From fb91bd85aa129cca4a1d689ea76c5ea7a57a4308 Mon Sep 17 00:00:00 2001 From: Lillian-Violet Date: Mon, 4 Aug 2025 19:31:10 +0200 Subject: [PATCH] secret secret I add a secret (and remove cinny desktop for vulnerability and update the flake lock) --- flake.lock | 138 ++++++++++++++-------------- home-manager/desktop/default.nix | 2 +- nixos/hosts/queen/configuration.nix | 2 + nixos/hosts/queen/secrets/sops.yaml | 7 +- 4 files changed, 76 insertions(+), 73 deletions(-) diff --git a/flake.lock b/flake.lock index af8f741..9271c56 100644 --- a/flake.lock +++ b/flake.lock @@ -37,11 +37,11 @@ "base16-helix": { "flake": false, "locked": { - "lastModified": 1748408240, - "narHash": "sha256-9M2b1rMyMzJK0eusea0x3lyh3mu5nMeEDSc4RZkGm+g=", + "lastModified": 1752979451, + "narHash": "sha256-0CQM+FkYy0fOO/sMGhOoNL80ftsAzYCg9VhIrodqusM=", "owner": "tinted-theming", "repo": "base16-helix", - "rev": "6c711ab1a9db6f51e2f6887cc3345530b33e152e", + "rev": "27cf1e66e50abc622fb76a3019012dc07c678fac", "type": "github" }, "original": { @@ -88,11 +88,11 @@ "nixpkgs": "nixpkgs" }, "locked": { - "lastModified": 1753284130, - "narHash": "sha256-qadXtVNH5qFiD3zIAk7mk6E8kV+TuK86a7TUhs0kouc=", + "lastModified": 1754320691, + "narHash": "sha256-f2GlehE0aKdU370jgceIrslBy2VEuJx8YzHazK9Yi6M=", "owner": "catppuccin", "repo": "nix", - "rev": "6365c59e7506fd3e6e5050c8184b41aa7410d6e7", + "rev": "82505942715570be4b68d4593201cfb8d48221ca", "type": "github" }, "original": { @@ -103,11 +103,11 @@ }, "crane": { "locked": { - "lastModified": 1752946753, - "narHash": "sha256-g5uP3jIj+STUcfTJDKYopxnSijs2agRg13H0SGL5iE4=", + "lastModified": 1754269165, + "narHash": "sha256-0tcS8FHd4QjbCVoxN9jI+PjHgA4vc/IjkUSp+N3zy0U=", "owner": "ipetkov", "repo": "crane", - "rev": "544d09fecc8c2338542c57f3f742f1a0c8c71e13", + "rev": "444e81206df3f7d92780680e45858e31d2f07a08", "type": "github" }, "original": { @@ -206,11 +206,11 @@ ] }, "locked": { - "lastModified": 1753121425, - "narHash": "sha256-TVcTNvOeWWk1DXljFxVRp+E0tzG1LhrVjOGGoMHuXio=", + "lastModified": 1754091436, + "narHash": "sha256-XKqDMN1/Qj1DKivQvscI4vmHfDfvYR2pfuFOJiCeewM=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "644e0fc48951a860279da645ba77fe4a6e814c5e", + "rev": "67df8c627c2c39c41dbec76a1f201929929ab0bd", "type": "github" }, "original": { @@ -227,11 +227,11 @@ ] }, "locked": { - "lastModified": 1751413152, - "narHash": "sha256-Tyw1RjYEsp5scoigs1384gIg6e0GoBVjms4aXFfRssQ=", + "lastModified": 1754091436, + "narHash": "sha256-XKqDMN1/Qj1DKivQvscI4vmHfDfvYR2pfuFOJiCeewM=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "77826244401ea9de6e3bac47c2db46005e1f30b5", + "rev": "67df8c627c2c39c41dbec76a1f201929929ab0bd", "type": "github" }, "original": { @@ -407,11 +407,11 @@ ] }, "locked": { - "lastModified": 1753294394, - "narHash": "sha256-1Dfgq09lHZ8AdYB2Deu/mYP1pMNpob8CgqT5Mzo44eI=", + "lastModified": 1754263839, + "narHash": "sha256-ck7lILfCNuunsLvExPI4Pw9OOCJksxXwozum24W8b+8=", "owner": "nix-community", "repo": "home-manager", - "rev": "1fde6fb1be6cd5dc513dc1c287d69e4eb2de973e", + "rev": "1d7abbd5454db97e0af51416f4960b3fb64a4773", "type": "github" }, "original": { @@ -427,11 +427,11 @@ "nixpkgs": "nixpkgs_2" }, "locked": { - "lastModified": 1753333833, - "narHash": "sha256-S5RHVk+6PMwThIJY2mSbeoWTY1JrBSy1v1E1LDOFQW8=", + "lastModified": 1754110197, + "narHash": "sha256-N7GWK2084EsNdwzwg6FCIgMrSau1WwzxGSNdPHx5Tak=", "owner": "Jovian-Experiments", "repo": "Jovian-NixOS", - "rev": "e462677116c12bf23bd681a6a87dc7f98e689adf", + "rev": "04ce5c103eb621220d69102bc0ee27c3abd89204", "type": "github" }, "original": { @@ -450,11 +450,11 @@ "rust-overlay": "rust-overlay" }, "locked": { - "lastModified": 1753349211, - "narHash": "sha256-wGfVht5kOLc9t3GZxEr4IIq5QgHV6nB3w9qqhcVKloo=", + "lastModified": 1754297745, + "narHash": "sha256-aD6/scLN3L4ZszmNbhhd3JQ9Pzv1ScYFphz14wHinfs=", "owner": "nix-community", "repo": "lanzaboote", - "rev": "4775927ef576f6493b79b1d205e42493d6878d47", + "rev": "892cbdca865d6b42f9c0d222fe309f7720259855", "type": "github" }, "original": { @@ -492,11 +492,11 @@ ] }, "locked": { - "lastModified": 1752985182, - "narHash": "sha256-sX8Neff8lp3TCHai6QmgLr5AD8MdsQQX3b52C1DVXR8=", + "lastModified": 1754195341, + "narHash": "sha256-YL71IEf2OugH3gmAsxQox6BJI0KOcHKtW2QqT/+s2SA=", "owner": "nix-community", "repo": "nix-index-database", - "rev": "fafdcb505ba605157ff7a7eeea452bc6d6cbc23c", + "rev": "b7fcd4e26d67fca48e77de9b0d0f954b18ae9562", "type": "github" }, "original": { @@ -543,11 +543,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1753122741, - "narHash": "sha256-nFxE8lk9JvGelxClCmwuJYftbHqwnc01dRN4DVLUroM=", + "lastModified": 1754316476, + "narHash": "sha256-Ry1gd1BQrNVJJfT11cpVP0FY8XFMx4DJV2IDp01CH9w=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "cc66fddc6cb04ab479a1bb062f4d4da27c936a22", + "rev": "9368056b73efb46eb14fd4667b99e0f81b805f28", "type": "github" }, "original": { @@ -559,11 +559,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1752950548, - "narHash": "sha256-NS6BLD0lxOrnCiEOcvQCDVPXafX1/ek1dfJHX1nUIzc=", + "lastModified": 1753694789, + "narHash": "sha256-cKgvtz6fKuK1Xr5LQW/zOUiAC0oSQoA9nOISB0pJZqM=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "c87b95e25065c028d31a94f06a62927d18763fdf", + "rev": "dc9637876d0dcc8c9e5e22986b857632effeb727", "type": "github" }, "original": { @@ -575,11 +575,11 @@ }, "nixpkgs-25_05": { "locked": { - "lastModified": 1751741127, - "narHash": "sha256-t75Shs76NgxjZSgvvZZ9qOmz5zuBE8buUaYD28BMTxg=", + "lastModified": 1753749649, + "narHash": "sha256-+jkEZxs7bfOKfBIk430K+tK9IvXlwzqQQnppC2ZKFj4=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "29e290002bfff26af1db6f64d070698019460302", + "rev": "1f08a4df998e21f4e8be8fb6fbf61d11a1a5076a", "type": "github" }, "original": { @@ -591,11 +591,11 @@ }, "nixpkgs-edge": { "locked": { - "lastModified": 1753364558, - "narHash": "sha256-Ehy4ehbrDMT4VDDE+udoomabFRVITm8793kyjuVPtIE=", + "lastModified": 1754321311, + "narHash": "sha256-9RK6cCUayP3eo0MUVEWYuaBBtuReS8vd/B+VtGQbKEs=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "7e940a342afccd1ef3d7abfa6e32b0b24027821f", + "rev": "2792147be556b1d1b1f8ebfe3e2ce231fcbbdd46", "type": "github" }, "original": { @@ -606,11 +606,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1753250450, - "narHash": "sha256-i+CQV2rPmP8wHxj0aq4siYyohHwVlsh40kV89f3nw1s=", + "lastModified": 1754214453, + "narHash": "sha256-Q/I2xJn/j1wpkGhWkQnm20nShYnG7TI99foDBpXm1SY=", "owner": "nixos", "repo": "nixpkgs", - "rev": "fc02ee70efb805d3b2865908a13ddd4474557ecf", + "rev": "5b09dc45f24cf32316283e62aec81ffee3c3e376", "type": "github" }, "original": { @@ -622,11 +622,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1751984180, - "narHash": "sha256-LwWRsENAZJKUdD3SpLluwDmdXY9F45ZEgCb0X+xgOL0=", + "lastModified": 1753694789, + "narHash": "sha256-cKgvtz6fKuK1Xr5LQW/zOUiAC0oSQoA9nOISB0pJZqM=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "9807714d6944a957c2e036f84b0ff8caf9930bc0", + "rev": "dc9637876d0dcc8c9e5e22986b857632effeb727", "type": "github" }, "original": { @@ -638,11 +638,11 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1753004467, - "narHash": "sha256-QznRD2YNqBVT+LjrV36rIuOZO1XKbjm1BgtMTIrTDVg=", + "lastModified": 1754243818, + "narHash": "sha256-sEPw2W01UPf0xNGnMGNZIaE1XHkk7O+lLLetYEXVZHk=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "147633ad35aba48f75af49be7ddc956c71c35acc", + "rev": "c460617dfb709a67d18bb31e15e455390ee4ee1c", "type": "github" }, "original": { @@ -654,11 +654,11 @@ }, "nixpkgs_4": { "locked": { - "lastModified": 1753250450, - "narHash": "sha256-i+CQV2rPmP8wHxj0aq4siYyohHwVlsh40kV89f3nw1s=", + "lastModified": 1754214453, + "narHash": "sha256-Q/I2xJn/j1wpkGhWkQnm20nShYnG7TI99foDBpXm1SY=", "owner": "nixos", "repo": "nixpkgs", - "rev": "fc02ee70efb805d3b2865908a13ddd4474557ecf", + "rev": "5b09dc45f24cf32316283e62aec81ffee3c3e376", "type": "github" }, "original": { @@ -670,11 +670,11 @@ }, "nixpkgs_5": { "locked": { - "lastModified": 1751792365, - "narHash": "sha256-J1kI6oAj25IG4EdVlg2hQz8NZTBNYvIS0l4wpr9KcUo=", + "lastModified": 1753939845, + "narHash": "sha256-K2ViRJfdVGE8tpJejs8Qpvvejks1+A4GQej/lBk5y7I=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "1fd8bada0b6117e6c7eb54aad5813023eed37ccb", + "rev": "94def634a20494ee057c76998843c015909d6311", "type": "github" }, "original": { @@ -767,11 +767,11 @@ ] }, "locked": { - "lastModified": 1748196248, - "narHash": "sha256-1iHjsH6/5UOerJEoZKE+Gx1BgAoge/YcnUsOA4wQ/BU=", + "lastModified": 1754241118, + "narHash": "sha256-nsBBqbAFB7lUYIh6S6l7fQ/ALDhCckp7+rqbY2767uE=", "owner": "pjones", "repo": "plasma-manager", - "rev": "b7697abe89967839b273a863a3805345ea54ab56", + "rev": "968109159b4bbe4386ac281272ddcebeef09ebfc", "type": "github" }, "original": { @@ -836,11 +836,11 @@ ] }, "locked": { - "lastModified": 1752979888, - "narHash": "sha256-qRRP3QavbwW0o+LOh31QNEfCgPlzK5SKlWALUJL6T7E=", + "lastModified": 1754189623, + "narHash": "sha256-fstu5eb30UYwsxow0aQqkzxNxGn80UZjyehQVNVHuBk=", "owner": "oxalica", "repo": "rust-overlay", - "rev": "95719de18aefa63a624bf75a1ff98744b089ec12", + "rev": "c582ff7f0d8a7ea689ae836dfb1773f1814f472a", "type": "github" }, "original": { @@ -879,11 +879,11 @@ "nixpkgs-25_05": "nixpkgs-25_05" }, "locked": { - "lastModified": 1753285640, - "narHash": "sha256-ofa021NeHDXAxg5J8mSnn8rHa393PAlD85ZCetP4Qa0=", + "lastModified": 1754094422, + "narHash": "sha256-OZKijk5dw5Ih54qXMMAlaGFk5j6RAvS1sB8PLS0QCdQ=", "owner": "simple-nixos-mailserver", "repo": "nixos-mailserver", - "rev": "ce87c8a9771d1a20c3fa3b60113b9b0821627dcb", + "rev": "eb656cd36128dd2173b1798b66a7645657e45609", "type": "gitlab" }, "original": { @@ -930,11 +930,11 @@ "tinted-zed": "tinted-zed" }, "locked": { - "lastModified": 1753296482, - "narHash": "sha256-VPLaHVhU6/CwnMHTjhf6945qyrXEcpjxKfpWqQXtnxI=", + "lastModified": 1754264048, + "narHash": "sha256-Yg1W0sFhBpnglfhWGlFmxzSmte1F157luHAADp5Hguk=", "owner": "danth", "repo": "stylix", - "rev": "fbe1dab7783a3d579dc57be8ceee148104e0930b", + "rev": "1b5e1c5642cf96e07daf14ae4c5ddd23d7ed5623", "type": "github" }, "original": { @@ -1077,11 +1077,11 @@ "rust-overlay": "rust-overlay_2" }, "locked": { - "lastModified": 1752591471, - "narHash": "sha256-c1L3FZ044uSLuVYvnNeTbP4EbocM263TKAAAmSKHC18=", + "lastModified": 1753722377, + "narHash": "sha256-L9CujCLS4PmpEhGKqezD4DognRNcYDz/oAL7T8jqCxk=", "owner": "dj95", "repo": "zjstatus", - "rev": "7ec562d8f3302f67093814552f5e2b83436c58f2", + "rev": "f6c28d9b780891afa693d1b9be4384b16ae7a578", "type": "github" }, "original": { diff --git a/home-manager/desktop/default.nix b/home-manager/desktop/default.nix index 56dd2e2..2ee2b59 100644 --- a/home-manager/desktop/default.nix +++ b/home-manager/desktop/default.nix @@ -157,7 +157,7 @@ # Chat applications: signal-desktop vesktop - cinny-desktop + # cinny-desktop # Gaming: prismlauncher diff --git a/nixos/hosts/queen/configuration.nix b/nixos/hosts/queen/configuration.nix index cd4d78e..40d1028 100644 --- a/nixos/hosts/queen/configuration.nix +++ b/nixos/hosts/queen/configuration.nix @@ -67,6 +67,8 @@ #jellyfin #jellyfin-web #jellyfin-ffmpeg + nextcloud-spreed-signaling + nats-server nginx onlyoffice-documentserver openssl diff --git a/nixos/hosts/queen/secrets/sops.yaml b/nixos/hosts/queen/secrets/sops.yaml index 0ea3b63..c0edc61 100644 --- a/nixos/hosts/queen/secrets/sops.yaml +++ b/nixos/hosts/queen/secrets/sops.yaml @@ -8,7 +8,8 @@ mailpassunhash: ENC[AES256_GCM,data:q/P3nrNLy3hCISDmalw94nzWIFhoCdCTyflj27D2Ltr8 rpcSecret: ENC[AES256_GCM,data:gOuQSY2RI6rnSnG1,iv:xz1ueq4/UOKYBs5r9Tk4jL0+GyX8uo8I8ZymVgIMKLI=,tag:Fr8rWIttLz7X8Pri6FBJBQ==,type:str] wg-private-key: ENC[AES256_GCM,data:mq8QWoQ4tE4eYaFbwCzQnRREUFI2qrnmDnwurKMu6qdKkDylqc65E7jgGDI=,iv:r5RdcmfW4OaKlbbzUCPahONvpLcfZ7X7KcEEYFIYFDk=,tag:e93C4lByJV75JMHLJ02PfA==,type:str] lillian-password: ENC[AES256_GCM,data:tc+Romv2fL+tdqLLmbwqaF4IHrNZ0VEpnECmW/66FW7IUpjHMyS7YP+pmmvDCzM9afIXMxyPFHGNRwiCmxqstiiNeSeLdo6rDw==,iv:sGeu9aNTgdpThv+0Z/nZKIrat1xNgM0t/KTGPaFbsdI=,tag:kZBHF4X0KO9znog61NwU+Q==,type:str] -coturn-auth-secret: ENC[AES256_GCM,data:Ntw7IAGkDSI7QNNcnik23ofBmEcUC9kwJ6UAb0shSxW3FkP3pLhaXYa2iK6ItFFc+qHVvog2Vh76Qmm+5+Y5bQ==,iv:Kn0lwR11lRLTpmfMCAqhu6HyDKnu0bSLdA07UNBoDk0=,tag:mDuUPBj4pFnb2D2Vys6sxA==,type:str] +coturn-auth-secret: ENC[AES256_GCM,data:1K7WX5FGhF7+CRZs4SEVKogsGv/93IJVvLeMe6/d1dg3g5/6fQkRCVl1KicMUOsqUxMweUn5hUXSO1h/ruWvPA==,iv:0U/JoeVin2zTkyk60x2boUQRzGW+9swlbxP1ENCbAFQ=,tag:ll8WCgMNtun5Va0VpC81Tw==,type:str] +hpb-secret: ENC[AES256_GCM,data:I/64j3nA0BWW5YY4STMFzxnSKQ+TmiHvweIIGOMJvV4=,iv:zezsPPnKlVBVlrJeG4pGbtuiz1GEWLmQaZl1isNa+pk=,tag:YbTWLAjIIMDn5Jo43U0QtA==,type:str] grafana-telegraf-key: ENC[AES256_GCM,data:agpUzG1/n2NAKDt45IgelmDf0CUlC82fmD4f7JdcszNuUg7uCNA7XeaJ6PZtHQ==,iv:keo3i+qSbtXkA5fyCr2S5z9nJS9bXUn5WDiPgWocPU8=,tag:p/nDff10PRhi9pOszp1PnA==,type:str] sync-secrets: ENC[AES256_GCM,data:AwCgqfSXmYVGnCV5PJ5Ql44IiutTS76F1H7Ow7gB4mQQ8PtiAsmArzpAXd7LzsXedm55X04U+GvkcbM9cwPcF+psyb3Zi8EnI/mjnI9MgFyySSEcosJZVAtCpXGIMyYgRXtF5OBh5CzupAG059d1TDAqrSpLXMuSDdypTaOMHxnlq5q1swfpzhhY3PVgUKVFXdjZLX8aF3JTE9ceVxFsB+traLzOQsl+QKty0x0mpuqR97zkMCchX7bTwgUgbl7phzTvmwV8Qw==,iv:gkZs5NB9+CLfz4kfV4ha2llZQPP81uuXRKqUlASgpiA=,tag:DXkiG0ZFHLHlVhwLwtv/XQ==,type:str] writefreely: ENC[AES256_GCM,data:QOj5h/rHCxmgpPNhu3IS4eyruhQokHTJxW6yQM9YDgQ=,iv:qAd+/rAAanzL9FTIX22M+2kwI0WI2d3i86cJrn8MFBo=,tag:3zvpqnovDEoJdvK/qcFDuQ==,type:str] @@ -26,7 +27,7 @@ sops: KzNBMCtUaS9sU21Xc1JUd1FSR29tSkEKyqaDM/WUWjK2l+ahE6sIFYsQ6Qtkf7yz NWFTzsDZBmm9kpSIjchf+PuBuoRHeEKbEH8jnMlYB3J8boEnUnXMlw== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-08-03T19:47:05Z" - mac: ENC[AES256_GCM,data:6bJEc9GhgvUEnA0MbdZ/if0rB8KpzzHdHtTD0O57eRz5zAy2zI7tr6ucsoHK7qprqIQrcTqJ9V14xomzdou5QXOIVljy+Kjxt2Mb4Xg2ZWHGAMDUSZ2EPwIeuh+lXC6g63HVA/optyTNW/28j3laNx+u8psc91uWX7RhrmkNbeY=,iv:ow2otSqfV1As3PN+jfaF+oeehOa9kJFGMcmfcRVwlTw=,tag:c7O7arie7amrsXzyXmutDA==,type:str] + lastmodified: "2025-08-04T13:04:56Z" + mac: ENC[AES256_GCM,data:ppQgyWY/4Kr8/Ag5x7wBv1RZAxky6Itf4sBBRIzJj8njzSDOPm0blcDHjIGesu9PwmjnnJihZivmWXj43pAjxf6p4FmtlBAIqLUjRIV7fR16VINo7dPx4Pv6+sw1uwFvLliD/FfKwYo2S+Lx0eQnOzW1p7RROpbQJQ8k7AUngKE=,iv:Pk8sPdAMzITgeeaoZHJc77ywp47DuB5A1Lx5pjtHXM0=,tag:JkMDnjYMPTFkyOiikA7ejA==,type:str] unencrypted_suffix: _unencrypted version: 3.10.2