diff --git a/.forgejo/workflows/plex_update.yml b/.forgejo/workflows/plex_update.yml new file mode 100644 index 00000000..c73ba489 --- /dev/null +++ b/.forgejo/workflows/plex_update.yml @@ -0,0 +1,38 @@ +name: Plex Update + +on: + push: + branches: + - main + - ci + schedule: + - cron: '0 0 * * *' + +jobs: + update: + runs-on: docker + container: + image: ghcr.io/catthehacker/ubuntu:js-20.04 + steps: + - uses: actions/checkout@v3 + - uses: https://github.com/cachix/install-nix-action@v22 + with: + nix_path: nixpkgs=channel:nixos-unstable + - env: + VAULT_ADDR: ${{ secrets.VAULT_ADDR }} + VAULT_TOKEN: ${{ secrets.VAULT_TOKEN }} + NIXPKGS_ALLOW_UNFREE: 1 + run: | + git config user.name "Forgejo Actions Bot" + git config user.email "<>" + + # Run Update script + ./nixos/pkgs/plex-pass/update.sh + + git add ./nixos/pkgs/plex-pass/ + + # Push if changed + if git status ./nixos/pkgs/plex-pass/ | grep -q "to be committed"; then + git commit -m "Update Plex" + git push origin main + fi diff --git a/assets/wallpaper-nix-pink.png b/assets/wallpaper-nix-pink.png deleted file mode 100644 index e8a88d78..00000000 Binary files a/assets/wallpaper-nix-pink.png and /dev/null differ diff --git a/common/desktop/home.nix b/common/desktop/home.nix deleted file mode 100644 index 67bce461..00000000 --- a/common/desktop/home.nix +++ /dev/null @@ -1,125 +0,0 @@ -{ - pkgs, - inputs, - config, - ... -}: -let - tex = pkgs.texlive.combine { - inherit (pkgs.texlive) scheme-full; - }; - my-python-packages = - ps: with ps; [ - cryptography - flask - ipwhois - numpy - pandas - pyasn - pyshark - requests - scapy - z3-solver - ]; -in -{ - home.packages = with pkgs; [ - (python3.withPackages my-python-packages) - btop - calibre - celluloid # video player - # cinny-desktop - comma - discord - element-desktop - firefox - foliate # epub reader - gcc - jellyfin-media-player - krita - neofetch - nicotine-plus - nixpkgs-review - qmk - signal-desktop - solo2-cli - spotify - unzip - yt-dlp - - (lib.hiPrio ( - pkgs.writeShellScriptBin "obsidian" '' - unset WAYLAND_DISPLAY - ${pkgs.obsidian}/bin/obsidian - '' - )) - ]; - # Enable my own hm modules - themes.v.catppuccin.enable = true; - programs = { - v = { - vscode.enable = true; - nvim.enable = true; - rust.enable = true; - }; - - zed-editor = { - enable = true; - }; - - # firefox.enable = true; - - chromium = { - enable = true; - extensions = [ - { id = "cjpalhdlnbpafiamejdnhcphjbkeiagm"; } # ublock origin - { id = "nngceckbapebfimnlniiiahkandclblb"; } # bitwarden - ]; - }; - - direnv = { - enable = true; - nix-direnv.enable = true; - }; - - zsh = { - enable = true; - sessionVariables = { - DIRENV_LOG_FORMAT = ""; - }; - }; - - kitty = { - enable = true; - shellIntegration.enableZshIntegration = true; - }; - }; - - xdg.autoStart = { - packages = with pkgs; [ - element-desktop - signal-desktop - firefox - discord - ]; - }; - - # Syncthing - services.syncthing.enable = true; - xdg.userDirs = - let - home = config.home.homeDirectory; - in - { - enable = true; - createDirectories = true; - desktop = "${home}/.desktop"; - documents = "${home}/cloud/Documents"; - download = "${home}/dl"; - music = "${home}/cloud/Music"; - pictures = "${home}/cloud/Pictures"; - publicShare = "${home}/.publicShare"; - templates = "${home}/.templates"; - videos = "${home}/cloud/Videos"; - }; -} diff --git a/common/hm-modules/catppuccin/default.nix b/common/hm-modules/catppuccin/default.nix deleted file mode 100644 index 5a240bc6..00000000 --- a/common/hm-modules/catppuccin/default.nix +++ /dev/null @@ -1,62 +0,0 @@ -{ - config, - pkgs, - lib, - ... -}: -with lib; -let - cfg = config.themes.v.catppuccin; -in -{ - options.themes.v.catppuccin = { - enable = mkEnableOption "catppuccin"; - }; - config = mkIf cfg.enable { - catppuccin = { - enable = true; - flavor = "frappe"; - accent = "pink"; - - waybar.enable = false; - - mako.enable = false; - rofi.enable = true; - - hyprland.enable = true; - kitty.enable = true; - - kvantum.enable = true; - }; - - # home.pointerCursor = { - # name = "Bibata_Ghost"; - # size = 24; - # package = pkgs.bibata-cursors-translucent; - # }; - - programs.kitty = { - # themeFile = "Catppuccin-Frappe"; - font.name = "DejaVuSansMono Nerd Font"; - }; - - gtk = { - enable = true; - # iconTheme = { - # name = "Papirus-Dark"; - # package = pkgs.papirus-icon-theme.override { color = "violet"; }; - # }; - # cursorTheme = { - # inherit (config.home.pointerCursor) name package size; - # }; - }; - - qt = { - enable = true; - # platformTheme = "qtct"; - style.name = "kvantum"; - platformTheme.name = "kvantum"; - }; - - }; -} diff --git a/common/hm-modules/default.nix b/common/hm-modules/default.nix deleted file mode 100644 index aabb18cb..00000000 --- a/common/hm-modules/default.nix +++ /dev/null @@ -1,10 +0,0 @@ -{ ... }: -{ - imports = [ - ./catppuccin - ./nvim - ./vscode.nix - ./git.nix - ./rust.nix - ]; -} diff --git a/common/hm-modules/nvim/default.nix b/common/hm-modules/nvim/default.nix deleted file mode 100644 index c64f1fc0..00000000 --- a/common/hm-modules/nvim/default.nix +++ /dev/null @@ -1,225 +0,0 @@ -{ - config, - pkgs, - lib, - ... -}: -let - cfg = config.programs.v.nvim; -in -with lib; -{ - options.programs.v.nvim = { - enable = mkEnableOption "nvim"; - }; - config = mkIf cfg.enable { - home.packages = with pkgs; [ fd ]; - home.file.".config/nvim/lua".source = ./lua; - programs.nixvim = - { helpers, ... }: - { - enable = true; - - imports = [ - ./keybinds.nix - ./lsp.nix - ]; - - package = pkgs.neovim-unwrapped; - vimAlias = true; - luaLoader.enable = true; - - performance = { - # byteCompileLua.enable = true; - # combinePlugins.enable = true; - }; - - globals.mapleader = " "; - - opts = { - number = true; - conceallevel = 2; - expandtab = true; - tabstop = 2; - - shiftwidth = 2; - smartindent = true; - - title = true; - - spell = true; - spelllang = "en_gb"; - }; - - clipboard.providers.wl-copy.enable = true; - - extraPlugins = with pkgs.vimPlugins; [ - FixCursorHold-nvim - ]; - - extraConfigLua = ""; - - colorschemes.catppuccin = { - enable = true; - settings.flavour = "frappe"; - }; - - plugins = { - nvim-surround.enable = true; - - zen-mode = { - enable = true; - settings = { - window.options = { - number = false; - }; - }; - }; - - # codecompanion = { - # enable = true; - # - # }; - - vimwiki = { - enable = true; - settings = { - list = [ - { - ext = ".md"; - path = "~/cloud/Notes/"; - syntax = "markdown"; - } - ]; - }; - }; - - image = { - enable = false; - settings.backend = "kitty"; - }; - web-devicons.enable = true; - bufferline.enable = true; - nix.enable = true; - luasnip.enable = true; - startup = { - enable = true; - theme = "my_theme"; - }; - obsidian = { - enable = false; - settings = { - new_notes_location = "notes_subdir"; - notes_subdir = "Unsorted"; - daily_notes = { - folder = "Diary/Daily"; - }; - workspaces = [ - { - name = "notes"; - path = "~/cloud/Notes"; - } - ]; - completion = { - min_chars = 2; - nvim_cmp = true; - }; - picker.name = "telescope.nvim"; - }; - }; - fidget = { - enable = true; - settings = { - progress = { - ignore = [ "ltex" ]; - display.done_ttl = 5; - }; - notification = { - override_vim_notify = true; - }; - }; - }; - neotest = { - enable = true; - adapters = { - plenary.enable = true; - python.enable = true; - rust = { - enable = true; - settings.args = [ "--no-capture" ]; - }; - }; - }; - treesitter = { - enable = true; - nixGrammars = true; - settings = { - highlight.enable = true; - incremental_selection.enable = true; - indent.enable = true; - }; - }; - - # Git - committia.enable = true; - gitsigns.enable = true; - - lualine = { - enable = true; - settings.options.theme = "catppuccin"; - }; - - oil = { - enable = true; - }; - - telescope = { - enable = true; - settings.defaults.preview.ls_short = true; - extensions.file-browser = { - enable = true; - settings = { - hijack_netrw = true; - dir_icon = ""; - }; - }; - extensions.fzf-native.enable = true; - extensions.fzf-native.settings.fuzzy = true; - extensions.frecency.enable = true; - extensions.ui-select.enable = true; - }; - comment.enable = true; - vimtex.enable = false; - typst-preview.enable = true; - floaterm.enable = true; - cmp = { - enable = true; - autoEnableSources = true; - settings = { - cmdline.":".sources = [ { name = "path"; } ]; - snippet.expand = "function(args) require('luasnip').lsp_expand(args.body) end"; - mapping = { - "" = "cmp.mapping(cmp.mapping.select_prev_item(), {'i', 's'})"; - "" = "cmp.mapping(cmp.mapping.select_next_item(), {'i', 's'})"; - "" = "cmp.mapping.confirm({ select = true })"; - "" = "cmp.mapping.complete()"; - "" = "cmp.mapping.close()"; - }; - sources = [ - { name = "nvim_lsp_signature_help"; } - { name = "path"; } - { name = "spell"; } - { - name = "buffer"; - # Words from other open buffers can also be suggested. - option.get_bufnrs.__raw = "vim.api.nvim_list_bufs"; - } - { name = "nvim_lsp"; } - { name = "luasnip"; } - ]; - }; - }; - }; - }; - }; -} diff --git a/common/hm-modules/nvim/keybinds.nix b/common/hm-modules/nvim/keybinds.nix deleted file mode 100644 index 132fe248..00000000 --- a/common/hm-modules/nvim/keybinds.nix +++ /dev/null @@ -1,195 +0,0 @@ -{ helpers, ... }: -{ - keymaps = with helpers; [ - # Disable arrow keys - { - mode = "n"; - key = ""; - action = ""; - } - { - mode = "n"; - key = ""; - action = ""; - } - { - mode = "n"; - key = ""; - action = ""; - } - { - mode = "n"; - key = ""; - action = ""; - } - # General - { - mode = "n"; - key = ""; - action = ":noh"; - } - # Telescope - { - mode = "n"; - key = "ff"; - action = ":Telescope find_files"; - } - { - mode = "n"; - key = "fs"; - action = ":Telescope lsp_dynamic_workspace_symbols"; - } - { - mode = "n"; - key = "fg"; - action = mkRaw "require('telescope.builtin').live_grep"; - } - { - mode = "n"; - key = "fb"; - action = ":Telescope buffers"; - } - { - mode = "n"; - key = "fo"; - action = ":Telescope oldfiles"; - } - { - mode = "n"; - key = "fr"; - action = ":Telescope frecency"; - } - { - mode = "n"; - key = "zf"; - action = ":Telescope spell_suggest"; - } - # { - # mode = "n"; - #key = "ob"; - # action = mkRaw "require('obsidian_picker').obsidian_picker"; - #} - # Commenting - { - mode = "n"; - key = ""; - action = mkRaw "require('Comment.api').toggle.linewise.current"; - } - { - mode = "x"; - key = ""; - action = mkRaw '' - function() - local esc = vim.api.nvim_replace_termcodes( - '', true, false, true - ) - vim.api.nvim_feedkeys(esc, 'nx', false) - require('Comment.api').toggle.linewise(vim.fn.visualmode()) - end - ''; - } - # Float Term - { - mode = "n"; - key = "t"; - action = ":FloatermToggle myfloat"; - } - { - mode = "t"; - key = ""; - action = mkRaw "function() vim.cmd(':FloatermToggle myfloat') end"; - } - # Switch buffers - { - mode = "n"; - key = "q"; - action = ":bd"; # Delete buffer - } - { - mode = "n"; - key = "s"; - action = ":bn"; # Buffer next - } - { - mode = "n"; - key = "a"; - action = ":bp"; # Buffer previous - } - # Change Indenting - { - mode = "i"; - key = ""; - action = "<<"; - } - { - mode = "n"; - key = ""; - action = "<<_"; - } - { - mode = "n"; - key = ""; - action = ">>_"; - } - { - mode = "v"; - key = ""; - action = ">gv"; - } - { - mode = "v"; - key = ""; - action = "rn" = "rename"; - "g=" = "format"; - }; - diagnostic = { - "j" = "goto_next"; - "k" = "goto_prev"; - }; - }; - servers = { - cssls.enable = true; - nil_ls.enable = true; # NixOS - dockerls.enable = true; - rust_analyzer = { - enable = false; - installCargo = false; - installRustc = false; - }; - # pyright.enable = true; - # pylsp = { - # enable = true; - # settings.plugins = { - # black = { - # enabled = true; - # cache_config = true; - # }; - # pycodestyle = { - # maxLineLength = 100; - # }; - # }; - # }; - elixirls.enable = true; - clangd.enable = true; - yamlls.enable = true; - lua_ls.enable = true; - tinymist = { - enable = true; - rootMarkers = [ "main.typ" ]; - onAttach.function = '' - vim.keymap.set("n", "tp", function() - client:exec_cmd({ - title = "pin", - command = "tinymist.pinMain", - arguments = { vim.api.nvim_buf_get_name(0) }, - }, { bufnr = bufnr }) - end, { desc = "[T]inymist [P]in", noremap = true }) - - vim.keymap.set("n", "tu", function() - client:exec_cmd({ - title = "unpin", - command = "tinymist.pinMain", - arguments = { vim.v.null }, - }, { bufnr = bufnr }) - end, { desc = "[T]inymist [U]npin", noremap = true }) - ''; - settings = { - formatterMode = "typstyle"; # or "typstfmt" - - }; - }; - }; - }; - - trouble.enable = true; - lspkind.enable = true; - lspsaga = { - enable = true; - lightbulb.enable = false; - }; - nvim-lightbulb = { - enable = true; - settings = { - autocmd.enabled = true; - number.enabled = true; - }; - }; - - none-ls = { - enable = true; - sources = { - formatting = { - nixfmt = { - enable = true; - package = pkgs.nixfmt-rfc-style; - }; - }; - }; - }; - }; -} diff --git a/common/hm-modules/nvim/lua/obsidian_picker.lua b/common/hm-modules/nvim/lua/obsidian_picker.lua deleted file mode 100644 index 94a38a81..00000000 --- a/common/hm-modules/nvim/lua/obsidian_picker.lua +++ /dev/null @@ -1,48 +0,0 @@ -local pickers = require "telescope.pickers" -local finders = require "telescope.finders" -local conf = require("telescope.config").values -local actions = require("telescope.actions") -local action_state = require("telescope.actions.state") - -local obsidian_commands = require("obsidian.commands").commands -local results = {} -for key, _ in pairs(obsidian_commands) do - table.insert(results, string.sub(key, 9)) -end - -Local = 100 -local Local = 3 -print(Local) - -local obsidian_picker = function(opts) - opts = opts or require("telescope.themes").get_dropdown{} - pickers.new(opts, { - prompt_title = "Obsidian", - finder = finders.new_table { - results = results, - -- entry_maker = function(entry) - -- return { - -- value = entry, - -- display = entry[1], - -- ordinal = entry[1], - -- } - -- end - }, - sorter = conf.generic_sorter(opts), - attach_mappings = function(prompt_bufnr, map) - actions.select_default:replace(function() - actions.close(prompt_bufnr) - local selection = action_state.get_selected_entry() - vim.cmd(':Obsidian' .. selection[1]) - end) - return true - end, - }):find() -end - --- obsidian_picker() - -return { - obsidian_picker = obsidian_picker -} - diff --git a/common/hm-modules/nvim/lua/startup/themes/my_theme.lua b/common/hm-modules/nvim/lua/startup/themes/my_theme.lua deleted file mode 100644 index 39501133..00000000 --- a/common/hm-modules/nvim/lua/startup/themes/my_theme.lua +++ /dev/null @@ -1,75 +0,0 @@ -local settings = { - -- every line should be same width without escaped \ - header = { - type = "text", - oldfiles_directory = false, - align = "center", - fold_section = false, - title = "Header", - margin = 5, - content = { - " ███╗ ██╗ ███████╗ ██████╗ ██╗ ██╗ ██╗ ███╗ ███╗", - " ████╗ ██║ ██╔════╝██╔═══██╗ ██║ ██║ ██║ ████╗ ████║", - " ██╔██╗ ██║ █████╗ ██║ ██║ ██║ ██║ ██║ ██╔████╔██║", - " ██║╚██╗██║ ██╔══╝ ██║ ██║ ╚██╗ ██╔╝ ██║ ██║╚██╔╝██║", - " ██║ ╚████║ ███████╗╚██████╔╝ ╚████╔╝ ██║ ██║ ╚═╝ ██║", - " ╚═╝ ╚═══╝ ╚══════╝ ╚═════╝ ╚═══╝ ╚═╝ ╚═╝ ╚═╝", - }, - highlight = "Statement", - default_color = "", - oldfiles_amount = 0, - }, - -- name which will be displayed and command - body = { - type = "mapping", - oldfiles_directory = false, - align = "center", - fold_section = false, - title = "Basic Commands", - margin = 5, - content = { - { " Find File", "Telescope find_files", "ff"}, - { "󰍉 Find Word ", "Telescope live_grep", "fg"}, - { " Recent Files", "Telescope oldfiles", "fo"}, - { " File Browser", "Telescope file_browser", "fs"}, - { " New File", "lua require'startup'.new_file()", "nf"}, - }, - highlight = "String", - default_color = "", - oldfiles_amount = 0, - }, - footer = { - type = "text", - oldfiles_directory = false, - align = "center", - fold_section = false, - title = "Footer", - margin = 5, - content = { "bottom text" }, - highlight = "Number", - default_color = "", - oldfiles_amount = 0, - }, - - options = { - mapping_keys = true, - cursor_column = 0.5, - empty_lines_between_mappings = true, - disable_statuslines = true, - paddings = { 1, 3, 3, 0 }, - }, - mappings = { - execute_command = "", - open_file = "o", - open_file_split = "", - open_section = "", - open_help = "?", - }, - colors = { - background = "#1f2227", - folded_section = "#56b6c2", - }, - parts = { "header", "body", "footer" }, -} -return settings - diff --git a/common/hm-modules/nvim/obsidian_picker.lua b/common/hm-modules/nvim/obsidian_picker.lua deleted file mode 100644 index 0a2276d1..00000000 --- a/common/hm-modules/nvim/obsidian_picker.lua +++ /dev/null @@ -1,35 +0,0 @@ -local pickers = require "telescope.pickers" -local finders = require "telescope.finders" -local conf = require("telescope.config").values -local actions = require("telescope.actions") -local action_state = require("telescope.actions.state") - -local obsidian_commands = require("obsidian.commands").commands -local results = {} -for key, _ in pairs(obsidian_commands) do - table.insert(results, string.sub(key, 9)) -end - -local obsidian_picker = function(opts) - opts = opts or require("telescope.themes").get_dropdown {} - pickers.new(opts, { - prompt_title = "Obsidian", - finder = finders.new_table { - results = results, - }, - sorter = conf.generic_sorter(opts), - attach_mappings = function(prompt_bufnr, map) - actions.select_default:replace(function() - actions.close(prompt_bufnr) - local selection = action_state.get_selected_entry() - vim.cmd(':Obsidian' .. selection[1]) - end) - return true - end, - }):find() -end - - -return { - obsidian_picker = obsidian_picker -} diff --git a/common/hm-modules/rust.nix b/common/hm-modules/rust.nix deleted file mode 100644 index bd258845..00000000 --- a/common/hm-modules/rust.nix +++ /dev/null @@ -1,41 +0,0 @@ -{ - pkgs, - lib, - config, - ... -}: -with lib; -let - cfg = config.programs.v.rust; -in -{ - options.programs.v.rust.enable = mkEnableOption "rust"; - - config = mkIf cfg.enable { - home = { - packages = with pkgs; [ - bacon - rustup - cargo-binutils - cargo-nextest - cargo-msrv - cargo-dist - cargo-cross - cargo-generate - ]; - - file.".cargo/config.toml".text = '' - [registries.crates-io] - protocol = "sparse" - - [build] - rustc-wrapper = "${pkgs.sccache}/bin/sccache" - - [profile.rust-analyzer] - inherits = "dev" - ''; - - sessionPath = [ "$HOME/.cargo/bin" ]; - }; - }; -} diff --git a/common/hm-modules/vscode.nix b/common/hm-modules/vscode.nix deleted file mode 100644 index 50f495df..00000000 --- a/common/hm-modules/vscode.nix +++ /dev/null @@ -1,115 +0,0 @@ -{ - config, - pkgs, - lib, - ... -}: -with lib; -let - cfg = config.programs.v.vscode; -in -{ - options.programs.v.vscode = { - enable = mkEnableOption "vscode"; - }; - config = mkIf cfg.enable { - programs.vscode = { - enable = true; - package = pkgs.vscode; - profiles.default = { - userSettings = { - "ltex.language" = "en-GB"; - "latex-workshop.linting.chktex.enabled" = true; - "latex-workshop.latex.clean.subfolder.enabled" = true; - "latex-workshop.latex.outDir" = "%TMPDIR%/%RELATIVE_DOC%"; - "editor.fontFamily" = "'DejaVuSansMono Nerd Font', 'monospace', monospace"; - "keyboard.dispatch" = "keyCode"; - "rust-analyzer.server.path" = "${pkgs.rust-analyzer}/bin/rust-analyzer"; - "rust-analyzer.check.extraArgs" = [ - "--profile" - "rust-analyzer" - ]; - "rust-analyzer.check.command" = "clippy"; - "terminal.integrated.defaultProfile.linux" = "zsh"; - "nix.enableLanguageServer" = true; # Enable LSP. - "nix.serverPath" = "${pkgs.nil}/bin/nil"; - "[nix]" = { - "editor.defaultFormatter" = "brettm12345.nixfmt-vscode"; - }; - "[python]" = { - "editor.formatOnType" = true; - }; - "debug.allowBreakpointsEverywhere" = true; - "C_Cpp.clang_format_fallbackStyle" = "{ BasedOnStyle: Google, IndentWidth: 4, ColumnLimit: 0}"; - # "crates.compatibleDecorator" = "✓"; - # "crates.errorDecorator" = "✗"; - # "crates.incompatibleDecorator" = "🛇"; - - # Verilog - "verilog.formatting.verilogHDL.formatter" = "verible-verilog-format"; - "verilog.languageServer.svls.enabled" = true; - "verilog.languageServer.svls.path" = "${pkgs.svls}/bin/svls"; - "verilog.languageServer.veribleVerilogLs.enabled" = true; - "verilog.languageServer.veribleVerilogLs.path" = "${pkgs.verible}/bin/verible-verilog-ls"; - "verilog.formatting.veribleVerilogFormatter.path" = "${pkgs.verible}/bin/verible-verilog-format"; - "verilog.linting.linter" = "verilator"; - "verilog.linting.path" = "${pkgs.verilator}/bin/verilator"; - "[verilog]" = { - "editor.defaultFormatter" = "mshr-h.veriloghdl"; - }; - - # Don't index unecessary things - "files.exclude" = { - "**/.vscode" = true; - "**/.git" = true; - "**/.svn" = true; - "**/.hg" = true; - "**/.deps" = true; - "**/CVS" = true; - "**/.DS_Store" = true; - "/bin" = true; - "/boot" = true; - "/cdrom" = true; - "/dev" = true; - "/proc" = true; - "/etc" = true; - "/nix" = true; - }; - }; - extensions = with pkgs.vscode-extensions; [ - brettm12345.nixfmt-vscode - # catppuccin.catppuccin-vsc - codezombiech.gitignore - codezombiech.gitignore - davidlday.languagetool-linter - editorconfig.editorconfig - foxundermoon.shell-format - github.copilot - github.copilot-chat - github.vscode-github-actions - james-yu.latex-workshop - jnoortheen.nix-ide - mkhl.direnv - ms-vscode-remote.remote-ssh - ms-vscode.cpptools - ms-vsliveshare.vsliveshare - mshr-h.veriloghdl - # platformio.platformio-ide - redhat.vscode-xml - redhat.vscode-yaml - rust-lang.rust-analyzer - skellock.just - sumneko.lua - tamasfe.even-better-toml - vadimcn.vscode-lldb - vadimcn.vscode-lldb - valentjn.vscode-ltex - vscodevim.vim - xaver.clang-format - continue.continue - ]; - }; - }; - - }; -} diff --git a/common/modules/default.nix b/common/modules/default.nix deleted file mode 100644 index a9acf0a0..00000000 --- a/common/modules/default.nix +++ /dev/null @@ -1,11 +0,0 @@ -{ ... }: { - imports = [ - ./meta.nix - ./nginx.nix - ./dns.nix - ./flood.nix - ./gnome - ./unpackerr.nix - ./vault.nix - ]; -} diff --git a/common/modules/gnome/hm.nix b/common/modules/gnome/hm.nix deleted file mode 100644 index b9c0054b..00000000 --- a/common/modules/gnome/hm.nix +++ /dev/null @@ -1,166 +0,0 @@ -{ lib, pkgs, ... }: - -with lib.hm.gvariant; -let - inherit (builtins) attrNames map; - inherit (lib.attrsets) mapAttrs' nameValuePair; - generate_custom_keybindings = - binds: - { - "org/gnome/settings-daemon/plugins/media-keys" = { - custom-keybindings = map ( - name: "/org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/${name}/" - ) (attrNames binds); - }; - } - // mapAttrs' ( - name: nameValuePair "org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/${name}" - ) binds; -in -{ - xdg.mimeApps.enable = true; - xdg.mimeApps.defaultApplications = { - "text/plain" = "org.gnome.TextEditor.desktop"; - "application/pdf" = "org.gnome.Evince.desktop"; - - # Firefox - "text/html" = "firefox.desktop"; - "x-scheme-handler/http" = "firefox.desktop"; - "x-scheme-handler/https" = "firefox.desktop"; - "x-scheme-handler/chrome" = "firefox.desktop"; - "application/x-extension-htm" = "firefox.desktop"; - "application/x-extension-shtml" = "firefox.desktop"; - "application/xhtml+xml" = "firefox.desktop"; - "application/x-extension-xhtml" = "firefox.desktop"; - "application/x-extension-xht" = "firefox.desktop"; - "application/x-extension-html" = "firefox.desktop"; - - # Images - "image/bmp" = "org.gnome.Loupe.desktop"; - "image/gif" = "org.gnome.Loupe.desktop"; - "image/jpg" = "org.gnome.Loupe.desktop"; - "image/pjpeg" = "org.gnome.Loupe.desktop"; - "image/png" = "org.gnome.Loupe.desktop"; - "image/tiff" = "org.gnome.Loupe.desktop"; - "image/webp" = "org.gnome.Loupe.desktop"; - "image/x-bmp" = "org.gnome.Loupe.desktop"; - "image/x-gray" = "org.gnome.Loupe.desktop"; - "image/x-icb" = "org.gnome.Loupe.desktop"; - "image/x-ico" = "org.gnome.Loupe.desktop"; - "image/x-png" = "org.gnome.Loupe.desktop"; - "image/x-portable-anymap" = "org.gnome.Loupe.desktop"; - "image/x-portable-bitmap" = "org.gnome.Loupe.desktop"; - "image/x-portable-graymap" = "org.gnome.Loupe.desktop"; - "image/x-portable-pixmap" = "org.gnome.Loupe.desktop"; - "image/x-xbitmap" = "org.gnome.Loupe.desktop"; - "image/x-xpixmap" = "org.gnome.Loupe.desktop"; - "image/x-pcx" = "org.gnome.Loupe.desktop"; - "image/svg+xml" = "org.gnome.Loupe.desktop"; - "image/svg+xml-compressed" = "org.gnome.Loupe.desktop"; - "image/vnd.wap.wbmp" = "org.gnome.Loupe.desktop"; - "image/x-icns" = "org.gnome.Loupe.desktop"; - }; - - dconf.settings = - { - - "org/gnome/shell" = { - disable-user-extensions = false; - enabled-extensions = with pkgs.gnomeExtensions; [ - auto-move-windows.extensionUuid - ]; - }; - - # "org/gnome/shell/extensions/auto-move-windows" = { - # application-list = [ - # "element-desktop.desktop:1" - # "discord.desktop:1" - # "firefox.desktop:2" - # "obsidian.desktop:3" - # ]; - # }; - - "org/gnome/desktop/input-sources" = { - sources = [ - (mkTuple [ - "xkb" - "us+altgr-intl" - ]) - ]; - xkb-options = [ "terminate:ctrl_alt_bksp" ]; - }; - - "org/gnome/desktop/peripherals/touchpad" = { - tap-to-click = true; - two-finger-scrolling-enabled = true; - }; - - "org/gnome/mutter" = { - attach-modal-dialogs = true; - dynamic-workspaces = false; - edge-tiling = true; - focus-change-on-pointer-rest = true; - workspaces-only-on-primary = true; - }; - - "org/gnome/mutter/keybindings" = { - toggle-tiled-left = [ "bracketleft" ]; - toggle-tiled-right = [ "bracketright" ]; - }; - - "org/gnome/shell/keybindings" = { - toggle-overview = [ "d" ]; - }; - - "org/gnome/desktop/interface" = { - color-scheme = "prefer-dark"; - }; - - "org/gnome/desktop/wm/preferences" = { - auto-raise = false; - num-workspaces = 6; - focus-mode = "sloppy"; - }; - - "org/gnome/desktop/wm/keybindings" = { - raise-or-lower = [ "s" ]; - switch-applications = [ "Tab" ]; - switch-applications-backward = [ "Tab" ]; - move-to-workspace-1 = [ "1" ]; - move-to-workspace-2 = [ "2" ]; - move-to-workspace-3 = [ "3" ]; - move-to-workspace-4 = [ "4" ]; - move-to-workspace-5 = [ "5" ]; - move-to-workspace-6 = [ "6" ]; - switch-to-workspace-1 = [ "1" ]; - switch-to-workspace-2 = [ "2" ]; - switch-to-workspace-3 = [ "3" ]; - switch-to-workspace-4 = [ "4" ]; - switch-to-workspace-5 = [ "5" ]; - switch-to-workspace-6 = [ "6" ]; - toggle-fullscreen = [ "M" ]; - toggle-maximized = [ "m" ]; - close = [ "Q" ]; - }; - - "org/gnome/tweaks" = { - show-extensions-notice = false; - }; - - "org/gnome/boxes" = { - first-run = false; - }; - } - // generate_custom_keybindings { - "terminal" = { - binding = "Return"; - command = "${pkgs.kitty}/bin/kitty"; - name = "Open Terminal"; - }; - "firefox" = { - binding = "f"; - command = "firefox"; - name = "Open Firefox"; - }; - }; -} diff --git a/common/modules/meta.nix b/common/modules/meta.nix deleted file mode 100644 index 847c2e28..00000000 --- a/common/modules/meta.nix +++ /dev/null @@ -1,89 +0,0 @@ -{ lib, config, ... }: -with lib; -let - exposesOpts = { - options = { - domain = mkOption { - type = types.str; - example = ".example.com"; - description = lib.mdDoc '' - The domain under which this service should be available - ''; - }; - port = mkOption { - type = types.int; - default = 80; - example = 4242; - description = lib.mdDoc '' - The port under which the service runs on the host - ''; - }; - }; - }; -in { - options.meta = { - exposes = mkOption { - type = with types; attrsOf (submodule exposesOpts); - default = { }; - description = '' - Exposed services - ''; - }; - - ipv4 = mkOption { - type = types.nullOr types.str; - default = null; - description = lib.mdDoc '' - Host's IPv4 Address - ''; - }; - - ipv6 = mkOption { - type = types.nullOr types.str; - default = null; - description = lib.mdDoc '' - Host's IPv6 address - ''; - }; - - mac = mkOption { - type = types.nullOr types.str; - default = null; - description = lib.mdDoc '' - Own MAC Address - ''; - }; - - isLaptop = mkOption { - type = types.bool; - default = false; - description = lib.mdDoc '' - Is this host a Laptop (i.e. no DNS entries should be made). - ''; - }; - - realm = mkOption { - readOnly = true; - type = types.nullOr (types.enum [ "thalassa" "hades" "olympus" ]); - default = config.networking.domain; - defaultText = literalExpression "config.network.domain"; - }; - }; - - config = { - # TODO: Open Firewall - - assertions = [ - # { - # assertion = config.meta.mac != null; - # message = - # "${config.networking.fqdnOrHostName} is missing a mac address"; - # } - # { - # assertion = !config.meta.isLaptop -> config.meta.ipv4 != null; - # message = - # "${config.networking.fqdnOrHostName} needs ipv4 address set as it is not a laptop"; - # } - ]; - }; -} diff --git a/flake.lock b/flake.lock index 2aa9448b..8bcecbf9 100644 --- a/flake.lock +++ b/flake.lock @@ -1,42 +1,43 @@ { "nodes": { - "attic": { + "alejandra": { "inputs": { - "crane": "crane", - "flake-compat": "flake-compat", - "flake-parts": "flake-parts", - "nix-github-actions": "nix-github-actions", + "fenix": "fenix_2", + "flakeCompat": "flakeCompat", "nixpkgs": [ + "webcord", + "dream2nix", "nixpkgs" - ], - "nixpkgs-stable": "nixpkgs-stable" + ] }, "locked": { - "lastModified": 1755378195, - "narHash": "sha256-cKw1bfEwW+pQWsvzOAe0GfsSNXTSFS+5MYcZFQB5dFc=", - "owner": "zhaofengli", - "repo": "attic", - "rev": "c1cfee9b63e48d9cee18e538ca32f1721078de91", + "lastModified": 1658427149, + "narHash": "sha256-ToD/1z/q5VHsLMrS2h96vjJoLho59eNRtknOUd19ey8=", + "owner": "kamadorueda", + "repo": "alejandra", + "rev": "f5a22afd2adfb249b4e68e0b33aa1f0fb73fb1be", "type": "github" }, "original": { - "owner": "zhaofengli", - "repo": "attic", + "owner": "kamadorueda", + "repo": "alejandra", "type": "github" } }, - "autostart": { + "all-cabal-json": { + "flake": false, "locked": { - "lastModified": 1723314998, - "narHash": "sha256-BwP56CHfU3P7ZHr2SzAEjF3uveiN1dZ5hFHTzRLS/WI=", - "owner": "Zocker1999NET", - "repo": "home-manager-xdg-autostart", - "rev": "4d1def4a330d6812fe18be140781e94003c3cc0a", + "lastModified": 1665552503, + "narHash": "sha256-r14RmRSwzv5c+bWKUDaze6pXM7nOsiz1H8nvFHJvufc=", + "owner": "nix-community", + "repo": "all-cabal-json", + "rev": "d7c0434eebffb305071404edcf9d5cd99703878e", "type": "github" }, "original": { - "owner": "Zocker1999NET", - "repo": "home-manager-xdg-autostart", + "owner": "nix-community", + "ref": "hackage", + "repo": "all-cabal-json", "type": "github" } }, @@ -56,38 +57,20 @@ "type": "gitlab" } }, - "catppuccin": { - "inputs": { - "nixpkgs": "nixpkgs" - }, - "locked": { - "lastModified": 1755511413, - "narHash": "sha256-cBBF+nwGrSroN6ZewHPFaSThyCvwBxSZMdYEH8DxDx8=", - "owner": "catppuccin", - "repo": "nix", - "rev": "ca11a19d4e1d2ba5e6162f40cb71288551fd51dd", - "type": "github" - }, - "original": { - "owner": "catppuccin", - "repo": "nix", - "type": "github" - } - }, "colmena": { "inputs": { - "flake-compat": "flake-compat_2", + "flake-compat": "flake-compat", "flake-utils": "flake-utils", - "nix-github-actions": "nix-github-actions_2", - "nixpkgs": "nixpkgs_2", + "nix-github-actions": "nix-github-actions", + "nixpkgs": "nixpkgs", "stable": "stable" }, "locked": { - "lastModified": 1755272288, - "narHash": "sha256-ypTPb2eKcOBbOoyvPV0j4ZOXs4kayo73/2KI456QnE0=", + "lastModified": 1746816769, + "narHash": "sha256-ymQzXrfHVT8/RJiGbfrNjEeuzXQan46lUJdxEhgivdM=", "owner": "zhaofengli", "repo": "colmena", - "rev": "5bf4ce6a24adba74a5184f4a9bef01d545a09473", + "rev": "df694ee23be7ed7b2d8b42c245a640f0724eb06c", "type": "github" }, "original": { @@ -96,13 +79,34 @@ "type": "github" } }, + "comma": { + "inputs": { + "flake-compat": "flake-compat_2", + "naersk": "naersk", + "nixpkgs": "nixpkgs_2", + "utils": "utils" + }, + "locked": { + "lastModified": 1742411560, + "narHash": "sha256-a793QMuHjVB8YB8q595rlnXqlOHbuiI7ybbrB6kuJbw=", + "owner": "nix-community", + "repo": "comma", + "rev": "650c41b59b4ab16327ad0cdb995c3857b9583987", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "comma", + "type": "github" + } + }, "crane": { "locked": { - "lastModified": 1751562746, - "narHash": "sha256-smpugNIkmDeicNz301Ll1bD7nFOty97T79m4GUMUczA=", + "lastModified": 1746291859, + "narHash": "sha256-DdWJLA+D5tcmrRSg5Y7tp/qWaD05ATI4Z7h22gd1h7Q=", "owner": "ipetkov", "repo": "crane", - "rev": "aed2020fd3dc26e1e857d4107a5a67a33ab6c1fd", + "rev": "dfd9a8dfd09db9aad544c4d3b6c47b12562544a5", "type": "github" }, "original": { @@ -112,12 +116,13 @@ } }, "crane_2": { + "flake": false, "locked": { - "lastModified": 1754269165, - "narHash": "sha256-0tcS8FHd4QjbCVoxN9jI+PjHgA4vc/IjkUSp+N3zy0U=", + "lastModified": 1670284777, + "narHash": "sha256-JF0pc0s4z/X+Iy+lNHOwUQ8I5bz+q7uX4HrKTNIEj24=", "owner": "ipetkov", "repo": "crane", - "rev": "444e81206df3f7d92780680e45858e31d2f07a08", + "rev": "2243fb9c872de25cb564a02d324ea6a5b9853052", "type": "github" }, "original": { @@ -130,14 +135,14 @@ "inputs": { "flake-compat": "flake-compat_3", "nixpkgs": "nixpkgs_3", - "utils": "utils" + "utils": "utils_2" }, "locked": { - "lastModified": 1749105467, - "narHash": "sha256-hXh76y/wDl15almBcqvjryB50B0BaiXJKk20f314RoE=", + "lastModified": 1727447169, + "narHash": "sha256-3KyjMPUKHkiWhwR91J1YchF6zb6gvckCAY1jOE+ne0U=", "owner": "serokell", "repo": "deploy-rs", - "rev": "6bc76b872374845ba9d645a2f012b764fecd765f", + "rev": "aa07eb05537d4cd025e2310397a6adcedfe72c76", "type": "github" }, "original": { @@ -146,12 +151,59 @@ "type": "github" } }, + "devshell": { + "flake": false, + "locked": { + "lastModified": 1663445644, + "narHash": "sha256-+xVlcK60x7VY1vRJbNUEAHi17ZuoQxAIH4S4iUFUGBA=", + "owner": "numtide", + "repo": "devshell", + "rev": "e3dc3e21594fe07bdb24bdf1c8657acaa4cb8f66", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "devshell", + "type": "github" + } + }, + "dream2nix": { + "inputs": { + "alejandra": "alejandra", + "all-cabal-json": "all-cabal-json", + "crane": "crane_2", + "devshell": "devshell", + "flake-parts": "flake-parts_4", + "flake-utils-pre-commit": "flake-utils-pre-commit", + "ghc-utils": "ghc-utils", + "gomod2nix": "gomod2nix", + "mach-nix": "mach-nix", + "nix-pypi-fetcher": "nix-pypi-fetcher", + "nixpkgs": [ + "webcord", + "nixpkgs" + ], + "poetry2nix": "poetry2nix", + "pre-commit-hooks": "pre-commit-hooks" + }, + "locked": { + "lastModified": 1670715183, + "narHash": "sha256-l3OhVCCimrN1HFPfqfKAyzuMuPxNXZYLsI9w7AaQXv8=", + "owner": "nix-community", + "repo": "dream2nix", + "rev": "3d6f13ef9d4cb8c41bc83383bbec3e74865ef90d", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "dream2nix", + "type": "github" + } + }, "essentials": { "inputs": { "flake-utils": "flake-utils_2", - "nixpkgs": [ - "nixpkgs" - ] + "nixpkgs": "nixpkgs_4" }, "locked": { "lastModified": 1704366612, @@ -167,23 +219,53 @@ "type": "github" } }, - "flake-compat": { - "flake": false, + "fenix": { + "inputs": { + "nixpkgs": [ + "riff", + "nixpkgs" + ], + "rust-analyzer-src": "rust-analyzer-src" + }, "locked": { - "lastModified": 1747046372, - "narHash": "sha256-CIVLLkVgvHYbgI2UpXvIIBJ12HWgX+fjA8Xf8PUmqCY=", - "owner": "edolstra", - "repo": "flake-compat", - "rev": "9100a0f413b0c601e0533d1d94ffd501ce2e7885", + "lastModified": 1686896497, + "narHash": "sha256-IphIS1KpiFXp/j0v7mEMhtw51uvU5F0mqF2j4//7VAA=", + "owner": "nix-community", + "repo": "fenix", + "rev": "9c69d11badcd78710d7d8665bc3d2e1adc450ffe", "type": "github" }, "original": { - "owner": "edolstra", - "repo": "flake-compat", + "owner": "nix-community", + "repo": "fenix", "type": "github" } }, - "flake-compat_2": { + "fenix_2": { + "inputs": { + "nixpkgs": [ + "webcord", + "dream2nix", + "alejandra", + "nixpkgs" + ], + "rust-analyzer-src": "rust-analyzer-src_2" + }, + "locked": { + "lastModified": 1657607339, + "narHash": "sha256-HaqoAwlbVVZH2n4P3jN2FFPMpVuhxDy1poNOR7kzODc=", + "owner": "nix-community", + "repo": "fenix", + "rev": "b814c83d9e6aa5a28d0cf356ecfdafb2505ad37d", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "fenix", + "type": "github" + } + }, + "flake-compat": { "flake": false, "locked": { "lastModified": 1650374568, @@ -199,14 +281,30 @@ "type": "github" } }, + "flake-compat_2": { + "flake": false, + "locked": { + "lastModified": 1696426674, + "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, "flake-compat_3": { "flake": false, "locked": { - "lastModified": 1733328505, - "narHash": "sha256-NeCCThCEP3eCl2l/+27kNNK7QrwZB1IJCrXfrbv5oqU=", + "lastModified": 1696426674, + "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", "owner": "edolstra", "repo": "flake-compat", - "rev": "ff81ac966bb2cae68946d5ed5fc4994f96d0ffec", + "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", "type": "github" }, "original": { @@ -218,11 +316,11 @@ "flake-compat_4": { "flake": false, "locked": { - "lastModified": 1747046372, - "narHash": "sha256-CIVLLkVgvHYbgI2UpXvIIBJ12HWgX+fjA8Xf8PUmqCY=", + "lastModified": 1733328505, + "narHash": "sha256-NeCCThCEP3eCl2l/+27kNNK7QrwZB1IJCrXfrbv5oqU=", "owner": "edolstra", "repo": "flake-compat", - "rev": "9100a0f413b0c601e0533d1d94ffd501ce2e7885", + "rev": "ff81ac966bb2cae68946d5ed5fc4994f96d0ffec", "type": "github" }, "original": { @@ -266,16 +364,16 @@ "flake-parts": { "inputs": { "nixpkgs-lib": [ - "attic", + "lanzaboote", "nixpkgs" ] }, "locked": { - "lastModified": 1751413152, - "narHash": "sha256-Tyw1RjYEsp5scoigs1384gIg6e0GoBVjms4aXFfRssQ=", + "lastModified": 1743550720, + "narHash": "sha256-hIshGgKZCgWh6AYJpJmRgFdR3WUbkY04o82X05xqQiY=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "77826244401ea9de6e3bac47c2db46005e1f30b5", + "rev": "c621e8422220273271f52058f618c94e405bb0f5", "type": "github" }, "original": { @@ -287,16 +385,16 @@ "flake-parts_2": { "inputs": { "nixpkgs-lib": [ - "lanzaboote", + "nixvim", "nixpkgs" ] }, "locked": { - "lastModified": 1754091436, - "narHash": "sha256-XKqDMN1/Qj1DKivQvscI4vmHfDfvYR2pfuFOJiCeewM=", + "lastModified": 1743550720, + "narHash": "sha256-hIshGgKZCgWh6AYJpJmRgFdR3WUbkY04o82X05xqQiY=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "67df8c627c2c39c41dbec76a1f201929929ab0bd", + "rev": "c621e8422220273271f52058f618c94e405bb0f5", "type": "github" }, "original": { @@ -306,27 +404,6 @@ } }, "flake-parts_3": { - "inputs": { - "nixpkgs-lib": [ - "nixvim", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1754487366, - "narHash": "sha256-pHYj8gUBapuUzKV/kN/tR3Zvqc7o6gdFB9XKXIp1SQ8=", - "owner": "hercules-ci", - "repo": "flake-parts", - "rev": "af66ad14b28a127c5c0f3bbb298218fc63528a18", - "type": "github" - }, - "original": { - "owner": "hercules-ci", - "repo": "flake-parts", - "type": "github" - } - }, - "flake-parts_4": { "inputs": { "nixpkgs-lib": [ "nur", @@ -347,6 +424,24 @@ "type": "github" } }, + "flake-parts_4": { + "inputs": { + "nixpkgs-lib": "nixpkgs-lib" + }, + "locked": { + "lastModified": 1668450977, + "narHash": "sha256-cfLhMhnvXn6x1vPm+Jow3RiFAUSCw/l1utktCw5rVA4=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "d591857e9d7dd9ddbfba0ea02b43b927c3c0f1fa", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, "flake-utils": { "locked": { "lastModified": 1659877975, @@ -362,27 +457,24 @@ "type": "github" } }, - "flake-utils-plus": { - "inputs": { - "flake-utils": "flake-utils_3" - }, + "flake-utils-pre-commit": { "locked": { - "lastModified": 1738591040, - "narHash": "sha256-4WNeriUToshQ/L5J+dTSWC5OJIwT39SEP7V7oylndi8=", - "owner": "gytis-ivaskevicius", - "repo": "flake-utils-plus", - "rev": "afcb15b845e74ac5e998358709b2b5fe42a948d1", + "lastModified": 1644229661, + "narHash": "sha256-1YdnJAsNy69bpcjuoKdOYQX0YxZBiCYZo4Twxerqv7k=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "3cecb5b042f7f209c56ffd8371b2711a290ec797", "type": "github" }, "original": { - "owner": "gytis-ivaskevicius", - "repo": "flake-utils-plus", + "owner": "numtide", + "repo": "flake-utils", "type": "github" } }, "flake-utils_2": { "inputs": { - "systems": "systems_2" + "systems": "systems_3" }, "locked": { "lastModified": 1701680307, @@ -400,14 +492,14 @@ }, "flake-utils_3": { "inputs": { - "systems": "systems_3" + "systems": "systems_4" }, "locked": { - "lastModified": 1694529238, - "narHash": "sha256-zsNZZGTGnMOf9YpHKJqMSsa0dXbfmxeoJ7xHlrt+xmY=", + "lastModified": 1731533236, + "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", "owner": "numtide", "repo": "flake-utils", - "rev": "ff7b65b44d01cf9ba6a71320833626af21126384", + "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", "type": "github" }, "original": { @@ -418,7 +510,7 @@ }, "flake-utils_4": { "inputs": { - "systems": "systems_4" + "systems": "systems_5" }, "locked": { "lastModified": 1731533236, @@ -454,43 +546,7 @@ }, "flake-utils_6": { "inputs": { - "systems": "systems_7" - }, - "locked": { - "lastModified": 1731533236, - "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, - "flake-utils_7": { - "inputs": { - "systems": "systems_9" - }, - "locked": { - "lastModified": 1710146030, - "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, - "flake-utils_8": { - "inputs": { - "systems": "systems_10" + "systems": "systems_8" }, "locked": { "lastModified": 1681202837, @@ -506,6 +562,38 @@ "type": "github" } }, + "flakeCompat": { + "flake": false, + "locked": { + "lastModified": 1650374568, + "narHash": "sha256-Z+s0J8/r907g149rllvwhb4pKi8Wam5ij0st8PwAh+E=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "b4a34015c698c7793d592d66adbab377907a2be8", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, + "ghc-utils": { + "flake": false, + "locked": { + "lastModified": 1662774800, + "narHash": "sha256-1Rd2eohGUw/s1tfvkepeYpg8kCEXiIot0RijapUjAkE=", + "ref": "refs/heads/master", + "rev": "bb3a2d3dc52ff0253fb9c2812bd7aa2da03e0fea", + "revCount": 1072, + "type": "git", + "url": "https://gitlab.haskell.org/bgamari/ghc-utils" + }, + "original": { + "type": "git", + "url": "https://gitlab.haskell.org/bgamari/ghc-utils" + } + }, "git-hooks": { "inputs": { "flake-compat": [ @@ -519,11 +607,11 @@ ] }, "locked": { - "lastModified": 1750779888, - "narHash": "sha256-wibppH3g/E2lxU43ZQHC5yA/7kIKLGxVEnsnVK1BtRg=", + "lastModified": 1742649964, + "narHash": "sha256-DwOTp7nvfi8mRfuL1escHDXabVXFGT1VlPD1JHrtrco=", "owner": "cachix", "repo": "git-hooks.nix", - "rev": "16ec914f6fb6f599ce988427d9d94efddf25fe6d", + "rev": "dcf5072734cb576d2b0c59b2ac44f5050b5eac82", "type": "github" }, "original": { @@ -578,8 +666,8 @@ }, "gnome-autounlock-keyring": { "inputs": { - "flake-utils": "flake-utils_4", - "nixpkgs": "nixpkgs_4" + "flake-utils": "flake-utils_3", + "nixpkgs": "nixpkgs_5" }, "locked": { "lastModified": 1734975080, @@ -595,6 +683,22 @@ "url": "https://git.0x76.dev/v/gnome-autounlock-keyring.git" } }, + "gomod2nix": { + "flake": false, + "locked": { + "lastModified": 1627572165, + "narHash": "sha256-MFpwnkvQpauj799b4QTBJQFEddbD02+Ln5k92QyHOSk=", + "owner": "tweag", + "repo": "gomod2nix", + "rev": "67f22dd738d092c6ba88e420350ada0ed4992ae8", + "type": "github" + }, + "original": { + "owner": "tweag", + "repo": "gomod2nix", + "type": "github" + } + }, "home-manager": { "inputs": { "nixpkgs": [ @@ -602,11 +706,11 @@ ] }, "locked": { - "lastModified": 1755601933, - "narHash": "sha256-iXZeeYyfy8NdpvH/OOW9V3C2AfsXE+fzDHfrIOHBPF0=", + "lastModified": 1747978958, + "narHash": "sha256-pQQnbxWpY3IiZqgelXHIe/OAE/Yv4NSQq7fch7M6nXQ=", "owner": "nix-community", "repo": "home-manager", - "rev": "8af2e064f93234ee79df8b9858eeefbf84394488", + "rev": "7419250703fd5eb50e99bdfb07a86671939103ea", "type": "github" }, "original": { @@ -615,114 +719,6 @@ "type": "github" } }, - "hyprland-qt-support": { - "inputs": { - "hyprlang": [ - "hyprland-qtutils", - "hyprlang" - ], - "nixpkgs": [ - "hyprland-qtutils", - "nixpkgs" - ], - "systems": [ - "hyprland-qtutils", - "systems" - ] - }, - "locked": { - "lastModified": 1749154592, - "narHash": "sha256-DO7z5CeT/ddSGDEnK9mAXm1qlGL47L3VAHLlLXoCjhE=", - "owner": "hyprwm", - "repo": "hyprland-qt-support", - "rev": "4c8053c3c888138a30c3a6c45c2e45f5484f2074", - "type": "github" - }, - "original": { - "owner": "hyprwm", - "repo": "hyprland-qt-support", - "type": "github" - } - }, - "hyprland-qtutils": { - "inputs": { - "hyprland-qt-support": "hyprland-qt-support", - "hyprlang": "hyprlang", - "hyprutils": [ - "hyprland-qtutils", - "hyprlang", - "hyprutils" - ], - "nixpkgs": "nixpkgs_5", - "systems": "systems_5" - }, - "locked": { - "lastModified": 1753819801, - "narHash": "sha256-tHe6XeNeVeKapkNM3tcjW4RuD+tB2iwwoogWJOtsqTI=", - "owner": "hyprwm", - "repo": "hyprland-qtutils", - "rev": "b308a818b9dcaa7ab8ccab891c1b84ebde2152bc", - "type": "github" - }, - "original": { - "owner": "hyprwm", - "repo": "hyprland-qtutils", - "type": "github" - } - }, - "hyprlang": { - "inputs": { - "hyprutils": "hyprutils", - "nixpkgs": [ - "hyprland-qtutils", - "nixpkgs" - ], - "systems": [ - "hyprland-qtutils", - "systems" - ] - }, - "locked": { - "lastModified": 1749145882, - "narHash": "sha256-qr0KXeczF8Sma3Ae7+dR2NHhvG7YeLBJv19W4oMu6ZE=", - "owner": "hyprwm", - "repo": "hyprlang", - "rev": "1bfb84f54d50c7ae6558c794d3cfd5f6a7e6e676", - "type": "github" - }, - "original": { - "owner": "hyprwm", - "repo": "hyprlang", - "type": "github" - } - }, - "hyprutils": { - "inputs": { - "nixpkgs": [ - "hyprland-qtutils", - "hyprlang", - "nixpkgs" - ], - "systems": [ - "hyprland-qtutils", - "hyprlang", - "systems" - ] - }, - "locked": { - "lastModified": 1749135356, - "narHash": "sha256-Q8mAKMDsFbCEuq7zoSlcTuxgbIBVhfIYpX0RjE32PS0=", - "owner": "hyprwm", - "repo": "hyprutils", - "rev": "e36db00dfb3a3d3fdcc4069cb292ff60d2699ccb", - "type": "github" - }, - "original": { - "owner": "hyprwm", - "repo": "hyprutils", - "type": "github" - } - }, "ixx": { "inputs": { "flake-utils": [ @@ -737,25 +733,25 @@ ] }, "locked": { - "lastModified": 1748294338, - "narHash": "sha256-FVO01jdmUNArzBS7NmaktLdGA5qA3lUMJ4B7a05Iynw=", + "lastModified": 1737371634, + "narHash": "sha256-fTVAWzT1UMm1lT+YxHuVPtH+DATrhYfea3B0MxG/cGw=", "owner": "NuschtOS", "repo": "ixx", - "rev": "cc5f390f7caf265461d4aab37e98d2292ebbdb85", + "rev": "a1176e2a10ce745ff8f63e4af124ece8fe0b1648", "type": "github" }, "original": { "owner": "NuschtOS", - "ref": "v0.0.8", + "ref": "v0.0.7", "repo": "ixx", "type": "github" } }, "lanzaboote": { "inputs": { - "crane": "crane_2", + "crane": "crane", "flake-compat": "flake-compat_4", - "flake-parts": "flake-parts_2", + "flake-parts": "flake-parts", "nixpkgs": [ "nixpkgs" ], @@ -763,11 +759,11 @@ "rust-overlay": "rust-overlay" }, "locked": { - "lastModified": 1754297745, - "narHash": "sha256-aD6/scLN3L4ZszmNbhhd3JQ9Pzv1ScYFphz14wHinfs=", + "lastModified": 1747056319, + "narHash": "sha256-qSKcBaISBozadtPq6BomnD+wIYTZIkiua3UuHLaD52c=", "owner": "nix-community", "repo": "lanzaboote", - "rev": "892cbdca865d6b42f9c0d222fe309f7720259855", + "rev": "2e425f3da6ce7f5b34fa6eaf7a2a7f78dbabcc85", "type": "github" }, "original": { @@ -776,6 +772,21 @@ "type": "github" } }, + "mach-nix": { + "flake": false, + "locked": { + "lastModified": 1634711045, + "narHash": "sha256-m5A2Ty88NChLyFhXucECj6+AuiMZPHXNbw+9Kcs7F6Y=", + "owner": "DavHau", + "repo": "mach-nix", + "rev": "4433f74a97b94b596fa6cd9b9c0402104aceef5d", + "type": "github" + }, + "original": { + "id": "mach-nix", + "type": "indirect" + } + }, "mailserver": { "inputs": { "blobs": "blobs", @@ -787,31 +798,31 @@ "nixpkgs-25_05": "nixpkgs-25_05" }, "locked": { - "lastModified": 1754605910, - "narHash": "sha256-kVWxzm44ywJTb4REfwWCYXnROISykG0yE+X5A3Gov24=", - "ref": "refs/heads/master", - "rev": "57d9624c71ca65bee69b30d72b11f6c5257e9500", - "revCount": 783, - "type": "git", - "url": "https://gitlab.com/simple-nixos-mailserver/nixos-mailserver.git" + "lastModified": 1747965231, + "narHash": "sha256-BW3ktviEhfCN/z3+kEyzpDKAI8qFTwO7+S0NVA0C90o=", + "owner": "simple-nixos-mailserver", + "repo": "nixos-mailserver", + "rev": "53007af63fade28853408370c4c600a63dd97f41", + "type": "gitlab" }, "original": { - "type": "git", - "url": "https://gitlab.com/simple-nixos-mailserver/nixos-mailserver.git" + "owner": "simple-nixos-mailserver", + "repo": "nixos-mailserver", + "type": "gitlab" } }, "microvm": { "inputs": { - "flake-utils": "flake-utils_5", + "flake-utils": "flake-utils_4", "nixpkgs": "nixpkgs_6", "spectrum": "spectrum" }, "locked": { - "lastModified": 1755102374, - "narHash": "sha256-v6xhTSgnGQoF1a51BB6OQWN8HXiYbZtVL+54TRuk9zk=", + "lastModified": 1747859546, + "narHash": "sha256-tDu6JFzM86y5L2eLAkkw5Aklzz0DwfohtcxRXw+fCHA=", "owner": "astro", "repo": "microvm.nix", - "rev": "0a5cda80e48191959cf5a9c0552532599ef2cee4", + "rev": "91ba136db1a3dd73168639c185fa802eb1157ec1", "type": "github" }, "original": { @@ -820,28 +831,50 @@ "type": "github" } }, - "nix-github-actions": { + "naersk": { "inputs": { "nixpkgs": [ - "attic", + "comma", "nixpkgs" ] }, "locked": { - "lastModified": 1737420293, - "narHash": "sha256-F1G5ifvqTpJq7fdkT34e/Jy9VCyzd5XfJ9TO8fHhJWE=", + "lastModified": 1721727458, + "narHash": "sha256-r/xppY958gmZ4oTfLiHN0ZGuQ+RSTijDblVgVLFi1mw=", "owner": "nix-community", - "repo": "nix-github-actions", - "rev": "f4158fa080ef4503c8f4c820967d946c2af31ec9", + "repo": "naersk", + "rev": "3fb418eaf352498f6b6c30592e3beb63df42ef11", "type": "github" }, "original": { "owner": "nix-community", - "repo": "nix-github-actions", + "ref": "master", + "repo": "naersk", "type": "github" } }, - "nix-github-actions_2": { + "naersk_2": { + "inputs": { + "nixpkgs": [ + "riff", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1686572087, + "narHash": "sha256-jXTut7ZSYqLEgm/nTk7TuVL2ExahTip605bLINklAnQ=", + "owner": "nix-community", + "repo": "naersk", + "rev": "8507af04eb40c5520bd35d9ce6f9d2342cea5ad1", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "naersk", + "type": "github" + } + }, + "nix-github-actions": { "inputs": { "nixpkgs": [ "colmena", @@ -862,6 +895,22 @@ "type": "github" } }, + "nix-pypi-fetcher": { + "flake": false, + "locked": { + "lastModified": 1669065297, + "narHash": "sha256-UStjXjNIuIm7SzMOWvuYWIHBkPUKQ8Id63BMJjnIDoA=", + "owner": "DavHau", + "repo": "nix-pypi-fetcher", + "rev": "a9885ac6a091576b5195d547ac743d45a2a615ac", + "type": "github" + }, + "original": { + "owner": "DavHau", + "repo": "nix-pypi-fetcher", + "type": "github" + } + }, "nixlib": { "locked": { "lastModified": 1736643958, @@ -885,11 +934,11 @@ ] }, "locked": { - "lastModified": 1751903740, - "narHash": "sha256-PeSkNMvkpEvts+9DjFiop1iT2JuBpyknmBUs0Un0a4I=", + "lastModified": 1747663185, + "narHash": "sha256-Obh50J+O9jhUM/FgXtI3he/QRNiV9+J53+l+RlKSaAk=", "owner": "nix-community", "repo": "nixos-generators", - "rev": "032decf9db65efed428afd2fa39d80f7089085eb", + "rev": "ee07ba0d36c38e9915c55d2ac5a8fb0f05f2afcc", "type": "github" }, "original": { @@ -900,11 +949,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1755330281, - "narHash": "sha256-aJHFJWP9AuI8jUGzI77LYcSlkA9wJnOIg4ZqftwNGXA=", + "lastModified": 1747900541, + "narHash": "sha256-dn64Pg9xLETjblwZs9Euu/SsjW80pd6lr5qSiyLY1pg=", "owner": "nixos", "repo": "nixos-hardware", - "rev": "3dac8a872557e0ca8c083cdcfc2f218d18e113b0", + "rev": "11f2d9ea49c3e964315215d6baa73a8d42672f06", "type": "github" }, "original": { @@ -915,11 +964,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1755027561, - "narHash": "sha256-IVft239Bc8p8Dtvf7UAACMG5P3ZV+3/aO28gXpGtMXI=", + "lastModified": 1746461020, + "narHash": "sha256-7+pG1I9jvxNlmln4YgnlW4o+w0TZX24k688mibiFDUE=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "005433b926e16227259a1843015b5b2b7f7d1fc3", + "rev": "3730d8a308f94996a9ba7c7138ede69c1b9ac4ae", "type": "github" }, "original": { @@ -931,11 +980,11 @@ }, "nixpkgs-25_05": { "locked": { - "lastModified": 1753749649, - "narHash": "sha256-+jkEZxs7bfOKfBIk430K+tK9IvXlwzqQQnppC2ZKFj4=", + "lastModified": 1747610100, + "narHash": "sha256-rpR5ZPMkWzcnCcYYo3lScqfuzEw5Uyfh+R0EKZfroAc=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "1f08a4df998e21f4e8be8fb6fbf61d11a1a5076a", + "rev": "ca49c4304acf0973078db0a9d200fd2bae75676d", "type": "github" }, "original": { @@ -945,23 +994,41 @@ "type": "github" } }, - "nixpkgs-stable": { + "nixpkgs-lib": { "locked": { - "lastModified": 1751741127, - "narHash": "sha256-t75Shs76NgxjZSgvvZZ9qOmz5zuBE8buUaYD28BMTxg=", + "dir": "lib", + "lastModified": 1665349835, + "narHash": "sha256-UK4urM3iN80UXQ7EaOappDzcisYIuEURFRoGQ/yPkug=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "29e290002bfff26af1db6f64d070698019460302", + "rev": "34c5293a71ffdb2fe054eb5288adc1882c1eb0b1", "type": "github" }, "original": { + "dir": "lib", "owner": "NixOS", - "ref": "nixos-25.05", + "ref": "nixos-unstable", "repo": "nixpkgs", "type": "github" } }, "nixpkgs_10": { + "locked": { + "lastModified": 1686736559, + "narHash": "sha256-YyUSVoOKIDAscTx7IZhF9x3qgZ9dPNF19fKk+4c5irc=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "ddf4688dc7aeb14e8a3c549cb6aa6337f187a884", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-23.05", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_11": { "locked": { "lastModified": 1714656196, "narHash": "sha256-kjQkA98lMcsom6Gbhw8SYzmwrSo+2nruiTcTZp5jK7o=", @@ -977,13 +1044,29 @@ "type": "github" } }, - "nixpkgs_2": { + "nixpkgs_12": { "locked": { - "lastModified": 1750134718, - "narHash": "sha256-v263g4GbxXv87hMXMCpjkIxd/viIF7p3JpJrwgKdNiI=", + "lastModified": 1682526928, + "narHash": "sha256-2cKh4O6t1rQ8Ok+v16URynmb0rV7oZPEbXkU0owNLQs=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "d6b863fd9b7bb962e6f9fdf292419a775e772891", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_13": { + "locked": { + "lastModified": 1670507980, + "narHash": "sha256-riNZa0xzM1it3pzxciwALeMs+0CsBMWIW2FqulzK8vM=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "9e83b64f727c88a7711a2c463a7b16eedb69a84c", + "rev": "2787fc7d1e51404678614bf0fe92fc296746eec0", "type": "github" }, "original": { @@ -993,13 +1076,29 @@ "type": "github" } }, - "nixpkgs_3": { + "nixpkgs_2": { "locked": { - "lastModified": 1743014863, - "narHash": "sha256-jAIUqsiN2r3hCuHji80U7NNEafpIMBXiwKlSrjWMlpg=", + "lastModified": 1725194671, + "narHash": "sha256-tLGCFEFTB5TaOKkpfw3iYT9dnk4awTP/q4w+ROpMfuw=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "bd3bac8bfb542dbde7ffffb6987a1a1f9d41699f", + "rev": "b833ff01a0d694b910daca6e2ff4a3f26dee478c", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixpkgs-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_3": { + "locked": { + "lastModified": 1702272962, + "narHash": "sha256-D+zHwkwPc6oYQ4G3A1HuadopqRwUY/JkMwHz1YF7j4Q=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "e97b3e4186bcadf0ef1b6be22b8558eab1cdeb5d", "type": "github" }, "original": { @@ -1010,6 +1109,22 @@ } }, "nixpkgs_4": { + "locked": { + "lastModified": 1703438236, + "narHash": "sha256-aqVBq1u09yFhL7bj1/xyUeJjzr92fXVvQSSEx6AdB1M=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "5f64a12a728902226210bf01d25ec6cbb9d9265b", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_5": { "locked": { "lastModified": 1734973338, "narHash": "sha256-E9JOCwppN3WX9oh6kV9w4nkN+6UPGNdzljscdJy5kTs=", @@ -1024,29 +1139,13 @@ "type": "github" } }, - "nixpkgs_5": { - "locked": { - "lastModified": 1748929857, - "narHash": "sha256-lcZQ8RhsmhsK8u7LIFsJhsLh/pzR9yZ8yqpTzyGdj+Q=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "c2a03962b8e24e669fb37b7df10e7c79531ff1a4", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, "nixpkgs_6": { "locked": { - "lastModified": 1754725699, - "narHash": "sha256-iAcj9T/Y+3DBy2J0N+yF9XQQQ8IEb5swLFzs23CdP88=", + "lastModified": 1746904237, + "narHash": "sha256-3e+AVBczosP5dCLQmMoMEogM57gmZ2qrVSrmq9aResQ=", "owner": "nixos", "repo": "nixpkgs", - "rev": "85dbfc7aaf52ecb755f87e577ddbe6dbbdbc1054", + "rev": "d89fc19e405cb2d55ce7cc114356846a0ee5e956", "type": "github" }, "original": { @@ -1058,11 +1157,11 @@ }, "nixpkgs_7": { "locked": { - "lastModified": 1755186698, - "narHash": "sha256-wNO3+Ks2jZJ4nTHMuks+cxAiVBGNuEBXsT29Bz6HASo=", + "lastModified": 1747744144, + "narHash": "sha256-W7lqHp0qZiENCDwUZ5EX/lNhxjMdNapFnbErcbnP11Q=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "fbcf476f790d8a217c3eab4e12033dc4a0f6d23c", + "rev": "2795c506fe8fb7b03c36ccb51f75b6df0ab2553f", "type": "github" }, "original": { @@ -1073,11 +1172,11 @@ }, "nixpkgs_8": { "locked": { - "lastModified": 1754393734, - "narHash": "sha256-fbnmAwTQkuXHKBlcL5Nq1sMAzd3GFqCOQgEQw6Hy0Ak=", + "lastModified": 1747920628, + "narHash": "sha256-IlAuXnIi+ZmyS89tt1YOFDCv7FKs9bNBHd3MXMp8PxE=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "a683adc19ff5228af548c6539dbc3440509bfed3", + "rev": "e314d5c6d3b3a0f40ec5bcbc007b0cbe412f48ae", "type": "github" }, "original": { @@ -1089,11 +1188,11 @@ }, "nixpkgs_9": { "locked": { - "lastModified": 1755186698, - "narHash": "sha256-wNO3+Ks2jZJ4nTHMuks+cxAiVBGNuEBXsT29Bz6HASo=", + "lastModified": 1747744144, + "narHash": "sha256-W7lqHp0qZiENCDwUZ5EX/lNhxjMdNapFnbErcbnP11Q=", "owner": "nixos", "repo": "nixpkgs", - "rev": "fbcf476f790d8a217c3eab4e12033dc4a0f6d23c", + "rev": "2795c506fe8fb7b03c36ccb51f75b6df0ab2553f", "type": "github" }, "original": { @@ -1103,19 +1202,34 @@ "type": "github" } }, + "nixpkgs_stable": { + "locked": { + "lastModified": 1704290814, + "narHash": "sha256-LWvKHp7kGxk/GEtlrGYV68qIvPHkU9iToomNFGagixU=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "70bdadeb94ffc8806c0570eb5c2695ad29f0e421", + "type": "github" + }, + "original": { + "id": "nixpkgs", + "ref": "nixos-23.05", + "type": "indirect" + } + }, "nixvim": { "inputs": { - "flake-parts": "flake-parts_3", + "flake-parts": "flake-parts_2", "nixpkgs": "nixpkgs_8", "nuschtosSearch": "nuschtosSearch", - "systems": "systems_8" + "systems": "systems_7" }, "locked": { - "lastModified": 1755541228, - "narHash": "sha256-3PsCEAfZLk3shQNgEH67P6KvhV6bXziewl3HwJ/iaV4=", + "lastModified": 1748075723, + "narHash": "sha256-FiTU+0BpDvro+VPpoLs3KjebLe5qyGMWQG1xNB/oeCQ=", "owner": "pta2002", "repo": "nixvim", - "rev": "e1e4bb83f1b1193c99971dfde6928e1f60ed4296", + "rev": "764a9b8ddafcff877be16908447b7bd84204cca6", "type": "github" }, "original": { @@ -1126,15 +1240,16 @@ }, "nur": { "inputs": { - "flake-parts": "flake-parts_4", - "nixpkgs": "nixpkgs_9" + "flake-parts": "flake-parts_3", + "nixpkgs": "nixpkgs_9", + "treefmt-nix": "treefmt-nix" }, "locked": { - "lastModified": 1755599037, - "narHash": "sha256-wyQzSgNokEMaC1wrIbiHIqatbikrvimrTV8a47RlJ8k=", + "lastModified": 1748082384, + "narHash": "sha256-9xz59HYSe3p72s/mImv41sfE9AmXh7FzlqX8sfYSqZ4=", "owner": "nix-community", "repo": "NUR", - "rev": "e92965e6bad1a44445803a8567400e5c6ad9cbe6", + "rev": "c34543746275e849c494be5b222ad093e32b65f2", "type": "github" }, "original": { @@ -1145,7 +1260,7 @@ }, "nuschtosSearch": { "inputs": { - "flake-utils": "flake-utils_6", + "flake-utils": "flake-utils_5", "ixx": "ixx", "nixpkgs": [ "nixvim", @@ -1153,11 +1268,11 @@ ] }, "locked": { - "lastModified": 1754301638, - "narHash": "sha256-aRgzcPDd2axHFOuMlPLuzmDptUM2JU8mUL3jfgbBeyc=", + "lastModified": 1745046075, + "narHash": "sha256-8v4y6k16Ra/fiecb4DxhsoOGtzLKgKlS+9/XJ9z0T2I=", "owner": "NuschtOS", "repo": "search", - "rev": "a60091045273484c040a91f5c229ba298f8ecc27", + "rev": "066afe8643274470f4a294442aadd988356a478f", "type": "github" }, "original": { @@ -1166,6 +1281,50 @@ "type": "github" } }, + "poetry2nix": { + "flake": false, + "locked": { + "lastModified": 1666918719, + "narHash": "sha256-BkK42fjAku+2WgCOv2/1NrPa754eQPV7gPBmoKQBWlc=", + "owner": "nix-community", + "repo": "poetry2nix", + "rev": "289efb187123656a116b915206e66852f038720e", + "type": "github" + }, + "original": { + "owner": "nix-community", + "ref": "1.36.0", + "repo": "poetry2nix", + "type": "github" + } + }, + "pre-commit-hooks": { + "inputs": { + "flake-utils": [ + "webcord", + "dream2nix", + "flake-utils-pre-commit" + ], + "nixpkgs": [ + "webcord", + "dream2nix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1646153636, + "narHash": "sha256-AlWHMzK+xJ1mG267FdT8dCq/HvLCA6jwmx2ZUy5O8tY=", + "owner": "cachix", + "repo": "pre-commit-hooks.nix", + "rev": "b6bc0b21e1617e2b07d8205e7fae7224036dfa4b", + "type": "github" + }, + "original": { + "owner": "cachix", + "repo": "pre-commit-hooks.nix", + "type": "github" + } + }, "pre-commit-hooks-nix": { "inputs": { "flake-compat": [ @@ -1179,11 +1338,11 @@ ] }, "locked": { - "lastModified": 1750779888, - "narHash": "sha256-wibppH3g/E2lxU43ZQHC5yA/7kIKLGxVEnsnVK1BtRg=", + "lastModified": 1746537231, + "narHash": "sha256-Wb2xeSyOsCoTCTj7LOoD6cdKLEROyFAArnYoS+noCWo=", "owner": "cachix", "repo": "pre-commit-hooks.nix", - "rev": "16ec914f6fb6f599ce988427d9d94efddf25fe6d", + "rev": "fa466640195d38ec97cf0493d6d6882bc4d14969", "type": "github" }, "original": { @@ -1192,29 +1351,81 @@ "type": "github" } }, + "riff": { + "inputs": { + "fenix": "fenix", + "naersk": "naersk_2", + "nixpkgs": "nixpkgs_10" + }, + "locked": { + "lastModified": 1690193312, + "narHash": "sha256-JZQoHRBpNM1ucZ9A9ZE3Q67z8AuaBa/WKIS2Wm8zHHo=", + "owner": "DeterminateSystems", + "repo": "riff", + "rev": "aec5418dbae0c468652eaac7f8f3d85ed83c89ce", + "type": "github" + }, + "original": { + "owner": "DeterminateSystems", + "repo": "riff", + "type": "github" + } + }, "root": { "inputs": { - "attic": "attic", - "autostart": "autostart", - "catppuccin": "catppuccin", "colmena": "colmena", + "comma": "comma", "deploy": "deploy", "essentials": "essentials", - "flake-utils-plus": "flake-utils-plus", "gnome-autounlock-keyring": "gnome-autounlock-keyring", "home-manager": "home-manager", - "hyprland-qtutils": "hyprland-qtutils", "lanzaboote": "lanzaboote", "mailserver": "mailserver", "microvm": "microvm", "nixos-generators": "nixos-generators", "nixos-hardware": "nixos-hardware", "nixpkgs": "nixpkgs_7", + "nixpkgs_stable": "nixpkgs_stable", "nixvim": "nixvim", "nur": "nur", - "t": "t", + "riff": "riff", "vault-secrets": "vault-secrets", - "vault-unseal": "vault-unseal" + "vault-unseal": "vault-unseal", + "webcord": "webcord" + } + }, + "rust-analyzer-src": { + "flake": false, + "locked": { + "lastModified": 1686818168, + "narHash": "sha256-yyoJmC17T6mXqthzgGiTKSdUJ0cTEuqQmkmd3iW4ay8=", + "owner": "rust-lang", + "repo": "rust-analyzer", + "rev": "ff864fbb9fc21f0cdae408fe8f5b2f43141b45a7", + "type": "github" + }, + "original": { + "owner": "rust-lang", + "ref": "nightly", + "repo": "rust-analyzer", + "type": "github" + } + }, + "rust-analyzer-src_2": { + "flake": false, + "locked": { + "lastModified": 1657557289, + "narHash": "sha256-PRW+nUwuqNTRAEa83SfX+7g+g8nQ+2MMbasQ9nt6+UM=", + "owner": "rust-lang", + "repo": "rust-analyzer", + "rev": "caf23f29144b371035b864a1017dbc32573ad56d", + "type": "github" + }, + "original": { + "owner": "rust-lang", + "ref": "nightly", + "repo": "rust-analyzer", + "type": "github" } }, "rust-overlay": { @@ -1225,11 +1436,11 @@ ] }, "locked": { - "lastModified": 1754189623, - "narHash": "sha256-fstu5eb30UYwsxow0aQqkzxNxGn80UZjyehQVNVHuBk=", + "lastModified": 1747017456, + "narHash": "sha256-C/U12fcO+HEF071b5mK65lt4XtAIZyJSSJAg9hdlvTk=", "owner": "oxalica", "repo": "rust-overlay", - "rev": "c582ff7f0d8a7ea689ae836dfb1773f1814f472a", + "rev": "5b07506ae89b025b14de91f697eba23b48654c52", "type": "github" }, "original": { @@ -1241,11 +1452,11 @@ "spectrum": { "flake": false, "locked": { - "lastModified": 1754675037, - "narHash": "sha256-afS08F7lfMUBR4qrBxinN1kuxu+DoHQ5TPNVp9VS/OA=", + "lastModified": 1746869549, + "narHash": "sha256-BKZ/yZO/qeLKh9YqVkKB6wJiDQJAZNN5rk5NsMImsWs=", "ref": "refs/heads/main", - "rev": "586577f3015397afacd83bc185454f4cc3c8028f", - "revCount": 955, + "rev": "d927e78530892ec8ed389e8fae5f38abee00ad87", + "revCount": 862, "type": "git", "url": "https://spectrum-os.org/git/spectrum" }, @@ -1256,16 +1467,16 @@ }, "stable": { "locked": { - "lastModified": 1750133334, - "narHash": "sha256-urV51uWH7fVnhIvsZIELIYalMYsyr2FCalvlRTzqWRw=", + "lastModified": 1746557022, + "narHash": "sha256-QkNoyEf6TbaTW5UZYX0OkwIJ/ZMeKSSoOMnSDPQuol0=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "36ab78dab7da2e4e27911007033713bab534187b", + "rev": "1d3aeb5a193b9ff13f63f4d9cc169fb88129f860", "type": "github" }, "original": { "owner": "NixOS", - "ref": "nixos-25.05", + "ref": "nixos-24.11", "repo": "nixpkgs", "type": "github" } @@ -1285,21 +1496,6 @@ "type": "github" } }, - "systems_10": { - "locked": { - "lastModified": 1681028828, - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", - "owner": "nix-systems", - "repo": "default", - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", - "type": "github" - }, - "original": { - "owner": "nix-systems", - "repo": "default", - "type": "github" - } - }, "systems_2": { "locked": { "lastModified": 1681028828, @@ -1347,16 +1543,16 @@ }, "systems_5": { "locked": { - "lastModified": 1689347949, - "narHash": "sha256-12tWmuL2zgBgZkdoB6qXZsgJEH9LR3oUgpaQq2RbI80=", + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", "owner": "nix-systems", - "repo": "default-linux", - "rev": "31732fcf5e8fea42e59c2488ad31a0e651500f68", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", "type": "github" }, "original": { "owner": "nix-systems", - "repo": "default-linux", + "repo": "default", "type": "github" } }, @@ -1405,39 +1601,24 @@ "type": "github" } }, - "systems_9": { - "locked": { - "lastModified": 1681028828, - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", - "owner": "nix-systems", - "repo": "default", - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", - "type": "github" - }, - "original": { - "owner": "nix-systems", - "repo": "default", - "type": "github" - } - }, - "t": { + "treefmt-nix": { "inputs": { - "flake-utils": "flake-utils_7", "nixpkgs": [ + "nur", "nixpkgs" ] }, "locked": { - "lastModified": 1710410762, - "narHash": "sha256-pCCCdoW4+ipCOwzJCYZJ8CNINDsQvACCaxh2xT6uqmw=", - "owner": "jdonszelmann", - "repo": "t-rs", - "rev": "1178091650351fc8372e4c84c786433f9bce69d5", + "lastModified": 1733222881, + "narHash": "sha256-JIPcz1PrpXUCbaccEnrcUS8jjEb/1vJbZz5KkobyFdM=", + "owner": "numtide", + "repo": "treefmt-nix", + "rev": "49717b5af6f80172275d47a418c9719a31a78b53", "type": "github" }, "original": { - "owner": "jdonszelmann", - "repo": "t-rs", + "owner": "numtide", + "repo": "treefmt-nix", "type": "github" } }, @@ -1446,11 +1627,29 @@ "systems": "systems" }, "locked": { - "lastModified": 1731533236, - "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", + "lastModified": 1710146030, + "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=", "owner": "numtide", "repo": "flake-utils", - "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", + "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "utils_2": { + "inputs": { + "systems": "systems_2" + }, + "locked": { + "lastModified": 1701680307, + "narHash": "sha256-kAuep2h5ajznlPMD9rnQyffWG8EM/C73lejGofXvdM8=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "4022d587cbbfd70fe950c1e2083a02621806a725", "type": "github" }, "original": { @@ -1462,7 +1661,7 @@ "vault-secrets": { "inputs": { "flake-compat": "flake-compat_6", - "nixpkgs": "nixpkgs_10" + "nixpkgs": "nixpkgs_11" }, "locked": { "lastModified": 1714988039, @@ -1480,10 +1679,8 @@ }, "vault-unseal": { "inputs": { - "flake-utils": "flake-utils_8", - "nixpkgs": [ - "nixpkgs" - ] + "flake-utils": "flake-utils_6", + "nixpkgs": "nixpkgs_12" }, "locked": { "lastModified": 1729410873, @@ -1498,6 +1695,42 @@ "type": "git", "url": "https://git.0x76.dev/v/vault-unseal.git" } + }, + "webcord": { + "inputs": { + "dream2nix": "dream2nix", + "nixpkgs": "nixpkgs_13", + "webcord": "webcord_2" + }, + "locked": { + "lastModified": 1707338607, + "narHash": "sha256-5UNW3kano8D4kbum+oRx18EjmJ1mLeOCwgGR1nWDwtg=", + "owner": "fufexan", + "repo": "webcord-flake", + "rev": "82ffefda8c5f663d895d24b7500d5f489b5d7d47", + "type": "github" + }, + "original": { + "owner": "fufexan", + "repo": "webcord-flake", + "type": "github" + } + }, + "webcord_2": { + "flake": false, + "locked": { + "lastModified": 1670713990, + "narHash": "sha256-e+y/M+/gjezHoNrdXeFhqtvxbPdhRSDOQlwK1nUhNfo=", + "owner": "SpacingBat3", + "repo": "WebCord", + "rev": "80ba858c025e0bb59510f7136211948d8ae10ece", + "type": "github" + }, + "original": { + "owner": "SpacingBat3", + "repo": "WebCord", + "type": "github" + } } }, "root": "root", diff --git a/flake.nix b/flake.nix index efc87b1f..669d4e80 100644 --- a/flake.nix +++ b/flake.nix @@ -6,7 +6,7 @@ inputs = { nixpkgs.url = "nixpkgs/nixos-unstable"; - flake-utils-plus.url = "github:gytis-ivaskevicius/flake-utils-plus"; + nixpkgs_stable.url = "nixpkgs/nixos-23.05"; nur.url = "github:nix-community/NUR"; colmena.url = "github:zhaofengli/colmena"; deploy.url = "github:serokell/deploy-rs"; @@ -17,7 +17,13 @@ home-manager.url = "github:nix-community/home-manager"; home-manager.inputs.nixpkgs.follows = "nixpkgs"; - mailserver.url = "git+https://gitlab.com/simple-nixos-mailserver/nixos-mailserver.git"; + riff.url = "github:DeterminateSystems/riff"; + + webcord.url = "github:fufexan/webcord-flake"; + + comma.url = "github:nix-community/comma"; + + mailserver.url = "gitlab:simple-nixos-mailserver/nixos-mailserver"; mailserver.inputs.nixpkgs.follows = "nixpkgs"; nixvim.url = "github:pta2002/nixvim"; @@ -27,172 +33,127 @@ nixos-hardware.url = "github:nixos/nixos-hardware"; - lanzaboote.url = "github:nix-community/lanzaboote"; - lanzaboote.inputs.nixpkgs.follows = "nixpkgs"; + lanzaboote = { + url = "github:nix-community/lanzaboote"; + + # Optional but recommended to limit the size of your system closure. + inputs.nixpkgs.follows = "nixpkgs"; + }; vault-unseal.url = "git+https://git.0x76.dev/v/vault-unseal.git"; - vault-unseal.inputs.nixpkgs.follows = "nixpkgs"; - gnome-autounlock-keyring.url = "git+https://git.0x76.dev/v/gnome-autounlock-keyring.git"; - t.url = "github:jdonszelmann/t-rs"; - t.inputs.nixpkgs.follows = "nixpkgs"; - - attic.url = "github:zhaofengli/attic"; - attic.inputs.nixpkgs.follows = "nixpkgs"; - - catppuccin.url = "github:catppuccin/nix"; - + # Website(s) essentials.url = "github:jdonszelmann/essentials"; - essentials.inputs.nixpkgs.follows = "nixpkgs"; - - autostart.url = "github:Zocker1999NET/home-manager-xdg-autostart"; - - hyprland-qtutils.url = "github:hyprwm/hyprland-qtutils"; }; outputs = - { - self, - nixpkgs, - flake-utils-plus, - nur, - attic, - deploy, - home-manager, - gnome-autounlock-keyring, - lanzaboote, - t, - catppuccin, - ... + { self + , nixpkgs + , nixpkgs_stable + , vault-secrets + , colmena + , nixos-generators + , nur + , deploy + , ... }@inputs: let - pkgs = self.pkgs.x86_64-linux.nixpkgs; + inherit (nixpkgs) lib; + + util = import ./nixos/util.nix inputs; + inherit (util) hosts flat_hosts nixHosts; + + system = "x86_64-linux"; + + pkgs = import nixpkgs { + inherit system; + config.allowUnfree = true; + overlays = [ (import ./nixos/pkgs) vault-secrets.overlays.default nur.overlay ]; + }; + + pkgs_stable = import nixpkgs_stable { + inherit system; + config.allowUnfree = true; + }; + + # Define args each module gets access to (access to hosts is useful for DNS/DHCP) + specialArgs = { inherit hosts flat_hosts inputs pkgs_stable; }; + + # Script to apply local colmena deployments apply-local = pkgs.writeShellScriptBin "apply-local" '' - nh os switch --ask + "${ + colmena.packages.${system}.colmena + }"/bin/colmena apply-local --sudo $@ + ''; + + fast-repl = pkgs.writeShellScriptBin "fast-repl" '' + source /etc/set-environment + nix repl --file "${./.}/repl.nix" $@ ''; in - flake-utils-plus.lib.mkFlake { - # `self` and `inputs` arguments are required - inherit self inputs; + { + # Make the nixosConfigurations for compat reasons (e.g. vault) + nixosConfigurations = + (import (inputs.colmena + "/src/nix/hive/eval.nix") { + rawFlake = self; + colmenaOptions = + import (inputs.colmena + "/src/nix/hive/options.nix"); + colmenaModules = + import (inputs.colmena + "/src/nix/hive/modules.nix"); + }).nodes; - # Supported systems, used for packages, apps, devShell and multiple other definitions. Defaults to `flake-utils.lib.defaultSystems`. - supportedSystems = [ "x86_64-linux" ]; + # Make the colmena configuration + colmena = lib.foldr (el: acc: acc // util.mkColmenaHost el) + { + meta = { + inherit specialArgs; + nixpkgs = pkgs; + }; + } + nixHosts; + colmenaHive = colmena.lib.makeHive self.outputs.colmena; - # Channels config - channelsConfig = { - allowUnfree = true; - permittedInsecurePackages = [ "electron" ]; + packages.${system} = { + inherit apply-local; + + default = colmena.packages.${system}.colmena; + + proxmox-lxc = nixos-generators.nixosGenerate { + inherit system specialArgs; + format = "proxmox-lxc"; + modules = util.base_imports + ++ [ (import ./nixos/templates/proxmox-lxc.nix) ]; + }; + + # Broken + proxmox-vm = nixos-generators.nixosGenerate { + inherit system specialArgs; + format = "proxmox"; + modules = util.base_imports + ++ [ (import ./nixos/templates/proxmox-vm.nix) ]; + }; }; - sharedOverlays = [ - (import ./pkgs) - nur.overlays.default - ]; - # host defaults - hostDefaults = { - system = "x86_64-linux"; - modules = [ - home-manager.nixosModules.home-manager - gnome-autounlock-keyring.nixosModules.default - catppuccin.nixosModules.catppuccin - ./common + # Use by running `nix develop` + devShells.${system}.default = pkgs.mkShell { + VAULT_ADDR = "http://vault.olympus:8200/"; + buildInputs = with pkgs; [ + apply-local + colmena.packages.${system}.colmena + deploy.packages.${system}.deploy-rs + cachix + deadnix + statix + nixpkgs-fmt + nil + vault + yamllint + jq + (vault-push-approle-envs self { }) + (vault-push-approles self { }) + fast-repl ]; - - specialArgs = { - inherit self inputs home-manager; - }; - }; - - # hosts - hosts = { - "olympus.bastion" = { - modules = [ - ./common/generic-vm.nix - ./hosts/olympus/bastion - ]; - }; - - aoife = { - modules = [ - lanzaboote.nixosModules.lanzaboote - ./common/desktop - ./hosts/thalassa/aoife - ]; - }; - - eevee = { - modules = [ - ./common/desktop - ./hosts/olympus/eevee - ]; - }; - }; - - # deploy-rs - deploy = { - user = "root"; - nodes = { - "bastion-olympus" = { - hostname = "bastion.olympus"; - fastConnection = true; - remoteBuild = true; - profiles = { - system = { - path = deploy.lib.x86_64-linux.activate.nixos self.nixosConfigurations."olympus.bastion"; - }; - }; - }; - - aoife = { - remoteBuild = true; - fastConnection = true; - hostname = "aoife"; - profiles.system.path = deploy.lib.x86_64-linux.activate.nixos self.nixosConfigurations.aoife; - }; - - eevee = { - fastConnection = true; - hostname = "eevee.olympus"; - profiles.system.path = deploy.lib.x86_64-linux.activate.nixos self.nixosConfigurations.eevee; - }; - }; - }; - - # Outputs - outputsBuilder = channels: { - devShells.default = channels.nixpkgs.mkShell { - name = "devShell"; - VAULT_ADDR = "http://vault.olympus:8200/"; - NH_FLAKE = "/home/vivian/src/infrastructure-new"; - packages = with pkgs; [ - # attic.packages.${system}.attic - apply-local - deploy.packages.${system}.deploy-rs - deadnix - statix - # vault - yamllint - jq - fup-repl - nh - nixfmt-rfc-style - ]; - }; - }; - - # Checks - checks = builtins.mapAttrs (system: deployLib: deployLib.deployChecks self.deploy) deploy.lib // { - x86_64-linux.mac = pkgs.stdenvNoCC.mkDerivation { - name = "mac check"; - src = self; - dontBuild = true; - doCheck = true; - checkPhase = '' - echo "Hello World" - ''; - installPhase = "mkdir $out"; - }; }; }; } diff --git a/flux/.gitignore b/flux/.gitignore new file mode 100644 index 00000000..ec8d5548 --- /dev/null +++ b/flux/.gitignore @@ -0,0 +1 @@ +old_cluster diff --git a/flux/README.md b/flux/README.md new file mode 100644 index 00000000..252502d8 --- /dev/null +++ b/flux/README.md @@ -0,0 +1,12 @@ +# Kubernetes Cluster +This is my personal Kubernetes Cluster. [Flux] watches this git repo and reconciles and changes made to the cluster. + +## Bootstrap +```sh +flux bootstrap git --url ssh://gitea@git.0x76.dev:42/v/infrastructure.git --branch=main --path=flux/olympus/base --ssh-key-algorithm=ed25519 +``` + +## References +Heavily inspired by: [onedr0p's cluster](https://github.com/onedr0p/home-cluster) + +[Flux]: https://github.com/fluxcd/flux2 diff --git a/flux/olympus/apps/flux-system/external-secret.yaml b/flux/olympus/apps/flux-system/external-secret.yaml new file mode 100644 index 00000000..c12fbe01 --- /dev/null +++ b/flux/olympus/apps/flux-system/external-secret.yaml @@ -0,0 +1,15 @@ +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: weave-gitops + namespace: flux-system +spec: + refreshInterval: "5m" + secretStoreRef: + name: vault + kind: ClusterSecretStore + target: + name: oidc-auth + dataFrom: + - extract: + key: flux-system/weave-gitops diff --git a/flux/olympus/apps/flux-system/kustomization.yaml b/flux/olympus/apps/flux-system/kustomization.yaml new file mode 100644 index 00000000..29912dbe --- /dev/null +++ b/flux/olympus/apps/flux-system/kustomization.yaml @@ -0,0 +1,6 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - rbac.yaml + - external-secret.yaml + - weave-gitops-dashboard.yaml diff --git a/flux/olympus/apps/flux-system/rbac.yaml b/flux/olympus/apps/flux-system/rbac.yaml new file mode 100644 index 00000000..a3a7d0ca --- /dev/null +++ b/flux/olympus/apps/flux-system/rbac.yaml @@ -0,0 +1,76 @@ +--- +# Admin cluster role +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: weave-admin +rules: + # Flux Resources + - apiGroups: ["kustomize.toolkit.fluxcd.io"] + resources: ["kustomizations"] + verbs: ["get", "list", "patch"] + - apiGroups: ["helm.toolkit.fluxcd.io"] + resources: ["helmreleases"] + verbs: ["get", "list", "patch"] + - apiGroups: ["source.toolkit.fluxcd.io"] + resources: + [ + "buckets", + "helmcharts", + "gitrepositories", + "helmrepositories", + "ocirepositories", + ] + verbs: ["get", "list", "patch"] + - apiGroups: ["notification.toolkit.fluxcd.io"] + resources: ["providers", "alerts"] + verbs: ["get", "list"] + - apiGroups: ["infra.contrib.fluxcd.io"] + resources: ["terraforms"] + verbs: ["get", "list", "patch"] + # Resources managed via Flux + - apiGroups: [""] + resources: + [ + "configmaps", + "secrets", + "pods", + "services", + "namespaces", + "persistentvolumes", + "persistentvolumeclaims", + ] + verbs: ["get", "list"] + - apiGroups: ["apps"] + resources: ["deployments", "replicasets", "statefulsets"] + verbs: ["get", "list"] + - apiGroups: ["batch"] + resources: ["jobs", "cronjobs"] + verbs: ["get", "list"] + - apiGroups: ["autoscaling"] + resources: ["horizontalpodautoscalers"] + verbs: ["get", "list"] + - apiGroups: ["rbac.authorization.k8s.io"] + resources: ["roles", "clusterroles", "rolebindings", "clusterrolebindings"] + verbs: ["get", "list"] + - apiGroups: ["networking.k8s.io"] + resources: ["ingresses"] + verbs: ["get", "list"] + # Feedback + - apiGroups: [""] + resources: ["events"] + verbs: ["get", "watch", "list"] +--- +# Bind the cluster admin role to admins +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: weave-admin +subjects: + - kind: User + name: "victor@xirion.net" + apiGroup: rbac.authorization.k8s.io +roleRef: + kind: ClusterRole + name: weave-admin + apiGroup: rbac.authorization.k8s.io diff --git a/flux/olympus/apps/flux-system/weave-gitops-dashboard.yaml b/flux/olympus/apps/flux-system/weave-gitops-dashboard.yaml new file mode 100644 index 00000000..9a70ed7d --- /dev/null +++ b/flux/olympus/apps/flux-system/weave-gitops-dashboard.yaml @@ -0,0 +1,48 @@ +--- +apiVersion: source.toolkit.fluxcd.io/v1 +kind: HelmRepository +metadata: + annotations: + metadata.weave.works/description: This is the source location for the Weave GitOps + Dashboard's helm chart. + labels: + app.kubernetes.io/component: ui + app.kubernetes.io/created-by: weave-gitops-cli + app.kubernetes.io/name: weave-gitops-dashboard + app.kubernetes.io/part-of: weave-gitops + name: ww-gitops + namespace: flux-system +spec: + interval: 1h0m0s + type: oci + url: oci://ghcr.io/weaveworks/charts +--- +apiVersion: helm.toolkit.fluxcd.io/v2beta1 +kind: HelmRelease +metadata: + annotations: + metadata.weave.works/description: This is the Weave GitOps Dashboard. It provides + a simple way to get insights into your GitOps workloads. + name: ww-gitops + namespace: flux-system +spec: + chart: + spec: + chart: weave-gitops + sourceRef: + kind: HelmRepository + name: ww-gitops + interval: 1h0m0s + values: + ingress: + enabled: true + hosts: + - host: flux.0x76.dev + paths: + - path: / + pathType: ImplementationSpecific + adminUser: + create: true + passwordHash: $2a$10$uIY/YYe.CcRerpVvfk04muX86hLfXRH.K6jATZaVPqp.bnUIu/bsC + username: admin + diff --git a/flux/olympus/apps/kustomization.yaml b/flux/olympus/apps/kustomization.yaml new file mode 100644 index 00000000..396b9e10 --- /dev/null +++ b/flux/olympus/apps/kustomization.yaml @@ -0,0 +1,6 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - flux-system + - services + - websites diff --git a/flux/olympus/apps/services/kustomization.yaml b/flux/olympus/apps/services/kustomization.yaml new file mode 100644 index 00000000..4ddab702 --- /dev/null +++ b/flux/olympus/apps/services/kustomization.yaml @@ -0,0 +1,4 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - renovate diff --git a/flux/olympus/apps/services/renovate/config.yaml b/flux/olympus/apps/services/renovate/config.yaml new file mode 100644 index 00000000..53683839 --- /dev/null +++ b/flux/olympus/apps/services/renovate/config.yaml @@ -0,0 +1,57 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: renovate + namespace: services +data: + config.js: |- + module.exports = { + "binarySource": "install", + "repositories": ["v/infrastructure"], + "flux": { + "fileMatch": ["flux/.+\\.ya?ml$"] + }, + "helm-values": { + "fileMatch": ["flux/.+\\.ya?ml$"] + }, + "kubernetes": { + "fileMatch": ["flux/.+\\.ya?ml$"] + }, + "hostRules": [ + { + "hostType": "docker", + "matchHost": "ghcr.io", + "username": "NULLx76", + "password": process.env.GITHUB_COM_TOKEN + } + ], + "packageRules": [ + { + "automerge": true, + "automergeType": "branch", + "matchUpdateTypes": ["minor", "patch", "pin", "digest"], + "matchPackageNames": [ + "renovate/renovate" + ], + "matchPackagePrefixes": [ + "git.0x76.dev" + ] + } + ], + // ignore individual fluxcd images + "ignoreDeps": [ + "ghcr.io/fluxcd/helm-controller", + "ghcr.io/fluxcd/image-automation-controller", + "ghcr.io/fluxcd/image-reflector-controller", + "ghcr.io/fluxcd/kustomize-controller", + "ghcr.io/fluxcd/notification-controller", + "ghcr.io/fluxcd/source-controller" + ], + "regexManagers": [ + { + "fileMatch": [".+\\.nix"], + "matchStrings": ["image\\s*=\\s*\"(?.*?):(?.*?)\"\\s*;\\s*"], + "datasourceTemplate": "docker" + } + ] + }; diff --git a/flux/olympus/apps/services/renovate/cronjob.yaml b/flux/olympus/apps/services/renovate/cronjob.yaml new file mode 100644 index 00000000..2861a3f8 --- /dev/null +++ b/flux/olympus/apps/services/renovate/cronjob.yaml @@ -0,0 +1,46 @@ +apiVersion: batch/v1 +kind: CronJob +metadata: + name: renovate + namespace: services +spec: + # Run every 8 hours + schedule: "0 */8 * * *" + concurrencyPolicy: Forbid + jobTemplate: + spec: + template: + spec: + volumes: + - name: config-volume + configMap: + name: renovate + - name: work-volume + emptyDir: {} + containers: + - name: renovate + image: renovate/renovate:37.67.3 + volumeMounts: + - name: config-volume + mountPath: /opt/renovate/ + - name: work-volume + mountPath: /tmp/renovate/ + env: + - name: LOG_LEVEL + value: debug + - name: RENOVATE_ENDPOINT + value: "https://git.0x76.dev/api/v1/" + - name: RENOVATE_PLATFORM + value: gitea + - name: RENOVATE_AUTODISCOVER + value: "false" + - name: RENOVATE_GIT_AUTHOR + value: "Renovate Bot " + - name: RENOVATE_CONFIG_FILE + value: "/opt/renovate/config.js" + - name: RENOVATE_BASE_DIR + value: "/tmp/renovate" + envFrom: + - secretRef: + name: renovate + restartPolicy: Never diff --git a/flux/olympus/apps/services/renovate/external-secret.yaml b/flux/olympus/apps/services/renovate/external-secret.yaml new file mode 100644 index 00000000..40637451 --- /dev/null +++ b/flux/olympus/apps/services/renovate/external-secret.yaml @@ -0,0 +1,21 @@ +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: renovate + namespace: services +spec: + refreshInterval: "5m" + secretStoreRef: + name: vault + kind: ClusterSecretStore + target: + name: renovate + data: + - secretKey: RENOVATE_TOKEN + remoteRef: + key: gitops/renovate + property: gitea_token + - secretKey: GITHUB_COM_TOKEN + remoteRef: + key: gitops/renovate + property: github_token diff --git a/flux/olympus/apps/services/renovate/kustomization.yaml b/flux/olympus/apps/services/renovate/kustomization.yaml new file mode 100644 index 00000000..74e8575d --- /dev/null +++ b/flux/olympus/apps/services/renovate/kustomization.yaml @@ -0,0 +1,6 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - external-secret.yaml + - config.yaml + - cronjob.yaml diff --git a/flux/olympus/apps/websites/0x76.yaml b/flux/olympus/apps/websites/0x76.yaml new file mode 100644 index 00000000..7b768e6c --- /dev/null +++ b/flux/olympus/apps/websites/0x76.yaml @@ -0,0 +1,52 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: x76dev + namespace: websites + labels: + app: x76dev +spec: + replicas: 1 + selector: + matchLabels: + app: x76dev + template: + metadata: + labels: + app: x76dev + spec: + containers: + - name: x76dev + image: git.0x76.dev/v/0x76.dev:5 + ports: + - containerPort: 80 +--- +apiVersion: v1 +kind: Service +metadata: + name: x76dev + namespace: websites +spec: + selector: + app: x76dev + ports: + - protocol: TCP + port: 80 +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: x76dev + namespace: websites +spec: + rules: + - host: "0x76.dev" + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: x76dev + port: + number: 80 diff --git a/flux/olympus/apps/websites/blog.yaml b/flux/olympus/apps/websites/blog.yaml new file mode 100644 index 00000000..52e763e5 --- /dev/null +++ b/flux/olympus/apps/websites/blog.yaml @@ -0,0 +1,52 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: blog + namespace: websites + labels: + app: blog +spec: + replicas: 1 + selector: + matchLabels: + app: blog + template: + metadata: + labels: + app: blog + spec: + containers: + - name: blog + image: git.0x76.dev/v/blog.xirion.net:5 + ports: + - containerPort: 8080 +--- +apiVersion: v1 +kind: Service +metadata: + name: blog + namespace: websites +spec: + selector: + app: blog + ports: + - protocol: TCP + port: 8080 +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: blog + namespace: websites +spec: + rules: + - host: "blog.xirion.net" + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: blog + port: + number: 8080 diff --git a/flux/olympus/apps/websites/internal.yaml b/flux/olympus/apps/websites/internal.yaml new file mode 100644 index 00000000..50d2f244 --- /dev/null +++ b/flux/olympus/apps/websites/internal.yaml @@ -0,0 +1,52 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: internal + namespace: websites + labels: + app: internal +spec: + replicas: 1 + selector: + matchLabels: + app: internal + template: + metadata: + labels: + app: internal + spec: + containers: + - name: internal + image: git.0x76.dev/v/internal.xirion.net:1 + ports: + - containerPort: 8080 +--- +apiVersion: v1 +kind: Service +metadata: + name: internal + namespace: websites +spec: + selector: + app: internal + ports: + - protocol: TCP + port: 8080 +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: internal + namespace: websites +spec: + rules: + - host: "internal.xirion.net" + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: internal + port: + number: 8080 diff --git a/flux/olympus/apps/websites/kustomization.yaml b/flux/olympus/apps/websites/kustomization.yaml new file mode 100644 index 00000000..d3df4526 --- /dev/null +++ b/flux/olympus/apps/websites/kustomization.yaml @@ -0,0 +1,9 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +metadata: + namespace: websites +resources: + - 0x76.yaml + - internal.yaml + - blog.yaml + - xirion.yaml diff --git a/flux/olympus/apps/websites/xirion.yaml b/flux/olympus/apps/websites/xirion.yaml new file mode 100644 index 00000000..e7e311f1 --- /dev/null +++ b/flux/olympus/apps/websites/xirion.yaml @@ -0,0 +1,52 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: xirion + namespace: websites + labels: + app: xirion +spec: + replicas: 1 + selector: + matchLabels: + app: xirion + template: + metadata: + labels: + app: xirion + spec: + containers: + - name: xirion + image: git.0x76.dev/v/xirion.net:2 + ports: + - containerPort: 80 +--- +apiVersion: v1 +kind: Service +metadata: + name: xirion + namespace: websites +spec: + selector: + app: xirion + ports: + - protocol: TCP + port: 80 +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: xirion + namespace: websites +spec: + rules: + - host: "xirion.net" + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: xirion + port: + number: 80 diff --git a/flux/olympus/base/apps.yaml b/flux/olympus/base/apps.yaml new file mode 100644 index 00000000..0059a2e9 --- /dev/null +++ b/flux/olympus/base/apps.yaml @@ -0,0 +1,15 @@ +--- +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: apps + namespace: flux-system +spec: + interval: 10m0s + dependsOn: + - name: core + path: ./flux/olympus/apps + prune: true + sourceRef: + kind: GitRepository + name: flux-system diff --git a/flux/olympus/base/core.yaml b/flux/olympus/base/core.yaml new file mode 100644 index 00000000..f61c58c8 --- /dev/null +++ b/flux/olympus/base/core.yaml @@ -0,0 +1,13 @@ +--- +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: core + namespace: flux-system +spec: + interval: 10m0s + path: ./flux/olympus/core + prune: true + sourceRef: + kind: GitRepository + name: flux-system diff --git a/flux/olympus/base/flux-system/gotk-components.yaml b/flux/olympus/base/flux-system/gotk-components.yaml new file mode 100644 index 00000000..d8d8bed8 --- /dev/null +++ b/flux/olympus/base/flux-system/gotk-components.yaml @@ -0,0 +1,8029 @@ +--- +# This manifest was generated by flux. DO NOT EDIT. +# Flux Version: v2.1.2 +# Components: source-controller,kustomize-controller,helm-controller,notification-controller +apiVersion: v1 +kind: Namespace +metadata: + labels: + app.kubernetes.io/instance: flux-system + app.kubernetes.io/part-of: flux + app.kubernetes.io/version: v2.1.2 + pod-security.kubernetes.io/warn: restricted + pod-security.kubernetes.io/warn-version: latest + name: flux-system +--- +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + labels: + app.kubernetes.io/instance: flux-system + app.kubernetes.io/part-of: flux + app.kubernetes.io/version: v2.1.2 + name: allow-egress + namespace: flux-system +spec: + egress: + - {} + ingress: + - from: + - podSelector: {} + podSelector: {} + policyTypes: + - Ingress + - Egress +--- +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + labels: + app.kubernetes.io/instance: flux-system + app.kubernetes.io/part-of: flux + app.kubernetes.io/version: v2.1.2 + name: allow-scraping + namespace: flux-system +spec: + ingress: + - from: + - namespaceSelector: {} + ports: + - port: 8080 + protocol: TCP + podSelector: {} + policyTypes: + - Ingress +--- +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + labels: + app.kubernetes.io/instance: flux-system + app.kubernetes.io/part-of: flux + app.kubernetes.io/version: v2.1.2 + name: allow-webhooks + namespace: flux-system +spec: + ingress: + - from: + - namespaceSelector: {} + podSelector: + matchLabels: + app: notification-controller + policyTypes: + - Ingress +--- +apiVersion: v1 +kind: ResourceQuota +metadata: + labels: + app.kubernetes.io/instance: flux-system + app.kubernetes.io/part-of: flux + app.kubernetes.io/version: v2.1.2 + name: critical-pods-flux-system + namespace: flux-system +spec: + hard: + pods: "1000" + scopeSelector: + matchExpressions: + - operator: In + scopeName: PriorityClass + values: + - system-node-critical + - system-cluster-critical +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/instance: flux-system + app.kubernetes.io/part-of: flux + app.kubernetes.io/version: v2.1.2 + name: crd-controller-flux-system +rules: +- apiGroups: + - source.toolkit.fluxcd.io + resources: + - '*' + verbs: + - '*' +- apiGroups: + - kustomize.toolkit.fluxcd.io + resources: + - '*' + verbs: + - '*' +- apiGroups: + - helm.toolkit.fluxcd.io + resources: + - '*' + verbs: + - '*' +- apiGroups: + - notification.toolkit.fluxcd.io + resources: + - '*' + verbs: + - '*' +- apiGroups: + - image.toolkit.fluxcd.io + resources: + - '*' + verbs: + - '*' +- apiGroups: + - "" + resources: + - namespaces + - secrets + - configmaps + - serviceaccounts + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - "" + resources: + - configmaps/status + verbs: + - get + - update + - patch +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/instance: flux-system + app.kubernetes.io/part-of: flux + app.kubernetes.io/version: v2.1.2 + rbac.authorization.k8s.io/aggregate-to-admin: "true" + rbac.authorization.k8s.io/aggregate-to-edit: "true" + name: flux-edit-flux-system +rules: +- apiGroups: + - notification.toolkit.fluxcd.io + - source.toolkit.fluxcd.io + - helm.toolkit.fluxcd.io + - image.toolkit.fluxcd.io + - kustomize.toolkit.fluxcd.io + resources: + - '*' + verbs: + - create + - delete + - deletecollection + - patch + - update +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/instance: flux-system + app.kubernetes.io/part-of: flux + app.kubernetes.io/version: v2.1.2 + rbac.authorization.k8s.io/aggregate-to-admin: "true" + rbac.authorization.k8s.io/aggregate-to-edit: "true" + rbac.authorization.k8s.io/aggregate-to-view: "true" + name: flux-view-flux-system +rules: +- apiGroups: + - notification.toolkit.fluxcd.io + - source.toolkit.fluxcd.io + - helm.toolkit.fluxcd.io + - image.toolkit.fluxcd.io + - kustomize.toolkit.fluxcd.io + resources: + - '*' + verbs: + - get + - list + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/instance: flux-system + app.kubernetes.io/part-of: flux + app.kubernetes.io/version: v2.1.2 + name: cluster-reconciler-flux-system +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: cluster-admin +subjects: +- kind: ServiceAccount + name: kustomize-controller + namespace: flux-system +- kind: ServiceAccount + name: helm-controller + namespace: flux-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/instance: flux-system + app.kubernetes.io/part-of: flux + app.kubernetes.io/version: v2.1.2 + name: crd-controller-flux-system +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: crd-controller-flux-system +subjects: +- kind: ServiceAccount + name: kustomize-controller + namespace: flux-system +- kind: ServiceAccount + name: helm-controller + namespace: flux-system +- kind: ServiceAccount + name: source-controller + namespace: flux-system +- kind: ServiceAccount + name: notification-controller + namespace: flux-system +- kind: ServiceAccount + name: image-reflector-controller + namespace: flux-system +- kind: ServiceAccount + name: image-automation-controller + namespace: flux-system +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.12.0 + labels: + app.kubernetes.io/component: source-controller + app.kubernetes.io/instance: flux-system + app.kubernetes.io/part-of: flux + app.kubernetes.io/version: v2.1.2 + name: buckets.source.toolkit.fluxcd.io +spec: + group: source.toolkit.fluxcd.io + names: + kind: Bucket + listKind: BucketList + plural: buckets + singular: bucket + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .spec.endpoint + name: Endpoint + type: string + - jsonPath: .status.conditions[?(@.type=="Ready")].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=="Ready")].message + name: Status + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: Bucket is the Schema for the buckets API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: BucketSpec defines the desired state of an S3 compatible + bucket + properties: + accessFrom: + description: AccessFrom defines an Access Control List for allowing + cross-namespace references to this object. + properties: + namespaceSelectors: + description: NamespaceSelectors is the list of namespace selectors + to which this ACL applies. Items in this list are evaluated + using a logical OR operation. + items: + description: NamespaceSelector selects the namespaces to which + this ACL applies. An empty map of MatchLabels matches all + namespaces in a cluster. + properties: + matchLabels: + additionalProperties: + type: string + description: MatchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field is + "key", the operator is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + type: array + required: + - namespaceSelectors + type: object + bucketName: + description: The bucket name. + type: string + endpoint: + description: The bucket endpoint address. + type: string + ignore: + description: Ignore overrides the set of excluded patterns in the + .sourceignore format (which is the same as .gitignore). If not provided, + a default will be used, consult the documentation for your version + to find out what those are. + type: string + insecure: + description: Insecure allows connecting to a non-TLS S3 HTTP endpoint. + type: boolean + interval: + description: The interval at which to check for bucket updates. + type: string + provider: + default: generic + description: The S3 compatible storage provider name, default ('generic'). + enum: + - generic + - aws + - gcp + type: string + region: + description: The bucket region. + type: string + secretRef: + description: The name of the secret containing authentication credentials + for the Bucket. + properties: + name: + description: Name of the referent. + type: string + required: + - name + type: object + suspend: + description: This flag tells the controller to suspend the reconciliation + of this source. + type: boolean + timeout: + default: 60s + description: The timeout for download operations, defaults to 60s. + type: string + required: + - bucketName + - endpoint + - interval + type: object + status: + default: + observedGeneration: -1 + description: BucketStatus defines the observed state of a bucket + properties: + artifact: + description: Artifact represents the output of the last successful + Bucket sync. + properties: + checksum: + description: Checksum is the SHA256 checksum of the artifact. + type: string + lastUpdateTime: + description: LastUpdateTime is the timestamp corresponding to + the last update of this artifact. + format: date-time + type: string + path: + description: Path is the relative file path of this artifact. + type: string + revision: + description: Revision is a human readable identifier traceable + in the origin source system. It can be a Git commit SHA, Git + tag, a Helm index timestamp, a Helm chart version, etc. + type: string + url: + description: URL is the HTTP address of this artifact. + type: string + required: + - path + - url + type: object + conditions: + description: Conditions holds the conditions for the Bucket. + items: + description: "Condition contains details for one aspect of the current + state of this API Resource. --- This struct is intended for direct + use as an array at the field path .status.conditions. For example, + \n type FooStatus struct{ // Represents the observations of a + foo's current state. // Known .status.conditions.type are: \"Available\", + \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge + // +listType=map // +listMapKey=type Conditions []metav1.Condition + `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" + protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition + transitioned from one status to another. This should be when + the underlying condition changed. If that is not known, then + using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: message is a human readable message indicating + details about the transition. This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: observedGeneration represents the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.conditions[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: reason contains a programmatic identifier indicating + the reason for the condition's last transition. Producers + of specific condition types may define expected values and + meanings for this field, and whether the values are considered + a guaranteed API. The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + --- Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + lastHandledReconcileAt: + description: LastHandledReconcileAt holds the value of the most recent + reconcile request value, so a change of the annotation value can + be detected. + type: string + observedGeneration: + description: ObservedGeneration is the last observed generation. + format: int64 + type: integer + url: + description: URL is the download link for the artifact output of the + last Bucket sync. + type: string + type: object + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - jsonPath: .spec.endpoint + name: Endpoint + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - jsonPath: .status.conditions[?(@.type=="Ready")].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=="Ready")].message + name: Status + type: string + name: v1beta2 + schema: + openAPIV3Schema: + description: Bucket is the Schema for the buckets API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: BucketSpec specifies the required configuration to produce + an Artifact for an object storage bucket. + properties: + accessFrom: + description: 'AccessFrom specifies an Access Control List for allowing + cross-namespace references to this object. NOTE: Not implemented, + provisional as of https://github.com/fluxcd/flux2/pull/2092' + properties: + namespaceSelectors: + description: NamespaceSelectors is the list of namespace selectors + to which this ACL applies. Items in this list are evaluated + using a logical OR operation. + items: + description: NamespaceSelector selects the namespaces to which + this ACL applies. An empty map of MatchLabels matches all + namespaces in a cluster. + properties: + matchLabels: + additionalProperties: + type: string + description: MatchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field is + "key", the operator is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + type: array + required: + - namespaceSelectors + type: object + bucketName: + description: BucketName is the name of the object storage bucket. + type: string + endpoint: + description: Endpoint is the object storage address the BucketName + is located at. + type: string + ignore: + description: Ignore overrides the set of excluded patterns in the + .sourceignore format (which is the same as .gitignore). If not provided, + a default will be used, consult the documentation for your version + to find out what those are. + type: string + insecure: + description: Insecure allows connecting to a non-TLS HTTP Endpoint. + type: boolean + interval: + description: Interval at which the Bucket Endpoint is checked for + updates. This interval is approximate and may be subject to jitter + to ensure efficient use of resources. + pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ + type: string + provider: + default: generic + description: Provider of the object storage bucket. Defaults to 'generic', + which expects an S3 (API) compatible object storage. + enum: + - generic + - aws + - gcp + - azure + type: string + region: + description: Region of the Endpoint where the BucketName is located + in. + type: string + secretRef: + description: SecretRef specifies the Secret containing authentication + credentials for the Bucket. + properties: + name: + description: Name of the referent. + type: string + required: + - name + type: object + suspend: + description: Suspend tells the controller to suspend the reconciliation + of this Bucket. + type: boolean + timeout: + default: 60s + description: Timeout for fetch operations, defaults to 60s. + pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m))+$ + type: string + required: + - bucketName + - endpoint + - interval + type: object + status: + default: + observedGeneration: -1 + description: BucketStatus records the observed state of a Bucket. + properties: + artifact: + description: Artifact represents the last successful Bucket reconciliation. + properties: + digest: + description: Digest is the digest of the file in the form of ':'. + pattern: ^[a-z0-9]+(?:[.+_-][a-z0-9]+)*:[a-zA-Z0-9=_-]+$ + type: string + lastUpdateTime: + description: LastUpdateTime is the timestamp corresponding to + the last update of the Artifact. + format: date-time + type: string + metadata: + additionalProperties: + type: string + description: Metadata holds upstream information such as OCI annotations. + type: object + path: + description: Path is the relative file path of the Artifact. It + can be used to locate the file in the root of the Artifact storage + on the local file system of the controller managing the Source. + type: string + revision: + description: Revision is a human-readable identifier traceable + in the origin source system. It can be a Git commit SHA, Git + tag, a Helm chart version, etc. + type: string + size: + description: Size is the number of bytes in the file. + format: int64 + type: integer + url: + description: URL is the HTTP address of the Artifact as exposed + by the controller managing the Source. It can be used to retrieve + the Artifact for consumption, e.g. by another controller applying + the Artifact contents. + type: string + required: + - lastUpdateTime + - path + - revision + - url + type: object + conditions: + description: Conditions holds the conditions for the Bucket. + items: + description: "Condition contains details for one aspect of the current + state of this API Resource. --- This struct is intended for direct + use as an array at the field path .status.conditions. For example, + \n type FooStatus struct{ // Represents the observations of a + foo's current state. // Known .status.conditions.type are: \"Available\", + \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge + // +listType=map // +listMapKey=type Conditions []metav1.Condition + `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" + protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition + transitioned from one status to another. This should be when + the underlying condition changed. If that is not known, then + using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: message is a human readable message indicating + details about the transition. This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: observedGeneration represents the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.conditions[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: reason contains a programmatic identifier indicating + the reason for the condition's last transition. Producers + of specific condition types may define expected values and + meanings for this field, and whether the values are considered + a guaranteed API. The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + --- Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + lastHandledReconcileAt: + description: LastHandledReconcileAt holds the value of the most recent + reconcile request value, so a change of the annotation value can + be detected. + type: string + observedGeneration: + description: ObservedGeneration is the last observed generation of + the Bucket object. + format: int64 + type: integer + observedIgnore: + description: ObservedIgnore is the observed exclusion patterns used + for constructing the source artifact. + type: string + url: + description: URL is the dynamic fetch link for the latest Artifact. + It is provided on a "best effort" basis, and using the precise BucketStatus.Artifact + data is recommended. + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.12.0 + labels: + app.kubernetes.io/component: source-controller + app.kubernetes.io/instance: flux-system + app.kubernetes.io/part-of: flux + app.kubernetes.io/version: v2.1.2 + name: gitrepositories.source.toolkit.fluxcd.io +spec: + group: source.toolkit.fluxcd.io + names: + kind: GitRepository + listKind: GitRepositoryList + plural: gitrepositories + shortNames: + - gitrepo + singular: gitrepository + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .spec.url + name: URL + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - jsonPath: .status.conditions[?(@.type=="Ready")].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=="Ready")].message + name: Status + type: string + name: v1 + schema: + openAPIV3Schema: + description: GitRepository is the Schema for the gitrepositories API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: GitRepositorySpec specifies the required configuration to + produce an Artifact for a Git repository. + properties: + ignore: + description: Ignore overrides the set of excluded patterns in the + .sourceignore format (which is the same as .gitignore). If not provided, + a default will be used, consult the documentation for your version + to find out what those are. + type: string + include: + description: Include specifies a list of GitRepository resources which + Artifacts should be included in the Artifact produced for this GitRepository. + items: + description: GitRepositoryInclude specifies a local reference to + a GitRepository which Artifact (sub-)contents must be included, + and where they should be placed. + properties: + fromPath: + description: FromPath specifies the path to copy contents from, + defaults to the root of the Artifact. + type: string + repository: + description: GitRepositoryRef specifies the GitRepository which + Artifact contents must be included. + properties: + name: + description: Name of the referent. + type: string + required: + - name + type: object + toPath: + description: ToPath specifies the path to copy contents to, + defaults to the name of the GitRepositoryRef. + type: string + required: + - repository + type: object + type: array + interval: + description: Interval at which the GitRepository URL is checked for + updates. This interval is approximate and may be subject to jitter + to ensure efficient use of resources. + pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ + type: string + proxySecretRef: + description: ProxySecretRef specifies the Secret containing the proxy + configuration to use while communicating with the Git server. + properties: + name: + description: Name of the referent. + type: string + required: + - name + type: object + recurseSubmodules: + description: RecurseSubmodules enables the initialization of all submodules + within the GitRepository as cloned from the URL, using their default + settings. + type: boolean + ref: + description: Reference specifies the Git reference to resolve and + monitor for changes, defaults to the 'master' branch. + properties: + branch: + description: Branch to check out, defaults to 'master' if no other + field is defined. + type: string + commit: + description: "Commit SHA to check out, takes precedence over all + reference fields. \n This can be combined with Branch to shallow + clone the branch, in which the commit is expected to exist." + type: string + name: + description: "Name of the reference to check out; takes precedence + over Branch, Tag and SemVer. \n It must be a valid Git reference: + https://git-scm.com/docs/git-check-ref-format#_description Examples: + \"refs/heads/main\", \"refs/tags/v0.1.0\", \"refs/pull/420/head\", + \"refs/merge-requests/1/head\"" + type: string + semver: + description: SemVer tag expression to check out, takes precedence + over Tag. + type: string + tag: + description: Tag to check out, takes precedence over Branch. + type: string + type: object + secretRef: + description: SecretRef specifies the Secret containing authentication + credentials for the GitRepository. For HTTPS repositories the Secret + must contain 'username' and 'password' fields for basic auth or + 'bearerToken' field for token auth. For SSH repositories the Secret + must contain 'identity' and 'known_hosts' fields. + properties: + name: + description: Name of the referent. + type: string + required: + - name + type: object + suspend: + description: Suspend tells the controller to suspend the reconciliation + of this GitRepository. + type: boolean + timeout: + default: 60s + description: Timeout for Git operations like cloning, defaults to + 60s. + pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m))+$ + type: string + url: + description: URL specifies the Git repository URL, it can be an HTTP/S + or SSH address. + pattern: ^(http|https|ssh)://.*$ + type: string + verify: + description: Verification specifies the configuration to verify the + Git commit signature(s). + properties: + mode: + default: HEAD + description: "Mode specifies which Git object(s) should be verified. + \n The variants \"head\" and \"HEAD\" both imply the same thing, + i.e. verify the commit that the HEAD of the Git repository points + to. The variant \"head\" solely exists to ensure backwards compatibility." + enum: + - head + - HEAD + - Tag + - TagAndHEAD + type: string + secretRef: + description: SecretRef specifies the Secret containing the public + keys of trusted Git authors. + properties: + name: + description: Name of the referent. + type: string + required: + - name + type: object + required: + - secretRef + type: object + required: + - interval + - url + type: object + status: + default: + observedGeneration: -1 + description: GitRepositoryStatus records the observed state of a Git repository. + properties: + artifact: + description: Artifact represents the last successful GitRepository + reconciliation. + properties: + digest: + description: Digest is the digest of the file in the form of ':'. + pattern: ^[a-z0-9]+(?:[.+_-][a-z0-9]+)*:[a-zA-Z0-9=_-]+$ + type: string + lastUpdateTime: + description: LastUpdateTime is the timestamp corresponding to + the last update of the Artifact. + format: date-time + type: string + metadata: + additionalProperties: + type: string + description: Metadata holds upstream information such as OCI annotations. + type: object + path: + description: Path is the relative file path of the Artifact. It + can be used to locate the file in the root of the Artifact storage + on the local file system of the controller managing the Source. + type: string + revision: + description: Revision is a human-readable identifier traceable + in the origin source system. It can be a Git commit SHA, Git + tag, a Helm chart version, etc. + type: string + size: + description: Size is the number of bytes in the file. + format: int64 + type: integer + url: + description: URL is the HTTP address of the Artifact as exposed + by the controller managing the Source. It can be used to retrieve + the Artifact for consumption, e.g. by another controller applying + the Artifact contents. + type: string + required: + - lastUpdateTime + - path + - revision + - url + type: object + conditions: + description: Conditions holds the conditions for the GitRepository. + items: + description: "Condition contains details for one aspect of the current + state of this API Resource. --- This struct is intended for direct + use as an array at the field path .status.conditions. For example, + \n type FooStatus struct{ // Represents the observations of a + foo's current state. // Known .status.conditions.type are: \"Available\", + \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge + // +listType=map // +listMapKey=type Conditions []metav1.Condition + `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" + protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition + transitioned from one status to another. This should be when + the underlying condition changed. If that is not known, then + using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: message is a human readable message indicating + details about the transition. This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: observedGeneration represents the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.conditions[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: reason contains a programmatic identifier indicating + the reason for the condition's last transition. Producers + of specific condition types may define expected values and + meanings for this field, and whether the values are considered + a guaranteed API. The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + --- Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + includedArtifacts: + description: IncludedArtifacts contains a list of the last successfully + included Artifacts as instructed by GitRepositorySpec.Include. + items: + description: Artifact represents the output of a Source reconciliation. + properties: + digest: + description: Digest is the digest of the file in the form of + ':'. + pattern: ^[a-z0-9]+(?:[.+_-][a-z0-9]+)*:[a-zA-Z0-9=_-]+$ + type: string + lastUpdateTime: + description: LastUpdateTime is the timestamp corresponding to + the last update of the Artifact. + format: date-time + type: string + metadata: + additionalProperties: + type: string + description: Metadata holds upstream information such as OCI + annotations. + type: object + path: + description: Path is the relative file path of the Artifact. + It can be used to locate the file in the root of the Artifact + storage on the local file system of the controller managing + the Source. + type: string + revision: + description: Revision is a human-readable identifier traceable + in the origin source system. It can be a Git commit SHA, Git + tag, a Helm chart version, etc. + type: string + size: + description: Size is the number of bytes in the file. + format: int64 + type: integer + url: + description: URL is the HTTP address of the Artifact as exposed + by the controller managing the Source. It can be used to retrieve + the Artifact for consumption, e.g. by another controller applying + the Artifact contents. + type: string + required: + - lastUpdateTime + - path + - revision + - url + type: object + type: array + lastHandledReconcileAt: + description: LastHandledReconcileAt holds the value of the most recent + reconcile request value, so a change of the annotation value can + be detected. + type: string + observedGeneration: + description: ObservedGeneration is the last observed generation of + the GitRepository object. + format: int64 + type: integer + observedIgnore: + description: ObservedIgnore is the observed exclusion patterns used + for constructing the source artifact. + type: string + observedInclude: + description: ObservedInclude is the observed list of GitRepository + resources used to produce the current Artifact. + items: + description: GitRepositoryInclude specifies a local reference to + a GitRepository which Artifact (sub-)contents must be included, + and where they should be placed. + properties: + fromPath: + description: FromPath specifies the path to copy contents from, + defaults to the root of the Artifact. + type: string + repository: + description: GitRepositoryRef specifies the GitRepository which + Artifact contents must be included. + properties: + name: + description: Name of the referent. + type: string + required: + - name + type: object + toPath: + description: ToPath specifies the path to copy contents to, + defaults to the name of the GitRepositoryRef. + type: string + required: + - repository + type: object + type: array + observedRecurseSubmodules: + description: ObservedRecurseSubmodules is the observed resource submodules + configuration used to produce the current Artifact. + type: boolean + sourceVerificationMode: + description: SourceVerificationMode is the last used verification + mode indicating which Git object(s) have been verified. + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} + - additionalPrinterColumns: + - jsonPath: .spec.url + name: URL + type: string + - jsonPath: .status.conditions[?(@.type=="Ready")].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=="Ready")].message + name: Status + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + deprecated: true + deprecationWarning: v1beta1 GitRepository is deprecated, upgrade to v1 + name: v1beta1 + schema: + openAPIV3Schema: + description: GitRepository is the Schema for the gitrepositories API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: GitRepositorySpec defines the desired state of a Git repository. + properties: + accessFrom: + description: AccessFrom defines an Access Control List for allowing + cross-namespace references to this object. + properties: + namespaceSelectors: + description: NamespaceSelectors is the list of namespace selectors + to which this ACL applies. Items in this list are evaluated + using a logical OR operation. + items: + description: NamespaceSelector selects the namespaces to which + this ACL applies. An empty map of MatchLabels matches all + namespaces in a cluster. + properties: + matchLabels: + additionalProperties: + type: string + description: MatchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field is + "key", the operator is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + type: array + required: + - namespaceSelectors + type: object + gitImplementation: + default: go-git + description: Determines which git client library to use. Defaults + to go-git, valid values are ('go-git', 'libgit2'). + enum: + - go-git + - libgit2 + type: string + ignore: + description: Ignore overrides the set of excluded patterns in the + .sourceignore format (which is the same as .gitignore). If not provided, + a default will be used, consult the documentation for your version + to find out what those are. + type: string + include: + description: Extra git repositories to map into the repository + items: + description: GitRepositoryInclude defines a source with a from and + to path. + properties: + fromPath: + description: The path to copy contents from, defaults to the + root directory. + type: string + repository: + description: Reference to a GitRepository to include. + properties: + name: + description: Name of the referent. + type: string + required: + - name + type: object + toPath: + description: The path to copy contents to, defaults to the name + of the source ref. + type: string + required: + - repository + type: object + type: array + interval: + description: The interval at which to check for repository updates. + type: string + recurseSubmodules: + description: When enabled, after the clone is created, initializes + all submodules within, using their default settings. This option + is available only when using the 'go-git' GitImplementation. + type: boolean + ref: + description: The Git reference to checkout and monitor for changes, + defaults to master branch. + properties: + branch: + description: The Git branch to checkout, defaults to master. + type: string + commit: + description: The Git commit SHA to checkout, if specified Tag + filters will be ignored. + type: string + semver: + description: The Git tag semver expression, takes precedence over + Tag. + type: string + tag: + description: The Git tag to checkout, takes precedence over Branch. + type: string + type: object + secretRef: + description: The secret name containing the Git credentials. For HTTPS + repositories the secret must contain username and password fields. + For SSH repositories the secret must contain identity and known_hosts + fields. + properties: + name: + description: Name of the referent. + type: string + required: + - name + type: object + suspend: + description: This flag tells the controller to suspend the reconciliation + of this source. + type: boolean + timeout: + default: 60s + description: The timeout for remote Git operations like cloning, defaults + to 60s. + type: string + url: + description: The repository URL, can be a HTTP/S or SSH address. + pattern: ^(http|https|ssh)://.*$ + type: string + verify: + description: Verify OpenPGP signature for the Git commit HEAD points + to. + properties: + mode: + description: Mode describes what git object should be verified, + currently ('head'). + enum: + - head + type: string + secretRef: + description: The secret name containing the public keys of all + trusted Git authors. + properties: + name: + description: Name of the referent. + type: string + required: + - name + type: object + required: + - mode + type: object + required: + - interval + - url + type: object + status: + default: + observedGeneration: -1 + description: GitRepositoryStatus defines the observed state of a Git repository. + properties: + artifact: + description: Artifact represents the output of the last successful + repository sync. + properties: + checksum: + description: Checksum is the SHA256 checksum of the artifact. + type: string + lastUpdateTime: + description: LastUpdateTime is the timestamp corresponding to + the last update of this artifact. + format: date-time + type: string + path: + description: Path is the relative file path of this artifact. + type: string + revision: + description: Revision is a human readable identifier traceable + in the origin source system. It can be a Git commit SHA, Git + tag, a Helm index timestamp, a Helm chart version, etc. + type: string + url: + description: URL is the HTTP address of this artifact. + type: string + required: + - path + - url + type: object + conditions: + description: Conditions holds the conditions for the GitRepository. + items: + description: "Condition contains details for one aspect of the current + state of this API Resource. --- This struct is intended for direct + use as an array at the field path .status.conditions. For example, + \n type FooStatus struct{ // Represents the observations of a + foo's current state. // Known .status.conditions.type are: \"Available\", + \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge + // +listType=map // +listMapKey=type Conditions []metav1.Condition + `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" + protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition + transitioned from one status to another. This should be when + the underlying condition changed. If that is not known, then + using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: message is a human readable message indicating + details about the transition. This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: observedGeneration represents the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.conditions[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: reason contains a programmatic identifier indicating + the reason for the condition's last transition. Producers + of specific condition types may define expected values and + meanings for this field, and whether the values are considered + a guaranteed API. The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + --- Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + includedArtifacts: + description: IncludedArtifacts represents the included artifacts from + the last successful repository sync. + items: + description: Artifact represents the output of a source synchronisation. + properties: + checksum: + description: Checksum is the SHA256 checksum of the artifact. + type: string + lastUpdateTime: + description: LastUpdateTime is the timestamp corresponding to + the last update of this artifact. + format: date-time + type: string + path: + description: Path is the relative file path of this artifact. + type: string + revision: + description: Revision is a human readable identifier traceable + in the origin source system. It can be a Git commit SHA, Git + tag, a Helm index timestamp, a Helm chart version, etc. + type: string + url: + description: URL is the HTTP address of this artifact. + type: string + required: + - path + - url + type: object + type: array + lastHandledReconcileAt: + description: LastHandledReconcileAt holds the value of the most recent + reconcile request value, so a change of the annotation value can + be detected. + type: string + observedGeneration: + description: ObservedGeneration is the last observed generation. + format: int64 + type: integer + url: + description: URL is the download link for the artifact output of the + last repository sync. + type: string + type: object + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - jsonPath: .spec.url + name: URL + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - jsonPath: .status.conditions[?(@.type=="Ready")].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=="Ready")].message + name: Status + type: string + deprecated: true + deprecationWarning: v1beta2 GitRepository is deprecated, upgrade to v1 + name: v1beta2 + schema: + openAPIV3Schema: + description: GitRepository is the Schema for the gitrepositories API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: GitRepositorySpec specifies the required configuration to + produce an Artifact for a Git repository. + properties: + accessFrom: + description: 'AccessFrom specifies an Access Control List for allowing + cross-namespace references to this object. NOTE: Not implemented, + provisional as of https://github.com/fluxcd/flux2/pull/2092' + properties: + namespaceSelectors: + description: NamespaceSelectors is the list of namespace selectors + to which this ACL applies. Items in this list are evaluated + using a logical OR operation. + items: + description: NamespaceSelector selects the namespaces to which + this ACL applies. An empty map of MatchLabels matches all + namespaces in a cluster. + properties: + matchLabels: + additionalProperties: + type: string + description: MatchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field is + "key", the operator is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + type: array + required: + - namespaceSelectors + type: object + gitImplementation: + default: go-git + description: 'GitImplementation specifies which Git client library + implementation to use. Defaults to ''go-git'', valid values are + (''go-git'', ''libgit2''). Deprecated: gitImplementation is deprecated + now that ''go-git'' is the only supported implementation.' + enum: + - go-git + - libgit2 + type: string + ignore: + description: Ignore overrides the set of excluded patterns in the + .sourceignore format (which is the same as .gitignore). If not provided, + a default will be used, consult the documentation for your version + to find out what those are. + type: string + include: + description: Include specifies a list of GitRepository resources which + Artifacts should be included in the Artifact produced for this GitRepository. + items: + description: GitRepositoryInclude specifies a local reference to + a GitRepository which Artifact (sub-)contents must be included, + and where they should be placed. + properties: + fromPath: + description: FromPath specifies the path to copy contents from, + defaults to the root of the Artifact. + type: string + repository: + description: GitRepositoryRef specifies the GitRepository which + Artifact contents must be included. + properties: + name: + description: Name of the referent. + type: string + required: + - name + type: object + toPath: + description: ToPath specifies the path to copy contents to, + defaults to the name of the GitRepositoryRef. + type: string + required: + - repository + type: object + type: array + interval: + description: Interval at which to check the GitRepository for updates. + pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ + type: string + recurseSubmodules: + description: RecurseSubmodules enables the initialization of all submodules + within the GitRepository as cloned from the URL, using their default + settings. + type: boolean + ref: + description: Reference specifies the Git reference to resolve and + monitor for changes, defaults to the 'master' branch. + properties: + branch: + description: Branch to check out, defaults to 'master' if no other + field is defined. + type: string + commit: + description: "Commit SHA to check out, takes precedence over all + reference fields. \n This can be combined with Branch to shallow + clone the branch, in which the commit is expected to exist." + type: string + name: + description: "Name of the reference to check out; takes precedence + over Branch, Tag and SemVer. \n It must be a valid Git reference: + https://git-scm.com/docs/git-check-ref-format#_description Examples: + \"refs/heads/main\", \"refs/tags/v0.1.0\", \"refs/pull/420/head\", + \"refs/merge-requests/1/head\"" + type: string + semver: + description: SemVer tag expression to check out, takes precedence + over Tag. + type: string + tag: + description: Tag to check out, takes precedence over Branch. + type: string + type: object + secretRef: + description: SecretRef specifies the Secret containing authentication + credentials for the GitRepository. For HTTPS repositories the Secret + must contain 'username' and 'password' fields for basic auth or + 'bearerToken' field for token auth. For SSH repositories the Secret + must contain 'identity' and 'known_hosts' fields. + properties: + name: + description: Name of the referent. + type: string + required: + - name + type: object + suspend: + description: Suspend tells the controller to suspend the reconciliation + of this GitRepository. + type: boolean + timeout: + default: 60s + description: Timeout for Git operations like cloning, defaults to + 60s. + pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m))+$ + type: string + url: + description: URL specifies the Git repository URL, it can be an HTTP/S + or SSH address. + pattern: ^(http|https|ssh)://.*$ + type: string + verify: + description: Verification specifies the configuration to verify the + Git commit signature(s). + properties: + mode: + description: Mode specifies what Git object should be verified, + currently ('head'). + enum: + - head + type: string + secretRef: + description: SecretRef specifies the Secret containing the public + keys of trusted Git authors. + properties: + name: + description: Name of the referent. + type: string + required: + - name + type: object + required: + - mode + - secretRef + type: object + required: + - interval + - url + type: object + status: + default: + observedGeneration: -1 + description: GitRepositoryStatus records the observed state of a Git repository. + properties: + artifact: + description: Artifact represents the last successful GitRepository + reconciliation. + properties: + digest: + description: Digest is the digest of the file in the form of ':'. + pattern: ^[a-z0-9]+(?:[.+_-][a-z0-9]+)*:[a-zA-Z0-9=_-]+$ + type: string + lastUpdateTime: + description: LastUpdateTime is the timestamp corresponding to + the last update of the Artifact. + format: date-time + type: string + metadata: + additionalProperties: + type: string + description: Metadata holds upstream information such as OCI annotations. + type: object + path: + description: Path is the relative file path of the Artifact. It + can be used to locate the file in the root of the Artifact storage + on the local file system of the controller managing the Source. + type: string + revision: + description: Revision is a human-readable identifier traceable + in the origin source system. It can be a Git commit SHA, Git + tag, a Helm chart version, etc. + type: string + size: + description: Size is the number of bytes in the file. + format: int64 + type: integer + url: + description: URL is the HTTP address of the Artifact as exposed + by the controller managing the Source. It can be used to retrieve + the Artifact for consumption, e.g. by another controller applying + the Artifact contents. + type: string + required: + - lastUpdateTime + - path + - revision + - url + type: object + conditions: + description: Conditions holds the conditions for the GitRepository. + items: + description: "Condition contains details for one aspect of the current + state of this API Resource. --- This struct is intended for direct + use as an array at the field path .status.conditions. For example, + \n type FooStatus struct{ // Represents the observations of a + foo's current state. // Known .status.conditions.type are: \"Available\", + \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge + // +listType=map // +listMapKey=type Conditions []metav1.Condition + `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" + protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition + transitioned from one status to another. This should be when + the underlying condition changed. If that is not known, then + using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: message is a human readable message indicating + details about the transition. This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: observedGeneration represents the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.conditions[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: reason contains a programmatic identifier indicating + the reason for the condition's last transition. Producers + of specific condition types may define expected values and + meanings for this field, and whether the values are considered + a guaranteed API. The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + --- Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + contentConfigChecksum: + description: "ContentConfigChecksum is a checksum of all the configurations + related to the content of the source artifact: - .spec.ignore - + .spec.recurseSubmodules - .spec.included and the checksum of the + included artifacts observed in .status.observedGeneration version + of the object. This can be used to determine if the content of the + included repository has changed. It has the format of `:`, + for example: `sha256:`. \n Deprecated: Replaced with explicit + fields for observed artifact content config in the status." + type: string + includedArtifacts: + description: IncludedArtifacts contains a list of the last successfully + included Artifacts as instructed by GitRepositorySpec.Include. + items: + description: Artifact represents the output of a Source reconciliation. + properties: + digest: + description: Digest is the digest of the file in the form of + ':'. + pattern: ^[a-z0-9]+(?:[.+_-][a-z0-9]+)*:[a-zA-Z0-9=_-]+$ + type: string + lastUpdateTime: + description: LastUpdateTime is the timestamp corresponding to + the last update of the Artifact. + format: date-time + type: string + metadata: + additionalProperties: + type: string + description: Metadata holds upstream information such as OCI + annotations. + type: object + path: + description: Path is the relative file path of the Artifact. + It can be used to locate the file in the root of the Artifact + storage on the local file system of the controller managing + the Source. + type: string + revision: + description: Revision is a human-readable identifier traceable + in the origin source system. It can be a Git commit SHA, Git + tag, a Helm chart version, etc. + type: string + size: + description: Size is the number of bytes in the file. + format: int64 + type: integer + url: + description: URL is the HTTP address of the Artifact as exposed + by the controller managing the Source. It can be used to retrieve + the Artifact for consumption, e.g. by another controller applying + the Artifact contents. + type: string + required: + - lastUpdateTime + - path + - revision + - url + type: object + type: array + lastHandledReconcileAt: + description: LastHandledReconcileAt holds the value of the most recent + reconcile request value, so a change of the annotation value can + be detected. + type: string + observedGeneration: + description: ObservedGeneration is the last observed generation of + the GitRepository object. + format: int64 + type: integer + observedIgnore: + description: ObservedIgnore is the observed exclusion patterns used + for constructing the source artifact. + type: string + observedInclude: + description: ObservedInclude is the observed list of GitRepository + resources used to to produce the current Artifact. + items: + description: GitRepositoryInclude specifies a local reference to + a GitRepository which Artifact (sub-)contents must be included, + and where they should be placed. + properties: + fromPath: + description: FromPath specifies the path to copy contents from, + defaults to the root of the Artifact. + type: string + repository: + description: GitRepositoryRef specifies the GitRepository which + Artifact contents must be included. + properties: + name: + description: Name of the referent. + type: string + required: + - name + type: object + toPath: + description: ToPath specifies the path to copy contents to, + defaults to the name of the GitRepositoryRef. + type: string + required: + - repository + type: object + type: array + observedRecurseSubmodules: + description: ObservedRecurseSubmodules is the observed resource submodules + configuration used to produce the current Artifact. + type: boolean + url: + description: URL is the dynamic fetch link for the latest Artifact. + It is provided on a "best effort" basis, and using the precise GitRepositoryStatus.Artifact + data is recommended. + type: string + type: object + type: object + served: true + storage: false + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.12.0 + labels: + app.kubernetes.io/component: source-controller + app.kubernetes.io/instance: flux-system + app.kubernetes.io/part-of: flux + app.kubernetes.io/version: v2.1.2 + name: helmcharts.source.toolkit.fluxcd.io +spec: + group: source.toolkit.fluxcd.io + names: + kind: HelmChart + listKind: HelmChartList + plural: helmcharts + shortNames: + - hc + singular: helmchart + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .spec.chart + name: Chart + type: string + - jsonPath: .spec.version + name: Version + type: string + - jsonPath: .spec.sourceRef.kind + name: Source Kind + type: string + - jsonPath: .spec.sourceRef.name + name: Source Name + type: string + - jsonPath: .status.conditions[?(@.type=="Ready")].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=="Ready")].message + name: Status + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: HelmChart is the Schema for the helmcharts API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: HelmChartSpec defines the desired state of a Helm chart. + properties: + accessFrom: + description: AccessFrom defines an Access Control List for allowing + cross-namespace references to this object. + properties: + namespaceSelectors: + description: NamespaceSelectors is the list of namespace selectors + to which this ACL applies. Items in this list are evaluated + using a logical OR operation. + items: + description: NamespaceSelector selects the namespaces to which + this ACL applies. An empty map of MatchLabels matches all + namespaces in a cluster. + properties: + matchLabels: + additionalProperties: + type: string + description: MatchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field is + "key", the operator is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + type: array + required: + - namespaceSelectors + type: object + chart: + description: The name or path the Helm chart is available at in the + SourceRef. + type: string + interval: + description: The interval at which to check the Source for updates. + type: string + reconcileStrategy: + default: ChartVersion + description: Determines what enables the creation of a new artifact. + Valid values are ('ChartVersion', 'Revision'). See the documentation + of the values for an explanation on their behavior. Defaults to + ChartVersion when omitted. + enum: + - ChartVersion + - Revision + type: string + sourceRef: + description: The reference to the Source the chart is available at. + properties: + apiVersion: + description: APIVersion of the referent. + type: string + kind: + description: Kind of the referent, valid values are ('HelmRepository', + 'GitRepository', 'Bucket'). + enum: + - HelmRepository + - GitRepository + - Bucket + type: string + name: + description: Name of the referent. + type: string + required: + - kind + - name + type: object + suspend: + description: This flag tells the controller to suspend the reconciliation + of this source. + type: boolean + valuesFile: + description: Alternative values file to use as the default chart values, + expected to be a relative path in the SourceRef. Deprecated in favor + of ValuesFiles, for backwards compatibility the file defined here + is merged before the ValuesFiles items. Ignored when omitted. + type: string + valuesFiles: + description: Alternative list of values files to use as the chart + values (values.yaml is not included by default), expected to be + a relative path in the SourceRef. Values files are merged in the + order of this list with the last file overriding the first. Ignored + when omitted. + items: + type: string + type: array + version: + default: '*' + description: The chart version semver expression, ignored for charts + from GitRepository and Bucket sources. Defaults to latest when omitted. + type: string + required: + - chart + - interval + - sourceRef + type: object + status: + default: + observedGeneration: -1 + description: HelmChartStatus defines the observed state of the HelmChart. + properties: + artifact: + description: Artifact represents the output of the last successful + chart sync. + properties: + checksum: + description: Checksum is the SHA256 checksum of the artifact. + type: string + lastUpdateTime: + description: LastUpdateTime is the timestamp corresponding to + the last update of this artifact. + format: date-time + type: string + path: + description: Path is the relative file path of this artifact. + type: string + revision: + description: Revision is a human readable identifier traceable + in the origin source system. It can be a Git commit SHA, Git + tag, a Helm index timestamp, a Helm chart version, etc. + type: string + url: + description: URL is the HTTP address of this artifact. + type: string + required: + - path + - url + type: object + conditions: + description: Conditions holds the conditions for the HelmChart. + items: + description: "Condition contains details for one aspect of the current + state of this API Resource. --- This struct is intended for direct + use as an array at the field path .status.conditions. For example, + \n type FooStatus struct{ // Represents the observations of a + foo's current state. // Known .status.conditions.type are: \"Available\", + \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge + // +listType=map // +listMapKey=type Conditions []metav1.Condition + `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" + protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition + transitioned from one status to another. This should be when + the underlying condition changed. If that is not known, then + using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: message is a human readable message indicating + details about the transition. This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: observedGeneration represents the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.conditions[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: reason contains a programmatic identifier indicating + the reason for the condition's last transition. Producers + of specific condition types may define expected values and + meanings for this field, and whether the values are considered + a guaranteed API. The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + --- Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + lastHandledReconcileAt: + description: LastHandledReconcileAt holds the value of the most recent + reconcile request value, so a change of the annotation value can + be detected. + type: string + observedGeneration: + description: ObservedGeneration is the last observed generation. + format: int64 + type: integer + url: + description: URL is the download link for the last chart pulled. + type: string + type: object + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - jsonPath: .spec.chart + name: Chart + type: string + - jsonPath: .spec.version + name: Version + type: string + - jsonPath: .spec.sourceRef.kind + name: Source Kind + type: string + - jsonPath: .spec.sourceRef.name + name: Source Name + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - jsonPath: .status.conditions[?(@.type=="Ready")].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=="Ready")].message + name: Status + type: string + name: v1beta2 + schema: + openAPIV3Schema: + description: HelmChart is the Schema for the helmcharts API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: HelmChartSpec specifies the desired state of a Helm chart. + properties: + accessFrom: + description: 'AccessFrom specifies an Access Control List for allowing + cross-namespace references to this object. NOTE: Not implemented, + provisional as of https://github.com/fluxcd/flux2/pull/2092' + properties: + namespaceSelectors: + description: NamespaceSelectors is the list of namespace selectors + to which this ACL applies. Items in this list are evaluated + using a logical OR operation. + items: + description: NamespaceSelector selects the namespaces to which + this ACL applies. An empty map of MatchLabels matches all + namespaces in a cluster. + properties: + matchLabels: + additionalProperties: + type: string + description: MatchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field is + "key", the operator is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + type: array + required: + - namespaceSelectors + type: object + chart: + description: Chart is the name or path the Helm chart is available + at in the SourceRef. + type: string + interval: + description: Interval at which the HelmChart SourceRef is checked + for updates. This interval is approximate and may be subject to + jitter to ensure efficient use of resources. + pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ + type: string + reconcileStrategy: + default: ChartVersion + description: ReconcileStrategy determines what enables the creation + of a new artifact. Valid values are ('ChartVersion', 'Revision'). + See the documentation of the values for an explanation on their + behavior. Defaults to ChartVersion when omitted. + enum: + - ChartVersion + - Revision + type: string + sourceRef: + description: SourceRef is the reference to the Source the chart is + available at. + properties: + apiVersion: + description: APIVersion of the referent. + type: string + kind: + description: Kind of the referent, valid values are ('HelmRepository', + 'GitRepository', 'Bucket'). + enum: + - HelmRepository + - GitRepository + - Bucket + type: string + name: + description: Name of the referent. + type: string + required: + - kind + - name + type: object + suspend: + description: Suspend tells the controller to suspend the reconciliation + of this source. + type: boolean + valuesFile: + description: ValuesFile is an alternative values file to use as the + default chart values, expected to be a relative path in the SourceRef. + Deprecated in favor of ValuesFiles, for backwards compatibility + the file specified here is merged before the ValuesFiles items. + Ignored when omitted. + type: string + valuesFiles: + description: ValuesFiles is an alternative list of values files to + use as the chart values (values.yaml is not included by default), + expected to be a relative path in the SourceRef. Values files are + merged in the order of this list with the last file overriding the + first. Ignored when omitted. + items: + type: string + type: array + verify: + description: Verify contains the secret name containing the trusted + public keys used to verify the signature and specifies which provider + to use to check whether OCI image is authentic. This field is only + supported when using HelmRepository source with spec.type 'oci'. + Chart dependencies, which are not bundled in the umbrella chart + artifact, are not verified. + properties: + provider: + default: cosign + description: Provider specifies the technology used to sign the + OCI Artifact. + enum: + - cosign + type: string + secretRef: + description: SecretRef specifies the Kubernetes Secret containing + the trusted public keys. + properties: + name: + description: Name of the referent. + type: string + required: + - name + type: object + required: + - provider + type: object + version: + default: '*' + description: Version is the chart version semver expression, ignored + for charts from GitRepository and Bucket sources. Defaults to latest + when omitted. + type: string + required: + - chart + - interval + - sourceRef + type: object + status: + default: + observedGeneration: -1 + description: HelmChartStatus records the observed state of the HelmChart. + properties: + artifact: + description: Artifact represents the output of the last successful + reconciliation. + properties: + digest: + description: Digest is the digest of the file in the form of ':'. + pattern: ^[a-z0-9]+(?:[.+_-][a-z0-9]+)*:[a-zA-Z0-9=_-]+$ + type: string + lastUpdateTime: + description: LastUpdateTime is the timestamp corresponding to + the last update of the Artifact. + format: date-time + type: string + metadata: + additionalProperties: + type: string + description: Metadata holds upstream information such as OCI annotations. + type: object + path: + description: Path is the relative file path of the Artifact. It + can be used to locate the file in the root of the Artifact storage + on the local file system of the controller managing the Source. + type: string + revision: + description: Revision is a human-readable identifier traceable + in the origin source system. It can be a Git commit SHA, Git + tag, a Helm chart version, etc. + type: string + size: + description: Size is the number of bytes in the file. + format: int64 + type: integer + url: + description: URL is the HTTP address of the Artifact as exposed + by the controller managing the Source. It can be used to retrieve + the Artifact for consumption, e.g. by another controller applying + the Artifact contents. + type: string + required: + - lastUpdateTime + - path + - revision + - url + type: object + conditions: + description: Conditions holds the conditions for the HelmChart. + items: + description: "Condition contains details for one aspect of the current + state of this API Resource. --- This struct is intended for direct + use as an array at the field path .status.conditions. For example, + \n type FooStatus struct{ // Represents the observations of a + foo's current state. // Known .status.conditions.type are: \"Available\", + \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge + // +listType=map // +listMapKey=type Conditions []metav1.Condition + `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" + protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition + transitioned from one status to another. This should be when + the underlying condition changed. If that is not known, then + using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: message is a human readable message indicating + details about the transition. This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: observedGeneration represents the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.conditions[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: reason contains a programmatic identifier indicating + the reason for the condition's last transition. Producers + of specific condition types may define expected values and + meanings for this field, and whether the values are considered + a guaranteed API. The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + --- Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + lastHandledReconcileAt: + description: LastHandledReconcileAt holds the value of the most recent + reconcile request value, so a change of the annotation value can + be detected. + type: string + observedChartName: + description: ObservedChartName is the last observed chart name as + specified by the resolved chart reference. + type: string + observedGeneration: + description: ObservedGeneration is the last observed generation of + the HelmChart object. + format: int64 + type: integer + observedSourceArtifactRevision: + description: ObservedSourceArtifactRevision is the last observed Artifact.Revision + of the HelmChartSpec.SourceRef. + type: string + url: + description: URL is the dynamic fetch link for the latest Artifact. + It is provided on a "best effort" basis, and using the precise BucketStatus.Artifact + data is recommended. + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.12.0 + labels: + app.kubernetes.io/component: source-controller + app.kubernetes.io/instance: flux-system + app.kubernetes.io/part-of: flux + app.kubernetes.io/version: v2.1.2 + name: helmrepositories.source.toolkit.fluxcd.io +spec: + group: source.toolkit.fluxcd.io + names: + kind: HelmRepository + listKind: HelmRepositoryList + plural: helmrepositories + shortNames: + - helmrepo + singular: helmrepository + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .spec.url + name: URL + type: string + - jsonPath: .status.conditions[?(@.type=="Ready")].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=="Ready")].message + name: Status + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: HelmRepository is the Schema for the helmrepositories API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: HelmRepositorySpec defines the reference to a Helm repository. + properties: + accessFrom: + description: AccessFrom defines an Access Control List for allowing + cross-namespace references to this object. + properties: + namespaceSelectors: + description: NamespaceSelectors is the list of namespace selectors + to which this ACL applies. Items in this list are evaluated + using a logical OR operation. + items: + description: NamespaceSelector selects the namespaces to which + this ACL applies. An empty map of MatchLabels matches all + namespaces in a cluster. + properties: + matchLabels: + additionalProperties: + type: string + description: MatchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field is + "key", the operator is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + type: array + required: + - namespaceSelectors + type: object + interval: + description: The interval at which to check the upstream for updates. + type: string + passCredentials: + description: PassCredentials allows the credentials from the SecretRef + to be passed on to a host that does not match the host as defined + in URL. This may be required if the host of the advertised chart + URLs in the index differ from the defined URL. Enabling this should + be done with caution, as it can potentially result in credentials + getting stolen in a MITM-attack. + type: boolean + secretRef: + description: The name of the secret containing authentication credentials + for the Helm repository. For HTTP/S basic auth the secret must contain + username and password fields. For TLS the secret must contain a + certFile and keyFile, and/or caFile fields. + properties: + name: + description: Name of the referent. + type: string + required: + - name + type: object + suspend: + description: This flag tells the controller to suspend the reconciliation + of this source. + type: boolean + timeout: + default: 60s + description: The timeout of index downloading, defaults to 60s. + type: string + url: + description: The Helm repository URL, a valid URL contains at least + a protocol and host. + type: string + required: + - interval + - url + type: object + status: + default: + observedGeneration: -1 + description: HelmRepositoryStatus defines the observed state of the HelmRepository. + properties: + artifact: + description: Artifact represents the output of the last successful + repository sync. + properties: + checksum: + description: Checksum is the SHA256 checksum of the artifact. + type: string + lastUpdateTime: + description: LastUpdateTime is the timestamp corresponding to + the last update of this artifact. + format: date-time + type: string + path: + description: Path is the relative file path of this artifact. + type: string + revision: + description: Revision is a human readable identifier traceable + in the origin source system. It can be a Git commit SHA, Git + tag, a Helm index timestamp, a Helm chart version, etc. + type: string + url: + description: URL is the HTTP address of this artifact. + type: string + required: + - path + - url + type: object + conditions: + description: Conditions holds the conditions for the HelmRepository. + items: + description: "Condition contains details for one aspect of the current + state of this API Resource. --- This struct is intended for direct + use as an array at the field path .status.conditions. For example, + \n type FooStatus struct{ // Represents the observations of a + foo's current state. // Known .status.conditions.type are: \"Available\", + \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge + // +listType=map // +listMapKey=type Conditions []metav1.Condition + `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" + protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition + transitioned from one status to another. This should be when + the underlying condition changed. If that is not known, then + using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: message is a human readable message indicating + details about the transition. This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: observedGeneration represents the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.conditions[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: reason contains a programmatic identifier indicating + the reason for the condition's last transition. Producers + of specific condition types may define expected values and + meanings for this field, and whether the values are considered + a guaranteed API. The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + --- Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + lastHandledReconcileAt: + description: LastHandledReconcileAt holds the value of the most recent + reconcile request value, so a change of the annotation value can + be detected. + type: string + observedGeneration: + description: ObservedGeneration is the last observed generation. + format: int64 + type: integer + url: + description: URL is the download link for the last index fetched. + type: string + type: object + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - jsonPath: .spec.url + name: URL + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - jsonPath: .status.conditions[?(@.type=="Ready")].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=="Ready")].message + name: Status + type: string + name: v1beta2 + schema: + openAPIV3Schema: + description: HelmRepository is the Schema for the helmrepositories API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: HelmRepositorySpec specifies the required configuration to + produce an Artifact for a Helm repository index YAML. + properties: + accessFrom: + description: 'AccessFrom specifies an Access Control List for allowing + cross-namespace references to this object. NOTE: Not implemented, + provisional as of https://github.com/fluxcd/flux2/pull/2092' + properties: + namespaceSelectors: + description: NamespaceSelectors is the list of namespace selectors + to which this ACL applies. Items in this list are evaluated + using a logical OR operation. + items: + description: NamespaceSelector selects the namespaces to which + this ACL applies. An empty map of MatchLabels matches all + namespaces in a cluster. + properties: + matchLabels: + additionalProperties: + type: string + description: MatchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field is + "key", the operator is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + type: array + required: + - namespaceSelectors + type: object + certSecretRef: + description: "CertSecretRef can be given the name of a Secret containing + either or both of \n - a PEM-encoded client certificate (`tls.crt`) + and private key (`tls.key`); - a PEM-encoded CA certificate (`ca.crt`) + \n and whichever are supplied, will be used for connecting to the + registry. The client cert and key are useful if you are authenticating + with a certificate; the CA cert is useful if you are using a self-signed + server certificate. The Secret must be of type `Opaque` or `kubernetes.io/tls`. + \n It takes precedence over the values specified in the Secret referred + to by `.spec.secretRef`." + properties: + name: + description: Name of the referent. + type: string + required: + - name + type: object + interval: + description: Interval at which the HelmRepository URL is checked for + updates. This interval is approximate and may be subject to jitter + to ensure efficient use of resources. + pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ + type: string + passCredentials: + description: PassCredentials allows the credentials from the SecretRef + to be passed on to a host that does not match the host as defined + in URL. This may be required if the host of the advertised chart + URLs in the index differ from the defined URL. Enabling this should + be done with caution, as it can potentially result in credentials + getting stolen in a MITM-attack. + type: boolean + provider: + default: generic + description: Provider used for authentication, can be 'aws', 'azure', + 'gcp' or 'generic'. This field is optional, and only taken into + account if the .spec.type field is set to 'oci'. When not specified, + defaults to 'generic'. + enum: + - generic + - aws + - azure + - gcp + type: string + secretRef: + description: SecretRef specifies the Secret containing authentication + credentials for the HelmRepository. For HTTP/S basic auth the secret + must contain 'username' and 'password' fields. Support for TLS auth + using the 'certFile' and 'keyFile', and/or 'caFile' keys is deprecated. + Please use `.spec.certSecretRef` instead. + properties: + name: + description: Name of the referent. + type: string + required: + - name + type: object + suspend: + description: Suspend tells the controller to suspend the reconciliation + of this HelmRepository. + type: boolean + timeout: + default: 60s + description: Timeout is used for the index fetch operation for an + HTTPS helm repository, and for remote OCI Repository operations + like pulling for an OCI helm repository. Its default value is 60s. + pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m))+$ + type: string + type: + description: Type of the HelmRepository. When this field is set to "oci", + the URL field value must be prefixed with "oci://". + enum: + - default + - oci + type: string + url: + description: URL of the Helm repository, a valid URL contains at least + a protocol and host. + type: string + required: + - interval + - url + type: object + status: + default: + observedGeneration: -1 + description: HelmRepositoryStatus records the observed state of the HelmRepository. + properties: + artifact: + description: Artifact represents the last successful HelmRepository + reconciliation. + properties: + digest: + description: Digest is the digest of the file in the form of ':'. + pattern: ^[a-z0-9]+(?:[.+_-][a-z0-9]+)*:[a-zA-Z0-9=_-]+$ + type: string + lastUpdateTime: + description: LastUpdateTime is the timestamp corresponding to + the last update of the Artifact. + format: date-time + type: string + metadata: + additionalProperties: + type: string + description: Metadata holds upstream information such as OCI annotations. + type: object + path: + description: Path is the relative file path of the Artifact. It + can be used to locate the file in the root of the Artifact storage + on the local file system of the controller managing the Source. + type: string + revision: + description: Revision is a human-readable identifier traceable + in the origin source system. It can be a Git commit SHA, Git + tag, a Helm chart version, etc. + type: string + size: + description: Size is the number of bytes in the file. + format: int64 + type: integer + url: + description: URL is the HTTP address of the Artifact as exposed + by the controller managing the Source. It can be used to retrieve + the Artifact for consumption, e.g. by another controller applying + the Artifact contents. + type: string + required: + - lastUpdateTime + - path + - revision + - url + type: object + conditions: + description: Conditions holds the conditions for the HelmRepository. + items: + description: "Condition contains details for one aspect of the current + state of this API Resource. --- This struct is intended for direct + use as an array at the field path .status.conditions. For example, + \n type FooStatus struct{ // Represents the observations of a + foo's current state. // Known .status.conditions.type are: \"Available\", + \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge + // +listType=map // +listMapKey=type Conditions []metav1.Condition + `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" + protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition + transitioned from one status to another. This should be when + the underlying condition changed. If that is not known, then + using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: message is a human readable message indicating + details about the transition. This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: observedGeneration represents the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.conditions[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: reason contains a programmatic identifier indicating + the reason for the condition's last transition. Producers + of specific condition types may define expected values and + meanings for this field, and whether the values are considered + a guaranteed API. The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + --- Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + lastHandledReconcileAt: + description: LastHandledReconcileAt holds the value of the most recent + reconcile request value, so a change of the annotation value can + be detected. + type: string + observedGeneration: + description: ObservedGeneration is the last observed generation of + the HelmRepository object. + format: int64 + type: integer + url: + description: URL is the dynamic fetch link for the latest Artifact. + It is provided on a "best effort" basis, and using the precise HelmRepositoryStatus.Artifact + data is recommended. + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.12.0 + labels: + app.kubernetes.io/component: source-controller + app.kubernetes.io/instance: flux-system + app.kubernetes.io/part-of: flux + app.kubernetes.io/version: v2.1.2 + name: ocirepositories.source.toolkit.fluxcd.io +spec: + group: source.toolkit.fluxcd.io + names: + kind: OCIRepository + listKind: OCIRepositoryList + plural: ocirepositories + shortNames: + - ocirepo + singular: ocirepository + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .spec.url + name: URL + type: string + - jsonPath: .status.conditions[?(@.type=="Ready")].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=="Ready")].message + name: Status + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1beta2 + schema: + openAPIV3Schema: + description: OCIRepository is the Schema for the ocirepositories API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: OCIRepositorySpec defines the desired state of OCIRepository + properties: + certSecretRef: + description: "CertSecretRef can be given the name of a Secret containing + either or both of \n - a PEM-encoded client certificate (`tls.crt`) + and private key (`tls.key`); - a PEM-encoded CA certificate (`ca.crt`) + \n and whichever are supplied, will be used for connecting to the + registry. The client cert and key are useful if you are authenticating + with a certificate; the CA cert is useful if you are using a self-signed + server certificate. The Secret must be of type `Opaque` or `kubernetes.io/tls`. + \n Note: Support for the `caFile`, `certFile` and `keyFile` keys + have been deprecated." + properties: + name: + description: Name of the referent. + type: string + required: + - name + type: object + ignore: + description: Ignore overrides the set of excluded patterns in the + .sourceignore format (which is the same as .gitignore). If not provided, + a default will be used, consult the documentation for your version + to find out what those are. + type: string + insecure: + description: Insecure allows connecting to a non-TLS HTTP container + registry. + type: boolean + interval: + description: Interval at which the OCIRepository URL is checked for + updates. This interval is approximate and may be subject to jitter + to ensure efficient use of resources. + pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ + type: string + layerSelector: + description: LayerSelector specifies which layer should be extracted + from the OCI artifact. When not specified, the first layer found + in the artifact is selected. + properties: + mediaType: + description: MediaType specifies the OCI media type of the layer + which should be extracted from the OCI Artifact. The first layer + matching this type is selected. + type: string + operation: + description: Operation specifies how the selected layer should + be processed. By default, the layer compressed content is extracted + to storage. When the operation is set to 'copy', the layer compressed + content is persisted to storage as it is. + enum: + - extract + - copy + type: string + type: object + provider: + default: generic + description: The provider used for authentication, can be 'aws', 'azure', + 'gcp' or 'generic'. When not specified, defaults to 'generic'. + enum: + - generic + - aws + - azure + - gcp + type: string + ref: + description: The OCI reference to pull and monitor for changes, defaults + to the latest tag. + properties: + digest: + description: Digest is the image digest to pull, takes precedence + over SemVer. The value should be in the format 'sha256:'. + type: string + semver: + description: SemVer is the range of tags to pull selecting the + latest within the range, takes precedence over Tag. + type: string + tag: + description: Tag is the image tag to pull, defaults to latest. + type: string + type: object + secretRef: + description: SecretRef contains the secret name containing the registry + login credentials to resolve image metadata. The secret must be + of type kubernetes.io/dockerconfigjson. + properties: + name: + description: Name of the referent. + type: string + required: + - name + type: object + serviceAccountName: + description: 'ServiceAccountName is the name of the Kubernetes ServiceAccount + used to authenticate the image pull if the service account has attached + pull secrets. For more information: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#add-imagepullsecrets-to-a-service-account' + type: string + suspend: + description: This flag tells the controller to suspend the reconciliation + of this source. + type: boolean + timeout: + default: 60s + description: The timeout for remote OCI Repository operations like + pulling, defaults to 60s. + pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m))+$ + type: string + url: + description: URL is a reference to an OCI artifact repository hosted + on a remote container registry. + pattern: ^oci://.*$ + type: string + verify: + description: Verify contains the secret name containing the trusted + public keys used to verify the signature and specifies which provider + to use to check whether OCI image is authentic. + properties: + provider: + default: cosign + description: Provider specifies the technology used to sign the + OCI Artifact. + enum: + - cosign + type: string + secretRef: + description: SecretRef specifies the Kubernetes Secret containing + the trusted public keys. + properties: + name: + description: Name of the referent. + type: string + required: + - name + type: object + required: + - provider + type: object + required: + - interval + - url + type: object + status: + default: + observedGeneration: -1 + description: OCIRepositoryStatus defines the observed state of OCIRepository + properties: + artifact: + description: Artifact represents the output of the last successful + OCI Repository sync. + properties: + digest: + description: Digest is the digest of the file in the form of ':'. + pattern: ^[a-z0-9]+(?:[.+_-][a-z0-9]+)*:[a-zA-Z0-9=_-]+$ + type: string + lastUpdateTime: + description: LastUpdateTime is the timestamp corresponding to + the last update of the Artifact. + format: date-time + type: string + metadata: + additionalProperties: + type: string + description: Metadata holds upstream information such as OCI annotations. + type: object + path: + description: Path is the relative file path of the Artifact. It + can be used to locate the file in the root of the Artifact storage + on the local file system of the controller managing the Source. + type: string + revision: + description: Revision is a human-readable identifier traceable + in the origin source system. It can be a Git commit SHA, Git + tag, a Helm chart version, etc. + type: string + size: + description: Size is the number of bytes in the file. + format: int64 + type: integer + url: + description: URL is the HTTP address of the Artifact as exposed + by the controller managing the Source. It can be used to retrieve + the Artifact for consumption, e.g. by another controller applying + the Artifact contents. + type: string + required: + - lastUpdateTime + - path + - revision + - url + type: object + conditions: + description: Conditions holds the conditions for the OCIRepository. + items: + description: "Condition contains details for one aspect of the current + state of this API Resource. --- This struct is intended for direct + use as an array at the field path .status.conditions. For example, + \n type FooStatus struct{ // Represents the observations of a + foo's current state. // Known .status.conditions.type are: \"Available\", + \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge + // +listType=map // +listMapKey=type Conditions []metav1.Condition + `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" + protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition + transitioned from one status to another. This should be when + the underlying condition changed. If that is not known, then + using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: message is a human readable message indicating + details about the transition. This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: observedGeneration represents the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.conditions[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: reason contains a programmatic identifier indicating + the reason for the condition's last transition. Producers + of specific condition types may define expected values and + meanings for this field, and whether the values are considered + a guaranteed API. The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + --- Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + contentConfigChecksum: + description: "ContentConfigChecksum is a checksum of all the configurations + related to the content of the source artifact: - .spec.ignore - + .spec.layerSelector observed in .status.observedGeneration version + of the object. This can be used to determine if the content configuration + has changed and the artifact needs to be rebuilt. It has the format + of `:`, for example: `sha256:`. \n Deprecated: + Replaced with explicit fields for observed artifact content config + in the status." + type: string + lastHandledReconcileAt: + description: LastHandledReconcileAt holds the value of the most recent + reconcile request value, so a change of the annotation value can + be detected. + type: string + observedGeneration: + description: ObservedGeneration is the last observed generation. + format: int64 + type: integer + observedIgnore: + description: ObservedIgnore is the observed exclusion patterns used + for constructing the source artifact. + type: string + observedLayerSelector: + description: ObservedLayerSelector is the observed layer selector + used for constructing the source artifact. + properties: + mediaType: + description: MediaType specifies the OCI media type of the layer + which should be extracted from the OCI Artifact. The first layer + matching this type is selected. + type: string + operation: + description: Operation specifies how the selected layer should + be processed. By default, the layer compressed content is extracted + to storage. When the operation is set to 'copy', the layer compressed + content is persisted to storage as it is. + enum: + - extract + - copy + type: string + type: object + url: + description: URL is the download link for the artifact output of the + last OCI Repository sync. + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/component: source-controller + app.kubernetes.io/instance: flux-system + app.kubernetes.io/part-of: flux + app.kubernetes.io/version: v2.1.2 + name: source-controller + namespace: flux-system +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/component: source-controller + app.kubernetes.io/instance: flux-system + app.kubernetes.io/part-of: flux + app.kubernetes.io/version: v2.1.2 + control-plane: controller + name: source-controller + namespace: flux-system +spec: + ports: + - name: http + port: 80 + protocol: TCP + targetPort: http + selector: + app: source-controller + type: ClusterIP +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/component: source-controller + app.kubernetes.io/instance: flux-system + app.kubernetes.io/part-of: flux + app.kubernetes.io/version: v2.1.2 + control-plane: controller + name: source-controller + namespace: flux-system +spec: + replicas: 1 + selector: + matchLabels: + app: source-controller + strategy: + type: Recreate + template: + metadata: + annotations: + prometheus.io/port: "8080" + prometheus.io/scrape: "true" + labels: + app: source-controller + spec: + containers: + - args: + - --events-addr=http://notification-controller.flux-system.svc.cluster.local./ + - --watch-all-namespaces=true + - --log-level=info + - --log-encoding=json + - --enable-leader-election + - --storage-path=/data + - --storage-adv-addr=source-controller.$(RUNTIME_NAMESPACE).svc.cluster.local. + env: + - name: RUNTIME_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: TUF_ROOT + value: /tmp/.sigstore + image: ghcr.io/fluxcd/source-controller:v1.1.2 + imagePullPolicy: IfNotPresent + livenessProbe: + httpGet: + path: /healthz + port: healthz + name: manager + ports: + - containerPort: 9090 + name: http + protocol: TCP + - containerPort: 8080 + name: http-prom + protocol: TCP + - containerPort: 9440 + name: healthz + protocol: TCP + readinessProbe: + httpGet: + path: / + port: http + resources: + limits: + cpu: 1000m + memory: 1Gi + requests: + cpu: 50m + memory: 64Mi + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault + volumeMounts: + - mountPath: /data + name: data + - mountPath: /tmp + name: tmp + nodeSelector: + kubernetes.io/os: linux + priorityClassName: system-cluster-critical + securityContext: + fsGroup: 1337 + serviceAccountName: source-controller + terminationGracePeriodSeconds: 10 + volumes: + - emptyDir: {} + name: data + - emptyDir: {} + name: tmp +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.12.0 + labels: + app.kubernetes.io/component: kustomize-controller + app.kubernetes.io/instance: flux-system + app.kubernetes.io/part-of: flux + app.kubernetes.io/version: v2.1.2 + name: kustomizations.kustomize.toolkit.fluxcd.io +spec: + group: kustomize.toolkit.fluxcd.io + names: + kind: Kustomization + listKind: KustomizationList + plural: kustomizations + shortNames: + - ks + singular: kustomization + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - jsonPath: .status.conditions[?(@.type=="Ready")].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=="Ready")].message + name: Status + type: string + name: v1 + schema: + openAPIV3Schema: + description: Kustomization is the Schema for the kustomizations API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: KustomizationSpec defines the configuration to calculate + the desired state from a Source using Kustomize. + properties: + commonMetadata: + description: CommonMetadata specifies the common labels and annotations + that are applied to all resources. Any existing label or annotation + will be overridden if its key matches a common one. + properties: + annotations: + additionalProperties: + type: string + description: Annotations to be added to the object's metadata. + type: object + labels: + additionalProperties: + type: string + description: Labels to be added to the object's metadata. + type: object + type: object + components: + description: Components specifies relative paths to specifications + of other Components. + items: + type: string + type: array + decryption: + description: Decrypt Kubernetes secrets before applying them on the + cluster. + properties: + provider: + description: Provider is the name of the decryption engine. + enum: + - sops + type: string + secretRef: + description: The secret name containing the private OpenPGP keys + used for decryption. + properties: + name: + description: Name of the referent. + type: string + required: + - name + type: object + required: + - provider + type: object + dependsOn: + description: DependsOn may contain a meta.NamespacedObjectReference + slice with references to Kustomization resources that must be ready + before this Kustomization can be reconciled. + items: + description: NamespacedObjectReference contains enough information + to locate the referenced Kubernetes resource object in any namespace. + properties: + name: + description: Name of the referent. + type: string + namespace: + description: Namespace of the referent, when not specified it + acts as LocalObjectReference. + type: string + required: + - name + type: object + type: array + force: + default: false + description: Force instructs the controller to recreate resources + when patching fails due to an immutable field change. + type: boolean + healthChecks: + description: A list of resources to be included in the health assessment. + items: + description: NamespacedObjectKindReference contains enough information + to locate the typed referenced Kubernetes resource object in any + namespace. + properties: + apiVersion: + description: API version of the referent, if not specified the + Kubernetes preferred version will be used. + type: string + kind: + description: Kind of the referent. + type: string + name: + description: Name of the referent. + type: string + namespace: + description: Namespace of the referent, when not specified it + acts as LocalObjectReference. + type: string + required: + - kind + - name + type: object + type: array + images: + description: Images is a list of (image name, new name, new tag or + digest) for changing image names, tags or digests. This can also + be achieved with a patch, but this operator is simpler to specify. + items: + description: Image contains an image name, a new name, a new tag + or digest, which will replace the original name and tag. + properties: + digest: + description: Digest is the value used to replace the original + image tag. If digest is present NewTag value is ignored. + type: string + name: + description: Name is a tag-less image name. + type: string + newName: + description: NewName is the value used to replace the original + name. + type: string + newTag: + description: NewTag is the value used to replace the original + tag. + type: string + required: + - name + type: object + type: array + interval: + description: The interval at which to reconcile the Kustomization. + This interval is approximate and may be subject to jitter to ensure + efficient use of resources. + pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ + type: string + kubeConfig: + description: The KubeConfig for reconciling the Kustomization on a + remote cluster. When used in combination with KustomizationSpec.ServiceAccountName, + forces the controller to act on behalf of that Service Account at + the target cluster. If the --default-service-account flag is set, + its value will be used as a controller level fallback for when KustomizationSpec.ServiceAccountName + is empty. + properties: + secretRef: + description: SecretRef holds the name of a secret that contains + a key with the kubeconfig file as the value. If no key is set, + the key will default to 'value'. It is recommended that the + kubeconfig is self-contained, and the secret is regularly updated + if credentials such as a cloud-access-token expire. Cloud specific + `cmd-path` auth helpers will not function without adding binaries + and credentials to the Pod that is responsible for reconciling + Kubernetes resources. + properties: + key: + description: Key in the Secret, when not specified an implementation-specific + default key is used. + type: string + name: + description: Name of the Secret. + type: string + required: + - name + type: object + required: + - secretRef + type: object + patches: + description: Strategic merge and JSON patches, defined as inline YAML + objects, capable of targeting objects based on kind, label and annotation + selectors. + items: + description: Patch contains an inline StrategicMerge or JSON6902 + patch, and the target the patch should be applied to. + properties: + patch: + description: Patch contains an inline StrategicMerge patch or + an inline JSON6902 patch with an array of operation objects. + type: string + target: + description: Target points to the resources that the patch document + should be applied to. + properties: + annotationSelector: + description: AnnotationSelector is a string that follows + the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api + It matches with the resource annotations. + type: string + group: + description: Group is the API group to select resources + from. Together with Version and Kind it is capable of + unambiguously identifying and/or selecting resources. + https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md + type: string + kind: + description: Kind of the API Group to select resources from. + Together with Group and Version it is capable of unambiguously + identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md + type: string + labelSelector: + description: LabelSelector is a string that follows the + label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api + It matches with the resource labels. + type: string + name: + description: Name to match resources with. + type: string + namespace: + description: Namespace to select resources from. + type: string + version: + description: Version of the API Group to select resources + from. Together with Group and Kind it is capable of unambiguously + identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md + type: string + type: object + required: + - patch + type: object + type: array + path: + description: Path to the directory containing the kustomization.yaml + file, or the set of plain YAMLs a kustomization.yaml should be generated + for. Defaults to 'None', which translates to the root path of the + SourceRef. + type: string + postBuild: + description: PostBuild describes which actions to perform on the YAML + manifest generated by building the kustomize overlay. + properties: + substitute: + additionalProperties: + type: string + description: Substitute holds a map of key/value pairs. The variables + defined in your YAML manifests that match any of the keys defined + in the map will be substituted with the set value. Includes + support for bash string replacement functions e.g. ${var:=default}, + ${var:position} and ${var/substring/replacement}. + type: object + substituteFrom: + description: SubstituteFrom holds references to ConfigMaps and + Secrets containing the variables and their values to be substituted + in the YAML manifests. The ConfigMap and the Secret data keys + represent the var names, and they must match the vars declared + in the manifests for the substitution to happen. + items: + description: SubstituteReference contains a reference to a resource + containing the variables name and value. + properties: + kind: + description: Kind of the values referent, valid values are + ('Secret', 'ConfigMap'). + enum: + - Secret + - ConfigMap + type: string + name: + description: Name of the values referent. Should reside + in the same namespace as the referring resource. + maxLength: 253 + minLength: 1 + type: string + optional: + default: false + description: Optional indicates whether the referenced resource + must exist, or whether to tolerate its absence. If true + and the referenced resource is absent, proceed as if the + resource was present but empty, without any variables + defined. + type: boolean + required: + - kind + - name + type: object + type: array + type: object + prune: + description: Prune enables garbage collection. + type: boolean + retryInterval: + description: The interval at which to retry a previously failed reconciliation. + When not specified, the controller uses the KustomizationSpec.Interval + value to retry failures. + pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ + type: string + serviceAccountName: + description: The name of the Kubernetes service account to impersonate + when reconciling this Kustomization. + type: string + sourceRef: + description: Reference of the source where the kustomization file + is. + properties: + apiVersion: + description: API version of the referent. + type: string + kind: + description: Kind of the referent. + enum: + - OCIRepository + - GitRepository + - Bucket + type: string + name: + description: Name of the referent. + type: string + namespace: + description: Namespace of the referent, defaults to the namespace + of the Kubernetes resource object that contains the reference. + type: string + required: + - kind + - name + type: object + suspend: + description: This flag tells the controller to suspend subsequent + kustomize executions, it does not apply to already started executions. + Defaults to false. + type: boolean + targetNamespace: + description: TargetNamespace sets or overrides the namespace in the + kustomization.yaml file. + maxLength: 63 + minLength: 1 + type: string + timeout: + description: Timeout for validation, apply and health checking operations. + Defaults to 'Interval' duration. + pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ + type: string + wait: + description: Wait instructs the controller to check the health of + all the reconciled resources. When enabled, the HealthChecks are + ignored. Defaults to false. + type: boolean + required: + - interval + - prune + - sourceRef + type: object + status: + default: + observedGeneration: -1 + description: KustomizationStatus defines the observed state of a kustomization. + properties: + conditions: + items: + description: "Condition contains details for one aspect of the current + state of this API Resource. --- This struct is intended for direct + use as an array at the field path .status.conditions. For example, + \n type FooStatus struct{ // Represents the observations of a + foo's current state. // Known .status.conditions.type are: \"Available\", + \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge + // +listType=map // +listMapKey=type Conditions []metav1.Condition + `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" + protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition + transitioned from one status to another. This should be when + the underlying condition changed. If that is not known, then + using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: message is a human readable message indicating + details about the transition. This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: observedGeneration represents the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.conditions[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: reason contains a programmatic identifier indicating + the reason for the condition's last transition. Producers + of specific condition types may define expected values and + meanings for this field, and whether the values are considered + a guaranteed API. The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + --- Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + inventory: + description: Inventory contains the list of Kubernetes resource object + references that have been successfully applied. + properties: + entries: + description: Entries of Kubernetes resource object references. + items: + description: ResourceRef contains the information necessary + to locate a resource within a cluster. + properties: + id: + description: ID is the string representation of the Kubernetes + resource object's metadata, in the format '___'. + type: string + v: + description: Version is the API version of the Kubernetes + resource object's kind. + type: string + required: + - id + - v + type: object + type: array + required: + - entries + type: object + lastAppliedRevision: + description: The last successfully applied revision. Equals the Revision + of the applied Artifact from the referenced Source. + type: string + lastAttemptedRevision: + description: LastAttemptedRevision is the revision of the last reconciliation + attempt. + type: string + lastHandledReconcileAt: + description: LastHandledReconcileAt holds the value of the most recent + reconcile request value, so a change of the annotation value can + be detected. + type: string + observedGeneration: + description: ObservedGeneration is the last reconciled generation. + format: int64 + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=="Ready")].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=="Ready")].message + name: Status + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + deprecated: true + deprecationWarning: v1beta1 Kustomization is deprecated, upgrade to v1 + name: v1beta1 + schema: + openAPIV3Schema: + description: Kustomization is the Schema for the kustomizations API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: KustomizationSpec defines the desired state of a kustomization. + properties: + decryption: + description: Decrypt Kubernetes secrets before applying them on the + cluster. + properties: + provider: + description: Provider is the name of the decryption engine. + enum: + - sops + type: string + secretRef: + description: The secret name containing the private OpenPGP keys + used for decryption. + properties: + name: + description: Name of the referent. + type: string + required: + - name + type: object + required: + - provider + type: object + dependsOn: + description: DependsOn may contain a meta.NamespacedObjectReference + slice with references to Kustomization resources that must be ready + before this Kustomization can be reconciled. + items: + description: NamespacedObjectReference contains enough information + to locate the referenced Kubernetes resource object in any namespace. + properties: + name: + description: Name of the referent. + type: string + namespace: + description: Namespace of the referent, when not specified it + acts as LocalObjectReference. + type: string + required: + - name + type: object + type: array + force: + default: false + description: Force instructs the controller to recreate resources + when patching fails due to an immutable field change. + type: boolean + healthChecks: + description: A list of resources to be included in the health assessment. + items: + description: NamespacedObjectKindReference contains enough information + to locate the typed referenced Kubernetes resource object in any + namespace. + properties: + apiVersion: + description: API version of the referent, if not specified the + Kubernetes preferred version will be used. + type: string + kind: + description: Kind of the referent. + type: string + name: + description: Name of the referent. + type: string + namespace: + description: Namespace of the referent, when not specified it + acts as LocalObjectReference. + type: string + required: + - kind + - name + type: object + type: array + images: + description: Images is a list of (image name, new name, new tag or + digest) for changing image names, tags or digests. This can also + be achieved with a patch, but this operator is simpler to specify. + items: + description: Image contains an image name, a new name, a new tag + or digest, which will replace the original name and tag. + properties: + digest: + description: Digest is the value used to replace the original + image tag. If digest is present NewTag value is ignored. + type: string + name: + description: Name is a tag-less image name. + type: string + newName: + description: NewName is the value used to replace the original + name. + type: string + newTag: + description: NewTag is the value used to replace the original + tag. + type: string + required: + - name + type: object + type: array + interval: + description: The interval at which to reconcile the Kustomization. + type: string + kubeConfig: + description: The KubeConfig for reconciling the Kustomization on a + remote cluster. When specified, KubeConfig takes precedence over + ServiceAccountName. + properties: + secretRef: + description: SecretRef holds the name to a secret that contains + a 'value' key with the kubeconfig file as the value. It must + be in the same namespace as the Kustomization. It is recommended + that the kubeconfig is self-contained, and the secret is regularly + updated if credentials such as a cloud-access-token expire. + Cloud specific `cmd-path` auth helpers will not function without + adding binaries and credentials to the Pod that is responsible + for reconciling the Kustomization. + properties: + name: + description: Name of the referent. + type: string + required: + - name + type: object + type: object + patches: + description: Strategic merge and JSON patches, defined as inline YAML + objects, capable of targeting objects based on kind, label and annotation + selectors. + items: + description: Patch contains an inline StrategicMerge or JSON6902 + patch, and the target the patch should be applied to. + properties: + patch: + description: Patch contains an inline StrategicMerge patch or + an inline JSON6902 patch with an array of operation objects. + type: string + target: + description: Target points to the resources that the patch document + should be applied to. + properties: + annotationSelector: + description: AnnotationSelector is a string that follows + the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api + It matches with the resource annotations. + type: string + group: + description: Group is the API group to select resources + from. Together with Version and Kind it is capable of + unambiguously identifying and/or selecting resources. + https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md + type: string + kind: + description: Kind of the API Group to select resources from. + Together with Group and Version it is capable of unambiguously + identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md + type: string + labelSelector: + description: LabelSelector is a string that follows the + label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api + It matches with the resource labels. + type: string + name: + description: Name to match resources with. + type: string + namespace: + description: Namespace to select resources from. + type: string + version: + description: Version of the API Group to select resources + from. Together with Group and Kind it is capable of unambiguously + identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md + type: string + type: object + required: + - patch + type: object + type: array + patchesJson6902: + description: JSON 6902 patches, defined as inline YAML objects. + items: + description: JSON6902Patch contains a JSON6902 patch and the target + the patch should be applied to. + properties: + patch: + description: Patch contains the JSON6902 patch document with + an array of operation objects. + items: + description: JSON6902 is a JSON6902 operation object. https://datatracker.ietf.org/doc/html/rfc6902#section-4 + properties: + from: + description: From contains a JSON-pointer value that references + a location within the target document where the operation + is performed. The meaning of the value depends on the + value of Op, and is NOT taken into account by all operations. + type: string + op: + description: Op indicates the operation to perform. Its + value MUST be one of "add", "remove", "replace", "move", + "copy", or "test". https://datatracker.ietf.org/doc/html/rfc6902#section-4 + enum: + - test + - remove + - add + - replace + - move + - copy + type: string + path: + description: Path contains the JSON-pointer value that + references a location within the target document where + the operation is performed. The meaning of the value + depends on the value of Op. + type: string + value: + description: Value contains a valid JSON structure. The + meaning of the value depends on the value of Op, and + is NOT taken into account by all operations. + x-kubernetes-preserve-unknown-fields: true + required: + - op + - path + type: object + type: array + target: + description: Target points to the resources that the patch document + should be applied to. + properties: + annotationSelector: + description: AnnotationSelector is a string that follows + the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api + It matches with the resource annotations. + type: string + group: + description: Group is the API group to select resources + from. Together with Version and Kind it is capable of + unambiguously identifying and/or selecting resources. + https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md + type: string + kind: + description: Kind of the API Group to select resources from. + Together with Group and Version it is capable of unambiguously + identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md + type: string + labelSelector: + description: LabelSelector is a string that follows the + label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api + It matches with the resource labels. + type: string + name: + description: Name to match resources with. + type: string + namespace: + description: Namespace to select resources from. + type: string + version: + description: Version of the API Group to select resources + from. Together with Group and Kind it is capable of unambiguously + identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md + type: string + type: object + required: + - patch + - target + type: object + type: array + patchesStrategicMerge: + description: Strategic merge patches, defined as inline YAML objects. + items: + x-kubernetes-preserve-unknown-fields: true + type: array + path: + description: Path to the directory containing the kustomization.yaml + file, or the set of plain YAMLs a kustomization.yaml should be generated + for. Defaults to 'None', which translates to the root path of the + SourceRef. + type: string + postBuild: + description: PostBuild describes which actions to perform on the YAML + manifest generated by building the kustomize overlay. + properties: + substitute: + additionalProperties: + type: string + description: Substitute holds a map of key/value pairs. The variables + defined in your YAML manifests that match any of the keys defined + in the map will be substituted with the set value. Includes + support for bash string replacement functions e.g. ${var:=default}, + ${var:position} and ${var/substring/replacement}. + type: object + substituteFrom: + description: SubstituteFrom holds references to ConfigMaps and + Secrets containing the variables and their values to be substituted + in the YAML manifests. The ConfigMap and the Secret data keys + represent the var names and they must match the vars declared + in the manifests for the substitution to happen. + items: + description: SubstituteReference contains a reference to a resource + containing the variables name and value. + properties: + kind: + description: Kind of the values referent, valid values are + ('Secret', 'ConfigMap'). + enum: + - Secret + - ConfigMap + type: string + name: + description: Name of the values referent. Should reside + in the same namespace as the referring resource. + maxLength: 253 + minLength: 1 + type: string + required: + - kind + - name + type: object + type: array + type: object + prune: + description: Prune enables garbage collection. + type: boolean + retryInterval: + description: The interval at which to retry a previously failed reconciliation. + When not specified, the controller uses the KustomizationSpec.Interval + value to retry failures. + type: string + serviceAccountName: + description: The name of the Kubernetes service account to impersonate + when reconciling this Kustomization. + type: string + sourceRef: + description: Reference of the source where the kustomization file + is. + properties: + apiVersion: + description: API version of the referent + type: string + kind: + description: Kind of the referent + enum: + - GitRepository + - Bucket + type: string + name: + description: Name of the referent + type: string + namespace: + description: Namespace of the referent, defaults to the Kustomization + namespace + type: string + required: + - kind + - name + type: object + suspend: + description: This flag tells the controller to suspend subsequent + kustomize executions, it does not apply to already started executions. + Defaults to false. + type: boolean + targetNamespace: + description: TargetNamespace sets or overrides the namespace in the + kustomization.yaml file. + maxLength: 63 + minLength: 1 + type: string + timeout: + description: Timeout for validation, apply and health checking operations. + Defaults to 'Interval' duration. + type: string + validation: + description: Validate the Kubernetes objects before applying them + on the cluster. The validation strategy can be 'client' (local dry-run), + 'server' (APIServer dry-run) or 'none'. When 'Force' is 'true', + validation will fallback to 'client' if set to 'server' because + server-side validation is not supported in this scenario. + enum: + - none + - client + - server + type: string + required: + - interval + - prune + - sourceRef + type: object + status: + default: + observedGeneration: -1 + description: KustomizationStatus defines the observed state of a kustomization. + properties: + conditions: + items: + description: "Condition contains details for one aspect of the current + state of this API Resource. --- This struct is intended for direct + use as an array at the field path .status.conditions. For example, + \n type FooStatus struct{ // Represents the observations of a + foo's current state. // Known .status.conditions.type are: \"Available\", + \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge + // +listType=map // +listMapKey=type Conditions []metav1.Condition + `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" + protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition + transitioned from one status to another. This should be when + the underlying condition changed. If that is not known, then + using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: message is a human readable message indicating + details about the transition. This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: observedGeneration represents the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.conditions[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: reason contains a programmatic identifier indicating + the reason for the condition's last transition. Producers + of specific condition types may define expected values and + meanings for this field, and whether the values are considered + a guaranteed API. The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + --- Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + lastAppliedRevision: + description: The last successfully applied revision. The revision + format for Git sources is /. + type: string + lastAttemptedRevision: + description: LastAttemptedRevision is the revision of the last reconciliation + attempt. + type: string + lastHandledReconcileAt: + description: LastHandledReconcileAt holds the value of the most recent + reconcile request value, so a change of the annotation value can + be detected. + type: string + observedGeneration: + description: ObservedGeneration is the last reconciled generation. + format: int64 + type: integer + snapshot: + description: The last successfully applied revision metadata. + properties: + checksum: + description: The manifests sha1 checksum. + type: string + entries: + description: A list of Kubernetes kinds grouped by namespace. + items: + description: Snapshot holds the metadata of namespaced Kubernetes + objects + properties: + kinds: + additionalProperties: + type: string + description: The list of Kubernetes kinds. + type: object + namespace: + description: The namespace of this entry. + type: string + required: + - kinds + type: object + type: array + required: + - checksum + - entries + type: object + type: object + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - jsonPath: .status.conditions[?(@.type=="Ready")].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=="Ready")].message + name: Status + type: string + deprecated: true + deprecationWarning: v1beta2 Kustomization is deprecated, upgrade to v1 + name: v1beta2 + schema: + openAPIV3Schema: + description: Kustomization is the Schema for the kustomizations API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: KustomizationSpec defines the configuration to calculate + the desired state from a Source using Kustomize. + properties: + commonMetadata: + description: CommonMetadata specifies the common labels and annotations + that are applied to all resources. Any existing label or annotation + will be overridden if its key matches a common one. + properties: + annotations: + additionalProperties: + type: string + description: Annotations to be added to the object's metadata. + type: object + labels: + additionalProperties: + type: string + description: Labels to be added to the object's metadata. + type: object + type: object + components: + description: Components specifies relative paths to specifications + of other Components. + items: + type: string + type: array + decryption: + description: Decrypt Kubernetes secrets before applying them on the + cluster. + properties: + provider: + description: Provider is the name of the decryption engine. + enum: + - sops + type: string + secretRef: + description: The secret name containing the private OpenPGP keys + used for decryption. + properties: + name: + description: Name of the referent. + type: string + required: + - name + type: object + required: + - provider + type: object + dependsOn: + description: DependsOn may contain a meta.NamespacedObjectReference + slice with references to Kustomization resources that must be ready + before this Kustomization can be reconciled. + items: + description: NamespacedObjectReference contains enough information + to locate the referenced Kubernetes resource object in any namespace. + properties: + name: + description: Name of the referent. + type: string + namespace: + description: Namespace of the referent, when not specified it + acts as LocalObjectReference. + type: string + required: + - name + type: object + type: array + force: + default: false + description: Force instructs the controller to recreate resources + when patching fails due to an immutable field change. + type: boolean + healthChecks: + description: A list of resources to be included in the health assessment. + items: + description: NamespacedObjectKindReference contains enough information + to locate the typed referenced Kubernetes resource object in any + namespace. + properties: + apiVersion: + description: API version of the referent, if not specified the + Kubernetes preferred version will be used. + type: string + kind: + description: Kind of the referent. + type: string + name: + description: Name of the referent. + type: string + namespace: + description: Namespace of the referent, when not specified it + acts as LocalObjectReference. + type: string + required: + - kind + - name + type: object + type: array + images: + description: Images is a list of (image name, new name, new tag or + digest) for changing image names, tags or digests. This can also + be achieved with a patch, but this operator is simpler to specify. + items: + description: Image contains an image name, a new name, a new tag + or digest, which will replace the original name and tag. + properties: + digest: + description: Digest is the value used to replace the original + image tag. If digest is present NewTag value is ignored. + type: string + name: + description: Name is a tag-less image name. + type: string + newName: + description: NewName is the value used to replace the original + name. + type: string + newTag: + description: NewTag is the value used to replace the original + tag. + type: string + required: + - name + type: object + type: array + interval: + description: The interval at which to reconcile the Kustomization. + pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ + type: string + kubeConfig: + description: The KubeConfig for reconciling the Kustomization on a + remote cluster. When used in combination with KustomizationSpec.ServiceAccountName, + forces the controller to act on behalf of that Service Account at + the target cluster. If the --default-service-account flag is set, + its value will be used as a controller level fallback for when KustomizationSpec.ServiceAccountName + is empty. + properties: + secretRef: + description: SecretRef holds the name of a secret that contains + a key with the kubeconfig file as the value. If no key is set, + the key will default to 'value'. It is recommended that the + kubeconfig is self-contained, and the secret is regularly updated + if credentials such as a cloud-access-token expire. Cloud specific + `cmd-path` auth helpers will not function without adding binaries + and credentials to the Pod that is responsible for reconciling + Kubernetes resources. + properties: + key: + description: Key in the Secret, when not specified an implementation-specific + default key is used. + type: string + name: + description: Name of the Secret. + type: string + required: + - name + type: object + required: + - secretRef + type: object + patches: + description: Strategic merge and JSON patches, defined as inline YAML + objects, capable of targeting objects based on kind, label and annotation + selectors. + items: + description: Patch contains an inline StrategicMerge or JSON6902 + patch, and the target the patch should be applied to. + properties: + patch: + description: Patch contains an inline StrategicMerge patch or + an inline JSON6902 patch with an array of operation objects. + type: string + target: + description: Target points to the resources that the patch document + should be applied to. + properties: + annotationSelector: + description: AnnotationSelector is a string that follows + the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api + It matches with the resource annotations. + type: string + group: + description: Group is the API group to select resources + from. Together with Version and Kind it is capable of + unambiguously identifying and/or selecting resources. + https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md + type: string + kind: + description: Kind of the API Group to select resources from. + Together with Group and Version it is capable of unambiguously + identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md + type: string + labelSelector: + description: LabelSelector is a string that follows the + label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api + It matches with the resource labels. + type: string + name: + description: Name to match resources with. + type: string + namespace: + description: Namespace to select resources from. + type: string + version: + description: Version of the API Group to select resources + from. Together with Group and Kind it is capable of unambiguously + identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md + type: string + type: object + required: + - patch + type: object + type: array + patchesJson6902: + description: 'JSON 6902 patches, defined as inline YAML objects. Deprecated: + Use Patches instead.' + items: + description: JSON6902Patch contains a JSON6902 patch and the target + the patch should be applied to. + properties: + patch: + description: Patch contains the JSON6902 patch document with + an array of operation objects. + items: + description: JSON6902 is a JSON6902 operation object. https://datatracker.ietf.org/doc/html/rfc6902#section-4 + properties: + from: + description: From contains a JSON-pointer value that references + a location within the target document where the operation + is performed. The meaning of the value depends on the + value of Op, and is NOT taken into account by all operations. + type: string + op: + description: Op indicates the operation to perform. Its + value MUST be one of "add", "remove", "replace", "move", + "copy", or "test". https://datatracker.ietf.org/doc/html/rfc6902#section-4 + enum: + - test + - remove + - add + - replace + - move + - copy + type: string + path: + description: Path contains the JSON-pointer value that + references a location within the target document where + the operation is performed. The meaning of the value + depends on the value of Op. + type: string + value: + description: Value contains a valid JSON structure. The + meaning of the value depends on the value of Op, and + is NOT taken into account by all operations. + x-kubernetes-preserve-unknown-fields: true + required: + - op + - path + type: object + type: array + target: + description: Target points to the resources that the patch document + should be applied to. + properties: + annotationSelector: + description: AnnotationSelector is a string that follows + the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api + It matches with the resource annotations. + type: string + group: + description: Group is the API group to select resources + from. Together with Version and Kind it is capable of + unambiguously identifying and/or selecting resources. + https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md + type: string + kind: + description: Kind of the API Group to select resources from. + Together with Group and Version it is capable of unambiguously + identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md + type: string + labelSelector: + description: LabelSelector is a string that follows the + label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api + It matches with the resource labels. + type: string + name: + description: Name to match resources with. + type: string + namespace: + description: Namespace to select resources from. + type: string + version: + description: Version of the API Group to select resources + from. Together with Group and Kind it is capable of unambiguously + identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md + type: string + type: object + required: + - patch + - target + type: object + type: array + patchesStrategicMerge: + description: 'Strategic merge patches, defined as inline YAML objects. + Deprecated: Use Patches instead.' + items: + x-kubernetes-preserve-unknown-fields: true + type: array + path: + description: Path to the directory containing the kustomization.yaml + file, or the set of plain YAMLs a kustomization.yaml should be generated + for. Defaults to 'None', which translates to the root path of the + SourceRef. + type: string + postBuild: + description: PostBuild describes which actions to perform on the YAML + manifest generated by building the kustomize overlay. + properties: + substitute: + additionalProperties: + type: string + description: Substitute holds a map of key/value pairs. The variables + defined in your YAML manifests that match any of the keys defined + in the map will be substituted with the set value. Includes + support for bash string replacement functions e.g. ${var:=default}, + ${var:position} and ${var/substring/replacement}. + type: object + substituteFrom: + description: SubstituteFrom holds references to ConfigMaps and + Secrets containing the variables and their values to be substituted + in the YAML manifests. The ConfigMap and the Secret data keys + represent the var names and they must match the vars declared + in the manifests for the substitution to happen. + items: + description: SubstituteReference contains a reference to a resource + containing the variables name and value. + properties: + kind: + description: Kind of the values referent, valid values are + ('Secret', 'ConfigMap'). + enum: + - Secret + - ConfigMap + type: string + name: + description: Name of the values referent. Should reside + in the same namespace as the referring resource. + maxLength: 253 + minLength: 1 + type: string + optional: + default: false + description: Optional indicates whether the referenced resource + must exist, or whether to tolerate its absence. If true + and the referenced resource is absent, proceed as if the + resource was present but empty, without any variables + defined. + type: boolean + required: + - kind + - name + type: object + type: array + type: object + prune: + description: Prune enables garbage collection. + type: boolean + retryInterval: + description: The interval at which to retry a previously failed reconciliation. + When not specified, the controller uses the KustomizationSpec.Interval + value to retry failures. + pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ + type: string + serviceAccountName: + description: The name of the Kubernetes service account to impersonate + when reconciling this Kustomization. + type: string + sourceRef: + description: Reference of the source where the kustomization file + is. + properties: + apiVersion: + description: API version of the referent. + type: string + kind: + description: Kind of the referent. + enum: + - OCIRepository + - GitRepository + - Bucket + type: string + name: + description: Name of the referent. + type: string + namespace: + description: Namespace of the referent, defaults to the namespace + of the Kubernetes resource object that contains the reference. + type: string + required: + - kind + - name + type: object + suspend: + description: This flag tells the controller to suspend subsequent + kustomize executions, it does not apply to already started executions. + Defaults to false. + type: boolean + targetNamespace: + description: TargetNamespace sets or overrides the namespace in the + kustomization.yaml file. + maxLength: 63 + minLength: 1 + type: string + timeout: + description: Timeout for validation, apply and health checking operations. + Defaults to 'Interval' duration. + pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ + type: string + validation: + description: 'Deprecated: Not used in v1beta2.' + enum: + - none + - client + - server + type: string + wait: + description: Wait instructs the controller to check the health of + all the reconciled resources. When enabled, the HealthChecks are + ignored. Defaults to false. + type: boolean + required: + - interval + - prune + - sourceRef + type: object + status: + default: + observedGeneration: -1 + description: KustomizationStatus defines the observed state of a kustomization. + properties: + conditions: + items: + description: "Condition contains details for one aspect of the current + state of this API Resource. --- This struct is intended for direct + use as an array at the field path .status.conditions. For example, + \n type FooStatus struct{ // Represents the observations of a + foo's current state. // Known .status.conditions.type are: \"Available\", + \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge + // +listType=map // +listMapKey=type Conditions []metav1.Condition + `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" + protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition + transitioned from one status to another. This should be when + the underlying condition changed. If that is not known, then + using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: message is a human readable message indicating + details about the transition. This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: observedGeneration represents the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.conditions[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: reason contains a programmatic identifier indicating + the reason for the condition's last transition. Producers + of specific condition types may define expected values and + meanings for this field, and whether the values are considered + a guaranteed API. The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + --- Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + inventory: + description: Inventory contains the list of Kubernetes resource object + references that have been successfully applied. + properties: + entries: + description: Entries of Kubernetes resource object references. + items: + description: ResourceRef contains the information necessary + to locate a resource within a cluster. + properties: + id: + description: ID is the string representation of the Kubernetes + resource object's metadata, in the format '___'. + type: string + v: + description: Version is the API version of the Kubernetes + resource object's kind. + type: string + required: + - id + - v + type: object + type: array + required: + - entries + type: object + lastAppliedRevision: + description: The last successfully applied revision. Equals the Revision + of the applied Artifact from the referenced Source. + type: string + lastAttemptedRevision: + description: LastAttemptedRevision is the revision of the last reconciliation + attempt. + type: string + lastHandledReconcileAt: + description: LastHandledReconcileAt holds the value of the most recent + reconcile request value, so a change of the annotation value can + be detected. + type: string + observedGeneration: + description: ObservedGeneration is the last reconciled generation. + format: int64 + type: integer + type: object + type: object + served: true + storage: false + subresources: + status: {} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/component: kustomize-controller + app.kubernetes.io/instance: flux-system + app.kubernetes.io/part-of: flux + app.kubernetes.io/version: v2.1.2 + name: kustomize-controller + namespace: flux-system +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/component: kustomize-controller + app.kubernetes.io/instance: flux-system + app.kubernetes.io/part-of: flux + app.kubernetes.io/version: v2.1.2 + control-plane: controller + name: kustomize-controller + namespace: flux-system +spec: + replicas: 1 + selector: + matchLabels: + app: kustomize-controller + template: + metadata: + annotations: + prometheus.io/port: "8080" + prometheus.io/scrape: "true" + labels: + app: kustomize-controller + spec: + containers: + - args: + - --events-addr=http://notification-controller.flux-system.svc.cluster.local./ + - --watch-all-namespaces=true + - --log-level=info + - --log-encoding=json + - --enable-leader-election + env: + - name: RUNTIME_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + image: ghcr.io/fluxcd/kustomize-controller:v1.1.1 + imagePullPolicy: IfNotPresent + livenessProbe: + httpGet: + path: /healthz + port: healthz + name: manager + ports: + - containerPort: 8080 + name: http-prom + protocol: TCP + - containerPort: 9440 + name: healthz + protocol: TCP + readinessProbe: + httpGet: + path: /readyz + port: healthz + resources: + limits: + cpu: 1000m + memory: 1Gi + requests: + cpu: 100m + memory: 64Mi + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault + volumeMounts: + - mountPath: /tmp + name: temp + nodeSelector: + kubernetes.io/os: linux + priorityClassName: system-cluster-critical + securityContext: + fsGroup: 1337 + serviceAccountName: kustomize-controller + terminationGracePeriodSeconds: 60 + volumes: + - emptyDir: {} + name: temp +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.12.0 + labels: + app.kubernetes.io/component: helm-controller + app.kubernetes.io/instance: flux-system + app.kubernetes.io/part-of: flux + app.kubernetes.io/version: v2.1.2 + name: helmreleases.helm.toolkit.fluxcd.io +spec: + group: helm.toolkit.fluxcd.io + names: + kind: HelmRelease + listKind: HelmReleaseList + plural: helmreleases + shortNames: + - hr + singular: helmrelease + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - jsonPath: .status.conditions[?(@.type=="Ready")].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=="Ready")].message + name: Status + type: string + name: v2beta1 + schema: + openAPIV3Schema: + description: HelmRelease is the Schema for the helmreleases API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: HelmReleaseSpec defines the desired state of a Helm release. + properties: + chart: + description: Chart defines the template of the v1beta2.HelmChart that + should be created for this HelmRelease. + properties: + metadata: + description: ObjectMeta holds the template for metadata like labels + and annotations. + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations is an unstructured key value map + stored with a resource that may be set by external tools + to store and retrieve arbitrary metadata. They are not queryable + and should be preserved when modifying objects. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/' + type: object + labels: + additionalProperties: + type: string + description: 'Map of string keys and values that can be used + to organize and categorize (scope and select) objects. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/' + type: object + type: object + spec: + description: Spec holds the template for the v1beta2.HelmChartSpec + for this HelmRelease. + properties: + chart: + description: The name or path the Helm chart is available + at in the SourceRef. + type: string + interval: + description: Interval at which to check the v1beta2.Source + for updates. Defaults to 'HelmReleaseSpec.Interval'. + pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ + type: string + reconcileStrategy: + default: ChartVersion + description: Determines what enables the creation of a new + artifact. Valid values are ('ChartVersion', 'Revision'). + See the documentation of the values for an explanation on + their behavior. Defaults to ChartVersion when omitted. + enum: + - ChartVersion + - Revision + type: string + sourceRef: + description: The name and namespace of the v1beta2.Source + the chart is available at. + properties: + apiVersion: + description: APIVersion of the referent. + type: string + kind: + description: Kind of the referent. + enum: + - HelmRepository + - GitRepository + - Bucket + type: string + name: + description: Name of the referent. + maxLength: 253 + minLength: 1 + type: string + namespace: + description: Namespace of the referent. + maxLength: 63 + minLength: 1 + type: string + required: + - name + type: object + valuesFile: + description: Alternative values file to use as the default + chart values, expected to be a relative path in the SourceRef. + Deprecated in favor of ValuesFiles, for backwards compatibility + the file defined here is merged before the ValuesFiles items. + Ignored when omitted. + type: string + valuesFiles: + description: Alternative list of values files to use as the + chart values (values.yaml is not included by default), expected + to be a relative path in the SourceRef. Values files are + merged in the order of this list with the last file overriding + the first. Ignored when omitted. + items: + type: string + type: array + verify: + description: Verify contains the secret name containing the + trusted public keys used to verify the signature and specifies + which provider to use to check whether OCI image is authentic. + This field is only supported for OCI sources. Chart dependencies, + which are not bundled in the umbrella chart artifact, are + not verified. + properties: + provider: + default: cosign + description: Provider specifies the technology used to + sign the OCI Helm chart. + enum: + - cosign + type: string + secretRef: + description: SecretRef specifies the Kubernetes Secret + containing the trusted public keys. + properties: + name: + description: Name of the referent. + type: string + required: + - name + type: object + required: + - provider + type: object + version: + default: '*' + description: Version semver expression, ignored for charts + from v1beta2.GitRepository and v1beta2.Bucket sources. Defaults + to latest when omitted. + type: string + required: + - chart + - sourceRef + type: object + required: + - spec + type: object + dependsOn: + description: DependsOn may contain a meta.NamespacedObjectReference + slice with references to HelmRelease resources that must be ready + before this HelmRelease can be reconciled. + items: + description: NamespacedObjectReference contains enough information + to locate the referenced Kubernetes resource object in any namespace. + properties: + name: + description: Name of the referent. + type: string + namespace: + description: Namespace of the referent, when not specified it + acts as LocalObjectReference. + type: string + required: + - name + type: object + type: array + install: + description: Install holds the configuration for Helm install actions + for this HelmRelease. + properties: + crds: + description: "CRDs upgrade CRDs from the Helm Chart's crds directory + according to the CRD upgrade policy provided here. Valid values + are `Skip`, `Create` or `CreateReplace`. Default is `Create` + and if omitted CRDs are installed but not updated. \n Skip: + do neither install nor replace (update) any CRDs. \n Create: + new CRDs are created, existing CRDs are neither updated nor + deleted. \n CreateReplace: new CRDs are created, existing CRDs + are updated (replaced) but not deleted. \n By default, CRDs + are applied (installed) during Helm install action. With this + option users can opt-in to CRD replace existing CRDs on Helm + install actions, which is not (yet) natively supported by Helm. + https://helm.sh/docs/chart_best_practices/custom_resource_definitions." + enum: + - Skip + - Create + - CreateReplace + type: string + createNamespace: + description: CreateNamespace tells the Helm install action to + create the HelmReleaseSpec.TargetNamespace if it does not exist + yet. On uninstall, the namespace will not be garbage collected. + type: boolean + disableHooks: + description: DisableHooks prevents hooks from running during the + Helm install action. + type: boolean + disableOpenAPIValidation: + description: DisableOpenAPIValidation prevents the Helm install + action from validating rendered templates against the Kubernetes + OpenAPI Schema. + type: boolean + disableWait: + description: DisableWait disables the waiting for resources to + be ready after a Helm install has been performed. + type: boolean + disableWaitForJobs: + description: DisableWaitForJobs disables waiting for jobs to complete + after a Helm install has been performed. + type: boolean + remediation: + description: Remediation holds the remediation configuration for + when the Helm install action for the HelmRelease fails. The + default is to not perform any action. + properties: + ignoreTestFailures: + description: IgnoreTestFailures tells the controller to skip + remediation when the Helm tests are run after an install + action but fail. Defaults to 'Test.IgnoreFailures'. + type: boolean + remediateLastFailure: + description: RemediateLastFailure tells the controller to + remediate the last failure, when no retries remain. Defaults + to 'false'. + type: boolean + retries: + description: Retries is the number of retries that should + be attempted on failures before bailing. Remediation, using + an uninstall, is performed between each attempt. Defaults + to '0', a negative integer equals to unlimited retries. + type: integer + type: object + replace: + description: Replace tells the Helm install action to re-use the + 'ReleaseName', but only if that name is a deleted release which + remains in the history. + type: boolean + skipCRDs: + description: "SkipCRDs tells the Helm install action to not install + any CRDs. By default, CRDs are installed if not already present. + \n Deprecated use CRD policy (`crds`) attribute with value `Skip` + instead." + type: boolean + timeout: + description: Timeout is the time to wait for any individual Kubernetes + operation (like Jobs for hooks) during the performance of a + Helm install action. Defaults to 'HelmReleaseSpec.Timeout'. + pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ + type: string + type: object + interval: + description: Interval at which to reconcile the Helm release. This + interval is approximate and may be subject to jitter to ensure efficient + use of resources. + pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ + type: string + kubeConfig: + description: KubeConfig for reconciling the HelmRelease on a remote + cluster. When used in combination with HelmReleaseSpec.ServiceAccountName, + forces the controller to act on behalf of that Service Account at + the target cluster. If the --default-service-account flag is set, + its value will be used as a controller level fallback for when HelmReleaseSpec.ServiceAccountName + is empty. + properties: + secretRef: + description: SecretRef holds the name of a secret that contains + a key with the kubeconfig file as the value. If no key is set, + the key will default to 'value'. It is recommended that the + kubeconfig is self-contained, and the secret is regularly updated + if credentials such as a cloud-access-token expire. Cloud specific + `cmd-path` auth helpers will not function without adding binaries + and credentials to the Pod that is responsible for reconciling + Kubernetes resources. + properties: + key: + description: Key in the Secret, when not specified an implementation-specific + default key is used. + type: string + name: + description: Name of the Secret. + type: string + required: + - name + type: object + required: + - secretRef + type: object + maxHistory: + description: MaxHistory is the number of revisions saved by Helm for + this HelmRelease. Use '0' for an unlimited number of revisions; + defaults to '10'. + type: integer + persistentClient: + description: "PersistentClient tells the controller to use a persistent + Kubernetes client for this release. When enabled, the client will + be reused for the duration of the reconciliation, instead of being + created and destroyed for each (step of a) Helm action. \n This + can improve performance, but may cause issues with some Helm charts + that for example do create Custom Resource Definitions during installation + outside Helm's CRD lifecycle hooks, which are then not observed + to be available by e.g. post-install hooks. \n If not set, it defaults + to true." + type: boolean + postRenderers: + description: PostRenderers holds an array of Helm PostRenderers, which + will be applied in order of their definition. + items: + description: PostRenderer contains a Helm PostRenderer specification. + properties: + kustomize: + description: Kustomization to apply as PostRenderer. + properties: + images: + description: Images is a list of (image name, new name, + new tag or digest) for changing image names, tags or digests. + This can also be achieved with a patch, but this operator + is simpler to specify. + items: + description: Image contains an image name, a new name, + a new tag or digest, which will replace the original + name and tag. + properties: + digest: + description: Digest is the value used to replace the + original image tag. If digest is present NewTag + value is ignored. + type: string + name: + description: Name is a tag-less image name. + type: string + newName: + description: NewName is the value used to replace + the original name. + type: string + newTag: + description: NewTag is the value used to replace the + original tag. + type: string + required: + - name + type: object + type: array + patches: + description: Strategic merge and JSON patches, defined as + inline YAML objects, capable of targeting objects based + on kind, label and annotation selectors. + items: + description: Patch contains an inline StrategicMerge or + JSON6902 patch, and the target the patch should be applied + to. + properties: + patch: + description: Patch contains an inline StrategicMerge + patch or an inline JSON6902 patch with an array + of operation objects. + type: string + target: + description: Target points to the resources that the + patch document should be applied to. + properties: + annotationSelector: + description: AnnotationSelector is a string that + follows the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api + It matches with the resource annotations. + type: string + group: + description: Group is the API group to select + resources from. Together with Version and Kind + it is capable of unambiguously identifying and/or + selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md + type: string + kind: + description: Kind of the API Group to select resources + from. Together with Group and Version it is + capable of unambiguously identifying and/or + selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md + type: string + labelSelector: + description: LabelSelector is a string that follows + the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api + It matches with the resource labels. + type: string + name: + description: Name to match resources with. + type: string + namespace: + description: Namespace to select resources from. + type: string + version: + description: Version of the API Group to select + resources from. Together with Group and Kind + it is capable of unambiguously identifying and/or + selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md + type: string + type: object + required: + - patch + type: object + type: array + patchesJson6902: + description: JSON 6902 patches, defined as inline YAML objects. + items: + description: JSON6902Patch contains a JSON6902 patch and + the target the patch should be applied to. + properties: + patch: + description: Patch contains the JSON6902 patch document + with an array of operation objects. + items: + description: JSON6902 is a JSON6902 operation object. + https://datatracker.ietf.org/doc/html/rfc6902#section-4 + properties: + from: + description: From contains a JSON-pointer value + that references a location within the target + document where the operation is performed. + The meaning of the value depends on the value + of Op, and is NOT taken into account by all + operations. + type: string + op: + description: Op indicates the operation to perform. + Its value MUST be one of "add", "remove", + "replace", "move", "copy", or "test". https://datatracker.ietf.org/doc/html/rfc6902#section-4 + enum: + - test + - remove + - add + - replace + - move + - copy + type: string + path: + description: Path contains the JSON-pointer + value that references a location within the + target document where the operation is performed. + The meaning of the value depends on the value + of Op. + type: string + value: + description: Value contains a valid JSON structure. + The meaning of the value depends on the value + of Op, and is NOT taken into account by all + operations. + x-kubernetes-preserve-unknown-fields: true + required: + - op + - path + type: object + type: array + target: + description: Target points to the resources that the + patch document should be applied to. + properties: + annotationSelector: + description: AnnotationSelector is a string that + follows the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api + It matches with the resource annotations. + type: string + group: + description: Group is the API group to select + resources from. Together with Version and Kind + it is capable of unambiguously identifying and/or + selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md + type: string + kind: + description: Kind of the API Group to select resources + from. Together with Group and Version it is + capable of unambiguously identifying and/or + selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md + type: string + labelSelector: + description: LabelSelector is a string that follows + the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api + It matches with the resource labels. + type: string + name: + description: Name to match resources with. + type: string + namespace: + description: Namespace to select resources from. + type: string + version: + description: Version of the API Group to select + resources from. Together with Group and Kind + it is capable of unambiguously identifying and/or + selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md + type: string + type: object + required: + - patch + - target + type: object + type: array + patchesStrategicMerge: + description: Strategic merge patches, defined as inline + YAML objects. + items: + x-kubernetes-preserve-unknown-fields: true + type: array + type: object + type: object + type: array + releaseName: + description: ReleaseName used for the Helm release. Defaults to a + composition of '[TargetNamespace-]Name'. + maxLength: 53 + minLength: 1 + type: string + rollback: + description: Rollback holds the configuration for Helm rollback actions + for this HelmRelease. + properties: + cleanupOnFail: + description: CleanupOnFail allows deletion of new resources created + during the Helm rollback action when it fails. + type: boolean + disableHooks: + description: DisableHooks prevents hooks from running during the + Helm rollback action. + type: boolean + disableWait: + description: DisableWait disables the waiting for resources to + be ready after a Helm rollback has been performed. + type: boolean + disableWaitForJobs: + description: DisableWaitForJobs disables waiting for jobs to complete + after a Helm rollback has been performed. + type: boolean + force: + description: Force forces resource updates through a replacement + strategy. + type: boolean + recreate: + description: Recreate performs pod restarts for the resource if + applicable. + type: boolean + timeout: + description: Timeout is the time to wait for any individual Kubernetes + operation (like Jobs for hooks) during the performance of a + Helm rollback action. Defaults to 'HelmReleaseSpec.Timeout'. + pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ + type: string + type: object + serviceAccountName: + description: The name of the Kubernetes service account to impersonate + when reconciling this HelmRelease. + type: string + storageNamespace: + description: StorageNamespace used for the Helm storage. Defaults + to the namespace of the HelmRelease. + maxLength: 63 + minLength: 1 + type: string + suspend: + description: Suspend tells the controller to suspend reconciliation + for this HelmRelease, it does not apply to already started reconciliations. + Defaults to false. + type: boolean + targetNamespace: + description: TargetNamespace to target when performing operations + for the HelmRelease. Defaults to the namespace of the HelmRelease. + maxLength: 63 + minLength: 1 + type: string + test: + description: Test holds the configuration for Helm test actions for + this HelmRelease. + properties: + enable: + description: Enable enables Helm test actions for this HelmRelease + after an Helm install or upgrade action has been performed. + type: boolean + ignoreFailures: + description: IgnoreFailures tells the controller to skip remediation + when the Helm tests are run but fail. Can be overwritten for + tests run after install or upgrade actions in 'Install.IgnoreTestFailures' + and 'Upgrade.IgnoreTestFailures'. + type: boolean + timeout: + description: Timeout is the time to wait for any individual Kubernetes + operation during the performance of a Helm test action. Defaults + to 'HelmReleaseSpec.Timeout'. + pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ + type: string + type: object + timeout: + description: Timeout is the time to wait for any individual Kubernetes + operation (like Jobs for hooks) during the performance of a Helm + action. Defaults to '5m0s'. + pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ + type: string + uninstall: + description: Uninstall holds the configuration for Helm uninstall + actions for this HelmRelease. + properties: + deletionPropagation: + default: background + description: DeletionPropagation specifies the deletion propagation + policy when a Helm uninstall is performed. + enum: + - background + - foreground + - orphan + type: string + disableHooks: + description: DisableHooks prevents hooks from running during the + Helm rollback action. + type: boolean + disableWait: + description: DisableWait disables waiting for all the resources + to be deleted after a Helm uninstall is performed. + type: boolean + keepHistory: + description: KeepHistory tells Helm to remove all associated resources + and mark the release as deleted, but retain the release history. + type: boolean + timeout: + description: Timeout is the time to wait for any individual Kubernetes + operation (like Jobs for hooks) during the performance of a + Helm uninstall action. Defaults to 'HelmReleaseSpec.Timeout'. + pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ + type: string + type: object + upgrade: + description: Upgrade holds the configuration for Helm upgrade actions + for this HelmRelease. + properties: + cleanupOnFail: + description: CleanupOnFail allows deletion of new resources created + during the Helm upgrade action when it fails. + type: boolean + crds: + description: "CRDs upgrade CRDs from the Helm Chart's crds directory + according to the CRD upgrade policy provided here. Valid values + are `Skip`, `Create` or `CreateReplace`. Default is `Skip` and + if omitted CRDs are neither installed nor upgraded. \n Skip: + do neither install nor replace (update) any CRDs. \n Create: + new CRDs are created, existing CRDs are neither updated nor + deleted. \n CreateReplace: new CRDs are created, existing CRDs + are updated (replaced) but not deleted. \n By default, CRDs + are not applied during Helm upgrade action. With this option + users can opt-in to CRD upgrade, which is not (yet) natively + supported by Helm. https://helm.sh/docs/chart_best_practices/custom_resource_definitions." + enum: + - Skip + - Create + - CreateReplace + type: string + disableHooks: + description: DisableHooks prevents hooks from running during the + Helm upgrade action. + type: boolean + disableOpenAPIValidation: + description: DisableOpenAPIValidation prevents the Helm upgrade + action from validating rendered templates against the Kubernetes + OpenAPI Schema. + type: boolean + disableWait: + description: DisableWait disables the waiting for resources to + be ready after a Helm upgrade has been performed. + type: boolean + disableWaitForJobs: + description: DisableWaitForJobs disables waiting for jobs to complete + after a Helm upgrade has been performed. + type: boolean + force: + description: Force forces resource updates through a replacement + strategy. + type: boolean + preserveValues: + description: PreserveValues will make Helm reuse the last release's + values and merge in overrides from 'Values'. Setting this flag + makes the HelmRelease non-declarative. + type: boolean + remediation: + description: Remediation holds the remediation configuration for + when the Helm upgrade action for the HelmRelease fails. The + default is to not perform any action. + properties: + ignoreTestFailures: + description: IgnoreTestFailures tells the controller to skip + remediation when the Helm tests are run after an upgrade + action but fail. Defaults to 'Test.IgnoreFailures'. + type: boolean + remediateLastFailure: + description: RemediateLastFailure tells the controller to + remediate the last failure, when no retries remain. Defaults + to 'false' unless 'Retries' is greater than 0. + type: boolean + retries: + description: Retries is the number of retries that should + be attempted on failures before bailing. Remediation, using + 'Strategy', is performed between each attempt. Defaults + to '0', a negative integer equals to unlimited retries. + type: integer + strategy: + description: Strategy to use for failure remediation. Defaults + to 'rollback'. + enum: + - rollback + - uninstall + type: string + type: object + timeout: + description: Timeout is the time to wait for any individual Kubernetes + operation (like Jobs for hooks) during the performance of a + Helm upgrade action. Defaults to 'HelmReleaseSpec.Timeout'. + pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ + type: string + type: object + values: + description: Values holds the values for this Helm release. + x-kubernetes-preserve-unknown-fields: true + valuesFrom: + description: ValuesFrom holds references to resources containing Helm + values for this HelmRelease, and information about how they should + be merged. + items: + description: ValuesReference contains a reference to a resource + containing Helm values, and optionally the key they can be found + at. + properties: + kind: + description: Kind of the values referent, valid values are ('Secret', + 'ConfigMap'). + enum: + - Secret + - ConfigMap + type: string + name: + description: Name of the values referent. Should reside in the + same namespace as the referring resource. + maxLength: 253 + minLength: 1 + type: string + optional: + description: Optional marks this ValuesReference as optional. + When set, a not found error for the values reference is ignored, + but any ValuesKey, TargetPath or transient error will still + result in a reconciliation failure. + type: boolean + targetPath: + description: TargetPath is the YAML dot notation path the value + should be merged at. When set, the ValuesKey is expected to + be a single flat value. Defaults to 'None', which results + in the values getting merged at the root. + maxLength: 250 + pattern: ^([a-zA-Z0-9_\-.\\\/]|\[[0-9]{1,5}\])+$ + type: string + valuesKey: + description: ValuesKey is the data key where the values.yaml + or a specific value can be found at. Defaults to 'values.yaml'. + When set, must be a valid Data Key, consisting of alphanumeric + characters, '-', '_' or '.'. + maxLength: 253 + pattern: ^[\-._a-zA-Z0-9]+$ + type: string + required: + - kind + - name + type: object + type: array + required: + - chart + - interval + type: object + status: + default: + observedGeneration: -1 + description: HelmReleaseStatus defines the observed state of a HelmRelease. + properties: + conditions: + description: Conditions holds the conditions for the HelmRelease. + items: + description: "Condition contains details for one aspect of the current + state of this API Resource. --- This struct is intended for direct + use as an array at the field path .status.conditions. For example, + \n type FooStatus struct{ // Represents the observations of a + foo's current state. // Known .status.conditions.type are: \"Available\", + \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge + // +listType=map // +listMapKey=type Conditions []metav1.Condition + `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" + protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition + transitioned from one status to another. This should be when + the underlying condition changed. If that is not known, then + using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: message is a human readable message indicating + details about the transition. This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: observedGeneration represents the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.conditions[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: reason contains a programmatic identifier indicating + the reason for the condition's last transition. Producers + of specific condition types may define expected values and + meanings for this field, and whether the values are considered + a guaranteed API. The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + --- Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + failures: + description: Failures is the reconciliation failure count against + the latest desired state. It is reset after a successful reconciliation. + format: int64 + type: integer + helmChart: + description: HelmChart is the namespaced name of the HelmChart resource + created by the controller for the HelmRelease. + type: string + installFailures: + description: InstallFailures is the install failure count against + the latest desired state. It is reset after a successful reconciliation. + format: int64 + type: integer + lastAppliedRevision: + description: LastAppliedRevision is the revision of the last successfully + applied source. + type: string + lastAttemptedRevision: + description: LastAttemptedRevision is the revision of the last reconciliation + attempt. + type: string + lastAttemptedValuesChecksum: + description: LastAttemptedValuesChecksum is the SHA1 checksum of the + values of the last reconciliation attempt. + type: string + lastHandledReconcileAt: + description: LastHandledReconcileAt holds the value of the most recent + reconcile request value, so a change of the annotation value can + be detected. + type: string + lastReleaseRevision: + description: LastReleaseRevision is the revision of the last successful + Helm release. + type: integer + observedGeneration: + description: ObservedGeneration is the last observed generation. + format: int64 + type: integer + upgradeFailures: + description: UpgradeFailures is the upgrade failure count against + the latest desired state. It is reset after a successful reconciliation. + format: int64 + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/component: helm-controller + app.kubernetes.io/instance: flux-system + app.kubernetes.io/part-of: flux + app.kubernetes.io/version: v2.1.2 + name: helm-controller + namespace: flux-system +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/component: helm-controller + app.kubernetes.io/instance: flux-system + app.kubernetes.io/part-of: flux + app.kubernetes.io/version: v2.1.2 + control-plane: controller + name: helm-controller + namespace: flux-system +spec: + replicas: 1 + selector: + matchLabels: + app: helm-controller + template: + metadata: + annotations: + prometheus.io/port: "8080" + prometheus.io/scrape: "true" + labels: + app: helm-controller + spec: + containers: + - args: + - --events-addr=http://notification-controller.flux-system.svc.cluster.local./ + - --watch-all-namespaces=true + - --log-level=info + - --log-encoding=json + - --enable-leader-election + env: + - name: RUNTIME_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + image: ghcr.io/fluxcd/helm-controller:v0.36.2 + imagePullPolicy: IfNotPresent + livenessProbe: + httpGet: + path: /healthz + port: healthz + name: manager + ports: + - containerPort: 8080 + name: http-prom + protocol: TCP + - containerPort: 9440 + name: healthz + protocol: TCP + readinessProbe: + httpGet: + path: /readyz + port: healthz + resources: + limits: + cpu: 1000m + memory: 1Gi + requests: + cpu: 100m + memory: 64Mi + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault + volumeMounts: + - mountPath: /tmp + name: temp + nodeSelector: + kubernetes.io/os: linux + priorityClassName: system-cluster-critical + securityContext: + fsGroup: 1337 + serviceAccountName: helm-controller + terminationGracePeriodSeconds: 600 + volumes: + - emptyDir: {} + name: temp +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.12.0 + labels: + app.kubernetes.io/component: notification-controller + app.kubernetes.io/instance: flux-system + app.kubernetes.io/part-of: flux + app.kubernetes.io/version: v2.1.2 + name: alerts.notification.toolkit.fluxcd.io +spec: + group: notification.toolkit.fluxcd.io + names: + kind: Alert + listKind: AlertList + plural: alerts + singular: alert + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - jsonPath: .status.conditions[?(@.type=="Ready")].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=="Ready")].message + name: Status + type: string + name: v1beta1 + schema: + openAPIV3Schema: + description: Alert is the Schema for the alerts API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: AlertSpec defines an alerting rule for events involving a + list of objects + properties: + eventSeverity: + default: info + description: Filter events based on severity, defaults to ('info'). + If set to 'info' no events will be filtered. + enum: + - info + - error + type: string + eventSources: + description: Filter events based on the involved objects. + items: + description: CrossNamespaceObjectReference contains enough information + to let you locate the typed referenced object at cluster level + properties: + apiVersion: + description: API version of the referent + type: string + kind: + description: Kind of the referent + enum: + - Bucket + - GitRepository + - Kustomization + - HelmRelease + - HelmChart + - HelmRepository + - ImageRepository + - ImagePolicy + - ImageUpdateAutomation + - OCIRepository + type: string + matchLabels: + additionalProperties: + type: string + description: MatchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator + is "In", and the values array contains only "value". The requirements + are ANDed. + type: object + name: + description: Name of the referent + maxLength: 53 + minLength: 1 + type: string + namespace: + description: Namespace of the referent + maxLength: 53 + minLength: 1 + type: string + required: + - name + type: object + type: array + exclusionList: + description: A list of Golang regular expressions to be used for excluding + messages. + items: + type: string + type: array + providerRef: + description: Send events using this provider. + properties: + name: + description: Name of the referent. + type: string + required: + - name + type: object + summary: + description: Short description of the impact and affected cluster. + type: string + suspend: + description: This flag tells the controller to suspend subsequent + events dispatching. Defaults to false. + type: boolean + required: + - eventSources + - providerRef + type: object + status: + default: + observedGeneration: -1 + description: AlertStatus defines the observed state of Alert + properties: + conditions: + items: + description: "Condition contains details for one aspect of the current + state of this API Resource. --- This struct is intended for direct + use as an array at the field path .status.conditions. For example, + \n type FooStatus struct{ // Represents the observations of a + foo's current state. // Known .status.conditions.type are: \"Available\", + \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge + // +listType=map // +listMapKey=type Conditions []metav1.Condition + `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" + protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition + transitioned from one status to another. This should be when + the underlying condition changed. If that is not known, then + using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: message is a human readable message indicating + details about the transition. This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: observedGeneration represents the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.conditions[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: reason contains a programmatic identifier indicating + the reason for the condition's last transition. Producers + of specific condition types may define expected values and + meanings for this field, and whether the values are considered + a guaranteed API. The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + --- Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + observedGeneration: + description: ObservedGeneration is the last observed generation. + format: int64 + type: integer + type: object + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - jsonPath: .status.conditions[?(@.type=="Ready")].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=="Ready")].message + name: Status + type: string + name: v1beta2 + schema: + openAPIV3Schema: + description: Alert is the Schema for the alerts API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: AlertSpec defines an alerting rule for events involving a + list of objects. + properties: + eventMetadata: + additionalProperties: + type: string + description: EventMetadata is an optional field for adding metadata + to events dispatched by the controller. This can be used for enhancing + the context of the event. If a field would override one already + present on the original event as generated by the emitter, then + the override doesn't happen, i.e. the original value is preserved, + and an info log is printed. + type: object + eventSeverity: + default: info + description: EventSeverity specifies how to filter events based on + severity. If set to 'info' no events will be filtered. + enum: + - info + - error + type: string + eventSources: + description: EventSources specifies how to filter events based on + the involved object kind, name and namespace. + items: + description: CrossNamespaceObjectReference contains enough information + to let you locate the typed referenced object at cluster level + properties: + apiVersion: + description: API version of the referent + type: string + kind: + description: Kind of the referent + enum: + - Bucket + - GitRepository + - Kustomization + - HelmRelease + - HelmChart + - HelmRepository + - ImageRepository + - ImagePolicy + - ImageUpdateAutomation + - OCIRepository + type: string + matchLabels: + additionalProperties: + type: string + description: MatchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator + is "In", and the values array contains only "value". The requirements + are ANDed. MatchLabels requires the name to be set to `*`. + type: object + name: + description: Name of the referent If multiple resources are + targeted `*` may be set. + maxLength: 53 + minLength: 1 + type: string + namespace: + description: Namespace of the referent + maxLength: 53 + minLength: 1 + type: string + required: + - kind + - name + type: object + type: array + exclusionList: + description: ExclusionList specifies a list of Golang regular expressions + to be used for excluding messages. + items: + type: string + type: array + inclusionList: + description: InclusionList specifies a list of Golang regular expressions + to be used for including messages. + items: + type: string + type: array + providerRef: + description: ProviderRef specifies which Provider this Alert should + use. + properties: + name: + description: Name of the referent. + type: string + required: + - name + type: object + summary: + description: Summary holds a short description of the impact and affected + cluster. + maxLength: 255 + type: string + suspend: + description: Suspend tells the controller to suspend subsequent events + handling for this Alert. + type: boolean + required: + - eventSources + - providerRef + type: object + status: + default: + observedGeneration: -1 + description: AlertStatus defines the observed state of the Alert. + properties: + conditions: + description: Conditions holds the conditions for the Alert. + items: + description: "Condition contains details for one aspect of the current + state of this API Resource. --- This struct is intended for direct + use as an array at the field path .status.conditions. For example, + \n type FooStatus struct{ // Represents the observations of a + foo's current state. // Known .status.conditions.type are: \"Available\", + \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge + // +listType=map // +listMapKey=type Conditions []metav1.Condition + `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" + protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition + transitioned from one status to another. This should be when + the underlying condition changed. If that is not known, then + using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: message is a human readable message indicating + details about the transition. This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: observedGeneration represents the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.conditions[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: reason contains a programmatic identifier indicating + the reason for the condition's last transition. Producers + of specific condition types may define expected values and + meanings for this field, and whether the values are considered + a guaranteed API. The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + --- Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + lastHandledReconcileAt: + description: LastHandledReconcileAt holds the value of the most recent + reconcile request value, so a change of the annotation value can + be detected. + type: string + observedGeneration: + description: ObservedGeneration is the last observed generation. + format: int64 + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.12.0 + labels: + app.kubernetes.io/component: notification-controller + app.kubernetes.io/instance: flux-system + app.kubernetes.io/part-of: flux + app.kubernetes.io/version: v2.1.2 + name: providers.notification.toolkit.fluxcd.io +spec: + group: notification.toolkit.fluxcd.io + names: + kind: Provider + listKind: ProviderList + plural: providers + singular: provider + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - jsonPath: .status.conditions[?(@.type=="Ready")].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=="Ready")].message + name: Status + type: string + name: v1beta1 + schema: + openAPIV3Schema: + description: Provider is the Schema for the providers API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ProviderSpec defines the desired state of Provider + properties: + address: + description: HTTP/S webhook address of this provider + pattern: ^(http|https):// + type: string + certSecretRef: + description: CertSecretRef can be given the name of a secret containing + a PEM-encoded CA certificate (`caFile`) + properties: + name: + description: Name of the referent. + type: string + required: + - name + type: object + channel: + description: Alert channel for this provider + type: string + proxy: + description: HTTP/S address of the proxy + pattern: ^(http|https):// + type: string + secretRef: + description: Secret reference containing the provider webhook URL + using "address" as data key + properties: + name: + description: Name of the referent. + type: string + required: + - name + type: object + suspend: + description: This flag tells the controller to suspend subsequent + events handling. Defaults to false. + type: boolean + timeout: + description: Timeout for sending alerts to the provider. + pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m))+$ + type: string + type: + description: Type of provider + enum: + - slack + - discord + - msteams + - rocket + - generic + - generic-hmac + - github + - gitlab + - bitbucket + - azuredevops + - googlechat + - webex + - sentry + - azureeventhub + - telegram + - lark + - matrix + - opsgenie + - alertmanager + - grafana + - githubdispatch + type: string + username: + description: Bot username for this provider + type: string + required: + - type + type: object + status: + default: + observedGeneration: -1 + description: ProviderStatus defines the observed state of Provider + properties: + conditions: + items: + description: "Condition contains details for one aspect of the current + state of this API Resource. --- This struct is intended for direct + use as an array at the field path .status.conditions. For example, + \n type FooStatus struct{ // Represents the observations of a + foo's current state. // Known .status.conditions.type are: \"Available\", + \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge + // +listType=map // +listMapKey=type Conditions []metav1.Condition + `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" + protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition + transitioned from one status to another. This should be when + the underlying condition changed. If that is not known, then + using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: message is a human readable message indicating + details about the transition. This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: observedGeneration represents the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.conditions[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: reason contains a programmatic identifier indicating + the reason for the condition's last transition. Producers + of specific condition types may define expected values and + meanings for this field, and whether the values are considered + a guaranteed API. The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + --- Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + observedGeneration: + description: ObservedGeneration is the last reconciled generation. + format: int64 + type: integer + type: object + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - jsonPath: .status.conditions[?(@.type=="Ready")].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=="Ready")].message + name: Status + type: string + name: v1beta2 + schema: + openAPIV3Schema: + description: Provider is the Schema for the providers API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ProviderSpec defines the desired state of the Provider. + properties: + address: + description: Address specifies the endpoint, in a generic sense, to + where alerts are sent. What kind of endpoint depends on the specific + Provider type being used. For the generic Provider, for example, + this is an HTTP/S address. For other Provider types this could be + a project ID or a namespace. + maxLength: 2048 + type: string + certSecretRef: + description: "CertSecretRef specifies the Secret containing a PEM-encoded + CA certificate (in the `ca.crt` key). \n Note: Support for the `caFile` + key has been deprecated." + properties: + name: + description: Name of the referent. + type: string + required: + - name + type: object + channel: + description: Channel specifies the destination channel where events + should be posted. + maxLength: 2048 + type: string + interval: + description: Interval at which to reconcile the Provider with its + Secret references. + pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ + type: string + proxy: + description: Proxy the HTTP/S address of the proxy server. + maxLength: 2048 + pattern: ^(http|https)://.*$ + type: string + secretRef: + description: SecretRef specifies the Secret containing the authentication + credentials for this Provider. + properties: + name: + description: Name of the referent. + type: string + required: + - name + type: object + suspend: + description: Suspend tells the controller to suspend subsequent events + handling for this Provider. + type: boolean + timeout: + description: Timeout for sending alerts to the Provider. + pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m))+$ + type: string + type: + description: Type specifies which Provider implementation to use. + enum: + - slack + - discord + - msteams + - rocket + - generic + - generic-hmac + - github + - gitlab + - gitea + - bitbucket + - azuredevops + - googlechat + - googlepubsub + - webex + - sentry + - azureeventhub + - telegram + - lark + - matrix + - opsgenie + - alertmanager + - grafana + - githubdispatch + - pagerduty + - datadog + type: string + username: + description: Username specifies the name under which events are posted. + maxLength: 2048 + type: string + required: + - type + type: object + status: + default: + observedGeneration: -1 + description: ProviderStatus defines the observed state of the Provider. + properties: + conditions: + description: Conditions holds the conditions for the Provider. + items: + description: "Condition contains details for one aspect of the current + state of this API Resource. --- This struct is intended for direct + use as an array at the field path .status.conditions. For example, + \n type FooStatus struct{ // Represents the observations of a + foo's current state. // Known .status.conditions.type are: \"Available\", + \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge + // +listType=map // +listMapKey=type Conditions []metav1.Condition + `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" + protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition + transitioned from one status to another. This should be when + the underlying condition changed. If that is not known, then + using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: message is a human readable message indicating + details about the transition. This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: observedGeneration represents the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.conditions[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: reason contains a programmatic identifier indicating + the reason for the condition's last transition. Producers + of specific condition types may define expected values and + meanings for this field, and whether the values are considered + a guaranteed API. The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + --- Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + lastHandledReconcileAt: + description: LastHandledReconcileAt holds the value of the most recent + reconcile request value, so a change of the annotation value can + be detected. + type: string + observedGeneration: + description: ObservedGeneration is the last reconciled generation. + format: int64 + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.12.0 + labels: + app.kubernetes.io/component: notification-controller + app.kubernetes.io/instance: flux-system + app.kubernetes.io/part-of: flux + app.kubernetes.io/version: v2.1.2 + name: receivers.notification.toolkit.fluxcd.io +spec: + group: notification.toolkit.fluxcd.io + names: + kind: Receiver + listKind: ReceiverList + plural: receivers + singular: receiver + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - jsonPath: .status.conditions[?(@.type=="Ready")].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=="Ready")].message + name: Status + type: string + name: v1 + schema: + openAPIV3Schema: + description: Receiver is the Schema for the receivers API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ReceiverSpec defines the desired state of the Receiver. + properties: + events: + description: Events specifies the list of event types to handle, e.g. + 'push' for GitHub or 'Push Hook' for GitLab. + items: + type: string + type: array + interval: + default: 10m + description: Interval at which to reconcile the Receiver with its + Secret references. + pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ + type: string + resources: + description: A list of resources to be notified about changes. + items: + description: CrossNamespaceObjectReference contains enough information + to let you locate the typed referenced object at cluster level + properties: + apiVersion: + description: API version of the referent + type: string + kind: + description: Kind of the referent + enum: + - Bucket + - GitRepository + - Kustomization + - HelmRelease + - HelmChart + - HelmRepository + - ImageRepository + - ImagePolicy + - ImageUpdateAutomation + - OCIRepository + type: string + matchLabels: + additionalProperties: + type: string + description: MatchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator + is "In", and the values array contains only "value". The requirements + are ANDed. MatchLabels requires the name to be set to `*`. + type: object + name: + description: Name of the referent If multiple resources are + targeted `*` may be set. + maxLength: 53 + minLength: 1 + type: string + namespace: + description: Namespace of the referent + maxLength: 53 + minLength: 1 + type: string + required: + - kind + - name + type: object + type: array + secretRef: + description: SecretRef specifies the Secret containing the token used + to validate the payload authenticity. + properties: + name: + description: Name of the referent. + type: string + required: + - name + type: object + suspend: + description: Suspend tells the controller to suspend subsequent events + handling for this receiver. + type: boolean + type: + description: Type of webhook sender, used to determine the validation + procedure and payload deserialization. + enum: + - generic + - generic-hmac + - github + - gitlab + - bitbucket + - harbor + - dockerhub + - quay + - gcr + - nexus + - acr + type: string + required: + - resources + - secretRef + - type + type: object + status: + default: + observedGeneration: -1 + description: ReceiverStatus defines the observed state of the Receiver. + properties: + conditions: + description: Conditions holds the conditions for the Receiver. + items: + description: "Condition contains details for one aspect of the current + state of this API Resource. --- This struct is intended for direct + use as an array at the field path .status.conditions. For example, + \n type FooStatus struct{ // Represents the observations of a + foo's current state. // Known .status.conditions.type are: \"Available\", + \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge + // +listType=map // +listMapKey=type Conditions []metav1.Condition + `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" + protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition + transitioned from one status to another. This should be when + the underlying condition changed. If that is not known, then + using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: message is a human readable message indicating + details about the transition. This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: observedGeneration represents the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.conditions[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: reason contains a programmatic identifier indicating + the reason for the condition's last transition. Producers + of specific condition types may define expected values and + meanings for this field, and whether the values are considered + a guaranteed API. The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + --- Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + lastHandledReconcileAt: + description: LastHandledReconcileAt holds the value of the most recent + reconcile request value, so a change of the annotation value can + be detected. + type: string + observedGeneration: + description: ObservedGeneration is the last observed generation of + the Receiver object. + format: int64 + type: integer + webhookPath: + description: WebhookPath is the generated incoming webhook address + in the format of '/hook/sha256sum(token+name+namespace)'. + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - jsonPath: .status.conditions[?(@.type=="Ready")].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=="Ready")].message + name: Status + type: string + deprecated: true + deprecationWarning: v1beta1 Receiver is deprecated, upgrade to v1 + name: v1beta1 + schema: + openAPIV3Schema: + description: Receiver is the Schema for the receivers API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ReceiverSpec defines the desired state of Receiver + properties: + events: + description: A list of events to handle, e.g. 'push' for GitHub or + 'Push Hook' for GitLab. + items: + type: string + type: array + resources: + description: A list of resources to be notified about changes. + items: + description: CrossNamespaceObjectReference contains enough information + to let you locate the typed referenced object at cluster level + properties: + apiVersion: + description: API version of the referent + type: string + kind: + description: Kind of the referent + enum: + - Bucket + - GitRepository + - Kustomization + - HelmRelease + - HelmChart + - HelmRepository + - ImageRepository + - ImagePolicy + - ImageUpdateAutomation + - OCIRepository + type: string + matchLabels: + additionalProperties: + type: string + description: MatchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator + is "In", and the values array contains only "value". The requirements + are ANDed. + type: object + name: + description: Name of the referent + maxLength: 53 + minLength: 1 + type: string + namespace: + description: Namespace of the referent + maxLength: 53 + minLength: 1 + type: string + required: + - name + type: object + type: array + secretRef: + description: Secret reference containing the token used to validate + the payload authenticity + properties: + name: + description: Name of the referent. + type: string + required: + - name + type: object + suspend: + description: This flag tells the controller to suspend subsequent + events handling. Defaults to false. + type: boolean + type: + description: Type of webhook sender, used to determine the validation + procedure and payload deserialization. + enum: + - generic + - generic-hmac + - github + - gitlab + - bitbucket + - harbor + - dockerhub + - quay + - gcr + - nexus + - acr + type: string + required: + - resources + - type + type: object + status: + default: + observedGeneration: -1 + description: ReceiverStatus defines the observed state of Receiver + properties: + conditions: + items: + description: "Condition contains details for one aspect of the current + state of this API Resource. --- This struct is intended for direct + use as an array at the field path .status.conditions. For example, + \n type FooStatus struct{ // Represents the observations of a + foo's current state. // Known .status.conditions.type are: \"Available\", + \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge + // +listType=map // +listMapKey=type Conditions []metav1.Condition + `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" + protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition + transitioned from one status to another. This should be when + the underlying condition changed. If that is not known, then + using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: message is a human readable message indicating + details about the transition. This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: observedGeneration represents the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.conditions[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: reason contains a programmatic identifier indicating + the reason for the condition's last transition. Producers + of specific condition types may define expected values and + meanings for this field, and whether the values are considered + a guaranteed API. The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + --- Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + observedGeneration: + description: ObservedGeneration is the last observed generation. + format: int64 + type: integer + url: + description: Generated webhook URL in the format of '/hook/sha256sum(token+name+namespace)'. + type: string + type: object + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - jsonPath: .status.conditions[?(@.type=="Ready")].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=="Ready")].message + name: Status + type: string + deprecated: true + deprecationWarning: v1beta2 Receiver is deprecated, upgrade to v1 + name: v1beta2 + schema: + openAPIV3Schema: + description: Receiver is the Schema for the receivers API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ReceiverSpec defines the desired state of the Receiver. + properties: + events: + description: Events specifies the list of event types to handle, e.g. + 'push' for GitHub or 'Push Hook' for GitLab. + items: + type: string + type: array + interval: + description: Interval at which to reconcile the Receiver with its + Secret references. + pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ + type: string + resources: + description: A list of resources to be notified about changes. + items: + description: CrossNamespaceObjectReference contains enough information + to let you locate the typed referenced object at cluster level + properties: + apiVersion: + description: API version of the referent + type: string + kind: + description: Kind of the referent + enum: + - Bucket + - GitRepository + - Kustomization + - HelmRelease + - HelmChart + - HelmRepository + - ImageRepository + - ImagePolicy + - ImageUpdateAutomation + - OCIRepository + type: string + matchLabels: + additionalProperties: + type: string + description: MatchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator + is "In", and the values array contains only "value". The requirements + are ANDed. MatchLabels requires the name to be set to `*`. + type: object + name: + description: Name of the referent If multiple resources are + targeted `*` may be set. + maxLength: 53 + minLength: 1 + type: string + namespace: + description: Namespace of the referent + maxLength: 53 + minLength: 1 + type: string + required: + - kind + - name + type: object + type: array + secretRef: + description: SecretRef specifies the Secret containing the token used + to validate the payload authenticity. + properties: + name: + description: Name of the referent. + type: string + required: + - name + type: object + suspend: + description: Suspend tells the controller to suspend subsequent events + handling for this receiver. + type: boolean + type: + description: Type of webhook sender, used to determine the validation + procedure and payload deserialization. + enum: + - generic + - generic-hmac + - github + - gitlab + - bitbucket + - harbor + - dockerhub + - quay + - gcr + - nexus + - acr + type: string + required: + - resources + - type + type: object + status: + default: + observedGeneration: -1 + description: ReceiverStatus defines the observed state of the Receiver. + properties: + conditions: + description: Conditions holds the conditions for the Receiver. + items: + description: "Condition contains details for one aspect of the current + state of this API Resource. --- This struct is intended for direct + use as an array at the field path .status.conditions. For example, + \n type FooStatus struct{ // Represents the observations of a + foo's current state. // Known .status.conditions.type are: \"Available\", + \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge + // +listType=map // +listMapKey=type Conditions []metav1.Condition + `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" + protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition + transitioned from one status to another. This should be when + the underlying condition changed. If that is not known, then + using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: message is a human readable message indicating + details about the transition. This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: observedGeneration represents the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.conditions[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: reason contains a programmatic identifier indicating + the reason for the condition's last transition. Producers + of specific condition types may define expected values and + meanings for this field, and whether the values are considered + a guaranteed API. The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + --- Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + lastHandledReconcileAt: + description: LastHandledReconcileAt holds the value of the most recent + reconcile request value, so a change of the annotation value can + be detected. + type: string + observedGeneration: + description: ObservedGeneration is the last observed generation of + the Receiver object. + format: int64 + type: integer + url: + description: 'URL is the generated incoming webhook address in the + format of ''/hook/sha256sum(token+name+namespace)''. Deprecated: + Replaced by WebhookPath.' + type: string + webhookPath: + description: WebhookPath is the generated incoming webhook address + in the format of '/hook/sha256sum(token+name+namespace)'. + type: string + type: object + type: object + served: true + storage: false + subresources: + status: {} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/component: notification-controller + app.kubernetes.io/instance: flux-system + app.kubernetes.io/part-of: flux + app.kubernetes.io/version: v2.1.2 + name: notification-controller + namespace: flux-system +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/component: notification-controller + app.kubernetes.io/instance: flux-system + app.kubernetes.io/part-of: flux + app.kubernetes.io/version: v2.1.2 + control-plane: controller + name: notification-controller + namespace: flux-system +spec: + ports: + - name: http + port: 80 + protocol: TCP + targetPort: http + selector: + app: notification-controller + type: ClusterIP +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/component: notification-controller + app.kubernetes.io/instance: flux-system + app.kubernetes.io/part-of: flux + app.kubernetes.io/version: v2.1.2 + control-plane: controller + name: webhook-receiver + namespace: flux-system +spec: + ports: + - name: http + port: 80 + protocol: TCP + targetPort: http-webhook + selector: + app: notification-controller + type: ClusterIP +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/component: notification-controller + app.kubernetes.io/instance: flux-system + app.kubernetes.io/part-of: flux + app.kubernetes.io/version: v2.1.2 + control-plane: controller + name: notification-controller + namespace: flux-system +spec: + replicas: 1 + selector: + matchLabels: + app: notification-controller + template: + metadata: + annotations: + prometheus.io/port: "8080" + prometheus.io/scrape: "true" + labels: + app: notification-controller + spec: + containers: + - args: + - --watch-all-namespaces=true + - --log-level=info + - --log-encoding=json + - --enable-leader-election + env: + - name: RUNTIME_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + image: ghcr.io/fluxcd/notification-controller:v1.1.0 + imagePullPolicy: IfNotPresent + livenessProbe: + httpGet: + path: /healthz + port: healthz + name: manager + ports: + - containerPort: 9090 + name: http + protocol: TCP + - containerPort: 9292 + name: http-webhook + protocol: TCP + - containerPort: 8080 + name: http-prom + protocol: TCP + - containerPort: 9440 + name: healthz + protocol: TCP + readinessProbe: + httpGet: + path: /readyz + port: healthz + resources: + limits: + cpu: 1000m + memory: 1Gi + requests: + cpu: 100m + memory: 64Mi + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault + volumeMounts: + - mountPath: /tmp + name: temp + nodeSelector: + kubernetes.io/os: linux + securityContext: + fsGroup: 1337 + serviceAccountName: notification-controller + terminationGracePeriodSeconds: 10 + volumes: + - emptyDir: {} + name: temp diff --git a/flux/olympus/base/flux-system/gotk-sync.yaml b/flux/olympus/base/flux-system/gotk-sync.yaml new file mode 100644 index 00000000..094efe16 --- /dev/null +++ b/flux/olympus/base/flux-system/gotk-sync.yaml @@ -0,0 +1,27 @@ +# This manifest was generated by flux. DO NOT EDIT. +--- +apiVersion: source.toolkit.fluxcd.io/v1 +kind: GitRepository +metadata: + name: flux-system + namespace: flux-system +spec: + interval: 1m0s + ref: + branch: main + secretRef: + name: flux-system + url: ssh://gitea@git.0x76.dev:42/v/infrastructure.git +--- +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: flux-system + namespace: flux-system +spec: + interval: 10m0s + path: ./flux/olympus/base + prune: true + sourceRef: + kind: GitRepository + name: flux-system diff --git a/flux/olympus/base/flux-system/kustomization.yaml b/flux/olympus/base/flux-system/kustomization.yaml new file mode 100644 index 00000000..42cac648 --- /dev/null +++ b/flux/olympus/base/flux-system/kustomization.yaml @@ -0,0 +1,6 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - gotk-components.yaml + - gotk-sync.yaml + - repositories diff --git a/flux/olympus/base/flux-system/repositories/helm/external-secrets.yaml b/flux/olympus/base/flux-system/repositories/helm/external-secrets.yaml new file mode 100644 index 00000000..a68409ba --- /dev/null +++ b/flux/olympus/base/flux-system/repositories/helm/external-secrets.yaml @@ -0,0 +1,8 @@ +apiVersion: source.toolkit.fluxcd.io/v1beta2 +kind: HelmRepository +metadata: + name: external-secrets + namespace: flux-system +spec: + interval: 1h + url: https://charts.external-secrets.io diff --git a/flux/olympus/base/flux-system/repositories/helm/kustomization.yaml b/flux/olympus/base/flux-system/repositories/helm/kustomization.yaml new file mode 100644 index 00000000..9e58514b --- /dev/null +++ b/flux/olympus/base/flux-system/repositories/helm/kustomization.yaml @@ -0,0 +1,5 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - external-secrets.yaml + diff --git a/flux/olympus/base/flux-system/repositories/kustomization.yaml b/flux/olympus/base/flux-system/repositories/kustomization.yaml new file mode 100644 index 00000000..dadf6d60 --- /dev/null +++ b/flux/olympus/base/flux-system/repositories/kustomization.yaml @@ -0,0 +1,5 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - helm + diff --git a/flux/olympus/core/external-secrets/.gitignore b/flux/olympus/core/external-secrets/.gitignore new file mode 100644 index 00000000..5eec00f7 --- /dev/null +++ b/flux/olympus/core/external-secrets/.gitignore @@ -0,0 +1 @@ +vault-secret-id.yaml \ No newline at end of file diff --git a/flux/olympus/core/external-secrets/helm-release.yaml b/flux/olympus/core/external-secrets/helm-release.yaml new file mode 100644 index 00000000..7ca3ee27 --- /dev/null +++ b/flux/olympus/core/external-secrets/helm-release.yaml @@ -0,0 +1,29 @@ +--- +apiVersion: helm.toolkit.fluxcd.io/v2beta1 +kind: HelmRelease +metadata: + name: external-secrets + namespace: security +spec: + interval: 30m + chart: + spec: + chart: external-secrets + version: 0.9.9 + interval: 30m + sourceRef: + kind: HelmRepository + name: external-secrets + namespace: flux-system + values: + installCRDs: true + replicaCount: 1 + leaderElect: true + # serviceMonitor: + # enabled: true + # webhook: + # serviceMonitor: + # enabled: true + # certController: + # serviceMonitor: + # enabled: true diff --git a/flux/olympus/core/external-secrets/kustomization.yaml b/flux/olympus/core/external-secrets/kustomization.yaml new file mode 100644 index 00000000..04c4cf13 --- /dev/null +++ b/flux/olympus/core/external-secrets/kustomization.yaml @@ -0,0 +1,5 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - helm-release.yaml + - vault-secret-store.yaml diff --git a/flux/olympus/core/external-secrets/vault-secret-id.example.yaml b/flux/olympus/core/external-secrets/vault-secret-id.example.yaml new file mode 100644 index 00000000..e9c57519 --- /dev/null +++ b/flux/olympus/core/external-secrets/vault-secret-id.example.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: Secret +metadata: + name: vault-secret-id + namespace: security +data: + secret-id: XXXXXX # Obtain by `vault write -f auth/approle/role/external-secrets/secret-id` diff --git a/flux/olympus/core/external-secrets/vault-secret-store.yaml b/flux/olympus/core/external-secrets/vault-secret-store.yaml new file mode 100644 index 00000000..f09f88f0 --- /dev/null +++ b/flux/olympus/core/external-secrets/vault-secret-store.yaml @@ -0,0 +1,27 @@ +apiVersion: external-secrets.io/v1beta1 +kind: ClusterSecretStore +metadata: + name: vault + namespace: security +spec: + provider: + vault: + server: "http://vault.olympus:8200" + path: "k8s" + version: "v2" + auth: + # VaultAppRole authenticates with Vault using the + # App Role auth mechanism + # https://www.vaultproject.io/docs/auth/approle + appRole: + # Path where the App Role authentication backend is mounted + path: "approle" + # RoleID configured in the App Role authentication backend + # `vault read auth/approle/role/external-secrets/role-id` + roleId: "bb841a0e-45c1-9dab-36f0-f72647d6aff0" + # Reference to a key in a K8 Secret that contains the App Role SecretId + # (not commited in git) + secretRef: + name: "vault-secret-id" + namespace: "security" + key: "secret-id" diff --git a/flux/olympus/core/kustomization.yaml b/flux/olympus/core/kustomization.yaml new file mode 100644 index 00000000..1611c859 --- /dev/null +++ b/flux/olympus/core/kustomization.yaml @@ -0,0 +1,5 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - namespaces + - external-secrets diff --git a/flux/olympus/core/namespaces/kustomization.yaml b/flux/olympus/core/namespaces/kustomization.yaml new file mode 100644 index 00000000..be604cf1 --- /dev/null +++ b/flux/olympus/core/namespaces/kustomization.yaml @@ -0,0 +1,6 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - websites.yaml + - security.yaml + - services.yaml diff --git a/flux/olympus/core/namespaces/security.yaml b/flux/olympus/core/namespaces/security.yaml new file mode 100644 index 00000000..65f1a838 --- /dev/null +++ b/flux/olympus/core/namespaces/security.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: security diff --git a/flux/olympus/core/namespaces/services.yaml b/flux/olympus/core/namespaces/services.yaml new file mode 100644 index 00000000..da390d0d --- /dev/null +++ b/flux/olympus/core/namespaces/services.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: services diff --git a/flux/olympus/core/namespaces/websites.yaml b/flux/olympus/core/namespaces/websites.yaml new file mode 100644 index 00000000..9b4e8bc3 --- /dev/null +++ b/flux/olympus/core/namespaces/websites.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: websites diff --git a/hosts/olympus/bastion/containers/default.nix b/hosts/olympus/bastion/containers/default.nix deleted file mode 100644 index edd293ae..00000000 --- a/hosts/olympus/bastion/containers/default.nix +++ /dev/null @@ -1,82 +0,0 @@ -{ - config, - lib, - inputs, - ... -}: -let - hostAddress = "10.42.99.1"; - hostAddress6 = "fc00::1"; -in -{ - networking.nat = { - enable = true; - internalInterfaces = [ "ve-+" ]; - externalInterface = "ens18"; - # Lazy IPv6 connectivity for the container - enableIPv6 = true; - }; - - networking.firewall.allowedTCPPorts = [ - 8384 - 22000 - ]; - networking.firewall.allowedUDPPorts = [ - 22000 - 21027 - ]; - - # Containers network is - # * 10.42.99.0/24 - # * fc00:x - - users.groups.backup = { - gid = 10000; - members = [ "vivian" ]; - }; - - containers = { - syncthing = { - autoStart = true; - inherit hostAddress hostAddress6; - localAddress = "10.42.99.2"; - localAddress6 = "fc00::2"; - - forwardPorts = [ - { - containerPort = 8384; - hostPort = 8384; - protocol = "tcp"; - } - ]; - - bindMounts = { - "/data" = { - hostPath = "/mnt/backup"; - isReadOnly = false; - }; - }; - - specialArgs = { - inherit inputs; - }; - - config = - { pkgs, ... }: - { - users.groups.backup = { - gid = 10000; - members = [ "syncthing" ]; - }; - - imports = [ - ./common.nix - ./syncthing.nix - inputs.home-manager.nixosModules.home-manager - inputs.gnome-autounlock-keyring.nixosModules.default - inputs.catppuccin.nixosModules.catppuccin - ]; - }; - }; - }; -} diff --git a/hosts/olympus/bastion/containers/dns.nix b/hosts/olympus/bastion/containers/dns.nix deleted file mode 100644 index 530b642f..00000000 --- a/hosts/olympus/bastion/containers/dns.nix +++ /dev/null @@ -1,7 +0,0 @@ -{ ... }: { - services.v.dns = { - enable = true; - openFirewall = true; - mode = "server"; - }; -} diff --git a/hosts/olympus/bastion/containers/syncthing.nix b/hosts/olympus/bastion/containers/syncthing.nix deleted file mode 100644 index 0e10c83f..00000000 --- a/hosts/olympus/bastion/containers/syncthing.nix +++ /dev/null @@ -1,8 +0,0 @@ -{ ... }: -{ - services.syncthing = { - enable = true; - openDefaultPorts = true; - guiAddress = "0.0.0.0:8384"; - }; -} diff --git a/hosts/olympus/bastion/immich.nix b/hosts/olympus/bastion/immich.nix deleted file mode 100644 index 46e21e79..00000000 --- a/hosts/olympus/bastion/immich.nix +++ /dev/null @@ -1,78 +0,0 @@ -{ config, pkgs, ... }: -{ - boot.kernel.sysctl = { "vm.overcommit_memory" = 1; }; - - virtualisation.oci-containers.backend = "docker"; - virtualisation.docker.autoPrune.enable = true; - - - systemd.services.init-filerun-network-and-files = { - description = "Create the network bridge for Immich."; - after = [ "network.target" ]; - wantedBy = [ "multi-user.target" ]; - - serviceConfig.Type = "oneshot"; - script = - let - dockercli = "${config.virtualisation.docker.package}/bin/docker"; - in - '' - # immich-net network - check=$(${dockercli} network ls | grep "immich-net" || true) - if [ -z "$check" ]; then - ${dockercli} network create immich-net - else - echo "immich-net already exists in docker" - fi - ''; - }; - - virtualisation.oci-containers.containers = { - immich = { - autoStart = true; - image = "ghcr.io/imagegenius/immich:latest"; - volumes = [ - "/mnt/backup/immich/config:/config" - "/mnt/backup/immich/photos:/photos" - "/mnt/backup/replicated/photos:/replicated" - "/mnt/backup/immich/config/machine-learning:/config/machine-learning" - ]; - ports = [ "2283:8080" ]; - environment = { - PUID = "1000"; - PGID = "1000"; - TZ = "Europe/Amsterdam"; # Change this to your timezone - DB_HOSTNAME = "postgres14"; - DB_USERNAME = "postgres"; - DB_PASSWORD = "postgres"; - DB_DATABASE_NAME = "immich"; - REDIS_HOSTNAME = "redis"; - }; - extraOptions = [ - "--network=immich-net" - "--pull=always" - # "--gpus=all" - ]; - }; - - redis = { - autoStart = true; - image = "redis"; - ports = [ "6379:6379" ]; - extraOptions = [ "--network=immich-net" ]; - }; - - postgres14 = { - autoStart = true; - image = "tensorchord/pgvecto-rs:pg14-v0.2.0"; - ports = [ "5432:5432" ]; - volumes = [ "pgdata:/var/lib/postgresql/data" ]; - environment = { - POSTGRES_USER = "postgres"; - POSTGRES_PASSWORD = "postgres"; - POSTGRES_DB = "immich"; - }; - extraOptions = [ "--network=immich-net" ]; - }; - }; -} diff --git a/hosts/thalassa/aoife/69-probe-rs.rules b/hosts/thalassa/aoife/69-probe-rs.rules deleted file mode 100644 index 22aa1774..00000000 --- a/hosts/thalassa/aoife/69-probe-rs.rules +++ /dev/null @@ -1,146 +0,0 @@ -# Copy this file to /etc/udev/rules.d/ -# If rules fail to reload automatically, you can refresh udev rules -# with the command "udevadm control --reload" - -# This rules are based on the udev rules from the OpenOCD project, with unsupported probes removed. -# See http://openocd.org/ for more details. -# -# This file is available under the GNU General Public License v2.0 - -ACTION!="add|change", GOTO="probe_rs_rules_end" - -SUBSYSTEM=="gpio", MODE="0660", GROUP="plugdev", TAG+="uaccess" - -SUBSYSTEM!="usb|tty|hidraw", GOTO="probe_rs_rules_end" - -# Please keep this list sorted by VID:PID - -# STMicroelectronics ST-LINK V1 -ATTRS{idVendor}=="0483", ATTRS{idProduct}=="3744", MODE="660", GROUP="plugdev", TAG+="uaccess" - -# STMicroelectronics ST-LINK/V2 -ATTRS{idVendor}=="0483", ATTRS{idProduct}=="3748", MODE="660", GROUP="plugdev", TAG+="uaccess" - -# STMicroelectronics ST-LINK/V2.1 -ATTRS{idVendor}=="0483", ATTRS{idProduct}=="374b", MODE="660", GROUP="plugdev", TAG+="uaccess" -ATTRS{idVendor}=="0483", ATTRS{idProduct}=="3752", MODE="660", GROUP="plugdev", TAG+="uaccess" - -# STMicroelectronics STLINK-V3 -ATTRS{idVendor}=="0483", ATTRS{idProduct}=="374d", MODE="660", GROUP="plugdev", TAG+="uaccess" -ATTRS{idVendor}=="0483", ATTRS{idProduct}=="374e", MODE="660", GROUP="plugdev", TAG+="uaccess" -ATTRS{idVendor}=="0483", ATTRS{idProduct}=="374f", MODE="660", GROUP="plugdev", TAG+="uaccess" -ATTRS{idVendor}=="0483", ATTRS{idProduct}=="3753", MODE="660", GROUP="plugdev", TAG+="uaccess" -ATTRS{idVendor}=="0483", ATTRS{idProduct}=="3754", MODE="660", GROUP="plugdev", TAG+="uaccess" - -# SEGGER J-Link -ATTRS{idVendor}=="1366", ATTRS{idProduct}=="0101", MODE="660", GROUP="plugdev", TAG+="uaccess" -ATTRS{idVendor}=="1366", ATTRS{idProduct}=="0102", MODE="660", GROUP="plugdev", TAG+="uaccess" -ATTRS{idVendor}=="1366", ATTRS{idProduct}=="0103", MODE="660", GROUP="plugdev", TAG+="uaccess" -ATTRS{idVendor}=="1366", ATTRS{idProduct}=="0104", MODE="660", GROUP="plugdev", TAG+="uaccess" -ATTRS{idVendor}=="1366", ATTRS{idProduct}=="0105", MODE="660", GROUP="plugdev", TAG+="uaccess" -ATTRS{idVendor}=="1366", ATTRS{idProduct}=="0107", MODE="660", GROUP="plugdev", TAG+="uaccess" -ATTRS{idVendor}=="1366", ATTRS{idProduct}=="0108", MODE="660", GROUP="plugdev", TAG+="uaccess" -ATTRS{idVendor}=="1366", ATTRS{idProduct}=="1001", MODE="660", GROUP="plugdev", TAG+="uaccess" -ATTRS{idVendor}=="1366", ATTRS{idProduct}=="1002", MODE="660", GROUP="plugdev", TAG+="uaccess" -ATTRS{idVendor}=="1366", ATTRS{idProduct}=="1003", MODE="660", GROUP="plugdev", TAG+="uaccess" -ATTRS{idVendor}=="1366", ATTRS{idProduct}=="1004", MODE="660", GROUP="plugdev", TAG+="uaccess" -ATTRS{idVendor}=="1366", ATTRS{idProduct}=="1005", MODE="660", GROUP="plugdev", TAG+="uaccess" -ATTRS{idVendor}=="1366", ATTRS{idProduct}=="1006", MODE="660", GROUP="plugdev", TAG+="uaccess" -ATTRS{idVendor}=="1366", ATTRS{idProduct}=="1007", MODE="660", GROUP="plugdev", TAG+="uaccess" -ATTRS{idVendor}=="1366", ATTRS{idProduct}=="1008", MODE="660", GROUP="plugdev", TAG+="uaccess" -ATTRS{idVendor}=="1366", ATTRS{idProduct}=="1009", MODE="660", GROUP="plugdev", TAG+="uaccess" -ATTRS{idVendor}=="1366", ATTRS{idProduct}=="100a", MODE="660", GROUP="plugdev", TAG+="uaccess" -ATTRS{idVendor}=="1366", ATTRS{idProduct}=="100b", MODE="660", GROUP="plugdev", TAG+="uaccess" -ATTRS{idVendor}=="1366", ATTRS{idProduct}=="100c", MODE="660", GROUP="plugdev", TAG+="uaccess" -ATTRS{idVendor}=="1366", ATTRS{idProduct}=="100d", MODE="660", GROUP="plugdev", TAG+="uaccess" -ATTRS{idVendor}=="1366", ATTRS{idProduct}=="100e", MODE="660", GROUP="plugdev", TAG+="uaccess" -ATTRS{idVendor}=="1366", ATTRS{idProduct}=="100f", MODE="660", GROUP="plugdev", TAG+="uaccess" -ATTRS{idVendor}=="1366", ATTRS{idProduct}=="1010", MODE="660", GROUP="plugdev", TAG+="uaccess" -ATTRS{idVendor}=="1366", ATTRS{idProduct}=="1011", MODE="660", GROUP="plugdev", TAG+="uaccess" -ATTRS{idVendor}=="1366", ATTRS{idProduct}=="1012", MODE="660", GROUP="plugdev", TAG+="uaccess" -ATTRS{idVendor}=="1366", ATTRS{idProduct}=="1013", MODE="660", GROUP="plugdev", TAG+="uaccess" -ATTRS{idVendor}=="1366", ATTRS{idProduct}=="1014", MODE="660", GROUP="plugdev", TAG+="uaccess" -ATTRS{idVendor}=="1366", ATTRS{idProduct}=="1015", MODE="660", GROUP="plugdev", TAG+="uaccess" -ATTRS{idVendor}=="1366", ATTRS{idProduct}=="1016", MODE="660", GROUP="plugdev", TAG+="uaccess" -ATTRS{idVendor}=="1366", ATTRS{idProduct}=="1017", MODE="660", GROUP="plugdev", TAG+="uaccess" -ATTRS{idVendor}=="1366", ATTRS{idProduct}=="1018", MODE="660", GROUP="plugdev", TAG+="uaccess" -ATTRS{idVendor}=="1366", ATTRS{idProduct}=="1019", MODE="660", GROUP="plugdev", TAG+="uaccess" -ATTRS{idVendor}=="1366", ATTRS{idProduct}=="101a", MODE="660", GROUP="plugdev", TAG+="uaccess" -ATTRS{idVendor}=="1366", ATTRS{idProduct}=="101b", MODE="660", GROUP="plugdev", TAG+="uaccess" -ATTRS{idVendor}=="1366", ATTRS{idProduct}=="101c", MODE="660", GROUP="plugdev", TAG+="uaccess" -ATTRS{idVendor}=="1366", ATTRS{idProduct}=="101d", MODE="660", GROUP="plugdev", TAG+="uaccess" -ATTRS{idVendor}=="1366", ATTRS{idProduct}=="101e", MODE="660", GROUP="plugdev", TAG+="uaccess" -ATTRS{idVendor}=="1366", ATTRS{idProduct}=="101f", MODE="660", GROUP="plugdev", TAG+="uaccess" -ATTRS{idVendor}=="1366", ATTRS{idProduct}=="1020", MODE="660", GROUP="plugdev", TAG+="uaccess" -ATTRS{idVendor}=="1366", ATTRS{idProduct}=="1021", MODE="660", GROUP="plugdev", TAG+="uaccess" -ATTRS{idVendor}=="1366", ATTRS{idProduct}=="1022", MODE="660", GROUP="plugdev", TAG+="uaccess" -ATTRS{idVendor}=="1366", ATTRS{idProduct}=="1023", MODE="660", GROUP="plugdev", TAG+="uaccess" -ATTRS{idVendor}=="1366", ATTRS{idProduct}=="1024", MODE="660", GROUP="plugdev", TAG+="uaccess" -ATTRS{idVendor}=="1366", ATTRS{idProduct}=="1025", MODE="660", GROUP="plugdev", TAG+="uaccess" -ATTRS{idVendor}=="1366", ATTRS{idProduct}=="1026", MODE="660", GROUP="plugdev", TAG+="uaccess" -ATTRS{idVendor}=="1366", ATTRS{idProduct}=="1027", MODE="660", GROUP="plugdev", TAG+="uaccess" -ATTRS{idVendor}=="1366", ATTRS{idProduct}=="1028", MODE="660", GROUP="plugdev", TAG+="uaccess" -ATTRS{idVendor}=="1366", ATTRS{idProduct}=="1029", MODE="660", GROUP="plugdev", TAG+="uaccess" -ATTRS{idVendor}=="1366", ATTRS{idProduct}=="102a", MODE="660", GROUP="plugdev", TAG+="uaccess" -ATTRS{idVendor}=="1366", ATTRS{idProduct}=="102b", MODE="660", GROUP="plugdev", TAG+="uaccess" -ATTRS{idVendor}=="1366", ATTRS{idProduct}=="102c", MODE="660", GROUP="plugdev", TAG+="uaccess" -ATTRS{idVendor}=="1366", ATTRS{idProduct}=="102d", MODE="660", GROUP="plugdev", TAG+="uaccess" -ATTRS{idVendor}=="1366", ATTRS{idProduct}=="102e", MODE="660", GROUP="plugdev", TAG+="uaccess" -ATTRS{idVendor}=="1366", ATTRS{idProduct}=="102f", MODE="660", GROUP="plugdev", TAG+="uaccess" -ATTRS{idVendor}=="1366", ATTRS{idProduct}=="1050", MODE="660", GROUP="plugdev", TAG+="uaccess" -ATTRS{idVendor}=="1366", ATTRS{idProduct}=="1051", MODE="660", GROUP="plugdev", TAG+="uaccess" -ATTRS{idVendor}=="1366", ATTRS{idProduct}=="1052", MODE="660", GROUP="plugdev", TAG+="uaccess" -ATTRS{idVendor}=="1366", ATTRS{idProduct}=="1053", MODE="660", GROUP="plugdev", TAG+="uaccess" -ATTRS{idVendor}=="1366", ATTRS{idProduct}=="1054", MODE="660", GROUP="plugdev", TAG+="uaccess" -ATTRS{idVendor}=="1366", ATTRS{idProduct}=="1055", MODE="660", GROUP="plugdev", TAG+="uaccess" -ATTRS{idVendor}=="1366", ATTRS{idProduct}=="1056", MODE="660", GROUP="plugdev", TAG+="uaccess" -ATTRS{idVendor}=="1366", ATTRS{idProduct}=="1057", MODE="660", GROUP="plugdev", TAG+="uaccess" -ATTRS{idVendor}=="1366", ATTRS{idProduct}=="1058", MODE="660", GROUP="plugdev", TAG+="uaccess" -ATTRS{idVendor}=="1366", ATTRS{idProduct}=="1059", MODE="660", GROUP="plugdev", TAG+="uaccess" -ATTRS{idVendor}=="1366", ATTRS{idProduct}=="105a", MODE="660", GROUP="plugdev", TAG+="uaccess" -ATTRS{idVendor}=="1366", ATTRS{idProduct}=="105b", MODE="660", GROUP="plugdev", TAG+="uaccess" -ATTRS{idVendor}=="1366", ATTRS{idProduct}=="105c", MODE="660", GROUP="plugdev", TAG+="uaccess" -ATTRS{idVendor}=="1366", ATTRS{idProduct}=="105d", MODE="660", GROUP="plugdev", TAG+="uaccess" -ATTRS{idVendor}=="1366", ATTRS{idProduct}=="105e", MODE="660", GROUP="plugdev", TAG+="uaccess" -ATTRS{idVendor}=="1366", ATTRS{idProduct}=="105f", MODE="660", GROUP="plugdev", TAG+="uaccess" -ATTRS{idVendor}=="1366", ATTRS{idProduct}=="1060", MODE="660", GROUP="plugdev", TAG+="uaccess" -ATTRS{idVendor}=="1366", ATTRS{idProduct}=="1061", MODE="660", GROUP="plugdev", TAG+="uaccess" -ATTRS{idVendor}=="1366", ATTRS{idProduct}=="1062", MODE="660", GROUP="plugdev", TAG+="uaccess" -ATTRS{idVendor}=="1366", ATTRS{idProduct}=="1063", MODE="660", GROUP="plugdev", TAG+="uaccess" -ATTRS{idVendor}=="1366", ATTRS{idProduct}=="1064", MODE="660", GROUP="plugdev", TAG+="uaccess" -ATTRS{idVendor}=="1366", ATTRS{idProduct}=="1065", MODE="660", GROUP="plugdev", TAG+="uaccess" -ATTRS{idVendor}=="1366", ATTRS{idProduct}=="1066", MODE="660", GROUP="plugdev", TAG+="uaccess" -ATTRS{idVendor}=="1366", ATTRS{idProduct}=="1067", MODE="660", GROUP="plugdev", TAG+="uaccess" -ATTRS{idVendor}=="1366", ATTRS{idProduct}=="1068", MODE="660", GROUP="plugdev", TAG+="uaccess" -ATTRS{idVendor}=="1366", ATTRS{idProduct}=="1069", MODE="660", GROUP="plugdev", TAG+="uaccess" -ATTRS{idVendor}=="1366", ATTRS{idProduct}=="106a", MODE="660", GROUP="plugdev", TAG+="uaccess" -ATTRS{idVendor}=="1366", ATTRS{idProduct}=="106b", MODE="660", GROUP="plugdev", TAG+="uaccess" -ATTRS{idVendor}=="1366", ATTRS{idProduct}=="106c", MODE="660", GROUP="plugdev", TAG+="uaccess" -ATTRS{idVendor}=="1366", ATTRS{idProduct}=="106d", MODE="660", GROUP="plugdev", TAG+="uaccess" -ATTRS{idVendor}=="1366", ATTRS{idProduct}=="106e", MODE="660", GROUP="plugdev", TAG+="uaccess" -ATTRS{idVendor}=="1366", ATTRS{idProduct}=="106f", MODE="660", GROUP="plugdev", TAG+="uaccess" - -# FT232H -ATTRS{idVendor}=="0403", ATTRS{idProduct}=="6014", MODE="660", GROUP="plugdev", TAG+="uaccess" -# FT2232x -ATTRS{idVendor}=="0403", ATTRS{idProduct}=="6010", MODE="660", GROUP="plugdev", TAG+="uaccess" -# FT4232H -ATTRS{idVendor}=="0403", ATTRS{idProduct}=="6011", MODE="660", GROUP="plugdev", TAG+="uaccess" - -# FTDI-based Olimex devices -ATTRS{idVendor}=="0x15ba", ATTRS{idProduct}=="0x0003", MODE="660", GROUP="plugdev", TAG+="uaccess" -ATTRS{idVendor}=="0x15ba", ATTRS{idProduct}=="0x0004", MODE="660", GROUP="plugdev", TAG+="uaccess" -ATTRS{idVendor}=="0x15ba", ATTRS{idProduct}=="0x002a", MODE="660", GROUP="plugdev", TAG+="uaccess" -ATTRS{idVendor}=="0x15ba", ATTRS{idProduct}=="0x002b", MODE="660", GROUP="plugdev", TAG+="uaccess" - -# Espressif USB JTAG/serial debug unit -ATTRS{idVendor}=="303a", ATTRS{idProduct}=="1001", MODE="660", GROUP="plugdev", TAG+="uaccess" -# Espressif USB Bridge -ATTRS{idVendor}=="303a", ATTRS{idProduct}=="1002", MODE="660", GROUP="plugdev", TAG+="uaccess" - -# CMSIS-DAP compatible adapters -ATTRS{product}=="*CMSIS-DAP*", MODE="660", GROUP="plugdev", TAG+="uaccess" -# WCH Link (CMSIS-DAP compatible adapter) -ATTRS{idVendor}=="1a86", ATTRS{idProduct}=="8011", MODE="660", GROUP="plugdev", TAG+="uaccess" - -LABEL="probe_rs_rules_end" diff --git a/hosts/thalassa/aoife/hardware.nix b/hosts/thalassa/aoife/hardware.nix deleted file mode 100644 index 52ac5c15..00000000 --- a/hosts/thalassa/aoife/hardware.nix +++ /dev/null @@ -1,83 +0,0 @@ -{ pkgs, ... }: -{ - environment.systemPackages = with pkgs; [ - pciutils - usbutils - lshw - ]; - - boot = { - kernelParams = [ - "amdgpu.dcdebugmask=0x10" # Disables partial screen refresh, fixes flicker - "kvm.enable_virt_at_load=0" - ]; - }; - - hardware = { - enableAllFirmware = true; - bluetooth.enable = true; - - # OpenGL + Vulkan - graphics = { - enable = true; - extraPackages = with pkgs; [ - mesa - ]; - }; - - amdgpu = { - initrd.enable = true; - opencl.enable = true; - # Temp disabled as it breaks GTK - # amdvlk.enable = true; - }; - }; - services = { - fwupd.enable = true; - - hardware.bolt.enable = true; - - fprintd = { - enable = true; - # fprintd test suite fails - package = pkgs.fprintd.overrideAttrs { - mesonCheckFlags = [ - "--no-suite" - "fprintd:TestPamFprintd" - ]; - }; - }; - - # Video Driver - xserver = { - # videoDrivers = [ "displaylink" ]; - dpi = 280; - }; - - # SSD Trim - fstrim.enable = true; - - # Power Management - upower.enable = true; - thermald.enable = true; - }; - - # hardware.trackpoint.enable = true; - - # FS - fileSystems."/".options = [ "compress=zstd" ]; - - powerManagement = { - enable = true; - powertop.enable = true; - }; - - security = { - tpm2 = { - enable = true; - pkcs11.enable = true; # expose /run/current-system/sw/lib/libtpm2_pkcs11.so - tctiEnvironment.enable = true; - }; - }; # TPM2TOOLS_TCTI and TPM2_PKCS11_TCTI env variables - users.users.vivian.extraGroups = [ "tss" ]; # tss group has access to TPM devices -} diff --git a/hosts/thalassa/aoife/home/default.nix b/hosts/thalassa/aoife/home/default.nix deleted file mode 100644 index f9a02f4b..00000000 --- a/hosts/thalassa/aoife/home/default.nix +++ /dev/null @@ -1,46 +0,0 @@ -{ pkgs, ... }: { - imports = [ - ./starship.nix - ./hyprland.nix - ]; - - - # Custom dconf settings - dconf.settings."org/gnome/desktop/input-sources" = { - # xkb-options = [ "caps:swapescape" ]; - }; - - programs.zsh.envExtra = '' - source ~/.zshrc.secrets - ''; - - home.packages = with pkgs; [ - eduvpn-client - localsend - typst - ]; - - - programs.ssh.enable = true; - programs.ssh.matchBlocks = { - "student-linux.tudelft.nl" = { - user = "vroest"; - }; - "login.delftblue.tudelft.nl" = { - user = "vroest"; - }; - "cese01" = { - hostname = "cese01.ewi.tudelft.nl"; - user = "vroest"; - proxyJump = "student-linux.tudelft.nl"; - }; - "cese" = { - user = "root"; - hostname = "10.0.3.121"; - proxyJump = "cese01"; - }; - "bastion.olympus" = { }; - "bastion.hades" = { }; - }; - -} diff --git a/hosts/thalassa/aoife/home/eww/scripts/getvol b/hosts/thalassa/aoife/home/eww/scripts/getvol deleted file mode 100755 index 4e4275d8..00000000 --- a/hosts/thalassa/aoife/home/eww/scripts/getvol +++ /dev/null @@ -1,12 +0,0 @@ -#!/bin/sh - -if command -v pamixer &>/dev/null; then - if [ true == $(pamixer --get-mute) ]; then - echo 0 - exit - else - pamixer --get-volume - fi -else - amixer -D pulse sget Master | awk -F '[^0-9]+' '/Left:/{print $3}' -fi diff --git a/hosts/thalassa/aoife/home/hyprland.nix b/hosts/thalassa/aoife/home/hyprland.nix deleted file mode 100644 index c0387012..00000000 --- a/hosts/thalassa/aoife/home/hyprland.nix +++ /dev/null @@ -1,333 +0,0 @@ -{ - pkgs, - config, - inputs, - lib, - ... -}: -let - terminal = "${config.programs.kitty.package}/bin/kitty -1"; -in -{ - imports = [ - ./waybar.nix - ]; - - home.packages = with pkgs; [ - hyprland-workspaces - inputs.gnome-autounlock-keyring.packages.${pkgs.system}.default - inputs.hyprland-qtutils.packages.${pkgs.system}.default - ]; - - programs = { - rofi = { - enable = true; - package = pkgs.rofi-wayland; - theme = { - listview.columns = 1; - }; - }; - - hyprlock = { - enable = true; - settings = - let - color = "rgba(242, 243, 244, 0.75)"; - in - { - auth.fingerprint.enabled = true; - - background = { - path = "screenshot"; - blur_passes = 3; - }; - }; - }; - - # eww = { - # enable = true; - # configDir = ./eww; - # }; - }; - - services = { - gnome-keyring.enable = true; - - mako = { - enable = true; - settings.defaultTimeout = 5000; - }; - - hypridle = { - enable = true; - - settings = { - general = { - lock_cmd = "pidof hyprlock || hyprlock"; - before_sleep_cmd = "loginctl lock-session"; - after_sleep_cmd = "hyprctl dispatch dpms on"; - }; - - listener = [ - { - timeout = 300; # 5 mins - on-timeout = "${pkgs.brightnessctl}/bin/brightnessctl -s set 10"; - on-resume = "${pkgs.brightnessctl}/bin/brightnessctl -r"; - } - { - timeout = 300; # 5 mins - on-timeout = "${pkgs.brightnessctl}/bin/brightnessctl -sd tpacpi:kbd_backlight set 0"; - on-resume = "${pkgs.brightnessctl}/bin/brightnessctl -rd tpacpi::kbd_backlight"; - } - { - timeout = 600; # 10 mins - on-timeout = "loginctl lock-session"; - } - { - timeout = 1200; # 20 mins, screen off - on-timeout = "hyprctl dispatch dpms off"; - on-resume = "hyprctl dispatch dpms on"; - } - { - timeout = 2400; # 40 mins - on-timeout = "systemctl suspend"; - } - ]; - }; - }; - - hyprpaper = - let - wallpaper = ../../../../assets/wallpaper-nix-pink.png; - in - { - enable = true; - settings = { - preload = [ "${wallpaper}" ]; - wallpaper = [ "eDP-1,${wallpaper}" ]; - - splash = false; - ipc = "off"; - }; - }; - - }; - - # Hack to ensure graphical dependent services start _after_ hyprland starts - # Needed as these services normally start after graphical-session-pre - systemd.user.services.hyprpaper.Unit.After = lib.mkForce "graphical-session.target"; - systemd.user.services.waybar.Unit.After = lib.mkForce "graphical-session.target"; - systemd.user.services.hypridle.Unit.After = lib.mkForce "graphical-session.target"; - - wayland.windowManager.hyprland = - let - toggle_mirror = pkgs.writeScriptBin "toggle_mirror.sh" '' - #!${pkgs.stdenv.shell} - if [ $(hyprctl monitors all -j | ${pkgs.jq}/bin/jq '.[1].activeWorkspace.id') = '-1' ]; then - hyprctl keyword monitor ",preferred,auto,1" - else - hyprctl keyword monitor ",preferred,auto,1,mirror,eDP-1" - fi - ''; - # Autostart now handled by xdg.autoStart - startup = pkgs.writeScriptBin "startup.sh" '' - #!${pkgs.stdenv.shell} - # uwsm app -- ${pkgs.wl-clip-persist}/bin/wl-clip-persist -c both & - ''; - in - { - enable = true; - systemd.enable = false; # using UWSM - - plugins = with pkgs.hyprlandPlugins; [ - hyprexpo - ]; - - settings = - let - inherit (builtins) genList concatLists toString; - wpctl = "${pkgs.wireplumber}/bin/wpctl"; - brightnessctl = "${pkgs.brightnessctl}/bin/brightnessctl"; - menu = "${config.programs.rofi.package}/bin/rofi -columns 1 -show combi -modes combi -combi-modes \"window,drun,run\""; - fileManager = "${pkgs.nautilus}/bin/nautilus"; - in - { - "$mod" = "SUPER"; - exec-once = [ - "${startup}/bin/startup.sh" - ]; - monitor = [ - "eDP-1, 3840x2400@60,0x0,2" - ",highres,auto,1" - ]; - input = { - touchpad.natural_scroll = true; - }; - general = { - gaps_in = 5; - gaps_out = 10; - border_size = 2; - "col.active_border" = "rgba(babbf1ee) rgba(f4b8e4ee) 45deg"; - "col.inactive_border" = "rgba(303446aa)"; - layout = "dwindle"; - # Please see https://wiki.hyprland.org/Configuring/Tearing/ before you turn this on - allow_tearing = true; - }; - group = { - "col.border_active" = "rgba(babbf1ee) rgba(f4b8e4ee) 45deg"; - "col.border_inactive" = "rgba(232634aa)"; - - groupbar = { - font_size = 10; - height = 18; - "col.active" = "rgba(babbf1aa)"; - "col.inactive" = "rgba(414559aa)"; - text_color = "rgba(ffffffee)"; - }; - }; - - plugin.hyprexpo = { - workspace_method = "first 1"; - enable_gesture = true; - gesture_positive = false; - gesture_fingers = 3; - }; - - decoration = { - rounding = 10; - - blur = { - enabled = true; - size = 3; - passes = 1; - }; - - shadow = { - enabled = true; - color = "rgba(1a1a1aee)"; - range = 4; - render_power = 3; - }; - }; - animations = { - enabled = "yes"; - - bezier = "myBezier, 0.05, 0.9, 0.1, 1.05"; - - animation = [ - "windows, 1, 7, myBezier" - "windowsOut, 1, 7, default, popin 80%" - "border, 1, 10, default" - "borderangle, 1, 8, default" - "fade, 1, 4, default" - "workspaces, 1, 4, default" - ]; - }; - dwindle = { - preserve_split = "yes"; - pseudotile = "yes"; - }; - - gestures.workspace_swipe = true; - - misc = { - force_default_wallpaper = 2; - disable_splash_rendering = true; - disable_hyprland_logo = true; - disable_autoreload = true; - }; - - windowrulev2 = [ - "suppressevent maximize, class:.*" - - "workspace 1 silent, class:^(Element)$" - "workspace 1 silent, class:^(discord)$" - "group, class:^(Element|discord)$,workspace:1" - - "workspace 2 silent, class:^(firefox)$" - "float,class:^(firefox)$,title:^(Picture-in-Picture)$" - - "workspace special:obsidian silent, class:^(obsidian)$" - ]; - - # l -> works when screen is locked - # e -> repeats when held - bindel = [ - ",XF86AudioRaiseVolume,exec,${wpctl} set-volume @DEFAULT_AUDIO_SINK@ 5%+" - ",XF86AudioLowerVolume,exec,${wpctl} set-volume @DEFAULT_AUDIO_SINK@ 5%-" - ",XF86MonBrightnessUp,exec,${brightnessctl} -q s +5%" - ",XF86MonBrightnessDown,exec,${brightnessctl} -q s 5%-" - ]; - - bindl = [ ",XF86AudioMute, exec,${wpctl} set-mute @DEFAULT_AUDIO_SINK@ toggle" ]; - - bind = - [ - "$mod, RETURN, exec, uwsm app -- ${terminal}" - "$mod, Q, killactive," - "$mod SHIFT, Q, exec, uwsm stop," - "$mod, E, exec, uwsm app -- ${fileManager}" - "$mod, V, togglefloating," - "$mod, D, exec, uwsm app -- ${menu}" - "$mod, P, pseudo, # dwindle" - "$mod, J, togglesplit, # dwindle" - "$mod,m,fullscreen" - - "$mod, L, exec, loginctl lock-session" - - "$mod, space, hyprexpo:expo, toggle" - - # Move focus with arrow keys - "$mod, left, movefocus, l" - "$mod, right, movefocus, r" - "$mod, up, movefocus, u" - "$mod, down, movefocus, d" - - # Scratch workspace - "$mod, S, togglespecialworkspace, scratch" - "$mod SHIFT, S, movetoworkspace, special:scratch" - - # Obsidian Workspace - "$mod, O, togglespecialworkspace, obsidian" - "$mod SHIFT, O, movetoworkspace, special:obsidian" - - # Groups aka Tabs - "$mod,g,togglegroup" - "$mod,tab,changegroupactive" - - # PrintScreen - ",Print,exec,uwsm app -- ${pkgs.grimblast}/bin/grimblast copysave area /home/vivian/cloud/Pictures/Screenshots/$(date +%s).png" - # Toggle Mirror for external displays on/off - ",XF86Display,exec,${toggle_mirror}/bin/toggle_mirror.sh" - ] - ++ ( - # workspaces - # binds $mod + [shift +] {1..10} to [move to] workspace {1..10} - concatLists ( - genList ( - x: - let - ws = - let - c = (x + 1) / 10; - in - toString (x + 1 - (c * 10)); - in - [ - "$mod, ${ws}, workspace, ${toString (x + 1)}" - "$mod SHIFT, ${ws}, movetoworkspacesilent, ${toString (x + 1)}" - ] - ) 10 - ) - - ); - - # Bind mouse - bindm = [ - # Move/resize windows with mod + LMB/RMB and dragging - "$mod, mouse:272, movewindow" - "$mod, mouse:273, resizewindow" - ]; - }; - }; -} diff --git a/hosts/thalassa/aoife/home/starship.nix b/hosts/thalassa/aoife/home/starship.nix deleted file mode 100644 index b91be705..00000000 --- a/hosts/thalassa/aoife/home/starship.nix +++ /dev/null @@ -1,17 +0,0 @@ -{ pkgs, config, ...}: -let - starshipNerdFont = pkgs.runCommand "starship-nerd-font.toml" { STARSHIP_CACHE = "/tmp"; } '' - ${config.programs.starship.package}/bin/starship preset nerd-font-symbols > $out - ''; -in{ - programs.starship = { - enable = false; - enableZshIntegration = true; - enableFishIntegration = true; - enableNushellIntegration = true; - - settings = { - nix_shell.heuristic = true; - } // builtins.fromTOML (builtins.readFile starshipNerdFont); - }; -} diff --git a/hosts/thalassa/aoife/home/waybar.css b/hosts/thalassa/aoife/home/waybar.css deleted file mode 100644 index b60c70ae..00000000 --- a/hosts/thalassa/aoife/home/waybar.css +++ /dev/null @@ -1,125 +0,0 @@ -/* Catppucin Frappe */ -@define-color base #303446; -@define-color mantle #292c3c; -@define-color crust #232634; - -@define-color text #c6d0f5; -@define-color subtext0 #a5adce; -@define-color subtext1 #b5bfe2; - -@define-color surface0 #414559; -@define-color surface1 #51576d; -@define-color surface2 #626880; - -@define-color overlay0 #737994; -@define-color overlay1 #838ba7; -@define-color overlay2 #949cbb; - -@define-color blue #8caaee; -@define-color lavender #babbf1; -@define-color sapphire #85c1dc; -@define-color sky #99d1db; -@define-color teal #81c8be; -@define-color green #a6d189; -@define-color yellow #e5c890; -@define-color peach #ef9f76; -@define-color maroon #ea999c; -@define-color red #e78284; -@define-color mauve #ca9ee6; -@define-color pink #f4b8e4; -@define-color flamingo #eebebe; -@define-color rosewater #f2d5cf; - - -window { - border: none; - font-family: DejaVuSansM Nerd Font, sans-serif; - font-size: 13px; - color: @text; -} - -window#waybar { - color: @text; - background-color: rgba(0, 0, 0, 0); - transition-property: background-color; - transition-duration: 0.5s; - transition-duration: .5s; -} - -window#waybar.hidden { - opacity: 0.2; -} - -#workspaces { - /* background: @overlay0; */ -} - -#workspaces button { - color: @text; - /* background: @background3; */ - /* margin: 7px 5px 10px 5px; */ -} - -#workspaces button:hover { - background: @surface0; - color: @text; -} - -#workspaces button.active { - color: @crust; - background: @overlay2; - border: none; -} - -#clock, -#battery, -#network, -#power-profiles-daemon, -#wireplumber { - padding: 0px 20px; - border-radius: 8px; - margin-left: 5px; - color: @crust; -} - -#wireplumber { - padding: 0px 20px 0px 17px; - background-color: @teal; -} - -#network { - padding: 0px 15px 0px 20px; - background-color: @green; -} - -#battery { - background-color: @lavender; -} - -#clock { - background-color: @pink; -} - -#power-profiles-daemon { - background-color: @mauve; -} - -@keyframes blink { - to { - background-color: rgba(30, 34, 42, 0.5); - color: #abb2bf; - } -} - -#battery.critical:not(.charging) { - color: #f53c3c; - animation-name: blink; - animation-duration: 0.5s; - animation-timing-function: linear; - animation-iteration-count: infinite; - animation-direction: alternate; -} - -label:focus { - background-color: #000000; -} diff --git a/hosts/thalassa/aoife/home/waybar.nix b/hosts/thalassa/aoife/home/waybar.nix deleted file mode 100644 index ac48a495..00000000 --- a/hosts/thalassa/aoife/home/waybar.nix +++ /dev/null @@ -1,82 +0,0 @@ -{ pkgs, config, ... }: -let - terminal = "${config.programs.kitty.package}/bin/kitty -1"; -in -{ - programs.waybar = { - enable = true; - systemd.enable = true; - style = ./waybar.css; - - settings = { - mainBar = { - layer = "top"; - position = "top"; - height = 30; - modules-left = [ "hyprland/workspaces" ]; - modules-center = [ "clock" ]; - modules-right = [ - "wireplumber" - "power-profiles-daemon" - "network" - "battery" - ]; - - wireplumber = { - format = "󰕾 {volume}%"; - format-muted = "󰖁"; - on-click = "${pkgs.wireplumber}/bin/wpctl set-mute @DEFAULT_SINK@ toggle"; - }; - - network = - let - nmtui = pkgs.writeScriptBin "nmtui.sh" '' - #!${pkgs.stdenv.shell} - unset COLORTERM - TERM=xterm-old ${pkgs.networkmanager}/bin/nmtui - ''; - in - { - format-wifi = "󰖩 {essid} ({signalStrength}%)"; - format-ethernet = "󰈀 {ifname}: {ipaddr}/{cidr}"; - format-disconnected = "󰌙 "; - tooltip-format = "{ifname}: {ipaddr}"; - on-click = "${terminal} --execute ${nmtui}/bin/nmtui.sh"; - }; - - power-profiles-daemon = { - format = "{icon}"; - format-icons = { - performance = "󰓅"; - balanced = "󰾅"; - power-saver = "󰾆"; - }; - }; - - battery = { - states = { - warning = 30; - critical = 15; - }; - - format = "󱐋 {capacity}%"; - format-discharging = "{icon} {capacity}%"; - - format-icons = [ - "󰂎" - "󰁺" - "󰁻" - "󰁼" - "󰁽" - "󰁾" - "󰁿" - "󰂀" - "󰂁" - "󰂂" - "󰁹" - ]; - }; - }; - }; - }; -} diff --git a/hosts/thalassa/aoife/uni.nix b/hosts/thalassa/aoife/uni.nix deleted file mode 100644 index 1c3b052e..00000000 --- a/hosts/thalassa/aoife/uni.nix +++ /dev/null @@ -1,39 +0,0 @@ -# Config options needed for various university courses -{ - lib, - pkgs, - config, - ... -}: -{ - environment.systemPackages = with pkgs; [ - esp-generate - espflash - (lib.mkIf config.hardware.saleae-logic.enable config.hardware.saleae-logic.package) - ]; - - users.extraGroups.plugdev = { }; - users.extraUsers.vivian.extraGroups = [ - "dialout" - "plugdev" - ]; - - hardware.saleae-logic.enable = true; - - programs.nix-ld = { - enable = true; - package = pkgs.nix-ld-rs; - libraries = [ - - ]; - }; - - services.udev.packages = [ - pkgs.openocd # This should(?) be the same as the probe-rs rules below, but just to be sure - (pkgs.writeTextFile { - name = "probe-rs-udev"; - destination = "/etc/udev/rules.d/69-probe-rs.rules"; - text = builtins.readFile ./69-probe-rs.rules; - }) - ]; -} diff --git a/common/default.nix b/nixos/common/default.nix similarity index 51% rename from common/default.nix rename to nixos/common/default.nix index 05d08868..a9e55a74 100644 --- a/common/default.nix +++ b/nixos/common/default.nix @@ -1,31 +1,30 @@ -{ - lib, - inputs, - pkgs, - ... -}: -{ - imports = [ - ./users - ./modules - ]; +{ lib, pkgs, inputs, config, ... }: { + imports = + [ ./users ./modules inputs.vault-secrets.nixosModules.vault-secrets ]; + + vault-secrets = + let + inherit (config.networking) domain hostName; + server = if domain == "olympus" then "vault" else "vault-0"; + in + lib.mkIf (domain == "olympus" || domain == "hades") { + vaultPrefix = "${domain}_secrets/nixos"; + vaultAddress = "http://${server}.${domain}:8200/"; + approlePrefix = "${domain}-${hostName}"; + }; home-manager = { useGlobalPkgs = true; useUserPackages = true; - extraSpecialArgs = { - inherit inputs; - }; - sharedModules = [ - ./hm-modules - inputs.nixvim.homeModules.nixvim - inputs.catppuccin.homeModules.catppuccin - inputs.autostart.homeManagerModules.xdg-autostart - ]; + extraSpecialArgs = { inherit inputs; }; + sharedModules = [ ./hm-modules inputs.nixvim.homeManagerModules.nixvim ]; }; virtualisation.oci-containers.backend = lib.mkDefault "podman"; + # Clean /tmp on boot. + boot.tmp.cleanOnBoot = true; + # Set your time zone. time.timeZone = lib.mkDefault "Europe/Amsterdam"; @@ -42,26 +41,25 @@ # Nix Settings nix = { - # registry.nixpkgs.flake = inputs.nixpkgs; - # nixPath = [ "nixpkgs=${inputs.nixpkgs}" ]; - package = pkgs.lix; + registry.nixpkgs.flake = inputs.nixpkgs; + nixPath = [ "nixpkgs=${inputs.nixpkgs}" ]; + # package = pkgs.nixUnstable; settings = { auto-optimise-store = true; - trusted-users = [ - "root" - "vivian" - ]; + trusted-users = [ "root" "vivian" ]; substituters = [ "https://nix-community.cachix.org" "https://nixpkgs-review-bot.cachix.org" + "https://colmena.cachix.org" + # "https://cache.garnix.io" "https://cachix.cachix.org" - "https://hyprland.cachix.org" ]; trusted-public-keys = [ "cachix.cachix.org-1:eWNHQldwUO7G2VkjpnjDbWwy4KQ/HNxht7H4SSoMckM=" "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" "nixpkgs-review-bot.cachix.org-1:eppgiDjPk7Hkzzz7XlUesk3rcEHqNDozGOrcLc8IqwE=" - "hyprland.cachix.org-1:a7pgxzMz7+chwVL3/pzj6jIBMioiJM7ypFP8PwtkuGc=" + "colmena.cachix.org-1:7BzpDnjjH8ki2CT3f6GdOk7QAzPOl+1t3LvTLXqYcSg=" + # "cache.garnix.io:CTFPyKSLcx5RMJKfLo5EEPUObbA78b0YQ2DTCJXqr9g=" ]; }; optimise = { @@ -79,23 +77,26 @@ ''; }; - services = { - # Limit the systemd journal to 100 MB of disk or the - # last 7 days of logs, whichever happens first. - journald.extraConfig = '' - SystemMaxUse=100M - MaxFileSec=7day - ''; + nixpkgs.config.allowUnfree = true; - dbus.implementation = "broker"; + nixpkgs.config.permittedInsecurePackages = [ + "dotnet-sdk-6.0.428" + "aspnetcore-runtime-6.0.36" + ]; - # Enable SSH - openssh = { - enable = true; - settings = { - PasswordAuthentication = lib.mkDefault false; - PermitRootLogin = lib.mkDefault "no"; - }; + # Limit the systemd journal to 100 MB of disk or the + # last 7 days of logs, whichever happens first. + services.journald.extraConfig = '' + SystemMaxUse=100M + MaxFileSec=7day + ''; + + # Enable SSH + services.openssh = { + enable = true; + settings = { + PasswordAuthentication = lib.mkDefault false; + PermitRootLogin = lib.mkDefault "no"; }; }; diff --git a/common/desktop/README.md b/nixos/common/desktop/README.md similarity index 100% rename from common/desktop/README.md rename to nixos/common/desktop/README.md diff --git a/common/desktop/default.nix b/nixos/common/desktop/default.nix similarity index 70% rename from common/desktop/default.nix rename to nixos/common/desktop/default.nix index 94558676..7d5176a3 100644 --- a/common/desktop/default.nix +++ b/nixos/common/desktop/default.nix @@ -1,10 +1,4 @@ -{ - pkgs, - lib, - inputs, - ... -}: -{ +{ pkgs, lib, inputs, ... }: { # Bootloader. boot = { kernelPackages = lib.mkDefault pkgs.linuxPackages_latest; @@ -13,43 +7,36 @@ efi.canTouchEfiVariables = true; efi.efiSysMountPoint = "/boot/efi"; }; - kernel.sysctl = lib.mkDefault { "fs.inotify.max_user_watches" = 524288; }; + kernel.sysctl = { "fs.inotify.max_user_watches" = 524288; }; initrd = { systemd.enable = true; verbose = false; }; }; - # programs.nix-ld.enable = true; + programs.nix-ld.enable = true; hardware.keyboard.qmk.enable = true; home-manager = { useGlobalPkgs = true; useUserPackages = true; users.vivian = import ./home.nix; - extraSpecialArgs = { - inherit inputs; - }; + extraSpecialArgs = { inherit inputs; }; }; - services = { - pulseaudio.enable = false; # Enable my config for the gnome desktop environment - v.gnome.enable = lib.mkDefault true; - - flatpak.enable = true; + v.gnome.enable = true; # Enable CUPS to print documents. printing.enable = true; pipewire = { enable = true; - audio.enable = true; - # alsa.enable = true; - # alsa.support32Bit = true; + alsa.enable = true; + alsa.support32Bit = true; pulse.enable = true; # If you want to use JACK applications, uncomment this - jack.enable = true; + #jack.enable = true; # use the example session manager (no others are packaged yet so this is enabled by default, # no need to redefine it in your config for now) @@ -75,15 +62,19 @@ }; # Global Packages - environment.systemPackages = with pkgs; [ - wireguard-tools - sbctl - ]; # ++ (if config.virtualisation.podman.enable then [ pkgs.podman-compose ] else []); + environment.systemPackages = with pkgs; [ wireguard-tools sbctl podman-compose ]; + # programs.virt-manager = { + # enable = true; + # }; + + # Enable sound with pipewire. + sound.enable = true; + hardware.pulseaudio.enable = false; security.rtkit.enable = true; virtualisation = { - podman.enable = lib.mkDefault true; + podman.enable = true; libvirtd = { enable = true; qemu.package = pkgs.qemu_kvm; @@ -92,36 +83,30 @@ fonts.packages = with pkgs; [ material-design-icons - noto-fonts - noto-fonts-cjk-sans + noto-fonts-cjk noto-fonts-emoji - dejavu_fonts - - nerd-fonts.dejavu-sans-mono - nerd-fonts.ubuntu - nerd-fonts.droid-sans-mono - nerd-fonts.symbols-only + (nerdfonts.override { + fonts = + [ "DejaVuSansMono" "Ubuntu" "DroidSansMono" "NerdFontsSymbolsOnly" ]; + }) ]; - programs = { steam = { + enable = true; # Open ports in the firewall for Steam Remote Play remotePlay.openFirewall = true; package = pkgs.steam.override { - extraPkgs = - pkgs: with pkgs; [ - gamescope - mangohud - ]; + extraPkgs = pkgs: with pkgs; [ gamescope mangohud ]; }; }; + gamemode.enable = true; + adb.enable = true; }; - networking = { # Networking networkmanager.enable = true; diff --git a/nixos/common/desktop/home.nix b/nixos/common/desktop/home.nix new file mode 100644 index 00000000..a76d17de --- /dev/null +++ b/nixos/common/desktop/home.nix @@ -0,0 +1,97 @@ +{ pkgs, inputs, config, ... }: +let + tex = pkgs.texlive.combine { + inherit (pkgs.texlive) scheme-full; + dnd-5e-latex-template = { pkgs = [ pkgs.v.dnd-5e-latex-template ]; }; + }; + my-python-packages = ps: with ps; [ pandas requests numpy ]; +in { + home.packages = with pkgs; [ + (python3.withPackages my-python-packages) + btop + calibre + celluloid + element-desktop + fusee-launcher + fractal-next + foliate + gcc + gimp + helix + inputs.attic.packages.${pkgs.system}.attic + inputs.comma.packages.${pkgs.system}.default + # inputs.webcord.packages.${pkgs.system}.default + discord + dogdns + jetbrains.clion + jetbrains.rust-rover + kdenlive + libreoffice-fresh + mattermost-desktop + mullvad-vpn + neofetch + nixfmt + nixpkgs-review + plex-media-player + plexamp + spotify + qmk + solo2-cli + tex + unzip + yt-dlp + ]; + + # Enable my own hm modules + themes.v.catppuccin.enable = true; + programs = { + v = { + vscode.enable = true; + nvim.enable = true; + rust.enable = true; + }; + + riff = { + enable = true; + direnv = true; + }; + + firefox.enable = true; + + chromium = { + enable = true; + package = pkgs.ungoogled-chromium; + }; + + direnv = { + enable = true; + nix-direnv.enable = true; + }; + + zsh = { + enable = true; + sessionVariables = { DIRENV_LOG_FORMAT = ""; }; + }; + + thunderbird = { + enable = true; + profiles.default = { isDefault = true; }; + }; + }; + + # Syncthing + services.syncthing.enable = true; + xdg.userDirs = let home = config.home.homeDirectory; + in { + enable = true; + createDirectories = true; + desktop = "${home}/.desktop"; + documents = "${home}/cloud/Documents"; + download = "${home}/dl"; + music = "${home}/cloud/Music"; + pictures = "${home}/cloud/Pictures"; + publicShare = "${home}/.publicShare"; + templates = "${home}/.templates"; + videos = "${home}/cloud/Videos"; + }; +} diff --git a/nixos/common/generic-lxc.nix b/nixos/common/generic-lxc.nix new file mode 100644 index 00000000..98749442 --- /dev/null +++ b/nixos/common/generic-lxc.nix @@ -0,0 +1,13 @@ +_: { + # See also: https://blog.xirion.net/posts/nixos-proxmox-lxc/ + + # Supress systemd services that don't work (correctly) on LXC + systemd.suppressedSystemUnits = [ + "dev-mqueue.mount" + "sys-kernel-debug.mount" + "sys-fs-fuse-connections.mount" + ]; + + # https://github.com/NixOS/nixpkgs/issues/157449#issuecomment-1459299764 + boot.specialFileSystems."/run".options = [ "rshared" ]; +} diff --git a/common/generic-vm.nix b/nixos/common/generic-vm.nix similarity index 53% rename from common/generic-vm.nix rename to nixos/common/generic-vm.nix index 739762f8..086bf638 100644 --- a/common/generic-vm.nix +++ b/nixos/common/generic-vm.nix @@ -1,5 +1,5 @@ -{ lib, ... }: { - networking.useDHCP = lib.mkDefault true; +_: { + networking.useDHCP = true; # Enable qemu guest agent services.qemuGuest.enable = true; diff --git a/nixos/common/hm-modules/catppuccin.nix b/nixos/common/hm-modules/catppuccin.nix new file mode 100644 index 00000000..68c7191e --- /dev/null +++ b/nixos/common/hm-modules/catppuccin.nix @@ -0,0 +1,40 @@ +{ config, pkgs, lib, ... }: +with lib; +let cfg = config.themes.v.catppuccin; +in { + options.themes.v.catppuccin = { enable = mkEnableOption "catppuccin"; }; + config = + let + theme = "Catppuccin-Pink-Dark"; + cursorTheme = config.home.pointerCursor.name; + in + mkIf cfg.enable { + home.pointerCursor = { + name = "Bibata_Ghost"; + size = 24; + package = pkgs.bibata-cursors-translucent; + }; + + gtk = { + enable = true; + theme = { + name = theme; + package = pkgs.catppuccin-gtk; + }; + iconTheme = { + name = "Papirus-Dark"; + package = pkgs.papirus-icon-theme.override { color = "violet"; }; + }; + cursorTheme = { + name = cursorTheme; + inherit (config.home.pointerCursor) package size; + }; + }; + + programs.vscode = { + userSettings."workbench.colorTheme" = "Catppuccin Frappé"; + extensions = [ pkgs.vscode-extensions.catppuccin.catppuccin-vsc ]; + }; + }; +} + diff --git a/nixos/common/hm-modules/default.nix b/nixos/common/hm-modules/default.nix new file mode 100644 index 00000000..2dbbe8f1 --- /dev/null +++ b/nixos/common/hm-modules/default.nix @@ -0,0 +1,3 @@ +{ ... }: { + imports = [ ./catppuccin.nix ./nvim.nix ./riff.nix ./vscode.nix ./git.nix ./rust.nix ]; +} diff --git a/common/hm-modules/git.nix b/nixos/common/hm-modules/git.nix similarity index 100% rename from common/hm-modules/git.nix rename to nixos/common/hm-modules/git.nix diff --git a/nixos/common/hm-modules/nvim.nix b/nixos/common/hm-modules/nvim.nix new file mode 100644 index 00000000..71723246 --- /dev/null +++ b/nixos/common/hm-modules/nvim.nix @@ -0,0 +1,190 @@ +{ config, pkgs, lib, ... }: +let cfg = config.programs.v.nvim; +in with lib; { + options.programs.v.nvim = { enable = mkEnableOption "nvim"; }; + config = mkIf cfg.enable { + programs.nixvim = { + enable = true; + package = pkgs.neovim-unwrapped; + vimAlias = true; + luaLoader.enable = true; + + globals.mapleader = " "; + + options.number = true; + + clipboard = { providers.wl-copy.enable = true; }; + + keymaps = [ + { + mode = "n"; + key = "ff"; + action = "require('telescope.builtin').find_files"; + lua = true; + } + { + mode = "n"; + key = "fg"; + action = "require('telescope.builtin').live_grep"; + lua = true; + } + { + mode = "n"; + key = ""; + action = "require('Comment.api').toggle.linewise.current"; + lua = true; + } + { + mode = "x"; + key = ""; + action = '' + function() + local esc = vim.api.nvim_replace_termcodes( + '', true, false, true + ) + vim.api.nvim_feedkeys(esc, 'nx', false) + require('Comment.api').toggle.linewise(vim.fn.visualmode()) + end + ''; + lua = true; + } + { + mode = "n"; + key = "g="; + action = "vim.lsp.buf.format"; + lua = true; + } + { + mode = "n"; + key = "t"; + action = ":FloatermToggle myfloat"; + } + { + mode = "t"; + key = ""; + action = "function() vim.cmd(':FloatermToggle myfloat') end"; + lua = true; + } + ]; + + extraPlugins = with pkgs.vimPlugins; [ + FixCursorHold-nvim + luasnip + plenary-nvim + neotest + neotest-plenary + neotest-rust + ]; + + colorschemes.catppuccin = { + enable = true; + flavour = "frappe"; + }; + + extraConfigLua = '' + require("neotest").setup({ + adapters = { + require("neotest-plenary"), + require("neotest-rust") { + args = { "--no-capture" }, + } + }, + }) + ''; + + plugins = { + bufferline.enable = true; + none-ls = { + enable = true; + sources = { + formatting.nixpkgs_fmt.enable = true; + code_actions.shellcheck.enable = true; + code_actions.statix.enable = true; + diagnostics = { + statix.enable = true; + deadnix.enable = true; + shellcheck.enable = true; + }; + }; + }; + nix.enable = true; + treesitter = { + enable = true; + nixGrammars = true; + disabledLanguages = [ "latex" ]; + }; + surround.enable = true; + fugitive.enable = true; + gitgutter.enable = true; + lualine = { + enable = true; + theme = "catppuccin"; + }; + telescope = { + enable = true; + extensions.fzf-native.enable = true; + extensions.fzf-native.fuzzy = true; + }; + comment-nvim = { enable = true; }; + lsp = { + enable = true; + servers = { + nil_ls.enable = true; + rust-analyzer = { + installCargo = false; + installRustc = false; + }; + pyright.enable = true; + elixirls.enable = true; + clangd.enable = true; + yamlls.enable = true; + }; + }; + trouble.enable = true; + lspkind.enable = true; + + vimtex.enable = true; + + floaterm.enable = true; + + nvim-cmp = { + enable = true; + autoEnableSources = true; + sources = [ + { name = "nvim_lsp"; } + { + name = "luasnip"; + option = { show_autosnippets = true; }; + } + { name = "cmp-spell"; } + { name = "cmp-rg"; } + { name = "path"; } + { name = "buffer"; } + ]; + snippet.expand = "luasnip"; + mappingPresets = [ "insert" "cmdline" ]; + mapping = { + "" = "cmp.mapping.confirm({ select = true })"; + "" = { + modes = [ "i" "s" ]; + action = '' + function(fallback) + local luasnip = require('luasnip') + if cmp.visible() then + cmp.select_next_item() + elseif luasnip.expandable() then + luasnip.expand() + elseif luasnip.expand_or_jumpable() then + luasnip.expand_or_jump() + else + fallback() + end + end + ''; + }; + }; + }; + }; + }; + }; +} diff --git a/nixos/common/hm-modules/riff.nix b/nixos/common/hm-modules/riff.nix new file mode 100644 index 00000000..509a782d --- /dev/null +++ b/nixos/common/hm-modules/riff.nix @@ -0,0 +1,28 @@ +{ config, pkgs, lib, inputs, ... }: +with lib; +let cfg = config.programs.riff; +in { + options.programs.riff = { + enable = mkEnableOption "riff"; + direnv = mkOption { + type = types.bool; + default = false; + description = '' + Whether to enable direnv support + ''; + }; + }; + config = mkIf cfg.enable { + home.packages = [ inputs.riff.packages.${pkgs.system}.riff ]; + + xdg.configFile."direnv/lib/riff.sh" = mkIf cfg.direnv { + executable = true; + text = '' + use_riff() { + watch_file Cargo.toml watch_file Cargo.lock + eval "$(riff --offline print-dev-env)" + } + ''; + }; + }; +} diff --git a/nixos/common/hm-modules/rust.nix b/nixos/common/hm-modules/rust.nix new file mode 100644 index 00000000..f489bd31 --- /dev/null +++ b/nixos/common/hm-modules/rust.nix @@ -0,0 +1,26 @@ +{ pkgs, lib, config, ... }: +with lib; +let cfg = config.programs.v.rust; +in { + options.programs.v.rust = { enable = mkEnableOption "rust"; }; + config = mkIf cfg.enable { + home = { + packages = with pkgs; [ rustup cargo-nextest cargo-msrv cargo-dist cargo-cross]; + + file = { + ".cargo/config.toml".text = '' + [registries.crates-io] + protocol = "sparse" + + [build] + rustc-wrapper = "${pkgs.sccache}/bin/sccache" + + [profile.rust-analyzer] + inherits = "dev" + ''; + }; + + sessionPath = [ "$HOME/.cargo/bin" ]; + }; + }; +} diff --git a/nixos/common/hm-modules/vscode.nix b/nixos/common/hm-modules/vscode.nix new file mode 100644 index 00000000..1cc5dd91 --- /dev/null +++ b/nixos/common/hm-modules/vscode.nix @@ -0,0 +1,79 @@ +{ config, pkgs, lib, ... }: +with lib; +let cfg = config.programs.v.vscode; +in { + options.programs.v.vscode = { enable = mkEnableOption "vscode"; }; + config = mkIf cfg.enable { + programs.vscode = { + enable = true; + package = pkgs.vscode; + userSettings = { + "ltex.language" = "en-GB"; + "latex-workshop.linting.chktex.enabled" = true; + "latex-workshop.latex.clean.subfolder.enabled" = true; + "latex-workshop.latex.outDir" = "%TMPDIR%/%RELATIVE_DOC%"; + "editor.fontFamily" = + "'DejaVuSansMono Nerd Font', 'monospace', monospace"; + "keyboard.dispatch" = "keyCode"; + "rust-analyzer.server.path" = "${pkgs.rust-analyzer}/bin/rust-analyzer"; + "rust-analyzer.check.extraArgs" = ["--profile" "rust-analyzer"]; + "rust-analyzer.check.command" = "clippy"; + "terminal.integrated.defaultProfile.linux" = "zsh"; + "nix.enableLanguageServer" = true; # Enable LSP. + "nix.serverPath" = "${pkgs.nil}/bin/nil"; + "[nix]" = { "editor.defaultFormatter" = "brettm12345.nixfmt-vscode"; }; + "[python]" = { "editor.formatOnType" = true; }; + "debug.allowBreakpointsEverywhere" = true; + "C_Cpp.clang_format_fallbackStyle" = + "{ BasedOnStyle: Google, IndentWidth: 4, ColumnLimit: 0}"; + "crates.compatibleDecorator" = "✓"; + "crates.errorDecorator" = "✗"; + "crates.incompatibleDecorator" = "🛇"; + # Don't index unecessary things + "files.exclude" = { + "**/.vscode" = true; + "**/.git" = true; + "**/.svn" = true; + "**/.hg" = true; + "**/.deps" = true; + "**/CVS" = true; + "**/.DS_Store" = true; + "/bin" = true; + "/boot" = true; + "/cdrom" = true; + "/dev" = true; + "/proc" = true; + "/etc" = true; + "/nix" = true; + }; + }; + extensions = with pkgs.vscode-extensions; + with pkgs.v.vscode-extensions; [ + brettm12345.nixfmt-vscode + codezombiech.gitignore + editorconfig.editorconfig + foxundermoon.shell-format + james-yu.latex-workshop + jnoortheen.nix-ide + matklad.rust-analyzer + mkhl.direnv + ms-vscode-remote.remote-ssh + ms-vscode.cpptools + platformio.platformio-ide + redhat.vscode-yaml + redhat.vscode-xml + tamasfe.even-better-toml + valentjn.vscode-ltex + vscodevim.vim + vadimcn.vscode-lldb + xaver.clang-format + sumneko.lua + davidlday.languagetool-linter + serayuzgur.crates + skellock.just + ]; + }; + + }; +} + diff --git a/nixos/common/modules/default.nix b/nixos/common/modules/default.nix new file mode 100644 index 00000000..66727027 --- /dev/null +++ b/nixos/common/modules/default.nix @@ -0,0 +1,3 @@ +{ ... }: { + imports = [ ./meta.nix ./nginx.nix ./dns.nix ./flood.nix ./gnome ./unpackerr.nix ./vault.nix ]; +} diff --git a/common/modules/dns.nix b/nixos/common/modules/dns.nix similarity index 73% rename from common/modules/dns.nix rename to nixos/common/modules/dns.nix index 674d6e54..606d5b50 100644 --- a/common/modules/dns.nix +++ b/nixos/common/modules/dns.nix @@ -1,22 +1,18 @@ -{ config, pkgs, lib, self, ... }: +{ config, pkgs, lib, hosts, flat_hosts, ... }: # DNS Module to set up Unbound DNS with all my hosts in the config # Used for DNS Servers and my laptop with lib; let - inherit (builtins) filter attrValues; - domains = [ "hades" "olympus" "thalassa" ]; - mapConfig = host: { - inherit (host.config.networking) hostName domain; - inherit (host.config.meta) ipv4 ipv6; - }; - hosts = (map mapConfig (attrValues self.nixosConfigurations)); - ipv4Hosts = filter (v: v.ipv4 != null) hosts; - ipv6Hosts = filter (v: v.ipv6 != null) hosts; + inherit (builtins) filter hasAttr attrNames; + domains = attrNames hosts; + ipv4Host = filter (hasAttr "ip") flat_hosts; + ipv6Hosts = filter (hasAttr "ip6") flat_hosts; - localData = { hostName, domain, ipv4, ... }: ''"${hostName}.${domain}. A ${ipv4}"''; - local6Data = { hostName, domain, ipv6, ... }: ''"${hostName}.${domain}. AAAA ${ipv6}"''; - ptrData = { hostName, domain, ipv4, ... }: ''"${ipv4} ${hostName}.${domain}"''; - ptr6Data = { hostName, domain, ipv6, ... }: ''"${ipv6} ${hostName}.${domain}"''; + localData = { hostname, realm, ip, ... }: ''"${hostname}.${realm}. A ${ip}"''; + local6Data = { hostname, realm, ip6, ... }: + ''"${hostname}.${realm}. AAAA ${ip6}"''; + ptrData = { hostname, realm, ip, ... }: ''"${ip} ${hostname}.${realm}"''; + ptr6Data = { hostname, realm, ip6, ... }: ''"${ip6} ${hostname}.${realm}"''; cfg = config.services.v.dns; in { @@ -58,7 +54,6 @@ in { enable = true; inherit (cfg) openFirewall; inherit (config.services.unbound) group; - controlInterface = config.services.unbound.localControlSocketPath; }; services.unbound = { enable = true; @@ -73,8 +68,8 @@ in { local-zone = map (localdomain: ''"${localdomain}}." transparent'') domains; - local-data = (map localData ipv4Hosts) ++ (map local6Data ipv6Hosts); - local-data-ptr = (map ptrData ipv4Hosts) ++ (map ptr6Data ipv6Hosts); + local-data = (map localData ipv4Host) ++ (map local6Data ipv6Hosts); + local-data-ptr = (map ptrData ipv4Host) ++ (map ptr6Data ipv6Hosts); private-address = [ "127.0.0.0/8" diff --git a/common/modules/flood.nix b/nixos/common/modules/flood.nix similarity index 100% rename from common/modules/flood.nix rename to nixos/common/modules/flood.nix diff --git a/common/modules/gnome/default.nix b/nixos/common/modules/gnome/default.nix similarity index 63% rename from common/modules/gnome/default.nix rename to nixos/common/modules/gnome/default.nix index d47159a5..97cb8b17 100644 --- a/common/modules/gnome/default.nix +++ b/nixos/common/modules/gnome/default.nix @@ -1,14 +1,11 @@ -{ - config, - pkgs, - lib, - ... -}: +{ config, pkgs, lib, inputs, ... }: with lib; -let - cfg = config.services.v.gnome; -in -{ +let cfg = config.services.v.gnome; +in { + imports = [ + inputs.gnome-autounlock-keyring.nixosModules.default + ]; + options.services.v.gnome = { enable = mkEnableOption "v.gnome"; hm = mkOption { @@ -36,17 +33,17 @@ in xserver = { enable = true; excludePackages = [ pkgs.xterm ]; - # Configure keymap in X11 - xkb = { - layout = "us"; - variant = "altgr-intl"; - }; - }; - # Enable the GNOME Desktop Environment. - displayManager.gdm.enable = lib.mkDefault true; - desktopManager.gnome.enable = true; - udev.packages = with pkgs; [ gnome-settings-daemon ]; + # Configure keymap in X11 + + layout = "us"; + xkbVariant = "altgr-intl"; + + # Enable the GNOME Desktop Environment. + displayManager.gdm.enable = true; + desktopManager.gnome.enable = true; + }; + udev.packages = with pkgs; [ gnome.gnome-settings-daemon ]; dbus.enable = true; udisks2.enable = true; }; @@ -55,49 +52,35 @@ in # Add Home-manager dconf stuff home-manager.sharedModules = mkIf cfg.hm [ ./hm.nix ]; - - environment.gnome.excludePackages = ( - with pkgs; - [ - gnome-photos - gnome-tour - gnome-connections - gnome-calendar + environment.gnome.excludePackages = + (with pkgs; [ gnome-photos gnome-tour gnome-connections ]) + ++ (with pkgs.gnome; [ + atomix # puzzle game epiphany # web browser geary # email reader - simple-scan # document scanner - totem # video player - gnome-terminal - gnome-contacts - atomix # puzzle game - gnome-maps - gedit # text editor - gnome-music + pkgs.gedit # text editor + gnome-calendar gnome-clocks - iagno # go game - tali # poker game - hitori # sudoku game + gnome-contacts + gnome-maps + gnome-music gnome-notes + gnome-terminal gnome-weather - gnome-software - ] - ); - - services.gnome.evolution-data-server.enable = lib.mkForce false; - services.gnome.gnome-online-accounts.enable = false; - services.gnome.gnome-remote-desktop.enable = false; - services.gnome.gnome-user-share.enable = false; - services.gnome.rygel.enable = false; - services.gnome.tinysparql.enable = false; - services.gnome.localsearch.enable = false; + hitori # sudoku game + iagno # go game + simple-scan # document scanner + tali # poker game + totem # video player + ]); # Services required for gnome programs.dconf.enable = true; # Extra gnome packages environment.systemPackages = with pkgs; [ - gnome-tweaks - gnome-boxes + gnome.gnome-tweaks + gnome.gnome-boxes ]; }; } diff --git a/nixos/common/modules/gnome/hm.nix b/nixos/common/modules/gnome/hm.nix new file mode 100644 index 00000000..babdec76 --- /dev/null +++ b/nixos/common/modules/gnome/hm.nix @@ -0,0 +1,132 @@ +{ lib, ... }: + +with lib.hm.gvariant; +let + inherit (builtins) attrNames map; + inherit (lib.attrsets) mapAttrs' nameValuePair; + generate_custom_keybindings = binds: + { + "org/gnome/settings-daemon/plugins/media-keys" = { + custom-keybindings = map (name: + "/org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/${name}/") + (attrNames binds); + }; + } // mapAttrs' (name: + nameValuePair + "org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/${name}") + binds; +in { + xdg.mimeApps.enable = true; + xdg.mimeApps.defaultApplications = { + "text/plain" = "org.gnome.TextEditor.desktop"; + "application/pdf" = "org.gnome.Evince.desktop"; + + # Firefox + "text/html" = "firefox.desktop"; + "x-scheme-handler/http" = "firefox.desktop"; + "x-scheme-handler/https" = "firefox.desktop"; + "x-scheme-handler/chrome" = "firefox.desktop"; + "application/x-extension-htm" = "firefox.desktop"; + "application/x-extension-shtml" = "firefox.desktop"; + "application/xhtml+xml" = "firefox.desktop"; + "application/x-extension-xhtml" = "firefox.desktop"; + "application/x-extension-xht" = "firefox.desktop"; + "application/x-extension-html" = "firefox.desktop"; + + # Images + "image/bmp" = "org.gnome.eog.desktop"; + "image/gif" = "org.gnome.eog.desktop"; + "image/jpg" = "org.gnome.eog.desktop"; + "image/pjpeg" = "org.gnome.eog.desktop"; + "image/png" = "org.gnome.eog.desktop"; + "image/tiff" = "org.gnome.eog.desktop"; + "image/webp" = "org.gnome.eog.desktop"; + "image/x-bmp" = "org.gnome.eog.desktop"; + "image/x-gray" = "org.gnome.eog.desktop"; + "image/x-icb" = "org.gnome.eog.desktop"; + "image/x-ico" = "org.gnome.eog.desktop"; + "image/x-png" = "org.gnome.eog.desktop"; + "image/x-portable-anymap" = "org.gnome.eog.desktop"; + "image/x-portable-bitmap" = "org.gnome.eog.desktop"; + "image/x-portable-graymap" = "org.gnome.eog.desktop"; + "image/x-portable-pixmap" = "org.gnome.eog.desktop"; + "image/x-xbitmap" = "org.gnome.eog.desktop"; + "image/x-xpixmap" = "org.gnome.eog.desktop"; + "image/x-pcx" = "org.gnome.eog.desktop"; + "image/svg+xml" = "org.gnome.eog.desktop"; + "image/svg+xml-compressed" = "org.gnome.eog.desktop"; + "image/vnd.wap.wbmp" = "org.gnome.eog.desktop"; + "image/x-icns" = "org.gnome.eog.desktop"; + }; + + dconf.settings = { + "org/gnome/desktop/input-sources" = { + sources = [ (mkTuple [ "xkb" "us+altgr-intl" ]) ]; + xkb-options = [ "terminate:ctrl_alt_bksp" ]; + }; + + "org/gnome/desktop/peripherals/touchpad" = { + tap-to-click = true; + two-finger-scrolling-enabled = true; + }; + + "org/gnome/mutter" = { + attach-modal-dialogs = true; + dynamic-workspaces = false; + edge-tiling = true; + focus-change-on-pointer-rest = true; + workspaces-only-on-primary = true; + }; + + "org/gnome/mutter/keybindings" = { + toggle-tiled-left = [ "bracketleft" ]; + toggle-tiled-right = [ "bracketright" ]; + }; + + "org/gnome/shell/keybindings" = { toggle-overview = [ "d" ]; }; + + "org/gnome/desktop/interface" = { color-scheme = "prefer-dark"; }; + + "org/gnome/desktop/wm/preferences" = { + auto-raise = false; + num-workspaces = 6; + focus-mode = "sloppy"; + }; + + "org/gnome/desktop/wm/keybindings" = { + raise-or-lower = [ "s" ]; + switch-applications = [ "Tab" ]; + switch-applications-backward = [ "Tab" ]; + move-to-workspace-1 = [ "1" ]; + move-to-workspace-2 = [ "2" ]; + move-to-workspace-3 = [ "3" ]; + move-to-workspace-4 = [ "4" ]; + move-to-workspace-5 = [ "5" ]; + move-to-workspace-6 = [ "6" ]; + switch-to-workspace-1 = [ "1" ]; + switch-to-workspace-2 = [ "2" ]; + switch-to-workspace-3 = [ "3" ]; + switch-to-workspace-4 = [ "4" ]; + switch-to-workspace-5 = [ "5" ]; + switch-to-workspace-6 = [ "6" ]; + toggle-fullscreen = [ "M" ]; + toggle-maximized = [ "m" ]; + close = [ "Q" ]; + }; + + "org/gnome/tweaks" = { show-extensions-notice = false; }; + + "org/gnome/boxes" = { first-run = false; }; + } // generate_custom_keybindings { + "terminal" = { + binding = "Return"; + command = "kgx"; + name = "Open Terminal"; + }; + "firefox" = { + binding = "f"; + command = "firefox"; + name = "Open Firefox"; + }; + }; +} diff --git a/nixos/common/modules/meta.nix b/nixos/common/modules/meta.nix new file mode 100644 index 00000000..639d212d --- /dev/null +++ b/nixos/common/modules/meta.nix @@ -0,0 +1,43 @@ +{ lib, ... }: +with lib; +let + exposesOpts = { + options = { + domain = mkOption { + type = types.str; + example = ".example.com"; + description = '' + The domain under which this service should be available + ''; + }; + port = mkOption { + type = types.int; + default = 80; + example = 4242; + description = '' + The port under which the service runs on the host + ''; + }; + }; + }; +in +{ + options.meta = { + + exposes = mkOption { + type = with types; attrsOf (submodule exposesOpts); + description = '' + Exposed services + ''; + }; + + ipv4 = mkOption { + type = types.str; + description = '' + Own IPv4 Address + ''; + }; + }; + + config = { }; +} diff --git a/common/modules/nginx.nix b/nixos/common/modules/nginx.nix similarity index 100% rename from common/modules/nginx.nix rename to nixos/common/modules/nginx.nix diff --git a/common/modules/unpackerr.nix b/nixos/common/modules/unpackerr.nix similarity index 100% rename from common/modules/unpackerr.nix rename to nixos/common/modules/unpackerr.nix diff --git a/common/modules/vault.nix b/nixos/common/modules/vault.nix similarity index 100% rename from common/modules/vault.nix rename to nixos/common/modules/vault.nix diff --git a/common/users/default.nix b/nixos/common/users/default.nix similarity index 73% rename from common/users/default.nix rename to nixos/common/users/default.nix index ef66a009..95cc7f30 100644 --- a/common/users/default.nix +++ b/nixos/common/users/default.nix @@ -1,16 +1,5 @@ -{ - config, - pkgs, - lib, - inputs, - ... -}: -{ - imports = [ - ./laura.nix - ./vivian.nix - ./jonathan.nix - ]; +{ config, pkgs, lib, ... }: { + imports = [ ./laura.nix ./vivian.nix ./jonathan.nix ]; programs = { # Setup ZSH to use grml config @@ -22,15 +11,12 @@ interactiveShellInit = '' source "${pkgs.grml-zsh-config}/etc/zsh/zshrc" export FZF_DEFAULT_COMMAND="${pkgs.ripgrep}/bin/rg --files --follow" - export FZF_CTRL_T_COMMAND="$FZF_DEFAULT_COMMAND" - export FZF_CTRL_R_COMMAND="$FZF_DEFAULT_COMMAND" + source "${pkgs.fzf}/share/fzf/key-bindings.zsh" + source "${pkgs.fzf}/share/fzf/completion.zsh" eval "$(${pkgs.zoxide}/bin/zoxide init zsh)" - eval "$(${pkgs.fzf}/bin/fzf --zsh)" - - export TEMPDIRS="$HOME/tmp" ''; # otherwise it'll override the grml prompt - promptInit = lib.mkDefault ""; + promptInit = ""; }; # Install Neovim and set it as alias for vi(m) @@ -50,7 +36,8 @@ # Configure the root account users.extraUsers.root = { # Allow my SSH keys for logging in as root. - openssh.authorizedKeys.keys = config.users.extraUsers.vivian.openssh.authorizedKeys.keys; + openssh.authorizedKeys.keys = + config.users.extraUsers.vivian.openssh.authorizedKeys.keys; # Also use zsh for root shell = pkgs.zsh; }; @@ -67,9 +54,6 @@ ripgrep rsync zoxide - - # Terminfo - kitty.terminfo ]; programs.tmux = { @@ -82,4 +66,6 @@ setw -g mouse on ''; }; + + } diff --git a/common/users/jonathan.nix b/nixos/common/users/jonathan.nix similarity index 100% rename from common/users/jonathan.nix rename to nixos/common/users/jonathan.nix diff --git a/common/users/laura.nix b/nixos/common/users/laura.nix similarity index 61% rename from common/users/laura.nix rename to nixos/common/users/laura.nix index 05226303..6c19947c 100644 --- a/common/users/laura.nix +++ b/nixos/common/users/laura.nix @@ -1,5 +1,4 @@ -{ pkgs, ... }: -{ +{ pkgs, ... }: { users.extraUsers.laura = { isNormalUser = true; shell = pkgs.zsh; @@ -7,10 +6,9 @@ openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBIlFUUXbwOkhNUjoA6zueTdRuaylgpgFqSe/xWGK9zb laura@zmeura" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBVkk9/80askWhInQk03JMntF6SThAYkFZNm+lIGt4E7 laura@mura" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFxoq/J/0ad3AOK/CxPvsIGQjRUzURSuNAtmNOqUmKcr laura@cherry" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGMKbP2/vNTybDoEwdFaQvAI1zCVpdTBN25avfeCV0jP laura@bosbes" ]; extraGroups = [ ]; }; } + diff --git a/common/users/vivian.nix b/nixos/common/users/vivian.nix similarity index 92% rename from common/users/vivian.nix rename to nixos/common/users/vivian.nix index 106bfbc0..a625a247 100644 --- a/common/users/vivian.nix +++ b/nixos/common/users/vivian.nix @@ -12,9 +12,9 @@ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICBhJAp7NWlHgwDYd2z6VNROy5RkeZHRINFLsFvwT4b3 vivian@bastion" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMMbdjysLnmwJD5Fs/SjBPstdIQNUxy8zFHP0GlhHMJB vivian@bastion" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIfooZjMWXvXZu1ReOEACDZ0TMb2WJRBSOLlWE8y6fUh vivian@aoife" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBMTCUjDbDjAiEKbKmLPavuYM0wJIBdjgytLsg1uWuGc vivian@nord" "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIM3TqXaApX2JZsgfZd7PKVFMecDgqTHKibpSzgdXNpYAAAAABHNzaDo= solov2-le" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID+HbsgJTQS6pvnMEI5NPKjIf78z+9A7CTIt3abi+PS6 vivian@eevee" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMypFe7cSMgvEI1sdxRtdC+AalXa0ryB/zkO9KmQGOxK vivian@nothing2" ]; # Make me admin @@ -41,5 +41,6 @@ homeDirectory = "/home/vivian"; stateVersion = "23.05"; }; + }; } diff --git a/nixos/hosts/hades/bastion/configuration.nix b/nixos/hosts/hades/bastion/configuration.nix index 4ad48e76..74804fa2 100644 --- a/nixos/hosts/hades/bastion/configuration.nix +++ b/nixos/hosts/hades/bastion/configuration.nix @@ -9,12 +9,5 @@ vault ]; - environment.noXlibs = lib.mkForce false; - system.stateVersion = "22.11"; - - programs.gnupg.agent = { - enable = true; - pinentryFlavor = "curses"; - }; } diff --git a/nixos/hosts/hades/default.nix b/nixos/hosts/hades/default.nix index 82480c64..c2b43d4e 100644 --- a/nixos/hosts/hades/default.nix +++ b/nixos/hosts/hades/default.nix @@ -17,6 +17,7 @@ "unifi" = { ip = "192.168.0.101"; mac = "5a:00:b7:6c:d1:e2"; + nix = false; }; "jellyfin" = { ip = "192.168.0.102"; @@ -44,12 +45,9 @@ }; }; "tautulli" = { + nix = false; ip = "192.168.0.106"; mac = "BE:30:DB:F8:C6:55"; - exposes.tautulli = { - domain = "tautulli.xirion.net"; - port = 8080; - }; }; "dns-1" = { ip = "192.168.0.107"; @@ -83,10 +81,6 @@ mac = "00:50:56:91:0d:69"; type = "vm"; }; - "immich" = { - ip = "192.168.0.116"; - mac = "06:8a:8e:3e:43:45"; - }; "mail" = { ip = "192.168.0.118"; mac = "00:50:56:91:3b:03"; @@ -139,6 +133,7 @@ "attic" = { ip = "192.168.0.128"; mac = "9E:AF:E9:FE:D4:D9"; + nix = false; exposes.attic = { domain = "attic.xirion.net"; port = 8080; @@ -158,16 +153,6 @@ "tudelft" = { ip = "192.168.0.132"; mac = "AE:B3:93:4B:04:76"; - exposes = { - grist = { - domain = "grist.tud.0x76.dev"; - port = 8484; - }; - dex = { - domain = "dex.tud.0x76.dev"; - port = 8000; - }; - }; nix = false; }; "mastodon" = { diff --git a/nixos/hosts/hades/dns/configuration.nix b/nixos/hosts/hades/dns/configuration.nix index f9bc6c18..5c119927 100644 --- a/nixos/hosts/hades/dns/configuration.nix +++ b/nixos/hosts/hades/dns/configuration.nix @@ -34,6 +34,7 @@ "fedi.xirion.net typetransparent" "grist.tud.0x76.dev typetransparent" "dex.tud.0x76.dev typetransparent" + "queer.af typetransparent" ]; local-data = [ @@ -51,6 +52,7 @@ ''"fedi.xirion.net A 192.168.0.122"'' ''"grist.tud.0x76.dev A 192.168.0.122"'' ''"dex.tud.0x76.dev A 192.168.0.122"'' + ''"queer.af A 65.108.48.233"'' ]; }; } diff --git a/nixos/hosts/hades/jellyfin/configuration.nix b/nixos/hosts/hades/jellyfin/configuration.nix index 46cc88d2..b1e4c609 100644 --- a/nixos/hosts/hades/jellyfin/configuration.nix +++ b/nixos/hosts/hades/jellyfin/configuration.nix @@ -51,6 +51,9 @@ WS_CRON_IMPORT = "1"; WS_CRON_EXPORT = "1"; WS_CRON_PROGRESS = "1"; + WS_PUSH_ENABLED = "1"; + WS_SYNC_PROGRESS = "1"; + WS_API_AUTO = "1"; }; ports = [ "8080:8080" ]; volumes = [ "/var/lib/watchstate:/config:rw" ]; diff --git a/nixos/hosts/hades/lucy/configuration.nix b/nixos/hosts/hades/lucy/configuration.nix index 09a364d1..0afd8bf7 100644 --- a/nixos/hosts/hades/lucy/configuration.nix +++ b/nixos/hosts/hades/lucy/configuration.nix @@ -3,28 +3,6 @@ # and in the NixOS manual (accessible by running `nixos-help`). { pkgs, ... }: -# let -# Redefining the package instead of overriding as overriding GoModules seems broken -# see: https://github.com/NixOS/nixpkgs/issues/86349 -# _nuclei-latest = pkgs.buildGoModule rec { -# pname = "nuclei"; -# version = "2.9.2"; -# -# src = pkgs.fetchFromGitHub { -# owner = "projectdiscovery"; -# repo = pname; -# rev = "1f9a065713924b28b203e2108fc76d7a1ec49068"; -# hash = "sha256-QiegMoBy0gZMyQl2MRAwR14zXeh8wvVonyETdAzHbj0="; -# }; -# -# vendorHash = "sha256-0JNwoBqLKH1F/0Tr8o35gCSNT/2plIjIQvZRuzAZ5P8="; -# -# modRoot = "./v2"; -# subPackages = [ "cmd/nuclei/" ]; -# -# doCheck = false; -# }; -# in { { imports = [ ./hardware-configuration.nix ]; @@ -37,9 +15,13 @@ system.stateVersion = "23.05"; # Did you read the comment? # Additional packages - environment.systemPackages = with pkgs; [ jq wget jre8 ]; - boot.loader = { + environment.systemPackages = with pkgs; [ + jq + wget + jdk17 + ]; + boot.loader = { systemd-boot.enable = true; efi.canTouchEfiVariables = true; efi.efiSysMountPoint = "/boot"; @@ -49,28 +31,25 @@ enable = true; allowedTCPPorts = [ 25565 ]; }; + users = { + groups.mc = { }; + groups.users = { }; extraUsers = { - laura.extraGroups = [ "wheel" ]; - vivian.extraGroups = [ "wheel" ]; - - julia = { + vivian.extraGroups = [ + "wheel" + "mc" + ]; + julius = { isNormalUser = true; - shell = pkgs.zsh; - + group = "users"; + extraGroups = [ "wheel" ]; openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKTvqk+CJG4VwN8wg3H1ZdbUVj1JuX7RYKH1ewRKfCPv julia@juliadijkstraarch" - # Below is Evelyn's keys - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDnZSVdqSybDwVooSZ+SGFM0YNu15sO/jgVqCBGDm33wj0fML5T4oviUrY6yABh+eAgy/NAztgM7+6L8Hlze5DBeMwNAvj9gr9QSzUetW0iqCscZJ8dDbW30O9449gw2JY/XZzcFMZAP5QEQGEgG/6QQ3yRwA3DMCsGhQQ37l/aS+RsKYq3ZSN4f1nFJCrm397QB8r+bhaexufXqwumxe8rlefoUNNVnmu54FA8Pc3jSdsWT4s/3mqF6NiRa53w13SBWyS+zopCy1tTSnRszgAkldpE7Vft/QnmpFavAWHzpfArv/uFXQ3fx5Cj5t70zB6VJEtaBxhdKXeQUFBCn7fmwfjV0Un9b8jLW94uDhDD3059trhMvJvqKebuqyZe74MTZH0IC3IobpSb9fHHvxuRwUQOMkkJmjv1p2y2R6v7s2tA1sZlIEBmRDvZcKo4hPBe6q13OePV3O8KAFzCmPBIfE6kQ/nLc+3k9OjFWFTshdDXUYpSVGjNrv/IanCXbEs=" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA0KA0uOoLXUN4LhU7LgtSk0atWyPlEz5LA8dIXs9xTl" - - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIfooZjMWXvXZu1ReOEACDZ0TMb2WJRBSOLlWE8y6fUh victor@aoife" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAJBY9eQlR/JRnjVC2wKWQ+o02wDlGUlSgN/4e3i6ans" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBt9ie9/XBVPnKo6wENKjEd32hhPqjiQFnn+okXZ0LRT" ]; - - extraGroups = [ "mc" "wheel" ]; }; }; - groups.mc = { }; }; } diff --git a/nixos/hosts/hades/mastodon/configuration.nix b/nixos/hosts/hades/mastodon/configuration.nix index 4dde8175..ef981183 100644 --- a/nixos/hosts/hades/mastodon/configuration.nix +++ b/nixos/hosts/hades/mastodon/configuration.nix @@ -8,7 +8,6 @@ in { networking.interfaces.eth0.useDHCP = true; # Better cache hits - environment.noXlibs = lib.mkForce false; services = { elasticsearch = { enable = true; @@ -29,6 +28,11 @@ in { }; mastodon = { + + extraEnvFiles = [ + "${vs.mastodon}/active_record_secrets" + ]; + enable = true; package = pkgs.v.glitch-soc; streamingProcesses = 3; @@ -79,6 +83,8 @@ in { AUTHORIZED_FETCH = "true"; + MAX_TOOT_CHARS = "8192"; + # https://github.com/cybrespace/cybrespace-meta/blob/master/s3.md; # https://shivering-isles.com/Mastodon-and-Amazon-S3 S3_ENABLED = "true"; diff --git a/nixos/hosts/hades/nginx/configuration.nix b/nixos/hosts/hades/nginx/configuration.nix index 713011d2..59b9f3ec 100644 --- a/nixos/hosts/hades/nginx/configuration.nix +++ b/nixos/hosts/hades/nginx/configuration.nix @@ -62,9 +62,6 @@ in { }; }; - "peepeepoopoo.xirion.net" = proxy - "http://tautulli.hades:8080"; # Deprecated but Ricardo has it bookmarked already! - "plex.xirion.net" = { # Since we want a secure connection, we force SSL forceSSL = true; diff --git a/nixos/hosts/hades/overseerr/overseerr.nix b/nixos/hosts/hades/overseerr/overseerr.nix index eee8ac42..d88314e5 100644 --- a/nixos/hosts/hades/overseerr/overseerr.nix +++ b/nixos/hosts/hades/overseerr/overseerr.nix @@ -2,7 +2,7 @@ _: { networking.firewall.allowedTCPPorts = [ 5055 ]; # TODO: Write NixOS package https://github.com/NixOS/nixpkgs/issues/135885 virtualisation.oci-containers.containers.overseerr = { - image = "ghcr.io/sct/overseerr:1.33.2"; + image = "ghcr.io/sct/overseerr:1.34.0"; environment = { TZ = "Europe/Amsterdam"; }; ports = [ "5055:5055" ]; volumes = [ "/var/lib/overseerr/config:/app/config" ]; diff --git a/nixos/hosts/hades/overseerr/prowlarr.nix b/nixos/hosts/hades/overseerr/prowlarr.nix index 0296a78d..1181178e 100644 --- a/nixos/hosts/hades/overseerr/prowlarr.nix +++ b/nixos/hosts/hades/overseerr/prowlarr.nix @@ -5,7 +5,7 @@ _: { }; virtualisation.oci-containers.containers.flaresolverr = { - image = "flaresolverr/flaresolverr:v3.3.10"; + image = "flaresolverr/flaresolverr:v3.3.21"; ports = [ "8191:8191" ]; }; } diff --git a/nixos/hosts/hades/rtorrent/configuration.nix b/nixos/hosts/hades/rtorrent/configuration.nix index 26693094..fc9bf15a 100644 --- a/nixos/hosts/hades/rtorrent/configuration.nix +++ b/nixos/hosts/hades/rtorrent/configuration.nix @@ -47,7 +47,8 @@ in { enable = true; host = "0.0.0.0"; openFirewall = true; - inherit (config.services.rtorrent) downloadDir; + extraArgs = [ ]; + # inherit (config.services.rtorrent) downloadDir; }; vault-secrets.secrets.rtorrent = { services = [ "wg-quick-wg0" ]; }; diff --git a/nixos/hosts/hades/storage/configuration.nix b/nixos/hosts/hades/storage/configuration.nix index e2be5846..6b632346 100644 --- a/nixos/hosts/hades/storage/configuration.nix +++ b/nixos/hosts/hades/storage/configuration.nix @@ -6,9 +6,35 @@ ./fs.nix ]; - boot.loader.systemd-boot.enable = true; services = { + scrutiny = { + enable = true; + openFirewall = true; + influxdb.enable = true; + collector.enable = true; + collector.settings = { + host.id = "storage-vm"; + devices = [ + { + device = "/dev/disk/by-id/ata-QEMU_HARDDISK_QM00013"; + ignore = true; + } + { + device = "/dev/disk/by-id/ata-QEMU_HARDDISK_QM00015"; + ignore = true; + } + { + device = "/dev/disk/by-id/ata-QEMU_HARDDISK_QM00017"; + ignore = true; + } + { + device = "/dev/disk/by-id/ata-QEMU_HARDDISK_QM00019"; + ignore = true; + } + ]; + }; + }; # Enable the OpenSSH daemon. openssh.enable = true; @@ -32,6 +58,7 @@ d5 = "/mnt/disk5"; d6 = "/mnt/disk6"; d7 = "/mnt/disk7"; + # d8 = "/mnt/disk8"; }; contentFiles = [ "/var/lib/snapraid/snapraid.content" @@ -54,6 +81,18 @@ }; }; + users.groups.backup = { + gid = 10000; + members = [ "vivian" "syncthing" ]; + }; + + services.syncthing = { + enable = true; + openDefaultPorts = true; + guiAddress = "0.0.0.0:8384"; + group = "backup"; + }; + # Disable firewall, as NFS makes it annoying networking.firewall.enable = false; diff --git a/nixos/hosts/hades/storage/fs.nix b/nixos/hosts/hades/storage/fs.nix index 6e63cfca..6e4bd75f 100644 --- a/nixos/hosts/hades/storage/fs.nix +++ b/nixos/hosts/hades/storage/fs.nix @@ -9,46 +9,60 @@ "/mnt/disk1" = { fsType = "ext4"; device = "/dev/disk/by-partuuid/abbfc440-fb3d-4b33-92cb-948b2deeac53"; + options = [ "nofail" ]; }; "/mnt/disk2" = { fsType = "ext4"; device = "/dev/disk/by-partuuid/3a57ffa8-8a0f-4839-81df-7f34d99e9dbc"; + options = [ "nofail" ]; }; "/mnt/disk3" = { fsType = "ext4"; device = "/dev/disk/by-partuuid/0f72c5f8-b7db-4151-83f0-47e5f703aeb1"; + options = [ "nofail" ]; }; "/mnt/disk4" = { fsType = "ext4"; device = "/dev/disk/by-partuuid/b9c72b41-1538-436e-a595-49d1faa5ed01"; + options = [ "nofail" ]; }; "/mnt/disk5" = { fsType = "ext4"; device = "/dev/disk/by-partuuid/928d0200-eca1-4a69-b2d6-fbd23a5ee8cd"; + options = [ "nofail" ]; }; "/mnt/disk6" = { fsType = "ext4"; device = "/dev/disk/by-uuid/63381321-fe00-4838-8668-4d1decc94296"; + options = [ "nofail" ]; }; "/mnt/disk7" = { fsType = "ext4"; device = "/dev/disk/by-uuid/6c568887-9d2e-45ce-ab85-4c48cca2226a"; + options = [ "nofail" ]; }; + # "/mnt/disk8" = { + # fsType = "ext4"; + # device = "/dev/disk/by-partuuid/73d8eea4-c648-4c91-99dc-19940832ffe7"; + # }; + "/mnt/parity1" = { fsType = "ext4"; device = "/dev/disk/by-partuuid/7c9b88ed-b8f8-40c9-bbc3-b75d30e04e01"; + options = [ "nofail" ]; }; "/mnt/parity2" = { fsType = "ext4"; device = "/dev/disk/by-partuuid/5d2d7e3e-3730-4d9b-8759-dc14396f3357"; + options = [ "nofail" ]; }; "/mnt/storage" = { diff --git a/nixos/hosts/hades/tautulli/configuration.nix b/nixos/hosts/hades/tautulli/configuration.nix deleted file mode 100644 index 9976ee2a..00000000 --- a/nixos/hosts/hades/tautulli/configuration.nix +++ /dev/null @@ -1,23 +0,0 @@ -# Edit this configuration file to define what should be installed on -# your system. Help is available in the configuration.nix(5) man page -# and in the NixOS manual (accessible by running ‘nixos-help’). - -{ ... }: - -{ - imports = [ ]; - - # This value determines the NixOS release from which the default - # settings for stateful data, like file locations and database versions - # on your system were taken. It‘s perfectly fine and recommended to leave - # this value at the release version of the first install of this system. - # Before changing this value read the documentation for this option - # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). - system.stateVersion = "22.11"; # Did you read the comment? - - services.tautulli = { - enable = true; - port = 8080; - openFirewall = true; - }; -} diff --git a/nixos/hosts/hades/unifi/configuration.nix b/nixos/hosts/hades/unifi/configuration.nix index ef1aaecc..6d128dfb 100644 --- a/nixos/hosts/hades/unifi/configuration.nix +++ b/nixos/hosts/hades/unifi/configuration.nix @@ -11,10 +11,6 @@ openFirewall = true; }; - # Required for Java - # gets forced to true due the lxc profile - environment.noXlibs = lib.mkForce false; - # Unifi Web Port networking.firewall.allowedTCPPorts = [ 8443 ]; } diff --git a/hosts/olympus/bastion/default.nix b/nixos/hosts/olympus/bastion/configuration.nix similarity index 64% rename from hosts/olympus/bastion/default.nix rename to nixos/hosts/olympus/bastion/configuration.nix index d5f7fcd5..22014cfe 100644 --- a/hosts/olympus/bastion/default.nix +++ b/nixos/hosts/olympus/bastion/configuration.nix @@ -2,30 +2,32 @@ # your system. Help is available in the configuration.nix(5) man page # and in the NixOS manual (accessible by running ‘nixos-help’). -{ pkgs, ... }: { +{ pkgs, inputs, ... }: { +let + fix-vscode = pkgs.writeScriptBin "fix-vscode" '' + #!${pkgs.stdenv.shell} + # Check if vscode-server dir exists + if [[ -d "$HOME/.vscode-server/bin" ]]; then + # For every bin folder within + for versiondir in "$HOME"/.vscode-server/bin/*; do + # Remove bundled node (dynamic links are borked for nix) + rm "$versiondir/node" + # symlink node form the nixpkg + ln -s "${pkgs.nodejs-slim}/bin/node" "$versiondir/node" + done + fi + ''; +in +{ imports = [ # Include the results of the hardware scan. ./hardware-configuration.nix ./containers - ./immich.nix # ./vms.nix ]; programs.nix-ld.enable = true; - meta = { - ipv4 = "10.42.42.4"; - ipv6 = "2001:41f0:9639:1:80f0:7cff:fecb:bd6d"; - mac = "82:F0:7C:CB:BD:6D"; - }; - - services.scrutiny = { - enable = true; - openFirewall = true; - influxdb.enable = true; - collector.enable = false; - }; - # Use the GRUB 2 boot loader. boot.loader.grub.enable = true; boot.loader.grub.device = "/dev/sda"; @@ -38,10 +40,15 @@ # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). system.stateVersion = "22.11"; # Did you read the comment? - virtualisation.docker.enable = true; + virtualisation.podman.enable = true; # Additional packages environment.systemPackages = with pkgs; [ vault ]; networking.useNetworkd = true; + + programs.gnupg.agent = { + enable = true; + pinentryFlavor = "curses"; + }; } diff --git a/hosts/olympus/bastion/containers/common.nix b/nixos/hosts/olympus/bastion/containers/common.nix similarity index 68% rename from hosts/olympus/bastion/containers/common.nix rename to nixos/hosts/olympus/bastion/containers/common.nix index 065206f8..56ccdd5e 100644 --- a/hosts/olympus/bastion/containers/common.nix +++ b/nixos/hosts/olympus/bastion/containers/common.nix @@ -1,12 +1,6 @@ # common container config { lib, ... }: { - imports = [ - ../../../../common - ]; # Workaround for bug https://github.com/NixOS/nixpkgs/issues/162686 networking.useHostResolvConf = lib.mkForce false; services.resolved.enable = true; - - system.stateVersion = lib.mkDefault "24.05"; } - diff --git a/nixos/hosts/olympus/bastion/containers/default.nix b/nixos/hosts/olympus/bastion/containers/default.nix new file mode 100644 index 00000000..d2e8299d --- /dev/null +++ b/nixos/hosts/olympus/bastion/containers/default.nix @@ -0,0 +1,26 @@ +{ config, lib, ... }: +let + hostAddress = "10.42.99.1"; + hostAddress6 = "fc00::1"; +in { + # TODO: Loop over subdirs, create nixos container for each + networking.nat = { + enable = true; + internalInterfaces = [ "ve-+" ]; + externalInterface = "ens18"; + # Lazy IPv6 connectivity for the container + enableIPv6 = true; + + forwardPorts = [ + + ]; + }; + + # Containers network is + # * 10.42.99.0/24 + # * fc00:x + + containers = { + + }; +} diff --git a/hosts/olympus/bastion/hardware-configuration.nix b/nixos/hosts/olympus/bastion/hardware-configuration.nix similarity index 84% rename from hosts/olympus/bastion/hardware-configuration.nix rename to nixos/hosts/olympus/bastion/hardware-configuration.nix index 36ac4572..be7d9923 100644 --- a/hosts/olympus/bastion/hardware-configuration.nix +++ b/nixos/hosts/olympus/bastion/hardware-configuration.nix @@ -19,11 +19,6 @@ fsType = "ext4"; }; - fileSystems."/mnt/backup" = { - device = "/dev/disk/by-uuid/83b1e87f-975f-4150-b673-81087f84f0bb"; - fsType = "ext4"; - }; - swapDevices = [{ device = "/dev/disk/by-uuid/63d90b92-cdde-4795-a3ab-9566ae88f43d"; }]; diff --git a/hosts/olympus/bastion/vms.nix b/nixos/hosts/olympus/bastion/vms.nix similarity index 100% rename from hosts/olympus/bastion/vms.nix rename to nixos/hosts/olympus/bastion/vms.nix diff --git a/nixos/hosts/olympus/default.nix b/nixos/hosts/olympus/default.nix index d8f7cb90..8f345560 100644 --- a/nixos/hosts/olympus/default.nix +++ b/nixos/hosts/olympus/default.nix @@ -19,7 +19,8 @@ ip = "10.42.42.4"; ip6 = "2001:41f0:9639:1:80f0:7cff:fecb:bd6d"; mac = "82:F0:7C:CB:BD:6D"; - type = "vm"; + # type = "vm"; + nix = false; # Now managed in the `new` branch }; "vault" = { ip = "10.42.42.6"; @@ -50,9 +51,7 @@ "kubernetes" = { ip = "10.42.42.10"; mac = "6E:A5:25:99:FE:68"; - exposes = { - flux.domain = "flux.0x76.dev"; - }; + nix = false; }; "dex" = { ip = "10.42.42.11"; @@ -85,13 +84,19 @@ profile = "dns"; ip = "10.42.42.15"; mac = "5E:F6:36:23:16:E3"; - tags = [ "dns" "networking" ]; + tags = [ + "dns" + "networking" + ]; }; "dns-2" = { profile = "dns"; ip = "10.42.42.16"; mac = "B6:04:0B:CD:0F:9F"; - tags = [ "dns" "networking" ]; + tags = [ + "dns" + "networking" + ]; }; "minio" = { ip = "10.42.42.17"; @@ -118,6 +123,7 @@ "unifi" = { ip = "10.42.42.20"; mac = "1A:88:A0:B0:65:B4"; + nix = false; }; "minecraft" = { ip = "10.42.42.21"; @@ -156,19 +162,16 @@ "grist" = { ip = "10.42.42.26"; mac = "B2:AA:AB:5D:2F:22"; - exposes.grist = { - domain = "grist.0x76.dev"; - port = 8484; - }; + nix = false; }; "bookwyrm" = { ip = "10.42.42.27"; mac = "9E:8A:6C:39:27:DE"; nix = false; - exposes.books = { - domain = "books.meowy.tech"; - port = 8001; - }; + # exposes.books = { + # domain = "books.meowy.tech"; + # port = 8001; + # }; }; "synapse" = { ip = "10.42.42.28"; @@ -193,6 +196,7 @@ "ci" = { ip = "10.42.42.33"; mac = "1E:24:DA:DB:4A:1A"; + nix = false; }; "nuc" = { ip = "10.42.42.42"; diff --git a/nixos/hosts/olympus/dhcp/configuration.nix b/nixos/hosts/olympus/dhcp/configuration.nix index 13bcc0fb..a2c642bd 100644 --- a/nixos/hosts/olympus/dhcp/configuration.nix +++ b/nixos/hosts/olympus/dhcp/configuration.nix @@ -41,6 +41,8 @@ in controlSocketPaths = [ "/tmp/kea-dhcp4.socket" ]; }; + # To make sure the control socket is accesible + services.kea.dhcp4 = { enable = true; settings = { @@ -55,6 +57,7 @@ in socket-type = "unix"; socket-name = "/tmp/kea-dhcp4.socket"; }; + # failed to initialize Kea server: configuration error using file '/etc/kea/dhcp4-server.conf': cannot create socket lockfile, /run/kea/kea-dhcp4.socket.lock, : No such file or directory lease-database = { name = "/var/lib/kea/dhcp4.leases"; diff --git a/hosts/olympus/eevee/default.nix b/nixos/hosts/olympus/eevee/configuration.nix similarity index 100% rename from hosts/olympus/eevee/default.nix rename to nixos/hosts/olympus/eevee/configuration.nix diff --git a/hosts/olympus/eevee/hardware-configuration.nix b/nixos/hosts/olympus/eevee/hardware-configuration.nix similarity index 100% rename from hosts/olympus/eevee/hardware-configuration.nix rename to nixos/hosts/olympus/eevee/hardware-configuration.nix diff --git a/hosts/olympus/eevee/hardware.nix b/nixos/hosts/olympus/eevee/hardware.nix similarity index 74% rename from hosts/olympus/eevee/hardware.nix rename to nixos/hosts/olympus/eevee/hardware.nix index ed9d42bb..cd1cb84d 100644 --- a/hosts/olympus/eevee/hardware.nix +++ b/nixos/hosts/olympus/eevee/hardware.nix @@ -1,12 +1,11 @@ -{ config, pkgs, ... }: -{ +{ pkgs, ... }: { hardware = { enableAllFirmware = true; nvidia = { - package = config.boot.kernelPackages.nvidiaPackages.beta; + # package = config.boot.kernelPackages.nvidiaPackages.stable; # Open drivers cause gdm to crash - open = false; + # open = true; # nvidia-drm.modeset=1 modesetting.enable = true; @@ -14,7 +13,13 @@ }; # Hardware acceleration - graphics.enable = true; + opengl = { + enable = true; + + # Vulkan + driSupport = true; + driSupport32Bit = true; + }; logitech.wireless = { enable = true; diff --git a/hosts/olympus/eevee/home/.gitignore b/nixos/hosts/olympus/eevee/home/.gitignore similarity index 100% rename from hosts/olympus/eevee/home/.gitignore rename to nixos/hosts/olympus/eevee/home/.gitignore diff --git a/hosts/olympus/eevee/home/default.nix b/nixos/hosts/olympus/eevee/home/default.nix similarity index 92% rename from hosts/olympus/eevee/home/default.nix rename to nixos/hosts/olympus/eevee/home/default.nix index 01ab876e..bf2d078a 100644 --- a/hosts/olympus/eevee/home/default.nix +++ b/nixos/hosts/olympus/eevee/home/default.nix @@ -4,5 +4,6 @@ }; home.packages = with pkgs; [ + zoom-us ]; } diff --git a/nixos/hosts/olympus/gitea/configuration.nix b/nixos/hosts/olympus/gitea/configuration.nix index fd471d38..2b90c2ed 100644 --- a/nixos/hosts/olympus/gitea/configuration.nix +++ b/nixos/hosts/olympus/gitea/configuration.nix @@ -21,8 +21,6 @@ in # Additional packages environment.systemPackages = with pkgs; [ ]; - environment.noXlibs = lib.mkForce false; - networking.firewall.allowedTCPPorts = [ port ]; services = { @@ -59,7 +57,7 @@ in "REPO_INDEXER_EXCLUDE" = "node_modules/**"; }; ui = { - "THEMES" = "forgejo-auto,forgejo-light,forgejo-dark,auto,gitea,arc-green,agatheme"; + "THEMES" = "forgejo-auto,forgejo-light,forgejo-dark,auto,gitea,arc-green"; "DEFAULT_THEME" = "forgejo-auto"; "USE_SERVICE_WORKER" = true; }; @@ -96,10 +94,10 @@ in group = "gitea"; }; - system.activationScripts.gitea-theme = - let target_dir = "${config.services.gitea.stateDir}/custom/public/css/"; - in lib.stringAfter [ "var" ] '' - mkdir -p ${target_dir} - ln -sf ${pkgs.v.gitea-agatheme} "${target_dir}/theme-agatheme.css" - ''; + # system.activationScripts.gitea-theme = + # let target_dir = "${config.services.gitea.stateDir}/custom/public/css/"; + # in lib.stringAfter [ "var" ] '' + # mkdir -p ${target_dir} + # ln -sf ${pkgs.v.gitea-agatheme} "${target_dir}/theme-agatheme.css" + # ''; } diff --git a/nixos/hosts/olympus/hedgedoc/configuration.nix b/nixos/hosts/olympus/hedgedoc/configuration.nix index 76defb5e..cb0a2d06 100644 --- a/nixos/hosts/olympus/hedgedoc/configuration.nix +++ b/nixos/hosts/olympus/hedgedoc/configuration.nix @@ -20,8 +20,6 @@ in # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). system.stateVersion = "21.11"; # Did you read the comment? - environment.noXlibs = lib.mkForce false; - networking.firewall.allowedTCPPorts = [ port ]; vault-secrets.secrets.hedgedoc = { }; diff --git a/nixos/hosts/olympus/mailserver/configuration.nix b/nixos/hosts/olympus/mailserver/configuration.nix index efff9fbf..787ca2d2 100644 --- a/nixos/hosts/olympus/mailserver/configuration.nix +++ b/nixos/hosts/olympus/mailserver/configuration.nix @@ -3,8 +3,10 @@ # and in the NixOS manual (accessible by running ‘nixos-help’). { config, pkgs, ... }: -let vs = config.vault-secrets.secrets; -in { +let + vs = config.vault-secrets.secrets; +in +{ imports = [ ]; # This value determines the NixOS release from which the default @@ -15,19 +17,31 @@ in { # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). system.stateVersion = "22.11"; # Did you read the comment? - networking.firewall.allowedTCPPorts = [ 80 443 ]; + networking.firewall.allowedTCPPorts = [ + 80 + 443 + ]; # needed as the mailserver configures its down DNS resolver networking.extraHosts = '' 10.42.42.6 vault.olympus ''; - vault-secrets.secrets.mailserver = { services = [ "dovecot2" "postfix" ]; }; + vault-secrets.secrets.mailserver = { + services = [ + "dovecot2" + "postfix" + ]; + }; mailserver = { enable = true; fqdn = "mail.0x76.dev"; - domains = [ "0x76.dev" "meowy.tech" "xirion.net" ]; + domains = [ + "0x76.dev" + "meowy.tech" + "xirion.net" + ]; certificateScheme = "acme-nginx"; enableManageSieve = true; @@ -44,15 +58,19 @@ in { # People "v@0x76.dev" = { hashedPasswordFile = "${vs.mailserver}/v@0x76.dev"; - catchAll = [ "xirion.net" "0x76.dev" ]; + catchAll = [ + "xirion.net" + "0x76.dev" + ]; aliases = [ "postmaster@0x76.dev" "abuse@0x76.dev" - - "v@meowy.tech" "abuse@meowy.tech" "postmaster@meowy.tech" + "abuse@xirion.net" + "postmaster@xirion.net" + "@meowy.tech" "@xirion.net" "@0x76.dev" ]; @@ -95,20 +113,34 @@ in { # index new email as they arrive autoIndex = true; # this only applies to plain text attachments, binary attachments are never indexed - indexAttachments = true; + # indexAttachments = true; enforced = "body"; memoryLimit = 2000; autoIndexExclude = [ "\\Junk" ]; }; }; + services = { - postfix.relayHost = "smtp.ziggozakelijk.nl"; - postfix.relayPort = 587; + postfix = { + + relayHost = "smtp.ziggozakelijk.nl"; + relayPort = 587; + }; + + rspamd = { + overrides."whitelist.conf".text = '' + whitelist_from { + fckn.gay = true; + } + ''; + }; roundcube = { enable = true; - package = pkgs.roundcube.withPlugins - (plugins: [ plugins.persistent_login pkgs.v.roundcube-swipe ]); + package = pkgs.roundcube.withPlugins (plugins: [ + plugins.persistent_login + pkgs.v.roundcube-swipe + ]); plugins = [ "archive" "managesieve" @@ -142,7 +174,9 @@ in { ''; }; - nginx = { enable = true; }; + nginx = { + enable = true; + }; }; security.acme.acceptTerms = true; diff --git a/nixos/hosts/olympus/minecraft/configuration.nix b/nixos/hosts/olympus/minecraft/configuration.nix index d052e3c7..4fd3cc5e 100644 --- a/nixos/hosts/olympus/minecraft/configuration.nix +++ b/nixos/hosts/olympus/minecraft/configuration.nix @@ -16,8 +16,6 @@ # Additional packages environment.systemPackages = with pkgs; [ ]; - environment.noXlibs = lib.mkForce false; - networking.firewall.allowedTCPPorts = [ ]; services.minecraft-server = { diff --git a/nixos/hosts/olympus/mosquitto/configuration.nix b/nixos/hosts/olympus/mosquitto/configuration.nix index 56cb9b65..de79e2c9 100644 --- a/nixos/hosts/olympus/mosquitto/configuration.nix +++ b/nixos/hosts/olympus/mosquitto/configuration.nix @@ -3,8 +3,10 @@ # and in the NixOS manual (accessible by running ‘nixos-help’). { config, pkgs, ... }: -let mosquittoPort = 1883; -in { +let + mosquittoPort = 1883; +in +{ imports = [ ]; # This value determines the NixOS release from which the default @@ -20,15 +22,21 @@ in { services.mosquitto = { enable = true; - listeners = [{ - port = mosquittoPort; - settings.allow_anonymous = true; - acl = [ "topic readwrite #" ]; - users = { - vivian = { acl = [ "readwrite #" ]; }; - zigbee2mqtt = { acl = [ "readwrite #" ]; }; - }; - }]; + listeners = [ + { + port = mosquittoPort; + settings.allow_anonymous = true; + acl = [ "topic readwrite #" ]; + users = { + vivian = { + acl = [ "readwrite #" ]; + }; + zigbee2mqtt = { + acl = [ "readwrite #" ]; + }; + }; + } + ]; }; @@ -39,7 +47,9 @@ in { homeassistant = true; permit_join = false; - serial = { port = "/dev/ttyUSB0"; }; + serial = { + port = "/dev/ttyUSB0"; + }; mqtt = { base_topic = "zigbee2mqtt"; @@ -47,10 +57,14 @@ in { user = "zigbee2mqtt"; }; - frontend = { port = 8080; }; + frontend = { + port = 8080; + }; }; }; - networking.firewall.allowedTCPPorts = - [ mosquittoPort config.services.zigbee2mqtt.settings.frontend.port ]; + networking.firewall.allowedTCPPorts = [ + mosquittoPort + config.services.zigbee2mqtt.settings.frontend.port + ]; } diff --git a/nixos/hosts/olympus/nginx/configuration.nix b/nixos/hosts/olympus/nginx/configuration.nix index a686d487..0b494a4f 100644 --- a/nixos/hosts/olympus/nginx/configuration.nix +++ b/nixos/hosts/olympus/nginx/configuration.nix @@ -5,7 +5,6 @@ let base_url = "https://chat.meowy.tech"; server_name = "meowy.tech"; }; - "m.identity_server" = { }; }; serverConfig."m.server" = "chat.meowy.tech:443"; mkWellKnown = data: '' @@ -13,7 +12,13 @@ let add_header Access-Control-Allow-Origin *; return 200 '${builtins.toJSON data}'; ''; -in { + + website = builtins.fetchGit { + url = "https://git.0x76.dev/v/0x76.dev.git"; + rev = "27baf03cdcd41a9ea4bd591071baf826f6950233"; + }; +in +{ # This value determines the NixOS release from which the default # settings for stateful data, like file locations and database versions # on your system were taken. It‘s perfectly fine and recommended to leave @@ -22,7 +27,10 @@ in { # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). system.stateVersion = "21.05"; # Did you read the comment? - networking.firewall.allowedTCPPorts = [ 80 443 ]; + networking.firewall.allowedTCPPorts = [ + 80 + 443 + ]; services = { # Generates vhosts for all hosts that have an `exposes` section @@ -35,7 +43,7 @@ in { recommendedTlsSettings = true; recommendedOptimisation = true; recommendedBrotliSettings = true; - clientMaxBodySize = "500m"; + clientMaxBodySize = "5000M"; package = pkgs.nginxMainline; @@ -70,20 +78,21 @@ in { enableACME = true; forceSSL = true; - locations."/".extraConfig = '' - add_header Content-Type 'text/html; charset=UTF-8'; - return 200 '

Under Construction

'; - ''; + root = "${website}"; }; - "blog.xirion.net" = { + "vivian.is.fckn.gay" = { enableACME = true; forceSSL = true; - locations."/".extraConfig = '' - add_header Content-Type 'text/html; charset=UTF-8'; - return 200 '

Under Construction

'; - ''; + root = "${website}"; + }; + + "immich.0x76.dev" = { + enableACME = true; + forceSSL = true; + locations."/".proxyPass = "http://10.42.42.4:2283"; + locations."/".proxyWebsockets = true; }; # Meow @@ -95,10 +104,8 @@ in { add_header Content-Type 'text/html; charset=UTF-8'; return 200 '

meow

'; ''; - "= /.well-known/matrix/client".extraConfig = - mkWellKnown clientConfig; - "= /.well-known/matrix/server".extraConfig = - mkWellKnown serverConfig; + "= /.well-known/matrix/client".extraConfig = mkWellKnown clientConfig; + "= /.well-known/matrix/server".extraConfig = mkWellKnown serverConfig; }; }; "chat.meowy.tech" = { @@ -106,8 +113,9 @@ in { forceSSL = true; locations = { "/".extraConfig = '' - return 307 https://element.chat.meowy.tech; + return 303 https://element.chat.meowy.tech; ''; + "= /.well-known/matrix/client".extraConfig = mkWellKnown clientConfig; "/_matrix".proxyPass = "http://synapse.olympus:8008"; "/_synapse/client".proxyPass = "http://synapse.olympus:8008"; "/_synapse/admin" = { @@ -116,9 +124,7 @@ in { allow 127.0.0.1; allow 10.42.42.0/23; allow 192.168.0.0/23; - allow 80.60.83.220; - allow 83.128.154.23; - allow 62.45.26.248; + allow 62.45.180.183; allow 195.85.167.32/29; deny all; ''; @@ -138,11 +144,6 @@ in { }; }; }; - "es.0x76.dev" = { - enableACME = true; - forceSSL = true; - root = inputs.essentials.packages.${pkgs.system}.default; - }; "cinny.chat.meowy.tech" = { enableACME = true; forceSSL = true; @@ -155,6 +156,7 @@ in { }; }; }; + "admin.chat.meowy.tech" = { enableACME = true; forceSSL = true; @@ -172,6 +174,7 @@ in { }; security = { acme = { + defaults.email = "vivian@0x76.dev"; acceptTerms = true; preliminarySelfsigned = true; diff --git a/nixos/hosts/olympus/synapse/configuration.nix b/nixos/hosts/olympus/synapse/configuration.nix index c2a87081..3116aec6 100644 --- a/nixos/hosts/olympus/synapse/configuration.nix +++ b/nixos/hosts/olympus/synapse/configuration.nix @@ -2,13 +2,17 @@ # your system. Help is available in the configuration.nix(5) man page # and in the NixOS manual (accessible by running ‘nixos-help’). + { config, pkgs, ... }: + let vs = config.vault-secrets.secrets; port = 8008; + slidingSyncPort = 8009; metricsPort = 9000; in -{ + + { imports = [ ]; # This value determines the NixOS release from which the default @@ -19,7 +23,7 @@ in # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). system.stateVersion = "22.11"; # Did you read the comment? - networking.firewall.allowedTCPPorts = [ port metricsPort ]; + networking.firewall.allowedTCPPorts = [ port metricsPort slidingSyncPort ]; vault-secrets.secrets.synapse = { user = "matrix-synapse"; @@ -109,3 +113,5 @@ in }; }; } + + diff --git a/nixos/hosts/olympus/unifi/configuration.nix b/nixos/hosts/olympus/unifi/configuration.nix index d67b079d..45f417ae 100644 --- a/nixos/hosts/olympus/unifi/configuration.nix +++ b/nixos/hosts/olympus/unifi/configuration.nix @@ -17,8 +17,6 @@ networking.firewall.allowedTCPPorts = [ 8443 ]; - environment.noXlibs = lib.mkForce false; - services.unifi = { enable = true; unifiPackage = pkgs.unifi; diff --git a/nixos/hosts/olympus/victoriametrics/configuration.nix b/nixos/hosts/olympus/victoriametrics/configuration.nix index 93573b84..c612b24e 100644 --- a/nixos/hosts/olympus/victoriametrics/configuration.nix +++ b/nixos/hosts/olympus/victoriametrics/configuration.nix @@ -26,7 +26,7 @@ in { enable = true; listenAddress = ":${toString vmPort}"; # Data Retention period in months - retentionPeriod = 36; + retentionPeriod = "3y"; }; vmagent = { diff --git a/nixos/hosts/olympus/wireguard/configuration.nix b/nixos/hosts/olympus/wireguard/configuration.nix index 3e240290..e6187fd9 100644 --- a/nixos/hosts/olympus/wireguard/configuration.nix +++ b/nixos/hosts/olympus/wireguard/configuration.nix @@ -18,7 +18,6 @@ in { # Additional packages environment.systemPackages = with pkgs; [ wireguard-tools ]; - environment.noXlibs = lib.mkForce false; networking = { firewall.allowedUDPPorts = diff --git a/hosts/thalassa/aoife/README.md b/nixos/hosts/thalassa/aoife/README.md similarity index 100% rename from hosts/thalassa/aoife/README.md rename to nixos/hosts/thalassa/aoife/README.md diff --git a/hosts/thalassa/aoife/default.nix b/nixos/hosts/thalassa/aoife/configuration.nix similarity index 51% rename from hosts/thalassa/aoife/default.nix rename to nixos/hosts/thalassa/aoife/configuration.nix index e75cf9c4..ddeb1fe8 100644 --- a/hosts/thalassa/aoife/default.nix +++ b/nixos/hosts/thalassa/aoife/configuration.nix @@ -2,34 +2,19 @@ # your system. Help is available in the configuration.nix(5) man page # and in the NixOS manual (accessible by running ‘nixos-help’). -{ - inputs, - lib, - pkgs, - ... -}: -{ +{ inputs, lib, ... }: { imports = [ ./hardware-configuration.nix inputs.nixos-hardware.nixosModules.lenovo-thinkpad-z ./hardware.nix - ./uni.nix ]; - meta = { - mac = "04:7b:cb:b6:2d:88"; - isLaptop = true; - }; - - users.users.vivian.extraGroups = [ "adbusers" ]; - # Bootloader. boot = { - bootspec.enable = true; initrd.kernelModules = [ "amdgpu" ]; resumeDevice = "/dev/nvme0n1p2"; - loader.systemd-boot.enable = lib.mkForce false; # Using lanzaboote instead + loader.systemd-boot.enable = lib.mkForce false; kernel.sysctl = { "perf_event_paranoid" = 1; @@ -43,51 +28,12 @@ }; home-manager.users.vivian = import ./home; - programs = { - nix-ld.enable = true; - nix-ld.libraries = with pkgs; [ - # Add any missing dynamic libraries for unpackaged programs - - # here, NOT in environment.systemPackages - ]; - - hyprland = { - enable = true; - withUWSM = true; - }; - hyprlock.enable = true; - evolution.enable = false; - }; - - services = { - hypridle.enable = true; - displayManager.gdm.enable = true; - - flatpak.enable = true; - - gnome.gnome-keyring.enable = true; - - ollama = { - enable = false; - acceleration = "rocm"; - rocmOverrideGfx = "10.3.4"; - }; - - interception-tools = { - enable = true; - plugins = [ pkgs.interception-tools-plugins.caps2esc ]; - udevmonConfig = '' - - JOB: "${pkgs.interception-tools}/bin/intercept -g $DEVNODE | ${pkgs.interception-tools-plugins.caps2esc}/bin/caps2esc | ${pkgs.interception-tools}/bin/uinput -d $DEVNODE" - DEVICE: - EVENTS: - EV_KEY: [KEY_CAPSLOCK, KEY_ESC] - ''; - }; - }; # Enable Ozone rendering for Chromium and Electron apps. environment.sessionVariables.NIXOS_OZONE_WL = "1"; + # environment.sessionVariables.INFRA_INFO = self; # hosts.${config.networking.domain}.${config.networking.hostName}; + # This value determines the NixOS release from which the default # settings for stateful data, like file locations and database versions # on your system were taken. It‘s perfectly fine and recommended to leave diff --git a/hosts/thalassa/aoife/hardware-configuration.nix b/nixos/hosts/thalassa/aoife/hardware-configuration.nix similarity index 100% rename from hosts/thalassa/aoife/hardware-configuration.nix rename to nixos/hosts/thalassa/aoife/hardware-configuration.nix diff --git a/nixos/hosts/thalassa/aoife/hardware.nix b/nixos/hosts/thalassa/aoife/hardware.nix new file mode 100644 index 00000000..3c5becd6 --- /dev/null +++ b/nixos/hosts/thalassa/aoife/hardware.nix @@ -0,0 +1,55 @@ +{ pkgs, ... }: { + hardware = { + enableAllFirmware = true; + + bluetooth.enable = true; + + # Vulkan + opengl.driSupport = true; + opengl.extraPackages = with pkgs; [ + amdvlk + rocm-opencl-icd + rocm-opencl-runtime + ]; + }; + services = { + + hardware.bolt.enable = true; + + fprintd.enable = true; + + # Video Driver + xserver.videoDrivers = [ "amdgpu" ]; + xserver = { + dpi = 280; + xkbOptions = "caps:swapescape"; + }; + + # SSD Trim + fstrim.enable = true; + + # Power Management + upower.enable = true; + thermald.enable = true; + }; + + # hardware.trackpoint.enable = true; + + # FS + fileSystems."/".options = [ "compress=zstd" ]; + + powerManagement = { + enable = true; + powertop.enable = true; + }; + security = { + tpm2 = { + + # tpm + enable = true; + pkcs11.enable = true; # expose /run/current-system/sw/lib/libtpm2_pkcs11.so + tctiEnvironment.enable = true; + }; + }; # TPM2TOOLS_TCTI and TPM2_PKCS11_TCTI env variables + users.users.vivian.extraGroups = [ "tss" ]; # tss group has access to TPM devices +} diff --git a/hosts/thalassa/aoife/home/.gitignore b/nixos/hosts/thalassa/aoife/home/.gitignore similarity index 100% rename from hosts/thalassa/aoife/home/.gitignore rename to nixos/hosts/thalassa/aoife/home/.gitignore diff --git a/nixos/hosts/thalassa/aoife/home/default.nix b/nixos/hosts/thalassa/aoife/home/default.nix new file mode 100644 index 00000000..5c543197 --- /dev/null +++ b/nixos/hosts/thalassa/aoife/home/default.nix @@ -0,0 +1,16 @@ +{ pkgs, ... }: { + # Custom dconf settings + dconf.settings."org/gnome/desktop/input-sources" = { + xkb-options = [ "caps:swapescape" ]; + }; + + programs.zsh.envExtra = '' + source ~/.zshrc.secrets + ''; + + home.packages = with pkgs; [ + libreoffice-fresh + jetbrains.clion + jetbrains.rust-rover + ]; +} diff --git a/nixos/hosts/thalassa/default.nix b/nixos/hosts/thalassa/default.nix new file mode 100644 index 00000000..75de6e72 --- /dev/null +++ b/nixos/hosts/thalassa/default.nix @@ -0,0 +1,7 @@ +{ + "aoife" = { + type = "local"; + mac = "04:7b:cb:b6:2d:88"; + nix = false; + }; +} diff --git a/nixos/hosts/thalassa/null/README.md b/nixos/hosts/thalassa/null/README.md new file mode 100644 index 00000000..bd765da1 --- /dev/null +++ b/nixos/hosts/thalassa/null/README.md @@ -0,0 +1,10 @@ +# null +This folder contains the NixOS configuration for my laptop, with hostname `null`. + +## Information +* OS: NixOS +* WM: hyprland +* Terminal: foot +* Shell: zsh +* Theme: Captuccin Pink Dark +* Launcher: wofi diff --git a/nixos/hosts/thalassa/null/configuration.nix b/nixos/hosts/thalassa/null/configuration.nix new file mode 100644 index 00000000..143f5bfb --- /dev/null +++ b/nixos/hosts/thalassa/null/configuration.nix @@ -0,0 +1,267 @@ +# Edit this configuration file to define what should be installed on +# your system. Help is available in the configuration.nix(5) man page +# and in the NixOS manual (accessible by running ‘nixos-help’). + +{ pkgs, inputs, ... }: +let + nvidia-offload = pkgs.writeShellScriptBin "nvidia-offload" '' + export __NV_PRIME_RENDER_OFFLOAD=1 + export __NV_PRIME_RENDER_OFFLOAD_PROVIDER=NVIDIA-G0 + export __GLX_VENDOR_LIBRARY_NAME=nvidia + export __VK_LAYER_NV_optimus=NVIDIA_only + export LIBVA_DRIVER_NAME=nvidia + export GBM_BACKEND=nvidia-drm + + exec "$@" + ''; + run-hyprland = pkgs.writeShellScriptBin "run-hyprland" '' + export _JAVA_AWT_WM_NONREPARENTING=1 + export XCURSOR_SIZE=32 + + export CLUTTER_BACKEND=wayland + export XDG_SESSION_TYPE=wayland + export QT_WAYLAND_DISABLE_WINDOWDECORATION=1 + export MOZ_ENABLE_WAYLAND=1 + export WLR_NO_HARDWARE_CURSORS=1 + export WLR_BACKEND=vulkan + export QT_QPA_PLATFORM=wayland + export GDK_BACKEND=wayland + export SDL_VIDEODRIVER=wayland + + exec Hyprland + ''; +in +{ + imports = [ + # Include the results of the hardware scan. + ./hardware-configuration.nix + ./rescue-boot.nix + ./networking.nix + ]; + home-manager = { + + # home-manager + useGlobalPkgs = true; + useUserPackages = true; + users.vivian = import ./home; + extraSpecialArgs = { inherit inputs; }; + }; + security = { + + pam.services.swaylock = { }; + + sudo.wheelNeedsPassword = true; + rtkit.enable = true; + + # Enables logging in with my Solokey + pam.u2f = { + enable = true; + debug = false; + cue = true; + control = "sufficient"; + authFile = + "/etc/u2f-mappings"; # use `pamu2fcfg` from `pkgs.pam_u2f` to generate this config + }; + }; + + fonts = { + fonts = with pkgs; [ + material-design-icons + noto-fonts + noto-fonts-cjk + noto-fonts-emoji + dejavu_fonts + (nerdfonts.override { + fonts = + [ "DejaVuSansMono" "Ubuntu" "DroidSansMono" "NerdFontsSymbolsOnly" ]; + }) + ]; + + enableDefaultFonts = false; + + fontconfig = { + defaultFonts = { + monospace = [ "DejaVuSansMono Nerd Font" "Noto Color Emoji" ]; + sansSerif = + [ "DejaVu Sans" "DejaVuSansMono Nerd Font" "Noto Color Emoji" ]; + serif = + [ "DejaVu Serif" "DejaVuSansMono Nerd Font" "Noto Color Emoji" ]; + emoji = [ "Noto Color Emoji" ]; + }; + }; + }; + + # Bootloader. + # boot.initrd.systemd.enable = true; # Experimental + boot = { + kernelPackages = pkgs.linuxPackages_latest; + loader = { + systemd-boot.editor = false; + systemd-boot.enable = true; + # loader.systemd-boot.configurationLimit = 6; + efi.canTouchEfiVariables = true; + efi.efiSysMountPoint = "/boot/efi"; + }; + + kernel.sysctl = { "fs.inotify.max_user_watches" = 524288; }; + }; + services = { + + gnome.gnome-keyring.enable = true; + + udisks2.enable = true; + dbus.enable = true; + + xserver = { + enable = false; + layout = "us"; + xkbVariant = "altgr-intl"; + xkbOptions = "caps:swapescape"; + videoDrivers = [ "nvidia" ]; + }; + blueman.enable = true; + + # Enable CUPS to print documents. + printing.enable = true; + pipewire = { + enable = true; + alsa.enable = true; + alsa.support32Bit = true; + pulse.enable = true; + # If you want to use JACK applications, uncomment this + #jack.enable = true; + + # use the example session manager (no others are packaged yet so this is enabled by default, + # no need to redefine it in your config for now) + #media-session.enable = true; + }; + + fstrim.enable = true; + + # don't shutdown when power button is short-pressed + logind.extraConfig = '' + HandlePowerKey=suspend + ''; + + udev.packages = with pkgs; [ + android-udev-rules + logitech-udev-rules + wooting-udev-rules + ]; + }; + fileSystems = { + + "/".options = [ "compress=zstd" ]; + "/home".options = [ "compress=zstd" ]; + "/nix".options = [ "compress=zstd" "noatime" ]; + }; + i18n = { + + # Filesystem dedup + # services.beesd.filesystems = { + # root = { + # spec = "LABEL=nixos"; + # hashTableSizeMB = 256; + # verbosity = "crit"; + # extraOptions = [ "--loadavg-target" "2.0" ]; + # }; + # }; + + # Select internationalisation properties. + defaultLocale = "en_GB.utf8"; + + extraLocaleSettings = { + LC_ADDRESS = "nl_NL.UTF-8"; + LC_IDENTIFICATION = "nl_NL.UTF-8"; + LC_MEASUREMENT = "nl_NL.UTF-8"; + LC_MONETARY = "nl_NL.UTF-8"; + LC_NAME = "nl_NL.UTF-8"; + LC_NUMERIC = "nl_NL.UTF-8"; + LC_PAPER = "nl_NL.UTF-8"; + LC_TELEPHONE = "nl_NL.UTF-8"; + LC_TIME = "en_DK.UTF-8"; + }; + + supportedLocales = + [ "en_GB.UTF-8/UTF-8" "nl_NL.UTF-8/UTF-8" "en_DK.UTF-8/UTF-8" ]; + }; + + xdg.portal = { + enable = true; + wlr.enable = true; + }; + programs = { + + # Hyprland + hyprland = { + enable = true; + package = null; # Managed by home manager + }; + + steam = { + enable = true; + remotePlay.openFirewall = true; + dedicatedServer.openFirewall = true; + }; + + ssh.startAgent = true; + }; + + environment.loginShellInit = '' + if [ -z $DISPLAY ] && [ "$(tty)" = "/dev/tty1" ]; then + ${run-hyprland}/bin/run-hyprland + fi + ''; + hardware = { + + nvidia.prime = { + offload.enable = true; + intelBusId = "PCI:0:2:0"; + nvidiaBusId = "PCI:1:0:0"; + }; + + opengl = { + enable = true; + extraPackages = with pkgs; [ + vaapiVdpau + intel-media-driver # LIBVA_DRIVER_NAME=iHD + vaapiIntel # LIBVA_DRIVER_NAME=i965 (older but works better for Firefox/Chromium) + libvdpau-va-gl + ]; + }; + + bluetooth.enable = true; + + saleae-logic.enable = true; + pulseaudio.enable = false; + }; + + virtualisation.podman.enable = true; + + # Enable sound with pipewire. + sound.enable = true; + + environment.systemPackages = with pkgs; [ + pciutils + nvidia-offload + run-hyprland + wireguard-tools + slurp + gdb + + swaylock-effects # Has to be installed globally so that pam module works + ]; + + nix.extraOptions = '' + keep-outputs = true + keep-derivations = true + ''; + + # This value determines the NixOS release from which the default + # settings for stateful data, like file locations and database versions + # on your system were taken. It‘s perfectly fine and recommended to leave + # this value at the release version of the first install of this system. + # Before changing this value read the documentation for this option + # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). + system.stateVersion = "22.05"; # Did you read the comment? +} diff --git a/nixos/hosts/thalassa/null/hardware-configuration.nix b/nixos/hosts/thalassa/null/hardware-configuration.nix new file mode 100644 index 00000000..4c230e9f --- /dev/null +++ b/nixos/hosts/thalassa/null/hardware-configuration.nix @@ -0,0 +1,56 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, modulesPath, ... }: + +{ + imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; + boot = { + + initrd.availableKernelModules = + [ "xhci_pci" "ahci" "nvme" "rtsx_pci_sdmmc" ]; + initrd.kernelModules = [ ]; + kernelModules = [ "kvm-intel" ]; + extraModulePackages = [ ]; + }; + fileSystems = { + + "/" = { + device = "/dev/disk/by-uuid/d4f56e5b-2509-4e63-8324-65a35c71e90c"; + fsType = "btrfs"; + options = [ "subvol=@" ]; + }; + + "/nix" = { + device = "/dev/disk/by-uuid/d4f56e5b-2509-4e63-8324-65a35c71e90c"; + fsType = "btrfs"; + options = [ "subvol=@/nix" ]; + }; + + "/home" = { + device = "/dev/disk/by-uuid/d4f56e5b-2509-4e63-8324-65a35c71e90c"; + fsType = "btrfs"; + options = [ "subvol=@home" ]; + }; + + "/boot/efi" = { + device = "/dev/disk/by-uuid/D478-6F66"; + fsType = "vfat"; + }; + }; + + swapDevices = [ ]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.wg0.useDHCP = lib.mkDefault true; + # networking.interfaces.wlp0s20f3.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; + hardware.cpu.intel.updateMicrocode = + lib.mkDefault config.hardware.enableRedistributableFirmware; +} diff --git a/nixos/hosts/thalassa/null/home/default.nix b/nixos/hosts/thalassa/null/home/default.nix new file mode 100644 index 00000000..ffd63dde --- /dev/null +++ b/nixos/hosts/thalassa/null/home/default.nix @@ -0,0 +1,207 @@ +{ config, pkgs, inputs, texlive, ... }: +let + tex = pkgs.texlive.combine { + inherit (pkgs.texlive) scheme-full; + dnd-5e-latex-template = { pkgs = [ pkgs.v.dnd-5e-latex-template ]; }; + }; +in +{ + programs = { + home-manager.enable = true; + + foot = { enable = true; }; + + nix-index.enable = true; + + exa = { + enable = true; + enableAliases = true; + }; + + bat.enable = true; + + git = { + enable = true; + package = pkgs.gitAndTools.gitFull; + userName = "Vivian"; + userEmail = "vivian@0x76.dev"; + lfs.enable = true; + # delta.enable = true; + extraConfig = { + push.autoSetupRemote = true; + init.defaultBranch = "main"; + }; + }; + + mako = { + enable = true; + extraConfig = '' + [mode=do-not-disturb] + invisible=1 + ''; + }; + + tmux = { + enable = true; + shortcut = "b"; + terminal = "screen-256color"; + clock24 = true; + }; + + firefox = { + enable = true; + package = pkgs.firefox-devedition-bin; + }; + + vscode = { + enable = true; + package = pkgs.vscode; + userSettings = { + "ltex.language" = "en-GB"; + "latex-workshop" = { + "linting.chktex.enabled" = true; + "latex.clean.subfolder.enabled" = true; + "latex.outDir" = "%TMPDIR%/%RELATIVE_DOC%"; + }; + "workbench.colorTheme" = "Catppuccin Frappé"; + "editor.fontFamily" = + "'DejaVuSansMono Nerd Font', 'monospace', monospace"; + "keyboard.dispatch" = "keyCode"; + "rust-analyzer.server.path" = "${pkgs.rust-analyzer}/bin/rust-analyzer"; + "terminal.integrated.defaultProfile.linux" = "zsh"; + "nix.enableLanguageServer" = true; # Enable LSP. + "nix.serverPath" = + "${pkgs.nil}/bin/nil"; # The path to the LSP server executable. + "[nix]" = { "editor.defaultFormatter" = "brettm12345.nixfmt-vscode"; }; + }; + extensions = with pkgs.vscode-extensions; + with pkgs.v.vscode-extensions; [ + # astro-build.astro-vscode + brettm12345.nixfmt-vscode + catppuccin.catppuccin-vsc + codezombiech.gitignore + editorconfig.editorconfig + foxundermoon.shell-format + james-yu.latex-workshop + jnoortheen.nix-ide + matklad.rust-analyzer + mkhl.direnv + ms-vscode-remote.remote-ssh + ms-vscode.cpptools + platformio.platformio-ide + redhat.vscode-yaml + tamasfe.even-better-toml + valentjn.vscode-ltex + vscodevim.vim + xaver.clang-format + ]; + }; + + direnv = { + enable = true; + nix-direnv = { enable = true; }; + }; + + zsh = { + enable = true; + sessionVariables = { DIRENV_LOG_FORMAT = ""; }; + }; + }; + home = { + username = "vivian"; + homeDirectory = "/home/vivian"; + stateVersion = "22.05"; + + packages = with pkgs; [ + appimage-run + brightnessctl + btop + calibre + cinny-desktop + discord-canary + fluxcd + fusee-launcher + gcc + gimp + gnome.eog + gnome.file-roller + gnome.gnome-font-viewer + gnome.nautilus + grim # Screenshot tool + inputs.comma.packages.${pkgs.system}.default + inputs.riff.packages.${pkgs.system}.riff + inputs.webcord.packages.${pkgs.system}.default + k9s + kubectl + libnotify + mullvad-vpn + neofetch + nixpkgs-review + nixfmt + ouch + plex-media-player + plexamp + python3 + retroarchFull + ripgrep + rsync + rustup + saleae-logic-2 + solo2-cli + steam-run + tex + thunderbird-wayland + v.deemix-gui + wf-recorder # Screenrecorder + wl-clipboard # Clipboard manager + wofi # Wayland rofi + wpa_supplicant_gui + ]; + }; + + imports = [ ./hyprland.nix ./neovim.nix ./eww ./theme.nix ]; + + xdg.mimeApps = { + enable = true; + defaultApplications = + let browser = [ "firefox.desktop" ]; + in { + "image/*" = "org.gnome.eog.desktop"; + "text/html" = browser; + "x-scheme-handler/http" = browser; + "x-scheme-handler/https" = browser; + "x-scheme-handler/ftp" = browser; + "x-scheme-handler/about" = browser; + "x-scheme-handler/unknown" = browser; + "application/x-extension-htm" = browser; + "application/x-extension-html" = browser; + "application/x-extension-shtml" = browser; + "application/xhtml+xml" = browser; + "application/x-extension-xhtml" = browser; + "application/x-extension-xht" = browser; + + "application/json" = browser; + "application/pdf" = browser; + + "x-scheme-handler/vscode" = "code-url-handler.desktop"; + "x-scheme-handler/discord" = "webcord.desktop"; + }; + }; + + xdg.userDirs = + let home = config.home.homeDirectory; + in { + enable = true; + createDirectories = true; + desktop = "${home}/.desktop"; + documents = "${home}/cloud/Documents"; + download = "${home}/dl"; + music = "${home}/cloud/Music"; + pictures = "${home}/cloud/Pictures"; + publicShare = "${home}/.publicShare"; + templates = "${home}/.templates"; + videos = "${home}/cloud/Videos"; + }; + + services.syncthing.enable = true; +} diff --git a/nixos/hosts/thalassa/null/home/eww/default.nix b/nixos/hosts/thalassa/null/home/eww/default.nix new file mode 100644 index 00000000..120b59a0 --- /dev/null +++ b/nixos/hosts/thalassa/null/home/eww/default.nix @@ -0,0 +1,42 @@ +{ pkgs, ... }: { + home = { + packages = with pkgs; [ + eww-wayland + pamixer + lua + (nerdfonts.override { fonts = [ "JetBrainsMono" ]; }) + ]; + file = { + + ".config/eww/eww.yuck".source = ./eww.yuck; + ".config/eww/eww.scss".text = builtins.readFile ./eww.scss; + + # scripts + # TODO: just link all scripts in ./scripts to .config/eww/scripts + ".config/eww/scripts/volume.sh" = { + source = ./scripts/volume.sh; + executable = true; + }; + + ".config/eww/scripts/wifi.sh" = { + source = ./scripts/wifi.sh; + executable = true; + }; + + ".config/eww/scripts/workspaces.sh" = { + source = ./scripts/workspaces.sh; + executable = true; + }; + + ".config/eww/scripts/workspaces.lua" = { + source = ./scripts/workspaces.lua; + executable = true; + }; + + ".config/eww/scripts/do-not-disturb.sh" = { + source = ./scripts/do-not-disturb.sh; + executable = true; + }; + }; + }; +} diff --git a/hosts/thalassa/aoife/home/eww/eww.scss b/nixos/hosts/thalassa/null/home/eww/eww.scss similarity index 100% rename from hosts/thalassa/aoife/home/eww/eww.scss rename to nixos/hosts/thalassa/null/home/eww/eww.scss diff --git a/hosts/thalassa/aoife/home/eww/eww.yuck b/nixos/hosts/thalassa/null/home/eww/eww.yuck similarity index 100% rename from hosts/thalassa/aoife/home/eww/eww.yuck rename to nixos/hosts/thalassa/null/home/eww/eww.yuck diff --git a/hosts/thalassa/aoife/home/eww/scripts/do-not-disturb.sh b/nixos/hosts/thalassa/null/home/eww/scripts/do-not-disturb.sh similarity index 100% rename from hosts/thalassa/aoife/home/eww/scripts/do-not-disturb.sh rename to nixos/hosts/thalassa/null/home/eww/scripts/do-not-disturb.sh diff --git a/hosts/thalassa/aoife/home/eww/scripts/volume.sh b/nixos/hosts/thalassa/null/home/eww/scripts/volume.sh similarity index 68% rename from hosts/thalassa/aoife/home/eww/scripts/volume.sh rename to nixos/hosts/thalassa/null/home/eww/scripts/volume.sh index 57797371..f2746614 100755 --- a/hosts/thalassa/aoife/home/eww/scripts/volume.sh +++ b/nixos/hosts/thalassa/null/home/eww/scripts/volume.sh @@ -1,6 +1,6 @@ #!/bin/sh -per="???" +per="$(pamixer --get-volume)" if pamixer --get-mute | rg -q true; then icon="婢" @@ -12,4 +12,4 @@ else icon="奄" #low fi -printf "{\"icon\": \"${icon}\", \"percent\": \"${per}\"}" +printf "{\"icon\": \"${icon}\", \"percent\": \"${per}\"}" diff --git a/hosts/thalassa/aoife/home/eww/scripts/wifi.sh b/nixos/hosts/thalassa/null/home/eww/scripts/wifi.sh similarity index 100% rename from hosts/thalassa/aoife/home/eww/scripts/wifi.sh rename to nixos/hosts/thalassa/null/home/eww/scripts/wifi.sh diff --git a/hosts/thalassa/aoife/home/eww/scripts/workspaces.lua b/nixos/hosts/thalassa/null/home/eww/scripts/workspaces.lua similarity index 100% rename from hosts/thalassa/aoife/home/eww/scripts/workspaces.lua rename to nixos/hosts/thalassa/null/home/eww/scripts/workspaces.lua diff --git a/hosts/thalassa/aoife/home/eww/scripts/workspaces.sh b/nixos/hosts/thalassa/null/home/eww/scripts/workspaces.sh similarity index 100% rename from hosts/thalassa/aoife/home/eww/scripts/workspaces.sh rename to nixos/hosts/thalassa/null/home/eww/scripts/workspaces.sh diff --git a/nixos/hosts/thalassa/null/home/hyprland.nix b/nixos/hosts/thalassa/null/home/hyprland.nix new file mode 100644 index 00000000..cdc6efa4 --- /dev/null +++ b/nixos/hosts/thalassa/null/home/hyprland.nix @@ -0,0 +1,137 @@ +{ pkgs, config, ... }: { + home.file.".config/hypr/hyprpaper.conf".text = '' + ipc = off + preload = ~/cloud/Pictures/Wallpapers-Laptop/wallpaper-nix-pink.png + wallpaper = eDP-1,~/cloud/Pictures/Wallpapers-Laptop/wallpaper-nix-pink.png + ''; + + wayland.windowManager.hyprland = + let + startup-script = pkgs.writeScriptBin "startup" '' + #!${pkgs.stdenv.shell} + hyprctl setcursor Catppuccin-Frappe-Pink-Cursors ${ + builtins.toString config.home.pointerCursor.size + } + ${pkgs.hyprpaper}/bin/hyprpaper & + foot --server & + eww daemon & + eww open bar & + firefox-devedition & + webcord & + element-desktop & + ''; + in + { + enable = true; + recommendedEnvironment = true; + extraConfig = '' + exec-once=dbus-update-activation-environment --systemd WAYLAND_DISPLAY XDG_CURRENT_DESKTOP + exec-once=systemctl --user import-environment WAYLAND_DISPLAY XDG_CURRENT_DESKTOP + + monitor=eDP-1,1920x1080@60,0x0,1 + monitor=eDP-1,addreserved,0,0,48,0 + monitor=,preferred,auto,1 + + windowrulev2 = workspace 1 silent,class:^(Electron)$,title:^(.*)(WebCord)(.*)$ + windowrulev2 = workspace 1 silent,title:^(Element)(.*)$ + windowrulev2 = workspace 2 silent,class:^(firefox-aurora)$ + windowrulev2 = float,class:^(firefox-aurora)$,title:^(Picture-in-Picture)$ + + general { + layout = dwindle + col.active_border = 0xfff4b8e4 + } + + input { + kb_options=caps:escape + touchpad { + natural_scroll= true + } + } + + gestures { + workspace_swipe = true + } + + misc { + no_vfr = false + disable_hyprland_logo = true + disable_splash_rendering = true + } + + dwindle { + pseudotile=true + } + + bind=SUPER,RETURN,exec,footclient + bind=SUPER,f,exec,firefox-devedition + bind=SUPER,d,exec,wofi --show run,drun + + bind=,Print,exec,grim -g "$(slurp)" -t png - | wl-copy -t image/png + bind=SUPER,W,killactive, + bind=SUPERSHIFT,Q,exit, + bind=SUPER,S,togglefloating, + bind=SUPER,P,pin, + + bindm=SUPER,mouse:272,movewindow + bindm=SUPER,mouse:273,resizewindow + + bind=SUPER,left,movefocus,l + bind=SUPER,right,movefocus,r + bind=SUPER,up,movefocus,u + bind=SUPER,down,movefocus,d + + bind=SUPER,1,workspace,1 + bind=SUPER,2,workspace,2 + bind=SUPER,3,workspace,3 + bind=SUPER,4,workspace,4 + bind=SUPER,5,workspace,5 + bind=SUPER,6,workspace,6 + bind=SUPER,7,workspace,7 + bind=SUPER,8,workspace,8 + bind=SUPER,9,workspace,9 + bind=SUPER,0,workspace,10 + bind=SUPER,grave,togglespecialworkspace + + bind=ALT,1,movetoworkspace,1 + bind=ALT,2,movetoworkspace,2 + bind=ALT,3,movetoworkspace,3 + bind=ALT,4,movetoworkspace,4 + bind=ALT,5,movetoworkspace,5 + bind=ALT,6,movetoworkspace,6 + bind=ALT,7,movetoworkspace,7 + bind=ALT,8,movetoworkspace,8 + bind=ALT,9,movetoworkspace,9 + bind=ALT,0,movetoworkspace,10 + bind=ALT,grave,movetoworkspace,special + + bind=SUPERSHIFT,1,movetoworkspacesilent,1 + bind=SUPERSHIFT,2,movetoworkspacesilent,2 + bind=SUPERSHIFT,3,movetoworkspacesilent,3 + bind=SUPERSHIFT,4,movetoworkspacesilent,4 + bind=SUPERSHIFT,5,movetoworkspacesilent,5 + bind=SUPERSHIFT,6,movetoworkspacesilent,6 + bind=SUPERSHIFT,7,movetoworkspacesilent,7 + bind=SUPERSHIFT,8,movetoworkspacesilent,8 + bind=SUPERSHIFT,9,movetoworkspacesilent,9 + bind=SUPERSHIFT,0,movetoworkspacesilent,10 + bind=SUPERSHIFT,grave,movetoworkspacesilent,special + + bind=SUPER,mouse_down,workspace,e+1 + bind=SUPER,mouse_up,workspace,e-1 + + bind=SUPER,g,togglegroup + bind=SUPER,tab,changegroupactive + bind=SUPER,m,fullscreen,1 + bind=SUPERSHIFT,m,fullscreen,0 + + bind=,XF86MonBrightnessUp,exec,brightnessctl -q s +5% + bind=,XF86MonBrightnessDown,exec,brightnessctl -q s 5%- + bind=,XF86MonRaiseVolume,exec,pamixer -i 5 + bind=,XF86MonLowerVolume,exec,pamixer -d 5 + bind=,XF86AudioMute,exec,pamixer -t + + exec-once=${startup-script}/bin/startup + ''; + }; +} diff --git a/nixos/hosts/thalassa/null/home/neovim.nix b/nixos/hosts/thalassa/null/home/neovim.nix new file mode 100644 index 00000000..a6eb4fa8 --- /dev/null +++ b/nixos/hosts/thalassa/null/home/neovim.nix @@ -0,0 +1,39 @@ +{ inputs, pkgs, ... }: { + imports = [ inputs.nixvim.homeManagerModules.nixvim ]; + programs.nixvim = { + enable = true; + package = pkgs.neovim-unwrapped; + + extraPlugins = with pkgs.vimPlugins; [ catppuccin-nvim ]; + + colorscheme = "catppuccin-frappe"; + + plugins = { + nix.enable = true; + treesitter = { + enable = true; + nixGrammars = false; + ensureInstalled = [ ]; + }; + surround.enable = true; + fugitive.enable = true; + lualine = { + enable = true; + theme = "catppuccin"; + }; + telescope = { + enable = true; + extensions.fzf-native.enable = true; + }; + lsp = { + enable = true; + servers = { + rust-analyzer.enable = true; + rnix-lsp.enable = true; + pyright.enable = true; + }; + }; + nvim-cmp = { enable = true; }; + }; + }; +} diff --git a/nixos/hosts/thalassa/null/home/theme.nix b/nixos/hosts/thalassa/null/home/theme.nix new file mode 100644 index 00000000..fecec7af --- /dev/null +++ b/nixos/hosts/thalassa/null/home/theme.nix @@ -0,0 +1,127 @@ +{ lib, pkgs, config, ... }: +let + inherit (builtins) mapAttrs; + + theme = "Catppuccin-Pink-Dark"; + cursorTheme = config.home.pointerCursor.name; + colour = { + rosewater = "f2d5cf"; + flamingo = "eebebe"; + pink = "f4b8e4"; + mauve = "ca9ee6"; + red = "e78284"; + maroon = "ea999c"; + peach = "ef9f76"; + yellow = "e5c890"; + green = "a6d189"; + teal = "81c8be"; + sky = "99d1db"; + sapphire = "85c1dc"; + blue = "8caaee"; + lavender = "babbf1"; + text = "c6d0f5"; + subtext0 = "a5adce"; + subtext1 = "b5bfe2"; + overlay2 = "949cbb"; + overlay0 = "737994"; + overlay1 = "838ba7"; + surface0 = "414559"; + surface1 = "51576d"; + surface2 = "626880"; + base = "303446"; + mantle = "292c3c"; + crust = "232634"; + + hex = mapAttrs (_name: value: "#${value}") colour; + }; +in +{ + home = { + file.".xsettingsd".text = '' + Net/ThemeName "${theme}" + Gtk/CursorThemeName "${cursorTheme}" + ''; + + pointerCursor = { + name = "Catppuccin-Frappe-Pink-Cursors"; + size = 32; + package = pkgs.catppuccin-cursors.frappePink; + }; + + file.".config/eww/eww.scss".text = lib.mkBefore '' + $rosewater: ${colour.hex.rosewater}; + $flamingo: ${colour.hex.flamingo}; + $pink: ${colour.hex.pink}; + $mauve: ${colour.hex.mauve}; + $red: ${colour.hex.red}; + $maroon: ${colour.hex.maroon}; + $peach: ${colour.hex.peach}; + $yellow: ${colour.hex.yellow}; + $green: ${colour.hex.green}; + $teal: ${colour.hex.teal}; + $sky: ${colour.hex.sky}; + $sapphire: ${colour.hex.sapphire}; + $blue: ${colour.hex.blue}; + $lavender: ${colour.hex.lavender}; + $text: ${colour.hex.text}; + $subtext0: ${colour.hex.subtext0}; + $subtext1: ${colour.hex.subtext1}; + $overlay0: ${colour.hex.overlay0}; + $overlay1: ${colour.hex.overlay1}; + $overlay2: ${colour.hex.overlay2}; + $surface0: ${colour.hex.surface0}; + $surface1: ${colour.hex.surface1}; + $surface2: ${colour.hex.surface2}; + $base: ${colour.hex.base}; + $mantle: ${colour.hex.mantle}; + $crust: ${colour.hex.crust}; + ''; + }; + + gtk = { + enable = true; + theme = { + name = theme; + package = pkgs.catppuccin-gtk; + }; + iconTheme = { + name = "Arc"; + package = pkgs.arc-icon-theme; + }; + cursorTheme = { + name = cursorTheme; + inherit (config.home.pointerCursor) size package; + }; + }; + + # Note, pink and blue are switched + programs.foot.settings.colors = { + alpha = 0.8; + + foreground = colour.text; # Text + background = colour.base; # Base + regular0 = colour.surface1; # Surface 1 + regular1 = colour.red; # red + regular2 = colour.green; # green + regular3 = colour.yellow; # yellow + regular4 = colour.pink; # pink + regular5 = colour.blue; # blue + regular6 = colour.teal; # teal + regular7 = colour.subtext1; # Subtext 1 + bright0 = colour.surface2; # Surface 2 + bright1 = colour.red; # red + bright2 = colour.green; # green + bright3 = colour.yellow; # yellow + bright4 = colour.pink; # pink + bright5 = colour.blue; # blue + bright6 = colour.teal; # teal + bright7 = colour.subtext0; # Subtext 0 + }; + + programs.mako = { + backgroundColor = colour.hex.mantle; + borderColor = colour.hex.pink; + textColor = colour.hex.text; + borderRadius = 5; + }; +} diff --git a/nixos/hosts/thalassa/null/networking.nix b/nixos/hosts/thalassa/null/networking.nix new file mode 100644 index 00000000..ccf7a8a9 --- /dev/null +++ b/nixos/hosts/thalassa/null/networking.nix @@ -0,0 +1,76 @@ +_: { + services.v.dns = { + enable = true; + openFirewall = false; + mode = "laptop"; + }; + + services.mullvad-vpn.enable = true; + + networking = { + useDHCP = true; + dhcpcd.wait = "background"; + wireless = { + enable = true; + environmentFile = "/var/lib/secrets/wireless.env"; + userControlled.enable = true; + networks = { + eduroam = { + auth = '' + proto=RSN + key_mgmt=WPA-EAP + eap=PEAP + identity="vroest@tudelft.nl" + password=hash:@EDUROAM_PASSWORD_HASH@ + domain_suffix_match="radius.tudelft.nl" + anonymous_identity="anonymous@tudelft.nl" + phase1="peaplabel=0" + phase2="auth=MSCHAPV2" + ca_cert="/etc/ssl/certs/ca-bundle.crt" + ''; + }; + "Pikachu 5G" = { psk = "@PIKACHU_PASSWORD@"; }; + "sha256('yeet')" = { psk = "@SHA256_PASSWORD@"; }; + "wired" = { psk = "@WIRED_PASSWORD@"; }; + "meowy hotspot" = { psk = "@HOTSPOT_PASSWORD@"; }; + "WiFi Roest" = { psk = "@WIFI_ROEST_PASSWORD@"; }; + }; + }; + + nameservers = [ + "127.0.0.1" # Use locally deployed unbound + "::1" + ]; + + firewall.allowedUDPPorts = [ 51820 ]; + + # Maybe switch to wg-quick + wireguard.interfaces.wg0 = { + ips = [ "10.100.0.4/24" ]; + listenPort = 51820; + privateKeyFile = "/var/lib/secrets/wg_key"; + + peers = [ + { + # Delft + publicKey = "kDIO3BJSYlDwRXc2zt9tR1LqKJzIPrulaRmdiYkg+m0="; + allowedIPs = [ "10.100.0.1" "10.42.42.0/23" ]; + endpoint = "195.85.167.34:51820"; + persistentKeepalive = 25; + } + { + # Aerdenhout + publicKey = "KgqLhmUMX6kyTjRoa/GOCrZOvXNE5HWYuOr/T3v8/VI="; + allowedIPs = [ + "10.100.0.5" + "192.168.0.0/24" # to avoid being less specific than a LAN + "192.168.1.0/24" + "10.10.10.0/24" + ]; + endpoint = "80.60.83.220:51820"; + persistentKeepalive = 25; + } + ]; + }; + }; +} diff --git a/nixos/hosts/thalassa/null/rescue-boot.nix b/nixos/hosts/thalassa/null/rescue-boot.nix new file mode 100644 index 00000000..a6cf2a2c --- /dev/null +++ b/nixos/hosts/thalassa/null/rescue-boot.nix @@ -0,0 +1,35 @@ +{ pkgs, ... }: +let + # TODO: slim down size + netboot = import (pkgs.path + "/nixos/lib/eval-config.nix") { + inherit (pkgs) system; + modules = [ + (pkgs.path + "/nixos/modules/installer/netboot/netboot-minimal.nix") + module + ]; + }; + module = { + system.stateVersion = "22.11"; + boot.supportedFilesystems = [ "btrfs" "ext4" ]; + environment.systemPackages = with pkgs; [ git ]; + }; +in +{ + boot.loader.systemd-boot = { + extraEntries = { + "rescue.conf" = '' + title Rescue Boot + linux /rescue-kernel + initrd /rescue-initrd + options init=${netboot.config.system.build.toplevel}/init ${ + toString netboot.config.boot.kernelParams + } + ''; + }; + + extraFiles = { + "rescue-kernel" = "${netboot.config.system.build.kernel}/bzImage"; + "rescue-initrd" = "${netboot.config.system.build.netbootRamdisk}/initrd"; + }; + }; +} diff --git a/pkgs/default.nix b/nixos/pkgs/default.nix similarity index 84% rename from pkgs/default.nix rename to nixos/pkgs/default.nix index 391147e4..68781322 100644 --- a/pkgs/default.nix +++ b/nixos/pkgs/default.nix @@ -17,10 +17,11 @@ final: prev: { gitea-agatheme = prev.callPackage ./gitea-agatheme { }; # nix-shell -p "(vscode-with-extensions.override {vscodeExtensions = with vscode-extensions; [ jnoortheen.nix-ide ]; })" -I nixpkgs=. - # vscode-extensions = { - # platformio.platformio-ide = - # prev.callPackage ./vscode-extensions/platformio.nix { }; - # }; + vscode-extensions = { + platformio.platformio-ide = + prev.callPackage ./vscode-extensions/platformio.nix { }; + }; + }; plex-plexpass = prev.callPackage ./plex-pass { }; diff --git a/pkgs/dnd-5e-latex-template/default.nix b/nixos/pkgs/dnd-5e-latex-template/default.nix similarity index 100% rename from pkgs/dnd-5e-latex-template/default.nix rename to nixos/pkgs/dnd-5e-latex-template/default.nix diff --git a/pkgs/gitea-agatheme/default.nix b/nixos/pkgs/gitea-agatheme/default.nix similarity index 100% rename from pkgs/gitea-agatheme/default.nix rename to nixos/pkgs/gitea-agatheme/default.nix diff --git a/nixos/pkgs/glitch-soc/README.md b/nixos/pkgs/glitch-soc/README.md new file mode 100644 index 00000000..c811fa4c --- /dev/null +++ b/nixos/pkgs/glitch-soc/README.md @@ -0,0 +1,21 @@ +# Mastodon Glitch Edition + + + +Based on [nixpkgs upstream](https://github.com/NixOS/nixpkgs/tree/master/pkgs/servers/mastodon). + +Modifications for the new yarn berry lockfiles and some other improvements stolen and adjusted (with permissions) from [catgirl.cloud](https://git.catgirl.cloud/999eagle/dotfiles-nix/-/tree/main/overlay/mastodon/glitch) (see also https://github.com/NixOS/nixpkgs/issues/277697). + +I've also made some further modifications myself to try and simplify the package and better understand it. + +## Updating + +The package can be updated to the latest glitch-soc commit with `update.sh`. + +- the `deps.patch` for the yarn lockfile will probably not work anymore +- in that case, delete it before running `update.sh` +- then try to build the package +- when it fails again with a yarn error, run `nix log` to get the full yarn output +- take the diff from there and adjust `deps.patch` accordingly +- also, the yarn hash in `version_data.nix` has to be adjusted manually +- build the package and paste the hash from the error message into `yarnHash` diff --git a/nixos/pkgs/glitch-soc/default.nix b/nixos/pkgs/glitch-soc/default.nix new file mode 100644 index 00000000..20a84ff2 --- /dev/null +++ b/nixos/pkgs/glitch-soc/default.nix @@ -0,0 +1,180 @@ +{ stdenv, nodejs-slim, bundlerEnv, defaultGemConfig +, yarn-berry, callPackage, ruby, writeShellScript +, brotli, openssl +}: + +let + + # optimally, updates only need to touch `version_data.nix`, and nothing else should be in there + versionData = import ./version_data.nix; + + # use the first 7 characters of the glitch-soc commit hash as version string + version = builtins.substring 0 7 versionData.rev; + + # the patched glitch-soc source + src = callPackage ./source.nix { }; + + # ruby gems, built from `gemset.nix`, which is generated by bundix in `update.sh` from the source Gemfile + mastodonGems = bundlerEnv { + name = "glitch-soc-gems-${version}"; # bundlerEnv breaks when pname is set instead + inherit version; + ruby = ruby; + gemset = ./gemset.nix; + gemdir = src; + /* + See: + - https://wiki.nixos.org/wiki/Packaging/Ruby#Adding_a_global_override_for_a_gem + - https://nixos.org/manual/nixpkgs/stable/#gem-specific-configurations-and-workarounds + */ + gemConfig = defaultGemConfig // { + hiredis-client = attrs: { + buildInputs = [ openssl ]; + }; + }; + }; + + # fetches JS dependencies via yarn based on the lockfile in the source + mastodonYarnDeps = yarn-berry.fetchYarnBerryDeps { + inherit src; + hash = versionData.yarnHash; + missingHashes = ./missing-hashes.json; + }; + + # builds the node modules for mastodon using the previously fetched yarn deps + mastodonModules = stdenv.mkDerivation { + pname = "glitch-soc-modules"; + inherit version src; + + yarnOfflineCache = mastodonYarnDeps; + missingHashes = ./missing-hashes.json; + + nativeBuildInputs = [ + nodejs-slim + yarn-berry + yarn-berry.yarnBerryConfigHook + brotli + mastodonGems + mastodonGems.wrappedRuby + ]; + + RAILS_ENV = "production"; + NODE_ENV = "production"; + + /* + So it seems that somehow a change in Linux 6.9 changed something that broke libuv, an IO lib + used by Node. This undocumented env var disables the broken IO feature in libuv and it works + again. + + - https://lore.kernel.org/lkml/d7003b6e-b8e3-41c4-9e6e-2b9abd0c5572@gmail.com/t/ + - https://github.com/nodejs/node/issues/53051#issuecomment-2124940205 + - https://github.com/nodejs/docker-node/issues/1912#issuecomment-1594233686 + */ + UV_USE_IO_URING = "0"; + + buildPhase = '' + runHook preBuild + + export SECRET_KEY_BASE_DUMMY=1 + + patchShebangs bin + + bundle exec rails assets:precompile + + rm -rf node_modules/.cache + + # Remove workspace "package" as it contains broken symlinks + # See https://github.com/NixOS/nixpkgs/issues/380366 + rm -rf node_modules/@mastodon + + # Remove execute permissions + find public/assets -type f ! -perm 0555 \ + -exec chmod 0444 {} ';' + + # Create missing static gzip and brotli files + # see: https://git.catgirl.cloud/999eagle/dotfiles-nix/-/blob/5d0da33c4f6b52b48777b404593c68a13e292721/overlay/mastodon/glitch/default.nix#L30 + # see: https://code.hackerspace.pl/ar/nibylandia/src/commit/7bbb773554204026644fb98c9463fd15726976e9/pkgs/glitch-soc/modules.nix#L52 + find public/assets public/packs -type f -regextype posix-extended -iregex '.*\.(css|html|js|js.map|json|svg)' \ + -exec gzip --best --keep --force {} ';' \ + -exec brotli --best --keep {} ';' + + runHook postBuild + ''; + + installPhase = '' + runHook preInstall + + mkdir -p $out/public + cp -r node_modules $out/node_modules + cp -r public/assets $out/public + cp -r public/packs $out/public + + runHook postInstall + ''; + }; + +# the actual main glitch-soc package + +in stdenv.mkDerivation { + + pname = "glitch-soc"; + inherit version src mastodonGems mastodonModules; + + propagatedBuildInputs = [ mastodonGems.wrappedRuby ]; + nativeBuildInputs = [ brotli ]; + buildInputs = [ mastodonGems nodejs-slim ]; + + buildPhase = '' + runHook preBuild + + ln -s $mastodonModules/node_modules node_modules + ln -s $mastodonModules/public/assets public/assets + ln -s $mastodonModules/public/packs public/packs + + patchShebangs bin/ + for b in $(ls $mastodonGems/bin/) + do + if [ ! -f bin/$b ]; then + ln -s $mastodonGems/bin/$b bin/$b + fi + done + + # Remove execute permissions + chmod 0444 public/emoji/*.svg + + # Create missing static gzip and brotli files + find public -maxdepth 1 -type f -regextype posix-extended -iregex '.*\.(css|js|svg|txt|xml)' \ + -exec gzip --best --keep --force {} ';' \ + -exec brotli --best --keep {} ';' + find public/emoji -type f -name '.*.svg' \ + -exec gzip --best --keep --force {} ';' \ + -exec brotli --best --keep {} ';' + ln -s assets/500.html.gz public/500.html.gz + ln -s assets/500.html.br public/500.html.br + ln -s packs/sw.js.gz public/sw.js.gz + ln -s packs/sw.js.br public/sw.js.br + ln -s packs/sw.js.map.gz public/sw.js.map.gz + ln -s packs/sw.js.map.br public/sw.js.map.br + + rm -rf log + ln -s /var/log/mastodon log + ln -s /tmp tmp + + runHook postBuild + ''; + + installPhase = let + run-streaming = writeShellScript "run-streaming.sh" '' + # NixOS helper script to consistently use the same NodeJS version the package was built with. + ${nodejs-slim}/bin/node ./streaming + ''; + in '' + runHook preInstall + + mkdir -p $out + cp -r * $out/ + ln -s ${run-streaming} $out/run-streaming.sh + + runHook postInstall + ''; + +} diff --git a/pkgs/glitch-soc/gemset.nix b/nixos/pkgs/glitch-soc/gemset.nix similarity index 62% rename from pkgs/glitch-soc/gemset.nix rename to nixos/pkgs/glitch-soc/gemset.nix index 2f780a38..d15e4189 100644 --- a/pkgs/glitch-soc/gemset.nix +++ b/nixos/pkgs/glitch-soc/gemset.nix @@ -5,43 +5,43 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "0zd3zjpmrx06jiiyrxmsj94mfcxraxr0h3qlk61860slakmn4sg9"; + sha256 = "18496axh89kakw5f82mmmac3w9rwb0b0wq4j6la806p9cbgy5k3v"; type = "gem"; }; - version = "7.1.1"; + version = "8.0.2"; }; actionmailbox = { - dependencies = ["actionpack" "activejob" "activerecord" "activestorage" "activesupport" "mail" "net-imap" "net-pop" "net-smtp"]; + dependencies = ["actionpack" "activejob" "activerecord" "activestorage" "activesupport" "mail"]; groups = ["default"]; platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "13n7178paqy2p2svsh21yfvzmpf4anwgmnxx6anyslr90zcyksg1"; + sha256 = "1nyfwa1kj0cm1scqsbv723ypv69bzaxh886hliyjbrhk752v73rx"; type = "gem"; }; - version = "7.1.1"; + version = "8.0.2"; }; actionmailer = { - dependencies = ["actionpack" "actionview" "activejob" "activesupport" "mail" "net-imap" "net-pop" "net-smtp" "rails-dom-testing"]; + dependencies = ["actionpack" "actionview" "activejob" "activesupport" "mail" "rails-dom-testing"]; groups = ["default" "development"]; platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "1nr7njlr6pccglqp36imc8mhff73agcdky57a9alrkyrbzdnll42"; + sha256 = "1l3pnba14p0p7zsh366c31maxap030c97597vjimdv3nhnrnijdh"; type = "gem"; }; - version = "7.1.1"; + version = "8.0.2"; }; actionpack = { - dependencies = ["actionview" "activesupport" "nokogiri" "rack" "rack-session" "rack-test" "rails-dom-testing" "rails-html-sanitizer"]; + dependencies = ["actionview" "activesupport" "nokogiri" "rack" "rack-session" "rack-test" "rails-dom-testing" "rails-html-sanitizer" "useragent"]; groups = ["default" "development" "pam_authentication" "production" "test"]; platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "0b2r4h30fybd064xicfjr38j3hpyqx622fb4fjl3rk5ya36b9r1d"; + sha256 = "0y2b5ydiqy32jbd9g5bl6v4aw6d7pjn5f3w2rxf2j59q9w307rwk"; type = "gem"; }; - version = "7.1.1"; + version = "8.0.2"; }; actiontext = { dependencies = ["actionpack" "activerecord" "activestorage" "activesupport" "globalid" "nokogiri"]; @@ -49,10 +49,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "04wjw7iy43vh8dsavi2mka11nkv85nxs7bx8aw85w2mrc3y69jfz"; + sha256 = "1grs41yr3nzw7zbnz0vkv8f4qd448a632saxkm3vnbzf68hb63d4"; type = "gem"; }; - version = "7.1.1"; + version = "8.0.2"; }; actionview = { dependencies = ["activesupport" "builder" "erubi" "rails-dom-testing" "rails-html-sanitizer"]; @@ -60,10 +60,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "02c51f3a2kan3s45m21sx08jjz9xm4l2kvk475ir06vgmgr3girn"; + sha256 = "1fyfyxf2a798lxq6sfpnj94kmnpfp17xlhvjy428zhfzbi0f2f70"; type = "gem"; }; - version = "7.1.1"; + version = "8.0.2"; }; active_model_serializers = { dependencies = ["actionpack" "activemodel" "case_transform" "jsonapi-renderer"]; @@ -71,10 +71,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "13n1ipn0dg3k852xhfzdvkr1ljq76xvfnm79qzdix2ishiy1gphl"; + sha256 = "0k0cig5ic38vfd7iba3rv3h7hs2lmycqp0wx4w286kmbhch5n9q8"; type = "gem"; }; - version = "0.10.14"; + version = "0.10.15"; }; activejob = { dependencies = ["activesupport" "globalid"]; @@ -82,10 +82,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "1qhpzjlh8sm8gqi11yng1sxayfn13pw9j2pgjw57bcmifpav6rd5"; + sha256 = "1jjk31di5kvcflc90wmgdd50jzhljhafi166h6hg67kbwd2qn8mh"; type = "gem"; }; - version = "7.1.1"; + version = "8.0.2"; }; activemodel = { dependencies = ["activesupport"]; @@ -93,10 +93,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "16m6szgwhs7xnrkbib7di872k40r2iffx06g4gjiy4bb2g1d6bqz"; + sha256 = "0v35y2jzqlfy1wnrzlzj2cxylhnz09vykaa1l2dnkq7sl5zzpq8a"; type = "gem"; }; - version = "7.1.1"; + version = "8.0.2"; }; activerecord = { dependencies = ["activemodel" "activesupport" "timeout"]; @@ -104,10 +104,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "09b3x4g4b3ihx9mvahz6ysm8dv41l8vkdfhxg0bdcqm4yg007pgq"; + sha256 = "02nrya34qviawdkssyahb3mg08kqdc461b320a6ikr245jwp0d3r"; type = "gem"; }; - version = "7.1.1"; + version = "8.0.2"; }; activestorage = { dependencies = ["actionpack" "activejob" "activerecord" "activesupport" "marcel"]; @@ -115,21 +115,21 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "1400b9fa4zv39qs6ma0lirf840zdn7qp3v86l9vhgwjzzvhmkhhc"; + sha256 = "0xr9cy6h8il61qq6w3rkvl56visms45ljm8f43r3ibh61wg24ggq"; type = "gem"; }; - version = "7.1.1"; + version = "8.0.2"; }; activesupport = { - dependencies = ["base64" "bigdecimal" "concurrent-ruby" "connection_pool" "drb" "i18n" "minitest" "mutex_m" "tzinfo"]; + dependencies = ["base64" "benchmark" "bigdecimal" "concurrent-ruby" "connection_pool" "drb" "i18n" "logger" "minitest" "securerandom" "tzinfo" "uri"]; groups = ["default" "development" "pam_authentication" "production" "test"]; platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "18jqxsjz9vs89v9jwz4f5vw9yj91cc2l2jwlzfgnxg8wmyjbqw47"; + sha256 = "0pm40y64wfc50a9sj87kxvil2102rmpdcbv82zf0r40vlgdwsrc5"; type = "gem"; }; - version = "7.1.1"; + version = "8.0.2"; }; addressable = { dependencies = ["public_suffix"]; @@ -137,10 +137,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "05r1fwy487klqkya7vzia8hnklcxy4vr92m9dmni3prfwk6zpw33"; + sha256 = "0cl2qpvwiffym62z991ynks7imsm87qmgxf0yfsmlwzkgi9qcaa6"; type = "gem"; }; - version = "2.8.5"; + version = "2.8.7"; }; aes_key_wrap = { groups = ["default"]; @@ -162,77 +162,56 @@ }; version = "0.3.0"; }; - annotate = { - dependencies = ["activerecord" "rake"]; + annotaterb = { + dependencies = ["activerecord" "activesupport"]; groups = ["development"]; platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "1lw0fxb5mirsdp3bp20gjyvs7clvi19jbxnrm2ihm20kzfhvlqcs"; + sha256 = "1gdlas9fl9j7p7s6jvyakbidvg2almhbbk7a7px4fp6xma58yczh"; type = "gem"; }; - version = "3.2.0"; + version = "4.17.0"; }; ast = { groups = ["default" "development"]; platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "04nc8x27hlzlrr5c2gn7mar4vdr0apw5xg22wp6m8dx3wqr04a0y"; + sha256 = "10yknjyn0728gjn6b5syynvrvrwm66bhssbxq8mkhshxghaiailm"; type = "gem"; }; - version = "2.4.2"; - }; - attr_encrypted = { - dependencies = ["encryptor"]; - groups = ["default"]; - platforms = []; - source = { - remotes = ["https://rubygems.org"]; - sha256 = "034x6mbrv9apd83v99v9pm8vl3d17w5bbwws26gr4wv95fylmgnc"; - type = "gem"; - }; - version = "4.0.0"; + version = "2.4.3"; }; attr_required = { groups = ["default"]; platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "1g22axmi2rhhy7w8c3x6gppsawxqavbrnxpnmphh22fk7cwi0kh2"; + sha256 = "16fbwr6nmsn97n0a6k1nwbpyz08zpinhd6g7196lz1syndbgrszh"; type = "gem"; }; - version = "1.0.1"; - }; - awrence = { - groups = ["default"]; - platforms = []; - source = { - remotes = ["https://rubygems.org"]; - sha256 = "0gj8f8c54r9cabkm41s59sa1ca5wpbipw7gq3sfl87x9296227fx"; - type = "gem"; - }; - version = "1.2.1"; + version = "1.0.2"; }; aws-eventstream = { groups = ["default"]; platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "1pyis1nvnbjxk12a43xvgj2gv0mvp4cnkc1gzw0v1018r61399gz"; + sha256 = "1mvjjn8vh1c3nhibmjj9qcwxagj6m9yy961wblfqdmvhr9aklb3y"; type = "gem"; }; - version = "1.2.0"; + version = "1.3.2"; }; aws-partitions = { groups = ["default"]; platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "0m2kha6ip4ynhvl1l8z4vg0j96ngq4f2v6jl4j2y27m2kzmgcxz5"; + sha256 = "1y34xkflb4fd54k1cbrd9xw6ff2znwn1drbnvy9ywngiyynwff1i"; type = "gem"; }; - version = "1.809.0"; + version = "1.1103.0"; }; aws-sdk-core = { dependencies = ["aws-eventstream" "aws-partitions" "aws-sigv4" "jmespath"]; @@ -240,10 +219,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "0xjw9cf6ldbw50xi5ric8d63r8kybpsvaqxh2v6n7374hfady73i"; + sha256 = "1vmi65a22dq0rhjiydr94zwpn9hx3vib7vp922ccjg0vrih7mlzy"; type = "gem"; }; - version = "3.181.0"; + version = "3.215.1"; }; aws-sdk-kms = { dependencies = ["aws-sdk-core" "aws-sigv4"]; @@ -251,10 +230,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "1zr5w2cjd895abyn7y5gifhq37bxcinssvdx2l1qmlkllbdxbwq0"; + sha256 = "0xd3ddd9jiapkgv8im4pl9dcdy2ps7qjsssf2nz3q6sd1ca8x0di"; type = "gem"; }; - version = "1.71.0"; + version = "1.96.0"; }; aws-sdk-s3 = { dependencies = ["aws-sdk-core" "aws-sdk-kms" "aws-sigv4"]; @@ -262,10 +241,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "0yymj15nwnvam95lw5fxwxx7b6xm4hkj8z7byzvjmx9aji1x245m"; + sha256 = "10ziy8zslfjs0ihls7wiq6zvsncq89azh36rshmlylry1hhxjbxz"; type = "gem"; }; - version = "1.133.0"; + version = "1.177.0"; }; aws-sigv4 = { dependencies = ["aws-eventstream"]; @@ -273,42 +252,31 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "0z889c4c1w7wsjm3szg64ay5j51kjl4pdf94nlr1yks2rlanm7na"; + sha256 = "1nx1il781qg58nwjkkdn9fw741cjjnixfsh389234qm8j5lpka2h"; type = "gem"; }; - version = "1.6.0"; + version = "1.11.0"; }; - azure-storage-blob = { - dependencies = ["azure-storage-common" "nokogiri"]; + azure-blob = { + dependencies = ["rexml"]; groups = ["default"]; platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "0qq3knsy7nj7a0r8m19spg2bgzns9b3j5vjbs9mpg49whhc63dv1"; + sha256 = "1zfl00vwx28a8s38spfxinicic1nd7q1phd3cmjxj8mwlfswc3j4"; type = "gem"; }; - version = "2.0.3"; - }; - azure-storage-common = { - dependencies = ["faraday" "faraday_middleware" "net-http-persistent" "nokogiri"]; - groups = ["default"]; - platforms = []; - source = { - remotes = ["https://rubygems.org"]; - sha256 = "0swmsvvpmy8cdcl305p3dl2pi7m3dqjd7zywfcxmhsz0n2m4v3v0"; - type = "gem"; - }; - version = "2.0.4"; + version = "0.5.8"; }; base64 = { groups = ["default" "development" "pam_authentication" "production" "test"]; platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "0cydk9p2cv25qysm0sn2pb97fcpz1isa7n3c8xm1gd99li8x6x8c"; + sha256 = "0yx9yn47a8lkfcjmigk79fykxvr80r4m1i35q82sxzynpbm7lcr7"; type = "gem"; }; - version = "0.1.1"; + version = "0.3.0"; }; bcp47_spec = { groups = ["default"]; @@ -325,10 +293,20 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "14crcsmcsyiskr9xzgzcfz2dr74zg1jvavrrxpf5vnn9q75fakz9"; + sha256 = "16a0g2q40biv93i1hch3gw8rbmhp77qnnifj1k0a6m7dng3zh444"; type = "gem"; }; - version = "3.1.19"; + version = "3.1.20"; + }; + benchmark = { + groups = ["default" "development" "pam_authentication" "production" "test"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "1kicilpma5l0lwayqjb5577bm0hbjndj2gh150xz09xsgc1l1vyl"; + type = "gem"; + }; + version = "0.4.1"; }; better_errors = { dependencies = ["erubi" "rack" "rouge"]; @@ -341,36 +319,25 @@ }; version = "2.10.1"; }; - better_html = { - dependencies = ["actionview" "activesupport" "ast" "erubi" "parser" "smart_properties"]; - groups = ["default" "development"]; - platforms = []; - source = { - remotes = ["https://rubygems.org"]; - sha256 = "1sk5s5lpwbd53s4a1xzm02nys3kfqdw5mh9i2qfn04hjsk8wk3gc"; - type = "gem"; - }; - version = "2.0.2"; - }; bigdecimal = { - groups = ["default" "development" "pam_authentication" "production" "test"]; + groups = ["default" "development" "opentelemetry" "pam_authentication" "production" "test"]; platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "07y615s8yldk3k13lmkhpk1k190lcqvmxmnjwgh4bzjan9xrc36y"; + sha256 = "1p2szbr4jdvmwaaj2kxlbv1rp0m6ycbgfyp0kjkkkswmniv5y21r"; type = "gem"; }; - version = "3.1.4"; + version = "3.2.2"; }; bindata = { groups = ["default"]; platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "04y4zgh4bbcb8wmkxwfqg4saky1d1f3xw8z6yk543q13h8ky8rz5"; + sha256 = "0n4ymlgik3xcg94h52dzmh583ss40rl3sn0kni63v56sq8g6l62k"; type = "gem"; }; - version = "2.4.15"; + version = "2.5.1"; }; binding_of_caller = { dependencies = ["debug_inspector"]; @@ -378,20 +345,20 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "078n2dkpgsivcf0pr50981w95nfc2bsrp3wpf9wnxz1qsp8jbb9s"; + sha256 = "16mjj15ks5ws53v2y31hxcmf46d0qjdvdaadpk7xsij2zymh4a9b"; type = "gem"; }; - version = "1.0.0"; + version = "1.0.1"; }; blurhash = { groups = ["default"]; platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "057afgqy73n8vm7k3cr4pbwm1hhqnm58lp4x7bgm5wzbs39m7xf8"; + sha256 = "1wni86h2mlb7sj51nq3iwsvkrzlaggls9xlf4p9dzr1ns79dphca"; type = "gem"; }; - version = "0.1.7"; + version = "0.1.8"; }; bootsnap = { dependencies = ["msgpack"]; @@ -399,51 +366,41 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "1vcg52gwl64xhhal6kwk1pc01y1klzdlnv1awyk89kb91z010x7q"; + sha256 = "003xl226y120cbq1n99805jw6w75gcz1gs941yz3h7li3qy3kqha"; type = "gem"; }; - version = "1.16.0"; + version = "1.18.6"; }; brakeman = { + dependencies = ["racc"]; groups = ["development"]; platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "1gliwnyma9f1mpr928c79i36q51yl68dwjd3jgwvsyr4piiiqr1r"; + sha256 = "11ip6dgi7147wp8jgwk9g95k07323zh83q699d6wxif6rqdxj0mn"; type = "gem"; }; - version = "6.0.1"; + version = "7.0.2"; }; browser = { groups = ["default"]; platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "0g4bcpax07kqqr9cp7cjc7i0pcij4nqpn1rdsg2wdwhzf00m6x32"; + sha256 = "0bffb8dddrg6zn8c74swhy8mq2mysb195hi7chwwj9c8g2am4798"; type = "gem"; }; - version = "5.3.1"; - }; - brpoplpush-redis_script = { - dependencies = ["concurrent-ruby" "redis"]; - groups = ["default"]; - platforms = []; - source = { - remotes = ["https://rubygems.org"]; - sha256 = "1nd5zj5yqmhv9lrsqz8s2dqq28v4ywy95qrw7nzhhf89dl4dq49l"; - type = "gem"; - }; - version = "0.1.3"; + version = "6.2.0"; }; builder = { groups = ["default" "development" "pam_authentication" "production" "test"]; platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "045wzckxpwcqzrjr353cxnyaxgf0qg22jh00dcx7z38cys5g1jlr"; + sha256 = "0pw3r2lyagsxkm71bf44v5b74f7l9r7di22brbyji9fwz791hya9"; type = "gem"; }; - version = "3.2.4"; + version = "3.3.0"; }; bundler-audit = { dependencies = ["thor"]; @@ -451,10 +408,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "0gdx0019vj04n1512shhdx7hwphzqmdpw4vva2k551nd47y1dixx"; + sha256 = "0j0h5cgnzk0ms17ssjkzfzwz65ggrs3lsp53a1j46p4616m1s1bk"; type = "gem"; }; - version = "0.9.1"; + version = "0.9.2"; }; capybara = { dependencies = ["addressable" "matrix" "mini_mime" "nokogiri" "rack" "rack-test" "regexp_parser" "xpath"]; @@ -462,10 +419,21 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "114qm5f5vhwaaw9rj1h2lcamh46zl13v1m18jiw68zl961gwmw6n"; + sha256 = "1vxfah83j6zpw3v5hic0j70h519nvmix2hbszmjwm8cfawhagns2"; type = "gem"; }; - version = "3.39.2"; + version = "3.40.0"; + }; + capybara-playwright-driver = { + dependencies = ["addressable" "capybara" "playwright-ruby-client"]; + groups = ["test"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "09jyhmyngwbw2apc77z80kw4d4kd0wdvn46xxks7vjlzgywilipg"; + type = "gem"; + }; + version = "0.5.6"; }; case_transform = { dependencies = ["activesupport"]; @@ -483,20 +451,30 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "0511idr8xps9625nh3kxr68sdy6l3xy2kcz7r57g47fxb1v18jj3"; + sha256 = "1dsf9gjc2cj79vrnz2vgq573biqjw7ad4b0idm05xg6rb3y9gq4y"; type = "gem"; }; - version = "0.5.9.6"; + version = "0.5.9.8"; + }; + cgi = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "1rj7agrnd1a4282vg13qkpwky0379svdb2z2lc0wl8588q6ikjx3"; + type = "gem"; + }; + version = "0.4.2"; }; charlock_holmes = { groups = ["default"]; platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "0hybw8jw9ryvz5zrki3gc9r88jqy373m6v46ynxsdzv1ysiyr40p"; + sha256 = "1c1dws56r7p8y363dhyikg7205z59a3bn4amnv2y488rrq8qm7ml"; type = "gem"; }; - version = "0.7.7"; + version = "0.7.9"; }; chewy = { dependencies = ["activesupport" "elasticsearch" "elasticsearch-dsl"]; @@ -504,10 +482,21 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "0zca6v8i66jkxfdfjnn9xwg21pk95qn4ic8vzfvrx49d6sb8319y"; + sha256 = "0kgqj7hcs09ln7i1rds1xify08rzjk02ryzvjdvnllg1fkh3vm2b"; type = "gem"; }; - version = "7.3.4"; + version = "7.6.0"; + }; + childprocess = { + dependencies = ["logger"]; + groups = ["default" "development" "test"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "1v5nalaarxnfdm6rxb7q6fmc6nx097jd630ax6h9ch7xw95li3cs"; + type = "gem"; + }; + version = "5.1.0"; }; chunky_png = { groups = ["default"]; @@ -524,10 +513,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "0q11v0iabvr6rif0d025xh078ili5frrihlj0m04zfg7lgvagxji"; + sha256 = "198aswdyqlvcw9jkd95b7b8dp3fg0wx89kd1dx9wia1z36b1icin"; type = "gem"; }; - version = "0.2.0"; + version = "1.2.0"; }; cocoon = { groups = ["default"]; @@ -554,20 +543,20 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "0krcwb6mn0iklajwngwsg850nk8k9b35dhmc2qkbdqvmifdi2y9q"; + sha256 = "1ipbrgvf0pp6zxdk5ascp6i29aybz2bx9wdrlchjmpx6mhvkwfw1"; type = "gem"; }; - version = "1.2.2"; + version = "1.3.5"; }; connection_pool = { groups = ["default" "development" "pam_authentication" "production" "test"]; platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "1x32mcpm2cl5492kd6lbjbaf17qsssmpx9kdyr7z1wcif2cwyh0g"; + sha256 = "0nrhsk7b3sjqbyl1cah6ibf1kvi3v93a7wf4637d355hp614mmyg"; type = "gem"; }; - version = "2.4.1"; + version = "2.5.3"; }; cose = { dependencies = ["cbor" "openssl-signature_algorithm"]; @@ -575,21 +564,21 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "00c6x4ha7qiaaf88qdbyf240mk146zz78rbm4qwyaxmwlmk7q933"; + sha256 = "1rbdzl9n8ppyp38y75hw06s17kp922ybj6jfvhz52p83dg6xpm6m"; type = "gem"; }; - version = "1.3.0"; + version = "1.3.1"; }; crack = { - dependencies = ["rexml"]; + dependencies = ["bigdecimal" "rexml"]; groups = ["default" "test"]; platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "1cr1kfpw3vkhysvkk3wg7c54m75kd68mbm9rs5azdjdq57xid13r"; + sha256 = "0jaa7is4fw1cxigm8vlyhg05bw4nqy4f91zjqxk7pp4c8bdyyfn8"; type = "gem"; }; - version = "0.4.5"; + version = "1.0.0"; }; crass = { groups = ["default" "development" "pam_authentication" "production" "test"]; @@ -607,10 +596,20 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "04q1vin8slr3k8mp76qz0wqgap6f9kdsbryvgfq9fljhrm463kpj"; + sha256 = "1izp5vna86s7xivqzml4nviy01bv76arrd5is8wkncwp1by3zzbc"; type = "gem"; }; - version = "1.14.0"; + version = "1.21.1"; + }; + csv = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0gz7r2kazwwwyrwi95hbnhy54kwkfac5swh2gy5p5vw36fn38lbf"; + type = "gem"; + }; + version = "3.3.5"; }; database_cleaner-active_record = { dependencies = ["activerecord" "database_cleaner-core"]; @@ -618,10 +617,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "12hdsqnws9gyc9sxiyc8pjiwr0xa7136m1qbhmd1pk3vsrrvk13k"; + sha256 = "1jxzgg3yccp3gjncl5ih0y13dcappmy0y8pq85wgjj0yx5fh0ixy"; type = "gem"; }; - version = "2.1.0"; + version = "2.2.1"; }; database_cleaner-core = { groups = ["default" "test"]; @@ -634,24 +633,35 @@ version = "2.0.1"; }; date = { - groups = ["default" "development"]; + groups = ["default" "development" "pam_authentication" "production" "test"]; platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "03skfikihpx37rc27vr3hwrb057gxnmdzxhmzd4bf4jpkl0r55w1"; + sha256 = "0kz6mc4b9m49iaans6cbx031j9y7ldghpi5fzsdh0n3ixwa8w9mz"; type = "gem"; }; - version = "3.3.3"; + version = "3.4.1"; + }; + debug = { + dependencies = ["irb" "reline"]; + groups = ["development" "test"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "1wmfy5n5v2rzpr5vz698sqfj1gl596bxrqw44sahq4x0rxjdn98l"; + type = "gem"; + }; + version = "1.11.0"; }; debug_inspector = { groups = ["default" "development"]; platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "01l678ng12rby6660pmwagmyg8nccvjfgs3487xna7ay378a59ga"; + sha256 = "18k8x9viqlkh7dbmjzh8crbjy8w480arpa766cw1dnn3xcpa1pwv"; type = "gem"; }; - version = "1.1.0"; + version = "1.2.0"; }; devise = { dependencies = ["bcrypt" "orm_adapter" "railties" "responders" "warden"]; @@ -659,21 +669,21 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "121ljaaapil79dcsl5mkh5k613hv58z4z3g2lrnzb5qvqpb3h1j8"; + sha256 = "1y57fpcvy1kjd4nb7zk7mvzq62wqcpfynrgblj558k3hbvz4404j"; type = "gem"; }; - version = "4.9.3"; + version = "4.9.4"; }; devise-two-factor = { - dependencies = ["activesupport" "attr_encrypted" "devise" "railties" "rotp"]; + dependencies = ["activesupport" "devise" "railties" "rotp"]; groups = ["default"]; platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "15cbgb0hyq78myc6aaszzdrd9qll9n3qdhykmrx22qiyac3mnpy9"; + sha256 = "041c6zrwm3za1scr07kdgmnlxj7lnrr1jcb832grkavf1sh9wf4h"; type = "gem"; }; - version = "4.1.1"; + version = "6.1.0"; }; devise_pam_authenticatable2 = { dependencies = ["devise" "rpam2"]; @@ -691,10 +701,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "0rwvjahnp7cpmracd8x732rjgnilqv2sx7d1gfrysslc3h039fa9"; + sha256 = "0qlrj2qyysc9avzlr4zs1py3x684hqm61n4czrsk1pyllz5x5q4s"; type = "gem"; }; - version = "1.5.0"; + version = "1.6.2"; }; discard = { dependencies = ["activerecord"]; @@ -702,31 +712,30 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "1xavjhccyyzn9z6fz3034vgvzprc983mbrq6n9sc0drfw7m3vrip"; + sha256 = "1l35bpwnxqd6pqqy315a1y6bi2n8y6cd69dqh4gpi5nz7njx5z3f"; type = "gem"; }; - version = "1.2.1"; + version = "1.4.0"; }; docile = { groups = ["default" "test"]; platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "1lxqxgq71rqwj1lpl9q1mbhhhhhhdkkj7my341f2889pwayk85sz"; + sha256 = "07pj4z3h8wk4fgdn6s62vw1lwvhj0ac0x10vfbdkr9xzk7krn5cn"; type = "gem"; }; - version = "1.4.0"; + version = "1.4.1"; }; domain_name = { - dependencies = ["unf"]; groups = ["default"]; platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "0lcqjsmixjp52bnlgzh4lg9ppsk52x9hpwdjd53k8jnbah2602h0"; + sha256 = "0cyr2xm576gqhqicsyqnhanni47408w2pgvrfi8pd13h2li3nsaz"; type = "gem"; }; - version = "0.5.20190701"; + version = "0.6.20240107"; }; doorkeeper = { dependencies = ["railties"]; @@ -734,52 +743,40 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "1q2pywgyn6cbnm0fh3dln5z1qgd1g8hvb4x8rppjc1bpfxnfhi13"; + sha256 = "1lsh9lzrglqlwm9icmn0ggrwjc9iy9308f9m59z1w2srmyp0fgd7"; type = "gem"; }; - version = "5.6.6"; + version = "5.8.2"; }; dotenv = { groups = ["default"]; platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "1n0pi8x8ql5h1mijvm8lgn6bhq4xjb5a500p5r1krq4s6j9lg565"; + sha256 = "1hwjsddv666wpp42bip3fqx7c5qq6s8lwf74dj71yn7d1h37c4cy"; type = "gem"; }; - version = "2.8.1"; - }; - dotenv-rails = { - dependencies = ["dotenv" "railties"]; - groups = ["default"]; - platforms = []; - source = { - remotes = ["https://rubygems.org"]; - sha256 = "0v0gcbxzypcvy6fqq4gp80jb310xvdwj5n8qw9ci67g5yjvq2nxh"; - type = "gem"; - }; - version = "2.8.1"; + version = "3.1.8"; }; drb = { - dependencies = ["ruby2_keywords"]; groups = ["default" "development" "pam_authentication" "production" "test"]; platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "0h9c2qiam82y3caapa2x157j1lkk9954hrjg3p22hxcsk8fli3vb"; + sha256 = "0wrkl7yiix268s2md1h6wh91311w95ikd8fy8m5gx589npyxc00b"; type = "gem"; }; - version = "2.1.1"; + version = "2.2.3"; }; - ed25519 = { + dry-cli = { groups = ["default"]; platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "0zb2dr2ihb1qiknn5iaj1ha1w9p7lj9yq5waasndlfadz225ajji"; + sha256 = "0nyrgj4a0ppk0qfp8cny4wb3hsr2cw55ynh2w973brhf54xxz5wc"; type = "gem"; }; - version = "1.3.0"; + version = "1.2.0"; }; elasticsearch = { dependencies = ["elasticsearch-api" "elasticsearch-transport"]; @@ -787,10 +784,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "0havyxmvl157a653prspnbhgdchlx44xqxl170v1im5ggxwavcaq"; + sha256 = "11pw5x7kg6f6m8rqy2kpbzdlnvijjpmbqkj2gz8237wkbl40y27d"; type = "gem"; }; - version = "7.13.3"; + version = "7.17.11"; }; elasticsearch-api = { dependencies = ["multi_json"]; @@ -798,10 +795,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "0bmssarkk7lqkjdn8c9j7jvxcnn4hg1zcmhsky8bfvc99k33b3w8"; + sha256 = "01wi43a3zylrq2vca08vir5va142g5m3jcsak3rprjck8jvggn7y"; type = "gem"; }; - version = "7.13.3"; + version = "7.17.11"; }; elasticsearch-dsl = { groups = ["default"]; @@ -814,35 +811,57 @@ version = "0.1.10"; }; elasticsearch-transport = { - dependencies = ["faraday" "multi_json"]; + dependencies = ["base64" "faraday" "multi_json"]; groups = ["default"]; platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "0blfii8qvj0m6bg9sbfynxc40in7zfmw2wpi4clv7d9gclk053db"; + sha256 = "00qgyyvjyyv7z22qjd408pby1h7902gdwkh8h3z3jk2y57amg06i"; type = "gem"; }; - version = "7.13.3"; + version = "7.17.11"; }; - encryptor = { + email_spec = { + dependencies = ["htmlentities" "launchy" "mail"]; + groups = ["test"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "049dhlyy2hcksp1wj9mx2fngk5limkm3afxysnizg1hi2dxbw8yz"; + type = "gem"; + }; + version = "2.3.0"; + }; + email_validator = { + dependencies = ["activemodel"]; groups = ["default"]; platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "0s8rvfl0vn8w7k1sgkc234060jh468s3zd45xa64p1jdmfa3zwmb"; + sha256 = "0106y8xakq6frv2xc68zz76q2l2cqvhfjc7ji69yyypcbc4kicjs"; type = "gem"; }; - version = "3.0.0"; + version = "2.2.4"; + }; + erb = { + groups = ["default" "development" "pam_authentication" "production" "test"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "08rc8pzri3g7c85c76x84j05hkk12jvalrm2m3n97k1n7f03j13n"; + type = "gem"; + }; + version = "5.0.1"; }; erubi = { groups = ["default" "development" "pam_authentication" "production" "test"]; platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "08s75vs9cxlc4r1q2bjg4br8g9wc5lc5x5vl0vv4zq5ivxsdpgi7"; + sha256 = "1naaxsqkv5b3vklab5sbb9sdpszrjzlfsbqpy7ncbnw510xi10m0"; type = "gem"; }; - version = "1.12.0"; + version = "1.13.1"; }; et-orbi = { dependencies = ["tzinfo"]; @@ -850,164 +869,86 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "1d2z4ky2v15dpcz672i2p7lb2nc793dasq3yq3660h2az53kss9v"; + sha256 = "0r6zylqjfv0xhdxvldr0kgmnglm57nm506pcm6085f0xqa68cvnj"; type = "gem"; }; - version = "1.2.7"; + version = "1.2.11"; }; excon = { + dependencies = ["logger"]; groups = ["default"]; platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "08r6qgbpkxxsihjmlspk3l1sr69q5hx35p1l4wp7rmkbzys89867"; + sha256 = "17asr18vawi08g3wbif0wdi8bnyj01d125saydl9j1f03fv0n16a"; type = "gem"; }; - version = "0.100.0"; + version = "1.2.5"; }; fabrication = { - groups = ["test"]; + groups = ["development" "test"]; platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "0bxssmjp49whzq2zv7w751gr4nkdaiwcxd1vda0byigwyrnj6f5q"; + sha256 = "1qrv8vvhjx9yi64bji6hrp08if14hmwdy08prg9qld3ij2nvz856"; type = "gem"; }; - version = "2.30.0"; + version = "3.0.0"; }; faker = { dependencies = ["i18n"]; - groups = ["test"]; + groups = ["development" "test"]; platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "0ysiqlvyy1351bzx7h92r93a35s32l8giyf9bac6sgr142sh3cnn"; + sha256 = "0wy4i4vl3h2v6scffx0zbp74vq1gfgq55m8x3n05kwp3na8h5a7r"; type = "gem"; }; - version = "3.2.1"; + version = "3.5.2"; }; faraday = { - dependencies = ["faraday-em_http" "faraday-em_synchrony" "faraday-excon" "faraday-httpclient" "faraday-multipart" "faraday-net_http" "faraday-net_http_persistent" "faraday-patron" "faraday-rack" "faraday-retry" "ruby2_keywords"]; + dependencies = ["faraday-net_http" "json" "logger"]; groups = ["default"]; platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "1c760q0ks4vj4wmaa7nh1dgvgqiwaw0mjr7v8cymy7i3ffgjxx90"; + sha256 = "0xbv450qj2bx0qz9l2pjrd3kc057y6bglc3na7a78zby8ssiwlyc"; type = "gem"; }; - version = "1.10.3"; + version = "2.13.1"; }; - faraday-em_http = { - groups = ["default"]; - platforms = []; - source = { - remotes = ["https://rubygems.org"]; - sha256 = "12cnqpbak4vhikrh2cdn94assh3yxza8rq2p9w2j34bqg5q4qgbs"; - type = "gem"; - }; - version = "1.0.0"; - }; - faraday-em_synchrony = { - groups = ["default"]; - platforms = []; - source = { - remotes = ["https://rubygems.org"]; - sha256 = "1vgrbhkp83sngv6k4mii9f2s9v5lmp693hylfxp2ssfc60fas3a6"; - type = "gem"; - }; - version = "1.0.0"; - }; - faraday-excon = { - groups = ["default"]; - platforms = []; - source = { - remotes = ["https://rubygems.org"]; - sha256 = "0h09wkb0k0bhm6dqsd47ac601qiaah8qdzjh8gvxfd376x1chmdh"; - type = "gem"; - }; - version = "1.1.0"; - }; - faraday-httpclient = { - groups = ["default"]; - platforms = []; - source = { - remotes = ["https://rubygems.org"]; - sha256 = "0fyk0jd3ks7fdn8nv3spnwjpzx2lmxmg2gh4inz3by1zjzqg33sc"; - type = "gem"; - }; - version = "1.0.1"; - }; - faraday-multipart = { - dependencies = ["multipart-post"]; - groups = ["default"]; - platforms = []; - source = { - remotes = ["https://rubygems.org"]; - sha256 = "09871c4hd7s5ws1wl4gs7js1k2wlby6v947m2bbzg43pnld044lh"; - type = "gem"; - }; - version = "1.0.4"; - }; - faraday-net_http = { - groups = ["default"]; - platforms = []; - source = { - remotes = ["https://rubygems.org"]; - sha256 = "1fi8sda5hc54v1w3mqfl5yz09nhx35kglyx72w7b8xxvdr0cwi9j"; - type = "gem"; - }; - version = "1.0.1"; - }; - faraday-net_http_persistent = { - groups = ["default"]; - platforms = []; - source = { - remotes = ["https://rubygems.org"]; - sha256 = "0dc36ih95qw3rlccffcb0vgxjhmipsvxhn6cw71l7ffs0f7vq30b"; - type = "gem"; - }; - version = "1.2.0"; - }; - faraday-patron = { - groups = ["default"]; - platforms = []; - source = { - remotes = ["https://rubygems.org"]; - sha256 = "19wgsgfq0xkski1g7m96snv39la3zxz6x7nbdgiwhg5v82rxfb6w"; - type = "gem"; - }; - version = "1.0.0"; - }; - faraday-rack = { - groups = ["default"]; - platforms = []; - source = { - remotes = ["https://rubygems.org"]; - sha256 = "1h184g4vqql5jv9s9im6igy00jp6mrah2h14py6mpf9bkabfqq7g"; - type = "gem"; - }; - version = "1.0.0"; - }; - faraday-retry = { - groups = ["default"]; - platforms = []; - source = { - remotes = ["https://rubygems.org"]; - sha256 = "153i967yrwnswqgvnnajgwp981k9p50ys1h80yz3q94rygs59ldd"; - type = "gem"; - }; - version = "1.0.3"; - }; - faraday_middleware = { + faraday-follow_redirects = { dependencies = ["faraday"]; groups = ["default"]; platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "1bw8mfh4yin2xk7138rg3fhb2p5g2dlmdma88k82psah9mbmvlfy"; + sha256 = "1y87p3yk15bjbk0z9mf01r50lzxvp7agr56lbm9gxiz26mb9fbfr"; type = "gem"; }; - version = "1.2.0"; + version = "0.3.0"; + }; + faraday-httpclient = { + dependencies = ["httpclient"]; + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0z6nv0cxxk9rm69x84861f5zn8jck99prmjpg4apxa75rihbwpyr"; + type = "gem"; + }; + version = "2.0.2"; + }; + faraday-net_http = { + dependencies = ["net-http"]; + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0jp5ci6g40d6i50bsywp35l97nc2fpi9a592r2cibwicdb6y9wd1"; + type = "gem"; + }; + version = "3.4.0"; }; fast_blank = { groups = ["default"]; @@ -1024,20 +965,20 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "1pd7pamzhdz2w0fbcvsfn2nyslznvphnwj16zw35g2b28zd2xyzx"; + sha256 = "1s67b9n7ki3iaycypq8sh02377gjkaxadg4dq53bpgfk4xg3gkjz"; type = "gem"; }; - version = "2.2.7"; + version = "2.4.0"; }; ffi = { groups = ["default"]; platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "1862ydmclzy1a0cjbvm8dz7847d9rch495ib0zb64y84d3xd4bkg"; + sha256 = "19kdyjg3kv7x0ad4xsd4swy5izsbb1vl1rpb6qqcqisr5s23awi9"; type = "gem"; }; - version = "1.15.5"; + version = "1.17.2"; }; ffi-compiler = { dependencies = ["ffi" "rake"]; @@ -1045,10 +986,32 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "0c2caqm9wqnbidcb8dj4wd3s902z15qmgxplwyfyqbwa0ydki7q1"; + sha256 = "1844j58cdg2q6g0rqfwg4rrambnhf059h4yg9rfmrbrcs60kskx9"; type = "gem"; }; - version = "1.0.1"; + version = "1.3.2"; + }; + flatware = { + dependencies = ["drb" "thor"]; + groups = ["default" "test"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "06yllpzx5ib7cv1ar03279gm2qywnzsqfiz42g5y9fmp7z24yiik"; + type = "gem"; + }; + version = "2.3.4"; + }; + flatware-rspec = { + dependencies = ["flatware" "rspec"]; + groups = ["test"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "1gqkjilaqbd6qq80rx3fbjppjbllndvhd629yyd29943lrp3m9nb"; + type = "gem"; + }; + version = "2.3.4"; }; fog-core = { dependencies = ["builder" "excon" "formatador" "mime-types"]; @@ -1056,10 +1019,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "1agd6xgzk0rxrsjdpn94v4hy89s0nm2cs4zg2p880w2dan9xgrak"; + sha256 = "1rjv4iqr64arxv07bh84zzbr1y081h21592b5zjdrk937al8mq1z"; type = "gem"; }; - version = "2.1.0"; + version = "2.6.0"; }; fog-json = { dependencies = ["fog-core" "multi_json"]; @@ -1073,25 +1036,35 @@ version = "1.2.0"; }; fog-openstack = { - dependencies = ["fog-core" "fog-json" "ipaddress"]; + dependencies = ["fog-core" "fog-json"]; groups = ["default"]; platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "11j18h61d3p0pcp9k5346lbj1lahab1dqybkrx9338932lmjn7ap"; + sha256 = "0imx2c7yrwnd1jk6xzh5903cazymfvs3iq37dl49jss1a2d2lis6"; type = "gem"; }; - version = "0.3.10"; + version = "1.1.5"; }; formatador = { groups = ["default"]; platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "0mprf1dwznz5ld0q1jpbyl59fwnwk6azspnd0am7zz7kfg3pxhv5"; + sha256 = "1l06bv4avphbdmr1y4g0rqlczr38k6r65b3zghrbj2ynyhm3xqjl"; type = "gem"; }; - version = "0.3.0"; + version = "1.1.0"; + }; + forwardable = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "1b5g1i3xdvmxxpq4qp0z4v78ivqnazz26w110fh4cvzsdayz8zgi"; + type = "gem"; + }; + version = "1.3.3"; }; fugit = { dependencies = ["et-orbi" "raabro"]; @@ -1099,21 +1072,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "1cm2lrvhrpqq19hbdsxf4lq2nkb2qdldbdxh3gvi15l62dlb5zqq"; + sha256 = "0s4qhq3mjl0gak5wl20w9d5jhq069mk1393dkj76s8i2pvkqb578"; type = "gem"; }; - version = "1.8.1"; - }; - fuubar = { - dependencies = ["rspec-core" "ruby-progressbar"]; - groups = ["test"]; - platforms = []; - source = { - remotes = ["https://rubygems.org"]; - sha256 = "1028vn7j3kc5qqwswrf3has3qm4j9xva70xmzb3n29i89f0afwmj"; - type = "gem"; - }; - version = "2.5.1"; + version = "1.11.1"; }; globalid = { dependencies = ["activesupport"]; @@ -1126,16 +1088,38 @@ }; version = "1.2.1"; }; + google-protobuf = { + dependencies = ["bigdecimal" "rake"]; + groups = ["default" "opentelemetry"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "14a8pv6npmv3ppp5097rladsynk8fs4w6chlcylkls6xj9ngxdjd"; + type = "gem"; + }; + version = "4.31.0"; + }; + googleapis-common-protos-types = { + dependencies = ["google-protobuf"]; + groups = ["default" "opentelemetry"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0zyh9pxsw4zwv3iissirwqnx98qzkywqf3bwdrai6zpwph34ndsy"; + type = "gem"; + }; + version = "1.20.0"; + }; haml = { dependencies = ["temple" "thor" "tilt"]; groups = ["default" "development"]; platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "096yaxlbh89fzdhndrvqg6j3l9gsvys2sp0qvjxqikk7715fbxvi"; + sha256 = "15yxph91zswbnfy7szpdcfbdfqqn595ff290hm4f6fcnhryvhvlf"; type = "gem"; }; - version = "6.2.0"; + version = "6.3.0"; }; haml-rails = { dependencies = ["actionpack" "activesupport" "haml" "railties"]; @@ -1154,20 +1138,20 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "1rx8c71qf45v7r8188vj4hn86vq7qazp2f84y3fhdn6wg6wp6pkc"; + sha256 = "1gvkhb18inkwkf9ja1i774975l259dzlvcvjii3zfyzmzylki5qb"; type = "gem"; }; - version = "0.51.0"; + version = "0.64.0"; }; hashdiff = { groups = ["default" "test"]; platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "1nynpl0xbj0nphqx1qlmyggq58ms1phf5i03hk64wcc0a17x1m1c"; + sha256 = "0xqsnx25lm1wwgchvrl5xla5zzk3d6gbkdfj062cwggdsvgfwc1c"; type = "gem"; }; - version = "1.0.1"; + version = "1.1.2"; }; hashie = { groups = ["default"]; @@ -1191,14 +1175,15 @@ version = "7.1.0"; }; highline = { + dependencies = ["reline"]; groups = ["default" "development"]; platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "1f8cr014j7mdqpdb9q17fp5vb5b8n1pswqaif91s3ylg5x3pygfn"; + sha256 = "0jmvyhjp2v3iq47la7w6psrxbprnbnmzz0hxxski3vzn356x7jv7"; type = "gem"; }; - version = "2.1.0"; + version = "3.1.2"; }; hiredis = { groups = ["default"]; @@ -1210,6 +1195,17 @@ }; version = "0.6.3"; }; + hiredis-client = { + dependencies = ["redis-client"]; + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "07sm9gp4l2khw8m259paw1xcy9yd1jabqnyjzsrgl3ndgqgrj6f8"; + type = "gem"; + }; + version = "0.24.0"; + }; hkdf = { groups = ["default"]; platforms = []; @@ -1221,7 +1217,7 @@ version = "0.3.0"; }; htmlentities = { - groups = ["default"]; + groups = ["default" "test"]; platforms = []; source = { remotes = ["https://rubygems.org"]; @@ -1236,10 +1232,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "1bzb8p31kzv6q5p4z5xq88mnqk414rrw0y5rkhpnvpl29x5c3bpw"; + sha256 = "0z8x4c2bcg05x7ffrjy47cwarfqzlg8kcfxchk5jcfdyx7c04265"; type = "gem"; }; - version = "5.1.1"; + version = "5.3.1"; }; http-cookie = { dependencies = ["domain_name"]; @@ -1247,10 +1243,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "13rilvlv8kwbzqfb644qp6hrbsj82cbqmnzcvqip1p6vqx36sxbk"; + sha256 = "19hsskzk5zpv14mnf07pq71hfk1fsjwfjcw616pgjjzjbi2f0kxi"; type = "gem"; }; - version = "1.0.5"; + version = "1.0.8"; }; http-form_data = { groups = ["default"]; @@ -1273,14 +1269,15 @@ version = "2.1.1"; }; httpclient = { + dependencies = ["mutex_m"]; groups = ["default"]; platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "19mxmvghp7ki3klsxwrlwr431li7hm1lczhhj8z4qihl2acy8l99"; + sha256 = "1j4qwj1nv66v3n9s4xqf64x2galvjm630bwa5xngicllwic5jr2b"; type = "gem"; }; - version = "2.8.3"; + version = "2.9.0"; }; httplog = { dependencies = ["rack" "rainbow"]; @@ -1288,10 +1285,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "0zjsgrlvwpqsnrza4ijlxjld4550c661sgbqp2j2wp638nlnls1a"; + sha256 = "098n4dfmiydbm9if52h17kxglbli9gihjgzhcghv274ni2c9ab49"; type = "gem"; }; - version = "1.6.2"; + version = "1.7.0"; }; i18n = { dependencies = ["concurrent-ruby"]; @@ -1299,21 +1296,21 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "0qaamqsh5f3szhcakkak8ikxlzxqnv49n2p7504hcz2l0f4nj0wx"; + sha256 = "03sx3ahz1v5kbqjwxj48msw3maplpp2iyzs22l4jrzrqh4zmgfnf"; type = "gem"; }; - version = "1.14.1"; + version = "1.14.7"; }; i18n-tasks = { - dependencies = ["activesupport" "ast" "better_html" "erubi" "highline" "i18n" "parser" "rails-i18n" "rainbow" "terminal-table"]; + dependencies = ["activesupport" "ast" "erubi" "highline" "i18n" "parser" "rails-i18n" "rainbow" "ruby-progressbar" "terminal-table"]; groups = ["development"]; platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "1s4kgpv7hmlg99cnpyvajba73vib67pdp1pa3g5rwkl838xgvnji"; + sha256 = "0mpvpppwkzxal9k91lifafkwg676kqkg8ng6b1y7apfvwbhfkwvl"; type = "gem"; }; - version = "1.0.13"; + version = "1.0.15"; }; idn-ruby = { groups = ["default"]; @@ -1325,36 +1322,48 @@ }; version = "0.1.5"; }; + inline_svg = { + dependencies = ["activesupport" "nokogiri"]; + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "03x1z55sh7cpb63g46cbd6135jmp13idcgqzqsnzinbg4cs2jrav"; + type = "gem"; + }; + version = "1.10.0"; + }; io-console = { groups = ["default" "development" "pam_authentication" "production" "test"]; platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "0dikardh14c72gd9ypwh8dim41wvqmzfzf35mincaj5yals9m7ff"; + sha256 = "18pgvl7lfjpichdfh1g50rpz0zpaqrpr52ybn9liv1v9pjn9ysnd"; type = "gem"; }; - version = "0.6.0"; - }; - ipaddress = { - groups = ["default"]; - platforms = []; - source = { - remotes = ["https://rubygems.org"]; - sha256 = "1x86s0s11w202j6ka40jbmywkrx8fhq8xiy8mwvnkhllj57hqr45"; - type = "gem"; - }; - version = "0.8.3"; + version = "0.8.0"; }; irb = { - dependencies = ["rdoc" "reline"]; + dependencies = ["pp" "rdoc" "reline"]; groups = ["default" "development" "pam_authentication" "production" "test"]; platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "17p6arsklbzh2hvwwr8i4cfrpa7vhk8q88fhickhwmn7m80lxdw7"; + sha256 = "1fpxa2m83rb7xlzs57daqwnzqjmz6j35xr7zb15s73975sak4br2"; type = "gem"; }; - version = "1.8.1"; + version = "1.15.2"; + }; + jd-paperclip-azure = { + dependencies = ["addressable" "azure-blob" "hashie"]; + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "1gcikrlqv6r9pqvw2kfyvmia3rikp9irhq1c10njz4z7i5za4xk9"; + type = "gem"; + }; + version = "3.0.0"; }; jmespath = { groups = ["default"]; @@ -1371,10 +1380,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "0nalhin1gda4v8ybk6lq8f407cgfrj6qzn234yra4ipkmlbfmal6"; + sha256 = "1x5b8ipv6g0z44wgc45039k04smsyf95h2m5m67mqq35sa5a955s"; type = "gem"; }; - version = "2.6.3"; + version = "2.12.2"; }; json-canonicalization = { groups = ["default"]; @@ -1387,26 +1396,26 @@ version = "1.0.0"; }; json-jwt = { - dependencies = ["activesupport" "aes_key_wrap" "bindata" "httpclient"]; + dependencies = ["activesupport" "aes_key_wrap" "base64" "bindata" "faraday" "faraday-follow_redirects"]; groups = ["default"]; platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "04315mf4p9qa97grdfqv922paghzdfrbb982ap0p99rqwla4znv6"; + sha256 = "19bjs404inbydn40nampk5ij7vqkwpmqp3hp4dmjf50sdm6gzayc"; type = "gem"; }; - version = "1.15.3"; + version = "1.16.7"; }; json-ld = { - dependencies = ["htmlentities" "json-canonicalization" "link_header" "multi_json" "rack" "rdf"]; + dependencies = ["htmlentities" "json-canonicalization" "link_header" "multi_json" "rack" "rdf" "rexml"]; groups = ["default"]; platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "1carfj87p6cpd0xnysg5sj653rqmmwnnacsmjk42xdy40j15gp88"; + sha256 = "09xbw6kc95qgmqcfjp0jjw8dnfm28lw9b5lf8bdh3p2vpy9ihlxr"; type = "gem"; }; - version = "3.3.1"; + version = "3.3.2"; }; json-ld-preloaded = { dependencies = ["json-ld" "rdf"]; @@ -1414,21 +1423,21 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "004s52m37b2kbw8dv4rdfm2d90h1023z1mw9zfcs0x87v8aq7zyn"; + sha256 = "0l32rjawsxhgi59y7lmjwgmnk32585gih1ylvy08m3vx7cdbzmdg"; type = "gem"; }; - version = "3.2.2"; + version = "3.3.1"; }; json-schema = { - dependencies = ["addressable"]; + dependencies = ["addressable" "bigdecimal"]; groups = ["test"]; platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "155rygs093i8i04i38a97hs5icmqk2jkkhx76w31yxyr3bxfbgx3"; + sha256 = "16284slw1xqa2cf0g827hmqd3lb6kgn5z58xcrqpl7kpqj395wqy"; type = "gem"; }; - version = "4.0.0"; + version = "5.2.1"; }; jsonapi-renderer = { groups = ["default"]; @@ -1441,14 +1450,15 @@ version = "0.2.2"; }; jwt = { + dependencies = ["base64"]; groups = ["default"]; platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "16z11alz13vfc4zs5l3fk6n51n2jw9lskvc4h4prnww0y797qd87"; + sha256 = "1i8wmzgb5nfhvkx1f6bhdwfm7v772172imh439v3xxhkv3hllhp6"; type = "gem"; }; - version = "2.7.1"; + version = "2.10.1"; }; kaminari = { dependencies = ["activesupport" "kaminari-actionview" "kaminari-activerecord" "kaminari-core"]; @@ -1499,31 +1509,31 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "14gnkcp924v8sbay7q6vz4kn37jylbnvrhi4y5c5jcffd51fbwid"; + sha256 = "1j8z0757rb4kly4ghdzd6ihch6x5i0d53r543x2y9xa8cyrj7c4m"; type = "gem"; }; - version = "7.2.1"; + version = "7.2.2"; }; language_server-protocol = { groups = ["default" "development"]; platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "0gvb1j8xsqxms9mww01rmdl78zkd72zgxaap56bhv8j45z05hp1x"; + sha256 = "1k0311vah76kg5m6zr7wmkwyk5p2f9d9hyckjpn3xgr83ajkj7px"; type = "gem"; }; - version = "3.17.0.3"; + version = "3.17.0.5"; }; launchy = { - dependencies = ["addressable"]; - groups = ["default" "development"]; + dependencies = ["addressable" "childprocess" "logger"]; + groups = ["default" "development" "test"]; platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "06r43899384das2bkbrpsdxsafyyqa94il7111053idfalb4984a"; + sha256 = "17h522xhwi5m4n6n9m22kw8z0vy8100sz5f3wbfqj5cnrjslgf3j"; type = "gem"; }; - version = "2.5.2"; + version = "3.1.1"; }; letter_opener = { dependencies = ["launchy"]; @@ -1531,10 +1541,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "1y5d4ip4l12v58bgazadl45iv3a5j7jp2gwg96b6jy378zn42a1d"; + sha256 = "1cnv3ggnzyagl50vzs1693aacv08bhwlprcvjp8jcg2w7cp3zwrg"; type = "gem"; }; - version = "1.8.1"; + version = "1.10.0"; }; letter_opener_web = { dependencies = ["actionmailer" "letter_opener" "railties" "rexml"]; @@ -1542,10 +1552,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "0vvvaz2ngaxv0s6sj25gdvp73vd8pfl8q3jharadg18p3va0m1ik"; + sha256 = "0q4qfi5wnn5bv93zjf10agmzap3sn7gkfmdbryz296wb1vz1wf9z"; type = "gem"; }; - version = "2.0.0"; + version = "3.0.0"; }; link_header = { groups = ["default"]; @@ -1557,16 +1567,47 @@ }; version = "0.0.8"; }; + lint_roller = { + groups = ["default" "development"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "11yc0d84hsnlvx8cpk4cbj6a4dz9pk0r1k29p0n1fz9acddq831c"; + type = "gem"; + }; + version = "1.1.0"; + }; + linzer = { + dependencies = ["cgi" "forwardable" "logger" "net-http" "openssl" "rack" "starry" "stringio" "uri"]; + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "09rjxsmmnahxsaw0hc4f0ffw4rcncjxa01xd9v5z4q9radfidr5j"; + type = "gem"; + }; + version = "0.7.7"; + }; llhttp-ffi = { dependencies = ["ffi-compiler" "rake"]; groups = ["default"]; platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "00dh6zmqdj59rhcya0l4b9aaxq6n8xizfbil93k0g06gndyk5xz5"; + sha256 = "1g57iw0l3y7x50132x6a1jyssxa6pw7srh69g0d6j7ri37yaf9cs"; type = "gem"; }; - version = "0.4.0"; + version = "0.5.1"; + }; + logger = { + groups = ["default" "development" "pam_authentication" "production" "test"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "00q2zznygpbls8asz5knjvvj2brr3ghmqxgr83xnrdj4rk3xwvhr"; + type = "gem"; + }; + version = "1.7.0"; }; lograge = { dependencies = ["actionpack" "activesupport" "railties" "request_store"]; @@ -1585,14 +1626,14 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "0d5p9vg2qkqfy60i93mpd3b25kw4bdxfai034y5a94pxp5fws61c"; + sha256 = "0dx316q03x6rpdbl610rdaj2vfd5s8fanixk21j4gv3h5f230nk5"; type = "gem"; }; - version = "2.21.4"; + version = "2.24.1"; }; mail = { dependencies = ["mini_mime" "net-imap" "net-pop" "net-smtp"]; - groups = ["default" "development"]; + groups = ["default" "development" "test"]; platforms = []; source = { remotes = ["https://rubygems.org"]; @@ -1606,10 +1647,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "0kky3yiwagsk8gfbzn3mvl2fxlh3b39v6nawzm4wpjs6xxvvc4x0"; + sha256 = "190n2mk8m1l708kr88fh6mip9sdsh339d2s6sgrik3sbnvz4jmhd"; type = "gem"; }; - version = "1.0.2"; + version = "1.0.4"; }; mario-redis-lock = { dependencies = ["redis"]; @@ -1632,47 +1673,36 @@ }; version = "0.4.2"; }; - md-paperclip-azure = { - dependencies = ["addressable" "azure-storage-blob" "hashie"]; - groups = ["default"]; - platforms = []; - source = { - remotes = ["https://rubygems.org"]; - sha256 = "1hb1a06x3i8zrhl715jf46ha8r4iy0srcpdhnmp9l14qnnhzn0l5"; - type = "gem"; - }; - version = "2.2.0"; - }; memory_profiler = { groups = ["development" "test"]; platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "1c81d68r4wx0ckbmqxlfqc2qpd94jwcmqdm0xgr0s46r48pv9k9q"; + sha256 = "1y58ba08n4lx123c0hjcc752fc4x802mjy39qj1hq50ak3vpv8br"; type = "gem"; }; - version = "1.0.1"; + version = "1.1.0"; }; mime-types = { - dependencies = ["mime-types-data"]; - groups = ["default"]; + dependencies = ["logger" "mime-types-data"]; + groups = ["default" "test"]; platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "0q8d881k1b3rbsfcdi3fx0b5vpdr5wcrhn88r2d9j7zjdkxp5mw5"; + sha256 = "0mjyxl7c0xzyqdqa8r45hqg7jcw2prp3hkp39mdf223g4hfgdsyw"; type = "gem"; }; - version = "3.5.1"; + version = "3.7.0"; }; mime-types-data = { - groups = ["default"]; + groups = ["default" "test"]; platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "17zdim7kzrh5j8c97vjqp4xp78wbyz7smdp4hi5iyzk0s9imdn5a"; + sha256 = "0lnkfxcayx682rjjxmkjaaxq605akfka90m5rliw897sli6nprcj"; type = "gem"; }; - version = "3.2023.0808"; + version = "3.2025.0514"; }; mini_mime = { groups = ["default" "development" "test"]; @@ -1689,30 +1719,30 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "02mj8mpd6ck5gpcnsimx5brzggw5h5mmmpq2djdypfq16wcw82qq"; + sha256 = "12f2830x7pq3kj0v8nz0zjvaw02sv01bqs1zwdrc04704kwcgmqc"; type = "gem"; }; - version = "2.8.4"; + version = "2.8.9"; }; minitest = { groups = ["default" "development" "pam_authentication" "production" "test"]; platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "0bkmfi9mb49m0fkdhl2g38i3xxa02d411gg0m8x0gvbwfmmg5ym3"; + sha256 = "0mn7q9yzrwinvfvkyjiz548a4rmcwbmz2fn9nyzh4j1snin6q6rr"; type = "gem"; }; - version = "5.20.0"; + version = "5.25.5"; }; msgpack = { groups = ["default"]; platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "06n7556vxr3awh92xy1k5bli98bvq4pjm08mnl68ay4fzln7lcsg"; + sha256 = "0cnpnbn2yivj9gxkh8mjklbgnpx6nf7b8j2hky01dl0040hy0k76"; type = "gem"; }; - version = "1.7.1"; + version = "1.8.0"; }; multi_json = { groups = ["default"]; @@ -1724,25 +1754,15 @@ }; version = "1.15.0"; }; - multipart-post = { + mutex_m = { groups = ["default"]; platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "0lgyysrpl50wgcb9ahg29i4p01z0irb3p9lirygma0kkfr5dgk9x"; + sha256 = "0l875dw0lk7b2ywa54l0wjcggs94vb7gs8khfw9li75n2sn09jyg"; type = "gem"; }; - version = "2.3.0"; - }; - mutex_m = { - groups = ["default" "development" "pam_authentication" "production" "test"]; - platforms = []; - source = { - remotes = ["https://rubygems.org"]; - sha256 = "1pkxnp7p44kvs460bbbgjarr7xy1j8kjjmhwkg1kypj9wgmwb6qa"; - type = "gem"; - }; - version = "0.1.2"; + version = "0.3.0"; }; net-http = { dependencies = ["uri"]; @@ -1750,46 +1770,35 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "0y55ib1v2b8prqfi9ij7hca60b1j94s2bzr6vskwi3i5735472wq"; + sha256 = "1ysrwaabhf0sn24jrp0nnp51cdv0jf688mh5i6fsz63q2c6b48cn"; type = "gem"; }; - version = "0.3.2"; - }; - net-http-persistent = { - dependencies = ["connection_pool"]; - groups = ["default"]; - platforms = []; - source = { - remotes = ["https://rubygems.org"]; - sha256 = "0i1as2lgnw7b4jid0gw5glv5hnxz36nmfsbr9rmxbcap72ijgy03"; - type = "gem"; - }; - version = "4.0.2"; + version = "0.6.0"; }; net-imap = { dependencies = ["date" "net-protocol"]; - groups = ["default" "development"]; + groups = ["default" "development" "test"]; platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "0d0r31b79appz95dd63wmasly1qjz3hn58ffxw6ix4mqk49jcbq2"; + sha256 = "14zmzjy2sp87ac6iygkk3pz9snjvx4ks681vg4gxz8x8q7gmzajj"; type = "gem"; }; - version = "0.4.1"; + version = "0.5.8"; }; net-ldap = { groups = ["default"]; platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "0xqcffn3c1564c4fizp10dzw2v5g2pabdzrcn25hq05bqhsckbar"; + sha256 = "0g9gz39bs2iy4ky4fhjphimqd9m9wdsaz50anxgwg3yjrff3famy"; type = "gem"; }; - version = "0.18.0"; + version = "0.19.0"; }; net-pop = { dependencies = ["net-protocol"]; - groups = ["default" "development"]; + groups = ["default" "development" "test"]; platforms = []; source = { remotes = ["https://rubygems.org"]; @@ -1800,35 +1809,35 @@ }; net-protocol = { dependencies = ["timeout"]; - groups = ["default" "development"]; + groups = ["default" "development" "test"]; platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "0dxckrlw4q1lcn3qg4mimmjazmg9bma5gllv72f8js3p36fb3b91"; + sha256 = "1a32l4x73hz200cm587bc29q8q9az278syw3x6fkc9d1lv5y0wxa"; type = "gem"; }; - version = "0.2.1"; + version = "0.2.2"; }; net-smtp = { dependencies = ["net-protocol"]; - groups = ["default" "development"]; + groups = ["default" "development" "test"]; platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "1rx3758w0bmbr21s2nsc6llflsrnp50fwdnly3ixra4v53gbhzid"; + sha256 = "0dh7nzjp0fiaqq1jz90nv4nxhc2w359d7c199gmzq965cfps15pd"; type = "gem"; }; - version = "0.4.0"; + version = "0.5.1"; }; nio4r = { groups = ["default"]; platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "0w9978zwjf1qhy3amkivab0f9syz6a7k0xgydjidaf7xc831d78f"; + sha256 = "1a9www524fl1ykspznz54i0phfqya4x45hqaz67in9dvw1lfwpfr"; type = "gem"; }; - version = "2.5.9"; + version = "2.7.4"; }; nokogiri = { dependencies = ["mini_portile2" "racc"]; @@ -1836,33 +1845,21 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "0k9w2z0953mnjrsji74cshqqp08q7m1r6zhadw1w0g34xzjh3a74"; + sha256 = "0rb306hbky6cxfyc8vrwpvl40fdapjvhsk62h08gg9wwbn3n8x4c"; type = "gem"; }; - version = "1.15.4"; - }; - nsa = { - dependencies = ["activesupport" "concurrent-ruby" "sidekiq" "statsd-ruby"]; - groups = ["default"]; - platforms = []; - source = { - fetchSubmodules = false; - rev = "e020fcc3a54d993ab45b7194d89ab720296c111b"; - sha256 = "18pbm9qkancy38v0gpb6f5k0xd8r347jl4xvj4jn98ihfhzgwygj"; - type = "git"; - url = "https://github.com/jhawthorn/nsa.git"; - }; - version = "0.2.8"; + version = "1.18.8"; }; oj = { + dependencies = ["bigdecimal" "ostruct"]; groups = ["default"]; platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "0m4vsd6i093kmyz9gckvzpnws997laldaiaf86hg5lza1ir82x7n"; + sha256 = "1cajn3ylwhby1x51d9hbchm964qwb5zp63f7sfdm55n85ffn1ara"; type = "gem"; }; - version = "3.16.1"; + version = "3.16.11"; }; omniauth = { dependencies = ["hashie" "rack" "rack-protection"]; @@ -1870,23 +1867,21 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "15xjsxis357np7dy1lak39x1n8g8wxljb08wplw5i4gxi743zr7j"; + sha256 = "1hjnb5b5m549irs0h1455ipzsv82pikdagx9wjb6r4j1bkjy494d"; type = "gem"; }; - version = "2.1.1"; + version = "2.1.3"; }; omniauth-cas = { dependencies = ["addressable" "nokogiri" "omniauth"]; groups = ["default"]; platforms = []; source = { - fetchSubmodules = false; - rev = "4211e6d05941b4a981f9a36b49ec166cecd0e271"; - sha256 = "1zs0xp062f6wk7xxy8w81838qr855kp7idbgpbrhpl319xzc1xkc"; - type = "git"; - url = "https://github.com/stanhu/omniauth-cas.git"; + remotes = ["https://rubygems.org"]; + sha256 = "1yynk95xhccvkb1j7rcb834ch80y85n2bhyimq946ib487z8wcx1"; + type = "gem"; }; - version = "2.0.0"; + version = "3.0.1"; }; omniauth-rails_csrf_protection = { dependencies = ["actionpack" "omniauth"]; @@ -1894,10 +1889,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "1kwswnkyl8ym6i4wv65qh3qchqbf2n0c6lbhfgbvkds3gpmnlm7w"; + sha256 = "1q2zvkw34vk1vyhn5kp30783w1wzam9i9g5ygsdjn2gz59kzsw0i"; type = "gem"; }; - version = "1.0.1"; + version = "1.0.2"; }; omniauth-saml = { dependencies = ["omniauth" "ruby-saml"]; @@ -1905,10 +1900,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "01k9rkg97npcgm8r4x3ja8y20hsg4zy0dcjpzafx148q4yxbg74n"; + sha256 = "1sznc4d2qhqmkw1vhpx2v5i9ndfb4k25cazhz74cbv18wyp4bk2s"; type = "gem"; }; - version = "2.1.0"; + version = "2.2.4"; }; omniauth_openid_connect = { dependencies = ["omniauth" "openid_connect"]; @@ -1916,31 +1911,31 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "08yl0x203k6nrshc70zawfqh79ap1c3fyka9zwwy61cvn7sih4sz"; + sha256 = "099xg7s6450wlfzs77mbdx78g3dp0glx5q6f44i78akf7283hbqz"; type = "gem"; }; - version = "0.6.1"; + version = "0.8.0"; }; openid_connect = { - dependencies = ["activemodel" "attr_required" "json-jwt" "net-smtp" "rack-oauth2" "swd" "tzinfo" "validate_email" "validate_url" "webfinger"]; + dependencies = ["activemodel" "attr_required" "email_validator" "faraday" "faraday-follow_redirects" "json-jwt" "mail" "rack-oauth2" "swd" "tzinfo" "validate_url" "webfinger"]; groups = ["default"]; platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "1k9kdivp45v6vhzdrnl5fzhd378gjj2hl4w9bazbqnfm15rsnzc8"; + sha256 = "10i13cn40jiiw8lslkv7bj1isinnwbmzlk6msgiph3gqry08702x"; type = "gem"; }; - version = "1.4.2"; + version = "2.3.1"; }; openssl = { groups = ["default"]; platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "0c649921vg2l939z5cc3jwd8p1v49099pdhxfk7sb9qqx5wi5873"; + sha256 = "0ygfbbs3c61d32ymja2k6sznj5pr540cip9z91lhzcvsr4zmffpz"; type = "gem"; }; - version = "3.1.0"; + version = "3.3.0"; }; openssl-signature_algorithm = { dependencies = ["openssl"]; @@ -1953,6 +1948,313 @@ }; version = "1.3.0"; }; + opentelemetry-api = { + groups = ["default" "opentelemetry"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "15x9bq13k53k14r3h5r0pn7cnl3g7pdy0p0662k1s2x7mgkk7k4d"; + type = "gem"; + }; + version = "1.5.0"; + }; + opentelemetry-common = { + dependencies = ["opentelemetry-api"]; + groups = ["default" "opentelemetry"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "13c7qnqai6djfd6rjwdwcwbz9f77vcmy0chx1avpxmiqz2h9cpnf"; + type = "gem"; + }; + version = "0.22.0"; + }; + opentelemetry-exporter-otlp = { + dependencies = ["google-protobuf" "googleapis-common-protos-types" "opentelemetry-api" "opentelemetry-common" "opentelemetry-sdk" "opentelemetry-semantic_conventions"]; + groups = ["opentelemetry"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "15xssmviwsi7wqmrbx5khm2imvwsrzmxdli7rkvzqbbqpd309jq7"; + type = "gem"; + }; + version = "0.30.0"; + }; + opentelemetry-helpers-sql = { + dependencies = ["opentelemetry-api"]; + groups = ["default" "opentelemetry"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "13fvxvia6qxrdz06s5g4bs4fc1hdgkps7yz45s2n26wxqv163s0r"; + type = "gem"; + }; + version = "0.1.1"; + }; + opentelemetry-helpers-sql-obfuscation = { + dependencies = ["opentelemetry-common"]; + groups = ["default" "opentelemetry"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0jwyx8jk1faszd20s0qrvgvxs9ddvnfrqixy099pn9lqizandn7m"; + type = "gem"; + }; + version = "0.3.0"; + }; + opentelemetry-instrumentation-action_mailer = { + dependencies = ["opentelemetry-api" "opentelemetry-instrumentation-active_support" "opentelemetry-instrumentation-base"]; + groups = ["default" "opentelemetry"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "18p9dvq4mb8s5f1ndabjng07yabv5xgl5d80fcvc1383faarbdg8"; + type = "gem"; + }; + version = "0.4.0"; + }; + opentelemetry-instrumentation-action_pack = { + dependencies = ["opentelemetry-api" "opentelemetry-instrumentation-base" "opentelemetry-instrumentation-rack"]; + groups = ["default" "opentelemetry"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "1k09hr93fib38i6ajh0abkfvpvng6k2qsvds4jd08znfzyjs17jf"; + type = "gem"; + }; + version = "0.12.1"; + }; + opentelemetry-instrumentation-action_view = { + dependencies = ["opentelemetry-api" "opentelemetry-instrumentation-active_support" "opentelemetry-instrumentation-base"]; + groups = ["default" "opentelemetry"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0qf5pklfyxrn2pskhmhd1gnp9i72yaqw114rmc5nrxhbcm24chsb"; + type = "gem"; + }; + version = "0.9.0"; + }; + opentelemetry-instrumentation-active_job = { + dependencies = ["opentelemetry-api" "opentelemetry-instrumentation-base"]; + groups = ["opentelemetry"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0gb1snnd087nh8r5vvnl8ahg3k3bi2b9rb1m8r2aj7220m78hpcx"; + type = "gem"; + }; + version = "0.8.0"; + }; + opentelemetry-instrumentation-active_model_serializers = { + dependencies = ["opentelemetry-api" "opentelemetry-instrumentation-active_support" "opentelemetry-instrumentation-base"]; + groups = ["opentelemetry"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "1gjbdkamj147vd1hcjyyqir8z4nwmd05a8ac3h94y3n9n6phzzgx"; + type = "gem"; + }; + version = "0.22.0"; + }; + opentelemetry-instrumentation-active_record = { + dependencies = ["opentelemetry-api" "opentelemetry-instrumentation-base"]; + groups = ["default" "opentelemetry"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0h01lq8xjjdaprprqzj6alq7gw9lwdkkakjjyyxsg3ylpwnvkg4w"; + type = "gem"; + }; + version = "0.9.0"; + }; + opentelemetry-instrumentation-active_storage = { + dependencies = ["opentelemetry-api" "opentelemetry-instrumentation-active_support" "opentelemetry-instrumentation-base"]; + groups = ["default" "opentelemetry"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "00x7yjzflxmqiywczlih6vi301b1xm6rwbwlzv0hx87cpdm94m56"; + type = "gem"; + }; + version = "0.1.1"; + }; + opentelemetry-instrumentation-active_support = { + dependencies = ["opentelemetry-api" "opentelemetry-instrumentation-base"]; + groups = ["default" "opentelemetry"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "16frcxhnb5vjihkff3wl6pnq0m4wkpii7la1d25d03j29qsh5qcv"; + type = "gem"; + }; + version = "0.8.0"; + }; + opentelemetry-instrumentation-base = { + dependencies = ["opentelemetry-api" "opentelemetry-common" "opentelemetry-registry"]; + groups = ["default" "opentelemetry"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0l0w7iya56y458mzws9q246whff2bf597553d5i3xkrcxb707qdk"; + type = "gem"; + }; + version = "0.23.0"; + }; + opentelemetry-instrumentation-concurrent_ruby = { + dependencies = ["opentelemetry-api" "opentelemetry-instrumentation-base"]; + groups = ["opentelemetry"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "15v8khcyg9wz5v7kysagkbmdv895qahb0b6q7ajk2qznniaix9pv"; + type = "gem"; + }; + version = "0.22.0"; + }; + opentelemetry-instrumentation-excon = { + dependencies = ["opentelemetry-api" "opentelemetry-instrumentation-base"]; + groups = ["opentelemetry"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "01rzi9d1hi402a8vdr439by4zy8x4rfq3vwnlzz3nzs50mxcbr9s"; + type = "gem"; + }; + version = "0.23.0"; + }; + opentelemetry-instrumentation-faraday = { + dependencies = ["opentelemetry-api" "opentelemetry-instrumentation-base"]; + groups = ["opentelemetry"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0r25vvkxawngzm7an652npawjhir6zwics8635k5z7d60hfb2xi3"; + type = "gem"; + }; + version = "0.27.0"; + }; + opentelemetry-instrumentation-http = { + dependencies = ["opentelemetry-api" "opentelemetry-instrumentation-base"]; + groups = ["opentelemetry"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0gxvhlgk1cvn51bvahyd93axg6zd4pj3r391m3q51y30z894qhkh"; + type = "gem"; + }; + version = "0.25.1"; + }; + opentelemetry-instrumentation-http_client = { + dependencies = ["opentelemetry-api" "opentelemetry-instrumentation-base"]; + groups = ["opentelemetry"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "1p4w5zd2b0ndzwwfc8np1xyp4kzd59k7hpcwpkk0ghlmbnsmbkwh"; + type = "gem"; + }; + version = "0.23.0"; + }; + opentelemetry-instrumentation-net_http = { + dependencies = ["opentelemetry-api" "opentelemetry-instrumentation-base"]; + groups = ["opentelemetry"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "100a3kzk8ckifxaw0n6xpg6hxxw0yrqmfwjp47khgy2831r3n4li"; + type = "gem"; + }; + version = "0.23.0"; + }; + opentelemetry-instrumentation-pg = { + dependencies = ["opentelemetry-api" "opentelemetry-helpers-sql" "opentelemetry-helpers-sql-obfuscation" "opentelemetry-instrumentation-base"]; + groups = ["opentelemetry"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "09sgqwxavzgd7gsgr5w909p794g75602qsn6jvhs5qqj03bkldc5"; + type = "gem"; + }; + version = "0.30.1"; + }; + opentelemetry-instrumentation-rack = { + dependencies = ["opentelemetry-api" "opentelemetry-instrumentation-base"]; + groups = ["opentelemetry"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "1bbvp2mnbcrldcp3hzm2fv52zdsqf0i9kz4r12msq24f6l5r2mca"; + type = "gem"; + }; + version = "0.26.0"; + }; + opentelemetry-instrumentation-rails = { + dependencies = ["opentelemetry-api" "opentelemetry-instrumentation-action_mailer" "opentelemetry-instrumentation-action_pack" "opentelemetry-instrumentation-action_view" "opentelemetry-instrumentation-active_job" "opentelemetry-instrumentation-active_record" "opentelemetry-instrumentation-active_storage" "opentelemetry-instrumentation-active_support" "opentelemetry-instrumentation-base" "opentelemetry-instrumentation-concurrent_ruby"]; + groups = ["opentelemetry"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "05xpiq4j17vcjnrxxb0zkb67c4y2b7q1g4qvf6ln83b6svx2c7pj"; + type = "gem"; + }; + version = "0.36.0"; + }; + opentelemetry-instrumentation-redis = { + dependencies = ["opentelemetry-api" "opentelemetry-instrumentation-base"]; + groups = ["opentelemetry"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "183v8q8a74fc9dnb6ny44dsgq6142smic6x4ivz3v50casjznpii"; + type = "gem"; + }; + version = "0.26.1"; + }; + opentelemetry-instrumentation-sidekiq = { + dependencies = ["opentelemetry-api" "opentelemetry-instrumentation-base"]; + groups = ["opentelemetry"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "1lpkc1ihifbjns2wf17kf9pmhx73j3i1in4fkar469k4i2fylfl5"; + type = "gem"; + }; + version = "0.26.1"; + }; + opentelemetry-registry = { + dependencies = ["opentelemetry-api"]; + groups = ["default" "opentelemetry"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "13wns85c08hjy7gqqjxqad9pp5shp0lxskrssz0w3si9mazscgwh"; + type = "gem"; + }; + version = "0.4.0"; + }; + opentelemetry-sdk = { + dependencies = ["opentelemetry-api" "opentelemetry-common" "opentelemetry-registry" "opentelemetry-semantic_conventions"]; + groups = ["opentelemetry"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "1xqx6zxf6msrryz5hr2s3nwakin0nmxfgz9bkwpmpbf7lss7kngs"; + type = "gem"; + }; + version = "1.8.0"; + }; + opentelemetry-semantic_conventions = { + dependencies = ["opentelemetry-api"]; + groups = ["default" "opentelemetry"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "1jzx18lmcv27pma1hbrccb9g6daadd6c4192r8w8x2nli3shkwl9"; + type = "gem"; + }; + version = "1.11.0"; + }; orm_adapter = { groups = ["default" "pam_authentication"]; platforms = []; @@ -1963,25 +2265,36 @@ }; version = "0.5.0"; }; - ox = { + ostruct = { groups = ["default"]; platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "1yq0h1niimm8z6z8p1yxb104kxqw69bvbrax84598zfjxifcxhxz"; + sha256 = "05xqijcf80sza5pnlp1c8whdaay8x5dc13214ngh790zrizgp8q9"; type = "gem"; }; - version = "2.14.17"; + version = "0.6.1"; + }; + ox = { + dependencies = ["bigdecimal"]; + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0rhv8qdnm3s34yvsvmrii15f2238rk3psa6pq6x5x367sssfv6ja"; + type = "gem"; + }; + version = "2.14.23"; }; parallel = { groups = ["default" "development"]; platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "0jcc512l38c0c163ni3jgskvq1vc3mr8ly5pvjijzwvfml9lf597"; + sha256 = "0c719bfgcszqvk9z47w2p8j2wkz5y35k48ywwas5yxbbh3hm3haa"; type = "gem"; }; - version = "1.23.0"; + version = "1.27.0"; }; parser = { dependencies = ["ast" "racc"]; @@ -1989,10 +2302,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "0r69dbh6h6j4d54isany2ir4ni4gf2ysvk3k44awi6amz18nggpd"; + sha256 = "0i9w8msil4snx5w11ix9b0wf52vjc3r49khy3ddgl1xk890kcxi4"; type = "gem"; }; - version = "3.2.2.4"; + version = "3.3.8.0"; }; parslet = { groups = ["default"]; @@ -2020,10 +2333,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "0pfj771p5a29yyyw58qacks464sl86d5m3jxjl5rlqqw2m3v5xq4"; + sha256 = "1p2gqqrm895fzr9vi8d118zhql67bm8ydjvgqbq1crdnfggzn7kn"; type = "gem"; }; - version = "1.5.4"; + version = "1.5.9"; }; pghero = { dependencies = ["activerecord"]; @@ -2031,20 +2344,32 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "0gzbgq392b0z7ma1jrdnzzfppdlgjdl9akc4iajq4g46raqd4899"; + sha256 = "08pm154bx5zbpgcqhk7gq78qq1mb149s2l7y0fxniqfvjmq4kn58"; type = "gem"; }; - version = "3.3.4"; + version = "3.7.0"; }; - posix-spawn = { - groups = ["default"]; + playwright-ruby-client = { + dependencies = ["concurrent-ruby" "mime-types"]; + groups = ["default" "test"]; platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "0cmb0svalqcxfzlzc5fvrci12b79x7bakasr8gkl3q5rz6di1q52"; + sha256 = "114wkr2hj55c7n4xq30nb4g7kcm9a1mhsy0934jr9mzwfr0kyhaa"; type = "gem"; }; - version = "0.3.15"; + version = "1.52.0"; + }; + pp = { + dependencies = ["prettyprint"]; + groups = ["default" "development" "pam_authentication" "production" "test"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "1zxnfxjni0r9l2x42fyq0sqpnaf5nakjbap8irgik4kg1h9c6zll"; + type = "gem"; + }; + version = "0.6.2"; }; premailer = { dependencies = ["addressable" "css_parser" "htmlentities"]; @@ -2052,10 +2377,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "10rzwdz43yy20lwzsr2as6aivhvwjvqh4nd48sa0ga57sizf1fb4"; + sha256 = "1ryivdnij1990hcqqmq4s0x1vjvfl0awjc9b91f8af17v2639qhg"; type = "gem"; }; - version = "1.21.0"; + version = "1.27.0"; }; premailer-rails = { dependencies = ["actionmailer" "net-smtp" "premailer"]; @@ -2068,36 +2393,68 @@ }; version = "1.12.0"; }; - private_address_check = { - groups = ["default"]; - platforms = []; - source = { - remotes = ["https://rubygems.org"]; - sha256 = "05phz0vscfh9chv90yc9091pifw3cpwkh76flnhrmvja1q3na4cy"; - type = "gem"; - }; - version = "0.5.0"; - }; - psych = { - dependencies = ["stringio"]; + prettyprint = { groups = ["default" "development" "pam_authentication" "production" "test"]; platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "0qvzx3ddswgdx3ck48ak1wa18jai4s6ddv1a0cl59hm0dqrb737i"; + sha256 = "14zicq3plqi217w6xahv7b8f7aj5kpxv1j1w98344ix9h5ay3j9b"; type = "gem"; }; - version = "5.1.1"; + version = "0.2.0"; + }; + prism = { + groups = ["default" "development"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0gkhpdjib9zi9i27vd9djrxiwjia03cijmd6q8yj2q1ix403w3nw"; + type = "gem"; + }; + version = "1.4.0"; + }; + prometheus_exporter = { + dependencies = ["webrick"]; + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "15vl8fw8vjnaj9g129dzrwk9nlrdqgffaj3rys4ba9ns2bqim9rq"; + type = "gem"; + }; + version = "2.2.0"; + }; + propshaft = { + dependencies = ["actionpack" "activesupport" "rack" "railties"]; + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0sqg0xf46xd47zdpm8d12kfnwl0y5jb2hj10imzb3bk6mwgkd2fk"; + type = "gem"; + }; + version = "1.1.0"; + }; + psych = { + dependencies = ["date" "stringio"]; + groups = ["default" "development" "pam_authentication" "production" "test"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0vii1xc7x81hicdbp7dlllhmbw5w3jy20shj696n0vfbbnm2hhw1"; + type = "gem"; + }; + version = "5.2.6"; }; public_suffix = { groups = ["default" "development" "test"]; platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "0n9j7mczl15r3kwqrah09cxj8hxdfawiqxa60kga2bmxl9flfz9k"; + sha256 = "1543ap9w3ydhx39ljcd675cdz9cr948x9mp00ab8qvq6118wv9xz"; type = "gem"; }; - version = "5.0.3"; + version = "6.0.2"; }; puma = { dependencies = ["nio4r"]; @@ -2105,10 +2462,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "1y8jcw80zcxvdq0id329lzmp5pzx7hpac227d7sgjkblc89s3pfm"; + sha256 = "11xd3207k5rl6bz0qxhcb3zcr941rhx7ig2f19gxxmdk7s3hcp7j"; type = "gem"; }; - version = "6.4.0"; + version = "6.6.0"; }; pundit = { dependencies = ["activesupport"]; @@ -2116,10 +2473,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "1wb03yzy1j41822rbfh9nn77im3zh1f5v8di05cd8rsrdpws542b"; + sha256 = "1nmy0nkgayjifi2j38fn55nb7z1xq3ma2wp19d7c7rmz7ynvidjg"; type = "gem"; }; - version = "2.3.0"; + version = "2.5.0"; }; raabro = { groups = ["default"]; @@ -2136,20 +2493,20 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "11v3l46mwnlzlc371wr3x6yylpgafgwdf0q7hc7c1lzx6r414r5g"; + sha256 = "0byn0c9nkahsl93y9ln5bysq4j31q8xkf2ws42swighxd4lnjzsa"; type = "gem"; }; - version = "1.7.1"; + version = "1.8.1"; }; rack = { groups = ["default" "development" "pam_authentication" "production" "test"]; platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "15rdwbyk71c9nxvd527bvb8jxkcys8r3dj3vqra5b3sa63qs30vv"; + sha256 = "0da64fq3w671qhp7ji1zs84m5lyhalq4khqhbfw5dz0y6mn61dgg"; type = "gem"; }; - version = "2.2.8"; + version = "3.1.16"; }; rack-attack = { dependencies = ["rack"]; @@ -2163,37 +2520,37 @@ version = "6.7.0"; }; rack-cors = { - dependencies = ["rack"]; + dependencies = ["logger" "rack"]; groups = ["default"]; platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "02lvkg1nb4z3zc2nry545dap7a64bb9h2k8waxfz0jkabkgnpimw"; + sha256 = "0s1zymxhk7pkzsrgrn5ax862p07s0drbv0qvnq36jq1rvdhvx5bv"; type = "gem"; }; - version = "2.0.1"; + version = "3.0.0"; }; rack-oauth2 = { - dependencies = ["activesupport" "attr_required" "httpclient" "json-jwt" "rack"]; + dependencies = ["activesupport" "attr_required" "faraday" "faraday-follow_redirects" "json-jwt" "rack"]; groups = ["default"]; platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "1fknwsxz4429w1hndl6y30cmm2n34wmmaaj2hhp6jrm8ssfsfwjf"; + sha256 = "19fi42hi9l474ki89y6cs8vrpfmc1h8zpd02iwjy4hw0a1yahfn7"; type = "gem"; }; - version = "1.21.3"; + version = "2.2.1"; }; rack-protection = { - dependencies = ["rack"]; + dependencies = ["base64" "logger" "rack"]; groups = ["default"]; platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "1a12m1mv8dc0g90fs1myvis8vsgr427k1arg1q4a9qlfw6fqyhis"; + sha256 = "0sniswjyi0yn949l776h7f67rvx5w9f04wh69z5g19vlsnjm98ji"; type = "gem"; }; - version = "3.0.5"; + version = "4.1.1"; }; rack-proxy = { dependencies = ["rack"]; @@ -2201,21 +2558,21 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "1a62439xwn5v6hsl9s11hdk4wj58czhcbg7lminv23mnkc0ca147"; + sha256 = "12jw7401j543fj8cc83lmw72d8k6bxvkp9rvbifi88hh01blnsj4"; type = "gem"; }; - version = "0.7.6"; + version = "0.7.7"; }; rack-session = { - dependencies = ["rack"]; + dependencies = ["base64" "rack"]; groups = ["default" "development" "pam_authentication" "production" "test"]; platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "11w6yd60n8ng1ncs1ajlv42dg08yks09drlsgriydgpcjwz21d40"; + sha256 = "1sg4laz2qmllxh1c5sqlj9n1r7scdn08p3m4b0zmhjvyx9yw0v8b"; type = "gem"; }; - version = "1.0.1"; + version = "2.1.1"; }; rack-test = { dependencies = ["rack"]; @@ -2223,21 +2580,21 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "1ysx29gk9k14a14zsp5a8czys140wacvp91fja8xcja0j1hzqq8c"; + sha256 = "0qy4ylhcfdn65a5mz2hly7g9vl0g13p5a0rmm6sc0sih5ilkcnh0"; type = "gem"; }; - version = "2.1.0"; + version = "2.2.0"; }; rackup = { - dependencies = ["rack" "webrick"]; + dependencies = ["rack"]; groups = ["default" "development" "pam_authentication" "production" "test"]; platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "1wbr03334ba9ilcq25wh9913xciwj0j117zs60vsqm0zgwdkwpp9"; + sha256 = "13brkq5xkj6lcdxj3f0k7v28hgrqhqxjlhd4y2vlicy5slgijdzp"; type = "gem"; }; - version = "1.0.0"; + version = "2.2.1"; }; rails = { dependencies = ["actioncable" "actionmailbox" "actionmailer" "actionpack" "actiontext" "actionview" "activejob" "activemodel" "activerecord" "activestorage" "activesupport" "railties"]; @@ -2245,21 +2602,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "05yw7n1fpnw2fslbyrsl081fwnki4ih8pz4qnnhmrfniq6n3drv6"; + sha256 = "1ik4y7c545pb9lf70prv0n4drblwjlaxb22fhq18wf607slabypx"; type = "gem"; }; - version = "7.1.1"; - }; - rails-controller-testing = { - dependencies = ["actionpack" "actionview" "activesupport"]; - groups = ["test"]; - platforms = []; - source = { - remotes = ["https://rubygems.org"]; - sha256 = "151f303jcvs8s149mhx2g5mn67487x0blrf9dzl76q1nb7dlh53l"; - type = "gem"; - }; - version = "1.0.5"; + version = "8.0.2"; }; rails-dom-testing = { dependencies = ["activesupport" "minitest" "nokogiri"]; @@ -2267,10 +2613,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "0fx9dx1ag0s1lr6lfr34lbx5i1bvn3bhyf3w3mx6h7yz90p725g5"; + sha256 = "07awj8bp7jib54d0khqw391ryw8nphvqgw4bb12cl4drlx9pkk4a"; type = "gem"; }; - version = "2.2.0"; + version = "2.3.0"; }; rails-html-sanitizer = { dependencies = ["loofah" "nokogiri"]; @@ -2278,10 +2624,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "1pm4z853nyz1bhhqr7fzl44alnx4bjachcr6rh6qjj375sfz3sc6"; + sha256 = "0q55i6mpad20m2x1lg5pkqfpbmmapk0sjsrvr1sqgnj2hb5f5z1m"; type = "gem"; }; - version = "1.6.0"; + version = "1.6.2"; }; rails-i18n = { dependencies = ["i18n" "railties"]; @@ -2289,23 +2635,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "1k8jvm3l4gafw7hyvpky7yzjjnkr3iy7l59lyam8ah3kqhmzk7zf"; + sha256 = "03dy8nmq2gxvkg8zqq6c0wwz98mdwp3i9krn0slcknhb8nak2c0m"; type = "gem"; }; - version = "7.0.8"; - }; - rails-settings-cached = { - dependencies = ["rails"]; - groups = ["default"]; - platforms = []; - source = { - fetchSubmodules = false; - rev = "86328ef0bd04ce21cc0504ff5e334591e8c2ccab"; - sha256 = "06r637gimh5miq2i6ywxn9gp7nqk8n8555yw8239mykalbzda69h"; - type = "git"; - url = "https://github.com/mastodon/rails-settings-cached.git"; - }; - version = "0.6.6"; + version = "8.0.1"; }; railties = { dependencies = ["actionpack" "activesupport" "irb" "rackup" "rake" "thor" "zeitwerk"]; @@ -2313,10 +2646,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "19zsl9svr67126r1lm35y7y40i16gpnz1ppapj2h5879cnrliwrw"; + sha256 = "1yaw5sw9vxvvkkc335laxv2k34rs2nxx9hdsy604k9wvqi03yz0d"; type = "gem"; }; - version = "7.1.1"; + version = "8.0.2"; }; rainbow = { groups = ["default" "development"]; @@ -2329,25 +2662,25 @@ version = "3.1.1"; }; rake = { - groups = ["default" "development" "pam_authentication" "production" "test"]; + groups = ["default" "development" "opentelemetry" "pam_authentication" "production" "test"]; platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "15whn7p9nrkxangbs9hh75q585yfn66lv0v2mhj6q6dl6x8bzr2w"; + sha256 = "14s4jdcs1a4saam9qmzbsa2bsh85rj9zfxny5z315x3gg0nhkxcn"; type = "gem"; }; - version = "13.0.6"; + version = "13.3.0"; }; rdf = { - dependencies = ["bcp47_spec" "link_header"]; + dependencies = ["bcp47_spec" "bigdecimal" "link_header"]; groups = ["default"]; platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "0l515w395kbyz4n7lx102x1nv9yl6l72gvk67p35z4cqa74s59nx"; + sha256 = "1mlalmbj1wkwvjha92f7v91v0pbjar9gdb2ddxdyqd24zcifn3ln"; type = "gem"; }; - version = "3.3.1"; + version = "3.3.2"; }; rdf-normalize = { dependencies = ["rdf"]; @@ -2355,34 +2688,34 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "12slrdq6xch5rqj1m79k1wv09264pmhs76nm300j1jsjpcfmdg0r"; + sha256 = "1glyhg7lmzbq1w7bvvf84g7kvqxcn0mw3gsh1f8w4qfvvnbl8dwj"; type = "gem"; }; - version = "0.6.1"; + version = "0.7.0"; }; rdoc = { - dependencies = ["psych"]; + dependencies = ["erb" "psych"]; groups = ["default" "development" "pam_authentication" "production" "test"]; platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "05r2cxscapr9saqjw8dlp89as7jvc2mlz1h5kssrmkbz105qmfcm"; + sha256 = "0ssi6b33bwr1b1qsssnyjkldwwy087z33yzl58jyz5njdiwzlplh"; type = "gem"; }; - version = "6.5.0"; + version = "6.14.1"; }; redcarpet = { groups = ["default"]; platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "1sg9sbf9pm91l7lac7fs4silabyn0vflxwaa2x3lrzsm0ff8ilca"; + sha256 = "0iglapqs4av4za9yfaac0lna7s16fq2xn36wpk380m55d8792i6l"; type = "gem"; }; - version = "3.6.0"; + version = "3.6.1"; }; redis = { - groups = ["default" "test"]; + groups = ["default"]; platforms = []; source = { remotes = ["https://rubygems.org"]; @@ -2391,16 +2724,16 @@ }; version = "4.8.1"; }; - redis-namespace = { - dependencies = ["redis"]; - groups = ["default"]; + redis-client = { + dependencies = ["connection_pool"]; + groups = ["default" "test"]; platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "0f92i9cwlp6xj6fyn7qn4qsaqvxfw4wqvayll7gbd26qnai1l6p9"; + sha256 = "1fsx10xg4n18w9sr1xa128y4yf0jv5zicrj5ff5n0f1crcwywrgf"; type = "gem"; }; - version = "1.11.0"; + version = "0.24.0"; }; redlock = { dependencies = ["redis"]; @@ -2418,10 +2751,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "1d9a5s3qrjdy50ll2s32gg3qmf10ryp3v2nr5k718kvfadp50ray"; + sha256 = "0qccah61pjvzyyg6mrp27w27dlv6vxlbznzipxjcswl7x3fhsvyb"; type = "gem"; }; - version = "2.8.2"; + version = "2.10.0"; }; reline = { dependencies = ["io-console"]; @@ -2429,10 +2762,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "0187pj9k7d8kdvzjk6r6mf7z7wy18saxxhn7x7pqc840w6h4s0ja"; + sha256 = "1yvm0svcdk6377ng6l00g39ldkjijbqg4whdg2zcsa8hrgbwkz0s"; type = "gem"; }; - version = "0.3.9"; + version = "0.6.1"; }; request_store = { dependencies = ["rack"]; @@ -2440,10 +2773,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "13ppgmsbrqah08j06bybd3cddv6dml79yzyjn7r8j1src78h98h7"; + sha256 = "1jw89j9s5p5cq2k7ffj5p4av4j4fxwvwjs1a4i9g85d38r9mvdz1"; type = "gem"; }; - version = "1.5.1"; + version = "1.7.0"; }; responders = { dependencies = ["actionpack" "railties"]; @@ -2461,10 +2794,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "05i8518ay14kjbma550mv0jm8a6di8yp5phzrd8rj44z9qnrlrp0"; + sha256 = "1jmbf6lf7pcyacpb939xjjpn1f84c3nw83dy3p1lwjx0l2ljfif7"; type = "gem"; }; - version = "3.2.6"; + version = "3.4.1"; }; rotp = { groups = ["default"]; @@ -2481,10 +2814,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "0pym2zjwl6dwdfvbn7rbvmds32r70jx9qddhvvi6pqy6987ack1v"; + sha256 = "18v8if3jix029rr3j8iwisv73facw223353n0h7avl39ibxk6hh3"; type = "gem"; }; - version = "4.1.2"; + version = "4.5.2"; }; rpam2 = { groups = ["default" "pam_authentication"]; @@ -2502,20 +2835,31 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "1hggzz8i1l62pkkiybhiqv6ypxw7q844sddrrbbfczjcnj5sivi3"; + sha256 = "1bwqy1iwbyn1091mg203is5ngsnvfparwa1wh89s1sgnfmirkmg2"; type = "gem"; }; - version = "2.2.0"; + version = "3.1.0"; }; rqrcode_core = { groups = ["default"]; platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "06ld6386hbdhy5h0k09axmgn424kavpc8f27k1vjhknjhbf8jjfg"; + sha256 = "1ayrj7pwbv1g6jg5vvx6rq05lr1kbkfzbzqplj169aapmcivhh0y"; type = "gem"; }; - version = "1.2.0"; + version = "2.0.0"; + }; + rspec = { + dependencies = ["rspec-core" "rspec-expectations" "rspec-mocks"]; + groups = ["default" "test"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "14xrp8vq6i9zx37vh0yp4h9m0anx9paw200l1r5ad9fmq559346l"; + type = "gem"; + }; + version = "3.13.0"; }; rspec-core = { dependencies = ["rspec-support"]; @@ -2523,10 +2867,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "0l95bnjxdabrn79hwdhn2q1n7mn26pj7y1w5660v5qi81x458nqm"; + sha256 = "0n1rlagplpcgp41s3r68z01539aivwj0cn3v19hq4p3pgdmibnpr"; type = "gem"; }; - version = "3.12.2"; + version = "3.13.4"; }; rspec-expectations = { dependencies = ["diff-lcs" "rspec-support"]; @@ -2534,10 +2878,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "05j44jfqlv7j2rpxb5vqzf9hfv7w8ba46wwgxwcwd8p0wzi1hg89"; + sha256 = "0dl8npj0jfpy31bxi6syc7jymyd861q277sfr6jawq2hv6hx791k"; type = "gem"; }; - version = "3.12.3"; + version = "3.13.5"; }; rspec-github = { dependencies = ["rspec-core"]; @@ -2545,10 +2889,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "0kqjmd85v2fpb06d0rx43dc51f0igc1gmm8y3nz0wvmy7zg02njm"; + sha256 = "1bv8b6ld7w3rccjnxqypfdg35i91wyv551sr41647r6krbc3rbs6"; type = "gem"; }; - version = "2.4.0"; + version = "3.0.0"; }; rspec-mocks = { dependencies = ["diff-lcs" "rspec-support"]; @@ -2556,10 +2900,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "1hfm17xakfvwya236graj6c2arr4sb9zasp35q5fykhyz8mhs0w2"; + sha256 = "10gajm8iscl7gb8q926hyna83bw3fx2zb4sqdzjrznjs51pqlcz4"; type = "gem"; }; - version = "3.12.5"; + version = "3.13.5"; }; rspec-rails = { dependencies = ["actionpack" "activesupport" "railties" "rspec-core" "rspec-expectations" "rspec-mocks" "rspec-support"]; @@ -2567,10 +2911,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "086qdyz7c4s5dslm6j06mq7j4jmj958whc3yinhabnqqmz7i463d"; + sha256 = "01b5d37i3igh11v5y801gxzb1df2v0il0mfdqi4cdmxn1aqh0dqc"; type = "gem"; }; - version = "6.0.3"; + version = "8.0.1"; }; rspec-sidekiq = { dependencies = ["rspec-core" "rspec-expectations" "rspec-mocks" "sidekiq"]; @@ -2578,120 +2922,122 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "0dijmcwjn8k6lrld3yqbqfrqb5g73l57yx98y5frx54p5qxjzbzy"; + sha256 = "0rr8229zd5ylwn78dxr4w43a07k58v4chr5lblws53llm7j1qrzd"; type = "gem"; }; - version = "4.0.1"; + version = "5.1.0"; }; rspec-support = { groups = ["default" "development" "test"]; platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "1ky86j3ksi26ng9ybd7j0qsdf1lpr8mzrmn98yy9gzv801fvhsgr"; + sha256 = "1xx3f4mgr84jz07fifd3r68hm6giqy91hqyzawmi0s59yqa1hjqq"; type = "gem"; }; - version = "3.12.1"; - }; - rspec_chunked = { - groups = ["test"]; - platforms = []; - source = { - remotes = ["https://rubygems.org"]; - sha256 = "0h4bsj3m7vb47qnx5bry4v0xscrb3lhg1f1vyxl524znb3i2qqzv"; - type = "gem"; - }; - version = "0.6"; + version = "3.13.4"; }; rubocop = { - dependencies = ["base64" "json" "language_server-protocol" "parallel" "parser" "rainbow" "regexp_parser" "rexml" "rubocop-ast" "ruby-progressbar" "unicode-display_width"]; + dependencies = ["json" "language_server-protocol" "lint_roller" "parallel" "parser" "rainbow" "regexp_parser" "rubocop-ast" "ruby-progressbar" "unicode-display_width"]; groups = ["development"]; platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "1izxvc9g6vfpx081rn68z900bql30bif4lnd038cz2lgj70ljm41"; + sha256 = "1h3b1pl0wawm9w6jad2w333xijjxykvzflc8hzkd6kzb2bwscx4b"; type = "gem"; }; - version = "1.57.1"; + version = "1.78.0"; }; rubocop-ast = { - dependencies = ["parser"]; + dependencies = ["parser" "prism"]; groups = ["default" "development"]; platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "188bs225kkhrb17dsf3likdahs2p1i1sqn0pr3pvlx50g6r2mnni"; + sha256 = "0gis8w51k5dsmzzlppvwwznqyfd73fa3zcrpl1xihzy1mm4jw14l"; type = "gem"; }; - version = "1.29.0"; + version = "1.45.1"; }; rubocop-capybara = { - dependencies = ["rubocop"]; + dependencies = ["lint_roller" "rubocop"]; groups = ["development"]; platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "1jwwi5a05947q9zsk6i599zxn657hdphbmmbbpx17qsv307rwcps"; + sha256 = "030wymq0jrblrdswl1lncj60dhcg5wszz6708qzsbziyyap8rn6f"; type = "gem"; }; - version = "2.19.0"; + version = "2.22.1"; }; - rubocop-factory_bot = { - dependencies = ["rubocop"]; - groups = ["default" "development"]; + rubocop-i18n = { + dependencies = ["lint_roller" "rubocop"]; + groups = ["development"]; platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "0kqchl8f67k2g56sq2h1sm2wb6br5gi47s877hlz94g5086f77n1"; + sha256 = "1nib58p2kf7lbxz5dvjb80rajr6rmry3v9x3q3kc14i86y7j484n"; type = "gem"; }; - version = "2.23.1"; + version = "3.2.3"; }; rubocop-performance = { - dependencies = ["rubocop" "rubocop-ast"]; + dependencies = ["lint_roller" "rubocop" "rubocop-ast"]; groups = ["development"]; platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "1pzsrnjmrachdjxzl9jpw47cydicn3408vgdg3a4bss4v5r42rjj"; + sha256 = "1h9flnqk2f3llwf8g0mk0fvzzznfj7hsil3qg88m803pi9b06zbg"; type = "gem"; }; - version = "1.19.1"; + version = "1.25.0"; }; rubocop-rails = { - dependencies = ["activesupport" "rack" "rubocop"]; + dependencies = ["activesupport" "lint_roller" "rack" "rubocop" "rubocop-ast"]; groups = ["development"]; platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "05r46ds0dm44fb4p67hbz721zck8mdwblzssz2y25yh075hvs36j"; + sha256 = "1404nfa0gw3p0xzmv4b9zg9v1da0nwc4m7796pl73zi2hwy65k4z"; type = "gem"; }; - version = "2.20.2"; + version = "2.32.0"; }; rubocop-rspec = { - dependencies = ["rubocop" "rubocop-capybara" "rubocop-factory_bot"]; + dependencies = ["lint_roller" "rubocop"]; groups = ["development"]; platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "0ylwy4afnxhbrvlaf8an9nrizj78axnzggiyfcp8v531cv8six5f"; + sha256 = "0ya4815sp8g13w7a86sm0605fx7xyldck77f9pjjfrvpf5c21r60"; type = "gem"; }; - version = "2.23.2"; + version = "3.6.0"; + }; + rubocop-rspec_rails = { + dependencies = ["lint_roller" "rubocop" "rubocop-rspec"]; + groups = ["development"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0i8zvzfj9gpq71zqkbmr05bfh66jg55hbwrfh551i896ibhpalvp"; + type = "gem"; + }; + version = "2.31.0"; }; ruby-prof = { + dependencies = ["base64"]; groups = ["development" "test"]; platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "13fsfw43zx9pcix1fzxb95g09yadqjvc8971k74krrjz81vbyh51"; + sha256 = "0h23zjwma8car8jpq7af8gw39qi88rn24mass7r13ripmky28117"; type = "gem"; }; - version = "1.6.3"; + version = "1.7.2"; }; ruby-progressbar = { - groups = ["default" "development" "test"]; + groups = ["default" "development"]; platforms = []; source = { remotes = ["https://rubygems.org"]; @@ -2706,30 +3052,31 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "18vnbzin5ypxrgcs9lllg7x311b69dyrdw2w1pwz84438hmxm79s"; + sha256 = "0vgsvdaglz1spx9gxrr6xh7qqhi4qd8jd06h2ihwxmazj9ajld6y"; type = "gem"; }; - version = "1.15.0"; + version = "1.18.0"; }; - ruby2_keywords = { - groups = ["default" "development" "pam_authentication" "production" "test"]; + ruby-vips = { + dependencies = ["ffi" "logger"]; + groups = ["default"]; platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "1vz322p8n39hz3b4a9gkmz9y7a5jaz41zrm2ywf31dvkqm03glgz"; + sha256 = "0j8wxbkl261nwg7jr6kdz0zlyim4zcnnb72ynky97grqid6d61d3"; type = "gem"; }; - version = "0.0.5"; + version = "2.2.4"; }; rubyzip = { - groups = ["default" "test"]; + groups = ["default"]; platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "0grps9197qyxakbpw02pda59v45lfgbgiyw48i0mq9f2bn9y6mrz"; + sha256 = "05an0wz87vkmqwcwyh5rjiaavydfn5f4q1lixcsqkphzvj7chxw5"; type = "gem"; }; - version = "2.3.2"; + version = "2.4.1"; }; rufus-scheduler = { dependencies = ["fugit"]; @@ -2737,10 +3084,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "14lr8c2sswn0sisvrfi4448pmr34za279k3zlxgh581rl1y0gjjz"; + sha256 = "1f932ffh6v6gqpilm61rp9fcx6qcpax1fkw0ikrxfsgzn16rxyjm"; type = "gem"; }; - version = "3.9.1"; + version = "3.9.2"; }; safety_net_attestation = { dependencies = ["jwt"]; @@ -2759,10 +3106,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "1kymrjdpbmn4yaml3aaqyj1dzj8gqmm9h030dc2rj5mvja7fpi28"; + sha256 = "111r4xdcf6ihdnrs6wkfc6nqdzrjq0z69x9sf83r7ri6fffip796"; type = "gem"; }; - version = "6.0.2"; + version = "7.0.0"; }; scenic = { dependencies = ["activerecord" "railties"]; @@ -2770,42 +3117,42 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "04sd4jmgnwpilr3k061x87yyryya2mj15a8602fip49lfxza5548"; + sha256 = "1nb3an8af7f08jnhhbn8bxvgfxqb43qc9d5hgrz16ams96h3mv3f"; type = "gem"; }; - version = "1.7.0"; + version = "1.9.0"; }; - selenium-webdriver = { - dependencies = ["rexml" "rubyzip" "websocket"]; + securerandom = { + groups = ["default" "development" "pam_authentication" "production" "test"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "1cd0iriqfsf1z91qg271sm88xjnfd92b832z49p1nd542ka96lfc"; + type = "gem"; + }; + version = "0.4.1"; + }; + shoulda-matchers = { + dependencies = ["activesupport"]; groups = ["test"]; platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "037v9w6rwkdi9msydiyj31pxdlh4vcr8h8w3g1mzanbsas2m1b1a"; + sha256 = "0i1zkr4rsvf8pz1x38wkb82nsjx28prmyb5blsmw86pd5cmmfszg"; type = "gem"; }; - version = "4.13.1"; - }; - semantic_range = { - groups = ["default"]; - platforms = []; - source = { - remotes = ["https://rubygems.org"]; - sha256 = "1dlp97vg95plrsaaqj7x8l7z9vsjbhnqk4rw1l30gy26lmxpfrih"; - type = "gem"; - }; - version = "3.0.0"; + version = "6.5.0"; }; sidekiq = { - dependencies = ["connection_pool" "rack" "redis"]; + dependencies = ["base64" "connection_pool" "logger" "rack" "redis-client"]; groups = ["default" "test"]; platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "0zqr9is8y7mg5dfs1q8w5jl9spwvqkhbi9r6np8208n40hi3pydl"; + sha256 = "19xm4s49hq0kpfbmvhnjskzmfjjxw5d5sm7350mh12gg3lp7220i"; type = "gem"; }; - version = "6.5.12"; + version = "7.3.9"; }; sidekiq-bulk = { dependencies = ["sidekiq"]; @@ -2824,21 +3171,21 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "0p5jjs3x2pa2fy494xs39xbq642pri13809dcr1l3hjsm56qvp1h"; + sha256 = "1gnm98hdw1ndw0sryjimp4a0805yhwhjxg6njhz8xmdh5ycgljda"; type = "gem"; }; - version = "5.0.3"; + version = "5.0.6"; }; sidekiq-unique-jobs = { - dependencies = ["brpoplpush-redis_script" "concurrent-ruby" "redis" "sidekiq" "thor"]; + dependencies = ["concurrent-ruby" "sidekiq" "thor"]; groups = ["default"]; platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "02f91b24hrrn688wqvxb13lwvcgqb7g9k3sxylnydd6v89wr8mcg"; + sha256 = "10g1y6258xsw89c831c16z7m66i37ivhrcbfirpi0pb48fwinik3"; type = "gem"; }; - version = "7.1.29"; + version = "8.0.11"; }; simple-navigation = { dependencies = ["activesupport"]; @@ -2857,10 +3204,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "0z4df65w9qpri315lpvzazdxa9xb7yj0j3d77q06wf0jnpvw4mzs"; + sha256 = "0q3lwin7pk5rsxy2a663x6lph5arax9lqqk12fgwdy57i5ma749q"; type = "gem"; }; - version = "5.2.0"; + version = "5.3.1"; }; simplecov = { dependencies = ["docile" "simplecov-html" "simplecov_json_formatter"]; @@ -2878,10 +3225,20 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "0yx01bxa8pbf9ip4hagqkp5m0mqfnwnw2xk8kjraiywz4lrss6jb"; + sha256 = "02zi3rwihp7rlnp9x18c9idnkx7x68w6jmxdhyc0xrhjwrz0pasx"; type = "gem"; }; - version = "0.12.3"; + version = "0.13.1"; + }; + simplecov-lcov = { + groups = ["test"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "1h8kswnshgb9zidvc88f4zjy4gflgz3854sx9wrw8ppgnwfg6581"; + type = "gem"; + }; + version = "0.8.0"; }; simplecov_json_formatter = { groups = ["default" "test"]; @@ -2893,57 +3250,26 @@ }; version = "0.1.4"; }; - smart_properties = { - groups = ["default" "development"]; - platforms = []; - source = { - remotes = ["https://rubygems.org"]; - sha256 = "0jrqssk9qhwrpq41arm712226vpcr458xv6xaqbk8cp94a0kycpr"; - type = "gem"; - }; - version = "1.17.0"; - }; - sprockets = { - dependencies = ["concurrent-ruby" "rack"]; - groups = ["default"]; - platforms = []; - source = { - remotes = ["https://rubygems.org"]; - sha256 = "182jw5a0fbqah5w9jancvfmjbk88h8bxdbwnl4d3q809rpxdg8ay"; - type = "gem"; - }; - version = "3.7.2"; - }; - sprockets-rails = { - dependencies = ["actionpack" "activesupport" "sprockets"]; - groups = ["default"]; - platforms = []; - source = { - remotes = ["https://rubygems.org"]; - sha256 = "1b9i14qb27zs56hlcc2hf139l0ghbqnjpmfi0054dxycaxvk5min"; - type = "gem"; - }; - version = "3.4.2"; - }; stackprof = { groups = ["development" "test"]; platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "0bhdgfb0pmw9mav1kw9fn0ka012sa0i3h5ppvqssw5xq48nhxnr8"; + sha256 = "03788mbipmihq2w7rznzvv0ks0s9z1321k1jyr6ffln8as3d5xmg"; type = "gem"; }; - version = "0.2.25"; + version = "0.2.27"; }; - statsd-ruby = { + starry = { + dependencies = ["base64"]; groups = ["default"]; platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "028136c463nbravckxb1qi5c5nnv9r6vh2cyhiry423lac4xz79n"; + sha256 = "1c99sj460hdshiv2jps5d4mxcvz7nrvqznfpgcbnjhk9cnhv15i6"; type = "gem"; }; - version = "1.5.0"; + version = "0.2.0"; }; stoplight = { dependencies = ["redlock"]; @@ -2951,20 +3277,20 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "1vhqx7q8qpq3x9ba504n7bp0r9dxcck0r0hd73cac2iqkix6khlv"; + sha256 = "16j5w162pv45gjm0jah9hhy8q5fjplbka913c0qwxx209lbmsizd"; type = "gem"; }; - version = "3.0.2"; + version = "4.1.1"; }; stringio = { groups = ["default" "development" "pam_authentication" "production" "test"]; platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "0ix96dxbjqlpymdigb4diwrifr0bq7qhsrng95fkkp18av326nqk"; + sha256 = "1yh78pg6lm28c3k0pfd2ipskii1fsraq46m6zjs5yc9a4k5vfy2v"; type = "gem"; }; - version = "3.0.8"; + version = "3.1.7"; }; strong_migrations = { dependencies = ["activerecord"]; @@ -2972,21 +3298,21 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "0wz4zhsp4xia8zcpi98v4sgjlv2prd515l8jz4f7j0wk45dfkjs1"; + sha256 = "0mg8z7ikc7rj53hy3c5n7pqdwd4m4h22k8ig36057nnchqa34d6v"; type = "gem"; }; - version = "0.8.0"; + version = "2.4.0"; }; swd = { - dependencies = ["activesupport" "attr_required" "httpclient"]; + dependencies = ["activesupport" "attr_required" "faraday" "faraday-follow_redirects"]; groups = ["default"]; platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "12b3q2sw42nnilfb51nlqdv07f31vdv2j595kd99asnkw4cjlf5w"; + sha256 = "0m86fzmwgw0vc8p6fwvnsdbldpgbqdz9cbp2zj9z06bc4jjf5nsc"; type = "gem"; }; - version = "1.3.0"; + version = "2.0.3"; }; sysexits = { groups = ["default" "development"]; @@ -3003,10 +3329,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "09p32vp94sa1mbr0if0adf02yzc4ns00lsmpwns2xbkncwpzrqm4"; + sha256 = "0fwia5hvc1xz9w7vprzjnsym3v9j5l9ggdvy70jixbvpcpz4acfz"; type = "gem"; }; - version = "0.10.2"; + version = "0.10.3"; }; terminal-table = { dependencies = ["unicode-display_width"]; @@ -3014,10 +3340,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "14dfmfjppmng5hwj7c5ka6qdapawm3h6k9lhn8zj001ybypvclgr"; + sha256 = "1lh18gwpksk25sbcjgh94vmfw2rz0lrq61n7lwp1n9gq0cr7j17m"; type = "gem"; }; - version = "3.0.2"; + version = "4.0.0"; }; terrapin = { dependencies = ["climate_control"]; @@ -3025,50 +3351,50 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "0p18f05r0c5s70571gqig3z2ym74wx79s6rd45sprp207bqskzn9"; + sha256 = "1mkmbw5z2ma4hkrg3i697bx0j8w7ggpxyj1d7kv7fgya8cdr15lx"; type = "gem"; }; - version = "0.6.0"; + version = "1.1.0"; }; test-prof = { groups = ["development" "test"]; platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "1mhzw33lv7h8d7pyh65lis5svnmm8m6fnszbsfg3j3xk9hcl0an5"; + sha256 = "1vsk2ca9kfrxhyd2xiiyr28hmxkh9vd8j2vwl5f1yfnkv4z52n8s"; type = "gem"; }; - version = "1.2.3"; + version = "1.4.4"; }; thor = { groups = ["default" "development" "pam_authentication" "production" "test"]; platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "0k7j2wn14h1pl4smibasw0bp66kg626drxb59z7rzflch99cd4rg"; + sha256 = "1nmymd86a0vb39pzj2cwv57avdrl6pl3lf5bsz58q594kqxjkw7f"; type = "gem"; }; - version = "1.2.2"; + version = "1.3.2"; }; tilt = { groups = ["default" "development"]; platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "0p3l7v619hwfi781l3r7ypyv1l8hivp09r18kmkn6g11c4yr1pc2"; + sha256 = "0szpapi229v3scrvw1pgy0vpjm7z3qlf58m1198kxn70cs278g96"; type = "gem"; }; - version = "2.3.0"; + version = "2.6.0"; }; timeout = { groups = ["default" "development" "test"]; platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "1d9cvm0f4zdpwa795v3zv4973y5zk59j7s1x3yn90jjrhcz1yvfd"; + sha256 = "03p31w5ghqfsbz5mcjzvwgkw3h9lbvbknqvrdliy8pxmn9wz02cm"; type = "gem"; }; - version = "0.4.0"; + version = "0.4.3"; }; tpm-key_attestation = { dependencies = ["bindata" "openssl" "openssl-signature_algorithm"]; @@ -3076,10 +3402,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "0v8y5dibsyskv1ncdgszhxwzq0gzmvb0zl7sgmx0xvsgy86dhcz1"; + sha256 = "0gqr27hrmg35j7kcb6c2cx3xvkqfs42zpp9jcqw0mzbs79jy9m3z"; type = "gem"; }; - version = "0.12.0"; + version = "0.14.1"; }; tty-color = { groups = ["default"]; @@ -3128,10 +3454,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "18jr6s1cg8yb26wzkqa6874q0z93rq0y5aw092kdqazk71y6a235"; + sha256 = "0l4vh6g333jxm9lakilkva2gn17j6gb052626r1pdbmy2lhnb460"; type = "gem"; }; - version = "0.8.1"; + version = "0.8.2"; }; twitter-text = { dependencies = ["idn-ruby" "unf"]; @@ -3161,10 +3487,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "0m2d0gpsgqnv29j5h2d6g57g0rayvd460b8s2vjr8sn46bqf89m5"; + sha256 = "0f898y35w60mkx3sd8ld2ryzkj4cld04qlgxi3z3hzdlzfhpa8x9"; type = "gem"; }; - version = "1.2023.3"; + version = "1.2025.2"; }; unf = { dependencies = ["unf_ext"]; @@ -3182,41 +3508,51 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "1yj2nz2l101vr1x9w2k83a0fag1xgnmjwp8w8rw4ik2rwcz65fch"; + sha256 = "1sf6bxvf6x8gihv6j63iakixmdddgls58cpxpg32chckb2l18qcj"; type = "gem"; }; - version = "0.0.8.2"; + version = "0.0.9.1"; }; unicode-display_width = { + dependencies = ["unicode-emoji"]; groups = ["default" "development"]; platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "1d0azx233nags5jx3fqyr23qa2rhgzbhv8pxp46dgbg1mpf82xky"; + sha256 = "1has87asspm6m9wgqas8ghhhwyf2i1yqrqgrkv47xw7jq3qjmbwc"; type = "gem"; }; - version = "2.5.0"; + version = "3.1.4"; + }; + unicode-emoji = { + groups = ["default" "development"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0ajk6rngypm3chvl6r0vwv36q1931fjqaqhjjya81rakygvlwb1c"; + type = "gem"; + }; + version = "4.0.4"; }; uri = { - groups = ["default"]; + groups = ["default" "development" "pam_authentication" "production" "test"]; platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "0fa49cdssxllj1j37a56kq27wsibx5lmqxkqdk1rz3452y0bsydy"; + sha256 = "04bhfvc25b07jaiaf62yrach7khhr5jlr5bx6nygg8pf11329wp9"; type = "gem"; }; - version = "0.12.2"; + version = "1.0.3"; }; - validate_email = { - dependencies = ["activemodel" "mail"]; - groups = ["default"]; + useragent = { + groups = ["default" "development" "pam_authentication" "production" "test"]; platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "1r1fz29l699arka177c9xw7409d1a3ff95bf7a6pmc97slb91zlx"; + sha256 = "0i1q2xdjam4d7gwwc35lfnz0wyyzvnca0zslcfxm9fabml9n83kh"; type = "gem"; }; - version = "0.1.6"; + version = "0.16.11"; }; validate_url = { dependencies = ["activemodel" "public_suffix"]; @@ -3229,6 +3565,28 @@ }; version = "1.0.15"; }; + vite_rails = { + dependencies = ["railties" "vite_ruby"]; + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "005mbcprdhjqx27561mb54kssjwxwij157x6wya1yp60gdkl8p0r"; + type = "gem"; + }; + version = "3.0.19"; + }; + vite_ruby = { + dependencies = ["dry-cli" "logger" "mutex_m" "rack-proxy" "zeitwerk"]; + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0wj9ia0s7vywn66pf2jn49pfsy5h5rncjjwhaymwq32r3f2pq2p1"; + type = "gem"; + }; + version = "3.9.2"; + }; warden = { dependencies = ["rack"]; groups = ["default" "pam_authentication"]; @@ -3241,26 +3599,26 @@ version = "1.2.9"; }; webauthn = { - dependencies = ["android_key_attestation" "awrence" "bindata" "cbor" "cose" "openssl" "safety_net_attestation" "tpm-key_attestation"]; + dependencies = ["android_key_attestation" "bindata" "cbor" "cose" "openssl" "safety_net_attestation" "tpm-key_attestation"]; groups = ["default"]; platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "1ri09bf640kkw4v6k2g90q2nw1mx2hsghhngaqgb7958q8id8xrz"; + sha256 = "1sn399i804pg87b1j30x8lv2602qcndhvg0k0g4xqdfxg28zdipp"; type = "gem"; }; - version = "3.0.0"; + version = "3.4.1"; }; webfinger = { - dependencies = ["activesupport" "httpclient"]; + dependencies = ["activesupport" "faraday" "faraday-follow_redirects"]; groups = ["default"]; platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "18jj50b44a471ig7hw1ax90wxaaz40acmrf6cm7m2iyshlffy53q"; + sha256 = "0p39802sfnm62r4x5hai8vn6d1wqbxsxnmbynsk8rcvzwyym4yjn"; type = "gem"; }; - version = "1.2.0"; + version = "2.1.3"; }; webmock = { dependencies = ["addressable" "crack" "hashdiff"]; @@ -3268,21 +3626,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "0vfispr7wd2p1fs9ckn1qnby1yyp4i1dl7qz8n482iw977iyxrza"; + sha256 = "08v374yrqqhjj3xjzmvwnv3yz21r22kn071yr0i67gmwaf9mv7db"; type = "gem"; }; - version = "3.19.1"; - }; - webpacker = { - dependencies = ["activesupport" "rack-proxy" "railties" "semantic_range"]; - groups = ["default"]; - platforms = []; - source = { - remotes = ["https://rubygems.org"]; - sha256 = "0fh4vijqiq1h7w28llk67y9csc0m4wkdivrsl4fsxg279v6j5z3i"; - type = "gem"; - }; - version = "5.4.4"; + version = "3.25.1"; }; webpush = { dependencies = ["hkdf" "jwt"]; @@ -3290,43 +3637,33 @@ platforms = []; source = { fetchSubmodules = false; - rev = "f14a4d52e201128b1b00245d11b6de80d6cfdcd9"; - sha256 = "1gz34809xwyaqprxmjdyvzsxc63rdnmxn8w44iqkhpi3dzmkacmp"; + rev = "9631ac63045cfabddacc69fc06e919b4c13eb913"; + sha256 = "01vqsj9162j0rzp455sggr8k4w4i9zq0igqb7x7hghp3c53ck1v6"; type = "git"; - url = "https://github.com/ClearlyClaire/webpush.git"; + url = "https://github.com/mastodon/webpush.git"; }; - version = "0.3.8"; + version = "1.1.0"; }; webrick = { - groups = ["default" "development" "pam_authentication" "production" "test"]; - platforms = []; - source = { - remotes = ["https://rubygems.org"]; - sha256 = "13qm7s0gr2pmfcl7dxrmq38asaza4w0i2n9my4yzs499j731wh8r"; - type = "gem"; - }; - version = "1.8.1"; - }; - websocket = { - groups = ["default" "test"]; - platforms = []; - source = { - remotes = ["https://rubygems.org"]; - sha256 = "1a4zc8d0d91c3xqwapda3j3zgpfwdbj76hkb69xn6qvfkfks9h9c"; - type = "gem"; - }; - version = "1.2.10"; - }; - websocket-driver = { - dependencies = ["websocket-extensions"]; groups = ["default"]; platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "1nyh873w4lvahcl8kzbjfca26656d5c6z3md4sbqg5y1gfz0157n"; + sha256 = "12d9n8hll67j737ym2zw4v23cn4vxyfkb6vyv1rzpwv6y6a3qbdl"; type = "gem"; }; - version = "0.7.6"; + version = "1.9.1"; + }; + websocket-driver = { + dependencies = ["base64" "websocket-extensions"]; + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "1d26l4qn55ivzahbc7fwc4k4z3j7wzym05i9n77i4mslrpr9jv85"; + type = "gem"; + }; + version = "0.7.7"; }; websocket-extensions = { groups = ["default"]; @@ -3374,10 +3711,9 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "1gir0if4nryl1jhwi28669gjwhxb7gzrm1fcc8xzsch3bnbi47jn"; + sha256 = "119ypabas886gd0n9kiid3q41w76gz60s8qmiak6pljpkd56ps5j"; type = "gem"; }; - version = "2.6.12"; + version = "2.7.3"; }; } - diff --git a/nixos/pkgs/glitch-soc/missing-hashes.json b/nixos/pkgs/glitch-soc/missing-hashes.json new file mode 100644 index 00000000..af1b796f --- /dev/null +++ b/nixos/pkgs/glitch-soc/missing-hashes.json @@ -0,0 +1,75 @@ +{ + "@esbuild/aix-ppc64@npm:0.25.5": "fb872b34a2843293dc60e809968fedf93e0d8f7174b062decffae6ba861eb56aaea0cd0aba87ba99162ceb2a690f0cde4fc29c000b52c035e40c91ec7861d43e", + "@esbuild/android-arm64@npm:0.25.5": "c818e799b19b5587466bf68a27b578ccaaf866c1d144573fbde7659e3fd3f555422ec3e67f5bd186a87648957d1b6e74df4f847edea7219c16979c9916f36e91", + "@esbuild/android-arm@npm:0.25.5": "a5384933f9f2ffcadce2be49da6ff43249fe42f32a04071316434e9f633fc20c8d4029072e9a53555620c3531045786297607b852579eee30b6dbc3bc9d98cd9", + "@esbuild/android-x64@npm:0.25.5": "8ce115dc7e1e6735f23b4aadb2dfca29c0abd8577ce34802ea3d017a64e388928949134fe225dfe190babdc5ec01be5fc7794eca84738cdefc12c5e3789ce43b", + "@esbuild/darwin-arm64@npm:0.25.5": "a009eab62f2bd284a6f2001d5e08217059186ffc16907bbe873e1de40fe9b5ed92c0db2f4c4d0dc41545838850a430c8f2f35d7bdb9cd01a1a04293acd97afca", + "@esbuild/darwin-x64@npm:0.25.5": "cac8021a7a0c549263e076913346b35a5bb81f76ffbc1abfad5e7b67303f013ac0c76f111bf624ea8447b327ec86c18a60c6ff307d743a2269f5d47313f5b2de", + "@esbuild/freebsd-arm64@npm:0.25.5": "d248e7103b7094eb4288db7c9a78b2905a25b4a957f2b945531ca88d3394f45ceca2343a7c84954734534af6159bc741eb3d5c1ed9df990f7395337a1b14192c", + "@esbuild/freebsd-x64@npm:0.25.5": "8a7be0740f07f5dbb3e24bf782ca6ef518a8ce9b53e5d864221722045713586d41774cbd531df97dc868b291b3b303c12e50ca8611c3cb7b5fe09a30b38285eb", + "@esbuild/linux-arm64@npm:0.25.5": "ce3c8fca47cf0a92148fb288eb35a5c4a4dcf7a700730b3a48fdd63c13e17c719eb6b350378203fba773477eb5be637f47a6d52c5d4ce5bdc0075ee917156006", + "@esbuild/linux-arm@npm:0.25.5": "cc81ea76ab86ed2a837c9da329f7c63412d288dc0aa608c8dcdf51705dc93d5b7f966a429be4896babe611074e5898c7e6c8e07ad7f50123a05478975294fbb4", + "@esbuild/linux-ia32@npm:0.25.5": "bfed6750923afd56148f658f6ec8995479f5115116dc212ecb9e4c556064422e22eda855177e7c02cbc945494e4db1167101918c5fa932278115db2c7025a3f6", + "@esbuild/linux-loong64@npm:0.25.5": "e5c20140bbbdba53f0d86dd72961ed73e6255d2ada2d3a626f390b352170605644822ad7592f695b6e520edcefe0c5f6ba19d10694b5d11d725745d9792bde01", + "@esbuild/linux-mips64el@npm:0.25.5": "6b3559517efd0dd1301debc7af7e275b055859c26facdda2e229b1aaab6ebea4c480a1da151c46211ee4035d95bfa7f0cdacf735b57ee99d41b69c77357310b9", + "@esbuild/linux-ppc64@npm:0.25.5": "a1a1af99d758efce928335637924dcd8ddec4201af51014e1f831b012d53a0a673b1e0c31036ec9e8c5a0311439283419ec8abdfc67ecb245fa7f7b653006ed0", + "@esbuild/linux-riscv64@npm:0.25.5": "6cd8dce6723b73e0f89898ab6cd52e0d009afdacdfc0d5529134de7b832c92c2e0421fbb5cbfc0e0c0b2b00a9b1ff2c4cdb9695b2c535ebc174960e986c727a7", + "@esbuild/linux-s390x@npm:0.25.5": "31b86dbc93d19eb362bad3353e65d6da771118346e723582d06c05f1b6ffad1c3765001b5215ef1e8f0c2bb29130d98815359bbc88e5c08304354d5a92e6ea94", + "@esbuild/linux-x64@npm:0.25.5": "f878a3e40edfd8a50de94bf982a9eaf03e636a0332af163a6c905490063aae652384fb392d4765c4338fb6f991034949c92ec768ee65c3b2fceeb494b89fe8b3", + "@esbuild/netbsd-arm64@npm:0.25.5": "941c5e28a63a93f19122271b5490e196db12815702c2266c6d66401b6909a4364ab889611ba81c5359624e3ce61f0505a680a1179ed9a555d1415fa1c485d75d", + "@esbuild/netbsd-x64@npm:0.25.5": "edbefdd88ca24a373497a7c8d1fdab418827ff89c6eee1c574159dbb4d9174552aa87753f35525a894964b77c14b012164ec5582b9f19dd4d6c1f5d45df411c7", + "@esbuild/openbsd-arm64@npm:0.25.5": "d44633a374c109d2fb9c678882016e3ec3d79f0c5f21a6e6fb0114ea709bc539200b037a4e3ec52304eea2f8c5957bf16c6f0a7af5cfde41b652c4bac604bba6", + "@esbuild/openbsd-x64@npm:0.25.5": "efc4641ea653dedc9886f0603c2e7cfc6fbe94c34d4cdaee9b060a8b9d8143d1192c45da93b3e802af2c26f72ab1ad3a3fad0e0cb297d06de55814fe83ccd32c", + "@esbuild/sunos-x64@npm:0.25.5": "29860663381b6098c0fda6f69235407654dfad953e83b3f9f06a270950d5c37da4ca60a4b5915b8e2606d468b560be6179870f64a22d5b046e8a930c31a7b554", + "@esbuild/win32-arm64@npm:0.25.5": "a77d395251c8a62ab0cec07d5230222823fa02fbf3ef008d94b5213a335c9f949872c3f1c2f947abaa28098b669018e429af42f59616e049860a0072f3b006de", + "@esbuild/win32-ia32@npm:0.25.5": "ff1b6cbe835082aef5b93c3e2012d51be431d05c6ae5f90a5bc89687c687e8e2340c262dedddd124b27b511616bbc4088b5a4a949d3147f677084dc6ec572629", + "@esbuild/win32-x64@npm:0.25.5": "266e69e8d37bd4deb77443588e49472e4e9791178cb39e1692eabb67cf65d8e85a932ac468e7ebb2072c8a9ee23ad413c8f0f7d954c474f643cedbbf7aad952a", + "@parcel/watcher-android-arm64@npm:2.5.0": "2d5d66f4e904546cff638d0b27a871d695dda1205e32902f917723dc1b09a5edef4ed8064fc5c85192a4e5e5b531eb4a2d3b349015ff6170c8228e3c098d5376", + "@parcel/watcher-darwin-arm64@npm:2.5.0": "bbdbaeb31ccea5ec172adab2bb2b1a5f4b2e18ed31054d7f6b1db718238f5880e3b8bc8ac1b55c00048c7a1973e75c0c86fa04c02679f99c0bb355145c8b685b", + "@parcel/watcher-darwin-x64@npm:2.5.0": "85089bf1c0f7fb0b4007d54f97e890bf2173d1a11166e9e601b9afe6e260e9cff2eed150ea80f51aae358436376c36af75a70523f53711f16a773987422cf93b", + "@parcel/watcher-freebsd-x64@npm:2.5.0": "1355a42a68beb177f9d15b8e379b63dd2e633494e0f09a7e28a778c6a5eb082206d6690e3776e79da5263ecc8791be047c33943cfd2d09019f8f545800ed583b", + "@parcel/watcher-linux-arm-glibc@npm:2.5.0": "3c78f9ab9e9d52745f3d44200e290a64843a9346bbe6628485cc6d777a1d329fd0345a5c919daad05fb436fda59143ec2f1810789c8e594a51c7f5d8099ac682", + "@parcel/watcher-linux-arm-musl@npm:2.5.0": "80f7f97115e4d98d95735149c6b210ed1902dbf0020d20b245801272a1459f3cef75307c124c1a947450dff9d7d62440ad85e46a98e06523523170fdffab5bf1", + "@parcel/watcher-linux-arm64-glibc@npm:2.5.0": "f82fb66b301754f9bf67c7abfe41b18c987ed47f8de05750395ac7453a2c396104d44090b20450d90d5af3e9de54e06aed1520e8401343b824f3c19747cf0aa1", + "@parcel/watcher-linux-arm64-musl@npm:2.5.0": "914ebc3387884a8948594fa91520726ef9a7dfbbf7663fd00e7c0de13e08a4e7a525c9132b5439b64b9deb9b62fdfb8c5e02148013cd2383d171334ea76641c0", + "@parcel/watcher-linux-x64-glibc@npm:2.5.0": "5db33f6a134d20e8bfd8bed6d13107e7d30947e832a4f677136abee8e1c2855ea19629ccf220e95056dbff753b55fe2b698dd936f31e492b095cc6434451e9d4", + "@parcel/watcher-linux-x64-musl@npm:2.5.0": "dbf3f903c4eb6014660f4c3c0d44dcef0e21ee16908288ad0149d6c1a5c9fd7f0405d8d0e91a2493fbeef83df5784bd43f7d1426a0150e00a415b6c0eab38c98", + "@parcel/watcher-win32-arm64@npm:2.5.0": "cff6516b1dad597ca1ec8c385cf8251f5050b32ab46fc15360f2eff3a40b61b7107eee56df73764007d9bd6b826960d2f3589c8e0ce270bb5b2a292313bd7a1b", + "@parcel/watcher-win32-ia32@npm:2.5.0": "ad9d2c9ae3a7031105fc90418050a910d4b679ead36e5fdcbb1b3e4afbaf56aec6566863e3a374c645c82f57073d8f643183f19c67c8c48b0aa62224c05fdb9d", + "@parcel/watcher-win32-x64@npm:2.5.0": "aa9660bdb2fe70de5163f9f8419e263711fd30612244fb7feb58fce49a653b88ac0e1e29646fb1fc76b86fd8215e62eea5ded0616725987dfca5372041925bd2", + "@rollup/rollup-android-arm-eabi@npm:4.40.2": "cb502d6933de94860f9d49a4b4e849a206d10d9b1a424847cb2545667f8937ac891a37854e2934992b39521dc8b8daa2ec6b683da6bb47ef893ab24f9424c887", + "@rollup/rollup-android-arm64@npm:4.40.2": "42e04ae6605f8a31cc7daf484f9104e6d2174a99e39d829c24d77780cd257a6dab67f5c6a38e84e5a967ad4a64a042f1e6dfbe75444aa03517e83d8436179726", + "@rollup/rollup-darwin-arm64@npm:4.40.2": "8e641fd8a888504c516e76e525a7fcc099d363a82ce8569a1a5bb2fdcf632fa262e1a73b47932a922d132e0c46fab6ba04490053f63e6e4fb30c313a499b139f", + "@rollup/rollup-darwin-x64@npm:4.40.2": "9dca62986fa2afef8c5addcb1eb4ee08afbd3aa03ece3c5372a82a785af67ae441b9782dd542018fa5bb39a6de34ea53f10795d6f6f801a0469ce7979c52c729", + "@rollup/rollup-freebsd-arm64@npm:4.40.2": "f21c73712c4cb74a797998e8adfa83bb7ff0d6cc3e7353eae5b213b4bb3f9f481e025d37dd67aeee7488b9fc9ecd0bc8f85a61469cfa6592ed9292d14ba868d0", + "@rollup/rollup-freebsd-x64@npm:4.40.2": "9f8b6abb5be2527e6cffdaf0dd95a8bbb6f4aa5599be2bfe919e8252f57558f0a06b66748d29cb1e42d0b65e1d2ef0ec2d6a429d3c8a1a85352269d88ffbda17", + "@rollup/rollup-linux-arm-gnueabihf@npm:4.40.2": "fc205b61c54ddaac7bb45768c3b4bbd79632df3f7bbe65532f5453d54e1a31c1d3f1e4508a00323cf0656d6c5a69f0793989d11fd0805dc2621053c8c6fbcaa3", + "@rollup/rollup-linux-arm-musleabihf@npm:4.40.2": "14fde6bac72d734462b9c2fa3594934454069d01422fe12e650ae6fc9e998daac3d43d1726a0aa040cac9d4de43cf75ca34d82932e0a2c3f564f49f0b6fba4af", + "@rollup/rollup-linux-arm64-gnu@npm:4.40.2": "1a7c361022d74025076d322cdeb741923f1d3e0d5e1a12fd4dcc678a7c3dc8a07002f6ec4d537b6f089c75b90273cd700580b9ac1b1d45fa68908eadb524f1c7", + "@rollup/rollup-linux-arm64-musl@npm:4.40.2": "2fbf7f6f28bfe5148b1a82b04569574bc865b65f6e8f874aa8b175ad3c3ee9197a9a22bc3693153f0d55ff2bd78938b15e162cafa4b77756d1933036b0520bf0", + "@rollup/rollup-linux-loongarch64-gnu@npm:4.40.2": "ae77d9e7a797868fbd6887b8b4a8a26bcd96ea632022ddc47c570d90ad6e47b2ac0b3a933885c06a0af5ad57b5f818f4531ff6961b351e9705f5af6dd26b2427", + "@rollup/rollup-linux-powerpc64le-gnu@npm:4.40.2": "867b6bc576e07110181f41c588b1a7ee22a6571bf5a3ceff0527c1e7c4540b5122d34b99f0c56c00d5c33a2e517fbb16c3e269cc4c08110e69dc0f0e4b2fbf26", + "@rollup/rollup-linux-riscv64-gnu@npm:4.40.2": "52f07f3e5e008cd0d277d5290524682c8ec5c03e08659b07a800fddc00b450dbf8df08612921b9fe6e4e16d60d5e282027d9b260ff520c40bf3e7c5e1efabb60", + "@rollup/rollup-linux-riscv64-musl@npm:4.40.2": "6483ab13ac5626c5b94d72aad3ffafe63a3572899824b1d37e59bc071b147f3d498864a0e19942e013a4488aa9262a92817232ca6c38339e3de62c3c4aca87e3", + "@rollup/rollup-linux-s390x-gnu@npm:4.40.2": "842ad92a20ff994091d4ba4c16f87e2f8a57e1eb9e3004c20aaeeb692bc2061619dd43ba4dd246712f8904fe1480e6211b43e9fd2e11a5faebbeebea0c79da63", + "@rollup/rollup-linux-x64-gnu@npm:4.40.2": "c440df4beca32d238b0a0f0b1017fb30da52c0f705946177c01a08d7d214ae190b2070885d93e15ff5fb5741e0964e1370bdd45f8a94e9a4689816f06f18c5a0", + "@rollup/rollup-linux-x64-musl@npm:4.40.2": "9874b4cce42573d460634443ddb730d348360089bf93667309e660301e4e389d8ae80abe7f33fa9a20db5e67984e107e17d1479bdfee278d74bc60dde6ab5f83", + "@rollup/rollup-win32-arm64-msvc@npm:4.40.2": "b61552ab831efde1ca4823cab1982d3d681e1be269d67d60558cd2ac86fe3802f6d569300d9ada084acebae27257b00c68f9d858261a579b5d8686956aa92ba0", + "@rollup/rollup-win32-ia32-msvc@npm:4.40.2": "13ad059483b26bbf12af5108207d66a98ae2aef7599f27a506b998c781921b653dacc63ee0db57bb6f37c920163fd8bc40072e0be0ec6b1e5f52eb3f1455efeb", + "@rollup/rollup-win32-x64-msvc@npm:4.40.2": "98ab8600ecbeab358c53ed563a7b586da0c5cdf26c03456a982a016b2f8eff6e2ec07055d15fe039b982a18a970744390d85a05970c9a8b1533c54702026f8df", + "@unrs/resolver-binding-darwin-arm64@npm:1.3.2": "c8c61120e2bead2e0fec054399107e1ebd39455a2b7d59a5446cafad86cca376e0010e65644c41da0958a065869dcbe0509a29394b52a469a48990d32bf7a6e8", + "@unrs/resolver-binding-darwin-x64@npm:1.3.2": "ee67a4043d2e297cb1362b7aa25be3f5defef9eb13f4e80358c3f22ffdef043ef905ac661fc9e70359383bafed5837a52bd001b49a8ea4f70372051d89ee6eff", + "@unrs/resolver-binding-freebsd-x64@npm:1.3.2": "5f19ef3991435a96e682d427a8d9b28886b4afc9ea5b723e51c4bca51f25bb24add8819ed91c9f228bd39e139d51625cc127ddd35efd6c3f6e1d88106808fad1", + "@unrs/resolver-binding-linux-arm-gnueabihf@npm:1.3.2": "f77b2345c2b572b569089092fa6c08b5a55fdb08d26e1db3cdfa0d195511a0efbe109c558e77bfd78d7aed4ffe47b6542890c9cad032cc00bb0fcd5f373f5090", + "@unrs/resolver-binding-linux-arm-musleabihf@npm:1.3.2": "8b7156d8c641994c39626522ba42e69eef8d868a69b319c9ea5f7584ef0c4ea98bc698c1a4417d209dd3a786630be404d459680cf5b5b2500d3c4b0eb1be894f", + "@unrs/resolver-binding-linux-arm64-gnu@npm:1.3.2": "93b28c2ea0dae2d452659e0afde6099107b70362043e19800e35b7ae86350856dfa0a4d6ba2be566c225965b458b5fba78a10219cf78e6fc0c581373cd2e2a52", + "@unrs/resolver-binding-linux-arm64-musl@npm:1.3.2": "49ed9f24838e876eb1bba9b5f3e283af0716ee23f7d11a799a6376a47fa59a2e28b724431ca165a3874d60b1ed5a6b6c7650fe207f0610a788c88baa7862688f", + "@unrs/resolver-binding-linux-ppc64-gnu@npm:1.3.2": "9fad22ffbf7aadf471a6d054c833a9b4cea74e2c38be40d546e6ba71058a6be10fa4e28947425ef33d42dc77de1c81b631fbff5a96a637c3a7652910f3e27d76", + "@unrs/resolver-binding-linux-s390x-gnu@npm:1.3.2": "dd28e351f19268c4735da984e96301d8433603cf109b2b6880aab9bb8f448242699b7f84c36c536ca4a9443f944153098a3d3e78fce26d0c56fe3406d73d4b55", + "@unrs/resolver-binding-linux-x64-gnu@npm:1.3.2": "e1cc70d8e012bc61bf5af85c2e9905aa1953c06daaab9b3857d780424c62807ccd0c5a20acb919e3accec7152badee426b1514ab9a4256b77945c3e7c8df3496", + "@unrs/resolver-binding-linux-x64-musl@npm:1.3.2": "e97b95e53d029e4ccaf7cf32072e644c495d8e1f097b6fdeb417860db4db4b752d84f5fa6310b9f170a1fbf0562696f0145005dda4a95d658ea0857fac6c51dd", + "@unrs/resolver-binding-wasm32-wasi@npm:1.3.2": "d3f16f36ba5dd714ef3eaf7bc57597e9f9a1fab7c6b5fb5dc5bf688d81a1bd4a574da16bd3e2b383181032a71001583b6534c21e5ffde1ee43fcfa95bc292f3b", + "@unrs/resolver-binding-win32-arm64-msvc@npm:1.3.2": "de65010d133e99a062827f698a7e50c30db15d9f6b9011d351762cc8809497e97c4617b7d6ca3052583ca3f6b8c3cb1f2857fd0c9afd944c7ebb65d5e1da74f6", + "@unrs/resolver-binding-win32-ia32-msvc@npm:1.3.2": "f214a8950e823c60656d2d113584c3cd20c6e92668f43f73c13c3ddfe38a7063615e42537645e2aa52a0652ace9c82e8fd5d9411043a6985ccb49d8dc8bb2595", + "@unrs/resolver-binding-win32-x64-msvc@npm:1.3.2": "38ca5f5912d7cddd3f3e1983ad8e79d084ab3f5990189ce8cdfcfc3b58d97cc0dd7b543cc78ff43eb1769d15a8c235339a5942c688ab680192caa4c97116a511" +} diff --git a/nixos/pkgs/glitch-soc/patches/placeholder.patch b/nixos/pkgs/glitch-soc/patches/placeholder.patch new file mode 100644 index 00000000..e69de29b diff --git a/nixos/pkgs/glitch-soc/source.nix b/nixos/pkgs/glitch-soc/source.nix new file mode 100644 index 00000000..d13ab2f0 --- /dev/null +++ b/nixos/pkgs/glitch-soc/source.nix @@ -0,0 +1,23 @@ +/* +This fetches the glitch-soc source from GitHub and patches it. + +This needs to be a separately buildable package so that update.sh can build it during upgrading, +because it needs it for generating `gemset.nix` from the Gemfile in the source. +*/ + +{ + applyPatches, + fetchFromGitHub, + lib, +}: + +let + versionData = import ./version_data.nix; +in applyPatches { + src = fetchFromGitHub { + owner = "glitch-soc"; + repo = "mastodon"; + inherit (versionData) rev hash; + }; + patches = lib.filesystem.listFilesRecursive ./patches; +} diff --git a/nixos/pkgs/glitch-soc/update.sh b/nixos/pkgs/glitch-soc/update.sh new file mode 100755 index 00000000..09a79a34 --- /dev/null +++ b/nixos/pkgs/glitch-soc/update.sh @@ -0,0 +1,48 @@ +#!/usr/bin/env -S nix shell nixpkgs#coreutils nixpkgs#bundix nixpkgs#nix-prefetch-github nixpkgs#jq nixpkgs-unstable#yarn-berry_4.yarn-berry-fetcher -c bash + +set -e + +cd "$(dirname "$0")" # cd to the script's directory + +echo "Retrieving latest glitch-soc/mastodon commit..." +commit="$(curl -SsL 'https://api.github.com/repos/glitch-soc/mastodon/branches/main')" +rev="$(jq -r '.commit.sha' <<<"$commit")" +echo "Latest commit is $rev." + +echo +echo "Prefetching glitch-soc/mastodon source..." +hash="$(nix-prefetch-github glitch-soc mastodon --rev $rev | jq -r '.hash')" +echo "Source hash is $hash." + +echo +echo "Building source derivation..." +srcdir="$(nix build --no-link --print-out-paths --no-warn-dirty ../..#glitch-soc-source)" +echo "Source derivation is $srcdir." + +echo +echo "Generating gemset.nix using built source derivation..." +rm -f gemset.nix +bundix --quiet --lockfile $srcdir/Gemfile.lock --gemfile $srcdir/Gemfile + +echo +echo "Generating missing yarn hashes file..." +rm -f missing-hashes.json +yarn-berry-fetcher missing-hashes $srcdir/yarn.lock 2>/dev/null > missing-hashes.json + +echo +echo "Prefetching yarn deps..." +yarn_hash="$(yarn-berry-fetcher prefetch "$srcdir/yarn.lock" ./missing-hashes.json 2>/dev/null)" + +echo +echo "Generating version_data.nix..." +cat > version_data.nix << EOF +# This file was generated with update.sh. +{ + rev = "$rev"; + hash = "$hash"; + yarnHash = "$yarn_hash"; +} +EOF + +echo +echo "Done." diff --git a/nixos/pkgs/glitch-soc/version_data.nix b/nixos/pkgs/glitch-soc/version_data.nix new file mode 100644 index 00000000..720e0ff9 --- /dev/null +++ b/nixos/pkgs/glitch-soc/version_data.nix @@ -0,0 +1,6 @@ +# This file was generated with update.sh. +{ + rev = "e4a22e8068ce7e6b4f252052ef613e15b946ee79"; + hash = "sha256-GxlU0UibtvmfppW0y/FqQU5AgWPTyYvLa+IAt4KiW/0="; + yarnHash = "sha256-uLuNOjqjBJr7jjwEUQVA+jz2lTRVPKj9XDqzq5W9plM="; +} diff --git a/pkgs/plex-pass/default.nix b/nixos/pkgs/plex-pass/default.nix similarity index 100% rename from pkgs/plex-pass/default.nix rename to nixos/pkgs/plex-pass/default.nix diff --git a/pkgs/plex-pass/raw.nix b/nixos/pkgs/plex-pass/raw.nix similarity index 100% rename from pkgs/plex-pass/raw.nix rename to nixos/pkgs/plex-pass/raw.nix diff --git a/nixos/pkgs/plex-pass/sources.json b/nixos/pkgs/plex-pass/sources.json new file mode 100644 index 00000000..a1b8530c --- /dev/null +++ b/nixos/pkgs/plex-pass/sources.json @@ -0,0 +1,14 @@ +[ + { + "version": "1.41.9.9961", + "platform": "aarch64-linux", + "url": "https://downloads.plex.tv/plex-media-server-new/1.41.9.9961-46083195d/debian/plexmediaserver_1.41.9.9961-46083195d_arm64.deb", + "hash": "1gxiwzv799w2b18mlq1yx5z3x9k51f88yc9k7mmcn5a224a11kxf" + }, + { + "version": "1.41.9.9961", + "platform": "x86_64-linux", + "url": "https://downloads.plex.tv/plex-media-server-new/1.41.9.9961-46083195d/debian/plexmediaserver_1.41.9.9961-46083195d_amd64.deb", + "hash": "0hnwsh9x48xx9grgv4j30ymbr7v9bdfkl3dnfwjbqr0g3zb22av2" + } +] diff --git a/pkgs/plex-pass/update.sh b/nixos/pkgs/plex-pass/update.sh similarity index 100% rename from pkgs/plex-pass/update.sh rename to nixos/pkgs/plex-pass/update.sh diff --git a/pkgs/roundcube-swipe/default.nix b/nixos/pkgs/roundcube-swipe/default.nix similarity index 100% rename from pkgs/roundcube-swipe/default.nix rename to nixos/pkgs/roundcube-swipe/default.nix diff --git a/pkgs/vscode-extensions/platformio.nix b/nixos/pkgs/vscode-extensions/platformio.nix similarity index 100% rename from pkgs/vscode-extensions/platformio.nix rename to nixos/pkgs/vscode-extensions/platformio.nix diff --git a/nixos/util.nix b/nixos/util.nix index 79fe2a0f..be8c54ff 100644 --- a/nixos/util.nix +++ b/nixos/util.nix @@ -1,4 +1,4 @@ -{ nixpkgs, home-manager, mailserver, lanzaboote, attic, ... }: +{ nixpkgs, home-manager, mailserver, lanzaboote, ... }: let inherit (builtins) filter attrValues concatMap mapAttrs; inherit (nixpkgs.lib.attrsets) mapAttrsToList; @@ -6,7 +6,6 @@ let ./common home-manager.nixosModules.home-manager mailserver.nixosModules.mailserver - attic.nixosModules.atticd ]; type_import = let diff --git a/notes/arch.md b/notes/arch.md deleted file mode 100644 index 06df16b4..00000000 --- a/notes/arch.md +++ /dev/null @@ -1,23 +0,0 @@ -# NixOS System Config Plans - -## Levels of abstraction -1. Top-Level Host - * This is a bare-metal or otherwise non-managed VM that itself will contain VMs and Containers -2. MicroVM / Container - * As managed by a Top-Level Host - * Contains Applications/Services -3. Services / Applications - * Lowest Level, ran inside of a container or in special cases on a Top-Level Host - * Often has a port and domain associated with it - -## Open Questions -* Are MicroVMs and Containers LAN-routable or only on the Top-Level Host - * Essentially Docker vs. Proxmox networking architecture - - -## Requirements -* DHCP should be able to autoconfigure IPs at least for Top-Level hosts -* DNS should be automatically generated from Service definitions -* A Reverse Proxy shoudl also be able to be automatically set-up from service definitions -* Wireguard should function correctly - diff --git a/pkgs/glitch-soc/default.nix b/pkgs/glitch-soc/default.nix deleted file mode 100644 index ac4083fd..00000000 --- a/pkgs/glitch-soc/default.nix +++ /dev/null @@ -1,169 +0,0 @@ -{ lib, stdenv, nodejs-slim, bundlerEnv, nixosTests -, yarn, callPackage, imagemagick, ffmpeg, file, ruby, writeShellScript -, fetchYarnDeps, prefetch-yarn-deps -, brotli - - # Allow building a fork or custom version of Mastodon: -, pname ? "mastodon" -, version ? srcOverride.version -, patches ? [] - # src is a package -, srcOverride ? callPackage ./source.nix { inherit patches; } -, gemset ? ./. + "/gemset.nix" -, yarnHash ? srcOverride.yarnHash -}: - -stdenv.mkDerivation rec { - inherit pname version; - - src = srcOverride; - - mastodonGems = bundlerEnv { - name = "${pname}-gems-${version}"; - inherit version gemset ruby; - gemdir = src; - # This fix (copied from https://github.com/NixOS/nixpkgs/pull/76765) replaces the gem - # symlinks with directories, resolving this error when running rake: - # /nix/store/451rhxkggw53h7253izpbq55nrhs7iv0-mastodon-gems-3.0.1/lib/ruby/gems/2.6.0/gems/bundler-1.17.3/lib/bundler/settings.rb:6:in `': uninitialized constant Bundler::Settings (NameError) - postBuild = '' - for gem in "$out"/lib/ruby/gems/*/gems/*; do - cp -a "$gem/" "$gem.new" - rm "$gem" - # needed on macOS, otherwise the mv yields permission denied - chmod +w "$gem.new" - mv "$gem.new" "$gem" - done - ''; - }; - - mastodonModules = stdenv.mkDerivation { - pname = "${pname}-modules"; - inherit src version; - - yarnOfflineCache = fetchYarnDeps { - yarnLock = "${src}/yarn.lock"; - hash = yarnHash; - }; - - nativeBuildInputs = [ prefetch-yarn-deps nodejs-slim yarn mastodonGems mastodonGems.wrappedRuby brotli ]; - - RAILS_ENV = "production"; - NODE_ENV = "production"; - - buildPhase = '' - runHook preBuild - - export HOME=$PWD - # This option is needed for openssl-3 compatibility - # Otherwise we encounter this upstream issue: https://github.com/mastodon/mastodon/issues/17924 - export NODE_OPTIONS=--openssl-legacy-provider - fixup-yarn-lock ~/yarn.lock - yarn config --offline set yarn-offline-mirror $yarnOfflineCache - yarn install --offline --frozen-lockfile --ignore-engines --ignore-scripts --no-progress - - patchShebangs ~/bin - patchShebangs ~/node_modules - - # skip running yarn install - rm -rf ~/bin/yarn - - OTP_SECRET=precompile_placeholder SECRET_KEY_BASE=precompile_placeholder \ - rails assets:precompile - yarn cache clean --offline - rm -rf ~/node_modules/.cache - - # Create missing static gzip and brotli files - gzip --best --keep ~/public/assets/500.html - gzip --best --keep ~/public/packs/report.html - find ~/public/assets -maxdepth 1 -type f -name '.*.json' \ - -exec gzip --best --keep --force {} ';' - brotli --best --keep ~/public/packs/report.html - find ~/public/assets -type f -regextype posix-extended -iregex '.*\.(css|js|json|html)' \ - -exec brotli --best --keep {} ';' - - runHook postBuild - ''; - - installPhase = '' - runHook preInstall - - mkdir -p $out/public - cp -r node_modules $out/node_modules - cp -r public/assets $out/public - cp -r public/packs $out/public - - runHook postInstall - ''; - }; - - propagatedBuildInputs = [ imagemagick ffmpeg file mastodonGems.wrappedRuby ]; - buildInputs = [ mastodonGems nodejs-slim ]; - - buildPhase = '' - runHook preBuild - - ln -s $mastodonModules/node_modules node_modules - ln -s $mastodonModules/public/assets public/assets - ln -s $mastodonModules/public/packs public/packs - - patchShebangs bin/ - for b in $(ls $mastodonGems/bin/) - do - if [ ! -f bin/$b ]; then - ln -s $mastodonGems/bin/$b bin/$b - fi - done - - # Remove execute permissions - chmod 0444 public/emoji/*.svg - - # Create missing static gzip and brotli files - find public -maxdepth 1 -type f -regextype posix-extended -iregex '.*\.(css|js|svg|txt|xml)' \ - -exec gzip --best --keep --force {} ';' \ - -exec brotli --best --keep {} ';' - find public/emoji -type f -name '.*.svg' \ - -exec gzip --best --keep --force {} ';' \ - -exec brotli --best --keep {} ';' - ln -s assets/500.html.gz public/500.html.gz - ln -s assets/500.html.br public/500.html.br - ln -s packs/sw.js.gz public/sw.js.gz - ln -s packs/sw.js.br public/sw.js.br - ln -s packs/sw.js.map.gz public/sw.js.map.gz - ln -s packs/sw.js.map.br public/sw.js.map.br - - rm -rf log - ln -s /var/log/mastodon log - ln -s /tmp tmp - - runHook postBuild - ''; - - installPhase = let - run-streaming = writeShellScript "run-streaming.sh" '' - # NixOS helper script to consistently use the same NodeJS version the package was built with. - ${nodejs-slim}/bin/node ./streaming - ''; - in '' - runHook preInstall - - mkdir -p $out - cp -r * $out/ - ln -s ${run-streaming} $out/run-streaming.sh - - runHook postInstall - ''; - - passthru = { - tests.mastodon = nixosTests.mastodon; - # run with: nix-shell ./maintainers/scripts/update.nix --argstr package mastodon - updateScript = ./update.sh; - }; - - meta = with lib; { - description = "Self-hosted, globally interconnected microblogging software based on ActivityPub"; - homepage = "https://joinmastodon.org"; - license = licenses.agpl3Plus; - platforms = [ "x86_64-linux" "i686-linux" "aarch64-linux" ]; - maintainers = with maintainers; [ happy-river erictapen izorkin ghuntley ]; - }; -} diff --git a/pkgs/glitch-soc/source.nix b/pkgs/glitch-soc/source.nix deleted file mode 100644 index 9fc7000d..00000000 --- a/pkgs/glitch-soc/source.nix +++ /dev/null @@ -1,18 +0,0 @@ -# This file was generated by pkgs.mastodon.updateScript. -{ fetchFromGitHub, applyPatches, patches ? [] }: -let - version = "0e562916cce3241d98bd10f04a6aa7419700605"; -in -( - applyPatches { - src = fetchFromGitHub { - owner = "glitch-soc"; - repo = "mastodon"; - rev = "v${version}"; - hash = "sha256-fZH3zPEU5jnYFhLx8OKDNrvsSVT46Peu92L84Fg5YpQ="; - }; - inherit patches; - }) // { - inherit version; - yarnHash = "sha256-P7KswzsCusyiS4MxUFnC1HYMTQ6fLpIwd97AglCukIk="; -} diff --git a/pkgs/glitch-soc/update.sh b/pkgs/glitch-soc/update.sh deleted file mode 100755 index 8e835043..00000000 --- a/pkgs/glitch-soc/update.sh +++ /dev/null @@ -1,112 +0,0 @@ -#!/usr/bin/env nix-shell -#! nix-shell -i bash -p bundix coreutils diffutils nix-prefetch-github gnused jq prefetch-yarn-deps -set -e - -OWNER=mastodon -REPO=mastodon - -POSITIONAL=() -while [[ $# -gt 0 ]]; do - key="$1" - - case $key in - --owner) - OWNER="$2" - shift # past argument - shift # past value - ;; - --repo) - REPO="$2" - shift # past argument - shift # past value - ;; - --ver) - VERSION="$2" - shift # past argument - shift # past value - ;; - --rev) - REVISION="$2" - shift # past argument - shift # past value - ;; - --patches) - PATCHES="$2" - shift # past argument - shift # past value - ;; - *) # unknown option - POSITIONAL+=("$1") - shift # past argument - ;; - esac -done - -if [[ -n "$POSITIONAL" ]]; then - echo "Usage: update.sh [--owner OWNER] [--repo REPO] [--ver VERSION] [--rev REVISION] [--patches PATCHES]" - echo "OWNER and REPO must be paths on github." - echo "If REVISION is not provided, the latest tag from github.com/mastodon/mastodon is fetched and VERSION is calculated from it." - echo "If OWNER and REPO are not provided, it defaults they default to mastodon and mastodon." - echo "PATCHES, if provided, should be one or more Nix expressions separated by spaces." - exit 1 -fi - -if [[ -z "$REVISION" ]]; then - REVISION="$(curl ${GITHUB_TOKEN:+" -u \":$GITHUB_TOKEN\""} -s "https://api.github.com/repos/$OWNER/$REPO/releases" | jq -r 'map(select(.prerelease == false)) | .[0].tag_name')" -fi - -VERSION="$(echo "$REVISION" | cut -c2-)" - -rm -f gemset.nix source.nix -cd "$(dirname "${BASH_SOURCE[0]}")" || exit 1 - -WORK_DIR=$(mktemp -d) - -# Check that working directory was created. -if [[ -z "$WORK_DIR" || ! -d "$WORK_DIR" ]]; then - echo "Could not create temporary directory" - exit 1 -fi - -# Delete the working directory on exit. -function cleanup { - # Report errors, if any, from nix-prefetch-git - grep "fatal" $WORK_DIR/nix-prefetch-git.out >/dev/stderr || true - rm -rf "$WORK_DIR" -} -trap cleanup EXIT - -echo "Fetching source code $REVISION" -JSON=$(nix-prefetch-github "$OWNER" "$REPO" --rev "$REVISION" 2> $WORK_DIR/nix-prefetch-git.out) -HASH=$(echo "$JSON" | jq -r .hash) - -cat > source.nix << EOF -# This file was generated by pkgs.mastodon.updateScript. -{ fetchFromGitHub, applyPatches, patches ? [] }: -let - version = "$VERSION"; -in -( - applyPatches { - src = fetchFromGitHub { - owner = "$OWNER"; - repo = "$REPO"; - rev = "v\${version}"; - hash = "$HASH"; - }; - patches = patches ++ [$PATCHES]; - }) // { - inherit version; - yarnHash = "sha256-AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="; -} -EOF -SOURCE_DIR="$(nix-build --no-out-link -E '(import {}).callPackage ./source.nix {}')" - -echo "Creating gemset.nix" -bundix --lockfile="$SOURCE_DIR/Gemfile.lock" --gemfile="$SOURCE_DIR/Gemfile" -echo "" >> gemset.nix # Create trailing newline to please EditorConfig checks - -echo "Creating yarn-hash.nix" -YARN_HASH="$(prefetch-yarn-deps "$SOURCE_DIR/yarn.lock")" -YARN_HASH="$(nix hash to-sri --type sha256 "$YARN_HASH")" -sed -i "s/sha256-AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=/$YARN_HASH/g" source.nix diff --git a/pkgs/plex-pass/sources.json b/pkgs/plex-pass/sources.json deleted file mode 100644 index 542cae89..00000000 --- a/pkgs/plex-pass/sources.json +++ /dev/null @@ -1,14 +0,0 @@ -[ - { - "version": "1.40.0.7775", - "platform": "aarch64-linux", - "url": "https://downloads.plex.tv/plex-media-server-new/1.40.0.7775-456fbaf97/debian/plexmediaserver_1.40.0.7775-456fbaf97_arm64.deb", - "hash": "0awannq36c5zgp2hln6g90yc44qf2sm0cq14wp7ck4yvs7wr5rwh" - }, - { - "version": "1.40.0.7775", - "platform": "x86_64-linux", - "url": "https://downloads.plex.tv/plex-media-server-new/1.40.0.7775-456fbaf97/debian/plexmediaserver_1.40.0.7775-456fbaf97_amd64.deb", - "hash": "0zkz2w2rjngkdamsdp10j1gxd197kqrlqdm6z0sfvnzf7zvlr7v6" - } -] diff --git a/renovate.json b/renovate.json new file mode 100644 index 00000000..7190a60b --- /dev/null +++ b/renovate.json @@ -0,0 +1,3 @@ +{ + "$schema": "https://docs.renovatebot.com/renovate-schema.json" +}