m3tam3re/nixos-config
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

Compare commits

base: m3tam3re/nixos-config:90e417525bcaac3e1764b82cefefe4b037a96da0
Branches Tags
m3tam3re/nixos-config:master m3tam3re/nixos-config:__dolt_remote_info__ m3tam3re/nixos-config:feature/agent-lib-m3-kratos m3tam3re/nixos-config:feat/hyprland-lua
...
compare: m3tam3re/nixos-config:feat/hyprland-lua
Branches Tags
m3tam3re/nixos-config:master m3tam3re/nixos-config:__dolt_remote_info__ m3tam3re/nixos-config:feature/agent-lib-m3-kratos m3tam3re/nixos-config:feat/hyprland-lua

17 Commits
90e417525b ... feat/hyprland-lua

Author SHA1 Message Date
m3ta-chiron 826569ed98 feat: migrate host Hyprland configs to Lua (Hyprland 0.55+) 
- m3-kratos/home.nix: use hl.monitor({}), hl.workspace_rule({}),
  hl.window_rule({}) table-based Lua API
- m3-ares/home.nix: same Lua API + tuxedo-backlight via hl.on()
- Update flake.lock: home-manager -> 74f170c6 (2026-05-18)
 2026-05-18 17:27:15 +02:00
m3tam3re af08084692 chore: fix git identity for m3-hermes 2026-05-11 19:27:11 +02:00
m3tam3re 4f9944101f chore: optimize hermes 2026-05-11 19:01:17 +02:00
m3tam3re 20d2548791 Merge pull request 'fix(m3-atlas): remove netbird-only middleware from dashboard router' (#16) from fix/remove-netbird-middleware into master 
Reviewed-on: #16
 2026-05-11 17:16:42 +02:00
m3ta-chiron a957fd1372 fix(m3-atlas): remove netbird-only middleware from dashboard router 
Access control is handled at DNS level — dash.m3ta.dev resolves to
Netbird IP (100.81.142.56) which is unreachable from the public internet.
No need for IP whitelist middleware.
 2026-05-11 17:15:16 +02:00
m3tam3re 354791f252 Merge pull request 'feat: Hermes Dashboard via m3-atlas Traefik (TLS + Netbird-only)' (#15) from feat/hermes-dashboard-traefik into master 
Reviewed-on: #15
 2026-05-11 16:09:53 +02:00
m3ta-chiron fc39e05beb feat: Hermes Dashboard via m3-atlas Traefik with TLS + Netbird-only access 
m3-hermes:
- Add --insecure flag (required for 0.0.0.0 bind, safe behind Netbird firewall)
- Update comments to document the Traefik proxy flow

m3-atlas Traefik:
- New service: hermes-dashboard → http://100.81.231.152:9119 (Netbird)
- New router: dash.m3ta.dev with GoDaddy TLS cert
- New middleware: netbird-only (IP whitelist 100.64.0.0/16)

Flow: Browser → dash.m3ta.dev (TLS) → Traefik → Netbird → m3-hermes:9119
 2026-05-11 15:53:04 +02:00
m3tam3re e6f184f24a chore: hermes dashboard over netbird 2026-05-11 11:36:49 +02:00
m3tam3re 72ef896297 Merge pull request 'feat(m3-hermes): Hermes Dashboard as systemd service with Netbird-only firewall' (#13) from feat/hermes-dashboard-service into master 
Reviewed-on: #13
 2026-05-11 11:26:51 +02:00
m3ta-chiron 20bd28d567 feat(m3-hermes): add Hermes Dashboard as systemd service with Netbird-only firewall 
- New hermes-dashboard.service: runs 'hermes dashboard' on 0.0.0.0:9119
- Firewall restricts port 9119 to Netbird mesh VPN range (100.64.0.0/16)
- Runs as hermes user with NoNewPrivileges + ProtectSystem hardening
- Depends on hermes-agent.service (starts after gateway)
- Added placeholder hermes-api-server-key.age (needs real encryption on host)
 2026-05-11 11:19:21 +02:00
m3tam3re e743808d2b Merge pull request 'feat(m3-hermes): Netbird mesh VPN + API server for Desktop App' (#12) from feat/hermes-netbird-api-server into master 
Reviewed-on: #12
 2026-05-11 09:15:48 +02:00
m3ta-chiron c6df5d3836 feat(m3-hermes): add Netbird mesh VPN + enable API server for Hermes Desktop 2026-05-10 11:46:21 +02:00
m3tam3re 1544764f37 chore: m3-atlas -coding 2026-05-09 10:46:47 +02:00
m3tam3re c4fefdd172 Merge pull request 'feat(m3-hermes): enable Kanban board + update for v0.13.0' (#11) from feat/hermes-v0.13-kanban into master 
Reviewed-on: #11
 2026-05-09 10:43:53 +02:00
m3ta-chiron ee94ebf660 feat(m3-hermes): enable kanban board + update for v0.13.0 
- Add kanban config block with gateway-embedded dispatcher
  (dispatch_in_gateway=true, 60s interval)
- Update venvSitePackages path from python3.11 to python3.12
  (v0.13.0 upgraded Python runtime)
- Update checkpoints section comment for v2
 2026-05-09 10:29:22 +02:00
m3tam3re 6128d0ae61 chore: udate m3-atlas 2026-05-09 10:17:14 +02:00
m3tam3re 22f15abd34 chore: flake update 2026-05-09 09:58:33 +02:00
32 changed files with 819 additions and 556 deletions
Expand all files Collapse all files
.beads/hooks/post-checkout
+2 -2
View File
@@ -1,5 +1,5 @@
#!/usr/bin/env sh
# --- BEGIN BEADS INTEGRATION v1.0.2 ---
# --- BEGIN BEADS INTEGRATION v1.0.3 ---
# This section is managed by beads. Do not remove these markers.
if command -v bd >/dev/null 2>&1; then
export BD_GIT_HOOK=1
@@ -21,4 +21,4 @@ if command -v bd >/dev/null 2>&1; then
fi
if [ $_bd_exit -ne 0 ]; then exit $_bd_exit; fi
fi
# --- END BEADS INTEGRATION v1.0.2 ---
# --- END BEADS INTEGRATION v1.0.3 ---
.beads/hooks/post-merge
+2 -2
View File
@@ -1,5 +1,5 @@
#!/usr/bin/env sh
# --- BEGIN BEADS INTEGRATION v1.0.2 ---
# --- BEGIN BEADS INTEGRATION v1.0.3 ---
# This section is managed by beads. Do not remove these markers.
if command -v bd >/dev/null 2>&1; then
export BD_GIT_HOOK=1
@@ -21,4 +21,4 @@ if command -v bd >/dev/null 2>&1; then
fi
if [ $_bd_exit -ne 0 ]; then exit $_bd_exit; fi
fi
# --- END BEADS INTEGRATION v1.0.2 ---
# --- END BEADS INTEGRATION v1.0.3 ---
.beads/hooks/pre-commit
+2 -2
View File
@@ -1,5 +1,5 @@
#!/usr/bin/env sh
# --- BEGIN BEADS INTEGRATION v1.0.2 ---
# --- BEGIN BEADS INTEGRATION v1.0.3 ---
# This section is managed by beads. Do not remove these markers.
if command -v bd >/dev/null 2>&1; then
export BD_GIT_HOOK=1
@@ -21,4 +21,4 @@ if command -v bd >/dev/null 2>&1; then
fi
if [ $_bd_exit -ne 0 ]; then exit $_bd_exit; fi
fi
# --- END BEADS INTEGRATION v1.0.2 ---
# --- END BEADS INTEGRATION v1.0.3 ---
.beads/hooks/pre-push
+2 -2
View File
@@ -1,5 +1,5 @@
#!/usr/bin/env sh
# --- BEGIN BEADS INTEGRATION v1.0.2 ---
# --- BEGIN BEADS INTEGRATION v1.0.3 ---
# This section is managed by beads. Do not remove these markers.
if command -v bd >/dev/null 2>&1; then
export BD_GIT_HOOK=1
@@ -21,4 +21,4 @@ if command -v bd >/dev/null 2>&1; then
fi
if [ $_bd_exit -ne 0 ]; then exit $_bd_exit; fi
fi
# --- END BEADS INTEGRATION v1.0.2 ---
# --- END BEADS INTEGRATION v1.0.3 ---
.beads/hooks/prepare-commit-msg
+2 -2
View File
@@ -1,5 +1,5 @@
#!/usr/bin/env sh
# --- BEGIN BEADS INTEGRATION v1.0.2 ---
# --- BEGIN BEADS INTEGRATION v1.0.3 ---
# This section is managed by beads. Do not remove these markers.
if command -v bd >/dev/null 2>&1; then
export BD_GIT_HOOK=1
@@ -21,4 +21,4 @@ if command -v bd >/dev/null 2>&1; then
fi
if [ $_bd_exit -ne 0 ]; then exit $_bd_exit; fi
fi
# --- END BEADS INTEGRATION v1.0.2 ---
# --- END BEADS INTEGRATION v1.0.3 ---
.beads/issues.jsonl
+3 -3
View File
@@ -1,3 +1,3 @@
{"id":"home-profile-restructuring-edz","title":"Create copy-hermes-skills systemd service","status":"closed","priority":1,"issue_type":"task","assignee":"m3tm3re","owner":"p@m3ta.dev","estimated_minutes":1,"created_at":"2026-04-26T12:30:10Z","created_by":"m3tm3re","updated_at":"2026-04-26T12:44:42Z","started_at":"2026-04-26T12:36:30Z","closed_at":"2026-04-26T12:44:42Z","close_reason":"Created systemd service in hosts/m3-hermes/services/hermes-agent.nix - copies skills to /var/lib/hermes/.agents/skills before hermes-agent starts","labels":["hermes-agent","nixos"],"dependencies":[{"issue_id":"home-profile-restructuring-edz","depends_on_id":"home-profile-restructuring-ycz","type":"blocks","created_at":"2026-04-26T14:30:57Z","created_by":"m3tm3re","metadata":"{}"}],"dependency_count":1,"dependent_count":1,"comment_count":0}
{"id":"home-profile-restructuring-ycz","title":"Build hermes-agent skills using mkOpencodeSkills","status":"closed","priority":1,"issue_type":"task","assignee":"m3tm3re","owner":"p@m3ta.dev","estimated_minutes":2,"created_at":"2026-04-26T12:30:09Z","created_by":"m3tm3re","updated_at":"2026-04-26T12:35:15Z","started_at":"2026-04-26T12:31:35Z","closed_at":"2026-04-26T12:35:15Z","close_reason":"Added inputs to module signature and defined hermesSkills via inputs.agents.lib.mkOpencodeSkills with basecamp, anthropic, and kestra external skills. Verified with nixos-rebuild dry-run --flake .#m3-hermes (no errors).","labels":["hermes-agent","nixos"],"dependency_count":0,"dependent_count":1,"comment_count":0}
{"id":"home-profile-restructuring-cxa","title":"Verify skills available at /var/lib/hermes/.agents/skills","status":"closed","priority":2,"issue_type":"task","assignee":"m3tm3re","owner":"p@m3ta.dev","estimated_minutes":1,"created_at":"2026-04-26T12:30:10Z","created_by":"m3tm3re","updated_at":"2026-04-26T12:50:58Z","started_at":"2026-04-26T12:38:15Z","closed_at":"2026-04-26T12:50:58Z","close_reason":"Manually verified - skills are present at /var/lib/hermes/.agents/skills on m3-hermes","labels":["hermes-agent","testing"],"dependencies":[{"issue_id":"home-profile-restructuring-cxa","depends_on_id":"home-profile-restructuring-edz","type":"blocks","created_at":"2026-04-26T14:30:57Z","created_by":"m3tm3re","metadata":"{}"}],"dependency_count":1,"dependent_count":0,"comment_count":0}
{"_type":"issue","id":"home-profile-restructuring-edz","title":"Create copy-hermes-skills systemd service","status":"closed","priority":1,"issue_type":"task","assignee":"m3tm3re","owner":"p@m3ta.dev","estimated_minutes":1,"created_at":"2026-04-26T12:30:10Z","created_by":"m3tm3re","updated_at":"2026-04-26T12:44:42Z","started_at":"2026-04-26T12:36:30Z","closed_at":"2026-04-26T12:44:42Z","close_reason":"Created systemd service in hosts/m3-hermes/services/hermes-agent.nix - copies skills to /var/lib/hermes/.agents/skills before hermes-agent starts","labels":["hermes-agent","nixos"],"dependencies":[{"issue_id":"home-profile-restructuring-edz","depends_on_id":"home-profile-restructuring-ycz","type":"blocks","created_at":"2026-04-26T14:30:57Z","created_by":"m3tm3re","metadata":"{}"}],"dependency_count":1,"dependent_count":1,"comment_count":0}
{"_type":"issue","id":"home-profile-restructuring-ycz","title":"Build hermes-agent skills using mkOpencodeSkills","status":"closed","priority":1,"issue_type":"task","assignee":"m3tm3re","owner":"p@m3ta.dev","estimated_minutes":2,"created_at":"2026-04-26T12:30:09Z","created_by":"m3tm3re","updated_at":"2026-04-26T12:35:15Z","started_at":"2026-04-26T12:31:35Z","closed_at":"2026-04-26T12:35:15Z","close_reason":"Added inputs to module signature and defined hermesSkills via inputs.agents.lib.mkOpencodeSkills with basecamp, anthropic, and kestra external skills. Verified with nixos-rebuild dry-run --flake .#m3-hermes (no errors).","labels":["hermes-agent","nixos"],"dependency_count":0,"dependent_count":1,"comment_count":0}
{"_type":"issue","id":"home-profile-restructuring-cxa","title":"Verify skills available at /var/lib/hermes/.agents/skills","status":"closed","priority":2,"issue_type":"task","assignee":"m3tm3re","owner":"p@m3ta.dev","estimated_minutes":1,"created_at":"2026-04-26T12:30:10Z","created_by":"m3tm3re","updated_at":"2026-04-26T12:50:58Z","started_at":"2026-04-26T12:38:15Z","closed_at":"2026-04-26T12:50:58Z","close_reason":"Manually verified - skills are present at /var/lib/hermes/.agents/skills on m3-hermes","labels":["hermes-agent","testing"],"dependencies":[{"issue_id":"home-profile-restructuring-cxa","depends_on_id":"home-profile-restructuring-edz","type":"blocks","created_at":"2026-04-26T14:30:57Z","created_by":"m3tm3re","metadata":"{}"}],"dependency_count":1,"dependent_count":0,"comment_count":0}
.gitignore
+2
View File
@@ -26,6 +26,7 @@ Thumbs.db
opencode.json
# AI agent state
.claude/
.sidecar/
.sidecar-*
.sisyphus/
@@ -39,6 +40,7 @@ opencode.json
.pi*
.worktrees/
docs/plans/
CLAUDE.md
# Beads / Dolt files (added by bd init)
.dolt/
flake.lock
Generated
+474 -100
View File
@@ -21,10 +21,47 @@
"type": "github"
}
},
"agenix_2": {
"inputs": {
"darwin": "darwin_2",
"home-manager": "home-manager_4",
"nixpkgs": "nixpkgs_6",
"systems": "systems_4"
},
"locked": {
"lastModified": 1770165109,
"narHash": "sha256-9VnK6Oqai65puVJ4WYtCTvlJeXxMzAp/69HhQuTdl/I=",
"owner": "ryantm",
"repo": "agenix",
"rev": "b027ee29d959fda4b60b57566d64c98a202e0feb",
"type": "github"
},
"original": {
"owner": "ryantm",
"repo": "agenix",
"type": "github"
}
},
"agents": {
"inputs": {
"nixpkgs": "nixpkgs_2"
},
"locked": {
"lastModified": 1778518220,
"narHash": "sha256-6AQs9VZ0/DuD4njPbYHRE4v+SgJc6SBrGwemTWxikVc=",
"ref": "refs/heads/master",
"rev": "b6e1aaa6261c5056d024d8d4785659eaa4e675e6",
"revCount": 87,
"type": "git",
"url": "ssh://gitea@code.m3ta.dev/m3tam3re/AGENTS"
},
"original": {
"type": "git",
"url": "ssh://gitea@code.m3ta.dev/m3tam3re/AGENTS"
}
},
"agents_2": {
"flake": false,
"locked": {
"lastModified": 1777399938,
"narHash": "sha256-xXPqUQezDdDtF8MbpZnwD1HkybOYwF92evx8rJ6OXCU=",
@@ -39,7 +76,7 @@
"url": "https://code.m3ta.dev/m3tam3re/AGENTS"
}
},
"agents_2": {
"agents_3": {
"flake": false,
"locked": {
"lastModified": 1777399938,
@@ -71,7 +108,46 @@
"type": "github"
}
},
"base16-schemes_2": {
"flake": false,
"locked": {
"lastModified": 1696158499,
"narHash": "sha256-5yIHgDTPjoX/3oDEfLSQ0eJZdFL1SaCfb9d6M0RmOTM=",
"owner": "tinted-theming",
"repo": "base16-schemes",
"rev": "a9112eaae86d9dd8ee6bb9445b664fba2f94037a",
"type": "github"
},
"original": {
"owner": "tinted-theming",
"repo": "base16-schemes",
"type": "github"
}
},
"basecamp": {
"inputs": {
"nixpkgs": [
"m3ta-home",
"m3ta-nixpkgs",
"nixpkgs"
]
},
"locked": {
"lastModified": 1774505501,
"narHash": "sha256-7UiRrDptj7yuEFwToOfdunUMz/i3jRLR7CmMoYQjq6k=",
"owner": "basecamp",
"repo": "basecamp-cli",
"rev": "f087e6ef84002503d0dbc75ea1c8c928a8928d9e",
"type": "github"
},
"original": {
"owner": "basecamp",
"ref": "v0.7.2",
"repo": "basecamp-cli",
"type": "github"
}
},
"basecamp_2": {
"inputs": {
"nixpkgs": [
"m3ta-nixpkgs",
@@ -174,6 +250,29 @@
"type": "github"
}
},
"darwin_2": {
"inputs": {
"nixpkgs": [
"m3ta-home",
"agenix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1744478979,
"narHash": "sha256-dyN+teG9G82G+m+PX/aSAagkC+vUv0SgUw3XkPhQodQ=",
"owner": "lnl7",
"repo": "nix-darwin",
"rev": "43975d782b418ebf4969e9ccba82466728c2851b",
"type": "github"
},
"original": {
"owner": "lnl7",
"ref": "master",
"repo": "nix-darwin",
"type": "github"
}
},
"disko": {
"inputs": {
"nixpkgs": [
@@ -181,11 +280,11 @@
]
},
"locked": {
"lastModified": 1776613567,
"narHash": "sha256-gC9Cp5ibBmGD5awCA9z7xy6MW6iJufhazTYJOiGlCUI=",
"lastModified": 1777713215,
"narHash": "sha256-8GzXDOXckDWwST8TY5DbwYFjdvQLlP7K9CLSVx6iTTo=",
"owner": "nix-community",
"repo": "disko",
"rev": "32f4236bfc141ae930b5ba2fb604f561fed5219d",
"rev": "63b4e7e6cf75307c1d26ac3762b886b5b0247267",
"type": "github"
},
"original": {
@@ -223,11 +322,11 @@
]
},
"locked": {
"lastModified": 1775087534,
"narHash": "sha256-91qqW8lhL7TLwgQWijoGBbiD4t7/q75KTi8NxjVmSmA=",
"lastModified": 1777988971,
"narHash": "sha256-qIoWPDs+0/8JecyYgE3gpKQxW/4bLW/gp45vow9ioCQ=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "3107b77cd68437b9a76194f0f7f9c55f2329ca5b",
"rev": "0678d8986be1661af6bb555f3489f2fdfc31f6ff",
"type": "github"
},
"original": {
@@ -237,6 +336,28 @@
}
},
"flake-parts_3": {
"inputs": {
"nixpkgs-lib": [
"m3ta-home",
"nur",
"nixpkgs"
]
},
"locked": {
"lastModified": 1733312601,
"narHash": "sha256-4pDvzqnegAfRkPwO3wmwBhVi/Sye1mzps0zHWYnP88c=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "205b12d8b7cd4802fbcb8e8ef6a0f1408781a4f9",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "flake-parts",
"type": "github"
}
},
"flake-parts_4": {
"inputs": {
"nixpkgs-lib": [
"nur",
@@ -285,16 +406,16 @@
"uv2nix": "uv2nix_2"
},
"locked": {
"lastModified": 1777573861,
"narHash": "sha256-whY/1WL2fQUhPqDp7CGm3MSwOOo7FB1eADhNVnHeCRU=",
"lastModified": 1778170968,
"narHash": "sha256-YQQUEDUim2CiYpL3uG7Wi1fWPsT2wtIqoBeJuAj9hUk=",
"owner": "NousResearch",
"repo": "hermes-agent",
"rev": "73bf3ab1b22314ed9dfecbb59242c03742fe72af",
"rev": "498bfc7bc12a937621b4215312049b1000726df3",
"type": "github"
},
"original": {
"owner": "NousResearch",
"ref": "v2026.4.30",
"ref": "v2026.5.7",
"repo": "hermes-agent",
"type": "github"
}
@@ -327,11 +448,11 @@
]
},
"locked": {
"lastModified": 1777476904,
"narHash": "sha256-EeLoE8n4+QCbteyAsYXxhfr97RFfWL1ga0xwfL6lpKw=",
"lastModified": 1779113444,
"narHash": "sha256-/L61sT1PIKmGWIQpIh0uJGH/ANvcsf6y4alxtb9kelg=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "8c8e5389e75a36bee53920de8ee24f017b3ae03e",
"rev": "74f170c62d57f90e656841f1f699e6bdf40f0a24",
"type": "github"
},
"original": {
@@ -361,13 +482,56 @@
"type": "github"
}
},
"home-manager_4": {
"inputs": {
"nixpkgs": [
"m3ta-home",
"agenix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1745494811,
"narHash": "sha256-YZCh2o9Ua1n9uCvrvi5pRxtuVNml8X2a03qIFfRKpFs=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "abfad3d2958c9e6300a883bd443512c55dfeb1be",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "home-manager",
"type": "github"
}
},
"home-manager_5": {
"inputs": {
"nixpkgs": [
"m3ta-home",
"nixpkgs"
]
},
"locked": {
"lastModified": 1778503501,
"narHash": "sha256-08L/X4/do7nET4rzidJ76eV/1r+mB7DchVpdPypsghc=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "85ba629c79449badf4338117c27f0ee92b4b9f1a",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "home-manager",
"type": "github"
}
},
"hyprlang": {
"inputs": {
"nixpkgs": [
"rose-pine-hyprcursor",
"nixpkgs"
],
"systems": "systems_4"
"systems": "systems_5"
},
"locked": {
"lastModified": 1709914708,
@@ -413,11 +577,11 @@
"treefmt-nix": "treefmt-nix"
},
"locked": {
"lastModified": 1777439951,
"narHash": "sha256-1Bs4ZbBayXWicrOrQQn3/BnnqhEy+tQjdFn40wHu1dw=",
"lastModified": 1778304612,
"narHash": "sha256-7FkBnR56KZ8RwY5kPd3ans8f68IYjF1J66gOUlLsiLA=",
"owner": "numtide",
"repo": "llm-agents.nix",
"rev": "2641c18f5bb9d0b95e81beca1b0415e174d7e650",
"rev": "c741913095c4815f6651aa0a2c24b3ce15e414e4",
"type": "github"
},
"original": {
@@ -426,26 +590,76 @@
"type": "github"
}
},
"m3ta-home": {
"inputs": {
"agenix": "agenix_2",
"home-manager": "home-manager_5",
"m3ta-nixpkgs": "m3ta-nixpkgs",
"nix-colors": "nix-colors",
"nixpkgs": [
"nixpkgs"
],
"nur": "nur"
},
"locked": {
"lastModified": 1778520138,
"narHash": "sha256-X58c8BUIshyUnp6XEKumFUYXqMFnrDTj+aGuGIbKwxg=",
"ref": "refs/heads/master",
"rev": "a87d9510bd84f51bf93970730b8688ab7221bbdd",
"revCount": 30,
"type": "git",
"url": "ssh://gitea@code.m3ta.dev/m3tam3re/m3ta-home"
},
"original": {
"type": "git",
"url": "ssh://gitea@code.m3ta.dev/m3tam3re/m3ta-home"
}
},
"m3ta-nixpkgs": {
"inputs": {
"agents": "agents_2",
"basecamp": "basecamp",
"nixpkgs": "nixpkgs_6",
"nixpkgs": [
"m3ta-home",
"nixpkgs"
],
"nixpkgs-master": "nixpkgs-master",
"openspec": "openspec"
},
"locked": {
"lastModified": 1777486032,
"narHash": "sha256-UStORUF67vzXQ1jtORzR2cTv8GCvrxweF7HFHJgPpqw=",
"lastModified": 1778508052,
"narHash": "sha256-kxzZvJv757TGfHReR21aX6N/jkGMWzGSy9GQEclYD4Y=",
"ref": "refs/heads/master",
"rev": "1da8c96447eb74a316861f6242421ef0309c29a8",
"revCount": 267,
"rev": "8113723a48c4afa016881ccd5bc4be3fad2c7d5f",
"revCount": 294,
"type": "git",
"url": "https://code.m3ta.dev/m3tam3re/nixpkgs"
"url": "ssh://gitea@code.m3ta.dev/m3tam3re/nixpkgs"
},
"original": {
"type": "git",
"url": "https://code.m3ta.dev/m3tam3re/nixpkgs"
"url": "ssh://gitea@code.m3ta.dev/m3tam3re/nixpkgs"
}
},
"m3ta-nixpkgs_2": {
"inputs": {
"agents": "agents_3",
"basecamp": "basecamp_2",
"nixpkgs": "nixpkgs_8",
"nixpkgs-master": "nixpkgs-master_2",
"openspec": "openspec_2"
},
"locked": {
"lastModified": 1778518789,
"narHash": "sha256-9WZvO2BBofC2Wp4dvP4/aQ6Jhmcxh9lEGTYj09hLXrI=",
"ref": "refs/heads/master",
"rev": "d64c581516c02702ec28e5d2304330d7b035235d",
"revCount": 295,
"type": "git",
"url": "ssh://gitea@code.m3ta.dev/m3tam3re/nixpkgs"
},
"original": {
"type": "git",
"url": "ssh://gitea@code.m3ta.dev/m3tam3re/nixpkgs"
}
},
"nix-colors": {
@@ -467,6 +681,25 @@
"type": "github"
}
},
"nix-colors_2": {
"inputs": {
"base16-schemes": "base16-schemes_2",
"nixpkgs-lib": "nixpkgs-lib_2"
},
"locked": {
"lastModified": 1707825078,
"narHash": "sha256-hTfge2J2W+42SZ7VHXkf4kjU+qzFqPeC9k66jAUBMHk=",
"owner": "misterio77",
"repo": "nix-colors",
"rev": "b01f024090d2c4fc3152cd0cf12027a7b8453ba1",
"type": "github"
},
"original": {
"owner": "misterio77",
"repo": "nix-colors",
"type": "github"
}
},
"nixlib": {
"locked": {
"lastModified": 1736643958,
@@ -485,7 +718,7 @@
"nixos-generators": {
"inputs": {
"nixlib": "nixlib",
"nixpkgs": "nixpkgs_7"
"nixpkgs": "nixpkgs_9"
},
"locked": {
"lastModified": 1769813415,
@@ -564,6 +797,21 @@
"type": "github"
}
},
"nixpkgs-lib_2": {
"locked": {
"lastModified": 1697935651,
"narHash": "sha256-qOfWjQ2JQSQL15KLh6D7xQhx0qgZlYZTYlcEiRuAMMw=",
"owner": "nix-community",
"repo": "nixpkgs.lib",
"rev": "e1e11fdbb01113d85c7f41cada9d2847660e3902",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "nixpkgs.lib",
"type": "github"
}
},
"nixpkgs-locked": {
"locked": {
"lastModified": 1739661218,
@@ -582,11 +830,11 @@
},
"nixpkgs-master": {
"locked": {
"lastModified": 1777470666,
"narHash": "sha256-uAi+pTjKLturTz3XqTwnsU0fJnqf8xx8orfPpRbdaKQ=",
"lastModified": 1778507606,
"narHash": "sha256-6Yc2dIhijc8G+dbMNocyclxF19dUrjaT+EeXGrXmXlg=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "053b9fa5f0fbdac0bd9d248cea58a11223eb495d",
"rev": "39a7b8d815fcc8b689d56fc4a3fa8de4ef93d169",
"type": "github"
},
"original": {
@@ -598,11 +846,27 @@
},
"nixpkgs-master_2": {
"locked": {
"lastModified": 1777483759,
"narHash": "sha256-luE+pNcTx3gz109lEC/xUxPHrx1aEZsp5X4OEBcnGaw=",
"lastModified": 1778507606,
"narHash": "sha256-6Yc2dIhijc8G+dbMNocyclxF19dUrjaT+EeXGrXmXlg=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "39a7b8d815fcc8b689d56fc4a3fa8de4ef93d169",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "master",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-master_3": {
"locked": {
"lastModified": 1778307931,
"narHash": "sha256-GkUOqeH6tb2/K1tv3t0F/xROIAh5/zEGutzEUIrQ+u8=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "b540331d6f1e343b6812b5aa1d97c707a0de0da2",
"rev": "8f689324e32c31a3d2c24490a19e266c3fb6508b",
"type": "github"
},
"original": {
@@ -614,11 +878,11 @@
},
"nixpkgs-stable": {
"locked": {
"lastModified": 1777077449,
"narHash": "sha256-AIiMJiqvGrN4HyLEbKAoCSRRYn0rnlW5VbKNIMIYqm4=",
"lastModified": 1778003029,
"narHash": "sha256-q/nkKLDtHIyLjZpKhWk3cSK5IYsFqtMd6UtXF3ddjgA=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "a4bf06618f0b5ee50f14ed8f0da77d34ecc19160",
"rev": "0c88e1f2bdb93d5999019e99cb0e61e1fe2af4c5",
"type": "github"
},
"original": {
@@ -628,6 +892,38 @@
"type": "github"
}
},
"nixpkgs_10": {
"locked": {
"lastModified": 1777954456,
"narHash": "sha256-hGdgeU2Nk87RAuZyYjyDjFL6LK7dAZN5RE9+hrDTkDU=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "549bd84d6279f9852cae6225e372cc67fb91a4c1",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_11": {
"locked": {
"lastModified": 1710272261,
"narHash": "sha256-g0bDwXFmTE7uGDOs9HcJsfLFhH7fOsASbAuOzDC+fhQ=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "0ad13a6833440b8e238947e47bea7f11071dc2b2",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_2": {
"locked": {
"lastModified": 1772479524,
@@ -678,11 +974,11 @@
},
"nixpkgs_5": {
"locked": {
"lastModified": 1776949667,
"narHash": "sha256-GMSVw35Q+294GlrTUKlx087E31z7KurReQ1YHSKp5iw=",
"lastModified": 1778124196,
"narHash": "sha256-pYEytCNic/czazbV9r3tbQ6BZzqRBg/41x2dIC5ymOo=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "01fbdeef22b76df85ea168fbfe1bfd9e63681b30",
"rev": "68a8af93ff4297686cb68880845e61e5e2e41d92",
"type": "github"
},
"original": {
@@ -694,11 +990,43 @@
},
"nixpkgs_6": {
"locked": {
"lastModified": 1777268161,
"narHash": "sha256-bxrdOn8SCOv8tN4JbTF/TXq7kjo9ag4M+C8yzzIRYbE=",
"lastModified": 1754028485,
"narHash": "sha256-IiiXB3BDTi6UqzAZcf2S797hWEPCRZOwyNThJIYhUfk=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "1c3fe55ad329cbcb28471bb30f05c9827f724c76",
"rev": "59e69648d345d6e8fef86158c555730fa12af9de",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-25.05",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_7": {
"locked": {
"lastModified": 1777954456,
"narHash": "sha256-hGdgeU2Nk87RAuZyYjyDjFL6LK7dAZN5RE9+hrDTkDU=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "549bd84d6279f9852cae6225e372cc67fb91a4c1",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_8": {
"locked": {
"lastModified": 1777954456,
"narHash": "sha256-hGdgeU2Nk87RAuZyYjyDjFL6LK7dAZN5RE9+hrDTkDU=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "549bd84d6279f9852cae6225e372cc67fb91a4c1",
"type": "github"
},
"original": {
@@ -708,7 +1036,7 @@
"type": "github"
}
},
"nixpkgs_7": {
"nixpkgs_9": {
"locked": {
"lastModified": 1736657626,
"narHash": "sha256-FWlPMUzp0lkQBdhKlPqtQdqmp+/C+1MBiEytaYfrCTY=",
@@ -724,38 +1052,6 @@
"type": "github"
}
},
"nixpkgs_8": {
"locked": {
"lastModified": 1777268161,
"narHash": "sha256-bxrdOn8SCOv8tN4JbTF/TXq7kjo9ag4M+C8yzzIRYbE=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "1c3fe55ad329cbcb28471bb30f05c9827f724c76",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_9": {
"locked": {
"lastModified": 1710272261,
"narHash": "sha256-g0bDwXFmTE7uGDOs9HcJsfLFhH7fOsASbAuOzDC+fhQ=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "0ad13a6833440b8e238947e47bea7f11071dc2b2",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"npm-lockfile-fix": {
"inputs": {
"nixpkgs": [
@@ -780,16 +1076,35 @@
"nur": {
"inputs": {
"flake-parts": "flake-parts_3",
"nixpkgs": "nixpkgs_7"
},
"locked": {
"lastModified": 1778506944,
"narHash": "sha256-lU0Bleh0reE+WU7j8Uiqsu6ekPav50L8sXsgOvEQS+0=",
"owner": "nix-community",
"repo": "NUR",
"rev": "0166493cfe4e0e9927435c1cfbf5505cfb0d10d1",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "NUR",
"type": "github"
}
},
"nur_2": {
"inputs": {
"flake-parts": "flake-parts_4",
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1777486007,
"narHash": "sha256-5R0q8ESHux3Le76n4IuNUThkAo4o2M+Kj1Loj2J7ahI=",
"lastModified": 1778308643,
"narHash": "sha256-MpJyLyJWAwOy7rVs7pWqRwH2b8/rj+B524VzdonvXBs=",
"owner": "nix-community",
"repo": "NUR",
"rev": "6f5d55cfd726ff4cd68d006bddbdf459d0dc471b",
"rev": "98d908741ed91101cd0649961f12d2427bdba7d3",
"type": "github"
},
"original": {
@@ -801,16 +1116,38 @@
"openspec": {
"inputs": {
"nixpkgs": [
"m3ta-home",
"m3ta-nixpkgs",
"nixpkgs"
]
},
"locked": {
"lastModified": 1776788052,
"narHash": "sha256-L4LBHVVtgMhSJm+IzZSYOR0UXPbvIRg4xiEV5urYxdI=",
"lastModified": 1778120451,
"narHash": "sha256-MUSPD16+hoFBfQWYahtNLN2BIFEAlFFo2KNofrc947g=",
"owner": "Fission-AI",
"repo": "OpenSpec",
"rev": "3c7a05c5dc88b2397c478805890b55ed392b19e8",
"rev": "053d8a59d587f3c027a06ad80503a6b43d4f2a92",
"type": "github"
},
"original": {
"owner": "Fission-AI",
"repo": "OpenSpec",
"type": "github"
}
},
"openspec_2": {
"inputs": {
"nixpkgs": [
"m3ta-nixpkgs",
"nixpkgs"
]
},
"locked": {
"lastModified": 1778120451,
"narHash": "sha256-MUSPD16+hoFBfQWYahtNLN2BIFEAlFFo2KNofrc947g=",
"owner": "Fission-AI",
"repo": "OpenSpec",
"rev": "053d8a59d587f3c027a06ad80503a6b43d4f2a92",
"type": "github"
},
"original": {
@@ -916,17 +1253,19 @@
"home-manager": "home-manager_2",
"hyprpanel": "hyprpanel",
"llm-agents": "llm-agents",
"m3ta-nixpkgs": "m3ta-nixpkgs",
"nix-colors": "nix-colors",
"m3ta-home": "m3ta-home",
"m3ta-nixpkgs": "m3ta-nixpkgs_2",
"nix-colors": "nix-colors_2",
"nixos-generators": "nixos-generators",
"nixpkgs": "nixpkgs_8",
"nixpkgs": "nixpkgs_10",
"nixpkgs-45570c2": "nixpkgs-45570c2",
"nixpkgs-9e58ed7": "nixpkgs-9e58ed7",
"nixpkgs-locked": "nixpkgs-locked",
"nixpkgs-master": "nixpkgs-master_2",
"nixpkgs-master": "nixpkgs-master_3",
"nixpkgs-stable": "nixpkgs-stable",
"nur": "nur",
"nur": "nur_2",
"rose-pine-hyprcursor": "rose-pine-hyprcursor",
"rustfs": "rustfs",
"skills-anthropic": "skills-anthropic",
"skills-basecamp": "skills-basecamp",
"skills-kestra": "skills-kestra",
@@ -937,7 +1276,7 @@
"rose-pine-hyprcursor": {
"inputs": {
"hyprlang": "hyprlang",
"nixpkgs": "nixpkgs_9",
"nixpkgs": "nixpkgs_11",
"utils": "utils"
},
"locked": {
@@ -954,14 +1293,34 @@
"type": "github"
}
},
"rustfs": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1777635550,
"narHash": "sha256-QHknn6JYNb4+8ztMl7Ngk3Px3r2FRUPwbbrswYuHSpA=",
"owner": "rustfs",
"repo": "rustfs-flake",
"rev": "efaad834053c41ac618804fb4e7612cea455848e",
"type": "github"
},
"original": {
"owner": "rustfs",
"repo": "rustfs-flake",
"type": "github"
}
},
"skills-anthropic": {
"flake": false,
"locked": {
"lastModified": 1776964038,
"narHash": "sha256-xFsg66TCtKzSgRIW6Ab771FWEIhei3jPgfE4byMiB44=",
"lastModified": 1778286877,
"narHash": "sha256-jKNYFom6R+Qw7LQ8vFPBe51JpqIP0tTSY8LM4aPlnT4=",
"owner": "anthropics",
"repo": "skills",
"rev": "5128e1865d670f5d6c9cef000e6dfc4e951fb5b9",
"rev": "f458cee31a7577a47ba0c9a101976fa599385174",
"type": "github"
},
"original": {
@@ -973,11 +1332,11 @@
"skills-basecamp": {
"flake": false,
"locked": {
"lastModified": 1777481361,
"narHash": "sha256-GJ94Y1n+zR6zpOWjAGFYFWFIFpT1royFJOy2TaQXpzU=",
"lastModified": 1777902228,
"narHash": "sha256-XDsWpUhFb/gxatRFla07nwoc2y3WwaBLsiDdtCnqx38=",
"owner": "basecamp",
"repo": "basecamp-cli",
"rev": "59d59b66974d442190b0762129b4f1749adcedf0",
"rev": "b56ada1b3d42b42a9422ba39b30a223f9f960231",
"type": "github"
},
"original": {
@@ -1005,11 +1364,11 @@
"skills-superpowers": {
"flake": false,
"locked": {
"lastModified": 1776996157,
"narHash": "sha256-0WupTacT1jIwVBloj1i0RF7wIllVtP8eMPRl7VrXdbE=",
"lastModified": 1777932301,
"narHash": "sha256-3E3rO6hR87JUfS3XV1Eaoz6SDWOftleWvN9UPNFEMjw=",
"owner": "obra",
"repo": "superpowers",
"rev": "6efe32c9e2dd002d0c394e861e0529675d1ab32e",
"rev": "f2cbfbefebbfef77321e4c9abc9e949826bea9d7",
"type": "github"
},
"original": {
@@ -1021,11 +1380,11 @@
"skills-vercel": {
"flake": false,
"locked": {
"lastModified": 1777394685,
"narHash": "sha256-YxCMuTl+pVJ7dXhaL7l9vDw9k2orlG31j7/0pgllMJk=",
"lastModified": 1778275952,
"narHash": "sha256-RYwgUf173N4lGalTta4HkBR7sdZwuzRoAY6M8JsT+RY=",
"owner": "vercel-labs",
"repo": "skills",
"rev": "7c0a9af3f8738965b71341712710ac7371089b34",
"rev": "c99a72b371b5b4da865f5afa87c5a686f3a46766",
"type": "github"
},
"original": {
@@ -1080,6 +1439,21 @@
}
},
"systems_4": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"systems_5": {
"locked": {
"lastModified": 1689347949,
"narHash": "sha256-12tWmuL2zgBgZkdoB6qXZsgJEH9LR3oUgpaQq2RbI80=",
@@ -1094,7 +1468,7 @@
"type": "github"
}
},
"systems_5": {
"systems_6": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
@@ -1132,7 +1506,7 @@
},
"utils": {
"inputs": {
"systems": "systems_5"
"systems": "systems_6"
},
"locked": {
"lastModified": 1710146030,
flake.nix
+8 -2
View File
@@ -73,7 +73,12 @@
url = "github:vercel-labs/skills";
flake = false;
};
hermes-agent.url = "github:NousResearch/hermes-agent/v2026.4.30";
hermes-agent.url = "github:NousResearch/hermes-agent/v2026.5.7";
rustfs = {
url = "github:rustfs/rustfs-flake";
inputs.nixpkgs.follows = "nixpkgs";
};
};
outputs = {
@@ -99,7 +104,7 @@
in {
packages =
forAllSystems (system: import ./pkgs nixpkgs.legacyPackages.${system});
overlays = builtins.removeAttrs allOverlays ["mkLlmAgentsOverlay"];
overlays = removeAttrs allOverlays ["mkLlmAgentsOverlay"];
lib.mkLlmAgentsOverlay = allOverlays.mkLlmAgentsOverlay;
homeManagerModules = import ./modules/home-manager;
@@ -127,6 +132,7 @@
inputs.disko.nixosModules.disko
agenix.nixosModules.default
m3ta-nixpkgs.nixosModules.default
inputs.rustfs.nixosModules.rustfs
];
};
m3-kratos = nixpkgs.lib.nixosSystem {
hosts/common/users/m3tam3re.nix
+8 -5
View File
@@ -37,7 +37,7 @@
# ── Server hosts ──
m3-atlas = {
context = "server";
sets = ["coding"];
sets = [];
};
m3-helios = {
context = "server";
@@ -53,10 +53,13 @@
};
};
profile = hostProfiles.${hostname} or {
context = "server";
sets = [];
};
profile =
hostProfiles.${
hostname
} or {
context = "server";
sets = [];
};
m3ta-lib = inputs.m3ta-home.lib;
# Check if a per-host home.nix exists
hosts/m3-ares/home.nix
+24 -20
View File
@@ -36,35 +36,39 @@ with lib; {
};
}
# ── Hyprland monitor layout ──
# ── Hyprland monitor layout & host-specific rules ──
(mkIf config.desktop.wm.hyprland.enable {
wayland.windowManager.hyprland = {
enable = true;
settings = {
exec-once = ["tuxedo-backlight"];
# Laptop internal + external HDMI
monitor = [
"eDP-1,preferred,0x0,1.25"
"HDMI-A-1,1920x1080@120,2560x0,1"
{ output = "eDP-1"; mode = "preferred"; position = "0x0"; scale = 1.25; }
{ output = "HDMI-A-1"; mode = "1920x1080@120"; position = "2560x0"; scale = 1; }
];
workspace = [
"1, monitor:eDP-1, default:true"
"2, monitor:eDP-1"
"3, monitor:eDP-1"
"4, monitor:HDMI-A-1"
"5, monitor:HDMI-A-1,border:false,rounding:false"
"6, monitor:HDMI-A-1"
workspace_rule = [
{ workspace = 1; monitor = "eDP-1"; default = true; }
{ workspace = 2; monitor = "eDP-1"; }
{ workspace = 3; monitor = "eDP-1"; }
{ workspace = 4; monitor = "HDMI-A-1"; }
{ workspace = 5; monitor = "HDMI-A-1"; border = false; rounding = false; }
{ workspace = 6; monitor = "HDMI-A-1"; }
];
windowrule = [
"match:class dev.zed.Zed, workspace 1"
"match:class Msty, workspace 1"
"match:class ^(com.obsproject.Studio)$, workspace 2"
"match:class ^(brave-browser)$, workspace 4, opacity 1.0"
"match:class ^(vivaldi-stable)$, workspace 4, opacity 1.0"
"match:class ^steam_app_\\d+$, fullscreen on"
"match:class ^steam_app_\\d+$, workspace 5"
"match:class ^steam_app_\\d+$, idle_inhibit focus"
window_rule = [
{ match = { class = "dev.zed.Zed" }; workspace = "1"; }
{ match = { class = "Msty" }; workspace = "1"; }
{ match = { class = "^com.obsproject.Studio$" }; workspace = "2"; }
{ match = { class = "^(brave-browser)$" }; workspace = "4"; opacity = 1.0; }
{ match = { class = "^(vivaldi-stable)$" }; workspace = "4"; opacity = 1.0; }
{ match = { class = "^steam_app_\\d+$" }; fullscreen = true; workspace = "5"; idle_inhibit = "focus"; }
];
};
extraConfig = mkAfter ''
-- Host startup: TUXEDO backlight
hl.on("hyprland.start", function()
hl.exec_cmd("tuxedo-backlight")
end)
'';
};
})
];
hosts/m3-atlas/secrets.nix
+2
View File
@@ -10,6 +10,8 @@
kestra-env = {file = ../../secrets/kestra-env.age;};
littlelink-m3tam3re = {file = ../../secrets/littlelink-m3tam3re.age;};
minio-root-cred = {file = ../../secrets/minio-root-cred.age;};
rustfs-access-key = {file = ../../secrets/rustfs-access-key.age;};
rustfs-secret-key = {file = ../../secrets/rustfs-secret-key.age;};
n8n-env = {file = ../../secrets/n8n-env.age;};
netbird-auth-secret = {
file = ../../secrets/netbird-auth-secret.age;
hosts/m3-atlas/services/default.nix
+1 -1
View File
@@ -4,7 +4,7 @@
./containers
./gitea.nix
./gitea-actions-runner.nix
./minio.nix
./rustfs.nix
./mysql.nix
./netbird.nix
./n8n.nix
hosts/m3-atlas/services/hermes-agent.nix
-191
View File
@@ -1,191 +0,0 @@
{config, ...}: let
# Default ElevenLabs voice: Bella (German-capable female)
elevenlabsVoiceId = "hpp4J3VqNfWAUOO0d1Us";
in {
services.hermes-agent = {
enable = true;
addToSystemPackages = true;
# Secrets via agenix
environmentFiles = [config.age.secrets."hermes-env".path];
# Non-secret environment variables
environment = {
#
};
# ── Container mode (podman) ──────────────────────────────────────────
container = {
enable = true;
backend = "podman";
};
settings = {
# ── Model ──────────────────────────────────────────────────────────
model = {
default = "glm-5.1";
provider = "zai";
base_url = "https://api.z.ai/api/coding/paas/v4/";
};
credential_pool_strategies = {
zai = "fill_first";
};
toolsets = ["all"];
# ── Agent ──────────────────────────────────────────────────────────
agent = {
max_turns = 90;
gateway_timeout = 1800;
tool_use_enforcement = "auto";
};
# ── Terminal ───────────────────────────────────────────────────────
terminal = {
backend = "local";
modal_mode = "auto";
cwd = ".";
timeout = 180;
persistent_shell = true;
};
# ── Browser ────────────────────────────────────────────────────────
browser = {
inactivity_timeout = 120;
command_timeout = 30;
cloud_provider = "local";
};
# ── Checkpoints / Compression ──────────────────────────────────────
checkpoints = {
enabled = true;
max_snapshots = 50;
};
file_read_max_chars = 100000;
compression = {
enabled = true;
threshold = 0.5;
target_ratio = 0.2;
protect_last_n = 20;
};
# ── Display ────────────────────────────────────────────────────────
display = {
compact = false;
personality = "kawaii";
resume_display = "full";
busy_input_mode = "interrupt";
inline_diffs = true;
skin = "default";
tool_progress = "all";
};
# ── TTS / STT / Voice ──────────────────────────────────────────────
tts = {
provider = "elevenlabs";
elevenlabs = {
voice_id = elevenlabsVoiceId;
model_id = "eleven_multilingual_v2";
};
};
stt = {
enabled = true;
provider = "local";
local = {model = "base";};
};
voice = {
record_key = "ctrl+b";
max_recording_seconds = 120;
silence_threshold = 200;
silence_duration = 3.0;
};
# ── Memory ─────────────────────────────────────────────────────────
memory = {
memory_enabled = true;
user_profile_enabled = true;
memory_char_limit = 2200;
user_char_limit = 1375;
};
# ── Delegation ─────────────────────────────────────────────────────
delegation = {
max_iterations = 50;
};
# ── Discord ────────────────────────────────────────────────────────
discord = {
require_mention = true;
auto_thread = true;
reactions = true;
};
# ── Approvals / Security ───────────────────────────────────────────
approvals = {
mode = "manual";
timeout = 60;
};
security = {
redact_secrets = true;
tirith_enabled = true;
tirith_fail_open = true;
};
# ── Cron / Session ─────────────────────────────────────────────────
cron = {wrap_response = true;};
session_reset = {
mode = "both";
idle_minutes = 1440;
at_hour = 4;
};
# ── Web ────────────────────────────────────────────────────────────
web = {backend = "exa";};
# ── Platform Toolsets ──────────────────────────────────────────────
platform_toolsets = {
cli = [
"browser"
"clarify"
"code_execution"
"cronjob"
"delegation"
"file"
"image_gen"
"memory"
"session_search"
"skills"
"terminal"
"todo"
"tts"
"vision"
"web"
];
telegram = [
"browser"
"clarify"
"code_execution"
"cronjob"
"delegation"
"file"
"image_gen"
"memory"
"session_search"
"skills"
"terminal"
"todo"
"tts"
"vision"
"web"
];
};
};
};
}
hosts/m3-atlas/services/minio.nix → hosts/m3-atlas/services/rustfs.nix
+23 -8
View File
@@ -1,14 +1,29 @@
{config, ...}: {
services.minio = {
{
config,
inputs,
pkgs,
...
}: {
services.rustfs = {
enable = true;
region = "eu-central-1";
package = inputs.rustfs.packages.${pkgs.stdenv.hostPlatform.system}.default;
# Reuse existing MinIO data directory
volumes = "/var/storage/s3";
# Keep same ports as MinIO to avoid changing Traefik and client configs
address = ":3008";
consoleEnable = true;
consoleAddress = ":3007";
listenAddress = ":3008";
browser = true;
rootCredentialsFile = config.age.secrets.minio-root-cred.path;
dataDir = ["/var/storage/s3"];
# Credentials via agenix
accessKeyFile = config.age.secrets.rustfs-access-key.path;
secretKeyFile = config.age.secrets.rustfs-secret-key.path;
logLevel = "info";
};
# Traefik configuration specific to minio
# Traefik configuration — same routes as before
services.traefik.dynamicConfigOptions.http = {
services.minio-console.loadBalancer.servers = [
{
hosts/m3-atlas/services/traefik.nix
+15
View File
@@ -43,6 +43,12 @@
dynamicConfigOptions = {
http = {
services = {
# ── Hermes Dashboard (m3-hermes over Netbird) ────────────────
hermes-dashboard = {
loadBalancer.servers = [
{url = "http://100.81.231.152:9119";}
];
};
dummy = {
loadBalancer.servers = [
{url = "http://192.168.0.1";} # Diese URL wird nie verwendet
@@ -79,6 +85,15 @@
};
routers = {
# ── Hermes Dashboard — Netbird mesh only ─────────────────────
hermes-dashboard = {
rule = "Host(`dash.m3ta.dev`)";
service = "hermes-dashboard";
entrypoints = ["websecure"];
tls = {
certResolver = "godaddy";
};
};
api = {
rule = "Host(`r.m3tam3re.com`)";
service = "api@internal";
hosts/m3-hermes/secrets.nix
+3
View File
@@ -7,6 +7,9 @@
hermes-cloud-env = {
file = ../../secrets/hermes-cloud-env.age;
};
hermes-api-server-key = {
file = ../../secrets/hermes-api-server-key.age;
};
};
};
}
hosts/m3-hermes/services/default.nix
+2
View File
@@ -1,5 +1,7 @@
{
imports = [
./hermes-agent.nix
./hermes-dashboard.nix
./netbird.nix
];
}
hosts/m3-hermes/services/hermes-agent.nix
+37 -11
View File
@@ -11,11 +11,12 @@
# matrix-nio is installed via pip in /home/hermes/.venv but the hermes
# process uses the read-only Nix store Python, so we inject the venv's
# site-packages via PYTHONPATH and provide libstdc++ for libolm (e2e).
venvSitePackages = "/home/hermes/.venv/lib/python3.11/site-packages";
# NOTE: v0.13.0 upgraded to Python 3.12 — path updated accordingly.
venvSitePackages = "/home/hermes/.venv/lib/python3.12/site-packages";
gccLibPath = "${pkgs.stdenv.cc.cc.lib}/lib";
# Build skills using agents flake lib for hermes user
hermesSkills = inputs.agents.lib.mkOpencodeSkills {
hermesSkills = inputs.agents.lib.mkSkills {
inherit pkgs;
customSkills = "${inputs.agents}/skills";
externalSkills = [
@@ -48,13 +49,6 @@ in {
user: m3ta-chiron
default: true
''}"
"f /home/hermes/.gitconfig 0644 hermes hermes - ${pkgs.writeText "gitconfig" ''
[user]
name = m3ta-chiron
email = m3ta-chiron@agentmail.to
[init]
defaultBranch = main
''}"
];
systemd.services.copy-hermes-skills = {
@@ -78,21 +72,40 @@ in {
enable = true;
addToSystemPackages = true;
extraPackages = with pkgs; [docker git tea];
extraPackages = with pkgs; [
docker
git
tea
nix
zellij
];
# Secrets via agenix
environmentFiles = [
config.age.secrets."hermes-env".path
config.age.secrets."hermes-cloud-env".path
config.age.secrets."hermes-api-server-key".path
];
# Non-secret environment variables
# Git identity is set entirely via env vars (GIT_AUTHOR_*, GIT_COMMITTER_*,
# GIT_INIT_DEFAULT_BRANCH) — no .gitconfig file needed. Env vars take
# precedence over any gitconfig, and the hermes gateway injects them into
# all terminal sessions via .env.
environment = {
GLM_BASE_URL = "https://api.z.ai/api/coding/paas/v4/";
GIT_AUTHOR_NAME = "m3ta-chiron";
GIT_AUTHOR_EMAIL = "m3ta-chiron@agentmail.to";
GIT_COMMITTER_NAME = "m3ta-chiron";
GIT_COMMITTER_EMAIL = "m3ta-chiron@agentmail.to";
GIT_INIT_DEFAULT_BRANCH = "master";
# ── API Server (OpenAI-compatible, for Hermes Desktop App) ─────────
# Accessible via Netbird mesh VPN — not exposed to the public internet.
# Bind to 0.0.0.0 so the Netbird interface can reach it.
API_SERVER_ENABLED = "true";
API_SERVER_HOST = "0.0.0.0";
API_SERVER_PORT = "8642";
};
# ── Container mode (podman) ──────────────────────────────────────────
@@ -152,7 +165,8 @@ in {
cloud_provider = "local";
};
# ── Checkpoints / Compression ──────────────────────────────────────
# ── Checkpoints v2 ─────────────────────────────────────────────────
# v0.13.0: Single-store rewrite with real pruning + disk guardrails.
checkpoints = {
enabled = true;
max_snapshots = 50;
@@ -215,12 +229,24 @@ in {
max_spawn_depth = 2;
};
# ── Kanban (v0.13.0 — Multi-Agent Board) ──────────────────────────
# Durable task board with embedded dispatcher in gateway process.
# Workers are full OS processes with identity, heartbeat, reclaim,
# zombie detection, and hallucination gate.
kanban = {
dispatch_in_gateway = true;
dispatch_interval_seconds = 60;
};
# ── Matrix ────────────────────────────────────────────────────────
matrix = {
homeserver = "https://matrix.m3ta.dev";
user_id = "@chiron:m3ta.dev";
allowed_users = ["@m3tam3re:m3ta.dev"];
encryption = true;
group_sessions_per_user = true;
auto_thread = true;
dm_mention_threads = true;
};
# ── Approvals / Security ───────────────────────────────────────────
hosts/m3-hermes/services/hermes-dashboard.nix
+65
View File
@@ -0,0 +1,65 @@
{
config,
pkgs,
inputs,
...
}: let
# Netbird mesh VPN range — dashboard only accessible from mesh peers.
# m3-atlas Traefik proxies to this port over Netbird.
netbirdRange = "100.64.0.0/16";
# Reference the hermes-agent package from the running service config
hermesPkg = config.services.hermes-agent.package or (inputs.hermes-agent.packages.${pkgs.stdenv.hostPlatform.system}.default or pkgs.hermes-agent);
in {
# ── Hermes Dashboard systemd service ───────────────────────────────────
# Web UI for managing Hermes Agent — sessions, config, kanban, cron, etc.
#
# Flow: Browser → dash.m3ta.dev (TLS via m3-atlas Traefik) → Netbird → :9119
#
# --insecure is required to bind 0.0.0.0 (hermes refuses non-localhost otherwise).
# Safe because firewall restricts port 9119 to Netbird mesh only.
systemd.services.hermes-dashboard = {
description = "Hermes Agent Web Dashboard";
after = ["network.target" "hermes-agent.service"];
wants = ["hermes-agent.service"];
wantedBy = ["multi-user.target"];
serviceConfig = {
Type = "simple";
User = "hermes";
Group = "hermes";
ExecStart = "${hermesPkg}/bin/hermes dashboard --host 0.0.0.0 --port 9119 --no-open --insecure";
# Environment matching the hermes-agent service
Environment = [
"HERMES_HOME=/var/lib/hermes/.hermes"
"HERMES_MANAGED=true"
"HOME=/var/lib/hermes"
];
# Security hardening (matching hermes-agent service pattern)
NoNewPrivileges = true;
ProtectSystem = "strict";
ProtectHome = "read-only";
ReadWritePaths = ["/var/lib/hermes" "/tmp"];
PrivateTmp = true;
# Restart policy
Restart = "on-failure";
RestartSec = 5;
};
};
# ── Firewall: Dashboard only from Netbird mesh ─────────────────────────
networking.firewall = {
extraCommands = ''
# Allow Hermes Dashboard (9119/tcp) only from Netbird mesh VPN
ip46tables -A nixos-fw -p tcp --dport 9119 -s ${netbirdRange} -j nixos-fw-accept
'';
extraStopCommands = ''
ip46tables -D nixos-fw -p tcp --dport 9119 -s ${netbirdRange} -j nixos-fw-accept 2>/dev/null || true
'';
};
}
hosts/m3-hermes/services/netbird.nix
+29
View File
@@ -0,0 +1,29 @@
{pkgs, ...}: {
services.netbird.enable = true;
systemd.services.netbird = {
environment = {
NB_DISABLE_SSH_CONFIG = "true";
NB_USE_LEGACY_ROUTING = "true";
};
path = [
pkgs.shadow
pkgs.util-linux
];
};
programs.ssh.extraConfig = ''
Match exec "${pkgs.netbird}/bin/netbird ssh detect %h %p"
PreferredAuthentications password,publickey,keyboard-interactive
PasswordAuthentication yes
PubkeyAuthentication yes
BatchMode no
ProxyCommand ${pkgs.netbird}/bin/netbird ssh proxy %h %p
StrictHostKeyChecking no
UserKnownHostsFile /dev/null
CheckHostIP no
LogLevel ERROR
'';
networking.firewall.checkReversePath = "loose";
}
hosts/m3-kratos/configuration.nix
+1 -1
View File
@@ -10,7 +10,7 @@
# Use the systemd-boot EFI boot loader.
boot.supportedFilesystems = ["zfs"];
boot.zfs.package = pkgs.zfs_unstable;
boot.zfs.forceImportAll = true;
boot.zfs.forceImportAll = false;
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
boot.initrd.kernelModules = ["amdgpu"];
hosts/m3-kratos/home.nix
+19 -18
View File
@@ -36,31 +36,32 @@ with lib; {
};
}
# ── Hyprland monitor layout ──
# ── Hyprland monitor layout & host-specific rules ──
(mkIf config.desktop.wm.hyprland.enable {
wayland.windowManager.hyprland = {
enable = true;
settings = {
# Dual monitor: DP-1 left, DP-2 right
monitor = [
"DP-1,2560x1440@144,0x0,1"
"DP-2,2560x1440@144,2560x0,1"
{ output = "DP-1"; mode = "2560x1440@144"; position = "0x0"; scale = 1; }
{ output = "DP-2"; mode = "2560x1440@144"; position = "2560x0"; scale = 1; }
];
workspace = [
"1, monitor:DP-1, default:true"
"2, monitor:DP-1"
"3, monitor:DP-1"
"4, monitor:DP-2"
"5, monitor:DP-2"
"6, monitor:DP-2"
"7, monitor:DP-2"
workspace_rule = [
{ workspace = 1; monitor = "DP-1"; default = true; }
{ workspace = 2; monitor = "DP-1"; }
{ workspace = 3; monitor = "DP-1"; }
{ workspace = 4; monitor = "DP-2"; }
{ workspace = 5; monitor = "DP-2"; }
{ workspace = 6; monitor = "DP-2"; }
{ workspace = 7; monitor = "DP-2"; }
];
windowrule = [
"match:class dev.zed.Zed, workspace 1"
"match:class Msty, workspace 1"
"match:class ^(com.obsproject.Studio)$, workspace 2"
"match:class ^(brave-browser)$, workspace 4, opacity 1.0"
"match:class ^(vivaldi-stable)$, workspace 4, opacity 1.0"
"match:class ^steam_app_\\d+$, idle_inhibit focus"
window_rule = [
{ match = { class = "dev.zed.Zed" }; workspace = "1"; }
{ match = { class = "Msty" }; workspace = "1"; }
{ match = { class = "^com.obsproject.Studio$" }; workspace = "2"; }
{ match = { class = "^(brave-browser)$" }; workspace = "4"; opacity = 1.0; }
{ match = { class = "^(vivaldi-stable)$" }; workspace = "4"; opacity = 1.0; }
{ match = { class = "^steam_app_\\d+$" }; idle_inhibit = "focus"; }
];
};
};
hosts/m3-kratos/services/default.nix
-1
View File
@@ -1,7 +1,6 @@
{pkgs, ...}: {
imports = [
./containers
./hermes-agent.nix
./mem0.nix
# ./n8n.nix
./netbird.nix
hosts/m3-kratos/services/hermes-agent.nix
-184
View File
@@ -1,184 +0,0 @@
{config, ...}: let
# Default ElevenLabs voice: Bella (German-capable female)
elevenlabsVoiceId = "hpp4J3VqNfWAUOO0d1Us";
in {
services.hermes-agent = {
enable = true;
addToSystemPackages = true;
# Secrets via agenix
environmentFiles = [config.age.secrets."hermes-env".path];
# Non-secret environment variables
environment = {
GLM_BASE_URL = "https://api.z.ai/api/coding/paas/v4/";
};
settings = {
# ── Model ──────────────────────────────────────────────────────────
model = {
default = "glm-5.1";
provider = "zai";
};
credential_pool_strategies = {
zai = "fill_first";
};
toolsets = ["all"];
# ── Agent ──────────────────────────────────────────────────────────
agent = {
max_turns = 90;
gateway_timeout = 1800;
tool_use_enforcement = "auto";
};
# ── Terminal ───────────────────────────────────────────────────────
terminal = {
backend = "ssh";
modal_mode = "auto";
cwd = ".";
timeout = 180;
persistent_shell = true;
};
# ── Browser ────────────────────────────────────────────────────────
browser = {
inactivity_timeout = 120;
command_timeout = 30;
cloud_provider = "local";
};
# ── Checkpoints / Compression ──────────────────────────────────────
checkpoints = {
enabled = true;
max_snapshots = 50;
};
file_read_max_chars = 100000;
compression = {
enabled = true;
threshold = 0.5;
target_ratio = 0.2;
protect_last_n = 20;
};
# ── Display ────────────────────────────────────────────────────────
display = {
compact = false;
personality = "kawaii";
resume_display = "full";
busy_input_mode = "interrupt";
inline_diffs = true;
skin = "default";
tool_progress = "all";
};
# ── TTS / STT / Voice ──────────────────────────────────────────────
tts = {
provider = "elevenlabs";
elevenlabs = {
voice_id = elevenlabsVoiceId;
model_id = "eleven_multilingual_v2";
};
};
stt = {
enabled = true;
provider = "local";
local = {model = "base";};
};
voice = {
record_key = "ctrl+b";
max_recording_seconds = 120;
silence_threshold = 200;
silence_duration = 3.0;
};
# ── Memory ─────────────────────────────────────────────────────────
memory = {
memory_enabled = true;
user_profile_enabled = true;
memory_char_limit = 2200;
user_char_limit = 1375;
};
# ── Delegation ─────────────────────────────────────────────────────
delegation = {
max_iterations = 50;
};
# ── Discord ────────────────────────────────────────────────────────
discord = {
require_mention = true;
auto_thread = true;
reactions = true;
};
# ── Approvals / Security ───────────────────────────────────────────
approvals = {
mode = "manual";
timeout = 60;
};
security = {
redact_secrets = true;
tirith_enabled = true;
tirith_fail_open = true;
};
# ── Cron / Session ─────────────────────────────────────────────────
cron = {wrap_response = true;};
session_reset = {
mode = "both";
idle_minutes = 1440;
at_hour = 4;
};
# ── Web ────────────────────────────────────────────────────────────
web = {backend = "exa";};
# ── Platform Toolsets ──────────────────────────────────────────────
platform_toolsets = {
cli = [
"browser"
"clarify"
"code_execution"
"cronjob"
"delegation"
"file"
"image_gen"
"memory"
"session_search"
"skills"
"terminal"
"todo"
"tts"
"vision"
"web"
];
telegram = [
"browser"
"clarify"
"code_execution"
"cronjob"
"delegation"
"file"
"image_gen"
"memory"
"session_search"
"skills"
"terminal"
"todo"
"tts"
"vision"
"web"
];
};
};
};
}
issues.jsonl
+1 -1
View File
@@ -1,3 +1,3 @@
{"id":"home-profile-restructuring-edz","title":"Create copy-hermes-skills systemd service","status":"closed","priority":1,"issue_type":"task","assignee":"m3tm3re","owner":"p@m3ta.dev","estimated_minutes":1,"created_at":"2026-04-26T12:30:10Z","created_by":"m3tm3re","updated_at":"2026-04-26T12:44:42Z","started_at":"2026-04-26T12:36:30Z","closed_at":"2026-04-26T12:44:42Z","close_reason":"Created systemd service in hosts/m3-hermes/services/hermes-agent.nix - copies skills to /var/lib/hermes/.agents/skills before hermes-agent starts","labels":["hermes-agent","nixos"],"dependencies":[{"issue_id":"home-profile-restructuring-edz","depends_on_id":"home-profile-restructuring-ycz","type":"blocks","created_at":"2026-04-26T14:30:57Z","created_by":"m3tm3re","metadata":"{}"}],"dependency_count":1,"dependent_count":1,"comment_count":0}
{"id":"home-profile-restructuring-ycz","title":"Build hermes-agent skills using mkOpencodeSkills","status":"closed","priority":1,"issue_type":"task","assignee":"m3tm3re","owner":"p@m3ta.dev","estimated_minutes":2,"created_at":"2026-04-26T12:30:09Z","created_by":"m3tm3re","updated_at":"2026-04-26T12:35:15Z","started_at":"2026-04-26T12:31:35Z","closed_at":"2026-04-26T12:35:15Z","close_reason":"Added inputs to module signature and defined hermesSkills via inputs.agents.lib.mkOpencodeSkills with basecamp, anthropic, and kestra external skills. Verified with nixos-rebuild dry-run --flake .#m3-hermes (no errors).","labels":["hermes-agent","nixos"],"dependency_count":0,"dependent_count":1,"comment_count":0}
{"id":"home-profile-restructuring-ycz","title":"Build hermes-agent skills using mkSkills","status":"closed","priority":1,"issue_type":"task","assignee":"m3tm3re","owner":"p@m3ta.dev","estimated_minutes":2,"created_at":"2026-04-26T12:30:09Z","created_by":"m3tm3re","updated_at":"2026-04-26T12:35:15Z","started_at":"2026-04-26T12:31:35Z","closed_at":"2026-04-26T12:35:15Z","close_reason":"Added inputs to module signature and defined hermesSkills via inputs.agents.lib.mkSkills with basecamp, anthropic, and kestra external skills. Verified with nixos-rebuild dry-run --flake .#m3-hermes (no errors).","labels":["hermes-agent","nixos"],"dependency_count":0,"dependent_count":1,"comment_count":0}
{"id":"home-profile-restructuring-cxa","title":"Verify skills available at /var/lib/hermes/.agents/skills","status":"closed","priority":2,"issue_type":"task","assignee":"m3tm3re","owner":"p@m3ta.dev","estimated_minutes":1,"created_at":"2026-04-26T12:30:10Z","created_by":"m3tm3re","updated_at":"2026-04-26T12:50:58Z","started_at":"2026-04-26T12:38:15Z","closed_at":"2026-04-26T12:50:58Z","close_reason":"Manually verified - skills are present at /var/lib/hermes/.agents/skills on m3-hermes","labels":["hermes-agent","testing"],"dependencies":[{"issue_id":"home-profile-restructuring-cxa","depends_on_id":"home-profile-restructuring-edz","type":"blocks","created_at":"2026-04-26T14:30:57Z","created_by":"m3tm3re","metadata":"{}"}],"dependency_count":1,"dependent_count":0,"comment_count":0}
secrets.nix
+3
View File
@@ -23,6 +23,8 @@ in {
"secrets/kestra-config.age".publicKeys = systems ++ users;
"secrets/kestra-env.age".publicKeys = systems ++ users;
"secrets/minio-root-cred.age".publicKeys = systems ++ users;
"secrets/rustfs-access-key.age".publicKeys = systems ++ users;
"secrets/rustfs-secret-key.age".publicKeys = systems ++ users;
"secrets/n8n-env.age".publicKeys = systems ++ users;
"secrets/netbird-auth-secret.age".publicKeys = systems ++ users;
"secrets/netbird-db-password.age".publicKeys = systems ++ users;
@@ -50,6 +52,7 @@ in {
"secrets/honcho-key.age".publicKeys = systems ++ users;
"secrets/hermes-env.age".publicKeys = systems ++ users;
"secrets/hermes-cloud-env.age".publicKeys = systems ++ users;
"secrets/hermes-api-server-key.age".publicKeys = systems ++ users;
"secrets/hermes-gitea-token.age".publicKeys = systems ++ users;
"secrets/tuwunel-registration-token.age".publicKeys = systems ++ users;
}
secrets/hermes-api-server-key.age
+26
View File
@@ -0,0 +1,26 @@
age-encryption.org/v1
-> ssh-ed25519 4NLKrw 2TwbZwX9SwWg4SVC0A2ICmyRjSfO+xtfBcBOK1lh3T4
DSf4DrOAvW7L49lh6cq5IqrMM7gqXv2+67rR3ttn+CE
-> ssh-ed25519 5kwcsA K1hqFOAxq2T+oLp3bQjLYpXtlQVkA7RHCM/8ETMGbwU
xIE4xz50LB5vbDTTLKVcx9vC2iXIsRLThHYYxGjcJyY
-> ssh-ed25519 9d4YIQ bXYb62OM/N+EXpMOZZ6zEbpfaH10Vz62PuUdGODXolw
j64kKzOn8CmSnykEuWnXHZ0nfqwOfOxX4FPR4GSouR0
-> ssh-ed25519 3Bcr1w C4alN6ud7q0K4I7NHuBgC77D6zeTfZVGjNS3EKpvL00
NpjOsg3eJ5LvX0lV7NYuVHLeqeYylHdmw60H+KeG1GY
-> ssh-ed25519 c4NQlA In5wsg4+LTIEbP75B83GMXPCItSPGwKWUW8QO+QjXyY
oK1kikhr4RMq6QMv9kjNjiKrf5srlGh7hGbU2qns2rM
-> ssh-rsa DQlE7w
tcP4yPgGWqHYeE1gw/KD6cswik+9WU2s2f7hg5mK78085sQ7npXRsBVAz2OCRn07
foeAAmnY4YmKriBh421JOVNBDOXHR5dfaIKY9b663L+rYj99ic0rfW26C+dqKitF
SnvveL3Zf16nqg6duSVA7LIcIFgkIlA+RXnHPVho+P4GwEH7W8nCf/4kUquuhB7B
F4Hx1qOknmGyNBJBFi27D04ZDDk/ZVxioYsO6P6TUu7MuaGmQCoVKREDl5RRh4zO
XD8/TFDRsJLqqcbCKIlU+6CN1+L0r4FN4K0UaTjwPNzGvn5EEjBKw9RpOhdvI28I
WlAQ+w6gdQiz9Ju4e5p7Doz2MbNb6894DimawHjzl968Xy5ifX2XA+FBdcW5hU9A
u+7VXKZmbfMyvRA7lmKRoi4SurJAyQd6iXBrVKfTwFc53V/tJi48bsKcE3yXxHH+
lKGuZFNGDDkqCruycjvz94WaIHy3fv5hhmBdgwoCZK1VGSLAnwdm1rG4B9m3t/K8
-> ssh-ed25519 CSMyhg FNYYdEIJYcxkjMuM5lnIs9gIilvgD44uazZE8CjNeho
QHeghlsOOlYNMwhMHT4o7DeuyxGP/3wyqm94HUHjn44
--- zRG6aCTS+X18VpeN+tz38kaUoilk1kN5KrWTWYZ6pV4
ræX _qÔÁ’Ð껿H#p¯f™”}(žA(ã|»?ë0ªyJk¥SD‡\Jm&uõà &Ô9€ýÄ5Ù+çÊ…!v%Y˜ù~ãÁ$û“šZÇÓ° j„z–Â\ßá1,Vf˜
£’æ1zª»#Ó
secrets/hermes-cloud-env.age
BIN
View File
Binary file not shown.
secrets/honcho-key.age
BIN
View File
Binary file not shown.
secrets/rustfs-access-key.age
+31
View File
@@ -0,0 +1,31 @@
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDROTEtydyBnRjhF
SHhTS2YrOHF1OWM1Zm04elkzVWpST0hhN0RhOWZBZGpBYmNTVnk4Cm9SMm5NcWdV
Rnh0TVpqTlFSaGtaMnBrSGorUEhDd1RibWs1VUt5RGtqaVEKLT4gc3NoLWVkMjU1
MTkgNWt3Y3NBIFV5OWhMU204L25nR3ZLOWl1a1ppZkUvcTNJTDhlNmE3eXpJMjRL
NWdsWDQKNGhVYUhwRWRndjFYVEVIT3N2WE1WVncyV1Q1Q1BoNkhraVU5Q2s4UmtB
OAotPiBzc2gtZWQyNTUxOSA5ZDRZSVEgVkRwdGtHVTlTMUVMOFZrdUNHZHc5UWo3
WWtRaXJPY0p2QWZOUEtjWDVCYwpYQmh3ejdLOWdmM3dZbWJuRU1EYlRYZ2tJL3VY
OURUKzhRY2dtcVRQZnBnCi0+IHNzaC1lZDI1NTE5IDNCY3IxdyAyOFI4YllyWlox
V09BbERmRm4yd1Y5dlh0UGphK05DMGpsWXJQTmwrVlRVCjdqNE4yVHFKWFV3NXlr
bm40M1BpNGNNNDdJOXMyak5EUWdMa0hrb3lJY3cKLT4gc3NoLWVkMjU1MTkgYzRO
UWxBICsxb3poQit6VGRtWmZXUWUxMmRGWUN6RGVOeUxEZjdvZldTTE5XSFpDRVkK
bFNWLzFpazJLM0Q2R0NKU2FaS25ldEQ1RUZQM2RpektaT1NhRnJtS0JFcwotPiBz
c2gtcnNhIERRbEU3dwpFMVdKYnhiTWF4MCtJMFNHVGtOZGNBdlVDYWRRR252dVd6
NW1vNFRtbENLbHB2cHo1aE43M3RiZGh1QkVQVzBECjlvRnhYbjlpWWFFTEFFc1cw
NjFVSENsVWJHdWdGV3ZEY2tOcXkvUm9SSFE4VWw5eHVUSnV6SmxCRU9TNUdpRjMK
aGNhdHcvay85N0ZQNksydEhkcXNkc0h6dkRMRXlzUCtNNGM1V2tXb28wQ05valBH
TUdJa3V1bEdYRUZveFNwbwpIbWRnZmtQMDREd08rRkx3OERwRVZZNVlnSXlNNlFH
SkFoQWVEN1NzL0lqeVkvZllPdUkvbWZkU2NxNjQyYTIvCnJ4QmZ1SlpGNkp3UXFD
SUdFMFY5RWVadTd5QmM1U2tIZ3dLQ2ZZKzF0WTE3K09aN3FYWUVBYkErVlNpblNU
QzgKNENEZStFeitaYmE5Q1MyQ0lWSFlZb2hJdlBVNkhUUjBFWkxsWmZqdHNYb3Fk
VVJMMzg2V2xWdnNCNndGSWdpbAoyUHZ1WXR5UG04ZmZOdVluU2J6VUhKZ0xMZ0lS
R3YrY3RIRHJCby8yVWxIMWpGNWlJK1h4eXdRUXExT3pleWc3CnRmQVl1Yk1IUUFJ
blNoUGxVUUlVOG9FSE5CMDVidmZhSWJmWTFsY0lFcWpZU213cmcxNzFvb29XaklC
MnhpSkwKCi0+IHNzaC1lZDI1NTE5IENTTXloZyBOMDNYdGlvL3Y5QUp2YlNlUDZu
RXFyTkFWbFFsN1oweEErSS9Ccmh0WmwwClpzTWw1aXNqVXdaTVFrTTJ6Y0FWbVpR
TXk4cTNUUElkeGF1VUZ0U3RWcEEKLT4gTyUkcSZASGstZ3JlYXNlCnYwSGdsbE5h
d2JLOAotLS0gcjB3WU1rNDhBY1VxalpBNVJRSTJFZ0NhWEZlSW15UHphMnRHTjBj
aGptRQpiZ/2f41GnSHdg+EXeRwxHOHc/RNfEwlKhEB/Weq8tQ2Xf/jJ21WiWsTIm
g7Sq9EO6JyYMTJ/qlccpytfkU/qkouyR+z3prQcP7NWTcg==
-----END AGE ENCRYPTED FILE-----
secrets/rustfs-secret-key.age
+32
View File
@@ -0,0 +1,32 @@
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDROTEtydyBQd3FZ
dUFYOFhoUGdBejZKYjRnVmNvYU85LzdJS1lVZFNRS3pTeS9hT0c4Cndwc3pHdStQ
N1QvU0NSbGJhNEJCOE83eThhSFBrbDJPU0tDbmhIM3lwcjQKLT4gc3NoLWVkMjU1
MTkgNWt3Y3NBIHdaS3UvRUdFb3pITmZGdTNEaUtXdnlUMWFuNk5ZcFV0VVIwNllN
S2c5Rm8KV0x3Z2NjcUdLWmFEUExDT2EwbjFhQ2Y2TXNoaUc1d052RnJmM3VOSDVr
VQotPiBzc2gtZWQyNTUxOSA5ZDRZSVEgOG1URGlNekltV0YyQ2Y2NFdPL2tSWDlG
UnNLc2wrSllNWFd6aU9LWGN3YwpXUEthT3NNVHZJMUJndiswUVNFNWZjZnBDS3ZH
dXBJV1FSNEpPRGxQd0JrCi0+IHNzaC1lZDI1NTE5IDNCY3IxdyAvSTlFMitYZFVQ
ZER6ZDI5OEorTE5TRTdlcllPSmpkUjU5SkV2N0xQY1JBCmJPNFN5NEovdHBVVDRl
T0czS0g2dEgyTXhIMmtJVFRONDQ3enpLbFhJT3MKLT4gc3NoLWVkMjU1MTkgYzRO
UWxBIDBUV2RYajBTMkZ4WnV4ZUVCeHFZay9vRGR2dkcxaXBPOWxsZ05IZm1KVDAK
am56blp1ajlzc0NSYjY5NFdGNlNzQ0NNQzZPeVRtWTc1Z0lEYzc2TGNFMAotPiBz
c2gtcnNhIERRbEU3dwpOMGowMWFoRzhsTGp0U0RqeHUyckZvQU9EVkQxUXE1b0U0
N2hPU2NZY2huNm5kREg5SExCZGYzaTUwdWs4MjlsCjhONjVOWnZDZjFRU2k2K2Uz
dnVmWVd5MCt6bFk4UVU3UEdsWXZMOHlZMktzWWR4SFJ6Vzh4dDFpYWNYRVQ2UmsK
aW5iODV0WDYyQWN4K1ROZUVjdE40MGlxZDlXdnZVRVZBc04zdVRaOE9RTUJPUWxa
YnJjZEg3OGcxNHVEVkR0MgpGUWh6NHV4WTcxUEZwUU52QkdsOE5hZy9XWFpjQUFP
bDZzUjd3ZXFTTmpDN3ViZ0dpL3BOTFpBL3k2aUs3Qm9HCkVDeXZ2M0dQcWJwaXdm
N2E1R2pjcWY2V1dYaEFNMVc3MG9ndDRLd0tVdkxHSUxwL2REazE2Unc1Z3JjUHJh
NDgKamVqZjdkU0hCTVhqcjRsL1NtYkxxd3BId0lsRTRRUTNrZ05mcE1ZRkFSUlBW
VVdkd2VSNzJMQVJEM2QyVkMzSQoxRGVOOUtzdGVOMTBLVk8zN2xjT3lvYm0vSXpQ
VElTaS84SUxIekVybGYxV0ttZldVWHhyVVEvdzRFK3RibVFGCjV3bzltRjFTb0pu
bGJQaTJ1Mlgxd0hNN2VvS0p3eDd4WHNkaTkwV3MwWTdLWUxnNzJjLzBBZzZsck5h
Zk1UUDcKCi0+IHNzaC1lZDI1NTE5IENTTXloZyByQ1cwWm50UTY1bkp2NWZFeFVU
T0htZDFWUUFsdlBSOVVNY3RTZnNwdjE0CjBySlExb1dnTGJKZy9MT25Oa2hZdDJZ
Um9PZWlpOVA5bTBRM2wvVHJJaG8KLT4gWS1ncmVhc2UgWydtCnF4dzJjR2luMHBS
S2p3bUE2bVl2R2FaQ2hRK3greGMKLS0tIDhSdFFGaGlGRVV2VFZKcTNWYnNtbUQr
blprSjUyMjJwQkhBbVBCTmVhQ0kKUITtRYOYPDGGQlKrEp/JVUP8jTcptZxVaVcd
AmxviaG76EuXQeK/VgrGKoi+bZwHbpCbXBT2H8DBuSPgXdG3aQDQn2QgZylMnhmM
wzU=
-----END AGE ENCRYPTED FILE-----