diff --git a/darwin/packages/homebrew.nix b/darwin/packages/homebrew.nix index f841549..07fbe81 100644 --- a/darwin/packages/homebrew.nix +++ b/darwin/packages/homebrew.nix @@ -24,8 +24,6 @@ "librewolf" "google-chrome" - "steam" - "activate" # koekeishiya/formulae ]; taps = [ diff --git a/darwin/default.nix b/darwin/presets/desktop.nix similarity index 100% rename from darwin/default.nix rename to darwin/presets/desktop.nix diff --git a/darwin/presets/desktop/gaming.nix b/darwin/presets/desktop/gaming.nix new file mode 100644 index 0000000..bd67d73 --- /dev/null +++ b/darwin/presets/desktop/gaming.nix @@ -0,0 +1,7 @@ +{ ... }: + +{ + homebrew.casks = [ + "steam" + ]; +} \ No newline at end of file diff --git a/flake.nix b/flake.nix index 1bc0fda..4cdd264 100755 --- a/flake.nix +++ b/flake.nix @@ -168,12 +168,22 @@ system = "x86_64-linux"; specialArgs = { inherit inputs; }; modules = [ - ./nixos/presets/gaming.nix # OS-specific (with presets) - ./users/guanranwang/nixos/presets/gaming.nix # User-specific (with presets) - ./machines/nixos/81fw-lenovo-legion-y7000 # Hardware-specific - ./machines/nixos/81fw-lenovo-legion-y7000/machine-1 # Machine-specific + ./nixos/presets/desktop.nix # OS preset + ./nixos/presets/core/no-bootloader-menu.nix # Addtional, opt-in OS preset(s) + ./nixos/presets/desktop/gaming.nix + ./nixos/presets/desktop/virtualbox.nix + ./nixos/presets/desktop/wayland.nix + + ./users/guanranwang/nixos/presets/desktop.nix # User preset + ./users/guanranwang/nixos/presets/core/clash-meta-client.nix # Addtional, opt-in user preset(s) + + ./machines/nixos/81fw-lenovo-legion-y7000 # Hardware + ./machines/nixos/81fw-lenovo-legion-y7000/machine-1 # Machine { + # extra home-manager stuff + home-manager.users.guanranwang = import ./users/guanranwang/home-manager/nixos/presets/desktop/gaming.nix; + networking.hostName = "81FW-NixOS"; # Hostname time.timeZone = "Asia/Shanghai"; # Timezone } @@ -188,11 +198,14 @@ system = "x86_64-darwin"; specialArgs = { inherit inputs; }; modules = [ - ./darwin - ./users/guanranwang/darwin/presets/desktop.nix - ./machines/darwin/imac-2017 + ./darwin/presets/desktop.nix # OS preset + ./users/guanranwang/darwin/presets/desktop.nix # User preset + ./users/guanranwang/darwin/presets/core/proxy.nix # Addtional user preset(s) + ./machines/darwin/imac-2017 # Hardware { + #home-manager.users.guanranwang = import ./users/guanranwang/home-manager/darwin/presets/desktop/gaming.nix; + networking.hostName = "iMac-macOS"; time.timeZone = "Asia/Shanghai"; } diff --git a/nixos/boot/boot.nix b/nixos/boot/boot.nix index a4555e5..8edeeba 100755 --- a/nixos/boot/boot.nix +++ b/nixos/boot/boot.nix @@ -1,11 +1,9 @@ { lib, ... }: { - # NOTE: secureboot enabled in flake.nix boot = { consoleLogLevel = lib.mkDefault 3; loader = { - timeout = 0; efi.canTouchEfiVariables = true; systemd-boot = { enable = lib.mkDefault true; # mkDefault for Lanzaboote diff --git a/nixos/boot/default.nix b/nixos/boot/default.nix index d9a3ad0..ef6a739 100644 --- a/nixos/boot/default.nix +++ b/nixos/boot/default.nix @@ -3,7 +3,6 @@ { imports = [ ./boot.nix - ./kernel.nix ./plymouth.nix ./sysctl.nix ]; diff --git a/nixos/boot/kernel.nix b/nixos/boot/kernel.nix deleted file mode 100644 index 9eb2f0b..0000000 --- a/nixos/boot/kernel.nix +++ /dev/null @@ -1,9 +0,0 @@ -{ pkgs, ... }: - -{ - boot = { - #kernelPackages = pkgs.linuxPackages_latest; # latest linux kernel - kernelPackages = pkgs.linuxPackages_zen; # latest linux-zen kernel - #kernelPackages = pkgs.linuxKernel.Packages.linux_6_1; # linux 6.1 LTS kernel - }; -} diff --git a/nixos/networking/default.nix b/nixos/networking/default.nix index 55ef10d..7d071ef 100755 --- a/nixos/networking/default.nix +++ b/nixos/networking/default.nix @@ -2,11 +2,8 @@ { imports = [ - ./dns - ./network-manager - - ./dhcp.nix + ./dns.nix ./firewall.nix - ./proxy.nix + ./iwd.nix ]; } diff --git a/nixos/networking/dhcp.nix b/nixos/networking/dhcp.nix deleted file mode 100644 index dd5cc8c..0000000 --- a/nixos/networking/dhcp.nix +++ /dev/null @@ -1,5 +0,0 @@ -{ ... }: - -{ - #networking.useDHCP = false; -} \ No newline at end of file diff --git a/nixos/networking/dns.nix b/nixos/networking/dns.nix new file mode 100644 index 0000000..cb1ccae --- /dev/null +++ b/nixos/networking/dns.nix @@ -0,0 +1,11 @@ +{ ... }: + +{ + networking.nameservers = [ + ### Google DNS + "8.8.8.8" + "8.8.4.4" + "2001:4860:4860::8888" + "2001:4860:4860::8844" + ]; +} \ No newline at end of file diff --git a/nixos/networking/dns/default.nix b/nixos/networking/dns/default.nix deleted file mode 100644 index 06e1f2a..0000000 --- a/nixos/networking/dns/default.nix +++ /dev/null @@ -1,8 +0,0 @@ -{ ... }: - -{ - imports = [ - ./dns.nix - #./systemd-resolved.nix # Returns NXDOMAIN in China Mainland, will investegate... - ]; -} \ No newline at end of file diff --git a/nixos/networking/dns/dns.nix b/nixos/networking/dns/dns.nix deleted file mode 100644 index 8f4c315..0000000 --- a/nixos/networking/dns/dns.nix +++ /dev/null @@ -1,16 +0,0 @@ -{ ... }: - -{ - networking = { - nameservers = [ - "223.5.5.5" - "223.6.6.6" - "2400:3200::1" - "2400:3200:baba::1" - #"223.5.5.5#dns.alidns.com" - #"223.6.6.6#dns.alidns.com" - #"2400:3200::1#dns.alidns.com" - #"2400:3200:baba::1#dns.alidns.com" - ]; - }; -} \ No newline at end of file diff --git a/nixos/networking/dns/systemd-resolved.nix b/nixos/networking/dns/systemd-resolved.nix deleted file mode 100644 index f2c4455..0000000 --- a/nixos/networking/dns/systemd-resolved.nix +++ /dev/null @@ -1,12 +0,0 @@ -{ ... }: - -{ - networking.networkmanager.dns = "systemd-resolved"; - services.resolved = { - enable = true; - dnssec = "true"; - domains = [ "~." ]; - fallbackDns = [ "8.8.8.8#dns.google" "8.8.4.4#dns.google" "2001:4860:4860::8888#dns.google" "2001:4860:4860::8844#dns.google" ]; - extraConfig = "DNSOverTLS=yes"; - }; -} \ No newline at end of file diff --git a/nixos/networking/iwd.nix b/nixos/networking/iwd.nix new file mode 100644 index 0000000..0c71a97 --- /dev/null +++ b/nixos/networking/iwd.nix @@ -0,0 +1,5 @@ +{ lib, ... }: + +{ + networking.wireless.iwd.enable = lib.mkDefault true; +} \ No newline at end of file diff --git a/nixos/networking/network-manager/default.nix b/nixos/networking/network-manager/default.nix deleted file mode 100644 index fb517df..0000000 --- a/nixos/networking/network-manager/default.nix +++ /dev/null @@ -1,8 +0,0 @@ -{ ... }: - -{ - imports = [ - #./networkmanager.nix - ./iwd.nix - ]; -} \ No newline at end of file diff --git a/nixos/networking/network-manager/iwd.nix b/nixos/networking/network-manager/iwd.nix deleted file mode 100644 index 4edf114..0000000 --- a/nixos/networking/network-manager/iwd.nix +++ /dev/null @@ -1,8 +0,0 @@ -{ ... }: - -{ - networking = { - wireless.iwd.enable = true; - networkmanager.wifi.backend = "iwd"; - }; -} \ No newline at end of file diff --git a/nixos/networking/network-manager/networkmanager.nix b/nixos/networking/network-manager/networkmanager.nix deleted file mode 100644 index 36703ff..0000000 --- a/nixos/networking/network-manager/networkmanager.nix +++ /dev/null @@ -1,9 +0,0 @@ -{ ... }: - -{ - networking.networkmanager = { - enable = true; - #ethernet.macAddress = "random"; - #wifi.macAddress = "random"; - }; -} diff --git a/nixos/packages/default.nix b/nixos/packages/default.nix index 20420dc..bc956fd 100755 --- a/nixos/packages/default.nix +++ b/nixos/packages/default.nix @@ -2,8 +2,9 @@ { imports = [ - ./hardware.nix + ./hardware.nix # TODO: move this somewhere else? + # TODO: should this be considered user-specific? ./overlays ./unfree ]; diff --git a/nixos/packages/graphical/default.nix b/nixos/packages/graphical/default.nix index da18b40..6e39350 100755 --- a/nixos/packages/graphical/default.nix +++ b/nixos/packages/graphical/default.nix @@ -4,7 +4,6 @@ imports = [ ./display-server - #./flatpak.nix ./fonts.nix ./gnome-keyring.nix ./graphical.nix diff --git a/nixos/packages/graphical/display-server/default.nix b/nixos/packages/graphical/display-server/default.nix index 52088ad..998c888 100644 --- a/nixos/packages/graphical/display-server/default.nix +++ b/nixos/packages/graphical/display-server/default.nix @@ -4,6 +4,5 @@ imports = [ ./display-server.nix ./input.nix - ./wayland.nix ]; } diff --git a/nixos/presets/core.nix b/nixos/presets/core.nix index fc57919..f333ba9 100755 --- a/nixos/presets/core.nix +++ b/nixos/presets/core.nix @@ -59,10 +59,10 @@ # i want to run it manually #beesd.filesystems = { # root = { - # spec = "UUID=6288ce7a-a153-4302-a4de-5dc71f58da79"; + # spec = "UUID=3e10ff73-e1f7-4b39-88f5-7f31dcc8f38c"; # hashTableSizeMB = 2048; # verbosity = "crit"; - # extraOptions = [ "--loadavg-target" "5.0" ]; + # #extraOptions = [ "--loadavg-target" "5.0" ]; # }; #}; }; diff --git a/nixos/presets/core/legacy-boot.nix b/nixos/presets/core/legacy-boot.nix new file mode 100755 index 0000000..99510a8 --- /dev/null +++ b/nixos/presets/core/legacy-boot.nix @@ -0,0 +1,9 @@ +{ ... }: + +{ + boot.loader = { + grub.enable = true; + grub.device = "/dev/vda"; # or "nodev" for efi only + systemd-boot.enable = false; + }; +} diff --git a/nixos/presets/core/networkmanager-iwd.nix b/nixos/presets/core/networkmanager-iwd.nix new file mode 100644 index 0000000..114dedd --- /dev/null +++ b/nixos/presets/core/networkmanager-iwd.nix @@ -0,0 +1,10 @@ +{ ... }: + +{ + networking.networkmanager = { + enable = true; + wifi.backend = "iwd"; + ethernet.macAddress = "random"; + wifi.macAddress = "random"; + }; +} diff --git a/nixos/presets/core/networkmanager.nix b/nixos/presets/core/networkmanager.nix new file mode 100644 index 0000000..cfdf2d4 --- /dev/null +++ b/nixos/presets/core/networkmanager.nix @@ -0,0 +1,12 @@ +{ ... }: + +{ + networking = { + networkmanager = { + enable = true; + ethernet.macAddress = "random"; + wifi.macAddress = "random"; + }; + wireless.iwd.enable = false; + }; +} diff --git a/nixos/presets/core/no-bootloader-menu.nix b/nixos/presets/core/no-bootloader-menu.nix new file mode 100644 index 0000000..417db06 --- /dev/null +++ b/nixos/presets/core/no-bootloader-menu.nix @@ -0,0 +1,5 @@ +{ ... }: + +{ + boot.loader.timeout = 0; +} \ No newline at end of file diff --git a/nixos/presets/core/systemd-resolved.nix b/nixos/presets/core/systemd-resolved.nix new file mode 100644 index 0000000..4fbceb4 --- /dev/null +++ b/nixos/presets/core/systemd-resolved.nix @@ -0,0 +1,20 @@ +{ ... }: + +{ + ### systemd-resolved + services.resolved = { + enable = true; + dnssec = "true"; + domains = [ "~." ]; + fallbackDns = [ + "8.8.8.8#dns.google" + "8.8.4.4#dns.google" + "2001:4860:4860::8888#dns.google" + "2001:4860:4860::8844#dns.google" + ]; + extraConfig = "DNSOverTLS=yes"; + }; + + ### NetworkManager integration + networking.networkmanager.dns = "systemd-resolved"; +} \ No newline at end of file diff --git a/nixos/presets/desktop.nix b/nixos/presets/desktop.nix index 1dbddfc..267a49c 100644 --- a/nixos/presets/desktop.nix +++ b/nixos/presets/desktop.nix @@ -1,8 +1,10 @@ -{ ... }: +{ pkgs, ... }: { imports = [ ./core.nix ../packages/graphical ]; + + boot.kernelPackages = pkgs.linuxPackages_zen; } \ No newline at end of file diff --git a/nixos/packages/graphical/flatpak.nix b/nixos/presets/desktop/flatpak.nix similarity index 100% rename from nixos/packages/graphical/flatpak.nix rename to nixos/presets/desktop/flatpak.nix diff --git a/nixos/presets/gaming.nix b/nixos/presets/desktop/gaming.nix similarity index 90% rename from nixos/presets/gaming.nix rename to nixos/presets/desktop/gaming.nix index fffeeff..911d8eb 100644 --- a/nixos/presets/gaming.nix +++ b/nixos/presets/desktop/gaming.nix @@ -1,9 +1,6 @@ { pkgs, ... }: { - imports = [ - ./desktop.nix - ]; programs.gamemode = { enable = true; settings.custom = { diff --git a/nixos/presets/desktop/virtualbox.nix b/nixos/presets/desktop/virtualbox.nix new file mode 100644 index 0000000..659f669 --- /dev/null +++ b/nixos/presets/desktop/virtualbox.nix @@ -0,0 +1,5 @@ +{ ... }: + +{ + virtualisation.virtualbox.host.enable = true; +} \ No newline at end of file diff --git a/nixos/packages/graphical/display-server/wayland.nix b/nixos/presets/desktop/wayland.nix similarity index 100% rename from nixos/packages/graphical/display-server/wayland.nix rename to nixos/presets/desktop/wayland.nix diff --git a/users/guanranwang/darwin/presets/core.nix b/users/guanranwang/darwin/presets/core.nix new file mode 100644 index 0000000..9867e55 --- /dev/null +++ b/users/guanranwang/darwin/presets/core.nix @@ -0,0 +1,14 @@ +{ pkgs, ... }: + +{ + users = { + knownUsers = [ "guanranwang" ]; + users."guanranwang" = { + createHome = true; + description = "Guanran Wang"; + home = "/Users/guanranwang"; + shell = pkgs.fish; + uid = 501; + }; + }; +} \ No newline at end of file diff --git a/darwin/networking/proxy.nix b/users/guanranwang/darwin/presets/core/proxy.nix similarity index 84% rename from darwin/networking/proxy.nix rename to users/guanranwang/darwin/presets/core/proxy.nix index 6aa007c..8175a15 100644 --- a/darwin/networking/proxy.nix +++ b/users/guanranwang/darwin/presets/core/proxy.nix @@ -10,8 +10,6 @@ # { - #environment.systemPackages = with pkgs; [ clash-meta ]; - # do i even need to add it to environment.systemPackages... launchd.daemons."clash-meta" = { command = "${pkgs.clash-meta}/bin/clash-meta -d /etc/clash-meta"; }; diff --git a/users/guanranwang/darwin/presets/desktop.nix b/users/guanranwang/darwin/presets/desktop.nix index f17169b..a9f86bc 100644 --- a/users/guanranwang/darwin/presets/desktop.nix +++ b/users/guanranwang/darwin/presets/desktop.nix @@ -1,19 +1,10 @@ -{ pkgs, ... }: +{ ... }: { - users = { - knownUsers = [ "guanranwang" ]; - users."guanranwang" = { - createHome = true; - description = "Guanran Wang"; - home = "/Users/guanranwang"; - shell = pkgs.fish; - uid = 501; - }; - }; - - # Flakes imports = [ + ./core + + ### Flakes ../../../../flakes/darwin/home-manager.nix ]; ### home-manager diff --git a/users/guanranwang/darwin/presets/gaming.nix b/users/guanranwang/darwin/presets/gaming.nix deleted file mode 100644 index 425f609..0000000 --- a/users/guanranwang/darwin/presets/gaming.nix +++ /dev/null @@ -1,9 +0,0 @@ -{ ... }: - -{ - imports = [ - ./desktop.nix - ]; - ### home-manager - home-manager.users.guanranwang = import ../../home-manager/darwin/presets/gaming.nix; # NOTE: using flakes -} \ No newline at end of file diff --git a/users/guanranwang/home-manager/darwin/presets/gaming.nix b/users/guanranwang/home-manager/darwin/presets/desktop/gaming.nix similarity index 65% rename from users/guanranwang/home-manager/darwin/presets/gaming.nix rename to users/guanranwang/home-manager/darwin/presets/desktop/gaming.nix index 5968c16..20bf459 100644 --- a/users/guanranwang/home-manager/darwin/presets/gaming.nix +++ b/users/guanranwang/home-manager/darwin/presets/desktop/gaming.nix @@ -1,10 +1,6 @@ { pkgs, ... }: { - imports = [ - ./desktop.nix - ]; - home.packages = with pkgs; [ prismlauncher ]; diff --git a/users/guanranwang/home-manager/nixos/presets/gaming.nix b/users/guanranwang/home-manager/nixos/presets/desktop/gaming.nix similarity index 86% rename from users/guanranwang/home-manager/nixos/presets/gaming.nix rename to users/guanranwang/home-manager/nixos/presets/desktop/gaming.nix index 8cbf30f..9d24915 100644 --- a/users/guanranwang/home-manager/nixos/presets/gaming.nix +++ b/users/guanranwang/home-manager/nixos/presets/desktop/gaming.nix @@ -1,10 +1,6 @@ { pkgs, ... }: { - imports = [ - ./desktop.nix - ]; - home.packages = with pkgs; [ steam #lunar-client diff --git a/users/guanranwang/nixos/networking/default.nix b/users/guanranwang/nixos/networking/default.nix new file mode 100644 index 0000000..0bbacfc --- /dev/null +++ b/users/guanranwang/nixos/networking/default.nix @@ -0,0 +1,7 @@ +{ ... }: + +{ + imports = [ + ./dns.nix + ]; +} \ No newline at end of file diff --git a/users/guanranwang/nixos/networking/dns.nix b/users/guanranwang/nixos/networking/dns.nix new file mode 100644 index 0000000..5ff1976 --- /dev/null +++ b/users/guanranwang/nixos/networking/dns.nix @@ -0,0 +1,11 @@ +{ lib, ... }: + +{ + networking.nameservers = lib.mkForce [ + ### AliDNS + "223.5.5.5" + "223.6.6.6" + "2400:3200::1" + "2400:3200:baba::1" + ]; +} \ No newline at end of file diff --git a/users/guanranwang/nixos/presets/core.nix b/users/guanranwang/nixos/presets/core.nix new file mode 100644 index 0000000..e90d762 --- /dev/null +++ b/users/guanranwang/nixos/presets/core.nix @@ -0,0 +1,44 @@ +{ pkgs, config, ... }: + +{ + users.users."guanranwang" = { + isNormalUser = true; + description = "Guanran Wang"; + extraGroups = [ + "wheel" # administrator + "networkmanager" # access to networkmanager + "tss" # access to tpm devices + "vboxusers" # access to virtualbox + "nix-access-tokens" # access to github tokens + ]; + hashedPasswordFile = config.sops.secrets."hashed-passwd".path; + shell = pkgs.fish; + packages = []; + }; + + + + imports = [ + ### Overrides (overrides global config) + ../networking + ### Flakes + ../../../../flakes/nixos/sops-nix.nix + ../../../../flakes/nixos/hosts.nix + ]; + ### sops-nix + nix.extraOptions = "!include ${config.sops.secrets.nix-access-tokens.path}"; + users.groups."nix-access-tokens" = {}; + sops = { + defaultSopsFile = ../../secrets/secrets.yaml; + age.sshKeyPaths = [ "/nix/persist/system/etc/ssh/ssh_host_ed25519_key" ]; + gnupg.sshKeyPaths = []; + secrets = { + "hashed-passwd".neededForUsers = true; # Hashed user password + "wireless/home".path = "/var/lib/iwd/wangxiaobo.psk"; # Home wifi password + "nix-access-tokens" = { + group = config.users.groups."nix-access-tokens".name; + mode = "0440"; + }; + }; + }; +} \ No newline at end of file diff --git a/nixos/networking/proxy.nix b/users/guanranwang/nixos/presets/core/clash-meta-client.nix similarity index 65% rename from nixos/networking/proxy.nix rename to users/guanranwang/nixos/presets/core/clash-meta-client.nix index 7546a77..7168829 100644 --- a/nixos/networking/proxy.nix +++ b/users/guanranwang/nixos/presets/core/clash-meta-client.nix @@ -1,6 +1,21 @@ { pkgs, config, inputs, ... }: +let + etcDirectory = "clash-meta"; +in { + imports = [ + ../../../../../flakes/nixos/sops-nix.nix + ]; + + ### sops-nix + sops.secrets."clash-config" = { + owner = config.users.users."clash-meta".name; + group = config.users.groups."clash-meta".name; + restartUnits = [ "clash-meta.service" ]; + path = "/etc/${etcDirectory}/config.yaml"; + }; + ### System proxy settings networking.proxy.default = "http://127.0.0.1:7890/"; @@ -13,24 +28,27 @@ ### Proxy service systemd.services."clash-meta" = { - wantedBy = [ "multi-user.target" ]; + description = "Clash.Meta Client"; after = [ "network-online.target" ]; - description = "Clash.Meta Daemon"; + + wantedBy = [ "multi-user.target" ]; + serviceConfig = { Type = "simple"; - WorkingDirectory = "/etc/clash-meta"; + WorkingDirectory = "/etc/${etcDirectory}"; User = [ config.users.users."clash-meta".name ]; - ExecStart = "${pkgs.clash-meta}/bin/clash-meta -d /etc/clash-meta"; + Group = [ config.users.groups."clash-meta".name ]; + ExecStart = "${pkgs.clash-meta}/bin/clash-meta -d /etc/${etcDirectory}"; Restart = "on-failure"; CapabilityBoundingSet = [ - "CAP_NET_RAW" "CAP_NET_ADMIN" "CAP_NET_BIND_SERVICE" + "CAP_NET_RAW" ]; AmbientCapabilities = [ - "CAP_NET_RAW" "CAP_NET_ADMIN" "CAP_NET_BIND_SERVICE" + "CAP_NET_RAW" ]; }; }; @@ -45,5 +63,5 @@ # - https://yacd.haishan.me # - clash-dashboard (buggy): # - https://clash.razord.top - environment.etc."clash-meta/metacubexd".source = inputs.metacubexd; + environment.etc."${etcDirectory}/metacubexd".source = inputs.metacubexd; } \ No newline at end of file diff --git a/users/guanranwang/nixos/presets/core/hysteria2-server.nix b/users/guanranwang/nixos/presets/core/hysteria2-server.nix new file mode 100644 index 0000000..0f5de3c --- /dev/null +++ b/users/guanranwang/nixos/presets/core/hysteria2-server.nix @@ -0,0 +1,59 @@ +{ pkgs, config, ... }: + +let + etcDirectory = "hysteria"; + port = 43956; +in +{ + imports = [ + ../../../../../flakes/nixos/sops-nix.nix + ]; + + ### Firewall + networking.firewall = { + allowedTCPPorts = [ port 80 443 ]; + allowedUDPPorts = [ port 80 443 ]; + }; + + #### sops-nix + sops.secrets."hysteria-config" = { + owner = config.users.users."hysteria".name; + group = config.users.groups."hysteria".name; + restartUnits = [ "hysteria-server.service" ]; + path = "/etc/${etcDirectory}/config.yaml"; + }; + + ### User running proxy service + users.groups."hysteria" = {}; + users.users."hysteria" = { + isSystemUser = true; + group = config.users.groups."hysteria".name; + }; + + ### Proxy service + systemd.services."hysteria-server" = { + description = "Hysteria Server"; + after = [ "network.target" ]; + + wantedBy = [ "multi-user.target" ]; + + serviceConfig = { + Type = "simple"; + WorkingDirectory = "/etc/${etcDirectory}"; + User = [ config.users.users."hysteria".name ]; + Group = [ config.users.groups."hysteria".name ]; + ExecStart = "${pkgs.hysteria}/bin/hysteria server --config /etc/${etcDirectory}/config.yaml"; + Restart = "on-failure"; + CapabilityBoundingSet = [ + "CAP_NET_ADMIN" + "CAP_NET_BIND_SERVICE" + "CAP_NET_RAW" + ]; + AmbientCapabilities = [ + "CAP_NET_ADMIN" + "CAP_NET_BIND_SERVICE" + "CAP_NET_RAW" + ]; + }; + }; +} \ No newline at end of file diff --git a/users/guanranwang/nixos/presets/core/juicity-server.nix b/users/guanranwang/nixos/presets/core/juicity-server.nix new file mode 100644 index 0000000..bfed172 --- /dev/null +++ b/users/guanranwang/nixos/presets/core/juicity-server.nix @@ -0,0 +1,59 @@ +{ pkgs, config, ... }: + +let + etcDirectory = "juicity"; + port = "33829"; +in +{ + imports = [ + ../../../../../flakes/nixos/sops-nix.nix + ]; + + ### Firewall + networking.firewall = { + allowedTCPPorts = [ port ]; + allowedUDPPorts = [ port ]; + }; + + #### sops-nix + sops.secrets."juicity-config" = { + owner = config.users.users."juicity".name; + group = config.users.groups."juicity".name; + restartUnits = [ "juicity-server.service" ]; + path = "/etc/${etcDirectory}/config.yaml"; + }; + + ### User running proxy service + users.groups."juicity" = {}; + users.users."juicity" = { + isSystemUser = true; + group = config.users.groups."juicity".name; + }; + + ### Proxy service + systemd.services."juicity-server" = { + description = "Juicity Server"; + after = [ "network.target" ]; + + wantedBy = [ "multi-user.target" ]; + + serviceConfig = { + Type = "simple"; + WorkingDirectory = "/etc/${etcDirectory}"; + User = [ config.users.users."juicity".name ]; + Group = [ config.users.groups."juicity".name ]; + ExecStart = "${pkgs.juicity}/bin/juicity-server run -c /etc/${etcDirectory}/config.json"; + Restart = "on-failure"; + CapabilityBoundingSet = [ + "CAP_NET_ADMIN" + "CAP_NET_BIND_SERVICE" + "CAP_NET_RAW" + ]; + AmbientCapabilities = [ + "CAP_NET_ADMIN" + "CAP_NET_BIND_SERVICE" + "CAP_NET_RAW" + ]; + }; + }; +} \ No newline at end of file diff --git a/users/guanranwang/nixos/presets/desktop.nix b/users/guanranwang/nixos/presets/desktop.nix index 1e4c042..9166e71 100644 --- a/users/guanranwang/nixos/presets/desktop.nix +++ b/users/guanranwang/nixos/presets/desktop.nix @@ -1,46 +1,14 @@ -{ pkgs, config, ... }: +{ ... }: { - users.users."guanranwang" = { - isNormalUser = true; - description = "Guanran Wang"; - extraGroups = [ "wheel" "networkmanager" "tss" "nix-access-tokens" ]; # tss = access to tpm devices - hashedPasswordFile = config.sops.secrets."hashed-passwd".path; - shell = pkgs.fish; - packages = []; - }; - - - - # Flakes imports = [ + ./core.nix + + ### Flakes ../../../../flakes/nixos/home-manager.nix - ../../../../flakes/nixos/sops-nix.nix - ../../../../flakes/nixos/hosts.nix ../../../../flakes/nixos/berberman.nix ]; + ### home-manager home-manager.users.guanranwang = import ../../home-manager/nixos/presets/desktop.nix; - ### sops-nix - nix.extraOptions = "!include ${config.sops.secrets.nix-access-tokens.path}"; - users.groups."nix-access-tokens" = {}; - sops = { - defaultSopsFile = ../../secrets/secrets.yaml; - age.sshKeyPaths = [ "/nix/persist/system/etc/ssh/ssh_host_ed25519_key" ]; - gnupg.sshKeyPaths = []; - secrets = { - "hashed-passwd".neededForUsers = true; # Hashed user password - "wireless/home".path = "/var/lib/iwd/wangxiaobo.psk"; # Home wifi password - "nix-access-tokens" = { - group = config.users.groups."nix-access-tokens".name; - mode = "0440"; - }; - "clash-config" = { # Clash.Meta configuration - owner = config.users.users."clash-meta".name; - group = config.users.users."clash-meta".group; - restartUnits = [ "clash-meta.service" ]; - path = "/etc/clash-meta/config.yaml"; - }; - }; - }; } \ No newline at end of file diff --git a/users/guanranwang/nixos/presets/gaming.nix b/users/guanranwang/nixos/presets/gaming.nix deleted file mode 100644 index a6a4cba..0000000 --- a/users/guanranwang/nixos/presets/gaming.nix +++ /dev/null @@ -1,9 +0,0 @@ -{ ... }: - -{ - imports = [ - ./desktop.nix - ]; - - home-manager.users.guanranwang = import ../../home-manager/nixos/presets/gaming.nix; -} \ No newline at end of file diff --git a/users/guanranwang/secrets/secrets.yaml b/users/guanranwang/secrets/secrets.yaml index 4a0eeb8..7014bc3 100644 --- a/users/guanranwang/secrets/secrets.yaml +++ b/users/guanranwang/secrets/secrets.yaml @@ -1,13 +1,12 @@ -#ENC[AES256_GCM,data:foyB70p8iklGCcX/ybRiMKVWDohm,iv:d42fIurrsZ3wL7e6dowyMXyN1dduRQWNKeqM1AKPzDk=,tag:LXUJOv4GOmI+6l2qcMwBUQ==,type:comment] hashed-passwd: ENC[AES256_GCM,data:aXK4GlXTJAHjw/fpwBYWUnKtaHhxYI/anpQZgUI8tYoSw7qRhAdfO84FoUSEGvqin0889dmtXGqFErBK1Q8TQpBh5DX2VVmeWg==,iv:rs2uBRdhKBUrwFIgJrAgt1lqyyDTP1HXNQvy3k3ANTc=,tag:aTIA9fB7MUNI0tNkBxLQJg==,type:str] -#ENC[AES256_GCM,data:+EOgpndwI/KdAI7qsh6w35gx,iv:mhr3AuN/zpkSnXSwDcAHeNz71l/XBYGnIAeTiC5Rldo=,tag:2XW+tocIkD1tYrXluxD0iQ==,type:comment] nix-access-tokens: ENC[AES256_GCM,data:jbh84h/tNCj85Vaq0DiffrxzBWyKgGZsmhj3D/D7Iod6wXnXkY+vctJLgo6h4BVEU6PXVIMWFJzTovjkgmzOCA+jWXw1RBl3XskwLLY9uRArHi77Dfxm1k/ZnPL6T77ZnHVwYBbzxf3+zoFLCcrWZWqHkIcFOoMd,iv:LJED9JArmGPP9AIfXHhUiicDSa8DyP1cV2POhdTM+CY=,tag:4NJK+KAw1q2iQ0ZnreQuAA==,type:str] -#ENC[AES256_GCM,data:Twmef9H4w9Ay/RrX9jWay1Bj3b8=,iv:ZFSSskG0NNSpJ/0MbUIUZtaYT6haq4pH/A9RsuoFqks=,tag:4A3AmDjzMGwHT96fy00k0A==,type:comment] wireless: home: ENC[AES256_GCM,data:JTJVamFEmSIdVCJZcitgBCY4M3Gfg8T/F+LTed8TclIjeVEATc3vci6PoBvuuE6JTThowKm7quP8Q5Sn0ZdIn/j6/XOMo/mfh5zXAqQ5Q55xTym9mO3RCaeYdUg4IRDcmnzPTguErSySgB6/feizGEMe8OMNwHzOreI8NqrNXgQnDE3ZmdT0LzJ17JWgBe6KwedKxIweSxwmcyGErQkYvJPdsxXdBAa5gD40S0ioPETbZI73E6aOOEryp1poTVjfFSu2IWELryR/ZVUOcU2VmveP7+YGE7ydpR7CHnAUEu36tWD4iYIb71XRhEW/rffVnwHHCAJfgVS4/t55B2BM3JvQYMZt3McHEr+R2dnD2KJv55ADKt/73ibAPYrj4EmEHUbswXxgqOJPErHQSNKXejJzBhxaIK63L7wZwzthfU/BbnV32l4A0Oxm3c0gpyyRFNhE3UPi+h5pzRcoyfDPJzfQTC76mN4oSjRW3lQV3bBLA5qflRGzI8xS+vc2UFlW2XVxoKINrGZTkB8T34WFvJty3JvD9ddSp/dqnu4LaIMETcWKMrabvelJunIvq59dw+9HPpM7Be/NOuAErHlwvHaFSWjQ/yz2CG8b/djzpQ==,iv:znowKErkz/f72SvyBa5/TN52mc0Ks4XoxNY/5rcihCI=,tag:4pHdKBYfQ0A+y3ZrTfpFjg==,type:str] -#ENC[AES256_GCM,data:9b6XF0bgHFDQzoyISFN5+SzT7kw=,iv:O2ISj6KYXCHcugX+rK9eXAMBrYcaBmq9OhjUPoPRMPM=,tag:DazihYVrAvS3CcbN4f5vNw==,type:comment] -#ENC[AES256_GCM,data:mF8dZpRbVs4Tq53/+own/JivWTsTMlAermkTVqgrdYypm+dBQ5D0IfUBog==,iv:nmyqL09FAewFExGUEeouN4FdCSiCpWTOU6xKCK/XnoU=,tag:URdrVP1x0At/zONsUb0Aow==,type:comment] -clash-config: ENC[AES256_GCM,data:QLKKr9KqhQ+Tf1+b0WIDb4dZIZcyhO00mRN8ttee5/Tl6aQCErIUqmmmCOlc3/JQchecmHp9eU3UI3IjPvzjuhkSWG2TmTcjV11ex9R69aOqlluevT0wyVRY8wYJn9NqIFzpvj+IF5qC4qkduchqqHNpYiEhs3fCjhbi15lkOnmeZeMW3jKtoZQW68P73ULq7rwyo2BeagUNMF29hfmsnROjzXCyhWQyzVldLiic3bTJGOvXCYnW5tQNcmuwS9QiF2F6oyc4K7i5PquuhgoqEUx/q9CdWCirtoJJVxf7atk3O8SUe0RMEbhnMxzPoc+uiBzkXuGW4q6onNqIrhvdyRKnkUzc9vtMuoYAhbd65fFdjLZupqcm6QcMktbCS8xqNAi9g+nwZ1uKjSZUaismNYrDLqoXL9FH7mnqaqi7GzGV1eX8os0oX+I0eQMtrPdoaOTpI7wmDgorsCk4mF2s4YOBD2QVSiGqM1We5gIRi7HrFeKEV0fjQhpIeC1gsKs0if+Q4L2wFYyqobbBF333wEcu6PZ/GOjyMNcgR94AUHM7CcCdl1gZKclTKGbq69QEaAF2SlBMVjRs887Aw/rWknlT3qpiH9b7omXdaLhWL+x5yCZEjCmnfbE+SXyk5cTlea4ymoYQxXTQaWxKcboDUZAe50fQgfIsavsTUn98hNEt5678yGrT683CUyfnO5v6vjL2CfDlb1a5Obj7jv5d0HBm9NQkrmO4dxX3XMSwEphcqNHy9ku/Q5mOKrTbygWN5sdWAAlt3CobCJa9KnbmYjQMEB5a1r3jBtul6F3U0El2ZnXF2DHH7NUrVBlffII90uAGQtqDOmTiDUgX1MA5pLlaRhyzinZrrChwaNYbNG+mIlX68OF/PDnDc8HV5dvyh+Bwefkvt6b1R9JUb8U1LmW2MrK8hA8EVi/GJyAVved7NbjjWp4IAxVus5fZMDSUW0fHOnWfngycDXrJuWbFRwkjIJveba2RA3/biuGzTYLm4He1np8z//lFjMIpA7luY68din5lhiecb/RizQoCyFWvctbo3TYUEZSWIhoaalBY9Zkna4jfhSDO0vL3o/hctQ+HWkM4XJ6Up72r1UEVk28qEY9Nc69QWzJewZyqBrtC/cKwDNLGi3XDnneS1b+i2zbjehNEuYIZnkxLEB0okcuAGZma4M+dJDronMeFpQPNFlWFBIeKey83vVPW7krDtkxLusGGSb9w5mGPNLdR9oo/qQoMAHV6BUrk09NW6HgjQp3x4cORs61H6aA9hSGT6nihCSmcjR/O718ivLAl8Zx4lXaVIBgjwWDnCj4uXkI0T/aS9VKKAkIrbOU5zLEOGCl48i1ig8YAxzoF771TvATAwyJ9GJOgf7rCbnA+1z4CjZPOdLVzwJVpT2ETEFekq3t13iivbvhrvKz3zIsaAh4jPlQp+xJidkHrJ0+0qwvmSjjvEUfwT0hccrueJhe2IQIlbDtgOKExo1eGhM2F9aVUSKWvdGpPzxWf48b4Z7Z3B0ma8WBODBBZ7NVk63pmNWEL5CjyW6gAJ8FGNadqFJ7bMj//2dc2P9z8i2Nk9CMglId1orFMoSmPmfoAvWn5epfY6TsydG/pCKJtHbF1n6tPqmF9epfuRqbVN5r5EInIpAn6IdOboEx1CNVtjiEWeU4xvT+TmNInLCEGTYer0wi8IMPD/w0tytpTKqEQSR0yFIHA4nb1o25PvohOdu1WRAAw3mvIIKClXuI9LwLG0psyNBiLudWgOKUQ9mwDpBoYo0UXVL/kEUOsZZDycxkpTghE6FbUfM6/QqE1JNhVHdIndAx5xcxKAkML/7VxKi52qm/7fD0cp57M3M20pjH+6EYjqq813P/VnUAUGEm85C70eT3Aq/zoILyt3WNthRG3zG3eLzVuol2LGp1VMKiMBd5u2B7PAwK/8iyBSeKhz4IXA4D71a4y9pRM7e3lRql9UofT4o/X4JILDTHatPzgQUjCTAktlJCJbpdJrBu4DpaG629RDZhEiwhpnBzOoBDKbiSqax3g4Zsgb2lhj9m9roSchoaarva4mJxf0UGkoksNIKNfYUouBAPd3tDFA+f1G7lM5x0xbAl1g1iN3ZQXv4Jdo/YgjHfGzb3K9/pepwgzenYzG6FBLv4YrPibBu/EC4rt7gv4LH0YVQaV09Oj97T1Sw9uao0/4u5hbFSeaX1OYLv0qFCogYm7Ke9h/+8Lf40FmGNvhYJ/t3knnEUA7GzoVPeIrJbQNPKbQCmpYOdOFccI3OASq0jIxLQYdilfDV9xQuCV4R0VDUqWAjlCL4YuKnKiWiLFh7lt5ErnIK3YNQpozpdWk1pPYh0KByRFntrD8KkjRhcjlIkidf+5R88d8cTdQmlK/vxmCmdAfjYHE9/AwUyizpz7qyGhX+ksRo7hPe7Qi9a9iJRSNTsoM7RxBEknO43dTCs5agY21L9ghYnxryFhMQdvMgw5kFBBJd6dgg1cZBCfyBzPULq/4yBPr0A0/OE/xoXuESzeGk0zd3uhsvuvguAQAjmMwpkJpXPIi8d+lHWc6aAKVlnmZleH5WRi6GI/HU4gn6hetnOLBPn+1fhDoBHmA6Fo2z1VDjinEK3Q4kYGwZbiJRvjGrn+r16V7ezld74WqMnukn1LoHdRJhrZJu+OblBlpSJP50jIudzu0TcY1xx1bTzsU4abu7LcTT9/sFewhk1w0A8kzQHXUMmGxzRlj5h7kL8rtm1lsKjbpFhDooBQfkqd6/DLN4Q+eGXuGsdLJOgjyuEq1xrINmUfYSUyX4EU4peK9MWBv3TuDQ9VajUZZDmxnkvrg9WDbgPDbEPohcl7xIZSXLp27qmk0gAJ5b3ZWn6mKsHSqX0pUhxcFEeoOetRnv4a2gvy4lQFXZ3Jx0w/WLvf7ChkxxitSDpc9tTrmCbBvRS+QIz7gI+08+VYGDV57IOcJxEQeudj49NG9xDA+psxNdTVy9nop0mcUpWCVwtUoIMA/YHd3CIBZqSPcAX3lyznkSI9YVM7Ez5Aal7U7Qgh0nN5LjmOo+zYrxpychBUCypj5enO6KtiOqiEWqbmY0E8w9wvDHqfYuEvTNyKG8+3GI/PSyKvCUpBfSIKlLUP4vPXspCKMI9Lxtw/f8ZAemPDfHaKyX3AXp8DOgbvUL3G9JCkMAEBGvLyfcWJ377j+RKZrQlbR294NgPEjnRKtk+r6xBlZLNzFjCD7HYkGm/uAxmblTlshRYw3CPADs5H8SIohqc5AhR79AYPmRW7akB5/HPr/PZJBR4jgP9RAxsyTMbu80dc/2oovXPSBeWFkVj6VedZR4pKy/tq5gw3WnXIbNswwYAihb/7XO70QDZGlWFolv8U9jTlZNve+rFzAJMBUxYqU5GkOKnLbaLFLyFKXmhOrwhdrxneDSxYwlBbEgVyEk34ECAhFTuBVKd5eF2qyZqg9hTmKz5ENItIwQb++l1z4lNC6DFLrhQip2mvq+PoIALjD4V17smPi6XWlforgdXxyIENxidwldcYUvryTjO1J+UIyXVDfL4OG1SOUhpJrJ8oDtzBuvsBYa840P7NcGaG6VaToUDjnrSknBMfsFe8wWhKj3KWw282he0SQiHX2/epbEPl2Oss2To0Ni3BOAoOMJX73h1W8/eE/9BuBeNI8+6a8t/97vlYNEoGq2j/8065kMQDXnANkxCQ0iRbaVWGyuaetRGvXrTLJlenW5cnN6un2GDeVWDS/DHl0+ovG3EApOswBZFVqxzd27yIstw/PXWpdVJ/FNWuyTeGNvU10d2BU9yQzaqWlZT3IbQNVjEswPUA/RmFi7gYxSfEVtn1xg19/daz0AYy+oLFaBexMISi16hwb0RearBbE4Gz+lY6h9auH+4UXUpaZjO+VP4U2APPZpnpPhn0JCwqRtWJaczNQQexXPQnsMrsKpQhkvm6YMEkeUun/aiwrkps0BEDBgNl12ngzPiEZQU4W+DkRQbObdh0IOH+/PnN26UYYUDUXlh1Mj/DAY9ReptWcJGSEtVM/puQz3yiUPsbZCt/hP9pIZpUliXtC41cIynE4UONSq6XRedT7hxVwxefG5ZpGoxSm8jn9Akt8jkos7XPJOuaxIwp1I4b4m1ySjwnAp/DxKtKD7nvQ5QyMEolCUF0fE42KjWYk/NczjNjeGU7D/AiM0gl75MP41nBXPQNm47MMRuk6rmrK5FXFZeNjAV68FKvQoP0KF1VOvBuO96cy97aQqsoQplxGBf6mnho18aWCRE5Hha09cgsoTtqED/ZQMbKsV0etCHvNvVoWvgMB1P4O1UItuYg3cH82vldYzNhy79TYXWrlqaI/R48FbtdYpbRmZgeaZtRBtB9G7irf9Bd0xsVPT6QiCUZ7hhwPeeNsULz7vAWpd6Mxjl9VtKZTVf/L6D6xsFQRw8kmWbbVBASe84YBCL1d4ER8urcIL9S8EuZ0vhdlAiXLLaX/swKtfZBX+BM7Y/ugqda+Ei1qMJKoYlkRZs+zEdz7c+8n6pu/gddKtHM2hVT6CBJQYdXhaDxgko7862Vlw3PTFLk7YqbjRtw4yEgVh7E95nshhCNh+76GldLidvIV586A4FM6mjr29kqxD2JL55lLPH0lZFRXNG3ECG+OcRoeJslz86zn8CPZr6R3K+dwAY7eLMVpXoFGh/sGknHikmMDk4MDrZ1/+5QpYMoaZ2X5NZWCv5j+8hYd3J8BNiBFka6Yafhu6ZE01yEn/mZgh/0D+SYt4kgsBCnZE0kh18i/ILUjnd6pYv53FrP5vrSicCsgUmrKt4e/0FL2IxKNw9XQZCZ4mh253olZQEWFhFv5En90J2uC0VVrQUoYCjiEzFJVaBhmu/y3vnjjNXuDVz7lrrLd+piEk9UNX28TeOX/1PaP91c7DD2FITqAQ0eJKGSKN+YaKR2+ZNdLFQjSVodU7rF+ajV8X4y6dqB8//woDdhRqoXactsfGL9Qz9WIQFvjMXYnzsuyzwhhTtjHPhZ46+vBQrDRTATLh9XStTVfk5E8y18lVZjkw/JpZJgXJOZsnMcXvLWN7ONWmkUjD6aDZZ3vTO6zPcWLdjt3x1KFS6v,iv:bGytPQsu2jV3nNRUWezl7UDgusZcs9u6Y2jhIRlAOvs=,tag:/uzhUZZGbMkE7EeLW+ExmQ==,type:str] +clash-config: ENC[AES256_GCM,data:8M8IeMFewjXvG17GTtcx6ugpZvNOG17/b7m5cVOy0jQ7zP+xkfiY2KcOnwj7zDVIamxJeua6FnMdQffsY81XdrO90gBLDprlVtKf8BseWXbKe5KhOcMrqNsTJN7C2ZY2DVrMB/rpgirQxSYZZlHDsWWrk3XXh36IhB+NWlR3aX3ElI/1IyJDuupFYd052fW47DVE4CZaG5onSnsHOZlsB5RYRo56NkHKis+MqB02LUzaWvMWwZ5MNqOCKOtsp9yx4YegeoQWu0jY03H3flLTnOxmsKNlyY0zz2XCDVcgtscezZ7P/0NhSKb8GcX5OMPvEEcDRewTKt7u7LRDR2Sd3NqQJMNX2YUOy/6hDGL+5HE/0Bx8RpWVTiGyTAJzuXZ6ZdX7037I8956UkcIjlE1t41555Tjz5WobeCL/8PDru4vGBd+gdN+I1KSDnoYrGBG6BQA4MJCO83acAm077lfB4UuDf0JgS8IGGYlU2HgAL/cmrTwqe9krkmtQY+OKCqjiwzi//T4adznkEfADWjLkF+s0N21fmPGjfptd6YJdQbak/SJ4M9IvzZY+QBAuq9zAtiu/RfYWhldf48qXSGUnxB9SwbFNpHCX21OUQT78YqtfAZrQB92ju+OcuetOSXjeq/YFm7F7icYdcxRnqTu2abxfLpIyeHrF7Wk4zptqSzMKmVOunCS9XWdtSQ/uuiw+TOrfKTxDGBCZOc3bfPYdb5xNvvropE+vAW8l4fRg9w9DBbkZOMTvwpXRhmtGcs10JNDt6bgAGEcSATSk4UnGCDt2mYj1gDRW0p1wAYpUTvz6ezFCrRf2wXunep44ygRxde7TAyJPAB5pyUjKCwFLmY0GvOAjl/BmRuNcE1j2lDtD/aI3SXE6FBwCfBPY9qJPIAOR71rD1PowN3hLLgU3/2hdftKayT6seP2GuK9LPDZk1N3BKW7lzB6PphYj+o6CqO1Kb07CxaQvlKzR4kro2jJRYkzRxghfhfvTlpF+hHQoCpITRwrtHU2RMKf+d5KehBM+D/4Ni5qGiqdTRusHxkn+KHIRQ5T6k8yjfhyJiGqs3CPqUxBrykTIO/h1INg9Z4RJAb9cQO8Ue4AeRjZhaguhcVIiPLZ580wzc17sXJx6bZDCCHEJJFozEZpF+Rb9zvzR20IdWTGBvm8f17/9rXuj5pl+jfPvuhm4rEi+wN8R7nfOoksfgVaD5hJbO3Yw7n5dT56tf8hDUNLT6t/LCarLY2ZI0W3KLevf8kFZxGxg0OxkK2iHudUrlv7vqr/vWvSdXO7/y8H+3Z/gitihkII5APwfawexI0YdOn4nhval1mf0u3Co+BWmBt3m+BnSN8gLKHU5qFrEPNWyJEIRSbgnDv4M0DS4Fcv//YEcycdmA66cQUWzuYgToQH7tEL64nMKRM0e4SJFY3Hp7Cy91MZmG+iB77ng/nhT0oAQ5KacsZYDPPwxA1uGaLtOTgzIdVLqy7qiXWwbQAJ5ev95xb8mc27slnT3wcJCkbRdG8L3ObaEEJbq2D97Gi34hYXZGthGGkJGS7RHJQAmyDjYNdQkb4ioWmlwflMqiuCZvIw+9aStTn+3XYJ0foB64zzuFFAYQv9G84nvFYiffHVOGEGnJLCH282euC8z3o+PKVsG8GpZB5xb0xPnxfyI7veahSBP3vDou6FbuIw97jBN7SrGXJtpJ6CHdGkVVXgAOUnhmt/EJI+Kz3wWGbSw90EynsfZ/kdwMcVrqZrakptZWRlaRjgCNH2QSiy9xlsG7a7tuYqAaXVMv5tbhIOfEomIaCjHAL+a4duRwo8lxeae6cErIOa5y+sFh58pa7F/blNxd8UjJOXqv5IwC+WZNaydx0NLWmv3sLIisYYaO25MjlUs+rCw7lmRdUxRatSlQ33foTjDGA1W++5uqeqnBJyQyvdDePWOTYd9+7ZLGh1Q3x+fBnwqg2WkWxnA29bskigxnVq/RVoRzDyc7zsMs7eUPscbau0SG0v/W+7uk21gA7Ndx8mDCp2BtjZJhgCpYGN5ejJzWVX+xD+TXbU+o80I9vS+iaarAz2E2CRwpipuzpvXi0NOCis4cJCZz92yr3/zarlnAhIaW6V4y+46EXI5z6chLK8ZTThQQIay9FT5XP4hki1PnOywSr19f37cTuuMOQJ9W6VQyRAWPEilkFHu493Go3ZlVLzyPyroNr4yfho0/l4bLg4e7EWgNQhDvhM3soWzflr8yU9lweWcqVcXOomu+Mg0yhOzkdlD6eDCSiv3PM7zAw/JIRRNlje13lVI9ILOQ1Rt/O4p7aJs665dEe4stKUgMPsJ2eoOTX3nruhdxesO1qodUxeb64a2lPm1POUcI2JK5846YL7zxuPwBmrOAee5CtoqYq9oW7mSuPgjyQmcK1LlkeWP/StMXHVDydziqmFeUPHn7cmD2Cvh5mnkPk2k6Il0M50ygsn2DXZX5qCoawBEFz/jUHv2SIK/qPtyBti3MMWSAu6jah+Y1simMw+cto4o/3i4kpjOp7jRqzyeqdGZClg+1QjuLAdF61ZJqnTR7s7BfDI7736q9w79H4XVu5Ckjmv3RTIhFhOkzRni68FL5k5dmHL+mORhNlLlS4oxPjOk1pO/neQ3yPNPacHH7w9P1XvrrObvnHIovgI2p6NZg9vijOxteiMIMj+MrlfQRHGFPDP6MMVml/486qE+zXRQbcV+XyOOTRgxP+9H2wXPUJyzTVBvhnuE+YhmC8oV3SBGL8vhIqfylbWVvKy477H2n3yAi4JCLddyHGgTiFGHT95OY0Dn1MOZO9hgIAKl4FbiR1Es8P4UnE/upGEDurgdvfsjnBdRAajt+RPu1PxSnNB/l1lVNwuES9frBZatgqoXbwmgCB/WXKMijaBqhZT6nlD1UZFHJiTB8JsBlHTIF4A4JZPhWYas4Kdu6rFBx2edBrjG15HyM6SiH5Sw6SDA6eWAy07g+hrcCwLaI3Bdlic3lja4EDBxp8PQQYsRCv4GGyErlaGG/h1wV0J5a9JO8UDkbjdIyiITt5f54FyE7LiEgadmS29AbFlOhl/XNFNJ2yJyhyXrLCCkP6lpK4BuIx1K/OUzQyD04exETb8CIVWRxspgrQd52IrjXupfgpQu1xLpso+dp4usFDrQe+J77Bf3/NNl2LQeK0Q0W84ps/zNNPk/hMo2PQ/+r6CmtXo615oSU59la7NgUjMWq0LfCAYryTv1xvfY3YxZJLuBxqaBxxbeoCAa46beE/QAo+Xezpq0zPgb1vnNjCamq3J2djBvuAai0vykKEGmSwRISMRfiK7vFNs8lqVXvGFB3tq7Q1DxhAN+y6lwdVLpNrvxlMm7QRe5u4oRjhQR36v8pStp1hb8Y4BUiFmTBKo8KNqHatobOfRHzhjlW+fo4SXa06n2MA1l+tym9tQ9flQTQuH608UxfliL3dE0bp9nr4IiMhk/ka24g/H7mO2cRaooQ+4JAZG+u5F+IWBEue7NXQeGVrFhysa1jcJn9uM++QN+F8EF2N453xIDpfYgzMS6Srqg/9JzjyBdy/HMKv/buCoErheso0WJ5ECivxqMAFnSI08U0SSCn9bil3Lhd8stGgGHypm/xDNTyja6LhVRzyHinJVyHhQ5IeUxE+YcMa1/jCjzwG5GJiLhFXezO4YSA33E0LzEdNTOYnyxefI5fCeimz0xSDaeiLHK7oK8mtdG7uKg3oDV52efxgM+VwfFIgnegdYl4zqFy3dVmiaA+HONJPW+RxdwLNvlgeoX68A+xj6IwyZgaM7AZUBveiM5a2VAT6AMNvvd7bxaJYXh31Q08FD2cqAqX7gGrvOpeYcrpB0djp0fUZp+BnEq3oUSnqVhiFKNs258FgAHMm0sKw9u3vANdQrR17crm6LK5HW2dT9MURpmXAx8DWr1j+xTxGcfbm+MXRtT2eLTUOvjbgq35LQDiAP4aLq+2heOctdEUowfctG5I1x7OhJJGWyxDG/YLzvASpWNhce12i3BhAfHo7Z1IgaKt1L1BDff90tEWmjBoAPwUk0vsh1PaXapj1z2GRVYYcJnRc03BouE7HvGZ6/6Lb6YP5v7QeJ4e7IzDrhRd91oAx8pzccHLSBAfxrHgmZ0PoMC1PpUbGrnrc62Y+BdHMdH5PMv2d/YwG8lQdi9PWVdMyc5rZyDJYfyfQAljvb3rkELbZcb1jTX/jtlIjAf6Q4HtDAdTi94xUAmKViK9ZYlqDJaQgke8mfsI42H+kUsPPFjAM1FBFUYiejjelHIlIkpe9ZL+5ulY/pSu45icYo08buEsEvNTg464IqKIlFGZbKcnlhVFt9tsOsTW21T64Eo019Fov++m/XDgfHAAajgrQinE4zH46PY+ejVPFuBbpiV1HIm3Q7QHVED3NpCW05Eqwl7KZNMy5qZuXNF+DfX4FScVNPuhIeuXFHOrzgbpx9LT4++jlPcBwPlqN/0orzfHqIwysrMuF0kn6l89wfRt5SYcnDBFPQ02Q5KSjuWzf0crKl/JgkIwXaqeEd3+4MMzDgveOml8p+b81SMNgCxs0HAGLv5np8KuME02/EmiK3rzV+BVky0TLtxE3Gx5KK+DNhoesGoTo787XKnN955HwTp1a5Jo/D5A8BaB7pr/2Byr+zegkQ7Aqx7ouWyKx9rrFWuOaIppFPik3S5IpvXE9O7a4loSySrFwwNR/8s2fdOswR+F9ZEcQgepRzYnxp05m9PQrz62L6wEgpLQWxN5f5ylhFWAt3AXHNunyc74BGaZ/gw63ax3fCYHcr7tLpUSODn+K/bPdyCndIWE6vl8gb9HWhEQaDSDQV6fGeToG3IJRLnbtqzIejG7MryX9yqlGkbatfLqfRnsFDV8l2EL1SZCR2jwvlVDXhYxmZ6DBUa72JTafRi5SvcWXs+eaQfjvBacOsueIvvcQ3L2xrw5YTJx17IyPeu/Fp27dzqm3a5Efx0gFzRlrKVoSFcrGKISkqgGOPJPryPEujqBCXb4usm2FnKkZQqflTZ5Hw9OLXVyCKEtkYL/1HrVP+bIOeRFtLuDMiJ8w8uTxzV8UAQ4+0ZSWVqtjQfIqA3VDSM33OSj8=,iv:kWGKs+XViJ26kXNaVKEDFYg3J4Nbv6//xGUZGMvrvcs=,tag:dvkrVYTwz7DNs7S493U1CQ==,type:str] +hysteria-server-config: ENC[AES256_GCM,data:KC8XZxvUqAxWygukCBB+OfsrEBjlygnm69A7LwLrl4XIY4K3mVmHnvKbFucQx1kxbqtcx3M4WNkCKlvegjqV5JvmVuzccxrnSBmM0a48k7IY8drCknM7jKmfIjBeGUNeIWcUq/8RXIFFLR8sNdGqnPwum0McSG0nP+iVW5iEhQgaI1fkc7AOsLDsnKu6nbnK4oaR5F6BHXj9UEp13YB3Gn8F5qeSHMBRpa44eBNwpFiK/8R0oxUOjl+zoAEKLuxCcyddUk6KrBKzIHTOoTgsWq3PB0JdR2tu4z8VRDB0z8hdUX7q/7c27Niywxj+mstDvt/TGhjSGgfAParCBihSojZgHkHVk4k4eoknxxXUZNhm5CTLuyQ0gkPohT+1P6EbuL/Zc9AsBXn5EC1aQ37OkC5OecD6/QURPmNJuBknQ/ZFfeZh28Le3cZrNig/Zzl0bW3FMu3WZpllvCgadDuLWn+t2WP7GZl7ez4bEnyf1uN9nA8WXsiI+RuSrhF2lB66RmwHPbycvKT/lcfjSRVzXfi+EAO2xGN9aKxjCX/O5vgLX+EvlmXaMxdB7jV5lLNKyW248DcNx4GlZYkwRGUvoN8wkMqgPtraWhKMWYvcySshwqxoe33KCh6Fxl9j0u6mQ8A2XSMBMk891PfovbHL9Xd1atzZpTWncA==,iv:ye/efDYo33OW97jgYmQQ+ZPr9sQGbijedjXnrZtwwB8=,tag:0JgKSL7Q4jhDqwjRM5feHA==,type:str] +juicity-server-config: ENC[AES256_GCM,data:17pLsuYY0aREeMeVz5PGuxAvT7TRbigpgMvSbhOFV/sRzUVLO6B1GQOPtfiTDpiQfwqPZxWqzdcwazNiojfEGqfMI2vLm42VYMtDj4aHSLf6ucTR+qPqp4i9xlVJv1eb+E9BOb/SvW/jShyQIzUeMvswtmxgmIjrni8jebfK2Na0zPnDZ+58ZGN66XpoeoO9OQHF6ymUrnfbTHL3AToUbb6UkuuntyFo6v+YWaWqEDbQBF8EDb2Dkiz9zWyqkEGXjHDRLaVbnkAYRfno63FMW5uJ36hqZUJ5d5aM5uxosEMBLSQytBD9ge2b05+pHdOpitt3ulkbCquUHFjEa+E43uxtTJMKokyH3NXrEjUHAhwwUJP3hQ4zpXtvi0YtWyhVE0kgzsB+ESqJ5YFCW14TicytLuuiMtFE7n55jPD5WTFd4ic2yZ7M6m94WRQKO33Cqd5EiRt0ZkZSbqD/eQ/d+2iDBbAoBGCObFpcs8Lh8zh78xAzYdTGWQoEci4ym2p4UcM8l0bxRgV143jHRvyoP1cuf+8LWBRSfG4epJOJU6L2uo3kao8=,iv:ZBD3jXlyL8w0OQimHmAUntTJw/RNBdzmFUgnrtb3cQQ=,tag:HXYeOvlt73Gp/dKi2X2I0w==,type:str] +certificate: ENC[AES256_GCM,data:WzjZS5pRAT/5RZJ0FfDstu5oaQh0NDas8MLZ+LyvXKwb2ZHk28pFOtjzkAVkqTb19QQRKfgJurFQBEPqNpieMCi9tMhd4kP6FPiMqNu8q/xAM3tRaqojiVf9JLMhdyHmjz5V8/HymmR/A6MAhqq0AVksKWcxgCSvk0qfgBDqSlAEhoEFsi+ObmjXFvfG0879U71AcMV9C/VRuY4HjdrYM2sUQ1nZfAuf20fxQvmsrcOEuLlMkhYwhJFmRCBlEI7+jp4idBjQE4g63SsI/t7sbriqlQ4fZXCvdVnqtgK3MfuY0mEcb756GBzZ07Q6Nyfj8DyaM3kvSLjo/5H10e6IF3Lem3mUNPX+qOIR2K2vB6VhI3pfqT+qn2hpPx/bvEt4UUrQgRDpZlnwKaSHDJSVzK4+uMIeJtJhLOjLHuGdTu/zh0/LPX6qb6hXCFSK7B35kI/NxsidZjlR8hn71uB3pQ4ndUcsOcejqdX07+fd4LJNWw7qsPILiwqHvsHCa8X2Wbc5XCHgDXMrtUUJsnkIonnFJdCLLiut4xGiS8Dewkwc7HEYzT9U1P4/gkLFR8FhMqGEKBpxcc/IbPo028P9IAuSUFJ5JwF84hIDlN2VbbX2yaPCuZxUNux6OfSLeJgBkhQfCGGTRnY4oEsMN3WgnRrydCPK+fQM6iBw2j+7a3OcE2Ij4lsMtqiHNpQaHbDAC78QmlVn7AroRYn1kfIq8DkFkS83o7xDu8OhPGsEISPIHMcE7UsLuxp6OZWLogeiC5HqPxwDXEnEOJ9c/c0D,iv:sajeesRts7emJSCsp1v4hNmRX3rA3sCS50zyKwJ2Q4c=,tag:nyQ0cavMg1La/TsksEqXcg==,type:str] +certificate-private-key: ENC[AES256_GCM,data:4jn9aA6PnVShmKMdvVqDQiJruHXmmA5DqpqxqN4jPKHIkF3eY+cXMJWC8lC1uIZnbZikbgBj+82uG2f5ANCeqgWPlHHgNmNSb4rz4Z2hEzilqhKpuOh3mo3q4eAMuWVmkheIOSx1p2UmWQh5YjCwX25jCq0EFoXrCxrUHRzqpLHDyA0Qg6cvzHtXVxvtFyIi+A/PtapMa/+BZcv074kIwsalMDhES6v+q85c7S4WvzPVXY1JakntinKJ51aeyZWC8oEf0evhd/3nWC1U645e3aTJ+yzfJekTQ+4yY57+6xp5h+0V2Igwqy4ZiPCbjPYT//9AHWVutlIUw8K3iZpYD3Ckche9iMiiNpTwRmE3Zea11vQ0jNk+cY0NV5fZQJZDZmwMx24JPHRNChA22Uk=,iv:mHMVQR+cog464h6zAAqamV0rE2/HzErbbi4Ejtv8v6s=,tag:oIaw3OHkRHSxlaHCqjAi1Q==,type:str] sops: kms: [] gcp_kms: [] @@ -32,8 +31,8 @@ sops: bEdVQ0dicTVaRkJUNFB0d3Y1S1hmL3MKFVPyIyjRkQcdimUE/tWxQzQU1cqkB5lN o+7a8JuA5gOxG7OInWbfkDe9/wSFCJW2S5z9jON/tLy6atPdmPYUdg== -----END AGE ENCRYPTED FILE----- - lastmodified: "2023-10-28T13:03:52Z" - mac: ENC[AES256_GCM,data:EiC+EZLwPAHv+C/yeOeojF/M3Pg6RFkLyz+XQc9m/sly5zTd4ACO5ykOLmtlkxWB97dutxW4c6i7cQQsALsAO5dnnzr43YX4n/3Ts8LiTgVPcqjX1mwiD7EhV7HO61gwlLf5kLCmKK2oamqstyCEuNKu+6XIBrYAiXzZVnaJiAg=,iv:VlQwAeTnxiXMkLxRvFCuMwGEnQldK7azcVRvrsotdgI=,tag:bDnwTeWrXMTgDhqq1lRwqw==,type:str] + lastmodified: "2023-11-03T14:30:40Z" + mac: ENC[AES256_GCM,data:3z/Ve/DgObuqDhoVxbpplKXnAE+gFgdFH7tJuh5XTva5hcJvW72lqR/GmfoTu0aBi1MJO5embeocENsERzt/087fY2OrH026GWIkDQkwZJVWQJdZBjeYpgYO6hU/prVX3RKKFNE7mN7oT+F6VTcLOc60+kQrOA6X7eIhtPmvzV4=,iv:1b3uTsosv0vCcQfxJo7zXF89FkSemm30oKwWwBRLrjI=,tag:NwXwwut2lsWkY3u7sp2b/g==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.8.1