Faris/nixos
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

merge into: Faris:main
Branches Tags
Faris:main
Faris:master
...
pull from: Faris:master
Branches Tags
Faris:master
Faris:main

No commits in common. "main" and "master" have entirely different histories.
main ... master

33 changed files with 798 additions and 159 deletions
Show Stats Expand all files Collapse all files

1
config/common.nix
View File

@ -148,6 +148,7 @@
tree
p7zip
inetutils # telnet
wl-clipboard # clipboard for vim
# media
yt-dlp

6
config/desktop.nix
View File

@ -301,7 +301,7 @@
# this line prevents hanging on network split
automount_opts = "x-systemd.automount,noauto,x-systemd.idle-timeout=60,x-systemd.device-timeout=5s,x-systemd.mount-timeout=5s";
in ["${automount_opts},credentials=/etc/nixos/smb-credentials,uid=1000,gid=1000"];
in ["${automount_opts},username=admin,password=Ch19blizz9,uid=1000,gid=1000"];
};
fileSystems."/mnt/services" = {
device = "//192.168.0.30/services";
@ -310,7 +310,7 @@
# this line prevents hanging on network split
automount_opts = "x-systemd.automount,noauto,x-systemd.idle-timeout=60,x-systemd.device-timeout=5s,x-systemd.mount-timeout=5s";
in ["${automount_opts},credentials=/etc/nixos/smb-credentials,uid=1000,gid=1000"];
in ["${automount_opts},username=admin,password=Ch19blizz9,uid=1000,gid=1000"];
};
fileSystems."/mnt/data" = {
device = "//192.168.0.30/data";
@ -319,7 +319,7 @@
# this line prevents hanging on network split
automount_opts = "x-systemd.automount,noauto,x-systemd.idle-timeout=60,x-systemd.device-timeout=5s,x-systemd.mount-timeout=5s";
in ["${automount_opts},credentials=/etc/nixos/smb-credentials,uid=1000,gid=1000"];
in ["${automount_opts},username=admin,password=Ch19blizz9,uid=1000,gid=1000"];
};
programs.virt-manager.enable = true;

5
flake.nix
View File

@ -2,11 +2,16 @@
description = "A very basic flake";
inputs = {
agenix.url = "github:ryantm/agenix";
nixpkgs.url = "github:nixos/nixpkgs/nixos-25.11";
nixpkgs-unstable.url = "github:nixos/nixpkgs/nixpkgs-unstable";
nixos-hardware.url = "github:nixos/nixos-hardware/master";
home-manager.url = "github:nix-community/home-manager/release-25.11";
home-manager.inputs.nixpkgs.follows = "nixpkgs";
nix-cachyos-kernel.url = "github:xddxdd/nix-cachyos-kernel/release";
nix-cachyos-kernel.inputs.nixpkgs.follows = "nixpkgs";
nix-citizen.url = "github:LovingMelody/nix-citizen";
};
outputs =

2
home/common.nix
View File

@ -45,7 +45,7 @@
historyLimit = 10000;
mouse = true;
extraConfig = ''
set -s set-clipboard on
'';
};

7
home/desktop.nix
View File

@ -10,6 +10,13 @@
# ];
# };
anki = {
enable = true;
sync = {
url = "http://192.168.0.30:27701";
};
};
mpv = {
enable = true;

368
home/podman.nix
View File

@ -6,6 +6,30 @@
}:
{
systemd.user.services.podman-prune = {
Unit = {
Description = "Prune unused Podman resources for admin user";
};
Service = {
Type = "oneshot";
ExecStart = "${pkgs.podman}/bin/podman system prune -f --all";
};
};
systemd.user.timers.podman-prune = {
Unit = {
Description = "Weekly Podman prune timer";
};
Timer = {
OnCalendar = "weekly";
Persistent = true;
};
Install = {
WantedBy = [ "timers.target" ];
};
};
services.podman.networks = {
internal_net = {
driver = "bridge";
@ -57,6 +81,50 @@
};
};
# akaunting = {
# image = "docker.io/akaunting/akaunting:latest";
# autoStart = true;
# autoUpdate = "registry";
# network = "internal_net";
# environmentFile = [
# "/pool/services/secrets/default"
# "/pool/services/secrets/akaunting"
# ];
# volumes = [
# "/pool/services/podman/akaunting/data:/var/www/html/akaunting"
# ];
# ports = [
# "8003:80"
# ];
# extraConfig = {
# Service = {
# TimeoutStartSec = 900;
# };
# };
# };
#
# akaunting-db = {
# image = "docker.io/mariadb:latest";
# autoStart = true;
# autoUpdate = "registry";
# network = "internal_net";
# environmentFile = [
# "/pool/services/secrets/default"
# "/pool/services/secrets/akaunting"
# ];
# volumes = [
# "/pool/services/podman/akaunting/db:/var/lib/mysql"
# ];
# ports = [
# "3307:3306"
# ];
# extraConfig = {
# Service = {
# TimeoutStartSec = 900;
# };
# };
# };
archivebox = {
image = "docker.io/archivebox/archivebox:latest";
autoStart = true;
@ -94,75 +162,6 @@
};
};
};
authentik-server = {
image = "ghcr.io/goauthentik/server:2026.2.1";
autoStart = true;
autoUpdate = "registry";
network = "internal_net";
exec = "server";
environmentFile = [
"/pool/services/secrets/default"
"/pool/services/secrets/authentik"
];
volumes = [
"/pool/services/podman/authentik/data:/data"
"/pool/services/podman/authentik/certs:/certs"
"/pool/services/podman/authentik/templates:/templates"
];
extraPodmanArgs = [
"--shm-size=256m"
];
extraConfig = {
Service = {
TimeoutStartSec = 900;
};
};
};
authentik-postgresql = {
image = "docker.io/postgres:16-alpine";
autoStart = true;
autoUpdate = "registry";
network = "internal_net";
environmentFile = [
"/pool/services/secrets/default"
"/pool/services/secrets/authentik"
];
volumes = [
"/pool/services/podman/authentik/db:/var/lib/postgresql/data"
];
extraConfig = {
Service = {
TimeoutStartSec = 900;
};
};
};
authentik-worker = {
image = "ghcr.io/goauthentik/server:2026.2.1";
autoStart = true;
autoUpdate = "registry";
network = "internal_net";
exec = "worker";
environmentFile = [
"/pool/services/secrets/default"
"/pool/services/secrets/authentik"
];
volumes = [
"/pool/services/podman/authentik/data:/data"
"/pool/services/podman/authentik/certs:/certs"
"/pool/services/podman/authentik/templates:/templates"
];
extraPodmanArgs = [
"--shm-size=256m"
];
extraConfig = {
Service = {
TimeoutStartSec = 900;
};
};
};
caddy-local = {
image = "ghcr.io/caddybuilds/caddy-cloudflare:latest";
autoStart = true;
@ -188,6 +187,25 @@
};
};
cleanuparr = {
image = "ghcr.io/cleanuparr/cleanuparr:latest";
autoStart = true;
autoUpdate = "registry";
network = "internal_net";
environmentFile = [
"/pool/services/secrets/default"
];
volumes = [
"/pool/services/podman/cleanuparr:/config"
"/pool/media/torrents:/downloads"
];
extraConfig = {
Service = {
TimeoutStartSec = 900;
};
};
};
bazarr = {
image = "lscr.io/linuxserver/bazarr:latest";
autoStart = true;
@ -253,10 +271,14 @@
autoStart = true;
autoUpdate = "registry";
network = "internal_net";
environmentFile = [
"/pool/services/secrets/default"
"/pool/services/secrets/freshrss"
];
environment = {
OIDC_ENABLED="1";
OIDC_PROVIDER_METADATA_URL="https://authentik.mektem.com/application/o/fresh-rss/.well-known/openid-configuration";
OIDC_CLIENT_ID="PsqRnVLTezIKL7582E8pnKNFIF0W41kVyMhh4RoG";
OIDC_CLIENT_SECRET="h1XsvbUcRn33rq7qBBS0GUENEgn6zTJQeHpVPhzcqG4ekdwlCghIn1ALhydYXF1pfS8HaskM3KntHXDTC8a7athLxLzT95Gxr8OpvN9iOY75pUXrNnLJXUrY9o4qKM7m";
OIDC_X_FORWARDED_HEADERS="X-Forwarded-Port X-Forwarded-Proto X-Forwarded-Host";
OIDC_SCOPES="openid email profile";
};
volumes = [
"/pool/services/podman/freshrss:/config"
];
@ -403,6 +425,9 @@
volumes = [
"/pool/services/podman/immich/db:/var/lib/postgresql/data:z"
];
ports = [
"5433:5432"
];
userNS = "keep-id";
extraConfig = {
Service = {
@ -423,6 +448,9 @@
volumes = [
"/pool/services/podman/immich/cache:/cache"
];
ports = [
"3003:3003"
];
extraConfig = {
Service = {
TimeoutStartSec = 900;
@ -439,6 +467,9 @@
"/pool/services/secrets/default"
"/pool/services/secrets/immich"
];
ports = [
"6379:6379"
];
extraConfig = {
Service = {
TimeoutStartSec = 900;
@ -508,6 +539,47 @@
};
};
# joplin = {
# image = "docker.io/joplin/server:latest";
# autoStart = true;
# autoUpdate = "registry";
# network = "internal_net";
# environmentFile = [
# "/pool/services/secrets/default"
# "/pool/services/secrets/joplin"
# ];
# ports = [
# "22300:22300"
# ];
# extraConfig = {
# Service = {
# TimeoutStartSec = 900;
# };
# };
# };
#
# joplin-db = {
# image = "docker.io/postgres:15";
# autoStart = true;
# autoUpdate = "registry";
# network = "internal_net";
# environmentFile = [
# "/pool/services/secrets/default"
# "/pool/services/secrets/joplin"
# ];
# volumes = [
# "/pool/services/podman/joplin-db:/var/lib/postgresql/data"
# ];
# ports = [
# "5432:5432"
# ];
# extraConfig = {
# Service = {
# TimeoutStartSec = 900;
# };
# };
# };
kiwix = {
image = "ghcr.io/kiwix/kiwix-serve:latest";
autoStart = true;
@ -567,6 +639,71 @@
};
};
# mastodon = {
# image = "ghcr.io/linuxserver/mastodon:amd64-latest";
# autoStart = true;
# autoUpdate = "registry";
# network = "internal_net";
# environmentFile = [
# "/pool/services/secrets/default"
# "/pool/services/secrets/mastodon"
# ];
# volumes = [
# "/pool/services/podman/mastodon/config:/config"
# ];
# ports = [
# "808:80"
# "8449:443"
# "3009:3000"
# ];
# extraConfig = {
# Service = {
# TimeoutStartSec = 900;
# };
# };
# };
#
# mastodon-db = {
# image = "docker.io/postgres:16-alpine";
# autoStart = true;
# autoUpdate = "registry";
# network = "internal_net";
# environmentFile = [
# "/pool/services/secrets/default"
# "/pool/services/secrets/mastodon-db"
# ];
# volumes = [
# "/pool/services/podman/mastodon/db:/var/lib/postgresql/data"
# ];
# ports = [
# "5435:5432"
# ];
# extraConfig = {
# Service = {
# TimeoutStartSec = 900;
# };
# };
# };
#
# mastodon-redis = {
# image = "registry.hub.docker.com/library/redis:6.2-alpine";
# autoStart = true;
# autoUpdate = "registry";
# network = "internal_net";
# environmentFile = [
# "/pool/services/secrets/default"
# ];
# ports = [
# "6382:6379"
# ];
# extraConfig = {
# Service = {
# TimeoutStartSec = 900;
# };
# };
# };
metube = {
image = "ghcr.io/alexta69/metube:latest";
autoStart = true;
@ -623,6 +760,88 @@
# };
# };
#nginx-proxy-manager = {
# image = "docker.io/jc21/nginx-proxy-manager:2.9.22";
# autoStart = true;
# autoUpdate = "registry";
# network = "internal_net";
# environmentFile = [
# "/pool/services/secrets/default"
# ];
# volumes = [
# "/pool/services/podman/nginx-proxy-manager:/data"
# "/pool/services/podman/letsencrypt:/etc/letsencrypt"
# ];
# ports = [
# "80:80"
# "443:443"
# "81:81"
# ];
# extraConfig = {
# Service = {
# TimeoutStartSec = 900;
# };
# };
#};
nextcloud = {
image = "docker.io/nextcloud";
autoStart = true;
autoUpdate = "registry";
network = "internal_net";
environmentFile = [
"/pool/services/secrets/default"
"/pool/services/secrets/nextcloud"
];
volumes = [
"/pool/services/podman/nextcloud/app:/var/www/html"
];
extraConfig = {
Service = {
TimeoutStartSec = 900;
};
};
};
nextcloud-db = {
image = "docker.io/mariadb:10.6";
autoStart = true;
autoUpdate = "registry";
network = "internal_net";
exec = "--transaction-isolation=READ-COMMITTED --log-bin=binlog --binlog-format=ROW";
environmentFile = [
"/pool/services/secrets/default"
"/pool/services/secrets/nextcloud"
];
volumes = [
"/pool/services/podman/nextcloud/db:/var/lib/mysql"
];
extraConfig = {
Service = {
TimeoutStartSec = 900;
};
};
};
ntfy = {
image = "docker.io/binwiederhier/ntfy";
autoStart = true;
autoUpdate = "registry";
network = "internal_net";
exec = "serve";
environmentFile = [
"/pool/services/secrets/default"
"/pool/services/secrets/ntfy"
];
volumes = [
"/pool/services/podman/ntfy:/var/lib/ntfy"
];
extraConfig = {
Service = {
TimeoutStartSec = 900;
};
};
};
ntp = {
image = "docker.io/cturra/ntp";
autoStart = true;
@ -631,6 +850,9 @@
environmentFile = [
"/pool/services/secrets/default"
];
ports = [
"123:123/udp"
];
extraConfig = {
Service = {
TimeoutStartSec = 900;

38
hosts/desktop/settings.nix
View File

@ -24,6 +24,12 @@ services.displayManager.sddm.enable = true;
];
};
#fileSystems."/run/media/admin/08cabc7a-9a6e-4c21-8a07-6663af77b705" = {
# device = "/dev/08cabc7a-9a6e-4c21-8a07-6663af77b705";
# fsType = "ext4";
# options = ["rw,nosuid,nodev,relatime,errors=remount-ro"];
# };
networking = {
hostName = "nixos-desktop";
interfaces.enp42s0 = {
@ -51,22 +57,50 @@ services.displayManager.sddm.enable = true;
package = config.boot.kernelPackages.nvidiaPackages.stable;
};
# this fixes the sleep/wake issue
# this fixes the sleep/wake issue FUCK NVIDIA
# systemd.services."systemd-suspend" = {
# serviceConfig = {
# Environment = ''"SYSTEMD_SLEEP_FREEZE_USER_SESSIONS=false"'';
# };
# };
# fixes hardware accel on nvidia open
# fixes hardware accel on nvidia open FUCK NVIDIA
hardware.graphics.extraPackages = [
pkgs.nvidia-vaapi-driver
];
systemd.user.services.reset-gnome-idle-on-resume = {
description = "Reset GNOME idle timer after resume";
after = [ "suspend.target" ];
wantedBy = [ "suspend.target" ];
environment = {
DBUS_SESSION_BUS_ADDRESS = "unix:path=/run/user/1000/bus";
};
script = ''
sleep 3
# Tell gnome-session we have user activity
${pkgs.dbus}/bin/dbus-send \
--session \
--dest=org.gnome.Mutter.IdleMonitor \
/org/gnome/Mutter/IdleMonitor/Core \
org.gnome.Mutter.IdleMonitor.ResetIdleTime
'';
serviceConfig = {
Type = "oneshot";
User = "admin";
};
};
environment.variables = {
NVD_BACKEND = "direct";
LIBVA_DRIVER_NAME = "nvidia";
};
# cachyos kernel
# nixpkgs.overlays = [ inputs.nix-cachyos-kernel.overlays.pinned ];
# boot.kernelPackages = pkgs.cachyosKernels.linuxPackages-cachyos-latest;
# nix.settings.substituters = [ "https://attic.xuyh0120.win/lantian" ];
# nix.settings.trusted-public-keys = [ "lantian:EeAUQ+W+6r7EtwnmYjeVwx5kOGEBpjlBfPlzGlTNvHc=" ];
system.stateVersion = "24.11";
}

100
hosts/server/settings.nix
View File

@ -59,6 +59,21 @@ systemd.services.podman-network-vlan50 = {
};
users.users.admin.linger = true;
#services.xserver.videoDrivers = [ "nvidia" ];
# hardware = {
# graphics.enable = true;
# nvidia = {
# modesetting.enable = true;
# powerManagement.enable = true;
# powerManagement.finegrained = false;
# open = false;
# nvidiaSettings = false;
# package = config.boot.kernelPackages.nvidiaPackages.stable;
# };
# nvidia-container-toolkit.enable = true;
# };
hardware.graphics = {
enable = true;
enable32Bit = true; # only needed if you run 32-bit apps
@ -138,6 +153,7 @@ systemd.services.podman-network-vlan50 = {
boot.supportedFilesystems = [ "zfs" ];
boot.zfs.forceImportRoot = false;
boot.zfs.extraPools = [ "pool" ];
#environment.etc."zfs/keys/pool.key".source = config.age.secrets."zfs/pool.key".path;
services.zfs.autoScrub = {
enable = true;
@ -146,45 +162,15 @@ systemd.services.podman-network-vlan50 = {
services.smartd = {
enable = true;
notifications = {
mail.enable = true;
mail.recipient = "faris@mektem.com";
};
#devices = [ "DEVICESCAN -a" ]; # autodetect all drives
};
programs.msmtp = {
enable = true;
accounts.default = {
auth = true;
tls = true;
host = "smtp.protonmail.ch";
port = 587;
from = "faris@mektem.com";
user = "faris@mektem.com";
passwordeval = "cat /pool/services/secrets/mail.txt";
};
};
environment.etc."zfs/zed-notify.sh" = {
mode = "0755";
text = ''
#!/bin/sh
# ZED calls: ZED_EMAIL_PROG "subject" "recipient"
SUBJECT="$1"
TO="$2"
(echo "Subject: $SUBJECT"; echo "To: $TO"; echo ""; cat) | \
${pkgs.msmtp}/bin/msmtp "$TO"
'';
};
services.zfs.zed = {
enableMail = true;
settings = {
ZED_EMAIL_ADDR = [ "faris@mektem.com" ];
ZED_EMAIL_PROG = "/etc/zfs/zed-notify.sh"; # Or ssmtp
ZED_EMAIL_OPTS = "";
ZED_NOTIFY_INTERVAL_SECS = 3600;
ZED_NTFY_URL="https://ntfy.mektem.com";
ZED_NTFY_TOPIC="zfs";
ZED_NTFY_ACCESS_TOKEN="tk_gtjia7itxhg1qik7j58wkgey2parr";
ZED_NOTIFY_INTERVAL_SECS = 1;
ZED_NOTIFY_VERBOSE = true; # Set to false to only get alerts on degradation
};
};
@ -274,29 +260,6 @@ systemd.services.podman-network-vlan50 = {
# };
};
# headscale = {
# image = "docker.io/headscale/headscale:stable";
# autoStart = true;
# #utoUpdate = "registry";
# networks = [ "vlan50" ];
# cmd = [ "serve" ];
# environmentFiles = [
# "/pool/services/secrets/default"
# ];
# volumes = [
# "/pool/services/podman/headscale/config:/etc/headscale:ro"
# "/pool/services/podman/headscale/lib:/var/lib/headscale"
# ];
# extraOptions = [
# "--ip=192.168.50.38"
# ];
# #extraConfig = {
# # Service = {
# # TimeoutStartSec = 900;
# # };
# ##};
# };
matrix = {
image = "ghcr.io/element-hq/synapse";
autoStart = true;
@ -342,29 +305,6 @@ systemd.services.podman-network-vlan50 = {
# };
};
ntfy = {
image = "docker.io/binwiederhier/ntfy";
autoStart = true;
#autoUpdate = "registry";
networks = [ "vlan50" ];
cmd = [ "serve" ];
environmentFiles = [
"/pool/services/secrets/default"
"/pool/services/secrets/ntfy"
];
volumes = [
"/pool/services/podman/ntfy:/var/lib/ntfy"
];
extraOptions = [
"--ip=192.168.50.35"
];
# extraConfig = {
# Service = {
# TimeoutStartSec = 900;
# };
# };
};
privatebin = {
image = "docker.io/privatebin/nginx-fpm-alpine:latest";
autoStart = true;

6
secrets/podman/archivebox.age Normal file
View File

@ -0,0 +1,6 @@
age-encryption.org/v1
-> ssh-ed25519 XBJw1w YrkLsFjR7+oYed3CT1NTy2pAFdB5R5zdxKO7mALhGxI
Mf+GTmElPO7u0t0btC6OQPvYsOZK55V3U/kXy1Q5DoE
--- PBhiiGF8DyW6h8xHM9nbKc8Hy6gdwSXL4KHLegbVrOY
Z¡Ü
w”âx¿ô]Šq¯bI ·è4òÄÈé>AÙÝ·3l9üô M¶jrT#—` îÂ…¶£·Ç®Ç£)Å܉–½Ôîô‚ÞåÔÿvtM<74>ÚËd´ôµÃ¹4•p‡\<Š»ê±ÇŠrÊ»Õ9<ÌóU ÞÞš4¤ZŒ-€ ˜ùÎØø °'¼7âK~W)¦lwЭZg¨_ÊäWjmˆ

6
secrets/podman/default.age Normal file
View File

@ -0,0 +1,6 @@
age-encryption.org/v1
-> ssh-ed25519 XBJw1w pV0hcqdF8HNjmPqhNZcNNpYct2gjChqMIt3T2V4pbg4
h99ssWIwfePRODbgKsgxTiSQRYPxSU6ALJYKBE4uYSM
--- F3f51NlLMKQXb2QKjX5IlCpaK6y6Tc3neFL5yGQuaQs
ÅÊ °VºÒIÒu²cGÌ;  Óy]=tóxý>t:¹.-QØ¢w~nˆ"ÚææñÓiÕ@k bšH
}Ì¥

7
secrets/podman/frigate.age Normal file
View File

@ -0,0 +1,7 @@
age-encryption.org/v1
-> ssh-ed25519 XBJw1w CPGMAFD2JqqasZ2zBXeYjcKDMmjRvvQn0p1T4WzgzTQ
g2Pg6kOnlRAUMtRO9bVFRukNoKJX9ZoDypcqCrBfsOI
--- t9bhlp4c+srjytHQtjfoPoLkSRMhz8+UN/Uh2mcs9GI
<EFBFBD>˜\ìþæY ¡Cè½gÏõO6È­o6ö<07><>HÓÞè‰
˜ù„û¶7ÞÛuÿlŒâê
®Ÿ¤Œ¡øóëp²h2Ó÷Ó|Ûßmª¡tQ<>XXv u ¼ÿcdF

BIN
secrets/podman/gitea.age Normal file
View File

Binary file not shown.

BIN
secrets/podman/immich.age Normal file
View File

Binary file not shown.

5
secrets/podman/joplin.age Normal file
View File

@ -0,0 +1,5 @@
age-encryption.org/v1
-> ssh-ed25519 XBJw1w IRiClsh/t9oYx54GwyzXiXGhafCQsoAqhX3KYd1MLAU
Q30hHqH+rrFvTxKQp3/6e0IrGs8UEt7Q3ukhzYDilBg
--- 7zos7CO/1R0oM3Po32TdtT2vn+0dZNuwXimY5oCTw6E
Ùr0ˆT¡D9æu)ìMÑ«ÉU¼35}ïɘWÑ4 ,<2C> Ö`4÷C¾6<<3C>J%ºÕiíÙ<C3AD>31ܯîÙYéb‰\ű¸Q°/aŒ­ê©L” ’ÇÈËák¿Võr,;ߤñ<aÀªT`ø9E†nÙP·% ÑãùÜ—vÃTñ¶Že˜Rj»‡QÁ©º¨<C2BA>$(5¸D"LõST=ëzÇuòtù¸ ŸæuÏ\…Ð} ­O9Ÿ »Ö»V Ótù²D¼hªûˆydîSîÍeMnõ®=]|õì

5
secrets/podman/nginx.age Normal file
View File

@ -0,0 +1,5 @@
age-encryption.org/v1
-> ssh-ed25519 XBJw1w dfIt9D68fTDiv3E/vRCAulWPFtiQHQPkAHwmgTT3iVc
nI5jOSRnaXwuzuosmDwn/WDEpSeWGT3/5wQ4U5tCcQU
--- 4By9gEMbv47Ty1hcnaIjlXjD6Ruz54mHZ3oFyhjGoKU
ƒ«›ùì%þiž5ºÔéĵkUÀû÷©ÖDÌ=m=Š¸‡šÅõ(~™Â¿¤tY‰N©3öVý5Hñˆ¨mMÙÉä7Ü*

5
secrets/podman/old/host_ip.age Normal file
View File

@ -0,0 +1,5 @@
age-encryption.org/v1
-> ssh-ed25519 XBJw1w xlTqx7SHEtpjf7o09+3NRQcdOU8O6G8RayAln5nXa3k
hqneq8qtnDlzpg10LCKQZFoxzmHP0TmdwaGzVJwqDT8
--- bADrlXdsANlKpeI6aPqlP23JAM480M1DQ8uWfRNf2FI
8 b†2<32>~‘Ó)Gõ[ŠÞûT¦¿²¸Í*\² îW#=&Ô˃Bzer

5
secrets/podman/old/immich_db_password.age Normal file
View File

@ -0,0 +1,5 @@
age-encryption.org/v1
-> ssh-ed25519 XBJw1w uDKGYe0iG2aYNC0qbdMxZde4WoveT2w/qYCcXYiAvAI
Z83hIm4UPo1Y0GC4q9A5yh0hrwdMhedJ/Q7WM34iEJw
--- AFJLZCIEtkkFsmCJhz2NOjeyXVjMON+6ho57r0WGOQo
(×ÒÍß´ Âà+ šáMt¬¤©‰!à¨<C3A0> ½C]ºËßÖ„>“ánk

5
secrets/podman/old/joplin_password.age Normal file
View File

@ -0,0 +1,5 @@
age-encryption.org/v1
-> ssh-ed25519 XBJw1w b2jXA+YoWTi+0k4hGa4PpXWnDNdvYlAabsbFEtQVuxs
xxVUlBbreKZ43LkNMxC4EkHeQM9N7zg+Os07MMO/tUo
--- zulfS/NwoQvQJaHcKLsE0y4Zgd9pdaI5HTFeLn1aWww
È"xñŽ¶(wmf<éÎÒÑÇ*Ý/wK«XìðÞ“Œ/}2Þ±ú¸žÜŸ

5
secrets/podman/old/personal_site_host.age Normal file
View File

@ -0,0 +1,5 @@
age-encryption.org/v1
-> ssh-ed25519 XBJw1w FUG2pT0R1avaaqVy8Vpy5QrYxlvY3+vVCCgavBw3xlg
12nHFrhBaMB6cSIkoFwJBQJoR6LHDDOdOrvtHKWtXhg
--- 0WGJ0gBPnNZen1p6BjRTtO//Fcth6bP+kF6UGuHoZ1g
.¼â0²V'ÑлÄ<C2BB>Ò}×ý4ó~ï'*[L^Õ2æõcásn¶“¸ô

BIN
secrets/podman/old/public_ip.age Normal file
View File

Binary file not shown.

5
secrets/podman/old/rtsp_password.age Normal file
View File

@ -0,0 +1,5 @@
age-encryption.org/v1
-> ssh-ed25519 XBJw1w IeLI2Bq8rRH28AytcdzLZmY0qI3HE1NRazbXlZ9m0DA
m6LOrMY3s4oEizfeSk0k94xSHCs1ONXvtU4DZU612DA
--- 2FuHGub471XSe8rh4N/cuWNGCxH/eptxV+uc0vqzBCs
Ù_ ¦È’ì;¯-gµôH©o ö•„'n÷W¡»1IhÉà<C389>NìÁT|£W

5
secrets/podman/ollama.age Normal file
View File

@ -0,0 +1,5 @@
age-encryption.org/v1
-> ssh-ed25519 XBJw1w 57h4tQZaUZb2KEeBJYvFm540IJdKtOMZKUy+IoMhSCc
DWqRNJ4tIug47ZfGKZZ4lA6fuOjen/1G7mViwuwdXnw
--- /j7V6AfcdpzpApHvNWyNWEivlup/t41thrItJe9ZNXg
}I Ùϵ+q*À…ýÊãw†«M…~"Ž‡ðW@<40>seõÒ•êh6<E2809A>v¡-Øu7h_Ã

BIN
secrets/podman/open-webui.age Normal file
View File

Binary file not shown.

BIN
secrets/podman/tandoor.age Normal file
View File

Binary file not shown.

BIN
secrets/podman/unifi-network-application.age Normal file
View File

Binary file not shown.

5
secrets/podman/vaultwarden.age Normal file
View File

@ -0,0 +1,5 @@
age-encryption.org/v1
-> ssh-ed25519 XBJw1w 6rRcfL/VxHcTPjh+iS8nDleqqBbd3/zkHjj89eYGLDU
YSdAVEsmO4L2TbYMY/fjUwYo91GHSRxtDmG4MqYY2i8
--- JPrUeceRt2ABYPpX8nnyKl/Kxd2zEix2MQAmiR/eD84
„GTÅü¦â$èø ÀHk-.{jLË»dLrLˆ,éZö´$©>b<62>ô`¾Œ+£w|"Ž½$Ž³eqËa•£œuªQ÷gÐãËm(Ïæé¹ dÂø7…I׿þй$xü[i¹?i2Í4üÇÀ^ùÜQ^P£9»Û¡; ˆŸ¼<C5B8>W¼¨úà<c²I

BIN
secrets/podman/wireguard.age Normal file
View File

Binary file not shown.

6
secrets/restic/environmentFile.age Normal file
View File

@ -0,0 +1,6 @@
age-encryption.org/v1
-> ssh-ed25519 XBJw1w 5QBy9W87Ku629S6LyEnmP0D9XjZ+lprKLfgfKhKEliA
slX94kja145e7sKi+kSF6HgrRIgnb7P8N1jT/BgzvWM
--- kEdZbGsXLYj3s917fUUV93Ht7x90hSjEMUXS82nWmho
Â÷×£5ïõÀéD;ŸÔÑݤ9üÀ²IuÞL$˶
'™]Ù"Vg¼%x<>°5¬<Sï©òu”Îêèó,âÚžé<C5BE>„¡C+m©Ý°Â¥šúå<C3A5>&2ú¿Á7Ð(f0×Ò:ËÛ‡}Gé¬Õ }ëÈcÅèvi¶,

6
secrets/restic/passwordFile.age Normal file
View File

@ -0,0 +1,6 @@
age-encryption.org/v1
-> ssh-ed25519 XBJw1w ZDccgWxYDXp8C4PUSnFJvUsHD9dvkVgy7sHdKpRNhgg
DTWL2jyTo79eB9npr0CRHQYH7yx/OFowpjUTt2HUx7I
--- APu/KvLmlr8noZOouXaSo4/sVGcxYzfnbGB4S/DKpkM
„¾5Ù÷Y!gÍ©Vu¾æK<C3A6> ˜U“¨t‰t<Nå(
Ë‘Ã'º²†À¨Gx£öÉÖôþœŠÌ

BIN
secrets/restic/repositoryFile.age Normal file
View File

Binary file not shown.

24
secrets/secrets.nix Normal file
View File

@ -0,0 +1,24 @@
let
agenix = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOW2QuTDyMA/sdEWkKBAQmcqc164/RmQ6PULKGAb3jiD";
in
{
"podman/default.age".publicKeys = [ agenix ];
"podman/archivebox.age".publicKeys = [ agenix ];
"podman/frigate.age".publicKeys = [ agenix ];
"podman/gitea.age".publicKeys = [ agenix ];
"podman/immich.age".publicKeys = [ agenix ];
"podman/joplin.age".publicKeys = [ agenix ];
"podman/nginx.age".publicKeys = [ agenix ];
"podman/ollama.age".publicKeys = [ agenix ];
"podman/open-webui.age".publicKeys = [ agenix ];
"podman/tandoor.age".publicKeys = [ agenix ];
"podman/unifi-network-application.age".publicKeys = [ agenix ];
"podman/vaultwarden.age".publicKeys = [ agenix ];
"podman/wireguard.age".publicKeys = [ agenix ];
"restic/environmentFile.age".publicKeys = [ agenix ];
"restic/passwordFile.age".publicKeys = [ agenix ];
"restic/repositoryFile.age".publicKeys = [ agenix ];
"zfs/pool.key.age".publicKeys = [ agenix ];
}

6
secrets/zfs/pool.key.age Normal file
View File

@ -0,0 +1,6 @@
age-encryption.org/v1
-> ssh-ed25519 XBJw1w aT4N7lGsXH1XV4wBrZ1xoRVOjWrpMcBtNR8gMHUyfRM
sz4CvrJNgx+ms7kGTfg0Wly6Mc2NDwn4sWYvfsJI5lA
--- 9c9kfNpfGRAC6qAkHsfe65j2/83xeo1iIYqNxWMqLy8
#èefIú¬fƒ/ï¨*[0Š~W q¯¾y'j*½ägSþy™Bñy@j£jÜv ¨kæ<6B>ÿ<EFBFBD>ê<>Ï<EFBFBD>
ø¨&®0PÞß×ù‡Õ×ùƒ`œ" +ÜȲ«%ó¦r”«GÀ·ñ

324
sion=<your-cookie-value>" Normal file
View File

@ -0,0 +1,324 @@
SSUUMMMMAARRYY OOFF LLEESSSS CCOOMMMMAANNDDSS
Commands marked with * may be preceded by a number, _N.
Notes in parentheses indicate the behavior if _N is given.
A key preceded by a caret indicates the Ctrl key; thus ^K is ctrl-K.
h H Display this help.
q :q Q :Q ZZ Exit.
---------------------------------------------------------------------------
MMOOVVIINNGG
e ^E j ^N CR * Forward one line (or _N lines).
y ^Y k ^K ^P * Backward one line (or _N lines).
ESC-j * Forward one file line (or _N file lines).
ESC-k * Backward one file line (or _N file lines).
f ^F ^V SPACE * Forward one window (or _N lines).
b ^B ESC-v * Backward one window (or _N lines).
z * Forward one window (and set window to _N).
w * Backward one window (and set window to _N).
ESC-SPACE * Forward one window, but don't stop at end-of-file.
ESC-b * Backward one window, but don't stop at beginning-of-file.
d ^D * Forward one half-window (and set half-window to _N).
u ^U * Backward one half-window (and set half-window to _N).
ESC-) RightArrow * Right one half screen width (or _N positions).
ESC-( LeftArrow * Left one half screen width (or _N positions).
ESC-} ^RightArrow Right to last column displayed.
ESC-{ ^LeftArrow Left to first column.
F Forward forever; like "tail -f".
ESC-F Like F but stop when search pattern is found.
r ^R ^L Repaint screen.
R Repaint screen, discarding buffered input.
---------------------------------------------------
Default "window" is the screen height.
Default "half-window" is half of the screen height.
---------------------------------------------------------------------------
SSEEAARRCCHHIINNGG
/_p_a_t_t_e_r_n * Search forward for (_N-th) matching line.
?_p_a_t_t_e_r_n * Search backward for (_N-th) matching line.
n * Repeat previous search (for _N-th occurrence).
N * Repeat previous search in reverse direction.
ESC-n * Repeat previous search, spanning files.
ESC-N * Repeat previous search, reverse dir. & spanning files.
^O^N ^On * Search forward for (_N-th) OSC8 hyperlink.
^O^P ^Op * Search backward for (_N-th) OSC8 hyperlink.
^O^L ^Ol Jump to the currently selected OSC8 hyperlink.
ESC-u Undo (toggle) search highlighting.
ESC-U Clear search highlighting.
&_p_a_t_t_e_r_n * Display only matching lines.
---------------------------------------------------
Search is case-sensitive unless changed with -i or -I.
A search pattern may begin with one or more of:
^N or ! Search for NON-matching lines.
^E or * Search multiple files (pass thru END OF FILE).
^F or @ Start search at FIRST file (for /) or last file (for ?).
^K Highlight matches, but don't move (KEEP position).
^R Don't use REGULAR EXPRESSIONS.
^S _n Search for match in _n-th parenthesized subpattern.
^W WRAP search if no match found.
^L Enter next character literally into pattern.
---------------------------------------------------------------------------
JJUUMMPPIINNGG
g < ESC-< * Go to first line in file (or line _N).
G > ESC-> * Go to last line in file (or line _N).
p % * Go to beginning of file (or _N percent into file).
t * Go to the (_N-th) next tag.
T * Go to the (_N-th) previous tag.
{ ( [ * Find close bracket } ) ].
} ) ] * Find open bracket { ( [.
ESC-^F _<_c_1_> _<_c_2_> * Find close bracket _<_c_2_>.
ESC-^B _<_c_1_> _<_c_2_> * Find open bracket _<_c_1_>.
---------------------------------------------------
Each "find close bracket" command goes forward to the close bracket
matching the (_N-th) open bracket in the top line.
Each "find open bracket" command goes backward to the open bracket
matching the (_N-th) close bracket in the bottom line.
m_<_l_e_t_t_e_r_> Mark the current top line with <letter>.
M_<_l_e_t_t_e_r_> Mark the current bottom line with <letter>.
'_<_l_e_t_t_e_r_> Go to a previously marked position.
'' Go to the previous position.
^X^X Same as '.
ESC-m_<_l_e_t_t_e_r_> Clear a mark.
---------------------------------------------------
A mark is any upper-case or lower-case letter.
Certain marks are predefined:
^ means beginning of the file
$ means end of the file
---------------------------------------------------------------------------
CCHHAANNGGIINNGG FFIILLEESS
:e [_f_i_l_e] Examine a new file.
^X^V Same as :e.
:n * Examine the (_N-th) next file from the command line.
:p * Examine the (_N-th) previous file from the command line.
:x * Examine the first (or _N-th) file from the command line.
^O^O Open the currently selected OSC8 hyperlink.
:d Delete the current file from the command line list.
= ^G :f Print current file name.
---------------------------------------------------------------------------
MMIISSCCEELLLLAANNEEOOUUSS CCOOMMMMAANNDDSS
-_<_f_l_a_g_> Toggle a command line option [see OPTIONS below].
--_<_n_a_m_e_> Toggle a command line option, by name.
__<_f_l_a_g_> Display the setting of a command line option.
___<_n_a_m_e_> Display the setting of an option, by name.
+_c_m_d Execute the less cmd each time a new file is examined.
!_c_o_m_m_a_n_d Execute the shell command with $SHELL.
#_c_o_m_m_a_n_d Execute the shell command, expanded like a prompt.
|XX_c_o_m_m_a_n_d Pipe file between current pos & mark XX to shell command.
s _f_i_l_e Save input to a file.
v Edit the current file with $VISUAL or $EDITOR.
V Print version number of "less".
---------------------------------------------------------------------------
OOPPTTIIOONNSS
Most options may be changed either on the command line,
or from within less by using the - or -- command.
Options may be given in one of two forms: either a single
character preceded by a -, or a name preceded by --.
-? ........ --help
Display help (from command line).
-a ........ --search-skip-screen
Search skips current screen.
-A ........ --SEARCH-SKIP-SCREEN
Search starts just after target line.
-b [_N] .... --buffers=[_N]
Number of buffers.
-B ........ --auto-buffers
Don't automatically allocate buffers for pipes.
-c ........ --clear-screen
Repaint by clearing rather than scrolling.
-d ........ --dumb
Dumb terminal.
-D xx_c_o_l_o_r . --color=xx_c_o_l_o_r
Set screen colors.
-e -E .... --quit-at-eof --QUIT-AT-EOF
Quit at end of file.
-f ........ --force
Force open non-regular files.
-F ........ --quit-if-one-screen
Quit if entire file fits on first screen.
-g ........ --hilite-search
Highlight only last match for searches.
-G ........ --HILITE-SEARCH
Don't highlight any matches for searches.
-h [_N] .... --max-back-scroll=[_N]
Backward scroll limit.
-i ........ --ignore-case
Ignore case in searches that do not contain uppercase.
-I ........ --IGNORE-CASE
Ignore case in all searches.
-j [_N] .... --jump-target=[_N]
Screen position of target lines.
-J ........ --status-column
Display a status column at left edge of screen.
-k _f_i_l_e ... --lesskey-file=_f_i_l_e
Use a compiled lesskey file.
-K ........ --quit-on-intr
Exit less in response to ctrl-C.
-L ........ --no-lessopen
Ignore the LESSOPEN environment variable.
-m -M .... --long-prompt --LONG-PROMPT
Set prompt style.
-n ......... --line-numbers
Suppress line numbers in prompts and messages.
-N ......... --LINE-NUMBERS
Display line number at start of each line.
-o [_f_i_l_e] .. --log-file=[_f_i_l_e]
Copy to log file (standard input only).
-O [_f_i_l_e] .. --LOG-FILE=[_f_i_l_e]
Copy to log file (unconditionally overwrite).
-p _p_a_t_t_e_r_n . --pattern=[_p_a_t_t_e_r_n]
Start at pattern (from command line).
-P [_p_r_o_m_p_t] --prompt=[_p_r_o_m_p_t]
Define new prompt.
-q -Q .... --quiet --QUIET --silent --SILENT
Quiet the terminal bell.
-r -R .... --raw-control-chars --RAW-CONTROL-CHARS
Output "raw" control characters.
-s ........ --squeeze-blank-lines
Squeeze multiple blank lines.
-S ........ --chop-long-lines
Chop (truncate) long lines rather than wrapping.
-t _t_a_g .... --tag=[_t_a_g]
Find a tag.
-T [_t_a_g_s_f_i_l_e] --tag-file=[_t_a_g_s_f_i_l_e]
Use an alternate tags file.
-u -U .... --underline-special --UNDERLINE-SPECIAL
Change handling of backspaces, tabs and carriage returns.
-V ........ --version
Display the version number of "less".
-w ........ --hilite-unread
Highlight first new line after forward-screen.
-W ........ --HILITE-UNREAD
Highlight first new line after any forward movement.
-x [_N[,...]] --tabs=[_N[,...]]
Set tab stops.
-X ........ --no-init
Don't use termcap init/deinit strings.
-y [_N] .... --max-forw-scroll=[_N]
Forward scroll limit.
-z [_N] .... --window=[_N]
Set size of window.
-" [_c[_c]] . --quotes=[_c[_c]]
Set shell quote characters.
-~ ........ --tilde
Don't display tildes after end of file.
-# [_N] .... --shift=[_N]
Set horizontal scroll amount (0 = one half screen width).
--exit-follow-on-close
Exit F command on a pipe when writer closes pipe.
--file-size
Automatically determine the size of the input file.
--follow-name
The F command changes files if the input file is renamed.
--form-feed
Stop scrolling when a form feed character is reached.
--header=[_L[,_C[,_N]]]
Use _L lines (starting at line _N) and _C columns as headers.
--incsearch
Search file as each pattern character is typed in.
--intr=[_C]
Use _C instead of ^X to interrupt a read.
--lesskey-context=_t_e_x_t
Use lesskey source file contents.
--lesskey-src=_f_i_l_e
Use a lesskey source file.
--line-num-width=[_N]
Set the width of the -N line number field to _N characters.
--match-shift=[_N]
Show at least _N characters to the left of a search match.
--modelines=[_N]
Read _N lines from the input file and look for vim modelines.
--mouse
Enable mouse input.
--no-edit-warn
Don't warn when using v command on a file opened via LESSOPEN.
--no-keypad
Don't send termcap keypad init/deinit strings.
--no-histdups
Remove duplicates from command history.
--no-number-headers
Don't give line numbers to header lines.
--no-paste
Ignore pasted input.
--no-search-header-lines
Searches do not include header lines.
--no-search-header-columns
Searches do not include header columns.
--no-search-headers
Searches do not include header lines or columns.
--no-vbell
Disable the terminal's visual bell.
--redraw-on-quit
Redraw final screen when quitting.
--rscroll=[_C]
Set the character used to mark truncated lines.
--save-marks
Retain marks across invocations of less.
--search-options=[EFKNRW-]
Set default options for every search.
--show-preproc-errors
Display a message if preprocessor exits with an error status.
--proc-backspace
Process backspaces for bold/underline.
--PROC-BACKSPACE
Treat backspaces as control characters.
--proc-return
Delete carriage returns before newline.
--PROC-RETURN
Treat carriage returns as control characters.
--proc-tab
Expand tabs to spaces.
--PROC-TAB
Treat tabs as control characters.
--status-col-width=[_N]
Set the width of the -J status column to _N characters.
--status-line
Highlight or color the entire line containing a mark.
--use-backslash
Subsequent options use backslash as escape char.
--use-color
Enables colored text.
--wheel-lines=[_N]
Each click of the mouse wheel moves _N lines.
--wordwrap
Wrap lines at spaces.
---------------------------------------------------------------------------
LLIINNEE EEDDIITTIINNGG
These keys can be used to edit text being entered
on the "command line" at the bottom of the screen.
RightArrow ..................... ESC-l ... Move cursor right one character.
LeftArrow ...................... ESC-h ... Move cursor left one character.
ctrl-RightArrow ESC-RightArrow ESC-w ... Move cursor right one word.
ctrl-LeftArrow ESC-LeftArrow ESC-b ... Move cursor left one word.
HOME ........................... ESC-0 ... Move cursor to start of line.
END ............................ ESC-$ ... Move cursor to end of line.
BACKSPACE ................................ Delete char to left of cursor.
DELETE ......................... ESC-x ... Delete char under cursor.
ctrl-BACKSPACE ESC-BACKSPACE ........... Delete word to left of cursor.
ctrl-DELETE .... ESC-DELETE .... ESC-X ... Delete word under cursor.
ctrl-U ......... ESC (MS-DOS only) ....... Delete entire line.
UpArrow ........................ ESC-k ... Retrieve previous command line.
DownArrow ...................... ESC-j ... Retrieve next command line.
TAB ...................................... Complete filename & cycle.
SHIFT-TAB ...................... ESC-TAB Complete filename & reverse cycle.
ctrl-L ................................... Complete filename, list all.