diff --git a/.forgejo/workflows/lint.yml b/.forgejo/workflows/lint.yml deleted file mode 100644 index 85b68639..00000000 --- a/.forgejo/workflows/lint.yml +++ /dev/null @@ -1,22 +0,0 @@ -name: Lint - -on: [push] - -jobs: - lint: - runs-on: docker - env: - container: - image: ghcr.io/catthehacker/ubuntu:js-20.04 - steps: - - uses: actions/checkout@v3 - - uses: https://github.com/cachix/install-nix-action@v22 - env: - with: - nix_path: nixpkgs=channel:nixos-unstable - - run: | - sed -i '/^access-tokens/ d' /etc/nix/nix.conf - nix profile install 'nixpkgs#deadnix' 'nixpkgs#statix' 'nixpkgs#yamllint' - statix check . - deadnix -f - yamllint . diff --git a/.forgejo/workflows/nix.yml b/.forgejo/workflows/nix.yml deleted file mode 100644 index a67c4890..00000000 --- a/.forgejo/workflows/nix.yml +++ /dev/null @@ -1,22 +0,0 @@ -name: Nix - -# on: [push] - -jobs: - lint: - runs-on: docker - env: - container: - image: ghcr.io/catthehacker/ubuntu:js-20.04 - steps: - - uses: actions/checkout@v3 - - name: Check Nix flake inputs - uses: https://github.com/DeterminateSystems/flake-checker-action@v5 - - uses: https://github.com/cachix/install-nix-action@v22 - env: - with: - nix_path: nixpkgs=channel:nixos-unstable - - name: Run `nix flake check` - run: | - sed -i '/^access-tokens/ d' /etc/nix/nix.conf - nix run '.#' -- -V diff --git a/.forgejo/workflows/plex_update.yml b/.forgejo/workflows/plex_update.yml deleted file mode 100644 index 2d5a2393..00000000 --- a/.forgejo/workflows/plex_update.yml +++ /dev/null @@ -1,37 +0,0 @@ -name: Plex Update - -on: - push: - branches: - - main - - ci - schedule: - - cron: '0 0 * * *' - -jobs: - update: - runs-on: docker - container: - image: ghcr.io/catthehacker/ubuntu:js-20.04 - steps: - - uses: actions/checkout@v3 - - uses: https://github.com/cachix/install-nix-action@v22 - with: - nix_path: nixpkgs=channel:nixos-unstable - - env: - VAULT_ADDR: ${{ secrets.VAULT_ADDR }} - VAULT_TOKEN: ${{ secrets.VAULT_TOKEN }} - run: | - git config user.name "Forgejo Actions Bot" - git config user.email "<>" - - # Run Update script - ./nixos/pkgs/plex-pass/update.sh - - git add ./nixos/pkgs/plex-pass/ - - # Push if changed - if git status ./nixos/pkgs/plex-pass/ | grep -q "to be committed"; then - git commit -m "Update Plex" - git push origin main - fi diff --git a/assets/wallpaper-nix-pink.png b/assets/wallpaper-nix-pink.png new file mode 100644 index 00000000..e8a88d78 Binary files /dev/null and b/assets/wallpaper-nix-pink.png differ diff --git a/nixos/common/default.nix b/common/default.nix similarity index 52% rename from nixos/common/default.nix rename to common/default.nix index 50e28ef5..05d08868 100644 --- a/nixos/common/default.nix +++ b/common/default.nix @@ -1,30 +1,31 @@ -{ lib, pkgs, inputs, config, ... }: { - imports = - [ ./users ./modules inputs.vault-secrets.nixosModules.vault-secrets ]; - - vault-secrets = - let - inherit (config.networking) domain hostName; - server = if domain == "olympus" then "vault" else "vault-0"; - in - lib.mkIf (domain == "olympus" || domain == "hades") { - vaultPrefix = "${domain}_secrets/nixos"; - vaultAddress = "http://${server}.${domain}:8200/"; - approlePrefix = "${domain}-${hostName}"; - }; +{ + lib, + inputs, + pkgs, + ... +}: +{ + imports = [ + ./users + ./modules + ]; home-manager = { useGlobalPkgs = true; useUserPackages = true; - extraSpecialArgs = { inherit inputs; }; - sharedModules = [ ./hm-modules inputs.nixvim.homeManagerModules.nixvim ]; + extraSpecialArgs = { + inherit inputs; + }; + sharedModules = [ + ./hm-modules + inputs.nixvim.homeModules.nixvim + inputs.catppuccin.homeModules.catppuccin + inputs.autostart.homeManagerModules.xdg-autostart + ]; }; virtualisation.oci-containers.backend = lib.mkDefault "podman"; - # Clean /tmp on boot. - boot.tmp.cleanOnBoot = true; - # Set your time zone. time.timeZone = lib.mkDefault "Europe/Amsterdam"; @@ -33,7 +34,7 @@ # https://src.fedoraproject.org/rpms/systemd/tree/acb90c49c42276b06375a66c73673ac3510255 systemd.oomd = { enableRootSlice = true; - enableUserServices = true; + enableUserSlices = true; }; # security.polkit.enable = lib.mkDefault true; @@ -41,25 +42,26 @@ # Nix Settings nix = { - registry.nixpkgs.flake = inputs.nixpkgs; - nixPath = [ "nixpkgs=${inputs.nixpkgs}" ]; - package = pkgs.nixUnstable; + # registry.nixpkgs.flake = inputs.nixpkgs; + # nixPath = [ "nixpkgs=${inputs.nixpkgs}" ]; + package = pkgs.lix; settings = { auto-optimise-store = true; - trusted-users = [ "root" "vivian" ]; + trusted-users = [ + "root" + "vivian" + ]; substituters = [ "https://nix-community.cachix.org" "https://nixpkgs-review-bot.cachix.org" - "https://colmena.cachix.org" - # "https://cache.garnix.io" "https://cachix.cachix.org" + "https://hyprland.cachix.org" ]; trusted-public-keys = [ "cachix.cachix.org-1:eWNHQldwUO7G2VkjpnjDbWwy4KQ/HNxht7H4SSoMckM=" "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" "nixpkgs-review-bot.cachix.org-1:eppgiDjPk7Hkzzz7XlUesk3rcEHqNDozGOrcLc8IqwE=" - "colmena.cachix.org-1:7BzpDnjjH8ki2CT3f6GdOk7QAzPOl+1t3LvTLXqYcSg=" - # "cache.garnix.io:CTFPyKSLcx5RMJKfLo5EEPUObbA78b0YQ2DTCJXqr9g=" + "hyprland.cachix.org-1:a7pgxzMz7+chwVL3/pzj6jIBMioiJM7ypFP8PwtkuGc=" ]; }; optimise = { @@ -77,21 +79,23 @@ ''; }; - nixpkgs.config.allowUnfree = true; + services = { + # Limit the systemd journal to 100 MB of disk or the + # last 7 days of logs, whichever happens first. + journald.extraConfig = '' + SystemMaxUse=100M + MaxFileSec=7day + ''; - # Limit the systemd journal to 100 MB of disk or the - # last 7 days of logs, whichever happens first. - services.journald.extraConfig = '' - SystemMaxUse=100M - MaxFileSec=7day - ''; + dbus.implementation = "broker"; - # Enable SSH - services.openssh = { - enable = true; - settings = { - PasswordAuthentication = lib.mkDefault false; - PermitRootLogin = lib.mkDefault "no"; + # Enable SSH + openssh = { + enable = true; + settings = { + PasswordAuthentication = lib.mkDefault false; + PermitRootLogin = lib.mkDefault "no"; + }; }; }; diff --git a/nixos/common/desktop/README.md b/common/desktop/README.md similarity index 100% rename from nixos/common/desktop/README.md rename to common/desktop/README.md diff --git a/nixos/common/desktop/default.nix b/common/desktop/default.nix similarity index 70% rename from nixos/common/desktop/default.nix rename to common/desktop/default.nix index 7d5176a3..94558676 100644 --- a/nixos/common/desktop/default.nix +++ b/common/desktop/default.nix @@ -1,4 +1,10 @@ -{ pkgs, lib, inputs, ... }: { +{ + pkgs, + lib, + inputs, + ... +}: +{ # Bootloader. boot = { kernelPackages = lib.mkDefault pkgs.linuxPackages_latest; @@ -7,36 +13,43 @@ efi.canTouchEfiVariables = true; efi.efiSysMountPoint = "/boot/efi"; }; - kernel.sysctl = { "fs.inotify.max_user_watches" = 524288; }; + kernel.sysctl = lib.mkDefault { "fs.inotify.max_user_watches" = 524288; }; initrd = { systemd.enable = true; verbose = false; }; }; - programs.nix-ld.enable = true; + # programs.nix-ld.enable = true; hardware.keyboard.qmk.enable = true; home-manager = { useGlobalPkgs = true; useUserPackages = true; users.vivian = import ./home.nix; - extraSpecialArgs = { inherit inputs; }; + extraSpecialArgs = { + inherit inputs; + }; }; + services = { + pulseaudio.enable = false; # Enable my config for the gnome desktop environment - v.gnome.enable = true; + v.gnome.enable = lib.mkDefault true; + + flatpak.enable = true; # Enable CUPS to print documents. printing.enable = true; pipewire = { enable = true; - alsa.enable = true; - alsa.support32Bit = true; + audio.enable = true; + # alsa.enable = true; + # alsa.support32Bit = true; pulse.enable = true; # If you want to use JACK applications, uncomment this - #jack.enable = true; + jack.enable = true; # use the example session manager (no others are packaged yet so this is enabled by default, # no need to redefine it in your config for now) @@ -62,19 +75,15 @@ }; # Global Packages - environment.systemPackages = with pkgs; [ wireguard-tools sbctl podman-compose ]; + environment.systemPackages = with pkgs; [ + wireguard-tools + sbctl + ]; # ++ (if config.virtualisation.podman.enable then [ pkgs.podman-compose ] else []); - # programs.virt-manager = { - # enable = true; - # }; - - # Enable sound with pipewire. - sound.enable = true; - hardware.pulseaudio.enable = false; security.rtkit.enable = true; virtualisation = { - podman.enable = true; + podman.enable = lib.mkDefault true; libvirtd = { enable = true; qemu.package = pkgs.qemu_kvm; @@ -83,30 +92,36 @@ fonts.packages = with pkgs; [ material-design-icons + noto-fonts - noto-fonts-cjk + noto-fonts-cjk-sans noto-fonts-emoji + dejavu_fonts - (nerdfonts.override { - fonts = - [ "DejaVuSansMono" "Ubuntu" "DroidSansMono" "NerdFontsSymbolsOnly" ]; - }) + + nerd-fonts.dejavu-sans-mono + nerd-fonts.ubuntu + nerd-fonts.droid-sans-mono + nerd-fonts.symbols-only ]; + programs = { steam = { - enable = true; # Open ports in the firewall for Steam Remote Play remotePlay.openFirewall = true; package = pkgs.steam.override { - extraPkgs = pkgs: with pkgs; [ gamescope mangohud ]; + extraPkgs = + pkgs: with pkgs; [ + gamescope + mangohud + ]; }; }; - gamemode.enable = true; - adb.enable = true; }; + networking = { # Networking networkmanager.enable = true; diff --git a/common/desktop/home.nix b/common/desktop/home.nix new file mode 100644 index 00000000..67bce461 --- /dev/null +++ b/common/desktop/home.nix @@ -0,0 +1,125 @@ +{ + pkgs, + inputs, + config, + ... +}: +let + tex = pkgs.texlive.combine { + inherit (pkgs.texlive) scheme-full; + }; + my-python-packages = + ps: with ps; [ + cryptography + flask + ipwhois + numpy + pandas + pyasn + pyshark + requests + scapy + z3-solver + ]; +in +{ + home.packages = with pkgs; [ + (python3.withPackages my-python-packages) + btop + calibre + celluloid # video player + # cinny-desktop + comma + discord + element-desktop + firefox + foliate # epub reader + gcc + jellyfin-media-player + krita + neofetch + nicotine-plus + nixpkgs-review + qmk + signal-desktop + solo2-cli + spotify + unzip + yt-dlp + + (lib.hiPrio ( + pkgs.writeShellScriptBin "obsidian" '' + unset WAYLAND_DISPLAY + ${pkgs.obsidian}/bin/obsidian + '' + )) + ]; + # Enable my own hm modules + themes.v.catppuccin.enable = true; + programs = { + v = { + vscode.enable = true; + nvim.enable = true; + rust.enable = true; + }; + + zed-editor = { + enable = true; + }; + + # firefox.enable = true; + + chromium = { + enable = true; + extensions = [ + { id = "cjpalhdlnbpafiamejdnhcphjbkeiagm"; } # ublock origin + { id = "nngceckbapebfimnlniiiahkandclblb"; } # bitwarden + ]; + }; + + direnv = { + enable = true; + nix-direnv.enable = true; + }; + + zsh = { + enable = true; + sessionVariables = { + DIRENV_LOG_FORMAT = ""; + }; + }; + + kitty = { + enable = true; + shellIntegration.enableZshIntegration = true; + }; + }; + + xdg.autoStart = { + packages = with pkgs; [ + element-desktop + signal-desktop + firefox + discord + ]; + }; + + # Syncthing + services.syncthing.enable = true; + xdg.userDirs = + let + home = config.home.homeDirectory; + in + { + enable = true; + createDirectories = true; + desktop = "${home}/.desktop"; + documents = "${home}/cloud/Documents"; + download = "${home}/dl"; + music = "${home}/cloud/Music"; + pictures = "${home}/cloud/Pictures"; + publicShare = "${home}/.publicShare"; + templates = "${home}/.templates"; + videos = "${home}/cloud/Videos"; + }; +} diff --git a/nixos/common/generic-vm.nix b/common/generic-vm.nix similarity index 53% rename from nixos/common/generic-vm.nix rename to common/generic-vm.nix index 086bf638..739762f8 100644 --- a/nixos/common/generic-vm.nix +++ b/common/generic-vm.nix @@ -1,5 +1,5 @@ -_: { - networking.useDHCP = true; +{ lib, ... }: { + networking.useDHCP = lib.mkDefault true; # Enable qemu guest agent services.qemuGuest.enable = true; diff --git a/common/hm-modules/catppuccin/default.nix b/common/hm-modules/catppuccin/default.nix new file mode 100644 index 00000000..5a240bc6 --- /dev/null +++ b/common/hm-modules/catppuccin/default.nix @@ -0,0 +1,62 @@ +{ + config, + pkgs, + lib, + ... +}: +with lib; +let + cfg = config.themes.v.catppuccin; +in +{ + options.themes.v.catppuccin = { + enable = mkEnableOption "catppuccin"; + }; + config = mkIf cfg.enable { + catppuccin = { + enable = true; + flavor = "frappe"; + accent = "pink"; + + waybar.enable = false; + + mako.enable = false; + rofi.enable = true; + + hyprland.enable = true; + kitty.enable = true; + + kvantum.enable = true; + }; + + # home.pointerCursor = { + # name = "Bibata_Ghost"; + # size = 24; + # package = pkgs.bibata-cursors-translucent; + # }; + + programs.kitty = { + # themeFile = "Catppuccin-Frappe"; + font.name = "DejaVuSansMono Nerd Font"; + }; + + gtk = { + enable = true; + # iconTheme = { + # name = "Papirus-Dark"; + # package = pkgs.papirus-icon-theme.override { color = "violet"; }; + # }; + # cursorTheme = { + # inherit (config.home.pointerCursor) name package size; + # }; + }; + + qt = { + enable = true; + # platformTheme = "qtct"; + style.name = "kvantum"; + platformTheme.name = "kvantum"; + }; + + }; +} diff --git a/common/hm-modules/default.nix b/common/hm-modules/default.nix new file mode 100644 index 00000000..aabb18cb --- /dev/null +++ b/common/hm-modules/default.nix @@ -0,0 +1,10 @@ +{ ... }: +{ + imports = [ + ./catppuccin + ./nvim + ./vscode.nix + ./git.nix + ./rust.nix + ]; +} diff --git a/nixos/common/hm-modules/git.nix b/common/hm-modules/git.nix similarity index 100% rename from nixos/common/hm-modules/git.nix rename to common/hm-modules/git.nix diff --git a/common/hm-modules/nvim/default.nix b/common/hm-modules/nvim/default.nix new file mode 100644 index 00000000..c64f1fc0 --- /dev/null +++ b/common/hm-modules/nvim/default.nix @@ -0,0 +1,225 @@ +{ + config, + pkgs, + lib, + ... +}: +let + cfg = config.programs.v.nvim; +in +with lib; +{ + options.programs.v.nvim = { + enable = mkEnableOption "nvim"; + }; + config = mkIf cfg.enable { + home.packages = with pkgs; [ fd ]; + home.file.".config/nvim/lua".source = ./lua; + programs.nixvim = + { helpers, ... }: + { + enable = true; + + imports = [ + ./keybinds.nix + ./lsp.nix + ]; + + package = pkgs.neovim-unwrapped; + vimAlias = true; + luaLoader.enable = true; + + performance = { + # byteCompileLua.enable = true; + # combinePlugins.enable = true; + }; + + globals.mapleader = " "; + + opts = { + number = true; + conceallevel = 2; + expandtab = true; + tabstop = 2; + + shiftwidth = 2; + smartindent = true; + + title = true; + + spell = true; + spelllang = "en_gb"; + }; + + clipboard.providers.wl-copy.enable = true; + + extraPlugins = with pkgs.vimPlugins; [ + FixCursorHold-nvim + ]; + + extraConfigLua = ""; + + colorschemes.catppuccin = { + enable = true; + settings.flavour = "frappe"; + }; + + plugins = { + nvim-surround.enable = true; + + zen-mode = { + enable = true; + settings = { + window.options = { + number = false; + }; + }; + }; + + # codecompanion = { + # enable = true; + # + # }; + + vimwiki = { + enable = true; + settings = { + list = [ + { + ext = ".md"; + path = "~/cloud/Notes/"; + syntax = "markdown"; + } + ]; + }; + }; + + image = { + enable = false; + settings.backend = "kitty"; + }; + web-devicons.enable = true; + bufferline.enable = true; + nix.enable = true; + luasnip.enable = true; + startup = { + enable = true; + theme = "my_theme"; + }; + obsidian = { + enable = false; + settings = { + new_notes_location = "notes_subdir"; + notes_subdir = "Unsorted"; + daily_notes = { + folder = "Diary/Daily"; + }; + workspaces = [ + { + name = "notes"; + path = "~/cloud/Notes"; + } + ]; + completion = { + min_chars = 2; + nvim_cmp = true; + }; + picker.name = "telescope.nvim"; + }; + }; + fidget = { + enable = true; + settings = { + progress = { + ignore = [ "ltex" ]; + display.done_ttl = 5; + }; + notification = { + override_vim_notify = true; + }; + }; + }; + neotest = { + enable = true; + adapters = { + plenary.enable = true; + python.enable = true; + rust = { + enable = true; + settings.args = [ "--no-capture" ]; + }; + }; + }; + treesitter = { + enable = true; + nixGrammars = true; + settings = { + highlight.enable = true; + incremental_selection.enable = true; + indent.enable = true; + }; + }; + + # Git + committia.enable = true; + gitsigns.enable = true; + + lualine = { + enable = true; + settings.options.theme = "catppuccin"; + }; + + oil = { + enable = true; + }; + + telescope = { + enable = true; + settings.defaults.preview.ls_short = true; + extensions.file-browser = { + enable = true; + settings = { + hijack_netrw = true; + dir_icon = ""; + }; + }; + extensions.fzf-native.enable = true; + extensions.fzf-native.settings.fuzzy = true; + extensions.frecency.enable = true; + extensions.ui-select.enable = true; + }; + comment.enable = true; + vimtex.enable = false; + typst-preview.enable = true; + floaterm.enable = true; + cmp = { + enable = true; + autoEnableSources = true; + settings = { + cmdline.":".sources = [ { name = "path"; } ]; + snippet.expand = "function(args) require('luasnip').lsp_expand(args.body) end"; + mapping = { + "" = "cmp.mapping(cmp.mapping.select_prev_item(), {'i', 's'})"; + "" = "cmp.mapping(cmp.mapping.select_next_item(), {'i', 's'})"; + "" = "cmp.mapping.confirm({ select = true })"; + "" = "cmp.mapping.complete()"; + "" = "cmp.mapping.close()"; + }; + sources = [ + { name = "nvim_lsp_signature_help"; } + { name = "path"; } + { name = "spell"; } + { + name = "buffer"; + # Words from other open buffers can also be suggested. + option.get_bufnrs.__raw = "vim.api.nvim_list_bufs"; + } + { name = "nvim_lsp"; } + { name = "luasnip"; } + ]; + }; + }; + }; + }; + }; +} diff --git a/common/hm-modules/nvim/keybinds.nix b/common/hm-modules/nvim/keybinds.nix new file mode 100644 index 00000000..132fe248 --- /dev/null +++ b/common/hm-modules/nvim/keybinds.nix @@ -0,0 +1,195 @@ +{ helpers, ... }: +{ + keymaps = with helpers; [ + # Disable arrow keys + { + mode = "n"; + key = ""; + action = ""; + } + { + mode = "n"; + key = ""; + action = ""; + } + { + mode = "n"; + key = ""; + action = ""; + } + { + mode = "n"; + key = ""; + action = ""; + } + # General + { + mode = "n"; + key = ""; + action = ":noh"; + } + # Telescope + { + mode = "n"; + key = "ff"; + action = ":Telescope find_files"; + } + { + mode = "n"; + key = "fs"; + action = ":Telescope lsp_dynamic_workspace_symbols"; + } + { + mode = "n"; + key = "fg"; + action = mkRaw "require('telescope.builtin').live_grep"; + } + { + mode = "n"; + key = "fb"; + action = ":Telescope buffers"; + } + { + mode = "n"; + key = "fo"; + action = ":Telescope oldfiles"; + } + { + mode = "n"; + key = "fr"; + action = ":Telescope frecency"; + } + { + mode = "n"; + key = "zf"; + action = ":Telescope spell_suggest"; + } + # { + # mode = "n"; + #key = "ob"; + # action = mkRaw "require('obsidian_picker').obsidian_picker"; + #} + # Commenting + { + mode = "n"; + key = ""; + action = mkRaw "require('Comment.api').toggle.linewise.current"; + } + { + mode = "x"; + key = ""; + action = mkRaw '' + function() + local esc = vim.api.nvim_replace_termcodes( + '', true, false, true + ) + vim.api.nvim_feedkeys(esc, 'nx', false) + require('Comment.api').toggle.linewise(vim.fn.visualmode()) + end + ''; + } + # Float Term + { + mode = "n"; + key = "t"; + action = ":FloatermToggle myfloat"; + } + { + mode = "t"; + key = ""; + action = mkRaw "function() vim.cmd(':FloatermToggle myfloat') end"; + } + # Switch buffers + { + mode = "n"; + key = "q"; + action = ":bd"; # Delete buffer + } + { + mode = "n"; + key = "s"; + action = ":bn"; # Buffer next + } + { + mode = "n"; + key = "a"; + action = ":bp"; # Buffer previous + } + # Change Indenting + { + mode = "i"; + key = ""; + action = "<<"; + } + { + mode = "n"; + key = ""; + action = "<<_"; + } + { + mode = "n"; + key = ""; + action = ">>_"; + } + { + mode = "v"; + key = ""; + action = ">gv"; + } + { + mode = "v"; + key = ""; + action = "rn" = "rename"; + "g=" = "format"; + }; + diagnostic = { + "j" = "goto_next"; + "k" = "goto_prev"; + }; + }; + servers = { + cssls.enable = true; + nil_ls.enable = true; # NixOS + dockerls.enable = true; + rust_analyzer = { + enable = false; + installCargo = false; + installRustc = false; + }; + # pyright.enable = true; + # pylsp = { + # enable = true; + # settings.plugins = { + # black = { + # enabled = true; + # cache_config = true; + # }; + # pycodestyle = { + # maxLineLength = 100; + # }; + # }; + # }; + elixirls.enable = true; + clangd.enable = true; + yamlls.enable = true; + lua_ls.enable = true; + tinymist = { + enable = true; + rootMarkers = [ "main.typ" ]; + onAttach.function = '' + vim.keymap.set("n", "tp", function() + client:exec_cmd({ + title = "pin", + command = "tinymist.pinMain", + arguments = { vim.api.nvim_buf_get_name(0) }, + }, { bufnr = bufnr }) + end, { desc = "[T]inymist [P]in", noremap = true }) + + vim.keymap.set("n", "tu", function() + client:exec_cmd({ + title = "unpin", + command = "tinymist.pinMain", + arguments = { vim.v.null }, + }, { bufnr = bufnr }) + end, { desc = "[T]inymist [U]npin", noremap = true }) + ''; + settings = { + formatterMode = "typstyle"; # or "typstfmt" + + }; + }; + }; + }; + + trouble.enable = true; + lspkind.enable = true; + lspsaga = { + enable = true; + lightbulb.enable = false; + }; + nvim-lightbulb = { + enable = true; + settings = { + autocmd.enabled = true; + number.enabled = true; + }; + }; + + none-ls = { + enable = true; + sources = { + formatting = { + nixfmt = { + enable = true; + package = pkgs.nixfmt-rfc-style; + }; + }; + }; + }; + }; +} diff --git a/common/hm-modules/nvim/lua/obsidian_picker.lua b/common/hm-modules/nvim/lua/obsidian_picker.lua new file mode 100644 index 00000000..94a38a81 --- /dev/null +++ b/common/hm-modules/nvim/lua/obsidian_picker.lua @@ -0,0 +1,48 @@ +local pickers = require "telescope.pickers" +local finders = require "telescope.finders" +local conf = require("telescope.config").values +local actions = require("telescope.actions") +local action_state = require("telescope.actions.state") + +local obsidian_commands = require("obsidian.commands").commands +local results = {} +for key, _ in pairs(obsidian_commands) do + table.insert(results, string.sub(key, 9)) +end + +Local = 100 +local Local = 3 +print(Local) + +local obsidian_picker = function(opts) + opts = opts or require("telescope.themes").get_dropdown{} + pickers.new(opts, { + prompt_title = "Obsidian", + finder = finders.new_table { + results = results, + -- entry_maker = function(entry) + -- return { + -- value = entry, + -- display = entry[1], + -- ordinal = entry[1], + -- } + -- end + }, + sorter = conf.generic_sorter(opts), + attach_mappings = function(prompt_bufnr, map) + actions.select_default:replace(function() + actions.close(prompt_bufnr) + local selection = action_state.get_selected_entry() + vim.cmd(':Obsidian' .. selection[1]) + end) + return true + end, + }):find() +end + +-- obsidian_picker() + +return { + obsidian_picker = obsidian_picker +} + diff --git a/common/hm-modules/nvim/lua/startup/themes/my_theme.lua b/common/hm-modules/nvim/lua/startup/themes/my_theme.lua new file mode 100644 index 00000000..39501133 --- /dev/null +++ b/common/hm-modules/nvim/lua/startup/themes/my_theme.lua @@ -0,0 +1,75 @@ +local settings = { + -- every line should be same width without escaped \ + header = { + type = "text", + oldfiles_directory = false, + align = "center", + fold_section = false, + title = "Header", + margin = 5, + content = { + " ███╗ ██╗ ███████╗ ██████╗ ██╗ ██╗ ██╗ ███╗ ███╗", + " ████╗ ██║ ██╔════╝██╔═══██╗ ██║ ██║ ██║ ████╗ ████║", + " ██╔██╗ ██║ █████╗ ██║ ██║ ██║ ██║ ██║ ██╔████╔██║", + " ██║╚██╗██║ ██╔══╝ ██║ ██║ ╚██╗ ██╔╝ ██║ ██║╚██╔╝██║", + " ██║ ╚████║ ███████╗╚██████╔╝ ╚████╔╝ ██║ ██║ ╚═╝ ██║", + " ╚═╝ ╚═══╝ ╚══════╝ ╚═════╝ ╚═══╝ ╚═╝ ╚═╝ ╚═╝", + }, + highlight = "Statement", + default_color = "", + oldfiles_amount = 0, + }, + -- name which will be displayed and command + body = { + type = "mapping", + oldfiles_directory = false, + align = "center", + fold_section = false, + title = "Basic Commands", + margin = 5, + content = { + { " Find File", "Telescope find_files", "ff"}, + { "󰍉 Find Word ", "Telescope live_grep", "fg"}, + { " Recent Files", "Telescope oldfiles", "fo"}, + { " File Browser", "Telescope file_browser", "fs"}, + { " New File", "lua require'startup'.new_file()", "nf"}, + }, + highlight = "String", + default_color = "", + oldfiles_amount = 0, + }, + footer = { + type = "text", + oldfiles_directory = false, + align = "center", + fold_section = false, + title = "Footer", + margin = 5, + content = { "bottom text" }, + highlight = "Number", + default_color = "", + oldfiles_amount = 0, + }, + + options = { + mapping_keys = true, + cursor_column = 0.5, + empty_lines_between_mappings = true, + disable_statuslines = true, + paddings = { 1, 3, 3, 0 }, + }, + mappings = { + execute_command = "", + open_file = "o", + open_file_split = "", + open_section = "", + open_help = "?", + }, + colors = { + background = "#1f2227", + folded_section = "#56b6c2", + }, + parts = { "header", "body", "footer" }, +} +return settings + diff --git a/common/hm-modules/nvim/obsidian_picker.lua b/common/hm-modules/nvim/obsidian_picker.lua new file mode 100644 index 00000000..0a2276d1 --- /dev/null +++ b/common/hm-modules/nvim/obsidian_picker.lua @@ -0,0 +1,35 @@ +local pickers = require "telescope.pickers" +local finders = require "telescope.finders" +local conf = require("telescope.config").values +local actions = require("telescope.actions") +local action_state = require("telescope.actions.state") + +local obsidian_commands = require("obsidian.commands").commands +local results = {} +for key, _ in pairs(obsidian_commands) do + table.insert(results, string.sub(key, 9)) +end + +local obsidian_picker = function(opts) + opts = opts or require("telescope.themes").get_dropdown {} + pickers.new(opts, { + prompt_title = "Obsidian", + finder = finders.new_table { + results = results, + }, + sorter = conf.generic_sorter(opts), + attach_mappings = function(prompt_bufnr, map) + actions.select_default:replace(function() + actions.close(prompt_bufnr) + local selection = action_state.get_selected_entry() + vim.cmd(':Obsidian' .. selection[1]) + end) + return true + end, + }):find() +end + + +return { + obsidian_picker = obsidian_picker +} diff --git a/common/hm-modules/rust.nix b/common/hm-modules/rust.nix new file mode 100644 index 00000000..bd258845 --- /dev/null +++ b/common/hm-modules/rust.nix @@ -0,0 +1,41 @@ +{ + pkgs, + lib, + config, + ... +}: +with lib; +let + cfg = config.programs.v.rust; +in +{ + options.programs.v.rust.enable = mkEnableOption "rust"; + + config = mkIf cfg.enable { + home = { + packages = with pkgs; [ + bacon + rustup + cargo-binutils + cargo-nextest + cargo-msrv + cargo-dist + cargo-cross + cargo-generate + ]; + + file.".cargo/config.toml".text = '' + [registries.crates-io] + protocol = "sparse" + + [build] + rustc-wrapper = "${pkgs.sccache}/bin/sccache" + + [profile.rust-analyzer] + inherits = "dev" + ''; + + sessionPath = [ "$HOME/.cargo/bin" ]; + }; + }; +} diff --git a/common/hm-modules/vscode.nix b/common/hm-modules/vscode.nix new file mode 100644 index 00000000..50f495df --- /dev/null +++ b/common/hm-modules/vscode.nix @@ -0,0 +1,115 @@ +{ + config, + pkgs, + lib, + ... +}: +with lib; +let + cfg = config.programs.v.vscode; +in +{ + options.programs.v.vscode = { + enable = mkEnableOption "vscode"; + }; + config = mkIf cfg.enable { + programs.vscode = { + enable = true; + package = pkgs.vscode; + profiles.default = { + userSettings = { + "ltex.language" = "en-GB"; + "latex-workshop.linting.chktex.enabled" = true; + "latex-workshop.latex.clean.subfolder.enabled" = true; + "latex-workshop.latex.outDir" = "%TMPDIR%/%RELATIVE_DOC%"; + "editor.fontFamily" = "'DejaVuSansMono Nerd Font', 'monospace', monospace"; + "keyboard.dispatch" = "keyCode"; + "rust-analyzer.server.path" = "${pkgs.rust-analyzer}/bin/rust-analyzer"; + "rust-analyzer.check.extraArgs" = [ + "--profile" + "rust-analyzer" + ]; + "rust-analyzer.check.command" = "clippy"; + "terminal.integrated.defaultProfile.linux" = "zsh"; + "nix.enableLanguageServer" = true; # Enable LSP. + "nix.serverPath" = "${pkgs.nil}/bin/nil"; + "[nix]" = { + "editor.defaultFormatter" = "brettm12345.nixfmt-vscode"; + }; + "[python]" = { + "editor.formatOnType" = true; + }; + "debug.allowBreakpointsEverywhere" = true; + "C_Cpp.clang_format_fallbackStyle" = "{ BasedOnStyle: Google, IndentWidth: 4, ColumnLimit: 0}"; + # "crates.compatibleDecorator" = "✓"; + # "crates.errorDecorator" = "✗"; + # "crates.incompatibleDecorator" = "🛇"; + + # Verilog + "verilog.formatting.verilogHDL.formatter" = "verible-verilog-format"; + "verilog.languageServer.svls.enabled" = true; + "verilog.languageServer.svls.path" = "${pkgs.svls}/bin/svls"; + "verilog.languageServer.veribleVerilogLs.enabled" = true; + "verilog.languageServer.veribleVerilogLs.path" = "${pkgs.verible}/bin/verible-verilog-ls"; + "verilog.formatting.veribleVerilogFormatter.path" = "${pkgs.verible}/bin/verible-verilog-format"; + "verilog.linting.linter" = "verilator"; + "verilog.linting.path" = "${pkgs.verilator}/bin/verilator"; + "[verilog]" = { + "editor.defaultFormatter" = "mshr-h.veriloghdl"; + }; + + # Don't index unecessary things + "files.exclude" = { + "**/.vscode" = true; + "**/.git" = true; + "**/.svn" = true; + "**/.hg" = true; + "**/.deps" = true; + "**/CVS" = true; + "**/.DS_Store" = true; + "/bin" = true; + "/boot" = true; + "/cdrom" = true; + "/dev" = true; + "/proc" = true; + "/etc" = true; + "/nix" = true; + }; + }; + extensions = with pkgs.vscode-extensions; [ + brettm12345.nixfmt-vscode + # catppuccin.catppuccin-vsc + codezombiech.gitignore + codezombiech.gitignore + davidlday.languagetool-linter + editorconfig.editorconfig + foxundermoon.shell-format + github.copilot + github.copilot-chat + github.vscode-github-actions + james-yu.latex-workshop + jnoortheen.nix-ide + mkhl.direnv + ms-vscode-remote.remote-ssh + ms-vscode.cpptools + ms-vsliveshare.vsliveshare + mshr-h.veriloghdl + # platformio.platformio-ide + redhat.vscode-xml + redhat.vscode-yaml + rust-lang.rust-analyzer + skellock.just + sumneko.lua + tamasfe.even-better-toml + vadimcn.vscode-lldb + vadimcn.vscode-lldb + valentjn.vscode-ltex + vscodevim.vim + xaver.clang-format + continue.continue + ]; + }; + }; + + }; +} diff --git a/common/modules/default.nix b/common/modules/default.nix new file mode 100644 index 00000000..a9acf0a0 --- /dev/null +++ b/common/modules/default.nix @@ -0,0 +1,11 @@ +{ ... }: { + imports = [ + ./meta.nix + ./nginx.nix + ./dns.nix + ./flood.nix + ./gnome + ./unpackerr.nix + ./vault.nix + ]; +} diff --git a/nixos/common/modules/dns.nix b/common/modules/dns.nix similarity index 74% rename from nixos/common/modules/dns.nix rename to common/modules/dns.nix index 056ea3aa..674d6e54 100644 --- a/nixos/common/modules/dns.nix +++ b/common/modules/dns.nix @@ -1,18 +1,22 @@ -{ config, pkgs, lib, hosts, flat_hosts, ... }: +{ config, pkgs, lib, self, ... }: # DNS Module to set up Unbound DNS with all my hosts in the config # Used for DNS Servers and my laptop with lib; let - inherit (builtins) filter hasAttr attrNames; - domains = attrNames hosts; - ipv4Host = filter (hasAttr "ip") flat_hosts; - ipv6Hosts = filter (hasAttr "ip6") flat_hosts; + inherit (builtins) filter attrValues; + domains = [ "hades" "olympus" "thalassa" ]; + mapConfig = host: { + inherit (host.config.networking) hostName domain; + inherit (host.config.meta) ipv4 ipv6; + }; + hosts = (map mapConfig (attrValues self.nixosConfigurations)); + ipv4Hosts = filter (v: v.ipv4 != null) hosts; + ipv6Hosts = filter (v: v.ipv6 != null) hosts; - localData = { hostname, realm, ip, ... }: ''"${hostname}.${realm}. A ${ip}"''; - local6Data = { hostname, realm, ip6, ... }: - ''"${hostname}.${realm}. AAAA ${ip6}"''; - ptrData = { hostname, realm, ip, ... }: ''"${ip} ${hostname}.${realm}"''; - ptr6Data = { hostname, realm, ip6, ... }: ''"${ip6} ${hostname}.${realm}"''; + localData = { hostName, domain, ipv4, ... }: ''"${hostName}.${domain}. A ${ipv4}"''; + local6Data = { hostName, domain, ipv6, ... }: ''"${hostName}.${domain}. AAAA ${ipv6}"''; + ptrData = { hostName, domain, ipv4, ... }: ''"${ipv4} ${hostName}.${domain}"''; + ptr6Data = { hostName, domain, ipv6, ... }: ''"${ipv6} ${hostName}.${domain}"''; cfg = config.services.v.dns; in { @@ -37,7 +41,7 @@ in { }; mode = mkOption { - type = enum [ "server" "laptop" ]; + type = types.enum [ "server" "laptop" ]; default = "laptop"; description = '' Whether to configure the DNS in server mode (listen on all interfaces) or laptop mode (just on localhost) @@ -69,8 +73,8 @@ in { local-zone = map (localdomain: ''"${localdomain}}." transparent'') domains; - local-data = (map localData ipv4Host) ++ (map local6Data ipv6Hosts); - local-data-ptr = (map ptrData ipv4Host) ++ (map ptr6Data ipv6Hosts); + local-data = (map localData ipv4Hosts) ++ (map local6Data ipv6Hosts); + local-data-ptr = (map ptrData ipv4Hosts) ++ (map ptr6Data ipv6Hosts); private-address = [ "127.0.0.0/8" diff --git a/nixos/common/modules/flood.nix b/common/modules/flood.nix similarity index 97% rename from nixos/common/modules/flood.nix rename to common/modules/flood.nix index 64c20b33..57b5de70 100644 --- a/nixos/common/modules/flood.nix +++ b/common/modules/flood.nix @@ -1,8 +1,8 @@ { config, pkgs, lib, ... }: with lib; -let cfg = config.services.flood; +let cfg = config.services.v.flood; in { - options.services.flood = { + options.services.v.flood = { enable = mkEnableOption "flood"; user = mkOption { @@ -94,7 +94,7 @@ in { type = types.bool; default = false; description = '' - Enable SSL. + Enable SSL. key.pem and fullchain.pem needed in runtime directory. ''; }; diff --git a/nixos/common/modules/gnome/default.nix b/common/modules/gnome/default.nix similarity index 64% rename from nixos/common/modules/gnome/default.nix rename to common/modules/gnome/default.nix index 39fb375f..d47159a5 100644 --- a/nixos/common/modules/gnome/default.nix +++ b/common/modules/gnome/default.nix @@ -1,11 +1,14 @@ -{ config, pkgs, lib, inputs, ... }: +{ + config, + pkgs, + lib, + ... +}: with lib; -let cfg = config.services.v.gnome; -in { - imports = [ - inputs.gnome-autounlock-keyring.nixosModules.default - ]; - +let + cfg = config.services.v.gnome; +in +{ options.services.v.gnome = { enable = mkEnableOption "v.gnome"; hm = mkOption { @@ -33,17 +36,17 @@ in { xserver = { enable = true; excludePackages = [ pkgs.xterm ]; - # Configure keymap in X11 - - layout = "us"; - xkbVariant = "altgr-intl"; - - # Enable the GNOME Desktop Environment. - displayManager.gdm.enable = true; - desktopManager.gnome.enable = true; + xkb = { + layout = "us"; + variant = "altgr-intl"; + }; }; - udev.packages = with pkgs; [ gnome.gnome-settings-daemon ]; + + # Enable the GNOME Desktop Environment. + displayManager.gdm.enable = lib.mkDefault true; + desktopManager.gnome.enable = true; + udev.packages = with pkgs; [ gnome-settings-daemon ]; dbus.enable = true; udisks2.enable = true; }; @@ -52,35 +55,49 @@ in { # Add Home-manager dconf stuff home-manager.sharedModules = mkIf cfg.hm [ ./hm.nix ]; - environment.gnome.excludePackages = - (with pkgs; [ gnome-photos gnome-tour gnome-connections ]) - ++ (with pkgs.gnome; [ - atomix # puzzle game + + environment.gnome.excludePackages = ( + with pkgs; + [ + gnome-photos + gnome-tour + gnome-connections + gnome-calendar epiphany # web browser geary # email reader - gedit # text editor - gnome-calendar - gnome-clocks - gnome-contacts - gnome-maps - gnome-music - gnome-notes - gnome-terminal - gnome-weather - hitori # sudoku game - iagno # go game simple-scan # document scanner - tali # poker game totem # video player - ]); + gnome-terminal + gnome-contacts + atomix # puzzle game + gnome-maps + gedit # text editor + gnome-music + gnome-clocks + iagno # go game + tali # poker game + hitori # sudoku game + gnome-notes + gnome-weather + gnome-software + ] + ); + + services.gnome.evolution-data-server.enable = lib.mkForce false; + services.gnome.gnome-online-accounts.enable = false; + services.gnome.gnome-remote-desktop.enable = false; + services.gnome.gnome-user-share.enable = false; + services.gnome.rygel.enable = false; + services.gnome.tinysparql.enable = false; + services.gnome.localsearch.enable = false; # Services required for gnome programs.dconf.enable = true; # Extra gnome packages environment.systemPackages = with pkgs; [ - gnome.gnome-tweaks - gnome.gnome-boxes + gnome-tweaks + gnome-boxes ]; }; } diff --git a/common/modules/gnome/hm.nix b/common/modules/gnome/hm.nix new file mode 100644 index 00000000..b9c0054b --- /dev/null +++ b/common/modules/gnome/hm.nix @@ -0,0 +1,166 @@ +{ lib, pkgs, ... }: + +with lib.hm.gvariant; +let + inherit (builtins) attrNames map; + inherit (lib.attrsets) mapAttrs' nameValuePair; + generate_custom_keybindings = + binds: + { + "org/gnome/settings-daemon/plugins/media-keys" = { + custom-keybindings = map ( + name: "/org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/${name}/" + ) (attrNames binds); + }; + } + // mapAttrs' ( + name: nameValuePair "org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/${name}" + ) binds; +in +{ + xdg.mimeApps.enable = true; + xdg.mimeApps.defaultApplications = { + "text/plain" = "org.gnome.TextEditor.desktop"; + "application/pdf" = "org.gnome.Evince.desktop"; + + # Firefox + "text/html" = "firefox.desktop"; + "x-scheme-handler/http" = "firefox.desktop"; + "x-scheme-handler/https" = "firefox.desktop"; + "x-scheme-handler/chrome" = "firefox.desktop"; + "application/x-extension-htm" = "firefox.desktop"; + "application/x-extension-shtml" = "firefox.desktop"; + "application/xhtml+xml" = "firefox.desktop"; + "application/x-extension-xhtml" = "firefox.desktop"; + "application/x-extension-xht" = "firefox.desktop"; + "application/x-extension-html" = "firefox.desktop"; + + # Images + "image/bmp" = "org.gnome.Loupe.desktop"; + "image/gif" = "org.gnome.Loupe.desktop"; + "image/jpg" = "org.gnome.Loupe.desktop"; + "image/pjpeg" = "org.gnome.Loupe.desktop"; + "image/png" = "org.gnome.Loupe.desktop"; + "image/tiff" = "org.gnome.Loupe.desktop"; + "image/webp" = "org.gnome.Loupe.desktop"; + "image/x-bmp" = "org.gnome.Loupe.desktop"; + "image/x-gray" = "org.gnome.Loupe.desktop"; + "image/x-icb" = "org.gnome.Loupe.desktop"; + "image/x-ico" = "org.gnome.Loupe.desktop"; + "image/x-png" = "org.gnome.Loupe.desktop"; + "image/x-portable-anymap" = "org.gnome.Loupe.desktop"; + "image/x-portable-bitmap" = "org.gnome.Loupe.desktop"; + "image/x-portable-graymap" = "org.gnome.Loupe.desktop"; + "image/x-portable-pixmap" = "org.gnome.Loupe.desktop"; + "image/x-xbitmap" = "org.gnome.Loupe.desktop"; + "image/x-xpixmap" = "org.gnome.Loupe.desktop"; + "image/x-pcx" = "org.gnome.Loupe.desktop"; + "image/svg+xml" = "org.gnome.Loupe.desktop"; + "image/svg+xml-compressed" = "org.gnome.Loupe.desktop"; + "image/vnd.wap.wbmp" = "org.gnome.Loupe.desktop"; + "image/x-icns" = "org.gnome.Loupe.desktop"; + }; + + dconf.settings = + { + + "org/gnome/shell" = { + disable-user-extensions = false; + enabled-extensions = with pkgs.gnomeExtensions; [ + auto-move-windows.extensionUuid + ]; + }; + + # "org/gnome/shell/extensions/auto-move-windows" = { + # application-list = [ + # "element-desktop.desktop:1" + # "discord.desktop:1" + # "firefox.desktop:2" + # "obsidian.desktop:3" + # ]; + # }; + + "org/gnome/desktop/input-sources" = { + sources = [ + (mkTuple [ + "xkb" + "us+altgr-intl" + ]) + ]; + xkb-options = [ "terminate:ctrl_alt_bksp" ]; + }; + + "org/gnome/desktop/peripherals/touchpad" = { + tap-to-click = true; + two-finger-scrolling-enabled = true; + }; + + "org/gnome/mutter" = { + attach-modal-dialogs = true; + dynamic-workspaces = false; + edge-tiling = true; + focus-change-on-pointer-rest = true; + workspaces-only-on-primary = true; + }; + + "org/gnome/mutter/keybindings" = { + toggle-tiled-left = [ "bracketleft" ]; + toggle-tiled-right = [ "bracketright" ]; + }; + + "org/gnome/shell/keybindings" = { + toggle-overview = [ "d" ]; + }; + + "org/gnome/desktop/interface" = { + color-scheme = "prefer-dark"; + }; + + "org/gnome/desktop/wm/preferences" = { + auto-raise = false; + num-workspaces = 6; + focus-mode = "sloppy"; + }; + + "org/gnome/desktop/wm/keybindings" = { + raise-or-lower = [ "s" ]; + switch-applications = [ "Tab" ]; + switch-applications-backward = [ "Tab" ]; + move-to-workspace-1 = [ "1" ]; + move-to-workspace-2 = [ "2" ]; + move-to-workspace-3 = [ "3" ]; + move-to-workspace-4 = [ "4" ]; + move-to-workspace-5 = [ "5" ]; + move-to-workspace-6 = [ "6" ]; + switch-to-workspace-1 = [ "1" ]; + switch-to-workspace-2 = [ "2" ]; + switch-to-workspace-3 = [ "3" ]; + switch-to-workspace-4 = [ "4" ]; + switch-to-workspace-5 = [ "5" ]; + switch-to-workspace-6 = [ "6" ]; + toggle-fullscreen = [ "M" ]; + toggle-maximized = [ "m" ]; + close = [ "Q" ]; + }; + + "org/gnome/tweaks" = { + show-extensions-notice = false; + }; + + "org/gnome/boxes" = { + first-run = false; + }; + } + // generate_custom_keybindings { + "terminal" = { + binding = "Return"; + command = "${pkgs.kitty}/bin/kitty"; + name = "Open Terminal"; + }; + "firefox" = { + binding = "f"; + command = "firefox"; + name = "Open Firefox"; + }; + }; +} diff --git a/common/modules/meta.nix b/common/modules/meta.nix new file mode 100644 index 00000000..847c2e28 --- /dev/null +++ b/common/modules/meta.nix @@ -0,0 +1,89 @@ +{ lib, config, ... }: +with lib; +let + exposesOpts = { + options = { + domain = mkOption { + type = types.str; + example = ".example.com"; + description = lib.mdDoc '' + The domain under which this service should be available + ''; + }; + port = mkOption { + type = types.int; + default = 80; + example = 4242; + description = lib.mdDoc '' + The port under which the service runs on the host + ''; + }; + }; + }; +in { + options.meta = { + exposes = mkOption { + type = with types; attrsOf (submodule exposesOpts); + default = { }; + description = '' + Exposed services + ''; + }; + + ipv4 = mkOption { + type = types.nullOr types.str; + default = null; + description = lib.mdDoc '' + Host's IPv4 Address + ''; + }; + + ipv6 = mkOption { + type = types.nullOr types.str; + default = null; + description = lib.mdDoc '' + Host's IPv6 address + ''; + }; + + mac = mkOption { + type = types.nullOr types.str; + default = null; + description = lib.mdDoc '' + Own MAC Address + ''; + }; + + isLaptop = mkOption { + type = types.bool; + default = false; + description = lib.mdDoc '' + Is this host a Laptop (i.e. no DNS entries should be made). + ''; + }; + + realm = mkOption { + readOnly = true; + type = types.nullOr (types.enum [ "thalassa" "hades" "olympus" ]); + default = config.networking.domain; + defaultText = literalExpression "config.network.domain"; + }; + }; + + config = { + # TODO: Open Firewall + + assertions = [ + # { + # assertion = config.meta.mac != null; + # message = + # "${config.networking.fqdnOrHostName} is missing a mac address"; + # } + # { + # assertion = !config.meta.isLaptop -> config.meta.ipv4 != null; + # message = + # "${config.networking.fqdnOrHostName} needs ipv4 address set as it is not a laptop"; + # } + ]; + }; +} diff --git a/nixos/common/modules/nginx.nix b/common/modules/nginx.nix similarity index 100% rename from nixos/common/modules/nginx.nix rename to common/modules/nginx.nix diff --git a/nixos/common/modules/unpackerr.nix b/common/modules/unpackerr.nix similarity index 100% rename from nixos/common/modules/unpackerr.nix rename to common/modules/unpackerr.nix diff --git a/nixos/common/modules/vault.nix b/common/modules/vault.nix similarity index 100% rename from nixos/common/modules/vault.nix rename to common/modules/vault.nix diff --git a/nixos/common/users/default.nix b/common/users/default.nix similarity index 73% rename from nixos/common/users/default.nix rename to common/users/default.nix index 95cc7f30..ef66a009 100644 --- a/nixos/common/users/default.nix +++ b/common/users/default.nix @@ -1,5 +1,16 @@ -{ config, pkgs, lib, ... }: { - imports = [ ./laura.nix ./vivian.nix ./jonathan.nix ]; +{ + config, + pkgs, + lib, + inputs, + ... +}: +{ + imports = [ + ./laura.nix + ./vivian.nix + ./jonathan.nix + ]; programs = { # Setup ZSH to use grml config @@ -11,12 +22,15 @@ interactiveShellInit = '' source "${pkgs.grml-zsh-config}/etc/zsh/zshrc" export FZF_DEFAULT_COMMAND="${pkgs.ripgrep}/bin/rg --files --follow" - source "${pkgs.fzf}/share/fzf/key-bindings.zsh" - source "${pkgs.fzf}/share/fzf/completion.zsh" + export FZF_CTRL_T_COMMAND="$FZF_DEFAULT_COMMAND" + export FZF_CTRL_R_COMMAND="$FZF_DEFAULT_COMMAND" eval "$(${pkgs.zoxide}/bin/zoxide init zsh)" + eval "$(${pkgs.fzf}/bin/fzf --zsh)" + + export TEMPDIRS="$HOME/tmp" ''; # otherwise it'll override the grml prompt - promptInit = ""; + promptInit = lib.mkDefault ""; }; # Install Neovim and set it as alias for vi(m) @@ -36,8 +50,7 @@ # Configure the root account users.extraUsers.root = { # Allow my SSH keys for logging in as root. - openssh.authorizedKeys.keys = - config.users.extraUsers.vivian.openssh.authorizedKeys.keys; + openssh.authorizedKeys.keys = config.users.extraUsers.vivian.openssh.authorizedKeys.keys; # Also use zsh for root shell = pkgs.zsh; }; @@ -54,6 +67,9 @@ ripgrep rsync zoxide + + # Terminfo + kitty.terminfo ]; programs.tmux = { @@ -66,6 +82,4 @@ setw -g mouse on ''; }; - - } diff --git a/nixos/common/users/jonathan.nix b/common/users/jonathan.nix similarity index 100% rename from nixos/common/users/jonathan.nix rename to common/users/jonathan.nix diff --git a/nixos/common/users/laura.nix b/common/users/laura.nix similarity index 61% rename from nixos/common/users/laura.nix rename to common/users/laura.nix index 6c19947c..05226303 100644 --- a/nixos/common/users/laura.nix +++ b/common/users/laura.nix @@ -1,4 +1,5 @@ -{ pkgs, ... }: { +{ pkgs, ... }: +{ users.extraUsers.laura = { isNormalUser = true; shell = pkgs.zsh; @@ -6,9 +7,10 @@ openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBIlFUUXbwOkhNUjoA6zueTdRuaylgpgFqSe/xWGK9zb laura@zmeura" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBVkk9/80askWhInQk03JMntF6SThAYkFZNm+lIGt4E7 laura@mura" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFxoq/J/0ad3AOK/CxPvsIGQjRUzURSuNAtmNOqUmKcr laura@cherry" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGMKbP2/vNTybDoEwdFaQvAI1zCVpdTBN25avfeCV0jP laura@bosbes" ]; extraGroups = [ ]; }; } - diff --git a/nixos/common/users/vivian.nix b/common/users/vivian.nix similarity index 92% rename from nixos/common/users/vivian.nix rename to common/users/vivian.nix index a625a247..106bfbc0 100644 --- a/nixos/common/users/vivian.nix +++ b/common/users/vivian.nix @@ -12,9 +12,9 @@ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICBhJAp7NWlHgwDYd2z6VNROy5RkeZHRINFLsFvwT4b3 vivian@bastion" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMMbdjysLnmwJD5Fs/SjBPstdIQNUxy8zFHP0GlhHMJB vivian@bastion" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIfooZjMWXvXZu1ReOEACDZ0TMb2WJRBSOLlWE8y6fUh vivian@aoife" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBMTCUjDbDjAiEKbKmLPavuYM0wJIBdjgytLsg1uWuGc vivian@nord" "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIM3TqXaApX2JZsgfZd7PKVFMecDgqTHKibpSzgdXNpYAAAAABHNzaDo= solov2-le" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID+HbsgJTQS6pvnMEI5NPKjIf78z+9A7CTIt3abi+PS6 vivian@eevee" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMypFe7cSMgvEI1sdxRtdC+AalXa0ryB/zkO9KmQGOxK vivian@nothing2" ]; # Make me admin @@ -41,6 +41,5 @@ homeDirectory = "/home/vivian"; stateVersion = "23.05"; }; - }; } diff --git a/flake.lock b/flake.lock index 27801f6a..2aa9448b 100644 --- a/flake.lock +++ b/flake.lock @@ -1,60 +1,22 @@ { "nodes": { - "alejandra": { - "inputs": { - "fenix": "fenix_2", - "flakeCompat": "flakeCompat", - "nixpkgs": [ - "webcord", - "dream2nix", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1658427149, - "narHash": "sha256-ToD/1z/q5VHsLMrS2h96vjJoLho59eNRtknOUd19ey8=", - "owner": "kamadorueda", - "repo": "alejandra", - "rev": "f5a22afd2adfb249b4e68e0b33aa1f0fb73fb1be", - "type": "github" - }, - "original": { - "owner": "kamadorueda", - "repo": "alejandra", - "type": "github" - } - }, - "all-cabal-json": { - "flake": false, - "locked": { - "lastModified": 1665552503, - "narHash": "sha256-r14RmRSwzv5c+bWKUDaze6pXM7nOsiz1H8nvFHJvufc=", - "owner": "nix-community", - "repo": "all-cabal-json", - "rev": "d7c0434eebffb305071404edcf9d5cd99703878e", - "type": "github" - }, - "original": { - "owner": "nix-community", - "ref": "hackage", - "repo": "all-cabal-json", - "type": "github" - } - }, "attic": { "inputs": { "crane": "crane", "flake-compat": "flake-compat", - "flake-utils": "flake-utils", - "nixpkgs": "nixpkgs", + "flake-parts": "flake-parts", + "nix-github-actions": "nix-github-actions", + "nixpkgs": [ + "nixpkgs" + ], "nixpkgs-stable": "nixpkgs-stable" }, "locked": { - "lastModified": 1702969472, - "narHash": "sha256-IJP9sC+/gLUdWhm6TsnWpw6A1zQWUfn53ym63KeLXvU=", + "lastModified": 1755378195, + "narHash": "sha256-cKw1bfEwW+pQWsvzOAe0GfsSNXTSFS+5MYcZFQB5dFc=", "owner": "zhaofengli", "repo": "attic", - "rev": "bdafd64910bb2b861cf90fa15f1fc93318b6fbf6", + "rev": "c1cfee9b63e48d9cee18e538ca32f1721078de91", "type": "github" }, "original": { @@ -63,6 +25,21 @@ "type": "github" } }, + "autostart": { + "locked": { + "lastModified": 1723314998, + "narHash": "sha256-BwP56CHfU3P7ZHr2SzAEjF3uveiN1dZ5hFHTzRLS/WI=", + "owner": "Zocker1999NET", + "repo": "home-manager-xdg-autostart", + "rev": "4d1def4a330d6812fe18be140781e94003c3cc0a", + "type": "github" + }, + "original": { + "owner": "Zocker1999NET", + "repo": "home-manager-xdg-autostart", + "type": "github" + } + }, "blobs": { "flake": false, "locked": { @@ -79,19 +56,38 @@ "type": "gitlab" } }, + "catppuccin": { + "inputs": { + "nixpkgs": "nixpkgs" + }, + "locked": { + "lastModified": 1755511413, + "narHash": "sha256-cBBF+nwGrSroN6ZewHPFaSThyCvwBxSZMdYEH8DxDx8=", + "owner": "catppuccin", + "repo": "nix", + "rev": "ca11a19d4e1d2ba5e6162f40cb71288551fd51dd", + "type": "github" + }, + "original": { + "owner": "catppuccin", + "repo": "nix", + "type": "github" + } + }, "colmena": { "inputs": { "flake-compat": "flake-compat_2", - "flake-utils": "flake-utils_2", + "flake-utils": "flake-utils", + "nix-github-actions": "nix-github-actions_2", "nixpkgs": "nixpkgs_2", "stable": "stable" }, "locked": { - "lastModified": 1699171528, - "narHash": "sha256-ZsN6y+tgN5w84oAqRQpMhIvQM39ZNSZoZvn2AK0QYr4=", + "lastModified": 1755272288, + "narHash": "sha256-ypTPb2eKcOBbOoyvPV0j4ZOXs4kayo73/2KI456QnE0=", "owner": "zhaofengli", "repo": "colmena", - "rev": "665603956a1c3040d756987bc7a810ffe86a3b15", + "rev": "5bf4ce6a24adba74a5184f4a9bef01d545a09473", "type": "github" }, "original": { @@ -100,40 +96,13 @@ "type": "github" } }, - "comma": { - "inputs": { - "flake-compat": "flake-compat_3", - "naersk": "naersk", - "nixpkgs": "nixpkgs_3", - "utils": "utils" - }, - "locked": { - "lastModified": 1703707084, - "narHash": "sha256-27UMbdvgVu1A1zHnte+7RrNYyhtaQWy1yPm5WqLvX8A=", - "owner": "nix-community", - "repo": "comma", - "rev": "cbcec3d8288ade32c39b76cf5087417e5c517397", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "comma", - "type": "github" - } - }, "crane": { - "inputs": { - "nixpkgs": [ - "attic", - "nixpkgs" - ] - }, "locked": { - "lastModified": 1702918879, - "narHash": "sha256-tWJqzajIvYcaRWxn+cLUB9L9Pv4dQ3Bfit/YjU5ze3g=", + "lastModified": 1751562746, + "narHash": "sha256-smpugNIkmDeicNz301Ll1bD7nFOty97T79m4GUMUczA=", "owner": "ipetkov", "repo": "crane", - "rev": "7195c00c272fdd92fc74e7d5a0a2844b9fadb2fb", + "rev": "aed2020fd3dc26e1e857d4107a5a67a33ab6c1fd", "type": "github" }, "original": { @@ -143,34 +112,12 @@ } }, "crane_2": { - "inputs": { - "nixpkgs": [ - "lanzaboote", - "nixpkgs" - ] - }, "locked": { - "lastModified": 1699218802, - "narHash": "sha256-5l0W4Q7z7A4BCstaF5JuBqXOVrZ3Vqst5+hUnP7EdUc=", + "lastModified": 1754269165, + "narHash": "sha256-0tcS8FHd4QjbCVoxN9jI+PjHgA4vc/IjkUSp+N3zy0U=", "owner": "ipetkov", "repo": "crane", - "rev": "2d6c2aaff5a05e443eb15efddc21f9c73720340c", - "type": "github" - }, - "original": { - "owner": "ipetkov", - "repo": "crane", - "type": "github" - } - }, - "crane_3": { - "flake": false, - "locked": { - "lastModified": 1670284777, - "narHash": "sha256-JF0pc0s4z/X+Iy+lNHOwUQ8I5bz+q7uX4HrKTNIEj24=", - "owner": "ipetkov", - "repo": "crane", - "rev": "2243fb9c872de25cb564a02d324ea6a5b9853052", + "rev": "444e81206df3f7d92780680e45858e31d2f07a08", "type": "github" }, "original": { @@ -181,16 +128,16 @@ }, "deploy": { "inputs": { - "flake-compat": "flake-compat_4", - "nixpkgs": "nixpkgs_4", - "utils": "utils_2" + "flake-compat": "flake-compat_3", + "nixpkgs": "nixpkgs_3", + "utils": "utils" }, "locked": { - "lastModified": 1703087360, - "narHash": "sha256-0VUbWBW8VyiDRuimMuLsEO4elGuUw/nc2WDeuO1eN1M=", + "lastModified": 1749105467, + "narHash": "sha256-hXh76y/wDl15almBcqvjryB50B0BaiXJKk20f314RoE=", "owner": "serokell", "repo": "deploy-rs", - "rev": "b709d63debafce9f5645a5ba550c9e0983b3d1f7", + "rev": "6bc76b872374845ba9d645a2f012b764fecd765f", "type": "github" }, "original": { @@ -199,66 +146,19 @@ "type": "github" } }, - "devshell": { - "flake": false, - "locked": { - "lastModified": 1663445644, - "narHash": "sha256-+xVlcK60x7VY1vRJbNUEAHi17ZuoQxAIH4S4iUFUGBA=", - "owner": "numtide", - "repo": "devshell", - "rev": "e3dc3e21594fe07bdb24bdf1c8657acaa4cb8f66", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "devshell", - "type": "github" - } - }, - "dream2nix": { - "inputs": { - "alejandra": "alejandra", - "all-cabal-json": "all-cabal-json", - "crane": "crane_3", - "devshell": "devshell", - "flake-parts": "flake-parts_2", - "flake-utils-pre-commit": "flake-utils-pre-commit", - "ghc-utils": "ghc-utils", - "gomod2nix": "gomod2nix", - "mach-nix": "mach-nix", - "nix-pypi-fetcher": "nix-pypi-fetcher", - "nixpkgs": [ - "webcord", - "nixpkgs" - ], - "poetry2nix": "poetry2nix", - "pre-commit-hooks": "pre-commit-hooks_2" - }, - "locked": { - "lastModified": 1670715183, - "narHash": "sha256-l3OhVCCimrN1HFPfqfKAyzuMuPxNXZYLsI9w7AaQXv8=", - "owner": "nix-community", - "repo": "dream2nix", - "rev": "3d6f13ef9d4cb8c41bc83383bbec3e74865ef90d", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "dream2nix", - "type": "github" - } - }, "essentials": { "inputs": { - "flake-utils": "flake-utils_3", - "nixpkgs": "nixpkgs_5" + "flake-utils": "flake-utils_2", + "nixpkgs": [ + "nixpkgs" + ] }, "locked": { - "lastModified": 1704204809, - "narHash": "sha256-O76nB41RyfedpCfcO4GU5i2Ng7ZUMbZnF+Ceq0e8LIs=", + "lastModified": 1704366612, + "narHash": "sha256-ZJDeq0JL13TvkqTDoVwC3yTN87YMC0X8Ee5xrgyRsGk=", "owner": "jdonszelmann", "repo": "essentials", - "rev": "8209683dc3c5edd747efccd187f512771d8f3a0c", + "rev": "42d23d82bce3f9da85269f7f8aacdb95c0c0be72", "type": "github" }, "original": { @@ -267,60 +167,14 @@ "type": "github" } }, - "fenix": { - "inputs": { - "nixpkgs": [ - "riff", - "nixpkgs" - ], - "rust-analyzer-src": "rust-analyzer-src" - }, - "locked": { - "lastModified": 1686896497, - "narHash": "sha256-IphIS1KpiFXp/j0v7mEMhtw51uvU5F0mqF2j4//7VAA=", - "owner": "nix-community", - "repo": "fenix", - "rev": "9c69d11badcd78710d7d8665bc3d2e1adc450ffe", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "fenix", - "type": "github" - } - }, - "fenix_2": { - "inputs": { - "nixpkgs": [ - "webcord", - "dream2nix", - "alejandra", - "nixpkgs" - ], - "rust-analyzer-src": "rust-analyzer-src_2" - }, - "locked": { - "lastModified": 1657607339, - "narHash": "sha256-HaqoAwlbVVZH2n4P3jN2FFPMpVuhxDy1poNOR7kzODc=", - "owner": "nix-community", - "repo": "fenix", - "rev": "b814c83d9e6aa5a28d0cf356ecfdafb2505ad37d", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "fenix", - "type": "github" - } - }, "flake-compat": { "flake": false, "locked": { - "lastModified": 1673956053, - "narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=", + "lastModified": 1747046372, + "narHash": "sha256-CIVLLkVgvHYbgI2UpXvIIBJ12HWgX+fjA8Xf8PUmqCY=", "owner": "edolstra", "repo": "flake-compat", - "rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9", + "rev": "9100a0f413b0c601e0533d1d94ffd501ce2e7885", "type": "github" }, "original": { @@ -348,11 +202,11 @@ "flake-compat_3": { "flake": false, "locked": { - "lastModified": 1696426674, - "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", + "lastModified": 1733328505, + "narHash": "sha256-NeCCThCEP3eCl2l/+27kNNK7QrwZB1IJCrXfrbv5oqU=", "owner": "edolstra", "repo": "flake-compat", - "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", + "rev": "ff81ac966bb2cae68946d5ed5fc4994f96d0ffec", "type": "github" }, "original": { @@ -364,11 +218,11 @@ "flake-compat_4": { "flake": false, "locked": { - "lastModified": 1696426674, - "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", + "lastModified": 1747046372, + "narHash": "sha256-CIVLLkVgvHYbgI2UpXvIIBJ12HWgX+fjA8Xf8PUmqCY=", "owner": "edolstra", "repo": "flake-compat", - "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", + "rev": "9100a0f413b0c601e0533d1d94ffd501ce2e7885", "type": "github" }, "original": { @@ -378,6 +232,22 @@ } }, "flake-compat_5": { + "flake": false, + "locked": { + "lastModified": 1747046372, + "narHash": "sha256-CIVLLkVgvHYbgI2UpXvIIBJ12HWgX+fjA8Xf8PUmqCY=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "9100a0f413b0c601e0533d1d94ffd501ce2e7885", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, + "flake-compat_6": { "flake": false, "locked": { "lastModified": 1696426674, @@ -393,67 +263,19 @@ "type": "github" } }, - "flake-compat_6": { - "flake": false, - "locked": { - "lastModified": 1668681692, - "narHash": "sha256-Ht91NGdewz8IQLtWZ9LCeNXMSXHUss+9COoqu6JLmXU=", - "owner": "edolstra", - "repo": "flake-compat", - "rev": "009399224d5e398d03b22badca40a37ac85412a1", - "type": "github" - }, - "original": { - "owner": "edolstra", - "repo": "flake-compat", - "type": "github" - } - }, - "flake-compat_7": { - "flake": false, - "locked": { - "lastModified": 1673956053, - "narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=", - "owner": "edolstra", - "repo": "flake-compat", - "rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9", - "type": "github" - }, - "original": { - "owner": "edolstra", - "repo": "flake-compat", - "type": "github" - } - }, - "flake-compat_8": { - "flake": false, - "locked": { - "lastModified": 1673956053, - "narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=", - "owner": "edolstra", - "repo": "flake-compat", - "rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9", - "type": "github" - }, - "original": { - "owner": "edolstra", - "repo": "flake-compat", - "type": "github" - } - }, "flake-parts": { "inputs": { "nixpkgs-lib": [ - "lanzaboote", + "attic", "nixpkgs" ] }, "locked": { - "lastModified": 1698882062, - "narHash": "sha256-HkhafUayIqxXyHH1X8d9RDl1M2CkFgZLjKD3MzabiEo=", + "lastModified": 1751413152, + "narHash": "sha256-Tyw1RjYEsp5scoigs1384gIg6e0GoBVjms4aXFfRssQ=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "8c9fa2545007b49a5db5f650ae91f227672c3877", + "rev": "77826244401ea9de6e3bac47c2db46005e1f30b5", "type": "github" }, "original": { @@ -464,14 +286,59 @@ }, "flake-parts_2": { "inputs": { - "nixpkgs-lib": "nixpkgs-lib" + "nixpkgs-lib": [ + "lanzaboote", + "nixpkgs" + ] }, "locked": { - "lastModified": 1668450977, - "narHash": "sha256-cfLhMhnvXn6x1vPm+Jow3RiFAUSCw/l1utktCw5rVA4=", + "lastModified": 1754091436, + "narHash": "sha256-XKqDMN1/Qj1DKivQvscI4vmHfDfvYR2pfuFOJiCeewM=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "d591857e9d7dd9ddbfba0ea02b43b927c3c0f1fa", + "rev": "67df8c627c2c39c41dbec76a1f201929929ab0bd", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, + "flake-parts_3": { + "inputs": { + "nixpkgs-lib": [ + "nixvim", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1754487366, + "narHash": "sha256-pHYj8gUBapuUzKV/kN/tR3Zvqc7o6gdFB9XKXIp1SQ8=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "af66ad14b28a127c5c0f3bbb298218fc63528a18", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, + "flake-parts_4": { + "inputs": { + "nixpkgs-lib": [ + "nur", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1733312601, + "narHash": "sha256-4pDvzqnegAfRkPwO3wmwBhVi/Sye1mzps0zHWYnP88c=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "205b12d8b7cd4802fbcb8e8ef6a0f1408781a4f9", "type": "github" }, "original": { @@ -482,11 +349,11 @@ }, "flake-utils": { "locked": { - "lastModified": 1667395993, - "narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=", + "lastModified": 1659877975, + "narHash": "sha256-zllb8aq3YO3h8B/U0/J1WBgAL8EX5yWf5pMj3G0NAmc=", "owner": "numtide", "repo": "flake-utils", - "rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f", + "rev": "c0e246b9b83f637f4681389ecabcb2681b4f3af0", "type": "github" }, "original": { @@ -495,13 +362,34 @@ "type": "github" } }, - "flake-utils-pre-commit": { + "flake-utils-plus": { + "inputs": { + "flake-utils": "flake-utils_3" + }, "locked": { - "lastModified": 1644229661, - "narHash": "sha256-1YdnJAsNy69bpcjuoKdOYQX0YxZBiCYZo4Twxerqv7k=", + "lastModified": 1738591040, + "narHash": "sha256-4WNeriUToshQ/L5J+dTSWC5OJIwT39SEP7V7oylndi8=", + "owner": "gytis-ivaskevicius", + "repo": "flake-utils-plus", + "rev": "afcb15b845e74ac5e998358709b2b5fe42a948d1", + "type": "github" + }, + "original": { + "owner": "gytis-ivaskevicius", + "repo": "flake-utils-plus", + "type": "github" + } + }, + "flake-utils_2": { + "inputs": { + "systems": "systems_2" + }, + "locked": { + "lastModified": 1701680307, + "narHash": "sha256-kAuep2h5ajznlPMD9rnQyffWG8EM/C73lejGofXvdM8=", "owner": "numtide", "repo": "flake-utils", - "rev": "3cecb5b042f7f209c56ffd8371b2711a290ec797", + "rev": "4022d587cbbfd70fe950c1e2083a02621806a725", "type": "github" }, "original": { @@ -510,7 +398,97 @@ "type": "github" } }, - "flake-utils_10": { + "flake-utils_3": { + "inputs": { + "systems": "systems_3" + }, + "locked": { + "lastModified": 1694529238, + "narHash": "sha256-zsNZZGTGnMOf9YpHKJqMSsa0dXbfmxeoJ7xHlrt+xmY=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "ff7b65b44d01cf9ba6a71320833626af21126384", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "flake-utils_4": { + "inputs": { + "systems": "systems_4" + }, + "locked": { + "lastModified": 1731533236, + "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "flake-utils_5": { + "inputs": { + "systems": "systems_6" + }, + "locked": { + "lastModified": 1731533236, + "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "flake-utils_6": { + "inputs": { + "systems": "systems_7" + }, + "locked": { + "lastModified": 1731533236, + "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "flake-utils_7": { + "inputs": { + "systems": "systems_9" + }, + "locked": { + "lastModified": 1710146030, + "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "flake-utils_8": { "inputs": { "systems": "systems_10" }, @@ -528,175 +506,32 @@ "type": "github" } }, - "flake-utils_2": { - "locked": { - "lastModified": 1659877975, - "narHash": "sha256-zllb8aq3YO3h8B/U0/J1WBgAL8EX5yWf5pMj3G0NAmc=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "c0e246b9b83f637f4681389ecabcb2681b4f3af0", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, - "flake-utils_3": { + "git-hooks": { "inputs": { - "systems": "systems_3" + "flake-compat": [ + "mailserver", + "flake-compat" + ], + "gitignore": "gitignore_2", + "nixpkgs": [ + "mailserver", + "nixpkgs" + ] }, "locked": { - "lastModified": 1701680307, - "narHash": "sha256-kAuep2h5ajznlPMD9rnQyffWG8EM/C73lejGofXvdM8=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "4022d587cbbfd70fe950c1e2083a02621806a725", + "lastModified": 1750779888, + "narHash": "sha256-wibppH3g/E2lxU43ZQHC5yA/7kIKLGxVEnsnVK1BtRg=", + "owner": "cachix", + "repo": "git-hooks.nix", + "rev": "16ec914f6fb6f599ce988427d9d94efddf25fe6d", "type": "github" }, "original": { - "owner": "numtide", - "repo": "flake-utils", + "owner": "cachix", + "repo": "git-hooks.nix", "type": "github" } }, - "flake-utils_4": { - "inputs": { - "systems": "systems_4" - }, - "locked": { - "lastModified": 1701680307, - "narHash": "sha256-kAuep2h5ajznlPMD9rnQyffWG8EM/C73lejGofXvdM8=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "4022d587cbbfd70fe950c1e2083a02621806a725", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, - "flake-utils_5": { - "inputs": { - "systems": "systems_5" - }, - "locked": { - "lastModified": 1694529238, - "narHash": "sha256-zsNZZGTGnMOf9YpHKJqMSsa0dXbfmxeoJ7xHlrt+xmY=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "ff7b65b44d01cf9ba6a71320833626af21126384", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, - "flake-utils_6": { - "inputs": { - "systems": "systems_6" - }, - "locked": { - "lastModified": 1701680307, - "narHash": "sha256-kAuep2h5ajznlPMD9rnQyffWG8EM/C73lejGofXvdM8=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "4022d587cbbfd70fe950c1e2083a02621806a725", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, - "flake-utils_7": { - "inputs": { - "systems": "systems_7" - }, - "locked": { - "lastModified": 1701680307, - "narHash": "sha256-kAuep2h5ajznlPMD9rnQyffWG8EM/C73lejGofXvdM8=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "4022d587cbbfd70fe950c1e2083a02621806a725", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, - "flake-utils_8": { - "inputs": { - "systems": "systems_8" - }, - "locked": { - "lastModified": 1685518550, - "narHash": "sha256-o2d0KcvaXzTrPRIo0kOLV0/QXHhDQ5DTi+OxcjO8xqY=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "a1720a10a6cfe8234c0e93907ffe81be440f4cef", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, - "flake-utils_9": { - "locked": { - "lastModified": 1678901627, - "narHash": "sha256-U02riOqrKKzwjsxc/400XnElV+UtPUQWpANPlyazjH0=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "93a2b84fc4b70d9e089d029deacc3583435c2ed6", - "type": "github" - }, - "original": { - "id": "flake-utils", - "type": "indirect" - } - }, - "flakeCompat": { - "flake": false, - "locked": { - "lastModified": 1650374568, - "narHash": "sha256-Z+s0J8/r907g149rllvwhb4pKi8Wam5ij0st8PwAh+E=", - "owner": "edolstra", - "repo": "flake-compat", - "rev": "b4a34015c698c7793d592d66adbab377907a2be8", - "type": "github" - }, - "original": { - "owner": "edolstra", - "repo": "flake-compat", - "type": "github" - } - }, - "ghc-utils": { - "flake": false, - "locked": { - "lastModified": 1662774800, - "narHash": "sha256-1Rd2eohGUw/s1tfvkepeYpg8kCEXiIot0RijapUjAkE=", - "ref": "refs/heads/master", - "rev": "bb3a2d3dc52ff0253fb9c2812bd7aa2da03e0fea", - "revCount": 1072, - "type": "git", - "url": "https://gitlab.haskell.org/bgamari/ghc-utils" - }, - "original": { - "type": "git", - "url": "https://gitlab.haskell.org/bgamari/ghc-utils" - } - }, "gitignore": { "inputs": { "nixpkgs": [ @@ -706,11 +541,11 @@ ] }, "locked": { - "lastModified": 1660459072, - "narHash": "sha256-8DFJjXG8zqoONA1vXtgeKXy68KdJL5UaXR8NtVMUbx8=", + "lastModified": 1709087332, + "narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=", "owner": "hercules-ci", "repo": "gitignore.nix", - "rev": "a20de23b925fd8264fd7fad6454652e142fd7f73", + "rev": "637db329424fd7e46cf4185293b9cc8c88c95394", "type": "github" }, "original": { @@ -722,17 +557,17 @@ "gitignore_2": { "inputs": { "nixpkgs": [ - "nixvim", - "pre-commit-hooks", + "mailserver", + "git-hooks", "nixpkgs" ] }, "locked": { - "lastModified": 1660459072, - "narHash": "sha256-8DFJjXG8zqoONA1vXtgeKXy68KdJL5UaXR8NtVMUbx8=", + "lastModified": 1709087332, + "narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=", "owner": "hercules-ci", "repo": "gitignore.nix", - "rev": "a20de23b925fd8264fd7fad6454652e142fd7f73", + "rev": "637db329424fd7e46cf4185293b9cc8c88c95394", "type": "github" }, "original": { @@ -744,14 +579,14 @@ "gnome-autounlock-keyring": { "inputs": { "flake-utils": "flake-utils_4", - "nixpkgs": "nixpkgs_6" + "nixpkgs": "nixpkgs_4" }, "locked": { - "lastModified": 1702994344, - "narHash": "sha256-aJPjexHm6bLo+ky1Rw9nDStgXBYuxuWPmo5DSdjj23s=", + "lastModified": 1734975080, + "narHash": "sha256-MkI4Ow73kPlPyYA0SZ1izaxhtGAiaVtRy8Yv1H7n9hI=", "ref": "refs/heads/main", - "rev": "db96c4a4ebc05c8e4f1b427074fc5fe61c026998", - "revCount": 8, + "rev": "e0d291465b5993a9da6e22b96defd34621f99b0d", + "revCount": 11, "type": "git", "url": "https://git.0x76.dev/v/gnome-autounlock-keyring.git" }, @@ -760,22 +595,6 @@ "url": "https://git.0x76.dev/v/gnome-autounlock-keyring.git" } }, - "gomod2nix": { - "flake": false, - "locked": { - "lastModified": 1627572165, - "narHash": "sha256-MFpwnkvQpauj799b4QTBJQFEddbD02+Ln5k92QyHOSk=", - "owner": "tweag", - "repo": "gomod2nix", - "rev": "67f22dd738d092c6ba88e420350ada0ed4992ae8", - "type": "github" - }, - "original": { - "owner": "tweag", - "repo": "gomod2nix", - "type": "github" - } - }, "home-manager": { "inputs": { "nixpkgs": [ @@ -783,11 +602,11 @@ ] }, "locked": { - "lastModified": 1703838268, - "narHash": "sha256-SRg5nXcdPnrsQR2MTAp7en0NyJnQ2wB1ivmsgEbvN+o=", + "lastModified": 1755601933, + "narHash": "sha256-iXZeeYyfy8NdpvH/OOW9V3C2AfsXE+fzDHfrIOHBPF0=", "owner": "nix-community", "repo": "home-manager", - "rev": "2aff324cf65f5f98f89d878c056b779466b17db8", + "rev": "8af2e064f93234ee79df8b9858eeefbf84394488", "type": "github" }, "original": { @@ -796,12 +615,147 @@ "type": "github" } }, + "hyprland-qt-support": { + "inputs": { + "hyprlang": [ + "hyprland-qtutils", + "hyprlang" + ], + "nixpkgs": [ + "hyprland-qtutils", + "nixpkgs" + ], + "systems": [ + "hyprland-qtutils", + "systems" + ] + }, + "locked": { + "lastModified": 1749154592, + "narHash": "sha256-DO7z5CeT/ddSGDEnK9mAXm1qlGL47L3VAHLlLXoCjhE=", + "owner": "hyprwm", + "repo": "hyprland-qt-support", + "rev": "4c8053c3c888138a30c3a6c45c2e45f5484f2074", + "type": "github" + }, + "original": { + "owner": "hyprwm", + "repo": "hyprland-qt-support", + "type": "github" + } + }, + "hyprland-qtutils": { + "inputs": { + "hyprland-qt-support": "hyprland-qt-support", + "hyprlang": "hyprlang", + "hyprutils": [ + "hyprland-qtutils", + "hyprlang", + "hyprutils" + ], + "nixpkgs": "nixpkgs_5", + "systems": "systems_5" + }, + "locked": { + "lastModified": 1753819801, + "narHash": "sha256-tHe6XeNeVeKapkNM3tcjW4RuD+tB2iwwoogWJOtsqTI=", + "owner": "hyprwm", + "repo": "hyprland-qtutils", + "rev": "b308a818b9dcaa7ab8ccab891c1b84ebde2152bc", + "type": "github" + }, + "original": { + "owner": "hyprwm", + "repo": "hyprland-qtutils", + "type": "github" + } + }, + "hyprlang": { + "inputs": { + "hyprutils": "hyprutils", + "nixpkgs": [ + "hyprland-qtutils", + "nixpkgs" + ], + "systems": [ + "hyprland-qtutils", + "systems" + ] + }, + "locked": { + "lastModified": 1749145882, + "narHash": "sha256-qr0KXeczF8Sma3Ae7+dR2NHhvG7YeLBJv19W4oMu6ZE=", + "owner": "hyprwm", + "repo": "hyprlang", + "rev": "1bfb84f54d50c7ae6558c794d3cfd5f6a7e6e676", + "type": "github" + }, + "original": { + "owner": "hyprwm", + "repo": "hyprlang", + "type": "github" + } + }, + "hyprutils": { + "inputs": { + "nixpkgs": [ + "hyprland-qtutils", + "hyprlang", + "nixpkgs" + ], + "systems": [ + "hyprland-qtutils", + "hyprlang", + "systems" + ] + }, + "locked": { + "lastModified": 1749135356, + "narHash": "sha256-Q8mAKMDsFbCEuq7zoSlcTuxgbIBVhfIYpX0RjE32PS0=", + "owner": "hyprwm", + "repo": "hyprutils", + "rev": "e36db00dfb3a3d3fdcc4069cb292ff60d2699ccb", + "type": "github" + }, + "original": { + "owner": "hyprwm", + "repo": "hyprutils", + "type": "github" + } + }, + "ixx": { + "inputs": { + "flake-utils": [ + "nixvim", + "nuschtosSearch", + "flake-utils" + ], + "nixpkgs": [ + "nixvim", + "nuschtosSearch", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1748294338, + "narHash": "sha256-FVO01jdmUNArzBS7NmaktLdGA5qA3lUMJ4B7a05Iynw=", + "owner": "NuschtOS", + "repo": "ixx", + "rev": "cc5f390f7caf265461d4aab37e98d2292ebbdb85", + "type": "github" + }, + "original": { + "owner": "NuschtOS", + "ref": "v0.0.8", + "repo": "ixx", + "type": "github" + } + }, "lanzaboote": { "inputs": { "crane": "crane_2", - "flake-compat": "flake-compat_5", - "flake-parts": "flake-parts", - "flake-utils": "flake-utils_5", + "flake-compat": "flake-compat_4", + "flake-parts": "flake-parts_2", "nixpkgs": [ "nixpkgs" ], @@ -809,11 +763,11 @@ "rust-overlay": "rust-overlay" }, "locked": { - "lastModified": 1703712542, - "narHash": "sha256-317EoHaQ5OwRLEjwjQUY57FpLDl75kEBbrohH7zbfRQ=", + "lastModified": 1754297745, + "narHash": "sha256-aD6/scLN3L4ZszmNbhhd3JQ9Pzv1ScYFphz14wHinfs=", "owner": "nix-community", "repo": "lanzaboote", - "rev": "7229dd85f98341520b02fd46662f38d0af511d6d", + "rev": "892cbdca865d6b42f9c0d222fe309f7720259855", "type": "github" }, "original": { @@ -822,74 +776,42 @@ "type": "github" } }, - "lowdown-src": { - "flake": false, - "locked": { - "lastModified": 1633514407, - "narHash": "sha256-Dw32tiMjdK9t3ETl5fzGrutQTzh2rufgZV4A/BbxuD4=", - "owner": "kristapsdz", - "repo": "lowdown", - "rev": "d2c2b44ff6c27b936ec27358a2653caaef8f73b8", - "type": "github" - }, - "original": { - "owner": "kristapsdz", - "repo": "lowdown", - "type": "github" - } - }, - "mach-nix": { - "flake": false, - "locked": { - "lastModified": 1634711045, - "narHash": "sha256-m5A2Ty88NChLyFhXucECj6+AuiMZPHXNbw+9Kcs7F6Y=", - "owner": "DavHau", - "repo": "mach-nix", - "rev": "4433f74a97b94b596fa6cd9b9c0402104aceef5d", - "type": "github" - }, - "original": { - "id": "mach-nix", - "type": "indirect" - } - }, "mailserver": { "inputs": { "blobs": "blobs", - "flake-compat": "flake-compat_6", + "flake-compat": "flake-compat_5", + "git-hooks": "git-hooks", "nixpkgs": [ "nixpkgs" ], - "nixpkgs-22_11": "nixpkgs-22_11", - "nixpkgs-23_05": "nixpkgs-23_05", - "utils": "utils_3" + "nixpkgs-25_05": "nixpkgs-25_05" }, "locked": { - "lastModified": 1703666786, - "narHash": "sha256-SLPNpM/rI8XPyVJAxMYAe+n6NiYSpuXvdwPILHP4yZI=", - "owner": "simple-nixos-mailserver", - "repo": "nixos-mailserver", - "rev": "b5023b36a1f6628865cb42b4353bd2ddde0ea9f4", - "type": "gitlab" + "lastModified": 1754605910, + "narHash": "sha256-kVWxzm44ywJTb4REfwWCYXnROISykG0yE+X5A3Gov24=", + "ref": "refs/heads/master", + "rev": "57d9624c71ca65bee69b30d72b11f6c5257e9500", + "revCount": 783, + "type": "git", + "url": "https://gitlab.com/simple-nixos-mailserver/nixos-mailserver.git" }, "original": { - "owner": "simple-nixos-mailserver", - "repo": "nixos-mailserver", - "type": "gitlab" + "type": "git", + "url": "https://gitlab.com/simple-nixos-mailserver/nixos-mailserver.git" } }, "microvm": { "inputs": { - "flake-utils": "flake-utils_6", - "nixpkgs": "nixpkgs_7", + "flake-utils": "flake-utils_5", + "nixpkgs": "nixpkgs_6", "spectrum": "spectrum" }, "locked": { - "lastModified": 1703769051, - "narHash": "sha256-izOj8XRoHUXkWHpxznOaYHpj30J8/f3ynr7H6oYcNho=", + "lastModified": 1755102374, + "narHash": "sha256-v6xhTSgnGQoF1a51BB6OQWN8HXiYbZtVL+54TRuk9zk=", "owner": "astro", "repo": "microvm.nix", - "rev": "c39a472523d3c99ddfa88df62223a21b19793490", + "rev": "0a5cda80e48191959cf5a9c0552532599ef2cee4", "type": "github" }, "original": { @@ -898,91 +820,55 @@ "type": "github" } }, - "naersk": { + "nix-github-actions": { "inputs": { "nixpkgs": [ - "comma", + "attic", "nixpkgs" ] }, "locked": { - "lastModified": 1697664192, - "narHash": "sha256-nRTG3rYEGFV2+putRiC96+kNXDyKaPJgT6K/1FWN7yo=", + "lastModified": 1737420293, + "narHash": "sha256-F1G5ifvqTpJq7fdkT34e/Jy9VCyzd5XfJ9TO8fHhJWE=", "owner": "nix-community", - "repo": "naersk", - "rev": "636a9b5dd7f2ad7d7c3af929ecf95e4d4fab9e97", + "repo": "nix-github-actions", + "rev": "f4158fa080ef4503c8f4c820967d946c2af31ec9", "type": "github" }, "original": { "owner": "nix-community", - "ref": "master", - "repo": "naersk", + "repo": "nix-github-actions", "type": "github" } }, - "naersk_2": { + "nix-github-actions_2": { "inputs": { "nixpkgs": [ - "riff", + "colmena", "nixpkgs" ] }, "locked": { - "lastModified": 1686572087, - "narHash": "sha256-jXTut7ZSYqLEgm/nTk7TuVL2ExahTip605bLINklAnQ=", + "lastModified": 1729742964, + "narHash": "sha256-B4mzTcQ0FZHdpeWcpDYPERtyjJd/NIuaQ9+BV1h+MpA=", "owner": "nix-community", - "repo": "naersk", - "rev": "8507af04eb40c5520bd35d9ce6f9d2342cea5ad1", + "repo": "nix-github-actions", + "rev": "e04df33f62cdcf93d73e9a04142464753a16db67", "type": "github" }, "original": { "owner": "nix-community", - "repo": "naersk", - "type": "github" - } - }, - "nix": { - "inputs": { - "lowdown-src": "lowdown-src", - "nixpkgs": "nixpkgs_11", - "nixpkgs-regression": "nixpkgs-regression" - }, - "locked": { - "lastModified": 1654239108, - "narHash": "sha256-0JzuElxLe5DxM+R4tvBYfvQnMGCERZy4KMRf0JYxxS4=", - "owner": "nixos", - "repo": "nix", - "rev": "1dd7253133c4dfd2e7a16ad6fe505442cef38a5b", - "type": "github" - }, - "original": { - "id": "nix", - "type": "indirect" - } - }, - "nix-pypi-fetcher": { - "flake": false, - "locked": { - "lastModified": 1669065297, - "narHash": "sha256-UStjXjNIuIm7SzMOWvuYWIHBkPUKQ8Id63BMJjnIDoA=", - "owner": "DavHau", - "repo": "nix-pypi-fetcher", - "rev": "a9885ac6a091576b5195d547ac743d45a2a615ac", - "type": "github" - }, - "original": { - "owner": "DavHau", - "repo": "nix-pypi-fetcher", + "repo": "nix-github-actions", "type": "github" } }, "nixlib": { "locked": { - "lastModified": 1693701915, - "narHash": "sha256-waHPLdDYUOHSEtMKKabcKIMhlUOHPOOPQ9UyFeEoovs=", + "lastModified": 1736643958, + "narHash": "sha256-tmpqTSWVRJVhpvfSN9KXBvKEXplrwKnSZNAoNPf/S/s=", "owner": "nix-community", "repo": "nixpkgs.lib", - "rev": "f5af57d3ef9947a70ac86e42695231ac1ad00c25", + "rev": "1418bc28a52126761c02dd3d89b2d8ca0f521181", "type": "github" }, "original": { @@ -999,11 +885,11 @@ ] }, "locked": { - "lastModified": 1701689616, - "narHash": "sha256-ewnfgvRy73HoP5KnYmy1Rcr4m4yShvsb6TCCaKoW8pc=", + "lastModified": 1751903740, + "narHash": "sha256-PeSkNMvkpEvts+9DjFiop1iT2JuBpyknmBUs0Un0a4I=", "owner": "nix-community", "repo": "nixos-generators", - "rev": "246219bc21b943c6f6812bb7744218ba0df08600", + "rev": "032decf9db65efed428afd2fa39d80f7089085eb", "type": "github" }, "original": { @@ -1014,11 +900,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1703879120, - "narHash": "sha256-oMJ5xtDswlBWxs0DT/aYKEUIhjEpGZJ9GbIxOclYP8I=", + "lastModified": 1755330281, + "narHash": "sha256-aJHFJWP9AuI8jUGzI77LYcSlkA9wJnOIg4ZqftwNGXA=", "owner": "nixos", "repo": "nixos-hardware", - "rev": "22ae59fec26591ef72ce4ccb5538c42c5f090fe3", + "rev": "3dac8a872557e0ca8c083cdcfc2f218d18e113b0", "type": "github" }, "original": { @@ -1029,171 +915,59 @@ }, "nixpkgs": { "locked": { - "lastModified": 1702539185, - "narHash": "sha256-KnIRG5NMdLIpEkZTnN5zovNYc0hhXjAgv6pfd5Z4c7U=", + "lastModified": 1755027561, + "narHash": "sha256-IVft239Bc8p8Dtvf7UAACMG5P3ZV+3/aO28gXpGtMXI=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "aa9d4729cbc99dabacb50e3994dcefb3ea0f7447", + "rev": "005433b926e16227259a1843015b5b2b7f7d1fc3", "type": "github" }, "original": { - "owner": "NixOS", - "ref": "nixpkgs-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs-22_11": { - "locked": { - "lastModified": 1669558522, - "narHash": "sha256-yqxn+wOiPqe6cxzOo4leeJOp1bXE/fjPEi/3F/bBHv8=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "ce5fe99df1f15a09a91a86be9738d68fadfbad82", - "type": "github" - }, - "original": { - "id": "nixpkgs", - "ref": "nixos-22.11", - "type": "indirect" - } - }, - "nixpkgs-23_05": { - "locked": { - "lastModified": 1684782344, - "narHash": "sha256-SHN8hPYYSX0thDrMLMWPWYulK3YFgASOrCsIL3AJ78g=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "8966c43feba2c701ed624302b6a935f97bcbdf88", - "type": "github" - }, - "original": { - "id": "nixpkgs", - "ref": "nixos-23.05", - "type": "indirect" - } - }, - "nixpkgs-lib": { - "locked": { - "dir": "lib", - "lastModified": 1665349835, - "narHash": "sha256-UK4urM3iN80UXQ7EaOappDzcisYIuEURFRoGQ/yPkug=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "34c5293a71ffdb2fe054eb5288adc1882c1eb0b1", - "type": "github" - }, - "original": { - "dir": "lib", "owner": "NixOS", "ref": "nixos-unstable", "repo": "nixpkgs", "type": "github" } }, - "nixpkgs-regression": { + "nixpkgs-25_05": { "locked": { - "lastModified": 1643052045, - "narHash": "sha256-uGJ0VXIhWKGXxkeNnq4TvV3CIOkUJ3PAoLZ3HMzNVMw=", + "lastModified": 1753749649, + "narHash": "sha256-+jkEZxs7bfOKfBIk430K+tK9IvXlwzqQQnppC2ZKFj4=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "215d4d0fd80ca5163643b03a33fde804a29cc1e2", + "rev": "1f08a4df998e21f4e8be8fb6fbf61d11a1a5076a", "type": "github" }, "original": { "owner": "NixOS", + "ref": "nixos-25.05", "repo": "nixpkgs", - "rev": "215d4d0fd80ca5163643b03a33fde804a29cc1e2", "type": "github" } }, "nixpkgs-stable": { "locked": { - "lastModified": 1702780907, - "narHash": "sha256-blbrBBXjjZt6OKTcYX1jpe9SRof2P9ZYWPzq22tzXAA=", + "lastModified": 1751741127, + "narHash": "sha256-t75Shs76NgxjZSgvvZZ9qOmz5zuBE8buUaYD28BMTxg=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "1e2e384c5b7c50dbf8e9c441a9e58d85f408b01f", + "rev": "29e290002bfff26af1db6f64d070698019460302", "type": "github" }, "original": { "owner": "NixOS", - "ref": "nixos-23.11", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs-stable_2": { - "locked": { - "lastModified": 1685801374, - "narHash": "sha256-otaSUoFEMM+LjBI1XL/xGB5ao6IwnZOXc47qhIgJe8U=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "c37ca420157f4abc31e26f436c1145f8951ff373", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-23.05", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs-stable_3": { - "locked": { - "lastModified": 1685801374, - "narHash": "sha256-otaSUoFEMM+LjBI1XL/xGB5ao6IwnZOXc47qhIgJe8U=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "c37ca420157f4abc31e26f436c1145f8951ff373", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-23.05", + "ref": "nixos-25.05", "repo": "nixpkgs", "type": "github" } }, "nixpkgs_10": { "locked": { - "lastModified": 1686736559, - "narHash": "sha256-YyUSVoOKIDAscTx7IZhF9x3qgZ9dPNF19fKk+4c5irc=", - "owner": "nixos", - "repo": "nixpkgs", - "rev": "ddf4688dc7aeb14e8a3c549cb6aa6337f187a884", - "type": "github" - }, - "original": { - "owner": "nixos", - "ref": "nixos-23.05", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_11": { - "locked": { - "lastModified": 1645296114, - "narHash": "sha256-y53N7TyIkXsjMpOG7RhvqJFGDacLs9HlyHeSTBioqYU=", + "lastModified": 1714656196, + "narHash": "sha256-kjQkA98lMcsom6Gbhw8SYzmwrSo+2nruiTcTZp5jK7o=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "530a53dcbc9437363471167a5e4762c5fcfa34a1", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-21.05-small", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_12": { - "locked": { - "lastModified": 1696165369, - "narHash": "sha256-pd1cjFHCoEf9q5f9B0HhlOwwpBI9RP3HbUE6xjI7wAI=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "d7186d62bb68fac3c90f1d95515e613ef299e992", + "rev": "94035b482d181af0a0f8f77823a790b256b7c3cc", "type": "github" }, "original": { @@ -1203,45 +977,13 @@ "type": "github" } }, - "nixpkgs_13": { - "locked": { - "lastModified": 1682526928, - "narHash": "sha256-2cKh4O6t1rQ8Ok+v16URynmb0rV7oZPEbXkU0owNLQs=", - "owner": "nixos", - "repo": "nixpkgs", - "rev": "d6b863fd9b7bb962e6f9fdf292419a775e772891", - "type": "github" - }, - "original": { - "owner": "nixos", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_14": { - "locked": { - "lastModified": 1670507980, - "narHash": "sha256-riNZa0xzM1it3pzxciwALeMs+0CsBMWIW2FqulzK8vM=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "2787fc7d1e51404678614bf0fe92fc296746eec0", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, "nixpkgs_2": { "locked": { - "lastModified": 1696019113, - "narHash": "sha256-X3+DKYWJm93DRSdC5M6K5hLqzSya9BjibtBsuARoPco=", + "lastModified": 1750134718, + "narHash": "sha256-v263g4GbxXv87hMXMCpjkIxd/viIF7p3JpJrwgKdNiI=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "f5892ddac112a1e9b3612c39af1b72987ee5783a", + "rev": "9e83b64f727c88a7711a2c463a7b16eedb69a84c", "type": "github" }, "original": { @@ -1253,11 +995,11 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1697915759, - "narHash": "sha256-WyMj5jGcecD+KC8gEs+wFth1J1wjisZf8kVZH13f1Zo=", + "lastModified": 1743014863, + "narHash": "sha256-jAIUqsiN2r3hCuHji80U7NNEafpIMBXiwKlSrjWMlpg=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "51d906d2341c9e866e48c2efcaac0f2d70bfd43e", + "rev": "bd3bac8bfb542dbde7ffffb6987a1a1f9d41699f", "type": "github" }, "original": { @@ -1269,27 +1011,26 @@ }, "nixpkgs_4": { "locked": { - "lastModified": 1702272962, - "narHash": "sha256-D+zHwkwPc6oYQ4G3A1HuadopqRwUY/JkMwHz1YF7j4Q=", - "owner": "NixOS", + "lastModified": 1734973338, + "narHash": "sha256-E9JOCwppN3WX9oh6kV9w4nkN+6UPGNdzljscdJy5kTs=", + "owner": "nixos", "repo": "nixpkgs", - "rev": "e97b3e4186bcadf0ef1b6be22b8558eab1cdeb5d", + "rev": "2b37ecedbb948e7607307c56e35aea5155eb65a7", "type": "github" }, "original": { - "owner": "NixOS", - "ref": "nixpkgs-unstable", + "owner": "nixos", "repo": "nixpkgs", "type": "github" } }, "nixpkgs_5": { "locked": { - "lastModified": 1703438236, - "narHash": "sha256-aqVBq1u09yFhL7bj1/xyUeJjzr92fXVvQSSEx6AdB1M=", + "lastModified": 1748929857, + "narHash": "sha256-lcZQ8RhsmhsK8u7LIFsJhsLh/pzR9yZ8yqpTzyGdj+Q=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "5f64a12a728902226210bf01d25ec6cbb9d9265b", + "rev": "c2a03962b8e24e669fb37b7df10e7c79531ff1a4", "type": "github" }, "original": { @@ -1301,93 +1042,80 @@ }, "nixpkgs_6": { "locked": { - "lastModified": 1702933230, - "narHash": "sha256-xi8AZ3noIXrgmKLR+ij+CeYFoUTKiQuTLL+aA7FRdRQ=", + "lastModified": 1754725699, + "narHash": "sha256-iAcj9T/Y+3DBy2J0N+yF9XQQQ8IEb5swLFzs23CdP88=", "owner": "nixos", "repo": "nixpkgs", - "rev": "4e2c5373180ecd17e41e879420be69dc642a6349", + "rev": "85dbfc7aaf52ecb755f87e577ddbe6dbbdbc1054", "type": "github" }, "original": { "owner": "nixos", + "ref": "nixos-unstable", "repo": "nixpkgs", "type": "github" } }, "nixpkgs_7": { "locked": { - "lastModified": 1702312524, - "narHash": "sha256-gkZJRDBUCpTPBvQk25G0B7vfbpEYM5s5OZqghkjZsnE=", - "owner": "nixos", + "lastModified": 1755186698, + "narHash": "sha256-wNO3+Ks2jZJ4nTHMuks+cxAiVBGNuEBXsT29Bz6HASo=", + "owner": "NixOS", "repo": "nixpkgs", - "rev": "a9bf124c46ef298113270b1f84a164865987a91c", + "rev": "fbcf476f790d8a217c3eab4e12033dc4a0f6d23c", "type": "github" }, "original": { - "owner": "nixos", + "id": "nixpkgs", "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" + "type": "indirect" } }, "nixpkgs_8": { "locked": { - "lastModified": 1703637592, - "narHash": "sha256-8MXjxU0RfFfzl57Zy3OfXCITS0qWDNLzlBAdwxGZwfY=", + "lastModified": 1754393734, + "narHash": "sha256-fbnmAwTQkuXHKBlcL5Nq1sMAzd3GFqCOQgEQw6Hy0Ak=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "cfc3698c31b1fb9cdcf10f36c9643460264d0ca8", + "rev": "a683adc19ff5228af548c6539dbc3440509bfed3", "type": "github" }, "original": { - "id": "nixpkgs", - "ref": "nixos-unstable", - "type": "indirect" + "owner": "NixOS", + "ref": "nixpkgs-unstable", + "repo": "nixpkgs", + "type": "github" } }, "nixpkgs_9": { "locked": { - "lastModified": 1703013332, - "narHash": "sha256-+tFNwMvlXLbJZXiMHqYq77z/RfmpfpiI3yjL6o/Zo9M=", - "owner": "NixOS", + "lastModified": 1755186698, + "narHash": "sha256-wNO3+Ks2jZJ4nTHMuks+cxAiVBGNuEBXsT29Bz6HASo=", + "owner": "nixos", "repo": "nixpkgs", - "rev": "54aac082a4d9bb5bbc5c4e899603abfb76a3f6d6", + "rev": "fbcf476f790d8a217c3eab4e12033dc4a0f6d23c", "type": "github" }, "original": { - "owner": "NixOS", + "owner": "nixos", "ref": "nixos-unstable", "repo": "nixpkgs", "type": "github" } }, - "nixpkgs_stable": { - "locked": { - "lastModified": 1703351344, - "narHash": "sha256-9FEelzftkE9UaJ5nqxidaJJPEhe9TPhbypLHmc2Mysc=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "7790e078f8979a9fcd543f9a47427eeaba38f268", - "type": "github" - }, - "original": { - "id": "nixpkgs", - "ref": "nixos-23.05", - "type": "indirect" - } - }, "nixvim": { "inputs": { - "flake-utils": "flake-utils_7", - "nixpkgs": "nixpkgs_9", - "pre-commit-hooks": "pre-commit-hooks" + "flake-parts": "flake-parts_3", + "nixpkgs": "nixpkgs_8", + "nuschtosSearch": "nuschtosSearch", + "systems": "systems_8" }, "locked": { - "lastModified": 1703859882, - "narHash": "sha256-wRXgap0eEuswF9xXUKDiWBh0tKuJ9vtmlJZ4iAX3K/E=", + "lastModified": 1755541228, + "narHash": "sha256-3PsCEAfZLk3shQNgEH67P6KvhV6bXziewl3HwJ/iaV4=", "owner": "pta2002", "repo": "nixvim", - "rev": "1d8e7906c9606c956c6b40d8d088c8d2110dc0c0", + "rev": "e1e4bb83f1b1193c99971dfde6928e1f60ed4296", "type": "github" }, "original": { @@ -1397,59 +1125,44 @@ } }, "nur": { - "locked": { - "lastModified": 1703938048, - "narHash": "sha256-df8Lwe4k6QiyucOyZV0s6eoy6y7m2g4+/dOpEyYrZGU=", - "owner": "nix-community", - "repo": "NUR", - "rev": "ae6fb319f88d5a995cb8dc4502c2d81c5fc1e578", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "NUR", - "type": "github" - } - }, - "poetry2nix": { - "flake": false, - "locked": { - "lastModified": 1666918719, - "narHash": "sha256-BkK42fjAku+2WgCOv2/1NrPa754eQPV7gPBmoKQBWlc=", - "owner": "nix-community", - "repo": "poetry2nix", - "rev": "289efb187123656a116b915206e66852f038720e", - "type": "github" - }, - "original": { - "owner": "nix-community", - "ref": "1.36.0", - "repo": "poetry2nix", - "type": "github" - } - }, - "pre-commit-hooks": { "inputs": { - "flake-compat": "flake-compat_7", - "flake-utils": "flake-utils_8", - "gitignore": "gitignore_2", + "flake-parts": "flake-parts_4", + "nixpkgs": "nixpkgs_9" + }, + "locked": { + "lastModified": 1755599037, + "narHash": "sha256-wyQzSgNokEMaC1wrIbiHIqatbikrvimrTV8a47RlJ8k=", + "owner": "nix-community", + "repo": "NUR", + "rev": "e92965e6bad1a44445803a8567400e5c6ad9cbe6", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "NUR", + "type": "github" + } + }, + "nuschtosSearch": { + "inputs": { + "flake-utils": "flake-utils_6", + "ixx": "ixx", "nixpkgs": [ "nixvim", "nixpkgs" - ], - "nixpkgs-stable": "nixpkgs-stable_3" + ] }, "locked": { - "lastModified": 1702456155, - "narHash": "sha256-I2XhXGAecdGlqi6hPWYT83AQtMgL+aa3ulA85RAEgOk=", - "owner": "cachix", - "repo": "pre-commit-hooks.nix", - "rev": "007a45d064c1c32d04e1b8a0de5ef00984c419bc", + "lastModified": 1754301638, + "narHash": "sha256-aRgzcPDd2axHFOuMlPLuzmDptUM2JU8mUL3jfgbBeyc=", + "owner": "NuschtOS", + "repo": "search", + "rev": "a60091045273484c040a91f5c229ba298f8ecc27", "type": "github" }, "original": { - "owner": "cachix", - "repo": "pre-commit-hooks.nix", + "owner": "NuschtOS", + "repo": "search", "type": "github" } }, @@ -1459,50 +1172,18 @@ "lanzaboote", "flake-compat" ], - "flake-utils": [ - "lanzaboote", - "flake-utils" - ], "gitignore": "gitignore", "nixpkgs": [ "lanzaboote", "nixpkgs" - ], - "nixpkgs-stable": "nixpkgs-stable_2" - }, - "locked": { - "lastModified": 1699271226, - "narHash": "sha256-8Jt1KW3xTjolD6c6OjJm9USx/jmL+VVmbooADCkdDfU=", - "owner": "cachix", - "repo": "pre-commit-hooks.nix", - "rev": "ea758da1a6dcde6dc36db348ed690d09b9864128", - "type": "github" - }, - "original": { - "owner": "cachix", - "repo": "pre-commit-hooks.nix", - "type": "github" - } - }, - "pre-commit-hooks_2": { - "inputs": { - "flake-utils": [ - "webcord", - "dream2nix", - "flake-utils-pre-commit" - ], - "nixpkgs": [ - "webcord", - "dream2nix", - "nixpkgs" ] }, "locked": { - "lastModified": 1646153636, - "narHash": "sha256-AlWHMzK+xJ1mG267FdT8dCq/HvLCA6jwmx2ZUy5O8tY=", + "lastModified": 1750779888, + "narHash": "sha256-wibppH3g/E2lxU43ZQHC5yA/7kIKLGxVEnsnVK1BtRg=", "owner": "cachix", "repo": "pre-commit-hooks.nix", - "rev": "b6bc0b21e1617e2b07d8205e7fae7224036dfa4b", + "rev": "16ec914f6fb6f599ce988427d9d94efddf25fe6d", "type": "github" }, "original": { @@ -1511,101 +1192,44 @@ "type": "github" } }, - "riff": { - "inputs": { - "fenix": "fenix", - "naersk": "naersk_2", - "nixpkgs": "nixpkgs_10" - }, - "locked": { - "lastModified": 1690193312, - "narHash": "sha256-JZQoHRBpNM1ucZ9A9ZE3Q67z8AuaBa/WKIS2Wm8zHHo=", - "owner": "DeterminateSystems", - "repo": "riff", - "rev": "aec5418dbae0c468652eaac7f8f3d85ed83c89ce", - "type": "github" - }, - "original": { - "owner": "DeterminateSystems", - "repo": "riff", - "type": "github" - } - }, "root": { "inputs": { "attic": "attic", + "autostart": "autostart", + "catppuccin": "catppuccin", "colmena": "colmena", - "comma": "comma", "deploy": "deploy", "essentials": "essentials", + "flake-utils-plus": "flake-utils-plus", "gnome-autounlock-keyring": "gnome-autounlock-keyring", "home-manager": "home-manager", + "hyprland-qtutils": "hyprland-qtutils", "lanzaboote": "lanzaboote", "mailserver": "mailserver", "microvm": "microvm", "nixos-generators": "nixos-generators", "nixos-hardware": "nixos-hardware", - "nixpkgs": "nixpkgs_8", - "nixpkgs_stable": "nixpkgs_stable", + "nixpkgs": "nixpkgs_7", "nixvim": "nixvim", "nur": "nur", - "riff": "riff", + "t": "t", "vault-secrets": "vault-secrets", - "vault-unseal": "vault-unseal", - "webcord": "webcord" - } - }, - "rust-analyzer-src": { - "flake": false, - "locked": { - "lastModified": 1686818168, - "narHash": "sha256-yyoJmC17T6mXqthzgGiTKSdUJ0cTEuqQmkmd3iW4ay8=", - "owner": "rust-lang", - "repo": "rust-analyzer", - "rev": "ff864fbb9fc21f0cdae408fe8f5b2f43141b45a7", - "type": "github" - }, - "original": { - "owner": "rust-lang", - "ref": "nightly", - "repo": "rust-analyzer", - "type": "github" - } - }, - "rust-analyzer-src_2": { - "flake": false, - "locked": { - "lastModified": 1657557289, - "narHash": "sha256-PRW+nUwuqNTRAEa83SfX+7g+g8nQ+2MMbasQ9nt6+UM=", - "owner": "rust-lang", - "repo": "rust-analyzer", - "rev": "caf23f29144b371035b864a1017dbc32573ad56d", - "type": "github" - }, - "original": { - "owner": "rust-lang", - "ref": "nightly", - "repo": "rust-analyzer", - "type": "github" + "vault-unseal": "vault-unseal" } }, "rust-overlay": { "inputs": { - "flake-utils": [ - "lanzaboote", - "flake-utils" - ], "nixpkgs": [ "lanzaboote", "nixpkgs" ] }, "locked": { - "lastModified": 1699409596, - "narHash": "sha256-L3g1smIol3dGTxkUQOlNShJtZLvjLzvtbaeTRizwZBU=", + "lastModified": 1754189623, + "narHash": "sha256-fstu5eb30UYwsxow0aQqkzxNxGn80UZjyehQVNVHuBk=", "owner": "oxalica", "repo": "rust-overlay", - "rev": "58240e1ac627cef3ea30c7732fedfb4f51afd8e7", + "rev": "c582ff7f0d8a7ea689ae836dfb1773f1814f472a", "type": "github" }, "original": { @@ -1617,11 +1241,11 @@ "spectrum": { "flake": false, "locked": { - "lastModified": 1703273931, - "narHash": "sha256-CJ1Crdi5fXHkCiemovsp20/RC4vpDaZl1R6V273FecI=", + "lastModified": 1754675037, + "narHash": "sha256-afS08F7lfMUBR4qrBxinN1kuxu+DoHQ5TPNVp9VS/OA=", "ref": "refs/heads/main", - "rev": "97e2f3429ee61dc37664b4d096b2fec48a57b691", - "revCount": 597, + "rev": "586577f3015397afacd83bc185454f4cc3c8028f", + "revCount": 955, "type": "git", "url": "https://spectrum-os.org/git/spectrum" }, @@ -1632,16 +1256,16 @@ }, "stable": { "locked": { - "lastModified": 1696039360, - "narHash": "sha256-g7nIUV4uq1TOVeVIDEZLb005suTWCUjSY0zYOlSBsyE=", + "lastModified": 1750133334, + "narHash": "sha256-urV51uWH7fVnhIvsZIELIYalMYsyr2FCalvlRTzqWRw=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "32dcb45f66c0487e92db8303a798ebc548cadedc", + "rev": "36ab78dab7da2e4e27911007033713bab534187b", "type": "github" }, "original": { "owner": "NixOS", - "ref": "nixos-23.05", + "ref": "nixos-25.05", "repo": "nixpkgs", "type": "github" } @@ -1723,16 +1347,16 @@ }, "systems_5": { "locked": { - "lastModified": 1681028828, - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "lastModified": 1689347949, + "narHash": "sha256-12tWmuL2zgBgZkdoB6qXZsgJEH9LR3oUgpaQq2RbI80=", "owner": "nix-systems", - "repo": "default", - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "repo": "default-linux", + "rev": "31732fcf5e8fea42e59c2488ad31a0e651500f68", "type": "github" }, "original": { "owner": "nix-systems", - "repo": "default", + "repo": "default-linux", "type": "github" } }, @@ -1796,67 +1420,37 @@ "type": "github" } }, + "t": { + "inputs": { + "flake-utils": "flake-utils_7", + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1710410762, + "narHash": "sha256-pCCCdoW4+ipCOwzJCYZJ8CNINDsQvACCaxh2xT6uqmw=", + "owner": "jdonszelmann", + "repo": "t-rs", + "rev": "1178091650351fc8372e4c84c786433f9bce69d5", + "type": "github" + }, + "original": { + "owner": "jdonszelmann", + "repo": "t-rs", + "type": "github" + } + }, "utils": { "inputs": { "systems": "systems" }, "locked": { - "lastModified": 1694529238, - "narHash": "sha256-zsNZZGTGnMOf9YpHKJqMSsa0dXbfmxeoJ7xHlrt+xmY=", + "lastModified": 1731533236, + "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", "owner": "numtide", "repo": "flake-utils", - "rev": "ff7b65b44d01cf9ba6a71320833626af21126384", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, - "utils_2": { - "inputs": { - "systems": "systems_2" - }, - "locked": { - "lastModified": 1701680307, - "narHash": "sha256-kAuep2h5ajznlPMD9rnQyffWG8EM/C73lejGofXvdM8=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "4022d587cbbfd70fe950c1e2083a02621806a725", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, - "utils_3": { - "locked": { - "lastModified": 1605370193, - "narHash": "sha256-YyMTf3URDL/otKdKgtoMChu4vfVL3vCMkRqpGifhUn0=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "5021eac20303a61fafe17224c087f5519baed54d", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, - "utils_4": { - "inputs": { - "systems": "systems_9" - }, - "locked": { - "lastModified": 1694529238, - "narHash": "sha256-zsNZZGTGnMOf9YpHKJqMSsa0dXbfmxeoJ7xHlrt+xmY=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "ff7b65b44d01cf9ba6a71320833626af21126384", + "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", "type": "github" }, "original": { @@ -1867,18 +1461,15 @@ }, "vault-secrets": { "inputs": { - "flake-compat": "flake-compat_8", - "flake-utils": "flake-utils_9", - "nix": "nix", - "nixpkgs": "nixpkgs_12", - "utils": "utils_4" + "flake-compat": "flake-compat_6", + "nixpkgs": "nixpkgs_10" }, "locked": { - "lastModified": 1702898724, - "narHash": "sha256-ypRLpx5VCTyE3mPKNRSOLMfqaOkyLXNU7opn0+dI/Jg=", + "lastModified": 1714988039, + "narHash": "sha256-ZYPX1Skhy9ZEfeRkAzdqO+MvjBdF4a7blrXcTJ3q/Yw=", "owner": "serokell", "repo": "vault-secrets", - "rev": "9139484e388fe98e3facc097b66c018049d5e123", + "rev": "44ef2078d9149aa3b23fe132e8c8d8bbd624c06c", "type": "github" }, "original": { @@ -1889,15 +1480,17 @@ }, "vault-unseal": { "inputs": { - "flake-utils": "flake-utils_10", - "nixpkgs": "nixpkgs_13" + "flake-utils": "flake-utils_8", + "nixpkgs": [ + "nixpkgs" + ] }, "locked": { - "lastModified": 1683013874, - "narHash": "sha256-B8bQb9IMkrDvtqFUoF/PuBma8Qa2jU7Xv7cFSchg9V8=", + "lastModified": 1729410873, + "narHash": "sha256-gWcGwGxRSsHtVXGEaCw1bhmqnJaVIjbxJkt98F9HxLE=", "ref": "refs/heads/main", - "rev": "91e7262e87878609c2d6619210988b241e8f8f62", - "revCount": 11, + "rev": "f05093a8d608892d2e4499e02117428b405f82a1", + "revCount": 12, "type": "git", "url": "https://git.0x76.dev/v/vault-unseal.git" }, @@ -1905,42 +1498,6 @@ "type": "git", "url": "https://git.0x76.dev/v/vault-unseal.git" } - }, - "webcord": { - "inputs": { - "dream2nix": "dream2nix", - "nixpkgs": "nixpkgs_14", - "webcord": "webcord_2" - }, - "locked": { - "lastModified": 1670874335, - "narHash": "sha256-nJ1LUVj3dIHP5B+XkZXUvY39OqaZn/MMHSFwsOSPnwI=", - "owner": "fufexan", - "repo": "webcord-flake", - "rev": "b462d57c36d664b48f047c96b2f9de091bff6e8b", - "type": "github" - }, - "original": { - "owner": "fufexan", - "repo": "webcord-flake", - "type": "github" - } - }, - "webcord_2": { - "flake": false, - "locked": { - "lastModified": 1670713990, - "narHash": "sha256-e+y/M+/gjezHoNrdXeFhqtvxbPdhRSDOQlwK1nUhNfo=", - "owner": "SpacingBat3", - "repo": "WebCord", - "rev": "80ba858c025e0bb59510f7136211948d8ae10ece", - "type": "github" - }, - "original": { - "owner": "SpacingBat3", - "repo": "WebCord", - "type": "github" - } } }, "root": "root", diff --git a/flake.nix b/flake.nix index 0667b2b5..efc87b1f 100644 --- a/flake.nix +++ b/flake.nix @@ -6,7 +6,7 @@ inputs = { nixpkgs.url = "nixpkgs/nixos-unstable"; - nixpkgs_stable.url = "nixpkgs/nixos-23.05"; + flake-utils-plus.url = "github:gytis-ivaskevicius/flake-utils-plus"; nur.url = "github:nix-community/NUR"; colmena.url = "github:zhaofengli/colmena"; deploy.url = "github:serokell/deploy-rs"; @@ -17,13 +17,7 @@ home-manager.url = "github:nix-community/home-manager"; home-manager.inputs.nixpkgs.follows = "nixpkgs"; - riff.url = "github:DeterminateSystems/riff"; - - webcord.url = "github:fufexan/webcord-flake"; - - comma.url = "github:nix-community/comma"; - - mailserver.url = "gitlab:simple-nixos-mailserver/nixos-mailserver"; + mailserver.url = "git+https://gitlab.com/simple-nixos-mailserver/nixos-mailserver.git"; mailserver.inputs.nixpkgs.follows = "nixpkgs"; nixvim.url = "github:pta2002/nixvim"; @@ -33,132 +27,172 @@ nixos-hardware.url = "github:nixos/nixos-hardware"; - lanzaboote = { - url = "github:nix-community/lanzaboote"; - - # Optional but recommended to limit the size of your system closure. - inputs.nixpkgs.follows = "nixpkgs"; - }; + lanzaboote.url = "github:nix-community/lanzaboote"; + lanzaboote.inputs.nixpkgs.follows = "nixpkgs"; vault-unseal.url = "git+https://git.0x76.dev/v/vault-unseal.git"; + vault-unseal.inputs.nixpkgs.follows = "nixpkgs"; + gnome-autounlock-keyring.url = "git+https://git.0x76.dev/v/gnome-autounlock-keyring.git"; - attic.url = "github:zhaofengli/attic"; + t.url = "github:jdonszelmann/t-rs"; + t.inputs.nixpkgs.follows = "nixpkgs"; + + attic.url = "github:zhaofengli/attic"; + attic.inputs.nixpkgs.follows = "nixpkgs"; + + catppuccin.url = "github:catppuccin/nix"; - # Website(s) essentials.url = "github:jdonszelmann/essentials"; + essentials.inputs.nixpkgs.follows = "nixpkgs"; + + autostart.url = "github:Zocker1999NET/home-manager-xdg-autostart"; + + hyprland-qtutils.url = "github:hyprwm/hyprland-qtutils"; }; outputs = - { self - , nixpkgs - , nixpkgs_stable - , vault-secrets - , colmena - , nixos-generators - , nur - , attic - , deploy - , ... + { + self, + nixpkgs, + flake-utils-plus, + nur, + attic, + deploy, + home-manager, + gnome-autounlock-keyring, + lanzaboote, + t, + catppuccin, + ... }@inputs: let - inherit (nixpkgs) lib; - - util = import ./nixos/util.nix inputs; - inherit (util) hosts flat_hosts nixHosts; - - system = "x86_64-linux"; - - pkgs = import nixpkgs { - inherit system; - config.allowUnfree = true; - overlays = [ (import ./nixos/pkgs) vault-secrets.overlay nur.overlay ]; - }; - - pkgs_stable = import nixpkgs_stable { - inherit system; - config.allowUnfree = true; - }; - - # Define args each module gets access to (access to hosts is useful for DNS/DHCP) - specialArgs = { inherit hosts flat_hosts inputs pkgs_stable; }; - - # Script to apply local colmena deployments + pkgs = self.pkgs.x86_64-linux.nixpkgs; apply-local = pkgs.writeShellScriptBin "apply-local" '' - "${ - colmena.packages.${system}.colmena - }"/bin/colmena apply-local --sudo $@ - ''; - - fast-repl = pkgs.writeShellScriptBin "fast-repl" '' - source /etc/set-environment - nix repl --file "${./.}/repl.nix" $@ + nh os switch --ask ''; in - { - # Make the nixosConfigurations for compat reasons (e.g. vault) - nixosConfigurations = - (import (inputs.colmena + "/src/nix/hive/eval.nix") { - rawFlake = self; - colmenaOptions = - import (inputs.colmena + "/src/nix/hive/options.nix"); - colmenaModules = - import (inputs.colmena + "/src/nix/hive/modules.nix"); - }).nodes; + flake-utils-plus.lib.mkFlake { + # `self` and `inputs` arguments are required + inherit self inputs; - # Make the colmena configuration - colmena = lib.foldr (el: acc: acc // util.mkColmenaHost el) - { - meta = { - inherit specialArgs; - nixpkgs = pkgs; - }; - } - nixHosts; + # Supported systems, used for packages, apps, devShell and multiple other definitions. Defaults to `flake-utils.lib.defaultSystems`. + supportedSystems = [ "x86_64-linux" ]; - packages.${system} = { - inherit apply-local; + # Channels config + channelsConfig = { + allowUnfree = true; + permittedInsecurePackages = [ "electron" ]; + }; + sharedOverlays = [ + (import ./pkgs) + nur.overlays.default + ]; - default = colmena.packages.${system}.colmena; + # host defaults + hostDefaults = { + system = "x86_64-linux"; + modules = [ + home-manager.nixosModules.home-manager + gnome-autounlock-keyring.nixosModules.default + catppuccin.nixosModules.catppuccin + ./common + ]; - proxmox-lxc = nixos-generators.nixosGenerate { - inherit system specialArgs; - format = "proxmox-lxc"; - modules = util.base_imports - ++ [ (import ./nixos/templates/proxmox-lxc.nix) ]; - }; - - # Broken - proxmox-vm = nixos-generators.nixosGenerate { - inherit system specialArgs; - format = "proxmox"; - modules = util.base_imports - ++ [ (import ./nixos/templates/proxmox-vm.nix) ]; + specialArgs = { + inherit self inputs home-manager; }; }; - # Use by running `nix develop` - devShells.${system}.default = pkgs.mkShell { - VAULT_ADDR = "http://vault.olympus:8200/"; - buildInputs = with pkgs; [ - attic.packages.${pkgs.system}.attic - apply-local - colmena.packages.${system}.colmena - deploy.packages.${system}.deploy-rs - cachix - deadnix - statix - nixfmt - nixpkgs-fmt - nixUnstable - nil - vault - yamllint - jq - (vault-push-approle-envs self { }) - (vault-push-approles self { }) - fast-repl - ]; + # hosts + hosts = { + "olympus.bastion" = { + modules = [ + ./common/generic-vm.nix + ./hosts/olympus/bastion + ]; + }; + + aoife = { + modules = [ + lanzaboote.nixosModules.lanzaboote + ./common/desktop + ./hosts/thalassa/aoife + ]; + }; + + eevee = { + modules = [ + ./common/desktop + ./hosts/olympus/eevee + ]; + }; + }; + + # deploy-rs + deploy = { + user = "root"; + nodes = { + "bastion-olympus" = { + hostname = "bastion.olympus"; + fastConnection = true; + remoteBuild = true; + profiles = { + system = { + path = deploy.lib.x86_64-linux.activate.nixos self.nixosConfigurations."olympus.bastion"; + }; + }; + }; + + aoife = { + remoteBuild = true; + fastConnection = true; + hostname = "aoife"; + profiles.system.path = deploy.lib.x86_64-linux.activate.nixos self.nixosConfigurations.aoife; + }; + + eevee = { + fastConnection = true; + hostname = "eevee.olympus"; + profiles.system.path = deploy.lib.x86_64-linux.activate.nixos self.nixosConfigurations.eevee; + }; + }; + }; + + # Outputs + outputsBuilder = channels: { + devShells.default = channels.nixpkgs.mkShell { + name = "devShell"; + VAULT_ADDR = "http://vault.olympus:8200/"; + NH_FLAKE = "/home/vivian/src/infrastructure-new"; + packages = with pkgs; [ + # attic.packages.${system}.attic + apply-local + deploy.packages.${system}.deploy-rs + deadnix + statix + # vault + yamllint + jq + fup-repl + nh + nixfmt-rfc-style + ]; + }; + }; + + # Checks + checks = builtins.mapAttrs (system: deployLib: deployLib.deployChecks self.deploy) deploy.lib // { + x86_64-linux.mac = pkgs.stdenvNoCC.mkDerivation { + name = "mac check"; + src = self; + dontBuild = true; + doCheck = true; + checkPhase = '' + echo "Hello World" + ''; + installPhase = "mkdir $out"; + }; }; }; } diff --git a/flux/.gitignore b/flux/.gitignore deleted file mode 100644 index ec8d5548..00000000 --- a/flux/.gitignore +++ /dev/null @@ -1 +0,0 @@ -old_cluster diff --git a/flux/README.md b/flux/README.md deleted file mode 100644 index 252502d8..00000000 --- a/flux/README.md +++ /dev/null @@ -1,12 +0,0 @@ -# Kubernetes Cluster -This is my personal Kubernetes Cluster. [Flux] watches this git repo and reconciles and changes made to the cluster. - -## Bootstrap -```sh -flux bootstrap git --url ssh://gitea@git.0x76.dev:42/v/infrastructure.git --branch=main --path=flux/olympus/base --ssh-key-algorithm=ed25519 -``` - -## References -Heavily inspired by: [onedr0p's cluster](https://github.com/onedr0p/home-cluster) - -[Flux]: https://github.com/fluxcd/flux2 diff --git a/flux/olympus/apps/flux-system/external-secret.yaml b/flux/olympus/apps/flux-system/external-secret.yaml deleted file mode 100644 index c12fbe01..00000000 --- a/flux/olympus/apps/flux-system/external-secret.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: external-secrets.io/v1beta1 -kind: ExternalSecret -metadata: - name: weave-gitops - namespace: flux-system -spec: - refreshInterval: "5m" - secretStoreRef: - name: vault - kind: ClusterSecretStore - target: - name: oidc-auth - dataFrom: - - extract: - key: flux-system/weave-gitops diff --git a/flux/olympus/apps/flux-system/kustomization.yaml b/flux/olympus/apps/flux-system/kustomization.yaml deleted file mode 100644 index 29912dbe..00000000 --- a/flux/olympus/apps/flux-system/kustomization.yaml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -resources: - - rbac.yaml - - external-secret.yaml - - weave-gitops-dashboard.yaml diff --git a/flux/olympus/apps/flux-system/rbac.yaml b/flux/olympus/apps/flux-system/rbac.yaml deleted file mode 100644 index a3a7d0ca..00000000 --- a/flux/olympus/apps/flux-system/rbac.yaml +++ /dev/null @@ -1,76 +0,0 @@ ---- -# Admin cluster role -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: weave-admin -rules: - # Flux Resources - - apiGroups: ["kustomize.toolkit.fluxcd.io"] - resources: ["kustomizations"] - verbs: ["get", "list", "patch"] - - apiGroups: ["helm.toolkit.fluxcd.io"] - resources: ["helmreleases"] - verbs: ["get", "list", "patch"] - - apiGroups: ["source.toolkit.fluxcd.io"] - resources: - [ - "buckets", - "helmcharts", - "gitrepositories", - "helmrepositories", - "ocirepositories", - ] - verbs: ["get", "list", "patch"] - - apiGroups: ["notification.toolkit.fluxcd.io"] - resources: ["providers", "alerts"] - verbs: ["get", "list"] - - apiGroups: ["infra.contrib.fluxcd.io"] - resources: ["terraforms"] - verbs: ["get", "list", "patch"] - # Resources managed via Flux - - apiGroups: [""] - resources: - [ - "configmaps", - "secrets", - "pods", - "services", - "namespaces", - "persistentvolumes", - "persistentvolumeclaims", - ] - verbs: ["get", "list"] - - apiGroups: ["apps"] - resources: ["deployments", "replicasets", "statefulsets"] - verbs: ["get", "list"] - - apiGroups: ["batch"] - resources: ["jobs", "cronjobs"] - verbs: ["get", "list"] - - apiGroups: ["autoscaling"] - resources: ["horizontalpodautoscalers"] - verbs: ["get", "list"] - - apiGroups: ["rbac.authorization.k8s.io"] - resources: ["roles", "clusterroles", "rolebindings", "clusterrolebindings"] - verbs: ["get", "list"] - - apiGroups: ["networking.k8s.io"] - resources: ["ingresses"] - verbs: ["get", "list"] - # Feedback - - apiGroups: [""] - resources: ["events"] - verbs: ["get", "watch", "list"] ---- -# Bind the cluster admin role to admins -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: weave-admin -subjects: - - kind: User - name: "victor@xirion.net" - apiGroup: rbac.authorization.k8s.io -roleRef: - kind: ClusterRole - name: weave-admin - apiGroup: rbac.authorization.k8s.io diff --git a/flux/olympus/apps/flux-system/weave-gitops-dashboard.yaml b/flux/olympus/apps/flux-system/weave-gitops-dashboard.yaml deleted file mode 100644 index 9a70ed7d..00000000 --- a/flux/olympus/apps/flux-system/weave-gitops-dashboard.yaml +++ /dev/null @@ -1,48 +0,0 @@ ---- -apiVersion: source.toolkit.fluxcd.io/v1 -kind: HelmRepository -metadata: - annotations: - metadata.weave.works/description: This is the source location for the Weave GitOps - Dashboard's helm chart. - labels: - app.kubernetes.io/component: ui - app.kubernetes.io/created-by: weave-gitops-cli - app.kubernetes.io/name: weave-gitops-dashboard - app.kubernetes.io/part-of: weave-gitops - name: ww-gitops - namespace: flux-system -spec: - interval: 1h0m0s - type: oci - url: oci://ghcr.io/weaveworks/charts ---- -apiVersion: helm.toolkit.fluxcd.io/v2beta1 -kind: HelmRelease -metadata: - annotations: - metadata.weave.works/description: This is the Weave GitOps Dashboard. It provides - a simple way to get insights into your GitOps workloads. - name: ww-gitops - namespace: flux-system -spec: - chart: - spec: - chart: weave-gitops - sourceRef: - kind: HelmRepository - name: ww-gitops - interval: 1h0m0s - values: - ingress: - enabled: true - hosts: - - host: flux.0x76.dev - paths: - - path: / - pathType: ImplementationSpecific - adminUser: - create: true - passwordHash: $2a$10$uIY/YYe.CcRerpVvfk04muX86hLfXRH.K6jATZaVPqp.bnUIu/bsC - username: admin - diff --git a/flux/olympus/apps/kustomization.yaml b/flux/olympus/apps/kustomization.yaml deleted file mode 100644 index 396b9e10..00000000 --- a/flux/olympus/apps/kustomization.yaml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -resources: - - flux-system - - services - - websites diff --git a/flux/olympus/apps/services/kustomization.yaml b/flux/olympus/apps/services/kustomization.yaml deleted file mode 100644 index 4ddab702..00000000 --- a/flux/olympus/apps/services/kustomization.yaml +++ /dev/null @@ -1,4 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -resources: - - renovate diff --git a/flux/olympus/apps/services/renovate/config.yaml b/flux/olympus/apps/services/renovate/config.yaml deleted file mode 100644 index 53683839..00000000 --- a/flux/olympus/apps/services/renovate/config.yaml +++ /dev/null @@ -1,57 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: renovate - namespace: services -data: - config.js: |- - module.exports = { - "binarySource": "install", - "repositories": ["v/infrastructure"], - "flux": { - "fileMatch": ["flux/.+\\.ya?ml$"] - }, - "helm-values": { - "fileMatch": ["flux/.+\\.ya?ml$"] - }, - "kubernetes": { - "fileMatch": ["flux/.+\\.ya?ml$"] - }, - "hostRules": [ - { - "hostType": "docker", - "matchHost": "ghcr.io", - "username": "NULLx76", - "password": process.env.GITHUB_COM_TOKEN - } - ], - "packageRules": [ - { - "automerge": true, - "automergeType": "branch", - "matchUpdateTypes": ["minor", "patch", "pin", "digest"], - "matchPackageNames": [ - "renovate/renovate" - ], - "matchPackagePrefixes": [ - "git.0x76.dev" - ] - } - ], - // ignore individual fluxcd images - "ignoreDeps": [ - "ghcr.io/fluxcd/helm-controller", - "ghcr.io/fluxcd/image-automation-controller", - "ghcr.io/fluxcd/image-reflector-controller", - "ghcr.io/fluxcd/kustomize-controller", - "ghcr.io/fluxcd/notification-controller", - "ghcr.io/fluxcd/source-controller" - ], - "regexManagers": [ - { - "fileMatch": [".+\\.nix"], - "matchStrings": ["image\\s*=\\s*\"(?.*?):(?.*?)\"\\s*;\\s*"], - "datasourceTemplate": "docker" - } - ] - }; diff --git a/flux/olympus/apps/services/renovate/cronjob.yaml b/flux/olympus/apps/services/renovate/cronjob.yaml deleted file mode 100644 index 2861a3f8..00000000 --- a/flux/olympus/apps/services/renovate/cronjob.yaml +++ /dev/null @@ -1,46 +0,0 @@ -apiVersion: batch/v1 -kind: CronJob -metadata: - name: renovate - namespace: services -spec: - # Run every 8 hours - schedule: "0 */8 * * *" - concurrencyPolicy: Forbid - jobTemplate: - spec: - template: - spec: - volumes: - - name: config-volume - configMap: - name: renovate - - name: work-volume - emptyDir: {} - containers: - - name: renovate - image: renovate/renovate:37.67.3 - volumeMounts: - - name: config-volume - mountPath: /opt/renovate/ - - name: work-volume - mountPath: /tmp/renovate/ - env: - - name: LOG_LEVEL - value: debug - - name: RENOVATE_ENDPOINT - value: "https://git.0x76.dev/api/v1/" - - name: RENOVATE_PLATFORM - value: gitea - - name: RENOVATE_AUTODISCOVER - value: "false" - - name: RENOVATE_GIT_AUTHOR - value: "Renovate Bot " - - name: RENOVATE_CONFIG_FILE - value: "/opt/renovate/config.js" - - name: RENOVATE_BASE_DIR - value: "/tmp/renovate" - envFrom: - - secretRef: - name: renovate - restartPolicy: Never diff --git a/flux/olympus/apps/services/renovate/external-secret.yaml b/flux/olympus/apps/services/renovate/external-secret.yaml deleted file mode 100644 index 40637451..00000000 --- a/flux/olympus/apps/services/renovate/external-secret.yaml +++ /dev/null @@ -1,21 +0,0 @@ -apiVersion: external-secrets.io/v1beta1 -kind: ExternalSecret -metadata: - name: renovate - namespace: services -spec: - refreshInterval: "5m" - secretStoreRef: - name: vault - kind: ClusterSecretStore - target: - name: renovate - data: - - secretKey: RENOVATE_TOKEN - remoteRef: - key: gitops/renovate - property: gitea_token - - secretKey: GITHUB_COM_TOKEN - remoteRef: - key: gitops/renovate - property: github_token diff --git a/flux/olympus/apps/services/renovate/kustomization.yaml b/flux/olympus/apps/services/renovate/kustomization.yaml deleted file mode 100644 index 74e8575d..00000000 --- a/flux/olympus/apps/services/renovate/kustomization.yaml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -resources: - - external-secret.yaml - - config.yaml - - cronjob.yaml diff --git a/flux/olympus/apps/websites/0x76.yaml b/flux/olympus/apps/websites/0x76.yaml deleted file mode 100644 index 7b768e6c..00000000 --- a/flux/olympus/apps/websites/0x76.yaml +++ /dev/null @@ -1,52 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: x76dev - namespace: websites - labels: - app: x76dev -spec: - replicas: 1 - selector: - matchLabels: - app: x76dev - template: - metadata: - labels: - app: x76dev - spec: - containers: - - name: x76dev - image: git.0x76.dev/v/0x76.dev:5 - ports: - - containerPort: 80 ---- -apiVersion: v1 -kind: Service -metadata: - name: x76dev - namespace: websites -spec: - selector: - app: x76dev - ports: - - protocol: TCP - port: 80 ---- -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: x76dev - namespace: websites -spec: - rules: - - host: "0x76.dev" - http: - paths: - - path: / - pathType: Prefix - backend: - service: - name: x76dev - port: - number: 80 diff --git a/flux/olympus/apps/websites/blog.yaml b/flux/olympus/apps/websites/blog.yaml deleted file mode 100644 index 52e763e5..00000000 --- a/flux/olympus/apps/websites/blog.yaml +++ /dev/null @@ -1,52 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: blog - namespace: websites - labels: - app: blog -spec: - replicas: 1 - selector: - matchLabels: - app: blog - template: - metadata: - labels: - app: blog - spec: - containers: - - name: blog - image: git.0x76.dev/v/blog.xirion.net:5 - ports: - - containerPort: 8080 ---- -apiVersion: v1 -kind: Service -metadata: - name: blog - namespace: websites -spec: - selector: - app: blog - ports: - - protocol: TCP - port: 8080 ---- -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: blog - namespace: websites -spec: - rules: - - host: "blog.xirion.net" - http: - paths: - - path: / - pathType: Prefix - backend: - service: - name: blog - port: - number: 8080 diff --git a/flux/olympus/apps/websites/internal.yaml b/flux/olympus/apps/websites/internal.yaml deleted file mode 100644 index 50d2f244..00000000 --- a/flux/olympus/apps/websites/internal.yaml +++ /dev/null @@ -1,52 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: internal - namespace: websites - labels: - app: internal -spec: - replicas: 1 - selector: - matchLabels: - app: internal - template: - metadata: - labels: - app: internal - spec: - containers: - - name: internal - image: git.0x76.dev/v/internal.xirion.net:1 - ports: - - containerPort: 8080 ---- -apiVersion: v1 -kind: Service -metadata: - name: internal - namespace: websites -spec: - selector: - app: internal - ports: - - protocol: TCP - port: 8080 ---- -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: internal - namespace: websites -spec: - rules: - - host: "internal.xirion.net" - http: - paths: - - path: / - pathType: Prefix - backend: - service: - name: internal - port: - number: 8080 diff --git a/flux/olympus/apps/websites/kustomization.yaml b/flux/olympus/apps/websites/kustomization.yaml deleted file mode 100644 index d3df4526..00000000 --- a/flux/olympus/apps/websites/kustomization.yaml +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -metadata: - namespace: websites -resources: - - 0x76.yaml - - internal.yaml - - blog.yaml - - xirion.yaml diff --git a/flux/olympus/apps/websites/xirion.yaml b/flux/olympus/apps/websites/xirion.yaml deleted file mode 100644 index e7e311f1..00000000 --- a/flux/olympus/apps/websites/xirion.yaml +++ /dev/null @@ -1,52 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: xirion - namespace: websites - labels: - app: xirion -spec: - replicas: 1 - selector: - matchLabels: - app: xirion - template: - metadata: - labels: - app: xirion - spec: - containers: - - name: xirion - image: git.0x76.dev/v/xirion.net:2 - ports: - - containerPort: 80 ---- -apiVersion: v1 -kind: Service -metadata: - name: xirion - namespace: websites -spec: - selector: - app: xirion - ports: - - protocol: TCP - port: 80 ---- -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: xirion - namespace: websites -spec: - rules: - - host: "xirion.net" - http: - paths: - - path: / - pathType: Prefix - backend: - service: - name: xirion - port: - number: 80 diff --git a/flux/olympus/base/apps.yaml b/flux/olympus/base/apps.yaml deleted file mode 100644 index 0059a2e9..00000000 --- a/flux/olympus/base/apps.yaml +++ /dev/null @@ -1,15 +0,0 @@ ---- -apiVersion: kustomize.toolkit.fluxcd.io/v1 -kind: Kustomization -metadata: - name: apps - namespace: flux-system -spec: - interval: 10m0s - dependsOn: - - name: core - path: ./flux/olympus/apps - prune: true - sourceRef: - kind: GitRepository - name: flux-system diff --git a/flux/olympus/base/core.yaml b/flux/olympus/base/core.yaml deleted file mode 100644 index f61c58c8..00000000 --- a/flux/olympus/base/core.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: kustomize.toolkit.fluxcd.io/v1 -kind: Kustomization -metadata: - name: core - namespace: flux-system -spec: - interval: 10m0s - path: ./flux/olympus/core - prune: true - sourceRef: - kind: GitRepository - name: flux-system diff --git a/flux/olympus/base/flux-system/gotk-components.yaml b/flux/olympus/base/flux-system/gotk-components.yaml deleted file mode 100644 index d8d8bed8..00000000 --- a/flux/olympus/base/flux-system/gotk-components.yaml +++ /dev/null @@ -1,8029 +0,0 @@ ---- -# This manifest was generated by flux. DO NOT EDIT. -# Flux Version: v2.1.2 -# Components: source-controller,kustomize-controller,helm-controller,notification-controller -apiVersion: v1 -kind: Namespace -metadata: - labels: - app.kubernetes.io/instance: flux-system - app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.1.2 - pod-security.kubernetes.io/warn: restricted - pod-security.kubernetes.io/warn-version: latest - name: flux-system ---- -apiVersion: networking.k8s.io/v1 -kind: NetworkPolicy -metadata: - labels: - app.kubernetes.io/instance: flux-system - app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.1.2 - name: allow-egress - namespace: flux-system -spec: - egress: - - {} - ingress: - - from: - - podSelector: {} - podSelector: {} - policyTypes: - - Ingress - - Egress ---- -apiVersion: networking.k8s.io/v1 -kind: NetworkPolicy -metadata: - labels: - app.kubernetes.io/instance: flux-system - app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.1.2 - name: allow-scraping - namespace: flux-system -spec: - ingress: - - from: - - namespaceSelector: {} - ports: - - port: 8080 - protocol: TCP - podSelector: {} - policyTypes: - - Ingress ---- -apiVersion: networking.k8s.io/v1 -kind: NetworkPolicy -metadata: - labels: - app.kubernetes.io/instance: flux-system - app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.1.2 - name: allow-webhooks - namespace: flux-system -spec: - ingress: - - from: - - namespaceSelector: {} - podSelector: - matchLabels: - app: notification-controller - policyTypes: - - Ingress ---- -apiVersion: v1 -kind: ResourceQuota -metadata: - labels: - app.kubernetes.io/instance: flux-system - app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.1.2 - name: critical-pods-flux-system - namespace: flux-system -spec: - hard: - pods: "1000" - scopeSelector: - matchExpressions: - - operator: In - scopeName: PriorityClass - values: - - system-node-critical - - system-cluster-critical ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - app.kubernetes.io/instance: flux-system - app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.1.2 - name: crd-controller-flux-system -rules: -- apiGroups: - - source.toolkit.fluxcd.io - resources: - - '*' - verbs: - - '*' -- apiGroups: - - kustomize.toolkit.fluxcd.io - resources: - - '*' - verbs: - - '*' -- apiGroups: - - helm.toolkit.fluxcd.io - resources: - - '*' - verbs: - - '*' -- apiGroups: - - notification.toolkit.fluxcd.io - resources: - - '*' - verbs: - - '*' -- apiGroups: - - image.toolkit.fluxcd.io - resources: - - '*' - verbs: - - '*' -- apiGroups: - - "" - resources: - - namespaces - - secrets - - configmaps - - serviceaccounts - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch -- apiGroups: - - "" - resources: - - configmaps - verbs: - - get - - list - - watch - - create - - update - - patch - - delete -- apiGroups: - - "" - resources: - - configmaps/status - verbs: - - get - - update - - patch -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - get - - list - - watch - - create - - update - - patch - - delete ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - app.kubernetes.io/instance: flux-system - app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.1.2 - rbac.authorization.k8s.io/aggregate-to-admin: "true" - rbac.authorization.k8s.io/aggregate-to-edit: "true" - name: flux-edit-flux-system -rules: -- apiGroups: - - notification.toolkit.fluxcd.io - - source.toolkit.fluxcd.io - - helm.toolkit.fluxcd.io - - image.toolkit.fluxcd.io - - kustomize.toolkit.fluxcd.io - resources: - - '*' - verbs: - - create - - delete - - deletecollection - - patch - - update ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - app.kubernetes.io/instance: flux-system - app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.1.2 - rbac.authorization.k8s.io/aggregate-to-admin: "true" - rbac.authorization.k8s.io/aggregate-to-edit: "true" - rbac.authorization.k8s.io/aggregate-to-view: "true" - name: flux-view-flux-system -rules: -- apiGroups: - - notification.toolkit.fluxcd.io - - source.toolkit.fluxcd.io - - helm.toolkit.fluxcd.io - - image.toolkit.fluxcd.io - - kustomize.toolkit.fluxcd.io - resources: - - '*' - verbs: - - get - - list - - watch ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - labels: - app.kubernetes.io/instance: flux-system - app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.1.2 - name: cluster-reconciler-flux-system -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: cluster-admin -subjects: -- kind: ServiceAccount - name: kustomize-controller - namespace: flux-system -- kind: ServiceAccount - name: helm-controller - namespace: flux-system ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - labels: - app.kubernetes.io/instance: flux-system - app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.1.2 - name: crd-controller-flux-system -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: crd-controller-flux-system -subjects: -- kind: ServiceAccount - name: kustomize-controller - namespace: flux-system -- kind: ServiceAccount - name: helm-controller - namespace: flux-system -- kind: ServiceAccount - name: source-controller - namespace: flux-system -- kind: ServiceAccount - name: notification-controller - namespace: flux-system -- kind: ServiceAccount - name: image-reflector-controller - namespace: flux-system -- kind: ServiceAccount - name: image-automation-controller - namespace: flux-system ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.12.0 - labels: - app.kubernetes.io/component: source-controller - app.kubernetes.io/instance: flux-system - app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.1.2 - name: buckets.source.toolkit.fluxcd.io -spec: - group: source.toolkit.fluxcd.io - names: - kind: Bucket - listKind: BucketList - plural: buckets - singular: bucket - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .spec.endpoint - name: Endpoint - type: string - - jsonPath: .status.conditions[?(@.type=="Ready")].status - name: Ready - type: string - - jsonPath: .status.conditions[?(@.type=="Ready")].message - name: Status - type: string - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1beta1 - schema: - openAPIV3Schema: - description: Bucket is the Schema for the buckets API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: BucketSpec defines the desired state of an S3 compatible - bucket - properties: - accessFrom: - description: AccessFrom defines an Access Control List for allowing - cross-namespace references to this object. - properties: - namespaceSelectors: - description: NamespaceSelectors is the list of namespace selectors - to which this ACL applies. Items in this list are evaluated - using a logical OR operation. - items: - description: NamespaceSelector selects the namespaces to which - this ACL applies. An empty map of MatchLabels matches all - namespaces in a cluster. - properties: - matchLabels: - additionalProperties: - type: string - description: MatchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is - "key", the operator is "In", and the values array contains - only "value". The requirements are ANDed. - type: object - type: object - type: array - required: - - namespaceSelectors - type: object - bucketName: - description: The bucket name. - type: string - endpoint: - description: The bucket endpoint address. - type: string - ignore: - description: Ignore overrides the set of excluded patterns in the - .sourceignore format (which is the same as .gitignore). If not provided, - a default will be used, consult the documentation for your version - to find out what those are. - type: string - insecure: - description: Insecure allows connecting to a non-TLS S3 HTTP endpoint. - type: boolean - interval: - description: The interval at which to check for bucket updates. - type: string - provider: - default: generic - description: The S3 compatible storage provider name, default ('generic'). - enum: - - generic - - aws - - gcp - type: string - region: - description: The bucket region. - type: string - secretRef: - description: The name of the secret containing authentication credentials - for the Bucket. - properties: - name: - description: Name of the referent. - type: string - required: - - name - type: object - suspend: - description: This flag tells the controller to suspend the reconciliation - of this source. - type: boolean - timeout: - default: 60s - description: The timeout for download operations, defaults to 60s. - type: string - required: - - bucketName - - endpoint - - interval - type: object - status: - default: - observedGeneration: -1 - description: BucketStatus defines the observed state of a bucket - properties: - artifact: - description: Artifact represents the output of the last successful - Bucket sync. - properties: - checksum: - description: Checksum is the SHA256 checksum of the artifact. - type: string - lastUpdateTime: - description: LastUpdateTime is the timestamp corresponding to - the last update of this artifact. - format: date-time - type: string - path: - description: Path is the relative file path of this artifact. - type: string - revision: - description: Revision is a human readable identifier traceable - in the origin source system. It can be a Git commit SHA, Git - tag, a Helm index timestamp, a Helm chart version, etc. - type: string - url: - description: URL is the HTTP address of this artifact. - type: string - required: - - path - - url - type: object - conditions: - description: Conditions holds the conditions for the Bucket. - items: - description: "Condition contains details for one aspect of the current - state of this API Resource. --- This struct is intended for direct - use as an array at the field path .status.conditions. For example, - \n type FooStatus struct{ // Represents the observations of a - foo's current state. // Known .status.conditions.type are: \"Available\", - \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge - // +listType=map // +listMapKey=type Conditions []metav1.Condition - `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" - protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" - properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should be when - the underlying condition changed. If that is not known, then - using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: message is a human readable message indicating - details about the transition. This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, if .metadata.generation - is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the current - state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic identifier indicating - the reason for the condition's last transition. Producers - of specific condition types may define expected values and - meanings for this field, and whether the values are considered - a guaranteed API. The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - lastHandledReconcileAt: - description: LastHandledReconcileAt holds the value of the most recent - reconcile request value, so a change of the annotation value can - be detected. - type: string - observedGeneration: - description: ObservedGeneration is the last observed generation. - format: int64 - type: integer - url: - description: URL is the download link for the artifact output of the - last Bucket sync. - type: string - type: object - type: object - served: true - storage: false - subresources: - status: {} - - additionalPrinterColumns: - - jsonPath: .spec.endpoint - name: Endpoint - type: string - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - jsonPath: .status.conditions[?(@.type=="Ready")].status - name: Ready - type: string - - jsonPath: .status.conditions[?(@.type=="Ready")].message - name: Status - type: string - name: v1beta2 - schema: - openAPIV3Schema: - description: Bucket is the Schema for the buckets API. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: BucketSpec specifies the required configuration to produce - an Artifact for an object storage bucket. - properties: - accessFrom: - description: 'AccessFrom specifies an Access Control List for allowing - cross-namespace references to this object. NOTE: Not implemented, - provisional as of https://github.com/fluxcd/flux2/pull/2092' - properties: - namespaceSelectors: - description: NamespaceSelectors is the list of namespace selectors - to which this ACL applies. Items in this list are evaluated - using a logical OR operation. - items: - description: NamespaceSelector selects the namespaces to which - this ACL applies. An empty map of MatchLabels matches all - namespaces in a cluster. - properties: - matchLabels: - additionalProperties: - type: string - description: MatchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is - "key", the operator is "In", and the values array contains - only "value". The requirements are ANDed. - type: object - type: object - type: array - required: - - namespaceSelectors - type: object - bucketName: - description: BucketName is the name of the object storage bucket. - type: string - endpoint: - description: Endpoint is the object storage address the BucketName - is located at. - type: string - ignore: - description: Ignore overrides the set of excluded patterns in the - .sourceignore format (which is the same as .gitignore). If not provided, - a default will be used, consult the documentation for your version - to find out what those are. - type: string - insecure: - description: Insecure allows connecting to a non-TLS HTTP Endpoint. - type: boolean - interval: - description: Interval at which the Bucket Endpoint is checked for - updates. This interval is approximate and may be subject to jitter - to ensure efficient use of resources. - pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ - type: string - provider: - default: generic - description: Provider of the object storage bucket. Defaults to 'generic', - which expects an S3 (API) compatible object storage. - enum: - - generic - - aws - - gcp - - azure - type: string - region: - description: Region of the Endpoint where the BucketName is located - in. - type: string - secretRef: - description: SecretRef specifies the Secret containing authentication - credentials for the Bucket. - properties: - name: - description: Name of the referent. - type: string - required: - - name - type: object - suspend: - description: Suspend tells the controller to suspend the reconciliation - of this Bucket. - type: boolean - timeout: - default: 60s - description: Timeout for fetch operations, defaults to 60s. - pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m))+$ - type: string - required: - - bucketName - - endpoint - - interval - type: object - status: - default: - observedGeneration: -1 - description: BucketStatus records the observed state of a Bucket. - properties: - artifact: - description: Artifact represents the last successful Bucket reconciliation. - properties: - digest: - description: Digest is the digest of the file in the form of ':'. - pattern: ^[a-z0-9]+(?:[.+_-][a-z0-9]+)*:[a-zA-Z0-9=_-]+$ - type: string - lastUpdateTime: - description: LastUpdateTime is the timestamp corresponding to - the last update of the Artifact. - format: date-time - type: string - metadata: - additionalProperties: - type: string - description: Metadata holds upstream information such as OCI annotations. - type: object - path: - description: Path is the relative file path of the Artifact. It - can be used to locate the file in the root of the Artifact storage - on the local file system of the controller managing the Source. - type: string - revision: - description: Revision is a human-readable identifier traceable - in the origin source system. It can be a Git commit SHA, Git - tag, a Helm chart version, etc. - type: string - size: - description: Size is the number of bytes in the file. - format: int64 - type: integer - url: - description: URL is the HTTP address of the Artifact as exposed - by the controller managing the Source. It can be used to retrieve - the Artifact for consumption, e.g. by another controller applying - the Artifact contents. - type: string - required: - - lastUpdateTime - - path - - revision - - url - type: object - conditions: - description: Conditions holds the conditions for the Bucket. - items: - description: "Condition contains details for one aspect of the current - state of this API Resource. --- This struct is intended for direct - use as an array at the field path .status.conditions. For example, - \n type FooStatus struct{ // Represents the observations of a - foo's current state. // Known .status.conditions.type are: \"Available\", - \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge - // +listType=map // +listMapKey=type Conditions []metav1.Condition - `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" - protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" - properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should be when - the underlying condition changed. If that is not known, then - using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: message is a human readable message indicating - details about the transition. This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, if .metadata.generation - is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the current - state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic identifier indicating - the reason for the condition's last transition. Producers - of specific condition types may define expected values and - meanings for this field, and whether the values are considered - a guaranteed API. The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - lastHandledReconcileAt: - description: LastHandledReconcileAt holds the value of the most recent - reconcile request value, so a change of the annotation value can - be detected. - type: string - observedGeneration: - description: ObservedGeneration is the last observed generation of - the Bucket object. - format: int64 - type: integer - observedIgnore: - description: ObservedIgnore is the observed exclusion patterns used - for constructing the source artifact. - type: string - url: - description: URL is the dynamic fetch link for the latest Artifact. - It is provided on a "best effort" basis, and using the precise BucketStatus.Artifact - data is recommended. - type: string - type: object - type: object - served: true - storage: true - subresources: - status: {} ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.12.0 - labels: - app.kubernetes.io/component: source-controller - app.kubernetes.io/instance: flux-system - app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.1.2 - name: gitrepositories.source.toolkit.fluxcd.io -spec: - group: source.toolkit.fluxcd.io - names: - kind: GitRepository - listKind: GitRepositoryList - plural: gitrepositories - shortNames: - - gitrepo - singular: gitrepository - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .spec.url - name: URL - type: string - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - jsonPath: .status.conditions[?(@.type=="Ready")].status - name: Ready - type: string - - jsonPath: .status.conditions[?(@.type=="Ready")].message - name: Status - type: string - name: v1 - schema: - openAPIV3Schema: - description: GitRepository is the Schema for the gitrepositories API. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: GitRepositorySpec specifies the required configuration to - produce an Artifact for a Git repository. - properties: - ignore: - description: Ignore overrides the set of excluded patterns in the - .sourceignore format (which is the same as .gitignore). If not provided, - a default will be used, consult the documentation for your version - to find out what those are. - type: string - include: - description: Include specifies a list of GitRepository resources which - Artifacts should be included in the Artifact produced for this GitRepository. - items: - description: GitRepositoryInclude specifies a local reference to - a GitRepository which Artifact (sub-)contents must be included, - and where they should be placed. - properties: - fromPath: - description: FromPath specifies the path to copy contents from, - defaults to the root of the Artifact. - type: string - repository: - description: GitRepositoryRef specifies the GitRepository which - Artifact contents must be included. - properties: - name: - description: Name of the referent. - type: string - required: - - name - type: object - toPath: - description: ToPath specifies the path to copy contents to, - defaults to the name of the GitRepositoryRef. - type: string - required: - - repository - type: object - type: array - interval: - description: Interval at which the GitRepository URL is checked for - updates. This interval is approximate and may be subject to jitter - to ensure efficient use of resources. - pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ - type: string - proxySecretRef: - description: ProxySecretRef specifies the Secret containing the proxy - configuration to use while communicating with the Git server. - properties: - name: - description: Name of the referent. - type: string - required: - - name - type: object - recurseSubmodules: - description: RecurseSubmodules enables the initialization of all submodules - within the GitRepository as cloned from the URL, using their default - settings. - type: boolean - ref: - description: Reference specifies the Git reference to resolve and - monitor for changes, defaults to the 'master' branch. - properties: - branch: - description: Branch to check out, defaults to 'master' if no other - field is defined. - type: string - commit: - description: "Commit SHA to check out, takes precedence over all - reference fields. \n This can be combined with Branch to shallow - clone the branch, in which the commit is expected to exist." - type: string - name: - description: "Name of the reference to check out; takes precedence - over Branch, Tag and SemVer. \n It must be a valid Git reference: - https://git-scm.com/docs/git-check-ref-format#_description Examples: - \"refs/heads/main\", \"refs/tags/v0.1.0\", \"refs/pull/420/head\", - \"refs/merge-requests/1/head\"" - type: string - semver: - description: SemVer tag expression to check out, takes precedence - over Tag. - type: string - tag: - description: Tag to check out, takes precedence over Branch. - type: string - type: object - secretRef: - description: SecretRef specifies the Secret containing authentication - credentials for the GitRepository. For HTTPS repositories the Secret - must contain 'username' and 'password' fields for basic auth or - 'bearerToken' field for token auth. For SSH repositories the Secret - must contain 'identity' and 'known_hosts' fields. - properties: - name: - description: Name of the referent. - type: string - required: - - name - type: object - suspend: - description: Suspend tells the controller to suspend the reconciliation - of this GitRepository. - type: boolean - timeout: - default: 60s - description: Timeout for Git operations like cloning, defaults to - 60s. - pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m))+$ - type: string - url: - description: URL specifies the Git repository URL, it can be an HTTP/S - or SSH address. - pattern: ^(http|https|ssh)://.*$ - type: string - verify: - description: Verification specifies the configuration to verify the - Git commit signature(s). - properties: - mode: - default: HEAD - description: "Mode specifies which Git object(s) should be verified. - \n The variants \"head\" and \"HEAD\" both imply the same thing, - i.e. verify the commit that the HEAD of the Git repository points - to. The variant \"head\" solely exists to ensure backwards compatibility." - enum: - - head - - HEAD - - Tag - - TagAndHEAD - type: string - secretRef: - description: SecretRef specifies the Secret containing the public - keys of trusted Git authors. - properties: - name: - description: Name of the referent. - type: string - required: - - name - type: object - required: - - secretRef - type: object - required: - - interval - - url - type: object - status: - default: - observedGeneration: -1 - description: GitRepositoryStatus records the observed state of a Git repository. - properties: - artifact: - description: Artifact represents the last successful GitRepository - reconciliation. - properties: - digest: - description: Digest is the digest of the file in the form of ':'. - pattern: ^[a-z0-9]+(?:[.+_-][a-z0-9]+)*:[a-zA-Z0-9=_-]+$ - type: string - lastUpdateTime: - description: LastUpdateTime is the timestamp corresponding to - the last update of the Artifact. - format: date-time - type: string - metadata: - additionalProperties: - type: string - description: Metadata holds upstream information such as OCI annotations. - type: object - path: - description: Path is the relative file path of the Artifact. It - can be used to locate the file in the root of the Artifact storage - on the local file system of the controller managing the Source. - type: string - revision: - description: Revision is a human-readable identifier traceable - in the origin source system. It can be a Git commit SHA, Git - tag, a Helm chart version, etc. - type: string - size: - description: Size is the number of bytes in the file. - format: int64 - type: integer - url: - description: URL is the HTTP address of the Artifact as exposed - by the controller managing the Source. It can be used to retrieve - the Artifact for consumption, e.g. by another controller applying - the Artifact contents. - type: string - required: - - lastUpdateTime - - path - - revision - - url - type: object - conditions: - description: Conditions holds the conditions for the GitRepository. - items: - description: "Condition contains details for one aspect of the current - state of this API Resource. --- This struct is intended for direct - use as an array at the field path .status.conditions. For example, - \n type FooStatus struct{ // Represents the observations of a - foo's current state. // Known .status.conditions.type are: \"Available\", - \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge - // +listType=map // +listMapKey=type Conditions []metav1.Condition - `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" - protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" - properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should be when - the underlying condition changed. If that is not known, then - using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: message is a human readable message indicating - details about the transition. This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, if .metadata.generation - is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the current - state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic identifier indicating - the reason for the condition's last transition. Producers - of specific condition types may define expected values and - meanings for this field, and whether the values are considered - a guaranteed API. The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - includedArtifacts: - description: IncludedArtifacts contains a list of the last successfully - included Artifacts as instructed by GitRepositorySpec.Include. - items: - description: Artifact represents the output of a Source reconciliation. - properties: - digest: - description: Digest is the digest of the file in the form of - ':'. - pattern: ^[a-z0-9]+(?:[.+_-][a-z0-9]+)*:[a-zA-Z0-9=_-]+$ - type: string - lastUpdateTime: - description: LastUpdateTime is the timestamp corresponding to - the last update of the Artifact. - format: date-time - type: string - metadata: - additionalProperties: - type: string - description: Metadata holds upstream information such as OCI - annotations. - type: object - path: - description: Path is the relative file path of the Artifact. - It can be used to locate the file in the root of the Artifact - storage on the local file system of the controller managing - the Source. - type: string - revision: - description: Revision is a human-readable identifier traceable - in the origin source system. It can be a Git commit SHA, Git - tag, a Helm chart version, etc. - type: string - size: - description: Size is the number of bytes in the file. - format: int64 - type: integer - url: - description: URL is the HTTP address of the Artifact as exposed - by the controller managing the Source. It can be used to retrieve - the Artifact for consumption, e.g. by another controller applying - the Artifact contents. - type: string - required: - - lastUpdateTime - - path - - revision - - url - type: object - type: array - lastHandledReconcileAt: - description: LastHandledReconcileAt holds the value of the most recent - reconcile request value, so a change of the annotation value can - be detected. - type: string - observedGeneration: - description: ObservedGeneration is the last observed generation of - the GitRepository object. - format: int64 - type: integer - observedIgnore: - description: ObservedIgnore is the observed exclusion patterns used - for constructing the source artifact. - type: string - observedInclude: - description: ObservedInclude is the observed list of GitRepository - resources used to produce the current Artifact. - items: - description: GitRepositoryInclude specifies a local reference to - a GitRepository which Artifact (sub-)contents must be included, - and where they should be placed. - properties: - fromPath: - description: FromPath specifies the path to copy contents from, - defaults to the root of the Artifact. - type: string - repository: - description: GitRepositoryRef specifies the GitRepository which - Artifact contents must be included. - properties: - name: - description: Name of the referent. - type: string - required: - - name - type: object - toPath: - description: ToPath specifies the path to copy contents to, - defaults to the name of the GitRepositoryRef. - type: string - required: - - repository - type: object - type: array - observedRecurseSubmodules: - description: ObservedRecurseSubmodules is the observed resource submodules - configuration used to produce the current Artifact. - type: boolean - sourceVerificationMode: - description: SourceVerificationMode is the last used verification - mode indicating which Git object(s) have been verified. - type: string - type: object - type: object - served: true - storage: true - subresources: - status: {} - - additionalPrinterColumns: - - jsonPath: .spec.url - name: URL - type: string - - jsonPath: .status.conditions[?(@.type=="Ready")].status - name: Ready - type: string - - jsonPath: .status.conditions[?(@.type=="Ready")].message - name: Status - type: string - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - deprecated: true - deprecationWarning: v1beta1 GitRepository is deprecated, upgrade to v1 - name: v1beta1 - schema: - openAPIV3Schema: - description: GitRepository is the Schema for the gitrepositories API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: GitRepositorySpec defines the desired state of a Git repository. - properties: - accessFrom: - description: AccessFrom defines an Access Control List for allowing - cross-namespace references to this object. - properties: - namespaceSelectors: - description: NamespaceSelectors is the list of namespace selectors - to which this ACL applies. Items in this list are evaluated - using a logical OR operation. - items: - description: NamespaceSelector selects the namespaces to which - this ACL applies. An empty map of MatchLabels matches all - namespaces in a cluster. - properties: - matchLabels: - additionalProperties: - type: string - description: MatchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is - "key", the operator is "In", and the values array contains - only "value". The requirements are ANDed. - type: object - type: object - type: array - required: - - namespaceSelectors - type: object - gitImplementation: - default: go-git - description: Determines which git client library to use. Defaults - to go-git, valid values are ('go-git', 'libgit2'). - enum: - - go-git - - libgit2 - type: string - ignore: - description: Ignore overrides the set of excluded patterns in the - .sourceignore format (which is the same as .gitignore). If not provided, - a default will be used, consult the documentation for your version - to find out what those are. - type: string - include: - description: Extra git repositories to map into the repository - items: - description: GitRepositoryInclude defines a source with a from and - to path. - properties: - fromPath: - description: The path to copy contents from, defaults to the - root directory. - type: string - repository: - description: Reference to a GitRepository to include. - properties: - name: - description: Name of the referent. - type: string - required: - - name - type: object - toPath: - description: The path to copy contents to, defaults to the name - of the source ref. - type: string - required: - - repository - type: object - type: array - interval: - description: The interval at which to check for repository updates. - type: string - recurseSubmodules: - description: When enabled, after the clone is created, initializes - all submodules within, using their default settings. This option - is available only when using the 'go-git' GitImplementation. - type: boolean - ref: - description: The Git reference to checkout and monitor for changes, - defaults to master branch. - properties: - branch: - description: The Git branch to checkout, defaults to master. - type: string - commit: - description: The Git commit SHA to checkout, if specified Tag - filters will be ignored. - type: string - semver: - description: The Git tag semver expression, takes precedence over - Tag. - type: string - tag: - description: The Git tag to checkout, takes precedence over Branch. - type: string - type: object - secretRef: - description: The secret name containing the Git credentials. For HTTPS - repositories the secret must contain username and password fields. - For SSH repositories the secret must contain identity and known_hosts - fields. - properties: - name: - description: Name of the referent. - type: string - required: - - name - type: object - suspend: - description: This flag tells the controller to suspend the reconciliation - of this source. - type: boolean - timeout: - default: 60s - description: The timeout for remote Git operations like cloning, defaults - to 60s. - type: string - url: - description: The repository URL, can be a HTTP/S or SSH address. - pattern: ^(http|https|ssh)://.*$ - type: string - verify: - description: Verify OpenPGP signature for the Git commit HEAD points - to. - properties: - mode: - description: Mode describes what git object should be verified, - currently ('head'). - enum: - - head - type: string - secretRef: - description: The secret name containing the public keys of all - trusted Git authors. - properties: - name: - description: Name of the referent. - type: string - required: - - name - type: object - required: - - mode - type: object - required: - - interval - - url - type: object - status: - default: - observedGeneration: -1 - description: GitRepositoryStatus defines the observed state of a Git repository. - properties: - artifact: - description: Artifact represents the output of the last successful - repository sync. - properties: - checksum: - description: Checksum is the SHA256 checksum of the artifact. - type: string - lastUpdateTime: - description: LastUpdateTime is the timestamp corresponding to - the last update of this artifact. - format: date-time - type: string - path: - description: Path is the relative file path of this artifact. - type: string - revision: - description: Revision is a human readable identifier traceable - in the origin source system. It can be a Git commit SHA, Git - tag, a Helm index timestamp, a Helm chart version, etc. - type: string - url: - description: URL is the HTTP address of this artifact. - type: string - required: - - path - - url - type: object - conditions: - description: Conditions holds the conditions for the GitRepository. - items: - description: "Condition contains details for one aspect of the current - state of this API Resource. --- This struct is intended for direct - use as an array at the field path .status.conditions. For example, - \n type FooStatus struct{ // Represents the observations of a - foo's current state. // Known .status.conditions.type are: \"Available\", - \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge - // +listType=map // +listMapKey=type Conditions []metav1.Condition - `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" - protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" - properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should be when - the underlying condition changed. If that is not known, then - using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: message is a human readable message indicating - details about the transition. This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, if .metadata.generation - is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the current - state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic identifier indicating - the reason for the condition's last transition. Producers - of specific condition types may define expected values and - meanings for this field, and whether the values are considered - a guaranteed API. The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - includedArtifacts: - description: IncludedArtifacts represents the included artifacts from - the last successful repository sync. - items: - description: Artifact represents the output of a source synchronisation. - properties: - checksum: - description: Checksum is the SHA256 checksum of the artifact. - type: string - lastUpdateTime: - description: LastUpdateTime is the timestamp corresponding to - the last update of this artifact. - format: date-time - type: string - path: - description: Path is the relative file path of this artifact. - type: string - revision: - description: Revision is a human readable identifier traceable - in the origin source system. It can be a Git commit SHA, Git - tag, a Helm index timestamp, a Helm chart version, etc. - type: string - url: - description: URL is the HTTP address of this artifact. - type: string - required: - - path - - url - type: object - type: array - lastHandledReconcileAt: - description: LastHandledReconcileAt holds the value of the most recent - reconcile request value, so a change of the annotation value can - be detected. - type: string - observedGeneration: - description: ObservedGeneration is the last observed generation. - format: int64 - type: integer - url: - description: URL is the download link for the artifact output of the - last repository sync. - type: string - type: object - type: object - served: true - storage: false - subresources: - status: {} - - additionalPrinterColumns: - - jsonPath: .spec.url - name: URL - type: string - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - jsonPath: .status.conditions[?(@.type=="Ready")].status - name: Ready - type: string - - jsonPath: .status.conditions[?(@.type=="Ready")].message - name: Status - type: string - deprecated: true - deprecationWarning: v1beta2 GitRepository is deprecated, upgrade to v1 - name: v1beta2 - schema: - openAPIV3Schema: - description: GitRepository is the Schema for the gitrepositories API. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: GitRepositorySpec specifies the required configuration to - produce an Artifact for a Git repository. - properties: - accessFrom: - description: 'AccessFrom specifies an Access Control List for allowing - cross-namespace references to this object. NOTE: Not implemented, - provisional as of https://github.com/fluxcd/flux2/pull/2092' - properties: - namespaceSelectors: - description: NamespaceSelectors is the list of namespace selectors - to which this ACL applies. Items in this list are evaluated - using a logical OR operation. - items: - description: NamespaceSelector selects the namespaces to which - this ACL applies. An empty map of MatchLabels matches all - namespaces in a cluster. - properties: - matchLabels: - additionalProperties: - type: string - description: MatchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is - "key", the operator is "In", and the values array contains - only "value". The requirements are ANDed. - type: object - type: object - type: array - required: - - namespaceSelectors - type: object - gitImplementation: - default: go-git - description: 'GitImplementation specifies which Git client library - implementation to use. Defaults to ''go-git'', valid values are - (''go-git'', ''libgit2''). Deprecated: gitImplementation is deprecated - now that ''go-git'' is the only supported implementation.' - enum: - - go-git - - libgit2 - type: string - ignore: - description: Ignore overrides the set of excluded patterns in the - .sourceignore format (which is the same as .gitignore). If not provided, - a default will be used, consult the documentation for your version - to find out what those are. - type: string - include: - description: Include specifies a list of GitRepository resources which - Artifacts should be included in the Artifact produced for this GitRepository. - items: - description: GitRepositoryInclude specifies a local reference to - a GitRepository which Artifact (sub-)contents must be included, - and where they should be placed. - properties: - fromPath: - description: FromPath specifies the path to copy contents from, - defaults to the root of the Artifact. - type: string - repository: - description: GitRepositoryRef specifies the GitRepository which - Artifact contents must be included. - properties: - name: - description: Name of the referent. - type: string - required: - - name - type: object - toPath: - description: ToPath specifies the path to copy contents to, - defaults to the name of the GitRepositoryRef. - type: string - required: - - repository - type: object - type: array - interval: - description: Interval at which to check the GitRepository for updates. - pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ - type: string - recurseSubmodules: - description: RecurseSubmodules enables the initialization of all submodules - within the GitRepository as cloned from the URL, using their default - settings. - type: boolean - ref: - description: Reference specifies the Git reference to resolve and - monitor for changes, defaults to the 'master' branch. - properties: - branch: - description: Branch to check out, defaults to 'master' if no other - field is defined. - type: string - commit: - description: "Commit SHA to check out, takes precedence over all - reference fields. \n This can be combined with Branch to shallow - clone the branch, in which the commit is expected to exist." - type: string - name: - description: "Name of the reference to check out; takes precedence - over Branch, Tag and SemVer. \n It must be a valid Git reference: - https://git-scm.com/docs/git-check-ref-format#_description Examples: - \"refs/heads/main\", \"refs/tags/v0.1.0\", \"refs/pull/420/head\", - \"refs/merge-requests/1/head\"" - type: string - semver: - description: SemVer tag expression to check out, takes precedence - over Tag. - type: string - tag: - description: Tag to check out, takes precedence over Branch. - type: string - type: object - secretRef: - description: SecretRef specifies the Secret containing authentication - credentials for the GitRepository. For HTTPS repositories the Secret - must contain 'username' and 'password' fields for basic auth or - 'bearerToken' field for token auth. For SSH repositories the Secret - must contain 'identity' and 'known_hosts' fields. - properties: - name: - description: Name of the referent. - type: string - required: - - name - type: object - suspend: - description: Suspend tells the controller to suspend the reconciliation - of this GitRepository. - type: boolean - timeout: - default: 60s - description: Timeout for Git operations like cloning, defaults to - 60s. - pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m))+$ - type: string - url: - description: URL specifies the Git repository URL, it can be an HTTP/S - or SSH address. - pattern: ^(http|https|ssh)://.*$ - type: string - verify: - description: Verification specifies the configuration to verify the - Git commit signature(s). - properties: - mode: - description: Mode specifies what Git object should be verified, - currently ('head'). - enum: - - head - type: string - secretRef: - description: SecretRef specifies the Secret containing the public - keys of trusted Git authors. - properties: - name: - description: Name of the referent. - type: string - required: - - name - type: object - required: - - mode - - secretRef - type: object - required: - - interval - - url - type: object - status: - default: - observedGeneration: -1 - description: GitRepositoryStatus records the observed state of a Git repository. - properties: - artifact: - description: Artifact represents the last successful GitRepository - reconciliation. - properties: - digest: - description: Digest is the digest of the file in the form of ':'. - pattern: ^[a-z0-9]+(?:[.+_-][a-z0-9]+)*:[a-zA-Z0-9=_-]+$ - type: string - lastUpdateTime: - description: LastUpdateTime is the timestamp corresponding to - the last update of the Artifact. - format: date-time - type: string - metadata: - additionalProperties: - type: string - description: Metadata holds upstream information such as OCI annotations. - type: object - path: - description: Path is the relative file path of the Artifact. It - can be used to locate the file in the root of the Artifact storage - on the local file system of the controller managing the Source. - type: string - revision: - description: Revision is a human-readable identifier traceable - in the origin source system. It can be a Git commit SHA, Git - tag, a Helm chart version, etc. - type: string - size: - description: Size is the number of bytes in the file. - format: int64 - type: integer - url: - description: URL is the HTTP address of the Artifact as exposed - by the controller managing the Source. It can be used to retrieve - the Artifact for consumption, e.g. by another controller applying - the Artifact contents. - type: string - required: - - lastUpdateTime - - path - - revision - - url - type: object - conditions: - description: Conditions holds the conditions for the GitRepository. - items: - description: "Condition contains details for one aspect of the current - state of this API Resource. --- This struct is intended for direct - use as an array at the field path .status.conditions. For example, - \n type FooStatus struct{ // Represents the observations of a - foo's current state. // Known .status.conditions.type are: \"Available\", - \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge - // +listType=map // +listMapKey=type Conditions []metav1.Condition - `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" - protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" - properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should be when - the underlying condition changed. If that is not known, then - using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: message is a human readable message indicating - details about the transition. This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, if .metadata.generation - is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the current - state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic identifier indicating - the reason for the condition's last transition. Producers - of specific condition types may define expected values and - meanings for this field, and whether the values are considered - a guaranteed API. The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - contentConfigChecksum: - description: "ContentConfigChecksum is a checksum of all the configurations - related to the content of the source artifact: - .spec.ignore - - .spec.recurseSubmodules - .spec.included and the checksum of the - included artifacts observed in .status.observedGeneration version - of the object. This can be used to determine if the content of the - included repository has changed. It has the format of `:`, - for example: `sha256:`. \n Deprecated: Replaced with explicit - fields for observed artifact content config in the status." - type: string - includedArtifacts: - description: IncludedArtifacts contains a list of the last successfully - included Artifacts as instructed by GitRepositorySpec.Include. - items: - description: Artifact represents the output of a Source reconciliation. - properties: - digest: - description: Digest is the digest of the file in the form of - ':'. - pattern: ^[a-z0-9]+(?:[.+_-][a-z0-9]+)*:[a-zA-Z0-9=_-]+$ - type: string - lastUpdateTime: - description: LastUpdateTime is the timestamp corresponding to - the last update of the Artifact. - format: date-time - type: string - metadata: - additionalProperties: - type: string - description: Metadata holds upstream information such as OCI - annotations. - type: object - path: - description: Path is the relative file path of the Artifact. - It can be used to locate the file in the root of the Artifact - storage on the local file system of the controller managing - the Source. - type: string - revision: - description: Revision is a human-readable identifier traceable - in the origin source system. It can be a Git commit SHA, Git - tag, a Helm chart version, etc. - type: string - size: - description: Size is the number of bytes in the file. - format: int64 - type: integer - url: - description: URL is the HTTP address of the Artifact as exposed - by the controller managing the Source. It can be used to retrieve - the Artifact for consumption, e.g. by another controller applying - the Artifact contents. - type: string - required: - - lastUpdateTime - - path - - revision - - url - type: object - type: array - lastHandledReconcileAt: - description: LastHandledReconcileAt holds the value of the most recent - reconcile request value, so a change of the annotation value can - be detected. - type: string - observedGeneration: - description: ObservedGeneration is the last observed generation of - the GitRepository object. - format: int64 - type: integer - observedIgnore: - description: ObservedIgnore is the observed exclusion patterns used - for constructing the source artifact. - type: string - observedInclude: - description: ObservedInclude is the observed list of GitRepository - resources used to to produce the current Artifact. - items: - description: GitRepositoryInclude specifies a local reference to - a GitRepository which Artifact (sub-)contents must be included, - and where they should be placed. - properties: - fromPath: - description: FromPath specifies the path to copy contents from, - defaults to the root of the Artifact. - type: string - repository: - description: GitRepositoryRef specifies the GitRepository which - Artifact contents must be included. - properties: - name: - description: Name of the referent. - type: string - required: - - name - type: object - toPath: - description: ToPath specifies the path to copy contents to, - defaults to the name of the GitRepositoryRef. - type: string - required: - - repository - type: object - type: array - observedRecurseSubmodules: - description: ObservedRecurseSubmodules is the observed resource submodules - configuration used to produce the current Artifact. - type: boolean - url: - description: URL is the dynamic fetch link for the latest Artifact. - It is provided on a "best effort" basis, and using the precise GitRepositoryStatus.Artifact - data is recommended. - type: string - type: object - type: object - served: true - storage: false - subresources: - status: {} ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.12.0 - labels: - app.kubernetes.io/component: source-controller - app.kubernetes.io/instance: flux-system - app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.1.2 - name: helmcharts.source.toolkit.fluxcd.io -spec: - group: source.toolkit.fluxcd.io - names: - kind: HelmChart - listKind: HelmChartList - plural: helmcharts - shortNames: - - hc - singular: helmchart - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .spec.chart - name: Chart - type: string - - jsonPath: .spec.version - name: Version - type: string - - jsonPath: .spec.sourceRef.kind - name: Source Kind - type: string - - jsonPath: .spec.sourceRef.name - name: Source Name - type: string - - jsonPath: .status.conditions[?(@.type=="Ready")].status - name: Ready - type: string - - jsonPath: .status.conditions[?(@.type=="Ready")].message - name: Status - type: string - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1beta1 - schema: - openAPIV3Schema: - description: HelmChart is the Schema for the helmcharts API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: HelmChartSpec defines the desired state of a Helm chart. - properties: - accessFrom: - description: AccessFrom defines an Access Control List for allowing - cross-namespace references to this object. - properties: - namespaceSelectors: - description: NamespaceSelectors is the list of namespace selectors - to which this ACL applies. Items in this list are evaluated - using a logical OR operation. - items: - description: NamespaceSelector selects the namespaces to which - this ACL applies. An empty map of MatchLabels matches all - namespaces in a cluster. - properties: - matchLabels: - additionalProperties: - type: string - description: MatchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is - "key", the operator is "In", and the values array contains - only "value". The requirements are ANDed. - type: object - type: object - type: array - required: - - namespaceSelectors - type: object - chart: - description: The name or path the Helm chart is available at in the - SourceRef. - type: string - interval: - description: The interval at which to check the Source for updates. - type: string - reconcileStrategy: - default: ChartVersion - description: Determines what enables the creation of a new artifact. - Valid values are ('ChartVersion', 'Revision'). See the documentation - of the values for an explanation on their behavior. Defaults to - ChartVersion when omitted. - enum: - - ChartVersion - - Revision - type: string - sourceRef: - description: The reference to the Source the chart is available at. - properties: - apiVersion: - description: APIVersion of the referent. - type: string - kind: - description: Kind of the referent, valid values are ('HelmRepository', - 'GitRepository', 'Bucket'). - enum: - - HelmRepository - - GitRepository - - Bucket - type: string - name: - description: Name of the referent. - type: string - required: - - kind - - name - type: object - suspend: - description: This flag tells the controller to suspend the reconciliation - of this source. - type: boolean - valuesFile: - description: Alternative values file to use as the default chart values, - expected to be a relative path in the SourceRef. Deprecated in favor - of ValuesFiles, for backwards compatibility the file defined here - is merged before the ValuesFiles items. Ignored when omitted. - type: string - valuesFiles: - description: Alternative list of values files to use as the chart - values (values.yaml is not included by default), expected to be - a relative path in the SourceRef. Values files are merged in the - order of this list with the last file overriding the first. Ignored - when omitted. - items: - type: string - type: array - version: - default: '*' - description: The chart version semver expression, ignored for charts - from GitRepository and Bucket sources. Defaults to latest when omitted. - type: string - required: - - chart - - interval - - sourceRef - type: object - status: - default: - observedGeneration: -1 - description: HelmChartStatus defines the observed state of the HelmChart. - properties: - artifact: - description: Artifact represents the output of the last successful - chart sync. - properties: - checksum: - description: Checksum is the SHA256 checksum of the artifact. - type: string - lastUpdateTime: - description: LastUpdateTime is the timestamp corresponding to - the last update of this artifact. - format: date-time - type: string - path: - description: Path is the relative file path of this artifact. - type: string - revision: - description: Revision is a human readable identifier traceable - in the origin source system. It can be a Git commit SHA, Git - tag, a Helm index timestamp, a Helm chart version, etc. - type: string - url: - description: URL is the HTTP address of this artifact. - type: string - required: - - path - - url - type: object - conditions: - description: Conditions holds the conditions for the HelmChart. - items: - description: "Condition contains details for one aspect of the current - state of this API Resource. --- This struct is intended for direct - use as an array at the field path .status.conditions. For example, - \n type FooStatus struct{ // Represents the observations of a - foo's current state. // Known .status.conditions.type are: \"Available\", - \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge - // +listType=map // +listMapKey=type Conditions []metav1.Condition - `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" - protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" - properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should be when - the underlying condition changed. If that is not known, then - using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: message is a human readable message indicating - details about the transition. This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, if .metadata.generation - is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the current - state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic identifier indicating - the reason for the condition's last transition. Producers - of specific condition types may define expected values and - meanings for this field, and whether the values are considered - a guaranteed API. The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - lastHandledReconcileAt: - description: LastHandledReconcileAt holds the value of the most recent - reconcile request value, so a change of the annotation value can - be detected. - type: string - observedGeneration: - description: ObservedGeneration is the last observed generation. - format: int64 - type: integer - url: - description: URL is the download link for the last chart pulled. - type: string - type: object - type: object - served: true - storage: false - subresources: - status: {} - - additionalPrinterColumns: - - jsonPath: .spec.chart - name: Chart - type: string - - jsonPath: .spec.version - name: Version - type: string - - jsonPath: .spec.sourceRef.kind - name: Source Kind - type: string - - jsonPath: .spec.sourceRef.name - name: Source Name - type: string - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - jsonPath: .status.conditions[?(@.type=="Ready")].status - name: Ready - type: string - - jsonPath: .status.conditions[?(@.type=="Ready")].message - name: Status - type: string - name: v1beta2 - schema: - openAPIV3Schema: - description: HelmChart is the Schema for the helmcharts API. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: HelmChartSpec specifies the desired state of a Helm chart. - properties: - accessFrom: - description: 'AccessFrom specifies an Access Control List for allowing - cross-namespace references to this object. NOTE: Not implemented, - provisional as of https://github.com/fluxcd/flux2/pull/2092' - properties: - namespaceSelectors: - description: NamespaceSelectors is the list of namespace selectors - to which this ACL applies. Items in this list are evaluated - using a logical OR operation. - items: - description: NamespaceSelector selects the namespaces to which - this ACL applies. An empty map of MatchLabels matches all - namespaces in a cluster. - properties: - matchLabels: - additionalProperties: - type: string - description: MatchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is - "key", the operator is "In", and the values array contains - only "value". The requirements are ANDed. - type: object - type: object - type: array - required: - - namespaceSelectors - type: object - chart: - description: Chart is the name or path the Helm chart is available - at in the SourceRef. - type: string - interval: - description: Interval at which the HelmChart SourceRef is checked - for updates. This interval is approximate and may be subject to - jitter to ensure efficient use of resources. - pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ - type: string - reconcileStrategy: - default: ChartVersion - description: ReconcileStrategy determines what enables the creation - of a new artifact. Valid values are ('ChartVersion', 'Revision'). - See the documentation of the values for an explanation on their - behavior. Defaults to ChartVersion when omitted. - enum: - - ChartVersion - - Revision - type: string - sourceRef: - description: SourceRef is the reference to the Source the chart is - available at. - properties: - apiVersion: - description: APIVersion of the referent. - type: string - kind: - description: Kind of the referent, valid values are ('HelmRepository', - 'GitRepository', 'Bucket'). - enum: - - HelmRepository - - GitRepository - - Bucket - type: string - name: - description: Name of the referent. - type: string - required: - - kind - - name - type: object - suspend: - description: Suspend tells the controller to suspend the reconciliation - of this source. - type: boolean - valuesFile: - description: ValuesFile is an alternative values file to use as the - default chart values, expected to be a relative path in the SourceRef. - Deprecated in favor of ValuesFiles, for backwards compatibility - the file specified here is merged before the ValuesFiles items. - Ignored when omitted. - type: string - valuesFiles: - description: ValuesFiles is an alternative list of values files to - use as the chart values (values.yaml is not included by default), - expected to be a relative path in the SourceRef. Values files are - merged in the order of this list with the last file overriding the - first. Ignored when omitted. - items: - type: string - type: array - verify: - description: Verify contains the secret name containing the trusted - public keys used to verify the signature and specifies which provider - to use to check whether OCI image is authentic. This field is only - supported when using HelmRepository source with spec.type 'oci'. - Chart dependencies, which are not bundled in the umbrella chart - artifact, are not verified. - properties: - provider: - default: cosign - description: Provider specifies the technology used to sign the - OCI Artifact. - enum: - - cosign - type: string - secretRef: - description: SecretRef specifies the Kubernetes Secret containing - the trusted public keys. - properties: - name: - description: Name of the referent. - type: string - required: - - name - type: object - required: - - provider - type: object - version: - default: '*' - description: Version is the chart version semver expression, ignored - for charts from GitRepository and Bucket sources. Defaults to latest - when omitted. - type: string - required: - - chart - - interval - - sourceRef - type: object - status: - default: - observedGeneration: -1 - description: HelmChartStatus records the observed state of the HelmChart. - properties: - artifact: - description: Artifact represents the output of the last successful - reconciliation. - properties: - digest: - description: Digest is the digest of the file in the form of ':'. - pattern: ^[a-z0-9]+(?:[.+_-][a-z0-9]+)*:[a-zA-Z0-9=_-]+$ - type: string - lastUpdateTime: - description: LastUpdateTime is the timestamp corresponding to - the last update of the Artifact. - format: date-time - type: string - metadata: - additionalProperties: - type: string - description: Metadata holds upstream information such as OCI annotations. - type: object - path: - description: Path is the relative file path of the Artifact. It - can be used to locate the file in the root of the Artifact storage - on the local file system of the controller managing the Source. - type: string - revision: - description: Revision is a human-readable identifier traceable - in the origin source system. It can be a Git commit SHA, Git - tag, a Helm chart version, etc. - type: string - size: - description: Size is the number of bytes in the file. - format: int64 - type: integer - url: - description: URL is the HTTP address of the Artifact as exposed - by the controller managing the Source. It can be used to retrieve - the Artifact for consumption, e.g. by another controller applying - the Artifact contents. - type: string - required: - - lastUpdateTime - - path - - revision - - url - type: object - conditions: - description: Conditions holds the conditions for the HelmChart. - items: - description: "Condition contains details for one aspect of the current - state of this API Resource. --- This struct is intended for direct - use as an array at the field path .status.conditions. For example, - \n type FooStatus struct{ // Represents the observations of a - foo's current state. // Known .status.conditions.type are: \"Available\", - \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge - // +listType=map // +listMapKey=type Conditions []metav1.Condition - `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" - protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" - properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should be when - the underlying condition changed. If that is not known, then - using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: message is a human readable message indicating - details about the transition. This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, if .metadata.generation - is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the current - state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic identifier indicating - the reason for the condition's last transition. Producers - of specific condition types may define expected values and - meanings for this field, and whether the values are considered - a guaranteed API. The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - lastHandledReconcileAt: - description: LastHandledReconcileAt holds the value of the most recent - reconcile request value, so a change of the annotation value can - be detected. - type: string - observedChartName: - description: ObservedChartName is the last observed chart name as - specified by the resolved chart reference. - type: string - observedGeneration: - description: ObservedGeneration is the last observed generation of - the HelmChart object. - format: int64 - type: integer - observedSourceArtifactRevision: - description: ObservedSourceArtifactRevision is the last observed Artifact.Revision - of the HelmChartSpec.SourceRef. - type: string - url: - description: URL is the dynamic fetch link for the latest Artifact. - It is provided on a "best effort" basis, and using the precise BucketStatus.Artifact - data is recommended. - type: string - type: object - type: object - served: true - storage: true - subresources: - status: {} ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.12.0 - labels: - app.kubernetes.io/component: source-controller - app.kubernetes.io/instance: flux-system - app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.1.2 - name: helmrepositories.source.toolkit.fluxcd.io -spec: - group: source.toolkit.fluxcd.io - names: - kind: HelmRepository - listKind: HelmRepositoryList - plural: helmrepositories - shortNames: - - helmrepo - singular: helmrepository - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .spec.url - name: URL - type: string - - jsonPath: .status.conditions[?(@.type=="Ready")].status - name: Ready - type: string - - jsonPath: .status.conditions[?(@.type=="Ready")].message - name: Status - type: string - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1beta1 - schema: - openAPIV3Schema: - description: HelmRepository is the Schema for the helmrepositories API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: HelmRepositorySpec defines the reference to a Helm repository. - properties: - accessFrom: - description: AccessFrom defines an Access Control List for allowing - cross-namespace references to this object. - properties: - namespaceSelectors: - description: NamespaceSelectors is the list of namespace selectors - to which this ACL applies. Items in this list are evaluated - using a logical OR operation. - items: - description: NamespaceSelector selects the namespaces to which - this ACL applies. An empty map of MatchLabels matches all - namespaces in a cluster. - properties: - matchLabels: - additionalProperties: - type: string - description: MatchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is - "key", the operator is "In", and the values array contains - only "value". The requirements are ANDed. - type: object - type: object - type: array - required: - - namespaceSelectors - type: object - interval: - description: The interval at which to check the upstream for updates. - type: string - passCredentials: - description: PassCredentials allows the credentials from the SecretRef - to be passed on to a host that does not match the host as defined - in URL. This may be required if the host of the advertised chart - URLs in the index differ from the defined URL. Enabling this should - be done with caution, as it can potentially result in credentials - getting stolen in a MITM-attack. - type: boolean - secretRef: - description: The name of the secret containing authentication credentials - for the Helm repository. For HTTP/S basic auth the secret must contain - username and password fields. For TLS the secret must contain a - certFile and keyFile, and/or caFile fields. - properties: - name: - description: Name of the referent. - type: string - required: - - name - type: object - suspend: - description: This flag tells the controller to suspend the reconciliation - of this source. - type: boolean - timeout: - default: 60s - description: The timeout of index downloading, defaults to 60s. - type: string - url: - description: The Helm repository URL, a valid URL contains at least - a protocol and host. - type: string - required: - - interval - - url - type: object - status: - default: - observedGeneration: -1 - description: HelmRepositoryStatus defines the observed state of the HelmRepository. - properties: - artifact: - description: Artifact represents the output of the last successful - repository sync. - properties: - checksum: - description: Checksum is the SHA256 checksum of the artifact. - type: string - lastUpdateTime: - description: LastUpdateTime is the timestamp corresponding to - the last update of this artifact. - format: date-time - type: string - path: - description: Path is the relative file path of this artifact. - type: string - revision: - description: Revision is a human readable identifier traceable - in the origin source system. It can be a Git commit SHA, Git - tag, a Helm index timestamp, a Helm chart version, etc. - type: string - url: - description: URL is the HTTP address of this artifact. - type: string - required: - - path - - url - type: object - conditions: - description: Conditions holds the conditions for the HelmRepository. - items: - description: "Condition contains details for one aspect of the current - state of this API Resource. --- This struct is intended for direct - use as an array at the field path .status.conditions. For example, - \n type FooStatus struct{ // Represents the observations of a - foo's current state. // Known .status.conditions.type are: \"Available\", - \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge - // +listType=map // +listMapKey=type Conditions []metav1.Condition - `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" - protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" - properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should be when - the underlying condition changed. If that is not known, then - using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: message is a human readable message indicating - details about the transition. This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, if .metadata.generation - is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the current - state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic identifier indicating - the reason for the condition's last transition. Producers - of specific condition types may define expected values and - meanings for this field, and whether the values are considered - a guaranteed API. The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - lastHandledReconcileAt: - description: LastHandledReconcileAt holds the value of the most recent - reconcile request value, so a change of the annotation value can - be detected. - type: string - observedGeneration: - description: ObservedGeneration is the last observed generation. - format: int64 - type: integer - url: - description: URL is the download link for the last index fetched. - type: string - type: object - type: object - served: true - storage: false - subresources: - status: {} - - additionalPrinterColumns: - - jsonPath: .spec.url - name: URL - type: string - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - jsonPath: .status.conditions[?(@.type=="Ready")].status - name: Ready - type: string - - jsonPath: .status.conditions[?(@.type=="Ready")].message - name: Status - type: string - name: v1beta2 - schema: - openAPIV3Schema: - description: HelmRepository is the Schema for the helmrepositories API. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: HelmRepositorySpec specifies the required configuration to - produce an Artifact for a Helm repository index YAML. - properties: - accessFrom: - description: 'AccessFrom specifies an Access Control List for allowing - cross-namespace references to this object. NOTE: Not implemented, - provisional as of https://github.com/fluxcd/flux2/pull/2092' - properties: - namespaceSelectors: - description: NamespaceSelectors is the list of namespace selectors - to which this ACL applies. Items in this list are evaluated - using a logical OR operation. - items: - description: NamespaceSelector selects the namespaces to which - this ACL applies. An empty map of MatchLabels matches all - namespaces in a cluster. - properties: - matchLabels: - additionalProperties: - type: string - description: MatchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is - "key", the operator is "In", and the values array contains - only "value". The requirements are ANDed. - type: object - type: object - type: array - required: - - namespaceSelectors - type: object - certSecretRef: - description: "CertSecretRef can be given the name of a Secret containing - either or both of \n - a PEM-encoded client certificate (`tls.crt`) - and private key (`tls.key`); - a PEM-encoded CA certificate (`ca.crt`) - \n and whichever are supplied, will be used for connecting to the - registry. The client cert and key are useful if you are authenticating - with a certificate; the CA cert is useful if you are using a self-signed - server certificate. The Secret must be of type `Opaque` or `kubernetes.io/tls`. - \n It takes precedence over the values specified in the Secret referred - to by `.spec.secretRef`." - properties: - name: - description: Name of the referent. - type: string - required: - - name - type: object - interval: - description: Interval at which the HelmRepository URL is checked for - updates. This interval is approximate and may be subject to jitter - to ensure efficient use of resources. - pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ - type: string - passCredentials: - description: PassCredentials allows the credentials from the SecretRef - to be passed on to a host that does not match the host as defined - in URL. This may be required if the host of the advertised chart - URLs in the index differ from the defined URL. Enabling this should - be done with caution, as it can potentially result in credentials - getting stolen in a MITM-attack. - type: boolean - provider: - default: generic - description: Provider used for authentication, can be 'aws', 'azure', - 'gcp' or 'generic'. This field is optional, and only taken into - account if the .spec.type field is set to 'oci'. When not specified, - defaults to 'generic'. - enum: - - generic - - aws - - azure - - gcp - type: string - secretRef: - description: SecretRef specifies the Secret containing authentication - credentials for the HelmRepository. For HTTP/S basic auth the secret - must contain 'username' and 'password' fields. Support for TLS auth - using the 'certFile' and 'keyFile', and/or 'caFile' keys is deprecated. - Please use `.spec.certSecretRef` instead. - properties: - name: - description: Name of the referent. - type: string - required: - - name - type: object - suspend: - description: Suspend tells the controller to suspend the reconciliation - of this HelmRepository. - type: boolean - timeout: - default: 60s - description: Timeout is used for the index fetch operation for an - HTTPS helm repository, and for remote OCI Repository operations - like pulling for an OCI helm repository. Its default value is 60s. - pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m))+$ - type: string - type: - description: Type of the HelmRepository. When this field is set to "oci", - the URL field value must be prefixed with "oci://". - enum: - - default - - oci - type: string - url: - description: URL of the Helm repository, a valid URL contains at least - a protocol and host. - type: string - required: - - interval - - url - type: object - status: - default: - observedGeneration: -1 - description: HelmRepositoryStatus records the observed state of the HelmRepository. - properties: - artifact: - description: Artifact represents the last successful HelmRepository - reconciliation. - properties: - digest: - description: Digest is the digest of the file in the form of ':'. - pattern: ^[a-z0-9]+(?:[.+_-][a-z0-9]+)*:[a-zA-Z0-9=_-]+$ - type: string - lastUpdateTime: - description: LastUpdateTime is the timestamp corresponding to - the last update of the Artifact. - format: date-time - type: string - metadata: - additionalProperties: - type: string - description: Metadata holds upstream information such as OCI annotations. - type: object - path: - description: Path is the relative file path of the Artifact. It - can be used to locate the file in the root of the Artifact storage - on the local file system of the controller managing the Source. - type: string - revision: - description: Revision is a human-readable identifier traceable - in the origin source system. It can be a Git commit SHA, Git - tag, a Helm chart version, etc. - type: string - size: - description: Size is the number of bytes in the file. - format: int64 - type: integer - url: - description: URL is the HTTP address of the Artifact as exposed - by the controller managing the Source. It can be used to retrieve - the Artifact for consumption, e.g. by another controller applying - the Artifact contents. - type: string - required: - - lastUpdateTime - - path - - revision - - url - type: object - conditions: - description: Conditions holds the conditions for the HelmRepository. - items: - description: "Condition contains details for one aspect of the current - state of this API Resource. --- This struct is intended for direct - use as an array at the field path .status.conditions. For example, - \n type FooStatus struct{ // Represents the observations of a - foo's current state. // Known .status.conditions.type are: \"Available\", - \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge - // +listType=map // +listMapKey=type Conditions []metav1.Condition - `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" - protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" - properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should be when - the underlying condition changed. If that is not known, then - using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: message is a human readable message indicating - details about the transition. This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, if .metadata.generation - is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the current - state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic identifier indicating - the reason for the condition's last transition. Producers - of specific condition types may define expected values and - meanings for this field, and whether the values are considered - a guaranteed API. The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - lastHandledReconcileAt: - description: LastHandledReconcileAt holds the value of the most recent - reconcile request value, so a change of the annotation value can - be detected. - type: string - observedGeneration: - description: ObservedGeneration is the last observed generation of - the HelmRepository object. - format: int64 - type: integer - url: - description: URL is the dynamic fetch link for the latest Artifact. - It is provided on a "best effort" basis, and using the precise HelmRepositoryStatus.Artifact - data is recommended. - type: string - type: object - type: object - served: true - storage: true - subresources: - status: {} ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.12.0 - labels: - app.kubernetes.io/component: source-controller - app.kubernetes.io/instance: flux-system - app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.1.2 - name: ocirepositories.source.toolkit.fluxcd.io -spec: - group: source.toolkit.fluxcd.io - names: - kind: OCIRepository - listKind: OCIRepositoryList - plural: ocirepositories - shortNames: - - ocirepo - singular: ocirepository - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .spec.url - name: URL - type: string - - jsonPath: .status.conditions[?(@.type=="Ready")].status - name: Ready - type: string - - jsonPath: .status.conditions[?(@.type=="Ready")].message - name: Status - type: string - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1beta2 - schema: - openAPIV3Schema: - description: OCIRepository is the Schema for the ocirepositories API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: OCIRepositorySpec defines the desired state of OCIRepository - properties: - certSecretRef: - description: "CertSecretRef can be given the name of a Secret containing - either or both of \n - a PEM-encoded client certificate (`tls.crt`) - and private key (`tls.key`); - a PEM-encoded CA certificate (`ca.crt`) - \n and whichever are supplied, will be used for connecting to the - registry. The client cert and key are useful if you are authenticating - with a certificate; the CA cert is useful if you are using a self-signed - server certificate. The Secret must be of type `Opaque` or `kubernetes.io/tls`. - \n Note: Support for the `caFile`, `certFile` and `keyFile` keys - have been deprecated." - properties: - name: - description: Name of the referent. - type: string - required: - - name - type: object - ignore: - description: Ignore overrides the set of excluded patterns in the - .sourceignore format (which is the same as .gitignore). If not provided, - a default will be used, consult the documentation for your version - to find out what those are. - type: string - insecure: - description: Insecure allows connecting to a non-TLS HTTP container - registry. - type: boolean - interval: - description: Interval at which the OCIRepository URL is checked for - updates. This interval is approximate and may be subject to jitter - to ensure efficient use of resources. - pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ - type: string - layerSelector: - description: LayerSelector specifies which layer should be extracted - from the OCI artifact. When not specified, the first layer found - in the artifact is selected. - properties: - mediaType: - description: MediaType specifies the OCI media type of the layer - which should be extracted from the OCI Artifact. The first layer - matching this type is selected. - type: string - operation: - description: Operation specifies how the selected layer should - be processed. By default, the layer compressed content is extracted - to storage. When the operation is set to 'copy', the layer compressed - content is persisted to storage as it is. - enum: - - extract - - copy - type: string - type: object - provider: - default: generic - description: The provider used for authentication, can be 'aws', 'azure', - 'gcp' or 'generic'. When not specified, defaults to 'generic'. - enum: - - generic - - aws - - azure - - gcp - type: string - ref: - description: The OCI reference to pull and monitor for changes, defaults - to the latest tag. - properties: - digest: - description: Digest is the image digest to pull, takes precedence - over SemVer. The value should be in the format 'sha256:'. - type: string - semver: - description: SemVer is the range of tags to pull selecting the - latest within the range, takes precedence over Tag. - type: string - tag: - description: Tag is the image tag to pull, defaults to latest. - type: string - type: object - secretRef: - description: SecretRef contains the secret name containing the registry - login credentials to resolve image metadata. The secret must be - of type kubernetes.io/dockerconfigjson. - properties: - name: - description: Name of the referent. - type: string - required: - - name - type: object - serviceAccountName: - description: 'ServiceAccountName is the name of the Kubernetes ServiceAccount - used to authenticate the image pull if the service account has attached - pull secrets. For more information: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#add-imagepullsecrets-to-a-service-account' - type: string - suspend: - description: This flag tells the controller to suspend the reconciliation - of this source. - type: boolean - timeout: - default: 60s - description: The timeout for remote OCI Repository operations like - pulling, defaults to 60s. - pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m))+$ - type: string - url: - description: URL is a reference to an OCI artifact repository hosted - on a remote container registry. - pattern: ^oci://.*$ - type: string - verify: - description: Verify contains the secret name containing the trusted - public keys used to verify the signature and specifies which provider - to use to check whether OCI image is authentic. - properties: - provider: - default: cosign - description: Provider specifies the technology used to sign the - OCI Artifact. - enum: - - cosign - type: string - secretRef: - description: SecretRef specifies the Kubernetes Secret containing - the trusted public keys. - properties: - name: - description: Name of the referent. - type: string - required: - - name - type: object - required: - - provider - type: object - required: - - interval - - url - type: object - status: - default: - observedGeneration: -1 - description: OCIRepositoryStatus defines the observed state of OCIRepository - properties: - artifact: - description: Artifact represents the output of the last successful - OCI Repository sync. - properties: - digest: - description: Digest is the digest of the file in the form of ':'. - pattern: ^[a-z0-9]+(?:[.+_-][a-z0-9]+)*:[a-zA-Z0-9=_-]+$ - type: string - lastUpdateTime: - description: LastUpdateTime is the timestamp corresponding to - the last update of the Artifact. - format: date-time - type: string - metadata: - additionalProperties: - type: string - description: Metadata holds upstream information such as OCI annotations. - type: object - path: - description: Path is the relative file path of the Artifact. It - can be used to locate the file in the root of the Artifact storage - on the local file system of the controller managing the Source. - type: string - revision: - description: Revision is a human-readable identifier traceable - in the origin source system. It can be a Git commit SHA, Git - tag, a Helm chart version, etc. - type: string - size: - description: Size is the number of bytes in the file. - format: int64 - type: integer - url: - description: URL is the HTTP address of the Artifact as exposed - by the controller managing the Source. It can be used to retrieve - the Artifact for consumption, e.g. by another controller applying - the Artifact contents. - type: string - required: - - lastUpdateTime - - path - - revision - - url - type: object - conditions: - description: Conditions holds the conditions for the OCIRepository. - items: - description: "Condition contains details for one aspect of the current - state of this API Resource. --- This struct is intended for direct - use as an array at the field path .status.conditions. For example, - \n type FooStatus struct{ // Represents the observations of a - foo's current state. // Known .status.conditions.type are: \"Available\", - \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge - // +listType=map // +listMapKey=type Conditions []metav1.Condition - `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" - protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" - properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should be when - the underlying condition changed. If that is not known, then - using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: message is a human readable message indicating - details about the transition. This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, if .metadata.generation - is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the current - state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic identifier indicating - the reason for the condition's last transition. Producers - of specific condition types may define expected values and - meanings for this field, and whether the values are considered - a guaranteed API. The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - contentConfigChecksum: - description: "ContentConfigChecksum is a checksum of all the configurations - related to the content of the source artifact: - .spec.ignore - - .spec.layerSelector observed in .status.observedGeneration version - of the object. This can be used to determine if the content configuration - has changed and the artifact needs to be rebuilt. It has the format - of `:`, for example: `sha256:`. \n Deprecated: - Replaced with explicit fields for observed artifact content config - in the status." - type: string - lastHandledReconcileAt: - description: LastHandledReconcileAt holds the value of the most recent - reconcile request value, so a change of the annotation value can - be detected. - type: string - observedGeneration: - description: ObservedGeneration is the last observed generation. - format: int64 - type: integer - observedIgnore: - description: ObservedIgnore is the observed exclusion patterns used - for constructing the source artifact. - type: string - observedLayerSelector: - description: ObservedLayerSelector is the observed layer selector - used for constructing the source artifact. - properties: - mediaType: - description: MediaType specifies the OCI media type of the layer - which should be extracted from the OCI Artifact. The first layer - matching this type is selected. - type: string - operation: - description: Operation specifies how the selected layer should - be processed. By default, the layer compressed content is extracted - to storage. When the operation is set to 'copy', the layer compressed - content is persisted to storage as it is. - enum: - - extract - - copy - type: string - type: object - url: - description: URL is the download link for the artifact output of the - last OCI Repository sync. - type: string - type: object - type: object - served: true - storage: true - subresources: - status: {} ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: - app.kubernetes.io/component: source-controller - app.kubernetes.io/instance: flux-system - app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.1.2 - name: source-controller - namespace: flux-system ---- -apiVersion: v1 -kind: Service -metadata: - labels: - app.kubernetes.io/component: source-controller - app.kubernetes.io/instance: flux-system - app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.1.2 - control-plane: controller - name: source-controller - namespace: flux-system -spec: - ports: - - name: http - port: 80 - protocol: TCP - targetPort: http - selector: - app: source-controller - type: ClusterIP ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app.kubernetes.io/component: source-controller - app.kubernetes.io/instance: flux-system - app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.1.2 - control-plane: controller - name: source-controller - namespace: flux-system -spec: - replicas: 1 - selector: - matchLabels: - app: source-controller - strategy: - type: Recreate - template: - metadata: - annotations: - prometheus.io/port: "8080" - prometheus.io/scrape: "true" - labels: - app: source-controller - spec: - containers: - - args: - - --events-addr=http://notification-controller.flux-system.svc.cluster.local./ - - --watch-all-namespaces=true - - --log-level=info - - --log-encoding=json - - --enable-leader-election - - --storage-path=/data - - --storage-adv-addr=source-controller.$(RUNTIME_NAMESPACE).svc.cluster.local. - env: - - name: RUNTIME_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: TUF_ROOT - value: /tmp/.sigstore - image: ghcr.io/fluxcd/source-controller:v1.1.2 - imagePullPolicy: IfNotPresent - livenessProbe: - httpGet: - path: /healthz - port: healthz - name: manager - ports: - - containerPort: 9090 - name: http - protocol: TCP - - containerPort: 8080 - name: http-prom - protocol: TCP - - containerPort: 9440 - name: healthz - protocol: TCP - readinessProbe: - httpGet: - path: / - port: http - resources: - limits: - cpu: 1000m - memory: 1Gi - requests: - cpu: 50m - memory: 64Mi - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - readOnlyRootFilesystem: true - runAsNonRoot: true - seccompProfile: - type: RuntimeDefault - volumeMounts: - - mountPath: /data - name: data - - mountPath: /tmp - name: tmp - nodeSelector: - kubernetes.io/os: linux - priorityClassName: system-cluster-critical - securityContext: - fsGroup: 1337 - serviceAccountName: source-controller - terminationGracePeriodSeconds: 10 - volumes: - - emptyDir: {} - name: data - - emptyDir: {} - name: tmp ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.12.0 - labels: - app.kubernetes.io/component: kustomize-controller - app.kubernetes.io/instance: flux-system - app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.1.2 - name: kustomizations.kustomize.toolkit.fluxcd.io -spec: - group: kustomize.toolkit.fluxcd.io - names: - kind: Kustomization - listKind: KustomizationList - plural: kustomizations - shortNames: - - ks - singular: kustomization - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - jsonPath: .status.conditions[?(@.type=="Ready")].status - name: Ready - type: string - - jsonPath: .status.conditions[?(@.type=="Ready")].message - name: Status - type: string - name: v1 - schema: - openAPIV3Schema: - description: Kustomization is the Schema for the kustomizations API. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: KustomizationSpec defines the configuration to calculate - the desired state from a Source using Kustomize. - properties: - commonMetadata: - description: CommonMetadata specifies the common labels and annotations - that are applied to all resources. Any existing label or annotation - will be overridden if its key matches a common one. - properties: - annotations: - additionalProperties: - type: string - description: Annotations to be added to the object's metadata. - type: object - labels: - additionalProperties: - type: string - description: Labels to be added to the object's metadata. - type: object - type: object - components: - description: Components specifies relative paths to specifications - of other Components. - items: - type: string - type: array - decryption: - description: Decrypt Kubernetes secrets before applying them on the - cluster. - properties: - provider: - description: Provider is the name of the decryption engine. - enum: - - sops - type: string - secretRef: - description: The secret name containing the private OpenPGP keys - used for decryption. - properties: - name: - description: Name of the referent. - type: string - required: - - name - type: object - required: - - provider - type: object - dependsOn: - description: DependsOn may contain a meta.NamespacedObjectReference - slice with references to Kustomization resources that must be ready - before this Kustomization can be reconciled. - items: - description: NamespacedObjectReference contains enough information - to locate the referenced Kubernetes resource object in any namespace. - properties: - name: - description: Name of the referent. - type: string - namespace: - description: Namespace of the referent, when not specified it - acts as LocalObjectReference. - type: string - required: - - name - type: object - type: array - force: - default: false - description: Force instructs the controller to recreate resources - when patching fails due to an immutable field change. - type: boolean - healthChecks: - description: A list of resources to be included in the health assessment. - items: - description: NamespacedObjectKindReference contains enough information - to locate the typed referenced Kubernetes resource object in any - namespace. - properties: - apiVersion: - description: API version of the referent, if not specified the - Kubernetes preferred version will be used. - type: string - kind: - description: Kind of the referent. - type: string - name: - description: Name of the referent. - type: string - namespace: - description: Namespace of the referent, when not specified it - acts as LocalObjectReference. - type: string - required: - - kind - - name - type: object - type: array - images: - description: Images is a list of (image name, new name, new tag or - digest) for changing image names, tags or digests. This can also - be achieved with a patch, but this operator is simpler to specify. - items: - description: Image contains an image name, a new name, a new tag - or digest, which will replace the original name and tag. - properties: - digest: - description: Digest is the value used to replace the original - image tag. If digest is present NewTag value is ignored. - type: string - name: - description: Name is a tag-less image name. - type: string - newName: - description: NewName is the value used to replace the original - name. - type: string - newTag: - description: NewTag is the value used to replace the original - tag. - type: string - required: - - name - type: object - type: array - interval: - description: The interval at which to reconcile the Kustomization. - This interval is approximate and may be subject to jitter to ensure - efficient use of resources. - pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ - type: string - kubeConfig: - description: The KubeConfig for reconciling the Kustomization on a - remote cluster. When used in combination with KustomizationSpec.ServiceAccountName, - forces the controller to act on behalf of that Service Account at - the target cluster. If the --default-service-account flag is set, - its value will be used as a controller level fallback for when KustomizationSpec.ServiceAccountName - is empty. - properties: - secretRef: - description: SecretRef holds the name of a secret that contains - a key with the kubeconfig file as the value. If no key is set, - the key will default to 'value'. It is recommended that the - kubeconfig is self-contained, and the secret is regularly updated - if credentials such as a cloud-access-token expire. Cloud specific - `cmd-path` auth helpers will not function without adding binaries - and credentials to the Pod that is responsible for reconciling - Kubernetes resources. - properties: - key: - description: Key in the Secret, when not specified an implementation-specific - default key is used. - type: string - name: - description: Name of the Secret. - type: string - required: - - name - type: object - required: - - secretRef - type: object - patches: - description: Strategic merge and JSON patches, defined as inline YAML - objects, capable of targeting objects based on kind, label and annotation - selectors. - items: - description: Patch contains an inline StrategicMerge or JSON6902 - patch, and the target the patch should be applied to. - properties: - patch: - description: Patch contains an inline StrategicMerge patch or - an inline JSON6902 patch with an array of operation objects. - type: string - target: - description: Target points to the resources that the patch document - should be applied to. - properties: - annotationSelector: - description: AnnotationSelector is a string that follows - the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api - It matches with the resource annotations. - type: string - group: - description: Group is the API group to select resources - from. Together with Version and Kind it is capable of - unambiguously identifying and/or selecting resources. - https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md - type: string - kind: - description: Kind of the API Group to select resources from. - Together with Group and Version it is capable of unambiguously - identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md - type: string - labelSelector: - description: LabelSelector is a string that follows the - label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api - It matches with the resource labels. - type: string - name: - description: Name to match resources with. - type: string - namespace: - description: Namespace to select resources from. - type: string - version: - description: Version of the API Group to select resources - from. Together with Group and Kind it is capable of unambiguously - identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md - type: string - type: object - required: - - patch - type: object - type: array - path: - description: Path to the directory containing the kustomization.yaml - file, or the set of plain YAMLs a kustomization.yaml should be generated - for. Defaults to 'None', which translates to the root path of the - SourceRef. - type: string - postBuild: - description: PostBuild describes which actions to perform on the YAML - manifest generated by building the kustomize overlay. - properties: - substitute: - additionalProperties: - type: string - description: Substitute holds a map of key/value pairs. The variables - defined in your YAML manifests that match any of the keys defined - in the map will be substituted with the set value. Includes - support for bash string replacement functions e.g. ${var:=default}, - ${var:position} and ${var/substring/replacement}. - type: object - substituteFrom: - description: SubstituteFrom holds references to ConfigMaps and - Secrets containing the variables and their values to be substituted - in the YAML manifests. The ConfigMap and the Secret data keys - represent the var names, and they must match the vars declared - in the manifests for the substitution to happen. - items: - description: SubstituteReference contains a reference to a resource - containing the variables name and value. - properties: - kind: - description: Kind of the values referent, valid values are - ('Secret', 'ConfigMap'). - enum: - - Secret - - ConfigMap - type: string - name: - description: Name of the values referent. Should reside - in the same namespace as the referring resource. - maxLength: 253 - minLength: 1 - type: string - optional: - default: false - description: Optional indicates whether the referenced resource - must exist, or whether to tolerate its absence. If true - and the referenced resource is absent, proceed as if the - resource was present but empty, without any variables - defined. - type: boolean - required: - - kind - - name - type: object - type: array - type: object - prune: - description: Prune enables garbage collection. - type: boolean - retryInterval: - description: The interval at which to retry a previously failed reconciliation. - When not specified, the controller uses the KustomizationSpec.Interval - value to retry failures. - pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ - type: string - serviceAccountName: - description: The name of the Kubernetes service account to impersonate - when reconciling this Kustomization. - type: string - sourceRef: - description: Reference of the source where the kustomization file - is. - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: Kind of the referent. - enum: - - OCIRepository - - GitRepository - - Bucket - type: string - name: - description: Name of the referent. - type: string - namespace: - description: Namespace of the referent, defaults to the namespace - of the Kubernetes resource object that contains the reference. - type: string - required: - - kind - - name - type: object - suspend: - description: This flag tells the controller to suspend subsequent - kustomize executions, it does not apply to already started executions. - Defaults to false. - type: boolean - targetNamespace: - description: TargetNamespace sets or overrides the namespace in the - kustomization.yaml file. - maxLength: 63 - minLength: 1 - type: string - timeout: - description: Timeout for validation, apply and health checking operations. - Defaults to 'Interval' duration. - pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ - type: string - wait: - description: Wait instructs the controller to check the health of - all the reconciled resources. When enabled, the HealthChecks are - ignored. Defaults to false. - type: boolean - required: - - interval - - prune - - sourceRef - type: object - status: - default: - observedGeneration: -1 - description: KustomizationStatus defines the observed state of a kustomization. - properties: - conditions: - items: - description: "Condition contains details for one aspect of the current - state of this API Resource. --- This struct is intended for direct - use as an array at the field path .status.conditions. For example, - \n type FooStatus struct{ // Represents the observations of a - foo's current state. // Known .status.conditions.type are: \"Available\", - \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge - // +listType=map // +listMapKey=type Conditions []metav1.Condition - `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" - protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" - properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should be when - the underlying condition changed. If that is not known, then - using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: message is a human readable message indicating - details about the transition. This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, if .metadata.generation - is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the current - state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic identifier indicating - the reason for the condition's last transition. Producers - of specific condition types may define expected values and - meanings for this field, and whether the values are considered - a guaranteed API. The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - inventory: - description: Inventory contains the list of Kubernetes resource object - references that have been successfully applied. - properties: - entries: - description: Entries of Kubernetes resource object references. - items: - description: ResourceRef contains the information necessary - to locate a resource within a cluster. - properties: - id: - description: ID is the string representation of the Kubernetes - resource object's metadata, in the format '___'. - type: string - v: - description: Version is the API version of the Kubernetes - resource object's kind. - type: string - required: - - id - - v - type: object - type: array - required: - - entries - type: object - lastAppliedRevision: - description: The last successfully applied revision. Equals the Revision - of the applied Artifact from the referenced Source. - type: string - lastAttemptedRevision: - description: LastAttemptedRevision is the revision of the last reconciliation - attempt. - type: string - lastHandledReconcileAt: - description: LastHandledReconcileAt holds the value of the most recent - reconcile request value, so a change of the annotation value can - be detected. - type: string - observedGeneration: - description: ObservedGeneration is the last reconciled generation. - format: int64 - type: integer - type: object - type: object - served: true - storage: true - subresources: - status: {} - - additionalPrinterColumns: - - jsonPath: .status.conditions[?(@.type=="Ready")].status - name: Ready - type: string - - jsonPath: .status.conditions[?(@.type=="Ready")].message - name: Status - type: string - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - deprecated: true - deprecationWarning: v1beta1 Kustomization is deprecated, upgrade to v1 - name: v1beta1 - schema: - openAPIV3Schema: - description: Kustomization is the Schema for the kustomizations API. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: KustomizationSpec defines the desired state of a kustomization. - properties: - decryption: - description: Decrypt Kubernetes secrets before applying them on the - cluster. - properties: - provider: - description: Provider is the name of the decryption engine. - enum: - - sops - type: string - secretRef: - description: The secret name containing the private OpenPGP keys - used for decryption. - properties: - name: - description: Name of the referent. - type: string - required: - - name - type: object - required: - - provider - type: object - dependsOn: - description: DependsOn may contain a meta.NamespacedObjectReference - slice with references to Kustomization resources that must be ready - before this Kustomization can be reconciled. - items: - description: NamespacedObjectReference contains enough information - to locate the referenced Kubernetes resource object in any namespace. - properties: - name: - description: Name of the referent. - type: string - namespace: - description: Namespace of the referent, when not specified it - acts as LocalObjectReference. - type: string - required: - - name - type: object - type: array - force: - default: false - description: Force instructs the controller to recreate resources - when patching fails due to an immutable field change. - type: boolean - healthChecks: - description: A list of resources to be included in the health assessment. - items: - description: NamespacedObjectKindReference contains enough information - to locate the typed referenced Kubernetes resource object in any - namespace. - properties: - apiVersion: - description: API version of the referent, if not specified the - Kubernetes preferred version will be used. - type: string - kind: - description: Kind of the referent. - type: string - name: - description: Name of the referent. - type: string - namespace: - description: Namespace of the referent, when not specified it - acts as LocalObjectReference. - type: string - required: - - kind - - name - type: object - type: array - images: - description: Images is a list of (image name, new name, new tag or - digest) for changing image names, tags or digests. This can also - be achieved with a patch, but this operator is simpler to specify. - items: - description: Image contains an image name, a new name, a new tag - or digest, which will replace the original name and tag. - properties: - digest: - description: Digest is the value used to replace the original - image tag. If digest is present NewTag value is ignored. - type: string - name: - description: Name is a tag-less image name. - type: string - newName: - description: NewName is the value used to replace the original - name. - type: string - newTag: - description: NewTag is the value used to replace the original - tag. - type: string - required: - - name - type: object - type: array - interval: - description: The interval at which to reconcile the Kustomization. - type: string - kubeConfig: - description: The KubeConfig for reconciling the Kustomization on a - remote cluster. When specified, KubeConfig takes precedence over - ServiceAccountName. - properties: - secretRef: - description: SecretRef holds the name to a secret that contains - a 'value' key with the kubeconfig file as the value. It must - be in the same namespace as the Kustomization. It is recommended - that the kubeconfig is self-contained, and the secret is regularly - updated if credentials such as a cloud-access-token expire. - Cloud specific `cmd-path` auth helpers will not function without - adding binaries and credentials to the Pod that is responsible - for reconciling the Kustomization. - properties: - name: - description: Name of the referent. - type: string - required: - - name - type: object - type: object - patches: - description: Strategic merge and JSON patches, defined as inline YAML - objects, capable of targeting objects based on kind, label and annotation - selectors. - items: - description: Patch contains an inline StrategicMerge or JSON6902 - patch, and the target the patch should be applied to. - properties: - patch: - description: Patch contains an inline StrategicMerge patch or - an inline JSON6902 patch with an array of operation objects. - type: string - target: - description: Target points to the resources that the patch document - should be applied to. - properties: - annotationSelector: - description: AnnotationSelector is a string that follows - the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api - It matches with the resource annotations. - type: string - group: - description: Group is the API group to select resources - from. Together with Version and Kind it is capable of - unambiguously identifying and/or selecting resources. - https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md - type: string - kind: - description: Kind of the API Group to select resources from. - Together with Group and Version it is capable of unambiguously - identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md - type: string - labelSelector: - description: LabelSelector is a string that follows the - label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api - It matches with the resource labels. - type: string - name: - description: Name to match resources with. - type: string - namespace: - description: Namespace to select resources from. - type: string - version: - description: Version of the API Group to select resources - from. Together with Group and Kind it is capable of unambiguously - identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md - type: string - type: object - required: - - patch - type: object - type: array - patchesJson6902: - description: JSON 6902 patches, defined as inline YAML objects. - items: - description: JSON6902Patch contains a JSON6902 patch and the target - the patch should be applied to. - properties: - patch: - description: Patch contains the JSON6902 patch document with - an array of operation objects. - items: - description: JSON6902 is a JSON6902 operation object. https://datatracker.ietf.org/doc/html/rfc6902#section-4 - properties: - from: - description: From contains a JSON-pointer value that references - a location within the target document where the operation - is performed. The meaning of the value depends on the - value of Op, and is NOT taken into account by all operations. - type: string - op: - description: Op indicates the operation to perform. Its - value MUST be one of "add", "remove", "replace", "move", - "copy", or "test". https://datatracker.ietf.org/doc/html/rfc6902#section-4 - enum: - - test - - remove - - add - - replace - - move - - copy - type: string - path: - description: Path contains the JSON-pointer value that - references a location within the target document where - the operation is performed. The meaning of the value - depends on the value of Op. - type: string - value: - description: Value contains a valid JSON structure. The - meaning of the value depends on the value of Op, and - is NOT taken into account by all operations. - x-kubernetes-preserve-unknown-fields: true - required: - - op - - path - type: object - type: array - target: - description: Target points to the resources that the patch document - should be applied to. - properties: - annotationSelector: - description: AnnotationSelector is a string that follows - the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api - It matches with the resource annotations. - type: string - group: - description: Group is the API group to select resources - from. Together with Version and Kind it is capable of - unambiguously identifying and/or selecting resources. - https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md - type: string - kind: - description: Kind of the API Group to select resources from. - Together with Group and Version it is capable of unambiguously - identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md - type: string - labelSelector: - description: LabelSelector is a string that follows the - label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api - It matches with the resource labels. - type: string - name: - description: Name to match resources with. - type: string - namespace: - description: Namespace to select resources from. - type: string - version: - description: Version of the API Group to select resources - from. Together with Group and Kind it is capable of unambiguously - identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md - type: string - type: object - required: - - patch - - target - type: object - type: array - patchesStrategicMerge: - description: Strategic merge patches, defined as inline YAML objects. - items: - x-kubernetes-preserve-unknown-fields: true - type: array - path: - description: Path to the directory containing the kustomization.yaml - file, or the set of plain YAMLs a kustomization.yaml should be generated - for. Defaults to 'None', which translates to the root path of the - SourceRef. - type: string - postBuild: - description: PostBuild describes which actions to perform on the YAML - manifest generated by building the kustomize overlay. - properties: - substitute: - additionalProperties: - type: string - description: Substitute holds a map of key/value pairs. The variables - defined in your YAML manifests that match any of the keys defined - in the map will be substituted with the set value. Includes - support for bash string replacement functions e.g. ${var:=default}, - ${var:position} and ${var/substring/replacement}. - type: object - substituteFrom: - description: SubstituteFrom holds references to ConfigMaps and - Secrets containing the variables and their values to be substituted - in the YAML manifests. The ConfigMap and the Secret data keys - represent the var names and they must match the vars declared - in the manifests for the substitution to happen. - items: - description: SubstituteReference contains a reference to a resource - containing the variables name and value. - properties: - kind: - description: Kind of the values referent, valid values are - ('Secret', 'ConfigMap'). - enum: - - Secret - - ConfigMap - type: string - name: - description: Name of the values referent. Should reside - in the same namespace as the referring resource. - maxLength: 253 - minLength: 1 - type: string - required: - - kind - - name - type: object - type: array - type: object - prune: - description: Prune enables garbage collection. - type: boolean - retryInterval: - description: The interval at which to retry a previously failed reconciliation. - When not specified, the controller uses the KustomizationSpec.Interval - value to retry failures. - type: string - serviceAccountName: - description: The name of the Kubernetes service account to impersonate - when reconciling this Kustomization. - type: string - sourceRef: - description: Reference of the source where the kustomization file - is. - properties: - apiVersion: - description: API version of the referent - type: string - kind: - description: Kind of the referent - enum: - - GitRepository - - Bucket - type: string - name: - description: Name of the referent - type: string - namespace: - description: Namespace of the referent, defaults to the Kustomization - namespace - type: string - required: - - kind - - name - type: object - suspend: - description: This flag tells the controller to suspend subsequent - kustomize executions, it does not apply to already started executions. - Defaults to false. - type: boolean - targetNamespace: - description: TargetNamespace sets or overrides the namespace in the - kustomization.yaml file. - maxLength: 63 - minLength: 1 - type: string - timeout: - description: Timeout for validation, apply and health checking operations. - Defaults to 'Interval' duration. - type: string - validation: - description: Validate the Kubernetes objects before applying them - on the cluster. The validation strategy can be 'client' (local dry-run), - 'server' (APIServer dry-run) or 'none'. When 'Force' is 'true', - validation will fallback to 'client' if set to 'server' because - server-side validation is not supported in this scenario. - enum: - - none - - client - - server - type: string - required: - - interval - - prune - - sourceRef - type: object - status: - default: - observedGeneration: -1 - description: KustomizationStatus defines the observed state of a kustomization. - properties: - conditions: - items: - description: "Condition contains details for one aspect of the current - state of this API Resource. --- This struct is intended for direct - use as an array at the field path .status.conditions. For example, - \n type FooStatus struct{ // Represents the observations of a - foo's current state. // Known .status.conditions.type are: \"Available\", - \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge - // +listType=map // +listMapKey=type Conditions []metav1.Condition - `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" - protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" - properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should be when - the underlying condition changed. If that is not known, then - using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: message is a human readable message indicating - details about the transition. This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, if .metadata.generation - is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the current - state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic identifier indicating - the reason for the condition's last transition. Producers - of specific condition types may define expected values and - meanings for this field, and whether the values are considered - a guaranteed API. The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - lastAppliedRevision: - description: The last successfully applied revision. The revision - format for Git sources is /. - type: string - lastAttemptedRevision: - description: LastAttemptedRevision is the revision of the last reconciliation - attempt. - type: string - lastHandledReconcileAt: - description: LastHandledReconcileAt holds the value of the most recent - reconcile request value, so a change of the annotation value can - be detected. - type: string - observedGeneration: - description: ObservedGeneration is the last reconciled generation. - format: int64 - type: integer - snapshot: - description: The last successfully applied revision metadata. - properties: - checksum: - description: The manifests sha1 checksum. - type: string - entries: - description: A list of Kubernetes kinds grouped by namespace. - items: - description: Snapshot holds the metadata of namespaced Kubernetes - objects - properties: - kinds: - additionalProperties: - type: string - description: The list of Kubernetes kinds. - type: object - namespace: - description: The namespace of this entry. - type: string - required: - - kinds - type: object - type: array - required: - - checksum - - entries - type: object - type: object - type: object - served: true - storage: false - subresources: - status: {} - - additionalPrinterColumns: - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - jsonPath: .status.conditions[?(@.type=="Ready")].status - name: Ready - type: string - - jsonPath: .status.conditions[?(@.type=="Ready")].message - name: Status - type: string - deprecated: true - deprecationWarning: v1beta2 Kustomization is deprecated, upgrade to v1 - name: v1beta2 - schema: - openAPIV3Schema: - description: Kustomization is the Schema for the kustomizations API. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: KustomizationSpec defines the configuration to calculate - the desired state from a Source using Kustomize. - properties: - commonMetadata: - description: CommonMetadata specifies the common labels and annotations - that are applied to all resources. Any existing label or annotation - will be overridden if its key matches a common one. - properties: - annotations: - additionalProperties: - type: string - description: Annotations to be added to the object's metadata. - type: object - labels: - additionalProperties: - type: string - description: Labels to be added to the object's metadata. - type: object - type: object - components: - description: Components specifies relative paths to specifications - of other Components. - items: - type: string - type: array - decryption: - description: Decrypt Kubernetes secrets before applying them on the - cluster. - properties: - provider: - description: Provider is the name of the decryption engine. - enum: - - sops - type: string - secretRef: - description: The secret name containing the private OpenPGP keys - used for decryption. - properties: - name: - description: Name of the referent. - type: string - required: - - name - type: object - required: - - provider - type: object - dependsOn: - description: DependsOn may contain a meta.NamespacedObjectReference - slice with references to Kustomization resources that must be ready - before this Kustomization can be reconciled. - items: - description: NamespacedObjectReference contains enough information - to locate the referenced Kubernetes resource object in any namespace. - properties: - name: - description: Name of the referent. - type: string - namespace: - description: Namespace of the referent, when not specified it - acts as LocalObjectReference. - type: string - required: - - name - type: object - type: array - force: - default: false - description: Force instructs the controller to recreate resources - when patching fails due to an immutable field change. - type: boolean - healthChecks: - description: A list of resources to be included in the health assessment. - items: - description: NamespacedObjectKindReference contains enough information - to locate the typed referenced Kubernetes resource object in any - namespace. - properties: - apiVersion: - description: API version of the referent, if not specified the - Kubernetes preferred version will be used. - type: string - kind: - description: Kind of the referent. - type: string - name: - description: Name of the referent. - type: string - namespace: - description: Namespace of the referent, when not specified it - acts as LocalObjectReference. - type: string - required: - - kind - - name - type: object - type: array - images: - description: Images is a list of (image name, new name, new tag or - digest) for changing image names, tags or digests. This can also - be achieved with a patch, but this operator is simpler to specify. - items: - description: Image contains an image name, a new name, a new tag - or digest, which will replace the original name and tag. - properties: - digest: - description: Digest is the value used to replace the original - image tag. If digest is present NewTag value is ignored. - type: string - name: - description: Name is a tag-less image name. - type: string - newName: - description: NewName is the value used to replace the original - name. - type: string - newTag: - description: NewTag is the value used to replace the original - tag. - type: string - required: - - name - type: object - type: array - interval: - description: The interval at which to reconcile the Kustomization. - pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ - type: string - kubeConfig: - description: The KubeConfig for reconciling the Kustomization on a - remote cluster. When used in combination with KustomizationSpec.ServiceAccountName, - forces the controller to act on behalf of that Service Account at - the target cluster. If the --default-service-account flag is set, - its value will be used as a controller level fallback for when KustomizationSpec.ServiceAccountName - is empty. - properties: - secretRef: - description: SecretRef holds the name of a secret that contains - a key with the kubeconfig file as the value. If no key is set, - the key will default to 'value'. It is recommended that the - kubeconfig is self-contained, and the secret is regularly updated - if credentials such as a cloud-access-token expire. Cloud specific - `cmd-path` auth helpers will not function without adding binaries - and credentials to the Pod that is responsible for reconciling - Kubernetes resources. - properties: - key: - description: Key in the Secret, when not specified an implementation-specific - default key is used. - type: string - name: - description: Name of the Secret. - type: string - required: - - name - type: object - required: - - secretRef - type: object - patches: - description: Strategic merge and JSON patches, defined as inline YAML - objects, capable of targeting objects based on kind, label and annotation - selectors. - items: - description: Patch contains an inline StrategicMerge or JSON6902 - patch, and the target the patch should be applied to. - properties: - patch: - description: Patch contains an inline StrategicMerge patch or - an inline JSON6902 patch with an array of operation objects. - type: string - target: - description: Target points to the resources that the patch document - should be applied to. - properties: - annotationSelector: - description: AnnotationSelector is a string that follows - the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api - It matches with the resource annotations. - type: string - group: - description: Group is the API group to select resources - from. Together with Version and Kind it is capable of - unambiguously identifying and/or selecting resources. - https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md - type: string - kind: - description: Kind of the API Group to select resources from. - Together with Group and Version it is capable of unambiguously - identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md - type: string - labelSelector: - description: LabelSelector is a string that follows the - label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api - It matches with the resource labels. - type: string - name: - description: Name to match resources with. - type: string - namespace: - description: Namespace to select resources from. - type: string - version: - description: Version of the API Group to select resources - from. Together with Group and Kind it is capable of unambiguously - identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md - type: string - type: object - required: - - patch - type: object - type: array - patchesJson6902: - description: 'JSON 6902 patches, defined as inline YAML objects. Deprecated: - Use Patches instead.' - items: - description: JSON6902Patch contains a JSON6902 patch and the target - the patch should be applied to. - properties: - patch: - description: Patch contains the JSON6902 patch document with - an array of operation objects. - items: - description: JSON6902 is a JSON6902 operation object. https://datatracker.ietf.org/doc/html/rfc6902#section-4 - properties: - from: - description: From contains a JSON-pointer value that references - a location within the target document where the operation - is performed. The meaning of the value depends on the - value of Op, and is NOT taken into account by all operations. - type: string - op: - description: Op indicates the operation to perform. Its - value MUST be one of "add", "remove", "replace", "move", - "copy", or "test". https://datatracker.ietf.org/doc/html/rfc6902#section-4 - enum: - - test - - remove - - add - - replace - - move - - copy - type: string - path: - description: Path contains the JSON-pointer value that - references a location within the target document where - the operation is performed. The meaning of the value - depends on the value of Op. - type: string - value: - description: Value contains a valid JSON structure. The - meaning of the value depends on the value of Op, and - is NOT taken into account by all operations. - x-kubernetes-preserve-unknown-fields: true - required: - - op - - path - type: object - type: array - target: - description: Target points to the resources that the patch document - should be applied to. - properties: - annotationSelector: - description: AnnotationSelector is a string that follows - the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api - It matches with the resource annotations. - type: string - group: - description: Group is the API group to select resources - from. Together with Version and Kind it is capable of - unambiguously identifying and/or selecting resources. - https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md - type: string - kind: - description: Kind of the API Group to select resources from. - Together with Group and Version it is capable of unambiguously - identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md - type: string - labelSelector: - description: LabelSelector is a string that follows the - label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api - It matches with the resource labels. - type: string - name: - description: Name to match resources with. - type: string - namespace: - description: Namespace to select resources from. - type: string - version: - description: Version of the API Group to select resources - from. Together with Group and Kind it is capable of unambiguously - identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md - type: string - type: object - required: - - patch - - target - type: object - type: array - patchesStrategicMerge: - description: 'Strategic merge patches, defined as inline YAML objects. - Deprecated: Use Patches instead.' - items: - x-kubernetes-preserve-unknown-fields: true - type: array - path: - description: Path to the directory containing the kustomization.yaml - file, or the set of plain YAMLs a kustomization.yaml should be generated - for. Defaults to 'None', which translates to the root path of the - SourceRef. - type: string - postBuild: - description: PostBuild describes which actions to perform on the YAML - manifest generated by building the kustomize overlay. - properties: - substitute: - additionalProperties: - type: string - description: Substitute holds a map of key/value pairs. The variables - defined in your YAML manifests that match any of the keys defined - in the map will be substituted with the set value. Includes - support for bash string replacement functions e.g. ${var:=default}, - ${var:position} and ${var/substring/replacement}. - type: object - substituteFrom: - description: SubstituteFrom holds references to ConfigMaps and - Secrets containing the variables and their values to be substituted - in the YAML manifests. The ConfigMap and the Secret data keys - represent the var names and they must match the vars declared - in the manifests for the substitution to happen. - items: - description: SubstituteReference contains a reference to a resource - containing the variables name and value. - properties: - kind: - description: Kind of the values referent, valid values are - ('Secret', 'ConfigMap'). - enum: - - Secret - - ConfigMap - type: string - name: - description: Name of the values referent. Should reside - in the same namespace as the referring resource. - maxLength: 253 - minLength: 1 - type: string - optional: - default: false - description: Optional indicates whether the referenced resource - must exist, or whether to tolerate its absence. If true - and the referenced resource is absent, proceed as if the - resource was present but empty, without any variables - defined. - type: boolean - required: - - kind - - name - type: object - type: array - type: object - prune: - description: Prune enables garbage collection. - type: boolean - retryInterval: - description: The interval at which to retry a previously failed reconciliation. - When not specified, the controller uses the KustomizationSpec.Interval - value to retry failures. - pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ - type: string - serviceAccountName: - description: The name of the Kubernetes service account to impersonate - when reconciling this Kustomization. - type: string - sourceRef: - description: Reference of the source where the kustomization file - is. - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: Kind of the referent. - enum: - - OCIRepository - - GitRepository - - Bucket - type: string - name: - description: Name of the referent. - type: string - namespace: - description: Namespace of the referent, defaults to the namespace - of the Kubernetes resource object that contains the reference. - type: string - required: - - kind - - name - type: object - suspend: - description: This flag tells the controller to suspend subsequent - kustomize executions, it does not apply to already started executions. - Defaults to false. - type: boolean - targetNamespace: - description: TargetNamespace sets or overrides the namespace in the - kustomization.yaml file. - maxLength: 63 - minLength: 1 - type: string - timeout: - description: Timeout for validation, apply and health checking operations. - Defaults to 'Interval' duration. - pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ - type: string - validation: - description: 'Deprecated: Not used in v1beta2.' - enum: - - none - - client - - server - type: string - wait: - description: Wait instructs the controller to check the health of - all the reconciled resources. When enabled, the HealthChecks are - ignored. Defaults to false. - type: boolean - required: - - interval - - prune - - sourceRef - type: object - status: - default: - observedGeneration: -1 - description: KustomizationStatus defines the observed state of a kustomization. - properties: - conditions: - items: - description: "Condition contains details for one aspect of the current - state of this API Resource. --- This struct is intended for direct - use as an array at the field path .status.conditions. For example, - \n type FooStatus struct{ // Represents the observations of a - foo's current state. // Known .status.conditions.type are: \"Available\", - \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge - // +listType=map // +listMapKey=type Conditions []metav1.Condition - `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" - protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" - properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should be when - the underlying condition changed. If that is not known, then - using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: message is a human readable message indicating - details about the transition. This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, if .metadata.generation - is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the current - state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic identifier indicating - the reason for the condition's last transition. Producers - of specific condition types may define expected values and - meanings for this field, and whether the values are considered - a guaranteed API. The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - inventory: - description: Inventory contains the list of Kubernetes resource object - references that have been successfully applied. - properties: - entries: - description: Entries of Kubernetes resource object references. - items: - description: ResourceRef contains the information necessary - to locate a resource within a cluster. - properties: - id: - description: ID is the string representation of the Kubernetes - resource object's metadata, in the format '___'. - type: string - v: - description: Version is the API version of the Kubernetes - resource object's kind. - type: string - required: - - id - - v - type: object - type: array - required: - - entries - type: object - lastAppliedRevision: - description: The last successfully applied revision. Equals the Revision - of the applied Artifact from the referenced Source. - type: string - lastAttemptedRevision: - description: LastAttemptedRevision is the revision of the last reconciliation - attempt. - type: string - lastHandledReconcileAt: - description: LastHandledReconcileAt holds the value of the most recent - reconcile request value, so a change of the annotation value can - be detected. - type: string - observedGeneration: - description: ObservedGeneration is the last reconciled generation. - format: int64 - type: integer - type: object - type: object - served: true - storage: false - subresources: - status: {} ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: - app.kubernetes.io/component: kustomize-controller - app.kubernetes.io/instance: flux-system - app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.1.2 - name: kustomize-controller - namespace: flux-system ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app.kubernetes.io/component: kustomize-controller - app.kubernetes.io/instance: flux-system - app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.1.2 - control-plane: controller - name: kustomize-controller - namespace: flux-system -spec: - replicas: 1 - selector: - matchLabels: - app: kustomize-controller - template: - metadata: - annotations: - prometheus.io/port: "8080" - prometheus.io/scrape: "true" - labels: - app: kustomize-controller - spec: - containers: - - args: - - --events-addr=http://notification-controller.flux-system.svc.cluster.local./ - - --watch-all-namespaces=true - - --log-level=info - - --log-encoding=json - - --enable-leader-election - env: - - name: RUNTIME_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - image: ghcr.io/fluxcd/kustomize-controller:v1.1.1 - imagePullPolicy: IfNotPresent - livenessProbe: - httpGet: - path: /healthz - port: healthz - name: manager - ports: - - containerPort: 8080 - name: http-prom - protocol: TCP - - containerPort: 9440 - name: healthz - protocol: TCP - readinessProbe: - httpGet: - path: /readyz - port: healthz - resources: - limits: - cpu: 1000m - memory: 1Gi - requests: - cpu: 100m - memory: 64Mi - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - readOnlyRootFilesystem: true - runAsNonRoot: true - seccompProfile: - type: RuntimeDefault - volumeMounts: - - mountPath: /tmp - name: temp - nodeSelector: - kubernetes.io/os: linux - priorityClassName: system-cluster-critical - securityContext: - fsGroup: 1337 - serviceAccountName: kustomize-controller - terminationGracePeriodSeconds: 60 - volumes: - - emptyDir: {} - name: temp ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.12.0 - labels: - app.kubernetes.io/component: helm-controller - app.kubernetes.io/instance: flux-system - app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.1.2 - name: helmreleases.helm.toolkit.fluxcd.io -spec: - group: helm.toolkit.fluxcd.io - names: - kind: HelmRelease - listKind: HelmReleaseList - plural: helmreleases - shortNames: - - hr - singular: helmrelease - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - jsonPath: .status.conditions[?(@.type=="Ready")].status - name: Ready - type: string - - jsonPath: .status.conditions[?(@.type=="Ready")].message - name: Status - type: string - name: v2beta1 - schema: - openAPIV3Schema: - description: HelmRelease is the Schema for the helmreleases API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: HelmReleaseSpec defines the desired state of a Helm release. - properties: - chart: - description: Chart defines the template of the v1beta2.HelmChart that - should be created for this HelmRelease. - properties: - metadata: - description: ObjectMeta holds the template for metadata like labels - and annotations. - properties: - annotations: - additionalProperties: - type: string - description: 'Annotations is an unstructured key value map - stored with a resource that may be set by external tools - to store and retrieve arbitrary metadata. They are not queryable - and should be preserved when modifying objects. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/' - type: object - labels: - additionalProperties: - type: string - description: 'Map of string keys and values that can be used - to organize and categorize (scope and select) objects. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/' - type: object - type: object - spec: - description: Spec holds the template for the v1beta2.HelmChartSpec - for this HelmRelease. - properties: - chart: - description: The name or path the Helm chart is available - at in the SourceRef. - type: string - interval: - description: Interval at which to check the v1beta2.Source - for updates. Defaults to 'HelmReleaseSpec.Interval'. - pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ - type: string - reconcileStrategy: - default: ChartVersion - description: Determines what enables the creation of a new - artifact. Valid values are ('ChartVersion', 'Revision'). - See the documentation of the values for an explanation on - their behavior. Defaults to ChartVersion when omitted. - enum: - - ChartVersion - - Revision - type: string - sourceRef: - description: The name and namespace of the v1beta2.Source - the chart is available at. - properties: - apiVersion: - description: APIVersion of the referent. - type: string - kind: - description: Kind of the referent. - enum: - - HelmRepository - - GitRepository - - Bucket - type: string - name: - description: Name of the referent. - maxLength: 253 - minLength: 1 - type: string - namespace: - description: Namespace of the referent. - maxLength: 63 - minLength: 1 - type: string - required: - - name - type: object - valuesFile: - description: Alternative values file to use as the default - chart values, expected to be a relative path in the SourceRef. - Deprecated in favor of ValuesFiles, for backwards compatibility - the file defined here is merged before the ValuesFiles items. - Ignored when omitted. - type: string - valuesFiles: - description: Alternative list of values files to use as the - chart values (values.yaml is not included by default), expected - to be a relative path in the SourceRef. Values files are - merged in the order of this list with the last file overriding - the first. Ignored when omitted. - items: - type: string - type: array - verify: - description: Verify contains the secret name containing the - trusted public keys used to verify the signature and specifies - which provider to use to check whether OCI image is authentic. - This field is only supported for OCI sources. Chart dependencies, - which are not bundled in the umbrella chart artifact, are - not verified. - properties: - provider: - default: cosign - description: Provider specifies the technology used to - sign the OCI Helm chart. - enum: - - cosign - type: string - secretRef: - description: SecretRef specifies the Kubernetes Secret - containing the trusted public keys. - properties: - name: - description: Name of the referent. - type: string - required: - - name - type: object - required: - - provider - type: object - version: - default: '*' - description: Version semver expression, ignored for charts - from v1beta2.GitRepository and v1beta2.Bucket sources. Defaults - to latest when omitted. - type: string - required: - - chart - - sourceRef - type: object - required: - - spec - type: object - dependsOn: - description: DependsOn may contain a meta.NamespacedObjectReference - slice with references to HelmRelease resources that must be ready - before this HelmRelease can be reconciled. - items: - description: NamespacedObjectReference contains enough information - to locate the referenced Kubernetes resource object in any namespace. - properties: - name: - description: Name of the referent. - type: string - namespace: - description: Namespace of the referent, when not specified it - acts as LocalObjectReference. - type: string - required: - - name - type: object - type: array - install: - description: Install holds the configuration for Helm install actions - for this HelmRelease. - properties: - crds: - description: "CRDs upgrade CRDs from the Helm Chart's crds directory - according to the CRD upgrade policy provided here. Valid values - are `Skip`, `Create` or `CreateReplace`. Default is `Create` - and if omitted CRDs are installed but not updated. \n Skip: - do neither install nor replace (update) any CRDs. \n Create: - new CRDs are created, existing CRDs are neither updated nor - deleted. \n CreateReplace: new CRDs are created, existing CRDs - are updated (replaced) but not deleted. \n By default, CRDs - are applied (installed) during Helm install action. With this - option users can opt-in to CRD replace existing CRDs on Helm - install actions, which is not (yet) natively supported by Helm. - https://helm.sh/docs/chart_best_practices/custom_resource_definitions." - enum: - - Skip - - Create - - CreateReplace - type: string - createNamespace: - description: CreateNamespace tells the Helm install action to - create the HelmReleaseSpec.TargetNamespace if it does not exist - yet. On uninstall, the namespace will not be garbage collected. - type: boolean - disableHooks: - description: DisableHooks prevents hooks from running during the - Helm install action. - type: boolean - disableOpenAPIValidation: - description: DisableOpenAPIValidation prevents the Helm install - action from validating rendered templates against the Kubernetes - OpenAPI Schema. - type: boolean - disableWait: - description: DisableWait disables the waiting for resources to - be ready after a Helm install has been performed. - type: boolean - disableWaitForJobs: - description: DisableWaitForJobs disables waiting for jobs to complete - after a Helm install has been performed. - type: boolean - remediation: - description: Remediation holds the remediation configuration for - when the Helm install action for the HelmRelease fails. The - default is to not perform any action. - properties: - ignoreTestFailures: - description: IgnoreTestFailures tells the controller to skip - remediation when the Helm tests are run after an install - action but fail. Defaults to 'Test.IgnoreFailures'. - type: boolean - remediateLastFailure: - description: RemediateLastFailure tells the controller to - remediate the last failure, when no retries remain. Defaults - to 'false'. - type: boolean - retries: - description: Retries is the number of retries that should - be attempted on failures before bailing. Remediation, using - an uninstall, is performed between each attempt. Defaults - to '0', a negative integer equals to unlimited retries. - type: integer - type: object - replace: - description: Replace tells the Helm install action to re-use the - 'ReleaseName', but only if that name is a deleted release which - remains in the history. - type: boolean - skipCRDs: - description: "SkipCRDs tells the Helm install action to not install - any CRDs. By default, CRDs are installed if not already present. - \n Deprecated use CRD policy (`crds`) attribute with value `Skip` - instead." - type: boolean - timeout: - description: Timeout is the time to wait for any individual Kubernetes - operation (like Jobs for hooks) during the performance of a - Helm install action. Defaults to 'HelmReleaseSpec.Timeout'. - pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ - type: string - type: object - interval: - description: Interval at which to reconcile the Helm release. This - interval is approximate and may be subject to jitter to ensure efficient - use of resources. - pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ - type: string - kubeConfig: - description: KubeConfig for reconciling the HelmRelease on a remote - cluster. When used in combination with HelmReleaseSpec.ServiceAccountName, - forces the controller to act on behalf of that Service Account at - the target cluster. If the --default-service-account flag is set, - its value will be used as a controller level fallback for when HelmReleaseSpec.ServiceAccountName - is empty. - properties: - secretRef: - description: SecretRef holds the name of a secret that contains - a key with the kubeconfig file as the value. If no key is set, - the key will default to 'value'. It is recommended that the - kubeconfig is self-contained, and the secret is regularly updated - if credentials such as a cloud-access-token expire. Cloud specific - `cmd-path` auth helpers will not function without adding binaries - and credentials to the Pod that is responsible for reconciling - Kubernetes resources. - properties: - key: - description: Key in the Secret, when not specified an implementation-specific - default key is used. - type: string - name: - description: Name of the Secret. - type: string - required: - - name - type: object - required: - - secretRef - type: object - maxHistory: - description: MaxHistory is the number of revisions saved by Helm for - this HelmRelease. Use '0' for an unlimited number of revisions; - defaults to '10'. - type: integer - persistentClient: - description: "PersistentClient tells the controller to use a persistent - Kubernetes client for this release. When enabled, the client will - be reused for the duration of the reconciliation, instead of being - created and destroyed for each (step of a) Helm action. \n This - can improve performance, but may cause issues with some Helm charts - that for example do create Custom Resource Definitions during installation - outside Helm's CRD lifecycle hooks, which are then not observed - to be available by e.g. post-install hooks. \n If not set, it defaults - to true." - type: boolean - postRenderers: - description: PostRenderers holds an array of Helm PostRenderers, which - will be applied in order of their definition. - items: - description: PostRenderer contains a Helm PostRenderer specification. - properties: - kustomize: - description: Kustomization to apply as PostRenderer. - properties: - images: - description: Images is a list of (image name, new name, - new tag or digest) for changing image names, tags or digests. - This can also be achieved with a patch, but this operator - is simpler to specify. - items: - description: Image contains an image name, a new name, - a new tag or digest, which will replace the original - name and tag. - properties: - digest: - description: Digest is the value used to replace the - original image tag. If digest is present NewTag - value is ignored. - type: string - name: - description: Name is a tag-less image name. - type: string - newName: - description: NewName is the value used to replace - the original name. - type: string - newTag: - description: NewTag is the value used to replace the - original tag. - type: string - required: - - name - type: object - type: array - patches: - description: Strategic merge and JSON patches, defined as - inline YAML objects, capable of targeting objects based - on kind, label and annotation selectors. - items: - description: Patch contains an inline StrategicMerge or - JSON6902 patch, and the target the patch should be applied - to. - properties: - patch: - description: Patch contains an inline StrategicMerge - patch or an inline JSON6902 patch with an array - of operation objects. - type: string - target: - description: Target points to the resources that the - patch document should be applied to. - properties: - annotationSelector: - description: AnnotationSelector is a string that - follows the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api - It matches with the resource annotations. - type: string - group: - description: Group is the API group to select - resources from. Together with Version and Kind - it is capable of unambiguously identifying and/or - selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md - type: string - kind: - description: Kind of the API Group to select resources - from. Together with Group and Version it is - capable of unambiguously identifying and/or - selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md - type: string - labelSelector: - description: LabelSelector is a string that follows - the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api - It matches with the resource labels. - type: string - name: - description: Name to match resources with. - type: string - namespace: - description: Namespace to select resources from. - type: string - version: - description: Version of the API Group to select - resources from. Together with Group and Kind - it is capable of unambiguously identifying and/or - selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md - type: string - type: object - required: - - patch - type: object - type: array - patchesJson6902: - description: JSON 6902 patches, defined as inline YAML objects. - items: - description: JSON6902Patch contains a JSON6902 patch and - the target the patch should be applied to. - properties: - patch: - description: Patch contains the JSON6902 patch document - with an array of operation objects. - items: - description: JSON6902 is a JSON6902 operation object. - https://datatracker.ietf.org/doc/html/rfc6902#section-4 - properties: - from: - description: From contains a JSON-pointer value - that references a location within the target - document where the operation is performed. - The meaning of the value depends on the value - of Op, and is NOT taken into account by all - operations. - type: string - op: - description: Op indicates the operation to perform. - Its value MUST be one of "add", "remove", - "replace", "move", "copy", or "test". https://datatracker.ietf.org/doc/html/rfc6902#section-4 - enum: - - test - - remove - - add - - replace - - move - - copy - type: string - path: - description: Path contains the JSON-pointer - value that references a location within the - target document where the operation is performed. - The meaning of the value depends on the value - of Op. - type: string - value: - description: Value contains a valid JSON structure. - The meaning of the value depends on the value - of Op, and is NOT taken into account by all - operations. - x-kubernetes-preserve-unknown-fields: true - required: - - op - - path - type: object - type: array - target: - description: Target points to the resources that the - patch document should be applied to. - properties: - annotationSelector: - description: AnnotationSelector is a string that - follows the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api - It matches with the resource annotations. - type: string - group: - description: Group is the API group to select - resources from. Together with Version and Kind - it is capable of unambiguously identifying and/or - selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md - type: string - kind: - description: Kind of the API Group to select resources - from. Together with Group and Version it is - capable of unambiguously identifying and/or - selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md - type: string - labelSelector: - description: LabelSelector is a string that follows - the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api - It matches with the resource labels. - type: string - name: - description: Name to match resources with. - type: string - namespace: - description: Namespace to select resources from. - type: string - version: - description: Version of the API Group to select - resources from. Together with Group and Kind - it is capable of unambiguously identifying and/or - selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md - type: string - type: object - required: - - patch - - target - type: object - type: array - patchesStrategicMerge: - description: Strategic merge patches, defined as inline - YAML objects. - items: - x-kubernetes-preserve-unknown-fields: true - type: array - type: object - type: object - type: array - releaseName: - description: ReleaseName used for the Helm release. Defaults to a - composition of '[TargetNamespace-]Name'. - maxLength: 53 - minLength: 1 - type: string - rollback: - description: Rollback holds the configuration for Helm rollback actions - for this HelmRelease. - properties: - cleanupOnFail: - description: CleanupOnFail allows deletion of new resources created - during the Helm rollback action when it fails. - type: boolean - disableHooks: - description: DisableHooks prevents hooks from running during the - Helm rollback action. - type: boolean - disableWait: - description: DisableWait disables the waiting for resources to - be ready after a Helm rollback has been performed. - type: boolean - disableWaitForJobs: - description: DisableWaitForJobs disables waiting for jobs to complete - after a Helm rollback has been performed. - type: boolean - force: - description: Force forces resource updates through a replacement - strategy. - type: boolean - recreate: - description: Recreate performs pod restarts for the resource if - applicable. - type: boolean - timeout: - description: Timeout is the time to wait for any individual Kubernetes - operation (like Jobs for hooks) during the performance of a - Helm rollback action. Defaults to 'HelmReleaseSpec.Timeout'. - pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ - type: string - type: object - serviceAccountName: - description: The name of the Kubernetes service account to impersonate - when reconciling this HelmRelease. - type: string - storageNamespace: - description: StorageNamespace used for the Helm storage. Defaults - to the namespace of the HelmRelease. - maxLength: 63 - minLength: 1 - type: string - suspend: - description: Suspend tells the controller to suspend reconciliation - for this HelmRelease, it does not apply to already started reconciliations. - Defaults to false. - type: boolean - targetNamespace: - description: TargetNamespace to target when performing operations - for the HelmRelease. Defaults to the namespace of the HelmRelease. - maxLength: 63 - minLength: 1 - type: string - test: - description: Test holds the configuration for Helm test actions for - this HelmRelease. - properties: - enable: - description: Enable enables Helm test actions for this HelmRelease - after an Helm install or upgrade action has been performed. - type: boolean - ignoreFailures: - description: IgnoreFailures tells the controller to skip remediation - when the Helm tests are run but fail. Can be overwritten for - tests run after install or upgrade actions in 'Install.IgnoreTestFailures' - and 'Upgrade.IgnoreTestFailures'. - type: boolean - timeout: - description: Timeout is the time to wait for any individual Kubernetes - operation during the performance of a Helm test action. Defaults - to 'HelmReleaseSpec.Timeout'. - pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ - type: string - type: object - timeout: - description: Timeout is the time to wait for any individual Kubernetes - operation (like Jobs for hooks) during the performance of a Helm - action. Defaults to '5m0s'. - pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ - type: string - uninstall: - description: Uninstall holds the configuration for Helm uninstall - actions for this HelmRelease. - properties: - deletionPropagation: - default: background - description: DeletionPropagation specifies the deletion propagation - policy when a Helm uninstall is performed. - enum: - - background - - foreground - - orphan - type: string - disableHooks: - description: DisableHooks prevents hooks from running during the - Helm rollback action. - type: boolean - disableWait: - description: DisableWait disables waiting for all the resources - to be deleted after a Helm uninstall is performed. - type: boolean - keepHistory: - description: KeepHistory tells Helm to remove all associated resources - and mark the release as deleted, but retain the release history. - type: boolean - timeout: - description: Timeout is the time to wait for any individual Kubernetes - operation (like Jobs for hooks) during the performance of a - Helm uninstall action. Defaults to 'HelmReleaseSpec.Timeout'. - pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ - type: string - type: object - upgrade: - description: Upgrade holds the configuration for Helm upgrade actions - for this HelmRelease. - properties: - cleanupOnFail: - description: CleanupOnFail allows deletion of new resources created - during the Helm upgrade action when it fails. - type: boolean - crds: - description: "CRDs upgrade CRDs from the Helm Chart's crds directory - according to the CRD upgrade policy provided here. Valid values - are `Skip`, `Create` or `CreateReplace`. Default is `Skip` and - if omitted CRDs are neither installed nor upgraded. \n Skip: - do neither install nor replace (update) any CRDs. \n Create: - new CRDs are created, existing CRDs are neither updated nor - deleted. \n CreateReplace: new CRDs are created, existing CRDs - are updated (replaced) but not deleted. \n By default, CRDs - are not applied during Helm upgrade action. With this option - users can opt-in to CRD upgrade, which is not (yet) natively - supported by Helm. https://helm.sh/docs/chart_best_practices/custom_resource_definitions." - enum: - - Skip - - Create - - CreateReplace - type: string - disableHooks: - description: DisableHooks prevents hooks from running during the - Helm upgrade action. - type: boolean - disableOpenAPIValidation: - description: DisableOpenAPIValidation prevents the Helm upgrade - action from validating rendered templates against the Kubernetes - OpenAPI Schema. - type: boolean - disableWait: - description: DisableWait disables the waiting for resources to - be ready after a Helm upgrade has been performed. - type: boolean - disableWaitForJobs: - description: DisableWaitForJobs disables waiting for jobs to complete - after a Helm upgrade has been performed. - type: boolean - force: - description: Force forces resource updates through a replacement - strategy. - type: boolean - preserveValues: - description: PreserveValues will make Helm reuse the last release's - values and merge in overrides from 'Values'. Setting this flag - makes the HelmRelease non-declarative. - type: boolean - remediation: - description: Remediation holds the remediation configuration for - when the Helm upgrade action for the HelmRelease fails. The - default is to not perform any action. - properties: - ignoreTestFailures: - description: IgnoreTestFailures tells the controller to skip - remediation when the Helm tests are run after an upgrade - action but fail. Defaults to 'Test.IgnoreFailures'. - type: boolean - remediateLastFailure: - description: RemediateLastFailure tells the controller to - remediate the last failure, when no retries remain. Defaults - to 'false' unless 'Retries' is greater than 0. - type: boolean - retries: - description: Retries is the number of retries that should - be attempted on failures before bailing. Remediation, using - 'Strategy', is performed between each attempt. Defaults - to '0', a negative integer equals to unlimited retries. - type: integer - strategy: - description: Strategy to use for failure remediation. Defaults - to 'rollback'. - enum: - - rollback - - uninstall - type: string - type: object - timeout: - description: Timeout is the time to wait for any individual Kubernetes - operation (like Jobs for hooks) during the performance of a - Helm upgrade action. Defaults to 'HelmReleaseSpec.Timeout'. - pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ - type: string - type: object - values: - description: Values holds the values for this Helm release. - x-kubernetes-preserve-unknown-fields: true - valuesFrom: - description: ValuesFrom holds references to resources containing Helm - values for this HelmRelease, and information about how they should - be merged. - items: - description: ValuesReference contains a reference to a resource - containing Helm values, and optionally the key they can be found - at. - properties: - kind: - description: Kind of the values referent, valid values are ('Secret', - 'ConfigMap'). - enum: - - Secret - - ConfigMap - type: string - name: - description: Name of the values referent. Should reside in the - same namespace as the referring resource. - maxLength: 253 - minLength: 1 - type: string - optional: - description: Optional marks this ValuesReference as optional. - When set, a not found error for the values reference is ignored, - but any ValuesKey, TargetPath or transient error will still - result in a reconciliation failure. - type: boolean - targetPath: - description: TargetPath is the YAML dot notation path the value - should be merged at. When set, the ValuesKey is expected to - be a single flat value. Defaults to 'None', which results - in the values getting merged at the root. - maxLength: 250 - pattern: ^([a-zA-Z0-9_\-.\\\/]|\[[0-9]{1,5}\])+$ - type: string - valuesKey: - description: ValuesKey is the data key where the values.yaml - or a specific value can be found at. Defaults to 'values.yaml'. - When set, must be a valid Data Key, consisting of alphanumeric - characters, '-', '_' or '.'. - maxLength: 253 - pattern: ^[\-._a-zA-Z0-9]+$ - type: string - required: - - kind - - name - type: object - type: array - required: - - chart - - interval - type: object - status: - default: - observedGeneration: -1 - description: HelmReleaseStatus defines the observed state of a HelmRelease. - properties: - conditions: - description: Conditions holds the conditions for the HelmRelease. - items: - description: "Condition contains details for one aspect of the current - state of this API Resource. --- This struct is intended for direct - use as an array at the field path .status.conditions. For example, - \n type FooStatus struct{ // Represents the observations of a - foo's current state. // Known .status.conditions.type are: \"Available\", - \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge - // +listType=map // +listMapKey=type Conditions []metav1.Condition - `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" - protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" - properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should be when - the underlying condition changed. If that is not known, then - using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: message is a human readable message indicating - details about the transition. This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, if .metadata.generation - is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the current - state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic identifier indicating - the reason for the condition's last transition. Producers - of specific condition types may define expected values and - meanings for this field, and whether the values are considered - a guaranteed API. The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - failures: - description: Failures is the reconciliation failure count against - the latest desired state. It is reset after a successful reconciliation. - format: int64 - type: integer - helmChart: - description: HelmChart is the namespaced name of the HelmChart resource - created by the controller for the HelmRelease. - type: string - installFailures: - description: InstallFailures is the install failure count against - the latest desired state. It is reset after a successful reconciliation. - format: int64 - type: integer - lastAppliedRevision: - description: LastAppliedRevision is the revision of the last successfully - applied source. - type: string - lastAttemptedRevision: - description: LastAttemptedRevision is the revision of the last reconciliation - attempt. - type: string - lastAttemptedValuesChecksum: - description: LastAttemptedValuesChecksum is the SHA1 checksum of the - values of the last reconciliation attempt. - type: string - lastHandledReconcileAt: - description: LastHandledReconcileAt holds the value of the most recent - reconcile request value, so a change of the annotation value can - be detected. - type: string - lastReleaseRevision: - description: LastReleaseRevision is the revision of the last successful - Helm release. - type: integer - observedGeneration: - description: ObservedGeneration is the last observed generation. - format: int64 - type: integer - upgradeFailures: - description: UpgradeFailures is the upgrade failure count against - the latest desired state. It is reset after a successful reconciliation. - format: int64 - type: integer - type: object - type: object - served: true - storage: true - subresources: - status: {} ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: - app.kubernetes.io/component: helm-controller - app.kubernetes.io/instance: flux-system - app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.1.2 - name: helm-controller - namespace: flux-system ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app.kubernetes.io/component: helm-controller - app.kubernetes.io/instance: flux-system - app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.1.2 - control-plane: controller - name: helm-controller - namespace: flux-system -spec: - replicas: 1 - selector: - matchLabels: - app: helm-controller - template: - metadata: - annotations: - prometheus.io/port: "8080" - prometheus.io/scrape: "true" - labels: - app: helm-controller - spec: - containers: - - args: - - --events-addr=http://notification-controller.flux-system.svc.cluster.local./ - - --watch-all-namespaces=true - - --log-level=info - - --log-encoding=json - - --enable-leader-election - env: - - name: RUNTIME_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - image: ghcr.io/fluxcd/helm-controller:v0.36.2 - imagePullPolicy: IfNotPresent - livenessProbe: - httpGet: - path: /healthz - port: healthz - name: manager - ports: - - containerPort: 8080 - name: http-prom - protocol: TCP - - containerPort: 9440 - name: healthz - protocol: TCP - readinessProbe: - httpGet: - path: /readyz - port: healthz - resources: - limits: - cpu: 1000m - memory: 1Gi - requests: - cpu: 100m - memory: 64Mi - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - readOnlyRootFilesystem: true - runAsNonRoot: true - seccompProfile: - type: RuntimeDefault - volumeMounts: - - mountPath: /tmp - name: temp - nodeSelector: - kubernetes.io/os: linux - priorityClassName: system-cluster-critical - securityContext: - fsGroup: 1337 - serviceAccountName: helm-controller - terminationGracePeriodSeconds: 600 - volumes: - - emptyDir: {} - name: temp ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.12.0 - labels: - app.kubernetes.io/component: notification-controller - app.kubernetes.io/instance: flux-system - app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.1.2 - name: alerts.notification.toolkit.fluxcd.io -spec: - group: notification.toolkit.fluxcd.io - names: - kind: Alert - listKind: AlertList - plural: alerts - singular: alert - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - jsonPath: .status.conditions[?(@.type=="Ready")].status - name: Ready - type: string - - jsonPath: .status.conditions[?(@.type=="Ready")].message - name: Status - type: string - name: v1beta1 - schema: - openAPIV3Schema: - description: Alert is the Schema for the alerts API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: AlertSpec defines an alerting rule for events involving a - list of objects - properties: - eventSeverity: - default: info - description: Filter events based on severity, defaults to ('info'). - If set to 'info' no events will be filtered. - enum: - - info - - error - type: string - eventSources: - description: Filter events based on the involved objects. - items: - description: CrossNamespaceObjectReference contains enough information - to let you locate the typed referenced object at cluster level - properties: - apiVersion: - description: API version of the referent - type: string - kind: - description: Kind of the referent - enum: - - Bucket - - GitRepository - - Kustomization - - HelmRelease - - HelmChart - - HelmRepository - - ImageRepository - - ImagePolicy - - ImageUpdateAutomation - - OCIRepository - type: string - matchLabels: - additionalProperties: - type: string - description: MatchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator - is "In", and the values array contains only "value". The requirements - are ANDed. - type: object - name: - description: Name of the referent - maxLength: 53 - minLength: 1 - type: string - namespace: - description: Namespace of the referent - maxLength: 53 - minLength: 1 - type: string - required: - - name - type: object - type: array - exclusionList: - description: A list of Golang regular expressions to be used for excluding - messages. - items: - type: string - type: array - providerRef: - description: Send events using this provider. - properties: - name: - description: Name of the referent. - type: string - required: - - name - type: object - summary: - description: Short description of the impact and affected cluster. - type: string - suspend: - description: This flag tells the controller to suspend subsequent - events dispatching. Defaults to false. - type: boolean - required: - - eventSources - - providerRef - type: object - status: - default: - observedGeneration: -1 - description: AlertStatus defines the observed state of Alert - properties: - conditions: - items: - description: "Condition contains details for one aspect of the current - state of this API Resource. --- This struct is intended for direct - use as an array at the field path .status.conditions. For example, - \n type FooStatus struct{ // Represents the observations of a - foo's current state. // Known .status.conditions.type are: \"Available\", - \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge - // +listType=map // +listMapKey=type Conditions []metav1.Condition - `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" - protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" - properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should be when - the underlying condition changed. If that is not known, then - using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: message is a human readable message indicating - details about the transition. This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, if .metadata.generation - is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the current - state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic identifier indicating - the reason for the condition's last transition. Producers - of specific condition types may define expected values and - meanings for this field, and whether the values are considered - a guaranteed API. The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - observedGeneration: - description: ObservedGeneration is the last observed generation. - format: int64 - type: integer - type: object - type: object - served: true - storage: false - subresources: - status: {} - - additionalPrinterColumns: - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - jsonPath: .status.conditions[?(@.type=="Ready")].status - name: Ready - type: string - - jsonPath: .status.conditions[?(@.type=="Ready")].message - name: Status - type: string - name: v1beta2 - schema: - openAPIV3Schema: - description: Alert is the Schema for the alerts API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: AlertSpec defines an alerting rule for events involving a - list of objects. - properties: - eventMetadata: - additionalProperties: - type: string - description: EventMetadata is an optional field for adding metadata - to events dispatched by the controller. This can be used for enhancing - the context of the event. If a field would override one already - present on the original event as generated by the emitter, then - the override doesn't happen, i.e. the original value is preserved, - and an info log is printed. - type: object - eventSeverity: - default: info - description: EventSeverity specifies how to filter events based on - severity. If set to 'info' no events will be filtered. - enum: - - info - - error - type: string - eventSources: - description: EventSources specifies how to filter events based on - the involved object kind, name and namespace. - items: - description: CrossNamespaceObjectReference contains enough information - to let you locate the typed referenced object at cluster level - properties: - apiVersion: - description: API version of the referent - type: string - kind: - description: Kind of the referent - enum: - - Bucket - - GitRepository - - Kustomization - - HelmRelease - - HelmChart - - HelmRepository - - ImageRepository - - ImagePolicy - - ImageUpdateAutomation - - OCIRepository - type: string - matchLabels: - additionalProperties: - type: string - description: MatchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator - is "In", and the values array contains only "value". The requirements - are ANDed. MatchLabels requires the name to be set to `*`. - type: object - name: - description: Name of the referent If multiple resources are - targeted `*` may be set. - maxLength: 53 - minLength: 1 - type: string - namespace: - description: Namespace of the referent - maxLength: 53 - minLength: 1 - type: string - required: - - kind - - name - type: object - type: array - exclusionList: - description: ExclusionList specifies a list of Golang regular expressions - to be used for excluding messages. - items: - type: string - type: array - inclusionList: - description: InclusionList specifies a list of Golang regular expressions - to be used for including messages. - items: - type: string - type: array - providerRef: - description: ProviderRef specifies which Provider this Alert should - use. - properties: - name: - description: Name of the referent. - type: string - required: - - name - type: object - summary: - description: Summary holds a short description of the impact and affected - cluster. - maxLength: 255 - type: string - suspend: - description: Suspend tells the controller to suspend subsequent events - handling for this Alert. - type: boolean - required: - - eventSources - - providerRef - type: object - status: - default: - observedGeneration: -1 - description: AlertStatus defines the observed state of the Alert. - properties: - conditions: - description: Conditions holds the conditions for the Alert. - items: - description: "Condition contains details for one aspect of the current - state of this API Resource. --- This struct is intended for direct - use as an array at the field path .status.conditions. For example, - \n type FooStatus struct{ // Represents the observations of a - foo's current state. // Known .status.conditions.type are: \"Available\", - \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge - // +listType=map // +listMapKey=type Conditions []metav1.Condition - `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" - protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" - properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should be when - the underlying condition changed. If that is not known, then - using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: message is a human readable message indicating - details about the transition. This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, if .metadata.generation - is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the current - state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic identifier indicating - the reason for the condition's last transition. Producers - of specific condition types may define expected values and - meanings for this field, and whether the values are considered - a guaranteed API. The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - lastHandledReconcileAt: - description: LastHandledReconcileAt holds the value of the most recent - reconcile request value, so a change of the annotation value can - be detected. - type: string - observedGeneration: - description: ObservedGeneration is the last observed generation. - format: int64 - type: integer - type: object - type: object - served: true - storage: true - subresources: - status: {} ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.12.0 - labels: - app.kubernetes.io/component: notification-controller - app.kubernetes.io/instance: flux-system - app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.1.2 - name: providers.notification.toolkit.fluxcd.io -spec: - group: notification.toolkit.fluxcd.io - names: - kind: Provider - listKind: ProviderList - plural: providers - singular: provider - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - jsonPath: .status.conditions[?(@.type=="Ready")].status - name: Ready - type: string - - jsonPath: .status.conditions[?(@.type=="Ready")].message - name: Status - type: string - name: v1beta1 - schema: - openAPIV3Schema: - description: Provider is the Schema for the providers API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: ProviderSpec defines the desired state of Provider - properties: - address: - description: HTTP/S webhook address of this provider - pattern: ^(http|https):// - type: string - certSecretRef: - description: CertSecretRef can be given the name of a secret containing - a PEM-encoded CA certificate (`caFile`) - properties: - name: - description: Name of the referent. - type: string - required: - - name - type: object - channel: - description: Alert channel for this provider - type: string - proxy: - description: HTTP/S address of the proxy - pattern: ^(http|https):// - type: string - secretRef: - description: Secret reference containing the provider webhook URL - using "address" as data key - properties: - name: - description: Name of the referent. - type: string - required: - - name - type: object - suspend: - description: This flag tells the controller to suspend subsequent - events handling. Defaults to false. - type: boolean - timeout: - description: Timeout for sending alerts to the provider. - pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m))+$ - type: string - type: - description: Type of provider - enum: - - slack - - discord - - msteams - - rocket - - generic - - generic-hmac - - github - - gitlab - - bitbucket - - azuredevops - - googlechat - - webex - - sentry - - azureeventhub - - telegram - - lark - - matrix - - opsgenie - - alertmanager - - grafana - - githubdispatch - type: string - username: - description: Bot username for this provider - type: string - required: - - type - type: object - status: - default: - observedGeneration: -1 - description: ProviderStatus defines the observed state of Provider - properties: - conditions: - items: - description: "Condition contains details for one aspect of the current - state of this API Resource. --- This struct is intended for direct - use as an array at the field path .status.conditions. For example, - \n type FooStatus struct{ // Represents the observations of a - foo's current state. // Known .status.conditions.type are: \"Available\", - \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge - // +listType=map // +listMapKey=type Conditions []metav1.Condition - `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" - protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" - properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should be when - the underlying condition changed. If that is not known, then - using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: message is a human readable message indicating - details about the transition. This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, if .metadata.generation - is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the current - state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic identifier indicating - the reason for the condition's last transition. Producers - of specific condition types may define expected values and - meanings for this field, and whether the values are considered - a guaranteed API. The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - observedGeneration: - description: ObservedGeneration is the last reconciled generation. - format: int64 - type: integer - type: object - type: object - served: true - storage: false - subresources: - status: {} - - additionalPrinterColumns: - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - jsonPath: .status.conditions[?(@.type=="Ready")].status - name: Ready - type: string - - jsonPath: .status.conditions[?(@.type=="Ready")].message - name: Status - type: string - name: v1beta2 - schema: - openAPIV3Schema: - description: Provider is the Schema for the providers API. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: ProviderSpec defines the desired state of the Provider. - properties: - address: - description: Address specifies the endpoint, in a generic sense, to - where alerts are sent. What kind of endpoint depends on the specific - Provider type being used. For the generic Provider, for example, - this is an HTTP/S address. For other Provider types this could be - a project ID or a namespace. - maxLength: 2048 - type: string - certSecretRef: - description: "CertSecretRef specifies the Secret containing a PEM-encoded - CA certificate (in the `ca.crt` key). \n Note: Support for the `caFile` - key has been deprecated." - properties: - name: - description: Name of the referent. - type: string - required: - - name - type: object - channel: - description: Channel specifies the destination channel where events - should be posted. - maxLength: 2048 - type: string - interval: - description: Interval at which to reconcile the Provider with its - Secret references. - pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ - type: string - proxy: - description: Proxy the HTTP/S address of the proxy server. - maxLength: 2048 - pattern: ^(http|https)://.*$ - type: string - secretRef: - description: SecretRef specifies the Secret containing the authentication - credentials for this Provider. - properties: - name: - description: Name of the referent. - type: string - required: - - name - type: object - suspend: - description: Suspend tells the controller to suspend subsequent events - handling for this Provider. - type: boolean - timeout: - description: Timeout for sending alerts to the Provider. - pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m))+$ - type: string - type: - description: Type specifies which Provider implementation to use. - enum: - - slack - - discord - - msteams - - rocket - - generic - - generic-hmac - - github - - gitlab - - gitea - - bitbucket - - azuredevops - - googlechat - - googlepubsub - - webex - - sentry - - azureeventhub - - telegram - - lark - - matrix - - opsgenie - - alertmanager - - grafana - - githubdispatch - - pagerduty - - datadog - type: string - username: - description: Username specifies the name under which events are posted. - maxLength: 2048 - type: string - required: - - type - type: object - status: - default: - observedGeneration: -1 - description: ProviderStatus defines the observed state of the Provider. - properties: - conditions: - description: Conditions holds the conditions for the Provider. - items: - description: "Condition contains details for one aspect of the current - state of this API Resource. --- This struct is intended for direct - use as an array at the field path .status.conditions. For example, - \n type FooStatus struct{ // Represents the observations of a - foo's current state. // Known .status.conditions.type are: \"Available\", - \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge - // +listType=map // +listMapKey=type Conditions []metav1.Condition - `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" - protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" - properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should be when - the underlying condition changed. If that is not known, then - using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: message is a human readable message indicating - details about the transition. This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, if .metadata.generation - is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the current - state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic identifier indicating - the reason for the condition's last transition. Producers - of specific condition types may define expected values and - meanings for this field, and whether the values are considered - a guaranteed API. The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - lastHandledReconcileAt: - description: LastHandledReconcileAt holds the value of the most recent - reconcile request value, so a change of the annotation value can - be detected. - type: string - observedGeneration: - description: ObservedGeneration is the last reconciled generation. - format: int64 - type: integer - type: object - type: object - served: true - storage: true - subresources: - status: {} ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.12.0 - labels: - app.kubernetes.io/component: notification-controller - app.kubernetes.io/instance: flux-system - app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.1.2 - name: receivers.notification.toolkit.fluxcd.io -spec: - group: notification.toolkit.fluxcd.io - names: - kind: Receiver - listKind: ReceiverList - plural: receivers - singular: receiver - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - jsonPath: .status.conditions[?(@.type=="Ready")].status - name: Ready - type: string - - jsonPath: .status.conditions[?(@.type=="Ready")].message - name: Status - type: string - name: v1 - schema: - openAPIV3Schema: - description: Receiver is the Schema for the receivers API. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: ReceiverSpec defines the desired state of the Receiver. - properties: - events: - description: Events specifies the list of event types to handle, e.g. - 'push' for GitHub or 'Push Hook' for GitLab. - items: - type: string - type: array - interval: - default: 10m - description: Interval at which to reconcile the Receiver with its - Secret references. - pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ - type: string - resources: - description: A list of resources to be notified about changes. - items: - description: CrossNamespaceObjectReference contains enough information - to let you locate the typed referenced object at cluster level - properties: - apiVersion: - description: API version of the referent - type: string - kind: - description: Kind of the referent - enum: - - Bucket - - GitRepository - - Kustomization - - HelmRelease - - HelmChart - - HelmRepository - - ImageRepository - - ImagePolicy - - ImageUpdateAutomation - - OCIRepository - type: string - matchLabels: - additionalProperties: - type: string - description: MatchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator - is "In", and the values array contains only "value". The requirements - are ANDed. MatchLabels requires the name to be set to `*`. - type: object - name: - description: Name of the referent If multiple resources are - targeted `*` may be set. - maxLength: 53 - minLength: 1 - type: string - namespace: - description: Namespace of the referent - maxLength: 53 - minLength: 1 - type: string - required: - - kind - - name - type: object - type: array - secretRef: - description: SecretRef specifies the Secret containing the token used - to validate the payload authenticity. - properties: - name: - description: Name of the referent. - type: string - required: - - name - type: object - suspend: - description: Suspend tells the controller to suspend subsequent events - handling for this receiver. - type: boolean - type: - description: Type of webhook sender, used to determine the validation - procedure and payload deserialization. - enum: - - generic - - generic-hmac - - github - - gitlab - - bitbucket - - harbor - - dockerhub - - quay - - gcr - - nexus - - acr - type: string - required: - - resources - - secretRef - - type - type: object - status: - default: - observedGeneration: -1 - description: ReceiverStatus defines the observed state of the Receiver. - properties: - conditions: - description: Conditions holds the conditions for the Receiver. - items: - description: "Condition contains details for one aspect of the current - state of this API Resource. --- This struct is intended for direct - use as an array at the field path .status.conditions. For example, - \n type FooStatus struct{ // Represents the observations of a - foo's current state. // Known .status.conditions.type are: \"Available\", - \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge - // +listType=map // +listMapKey=type Conditions []metav1.Condition - `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" - protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" - properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should be when - the underlying condition changed. If that is not known, then - using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: message is a human readable message indicating - details about the transition. This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, if .metadata.generation - is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the current - state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic identifier indicating - the reason for the condition's last transition. Producers - of specific condition types may define expected values and - meanings for this field, and whether the values are considered - a guaranteed API. The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - lastHandledReconcileAt: - description: LastHandledReconcileAt holds the value of the most recent - reconcile request value, so a change of the annotation value can - be detected. - type: string - observedGeneration: - description: ObservedGeneration is the last observed generation of - the Receiver object. - format: int64 - type: integer - webhookPath: - description: WebhookPath is the generated incoming webhook address - in the format of '/hook/sha256sum(token+name+namespace)'. - type: string - type: object - type: object - served: true - storage: true - subresources: - status: {} - - additionalPrinterColumns: - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - jsonPath: .status.conditions[?(@.type=="Ready")].status - name: Ready - type: string - - jsonPath: .status.conditions[?(@.type=="Ready")].message - name: Status - type: string - deprecated: true - deprecationWarning: v1beta1 Receiver is deprecated, upgrade to v1 - name: v1beta1 - schema: - openAPIV3Schema: - description: Receiver is the Schema for the receivers API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: ReceiverSpec defines the desired state of Receiver - properties: - events: - description: A list of events to handle, e.g. 'push' for GitHub or - 'Push Hook' for GitLab. - items: - type: string - type: array - resources: - description: A list of resources to be notified about changes. - items: - description: CrossNamespaceObjectReference contains enough information - to let you locate the typed referenced object at cluster level - properties: - apiVersion: - description: API version of the referent - type: string - kind: - description: Kind of the referent - enum: - - Bucket - - GitRepository - - Kustomization - - HelmRelease - - HelmChart - - HelmRepository - - ImageRepository - - ImagePolicy - - ImageUpdateAutomation - - OCIRepository - type: string - matchLabels: - additionalProperties: - type: string - description: MatchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator - is "In", and the values array contains only "value". The requirements - are ANDed. - type: object - name: - description: Name of the referent - maxLength: 53 - minLength: 1 - type: string - namespace: - description: Namespace of the referent - maxLength: 53 - minLength: 1 - type: string - required: - - name - type: object - type: array - secretRef: - description: Secret reference containing the token used to validate - the payload authenticity - properties: - name: - description: Name of the referent. - type: string - required: - - name - type: object - suspend: - description: This flag tells the controller to suspend subsequent - events handling. Defaults to false. - type: boolean - type: - description: Type of webhook sender, used to determine the validation - procedure and payload deserialization. - enum: - - generic - - generic-hmac - - github - - gitlab - - bitbucket - - harbor - - dockerhub - - quay - - gcr - - nexus - - acr - type: string - required: - - resources - - type - type: object - status: - default: - observedGeneration: -1 - description: ReceiverStatus defines the observed state of Receiver - properties: - conditions: - items: - description: "Condition contains details for one aspect of the current - state of this API Resource. --- This struct is intended for direct - use as an array at the field path .status.conditions. For example, - \n type FooStatus struct{ // Represents the observations of a - foo's current state. // Known .status.conditions.type are: \"Available\", - \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge - // +listType=map // +listMapKey=type Conditions []metav1.Condition - `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" - protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" - properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should be when - the underlying condition changed. If that is not known, then - using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: message is a human readable message indicating - details about the transition. This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, if .metadata.generation - is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the current - state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic identifier indicating - the reason for the condition's last transition. Producers - of specific condition types may define expected values and - meanings for this field, and whether the values are considered - a guaranteed API. The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - observedGeneration: - description: ObservedGeneration is the last observed generation. - format: int64 - type: integer - url: - description: Generated webhook URL in the format of '/hook/sha256sum(token+name+namespace)'. - type: string - type: object - type: object - served: true - storage: false - subresources: - status: {} - - additionalPrinterColumns: - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - jsonPath: .status.conditions[?(@.type=="Ready")].status - name: Ready - type: string - - jsonPath: .status.conditions[?(@.type=="Ready")].message - name: Status - type: string - deprecated: true - deprecationWarning: v1beta2 Receiver is deprecated, upgrade to v1 - name: v1beta2 - schema: - openAPIV3Schema: - description: Receiver is the Schema for the receivers API. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: ReceiverSpec defines the desired state of the Receiver. - properties: - events: - description: Events specifies the list of event types to handle, e.g. - 'push' for GitHub or 'Push Hook' for GitLab. - items: - type: string - type: array - interval: - description: Interval at which to reconcile the Receiver with its - Secret references. - pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ - type: string - resources: - description: A list of resources to be notified about changes. - items: - description: CrossNamespaceObjectReference contains enough information - to let you locate the typed referenced object at cluster level - properties: - apiVersion: - description: API version of the referent - type: string - kind: - description: Kind of the referent - enum: - - Bucket - - GitRepository - - Kustomization - - HelmRelease - - HelmChart - - HelmRepository - - ImageRepository - - ImagePolicy - - ImageUpdateAutomation - - OCIRepository - type: string - matchLabels: - additionalProperties: - type: string - description: MatchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator - is "In", and the values array contains only "value". The requirements - are ANDed. MatchLabels requires the name to be set to `*`. - type: object - name: - description: Name of the referent If multiple resources are - targeted `*` may be set. - maxLength: 53 - minLength: 1 - type: string - namespace: - description: Namespace of the referent - maxLength: 53 - minLength: 1 - type: string - required: - - kind - - name - type: object - type: array - secretRef: - description: SecretRef specifies the Secret containing the token used - to validate the payload authenticity. - properties: - name: - description: Name of the referent. - type: string - required: - - name - type: object - suspend: - description: Suspend tells the controller to suspend subsequent events - handling for this receiver. - type: boolean - type: - description: Type of webhook sender, used to determine the validation - procedure and payload deserialization. - enum: - - generic - - generic-hmac - - github - - gitlab - - bitbucket - - harbor - - dockerhub - - quay - - gcr - - nexus - - acr - type: string - required: - - resources - - type - type: object - status: - default: - observedGeneration: -1 - description: ReceiverStatus defines the observed state of the Receiver. - properties: - conditions: - description: Conditions holds the conditions for the Receiver. - items: - description: "Condition contains details for one aspect of the current - state of this API Resource. --- This struct is intended for direct - use as an array at the field path .status.conditions. For example, - \n type FooStatus struct{ // Represents the observations of a - foo's current state. // Known .status.conditions.type are: \"Available\", - \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge - // +listType=map // +listMapKey=type Conditions []metav1.Condition - `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" - protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" - properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should be when - the underlying condition changed. If that is not known, then - using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: message is a human readable message indicating - details about the transition. This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, if .metadata.generation - is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the current - state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic identifier indicating - the reason for the condition's last transition. Producers - of specific condition types may define expected values and - meanings for this field, and whether the values are considered - a guaranteed API. The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - lastHandledReconcileAt: - description: LastHandledReconcileAt holds the value of the most recent - reconcile request value, so a change of the annotation value can - be detected. - type: string - observedGeneration: - description: ObservedGeneration is the last observed generation of - the Receiver object. - format: int64 - type: integer - url: - description: 'URL is the generated incoming webhook address in the - format of ''/hook/sha256sum(token+name+namespace)''. Deprecated: - Replaced by WebhookPath.' - type: string - webhookPath: - description: WebhookPath is the generated incoming webhook address - in the format of '/hook/sha256sum(token+name+namespace)'. - type: string - type: object - type: object - served: true - storage: false - subresources: - status: {} ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: - app.kubernetes.io/component: notification-controller - app.kubernetes.io/instance: flux-system - app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.1.2 - name: notification-controller - namespace: flux-system ---- -apiVersion: v1 -kind: Service -metadata: - labels: - app.kubernetes.io/component: notification-controller - app.kubernetes.io/instance: flux-system - app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.1.2 - control-plane: controller - name: notification-controller - namespace: flux-system -spec: - ports: - - name: http - port: 80 - protocol: TCP - targetPort: http - selector: - app: notification-controller - type: ClusterIP ---- -apiVersion: v1 -kind: Service -metadata: - labels: - app.kubernetes.io/component: notification-controller - app.kubernetes.io/instance: flux-system - app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.1.2 - control-plane: controller - name: webhook-receiver - namespace: flux-system -spec: - ports: - - name: http - port: 80 - protocol: TCP - targetPort: http-webhook - selector: - app: notification-controller - type: ClusterIP ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app.kubernetes.io/component: notification-controller - app.kubernetes.io/instance: flux-system - app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.1.2 - control-plane: controller - name: notification-controller - namespace: flux-system -spec: - replicas: 1 - selector: - matchLabels: - app: notification-controller - template: - metadata: - annotations: - prometheus.io/port: "8080" - prometheus.io/scrape: "true" - labels: - app: notification-controller - spec: - containers: - - args: - - --watch-all-namespaces=true - - --log-level=info - - --log-encoding=json - - --enable-leader-election - env: - - name: RUNTIME_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - image: ghcr.io/fluxcd/notification-controller:v1.1.0 - imagePullPolicy: IfNotPresent - livenessProbe: - httpGet: - path: /healthz - port: healthz - name: manager - ports: - - containerPort: 9090 - name: http - protocol: TCP - - containerPort: 9292 - name: http-webhook - protocol: TCP - - containerPort: 8080 - name: http-prom - protocol: TCP - - containerPort: 9440 - name: healthz - protocol: TCP - readinessProbe: - httpGet: - path: /readyz - port: healthz - resources: - limits: - cpu: 1000m - memory: 1Gi - requests: - cpu: 100m - memory: 64Mi - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - readOnlyRootFilesystem: true - runAsNonRoot: true - seccompProfile: - type: RuntimeDefault - volumeMounts: - - mountPath: /tmp - name: temp - nodeSelector: - kubernetes.io/os: linux - securityContext: - fsGroup: 1337 - serviceAccountName: notification-controller - terminationGracePeriodSeconds: 10 - volumes: - - emptyDir: {} - name: temp diff --git a/flux/olympus/base/flux-system/gotk-sync.yaml b/flux/olympus/base/flux-system/gotk-sync.yaml deleted file mode 100644 index 094efe16..00000000 --- a/flux/olympus/base/flux-system/gotk-sync.yaml +++ /dev/null @@ -1,27 +0,0 @@ -# This manifest was generated by flux. DO NOT EDIT. ---- -apiVersion: source.toolkit.fluxcd.io/v1 -kind: GitRepository -metadata: - name: flux-system - namespace: flux-system -spec: - interval: 1m0s - ref: - branch: main - secretRef: - name: flux-system - url: ssh://gitea@git.0x76.dev:42/v/infrastructure.git ---- -apiVersion: kustomize.toolkit.fluxcd.io/v1 -kind: Kustomization -metadata: - name: flux-system - namespace: flux-system -spec: - interval: 10m0s - path: ./flux/olympus/base - prune: true - sourceRef: - kind: GitRepository - name: flux-system diff --git a/flux/olympus/base/flux-system/kustomization.yaml b/flux/olympus/base/flux-system/kustomization.yaml deleted file mode 100644 index 42cac648..00000000 --- a/flux/olympus/base/flux-system/kustomization.yaml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -resources: - - gotk-components.yaml - - gotk-sync.yaml - - repositories diff --git a/flux/olympus/base/flux-system/repositories/helm/external-secrets.yaml b/flux/olympus/base/flux-system/repositories/helm/external-secrets.yaml deleted file mode 100644 index a68409ba..00000000 --- a/flux/olympus/base/flux-system/repositories/helm/external-secrets.yaml +++ /dev/null @@ -1,8 +0,0 @@ -apiVersion: source.toolkit.fluxcd.io/v1beta2 -kind: HelmRepository -metadata: - name: external-secrets - namespace: flux-system -spec: - interval: 1h - url: https://charts.external-secrets.io diff --git a/flux/olympus/base/flux-system/repositories/helm/kustomization.yaml b/flux/olympus/base/flux-system/repositories/helm/kustomization.yaml deleted file mode 100644 index 9e58514b..00000000 --- a/flux/olympus/base/flux-system/repositories/helm/kustomization.yaml +++ /dev/null @@ -1,5 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -resources: - - external-secrets.yaml - diff --git a/flux/olympus/base/flux-system/repositories/kustomization.yaml b/flux/olympus/base/flux-system/repositories/kustomization.yaml deleted file mode 100644 index dadf6d60..00000000 --- a/flux/olympus/base/flux-system/repositories/kustomization.yaml +++ /dev/null @@ -1,5 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -resources: - - helm - diff --git a/flux/olympus/core/external-secrets/.gitignore b/flux/olympus/core/external-secrets/.gitignore deleted file mode 100644 index 5eec00f7..00000000 --- a/flux/olympus/core/external-secrets/.gitignore +++ /dev/null @@ -1 +0,0 @@ -vault-secret-id.yaml \ No newline at end of file diff --git a/flux/olympus/core/external-secrets/helm-release.yaml b/flux/olympus/core/external-secrets/helm-release.yaml deleted file mode 100644 index 7ca3ee27..00000000 --- a/flux/olympus/core/external-secrets/helm-release.yaml +++ /dev/null @@ -1,29 +0,0 @@ ---- -apiVersion: helm.toolkit.fluxcd.io/v2beta1 -kind: HelmRelease -metadata: - name: external-secrets - namespace: security -spec: - interval: 30m - chart: - spec: - chart: external-secrets - version: 0.9.9 - interval: 30m - sourceRef: - kind: HelmRepository - name: external-secrets - namespace: flux-system - values: - installCRDs: true - replicaCount: 1 - leaderElect: true - # serviceMonitor: - # enabled: true - # webhook: - # serviceMonitor: - # enabled: true - # certController: - # serviceMonitor: - # enabled: true diff --git a/flux/olympus/core/external-secrets/kustomization.yaml b/flux/olympus/core/external-secrets/kustomization.yaml deleted file mode 100644 index 04c4cf13..00000000 --- a/flux/olympus/core/external-secrets/kustomization.yaml +++ /dev/null @@ -1,5 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -resources: - - helm-release.yaml - - vault-secret-store.yaml diff --git a/flux/olympus/core/external-secrets/vault-secret-id.example.yaml b/flux/olympus/core/external-secrets/vault-secret-id.example.yaml deleted file mode 100644 index e9c57519..00000000 --- a/flux/olympus/core/external-secrets/vault-secret-id.example.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: v1 -kind: Secret -metadata: - name: vault-secret-id - namespace: security -data: - secret-id: XXXXXX # Obtain by `vault write -f auth/approle/role/external-secrets/secret-id` diff --git a/flux/olympus/core/external-secrets/vault-secret-store.yaml b/flux/olympus/core/external-secrets/vault-secret-store.yaml deleted file mode 100644 index f09f88f0..00000000 --- a/flux/olympus/core/external-secrets/vault-secret-store.yaml +++ /dev/null @@ -1,27 +0,0 @@ -apiVersion: external-secrets.io/v1beta1 -kind: ClusterSecretStore -metadata: - name: vault - namespace: security -spec: - provider: - vault: - server: "http://vault.olympus:8200" - path: "k8s" - version: "v2" - auth: - # VaultAppRole authenticates with Vault using the - # App Role auth mechanism - # https://www.vaultproject.io/docs/auth/approle - appRole: - # Path where the App Role authentication backend is mounted - path: "approle" - # RoleID configured in the App Role authentication backend - # `vault read auth/approle/role/external-secrets/role-id` - roleId: "bb841a0e-45c1-9dab-36f0-f72647d6aff0" - # Reference to a key in a K8 Secret that contains the App Role SecretId - # (not commited in git) - secretRef: - name: "vault-secret-id" - namespace: "security" - key: "secret-id" diff --git a/flux/olympus/core/kustomization.yaml b/flux/olympus/core/kustomization.yaml deleted file mode 100644 index 1611c859..00000000 --- a/flux/olympus/core/kustomization.yaml +++ /dev/null @@ -1,5 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -resources: - - namespaces - - external-secrets diff --git a/flux/olympus/core/namespaces/kustomization.yaml b/flux/olympus/core/namespaces/kustomization.yaml deleted file mode 100644 index be604cf1..00000000 --- a/flux/olympus/core/namespaces/kustomization.yaml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -resources: - - websites.yaml - - security.yaml - - services.yaml diff --git a/flux/olympus/core/namespaces/security.yaml b/flux/olympus/core/namespaces/security.yaml deleted file mode 100644 index 65f1a838..00000000 --- a/flux/olympus/core/namespaces/security.yaml +++ /dev/null @@ -1,4 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - name: security diff --git a/flux/olympus/core/namespaces/services.yaml b/flux/olympus/core/namespaces/services.yaml deleted file mode 100644 index da390d0d..00000000 --- a/flux/olympus/core/namespaces/services.yaml +++ /dev/null @@ -1,4 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - name: services diff --git a/flux/olympus/core/namespaces/websites.yaml b/flux/olympus/core/namespaces/websites.yaml deleted file mode 100644 index 9b4e8bc3..00000000 --- a/flux/olympus/core/namespaces/websites.yaml +++ /dev/null @@ -1,4 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - name: websites diff --git a/nixos/hosts/olympus/bastion/containers/common.nix b/hosts/olympus/bastion/containers/common.nix similarity index 68% rename from nixos/hosts/olympus/bastion/containers/common.nix rename to hosts/olympus/bastion/containers/common.nix index 56ccdd5e..065206f8 100644 --- a/nixos/hosts/olympus/bastion/containers/common.nix +++ b/hosts/olympus/bastion/containers/common.nix @@ -1,6 +1,12 @@ # common container config { lib, ... }: { + imports = [ + ../../../../common + ]; # Workaround for bug https://github.com/NixOS/nixpkgs/issues/162686 networking.useHostResolvConf = lib.mkForce false; services.resolved.enable = true; + + system.stateVersion = lib.mkDefault "24.05"; } + diff --git a/hosts/olympus/bastion/containers/default.nix b/hosts/olympus/bastion/containers/default.nix new file mode 100644 index 00000000..edd293ae --- /dev/null +++ b/hosts/olympus/bastion/containers/default.nix @@ -0,0 +1,82 @@ +{ + config, + lib, + inputs, + ... +}: +let + hostAddress = "10.42.99.1"; + hostAddress6 = "fc00::1"; +in +{ + networking.nat = { + enable = true; + internalInterfaces = [ "ve-+" ]; + externalInterface = "ens18"; + # Lazy IPv6 connectivity for the container + enableIPv6 = true; + }; + + networking.firewall.allowedTCPPorts = [ + 8384 + 22000 + ]; + networking.firewall.allowedUDPPorts = [ + 22000 + 21027 + ]; + + # Containers network is + # * 10.42.99.0/24 + # * fc00:x + + users.groups.backup = { + gid = 10000; + members = [ "vivian" ]; + }; + + containers = { + syncthing = { + autoStart = true; + inherit hostAddress hostAddress6; + localAddress = "10.42.99.2"; + localAddress6 = "fc00::2"; + + forwardPorts = [ + { + containerPort = 8384; + hostPort = 8384; + protocol = "tcp"; + } + ]; + + bindMounts = { + "/data" = { + hostPath = "/mnt/backup"; + isReadOnly = false; + }; + }; + + specialArgs = { + inherit inputs; + }; + + config = + { pkgs, ... }: + { + users.groups.backup = { + gid = 10000; + members = [ "syncthing" ]; + }; + + imports = [ + ./common.nix + ./syncthing.nix + inputs.home-manager.nixosModules.home-manager + inputs.gnome-autounlock-keyring.nixosModules.default + inputs.catppuccin.nixosModules.catppuccin + ]; + }; + }; + }; +} diff --git a/hosts/olympus/bastion/containers/dns.nix b/hosts/olympus/bastion/containers/dns.nix new file mode 100644 index 00000000..530b642f --- /dev/null +++ b/hosts/olympus/bastion/containers/dns.nix @@ -0,0 +1,7 @@ +{ ... }: { + services.v.dns = { + enable = true; + openFirewall = true; + mode = "server"; + }; +} diff --git a/hosts/olympus/bastion/containers/syncthing.nix b/hosts/olympus/bastion/containers/syncthing.nix new file mode 100644 index 00000000..0e10c83f --- /dev/null +++ b/hosts/olympus/bastion/containers/syncthing.nix @@ -0,0 +1,8 @@ +{ ... }: +{ + services.syncthing = { + enable = true; + openDefaultPorts = true; + guiAddress = "0.0.0.0:8384"; + }; +} diff --git a/nixos/hosts/olympus/bastion/configuration.nix b/hosts/olympus/bastion/default.nix similarity index 78% rename from nixos/hosts/olympus/bastion/configuration.nix rename to hosts/olympus/bastion/default.nix index 3cb429d7..d5f7fcd5 100644 --- a/nixos/hosts/olympus/bastion/configuration.nix +++ b/hosts/olympus/bastion/default.nix @@ -2,16 +2,30 @@ # your system. Help is available in the configuration.nix(5) man page # and in the NixOS manual (accessible by running ‘nixos-help’). -{ pkgs, inputs, ... }: { +{ pkgs, ... }: { imports = [ # Include the results of the hardware scan. ./hardware-configuration.nix ./containers + ./immich.nix # ./vms.nix ]; programs.nix-ld.enable = true; + meta = { + ipv4 = "10.42.42.4"; + ipv6 = "2001:41f0:9639:1:80f0:7cff:fecb:bd6d"; + mac = "82:F0:7C:CB:BD:6D"; + }; + + services.scrutiny = { + enable = true; + openFirewall = true; + influxdb.enable = true; + collector.enable = false; + }; + # Use the GRUB 2 boot loader. boot.loader.grub.enable = true; boot.loader.grub.device = "/dev/sda"; @@ -24,15 +38,10 @@ # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). system.stateVersion = "22.11"; # Did you read the comment? - virtualisation.podman.enable = true; + virtualisation.docker.enable = true; # Additional packages environment.systemPackages = with pkgs; [ vault ]; networking.useNetworkd = true; - - programs.gnupg.agent = { - enable = true; - pinentryFlavor = "curses"; - }; } diff --git a/nixos/hosts/olympus/bastion/hardware-configuration.nix b/hosts/olympus/bastion/hardware-configuration.nix similarity index 84% rename from nixos/hosts/olympus/bastion/hardware-configuration.nix rename to hosts/olympus/bastion/hardware-configuration.nix index be7d9923..36ac4572 100644 --- a/nixos/hosts/olympus/bastion/hardware-configuration.nix +++ b/hosts/olympus/bastion/hardware-configuration.nix @@ -19,6 +19,11 @@ fsType = "ext4"; }; + fileSystems."/mnt/backup" = { + device = "/dev/disk/by-uuid/83b1e87f-975f-4150-b673-81087f84f0bb"; + fsType = "ext4"; + }; + swapDevices = [{ device = "/dev/disk/by-uuid/63d90b92-cdde-4795-a3ab-9566ae88f43d"; }]; diff --git a/hosts/olympus/bastion/immich.nix b/hosts/olympus/bastion/immich.nix new file mode 100644 index 00000000..46e21e79 --- /dev/null +++ b/hosts/olympus/bastion/immich.nix @@ -0,0 +1,78 @@ +{ config, pkgs, ... }: +{ + boot.kernel.sysctl = { "vm.overcommit_memory" = 1; }; + + virtualisation.oci-containers.backend = "docker"; + virtualisation.docker.autoPrune.enable = true; + + + systemd.services.init-filerun-network-and-files = { + description = "Create the network bridge for Immich."; + after = [ "network.target" ]; + wantedBy = [ "multi-user.target" ]; + + serviceConfig.Type = "oneshot"; + script = + let + dockercli = "${config.virtualisation.docker.package}/bin/docker"; + in + '' + # immich-net network + check=$(${dockercli} network ls | grep "immich-net" || true) + if [ -z "$check" ]; then + ${dockercli} network create immich-net + else + echo "immich-net already exists in docker" + fi + ''; + }; + + virtualisation.oci-containers.containers = { + immich = { + autoStart = true; + image = "ghcr.io/imagegenius/immich:latest"; + volumes = [ + "/mnt/backup/immich/config:/config" + "/mnt/backup/immich/photos:/photos" + "/mnt/backup/replicated/photos:/replicated" + "/mnt/backup/immich/config/machine-learning:/config/machine-learning" + ]; + ports = [ "2283:8080" ]; + environment = { + PUID = "1000"; + PGID = "1000"; + TZ = "Europe/Amsterdam"; # Change this to your timezone + DB_HOSTNAME = "postgres14"; + DB_USERNAME = "postgres"; + DB_PASSWORD = "postgres"; + DB_DATABASE_NAME = "immich"; + REDIS_HOSTNAME = "redis"; + }; + extraOptions = [ + "--network=immich-net" + "--pull=always" + # "--gpus=all" + ]; + }; + + redis = { + autoStart = true; + image = "redis"; + ports = [ "6379:6379" ]; + extraOptions = [ "--network=immich-net" ]; + }; + + postgres14 = { + autoStart = true; + image = "tensorchord/pgvecto-rs:pg14-v0.2.0"; + ports = [ "5432:5432" ]; + volumes = [ "pgdata:/var/lib/postgresql/data" ]; + environment = { + POSTGRES_USER = "postgres"; + POSTGRES_PASSWORD = "postgres"; + POSTGRES_DB = "immich"; + }; + extraOptions = [ "--network=immich-net" ]; + }; + }; +} diff --git a/nixos/hosts/olympus/bastion/vms.nix b/hosts/olympus/bastion/vms.nix similarity index 100% rename from nixos/hosts/olympus/bastion/vms.nix rename to hosts/olympus/bastion/vms.nix diff --git a/nixos/hosts/olympus/eevee/configuration.nix b/hosts/olympus/eevee/default.nix similarity index 100% rename from nixos/hosts/olympus/eevee/configuration.nix rename to hosts/olympus/eevee/default.nix diff --git a/nixos/hosts/olympus/eevee/hardware-configuration.nix b/hosts/olympus/eevee/hardware-configuration.nix similarity index 100% rename from nixos/hosts/olympus/eevee/hardware-configuration.nix rename to hosts/olympus/eevee/hardware-configuration.nix diff --git a/nixos/hosts/olympus/eevee/hardware.nix b/hosts/olympus/eevee/hardware.nix similarity index 74% rename from nixos/hosts/olympus/eevee/hardware.nix rename to hosts/olympus/eevee/hardware.nix index cd1cb84d..ed9d42bb 100644 --- a/nixos/hosts/olympus/eevee/hardware.nix +++ b/hosts/olympus/eevee/hardware.nix @@ -1,11 +1,12 @@ -{ pkgs, ... }: { +{ config, pkgs, ... }: +{ hardware = { enableAllFirmware = true; nvidia = { - # package = config.boot.kernelPackages.nvidiaPackages.stable; + package = config.boot.kernelPackages.nvidiaPackages.beta; # Open drivers cause gdm to crash - # open = true; + open = false; # nvidia-drm.modeset=1 modesetting.enable = true; @@ -13,13 +14,7 @@ }; # Hardware acceleration - opengl = { - enable = true; - - # Vulkan - driSupport = true; - driSupport32Bit = true; - }; + graphics.enable = true; logitech.wireless = { enable = true; diff --git a/nixos/hosts/olympus/eevee/home/.gitignore b/hosts/olympus/eevee/home/.gitignore similarity index 100% rename from nixos/hosts/olympus/eevee/home/.gitignore rename to hosts/olympus/eevee/home/.gitignore diff --git a/nixos/hosts/olympus/eevee/home/default.nix b/hosts/olympus/eevee/home/default.nix similarity index 92% rename from nixos/hosts/olympus/eevee/home/default.nix rename to hosts/olympus/eevee/home/default.nix index bf2d078a..01ab876e 100644 --- a/nixos/hosts/olympus/eevee/home/default.nix +++ b/hosts/olympus/eevee/home/default.nix @@ -4,6 +4,5 @@ }; home.packages = with pkgs; [ - zoom-us ]; } diff --git a/hosts/thalassa/aoife/69-probe-rs.rules b/hosts/thalassa/aoife/69-probe-rs.rules new file mode 100644 index 00000000..22aa1774 --- /dev/null +++ b/hosts/thalassa/aoife/69-probe-rs.rules @@ -0,0 +1,146 @@ +# Copy this file to /etc/udev/rules.d/ +# If rules fail to reload automatically, you can refresh udev rules +# with the command "udevadm control --reload" + +# This rules are based on the udev rules from the OpenOCD project, with unsupported probes removed. +# See http://openocd.org/ for more details. +# +# This file is available under the GNU General Public License v2.0 + +ACTION!="add|change", GOTO="probe_rs_rules_end" + +SUBSYSTEM=="gpio", MODE="0660", GROUP="plugdev", TAG+="uaccess" + +SUBSYSTEM!="usb|tty|hidraw", GOTO="probe_rs_rules_end" + +# Please keep this list sorted by VID:PID + +# STMicroelectronics ST-LINK V1 +ATTRS{idVendor}=="0483", ATTRS{idProduct}=="3744", MODE="660", GROUP="plugdev", TAG+="uaccess" + +# STMicroelectronics ST-LINK/V2 +ATTRS{idVendor}=="0483", ATTRS{idProduct}=="3748", MODE="660", GROUP="plugdev", TAG+="uaccess" + +# STMicroelectronics ST-LINK/V2.1 +ATTRS{idVendor}=="0483", ATTRS{idProduct}=="374b", MODE="660", GROUP="plugdev", TAG+="uaccess" +ATTRS{idVendor}=="0483", ATTRS{idProduct}=="3752", MODE="660", GROUP="plugdev", TAG+="uaccess" + +# STMicroelectronics STLINK-V3 +ATTRS{idVendor}=="0483", ATTRS{idProduct}=="374d", MODE="660", GROUP="plugdev", TAG+="uaccess" +ATTRS{idVendor}=="0483", ATTRS{idProduct}=="374e", MODE="660", GROUP="plugdev", TAG+="uaccess" +ATTRS{idVendor}=="0483", ATTRS{idProduct}=="374f", MODE="660", GROUP="plugdev", TAG+="uaccess" +ATTRS{idVendor}=="0483", ATTRS{idProduct}=="3753", MODE="660", GROUP="plugdev", TAG+="uaccess" +ATTRS{idVendor}=="0483", ATTRS{idProduct}=="3754", MODE="660", GROUP="plugdev", TAG+="uaccess" + +# SEGGER J-Link +ATTRS{idVendor}=="1366", ATTRS{idProduct}=="0101", MODE="660", GROUP="plugdev", TAG+="uaccess" +ATTRS{idVendor}=="1366", ATTRS{idProduct}=="0102", MODE="660", GROUP="plugdev", TAG+="uaccess" +ATTRS{idVendor}=="1366", ATTRS{idProduct}=="0103", MODE="660", GROUP="plugdev", TAG+="uaccess" +ATTRS{idVendor}=="1366", ATTRS{idProduct}=="0104", MODE="660", GROUP="plugdev", TAG+="uaccess" +ATTRS{idVendor}=="1366", ATTRS{idProduct}=="0105", MODE="660", GROUP="plugdev", TAG+="uaccess" +ATTRS{idVendor}=="1366", ATTRS{idProduct}=="0107", MODE="660", GROUP="plugdev", TAG+="uaccess" +ATTRS{idVendor}=="1366", ATTRS{idProduct}=="0108", MODE="660", GROUP="plugdev", TAG+="uaccess" +ATTRS{idVendor}=="1366", ATTRS{idProduct}=="1001", MODE="660", GROUP="plugdev", TAG+="uaccess" +ATTRS{idVendor}=="1366", ATTRS{idProduct}=="1002", MODE="660", GROUP="plugdev", TAG+="uaccess" +ATTRS{idVendor}=="1366", ATTRS{idProduct}=="1003", MODE="660", GROUP="plugdev", TAG+="uaccess" +ATTRS{idVendor}=="1366", ATTRS{idProduct}=="1004", MODE="660", GROUP="plugdev", TAG+="uaccess" +ATTRS{idVendor}=="1366", ATTRS{idProduct}=="1005", MODE="660", GROUP="plugdev", TAG+="uaccess" +ATTRS{idVendor}=="1366", ATTRS{idProduct}=="1006", MODE="660", GROUP="plugdev", TAG+="uaccess" +ATTRS{idVendor}=="1366", ATTRS{idProduct}=="1007", MODE="660", GROUP="plugdev", TAG+="uaccess" +ATTRS{idVendor}=="1366", ATTRS{idProduct}=="1008", MODE="660", GROUP="plugdev", TAG+="uaccess" +ATTRS{idVendor}=="1366", ATTRS{idProduct}=="1009", MODE="660", GROUP="plugdev", TAG+="uaccess" +ATTRS{idVendor}=="1366", ATTRS{idProduct}=="100a", MODE="660", GROUP="plugdev", TAG+="uaccess" +ATTRS{idVendor}=="1366", ATTRS{idProduct}=="100b", MODE="660", GROUP="plugdev", TAG+="uaccess" +ATTRS{idVendor}=="1366", ATTRS{idProduct}=="100c", MODE="660", GROUP="plugdev", TAG+="uaccess" +ATTRS{idVendor}=="1366", ATTRS{idProduct}=="100d", MODE="660", GROUP="plugdev", TAG+="uaccess" +ATTRS{idVendor}=="1366", ATTRS{idProduct}=="100e", MODE="660", GROUP="plugdev", TAG+="uaccess" +ATTRS{idVendor}=="1366", ATTRS{idProduct}=="100f", MODE="660", GROUP="plugdev", TAG+="uaccess" +ATTRS{idVendor}=="1366", ATTRS{idProduct}=="1010", MODE="660", GROUP="plugdev", TAG+="uaccess" +ATTRS{idVendor}=="1366", ATTRS{idProduct}=="1011", MODE="660", GROUP="plugdev", TAG+="uaccess" +ATTRS{idVendor}=="1366", ATTRS{idProduct}=="1012", MODE="660", GROUP="plugdev", TAG+="uaccess" +ATTRS{idVendor}=="1366", ATTRS{idProduct}=="1013", MODE="660", GROUP="plugdev", TAG+="uaccess" +ATTRS{idVendor}=="1366", ATTRS{idProduct}=="1014", MODE="660", GROUP="plugdev", TAG+="uaccess" +ATTRS{idVendor}=="1366", ATTRS{idProduct}=="1015", MODE="660", GROUP="plugdev", TAG+="uaccess" +ATTRS{idVendor}=="1366", ATTRS{idProduct}=="1016", MODE="660", GROUP="plugdev", TAG+="uaccess" +ATTRS{idVendor}=="1366", ATTRS{idProduct}=="1017", MODE="660", GROUP="plugdev", TAG+="uaccess" +ATTRS{idVendor}=="1366", ATTRS{idProduct}=="1018", MODE="660", GROUP="plugdev", TAG+="uaccess" +ATTRS{idVendor}=="1366", ATTRS{idProduct}=="1019", MODE="660", GROUP="plugdev", TAG+="uaccess" +ATTRS{idVendor}=="1366", ATTRS{idProduct}=="101a", MODE="660", GROUP="plugdev", TAG+="uaccess" +ATTRS{idVendor}=="1366", ATTRS{idProduct}=="101b", MODE="660", GROUP="plugdev", TAG+="uaccess" +ATTRS{idVendor}=="1366", ATTRS{idProduct}=="101c", MODE="660", GROUP="plugdev", TAG+="uaccess" +ATTRS{idVendor}=="1366", ATTRS{idProduct}=="101d", MODE="660", GROUP="plugdev", TAG+="uaccess" +ATTRS{idVendor}=="1366", ATTRS{idProduct}=="101e", MODE="660", GROUP="plugdev", TAG+="uaccess" +ATTRS{idVendor}=="1366", ATTRS{idProduct}=="101f", MODE="660", GROUP="plugdev", TAG+="uaccess" +ATTRS{idVendor}=="1366", ATTRS{idProduct}=="1020", MODE="660", GROUP="plugdev", TAG+="uaccess" +ATTRS{idVendor}=="1366", ATTRS{idProduct}=="1021", MODE="660", GROUP="plugdev", TAG+="uaccess" +ATTRS{idVendor}=="1366", ATTRS{idProduct}=="1022", MODE="660", GROUP="plugdev", TAG+="uaccess" +ATTRS{idVendor}=="1366", ATTRS{idProduct}=="1023", MODE="660", GROUP="plugdev", TAG+="uaccess" +ATTRS{idVendor}=="1366", ATTRS{idProduct}=="1024", MODE="660", GROUP="plugdev", TAG+="uaccess" +ATTRS{idVendor}=="1366", ATTRS{idProduct}=="1025", MODE="660", GROUP="plugdev", TAG+="uaccess" +ATTRS{idVendor}=="1366", ATTRS{idProduct}=="1026", MODE="660", GROUP="plugdev", TAG+="uaccess" +ATTRS{idVendor}=="1366", ATTRS{idProduct}=="1027", MODE="660", GROUP="plugdev", TAG+="uaccess" +ATTRS{idVendor}=="1366", ATTRS{idProduct}=="1028", MODE="660", GROUP="plugdev", TAG+="uaccess" +ATTRS{idVendor}=="1366", ATTRS{idProduct}=="1029", MODE="660", GROUP="plugdev", TAG+="uaccess" +ATTRS{idVendor}=="1366", ATTRS{idProduct}=="102a", MODE="660", GROUP="plugdev", TAG+="uaccess" +ATTRS{idVendor}=="1366", ATTRS{idProduct}=="102b", MODE="660", GROUP="plugdev", TAG+="uaccess" +ATTRS{idVendor}=="1366", ATTRS{idProduct}=="102c", MODE="660", GROUP="plugdev", TAG+="uaccess" +ATTRS{idVendor}=="1366", ATTRS{idProduct}=="102d", MODE="660", GROUP="plugdev", TAG+="uaccess" +ATTRS{idVendor}=="1366", ATTRS{idProduct}=="102e", MODE="660", GROUP="plugdev", TAG+="uaccess" +ATTRS{idVendor}=="1366", ATTRS{idProduct}=="102f", MODE="660", GROUP="plugdev", TAG+="uaccess" +ATTRS{idVendor}=="1366", ATTRS{idProduct}=="1050", MODE="660", GROUP="plugdev", TAG+="uaccess" +ATTRS{idVendor}=="1366", ATTRS{idProduct}=="1051", MODE="660", GROUP="plugdev", TAG+="uaccess" +ATTRS{idVendor}=="1366", ATTRS{idProduct}=="1052", MODE="660", GROUP="plugdev", TAG+="uaccess" +ATTRS{idVendor}=="1366", ATTRS{idProduct}=="1053", MODE="660", GROUP="plugdev", TAG+="uaccess" +ATTRS{idVendor}=="1366", ATTRS{idProduct}=="1054", MODE="660", GROUP="plugdev", TAG+="uaccess" +ATTRS{idVendor}=="1366", ATTRS{idProduct}=="1055", MODE="660", GROUP="plugdev", TAG+="uaccess" +ATTRS{idVendor}=="1366", ATTRS{idProduct}=="1056", MODE="660", GROUP="plugdev", TAG+="uaccess" +ATTRS{idVendor}=="1366", ATTRS{idProduct}=="1057", MODE="660", GROUP="plugdev", TAG+="uaccess" +ATTRS{idVendor}=="1366", ATTRS{idProduct}=="1058", MODE="660", GROUP="plugdev", TAG+="uaccess" +ATTRS{idVendor}=="1366", ATTRS{idProduct}=="1059", MODE="660", GROUP="plugdev", TAG+="uaccess" +ATTRS{idVendor}=="1366", ATTRS{idProduct}=="105a", MODE="660", GROUP="plugdev", TAG+="uaccess" +ATTRS{idVendor}=="1366", ATTRS{idProduct}=="105b", MODE="660", GROUP="plugdev", TAG+="uaccess" +ATTRS{idVendor}=="1366", ATTRS{idProduct}=="105c", MODE="660", GROUP="plugdev", TAG+="uaccess" +ATTRS{idVendor}=="1366", ATTRS{idProduct}=="105d", MODE="660", GROUP="plugdev", TAG+="uaccess" +ATTRS{idVendor}=="1366", ATTRS{idProduct}=="105e", MODE="660", GROUP="plugdev", TAG+="uaccess" +ATTRS{idVendor}=="1366", ATTRS{idProduct}=="105f", MODE="660", GROUP="plugdev", TAG+="uaccess" +ATTRS{idVendor}=="1366", ATTRS{idProduct}=="1060", MODE="660", GROUP="plugdev", TAG+="uaccess" +ATTRS{idVendor}=="1366", ATTRS{idProduct}=="1061", MODE="660", GROUP="plugdev", TAG+="uaccess" +ATTRS{idVendor}=="1366", ATTRS{idProduct}=="1062", MODE="660", GROUP="plugdev", TAG+="uaccess" +ATTRS{idVendor}=="1366", ATTRS{idProduct}=="1063", MODE="660", GROUP="plugdev", TAG+="uaccess" +ATTRS{idVendor}=="1366", ATTRS{idProduct}=="1064", MODE="660", GROUP="plugdev", TAG+="uaccess" +ATTRS{idVendor}=="1366", ATTRS{idProduct}=="1065", MODE="660", GROUP="plugdev", TAG+="uaccess" +ATTRS{idVendor}=="1366", ATTRS{idProduct}=="1066", MODE="660", GROUP="plugdev", TAG+="uaccess" +ATTRS{idVendor}=="1366", ATTRS{idProduct}=="1067", MODE="660", GROUP="plugdev", TAG+="uaccess" +ATTRS{idVendor}=="1366", ATTRS{idProduct}=="1068", MODE="660", GROUP="plugdev", TAG+="uaccess" +ATTRS{idVendor}=="1366", ATTRS{idProduct}=="1069", MODE="660", GROUP="plugdev", TAG+="uaccess" +ATTRS{idVendor}=="1366", ATTRS{idProduct}=="106a", MODE="660", GROUP="plugdev", TAG+="uaccess" +ATTRS{idVendor}=="1366", ATTRS{idProduct}=="106b", MODE="660", GROUP="plugdev", TAG+="uaccess" +ATTRS{idVendor}=="1366", ATTRS{idProduct}=="106c", MODE="660", GROUP="plugdev", TAG+="uaccess" +ATTRS{idVendor}=="1366", ATTRS{idProduct}=="106d", MODE="660", GROUP="plugdev", TAG+="uaccess" +ATTRS{idVendor}=="1366", ATTRS{idProduct}=="106e", MODE="660", GROUP="plugdev", TAG+="uaccess" +ATTRS{idVendor}=="1366", ATTRS{idProduct}=="106f", MODE="660", GROUP="plugdev", TAG+="uaccess" + +# FT232H +ATTRS{idVendor}=="0403", ATTRS{idProduct}=="6014", MODE="660", GROUP="plugdev", TAG+="uaccess" +# FT2232x +ATTRS{idVendor}=="0403", ATTRS{idProduct}=="6010", MODE="660", GROUP="plugdev", TAG+="uaccess" +# FT4232H +ATTRS{idVendor}=="0403", ATTRS{idProduct}=="6011", MODE="660", GROUP="plugdev", TAG+="uaccess" + +# FTDI-based Olimex devices +ATTRS{idVendor}=="0x15ba", ATTRS{idProduct}=="0x0003", MODE="660", GROUP="plugdev", TAG+="uaccess" +ATTRS{idVendor}=="0x15ba", ATTRS{idProduct}=="0x0004", MODE="660", GROUP="plugdev", TAG+="uaccess" +ATTRS{idVendor}=="0x15ba", ATTRS{idProduct}=="0x002a", MODE="660", GROUP="plugdev", TAG+="uaccess" +ATTRS{idVendor}=="0x15ba", ATTRS{idProduct}=="0x002b", MODE="660", GROUP="plugdev", TAG+="uaccess" + +# Espressif USB JTAG/serial debug unit +ATTRS{idVendor}=="303a", ATTRS{idProduct}=="1001", MODE="660", GROUP="plugdev", TAG+="uaccess" +# Espressif USB Bridge +ATTRS{idVendor}=="303a", ATTRS{idProduct}=="1002", MODE="660", GROUP="plugdev", TAG+="uaccess" + +# CMSIS-DAP compatible adapters +ATTRS{product}=="*CMSIS-DAP*", MODE="660", GROUP="plugdev", TAG+="uaccess" +# WCH Link (CMSIS-DAP compatible adapter) +ATTRS{idVendor}=="1a86", ATTRS{idProduct}=="8011", MODE="660", GROUP="plugdev", TAG+="uaccess" + +LABEL="probe_rs_rules_end" diff --git a/nixos/hosts/thalassa/aoife/README.md b/hosts/thalassa/aoife/README.md similarity index 100% rename from nixos/hosts/thalassa/aoife/README.md rename to hosts/thalassa/aoife/README.md diff --git a/nixos/hosts/thalassa/aoife/configuration.nix b/hosts/thalassa/aoife/default.nix similarity index 51% rename from nixos/hosts/thalassa/aoife/configuration.nix rename to hosts/thalassa/aoife/default.nix index ddeb1fe8..e75cf9c4 100644 --- a/nixos/hosts/thalassa/aoife/configuration.nix +++ b/hosts/thalassa/aoife/default.nix @@ -2,19 +2,34 @@ # your system. Help is available in the configuration.nix(5) man page # and in the NixOS manual (accessible by running ‘nixos-help’). -{ inputs, lib, ... }: { +{ + inputs, + lib, + pkgs, + ... +}: +{ imports = [ ./hardware-configuration.nix inputs.nixos-hardware.nixosModules.lenovo-thinkpad-z ./hardware.nix + ./uni.nix ]; + meta = { + mac = "04:7b:cb:b6:2d:88"; + isLaptop = true; + }; + + users.users.vivian.extraGroups = [ "adbusers" ]; + # Bootloader. boot = { + bootspec.enable = true; initrd.kernelModules = [ "amdgpu" ]; resumeDevice = "/dev/nvme0n1p2"; - loader.systemd-boot.enable = lib.mkForce false; + loader.systemd-boot.enable = lib.mkForce false; # Using lanzaboote instead kernel.sysctl = { "perf_event_paranoid" = 1; @@ -28,12 +43,51 @@ }; home-manager.users.vivian = import ./home; + programs = { + nix-ld.enable = true; + nix-ld.libraries = with pkgs; [ + # Add any missing dynamic libraries for unpackaged programs + + # here, NOT in environment.systemPackages + ]; + + hyprland = { + enable = true; + withUWSM = true; + }; + hyprlock.enable = true; + evolution.enable = false; + }; + + services = { + hypridle.enable = true; + displayManager.gdm.enable = true; + + flatpak.enable = true; + + gnome.gnome-keyring.enable = true; + + ollama = { + enable = false; + acceleration = "rocm"; + rocmOverrideGfx = "10.3.4"; + }; + + interception-tools = { + enable = true; + plugins = [ pkgs.interception-tools-plugins.caps2esc ]; + udevmonConfig = '' + - JOB: "${pkgs.interception-tools}/bin/intercept -g $DEVNODE | ${pkgs.interception-tools-plugins.caps2esc}/bin/caps2esc | ${pkgs.interception-tools}/bin/uinput -d $DEVNODE" + DEVICE: + EVENTS: + EV_KEY: [KEY_CAPSLOCK, KEY_ESC] + ''; + }; + }; # Enable Ozone rendering for Chromium and Electron apps. environment.sessionVariables.NIXOS_OZONE_WL = "1"; - # environment.sessionVariables.INFRA_INFO = self; # hosts.${config.networking.domain}.${config.networking.hostName}; - # This value determines the NixOS release from which the default # settings for stateful data, like file locations and database versions # on your system were taken. It‘s perfectly fine and recommended to leave diff --git a/nixos/hosts/thalassa/aoife/hardware-configuration.nix b/hosts/thalassa/aoife/hardware-configuration.nix similarity index 100% rename from nixos/hosts/thalassa/aoife/hardware-configuration.nix rename to hosts/thalassa/aoife/hardware-configuration.nix diff --git a/hosts/thalassa/aoife/hardware.nix b/hosts/thalassa/aoife/hardware.nix new file mode 100644 index 00000000..52ac5c15 --- /dev/null +++ b/hosts/thalassa/aoife/hardware.nix @@ -0,0 +1,83 @@ +{ pkgs, ... }: +{ + environment.systemPackages = with pkgs; [ + pciutils + usbutils + lshw + ]; + + boot = { + kernelParams = [ + "amdgpu.dcdebugmask=0x10" # Disables partial screen refresh, fixes flicker + "kvm.enable_virt_at_load=0" + ]; + }; + + hardware = { + enableAllFirmware = true; + bluetooth.enable = true; + + # OpenGL + Vulkan + graphics = { + enable = true; + extraPackages = with pkgs; [ + mesa + ]; + }; + + amdgpu = { + initrd.enable = true; + opencl.enable = true; + # Temp disabled as it breaks GTK + # amdvlk.enable = true; + }; + }; + services = { + fwupd.enable = true; + + hardware.bolt.enable = true; + + fprintd = { + enable = true; + # fprintd test suite fails + package = pkgs.fprintd.overrideAttrs { + mesonCheckFlags = [ + "--no-suite" + "fprintd:TestPamFprintd" + ]; + }; + }; + + # Video Driver + xserver = { + # videoDrivers = [ "displaylink" ]; + dpi = 280; + }; + + # SSD Trim + fstrim.enable = true; + + # Power Management + upower.enable = true; + thermald.enable = true; + }; + + # hardware.trackpoint.enable = true; + + # FS + fileSystems."/".options = [ "compress=zstd" ]; + + powerManagement = { + enable = true; + powertop.enable = true; + }; + + security = { + tpm2 = { + enable = true; + pkcs11.enable = true; # expose /run/current-system/sw/lib/libtpm2_pkcs11.so + tctiEnvironment.enable = true; + }; + }; # TPM2TOOLS_TCTI and TPM2_PKCS11_TCTI env variables + users.users.vivian.extraGroups = [ "tss" ]; # tss group has access to TPM devices +} diff --git a/nixos/hosts/thalassa/aoife/home/.gitignore b/hosts/thalassa/aoife/home/.gitignore similarity index 100% rename from nixos/hosts/thalassa/aoife/home/.gitignore rename to hosts/thalassa/aoife/home/.gitignore diff --git a/hosts/thalassa/aoife/home/default.nix b/hosts/thalassa/aoife/home/default.nix new file mode 100644 index 00000000..f9a02f4b --- /dev/null +++ b/hosts/thalassa/aoife/home/default.nix @@ -0,0 +1,46 @@ +{ pkgs, ... }: { + imports = [ + ./starship.nix + ./hyprland.nix + ]; + + + # Custom dconf settings + dconf.settings."org/gnome/desktop/input-sources" = { + # xkb-options = [ "caps:swapescape" ]; + }; + + programs.zsh.envExtra = '' + source ~/.zshrc.secrets + ''; + + home.packages = with pkgs; [ + eduvpn-client + localsend + typst + ]; + + + programs.ssh.enable = true; + programs.ssh.matchBlocks = { + "student-linux.tudelft.nl" = { + user = "vroest"; + }; + "login.delftblue.tudelft.nl" = { + user = "vroest"; + }; + "cese01" = { + hostname = "cese01.ewi.tudelft.nl"; + user = "vroest"; + proxyJump = "student-linux.tudelft.nl"; + }; + "cese" = { + user = "root"; + hostname = "10.0.3.121"; + proxyJump = "cese01"; + }; + "bastion.olympus" = { }; + "bastion.hades" = { }; + }; + +} diff --git a/nixos/hosts/thalassa/null/home/eww/eww.scss b/hosts/thalassa/aoife/home/eww/eww.scss similarity index 100% rename from nixos/hosts/thalassa/null/home/eww/eww.scss rename to hosts/thalassa/aoife/home/eww/eww.scss diff --git a/nixos/hosts/thalassa/null/home/eww/eww.yuck b/hosts/thalassa/aoife/home/eww/eww.yuck similarity index 100% rename from nixos/hosts/thalassa/null/home/eww/eww.yuck rename to hosts/thalassa/aoife/home/eww/eww.yuck diff --git a/nixos/hosts/thalassa/null/home/eww/scripts/do-not-disturb.sh b/hosts/thalassa/aoife/home/eww/scripts/do-not-disturb.sh similarity index 100% rename from nixos/hosts/thalassa/null/home/eww/scripts/do-not-disturb.sh rename to hosts/thalassa/aoife/home/eww/scripts/do-not-disturb.sh diff --git a/hosts/thalassa/aoife/home/eww/scripts/getvol b/hosts/thalassa/aoife/home/eww/scripts/getvol new file mode 100755 index 00000000..4e4275d8 --- /dev/null +++ b/hosts/thalassa/aoife/home/eww/scripts/getvol @@ -0,0 +1,12 @@ +#!/bin/sh + +if command -v pamixer &>/dev/null; then + if [ true == $(pamixer --get-mute) ]; then + echo 0 + exit + else + pamixer --get-volume + fi +else + amixer -D pulse sget Master | awk -F '[^0-9]+' '/Left:/{print $3}' +fi diff --git a/nixos/hosts/thalassa/null/home/eww/scripts/volume.sh b/hosts/thalassa/aoife/home/eww/scripts/volume.sh similarity index 68% rename from nixos/hosts/thalassa/null/home/eww/scripts/volume.sh rename to hosts/thalassa/aoife/home/eww/scripts/volume.sh index f2746614..57797371 100755 --- a/nixos/hosts/thalassa/null/home/eww/scripts/volume.sh +++ b/hosts/thalassa/aoife/home/eww/scripts/volume.sh @@ -1,6 +1,6 @@ #!/bin/sh -per="$(pamixer --get-volume)" +per="???" if pamixer --get-mute | rg -q true; then icon="婢" @@ -12,4 +12,4 @@ else icon="奄" #low fi -printf "{\"icon\": \"${icon}\", \"percent\": \"${per}\"}" +printf "{\"icon\": \"${icon}\", \"percent\": \"${per}\"}" diff --git a/nixos/hosts/thalassa/null/home/eww/scripts/wifi.sh b/hosts/thalassa/aoife/home/eww/scripts/wifi.sh similarity index 100% rename from nixos/hosts/thalassa/null/home/eww/scripts/wifi.sh rename to hosts/thalassa/aoife/home/eww/scripts/wifi.sh diff --git a/nixos/hosts/thalassa/null/home/eww/scripts/workspaces.lua b/hosts/thalassa/aoife/home/eww/scripts/workspaces.lua similarity index 100% rename from nixos/hosts/thalassa/null/home/eww/scripts/workspaces.lua rename to hosts/thalassa/aoife/home/eww/scripts/workspaces.lua diff --git a/nixos/hosts/thalassa/null/home/eww/scripts/workspaces.sh b/hosts/thalassa/aoife/home/eww/scripts/workspaces.sh similarity index 100% rename from nixos/hosts/thalassa/null/home/eww/scripts/workspaces.sh rename to hosts/thalassa/aoife/home/eww/scripts/workspaces.sh diff --git a/hosts/thalassa/aoife/home/hyprland.nix b/hosts/thalassa/aoife/home/hyprland.nix new file mode 100644 index 00000000..c0387012 --- /dev/null +++ b/hosts/thalassa/aoife/home/hyprland.nix @@ -0,0 +1,333 @@ +{ + pkgs, + config, + inputs, + lib, + ... +}: +let + terminal = "${config.programs.kitty.package}/bin/kitty -1"; +in +{ + imports = [ + ./waybar.nix + ]; + + home.packages = with pkgs; [ + hyprland-workspaces + inputs.gnome-autounlock-keyring.packages.${pkgs.system}.default + inputs.hyprland-qtutils.packages.${pkgs.system}.default + ]; + + programs = { + rofi = { + enable = true; + package = pkgs.rofi-wayland; + theme = { + listview.columns = 1; + }; + }; + + hyprlock = { + enable = true; + settings = + let + color = "rgba(242, 243, 244, 0.75)"; + in + { + auth.fingerprint.enabled = true; + + background = { + path = "screenshot"; + blur_passes = 3; + }; + }; + }; + + # eww = { + # enable = true; + # configDir = ./eww; + # }; + }; + + services = { + gnome-keyring.enable = true; + + mako = { + enable = true; + settings.defaultTimeout = 5000; + }; + + hypridle = { + enable = true; + + settings = { + general = { + lock_cmd = "pidof hyprlock || hyprlock"; + before_sleep_cmd = "loginctl lock-session"; + after_sleep_cmd = "hyprctl dispatch dpms on"; + }; + + listener = [ + { + timeout = 300; # 5 mins + on-timeout = "${pkgs.brightnessctl}/bin/brightnessctl -s set 10"; + on-resume = "${pkgs.brightnessctl}/bin/brightnessctl -r"; + } + { + timeout = 300; # 5 mins + on-timeout = "${pkgs.brightnessctl}/bin/brightnessctl -sd tpacpi:kbd_backlight set 0"; + on-resume = "${pkgs.brightnessctl}/bin/brightnessctl -rd tpacpi::kbd_backlight"; + } + { + timeout = 600; # 10 mins + on-timeout = "loginctl lock-session"; + } + { + timeout = 1200; # 20 mins, screen off + on-timeout = "hyprctl dispatch dpms off"; + on-resume = "hyprctl dispatch dpms on"; + } + { + timeout = 2400; # 40 mins + on-timeout = "systemctl suspend"; + } + ]; + }; + }; + + hyprpaper = + let + wallpaper = ../../../../assets/wallpaper-nix-pink.png; + in + { + enable = true; + settings = { + preload = [ "${wallpaper}" ]; + wallpaper = [ "eDP-1,${wallpaper}" ]; + + splash = false; + ipc = "off"; + }; + }; + + }; + + # Hack to ensure graphical dependent services start _after_ hyprland starts + # Needed as these services normally start after graphical-session-pre + systemd.user.services.hyprpaper.Unit.After = lib.mkForce "graphical-session.target"; + systemd.user.services.waybar.Unit.After = lib.mkForce "graphical-session.target"; + systemd.user.services.hypridle.Unit.After = lib.mkForce "graphical-session.target"; + + wayland.windowManager.hyprland = + let + toggle_mirror = pkgs.writeScriptBin "toggle_mirror.sh" '' + #!${pkgs.stdenv.shell} + if [ $(hyprctl monitors all -j | ${pkgs.jq}/bin/jq '.[1].activeWorkspace.id') = '-1' ]; then + hyprctl keyword monitor ",preferred,auto,1" + else + hyprctl keyword monitor ",preferred,auto,1,mirror,eDP-1" + fi + ''; + # Autostart now handled by xdg.autoStart + startup = pkgs.writeScriptBin "startup.sh" '' + #!${pkgs.stdenv.shell} + # uwsm app -- ${pkgs.wl-clip-persist}/bin/wl-clip-persist -c both & + ''; + in + { + enable = true; + systemd.enable = false; # using UWSM + + plugins = with pkgs.hyprlandPlugins; [ + hyprexpo + ]; + + settings = + let + inherit (builtins) genList concatLists toString; + wpctl = "${pkgs.wireplumber}/bin/wpctl"; + brightnessctl = "${pkgs.brightnessctl}/bin/brightnessctl"; + menu = "${config.programs.rofi.package}/bin/rofi -columns 1 -show combi -modes combi -combi-modes \"window,drun,run\""; + fileManager = "${pkgs.nautilus}/bin/nautilus"; + in + { + "$mod" = "SUPER"; + exec-once = [ + "${startup}/bin/startup.sh" + ]; + monitor = [ + "eDP-1, 3840x2400@60,0x0,2" + ",highres,auto,1" + ]; + input = { + touchpad.natural_scroll = true; + }; + general = { + gaps_in = 5; + gaps_out = 10; + border_size = 2; + "col.active_border" = "rgba(babbf1ee) rgba(f4b8e4ee) 45deg"; + "col.inactive_border" = "rgba(303446aa)"; + layout = "dwindle"; + # Please see https://wiki.hyprland.org/Configuring/Tearing/ before you turn this on + allow_tearing = true; + }; + group = { + "col.border_active" = "rgba(babbf1ee) rgba(f4b8e4ee) 45deg"; + "col.border_inactive" = "rgba(232634aa)"; + + groupbar = { + font_size = 10; + height = 18; + "col.active" = "rgba(babbf1aa)"; + "col.inactive" = "rgba(414559aa)"; + text_color = "rgba(ffffffee)"; + }; + }; + + plugin.hyprexpo = { + workspace_method = "first 1"; + enable_gesture = true; + gesture_positive = false; + gesture_fingers = 3; + }; + + decoration = { + rounding = 10; + + blur = { + enabled = true; + size = 3; + passes = 1; + }; + + shadow = { + enabled = true; + color = "rgba(1a1a1aee)"; + range = 4; + render_power = 3; + }; + }; + animations = { + enabled = "yes"; + + bezier = "myBezier, 0.05, 0.9, 0.1, 1.05"; + + animation = [ + "windows, 1, 7, myBezier" + "windowsOut, 1, 7, default, popin 80%" + "border, 1, 10, default" + "borderangle, 1, 8, default" + "fade, 1, 4, default" + "workspaces, 1, 4, default" + ]; + }; + dwindle = { + preserve_split = "yes"; + pseudotile = "yes"; + }; + + gestures.workspace_swipe = true; + + misc = { + force_default_wallpaper = 2; + disable_splash_rendering = true; + disable_hyprland_logo = true; + disable_autoreload = true; + }; + + windowrulev2 = [ + "suppressevent maximize, class:.*" + + "workspace 1 silent, class:^(Element)$" + "workspace 1 silent, class:^(discord)$" + "group, class:^(Element|discord)$,workspace:1" + + "workspace 2 silent, class:^(firefox)$" + "float,class:^(firefox)$,title:^(Picture-in-Picture)$" + + "workspace special:obsidian silent, class:^(obsidian)$" + ]; + + # l -> works when screen is locked + # e -> repeats when held + bindel = [ + ",XF86AudioRaiseVolume,exec,${wpctl} set-volume @DEFAULT_AUDIO_SINK@ 5%+" + ",XF86AudioLowerVolume,exec,${wpctl} set-volume @DEFAULT_AUDIO_SINK@ 5%-" + ",XF86MonBrightnessUp,exec,${brightnessctl} -q s +5%" + ",XF86MonBrightnessDown,exec,${brightnessctl} -q s 5%-" + ]; + + bindl = [ ",XF86AudioMute, exec,${wpctl} set-mute @DEFAULT_AUDIO_SINK@ toggle" ]; + + bind = + [ + "$mod, RETURN, exec, uwsm app -- ${terminal}" + "$mod, Q, killactive," + "$mod SHIFT, Q, exec, uwsm stop," + "$mod, E, exec, uwsm app -- ${fileManager}" + "$mod, V, togglefloating," + "$mod, D, exec, uwsm app -- ${menu}" + "$mod, P, pseudo, # dwindle" + "$mod, J, togglesplit, # dwindle" + "$mod,m,fullscreen" + + "$mod, L, exec, loginctl lock-session" + + "$mod, space, hyprexpo:expo, toggle" + + # Move focus with arrow keys + "$mod, left, movefocus, l" + "$mod, right, movefocus, r" + "$mod, up, movefocus, u" + "$mod, down, movefocus, d" + + # Scratch workspace + "$mod, S, togglespecialworkspace, scratch" + "$mod SHIFT, S, movetoworkspace, special:scratch" + + # Obsidian Workspace + "$mod, O, togglespecialworkspace, obsidian" + "$mod SHIFT, O, movetoworkspace, special:obsidian" + + # Groups aka Tabs + "$mod,g,togglegroup" + "$mod,tab,changegroupactive" + + # PrintScreen + ",Print,exec,uwsm app -- ${pkgs.grimblast}/bin/grimblast copysave area /home/vivian/cloud/Pictures/Screenshots/$(date +%s).png" + # Toggle Mirror for external displays on/off + ",XF86Display,exec,${toggle_mirror}/bin/toggle_mirror.sh" + ] + ++ ( + # workspaces + # binds $mod + [shift +] {1..10} to [move to] workspace {1..10} + concatLists ( + genList ( + x: + let + ws = + let + c = (x + 1) / 10; + in + toString (x + 1 - (c * 10)); + in + [ + "$mod, ${ws}, workspace, ${toString (x + 1)}" + "$mod SHIFT, ${ws}, movetoworkspacesilent, ${toString (x + 1)}" + ] + ) 10 + ) + + ); + + # Bind mouse + bindm = [ + # Move/resize windows with mod + LMB/RMB and dragging + "$mod, mouse:272, movewindow" + "$mod, mouse:273, resizewindow" + ]; + }; + }; +} diff --git a/hosts/thalassa/aoife/home/starship.nix b/hosts/thalassa/aoife/home/starship.nix new file mode 100644 index 00000000..b91be705 --- /dev/null +++ b/hosts/thalassa/aoife/home/starship.nix @@ -0,0 +1,17 @@ +{ pkgs, config, ...}: +let + starshipNerdFont = pkgs.runCommand "starship-nerd-font.toml" { STARSHIP_CACHE = "/tmp"; } '' + ${config.programs.starship.package}/bin/starship preset nerd-font-symbols > $out + ''; +in{ + programs.starship = { + enable = false; + enableZshIntegration = true; + enableFishIntegration = true; + enableNushellIntegration = true; + + settings = { + nix_shell.heuristic = true; + } // builtins.fromTOML (builtins.readFile starshipNerdFont); + }; +} diff --git a/hosts/thalassa/aoife/home/waybar.css b/hosts/thalassa/aoife/home/waybar.css new file mode 100644 index 00000000..b60c70ae --- /dev/null +++ b/hosts/thalassa/aoife/home/waybar.css @@ -0,0 +1,125 @@ +/* Catppucin Frappe */ +@define-color base #303446; +@define-color mantle #292c3c; +@define-color crust #232634; + +@define-color text #c6d0f5; +@define-color subtext0 #a5adce; +@define-color subtext1 #b5bfe2; + +@define-color surface0 #414559; +@define-color surface1 #51576d; +@define-color surface2 #626880; + +@define-color overlay0 #737994; +@define-color overlay1 #838ba7; +@define-color overlay2 #949cbb; + +@define-color blue #8caaee; +@define-color lavender #babbf1; +@define-color sapphire #85c1dc; +@define-color sky #99d1db; +@define-color teal #81c8be; +@define-color green #a6d189; +@define-color yellow #e5c890; +@define-color peach #ef9f76; +@define-color maroon #ea999c; +@define-color red #e78284; +@define-color mauve #ca9ee6; +@define-color pink #f4b8e4; +@define-color flamingo #eebebe; +@define-color rosewater #f2d5cf; + + +window { + border: none; + font-family: DejaVuSansM Nerd Font, sans-serif; + font-size: 13px; + color: @text; +} + +window#waybar { + color: @text; + background-color: rgba(0, 0, 0, 0); + transition-property: background-color; + transition-duration: 0.5s; + transition-duration: .5s; +} + +window#waybar.hidden { + opacity: 0.2; +} + +#workspaces { + /* background: @overlay0; */ +} + +#workspaces button { + color: @text; + /* background: @background3; */ + /* margin: 7px 5px 10px 5px; */ +} + +#workspaces button:hover { + background: @surface0; + color: @text; +} + +#workspaces button.active { + color: @crust; + background: @overlay2; + border: none; +} + +#clock, +#battery, +#network, +#power-profiles-daemon, +#wireplumber { + padding: 0px 20px; + border-radius: 8px; + margin-left: 5px; + color: @crust; +} + +#wireplumber { + padding: 0px 20px 0px 17px; + background-color: @teal; +} + +#network { + padding: 0px 15px 0px 20px; + background-color: @green; +} + +#battery { + background-color: @lavender; +} + +#clock { + background-color: @pink; +} + +#power-profiles-daemon { + background-color: @mauve; +} + +@keyframes blink { + to { + background-color: rgba(30, 34, 42, 0.5); + color: #abb2bf; + } +} + +#battery.critical:not(.charging) { + color: #f53c3c; + animation-name: blink; + animation-duration: 0.5s; + animation-timing-function: linear; + animation-iteration-count: infinite; + animation-direction: alternate; +} + +label:focus { + background-color: #000000; +} diff --git a/hosts/thalassa/aoife/home/waybar.nix b/hosts/thalassa/aoife/home/waybar.nix new file mode 100644 index 00000000..ac48a495 --- /dev/null +++ b/hosts/thalassa/aoife/home/waybar.nix @@ -0,0 +1,82 @@ +{ pkgs, config, ... }: +let + terminal = "${config.programs.kitty.package}/bin/kitty -1"; +in +{ + programs.waybar = { + enable = true; + systemd.enable = true; + style = ./waybar.css; + + settings = { + mainBar = { + layer = "top"; + position = "top"; + height = 30; + modules-left = [ "hyprland/workspaces" ]; + modules-center = [ "clock" ]; + modules-right = [ + "wireplumber" + "power-profiles-daemon" + "network" + "battery" + ]; + + wireplumber = { + format = "󰕾 {volume}%"; + format-muted = "󰖁"; + on-click = "${pkgs.wireplumber}/bin/wpctl set-mute @DEFAULT_SINK@ toggle"; + }; + + network = + let + nmtui = pkgs.writeScriptBin "nmtui.sh" '' + #!${pkgs.stdenv.shell} + unset COLORTERM + TERM=xterm-old ${pkgs.networkmanager}/bin/nmtui + ''; + in + { + format-wifi = "󰖩 {essid} ({signalStrength}%)"; + format-ethernet = "󰈀 {ifname}: {ipaddr}/{cidr}"; + format-disconnected = "󰌙 "; + tooltip-format = "{ifname}: {ipaddr}"; + on-click = "${terminal} --execute ${nmtui}/bin/nmtui.sh"; + }; + + power-profiles-daemon = { + format = "{icon}"; + format-icons = { + performance = "󰓅"; + balanced = "󰾅"; + power-saver = "󰾆"; + }; + }; + + battery = { + states = { + warning = 30; + critical = 15; + }; + + format = "󱐋 {capacity}%"; + format-discharging = "{icon} {capacity}%"; + + format-icons = [ + "󰂎" + "󰁺" + "󰁻" + "󰁼" + "󰁽" + "󰁾" + "󰁿" + "󰂀" + "󰂁" + "󰂂" + "󰁹" + ]; + }; + }; + }; + }; +} diff --git a/hosts/thalassa/aoife/uni.nix b/hosts/thalassa/aoife/uni.nix new file mode 100644 index 00000000..1c3b052e --- /dev/null +++ b/hosts/thalassa/aoife/uni.nix @@ -0,0 +1,39 @@ +# Config options needed for various university courses +{ + lib, + pkgs, + config, + ... +}: +{ + environment.systemPackages = with pkgs; [ + esp-generate + espflash + (lib.mkIf config.hardware.saleae-logic.enable config.hardware.saleae-logic.package) + ]; + + users.extraGroups.plugdev = { }; + users.extraUsers.vivian.extraGroups = [ + "dialout" + "plugdev" + ]; + + hardware.saleae-logic.enable = true; + + programs.nix-ld = { + enable = true; + package = pkgs.nix-ld-rs; + libraries = [ + + ]; + }; + + services.udev.packages = [ + pkgs.openocd # This should(?) be the same as the probe-rs rules below, but just to be sure + (pkgs.writeTextFile { + name = "probe-rs-udev"; + destination = "/etc/udev/rules.d/69-probe-rs.rules"; + text = builtins.readFile ./69-probe-rs.rules; + }) + ]; +} diff --git a/nixos/common/desktop/home.nix b/nixos/common/desktop/home.nix deleted file mode 100644 index 7032f2d1..00000000 --- a/nixos/common/desktop/home.nix +++ /dev/null @@ -1,96 +0,0 @@ -{ pkgs, inputs, config, ... }: -let - tex = pkgs.texlive.combine { - inherit (pkgs.texlive) scheme-full; - dnd-5e-latex-template = { pkgs = [ pkgs.v.dnd-5e-latex-template ]; }; - }; - my-python-packages = ps: with ps; [ pandas requests numpy ]; -in { - home.packages = with pkgs; [ - (python3.withPackages my-python-packages) - btop - calibre - celluloid - cinny-desktop - element-desktop - fusee-launcher - fractal-next - foliate - gcc - gimp - helix - inputs.attic.packages.${pkgs.system}.attic - inputs.comma.packages.${pkgs.system}.default - inputs.webcord.packages.${pkgs.system}.default - jetbrains.clion - jetbrains.rust-rover - kdenlive - libreoffice-fresh - mattermost-desktop - mullvad-vpn - neofetch - nixfmt - nixpkgs-review - plex-media-player - plexamp - spotify - qmk - solo2-cli - tex - unzip - yt-dlp - ]; - - # Enable my own hm modules - themes.v.catppuccin.enable = true; - programs = { - v = { - vscode.enable = true; - nvim.enable = true; - rust.enable = true; - }; - - riff = { - enable = true; - direnv = true; - }; - - firefox.enable = true; - - chromium = { - enable = true; - package = pkgs.ungoogled-chromium; - }; - - direnv = { - enable = true; - nix-direnv.enable = true; - }; - - zsh = { - enable = true; - sessionVariables = { DIRENV_LOG_FORMAT = ""; }; - }; - - thunderbird = { - enable = true; - profiles.default = { isDefault = true; }; - }; - }; - - # Syncthing - services.syncthing.enable = true; - xdg.userDirs = let home = config.home.homeDirectory; - in { - enable = true; - createDirectories = true; - desktop = "${home}/.desktop"; - documents = "${home}/cloud/Documents"; - download = "${home}/dl"; - music = "${home}/cloud/Music"; - pictures = "${home}/cloud/Pictures"; - publicShare = "${home}/.publicShare"; - templates = "${home}/.templates"; - videos = "${home}/cloud/Videos"; - }; -} diff --git a/nixos/common/generic-lxc.nix b/nixos/common/generic-lxc.nix deleted file mode 100644 index 98749442..00000000 --- a/nixos/common/generic-lxc.nix +++ /dev/null @@ -1,13 +0,0 @@ -_: { - # See also: https://blog.xirion.net/posts/nixos-proxmox-lxc/ - - # Supress systemd services that don't work (correctly) on LXC - systemd.suppressedSystemUnits = [ - "dev-mqueue.mount" - "sys-kernel-debug.mount" - "sys-fs-fuse-connections.mount" - ]; - - # https://github.com/NixOS/nixpkgs/issues/157449#issuecomment-1459299764 - boot.specialFileSystems."/run".options = [ "rshared" ]; -} diff --git a/nixos/common/hm-modules/catppuccin.nix b/nixos/common/hm-modules/catppuccin.nix deleted file mode 100644 index 68c7191e..00000000 --- a/nixos/common/hm-modules/catppuccin.nix +++ /dev/null @@ -1,40 +0,0 @@ -{ config, pkgs, lib, ... }: -with lib; -let cfg = config.themes.v.catppuccin; -in { - options.themes.v.catppuccin = { enable = mkEnableOption "catppuccin"; }; - config = - let - theme = "Catppuccin-Pink-Dark"; - cursorTheme = config.home.pointerCursor.name; - in - mkIf cfg.enable { - home.pointerCursor = { - name = "Bibata_Ghost"; - size = 24; - package = pkgs.bibata-cursors-translucent; - }; - - gtk = { - enable = true; - theme = { - name = theme; - package = pkgs.catppuccin-gtk; - }; - iconTheme = { - name = "Papirus-Dark"; - package = pkgs.papirus-icon-theme.override { color = "violet"; }; - }; - cursorTheme = { - name = cursorTheme; - inherit (config.home.pointerCursor) package size; - }; - }; - - programs.vscode = { - userSettings."workbench.colorTheme" = "Catppuccin Frappé"; - extensions = [ pkgs.vscode-extensions.catppuccin.catppuccin-vsc ]; - }; - }; -} - diff --git a/nixos/common/hm-modules/default.nix b/nixos/common/hm-modules/default.nix deleted file mode 100644 index 2dbbe8f1..00000000 --- a/nixos/common/hm-modules/default.nix +++ /dev/null @@ -1,3 +0,0 @@ -{ ... }: { - imports = [ ./catppuccin.nix ./nvim.nix ./riff.nix ./vscode.nix ./git.nix ./rust.nix ]; -} diff --git a/nixos/common/hm-modules/nvim.nix b/nixos/common/hm-modules/nvim.nix deleted file mode 100644 index 71723246..00000000 --- a/nixos/common/hm-modules/nvim.nix +++ /dev/null @@ -1,190 +0,0 @@ -{ config, pkgs, lib, ... }: -let cfg = config.programs.v.nvim; -in with lib; { - options.programs.v.nvim = { enable = mkEnableOption "nvim"; }; - config = mkIf cfg.enable { - programs.nixvim = { - enable = true; - package = pkgs.neovim-unwrapped; - vimAlias = true; - luaLoader.enable = true; - - globals.mapleader = " "; - - options.number = true; - - clipboard = { providers.wl-copy.enable = true; }; - - keymaps = [ - { - mode = "n"; - key = "ff"; - action = "require('telescope.builtin').find_files"; - lua = true; - } - { - mode = "n"; - key = "fg"; - action = "require('telescope.builtin').live_grep"; - lua = true; - } - { - mode = "n"; - key = ""; - action = "require('Comment.api').toggle.linewise.current"; - lua = true; - } - { - mode = "x"; - key = ""; - action = '' - function() - local esc = vim.api.nvim_replace_termcodes( - '', true, false, true - ) - vim.api.nvim_feedkeys(esc, 'nx', false) - require('Comment.api').toggle.linewise(vim.fn.visualmode()) - end - ''; - lua = true; - } - { - mode = "n"; - key = "g="; - action = "vim.lsp.buf.format"; - lua = true; - } - { - mode = "n"; - key = "t"; - action = ":FloatermToggle myfloat"; - } - { - mode = "t"; - key = ""; - action = "function() vim.cmd(':FloatermToggle myfloat') end"; - lua = true; - } - ]; - - extraPlugins = with pkgs.vimPlugins; [ - FixCursorHold-nvim - luasnip - plenary-nvim - neotest - neotest-plenary - neotest-rust - ]; - - colorschemes.catppuccin = { - enable = true; - flavour = "frappe"; - }; - - extraConfigLua = '' - require("neotest").setup({ - adapters = { - require("neotest-plenary"), - require("neotest-rust") { - args = { "--no-capture" }, - } - }, - }) - ''; - - plugins = { - bufferline.enable = true; - none-ls = { - enable = true; - sources = { - formatting.nixpkgs_fmt.enable = true; - code_actions.shellcheck.enable = true; - code_actions.statix.enable = true; - diagnostics = { - statix.enable = true; - deadnix.enable = true; - shellcheck.enable = true; - }; - }; - }; - nix.enable = true; - treesitter = { - enable = true; - nixGrammars = true; - disabledLanguages = [ "latex" ]; - }; - surround.enable = true; - fugitive.enable = true; - gitgutter.enable = true; - lualine = { - enable = true; - theme = "catppuccin"; - }; - telescope = { - enable = true; - extensions.fzf-native.enable = true; - extensions.fzf-native.fuzzy = true; - }; - comment-nvim = { enable = true; }; - lsp = { - enable = true; - servers = { - nil_ls.enable = true; - rust-analyzer = { - installCargo = false; - installRustc = false; - }; - pyright.enable = true; - elixirls.enable = true; - clangd.enable = true; - yamlls.enable = true; - }; - }; - trouble.enable = true; - lspkind.enable = true; - - vimtex.enable = true; - - floaterm.enable = true; - - nvim-cmp = { - enable = true; - autoEnableSources = true; - sources = [ - { name = "nvim_lsp"; } - { - name = "luasnip"; - option = { show_autosnippets = true; }; - } - { name = "cmp-spell"; } - { name = "cmp-rg"; } - { name = "path"; } - { name = "buffer"; } - ]; - snippet.expand = "luasnip"; - mappingPresets = [ "insert" "cmdline" ]; - mapping = { - "" = "cmp.mapping.confirm({ select = true })"; - "" = { - modes = [ "i" "s" ]; - action = '' - function(fallback) - local luasnip = require('luasnip') - if cmp.visible() then - cmp.select_next_item() - elseif luasnip.expandable() then - luasnip.expand() - elseif luasnip.expand_or_jumpable() then - luasnip.expand_or_jump() - else - fallback() - end - end - ''; - }; - }; - }; - }; - }; - }; -} diff --git a/nixos/common/hm-modules/riff.nix b/nixos/common/hm-modules/riff.nix deleted file mode 100644 index 509a782d..00000000 --- a/nixos/common/hm-modules/riff.nix +++ /dev/null @@ -1,28 +0,0 @@ -{ config, pkgs, lib, inputs, ... }: -with lib; -let cfg = config.programs.riff; -in { - options.programs.riff = { - enable = mkEnableOption "riff"; - direnv = mkOption { - type = types.bool; - default = false; - description = '' - Whether to enable direnv support - ''; - }; - }; - config = mkIf cfg.enable { - home.packages = [ inputs.riff.packages.${pkgs.system}.riff ]; - - xdg.configFile."direnv/lib/riff.sh" = mkIf cfg.direnv { - executable = true; - text = '' - use_riff() { - watch_file Cargo.toml watch_file Cargo.lock - eval "$(riff --offline print-dev-env)" - } - ''; - }; - }; -} diff --git a/nixos/common/hm-modules/rust.nix b/nixos/common/hm-modules/rust.nix deleted file mode 100644 index f489bd31..00000000 --- a/nixos/common/hm-modules/rust.nix +++ /dev/null @@ -1,26 +0,0 @@ -{ pkgs, lib, config, ... }: -with lib; -let cfg = config.programs.v.rust; -in { - options.programs.v.rust = { enable = mkEnableOption "rust"; }; - config = mkIf cfg.enable { - home = { - packages = with pkgs; [ rustup cargo-nextest cargo-msrv cargo-dist cargo-cross]; - - file = { - ".cargo/config.toml".text = '' - [registries.crates-io] - protocol = "sparse" - - [build] - rustc-wrapper = "${pkgs.sccache}/bin/sccache" - - [profile.rust-analyzer] - inherits = "dev" - ''; - }; - - sessionPath = [ "$HOME/.cargo/bin" ]; - }; - }; -} diff --git a/nixos/common/hm-modules/vscode.nix b/nixos/common/hm-modules/vscode.nix deleted file mode 100644 index 1cc5dd91..00000000 --- a/nixos/common/hm-modules/vscode.nix +++ /dev/null @@ -1,79 +0,0 @@ -{ config, pkgs, lib, ... }: -with lib; -let cfg = config.programs.v.vscode; -in { - options.programs.v.vscode = { enable = mkEnableOption "vscode"; }; - config = mkIf cfg.enable { - programs.vscode = { - enable = true; - package = pkgs.vscode; - userSettings = { - "ltex.language" = "en-GB"; - "latex-workshop.linting.chktex.enabled" = true; - "latex-workshop.latex.clean.subfolder.enabled" = true; - "latex-workshop.latex.outDir" = "%TMPDIR%/%RELATIVE_DOC%"; - "editor.fontFamily" = - "'DejaVuSansMono Nerd Font', 'monospace', monospace"; - "keyboard.dispatch" = "keyCode"; - "rust-analyzer.server.path" = "${pkgs.rust-analyzer}/bin/rust-analyzer"; - "rust-analyzer.check.extraArgs" = ["--profile" "rust-analyzer"]; - "rust-analyzer.check.command" = "clippy"; - "terminal.integrated.defaultProfile.linux" = "zsh"; - "nix.enableLanguageServer" = true; # Enable LSP. - "nix.serverPath" = "${pkgs.nil}/bin/nil"; - "[nix]" = { "editor.defaultFormatter" = "brettm12345.nixfmt-vscode"; }; - "[python]" = { "editor.formatOnType" = true; }; - "debug.allowBreakpointsEverywhere" = true; - "C_Cpp.clang_format_fallbackStyle" = - "{ BasedOnStyle: Google, IndentWidth: 4, ColumnLimit: 0}"; - "crates.compatibleDecorator" = "✓"; - "crates.errorDecorator" = "✗"; - "crates.incompatibleDecorator" = "🛇"; - # Don't index unecessary things - "files.exclude" = { - "**/.vscode" = true; - "**/.git" = true; - "**/.svn" = true; - "**/.hg" = true; - "**/.deps" = true; - "**/CVS" = true; - "**/.DS_Store" = true; - "/bin" = true; - "/boot" = true; - "/cdrom" = true; - "/dev" = true; - "/proc" = true; - "/etc" = true; - "/nix" = true; - }; - }; - extensions = with pkgs.vscode-extensions; - with pkgs.v.vscode-extensions; [ - brettm12345.nixfmt-vscode - codezombiech.gitignore - editorconfig.editorconfig - foxundermoon.shell-format - james-yu.latex-workshop - jnoortheen.nix-ide - matklad.rust-analyzer - mkhl.direnv - ms-vscode-remote.remote-ssh - ms-vscode.cpptools - platformio.platformio-ide - redhat.vscode-yaml - redhat.vscode-xml - tamasfe.even-better-toml - valentjn.vscode-ltex - vscodevim.vim - vadimcn.vscode-lldb - xaver.clang-format - sumneko.lua - davidlday.languagetool-linter - serayuzgur.crates - skellock.just - ]; - }; - - }; -} - diff --git a/nixos/common/modules/default.nix b/nixos/common/modules/default.nix deleted file mode 100644 index 66727027..00000000 --- a/nixos/common/modules/default.nix +++ /dev/null @@ -1,3 +0,0 @@ -{ ... }: { - imports = [ ./meta.nix ./nginx.nix ./dns.nix ./flood.nix ./gnome ./unpackerr.nix ./vault.nix ]; -} diff --git a/nixos/common/modules/gnome/hm.nix b/nixos/common/modules/gnome/hm.nix deleted file mode 100644 index babdec76..00000000 --- a/nixos/common/modules/gnome/hm.nix +++ /dev/null @@ -1,132 +0,0 @@ -{ lib, ... }: - -with lib.hm.gvariant; -let - inherit (builtins) attrNames map; - inherit (lib.attrsets) mapAttrs' nameValuePair; - generate_custom_keybindings = binds: - { - "org/gnome/settings-daemon/plugins/media-keys" = { - custom-keybindings = map (name: - "/org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/${name}/") - (attrNames binds); - }; - } // mapAttrs' (name: - nameValuePair - "org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/${name}") - binds; -in { - xdg.mimeApps.enable = true; - xdg.mimeApps.defaultApplications = { - "text/plain" = "org.gnome.TextEditor.desktop"; - "application/pdf" = "org.gnome.Evince.desktop"; - - # Firefox - "text/html" = "firefox.desktop"; - "x-scheme-handler/http" = "firefox.desktop"; - "x-scheme-handler/https" = "firefox.desktop"; - "x-scheme-handler/chrome" = "firefox.desktop"; - "application/x-extension-htm" = "firefox.desktop"; - "application/x-extension-shtml" = "firefox.desktop"; - "application/xhtml+xml" = "firefox.desktop"; - "application/x-extension-xhtml" = "firefox.desktop"; - "application/x-extension-xht" = "firefox.desktop"; - "application/x-extension-html" = "firefox.desktop"; - - # Images - "image/bmp" = "org.gnome.eog.desktop"; - "image/gif" = "org.gnome.eog.desktop"; - "image/jpg" = "org.gnome.eog.desktop"; - "image/pjpeg" = "org.gnome.eog.desktop"; - "image/png" = "org.gnome.eog.desktop"; - "image/tiff" = "org.gnome.eog.desktop"; - "image/webp" = "org.gnome.eog.desktop"; - "image/x-bmp" = "org.gnome.eog.desktop"; - "image/x-gray" = "org.gnome.eog.desktop"; - "image/x-icb" = "org.gnome.eog.desktop"; - "image/x-ico" = "org.gnome.eog.desktop"; - "image/x-png" = "org.gnome.eog.desktop"; - "image/x-portable-anymap" = "org.gnome.eog.desktop"; - "image/x-portable-bitmap" = "org.gnome.eog.desktop"; - "image/x-portable-graymap" = "org.gnome.eog.desktop"; - "image/x-portable-pixmap" = "org.gnome.eog.desktop"; - "image/x-xbitmap" = "org.gnome.eog.desktop"; - "image/x-xpixmap" = "org.gnome.eog.desktop"; - "image/x-pcx" = "org.gnome.eog.desktop"; - "image/svg+xml" = "org.gnome.eog.desktop"; - "image/svg+xml-compressed" = "org.gnome.eog.desktop"; - "image/vnd.wap.wbmp" = "org.gnome.eog.desktop"; - "image/x-icns" = "org.gnome.eog.desktop"; - }; - - dconf.settings = { - "org/gnome/desktop/input-sources" = { - sources = [ (mkTuple [ "xkb" "us+altgr-intl" ]) ]; - xkb-options = [ "terminate:ctrl_alt_bksp" ]; - }; - - "org/gnome/desktop/peripherals/touchpad" = { - tap-to-click = true; - two-finger-scrolling-enabled = true; - }; - - "org/gnome/mutter" = { - attach-modal-dialogs = true; - dynamic-workspaces = false; - edge-tiling = true; - focus-change-on-pointer-rest = true; - workspaces-only-on-primary = true; - }; - - "org/gnome/mutter/keybindings" = { - toggle-tiled-left = [ "bracketleft" ]; - toggle-tiled-right = [ "bracketright" ]; - }; - - "org/gnome/shell/keybindings" = { toggle-overview = [ "d" ]; }; - - "org/gnome/desktop/interface" = { color-scheme = "prefer-dark"; }; - - "org/gnome/desktop/wm/preferences" = { - auto-raise = false; - num-workspaces = 6; - focus-mode = "sloppy"; - }; - - "org/gnome/desktop/wm/keybindings" = { - raise-or-lower = [ "s" ]; - switch-applications = [ "Tab" ]; - switch-applications-backward = [ "Tab" ]; - move-to-workspace-1 = [ "1" ]; - move-to-workspace-2 = [ "2" ]; - move-to-workspace-3 = [ "3" ]; - move-to-workspace-4 = [ "4" ]; - move-to-workspace-5 = [ "5" ]; - move-to-workspace-6 = [ "6" ]; - switch-to-workspace-1 = [ "1" ]; - switch-to-workspace-2 = [ "2" ]; - switch-to-workspace-3 = [ "3" ]; - switch-to-workspace-4 = [ "4" ]; - switch-to-workspace-5 = [ "5" ]; - switch-to-workspace-6 = [ "6" ]; - toggle-fullscreen = [ "M" ]; - toggle-maximized = [ "m" ]; - close = [ "Q" ]; - }; - - "org/gnome/tweaks" = { show-extensions-notice = false; }; - - "org/gnome/boxes" = { first-run = false; }; - } // generate_custom_keybindings { - "terminal" = { - binding = "Return"; - command = "kgx"; - name = "Open Terminal"; - }; - "firefox" = { - binding = "f"; - command = "firefox"; - name = "Open Firefox"; - }; - }; -} diff --git a/nixos/common/modules/meta.nix b/nixos/common/modules/meta.nix deleted file mode 100644 index 639d212d..00000000 --- a/nixos/common/modules/meta.nix +++ /dev/null @@ -1,43 +0,0 @@ -{ lib, ... }: -with lib; -let - exposesOpts = { - options = { - domain = mkOption { - type = types.str; - example = ".example.com"; - description = '' - The domain under which this service should be available - ''; - }; - port = mkOption { - type = types.int; - default = 80; - example = 4242; - description = '' - The port under which the service runs on the host - ''; - }; - }; - }; -in -{ - options.meta = { - - exposes = mkOption { - type = with types; attrsOf (submodule exposesOpts); - description = '' - Exposed services - ''; - }; - - ipv4 = mkOption { - type = types.str; - description = '' - Own IPv4 Address - ''; - }; - }; - - config = { }; -} diff --git a/nixos/hosts/olympus/bastion/containers/default.nix b/nixos/hosts/olympus/bastion/containers/default.nix deleted file mode 100644 index d2e8299d..00000000 --- a/nixos/hosts/olympus/bastion/containers/default.nix +++ /dev/null @@ -1,26 +0,0 @@ -{ config, lib, ... }: -let - hostAddress = "10.42.99.1"; - hostAddress6 = "fc00::1"; -in { - # TODO: Loop over subdirs, create nixos container for each - networking.nat = { - enable = true; - internalInterfaces = [ "ve-+" ]; - externalInterface = "ens18"; - # Lazy IPv6 connectivity for the container - enableIPv6 = true; - - forwardPorts = [ - - ]; - }; - - # Containers network is - # * 10.42.99.0/24 - # * fc00:x - - containers = { - - }; -} diff --git a/nixos/hosts/olympus/ci/configuration.nix b/nixos/hosts/olympus/ci/configuration.nix index 0c80aac0..162b3e24 100644 --- a/nixos/hosts/olympus/ci/configuration.nix +++ b/nixos/hosts/olympus/ci/configuration.nix @@ -61,7 +61,7 @@ in { gitMinimal gnused jq - nixUnstable + nix nodejs statix vault diff --git a/nixos/hosts/olympus/dhcp/configuration.nix b/nixos/hosts/olympus/dhcp/configuration.nix index a2c642bd..13bcc0fb 100644 --- a/nixos/hosts/olympus/dhcp/configuration.nix +++ b/nixos/hosts/olympus/dhcp/configuration.nix @@ -41,8 +41,6 @@ in controlSocketPaths = [ "/tmp/kea-dhcp4.socket" ]; }; - # To make sure the control socket is accesible - services.kea.dhcp4 = { enable = true; settings = { @@ -57,7 +55,6 @@ in socket-type = "unix"; socket-name = "/tmp/kea-dhcp4.socket"; }; - # failed to initialize Kea server: configuration error using file '/etc/kea/dhcp4-server.conf': cannot create socket lockfile, /run/kea/kea-dhcp4.socket.lock, : No such file or directory lease-database = { name = "/var/lib/kea/dhcp4.leases"; diff --git a/nixos/hosts/olympus/mailserver/configuration.nix b/nixos/hosts/olympus/mailserver/configuration.nix index c434d166..efff9fbf 100644 --- a/nixos/hosts/olympus/mailserver/configuration.nix +++ b/nixos/hosts/olympus/mailserver/configuration.nix @@ -102,7 +102,6 @@ in { }; }; services = { - postfix.relayHost = "smtp.ziggozakelijk.nl"; postfix.relayPort = 587; diff --git a/nixos/hosts/olympus/nginx/configuration.nix b/nixos/hosts/olympus/nginx/configuration.nix index b4f68c39..a686d487 100644 --- a/nixos/hosts/olympus/nginx/configuration.nix +++ b/nixos/hosts/olympus/nginx/configuration.nix @@ -172,7 +172,6 @@ in { }; security = { acme = { - defaults.email = "vivian@0x76.dev"; acceptTerms = true; preliminarySelfsigned = true; diff --git a/nixos/hosts/thalassa/aoife/hardware.nix b/nixos/hosts/thalassa/aoife/hardware.nix deleted file mode 100644 index 3c5becd6..00000000 --- a/nixos/hosts/thalassa/aoife/hardware.nix +++ /dev/null @@ -1,55 +0,0 @@ -{ pkgs, ... }: { - hardware = { - enableAllFirmware = true; - - bluetooth.enable = true; - - # Vulkan - opengl.driSupport = true; - opengl.extraPackages = with pkgs; [ - amdvlk - rocm-opencl-icd - rocm-opencl-runtime - ]; - }; - services = { - - hardware.bolt.enable = true; - - fprintd.enable = true; - - # Video Driver - xserver.videoDrivers = [ "amdgpu" ]; - xserver = { - dpi = 280; - xkbOptions = "caps:swapescape"; - }; - - # SSD Trim - fstrim.enable = true; - - # Power Management - upower.enable = true; - thermald.enable = true; - }; - - # hardware.trackpoint.enable = true; - - # FS - fileSystems."/".options = [ "compress=zstd" ]; - - powerManagement = { - enable = true; - powertop.enable = true; - }; - security = { - tpm2 = { - - # tpm - enable = true; - pkcs11.enable = true; # expose /run/current-system/sw/lib/libtpm2_pkcs11.so - tctiEnvironment.enable = true; - }; - }; # TPM2TOOLS_TCTI and TPM2_PKCS11_TCTI env variables - users.users.vivian.extraGroups = [ "tss" ]; # tss group has access to TPM devices -} diff --git a/nixos/hosts/thalassa/aoife/home/default.nix b/nixos/hosts/thalassa/aoife/home/default.nix deleted file mode 100644 index 5c543197..00000000 --- a/nixos/hosts/thalassa/aoife/home/default.nix +++ /dev/null @@ -1,16 +0,0 @@ -{ pkgs, ... }: { - # Custom dconf settings - dconf.settings."org/gnome/desktop/input-sources" = { - xkb-options = [ "caps:swapescape" ]; - }; - - programs.zsh.envExtra = '' - source ~/.zshrc.secrets - ''; - - home.packages = with pkgs; [ - libreoffice-fresh - jetbrains.clion - jetbrains.rust-rover - ]; -} diff --git a/nixos/hosts/thalassa/default.nix b/nixos/hosts/thalassa/default.nix deleted file mode 100644 index 5b1e1db9..00000000 --- a/nixos/hosts/thalassa/default.nix +++ /dev/null @@ -1,6 +0,0 @@ -{ - "aoife" = { - type = "local"; - mac = "04:7b:cb:b6:2d:88"; - }; -} diff --git a/nixos/hosts/thalassa/null/README.md b/nixos/hosts/thalassa/null/README.md deleted file mode 100644 index bd765da1..00000000 --- a/nixos/hosts/thalassa/null/README.md +++ /dev/null @@ -1,10 +0,0 @@ -# null -This folder contains the NixOS configuration for my laptop, with hostname `null`. - -## Information -* OS: NixOS -* WM: hyprland -* Terminal: foot -* Shell: zsh -* Theme: Captuccin Pink Dark -* Launcher: wofi diff --git a/nixos/hosts/thalassa/null/configuration.nix b/nixos/hosts/thalassa/null/configuration.nix deleted file mode 100644 index 143f5bfb..00000000 --- a/nixos/hosts/thalassa/null/configuration.nix +++ /dev/null @@ -1,267 +0,0 @@ -# Edit this configuration file to define what should be installed on -# your system. Help is available in the configuration.nix(5) man page -# and in the NixOS manual (accessible by running ‘nixos-help’). - -{ pkgs, inputs, ... }: -let - nvidia-offload = pkgs.writeShellScriptBin "nvidia-offload" '' - export __NV_PRIME_RENDER_OFFLOAD=1 - export __NV_PRIME_RENDER_OFFLOAD_PROVIDER=NVIDIA-G0 - export __GLX_VENDOR_LIBRARY_NAME=nvidia - export __VK_LAYER_NV_optimus=NVIDIA_only - export LIBVA_DRIVER_NAME=nvidia - export GBM_BACKEND=nvidia-drm - - exec "$@" - ''; - run-hyprland = pkgs.writeShellScriptBin "run-hyprland" '' - export _JAVA_AWT_WM_NONREPARENTING=1 - export XCURSOR_SIZE=32 - - export CLUTTER_BACKEND=wayland - export XDG_SESSION_TYPE=wayland - export QT_WAYLAND_DISABLE_WINDOWDECORATION=1 - export MOZ_ENABLE_WAYLAND=1 - export WLR_NO_HARDWARE_CURSORS=1 - export WLR_BACKEND=vulkan - export QT_QPA_PLATFORM=wayland - export GDK_BACKEND=wayland - export SDL_VIDEODRIVER=wayland - - exec Hyprland - ''; -in -{ - imports = [ - # Include the results of the hardware scan. - ./hardware-configuration.nix - ./rescue-boot.nix - ./networking.nix - ]; - home-manager = { - - # home-manager - useGlobalPkgs = true; - useUserPackages = true; - users.vivian = import ./home; - extraSpecialArgs = { inherit inputs; }; - }; - security = { - - pam.services.swaylock = { }; - - sudo.wheelNeedsPassword = true; - rtkit.enable = true; - - # Enables logging in with my Solokey - pam.u2f = { - enable = true; - debug = false; - cue = true; - control = "sufficient"; - authFile = - "/etc/u2f-mappings"; # use `pamu2fcfg` from `pkgs.pam_u2f` to generate this config - }; - }; - - fonts = { - fonts = with pkgs; [ - material-design-icons - noto-fonts - noto-fonts-cjk - noto-fonts-emoji - dejavu_fonts - (nerdfonts.override { - fonts = - [ "DejaVuSansMono" "Ubuntu" "DroidSansMono" "NerdFontsSymbolsOnly" ]; - }) - ]; - - enableDefaultFonts = false; - - fontconfig = { - defaultFonts = { - monospace = [ "DejaVuSansMono Nerd Font" "Noto Color Emoji" ]; - sansSerif = - [ "DejaVu Sans" "DejaVuSansMono Nerd Font" "Noto Color Emoji" ]; - serif = - [ "DejaVu Serif" "DejaVuSansMono Nerd Font" "Noto Color Emoji" ]; - emoji = [ "Noto Color Emoji" ]; - }; - }; - }; - - # Bootloader. - # boot.initrd.systemd.enable = true; # Experimental - boot = { - kernelPackages = pkgs.linuxPackages_latest; - loader = { - systemd-boot.editor = false; - systemd-boot.enable = true; - # loader.systemd-boot.configurationLimit = 6; - efi.canTouchEfiVariables = true; - efi.efiSysMountPoint = "/boot/efi"; - }; - - kernel.sysctl = { "fs.inotify.max_user_watches" = 524288; }; - }; - services = { - - gnome.gnome-keyring.enable = true; - - udisks2.enable = true; - dbus.enable = true; - - xserver = { - enable = false; - layout = "us"; - xkbVariant = "altgr-intl"; - xkbOptions = "caps:swapescape"; - videoDrivers = [ "nvidia" ]; - }; - blueman.enable = true; - - # Enable CUPS to print documents. - printing.enable = true; - pipewire = { - enable = true; - alsa.enable = true; - alsa.support32Bit = true; - pulse.enable = true; - # If you want to use JACK applications, uncomment this - #jack.enable = true; - - # use the example session manager (no others are packaged yet so this is enabled by default, - # no need to redefine it in your config for now) - #media-session.enable = true; - }; - - fstrim.enable = true; - - # don't shutdown when power button is short-pressed - logind.extraConfig = '' - HandlePowerKey=suspend - ''; - - udev.packages = with pkgs; [ - android-udev-rules - logitech-udev-rules - wooting-udev-rules - ]; - }; - fileSystems = { - - "/".options = [ "compress=zstd" ]; - "/home".options = [ "compress=zstd" ]; - "/nix".options = [ "compress=zstd" "noatime" ]; - }; - i18n = { - - # Filesystem dedup - # services.beesd.filesystems = { - # root = { - # spec = "LABEL=nixos"; - # hashTableSizeMB = 256; - # verbosity = "crit"; - # extraOptions = [ "--loadavg-target" "2.0" ]; - # }; - # }; - - # Select internationalisation properties. - defaultLocale = "en_GB.utf8"; - - extraLocaleSettings = { - LC_ADDRESS = "nl_NL.UTF-8"; - LC_IDENTIFICATION = "nl_NL.UTF-8"; - LC_MEASUREMENT = "nl_NL.UTF-8"; - LC_MONETARY = "nl_NL.UTF-8"; - LC_NAME = "nl_NL.UTF-8"; - LC_NUMERIC = "nl_NL.UTF-8"; - LC_PAPER = "nl_NL.UTF-8"; - LC_TELEPHONE = "nl_NL.UTF-8"; - LC_TIME = "en_DK.UTF-8"; - }; - - supportedLocales = - [ "en_GB.UTF-8/UTF-8" "nl_NL.UTF-8/UTF-8" "en_DK.UTF-8/UTF-8" ]; - }; - - xdg.portal = { - enable = true; - wlr.enable = true; - }; - programs = { - - # Hyprland - hyprland = { - enable = true; - package = null; # Managed by home manager - }; - - steam = { - enable = true; - remotePlay.openFirewall = true; - dedicatedServer.openFirewall = true; - }; - - ssh.startAgent = true; - }; - - environment.loginShellInit = '' - if [ -z $DISPLAY ] && [ "$(tty)" = "/dev/tty1" ]; then - ${run-hyprland}/bin/run-hyprland - fi - ''; - hardware = { - - nvidia.prime = { - offload.enable = true; - intelBusId = "PCI:0:2:0"; - nvidiaBusId = "PCI:1:0:0"; - }; - - opengl = { - enable = true; - extraPackages = with pkgs; [ - vaapiVdpau - intel-media-driver # LIBVA_DRIVER_NAME=iHD - vaapiIntel # LIBVA_DRIVER_NAME=i965 (older but works better for Firefox/Chromium) - libvdpau-va-gl - ]; - }; - - bluetooth.enable = true; - - saleae-logic.enable = true; - pulseaudio.enable = false; - }; - - virtualisation.podman.enable = true; - - # Enable sound with pipewire. - sound.enable = true; - - environment.systemPackages = with pkgs; [ - pciutils - nvidia-offload - run-hyprland - wireguard-tools - slurp - gdb - - swaylock-effects # Has to be installed globally so that pam module works - ]; - - nix.extraOptions = '' - keep-outputs = true - keep-derivations = true - ''; - - # This value determines the NixOS release from which the default - # settings for stateful data, like file locations and database versions - # on your system were taken. It‘s perfectly fine and recommended to leave - # this value at the release version of the first install of this system. - # Before changing this value read the documentation for this option - # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). - system.stateVersion = "22.05"; # Did you read the comment? -} diff --git a/nixos/hosts/thalassa/null/hardware-configuration.nix b/nixos/hosts/thalassa/null/hardware-configuration.nix deleted file mode 100644 index 4c230e9f..00000000 --- a/nixos/hosts/thalassa/null/hardware-configuration.nix +++ /dev/null @@ -1,56 +0,0 @@ -# Do not modify this file! It was generated by ‘nixos-generate-config’ -# and may be overwritten by future invocations. Please make changes -# to /etc/nixos/configuration.nix instead. -{ config, lib, modulesPath, ... }: - -{ - imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; - boot = { - - initrd.availableKernelModules = - [ "xhci_pci" "ahci" "nvme" "rtsx_pci_sdmmc" ]; - initrd.kernelModules = [ ]; - kernelModules = [ "kvm-intel" ]; - extraModulePackages = [ ]; - }; - fileSystems = { - - "/" = { - device = "/dev/disk/by-uuid/d4f56e5b-2509-4e63-8324-65a35c71e90c"; - fsType = "btrfs"; - options = [ "subvol=@" ]; - }; - - "/nix" = { - device = "/dev/disk/by-uuid/d4f56e5b-2509-4e63-8324-65a35c71e90c"; - fsType = "btrfs"; - options = [ "subvol=@/nix" ]; - }; - - "/home" = { - device = "/dev/disk/by-uuid/d4f56e5b-2509-4e63-8324-65a35c71e90c"; - fsType = "btrfs"; - options = [ "subvol=@home" ]; - }; - - "/boot/efi" = { - device = "/dev/disk/by-uuid/D478-6F66"; - fsType = "vfat"; - }; - }; - - swapDevices = [ ]; - - # Enables DHCP on each ethernet and wireless interface. In case of scripted networking - # (the default) this is the recommended approach. When using systemd-networkd it's - # still possible to use this option, but it's recommended to use it in conjunction - # with explicit per-interface declarations with `networking.interfaces..useDHCP`. - networking.useDHCP = lib.mkDefault true; - # networking.interfaces.wg0.useDHCP = lib.mkDefault true; - # networking.interfaces.wlp0s20f3.useDHCP = lib.mkDefault true; - - nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; - powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; - hardware.cpu.intel.updateMicrocode = - lib.mkDefault config.hardware.enableRedistributableFirmware; -} diff --git a/nixos/hosts/thalassa/null/home/default.nix b/nixos/hosts/thalassa/null/home/default.nix deleted file mode 100644 index ffd63dde..00000000 --- a/nixos/hosts/thalassa/null/home/default.nix +++ /dev/null @@ -1,207 +0,0 @@ -{ config, pkgs, inputs, texlive, ... }: -let - tex = pkgs.texlive.combine { - inherit (pkgs.texlive) scheme-full; - dnd-5e-latex-template = { pkgs = [ pkgs.v.dnd-5e-latex-template ]; }; - }; -in -{ - programs = { - home-manager.enable = true; - - foot = { enable = true; }; - - nix-index.enable = true; - - exa = { - enable = true; - enableAliases = true; - }; - - bat.enable = true; - - git = { - enable = true; - package = pkgs.gitAndTools.gitFull; - userName = "Vivian"; - userEmail = "vivian@0x76.dev"; - lfs.enable = true; - # delta.enable = true; - extraConfig = { - push.autoSetupRemote = true; - init.defaultBranch = "main"; - }; - }; - - mako = { - enable = true; - extraConfig = '' - [mode=do-not-disturb] - invisible=1 - ''; - }; - - tmux = { - enable = true; - shortcut = "b"; - terminal = "screen-256color"; - clock24 = true; - }; - - firefox = { - enable = true; - package = pkgs.firefox-devedition-bin; - }; - - vscode = { - enable = true; - package = pkgs.vscode; - userSettings = { - "ltex.language" = "en-GB"; - "latex-workshop" = { - "linting.chktex.enabled" = true; - "latex.clean.subfolder.enabled" = true; - "latex.outDir" = "%TMPDIR%/%RELATIVE_DOC%"; - }; - "workbench.colorTheme" = "Catppuccin Frappé"; - "editor.fontFamily" = - "'DejaVuSansMono Nerd Font', 'monospace', monospace"; - "keyboard.dispatch" = "keyCode"; - "rust-analyzer.server.path" = "${pkgs.rust-analyzer}/bin/rust-analyzer"; - "terminal.integrated.defaultProfile.linux" = "zsh"; - "nix.enableLanguageServer" = true; # Enable LSP. - "nix.serverPath" = - "${pkgs.nil}/bin/nil"; # The path to the LSP server executable. - "[nix]" = { "editor.defaultFormatter" = "brettm12345.nixfmt-vscode"; }; - }; - extensions = with pkgs.vscode-extensions; - with pkgs.v.vscode-extensions; [ - # astro-build.astro-vscode - brettm12345.nixfmt-vscode - catppuccin.catppuccin-vsc - codezombiech.gitignore - editorconfig.editorconfig - foxundermoon.shell-format - james-yu.latex-workshop - jnoortheen.nix-ide - matklad.rust-analyzer - mkhl.direnv - ms-vscode-remote.remote-ssh - ms-vscode.cpptools - platformio.platformio-ide - redhat.vscode-yaml - tamasfe.even-better-toml - valentjn.vscode-ltex - vscodevim.vim - xaver.clang-format - ]; - }; - - direnv = { - enable = true; - nix-direnv = { enable = true; }; - }; - - zsh = { - enable = true; - sessionVariables = { DIRENV_LOG_FORMAT = ""; }; - }; - }; - home = { - username = "vivian"; - homeDirectory = "/home/vivian"; - stateVersion = "22.05"; - - packages = with pkgs; [ - appimage-run - brightnessctl - btop - calibre - cinny-desktop - discord-canary - fluxcd - fusee-launcher - gcc - gimp - gnome.eog - gnome.file-roller - gnome.gnome-font-viewer - gnome.nautilus - grim # Screenshot tool - inputs.comma.packages.${pkgs.system}.default - inputs.riff.packages.${pkgs.system}.riff - inputs.webcord.packages.${pkgs.system}.default - k9s - kubectl - libnotify - mullvad-vpn - neofetch - nixpkgs-review - nixfmt - ouch - plex-media-player - plexamp - python3 - retroarchFull - ripgrep - rsync - rustup - saleae-logic-2 - solo2-cli - steam-run - tex - thunderbird-wayland - v.deemix-gui - wf-recorder # Screenrecorder - wl-clipboard # Clipboard manager - wofi # Wayland rofi - wpa_supplicant_gui - ]; - }; - - imports = [ ./hyprland.nix ./neovim.nix ./eww ./theme.nix ]; - - xdg.mimeApps = { - enable = true; - defaultApplications = - let browser = [ "firefox.desktop" ]; - in { - "image/*" = "org.gnome.eog.desktop"; - "text/html" = browser; - "x-scheme-handler/http" = browser; - "x-scheme-handler/https" = browser; - "x-scheme-handler/ftp" = browser; - "x-scheme-handler/about" = browser; - "x-scheme-handler/unknown" = browser; - "application/x-extension-htm" = browser; - "application/x-extension-html" = browser; - "application/x-extension-shtml" = browser; - "application/xhtml+xml" = browser; - "application/x-extension-xhtml" = browser; - "application/x-extension-xht" = browser; - - "application/json" = browser; - "application/pdf" = browser; - - "x-scheme-handler/vscode" = "code-url-handler.desktop"; - "x-scheme-handler/discord" = "webcord.desktop"; - }; - }; - - xdg.userDirs = - let home = config.home.homeDirectory; - in { - enable = true; - createDirectories = true; - desktop = "${home}/.desktop"; - documents = "${home}/cloud/Documents"; - download = "${home}/dl"; - music = "${home}/cloud/Music"; - pictures = "${home}/cloud/Pictures"; - publicShare = "${home}/.publicShare"; - templates = "${home}/.templates"; - videos = "${home}/cloud/Videos"; - }; - - services.syncthing.enable = true; -} diff --git a/nixos/hosts/thalassa/null/home/eww/default.nix b/nixos/hosts/thalassa/null/home/eww/default.nix deleted file mode 100644 index 120b59a0..00000000 --- a/nixos/hosts/thalassa/null/home/eww/default.nix +++ /dev/null @@ -1,42 +0,0 @@ -{ pkgs, ... }: { - home = { - packages = with pkgs; [ - eww-wayland - pamixer - lua - (nerdfonts.override { fonts = [ "JetBrainsMono" ]; }) - ]; - file = { - - ".config/eww/eww.yuck".source = ./eww.yuck; - ".config/eww/eww.scss".text = builtins.readFile ./eww.scss; - - # scripts - # TODO: just link all scripts in ./scripts to .config/eww/scripts - ".config/eww/scripts/volume.sh" = { - source = ./scripts/volume.sh; - executable = true; - }; - - ".config/eww/scripts/wifi.sh" = { - source = ./scripts/wifi.sh; - executable = true; - }; - - ".config/eww/scripts/workspaces.sh" = { - source = ./scripts/workspaces.sh; - executable = true; - }; - - ".config/eww/scripts/workspaces.lua" = { - source = ./scripts/workspaces.lua; - executable = true; - }; - - ".config/eww/scripts/do-not-disturb.sh" = { - source = ./scripts/do-not-disturb.sh; - executable = true; - }; - }; - }; -} diff --git a/nixos/hosts/thalassa/null/home/hyprland.nix b/nixos/hosts/thalassa/null/home/hyprland.nix deleted file mode 100644 index cdc6efa4..00000000 --- a/nixos/hosts/thalassa/null/home/hyprland.nix +++ /dev/null @@ -1,137 +0,0 @@ -{ pkgs, config, ... }: { - home.file.".config/hypr/hyprpaper.conf".text = '' - ipc = off - preload = ~/cloud/Pictures/Wallpapers-Laptop/wallpaper-nix-pink.png - wallpaper = eDP-1,~/cloud/Pictures/Wallpapers-Laptop/wallpaper-nix-pink.png - ''; - - wayland.windowManager.hyprland = - let - startup-script = pkgs.writeScriptBin "startup" '' - #!${pkgs.stdenv.shell} - hyprctl setcursor Catppuccin-Frappe-Pink-Cursors ${ - builtins.toString config.home.pointerCursor.size - } - ${pkgs.hyprpaper}/bin/hyprpaper & - foot --server & - eww daemon & - eww open bar & - firefox-devedition & - webcord & - element-desktop & - ''; - in - { - enable = true; - recommendedEnvironment = true; - extraConfig = '' - exec-once=dbus-update-activation-environment --systemd WAYLAND_DISPLAY XDG_CURRENT_DESKTOP - exec-once=systemctl --user import-environment WAYLAND_DISPLAY XDG_CURRENT_DESKTOP - - monitor=eDP-1,1920x1080@60,0x0,1 - monitor=eDP-1,addreserved,0,0,48,0 - monitor=,preferred,auto,1 - - windowrulev2 = workspace 1 silent,class:^(Electron)$,title:^(.*)(WebCord)(.*)$ - windowrulev2 = workspace 1 silent,title:^(Element)(.*)$ - windowrulev2 = workspace 2 silent,class:^(firefox-aurora)$ - windowrulev2 = float,class:^(firefox-aurora)$,title:^(Picture-in-Picture)$ - - general { - layout = dwindle - col.active_border = 0xfff4b8e4 - } - - input { - kb_options=caps:escape - touchpad { - natural_scroll= true - } - } - - gestures { - workspace_swipe = true - } - - misc { - no_vfr = false - disable_hyprland_logo = true - disable_splash_rendering = true - } - - dwindle { - pseudotile=true - } - - bind=SUPER,RETURN,exec,footclient - bind=SUPER,f,exec,firefox-devedition - bind=SUPER,d,exec,wofi --show run,drun - - bind=,Print,exec,grim -g "$(slurp)" -t png - | wl-copy -t image/png - bind=SUPER,W,killactive, - bind=SUPERSHIFT,Q,exit, - bind=SUPER,S,togglefloating, - bind=SUPER,P,pin, - - bindm=SUPER,mouse:272,movewindow - bindm=SUPER,mouse:273,resizewindow - - bind=SUPER,left,movefocus,l - bind=SUPER,right,movefocus,r - bind=SUPER,up,movefocus,u - bind=SUPER,down,movefocus,d - - bind=SUPER,1,workspace,1 - bind=SUPER,2,workspace,2 - bind=SUPER,3,workspace,3 - bind=SUPER,4,workspace,4 - bind=SUPER,5,workspace,5 - bind=SUPER,6,workspace,6 - bind=SUPER,7,workspace,7 - bind=SUPER,8,workspace,8 - bind=SUPER,9,workspace,9 - bind=SUPER,0,workspace,10 - bind=SUPER,grave,togglespecialworkspace - - bind=ALT,1,movetoworkspace,1 - bind=ALT,2,movetoworkspace,2 - bind=ALT,3,movetoworkspace,3 - bind=ALT,4,movetoworkspace,4 - bind=ALT,5,movetoworkspace,5 - bind=ALT,6,movetoworkspace,6 - bind=ALT,7,movetoworkspace,7 - bind=ALT,8,movetoworkspace,8 - bind=ALT,9,movetoworkspace,9 - bind=ALT,0,movetoworkspace,10 - bind=ALT,grave,movetoworkspace,special - - bind=SUPERSHIFT,1,movetoworkspacesilent,1 - bind=SUPERSHIFT,2,movetoworkspacesilent,2 - bind=SUPERSHIFT,3,movetoworkspacesilent,3 - bind=SUPERSHIFT,4,movetoworkspacesilent,4 - bind=SUPERSHIFT,5,movetoworkspacesilent,5 - bind=SUPERSHIFT,6,movetoworkspacesilent,6 - bind=SUPERSHIFT,7,movetoworkspacesilent,7 - bind=SUPERSHIFT,8,movetoworkspacesilent,8 - bind=SUPERSHIFT,9,movetoworkspacesilent,9 - bind=SUPERSHIFT,0,movetoworkspacesilent,10 - bind=SUPERSHIFT,grave,movetoworkspacesilent,special - - bind=SUPER,mouse_down,workspace,e+1 - bind=SUPER,mouse_up,workspace,e-1 - - bind=SUPER,g,togglegroup - bind=SUPER,tab,changegroupactive - bind=SUPER,m,fullscreen,1 - bind=SUPERSHIFT,m,fullscreen,0 - - bind=,XF86MonBrightnessUp,exec,brightnessctl -q s +5% - bind=,XF86MonBrightnessDown,exec,brightnessctl -q s 5%- - bind=,XF86MonRaiseVolume,exec,pamixer -i 5 - bind=,XF86MonLowerVolume,exec,pamixer -d 5 - bind=,XF86AudioMute,exec,pamixer -t - - exec-once=${startup-script}/bin/startup - ''; - }; -} diff --git a/nixos/hosts/thalassa/null/home/neovim.nix b/nixos/hosts/thalassa/null/home/neovim.nix deleted file mode 100644 index a6eb4fa8..00000000 --- a/nixos/hosts/thalassa/null/home/neovim.nix +++ /dev/null @@ -1,39 +0,0 @@ -{ inputs, pkgs, ... }: { - imports = [ inputs.nixvim.homeManagerModules.nixvim ]; - programs.nixvim = { - enable = true; - package = pkgs.neovim-unwrapped; - - extraPlugins = with pkgs.vimPlugins; [ catppuccin-nvim ]; - - colorscheme = "catppuccin-frappe"; - - plugins = { - nix.enable = true; - treesitter = { - enable = true; - nixGrammars = false; - ensureInstalled = [ ]; - }; - surround.enable = true; - fugitive.enable = true; - lualine = { - enable = true; - theme = "catppuccin"; - }; - telescope = { - enable = true; - extensions.fzf-native.enable = true; - }; - lsp = { - enable = true; - servers = { - rust-analyzer.enable = true; - rnix-lsp.enable = true; - pyright.enable = true; - }; - }; - nvim-cmp = { enable = true; }; - }; - }; -} diff --git a/nixos/hosts/thalassa/null/home/theme.nix b/nixos/hosts/thalassa/null/home/theme.nix deleted file mode 100644 index fecec7af..00000000 --- a/nixos/hosts/thalassa/null/home/theme.nix +++ /dev/null @@ -1,127 +0,0 @@ -{ lib, pkgs, config, ... }: -let - inherit (builtins) mapAttrs; - - theme = "Catppuccin-Pink-Dark"; - cursorTheme = config.home.pointerCursor.name; - colour = { - rosewater = "f2d5cf"; - flamingo = "eebebe"; - pink = "f4b8e4"; - mauve = "ca9ee6"; - red = "e78284"; - maroon = "ea999c"; - peach = "ef9f76"; - yellow = "e5c890"; - green = "a6d189"; - teal = "81c8be"; - sky = "99d1db"; - sapphire = "85c1dc"; - blue = "8caaee"; - lavender = "babbf1"; - text = "c6d0f5"; - subtext0 = "a5adce"; - subtext1 = "b5bfe2"; - overlay2 = "949cbb"; - overlay0 = "737994"; - overlay1 = "838ba7"; - surface0 = "414559"; - surface1 = "51576d"; - surface2 = "626880"; - base = "303446"; - mantle = "292c3c"; - crust = "232634"; - - hex = mapAttrs (_name: value: "#${value}") colour; - }; -in -{ - home = { - file.".xsettingsd".text = '' - Net/ThemeName "${theme}" - Gtk/CursorThemeName "${cursorTheme}" - ''; - - pointerCursor = { - name = "Catppuccin-Frappe-Pink-Cursors"; - size = 32; - package = pkgs.catppuccin-cursors.frappePink; - }; - - file.".config/eww/eww.scss".text = lib.mkBefore '' - $rosewater: ${colour.hex.rosewater}; - $flamingo: ${colour.hex.flamingo}; - $pink: ${colour.hex.pink}; - $mauve: ${colour.hex.mauve}; - $red: ${colour.hex.red}; - $maroon: ${colour.hex.maroon}; - $peach: ${colour.hex.peach}; - $yellow: ${colour.hex.yellow}; - $green: ${colour.hex.green}; - $teal: ${colour.hex.teal}; - $sky: ${colour.hex.sky}; - $sapphire: ${colour.hex.sapphire}; - $blue: ${colour.hex.blue}; - $lavender: ${colour.hex.lavender}; - $text: ${colour.hex.text}; - $subtext0: ${colour.hex.subtext0}; - $subtext1: ${colour.hex.subtext1}; - $overlay0: ${colour.hex.overlay0}; - $overlay1: ${colour.hex.overlay1}; - $overlay2: ${colour.hex.overlay2}; - $surface0: ${colour.hex.surface0}; - $surface1: ${colour.hex.surface1}; - $surface2: ${colour.hex.surface2}; - $base: ${colour.hex.base}; - $mantle: ${colour.hex.mantle}; - $crust: ${colour.hex.crust}; - ''; - }; - - gtk = { - enable = true; - theme = { - name = theme; - package = pkgs.catppuccin-gtk; - }; - iconTheme = { - name = "Arc"; - package = pkgs.arc-icon-theme; - }; - cursorTheme = { - name = cursorTheme; - inherit (config.home.pointerCursor) size package; - }; - }; - - # Note, pink and blue are switched - programs.foot.settings.colors = { - alpha = 0.8; - - foreground = colour.text; # Text - background = colour.base; # Base - regular0 = colour.surface1; # Surface 1 - regular1 = colour.red; # red - regular2 = colour.green; # green - regular3 = colour.yellow; # yellow - regular4 = colour.pink; # pink - regular5 = colour.blue; # blue - regular6 = colour.teal; # teal - regular7 = colour.subtext1; # Subtext 1 - bright0 = colour.surface2; # Surface 2 - bright1 = colour.red; # red - bright2 = colour.green; # green - bright3 = colour.yellow; # yellow - bright4 = colour.pink; # pink - bright5 = colour.blue; # blue - bright6 = colour.teal; # teal - bright7 = colour.subtext0; # Subtext 0 - }; - - programs.mako = { - backgroundColor = colour.hex.mantle; - borderColor = colour.hex.pink; - textColor = colour.hex.text; - borderRadius = 5; - }; -} diff --git a/nixos/hosts/thalassa/null/networking.nix b/nixos/hosts/thalassa/null/networking.nix deleted file mode 100644 index ccf7a8a9..00000000 --- a/nixos/hosts/thalassa/null/networking.nix +++ /dev/null @@ -1,76 +0,0 @@ -_: { - services.v.dns = { - enable = true; - openFirewall = false; - mode = "laptop"; - }; - - services.mullvad-vpn.enable = true; - - networking = { - useDHCP = true; - dhcpcd.wait = "background"; - wireless = { - enable = true; - environmentFile = "/var/lib/secrets/wireless.env"; - userControlled.enable = true; - networks = { - eduroam = { - auth = '' - proto=RSN - key_mgmt=WPA-EAP - eap=PEAP - identity="vroest@tudelft.nl" - password=hash:@EDUROAM_PASSWORD_HASH@ - domain_suffix_match="radius.tudelft.nl" - anonymous_identity="anonymous@tudelft.nl" - phase1="peaplabel=0" - phase2="auth=MSCHAPV2" - ca_cert="/etc/ssl/certs/ca-bundle.crt" - ''; - }; - "Pikachu 5G" = { psk = "@PIKACHU_PASSWORD@"; }; - "sha256('yeet')" = { psk = "@SHA256_PASSWORD@"; }; - "wired" = { psk = "@WIRED_PASSWORD@"; }; - "meowy hotspot" = { psk = "@HOTSPOT_PASSWORD@"; }; - "WiFi Roest" = { psk = "@WIFI_ROEST_PASSWORD@"; }; - }; - }; - - nameservers = [ - "127.0.0.1" # Use locally deployed unbound - "::1" - ]; - - firewall.allowedUDPPorts = [ 51820 ]; - - # Maybe switch to wg-quick - wireguard.interfaces.wg0 = { - ips = [ "10.100.0.4/24" ]; - listenPort = 51820; - privateKeyFile = "/var/lib/secrets/wg_key"; - - peers = [ - { - # Delft - publicKey = "kDIO3BJSYlDwRXc2zt9tR1LqKJzIPrulaRmdiYkg+m0="; - allowedIPs = [ "10.100.0.1" "10.42.42.0/23" ]; - endpoint = "195.85.167.34:51820"; - persistentKeepalive = 25; - } - { - # Aerdenhout - publicKey = "KgqLhmUMX6kyTjRoa/GOCrZOvXNE5HWYuOr/T3v8/VI="; - allowedIPs = [ - "10.100.0.5" - "192.168.0.0/24" # to avoid being less specific than a LAN - "192.168.1.0/24" - "10.10.10.0/24" - ]; - endpoint = "80.60.83.220:51820"; - persistentKeepalive = 25; - } - ]; - }; - }; -} diff --git a/nixos/hosts/thalassa/null/rescue-boot.nix b/nixos/hosts/thalassa/null/rescue-boot.nix deleted file mode 100644 index a6cf2a2c..00000000 --- a/nixos/hosts/thalassa/null/rescue-boot.nix +++ /dev/null @@ -1,35 +0,0 @@ -{ pkgs, ... }: -let - # TODO: slim down size - netboot = import (pkgs.path + "/nixos/lib/eval-config.nix") { - inherit (pkgs) system; - modules = [ - (pkgs.path + "/nixos/modules/installer/netboot/netboot-minimal.nix") - module - ]; - }; - module = { - system.stateVersion = "22.11"; - boot.supportedFilesystems = [ "btrfs" "ext4" ]; - environment.systemPackages = with pkgs; [ git ]; - }; -in -{ - boot.loader.systemd-boot = { - extraEntries = { - "rescue.conf" = '' - title Rescue Boot - linux /rescue-kernel - initrd /rescue-initrd - options init=${netboot.config.system.build.toplevel}/init ${ - toString netboot.config.boot.kernelParams - } - ''; - }; - - extraFiles = { - "rescue-kernel" = "${netboot.config.system.build.kernel}/bzImage"; - "rescue-initrd" = "${netboot.config.system.build.netbootRamdisk}/initrd"; - }; - }; -} diff --git a/notes/arch.md b/notes/arch.md new file mode 100644 index 00000000..06df16b4 --- /dev/null +++ b/notes/arch.md @@ -0,0 +1,23 @@ +# NixOS System Config Plans + +## Levels of abstraction +1. Top-Level Host + * This is a bare-metal or otherwise non-managed VM that itself will contain VMs and Containers +2. MicroVM / Container + * As managed by a Top-Level Host + * Contains Applications/Services +3. Services / Applications + * Lowest Level, ran inside of a container or in special cases on a Top-Level Host + * Often has a port and domain associated with it + +## Open Questions +* Are MicroVMs and Containers LAN-routable or only on the Top-Level Host + * Essentially Docker vs. Proxmox networking architecture + + +## Requirements +* DHCP should be able to autoconfigure IPs at least for Top-Level hosts +* DNS should be automatically generated from Service definitions +* A Reverse Proxy shoudl also be able to be automatically set-up from service definitions +* Wireguard should function correctly + diff --git a/nixos/pkgs/default.nix b/pkgs/default.nix similarity index 82% rename from nixos/pkgs/default.nix rename to pkgs/default.nix index 5f7180fc..391147e4 100644 --- a/nixos/pkgs/default.nix +++ b/pkgs/default.nix @@ -1,5 +1,5 @@ # nix-build -E 'with import {}; callPackage ./default.nix {}' -_final: prev: { +final: prev: { v = { glitch-soc = prev.callPackage ./glitch-soc { }; @@ -17,11 +17,10 @@ _final: prev: { gitea-agatheme = prev.callPackage ./gitea-agatheme { }; # nix-shell -p "(vscode-with-extensions.override {vscodeExtensions = with vscode-extensions; [ jnoortheen.nix-ide ]; })" -I nixpkgs=. - vscode-extensions = { - platformio.platformio-ide = - prev.callPackage ./vscode-extensions/platformio.nix { }; - }; - + # vscode-extensions = { + # platformio.platformio-ide = + # prev.callPackage ./vscode-extensions/platformio.nix { }; + # }; }; plex-plexpass = prev.callPackage ./plex-pass { }; diff --git a/nixos/pkgs/dnd-5e-latex-template/default.nix b/pkgs/dnd-5e-latex-template/default.nix similarity index 100% rename from nixos/pkgs/dnd-5e-latex-template/default.nix rename to pkgs/dnd-5e-latex-template/default.nix diff --git a/nixos/pkgs/gitea-agatheme/default.nix b/pkgs/gitea-agatheme/default.nix similarity index 100% rename from nixos/pkgs/gitea-agatheme/default.nix rename to pkgs/gitea-agatheme/default.nix diff --git a/nixos/pkgs/glitch-soc/default.nix b/pkgs/glitch-soc/default.nix similarity index 100% rename from nixos/pkgs/glitch-soc/default.nix rename to pkgs/glitch-soc/default.nix diff --git a/nixos/pkgs/glitch-soc/gemset.nix b/pkgs/glitch-soc/gemset.nix similarity index 100% rename from nixos/pkgs/glitch-soc/gemset.nix rename to pkgs/glitch-soc/gemset.nix diff --git a/nixos/pkgs/glitch-soc/source.nix b/pkgs/glitch-soc/source.nix similarity index 100% rename from nixos/pkgs/glitch-soc/source.nix rename to pkgs/glitch-soc/source.nix diff --git a/nixos/pkgs/glitch-soc/update.sh b/pkgs/glitch-soc/update.sh similarity index 100% rename from nixos/pkgs/glitch-soc/update.sh rename to pkgs/glitch-soc/update.sh diff --git a/nixos/pkgs/plex-pass/default.nix b/pkgs/plex-pass/default.nix similarity index 100% rename from nixos/pkgs/plex-pass/default.nix rename to pkgs/plex-pass/default.nix diff --git a/nixos/pkgs/plex-pass/raw.nix b/pkgs/plex-pass/raw.nix similarity index 100% rename from nixos/pkgs/plex-pass/raw.nix rename to pkgs/plex-pass/raw.nix diff --git a/nixos/pkgs/plex-pass/sources.json b/pkgs/plex-pass/sources.json similarity index 100% rename from nixos/pkgs/plex-pass/sources.json rename to pkgs/plex-pass/sources.json diff --git a/nixos/pkgs/plex-pass/update.sh b/pkgs/plex-pass/update.sh similarity index 100% rename from nixos/pkgs/plex-pass/update.sh rename to pkgs/plex-pass/update.sh diff --git a/nixos/pkgs/roundcube-swipe/default.nix b/pkgs/roundcube-swipe/default.nix similarity index 100% rename from nixos/pkgs/roundcube-swipe/default.nix rename to pkgs/roundcube-swipe/default.nix diff --git a/nixos/pkgs/vscode-extensions/platformio.nix b/pkgs/vscode-extensions/platformio.nix similarity index 100% rename from nixos/pkgs/vscode-extensions/platformio.nix rename to pkgs/vscode-extensions/platformio.nix diff --git a/renovate.json b/renovate.json deleted file mode 100644 index 7190a60b..00000000 --- a/renovate.json +++ /dev/null @@ -1,3 +0,0 @@ -{ - "$schema": "https://docs.renovatebot.com/renovate-schema.json" -}