diff options
| -rw-r--r-- | hosts/poweredge/resources/secrets/transmission.yaml | 17 | ||||
| -rw-r--r-- | hosts/poweredge/router-hosts.nix | 8 | ||||
| -rw-r--r-- | hosts/poweredge/transmission.nix | 100 | ||||
| -rw-r--r-- | pkgs/xorg/overrides.nix | 34 |
4 files changed, 126 insertions, 33 deletions
diff --git a/hosts/poweredge/resources/secrets/transmission.yaml b/hosts/poweredge/resources/secrets/transmission.yaml new file mode 100644 index 0000000..5945804 --- /dev/null +++ b/hosts/poweredge/resources/secrets/transmission.yaml @@ -0,0 +1,17 @@ +ovpn-auth: ENC[AES256_GCM,data:3F3/4v0xOsdWguywaKxE6IB6pzHONWk6F6Es,iv:7ZJUyeb0EZTVkTIk5W2rhBjXmUHm2TLe5/YKgOJiqPA=,tag:idiz76VtruJ2NOhUhtbXjw==,type:str] +ovpn-config: ENC[AES256_GCM,data:gIzfdk4XpZe5Gaux5o43x0pcwZXYh+TvZA7f1hqp2/nuwcNBoB92xzA5KHgfQTMa4icGPZ5Rd3+6j2weoEUJxODq7etfnX4NODdxowOGvgVrcKFkR+dYBDUAVcESO9zIzGpZ8jf/iimTCxUNiRb5GbwxYhhQTgz4Z7P3kqxP6qqosqJ5ZcT8qJwaxEVCjCUHN1pCk+WC9+DNxieuyfv22PAqriI2mfe3lzIDQGUkmFUjaRTmsmf+duGV3gRUdYvstwFcrKujIxP6aqT46T8W9E8xlOHlvAmxUAw2Egl+mX8TXMwV5tfnFga82NMuFt2NYt1V545jo6qPWiIhGJm6BBpxSVXXUdFZMOuUP8fN+FLSpyjf+2RbFGhwMAnVDC6QR8EEtMVVaCvMmcPjsCMqVRr/5+rbillYEqpKo5iPchJ7mfPr5YtfxOE6HN1UfP9K4OqtxeqA+GQgq2VeOjRoCxU496rf5rRixkVPC/8bgPU8XivcWTZOUxv1eLWJIo9uJTUnJHocXx3wzpXPRcwaftTt7/tl83tco5O1uVO2hRxn0lRrXbdNm8W/l22DTyCtOgX1TF62EDiD/AfPTP3mL39STGn9Op476hDIZE2TD1zJ5DWkiavFcHV3KPoyJbQoLmF7gIo9HTz8U78ns5kibSD0J0Ri29ptWzMq0Lexx9y89BSqW5+lnDLlp7Gtj8GA3lfl+n6YXjHKQF/kv4naRe1Fm1HmqwSoKlTJ3aExOg8t+J//aIfASkVdkRr2N17wERLuEwgU9xKw80BZoRb/PnKkxCzvyZjWcSGFOC11212raXLwrJWhKyTlz26wt+CPkCq/7serQq2oUaVNJwkU8Bey76KUFDBpynQeU8RYINu40wFmUQ/ORJ9dby1C3/h7VrZ4gJoDYirv8FcRpWimqw89tUkZSn1DaIWC5ZYOBpAIg2VJBJIJ1Qi2sQvf80qT2IXk2dR2GBGtllRVMU+/2uMJChnxE/vc1BQfELlZHlmIO1AxgD2Az/9N1TFEdYnCGdBVRqMaeLUD6L4hPyObh0ldGBSw/b2+P30lWffD2sY4Bbr/azoWVpfLSeRs19DIpzX1rUklIfqEToJ2eQ9pAcUMXSVZN2eH8Jz6epKnoMHl9lLyLD9MyeAehndN0S8ZeL6BENfC/EWMPueC1R8k7BQ7JJ2Ioxl2zgoaVwb3O7JI+Vutn4JORWFa2aug4uloS1Cc6ru1Iy4v/N+MT0lqU8YSM+sXHZxxcM5MNlRjFsCqxWink75KeH/TNQ67UFdH6EPkBoXzl6pNNXuMCzZVMreXh6jptIY9g9TgMNV16pVhzlARBFmqDWGuZkDLxap08QM9zx66/+rFnrssPvDnVKEAuLt04bEHg5t00ha86/kf4almN0U7vAjUx8ALYQUbN5wZr9ZU7Qk6zx6QibqRlu1th/ZDUlTmM8MzL85qxpq6nyxrTSj5UQp0utSklCOj8ASEWHWZqGNYsgDcIxp9760Gy0b0wWDplB7Cf8OS0h6phSWc3igpRXiCgxCcFjIEV1H5n61XhtwIt8/Otd2dd/FQbrIVmcUrQGMLc1L8EVAdgNW0KVchbxVMGcEKDMEllV+EW+XpzsDyeuz/D0qFQ1WuYxpR2DUFwVBciMdzYTEUNOXLccHTmJCKrm8jpE7nHo5CF3LbUUI/dpw+kJJOHpzryqsfaMolDo92LrzKEnQswRjTdqXiIQSlGPWraIlQlLH/hmEwxE48gVMuyeg5tvhO+mv2tktR2b8VgdWEIZpIgQvx31fGSNTesSUu3eDn731swOkXCtN6j92AhXSI1siSzUt5gy9/tGe9oAq31SxF8LoZLv0BasWEnJ9IXXdw3W/qzKO4o66Z531bBu3iya0VQlMa8GjwN1L4fWeAa7xt6AHo2XunSMbY149OzlEttWlxqeq74HIYJwcYCMXqLZvBuuQw9mdBPxS5nap2IIN4/ECYn9m+xahWdnoufEVCNPY5LQE5Cg79zbN6OpI6wFlPBjOpHGbAXi9ppzDk9OFHYD8SslYhQhjKck0GRng4eegE+ONsL2I+EBPBp/A4e+KQnT37l0JpaHsc1y/2DFkyUpzIqp18z77vzSYBPSOUhNIohMAdQviPVQ/AZ1lPzgvQdfEjkxjQP/Fxsk1cZmloEIfb3BnCDtth6xZRK+P8qmQsA8OgEHtA6VVqhKEu3vzLfKOh0x1fUWfHEL4QC2LHCCkaKDyCBfzmugZZKR6ZhvfQgNl/ywR2c4nJeudsL8YGer48pkrbPIZjINIEa6RtQ7eYil0EZ7ck5jpBE7LZ2uWsX9tdx+FugK8gzODNKSqilaxizl3Yqsq1KX8Nt2vYIMTzuV0wSTJs583LYCVmgzXfFVTTe66R+YHc6BMmjJG2xyFZbePIV28A0bD/ndmAUQa++it0079bEkbqOi/HIB8PdZ60xcyzCSxhNUODeDdCiGrCNugJ/qaWI1N14485JLKl5e6Zc8Y8ENUiW80+Km49eN+miJjJ+V/sb4lCDITJx34Qg5uZFpln7uepvBJCm5QpMZPH3rDWix/cEqw50hDpBGEkQleJDuwEM5acczgYMExGufmh81aZ+Kh1/uNI0dTTYsHyi5zw5iyAgnCi14T8jgeeeQen+yEiANum+ksi6YjE4r2PeQtoQ6tI30alo5J6iy/m+h/33bpk3btZcDcuZEjvD9RdUGRJYpEqMoJExk2mBt4dS2p82qfLpme2SeVp/uJaBZQPUdDiUoa/EOBE/jK252fdhfOEmzmmNCixzTv7m7XABRRIVprZRgfw3hsOJGEh2bwg00WKTdjrsjAfTQXXf9xbC30t+YjiurpRMNnpcJG2H7mMCyrIlNfeBNNuNby7dsPN49EwuK6wdDctTnexCWiMNvTBuTPRmVTxyMBS/nPpYMPUkKyvpcJM8bypOzejNU/FvX9pqVDzzvnbf/jiMeNwoRriVij9oBfL+qs1Wx2R+AhsabYbpl7vkfEewyMAnzxWevcJVJM+A2bX3AQ/n1yQu0bXjSs2QrKYMXK4n+Oq8NLUfqmZwUaRgfnFRGJquYh2LcDNab9jP3Wf7OEUUs6NykPvjpdfSXqP5TjMx+wKKupZNyzCUTjQkDD+Xu73+d1SvfG/08cgKQsIMBQNToHMbhFyigai8/hr5fYofENbj7lxHUUwNB3iJhtmW0zwqDoZammmcbnUa0C7QxYqEBS4Vyh0i7PCkRx7P21GC8IJgfHMzEwhFeg4cpRgfLca7JkRK0DtKAmQsf5vhXkxT4xRfM+sP0J8QWX9oJqlL6UWEXG6w1GKf4ebzIlCS9e5AZu9FFgEm/cyw+E3Ud2TEUg3WuMP1l87tSR5UwlPB5NLcR2VxrL1ZdeJtqYHJHrILqZ2+PQUNZs7Qt8+drkIDv7l3ysrRBdZDSLkXxlfcJD2u0llmQUvZ2+qsArA4ofzjIy/6dlKbgXJ/fd+TmUtxQBn3xRp35e7ECElkM2cuCK2bCYznI+XolIvkCYYTbcBj+GN14XbdOtENS/lG9qCuTLHfmvnzRy/KpIJeDJ19ybGQ+CNPz1F6HQ++Eu06wkd47GsZUvKtSov56Y9l1LjdO99AJe1uBspGOjwZdS8floVIjlew4DT5azXSPp0CZsvOsHB+s6dLl3dljqBHH5HmjaP0z+WQlcEEX1VaW4yw4E55b9xj6Q6YUo3bZeCBIE9TuHxpcsVMIlGbAIZWH2OrNS30NIkBWNwXL2rdiWufi9FBZ7mvCxy2I531eChITMU/bxUlqISLCcdw7edHgr76+isqjK4UWkngE2VV9IqANf6ifzcNL+xFeOytnhggaPW7OcG2tQbQJMX0qRTr+XkYffo5P7P47HJbp1u/J5k/wQWiv+eXFS/2MMT/zB0YrGPIBTTKkLY2wx2nfY+PVfiBF/kUn2wUPyuw0uQ3teP2b/KtZ1VxtyEYHO+H6ZY/UfXFacsVKENtytf2JkSKdT7bzulO9/5LWyu1sEa4NNCWkqURLkH9Ch4/x9rnI1lXaYQHsKJCElpIx4iIYArt1Ay8Ro+UNlAIUiMYH86jvzCVI8ObazBaEXnV64wWTJyZOQXDwTKkk2Qg07Q7mTVZlEFVCQikNIlphIMsqYy85seIAMAZM6RjE3qYvjsuOM4f8fVL1gh/ZzTDT5qEP2XO2UKb93Vdc4k7PkTXdonY1ICyy/lHgtPnsWYLB7GMwskynaJmMMCj3scr5SqcJ6LIN8wIgCcZFlfXimWhOOCqGfupHzSF/mNw0AciNQ0HbzuMqc+O3Tkq+0viOR/Vx7/jSRgDLxn+euYYwJL5kfZ7VzfAt54WK3tFiKBrfO+J5V5oV0BgaUbg5Lhc4be/QyYo8GmUlTXn+YGOOZmVgULHss2ITv3B//vN9kcaPEOx6i6mTFe7l4Ky2Z1KsjiUIElpQFd+VI3B9+OUTEb2MlTytLqTPcqeuoWXP6nlXmKiTh9pwOWhKHk1UAzMfSNi0dApyoDGS3zfmA+WjG4aVRhT/aGtcbLeCKCwI4LVkmfSpwZnhsxN+KyU0dCLmhsLDaGcZw10pqMpJfbtPIDM1p8VWGyAWsLuMS4yvFax4yRCscGfY+s+4oEh+XC87dd/eIHnXtL934R0mp0xqR6Fdfvpd0TZEsCnO4qO5M2G9U/5C+FX7d480ubD9c2bHphLca8MZThb2hSRb2PPK003w52WZZjJfhuE/9O0JQVeoyygxeE1yzItyTcwvWyNnGFy7Thbe0foMnIBB0W6B408zxf5VH7BbMfo+068KU1mfb3T2vXCvxcl9c0lUSebTF2ISym5IEbL4mQaBNmXPddFcJN0iS0Ip32rcaUiX9cPVw6HlYgjexzAjNaOdOSpxJgMqSLeDfHtkI2AMXGloOZg94UfZdZ6FUrxbchR2WA6m171xadmQIffFzyUjDcS+DI3sUUfHRtpoC78UnQRTUecwQPO3gZPiJsDL8RSbFEXwqCuSJWwV+0zcnVw1YHtAtK6vBVxgzLncMEQswy2P/+xLZxJNkQ4MUHv6elDTW5T9G1fbHXq+GNw9wWcEf53cQ+G3psBh78pOZQx3uoj8ohS+72C4z+xLwP3BBW1rPYsyHdUfCNUq6j4G+h9I9hXhaF22Tm0Fm59WXeJlBIgXw3TQ4unJeU2oP72ohgNnM9ubJj2dnMDQ9QUbv8OC/tV4KTtjhrPvIO9kEJxxVLpXJbVnFux/CAGJ4HYytbBGCeNlsiahG310U5kz3JSxOCDOeTyGxerhKKEvfXo1KX783AMKARqJujng2itf2ES5sH5FYNhws5RnlHBjW7dvQhRxi7J60AIiaojPj+cKHodg0x0xbkfDZ4birza9yOTp/Sc2ix1lAgN/1K5u9nXy4C81iz1uR1i+P8iJJNBEs5sre1Dx+wc6u33YGcr/X62YsRCzxnCnsD72wnUmJSlIs0fq1GpA+5QKoQ7WqEo9z2fTBVzhcyPKIy9dw/tnt5SdXPQzaHpdZBX78cJgei/goichPFuN0t+XOGMpoGIvW+Pj1MxedmmCyDT12lOUZsOeJ+WyZqT2r54/9wI1E174WkACPKd5M02SRpMUWkWLqJ1m7QRW2RAUpmPG8JnVk9eOw9gB3sf72LxanlGtsnm9/BrmZaHCdAhsVXwhul6jJ40PqyB08n8dRTHQ+BEAB15hdBaYIkNAv7L19ELyV8oct71RUKQ0bguQ467oiytfqc0zz9p5IJ5r8CMgmhvTm8xGRJqKjxkshwYmOF+0TSFrZVWSoHtHYKOcd+1zwQ1GuZp3WWfHtig2xdjrQGeEnReCg/ygIZ/rDBMv7To6v0kwClq68HRa1pC8QEj41OQ0fPNlyu5tK5kyPLS3mf3gdJVOKUUAbC61tmfwbP6KSWKwOncrDzoxR+qEFHztoee3gBfJiKj2W8d+Zvv8J9zNQW/VJK9WTeCkeBsNvw1OcX1HFdMCRUS1MHXOHwMwSyX9DVNTKN+k7t26u7rOt0Vs+PLhsdLY01GLd1fyE+T5GJIIfUUkqhqbn67PP6tvWExJVLNsAZZOue4dihwDspXapzqi1TOA5HkhC1cz4/C6Rx01r3EvMhoobrkc/DkeXl26TAaKRX0u5a3wtxZeTU+mlwJM+/lXKml/0kprW1aPZK+qm6kiAzzd9UszlnpzpaqnkWaaOO/jiIkcjIILP3++KjoeewkZVtoZ0djcWYHdnNAawpc5Z9IL3+i/rpxFPS1y3d6gcjChN2R83R+SrrY/q8aY4YQH48NUK5yU5I9kF9iaQJoe5oSzegum+CuGEPYFiYBuTUpBrlak8LoN3VOiPlzNJv/VTX4hgjfDlBnnh3NEUArEF6iLSHhVoqKxIz7scbCkAR+Sqd/jHC98BdR7bV3BEJ/8ETEyIsOLSA29nMlrvuJsXwPTpfbIlS3wpTPUpPcUwNy28wGZKi/0bUbt65OHOtDzVXUNkfos8PP4rj0mtka6gEI74QCKudLtLefbRBajw0Jr+FsxKc0Cn66aq6DHcXoVTwihe4mwIiO+kmtflLqtAFpafSTIqsXRJFjkVovvfW4VolxuZ7vR9l35Uu69wxEtTALXFspnT8EzBFQ3EzrudlH1/pqIvKjckByPjE6FKfGQIv9/MBxg3hnKhc40gqPEhOaueo+UGl8sdcRIhD2+u/MRzbvtEowVtA/45foghQABj6PMsbPlwO4NH9AeLrojR+UHztLLCEi6wRcVpsraDa2ejFtfqqAYWVK4zW3BtgE/HqxY6ae6ZTTfQeYGBKZ6ZtU3OBrhH3H9JoHK//BidS9Tz7k3b655bipDM09a9tcniBVT+9Pxo74ihQlCLokqX2m3P1Wu4WplKR0mhcA5JwV/eShCiI2glbOYWWxnptgA51/JigFwkPN6F+oNAvwYavsVMZ9E+6oBuldamgSCt+k9uQmGSmXoKfry8dJszbWFxFb3xAA4nGAq7IKf4rQsklsBDf+HOFcVpq+70lgShmRKrX98ZsUY5aHmycNdGs2GQ13KUVvAZiUmF2HttdHcH4tAl9OmMMgSfb74eVi+yIUC+zG1+TB4jID++UPBH98nq7b/yKdzrYFD3I83esRp3jFHh4W7VP2LlkXaaew9rR+HqlZtM4elWELWzEUZg7bXoOMArdhj1DHICvJipoavvmwa79zsHqkDNTCnyNx/dPpW7sjQwVJdYnubCAYmutUmz6kUyOrfvMLgKfpVF50o9QbsIcO2Y+iaG9Z48wXqD+o180+VolDkzbTWyMeogiwNcrrB/jESezzK6tBJn+BQeqVGZHX1nx3yqG+HqKg2tIFJweWqSHJ0tdo1TQeQU9OtWpcZlxm8Fs+Njh4PoL37jIavkiVqPwnVMlujzLgt2IdUDREexAQJZPKxjh/ddbytckyha2CHViOp54D2fa6vkUS0b0IJrW8EkUN1aVFp4CH/dNWrnYPkR36lFo7DkMe9zQZC0Xru28suHQ6dFUVGahIEJyK4LZvv8onojToOHj9aqL9JCr+jvZEi30n9eI8T+4V6KYgWqjyQRBvnJu3qOVjVKaikuC3QRgCurLqqi22y7YRajw1ViD+2FVW6CCuPhJsuQirms2urxYAc86Y0lshD+WTmLYxg55P1kcH+aYNmXr1m/dAAtuhwSV75Q7I64R66hSEo+ZyGYdlNx6VUWx3fp3SKQtfL8e4SODiFPH1ehZ9be/VxDhBq8h54Go9AlKAk7DA8VF4rUBpnYEfqvZ1wv5zJZ2Z+ZewyAMDkFot3XxHFKEvx+AC8iT4GWCrh7cYxXg7crAciLN6cb3U9BqAzRMlBt0UaV5sRfuMZrcMMhBvJGT7lbPcZgAd+OFbJjzVCUoCGwu1oKFTGrShAwMnIZ9PnxxHNZQMVHPgPXM/C8vN5a7GKNPYugtynljsSIfuMsfsRcyw2bEtkBGI6LxHKAYjOeKSesSS72Xbj1Sqs3w9gj006kqqN0V29uZZr74lZNKQeYnYV+RzkQCDWgTFTc58mJ2S1kF1JUNovuLx1/sFzvMGGDfiEESDQw0P5F+7EDNMti2fcG36vNxtzqSuBRhCu80x5Gc6S7HL9+h6OsIwmpVZ+phq4U/FtTPDQWbbfA0kUdP9hfuJpMC9QOHiLTsKcVyGkrXd/C3ELe2VnR/1y9CrihmdC3LOJs5sTPkBjJzEFYWqT7BcGEoiB1rY+BqmB8StTSeKu2N4ClDpOw4kmPVyg3wEVM5cI2olG8bsgQDrMkvz6z0JqpM/WvIIDDC5S+j9GHzZYByfOH6DD2Taj297YEn8NyfYcHELRz++b71P46jKIy2fpLxLDo9DSplKhIbcyAh+Gm5sg2eYkMyPfQvTIcgKFBOWhfddueTi+FjMnYVtoB4pYZYxnzAyJHNPz7XGPtGRg2hg/SO+OJ6Nf8beqd8tc+62LfQwFkDBTgePMFzIK5Zwd71RMZf8P3bp86iIwUWD79TDoa5B4W8mrz+s7az5XJXFF0gazMyHlXtqu56ev3K3KkgcWrUBlkrNba7yKICt7tMYHAIgunJRtzVkfW/5MGa/QcdDiVn2G8mR7HHCe+z8kvgLUx/nZVB4AfsnX1WPQZ/wL+RM16snmNCrgOuWTkDrO8Sdt4j1djv/XjmLtzlb7/9kPARrYFIy9w+Wgv3ZxzK0bWjdFUipYazDlycIsh0tKfP8RuP6N2oJLiDQIWM4jHhaogNGT23fBSTBQJUrS4gKG+i6LRrIWXwJe3hKJpUJuKSB2kvmmn8k/TJ4iQ4X1qDd6AARNy23S2jJHh+ESh131aTfU/rNipN6o80hhIBwObSL2uh8VPPebTOwwEkpVRqh//hOgUNZAAu/s5IhzUVOKniyPfGx0Gd/gdhDOmBsm5PfD3I9HDYh+mn4G8UsnmrDWTAIjDMcSccohbKRLmLDw3+GYsnPtjtTQvWFBMx2qQBK2nWI9zK0F/rmzQ712+yyLKkSOzyAkIMQ1nWmEC6gb5ZyDN/D+u3WITuCqpNlS3eFWWaP9rT3qAY+U4cZAgC4nCRX7Ll48Ggb0674xOS08n9Qu0rUA4lz4mZBRcXoCG59UjDcKthEbvTpMIZBdg5+qjEBbqeEO0fhlgm7hOzTVvfP5PQ4PiWxuiJUeyPR0GG2Yv/Gx3RHIpTuw1gq4mz7wDKVCgVofNZFGSogz+ljAIpuxnRMtq9zZ03/Ar/1mhsJJ+a9Yc1AUfVpt5lSawHI2RWqW0nkhPanmSR3DTdi/dO5G6w5w4aY91Fp7/FcPPSxrwP/lrY+U8SCi3x2Qp4AIOl9S5Mf68yxLFOeVBltCRIcypDyDWhfFSXqWedUy67Gx+odcxZoX6Uup5v8ZH8AZAOawaP3rv5RnH/fdS99rhn5oSIOg+hMMsLhz2OBMTUGWjyTJBvru36B7gtu1GB0fGFHOxpaRGFkj2E3Zf7LvBmJg48Neza/b99pLxo4LCFh9YuubTxfS5TPARHCBOg7ZeVMpynm5Ku+JCz3bl1LupB4tzG0tWlTvV898qrnaPzDVlLKmU9tDfehEyOJ9sHy6U9+BH7OaTPfO9O5oPk8imyg5i/So0AMDUYVVmm2QVtPm8kiKEHYtAyGSeh136L3rcvn8HZpCF1J2Jiv2DQbHgfVeUVBbYGTmwYcymCqHNpzkKUZFjrmd9xOZDHmlw6TVNcosrO427QDKQKN9JMFxBG6XHvCOheFGEGCW/BcGKjcO/av1faz84nelNfKaOC2XT5NJcC8v4ePlZyT61mLdEtoXNAQ5oqkUl5ikno3/0GzJfyvFgNEUdvulaUa+L3cJetBwPsHHi3T8EsEcIYHsIUAXAZ1UEe15wV/xwvmpGF0BebPpDygjgUW0pN7AAcl3uy2ThYcoSMBxgi74kixOZlhCwgll44IHZHa/7Q4knfPxCWNz3/wPS1saTGJnuvwRC9/Dtwj9eRFlVTmcwSdqB8nq+G9aG8kzpKiFy7xHKXD+iJDFIcn+2j6YG8jU8dBenv2+99qNhMeOatRFPn6Bfy2g5EFbVSKatucTc9L8l4J227AjfvTtAWtZKEe3rsiHPfcQBhPtuK+PFv6F4jYaWusYVi1iK4EYDTVf9lqPbpmQopsZOpcTSvgy2vSczvtqA1StZYdmJ36nmEC5OT+3B4gRaQHGRPcZTDhK2Z/zP6piYlIrUBfBgcvOoQFgRmRk2maiz3yVAUsgV3bDET7ZxvgWejVs0JJ02rhFcOvDmKBLy5kX/xOz/UmEEmXusT2q+iJW2ZSUbHOWgieUZtXXckUsTIZjzolNnWUtodV+C/qBGXTh2AeL+o6ybO3ztKZz9h3Td/5m+VwgM042ff8RlBfozonPWIQDAfOwT6ntJvcpQQuNhsAepWCd3FQwZfnp53gtsff0YZPJpghItaQ9VrrcNXhhaXUPWAjF27WZz+jAKUXy/5x9H3o3wxyR80VaSq2n7PBv9cFUhCxpCnYZudjcN7hd0uyzqBN36+0hXePPfVDYXZ4kav5PeVJoiwzJSIZunN+/cYjCn5kuCXFSrQXzZa9Q9UcjJsnFNPGshCP+n5VTt4c9DgNgJP7LOwYk2ZFd+tV4qq8rkru6k3+7Sw+w1X+Pn89o5up2pYYGa520Za/YTrKljkQvrkl8OV08trN0+FILlW+OxORbhP80dEtT7yYuWEL2jWFEWYWAWPlPrnxCIRqAUWg9314COeXye9fvKegt0ACAl4Jgb4vaWp5w4Y0SDssfTq5NnuYQpTMEbBoZ/FmPts4OcR5QUDw3IyKrq4TP6guIbsJP82NvwHotCTaQJizWgGihk1vue8DiLKYOEOawfwnSOMtTdhZ0FHIM+vd5L0lomA9vaM0akU/FVuF2BNln/j+xWaareB+P/EDY1ZyCQhHL8xXmhwFd5E5HGmwbpybtMpg6zpw5f3ZrIgxbaq/aEAwWadr1R42ap6eePtmZ+IjlCTqQIoHi8WwU1WgZEHLJd21hRtdK1xoRWwpN7VKD6M2NQAM2JiSgh7x5e2cGjOn3yI77q+2S37FyasIXYKcG4MNGLRCOOi106XW5JX9SnCbuf6FS+WnHACKNEk4VRQfaiw7Z4/NoN8Gh8A+lUYo+21aJd7pnZ7QXLVxU6keDObiSfsZdO+pRr7jP3kHDLQKDAJ6iXl2uBN9u3juKmDJHzAz8lcqbjbToEdbqtHlQdEV5qwn/xlWpZzC+lCmrC/9YeP9djKe1NDXvVObruiyS+ANWJWKh0U3yPQu3nlildrl6kGGSaDgFVxAtSI5Bz1kW6do7w6lrSxmR8rg1Hvv/SXm3HpCATk60YzMxrikmpvNbXlBJHYtCSdPdMId8+Oc/4bG+iyvGJMWMzRh+FVc1EGNkPF45G0U/v/rQx6V7F0LrrOYEdzPmgO54sbDSTVB8uOM6Vgv/nCNExRu0Iv874p+J2q/FGY/0biv1Tov9TbR5zhqX35j1mcBynR01bGwe472AhKDrwGO/ZYYHajOPoYBkfNQocW7QuEEHI2+3Ylgq49xi9OkuoUrJ+rKLkztEJhnoJrJz+EcAiDz57smqCK1ePmMPnBdSKsDLGiX3YKaWYZx4a/TkIQOm9/uaJRjVnAOyTJCZJeHc71fTiIBV7J0pj8kMW2ewgimmknhvt5xg49Y3sU+VDCFliUiUuHkMKHKoQhvnwfxIcYy37watfYk+mFRCahJ/IWzbp0TLF3X1ylWP29vTD0lY0Z5/UQafKZNzBqehKZF2RnIBRUQ15lJMmQXOo9HH6t2n56cXFlgxlK8LdfA8wVTantvDNY12rPyjJdPzaUFUQE7qhEwojyrXAV/6I+vz79eZ9SvEvui7KwA/kxbXHdYMWvGS0I6NHSvOJapPg7z0NrXUedlQUBrCl6yGD9BE1L8Pr62dFRBkFi6PPii2ID9O8lfmq7vstLhLeuHxnT/cZd+zzPDM3503q5wfB+ywP2P5P4RpINyS2Ltla0DrS+cjWuAjBdOV6gq7JgoFKcdhiskxlm9MeatjoA3g403baae/hyERl8fzudZcflxhdXgNK5ZUP/e7qas5qV8xAaFP9mkck8pj+yY0iyIr7zfyAuzwbP1QMrU1F1xOh1QaSanIgKy3CE24os8+hFdrXAmYQRYDqferJULicvsO8UnYtN9uVV8fvT5Jl8fc2O2h1BVVHe7kBTGZVWVf6AWsSp5Zp2c7f2VkuoxnO1aiJUR7QYtfz0ytO7k7etf3p4tPmK6k/IW0Xw2T0JOSxVM1nephW1xsqMPQ5nCG28m1Ba0znf9mBXK4tViirh3Gy6X1Eqla1u/lMQ+MpW4UZv2PKX7EEDLdps8Hfy+bSDe/lcT3Dix8Rz2pOIRdH4QmQNwu9eAH7qb24HnE7cAzWx/Mq5oGA3qJuXzmsCdFc4Jg/5OCg5SXbNGKapEe+siKF+i6o1XYG+rAlDVQOlbL0IGVusw+ETLqYc3DzXav0hkPWb138sg77h9ddz1rZRcSrAHrRKiXlsb6khyswRb8ItofwTuD1c4hqgE0V66LxNWLys6SrfLuqtSKoNnB6U+w4bnJ99xE+es//qffIZ6P6Hq7Tz4uOj2wY4KjdvVtzYAZHvqQLjzdzklUe6uA9MbC9AVcShigABdZjAagotZ38pI6qtskdKp22zd5BDRvdprA4ETCG5L1efZbRFnUfhSj+GRtwLwzX2D56toRSmlNl/4GgdCF0qz/7hwC4iordXZ1UTNuFZ5DHHtueWD6dLZHOM7k5kQTHEI0H9mZ5700XIwppvJw8LZxeOuKaTFy9tfeJ3tNGaBC2DRLNTRPcbEJysj4aRlIb9FcBhcFdtLKSylGn8jLJmBVSnAcD0lUCUuYk7IRuqV64mOH/oJU/M+gLzPuj0T3BB3he7WrLs2djcXeWKZkAyd4lOj05I6r5nrLFDEhR3/TCJ/hFXZsnYTwMUUZGFKruvOORBh4NWaPEyklst3WZ74JfCXN+YFPr3jbm8VKpsjojYD49WlUzue7dY0dLmuI5YiNHdS66G0mriFdUPkOE80gA6TyE8UrbVCfeUCyAgtMKgfWx8st6s7nB3QGvmxdDjRlN11WWihjaftOFSI/yvwXQ1S0dv/Zc219zYc1JV5+D4db0WWuOB30aGMLzhghQPv3/3qlGb82oqEDwwV/o4KG1XpFs0lnyrRV3vNdXEE6tyXp/TLJWFRCN17/eytelsboYvuN4iYcv0pgxwFBAxdH4p3zl2C+ZBrHDmSDein4iu63Wyyxjkk1mNQ/qMQl9URfJYTWFAJ9UfM55GF3OSHLbom/yBGUFzJv75Df9L0LKZV/l8rhmuo4OjR4/V3P/9SCg7pvosy7OOZOrqayrt5iJWDoVP9BH7A7Xf5SMLY6dWOeM/g7lkCbbUSlNPBaMgbZHAIogpMzFlM9zhUV1p6TgqSwN2JCD53bCg6w0Q1+QqWuzEXeQM4D+9gsLuLZB1JkkXKBl7QJGQ1CpYm0OeyG0UlqrbmWETu1xFA1h1jO5z06ERSPmQ4npQN3DLQoqb/MnRdV0Qee0jBakm/uzgGlong9oDbszEzQkUzMWBD4id+xkl45xzeqwaO50HEwrh9C0wJBZhSjxSPEIF8Pp3STxstlkEWalRy9YU3vyG/Uf/7tUhjf8EBc8QRSL897sNNb6NvOv1b6zKWiezu2xe+e77ujRRxLRL7//1zXpCUIvborVo4CBlq2+0geKCjqjsOr9GxOiuoTb8vUdFB8YE8g4wmqhvjRwRP/P/U7q5r2rN9LbOqSlZxZX5bILZB4vFDOk7RBaQkbkh240aOOisk1KWtlcHsrdytuaY4CTIOEM6osSgauF0UHrXpMKWQr6/O0MzHEfZE+Y7dRQEcy1GK8PKCOnpDs+YnQIXm78aKumNm+PvBcpls9MPEdcQ9tzJeGqqFSeRc96y/dMJMu52yFtyiMZawF44jtmV18K0iTMW0IhFvJLOI59tINQbUCRd40xHu8K79yjkkakoTLiOHXAjugZWnQTHtGpLrjpR47seMH2isShs4XPjLrfq9HrqrRCBfAXCm+4voSAgaa74PLsbGj7M3qxqVFpgRbmb+beXIHvbQ4g7C4LxsfmcLEaJyXfrCKFS2h3lnhzqZ4GBGHLmXY7JmZ4ojXyg43sEKmicAem0aGTQKGnc08BRA8GOapFz3QPCcz824prNedVCEb85RRuTas/ThJKW2bCtPkEgdiOrwBS9D+pEov0kjwULdd8/2OIy/DCvc2wYnCYgW3RX7zJwCbyHWtC7J0otRTmeux8W/TCX5hJxRJqALluwCTjiqG2P3zTOb4lRYzIV2/6iU7FMK8hD8n9Mka96FzWMIfaW8E3kbKX9ibujtDVYA5Ffjq2fcpLukkkl7LiPdn7xU///mIlIn3KpPN9j6y18T418B6AcP1oqxEfVNLJyoH6G4VHRQTMOzyck5JYXGXgnkUFL6sgFOA8qdem+Mc7tpQiMskrbixtKisZzSBNM8PLklgggtm4HzN5u7wP2hmWtLOABGyvOvncjliG300YNQq32g3wc6drDFdXuHxj6bpKrGOazqjDMX5uIc/kBdWS3mOeFW3212c1B1iUh4yOoIn79NRPV8aP9,iv:Uy0Z4W4PUcwfkGfR6Mtf6AWShsU3dmLz+H9JOJd463c=,tag:B1KAAANSnRvb0ECwYP0QxQ==,type:str] +sops: + age: + - enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVNkthU0srVEFZMk43ZFFu + dEJ3QkJyMEJ2OUhCR1Nwc3pQSHEzaXhjZFRzCm9idXlpUVM2WTRXQWY2SzFJei93 + bzdEdEdiS1NHYy9mYWY3UU5xcmJMN2MKLS0tIGtSblFnZDdHK1ltUTNyWUFVdFd5 + czZxZzUvSjlzcmtZRURleURwWGZVSjQK+DsUTq8yTkKZGK2rj1c9tFPm9nRoAjkQ + D5HFkN8uRVTB91JEx077I8VZLXJgJ6HFGOpW2EGV4nDilL9YP288Eg== + -----END AGE ENCRYPTED FILE----- + recipient: age1zfvmt2avdlfz0fvchczplc84u7m8vqausm7zytl9s4x9m9yax4cqy30zpz + lastmodified: "2026-06-20T18:05:47Z" + mac: ENC[AES256_GCM,data:+w9BPkacf5X9hJhh5Bmm8nf5eANZs07K/BS3c1q6jVdUoHPkVbOz0EbAEQkheW8xQAH5lIQl0D5GXSbGyhLnV3mKwL3RgV532aAY02IT68ygDvFPx6ziBEmqBlWaTZ3DopKOqPzje0olMuefYF1Li1LihmLEX3kMxwBFOr8oSn0=,iv:Lkq8NdRjbMI21bfVVoq08kgZQmgdFrh+xKgd8j/VAkc=,tag:bMwLv5ABrMSzwq5t6/s65g==,type:str] + unencrypted_suffix: _unencrypted + version: 3.13.1 diff --git a/hosts/poweredge/router-hosts.nix b/hosts/poweredge/router-hosts.nix index 391d0e4..2a08558 100644 --- a/hosts/poweredge/router-hosts.nix +++ b/hosts/poweredge/router-hosts.nix @@ -63,6 +63,14 @@ let macAddress = "02:00:00:00:00:05"; staticIp = "192.168.1.45"; }; + grafana = { + macAddress = "02:00:00:00:00:06"; + staticIp = "192.168.1.46"; + }; + transmission = { + macAddress = "02:00:00:00:00:07"; + staticIp = "192.168.1.47"; + }; }; dns.hostOverrides = { "router.${localDomain}" = "192.168.1.1"; diff --git a/hosts/poweredge/transmission.nix b/hosts/poweredge/transmission.nix index 11a673e..cded95d 100644 --- a/hosts/poweredge/transmission.nix +++ b/hosts/poweredge/transmission.nix @@ -1,48 +1,118 @@ -{ - containers.transmission-wg = let +{ config, pkgs, ... }: { + # Secrets + sops.secrets.transmission-ovpn-config = { sopsFile = ./resources/secrets/transmission.yaml; key = "ovpn-config"; }; + sops.secrets.transmission-ovpn-auth = { sopsFile = ./resources/secrets/transmission.yaml; key = "ovpn-auth"; }; + + # Container + containers.transmission = let home = "/var/lib/transmission"; download-dir = "${home}/complete"; incomplete-dir = "${home}/incomplete"; - wg-conf = "${home}/wg0.conf"; in { autoStart = true; - privateNetwork = false; # TODO - enableTun = true; + privateNetwork = true; + enableTun = true; # OpenVPN requires + hostBridge = "br-lan0"; + localMacAddress = "02:00:00:00:00:07"; + + # Download dirs bindMounts = { "${download-dir}" = { - hostPath = ""; # FIXME + hostPath = "/media/ingens/media/.incomplete"; isReadOnly = false; }; "${incomplete-dir}" = { - hostPath = ""; # FIXME + hostPath = "/media/ingens/media/.complete"; isReadOnly = false; }; }; + # Bind secrets + bindMounts."/run/secrets/ovpn-config.ovpn" = { + hostPath = config.sops.secrets.transmission-ovpn-config.path; + isReadOnly = true; + }; + bindMounts."/run/secrets/ovpn-auth" = { + hostPath = config.sops.secrets.transmission-ovpn-auth.path; + isReadOnly = true; + }; + config = { lib, config, ... }: { + # Network + networking.enableIPv6 = false; # Prevent ip leaks + networking.interfaces.eth0.useDHCP = true; + networking.firewall.interfaces = { + eth0.allowedTCPPorts = [ 80 ]; # RPC interface + # Torrent ports + tun0 = { + allowedTCPPorts = [ 51413 ]; + allowedUDPPorts = [ 51413 ]; + }; + }; + + # Transmission services.transmission = { inherit home; enable = true; settings = { inherit download-dir incomplete-dir; - rpc-bind-address = "0.0.0.0"; - rpc-whitelist = "*"; - rpc-whitelist-enable = false; }; }; - #networking.wg-quick.interfaces = { - # wg0.configFile = wg-conf; - #}; - # TODO remove (#258793) systemd.services.transmission.serviceConfig = { RootDirectoryStartOnly = lib.mkForce null; RootDirectory = lib.mkForce null; }; - system.stateVersion = "25.11"; + # Reverse proxy + services.caddy = { + enable = true; + virtualHosts.":80".extraConfig = '' + reverse_proxy localhost:9091 + ''; + }; + + # OpenVPN + services.openvpn.servers.main = { + config = '' + config /run/secrets/ovpn-config.ovpn + auth-user-pass /run/secrets/ovpn-auth + ''; + autoStart = true; + updateResolvConf = true; + }; + + # VPN killswitch + networking.firewall.extraCommands = '' + # Get domain name host and port from ovpn config + SERVER_HOST=$(${pkgs.gawk}/bin/awk '/^remote /{print $2;exit}' /run/secrets/ovpn-config.ovpn) + SERVER_PORT=$(${pkgs.gawk}/bin/awk '/^remote /{print $3;exit}' /run/secrets/ovpn-config.ovpn) + + # Resolve server ip from host + while [ -z "$SERVER_IP" ]; do + sleep 3 + SERVER_IP=$(${pkgs.getent}/bin/getent hosts "$SERVER_HOST" 2>/dev/null | ${pkgs.gawk}/bin/awk '{print $1}') + echo "SERVER_IP: $SERVER_IP" + done + + # Only allow out traffic from tun0 + ${pkgs.iptables}/bin/iptables -P OUTPUT DROP + ${pkgs.iptables}/bin/iptables -A OUTPUT -o lo -j ACCEPT + ${pkgs.iptables}/bin/iptables -A OUTPUT -o tun0 -j ACCEPT + ${pkgs.iptables}/bin/iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT # Exception: allow established connections + ${pkgs.iptables}/bin/iptables -A OUTPUT -p udp -d "$SERVER_IP" --dport "$SERVER_PORT" -j ACCEPT + + # Allow DNS + DNS_IP=$(${pkgs.gawk}/bin/awk '/^nameserver /{print $2; exit}' /etc/resolv.conf) + ${pkgs.iptables}/bin/iptables -A OUTPUT -o eth0 -p udp -d "$DNS_IP" --dport 53 -j ACCEPT + ${pkgs.iptables}/bin/iptables -A OUTPUT -o eth0 -p tcp -d "$DNS_IP" --dport 53 -j ACCEPT + + # Allow transmission RPC + ''; + + system.stateVersion = "26.05"; }; }; } diff --git a/pkgs/xorg/overrides.nix b/pkgs/xorg/overrides.nix index 7225431..0cd9490 100644 --- a/pkgs/xorg/overrides.nix +++ b/pkgs/xorg/overrides.nix @@ -1,20 +1,18 @@ final: prev: { - xorg = prev.xorg // { - # Apply startx patch to create serverauth file in /tmp instead of home directory - xinit = (prev.xorg.xinit.overrideAttrs (finalAttrs: previousAttrs: { - version = "1.4.4"; - patchtag = "${finalAttrs.version}-1"; # Archlinux xinit package tagged release to fetch patch from - # Override src since is hardcoded to 1.4.2 - src = prev.fetchurl { - url = "mirror://xorg/individual/app/xinit-${finalAttrs.version}.tar.xz"; - sha256 = "sha256-QKR8ehZMf5gc43h7Szf35BH7QyMdzeVD1wCUB12s/vk="; - }; - patches = [ - (prev.fetchpatch { - url = "https://gitlab.archlinux.org/archlinux/packaging/packages/xorg-xinit/-/raw/${finalAttrs.patchtag}/06_move_serverauthfile_into_tmp.diff"; - sha256 = "1whzs5bw7ph12r3abs1g9fydibkr291jh56a0zp17d4x070jnkda"; - }) - ]; - })); - }; + # Apply startx patch to create serverauth file in /tmp instead of home directory + xinit = prev.xinit.overrideAttrs (finalAttrs: previousAttrs: { + version = "1.4.4"; + patchtag = "${finalAttrs.version}-1"; # Archlinux xinit package tagged release to fetch patch from + # Override src since is hardcoded to 1.4.2 + src = prev.fetchurl { + url = "mirror://xorg/individual/app/xinit-${finalAttrs.version}.tar.xz"; + sha256 = "sha256-QKR8ehZMf5gc43h7Szf35BH7QyMdzeVD1wCUB12s/vk="; + }; + patches = [ + (prev.fetchpatch { + url = "https://gitlab.archlinux.org/archlinux/packaging/packages/xorg-xinit/-/raw/${finalAttrs.patchtag}/06_move_serverauthfile_into_tmp.diff"; + sha256 = "1whzs5bw7ph12r3abs1g9fydibkr291jh56a0zp17d4x070jnkda"; + }) + ]; + }); } |