diff --git a/config/graphical/default.nix b/config/graphical/default.nix index c821d78..65a8fd7 100644 --- a/config/graphical/default.nix +++ b/config/graphical/default.nix @@ -47,7 +47,7 @@ in enable = true; xdgOpenUsePortal = true; config.common = { - default = ["hyprland" "gtk"]; + default = ["gtk"]; "org.freedesktop.impl.portal.Secret" = ["gnome-keyring"]; "org.freedesktop.impl.portal.ScreenCast" = ["hyprland"]; "org.freedesktop.impl.portal.Screenshot" = ["hyprland"]; diff --git a/config/resolved.nix b/config/resolved.nix index a50fa8b..c715d6a 100644 --- a/config/resolved.nix +++ b/config/resolved.nix @@ -5,7 +5,7 @@ }: { services.resolved = { enable = true; - dnssec = "allow-downgrade"; + dnssec = "false"; # wake me up in 20 years when DNSSEC is at least partly working fallbackDns = [ "1.1.1.1" "2606:4700:4700::1111" diff --git a/flake.lock b/flake.lock index 046bc9f..96b0675 100644 --- a/flake.lock +++ b/flake.lock @@ -28,11 +28,11 @@ "systems": "systems" }, "locked": { - "lastModified": 1715290355, - "narHash": "sha256-2T7CHTqBXJJ3ZC6R/4TXTcKoXWHcvubKNj9SfomURnw=", + "lastModified": 1716561646, + "narHash": "sha256-UIGtLO89RxKt7RF2iEgPikSdU53r6v/6WYB0RW3k89I=", "owner": "ryantm", "repo": "agenix", - "rev": "8d37c5bdeade12b6479c85acd133063ab53187a0", + "rev": "c2fc0762bbe8feb06a2e59a364fa81b3a57671c9", "type": "github" }, "original": { @@ -51,11 +51,11 @@ "pre-commit-hooks": "pre-commit-hooks" }, "locked": { - "lastModified": 1717022817, - "narHash": "sha256-PHyHgQL5/b0+A/kmNCHVOM/WSJSGe1jZ+LFWfYNx31E=", + "lastModified": 1717947583, + "narHash": "sha256-vN/pfiAzYH4i3cUb5pLqkXgPoAPtaxjUXv5aRpbKShU=", "owner": "oddlama", "repo": "agenix-rekey", - "rev": "c6c1ca5b9ceaaa40fd979fb25bb7043adf4554ad", + "rev": "4551006c2807ab361ea4db5e171afb4798da4fc2", "type": "github" }, "original": { @@ -275,11 +275,11 @@ ] }, "locked": { - "lastModified": 1713532798, - "narHash": "sha256-wtBhsdMJA3Wa32Wtm1eeo84GejtI43pMrFrmwLXrsEc=", + "lastModified": 1717408969, + "narHash": "sha256-Q0OEFqe35fZbbRPPRdrjTUUChKVhhWXz3T9ZSKmaoVY=", "owner": "numtide", "repo": "devshell", - "rev": "12e914740a25ea1891ec619bb53cf5e6ca922e40", + "rev": "1ebbe68d57457c8cae98145410b164b5477761f4", "type": "github" }, "original": { @@ -341,11 +341,11 @@ ] }, "locked": { - "lastModified": 1713532798, - "narHash": "sha256-wtBhsdMJA3Wa32Wtm1eeo84GejtI43pMrFrmwLXrsEc=", + "lastModified": 1717408969, + "narHash": "sha256-Q0OEFqe35fZbbRPPRdrjTUUChKVhhWXz3T9ZSKmaoVY=", "owner": "numtide", "repo": "devshell", - "rev": "12e914740a25ea1891ec619bb53cf5e6ca922e40", + "rev": "1ebbe68d57457c8cae98145410b164b5477761f4", "type": "github" }, "original": { @@ -361,11 +361,11 @@ ] }, "locked": { - "lastModified": 1716168343, - "narHash": "sha256-82oT27w9smpItZ+PyN2C0PjIwZYbIocwXSM4u1igXuc=", + "lastModified": 1717915259, + "narHash": "sha256-VsGPboaleIlPELHY5cNTrXK4jHVmgUra8uC6h7KVC5c=", "owner": "nix-community", "repo": "disko", - "rev": "6f01b9710bc4d3bf006eb8df928b4b15e0430901", + "rev": "1bbdb06f14e2621290b250e631cf3d8948e4d19b", "type": "github" }, "original": { @@ -545,11 +545,11 @@ "nixpkgs-lib": "nixpkgs-lib" }, "locked": { - "lastModified": 1715865404, - "narHash": "sha256-/GJvTdTpuDjNn84j82cU6bXztE0MSkdnTWClUCRub78=", + "lastModified": 1717285511, + "narHash": "sha256-iKzJcpdXih14qYVcZ9QC9XuZYnPc6T8YImb6dX166kw=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "8dc45382d5206bd292f9c2768b8058a8fd8311d9", + "rev": "2a55567fcf15b1b1c7ed712a2c6fadaec7412ea8", "type": "github" }, "original": { @@ -566,11 +566,11 @@ ] }, "locked": { - "lastModified": 1715865404, - "narHash": "sha256-/GJvTdTpuDjNn84j82cU6bXztE0MSkdnTWClUCRub78=", + "lastModified": 1717285511, + "narHash": "sha256-iKzJcpdXih14qYVcZ9QC9XuZYnPc6T8YImb6dX166kw=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "8dc45382d5206bd292f9c2768b8058a8fd8311d9", + "rev": "2a55567fcf15b1b1c7ed712a2c6fadaec7412ea8", "type": "github" }, "original": { @@ -597,21 +597,6 @@ "type": "github" } }, - "flake-root": { - "locked": { - "lastModified": 1713493429, - "narHash": "sha256-ztz8JQkI08tjKnsTpfLqzWoKFQF4JGu2LRz8bkdnYUk=", - "owner": "srid", - "repo": "flake-root", - "rev": "bc748b93b86ee76e2032eecda33440ceb2532fcd", - "type": "github" - }, - "original": { - "owner": "srid", - "repo": "flake-root", - "type": "github" - } - }, "flake-utils": { "inputs": { "systems": "systems_3" @@ -707,11 +692,11 @@ "systems": "systems_7" }, "locked": { - "lastModified": 1710146030, - "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=", + "lastModified": 1705309234, + "narHash": "sha256-uNRRNRKmJyCRC/8y1RqBkqWBLM034y4qN7EprSdmgyA=", "owner": "numtide", "repo": "flake-utils", - "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a", + "rev": "1ef2e671c3b0c19053962c07dbda38332dcebf26", "type": "github" }, "original": { @@ -761,11 +746,11 @@ "systems": "systems_11" }, "locked": { - "lastModified": 1710146030, - "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=", + "lastModified": 1701680307, + "narHash": "sha256-kAuep2h5ajznlPMD9rnQyffWG8EM/C73lejGofXvdM8=", "owner": "numtide", "repo": "flake-utils", - "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a", + "rev": "4022d587cbbfd70fe950c1e2083a02621806a725", "type": "github" }, "original": { @@ -808,6 +793,33 @@ "type": "github" } }, + "git-hooks": { + "inputs": { + "flake-compat": "flake-compat_7", + "gitignore": "gitignore_5", + "nixpkgs": [ + "nixvim", + "nixpkgs" + ], + "nixpkgs-stable": [ + "nixvim", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1717664902, + "narHash": "sha256-7XfBuLULizXjXfBYy/VV+SpYMHreNRHk9nKMsm1bgb4=", + "owner": "cachix", + "repo": "git-hooks.nix", + "rev": "cc4d466cb1254af050ff7bdf47f6d404a7c646d1", + "type": "github" + }, + "original": { + "owner": "cachix", + "repo": "git-hooks.nix", + "type": "github" + } + }, "gitignore": { "inputs": { "nixpkgs": [ @@ -900,7 +912,7 @@ "inputs": { "nixpkgs": [ "nixvim", - "pre-commit-hooks", + "git-hooks", "nixpkgs" ] }, @@ -963,11 +975,11 @@ ] }, "locked": { - "lastModified": 1715930644, - "narHash": "sha256-W9pyM3/vePxrffHtzlJI6lDS3seANQ+Nqp+i58O46LI=", + "lastModified": 1717931644, + "narHash": "sha256-Sz8Wh9cAiD5FhL8UWvZxBfnvxETSCVZlqWSYWaCPyu0=", "owner": "nix-community", "repo": "home-manager", - "rev": "e3ad5108f54177e6520535768ddbf1e6af54b59d", + "rev": "3d65009effd77cb0d6e7520b68b039836a7606cf", "type": "github" }, "original": { @@ -984,11 +996,11 @@ ] }, "locked": { - "lastModified": 1715930644, - "narHash": "sha256-W9pyM3/vePxrffHtzlJI6lDS3seANQ+Nqp+i58O46LI=", + "lastModified": 1717525419, + "narHash": "sha256-5z2422pzWnPXHgq2ms8lcCfttM0dz+hg+x1pCcNkAws=", "owner": "nix-community", "repo": "home-manager", - "rev": "e3ad5108f54177e6520535768ddbf1e6af54b59d", + "rev": "a7117efb3725e6197dd95424136f79147aa35e5b", "type": "github" }, "original": { @@ -999,11 +1011,11 @@ }, "impermanence": { "locked": { - "lastModified": 1708968331, - "narHash": "sha256-VUXLaPusCBvwM3zhGbRIJVeYluh2uWuqtj4WirQ1L9Y=", + "lastModified": 1717932370, + "narHash": "sha256-7C5lCpiWiyPoIACOcu2mukn/1JRtz6HC/1aEMhUdcw0=", "owner": "nix-community", "repo": "impermanence", - "rev": "a33ef102a02ce77d3e39c25197664b7a636f9c30", + "rev": "27979f1c3a0d3b9617a3563e2839114ba7d48d3f", "type": "github" }, "original": { @@ -1034,11 +1046,11 @@ "spectrum": "spectrum" }, "locked": { - "lastModified": 1715787097, - "narHash": "sha256-TPp2j0ttvBvkk4oXidvo8Y071zEab0BtcNsC3ZEkluI=", + "lastModified": 1717441449, + "narHash": "sha256-juxjgmLnFbl+/hhIO2cVtIa6caCO4pLKlZWUMwAOznM=", "owner": "astro", "repo": "microvm.nix", - "rev": "fa673bf8656fe6f28253b83971a36999bc9995d2", + "rev": "e3a4dd5b381fb580804105594cc9c71dc45abdb5", "type": "github" }, "original": { @@ -1055,11 +1067,11 @@ ] }, "locked": { - "lastModified": 1715901937, - "narHash": "sha256-eMyvWP56ZOdraC2IOvZo0/RTDcrrsqJ0oJWDC76JTak=", + "lastModified": 1716993688, + "narHash": "sha256-vo5k2wQekfeoq/2aleQkBN41dQiQHNTniZeVONWiWLs=", "owner": "lnl7", "repo": "nix-darwin", - "rev": "ffc01182f90118119930bdfc528c1ee9a39ecef8", + "rev": "c0d5b8c54d6828516c97f6be9f2d00c63a363df4", "type": "github" }, "original": { @@ -1075,11 +1087,11 @@ ] }, "locked": { - "lastModified": 1716170277, - "narHash": "sha256-fCAiox/TuzWGVaAz16PxrR4Jtf9lN5dwWL2W74DS0yI=", + "lastModified": 1717919703, + "narHash": "sha256-4i/c31+dnpv6KdUA3BhbMDS9Lvg/CDin78caYJlq0bY=", "owner": "Mic92", "repo": "nix-index-database", - "rev": "e0638db3db43b582512a7de8c0f8363a162842b9", + "rev": "a157a81d0a4bc909b2b6666dd71909bcdc8cd0d6", "type": "github" }, "original": { @@ -1173,11 +1185,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1716173274, - "narHash": "sha256-FC21Bn4m6ctajMjiUof30awPBH/7WjD0M5yqrWepZbY=", + "lastModified": 1717828156, + "narHash": "sha256-YvstO0lobf3JWQuAfZCLYRTROC2ZDEgtWeQtWbO49p4=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "d9e0b26202fd500cf3e79f73653cce7f7d541191", + "rev": "057a7996d012f342a38a26261ee529cebb1755ef", "type": "github" }, "original": { @@ -1209,11 +1221,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1716137900, - "narHash": "sha256-sowPU+tLQv8GlqtVtsXioTKeaQvlMz/pefcdwg8MvfM=", + "lastModified": 1717786204, + "narHash": "sha256-4q0s6m0GUcN7q+Y2DqD27iLvbcd1G50T2lv08kKxkSI=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "6c0b7a92c30122196a761b440ac0d46d3d9954f1", + "rev": "051f920625ab5aabe37c920346e3e69d7d34400e", "type": "github" }, "original": { @@ -1225,14 +1237,14 @@ }, "nixpkgs-lib": { "locked": { - "lastModified": 1714640452, - "narHash": "sha256-QBx10+k6JWz6u7VsohfSw8g8hjdBZEf8CFzXH1/1Z94=", + "lastModified": 1717284937, + "narHash": "sha256-lIbdfCsf8LMFloheeE6N31+BMIeixqyQWbSr2vk79EQ=", "type": "tarball", - "url": "https://github.com/NixOS/nixpkgs/archive/50eb7ecf4cd0a5756d7275c8ba36790e5bd53e33.tar.gz" + "url": "https://github.com/NixOS/nixpkgs/archive/eb9ceca17df2ea50a250b6b27f7bf6ab0186f198.tar.gz" }, "original": { "type": "tarball", - "url": "https://github.com/NixOS/nixpkgs/archive/50eb7ecf4cd0a5756d7275c8ba36790e5bd53e33.tar.gz" + "url": "https://github.com/NixOS/nixpkgs/archive/eb9ceca17df2ea50a250b6b27f7bf6ab0186f198.tar.gz" } }, "nixpkgs-lib_2": { @@ -1348,21 +1360,20 @@ "devshell": "devshell_5", "flake-compat": "flake-compat_6", "flake-parts": "flake-parts_2", - "flake-root": "flake-root", + "git-hooks": "git-hooks", "home-manager": "home-manager_2", "nix-darwin": "nix-darwin", "nixpkgs": [ "nixpkgs" ], - "pre-commit-hooks": "pre-commit-hooks_5", "treefmt-nix": "treefmt-nix" }, "locked": { - "lastModified": 1716243146, - "narHash": "sha256-zZBIPlqtg/E8i820VwiV3pxiMs4xzM1bAnoZD6Nnpxg=", + "lastModified": 1717922156, + "narHash": "sha256-C/TgTnKY4iWXnBmKocV9KeV+OtZGCh+1Pcw26Elx7JM=", "owner": "nix-community", "repo": "nixvim", - "rev": "5b09c711e28e9b41ad0fe094e7d62232c1e7c3de", + "rev": "8a462dc9570bce1de5a7dd1beabd83f95958315b", "type": "github" }, "original": { @@ -1484,33 +1495,6 @@ } }, "pre-commit-hooks_5": { - "inputs": { - "flake-compat": "flake-compat_7", - "gitignore": "gitignore_5", - "nixpkgs": [ - "nixvim", - "nixpkgs" - ], - "nixpkgs-stable": [ - "nixvim", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1716213921, - "narHash": "sha256-xrsYFST8ij4QWaV6HEokCUNIZLjjLP1bYC60K8XiBVA=", - "owner": "cachix", - "repo": "pre-commit-hooks.nix", - "rev": "0e8fcc54b842ad8428c9e705cb5994eaf05c26a0", - "type": "github" - }, - "original": { - "owner": "cachix", - "repo": "pre-commit-hooks.nix", - "type": "github" - } - }, - "pre-commit-hooks_6": { "inputs": { "flake-compat": "flake-compat_8", "gitignore": "gitignore_6", @@ -1520,11 +1504,11 @@ "nixpkgs-stable": "nixpkgs-stable_5" }, "locked": { - "lastModified": 1716213921, - "narHash": "sha256-xrsYFST8ij4QWaV6HEokCUNIZLjjLP1bYC60K8XiBVA=", + "lastModified": 1717664902, + "narHash": "sha256-7XfBuLULizXjXfBYy/VV+SpYMHreNRHk9nKMsm1bgb4=", "owner": "cachix", "repo": "pre-commit-hooks.nix", - "rev": "0e8fcc54b842ad8428c9e705cb5994eaf05c26a0", + "rev": "cc4d466cb1254af050ff7bdf47f6d404a7c646d1", "type": "github" }, "original": { @@ -1552,7 +1536,7 @@ "nixos-nftables-firewall": "nixos-nftables-firewall", "nixpkgs": "nixpkgs", "nixvim": "nixvim", - "pre-commit-hooks": "pre-commit-hooks_6", + "pre-commit-hooks": "pre-commit-hooks_5", "stylix": "stylix", "templates": "templates", "wired-notify": "wired-notify" @@ -1639,11 +1623,11 @@ ] }, "locked": { - "lastModified": 1716206302, - "narHash": "sha256-5Qc3aQGVyPEOuN82zVamStaV81HebHvLjk3fGfpyCPY=", + "lastModified": 1717866166, + "narHash": "sha256-iOeRZXIhFpQJdxzNJ3nUAANyDfLqCslRhjGhLD2RstM=", "owner": "danth", "repo": "stylix", - "rev": "81df8443556335016d6f0bc22630a95776a56d8b", + "rev": "ca3247ed8cfbf369f3fe1b7a421579812a95c101", "type": "github" }, "original": { @@ -1870,11 +1854,11 @@ ] }, "locked": { - "lastModified": 1715940852, - "narHash": "sha256-wJqHMg/K6X3JGAE9YLM0LsuKrKb4XiBeVaoeMNlReZg=", + "lastModified": 1717850719, + "narHash": "sha256-npYqVg+Wk4oxnWrnVG7416fpfrlRhp/lQ6wQ4DHI8YE=", "owner": "numtide", "repo": "treefmt-nix", - "rev": "2fba33a182602b9d49f0b2440513e5ee091d838b", + "rev": "4fc1c45a5f50169f9f29f6a98a438fb910b834ed", "type": "github" }, "original": { @@ -1892,11 +1876,11 @@ "rust-overlay": "rust-overlay_2" }, "locked": { - "lastModified": 1715552757, - "narHash": "sha256-ZOgCSIcdvG8+RcZCXSAEmb/LZ2Ap9wU4nvbxNDA+QN0=", + "lastModified": 1717582696, + "narHash": "sha256-NfBasvGOrxOzkreAbVpa5KS+dMLq+oUid7Q27AaIk9o=", "owner": "Toqozz", "repo": "wired-notify", - "rev": "18b44306b2636fc7f238a9d946c7b8aac217122d", + "rev": "9fb2153a878f9b20f21a63ae5e7ee8f70f18c0d0", "type": "github" }, "original": { diff --git a/hosts/sire/guests/ai.nix b/hosts/sire/guests/ai.nix index bd71d1b..e559c56 100644 --- a/hosts/sire/guests/ai.nix +++ b/hosts/sire/guests/ai.nix @@ -1,18 +1,80 @@ -{ +{config, ...}: let + openWebuiDomain = "chat.${config.repo.secrets.global.domains.me}"; +in { microvm.mem = 1024 * 16; microvm.vcpu = 20; - networking.firewall.allowedTCPPorts = [11434]; + wireguard.proxy-home = { + client.via = "ward"; + firewallRuleForNode.ward-web-proxy.allowedTCPPorts = [ + config.services.open-webui.port + ]; + }; + + networking.firewall.allowedTCPPorts = [config.services.ollama.port]; environment.persistence."/state".directories = [ { directory = "/var/lib/private/ollama"; mode = "0700"; } + { + directory = "/var/lib/private/open-webui"; + mode = "0700"; + } ]; services.ollama = { enable = true; - listenAddress = "0.0.0.0:11434"; + host = "0.0.0.0"; + port = 11434; + }; + + services.open-webui = { + enable = true; + host = "0.0.0.0"; + port = 11222; + environment = { + SCARF_NO_ANALYTICS = "True"; + DO_NOT_TRACK = "True"; + ANONYMIZED_TELEMETRY = "False"; + + WEBUI_AUTH = "False"; + ENABLE_SIGNUP = "False"; + + OLLAMA_BASE_URL = "http://localhgost:11434"; + TRANSFORMERS_CACHE = "/var/lib/open-webui/.cache/huggingface"; + }; + }; + + globals.services.open-webui.domain = openWebuiDomain; + nodes.ward-web-proxy = { + services.nginx = { + upstreams.open-webui = { + servers."${config.wireguard.proxy-home.ipv4}:${toString config.services.open-webui.port}" = {}; + extraConfig = '' + zone open-webui 64k; + keepalive 2; + ''; + }; + virtualHosts.${openWebuiDomain} = { + forceSSL = true; + useACMEWildcardHost = true; + oauth2.enable = true; + oauth2.allowedGroups = ["access_openwebui"]; + # FIXME: refer to lan 192.168... and fd10:: via globals + extraConfig = '' + client_max_body_size 512M; + allow 192.168.1.0/24; + allow fd10::/64; + deny all; + ''; + locations."/" = { + proxyPass = "http://open-webui"; + proxyWebsockets = true; + X-Frame-Options = "SAMEORIGIN"; + }; + }; + }; }; } diff --git a/hosts/ward/guests/adguardhome.nix b/hosts/ward/guests/adguardhome.nix index 1c4d2f1..d2a7955 100644 --- a/hosts/ward/guests/adguardhome.nix +++ b/hosts/ward/guests/adguardhome.nix @@ -92,6 +92,7 @@ in { globals.services.influxdb.domain globals.services.loki.domain globals.services.paperless.domain + globals.services.open-webui.domain "home.${config.repo.secrets.global.domains.me}" "fritzbox.${config.repo.secrets.global.domains.me}" ]; diff --git a/hosts/ward/guests/kanidm.nix b/hosts/ward/guests/kanidm.nix index 55e7c79..344f26d 100644 --- a/hosts/ward/guests/kanidm.nix +++ b/hosts/ward/guests/kanidm.nix @@ -174,7 +174,7 @@ in { # Web Sentinel groups."web-sentinel.access" = {}; groups."web-sentinel.adguardhome" = {}; - groups."web-sentinel.influxdb" = {}; + groups."web-sentinel.openwebui" = {}; systems.oauth2.web-sentinel = { displayName = "Web Sentinel"; originUrl = "https://oauth2.${domains.me}/"; @@ -184,7 +184,7 @@ in { claimMaps.groups = { joinType = "array"; valuesByGroup."web-sentinel.adguardhome" = ["access_adguardhome"]; - valuesByGroup."web-sentinel.influxdb" = ["access_influxdb"]; + valuesByGroup."web-sentinel.openwebui" = ["access_openwebui"]; }; }; }; diff --git a/hosts/ward/kea.nix b/hosts/ward/kea.nix index eaa844c..da93bb6 100644 --- a/hosts/ward/kea.nix +++ b/hosts/ward/kea.nix @@ -41,6 +41,7 @@ in { ]; subnet4 = [ { + id = 1; interface = "lan-self"; subnet = lanCidrv4; pools = [ diff --git a/hosts/zackbiene/kea.nix b/hosts/zackbiene/kea.nix index 301bcb2..89047bd 100644 --- a/hosts/zackbiene/kea.nix +++ b/hosts/zackbiene/kea.nix @@ -29,6 +29,7 @@ in { }; subnet4 = [ { + id = 1; interface = "wlan1"; subnet = iotCidrv4; pools = [ diff --git a/pkgs/default.nix b/pkgs/default.nix index 42c07d9..762821c 100644 --- a/pkgs/default.nix +++ b/pkgs/default.nix @@ -15,8 +15,8 @@ patches = old.patches ++ [ - "${provisionSrc}/patches/${old.version}-oauth2-basic-secret-modify.patch" - "${provisionSrc}/patches/${old.version}-recover-account.patch" + "${provisionSrc}/patches/1.2.0-oauth2-basic-secret-modify.patch" + "${provisionSrc}/patches/1.2.0-recover-account.patch" ]; passthru.enableSecretProvisioning = true; doCheck = false; diff --git a/secrets/rekeyed/sire-ai/9341385afdc96bb54570bceb6808df74-wireguard-proxy-home-psks-sire-ai+ward.age b/secrets/rekeyed/sire-ai/9341385afdc96bb54570bceb6808df74-wireguard-proxy-home-psks-sire-ai+ward.age new file mode 100644 index 0000000..5b1f15d Binary files /dev/null and b/secrets/rekeyed/sire-ai/9341385afdc96bb54570bceb6808df74-wireguard-proxy-home-psks-sire-ai+ward.age differ diff --git a/secrets/rekeyed/sire-ai/b52800d176723e270d8c6f4720913cd2-wireguard-proxy-home-priv-sire-ai.age b/secrets/rekeyed/sire-ai/b52800d176723e270d8c6f4720913cd2-wireguard-proxy-home-priv-sire-ai.age new file mode 100644 index 0000000..b9eaa35 Binary files /dev/null and b/secrets/rekeyed/sire-ai/b52800d176723e270d8c6f4720913cd2-wireguard-proxy-home-priv-sire-ai.age differ diff --git a/secrets/rekeyed/ward/b3ad9024ec69682628580e4dd4d5396b-wireguard-proxy-home-psks-sire-ai+ward.age b/secrets/rekeyed/ward/b3ad9024ec69682628580e4dd4d5396b-wireguard-proxy-home-psks-sire-ai+ward.age new file mode 100644 index 0000000..8bc7865 Binary files /dev/null and b/secrets/rekeyed/ward/b3ad9024ec69682628580e4dd4d5396b-wireguard-proxy-home-psks-sire-ai+ward.age differ diff --git a/secrets/wireguard/proxy-home/keys/sire-ai.age b/secrets/wireguard/proxy-home/keys/sire-ai.age new file mode 100644 index 0000000..3df949f --- /dev/null +++ b/secrets/wireguard/proxy-home/keys/sire-ai.age @@ -0,0 +1,10 @@ +age-encryption.org/v1 +-> X25519 EHZOocK6ki9ByQ7QVSNPeH/yX8GFvnCKw86X6VissFU +NG0XGoauXPFStwEQaJZqj+aKxMq2yu9zIH7htVU35Fg +-> piv-p256 xqSe8Q AkIh87bcLjSl8pGWP583p3NpauDLip5va9hOJGBfXOCf +V+sWvUnQUv7mBtC47eiqz/1s4lLkGa/IWZzp2OId+Zs +-> NTZ)8hx-grease Y +HcbGXvM6X2C+YLvMLbmhocK+NPuygjtGfDXhS5WRtSFCgcux9a274RxGX2I7mxYv +sBizj09Z +--- nMAflYYQnXHUWO5sk4cbx9U40h6BidZU6YG7LCedK7E + wC F{嬎sOBT!B% ' 8{r 85 \ No newline at end of file diff --git a/secrets/wireguard/proxy-home/keys/sire-ai.pub b/secrets/wireguard/proxy-home/keys/sire-ai.pub new file mode 100644 index 0000000..d3e6444 --- /dev/null +++ b/secrets/wireguard/proxy-home/keys/sire-ai.pub @@ -0,0 +1 @@ ++ezamKKVKpethfVh4oowFZL6PGGTQiSe/bUDrL7YtTs= diff --git a/secrets/wireguard/proxy-home/psks/sire-ai+ward.age b/secrets/wireguard/proxy-home/psks/sire-ai+ward.age new file mode 100644 index 0000000..a6d433e --- /dev/null +++ b/secrets/wireguard/proxy-home/psks/sire-ai+ward.age @@ -0,0 +1,10 @@ +age-encryption.org/v1 +-> X25519 zJuAbhzmmCV0FfJ20rJdl6R55B5TXclR/xPQn6qhfnk +57DJyjPyhgLfAmAD23XvUUrXDV0FRYhIh20MEGt5X7U +-> piv-p256 xqSe8Q AnNIcn5ZuGJwBs9yWcR6AtzmpDljOpSaRZfePaYSLKTk +W1XIdk8IrAg3pVTycJjN0CZXHLTOVAG5B4jmsHWoDU8 +-> fC;-grease ZzOIt gC6Z +iXojZhiS/V8nloHaiCzD/Wbm9551tHTFz10nyES3lqEo0N40803WZJ+GrYZcwkSc +gQUE7EH4aoqJifkD72HiCtrxTN3XsWQgT+PPeT5mLeM4IvqCCBjjsZI +--- 3bQlPu16W8oFAGXu/iaCJSgXqCDMDKxQ6UeUrEFU52c +,>=($SO ,=\2ů@:ˠ\n2K:[ ѝ5Șeqg/G2,o0 \ No newline at end of file