felixalb/nixos-config
felixalb
/
nixos-config
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Upgrade to nixos-23.11 #1

Merged
felixalb merged 6 commits from nixos-23.11 into main 2023-12-18 23:41:44 +01:00
Conversation 0 Commits 6 Files Changed 16 +61 -252
16 changed files with 61 additions and 252 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
base.nix
View File

@ -48,7 +48,7 @@
ripgrep ripgrep
rsync rsync
tree tree
unstable.eza eza
wget wget
]; ];

46
flake.lock
View File

@ -7,16 +7,16 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1695108154, "lastModified": 1702676849,
"narHash": "sha256-gSg7UTVtls2yO9lKtP0yb66XBHT1Fx5qZSZbGMpSn2c=", "narHash": "sha256-XqcREaTS38/QOsN8fk8PP325/UXHyF9enbP5ZPw5aiA=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "07682fff75d41f18327a871088d20af2710d4744", "rev": "aa99c2f4e9847cbb7e46fac0844ea1eb164b3b3a",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "nix-community", "owner": "nix-community",
"ref": "release-23.05", "ref": "release-23.11",
"repo": "home-manager", "repo": "home-manager",
"type": "github" "type": "github"
} }
@ -26,11 +26,11 @@
"nixpkgs-lib": "nixpkgs-lib" "nixpkgs-lib": "nixpkgs-lib"
}, },
"locked": { "locked": {
"lastModified": 1697936579, "lastModified": 1701507532,
"narHash": "sha256-nMyepKnwoHMzu2OpXvG2ZhU081TV9ENmWCo0vWxs6AI=", "narHash": "sha256-Zzv8OFB7iilzDGe6z2t/j8qRtR23TN3N8LssGsvRWEA=",
"owner": "dali99", "owner": "dali99",
"repo": "nixos-matrix-modules", "repo": "nixos-matrix-modules",
"rev": "e09814657187c8ed1a5fe1646df6d8da1eb2dee9", "rev": "046194cdadc50d81255a9c57789381ed1153e2b1",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -46,11 +46,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1698429334, "lastModified": 1700795494,
"narHash": "sha256-Gq3+QabboczSu7RMpcy79RSLMSqnySO3wsnHQk4DfbE=", "narHash": "sha256-gzGLZSiOhf155FW7262kdHo2YDeugp3VuIFb4/GGng0=",
"owner": "lnl7", "owner": "lnl7",
"repo": "nix-darwin", "repo": "nix-darwin",
"rev": "afe83cbc2e673b1f08d32dd0f70df599678ff1e7", "rev": "4b9b83d5a92e8c1fbfd8eb27eda375908c11ec4d",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -62,16 +62,16 @@
}, },
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1698696950, "lastModified": 1702346276,
"narHash": "sha256-FHFL58t6lMumvWqwundC8fDDDLOIvc+JJBNIAlPjrDY=", "narHash": "sha256-eAQgwIWApFQ40ipeOjVSoK4TEHVd6nbSd9fApiHIw5A=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "017ef2132a5bda50bd713aeabce8f918502d4ec1", "rev": "cf28ee258fd5f9a52de6b9865cdb93a1f96d09b7",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "NixOS", "owner": "NixOS",
"ref": "nixos-23.05", "ref": "nixos-23.11",
"repo": "nixpkgs", "repo": "nixpkgs",
"type": "github" "type": "github"
} }
@ -93,11 +93,11 @@
}, },
"nixpkgs-stable": { "nixpkgs-stable": {
"locked": { "locked": {
"lastModified": 1698544399, "lastModified": 1702148972,
"narHash": "sha256-vhRmPyEyoPkrXF2iykBsWHA05MIaOSmMRLMF7Hul6+s=", "narHash": "sha256-h2jODFP6n+ABrUWcGRSVPRFfLOkM9TJ2pO+h+9JcaL0=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "d87c5d8c41c9b3b39592563242f3a448b5cc4bc9", "rev": "b8f33c044e51de6dde3ad80a9676945e0e4e3227",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -125,11 +125,11 @@
"nixpkgs-stable": "nixpkgs-stable" "nixpkgs-stable": "nixpkgs-stable"
}, },
"locked": { "locked": {
"lastModified": 1698548647, "lastModified": 1702177193,
"narHash": "sha256-7c03OjBGqnwDW0FBaBc+NjfEBxMkza+dxZGJPyIzfFE=", "narHash": "sha256-J2409SyXROoUHYXVy9h4Pj0VU8ReLuy/mzBc9iK4DBg=",
"owner": "Mic92", "owner": "Mic92",
"repo": "sops-nix", "repo": "sops-nix",
"rev": "632c3161a6cc24142c8e3f5529f5d81042571165", "rev": "d806e546f96c88cd9f7d91c1c19ebc99ba6277d9",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -140,11 +140,11 @@
}, },
"unstable": { "unstable": {
"locked": { "locked": {
"lastModified": 1698611440, "lastModified": 1702312524,
"narHash": "sha256-jPjHjrerhYDy3q9+s5EAsuhyhuknNfowY6yt6pjn9pc=", "narHash": "sha256-gkZJRDBUCpTPBvQk25G0B7vfbpEYM5s5OZqghkjZsnE=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "0cbe9f69c234a7700596e943bfae7ef27a31b735", "rev": "a9bf124c46ef298113270b1f84a164865987a91c",
"type": "github" "type": "github"
}, },
"original": { "original": {

4
flake.nix
View File

@ -2,13 +2,13 @@
description = "Felixalb System flake"; description = "Felixalb System flake";
inputs = { inputs = {
nixpkgs.url = "github:NixOS/nixpkgs/nixos-23.05"; nixpkgs.url = "github:NixOS/nixpkgs/nixos-23.11";
unstable.url = "github:NixOS/nixpkgs/nixos-unstable"; unstable.url = "github:NixOS/nixpkgs/nixos-unstable";
nix-darwin.url = "github:lnl7/nix-darwin/master"; nix-darwin.url = "github:lnl7/nix-darwin/master";
nix-darwin.inputs.nixpkgs.follows = "nixpkgs"; nix-darwin.inputs.nixpkgs.follows = "nixpkgs";
home-manager.url = "github:nix-community/home-manager/release-23.05"; home-manager.url = "github:nix-community/home-manager/release-23.11";
home-manager.inputs.nixpkgs.follows = "nixpkgs"; home-manager.inputs.nixpkgs.follows = "nixpkgs";
matrix-synapse-next.url = "github:dali99/nixos-matrix-modules"; matrix-synapse-next.url = "github:dali99/nixos-matrix-modules";

2
hosts/janeway/services/postgresql.nix
View File

@ -7,7 +7,7 @@
services.postgresqlBackup = { services.postgresqlBackup = {
enable = true; enable = true;
location = "/backup/postgresql/"; location = "/data/backup/postgresql/";
startAt = "*-*-* 03:15:00"; startAt = "*-*-* 03:15:00";
backupAll = true; backupAll = true;
}; };

28
hosts/sarek/configuration.nix
View File

@ -7,10 +7,10 @@
../../base.nix ../../base.nix
../../common/metrics-exporters.nix ../../common/metrics-exporters.nix
./services/flame.nix
./services/hedgedoc.nix
./services/nginx.nix ./services/nginx.nix
./services/postgresql.nix ./services/postgresql.nix
./services/hedgedoc.nix
./services/flame.nix
]; ];
# Boot and console is handled by proxmoxLXC. # Boot and console is handled by proxmoxLXC.
@ -30,14 +30,24 @@
}; };
sops.defaultSopsFile = ../../secrets/sarek/sarek.yaml; sops.defaultSopsFile = ../../secrets/sarek/sarek.yaml;
virtualisation.docker.enable = true;
virtualisation.oci-containers.backend = "docker";
virtualisation.podman = { # Undo https://github.com/NixOS/nixpkgs/commit/59e37267556eb917146ca3110ab7c96905b9ffbd to work on unprivileged LXC containers
enable = true; system.activationScripts.var = lib.mkForce ''
dockerCompat = true; # Make `docker` shell alias # Various log/runtime directories.
defaultNetwork.settings.dns_enabled = true; mkdir -p /var/tmp
}; chmod 1777 /var/tmp
# Empty, immutable home directory of many system accounts.
virtualisation.oci-containers.backend = "podman"; mkdir -p /var/empty
# Make sure it's really empty
${pkgs.e2fsprogs}/bin/chattr -f -i /var/empty || true
find /var/empty -mindepth 1 -delete
chmod 0555 /var/empty
chown root:root /var/empty
${pkgs.e2fsprogs}/bin/chattr -f +i /var/empty || true
'';
systemd.tmpfiles.rules = lib.mkForce [];
system.stateVersion = "23.05"; system.stateVersion = "23.05";
} }

6
hosts/sarek/services/hedgedoc.nix
View File

@ -78,7 +78,7 @@ in {
UMask = "0007"; UMask = "0007";
RestrictAddressFamilies = [ "AF_UNIX AF_INET AF_INET6" ]; RestrictAddressFamilies = [ "AF_UNIX AF_INET AF_INET6" ];
SystemCallArchitectures = "native"; SystemCallArchitectures = "native";
SystemCallFilter = "~@clock @cpu-emulation @debug @keyring @module @mount @obsolete @raw-io @reboot @setuid @swap"; # SystemCallFilter = "~@clock @cpu-emulation @debug @keyring @module @mount @obsolete @raw-io @reboot @setuid @swap";
}; };
}; };
@ -88,9 +88,7 @@ in {
ensureDatabases = [ "hedgedoc" ]; ensureDatabases = [ "hedgedoc" ];
ensureUsers = [{ ensureUsers = [{
name = "hedgedoc"; name = "hedgedoc";
ensurePermissions = { ensureDBOwnership = true;
"DATABASE \"hedgedoc\"" = "ALL PRIVILEGES";
};
}]; }];
}; };
} }

8
hosts/voyager/configuration.nix
View File

@ -11,13 +11,10 @@
./exports.nix ./exports.nix
./services/snappymail.nix ./services/snappymail.nix
#./vms.nix
./services/calibre.nix ./services/calibre.nix
./services/fancontrol.nix ./services/fancontrol.nix
./services/gitea.nix ./services/gitea.nix
./services/jellyfin.nix ./services/jellyfin.nix
./services/jupyter.nix
./services/kanidm.nix ./services/kanidm.nix
./services/metrics ./services/metrics
./services/nginx ./services/nginx
@ -26,9 +23,6 @@
./services/timemachine.nix ./services/timemachine.nix
./services/transmission.nix ./services/transmission.nix
./services/vaultwarden.nix ./services/vaultwarden.nix
# ./services/searx.nix
# ./services/code-server.nix
]; ];
networking = { networking = {
@ -84,7 +78,7 @@
) )
zfs zfs
screen screen
exa eza
]; ];
services.snappymail = { services.snappymail = {

3
hosts/voyager/services/gitea.nix
View File

@ -3,11 +3,10 @@ let
cfg = config.services.gitea; cfg = config.services.gitea;
domain = "git.feal.no"; domain = "git.feal.no";
httpPort = 3004; httpPort = 3004;
/* sshPort = 2222; */ #sshPort = 2222;
in { in {
services.gitea = { services.gitea = {
enable = true; enable = true;
package = pkgs.unstable.gitea;
appName = "felixalbs Gitea"; appName = "felixalbs Gitea";
database = { database = {
type = "postgres"; type = "postgres";

128
hosts/voyager/services/jupyter.nix
View File

@ -1,128 +0,0 @@
{ config, pkgs, lib, ... }: let
cfg = config.services.jupyter;
in {
sops.secrets."jupyter/password" = {
restartUnits = [ "jupyter.service" ];
owner = cfg.user;
group = cfg.group;
};
users.users."jupyter".group = "jupyter";
users.groups."jupyter".members = [ "nginx" ];
services.jupyter = {
enable = true;
group = "jupyter";
password = let
readFile = f: "open('${f}', 'r', encoding='utf8').read().strip()";
in
readFile config.sops.secrets."jupyter/password".path;
/* kernels = { */
/* pythonDS = let */
/* env = (pkgs.python310.withPackages (pythonPackages: with pythonPackages; [ */
/* numpy */
/* matplotlib */
/* ipykernel */
/* ])); */
/* in { */
/* displayName = "Python for data science"; */
/* argv = [ */
/* "${env.interpreter}" */
/* "-m" */
/* "ipykernel_launcher" */
/* "-f" */
/* "{connection_file}" */
/* ]; */
/* language = "python"; */
/* logo32 = "${env}/${env.sitePackages}/ipykernel/resources/logo-32x32.png"; */
/* logo64 = "${env}/${env.sitePackages}/ipykernel/resources/logo-64x64.png"; */
/* }; */
/* }; */
kernels = {
python3 = let
env = (pkgs.python3.withPackages (pythonPackages: with pythonPackages; [
ipykernel
pandas
numpy
scipy
scikit-learn
]));
in {
displayName = "Python 3 for statistics";
argv = [
"${env.interpreter}"
"-m"
"ipykernel_launcher"
"-f"
"{connection_file}"
];
language = "python";
logo32 = "${env}/${env.sitePackages}/ipykernel/resources/logo-32x32.png";
logo64 = "${env}/${env.sitePackages}/ipykernel/resources/logo-64x64.png";
};
};
};
systemd.services.jupyter = let
notebookConfig = pkgs.writeText "jupyter_config.py" ''
c.NotebookApp.notebook_dir = 'notebooks'
c.NotebookApp.open_browser = False
c.NotebookApp.password = ${cfg.password}
c.NotebookApp.password_required = True
c.NotebookApp.sock = '/run/jupyter/jupyter.sock'
c.NotebookApp.sock_mode = '0660'
c.NotebookApp.local_hostnames = ['jupyter.feal.no']
c.ConnectionFileMixin.transport = 'ipc'
${cfg.notebookConfig}
'';
in {
environment = {
JUPYTER_DATA_DIR = "$STATE_DIRECTORY/data";
JUPYTER_RUNTIME_DIR = "$RUNTIME_DIRECTORY";
};
serviceConfig = {
RuntimeDirectory = "jupyter";
StateDirectory = "jupyter";
# Hardening
CapabilityBoundingSet = "";
LockPersonality = true;
NoNewPrivileges = true;
PrivateDevices = true;
PrivateMounts = true;
PrivateTmp = true;
PrivateUsers = true;
ProtectClock = true;
ProtectHome = true;
ProtectHostname = true;
ProtectKernelLogs = true;
ProtectKernelModules = true;
ProtectKernelTunables = true;
ProtectProc = "invisible";
ProtectSystem = "strict";
RemoveIPC = true;
RestrictSUIDSGID = true;
UMask = "0007";
RestrictAddressFamilies = [ "AF_INET" "AF_INET6" "AF_UNIX" ];
SystemCallArchitectures = "native";
ExecStartPre = ''
${pkgs.coreutils}/bin/mkdir -p /var/lib/jupyter/{notebooks,data}
'';
ExecStart = lib.mkForce ''
${cfg.package}/bin/${cfg.command} --NotebookApp.config_file=${notebookConfig}
'';
};
};
services.nginx.virtualHosts."jupyter.feal.no" = {
locations."/" = {
proxyPass = "http://unix:/run/jupyter/jupyter.sock:/";
proxyWebsockets = true;
};
};
}

2
hosts/voyager/services/nginx/default.nix
View File

@ -4,6 +4,8 @@
enable = true; enable = true;
enableReload = true; enableReload = true;
clientMaxBodySize = "100m";
recommendedProxySettings = true; recommendedProxySettings = true;
recommendedTlsSettings = true; recommendedTlsSettings = true;
recommendedGzipSettings = true; recommendedGzipSettings = true;

58
hosts/voyager/services/searx.nix
View File

@ -1,58 +0,0 @@
{ config, lib, pkgs, ... }:
let
domain = "search.feal.no";
cfg = config.services.searx.settings;
in {
sops.secrets."searx/env" = {
restartUnits = [ "searx.service" ];
};
services.searx = {
enable = true;
settings = {
general = {
debug = false;
instance_name = "Taschmex Searx";
wiki_url = false;
docs_url = false;
twitter_url = false;
};
server = {
port = 8090;
bind_address = "127.0.1.2";
secret_key = "@SEARX_SECRETKEY@";
base_url = domain;
image_proxy = true;
};
outgoing = {
request_timeout = 2.0;
useragent_suffix = "searx@albrigtsen.it";
pool_connections = 100;
pool_maxsize = 10;
};
};
environmentFile = config.sops.secrets."searx/env".path;
};
services.nginx.virtualHosts.${domain} = {
locations."/".proxyPass = "http://${cfg.server.bind_address}:${toString cfg.server.port}";
/* addSSL = true; */
/* enableACME = true; */
/* listen = [ */
/* { */
/* addr = "0.0.0.0"; */
/* port = 43443; */
/* ssl = true; */
/* } */
/* { */
/* addr = "0.0.0.0"; */
/* port = 43080; */
/* } */
/* ]; */
};
networking.firewall.allowedTCPPorts = [ 43443 43080 ];
}

4
hosts/voyager/services/vaultwarden.nix
View File

@ -61,9 +61,7 @@ in {
ensureDatabases = [ "vaultwarden" ]; ensureDatabases = [ "vaultwarden" ];
ensureUsers = [{ ensureUsers = [{
name = "vaultwarden"; name = "vaultwarden";
ensurePermissions = { ensureDBOwnership = true;
"DATABASE \"vaultwarden\"" = "ALL PRIVILEGES";
};
}]; }];
}; };
} }

4
hosts/worf/home.nix
View File

@ -14,7 +14,7 @@
emacs emacs
iterm2 iterm2
spotify spotify
unstable.ripes ripes
bat bat
bottom bottom
@ -25,7 +25,7 @@
nix-index nix-index
nodejs nodejs
tldr tldr
unstable.eza eza
zellij zellij
pandoc pandoc

4
hosts/worf/yabai.nix
View File

@ -5,7 +5,7 @@ let
in { in {
services.yabai = { services.yabai = {
enable = true; enable = true;
package = pkgs.unstable.yabai; package = pkgs.yabai;
enableScriptingAddition = true; enableScriptingAddition = true;
config = { config = {
layout = "bsp"; layout = "bsp";
@ -119,7 +119,7 @@ in {
services.sketchybar = { services.sketchybar = {
enable = true; enable = true;
package = pkgs.unstable.sketchybar; package = pkgs.sketchybar;
# The config is handled outside of nix, and is placed in ~/.config/sketchybar # The config is handled outside of nix, and is placed in ~/.config/sketchybar
}; };

10
secrets/voyager/voyager.yaml
View File

@ -8,10 +8,6 @@
#ENC[AES256_GCM,data:T+pI1ogtfjo57NrOvCuhbs//,iv:mqkwAHWxqvt9XkQX0EKXQyJrK5KOCVDpva1Ok37XvKc=,tag:qrp2QeNrJSDr3ECN6cBDiA==,type:comment] #ENC[AES256_GCM,data:T+pI1ogtfjo57NrOvCuhbs//,iv:mqkwAHWxqvt9XkQX0EKXQyJrK5KOCVDpva1Ok37XvKc=,tag:qrp2QeNrJSDr3ECN6cBDiA==,type:comment]
#ENC[AES256_GCM,data:46+Qt0FRlg2tN8A=,iv:4y5C0S75gp4qFFkJ4lOMcPbftOLyzB12wApqNOFYan4=,tag:T/4zLU7d90GkzDohJd2XTg==,type:comment] #ENC[AES256_GCM,data:46+Qt0FRlg2tN8A=,iv:4y5C0S75gp4qFFkJ4lOMcPbftOLyzB12wApqNOFYan4=,tag:T/4zLU7d90GkzDohJd2XTg==,type:comment]
#ENC[AES256_GCM,data:fvJA2s0OEs7PDOr/,iv:HlO9MCqBHtz1Hm9tILlEsJ2gfgTPThmmyoCXlGyy/9Y=,tag:7L1Kl4RgAFG+WLvtk30nYQ==,type:comment] #ENC[AES256_GCM,data:fvJA2s0OEs7PDOr/,iv:HlO9MCqBHtz1Hm9tILlEsJ2gfgTPThmmyoCXlGyy/9Y=,tag:7L1Kl4RgAFG+WLvtk30nYQ==,type:comment]
hedgedoc:
env: ENC[AES256_GCM,data:QaDReiDztJhu8n+Sa2SE9XjQS+YIMvQFqY5nSXKPUBrHk3tvEzmST8ZjjthruGWdKoEDQT0phR2KV660Hza8WQNajC85slVIQK2HFXKK8xYn5qeMQj5U1m85rmSjMNg6Rdb+rCQFWiM2KRfdkiWiAzcgOvGd2ziX3oE4tTTpBs2Jy70B+eXEVqZvYajQUyQZItCPb7BUhkhv8rVbI0Q=,iv:3ZcWie2pwfvUsXhQo1Zlpbq6r85OOWASKiwzfY30BHM=,tag:NyH6w9MQPUWvue/wo8LmAg==,type:str]
searx:
env: ENC[AES256_GCM,data:5tzCZulZV+Ls0/N/WMQ4q2A5w04gmlA12AetbcX4pzn1xKDIe/0RwmuJXcq5qIof/A==,iv:/sFUtakRVNX2n1v72FGPFRQy0UK3jKbMS1Qmnrnm/tA=,tag:sxarQL61SDovipJZAd4Ozg==,type:str]
transmission: transmission:
vpncreds: ENC[AES256_GCM,data:KWm6AGlJze0Of9Nkz0moaQCAXMwylsZ+BIZR4BnbuDRbjKRMJSWCOFBSbG3esGprLhoCnYwc9mghSeoP2AQRAT++sERpxX3JTHF9QuauNmhRWb1xLsOfQAu6vsA/0dTshQr8ivhJSnEz57rasdOraovYjVsRXd7cuclajPoS4nl3+1/IrSkAlxNzx8F0PMmyOrvoPVMmqQ4PcKFfkXc1f59O2iJ19Bmt/x5yIxU=,iv:VAYlqL8Pb5J4g+W3QClrgRftYw5UofXmG9cfEsZdLr4=,tag:zJIxYaGEedFjM8IsBfnQog==,type:str] vpncreds: ENC[AES256_GCM,data:KWm6AGlJze0Of9Nkz0moaQCAXMwylsZ+BIZR4BnbuDRbjKRMJSWCOFBSbG3esGprLhoCnYwc9mghSeoP2AQRAT++sERpxX3JTHF9QuauNmhRWb1xLsOfQAu6vsA/0dTshQr8ivhJSnEz57rasdOraovYjVsRXd7cuclajPoS4nl3+1/IrSkAlxNzx8F0PMmyOrvoPVMmqQ4PcKFfkXc1f59O2iJ19Bmt/x5yIxU=,iv:VAYlqL8Pb5J4g+W3QClrgRftYw5UofXmG9cfEsZdLr4=,tag:zJIxYaGEedFjM8IsBfnQog==,type:str]
matrix: matrix:
@ -23,8 +19,6 @@ wireguard:
private: ENC[AES256_GCM,data:XF89i1/TF5CpOvixwFDNOpke0YdWQDAMbvf/jOGR7iHKzz4OJu7K33lQbObT,iv:tVGdkkUU83Ba7VxHa7AJaIHFETp2Dy72dya3FDjnPZY=,tag:h9IJVeGnK7gABbu9hWZpww==,type:str] private: ENC[AES256_GCM,data:XF89i1/TF5CpOvixwFDNOpke0YdWQDAMbvf/jOGR7iHKzz4OJu7K33lQbObT,iv:tVGdkkUU83Ba7VxHa7AJaIHFETp2Dy72dya3FDjnPZY=,tag:h9IJVeGnK7gABbu9hWZpww==,type:str]
vaultwarden: vaultwarden:
admintoken: ENC[AES256_GCM,data:mJDiu0tgJQmvmJcJMULmctJvPN6/uM9VaoigHOMFkve9Vd3IMrpDmyJq+ibLpul+hw4PlLARjRzOxdZVcX7AB+uOOOrypppOIfvYC6U=,iv:YcyYLEHeIsCchcEy+fOMiQi8Cgf24AwQDpL7fhogNEU=,tag:1SqpNvuPhfjYIjvvRV34/Q==,type:str] admintoken: ENC[AES256_GCM,data:mJDiu0tgJQmvmJcJMULmctJvPN6/uM9VaoigHOMFkve9Vd3IMrpDmyJq+ibLpul+hw4PlLARjRzOxdZVcX7AB+uOOOrypppOIfvYC6U=,iv:YcyYLEHeIsCchcEy+fOMiQi8Cgf24AwQDpL7fhogNEU=,tag:1SqpNvuPhfjYIjvvRV34/Q==,type:str]
jupyter:
password: ENC[AES256_GCM,data:MYnrNSesZn97ArnrGS6nHMnSSmDpBCk4/H6zJx1O+M8tjm2SWf25Pk1HcRzdJ5nUyPvMmoaJ0zAdptZYMiGmh2p4emaEbSOerxhEKyrFnuaS3PZRBgEUBAMQ3r0FNwUFNQ+e711t2fHD,iv:gZkwZwFJCn/oSIanNaOhpTZNG9qVvtRlO8f8KvuDR08=,tag:cXvFwQRhd24mcidMOki2Qg==,type:str]
sops: sops:
kms: [] kms: []
gcp_kms: [] gcp_kms: []
@ -58,8 +52,8 @@ sops:
NENEM2VLRDBzTWM0ckdPVThaeE0xL2MKTAvsDKgaoj0Fz9CoNbP6s1kROlDbbXtB NENEM2VLRDBzTWM0ckdPVThaeE0xL2MKTAvsDKgaoj0Fz9CoNbP6s1kROlDbbXtB
4rFRGN+WZJrBioz5nN4kR7mVFKa4w6z6Pu3D5WLyK7UQQkZJ64avdw== 4rFRGN+WZJrBioz5nN4kR7mVFKa4w6z6Pu3D5WLyK7UQQkZJ64avdw==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2023-09-18T12:45:40Z" lastmodified: "2023-12-18T22:12:35Z"
mac: ENC[AES256_GCM,data:UfB8zJR4ijFPrm9942XL1uSPCN9wGSM/eEFyT/zEgtUkS8+y8pnRcMrDHBxxgB261us4XLL7lN3gxviPtlHJ3HpoftjRanmRdmyHkeWc3XTPNWHzAsWI9psLWAYOZGympY8nOoFnhgY3WaatMhETs/xB1rIH4k2C8mU3XwsnKhw=,iv:F29buZyeDQgmdZ7BEnpUvXkKcRwIhNvpNq9TJL9pDtk=,tag:b5bh1ATX6bbcboBnpeWApQ==,type:str] mac: ENC[AES256_GCM,data:X20Xx8DdwI9K4SM85I/wWE7GjuQepeT0lWHc85Yqa5Byabs5+zcGmryPo2hOFlkhbhb6U8e6eDKAdi/w/LHPLOmsocc+1RgZfO/mCzSmLBzjphCv3nW470oQNTYIXXlCDQCpEPU7ALe4FHKbuj/cgak4kN9ubnYEOL3tQoJzxk4=,iv:1PKo2A1VUeQ6NONaLCIa70YrhC9PUPQVF1WkYg4hza8=,tag:JUuzTAjNuMiVJwPNljGowQ==,type:str]
pgp: [] pgp: []
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.7.3 version: 3.7.3

4
shells/ctf.nix
View File

@ -39,14 +39,14 @@ in { pkgs ? import <nixpkgs> {} }:
dig dig
nmap nmap
rustscan rustscan
unstable.thc-hydra thc-hydra
# davtest # davtest
# cadaver # cadaver
httpie httpie
john john
unstable.hashcat hashcat
] ++ lib.optionals (pkgs.stdenv.isLinux) [ ] ++ lib.optionals (pkgs.stdenv.isLinux) [
sage sage