diff --git a/flake.lock b/flake.lock index 51d0c87..ba3e2f3 100644 --- a/flake.lock +++ b/flake.lock @@ -24,11 +24,11 @@ "agents": { "flake": false, "locked": { - "lastModified": 1773479083, - "narHash": "sha256-qwope4VrtrMsebTjyqhiwO6NxZ4t8kk+65K8y41ada0=", + "lastModified": 1773654477, + "narHash": "sha256-de+B85eBY2SyT0uPLlVxKCy6lsKYXhtA2mo2zO6MXlg=", "ref": "refs/heads/master", - "rev": "8bcb5e11fbfeb4c00b81358163162324d0893ff8", - "revCount": 64, + "rev": "a4ae041e1d2343000da7b7098195f166b58c0d11", + "revCount": 65, "type": "git", "url": "https://code.m3ta.dev/m3tam3re/AGENTS" }, @@ -236,11 +236,11 @@ ] }, "locked": { - "lastModified": 1773025010, - "narHash": "sha256-khlHllTsovXgT2GZ0WxT4+RvuMjNeR5OW0UYeEHPYQo=", + "lastModified": 1773889306, + "narHash": "sha256-PAqwnsBSI9SVC2QugvQ3xeYCB0otOwCacB1ueQj2tgw=", "owner": "nix-community", "repo": "disko", - "rev": "7b9f7f88ab3b339f8142dc246445abb3c370d3d3", + "rev": "5ad85c82cc52264f4beddc934ba57f3789f28347", "type": "github" }, "original": { @@ -417,11 +417,11 @@ ] }, "locked": { - "lastModified": 1773179137, - "narHash": "sha256-EdW2bwzlfme0vbMOcStnNmKlOAA05Bp6su2O8VLGT0k=", + "lastModified": 1774210133, + "narHash": "sha256-yeiWCY9aAUUJ3ebMVjs0UZXRnT5x90MCtpbpOWiXrvM=", "owner": "nix-community", "repo": "home-manager", - "rev": "3f98e2bbc661ec0aaf558d8a283d6955f05f1d09", + "rev": "c6fe2944ad9f2444b2d767c4a5edee7c166e8a95", "type": "github" }, "original": { @@ -438,11 +438,11 @@ ] }, "locked": { - "lastModified": 1772985280, - "narHash": "sha256-FdrNykOoY9VStevU4zjSUdvsL9SzJTcXt4omdEDZDLk=", + "lastModified": 1773963144, + "narHash": "sha256-WzBOBfSay3GYilUfKaUa1Mbf8/jtuAiJIedx7fWuIX4=", "owner": "nix-community", "repo": "home-manager", - "rev": "8f736f007139d7f70752657dff6a401a585d6cbc", + "rev": "a91b3ea73a765614d90360580b689c48102d1d33", "type": "github" }, "original": { @@ -492,11 +492,11 @@ "treefmt-nix": "treefmt-nix" }, "locked": { - "lastModified": 1773631298, - "narHash": "sha256-ayzlBBwiXP30BiI+T4POukapy+x0TG7MVsWbTIfUDac=", + "lastModified": 1774237443, + "narHash": "sha256-4h/vWMOCvd0s5WK7DONqlljImbbKG55gmnVfBcxcFoY=", "owner": "numtide", "repo": "llm-agents.nix", - "rev": "49964b8b4efa9ed7ffab7cbd63497ab029bdfc82", + "rev": "d17f058f96e7993b50879e871a742b3ed9a5f429", "type": "github" }, "original": { @@ -513,11 +513,11 @@ "openspec": "openspec" }, "locked": { - "lastModified": 1773151265, - "narHash": "sha256-XzPR+if4vsckxPD6SYeMPQcfOy+M0V0YofnseC8/ZC8=", + "lastModified": 1774231264, + "narHash": "sha256-Igcbq2IHBn+ZthttcFBI2/H8H8zh6pOJOG5LkPbmHYA=", "ref": "refs/heads/master", - "rev": "29d1cdf894841101ee84e038bff7b3e8531fba1c", - "revCount": 163, + "rev": "99d281fd4f5d5deb2487761194b4926b59e8d6cd", + "revCount": 185, "type": "git", "url": "https://code.m3ta.dev/m3tam3re/nixpkgs" }, @@ -556,11 +556,11 @@ "treefmt-nix": "treefmt-nix_2" }, "locked": { - "lastModified": 1773201098, - "narHash": "sha256-yq35qMKDHyMdVlhGfR5BojbjniY2cY9XYmiILeCf1Xc=", + "lastModified": 1774237443, + "narHash": "sha256-4h/vWMOCvd0s5WK7DONqlljImbbKG55gmnVfBcxcFoY=", "owner": "numtide", "repo": "nix-ai-tools", - "rev": "8578734bf5087a1ca45033c2ec8e1a2228f9b95c", + "rev": "d17f058f96e7993b50879e871a742b3ed9a5f429", "type": "github" }, "original": { @@ -710,11 +710,11 @@ }, "nixpkgs-master": { "locked": { - "lastModified": 1773150927, - "narHash": "sha256-0Js8/ZxXH575nfmUENgX2JlFY6GrXjFTlQT81mfN1bQ=", + "lastModified": 1774230720, + "narHash": "sha256-cFg5kIiLTt9mRjZuc6cu7W5ClVIyAgrtKEHGUwFaSKc=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "2d82c4ce7238cc3e5bf80ba48894185ea3947615", + "rev": "127473ff3102f1d1c4804b54dc557a6a01d26a68", "type": "github" }, "original": { @@ -742,11 +742,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1772963539, - "narHash": "sha256-9jVDGZnvCckTGdYT53d/EfznygLskyLQXYwJLKMPsZs=", + "lastModified": 1773821835, + "narHash": "sha256-TJ3lSQtW0E2JrznGVm8hOQGVpXjJyXY2guAxku2O9A4=", "owner": "nixos", "repo": "nixpkgs", - "rev": "9dcb002ca1690658be4a04645215baea8b95f31d", + "rev": "b40629efe5d6ec48dd1efba650c797ddbd39ace0", "type": "github" }, "original": { @@ -774,11 +774,11 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1773507054, - "narHash": "sha256-Q8U5VXgrcxmCxPtCCJCIZkcAX3FCZwGh1GNVIXxMND0=", + "lastModified": 1773840656, + "narHash": "sha256-9tpvMGFteZnd3gRQZFlRCohVpqooygFuy9yjuyRL2C0=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "e80236013dc8b77aa49ca90e7a12d86f5d8d64c9", + "rev": "9cf7092bdd603554bd8b63c216e8943cf9b12512", "type": "github" }, "original": { @@ -790,11 +790,11 @@ }, "nixpkgs_4": { "locked": { - "lastModified": 1772963539, - "narHash": "sha256-9jVDGZnvCckTGdYT53d/EfznygLskyLQXYwJLKMPsZs=", + "lastModified": 1773821835, + "narHash": "sha256-TJ3lSQtW0E2JrznGVm8hOQGVpXjJyXY2guAxku2O9A4=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "9dcb002ca1690658be4a04645215baea8b95f31d", + "rev": "b40629efe5d6ec48dd1efba650c797ddbd39ace0", "type": "github" }, "original": { @@ -806,11 +806,11 @@ }, "nixpkgs_5": { "locked": { - "lastModified": 1772956932, - "narHash": "sha256-M0yS4AafhKxPPmOHGqIV0iKxgNO8bHDWdl1kOwGBwRY=", + "lastModified": 1773840656, + "narHash": "sha256-9tpvMGFteZnd3gRQZFlRCohVpqooygFuy9yjuyRL2C0=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "608d0cadfed240589a7eea422407a547ad626a14", + "rev": "9cf7092bdd603554bd8b63c216e8943cf9b12512", "type": "github" }, "original": { @@ -822,11 +822,11 @@ }, "nixpkgs_6": { "locked": { - "lastModified": 1773068389, - "narHash": "sha256-vMrm7Pk2hjBRPnCSjhq1pH0bg350Z+pXhqZ9ICiqqCs=", + "lastModified": 1773964973, + "narHash": "sha256-NV/J+tTER0P5iJhUDL/8HO5MDjDceLQPRUYgdmy5wXw=", "owner": "nixos", "repo": "nixpkgs", - "rev": "44bae273f9f82d480273bab26f5c50de3724f52f", + "rev": "812b3986fd1568f7a858f97fcf425ad996ba7d25", "type": "github" }, "original": { @@ -876,11 +876,11 @@ ] }, "locked": { - "lastModified": 1773206216, - "narHash": "sha256-zODqMIuMUDYHxHCKtKyUL7qckWX+ggbaCpQVBQKMMOI=", + "lastModified": 1774243438, + "narHash": "sha256-mllIhgQyvjSWm9rMiX4gTGNGjkUbdcGcHeZeI8hO3cE=", "owner": "nix-community", "repo": "NUR", - "rev": "90f69edef312092455879bb82faf8feb1be44297", + "rev": "fcb9e000f223397217a86394a9284132ea873c1d", "type": "github" }, "original": { @@ -897,16 +897,16 @@ ] }, "locked": { - "lastModified": 1773072574, - "narHash": "sha256-smGIc6lYWSjfmGAikoYpP7GbB6mWacrPWrRtp/+HJ3E=", + "lastModified": 1774222321, + "narHash": "sha256-JQsccVflS/GAjzguvZTLn7UH7tsou8yCSlaA48DVY10=", "owner": "anomalyco", "repo": "opencode", - "rev": "c6262f9d4002d86a1f1795c306aa329d45361d12", + "rev": "eb3bfffad453f1c8c3f0f92bba0d8e34c83fa244", "type": "github" }, "original": { "owner": "anomalyco", - "ref": "v1.2.24", + "ref": "v1.3.0", "repo": "opencode", "type": "github" } @@ -1078,11 +1078,11 @@ ] }, "locked": { - "lastModified": 1772660329, - "narHash": "sha256-IjU1FxYqm+VDe5qIOxoW+pISBlGvVApRjiw/Y/ttJzY=", + "lastModified": 1773297127, + "narHash": "sha256-6E/yhXP7Oy/NbXtf1ktzmU8SdVqJQ09HC/48ebEGBpk=", "owner": "numtide", "repo": "treefmt-nix", - "rev": "3710e0e1218041bbad640352a0440114b1e10428", + "rev": "71b125cd05fbfd78cab3e070b73544abe24c5016", "type": "github" }, "original": { diff --git a/home/features/cli/default.nix b/home/features/cli/default.nix index e6d762b..1f55e61 100644 --- a/home/features/cli/default.nix +++ b/home/features/cli/default.nix @@ -6,6 +6,7 @@ ./nushell.nix ./secrets.nix ./starship.nix + ./television.nix ./zellij.nix ]; @@ -23,6 +24,12 @@ enableBashIntegration = true; }; + programs.nix-index = { + enable = true; + enableBashIntegration = true; + enableNushellIntegration = true; + }; + programs.zoxide = { enable = true; enableFishIntegration = true; @@ -89,9 +96,9 @@ nushellPlugins.skim progress ripgrep - rocmPackages.rocm-smi - rocmPackages.rocminfo - rocmPackages.rocm-runtime + # rocmPackages.rocm-smi + # rocmPackages.rocminfo + # rocmPackages.rocm-runtime tldr pomodoro-timer trash-cli diff --git a/home/features/cli/nushell.nix b/home/features/cli/nushell.nix index 416c4e8..4235fdc 100644 --- a/home/features/cli/nushell.nix +++ b/home/features/cli/nushell.nix @@ -27,8 +27,19 @@ in { $env.SSH_AUTH_SOCK = "/run/user/1000/gnupg/S.gpg-agent.ssh" $env.PATH = ($env.PATH | split row (char esep) | append "/home/sascha.koenig/.cache/.bun/bin" | uniq) $env.FLAKE = $"($env.HOME)/p/NIX/nixos-config" - #source /run/agenix/${config.home.username}-secrets + + # Load kestractl-env from agenix + if ("/run/agenix/kestractl-env" | path exists) { + open /run/agenix/kestractl-env + | lines + | where {($in | str trim | str length) > 0} + | parse "{key}={value}" + | update value {str trim -c '"'} + | transpose -r -d + | load-env + } ''; + # if (tty) == "/dev/tty1" { # exec uwsm start -S -F /run/current-system/sw/bin/Hyprland # } @@ -67,80 +78,9 @@ in { alias vi = nvim alias vim = nvim - def history_fuzzy [] { - let selected = ( - history - | reverse - | get command - | uniq - | to text - | ^fzf - ) - if ($selected | is-not-empty) { - commandline edit ($selected) - } else { - null - } - } - def --env dir_fuzzy [] { - let selected = ( - fd --type directory - | ^fzf - ) - cd $selected - } - def find_fuzzy [] { - # Find non-hidden text files with matches for any content and select one via fuzzy search - let selected = ( - ^fd --type file --no-hidden -X rg -l --files-with-matches . - | lines - | to text - | ^fzf - ) - if ($selected | is-not-empty) { - ^$env.EDITOR $selected - } - } - - $env.config = { - keybindings: [ - { - name: history_fuzzy - modifier: control - keycode: char_r - mode: [emacs, vi_insert, vi_normal] - event: [ - { - send: executehostcommand - cmd: "history_fuzzy" - } - ] - } - { - name: dir_fuzzy - modifier: alt - keycode: char_c - mode: [emacs, vi_insert, vi_normal] - event: [ - { - send: executehostcommand - cmd: "dir_fuzzy" - } - ] - } - { - name: history_fuzzy - modifier: control - keycode: char_t - mode: [emacs, vi_insert, vi_normal] - event: [ - { - send: executehostcommand - cmd: "find_fuzzy" - } - ] - } - ] + if (which tv | is-not-empty) { + mkdir ($nu.data-dir | path join "vendor/autoload") + tv init nu | save -f ($nu.data-dir | path join "vendor/autoload/tv.nu") } ''; }; diff --git a/home/features/cli/television.nix b/home/features/cli/television.nix new file mode 100644 index 0000000..bc1b036 --- /dev/null +++ b/home/features/cli/television.nix @@ -0,0 +1,64 @@ +{ + config, + lib, + ... +}: +with lib; let + cfg = config.features.cli.television; +in { + options.features.cli.television.enable = mkEnableOption "enable nitch"; + + config = mkIf cfg.enable { + programs.television = { + enable = true; + channels = { + tldr = { + metadata = { + description = "Browse TLDR pages"; + name = "tldr"; + requirements = [ + "tldr" + ]; + }; + preview = { + command = "tldr '{}'"; + }; + source = { + command = "tldr --list"; + }; + }; + git-diff = { + metadata = { + description = "A channel to select files from git diff commands"; + name = "git-diff"; + requirements = [ + "git" + ]; + }; + preview = { + command = "git diff HEAD --color=always -- '{}'"; + }; + source = { + command = "git diff --name-only HEAD"; + }; + }; + git-log = { + metadata = { + description = "A channel to select from git log entries"; + name = "git-log"; + requirements = [ + "git" + ]; + }; + preview = { + command = "git show -p --stat --pretty=fuller --color=always '{0}'"; + }; + source = { + command = "git log --oneline --date=short --pretty=\"format:%h %s %an %cd\" \"$@\""; + output = "{split: :0}"; + }; + }; + }; + }; + }; +} diff --git a/home/features/coding/default.nix b/home/features/coding/default.nix index 51e1c79..56bebe9 100644 --- a/home/features/coding/default.nix +++ b/home/features/coding/default.nix @@ -40,6 +40,7 @@ bc bun devpod + kestractl kitty #devpod-desktop (python3.withPackages (ps: diff --git a/home/features/coding/opencode.nix b/home/features/coding/opencode.nix index f43ec3c..050f2b8 100644 --- a/home/features/coding/opencode.nix +++ b/home/features/coding/opencode.nix @@ -51,6 +51,19 @@ output = 128000; }; }; + "claude-haiku-4-5" = { + name = "Claude Haiku 4.5"; + options = { + thinking = { + type = "enabled"; + budget_tokens = 16000; + }; + }; + limit = { + context = 200000; + output = 64000; + }; + }; "claude-sonnet-4-6" = { name = "Claude Sonnet 4.6"; options = { @@ -97,22 +110,22 @@ model = "litellm/claude-sonnet-4-6"; }; explore = { - model = "zai-coding-plan/glm-4.5-air"; + model = "litellm/claude-haiku-4-5"; }; multimodal-looker = { - model = "zai-coding-plan/glm-4.6v"; + model = "litellm/gpt-5.3-codex"; }; prometheus = { model = "litellm/claude-opus-4-6"; }; metis = { - model = "zai-coding-plan/glm-5"; + model = "litellm/claude-opus-4-6"; }; momus = { - model = "zai-coding-plan/glm-5"; + model = "litellm/claude-opus-4-6"; }; atlas = { - model = "zai-coding-plan/glm-5"; + model = "litellm/claude-sonnet-4-6"; }; }; categories = { @@ -120,19 +133,22 @@ model = "zai-coding-plan/glm-5"; }; ultrabrain = { - model = "litellm/gpt-5.3-codex"; + model = "litellm/claude-opus-4-6"; + }; + deep = { + model = "litellm/claude-sonnet-4-6"; }; artistry = { model = "zai-coding-plan/glm-5"; }; quick = { - model = "zai-coding-plan/glm-5"; + model = "litellm/claude-haiku-4-5"; }; unspecified-low = { - model = "zai-coding-plan/glm-5"; + model = "litellm/claude-sonnet-4-6"; }; unspecified-high = { - model = "zai-coding-plan/glm-5"; + model = "litellm/claude-opus-4-6"; }; writing = { model = "zai-coding-plan/glm-5"; diff --git a/home/features/desktop/media.nix b/home/features/desktop/media.nix index c4173a3..562a25d 100644 --- a/home/features/desktop/media.nix +++ b/home/features/desktop/media.nix @@ -17,7 +17,6 @@ in { # makemkv # mediainfo amf - blueberry ffmpeg_6-full gst_all_1.gstreamer gst_all_1.gst-vaapi diff --git a/home/users/sascha.koenig/AZ-PRM-1.nix b/home/users/sascha.koenig/AZ-PRM-1.nix index 98b5584..8be6cfe 100644 --- a/home/users/sascha.koenig/AZ-PRM-1.nix +++ b/home/users/sascha.koenig/AZ-PRM-1.nix @@ -2,6 +2,7 @@ imports = [ ./home.nix ../../common + ../../features/cli ../../features/cli/fish.nix ../../features/cli/fzf.nix ../../features/cli/nushell.nix diff --git a/home/users/sascha.koenig/AZLT124-L.nix b/home/users/sascha.koenig/AZLT124-L.nix index 2f508ef..2e3d993 100644 --- a/home/users/sascha.koenig/AZLT124-L.nix +++ b/home/users/sascha.koenig/AZLT124-L.nix @@ -60,6 +60,7 @@ in { nitch.enable = true; secrets.enable = true; starship.enable = true; + television.enable = true; }; desktop = { coding.enable = true; diff --git a/hosts/AZ-CLD-1/services/postgres.nix b/hosts/AZ-CLD-1/services/postgres.nix index 63453e1..56a7920 100644 --- a/hosts/AZ-CLD-1/services/postgres.nix +++ b/hosts/AZ-CLD-1/services/postgres.nix @@ -76,12 +76,25 @@ CREATE DATABASE zammad-hr; ALTER DATABASE zammad-hr OWNER to zammad-hr; ALTER DATABASE zammad-hr CONNECTION LIMIT 50; + + -- Group roles (NOLOGIN, for permission management) + CREATE ROLE admin NOLOGIN; + CREATE ROLE dba NOLOGIN; + + -- Personal login roles + CREATE USER sascha_koenig WITH ENCRYPTED PASSWORD 'sascha_koenig'; + GRANT admin TO sascha_koenig; + + CREATE USER jannik_mueller WITH ENCRYPTED PASSWORD 'jannik_mueller'; + GRANT admin TO jannik_mueller; ''; authentication = pkgs.lib.mkOverride 10 '' # Local connections (Unix socket) local all postgres peer + local all sascha_koenig scram-sha-256 + local all jannik_mueller scram-sha-256 local az_test az_test scram-sha-256 - local metabase metabase scram-sha-256 + local metabase,az_kpi_raw metabase scram-sha-256 local n8n n8n scram-sha-256 local outline outline scram-sha-256 local vaultwarden vaultwarden scram-sha-256 @@ -91,14 +104,20 @@ host all postgres 127.0.0.1/32 scram-sha-256 host all postgres ::1/128 scram-sha-256 + host all sascha_koenig 127.0.0.1/32 scram-sha-256 + host all sascha_koenig ::1/128 scram-sha-256 + + host all jannik_mueller 127.0.0.1/32 scram-sha-256 + host all jannik_mueller ::1/128 scram-sha-256 + host az_test az_test 127.0.0.1/32 scram-sha-256 host az_test az_test ::1/128 scram-sha-256 host outline outline 127.0.0.1/32 scram-sha-256 host outline outline ::1/128 scram-sha-256 - host metabase metabase 127.0.0.1/32 scram-sha-256 - host metabase metabase ::1/128 scram-sha-256 + host metabase,az_kpi_raw metabase 127.0.0.1/32 scram-sha-256 + host metabase,az_kpi_raw metabase ::1/128 scram-sha-256 host n8n n8n 127.0.0.1/32 scram-sha-256 host n8n n8n ::1/128 scram-sha-256 @@ -131,7 +150,7 @@ services.postgresqlBackup = { enable = true; startAt = "03:10:00"; - databases = ["baserow" "kestra" "librechat_rag" "litellm" "metabase" "n8n" "outline" "vaultwarden" "zammad" "zammad_hr"]; + databases = ["az_kpi_raw" "baserow" "kestra" "librechat_rag" "litellm" "metabase" "n8n" "outline" "vaultwarden" "zammad" "zammad_hr"]; }; services.pgadmin = { enable = true; diff --git a/hosts/AZ-PRM-1/secrets.nix b/hosts/AZ-PRM-1/secrets.nix index eb12a76..bbd6bcb 100644 --- a/hosts/AZ-PRM-1/secrets.nix +++ b/hosts/AZ-PRM-1/secrets.nix @@ -9,6 +9,7 @@ mode = "644"; }; kestra-env = {file = ../../secrets/kestra-env.age;}; + kestra-secrets = {file = ../../secrets/kestra-secrets.age;}; n8n-env = { file = ../../secrets/n8n-env-prm.age; }; diff --git a/hosts/AZ-PRM-1/services/containers/kestra.nix b/hosts/AZ-PRM-1/services/containers/kestra.nix index 849e49d..a164ef8 100644 --- a/hosts/AZ-PRM-1/services/containers/kestra.nix +++ b/hosts/AZ-PRM-1/services/containers/kestra.nix @@ -9,7 +9,10 @@ in { virtualisation.oci-containers.containers."${serviceName}" = { image = "docker.io/kestra/kestra:latest"; - environmentFiles = [config.age.secrets.kestra-env.path]; + environmentFiles = [ + config.age.secrets.kestra-env.path + config.age.secrets.kestra-secrets.path + ]; cmd = ["server" "standalone" "--config" "/etc/config/application.yaml"]; ports = ["127.0.0.1:${toString servicePort}:8080"]; user = "root"; diff --git a/hosts/AZ-PRM-1/services/postgres.nix b/hosts/AZ-PRM-1/services/postgres.nix index 4cdb92a..e651041 100644 --- a/hosts/AZ-PRM-1/services/postgres.nix +++ b/hosts/AZ-PRM-1/services/postgres.nix @@ -49,7 +49,6 @@ host kestra kestra 10.89.0.0/24 scram-sha-256 # Deny all other connections - local all all reject host all all 0.0.0.0/0 reject host all all ::/0 reject ''; diff --git a/hosts/AZLT124-L/secrets.nix b/hosts/AZLT124-L/secrets.nix index 57ffbf9..9c1a30d 100644 --- a/hosts/AZLT124-L/secrets.nix +++ b/hosts/AZLT124-L/secrets.nix @@ -13,6 +13,10 @@ file = ../../secrets/exa-key.age; owner = "sascha.koenig"; }; + kestractl-env = { + file = ../../secrets/kestractl-env.age; + owner = "sascha.koenig"; + }; }; }; } diff --git a/secrets.nix b/secrets.nix index 032304b..2b118a2 100644 --- a/secrets.nix +++ b/secrets.nix @@ -18,6 +18,8 @@ in { "secrets/baserow-env.age".publicKeys = systems ++ users; "secrets/kestra-env.age".publicKeys = systems ++ users; "secrets/kestra-config.age".publicKeys = systems ++ users; + "secrets/kestra-secrets.age".publicKeys = systems ++ users; + "secrets/kestractl-env.age".publicKeys = systems ++ users; "secrets/librechat-env.age".publicKeys = systems ++ users; "secrets/librechat.age".publicKeys = systems ++ users; "secrets/librechat-env-prod.age".publicKeys = systems ++ users; diff --git a/secrets/kestra-config.age b/secrets/kestra-config.age index bfb06ae..fdb6323 100644 --- a/secrets/kestra-config.age +++ b/secrets/kestra-config.age @@ -1,26 +1,29 @@ -----BEGIN AGE ENCRYPTED FILE----- -YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFpoVnNlZyB4TWJl -YUhxeXRVMDF5MnNMK1hQOTA2MFB1OWRCdjAzZ0ZSaWI3UGV6MHdvCjBlNTNRMVBB -cU0xZThjTUJvM0lOUGxMRUhiUUxrZXhKNzlRUmdMajQxbW8KLT4gc3NoLWVkMjU1 -MTkgU3JIYXFBIE1BOCtTbGlmQXplU2pSSjBxUFQwMGlZbWJiMDR3cTFCaGRDNllj -ejU0ajQKRW9RWXVKc055QXlHemlaaU40ck9vS1Y2ckdPRENSdmZEd2hYQW9SbFFp -WQotPiBzc2gtZWQyNTUxOSBsR3FWWmcgNExQT2gyaU1xNStxZ21XVS9QMjRCR2FM -bWRWVjlHSVJlQXE3S2dEZVBFOApsdlE3a3ZZWDhGQ29QaG1CQ0VjYVRHMXFtbkJS -amlveTZTRE5tOXR6b2NZCi0+IHNzaC1lZDI1NTE5IENTTXloZyBjNXNOaW82VzY5 -S1JOa2hLck9WamxXcEU3anYzM0Jwb290emRCVDUwaTFjCjNZN3NVNmNySWJXTzRi -bmhPTE1ic2hETTlVdDdRYmViRkpDYUwxNDllWFkKLT4gOy0tZ3JlYXNlIDRLPiFT -UCFVIEtibUYoIH5CdyBpLSU+VSEKMWFVRUI1eUlsQ1huRVkyUTFyYTdSSmFMN0xN -NEZnCi0tLSAxcWxjdXZSRWlQZGZtUzcxZkR2L0phcUNtRG1JQzZSalZDSzRoS05s -RkVVCh/SZUhAjpHGjXnnkPmXn7qcYbwXczOrA1z4GN81ntshqzoszx2WyDk7Wfgr -BjlHy/Jn3M8s5im+JfE5BS4PuhAjZDKIBXGlghEsvJVIyt5jZvJDdYp3wdu9+IAT -Y9qzT0De8xFQYg76hUf0RhoXyRMzgP0rImFcCdvMPdMnMD4Ea518Zex01DiexNEB -OtUBbo98spOBr6Ih1HN7thXvSrCA9g6VtNEm3WJWXGSWOQiFboVLh1Ds0WUFHkow -96Ip5TgliBdAZSrt6YWlcxDccjsMDwZ5an8l5QjqNNvFP1tdV/JwZ/vKfLsxp1le -1OujlZJUmOFYxyOnzggTesInvBvL6Fjku5xLFM+jKKuII35XSXzMWGQ7ekpYxMQ/ -qDkHqmIZJFniU/13Tc2J2aVMo1ugWG3qKU7Xr31c+OTzH727Qec8xCkx9zllMwKE -H2AhVbWL+3j8aeeOU7mNyDnL0hU7pyfvb2Ni0xUaUyHUfFtz8jDKU3BYMiVxQlR0 -NJSwrEdo9ncU2994AwNYwhCAVvNAt7DclaoxakD0hpWOfk7bOjvGTt2tIIdauenK -lhYqmsZCs5zv6EH9QneNxKsLwIu0xnSIGigllntYyqbk14XSciWCfmPgWLZ+1uRW -yNZhxNPID7NvhCreVSqgcz2qhk2vYwNG8+yY2Hq6Y3KEp0Wk8dJc7WW8S/4/y1dA -/XCEhQ/+6zAH8h1EzqMkNnmHDxWXwRGmCTE= +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFpoVnNlZyBRYXF4 +cisrS0NGeHZIckRrV2FzNjA1Ym91Tk83czRUZVhXNkJseFJMYmc4CjJlUlRMcmFD +TGxyZjRhd0RxRXQyRFZBZk5CT2VpczR4QTliQkh2R1pnZlkKLT4gc3NoLWVkMjU1 +MTkgU3JIYXFBIEI4YitPTXB3VFp3SzByUStDTms5TitnQUx3aFdQY09rZmNzTjAz +SWJsV0UKc0t1YnRzVXFiZWZDRkJZd1Zld0ZMZE4zN2pJYXp2OGQzOW5BQ2htcG5r +UQotPiBzc2gtZWQyNTUxOSBsR3FWWmcgS0hINXZOVWlGNzZRWUlBYVE3S0FMVXBs +NXZGZTRDRXBuNGp3ejM4WnhEMApHZWZyT0ozZXU2WHNJMUcxUDBRZlFhU3g1RWI1 +UVcrMlBUSjArSURWa0pjCi0+IHNzaC1lZDI1NTE5IENTTXloZyBhTE1oMmh2Smc0 +RDM3T1B5UGhLeUVVZG9CclNoSGhQWGRXbVgrSnU2UURFCkhidDBoNTUrRXpzeGgr +T2VkRjZ5TGJaeWE1K2U4RjJKa3AzMVJSQ1ZjQ1EKLT4gcHxQJFotZ3JlYXNlClVP +d09WTS9NR1htNzA2WFNnbUh2TGJWdVhVSUppMVZkcFNSQjJwazZtelpFNXhXZDBV +MzVoQzJWWW5JVjhlYlYKb0NCNkl0YXA4WWZwZCszSVdWUXlKYzZQaXVTS3VDT2lC +Tk5DS05idAotLS0gMmMzYU9uaGJJaUtzNlRNNExYUWFOQmZKcEwxZFpQZC8vTVJ1 +MDZ3TXNPYwrXl7PIzv7lRFfBOlmJ6i74CchhE9HAet4uB5NFOfDt3Q5BjCMd/lVD +ZVENpsyjyxhI48gqLOEUAFn8UhOaxYcnu6F0f436Az5AiQfzvcmU4WKi6XRJ12qx +7jg0wi04xIqujcQNTSWG9mOJ9P/8VrlRJ5HRVo0gE8MaulBuxzmMFJr0ZSAtQXXO +DNLltwJ0r6Sy9yLeakDyAxSPOUZSH0B9VzWFmTUcboaWbbDSoy8+kSNpiue81O+i +Wy6Dlpr2e0A2HJEmQHHE71Ur6Edpwl+xn3YJjYN4bqMO/KjbrXerT3/Z+gHItMWy +Z6QHxMDCw7o/iGhTTp9ALUfFG861x64z9YXoacX1jGLq/bs/3SXaCy/keXMd/y16 +XPRm0P07Ux+wPKKKIyQ64hEemTj7c5KAlPnlrqvbaPCbx0/QONMZz4kXKFEgzXqi +B6wr4PnsGsDOKe32IysYraZ6MTyYrHX7/5udOy/YMwb6SiX7Fm5J+XgE2rH4XevA +q2kn1UcXTglW5y2ot24HHasCh+bZLv8OiG19qQq3nC3PsYpWYT1lMcm64uBWbvZ7 +ejkWrwOZF5FnKEnaj/OKRg3EPSoOkovY12/2X6boehHUTGfga4jZDVvPLgOLwlfk +27VNDynyZot98qYquTcdVyVTNNWvOre53Zw9AM0+XwxcPAUWrFXE99cimoT3XQlp +c1V4G8xUgANT/Er32o3yhmItmnRrdtT4oIpqlVJEZ3ploYJKmbxVBnAvTzby88HG +I4vmrAaE0omIE/GQ1+cNONfk55Paezw+DM6LEGy/SW4OZamqpd5aIdYJDLSUe0wQ ++5xH8m1iszJm8s3f8ocw/dVGgK9M74k= -----END AGE ENCRYPTED FILE----- diff --git a/secrets/kestra-secrets.age b/secrets/kestra-secrets.age new file mode 100644 index 0000000..6d603bb --- /dev/null +++ b/secrets/kestra-secrets.age @@ -0,0 +1,25 @@ +-----BEGIN AGE ENCRYPTED FILE----- +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFpoVnNlZyBkTmF6 +THI0Q24yZVk3bDEvanlkVHdyTGhsNUwydmNFWlZDUTQ0dzlKV2d3Ckg4MFlNdTJl +Qks0YWNqa1N5UkdxV2hWTXljRkJHYnM1amk3SmNmdGp2WlEKLT4gc3NoLWVkMjU1 +MTkgU3JIYXFBIGhOQk9JdmNLbFdLOHhxc3VkdW40bGY3YTNUOE1ya0V2b0g2Z2M4 +YWh4R0UKNkRYSWIydk1Dc3gvTEZIaFlNWUxvYkJ3emgySkVVREdPdUp6cFFGYzg0 +ZwotPiBzc2gtZWQyNTUxOSBsR3FWWmcgSnBIRTUxeXE0ZWNSM0tpWmpCUWxZSDNB +T2VlMkMvTzIvNjdLMGVvYTIzQQp5US9TMzVteFZRZVdhVnFNekJ0MFBhcTBLYjZs +VFFvTlNGK0JSOGtDVDJrCi0+IHNzaC1lZDI1NTE5IENTTXloZyBmV1VGREp1MERB +Q0Z3ZitmTmwwTWxQRWdINmJ6YndaRWY0SDN3MHAzeW1BCmtjY1Rrb1hzMzRBVllh +UFdUWkRuZk1IcE5VcUNuVWpHaWhObU1MUnQvRVEKLT4gYWRZQi1ncmVhc2UKTjdU +TUh0T0JaUVBqRjl2SWp0L2FaRjU3MmVTVER6UFJQS2xTb2hDRG5YQjhSMlA3d3gz +VkoxRDFYd0wzRXFEZApNeGMKLS0tIE5XSGZ0SVZ3SE5yU2Q0cnFvUTNXNTdkUFpX +elhTcHIvVWtPWFRNQjV4RlEKcmO0w5CcHnC+UlfVyllEZVXUGBnIoVw8ROUw+zcn +5MmUfjUWSlVoMlsdIOYXHS62JVb6gsEatynUVe2YBx5elbR9CN+EmwaLcE7FnapF +7vmraVnIHAqDHA4buVhx+mzt9Qvs0VkG8jBdgm7t4/WQq8Lx+IyRWvaUsSymR2Ea +NwEyHQbWKcha/er15NY46+4Xac4RLDvj7GUZWYFgPtSxASNncDCRZDpBycG+Gm5i +V96X6i8GaqgHQnr2ra7FrmN4PGX2uyl9PjB7DhsAWByMZuKb8IWs9cTF05oO2ouN +nPA9C5PmIp+Wz2NNE8tVGMUJmXUXi47FOoiT8c6z9h+hamBs2gZqzc+pM7F09H6M +b0m3kOdZ2btvVtT6tww1596eViKVNXpuMEQGpLny92S3iq/jlBmLv+kyMinsNvAg +U9Q2HXrjd9FuKohe6WA95hugb4RcbXxbigFKiI/bH822UnQmb4v1UwkoYXwfp/UC +Bf6SD8ZSESqfqujJl+rW2LTryu84ntPrE8/WuHqriHcSAfHS2/lKTnZibx4Rt/Vb +21heAmMOMzrzlhbzFNwzmWUrMcyiqMHs4KRi8aJxv4IrTAkT1tiJGNP7SreBUOec +aWH5lKsjUbzdmRZrzY0= +-----END AGE ENCRYPTED FILE----- diff --git a/secrets/kestractl-env.age b/secrets/kestractl-env.age new file mode 100644 index 0000000..971728e --- /dev/null +++ b/secrets/kestractl-env.age @@ -0,0 +1,19 @@ +-----BEGIN AGE ENCRYPTED FILE----- +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFpoVnNlZyBrRUFE +TjJybGM1YXhpbis3bUU0SVBsMGlIenFkNWpMUnhEMmlIK1pBc1VjCkkvT3IvN2VE +T21jb3lkUk1xUUZZaXBOYlFhYTRIMjlBS3NuQlA3VFFYSDQKLT4gc3NoLWVkMjU1 +MTkgU3JIYXFBIHdmb2c0blErQ0k0cTlKVzRFRCtaOUxhZDhvckloUW9HVktqQU9O +ZjRzMDgKcG8zYUhQZnRCYTVJMHhzZm1RbkNoODFwSC90RnVuV2tXUXRRYzlYM28y +SQotPiBzc2gtZWQyNTUxOSBsR3FWWmcgMzNyWUVuOTkwcDd5TmE2eXpXT0xQRkpk +VVFzaXdHdjg0R3BESTI2VGJ3MApkWk9mMVpydS9OU0NkcWVxNjcyaitzUzd0eGdZ +cDNnZzZtM3ZzSm85NjFJCi0+IHNzaC1lZDI1NTE5IENTTXloZyA5ak9RR1pZV1lX +M0NCTnZpTHRKYnZUcEdMU0J0SmxOZmlrcGN0eEVsdXhFCjNyZWdCK1dOSXVrTlNt +d2FJai8za2ZtS0FlUTZPRm40ZzVGdUwybTdiMjAKLT4gTy1ncmVhc2UgKVRVMlRz +eiBlRChgIyByJApIWko0SW5LM2k0VExKbCtaclpCUlBVOFdjcEY4NHhxNjhLSXpq +MWRRcGFzUFdUT3l4TTRrMGhJRzg5aVFrd1U1Cmc5QXFEVG9ubS83c1M5Z1ltaWIx +ekEKLS0tIG5FM0gxY0JpaHBIVjdack41TTYxb0N2OXhuSEJFamVGbXdvdVpLQUww +a1EK+4IOFlZ/BEmN5diOyV9hgLUfHf3SOijxq4Z0ctIAXuNZVXaSpP5mRXGb4q1D +xkk0MMF5F17yNnhLIM2Ca5PEH2chIb3yUhbdLJTiTtgyF3tEbo2YtAYXT90zKBB1 +p9Zi6cxl63s4+yela7J5lXb8dPA2nCQA2obrB8wkexuYATF0KxNyX4vWK7Yj6DP9 +rt0nxt5umpbBmqfSsuGd2cWg/RveqNDim+q+DVNO9fyhnsMs1e0Wv4f8Jg== +-----END AGE ENCRYPTED FILE-----