buskerud: Temporarily added ozai and ozai-webui

quickfix: bekkalokk/mediawiki: remove DeleteBatch
bekkalokk/vaultarden: Add kTLS
2024-06-22 17:26:01 +02:00 · 2024-05-27 11:02:35 +02:00 · 2024-05-26 10:50:29 +02:00 · 2024-05-26 04:21:28 +02:00 · 2024-05-26 04:19:17 +02:00
17 changed files with 1889 additions and 125 deletions
--- a/.sops.yaml
+++ b/.sops.yaml
@@ -10,7 +10,6 @@ keys:
  - &host_ildkule age1x28hmzvuv6f2n66c0jtqcca3h9rput8d7j5uek6jcpx8n9egd52sqpejq0
  - &host_bekkalokk age12nj59tguy9wg882updc2vjdusx5srnxmjyfaqve4zx6jnnsaw3qsyjq6zd
  - &host_bicep age1sl43gc9cw939z5tgha2lpwf0xxxgcnlw7w4xem4sqgmt2pt264vq0dmwx2
  - &host_buskerud age1tmn5qahlyf0e579e4camckdyxrexjzffv54hdzdnrw7lzqs7kyqq0f2fr3
 creation_rules:
  # Global secrets
@@ -61,10 +60,3 @@ creation_rules:
      - *user_felixalb
      pgp:
      - *user_oysteikt
  - path_regex: secrets/buskerud/[^/]+\.yaml$
    key_groups:
    - age:
      - *host_buskerud
      - *user_danio
      - *user_eirikwit
--- a/flake.lock
+++ b/flake.lock
@@ -7,11 +7,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1716431128,
+        "lastModified": 1715445235,
-        "narHash": "sha256-t3T8HlX3udO6f4ilLcN+j5eC3m2gqsouzSGiriKK6vk=",
+        "narHash": "sha256-SUu+oIWn+xqQIOlwfwNfS9Sek4i1HKsrLJchsDReXwA=",
        "owner": "nix-community",
        "repo": "disko",
-        "rev": "7ffc4354dfeb37c8c725ae1465f04a9b45ec8606",
+        "rev": "159d87ea5b95bbdea46f0288a33c5e1570272725",
        "type": "github"
      },
      "original": {
@@ -67,11 +67,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1716065905,
+        "lastModified": 1715364232,
-        "narHash": "sha256-08uhxBzfakfhl/ooc+gMzDupWKYvTeyQZwuvB1SBS7A=",
+        "narHash": "sha256-ZJC3SkanEgbV7p+LFhP+85CviRWOXJNHzZwR/Stb7hE=",
        "owner": "Programvareverkstedet",
        "repo": "grzegorz",
-        "rev": "0481aef6553ae9aee86e4edb4ca0ed4f2eba2058",
+        "rev": "3841cda1cdcac470440b06838d56a2eb2256378c",
        "type": "github"
      },
      "original": {
@@ -87,11 +87,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1716115695,
+        "lastModified": 1715384651,
-        "narHash": "sha256-aI65l4x+U5v3i/nfn6N3eW5IZodmf4pyAByE7vTJh8I=",
+        "narHash": "sha256-7RhckgUTjqeCjWkhiCc1iB+5CBx9fl80d/3O4Jh+5kM=",
        "owner": "Programvareverkstedet",
        "repo": "grzegorz-clients",
-        "rev": "b9444658fbb39cd1bf1c61ee5a1d5f0641c49abe",
+        "rev": "738a4f3dd887f7c3612e4e772b83cbfa3cde5693",
        "type": "github"
      },
      "original": {
@@ -107,16 +107,15 @@
        ]
      },
      "locked": {
-        "lastModified": 1717234745,
+        "lastModified": 1710311999,
-        "narHash": "sha256-MFyKRdw4WQD6V3vRGbP6MYbtJhZp712zwzjW6YiOBYM=",
+        "narHash": "sha256-s0pT1NyrMgeolUojXXcnXQDymN7m80GTF7itCv0ZH20=",
        "owner": "dali99",
        "repo": "nixos-matrix-modules",
-        "rev": "d7dc42c9bbb155c5e4aa2f0985d0df75ce978456",
+        "rev": "6c9b67974b839740e2a738958512c7a704481157",
        "type": "github"
      },
      "original": {
        "owner": "dali99",
        "ref": "v0.6.0",
        "repo": "nixos-matrix-modules",
        "type": "github"
      }
@@ -143,26 +142,26 @@
    },
    "nixpkgs": {
      "locked": {
-        "lastModified": 1716586607,
+        "lastModified": 1715410392,
-        "narHash": "sha256-PzpeC/xi0+YTGJS5rdbcOqVgIryuWHkimMVXoCIidgA=",
+        "narHash": "sha256-ltp1jQps9tym0uWNl/lTniHSQngCtNIyzlymu+ZSyts=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "03309929e115bba1339308814f8b6e63f250fedf",
+        "rev": "9f8bf7503bd85d5208575f4bd81c8b1fc999a468",
        "type": "github"
      },
      "original": {
        "id": "nixpkgs",
-        "ref": "nixos-24.05-small",
+        "ref": "nixos-23.11-small",
        "type": "indirect"
      }
    },
    "nixpkgs-stable": {
      "locked": {
-        "lastModified": 1716061101,
+        "lastModified": 1714858427,
-        "narHash": "sha256-H0eCta7ahEgloGIwE/ihkyGstOGu+kQwAiHvwVoXaA0=",
+        "narHash": "sha256-tCxeDP4C1pWe2rYY3IIhdA40Ujz32Ufd4tcrHPSKx2M=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "e7cc61784ddf51c81487637b3031a6dd2d6673a2",
+        "rev": "b980b91038fc4b09067ef97bbe5ad07eecca1e76",
        "type": "github"
      },
      "original": {
@@ -174,11 +173,11 @@
    },
    "nixpkgs-unstable": {
      "locked": {
-        "lastModified": 1716660083,
+        "lastModified": 1715435713,
-        "narHash": "sha256-QO7cdjtDhx72KEw6m0NOtuE5FS4asaRExZ65uFR/q8g=",
+        "narHash": "sha256-lb2HqDQGfTdnCCpc1pgF6fkdgIOuBQ0nP8jjVSfLFqg=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "6de51d98ec2ae46730f11845e221aab9d2470a8a",
+        "rev": "52b40f6c4be12742b1504ca2eb4527e597bf2526",
        "type": "github"
      },
      "original": {
@@ -249,11 +248,11 @@
        "nixpkgs-stable": "nixpkgs-stable"
      },
      "locked": {
-        "lastModified": 1716400300,
+        "lastModified": 1715244550,
-        "narHash": "sha256-0lMkIk9h3AzOHs1dCL9RXvvN4PM8VBKb+cyGsqOKa4c=",
+        "narHash": "sha256-ffOZL3eaZz5Y1nQ9muC36wBCWwS1hSRLhUzlA9hV2oI=",
        "owner": "Mic92",
        "repo": "sops-nix",
-        "rev": "b549832718b8946e875c016a4785d204fcfc2e53",
+        "rev": "0dc50257c00ee3c65fef3a255f6564cfbfe6eb7f",
        "type": "github"
      },
      "original": {
--- a/flake.nix
+++ b/flake.nix
@@ -2,7 +2,7 @@
  description = "PVV System flake";
  inputs = {
-    nixpkgs.url = "nixpkgs/nixos-24.05-small";
+    nixpkgs.url = "nixpkgs/nixos-23.11-small";
    nixpkgs-unstable.url = "nixpkgs/nixos-unstable-small";
    sops-nix.url = "github:Mic92/sops-nix";
@@ -17,7 +17,7 @@
    pvv-calendar-bot.url = "git+https://git.pvv.ntnu.no/Projects/calendar-bot.git";
    pvv-calendar-bot.inputs.nixpkgs.follows = "nixpkgs";
-    matrix-next.url = "github:dali99/nixos-matrix-modules/v0.6.0";
+    matrix-next.url = "github:dali99/nixos-matrix-modules";
    matrix-next.inputs.nixpkgs.follows = "nixpkgs";
    nix-gitea-themes.url = "git+https://git.pvv.ntnu.no/oysteikt/nix-gitea-themes.git";
@@ -27,9 +27,15 @@
    grzegorz.inputs.nixpkgs.follows = "nixpkgs-unstable";
    grzegorz-clients.url = "github:Programvareverkstedet/grzegorz-clients";
    grzegorz-clients.inputs.nixpkgs.follows = "nixpkgs";
    ozai.url = "git+https://git.pvv.ntnu.no/Projects/ozai.git";
    ozai.inputs.nixpkgs.follows = "nixpkgs";
    ozai-webui.url = "git+https://git.pvv.ntnu.no/adriangl/ozai-webui.git";
    ozai-webui.inputs.nixpkgs.follows = "nixpkgs";
  };
-  outputs = { self, nixpkgs, nixpkgs-unstable, pvv-nettsiden, sops-nix, disko, ... }@inputs:
+  outputs = { self, nixpkgs, nixpkgs-unstable, pvv-nettsiden, sops-nix, disko, ozai, ozai-webui, ... }@inputs:
  let
    nixlib = nixpkgs.lib;
    systems = [
@@ -121,7 +127,12 @@
          inputs.grzegorz-clients.nixosModules.grzegorz-webui
        ];
      };
-      buskerud = stableNixosConfig "buskerud" { };
+      buskerud = stableNixosConfig "buskerud" {
        modules = [
          ozai.nixosModules.ozai
          ozai-webui.nixosModules.ozai-webui
        ];
      };
    };
    devShells = forAllSystems (system: {
--- a/hosts/bekkalokk/configuration.nix
+++ b/hosts/bekkalokk/configuration.nix
@@ -6,13 +6,14 @@
    ../../base.nix
    ../../misc/metrics-exporters.nix
    ./services/website
    ./services/nginx.nix
    ./services/gitea/default.nix
    ./services/kerberos
    ./services/webmail
    ./services/mediawiki
    ./services/idp-simplesamlphp
    ./services/kerberos
    ./services/mediawiki
    ./services/nginx.nix
    ./services/vaultwarden.nix
    ./services/webmail
    ./services/website
  ];
  sops.defaultSopsFile = ../../secrets/bekkalokk/bekkalokk.yaml;
--- a/hosts/bekkalokk/services/gitea/default.nix
+++ b/hosts/bekkalokk/services/gitea/default.nix
@@ -28,7 +28,7 @@ in {
    database = {
      type = "postgres";
      host = "postgres.pvv.ntnu.no";
-      port = config.services.postgresql.settings.port;
+      port = config.services.postgresql.port;
      passwordFile = config.sops.secrets."gitea/database".path;
      createDatabase = false;
    };
--- a/hosts/bekkalokk/services/kerberos/default.nix
+++ b/hosts/bekkalokk/services/kerberos/default.nix
@@ -3,14 +3,14 @@
  #######################
  # TODO: remove these once nixos 24.05 gets released
  #######################
-  # imports = [
+  imports = [
-  #   ./krb5.nix
+    ./krb5.nix
-  #   ./pam.nix
+    ./pam.nix
-  # ];
+  ];
-  # disabledModules = [
+  disabledModules = [
-  #   "config/krb5/default.nix"
+    "config/krb5/default.nix"
-  #   "security/pam.nix"
+    "security/pam.nix"
-  # ];
+  ];
  #######################
  security.krb5 = {
--- a/hosts/bekkalokk/services/kerberos/krb5-conf-format.nix
+++ b/hosts/bekkalokk/services/kerberos/krb5-conf-format.nix
@@ -0,0 +1,88 @@
 { pkgs, lib, ... }:
 # Based on
 # - https://web.mit.edu/kerberos/krb5-1.12/doc/admin/conf_files/krb5_conf.html
 # - https://manpages.debian.org/unstable/heimdal-docs/krb5.conf.5heimdal.en.html
 let
  inherit (lib) boolToString concatMapStringsSep concatStringsSep filter
    isAttrs isBool isList mapAttrsToList mdDoc mkOption singleton splitString;
  inherit (lib.types) attrsOf bool coercedTo either int listOf oneOf path
    str submodule;
 in
 { }: {
  type = let
    section = attrsOf relation;
    relation = either (attrsOf value) value;
    value = either (listOf atom) atom;
    atom = oneOf [int str bool];
  in submodule {
    freeformType = attrsOf section;
    options = {
      include = mkOption {
        default = [ ];
        description = mdDoc ''
          Files to include in the Kerberos configuration.
        '';
        type = coercedTo path singleton (listOf path);
      };
      includedir = mkOption {
        default = [ ];
        description = mdDoc ''
          Directories containing files to include in the Kerberos configuration.
        '';
        type = coercedTo path singleton (listOf path);
      };
      module = mkOption {
        default = [ ];
        description = mdDoc ''
          Modules to obtain Kerberos configuration from.
        '';
        type = coercedTo path singleton (listOf path);
      };
    };
  };
  generate = let
    indent = str: concatMapStringsSep "\n" (line: "  " + line) (splitString "\n" str);
    formatToplevel = args @ {
      include ? [ ],
      includedir ? [ ],
      module ? [ ],
      ...
    }: let
      sections = removeAttrs args [ "include" "includedir" "module" ];
    in concatStringsSep "\n" (filter (x: x != "") [
      (concatStringsSep "\n" (mapAttrsToList formatSection sections))
      (concatMapStringsSep "\n" (m: "module ${m}") module)
      (concatMapStringsSep "\n" (i: "include ${i}") include)
      (concatMapStringsSep "\n" (i: "includedir ${i}") includedir)
    ]);
    formatSection = name: section: ''
      [${name}]
      ${indent (concatStringsSep "\n" (mapAttrsToList formatRelation section))}
    '';
    formatRelation = name: relation:
      if isAttrs relation
      then ''
        ${name} = {
        ${indent (concatStringsSep "\n" (mapAttrsToList formatValue relation))}
        }''
      else formatValue name relation;
    formatValue = name: value:
      if isList value
      then concatMapStringsSep "\n" (formatAtom name) value
      else formatAtom name value;
    formatAtom = name: atom: let
      v = if isBool atom then boolToString atom else toString atom;
    in "${name} = ${v}";
  in
    name: value: pkgs.writeText name ''
      ${formatToplevel value}
    '';
 }
--- a/hosts/bekkalokk/services/kerberos/krb5.nix
+++ b/hosts/bekkalokk/services/kerberos/krb5.nix
@@ -0,0 +1,90 @@
 { config, lib, pkgs, ... }:
 let
  inherit (lib) mdDoc mkIf mkOption mkPackageOption mkRemovedOptionModule;
  inherit (lib.types) bool;
  mkRemovedOptionModule' = name: reason: mkRemovedOptionModule ["krb5" name] reason;
  mkRemovedOptionModuleCfg = name: mkRemovedOptionModule' name ''
    The option `krb5.${name}' has been removed. Use
    `security.krb5.settings.${name}' for structured configuration.
  '';
  cfg = config.security.krb5;
  format = import ./krb5-conf-format.nix { inherit pkgs lib; } { };
 in {
  imports = [
    (mkRemovedOptionModuleCfg "libdefaults")
    (mkRemovedOptionModuleCfg "realms")
    (mkRemovedOptionModuleCfg "domain_realm")
    (mkRemovedOptionModuleCfg "capaths")
    (mkRemovedOptionModuleCfg "appdefaults")
    (mkRemovedOptionModuleCfg "plugins")
    (mkRemovedOptionModuleCfg "config")
    (mkRemovedOptionModuleCfg "extraConfig")
    (mkRemovedOptionModule' "kerberos" ''
      The option `krb5.kerberos' has been moved to `security.krb5.package'.
    '')
  ];
  options = {
    security.krb5 = {
      enable = mkOption {
        default = false;
        description = mdDoc "Enable and configure Kerberos utilities";
        type = bool;
      };
      package = mkPackageOption pkgs "krb5" {
        example = "heimdal";
      };
      settings = mkOption {
        default = { };
        type = format.type;
        description = mdDoc ''
          Structured contents of the {file}`krb5.conf` file. See
          {manpage}`krb5.conf(5)` for details about configuration.
        '';
        example = {
          include = [ "/run/secrets/secret-krb5.conf" ];
          includedir = [ "/run/secrets/secret-krb5.conf.d" ];
          libdefaults = {
            default_realm = "ATHENA.MIT.EDU";
          };
          realms = {
            "ATHENA.MIT.EDU" = {
              admin_server = "athena.mit.edu";
              kdc = [
                "athena01.mit.edu"
                "athena02.mit.edu"
              ];
            };
          };
          domain_realm = {
            "mit.edu" = "ATHENA.MIT.EDU";
          };
          logging = {
            kdc = "SYSLOG:NOTICE";
            admin_server = "SYSLOG:NOTICE";
            default = "SYSLOG:NOTICE";
          };
        };
      };
    };
  };
  config = mkIf cfg.enable {
    environment = {
      systemPackages = [ cfg.package ];
      etc."krb5.conf".source = format.generate "krb5.conf" cfg.settings;
    };
  };
  meta.maintainers = builtins.attrValues {
    inherit (lib.maintainers) dblsaiko h7x4;
  };
 }
--- a/hosts/bekkalokk/services/kerberos/pam.nix
+++ b/hosts/bekkalokk/services/kerberos/pam.nix
--- a/hosts/bekkalokk/services/mediawiki/default.nix
+++ b/hosts/bekkalokk/services/mediawiki/default.nix
@@ -86,7 +86,8 @@ in {
    };
    extensions = {
-      inherit (pkgs.mediawiki-extensions) DeleteBatch UserMerge PluggableAuth SimpleSAMLphp VisualEditor;
+      #inherit (pkgs.mediawiki-extensions) DeleteBatch UserMerge PluggableAuth SimpleSAMLphp VisualEditor;
      inherit (pkgs.mediawiki-extensions) UserMerge PluggableAuth SimpleSAMLphp VisualEditor;
    };
    extraConfig = ''
--- a/hosts/bekkalokk/services/vaultwarden.nix
+++ b/hosts/bekkalokk/services/vaultwarden.nix
@@ -0,0 +1,68 @@
 { config, pkgs, lib, ... }:
 let
  cfg = config.services.vaultwarden;
  domain = "pw.pvv.ntnu.no";
  address = "127.0.1.2";
  port = 3011;
  wsPort = 3012;
 in {
  sops.secrets."vaultwarden/environ" = {
    owner = "vaultwarden";
    group = "vaultwarden";
  };
  services.vaultwarden = {
    enable = true;
    dbBackend = "postgresql";
    environmentFile = config.sops.secrets."vaultwarden/environ".path;
    config = {
      domain = "https://${domain}";
      rocketAddress = address;
      rocketPort = port;
      websocketEnabled = true;
      websocketAddress = address;
      websocketPort = wsPort;
      signupsAllowed = true;
      signupsVerify = true;
      signupsDomainsWhitelist = "pvv.ntnu.no";
      smtpFrom = "vaultwarden@pvv.ntnu.no";
      smtpFromName = "VaultWarden PVV";
      smtpHost = "smtp.pvv.ntnu.no";
      smtpUsername = "vaultwarden";
      smtpSecurity = "force_tls";
      smtpAuthMechanism = "Login";
      # Configured in environ:
      # databaseUrl = "postgresql://vaultwarden@/vaultwarden";
      # smtpPassword = hemli
    };
  };
  services.nginx.virtualHosts."${domain}" = {
    forceSSL = true;
    enableACME = true;
    kTLS = true;
    extraConfig = ''
      client_max_body_size 128M;
    '';
    locations."/" = {
      proxyPass = "http://${address}:${toString port}";
      proxyWebsockets = true;
    };
    locations."/notifications/hub" = {
      proxyPass = "http://${address}:${toString wsPort}";
      proxyWebsockets = true;
    };
    locations."/notifications/hub/negotiate" = {
      proxyPass = "http://${address}:${toString port}";
      proxyWebsockets = true;
    };
  };
 }
--- a/hosts/buskerud/configuration.nix
+++ b/hosts/buskerud/configuration.nix
@@ -4,14 +4,10 @@
    ./hardware-configuration.nix
    ../../base.nix
    ../../misc/metrics-exporters.nix
    ./services/ozai.nix
  ];
  sops.defaultSopsFile = ../../secrets/buskerud/buskerud.yaml;
  sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
  sops.age.keyFile = "/var/lib/sops-nix/key.txt";
  sops.age.generateKey = true;
  # buskerud does not support efi?
  # boot.loader.systemd-boot.enable = true;
  # boot.loader.efi.canTouchEfiVariables = true;
--- a/hosts/buskerud/services/bluemap.nix
+++ b/hosts/buskerud/services/bluemap.nix
@@ -1,21 +0,0 @@
 {config, ...}:
 {
  sops.secrets."bluemap_ssh_key" = {
    owner = "root";
    mode = "0400";
  };
  services.bluemap = {
    enable = true;
    eula = true;
    defaultWorld = "/var/lib/bluemap/vanilla";
    host = "minecraft.pvv.ntnu.no";
  };
  systemd.services."render-bluemap-maps".preStart = ''
    rsync -e 'ssh -i ${config.sops.secrets."bluemap_ssh_key".path} -o "StrictHostKeyChecking accept-new"' \
      root@innovation.pvv.ntnu.no:/var/backups/minecraft/current/ \
      /var/lib/bluemap/vanilla"
    '';
 }
--- a/hosts/buskerud/services/ozai.nix
+++ b/hosts/buskerud/services/ozai.nix
@@ -0,0 +1,33 @@
 { config, pkgs, lib, ... }:
 let
 domain = "buskerud.pvv.ntnu.no";
 in
 {
  services.ozai = {
    enable = true;
    host = "0.0.0.0";
    port = 8000;
  };
  services.ozai-webui = {
    enable = true;
    port = 8080;
    host = "0.0.0.0";
  };
  services.nginx.virtualHosts."${domain}" = {
      forceSSL = true;
      enableACME = true;
      locations."/azul/" = {
        proxyWebsockets = true;
        proxyPass = "http://${config.services.ozai-webui.host}:${config.services.ozai-webui.port}";
      };
       locations."/ozai/" = {
        proxyWebsockets = true;
        proxyPass = "http://${config.services.ozai.host}:${config.services.ozai.port}";
      };
    };
 }
--- a/hosts/ildkule/services/monitoring/loki.nix
+++ b/hosts/ildkule/services/monitoring/loki.nix
@@ -50,7 +50,7 @@ in {
        boltdb_shipper = {
          active_index_directory = "/var/lib/loki/boltdb-shipper-index";
          cache_location = "/var/lib/loki/boltdb-shipper-cache";
-          # shared_store = "filesystem";
+          shared_store = "filesystem";
          cache_ttl = "24h";
        };
        filesystem = {
@@ -59,15 +59,14 @@ in {
      };
      limits_config = {
-        allow_structured_metadata = false;
+        enforce_metric_name = false;
        # enforce_metric_name = false;
        reject_old_samples = true;
        reject_old_samples_max_age = "72h";
      };
      compactor = {
        working_directory = "/var/lib/loki/compactor";
-        # shared_store = "filesystem";
+        shared_store = "filesystem";
      };
      # ruler = {
--- a/secrets/bekkalokk/bekkalokk.yaml
+++ b/secrets/bekkalokk/bekkalokk.yaml
@@ -28,6 +28,8 @@ nettsiden:
        postgres_password: ENC[AES256_GCM,data:SvbrdHF4vQ94DgoEfy67QS5oziAsMT8H,iv:LOHBqMecA6mgV3NMfmfTh3zDGiDve+t3+uaO53dIxt4=,tag:9ffz84ozIqytNdGB1COMhA==,type:str]
        cookie_salt: ENC[AES256_GCM,data:VmODSLOP1YDBrpHdk/49qx9BS+aveEYDQ1D24d4zCi06kZsCENCr+vdPAnTeM1pw98RTr3yZAEQTh4s90b6v8Q==,iv:vRClu6neyYPFdtD63kjnvK2iNOIHMbh+9qEGph7CI60=,tag:66fgppVxY0egs4+9XfDBPA==,type:str]
        admin_password: ENC[AES256_GCM,data:SADr/zN3F0tW339kSK1nD9Pb38rw7hz8,iv:s5jgl1djXd5JKwx1WG/w2Q4STMMpjJP91qxOwAoNcL0=,tag:N8bKnO9N0ei06HDkSGt6XQ==,type:str]
 vaultwarden:
    environ: ENC[AES256_GCM,data:CST5I8x8qAkrTy/wbMLL6aFSPDPIU7aWsD1L1MnIATRmk7fcUhfTSFds7quJmIpb2znsIT/WxNI/V/7UW+9ZdPKI64hfPR8MtvrJcbOhU5Fe2IiytFymFbhcOgWAXjbGzs7knQmpfMxSl98sU71oLkRuFdkousdnh4VQFZhUCYM=,iv:Is6xQ7DGdcAQgrrXCS9NbJk67O2uR82rbKOXBTzZHWw=,tag:XVEjCEM5t8qJl6jL89zrkw==,type:str]
 sops:
    kms: []
    gcp_kms: []
@@ -61,8 +63,8 @@ sops:
            akVjeTNTeGorZjJQOVlMeCtPRUVYL3MK+VMvGxrbzGz4Q3sdaDDWjal+OiK+JYKX
            GHiMXVHQJZu/RrlxMjHKN6V3iaqxZpuvLAEJ2Lzy5EOHPtuiiRyeHQ==
            -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2024-05-12T00:24:29Z"
+    lastmodified: "2024-05-26T02:07:41Z"
-    mac: ENC[AES256_GCM,data:/fh5yc09YTLT62oWVsz2CwW/mhEUI7uRh5fDRgLNeeBc/4bvM3z83xmy9veehmQhhCWjju2/CtYhaihm3bUPN4hu3wVzviIxvrS9lTcBUG+F/AH4SnF5Z1CGWb94Gqi/6OhQRIpA6azjISyv8lTAQ4TCqcOC4fz/c9KjqQ/CiGY=,iv:HjzzMRFz3+kZ4iDLn9kI80BwMDALkRX5gyOHARZSgDA=,tag:1ez7NiIavshfp4CTZNkW/Q==,type:str]
+    mac: ENC[AES256_GCM,data:CRaJefV1zcJc6eyzyjTLgd0+Wv46VT8o4iz2YAGU+c2b/Cr97Tj290LoEO6UXTI3uFwVfzii2yZ2l+4FK3nVVriD4Cx1O/9qWcnLa5gfK30U0zof6AsJx8qtGu1t6oiPlGUCF7sT0BW9Wp8cPumrY6cZp9QbhmIDV0o0aJNUNN4=,iv:8OSYV1eG6kYlJD4ovZZhcD1GaYnmy7vHPa/+7egM1nE=,tag:OPI13rpDh2l1ViFj8TBFWg==,type:str]
    pgp:
        - created_at: "2023-05-21T00:28:40Z"
          enc: |
@@ -86,3 +88,4 @@ sops:
          fp: F7D37890228A907440E1FD4846B9228E814A2AAC
    unencrypted_suffix: _unencrypted
    version: 3.8.1
--- a/secrets/buskerud/buskerud.yaml
+++ b/secrets/buskerud/buskerud.yaml
@@ -1,39 +0,0 @@
 bluemap_ssh_key: ENC[AES256_GCM,data:2kv/cDEEQMHJdwTmmTxtyxOZz8duggaT61U69IuiOJ2yuwqkujOHZ2gkCtGa1VyFPn6wg4OTiSA/Loz+QmTSKz+8HqvY/Lybks+offDZ1mukL5NiWLUVmNZdfdHaMeEyiZsxiMoWEgFtMiKvgmdMMPa/BCHZCMCxMWFAcuiZgbhGyGukdo0wQd5RcEDaY4JZ7q95ndAn4K7gi9q1K7MLOvI5t2hGibj8DrqriXqg9mahsiFZdKWxjf3tBX0MzS85wAtleQWXmH5FRvECmdOj3OSp92JMqU/WDlQih3xjnw1Ci3L/hdwgGLHZTf/RzuPpGh2OD26A7gUjOFh+M5z2dVVtZ40F8tQFxpQxkkJBsqTNbDKuw7/KPpZUJkn4UYBkhzraG/62md/9sS9+GjTHBhfYQYHbDU8ZbPO5ZSoZfshRDUuP0qYXiQw7cxA5BQIhwYdn26uy2ghiHsP713Tz91ESVjlCZLLduGySWEQNAxSdzFu9yEyp4xdl8l9udlnxVV2/5Xm5kQEdiUMwiBpUhrghdEl6lOzome5h,iv:uiYaQgOnhFvWze/oHGSpAu8+m89l4tGCgRauDzU3ZqE=,tag:eCYgCH+e8hNYpBIFWFOTbA==,type:str]
 sops:
    kms: []
    gcp_kms: []
    azure_kv: []
    hc_vault: []
    age:
        - recipient: age1tmn5qahlyf0e579e4camckdyxrexjzffv54hdzdnrw7lzqs7kyqq0f2fr3
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvL2dqdHFwWURFSWJEUkVl
            eXR2cTQyTXpzUEFra0drdUgzRUNmSXA4eGc0CmRoWnp5UUUyQy9kK0dHVjF3WkFp
            M0loS1RXeWxHSGNTQUljS05jaDBxMDQKLS0tIDhyUGdvcE1iMWxJeWhYb3JFTi9q
            Y0RrVHNhcVU3WFd2NitlQ3l4Ry9JTkEKALBawjOt7hChok/cHRa38HkB0KVEKvik
            r2jO26j9AUU5mqjR/dIko3jvfcXoNUNRYrMwaBfRa6AFnNBoN3g0ng==
            -----END AGE ENCRYPTED FILE-----
        - recipient: age17tagmpwqjk3mdy45rfesrfey6h863x8wfq38wh33tkrlrywxducs0k6tpq
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBzV1R0cWxoTXNKNnpsUjE5
            c01Oc3J5M2F2cDVKOTNma0J3eFVwa0pXQmpjCkdxRjJZTlFWSlh2UFR2emx4OVVY
            T3gzSWdXNTlyS0VJSXRnTXZweER6V00KLS0tIGdFU3oxZ3lzQTBjU0hyYjV5M2cr
            VnUvcGZDbEZuZitQS1g1NmRtb3JnNDAKV6otQlYUSF5ScyYL6LlstPU1pkLMY8r0
            /NEuN9A7l2m9Wy8iItx+ZhwGp9pEPsgdsQLJQtJFfaA6lNuFhbgqfg==
            -----END AGE ENCRYPTED FILE-----
        - recipient: age1ju7rd26llahz3g8tz7cy5ld52swj8gsmg0flrmrxngc0nj0avq3ssh0sn5
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNbmpMaWhpQTQzR05Cd0cw
            b3dJRXVoUmFzZGxMeC9tVk9acndMemlrTHhzCkVtMHJ1bE94T25wRmpTZnpHbUdq
            NzQ4T0pLZW56TEV2emQ5RHVXTDAvdmsKLS0tIFJ0OWxNYkIxOVBVV1hmZDdoeEhm
            blB3M2JIMmk3Tmh6WjIzQjlHSW9GNDAKB3gdJL9AlF4fsCMujd/6HnieDwhCZnex
            QDU87yTePHAppnqLp+ZuVdSbqcsnQclmbm92M3S6LuKpoDhGxeHrEw==
            -----END AGE ENCRYPTED FILE-----
    lastmodified: "2024-06-08T23:34:34Z"
    mac: ENC[AES256_GCM,data:CLsz6UgS1LO/5SArmT7utald3TzQUWwEiSRw3dF1RaCwyb0Fc16/5DxJSk0KGLiJRlDXses/ynSjoyaBdTagijJPKQZCpx3fHZFqEJk6Wne4zQ4EoFbY1SpPrkhGVGMYaUg/H/NapoAEiq619YudR9W6GqF8ZkauXE76wls63FM=,iv:I09LFoSkeMAWHmvXtIF4+FURZ4tOQGCXQqbNrKz5t7s=,tag:xauT9sah+26A9pRrwXlsiQ==,type:str]
    pgp: []
    unencrypted_suffix: _unencrypted
    version: 3.8.1
Author	SHA1	Message	Date
Adrian G L	46159eec9a	buskerud: Temporarily added ozai and ozai-webui	2024-06-22 17:26:01 +02:00
Felix Albrigtsen	71479d5ca0	quickfix: bekkalokk/mediawiki: remove DeleteBatch	2024-05-27 11:02:35 +02:00
Felix Albrigtsen	cf01792269	bekkalokk/vaultarden: Add kTLS	2024-05-26 10:50:29 +02:00
Felix Albrigtsen	afae0da0b6	Merge pull request 'bekkalokk: add vaultwarden' (!40 ) from bekkalokk-vaultwarden into main Reviewed-on: #40	2024-05-26 04:21:28 +02:00
Felix Albrigtsen	35d745b156	bekkalokk: add vaultwarden	2024-05-26 04:19:17 +02:00