diff options
| author | Dylan <boss@tehbox.org> | 2025-09-16 16:43:55 +1200 |
|---|---|---|
| committer | Dylan <boss@tehbox.org> | 2025-09-16 16:43:55 +1200 |
| commit | d1395f9e6768551967f85128ccab19d12dec4c6f (patch) | |
| tree | 804d86634796edd5e378cb05ee2fda0a71d02497 | |
| parent | c1b48e9f2bfc4ae0e48d0c8e35ad1f4a2189ec30 (diff) | |
| download | nixos-configuration-d1395f9e6768551967f85128ccab19d12dec4c6f.tar.gz nixos-configuration-d1395f9e6768551967f85128ccab19d12dec4c6f.zip | |
feat: added server configuration and setup sops-nix
| -rw-r--r-- | .sops.yaml | 9 | ||||
| -rw-r--r-- | computers/nixy.nix (renamed from configuration.nix) | 83 | ||||
| -rw-r--r-- | computers/server.nix | 169 | ||||
| -rw-r--r-- | flake.nix | 17 | ||||
| -rw-r--r-- | hardware-setups/linode.nix | 40 | ||||
| -rw-r--r-- | hardware-setups/tuf.nix (renamed from hardware-configuration.nix) | 0 | ||||
| -rw-r--r-- | home-manager/home.nix | 31 | ||||
| -rw-r--r-- | home-manager/i3/config | 3 | ||||
| -rw-r--r-- | home-manager/shells/bash.nix | 3 | ||||
| -rw-r--r-- | modules/nix.nix | 29 | ||||
| -rw-r--r-- | modules/nvidia.nix | 27 | ||||
| -rw-r--r-- | my-pkgs/adom.nix | 2 | ||||
| -rw-r--r-- | secrets/test.yaml | 35 | ||||
| -rwxr-xr-x | server-rebuild.sh | 3 |
14 files changed, 387 insertions, 64 deletions
diff --git a/.sops.yaml b/.sops.yaml new file mode 100644 index 0000000..005f00d --- /dev/null +++ b/.sops.yaml @@ -0,0 +1,9 @@ +keys: + - &nixy age1p3sw8q030a7zgawu4ccxm6sgsp88349nuxkd4kale0ruy9klypssdh7c9s + - &nixnode age1g7tzey3t2jmd79kaeukn89lgxg07tpq23w0u30lgq5z37xku0vwqcregzd +creation_rules: + - path_regex: secrets/[^/]+\.yaml$ + key_groups: + - age: + - *nixy + - *nixnode
\ No newline at end of file diff --git a/configuration.nix b/computers/nixy.nix index aa843dd..e7b7fbe 100644 --- a/configuration.nix +++ b/computers/nixy.nix @@ -3,28 +3,15 @@ # and in the NixOS manual (accessible by running ‘nixos-help’). { config, pkgs, inputs, ... }: - -let - nvidia-offload = pkgs.writeShellScriptBin "prime-run" '' -export __NV_PRIME_RENDER_OFFLOAD=1 -export __NV_PRIME_RENDER_OFFLOAD_PROVIDER=NVIDIA-G0 -export __GLX_VENDOR_LIBRARY_NAME=nvidia -export __VK_LAYER_NV_optimus=NVIDIA_only -exec "$@" -''; -in { imports = [ # Include the results of the hardware scan. - ./hardware-configuration.nix + ../hardware-setups/tuf.nix + ../modules/nix.nix + ../modules/nvidia.nix inputs.YATwm.nixosModules.default #inputs.spicetify-nix.nixosModules.default ]; - - - nix.nixPath = [ "/etc/nix/path" ]; - nix.registry.nixpkgs.flake = inputs.nixpkgs; - environment.etc."nix/path/nixpkgs".source = inputs.nixpkgs; # Use the systemd-boot EFI boot loader. boot = { @@ -44,6 +31,29 @@ in # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. networking.networkmanager.enable = true; # Easiest to use and most distros use this by default. + networking.firewall = { + allowedUDPPorts = [ 51820 ]; + }; + networking.wireguard.enable = false; + networking.wireguard.interfaces.wg0 = { + ips = [ "10.200.200.2/32" ]; + listenPort = 51820; + + privateKeyFile = "/home/boss/.wg/peer_A.key"; + + peers = [ + { + publicKey = "wQSg97FyVqWqkwMbmq1SLolf/MWlt9tIJuE5vKyDiRI="; + + allowedIPs = [ "0.0.0.0/0" ]; + + endpoint = "139.144.99.248:51820"; + + persistentKeepalive = 25; + } + ]; + }; + # Set your time zone. time.timeZone = "NZ"; @@ -59,22 +69,9 @@ in #useXkbConfig = true; # use xkbOptions in tty. }; - nixpkgs.config.allowUnfree = true; - hardware.graphics.enable = true; - hardware.nvidia.modesetting.enable = true; - hardware.nvidia.open = true; - hardware.nvidia.prime = { - offload.enable = true; - - nvidiaBusId = "PCI:1:0:0"; - intelBusId = "PCI:5:0:0"; - }; - hardware.nvidia.package = config.boot.kernelPackages.nvidiaPackages.stable; - # Enable the X11 windowing system. services.xserver = { enable = true; - videoDrivers = [ "nvidia" ]; desktopManager = { xterm.enable = false; @@ -162,31 +159,8 @@ in # List packages installed in system profile. To search, run: # $ nix search wget - nix = { - settings = { - experimental-features = [ "nix-command" "flakes" ]; - auto-optimise-store = true; - - trusted-users = [ "boss" ]; - - substituters = [ - "https://cache.nixos.org" - ]; - - # trusted-public-keys = [ - # "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=" - # ]; - }; - gc = { - automatic = true; - dates = "weekly"; - options = "--delete-older-than +5"; - }; - optimise.automatic = true; - }; environment.systemPackages = with pkgs; [ - nvidia-offload vim firefox pfetch @@ -195,9 +169,8 @@ in git ]; documentation.dev.enable = true; - + hardware.graphics.enable32Bit = true; - programs.steam = { enable = true; extraCompatPackages = with pkgs; [ @@ -232,7 +205,7 @@ in base16Scheme = "${pkgs.base16-schemes}/share/themes/material-palenight.yaml"; - image = ./wallpaper.png; + image = ../wallpaper.png; targets.grub.useImage = true; opacity = { diff --git a/computers/server.nix b/computers/server.nix new file mode 100644 index 0000000..4e66375 --- /dev/null +++ b/computers/server.nix @@ -0,0 +1,169 @@ +# Edit this configuration file to define what should be installed on +# your system. Help is available in the configuration.nix(5) man page, on +# https://search.nixos.org/options and in the NixOS manual (`nixos-help`). + +{ config, lib, pkgs, inputs, ... }: + +{ + imports = + [ # Include the results of the hardware scan. + ../hardware-setups/linode.nix + ../modules/nix.nix + inputs.STK.nixosModules.default + inputs.sops.nixosModules.sops + ]; + + # Use the GRUB 2 boot loader. + boot.loader.grub.enable = true; + # boot.loader.grub.efiSupport = true; + # boot.loader.grub.efiInstallAsRemovable = true; + # boot.loader.efi.efiSysMountPoint = "/boot/efi"; + # Define on which hard drive you want to install Grub. + # boot.loader.grub.device = "/dev/sda"; # or "nodev" for efi only + + # networking.hostName = "nixos"; # Define your hostname. + # Pick only one of the below networking options. + # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. + # networking.networkmanager.enable = true; # Easiest to use and most distros use this by default. + + # Set your time zone. + # time.timeZone = "Europe/Amsterdam"; + + # Configure network proxy if necessary + # networking.proxy.default = "http://user:password@proxy:port/"; + # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain"; + + # Select internationalisation properties. + # i18n.defaultLocale = "en_US.UTF-8"; + # console = { + # font = "Lat2-Terminus16"; + # keyMap = "us"; + # useXkbConfig = true; # use xkb.options in tty. + # }; + + # Enable the X11 windowing system. + # services.xserver.enable = true; + + security.sudo.wheelNeedsPassword = false; + + sops.defaultSopsFile = ../secrets/test.yaml; + sops.defaultSopsFormat = "yaml"; + + sops.age.keyFile = "/home/boss/.config/sops/age/keys.txt"; + + sops.secrets = { + test-value = {}; + }; + + services.httpd = { + enable = false; + virtualHosts."172.105.172.191" = { + documentRoot = "/srv/httpd"; + }; + }; + + + # Configure keymap in X11 + # services.xserver.xkb.layout = "us"; + # services.xserver.xkb.options = "eurosign:e,caps:escape"; + + # Enable CUPS to print documents. + # services.printing.enable = true; + + # Enable sound. + # services.pulseaudio.enable = true; + # OR + # services.pipewire = { + # enable = true; + # pulse.enable = true; + # }; + + # Enable touchpad support (enabled default in most desktopManager). + # services.libinput.enable = true; + + # Define a user account. Don't forget to set a password with ‘passwd’. + users.users.boss = { + isNormalUser = true; + extraGroups = [ "wheel" "networkmanager" ]; # Enable ‘sudo’ for the user. + home = "/home/boss"; + openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJOukEKExoF6vr3vciQN8pBdd4FtZtRzqIGFJrUvllOY boss@nixy" ]; + }; + + # programs.firefox.enable = true; + + # List packages installed in system profile. + # You can use https://search.nixos.org/ to find more packages (and options). + environment.systemPackages = with pkgs; [ + vim + emacs + inetutils + mtr + sysstat + git + ]; + + # Some programs need SUID wrappers, can be configured further or are + # started in user sessions. + # programs.mtr.enable = true; + # programs.gnupg.agent = { + # enable = true; + # enableSSHSupport = true; + # }; + + # List services that you want to enable: + + # Enable the OpenSSH daemon. + # services.openssh.enable = true; + services.openssh = { + enable = true; + settings.PermitRootLogin = "no"; + settings.PasswordAuthentication = false; + }; + + services.superTuxKarts = { + enable = true; + port = 2757; + serverOptions = { + server-name = "LUG STK server"; + server-mode = 0; + server-difficulty = 3; + private-server-password = "lug@uoa"; + motd = "Server for LUG@UoA\nChampionship coming soon!"; + }; + }; + + # Open ports in the firewall. + # networking.firewall.allowedTCPPorts = [ ... ]; + # networking.firewall.allowedUDPPorts = [ ... ]; + # Or disable the firewall altogether. + # networking.firewall.enable = false; + + networking.usePredictableInterfaceNames = false; + networking.useDHCP = false; + networking.interfaces.eth0.useDHCP = true; + + # Copy the NixOS configuration file and link it from the resulting system + # (/run/current-system/configuration.nix). This is useful in case you + # accidentally delete configuration.nix. + # system.copySystemConfiguration = true; + + # This option defines the first version of NixOS you have installed on this particular machine, + # and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions. + # + # Most users should NEVER change this value after the initial install, for any reason, + # even if you've upgraded your system to a new NixOS release. + # + # This value does NOT affect the Nixpkgs version your packages and OS are pulled from, + # so changing it will NOT upgrade your system - see https://nixos.org/manual/nixos/stable/#sec-upgrading for how + # to actually do that. + # + # This value being lower than the current NixOS release does NOT mean your system is + # out of date, out of support, or vulnerable. + # + # Do NOT change this value unless you have manually inspected all the changes it would make to your configuration, + # and migrated your data accordingly. + # + # For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion . + system.stateVersion = "25.05"; # Did you read the comment? + +} @@ -21,6 +21,10 @@ url = "git+file:///home/boss/Documents/Coding/WM/YATwm"; inputs.nixpkgs.follows = "nixpkgs"; }; + STK = { + url = "git+file:///home/boss/stk"; + inputs.nixpkgs.follows = "nixpkgs"; + }; # hyprland = { # url = "github:hyprwm/Hyprland"; # inputs.nixpkgs.follows = "nixpkgs"; @@ -45,6 +49,10 @@ url = "github:kaylorben/nixcord"; inputs.nixpkgs.follows = "nixpkgs"; }; + sops = { + url = "github:Mic92/sops-nix"; + inputs.nixpkgs.follows = "nixpkgs"; + }; }; outputs = inputs@{ nixpkgs, ... }: { @@ -55,7 +63,7 @@ modules = [ (import ./my-pkgs) - ./configuration.nix + ./computers/nixy.nix inputs.home-manager.nixosModules.home-manager { @@ -69,6 +77,13 @@ inputs.stylix.nixosModules.stylix ]; }; + nixos = nixpkgs.lib.nixosSystem { + system = "x86_64-linux"; + specialArgs = {inherit inputs;}; + modules = [ + ./computers/server.nix + ]; + }; }; }; } diff --git a/hardware-setups/linode.nix b/hardware-setups/linode.nix new file mode 100644 index 0000000..d952ae5 --- /dev/null +++ b/hardware-setups/linode.nix @@ -0,0 +1,40 @@ +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ (modulesPath + "/profiles/qemu-guest.nix") + ]; + + boot.initrd.availableKernelModules = [ "virtio_pci" "virtio_scsi" "ahci" "sd_mod" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ ]; + boot.extraModulePackages = [ ]; + + boot.kernelParams = [ "console=ttyS0,19200n8" ]; + boot.loader.grub.extraConfig = '' + serial --speed=19200 --unit=0 --word=8 --parity=no --stop=1; + terminal_input serial; + terminal_output serial + ''; + boot.loader.grub.forceInstall = true; + boot.loader.grub.device = "nodev"; + boot.loader.timeout = 10; + + fileSystems."/" = + { device = "/dev/sda"; + fsType = "ext4"; + }; + + swapDevices = + [ { device = "/dev/sdb"; } + ]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.enp0s5.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; +} diff --git a/hardware-configuration.nix b/hardware-setups/tuf.nix index a400a7d..a400a7d 100644 --- a/hardware-configuration.nix +++ b/hardware-setups/tuf.nix diff --git a/home-manager/home.nix b/home-manager/home.nix index fe27af0..9f468a6 100644 --- a/home-manager/home.nix +++ b/home-manager/home.nix @@ -24,7 +24,7 @@ home.packages = with pkgs; [ feh pass - #spotify + spotify playerctl libqalculate libreoffice @@ -40,7 +40,6 @@ mumble gimp bottom - obs-studio xfce.thunar mpv man-pages @@ -64,12 +63,16 @@ wireguard-tools brightnessctl inputs.nil.packages.${system}.default - inputs.polymc.packages.${system}.default + #inputs.polymc.packages.${system}.default jre8 - inputs.zen-browser.packages."${system}".default + #inputs.zen-browser.packages."${system}".default piper qbittorrent - adom + sbcl + superTuxKart + typst + sops + #adom ]; nix = { @@ -103,6 +106,22 @@ }; }; }; + + programs.obs-studio = { + enable = true; + + # optional Nvidia hardware acceleration + package = ( + pkgs.obs-studio.override { + cudaSupport = true; + } + ); + + plugins = with pkgs.obs-studio-plugins; [ + obs-pipewire-audio-capture + input-overlay + ]; + }; programs.firefox.enable = true; @@ -121,7 +140,7 @@ spicePkgs = inputs.spicetify-nix.legacyPackages.${pkgs.system}; in { - enable = true; + enable = false; enabledExtensions = with spicePkgs.extensions; [ fullAppDisplay powerBar diff --git a/home-manager/i3/config b/home-manager/i3/config index acfd0d0..59116ba 100644 --- a/home-manager/i3/config +++ b/home-manager/i3/config @@ -94,6 +94,7 @@ bindsym $mod+x exec --no-startup-id "loginctl lock-session" bindsym $mod+Shift+x exec --no-startup-id "loginctl lock-session; systemctl suspend" # bindsym $mod+Shift+c exec --no-startup-id "~/.i3_commands/open-qb.sh" bindsym $mod+c exec --no-startup-id "firefox" +bindsym $mod+Shift+c exec --no-startup-id "nyxt" bindsym $mod+Shift+minus exec --no-startup-id "emacsclient -c" bindsym XF86MonBrightnessUp exec --no-startup-id brightnessctl s +5 @@ -120,7 +121,7 @@ floating_modifier $mod bindsym $mod+Return exec --no-startup-id kitty # Start emacs with vterm -bindsym $mod+Shift+Return exec --no-startup-id "emacsclient -c --eval '(start-terminal)'" +bindsym $mod+Shift+Return exec --no-startup-id "emacsclient -c --eval '(multi-vterm)'" # kill focused window bindsym $mod+Shift+q kill diff --git a/home-manager/shells/bash.nix b/home-manager/shells/bash.nix index a902af3..cd5f51d 100644 --- a/home-manager/shells/bash.nix +++ b/home-manager/shells/bash.nix @@ -60,8 +60,11 @@ __prompt_command() { ls = "lsd"; la = "lsd -a"; ll = "lsd -al"; + tree = "lsd --tree"; pathfindsaver = "while sleep 1; do pathfind -f; done"; qalc = "qalc -s 'varunits 0' -s 'angle 2'"; + + flake-rebuild = "nixos-rebuild switch --flake ~/nixos-configuration"; }; }; diff --git a/modules/nix.nix b/modules/nix.nix new file mode 100644 index 0000000..2c4ef83 --- /dev/null +++ b/modules/nix.nix @@ -0,0 +1,29 @@ +{ inputs, ... }: +{ + nix.nixPath = [ "/etc/nix/path" ]; + nix.registry.nixpkgs.flake = inputs.nixpkgs; + environment.etc."nix/path/nixpkgs".source = inputs.nixpkgs; + + nix = { + settings = { + experimental-features = [ "nix-command" "flakes" ]; + auto-optimise-store = true; + + trusted-users = [ "boss" ]; + + substituters = [ + "https://cache.nixos.org" + ]; + + # trusted-public-keys = [ + # "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=" + # ]; + }; + gc = { + automatic = true; + dates = "weekly"; + options = "--delete-older-than +7"; + }; + optimise.automatic = true; + }; +} diff --git a/modules/nvidia.nix b/modules/nvidia.nix new file mode 100644 index 0000000..ba71df9 --- /dev/null +++ b/modules/nvidia.nix @@ -0,0 +1,27 @@ +{ config, pkgs, inputs, ... }: +let + nvidia-offload = pkgs.writeShellScriptBin "prime-run" '' +export __NV_PRIME_RENDER_OFFLOAD=1 +export __NV_PRIME_RENDER_OFFLOAD_PROVIDER=NVIDIA-G0 +export __GLX_VENDOR_LIBRARY_NAME=nvidia +export __VK_LAYER_NV_optimus=NVIDIA_only +exec "$@" +''; +in +{ + nixpkgs.config.allowUnfree = true; + hardware.graphics.enable = true; + hardware.nvidia.modesetting.enable = true; + hardware.nvidia.open = true; + hardware.nvidia.prime = { + offload.enable = true; + + nvidiaBusId = "PCI:1:0:0"; + intelBusId = "PCI:5:0:0"; + }; + hardware.nvidia.package = config.boot.kernelPackages.nvidiaPackages.stable; + + services.xserver.videoDrivers = [ "nvidia" ]; + + environment.systemPackages = [ nvidia-offload ]; +} diff --git a/my-pkgs/adom.nix b/my-pkgs/adom.nix index 25d2dae..e91842a 100644 --- a/my-pkgs/adom.nix +++ b/my-pkgs/adom.nix @@ -28,7 +28,7 @@ stdenv.mkDerivation rec { sourceRoot = "adom"; installPhase = let desktopEntry = makeDesktopItem { name = "adom"; - desktopName = "Adom"; + desktopName = "ADOM"; exec = "OUT_DIR/bin/adom"; #path = "OUT_DIR/share"; }; in '' diff --git a/secrets/test.yaml b/secrets/test.yaml new file mode 100644 index 0000000..642eefb --- /dev/null +++ b/secrets/test.yaml @@ -0,0 +1,35 @@ +hello: ENC[AES256_GCM,data:+/HfdCFoRsNydVWi5fGbtPShVi/XKnyx5LZiFkp7D6WGPkG4yEVpOiXsC2wAHQ==,iv:Y/vcsF+qFMvDfNA1vTymu3ToMVIYHP2OW22WKU6GOWM=,tag:0slxbzpbGac3uL0kqR5+lQ==,type:str] +example_key: ENC[AES256_GCM,data:EbXQZk7OkrK+83omfg==,iv:+Nn42ROgLy3LE0oEbx8QbuT7Hlujzu7Iz9Stu1pO+o4=,tag:Xek6+n2ZCs1uwVItvFdguQ==,type:str] +#ENC[AES256_GCM,data:T4zHJT8qQUWXnXbxULy97A==,iv:UOC0JThZIE5QaNBpuEd3AsZ8C/ztXN04aa42HuWA5MM=,tag:cWP9iincPkR/EaMrzH/IxQ==,type:comment] +example_array: + - ENC[AES256_GCM,data:bwA20gQpwNoLdN9q2eg=,iv:pkaMt+6AEKfZNRwIfaoRnrk6lqyYHVp9jq9nXgKnDdM=,tag:N4RLJ06fpvCJBZoowBMQQA==,type:str] + - ENC[AES256_GCM,data:a8etS77qQhrrpZuJzzQ=,iv:vHWFkqzJAdgRDCwrzDzNjU/UtM71QgFcsz9gVXoMP0k=,tag:tZZB3ieUXFP/WWegyXTQ1w==,type:str] +example_number: ENC[AES256_GCM,data:UE2bIlOI3WTZVg==,iv:j18MAwIC4Zf26HscNOoEbbc5IjhrsDx+hj7Re36JOrU=,tag:5s/918XsYuQJzqtP63/bvQ==,type:float] +example_booleans: + - ENC[AES256_GCM,data:oYjGew==,iv:3n5b4dxrYB5Oa5MTkUHQIDX+fFCI31c8RFFeWKcD+rE=,tag:VvfWpx7obTnR2bqlHNLKsg==,type:bool] + - ENC[AES256_GCM,data:CDBenE0=,iv:G5p3Q2Y7kcI27Oey3NUAd8hX7vomrZN+bJrr/IezuaQ=,tag:bQJEziJF/NrOerpdSQ3XcA==,type:bool] +test-value: ENC[AES256_GCM,data:hd+HuQ==,iv:OUo3H+2dcDYq2RNPVGRIOPW0oMSwCCEroFr/CR5oIao=,tag:HWW0+kIcujMyLrsy7K4l8Q==,type:str] +sops: + age: + - recipient: age1p3sw8q030a7zgawu4ccxm6sgsp88349nuxkd4kale0ruy9klypssdh7c9s + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBjOGlrYjdvWSttMlRadThB + S0JvZXo5SStVMEtpMnl5SVo1cllHNlNqZWhJCi81eVk3Z1dINTJ1aWxkNHEzUzVX + aVVoOVQ1bVd6eEdqL2RKcXZ5MlJPdjQKLS0tIHkwZEZhRFBwS0pMNmVCdEZNcDhI + Skk1YlZpQUppN1FsbXVoc3BVUTFiSVEKyuw+u2ZkGb+4n0oLdn7IPwE8kXZmByEk + 1JPZOWtOeoHMDOlkKNw98JEW9TQAdlnO0riKHFNHpQ80mhzjeE7YXw== + -----END AGE ENCRYPTED FILE----- + - recipient: age1g7tzey3t2jmd79kaeukn89lgxg07tpq23w0u30lgq5z37xku0vwqcregzd + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQVE1MdUR2SkE1VHlkSDNW + VE5Nb1VVdkE3WTRBK29PeHN6UGJsWnFKVHpzCm1XVHZFM2V1WHJJNnRGRTBVbFFk + ZERCWmJYR0sreEpvelIzaHZqYktKbkkKLS0tIEpEN29jeVNBZXdzYUh3M1VwQkdK + ZFlBZllvWFhGdEtIVlNqZ3dnM0hkWTAKIniBn7mPe+rLJE5Pce6bIW2AjeDdVkPh + tMybfEWdIwkYdqJ3yTcW/WlxX5Vel702V8wD7vUr44BCPbCAPQyvgQ== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2025-09-16T04:34:31Z" + mac: ENC[AES256_GCM,data:qHK/wyZSzufZlBmhY7pGMfi8C1wyhBB0o3oVm22ouhDxIdC26Cbhy1mMgw+Uu3ej4eiyh/CihqMd6BAx/apgdmFZoc579/M0O/FoKoCQPr7KjaPD/z23Xclb9G82ep5U5tRcg9lKnRVugKhTZD2eK7Z4/vU25M8k8B53zkmKnz8=,iv:qZDsnbrY7purFEmfPtD8Bee6dA3FtO+hqfoYDBa3LFs=,tag:LXORKqvIayN7hAHVf8BYhg==,type:str] + unencrypted_suffix: _unencrypted + version: 3.10.2 diff --git a/server-rebuild.sh b/server-rebuild.sh new file mode 100755 index 0000000..8bda048 --- /dev/null +++ b/server-rebuild.sh @@ -0,0 +1,3 @@ +#!/usr/bin/env bash + +nixos-rebuild switch --use-remote-sudo --target-host 172.105.172.191 --flake ".#nixos" -j $(nproc) |