adriangl/nix-dotfiles-v2
1
1
Fork 0
Code Issues Pull Requests Releases Activity

Compare commits

base: adriangl:main
Branches Tags
adriangl:main adriangl:galadriel-fra-legolas
..
compare: adriangl:galadriel-fra-legolas
Branches Tags
adriangl:main adriangl:galadriel-fra-legolas

1 Commits
main ... galadriel-

Author SHA1 Message Date
Adrian G L
d03b4ba609 snapshot 2025-10-14 21:27:46 +02:00
93 changed files with 2017 additions and 4668 deletions
Expand all files Collapse all files

1
.gitignore vendored
View File

@@ -1,2 +1 @@
flake.lock
result

475
flake.lock generated Normal file
View File

@@ -0,0 +1,475 @@
{
"nodes": {
"base16-schemes": {
"flake": false,
"locked": {
"lastModified": 1696158499,
"narHash": "sha256-5yIHgDTPjoX/3oDEfLSQ0eJZdFL1SaCfb9d6M0RmOTM=",
"owner": "tinted-theming",
"repo": "base16-schemes",
"rev": "a9112eaae86d9dd8ee6bb9445b664fba2f94037a",
"type": "github"
},
"original": {
"owner": "tinted-theming",
"repo": "base16-schemes",
"type": "github"
}
},
"base16-schemes_2": {
"flake": false,
"locked": {
"lastModified": 1696158499,
"narHash": "sha256-5yIHgDTPjoX/3oDEfLSQ0eJZdFL1SaCfb9d6M0RmOTM=",
"owner": "tinted-theming",
"repo": "base16-schemes",
"rev": "a9112eaae86d9dd8ee6bb9445b664fba2f94037a",
"type": "github"
},
"original": {
"owner": "tinted-theming",
"repo": "base16-schemes",
"type": "github"
}
},
"blog-generator": {
"inputs": {
"flake-utils": "flake-utils",
"nix-colors": "nix-colors",
"nixpkgs": "nixpkgs",
"rust-overlay": "rust-overlay"
},
"locked": {
"lastModified": 1760358235,
"narHash": "sha256-uR6lu5QtudOPQrUVVziEzJqAdYMZn+maPxn95a3bs1U=",
"owner": "adrlau",
"repo": "blog-generator",
"rev": "8497f0fada979c6f67e11c5e70f1eb1f6a5e0d4b",
"type": "github"
},
"original": {
"owner": "adrlau",
"repo": "blog-generator",
"type": "github"
}
},
"crane": {
"locked": {
"lastModified": 1731098351,
"narHash": "sha256-HQkYvKvaLQqNa10KEFGgWHfMAbWBfFp+4cAgkut+NNE=",
"owner": "ipetkov",
"repo": "crane",
"rev": "ef80ead953c1b28316cc3f8613904edc2eb90c28",
"type": "github"
},
"original": {
"owner": "ipetkov",
"repo": "crane",
"type": "github"
}
},
"flake-compat": {
"flake": false,
"locked": {
"lastModified": 1696426674,
"narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-parts": {
"inputs": {
"nixpkgs-lib": [
"lanzaboote",
"nixpkgs"
]
},
"locked": {
"lastModified": 1730504689,
"narHash": "sha256-hgmguH29K2fvs9szpq2r3pz2/8cJd2LPS+b4tfNFCwE=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "506278e768c2a08bec68eb62932193e341f55c90",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "flake-parts",
"type": "github"
}
},
"flake-utils": {
"inputs": {
"systems": "systems"
},
"locked": {
"lastModified": 1731533236,
"narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"gitignore": {
"inputs": {
"nixpkgs": [
"lanzaboote",
"pre-commit-hooks-nix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1709087332,
"narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=",
"owner": "hercules-ci",
"repo": "gitignore.nix",
"rev": "637db329424fd7e46cf4185293b9cc8c88c95394",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "gitignore.nix",
"type": "github"
}
},
"home-manager": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1758463745,
"narHash": "sha256-uhzsV0Q0I9j2y/rfweWeGif5AWe0MGrgZ/3TjpDYdGA=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "3b955f5f0a942f9f60cdc9cacb7844335d0f21c3",
"type": "github"
},
"original": {
"owner": "nix-community",
"ref": "release-25.05",
"repo": "home-manager",
"type": "github"
}
},
"lanzaboote": {
"inputs": {
"crane": "crane",
"flake-compat": "flake-compat",
"flake-parts": "flake-parts",
"nixpkgs": [
"nixpkgs"
],
"pre-commit-hooks-nix": "pre-commit-hooks-nix",
"rust-overlay": "rust-overlay_2"
},
"locked": {
"lastModified": 1737639419,
"narHash": "sha256-AEEDktApTEZ5PZXNDkry2YV2k6t0dTgLPEmAZbnigXU=",
"owner": "nix-community",
"repo": "lanzaboote",
"rev": "a65905a09e2c43ff63be8c0e86a93712361f871e",
"type": "github"
},
"original": {
"owner": "nix-community",
"ref": "v0.4.2",
"repo": "lanzaboote",
"type": "github"
}
},
"nix-colors": {
"inputs": {
"base16-schemes": "base16-schemes",
"nixpkgs-lib": "nixpkgs-lib"
},
"locked": {
"lastModified": 1707825078,
"narHash": "sha256-hTfge2J2W+42SZ7VHXkf4kjU+qzFqPeC9k66jAUBMHk=",
"owner": "misterio77",
"repo": "nix-colors",
"rev": "b01f024090d2c4fc3152cd0cf12027a7b8453ba1",
"type": "github"
},
"original": {
"owner": "misterio77",
"repo": "nix-colors",
"type": "github"
}
},
"nix-colors_2": {
"inputs": {
"base16-schemes": "base16-schemes_2",
"nixpkgs-lib": "nixpkgs-lib_2"
},
"locked": {
"lastModified": 1707825078,
"narHash": "sha256-hTfge2J2W+42SZ7VHXkf4kjU+qzFqPeC9k66jAUBMHk=",
"owner": "misterio77",
"repo": "nix-colors",
"rev": "b01f024090d2c4fc3152cd0cf12027a7b8453ba1",
"type": "github"
},
"original": {
"owner": "misterio77",
"repo": "nix-colors",
"type": "github"
}
},
"nixos-hardware": {
"locked": {
"lastModified": 1760106635,
"narHash": "sha256-2GoxVaKWTHBxRoeUYSjv0AfSOx4qw5CWSFz2b+VolKU=",
"owner": "NixOS",
"repo": "nixos-hardware",
"rev": "9ed85f8afebf2b7478f25db0a98d0e782c0ed903",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "master",
"repo": "nixos-hardware",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1759831965,
"narHash": "sha256-vgPm2xjOmKdZ0xKA6yLXPJpjOtQPHfaZDRtH+47XEBo=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "c9b6fb798541223bbb396d287d16f43520250518",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-lib": {
"locked": {
"lastModified": 1697935651,
"narHash": "sha256-qOfWjQ2JQSQL15KLh6D7xQhx0qgZlYZTYlcEiRuAMMw=",
"owner": "nix-community",
"repo": "nixpkgs.lib",
"rev": "e1e11fdbb01113d85c7f41cada9d2847660e3902",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "nixpkgs.lib",
"type": "github"
}
},
"nixpkgs-lib_2": {
"locked": {
"lastModified": 1697935651,
"narHash": "sha256-qOfWjQ2JQSQL15KLh6D7xQhx0qgZlYZTYlcEiRuAMMw=",
"owner": "nix-community",
"repo": "nixpkgs.lib",
"rev": "e1e11fdbb01113d85c7f41cada9d2847660e3902",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "nixpkgs.lib",
"type": "github"
}
},
"nixpkgs-stable": {
"locked": {
"lastModified": 1730741070,
"narHash": "sha256-edm8WG19kWozJ/GqyYx2VjW99EdhjKwbY3ZwdlPAAlo=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "d063c1dd113c91ab27959ba540c0d9753409edf3",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-24.05",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_2": {
"locked": {
"lastModified": 1744536153,
"narHash": "sha256-awS2zRgF4uTwrOKwwiJcByDzDOdo3Q1rPZbiHQg/N38=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "18dd725c29603f582cf1900e0d25f9f1063dbf11",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixpkgs-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_3": {
"locked": {
"lastModified": 1760139962,
"narHash": "sha256-4xggC56Rub3WInz5eD7EZWXuLXpNvJiUPahGtMkwtuc=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "7e297ddff44a3cc93673bb38d0374df8d0ad73e4",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-25.05",
"repo": "nixpkgs",
"type": "github"
}
},
"pre-commit-hooks-nix": {
"inputs": {
"flake-compat": [
"lanzaboote",
"flake-compat"
],
"gitignore": "gitignore",
"nixpkgs": [
"lanzaboote",
"nixpkgs"
],
"nixpkgs-stable": "nixpkgs-stable"
},
"locked": {
"lastModified": 1731363552,
"narHash": "sha256-vFta1uHnD29VUY4HJOO/D6p6rxyObnf+InnSMT4jlMU=",
"owner": "cachix",
"repo": "pre-commit-hooks.nix",
"rev": "cd1af27aa85026ac759d5d3fccf650abe7e1bbf0",
"type": "github"
},
"original": {
"owner": "cachix",
"repo": "pre-commit-hooks.nix",
"type": "github"
}
},
"root": {
"inputs": {
"blog-generator": "blog-generator",
"home-manager": "home-manager",
"lanzaboote": "lanzaboote",
"nix-colors": "nix-colors_2",
"nixos-hardware": "nixos-hardware",
"nixpkgs": "nixpkgs_3",
"sops-nix": "sops-nix",
"unstable": "unstable"
}
},
"rust-overlay": {
"inputs": {
"nixpkgs": "nixpkgs_2"
},
"locked": {
"lastModified": 1760063676,
"narHash": "sha256-s5Fjh43skH2L+avOGioLmEHoYZffDbg3abV5h0gjeew=",
"owner": "oxalica",
"repo": "rust-overlay",
"rev": "897deed0923cc5a1d560c5176abe0d172ec9716d",
"type": "github"
},
"original": {
"owner": "oxalica",
"repo": "rust-overlay",
"type": "github"
}
},
"rust-overlay_2": {
"inputs": {
"nixpkgs": [
"lanzaboote",
"nixpkgs"
]
},
"locked": {
"lastModified": 1731897198,
"narHash": "sha256-Ou7vLETSKwmE/HRQz4cImXXJBr/k9gp4J4z/PF8LzTE=",
"owner": "oxalica",
"repo": "rust-overlay",
"rev": "0be641045af6d8666c11c2c40e45ffc9667839b5",
"type": "github"
},
"original": {
"owner": "oxalica",
"repo": "rust-overlay",
"type": "github"
}
},
"sops-nix": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1760240450,
"narHash": "sha256-sa9bS9jSyc4vH0jSWrUsPGdqtMvDwmkLg971ntWOo2U=",
"owner": "Mic92",
"repo": "sops-nix",
"rev": "41fd1f7570c89f645ee0ada0be4e2d3c4b169549",
"type": "github"
},
"original": {
"owner": "Mic92",
"repo": "sops-nix",
"type": "github"
}
},
"systems": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"unstable": {
"locked": {
"lastModified": 1760038930,
"narHash": "sha256-Oncbh0UmHjSlxO7ErQDM3KM0A5/Znfofj2BSzlHLeVw=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "0b4defa2584313f3b781240b29d61f6f9f7e0df3",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
}
},
"root": "root",
"version": 7
}

142
flake.nix
View File

@@ -2,24 +2,15 @@
description = "NixOS configuration for legolas (laptop)";
inputs = {
nixpkgs.url = "github:NixOS/nixpkgs/nixos-25.11";
nixpkgs.url = "github:NixOS/nixpkgs/nixos-25.05";
unstable.url = "github:NixOS/nixpkgs/nixos-unstable";
home-manager = {
url = "github:nix-community/home-manager/release-25.11";
inputs.nixpkgs.follows = "nixpkgs";
};
noctalia = {
url = "github:noctalia-dev/noctalia-shell";
url = "github:nix-community/home-manager/release-25.05";
inputs.nixpkgs.follows = "nixpkgs";
};
nix-colors.url = "github:misterio77/nix-colors";
stylix = {
url = "github:nix-community/stylix/release-25.11";
inputs.nixpkgs.follows = "nixpkgs";
};
sops-nix = {
url = "github:Mic92/sops-nix";
@@ -27,23 +18,14 @@
};
lanzaboote = {
url = "github:nix-community/lanzaboote/v0.4.3";
url = "github:nix-community/lanzaboote/v0.4.2";
inputs.nixpkgs.follows = "nixpkgs";
};
nixos-hardware.url = "github:NixOS/nixos-hardware/master";
nixvim = {
url = "github:nix-community/nixvim/nixos-25.11";
inputs.nixpkgs.follows = "nixpkgs";
};
blog-generator.url = "github:adrlau/blog-generator";
niri = {
url = "github:sodiboo/niri-flake";
inputs.nixpkgs.follows = "nixpkgs";
};
blog-generator.url = "github:adrlau/blog-generator";
};
@@ -54,139 +36,64 @@
unstable,
home-manager,
nix-colors,
stylix,
sops-nix,
lanzaboote,
nixos-hardware,
blog-generator,
niri,
noctalia,
nixvim,
...
}@inputs:
let
system = "x86_64-linux";
in
{
packages.${system} =
let
lib = nixpkgs.lib;
pkgs = import nixpkgs {
inherit system;
overlays = [ self.overlays.default ];
config.allowUnfreePredicate =
pkg:
builtins.elem (lib.getName pkg) [
"s2cpp"
"s2-model"
"vllm-omni"
"android-cli"
];
};
in
{
inherit (pkgs)
qwen-asr
llama-swap
z-image-models
whisper-models
s2cpp
s2-model
vllm-omni
llama-cpp-nightly
llama-cpp-nightly-vulkan
llama-cpp-nightly-sycl
android-cli
;
};
overlays.default = final: _prev: {
qwen-asr = final.callPackage ./packages/qwen-asr { };
llama-swap = final.callPackage ./packages/llama-swap { };
z-image-models = final.callPackage ./packages/z-image-models { };
whisper-models = final.callPackage ./packages/whisper-models { };
s2cpp = final.callPackage ./packages/s2cpp { };
s2-model = final.callPackage ./packages/s2-model { };
vllm-omni = final.python3Packages.callPackage ./packages/vllm-omni { };
llama-cpp-nightly = final.callPackage ./packages/llama-cpp-nightly { };
llama-cpp-nightly-vulkan = final.callPackage ./packages/llama-cpp-nightly { vulkanSupport = true; };
llama-cpp-nightly-sycl = final.callPackage ./packages/llama-cpp-nightly {
syclSupport = true;
mkl = final.mkl;
oneDNN = final.oneDNN;
};
android-cli = final.callPackage ./packages/android-cli { };
};
# legolas
nixosConfigurations.legolas = nixpkgs.lib.nixosSystem {
inherit system;
specialArgs = { inherit inputs system; };
specialArgs = { inherit inputs; };
modules = [
./hosts/legolas/configuration.nix
home-manager.nixosModules.home-manager
{
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
home-manager.users.gunalx = import ./home/gunalx.nix;
home-manager.backupFileExtension = "bac";
home-manager.extraSpecialArgs = { inherit nix-colors inputs; };
home-manager.sharedModules = [
inputs.sops-nix.homeManagerModules.sops
inputs.stylix.homeModules.stylix
inputs.niri.homeModules.niri
inputs.noctalia.homeModules.default
inputs.nixvim.homeModules.nixvim
];
home-manager.sharedModules = [ inputs.sops-nix.homeManagerModules.sops ];
}
{ nixpkgs.overlays = [ niri.overlays.niri ]; }
./modules/unstable.nix
sops-nix.nixosModules.sops
lanzaboote.nixosModules.lanzaboote
nixos-hardware.nixosModules.dell-xps-13-9370
#temporarily for testing run my blog on my laptop
blog-generator.nixosModules.default
];
};
# aragon
nixosConfigurations.aragon = nixpkgs.lib.nixosSystem {
inherit system;
specialArgs = { inherit inputs system; };
specialArgs = { inherit inputs; };
modules = [
./hosts/aragon/configuration.nix
home-manager.nixosModules.home-manager
{
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
home-manager.users.gunalx = import ./home/gunalx.nix;
home-manager.backupFileExtension = "bac";
home-manager.extraSpecialArgs = { inherit nix-colors inputs; };
home-manager.sharedModules = [
inputs.sops-nix.homeManagerModules.sops
inputs.stylix.homeModules.stylix
inputs.niri.homeModules.niri
inputs.noctalia.homeModules.default
inputs.nixvim.homeModules.nixvim
];
home-manager.sharedModules = [ inputs.sops-nix.homeManagerModules.sops ];
}
{
nixpkgs.overlays = [
self.overlays.default
niri.overlays.niri
];
}
./modules/unstable.nix
sops-nix.nixosModules.sops
lanzaboote.nixosModules.lanzaboote
@@ -194,13 +101,14 @@
];
};
# galadriel
nixosConfigurations.galadriel = nixpkgs.lib.nixosSystem {
inherit system;
specialArgs = { inherit inputs system; };
specialArgs = { inherit inputs; };
modules = [
./modules/unstable.nix
./hosts/galadriel/configuration.nix
sops-nix.nixosModules.sops
@@ -210,17 +118,7 @@
];
};
# elros
nixosConfigurations.elros = nixpkgs.lib.nixosSystem {
inherit system;
specialArgs = { inherit inputs system; };
modules = [
./modules/unstable.nix
./hosts/elros/configuration.nix
sops-nix.nixosModules.sops
lanzaboote.nixosModules.lanzaboote
];
};
};
}

36
home/aider.nix
View File

@@ -1,36 +0,0 @@
{
pkgs,
lib,
unstable,
config,
...
}:
{
home.packages = with pkgs; [
#aider-chat-full
];
programs.aider-chat = {
enable = true;
package = pkgs.unstable.aider-chat-with-playwright;
settings = {
architect = true;
auto-accept-architect = false;
cache-prompts = true;
check-model-accepts-settings = false;
dark-mode = true;
dirty-commits = false;
lint = true;
show-model-warnings = false;
verify-ssl = false;
watch-files = true;
analytics-disable = true;
check-update = false;
multiline = true;
notifications = true;
show-diffs = true;
};
};
}

9
home/bash.nix
View File

@@ -13,7 +13,6 @@
"ai/cerebras" = { };
"ai/groq" = { };
"ai/mistral" = { };
"ai/zai" = { };
};
programs.bash = {
enable = true;
@@ -49,8 +48,6 @@
export CEREBRAS_API_KEY="$(cat ${config.sops.secrets."ai/cerebras".path})"
export GROQ_API_KEY="$(cat ${config.sops.secrets."ai/groq".path})"
export MISTRAL_API_KEY="$(cat ${config.sops.secrets."ai/mistral".path})"
export ZAI_API_KEY="$(cat ${config.sops.secrets."ai/zai".path})"
export ZAI_API_BASE="https://api.z.ai/api/coding/paas/v4"
#PS1 section
@@ -62,18 +59,18 @@
YELLOW='\[\e[33m\]'
MAGENTA='\[\e[35m\]'
RED='\[\e[31m\]'
if [[ -n "$SSH_CONNECTION" ]]; then
REMOTE_LABEL="\[''${YELLOW}\] (ssh)\[''${RESET}\]"
else
REMOTE_LABEL=""
fi
# Git branch function
parse_git_branch() {
git branch --show-current 2>/dev/null | awk '{print " (" $1 ")"}'
}
# Set prompt
if [[ $EUID -eq 0 ]]; then
PS1="''${BOLD}''${RED}\u''${RESET}:''${BOLD}''${RED}\h''${REMOTE_LABEL}''${RESET}:''${BOLD}''${GREEN}\w''${MAGENTA}\$(parse_git_branch) ''${BLUE}\A''${RESET}\$ "

273
home/colors.nix
View File

@@ -6,10 +6,150 @@
...
}:
let
nix-colors-lib = nix-colors.lib.contrib { inherit pkgs; };
c = config.colorScheme.palette; # Access palette colors
# Generate comprehensive CSS overrides using your color palette
gtkColorOverrides = ''
/* UI Colors - Main variables */
@define-color accent_bg_color #${c.base0D};
@define-color accent_fg_color #${c.base07};
@define-color accent_color #${c.base0D};
@define-color destructive_bg_color #${c.base08};
@define-color destructive_fg_color #${c.base07};
@define-color destructive_color #${c.base08};
@define-color success_bg_color #${c.base0B};
@define-color success_fg_color #${c.base07};
@define-color success_color #${c.base0B};
@define-color warning_bg_color #${c.base0A};
@define-color warning_fg_color #${c.base00};
@define-color warning_color #${c.base0A};
@define-color error_bg_color #${c.base08};
@define-color error_fg_color #${c.base07};
@define-color error_color #${c.base08};
/* Window Colors */
@define-color window_bg_color #${c.base00};
@define-color window_fg_color #${c.base05};
/* View Colors */
@define-color view_bg_color #${c.base00};
@define-color view_fg_color #${c.base05};
/* Header Bar Colors */
@define-color headerbar_bg_color #${c.base01};
@define-color headerbar_fg_color #${c.base05};
@define-color headerbar_border_color #${c.base03};
@define-color headerbar_backdrop_color #${c.base00};
@define-color headerbar_shade_color rgba(0, 0, 0, 0.12);
@define-color headerbar_darker_shade_color rgba(0, 0, 0, 0.12);
/* Sidebar Colors */
@define-color sidebar_bg_color #${c.base01};
@define-color sidebar_fg_color #${c.base05};
@define-color sidebar_backdrop_color #${c.base00};
@define-color sidebar_border_color rgba(0, 0, 0, 0.07);
@define-color sidebar_shade_color rgba(0, 0, 0, 0.07);
/* Card Colors */
@define-color card_bg_color #${c.base01};
@define-color card_fg_color #${c.base05};
@define-color card_shade_color rgba(0, 0, 0, 0.07);
/* Dialog Colors */
@define-color dialog_bg_color #${c.base01};
@define-color dialog_fg_color #${c.base05};
/* Popover Colors */
@define-color popover_bg_color #${c.base01};
@define-color popover_fg_color #${c.base05};
@define-color popover_shade_color rgba(0, 0, 0, 0.07);
/* Miscellaneous Colors */
@define-color shade_color rgba(0, 0, 0, 0.07);
@define-color scrollbar_outline_color #${c.base07};
/* Palette Colors */
@define-color blue_1 #99c1f1;
@define-color blue_2 #62a0ea;
@define-color blue_3 #3584e4;
@define-color blue_4 #1c71d8;
@define-color blue_5 #1a5fb4;
@define-color green_1 #8ff0a4;
@define-color green_2 #57e389;
@define-color green_3 #33d17a;
@define-color green_4 #2ec27e;
@define-color green_5 #26a269;
@define-color yellow_1 #f9f06b;
@define-color yellow_2 #f8e45c;
@define-color yellow_3 #f6d32d;
@define-color yellow_4 #f5c211;
@define-color yellow_5 #e5a50a;
@define-color orange_1 #ffbe6f;
@define-color orange_2 #ffa348;
@define-color orange_3 #ff7800;
@define-color orange_4 #e66100;
@define-color orange_5 #c64600;
@define-color red_1 #f66151;
@define-color red_2 #ed333b;
@define-color red_3 #e01b24;
@define-color red_4 #c01c28;
@define-color red_5 #a51d2d;
@define-color purple_1 #dc8add;
@define-color purple_2 #c061cb;
@define-color purple_3 #9141ac;
@define-color purple_4 #813d9c;
@define-color purple_5 #613583;
@define-color brown_1 #cdab8f;
@define-color brown_2 #b5835a;
@define-color brown_3 #986a44;
@define-color brown_4 #865e3c;
@define-color brown_5 #63452c;
@define-color light_1 #ffffff;
@define-color light_2 #f6f5f4;
@define-color light_3 #deddda;
@define-color light_4 #c0bfbc;
@define-color light_5 #9a9996;
@define-color dark_1 #77767b;
@define-color dark_2 #5e5c64;
@define-color dark_3 #3d3846;
@define-color dark_4 #241f31;
@define-color dark_5 #000000;
/* Compatibility Colors */
@define-color theme_bg_color #${c.base00};
@define-color theme_fg_color #${c.base05};
@define-color theme_base_color #${c.base00};
@define-color theme_text_color #${c.base05};
@define-color theme_selected_bg_color #${c.base0D};
@define-color theme_selected_fg_color #${c.base07};
@define-color insensitive_bg_color #${c.base01};
@define-color insensitive_fg_color #${c.base03};
@define-color insensitive_base_color #${c.base00};
@define-color borders rgba(0, 0, 0, 0.15);
@define-color theme_unfocused_bg_color #${c.base00};
@define-color theme_unfocused_fg_color #${c.base05};
@define-color theme_unfocused_base_color #${c.base00};
@define-color theme_unfocused_text_color #${c.base05};
@define-color theme_unfocused_selected_bg_color #${c.base0D};
@define-color theme_unfocused_selected_fg_color #${c.base07};
@define-color unfocused_insensitive_color #${c.base01};
@define-color unfocused_borders rgba(0, 0, 0, 0.15);
/* Standard GTK Colors */
@define-color bg_color #${c.base00};
@define-color fg_color #${c.base05};
@define-color base_color #${c.base00};
@define-color text_color #${c.base05};
@define-color selected_bg_color #${c.base0D};
@define-color selected_fg_color #${c.base07};
@define-color tooltip_bg_color #${c.base01};
@define-color tooltip_fg_color #${c.base05};
'';
in
{
imports = [
nix-colors.homeManagerModules.default
];
imports = [ nix-colors.homeManagerModules.default ];
colorScheme = {
slug = "teal-green-dark";
@@ -17,40 +157,101 @@
author = "Adrian";
palette = {
# Base16 TealGreen Dark Theme - Enhanced Teal Version
# base00 = "0c1f1d"; # Default background - deeper teal base
# base01 = "12302d"; # Lighter background (status bars)
# base02 = "1c3b38"; # Selection background
# base03 = "26514d"; # Comments, secondary content
# base04 = "447b76"; # Dark foreground (status bars)
# base05 = "c4e5e0"; # Default foreground
# base06 = "d4f0ed"; # Light foreground
# base07 = "f0fbfa"; # Lightest background
# base08 = "5fcac0"; # Variables, markup link text - teal accent
# base09 = "40bfa5"; # Integers, constants - teal-green
# base0A = "60d5b0"; # Classes, search highlight - bright teal
# base0B = "40c0a0"; # Strings, inserted - true teal (less green)
# base0C = "30d0c0"; # Support, escape characters - cyan-teal
# base0D = "2aa198"; # Functions, headings - classic teal
# base0E = "3cb4ac"; # Keywords, selectors - teal-blue
# base0F = "70d0c0"; # Deprecated tags - light teal
base00 = "0c1f1d"; # Default background - deeper teal base
base01 = "12302d"; # Lighter background (status bars)
base02 = "1c3b38"; # Selection background
base03 = "26514d"; # Comments, secondary content
base04 = "447b76"; # Dark foreground (status bars)
base05 = "c4e5e0"; # Default foreground
base06 = "d4f0ed"; # Light foreground
base07 = "f0fbfa"; # Lightest background
base08 = "5fcac0"; # Variables, markup link text - teal accent
base09 = "40bfa5"; # Integers, constants - teal-green
base0A = "60d5b0"; # Classes, search highlight - bright teal
base0B = "40c0a0"; # Strings, inserted - true teal (less green)
base0C = "30d0c0"; # Support, escape characters - cyan-teal
base0D = "2aa198"; # Functions, headings - classic teal
base0E = "3cb4ac"; # Keywords, selectors - teal-blue
base0F = "70d0c0"; # Deprecated tags - light teal
## catppuccin mocha based
base00 = "0b1c1a"; # Default background — deeper teal-dark background
base01 = "153532"; # Lighter background / status bars
base02 = "1b3d39"; # Selection background / line highlight
base03 = "275454"; # Comments, secondary UI elements
base04 = "6f7389"; # Dark foreground / secondary text
base05 = "95a0b8"; # Default foreground / main text
base06 = "a8b2ce"; # Light foreground / lighter UI elements
base07 = "ccdffa"; # Lightest background / highlight background
base08 = "f38ba8"; # Errors, alerts — red-pink accent
base09 = "e0a878"; # Numbers, constants — muted peach/orange
base0A = "b8c071"; # Warnings, highlights — golden-yellow
base0B = "4fbf93"; # Strings, inserts — teal-green
base0C = "2ac5c2"; # Support, escape/sequences — cyan-teal
base0D = "2fa6b0"; # Functions, types — classic teal-blue
base0E = "c7a8f5"; # Keywords, special — soft magenta/purple
base0F = "b2b4cf"; # Deprecated / special tags — light cool grey-lavender
};
};
# GTK configuration with custom theme
gtk = {
enable = true;
iconTheme = {
name = "Papirus-Dark";
package = pkgs.papirus-icon-theme;
};
cursorTheme = {
name = "Adwaita-Dark";
package = pkgs.adwaita-icon-theme;
size = 24;
};
gtk2.extraConfig = ''
style "custom-dark" {
bg[NORMAL] = "#${c.base00}"
bg[PRELIGHT] = "#${c.base02}"
bg[ACTIVE] = "#${c.base01}"
bg[SELECTED] = "#${c.base0D}"
bg[INSENSITIVE] = "#${c.base01}"
fg[NORMAL] = "#${c.base05}"
fg[PRELIGHT] = "#${c.base06}"
fg[ACTIVE] = "#${c.base07}"
fg[SELECTED] = "#${c.base07}"
fg[INSENSITIVE] = "#${c.base03}"
base[NORMAL] = "#${c.base01}"
base[PRELIGHT] = "#${c.base02}"
base[ACTIVE] = "#${c.base0D}"
base[SELECTED] = "#${c.base0D}"
base[INSENSITIVE] = "#${c.base00}"
text[NORMAL] = "#${c.base05}"
text[PRELIGHT] = "#${c.base06}"
text[ACTIVE] = "#${c.base07}"
text[SELECTED] = "#${c.base07}"
text[INSENSITIVE] = "#${c.base03}"
}
widget_class "*" style "custom-dark"
gtk-application-prefer-dark-theme="true"
'';
gtk3.extraConfig = {
gtk-application-prefer-dark-theme = true;
};
gtk4.extraConfig = {
gtk-application-prefer-dark-theme = true;
};
# Inject comprehensive color overrides for GTK 3
gtk3.extraCss = gtkColorOverrides;
# Inject comprehensive color overrides for GTK 4
gtk4.extraCss = gtkColorOverrides;
};
dconf.settings = {
"org/gnome/desktop/interface" = {
color-scheme = "prefer-dark";
icon-theme = "Papirus-Dark";
};
};
home.packages = with pkgs; [
papirus-icon-theme
gnome-themes-extra
adwaita-icon-theme
];
qt = {
enable = true;
#platformTheme.name = "gtk";
platformTheme.name = "gtk3";
style.name = "gtk2";
};
}

49
modules/fcitx5.nix → home/fcitx5.nix
View File

@@ -1,28 +1,38 @@
{ pkgs, lib, ... }:
{
config,
pkgs,
lib,
...
}:
{
# System-level fcitx5 configuration for Wayland
# This prevents GTK_IM_MODULE from being set, which is recommended for Wayland
i18n.inputMethod = {
enable = true;
type = "fcitx5";
fcitx5 = {
waylandFrontend = true;
addons = with pkgs; [
fcitx5-rime
fcitx5-mozc
fcitx5-gtk
fcitx5-configtool
fcitx5-material-color # Add the theme package
];
settings = {
# Correct hotkey section:
globalOptions.Hotkey = {
TriggerKey = "Control+space";
};
# Addon settings for the theme
addons.classicui = {
globalSection = {
Theme = "Material-Color-Dark";
DarkTheme = "Material-Color-Dark";
UseDarkTheme = true;
};
};
inputMethod = {
GroupOrder."0" = "Default";
"Groups/0" = {
Name = "Default";
"Default Layout" = "us";
DefaultIM = "mozc";
"DefaultIM" = "keyboard-us";
};
"Groups/0/Items/0" = {
Name = "keyboard-us";
@@ -36,21 +46,12 @@
Name = "keyboard-no";
Layout = "no";
};
"Groups" = {
GroupOrder = "Default";
};
};
};
addons = with pkgs; [
fcitx5-rime
fcitx5-mozc
fcitx5-gtk
qt6Packages.fcitx5-configtool
];
};
};
# Ensure fcitx5 starts with the session
services.xserver.desktopManager.runXdgAutostartIfNone = true;
# environment.sessionVariables = {
# GTK_IM_MODULE = lib.mkForce "";
# };
}

1
home/fonts.nix
View File

@@ -25,7 +25,6 @@
nerd-fonts.noto
nerd-fonts.hack
nerd-fonts.fira-code
zpix-pixel-font
font-awesome_4

48
home/foot.nix
View File

@@ -12,38 +12,38 @@
main = {
term = "xterm-256color";
#font = "0xproto:size=14";
font = "0xproto:size=14";
#dpi-aware = "yes";
};
mouse = {
hide-when-typing = "yes";
};
#colors = {
#alpha = "0.7";
#foreground = "${config.colorScheme.palette.base05}";
#background = "${config.colorScheme.palette.base00}";
colors = {
alpha = "0.7";
foreground = "${config.colorScheme.palette.base05}";
background = "${config.colorScheme.palette.base00}";
#regular0 = "${config.colorScheme.palette.base00}";
#regular1 = "${config.colorScheme.palette.base08}";
#regular2 = "${config.colorScheme.palette.base0B}";
#regular3 = "${config.colorScheme.palette.base0A}";
#regular4 = "${config.colorScheme.palette.base0D}";
#regular5 = "${config.colorScheme.palette.base0E}";
#regular6 = "${config.colorScheme.palette.base0C}";
#regular7 = "${config.colorScheme.palette.base05}";
regular0 = "${config.colorScheme.palette.base00}";
regular1 = "${config.colorScheme.palette.base08}";
regular2 = "${config.colorScheme.palette.base0B}";
regular3 = "${config.colorScheme.palette.base0A}";
regular4 = "${config.colorScheme.palette.base0D}";
regular5 = "${config.colorScheme.palette.base0E}";
regular6 = "${config.colorScheme.palette.base0C}";
regular7 = "${config.colorScheme.palette.base05}";
#bright0 = "${config.colorScheme.palette.base03}";
#bright1 = "${config.colorScheme.palette.base08}";
#bright2 = "${config.colorScheme.palette.base0B}";
#bright3 = "${config.colorScheme.palette.base0A}";
#bright4 = "${config.colorScheme.palette.base0D}";
#bright5 = "${config.colorScheme.palette.base0E}";
#bright6 = "${config.colorScheme.palette.base0C}";
#bright7 = "${config.colorScheme.palette.base07}";
#selection-foreground = "${config.colorScheme.palette.base00}";
#selection-background = "${config.colorScheme.palette.base0A}";
#};
bright0 = "${config.colorScheme.palette.base03}";
bright1 = "${config.colorScheme.palette.base08}";
bright2 = "${config.colorScheme.palette.base0B}";
bright3 = "${config.colorScheme.palette.base0A}";
bright4 = "${config.colorScheme.palette.base0D}";
bright5 = "${config.colorScheme.palette.base0E}";
bright6 = "${config.colorScheme.palette.base0C}";
bright7 = "${config.colorScheme.palette.base07}";
selection-foreground = "${config.colorScheme.palette.base00}";
selection-background = "${config.colorScheme.palette.base0A}";
};
};

2
home/git.nix
View File

@@ -7,7 +7,7 @@
{
programs.git = {
enable = true;
settings = {
extraConfig = {
pull.rebase = true;
push.autoSetupRemote = true;
color.ui = "auto";

18
home/gunalx.nix
View File

@@ -6,20 +6,14 @@
}:
{
imports = [
./unstable.nix
./nixpkgs.nix
./sshconfig.nix
./atuin.nix
./git.nix
./bash.nix
#./xdg.nix
# theming
./colors.nix
./stylix.nix
./xdg.nix
#graphical
./colors.nix
./fuzzel.nix
./swaylock.nix
./gtklock.nix
@@ -27,18 +21,16 @@
./waybar.nix
./wlogout.nix
./niri.nix
./noctalia.nix
./wallpapers.nix
./swww.nix
./fonts.nix
#applications
#./mako.nix # superseeded by noctalia
./mako.nix
./foot.nix
./zed.nix
./aider.nix
./opencode.nix
./nixvim.nix
./neovim.nix
./fcitx5.nix
./python.nix

18
home/kdeconnect.nix
View File

@@ -1,18 +0,0 @@
{
pkgs,
lib,
config,
...
}:
{
home.packages = with pkgs; [
kdePackages.xdg-desktop-portal-kde
kdePackages.kdeconnect-kde
];
services.kdeconnect = {
enable = true;
#package = pkgs.kdePackages.kdeconnect-kde;
package = pkgs.gnomeExtensions.gsconnect;
indicator = true;
};
}

7
home/mako.nix
View File

@@ -46,12 +46,5 @@ in
border-color = "#${palette.base08}FF";
};
settings."mode=silent" = {
invisible = 1;
actions = false;
icons = false;
default-timeout = 0;
};
};
}

146
home/neovim.nix
View File

@@ -5,135 +5,47 @@
viAlias = true;
vimAlias = true;
defaultEditor = true;
# Required for render-markdown and coc
withPython3 = true;
withNodeJs = true;
# Keep your python deps for latex rendering
extraPython3Packages = ps: [ ps.pylatexenc ];
extraConfig = ''
set backspace=indent,eol,start
syntax on
set tabstop=2 softtabstop=0 autoindent expandtab shiftwidth=2 smarttab
extraPackages = with pkgs; [
fzf
wl-clipboard
xclip
ripgrep # Nvim-tree (and fzf) work better with ripgrep installed
];
" Use <Tab> completion instead of ctrl n and ctrl p
inoremap <expr> <Tab> pumvisible() ? "\<C-y>" : "\<Tab>"
inoremap <expr> <S-Tab> "\<Tab>"
'';
extraLuaConfig = ''
vim.wo.number = true
-- vim.wo.relativenumber = true
vim.api.nvim_set_option("clipboard", "unnamedplus")
'';
extraPackages = [ pkgs.fzf ]; # For fzf-vim functionality
plugins = with pkgs.vimPlugins; [
vim-indent-guides
# --- UI / File Explorer (Replaces Chadtree) ---
nvim-tree-lua
nvim-web-devicons
# --- Fuzzy Finder ---
fzf-vim
# --- Editor Utilities ---
vim-lastplace
vim-nix
vim-lastplace
vim-yaml
# --- Coding / LSP (CoC) ---
# Keeping CoC as requested (switching to Native LSP is a bigger task)
coc-nvim
coc-vimtex
coc-rust-analyzer
# --- Markdown / LaTeX / Typst ---
vimtex
fzf-vim
chadtree
typst-vim
typst-preview-nvim
render-markdown-nvim
markdown-preview-nvim
# --- AI ---
aider-nvim
# --- Treesitter ---
(nvim-treesitter.withPlugins (p: [
p.markdown
p.markdown_inline
p.latex
p.yaml
p.bash
p.rust
p.nix
p.lua
]))
#magma-nvim #jupyter
#molten-nvim #jupyter
];
# We can consolidate most settings into Lua for simplicity
extraLuaConfig = ''
-- ============================
-- 1. General Settings
-- ============================
vim.opt.number = true
vim.opt.backspace = { "indent", "eol", "start" }
vim.opt.tabstop = 2
vim.opt.softtabstop = 0
vim.opt.shiftwidth = 2
vim.opt.expandtab = true
vim.opt.smarttab = true
vim.opt.autoindent = true
-- Clipboard setup
vim.opt.clipboard = "unnamedplus"
-- ============================
-- 2. File Explorer (Nvim-tree)
-- ============================
-- This replaces Chadtree. It is much more stable.
require("nvim-tree").setup({
sort = { sorter = "case_sensitive" },
view = { width = 30 },
renderer = { group_empty = true },
filters = { dotfiles = false },
})
-- Toggle file explorer with <Leader>e
vim.keymap.set('n', '<leader>e', ':NvimTreeToggle<CR>', { silent = true })
-- ============================
-- 3. Render Markdown Setup
-- ============================
require('render-markdown').setup({
latex = {
enabled = true,
converter = 'latex2text',
highlight = 'RenderMarkdownMath',
top_pad = 0,
bottom_pad = 0,
},
})
'';
# Vimscript is still best for specific CoC and FZF tweaks
extraConfig = ''
syntax on
set mouse=a
" --- CoC Configuration ---
" Use Tab to trigger completion and navigate
inoremap <silent><expr> <TAB>
\ coc#pum#visible() ? coc#pum#next(1) :
\ CheckBackspace() ? "\<Tab>" :
\ coc#refresh()
inoremap <expr><S-TAB> coc#pum#visible() ? coc#pum#prev(1) : "\<C-h>"
" Make <CR> (Enter) accept the selected item
inoremap <silent><expr> <CR> coc#pum#visible() ? coc#pum#confirm()
\: "\<C-g>u\<CR>\<c-r>=coc#on_enter()\<CR>"
function! CheckBackspace() abort
let col = col('.') - 1
return !col || getline('.')[col - 1] =~# '\s'
endfunction
" --- Keymaps ---
" Browser Preview Hotkey
nmap <leader>m <Plug>MarkdownPreviewToggle
'';
# CoC configuration (replacing coc-rust-analyzer plugin)
coc.enable = true;
coc.settings = {
"coc.globalExtensions" = [
"coc-rust-analyzer"
];
};
};
}

1269
home/niri.nix
View File

File diff suppressed because it is too large Load Diff

17
home/nixpkgs.nix
View File

@@ -1,17 +0,0 @@
{
config,
pkgs,
lib,
...
}:
{
nixpkgs = {
config = {
allowUnfree = true;
permittedInsecurePackages = [
# example "python3.11-youtube-dl-2021.12.17"
];
};
};
}

263
home/nixvim.nix
View File

@@ -1,263 +0,0 @@
{ pkgs, ... }:
{
programs.nixvim = {
enable = true;
viAlias = true;
vimAlias = true;
defaultEditor = true;
withPython3 = true;
extraPython3Packages = ps: [ ps.pylatexenc ];
extraPackages = with pkgs; [
wl-clipboard
xclip
ripgrep
tree-sitter
];
globals.mapleader = " ";
opts = {
number = true;
relativenumber = true;
tabstop = 4;
softtabstop = 0;
shiftwidth = 4;
expandtab = true;
smarttab = true;
autoindent = true;
backspace = [
"indent"
"eol"
"start"
];
mouse = "a";
clipboard = "unnamedplus";
};
userCommands = {
E = {
command = "require('oil').open()";
desc = "Open oil file explorer";
};
};
plugins = {
web-devicons.enable = true;
treesitter = {
enable = true;
settings = {
highlight.enable = true;
indent.enable = true;
ensure_installed = [
"markdown"
"markdown_inline"
"latex"
"yaml"
"bash"
"rust"
"nix"
"lua"
];
};
};
lsp = {
enable = true;
servers = {
rust_analyzer = {
enable = true;
installCargo = true;
installRustc = true;
};
nil_ls.enable = true;
lua_ls.enable = true;
yamlls.enable = true;
};
};
cmp-nvim-lsp.enable = true;
cmp-buffer.enable = true;
cmp-path.enable = true;
cmp = {
enable = true;
autoEnableSources = true;
settings = {
mapping = {
"<Tab>" = {
__raw = ''
cmp.mapping(function(fallback)
if cmp.visible() then
cmp.select_next_item()
elseif require('minuet.virtualtext').action.is_visible() then
require('minuet.virtualtext').action.accept()
else
fallback()
end
end, { 'i', 's' })
'';
};
"<S-Tab>" = {
__raw = ''
cmp.mapping(function(fallback)
if cmp.visible() then
cmp.select_prev_item()
elseif require('minuet.virtualtext').action.is_visible() then
require('minuet.virtualtext').action.dismiss()
else
fallback()
end
end, { 'i', 's' })
'';
};
"<CR>" = "cmp.mapping.confirm({ select = true })";
"<C-Space>" = "cmp.mapping.complete()";
"<C-e>" = "cmp.mapping.abort()";
};
sources = [
{ name = "nvim_lsp"; }
{ name = "minuet"; }
{ name = "path"; }
{ name = "buffer"; }
];
performance.fetching_timeout = 3000;
};
};
telescope = {
enable = true;
keymaps = {
"<leader>ff" = "find_files";
"<leader>fg" = "live_grep";
"<leader>fb" = "buffers";
};
};
oil = {
enable = true;
settings = {
default_file_explorer = true;
columns = [ "icon" ];
view_options.show_hidden = false;
preview_win = {
update_on_cursor_moved = true;
};
keymaps = {
"<C-p>" = "actions.preview";
"-" = "actions.parent";
};
};
};
render-markdown = {
enable = true;
settings = {
latex = {
enabled = true;
converter = "latex2text";
highlight = "RenderMarkdownMath";
top_pad = 0;
bottom_pad = 0;
};
};
};
markdown-preview.enable = true;
vimtex.enable = true;
typst-vim.enable = true;
typst-preview.enable = true;
lastplace.enable = true;
indent-blankline.enable = true;
nix.enable = true;
minuet = {
enable = true;
settings = {
provider = "openai_fim_compatible";
n_completions = 1;
context_window = 1024;
throttle = 1500;
debounce = 600;
virtualtext = {
auto_trigger_ft = [ "*" ];
show_on_completion_menu = false;
};
provider_options = {
openai_fim_compatible = {
name = "Galadriel";
end_point = "http://galadriel:11112/v1/completions";
model = "qwen3.5";
api_key = "supersecret";
stream = true;
optional = {
max_tokens = 32;
};
template = {
prompt = {
__raw = ''
function(context_before_cursor, context_after_cursor, _)
return '<|fim_prefix|>'
.. context_before_cursor
.. '<|fim_suffix|>'
.. context_after_cursor
.. '<|fim_middle|>'
end
'';
};
suffix = false;
};
};
};
};
};
};
keymaps = [
{
mode = "n";
key = "<leader>e";
action = "<cmd>Oil<CR>";
options.desc = "Open oil file explorer";
}
{
mode = "n";
key = "<leader>m";
action = "<cmd>MarkdownPreviewToggle<CR>";
options.desc = "Toggle markdown preview";
}
{
mode = "n";
key = "<leader>fm";
action = "<cmd>lua vim.lsp.buf.format()<CR>";
options.desc = "Format with LSP";
}
{
mode = "n";
key = "<leader>bn";
action = "<cmd>bnext<CR>";
options.desc = "Next buffer";
}
{
mode = "n";
key = "<leader>bp";
action = "<cmd>bprev<CR>";
options.desc = "Previous buffer";
}
{
mode = "n";
key = "<leader>bd";
action = "<cmd>bdelete<CR>";
options.desc = "Delete buffer";
}
{
mode = "n";
key = "<leader>bN";
action = "<cmd>enew<CR>";
options.desc = "New buffer";
}
];
};
}

224
home/noctalia.nix
View File

@@ -1,224 +0,0 @@
{
pkgs,
config,
lib,
...
}:
{
programs.noctalia-shell = {
enable = true;
settings = {
bar = {
position = "top";
density = "default";
floating = false;
exclusive = true;
widgets = {
left = [
{ id = "Launcher"; }
{
id = "CustomButton";
icon = "keyboard";
tooltip = "Open Keyboard";
leftClickExec = "pkill wvkbd-mobintl || wvkbd-mobintl";
}
{ id = "SystemMonitor"; }
{ id = "MediaMini"; }
{ id = "Workspace"; }
];
center = [
{ id = "ActiveWindow"; }
];
right = [
{ id = "Tray"; }
{ id = "Clock"; }
{ id = "NotificationHistory"; }
{ id = "Battery"; }
{ id = "Brightness"; }
{ id = "Volume"; }
{ id = "Bluetooth"; }
{ id = "Network"; }
{ id = "ControlCenter"; }
#{ id = "SessionMenu"; }
];
};
};
general = {
radiusRatio = 0.2;
#animationSpeed = 2;
animationDisabled = true; # annoying
};
colorSchemes = {
useWallpaperColors = false;
darkMode = true;
};
templates = {
activeTemplates = [ ];
enableUserTheming = false;
};
wallpaper = {
enabled = true;
directory = "~/Pictures/wallpapers";
automationEnabled = true;
wallpaperChangeMode = "random";
randomIntervalSec = 270000;
fillMode = "crop";
};
appLauncher = {
position = "center";
sortByMostUsed = true;
viewMode = "list";
showCategories = true;
enableClipboardHistory = false;
pinnedApps = [ ];
useApp2Unit = false;
terminalCommand = "footclient ";
customLaunchPrefixEnabled = false;
customLaunchPrefix = "";
iconMode = "tabler";
showIconBackground = false;
enableSettingsSearch = true;
ignoreMouseInput = false;
screenshotAnnotationTool = "";
};
notifications = {
enabled = true;
location = "top_right";
#backgroundOpacity = 0.8;
lowUrgencyDuration = 1;
normalUrgencyDuration = 2;
criticalUrgencyDuration = 3;
};
osd = {
enabled = true;
location = "top_right";
autoHideMs = 500;
overlayLayer = true;
backgroundOpacity = lib.mkForce 0.5;
};
location = {
name = "Trondheim";
showWeekNumberInCalendar = true;
firstDayOfWeek = -1;
};
};
plugins = {
sources = [
{
enabled = true;
name = "Official Noctalia Plugins";
url = "https://github.com/noctalia-dev/noctalia-plugins";
}
];
states = {
notes-scratchpad = {
enabled = true;
sourceUrl = "https://github.com/noctalia-dev/noctalia-plugins";
};
#todo = {
# enabled = true;
# sourceUrl = "https://github.com/noctalia-dev/noctalia-plugins";
#};
assistant-panel = {
enabled = true;
sourceUrl = "https://github.com/noctalia-dev/noctalia-plugins";
};
#pomodoro = {
# enabled = true;
# sourceUrl = "https://github.com/noctalia-dev/noctalia-plugins";
#};
#tailscale = {
# enabled = true;
# sourceUrl = "https://github.com/noctalia-dev/noctalia-plugins";
#};
#noctalia-supergfxctl = {
# enabled = true;
# sourceUrl = "https://github.com/noctalia-dev/noctalia-plugins";
#};
#weekly-calendar = {
# enabled = true;
# sourceUrl = "https://github.com/noctalia-dev/noctalia-plugins";
#};
kaomoji-provider = {
enabled = true;
sourceUrl = "https://github.com/noctalia-dev/noctalia-plugins";
};
rss-feed = {
enabled = true;
sourceUrl = "https://github.com/noctalia-dev/noctalia-plugins";
};
keybind-cheatsheet = {
enabled = true;
sourceUrl = "https://github.com/noctalia-dev/noctalia-plugins";
};
};
version = 1;
};
pluginSettings = {
notes-scratchpad = {
panelWidth = 1200;
panelHeigth = 1600;
fontSize = 16;
filePath = "${config.xdg.userDirs.documents}/notes-scratchpad.txt";
};
assistant-panel = {
ai = {
provider = "openai_compatible";
models = {
"openai_compatible" = "qwen3.5";
};
#apiKeys = {};
temperature = 0.6;
systemPrompt = "You are a helpful assistant answering short questions. Be brief, think critically and come with constructual critics where needed.";
openaiLocal = true;
openaiBaseUrl = "http://galadriel:11111/v1/chat/completions";
};
translator = {
backend = "google";
realTimeTranslation = true;
deeplApiKey = "";
};
maxHistoryLength = 10;
panelDetached = true;
panelPosition = "center";
panelHeightRatio = 0.70;
panelWidth = 640;
attachmentStyle = "connected";
scale = 1;
};
rss-feed = {
feeds = [
{
name = "Hacker News";
url = "https://news.ycombinator.com/rss";
}
];
updateInterval = 3600;
maxItemsPerFeed = 10;
showOnlyUnread = true;
markAsReadOnClick = true;
};
};
};
# Noctalia is started via a systemd user service, so it won't see variables
# set only in niri's `settings.environment`. Put theme-related env here.
systemd.user.services.noctalia-shell.Service.Environment = [
"QT_QPA_PLATFORM=wayland;xcb"
"QT_QPA_PLATFORMTHEME=qt6ct"
"QT_AUTO_SCREEN_SCALE_FACTOR=1"
# Ensures Quickshell resolves app icons from a known icon theme.
"QS_ICON_THEME=Papirus-Dark"
];
}

145
home/opencode.nix
View File

@@ -1,145 +0,0 @@
{
pkgs,
lib,
unstable,
config,
...
}:
{
programs.opencode = {
package = pkgs.unstable.opencode;
enable = true;
enableMcpIntegration = true;
settings = {
#model = "github-copilot/gpt-5.2";
model = "zai-coding-plan/glm-5.1";
small_model = "zai-coding-plan/glm-5-turbo";
autoshare = false;
autoupdate = false;
};
agents = {
code-reviewer = ''
# Code Reviewer Agent
You are a senior software engineer specializing in code reviews.
Focus on code quality, security, and maintainability.
## Guidelines
- Review for potential bugs and edge cases
- Check for security vulnerabilities
- Ensure code follows best practices
- Suggest improvements for readability and performance
'';
debugger = ''
# Debugger Agent
You are a software engineer specializing in debugging and troubleshooting.
Focus on identifying issues, providing insights into existing bugs, and suggesting improvements to the debugging process.
## Guidelines
- Look for unhandled exceptions, crashes, or error states.
- Identify and remove redundant or unnecessary debug/print statements.
- Check for proper logging practices: ensure log levels (info, debug, error) are used correctly.
- Examine error messages for clarity and contextensure they aid in troubleshooting.
- Look for missing or incorrect error handling and suggest improvements.
- Trace the flow of execution to catch logical or state-related bugs.
- Ensure relevant variable states are being monitored during runtime to spot anomalies.
- Suggest improvements to breakpoints, watchpoints, or other debugging tools for better visibility.
- Look for performance bottlenecks that could be causing issues and suggest optimizations.
- Check for edge cases and race conditions that might not be covered by current debugging.
- Ensure debugging steps or tools dont affect production environments (i.e., avoid verbose logging in production).
- Document findings and proposed fixes clearly for future reference.
'';
simplifier = ''
# Simplifier Agent
You are a software engineer specializing in simplifying and refactoring complex code.
Focus on making the code more readable, maintainable, and easier to understand without altering its functionality.
## Guidelines
- Break down long or complex functions into smaller, well-named helper functions or methods.
- Identify and remove any redundant or duplicate logic, consolidating wherever possible.
- Use more descriptive variable and function names to improve clarity.
- Simplify nested loops or conditionals (e.g., consider early returns to reduce indentation).
- Replace complex data structures or algorithms with simpler, more efficient alternatives if appropriate.
- Refactor complex conditional logic (e.g., using polymorphism, strategy pattern, or lookup tables where applicable).
- Replace hardcoded values with constants or configuration variables to improve flexibility.
- Group related logic together to improve cohesion within classes or functions.
- Ensure the code follows the DRY (Don't Repeat Yourself) principle and refactor to remove duplication.
- Simplify error handling by centralizing common error paths or using more consistent exception handling.
- Remove unnecessary comments or redundant code that doesnt add value to readability.
- Check for opportunities to use built-in language features or libraries to reduce custom code (e.g., use `map()` instead of for-loops in Python).
- Ensure code is modular and maintainable, facilitating easier testing and future updates.
- Use early exits or guard clauses to minimize nested logic and make the code more straightforward.
'';
};
commands = {
commit = ''
# Commit Command
Create a git commit with proper message formatting following conventional commits.
Keep it simple and only have one simple commit line. If you need to know what was changed, look at the staged files, and the diffs of the relevant ones.
Usage: /commit [message]
'';
};
rules = ''
### **General Project Guidelines**
#### **Separation of Concerns**
* Keep your code **loosely coupled** components/modules should only know about what they need.
* Maintain clear **separation between domain logic and business logic** ensure your domain layer is independent of infrastructure or framework specific details.
* Ensure **separation of data concerns** never mix UI data, business data, and domain entities in a single layer.
#### **Typing and Type Safety**
* **Always define types** explicitly for variables, parameters, and return values.
* Avoid using `any` if you're unsure about a type, lean on **unknown** or **generics** until you can define it properly.
* **Interfaces and Types** should be descriptive and reusable prefer interfaces for object shapes, and types for unions/intersections or specific business rules.
* Avoid overcomplicating types focus on clarity and consistency.
#### **Code Simplicity**
* Write **simple, understandable code** don't over engineer solutions unless absolutely necessary.
* Keep methods and functions **small and focused** follow the Single Responsibility Principle.
* **Comment only when necessary** to explain complex or non obvious patterns **no comments for simple or self explanatory code**.
#### **Production-Ready Code**
* Always write **production-grade code** optimize for maintainability, readability, and scalability.
* Ensure **robust error handling** catch edge cases, validate inputs, and handle exceptions gracefully.
#### **Framework and Library Usage**
* Use frameworks and libraries **where they make sense**, but avoid unnecessary dependencies, we usually want to keep dependencies down.
* Follow **framework best practices** for structure, state management, and lifecycle methods
* Keep **UI and business logic separate** don't directly tie your UI components to business logic; use hooks or services to handle interactions.
#### **Documentation**
* **Document key architecture decisions** especially if they are complex or non intuitive.
* Only document the **why** and **how** when it's not obvious avoid redundant or trivial comments.
* Keep your documentation to the developmentlog.md Make a new section, dont write to long, just briefely what needs to be documented.
#### **Performance Considerations**
* Optimize for **readability first**, then **performance** measure performance bottlenecks before optimizing.
* When optimizing, our first priority is finding arcitectural problems, then finding out ways to parralelize.
# General Rules
Keep things understandable for a software engineer. You dont need to over explain, and rather keep things a bit simpler. and tify.
Dont overly format your text as well. When writing plain text, markdown or similat, keep the writing in a human style with minimal formating, and good but simple explanations.
Be brief, you dont need to overly explain concepts or content that dont really need more explanation.
Tell the user where it takes wrong if the user does. You are allowed to think critically, and find problems in existing solutions, but start by asking, to get more clarification.
Dont do all the work for the user, rather let the user know where some help from them are needed. Some things are better done manually, and should not be done by you the assistant.
'';
};
}

23
home/python.nix
View File

@@ -1,8 +1,27 @@
{ pkgs, ... }:
{
home.packages = [
pkgs.poetry
(pkgs.python312.withPackages (ppkgs: [
ppkgs.uv
ppkgs.pip
ppkgs.numpy
ppkgs.sympy
ppkgs.scipy
ppkgs.matplotlib
ppkgs.requests
ppkgs.pandas
ppkgs.scikit-learn
ppkgs.nltk
ppkgs.huggingface-hub
ppkgs.flask
ppkgs.gunicorn
ppkgs.torch
ppkgs.opencv-python
ppkgs.pillow
ppkgs.keras
ppkgs.tqdm
ppkgs.ipykernel
]))
(pkgs.python3.withPackages (import ../modules/python-packages.nix))
];
}

7
home/sshconfig.nix
View File

@@ -17,13 +17,10 @@
programs.ssh = {
enable = true;
# compression moved to matchBlocks."*"
# Default config is deprecated, disabling it and managing defaults manually if needed
enableDefaultConfig = false;
compression = true;
matchBlocks = {
"*" = {
compression = true;
identityFile = [
"~/.ssh/nixos"
"~/.ssh/id_ed25519"
@@ -85,7 +82,7 @@
"galadriel" = {
port = 6969;
hostname = "100.110.96.125";
hostname = "100.84.215.84";
};
"gandalf" = {

62
home/stylix.nix
View File

@@ -1,62 +0,0 @@
{ pkgs, config, ... }:
{
stylix = {
enable = true;
#autoEnable = false;
#targets.gtk.enable = true;
#targets.qt.enable = true;
#manually disable stuff i have done manually
targets.mako.enable = false;
#targets.foot.enable = false;
targets.swaylock.enable = false;
targets.fuzzel.enable = false;
targets.zed.enable = false;
base16Scheme = {
scheme = config.colorScheme.name;
author = config.colorScheme.author;
base00 = config.colorScheme.palette.base00;
base01 = config.colorScheme.palette.base01;
base02 = config.colorScheme.palette.base02;
base03 = config.colorScheme.palette.base03;
base04 = config.colorScheme.palette.base04;
base05 = config.colorScheme.palette.base05;
base06 = config.colorScheme.palette.base06;
base07 = config.colorScheme.palette.base07;
base08 = config.colorScheme.palette.base08;
base09 = config.colorScheme.palette.base09;
base0A = config.colorScheme.palette.base0A;
base0B = config.colorScheme.palette.base0B;
base0C = config.colorScheme.palette.base0C;
base0D = config.colorScheme.palette.base0D;
base0E = config.colorScheme.palette.base0E;
base0F = config.colorScheme.palette.base0F;
};
opacity = {
desktop = 0.7;
terminal = 0.7;
};
fonts = {
sizes = {
applications = 14;
terminal = 24;
desktop = 12;
};
serif = config.stylix.fonts.monospace;
sansSerif = config.stylix.fonts.monospace;
monospace = {
package = pkgs.notonoto-35;
#name = "NOTONOTO-35-Bold";
name = "NOTONOTO-35";
};
emoji = {
package = pkgs.noto-fonts-monochrome-emoji;
name = "Noto Emoji";
};
};
};
}

7
home/swayidle.nix
View File

@@ -11,16 +11,15 @@
timeouts = [
{
timeout = 210;
timeout = 180;
#command = "swaylock";
command = "gtklock";
resumeCommand = null;
}
{
timeout = 180;
timeout = 210;
command = "niri msg action power-off-monitors";
resumeCommand = "niri msg action power-on-monitors";
resumeCommand = null;
}
];

17
home/unstable.nix
View File

@@ -1,17 +0,0 @@
{
config,
inputs,
...
}:
let
unstableOverlay = final: prev: {
unstable = import inputs.unstable {
inherit (final.stdenv.hostPlatform) system;
config = config.nixpkgs.config;
};
};
in
{
nixpkgs.overlays = [ unstableOverlay ];
}

2
home/wlogout.nix
View File

@@ -30,7 +30,7 @@ in
layout = [
{
label = "lock";
action = "gtklock";
action = "swaylock";
text = "Lock";
keybind = "l";
}

36
home/xdg.nix
View File

@@ -4,39 +4,21 @@
config,
...
}:
{
# Enable XDG base directories
xdg.enable = true;
# Install the necessary packages for XDG compliance and management
home.packages = with pkgs; [
xdg-utils
xdg-desktop-portal-gtk
xdg-desktop-portal
xdg-desktop-portal-wlr
xdg-desktop-portal-gtk
xdg-desktop-portal-gnome
xdg-launch
xdg-ninja
xdg-utils
];
# Define session variables for XDG directories
home.sessionVariables = {
# Set other tools' paths to XDG directories (they should be relative to XDG_DATA_HOME or XDG_STATE_HOME)
GOPATH = "$XDG_DATA_HOME/go";
CARGO_HOME = "$XDG_DATA_HOME/cargo";
RUSTUP_HOME = "$XDG_DATA_HOME/rustup";
DOTNET_CLI_HOME = "$XDG_DATA_HOME/dotnet";
GNUPGHOME = "$XDG_DATA_HOME/gnupg";
ZDOTDIR = "$XDG_CONFIG_HOME/zsh"; # Optional, for Zsh configuration
HISTFILE = "$XDG_STATE_HOME/bash/history"; # Optional, for Bash history file location
};
xdg.enable = true;
# Enable XDG user directories (like Documents, Downloads, etc.)
xdg.userDirs.enable = true;
xdg.userDirs.createDirectories = true;
# home.sessionVariables = {
# };
# Enable autostart functionality with read-only mode (prevents arbitrary service additions)
xdg.autostart.enable = true;
xdg.autostart.readOnly = true;
# Handle XDG MIME type associations (useful for apps)
xdg.mime.enable = true;
xdg.mimeApps.enable = true;
}

76
home/zed.nix
View File

@@ -5,82 +5,8 @@
...
}:
{
home.packages = with pkgs; [
copilot-language-server
github-copilot-cli
nixd
vscode-extensions.github.copilot
];
programs.zed-editor = {
enable = true;
#package = pkgs.zed-editor-fhs;
package = pkgs.unstable.zed-editor-fhs;
extraPackages = with pkgs; [
nodejs
copilot-language-server
github-copilot-cli
nixd
vscode-extensions.github.copilot
];
extensions = [
"nix"
"toml"
"rust"
"html"
"yaml"
"python"
"make"
"xml"
"dockerfile"
"vue"
"latex"
"csv"
"rainbow csv"
"snippets"
"typst"
"mermaid"
"markdownlint"
"markdown oxide"
"java"
"dart"
"go"
"c#"
"json"
"flask snippets"
"python snippets"
"flutter snippets"
"tokyo night themes"
"opencode"
];
userSettings = {
theme = {
mode = "system";
dark = "Tokyo Night";
light = "Tokyo Night Storm";
};
features = {
edit_prediction_provider = "copilot";
};
agent = {
default_profile = "write";
default_model = {
provider = "copilot_chat";
model = "claude-opus-4.5";
};
model_parameters = [ ];
};
hour_format = "hour24";
node = {
path = lib.getExe pkgs.nodejs;
npm_path = lib.getExe' pkgs.nodejs "npm";
};
load_direnv = "shell_hook";
base_keymap = "VSCode";
show_whitespaces = "boundary";
};
package = pkgs.zed-editor-fhs;
};
}

77
hosts/aragon/configuration.nix
View File

@@ -2,71 +2,41 @@
# your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running nixos-help).
{
config,
pkgs,
lib,
...
}:
{ config, pkgs, lib, ... }:
{
imports = [
# Include the results of the hardware scan.
./hardware-configuration.nix
# Core system modules
../../modules/boot.nix
../../modules/nix.nix
../../modules/pam.nix
../../modules/polkit.nix
../../modules/zram.nix
../../modules/thermal.nix
# Networking and remote access
../../modules/openssh.nix
../../modules/tailscale.nix
# User interface and desktop
../../modules/displaymanager.nix
../../modules/xdg.nix
../../modules/sound.nix
../../modules/bluetooth.nix
../../modules/desktopApplications.nix
# Development tools and user configuration
../../modules/basePackages.nix
../../modules/develPackages.nix
../../modules/gunalx.nix
# Containerization and cloud
../../modules/podman.nix
# Scientific and data tools
../../modules/jupyterhub.nix
# Software and gaming
../../modules/steam.nix
# SDR (Software Defined Radio)
../../modules/rtlsdr.nix
../../modules/websdr.nix
# Secrets management
../../modules/polkit.nix
../../modules/nix.nix
../../modules/openssh.nix
../../secrets/sops.nix
../../secrets/sopsconf.nix
../../modules/sound.nix
../../modules/gunalx.nix
../../modules/pam.nix
../../modules/tailscale.nix
../../modules/podman.nix
../../modules/steam.nix
../../modules/xdg.nix
../../modules/bluetooth.nix
../../modules/basePackages.nix
../../modules/develPackages.nix
../../modules/desktopApplications.nix
../../modules/comfyui.nix
];
services.desktopManager.gnome.enable = true;
environment.systemPackages = [
pkgs.qwen-asr
];
# Bootloader.
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
boot.binfmt.emulatedSystems = [ "aarch64-linux" ];
# Setup keyfile
boot.initrd.secrets = {
@@ -74,10 +44,8 @@
};
# Enable swap on luks
boot.initrd.luks.devices."luks-08650b6b-6143-4503-8bf5-a3d32ef62d73".device =
"/dev/disk/by-uuid/08650b6b-6143-4503-8bf5-a3d32ef62d73";
boot.initrd.luks.devices."luks-08650b6b-6143-4503-8bf5-a3d32ef62d73".keyFile =
"/crypto_keyfile.bin";
boot.initrd.luks.devices."luks-08650b6b-6143-4503-8bf5-a3d32ef62d73".device = "/dev/disk/by-uuid/08650b6b-6143-4503-8bf5-a3d32ef62d73";
boot.initrd.luks.devices."luks-08650b6b-6143-4503-8bf5-a3d32ef62d73".keyFile = "/crypto_keyfile.bin";
networking.hostName = "aragon"; # Define your hostname.
time.timeZone = "Europe/Amsterdam";
@@ -91,14 +59,15 @@
# sleep wakeup rules
services.udev.extraRules = ''
ACTION=="add", SUBSYSTEM=="pci", DRIVER=="pcieport", ATTR{power/wakeup}="disabled"
'';
ACTION=="add", SUBSYSTEM=="pci", DRIVER=="pcieport", ATTR{power/wakeup}="disabled"
'';
#comment out to enable sleep. Uncommented over vacations
# systemd.targets.sleep.enable = false;
# systemd.targets.suspend.enable = false;
# systemd.targets.hibernate.enable = false;
# systemd.targets.hybrid-sleep.enable = false;
# Open ports in the firewall.
# networking.firewall.allowedTCPPorts = [ ... ];

148
hosts/aragon/hardware-configuration.nix
View File

@@ -1,35 +1,26 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{
config,
lib,
pkgs,
modulesPath,
...
}:
{ config, lib, pkgs, modulesPath, ... }:
{
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [
"nvme"
"xhci_pci"
"ahci"
"usb_storage"
"usbhid"
"sd_mod"
"sr_mod"
];
boot.initrd.kernelModules = [ "amdgpu" ];
boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "ahci" "usb_storage" "usbhid" "sd_mod" "sr_mod" ];
boot.initrd.kernelModules = ["amdgpu" ];
boot.kernelModules = [ "kvm-amd" ];
boot.extraModulePackages = [ ];
hardware.amdgpu.opencl.enable = true;
hardware.amdgpu.amdvlk.enable = true;
boot.kernelPackages = pkgs.linuxPackages_latest;
hardware.graphics = {
enable = true;
};
services.xserver.videoDrivers = [ "amdgpu" ];
systemd.tmpfiles.rules = [
@@ -37,79 +28,62 @@
];
nixpkgs.config.rocmSupport = true;
nixpkgs.config.rocmTargets = [ "gfx1030" ];
environment.variables = {
HSA_OVERRIDE_GFX_VERSION = "10.3.0";
};
# Environment variables for ROCm
environment.sessionVariables = {
HSA_OVERRIDE_GFX_VERSION = "10.3.0";
ROCM_PATH = "${pkgs.rocmPackages.rocm-core}/opt/rocm";
HIP_PATH = "${pkgs.rocmPackages.rocm-core}/opt/rocm/hip";
HSA_OVERRIDE_GFX_VERSION="10.3.0";
};
hardware.graphics = {
enable = true;
extraPackages = with pkgs; [
rocmPackages.clr.icd
vulkan-loader
vulkan-tools
vulkan-headers
#hardware.opengl.extraPackages32 = with pkgs; [
# driversi686Linux.amdvlk
#];
environment.systemPackages = with pkgs; [
lact
rocmPackages.rocminfo
rocmPackages.rocm-smi
rocmPackages.rocm-runtime
rocmPackages.rocm-device-libs
rocmPackages.rocm-core
rocmPackages.rocm-cmake
rocmPackages.rocgdb
rocmPackages.rocblas
rocmPackages.rccl
];
systemd.packages = with pkgs; [ lact ];
systemd.services.lactd.wantedBy = ["multi-user.target"];
fileSystems."/" =
{ device = "/dev/disk/by-uuid/8ab16ad5-08d2-44f9-a9e4-2e6240bfd8f8";
fsType = "ext4";
};
fileSystems."/mnt/steam" =
{ device = "/dev/disk/by-id/nvme-Samsung_SSD_990_PRO_with_Heatsink_2TB_S7HPNJ0X304250L-part1";
fsType = "ext4";
};
boot.initrd.luks.devices."luks-31bf11fb-518a-408a-af06-93af528a5985".device = "/dev/disk/by-uuid/31bf11fb-518a-408a-af06-93af528a5985";
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/9A50-906F";
fsType = "vfat";
};
swapDevices =
[ { device = "/dev/disk/by-uuid/c7cdfab4-2c92-42de-b951-ccc6fcd7b7d7"; }
];
};
# You *can* still put utilities here
environment.systemPackages = with pkgs; [
vulkan-tools
clinfo
rocmPackages.clr
rocmPackages.rocminfo
rocmPackages.rocm-runtime
rocmPackages.rocm-core
rocmPackages.rocm-smi
rocmPackages.rocblas
rocmPackages.rccl
rocmPackages.hipcc
lact
rocmPackages.rocminfo
rocmPackages.rocm-smi
rocmPackages.rocm-runtime
rocmPackages.rocm-device-libs
rocmPackages.rocm-core
rocmPackages.rocm-cmake
rocmPackages.rocgdb
rocmPackages.rocblas
rocmPackages.rccl
rocmPackages.hipcc
];
systemd.packages = with pkgs; [ lact ];
systemd.services.lactd.wantedBy = [ "multi-user.target" ];
fileSystems."/" = {
device = "/dev/disk/by-uuid/8ab16ad5-08d2-44f9-a9e4-2e6240bfd8f8";
fsType = "ext4";
};
fileSystems."/mnt/steam" = {
device = "/dev/disk/by-id/nvme-Samsung_SSD_990_PRO_with_Heatsink_2TB_S7HPNJ0X304250L-part1";
fsType = "ext4";
};
boot.initrd.luks.devices."luks-31bf11fb-518a-408a-af06-93af528a5985".device =
"/dev/disk/by-uuid/31bf11fb-518a-408a-af06-93af528a5985";
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/9A50-906F";
fsType = "vfat";
};
swapDevices = [
{ device = "/dev/disk/by-uuid/c7cdfab4-2c92-42de-b951-ccc6fcd7b7d7"; }
];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.enp10s0.useDHCP = lib.mkDefault true;
# networking.interfaces.wlp7s0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

62
hosts/elros/configuration.nix
View File

@@ -1,62 +0,0 @@
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page, on
# https://search.nixos.org/options and in the NixOS manual (`nixos-help`).
{
config,
lib,
pkgs,
...
}:
{
imports = [
# Include the results of the hardware scan.
./hardware-configuration.nix
../../modules/boot.nix
../../modules/zram.nix
../../modules/nix.nix
../../modules/openssh.nix
../../modules/gunalx.nix
../../secrets/sops.nix
../../secrets/sopsconf.nix
../../modules/pam.nix
../../modules/tailscale.nix
../../modules/basePackages.nix
../../modules/acme.nix
../../modules/pangolin.nix
];
boot.binfmt.emulatedSystems = [ "aarch64-linux" ]; # support rpi building
# Use the systemd-boot EFI boot loader.
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
networking.hostName = "elros";
networking.networkmanager.enable = true;
time.timeZone = "Europe/Amsterdam";
# This option defines the first version of NixOS you have installed on this particular machine,
# and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions.
#
# Most users should NEVER change this value after the initial install, for any reason,
# even if you've upgraded your system to a new NixOS release.
#
# This value does NOT affect the Nixpkgs version your packages and OS are pulled from,
# so changing it will NOT upgrade your system - see https://nixos.org/manual/nixos/stable/#sec-upgrading for how
# to actually do that.
#
# This value being lower than the current NixOS release does NOT mean your system is
# out of date, out of support, or vulnerable.
#
# Do NOT change this value unless you have manually inspected all the changes it would make to your configuration,
# and migrated your data accordingly.
#
# For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion .
system.stateVersion = "25.05"; # Did you read the comment?
}

55
hosts/elros/hardware-configuration.nix
View File

@@ -1,55 +0,0 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{
config,
lib,
pkgs,
modulesPath,
...
}:
{
imports = [
(modulesPath + "/profiles/qemu-guest.nix")
];
boot.initrd.availableKernelModules = [
"ata_piix"
"uhci_hcd"
"virtio_pci"
"virtio_scsi"
"sd_mod"
"sr_mod"
];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ ];
boot.extraModulePackages = [ ];
fileSystems."/" = {
device = "/dev/disk/by-uuid/7fa4de3a-20bb-4d0f-b049-dd6a0a0aee6e";
fsType = "ext4";
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/E04D-431D";
fsType = "vfat";
options = [
"fmask=0022"
"dmask=0022"
];
};
swapDevices = [ ];
services.qemuGuest.enable = true;
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.ens18.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
}

88
hosts/elros/routes.nix
View File

@@ -1,88 +0,0 @@
{
config,
pkgs,
lib,
...
}:
{
services.caddy.virtualHosts = {
"managment.lauterer.it" = {
extraConfig = ''
reverse_proxy http://100.104.182.48
basicauth {
import ${config.sops.secrets."nginx/defaultpass".path}
}
'';
};
"funn-nas.lauterer.it" = {
extraConfig = ''
reverse_proxy https://100.104.182.48:30044 {
transport http {
tls_insecure_skip_verify
}
}
basicauth {
import ${config.sops.secrets."nginx/defaultpass".path}
}
'';
};
"film.lauterer.it" = {
extraConfig = ''
reverse_proxy http://100.104.182.48:8096
'';
};
"home.lauterer.it" = {
extraConfig = ''
reverse_proxy http://10.0.0.32:8123
'';
};
"jellyfin.lauterer.it" = {
extraConfig = ''
reverse_proxy http://100.84.215.84:8096
'';
};
"podgrab.lauterer.it" = {
extraConfig = ''
reverse_proxy http://100.84.215.84:4242
basicauth {
import ${config.sops.secrets."nginx/defaultpass".path}
}
'';
};
"jupyter.lauterer.it" = {
extraConfig = ''
reverse_proxy http://100.84.215.84:8771
'';
};
"rss.lauterer.it" = {
extraConfig = ''
reverse_proxy http://100.84.215.84:8089
'';
};
"ai.lauterer.it" = {
extraConfig = ''
reverse_proxy http://100.84.215.84:11111
'';
};
"chat.lauterer.it" = {
extraConfig = ''
reverse_proxy http://100.84.215.84:11111
'';
};
"archive.lauterer.it" = {
extraConfig = ''
reverse_proxy http://100.84.215.84:8082
'';
};
};
}

166
hosts/galadriel/configuration.nix
View File

@@ -1,80 +1,118 @@
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page, on
# https://search.nixos.org/options and in the NixOS manual (`nixos-help`).
# your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running nixos-help).
{ config, pkgs, ... }:
{
config,
lib,
pkgs,
...
}:
imports =
[ # Include the results of the hardware scan.
./hardware-configuration.nix
../../modules/boot.nix
../../modules/zram.nix
../../modules/nix.nix
../../modules/openssh.nix
../../secrets/sops.nix
../../secrets/sopsconf.nix
../../modules/pam.nix
../../modules/tailscale.nix
../../modules/podman.nix
../../modules/basePackages.nix
../../modules/develPackages.nix
{
imports = [
# Include the results of the hardware scan.
./hardware-configuration.nix
#./nvidia.nix #we have intel gpu now
../../modules/boot.nix
../../modules/zram.nix
../../modules/zfs.nix
../../modules/polkit.nix
../../modules/nix.nix
../../modules/openssh.nix
../../modules/gunalx.nix
../../secrets/sops.nix
../../secrets/sopsconf.nix
../../modules/pam.nix
../../modules/tailscale.nix
../../modules/podman.nix
../../modules/basePackages.nix
../../modules/develPackages.nix
../../modules/blog.nix
../../modules/jupyterhub.nix
../../modules/jellyfin.nix
../../modules/qbittorrent.nix
../../modules/miniflux.rss
../../modules/mealie.nix
../../modules/openwebui.nix
../../modules/ollama.nix
../../modules/vaultvarden.nix
../../modules/immich.nix
../../modules/qbittorrent.nix
../../modules/jellyfin.nix
../../modules/mealie.nix
../../modules/miniflux.nix
../../modules/jupyterhub.nix
../../modules/openwebui.nix
../../modules/llama-swap.nix
];
];
# Bootloader.
#boot.loader.grub.enable = true;
#boot.loader.grub.device = "/dev/nvme0n1";
#boot.loader.grub.useOSProber = true;
networking.hostId = "1ccccd3a";
# Setup keyfile
boot.initrd.secrets = {
"/boot/crypto_keyfile.bin" = null;
};
## Load zfs pool
boot.zfs.extraPools = [
"lorien"
];
boot.zfs.requestEncryptionCredentials = true;
#boot.loader.grub.enableCryptodisk = true;
# Use the systemd-boot EFI boot loader.
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
boot.initrd.luks.devices."luks-c88c45f4-58e0-424c-98e0-6e4a73655349".keyFile = "/boot/crypto_keyfile.bin";
networking.hostName = "galadriel"; # Define your hostname.
networking.hostName = "galadriel";
# Configure network proxy if necessary
# networking.proxy.default = "http://user:password@proxy:port/";
# networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
# Enable networking
networking.networkmanager.enable = true;
time.timeZone = "Europe/Amsterdam";
# Set your time zone.
time.timeZone = "Europe/Oslo";
# This option defines the first version of NixOS you have installed on this particular machine,
# and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions.
#
# Most users should NEVER change this value after the initial install, for any reason,
# even if you've upgraded your system to a new NixOS release.
#
# This value does NOT affect the Nixpkgs version your packages and OS are pulled from,
# so changing it will NOT upgrade your system - see https://nixos.org/manual/nixos/stable/#sec-upgrading for how
# to actually do that.
#
# This value being lower than the current NixOS release does NOT mean your system is
# out of date, out of support, or vulnerable.
#
# Do NOT change this value unless you have manually inspected all the changes it would make to your configuration,
# and migrated your data accordingly.
#
# For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion .
# Select internationalisation properties.
i18n.defaultLocale = "nb_NO.UTF-8";
# Configure keymap in X11
services.xserver.xkb = {
layout = "no";
variant = "";
};
# Configure console keymap
console.keyMap = "no";
# Define a user account. Don't forget to set a password with passwd.
users.users.gunalx = {
isNormalUser = true;
description = "Adrian Gunnar Lauterer";
extraGroups = [ "networkmanager" "wheel" ];
packages = with pkgs; [];
};
# Allow unfree packages
nixpkgs.config.allowUnfree = true;
# List packages installed in system profile. To search, run:
# $ nix search wget
environment.systemPackages = with pkgs; [
vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default.
wget
git
];
# Some programs need SUID wrappers, can be configured further or are
# started in user sessions.
# programs.mtr.enable = true;
# programs.gnupg.agent = {
# enable = true;
# enableSSHSupport = true;
# };
# List services that you want to enable:
# Enable the OpenSSH daemon.
services.openssh.enable = true;
# Open ports in the firewall.
# networking.firewall.allowedTCPPorts = [ ... ];
# networking.firewall.allowedUDPPorts = [ ... ];
# Or disable the firewall altogether.
# networking.firewall.enable = false;
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. Its perfectly fine and recommended to leave
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "25.05"; # Did you read the comment?
}

84
hosts/galadriel/hardware-configuration.nix
View File

@@ -1,86 +1,24 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{
config,
lib,
pkgs,
modulesPath,
...
}:
{ config, lib, pkgs, modulesPath, ... }:
{
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [
"xhci_pci"
"ahci"
"nvme"
"usb_storage"
"usbhid"
"sd_mod"
];
boot.kernelPackages = pkgs.linuxPackages_6_19; # migth need to bump down if zfs compat breaks.
boot.zfs.package = pkgs.zfs_2_4;
boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-amd" ];
boot.extraModulePackages = [ ];
boot.kernelParams = [
"xe.force_probe=e212"
"xe.vram_force_mmapable=1"
"transparent_hugepage=always"
];
services.udev.extraRules = ''
ACTION=="add", SUBSYSTEM=="drm", KERNEL=="card*", ATTR{device/tile0/gt0/engines/ccs0/job_timeout_ms}="100000"
ACTION=="add", SUBSYSTEM=="drm", KERNEL=="card*", ATTR{device/tile0/gt0/engines/rcs0/job_timeout_ms}="100000"
'';
fileSystems."/" =
{ device = "/dev/disk/by-uuid/edc50395-0b8d-4945-8d9e-69fd3dbb6e7e";
fsType = "ext4";
};
hardware.enableRedistributableFirmware = true;
hardware.firmware = [ pkgs.linux-firmware ];
environment.systemPackages = with pkgs; [
mkl
];
hardware.graphics = {
enable = true;
extraPackages = with pkgs; [
vpl-gpu-rt
mkl
#hardware decode and opencl
intel-media-driver # LIBVA_DRIVER_NAME=iHD (for HD Graphics starting Broadwell (2014) and newer)
intel-vaapi-driver # LIBVA_DRIVER_NAME=i965 (older but works better for Firefox/Chromium)
libvdpau-va-gl
intel-compute-runtime
intel-ocl
intel-graphics-compiler
level-zero
vulkan-loader
vulkan-validation-layers
];
};
fileSystems."/" = {
device = "/dev/disk/by-uuid/7789ad41-d578-40bc-bf86-b761e0a4921e";
fsType = "btrfs";
};
boot.initrd.luks.devices."NIXROOT".device =
"/dev/disk/by-uuid/082790fd-3d4b-4307-8a43-b9c56bd86e03";
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/3DE0-D86E";
fsType = "vfat";
options = [
"fmask=0022"
"dmask=0022"
];
};
boot.initrd.luks.devices."luks-c88c45f4-58e0-424c-98e0-6e4a73655349".device = "/dev/disk/by-uuid/c88c45f4-58e0-424c-98e0-6e4a73655349";
swapDevices = [ ];
@@ -90,7 +28,7 @@
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.eno1.useDHCP = lib.mkDefault true;
# networking.interfaces.enp7s0f3u2.useDHCP = lib.mkDefault true;
# networking.interfaces.enp7s0f3u3.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;

15
hosts/legolas/configuration.nix
View File

@@ -31,13 +31,9 @@
../../modules/powerprofiles.nix
../../modules/basePackages.nix
../../modules/develPackages.nix
#../../modules/jupyterhub.nix
../../modules/jupyterhub.nix
../../modules/blog.nix
#../../modules/ollama.nix
#../../modules/docling.nix # temp for dev ... Waiting for non broken docling-serve
../../modules/kdeconnect.nix
../../modules/desktopApplications.nix
../../modules/fcitx5.nix
];
@@ -47,11 +43,6 @@
# Select internationalisation properties.
# i18n.defaultLocale = "en_US.UTF-8";
#testing terminal from printer cable.
services.printing.enable = true;
boot.kernelModules = [ "usblp" ];
boot.binfmt.emulatedSystems = [ "aarch64-linux" ];
# Enable the X11 windowing system.
services.xserver.enable = true;
services.xserver.videoDrivers = [
@@ -68,10 +59,6 @@
enableSSHSupport = true;
};
services.dbus.enable = true;
services.dbus.implementation = "broker";
services.desktopManager.gnome.enable = true;
# This option defines the first version of NixOS you have installed on this particular machine,
# and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions.

81
hosts/legolas/hardware-configuration.nix
View File

@@ -1,31 +1,20 @@
{
config,
lib,
pkgs,
modulesPath,
...
}:
{ config, lib, pkgs, modulesPath, ... }:
{
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
#boot.kernelPackages = pkgs.linuxPackages_zen;
boot.kernelPackages = pkgs.linuxPackages_latest;
boot.kernelPackages = pkgs.linuxPackages_zen;
boot.kernelParams = [
"nvme_core.default_ps_max_latency_us=0"
"mem_sleep_default=deep"
"pcie_aspm=off"
"pcie_port_pm=off"
];
boot.initrd.availableKernelModules = [
"xhci_pci"
"nvme"
"uas"
"rtsx_pci_sdmmc"
];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "uas" "rtsx_pci_sdmmc" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
fileSystems."/" = {
device = "/dev/disk/by-label/NIXROOT";
@@ -35,48 +24,46 @@
fileSystems."/boot" = {
device = "/dev/disk/by-label/NIXBOOT";
fsType = "vfat";
options = [
"fmask=0022"
"dmask=0022"
];
options = [ "fmask=0022" "dmask=0022" ];
};
boot.initrd.luks.devices.luks_secure = {
device = "/dev/disk/by-uuid/c21c8089-29a7-4266-a8a6-6e80ccca167c";
device = "/dev/disk/by-uuid/c21c8089-29a7-4266-a8a6-6e80ccca167c";
crypttabExtraOpts = [
#"tpm2-device=auto"
#"tpm2-measure-pcr=yes"
"tpm2-device=auto"
"tpm2-measure-pcr=yes"
];
};
swapDevices = [
{
device = "/swapfile";
size = 98 * 1024; # 32GB in MB
}
];
boot.kernel.sysctl = {
# "vm.swappiness" = 10;
"vm.swappiness" = 10;
};
systemd.targets.hibernate.enable = false;
#services.logind.lidSwitch = "suspend";
powerManagement.enable = true;
# Disable hibernation
systemd.sleep = {
extraConfig = ''
AllowHibernation=no
AllowHybridSleep=no
AllowSuspendThenHibernate=no
'';
};
# Disable PCIe wakeups
services.udev.extraRules = ''
ACTION=="add", SUBSYSTEM=="pci", DRIVER=="pcieport", ATTR{power/wakeup}="disabled"
'';
services.logind.lidSwitch = "suspend-then-hibernate";
powerManagement.enable = true;
hardware.graphics = {
enable = true;
extraPackages = with pkgs; [ vpl-gpu-rt ];
enable = true;
extraPackages = with pkgs; [ vpl-gpu-rt intel-media-sdk ];
};
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

43
modules/acme.nix
View File

@@ -1,43 +0,0 @@
{
config,
pkgs,
lib,
...
}:
{
sops.secrets."acme/certs" = { };
networking.enableIPv6 = false; # For some reason acme only works without ipv6, probably because of missing AAAA records.
networking.domain = "lauterer.it";
#acme and certs helpful blog https://carjorvaz.com/posts/
security.acme = {
acceptTerms = true;
defaults.email = "adrian+acme@lauterer.it";
certs."${config.networking.domain}" = {
domain = "${config.networking.domain}";
extraDomainNames = [
"*.${config.networking.domain}"
"lb0fj.eu"
"*.lb0fj.eu"
"256.no"
"*.256.no"
"*.addictedmaker.eu"
"addictedmaker.eu"
];
## for testing.
#server = "https://acme-staging-v02.api.letsencrypt.org/directory";
#enableDebugLogs = true;
#legos registrar specific stuff.
dnsResolver = "ns1.hyp.net:53";
dnsProvider = "domeneshop";
dnsPropagationCheck = true;
#need to manually create this file according to dnsprovider secrets, and format of key according to lego in privider and add to secrets.yaml
credentialsFile = config.sops.secrets."acme/certs".path;
};
};
#add proxyserver to acme group
#users.users.nginx.extraGroups = [ "acme" ];
users.users.root.extraGroups = [ "acme" ];
}

70
modules/authelia.nix
View File

@@ -1,70 +0,0 @@
{
config,
pkgs,
lib,
...
}:
{
sops.secrets."authelia/usersFile" = {
owner = "authelia-main";
group = "authelia-main";
mode = "0400";
};
sops.secrets."authelia/jwtSecretFile" = {
owner = "authelia-main";
group = "authelia-main";
mode = "0400";
};
sops.secrets."authelia/storageEncryptionKeyFile" = {
owner = "authelia-main";
group = "authelia-main";
mode = "0400";
};
sops.secrets."authelia/sessionSecretFile" = {
owner = "authelia-main";
group = "authelia-main";
mode = "0400";
};
services.authelia.instances.main = {
enable = true;
secrets.storageEncryptionKeyFile = config.sops.secrets."authelia/storageEncryptionKeyFile".path;
secrets.jwtSecretFile = config.sops.secrets."authelia/jwtSecretFile".path;
secrets.sessionSecretFile = config.sops.secrets."authelia/sessionSecretFile".path;
settings = {
theme = "dark";
default_2fa_method = "totp";
log.level = "warn";
server.disable_healthcheck = false;
server.address = "tcp://0.0.0.0:9091/";
authentication_backend = {
file = {
path = lib.mkDefault config.sops.secrets."authelia/usersFile".path;
};
};
session = {
cookies = [
{
domain = "lauterer.it";
authelia_url = "https://authelia.lauterer.it";
}
];
};
access_control = {
default_policy = "one_factor";
};
storage = {
local = {
path = lib.mkDefault "/var/lib/authelia/main/db.sqlite3";
};
};
notifier = {
filesystem = {
filename = lib.mkDefault "/var/lib/authelia/main/notification.txt";
};
};
};
};
}

13
modules/basePackages.nix
View File

@@ -8,24 +8,11 @@
environment.systemPackages = with pkgs; [
vim
git
wget
htop
bottom
nvtopPackages.full
uutils-coreutils
nixfmt-rfc-style
nixfmt-tree
zip
unzip
ripgrep
eza
fastfetch
rsync
screen
];
}

6
modules/blog.nix
View File

@@ -1,8 +1,8 @@
{ pkgs, ... }:
{ pkgs, ... }:
{
services.blog-generator = {
enable = true;
contentDir = "/var/lib/www/blog/content";
port = 8080;
};
}
};
}

7
modules/boot.nix
View File

@@ -13,6 +13,13 @@
kernelParams = [
"quiet"
"splash"
"loglevel=0"
"udev.log_priority=3"
"vt.global_cursor_default=0"
"rd.systemd.show_status=auto"
"rd.udev.log_level=3"
"boot.shell_on_fail"
"console=tty1"
];
initrd = {

16
modules/desktopApplications.nix
View File

@@ -2,7 +2,6 @@
config,
pkgs,
lib,
inputs,
...
}:
@@ -18,12 +17,12 @@
gparted
libreoffice-fresh
kdePackages.okular
#zed-editor-fhs
zed-editor-fhs
inkscape
krita
sweethome3d.application
audacity
bitwarden-desktop
bitwarden
openvpn
zettlr # notes
logseq
@@ -34,9 +33,9 @@
prusa-slicer
freecad-wayland
openscad-unstable
#kicad # somehow stalls building.
#easyeda2kicad # could not build
kicad-unstable
kicadAddons.kikit
kicadAddons.kikit-library
easyeffects
musescore
mpv
@@ -75,11 +74,6 @@
tealdeer
clipboard-jh
ffmpeg
wl-clipboard
ydotool
wl-mirror
noto-fonts-cjk-sans
];

31
modules/develPackages.nix
View File

@@ -6,12 +6,10 @@
}:
{
environment.systemPackages = with pkgs; [
aider-chat-full
zip
unzip
jq
curl
wget
openssl
gdb
@@ -36,10 +34,6 @@
valgrind
fontconfig
imagemagickBig
plantuml
rustup
rustfmt
treefmt
@@ -48,13 +42,22 @@
nodejs-slim
node2nix
uv
poetry
thonny
(python3.withPackages (import ./python-packages.nix))
github-copilot-cli
jupyter
python3
python3Packages.uv
python3Packages.ipykernel
python3Packages.flask
python3Packages.flask-sqlalchemy
python3Packages.flask-socketio
python3Packages.werkzeug
python3Packages.pyyaml
python3Packages.authlib
python3Packages.litellm
python3Packages.requests
python3Packages.flake8
python3Packages.torch
python3Packages.pycryptodome
#dotnet-sdk_8
#dotnet-sdk_9

15
modules/displaymanager.nix
View File

@@ -6,29 +6,16 @@
}:
{
environment.systemPackages = [
(pkgs.catppuccin-sddm.override {
flavor = "mocha";
accent = "teal";
fontSize = "24";
background = ../home/Wallpapers/1346679.jpg;
loginBackground = true;
})
];
imports = [ ];
services.displayManager = {
enable = true;
sessionPackages = with pkgs; [ niri ];
defaultSession = "niri";
sddm = {
enable = true;
autoNumlock = true;
enableHidpi = true;
wayland.enable = true;
theme = "catppuccin-mocha-teal";
package = pkgs.kdePackages.sddm;
};
};

16
modules/docling.nix
View File

@@ -1,16 +0,0 @@
{
config,
pkgs,
lib,
...
}:
{
services.docling-serve = {
enable = true;
package = pkgs.unstable.docling-serve;
port = 5001;
host = "127.0.0.1";
openFirewall = true;
};
}

2
modules/gunalx.nix
View File

@@ -15,8 +15,6 @@
"networking"
"podman"
"pipewire"
"plugdev"
"dialout"
];
packages = with pkgs; [ ];
};

22
modules/immich.nix
View File

@@ -1,23 +1,27 @@
{
config,
pkgs,
lib,
...
}:
{
}: {
services.immich = {
enable = true;
port = 2283;
#mediaLocation = "/Main/Data/photos"; # Your photo/video directory
port = 8082;
host = "0.0.0.0";
openFirewall = true;
mediaLocation = "/lorien/media/pictures";
accelerationDevices = null;
user = "immich";
group = "immich";
settings = {
newVersionCheck.enabled = false;
machine-learning = {
enable = true;
#environment = {
# CUDA_VISIBLE_DEVICES = "0";
#};
};
};
}

11
modules/jellyfin.nix
View File

@@ -1,14 +1,9 @@
{ config, pkgs, lib, ... }:
{
config,
pkgs,
lib,
...
}:
{
users.groups.media.members = [ "jellyfin" ]; # have media directory owned by media group
users.groups.media.members = ["jellyfin"]; #have media directory owned by media group
services.jellyfin = {
enable = true;
group = "media";
group = "media";
openFirewall = true;
};

110
modules/jupyterhub.nix
View File

@@ -1,40 +1,50 @@
{
config,
pkgs,
lib,
...
}:
{ config, pkgs, lib, ... }:
let
myPythonPackages = import ./python-packages.nix;
myPython = pkgs.python3;
myPython = pkgs.python3;
myJupyterHubEnv = myPython.withPackages (ps: with ps; [
jupyterhub
jupyterhub-systemdspawner
ipython
jupyterlab
notebook
ipykernel
numpy
scipy
pandas
matplotlib
seaborn
scikit-learn
]);
myJupyterHubEnv = myPython.withPackages (
ps:
with ps;
[
jupyterhub
jupyterhub-systemdspawner
]
++ myPythonPackages ps
);
myJupyterLabEnv = myPython.withPackages (
ps:
with ps;
[
jupyterhub
]
++ myPythonPackages ps
);
myJupyterLabEnv = myPython.withPackages (ps: with ps; [
jupyterhub
jupyterlab
ipykernel
numpy
scipy
pandas
matplotlib
seaborn
scikit-learn
]);
in
{
environment.systemPackages = with pkgs; [
python3Packages.numpy
python3Packages.scipy
python3Packages.pandas
python3Packages.matplotlib
python3Packages.seaborn
python3Packages.scikit-learn
];
users.users.tdt4117 = {
isNormalUser = true;
home = "/home/tdt4117";
description = "tdt4117 - delete after h25";
extraGroups = [ ];
extraGroups = [ ];
# openssh.authorizedKeys.keys = [ "ssh-dss AAAAB3Nza... " ];
};
@@ -48,26 +58,36 @@ in
c.Authenticator.allow_all = True
c.ConfigurableHTTPProxy.api_url = 'http://0.0.0.0:8770'
c.JupyterHub.bind_url = 'http://0.0.0.0:8771'
'';
'';
kernels = {
python3 =
let
env = pkgs.python3.withPackages myPythonPackages;
in
{
displayName = "Python 3 for machine learning";
argv = [
"${env.interpreter}"
"-m"
"ipykernel_launcher"
"-f"
"{connection_file}"
];
language = "python";
logo32 = "${env}/${env.sitePackages}/ipykernel/resources/logo-32x32.png";
logo64 = "${env}/${env.sitePackages}/ipykernel/resources/logo-64x64.png";
};
python3 = let
env = (pkgs.python3.withPackages (pythonPackages: with pythonPackages; [
ipykernel
pandas
scikit-learn
seaborn
huggingface-hub
datasets
matplotlib
tqdm
numpy
scipy
]));
in {
displayName = "Python 3 for machine learning";
argv = [
"${env.interpreter}"
"-m"
"ipykernel_launcher"
"-f"
"{connection_file}"
];
language = "python";
logo32 = "${env}/${env.sitePackages}/ipykernel/resources/logo-32x32.png";
logo64 = "${env}/${env.sitePackages}/ipykernel/resources/logo-64x64.png";
};
};
};
}

28
modules/kdeconnect.nix
View File

@@ -1,28 +0,0 @@
{
pkgs,
lib,
config,
...
}:
{
environment.systemPackages = with pkgs; [
kdePackages.xdg-desktop-portal-kde
kdePackages.kdeconnect-kde
gnomeExtensions.gsconnect
kdePackages.qttools
];
programs.kdeconnect = {
#package = pkgs.kdePackages.kdeconnect-kde;
package = pkgs.gnomeExtensions.gsconnect;
enable = true;
};
networking.firewall = rec {
allowedTCPPortRanges = [
{
from = 1714;
to = 1764;
}
];
allowedUDPPortRanges = allowedTCPPortRanges;
};
}

70
modules/librechat.nix
View File

@@ -1,70 +0,0 @@
{ config, pkgs, ... }:
let
librechatPort = 3080;
mongoUri = "mongodb://127.0.0.1:27017/LibreChat";
in
{
sops.secrets."librechat/environmentFile" = { };
# Enable MongoDB
services.mongodb = {
enable = true;
package = pkgs.mongodb-ce;
# Optional: enableAuth = true;
# initialRootPasswordFile = "/path/to/mongo-root-password-file";
};
# LibreChat systemd service
systemd.services.librechat = {
# Make enable flagged when built
enable = true;
description = "LibreChat server";
# **Native systemd dependency declarations**
requires = [ "mongodb.service" ];
after = [
"network.target"
"mongodb.service"
];
serviceConfig = {
EnvironmentFile = config.sops.secrets."librechat/environmentFile".path;
Restart = "on-failure";
User = "librechat";
Group = "librechat";
# ExecStart binds to package binary
ExecStart = ''
${pkgs.librechat}/bin/librechat-server \
--host 0.0.0.0 \
--port ${toString librechatPort} \
--config /var/lib/librechat/config.yaml
'';
WorkingDirectory = "/var/lib/librechat";
};
wantedBy = [ "multi-user.target" ];
};
# Create user
users.users.librechat = {
isSystemUser = true;
description = "LibreChat service user";
home = "/var/lib/librechat";
createHome = true;
};
users.users.librechat.group = "librechat";
users.groups.librechat = { };
systemd.tmpfiles.rules = [
"d /var/lib/librechat 0755 librechat librechat -"
];
networking.firewall.allowedTCPPorts = [
librechatPort
27017
];
}

43
modules/llama-cpp.nix
View File

@@ -1,43 +0,0 @@
{
config,
pkgs,
lib,
unstable,
inputs,
system,
...
}:
let
hostname = config.networking.hostName;
in
{
environment.systemPackages = [ pkgs.unstable.ollama ];
services.llama-cpp = {
enable = true;
host = "0.0.0.0";
port = 11111;
package = inputs.self.packages.${system}.llama-cpp-nightly-vulkan;
openFirewall = true;
model = "/var/lib/llama/models/Qwen3.5-35B-A3B-UD-Q2_K_XL.gguf";
extraFlags = [
"-c"
"32000"
"-ngl"
"41" # techincally entire qwen3.5
"--image-min-tokens"
"1024"
"--image-max-tokens"
"2048"
#"--hf-repo" "unsloth/Qwen3.5-35B-A3B-GGUF:Q2_K_L"
"--mmproj"
"/var/lib/llama/models/mmproj-F16.gguf"
"-ctk"
"q4_0"
"-ctv"
"q4_0" # quantisize kv cache.
"--no-mmap"
];
};
}

253
modules/llama-swap.nix
View File

@@ -1,253 +0,0 @@
{
config,
pkgs,
lib,
inputs,
system,
...
}:
{
environment.systemPackages = [
inputs.self.packages.${system}.llama-cpp-nightly-vulkan
pkgs.unstable.stable-diffusion-cpp-vulkan
pkgs.unstable.whisper-cpp-vulkan
inputs.self.packages.${system}.z-image-models
inputs.self.packages.${system}.whisper-models
#inputs.self.packages.${system}.fish-speech-models
];
services.llama-swap = {
enable = true;
package = inputs.self.packages.${system}.llama-swap;
port = 11112;
openFirewall = true;
settings =
let
llama-server = lib.getExe' inputs.self.packages.${system}.llama-cpp-nightly-vulkan "llama-server";
sd-server = lib.getExe' pkgs.unstable.stable-diffusion-cpp-vulkan "sd-server";
whisper-server = lib.getExe' pkgs.unstable.whisper-cpp-vulkan "whisper-server";
podman = lib.getExe pkgs.podman;
z-image-models = inputs.self.packages.${system}.z-image-models;
whisper-models = inputs.self.packages.${system}.whisper-models;
in
{
healthCheckTimeout = 180;
startPort = 12000;
globalTTL = 600;
logLevel = "info";
macros = {
ctx = 32000;
ngl = 99;
kv_cache = "-ctk q4_0 -ctv q4_0 -fa 1";
batch = "-b 1024 -ub 1024"; # default 512 512
hf_repo = "";
image-tokens = "--image-min-tokens 256 --image-max-tokens 1536";
qwen35-thinking = "--chat-template-kwargs '{\"enable_thinking\":true}'";
qwen35-no-thinking = "--chat-template-kwargs '{\"enable_thinking\":false}'";
};
models = {
"qwen3.5-35b-a3b" = {
cmd = "${llama-server} --port $\{PORT\} --host 0.0.0.0 --ctx-size $\{ctx\} -ngl $\{ngl\} $\{kv_cache\} $\{batch\} --hf-repo $\{hf_repo\} $\{image-tokens\} $\{qwen35-no-thinking\} ";
aliases = [ "qwen3.5" ];
ttl = 1800;
macros = {
ctx = 49152;
hf_repo = "unsloth/Qwen3.5-35B-A3B-GGUF:UD-IQ3_XXS";
};
};
"qwen3.5-9b" = {
cmd = "${llama-server} --port $\{PORT\} --host 0.0.0.0 --ctx-size $\{ctx\} $\{kv_cache\} -ngl $\{ngl\} --hf-repo $\{hf_repo\} $\{batch\} $\{image-tokens\} $\{qwen35-thinking\} ";
ttl = 900;
macros = {
hf_repo = "unsloth/Qwen3.5-9B-GGUF:UD-Q4_K_XL";
ctx = 128000;
};
};
"qwen3.5-2b" = {
cmd = "${llama-server} --port $\{PORT\} --host 0.0.0.0 --ctx-size $\{ctx\} $\{kv_cache\} $\{batch\} $\{image-tokens\} -ngl $\{ngl\} --hf-repo $\{hf_repo\} ";
ttl = 900;
macros = {
hf_repo = "unsloth/Qwen3.5-2B-GGUF:UD-Q8_K_XL";
ctx = 200000;
};
};
"glm4.7-flash" = {
cmd = "${llama-server} --port $\{PORT\} --host 0.0.0.0 --ctx-size $\{ctx\} -fa 0 -ngl $\{ngl\} --hf-repo $\{hf_repo\}";
ttl = 900;
aliases = [ "coder" ];
macros = {
hf_repo = "unsloth/GLM-4.7-Flash-REAP-23B-A3B-GGUF"; # Reap should allow more context in gpu mem
ctx = 32000;
};
};
"gemma4" = {
cmd = "${llama-server} --port $\{PORT\} --host 0.0.0.0 --ctx-size $\{ctx\} -fa 0 -ngl $\{ngl\} --hf-repo $\{hf_repo\}";
ttl = 900;
macros = {
hf_repo = "unsloth/gemma-4-26B-A4B-it-GGUF:UD-IQ3_XXS";
ctx = 36000;
};
};
"gemma4E4" = {
cmd = "${llama-server} --port $\{PORT\} --host 0.0.0.0 --ctx-size $\{ctx\} $\{kv_cache\} -ngl $\{ngl\} --hf-repo $\{hf_repo\}";
ttl = 900;
macros = {
hf_repo = "unsloth/gemma-4-E4B-it-GGUF";
ctx = 128000;
};
};
"ministal-3-8b-reasonning" = {
cmd = "${llama-server} --port $\{PORT\} --host 0.0.0.0 --ctx-size $\{ctx\} -ngl $\{ngl\} --hf-repo $\{hf_repo\}";
aliases = [ "ministral3" ];
ttl = 900;
macros.hf_repo = "mistralai/Ministral-3-8B-Reasoning-2512-GGUF";
};
"ministal-3-3b" = {
cmd = "${llama-server} --port $\{PORT\} --host 0.0.0.0 --ctx-size $\{ctx\} -ngl $\{ngl\} --hf-repo $\{hf_repo\}";
aliases = [ "ministral3-mini" ];
ttl = 900;
macros.hf_repo = "mistralai/Ministral-3-3B-Instruct-2512-GGUF";
};
"minicpm-o-4_5" = {
cmd = "${llama-server} --port $\{PORT\} --host 0.0.0.0 --ctx-size $\{ctx\} -ngl $\{ngl\} --hf-repo $\{hf_repo\} --mmproj-url https://huggingface.co/openbmb/MiniCPM-o-4_5-gguf/resolve/main/vision/MiniCPM-o-4_5-vision-F16.gguf";
aliases = [
"openbmb/MiniCPM-o-4_5-gguf"
"minicpm"
];
ttl = 900;
macros.hf_repo = "openbmb/MiniCPM-o-4_5-gguf";
};
"z-image-turbo" = {
cmd = "${sd-server} --listen-port $\{PORT\} --diffusion-model $\{diffusion_model\} --vae $\{vae\} --llm $\{llm\} --offload-to-cpu --cfg-scale 1.0 --height 1024 --width 1024 --steps 4";
checkEndpoint = "/";
ttl = 300;
aliases = [
"gpt-image-1"
"dall-e-3"
];
macros = {
diffusion_model = "${z-image-models}/models/z-image-turbo-Q4_K.gguf";
vae = "${z-image-models}/models/ae.safetensors";
llm = "${z-image-models}/models/Qwen3-4B-Instruct-2507-Q4_K_M.gguf";
};
};
"distil-whisper-v3.5" = {
cmd = "${whisper-server} --host 127.0.0.1 --port $\{PORT\} -m $\{model\} --request-path /v1/audio/transcriptions --inference-path \"\"";
checkEndpoint = "/v1/audio/transcriptions/";
ttl = 0;
aliases = [
"whisper"
"whisper-1"
];
macros.model = "${whisper-models}/models/distil-large-v3.5.bin";
};
"nb-whisper-small" = {
cmd = "${whisper-server} --host 127.0.0.1 --port $\{PORT\} -m $\{model\} --request-path /v1/audio/transcriptions --inference-path \"\" --language no";
checkEndpoint = "/v1/audio/transcriptions/";
ttl = 0;
aliases = [
"whisper-no"
"whisper-nb"
];
macros.model = "${whisper-models}/models/nb-whisper-small-q5_0.bin";
};
"omnivoice" = {
cmd = "${pkgs.bash}/bin/bash -c '${pkgs.systemd}/bin/systemctl start podman-omnivoice.service && exec sleep infinity'";
cmdStop = "${pkgs.systemd}/bin/systemctl stop podman-omnivoice.service";
checkEndpoint = "/v1/audio/voices";
proxy = "http://127.0.0.1:8091";
ttl = 900;
};
"kokoro" = {
cmd = "${podman} run --init --rm --name kokoro-tts -p $\{PORT\}:8880 ghcr.io/remsky/kokoro-fastapi-cpu:latest";
cmdStop = "${podman} stop kokoro-tts";
checkEndpoint = "/v1/audio/voices";
ttl = 900;
};
};
};
};
virtualisation.oci-containers.containers.omnivoice = {
image = "vllm/vllm-openai:nightly";
ports = [ "8091:8091" ];
environment = {
VLLM_DEVICE = "cpu";
};
cmd = [
"vllm"
"serve"
"k2-fsa/OmniVoice"
"--omni"
"--device"
"cpu"
"--port"
"8091"
"--trust-remote-code"
];
extraOptions = [ "--rm" ];
autoStart = false;
};
systemd.services.llama-swap = {
serviceConfig = {
StateDirectory = "llama-swap";
CacheDirectory = "llama-swap";
RuntimeDirectory = "llama-swap";
Environment = [
"HOME=/var/lib/llama-swap"
"XDG_CACHE_HOME=/var/cache/llama-swap"
"MESA_SHADER_CACHE_DIR=/var/cache/llama-swap/mesa"
];
DynamicUser = lib.mkForce false;
User = "root";
Group = "root";
PrivateDevices = lib.mkForce false;
PrivateTmp = lib.mkForce false;
PrivateMounts = lib.mkForce false;
PrivateUsers = lib.mkForce false;
ProtectClock = lib.mkForce false;
ProtectControlGroups = lib.mkForce false;
ProtectHome = lib.mkForce false;
ProtectKernelLogs = lib.mkForce false;
ProtectKernelModules = lib.mkForce false;
ProtectKernelTunables = lib.mkForce false;
ProtectSystem = lib.mkForce false;
ProtectHostname = lib.mkForce false;
ProtectProc = lib.mkForce "";
MemoryDenyWriteExecute = lib.mkForce false;
LockPersonality = lib.mkForce false;
NoNewPrivileges = lib.mkForce false;
RemoveIPC = lib.mkForce false;
RestrictNamespaces = lib.mkForce true;
RestrictRealtime = lib.mkForce false;
RestrictSUIDSGID = lib.mkForce false;
RestrictAddressFamilies = lib.mkForce [
"AF_INET"
"AF_INET6"
"AF_UNIX"
"AF_NETLINK"
];
CapabilityBoundingSet = lib.mkForce "";
SystemCallArchitectures = lib.mkForce "";
SystemCallFilter = lib.mkForce [ ];
SystemCallErrorNumber = lib.mkForce "";
ProcSubset = lib.mkForce "all";
};
};
}

7
modules/mealie.nix
View File

@@ -1,9 +1,4 @@
{
config,
pkgs,
lib,
...
}:
{ config, pkgs, lib, ... }:
{
services.mealie = {
enable = true;

17
modules/miniflux.nix
View File

@@ -1,17 +0,0 @@
{
config,
pkgs,
lib,
...
}:
{
sops.secrets."miniflux/adminCredentialsFile" = {
restartUnits = [ "miniflux.service" ];
mode = "0755";
};
services.miniflux.enable = true;
services.miniflux.config.LISTEN_ADDR = "0.0.0.0:8089";
services.miniflux.adminCredentialsFile = config.sops.secrets."miniflux/adminCredentialsFile".path;
}

14
modules/miniflux.rss Normal file
View File

@@ -0,0 +1,14 @@
{ config, pkgs, lib, ... }:
{
sops.secrets."miniflux/adminCredentialsFile" = {
restartUnits = [ "miniflux.service" ];
owner = "miniflux";
mode = "0755";
};
services.miniflux.enable = true;
services.miniflux.config.LISTEN_ADDR = "0.0.0.0:8089";
services.miniflux.adminCredentialsFile = config.sops.secrets."miniflux/adminCredentialsFile".path;
}

16
modules/nix.nix
View File

@@ -6,10 +6,14 @@
}:
{
imports = [ ./nixpkgs.nix ]; # migrate this afterwards.
imports = [ ];
system.rebuild.enableNg = true;
nixpkgs.config.allowUnfree = true;
nixpkgs.config.permittedInsecurePackages = [
# example "python3.11-youtube-dl-2021.12.17"
];
sops.secrets."github/api" = {
mode = "0444";
group = "root";
@@ -56,13 +60,10 @@
}
{
hostName = "aragon";
#system = "x86_64-linux";
system = "x86_64-linux";
# if the builder supports building for multiple architectures,
# replace the previous line by, e.g.,
systems = [
"x86_64-linux"
"aarch64-linux"
];
# systems = ["x86_64-linux" "aarch64-linux"];
maxJobs = 6;
speedFactor = 6001;
supportedFeatures = [ ];
@@ -73,8 +74,7 @@
system = "x86_64-linux";
maxJobs = 4;
speedFactor = 4001;
#supportedFeatures = [ "cuda" ];
supportedFeatures = [ ];
supportedFeatures = [ "cuda" ];
mandatoryFeatures = [ ];
}

19
modules/nixpkgs.nix
View File

@@ -1,19 +0,0 @@
{
config,
pkgs,
lib,
...
}:
{
imports = [ ];
nixpkgs = {
config = {
allowUnfree = true;
permittedInsecurePackages = [
# example "python3.11-youtube-dl-2021.12.17"
];
};
};
}

51
modules/nvidia.nix
View File

@@ -1,51 +0,0 @@
{
config,
lib,
pkgs,
...
}:
{
# Enable OpenGL
hardware.graphics = {
enable = true;
enable32Bit = true;
};
# Load nvidia driver for Xorg and Wayland
services.xserver.videoDrivers = [ "nvidia" ];
boot = {
blacklistedKernelModules = [ "nouveau" ];
extraModulePackages = [ config.boot.kernelPackages.nvidia_x11 ];
initrd.kernelModules = [ "nvidia" ];
};
hardware.nvidia = {
modesetting.enable = true;
# Nvidia power management. Experimental, and can cause sleep/suspend to fail.
#powerManagement.enable = true;
# Fine-grained power management. Turns off GPU when not in use. Experimental and only works on modern Nvidia GPUs (Turing or newer).
powerManagement.finegrained = false;
# Use the NVidia open source kernel module (not to be confused with the independent third-party "nouveau" open source driver).
# Currently alpha-quality/buggy, so false is currently the recommended setting.
open = false; # need proprietary for cuda.
# Enable the Nvidia settings menu, accessible via `nvidia-settings`.
#nvidiaSettings = true;
# Optionally, you may need to select the appropriate driver version for your specific GPU.
package = config.boot.kernelPackages.nvidiaPackages.stable;
};
# Enable the CUDA toolkit
#install packages
environment.systemPackages = with pkgs; [
cudaPackages.cudatoolkit
cudaPackages.cudnn
nvtopPackages.nvidia
cudaPackages.nccl
pkgs.cudaPackages.libcublas
];
}

27
modules/ollama.nix
View File

@@ -1,10 +1,4 @@
{
config,
pkgs,
lib,
unstable,
...
}:
{ config, pkgs, lib, ... }:
let
hostname = config.networking.hostName;
@@ -15,30 +9,21 @@ in
services.ollama = {
enable = true;
package = lib.mkDefault pkgs.unstable.ollama-vulkan;
acceleration = lib.mkDefault "vulkan";
package = pkgs.unstable.ollama;
host = "0.0.0.0";
openFirewall = true;
port = 11434;
home = "/var/lib/ollama";
environmentVariables = {
OLLAMA_CONTEXT_LENGTH = "32000";
};
# Preloaded models
loadModels = [
"gemma3:1b"
"qwen3:latest"
"qwen3:4b"
"glm-4.7-flash:latest"
"rnj-1:latest"
"lfm2.5-thinking:latest"
"qwen3-vl:4b"
"qwen3-vl:2b-instruct-q8_0"
"qwen3-vl:latest"
"qwen3:0.6b"
"gemma3:4b"
"ministral-3:3b"
"ministral-3:latest"
"qwen2.5vl:3b"
"granite3.2-vision"
"granite4:tiny-h"
"gpt-oss:20b"
];
};

17
modules/openssh.nix
View File

@@ -1,15 +1,4 @@
{
config,
pkgs,
lib,
...
}:
let
sshLookup = pkgs.writeShellScriptBin "ssh-lookup-root-pubs" ''
#!/bin/sh
cat /root/.ssh/*.pub 2>/dev/null
'';
in
{ config, pkgs, lib, ... }:
{
services.openssh = {
enable = true;
@@ -25,12 +14,12 @@ in
# "aes256-ctr"
# # remove some weaker ciphers
#];
authorizedKeysCommand = "${sshLookup}";
};
services.endlessh-go = {
enable = true;
port = 22;
openFirewall = true;
};
services.sshguard.enable = true; # protection against brute force attacks
services.sshguard.enable = true; #protection against brute force attacks
}

91
modules/openwebui.nix
View File

@@ -1,59 +1,54 @@
{
config,
pkgs,
lib,
...
}:
{ config, pkgs, lib, ... }:
let
stateDir = "/var/lib/open-webui";
port = 11111;
port = 8081;
in
{
virtualisation.podman.enable = true;
virtualisation = {
podman.enable = true;
podman.dockerCompat = true;
virtualisation.oci-containers.backend = "podman";
virtualisation.oci-containers.containers.openwebui = {
image = "ghcr.io/open-webui/open-webui:latest";
autoStart = true;
ports = [
"0.0.0.0:${toString port}:8080"
];
volumes = [
"${stateDir}/data:/app/backend/data"
"${stateDir}/static:/app/backend/static"
"${stateDir}/build:/app/frontend/build"
];
extraOptions = [ "--pull=newer" ];
environment = {
ANONYMIZED_TELEMETRY = "False";
DO_NOT_TRACK = "True";
SCARF_NO_ANALYTICS = "True";
WEBUI_AUTH = "True";
ENABLE_SIGNUP = "True";
DEFAULT_USER_ROLE = "pending";
ENV = "prod";
# Optional — helps internal routing
WEBUI_PORT = toString port;
WEBUI_HOST = "0.0.0.0";
oci-containers = {
backend = "podman";
containers = {
openwebui = {
autoStart = true;
image = "ghcr.io/open-webui/open-webui:main";
ports = [ "0.0.0.0:${lib.mkStr port}:8080" ];
environment = {
ANONYMIZED_TELEMETRY = "False";
DO_NOT_TRACK = "True";
SCARF_NO_ANALYTICS = "True";
WEBUI_AUTH = "True";
#ENABLE_SIGNUP = "True";
ENABLE_SIGNUP_PASSWORD_CONFIRMATION = "True";
#DEFAULT_USER_ROLE = "admin";
ENV = "prod";
};
volumes = [
"${stateDir}:/app/backend/data"
];
extraOptions = [ "--pull=always" ];
};
};
};
};
# Create persistent state directories (like StateDirectory in systemd)
systemd.tmpfiles.rules = [
"d ${stateDir}/data 0755 root root - -"
"d ${stateDir}/static 0755 root root - -"
"d ${stateDir}/build 0755 root root - -"
];
# make sure the directory exists
environment.etc = {
"var/lib/open-webui" = {
source = null;
mode = "0755";
owner = "root";
group = "root";
};
};
# Optional — open firewall for access
networking.firewall.allowedTCPPorts = [ port ];
# open firewall port 3000 if you run a firewall
networking.firewall = {
allowedTCPPorts = lib.mkList port;
};
}

31
modules/pangolin.nix
View File

@@ -1,31 +0,0 @@
{
config,
pkgs,
lib,
...
}:
{
sops.secrets."pangolin/environmentFile" = {
restartUnits = [ "pangolin.service" ];
owner = "pangolin";
mode = "0755";
};
users.users.pangolin.extraGroups = [ "acme" ];
services.pangolin = {
enable = true;
openFirewall = true;
package = pkgs.unstable.fosrl-pangolin;
baseDomain = "lauterer.it";
dashboardDomain = "auth.lauterer.it";
dnsProvider = "domeneshop";
#settings
environmentFile = config.sops.secrets."pangolin/environmentFile".path;
#dataDir
};
}

52
modules/python-packages.nix
View File

@@ -1,52 +0,0 @@
ps: with ps; [
ipykernel
jupyter
jupyterlab
notebook
numpy
scipy
pandas
polars
matplotlib
seaborn
scikit-learn
scikit-image
sympy
nltk
huggingface-hub
datasets
tokenizers
transformers
accelerate
peft
bitsandbytes
torch
torchvision
lightning
keras
opencv-python
pillow
pyvista
vispy
pygame
tqdm
flask
flask-sqlalchemy
flask-socketio
werkzeug
gunicorn
requests
pyyaml
authlib
litellm
openai
langchain
langchain-community
pydantic
pydantic-core
docling-core
pycryptodome
flake8
pip
tkinter
]

110
modules/qbittorrent.nix
View File

@@ -1,11 +1,6 @@
{
config,
lib,
pkgs,
...
}:
{ config, lib, pkgs, ... }:
let
dataLocation = "/lorien/media/";
interfaceaddress = builtins.readFile config.sops.secrets."qbittorrent/interfaceAddress".path;
in
{
sops.secrets."qbittorrent/interfaceAddress" = {
@@ -13,16 +8,11 @@ in
owner = "qbittorrent";
mode = "0755";
};
sops.templates."qbittorrent-interface-addr.conf".content = ''
# This is injected via sops template
interfaceAddress = "${config.sops.placeholder."qbittorrent/interfaceAddress"}";
'';
sops.templates."qbittorrent-interface-addr.conf".owner = "qbittorrent";
users.users.qbittorrent = {
group = lib.mkForce "media";
};
users.groups.qbittorrent = { };
users.groups.qbittorrent = {};
services.qbittorrent = {
enable = true;
@@ -32,58 +22,58 @@ in
serverConfig = {
LegalNotice.Accepted = true;
Meta.MigrationVersion = 6;
Network.PortForwardingEnabled = true;
Meta.MigrationVersion=6;
Network.PortForwardingEnabled=true;
Preferences = {
WebUI = {
AuthSubnetWhitelist = "192.168.1.0/24, 100.0.0.0/8";
AuthSubnetWhitelistEnabled = true;
UseUPnP = false;
AuthSubnetWhitelist="192.168.1.0/24, 100.0.0.0/8";
AuthSubnetWhitelistEnabled=true;
UseUPnP=false;
};
BitTorrent = {
Session = {
AddExtensionToIncompleteFiles = true;
AlternativeGlobalDLSpeedLimit = 1000;
AlternativeGlobalUPSpeedLimit = 1000;
AnonymousModeEnabled = false;
BTProtocol = "Both";
BandwidthSchedulerEnabled = false;
DefaultSavePath = dataLocation + "Downloads";
Encryption = 1;
FinishedTorrentExportDirectory = dataLocation + "Downloads/torrents-complete";
GlobalDLSpeedLimit = 0;
GlobalMaxRatio = 1.5;
GlobalUPSpeedLimit = 0;
I2P.Enabled = true;
IgnoreLimitsOnLAN = true;
IncludeOverheadInLimits = true;
Interface = "tun0";
InterfaceAddress = "${config.sops.placeholder."qbittorrent/interfaceAddress"}";
#InterfaceAddress="${interfaceaddress}";
InterfaceName = "tun0";
LSDEnabled = "true";
MaxActiveCheckingTorrents = 15;
MaxRatioAction = 1;
Port = 44183;
Preallocation = true;
QueueingSystemEnabled = false;
SubcategoriesEnabled = true;
Tags = "movie, anime";
TempPath = "/Main/Data/media/Downloads/temp";
TempPathEnabled = true;
TorrentContentLayout = "Subfolder";
TorrentExportDirectory = dataLocation + "Downloads/torrents";
UseAlternativeGlobalSpeedLimit = false;
};
BitTorrent = {
Session = {
AddExtensionToIncompleteFiles=true;
AlternativeGlobalDLSpeedLimit=1000;
AlternativeGlobalUPSpeedLimit=1000;
AnonymousModeEnabled=false;
BTProtocol="Both";
BandwidthSchedulerEnabled=false;
DefaultSavePath="/Main/Data/media/Downloads";
Encryption=1;
FinishedTorrentExportDirectory="/Main/Data/media/Downloads/torrents-complete";
GlobalDLSpeedLimit=0;
GlobalMaxRatio=1.5;
GlobalUPSpeedLimit=0;
I2P.Enabled=true;
IgnoreLimitsOnLAN=true;
IncludeOverheadInLimits=true;
Interface="tun0";
#InterfaceAddress="${config.sops.placeholder."qbittorrent/interfaceAddress"}";
InterfaceAddress="${interfaceaddress}";
InterfaceName="tun0";
LSDEnabled="true";
MaxActiveCheckingTorrents=15;
MaxRatioAction=1;
Port=44183;
Preallocation=true;
QueueingSystemEnabled=false;
SubcategoriesEnabled=true;
Tags="movie, anime";
TempPath="/Main/Data/media/Downloads/temp";
TempPathEnabled=true;
TorrentContentLayout="Subfolder";
TorrentExportDirectory="/Main/Data/media/Downloads/torrents";
UseAlternativeGlobalSpeedLimit=false;
};
RSS = {
AutoDownloader = {
DownloadRepacks = true;
EnableProcessing = true;
SmartEpisodeFilter = "s(\\d+)e(\\d+), (\\d+)x(\\d+), \"(\\d{4}[.\\-]\\d{1,2}[.\\-]\\d{1,2})\", \"(\\d{1,2}[.\\-]\\d{1,2}[.\\-]\\d{4})\"";
};
Session.EnableProcessing = true;
};
RSS = {
AutoDownloader = {
DownloadRepacks=true;
EnableProcessing=true;
SmartEpisodeFilter="s(\\d+)e(\\d+), (\\d+)x(\\d+), \"(\\d{4}[.\\-]\\d{1,2}[.\\-]\\d{1,2})\", \"(\\d{1,2}[.\\-]\\d{1,2}[.\\-]\\d{4})\"";
};
Session.EnableProcessing=true;
};
General.Locale = "en";
};
};

21
modules/rtlsdr.nix
View File

@@ -1,21 +0,0 @@
{
config,
pkgs,
lib,
...
}:
{
hardware.rtl-sdr.enable = true;
environment.systemPackages = with pkgs; [
libusb1
pkgs.rtl-sdr
gqrx
cubicsdr
openwebrx
];
}

38
modules/thermal.nix
View File

@@ -1,38 +0,0 @@
{
config,
pkgs,
lib,
...
}:
{
services.thermald.enable = true;
environment.systemPackages = with pkgs; [
lm_sensors
];
systemd.services.thermal-log = {
description = "Periodic thermal logging to journal";
serviceConfig.Type = "oneshot";
path = with pkgs; [
lm_sensors
gnugrep
coreutils
util-linux
];
script = ''
TEMP=$(sensors 2>/dev/null | grep -i 'Tctl\|Tdie' | head -1 || echo "N/A")
logger -t thermal-log "CPU Temp: $TEMP"
'';
};
systemd.timers.thermal-log = {
wantedBy = [ "timers.target" ];
timerConfig = {
OnBootSec = "5min";
OnUnitActiveSec = "5min";
Persistent = true;
};
};
}

17
modules/unstable.nix
View File

@@ -1,17 +0,0 @@
{
config,
inputs,
...
}:
let
unstableOverlay = final: prev: {
unstable = import inputs.unstable {
inherit (final.stdenv.hostPlatform) system;
inherit (config.nixpkgs) config;
};
};
in
{
nixpkgs.overlays = [ unstableOverlay ];
}

35
modules/vaultvarden.nix
View File

@@ -1,26 +1,21 @@
{
config,
pkgs,
lib,
...
}:
{ config, pkgs, lib, ... }:
{
environment.systemPackages = [
pkgs.system-sendmail
];
# environment.systemPackages = [
# pkgs.sendmail
# ];
sops.secrets."vaultwarden/environmentFile" = {
restartUnits = [ "vaultwarden.service" ];
owner = "vaultwarden";
mode = "0755";
};
sops.secrets."vaultwarden/environmentFile" = {
restartUnits = [ "vaultwarden.service" ];
owner = "vaultwarden";
mode = "0755";
};
services.vaultwarden = {
enable = true;
environmentFile = config.sops.secrets."vaultwarden/environmentFile".path;
dbBackend = "sqlite";
backupDir = "/var/backup/vaultwarden";
};
services.vaultwarden = {
enable = true;
environmentFile = config.sops.secrets."vaultwarden/environmentFile".path;
dbBackend = "sqlite";
backupDir = "/var/backup/vaultwarden";
};
}

13
modules/websdr.nix
View File

@@ -1,13 +0,0 @@
{
config,
pkgs,
lib,
...
}:
{
hardware.rtl-sdr.enable = true;
services.openwebrx.enable = true;
}

69
modules/xdg.nix
View File

@@ -4,78 +4,37 @@
config,
...
}:
{
environment.systemPackages = [
pkgs.xdg-desktop-portal-gtk
pkgs.xdg-desktop-portal-gnome
pkgs.xdg-desktop-portal
];
# XDG related configurations
xdg = {
# Enable desktop portal integration
#portal = {
# enable = true; # Enable the portal system
# xdgOpenUsePortal = true; # Use portal for opening files and URLs
# # Additional portals for specific environments
# extraPortals = with pkgs; [
# xdg-desktop-portal-gtk
# xdg-desktop-portal
# xdg-desktop-portal-gnome
# kdePackages.xdg-desktop-portal-kde # For KDE environment
# ];
# # Configuration packages for portals (like GNOME session, Niri, etc.)
# configPackages = with pkgs; [
# gnome-session
# niri
# ];
#};
autostart.enable = true;
menus.enable= true;
icons.enable= true;
sounds.enable= true;
portal = {
enable = true;
xdgOpenUsePortal = true;
config.common.default = [ "gnome" ];
extraPortals = [
pkgs.xdg-desktop-portal
pkgs.xdg-desktop-portal-gtk
pkgs.xdg-desktop-portal-gnome
extraPortals = with pkgs; [
xdg-desktop-portal-gtk
xdg-desktop-portal
xdg-desktop-portal-wlr
xdg-desktop-portal-gtk
xdg-desktop-portal-gnome
xdg-launch
xdg-ninja
xdg-utils
];
configPackages = with pkgs; [
gnome-session
niri
];
};
# Enable autostart functionality (launch apps on login)
autostart.enable = true;
# Enable menu support for applications
menus.enable = true;
# Enable icon theme support (icons for applications, etc.)
icons.enable = true;
# Enable sounds for system events (like notifications)
sounds.enable = true;
# Terminal execution for XDG spec
terminal-exec.enable = true;
};
# Enable MIME type handling for file associations
xdg.mime.enable = true;
# Enable additional configurations for portals
xdg.portal.wlr.enable = true; # Disable Wayland/Weston portal support (as you've commented out)
# Icons
xdg.icons.fallbackCursorThemes = [ "Adwaita" ]; # Set a default cursor theme (you can change this)
# Terminal execution configuration
xdg.terminal-exec.package = pkgs.foot; # Choose the terminal emulator (can be changed to your preference)
xdg.terminal-exec.settings = { }; # Terminal-specific settings (customizable)
}

23
modules/zfs.nix
View File

@@ -1,23 +0,0 @@
{
config,
pkgs,
lib,
...
}:
{
boot.supportedFilesystems = [ "zfs" ];
boot.zfs.forceImportRoot = lib.mkDefault false;
#boot.zfs.package = lib.mkDefault pkgs.zfs_unstable;
services.zfs.trim.enable = true;
services.zfs.autoScrub.enable = true;
services.zfs.autoSnapshot.enable = true;
services.zfs.autoSnapshot.flags = lib.mkDefault "-k -p --utc";
environment.systemPackages = with pkgs; [
zfs
zfstools
zfsbackup
lz4
];
}

51
packages/android-cli/default.nix
View File

@@ -1,51 +0,0 @@
{
lib,
stdenv,
fetchurl,
autoPatchelfHook,
buildFHSEnv,
glibc,
}:
let
pname = "android-cli";
version = "latest";
bootstrap = stdenv.mkDerivation {
pname = "${pname}-bootstrap";
inherit version;
src = fetchurl {
url = "https://dl.google.com/android/cli/latest/linux_x86_64/android";
hash = "sha256-louoe5M/sj0OXsiMFqjv1PJcTyJ0xuRM9j2lOv3hZzA=";
};
nativeBuildInputs = [ autoPatchelfHook ];
dontUnpack = true;
installPhase = ''
runHook preInstall
mkdir -p $out/libexec
cp $src $out/libexec/android
chmod +x $out/libexec/android
runHook postInstall
'';
};
in
buildFHSEnv {
name = pname;
targetPkgs = pkgs: [ pkgs.glibc ];
runScript = "${bootstrap}/libexec/android";
meta = {
description = "Android CLI - lightweight programmatic interface for Android development";
homepage = "https://developer.android.com/tools/agents";
license = lib.licenses.unfree;
platforms = [ "x86_64-linux" ];
mainProgram = "android-cli";
};
}

19
packages/intel-sycl/bintools-unwrapped/default.nix
View File

@@ -1,19 +0,0 @@
{
runCommand,
llvm,
lld,
}:
runCommand "intel-sycl-bintools-${llvm.version}" { preferLocalBuild = true; } ''
mkdir -p $out/bin
ln -s ${llvm}/bin/llvm-ar $out/bin/ar
ln -s ${llvm}/bin/llvm-objcopy $out/bin/objcopy
ln -s ${llvm}/bin/llvm-size $out/bin/size
ln -s ${lld}/bin/lld $out/bin/ld
ln -s ${llvm}/bin/llvm-cov $out/bin/cov
ln -s ${llvm}/bin/llvm-foreach $out/bin/foreach
ln -s ${llvm}/bin/llvm-link $out/bin/link
ln -s ${llvm}/bin/llvm-profdata $out/bin/profdata
ln -s ${llvm}/bin/llvm-spirv $out/bin/spirv
''

36
packages/intel-sycl/clang/default.nix
View File

@@ -1,36 +0,0 @@
{
wrapCCWith,
llvm,
bintools,
gcc,
stdenv,
}:
wrapCCWith {
inherit bintools;
cc = llvm;
extraBuildCommands = ''
echo "" > $out/nix-support/add-hardening.sh
'';
extraPackages = [
llvm.dev
llvm.lib
];
nixSupport = {
cc-cflags = [
"-isystem ${llvm.dev}/include"
"-isystem ${llvm.dev}/include/sycl"
"-resource-dir=${llvm.rsrc}"
"--gcc-toolchain=${gcc.cc}"
];
cc-ldflags = [
"-L${llvm.lib}/lib"
"-L${gcc.cc}/lib/gcc/${stdenv.targetPlatform.config}/${gcc.version}"
"-L${gcc.cc.lib}/lib"
];
};
}

51
packages/intel-sycl/default.nix
View File

@@ -1,51 +0,0 @@
global: self:
let
inherit (global) callPackage;
pins = callPackage ./pins { };
version = "nightly-2026-01-01";
src = global.fetchFromGitHub {
owner = "intel";
repo = "llvm";
rev = version;
hash = "sha256-OkSyn2KdAzptgKpTAnw//+6x8fbk/5Rjh1/6soQAjWc=";
};
in
{
lld = callPackage ./lld {
inherit (self) llvm;
inherit src version;
};
llvm = callPackage ./llvm {
inherit src version pins;
};
bintools-unwrapped = callPackage ./bintools-unwrapped {
inherit (self) llvm lld;
};
bintools = global.wrapBintoolsWith {
bintools = self.bintools-unwrapped;
};
clang = callPackage ./clang {
inherit (self) bintools llvm;
};
stdenv = global.overrideCC global.stdenv self.clang;
openmp = callPackage ./openmp {
inherit (self) stdenv;
inherit src version;
};
xpti = callPackage ./xpti {
inherit (self) stdenv;
inherit src version;
};
xptifw = callPackage ./xptifw {
inherit (self) stdenv;
inherit src version pins;
};
}

33
packages/intel-sycl/lld/default.nix
View File

@@ -1,33 +0,0 @@
{
lib,
stdenv,
src,
version,
cmake,
llvm,
libz,
libxml2,
}:
stdenv.mkDerivation {
inherit src version;
pname = "intel-lld";
sourceRoot = "${src.name}/lld";
outputs = [
"out"
"dev"
];
nativeBuildInputs = [ cmake ];
buildInputs = [
llvm
libz
libxml2
];
cmakeFlags = [
(lib.cmakeFeature "LLD_INSTALL_PACKAGE_DIR" "${placeholder "dev"}/lib/cmake/lld")
];
}

156
packages/intel-sycl/llvm/default.nix
View File

@@ -1,156 +0,0 @@
{
stdenv,
gcc,
writeShellApplication,
wrapCCWith,
src,
version,
cmake,
pkg-config,
python3,
perl,
libz,
libxml2,
ncurses,
hwloc,
level-zero,
unified-memory-framework,
emhash,
parallel-hashmap,
spirv-headers,
opencl-headers,
ocl-icd,
intel-compute-runtime,
pins,
}:
let
root = "/build/source";
cc = wrapCCWith {
cc = writeShellApplication {
name = "clang";
text = ''
exec ${root}/build/bin/clang-22 "$@"
'';
passthru.isClang = true;
};
extraBuildCommands = ''
echo "" > $out/nix-support/add-hardening.sh
'';
nixSupport = {
cc-cflags = [
"-isystem /build/source/build/include"
"-resource-dir=/build/source/build/lib/clang/22"
"--gcc-toolchain=${gcc.cc}"
];
cc-ldflags = [
"-L/build/source/build/lib"
"-L${gcc.cc}/lib/gcc/${stdenv.targetPlatform.config}/${gcc.version}"
"-L${gcc.cc.lib}/lib"
];
};
};
in
stdenv.mkDerivation {
inherit src version;
pname = "intel-llvm";
NIX_CFLAGS_COMPILE = [ "-Wno-unused-command-line-argument" ];
patches = [ ./gnu-install-dirs.patch ];
outputs = [
"out"
"lib"
"dev"
"rsrc"
"python"
];
nativeBuildInputs = [
cmake
pkg-config
python3
perl
];
buildInputs = [
libz
libxml2
ncurses
hwloc
unified-memory-framework
emhash
parallel-hashmap
level-zero
opencl-headers
ocl-icd
];
cmakeBuildType = "Release";
cmakeDir = "../llvm";
cmakeFlags = [
"-DCMAKE_BUILD_TYPE=Release"
"-DLLVM_TARGETS_TO_BUILD=Native"
"-DLLVM_INSTALL_UTILS=ON"
"-DLLVM_ENABLE_ZSTD=ON"
"-DLLVM_USE_STATIC_ZSTD=ON"
"-DLLVM_INSTALL_PACKAGE_DIR=${placeholder "dev"}/lib/cmake/llvm"
"-DLLVM_INCLUDE_TESTS=OFF"
"-DLLVM_BUILD_TESTS=OFF"
"-DLLVM_ENABLE_ASSERTIONS=OFF"
"-DLLVM_ENABLE_DOXYGEN=OFF"
"-DLLVM_ENABLE_SPHINX=OFF"
"-DLLVM_EXTERNAL_PROJECTS=sycl;sycl-jit;llvm-spirv;opencl;xpti;xptifw;libdevice"
"-DLLVM_EXTERNAL_SYCL_SOURCE_DIR=/build/source/sycl"
"-DLLVM_EXTERNAL_SYCL_JIT_SOURCE_DIR=/build/source/sycl-jit"
"-DLLVM_EXTERNAL_LLVM_SPIRV_SOURCE_DIR=/build/source/llvm-spirv"
"-DLLVM_EXTERNAL_XPTI_SOURCE_DIR=/build/source/xpti"
"-DLLVM_EXTERNAL_XPTIFW_SOURCE_DIR=/build/source/xptifw"
"-DLLVM_EXTERNAL_LIBDEVICE_SOURCE_DIR=/build/source/libdevice"
"-DLLVM_ENABLE_PROJECTS=clang;clang-tools-extra;sycl;sycl-jit;llvm-spirv;opencl;xpti;xptifw;libdevice"
"-DSYCL_ENABLE_XPTI_TRACING=ON"
"-DSYCL_COMPILER_VERSION=20260101"
"-DCLANG_RESOURCE_DIR=../lib/clang/22"
"-DFETCHCONTENT_SOURCE_DIR_VC-INTRINSICS=${pins.vc-intrinsics}"
"-DLLVM_EXTERNAL_SPIRV_HEADERS_SOURCE_DIR=${spirv-headers}"
"-DUR_USE_EXTERNAL_UMF=ON"
"-DL0_COMPUTE_RUNTIME_HEADERS=${intel-compute-runtime.src}/level_zero/include"
];
postPatch = ''
substituteInPlace libdevice/cmake/modules/SYCLLibdevice.cmake \
--replace-fail "\''${clang_exe}" "${cc}/bin/clang"
substituteInPlace unified-runtime/cmake/FetchOpenCL.cmake \
--replace-fail "NO_CMAKE_PACKAGE_REGISTRY" ""
'';
postInstall = ''
mkdir -p $python/share
mv $out/share/opt-viewer $python/share/opt-viewer
moveToOutput "bin/llvm-config*" "$dev"
substituteInPlace "$dev/lib/cmake/llvm/LLVMExports-release.cmake" \
--replace-fail "$out/bin/llvm-config" "$dev/bin/llvm-config"
substituteInPlace "$dev/lib/cmake/llvm/LLVMExports.cmake" \
--replace-fail "\''${_IMPORT_PREFIX}/include" "$dev/include"
substituteInPlace "$dev/lib/cmake/llvm/LLVMConfig.cmake" \
--replace-fail 'set(LLVM_BINARY_DIR "''${LLVM_INSTALL_PREFIX}")' "set(LLVM_BINARY_DIR \"$lib\")"
'';
postFixup = ''
mkdir -p $rsrc
mv $out/lib/clang/22/include $rsrc/include
rm -rf $out/lib/clang
'';
passthru.isLLVM = true;
passthru.isClang = true;
}

23
packages/intel-sycl/openmp/default.nix
View File

@@ -1,23 +0,0 @@
{
stdenv,
src,
version,
cmake,
python3,
}:
stdenv.mkDerivation {
inherit src version;
pname = "intel-openmp";
sourceRoot = "${src.name}/openmp";
outputs = [
"out"
"dev"
];
nativeBuildInputs = [
cmake
python3
];
}

9
packages/intel-sycl/pins/default.nix
View File

@@ -1,9 +0,0 @@
{ fetchFromGitHub }:
{
vc-intrinsics = fetchFromGitHub {
owner = "intel";
repo = "vc-intrinsics";
rev = "60cea7590bd022d95f5cf336ee765033bd114d69";
hash = "sha256-1K16UEa6DHoP2ukSx58OXJdtDWyUyHkq5Gd2DUj1644=";
};
}

19
packages/intel-sycl/xpti/default.nix
View File

@@ -1,19 +0,0 @@
{
stdenv,
src,
version,
cmake,
}:
stdenv.mkDerivation {
inherit src version;
pname = "intel-xpti";
sourceRoot = "${src.name}/xpti";
outputs = [
"out"
"dev"
];
nativeBuildInputs = [ cmake ];
}

26
packages/intel-sycl/xptifw/default.nix
View File

@@ -1,26 +0,0 @@
{
stdenv,
src,
version,
cmake,
parallel-hashmap,
emhash,
}:
stdenv.mkDerivation {
inherit src version;
pname = "intel-xptifw";
sourceRoot = "${src.name}/xptifw";
outputs = [
"out"
"dev"
];
nativeBuildInputs = [ cmake ];
buildInputs = [
emhash
parallel-hashmap
];
}

178
packages/llama-cpp-nightly/default.nix
View File

@@ -1,178 +0,0 @@
{
lib,
autoAddDriverRunpath,
cmake,
fetchFromGitHub,
stdenv,
ninja,
pkg-config,
curl,
config,
cudaSupport ? config.cudaSupport,
cudaPackages ? { },
rocmSupport ? config.rocmSupport,
rocmPackages ? { },
rocmGpuTargets ? rocmPackages.clr.localGpuTargets or rocmPackages.clr.gpuTargets,
openclSupport ? false,
clblast,
blasSupport ? builtins.all (x: !x) [
cudaSupport
metalSupport
openclSupport
rocmSupport
syclSupport
vulkanSupport
],
blas,
metalSupport ? stdenv.hostPlatform.isDarwin && stdenv.hostPlatform.isAarch64 && !openclSupport,
vulkanSupport ? false,
rpcSupport ? false,
shaderc,
vulkan-headers,
vulkan-loader,
syclSupport ? false,
mkl ? null,
oneDNN ? null,
syclStdenv ? null,
syclF16Support ? false,
syclDeviceArch ? "",
}:
let
effectiveStdenv =
if cudaSupport then
cudaPackages.backendStdenv
else if syclSupport && syclStdenv != null then
syclStdenv
else
stdenv;
inherit (lib)
cmakeBool
cmakeFeature
optionals
optionalString
;
cudaBuildInputs = with cudaPackages; [
cuda_cccl
cuda_cudart
libcublas
];
rocmBuildInputs = with rocmPackages; [
clr
hipblas
rocblas
];
vulkanBuildInputs = [
shaderc
vulkan-headers
vulkan-loader
];
in
effectiveStdenv.mkDerivation (finalAttrs: {
pname = "llama-cpp-nightly";
version = "8763";
src = fetchFromGitHub {
owner = "ggml-org";
repo = "llama.cpp";
tag = "b${finalAttrs.version}";
hash = "sha256-bDI7a7OMCbuZyaJX4o22fmQIyrGdzYkoIeVvxBYlnRI=";
leaveDotGit = true;
postFetch = ''
git -C "$out" rev-parse --short HEAD > $out/COMMIT
find "$out" -name .git -print0 | xargs -0 rm -rf
'';
};
nativeBuildInputs = [
cmake
ninja
pkg-config
]
++ optionals cudaSupport [
cudaPackages.cuda_nvcc
autoAddDriverRunpath
];
buildInputs =
optionals cudaSupport cudaBuildInputs
++ optionals openclSupport [ clblast ]
++ optionals rocmSupport rocmBuildInputs
++ optionals blasSupport [ blas ]
++ optionals vulkanSupport vulkanBuildInputs
++ optionals syclSupport ([ mkl ] ++ optionals (oneDNN != null) [ oneDNN ])
++ [ curl ];
preConfigure = ''
prependToVar cmakeFlags "-DLLAMA_BUILD_COMMIT:STRING=$(cat COMMIT)"
'';
cmakeFlags = [
(cmakeBool "GGML_NATIVE" false)
(cmakeBool "LLAMA_BUILD_EXAMPLES" false)
(cmakeBool "LLAMA_BUILD_SERVER" true)
(cmakeBool "LLAMA_BUILD_TESTS" false)
(cmakeBool "LLAMA_CURL" true)
(cmakeBool "BUILD_SHARED_LIBS" true)
(cmakeBool "GGML_BLAS" blasSupport)
(cmakeBool "GGML_CLBLAST" openclSupport)
(cmakeBool "GGML_CUDA" cudaSupport)
(cmakeBool "GGML_HIP" rocmSupport)
(cmakeBool "GGML_METAL" metalSupport)
(cmakeBool "GGML_RPC" rpcSupport)
(cmakeBool "GGML_VULKAN" vulkanSupport)
(cmakeBool "GGML_SYCL" syclSupport)
(cmakeFeature "LLAMA_BUILD_NUMBER" finalAttrs.version)
]
++ optionals cudaSupport [
(cmakeFeature "CMAKE_CUDA_ARCHITECTURES" cudaPackages.flags.cmakeCudaArchitecturesString)
]
++ optionals rocmSupport [
(cmakeFeature "CMAKE_HIP_COMPILER" "${rocmPackages.clr.hipClangPath}/clang++")
(cmakeFeature "CMAKE_HIP_ARCHITECTURES" (builtins.concatStringsSep ";" rocmGpuTargets))
]
++ optionals metalSupport [
(cmakeFeature "CMAKE_C_FLAGS" "-D__ARM_FEATURE_DOTPROD=1")
(cmakeBool "LLAMA_METAL_EMBED_LIBRARY" true)
]
++ optionals rpcSupport [
(cmakeBool "CMAKE_SKIP_BUILD_RPATH" true)
]
++ optionals syclSupport [
(cmakeFeature "GGML_SYCL_TARGET" "INTEL")
(cmakeBool "GGML_SYCL_DNN" (oneDNN != null))
(cmakeBool "GGML_SYCL_F16" syclF16Support)
]
++ optionals (syclSupport && syclDeviceArch != "") [
(cmakeFeature "GGML_SYCL_DEVICE_ARCH" syclDeviceArch)
];
postInstall = ''
ln -sf $out/bin/llama-cli $out/bin/llama
mkdir -p $out/include
cp $src/include/llama.h $out/include/
''
+ optionalString rpcSupport "cp bin/rpc-server $out/bin/llama-rpc-server";
doCheck = false;
meta = {
description = "Inference of Meta's LLaMA model (and others) in pure C/C++)";
homepage = "https://github.com/ggml-org/llama.cpp";
license = lib.licenses.mit;
mainProgram = "llama";
platforms = if syclSupport then [ "x86_64-linux" ] else lib.platforms.unix;
badPlatforms = optionals (cudaSupport || openclSupport) lib.platforms.darwin;
broken =
(metalSupport && !effectiveStdenv.hostPlatform.isDarwin) || (syclSupport && syclStdenv == null);
};
})

1
packages/llama-swap/default.nix
View File

@@ -1 +0,0 @@
import ./package.nix

144
packages/llama-swap/package.nix
View File

@@ -1,144 +0,0 @@
{
lib,
stdenv,
buildGoModule,
fetchFromGitHub,
versionCheckHook,
callPackage,
nixosTests,
nix-update-script,
}:
let
canExecute = stdenv.buildPlatform.canExecute stdenv.hostPlatform;
in
buildGoModule (finalAttrs: {
pname = "llama-swap";
version = "198";
outputs = [
"out"
"wol"
];
src = fetchFromGitHub {
owner = "mostlygeek";
repo = "llama-swap";
tag = "v${finalAttrs.version}";
hash = "sha256-7fZUKDCtj8RGca53CkLwVpvNWX6ryTbS02Uz/+uZpTs=";
leaveDotGit = true;
postFetch = ''
cd "$out"
git rev-parse HEAD > $out/COMMIT
date -u -d "@$(git log -1 --pretty=%ct)" "+'%Y-%m-%dT%H:%M:%SZ'" > $out/SOURCE_DATE_EPOCH
find "$out" -name .git -print0 | xargs -0 rm -rf
'';
};
vendorHash = "sha256-XiDYlw/byu8CWvg4KSPC7m8PGCZXtp08Y1velx4BR8U=";
passthru.ui = callPackage ./ui.nix { llama-swap = finalAttrs.finalPackage; };
nativeBuildInputs = [
versionCheckHook
];
__darwinAllowLocalNetworking = true;
ldflags = [
"-s"
"-w"
"-X main.version=${finalAttrs.version}"
];
preBuild = ''
ldflags+=" -X main.commit=$(cat COMMIT)"
ldflags+=" -X main.date=$(cat SOURCE_DATE_EPOCH)"
cp -r ${finalAttrs.passthru.ui}/ui_dist proxy/
'';
excludedPackages = [
"misc/process-cmd-test"
"misc/benchmark-chatcompletion"
]
++ lib.optionals (!canExecute) [
"misc/simple-responder"
];
checkFlags =
let
skippedTests = lib.optionals (stdenv.isDarwin && stdenv.isx86_64) [
"TestProcess_AutomaticallyStartsUpstream"
"TestProcess_WaitOnMultipleStarts"
"TestProcess_BrokenModelConfig"
"TestProcess_UnloadAfterTTL"
"TestProcess_LowTTLValue"
"TestProcess_HTTPRequestsHaveTimeToFinish"
"TestProcess_SwapState"
"TestProcess_ShutdownInterruptsHealthCheck"
"TestProcess_ExitInterruptsHealthCheck"
"TestProcess_ConcurrencyLimit"
"TestProcess_StopImmediately"
"TestProcess_ForceStopWithKill"
"TestProcess_StopCmd"
"TestProcess_EnvironmentSetCorrectly"
];
in
[ "-skip=^${builtins.concatStringsSep "$|^" skippedTests}$" ];
doCheck = canExecute;
preCheck = ''
mkdir build
ln -s "$GOPATH/bin/simple-responder" "./build/simple-responder_''${GOOS}_''${GOARCH}"
'';
postCheck = ''
rm "$GOPATH/bin/simple-responder"
'';
postInstall = ''
install -Dm444 -t "$out/share/llama-swap" config.example.yaml
mkdir -p "$wol/bin"
mv "$out/bin/wol-proxy" "$wol/bin/"
'';
doInstallCheck = true;
versionCheckProgramArg = "-version";
passthru.tests.nixos = nixosTests.llama-swap;
passthru.updateScript = nix-update-script {
extraArgs = [
"--subpackage"
"ui"
];
};
meta = {
homepage = "https://github.com/mostlygeek/llama-swap";
changelog = "https://github.com/mostlygeek/llama-swap/releases/tag/${finalAttrs.src.tag}";
description = "Model swapping for llama.cpp (or any local OpenAPI compatible server)";
longDescription = ''
llama-swap is a light weight, transparent proxy server that provides
automatic model swapping to llama.cpp's server.
When a request is made to an OpenAI compatible endpoint, llama-swap will
extract the `model` value and load the appropriate server configuration to
serve it. If the wrong upstream server is running, it will be replaced
with the correct one. This is where the "swap" part comes in. The upstream
server is automatically swapped to the correct one to serve the request.
In the most basic configuration llama-swap handles one model at a time.
For more advanced use cases, the `groups` feature allows multiple models
to be loaded at the same time. You have complete control over how your
system resources are used.
'';
license = lib.licenses.mit;
mainProgram = "llama-swap";
maintainers = with lib.maintainers; [
jk
podium868909
];
};
})

35
packages/llama-swap/ui.nix
View File

@@ -1,35 +0,0 @@
{
llama-swap,
buildNpmPackage,
fetchFromGitHub,
}:
buildNpmPackage (finalAttrs: {
pname = "${llama-swap.pname}-ui";
inherit (llama-swap) version;
src = fetchFromGitHub {
owner = "mostlygeek";
repo = "llama-swap";
tag = "v${finalAttrs.version}";
hash = "sha256-FGrRwWgXTpH4h0MYCdMDagUskUZA+/s/dOjjkAigPQw=";
};
npmDepsHash = "sha256-gTDsuWPLCWsPltioziygFmSQFdLqjkZpmmVWIWoZwoc=";
postPatch = ''
substituteInPlace vite.config.ts \
--replace-fail "../proxy/ui_dist" "${placeholder "out"}/ui_dist"
'';
sourceRoot = "source/ui-svelte";
postInstall = ''
rm -rf $out/lib
'';
meta = (removeAttrs llama-swap.meta [ "mainProgram" ]) // {
description = "${llama-swap.meta.description} - UI";
};
})

49
packages/qwen-asr/default.nix
View File

@@ -1,49 +0,0 @@
{
lib,
fetchFromGitHub,
rustPlatform,
openblas,
pkg-config,
alsa-lib,
}:
rustPlatform.buildRustPackage {
pname = "qwen-asr";
version = "1.0.3";
src = fetchFromGitHub {
owner = "adrlau";
repo = "QwenASR";
rev = "v1.0.3";
hash = "sha256-Ga52horbOHszNWTA3FWYQk0Awjx6QNJFQ97DD5os0fI=";
};
cargoHash = "sha256-eEr/QnbACtfUExqA4fYpTN2WVeWmKmSa0GwacAXzLIE=";
nativeBuildInputs = [ pkg-config ];
buildInputs = [
openblas
alsa-lib
];
cargoBuildFlags = [
"--package"
"qwen-asr-cli"
];
doCheck = false;
env = {
RUSTFLAGS = "-C target-cpu=native";
OPENBLAS_DIR = openblas;
};
meta = {
description = "Pure Rust CPU-only inference engine for Qwen3-ASR speech-to-text models";
homepage = "https://github.com/adrlau/QwenASR";
license = lib.licenses.mit;
mainProgram = "qwen-asr";
platforms = lib.platforms.linux;
};
}

32
packages/s2-model/default.nix
View File

@@ -1,32 +0,0 @@
{
lib,
fetchurl,
runCommand,
}:
let
s2ProQ6 = fetchurl {
url = "https://huggingface.co/rodrigomt/s2-pro-gguf/resolve/main/s2-pro-q6_k.gguf";
hash = "sha256-hKyQQXKiytuE6PfxTqPxrO8FhJh2Nehfcgf9JU6vojU=";
name = "s2-pro-q6_k.gguf";
};
in
runCommand "s2-model"
{
version = "1.0.0";
meta = {
description = "S2 Pro GGUF model files for s2.cpp";
homepage = "https://huggingface.co/rodrigomt/s2-pro-gguf";
license = {
shortName = "fish-audio-research";
fullName = "Fish Audio Research License";
url = "https://github.com/rodrigomatta/s2.cpp/blob/main/LICENSE.md";
free = false;
};
platforms = lib.platforms.all;
};
}
''
mkdir -p $out/models
ln -s ${s2ProQ6} $out/models/s2-pro-q6_k.gguf
''

95
packages/s2cpp/default.nix
View File

@@ -1,95 +0,0 @@
{
lib,
stdenv,
fetchFromGitHub,
cmake,
pkg-config,
autoPatchelfHook,
makeWrapper,
vulkan-loader,
vulkan-headers,
glslang,
shaderc,
cudaPackages ? { },
enableVulkan ? false,
enableCuda ? false,
}:
let
cudaCapabilities = [
"8.6"
"8.9"
"9.0"
];
in
stdenv.mkDerivation (finalAttrs: {
pname = "s2cpp";
version = "0-unstable-2025-04-05";
src = fetchFromGitHub {
owner = "rodrigomatta";
repo = "s2.cpp";
rev = "36a5fb058b740d8826f67d027bf46b3273fe4e3d";
hash = "sha256-C8BSUWNRrZKdaKHniAbeObq9fChvFQZ5HXcvSzgNsIw=";
fetchSubmodules = true;
};
nativeBuildInputs = [
cmake
autoPatchelfHook
makeWrapper
]
++ lib.optionals enableVulkan [ pkg-config ]
++ lib.optionals enableCuda [
cudaPackages.cuda_nvcc
];
buildInputs =
[ ]
++ lib.optionals enableVulkan [
vulkan-loader
vulkan-headers
glslang
shaderc
]
++ lib.optionals enableCuda [
cudaPackages.cuda_cudart
cudaPackages.cuda_cccl
];
cmakeFlags = [
"-DCMAKE_SKIP_BUILD_RPATH=ON"
"-DCMAKE_BUILD_WITH_INSTALL_RPATH=ON"
"-DCMAKE_INSTALL_RPATH=${placeholder "out"}/lib"
]
++ lib.optionals enableVulkan [ "-DS2_VULKAN=ON" ]
++ lib.optionals enableCuda [
"-DS2_CUDA=ON"
"-DCMAKE_CUDA_ARCHITECTURES=${lib.concatStringsSep ";" cudaCapabilities}"
];
installPhase = ''
runHook preInstall
mkdir -p $out/bin $out/lib $out/share
find . -name 's2' -type f -executable -exec install -Dm755 {} $out/bin/.s2-wrapped \;
find . -name '*.so*' -exec install -Dm755 {} -t $out/lib/ \;
install -Dm644 ${finalAttrs.src}/tokenizer.json $out/share/tokenizer.json
makeWrapper $out/bin/.s2-wrapped $out/bin/s2 \
--add-flags "-t $out/share/tokenizer.json"
runHook postInstall
'';
meta = {
description = "Fish Audio S2 Pro text-to-speech inference engine in native C++/GGML";
homepage = "https://github.com/rodrigomatta/s2.cpp";
license = {
shortName = "fish-audio-research";
fullName = "Fish Audio Research License";
url = "https://github.com/rodrigomatta/s2.cpp/blob/main/LICENSE.md";
free = false;
};
mainProgram = "s2";
platforms = lib.platforms.linux;
};
})

34
packages/whisper-models/default.nix
View File

@@ -1,34 +0,0 @@
{
lib,
fetchurl,
runCommand,
}:
let
distilLargeV35 = fetchurl {
url = "https://huggingface.co/distil-whisper/distil-large-v3.5-ggml/resolve/main/ggml-model.bin";
hash = "sha256-7CSYkZtJjF9rAAQa20VlASSzzZ8m9UX/+o9dEcKNzyY=";
name = "distil-large-v3.5.bin";
};
nbWhisperSmallQ5 = fetchurl {
url = "https://huggingface.co/NbAiLab/nb-whisper-small/resolve/main/ggml-model-q5_0.bin";
hash = "sha256-KpAlr7boJfxK5qRmceDLL0PmLx3shycN7qb+YbUoWiA=";
name = "nb-whisper-small-q5_0.bin";
};
in
runCommand "whisper-models"
{
version = "1.0.0";
meta = {
description = "Whisper GGML models for whisper.cpp";
homepage = "https://huggingface.co/distil-whisper/distil-large-v3.5-ggml";
license = lib.licenses.mit;
platforms = lib.platforms.all;
};
}
''
mkdir -p $out/models
ln -s ${distilLargeV35} $out/models/distil-large-v3.5.bin
ln -s ${nbWhisperSmallQ5} $out/models/nb-whisper-small-q5_0.bin
''

41
packages/z-image-models/default.nix
View File

@@ -1,41 +0,0 @@
{
lib,
fetchurl,
runCommand,
}:
let
zImageTurbo = fetchurl {
url = "https://huggingface.co/leejet/Z-Image-Turbo-GGUF/resolve/main/z_image_turbo-Q4_K.gguf";
hash = "sha256-FLN1q08ia8U3j2jzfome88IkK4VB5h4rwa/0CXYIb70=";
name = "z-image-turbo-Q4_K.gguf";
};
vae = fetchurl {
url = "https://huggingface.co/Comfy-Org/z_image_turbo/resolve/main/split_files/vae/ae.safetensors";
hash = "sha256-r8jignLNFds5GbrNtpGM6cHtIulssSxNXtD7qCNSnjg=";
name = "ae.safetensors";
};
qwen3TextEncoder = fetchurl {
url = "https://huggingface.co/unsloth/Qwen3-4B-Instruct-2507-GGUF/resolve/main/Qwen3-4B-Instruct-2507-Q4_K_M.gguf";
hash = "sha256-NgWAO5gstkrq1E9sGyrjbjrNtB2ORsipTGUzvExn5Zc=";
name = "Qwen3-4B-Instruct-2507-Q4_K_M.gguf";
};
in
runCommand "z-image-models"
{
version = "1.0.0";
meta = {
description = "Z-Image-Turbo models for stable-diffusion.cpp";
homepage = "https://github.com/leejet/stable-diffusion.cpp/blob/master/docs/z_image.md";
license = lib.licenses.asl20;
platforms = lib.platforms.all;
};
}
''
mkdir -p $out/models
ln -s ${zImageTurbo} $out/models/z-image-turbo-Q4_K.gguf
ln -s ${vae} $out/models/ae.safetensors
ln -s ${qwen3TextEncoder} $out/models/Qwen3-4B-Instruct-2507-Q4_K_M.gguf
''

75
secrets/secrets.yaml
View File

@@ -1,62 +1,41 @@
/open# run to encrypt: null
#ENC[AES256_GCM,data:kvu25CX2iZURTBGQXYZTkwT00EqhPNF/ORglzJCsDRthR9hwLomlCzsdDCCwBmbEYbUSnyup0/yt6kj5gUA1iTpoGLVJK1EMoAUm7H7Vl4V0XheizUyTUJdfQUzQQXONzB2kTlE2DHuIWKN5Bz8+LKqoDrI=,iv:eBoUwZfMPhBnT2+jWqT/EGh/CVNK5qiYeaspFf1VJxY=,tag:yY+w4rJvDHLo93HgkcKahw==,type:comment]
github:
api: ENC[AES256_GCM,data:PcalL0rNd0nfNPMlWP05FWh3ff6rp5eQUmu3NzKmuSPcS5w6zSKCLsoCegltENjTWomGAJDoJF8rYfE3tTo4xQBAzFsK7v3GFXfefB+Ec7/FrUT6jjcHK4+c0e1u3cAgUkFpKq+IzS0yDBgMtXuC5oRzw0u0cEjXT4akiyO9Hg==,iv:GVPXrS9gwpw5JgsO6+YAMT96CsX7dz0NAcaq/IxXzec=,tag:Vxb4LOf0mm52W7Ege7mi6A==,type:str]
#ENC[AES256_GCM,data:dz8znC0Os5eA4nUkoqaMVw==,iv:cx8HN12ClwwUZxn2/6mc1Q5Eh2XBIRsrhG/ETRf0cnw=,tag:AuGmWa+LM9dcfVlAs1CuOw==,type:comment]
#ENC[AES256_GCM,data:7kh9f2LAKp46UTh8LmDqvK8xOhHO9mVUD2yzLg4LRR2WU98EpztHmDcHKOF0AG60NsndYaw1en5efU0x/NVAzfdTVPJA2apDs3vtAlzGjvv593Snwb2wa4iK0tM0beMyGvzkSEPs8HOuSLvNpLHWaB1xlC0=,iv:eBoUwZfMPhBnT2+jWqT/EGh/CVNK5qiYeaspFf1VJxY=,tag:nEcuwi2nnACadGR8zw63HA==,type:comment]
acme:
certs: ENC[AES256_GCM,data:v3eIoxXPCGU3nnj9LbpC6q9TIbmw0pwlBCjyfsmMxAMgp5oZttHUimXU3jmrFSDNLMXKyKp5ibBpL+pJDl+HGXbZ2ERWUfV0xqI+vUWetnO8tN4VrW0NZNs/TxdwdTVEA/st8zYON+Qnxrd0xUYAz2TzM9T4cEaRCpTKdIg=,iv:dnct9KU24ZVaQThA6rTTClRjT+vTi4aD+7UV+oiqoVU=,tag:eFmep+I41nVf51/i3v/53Q==,type:str]
pangolin:
environmentFile: ENC[AES256_GCM,data:vip6lNBhaH0891+RTphTwerEf7sw6smUVbWIP9KdgbrjRkIAbt/XbLk=,iv:1771tPsQQcjSIoSQxER1Yqi2vZPwg6gbj0VXvDHr7kk=,tag:Bd286kNRYgTXC+jtpVLYpA==,type:str]
certs: ENC[AES256_GCM,data:L9v0y/T4Vq+fZt5U8YAcyxtvMzv8w+gCwk2z5N027cYiuauuNFYDQ4WV5bTfDL1cSjp30oYvGTlgn3+8s9MA8xqaPJytCNNClRK4isvZKP1YdiVwKdxTg814LDzgPoZsyErSHb+MvgMEUpONifRxFJ7n1HHqcyfeXpV1Bx0=,iv:dnct9KU24ZVaQThA6rTTClRjT+vTi4aD+7UV+oiqoVU=,tag:vTMcHHexHVST3r4wiiTuXA==,type:str]
github:
api: ENC[AES256_GCM,data:QYXx+9QxXJ4WwDp6FsaSmrngs/+hBugGD8L6ZdiAgu/1/RW/ip1IEC52g49N70PGh545fAone3IiZJKGxqHeitSxTFv111cmTL4dq5s1yXEwUrsrll8n6rEVMJeHnPeAhz8MNYNxJuIfwugp7XlT61v2f/ylNVa77ZubSdNa5w==,iv:Cdnlb8LFQgsWnjEl+eQUHYIiVpXFabb70FFtnWDfIl8=,tag:vzzfJlQFQBncjLJvmFxuzw==,type:str]
nginx:
defaultpass: ENC[AES256_GCM,data:dJn/Q0jV83PgfFH2ODJO/nXGqew2TZG3ItudJZQ/eCo7Ek2IPlHHQq52bzaVYPqhxUsvXpLV9FgR3FQVOHyiUK3MBsLDNvCTzpnALSflnpj0nKqrXWg3YgEKfi+FdHQ1s0SFQqBOsEw+Xt6eWkNykrl9Jgq5UF7Bp4iC4jmDwQeAFIWaIsWK0117X4seBRQc5rxz1XYNsTaVTzp102I1QmrWLRHGjuvpT5jLVvNEoaU/imT+beAmQAnq5pFOMiEwd4q5FFUdy8XHi7CcT4fql92m2I61pgQbjnHwGklLZvRYO5gIKLwj7u19x8lnFBefDoAshuZOch8397T+vjTxVe0fsuZeLAtLXdPKwoF3L0jp4ffNmPq8H3BTnFwJ2NZo,iv:h6gn2VKancyy6dZlON99zjRj4smArwt6I4a3PRjGfZ8=,tag:Gt4yl0zK7vF3Is/g8cow0g==,type:str]
defaultpass: ENC[AES256_GCM,data:kbWRuL4GiHjOoy4bvDZN9etrnP9mm3Sc5+ltxXzFzU5G1cbHAa6Si9zzhoA67/MXXvOQ1mp31rQpV1K/WsrxGaajFdHgVYGUJB/RaZfZfg1THF5qvqR7vdOiVRWSIalzGMOSUyJTNg2dgQMbymVbmc/k/vZjkjjsI3oze7oN/NZnQ7nolGybQ6W8DCTRzHi5x20/zTJdXNmJf450az9sWOw7i1A6Avg2pPZ9t2N0WyuIcy1MsQICs7PE4ztrxIF82IsFLQNj6LmXXRQaZ9dCF/3h3yyNShfjgI2owYMmrRJssZCdF5dOPq+HVCEfE3jYBFcAWrvCCnYBczCx+WGl+5sQbfJtZdcDGw1bRw41I71h/W4micjo6W5XbeHVx+Rd,iv:h6gn2VKancyy6dZlON99zjRj4smArwt6I4a3PRjGfZ8=,tag:F++P/Qhh+uUUhBJYp3rGvA==,type:str]
qbittorrent:
interfaceAddress: ENC[AES256_GCM,data:mj1YDgdKrXNuHVNJqQ==,iv:FNfwK9VdNswm19fZ7Nu1IpNO0/ZehSOiGIIrKVUkBrk=,tag:9FZx1qGJd1g/ySyNQ02YYw==,type:str]
interfaceAddress: ENC[AES256_GCM,data:GsDv+UB07bQGh/DISw==,iv:Hn1zGJweLj5jy8sk4aN9rob/6kfzo7iLXPgaLBIMSVs=,tag:fbKSrAIOqTsnCCI1DBUZkA==,type:str]
miniflux:
adminCredentialsFile: ENC[AES256_GCM,data:aBOsgGUMAFmU6LfCL0RGv/gNnnwHdJEXDmw2UrR/OaU0jXW0PLvRYx+9tvJFEotmXzEFoOdx0IeBplc=,iv:5fd3O008aP34+7lGlG8vBPAIdmEjFPoneH+rJ6d9TI0=,tag:eBaZx9uyMe/HKfSWi9QW4w==,type:str]
adminCredentialsFile: ENC[AES256_GCM,data:FPcdTiJqbI6MloU9JqAYPABoD/odegXks+JyEeCri8hOV0dPMd0TNDV8fN1bbIiJ4llzaclZbjl0HKM=,iv:5fd3O008aP34+7lGlG8vBPAIdmEjFPoneH+rJ6d9TI0=,tag:HKOHjGLiAIDBR54HJv9teA==,type:str]
ai:
openai: ENC[AES256_GCM,data:jHABPUEDjpfoHmMQtYzBaUM5zvU7YUF4e6nEKWD/mVm+wlaC6w0F1PbWlJ18B4zsYJnrws36qbrbbArUKjnbBNABhQTYueCJgGopklM052UDeAZoS8VrIcXdD61wY6XcyEIB3weMVABulixhpkhZ1QtIPt1u70nFaU7bG4u1SmKU7M492nwYJTJGs+MvQVurFO4AHbM8mNhvi5lqtNvIJQtLuevZTbc=,iv:rFad2sTdvNHZ5n/DgTLUfHe1qjR8O9nTagsWO5qvbJs=,tag:IPWtHD9wcIdvNhuLLDfiFA==,type:str]
openrouter: ENC[AES256_GCM,data:I31Oo3UuA7o3tvDqPR1eoCWrHS9+HGdGOJnXPVyC5q/XrA5zJ52TZVgt6cJJ91VB4vlFTPVP2yoJmJgesrSLx6Bwvw/Eglywfg==,iv:pvVc8JThQL+adYo3lyM2N+RrM1rVL8IqN25R6DTplsQ=,tag:JC5Mobbfddvi5aOL3hxyGg==,type:str]
fireworks: ENC[AES256_GCM,data:mRaJOZMePIVpv+49AeRt+3tQhIpBHQitKV4S,iv:awolsk2O0nx/8UutC4DDxxNcQCMMt376pbtBUFbkjkw=,tag:yBZirjH6+va78jsSoqirPA==,type:str]
cerebras: ENC[AES256_GCM,data:ZGXy4FWauVb6cqFIDNCjYZhA3fb7t8s9wHEQvV5UQS0LwOM1F6+prid5entFiU/zJhxUDA==,iv:1tZU5nfWCur/Uk54RccS7ldv+94D3CKPgAeK30PB8j4=,tag:y9ZDVTTOExTY6nLRbIxoLg==,type:str]
groq: ENC[AES256_GCM,data:63HBVYQEXCqG/xN7zluZl3yledOlqxou09Lvgh585LnZAvIFUN+eSDn44mT5mgpqMsRL8Wbqjq8=,iv:taiWwphOVhbLuO5ygf5iDIvhEoAxncTEQ8CFNKOObP4=,tag:1j7wCg9tFuP36mBr5yN0dA==,type:str]
mistral: ENC[AES256_GCM,data:z7qUyaJBaLF+fe3DFMRjkUEXiXGZwtFeC189fuEGjEo=,iv:r9QSqstFiR9QrLehHrQu09iaF0PYroz/p1ENChch/I0=,tag:XN7jcXv6TftbXaFBsZYVmw==,type:str]
zai: ENC[AES256_GCM,data:rVzqXuEFvdAR+GgETgRFvbDzVjvQ3hVD0s8jDxMCjZ2ri+Tob8Fsp55qA4ZKe85Uhw==,iv:YpaTe+3ZGONoAHCkQCVcvassQqr2ReSyBgiEcwxJOlA=,tag:HFE4af3gVrp6FJnBiwGClg==,type:str]
librechat:
environmentFile: ENC[AES256_GCM,data:oAEWPYxLdphwMvmRWpEgJnumpYxrlCbb2FQ2ugbVKqoA2TP3srof0eTwAFO/6jl7vzgfsP956BZ7lm6kwg4spEQ6EgfXWc7oa/zQrJKDofUpPLwyxLJhzyfDM3NbDcVKAQS7HdMinG3A5lSkVVHCfIuoaqml1W9DIExzjj+3cNKee8SfgQSpy3TOs2ngxkAVfycViw2cQv3MYeQ6CoaR4BQgraenm/sU9Vzjh+KWYdhD91Qx8UQRWKjhiZAQ+aspofTmFoUfct4Ds/Q+Z3KwWicSCZyvjm5GkP9oEmiK6ODEj2gLw/1bV/Pv/qH9D0ApN2m+mVMB3W7bnAE+4rb8oMb5SW6tgs2ttbefKE3jYl0jqNbu17xALBX3lqYEr9kAO4uF2+96uO0YFAAGgaWjAzhzgkCm/Gl2KML2OYX4uG/ynN5m8YkFB8qkfXg0Dv0IrvzbiE/YYRBmHzrlu5rD2SVTdc83GkePAn/ZMpB5HU6z6cSkjOn2RyixDTROIZeOMICdMYU/1dBvgUGZgLWD,iv:15NFJizf02389RnIFeezzFL2X9oz/CpmG/vmgDp1h2g=,tag:X+SBK584hJD/v+LeDSJd6A==,type:str]
authelia:
storageEncryptionKeyFile: ENC[AES256_GCM,data:zP2i8Ni6MqHpAJeVdcxr6V0eCXobcgbTyu6cDxsi4x4eG2HIFv7waxsCsa+erQgOf5g8+T5c7kIOa99Z5+Zq3kLAhGrIMqtZxn44oemw5Wl2U4ION2yZTdo/C8otpZMqu9rC9l+k4K3XiKN1Aqhyglx9TXNG6FgS8ygx5aBIBwUM,iv:spQdJ3otiZynCleiCG+u3mk/K3axKrfNtSOCzCGnnWQ=,tag:bMbjwOMCxi/+t+x0Xy0jnQ==,type:str]
jwtSecretFile: ENC[AES256_GCM,data:gVRyazB5RZ0fVrZ5/8eUuvJjdPBxjQg0vOrhXvgnv07sawti5Wj350UPBlBKthlvya8V6gZdBSl+Aj1nllP1Fl1tC8hDYb93ZmJdHo6CTicsu9lkMvWWfLe112Dhuptbg5AQAlWLu5TpjSGMT4UfXpLlKYdrzaDnIcWBAVn8k9lN,iv:hcHrAK/squwRyXQCx8pJXxVpq+KtcRwCqJ1NQpHpnL0=,tag:eQdM0gzYNw3/TfDBJYrkdg==,type:str]
sessionSecretFile: ENC[AES256_GCM,data:3Cd1DHLrqG1ljMcD10o9nqrkc5aCRrJ6hhvdmN5fIU5xeLN9veTYS6q1qOiIRXIuMoP52OgaEv1J+khVf/fodfk=,iv:14WZD7+S07LTZhMgHG8mjvE/8wdeWNyG+s5n8ZPfo/k=,tag:wFDW9wthWJvgzEg8a1qASg==,type:str]
usersFile: ENC[AES256_GCM,data:uJ03GLDPWWCeTV/FQNdkLfpQiG4FeoP5LnfuW8isHDT2dYhTnDZ7bTb3kTH0lps+79mUF5puaX3XrUO0J1cUV3EjkJkgH/FMnQ7D2mA2jJBCjmvnVerwRDtNJXiwtoM7a5N6RQl9stwDCZE7ODGs9YIqg//HQME73K+l4Hp/thA08GKG/ionT+f7ljlM+yL++guNtp/l5dPZS8/OXfTMBL9jtLlG7AmXbE9hoWcdqGK3OLxGWGdzrxkdQByvDrIxYu9i77o+NMRx0JU1LN8UpMQAYVqmBnbln/zNj5m5iuoa5cwpTKvG5rI=,iv:Iwz5tiUZ8Hr4ywjdkEXvA5cl5TZeyz24BVzMmm8q1vg=,tag:PdXguz6B7cpvUjzzMRlsTA==,type:str]
vaultwarden:
environmentFile: ENC[AES256_GCM,data:HUFCO4di1hSEMitCSGy5wiDNPZ858NIlW/BnaxrFkE4Tws9RwvmhJ+l89/w7A0VGHAp3yNC+t1GUHgNadA15/Ymr7qL8Zby6o69CqZ3tFnMFmBJ9BL3ni0v1E/4iN5YFInMpmM+c8FjlGfTU2nRRu0WUOGR+5s7C8YSGILrDR+jr98YOKuTfiEKqvsGg8o0dc95CjhEtejeaVGimt9f+bWA54BPGkCT1HzD5boAoTwVbD4sxKDP5l5SnBC+mpzX3sECFkoE5E7SnQQEhKtrL+IffnMrcA3nG6AAyAGODuYZ7VNYQ3zNWBhR2nP0ospDelxaTu9aH6IMgMn4h4Y9LU+nCSHkJGykxGt4W6S8DnHxiaqJCpYwAeOaWFlItlsqlMSjYR2nB7OgUHIv5HLaC1Heyn9azZc/HQyHEjsDa0EsHX8HnmJ6kr2PkAXno+zCBZHnZvxKDWPfV9QqUPakZX9VwPg724zFFe+4OsFBzRiJLePA3hXdmnKJFJUr8cFj0QC/JXlkG3FbfogrnBE2BV6YH8PBmjLuZCII0St1LwB77YPcZDbNLnXUbbiM5/F+fGy04qg3/97sE7Sk/ZXh/Yv+SyvrqrizhXcnOlaciC0zY6DGirHzPuPAYraCkIpPmvTV+MGOICOg77sLSronoN7QohCw6SEZdPD9wSDpRMcbIs5PjfqlVu0rziyl8D1cbT6pmktrGcPKnzKeCpBJNgKE+EwwnB7Zymfj3xRxLZSl/x/1GPFuFtvDvwcWWBIU3IDEtI1zaH0PXbErtuvrttIYWx0+Il9VbxLpxjYl2NxEwfwdUmhU+O2Xw18h8leyu4hfX6a2BvLzLR7cLmSJdIeWiW7rU+qy+H9AMZ5TIZNgepXcN9TmVfTmoEm3HCzG+WJD66iMkdspkggpOxxyIMXia3ws80Eht+m0lrSM2eU6NFfVXxixEylQsxZJuiTqof7mQ71OlGlwWYyY11w2QZNeWmmZIOWwrH2L4u7Npj0qUxurafWOFr/022Y70BxpYO+CKysYppSjTKhiPLS5/8d0u4R3a30gnf/JigXisE06DiLYV6LYRxd003Q41A9UOUoZ7j+A115GUqwAuyD9mEHsH9e2zb3bF+a4QCQ2EaVTaWLHWN/pKnDTY4tSUnpr2HiBcF/dRYh9hMZ3S9khiG+7mj/8Wj1eHMB0dEkUMlU5HE/3Qgoga0oKmATekv6gFyRJ5FQxNNJH9RMN4h6ej6BxDbs5g2bdNScs3qPahpefJA/ITipe1y3qrsfHP4dgqGEn8oaiQxDnNvf5TwbHoX+kS5rlLi4x42cS9v8Ov9oZV92O3c+EuXwDVKW8FAoJh1wMNkJhHjjSCVmQWG1UQngkl3HPDjuPadhec0dWCxQh7/TIaS2JJXeHrURYSLmUV9RlzhGYJqmCZbw7oLU//EukfD9vjm591gX7U3rhu1aQNioZWdFtoGj88BJdHtSa2pxhJnwhruDrwpLOV7xXEK8FsV0SOXWP+MNAgCCWxL2KoLBqDvbr21x6rXS4a6M0+iYxIEIZRsODwTKW7hf+g7mLdKLTIv8ptJVX+zhCaFOR0JMAm/P+L48FPH9ccEUoNCwlSnl02wC9oxB+bTvIDnE7OB705ezwSi8Okh8V1fiQopRIKSutXVhMN7J+wda3Y39UzdEiVr/Qzf+pVkOY2RBp4pNQ2G4Umb31qbtamxOf5JoPqmXQhFopdFttC+iHNa0b13aj4kQITUX/lo7gzssSHyTABpkD5mBaA4HRGkVDTo2bAwsVttVH399NYXmSoGU8XKoLbtJ3caa38KrxN8czTl+oDMurds2xrWHIG+fU4nHIeRW3HxuTz+1zwuYoZD2L+813VEZ3+fcnH1AjdoZ21Ioi1P496s4v4huLC/NMq6A==,iv:n41XecN53vEw2xzCO+gS46TwH7Qy08Hra2NFJNHTEHg=,tag:4ypcVk6TvJbDoG11A5miCw==,type:str]
openai: ENC[AES256_GCM,data:aFNl4S66JSpP94Lky0x10F5mAJMQ7XWIOTmFjq0IdZYoxqjHZW8nnwbUcsU4zHjBNrFwEyZJNw8QWWoA0LHYRIJzdiCOFk/xWTgAssaDSbXnozIYsa14RkHUma4fho1s/g6QgwFLtgtv1Qr/nlunwjp+m1d34w4MHjSNQnwcGl14ib3suvzorTkCZKI3tg1JGi3cCva0vYzpAACIT54dfaqM0tsoq3w=,iv:rFad2sTdvNHZ5n/DgTLUfHe1qjR8O9nTagsWO5qvbJs=,tag:HFEtMDWis+7N/+ULl7Fu5A==,type:str]
openrouter: ENC[AES256_GCM,data:KCxE/tf/5wXmCuEIN4dXExUki18hcbTOYWFuNIT3T4+HsZ0/Y/FkTmlivjYsYmgdZlA+o/Pb2i1nnkAVruIZJkl3xOK+10LeVQ==,iv:pvVc8JThQL+adYo3lyM2N+RrM1rVL8IqN25R6DTplsQ=,tag:6DuvUBY9PgFXL40Tv4SPlA==,type:str]
fireworks: ENC[AES256_GCM,data:NRMhwIzashk1oKPB4A8ExFa3K8bE7kWqLSzL,iv:awolsk2O0nx/8UutC4DDxxNcQCMMt376pbtBUFbkjkw=,tag:BzbZmZhLZ1rMXtZCwfdW1g==,type:str]
cerebras: ENC[AES256_GCM,data:WcdDsWIgKr0lRb/daoqmzl6E5q3ToICHMLJKrj2rW7pdDpEIZ95DtdNFGQE8Vpy3u9x/SA==,iv:1tZU5nfWCur/Uk54RccS7ldv+94D3CKPgAeK30PB8j4=,tag:IeCgemTemEcKr94YwQKevQ==,type:str]
groq: ENC[AES256_GCM,data:m/BTJoBCP6pxM9zPsf2V78BaHGrueakFjtqkut4fuXxluSlEXVDCCupWVbKF2Eo8phrOhxGcgVc=,iv:taiWwphOVhbLuO5ygf5iDIvhEoAxncTEQ8CFNKOObP4=,tag:VFU4ORxUodiGf9dNINYoww==,type:str]
mistral: ENC[AES256_GCM,data:tZ7gZatfyhffKyKmlbtiNEp9MaIp4cVvSkZbrHFaAKE=,iv:r9QSqstFiR9QrLehHrQu09iaF0PYroz/p1ENChch/I0=,tag:iOjSupJ5ZFAyAcuxXcjNpg==,type:str]
openvpn:
galadriel:
config: ENC[AES256_GCM,data:Mm0X2k2m8D+b5svU0N6/vKrgrukIwMReATwyLZYAtWtHUr0UyhncAO5HjuP7LrSqHHloWrP8oI8u5YqRW7/XgzcBP7u3c2EmDnfVDlRm/4FiFlgPUwxDHF7QDwMY/CCk5NbLzvcK0Bg5rx8KdwJSeVhYPw34gTBiIrFAFsBFTSV3baH7wmt+SMclXx5fcSj2tZczgpqGqTzKxVrQIVgT+xKeF/Bh2iD1vwyRjd6wxuXizzelhE7bZh9vv8jXiLGsoOtQaPRRpggmLlYevoRdRY9Js+NDOWbcxs6uoV25dvJjy/qOo2p77bYwIt0uZ3Jsl4xeTU36gbk50Vc49S0KCBUockGGte7h18sV6eA6otJEqslbjDWk+zriBNcWgz1sw9xSI+TUaS6iT1nAxZZB/+uEsWlvI8k7tupk/S6BszxCBXTcQoZo5U8mWnjluT8igmsjMCoAFDIMsNea9cYD7OuuiPk+4Sx1Q6whznwk+RIYe5+RDz6Viufq/oQUnAGYln4ulF7NEkdF/9+qPj80qaeU0QqQ2baSMgopVlH0mJsUPOaQeQ==,iv:C2Zb1DLTMlsEqQ5/UUrpT9k5Z51YYGu3SUcu1F20ydc=,tag:sdMgyA1U2wrMY5ZKRbXoEg==,type:str]
ca: ENC[AES256_GCM,data:zB1E0HtMAItleGNQm8PW/k7FBaNRKH8syhwGl0FTHFMJNnznp4oRseVZwU3Al/HQAnRYa42YsOGLgiZmBqBOK22zxHEf8tjBNMBUusoG0KGJZSrp52t0B9/30VrDx1ppOTqfUyFudGQhFzDAQl7pmH0EkC+cCsaAg9uNYd/z1/FveKMc3ABY8XDTCYWuXz6A3oWJOjuAiYII5kNr7288S99YiRWgV90nrgg28hUFCezAUQB/wKc818X/GvpWga1sqgg/OleFP4Rq3HQ+hSsRO5lBUJ0d+8UEZpgwAlIHl/x0zP7zOSkxgiP8hdnPYXdoKqwChmzacAp9vVsB1xBJ86stTmWrWw+x1V4+DlJ0+WZuRAUcqKKPIHfRD/2eAsRj2dKPH34idhJFBIxZlgSnAH08oXGA5URw1n7BZQNbM+NQFeZwn3LnbDBXgSfcHDSws582uotW4R30Z+tPJwT1hUxSrhqc3kgnjXL/Hu2UAhmTiCGtoevaLdCXgwSxr2+41wVCfPKem9jOhspPIOYQD37tQ6LeS6ijrBI7lTHfMfwy7IWjGwjfIa18FMY42++zGwUvIROSN7YXh7XfSpdGEVDBQic3MP5GPkOCEls5ztlB4hx8Z7YFxSV5CJqpAJzOlwkWzl+YqBotOp7f2rkPIiRbzjHI5lgv4+XLvW0c7XF6fzwy8ufWFxJmFzjTJ7SWujeR/JtuS7oH2zODr35O+6H+xLi4548SwEfgaRX00pUwpI4GZaP29rI3flCVwN2JMbNRCDpr4r/Oa2IK/asORDJA5JvbhJQHIrjSc9r1WtLk+NTFQWRqg5JNYsvgUe+WBD+DndDjrmRXDVtDTSZj4efICpmerFU1Ng/ykWtg+/AGIb9lzNU8xCZR7uyTMmhII+beahnQK+xVsAaXeXFz/CfX14p80HsqmcFv5oyyfsiMNkeUCt60EiQeh/IoUP/TJmA16yAuvM8taIZmcD6ZUw30ShlcaHHHM8Lg5f1e6hMr8pWKTpweH20Wc0aikjqdNruH5GSkaD3YMpzDDEM0HlI0R42fVI51Oc0nf1i66eiucuWJMrB6pMqRSHBK2qT8tYIe03Qkbjv3aHJOVBI7AZmFpnurkQAvHnQGcERi8jJ2ePvdKYm8CTV5BiHtfeX32f+zn5i2oXxPurwKgOdE7dBS8ctIv+lW246kcRXs7n6Xoe5xCxZ7QYcvR5Mrs596eZAhy/aWpykfVt6DIpoZDcXasxWaA460cMCxGcD4gWDx3bZt1AAZ9Q0FF7V75bejb13yAhfN9mAwnIKaVgbTFhd2YCxX8911Wv3K/dSQZ95Zj6lU1dZJkZiughAZhse6nyeRlkDzPJGDpKPUYJDmLaL44e0Ml0B2h9UUPbe21rl/G55sGxpSINLeayOT89Uir7c2OS9x1vvJsFeQ90Tq9PdjzlJlUAQgpp0oXN1nKDGogktt8PkSOU6zWXdZSwMw51SVdDfRVdlqH+0BHwUDlwRS6m6ZwFkop1izHMn6+I6YDdl1T/klDOPWCT5qypUE/rWbaEbj9xFUIYqk3h2VoYEwF0kxTGw3e+Eqod6HdmYaP6f0uGJl8yKGXMX4I2b4BW6zTarW5A48C4gOWhp27fCqdhv/Wpe5zKH2bm1qnAVsKFpLVbVssPAtKnGmz6iyh8zngRM8blou6gaYEZdPM8LiUm/KwReFh/myKKutigxFYLOb1N0c08Gn9RNfBuvF75EmwfmRP6ZSm5H/lFXby6St0Ge35p2crvDOHBNxzz08/1lYLXslcT59apGQMG2spcN/IBpdWA+rV+SrTY6ivHShkZgTjQ/5j9W3gBEMo689FKP1ahjUk2VJ/YuSFS6T4/5Pj2x2U5DbOH6thRCq9FxZfsmLaxH532wNcwQM2oE1ztw/FPJfEjkPYEhxMSnLfkeoVbqKvPweH9Utd11Fva3JPG/TGp3TZSc1/AjpdmoXGcdW8GtI71Y17Vc8NCYhsHIGz3cL2zzMCVzUSqhq/iHkq4t9/Ni9yHlj4F2UU6uskE6uf87meuaFBTR4wXQ8pxBYinK7/g4TEsZyAsqE/mfyn1w9KQlKzsQQXutOHkDSix3I1pAOVf1STakgudnBNe2Rvj3Aga/TRBIrQ6UNeFv8XJyuNPWunpMU+4ecHxLJHWc2hNn6ZJ3rkCHUeZcKZivOOR9vB9f447+yja364/64CbaJj4S9hwMo+i3W8hcmNaorLpPdWE4TvxjbHVKgc7Q0VISi9cMmt+N85oK4Qsu8uG+bDE/Ohm1VLKW/P3z2njLI//sgksJPKRWu78t1rUs7wuA6qh6FjPCQMUBtc2tiXs3xn6GFW/Vsy9HU0F3jRIBz0MqLbQw4AVhAsBhIs9efWxDVXXDV6dyg+VmtlpBy+E4bVWzhed0uhGo90t91arTyYoKHRSjQdDq8wgtvE3uXMzo0QrSz85+mN6Onwt2yPxIJQS941gIpBnSg3YnTBd8xA2ktREYzmHkh1aPxkvUrUzo50Sg13EgCq7offXTcu3Il/w+N5Wm+6/KMuUqXfPICdfQNt6l9mFRzujpPk1Xirj353EMPF4FkvWqrEOXtewQIi0TpBeLYq+xVsXStPltqoNsY6rbUuexth8LZfZtVCwkRidziGZ42eaHP9pc1rQ+ZpNVyVCE+b8HLyv/M/eI8pvztJEyvWtDtqS9Mv+QLzBZpMrHZOFTnML3aMxR+Ja8GXtTHXwXaR+vBaJFQjxd4XpVkfqX0Znsp3kKCoFoTSytAYZcUCSlkVxYLtxfSLDZEFEllVLIS+a5+OJdcC6dzwOveB5DbBng5tFe+EKUgL7ZIRfKReHZMWL7WRHLtgfeCyQeBvDYNznRmOxd/S9QNVyegZ89lKDcQ3CtsvuGF8foLHuPvkSsjfiSkCdR+MoBK3xwuTuZ1ODf7UUVdqzcmrljoTitjc//EVwCW0v55lWuf2HRmRUJIlYQvytwIQxh5vCEfesk1CqfgJ+bPyfKqa+ms4IMehe66UrXF,iv:1PfKLDXQTyg5CanOFnYQ5TIlHMTjEFfUYL8+Zw0xdrw=,tag:rbkP80im3Sy57LVWYYMN0w==,type:str]
cert: ENC[AES256_GCM,data:HbrEHHvN+cksh0xFCIy6ELpclnxRagTTjGh2t/cbuMCeVk9oMWLKNJEdjfVRUUQJozdWl0fCQqb0ueHWhx6DxJ96pWEiTK6cbM+4mulYEcOCxdhzLB93EzzW1RkWj9MYOmxqmrL006L3WBm46raVF8DKC/l1FF2t2JZtR+FbeKL8pBc4X5PTbmiPpHq5TiSAxN/OAEAHAjRBoEpsnXxI28v4eWwffcqjzFPdNZoEMJiJjzifn0gMuhzX612w98yHm82eG/1q800PO6nQpoAIxkTGvpw0BE/lKwLfxlWraYNMYShZAH3LBNSazJveOZolccnGb6c+cyJ/k4/wauVCGrPdqda+kH5xa0TYMq0QFGedYCC6Wyz9kh9ZXqny34E/EjEdbCAQzkl5erfxHG1w2Z1yFvYT74ExLtUvTUvZoolaFZcjMQsPTesQDO5C1N61SPo9reJF0aPVzckf4sy420DCbf6+scWlnF27D6m/SuvMqB4p/37mOjuxQVYiFwgNqbJdCmtAAGrS0cnuCDgosM41MRNma7h+5U32M2ZfqfbmLDGYoBbu/i6vL8wRGPmkcBlOdIS+r7UJK+qkWBH0LuBtZm9G63uYS8DRvj9fFlzIWGfHmk7U8PTjQX/4fjRrM3Ac+RBKPIOMP7qcvKAAW22M3vnud9nq3p7eR4twhii4WFZS0/2sNwMmTbmFr2G/4f9hwAKMlrIlv8F0XSV9EsQeybEZUMbzzs//P1wipKCT/YpygNDKQify7bJGk2MiQEvbs8plFJhJd1UXpO28XbLm48o/HlXvo/p4vtNo9SuVe/g2ic+dix95Uvy7RCQSo7S9WemjW7XGitUJWpRsJWJ4L/asYR6kUC1KJbSmhTvjry0L+iqrtVp7gBN04u5fvOS5cmmN3TDRCjPEXas6cY4aDhxD4itqKBVEJiP0ok51rrKznX9Wu6crHi1+rzsHwdoJZxCEbs1EDixDWhEUWUtiDfkxP8MrW687CsF+BQAfxfLzuR227agUjd2QovM+swzetGp5ch8tYw7419BwKmoZA33CXsZ17uhFv+LX30vnPMQ5RXhlLlF/5I36O3aLKbn0Fyk/388uVRa37DQlQUCSG6DvFTgqJTIUEmuUMjuwoZiwQDYe23DWQZigtCQ4zR65+oYKe1sESPCixqPjH0wKtanaFNS6bpFC3qWd1DyBjVlnPY1LiBX+uS23KEdhdt7RTzUEbjsT0dN+pxz13+Wfr+TMwAbQKtrSFJNu+NPUKGgOsSRj0U7WSdo0ES0cLW2LnjyaRCHVCeEEcnnMz+R5hbPPLv6DkyRG+p/6holtXabG9ouPqrj7mhoD/UlEwyxOVJO0c6N12icqcTUem80Q8JT1XenB8uMlxWHP5CPSzIsRskm9HrEo0bqPkv3E4kbUKQ0OwNGNF9J8MX1LAGZfvByjsTrdH2N0BaZjhQkv6j18MlomNnRxz2/Qi/FQVDSNmD+lE6uqE4R8TbKfJhK54A0poFdt43hfAKiSx9ES6g13qxQ0QIJWTgnxtTUjkfBtBUFLFFtsKAyAznBOH6OFTg07TSbbuDlJOybvW/jjuvbyTvCYtLMaYb37bKun0yF45C5Ji1s3B37H393pMA/7d6leD9m2IxhdeR1MCwZG8Oq6BrLqCl9kdtm9VGRwLMlTkPd7YzaNikVoEIqyXJI+qlxok+hhUd+nn6x8mgzLLeHIv6G/mryPslXVzl8OE2yG2b1D4l2uklb6I5lBfAfMF9COvI0MgHqccyfeoQbvdRM8Sv2qjfWi7/FDmP+Jmjr6t0Ky+eNFXd932Ebk8UHK/8ZGe+vYWucijayQM9jqI6QYx2XU+6SbRBGpZWf2C9avPHiruYi0aZx3/L0Yci05uUI/bocpzP3ehigRUf/gWKN0Nvcu7f3JPweOYpEnr7aWDIQaNhL0RFqa6O9fdtP9Qr4CiuvL/jPnYiQdUpjEHkHtg1mUft8xO5O53pyC4apiuJTtjGSLAnuCO50lIQqrmj5SIXJGNpdtt/ErSqBS+EjLMar3UPNhIePQ7TIClMntVOwM+TJy7bUauKurKYwblVcfe3uYHmL8k7GRLCdjO8e9fqNNkeprwq6k1p7SZs/84EbIN6T40Nahx0sB6XiMj/Kj+iXsQRzMusSwNnSgdwMVji9zGYE/tnXzdUuFcjMiJHHh28La56v9eu8pt8OMK9dq5xEqnsPNjRv18P+Xwl2wO0CiDoqxDWApGJ6vkz8OQ/QZGCEqDoCCK8tua1wVna/xeJXpsvYvOp4A9sdQoJwXHg1vjFLipBZqU21+ArLetVJWL74W+uR07+dBqxS7u8vJS3sSVEDPZcNXGF77Nq17TqddTBvkMvL/d4QL6u1ujT+jP5w61mfnQnUgztnSBGIAGeJsTV6gbq/cHpR3hHlsBZbONLzlKZmUf2VlmQ6Y3ISJoX3qlPjHI3EOFYlwt0jGJ2mbx3g3dOqPpAjJOVmcoeRvPu+JR1Ldsz7AxJ7wmHFdwsM++XfIwK0mXpyeVvbj2K4TeQYDZ3M66vOaJA2P+0T8GJj8CTlLkhLlXwdifyI6AT1+zGzQbYS1860YEhUGCKGF8ybtoG1MumKvtifYzz31h8oEXed8bYVS8PWgbTf5pHo2i6Kl8/+mR+845KhFocy1hGlj278iVf68YE198xm7p6Tqp047/umyogLHBkExrKbjLVMah8x89oti37NTou/kVzVn4qrHSjB0DOPeVSz40536pF556QadjXUhEkVeg0JgcBxcC4BGT5JecsV0BSH6iQDOYtIGTbPJ572boCpmxghRhWTv9PEtZu/aI2KYCI6NGdiDvpV7K2QJPBY1221feLqPDXyLAvQhxYqceH5H0hlNzQ6feS+Ag85LFkYEKuj8W/fpXA/XKfg5P93BN1LDy1OmJSEnPv2EY89TqLfEVCwkpsn0qYJ62S09g6F/9YYLMEcL0Vtl0Ug77ea+cuCNBFKHIhJaKjmY9xwYRnoARW0oWiTGPRt0VQHHfbf6CzGCE6UkonMRdYgdFeasTs3vcQIDDpaAoT4MDxBoW5u/F3acrXrfqstLKn6N4l/wnP16Bgj5H9FJamJOKyk7Sje5a9PCDkhl3EDf6+cH9ayJ/xtqfXlD4SF7ErZOAJuT+aEw4ln0aTtLEP0MGZ5gDYJBgULMEPCJ9CYJ835gbuw/lGrs,iv:46DOOjh6yun/FfespTsPgQdN7/z6EVDUEY2V3OJQXwk=,tag:LDEGXAIAJ167nHmie8npUQ==,type:str]
userkey: ENC[AES256_GCM,data:d97vYqB015apVAPwp/QCbfAs/M341xJ0VKTzaDX/2h1A3pAI5m49SF4iWq9RCmtZj/lr7MTK8gj2dvpY3fGtqY3NzdcbOgBITwbmkzttkA+5Z5nW4rM6hykH3nR4CibCDj9pEGKEr+Pd9r9mIMgzngD+ERqwUeAhlanBXGQzHFjwEQeC/x6RUfzfFzYe5P72/zDOpRRUMTIntmfM09F4QCv422jl2orQhUPEjfywfR8vfJSSFlneJczbMbEW7sUgrURJa8MipsMQuJWVzfiO/39a5Lnvu7e/5tuyYhV3E+jXnrDIX1h5hd4oIABtS5Ly2tvsB8Yej6El0x0G7QkaYFZ2ixUWBgD0bWJBpus/AM+LlNnix67TM2/EJvr2H4qkSHzRsldKl2r2Yaw1DxPkJnrzn3YjnZTAzVDvX11EeNSMvJphwLMyAAF3WS4k06RC17+KOOoxgzzf3ZnLpaNpC/flKVXtXYxjBYLp0R+YDlCvJFKCNDj7YQMbKTi148d8iRBim6KnrpO58mkDcfOr6hGnBaVnwZqTS2WLPbmWe//CfthxdDhU4wHEqC+++5RnDNKdfjzSxNkzsEN09tE7pGCkYrO/BIqsdSzHphNU/gLrbJ82nNOskH66iNLfRv9fVVaJdm0EvAso5bo1KX3S4evjlkvduluO6DsnEF22ofN7lpvjUV82VYUb0uMKrdVuQrs4mfrtSLjkhZRjO76UoaJ7XBOPFlMOocwVojZnwDOf3ILjlC6IEhwAJPUxBcuIcuSukiLdAs2fkZUUq1iGeVAHvxTp4+y7bCrFZ2x9P+eUd8/aF50hsqB7s9imjlo+HKEocyAhtL/bQKikRxTQaKHA1EUcf+xTiGT+NzUjzKFhEfpOVfUF5h0zgXievx7HXUjTLvX+wemb8v8epFPeU88F/oaYv2Y4hYFenYpZp54W1ifFwOPoZF0AJA3YmJFgFknlZlnjFAtJhrVGeFzgaTH2adj6P9aVGDWBtj153LtYaFCuv6bVFcHhgP7hqGBstWG8HSCIKGrgdWKJGq1S6xM8jQ0HpBcHuJPYWmkZnPrXiiLjsbVtQVlBNENqkdp26xItbtMkuEIflXdzeLSbI4IWIGo1w0+kCXHlcov36zRJjD+5jwihxtXu0brIWWyyMMAPltD7zt3d1eaNj5x0Q5Qxbup4aVLar4FRiXXyeqehHYR4f4FjBEkRLN1Zwz3F86ANSh7bScmXMcHh4yK5XXn6oScSMdtjVLVmENLCGZ8g1WqskCUXOEtf5gx7KxFfj/llrsBPUPOQZLN1f8qHn5QxvmiNgUtNJ2jUXPSG7gQLCx4uICyX4XOAJbzJbDqGDRo+Bkh2vyDo7V+NY625Vh4IvbWQzJFbPcu0M0qyBUaInOEEiMLQ8oBlAClAVxK0WuNzSeTTqMDfLNG7bbk2cvZOW0OqU+8LJ9A8oAV+BPjlUSuGJVwWW15M/tEU90zfRIYGdjve2TX3VJeAoWXPl/Qm8vv+54ZvisDlfkw9YHbR49mdTwo1WlnXrX/jfAhp9vLd+oRSSNwlbZTEEOjusaUORMMqu6Du3rBIKtKAKAa47eI3CLNcjCJMWT1JUdUZGtm+9+K/SfBxLx1DHO+wLIjWmBEDWpJEwXo1hULEUMpefNRdoLXZ62dlQNA3qqbEJL1MmohaDUJDxUkMBqesR5gJD6GBQV1C3vy5+UFDboNsxYS0kOwlgd2cJ8x5G2TT1RfSjcGnuUiz2xnqZl6WozgD6Bmc/loMj5JmAE7BE6GlY1tIJXJPNrDg4uJEE/W5xM1fyybdW05tsn1d1KKR95d8y/NfWcszqyQjMTXrul/fgJ48ZTaOScDd/Q2FlcYcyyWhLOJ5G2y576AGImuZDIgcQhO1qHHpVCk2CCeQKG/QZciTFNOmfHwNzY4KwMBx02dVysh/ZQrDD7XSVdCad0TVCB5lKTycVdXv06TCEgnnQZIh4+s1tFnUDuVrPNUWiSDGbk4IFaKi9cxZtFGcDNSbRtUv6pmw1n1J2CddPSR38PphX0qeoJk/wooQHXPqvOq9YZduOd3Elv/O6p11pBMTh+2et0ngWlVcq214gGAh+6GWhj0JXd+EfI2A1WjZjJiq/7p59d4Cf5nD0Z0XW1LQ2xGFyO4+2+RvMkgNVZ7rYQ3mHzbFWpcWdGrj6LZIU86KgclvnfJrZoIL7PCzcSIAoAraSAXTKy072ENFujMxyrfUOGI9lFJlfgDJJfqSXeE4Rp/xXiFYBaNsCE85VQ8cc7Y1UnNq5REYviMATvBt6hHMpqn3R+iL0Cva68UE9TS+cN3DJZCukdn6vhLIdDRL1yab2Bg6xMa4AShBRfKFx58cmRaRRpvcjoLdkSM+kU8d+5McfwSkNcJv7Wju9WNVQstr032I66WgXNc/qqEUe39AGOs2x2Qx9LQvvRuyVQzFbkzLPbOaSZOkW+VtEjPWhv/R8aKqWCcL8e5iOSQt8KmqR/JXZjJAsbcw8o1QM6PsXWY+vfnKxYGWRZuAM2doXSxrXg6qPCePfI7OGaG9a6cG4MlEzejzaB1vcRs3nPIf1PYergvpgkbTcE3JoA8IHrtcBsMaGD4EbbO4u3O3b3FXwgLhVOTX4w5NVmUhNLYE9BijA1I6OIlPkToqJYZaQfbak0NRAojVOrp33c5hh0/MaXVIGopZVfmOqaAO/5PAlrgi0Xs+TxgalflN1fYing5b2K6RJj8NU+Ykafq8W6DvOgdVRnzsVadHGn/w519MIaiCggb//erKVVSOZ9BHjEv0120NGHsKGthhIMpbMJDxx3f5kkC2ISoy6UeaINWjlky6g0fIjEdZFY9tRytPBmtyuCdM1kG9Jt9XXqiFVAEJspLvtdWSXx4g19o09v1GSGOfWvrJHlA939ckUQbWlhiNrk8TwFVS/K2R7VBuUnaaAzWLII9mu+hb0d2/He9/uD+75oztTUx2zhnh5LcqVdCpIjxMRELvkZiFzJQCg89+aMwXwaIefBn7yOnLCDDdHBmi+47hVRuFj4ivbKLXaJmAKg8iMtEpcmOTqsKDudGwLbwoupCG/HzTnBeyxOzVCrtnyDBXdX9ABq6NuzHVgSy735iaqKmgwNPyj4kR5rCYWejlL14H1QaMi1IFqkSuo2p1xN1Z7IgsydsOeXvwxLibfcuOlV6Hb55sZCV07Vu42dzaIcYspndP+D5aFJF34q2MIixxtingQ82o8fZa1Ma9oDuVsF3ejPAJvlM3ATTk7N4RNb6Ce9KJTNb3JWiLIMcrPwqQd8c31ik4uIZLlg8tQtMTEqwYb4rDpsVaVlzBbDYni+Je9MRf2V7+aY41SCwXn7LpjmdQOnGXe1R+chGmbjMPeLL7Lt1la3HSSPgy//vq0VuziL0Oity9AACx1PVKkVTrGmgq5HN96r1zXq1lTBnU6i9vACb1fR2/Hj3ux1g1UmyVpFXzsX4JcvM4lRhUQRV8coEy34TZbsSLaxhP8TboozQuiOskKeHgear9hOpe9QxloFmxMxCUPrNbuxUO1dLiizid+yhGtiFwUgcvuT7113jJgRXBZRcws7TFiLSOf+4akQuNkOymZ1qo+8hElWXlo2mzgU25DJGhZClz6aIlz24lzi7h45dQ5CbnVFq1LVezlVlCEDfGnbgdoqRkI6kDtK5lEFynsKuP2bbto5uLJ7QZbf+KR935X6SS3qdDcEHqxLH55bg5rpwHgHzwVsS6jX5zRq55eMDheHlZy3NFwX5Tt+2aGiIShiPsNdynDyqS5J/kvWVx5X5UehxSaZh15Ak2ZR9rc5LWgfSBA+Zg92itTWJEAb+RrtDH5acbmLf4ldWavZxb49iW7NnyVFfAu8hH9vghIO6bbx3QVSmvF9TN2Hm3PB/zgLC5ub+hVdTg4qKfnfRvT66MQ5KvugOQp5BrLikUw4bbrsRY3vhLVIjAkw2H/Wl3mrmorxaJdZFWmhm6pYde7SEsDdvJ/pvdWb0yzgZx1D7p+hXfRYe0XN9X8+xEZgSNsyuqYGQ+KCS+/4+XEdHk2SIg4KmMUeevE6oUozLkNzDybizNjO36YbGo8lSIzH0T9X0bJODofACbq5o/Io6Zz1Q34dXLfMULRzEOeCzB88uNKnSiXzmmJfNfBJqIGx9ZSVTHgXgAAY8mDHElJXpMxUVO8w2J0k7NxYdM4V7OzPuKHElVM70BJE1yBizGURrsDgWcoqt1nWv9hO6aMp5GJIoPfWsqYxpbiOtDWoI55Uz3GykqeVXM/ej4n1ZOrpzkSRTwGo0+FUKsP6+nb202BEyGK6PIjRlKCi+FDyWMKHECy7mBJScZRRAQ7CX54wF1PgMPrraviWGBq9s3KalY9ptJRPqlxUo=,iv:kR5g0wvCQ3NGAqviN1jvqscgAYrGzHLqhooIljtJ+gg=,tag:A7Bu+iCToY9k+rf7Bv169w==,type:str]
tlscrypt: ENC[AES256_GCM,data:Ny1BCkSd41jO/BxKjBn5/FdM5D2GACxVkFj24rJA0F89nHh0k1wTfY7coi5aqiyV74QidSX5dyWseq15+ceMtZKRQ+lH3sN3zcf1xnC/ziHBS1s+i4KDPr5YfI4f3jDjC3kn4eXdzoqTsV0T9sNeGo22na2zCsqd3h9wFwQByL3cnElygnrdpyE2uW/RQWQSjlrnJMZr21gbPWGBpc0bXbnWHxSCvl0d39xJt4YGAYDAkZGyomPDEzFHoSEH+CwNzyVmdaE2ijMnb3nwA451PKRn4m8n8yCqVOTIQK56JJgfnURZVhgE0RiU+oZvuZ6vX9Btx5mBlgPfl2nF9fTdWpTbucBaPYe5f9eEE4LLonBy9/BPqwtk0fjUVtloFovMEXukTIr/4Fmz2bIwVRmxOfU83qeJiuJPbMzGdyrabWPoTWDqjyKzR4iEYN7q4fSCZWhl4uyYOFS8xyUKjWQ9h1lbBPAqGsVf7TXQ9OIJWMEVRhutfH2+zYpfxhiHYNb8aY0Vu9Md1j0DIdcnfFRwwgvaFE897XUxEP3MUvLaacg2ScYFZQEsuPrhgpaYKgnT1oM9yhgs4hsQ5SGv/2e4Oe86y3M8SivoAkCibqxQkSVOpSa3j485p+3HygFHELBnhCztXqHwi1wJa9TbtRfe9eVVlwthiNpQwyX+63tFd4WxjznRObZ67TcT2EAfsk0+FViXmESQyQNg5S5KgtHPB+J30SxulkolE5q6iEU3N0oTSk6igDemwIUO8VMrl66AcOD4qe4pEbHQXNbpzJP6yn5nPMFOlgsJOyk=,iv:cjIKuwyLtXT5Wg/VzinC2Lf5EysoxsgnEsHei/+Yum8=,tag:9S8pOkWo9yhAyRHVfGf6Jw==,type:str]
config: ENC[AES256_GCM,data:f9uDYNLHP63oee5lGMPsmZ76f80n51eYxd3hvF5ZhPGtCspBEOMLHRonTSEril1wKCT3i1DWR967lWTdjJs6KOpoX5JqKz2Qj9tkpXS5jnHZAf0JQg1l7jmf9/a2OKJparVCFJyNPTN5mzl3gGOyDGe0TIT+ZtP8/PCWsQNjB89Crd/kHSSAmIUb2fcNXEkxs6XwgsBAlhbR69e+06NYaRyX5ydVV/kDekx+ixpx2bIqMQqIdEk358RLCauP3wAh1FoqTTJ2eqLcDhuPySFol9cLCInWnColNdyb/0+czrEa4DiLrbFVXx7bUVwjd9rb+eoajC1e09d41aJkVHG1LxlSRjq1sBlI3v3E1vaUBJWegZBROEpqEOCKfHSagkmaanaBv/KMq1MFmXJ1MzyskDJb9MdNFKRQBjQLwBXnURts/Yj9ChrT51z+/bwItxt8XmlwIEgL65F/8h1+bUJGOi27ZAvfkixflff0ELYSPvQI+N1vFlF9QP6AmIFxF2SdmOSlYzTYIz0+LMejLltCEUdU2qdlZ0a9DuYlsxvnZ75JgWXviw==,iv:C2Zb1DLTMlsEqQ5/UUrpT9k5Z51YYGu3SUcu1F20ydc=,tag:wGkQ7LWgCfy0K3zM38JxHQ==,type:str]
ca: ENC[AES256_GCM,data:ENXxKPwrssp1dZtiWNEwbZGapNTMmDVHtKW/59D3yb1EqLINkHOd2gfQldUDwNbUnSh2nOvt69Uv4Tivqlep5LpSB4rGH1idbxtyWpjKCiaieuNggJ4oc5w4JuJyhJykJmHiYkwCgdaF635AKINKiOPB0j7obcASm7f7NWPuacSAMQLruVMMw9XeVeoHMGnO/Rta+Bdv43aYJD8RFqSywfPyY2LhxXBIs+of7ENXG/CF+kSOH9GCwRl4Gd4vdTxgwfm4xGa8u1dtobgYwNhhO+KaRUd3aFV4V9cVKA2rPH9shUOi6/CIe30vciHg9+ziq6l0QniM7kQlK7iBLZm6ml0ehHCLZpetgfWFYU3uJhWmrKYR67MEfmfZVmp1TykOjmlHihbCzRshsb3aktnGyhNqeWb3qPeeaAM1QtgbKIGn7/dWm64eubAGrdIfSyxT0MOaZa+j2Oo1mFjhqFJrt/bUtESodbY9ix1pbY6byi6ncRT+HK58aVwIg/JEiuvRR7Zee9dsnz91yIHnTm2yabwBZek1D+SytfIA/60WI2O/1Rc8u6oWRy4TSzRLGy6QgQiJNW1IDw6WWSTuKEIMSQb8MZbldq8xH2miwAisVceRasqH1+EHTz4DF5gUFjUrQhyCF3ae21JdT0ihz9TRDTsxva7zRqOvqtugDkzN1gqeNg33WnKP5egeK9iqVjAxhA49qnpqoCC8Y75ZgqSa3bN5EeBpZbK7bwjDpWjQBzEERZDUjk/BxA9zzYlDXoB9z6VHUXdSjFmhZHjR+96EG86YARliIjesiW1Ap/rfHBYXbGdE+N6mnnPcJbc3XekAC+2VkXDMk3EczkfQsvUmQTxiHk03Uftv4NKt148FbH30UXEsqdtFMxaqONefLKzwQp/COKArc6BR+nCu8zVmMOV7Ge/CrvjTZLfsTeNuRf2ay650C8WawpDP7ZjPNVtVH46iVUjfzaJn7UdYKuUTnkaOnw1BHj1rZiI/yzMoGWZOW5Uo3Fn664N6BXksazRi/fEA817XxT+PcrAxeVV1O5XpOIGvaJ1imHkVM0etGKMqOZmwYliLnjdvj6lOhb9e2FNDNRYTsKatcazL+3bPpKCvTCd/Rbs/Rs2//Ti+EzRwoWlKuuWk4K26QCAjaNRYVVdem7DCBdknZMs1QHaGHEughQTdyhd6SDR8ZP/wrCaR9JEM8Rfx6/1QMYBHWFR5Vtt3srD3jgrWRmB1EBTz1BuROjW/uUhrOKA3EGZPltqHk1Uph0ZZP6vJzyKy48ev7bZZNst5NDu/lh/+yEZd+ZurFErdzGQEL1SpDl3jtkzrO54HQdcTJEPdPpKAAFdi6oKsbi46lXKVwk+8i6Itxr+lejcv7UiZyimiZ8cncwP1SxYo3kJs1UwXFSGgea2fxG+qoLbpOZddz3q5hNFfdxwDDTINoynHzKhH/iFLo8QnyvduXzfwNaUW7OT/XkIIdnMFlqUVpA/d1omV3vPiEzmNlwPRPyg/5ZlFQOUTb5XNxmekIa28NFJVAfrWGrfIrhS/rFZ2BQ2TUVyj5QhecQPpWlkm0f/1xoCKQb6h1TFSi4+gjmEQm13GAl+/hNPmw0biSuiSFAIbxqU7Bgc3OyxXk+7Z8mGFbi3qJx2X9w0g0LLemA9vDl4++gQv/WPZPV5XYxKlcV9kg2/s4kjcbqs6AwDMqfoIWjJnLGU0/DBzZVUT2EBaA+VGL2wEtuLbyiJLDaiBl+hFqQDVcfWKWszAbkBy2LKw7NqwQuPTo57X+a15Tlj+r9h9vg+hO6Ca5sct3m1Mb7IANcCCwqacuBuJ8QdePxaloMjOqhfx8QflBxFu1+27t1ooWKazILoqL1zlandJE9aKjGrSDmOMBiG5CMJRm1ZkfvhQ0pv89cKb/f4/q0VyQCtvE8wA7o6JZ9bqDtvr52W8QiZf01Ow9yLi2YH/q7vvU5eycsmvqvR+0CrBCfoMFvVGxtDcAeyq1MJo+uvtTrfT7rRQfcSeE5b05+lPopDNDEmNij9CKIiIJwuws4tApltaSSegVYiBTjEXtGOyKhHbKgiR988iFP77PyxV1eKeeUXO/M+uJKsIYZvcyKb+UYndZKuRrMfGI1aj39DRoHmjiNCOEkxTBUeOy99J/wUP/r7onx7jlhMNIvJa1NlW/LWm4bLMcxl3No6/KOYBNiZSiJaGJpXzPRN8Ez/4B9hVOPuL73j/SAAn2OqhkYT/fV/wHnRGCOhgxLlV5MfYb6iubUdV19ti3gY7R6ib4ms3Bvma/NVQJCYcbhx+kOmye7W3P3eFeXysyfrj/4er+EX5QnlcXhdhrmvLm9TGMDUwLqGNIGPSAjfTS24lxconXWJ6WjGoW4tJhl6DPJrHWOTQdTmC7RId3g6L946/cqeMIWz+qTkQRVTg8Ea5xytIop6AYPprr6HPehfGYOkO3EbFg8ikX7jGhuA44R9BEzopHsRQr5+5ZGj3iw0bLvnaqXcrtv9rckLhajGbpIQ86MX5FwHND4AXYN/Tfe70j92J9NpOos8m0+g0OCtuyxV+aZPBfBz5CHlNZgIrDYlN6wu+O1WTzPF/lIPbibjFAdOayFwIcmr6RwmDKO9k/hd3D8mClRgpqaFO8+kXaxwiu7xagMipCoi3V9X+2YcU7EGIzKiTTPm0hxBJebUWrPT4wjr9RyUTgJx6deq3T5hXD8ULY6xLEmKkRsqVhWjpmsxsqkgcNNU3mGzdkrZEScMgeRO3dDtNs34Dv8MeerDnpnPeF8W2Tp6TkcA5TPi+gPmsRTVK8gMZKsAt+YaQR99vXhQR0JL7a3b1mIiX+drbxDM3Xw4jYG58R68YlP0ANtYAXgOWlTQlJods/b7QODbW9RKSm4kgExjwpa00H72BY7Rj1UFmezj00WG4qzwNmGyA4PS5zoS9i/rZ5yFYqFbsEU1kozt21o3rgVktx9BxwyEMAS3FcQolanythcvsLJzBqe1pA6jDdjVGrCEf+0yMpjYFiYEkogGK,iv:1PfKLDXQTyg5CanOFnYQ5TIlHMTjEFfUYL8+Zw0xdrw=,tag:gXjfagkBh8FX5wZd4LlLLg==,type:str]
cert: ENC[AES256_GCM,data:w90+WMeDkL3q5ex9n34fM+Efute3iizc0a6HOw2Pma9BpgaLL1NJ7bczjrNaI/9D12d3SAP1/BeONTEyXUDGAvfmJTx5/ZMX4+TWF8yrPPkdm5yQ58Aqkz3Cu5ntgm4xRxPnD5O2Qo1EQuBQlUpnwWqITmeUTmAGT3JYgAobN5Bkjn3h/d0XPnu+5f4jBVSTDFOW4WeJP1WdcYGtpnEj70wTotngoTMwLOKYDGppgoHG5sAxigGeXx5cPvwqecbqOZ5p6FJwCK6iiPGmopWsFgSrA+1ES5P4x0S9q/O3R5+XfqRh21Hjvc7G95J4HWA6LxdDutVl5yS/BQWgBAM4fso/tbIbwFEiNRD3zswa/1nHGTyHisCPJUgaZTS/s3KOL74VoaKl+Upsb0C48yMKJIrL8F3LDF5OjihUWcWX/e0gOJZ+rpPaNv2Qc12TNM6cy0TorxA78fyM9zStgvumi3HjHZ7ZVeMimfraNVT4qTcWXcXrDbfGORxAZlrpKwT8HWdGkGyB3GK9l3KW0nkt0VZJT+SPAII3dimRASc7X1ECTOTgHImE/a4GnlMzg3ik+3HRV/5absZwx3tkUpBtMBUXV4+HA8WXRUeWaGgg2sybC2C7X4l1ChefepVa0JbzLMt1X2vbp+UMeGWbV4lv2V5qlXrQOEBnSwQz4kc0bMoQxSh/p3kohWMtviRuWRq99K9eHsQyD3U59rs9d98E9DIwdH2/8N0/XricaXnSOHErjUTTSSTXfPawJ2bfKMjOAfOkuCHIyFqeQsLElQnR51lzS2jJV6OhEDwVEWElPsvRBxTpafSL0RD90iO39Wbn7FTTBSbzf6YnJNpLu7YG/jysiLcf3zVjarsk648WcXMnCb7Geemqn3voRrJMdKA79sZPNl6jkNi/Jbs/+MPK1VS3v2kLr64lQPctfUaWSL4OGrHRdrO4RVdO3CaDI2H5ylUVoKZmy6LXCj9mQjmvKrK8l9ehrVg0i7O39V0qNP06D5wm/KmfYQtIhAlXy5r8cVR2B4klaxfcG+O/JuIROB1udmNAVz5SkHVTBkLGzlvmV5XAHOVE5+7SRf+ncLtKHoQ6lVGJSSfdgFgqjjQnWKcICvkLL9mtWl7cEPxGg8NlLjLwEExmn1XUa99QZmLDlxFyiJZ8FlSQOngoGkA2ZmT9m8531orzzIUudImnxeiiVpZeTmxL+xKo2He0YBDnAIa+SCzJcM8KaNttVrs7Gc8Jdl1q2HZK8j/dEc31zC0gG+7lODwa9Ce+Lguu+ffsspaAwhmHA5qJElFP5gzBeUfmqDM4YJGPthPxpZCkOePQ6KcZGys1DuaMKfoOuBnFKhAoyP32dgnn8XAHmloCGaVxNbZi0kZZlY7YpubleJlDlib781EDc8WXXokiLSlVyKgstQ+tSO2MtdaEJ4ZWZ4V7p++MQQuFof0GCwNbPUabAuhqsX+6X7Q2LiS3Lakz4PUn1BSKsxWMS1C0GEoY5VBHXxukIbCWoRLCqBQAwjDDLYfUIUp7Y32Nwl0ZK7KqiYyj9ORNe8keBnWZKDHB9kjSnP4C5HQnyoe/fTL4v2mSHDeixS2DH0S83JmV8FxAQm67YWC7WBJzNZL577MQlIOArGGIAx7O5/o0sG1LxAz4/Aa+IAteebPmyqtXW4zmv0CC6H2HGq3WuPvZreSXOcMUOUpWwWsyloh6oZVTMqUHXjRvEL3B5DHGV9RFIBOAETkEP30xfl0FR5QXiavbZ+JoGt7NX+qu5rZ/u6Qx56URJ3cu2LzcGmb77cdcFKHV86f/rXdbAlr+OnqO0cXE6g5NhPr9u8j7Sxm/zTIwCVLod2coCnr/HhL0CF6f73IVWYadaXNP/tnOUYe3yEJv63IMYPQh//aOZG2BSuDxznQH1NnwNoa68lPzauK2UHHV1F/f7GEIPZJE7n+Dy5ai7Ysba91Hbv11rLXQHDypzUkj2mp6VIrC4I+FSKEGorbAXspJhuDnX1Q7mm8GOD8NxZb+rQmZOYRf+UG1z6gdpNwAlwk2bO6SeW0QCBBr0YbAAFA95uOuRpDphLQ4y/jcrKR11cWPetgtzBBIZRMT3ixq3As/MED542VffQtsQOAeUkMNz0UIMm0xIMlV/reC/woZwBLp60bhjlkwJP4bh7+6dsH9KF8ZS8jYn502MZpOTmhHJ9CxE8xVs7OSTkJTaDGkoisyaZ6jfwm18Jl4MkVjXXt0A5PrMYfOt2CbRjYS+BjUQIFZb46EWoWiPt6LV9YMaBv9IQ59ZQo02Nn4ZC9/J3MD7SZH5fWr+OJWaKPFiaFpTCyDJ8kDGq5i995X3vvKTJY8lOeBO1eFMnFe/RFyLylvGDST75P+SfG9HbT4hlR7+x9YDioZhR9FgnM7rts4pSzMZENlG7vPuzfmaTAOWxlL5F1TgaZoOnzOlc69PAPtRiLiigadRTRolDnJlFTHlQa5qby0ARvcvT2eWQGnoGCa4aDlPzPM+1pu6VwT9SkpHXR7O3HTcMZO/HZIUe93qVeZQ93WkkFl+BIlWGBAzTYJwKoEBvPY0lrP9FkLyMOLuq4BBf4RaP0lplBt9CczE0qriWhR5w48QyIv5pJRgyLU7hqOUs7WeKenNMohAy4lKiz/Njr4jXImZmY7mcuoMw27FbW+jzXlImr0QvjTpjhx4INb7iQOZTSXpm+B0jcKmxXtC3jmoT5jAks7UbXIi4VgQs2fF0Ypn77D0IIAlRh3UKr7Qd779vzHfDJAN/uqrlstzyCoLirkcLDacp1fYfmF89w+1GTKvPYKUw64fqRjGFLc/CYpLA0THP7GL3PSZo1RGl9nawm4mAX0OrE+BzVpblReAMVmxezGkV7+CYBZiHRJK5rr4kK/0lxauZb02H9MvmTVCpk36s4Mrs56HQX20sfFrW6EUQqDjrdicEEXYMTPu8tYeGgKJr2Oqin/3GEIR0BhHwh3pTjzPAn9Nh78BQFvCNVTHg24NB6SfZFWjhVMZM4qSvZeCoOoYerPDxTjq7jItzqLPhX8s/u83D2AHzHRNgsKt7NBnOOBtPL9hKSXsK5IsDhXMS1U89atiyE7E6TCIE52+32ufJgbcqhc0u03GWPk6KW+ZofEnxbVpvBsJ9+tj3j3G5ogoGxDnUshrA+9tGCqgOGA0FZo4qOhYGu14uOFL8GJpgdEECnsBAM9soz5,iv:46DOOjh6yun/FfespTsPgQdN7/z6EVDUEY2V3OJQXwk=,tag:mAicNQoXQFcUE0d4A7Frrg==,type:str]
userkey: ENC[AES256_GCM,data:qaJIx3uJPnRf/ZN3PUj8CdbIDZYwfDHG4APWlQTUBHtJqYZbP+sLVFmpvgCD+yFgomghLeeDCt+Hm7ti+XYjLRciDPZQb/CAlsdgQW7JbsGA2Sdfj5wwn+vF0F0BLO0hORcB4VW2cY62yuf3koS6IbgXeHRVmLe4hmTftZ2ILZm/nPdjsG2sktLklORG26h/zaLX8fe/+2E9kFu8swyFxI3b+2xDkbm8/jsYSN08sL6L/kCaRlmITISMzVOodrms2FYv7oYnKsyq8ABBnpYECRJheukWNIzcFiJ6+QQwqJUCiJvdJ2Hu60LHgSP20plm5SJ631KBEK8NelwRUhpWe0WBiTfilcmwGJUhADtOIaDIO5r6Ou/OfZupPUEQtg0XhElwWiwqnnnMA//POUxMRQ7mxbhZU9XA2BAHv+RH2SUq7IEgTYkOps4zEWk48yyCI7338hB6DOZs2lR/yWkfR/JtDF3HM8RqLVDB3b9BypkWwfXh/M1RlK4XHid0gv575rQXe507mCAb4KJ82RJSbQ213974e8jXRdMtERM4ZujcP0hfeqxj5vrKLRqVgyLDH3Lz7c9eYhUVS/JN2HC3t/BPdN5J9LJud4r1VLYR01Ru5U+IDqOi71T5jiASndrc+QQa1mulEGLIWj/2c8oe2S0p2EU+P6V5RSrqLRuYGpvCcMOs7ydzKBd3oHBMY/VDhpbKlZEw/Kofbs+Easuz5zBlLlPxc0O+AttNlfsSgxuTD5/NiUKT9+TsToSrBZQiBDKvgDpQjZsq2Clw7ZAvFNrPNTiu0sU7YCe4xO9gQ7RIcXzI6S1B1eoHAbnfv7lKE0VvxRCsfngK8Kp/NccXIsNfDCZ/1x7/WHmq9wr5XmWqY41rf1LFeouQFwydjI5iPp4jHwUzPkiGBkkaOdkb8Ovjjy4urMekTiyO5JKJUJCmtZiSj2DHCOBWm6nRQOFCenLHD6ls2NeUpqqsA2wna5DVn0EPvpaPIkmrdIqHh8d85+N9C8UbYDwAnEFvqcAIlFDWj/tUWVUyfWLRl0JSc1wQFzXavJUaLhhLfP0Gh3n5/ayALGLrLwAeUWQz+tLu7oTs27PaEbQknyPvBczG4I/usAzpdlzr4VfdKWfvdjWST1c5ZCPl4qS8T9+/5jOE1+g/y3kcZED9qjFXdnVpoSJfLx+3cY59inv2LMAnavY++zEV1SWIwKFgAgJoYR4hCKANySWY8kBxCDcRjdBno2rAM3xLfU6I1sLb0lm+6LBswOEqHTb9E20u8RXum9JUI/6iauhJHmfoyMLVvhD5XQyolbQ5n/r1qq5LOjsKWGMvo/AeosBwcAY3u67xyvNnNgrd29SBwOYyGYNKG0jyhg7HDfHFIpSDzfAI4IOyhs44cPGFoN759+Y0BNLjW1mqDiWpErvSaNc4zH2cr2fSCaGpEBbf6q3hMh4tRQJayxVSEeD2emO69UNBd4jCkHo4vaK6D9aSBEcpWR2SQM0c968zDcdmOTajsLzPYoIyaOgWFAIs+9A6f8eyqlhDfWIxp6e1fVY8sCFotZaDXRqb9/umCy0IqNQChuKYcB5oB/hvwwMMuTE+4Q4Dd7RXfW8ZMAZz3Z1bqimVhFeVXDkyT+8DXMf2166bLxxwxpxSCPd3XmmOSUiNKysTHykh5MKaPjEyTl7xgvbhqZ16k0pvkh+z5Op1NcU2tm6W+/FL1JV83KnsjC1jAdwMEeFn+0MAFXTBARAG+qAb3pGowYz/wNSsvf93a3JTANA609opK/7MK84h5n7M6TulRBw5Phnw0HUdio5SJ7DBRPr4kYGgVTMwWzxfOY3lDF/fnsqTOjGWxUoLrRXrZ8aaAHWaUYFzx52SW3J3rczRBWTC0jUUEVs7cslfR7N7VGvEXV9p9TuJOsfAyvFyseRIh66Uwi9Pwq+QBOadUttcT+iBgz72BEPwuIAcKre+ShoxE9cHGrtpvlgi7eDSlI1bZ7km+8j0TWryzKLK8P9N4MhspwRO/zGXiErAOoBe4MaBvMvjGCgCRFgnLypoDoeHeoLO1WvgskKUhHXIZV/02nBhhnxPUmJjzsqp722aDztxWKU1VX6lHooRFgpMRzOymD7XVxfZNyDrxuf0VJluIzZlFCzGpswgGnxocs0hFgTMePzhoMx2XnU9d6NM3hl1fOCCwV7Be8KjahNRc5qGChPS4kLzEyvsWHD7EiKK2gCYS0ysiPTNxKrcC9JFXqR7iX1QSQ8W5Sy5IBWYZWuBNj0STJ4J9VXImEaOnWnkNLcncwQh1Ty8OTDX15jeC7/ltfQ6KVjPj3iPs8cEADnOW7ez91vtXOg4dFhjuLAylipQYFIaUpjJOwNQuEcp121LKR1YXHeLRI4y2Cvw9ZL9HXZbB8yQR5/NNba2PScDjfg05ZhFb4yFfcrT+OOrvO6ej1mX4qPzK4X4Sxzi+c632Xi98I/L6rKE5WCLg0dXPUhy4YwD495ZoCFfT5hzNHrNjeCGG03mVC4qLTcopwyn4TlcN+SnZEzI9kVvTwOhtW2J9ol1GNjiGsmfDq9I/+jOfALFQgA/nFVyqBi14pui9yhno6WDyPGifDeKsoNBoZq63lQ/exxGzTH/sPRqeumAUWU81n3/4FLcknH1ssucMC73scO5S4+lzpF89PFCV5Qnkcghzu+vEC5/Z0roU+jQL+wPpjnq1QAuX94TX0iLVozSmcPfFwv4PyzqiCRK7dbk8TtTQlqdM+elzKzKbQkUQXvY2vGTyKnZxJjrwHx71QuEYMfu3QqO7v5XUJSayON1o/RcfQdwfxenLaLOzXYPVod2eylalY7vXKtJOclz0OsCHVL/IAs2p+qvnBhDi2LcBKFgYRgI9ZrOFWGBvk2hzNjieQtM/a9BAcAjzR8jNTgBYqTQWIuloJEjd+KtRC7S4qFVSwp5E+2eFD3QpBaf+TFuDCvSteWpHZSXIrrLEGAichsWVHK09KKGsFPb//S2bEIrHeMYwPbDZ4JFR5YzUJTnfuHFCAGxsL4qali4ZA8BlTEp675TwJ47FWpS349/10di0DbIm7+eeQUVv4obn9sk0st1tDHS5kWsWQq587t52OFuqwXZv+GdEMn/jfo4F4dEF61DbkXtMzMs0/DU9x60m0pp41LvJQsm7GyGjvtUV0ltD5n8lF40pmVZnrcrQb/VSd2mLZbkTl8K+1J2rDnel2vf5DcUSysTha8o+g0X4fqMeGnIot71ZS7bqtzYzACQukMYkSxqE/vnalxN2G4cmP0RCSwb4YhOdgsKjqUwEr560xv5M58RSMW92cFC59CHtu4G7rPyvuA9Bp6lJnxsRAfPB57QF4aqYg0VpBTpP4MHdeVuG7v7REATjyexnjuli5BSx9540nHgjrcMVcSVkcNcIykAJsHVk4PJZ01o5Ycmubvw3fHvt9OKyxY2Y7CLQpVcSwgfp4KOLnUe3+88fLfMUfg3V4rVjiriivqHVKx0aMKqkW1Od6fT5nZAd6h5rMxLWDU2U++wUcc/lfRK+J2GgY+r6MmBb1qRajW8VS3ms7e/RylxzHpaU/meUTFiFxop4iCCwBn3IjgFtZWcn+8eERkQQ0wZfuz8u5Lfy0uPQoaRhoHPXtBZQEWuQd/MIGKaetHU85XRu/1HYvQ4V5+Elu12D8idTCennGv6gqIOFZBhS1CCKbPtzTmYuV9JlmbMNhQthwuxKKbZoXhI+GNDggPMxkkmhxGChj4X2NymV7u3Yqrr1FnNGTMcuBJ10+BDeNNY9KV4MZCKH//rRjUxVEgiln0EEGFTeA/WSyG8wu72maDu2OvcfoNH3KkYYJ7JqSzvZ8raVMiWSx9nkAN18xRWxWIz4wNndrk963Ol4rwxymVcXDE9/Qrz27MAZmNhrEaF4qsut7VDLxWvnrcWCIXddNPFcqgU1IQVF48U7WAGgTFDJdDEp+Q33FNIbo70koN0KLE8ot0jIqWuwBFhA5fI7NSv5cEIOueTcD2p3J2snBebQbRtsDtu8mJBunYPqcvP3YH9xiDJkdiij/g21Wtb7FY/WPP1uVt8RJu51kxTw9VZJLLQqisk1usn3kAKM+m3gQAKpbgiFmfjb3pif3nHTCi+tRAM4hGX2VWHY8F/iaTCAZpSyd34SD6OqYIzh83nchwyaMOU9QrrOIG7Vbrd923/AMBcFVaZnQB4eGNIe6fnEiet67kb6g0yxHNKyORM0+fg9INbywzT1MzjbjozvNw5JEHm49C2J/oWcyGDW13XtQXw8uvCBVEqXpz4baNng7Xzge5WwBLTlF2+hh136npAE62aHkNZyy0E3Fa1V6ludI//BcnZ4jqYEO0/w5SA9wYFT6Aun9ltRpq60VZnYc1Jr2A=,iv:kR5g0wvCQ3NGAqviN1jvqscgAYrGzHLqhooIljtJ+gg=,tag:Z+U5Wn4U5ADIxjdfI37cBA==,type:str]
tlscrypt: ENC[AES256_GCM,data:zG12fAsc9/LcxO0eGx4ytjHm07BMnf5aBHlfTtif4noCXcPAx5xunhJCOaWEoTobwOEpdgXoZzQcJa7EW6N/4kEnGzk8gfSl+BFswO6LEoqzYJb4sfy2qJJQrjUNxsI9yib+OCgb4DQ94apdvVG/dVypdMQrw+x+xg8K+hdZ5LZWdZLKKcBxHKeHoZ+lt/gJNv3BbtQP6Vy+1biWxjdHy1YfvLm+iqaJfi3/9HV8YAi/iePoY+rNNtc8GlaUp/HrHfmCFF4EBWuFr2knQ5t8bx7sHGlhdcTIyHJwNQdCUIsyVqckhxDulLM8luuGJZsiulkdK2f4NSpa6CPYZPWPHQ2BfSnugBEjbWrF2RQT3eOLAEJBS9YSV1/nvHA/lU2ymf0PBzzXhE9Ms0twecrS8Ql/qRbWSqiQNzHv/P7k5i5E8iw4zqaUtir7gpu3AkC2GxMVuQfowiruZGPi6i2YbDzgaBi5fZJAosWQHvZXnVApqFqzWXCzw4ACXlMI6MZ1rb3Ut9wEDXHGMRhhcWmHDsCO6I4/EphDfLiexYeVHKB++MLilXaUa6wXN0yGefj+NC3Am5YQRwR3rd4KrjXOrbKWELoIkyYrGWkZ5w5O5fC4Z+h8jxPjng/lNM3JAzREgKcw+0IcY5q3/bRXWGMScVm5qqc9LXozhWU9gghQOhbcb4NYFob8yczTJT8IdA6D72N4pAm+524DMjTPRiAi1KQInICeZp2mILvT5aUgTEXtj+iwyqyo+io3ffOjQdHa9HU2IrZKmoapkvEOsFHm3L63uY1T92/Han8=,iv:cjIKuwyLtXT5Wg/VzinC2Lf5EysoxsgnEsHei/+Yum8=,tag:b5LKO8urIBC7BJgyfs5kWw==,type:str]
sops:
age:
- recipient: age14cpm59h7hx8gr54hrn4uxu4xnrp9wy3f2kdxvy6xwuyxsfg8g9zs8z5e77
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB1UW8wQkY5clorYThkdDdJ
Y3BNdG1Gc0UvNUNMVVRiNk5nODQyY0ttOVJNCjZ6bUwrUzJob0RnT0l1dmxhM3Nl
ZHdrSHJqOEo2OE02b3RXdnZFT3dUcTgKLS0tIHgvNkF4YU5BWFJjOWhxeEREYysx
bnpmM0w1UjIvQU5QTy9nUTVEc3QrSEUKA00FnHXn2FsxByYBumLLSazg0byHmC3x
iYLyn9vEs/pnM6Mvvr1SWC+UglF+Xpfrx0lx1mZQsrgqk/c8JumXPA==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA1YW5Ob0RscXBCODV2d3Z0
TFVVMVQwdTZKZWZDZzNHOXZobThRZ3lyOHlZCnhWQTB5aVd5enBXYUtaYWprT1B1
ZHhndW1vcHExYlAyTXpXWEYrSjhxaUEKLS0tIDRodGpsSS9rZzlOeWMxOTRhVnBF
OHNBdXMzZTN0VEVTYkVSbUVRYmo3eUUKvRiPgmrCCK1F5QoSHlV89C2MPl5FvU5i
z61NMJu68UEDsDu8qNRaW3aqpT+1GYsr1evi5imzNwr0qTM2oRwkFQ==
-----END AGE ENCRYPTED FILE-----
- recipient: age1l3xa77vgtkl44z8re8wla2u2vhjwztat3qnqd3ypczku23xq9pwqjdy8c7
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA5QXNPaDlzRHI3ZHgxUTJp
dnRnR1FMS1laTzNyU1ZXR3ZIR093TGpNZ0RRCjhadGxCY20vWXNRYmtqRE5wUGpt
UXN5ekljVU1nSmtWNmlVT0tSN3ZrTHcKLS0tIGxvQmdrK2orUUZPcWsrbVppMEtN
TEhuRFBFQUppVjFKL3JKa0ozNmRLcTAKDrrS8mpHoQoZ54VkY+SYbjoE6AS0fLjc
uHuFCrUWqQIwfqHXGlXn7EPUweTfwQ7Od+4JeVp1GbgNLIyH5xNN1g==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2026-04-01T15:23:17Z"
mac: ENC[AES256_GCM,data:O9BC/cFOPWAKeb2k583dwrdciLkM5AUlKvBtUkbvB/wsd/sayal/59yGcZ8HwCwFLJ50iiv6GvPPFmHVkgMiXwKE/KqCQ0WGjibuBAD7nqOUMzqnsx4edVTVRluIcaSfUlmiwutSvAKDqQdun9Alg6iQDRFBZBOiX+EHiUp7UPk=,iv:iRThX2//KbKrNnbk0ONeP8964lNQvCUAtRx7E8R6rVA=,tag:9lm1ma29aprV0I8rm6hY7A==,type:str]
lastmodified: "2025-09-29T18:54:55Z"
mac: ENC[AES256_GCM,data:mju2fz9txxzB28V3JkPYdbLrrgiSLNo95urNMr5B4eWJViln0oW5VYJsrO0nVg3QKrVWg3bVo4Bhoxo2r8QBQTxSwHobjX9nWd4fBsQZ59PqhSVSG2xmza+8SX4NgovPoLeT4h475l2Y1MmFs+LFqTtjgRv3t0xjHDMle/FhXuk=,iv:RJIEdz/eni3Gmn5i49N0MgMIKqF3Z62yx615Qor7MIY=,tag:/3w1JrnOVNq8KLDO9vxhWA==,type:str]
unencrypted_suffix: _unencrypted
version: 3.12.1
version: 3.10.2

5
secrets/sopsconf.nix
View File

@@ -14,10 +14,9 @@
"/root/.ssh/nixos"
"/home/gunalx/.ssh/nixos"
];
#This is using an age key that is expected to already be in the filesystem
age.keyFile = "/var/lib/sops-nix/keys.txt";
#age.keyFile = "/root/.config/sops/age/keys.txt";
age.keyFile = "/var/lib/sops-nix/key.txt";
#age.keyFile = "/root/.config/sops/age/key.txt";
age.generateKey = true;
# This is the actual specification of the secrets.
#secrets."myservice/my_subdir/my_secret" = {};