diff --git a/home-modules/nx2site.nix b/home-modules/nx2site.nix new file mode 100644 index 0000000..89c0eae --- /dev/null +++ b/home-modules/nx2site.nix @@ -0,0 +1,100 @@ +{ pkgs, lib, host, user, ... }: +lib.mkIf (host == "NxACE" && user != "tv") +{ + home.packages = with pkgs; [ + (writeShellApplication { + name = "nxmd"; + text = let + ascii_size = (pkgs.writers.writePython3Bin "ascii_size" { + # libraries = with pkgs.python311Packages; [ ]; + flakeIgnore = []; + } /* python */ '' + from sys import argv + + with open(argv[1], "r", encoding='utf-8') as f: + raw = f.read() + + sraw = raw.split("\n") + + linestart = 0 + lineend = 0 + started = False + for linenum in range(len(sraw)): + if sraw[linenum].strip() == "```ascii": + linestart = linenum + started = True + + if started and sraw[linenum].strip() == "```": + lineend = linenum + break + + maxwidth = 0 + for linenum in range(linestart, lineend): + linewidth = len(sraw[linenum]) + if linewidth > maxwidth: + maxwidth = linewidth + + print(f"Maximum length of the `ascii` code clock is {maxwidth} characters.") + + px = (1 / maxwidth) * 1500 + vw = (1 / maxwidth) * 150 + + snew = sraw + snew[3] = "aaw: " + str(round(vw, 2)) + snew[4] = "aawm: " + str(round(px, 2)) + + new = "\n".join(snew) + + with open(argv[1], "w", encoding='utf-8') as f: + f.write(new) + print(f"The resulting font sizes are {px}px (aawm) and {vw}vw (aam).") + print(f"You can now use the push operation on {argv[1]}.") + '' + ); + in /* bash */ '' + ord=$(date +"%e" | awk '{printf("%d%s\n", $1, ($1==11||$1==12||$1==13)?"th":((($1%10)==1)?"st":((($1%10)==2)?"nd":((($1%10)==3)?"rd":"th"))))}') + nxdate="$(date +'%A the ')" + nxdate="$nxdate""$ord" + nxdate="$nxdate""$(date +' of %B %Y')" + + if [[ $# -eq 0 ]]; then + echo "Error: No arguments provided." + echo "Usage: $0 push " + exit 1 + fi + + if [[ "$1" == "push" ]]; then + if [[ ! "$2" =~ \.md$ ]]; then + echo "Error: Second argument must be a markdown (.md) file" + echo "Usage: $0 push " + exit 1 + fi + pandoc \ + "$2" \ + --highlight-style=breezeDark \ + --standalone \ + --mathjax \ + --ascii \ + --template /var/nginx/assets/template.html \ + --metadata pdate="$nxdate" \ + --verbose --from markdown-markdown_in_html_blocks+raw_html \ + -o /var/nginx/webroot/"$(basename "$2" .md )".html + + echo pushed "$2" + elif [[ "$1" == "ascii-size" ]]; then + if [[ ! "$2" =~ \.md$ ]]; then + echo "Error: Second argument must be a markdown (.md) file" + echo "Usage: $0 ascii-size " + exit 1 + fi + ${ascii_size}/bin/ascii_size "$2" + + else + echo "Error: First argument must be 'push'" + echo "Usage: $0 push " + exit 1 + fi + ''; + }) + ]; +} diff --git a/home.nix b/home.nix index 1d60de8..3d90feb 100755 --- a/home.nix +++ b/home.nix @@ -26,6 +26,7 @@ # ./home-modules/matrix.nix ./home-modules/nh.nix ./home-modules/nvidia.nix + ./home-modules/nx2site.nix ./home-modules/nx-gcal-event.nix ./home-modules/obs.nix ./home-modules/office.nix diff --git a/sops-secrets.yaml b/sops-secrets.yaml index 24b0b7d..4e95ce6 100644 --- a/sops-secrets.yaml +++ b/sops-secrets.yaml @@ -21,8 +21,12 @@ weechat: passphrase: ENC[AES256_GCM,data:3NVhMouf3wwMJTZCvIjbi5fjHJHxe25Q+wRo,iv:W8cShdM3iUyEiRCPNupMin3gfF+cqGxslD18CAvUW4c=,tag:DXBATGEhHjhXqy+J9BNVwg==,type:str] nx2site: namecheap.pw: ENC[AES256_GCM,data:tN6ArfQu+YfVkPPN00raPZWmghDKVFmmGgwACVQQSHs=,iv:TlUl0L3+Ea9vt43lwDlM0SE1+CLvWJdryt1lFhQ+75I=,tag:pia2ORsm66AQUOE/ZiO8yA==,type:str] - sslCertificate: ENC[AES256_GCM,data:LHo9hkt/Dd3MT9wDtoiyATOgQf6hQ4XWG78SsTmQTJFkeNFbn1dv5MIlqxk7Av7hLeUtNCK0UW5Y6DOs1/C4/OoH5mRA1FH2M0y6nshs7OLBocZ2Ja89qtNgcdhr2tKfCWuSG/KO18EU9uyiT9LCwioJZJNW0cRxKtWKmLey4I/4cK9S+F5X5ZD0/fwv2b3IukQU4ZxYC3g0BGtBcQbApEJR5tS/R5o2Lccl9AFMfdxOSWAgys9YFNBOb8D/SDFUpcJNZSAfkSbCP/v2Gu5Md7a4hjST3UFahQUfUl6Srx3fO32Funl6rTuEF6A7S1mkGpzfG1jQFE/Lt5e4RF2SA3u6rzZOyxkMX/CY0ULVHP+AtU1dhVb4+cs/HD07BU/kBY2Ma0MfLVwzlafOPJ8D5fMz0E7L8PsrqrRsuI0hROteWl3DAQP5HUIJF/JxHqv3cybxHnGgNMvs2nOXCpGSd72tjqbMagkuoqRJ24DvTst87Juu7JJT4mHYtxx1SBIUDlyi9UZ47g8lcq216o0lXUbMdE3C/yARwRQ0rYV/h6A08QPgGSds3I2Yc0oIYer3ZsheDl9mZHXUO2s5+R/RmQyWZtFS53vXijJwGPHSxN+g/aywhjZDYG3JC9InYAVEeL5N2LBP36RTK7t+ow/zh1AlDGr9woasdaALKOfgngiDivCnhwnhXfYStZIZgNqjetgIKr3qMvI2wT3Ci7o6mjp8CV1abtG1+TqWwZaFLKEj3FpltgNQ/yYe5uAbexIiqoLXQIkrcrxutVR9C/iQKdZYxDVLE5J07Rh6OIMXmcLKjZcklnLdsBIJl7InwvOUG8TkSfvXTyPfprLaQXk/qWCJgP+WU3X73G76rduqiAzXy5Fth0iCn/UdU8cTCKArnOdD7x5xANTDUwzE8B0jNLCeyTHjM0yYcc4XVMv+21Ztbvv0x2bCEtRxfMNszgnlx1D+zTIBLM4OrEBVxXqq9bpkfv7vNS/by647RHeu4bavdV/RQchah+CvAf1vLqsdC1gZ5/gkL+zFXJGcXNFb1XDQz6PpacxPpXd0FRc8aAS6Ba5qGJFFO+n45Xmw897WA/MOxEbGCHlir6bK4+lBlpAQldV1squI7VZ7Q8P54V1SGRd1LUDq3NUheXcRWa4VBTXW7JVrekLdK62jNLBTQeUnWYfgiR3XIItTqZNdkAyrgzR3GOLOZFssdrbBTtSjE0s8Q+j9wroY7kxZxFXvb+ufoCiuedV3b9PxFcnNJcYtVW83oviSZz3vPRGd8VV22xe8k+y2LX0RHQPSZ3hJ/7QV0uKxbd5VYR407KKKo/9eCsVwylW1RT5Ih8LWa7XVKBwYWrJucr8zNOgaXJzbglntZG+k7Dv0Z44FNWXX+F7+leLZb8PGEPkExoxobFpdkYbWPcSZ/zMjAS6y2KPdDFkUKbpulzuH2ADuI9LXfqSuAkscZnvQnKmLU5cKa1Tc6q48Ozu0MW291BZKVOjMLwu5whIkshNuCQaXPlu0NmVtTh8jPsJ/56UsY3RZb982mwCCrmDXZSMOCSKJ8qUGoHqKnpQkDYIDnFKUIYdrh4tKOqCldGxFyTAbPjT8GJRfo1G/PkMkh33ewHjf8R1tHHSc8pSMSilypwUSta7LeBZKeqxLMbX6X2VeaIor/ICNruqB6TzA5CQc/edumw/8By+EvACVj1sFfcKkp2sTgTxHbuX+iTuD7/43kbNVWDs2zNTtq5TL9Eusm965OBeDeO/cJxiEi99DAzMYQaU9pglzT6ZDrpIkR5VW8nXFwNMf5+A0kOv/irZZdJpK0mVnSwlDcy3J84GSVGEKA65pqzIXbcVEhJtgIh6N5y6HdyQMQCb3mzdyeayHt/o/+f8rqOL/WIPa3s+/DmJUju06ttmIWCo2Yd4CCQ8nDxYqdzQZ3nmu41lyE8Odmo6w7xQeB+TuYFQU6S8qkeC/oSI6FVFRLnMPagH5Dg3JmbPS0WFzHElQx7YueOkdMNtpoQkh3Qe9nJdTvyYLzIf0G0H44m7OuTYssf78CUg540N0xtS+UUrtHh3jLUD63X7mSENmbT3+BfdQfpReKn5XUEAcSOMC1xmvWo3N6TnglRGyBsKtjoS6eiEQ9BXvtwD9dD3U31bhrJCrSuS/xEYweiHha/eL+oI9ZR5FhiTFp5cg+dTOX636wMCaQ1fDaYv4X/CixP7SVRZsGkVt692kqoEvowwSCQF+gbvdPbU4Eg59yCCD/eGQOgWuvZ4QNb0RwoE+kqhlGA1mt5w5hTNGSJqxii3uO0ky/Rusu0c9V6D6iYgjdUsuRfaEgPwCHRG1QPeZAYPjh7I4dn0EyxopNj9ErLK9abV0HS+LvtgfAcAUoFnI6gUW7JCaN0q1LJFzMiHERNVky92JxC+5naH2PZdCDe1iU4sCVdQR1lsBbpFNyxMvPNEhQiNtpp8udJmWW7mImxrB1gCig1DAouTp0lW0dD7g3Q9Q7k9YelvFKUTj3KyZ4FBVC2DQuElw/eIHafC3HTwGAN7R/ZrpfvuF4jqkSkDIiMyATU2wFksc5AK0QOuJtot18jHVUPWlWcuec9WqG/p7khgOXCUYofUW1pPS8lJxPuQlbYBU+j/KtuoVcx4pD768cyAgXbVCV2aeEHyHqR4jCfS4465smvED7Q7fshAf/RGqLSlWM+1KgREqgnhI+kGdiGi8idORWOKX3nPCDjnmPc2LUeBGLNkUMOA5fhoANmiwD3LFeRizxeyYUmVqYQAmzVfXW/SyFcUW538jvVSeFpPPeJ00oJPWSpO5V5n59V/PSa6cXPvPyRglV3fnRACZ3qSXjhJ1knhTtilGzA/CgoXYQwF1mJDUwrrS0vEwDCMSUSVtCQo6f4qR2EGo/LpoH7Gin6mZJ4Rlz/yj8dRtQyjNgaIUkH1UanBqYPqgev0SvRsIFE7+4K/xDI+MEVbmzH/pI7D5CXyBNO19bKir0F7+eJkoct0gcR4YPuqDyy6ddJ34CS0Qiznz5uHFm9qxBaPz8o1v7myNnPQ4iNYX+h0kN4xQFN8fLbQdINEvlPLArXcwlHlgfOpbqZEkbn1/qyBBocgLOXmMuK0+6jRQ7KH5b7v6Zc5JpnW1wk6oyqX6QNhrizePb2S2J0cIY9vFmKz7CMLjJhtasjit9dGjRXANb5TfAMreBO36BgTBfL390bQ1hk4iJsi5Wr1zR9H/jCNGJgrud0eyTv4FW+PWu6X2cHzB0X5KpexxGNXLFD+EFWlOhX5XPGW6SUABeNyEPTHkVfLVGJ2MtH1/lp6fLjGNYgZpzNMqOb7h6neOP2SyowTSIrLyoc1s7CByY5phiCIWK2Gb022zV5uSomU6JEjGggeqrWn6t+7ET1c1C+LPr7wAg31bwDizfaGvHxtKDm3IQvSXk7qCSva7atL3mh/rYXxh1A/3fugVAuK+bsSKlJ6N9HUWLnHOy0zNXW8n5eKbEaw0BFAIWlGHVrk3fD2blve6ZUfYg4qNKXrT25FJGffU+CFWhPYIEOKxJjF6ulOvd2VKugbzC11cBGK/JH9Mg/ZK5YfQ0vAfir2zef9kdIy9v+SLsNi7td7BAfOfpCsN7efTV2dRBrTniOQWgkpvLMvO59PSPnWd+pfHdp++WBIyM7QjE7fPLVcVG4S7ljcRoEnX737ngd/Oz2DLTj4FiX9/8+xpEV6Ht5PmYlb6Ckrhv0SERN5ztJzGoMyw1DW6YQZFgvx3UyOCGol3fF/rbfefRlywsQZ2edsG+Tfr88GDyLih4UmBmfvMaNN6rQGCySrkLBWNsokL1nd4H1hndl1j9uWvTaJsDF77vSF3Yswi9uWix4MDZ/eMof1tV2kI5ITY9OuISbTVAvOD/LZSIuHadJ/zguPtxlf95t9CPu58CvTEMREu48gZg3snbUgrQI9FWlRNNKqJdVeSJO+4FWgpGDCpHfFohJKj3ylKQ8UBMZKPfwchE9VxGSNavG0Ib5u951xDsmJ9ER73khglykx7gEi2/Ok06m2SKUvy5inzpTYFTHQD3xHnyOCgGlsCkHQt2RkDCLMjX8rTYPIMSCzTuD34dqK9ucc2OMtCDw9mL0qELKM1dWmGbllT2qVgRkAL4FvtCff1/gF06PaFkpgmDlxB3zdQO+o9kzdtcFLmrehdNfRdRe+4z0VEVY0SMBB4VtK1y6zCotozA6+fo3aTMFCh7EqE6EPS1XLfTaUPy7CsnajakN4MXn0D5nxNB/HEQ2MwE6UsLHYQBzig38DLx/koRrF+zb86H4UGR2+qrw9J2CFqCijD3j8oXqGUhE7wVJ1aVl0Vw9wjRgSBIzXSnCxS0RB259Ompjvl4/xTJ6sIy6udwY7JKOLdaETgwew0JeMlV/uRyaAWQG2gzGo7bJCNJE/s3uNLAlZBC4L+qfkij4yfP6vV7FzX,iv:CUTe478K3KZWcWzn0E/jMf99RNEiF9prboUycUGdjqE=,tag:W4zt375htT8ujE2B7spI5g==,type:str] - sslCertificateKey: ENC[AES256_GCM,data:wktk9+gWW5zfKqj8pfBLG336svlEa0xuqDAo0KBNZIv58NhQkn61mdqQqLOrJFL0k6ve98exjw+Jf5Z33QjzxlVTvC++hb/9dL9uIBuFECk6AFJrZsbh3b3SA9nFD0E+Bdh3eYcf41O9owRwczglay43iOkgzQKk+iuGW9Gci671Px0krmxps+pLuk54crHVy7+DZBh3kyHV/rGQ/uEw8gUdu2XG4Ohcob5puHwl97EJ8MHmNsUI5+6XfcNMJm0IEu2tO42oVFQSvZbDCaD0dGWk0v2kmgjxV032bN+GMq1WDUzYwWte8GQvbjlS/SlcFw==,iv:di4iMask6hg1WtOuh0cgzOjmQLWp31UElfTsCIGk4tY=,tag:/HLq03JMo7C1OZDWSIfENw==,type:str] + cloudflare: + api-token-dns-edit: ENC[AES256_GCM,data:fR4fH6NqwtHI8aebEwjUn5JMoy3q3GXgu/dREe8JK7yRBIOhJ8BKuw==,iv:fQqLRYCN/7zhpHzYxMcn8q1aA7x4qd3qWGgrFWn2E/U=,tag:GJ1muJG755ch/84Sgcf2Vw==,type:str] + global-api-key: ENC[AES256_GCM,data:7WBmyEYFG0jEkxeiF9H4isfrCrn7Uv21hEJgX5i2/fOu3+evZA==,iv:IicsZo7qMG3xOKVr8lHzsOu2pTaDKUSx+85SyehDe20=,tag:nQ+CWX2kEmk3vIH4pi6Vlw==,type:str] + sslCertificate.pem: ENC[AES256_GCM,data:kBbfaOGVpNWjmvSdGHgrZpCJR5zNLBO/n6drBmjlQKRAprNDZbzTtyQIARze1O8UqkSP9Ld83F3Dg8e99NSAgVYekh4nGTzJoxy9wFCzdgSoME9GMLqwtHeWwVbP+Xb7oJWl4umRFIwLyITX/6w3k74hCiIhG0/Yuc6BQtklAtLaCGCLNVH5ir4mEzVjQWkIOJt32mktiLbwoB7c0z1tIJFFnFbrnSaS1YT2O6JenzM9dvGDX31ErhSSkcI6d+YO3NTt/mYStsWNUCtTFa1MljIp+MgMNxY7A2jEvvepvI8yVJWbXyaBt0aXpk9etMukR8qdCJcvzJlenvFFOykGQcM4suIGZr1uc10ChHwtUz3UgQkT4dhSpclF5J57VT6+OYw0wS6Hz4ltcqW0+BlmFUGuanXx/XMEwSqXooIMO+e/a8sI9932IyeTp/5s18IfiBk6zXr42Qcr/IprwRNKiL9HZSA7m2XzQa/OcxBHCTym7z+Pvad+IjgcLalEQLMd2jVRZflRUew1WN1UABO1uS7Otf3QrKejbxZ9ENa5oL7tgY+xZQfLWnnGWjXOx/0MPh6+HJ9AHa+4EMW8Ckz6nse54uDB6DFg3OQeM0qisw9mry92IDPie9Zz8tC3LQtnoyJ3pkZDULJgRXTk1FpnP1An1GlxeDkazYWSv3qSKgalI8kEK4Wf5aD8C+rJ0fcFc7ePXtxwdvZHHnaOlZJ65BVBJiYm6FSZ79sb4CpTlJlNuO74af99320YgNILjJIjjJOisELTE96JvZb0g+F6E7fJ5egTk+j2JowmHaQ3cWWhni3e3t79P411xqcqC67uZbW5p2mQbgQu5fJkmj+SxhS+Tl8wX2RkAow8P911+RC0RyBXviNaW9merezTmD8iFHOREbA1hOgHWayW1rN4kKYnnofOqLa0vdP6Adqm67W4FKTSlYUCSJuO9RjjrfT0CHk2sOUrlEaEmtk+rQWRFJ0gPmgUiMhg6X32J1cvmLUaG4EDJoT2tkVwiJmLblS5z8hBsK+7IbvJ87QPlhrWbaiMCGLUIkLAOL7CZmk9J/ozB8j8oBV5xotNm8p5z3TTrL2hOfLAi7vl3Y6Psf5hPMu6Bmy0uVpSK1euowMHsJOPdpC7wSRZfk7NMYpD5PZTljC839HhCG1bEvwC16b2IpmOqmR1YUpDmqRlPOH4Teh0WIGXHynpC14B3RY9ILuii1ZJhir4XcM8eWLYaUCm/MmeqEy/At1TtVtpfU7moU6o3uoT0ijHNUqmR/B2Kd+444oA0vAqRiWLGpxE9zZ3jacXJoqNy1unt+uQbFcwfc3ECVPxsM0HcDMetxQbXL0AR8YGnY/fbYm5C/OF4wr2ft3JdHZWOn4RzBVMkvjGl08OPIBgUqnGopC0Ic/Gxsuz3Z5Ip3jq58AFnyicqUQDtfDn9ILJEhphtqZiZNbR/9jO1jtF/bOjQKKyg4DXa4pdWCUZ/wCUX4Jx3fChQehA9QQqkPm/SIRyjfpC3idjFnvTJ6Ixgza+YLWmOU3lTrPB66RWw0/o1TP78f01PcO+MrLki0F/TSptW8yKMOTv4XhpuP7evjUNJLXEIswN+vlWQmeKMJXms6Ju/8zgZF9kgeChPELqRA2LBMzrU3IFaUrNWMpvFddOavlJgusNgh2uwrfoteYaRiovbaKDoYLA7fdVrkGqekhb+zrjcUbOP7uGCbO1AwZ5K0akLld6dMVw24enbpBjYS93+DM3X6v1Ij3IunvaxTovi366MfL7nA6bWikPgoLCfyoJs3uCIPcNqPw/nsu0ASGaMHIwkf2Zv8VppRFKof19FfihNa9enEIlP4iwi35xnFsHkDeKOiO+fz90BI+JtXtM+OQ4oEz0LNv4D3WB4kThJV2wK93UL85k/dA2a0eu9BKukwigXslym3QrCTh55Ag9JoMe/MfAg3qEgg4//P+/ftcYaCcPm1c0jhZZ99vzZ8our3ZmQ5wEUH/bBncACpIGWhfk9YQUZrBLBMM5NHMuNrLeeMOyhi7BtDXYmzkYJPnXcVpF6bg5Q9+LtFBytAskelwQOFV18AqSd9RYPGktC8Be0ZAQSkMdnvu+cx7aA/XMia+qk+U6/cb6A0jM4IrzR+LT6WjxBIzEZIKBgj2J8GcaWcuL3CXqbJz8idFC0DQlxUNPwoEVuDMLHZ3KpRVjKFUiEMB+BGx1ty/9rWiinEZJ30qnIPKZHhKkR9kKqNRripQ53XOiElCYpi0hpQYXJeNu6XAtFmaZo8eYXS6ikSLBI7n3VZUqEBULqq55brD8W/J4Fv6euv+LHc9d4TJXWVRHLezEFWV6aoGIrnpbzQ1FfgeRnst1DtlHTB5VJTuIHaeAC+jktMvQThVw/GSu0azyPy46/gmG4CI5XktkyGANGZPRvB5ViL2iVH01/nV+R2jbcS72HRUIG02bKPknmafw+WVlJoeFbm+jykM2kDn2AH16Ovs2DeSEapShruuewu2mJRTqb7pL2WK66oIgYOwU1bCkSeBKYqNuLtufoccsnI+4nLdCfek3UzHQPG81EwvaOA+/k/R1Lj3DQxWqkG1hURi6C5Id1u2vrqGWyxF/sBeRCFu32BJzEPUDX7+o66b2meVVi52V+79+UpRAjVSIRMoXhZdh9Yda6wCN/zTguQ3ceGtHIfxffy3twTXgB0vLzXoZdDU0QWKssDgm7BHszdaULwZK5SX4c4fUDVwDlyDXFoVoFN9j/YTGAP1i4WsU7ysqA6ynFbTepEqDr4paU0d9rx4R46YU3+xO/XXHeXJJmH+siAZil+TQ70p26auXLj4jkJKI//EKm1i2I64psZZGjuRaZWpVat5xcOkosqjBLsd9e9qTpVZtQ96sOKrGSmknQ4XRF+lXH42EHGNUnJuvmWrln8iiMYzXh582nINFDpYYywajiDCaxn1Zxalhgcm6ejAW5NVoCtVJ/JeWlQLM2oPOF3fpsmIy5mVo3oiG/yWTBrxj14fPppT5muDWs5tlrLEXzMxhM+xD6J24POfazpqR3oPG6bUclcp+9z1SpCCk8FEWLkF+K7o/3LAmsMXR0CuNbHHdwZTLEdHE7AMYPlWsi6ulWEM9/YaYtx5WjsL4EgFrxTuPRspQC4p63JbADWbDG6E987Z9NWIxT0vnuKY6AyGbV81pQ7KmSmk+FXW/i6QA9pjtHziwyqoniTtJMYzXq9Up2yeIPGLUN9ldJyzofdlhlSonjd9+4zkwe3nh8IGuimjOf0OzbOOf2Oo1vsuzFlMSGweo29B8Q2kCv1DRH6BIKAEqSTAZlY7EbB1cwjXBumpqNvMDpd6V2tqK/btxAhfAEseMXEPTH7dfXPkBYhcwiHiBsPFSQ3lhi3/C8AB+ACHGpLUQQyM+2r2mYOhrdf/lfk1BAl5YT8m95DwD2INWAS86k4I0YWUgodn0rXMxqZeo/GABnBjlDcstZDcBzuSVylZTyq7gL6uuAv79Kn0NX/ZqGUZ+GD2Tp3hNR9ULm7Iz9Z7HlRSN3mMuQyFMtuTZxyN+69lLv6LNgUxa3Wk/hPifmihYA2S4J4QiCfFiKQkW8IdDYgfv8MCUzVg0MusNonwvEiAHob6pMRhMvVr5a40EYT8a4pQKVAIxEJlKBXvololMwEYkVLOaUWcupeXYXSSNYkf+5K/q6HWnK6pIzOrl2ImftqvS+Cu59XZXDWWMDI4vOOtZ2wIAiWuetBkX4j9wuSxIx3jcBLne1nGCntCZbqlJRQI9rRCDFibaWGN3jr1X4bGJuac8bVe0,iv:r4vqXNMieiy9+E1ZIknUxQtxgEoZh7zSSrJ0yS5KQUs=,tag:AYX7RayP3dmNgUnkytQg7Q==,type:str] + sslCertificateKey.pem: ENC[AES256_GCM,data:Wzmi17UA4mpCr4VaUolfKwZJEZ5K9Ybp2/K3noC/D/QYlgJfwWnQEoXDfLj3lVVnz0V/m71NAtZ9p3/jhiQCyIwt0cOmsAmd1isHf0KQwGagc8cHttwDeZT7AzLW4axqevpZM8bjVk/TJ/k+uGbArqSwgu2W7C77uCltSS8AydWzD2D7eQciDZzQ4yyHShW9f0SH8Q/wumuY4ksjLs4roYtQgtr1ezUb1U329xA1y81apd47RHviJ/moOBQYY2Y8fbNryUmfqvGYtsfXxmNElJpGAStqjBCo0bncOetP+bfj90CJlbkIn1JzcPOa5ZJjDg==,iv:28PcaWyOsQ8gN6qvZYDS3H4lKKlU7ihxxLUXMYgHPEY=,tag:6t+jvoAZkYlqg/2d8V5Emw==,type:str] + dhparams.pem: ENC[AES256_GCM,data:wGIUlT8QHruxHvrlaUdEDU3aKkB5hvQLZXic1ryKr1hIFw9uOv1hOCOPY+QUDBzfm+DXv62hTFAeq4siAoZ0wWvQ0uBuSZZBGrfuY1ZTsTJmpgTphdHi+S4/kl/Vt7nuBlvdW8VbwU+mzmSK4UuIjuvAl0RI+q9C/BAu0tsXvKfaCkrbYwSi6pdPjToEoATPWfuCdkZUulENBIdBkTLZ6F97fgNgsXub2xOEIRxqFAzg3G2nO3Mn7rSRRJraZNIsHgBTYpSNcijDBwZpgYKjcKsochYUNzVrCuLOu5xJPUU87pmd+Rup2hpMfWyK0xtUjncvHyfctEZANqfo+RdEBg81n1WHkFb1WnWUsRh8RmcVZuA9skI5S7Xhp4L2B5IKn0XGnKLG3og9iYb9tDVQys4o5/68+jjxdm51fmRYo3FvghnyFCYkQ/tm+ClCcRSPocYDrfSf0Rvg2v9nPmMj0IrEHlzVnafiJgp3VjI9cYLNW2wKiwf0Z8dWkrtnS8G7p072+w0fklmvLrdvlLZduAwrY6gS2nMbPUz1AwjAoMmQi7sFmbkP6M/PmkVV+hNP7T9ntmC4BQr2k5/3gKZPOEPO/xeMLlla68QpDVxU06NhC0Z3d5t3YY0wIVISNZXi4fgQO0G5nvFpPyyWCvvg39gulyAwUJfFQ3erNNFTjJe7X9RjqoJvjTgFm4IaYcL64Cr49KDu6Za01g492rBCEL842o3lVmZSqOYCG3UEEsSwOxn2iROZKgorZ5dyd1n1WevM+pKTUAaucy52iLJGLISRAVv82ZkmbS5L4zMHkYxVjUnqrYIZsk6+7sRHIQ31E0YtUFdMjRYUcOwfR1u+Ox+zV1NawpKjsuhKl+DRN+Q1TXUdEumUU1pDHT/RXtNHsyYOgeCBbTs93kdhFcHgO0dh5Ou/2N8EcTzWwAYd/qyE3wMZZTggTb44xwu6h0XhaLtnAk2lZ4vXwSaozf+Vq/uxAvYLxrhx6ujKVyX/O053YsKqOPKerYoN17uO8PrKoA==,iv:e0RPF9ZtzSRBRzMtWTWY3AVGsMXxvldA2HjiW9hf97Q=,tag:eb9ACnuGR+8eqncWoKQ/pw==,type:str] USERTrust: ECC: ENC[AES256_GCM,data:yVSxTKRhXXPwfY7STz4YOWjgBSINYG4zjISQ/9Q9Zn1gZl/wbDQjSk7prN5fSn9aVH46TbT2mPlRDt7jcfbEZ5JmUnIfDZ7JqrAukOxy7wLAF+m4R7/KdLmdM3xJ6cnH6Tm3KQjRPL26zN4BD3T1oqNw/NPxlfqWeMrjMYZSktmoNAwAjntIqrnoXIuEPKvAsqIbg+SLvrSo05DhDy48c16jSi5zzfQ9M4fEgsugw8y7BWF/eAooLsvnpinc3Ek0XpSy2QJoD9plaW0z1lUT/UFmVVZsLDejb5hbzOnklhjSgE8S7wO4Zmvnu3It5M1YATSR5PsaG7QqaP1w6dd2DdvSnfeVeS28AdgVnOUM2MwJsgTWlvtol6ErIxaUf3n3+PAXTubhH37auOoMDeFeu1lAAe2lKiQcCtpE9gy1dkZ3vSZO6eHq7REo1qauao2LrrgBfPS0p0nhMBjOiORDI06JkNwDFBktjBI9JFHBNfd/CMrgXhfsxujbVxFSD6VD7DxBb3TDgOAm5GS6YJVC5bxQx038GnHorBsUBeR6BzpxG/lrNcBdNaHKqjngBbQmYR/skbLlrJblDyXdI4Xyh55Eogz28rwT5HhjoWOGjAk9P2qk9QAqKcWuRXsS77jRIeD59cqq9EKDRzixEJntCvxxsS1LLYBG4vmzXk4qgb1vGUgNKUaVXPNjXX2ueaLtkEMkx9sMmKcyKLzLoD3/yPYEiUTwCoXaNf3o4OUrvli7mW7qzGrqXTQtQfOd7fMGupgjtR68dEQxP2M/J1725phvSUQNx8SuERMOwzHwd7Yt/Z5TKJ+B/m7uxYyVeo9QYlkHrjVAVLmHc6qnKGVZrSGSkdVVr4dksOc7gyB28MP7JZRADCnHq7+1jhRMCiOT51I/ZyrqWtTqDNBFATCeDDWF7qZcrzWq4GrWm2dmWwQlUm5lW7+MsVgrFowjnbbjwcWy2ROIPiiC3cQ7ztxqXMZZjHUVDa4OC19d4vsDETphTuFQtNHTWGnps/phrV5X5QfIC5nmrHqeyJR2YRNb1M/IZMD1nWFvDJG0B46ES03YaIrQYt46HK3Pd25arssGS+Gzx8p65NTriRBp+KAkGf8dN9+/bECHI8coWKXpi31Uu1GoN4tf0f3OoQtpq2mCF9wz9B/cl/j7jBVKN1/OPqmd/IWr737eYQLeJ/XOKs3W5+5bdnl5I0ewaipPYelUY/ZNWCMN91U8PInGrThnASRdCkNMPOzU56MIBj3gFWn/DIq/kaFpf5CFq3Zvniy5HIf/+ZyLhMH4v7O4GSgMCcomEXLlQJZ9K4ZPHo1IYfHJqi0OEfmZageDkRrD9434ByYibg1wJRVvZfUbh4HJjgIrf1yZhTAe4DVBpYnf7wuJIw0HkNRu4piiNw8LIh2ga+f36iDs5Nl0qaZtMR3gLUBiMxrLS3Yakuof+xcglzfVMo8YBD90qBFKke7OUi7CQCZw6orE/EJ8pxDTWL4sedcv/OowKo4xqh5PtUBAOljs7i1z/zHtr4Cr64SH6DW/2vp7gYA62+BPrbhSRJbW6wkWR2hWn4pYJLirKwUBasO1Iewpj6ps3if5IKVrv6kfFoFYfLF8cEpIDjek61OU15tjXRMZENR0vSQRAm9D92VGCXcD3gnW34jF+i6HnArPF8hJ8vDIAb7LYf0xuCZ0JU8QNIUqSdHIcH/GAZGNHAP2EBV+Xbffw9rIycPM4JUIPvbUNVnXsR4+Hc1URd1FkTDlvQEE3lWlPVtcbChbg/221OdKVewi4YwXFWQV45fbwsZX05FGunVBr+/G0SEGeJ25kud9YbP/C2K1i/GQeGw5ItOmThpkXr2X/OyonnFSXnYQjy6fwEBnAX2KPVTqY7T8OxgAj7UT63Niv+w68uoay/pgyuAUBKOQ3t4HmfXPaKm0bYNQNt0r8CTLIxqFxJZxJ1syTqnMXLOdowWpDpDszFHQChiFAOuBwK61dYjUC/OHFlxDkLKkKe38EuWdBCyGqHPfj7m23+h/E09u1WzwksUk9jm6DfyTAoz/MZGsbm9pSQl22qzC3og2SwUi+smgCSrcojp4q0W92onAAxe3siPAPIPpt1Gj8GRvkImHQ/rNQkgiJ4jJfN3epiJgBJ+YCGIByivV0XFLB/9UVu7Vw554/nG9BlfKJ9h0G7VPQgd5MJGvkLqJzCrPh6QyK9uOjbJLO4dWkmaL3oZr4IVbwGk3NXZ7oef7A4RFOHDDevJintMLz1ZOkaaJKWe6YoijmAC2tQNGMIoRw6YcLjcmVPJz12W+6MEPH3YOdUl3b/NnfScuTVYBSP0cFXlDwg/rphUD7oykohsLtPOWhYW/GWvAdV4iwZpzQ0yFHasYGiERPytDKmRffoILDoTOn4HGVVCQaGnm/o7pl5BU4hFQOzvUC4C4LYRwpsz7EaRp0Y3Qqt4S2Xc/k0E0W3XU+sVNSvoBgweNhDlKaefjjSSjDNza6l9fTS3XPTprrEhMU7CvDjpsC8vfd5QTiNDxC7XGJEa0FTiCr2Xyz3YM5c8jWOk1hNOcSvJ1GvZhUWw0pX/HaihI49WQqA4/4GtLfG9f5TkCsLanj0wzVLM7XntN5ol0H5R69nJ5mPLIGXsErG9A/Xai9ol9joVUIJVRwLx8iJEyGx8m1pyOENjOkudgnKFryoWsNGbQo6G+0JEvEAjUuApkYNJvqKNRKrw+GSjxRZtewo8V9rC5a6nsUOPK/U5WaF5UMxu/L4fk8jQltcBRhQpuPZboEo6KNmUzMsK3aweMrQdHnLDlOIoJiDqj9ySPv2C3aeVoKWiscQ==,iv:GS5GMpbxeweqwjUvOzqg59xBOzNZqrL5t7RjsFjpucM=,tag:j0MaMw71fnRHxeydlqAaww==,type:str] RSA: ENC[AES256_GCM,data:pgCzxri1wLZbl5e/KeVvtHRRe0XkdB8GLp2UbQOlJ9hRvRerJ6r8VhSSDh5vfySL6ow4urXzTG5oZwOcXeZgb+DgT3ZFS+npPvbzcc8T/hU8C5tVXYdqdLJHLXAmVG2nbkuIE6z7Bu8SngBZx1jXNBBl2W4vO6GcL0naNj2IyT+1nGhwuNdn4iMMTIjZhlF81PwYRY/TzcljyST4FZc4u/55oSUNrb8Z7KmhkrmaHNPFACTXiXli/zrPKfisztRvZZLfRZ57067/fiOTdwxXyiSxsh+oKRG8JlvdLQvjZ9tMGagzAafEyWVYyrVJIRBme9Uy4HtG/uOZ39gXVE+D8sh1GWftrmvjXPO2OdD/tIa6kskfZNWWFoEOtiRcKH+fuBTe7/ezjzqJA0qZvfwduXqkfVbNcS3YRNRM3jpLwGHDEv2hnVqn4bjB5We/1KBMCtbrHtAc26M3AepeAUy+ka1xW5WO9LsZ5ck1gnFrV5bkFWDr+evBRUuiId5QuAifkDsKlqLsWAeWFpgc7DdjUrpRG0yry8PFEOZP7w7D2/AEeoGc1dMDgX95mvs+0EmA4lutmt2fF14QZJwzhH39/TLGrRmjrohqJ0kD+h8XykBt1JbOPg91dnxmEJuESPNAxhotrj8xuuklvyLKAcfWWRJ1NIvbG6rmlL+m1x+2hUVw9gVGzyGaaSLOqG/6kHwIV2v+ZvCm+n3JBle+ooSi9mxgefVvJc28hSdC5SvNN0KyDvAY32NgOqYFPrvwx4QHxdm6D5jHXOoFEAkN4duSmDwmVGUq9fL5ds4v815a2Fgn2IZB1l82mLFgy4xaBPlbjrqRnuhgpRRbKu+eSNh13lTEwbrEKJfL89cX1Q9N4Y9aK/I7nq9lfybZ+XYXfoLU+7yXZ6gmm2hw6EkwvmAg1zPnoec5hCOZxotPYByvROOK4TyBCWoF2w+5vmSatZdodLwyoNWSsqtpowWHImCH/UZZ5NkBs0pWOnLBSuP32nFN5GN+0y1EKq+4AxL3pwutpo2iMAFlXI5lu5S4fP6nreZUsYqpp9QpwQtmSbU3iMC4bMSHA4LrhLSCfa3AClVirB4xabCnDWDa8tD5j40Zy0gqk289/qbcmmNC9RpTzrI3aag/hZx4eKjb92Ma5s4E2FZL0BQVrdQ8vD0yuhIaU0qp0ahU1D0/H+HS6Gsi1mfWsfNhsSBBDW0IVC/+8zFxvWYysbVPJJj7m7JY0IwW1yKzPvPnMdkWVS8OcJoODa97V15TaXt7yAstmCVYGZS9qc6VurF5MqQM6c4PluJXPyMlZAwQojrnaCuGuljXpmot5M62MvNMdh4psfa0Y1YiCWjer8XtmYhVvzQPepD/YhsouMrCRGD5pxaXozhoS1bUVD9ReBQb9Gg2sQr8MEQ8oNB/a6fLmNwqY7IWmk9pAhBmk5ng120LS5q+3vjj/hw9+Dz6Ojp6BAVNGs1us5YW86GSSlqVmLew4p+HBiYQyhFCmi9p1WIjrNyT/oHUDYGreL2A6NEo6aePPYeVtbNEYi0UahEscGUrqu953MV+PpbanJI7WHKpHek3Nsdgwyel4V9wjgxSpLWvfwj7QqXL8Xngoyd/4FL+G9MvLc3cDYhIFAryBvqRgXrwRk3CkAijzpk/2hui0qlhmDza8KRpfo/4bwz0i4d/wRyWe3+24WY1CjPkDzclc3VZVQDiSg6KsUQvGnc6Wv1+awjE2kA18j3NR4RYBXgxEflj5Ft2BLG6rq+RakLguXDCAMQA4hcx1L+ThDCdn09c58H9Uc/GRLE5uuFRgLB5UtsQimGXuXzxsA3YIN3CijT6NJTKH9WCvQ4tZnk0Jq73rq4oynTCbZBVPgQi5SrfD1Zr0eXgmirLQZFCEV4EqNrtheZ+vqTkWf7rrvG04C6QqLIHWttdsL3ejfB6ddfwM/sou1JmmgTzEo52CCYf1otKNQwD+shx7Xcrm17vu+v57q6bOQrbeBNb/MDPm8qH4/J89NgSKHO8kzvfAm2qWxmr+90Of0cxVT5l7IdnOBCuYSHgTLIALgTmLmKvPm9l/pOjfIQZmvJ7Alo/eqKfcPw6uwoSDn/5+Pj1c9p2ub1CwRZKZlnULQLI0uyw5eQGceOsuivjO6iQjsk4iGecvlGYwZtlqidz359zCysMSuKrXS+XNGT1xy7fmnyct72HJvSeyq8bSNSAEc/iW+ia9n1GJDj4vW84v/zwi0dm1s/qKnq5M2m/pUvZembcOK/1vY0tsD2McTqIjgKPDS0UO3lgEr8vHFok5kJrU3rVV8iJeLHv3oCzKvjgR9jjqdlceRjSJarVFz1lSxenzoVq0JcH2cde2yQ3vdPusEd2LZC2tVYgqPprp/zOSbWsJPq57eiUl/UX2vOuNAV28HXVIuDqs27q2BOlUvBLCirIurjlONXpdRybN3dtevk/lIel0aRU5L5g9Mr1zhtHsoo6WI0In+RzFsD63AsBNDoufVmXgHr0G/bZLwPCdk1xCeEKv1Bq4fpappx8iEQv5GtwZBkPh8N8D0+ngbccx5N0pMcL2BM/HqeRDXR1Tw72EVEG8Bx4Twue5NBi6rtlfDnDvAj524fylSMSPgab8zq3tY9DnIci3ajnRYpIO3uDgH5cbMxqEb6gnpQNkzVUk0yJXR8nvS8qT6TbryX94howqnrID/8HQZ13ja2d8pW4Sro4+xI9WFFSx8bFSeBjhj4nzyvsyam9nJGDJnuYtNEod/CBMjkRPbBq1doske2twYLudoEObY3FXdZJ5VfiD/zGKXPHjL+pd9L8V2QFicazwE4CcIDoSaOr44VADVwh/Iu6Wr1fVZvmSRPmorlRS4DnUDXEC4dl+C2Z9JhxuL9CEoin+k6yILXsBcRrp2LrRs0U6IW2rVrrtD9MzBosjOGflVABVGhCA4q0LOWF+/5NonHaeB3E0mntFyTvuGTEN2fhnrpW86UERIXOySKTm6nN6BcgmvozgGKQ49jdzuzqVjfWGI9isL9UBNmkamrqbYmdqpoIiWycS7Aeyfh6XWMR+zEjeImqvdF8RQs7Ro9MJWj5Bm5bXs+gaLV4vzNj9/ZzzHZs/UmkBWEPtYs/5KO89Xj9lHBSVfE1c/sM6iDaGLOeO1v2MAIecOoMvIjBJ/YilYJmyywuILjxGN25jlyPVEy5DWnUOSIln6G9eyDjs3VLNsITXFH1co+M2KhDr9sQqJ5lKBitpZUsl/4KI2uiAXm7+kuQOn/27NDBZ0PdW8cwyVg2tirGJDvkmDH1umCas5/OhDEfu7+N9oW6wMpZCeR2lJwS0nTSEkk2Gis7WisgB7j9yY0evOeSecaKaq9RFxg2T3qJ9QR+ZssCXacezSZm/PTa2BByHeHJJ/P6p/f+rg+hziMkESOqx6C4BgGeEZKTAdwTyRfNmsp4bdg9XcqZAgnhtSHb24qAf7Upd/ttwS496H8HdS5bTrmSr8/JvwIKy+rs+id7CzcKYc2HEq0FSUt473Vb3s7kS2YDiqnGW7BRLIPDMApLuCDYeFfHExZhdtbX7O415herG52VffHfAoVfr+DQfipqkDUqno7+coZxthnBY1e8V4bJTcul36CO/sB2vP2/4yfzv/HSuviVVRLY58cGBVk9lSiTBQao3+N/f8a23k1wqEFy60uL4jW4X9swgFed8Q48kAUq9SSfxnKHeQrKrvo9rPHGcetrCC2GQP1u0gHD1TV4F1JGloN8MhMlBGtwBGhOIFcQvUomiTqNrDCobqOqcLUJuVL7jZ+Saw6CiH1QJrSQZ5QuCW9XHoOOgvZzdPqEGuSb6nky2OQ1EjLMQtp7SsrwYp32lkWJ9RY3OUk3LLvTM8Exxg56nDqiOopg0GaWAhf4H4MTrAlssM69epH+5SaJyUEhweg5BZP3mY9FnnkdhG7W9JeDQXu1JOhSm7Td0ForDAoznBcID3SacOCbeSAqtGRBZGxnXFN01MTmUnA7Sy+Sm1WoN+o9u28ttG372sVavQlDZvM+9qXr15hcXt/IYscnbpgw0L7DrcZ4RWb8ATtOov8zhtlwB7QvDQ1LX2g2+5Ag2QcuQJmAYH731XnctUsrCmPKfCVh3CzdNS7DH90bli3cC4t+fpAuAXVNh5wPrCEb9Xco/WUKYe6XNS0Z/xi7PbGBH0s6ThYNzCFbwH4e4CDwD8uP7UA6iL+Uuts5Cz5Fcm7WMqPDFYFAdcA38fOWpXqVRYo6Dan8x/RNAPVNko6MnwXeq061jz7XTk6zEpNymxgjNPJRgcvhItfDHtrGpUqSIJxkQv0g3wppXnWlNX6zGIelUJmLkWuJUJfbznXTdkCr+oF5vwuauwO8iCx/h+7AZBD61w47BmRQLLdDP5I2ptdbrIN4ygouDUVE6bwiw2nhBZuR9ufzcO+WyWNHt5h/N5IuErH/5QcfJOBVRcJYuyFgEWrFax7fiwMCzgKhxN0x1WHa7F8gxGNTIGG9QVNf/6tpYVCAao4pQGErxKVqfVQ1374zbsFSy5PF0oyW5ueEQOVJ82RBjwYtLjX2gXY56nfdLy+D22S3XEHeHLLLg16Vtkf4Twmvzkxjc/YfN2vxu8d5tFbHnyanicj3SBgiiZLvg5iDwjtfONFQ6oX0vfoJ7B5xBsnxiLptx+HPN2onwsF/e7pCl0cTRTLO8Jt7Z8Ob0FYcmd31R2d8paemcIRzfgsqS2JWtJBckAqeQit+Gn+U82aKGew+1FVjlGUrwTO6Q6ztXh75B71V3urA65MaLRX5/7t3nGE8FKip+KfG+yTCHu0F411obb8TME+YwBfz8M4kDUBVtmFUrXEEF9aYD/atxxF02yB/ABPybB6Zcyo5r/U6P0G6jVUGXn3hgQkl1OzkQt06aH/J/LwMN271gc8whsV3pfZC3YfQ3212BAviAshfPyNtHPkShpu6fx5iVDoaL5LHS/A1K7kQ5yya4ECCndpTpF1rYamNVw9a5m64Tma3AGFORy6ZQfaHcV2w0RUs3P3ZXGPcuE2VKeTLLGG43W/FbqGAvxjax2j3qGtZ99Ox85ZAVu5O6PvZSvGSpUW6ebGTCsAgSz5h8V8TfWpaQtR0RrjuzGWoWiW5R2VqfmmIQcn34+t2GgfkZB5QH/o7S5z86UL05dLzdyXXyxIn5sWi0Q1B3yAjFCOVstaAr92fGfx+JHOrMFFKu+bLBpez8lE6f+h4HHzTDVnIB1Zb7d3wNwLVk7PmFy6NeByj0kmjY3Ts5pWctWAAQkI+nOtuM4o101AwCMdMfj3M/mr1J7OWy3Rxgaj58IknfPJpeoMhgkvu66WrkgS3XZE6e/n55sPkGHSDMcHTm2364+oJOSMzDUAJgGjDt9Jvalo1wruDA5pPF4F6y/F/8njO8qkoXnuWRG5BpzO66LwDTDOcUCCFzym6eRBnLo9sGbGZxlvRRSHwIRMa80tcqZqbAuVeW+2/PiSMN7zhzLTNdzhaC4cIOuilcdat1+//+qI3OWC5y9sti3qGuHO1U8rhSOw8Laac7JgOGCo3FkekHe8PaFF8jSDliQnodO8rGCY36xHTQkUsQjb+5ginp/dBIAUIR3QxXsMaxP/yBLpRbvFhD3DeOJRQXWdLijTcxAxLhTIPav2WC1mwyve+Jd0djTajSBgSzPzHW5ajUBaol+dVJeCD9HqiOrUMEmcMQFZZcA+RCJdIOvkKlt/sAnhQ4RuwPmzck2RMXCQfiYn0pqpJDXmF7xWgvGDBtQKP7xLE1Hj5No2q85KjLsWu8xK99Y+j2ixfBsgdc53CR4rNplnPsFzBHOucqd+Ve0/gqZgF81RbGFV1T9Wn1XFrE0e7+EkNejKj7deRmy31PnVLcBp2NwtIkhrJ06J8hmGquwUm,iv:NJkjWL5kMHET68oR5Xp22kvkThXIp7WxRVajmTfsB5M=,tag:NSXeRItMKlOQYP4QtzMKIg==,type:str] @@ -73,8 +77,8 @@ sops: SHJLR3lvdlFiRmJuU25RUHFFTmpjamMKbzycdDvQBAuOiRROTZEQSnaXoPapz73L yVS9EUP25FSx/sGqRqaCefbeaybuM1aso6LDnlomv4Bib7zjugWKSw== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-07-28T15:38:03Z" - mac: ENC[AES256_GCM,data:/ZQ0QX/nqGWHkIOvJxKxl8HHlK1bxEdog0Ee/N5CnU6aw4l8IoX3BwpZBFP78+/EO1flH4S9zyJfRE1U9NoIqXPXs+r0dgGiJm0FHwGiHi1oGRmxfggi0Kes4WQa3rIgxuyeIjwXWc4LNPLkCyNPGNdnE0wZ4ab31O/ZbIME1NY=,iv:r7RZGBdXJnk6261LE7IwmojWYC6JoqVJFwekGbhuFXY=,tag:FWaAoJ8FRZJitAp8F3cK2Q==,type:str] + lastmodified: "2024-10-07T00:12:32Z" + mac: ENC[AES256_GCM,data:zousJNtsrpNUXxdboNDsREOuvTImGn8eUxTJMQok0zR8tvSFX9yQ+mQMg2kgG85HOhOH/fGP8WZDb4iq4kGKR15712mr/oOmoAR7SxtYlO4A0UV6uQDhp+Jx1/QhX0wSt8m6a8/RbQHDttXP219bU6/rGe3YZ2TxIy0wg+LLuS4=,iv:ZnkGt7TwUNLCrQW4gH8R/tM/se5lGi6Exk1FHPRhCxA=,tag:ZWrGua4fe38si90AVnDGQg==,type:str] pgp: - created_at: "2024-06-09T19:44:41Z" enc: |- diff --git a/system-modules/docker.nix b/system-modules/docker.nix index 18c7dd1..26b310e 100755 --- a/system-modules/docker.nix +++ b/system-modules/docker.nix @@ -15,6 +15,7 @@ users.users."${user}".extraGroups = [ "docker" ]; networking.firewall.allowedTCPPorts = [ 80 + 443 8384 ]; } diff --git a/system-modules/networking.nix b/system-modules/networking.nix index bef3ad6..e52d9ef 100755 --- a/system-modules/networking.nix +++ b/system-modules/networking.nix @@ -14,5 +14,5 @@ in enable = true; }; - networking.enableIPv6 = false; + networking.enableIPv6 = true; } diff --git a/system-modules/nx2site.nix b/system-modules/nx2site.nix index a352af4..c314758 100644 --- a/system-modules/nx2site.nix +++ b/system-modules/nx2site.nix @@ -1,121 +1,272 @@ -{ config, pkgs, lib, user, host, ... }: +{ config, pkgs, lib, user, host, secrets, ... }: # lib.mkIf false -lib.mkIf (host == "NxACE") -# ((import ./nx2site/proxy.nix { inherit config pkgs lib user; }) // -( +lib.mkIf (host == "NxACE" && user != "tv") { sops.secrets = { - "nx2site/namecheap.pw" = { }; - }; - - systemd = { - timers."namecheap-dynamic-dns" = { - wantedBy = [ "timers.target" ]; - timerConfig = { - OnBootSec = "2m"; - OnUnitActiveSec = "10m"; - Unit = "namecheap-dynamic-dns.service"; - }; + "nx2site/namecheap.pw" = { }; + # "nx2site/cloudflare/api-token-dns-edit" = { }; + "nx2site/cloudflare/global-api-key" = { }; }; - services."namecheap-dynamic-dns" = let - u = let - domain = "nx2.site"; - passord-file-path = config.sops.secrets."nx2site/namecheap.pw".path; - # passord-file-path = config.sops.secrets."nx2site/namecheap.pw".path; - log-file-path = "/var/log/update_namecheap.log"; - count-file-path = "/var/log/update_namecheap-count.txt"; - in pkgs.writers.writePython3Bin "update_namecheap" { - libraries = with pkgs.python311Packages; [ requests ]; - flakeIgnore = [ "E501" "E305" "E701" "E704" "E302" "E114" "F841" ]; - } '' - import requests - import argparse - import socket - from datetime import datetime - def get_public_ip(): return requests.get('https://ipinfo.io/ip').text.strip() + systemd = { + timers."dynamic-dns" = { + wantedBy = [ "timers.target" ]; + timerConfig = { + OnBootSec = "2m"; + OnUnitActiveSec = "10m"; + Unit = "dynamic-dns.service"; + }; + }; + # services."dynamic-dns" = let + # u = let + # domain = "nx2.site"; + # passord-file-path = config.sops.secrets."nx2site/namecheap.pw".path; + # log-file-path = "/var/log/update_namecheap.log"; + # count-file-path = "/var/log/update_namecheap-count.txt"; + # in pkgs.writers.writePython3Bin "update_namecheap" { + # libraries = with pkgs.python311Packages; [ requests ]; + # flakeIgnore = [ "E501" "E305" "E701" "E704" "E302" "E114" "F841" ]; + # } '' + # import requests + # import argparse + # import socket + # from datetime import datetime - def get_dns_ip(): return socket.gethostbyname_ex('${domain}')[2][0] + # def get_public_ip(): return requests.get('https://ipinfo.io/ip').text.strip() - def main(force_update): - my_ip = get_public_ip() - dns_ip = get_dns_ip() + # def get_dns_ip(): return socket.gethostbyname_ex('${domain}')[2][0] - with open("${count-file-path}", "r") as f: - content = f.read() - if content == "": count = 0 - else: count = int(content) - count += 1 - with open("${count-file-path}", "w") as f: - f.write(str(count)) + # def main(force_update): + # my_ip = get_public_ip() + # dns_ip = get_dns_ip() - if not (force_update or my_ip != dns_ip): - print(f"Host IP and DNS response are both {my_ip} --> No Action") - exit(0) - else: - with open("${passord-file-path}", 'r') as pw_file: pw = pw_file.read().strip() + # with open("${count-file-path}", "r") as f: + # content = f.read() + # if content == "": count = 0 + # else: count = int(content) + # count += 1 + # with open("${count-file-path}", "w") as f: + # f.write(str(count)) - # Perform DNS updates - resp_base = requests.get(f"https://dynamicdns.park-your-domain.com/update?host=@&domain=${domain}&password={pw}&ip={my_ip}") - resp_subd = requests.get(f"https://dynamicdns.park-your-domain.com/update?host=*&domain=${domain}&password={pw}&ip={my_ip}") + # if not (force_update or my_ip != dns_ip): + # print(f"Host IP and DNS response are both {my_ip} --> No Action") + # exit(0) + # else: + # with open("${passord-file-path}", 'r') as pw_file: pw = pw_file.read().strip() + + # # Perform DNS updates + # resp_base = requests.get(f"https://dynamicdns.park-your-domain.com/update?host=@&domain=${domain}&password={pw}&ip={my_ip}") + # resp_subd = requests.get(f"https://dynamicdns.park-your-domain.com/update?host=*&domain=${domain}&password={pw}&ip={my_ip}") - # Reset the count file - with open("${count-file-path}", 'w') as f: f.write('0') + # # Reset the count file + # with open("${count-file-path}", 'w') as f: f.write('0') - now_str = datetime.now().strftime('%Y/%m/%d-%R') - log_entry = f"At {now_str} - from {dns_ip} to {my_ip} - {count} times - Response {resp_base.status_code}{' - (forced)' if force_update else ' '}\n" - print(log_entry, end="") - with open("${log-file-path}", 'a') as log_file: log_file.write(log_entry) + # now_str = datetime.now().strftime('%Y/%m/%d-%R') + # log_entry = f"At {now_str} - from {dns_ip} to {my_ip} - {count} times - Response {resp_base.status_code}{' - (forced)' if force_update else ' '}\n" + # print(log_entry, end="") + # with open("${log-file-path}", 'a') as log_file: log_file.write(log_entry) - if __name__ == "__main__": - parser = argparse.ArgumentParser() - parser.add_argument('-f', '--force', action='store_true', help='Force update') - args = parser.parse_args() + # if __name__ == "__main__": + # parser = argparse.ArgumentParser() + # parser.add_argument('-f', '--force', action='store_true', help='Force update') + # args = parser.parse_args() - main(args.force) - ''; - in { - script = '' - set -eu - ${u}/bin/update_namecheap - ''; - serviceConfig = { - Type = "oneshot"; + # main(args.force) + # ''; + # in { + # script = '' + # set -eu + # ${u}/bin/update_namecheap + # ''; + # serviceConfig = { + # Type = "oneshot"; + # }; + services."dynamic-dns" = let + u = let + domain = "nx2.site"; + account_id = secrets.email.gmail-online.mail; + zone_id = "33fecab36e060f49d492127345ea95a0"; + record_id = { + base = "58d3412e8d88889d1a611b3669f0700f"; + sub = "fc861353142bc05d5dbad1799178e6a1"; + base6 = "d1b90e21d2d747dcb30448bd65312927"; + sub6 = "b8082b7afe9e80971fc9f9dda16ec284"; + }; + passord-file-path = config.sops.secrets."nx2site/cloudflare/global-api-key".path; + log-file-path = "/var/log/couldflare.log"; + count-file-path = "/var/log/cloudflare-count.txt"; + in pkgs.writers.writePython3Bin "dyn_dns" { + libraries = with pkgs.python311Packages; [ requests ]; + flakeIgnore = [ "E501" "E305" "E701" "E704" "E302" "E114" "F841" "E121" "E261" "E303"]; + } '' + import requests + import subprocess + from datetime import datetime + + def get_public_ip(ipv6=False): + return subprocess.run(['${pkgs.curl}/bin/curl', '-s', '-6' if ipv6 else '-4', 'https://ifconfig.me'], capture_output=True, text=True).stdout.strip() + + def main(): + my_ip = get_public_ip() + my_ip6 = get_public_ip(ipv6=True) + + with open("${count-file-path}", "r") as f: + content = f.read() + if content == "": count = 0 + else: count = int(content) + count += 1 + with open("${count-file-path}", "w") as f: + f.write(str(count)) + + # 4 + with open("${passord-file-path}", 'r') as pw_file: + pw = pw_file.read().strip() + + # Perform DNS updates + # https://developers.cloudflare.com/api/operations/dns-records-for-a-zone-update-dns-record + resp_base = requests.patch( + 'https://api.cloudflare.com/client/v4/zones/${zone_id}/dns_records/${record_id.base}', + headers={ + 'Content-Type': 'application/json', + 'X-Auth-Email': '${account_id}', + 'X-Auth-Key': pw + }, + json={ + "comment": "Domain verification record", + "name": "${domain}", + "proxied": True, + "settings": {}, + "tags": [], + "ttl": 1, # automatic + "content": my_ip, + "type": "A" + } + ) + + resp_subd = requests.patch( + 'https://api.cloudflare.com/client/v4/zones/${zone_id}/dns_records/${record_id.sub}', + headers={ + 'Content-Type': 'application/json', + 'X-Auth-Email': '${account_id}', + 'X-Auth-Key': pw + }, + json={ + "comment": "Domain verification record", + "name": "${domain}", + "proxied": True, + "settings": {}, + "tags": [], + "ttl": 1, # automatic + "content": my_ip, + "type": "A" + } + ) + + if resp_base.status_code != 200: + print(resp_base.text) + + + now_str = datetime.now().strftime('%Y/%m/%d-%R') + log_entry = f"At {now_str} - to {my_ip} - Response {resp_base.status_code}\n" + print(log_entry, end="") + with open("${log-file-path}", 'a') as log_file: + log_file.write(log_entry) + + # Perform DNS updates + # https://developers.cloudflare.com/api/operations/dns-records-for-a-zone-update-dns-record + resp_base = requests.patch( + 'https://api.cloudflare.com/client/v4/zones/${zone_id}/dns_records/${record_id.base6}', + headers={ + 'Content-Type': 'application/json', + 'X-Auth-Email': '${account_id}', + 'X-Auth-Key': pw + }, + json={ + "comment": "Domain verification record", + "name": "${domain}", + "proxied": True, + "settings": {}, + "tags": [], + "ttl": 1, # automatic + "content": my_ip6, + "type": "AAAA" + } + ) + + resp_subd = requests.patch( + 'https://api.cloudflare.com/client/v4/zones/${zone_id}/dns_records/${record_id.sub6}', + headers={ + 'Content-Type': 'application/json', + 'X-Auth-Email': '${account_id}', + 'X-Auth-Key': pw + }, + json={ + "comment": "Domain verification record", + "name": "${domain}", + "proxied": True, + "settings": {}, + "tags": [], + "ttl": 1, # automatic + "content": my_ip6, + "type": "AAAA" + } + ) + + if resp_base.status_code != 200: + print(resp_base.text) + + + now_str = datetime.now().strftime('%Y/%m/%d-%R') + log_entry = f"At {now_str} - to {my_ip6} - Response {resp_base.status_code}\n" + print(log_entry, end="") + with open("${log-file-path}", 'a') as log_file: log_file.write(log_entry) + + if __name__ == "__main__": + main() + ''; + in { + script = '' + set -eu + ${u}/bin/dyn_dns + ''; + serviceConfig = { + Type = "oneshot"; + User = "root"; + }; }; }; - }; - # I can't use this becasue API Access for Namecheap needs a static whitelisted IP, which I don't have - # security.acme = { - # acceptTerms = true; - # certs."nx2site" = { }; - # }; - environment.systemPackages = with pkgs; [ - certbot - (writeShellApplication { - name = "refresh_ssl_certificate"; - runtimeInputs = [ certbot ]; - # https://forum.endeavouros.com/t/tutorial-add-a-systemd-boot-loader-menu-entry-for-a-windows-installation-using-a-separate-esp-partition/37431 - text = let - webroot = /home/nx2/nx2site/staticweb/content; - in /*bash*/ '' - cartbot - ls ${webroot} - ''; - }) - ]; - networking.hosts = { # docker network inspect nx2site_default | grep -E "Name|IPv4" | tr "\n" " " | sed -r 's- +- -g;s-\n?"Name": -\n-g' | sed -r '1d;2d;s-"(.+?)", "IPv4Address": "(.+)/16",- "\2" = [ "\1.docker" ];-g' - "172.1.2.1" = [ "staticweb.docker" ]; - "172.1.3.1" = [ "matrix.docker" ]; - # "172.1.0.9" = [ "matrixdb.docker" ]; - "172.1.4.1" = [ "matrix-ss.docker" ]; - # "172.1.0.7" = [ "matrix-ssdb.docker" ]; - "172.1.5.1" = [ "pw.docker" ]; - "172.1.6.1" = [ "git.docker" ]; - # "172.1.0.10" = [ "gitdb.docker" ]; - "172.1.7.1" = [ "nn.docker" ]; - "172.1.8.1" = [ "llm.docker" ]; - # "172.1.9.1" = [ "proxy.docker" ]; - "172.1.10.1" = [ "share.docker" ]; - "172.1.11.1" = [ "odq.docker" ]; - }; -}) + # I can't use this becasue API Access for Namecheap needs a static whitelisted IP, which I don't have + # security.acme = { + # acceptTerms = true; + # certs."nx2site" = { }; + # }; + environment.systemPackages = with pkgs; [ + certbot + (writeShellApplication { + name = "refresh_ssl_certificate"; + runtimeInputs = [ certbot ]; + # https://forum.endeavouros.com/t/tutorial-add-a-systemd-boot-loader-menu-entry-for-a-windows-installation-using-a-separate-esp-partition/37431 + text = let + webroot = /home/nx2/nx2site/staticweb/content; + in /*bash*/ '' + cartbot + ls ${webroot} + ''; + }) + ]; + networking.hosts = { # docker network inspect nx2site_default | grep -E "Name|IPv4" | tr "\n" " " | sed -r 's- +- -g;s-\n?"Name": -\n-g' | sed -r '1d;2d;s-"(.+?)", "IPv4Address": "(.+)/16",- "\2" = [ "\1.docker" ];-g' + "172.1.2.1" = [ "staticweb.docker" ]; + "172.1.3.1" = [ "matrix.docker" ]; + # "172.1.0.9" = [ "matrixdb.docker" ]; + "172.1.4.1" = [ "matrix-ss.docker" ]; + # "172.1.0.7" = [ "matrix-ssdb.docker" ]; + "172.1.5.1" = [ "pw.docker" ]; + "172.1.6.1" = [ "git.docker" ]; + # "172.1.0.10" = [ "gitdb.docker" ]; + "172.1.7.1" = [ "nn.docker" ]; + "172.1.8.1" = [ "llm.docker" ]; + # "172.1.9.1" = [ "proxy.docker" ]; + "172.1.10.1" = [ "share.docker" ]; + "172.1.11.1" = [ "odq.docker" ]; + }; + } diff --git a/system-modules/nx2site/proxy.nix b/system-modules/nx2site/proxy.nix index fde9b31..b62493d 100644 --- a/system-modules/nx2site/proxy.nix +++ b/system-modules/nx2site/proxy.nix @@ -1,25 +1,58 @@ -{ config, pkgs, lib, user }: -lib.mkIf false +{ config, pkgs, lib, user, ... }: { sops.secrets = { "nx2site/sslCertificate.pem" = { owner = config.services.nginx.user; }; "nx2site/sslCertificateKey.pem" = { owner = config.services.nginx.user; }; "nx2site/dhparams.pem" = { owner = config.services.nginx.user; }; }; + security.acme = { + acceptTerms = true; + defaults = { + email = "acme@nx2.site"; + webroot = "/var/nginx/webroot"; + group = "nginx"; + }; + certs = { + "nx2.site" = { + extraDomainNames = [ "git.nx2.site" "pw.nx2.site" ]; + }; + }; + }; + users.users."nginx" = { + extraGroups = [ "nginx" "acme" ]; + useDefaultShell = false; + linger = true; + home = "/var/nginx/"; + homeMode = "770"; + createHome = true; + isSystemUser = true; + isNormalUser = false; + }; + systemd.services.nginx.serviceConfig.ProtectHome = "read-only"; services.nginx = { enable = true; + user = "nginx"; + group = "nginx"; additionalModules = []; # appendConfig = ''''; clientMaxBodySize = "20m"; defaultHTTPListenPort = 80; defaultListenAddresses = [ "0.0.0.0" ] ++ lib.optional config.networking.enableIPv6 "[::0]"; - defaultListen = [ { - addr = "0.0.0.0"; - ssl = true; - port = 443; - proxyProtocol = true; - }]; + defaultListen = [ + { + addr = "0.0.0.0"; + ssl = true; + port = 443; + proxyProtocol = true; + } + { + addr = "[::0]"; + ssl = true; + port = 443; + proxyProtocol = true; + } + ]; defaultMimeTypes = "${pkgs.mailcap}/etc/nginx/mime.types"; defaultSSLListenPort = 443; enableQuicBPF = true; @@ -39,7 +72,7 @@ lib.mkIf false recommendedTlsSettings = true; recommendedZstdSettings = true; serverTokens = false; - # sslCiphers = true; + # sslCiphers = # useing default; sslDhparam = config.sops.secrets."nx2site/dhparams.pem".path; sslProtocols = "TLSv1.2 TLSv1.3"; statusPage = false; @@ -50,7 +83,7 @@ lib.mkIf false "matrix".servers = { "matrix.docker:80" = {}; }; "matrix-ss".servers = { "matrix-ss.docker:80" = {}; }; "pw".servers = { "pw.docker:80" = {}; }; - "git".servers = { "git.docker:80" = {}; }; + "git".servers = { "git.docker:3000" = {}; }; "nn".servers = { "nn.docker:80" = {}; }; "llm".servers = { "llm.docker:80" = {}; }; "share".servers = { "share.docker:80" = {}; }; @@ -58,72 +91,99 @@ lib.mkIf false "sync".servers = { "localhost:8384" = {}; }; }; virtualHosts = let - sslCertificate = config.sops.secrets."nx2site/sslCertificate.pem".path; - sslCertificateKey = config.sops.secrets."nx2site/sslCertificateKey.pem".path; - kTLS = true; http2 = true; http3 = true; http3_hq = true; quic = true; - in - { - "nx2.site" = { - inherit sslCertificate sslCertificateKey kTLS http2 http3 http3_hq quic; - listen = [ { addr = "0.0.0.0"; port = 443; ssl = true; } ]; + # sslCertificate = config.sops.secrets."nx2site/sslCertificate.pem".path; + # sslCertificateKey = config.sops.secrets."nx2site/sslCertificateKey.pem".path; + vh = { + kTLS = true; + http2 = true; + http3 = true; + http3_hq = true; + quic = true; + addSSL = true; + enableACME = true; + }; + dl = [ + { addr = "0.0.0.0"; port = 443; ssl = true; } + { addr = "0.0.0.0"; port = 80; ssl = false; } + { addr = "[::0]"; port = 443; ssl = true; } + { addr = "[::0]"; port = 80; ssl = false; } + ]; + in { + "nx2.site" = vh // { + root = "/var/nginx/webroot"; + default = true; + listen = dl; locations = { "/" = { - proxyPass = "http://staticweb"; - # extraConfig = [ ''add_header Alt-Svc 'h3=":443"; ma=86400';'' ''add_header Cache-Control "public";'' ] ++ common-location-conf; + # index = "index.html"; + # tryFiles = "$uri/ $uri.html =404"; + extraConfig = '' + index index.html; + if ($request_uri ~ ^/(.*)\.html(\?|$)) { + return 301 /$1; + } + try_files $uri $uri.html $uri/ /404.html =404; + ''; + }; + "~^(/ba)$" = { + return = "301 /BA.pdf"; }; "/.well-known/matrix/client" = { - return = ''200 '{"m.homeserver": {"base_url": "https://matrix.nx2.site"}, "org.matrix.msc3575.proxy": {"url": "https://matrix-ss.nx2.site"}}' ''; - extraConfig = [ "default_type application/json;" "add_header Access-Control-Allow-Origin *;" ]; + return = "502"; + # return = ''200 '{"m.homeserver": {"base_url": "https://matrix.nx2.site"}, "org.matrix.msc3575.proxy": {"url": "https://matrix-ss.nx2.site"}}' ''; + # extraConfig = builtins.concatStringsSep "\n" [ "default_type application/json;" "add_header Access-Control-Allow-Origin *;" ]; }; "/.well-known/matrix/server" = { - return = ''200 '{"m.server":"matrix.nx2.site:443"}' ''; - extraConfig = [ "default_type application/json;" "add_header Access-Control-Allow-Origin *;" ]; - }; - "~ ^/(client/|_matrix/client/unstable/org.matrix.msc3575/sync)" = { - proxyPass = "http://matrix-ss"; - # extraConfig = [ ''proxy_set_header X-Forwarded-For $remote_addr;'' ''proxy_set_header X-Forwarded-Proto $scheme;'' ''proxy_set_header Host $host;'' ]; - }; - "~ ^(\/_matrix|\/_synapse\/client)" = { - return = ''200 '{"m.server":"matrix.nx2.site:443"}' ''; - # extraConfig = []; + return = "502"; + # return = ''200 '{"m.server":"matrix.nx2.site:443"}' ''; + # extraConfig = builtins.concatStringsSep "\n" [ "default_type application/json;" "add_header Access-Control-Allow-Origin *;" ]; }; + # "~ ^/(client/|_matrix/client/unstable/org.matrix.msc3575/sync)" = { + # proxyPass = "http://matrix-ss"; + # # extraConfig = [ ''proxy_set_header X-Forwarded-For $remote_addr;'' ''proxy_set_header X-Forwarded-Proto $scheme;'' ''proxy_set_header Host $host;'' ]; + # }; + # "~ ^(\/_matrix|\/_synapse\/client)" = { + # return = ''200 '{"m.server":"matrix.nx2.site:443"}' ''; + # # extraConfig = []; + # }; }; - }; + }; "matrix.nx2.site" = { - inherit sslCertificate sslCertificateKey kTLS http2 http3 http3_hq quic; - listen = [ - { addr = "0.0.0.0"; port = 443; ssl = true; } - { addr = "0.0.0.0"; port = 8448; ssl = true; } + listen = dl ++ [ + # { addr = "0.0.0.0"; port = 8448; ssl = true; } + # { addr = "0.0.0.0"; port = 8448; ssl = true; } ]; locations = { - "/" = { - proxyPass = "http://matrix"; - # extraConfig = [ ''add_header Alt-Svc 'h3=":443"; ma=86400';'' ''add_header Cache-Control "public";'' ] ++ common-location-conf; - }; + # "/" = { +# proxyPass = "http://matrix"; +# # extraConfig = [ ''add_header Alt-Svc 'h3=":443"; ma=86400';'' ''add_header Cache-Control "public";'' ] ++ common-location-conf; +# }; + "~.*" = { return = "502"; }; }; }; - "matrix-ss.nx2.site" = { - inherit sslCertificate sslCertificateKey kTLS http2 http3 http3_hq quic; - # listen = [ { addr = "0.0.0.0"; port = 443; ssl = true; } ]; - # "resolver 1.1.1.1;" - # "client_max_body_size 500M;" - # ]; - locations = { - "/" = { proxyPass = "http://pw"; }; - }; - }; - # "dev.nx2.site" = { - # inherit sslCertificate sslCertificateKey kTLS http2 http3 http3_hq quic; - # listen = [ { addr = "0.0.0.0"; port = 443; ssl = true; } ]; - # locations = { - # "/" = { - # proxyPass = "http://dev"; - # }; - # }; - # }; - "pw.nx2.site" = { - inherit sslCertificate sslCertificateKey kTLS http2 http3 http3_hq quic; +# "matrix-ss.nx2.site" = { +# inherit sslCertificate sslCertificateKey kTLS http2 http3 http3_hq quic addSSL enableACME; +# # listen = [ { addr = "0.0.0.0"; port = 443; ssl = true; } ]; +# # "resolver 1.1.1.1;" +# # "client_max_body_size 500M;" +# # ]; +# locations = { +# "/" = { proxyPass = "http://pw"; }; +# }; +# }; +# # "dev.nx2.site" = { +# # inherit sslCertificate sslCertificateKey kTLS http2 http3 http3_hq quic addSSL enableACME; +# # listen = [ { addr = "0.0.0.0"; port = 443; ssl = true; } ]; +# # locations = { +# # "/" = { +# # proxyPass = "http://dev"; +# # }; +# # }; +# # }; + "pw.nx2.site" = vh // { + # inherit sslCertificate sslCertificateKey kTLS http2 http3 http3_hq quic addSSL enableACME; # listen = [ { addr = "0.0.0.0"; port = 443; ssl = true; } ]; + listen = dl; locations = { "/" = { proxyPass = "http://pw"; }; "/admin" = { proxyPass = "http://pw"; }; @@ -131,48 +191,47 @@ lib.mkIf false "/notifications/hub/negotiate" = { proxyPass = "http://pw"; }; }; }; - "share.nx2.site" = { - inherit sslCertificate sslCertificateKey kTLS http2 http3 http3_hq quic; - # listen = [ { addr = "0.0.0.0"; port = 443; ssl = true; } ]; - locations = { - "/" = { proxyPass = "http://share"; # ''proxy_hide_header Content-Disposition;'' - # ''proxy_set_header Content-Disposition $upstream_http_content_disposition;'' - # ''proxy_set_header X-Real-IP $remote_addr;'' - # ''proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;'' - # ''proxy_set_header Host $http_host;'' - # ]; - }; - "/socket.io" = { - proxyPass = "http://share/socket.io"; - proxyWebsockets = true; - # extraConfig = [ - # ''proxy_http_version 1.1;'' - # ''proxy_set_header Upgrade $http_upgrade;'' - # ''proxy_set_header Connection "upgrade";'' - # ]; - }; - }; - }; - "sync.nx2.site" = { - inherit sslCertificate sslCertificateKey kTLS http2 http3 http3_hq quic; - # listen = [ { addr = "0.0.0.0"; port = 443; ssl = true; } ]; - locations = { - "/" = { proxyPass = "http://sync"; }; - }; - }; - "git.nx2.site" = { - inherit sslCertificate sslCertificateKey kTLS http2 http3 http3_hq quic; +# "share.nx2.site" = { +# inherit sslCertificate sslCertificateKey kTLS http2 http3 http3_hq quic addSSL enableACME; +# # listen = [ { addr = "0.0.0.0"; port = 443; ssl = true; } ]; +# locations = { +# "/" = { proxyPass = "http://share"; # ''proxy_hide_header Content-Disposition;'' +# # ''proxy_set_header Content-Disposition $upstream_http_content_disposition;'' +# # ''proxy_set_header X-Real-IP $remote_addr;'' +# # ''proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;'' +# # ''proxy_set_header Host $http_host;'' +# # ]; +# }; +# "/socket.io" = { +# proxyPass = "http://share/socket.io"; +# proxyWebsockets = true; +# # extraConfig = [ +# # ''proxy_http_version 1.1;'' +# # ''proxy_set_header Upgrade $http_upgrade;'' +# # ''proxy_set_header Connection "upgrade";'' +# # ]; +# }; +# }; +# }; +# "sync.nx2.site" = { +# inherit sslCertificate sslCertificateKey kTLS http2 http3 http3_hq quic addSSL enableACME; +# # listen = [ { addr = "0.0.0.0"; port = 443; ssl = true; } ]; +# locations = { +# "/" = { proxyPass = "http://sync"; }; +# }; +# }; + "git.nx2.site" = vh // { # listen = [ { addr = "0.0.0.0"; port = 443; ssl = true; } ]; + listen = dl; locations = { "/" = { proxyPass = "http://git"; }; }; }; - "~^(.*)\.nx2\.site$" = { - inherit sslCertificate sslCertificateKey kTLS http2 http3 http3_hq quic; - # listen = [ { addr = "0.0.0.0"; port = 443; ssl = true; } ]; - root = "/home/nx2/nx2site/staticweb/xcontent/"; + "~^(.*).nx2.site$" = { + listen = dl; + root = "/var/nginx/webroot"; locations = { - "~.*" = { return = "502 /502.html"; }; + "~.*" = { return = "301 https://nx2.site/502.html"; }; }; }; }; diff --git a/system-modules/users.nix b/system-modules/users.nix index cec112b..bc092ac 100755 --- a/system-modules/users.nix +++ b/system-modules/users.nix @@ -5,7 +5,7 @@ users.users."${user}" = { isNormalUser = true; - extraGroups = [ "networkmanager" "wheel" "audio" "video" "docker" "libvirtd" "uinput" "input" "ydotool" ]; + extraGroups = [ "networkmanager" "wheel" "audio" "video" "docker" "libvirtd" "uinput" "input" "ydotool" "acme" "nginx" ]; useDefaultShell = true; openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID1RPCcS8DtIf75a2FEW4d8X6WTVeLlmretoLqppvZlJ" # From [A] GPG Sub Key