From c8f5e744d097d3ae8e4c4bb32bd0a3c9c7a1f069 Mon Sep 17 00:00:00 2001 From: Evan Reichard Date: Sun, 11 Jan 2026 22:19:31 -0500 Subject: [PATCH] chore(cleanup): sops, opencode, etc --- .sops.yaml | 25 +- README.md | 24 + .../default.nix | 6 +- .../evanreichard@lin-va-thinkpad/default.nix | 6 +- .../evanreichard@lin-va-utility/default.nix | 10 +- modules/darwin/security/sops/default.nix | 30 +- .../terminal/nvim/config/lua/llm-config.lua | 35 +- .../terminal/nvim/config/lua/lsp-config.lua | 46 +- .../home/programs/terminal/nvim/default.nix | 12 +- .../opencode/config/agents/agent-creator.md | 65 +++ .../opencode/config/agents/architect.md | 66 +++ .../opencode/config/agents/developer.md | 76 +++ .../opencode/config/agents/orchestrator.md | 46 ++ .../opencode/config/agents/reviewer.md | 68 +++ .../programs/terminal/opencode/default.nix | 130 +++-- modules/home/services/sops/default.nix | 20 +- modules/nixos/security/sops/default.nix | 34 +- modules/nixos/services/llama-cpp/default.nix | 123 ----- modules/nixos/services/llama-swap/default.nix | 507 ++++++++++++++++++ modules/nixos/services/openssh/default.nix | 15 +- packages/opencode/default.nix | 10 +- packages/opencode/root_fix.patch | 31 ++ secrets/common/evanreichard.yaml | 44 ++ secrets/common/systems.yaml | 35 ++ secrets/default.yaml | 22 - secrets/keys.yaml | 27 + .../evanreichard/default.yaml | 21 - .../evanreichard/default.yaml | 26 - .../mac-va-mbp-personal/default.nix | 11 +- .../lin-va-mbp-personal/default.nix | 5 +- .../x86_64-linux/lin-va-desktop/default.nix | 304 +---------- .../x86_64-linux/lin-va-thinkpad/default.nix | 6 +- 32 files changed, 1210 insertions(+), 676 deletions(-) create mode 100644 modules/home/programs/terminal/opencode/config/agents/agent-creator.md create mode 100644 modules/home/programs/terminal/opencode/config/agents/architect.md create mode 100644 modules/home/programs/terminal/opencode/config/agents/developer.md create mode 100644 modules/home/programs/terminal/opencode/config/agents/orchestrator.md create mode 100644 modules/home/programs/terminal/opencode/config/agents/reviewer.md delete mode 100644 modules/nixos/services/llama-cpp/default.nix create mode 100644 modules/nixos/services/llama-swap/default.nix create mode 100644 packages/opencode/root_fix.patch create mode 100644 secrets/common/evanreichard.yaml create mode 100644 secrets/common/systems.yaml delete mode 100644 secrets/default.yaml create mode 100644 secrets/keys.yaml delete mode 100644 secrets/lin-va-mbp-personal/evanreichard/default.yaml delete mode 100644 secrets/mac-va-mbp-personal/evanreichard/default.yaml diff --git a/.sops.yaml b/.sops.yaml index 5b0ddff..055250f 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -1,22 +1,31 @@ keys: - # Admin - Age Native + # Global Admin - &admin_reichard age1sac93wpnjcv62s7583jv6a4yspndh6k0r25g3qx3k7gq748uvafst6nz4w - # lin-va-mbp-personal@evanreichard - SSH Derived + + # User SSH Derived - &user_lin-va-mbp-personal age17ayje4uv2mhwehhp9jr3u9l0ds07396kt7ef40sufx89vm7cgfjq6d5d4y - # mac-va-mbp-personal@evanreichard - SSH Derived - &user_mac-va-mbp-personal age1dccte7xtwswgef089nd80dutp96xnezx5lrqnneh9cusegsnda8sj3dj6c + - &user_lin-va-thinkpad age1avlhszrryt4gf4ya536jhzm7qwt9xfttm8x4sns6h9w2tahzqp8sspz9y5 + - &user_lin-va-desktop age15hdlen5dgjvdfgg2j0uzvchs5vs3xuptkhsw9xeuatcuk6uwrvcsz7hcsg + + # System SSH Derived + - &system_lin-va-desktop age1mxjrvjxkn69kfn2np3wpd73g44fuhsgykw7l5ss9rx30em5jfp2scnrq32 + - &system_lin-va-thinkpad age13gymlygyac9z2slecl53jp8spq7e8n4zkan86n0gmnm3nrj4muxqa5ullm creation_rules: - path_regex: secrets/[^/]+\.(yaml|json|env|ini)$ key_groups: - age: - *admin_reichard - - path_regex: secrets/lin-va-mbp-personal/evanreichard/[^/]+\.(yaml|json|env|ini)$ + - path_regex: secrets/common/systems.yaml + key_groups: + - age: + - *admin_reichard + - *system_lin-va-desktop + - *system_lin-va-thinkpad + - path_regex: secrets/common/evanreichard.yaml key_groups: - age: - *admin_reichard - *user_lin-va-mbp-personal - - path_regex: secrets/mac-va-mbp-personal/evanreichard/[^/]+\.(yaml|json|env|ini)$ - key_groups: - - age: - - *admin_reichard + - *user_lin-va-thinkpad - *user_mac-va-mbp-personal diff --git a/README.md b/README.md index 07e0ffd..0dc0e52 100755 --- a/README.md +++ b/README.md @@ -78,3 +78,27 @@ if [ -e '/nix/var/nix/profiles/default/etc/profile.d/nix-daemon.sh' ]; then fi # End Nix ``` + +#### SOPS + +1. Convert your SSH key to an age key +2. Get age public key +3. Update `.sops.yaml` with rules +4. Edit file + +```bash +# Ensure Config +mkdir -p ~/.config/sops/age + +# Convert SSH to Age +ssh-to-age -private-key -i $HOME/.ssh/id_ed25519 -o ~/.config/sops/age/keys.txt + +# Get Public Key +age-keygen -y ~/.config/sops/age/keys.txt +ssh-to-age -private-key -i ~/.ssh/id_ed25519 | age-keygen -y +SOPS_AGE_KEY_FILE= sops -d --extract '["lin-va-desktop"]["host"]' ./secrets/keys.yaml | ssh-to-age -private-key | age-keygen -y + +# Edit File +# NOTE: You can specify key with - `SOPS_AGE_KEY_FILE=~/.config/sops/age/other.txt` +sops secrets/lin-va-thinkpad/evanreichard/default.yaml +``` diff --git a/homes/aarch64-linux/evanreichard@lin-va-mbp-personal/default.nix b/homes/aarch64-linux/evanreichard@lin-va-mbp-personal/default.nix index 9f869b7..4dbcaad 100755 --- a/homes/aarch64-linux/evanreichard@lin-va-mbp-personal/default.nix +++ b/homes/aarch64-linux/evanreichard@lin-va-mbp-personal/default.nix @@ -21,11 +21,7 @@ in ssh-agent = enabled; fusuma = enabled; swww = enabled; - sops = { - enable = true; - defaultSopsFile = lib.snowfall.fs.get-file "secrets/default.yaml"; - sshKeyPaths = [ "${config.home.homeDirectory}/.ssh/id_ed25519" ]; - }; + sops = enabled; }; programs = { diff --git a/homes/x86_64-linux/evanreichard@lin-va-thinkpad/default.nix b/homes/x86_64-linux/evanreichard@lin-va-thinkpad/default.nix index e2b93a3..3fe1bc6 100755 --- a/homes/x86_64-linux/evanreichard@lin-va-thinkpad/default.nix +++ b/homes/x86_64-linux/evanreichard@lin-va-thinkpad/default.nix @@ -22,11 +22,7 @@ in fusuma = enabled; swww = enabled; poweralertd = enabled; - sops = { - enable = true; - defaultSopsFile = lib.snowfall.fs.get-file "secrets/default.yaml"; - sshKeyPaths = [ "${config.home.homeDirectory}/.ssh/id_ed25519" ]; - }; + sops = enabled; }; programs = { diff --git a/homes/x86_64-linux/evanreichard@lin-va-utility/default.nix b/homes/x86_64-linux/evanreichard@lin-va-utility/default.nix index 72367e7..8417733 100755 --- a/homes/x86_64-linux/evanreichard@lin-va-utility/default.nix +++ b/homes/x86_64-linux/evanreichard@lin-va-utility/default.nix @@ -21,11 +21,7 @@ in ssh-agent = enabled; fusuma = enabled; swww = enabled; - sops = { - enable = true; - defaultSopsFile = lib.snowfall.fs.get-file "secrets/default.yaml"; - sshKeyPaths = [ "${config.home.homeDirectory}/.ssh/id_ed25519" ]; - }; + sops = enabled; }; programs = { @@ -50,10 +46,6 @@ in }; }; - # home.packages = with pkgs; [ - # catppuccin-gtk - # ]; - dconf = { settings = { "org/gnome/desktop/interface" = { diff --git a/modules/darwin/security/sops/default.nix b/modules/darwin/security/sops/default.nix index 7efad11..e9240e4 100644 --- a/modules/darwin/security/sops/default.nix +++ b/modules/darwin/security/sops/default.nix @@ -1,31 +1,35 @@ -{ config, lib, namespace, ... }: +{ config +, lib +, namespace +, ... +}: let + inherit (lib) mkIf mkEnableOption types; inherit (lib.${namespace}) mkOpt; + getFile = lib.snowfall.fs.get-file; + user = config.users.users.${config.${namespace}.user.name}; cfg = config.${namespace}.security.sops; in { - options.${namespace}.security.sops = { - enable = lib.mkEnableOption "sops"; - defaultSopsFile = mkOpt lib.types.path null "Default sops file."; - sshKeyPaths = mkOpt (with lib.types; listOf path) [ - "/etc/ssh/ssh_host_ed25519_key" - ] "SSH Key paths to use."; + options.${namespace}.security.sops = with types; { + enable = mkEnableOption "Enable sops"; + defaultSopsFile = mkOpt str "secrets/systems/${config.system.name}.yaml" "Default sops file."; + sshKeyPaths = mkOpt (listOf path) [ ] "Additional SSH key paths to use."; }; - config = lib.mkIf cfg.enable { + config = mkIf cfg.enable { sops = { - inherit (cfg) defaultSopsFile; + defaultSopsFile = getFile cfg.defaultSopsFile; age = { - inherit (cfg) sshKeyPaths; - - keyFile = "${config.users.users.${config.${namespace}.user.name}.home}/.config/sops/age/keys.txt"; + keyFile = "${user.home}/.config/sops/age/keys.txt"; + sshKeyPaths = [ "${config.home.homeDirectory}/.ssh/id_ed25519" ] ++ cfg.sshKeyPaths; }; }; sops.secrets.builder_ssh_key = { - sopsFile = lib.snowfall.fs.get-file "secrets/default.yaml"; + sopsFile = getFile "secrets/common/systems.yaml"; }; }; } diff --git a/modules/home/programs/terminal/nvim/config/lua/llm-config.lua b/modules/home/programs/terminal/nvim/config/lua/llm-config.lua index 908da6f..776de31 100755 --- a/modules/home/programs/terminal/nvim/config/lua/llm-config.lua +++ b/modules/home/programs/terminal/nvim/config/lua/llm-config.lua @@ -3,24 +3,29 @@ local llm_assistant_model = "devstral-small-2-instruct" local llm_infill_model = "qwen2.5-coder-3b-instruct" -- Default Llama - Toggle Llama & Copilot --- vim.g.copilot_filetypes = { ["*"] = false } -local current_mode = "copilot" -local function toggle_llm_fim_provider() - if current_mode == "llama" then - vim.g.copilot_filetypes = { ["*"] = true } - vim.cmd("Copilot enable") - vim.cmd("LlamaDisable") - current_mode = "copilot" - vim.notify("Copilot FIM enabled", vim.log.levels.INFO) - else +local current_fim = "llama" +local function switch_llm_fim_provider(switch_to) + if switch_to == "llama" then vim.g.copilot_filetypes = { ["*"] = true } vim.cmd("Copilot disable") vim.cmd("LlamaEnable") - current_mode = "llama" + current_fim = "llama" vim.notify("Llama FIM enabled", vim.log.levels.INFO) + else + vim.g.copilot_filetypes = { ["*"] = true } + vim.cmd("Copilot enable") + vim.cmd("LlamaDisable") + current_fim = "copilot" + vim.notify("Copilot FIM enabled", vim.log.levels.INFO) end end +vim.api.nvim_create_autocmd("VimEnter", { + callback = function() + switch_llm_fim_provider(current_fim) + end, +}) + -- Copilot Configuration vim.g.copilot_no_tab_map = true @@ -75,7 +80,13 @@ codecompanion.setup({ -- Create KeyMaps for Code Companion vim.keymap.set("n", "aa", codecompanion.actions, { desc = "Actions" }) -vim.keymap.set("n", "af", toggle_llm_fim_provider, { desc = "Toggle FIM (Llama / Copilot)" }) +vim.keymap.set("n", "af", function() + if current_fim == "llama" then + switch_llm_fim_provider("copilot") + else + switch_llm_fim_provider("llama") + end +end, { desc = "Toggle FIM (Llama / Copilot)" }) vim.keymap.set("n", "ao", function() require("snacks.terminal").toggle("opencode") end, { desc = "Toggle OpenCode" }) vim.keymap.set("v", "ai", ":CodeCompanion", { desc = "Inline Prompt" }) diff --git a/modules/home/programs/terminal/nvim/config/lua/lsp-config.lua b/modules/home/programs/terminal/nvim/config/lua/lsp-config.lua index 01cb811..ddf5b40 100755 --- a/modules/home/programs/terminal/nvim/config/lua/lsp-config.lua +++ b/modules/home/programs/terminal/nvim/config/lua/lsp-config.lua @@ -134,7 +134,13 @@ setup_lsp("cssls", { setup_lsp("ts_ls", { on_attach = on_attach_no_formatting, cmd = { nix_vars.tsls, "--stdio" }, - filetypes = { "typescript", "typescriptreact" }, + filetypes = { "typescript", "typescriptreact", "javascript" }, +}) + +-- ESLint LSP +setup_lsp("eslint", { + on_attach = on_attach_no_formatting, + cmd = { nix_vars.vscls .. "/bin/vscode-eslint-language-server", "--stdio" }, }) -- C LSP Configuration @@ -149,6 +155,11 @@ setup_lsp("lua_ls", { filetypes = { "lua" }, }) +-- Lua LSP Configuration +setup_lsp("sqls", { + cmd = { nix_vars.sqls }, +}) + -- Nix LSP Configuration setup_lsp("nil_ls", { filetypes = { "nix" }, @@ -205,44 +216,19 @@ setup_lsp("golangci_lint_ls", { ------------------------------------------------------ local none_ls = require("null-ls") -local eslintFiles = { - ".eslintrc", - ".eslintrc.js", - ".eslintrc.cjs", - ".eslintrc.yaml", - ".eslintrc.yml", - ".eslintrc.json", - "eslint.config.js", - "eslint.config.mjs", - "eslint.config.cjs", - "eslint.config.ts", - "eslint.config.mts", - "eslint.config.cts", -} - -local has_eslint_in_parents = function(fname) - local root_file = require("lspconfig").util.insert_package_json(eslintFiles, "eslintConfig", fname) - return require("lspconfig").util.root_pattern(unpack(root_file))(fname) -end - none_ls.setup({ sources = { - -- Prettier Formatting + -- Formatting none_ls.builtins.formatting.prettier, none_ls.builtins.formatting.prettier.with({ filetypes = { "template" } }), - require("none-ls.diagnostics.eslint_d").with({ - condition = function(utils) - return has_eslint_in_parents(vim.fn.getcwd()) - end, - }), - none_ls.builtins.completion.spell, none_ls.builtins.formatting.nixpkgs_fmt, -- TODO: nixd native LSP? - none_ls.builtins.diagnostics.sqlfluff, - none_ls.builtins.formatting.sqlfluff, require("none-ls.formatting.autopep8").with({ filetypes = { "starlark", "python" }, extra_args = { "--max-line-length", "100" }, }), + + -- Completion + none_ls.builtins.completion.spell, }, on_attach = function(client, bufnr) if client:supports_method("textDocument/formatting") then diff --git a/modules/home/programs/terminal/nvim/default.nix b/modules/home/programs/terminal/nvim/default.nix index e3c3944..ccfc911 100755 --- a/modules/home/programs/terminal/nvim/default.nix +++ b/modules/home/programs/terminal/nvim/default.nix @@ -1,8 +1,9 @@ -{ pkgs -, lib -, config -, namespace -, ... +{ + pkgs, + lib, + config, + namespace, + ... }: let inherit (lib) mkIf; @@ -178,6 +179,7 @@ in sveltels = "${pkgs.nodePackages.svelte-language-server}/bin/svelteserver", tsls = "${pkgs.nodePackages.typescript-language-server}/bin/typescript-language-server", vscls = "${pkgs.nodePackages.vscode-langservers-extracted}", + sqls = "${pkgs.sqls}/bin/sqls", } return nix_vars ''; diff --git a/modules/home/programs/terminal/opencode/config/agents/agent-creator.md b/modules/home/programs/terminal/opencode/config/agents/agent-creator.md new file mode 100644 index 0000000..de47f72 --- /dev/null +++ b/modules/home/programs/terminal/opencode/config/agents/agent-creator.md @@ -0,0 +1,65 @@ +--- +description: Creates and configures new OpenCode agents based on requirements +mode: subagent +temperature: 0.3 +permission: + write: allow +--- + +You help users create custom OpenCode agents. When asked to create an agent: + +1. **Understand the need**: Ask clarifying questions about: + - What tasks should this agent handle? + - Should it be primary or subagent? + - What tools does it need access to? + - Any special permissions or restrictions? + - Should it use a specific model? + +2. **Generate the config**: Create a markdown file in the appropriate location: + - Global: `~/.config/opencode/agent/` + - Project: `.opencode/agent/` + +3. **Available config options**: + - `description` (required): Brief description of agent purpose + - `mode`: "primary", "subagent", or "all" (defaults to "all") + - `temperature`: 0.0-1.0 (lower = focused, higher = creative) + - `maxSteps`: Limit agentic iterations + - `disable`: Set to true to disable agent + - `tools`: Control tool access (write, edit, bash, etc.) + - `permission`: Set to "ask", "allow", or "deny" for edit/bash/webfetch + - Additional provider-specific options pass through to the model + +4. **Tools configuration**: + - Set individual tools: `write: true`, `bash: false` + - Use wildcards: `mymcp_*: false` + - Inherits from global config, agent config overrides + +5. **Permissions** (for edit, bash, webfetch): + - `ask`: Prompt before running + - `allow`: Run without approval + - `deny`: Disable completely + - Can set per-command for bash: `"git push": "ask"` + +6. **Keep it simple**: Start minimal, users can extend later. + +7. **Explain usage**: Tell them how to invoke with `@agent-name`. + +Example structure: + +```markdown +--- +description: [one-line purpose] +mode: subagent +model: anthropic/claude-sonnet-4-20250514 +temperature: 0.2 +tools: + write: false + bash: false +permission: + edit: deny +--- + +[Clear instructions for the agent's behavior] +``` + +Be conversational. Ask questions before generating. diff --git a/modules/home/programs/terminal/opencode/config/agents/architect.md b/modules/home/programs/terminal/opencode/config/agents/architect.md new file mode 100644 index 0000000..f92d36e --- /dev/null +++ b/modules/home/programs/terminal/opencode/config/agents/architect.md @@ -0,0 +1,66 @@ +--- +description: Discovers relevant code and builds a focused implementation plan with exact file references +mode: subagent +temperature: 0.4 +permission: + "*": deny + context7_*: allow + glob: allow + grep: allow + list: allow + lsp: allow + read: allow + todoread: allow + todowrite: allow +--- + +You analyze requirements and discover the relevant code context needed for implementation. + +**Your job:** + +1. Read through the codebase to understand what exists +2. Identify specific files and line ranges relevant to the task +3. Create a focused plan with exact references for the @developer agent +4. Describe what needs to change and why + +**Deliver a compressed context map:** + +For each relevant file section, use this format: +`path/file.py:10-25` - Current behavior. Needed change. + +Keep it to ONE sentence per part (what it does, what needs changing). + +**Example:** +`auth.py:45-67` - Login function with basic validation. Add rate limiting using existing middleware pattern. +`middleware/rate_limit.py:10-35` - Rate limiter for API endpoints. Reference this implementation. +`config.py:78` - Rate limit config (5 req/min). Use these values. + +**Don't include:** + +- Full code snippets (developer will read the files) +- Detailed explanations (just pointers) +- Implementation details (that's developer's job) + +**Do include:** + +- Exact line ranges so developer reads only what's needed +- Key constraints or patterns to follow +- Dependencies between files + +**Examples of good references:** + +- "`auth.py:45-67` - login function, needs error handling" +- "`db.py:12-30` - connection logic, check timeout handling" +- "`api/routes.py:89` - endpoint definition to modify" +- "`tests/test_auth.py:23-45` - existing tests to update" + +**Examples of good plans:** + +"Add rate limiting to login: + +- `auth.py:45-67` - Current login function with no rate limiting +- `middleware/rate_limit.py:10-35` - Existing rate limiter for API +- Need: Apply same pattern to login endpoint +- Related: `config.py:78` - Rate limit settings" + +You're the context scout - provide precise pointers so @developer doesn't waste context searching. diff --git a/modules/home/programs/terminal/opencode/config/agents/developer.md b/modules/home/programs/terminal/opencode/config/agents/developer.md new file mode 100644 index 0000000..c6b0819 --- /dev/null +++ b/modules/home/programs/terminal/opencode/config/agents/developer.md @@ -0,0 +1,76 @@ +--- +description: Implements code based on plans and addresses review feedback +mode: subagent +temperature: 0.3 +permission: + "*": deny + bash: allow + context7_*: allow + edit: allow + glob: allow + grep: allow + list: allow + lsp: allow + read: allow + todoread: allow + todowrite: allow +--- + +You implement code. You are the only agent that modifies files. + +**DO NOT re-analyze or re-plan.** @architect already did discovery and planning. You execute. + +**When building from a plan:** + +- Start with the specific files and lines mentioned in the plan +- Read incrementally if you need to understand: + - Function/class definitions referenced in those lines + - Import sources or dependencies + - Related code that must be updated together +- Stop reading once you understand what to change and how +- Don't search the entire codebase or read files "just in case" +- Trust the plan's pointers as your starting point + +**Example workflow:** + +1. Plan says: `auth.py:45-67` - Read lines 45-67 +2. See it calls `validate_user()` - Read that function definition +3. Realize validate_user is imported from `utils.py` - Read that too +4. Implement changes across both files +5. Done + +**When addressing review feedback:** + +- **Critical findings** (security, logic errors): Must fix +- **Regular findings** (quality, errors): Must fix +- **Nits** (style, minor): Optional, use judgment + +**Your workflow:** + +1. Read the specific files mentioned in the plan +2. Implement the changes described +3. **When done, commit your work:** + + ```bash + git add -A + git commit -m "type: what you implemented" + ``` + + **Conventional commit types:** + - `feat:` - New feature + - `fix:` - Bug fix + - `refactor:` - Code restructuring + - `docs:` - Documentation only + - `test:` - Adding/updating tests + - `chore:` - Maintenance tasks + +4. Done + +**Do NOT:** + +- Re-read the entire codebase +- Search for additional context +- Second-guess the plan +- Do your own discovery phase + +Be efficient. Trust @architect's context work. Just code. diff --git a/modules/home/programs/terminal/opencode/config/agents/orchestrator.md b/modules/home/programs/terminal/opencode/config/agents/orchestrator.md new file mode 100644 index 0000000..d125510 --- /dev/null +++ b/modules/home/programs/terminal/opencode/config/agents/orchestrator.md @@ -0,0 +1,46 @@ +--- +description: Orchestrates features or bug fixes by delegating to subagents +mode: primary +temperature: 0.2 +maxSteps: 50 +permission: + "*": deny + task: allow +--- + +You are a workflow orchestrator. You ONLY call subagents - you never analyze, plan, code, or review yourself. Your high level flow is @architect -> @developer -> @reviewer + +**Your subagents:** + +- **@architect** - Analyzes requirements and creates plans +- **@developer** - Implements the plan from @architect +- **@reviewer** - Reviews the implementation from @developer + +**Your workflow:** + +1. Call @architect with user requirements. +2. Present the plan to the user for approval or changes. +3. If the user requests changes: + - Call @architect again with the feedback. + - Repeat step 2. +4. Once the plan is approved, call @developer with the full, unmodified plan. +5. Call @reviewer with the @developer output. +6. If the verdict is NEEDS_WORK: + - Call @developer with the plan + review feedback. +7. Repeat steps 5-6 until the implementation is APPROVED or APPROVED_WITH_NITS. +8. Report completion to the user: + - If APPROVED: "Implementation complete and approved." + - If APPROVED_WITH_NITS: "Implementation complete. Optional improvements available: [list nits]. Address these? (yes/no)" +9. If the user wants nits fixed: + - Call @developer with the plan + nit list. + - Call @reviewer one final time. +10. Done. + +**Rules:** + +- Never do the work yourself - always delegate +- Pass information between agents clearly, do not leave out context from the previous agent +- On iteration 2+ of develop→review, always include both plan AND review feedback +- Keep user informed of which agent is working +- Nits are optional - don't require fixes +- Stop when code is approved or only nits remain diff --git a/modules/home/programs/terminal/opencode/config/agents/reviewer.md b/modules/home/programs/terminal/opencode/config/agents/reviewer.md new file mode 100644 index 0000000..0c891e4 --- /dev/null +++ b/modules/home/programs/terminal/opencode/config/agents/reviewer.md @@ -0,0 +1,68 @@ +--- +description: Expert code reviewer providing structured feedback on implementations +mode: subagent +temperature: 0.2 +permission: + "*": deny + bash: + "*": deny + "git diff *": allow + "git log *": allow + "git show *": allow + "git show": allow + "git status *": allow + "git status": allow + glob: allow + grep: allow + list: allow + lsp: allow + read: allow +--- + +You are an expert code reviewer. Review implementations and provide structured feedback. + +**Your process:** + +- Check for uncommitted changes first: `git status` +- If there are uncommitted changes, respond: + "ERROR: Found uncommitted changes. @developer must run `git add -A && git commit -m "type: description"` first." +- Otherwise, review the latest commit with `git show` +- Read full files for additional context only if needed +- Focus on the actual changes made by @developer + +**You MUST start your response with a verdict line:** + +VERDICT: [APPROVED | NEEDS_WORK | APPROVED_WITH_NITS] + +**Then categorize all findings:** + +**Critical Findings** (must fix): + +- Security vulnerabilities +- Logical errors +- Data corruption risks +- Breaking changes + +**Regular Findings** (should fix): + +- Code quality issues +- Missing error handling +- Performance problems +- Maintainability concerns + +**Nits** (optional): + +- Style preferences +- Minor optimizations +- Documentation improvements +- Naming suggestions + +**Verdict rules:** + +- NEEDS_WORK: Any critical or regular findings exist +- APPROVED_WITH_NITS: Only nits remain +- APPROVED: No findings at all + +If you list any critical or regular findings, your verdict MUST be NEEDS_WORK. + +Be thorough but fair. Don't bikeshed. diff --git a/modules/home/programs/terminal/opencode/default.nix b/modules/home/programs/terminal/opencode/default.nix index f24b2c8..7f41e97 100755 --- a/modules/home/programs/terminal/opencode/default.nix +++ b/modules/home/programs/terminal/opencode/default.nix @@ -14,63 +14,95 @@ in }; config = mkIf cfg.enable { + # Enable OpenCode programs.opencode = { enable = true; package = pkgs.reichard.opencode; enableMcpIntegration = true; - settings = { - theme = "catppuccin"; - model = "llama-swap/devstral-small-2-instruct"; - permission = { - edit = "allow"; - bash = "ask"; - webfetch = "ask"; - doom_loop = "ask"; - external_directory = "ask"; - }; - provider = { - "llama-swap" = { - npm = "@ai-sdk/openai-compatible"; - options = { - baseURL = "https://llm-api.va.reichard.io/v1"; - }; - models = { - nemotron-3-nano-30b-thinking = { - name = "Nemotron 3 Nano (30B) - Thinking"; + agents = { + orchestrator = ./config/agents/orchestrator.md; + architect = ./config/agents/architect.md; + developer = ./config/agents/developer.md; + reviewer = ./config/agents/reviewer.md; + agent-creator = ./config/agents/agent-creator.md; + }; + }; + + # Define OpenCode Configuration + sops = { + secrets.context7_apikey = { + sopsFile = lib.snowfall.fs.get-file "secrets/common/evanreichard.yaml"; + }; + templates."opencode.json" = { + path = ".config/opencode/opencode.json"; + content = builtins.toJSON { + "$schema" = "https://opencode.ai/config.json"; + theme = "catppuccin"; + # model = "llama-swap/devstral-small-2-instruct"; + provider = { + "llama-swap" = { + npm = "@ai-sdk/openai-compatible"; + options = { + baseURL = "https://llm-api.va.reichard.io/v1"; }; - gpt-oss-20b-thinking = { - name = "GPT OSS (20B)"; - }; - devstral-small-2-instruct = { - name = "Devstral Small 2 (24B)"; - }; - qwen3-coder-30b-instruct = { - name = "Qwen3 Coder (30B)"; - }; - qwen3-next-80b-instruct = { - name = "Qwen3 Next (80B) - Instruct"; - }; - qwen3-30b-2507-thinking = { - name = "Qwen3 2507 (30B) Thinking"; - }; - qwen3-30b-2507-instruct = { - name = "Qwen3 2507 (30B) Instruct"; - }; - qwen3-4b-2507-instruct = { - name = "Qwen3 2507 (4B) - Instruct"; + models = { + "hf:Qwen/Qwen3-Coder-480B-A35B-Instruct" = { + name = "Qwen3 Coder (480B) Instruct"; + }; + "hf:zai-org/GLM-4.7" = { + name = "GLM 4.7"; + }; + "hf:MiniMaxAI/MiniMax-M2.1" = { + name = "MiniMax M2.1"; + }; + devstral-small-2-instruct = { + name = "Devstral Small 2 (24B)"; + }; + qwen3-coder-30b-instruct = { + name = "Qwen3 Coder (30B)"; + }; + nemotron-3-nano-30b-thinking = { + name = "Nemotron 3 Nano (30B) - Thinking"; + }; + gpt-oss-20b-thinking = { + name = "GPT OSS (20B)"; + }; + qwen3-next-80b-instruct = { + name = "Qwen3 Next (80B) - Instruct"; + }; + qwen3-30b-2507-thinking = { + name = "Qwen3 2507 (30B) Thinking"; + }; + qwen3-30b-2507-instruct = { + name = "Qwen3 2507 (30B) Instruct"; + }; + qwen3-4b-2507-instruct = { + name = "Qwen3 2507 (4B) - Instruct"; + }; }; }; }; - }; - lsp = { - starlark = { - command = [ - "${pkgs.pyright}/bin/pyright-langserver" - "--stdio" - ]; - extensions = [ - ".star" - ]; + lsp = { + biome = { + disabled = true; + }; + starlark = { + command = [ + "${pkgs.pyright}/bin/pyright-langserver" + "--stdio" + ]; + extensions = [ ".star" ]; + }; + }; + mcp = { + context7 = { + type = "remote"; + url = "https://mcp.context7.com/mcp"; + headers = { + CONTEXT7_API_KEY = "${config.sops.placeholder.context7_apikey}"; + }; + enabled = true; + }; }; }; }; diff --git a/modules/home/services/sops/default.nix b/modules/home/services/sops/default.nix index 94f60cf..6eb6db3 100644 --- a/modules/home/services/sops/default.nix +++ b/modules/home/services/sops/default.nix @@ -1,15 +1,21 @@ -{ config, lib, namespace, pkgs, ... }: +{ config +, lib +, namespace +, pkgs +, ... +}: let - inherit (lib) mkIf types; + inherit (lib) mkIf mkEnableOption types; inherit (lib.${namespace}) mkOpt; + getFile = lib.snowfall.fs.get-file; cfg = config.${namespace}.services.sops; in { options.${namespace}.services.sops = with types; { - enable = lib.mkEnableOption "sops"; - defaultSopsFile = mkOpt path null "Default sops file."; - sshKeyPaths = mkOpt (listOf path) [ ] "SSH Key paths to use."; + enable = mkEnableOption "Enable sops"; + defaultSopsFile = mkOpt str "secrets/common/evanreichard.yaml" "Default sops file."; + sshKeyPaths = mkOpt (listOf path) [ ] "Additional SSH key paths to use."; }; config = mkIf cfg.enable { @@ -20,11 +26,9 @@ in ]; sops = { - inherit (cfg) defaultSopsFile; - defaultSopsFormat = "yaml"; + defaultSopsFile = getFile cfg.defaultSopsFile; age = { - generateKey = true; keyFile = "${config.home.homeDirectory}/.config/sops/age/keys.txt"; sshKeyPaths = [ "${config.home.homeDirectory}/.ssh/id_ed25519" ] ++ cfg.sshKeyPaths; }; diff --git a/modules/nixos/security/sops/default.nix b/modules/nixos/security/sops/default.nix index adfcfe5..3a15428 100644 --- a/modules/nixos/security/sops/default.nix +++ b/modules/nixos/security/sops/default.nix @@ -1,31 +1,39 @@ -{ config, lib, namespace, ... }: +{ config +, lib +, namespace +, ... +}: let + inherit (lib) mkIf mkEnableOption types; inherit (lib.${namespace}) mkOpt; + getFile = lib.snowfall.fs.get-file; + user = config.users.users.${config.${namespace}.user.name}; cfg = config.${namespace}.security.sops; in { - options.${namespace}.security.sops = { - enable = lib.mkEnableOption "sops"; - defaultSopsFile = mkOpt lib.types.path null "Default sops file."; - sshKeyPaths = mkOpt (with lib.types; listOf path) [ - # "/etc/ssh/ssh_host_ed25519_key" - ] "SSH Key paths to use."; + options.${namespace}.security.sops = with types; { + enable = mkEnableOption "Enable sops"; + defaultSopsFile = mkOpt str "secrets/systems/${config.system.name}.yaml" "Default sops file."; + sshKeyPaths = mkOpt (listOf path) [ ] "Additional SSH key paths to use."; }; - config = lib.mkIf cfg.enable { + config = mkIf cfg.enable { sops = { - inherit (cfg) defaultSopsFile; + defaultSopsFile = getFile cfg.defaultSopsFile; age = { - inherit (cfg) sshKeyPaths; - - keyFile = "${config.users.users.${config.${namespace}.user.name}.home}/.config/sops/age/keys.txt"; + keyFile = "${user.home}/.config/sops/age/keys.txt"; + sshKeyPaths = [ + "/etc/ssh/ssh_host_ed25519_key" + "${user.home}/.ssh/id_ed25519" + ] + ++ cfg.sshKeyPaths; }; }; sops.secrets.builder_ssh_key = { - sopsFile = lib.snowfall.fs.get-file "secrets/default.yaml"; + sopsFile = getFile "secrets/common/systems.yaml"; }; }; } diff --git a/modules/nixos/services/llama-cpp/default.nix b/modules/nixos/services/llama-cpp/default.nix deleted file mode 100644 index 73b63a1..0000000 --- a/modules/nixos/services/llama-cpp/default.nix +++ /dev/null @@ -1,123 +0,0 @@ -{ - config, - pkgs, - lib, - namespace, - ... -}: -let - inherit (lib) types mkIf mkEnableOption; - inherit (lib.${namespace}) mkOpt; - cfg = config.${namespace}.services.llama-cpp; - - modelDir = "/models"; - availableModels = { - "qwen2.5-coder-7b-q8_0.gguf" = { - url = "https://huggingface.co/ggml-org/Qwen2.5-Coder-7B-Q8_0-GGUF/resolve/main/qwen2.5-coder-7b-q8_0.gguf?download=true"; - flag = "--fim-qwen-7b-default"; - }; - "qwen2.5-coder-3b-q8_0.gguf" = { - url = "https://huggingface.co/ggml-org/Qwen2.5-Coder-3B-Q8_0-GGUF/resolve/main/qwen2.5-coder-3b-q8_0.gguf?download=true"; - flag = "--fim-qwen-3b-default"; - }; - }; -in -{ - options.${namespace}.services.llama-cpp = with types; { - enable = mkEnableOption "llama-cpp support"; - modelName = mkOpt str "qwen2.5-coder-3b-q8_0.gguf" "model to use"; - }; - - config = - let - modelPath = "${modelDir}/${cfg.modelName}"; - in - mkIf cfg.enable { - assertions = [ - { - assertion = availableModels ? ${cfg.modelName}; - message = "Invalid model '${cfg.modelName}'. Available models: ${lib.concatStringsSep ", " (lib.attrNames availableModels)}"; - } - ]; - - systemd.services = { - # LLama Download Model - download-model = { - description = "Download Model"; - wantedBy = [ "multi-user.target" ]; - before = [ "llama-cpp.service" ]; - path = [ - pkgs.curl - pkgs.coreutils - ]; - serviceConfig = { - Type = "oneshot"; - RemainAfterExit = true; - User = "root"; - Group = "root"; - }; - script = - let - modelURL = availableModels.${cfg.modelName}.url; - in - '' - set -euo pipefail - - if [ ! -f "${modelPath}" ]; then - mkdir -p "${modelDir}" - # Add -f flag to follow redirects and -L for location - # Add --fail flag to exit with error on HTTP errors - # Add -C - to resume interrupted downloads - curl -f -L -C - \ - -H "Accept: application/octet-stream" \ - --retry 3 \ - --retry-delay 5 \ - --max-time 1800 \ - "${modelURL}" \ - -o "${modelPath}.tmp" && \ - mv "${modelPath}.tmp" "${modelPath}" - fi - ''; - }; - - # Setup LLama API Service - llama-cpp = { - after = [ "download-model.service" ]; - requires = [ "download-model.service" ]; - }; - }; - - services.llama-cpp = { - enable = true; - host = "0.0.0.0"; - port = 8012; - openFirewall = true; - model = "${modelPath}"; - - package = - (pkgs.llama-cpp.override { - cudaSupport = true; - blasSupport = true; - rocmSupport = false; - metalSupport = false; - }).overrideAttrs - (oldAttrs: { - cmakeFlags = oldAttrs.cmakeFlags ++ [ - "-DGGML_CUDA_ENABLE_UNIFIED_MEMORY=1" - "-DCMAKE_CUDA_ARCHITECTURES=61" # GTX-1070 / GTX-1080ti - "-DGGML_NATIVE=ON" - - # Disable CPU Instructions - Intel(R) Core(TM) i5-3570K CPU @ 3.40GHz - # "-DLLAMA_FMA=OFF" - # "-DLLAMA_AVX2=OFF" - # "-DLLAMA_AVX512=OFF" - # "-DGGML_FMA=OFF" - # "-DGGML_AVX2=OFF" - # "-DGGML_AVX512=OFF" - ]; - }); - - extraFlags = [ availableModels.${cfg.modelName}.flag ]; - }; - }; -} diff --git a/modules/nixos/services/llama-swap/default.nix b/modules/nixos/services/llama-swap/default.nix new file mode 100644 index 0000000..2aebe5e --- /dev/null +++ b/modules/nixos/services/llama-swap/default.nix @@ -0,0 +1,507 @@ +{ config +, lib +, pkgs +, namespace +, ... +}: +let + inherit (lib) mkIf mkEnableOption; + cfg = config.${namespace}.services.llama-swap; + + llama-swap = pkgs.reichard.llama-swap; + llama-cpp = pkgs.reichard.llama-cpp; + stable-diffusion-cpp = pkgs.reichard.stable-diffusion-cpp.override { + cudaSupport = true; + }; +in +{ + options.${namespace}.services.llama-swap = { + enable = mkEnableOption "enable llama-swap service"; + }; + + config = mkIf cfg.enable { + # Create User + users.groups.llama-swap = { }; + users.users.llama-swap = { + isSystemUser = true; + group = "llama-swap"; + }; + + # Create Service + systemd.services.llama-swap = { + description = "Model swapping for LLaMA C++ Server (or any local OpenAPI compatible server)"; + after = [ "network.target" ]; + wantedBy = [ "multi-user.target" ]; + + serviceConfig = { + Type = "exec"; + ExecStart = "${lib.getExe llama-swap} --listen :8080 --config ${ + config.sops.templates."llama-swap.json".path + }"; + Restart = "on-failure"; + RestartSec = 3; + + # for GPU acceleration + PrivateDevices = false; + + # hardening + User = "llama-swap"; + Group = "llama-swap"; + CapabilityBoundingSet = ""; + RestrictAddressFamilies = [ + "AF_INET" + "AF_INET6" + "AF_UNIX" + ]; + NoNewPrivileges = true; + PrivateMounts = true; + PrivateTmp = true; + PrivateUsers = true; + ProtectClock = true; + ProtectControlGroups = true; + ProtectHome = true; + ProtectKernelLogs = true; + ProtectKernelModules = true; + ProtectKernelTunables = true; + ProtectSystem = "strict"; + MemoryDenyWriteExecute = true; + LimitMEMLOCK = "infinity"; + LockPersonality = true; + RemoveIPC = true; + RestrictNamespaces = true; + RestrictRealtime = true; + RestrictSUIDSGID = true; + SystemCallArchitectures = "native"; + SystemCallFilter = [ + "@system-service" + "~@privileged" + ]; + SystemCallErrorNumber = "EPERM"; + ProtectProc = "invisible"; + ProtectHostname = true; + ProcSubset = "pid"; + }; + }; + + # Create Config + sops = { + secrets.synthetic_apikey = { + sopsFile = lib.snowfall.fs.get-file "secrets/common/systems.yaml"; + }; + templates."llama-swap.json" = { + owner = "llama-swap"; + group = "llama-swap"; + mode = "0400"; + content = builtins.toJSON { + models = { + # https://huggingface.co/unsloth/Devstral-Small-2-24B-Instruct-2512-GGUF/tree/main + "devstral-small-2-instruct" = { + name = "Devstral Small 2 (24B) - Instruct"; + cmd = '' + ${llama-cpp}/bin/llama-server \ + --port ''${PORT} \ + -m /mnt/ssd/Models/Devstral/Devstral-Small-2-24B-Instruct-2512-UD-Q4_K_XL.gguf \ + --chat-template-file /mnt/ssd/Models/Devstral/Devstral-Small-2-24B-Instruct-2512-UD-Q4_K_XL_template.jinja \ + --temp 0.15 \ + -c 98304 \ + -ctk q8_0 \ + -ctv q8_0 \ + -fit off \ + -dev CUDA0 + ''; + metadata = { + type = [ "text-generation" ]; + }; + env = [ "GGML_CUDA_ENABLE_UNIFIED_MEMORY=1" ]; + }; + + # https://huggingface.co/mradermacher/gpt-oss-20b-heretic-v2-i1-GGUF/tree/main + "gpt-oss-20b-thinking" = { + name = "GPT OSS (20B) - Thinking"; + cmd = '' + ${llama-cpp}/bin/llama-server \ + --port ''${PORT} \ + -m /mnt/ssd/Models/GPT-OSS/gpt-oss-20b-heretic-v2.i1-MXFP4_MOE.gguf \ + -c 131072 \ + --temp 1.0 \ + --top-p 1.0 \ + --top-k 40 \ + -dev CUDA0 + ''; + metadata = { + type = [ "text-generation" ]; + }; + env = [ "GGML_CUDA_ENABLE_UNIFIED_MEMORY=1" ]; + }; + + # https://huggingface.co/mradermacher/GPT-OSS-Cybersecurity-20B-Merged-i1-GGUF/tree/main + "gpt-oss-csec-20b-thinking" = { + name = "GPT OSS CSEC (20B) - Thinking"; + cmd = '' + ${llama-cpp}/bin/llama-server \ + --port ''${PORT} \ + -m /mnt/ssd/Models/GPT-OSS/GPT-OSS-Cybersecurity-20B-Merged.i1-MXFP4_MOE.gguf \ + -c 131072 \ + --temp 1.0 \ + --top-p 1.0 \ + --top-k 40 \ + -dev CUDA0 + ''; + metadata = { + type = [ "text-generation" ]; + }; + env = [ "GGML_CUDA_ENABLE_UNIFIED_MEMORY=1" ]; + }; + + # https://huggingface.co/unsloth/Qwen3-Next-80B-A3B-Instruct-GGUF/tree/main + "qwen3-next-80b-instruct" = { + name = "Qwen3 Next (80B) - Instruct"; + cmd = '' + ${llama-cpp}/bin/llama-server \ + --port ''${PORT} \ + -m /mnt/ssd/Models/Qwen3/Qwen3-Next-80B-A3B-Instruct-UD-Q2_K_XL.gguf \ + -c 262144 \ + --temp 0.7 \ + --min-p 0.0 \ + --top-p 0.8 \ + --top-k 20 \ + --repeat-penalty 1.05 \ + -ctk q8_0 \ + -ctv q8_0 \ + -fit off + ''; + metadata = { + type = [ "text-generation" ]; + }; + env = [ "GGML_CUDA_ENABLE_UNIFIED_MEMORY=1" ]; + }; + + # https://huggingface.co/unsloth/Qwen3-30B-A3B-Instruct-2507-GGUF/tree/main + "qwen3-30b-2507-instruct" = { + name = "Qwen3 2507 (30B) - Instruct"; + cmd = '' + ${llama-cpp}/bin/llama-server \ + --port ''${PORT} \ + -m /mnt/ssd/Models/Qwen3/Qwen3-30B-A3B-Instruct-2507-Q4_K_M.gguf \ + -c 262144 \ + --temp 0.7 \ + --min-p 0.0 \ + --top-p 0.8 \ + --top-k 20 \ + --repeat-penalty 1.05 \ + -ctk q8_0 \ + -ctv q8_0 \ + -ts 70,30 \ + -fit off + ''; + metadata = { + type = [ "text-generation" ]; + }; + env = [ "GGML_CUDA_ENABLE_UNIFIED_MEMORY=1" ]; + }; + + # https://huggingface.co/unsloth/Qwen3-Coder-30B-A3B-Instruct-GGUF/tree/main + "qwen3-coder-30b-instruct" = { + name = "Qwen3 Coder (30B) - Instruct"; + cmd = '' + ${llama-cpp}/bin/llama-server \ + --port ''${PORT} \ + -m /mnt/ssd/Models/Qwen3/Qwen3-Coder-30B-A3B-Instruct-UD-Q6_K_XL.gguf \ + -c 131072 \ + --temp 0.7 \ + --min-p 0.0 \ + --top-p 0.8 \ + --top-k 20 \ + --repeat-penalty 1.05 \ + -ctk q8_0 \ + -ctv q8_0 \ + -ts 70,30 \ + -fit off + ''; + metadata = { + type = [ "text-generation" ]; + }; + env = [ "GGML_CUDA_ENABLE_UNIFIED_MEMORY=1" ]; + }; + + # https://huggingface.co/unsloth/Qwen3-30B-A3B-Thinking-2507-GGUF/tree/main + "qwen3-30b-2507-thinking" = { + name = "Qwen3 2507 (30B) - Thinking"; + cmd = '' + ${llama-cpp}/bin/llama-server \ + --port ''${PORT} \ + -m /mnt/ssd/Models/Qwen3/Qwen3-30B-A3B-Thinking-2507-UD-Q4_K_XL.gguf \ + -c 262144 \ + --temp 0.7 \ + --min-p 0.0 \ + --top-p 0.8 \ + --top-k 20 \ + --repeat-penalty 1.05 \ + -ctk q8_0 \ + -ctv q8_0 \ + -ts 70,30 \ + -fit off + ''; + metadata = { + type = [ "text-generation" ]; + }; + env = [ "GGML_CUDA_ENABLE_UNIFIED_MEMORY=1" ]; + }; + + # https://huggingface.co/unsloth/Nemotron-3-Nano-30B-A3B-GGUF/tree/main + "nemotron-3-nano-30b-thinking" = { + name = "Nemotron 3 Nano (30B) - Thinking"; + cmd = '' + ${llama-cpp}/bin/llama-server \ + --port ''${PORT} \ + -m /mnt/ssd/Models/Nemotron/Nemotron-3-Nano-30B-A3B-UD-Q4_K_XL.gguf \ + -c 1048576 \ + --temp 1.1 \ + --top-p 0.95 \ + -fit off + ''; + metadata = { + type = [ "text-generation" ]; + }; + env = [ "GGML_CUDA_ENABLE_UNIFIED_MEMORY=1" ]; + }; + + # https://huggingface.co/unsloth/Qwen3-VL-8B-Instruct-GGUF/tree/main + "qwen3-8b-vision" = { + name = "Qwen3 Vision (8B) - Thinking"; + cmd = '' + ${llama-cpp}/bin/llama-server \ + --port ''${PORT} \ + -m /mnt/ssd/Models/Qwen3/Qwen3-VL-8B-Instruct-UD-Q4_K_XL.gguf \ + --mmproj /mnt/ssd/Models/Qwen3/Qwen3-VL-8B-Instruct-UD-Q4_K_XL_mmproj-F16.gguf \ + -c 65536 \ + --temp 0.7 \ + --min-p 0.0 \ + --top-p 0.8 \ + --top-k 20 \ + -ctk q8_0 \ + -ctv q8_0 \ + -fit off \ + -dev CUDA1 + ''; + metadata = { + type = [ "text-generation" ]; + }; + env = [ "GGML_CUDA_ENABLE_UNIFIED_MEMORY=1" ]; + }; + + # https://huggingface.co/unsloth/Qwen2.5-Coder-7B-Instruct-128K-GGUF/tree/main + "qwen2.5-coder-7b-instruct" = { + name = "Qwen2.5 Coder (7B) - Instruct"; + cmd = '' + ${llama-cpp}/bin/llama-server \ + -m /mnt/ssd/Models/Qwen2.5/Qwen2.5-Coder-7B-Instruct-Q8_0.gguf \ + --fim-qwen-7b-default \ + -c 131072 \ + --port ''${PORT} \ + -fit off \ + -dev CUDA1 + ''; + metadata = { + type = [ "text-generation" ]; + }; + env = [ "GGML_CUDA_ENABLE_UNIFIED_MEMORY=1" ]; + }; + + # https://huggingface.co/unsloth/Qwen2.5-Coder-3B-Instruct-128K-GGUF/tree/main + "qwen2.5-coder-3b-instruct" = { + name = "Qwen2.5 Coder (3B) - Instruct"; + cmd = '' + ${llama-cpp}/bin/llama-server \ + -m /mnt/ssd/Models/Qwen2.5/Qwen2.5-Coder-3B-Instruct-Q8_0.gguf \ + --fim-qwen-3b-default \ + --port ''${PORT} \ + -fit off \ + -dev CUDA1 + ''; + metadata = { + type = [ "text-generation" ]; + }; + env = [ "GGML_CUDA_ENABLE_UNIFIED_MEMORY=1" ]; + }; + + # https://huggingface.co/unsloth/Qwen3-4B-Instruct-2507-GGUF/tree/main + "qwen3-4b-2507-instruct" = { + name = "Qwen3 2507 (4B) - Instruct"; + cmd = '' + ${llama-cpp}/bin/llama-server \ + --port ''${PORT} \ + -m /mnt/ssd/Models/Qwen3/Qwen3-4B-Instruct-2507-Q4_K_M.gguf \ + -c 98304 \ + -fit off \ + -ctk q8_0 \ + -ctv q8_0 \ + -dev CUDA1 + ''; + metadata = { + type = [ "text-generation" ]; + }; + env = [ "GGML_CUDA_ENABLE_UNIFIED_MEMORY=1" ]; + }; + + "z-image-turbo" = { + name = "Z-Image-Turbo"; + checkEndpoint = "/"; + cmd = '' + ${stable-diffusion-cpp}/bin/sd-server \ + --listen-port ''${PORT} \ + --diffusion-fa \ + --diffusion-model /mnt/ssd/StableDiffusion/ZImageTurbo/z-image-turbo-Q8_0.gguf \ + --vae /mnt/ssd/StableDiffusion/ZImageTurbo/ae.safetensors \ + --llm /mnt/ssd/Models/Qwen3/Qwen3-4B-Instruct-2507-Q4_K_M.gguf \ + --cfg-scale 1.0 \ + --steps 8 \ + --rng cuda + ''; + metadata = { + type = [ "image-generation" ]; + }; + env = [ "GGML_CUDA_ENABLE_UNIFIED_MEMORY=1" ]; + }; + + # https://huggingface.co/unsloth/Qwen-Image-Edit-2511-GGUF/tree/main + "qwen-image-edit-2511" = { + name = "Qwen Image Edit 2511"; + checkEndpoint = "/"; + cmd = '' + ${stable-diffusion-cpp}/bin/sd-server \ + --listen-port ''${PORT} \ + --diffusion-fa \ + --qwen-image-zero-cond-t \ + --diffusion-model /mnt/ssd/StableDiffusion/QwenImage/qwen-image-edit-2511-Q5_K_M.gguf \ + --vae /mnt/ssd/StableDiffusion/QwenImage/qwen_image_vae.safetensors \ + --llm /mnt/ssd/Models/Qwen2.5/Qwen2.5-VL-7B-Instruct.Q4_K_M.gguf \ + --lora-model-dir /mnt/ssd/StableDiffusion/QwenImage/Loras \ + --cfg-scale 2.5 \ + --sampling-method euler \ + --flow-shift 3 \ + --steps 20 \ + --rng cuda + ''; + metadata = { + type = [ + "image-edit" + "image-generation" + ]; + }; + env = [ "GGML_CUDA_ENABLE_UNIFIED_MEMORY=1" ]; + }; + + "qwen-image-2512" = { + name = "Qwen Image 2512"; + checkEndpoint = "/"; + cmd = '' + ${stable-diffusion-cpp}/bin/sd-server \ + --listen-port ''${PORT} \ + --diffusion-fa \ + --diffusion-model /mnt/ssd/StableDiffusion/QwenImage/qwen-image-2512-Q5_K_M.gguf \ + --vae /mnt/ssd/StableDiffusion/QwenImage/qwen_image_vae.safetensors \ + --llm /mnt/ssd/Models/Qwen2.5/Qwen2.5-VL-7B-Instruct.Q4_K_M.gguf \ + --lora-model-dir /mnt/ssd/StableDiffusion/QwenImage/Loras \ + --cfg-scale 2.5 \ + --sampling-method euler \ + --flow-shift 3 \ + --steps 20 \ + --rng cuda + ''; + metadata = { + type = [ "image-generation" ]; + }; + env = [ "GGML_CUDA_ENABLE_UNIFIED_MEMORY=1" ]; + }; + + "chroma-radiance" = { + name = "Chroma Radiance"; + checkEndpoint = "/"; + cmd = '' + ${stable-diffusion-cpp}/bin/sd-server \ + --listen-port ''${PORT} \ + --diffusion-fa --chroma-disable-dit-mask \ + --diffusion-model /mnt/ssd/StableDiffusion/Chroma/chroma_radiance_x0_q8.gguf \ + --t5xxl /mnt/ssd/StableDiffusion/Chroma/t5xxl_fp16.safetensors \ + --cfg-scale 4.0 \ + --sampling-method euler \ + --rng cuda + ''; + metadata = { + type = [ "image-generation" ]; + }; + env = [ "GGML_CUDA_ENABLE_UNIFIED_MEMORY=1" ]; + }; + }; + + groups = { + shared = { + swap = true; + exclusive = false; + members = [ + "nemotron-3-nano-30b-thinking" + "qwen3-30b-2507-instruct" + "qwen3-30b-2507-thinking" + "qwen3-coder-30b-instruct" + "qwen3-next-80b-instruct" + ]; + }; + + cuda0 = { + swap = true; + exclusive = false; + members = [ + "devstral-small-2-instruct" + "gpt-oss-20b-thinking" + "gpt-oss-csec-20b-thinking" + ]; + }; + + cuda1 = { + swap = true; + exclusive = false; + members = [ + "qwen2.5-coder-3b-instruct" + "qwen2.5-coder-7b-instruct" + "qwen3-4b-2507-instruct" + "qwen3-8b-vision" + ]; + }; + }; + + peers = { + synthetic = { + proxy = "https://api.synthetic.new/openai/"; + apiKey = "${config.sops.placeholder.synthetic_apikey}"; + models = [ + "hf:deepseek-ai/DeepSeek-R1-0528" + "hf:deepseek-ai/DeepSeek-V3" + "hf:deepseek-ai/DeepSeek-V3-0324" + "hf:deepseek-ai/DeepSeek-V3.1" + "hf:deepseek-ai/DeepSeek-V3.1-Terminus" + "hf:deepseek-ai/DeepSeek-V3.2" + "hf:meta-llama/Llama-3.3-70B-Instruct" + "hf:meta-llama/Llama-4-Maverick-17B-128E-Instruct-FP8" + "hf:MiniMaxAI/MiniMax-M2" + "hf:MiniMaxAI/MiniMax-M2.1" + "hf:moonshotai/Kimi-K2-Instruct-0905" + "hf:moonshotai/Kimi-K2-Thinking" + "hf:openai/gpt-oss-120b" + "hf:Qwen/Qwen3-235B-A22B-Instruct-2507" + "hf:Qwen/Qwen3-235B-A22B-Thinking-2507" + "hf:Qwen/Qwen3-Coder-480B-A35B-Instruct" + "hf:Qwen/Qwen3-VL-235B-A22B-Instruct" + "hf:zai-org/GLM-4.5" + "hf:zai-org/GLM-4.6" + "hf:zai-org/GLM-4.7" + ]; + }; + }; + }; + }; + }; + + networking.firewall.allowedTCPPorts = [ 8080 ]; + }; +} diff --git a/modules/nixos/services/openssh/default.nix b/modules/nixos/services/openssh/default.nix index 2f9486e..a24040a 100644 --- a/modules/nixos/services/openssh/default.nix +++ b/modules/nixos/services/openssh/default.nix @@ -14,16 +14,11 @@ let cfg = config.${namespace}.services.openssh; globalKeys = [ - # evanreichard@lin-va-mbp-personal - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILJJoyXQOv9cAjGUHrUcvsW7vY9W0PmuPMQSI9AMZvNY" - # evanreichard@mac-va-mbp-personal - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMWj6rd6uDtHj/gGozgIEgxho/vBKebgN5Kce/N6vQWV" - # evanreichard@lin-va-thinkpad - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAq5JQr/6WJMIHhR434nK95FrDmf2ApW2Ahd2+cBKwDz" - # evanreichard@lin-va-terminal - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM5e6Cty+7rX5BjIEHBTU6GnzfOxPJiHpSqin/BnsypO" - # evanreichard@mobile - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIARTNbl4lgQsp7SJEng7vprL0+ChC9e6iR7o/PiC4Jme" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILJJoyXQOv9cAjGUHrUcvsW7vY9W0PmuPMQSI9AMZvNY evanreichard@lin-va-mbp-personal" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMWj6rd6uDtHj/gGozgIEgxho/vBKebgN5Kce/N6vQWV evanreichard@mac-va-mbp-personal" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAq5JQr/6WJMIHhR434nK95FrDmf2ApW2Ahd2+cBKwDz evanreichard@lin-va-thinkpad" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM5e6Cty+7rX5BjIEHBTU6GnzfOxPJiHpSqin/BnsypO evanreichard@lin-va-terminal" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIARTNbl4lgQsp7SJEng7vprL0+ChC9e6iR7o/PiC4Jme evanreichard@mobile" ]; in { diff --git a/packages/opencode/default.nix b/packages/opencode/default.nix index 6eff620..b832992 100644 --- a/packages/opencode/default.nix +++ b/packages/opencode/default.nix @@ -13,12 +13,12 @@ }: let pname = "opencode"; - version = "1.1.4"; + version = "1.1.12"; src = fetchFromGitHub { owner = "anomalyco"; repo = "opencode"; tag = "v${version}"; - hash = "sha256-i9IO9FSZ2Mw0tPqFxfQfSbejx04J1eJ0IYy5fa77O2Y="; + hash = "sha256-k6wRBtWFwyLWJ6R0el3dY/nBlg2t+XkTpsuEseLXp+E="; }; node_modules = stdenvNoCC.mkDerivation { @@ -75,7 +75,7 @@ let # NOTE: Required else we get errors that our fixed-output derivation references store paths dontFixup = true; - outputHash = "sha256-tea/pSuUOELsSSMdwi0mmG5GsFZpqR5MlyQvVUno7dM="; + outputHash = "sha256-vRIWQt02VljcoYG3mwJy8uCihSTB/OLypyw+vt8LuL8="; outputHashAlgo = "sha256"; outputHashMode = "recursive"; }; @@ -95,8 +95,8 @@ stdenvNoCC.mkDerivation (finalAttrs: { ]; patches = [ - # NOTE: Relax Bun version check to be a warning instead of an error - ./relax-bun-version-check.patch + ./relax-bun-version-check.patch # NOTE: Relax Bun version check to be a warning instead of an error + ./root_fix.patch # https://github.com/anomalyco/opencode/pull/7691 ]; configurePhase = '' diff --git a/packages/opencode/root_fix.patch b/packages/opencode/root_fix.patch new file mode 100644 index 0000000..df5189b --- /dev/null +++ b/packages/opencode/root_fix.patch @@ -0,0 +1,31 @@ +diff --git i/packages/opencode/src/lsp/server.ts w/packages/opencode/src/lsp/server.ts +index 24da77edc..b94285ba8 100644 +--- a/packages/opencode/src/lsp/server.ts ++++ b/packages/opencode/src/lsp/server.ts +@@ -94,7 +94,7 @@ export namespace LSPServer { + ), + extensions: [".ts", ".tsx", ".js", ".jsx", ".mjs", ".cjs", ".mts", ".cts"], + async spawn(root) { +- const tsserver = await Bun.resolve("typescript/lib/tsserver.js", Instance.directory).catch(() => {}) ++ const tsserver = await Bun.resolve("typescript/lib/tsserver.js", root).catch(() => {}) + log.info("typescript server", { tsserver }) + if (!tsserver) return + const proc = spawn(BunProc.which(), ["x", "typescript-language-server", "--stdio"], { +@@ -169,7 +169,7 @@ export namespace LSPServer { + root: NearestRoot(["package-lock.json", "bun.lockb", "bun.lock", "pnpm-lock.yaml", "yarn.lock"]), + extensions: [".ts", ".tsx", ".js", ".jsx", ".mjs", ".cjs", ".mts", ".cts", ".vue"], + async spawn(root) { +- const eslint = await Bun.resolve("eslint", Instance.directory).catch(() => {}) ++ const eslint = await Bun.resolve("eslint", root).catch(() => {}) + if (!eslint) return + log.info("spawning eslint server") + const serverPath = path.join(Global.Path.bin, "vscode-eslint", "server", "out", "eslintServer.js") +@@ -1081,7 +1081,7 @@ export namespace LSPServer { + extensions: [".astro"], + root: NearestRoot(["package-lock.json", "bun.lockb", "bun.lock", "pnpm-lock.yaml", "yarn.lock"]), + async spawn(root) { +- const tsserver = await Bun.resolve("typescript/lib/tsserver.js", Instance.directory).catch(() => {}) ++ const tsserver = await Bun.resolve("typescript/lib/tsserver.js", root).catch(() => {}) + if (!tsserver) { + log.info("typescript not found, required for Astro language server") + return diff --git a/secrets/common/evanreichard.yaml b/secrets/common/evanreichard.yaml new file mode 100644 index 0000000..d6e1f4c --- /dev/null +++ b/secrets/common/evanreichard.yaml @@ -0,0 +1,44 @@ +context7_apikey: ENC[AES256_GCM,data:K8/OoJMWBhN3ufmTa/tAiD3iMergDZQ1OBucUtLsrg+L26DXDPAko9D41w==,iv:/IVpaaPivUTn2rbIAPIwyN5nb7TmtDh05YlMdOlBkhE=,tag:0XJfoNlDelBwMXMAAqKjtQ==,type:str] +rke2_kubeconfig: ENC[AES256_GCM,data:DLH4BNrQgkANalwz05S+zs7ak6G6hxJx/VqNyVxlBeVY3tvwVc5jxwva/WWEvy3Aoncf8V12XD6Tir8ste4j9OlFLYkb+yhHRTB+EavrmKWyZ/w7d2EKIMr/535DoZgfhFhlUqxLw6QR5lMFv6Md/vLDj/nj47cIGx302m5Lk10N/7Ltngvjx6GG1AZs8pQAKMhFuKJLzWL4xT5DcxcgfX5j50f8hOJ7DWIbLZfiFAi/ipUFo6GGjFgNpoLfpGJvw6LGw1t+Wr6f0NuWHwCNhR4Aj/Dff13XX6TW7o8sOXgN8RejNTnN4ntMBwA+eH3i9aQ3E2U3K3zgAGgERFrjg+c5p/y/sCWxNx+3v0Hkqj5WqF4k7PvGhG4S5eAJ85UpAlxtFBVO5LU0B7M9OH8K+ie+N/ZitJWBM0F2Pq2g8VKDcsJoEUotc3yoWCicjPH9Ohu55balf9L/xDrn+EfmmIGuHRT1GMwLiOVBolOO4tJF26sNuTONGJ5abrE6divNN3DPjZgPNNfX04wn4j5icT/omArwszpvw8zgtL+k2pA1aHRFoVqmT4sIgIJJrhXDCoG5f9/9q7gddVCfbXXhHV/GO0NKZnXRzIMF7ya2ntnLIBCBy3pIvhau1JJkMkKkEZT/pcExOMqAJzLoRc+oZz5TDhB5tE8H+AZD6tZJ2CsaIfRcKqo6QODcstpP+pSjg49t5DqJ/BkdlsQDBQyuSWz5JmGNMzp1jkwOajoS8qGu9jhQIQO/pj8RK859uRkm4fr4DmhPya13T+tILUf8+RN2ZyTn2+rdsDFD72CUm5WsOGg9plFAvWPArn0RLgMHMRb37Ggt3dCF7GESyQ1Owz3NBmrWVrCXB75FcIdCmCZG2OXP3yrYvihV4iLykq+myUZW+a5SnfLeZoB/gGCC2whcw+J3srQrFLlTfQ9eRYxSxsDCExTb6RmvZ6xYP22kSqtlQGrqmyBsHzpfVxZKL6h+kxZ16IMhXvkwjPUIsa8YysKXtrDLWW7U/sCbrYpfJU+cQ2zILtBBGLaaoeLAG/g2GNleEcLrUz9CS3ttf33GU3d2b1d83sAKMrB6fgma+wBsq1TC56m5G2aQs/Y5opqNIvWKWSSENXRRWmeLYJLBqvHiGtfL7kjGLli5cgcF0NuhK36AXrvoyAv+mfcgiNbWjLXOwlerHR1ByxKpYPO2CMmvVGlX4rQI74/UHfWX3MaagwXQLK/jQP7YjYHl1VivLy9ljfO1WOG0ruGmb6WJZhpuhTHB1cchiKSbxdZFP17mN+UxwuPtHAbQSxq0hL986bH1Jju4Dt4KkuAEqpHSrdHmRaT1Geovt7P3YsXh6eEAC7PHc0GhiaDCsacGMSzcqVYCFCbTg6PWx951jX7eLmh8KCBYObs0c7Wt4dLXaIYgH1nZgHt3CPkJ84O2O2UgssNjpeGz9HBXo20DwnUz/snKwKbUaMppRCPhag+zhkbBtH9SGq3GO0sXtAv4Imdm6nCfi+oBIvXw/91B82WuNUbAboU5kizOLGR4+vDAF6px5C7yfwVBaEQohkaKsQNDumpMDUFOO7gMNBHw3x5GD9+pG27bOIGcNTiaBhpFqbaaWcwyNMCmlSHqCEuOHEIeDJeRAgJXmVKp2bggTSoICIbY6Ar7ELNQ7IjRNJNxQKuoG42g1Wc054ScU+ClVkA5HYWfyrN8KSQaqUsucmqeAldR9PX7k1x8E4pi0C0fgtVumLam8uLx7d2s72ALh7EZ6uPC4Vuws/xtLlCrKtmIz37iXZQjOJ4pfHZCXzqJLrFW9vaYelK1RGt/dERvJqagjmVwQGSvP4o20KcqkCJlEtNvH4yKUKf9NbcGcaFvwhOdxew0BJDh8BN2VK7LBZcFquA5cYVOYLohBLPTw+RyWXCL7V2O6XThECOnOC+O1eKV8OAkTtSl6ywSDh9CxtWf43rmSz1SXEZlMIiGjG2YRVLaGf2gPpP9fbaNKH3GuXlfQAuplOyENWhIm5uIxg7ty2SFEHqHozjrOBPYgFN+Db96StcU6z9VDdNoEUEj/jyRlWBS+g60xze1Xu7vJ+cawvqBC5bXoK2Qx/b8JKQmlWt9A4W1dbUc+2Tqze1nsmG759o4r91aZllvDqN0IWmNQzNEYNi30pEqvrqWdRVno6r0Iwriwo9LfA1s84WU9RRpODBJLXZBPJ3iju0ejye1LqejgPn1fbgCvwLdJM/rFXTQQmup8ud6dHnVmGPcs1y+qIM47dev4g0KbeCbWLUAPhBjJk2WR2XYUSZOls3ZH4ITMkf+8cSap7JQC/j/aTiIkF4vTsh2aVJbyZWe1tdIz1IYcgQmcP50+DW/Lnx/YeBHBOPwrAMZlIiH7O017h74VBDLzIVNbamvVffZtO5NepWlwUz6zvU0Qvpqo37GFxs+EzgwkGAcyzOXU249bzGuD5K8GR4Tg+fAk+Hvvj5z6m93dmROC4HPX8Tr6qnCtlDX9LoKHPbF1V/KNLZ5fTgM3d2uqas2/EJfpRUKIHlP2jUAmHsj7j+KIYaItPkSe2lm+IBKSoIBmRE94ZSgQwdd6iqH630DBOvGcIGwmLGqRNLRT1+NwwIq9R3vdM/nh1Bk4oEKKkEFRtqldyEsqHa+21wNyUfDlb8B8VsE45Gn4tWaxBEAJf97iF+Csu6kK1h3GtBhkrK5aiH9gn5xnjWbXaqf9nYPZBC+WTVzPPDP3Q9yMAWoxqnbOKCHMjN0+it2ze66w2Hn6WWlt2SLvOKQkS4mp0Jb6AJy/8lxQN0m5ZpLALHOONBB5DLycjZ++4rGhex+ttDeb4R88AS8IlbirGWxge4Pkoxy58nLVRKbOPn6wtW5754bfUvwQco6igqgDrjsSWcQdCT+4g3hPJZJ3CXZ/XIR4MBr3kVgndnBBt6BgkdkB3UYifadG+E3WQhEkTP5tXzeqdVz9fqf0y+/AnAe3gJD7pJRAtulGEHMkhT5HpSHiBDaeVzIJiXL9J849AG/nCZHA5BaTx0xVq/K/WLMSJ9163AF6HgIpb6fF6BFD3eE/vV/xOJonUsvDebYButBPUHqKguNpjnNzoL4xN2Hp56qmo9RymxZrGOesOG4f8k6mvu+0+8C/lqn2kJpFYPlpRFrUuDdS5WBhUG9h/UG3HzY5IRqxPnRXNESbQJdKcSIpX73dTxg5y3vJTBIsZlSG3VpR0vRYfFvY4p+x4i27fE1d74BZcwNMKPsyeZC2YEGzgu3kdB42IGVyZcq6TkpjERLgt9YVAQDinmWSQsstQO+scOfzNY8o8iQdGspkwYFwW/AslZGwf4coxD4INNIAekfPk/utIcz/AOr1PEsz6gIS/U4Wg88ANaAp89ESNemjV4h3Op5pvmIna0KFX19QW777mSnkYWhT/Berm/FmQwziCAy0kUGIcjtjNhNQO7t0UjeHueZdiop25KoLkxBRQUp5vMCS2GSlvth5kkqeRUzawnU8dYyELJX+IbvNvjxx/1KkPbc/a5gIq5rSRTx1VPiPNBnwhqp++BRV1+vfeFVBV0+REY2jhsnbckAbeiLxaGo9V4s1dfS4i4u6A3iB/mbz6Lz4CL8fXFfik6233moOyB2NXsUGAzO8uXkjMgbrjK52ySrb/JZ4Dw5sJjoa0qCIR+a2ckD3ASFrrJVHafbkHTvJbG1uyP+rLqn4nz43UUfHDiKzYDkFT0VN8PPjnWYP5p3v/DYfbQYK2QBJyQVr33ssSlwEgH5HJIm7rAtf5nYA+Trsox+HU7/+/UwgVm1sF0hwEGxeeFaOirWEGdWpeq3MacvskjPyqtWZ+sPlYndo5setvFdCEIoeEv0QfLJzI30zTr8pcopwZLZS+TNrHqZWziDHPy+ssszghPANKWmziOKah+UJSU+xoQ2Z9Y4PTCZJFR9TCIhWYE4eXB+GJ5cH6b/mpI2THNN28cM,iv:rAkcmlrQuax2Khog8KOtoYcPC63Pv2X/NgM6aVGEmyQ=,tag:9wUJYjTF277eqrrvxOFS3w==,type:str] +sops: + age: + - recipient: age1sac93wpnjcv62s7583jv6a4yspndh6k0r25g3qx3k7gq748uvafst6nz4w + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwQTZkSS9RVXdEOW8zeFdh + UWVUS2Zac2FwTm5wd2tNbVp3RGpPT3ltWTNRCkduTzZ4bzI2ekI3b2JOam0rMmpF + RWFsTW4xZWw4MnBsZFdMTWVXK1MrVjgKLS0tIHFDblJTbnJoeGhLNFRhZ1MrQWMx + RjE2c2hGbWtubUlTUUZNenBOMUpaQUUKJuuITY+LTX5c4BIxJfHcJqDKRyEdwk4P + yFvFB7WnxdJBODk3m+by6Y4HDUkd0GjvUDegazT2e7/jX9kGMlMAog== + -----END AGE ENCRYPTED FILE----- + - recipient: age17ayje4uv2mhwehhp9jr3u9l0ds07396kt7ef40sufx89vm7cgfjq6d5d4y + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBHRlB1UFhRWDNPVWZ5U05J + aENEdXA2em4vV2ZPUDVJMTU1cU8yd3VxcmcwCmVPT0JDcE9jc1ZsQzdoeE0xQVUx + SXBydmFPT3BOYXVMYmVVQzFkZUVacDAKLS0tIGZXZGZEaElJZ2NpTGdYR0o5ek5z + UTIxQ2tiaUVDKzU0YVRqelVsb1NqcjAKoTULI81692/CS8kiIdnwDaNu6XBBchkS + niK4hBgwTC7F8BtyoYbzdjTdP5DDMOTQYaQbcJRWlHv71e/Np75UVQ== + -----END AGE ENCRYPTED FILE----- + - recipient: age1dccte7xtwswgef089nd80dutp96xnezx5lrqnneh9cusegsnda8sj3dj6c + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB5ejdFVHVabDlpdzl5cUw2 + N2UzSUV5VkVXdUZNRzkxQWRmWTZJLzVRM1JJCks5WVdVMEt6enp1a0xWajZUUi9G + amFvckVueCs4ZFczTUZuRjlReHlkUmcKLS0tIGpvVE9ET0M3N0lyamc5bWxJZis2 + cGhQN3B4OUFGbXhMb2VwMFBBT0F4amcKlbWZbECEZFd5SOUemw7uCj9qSuYSPNTP + kb8RyUTVSNOpfdVckBOfgjZq9G4CLH+Ypl+buwqyO/jrSEGjQjpDrg== + -----END AGE ENCRYPTED FILE----- + - recipient: age1avlhszrryt4gf4ya536jhzm7qwt9xfttm8x4sns6h9w2tahzqp8sspz9y5 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBhWGhFWVFCcGZKQ2FRbDkz + MVZTKzJZblcwM2ZBanJTOE4zNXpnWkx4RVNNCjNaQW9IcHJjaVdXK1Yrdm9zNUM0 + RVAwa0VGd3FkYkNCck1Ham5EZG9MTUkKLS0tIFF5WEJFS1VqTytFTGkxUEs5MUdW + TmgrVUFoUFJsMFNTbE4rQmtKelhCWHcKsFxYaS2QABbyTplVAsACUveK2Q640tei + YYR2d56OLzZQqfnqE+lpR29zVvT1Q6yq2LJmj1GamhJPBIdeclvMIg== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2026-01-12T02:52:28Z" + mac: ENC[AES256_GCM,data:CYI9KKsr2zCnuw0wqrQk2yuJ91t818Ww0iqGP5j7mWATCNmg7V+gPivRVry3riqH+yVQm+v4J6coUFQyyngqPfLfHT1XybKtHbCP+vBxyU9YJc5DjZb1gatiJHHSNSUKDgU5bHn1/0ND+yK5o2iE16spCqXkBnSkxjtG7IkqXpA=,iv:vA3tIMvWe94/6npAmSi1AGn6gltPjkkxhbQZPFyTvec=,tag:+7eXnqA/EuaFsQvoWOqTMg==,type:str] + unencrypted_suffix: _unencrypted + version: 3.11.0 diff --git a/secrets/common/systems.yaml b/secrets/common/systems.yaml new file mode 100644 index 0000000..3b33060 --- /dev/null +++ b/secrets/common/systems.yaml @@ -0,0 +1,35 @@ +synthetic_apikey: ENC[AES256_GCM,data:hs/50QG6DHyoSc306NX8lo7Y26QkdgMsFRKcMRKMD7OmPIF5,iv:uYRgiqPZ30IECqYLH/4v1FwAX0ZzU32jUj5GO3R4Hxc=,tag:pvip34Jvg6Cma7nbksBZZQ==,type:str] +builder_ssh_key: ENC[AES256_GCM,data:JFky9teEUjj1GqVt/wKMH+YD6CMj7AQZ/J4JzCvvm5NgMWkCHJ6ipryq5nwklRkfUcUo3SzMutORxDytLeugyZ1Z8UlBBp/S+BwWHrzr8BcAnvFDxiIYtpf6n1hlpTixKiP5Z6HM/JMIbfnHlzyN7Ggk21oVCv8m7MTH8U6MShEOm+SuVM65Ibf8yBWcOkb7IHNodMvJfhUnU67ymWqVeujzosqTAvEf8cWFzl+E1lRcjM+zJ25WlhEd98jBDaL5gFfgDpbMiW+/oT2Ibq2FZzgwM+0Ye4OMMQUVxfPhh64DZrnmfSYZlYjfsA84DdaFko//zvslz+qFTv95f6SVxk1JQoX666J7naASfwf+Vv3foplsFBJvi0SDhlLC/92m/w/El777wrKZuBxjXSB7M0WqSobb9QHP+/03ktetGbckyNj+jotEylR2vx6kwPtQyf+VcmIU0RrX/EUJxVL9HPF3va3Ot0v2dzYkGHDeVbH+5QbjTt40wSjO1RH5rXR6liOGNt+5LsDBXfkF1TxKJcxnuwtjWknCS4w9BqhzqZ4bV44=,iv:HVtYNFnMe9WPdcbYjfEhmU7Zqd23j7amv/HA+hO6Rao=,tag:ZA0YdBPy9m4r8JSUrY37PA==,type:str] +sops: + age: + - recipient: age1sac93wpnjcv62s7583jv6a4yspndh6k0r25g3qx3k7gq748uvafst6nz4w + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtNzNQMlF1MGI2TkQxZFl1 + WGV2d3lVTVFRSmQwamx5eG9NRi92WWF4U0JrClF2SWdaNStwK1UraUF5Z2RpQ0dQ + TGs4angrM1lrWkZzVm9EU2xoV1hieWcKLS0tIFVHN3hlVFFnSElpcTJvUDRwdVlU + OVNDc0VpbDVmUmlwS3lHTlFBaGZ0UEkKMhxvuNH2lw2rn31G26u9ur8ShHRCZQHg + PXPPBxMmbuoU4t5g1ongWqERG85YgOAOMO3werVw0Iw49AtQQzGE8w== + -----END AGE ENCRYPTED FILE----- + - recipient: age1mxjrvjxkn69kfn2np3wpd73g44fuhsgykw7l5ss9rx30em5jfp2scnrq32 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB5YTZUMUNUeElqbmFKanc2 + TklFbk8yTU93YUFTUW4vM3BwREgzditnSFMwCk1nNW1XWnBBWXBTb3k4enpwZlVQ + bFVwNkNWOHZ3MTZUSjN4SWZYaDFzak0KLS0tIEtLYUhvNFVkOUp0QzVOei9XTm9C + ZVNmVktSNDYxdGFvRUpmYnlJbGFHQTgKf7ovzPU3Vo84gwGTKU/SNCy+76WY88ve + ZPkJ29D8BeaEwFCbNcDOygwiKGSFYV31a+2zYnTP4j5pf01d2it2eQ== + -----END AGE ENCRYPTED FILE----- + - recipient: age13gymlygyac9z2slecl53jp8spq7e8n4zkan86n0gmnm3nrj4muxqa5ullm + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2c2dEWVRDbzYxeWkyRmdo + RzdBcm9UbXE5Q01zeHRxMisxajlDMnMvZW5vCm9pMEVlU3pEUGpoNmFlRlV4OXJ4 + QXg5ZTZSVkMzcTlFc2cvNzVQR2ZwelEKLS0tIDhhQmtGYTZjcEZwMXJoMjdMNVFt + aHc4a3UvZUFRNzRtQTc2NTloWE0zdkUKL5FRH7D8MlR8ofvIieFqIStwEXQUvu2w + +/SHKsi3lt9/1Vkk/Jlm1aymglp3ZdGVzTS/cxpM43VDDx+E3HYOQQ== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2026-01-12T02:56:42Z" + mac: ENC[AES256_GCM,data:R6s3ErVrw2nvRhkCdiaa6FCmIxBKZGQggQX5bYe1xmhIXuujsl9NZ9aqlzlS1XvVDICJEIbryfoEnOqSCrY/vAmdlKNfzakZqLZRrkfOZed6PWFWjk3SX6HmuMR9dQSQgLRlDZINZcKMNE0kuLL+mx4bo8lV84VoqMHGHtkwAJI=,iv:NCh3zDMEiYcrYxPxP5lfGWYwWLl1/yylq7+gTEHyWF4=,tag:t7MOwGHejUFotIBi7kfecw==,type:str] + unencrypted_suffix: _unencrypted + version: 3.11.0 diff --git a/secrets/default.yaml b/secrets/default.yaml deleted file mode 100644 index 3697b55..0000000 --- a/secrets/default.yaml +++ /dev/null @@ -1,22 +0,0 @@ -builder_ssh_key: ENC[AES256_GCM,data:7WoeR4Fc9FQrTHsujqlIm/b0ASJuLQcWUwIeMqQ4wk9WEFrwycnMyoxzPyZ2oxRqmUp0LY2DFWaByOAABhKRN6oQFFse8ol4KOr4EZkFR131bFy8WhJaJWq6VZo8gLv+1hHo1etLeoNl/fwBVixqrqBibEWWBtTSlvEE6PYFPV/BcW/LfFaabnhmRjIEL5hCqcQTlBqPq9jMt6ALWcj42mdzsbamRWbaN0/W5QkcKDPTIfALMdJ36VR38+slOkkmxPGJFUMhgL08SgOcnitSevvo+hq6xkGhXY8hnV1lk9nC9o8MXYURacPobqW88fx145ez8a+o2xSjm3E/+KoGfGsWSatqrKqTMfm6pJndvf5JeCTCMER2sCZCF620OJ2fZM6VS/XwMzQjLQICFGMCKZm8RQEKhPjyPVVbu5voa9KNxdWp7l40Ya86dty2oUR56CB8lHB32uWiZAMR9v8LytUkoOy/8LZpfbRVIHm7nnywNirnve+81egixUz9t+vgZ2u7vL2LzzApWUjcLa/1pFVTPwspYJDohMSGtpHtmAInN80=,iv:emhMHi7Htuy7quNbKPNb/TdqkuDeHbYym1ubEeDOfls=,tag:pJGBVr69QbT1FerG153gUA==,type:str] -rke2_kubeconfig: ENC[AES256_GCM,data:ZfqWAsIcx2h/cyrfkcyQXrO+dzYF7JRkplj3Y9mm4oEiQKeG7xeYdtNAE112PdFfLcI00HQRaKbzrcNBbG1M+kUQZROUk47sr7AqpeRxJIob1ZoTgwN98gQ1W0ikPFYBUw4HIVxmY9wuNyqDk54LNwu47A3hMUmCLEv8sPkk8r7lhA9Vf3HTtTbQBK8VBa5059YJyEIpZjMMaXPZReIR6Gka9qsZ4d1F1B8VYu+fBH2ZIKtG1HMCXzl/RvjaCqtlrk5AptooSQ/upOMq6omHWfBf8oty/0o6yasxYldMawetUW55TOm12QlgdmbDkXqeMAai03N3tj8zMESOVEHVxRzjosVTq4u5DzPAMmLFAk5NYaPpd5c6jlM2Gk7pT9v+X+n+GGYW9xfYLURe1sSy/yWmLXhEhOzLXkyc1T3M1bHWqnXDXfU1bhXWVLKwNDmuS96YWHb1o+Qr+3HTUCPQa70M9Va18O+pERD0Yj/Jz1HxwyAHKClRs06Lo73gl3eY7lOGhnafRSyxR91oMXs+ijSfFk8CNEA/PxKPaXUoKpDLpM6+iPnEmnsAT/kV9IrqnevsIABtzWMR6XHQbRodPowsx2zlSgzJfLkVZ37dsZawALv1FN/XOtrW53Zt8BGK3dIwIM1tRy6nR+UKoN8mQ4KI43MNZ7A7CagCAkWbs3AserDqU+4VYIF/biLVA9q+tZZory7lLraLpByVa2Mi1/JFUW23PyW6fa9nVvBDonzs5M4N7p4/Yw9rdWBWC/1ZQIvSKbTIla+mtDKX6GTlEAsaoJOFc+F8fX8FxGEZtxoXENshoyAvsQSihUbdsKkjDQAIcZ0lHAUKLJyJZSWFRkQsl64MkvBJwGedsMq/zzU8K96iBojYLQspPq8Yp612nxQahRyxAXWFvYAfMmxMqhSbEYuJA62DSUA1KwILZx7yPfKZWXLQzGDnpGyFRuORP+ZjANGXo1eqAED4cHqwZCHTo6q6Zh9zN4Y4jrO/z4G16PwheAi/WTJswzdI83J9FAR3TrKAGyf3a5hR03BNVHBbO+I6dX/Rhwp0eIdR0MPVXJE+CshcTixQNKWK7SRmpDQemAQq3g6c4i5DWB9PUlipkry+pcQzsz1omPLGjf/2Mz2CAdvPnjCYfeTeFxz42s6VJHBBd5Sgg/7ONQTj6QpvFhpP2u8aWmgbPnV3n0phejq9Bpj1lEEEN5JZlU2Swj6t6rtFD5fAZUu3L5FRPg5xZhCV0zu4VXuaEflPdidK35b0jIiz22qpAkw+/0vh36u+kkUOabgpnt+I3CqeCilRuq6tIvtIx2AHFZ4Y9WdfXpjd/BEl2GY8VrxSWzpXS0YYWiNwypJx/J1zzmZZO6G7QcKSpIuoULM4uneBlaZurjXdVT8QzupUmX+CVyXHZUTXX3tM0rFnuDG3uGjOUM+67kS/zd3LJk8fnY1awU08gTOrs7qIDIzqEaEVxvK60XcBqc4dDYG+FTKEOEOi88WGIZH12gFy49epciPaTQMxcKbRftE9R1fZNdze1PwX2lrm891KTBD7YwFJkUin88Ype7bQNI4Djyca0TumZjYKok1AoSzjLTJGYOmiZg9wYyN+6m/FrdM0krgUQzvErtfSFryX4XaLbpPJnpRcdzoiNzwwuVYMLn5mBhj4m08gjiiHQlVlSMSJxpXi6GdXqrMCDudDHyPX5LHh21e2wajZ59p1Y42Gew1dOOP+M/5/0PrwDvqKhUWgAp2q8PzQuQ+ZyCq63jVpTI0/BskiD1iQBwQFDN2A32V9xymnkuS1pKn9xnosNMWVR3R9l6sLQDxH6vJcCEqWvCmxg8n5nfPtgx0E+clmmFFHVQ/xmXbe1lKS1o/M5dLHDG3CdrUpSEf8IC7/qkhaG8d3EmKGFskwJcbpPSzCJfMLS1JuYGJL/m7jqSI5JJ+KzTlPQCjubW74+EEvScTIaQP7e+RtE60LbgkwLprIEfCao3I+P0W4YgqLfE/xF4NQ3qVy3vrXOVGJSR4e0R3rI9RiuHmYoduldqtLr8rhqVqbU33q9s1ifL/62Rh2ZnXcnP4w75eH1EtunucZ2ml9QwHbpG0liKrthvPlmUNVsOhWdwlUfHrCUs8sgLNwW98mgG+7Kva4edejNmaEq/43TtN/RBmrNanB0Dp2SIeEbYRFfLqWGCtIRJpeJF227ggJXxt3fZnCW1eiEihDLKfc3hz+7zo/QlkBkbbj9D1BRURieH7DCr8cvymKa1QL9nRl0aJzWvMg//Q8/nMA23qBays34s4EUrcDin6AnUZIu63eAvxtcesPDTVq31+NatLmty21VG3mk7s7yw1dDwJncCXQ6zYp+SOC90xMFUR++FYcpX6qFiRGk7qNln9hnllwu1SqQYgV/w9MmD6GYLk+/xCUWK3kbCjWZ0Nhxkk+A3snUealYeeK75fZfL8TlAkgKqpRL1KlY3jrDe2rgzQyrHb7AoLukf2RJcXwu3GBP9PLQjJSSJw3vEHltCDnt7YR2KRA5NvJw429brs/4RvkBlX2a593swY63YthWinhCs6I3kgiDVaycpiQit4HCwMATAnhkzD590QLgf/am+7vcQlxl1MCtG6V+mBSIDQw17kxfrq/P18MyKixtREI/TW2lT127JvMlH3Te3f5KDQNyWc5oUP8bsfvxpZ6nO6xrUY1pZ+1eCsapkNalLH5x4yk3viGHiWS7ow44jjaCDraL/YCvGN+7SHjDBIWRpt+/ncrjezxWJa2yN29y+JrJgRxHYmfmZVMHxPGZ9aexCRHxnTVgwlT577VTDltqYi9CC0kQmTPt3CZzSiOP8ht4gwHNuNjNus8qGT9w7nYd81ViCYV/VpMRKmq9cR3rY75U6BU8QO74hFTfDigmGBPxXwGuhWZEWMbmK1Xl867xybVj9UTHhdbgnhta0J9RXm29A9YL3RMdL/DDZNQGq2eMK4CDq2l9X7UdPqbJphXfCv1AmCdufdvzEAq8kVEw5+RQxEOVV0g84G8bH5dOKfOwr7b9Bogtg37+j5pLPJzcoRKl3NynlWMGZVcnkEgRqmzFreXAYIyScE16rIzeEHdL5ngvm9EcPQfAWz6CvylrK7Bl91pJonNYprSqHUO0F4K4/kscm4j90kD5wpGOcrwke2+OI3oqez7QPmfzKnYoSrtcXqbt9lnluqobdYsCHY6mUjn4utROUD+g7gW5yYkxC7R1ySvvt5t63rOX6QH4UP9Uz7dCpo831vMHQ8Am+VFNbLXirq6/2P4TKTnScSQh/OnJ8Sx0/zxbPAb3jwzmx/eFAd+eazL0hCGTnh/D0WxcqfxTItOllsKUGX+md2VAoJQLra07gMJlh1tuDk2+ZXjvOsoGOMAzswpKPLf6TVe5Yi4eEosDM8ZFkVSngF3qx4TB2NcuKl739qUvLf0eL461y7+doJcdC+sl19scJjlEBFmEU9YNoJ8T0m9nT5UIi7l0tuek2i9SpzQRjHym1Y12JsiYoTR83mTBMR33hChE9aMc0FBkNesVJ9SBWOtLsd1i/UxUyZIk/C8shVGPmYplT9QOO/RqwJtvTeOkhrEWQq9zRoGqKQJs+j6VatHOdqVweX4/0icBN5QamXwgH61c7RbT79MDCZHvHSKkAe+eNVw7y6+0ZgCxtiIbo3RJwdRGqy6XHGnRfzRbzjO9H26gBmWX+Z7ZfeHLghen/tOW/qEh+uT1TR+O71GnhOgd1QQh84vyE2U+lAzneHI2gVG8EzA8Ho/UGiXJALQPElkJzR3GXDXVAHAw8Q6wCjLnxpmpkJZEJiJ9uDktKkNdF5uM6oEfQbxpP8uWJQnK4sCaZOTBsqEzyBm+KUXOpt0PbGFmb+gfPHIpO6rNGdWJ/C9F63ZbWhMXfONuLCjMis86lLJimwYH9G0PQWrmh7ENuZB3/giYbVqUjD3yP44axfw,iv:zfbeDFKb3hHQFi9wEuDj8XRqTLhc+2AnJU1roGJVZkU=,tag:mwNz9UCO6lCDK5hMWNLfNw==,type:str] -sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] - age: - - recipient: age1sac93wpnjcv62s7583jv6a4yspndh6k0r25g3qx3k7gq748uvafst6nz4w - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0SnA3M2F0cXZjOGlFSTJw - aE9BNGJsQ1JzelFoQk4yMGlpN2dkVUR4ZUNvCmljSDhsVU4rUnowV2dIdlhZYnMy - aXo2OGZRd21PYk81ZE9pV05XSmpVOEEKLS0tIGhGNkVmTnVYRENEYlBxZXJTaExt - SC91WFNocEN2K1NFK2dBUHYwZTQrVFkKKb3AlaRX96vJwEmxNNAThTlO9ZwtD1tv - c6aBELEbmJFdHOcIJITzmS3YOssDOgTL2TbcSFu8mdAQYsRvxC96HA== - -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-04-09T00:53:28Z" - mac: ENC[AES256_GCM,data:NKv91i8Ms4TfbU0t9td4QoGD+9d9KYGQ9Mu1QlFdCc4AjMfRCcUCrvb9SVMF5JbYa8oZAH4Qp9FEJ5fFmgoTNrewspLUMpyjUYRgARYQWiHYhZjE/uTNhFo2FxXYLWsAlQjEJ8abbwUyr2y6NsK2tcQcOBDIWUssb4XqajNcylE=,iv:gvwQZB20JR4bKfMMR6sYjTnf3CNiOjcd8T30s2drKwY=,tag:mF9etyVyPVw5YblI8VdtTw==,type:str] - pgp: [] - unencrypted_suffix: _unencrypted - version: 3.9.4 diff --git a/secrets/keys.yaml b/secrets/keys.yaml new file mode 100644 index 0000000..57e6827 --- /dev/null +++ b/secrets/keys.yaml @@ -0,0 +1,27 @@ +lin-va-mbp-personal: + user: ENC[AES256_GCM,data:sdEzYZW5HYS7gLM13JeJfBqdQR3+ITPwYWT0KNaqxmtv8uSwMFWrL2LFCOxvH+5aVcy2prc65uhb5i7tSR1awM/OnHfuW348MGft8m1FKzW4fC0J4gZLyX8v9jG7kTQCap6XnWhL6ebimW7z6omFlGZgWvVZlA76rXXYx1B1Q5YBrHg8Dy227bIpUGDSAMuHE2KDaORGcUi2TK7k9JZKeY+9EMtVZqGYZqfIlG55Ov65GYETjGotvUx59si9fNgQ3e1ENl1PyqPOqQiz5kFZcloBarzt6u0MkJtIunCbia/PXabsL/C8M0F3iycVT8O2Y3nHCk0WyCeb6WEhguwO0ODA/JxfAlOihgeAp1DCzs79JE+kquXvO0UtnFdlnuJqDXQwenUVIsOx7rUmqMRMGl0kwoLZ0T6sW0iXPkixBa2sRJIRtS09HFPuo/azFskeGJ8NQcE1s8CAYI4LhOiXldCrVfPqFNrKlS0l26gMBAeACkGtGCYo/Sw7QXEYSs/Wc+h9Hf0RLjWTpb4mkCKHBgZYVTnqMdY03rZZ,iv:F5n/cfEyq9MHJ9BHznPYh1edgIG8z2iXtZAfwrqlEBc=,tag:iX7iczPwdV8vku7ODze5pQ==,type:str] +mac-va-mbp-personal: + user: ENC[AES256_GCM,data:SqN4GK3UYe2EqBtW8pckko3Z5pB+J9yKUiV5EUpB9DTnk0qpufUMM5xdcUPXu5kLLRfrpOHVLU3iKNfXuNrbvgAD/Ex59fvIFMyFcvMOCW7DxAv20GouDsYsm4r/IJ3a5kooo4UolA8O8gPH8ABRdfiBc8qSoUiyNZuCB1s2ap7GVklHzUqsfpAvknhjZJdgNnBKyZd93qkj0sdHLqzrzde462OnTj9r5qPX0wmC51rrUBO9XyWEXcvXhXJf6vStHhVUSayGGn9XxD3opmHeUjdurnV4GtnJQS786oSagcbl0LaqgfLB1xvCc3M0jx5Z8TtHR48TztEXGBXyBfV+qv/hDe+FAydAL7ZITjpYjj1C00CHkMfQdSYyjj8ux9xCfWAq4oeKS+JNlEYiNKE0Q5lQeDrhOT5df9j9tUK3H0I65EEMkV9BMvK+CLnM7Rn5CXhz02wqEryJOmv/LkmU9aUUtmMZdSpKGdd/XSBiD5RpEISkxHipmlXwusha1uLjn6boDCIAQBlfopGqZRkEBJP5/yVJsyHwqlHLnaoWeoM4HENsOD+YUiColHnnSK8x,iv:+OQ0qKDIypVw/gVZW6RqqA76dq95R75ugN+PtTgq+T0=,tag:FmIIl2HHqYAdmfoXizKfXA==,type:str] +lin-va-thinkpad: + host: ENC[AES256_GCM,data:4gZHNXP+rzezfL8UATeAJRyFZsoE24BJ4cWzhYBbgm7VCpQn4tLwFNAtOyLNhOa/zwbbQaysLWbRNt34dw0VKoUiYkZ/YOD1w6j8lZl9U0Yl2O16iw1+uXrCqxax7skDgeF3vKJCQQa3KM/sX13TQ57MKcjEVwGapm/5rQ9h43fhWp3+923fcX6TWtLzJL0sxxnplPkqIPTJVn72VQDOsm1R4+UkY+AxczvsQzuvOpbKWNRjeTc9k0QEe0PsN7SijR8MsT1urrAKPaRJj2DQ0LGpO+6lBLSJN06o6lkOw/k3U7+vRZ4PSX+VexTnsPAis2Zy2JJktO7sZ5bc6kfOu3/hcHAbGFxbB3zueBMmW+LBd7sBdNDBfbFcieCpHpVUmeZNvmHCLhJjUkA/Ob8G6iHstSOMFenGQPb2IT64XwUSFF5RKHZ3JdDhv942Ha6l+ZRCW3rWd+u1WVo40uLSJmGqXCPUyYPi5Jzm0aZy2o0eDi6uCfDPSNhQgRa7+YLXJqXPnft/TJx/tc9Rb628t9oI5C1AOLGCBO6T,iv:eMAeHReoTLXkRbermeZ+2zOh/9dv1F0mqXU703+w/8g=,tag:oN0JjnkY3bt82LPBfdoYBQ==,type:str] + user: ENC[AES256_GCM,data:qaRODwwBXyeCLv3CaCwK7M4n6OSakAqV6/sHnZJLUEhVjrY5R1omjQqHbG2VgBt+McCgvXElGhTZVxnadbGxv+0vhMcnmT1A8VdAovsD7SkLdUY5sPwAkzJCzD1XMA8e1EN/cvJBd48xFmQAHJReKV9SFNugj+Az3ZLqlyRa27BFet5uyOzBokMiYL34nbI+voP0xWNqVOmhexbz77UfGDr/JArdXEJNw5ITxlEpuKMDDcB3xPdoU3aRuZgg0HMH2q1ppeSPPE6PWpgmult6a90Fm320RnCTbSK3eASXh0ciqS6HGc4ej1W0Fy+ZeXhJlqoeash5GH6IMJgAfkW2i79gdd64BIWSKp7XtONFWKIzTSateMwLWYzPPuKSyaqRK0bsdsDCqE7LLyO5C/LCKog2Qnkb+7czYQRGMhnRQDfN/lK1xrbUaLbZPqHLDVG51IjI5c1k6DedjLiCaUrsGxFmqAtytFUQH08fTdT1iJr3cGzJzukXyi9MDQk/Y8mVLbpoVuyyNXPFGNoHSla5l5Ru1ijGuaQ2IuFfjRSaMQ/848g=,iv:1HjULpLbqPUefFiFd7TNT6VFv0pu43RDFC/cD4u+ZBU=,tag:mqiW2GEjDiwnT6bMUosQpg==,type:str] +lin-va-terminal: + user: ENC[AES256_GCM,data:CkE7Kef23kJpWdZMVlMuFM7FPSm/OGU/ye+BHP1kuRnaEFFPWCPeK8wxAqiXg5MyL7cpq2gGHj9OrvqLeceG76PZk2EmrUy+bx6FtETYwINxr7dhXIbqLdloFjmrqWF2SPbn3SyQBb2PSMl5vzg1zdKAHwoo+jyb2AE3plkAiPi7U/RTh9nTBgdzM8jAOpvQJ1+ezaLK+t4YcS9uZ017jacXjVsqZnUYaYvov3UWJDd8fGmIurb1LKo7sTgoZX0PVA6GsAwpzNJmSLZTCMRDEP5AQKe/Sz5HyKSeXDNykMLw5oG1pC9uWDbdMa9k4NW/PonZ/PwkbSStunbT9HSFlCq1ZheZQvI6IQ9irE5nZYGvjHDnibJv3+x7pfpayJFqdjG+fFwdjXP+Knn163MXdx9SqWtOjFhgULomS7fCLkx64EzjNPRqG84O67PP/YUFu7D58uTJ4GGndeM/e2rRZZ5t+6RxTlSATCGLyMvRLQCuuLMBDwlCo5VI8mWGWi91WDVNWjsHqmMpk0ASCwY6zDhLQPxdbkzcLBlG4LxGS124/Sw=,iv:mpkVnd/w1vAj/LpxppzgVOVNgq851bXqaSKz7wff1Q4=,tag:43OhgDHYAlrRO29fecMrrQ==,type:str] +lin-va-desktop: + host: ENC[AES256_GCM,data:4/t4s27KqqYGqogZVcGVjOSujiIzR9UUFz6b9FGfFFFCjz/tE69QvcMiDMde2zXLdjr85mClzRkhj5/RYb+QrdJFIcp+KnvjNuu8khdUVqRJwahyBc4XpKpRcKZX6qr9lKHQHnZjD/sbgn+Wx7Sm+dCxpnlArwGcxYTWOBCJ6KDoIYBd7AwyOZY9zsLJUm2AJyytcnE7cjeca0uXFO8CckRxlkKhBo+Q36kLwvchXne6idDRiqNep1J+4+NsiHW4Z/P1pOqm0YT96Qxd16k7OkonY7gt+ujjZLMvYVb5u0HDd6bc9uNEy+oxRTuxLNS9+1Gyz8bWgvDY2+E6MUZmefSJ6DM6USIJ3hS2oaiUF7MiDRzmSi5bolnFK2pfhRyQuozgPy5D684cvQrVzVZSuP5vwg+0HRmqsYxY+bMWoWwVqFWR9kRTxhzTCuOOLaoY9vPejTJLUlea1o/+NQZoo27Sb/kSRAc2cQDwBoFzqprhvE7sygkUYORd3utSH9B+EogLrBh85BXQmVv03x+6EQxuHKKxYB8LlpcM,iv:LtKNN1cRXap9LJvBMD9fHHXrScfmMOklCBQBbPEzs64=,tag:WsqCUGlyTlHOMvwfOGxAhw==,type:str] + user: ENC[AES256_GCM,data:PqCBjNQ6ACH6qKXhjjzP0QKDXdk7jR8DnvCFrz1RH7+jRMSq30lFSPB62j/TgDx3PXevkNItuT9smyWHjB0eOVS0Ms4R6y3FYITIoY5PaNfGwYIxawpLr3BtFmkS+TLxTKf3WAikejwFTGeR8pl/clDsOlJuSDwGwR+1GghDhanxD+v+J9AizaK0/F88DknA694W+T3Ty2e8tqShV5e6VT2So9tJl78Q+duH458rL9WVMz8NhUW9KlBNYCYXZfRQbkZZojbPK0W70ne1BqNvbGPZXnWNfQQQodd9sQ7uCnyIL1o92uZoAQKAQTmD/fV6PWkLD2JgQD51MxZPBr4KziXgBiqE2xqg6Wtsi8FZMFMWgp+MnmWuNSMhFK5UOwb3894lbltAq0nX5OiYkZVBLKxQeU23fASxbJipzNKtaeP10Nf029GkWIq/zq5sThqmg/O97qse8YJJclMPvOqnO2mQsjktZk7PeJVi3ONnCkxACwk6CQsuzAu3ce+Jddz+lb57q4WFzzj1752vjDY5keacNhSyaalE4YXF7oY6xjy/T6A=,iv:KnZ+3H7tbz47eGZ/R5AFmk9zYHng7ghUozyd/p3Wl8k=,tag:BMXlLI04JAhaLMkmuEC7pQ==,type:str] +sops: + age: + - recipient: age1sac93wpnjcv62s7583jv6a4yspndh6k0r25g3qx3k7gq748uvafst6nz4w + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBcXhLbmU0czdSbDJUR3My + engxSCtaL2Q3TUtwK1gvWlVPN2d2bVg5QlJjCmpjMWo5cEU0ZWpWTVlNczF3alFL + U3QwdXFUTnM1Z3oxSkVEK2JmdUNqQ0UKLS0tIGF3U09rMmRPdmdRZ0dwdDVtZGZS + bFIvV0QxbjZaSTZEVHhWVm9aaFQzZkEKCpWTU3EB4/eeW0X1U8e0XvZqCRri2LOX + yEhVxm3WUF2eQvuEonkso9I/A1fV5OjE2RgldCnqzwW0U7kBtbrc8w== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2026-01-12T03:17:42Z" + mac: ENC[AES256_GCM,data:Ld7+F9dIQTfFuJt7wc3XWXqw4hcojCz8xeKpNoBXrsLfQSjMR+JpHfzWUHgVtnGUTLIpx2d7MQEq5gs+OtYysxuFacX3HrcPVWbDVxDPgG6XryvFAJ/VOUpKC8zoHQcD9uTzd4oibT0rCMUHjmuO6Hz7fGFIjX/devKhRCzRmYk=,iv:HGeyk/EcC2DIb27w/8hBsbGsJ3GueENYg1kokPsGWq4=,tag:Z9orAdD3tiTAzO3WLS7DeQ==,type:str] + unencrypted_suffix: _unencrypted + version: 3.11.0 diff --git a/secrets/lin-va-mbp-personal/evanreichard/default.yaml b/secrets/lin-va-mbp-personal/evanreichard/default.yaml deleted file mode 100644 index 38047c1..0000000 --- a/secrets/lin-va-mbp-personal/evanreichard/default.yaml +++ /dev/null @@ -1,21 +0,0 @@ -rke2_kubeconfig: ENC[AES256_GCM,data:ZfqWAsIcx2h/cyrfkcyQXrO+dzYF7JRkplj3Y9mm4oEiQKeG7xeYdtNAE112PdFfLcI00HQRaKbzrcNBbG1M+kUQZROUk47sr7AqpeRxJIob1ZoTgwN98gQ1W0ikPFYBUw4HIVxmY9wuNyqDk54LNwu47A3hMUmCLEv8sPkk8r7lhA9Vf3HTtTbQBK8VBa5059YJyEIpZjMMaXPZReIR6Gka9qsZ4d1F1B8VYu+fBH2ZIKtG1HMCXzl/RvjaCqtlrk5AptooSQ/upOMq6omHWfBf8oty/0o6yasxYldMawetUW55TOm12QlgdmbDkXqeMAai03N3tj8zMESOVEHVxRzjosVTq4u5DzPAMmLFAk5NYaPpd5c6jlM2Gk7pT9v+X+n+GGYW9xfYLURe1sSy/yWmLXhEhOzLXkyc1T3M1bHWqnXDXfU1bhXWVLKwNDmuS96YWHb1o+Qr+3HTUCPQa70M9Va18O+pERD0Yj/Jz1HxwyAHKClRs06Lo73gl3eY7lOGhnafRSyxR91oMXs+ijSfFk8CNEA/PxKPaXUoKpDLpM6+iPnEmnsAT/kV9IrqnevsIABtzWMR6XHQbRodPowsx2zlSgzJfLkVZ37dsZawALv1FN/XOtrW53Zt8BGK3dIwIM1tRy6nR+UKoN8mQ4KI43MNZ7A7CagCAkWbs3AserDqU+4VYIF/biLVA9q+tZZory7lLraLpByVa2Mi1/JFUW23PyW6fa9nVvBDonzs5M4N7p4/Yw9rdWBWC/1ZQIvSKbTIla+mtDKX6GTlEAsaoJOFc+F8fX8FxGEZtxoXENshoyAvsQSihUbdsKkjDQAIcZ0lHAUKLJyJZSWFRkQsl64MkvBJwGedsMq/zzU8K96iBojYLQspPq8Yp612nxQahRyxAXWFvYAfMmxMqhSbEYuJA62DSUA1KwILZx7yPfKZWXLQzGDnpGyFRuORP+ZjANGXo1eqAED4cHqwZCHTo6q6Zh9zN4Y4jrO/z4G16PwheAi/WTJswzdI83J9FAR3TrKAGyf3a5hR03BNVHBbO+I6dX/Rhwp0eIdR0MPVXJE+CshcTixQNKWK7SRmpDQemAQq3g6c4i5DWB9PUlipkry+pcQzsz1omPLGjf/2Mz2CAdvPnjCYfeTeFxz42s6VJHBBd5Sgg/7ONQTj6QpvFhpP2u8aWmgbPnV3n0phejq9Bpj1lEEEN5JZlU2Swj6t6rtFD5fAZUu3L5FRPg5xZhCV0zu4VXuaEflPdidK35b0jIiz22qpAkw+/0vh36u+kkUOabgpnt+I3CqeCilRuq6tIvtIx2AHFZ4Y9WdfXpjd/BEl2GY8VrxSWzpXS0YYWiNwypJx/J1zzmZZO6G7QcKSpIuoULM4uneBlaZurjXdVT8QzupUmX+CVyXHZUTXX3tM0rFnuDG3uGjOUM+67kS/zd3LJk8fnY1awU08gTOrs7qIDIzqEaEVxvK60XcBqc4dDYG+FTKEOEOi88WGIZH12gFy49epciPaTQMxcKbRftE9R1fZNdze1PwX2lrm891KTBD7YwFJkUin88Ype7bQNI4Djyca0TumZjYKok1AoSzjLTJGYOmiZg9wYyN+6m/FrdM0krgUQzvErtfSFryX4XaLbpPJnpRcdzoiNzwwuVYMLn5mBhj4m08gjiiHQlVlSMSJxpXi6GdXqrMCDudDHyPX5LHh21e2wajZ59p1Y42Gew1dOOP+M/5/0PrwDvqKhUWgAp2q8PzQuQ+ZyCq63jVpTI0/BskiD1iQBwQFDN2A32V9xymnkuS1pKn9xnosNMWVR3R9l6sLQDxH6vJcCEqWvCmxg8n5nfPtgx0E+clmmFFHVQ/xmXbe1lKS1o/M5dLHDG3CdrUpSEf8IC7/qkhaG8d3EmKGFskwJcbpPSzCJfMLS1JuYGJL/m7jqSI5JJ+KzTlPQCjubW74+EEvScTIaQP7e+RtE60LbgkwLprIEfCao3I+P0W4YgqLfE/xF4NQ3qVy3vrXOVGJSR4e0R3rI9RiuHmYoduldqtLr8rhqVqbU33q9s1ifL/62Rh2ZnXcnP4w75eH1EtunucZ2ml9QwHbpG0liKrthvPlmUNVsOhWdwlUfHrCUs8sgLNwW98mgG+7Kva4edejNmaEq/43TtN/RBmrNanB0Dp2SIeEbYRFfLqWGCtIRJpeJF227ggJXxt3fZnCW1eiEihDLKfc3hz+7zo/QlkBkbbj9D1BRURieH7DCr8cvymKa1QL9nRl0aJzWvMg//Q8/nMA23qBays34s4EUrcDin6AnUZIu63eAvxtcesPDTVq31+NatLmty21VG3mk7s7yw1dDwJncCXQ6zYp+SOC90xMFUR++FYcpX6qFiRGk7qNln9hnllwu1SqQYgV/w9MmD6GYLk+/xCUWK3kbCjWZ0Nhxkk+A3snUealYeeK75fZfL8TlAkgKqpRL1KlY3jrDe2rgzQyrHb7AoLukf2RJcXwu3GBP9PLQjJSSJw3vEHltCDnt7YR2KRA5NvJw429brs/4RvkBlX2a593swY63YthWinhCs6I3kgiDVaycpiQit4HCwMATAnhkzD590QLgf/am+7vcQlxl1MCtG6V+mBSIDQw17kxfrq/P18MyKixtREI/TW2lT127JvMlH3Te3f5KDQNyWc5oUP8bsfvxpZ6nO6xrUY1pZ+1eCsapkNalLH5x4yk3viGHiWS7ow44jjaCDraL/YCvGN+7SHjDBIWRpt+/ncrjezxWJa2yN29y+JrJgRxHYmfmZVMHxPGZ9aexCRHxnTVgwlT577VTDltqYi9CC0kQmTPt3CZzSiOP8ht4gwHNuNjNus8qGT9w7nYd81ViCYV/VpMRKmq9cR3rY75U6BU8QO74hFTfDigmGBPxXwGuhWZEWMbmK1Xl867xybVj9UTHhdbgnhta0J9RXm29A9YL3RMdL/DDZNQGq2eMK4CDq2l9X7UdPqbJphXfCv1AmCdufdvzEAq8kVEw5+RQxEOVV0g84G8bH5dOKfOwr7b9Bogtg37+j5pLPJzcoRKl3NynlWMGZVcnkEgRqmzFreXAYIyScE16rIzeEHdL5ngvm9EcPQfAWz6CvylrK7Bl91pJonNYprSqHUO0F4K4/kscm4j90kD5wpGOcrwke2+OI3oqez7QPmfzKnYoSrtcXqbt9lnluqobdYsCHY6mUjn4utROUD+g7gW5yYkxC7R1ySvvt5t63rOX6QH4UP9Uz7dCpo831vMHQ8Am+VFNbLXirq6/2P4TKTnScSQh/OnJ8Sx0/zxbPAb3jwzmx/eFAd+eazL0hCGTnh/D0WxcqfxTItOllsKUGX+md2VAoJQLra07gMJlh1tuDk2+ZXjvOsoGOMAzswpKPLf6TVe5Yi4eEosDM8ZFkVSngF3qx4TB2NcuKl739qUvLf0eL461y7+doJcdC+sl19scJjlEBFmEU9YNoJ8T0m9nT5UIi7l0tuek2i9SpzQRjHym1Y12JsiYoTR83mTBMR33hChE9aMc0FBkNesVJ9SBWOtLsd1i/UxUyZIk/C8shVGPmYplT9QOO/RqwJtvTeOkhrEWQq9zRoGqKQJs+j6VatHOdqVweX4/0icBN5QamXwgH61c7RbT79MDCZHvHSKkAe+eNVw7y6+0ZgCxtiIbo3RJwdRGqy6XHGnRfzRbzjO9H26gBmWX+Z7ZfeHLghen/tOW/qEh+uT1TR+O71GnhOgd1QQh84vyE2U+lAzneHI2gVG8EzA8Ho/UGiXJALQPElkJzR3GXDXVAHAw8Q6wCjLnxpmpkJZEJiJ9uDktKkNdF5uM6oEfQbxpP8uWJQnK4sCaZOTBsqEzyBm+KUXOpt0PbGFmb+gfPHIpO6rNGdWJ/C9F63ZbWhMXfONuLCjMis86lLJimwYH9G0PQWrmh7ENuZB3/giYbVqUjD3yP44axfw,iv:zfbeDFKb3hHQFi9wEuDj8XRqTLhc+2AnJU1roGJVZkU=,tag:mwNz9UCO6lCDK5hMWNLfNw==,type:str] -sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] - age: - - recipient: age1sac93wpnjcv62s7583jv6a4yspndh6k0r25g3qx3k7gq748uvafst6nz4w - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0SnA3M2F0cXZjOGlFSTJw - aE9BNGJsQ1JzelFoQk4yMGlpN2dkVUR4ZUNvCmljSDhsVU4rUnowV2dIdlhZYnMy - aXo2OGZRd21PYk81ZE9pV05XSmpVOEEKLS0tIGhGNkVmTnVYRENEYlBxZXJTaExt - SC91WFNocEN2K1NFK2dBUHYwZTQrVFkKKb3AlaRX96vJwEmxNNAThTlO9ZwtD1tv - c6aBELEbmJFdHOcIJITzmS3YOssDOgTL2TbcSFu8mdAQYsRvxC96HA== - -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-04-07T18:09:21Z" - mac: ENC[AES256_GCM,data:RxVXYkx4JD2l6zIcx051DSyw4yYMWdK23ssaw94jkxlICvDyeZy9aO9kC0bAYqn0iB2BDEdh/0rzNZeJHlkjKQx9+et82iwFdwC9GSTVl/FV39fr9YbsqFQGqMAEo/JqElul9Sjd5vgdC1xQOF+Jceo11F9LhDteOiFn2a3Sv5I=,iv:sb9ah+Tk39FUIDpq4g5YGScIku3w5tVlDDNyxuHS4OY=,tag:nC+yLdj/moS2+nMIzNAOdw==,type:str] - pgp: [] - unencrypted_suffix: _unencrypted - version: 3.9.4 diff --git a/secrets/mac-va-mbp-personal/evanreichard/default.yaml b/secrets/mac-va-mbp-personal/evanreichard/default.yaml deleted file mode 100644 index 4e9c5e6..0000000 --- a/secrets/mac-va-mbp-personal/evanreichard/default.yaml +++ /dev/null @@ -1,26 +0,0 @@ -builder_ssh_key: ENC[AES256_GCM,data:1cYuaFJke/8GyqxPKp2zH/uARvW6Bqx6AsB16U8f3WkDpnxO6kym19MpDyQUBEjJ9Bj3RiBkSSL96jBv4YZfq+1cN8D6E14faKoYF5FZy5o1C+aTl+4L9zbrQIl/QDFh42qcJ6cYsOSjbEJv8kvZQBV7l+LNo8ZX07f76Kld3boouJJMMZWa9oaZgEifTxN4yDOPXTXNjCO3blGnsm+V3FPkba+EUASL9WH6+XLU2oW1Bc/sydOTiKGRJcs5eyqYvKi3evtxUUyqgdPVtUHNTsh6/B5kDLWFavfEfchPHT0LHIuqGJwGBglTp/NJThAoo5vNFAFIAUw9QWlY4alHhsi2L5g49r3s6i+3fGeyGCTP61uffY9HgF7nOdkTVMsRXacKh9fwgdsZAepcU+kJ3LJSdOaa4hUtCsZpFHUe4jA0kTHI1/V+7ak+iw92gNZTLKsCjIOzWFvEBVSXLctPdxQ8ezvF9ekvw5mkAwO7QYonlrQ3MUY/8b1DDOdjmfSwEyrLruew2KajFhm8/NM/2BOwcO/y+DbX2MSe5x0sx4HN79E=,iv:V25Tc7bOxc4wl5lf6gZOstN1InaCb3sfpCHMl65iwn8=,tag:mBFZcX2G3vpAOMw7V12d6w==,type:str] -rke2_kubeconfig: ENC[AES256_GCM,data:oTOBktUE71QNJXqy8l5hhYKF3mSQlLxXE7rjsctyJi4nIk4bhKACGdYkB8B37Ws9QHm5h9tAn9J/ehbWyBwsOFQIhX7S0kov8/HPlatbY3aJ+PiHO5GWRkJjbq+GZrJgdGeOCSRlA5C4lOy9cYbCqbsgfp42cNxOPhOQUyqFNCmsWJvBiJDuQX3Sqk2QoDtfTayho/v5IiJ9Xjms6m1ng98uXmANHK2wFAv4IZ2+7j14jy5RRKylTtjooJxTalSzdODV4wufHOLqFRCeGs9U4A/SEbRWacssdTWOp/wkaumruEpbuRaX33EwFzAxnawD0T/PBA1w9MfrXoz7bYaQ8S0fpWQHTr7xj79yrlJslBvTp/SzC+7LlpdsOtJr/2LpbzwFowMFPOGg0XJUWlkevIIObBuEYyAnlytxlys+2UNx+szOuUsUDTdZlEtTyJT+Xp8WjFlXkHsi66s+rDxDvUcMG6oLy3IYiYA4D7Q65aDgiy87kDmdfItf5koEEpHU2wV20EtAP2mRZ8UNYnDHd3ZV1L2gLXHGMA/sa0Tn0l4fhfr+6K0niQ9RaZxrVfqyChCw4bSCyZZFajZXcEDXsQB5UKsnMmZ3p5ZtRe/mqKydAz/xQc8mZPYFWwXN3uWgOWLRraRib0thg/PQzsbGNrKxoqc0sY3JbUSBcyhtz2x7b0Sj+g8ibtySmSEM1DrcYFdLG/QHbg8MaSOIIlZDDan2SJ0vAd432hI9BBIxj3L0EOfVBkbzEdtuuW7SSCG650X2u4Rd0Kkjc7HoB6pafJTWx2QZ/CMKIZFiHfMJ1zRyxco7SwZzsTRZ1Y0W7qgnssKpqtRNwCfRTdDM/6aZ1HorNP2NombuyGmfvD/EZSt4xxsOZIgioqfghbcsTCFZQPUvfBSZvJ5KBXS8qacBmsUxMLRMyzSbq0mM/S9Rz8oUxN587K7pLTNNiwFsQ9mXlGgh//rzhdAfzQZF/uuMrjqYgxt3iOAT3Nd34RbZ8YK31SRf6lFy7b+hafS1FFVUnW8jnC57eo2wNpHFBNA1y60dokx9P1dzZUVVYK5iCK+QFkUweD9WSo0al09E3By2pQxZ1OS9UOcTxFbpP/WakD57/tkOvmGIirqrexVecDcODelGXhCVeXb8zJQDz2PdXz3M4G0zIV2JcgJDjJy91Rx56vxRQv0/mvPfjexm9gQcTWOpIeUOBGRCfMXMh0g0AANHxDheRa9WzYQ10uDE3DsyMT53+FGW73PyPBk5MzRY/RQXjTEVbhO/e8Km7KOuhRxpohcLHCugEFMqjsW/c5b6GU24s3n69XPxMWtdtMmnf1FaGGufuOXyYd2s1vQqi+542x41HYnXiT6OQwsFttnlbwfrosl9qgSSgsfwXNv7qHQUBDg1KczwlPBZ3cMA/rQUqHL2N4vEp00JoJFjBTbWrin2FCOBafQmpKPv9j/nqiJROr3I93bSaodk0rFOUDWV3Sp/YepeuYb6wY+lMgysg4jDuJxEYQytFfNI2SBd7g4Xh6vBW/GS1/JdaHhh/Ub5/Cqa0Pxl5fBjV1HQIaM8mXi+V90zRVqzKm9vl9wXjXzAk8QvWRiW5ruP3IsMl5myL1KBuFIgZNPkbv8Nap3XDgmO2IvM6gWI3LHW81cgS6dDcsuC2C9zr291MAlYQiaotqQ33u0ga/y8DTXB3mcLTPLpkWWRY+Cc+qVAuD3LwCvd2StUhxUNwDbwVaxtuSk+uWMx1PCPPwHDVB3sm93wbnKrvj0TMHdkh0im+KzSplaMAsCgKJj1YO3Yhjg+E9CwIaYEDKcCE8FNqioSzzaXABQgpa4zUWkWC+D4iD/kSS3Z+BgB0VCytB705SMbmHmAlWnNayFgQLx3xo/TkgF51jEghj2w2gPyTM8gLqq8kvpXnDx95nhfStRu3KZCuCZKadrv0V5mSCCSzw0STDKZjfwYHHMWOnf41UDG7M9+vWHdtZdnJjLvw8gIqmLl0fkw75jFXYXQaNj4vh6MNSp7ABA8wY5Ala/EckHjx9R88czgyvHTLfVOiFgIiOLvldSYmDlaMcyPTVH7JSTiSoZ7aUwNROQE0/C9GyvZH8MGN9Iy6YQAUQYf5jjesoe3dPJf66GmeCKKlAcO1aK91XXow+pWrYJBZilhXJgPNTKltP2ObDLeJ/30KYF7Gee9GvtJaKzBGjYFZZz9nj8ixIBymS+M7N65U8Sw+/37qCnkSDe6VgkMoXXijaPgfToR4yb6FdZOqRlvynbyC+lSO44l2S1CkKbUxrqzZX2pQ6iB1eJdaHmIBYawVg7tJOO3snPXYMiMAgmojrH1BUUpbQRRvG4BTrUOES4N+2etytiZ7N4GEDzshosVaf9NeFBWRGC58siec/BtKwo7HGcsc0zDvcq8MFJ6rEUDbuZuWn3+CvxC9fi4+CzDP3j3K9lOUiXJ6vxv+1eImFMVgQUiV4g2M/JMTv6+Ix8U9dHoaNVjQlnL1NZRo92C/T2WRx42V97hJOe81CXqRLY8mW30MXat7KK+n92bNsWTKZrNsKnzVb+i1YwMAiwG1bw0OCcmfVojozZ4wjUNkFJI2K0v0CCvwVIl9yUKMkCvo+I1m2ZInOXRme2HK82YFg6JxitlQvovdlUndN1Lo4PhaxbW3BNwJSn81FxJ4yh+d34eawZlsQ4l+er2CyWrXSOvQnK1F8UwDB5xgPb8TBj5FD4IZM+op2LPQiaPQZ7bShzpN20W413lBvauirbD8EaZqt2QExmDnYHs1EMcj10bvu7IyKwZTlBqOa/LpyUH/imY4DTB0aYHby+xnLX7760S0sJfKuJ7omQ4QBgz+NSZ/aFfPicugkPsCZI0lS9WCcczvHgbFRzB6YQ5uJEoK5o5SdVTpYWUBvuLbJ6IOKNKWxlBcrsj4aPm+AAsxRc9cHPbrCns6y01K2wCYCL5nzK7jnneQiR4edtfnwMlUoo3c6/vzwiof4EVVrN29QxVsIA/9yqk375mKlI/l7/eOf083Kbad215wvZ+0U7cgI0oaaVvapj3Ni3e3Es8XUIQCua5HRE6d4M6A7P+Ye1Wkt+8oTpKJzd9Hn/ITwCYVssdpMSwF2ARHgmTtq+sacvkR9gojG/LAJMUwA48Sc4M5rn+5vTCRTvuKXDFphLSUwNzqd58YENC/HJjZS8+co+BN7AaafrybfA0QQrXkY7f+elsAFmNfho+taMpkfQZCmmgfoHPVPYR0pxkV1czCymm5lTjgkC7e4ydngcyJSrUzrXrWREkEcEdXoSRt1/JHABKRbvRuTbuUlah1xS1pvffosnA7KJL+aTLErkWwww3WUPMRrvmhVlWZqHGqE8lCRyMUPny7li3I2IB+aHFXepYwZSMMQPIOIiE19Oz7MsaIrMknqfTtdc58McEPGUPKiVO8x+nfRQPY45jFF60XtiK+yemYDicUGMSkWdtVLXgDCD+KAJz5YzBl5YbnPD9L1X9pB8P0vEpnKC6X+GGiaPflVGiNAKRTUyVv8CJ+Yh+KEfJw8og/P6d/7dSKheBeAdaliigZ9qG8xfyY0jE++xedaxIcOBObBu6j70j+Tpp5bUPN25FyVR2GqG4xz5YbuhnrRjhA6lAh0nppPlP+Oz/j9pPvPaDGESLZ/WM6MWru7R8DrHePBtulRvhvwUsmrjosPXuCNGU4sd1MFh6kNyyJH3W1quy3IopUij0Amu40mmd8XEzsN2nmT2Eh3NCd/r/2yj/t+xwxNcQZ+bfxeMFOiEfX5RU2paKNrRIDUEbgR1rS8A3PEUPTxwTP10IuY+IMToCSgZkVIq7UjXg0Bx9QdwvXcN74ADwkD0Un5+jLf4mo43QacwnBLpm24XqDzO09vKOzA9XU5fdC6AJ4mqAJ5J/XU8bC1RWiSCul6NekoJAPVgMlpWTPCAdSrWeYoE0d7lVkl+g+nEIS4sb,iv:mC5XSWReVzjwheF1IzCzp34JRvL/vJipyaKhptkH+cU=,tag:SDoNiaWaPKzruj+HPv5jbw==,type:str] -sops: - age: - - recipient: age1sac93wpnjcv62s7583jv6a4yspndh6k0r25g3qx3k7gq748uvafst6nz4w - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBuVWFObG51K2lTYlZidXBU - aW55RnpkVDExbVBkNDl4NkV3MFNkNThjbWdZCklhWkVSaWpPSE1VY09iWGlPVE9Q - bW1SY05jK3BwcDIwSHdMZjJHdWQyQkkKLS0tIHZYS2c2U2xtQ1QxajlKeWpmNXZW - bmdpcTl2NjRWM3F3Q2RHbk1rTEFvZEkKWag1nmqFZMRjwFtIo6oqs+9UI/Mer5bK - Ax7P7uwoZdiMN2g84W1pNTjj6GktFn3jrBaE+MxY6NUBr02apkRYZw== - -----END AGE ENCRYPTED FILE----- - - recipient: age1dccte7xtwswgef089nd80dutp96xnezx5lrqnneh9cusegsnda8sj3dj6c - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB5cURST1FTbVk4RGZTaitF - MEt3Z2U0a004Zmo0VG1BN29DUnBLNGxPMEJFCkcyL1JrMkZsSTM5WCtZSldSeGZw - SmdpV3AxRDJyVW1WMXBuclhBSDkvTXcKLS0tIDZsU2pBbEFHNkdqWW1CZW1hdVN3 - eW9OdlJmS21IVDNVNk9OMjZBT21PUTAK+lpsdEp2uvg8nFWu/hPtK0+Ahi5J//5d - NB6JJ7lwRWKy2NppFf9sy20Y1Z0Z5Ui40nbnURRzYgtsqbKBveUDcA== - -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-07-29T23:30:28Z" - mac: ENC[AES256_GCM,data:x3dnanNbIX0fippbbFqOSR9ptZGdAwWuyn7hf3z6i43rk8Nk9p9EVqmE4/Guz2QY2tG/cph/5/nwX4UCO4ixAdB7pAWZa6lI1JdFzMBfW1IGeXOLyprDt6xdFnCVXjy64HgNWiVOPUS4+olxNZ0LPmCof7odqn+Axj+icFK3N34=,iv:OyFac4TxnKXwJ0l7LcJTqVyl11gIpw8fvEAEQTrEBc0=,tag:zMOGwIwAZmel+4EIqy9/tQ==,type:str] - unencrypted_suffix: _unencrypted - version: 3.10.2 diff --git a/systems/aarch64-darwin/mac-va-mbp-personal/default.nix b/systems/aarch64-darwin/mac-va-mbp-personal/default.nix index c57fc25..e74c043 100644 --- a/systems/aarch64-darwin/mac-va-mbp-personal/default.nix +++ b/systems/aarch64-darwin/mac-va-mbp-personal/default.nix @@ -1,4 +1,7 @@ -{ lib, ... }: +{ lib, namespace, ... }: +let + inherit (lib.${namespace}) enabled; +in { system.stateVersion = 6; nix.enable = false; @@ -11,11 +14,7 @@ }; security = { - sops = { - enable = true; - sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; - defaultSopsFile = lib.snowfall.fs.get-file "secrets/mac-va-mbp-personal/default.yaml"; - }; + sops = enabled; }; }; } diff --git a/systems/aarch64-linux/lin-va-mbp-personal/default.nix b/systems/aarch64-linux/lin-va-mbp-personal/default.nix index 8778658..ef1ee87 100755 --- a/systems/aarch64-linux/lin-va-mbp-personal/default.nix +++ b/systems/aarch64-linux/lin-va-mbp-personal/default.nix @@ -41,10 +41,7 @@ in }; security = { - sops = { - enable = true; - defaultSopsFile = lib.snowfall.fs.get-file "secrets/lin-va-mbp-personal/default.yaml"; - }; + sops = enabled; }; virtualisation = { diff --git a/systems/x86_64-linux/lin-va-desktop/default.nix b/systems/x86_64-linux/lin-va-desktop/default.nix index bbcafb5..c0d4adf 100755 --- a/systems/x86_64-linux/lin-va-desktop/default.nix +++ b/systems/x86_64-linux/lin-va-desktop/default.nix @@ -6,7 +6,6 @@ let inherit (lib.${namespace}) enabled; - llama-swap = pkgs.reichard.llama-swap; llama-cpp = pkgs.reichard.llama-cpp; stable-diffusion-cpp = pkgs.reichard.stable-diffusion-cpp.override { cudaSupport = true; @@ -15,7 +14,10 @@ in { system.stateVersion = "25.11"; time.timeZone = "America/New_York"; + boot.supportedFilesystems = [ "nfs" ]; + nixpkgs.config.allowUnfree = true; hardware.nvidia-container-toolkit.enable = true; + security.pam.loginLimits = [ { domain = "*"; @@ -31,8 +33,6 @@ in } ]; - nixpkgs.config.allowUnfree = true; - fileSystems."/mnt/ssd" = { device = "/dev/disk/by-id/ata-Samsung_SSD_870_EVO_1TB_S6PTNZ0R620739L-part1"; fsType = "exfat"; @@ -82,308 +82,16 @@ in services = { openssh = enabled; + llama-swap = enabled; mosh = enabled; }; virtualisation = { podman = enabled; }; - }; - systemd.services.llama-swap.serviceConfig.LimitMEMLOCK = "infinity"; - services.llama-swap = { - enable = true; - openFirewall = true; - package = llama-swap; - settings = { - models = { - # https://huggingface.co/unsloth/Devstral-Small-2-24B-Instruct-2512-GGUF/tree/main - "devstral-small-2-instruct" = { - name = "Devstral Small 2 (24B) - Instruct"; - cmd = '' - ${llama-cpp}/bin/llama-server \ - --port ''${PORT} \ - -m /mnt/ssd/Models/Devstral/Devstral-Small-2-24B-Instruct-2512-UD-Q4_K_XL.gguf \ - --chat-template-file /mnt/ssd/Models/Devstral/Devstral-Small-2-24B-Instruct-2512-UD-Q4_K_XL_template.jinja \ - --temp 0.15 \ - -c 98304 \ - -ctk q8_0 \ - -ctv q8_0 \ - -fit off \ - -dev CUDA0 - ''; - env = [ "GGML_CUDA_ENABLE_UNIFIED_MEMORY=1" ]; - }; - - # https://huggingface.co/mradermacher/gpt-oss-20b-heretic-v2-i1-GGUF/tree/main - # --chat-template-kwargs '{\"reasoning_effort\":\"low\"}' - "gpt-oss-20b-thinking" = { - name = "GPT OSS (20B) - Thinking"; - cmd = '' - ${llama-cpp}/bin/llama-server \ - --port ''${PORT} \ - -m /mnt/ssd/Models/GPT-OSS/gpt-oss-20b-F16.gguf \ - -c 131072 \ - --temp 1.0 \ - --top-p 1.0 \ - --top-k 40 \ - -dev CUDA0 - ''; - env = [ "GGML_CUDA_ENABLE_UNIFIED_MEMORY=1" ]; - }; - - # https://huggingface.co/mradermacher/GPT-OSS-Cybersecurity-20B-Merged-i1-GGUF/tree/main - "gpt-oss-csec-20b-thinking" = { - name = "GPT OSS CSEC (20B) - Thinking"; - cmd = '' - ${llama-cpp}/bin/llama-server \ - --port ''${PORT} \ - -m /mnt/ssd/Models/GPT-OSS/GPT-OSS-Cybersecurity-20B-Merged.i1-MXFP4_MOE.gguf \ - -c 131072 \ - --temp 1.0 \ - --top-p 1.0 \ - --top-k 40 \ - -dev CUDA0 - ''; - env = [ "GGML_CUDA_ENABLE_UNIFIED_MEMORY=1" ]; - }; - - # https://huggingface.co/shb777/Llama-3.3-8B-Instruct-GGUF/tree/main - # llama-server --host 0.0.0.0 --port 8081 -m /mnt/ssd/Models/Llama/llama-3.3-8b-instruct-q6_k.gguf -c 131072 -dev CUDA0 -fit off - - # https://huggingface.co/unsloth/Qwen3-Next-80B-A3B-Instruct-GGUF/tree/main - "qwen3-next-80b-instruct" = { - name = "Qwen3 Next (80B) - Instruct"; - cmd = '' - ${llama-cpp}/bin/llama-server \ - --port ''${PORT} \ - -m /mnt/ssd/Models/Qwen3/Qwen3-Next-80B-A3B-Instruct-UD-Q2_K_XL.gguf \ - -c 262144 \ - --temp 0.7 \ - --min-p 0.0 \ - --top-p 0.8 \ - --top-k 20 \ - --repeat-penalty 1.05 \ - -ctk q8_0 \ - -ctv q8_0 \ - -fit off - ''; - env = [ "GGML_CUDA_ENABLE_UNIFIED_MEMORY=1" ]; - }; - - # https://huggingface.co/unsloth/Qwen3-30B-A3B-Instruct-2507-GGUF/tree/main - "qwen3-30b-2507-instruct" = { - name = "Qwen3 2507 (30B) - Instruct"; - cmd = '' - ${llama-cpp}/bin/llama-server \ - --port ''${PORT} \ - -m /mnt/ssd/Models/Qwen3/Qwen3-30B-A3B-Instruct-2507-Q4_K_M.gguf \ - -c 262144 \ - --temp 0.7 \ - --min-p 0.0 \ - --top-p 0.8 \ - --top-k 20 \ - --repeat-penalty 1.05 \ - -ctk q8_0 \ - -ctv q8_0 \ - -ts 70,30 - ''; - env = [ "GGML_CUDA_ENABLE_UNIFIED_MEMORY=1" ]; - }; - - # https://huggingface.co/unsloth/Qwen3-Coder-30B-A3B-Instruct-GGUF/tree/main - "qwen3-coder-30b-instruct" = { - name = "Qwen3 Coder (30B) - Instruct"; - cmd = '' - ${llama-cpp}/bin/llama-server \ - --port ''${PORT} \ - -m /mnt/ssd/Models/Qwen3/Qwen3-Coder-30B-A3B-Instruct-UD-Q6_K_XL.gguf \ - -c 131072 \ - --temp 0.7 \ - --min-p 0.0 \ - --top-p 0.8 \ - --top-k 20 \ - --repeat-penalty 1.05 \ - -ctk q8_0 \ - -ctv q8_0 \ - -ts 70,30 - ''; - env = [ "GGML_CUDA_ENABLE_UNIFIED_MEMORY=1" ]; - }; - - # https://huggingface.co/unsloth/Qwen3-30B-A3B-Thinking-2507-GGUF/tree/main - "qwen3-30b-2507-thinking" = { - name = "Qwen3 2507 (30B) - Thinking"; - cmd = '' - ${llama-cpp}/bin/llama-server \ - --port ''${PORT} \ - -m /mnt/ssd/Models/Qwen3/Qwen3-30B-A3B-Thinking-2507-UD-Q4_K_XL.gguf \ - -c 262144 \ - --temp 0.7 \ - --min-p 0.0 \ - --top-p 0.8 \ - --top-k 20 \ - --repeat-penalty 1.05 \ - -ctk q8_0 \ - -ctv q8_0 \ - -ts 70,30 - ''; - env = [ "GGML_CUDA_ENABLE_UNIFIED_MEMORY=1" ]; - }; - - # https://huggingface.co/unsloth/Nemotron-3-Nano-30B-A3B-GGUF/tree/main - "nemotron-3-nano-30b-thinking" = { - name = "Nemotron 3 Nano (30B) - Thinking"; - cmd = '' - ${llama-cpp}/bin/llama-server \ - --port ''${PORT} \ - -m /mnt/ssd/Models/Nemotron/Nemotron-3-Nano-30B-A3B-UD-Q4_K_XL.gguf \ - -c 1048576 \ - --temp 1.1 \ - --top-p 0.95 \ - -fit off - ''; - env = [ "GGML_CUDA_ENABLE_UNIFIED_MEMORY=1" ]; - }; - - # https://huggingface.co/unsloth/Qwen3-VL-8B-Instruct-GGUF/tree/main - "qwen3-8b-vision" = { - name = "Qwen3 Vision (8B) - Thinking"; - cmd = '' - ${llama-cpp}/bin/llama-server \ - --port ''${PORT} \ - -m /mnt/ssd/Models/Qwen3/Qwen3-VL-8B-Instruct-UD-Q4_K_XL.gguf \ - --mmproj /mnt/ssd/Models/Qwen3/Qwen3-VL-8B-Instruct-UD-Q4_K_XL_mmproj-F16.gguf \ - -c 65536 \ - --temp 0.7 \ - --min-p 0.0 \ - --top-p 0.8 \ - --top-k 20 \ - -ctk q8_0 \ - -ctv q8_0 \ - -fit off \ - -dev CUDA1 - ''; - env = [ "GGML_CUDA_ENABLE_UNIFIED_MEMORY=1" ]; - }; - - # https://huggingface.co/unsloth/Qwen2.5-Coder-7B-Instruct-128K-GGUF/tree/main - "qwen2.5-coder-7b-instruct" = { - name = "Qwen2.5 Coder (7B) - Instruct"; - cmd = '' - ${llama-cpp}/bin/llama-server \ - -m /mnt/ssd/Models/Qwen2.5/Qwen2.5-Coder-7B-Instruct-Q8_0.gguf \ - --fim-qwen-7b-default \ - -c 131072 \ - --port ''${PORT} \ - -fit off \ - -dev CUDA1 - ''; - env = [ "GGML_CUDA_ENABLE_UNIFIED_MEMORY=1" ]; - }; - - # https://huggingface.co/unsloth/Qwen2.5-Coder-3B-Instruct-128K-GGUF/tree/main - "qwen2.5-coder-3b-instruct" = { - name = "Qwen2.5 Coder (3B) - Instruct"; - cmd = '' - ${llama-cpp}/bin/llama-server \ - -m /mnt/ssd/Models/Qwen2.5/Qwen2.5-Coder-3B-Instruct-Q8_0.gguf \ - --fim-qwen-3b-default \ - --port ''${PORT} \ - -fit off \ - -dev CUDA1 - ''; - env = [ "GGML_CUDA_ENABLE_UNIFIED_MEMORY=1" ]; - }; - - # https://huggingface.co/unsloth/Qwen3-4B-Instruct-2507-GGUF/tree/main - "qwen3-4b-2507-instruct" = { - name = "Qwen3 2507 (4B) - Instruct"; - cmd = '' - ${llama-cpp}/bin/llama-server \ - --port ''${PORT} \ - -m /mnt/ssd/Models/Qwen3/Qwen3-4B-Instruct-2507-Q4_K_M.gguf \ - -c 98304 \ - -fit off \ - -ctk q8_0 \ - -ctv q8_0 \ - -dev CUDA1 - ''; - env = [ "GGML_CUDA_ENABLE_UNIFIED_MEMORY=1" ]; - }; - - "z-image-turbo" = { - name = "Z-Image-Turbo"; - checkEndpoint = "/"; - cmd = '' - ${stable-diffusion-cpp}/bin/sd-server \ - --listen-port ''${PORT} \ - --diffusion-fa \ - --diffusion-model /mnt/ssd/StableDiffusion/ZImageTurbo/z-image-turbo-Q8_0.gguf \ - --vae /mnt/ssd/StableDiffusion/ZImageTurbo/ae.safetensors \ - --llm /mnt/ssd/Models/Qwen3/Qwen3-4B-Instruct-2507-Q4_K_M.gguf \ - --cfg-scale 1.0 \ - --steps 9 \ - --rng cuda - ''; - env = [ "GGML_CUDA_ENABLE_UNIFIED_MEMORY=1" ]; - }; - - "qwen-image-edit" = { - name = "Qwen Image Edit"; - checkEndpoint = "/"; - cmd = '' - ${stable-diffusion-cpp}/bin/sd-server \ - --listen-port ''${PORT} \ - --diffusion-fa \ - --diffusion-model /mnt/ssd/StableDiffusion/QwenImageEdit/Qwen-Rapid-v18_Q5_K.gguf \ - --vae /mnt/ssd/StableDiffusion/QwenImageEdit/qwen_image_vae.safetensors \ - --llm /mnt/ssd/Models/Qwen2.5/Qwen2.5-VL-7B-Instruct.Q4_K_M.gguf \ - --cfg-scale 2.5 \ - --sampling-method euler \ - --flow-shift 3 \ - --steps 9 \ - --rng cuda - ''; - env = [ "GGML_CUDA_ENABLE_UNIFIED_MEMORY=1" ]; - }; - }; - - groups = { - shared = { - swap = true; - exclusive = false; - members = [ - "nemotron-3-nano-30b-thinking" - "qwen3-30b-2507-instruct" - "qwen3-30b-2507-thinking" - "qwen3-coder-30b-instruct" - "qwen3-next-80b-instruct" - ]; - }; - - cuda0 = { - swap = true; - exclusive = false; - members = [ - "devstral-small-2-instruct" - "gpt-oss-20b-thinking" - "gpt-oss-csec-20b-thinking" - ]; - }; - - cuda1 = { - swap = true; - exclusive = false; - members = [ - "qwen2.5-coder-3b-instruct" - "qwen2.5-coder-7b-instruct" - "qwen3-4b-2507-instruct" - "qwen3-8b-vision" - ]; - }; - - }; + security = { + sops = enabled; }; }; diff --git a/systems/x86_64-linux/lin-va-thinkpad/default.nix b/systems/x86_64-linux/lin-va-thinkpad/default.nix index 08398bc..f16abbb 100755 --- a/systems/x86_64-linux/lin-va-thinkpad/default.nix +++ b/systems/x86_64-linux/lin-va-thinkpad/default.nix @@ -58,6 +58,7 @@ in }; services = { + openssh = enabled; tailscale = enabled; avahi = enabled; ydotool = enabled; @@ -79,10 +80,7 @@ in }; security = { - sops = { - enable = true; - defaultSopsFile = lib.snowfall.fs.get-file "secrets/lin-va-thinkpad/default.yaml"; - }; + sops = enabled; }; };