rev": "aa07eb05537d4cd025e2310397a6adcedfe72c76", - "type": "github" - }, - "original": { - "owner": "serokell", - "repo": "deploy-rs", - "type": "github" - } - }, "flake-compat": { - "flake": false, - "locked": { - "lastModified": 1696426674, - "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", - "owner": "edolstra", - "repo": "flake-compat", - "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", - "type": "github" - }, - "original": { - "owner": "edolstra", - "repo": "flake-compat", - "type": "github" - } - }, - "flake-compat_2": { "flake": false, "locked": { "lastModified": 1733328505, @@ -85,7 +47,7 @@ "type": "github" } }, - "flake-compat_3": { + "flake-compat_2": { "flake": false, "locked": { "lastModified": 1696426674, @@ -185,7 +147,7 @@ }, "flake-utils": { "inputs": { - "systems": "systems_2" + "systems": "systems" }, "locked": { "lastModified": 1731533236, @@ -203,7 +165,7 @@ }, "flake-utils_2": { "inputs": { - "systems": "systems_3" + "systems": "systems_2" }, "locked": { "lastModified": 1731533236, @@ -294,7 +256,7 @@ "lanzaboote": { "inputs": { "crane": "crane", - "flake-compat": "flake-compat_2", + "flake-compat": "flake-compat", "flake-parts": "flake-parts", "nixpkgs": [ "nixpkgs" @@ -481,7 +443,6 @@ }, "root": { "inputs": { - "deploy": "deploy", "flake-utils": "flake-utils", "home-manager": "home-manager", "lanzaboote": "lanzaboote", @@ -516,7 +477,7 @@ "simple-nixos-mailserver": { "inputs": { "blobs": "blobs", - "flake-compat": "flake-compat_3", + "flake-compat": "flake-compat_2", "nixpkgs": [ "nixpkgs" ], @@ -587,21 +548,6 @@ "type": "github" } }, - "systems_3": { - "locked": { - "lastModified": 1681028828, - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", - "owner": "nix-systems", - "repo": "default", - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", - "type": "github" - }, - "original": { - "owner": "nix-systems", - "repo": "default", - "type": "github" - } - }, "treefmt-nix": { "inputs": { "nixpkgs": [ @@ -622,24 +568,6 @@ "repo": "treefmt-nix", "type": "github" } - }, - "utils": { - "inputs": { - "systems": "systems" - }, - "locked": { - "lastModified": 1701680307, - "narHash": "sha256-kAuep2h5ajznlPMD9rnQyffWG8EM/C73lejGofXvdM8=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "4022d587cbbfd70fe950c1e2083a02621806a725", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } } }, "root": "root", diff --git a/flake.nix b/flake.nix index db8c698..4a1e60b 100644 --- a/flake.nix +++ b/flake.nix @@ -20,11 +20,6 @@ inputs.nixpkgs.follows = "nixpkgs"; }; - deploy = { - url = "github:serokell/deploy-rs"; - inputs.nixpkgs.follows = "nixpkgs"; - }; - home-manager = { url = "github:nix-community/home-manager"; inputs.nixpkgs.follows = "nixpkgs"; diff --git a/home/framework/default.nix b/home/framework/default.nix index aba1bcc..e52ece5 100644 --- a/home/framework/default.nix +++ b/home/framework/default.nix @@ -15,7 +15,6 @@ vesktop telegram-desktop nixvim - warp-terminal ]; sessionPath = ["~/.local/bin"]; sessionVariables = { diff --git a/nixos/celestia/configuration.nix b/nixos/celestia/configuration.nix index 9b615fb..0f7d3dd 100644 --- a/nixos/celestia/configuration.nix +++ b/nixos/celestia/configuration.nix @@ -243,9 +243,11 @@ in { zfs.enable = true; smartctl = { enable = true; - devices = [ - "/dev/disk/by-id/ata-Samsung_SSD_840_PRO_Series_S1ATNSAF213446M" - ] ++ disks; + devices = + [ + "/dev/disk/by-id/ata-Samsung_SSD_840_PRO_Series_S1ATNSAF213446M" + ] + ++ disks; }; systemd.enable = true; node.enable = true; @@ -253,7 +255,7 @@ in { telegraf = { enable = true; - environmentFiles = [ config.sops.secrets."telegraf_api_token".path ]; + environmentFiles = [config.sops.secrets."telegraf_api_token".path]; extraConfig = { inputs = { prometheus = { diff --git a/nixos/primordial/configuration.nix b/nixos/primordial/configuration.nix index 2510d8c..c229f5a 100644 --- a/nixos/primordial/configuration.nix +++ b/nixos/primordial/configuration.nix @@ -4,6 +4,23 @@ lib, ... }: let + makeVirtualHost = { + subdomain, + port, + }: { + name = "${subdomain}.fuckwit.dev"; + value = { + forceSSL = true; + useACMEHost = "fuckwit.dev"; + locations."/" = { + proxyPass = "http://127.0.0.1:${builtins.toString port}"; + proxyWebsockets = true; + }; + }; + }; + + makeVirtualHosts = sites: builtins.listToAttrs (builtins.map makeVirtualHost sites); + mkWellKnown = data: '' default_type application/json; add_header Access-Control-Allow-Origin *; @@ -12,6 +29,7 @@ secretFile = name: config.sops.secrets.${name}.path; in { sops.defaultSopsFile = ./secrets.yaml; + sops.secrets."acme.env" = {}; sops.secrets."restic_mail_repository_password" = {}; sops.secrets."restic_ssh_key" = {}; sops.secrets."act-runner-token" = {}; @@ -59,8 +77,20 @@ in { i18n.defaultLocale = "en_US.UTF-8"; - security.acme.acceptTerms = true; - security.acme.defaults.email = "huanzodev@gmail.com"; + security.acme = { + acceptTerms = true; + defaults = { + email = "acme@fuckwit.dev"; + dnsProvider = "cloudflare"; + environmentFile = secretFile "acme.env"; + dnsPropagationCheck = true; + }; + + certs."fuckwit.dev" = { + extraDomainNames = ["*.fuckwit.dev"]; + }; + }; + users.users.nginx.extraGroups = ["acme"]; services = { openssh = { @@ -104,6 +134,7 @@ in { }; registry = { enable = true; + package = pkgs.gitlab-container-registry; defaultForProjects = true; externalAddress = "https://registry-git.fuckwit.dev"; externalPort = 443; @@ -156,105 +187,73 @@ in { recommendedGzipSettings = true; recommendedOptimisation = true; - virtualHosts."fuckwit.dev" = let - serverConfig."m.server" = "matrix.fuckwit.dev:443"; - clientConfig."m.homeserver".base_url = "https://matrix.fuckwit.dev:443"; - in { - enableACME = true; - forceSSL = true; - # This section is not needed if the server_name of matrix-synapse is equal to - # the domain (i.e. example.org from @foo:example.org) and the federation port - # is 8448. - # Further reference can be found in the docs about delegation under - # https://element-hq.github.io/synapse/latest/delegate.html - locations."= /.well-known/matrix/server".extraConfig = mkWellKnown serverConfig; - # This is usually needed for homeserver discovery (from e.g. other Matrix clients). - # Further reference can be found in the upstream docs at - # https://spec.matrix.org/latest/client-server-api/#getwell-knownmatrixclient - locations."= /.well-known/matrix/client".extraConfig = mkWellKnown clientConfig; - }; + virtualHosts = + { + "fuckwit.dev" = let + serverConfig."m.server" = "matrix.fuckwit.dev:443"; + clientConfig."m.homeserver".base_url = "https://matrix.fuckwit.dev:443"; + in { + useACMEHost = "fuckwit.dev"; + forceSSL = true; + # This section is not needed if the server_name of matrix-synapse is equal to + # the domain (i.e. example.org from @foo:example.org) and the federation port + # is 8448. + # Further reference can be found in the docs about delegation under + # https://element-hq.github.io/synapse/latest/delegate.html + locations."= /.well-known/matrix/server".extraConfig = mkWellKnown serverConfig; + # This is usually needed for homeserver discovery (from e.g. other Matrix clients). + # Further reference can be found in the upstream docs at + # https://spec.matrix.org/latest/client-server-api/#getwell-knownmatrixclient + locations."= /.well-known/matrix/client".extraConfig = mkWellKnown clientConfig; + }; - virtualHosts."matrix.fuckwit.dev" = { - enableACME = true; - forceSSL = true; - # It's also possible to do a redirect here or something else, this vhost is not - # needed for Matrix. It's recommended though to *not put* element - # here, see also the section about Element. - locations."/".extraConfig = '' - return 404; - ''; - # Forward all Matrix API calls to the synapse Matrix homeserver. A trailing slash - # *must not* be used here. - locations."/_matrix".proxyPass = "http://127.0.0.1:8005"; - # Forward requests for e.g. SSO and password-resets. - locations."/_synapse/client".proxyPass = "http://127.0.0.1:8005"; - }; + "matrix.fuckwit.dev" = { + useACMEHost = "fuckwit.dev"; + forceSSL = true; + # It's also possible to do a redirect here or something else, this vhost is not + # needed for Matrix. It's recommended though to *not put* element + # here, see also the section about Element. + locations."/".extraConfig = '' + return 404; + ''; + # Forward all Matrix API calls to the synapse Matrix homeserver. A trailing slash + # *must not* be used here. + locations."/_matrix".proxyPass = "http://127.0.0.1:8005"; + # Forward requests for e.g. SSO and password-resets. + locations."/_synapse/client".proxyPass = "http://127.0.0.1:8005"; + }; - virtualHosts."vault.fuckwit.dev" = { - enableACME = true; - forceSSL = true; + "gitlab.fuckwit.dev" = { + useACMEHost = "fuckwit.dev"; + forceSSL = true; - locations."/" = { - proxyPass = "http://127.0.0.1:8000"; - }; - }; - - virtualHosts."git.fuckwit.dev" = { - enableACME = true; - forceSSL = true; - - locations."/" = { - proxyPass = "http://127.0.0.1:8001"; - }; - }; - - virtualHosts."grafana.fuckwit.dev" = { - enableACME = true; - forceSSL = true; - - locations."/" = { - proxyPass = "http://127.0.0.1:8002"; - proxyWebsockets = true; - }; - }; - - virtualHosts."influx.fuckwit.dev" = { - enableACME = true; - addSSL = true; - - locations."/" = { - proxyPass = "http://127.0.0.1:8003"; - proxyWebsockets = true; - }; - }; - - virtualHosts."gitlab.fuckwit.dev" = { - enableACME = true; - forceSSL = true; - - locations."/" = { - proxyPass = "http://unix:/run/gitlab/gitlab-workhorse.socket"; - }; - }; - - virtualHosts."registry-git.fuckwit.dev" = { - enableACME = true; - forceSSL = true; - - locations."/" = { - proxyPass = "http://127.0.0.1:4567"; - }; - }; - - # virtualHosts."drone.fuckwit.dev" = { - # enableACME = true; - # addSSL = true; - - # locations."/" = { - # proxyPass = "http://127.0.0.1:8004"; - # proxyWebsockets = true; - # }; - # }; + locations."/" = { + proxyPass = "http://unix:/run/gitlab/gitlab-workhorse.socket"; + }; + }; + } + // makeVirtualHosts [ + { + subdomain = "vault"; + port = 8000; + } + { + subdomain = "git"; + port = 8001; + } + { + subdomain = "grafana"; + port = 8002; + } + { + subdomain = "influx"; + port = 8003; + } + { + subdomain = "registry-git"; + port = 4567; + } + ]; }; vaultwarden = { diff --git a/nixos/primordial/secrets.yaml b/nixos/primordial/secrets.yaml index fbb2bbc..81915ae 100644 --- a/nixos/primordial/secrets.yaml +++ b/nixos/primordial/secrets.yaml @@ -1,3 +1,4 @@ +acme.env: ENC[AES256_GCM,data:+EwmrLsjjOvvXOBgbI5T2e98pJ+PImvbaCd5/9cvqmPWurzGe1H2fjBOguDf5Mb64eZXaL7jbZxeTqT1T/w32+Y=,iv:tBuFM3V6jW7M3eXb2cwK8ZoKqfEfMxHC31GvF0GTOJs=,tag:Z/vDDFAp2cY7UarPWT/ykg==,type:str] restic_mail_repository_password: ENC[AES256_GCM,data:B2XAP9tnztl/c7HB7bHywfJcwV9sLahfqCfI0TajWaWHPhRsZow4yxhn813FN4pINb5i1kYyiRG/sMXMKAFo9g==,iv:pQnVRVtuhcVtH/Kot9hcx8DSA4qlkksuUiY8HaOawfk=,tag:4lbmh8bQDSVNbI06/gNUlQ==,type:str] restic_ssh_key: ENC[AES256_GCM,data:HpS73OEFvqSLYg8Qh1syJEjCfv5og5VxxzK2VPmAFRk5BzM4xF3Dn0cmJtQpwMMwaRGRWFdCTMrQCBWRrLgDt7wUyMpBn1HivLr4nwEOU4oDStv+1zKmrNbWLSYw3TbHoNJ2K+C46lfpV9CBdb+8dmv2vto6HoKFrOYc5/ftYd7lD9zMhueAMCc3q7aPsIFGb2TRGNz1wrF6Cn9ew1Oqh/P7xlUuIgS0kAKRrybhiIO9IUgQsTV3qqZIXogP4Yy2OLSyhbtDuvtLAncL2pJ/ZsGme47G8HoFomyqEIf0eq7YKqlpTqKPbbnxfWSlWYGg+l9OtCJOeyp5oEZ6sjPNdTUYjpcVZpHNEEa2zkaZzRj5Jo/GIiJfCu4F0kk4opbqEUTeDQHgesylxwpd/v5zaplGEqpYZ7y/DAud+YUw7XWYWjy60kjlZdkbKwrL/Cg4dxWY8Cc7v42Ve7aADgSEpEhwo5rHxM3JSVHHHunfC6y+/Qin26wQZhF1w+d8/yqSaJidx6FsDSipGCJtXa9liIG7oG2vUlmYm4rE,iv:d/AFzPAJGSGv1WzQY4+p8mImFoWKkaoMRtIBNAYiU0E=,tag:mdE/e2VX5zdrFT43NZaYNQ==,type:str] act-runner-token: ENC[AES256_GCM,data:QEiYYYg8fZQIwVPT+vG2Eo8JO9y5PgVJBm5E1UlujANigQKvVkhPbVtulIB1Fg==,iv:V88x7xqYlbZuawPFU824bZtvM/b44BBVIjhnmtdYCwo=,tag:PgQcH1nkRpHCiBBMCSXfxg==,type:str] @@ -9,10 +10,6 @@ gitlab-otp-key-base: ENC[AES256_GCM,data:3LGpjpqaQdeO7v3waFCZDVVKtgXl3h0N/XiBcql gitlab-jws-key-pem: ENC[AES256_GCM,data:LUyY4Ri2Ky7LRnx5azAM6xCMolZbBskHQIwBax3wwOy8QROP5tsK+ABZYVkPNjmooNrdSBECjBfy//TI4qauYJoresMK0rnQbwJQSAmmMmDHxBT7Qt0oY2sUZ2Ohf2mx2lsmzCCesJX2mXOKyOQR/P4xmrGcE64km5e9q6wU3wkKECg72BCpUAIOkpDHtq6f87rtGSKnXLjXItw7A6IuK75s0nGJUH6zomocuWPbNVE44QAfR1Ib2UZrl1Vk20hQWhAaAZajYrGIshaHKvm0K+DpgMu7qca0HNV1fKtcuMM5s2XXpUZS97pHBXjhdGigHQ+zPm4paajQqtffXUdiO7vui+kNW/p+gCON3dmYEMXv35Q/VpinVhahnNM7y3xKIHTl2O1jdUtwJLWeBTfiul2dt/143wIsasr0qW3lx4eSmg8oKK6CJsA6Ujbo5w5Oifso5MMxKJ7kQzcVNAHM2sWn9b2G8iVZ/o1158CMv1Sz5zhfintIwoTjbcOOrk3Njchcq8RVGRaE4A0hdPLFk+MNFw3CenZNe5aBY/1sOFoL4r6GGl5p+1Bvjm84OHDbXvSaA/tBVDvjw3LXLi5OTHlahcdMrxVhMxy4OY7A5EKfrN0KkoSYg3U8nw7fcgI9bUgp53H0mQafGHY+2I9b7k6o3v6kbYy8TyPrk06tBOISj3MwO9S4GT195i5sI9NMQwE2pOl1gzWXa4wBoLHu8zWWr1UHuQLbfH9ipbVehB2uwp7LU6xm5PIW43S9zcAOMM/p3cFLjSc/qBeSktvetzw9ucFeCOm9eTuq8fgImd+DzzwGkHy7mFJJQE/dvV4yAbNiGHDqlBMYuwxd3vdKCVcGCH3cBveusXILj53QL3FKAHFaoASKpgFCWD1BrBeLwhb3kdZqtTacS9EEqUxG1jzURcpA3vJVG62vKbcZ0GWuZvDlYh+EwEGcAEQWeP3impO1kn77TU3st+ZcUP7HINB+n4WRxCNvI67T6rfAtr/s7+8oGZLiD+1wtSip7to7rbHAj8ZiMDN1r5EGnelGfPpohRTrapIfwHu3mIHYceEdywqe2odY+MrUrMUuFgVaXgIN4xGMyiHhW3IKPVHT5ujJU/Qqark/9wiXAMBiDVHxHdJK/xeYq18hIYqXImdqMaK1nzZYa2rUnRWuFZnZELuiuvaYs6VumF8NJKhBamzjiQt4JdohQIzln8nqkA5Qf3pWGitmMDXp7FlbRQgPh84V/sBE+2aur1oLAPAa07oarOsjXity3eUhCjdwtgLIcCGph+8/srFy7BcYR6bu+qIEesaxBKw1HEGWkPctMk8bW8iYqgP3BmGru6SQqDPofISBxRJWhjrrrd3plmk9vBv8xcVehZ6nrCbvsgIku3kIqaBbbHTXCCoJeKm6aHkOkt+YCPEsroAONz3gYG4FwRKTeIh2ICqmqK0JjYj6jHVXUubOVwFTlEfrj4lr8hBNpIzAdIprzh5jCsSVjkBSrQqKcpNAB2oQReAZqxnnqCVfjc7LotagSvsPeuan5h3sx/RikqrK47EvpDk6QguoCOBO43yyBx9uGW8pmyvytR+6LzGQA2WS2o8mQyDxGsnfVO5iCY8e9XRWvoF4srjzFe1Zu/2ah7VaDpe8302PUV8oh6l1gFi9NAq7tkD3qAdvE8X7TEnN0bcXsDte80zjpY+pVdsvWpTU8ojl0YeHkuqeCijJ+iikJCbwwhYDE3DsiDvPH39O+twaTLjQ/9tAQiOOrVWrU3dXilqcBY41qsbCbtKquRv6wu6Wh4mSJnRDYqQUYDMLFMr5i0xqVK6nwx1sDecJ7iRCOI0gHsu2AquzK1KQ4dv3zkiXmRbeWgntKu8PnLhz4S4sj055DH/Lo5OxfKhkcZV2g3awThLzKGd8NTtR9oiqKuIOrLsqd0UzfWMIWP4BCeKcTi9FV359uhUO646/Fon65vbqu3Ej32ueA/4D10a2cFnk9aO3EFlihMS6XSENPbkXafrQsNleZJvd267RpprVDxQFGmASEU1sMcoPVY481OeDcQPb+xq4spUc0TpsU249yYXjrzclzx9pluwpQy6/pxH+eACybqHg3OixPxfKhoYwJ+nCdoQWRHA53thU4VcCnVbInESE9hs0OfxCuA4XkTFIxn93T8VrPiIAQZlTdd4mEW/8zlWPbwZMJAIuFgPpd3hRhch9mC19wpM/AxBoVKEy63kPRv7AHhBITXXLJJa6cLybxF/ioj3w81vFHzsMiBbSM/I9B2SINidvtI/NuWEx2/EdRL29ahKbmXkGLZ0eUUp0Vci1FFZkV+4gR6W5HQDHc34Upxgd0q8FEgmw3MT+QMaDSVZ4DNT207sHFQgcpfuXzjioA2DDG62qa7HXinm0brCIIq0qpmtavIMFS+ycqqUGO4fSA/LAQT6AvzV51gC84cU1pMgW5bjFq9MlNC+kGp4VGS34Dv1QxuUFepgQGMQgqpStNIB25QSVo8R59+8PmhZTT8jl0j5Vx7fhDJNnIsvN+0EcbITlB4CXjW5T5O+ju8uFELeavxm0imYYIdVnrT4MRZrIn8+yIxqZhLv5SF3ZtKZOb2Ij/R4CePWjrVoRU1Uzo04MZOYz3q9Fv+P2fnZVJB725tTehLUWy423ARQtFarB6REoaTY58z5ggoHrNW/Pb8JpS8kNsSS+PtSGP1NLcLtAlBXjt1TfyrLMBfatu13ww70yS/4CGok1GmLIhE5NVdM1xcUvhvNqnY6UpALcwrRr4jUTR9pH81Cb7i2YwduGbfvdn0I+BwauAhArlI3n8Z88lbqMJ3/OPHbDq9DvD9hGH1qZrj7WaX8Fd22u3F3cxAOusOv7to3pjhG4IZQYaV5WMc1WtOspowG7O5R2ZHxLJR2o05VJde9dGI79WJcLhIcm7rETGFm2iHc/X4PqsZKFHXqNWJDlYW+K2uwZXHO0m2XpF1pkHu8iCdEIofxfFT3LGPq6iUxCCXifj3pC+FPA/1F+fxAJp8TkE3ATrZu2hdAhZgmG1Q/2AQo4aZiaTc6oQhnXwheuIpF0XAzgtnMPRlHkEoxr+NdjSpPbSuEWDN3lAC4ZSa5hF03No+9nQmuPVl+k9hdch+rd+iIih/MB3MTqMm6E11wk/Nj09BJnhiudTo0htSo2rFOLhWz9GsHauxwONWTzpFsJzp3US8DtZXQQ+UDAASmAyJharVrfhY/vyD7JXeakAqWMcP5oFzAZwzmQS2lrg/DMT9fXvPNCUGPvwcGeYqm0403OItOQInysdh1pugwlERNBSbaP4EfA0KIH9SyjuOBz23rEKI1CZPrzRCUTRSDLJFvIuYzlsZ/+s0bhvvyuKonKU+28DQBUYdV1T9cTFRei0Y1LDPuicutzT4wCNKCg/8iqqH6jWHVHhy9U/So6AZBqvMZSvAwdn5vCUuc0KcB7VgA5OKE6Dmt5NF8daoRpzSNECWNEhiTHd6T+9Ktbriae66mfrO0QbFn92NJT4xunreRsmXnUQKb1Rsboswzy6bDHucgFHBY2GiP95ckw17MxTDLwi4nym/tR2XG7ml2iseTwByraFhX8DTPNMu5d8pgi0SfI4bwxwXdLW4kpFXaH3nbkgal5MkfkdWKH8ve+fXozQm9hkiFH3rYNYlXzgPm0pPZVZCh9+xIbnbKjVT9/22iNwu1XIzIDh2soo9/FX9yN+VwCZHwtOJ0qUSk6SP3ts1a6Q1v2K6etfDGzfbQXlT7TC2/imW+ifF60+k2KepaYeqRSG7tDtc+QATg7d7arNBYKB1pDaVId6jeO6oa72KZ1UH08ypGjH6lwFnqWRC2p+hXDTpq0yLg4c+0cHmIxtcSDDdlIFFkXkjp84OZ0ciZ4c8zFVMulFDzHndeOx72Dv+uf8MSq6w4Aqq9bO4v+7U62oI0sFo6IHzVUVVWVxo8KY44w60JP0iKDdy3LoKm2MA+bfIiaZYHEqkv3LDf17ng290aerGKemDPdO0fNTb8jHKklwbxs7q6YabZOuOwccB5losdXjhWzprCq2vYDSLiQHlPuCF5RNd86PvUhTbMhhDotU92TdwO5QxMqQjw3pdoEBTgq5gY7YMBpu/iMxMjmMaghI++R46CZ/a1od75kTtRF886Fl8IZHxOpVnTyJIfAM0cCQQaMiGG6SewMWpgJ7P8+0wsow9WIsfEZfzGST7AVA+Rqnsoz6i5XhUu0GtolftefpKwWoWzXGnClPx1B/jo7Ev6QpVw7a/5tMF8be5y7J2Yiz+Et49nAGrih9RCGIqgpofT2Ez6xm+XNBqB7ZKHTYorlHW1oHbBLn53+yv6TR7wf4kfMRGaRzzCigl2gyukaKVsHymkV2AwNHnraA6+AXIU=,iv:/+l13lQ/8tvLt+SHO03H8dBsUyoIDVhfas1v2n1RYPc=,tag:3Q91nWeZT8PQo/EWq8/6DQ==,type:str] gitlab-runner-authentication-file: ENC[AES256_GCM,data:M0dn62YNywEs08eHM0EcLJJfldsqlxrdeyJJSzp7yS3EO1umQPoPrlNnrZpwjLH2EDyMP81M/S5kPoR70ckB0LYt4w2d7Iao+6/WCvIGrhhN5WPejvg=,iv:qopX16X0dfrzjQ1vMuxWIouV96dig70iDU6dX4Y4Lc0=,tag:ZVac+M3OyMtLbJWM/1CPMA==,type:str] sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] age: - recipient: age12u7ayy2q5dps2pcpc6z7962pz07jxv3tt03hna6jyumlu4fdjvtqdg2n3e enc: | @@ -23,8 +20,8 @@ sops: V1h2NGxyNVc3WnF2ZFBpQm1oK1AzeGcK4GoD2E8nwOl/WKtgMgs0Y1Q8abRX4mpy GdHGDQUWvySCisJo4JXsooYkLjOyKvir+vcVbX4nDd4L1W2OMULkrg== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-03-31T16:36:04Z" - mac: ENC[AES256_GCM,data:+oNkJqe4S4W6Z5HlfxKxaPm8yKDh7QkYKFL1KthNNjSjGQma5HIJdsbXwK4NSUV3cMrHQpbv3b8KPXx2ActX6bHNM4LF9yhivhAUJ2RMJlSEgbV561SE7r8dZ4q/qfby3E+X8RCc4UroY94jW9tSZP+/4fFk1kLkoUnWqpI6RNE=,iv:TP0XbowklPEbyGQEPSExU8bb+pY5L3HLHQPUOaXeao0=,tag:ePsaHyu7uQI2pcU6/fmK9A==,type:str] + lastmodified: "2025-04-05T16:20:30Z" + mac: ENC[AES256_GCM,data:eofNTFKPcT8oyhhjyEXtoLsNpaXZh+cinYARB6+cgNQiDSmrT4nO8V4VS6EWcL6RAqGLtd0UkEhHJN05JMrwyS3teCeC+/2opqJa0XN8OeYZSSUfDEW5ilN7Ms7UW1+2N/7FkJgvEkpAA08HCUoDdruRb0HPYG74RmTy2Q2Wz/Q=,iv:Nffwz6l1qBHvsMri3JhNY1xJqgcB/LGjZ6tDQeG8n50=,tag:/LDX2/MWvpaLwfJuqZ0zQQ==,type:str] pgp: - created_at: "2024-01-25T11:10:44Z" enc: |- @@ -39,4 +36,4 @@ sops: -----END PGP MESSAGE----- fp: 5FA64909521A5C85992F26E0F819AEFF941BB849 unencrypted_suffix: _unencrypted - version: 3.9.4 + version: 3.10.1 diff --git a/outputs.nix b/outputs.nix index b6e21c9..1b378e3 100644 --- a/outputs.nix +++ b/outputs.nix @@ -2,7 +2,6 @@ self, flake-utils, nixpkgs, - deploy, home-manager, ... } @ inputs: @@ -12,7 +11,6 @@ in { packages = import ./pkgs {inherit pkgs;}; devShell = pkgs.callPackage ./shell.nix { - # inherit (deploy.packages.${system}) deploy-rs; inherit (home-manager.packages.${system}) home-manager; }; @@ -44,18 +42,4 @@ in { imports = value._module.args.modules; }) self.nixosConfigurations; - - # deploy.nodes = - # builtins.mapAttrs (name: value: { - # hostname = value.config.remote.ip; - # profiles.system = { - # sshUser = value.config.remote.sshUser; - # sshOpts = ["-p" (builtins.toString value.config.remote.sshPort)]; - # remoteBuild = value.config.remote.remoteBuild; - # path = deploy.lib.x86_64-linux.activate.nixos value; - # }; - # }) - # self.nixosConfigurations; - - # checks = builtins.mapAttrs (system: deployLib: deployLib.deployChecks self.deploy) deploy.lib; } diff --git a/renovate.json b/renovate.json index 63d9d79..4d2cb16 100644 --- a/renovate.json +++ b/renovate.json @@ -5,7 +5,7 @@ "lockFileMaintenance": { "enabled": true, "schedule": [ - "at any time" + "0 10 * * 0" ] }, "automerge": true diff --git a/shell.nix b/shell.nix index eb5b575..0144c6c 100644 --- a/shell.nix +++ b/shell.nix @@ -2,8 +2,6 @@ mkShell, sops, colmena, - # deploy-rs, - nixpkgs-fmt, nil, alejandra, home-manager, @@ -12,8 +10,6 @@ mkShell { nativeBuildInputs = [ sops colmena - # deploy-rs - nixpkgs-fmt nil alejandra home-manager