Compare commits
1 Commits
gluttony
...
create-fla
| Author | SHA1 | Date | |
|---|---|---|---|
| b4aada6fbc |
@@ -1,32 +0,0 @@
|
||||
name: "Build topology graph"
|
||||
on:
|
||||
push:
|
||||
branches:
|
||||
- main
|
||||
jobs:
|
||||
evals:
|
||||
runs-on: debian-latest
|
||||
steps:
|
||||
- uses: actions/checkout@v6
|
||||
|
||||
- name: Install sudo
|
||||
run: apt-get update && apt-get -y install sudo
|
||||
|
||||
- uses: https://github.com/cachix/install-nix-action@v31
|
||||
|
||||
- name: Configure Nix
|
||||
run: echo -e "show-trace = true\nmax-jobs = auto\ntrusted-users = root\nexperimental-features = nix-command flakes\nbuild-users-group =" > /etc/nix/nix.conf
|
||||
|
||||
- name: Build topology graph
|
||||
run: nix build .#topology -L
|
||||
|
||||
- name: Upload topology graph
|
||||
uses: https://git.pvv.ntnu.no/Projects/rsync-action@v2
|
||||
with:
|
||||
source: result/*.svg
|
||||
quote-source: false
|
||||
target: ${{ gitea.ref_name }}/topology_graph/
|
||||
username: gitea-web
|
||||
ssh-key: ${{ secrets.WEB_SYNC_SSH_KEY }}
|
||||
host: pages.pvv.ntnu.no
|
||||
known-hosts: "pages.pvv.ntnu.no ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH2QjfFB+city1SYqltkVqWACfo1j37k+oQQfj13mtgg"
|
||||
@@ -4,10 +4,10 @@ on:
|
||||
push:
|
||||
jobs:
|
||||
evals:
|
||||
runs-on: debian-latest
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- uses: actions/checkout@v6
|
||||
- uses: actions/checkout@v3
|
||||
- run: apt-get update && apt-get -y install sudo
|
||||
- uses: https://github.com/cachix/install-nix-action@v31
|
||||
- uses: https://github.com/cachix/install-nix-action@v23
|
||||
- run: echo -e "show-trace = true\nmax-jobs = auto\ntrusted-users = root\nexperimental-features = nix-command flakes\nbuild-users-group =" > /etc/nix/nix.conf
|
||||
- run: nix flake check
|
||||
|
||||
61
.sops.yaml
61
.sops.yaml
@@ -1,39 +1,38 @@
|
||||
keys:
|
||||
# Users
|
||||
- &user_danio age1ug30gg4y7ftuya0wdv7q0vh4egn00wlv2th7mt7cgc2ze46wmvyq9lq6ge
|
||||
- &user_eirikwit age1ju7rd26llahz3g8tz7cy5ld52swj8gsmg0flrmrxngc0nj0avq3ssh0sn5
|
||||
- &user_danio age17tagmpwqjk3mdy45rfesrfey6h863x8wfq38wh33tkrlrywxducs0k6tpq
|
||||
- &user_felixalb age1mrnldl334l2nszuta6ywvewng0fswv2dz9l5g4qcwe3nj4yxf92qjskdx6
|
||||
- &user_oysteikt F7D37890228A907440E1FD4846B9228E814A2AAC
|
||||
- &user_pederbs_bjarte age1zhxul786an743u0fascv4wtc5xduu7qfy803lfs539yzhgmlq5ds2lznt5
|
||||
- &user_pederbs_nord age1wrssr4z4g6vl3fd3qme5cewchmmhm0j2xe6wf2meu4r6ycn37anse98mfs
|
||||
- &user_eirikwit age1ju7rd26llahz3g8tz7cy5ld52swj8gsmg0flrmrxngc0nj0avq3ssh0sn5
|
||||
- &user_pederbs_sopp age1hmpdk4h69wxpwqk9tkud39f66hprhehxtzhgw97r6dvr7v0mx5jscsuhkn
|
||||
- &user_vegardbm age1sqs7urnzsdy64efmd0zukzv3gs5pnjksuxd7nqmdwdy5l0nqnunq6hyune
|
||||
- &user_pederbs_nord age1wrssr4z4g6vl3fd3qme5cewchmmhm0j2xe6wf2meu4r6ycn37anse98mfs
|
||||
- &user_pederbs_bjarte age1zhxul786an743u0fascv4wtc5xduu7qfy803lfs539yzhgmlq5ds2lznt5
|
||||
|
||||
# Hosts
|
||||
- &host_bakke age1syted6kt48sumjjucggh6r3uca4x2ppp4mfungf3lamkt2le05csc99633
|
||||
- &host_bekkalokk age12nj59tguy9wg882updc2vjdusx5srnxmjyfaqve4zx6jnnsaw3qsyjq6zd
|
||||
- &host_bicep age19nk55kcs7s0358jpkn75xnr57dfq6fq3p43nartvsprx0su22v7qcgcjdx
|
||||
- &host_jokum age1gp8ye4g2mmw3may5xg0zsy7mm04glfz3788mmdx9cvcsdxs9hg0s0cc9kt
|
||||
- &host_ildkule age1x28hmzvuv6f2n66c0jtqcca3h9rput8d7j5uek6jcpx8n9egd52sqpejq0
|
||||
- &host_bekkalokk age12nj59tguy9wg882updc2vjdusx5srnxmjyfaqve4zx6jnnsaw3qsyjq6zd
|
||||
- &host_bicep age1sl43gc9cw939z5tgha2lpwf0xxxgcnlw7w4xem4sqgmt2pt264vq0dmwx2
|
||||
- &host_ustetind age1hffjafs4slznksefmtqrlj7rdaqgzqncn4un938rhr053237ry8s3rs0v8
|
||||
- &host_kommode age1mt4d0hg5g76qp7j0884llemy0k2ymr5up8vfudz6vzvsflk5nptqqd32ly
|
||||
- &host_lupine-1 age1fkrypl6fu4ldsa7te4g3v4qsegnk7sd6qhkquuwzh04vguy96qus08902e
|
||||
- &host_lupine-2 age1mu0ej57n4s30ghealhyju3enls83qyjua69986la35t2yh0q2s0seruz5n
|
||||
- &host_lupine-3 age1j2u876z8hu87q5npfxzzpfgllyw8ypj66d7cgelmzmnrf3xud34qzkntp9
|
||||
- &host_lupine-4 age1t8zlawqkmhye737pn8yx0z3p9cl947d9ktv2cajdc6hnvn52d3fsc59s2k
|
||||
- &host_lupine-5 age199zkqq4jp4yc3d0hx2q0ksxdtp42xhmjsqwyngh8tswuck34ke3smrfyqu
|
||||
- &host_ustetind age1hffjafs4slznksefmtqrlj7rdaqgzqncn4un938rhr053237ry8s3rs0v8
|
||||
|
||||
creation_rules:
|
||||
# Global secrets
|
||||
- path_regex: secrets/[^/]+\.yaml$
|
||||
key_groups:
|
||||
- age:
|
||||
- *host_jokum
|
||||
- *user_danio
|
||||
- *user_felixalb
|
||||
- *user_eirikwit
|
||||
- *user_pederbs_sopp
|
||||
- *user_pederbs_nord
|
||||
- *user_pederbs_bjarte
|
||||
- *user_vegardbm
|
||||
pgp:
|
||||
- *user_oysteikt
|
||||
|
||||
@@ -48,7 +47,6 @@ creation_rules:
|
||||
- *user_pederbs_sopp
|
||||
- *user_pederbs_nord
|
||||
- *user_pederbs_bjarte
|
||||
- *user_vegardbm
|
||||
pgp:
|
||||
- *user_oysteikt
|
||||
|
||||
@@ -61,7 +59,18 @@ creation_rules:
|
||||
- *user_pederbs_sopp
|
||||
- *user_pederbs_nord
|
||||
- *user_pederbs_bjarte
|
||||
- *user_vegardbm
|
||||
pgp:
|
||||
- *user_oysteikt
|
||||
|
||||
- path_regex: secrets/jokum/[^/]+\.yaml$
|
||||
key_groups:
|
||||
- age:
|
||||
- *host_jokum
|
||||
- *user_danio
|
||||
- *user_felixalb
|
||||
- *user_pederbs_sopp
|
||||
- *user_pederbs_nord
|
||||
- *user_pederbs_bjarte
|
||||
pgp:
|
||||
- *user_oysteikt
|
||||
|
||||
@@ -74,7 +83,6 @@ creation_rules:
|
||||
- *user_pederbs_sopp
|
||||
- *user_pederbs_nord
|
||||
- *user_pederbs_bjarte
|
||||
- *user_vegardbm
|
||||
pgp:
|
||||
- *user_oysteikt
|
||||
|
||||
@@ -87,7 +95,6 @@ creation_rules:
|
||||
- *user_pederbs_sopp
|
||||
- *user_pederbs_nord
|
||||
- *user_pederbs_bjarte
|
||||
- *user_vegardbm
|
||||
pgp:
|
||||
- *user_oysteikt
|
||||
|
||||
@@ -100,7 +107,6 @@ creation_rules:
|
||||
- *user_pederbs_sopp
|
||||
- *user_pederbs_nord
|
||||
- *user_pederbs_bjarte
|
||||
- *user_vegardbm
|
||||
pgp:
|
||||
- *user_oysteikt
|
||||
|
||||
@@ -112,31 +118,6 @@ creation_rules:
|
||||
- *host_lupine-3
|
||||
- *host_lupine-4
|
||||
- *host_lupine-5
|
||||
- *user_danio
|
||||
- *user_felixalb
|
||||
- *user_pederbs_sopp
|
||||
- *user_pederbs_nord
|
||||
- *user_pederbs_bjarte
|
||||
- *user_vegardbm
|
||||
pgp:
|
||||
- *user_oysteikt
|
||||
|
||||
- path_regex: secrets/bakke/[^/]+\.yaml$
|
||||
key_groups:
|
||||
- age:
|
||||
- *host_bakke
|
||||
- *user_danio
|
||||
- *user_felixalb
|
||||
- *user_pederbs_sopp
|
||||
- *user_pederbs_nord
|
||||
- *user_pederbs_bjarte
|
||||
- *user_vegardbm
|
||||
pgp:
|
||||
- *user_oysteikt
|
||||
|
||||
- path_regex: secrets/skrott/[^/]+\.yaml$
|
||||
key_groups:
|
||||
- age:
|
||||
- *user_danio
|
||||
- *user_felixalb
|
||||
- *user_pederbs_sopp
|
||||
|
||||
61
README.MD
Normal file
61
README.MD
Normal file
@@ -0,0 +1,61 @@
|
||||
# PVV NixOS configs
|
||||
|
||||
## Hvordan endre på ting
|
||||
|
||||
Før du endrer på ting husk å ikke putte ting som skal være hemmelig uten å først lese seksjonen for hemmeligheter!
|
||||
|
||||
Etter å ha klonet prosjektet ned og gjort endringer kan du evaluere configene med:
|
||||
|
||||
`nix flake check --keep-going`
|
||||
|
||||
før du bygger en maskin med:
|
||||
|
||||
`nix build .#<maskinnavn>`
|
||||
|
||||
hvis du vil være ekstra sikker på at alt bygger så kan du kjøre:
|
||||
|
||||
`nix build .` for å bygge alle de viktige maskinene.
|
||||
|
||||
NB: Dette kan ta opp til 30 minutter avhengig av hva som ligger i caches
|
||||
|
||||
Husk å hvertfall stage nye filer om du har laget dem!
|
||||
|
||||
Om alt bygger fint commit det og push til git repoet.
|
||||
Det er sikkert lurt å lage en PR først om du ikke er vandt til nix enda.
|
||||
|
||||
Innen 24h skal alle systemene hente ned den nye konfigurasjonen og deploye den.
|
||||
|
||||
Du kan tvinge en maskin til å oppdatere seg før dette ved å kjøre:
|
||||
`nixos-rebuild switch --update-input nixpkgs --update-input nixpkgs-unstable --no-write-lock-file --refresh --upgrade --flake git+https://git.pvv.ntnu.no/Drift/pvv-nixos-config.git`
|
||||
|
||||
som root på maskinen.
|
||||
|
||||
Hvis du ikke har lyst til å oppdatere alle pakkene (og kanskje måtte vente en stund!) kan du kjøre
|
||||
|
||||
`nixos-rebuild switch --override-input nixpkgs nixpkgs --override-input nixpkgs-unstable nixpkgs-unstable --flake git+https://git.pvv.ntnu.no/Drift/pvv-nixos-config.git`
|
||||
|
||||
## Seksjonen for hemmeligheter
|
||||
|
||||
For at hemmeligheter ikke skal deles med hele verden i git - eller å være world
|
||||
readable i nix-storen, bruker vi [sops-nix](https://github.com/Mic92/sops-nix)
|
||||
|
||||
For å legge til secrets kan du kjøre f.eks. `sops secrets/jokum/jokum.yaml`
|
||||
Dette vil dekryptere filen og gi deg en text-editor du kan bruke for endre hemmelighetene.
|
||||
|
||||
Et nix shell med dette verktøyet inkludert ligger i flaket og shell.nix og kan aktiveres med:
|
||||
|
||||
`nix-shell` eller `nix develop`. Vi anbefaler det siste.
|
||||
I tilegg kan du sette opp [direnv](https://direnv.net/) slik at dette skjer automatisk
|
||||
|
||||
for å få tilgang til å lese/skrive hemmeligheter må du spørre noen/noe som har tilgang til hemmelighetene
|
||||
om å legge til age eller pgp nøkkelen din i [`.sops.yaml`](https://git.pvv.ntnu.no/Drift/pvv-nixos-config/src/main/.sops.yaml)
|
||||
|
||||
Denne kan du generere fra ssh-nøkkelene dine eller lage en egen nøkkel.
|
||||
|
||||
### Legge til flere keys
|
||||
|
||||
Gjør det som gir mening i .sops.yml
|
||||
|
||||
Etter det kjør `sops updatekeys secrets/host/file.yml`
|
||||
|
||||
MERK at det ikke er `sops -r` som BARE roterer nøkklene for de som allerede er i secretfila
|
||||
62
README.md
62
README.md
@@ -1,62 +0,0 @@
|
||||
# PVV NixOS config
|
||||
|
||||
This repository contains the NixOS configurations for Programvareverkstedet's server closet.
|
||||
In addition to machine configurations, it also contains a bunch of shared modules, packages, and
|
||||
more.
|
||||
|
||||
> [!WARNING]
|
||||
> Please read [Development - working on the PVV machines](./docs/development.md) before making
|
||||
> any changes, and [Secret management and `sops-nix`](./docs/secret-management.md) before adding
|
||||
> any credentials such as passwords, API tokens, etc. to the configuration.
|
||||
|
||||
## Deploying to machines
|
||||
|
||||
> [!WARNING]
|
||||
> Be careful to think about state when testing changes against the machines. Sometimes, a certain change
|
||||
> can lead to irreversible changes to the data stored on the machine. An example would be a set of database
|
||||
> migrations applied when testing a newer version of a service. Unless that service also comes with downwards
|
||||
> migrations, you can not go back to the previous version without losing data.
|
||||
|
||||
To deploy the changes to a machine, you should first SSH into the machine, and clone the pvv-nixos-config
|
||||
repository unless you have already done so. After that, checkout the branch you want to deploy from, and rebuild:
|
||||
|
||||
```bash
|
||||
# Run this while in the pvv-nixos-config directory
|
||||
sudo nixos-rebuild switch --update-input nixpkgs --update-input nixpkgs-unstable --no-write-lock-file --refresh --flake .# --upgrade
|
||||
```
|
||||
|
||||
This will rebuild the NixOS system on the current branch and switch the system configuration to reflect the new changes.
|
||||
|
||||
Note that unless you eventually merge the current changes into `main`, the machine will rebuild itself automatically and
|
||||
revert the changes on the next nightly rebuild (tends to happen when everybody is asleep).
|
||||
|
||||
## Machine overview
|
||||
|
||||
| Name | Type | Description |
|
||||
|----------------------------|----------|-----------------------------------------------------------|
|
||||
| [bekkalokk][bek] | Physical | Our main web host, webmail, wiki, idp, minecraft map, ... |
|
||||
| [bicep][bic] | Virtual | Database host, matrix, git mirrors, ... |
|
||||
| bikkje | Virtual | Experimental login box |
|
||||
| [brzeczyszczykiewicz][brz] | Physical | Shared music player |
|
||||
| [georg][geo] | Physical | Shared music player |
|
||||
| [ildkule][ild] | Virtual | Logging and monitoring host, prometheus, grafana, ... |
|
||||
| [kommode][kom] | Virtual | Gitea + Gitea pages |
|
||||
| [lupine][lup] | Physical | Gitea CI/CD runners |
|
||||
| shark | Virtual | Test host for authentication, absolutely horrendous |
|
||||
| [wenche][wen] | Virtual | Nix-builders, general purpose compute |
|
||||
|
||||
## Documentation
|
||||
|
||||
- [Development - working on the PVV machines](./docs/development.md)
|
||||
- [Miscellaneous development notes](./docs/development-misc.md)
|
||||
- [User management](./docs/users.md)
|
||||
- [Secret management and `sops-nix`](./docs/secret-management.md)
|
||||
|
||||
[bek]: https://wiki.pvv.ntnu.no/wiki/Maskiner/bekkalokk
|
||||
[bic]: https://wiki.pvv.ntnu.no/wiki/Maskiner/bicep
|
||||
[brz]: https://wiki.pvv.ntnu.no/wiki/Maskiner/brzęczyszczykiewicz
|
||||
[geo]: https://wiki.pvv.ntnu.no/wiki/Maskiner/georg
|
||||
[ild]: https://wiki.pvv.ntnu.no/wiki/Maskiner/ildkule
|
||||
[kom]: https://wiki.pvv.ntnu.no/wiki/Maskiner/kommode
|
||||
[lup]: https://wiki.pvv.ntnu.no/wiki/Maskiner/lupine
|
||||
[wen]: https://wiki.pvv.ntnu.no/wiki/Maskiner/wenche
|
||||
@@ -16,23 +16,17 @@
|
||||
./flake-input-exporter.nix
|
||||
|
||||
./services/acme.nix
|
||||
./services/uptimed.nix
|
||||
./services/auto-upgrade.nix
|
||||
./services/dbus.nix
|
||||
./services/fwupd.nix
|
||||
./services/irqbalance.nix
|
||||
./services/journald-upload.nix
|
||||
./services/logrotate.nix
|
||||
./services/nginx.nix
|
||||
./services/openssh.nix
|
||||
./services/polkit.nix
|
||||
./services/postfix.nix
|
||||
./services/prometheus-node-exporter.nix
|
||||
./services/prometheus-systemd-exporter.nix
|
||||
./services/promtail.nix
|
||||
./services/roowho2.nix
|
||||
./services/smartd.nix
|
||||
./services/thermald.nix
|
||||
./services/uptimed.nix
|
||||
./services/userborn.nix
|
||||
./services/userdbd.nix
|
||||
];
|
||||
@@ -54,7 +48,6 @@
|
||||
gnupg
|
||||
htop
|
||||
nano
|
||||
net-tools
|
||||
ripgrep
|
||||
rsync
|
||||
screen
|
||||
|
||||
@@ -3,7 +3,6 @@
|
||||
inputs,
|
||||
lib,
|
||||
pkgs,
|
||||
values,
|
||||
...
|
||||
}:
|
||||
let
|
||||
@@ -16,40 +15,26 @@ let
|
||||
);
|
||||
folder = pkgs.writeTextDir "share/flake-inputs" (
|
||||
lib.concatMapStringsSep "\n" (
|
||||
{ name, value }: ''nixos_last_modified_input{flake="${name}"} ${toString value.lastModified}''
|
||||
{ name, value }:
|
||||
"nixos_last_modified_input{flake=${name},host=${config.networking.hostName}} ${toString value.lastModified}"
|
||||
) (lib.attrsToList data)
|
||||
);
|
||||
port = 9102;
|
||||
in
|
||||
{
|
||||
services.nginx.virtualHosts."${config.networking.fqdn}-nixos-metrics" = {
|
||||
serverName = config.networking.fqdn;
|
||||
services.nginx.virtualHosts."${config.networking.fqdn}" = {
|
||||
forceSSL = true;
|
||||
enableACME = true;
|
||||
kTLS = true;
|
||||
serverAliases = [
|
||||
"${config.networking.hostName}.pvv.org"
|
||||
];
|
||||
locations."/metrics" = {
|
||||
root = "${folder}/share";
|
||||
tryFiles = "/flake-inputs =404";
|
||||
extraConfig = ''
|
||||
default_type text/plain;
|
||||
'';
|
||||
};
|
||||
listen = [
|
||||
{
|
||||
inherit port;
|
||||
addr = "0.0.0.0";
|
||||
}
|
||||
];
|
||||
extraConfig = ''
|
||||
allow ${values.hosts.ildkule.ipv4}/32;
|
||||
allow ${values.hosts.ildkule.ipv6}/128;
|
||||
allow 127.0.0.1/32;
|
||||
allow ::1/128;
|
||||
allow ${values.ipv4-space};
|
||||
allow ${values.ipv6-space};
|
||||
allow 129.241.210.128/25;
|
||||
allow 2001:700:300:1900::/64;
|
||||
deny all;
|
||||
'';
|
||||
};
|
||||
|
||||
networking.firewall.allowedTCPPorts = [ port ];
|
||||
}
|
||||
|
||||
@@ -9,9 +9,8 @@
|
||||
|
||||
settings = {
|
||||
allow-dirty = true;
|
||||
auto-allocate-uids = true;
|
||||
builders-use-substitutes = true;
|
||||
experimental-features = [ "nix-command" "flakes" "auto-allocate-uids" ];
|
||||
experimental-features = [ "nix-command" "flakes" ];
|
||||
log-lines = 50;
|
||||
use-xdg-base-directories = true;
|
||||
};
|
||||
|
||||
@@ -9,8 +9,6 @@ in
|
||||
enable = true;
|
||||
flake = "git+https://git.pvv.ntnu.no/Drift/pvv-nixos-config.git";
|
||||
flags = [
|
||||
"-L"
|
||||
|
||||
"--refresh"
|
||||
"--no-write-lock-file"
|
||||
# --update-input is deprecated since nix 2.22, and removed in lix 2.90
|
||||
|
||||
@@ -1,24 +0,0 @@
|
||||
{ config, lib, values, ... }:
|
||||
let
|
||||
cfg = config.services.journald.upload;
|
||||
in
|
||||
{
|
||||
services.journald.upload = {
|
||||
enable = lib.mkDefault true;
|
||||
settings.Upload = {
|
||||
# URL = "https://journald.pvv.ntnu.no:${toString config.services.journald.remote.port}";
|
||||
URL = "https://${values.hosts.ildkule.ipv4}:${toString config.services.journald.remote.port}";
|
||||
ServerKeyFile = "-";
|
||||
ServerCertificateFile = "-";
|
||||
TrustedCertificateFile = "-";
|
||||
};
|
||||
};
|
||||
|
||||
systemd.services."systemd-journal-upload".serviceConfig = lib.mkIf cfg.enable {
|
||||
IPAddressDeny = "any";
|
||||
IPAddressAllow = [
|
||||
values.hosts.ildkule.ipv4
|
||||
values.hosts.ildkule.ipv6
|
||||
];
|
||||
};
|
||||
}
|
||||
@@ -40,25 +40,6 @@
|
||||
};
|
||||
|
||||
services.nginx.virtualHosts."_" = lib.mkIf config.services.nginx.enable {
|
||||
listen = [
|
||||
{
|
||||
addr = "0.0.0.0";
|
||||
extraParameters = [
|
||||
"default_server"
|
||||
# Seemingly the default value of net.core.somaxconn
|
||||
"backlog=4096"
|
||||
"deferred"
|
||||
];
|
||||
}
|
||||
{
|
||||
addr = "[::0]";
|
||||
extraParameters = [
|
||||
"default_server"
|
||||
"backlog=4096"
|
||||
"deferred"
|
||||
];
|
||||
}
|
||||
];
|
||||
sslCertificate = "/etc/certs/nginx.crt";
|
||||
sslCertificateKey = "/etc/certs/nginx.key";
|
||||
addSSL = true;
|
||||
|
||||
@@ -1,15 +0,0 @@
|
||||
{ config, lib, ... }:
|
||||
let
|
||||
cfg = config.security.polkit;
|
||||
in
|
||||
{
|
||||
security.polkit.enable = true;
|
||||
|
||||
environment.etc."polkit-1/rules.d/9-nixos-overrides.rules".text = lib.mkIf cfg.enable ''
|
||||
polkit.addAdminRule(function(action, subject) {
|
||||
if(subject.isInGroup("wheel")) {
|
||||
return ["unix-user:"+subject.user];
|
||||
}
|
||||
});
|
||||
'';
|
||||
}
|
||||
@@ -6,17 +6,18 @@ in
|
||||
services.postfix = {
|
||||
enable = true;
|
||||
|
||||
settings.main = {
|
||||
myhostname = "${config.networking.hostName}.pvv.ntnu.no";
|
||||
mydomain = "pvv.ntnu.no";
|
||||
hostname = "${config.networking.hostName}.pvv.ntnu.no";
|
||||
domain = "pvv.ntnu.no";
|
||||
|
||||
# Nothing should be delivered to this machine
|
||||
mydestination = [ ];
|
||||
|
||||
relayhost = [ "smtp.pvv.ntnu.no:465" ];
|
||||
relayHost = "smtp.pvv.ntnu.no";
|
||||
relayPort = 465;
|
||||
|
||||
config = {
|
||||
smtp_tls_wrappermode = "yes";
|
||||
smtp_tls_security_level = "encrypt";
|
||||
};
|
||||
|
||||
# Nothing should be delivered to this machine
|
||||
destination = [ ];
|
||||
};
|
||||
}
|
||||
}
|
||||
@@ -1,23 +0,0 @@
|
||||
{ config, lib, values, ... }:
|
||||
let
|
||||
cfg = config.services.prometheus.exporters.node;
|
||||
in
|
||||
{
|
||||
services.prometheus.exporters.node = {
|
||||
enable = lib.mkDefault true;
|
||||
port = 9100;
|
||||
enabledCollectors = [ "systemd" ];
|
||||
};
|
||||
|
||||
systemd.services.prometheus-node-exporter.serviceConfig = lib.mkIf cfg.enable {
|
||||
IPAddressDeny = "any";
|
||||
IPAddressAllow = [
|
||||
"127.0.0.1"
|
||||
"::1"
|
||||
values.hosts.ildkule.ipv4
|
||||
values.hosts.ildkule.ipv6
|
||||
];
|
||||
};
|
||||
|
||||
networking.firewall.allowedTCPPorts = lib.mkIf cfg.enable [ cfg.port ];
|
||||
}
|
||||
@@ -1,26 +0,0 @@
|
||||
{ config, lib, values, ... }:
|
||||
let
|
||||
cfg = config.services.prometheus.exporters.systemd;
|
||||
in
|
||||
{
|
||||
services.prometheus.exporters.systemd = {
|
||||
enable = lib.mkDefault true;
|
||||
port = 9101;
|
||||
extraFlags = [
|
||||
"--systemd.collector.enable-restart-count"
|
||||
"--systemd.collector.enable-ip-accounting"
|
||||
];
|
||||
};
|
||||
|
||||
systemd.services.prometheus-systemd-exporter.serviceConfig = {
|
||||
IPAddressDeny = "any";
|
||||
IPAddressAllow = [
|
||||
"127.0.0.1"
|
||||
"::1"
|
||||
values.hosts.ildkule.ipv4
|
||||
values.hosts.ildkule.ipv6
|
||||
];
|
||||
};
|
||||
|
||||
networking.firewall.allowedTCPPorts = lib.mkIf cfg.enable [ cfg.port ];
|
||||
}
|
||||
@@ -1,38 +0,0 @@
|
||||
{ config, lib, values, ... }:
|
||||
let
|
||||
cfg = config.services.prometheus.exporters.node;
|
||||
in
|
||||
{
|
||||
services.promtail = {
|
||||
enable = lib.mkDefault true;
|
||||
configuration = {
|
||||
server = {
|
||||
http_listen_port = 28183;
|
||||
grpc_listen_port = 0;
|
||||
};
|
||||
clients = [{
|
||||
url = "http://ildkule.pvv.ntnu.no:3100/loki/api/v1/push";
|
||||
}];
|
||||
scrape_configs = [{
|
||||
job_name = "systemd-journal";
|
||||
journal = {
|
||||
max_age = "12h";
|
||||
labels = {
|
||||
job = "systemd-journal";
|
||||
host = config.networking.hostName;
|
||||
};
|
||||
};
|
||||
relabel_configs = [
|
||||
{
|
||||
source_labels = [ "__journal__systemd_unit" ];
|
||||
target_label = "unit";
|
||||
}
|
||||
{
|
||||
source_labels = [ "__journal_priority_keyword" ];
|
||||
target_label = "level";
|
||||
}
|
||||
];
|
||||
}];
|
||||
};
|
||||
};
|
||||
}
|
||||
@@ -1,12 +0,0 @@
|
||||
{ lib, values, ... }:
|
||||
{
|
||||
services.roowho2.enable = lib.mkDefault true;
|
||||
|
||||
systemd.sockets.roowho2-rwhod.socketConfig = {
|
||||
IPAddressDeny = "any";
|
||||
IPAddressAllow = [
|
||||
"127.0.0.1"
|
||||
values.ipv4-space
|
||||
];
|
||||
};
|
||||
}
|
||||
@@ -1,103 +0,0 @@
|
||||
# Miscellaneous development notes
|
||||
|
||||
This document contains a bunch of information that is not particularly specific to the pvv nixos config,
|
||||
but concerns technologies we use often or gotchas to be aware of when working with NixOS. A lot of the information
|
||||
here is already public information spread around the internet, but we've collected some of the items we use often
|
||||
here.
|
||||
|
||||
## The firewall
|
||||
|
||||
`networking.firewall` is a NixOS module that configures `iptables` rules on the machine. It is enabled by default on
|
||||
all of our machines, and it can be easy to forget about it when setting up new services, especially when we are the
|
||||
ones creating the NixOS module.
|
||||
|
||||
When setting up a new service that listens on a TCP or UDP port, make sure to add the appropriate ports to either
|
||||
`networking.firewall.allowedTCPPorts` or `networking.firewall.allowedUDPPorts`.
|
||||
|
||||
You can list out the current firewall rules by running `sudo iptables -L -n -v` on the machine.
|
||||
|
||||
## Finding stuff
|
||||
|
||||
Finding stuff, both underlying implementation and usage is absolutely crucial when working on nix.
|
||||
Oftentimes, the documentation will be outdated, lacking or just plain out wrong. These are some of
|
||||
the techniques we have found to be quite good when working with nix.
|
||||
|
||||
### [ripgrep](https://github.com/BurntSushi/ripgrep)
|
||||
|
||||
ripgrep (or `rg` for short) is a tool that lets you recursively grep for regex patters in a directory.
|
||||
|
||||
It is great for finding references to configuration, and where and how certain things are used. It is
|
||||
especially great when working with [nixpkgs](https://github.com/NixOS/nixpkgs), which is quite large.
|
||||
|
||||
### GitHub Search
|
||||
|
||||
When trying to set up a new service or reconfigure something, it is very common that someone has done it
|
||||
before you, but it has never been documented anywhere. A lot of Nix code exists on GitHub, and you can
|
||||
easily query it by using the `lang:nix` filter in the search bar.
|
||||
|
||||
For example: https://github.com/search?q=lang%3Anix+dibbler&type=code
|
||||
|
||||
## rsync
|
||||
|
||||
`rsync` is a tool for synchronizing files between machines. It is very useful when transferring large
|
||||
amounts of data from a to b. We use it for multiple things, often when data is produced or stored on
|
||||
one machine, and we want to process or convert it on another. For example, we use it to transfer gitea
|
||||
artifacts, to transfer gallery pictures, to transfer minecraft world data for map rendering, and more.
|
||||
|
||||
Along with `rsync`, we often use a lesser known tool called `rrsync`, which you can use inside an ssh
|
||||
configuration (`authorized_keys` file) to restrict what paths a user can access when connecting over ssh.
|
||||
This is useful both as a security measure, but also to avoid accidental overwrites of files outside the intended
|
||||
path. `rrsync` will use chroot to restrict what paths the user can access, as well as refuse to run arbitrary commands.
|
||||
|
||||
## `nix repl`
|
||||
|
||||
`nix repl` is an interactive REPL for the Nix language. It is very useful for experimenting with Nix code,
|
||||
and testing out small snippets of code to make sure it behaves as expected. You can also use it to explore
|
||||
NixOS machine configurations, to interactively see that the configuration evaluates to what you expect.
|
||||
|
||||
```
|
||||
# While in the pvv-nixos-config directory
|
||||
nix repl .
|
||||
|
||||
# Upon writing out the config path and clickin [Tab], you will get autocompletion suggestions:
|
||||
nix-repl> nixosConfigurations.bekkalokk.config.services.nginx.virtualHosts.
|
||||
nixosConfigurations.bekkalokk.config.services.nginx.virtualHosts._
|
||||
nixosConfigurations.bekkalokk.config.services.nginx.virtualHosts.bekkalokk.pvv.ntnu.no-nixos-metrics
|
||||
nixosConfigurations.bekkalokk.config.services.nginx.virtualHosts.idp.pvv.ntnu.no
|
||||
nixosConfigurations.bekkalokk.config.services.nginx.virtualHosts.minecraft.pvv.ntnu.no
|
||||
nixosConfigurations.bekkalokk.config.services.nginx.virtualHosts.pvv.ntnu.no
|
||||
nixosConfigurations.bekkalokk.config.services.nginx.virtualHosts.pvv.org
|
||||
nixosConfigurations.bekkalokk.config.services.nginx.virtualHosts.pw.pvv.ntnu.no
|
||||
nixosConfigurations.bekkalokk.config.services.nginx.virtualHosts.roundcubeplaceholder.example.com
|
||||
nixosConfigurations.bekkalokk.config.services.nginx.virtualHosts.snappymail.pvv.ntnu.no
|
||||
nixosConfigurations.bekkalokk.config.services.nginx.virtualHosts.webmail.pvv.ntnu.no
|
||||
nixosConfigurations.bekkalokk.config.services.nginx.virtualHosts.wiki.pvv.ntnu.no
|
||||
nixosConfigurations.bekkalokk.config.services.nginx.virtualHosts.www.pvv.ntnu.no
|
||||
nixosConfigurations.bekkalokk.config.services.nginx.virtualHosts.www.pvv.org
|
||||
```
|
||||
|
||||
## `nix why-depends`
|
||||
|
||||
If you ever wonder why a certain package is being used as a dependency of another package,
|
||||
or another machine, you can use `nix why-depends` to find the dependency path from one package to another.
|
||||
This is often useful after updating nixpkgs and finding an error saying that a certain package is insecure,
|
||||
broken or whatnot. You can do something like the following
|
||||
|
||||
```bash
|
||||
# Why does bekkalokk depend on openssl?
|
||||
nix why-depends .#nixosConfigurations.bekkalokk.config.system.build.toplevel .#nixosConfigurations.bekkalokk.pkgs.openssl
|
||||
|
||||
# Why does bekkalokk's minecraft-server depend on zlib? (this is not real)
|
||||
nix why-depends .#nixosConfigurations.bekkalokk.pkgs.minecraft-server .#nixosConfigurations.bekkalokk.pkgs.zlib
|
||||
```
|
||||
|
||||
## php-fpm
|
||||
|
||||
php-fpm (FastCGI Process Manager) is a PHP implementation that is designed for speed and production use. We host a bunch
|
||||
of different PHP applications (including our own website), and so we use php-fpm quite a bit. php-fpm typically exposes a
|
||||
unix socket that nginx will connect to, and php-fpm will then render php upon web requests forwarded from nginx and return
|
||||
it.
|
||||
|
||||
php-fpm has a tendency to be a bit hard to debug. It is not always very willing to spit out error messages and logs, and so
|
||||
it can be a bit hard to figure out what's up when something goes wrong. You should see some of the commented stuff laying around
|
||||
in the website code on bekkalokk for examples of how to configure php-fpm for better logging and error reporting.
|
||||
@@ -1,169 +0,0 @@
|
||||
# Development - working on the PVV machines
|
||||
|
||||
This document outlines the process of editing our NixOS configurations, and testing and deploying said changes
|
||||
to the machines. Most of the information written here is specific to the PVV NixOS configuration, and the topics
|
||||
will not really cover the nix code itself in detail. You can find some more resources for that by either following
|
||||
the links from the *Upstream documentation* section below, or in [Miscellaneous development notes](./development-misc.md).
|
||||
|
||||
## Editing nix files
|
||||
|
||||
> [!WARNING]
|
||||
> Before editing any nix files, make sure to read [Secret management and `sops-nix`](./secret-management.md)!
|
||||
> We do not want to add any secrets in plaintext to the nix files, and certainly not commit and publish
|
||||
> them into the common public.
|
||||
|
||||
The files are plaintext code, written in the [`Nix` language](https://nix.dev/manual/nix/stable/language/).
|
||||
|
||||
Below is a list of important files and directories, and a description of what they contain.
|
||||
|
||||
### `flake.nix`
|
||||
|
||||
The `flake.nix` file is a [nix flake](https://wiki.nixos.org/wiki/Flakes) and makes up the entrypoint of the
|
||||
entire configuration. It declares what inputs are used (similar to dependencies), as well as what outputs the
|
||||
flake exposes. In our case, the most important outputs are the `nixosConfigurations` (our machine configs), but
|
||||
we also expose custom modules, packages, devshells, and more. You can run `nix flake show` to get an overview of
|
||||
the outputs (however you will need to [enable the `nix-flakes` experimental option](https://wiki.nixos.org/wiki/Flakes#Setup)).
|
||||
|
||||
You will find that a lot of the flake inputs are the different PVV projects that we develop, imported to be hosted
|
||||
on the NixOS machines. This makes it easy to deploy changes to these projects, as we can just update the flake input
|
||||
to point to a new commit or version, and then rebuild the machines.
|
||||
|
||||
A NixOS configuration is usually made with the `nixpkgs.lib.nixosSystem` function, however we have a few custom wrapper
|
||||
functions named `nixosConfig` and `stableNixosConfig` that abstracts away some common configuration we want on all our machines.
|
||||
|
||||
### `values.nix`
|
||||
|
||||
`values.nix` is a somewhat rare pattern in NixOS configurations around the internet. It contains a bunch of constant values
|
||||
that we use throughout the configuration, such as IP addresses, DNS names, paths and more. This not only makes it easier to
|
||||
change the values should we need to, but it also makes the configuration more readable. Instead of caring what exact IP any
|
||||
machine has, you can write `values.machines.name.ipv4` and abstract the details away.
|
||||
|
||||
### `base`
|
||||
|
||||
The `base` directory contains a bunch of NixOS configuration that is common for all or most machines. Some of the config
|
||||
you will find here sets defaults for certain services without enabling them, so that when they are enabled in a machine config,
|
||||
we don't need to repeat the same defaults over again. Other parts actually enable certain services that we want on all machines,
|
||||
such as `openssh` or the auto upgrade timer.
|
||||
|
||||
### Vendoring `modules` and `packages`
|
||||
|
||||
Sometimes, we either find that the packages or modules provided by `nixpkgs` is not sufficient for us,
|
||||
or that they are bugged in some way that can not be easily overrided. There are also cases where the
|
||||
modules or packages does not exist. In these cases, we tend to either copy and modify the modules and
|
||||
packages from nixpkgs, or create our own. These modules and packages end up in the top-level `modules`
|
||||
and `packages` directories. They are usually exposed in `flake.nix` as flake outputs `nixosModules.<name>`
|
||||
and `packages.<platform>.<name>`, and they are usually also added to the machines that need them in the flake.
|
||||
|
||||
In order to override or add an extra package, the easiest way is to use an [`overlay`](https://wiki.nixos.org/wiki/Overlays).
|
||||
This makes it so that the package from `pkgs.<name>` now refers to the modified variant of the package.
|
||||
|
||||
In order to add a module, you can just register it in the modules of the nixos machine.
|
||||
In order to override a module, you also have to use `disabledModules = [ "<path-relative-to-nixpkgs/modules>" ];`.
|
||||
Use `rg` to find examples of the latter.
|
||||
|
||||
Do note that if you believe a new module to be of high enough quality, or the change you are making to be
|
||||
relevant for every nix user, you should strongly consider also creating a PR towards nixpkgs. However,
|
||||
getting changes made there has a bit higher threshold and takes more time than making changes in the PVV config,
|
||||
so feel free to make the changes here first. We can always remove the changes again once the upstreaming is finished.
|
||||
|
||||
### `users`, `secrets` and `keys`
|
||||
|
||||
For `users`, see [User management](./users.md)
|
||||
|
||||
For `secrets` and `keys`, see [Secret management and `sops-nix`](./secret-management.md)
|
||||
|
||||
### Collaboration
|
||||
|
||||
We use our gitea to collaborate on changes to the nix configuration. Every PVV maintenance member should have
|
||||
access to the repository. The usual workflow is that we create a branch for the change we want to make, do a bunch
|
||||
of commits and changes, and then open a merge request for review (or just rebase on master if you know what you are doing).
|
||||
|
||||
### Upstream documentation
|
||||
|
||||
Here are different sources of documentation and stuff that you might find useful while
|
||||
writing, editing and debugging nix code.
|
||||
|
||||
- [nixpkgs repository](https://github.com/NixOS/nixpkgs)
|
||||
|
||||
This is particularly useful to read the source code, as well as upstreaming pieces of code that we think
|
||||
everyone would want
|
||||
|
||||
- [NixOS search](https://search.nixos.org/)
|
||||
|
||||
This is useful for searching for both packages and NixOS options.
|
||||
|
||||
- [nixpkgs documentation](https://nixos.org/manual/nixpkgs/stable/)
|
||||
- [NixOS documentation](https://nixos.org/manual/nixos/stable/)
|
||||
- [nix (the tool) documentation](https://nix.dev/manual/nix/stable/)
|
||||
|
||||
All of the three above make up the official documentation with all technical
|
||||
details about the different pieces that makes up NixOS.
|
||||
|
||||
- [The official NixOS wiki](https://wiki.nixos.org)
|
||||
|
||||
User-contributed guides, tips and tricks, and whatever else.
|
||||
|
||||
- [nix.dev](https://nix.dev)
|
||||
|
||||
Additional stuff
|
||||
|
||||
- [Noogle](https://noogle.dev)
|
||||
|
||||
This is useful when looking for nix functions and packaging helpers.
|
||||
|
||||
## Testing and deploying changes
|
||||
|
||||
After editing the nix files on a certain branch, you will want to test and deploy the changes to the machines.
|
||||
Unfortunately, we don't really have a good setup for testing for runtime correctness locally, but we can at least
|
||||
make sure that the code evaluates and builds correctly before deploying.
|
||||
|
||||
To just check that the code evaluates without errors, you can run:
|
||||
|
||||
```bash
|
||||
nix flake check
|
||||
# Or if you want to keep getting all errors before it quits:
|
||||
nix flake check --keep-going
|
||||
```
|
||||
|
||||
> [!NOTE]
|
||||
> If you are making changes that involves creating new nix files, remember to `git add` those files before running
|
||||
> any nix commands. Nix refuses to acknowledge files that are not either commited or at least staged. It will spit
|
||||
> out an error message about not finding the file in question.
|
||||
|
||||
### Building machine configurations
|
||||
|
||||
To build any specific machine configuration and look at the output, you can run:
|
||||
|
||||
```bash
|
||||
nix build .#nixosConfigurations.<machine-name>.config.system.build.toplevel
|
||||
# or just
|
||||
nix build .#<machine-name>
|
||||
```
|
||||
|
||||
This will create a symlink name `./result` to a directory containing the built NixOS system. It is oftentimes
|
||||
the case that config files for certain services only end up in the nix store without being put into `/etc`. If you wish
|
||||
to read those files, you can often find them by looking at the systemd unit files in `./result/etc/systemd/system/`.
|
||||
(if you are using vim, `gf` or go-to-file while the cursor is over a file path is a useful trick while doing this).
|
||||
|
||||
If you have edited something that affects multiple machines, you can also build all important machines at once by running:
|
||||
|
||||
```bash
|
||||
nix build .#
|
||||
```
|
||||
|
||||
> [!NOTE]
|
||||
> Building all machines at once can take a long time, depending on what has changed and whether you have already
|
||||
> built some of the machines recently. Be prepared to wait for up to an hour to build all machines from scratch
|
||||
> if this is the first time.
|
||||
|
||||
### Forcefully reset to `main`
|
||||
|
||||
If you ever want to reset a machine to the `main` branch, you can do so by running:
|
||||
|
||||
```bash
|
||||
nixos-rebuild switch --update-input nixpkgs --update-input nixpkgs-unstable --no-write-lock-file --refresh --upgrade --flake git+https://git.pvv.ntnu.no/Drift/pvv-nixos-config.git
|
||||
```
|
||||
|
||||
This will ignore the current branch and just pull the latest `main` from the git repository directly from gitea.
|
||||
You can also use this command if there are updates on the `main` branch that you want to deploy to the machine without
|
||||
waiting for the nightly rebuild.
|
||||
@@ -1,160 +0,0 @@
|
||||
# Secret management and `sops-nix`
|
||||
|
||||
Nix config is love, nix config is life, and publishing said config to the
|
||||
internet is not only a good deed and kinda cool, but also encourages properly
|
||||
secured configuration as opposed to [security through obscurity](https://en.wikipedia.org/wiki/Security_through_obscurity).
|
||||
That being said, there are some details of the config that we really shouldn't
|
||||
share with the general public. In particular, there are so-called *secrets*, that is
|
||||
API keys, passwords, tokens, cookie secrets, salts, peppers and jalapenos that we'd
|
||||
rather keep to ourselves. However, it is not entirely trivial to do so in the NixOS config.
|
||||
For one, we'd have to keep these secrets out of the public git repo somehow, and secondly
|
||||
everything that is configured via nix ends up as world readable files (i.e. any user on the
|
||||
system can read the file) in `/nix/store`.
|
||||
|
||||
In order to solve this, we use a NixOS module called [`sops-nix`](https://github.com/Mic92/sops-nix)
|
||||
which uses a technology called [`sops`](https://github.com/getsops/sops) behind the scenes.
|
||||
The idea is simple: we encrypt these secrets with a bunch of different keys and store the
|
||||
encrypted files in the git repo. First of all, we encrypt the secrets a bunch of time with
|
||||
PVV maintenance member's keys, so that we can decrypt and edit the contents. Secondly, we
|
||||
encrypt the secrets with the [host keys]() of the NixOS machines, so that they can decrypt
|
||||
the secrets. The secrets will be decrypted and stored in a well-known location (usually `/run/secrets`)
|
||||
so that they do not end up in the nix store, and are not world readable.
|
||||
|
||||
This way, we can both keep the secrets in the git repository and let multiple people edit them,
|
||||
but also ensure that they don't end up in the wrong hands.
|
||||
|
||||
## Adding a new machine
|
||||
|
||||
In order to add a new machine to the nix-sops setup, you should do the following:
|
||||
|
||||
```console
|
||||
# Create host keys (if they don't already exist)
|
||||
ssh-keygen -A -b 4096
|
||||
|
||||
# Derive an age-key from the public host key
|
||||
nix-shell -p ssh-to-age --run 'cat /etc/ssh/ssh_host_ed25519_key.pub | ssh-to-age'
|
||||
|
||||
# Register the age key in .sops.yaml
|
||||
vim .sops.yaml
|
||||
```
|
||||
|
||||
The contents of `.sops.yaml` should look like this:
|
||||
|
||||
```yaml
|
||||
keys:
|
||||
# Users
|
||||
...
|
||||
|
||||
# Hosts
|
||||
...
|
||||
- &host_<machine_name> <public_age_key>
|
||||
|
||||
creation_rules:
|
||||
...
|
||||
|
||||
- path_regex: secrets/<machine_name>/[^/]+\.yaml$
|
||||
key_groups:
|
||||
- age:
|
||||
- *host_<machine_name>
|
||||
- ... user keys
|
||||
- pgp:
|
||||
- ... user keys
|
||||
```
|
||||
|
||||
> [!NOTE]
|
||||
> Take care that all the keys in the `age` and `pgp` sections are prefixed
|
||||
> with a `-`, or else sops might try to encrypt the secrets in a way where
|
||||
> you need both keys present to decrypt the content. Also, it tends to throw
|
||||
> interesting errors when it fails to do so.
|
||||
|
||||
```console
|
||||
# While cd-ed into the repository, run this to get a shell with the `sops` tool present
|
||||
nix-shell
|
||||
```
|
||||
|
||||
Now you should also be able to edit secrets for this machine by running:
|
||||
|
||||
```
|
||||
sops secrets/<machine_name>/<machine_name>.yaml
|
||||
```
|
||||
|
||||
## Adding a user
|
||||
|
||||
Adding a user is quite similar to adding a new machine.
|
||||
This guide assumes you have already set up SSH keys.
|
||||
|
||||
```
|
||||
# Derive an age-key from your key
|
||||
# (edit the path to the key if it is named something else)
|
||||
nix-shell -p ssh-to-age --run 'cat ~/.ssh/id_ed25519.pub | ssh-to-age'
|
||||
|
||||
# Register the age key in .sops.yaml
|
||||
vim .sops.yaml
|
||||
```
|
||||
|
||||
The contents of `.sops.yaml` should look like this:
|
||||
|
||||
```yaml
|
||||
keys:
|
||||
# Users
|
||||
...
|
||||
- &user_<user_name> <public_age_key>
|
||||
|
||||
# Hosts
|
||||
...
|
||||
|
||||
creation_rules:
|
||||
...
|
||||
|
||||
# Do this for all the machines you are planning to edit
|
||||
# (or just do it for all machines)
|
||||
- path_regex: secrets/<machine_name>/[^/]+\.yaml$
|
||||
key_groups:
|
||||
- age:
|
||||
- *host_<machine_name>
|
||||
- ... user keys
|
||||
- *host_<user_name>
|
||||
- pgp:
|
||||
- ... user keys
|
||||
```
|
||||
|
||||
Now that sops is properly configured to recognize the key, you need someone
|
||||
who already has access to decrypt all the secrets and re-encrypt them with your
|
||||
key. At this point, you should probably [open a PR](https://docs.gitea.com/usage/issues-prs/pull-request)
|
||||
and ask someone in PVV maintenance if they can checkout the PR branch, run the following
|
||||
command and push the diff back into the PR (and maybe even ask them to merge if you're feeling
|
||||
particularly needy).
|
||||
|
||||
```console
|
||||
sops updatekeys secrets/*/*.yaml
|
||||
```
|
||||
|
||||
## Updating keys
|
||||
|
||||
> [!NOTE]
|
||||
> At some point, we found this flag called `sops -r` that seemed to be described to do what
|
||||
> `sops updatekeys` does, do not be fooled. This only rotates the "inner key" for those who
|
||||
> already have the secrets encrypted with their key.
|
||||
|
||||
Updating keys is done with this command:
|
||||
|
||||
```console
|
||||
sops updatekeys secrets/*/*.yaml
|
||||
```
|
||||
|
||||
However, there is a small catch. [oysteikt](https://git.pvv.ntnu.no/oysteikt) has kinda been
|
||||
getting gray hairs lately, and refuses to use modern technology - he is still stuck using GPG.
|
||||
This means that to be able to re-encrypt the sops secrets, you will need to have a gpg keychain
|
||||
with his latest public key available. The key has an expiry date, so if he forgets to update it,
|
||||
you should send him and angry email and tag him a bunch of times in a gitea issue. If the key
|
||||
is up to date, you can do the following:
|
||||
|
||||
```console
|
||||
# Fetch gpg (unless you have it already)
|
||||
nix-shell -p gpg
|
||||
|
||||
# Import oysteikts key to the gpg keychain
|
||||
gpg --import ./keys/oysteikt.pub
|
||||
```
|
||||
|
||||
Now you should be able to run the `sops updatekeys` command again.
|
||||
@@ -1,50 +0,0 @@
|
||||
# User management
|
||||
|
||||
Due to some complications with how NixOS creates users compared to how we used to
|
||||
create users with the salt-based setup, the NixOS machine users are created and
|
||||
managed separately. We tend to create users on-demand, whenever someone in PVV
|
||||
maintenance want to work on the NixOS machines.
|
||||
|
||||
## Setting up a new user
|
||||
|
||||
You can find the files for the existing users, and thereby examples of user files
|
||||
in the [`users`](../users) directory. When creating a new file here, you should name it
|
||||
`your-username.nix`, and add *at least* the following contents:
|
||||
|
||||
```nix
|
||||
{ pkgs, ... }:
|
||||
{
|
||||
users.users."<username>" = {
|
||||
isNormalUser = true;
|
||||
extraGroups = [
|
||||
"wheel" # In case you wanna use sudo (you probably do)
|
||||
"nix-builder-users" # Arbitrary access to write to the nix store
|
||||
];
|
||||
|
||||
# Any packages you frequently use to manage servers go here.
|
||||
# Please don't pull gigantonormous packages here unless you
|
||||
# absolutely need them, and remember that any package can be
|
||||
# pulled via nix-shell if you only use it once in a blue moon.
|
||||
packages = with pkgs; [
|
||||
bottom
|
||||
eza
|
||||
];
|
||||
|
||||
# Not strictly needed, but we recommend adding your public SSH
|
||||
# key here. If it is not present, you will have to log into the
|
||||
# machine as 'root' before setting your password for every NixOS
|
||||
# machine you have not logged into yet.
|
||||
openssh.authorizedKeys.keys = [
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIjiQ0wg4lpC7YBMAAHoGmgwqHOBi+EUz5mmCymGlIyT my-key"
|
||||
];
|
||||
};
|
||||
}
|
||||
```
|
||||
|
||||
The file will be picked up automatically, so creating the file and adding the
|
||||
contents should be enough to get you registered. You should
|
||||
[open a PR](https://docs.gitea.com/usage/issues-prs/pull-request) with the new
|
||||
code so the machines will be rebuilt with your user present.
|
||||
|
||||
See also [Secret Management](./secret-management.md) for how to add your keys to the
|
||||
system that lets us add secrets (API keys, password, etc.) to the NixOS config.
|
||||
364
flake.lock
generated
364
flake.lock
generated
@@ -1,27 +1,5 @@
|
||||
{
|
||||
"nodes": {
|
||||
"dibbler": {
|
||||
"inputs": {
|
||||
"flake-utils": "flake-utils",
|
||||
"nixpkgs": [
|
||||
"nixpkgs"
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1768138611,
|
||||
"narHash": "sha256-KfZX6wpuwE2IRKLjh0DrEviE4f6kqLJWwKIE5QJSqa4=",
|
||||
"ref": "main",
|
||||
"rev": "cb385097dcda5fb9772f903688d078b30a66ccd4",
|
||||
"revCount": 221,
|
||||
"type": "git",
|
||||
"url": "https://git.pvv.ntnu.no/Projects/dibbler.git"
|
||||
},
|
||||
"original": {
|
||||
"ref": "main",
|
||||
"type": "git",
|
||||
"url": "https://git.pvv.ntnu.no/Projects/dibbler.git"
|
||||
}
|
||||
},
|
||||
"disko": {
|
||||
"inputs": {
|
||||
"nixpkgs": [
|
||||
@@ -29,55 +7,19 @@
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1736864502,
|
||||
"narHash": "sha256-ItkIZyebGvNH2dK9jVGzJHGPtb6BSWLN8Gmef16NeY0=",
|
||||
"lastModified": 1758287904,
|
||||
"narHash": "sha256-IGmaEf3Do8o5Cwp1kXBN1wQmZwQN3NLfq5t4nHtVtcU=",
|
||||
"owner": "nix-community",
|
||||
"repo": "disko",
|
||||
"rev": "0141aabed359f063de7413f80d906e1d98c0c123",
|
||||
"rev": "67ff9807dd148e704baadbd4fd783b54282ca627",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "nix-community",
|
||||
"ref": "v1.11.0",
|
||||
"repo": "disko",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"flake-parts": {
|
||||
"inputs": {
|
||||
"nixpkgs-lib": "nixpkgs-lib"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1765835352,
|
||||
"narHash": "sha256-XswHlK/Qtjasvhd1nOa1e8MgZ8GS//jBoTqWtrS1Giw=",
|
||||
"owner": "hercules-ci",
|
||||
"repo": "flake-parts",
|
||||
"rev": "a34fae9c08a15ad73f295041fec82323541400a9",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "hercules-ci",
|
||||
"repo": "flake-parts",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"flake-utils": {
|
||||
"inputs": {
|
||||
"systems": "systems"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1731533236,
|
||||
"narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
|
||||
"owner": "numtide",
|
||||
"repo": "flake-utils",
|
||||
"rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"id": "flake-utils",
|
||||
"type": "indirect"
|
||||
}
|
||||
},
|
||||
"gergle": {
|
||||
"inputs": {
|
||||
"nixpkgs": [
|
||||
@@ -85,16 +27,15 @@
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1767906545,
|
||||
"narHash": "sha256-LOf08pcjEQFLs3dLPuep5d1bAXWOFcdfxuk3YMb5KWw=",
|
||||
"ref": "main",
|
||||
"rev": "e55cbe0ce0b20fc5952ed491fa8a553c8afb1bdd",
|
||||
"revCount": 23,
|
||||
"lastModified": 1758384693,
|
||||
"narHash": "sha256-zakdGo9micgEXGiC5Uq0gE5GkHtX12qaRYLcstKPek4=",
|
||||
"ref": "refs/heads/main",
|
||||
"rev": "5f6a462d87cbe25834e8f31283f39fb46c9c3561",
|
||||
"revCount": 21,
|
||||
"type": "git",
|
||||
"url": "https://git.pvv.ntnu.no/Grzegorz/gergle.git"
|
||||
},
|
||||
"original": {
|
||||
"ref": "main",
|
||||
"type": "git",
|
||||
"url": "https://git.pvv.ntnu.no/Grzegorz/gergle.git"
|
||||
}
|
||||
@@ -107,16 +48,15 @@
|
||||
"rust-overlay": "rust-overlay"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1767906494,
|
||||
"narHash": "sha256-Dd6gtdZfRMAD6JhdX0GdJwIHVaBikePSpQXhIdwLlWI=",
|
||||
"ref": "main",
|
||||
"rev": "7258822e2e90fea2ea00b13b5542f63699e33a9e",
|
||||
"revCount": 61,
|
||||
"lastModified": 1758386174,
|
||||
"narHash": "sha256-iNDxHSDdb/LlqDbqP9BcZd1QEmks4iYiyN34UhUizZ8=",
|
||||
"ref": "refs/heads/main",
|
||||
"rev": "a21fdfe56743afc7de1fb14597711fbd97ddef76",
|
||||
"revCount": 50,
|
||||
"type": "git",
|
||||
"url": "https://git.pvv.ntnu.no/Grzegorz/greg-ng.git"
|
||||
},
|
||||
"original": {
|
||||
"ref": "main",
|
||||
"type": "git",
|
||||
"url": "https://git.pvv.ntnu.no/Grzegorz/greg-ng.git"
|
||||
}
|
||||
@@ -128,16 +68,15 @@
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1764867811,
|
||||
"narHash": "sha256-UWHiwr8tIcGcVxMLvAdNxDbQ8QuHf3REHboyxvFkYEI=",
|
||||
"ref": "master",
|
||||
"rev": "c9983e947efe047ea9d6f97157a1f90e49d0eab3",
|
||||
"revCount": 81,
|
||||
"lastModified": 1736178795,
|
||||
"narHash": "sha256-mPdi8cgvIDYcgG3FRG7A4BOIMu2Jef96TPMnV00uXlM=",
|
||||
"ref": "refs/heads/master",
|
||||
"rev": "fde738910de1fd8293535a6382c2f0c2749dd7c1",
|
||||
"revCount": 79,
|
||||
"type": "git",
|
||||
"url": "https://git.pvv.ntnu.no/Grzegorz/grzegorz-clients.git"
|
||||
},
|
||||
"original": {
|
||||
"ref": "master",
|
||||
"type": "git",
|
||||
"url": "https://git.pvv.ntnu.no/Grzegorz/grzegorz-clients.git"
|
||||
}
|
||||
@@ -149,61 +88,53 @@
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1764844095,
|
||||
"narHash": "sha256-Drf1orxsmFDzO+UbPo85gHjXW7QzAM+6oTPvI7vOSik=",
|
||||
"lastModified": 1753216555,
|
||||
"narHash": "sha256-qfgVfgXjVPV7vEER4PVFiGUOUW08GHH71CVXgYW8EVc=",
|
||||
"owner": "dali99",
|
||||
"repo": "nixos-matrix-modules",
|
||||
"rev": "25b9f31ef1dbc3987b4c716de716239f2b283701",
|
||||
"rev": "099db715d1eba526a464f271b05cead5166fd9a9",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "dali99",
|
||||
"ref": "v0.8.0",
|
||||
"ref": "v0.7.1",
|
||||
"repo": "nixos-matrix-modules",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"minecraft-data": {
|
||||
"locked": {
|
||||
"lastModified": 1725277886,
|
||||
"narHash": "sha256-Fw4VbbE3EfypQWSgPDFfvVH47BHeg3ptsO715NlUM8Q=",
|
||||
"ref": "refs/heads/master",
|
||||
"rev": "1b4087bd3322a2e2ba84271c8fcc013e6b641a58",
|
||||
"revCount": 2,
|
||||
"type": "git",
|
||||
"url": "https://git.pvv.ntnu.no/Projects/minecraft-kartverket.git"
|
||||
},
|
||||
"original": {
|
||||
"type": "git",
|
||||
"url": "https://git.pvv.ntnu.no/Projects/minecraft-kartverket.git"
|
||||
}
|
||||
},
|
||||
"minecraft-heatmap": {
|
||||
"inputs": {
|
||||
"nixpkgs": [
|
||||
"nixpkgs"
|
||||
],
|
||||
"rust-overlay": "rust-overlay_2"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1767906976,
|
||||
"narHash": "sha256-igCg8I83eO+noF00raXVJqDxzLS2SrZN8fK5bnvO+xI=",
|
||||
"ref": "main",
|
||||
"rev": "626bc9b6bae6a997b347cdbe84080240884f2955",
|
||||
"revCount": 17,
|
||||
"type": "git",
|
||||
"url": "https://git.pvv.ntnu.no/Projects/minecraft-heatmap.git"
|
||||
},
|
||||
"original": {
|
||||
"ref": "main",
|
||||
"type": "git",
|
||||
"url": "https://git.pvv.ntnu.no/Projects/minecraft-heatmap.git"
|
||||
}
|
||||
},
|
||||
"minecraft-kartverket": {
|
||||
"inputs": {
|
||||
"nixpkgs": [
|
||||
"nixpkgs"
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1768749374,
|
||||
"narHash": "sha256-dhXYLc64d7TKCnRPW4TlHGl6nLRNdabJB2DpJ8ffUw0=",
|
||||
"ref": "main",
|
||||
"rev": "040294f2e1df46e33d995add6944b25859654097",
|
||||
"revCount": 37,
|
||||
"lastModified": 1756124334,
|
||||
"narHash": "sha256-DXFmSpgI8FrqcdqY7wg5l/lpssWjslHq5ufvyp/5k4o=",
|
||||
"ref": "refs/heads/main",
|
||||
"rev": "83760b1ebcd9722ddf58a4117d29555da65538ad",
|
||||
"revCount": 13,
|
||||
"type": "git",
|
||||
"url": "https://git.pvv.ntnu.no/Projects/minecraft-kartverket.git"
|
||||
"url": "https://git.pvv.ntnu.no/Projects/minecraft-heatmap.git"
|
||||
},
|
||||
"original": {
|
||||
"ref": "main",
|
||||
"type": "git",
|
||||
"url": "https://git.pvv.ntnu.no/Projects/minecraft-kartverket.git"
|
||||
"url": "https://git.pvv.ntnu.no/Projects/minecraft-heatmap.git"
|
||||
}
|
||||
},
|
||||
"nix-gitea-themes": {
|
||||
@@ -213,77 +144,39 @@
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1767906352,
|
||||
"narHash": "sha256-wYsH9MMAPFG3XTL+3DwI39XMG0F2fTmn/5lt265a3Es=",
|
||||
"ref": "main",
|
||||
"rev": "d054c5d064b8ed6d53a0adb0cf6c0a72febe212e",
|
||||
"revCount": 13,
|
||||
"lastModified": 1743881366,
|
||||
"narHash": "sha256-ScGA2IHPk9ugf9bqEZnp+YB/OJgrkZblnG/XLEKvJAo=",
|
||||
"ref": "refs/heads/main",
|
||||
"rev": "db2e4becf1b11e5dfd33de12a90a7d089fcf68ec",
|
||||
"revCount": 11,
|
||||
"type": "git",
|
||||
"url": "https://git.pvv.ntnu.no/Drift/nix-gitea-themes.git"
|
||||
},
|
||||
"original": {
|
||||
"ref": "main",
|
||||
"type": "git",
|
||||
"url": "https://git.pvv.ntnu.no/Drift/nix-gitea-themes.git"
|
||||
}
|
||||
},
|
||||
"nix-topology": {
|
||||
"inputs": {
|
||||
"flake-parts": "flake-parts",
|
||||
"nixpkgs": [
|
||||
"nixpkgs"
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1768068512,
|
||||
"narHash": "sha256-pH5wkcNOiXy4MBjDTe6A1gml+7m+ULC3lYMBPMqdS1w=",
|
||||
"owner": "oddlama",
|
||||
"repo": "nix-topology",
|
||||
"rev": "4367a2093c5ff74fc478466aebf41d47ce0cacb4",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "oddlama",
|
||||
"ref": "main",
|
||||
"repo": "nix-topology",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nixpkgs": {
|
||||
"locked": {
|
||||
"lastModified": 1768555036,
|
||||
"narHash": "sha256-qJTh3xrFsqrXDzUmjPGV0VC70vpsq/YP25Jo6Fh7PTs=",
|
||||
"rev": "1d2851ebcd64734ef057e8c80e05dd5600323792",
|
||||
"lastModified": 1758363343,
|
||||
"narHash": "sha256-TWem5ajoX0vD7j1v/cg3XU7GHWW10HRUQbZL++QNXLk=",
|
||||
"rev": "b2a3852bd078e68dd2b3dfa8c00c67af1f0a7d20",
|
||||
"type": "tarball",
|
||||
"url": "https://releases.nixos.org/nixos/25.11-small/nixos-25.11.4104.1d2851ebcd64/nixexprs.tar.xz"
|
||||
"url": "https://releases.nixos.org/nixos/25.05-small/nixos-25.05.810175.b2a3852bd078/nixexprs.tar.xz"
|
||||
},
|
||||
"original": {
|
||||
"type": "tarball",
|
||||
"url": "https://nixos.org/channels/nixos-25.11-small/nixexprs.tar.xz"
|
||||
}
|
||||
},
|
||||
"nixpkgs-lib": {
|
||||
"locked": {
|
||||
"lastModified": 1765674936,
|
||||
"narHash": "sha256-k00uTP4JNfmejrCLJOwdObYC9jHRrr/5M/a/8L2EIdo=",
|
||||
"owner": "nix-community",
|
||||
"repo": "nixpkgs.lib",
|
||||
"rev": "2075416fcb47225d9b68ac469a5c4801a9c4dd85",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "nix-community",
|
||||
"repo": "nixpkgs.lib",
|
||||
"type": "github"
|
||||
"url": "https://nixos.org/channels/nixos-25.05-small/nixexprs.tar.xz"
|
||||
}
|
||||
},
|
||||
"nixpkgs-unstable": {
|
||||
"locked": {
|
||||
"lastModified": 1768553552,
|
||||
"narHash": "sha256-YeNMZDAxdQUMLcqZmoc+/WzYrJxTEg6Y7uNALUcF1dE=",
|
||||
"rev": "a6b8b0f0ceb6d4f5da70808e26c68044099460fd",
|
||||
"lastModified": 1758361324,
|
||||
"narHash": "sha256-uCqhgJlmxP3UmyCNZ21ucc5Ic0I2le3rA7+Q61UH1YA=",
|
||||
"rev": "0f3383ef02bc092d2f82afa4e556743c6e6b74d6",
|
||||
"type": "tarball",
|
||||
"url": "https://releases.nixos.org/nixos/unstable-small/nixos-26.05pre928681.a6b8b0f0ceb6/nixexprs.tar.xz"
|
||||
"url": "https://releases.nixos.org/nixos/unstable-small/nixos-25.11pre864278.0f3383ef02bc/nixexprs.tar.xz"
|
||||
},
|
||||
"original": {
|
||||
"type": "tarball",
|
||||
@@ -297,16 +190,15 @@
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1764869785,
|
||||
"narHash": "sha256-FGTIpC7gB4lbeL0bfYzn1Ge0PaCpd7VqWBLhJBx0i4A=",
|
||||
"ref": "main",
|
||||
"rev": "8ce7fb0b1918bdb3d1489a40d73895693955e8b2",
|
||||
"revCount": 23,
|
||||
"lastModified": 1742225512,
|
||||
"narHash": "sha256-OB0ndlrGLE5wMUeYP4lmxly9JUEpPCeZRQyMzITKCB0=",
|
||||
"ref": "refs/heads/main",
|
||||
"rev": "c4a6a02c84d8227abf00305dc995d7242176e6f6",
|
||||
"revCount": 21,
|
||||
"type": "git",
|
||||
"url": "https://git.pvv.ntnu.no/Projects/calendar-bot.git"
|
||||
},
|
||||
"original": {
|
||||
"ref": "main",
|
||||
"type": "git",
|
||||
"url": "https://git.pvv.ntnu.no/Projects/calendar-bot.git"
|
||||
}
|
||||
@@ -318,84 +210,36 @@
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1768636400,
|
||||
"narHash": "sha256-AiSKT4/25LS1rUlPduBMogf4EbdMQYDY1rS7AvHFcxk=",
|
||||
"ref": "main",
|
||||
"rev": "3a8f82b12a44e6c4ceacd6955a290a52d1ee2856",
|
||||
"revCount": 573,
|
||||
"lastModified": 1757332682,
|
||||
"narHash": "sha256-4p4aVQWs7jHu3xb6TJlGik20lqbUU/Fc0/EHpzoRlO0=",
|
||||
"ref": "refs/heads/main",
|
||||
"rev": "da1113341ad9881d8d333d1e29790317bd7701e7",
|
||||
"revCount": 518,
|
||||
"type": "git",
|
||||
"url": "https://git.pvv.ntnu.no/Projects/nettsiden.git"
|
||||
},
|
||||
"original": {
|
||||
"ref": "main",
|
||||
"type": "git",
|
||||
"url": "https://git.pvv.ntnu.no/Projects/nettsiden.git"
|
||||
}
|
||||
},
|
||||
"qotd": {
|
||||
"inputs": {
|
||||
"nixpkgs": [
|
||||
"nixpkgs"
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1768684204,
|
||||
"narHash": "sha256-TErBiXxTRPUtZ/Mw8a5p+KCeGCFXa0o8fzwGoo75//Y=",
|
||||
"ref": "main",
|
||||
"rev": "a86f361bb8cfac3845b96d49fcbb2faea669844f",
|
||||
"revCount": 11,
|
||||
"type": "git",
|
||||
"url": "https://git.pvv.ntnu.no/Projects/qotd.git"
|
||||
},
|
||||
"original": {
|
||||
"ref": "main",
|
||||
"type": "git",
|
||||
"url": "https://git.pvv.ntnu.no/Projects/qotd.git"
|
||||
}
|
||||
},
|
||||
"root": {
|
||||
"inputs": {
|
||||
"dibbler": "dibbler",
|
||||
"disko": "disko",
|
||||
"gergle": "gergle",
|
||||
"greg-ng": "greg-ng",
|
||||
"grzegorz-clients": "grzegorz-clients",
|
||||
"matrix-next": "matrix-next",
|
||||
"minecraft-data": "minecraft-data",
|
||||
"minecraft-heatmap": "minecraft-heatmap",
|
||||
"minecraft-kartverket": "minecraft-kartverket",
|
||||
"nix-gitea-themes": "nix-gitea-themes",
|
||||
"nix-topology": "nix-topology",
|
||||
"nixpkgs": "nixpkgs",
|
||||
"nixpkgs-unstable": "nixpkgs-unstable",
|
||||
"pvv-calendar-bot": "pvv-calendar-bot",
|
||||
"pvv-nettsiden": "pvv-nettsiden",
|
||||
"qotd": "qotd",
|
||||
"roowho2": "roowho2",
|
||||
"sops-nix": "sops-nix"
|
||||
}
|
||||
},
|
||||
"roowho2": {
|
||||
"inputs": {
|
||||
"nixpkgs": [
|
||||
"nixpkgs"
|
||||
],
|
||||
"rust-overlay": "rust-overlay_3"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1768140181,
|
||||
"narHash": "sha256-HfZzup5/jlu8X5vMUglTovVTSwhHGHwwV1YOFIL/ksA=",
|
||||
"ref": "main",
|
||||
"rev": "834463ed64773939798589ee6fd4adfe3a97dddd",
|
||||
"revCount": 43,
|
||||
"type": "git",
|
||||
"url": "https://git.pvv.ntnu.no/Projects/roowho2.git"
|
||||
},
|
||||
"original": {
|
||||
"ref": "main",
|
||||
"type": "git",
|
||||
"url": "https://git.pvv.ntnu.no/Projects/roowho2.git"
|
||||
}
|
||||
},
|
||||
"rust-overlay": {
|
||||
"inputs": {
|
||||
"nixpkgs": [
|
||||
@@ -404,53 +248,11 @@
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1767840362,
|
||||
"narHash": "sha256-ZtsFqUhilubohNZ1TgpQIFsi4biZTwRH9rjZsDRDik8=",
|
||||
"lastModified": 1758335443,
|
||||
"narHash": "sha256-2jaGMj32IckpZgBjn7kG4zyJl66T+2A1Fn2ppkHh91o=",
|
||||
"owner": "oxalica",
|
||||
"repo": "rust-overlay",
|
||||
"rev": "d159ea1fc321c60f88a616ac28bab660092a227d",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "oxalica",
|
||||
"repo": "rust-overlay",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"rust-overlay_2": {
|
||||
"inputs": {
|
||||
"nixpkgs": [
|
||||
"minecraft-heatmap",
|
||||
"nixpkgs"
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1766371695,
|
||||
"narHash": "sha256-W7CX9vy7H2Jj3E8NI4djHyF8iHSxKpb2c/7uNQ/vGFU=",
|
||||
"owner": "oxalica",
|
||||
"repo": "rust-overlay",
|
||||
"rev": "d81285ba8199b00dc31847258cae3c655b605e8c",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "oxalica",
|
||||
"repo": "rust-overlay",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"rust-overlay_3": {
|
||||
"inputs": {
|
||||
"nixpkgs": [
|
||||
"roowho2",
|
||||
"nixpkgs"
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1767322002,
|
||||
"narHash": "sha256-yHKXXw2OWfIFsyTjduB4EyFwR0SYYF0hK8xI9z4NIn0=",
|
||||
"owner": "oxalica",
|
||||
"repo": "rust-overlay",
|
||||
"rev": "03c6e38661c02a27ca006a284813afdc461e9f7e",
|
||||
"rev": "f1ccb14649cf87e48051a6ac3a571b4a57d84ff3",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@@ -466,34 +268,18 @@
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1768481291,
|
||||
"narHash": "sha256-NjKtkJraCZEnLHAJxLTI+BfdU//9coAz9p5TqveZwPU=",
|
||||
"lastModified": 1758007585,
|
||||
"narHash": "sha256-HYnwlbY6RE5xVd5rh0bYw77pnD8lOgbT4mlrfjgNZ0c=",
|
||||
"owner": "Mic92",
|
||||
"repo": "sops-nix",
|
||||
"rev": "e085e303dfcce21adcb5fec535d65aacb066f101",
|
||||
"rev": "f77d4cfa075c3de66fc9976b80e0c4fc69e2c139",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "Mic92",
|
||||
"ref": "master",
|
||||
"repo": "sops-nix",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"systems": {
|
||||
"locked": {
|
||||
"lastModified": 1681028828,
|
||||
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
|
||||
"owner": "nix-systems",
|
||||
"repo": "default",
|
||||
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "nix-systems",
|
||||
"repo": "default",
|
||||
"type": "github"
|
||||
}
|
||||
}
|
||||
},
|
||||
"root": "root",
|
||||
|
||||
162
flake.nix
162
flake.nix
@@ -2,51 +2,38 @@
|
||||
description = "PVV System flake";
|
||||
|
||||
inputs = {
|
||||
nixpkgs.url = "https://nixos.org/channels/nixos-25.11-small/nixexprs.tar.xz";
|
||||
nixpkgs.url = "https://nixos.org/channels/nixos-25.05-small/nixexprs.tar.xz";
|
||||
nixpkgs-unstable.url = "https://nixos.org/channels/nixos-unstable-small/nixexprs.tar.xz";
|
||||
|
||||
sops-nix.url = "github:Mic92/sops-nix/master";
|
||||
sops-nix.url = "github:Mic92/sops-nix";
|
||||
sops-nix.inputs.nixpkgs.follows = "nixpkgs";
|
||||
|
||||
disko.url = "github:nix-community/disko/v1.11.0";
|
||||
disko.url = "github:nix-community/disko";
|
||||
disko.inputs.nixpkgs.follows = "nixpkgs";
|
||||
|
||||
nix-topology.url = "github:oddlama/nix-topology/main";
|
||||
nix-topology.inputs.nixpkgs.follows = "nixpkgs";
|
||||
|
||||
pvv-nettsiden.url = "git+https://git.pvv.ntnu.no/Projects/nettsiden.git?ref=main";
|
||||
pvv-nettsiden.url = "git+https://git.pvv.ntnu.no/Projects/nettsiden.git";
|
||||
pvv-nettsiden.inputs.nixpkgs.follows = "nixpkgs";
|
||||
|
||||
pvv-calendar-bot.url = "git+https://git.pvv.ntnu.no/Projects/calendar-bot.git?ref=main";
|
||||
pvv-calendar-bot.url = "git+https://git.pvv.ntnu.no/Projects/calendar-bot.git";
|
||||
pvv-calendar-bot.inputs.nixpkgs.follows = "nixpkgs";
|
||||
|
||||
dibbler.url = "git+https://git.pvv.ntnu.no/Projects/dibbler.git?ref=main";
|
||||
dibbler.inputs.nixpkgs.follows = "nixpkgs";
|
||||
|
||||
matrix-next.url = "github:dali99/nixos-matrix-modules/v0.8.0";
|
||||
matrix-next.url = "github:dali99/nixos-matrix-modules/v0.7.1";
|
||||
matrix-next.inputs.nixpkgs.follows = "nixpkgs";
|
||||
|
||||
nix-gitea-themes.url = "git+https://git.pvv.ntnu.no/Drift/nix-gitea-themes.git?ref=main";
|
||||
nix-gitea-themes.url = "git+https://git.pvv.ntnu.no/Drift/nix-gitea-themes.git";
|
||||
nix-gitea-themes.inputs.nixpkgs.follows = "nixpkgs";
|
||||
|
||||
minecraft-heatmap.url = "git+https://git.pvv.ntnu.no/Projects/minecraft-heatmap.git?ref=main";
|
||||
minecraft-heatmap.url = "git+https://git.pvv.ntnu.no/Projects/minecraft-heatmap.git";
|
||||
minecraft-heatmap.inputs.nixpkgs.follows = "nixpkgs";
|
||||
|
||||
roowho2.url = "git+https://git.pvv.ntnu.no/Projects/roowho2.git?ref=main";
|
||||
roowho2.inputs.nixpkgs.follows = "nixpkgs";
|
||||
|
||||
greg-ng.url = "git+https://git.pvv.ntnu.no/Grzegorz/greg-ng.git?ref=main";
|
||||
greg-ng.url = "git+https://git.pvv.ntnu.no/Grzegorz/greg-ng.git";
|
||||
greg-ng.inputs.nixpkgs.follows = "nixpkgs";
|
||||
gergle.url = "git+https://git.pvv.ntnu.no/Grzegorz/gergle.git?ref=main";
|
||||
gergle.url = "git+https://git.pvv.ntnu.no/Grzegorz/gergle.git";
|
||||
gergle.inputs.nixpkgs.follows = "nixpkgs";
|
||||
grzegorz-clients.url = "git+https://git.pvv.ntnu.no/Grzegorz/grzegorz-clients.git?ref=master";
|
||||
grzegorz-clients.url = "git+https://git.pvv.ntnu.no/Grzegorz/grzegorz-clients.git";
|
||||
grzegorz-clients.inputs.nixpkgs.follows = "nixpkgs";
|
||||
|
||||
minecraft-kartverket.url = "git+https://git.pvv.ntnu.no/Projects/minecraft-kartverket.git?ref=main";
|
||||
minecraft-kartverket.inputs.nixpkgs.follows = "nixpkgs";
|
||||
|
||||
qotd.url = "git+https://git.pvv.ntnu.no/Projects/qotd.git?ref=main";
|
||||
qotd.inputs.nixpkgs.follows = "nixpkgs";
|
||||
minecraft-data.url = "git+https://git.pvv.ntnu.no/Projects/minecraft-kartverket.git";
|
||||
};
|
||||
|
||||
outputs = { self, nixpkgs, nixpkgs-unstable, sops-nix, disko, ... }@inputs:
|
||||
@@ -69,16 +56,6 @@
|
||||
in {
|
||||
inputs = lib.mapAttrs (_: src: src.outPath) inputs;
|
||||
|
||||
pkgs = forAllSystems (system:
|
||||
import nixpkgs {
|
||||
inherit system;
|
||||
config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg)
|
||||
[
|
||||
"nvidia-x11"
|
||||
"nvidia-settings"
|
||||
];
|
||||
});
|
||||
|
||||
nixosConfigurations = let
|
||||
unstablePkgs = nixpkgs-unstable.legacyPackages.x86_64-linux;
|
||||
|
||||
@@ -86,61 +63,46 @@
|
||||
nixpkgs:
|
||||
name:
|
||||
configurationPath:
|
||||
extraArgs@{
|
||||
system ? "x86_64-linux",
|
||||
specialArgs ? { },
|
||||
modules ? [ ],
|
||||
overlays ? [ ],
|
||||
enableDefaults ? true,
|
||||
...
|
||||
}:
|
||||
extraArgs:
|
||||
lib.nixosSystem (lib.recursiveUpdate
|
||||
{
|
||||
(let
|
||||
system = "x86_64-linux";
|
||||
in {
|
||||
inherit system;
|
||||
|
||||
specialArgs = {
|
||||
inherit unstablePkgs inputs;
|
||||
values = import ./values.nix;
|
||||
fp = path: ./${path};
|
||||
} // specialArgs;
|
||||
} // extraArgs.specialArgs or { };
|
||||
|
||||
modules = [
|
||||
configurationPath
|
||||
] ++ (lib.optionals enableDefaults [
|
||||
sops-nix.nixosModules.sops
|
||||
inputs.roowho2.nixosModules.default
|
||||
]) ++ modules;
|
||||
] ++ extraArgs.modules or [];
|
||||
|
||||
pkgs = import nixpkgs {
|
||||
inherit system;
|
||||
config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg)
|
||||
extraArgs.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg)
|
||||
[
|
||||
"nvidia-x11"
|
||||
"nvidia-settings"
|
||||
];
|
||||
overlays = (lib.optionals enableDefaults [
|
||||
overlays = [
|
||||
# Global overlays go here
|
||||
inputs.roowho2.overlays.default
|
||||
]) ++ overlays;
|
||||
] ++ extraArgs.overlays or [ ];
|
||||
};
|
||||
}
|
||||
})
|
||||
(builtins.removeAttrs extraArgs [
|
||||
"system"
|
||||
"modules"
|
||||
"overlays"
|
||||
"specialArgs"
|
||||
"enableDefaults"
|
||||
])
|
||||
);
|
||||
|
||||
stableNixosConfig = name: extraArgs:
|
||||
nixosConfig nixpkgs name ./hosts/${name}/configuration.nix extraArgs;
|
||||
in {
|
||||
bakke = stableNixosConfig "bakke" {
|
||||
modules = [
|
||||
disko.nixosModules.disko
|
||||
];
|
||||
};
|
||||
bicep = stableNixosConfig "bicep" {
|
||||
modules = [
|
||||
inputs.matrix-next.nixosModules.default
|
||||
@@ -150,10 +112,10 @@
|
||||
self.nixosModules.matrix-ooye
|
||||
];
|
||||
overlays = [
|
||||
inputs.pvv-calendar-bot.overlays.default
|
||||
inputs.pvv-calendar-bot.overlays.x86_64-linux.default
|
||||
inputs.minecraft-heatmap.overlays.default
|
||||
(final: prev: {
|
||||
inherit (self.packages.${prev.stdenv.hostPlatform.system}) out-of-your-element;
|
||||
inherit (self.packages.${prev.system}) out-of-your-element;
|
||||
})
|
||||
];
|
||||
};
|
||||
@@ -166,19 +128,15 @@
|
||||
bluemap = final.callPackage ./packages/bluemap.nix { };
|
||||
})
|
||||
inputs.pvv-nettsiden.overlays.default
|
||||
inputs.qotd.overlays.default
|
||||
];
|
||||
modules = [
|
||||
inputs.pvv-nettsiden.nixosModules.default
|
||||
self.nixosModules.bluemap
|
||||
inputs.qotd.nixosModules.default
|
||||
];
|
||||
};
|
||||
ildkule = stableNixosConfig "ildkule" { };
|
||||
#ildkule-unstable = unstableNixosConfig "ildkule" { };
|
||||
shark = stableNixosConfig "shark" { };
|
||||
wenche = stableNixosConfig "wenche" { };
|
||||
temmie = stableNixosConfig "temmie" { };
|
||||
|
||||
kommode = stableNixosConfig "kommode" {
|
||||
overlays = [
|
||||
@@ -217,16 +175,6 @@
|
||||
inputs.gergle.overlays.default
|
||||
];
|
||||
};
|
||||
skrott = stableNixosConfig "skrott" {
|
||||
system = "aarch64-linux";
|
||||
modules = [
|
||||
(nixpkgs + "/nixos/modules/installer/sd-card/sd-image-aarch64.nix")
|
||||
inputs.dibbler.nixosModules.default
|
||||
];
|
||||
overlays = [
|
||||
inputs.dibbler.overlays.default
|
||||
];
|
||||
};
|
||||
}
|
||||
//
|
||||
(let
|
||||
@@ -239,7 +187,6 @@
|
||||
}));
|
||||
|
||||
nixosModules = {
|
||||
bluemap = ./modules/bluemap.nix;
|
||||
snakeoil-certs = ./modules/snakeoil-certs.nix;
|
||||
snappymail = ./modules/snappymail.nix;
|
||||
robots-txt = ./modules/robots-txt.nix;
|
||||
@@ -272,70 +219,15 @@
|
||||
|
||||
simplesamlphp = pkgs.callPackage ./packages/simplesamlphp { };
|
||||
|
||||
bluemap = pkgs.callPackage ./packages/bluemap.nix { };
|
||||
|
||||
out-of-your-element = pkgs.callPackage ./packages/out-of-your-element.nix { };
|
||||
}
|
||||
//
|
||||
# Mediawiki extensions
|
||||
} //
|
||||
(lib.pipe null [
|
||||
(_: pkgs.callPackage ./packages/mediawiki-extensions { })
|
||||
(lib.flip builtins.removeAttrs ["override" "overrideDerivation"])
|
||||
(lib.mapAttrs' (name: lib.nameValuePair "mediawiki-${name}"))
|
||||
])
|
||||
//
|
||||
# Machines
|
||||
lib.genAttrs allMachines
|
||||
(machine: self.nixosConfigurations.${machine}.config.system.build.toplevel)
|
||||
//
|
||||
# Skrott is exception
|
||||
{
|
||||
skrott = self.nixosConfigurations.skrott.config.system.build.sdImage;
|
||||
}
|
||||
//
|
||||
# Nix-topology
|
||||
(let
|
||||
topology' = import inputs.nix-topology {
|
||||
pkgs = import nixpkgs {
|
||||
system = "x86_64-linux";
|
||||
overlays = [
|
||||
inputs.nix-topology.overlays.default
|
||||
(final: prev: {
|
||||
inherit (nixpkgs-unstable.legacyPackages.x86_64-linux) super-tiny-icons;
|
||||
})
|
||||
];
|
||||
};
|
||||
|
||||
specialArgs = {
|
||||
values = import ./values.nix;
|
||||
};
|
||||
|
||||
modules = [
|
||||
./topology
|
||||
{
|
||||
nixosConfigurations = lib.mapAttrs (_name: nixosCfg: nixosCfg.extendModules {
|
||||
modules = [
|
||||
inputs.nix-topology.nixosModules.default
|
||||
./topology/service-extractors/greg-ng.nix
|
||||
./topology/service-extractors/postgresql.nix
|
||||
./topology/service-extractors/mysql.nix
|
||||
./topology/service-extractors/gitea-runners.nix
|
||||
];
|
||||
}) self.nixosConfigurations;
|
||||
}
|
||||
];
|
||||
};
|
||||
in {
|
||||
topology = topology'.config.output;
|
||||
topology-png = pkgs.runCommand "pvv-config-topology-png" {
|
||||
nativeBuildInputs = [ pkgs.writableTmpDirAsHomeHook ];
|
||||
} ''
|
||||
mkdir -p "$out"
|
||||
for file in '${topology'.config.output}'/*.svg; do
|
||||
${lib.getExe pkgs.imagemagick} -density 300 -background none "$file" "$out"/"$(basename "''${file%.svg}.png")"
|
||||
done
|
||||
'';
|
||||
});
|
||||
// lib.genAttrs allMachines
|
||||
(machine: self.nixosConfigurations.${machine}.config.system.build.toplevel);
|
||||
};
|
||||
};
|
||||
}
|
||||
|
||||
@@ -1,25 +0,0 @@
|
||||
{ config, pkgs, values, ... }:
|
||||
{
|
||||
imports = [
|
||||
./hardware-configuration.nix
|
||||
../../base
|
||||
./filesystems.nix
|
||||
];
|
||||
|
||||
sops.defaultSopsFile = ../../secrets/bakke/bakke.yaml;
|
||||
sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
|
||||
sops.age.keyFile = "/var/lib/sops-nix/key.txt";
|
||||
sops.age.generateKey = true;
|
||||
|
||||
boot.loader.systemd-boot.enable = true;
|
||||
boot.loader.efi.canTouchEfiVariables = true;
|
||||
|
||||
networking.hostName = "bakke";
|
||||
networking.hostId = "99609ffc";
|
||||
systemd.network.networks."30-enp2s0" = values.defaultNetworkConfig // {
|
||||
matchConfig.Name = "enp2s0";
|
||||
address = with values.hosts.bakke; [ (ipv4 + "/25") (ipv6 + "/64") ];
|
||||
};
|
||||
|
||||
system.stateVersion = "24.05";
|
||||
}
|
||||
@@ -1,83 +0,0 @@
|
||||
{
|
||||
# https://github.com/nix-community/disko/blob/master/example/boot-raid1.nix
|
||||
# Note: Disko was used to create the initial md raid, but is no longer in active use on this host.
|
||||
disko.devices = {
|
||||
disk = {
|
||||
one = {
|
||||
type = "disk";
|
||||
device = "/dev/disk/by-id/ata-WDC_WD40EFRX-68WT0N0_WD-WCC4E2EER6N6";
|
||||
content = {
|
||||
type = "gpt";
|
||||
partitions = {
|
||||
ESP = {
|
||||
size = "500M";
|
||||
type = "EF00";
|
||||
content = {
|
||||
type = "mdraid";
|
||||
name = "boot";
|
||||
};
|
||||
};
|
||||
mdadm = {
|
||||
size = "100%";
|
||||
content = {
|
||||
type = "mdraid";
|
||||
name = "raid1";
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
two = {
|
||||
type = "disk";
|
||||
device = "/dev/disk/by-id/ata-WDC_WD40EFRX-68WT0N0_WD-WCC4E7LPLU71";
|
||||
content = {
|
||||
type = "gpt";
|
||||
partitions = {
|
||||
ESP = {
|
||||
size = "500M";
|
||||
type = "EF00";
|
||||
content = {
|
||||
type = "mdraid";
|
||||
name = "boot";
|
||||
};
|
||||
};
|
||||
mdadm = {
|
||||
size = "100%";
|
||||
content = {
|
||||
type = "mdraid";
|
||||
name = "raid1";
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
mdadm = {
|
||||
boot = {
|
||||
type = "mdadm";
|
||||
level = 1;
|
||||
metadata = "1.0";
|
||||
content = {
|
||||
type = "filesystem";
|
||||
format = "vfat";
|
||||
mountpoint = "/boot";
|
||||
};
|
||||
};
|
||||
raid1 = {
|
||||
type = "mdadm";
|
||||
level = 1;
|
||||
content = {
|
||||
type = "gpt";
|
||||
partitions.primary = {
|
||||
size = "100%";
|
||||
content = {
|
||||
type = "filesystem";
|
||||
format = "ext4";
|
||||
mountpoint = "/";
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
||||
@@ -1,26 +0,0 @@
|
||||
{ config, pkgs, lib, ... }:
|
||||
{
|
||||
# Boot drives:
|
||||
boot.swraid.enable = true;
|
||||
|
||||
# ZFS Data pool:
|
||||
environment.systemPackages = with pkgs; [ zfs ];
|
||||
boot = {
|
||||
zfs = {
|
||||
extraPools = [ "tank" ];
|
||||
requestEncryptionCredentials = false;
|
||||
};
|
||||
supportedFilesystems = [ "zfs" ];
|
||||
kernelPackages = config.boot.zfs.package.latestCompatibleLinuxPackages;
|
||||
};
|
||||
services.zfs.autoScrub = {
|
||||
enable = true;
|
||||
interval = "Wed *-*-8..14 00:00:00";
|
||||
};
|
||||
|
||||
# NFS Exports:
|
||||
#TODO
|
||||
|
||||
# NFS Import mounts:
|
||||
#TODO
|
||||
}
|
||||
@@ -1,52 +0,0 @@
|
||||
# Do not modify this file! It was generated by ‘nixos-generate-config’
|
||||
# and may be overwritten by future invocations. Please make changes
|
||||
# to /etc/nixos/configuration.nix instead.
|
||||
{ config, lib, pkgs, modulesPath, ... }:
|
||||
|
||||
{
|
||||
imports =
|
||||
[ (modulesPath + "/installer/scan/not-detected.nix")
|
||||
];
|
||||
|
||||
boot.initrd.availableKernelModules = [ "ehci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ];
|
||||
boot.initrd.kernelModules = [ ];
|
||||
boot.kernelModules = [ "kvm-intel" ];
|
||||
boot.extraModulePackages = [ ];
|
||||
|
||||
fileSystems."/" =
|
||||
{ device = "/dev/disk/by-uuid/0f63c3d2-fc12-4ed5-a5a5-141bfd67a571";
|
||||
fsType = "btrfs";
|
||||
options = [ "subvol=root" ];
|
||||
};
|
||||
|
||||
fileSystems."/home" =
|
||||
{ device = "/dev/disk/by-uuid/0f63c3d2-fc12-4ed5-a5a5-141bfd67a571";
|
||||
fsType = "btrfs";
|
||||
options = [ "subvol=home" ];
|
||||
};
|
||||
|
||||
fileSystems."/nix" =
|
||||
{ device = "/dev/disk/by-uuid/0f63c3d2-fc12-4ed5-a5a5-141bfd67a571";
|
||||
fsType = "btrfs";
|
||||
options = [ "subvol=nix" "noatime" ];
|
||||
};
|
||||
|
||||
fileSystems."/boot" =
|
||||
{ device = "/dev/sdc2";
|
||||
fsType = "vfat";
|
||||
options = [ "fmask=0022" "dmask=0022" ];
|
||||
};
|
||||
|
||||
swapDevices = [ ];
|
||||
|
||||
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
|
||||
# (the default) this is the recommended approach. When using systemd-networkd it's
|
||||
# still possible to use this option, but it's recommended to use it in conjunction
|
||||
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
|
||||
networking.useDHCP = lib.mkDefault false;
|
||||
# networking.interfaces.eno1.useDHCP = lib.mkDefault true;
|
||||
# networking.interfaces.enp2s0.useDHCP = lib.mkDefault true;
|
||||
|
||||
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
|
||||
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
|
||||
}
|
||||
@@ -4,11 +4,11 @@
|
||||
./hardware-configuration.nix
|
||||
|
||||
(fp /base)
|
||||
(fp /misc/metrics-exporters.nix)
|
||||
|
||||
./services/alps.nix
|
||||
./services/bluemap.nix
|
||||
./services/bluemap/default.nix
|
||||
./services/idp-simplesamlphp
|
||||
./services/kerberos.nix
|
||||
./services/kerberos
|
||||
./services/mediawiki
|
||||
./services/nginx.nix
|
||||
./services/phpfpm.nix
|
||||
@@ -16,7 +16,6 @@
|
||||
./services/webmail
|
||||
./services/website
|
||||
./services/well-known
|
||||
./services/qotd
|
||||
];
|
||||
|
||||
sops.defaultSopsFile = fp /secrets/bekkalokk/bekkalokk.yaml;
|
||||
|
||||
@@ -1,22 +0,0 @@
|
||||
{ config, lib, ... }:
|
||||
let
|
||||
cfg = config.services.alps;
|
||||
in
|
||||
{
|
||||
services.alps = {
|
||||
enable = true;
|
||||
theme = "sourcehut";
|
||||
smtps.host = "smtp.pvv.ntnu.no";
|
||||
imaps.host = "imap.pvv.ntnu.no";
|
||||
bindIP = "127.0.0.1";
|
||||
};
|
||||
|
||||
services.nginx.virtualHosts."alps.pvv.ntnu.no" = lib.mkIf cfg.enable {
|
||||
enableACME = true;
|
||||
forceSSL = true;
|
||||
kTLS = true;
|
||||
locations."/" = {
|
||||
proxyPass = "http://${cfg.bindIP}:${toString cfg.port}";
|
||||
};
|
||||
};
|
||||
}
|
||||
@@ -1,121 +0,0 @@
|
||||
{ config, lib, pkgs, inputs, ... }:
|
||||
let
|
||||
vanillaSurvival = "/var/lib/bluemap/vanilla_survival_world";
|
||||
format = pkgs.formats.hocon { };
|
||||
in {
|
||||
# NOTE: our versino of the module gets added in flake.nix
|
||||
disabledModules = [ "services/web-apps/bluemap.nix" ];
|
||||
|
||||
sops.secrets."bluemap/ssh-key" = { };
|
||||
sops.secrets."bluemap/ssh-known-hosts" = { };
|
||||
|
||||
services.bluemap = {
|
||||
enable = true;
|
||||
|
||||
eula = true;
|
||||
onCalendar = "*-*-* 05:45:00"; # a little over an hour after auto-upgrade
|
||||
|
||||
host = "minecraft.pvv.ntnu.no";
|
||||
|
||||
maps = let
|
||||
inherit (inputs.minecraft-kartverket.packages.${pkgs.stdenv.hostPlatform.system}) bluemap-export;
|
||||
in {
|
||||
"verden" = {
|
||||
extraHoconMarkersFile = "${bluemap-export}/overworld.hocon";
|
||||
settings = {
|
||||
world = vanillaSurvival;
|
||||
dimension = "minecraft:overworld";
|
||||
name = "Verden";
|
||||
sorting = 0;
|
||||
start-pos = {
|
||||
x = 0;
|
||||
z = 0;
|
||||
};
|
||||
ambient-light = 0.1;
|
||||
cave-detection-ocean-floor = -5;
|
||||
};
|
||||
};
|
||||
"underverden" = {
|
||||
extraHoconMarkersFile = "${bluemap-export}/nether.hocon";
|
||||
settings = {
|
||||
world = vanillaSurvival;
|
||||
dimension = "minecraft:the_nether";
|
||||
name = "Underverden";
|
||||
sorting = 100;
|
||||
start-pos = {
|
||||
x = 0;
|
||||
z = 0;
|
||||
};
|
||||
sky-color = "#290000";
|
||||
void-color = "#150000";
|
||||
sky-light = 1;
|
||||
ambient-light = 0.6;
|
||||
remove-caves-below-y = -10000;
|
||||
cave-detection-ocean-floor = -5;
|
||||
cave-detection-uses-block-light = true;
|
||||
render-mask = [{
|
||||
max-y = 90;
|
||||
}];
|
||||
};
|
||||
};
|
||||
"enden" = {
|
||||
extraHoconMarkersFile = "${bluemap-export}/the-end.hocon";
|
||||
settings = {
|
||||
world = vanillaSurvival;
|
||||
dimension = "minecraft:the_end";
|
||||
name = "Enden";
|
||||
sorting = 200;
|
||||
start-pos = {
|
||||
x = 0;
|
||||
z = 0;
|
||||
};
|
||||
sky-color = "#080010";
|
||||
void-color = "#080010";
|
||||
sky-light = 1;
|
||||
ambient-light = 0.6;
|
||||
remove-caves-below-y = -10000;
|
||||
cave-detection-ocean-floor = -5;
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
systemd.services."render-bluemap-maps" = {
|
||||
serviceConfig = {
|
||||
StateDirectory = [ "bluemap/world" ];
|
||||
ExecStartPre = let
|
||||
rsyncArgs = lib.cli.toCommandLineShellGNU { } {
|
||||
archive = true;
|
||||
compress = true;
|
||||
verbose = true;
|
||||
no-owner = true;
|
||||
no-group = true;
|
||||
rsh = "${pkgs.openssh}/bin/ssh -o UserKnownHostsFile=%d/ssh-known-hosts -i %d/sshkey";
|
||||
};
|
||||
in "${lib.getExe pkgs.rsync} ${rsyncArgs} root@innovation.pvv.ntnu.no:/ ${vanillaSurvival}";
|
||||
LoadCredential = [
|
||||
"sshkey:${config.sops.secrets."bluemap/ssh-key".path}"
|
||||
"ssh-known-hosts:${config.sops.secrets."bluemap/ssh-known-hosts".path}"
|
||||
];
|
||||
};
|
||||
};
|
||||
|
||||
services.nginx.virtualHosts."minecraft.pvv.ntnu.no" = {
|
||||
enableACME = true;
|
||||
forceSSL = true;
|
||||
kTLS = true;
|
||||
http3 = true;
|
||||
quic = true;
|
||||
http3_hq = true;
|
||||
extraConfig = ''
|
||||
# Enabling QUIC 0-RTT
|
||||
ssl_early_data on;
|
||||
|
||||
quic_gso on;
|
||||
quic_retry on;
|
||||
add_header Alt-Svc 'h3=":$server_port"; ma=86400';
|
||||
'';
|
||||
};
|
||||
|
||||
networking.firewall.allowedUDPPorts = [ 443 ];
|
||||
}
|
||||
85
hosts/bekkalokk/services/bluemap/default.nix
Normal file
85
hosts/bekkalokk/services/bluemap/default.nix
Normal file
@@ -0,0 +1,85 @@
|
||||
{ config, lib, pkgs, inputs, ... }:
|
||||
let
|
||||
vanillaSurvival = "/var/lib/bluemap/vanilla_survival_world";
|
||||
in {
|
||||
imports = [
|
||||
./module.nix # From danio, pending upstreaming
|
||||
];
|
||||
|
||||
disabledModules = [ "services/web-apps/bluemap.nix" ];
|
||||
|
||||
sops.secrets."bluemap/ssh-key" = { };
|
||||
sops.secrets."bluemap/ssh-known-hosts" = { };
|
||||
|
||||
services.bluemap = {
|
||||
enable = true;
|
||||
package = pkgs.callPackage ./package.nix { };
|
||||
|
||||
eula = true;
|
||||
onCalendar = "*-*-* 05:45:00"; # a little over an hour after auto-upgrade
|
||||
|
||||
host = "minecraft.pvv.ntnu.no";
|
||||
|
||||
maps = {
|
||||
"verden" = {
|
||||
settings = {
|
||||
world = vanillaSurvival;
|
||||
sorting = 0;
|
||||
ambient-light = 0.1;
|
||||
cave-detection-ocean-floor = -5;
|
||||
marker-sets = inputs.minecraft-data.map-markers.vanillaSurvival.verden;
|
||||
};
|
||||
};
|
||||
"underverden" = {
|
||||
settings = {
|
||||
world = "${vanillaSurvival}/DIM-1";
|
||||
sorting = 100;
|
||||
sky-color = "#290000";
|
||||
void-color = "#150000";
|
||||
ambient-light = 0.6;
|
||||
world-sky-light = 0;
|
||||
remove-caves-below-y = -10000;
|
||||
cave-detection-ocean-floor = -5;
|
||||
cave-detection-uses-block-light = true;
|
||||
max-y = 90;
|
||||
marker-sets = inputs.minecraft-data.map-markers.vanillaSurvival.underverden;
|
||||
};
|
||||
};
|
||||
"enden" = {
|
||||
settings = {
|
||||
world = "${vanillaSurvival}/DIM1";
|
||||
sorting = 200;
|
||||
sky-color = "#080010";
|
||||
void-color = "#080010";
|
||||
ambient-light = 0.6;
|
||||
world-sky-light = 0;
|
||||
remove-caves-below-y = -10000;
|
||||
cave-detection-ocean-floor = -5;
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
services.nginx.virtualHosts."minecraft.pvv.ntnu.no" = {
|
||||
enableACME = true;
|
||||
forceSSL = true;
|
||||
};
|
||||
|
||||
# TODO: render somewhere else lmao
|
||||
systemd.services."render-bluemap-maps" = {
|
||||
preStart = ''
|
||||
mkdir -p /var/lib/bluemap/world
|
||||
${pkgs.rsync}/bin/rsync \
|
||||
-e "${pkgs.openssh}/bin/ssh -o UserKnownHostsFile=$CREDENTIALS_DIRECTORY/ssh-known-hosts -i $CREDENTIALS_DIRECTORY/sshkey" \
|
||||
-avz --no-owner --no-group \
|
||||
root@innovation.pvv.ntnu.no:/ \
|
||||
${vanillaSurvival}
|
||||
'';
|
||||
serviceConfig = {
|
||||
LoadCredential = [
|
||||
"sshkey:${config.sops.secrets."bluemap/ssh-key".path}"
|
||||
"ssh-known-hosts:${config.sops.secrets."bluemap/ssh-known-hosts".path}"
|
||||
];
|
||||
};
|
||||
};
|
||||
}
|
||||
@@ -13,32 +13,11 @@ let
|
||||
(format.generate "${name}.conf" value))
|
||||
cfg.storage);
|
||||
|
||||
generateMapConfigWithMarkerData = name: { extraHoconMarkersFile, settings, ... }:
|
||||
assert (extraHoconMarkersFile == null) != ((settings.marker-sets or { }) == { });
|
||||
lib.pipe settings (
|
||||
(lib.optionals (extraHoconMarkersFile != null) [
|
||||
(settings: lib.recursiveUpdate settings {
|
||||
marker-placeholder = "###ASDF###";
|
||||
})
|
||||
]) ++ [
|
||||
(format.generate "${name}.conf")
|
||||
] ++ (lib.optionals (extraHoconMarkersFile != null) [
|
||||
(hoconFile: pkgs.runCommand "${name}-patched.conf" { } ''
|
||||
mkdir -p "$(dirname "$out")"
|
||||
cp '${hoconFile}' "$out"
|
||||
substituteInPlace "$out" \
|
||||
--replace-fail '"marker-placeholder" = "###ASDF###"' "\"marker-sets\" = $(cat '${extraHoconMarkersFile}')"
|
||||
'')
|
||||
])
|
||||
);
|
||||
|
||||
mapsFolder = lib.pipe cfg.maps [
|
||||
(lib.attrsets.mapAttrs' (name: value: {
|
||||
name = "${name}.conf";
|
||||
value = generateMapConfigWithMarkerData name value;
|
||||
}))
|
||||
(pkgs.linkFarm "maps")
|
||||
];
|
||||
mapsFolder = pkgs.linkFarm "maps"
|
||||
(lib.attrsets.mapAttrs' (name: value:
|
||||
lib.nameValuePair "${name}.conf"
|
||||
(format.generate "${name}.conf" value.settings))
|
||||
cfg.maps);
|
||||
|
||||
webappConfigFolder = pkgs.linkFarm "bluemap-config" {
|
||||
"maps" = mapsFolder;
|
||||
@@ -46,18 +25,18 @@ let
|
||||
"core.conf" = coreConfig;
|
||||
"webapp.conf" = webappConfig;
|
||||
"webserver.conf" = webserverConfig;
|
||||
"packs" = cfg.packs;
|
||||
"packs" = cfg.resourcepacks;
|
||||
};
|
||||
|
||||
renderConfigFolder = name: value: pkgs.linkFarm "bluemap-${name}-config" {
|
||||
"maps" = pkgs.linkFarm "maps" {
|
||||
"${name}.conf" = generateMapConfigWithMarkerData name value;
|
||||
"${name}.conf" = (format.generate "${name}.conf" value.settings);
|
||||
};
|
||||
"storages" = storageFolder;
|
||||
"core.conf" = coreConfig;
|
||||
"webapp.conf" = format.generate "webapp.conf" (cfg.webappSettings // { "update-settings-file" = false; });
|
||||
"webserver.conf" = webserverConfig;
|
||||
"packs" = value.packs;
|
||||
"packs" = value.resourcepacks;
|
||||
};
|
||||
|
||||
inherit (lib) mkOption;
|
||||
@@ -131,7 +110,7 @@ in {
|
||||
metrics = lib.mkEnableOption "Sending usage metrics containing the version of bluemap in use";
|
||||
};
|
||||
};
|
||||
description = "Settings for the core.conf file, [see upstream docs](https://github.com/BlueMap-Minecraft/BlueMap/blob/master/common/src/main/resources/de/bluecolored/bluemap/config/core.conf).";
|
||||
description = "Settings for the core.conf file, [see upstream docs](https://github.com/BlueMap-Minecraft/BlueMap/blob/master/BlueMapCommon/src/main/resources/de/bluecolored/bluemap/config/core.conf).";
|
||||
};
|
||||
|
||||
webappSettings = mkOption {
|
||||
@@ -148,7 +127,7 @@ in {
|
||||
webroot = config.services.bluemap.webRoot;
|
||||
}
|
||||
'';
|
||||
description = "Settings for the webapp.conf file, see [upstream docs](https://github.com/BlueMap-Minecraft/BlueMap/blob/master/common/src/main/resources/de/bluecolored/bluemap/config/webapp.conf).";
|
||||
description = "Settings for the webapp.conf file, see [upstream docs](https://github.com/BlueMap-Minecraft/BlueMap/blob/master/BlueMapCommon/src/main/resources/de/bluecolored/bluemap/config/webapp.conf).";
|
||||
};
|
||||
|
||||
webserverSettings = mkOption {
|
||||
@@ -168,31 +147,19 @@ in {
|
||||
default = { };
|
||||
description = ''
|
||||
Settings for the webserver.conf file, usually not required.
|
||||
[See upstream docs](https://github.com/BlueMap-Minecraft/BlueMap/blob/master/common/src/main/resources/de/bluecolored/bluemap/config/webserver.conf).
|
||||
[See upstream docs](https://github.com/BlueMap-Minecraft/BlueMap/blob/master/BlueMapCommon/src/main/resources/de/bluecolored/bluemap/config/webserver.conf).
|
||||
'';
|
||||
};
|
||||
|
||||
maps = mkOption {
|
||||
type = lib.types.attrsOf (lib.types.submodule ({ name, ... }: {
|
||||
type = lib.types.attrsOf (lib.types.submodule {
|
||||
options = {
|
||||
packs = mkOption {
|
||||
resourcepacks = mkOption {
|
||||
type = lib.types.path;
|
||||
default = cfg.packs;
|
||||
defaultText = lib.literalExpression "config.services.bluemap.packs";
|
||||
description = "A set of resourcepacks, datapacks, and mods to extract resources from, loaded in alphabetical order.";
|
||||
default = cfg.resourcepacks;
|
||||
defaultText = lib.literalExpression "config.services.bluemap.resourcepacks";
|
||||
description = "A set of resourcepacks/mods/bluemap-addons to extract models from loaded in alphabetical order";
|
||||
};
|
||||
|
||||
extraHoconMarkersFile = mkOption {
|
||||
type = lib.types.nullOr lib.types.path;
|
||||
default = null;
|
||||
description = ''
|
||||
Path to a hocon file containing marker data.
|
||||
The content of this file will be injected into the map config file in a separate derivation.
|
||||
|
||||
DO NOT SEND THIS TO NIXPKGS, IT'S AN UGLY HACK.
|
||||
'';
|
||||
};
|
||||
|
||||
settings = mkOption {
|
||||
type = (lib.types.submodule {
|
||||
freeformType = format.type;
|
||||
@@ -201,74 +168,43 @@ in {
|
||||
type = lib.types.path;
|
||||
description = "Path to world folder containing the dimension to render";
|
||||
};
|
||||
name = mkOption {
|
||||
type = lib.types.str;
|
||||
description = "The display name of this map (how this map will be named on the webapp)";
|
||||
default = name;
|
||||
defaultText = lib.literalExpression "<name>";
|
||||
};
|
||||
render-mask = mkOption {
|
||||
type = with lib.types; listOf (attrsOf format.type);
|
||||
description = "Limits for the map render";
|
||||
default = [ ];
|
||||
example = [
|
||||
{
|
||||
min-x = -4000;
|
||||
max-x = 4000;
|
||||
min-z = -4000;
|
||||
max-z = 4000;
|
||||
min-y = 50;
|
||||
max-y = 100;
|
||||
}
|
||||
{
|
||||
subtract = true;
|
||||
min-y = 90;
|
||||
max-y = 127;
|
||||
}
|
||||
];
|
||||
};
|
||||
};
|
||||
});
|
||||
description = ''
|
||||
Settings for files in `maps/`.
|
||||
See the default for an example with good options for the different world types.
|
||||
For valid values [consult upstream docs](https://github.com/BlueMap-Minecraft/BlueMap/blob/master/common/src/main/resources/de/bluecolored/bluemap/config/maps/map.conf).
|
||||
For valid values [consult upstream docs](https://github.com/BlueMap-Minecraft/BlueMap/blob/master/BlueMapCommon/src/main/resources/de/bluecolored/bluemap/config/maps/map.conf).
|
||||
'';
|
||||
};
|
||||
};
|
||||
}));
|
||||
});
|
||||
default = {
|
||||
"overworld".settings = {
|
||||
world = cfg.defaultWorld;
|
||||
dimension = "minecraft:overworld";
|
||||
name = "Overworld";
|
||||
world = "${cfg.defaultWorld}";
|
||||
ambient-light = 0.1;
|
||||
cave-detection-ocean-floor = -5;
|
||||
};
|
||||
|
||||
"nether".settings = {
|
||||
world = cfg.defaultWorld;
|
||||
dimension = "minecraft:the_nether";
|
||||
name = "Nether";
|
||||
world = "${cfg.defaultWorld}/DIM-1";
|
||||
sorting = 100;
|
||||
sky-color = "#290000";
|
||||
void-color = "#150000";
|
||||
sky-light = 1;
|
||||
ambient-light = 0.6;
|
||||
world-sky-light = 0;
|
||||
remove-caves-below-y = -10000;
|
||||
cave-detection-ocean-floor = -5;
|
||||
cave-detection-uses-block-light = true;
|
||||
max-y = 90;
|
||||
};
|
||||
|
||||
"end".settings = {
|
||||
world = cfg.defaultWorld;
|
||||
dimension = "minecraft:the_end";
|
||||
name = "The End";
|
||||
world = "${cfg.defaultWorld}/DIM1";
|
||||
sorting = 200;
|
||||
sky-color = "#080010";
|
||||
void-color = "#080010";
|
||||
sky-light = 1;
|
||||
ambient-light = 0.6;
|
||||
world-sky-light = 0;
|
||||
remove-caves-below-y = -10000;
|
||||
cave-detection-ocean-floor = -5;
|
||||
};
|
||||
@@ -276,36 +212,31 @@ in {
|
||||
defaultText = lib.literalExpression ''
|
||||
{
|
||||
"overworld".settings = {
|
||||
world = cfg.defaultWorld;
|
||||
name = "Overworld";
|
||||
dimension = "minecraft:overworld";
|
||||
world = "''${cfg.defaultWorld}";
|
||||
ambient-light = 0.1;
|
||||
cave-detection-ocean-floor = -5;
|
||||
};
|
||||
|
||||
"nether".settings = {
|
||||
world = cfg.defaultWorld;
|
||||
dimension = "minecraft:the_nether";
|
||||
name = "Nether";
|
||||
world = "''${cfg.defaultWorld}/DIM-1";
|
||||
sorting = 100;
|
||||
sky-color = "#290000";
|
||||
void-color = "#150000";
|
||||
sky-light = 1;
|
||||
ambient-light = 0.6;
|
||||
world-sky-light = 0;
|
||||
remove-caves-below-y = -10000;
|
||||
cave-detection-ocean-floor = -5;
|
||||
cave-detection-uses-block-light = true;
|
||||
max-y = 90;
|
||||
};
|
||||
|
||||
"end".settings = {
|
||||
world = cfg.defaultWorld;
|
||||
name = "The End";
|
||||
dimension = "minecraft:the_end";
|
||||
world = "''${cfg.defaultWorld}/DIM1";
|
||||
sorting = 200;
|
||||
sky-color = "#080010";
|
||||
void-color = "#080010";
|
||||
sky-light = 1;
|
||||
ambient-light = 0.6;
|
||||
world-sky-light = 0;
|
||||
remove-caves-below-y = -10000;
|
||||
cave-detection-ocean-floor = -5;
|
||||
};
|
||||
@@ -333,7 +264,7 @@ in {
|
||||
description = ''
|
||||
Where the rendered map will be stored.
|
||||
Unless you are doing something advanced you should probably leave this alone and configure webRoot instead.
|
||||
[See upstream docs](https://github.com/BlueMap-Minecraft/BlueMap/tree/master/common/src/main/resources/de/bluecolored/bluemap/config/storages)
|
||||
[See upstream docs](https://github.com/BlueMap-Minecraft/BlueMap/tree/master/BlueMapCommon/src/main/resources/de/bluecolored/bluemap/config/storages)
|
||||
'';
|
||||
default = {
|
||||
"file" = {
|
||||
@@ -349,12 +280,12 @@ in {
|
||||
'';
|
||||
};
|
||||
|
||||
packs = mkOption {
|
||||
resourcepacks = mkOption {
|
||||
type = lib.types.path;
|
||||
default = pkgs.linkFarm "packs" { };
|
||||
default = pkgs.linkFarm "resourcepacks" { };
|
||||
description = ''
|
||||
A set of resourcepacks, datapacks, and mods to extract resources from, loaded in alphabetical order.
|
||||
Can be overriden on a per-map basis with `services.bluemap.maps.<name>.packs`.
|
||||
A set of resourcepacks/mods to extract models from loaded in alphabetical order.
|
||||
Can be overriden on a per-map basis with `services.bluemap.maps.<name>.resourcepacks`.
|
||||
'';
|
||||
};
|
||||
};
|
||||
@@ -375,23 +306,21 @@ in {
|
||||
systemd.services."render-bluemap-maps" = lib.mkIf cfg.enableRender {
|
||||
serviceConfig = {
|
||||
Type = "oneshot";
|
||||
CPUSchedulingPolicy = "batch";
|
||||
Group = "nginx";
|
||||
UMask = "026";
|
||||
ExecStart = [
|
||||
# If web folder doesnt exist generate it
|
||||
''|test -f "${cfg.webRoot}" || ${lib.getExe cfg.package} -c ${webappConfigFolder} -gs''
|
||||
]
|
||||
++
|
||||
# Render each minecraft map
|
||||
lib.attrsets.mapAttrsToList
|
||||
(name: value: "${lib.getExe cfg.package} -c ${renderConfigFolder name value} -r")
|
||||
cfg.maps
|
||||
++ [
|
||||
# Generate updated webapp
|
||||
"${lib.getExe cfg.package} -c ${webappConfigFolder} -gs"
|
||||
];
|
||||
};
|
||||
script = ''
|
||||
# If web folder doesnt exist generate it
|
||||
test -f "${cfg.webRoot}" || ${lib.getExe cfg.package} -c ${webappConfigFolder} -gs
|
||||
|
||||
# Render each minecraft map
|
||||
${lib.strings.concatStringsSep "\n" (lib.attrsets.mapAttrsToList
|
||||
(name: value: "${lib.getExe cfg.package} -c ${renderConfigFolder name value} -r")
|
||||
cfg.maps)}
|
||||
|
||||
# Generate updated webapp
|
||||
${lib.getExe cfg.package} -c ${webappConfigFolder} -gs
|
||||
'';
|
||||
};
|
||||
|
||||
systemd.timers."render-bluemap-maps" = lib.mkIf cfg.enableRender {
|
||||
30
hosts/bekkalokk/services/bluemap/package.nix
Normal file
30
hosts/bekkalokk/services/bluemap/package.nix
Normal file
@@ -0,0 +1,30 @@
|
||||
{ lib, stdenvNoCC, fetchurl, makeWrapper, jre }:
|
||||
|
||||
stdenvNoCC.mkDerivation rec {
|
||||
pname = "bluemap";
|
||||
version = "5.7";
|
||||
|
||||
src = fetchurl {
|
||||
url = "https://github.com/BlueMap-Minecraft/BlueMap/releases/download/v${version}/BlueMap-${version}-cli.jar";
|
||||
hash = "sha256-8udZYJgrr4bi2mjRYrASd8JwUoUVZW1tZpOLRgafAIw=";
|
||||
};
|
||||
|
||||
dontUnpack = true;
|
||||
|
||||
nativeBuildInputs = [ makeWrapper ];
|
||||
|
||||
installPhase = ''
|
||||
runHook preInstall
|
||||
makeWrapper ${jre}/bin/java $out/bin/bluemap --add-flags "-jar $src"
|
||||
runHook postInstall
|
||||
'';
|
||||
|
||||
meta = {
|
||||
description = "3D minecraft map renderer";
|
||||
homepage = "https://bluemap.bluecolored.de/";
|
||||
sourceProvenance = with lib.sourceTypes; [ binaryBytecode ];
|
||||
license = lib.licenses.mit;
|
||||
maintainers = with lib.maintainers; [ dandellion h7x4 ];
|
||||
mainProgram = "bluemap";
|
||||
};
|
||||
}
|
||||
88
hosts/bekkalokk/services/kerberos/krb5-conf-format.nix
Normal file
88
hosts/bekkalokk/services/kerberos/krb5-conf-format.nix
Normal file
@@ -0,0 +1,88 @@
|
||||
{ pkgs, lib, ... }:
|
||||
|
||||
# Based on
|
||||
# - https://web.mit.edu/kerberos/krb5-1.12/doc/admin/conf_files/krb5_conf.html
|
||||
# - https://manpages.debian.org/unstable/heimdal-docs/krb5.conf.5heimdal.en.html
|
||||
|
||||
let
|
||||
inherit (lib) boolToString concatMapStringsSep concatStringsSep filter
|
||||
isAttrs isBool isList mapAttrsToList mdDoc mkOption singleton splitString;
|
||||
inherit (lib.types) attrsOf bool coercedTo either int listOf oneOf path
|
||||
str submodule;
|
||||
in
|
||||
{ }: {
|
||||
type = let
|
||||
section = attrsOf relation;
|
||||
relation = either (attrsOf value) value;
|
||||
value = either (listOf atom) atom;
|
||||
atom = oneOf [int str bool];
|
||||
in submodule {
|
||||
freeformType = attrsOf section;
|
||||
options = {
|
||||
include = mkOption {
|
||||
default = [ ];
|
||||
description = mdDoc ''
|
||||
Files to include in the Kerberos configuration.
|
||||
'';
|
||||
type = coercedTo path singleton (listOf path);
|
||||
};
|
||||
includedir = mkOption {
|
||||
default = [ ];
|
||||
description = mdDoc ''
|
||||
Directories containing files to include in the Kerberos configuration.
|
||||
'';
|
||||
type = coercedTo path singleton (listOf path);
|
||||
};
|
||||
module = mkOption {
|
||||
default = [ ];
|
||||
description = mdDoc ''
|
||||
Modules to obtain Kerberos configuration from.
|
||||
'';
|
||||
type = coercedTo path singleton (listOf path);
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
generate = let
|
||||
indent = str: concatMapStringsSep "\n" (line: " " + line) (splitString "\n" str);
|
||||
|
||||
formatToplevel = args @ {
|
||||
include ? [ ],
|
||||
includedir ? [ ],
|
||||
module ? [ ],
|
||||
...
|
||||
}: let
|
||||
sections = removeAttrs args [ "include" "includedir" "module" ];
|
||||
in concatStringsSep "\n" (filter (x: x != "") [
|
||||
(concatStringsSep "\n" (mapAttrsToList formatSection sections))
|
||||
(concatMapStringsSep "\n" (m: "module ${m}") module)
|
||||
(concatMapStringsSep "\n" (i: "include ${i}") include)
|
||||
(concatMapStringsSep "\n" (i: "includedir ${i}") includedir)
|
||||
]);
|
||||
|
||||
formatSection = name: section: ''
|
||||
[${name}]
|
||||
${indent (concatStringsSep "\n" (mapAttrsToList formatRelation section))}
|
||||
'';
|
||||
|
||||
formatRelation = name: relation:
|
||||
if isAttrs relation
|
||||
then ''
|
||||
${name} = {
|
||||
${indent (concatStringsSep "\n" (mapAttrsToList formatValue relation))}
|
||||
}''
|
||||
else formatValue name relation;
|
||||
|
||||
formatValue = name: value:
|
||||
if isList value
|
||||
then concatMapStringsSep "\n" (formatAtom name) value
|
||||
else formatAtom name value;
|
||||
|
||||
formatAtom = name: atom: let
|
||||
v = if isBool atom then boolToString atom else toString atom;
|
||||
in "${name} = ${v}";
|
||||
in
|
||||
name: value: pkgs.writeText name ''
|
||||
${formatToplevel value}
|
||||
'';
|
||||
}
|
||||
90
hosts/bekkalokk/services/kerberos/krb5.nix
Normal file
90
hosts/bekkalokk/services/kerberos/krb5.nix
Normal file
@@ -0,0 +1,90 @@
|
||||
{ config, lib, pkgs, ... }:
|
||||
let
|
||||
inherit (lib) mdDoc mkIf mkOption mkPackageOption mkRemovedOptionModule;
|
||||
inherit (lib.types) bool;
|
||||
|
||||
mkRemovedOptionModule' = name: reason: mkRemovedOptionModule ["krb5" name] reason;
|
||||
mkRemovedOptionModuleCfg = name: mkRemovedOptionModule' name ''
|
||||
The option `krb5.${name}' has been removed. Use
|
||||
`security.krb5.settings.${name}' for structured configuration.
|
||||
'';
|
||||
|
||||
cfg = config.security.krb5;
|
||||
format = import ./krb5-conf-format.nix { inherit pkgs lib; } { };
|
||||
in {
|
||||
imports = [
|
||||
(mkRemovedOptionModuleCfg "libdefaults")
|
||||
(mkRemovedOptionModuleCfg "realms")
|
||||
(mkRemovedOptionModuleCfg "domain_realm")
|
||||
(mkRemovedOptionModuleCfg "capaths")
|
||||
(mkRemovedOptionModuleCfg "appdefaults")
|
||||
(mkRemovedOptionModuleCfg "plugins")
|
||||
(mkRemovedOptionModuleCfg "config")
|
||||
(mkRemovedOptionModuleCfg "extraConfig")
|
||||
(mkRemovedOptionModule' "kerberos" ''
|
||||
The option `krb5.kerberos' has been moved to `security.krb5.package'.
|
||||
'')
|
||||
];
|
||||
|
||||
options = {
|
||||
security.krb5 = {
|
||||
enable = mkOption {
|
||||
default = false;
|
||||
description = mdDoc "Enable and configure Kerberos utilities";
|
||||
type = bool;
|
||||
};
|
||||
|
||||
package = mkPackageOption pkgs "krb5" {
|
||||
example = "heimdal";
|
||||
};
|
||||
|
||||
settings = mkOption {
|
||||
default = { };
|
||||
type = format.type;
|
||||
description = mdDoc ''
|
||||
Structured contents of the {file}`krb5.conf` file. See
|
||||
{manpage}`krb5.conf(5)` for details about configuration.
|
||||
'';
|
||||
example = {
|
||||
include = [ "/run/secrets/secret-krb5.conf" ];
|
||||
includedir = [ "/run/secrets/secret-krb5.conf.d" ];
|
||||
|
||||
libdefaults = {
|
||||
default_realm = "ATHENA.MIT.EDU";
|
||||
};
|
||||
|
||||
realms = {
|
||||
"ATHENA.MIT.EDU" = {
|
||||
admin_server = "athena.mit.edu";
|
||||
kdc = [
|
||||
"athena01.mit.edu"
|
||||
"athena02.mit.edu"
|
||||
];
|
||||
};
|
||||
};
|
||||
|
||||
domain_realm = {
|
||||
"mit.edu" = "ATHENA.MIT.EDU";
|
||||
};
|
||||
|
||||
logging = {
|
||||
kdc = "SYSLOG:NOTICE";
|
||||
admin_server = "SYSLOG:NOTICE";
|
||||
default = "SYSLOG:NOTICE";
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
environment = {
|
||||
systemPackages = [ cfg.package ];
|
||||
etc."krb5.conf".source = format.generate "krb5.conf" cfg.settings;
|
||||
};
|
||||
};
|
||||
|
||||
meta.maintainers = builtins.attrValues {
|
||||
inherit (lib.maintainers) dblsaiko h7x4;
|
||||
};
|
||||
}
|
||||
1543
hosts/bekkalokk/services/kerberos/pam.nix
Normal file
1543
hosts/bekkalokk/services/kerberos/pam.nix
Normal file
File diff suppressed because it is too large
Load Diff
@@ -130,12 +130,6 @@ in {
|
||||
$wgVectorDefaultSidebarVisibleForAnonymousUser = true;
|
||||
$wgVectorResponsive = true;
|
||||
|
||||
# Experimental dark mode support for Vector 2022
|
||||
$wgVectorNightMode['beta'] = true;
|
||||
$wgVectorNightMode['logged_out'] = true;
|
||||
$wgVectorNightMode['logged_in'] = true;
|
||||
$wgDefaultUserOptions['vector-theme'] = 'os';
|
||||
|
||||
# Misc
|
||||
$wgEmergencyContact = "${cfg.passwordSender}";
|
||||
$wgUseTeX = false;
|
||||
|
||||
@@ -1,6 +0,0 @@
|
||||
{
|
||||
services.qotd = {
|
||||
enable = true;
|
||||
quotes = builtins.fromJSON (builtins.readFile ./quotes.json);
|
||||
};
|
||||
}
|
||||
@@ -1 +0,0 @@
|
||||
["quote 1", "quote 2"]
|
||||
@@ -18,16 +18,11 @@ in {
|
||||
restartUnits = [ "phpfpm-pvv-nettsiden.service" ];
|
||||
});
|
||||
|
||||
security.acme.certs."www.pvv.ntnu.no" = {
|
||||
extraDomainNames = [
|
||||
"pvv.ntnu.no"
|
||||
"www.pvv.org"
|
||||
"pvv.org"
|
||||
];
|
||||
};
|
||||
|
||||
services.idp.sp-remote-metadata = [
|
||||
"https://www.pvv.ntnu.no/simplesaml/"
|
||||
"https://pvv.ntnu.no/simplesaml/"
|
||||
"https://www.pvv.org/simplesaml/"
|
||||
"https://pvv.org/simplesaml/"
|
||||
];
|
||||
|
||||
services.pvv-nettsiden = {
|
||||
@@ -74,6 +69,9 @@ in {
|
||||
ADMIN_PASSWORD = includeFromSops "simplesamlphp/admin_password";
|
||||
TRUSTED_DOMAINS = [
|
||||
"www.pvv.ntnu.no"
|
||||
"pvv.ntnu.no"
|
||||
"www.pvv.org"
|
||||
"pvv.org"
|
||||
];
|
||||
};
|
||||
};
|
||||
@@ -85,28 +83,13 @@ in {
|
||||
"catch_workers_output" = true;
|
||||
};
|
||||
|
||||
services.nginx.virtualHosts."pvv.ntnu.no" = {
|
||||
globalRedirect = cfg.domainName;
|
||||
redirectCode = 307;
|
||||
forceSSL = true;
|
||||
useACMEHost = "www.pvv.ntnu.no";
|
||||
};
|
||||
|
||||
services.nginx.virtualHosts."www.pvv.org" = {
|
||||
globalRedirect = cfg.domainName;
|
||||
redirectCode = 307;
|
||||
forceSSL = true;
|
||||
useACMEHost = "www.pvv.ntnu.no";
|
||||
};
|
||||
|
||||
services.nginx.virtualHosts."pvv.org" = {
|
||||
globalRedirect = cfg.domainName;
|
||||
redirectCode = 307;
|
||||
forceSSL = true;
|
||||
useACMEHost = "www.pvv.ntnu.no";
|
||||
};
|
||||
|
||||
services.nginx.virtualHosts.${cfg.domainName} = {
|
||||
serverAliases = [
|
||||
"pvv.ntnu.no"
|
||||
"www.pvv.org"
|
||||
"pvv.org"
|
||||
];
|
||||
|
||||
locations = {
|
||||
# Proxy home directories
|
||||
"^~ /~" = {
|
||||
|
||||
@@ -4,10 +4,11 @@
|
||||
./hardware-configuration.nix
|
||||
|
||||
(fp /base)
|
||||
(fp /misc/metrics-exporters.nix)
|
||||
./services/nginx
|
||||
|
||||
./services/calendar-bot.nix
|
||||
#./services/git-mirrors
|
||||
./services/git-mirrors
|
||||
./services/minecraft-heatmap.nix
|
||||
./services/mysql.nix
|
||||
./services/postgres.nix
|
||||
@@ -20,15 +21,13 @@
|
||||
sops.age.keyFile = "/var/lib/sops-nix/key.txt";
|
||||
sops.age.generateKey = true;
|
||||
|
||||
boot.loader.systemd-boot.enable = true;
|
||||
boot.loader.efi.canTouchEfiVariables = true;
|
||||
boot.loader.grub.enable = true;
|
||||
boot.loader.grub.device = "/dev/disk/by-id/scsi-3600508b1001cb1a8751c137b30610682";
|
||||
|
||||
networking.hostName = "bicep";
|
||||
|
||||
#systemd.network.networks."30-enp6s0f0" = values.defaultNetworkConfig // {
|
||||
systemd.network.networks."30-ens18" = values.defaultNetworkConfig // {
|
||||
#matchConfig.Name = "enp6s0f0";
|
||||
matchConfig.Name = "ens18";
|
||||
systemd.network.networks."30-enp6s0f0" = values.defaultNetworkConfig // {
|
||||
matchConfig.Name = "enp6s0f0";
|
||||
address = with values.hosts.bicep; [ (ipv4 + "/25") (ipv6 + "/64") ]
|
||||
++ (with values.services.turn; [ (ipv4 + "/25") (ipv6 + "/64") ]);
|
||||
};
|
||||
@@ -39,13 +38,6 @@
|
||||
# There are no smart devices
|
||||
services.smartd.enable = false;
|
||||
|
||||
# we are a vm now
|
||||
services.qemuGuest.enable = true;
|
||||
|
||||
# Enable the OpenSSH daemon.
|
||||
services.openssh.enable = true;
|
||||
services.sshguard.enable = true;
|
||||
|
||||
# Do not change, even during upgrades.
|
||||
# See https://search.nixos.org/options?show=system.stateVersion
|
||||
system.stateVersion = "22.11";
|
||||
|
||||
@@ -5,29 +5,22 @@
|
||||
|
||||
{
|
||||
imports =
|
||||
[ (modulesPath + "/profiles/qemu-guest.nix")
|
||||
[ (modulesPath + "/installer/scan/not-detected.nix")
|
||||
];
|
||||
|
||||
boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "ahci" "sd_mod" "sr_mod" ];
|
||||
boot.initrd.availableKernelModules = [ "uhci_hcd" "ehci_pci" "hpsa" "ohci_pci" "usbhid" "sd_mod" ];
|
||||
boot.initrd.kernelModules = [ ];
|
||||
boot.kernelModules = [ ];
|
||||
boot.kernelModules = [ "kvm-intel" ];
|
||||
boot.extraModulePackages = [ ];
|
||||
|
||||
fileSystems."/" =
|
||||
{ device = "/dev/disk/by-uuid/20e06202-7a09-47cc-8ef6-5e7afe19453a";
|
||||
{ device = "/dev/disk/by-uuid/31a67903-dc00-448a-a24a-36e820318fe5";
|
||||
fsType = "ext4";
|
||||
};
|
||||
|
||||
# temp data disk, only 128gb not enough until we can add another disk to the system.
|
||||
fileSystems."/data" =
|
||||
{ device = "/dev/disk/by-uuid/c81af266-0781-4084-b8eb-c2587cbcf1ba";
|
||||
fsType = "ext4";
|
||||
};
|
||||
|
||||
fileSystems."/boot" =
|
||||
{ device = "/dev/disk/by-uuid/198B-E363";
|
||||
fsType = "vfat";
|
||||
options = [ "fmask=0022" "dmask=0022" ];
|
||||
{ device = "/dev/disk/by-uuid/79e93eed-ad95-45c9-b115-4ef92afcc8c0";
|
||||
fsType = "f2fs";
|
||||
};
|
||||
|
||||
swapDevices = [ ];
|
||||
@@ -37,7 +30,11 @@
|
||||
# still possible to use this option, but it's recommended to use it in conjunction
|
||||
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
|
||||
networking.useDHCP = lib.mkDefault true;
|
||||
# networking.interfaces.ens18.useDHCP = lib.mkDefault true;
|
||||
# networking.interfaces.enp6s0f0.useDHCP = lib.mkDefault true;
|
||||
# networking.interfaces.enp6s0f1.useDHCP = lib.mkDefault true;
|
||||
# networking.interfaces.enp6s0f2.useDHCP = lib.mkDefault true;
|
||||
# networking.interfaces.enp6s0f3.useDHCP = lib.mkDefault true;
|
||||
|
||||
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
|
||||
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
|
||||
}
|
||||
|
||||
@@ -66,7 +66,6 @@ in
|
||||
package = pkgs.callPackage (fp /packages/cgit.nix) { };
|
||||
group = "gickup";
|
||||
scanPath = "${cfg.dataDir}/linktree";
|
||||
gitHttpBackend.checkExportOkFiles = false;
|
||||
settings = {
|
||||
enable-commit-graph = true;
|
||||
enable-follow-links = true;
|
||||
|
||||
@@ -6,14 +6,12 @@
|
||||
key = "synapse/turnconfig";
|
||||
owner = config.users.users.matrix-synapse.name;
|
||||
group = config.users.users.matrix-synapse.group;
|
||||
restartUnits = [ "coturn.service" ];
|
||||
};
|
||||
sops.secrets."matrix/coturn/static-auth-secret" = {
|
||||
sopsFile = fp /secrets/bicep/matrix.yaml;
|
||||
key = "coturn/static-auth-secret";
|
||||
owner = config.users.users.turnserver.name;
|
||||
group = config.users.users.turnserver.group;
|
||||
restartUnits = [ "coturn.service" ];
|
||||
};
|
||||
|
||||
services.matrix-synapse-next = {
|
||||
@@ -44,7 +42,7 @@
|
||||
|
||||
security.acme.certs.${config.services.coturn.realm} = {
|
||||
email = "drift@pvv.ntnu.no";
|
||||
listenHTTP = "${values.services.turn.ipv4}:80";
|
||||
listenHTTP = "129.241.210.213:80";
|
||||
reloadServices = [ "coturn.service" ];
|
||||
};
|
||||
|
||||
|
||||
@@ -18,7 +18,6 @@ in
|
||||
sops.templates."hookshot-registration.yaml" = {
|
||||
owner = config.users.users.matrix-synapse.name;
|
||||
group = config.users.groups.keys-matrix-registrations.name;
|
||||
restartUnits = [ "matrix-hookshot.service" ];
|
||||
content = ''
|
||||
id: matrix-hookshot
|
||||
as_token: "${config.sops.placeholder."matrix/hookshot/as_token"}"
|
||||
@@ -78,14 +77,14 @@ in
|
||||
outbound = true;
|
||||
urlPrefix = "https://hookshot.pvv.ntnu.no/webhook/";
|
||||
userIdPrefix = "_webhooks_";
|
||||
allowJsTransformationFunctions = true;
|
||||
allowJsTransformationFunctions = false;
|
||||
waitForComplete = false;
|
||||
};
|
||||
feeds = {
|
||||
enabled = true;
|
||||
pollIntervalSeconds = 600;
|
||||
};
|
||||
|
||||
|
||||
serviceBots = [
|
||||
{ localpart = "bot_feeds";
|
||||
displayname = "Aya";
|
||||
@@ -95,11 +94,6 @@ in
|
||||
}
|
||||
];
|
||||
|
||||
widgets = {
|
||||
roomSetupWidget.addOnInvite = false;
|
||||
publicUrl = "https://hookshot.pvv.ntnu.no/widgetapi/v1/static";
|
||||
};
|
||||
|
||||
permissions = [
|
||||
# Users of the PVV Server
|
||||
{ actor = "pvv.ntnu.no";
|
||||
@@ -134,7 +128,6 @@ in
|
||||
|
||||
services.nginx.virtualHosts."hookshot.pvv.ntnu.no" = {
|
||||
enableACME = true;
|
||||
addSSL = true;
|
||||
locations."/" = {
|
||||
proxyPass = "http://${webhookListenAddress}:${toString webhookListenPort}";
|
||||
};
|
||||
|
||||
@@ -6,7 +6,6 @@
|
||||
key = "mjolnir/access_token";
|
||||
owner = config.users.users.mjolnir.name;
|
||||
group = config.users.users.mjolnir.group;
|
||||
restartUnits = [ "mjolnir.service" ];
|
||||
};
|
||||
|
||||
services.mjolnir = {
|
||||
|
||||
@@ -9,22 +9,18 @@ in
|
||||
"matrix/ooye/as_token" = {
|
||||
sopsFile = fp /secrets/bicep/matrix.yaml;
|
||||
key = "ooye/as_token";
|
||||
restartUnits = [ "matrix-ooye.service" ];
|
||||
};
|
||||
"matrix/ooye/hs_token" = {
|
||||
sopsFile = fp /secrets/bicep/matrix.yaml;
|
||||
key = "ooye/hs_token";
|
||||
restartUnits = [ "matrix-ooye.service" ];
|
||||
};
|
||||
"matrix/ooye/discord_token" = {
|
||||
sopsFile = fp /secrets/bicep/matrix.yaml;
|
||||
key = "ooye/discord_token";
|
||||
restartUnits = [ "matrix-ooye.service" ];
|
||||
};
|
||||
"matrix/ooye/discord_client_secret" = {
|
||||
sopsFile = fp /secrets/bicep/matrix.yaml;
|
||||
key = "ooye/discord_client_secret";
|
||||
restartUnits = [ "matrix-ooye.service" ];
|
||||
};
|
||||
};
|
||||
|
||||
|
||||
@@ -1,4 +1,4 @@
|
||||
{ lib, buildPythonPackage, fetchFromGitHub, setuptools }:
|
||||
{ lib, buildPythonPackage, fetchFromGitHub }:
|
||||
|
||||
buildPythonPackage rec {
|
||||
pname = "matrix-synapse-smtp-auth";
|
||||
@@ -6,9 +6,6 @@ buildPythonPackage rec {
|
||||
|
||||
src = ./.;
|
||||
|
||||
pyproject = true;
|
||||
build-system = [ setuptools ];
|
||||
|
||||
doCheck = false;
|
||||
|
||||
meta = with lib; {
|
||||
|
||||
@@ -124,8 +124,8 @@ in {
|
||||
"fec0::/10"
|
||||
|
||||
# NTNU
|
||||
values.ntnu.ipv4-space
|
||||
values.ntnu.ipv6-space
|
||||
"129.241.0.0/16"
|
||||
"2001:700:300::/44"
|
||||
];
|
||||
};
|
||||
};
|
||||
|
||||
@@ -48,8 +48,6 @@
|
||||
IPAddressAllow = [
|
||||
values.ipv4-space
|
||||
values.ipv6-space
|
||||
values.hosts.ildkule.ipv4
|
||||
values.hosts.ildkule.ipv6
|
||||
];
|
||||
};
|
||||
}
|
||||
|
||||
@@ -1,15 +1,15 @@
|
||||
{ config, pkgs, values, ... }:
|
||||
{ config, pkgs, ... }:
|
||||
{
|
||||
services.postgresql = {
|
||||
enable = true;
|
||||
package = pkgs.postgresql_15;
|
||||
enableTCPIP = true;
|
||||
|
||||
dataDir = "/data/postgresql";
|
||||
|
||||
authentication = ''
|
||||
host all all ${values.ipv4-space} md5
|
||||
host all all ${values.ipv6-space} md5
|
||||
host all all ${values.hosts.ildkule.ipv4}/32 md5
|
||||
host all all ${values.hosts.ildkule.ipv6}/32 md5
|
||||
host all all 129.241.210.128/25 md5
|
||||
host all all 2001:700:300:1900::/64 md5
|
||||
'';
|
||||
|
||||
# Hilsen https://pgconfigurator.cybertec-postgresql.com/
|
||||
@@ -74,40 +74,11 @@
|
||||
};
|
||||
};
|
||||
|
||||
systemd.tmpfiles.settings."10-postgresql"."/data/postgresql".d = {
|
||||
user = config.systemd.services.postgresql.serviceConfig.User;
|
||||
group = config.systemd.services.postgresql.serviceConfig.Group;
|
||||
mode = "0700";
|
||||
};
|
||||
|
||||
systemd.services.postgresql-setup = {
|
||||
after = [
|
||||
"systemd-tmpfiles-setup.service"
|
||||
"systemd-tmpfiles-resetup.service"
|
||||
systemd.services.postgresql.serviceConfig = {
|
||||
LoadCredential = [
|
||||
"cert:/etc/certs/postgres.crt"
|
||||
"key:/etc/certs/postgres.key"
|
||||
];
|
||||
serviceConfig = {
|
||||
LoadCredential = [
|
||||
"cert:/etc/certs/postgres.crt"
|
||||
"key:/etc/certs/postgres.key"
|
||||
];
|
||||
|
||||
BindPaths = [ "/data/postgresql:/var/lib/postgresql" ];
|
||||
};
|
||||
};
|
||||
|
||||
systemd.services.postgresql = {
|
||||
after = [
|
||||
"systemd-tmpfiles-setup.service"
|
||||
"systemd-tmpfiles-resetup.service"
|
||||
];
|
||||
serviceConfig = {
|
||||
LoadCredential = [
|
||||
"cert:/etc/certs/postgres.crt"
|
||||
"key:/etc/certs/postgres.key"
|
||||
];
|
||||
|
||||
BindPaths = [ "/data/postgresql:/var/lib/postgresql" ];
|
||||
};
|
||||
};
|
||||
|
||||
environment.snakeoil-certs."/etc/certs/postgres" = {
|
||||
|
||||
@@ -4,6 +4,7 @@
|
||||
# Include the results of the hardware scan.
|
||||
./hardware-configuration.nix
|
||||
(fp /base)
|
||||
(fp /misc/metrics-exporters.nix)
|
||||
|
||||
./services/grzegorz.nix
|
||||
];
|
||||
|
||||
@@ -4,6 +4,7 @@
|
||||
# Include the results of the hardware scan.
|
||||
./hardware-configuration.nix
|
||||
(fp /base)
|
||||
(fp /misc/metrics-exporters.nix)
|
||||
|
||||
(fp /modules/grzegorz.nix)
|
||||
];
|
||||
|
||||
@@ -1,53 +0,0 @@
|
||||
{
|
||||
config,
|
||||
fp,
|
||||
pkgs,
|
||||
lib,
|
||||
values,
|
||||
...
|
||||
}:
|
||||
{
|
||||
imports = [
|
||||
./hardware-configuration.nix
|
||||
(fp /base)
|
||||
];
|
||||
|
||||
boot.loader.systemd-boot.enable = true;
|
||||
boot.loader.efi.canTouchEfiVariables = true;
|
||||
|
||||
systemd.network.enable = lib.mkForce false;
|
||||
networking =
|
||||
let
|
||||
hostConf = values.hosts.gluttony;
|
||||
in
|
||||
{
|
||||
hostName = "gluttony";
|
||||
tempAddresses = "disabled";
|
||||
useDHCP = lib.mkForce true;
|
||||
|
||||
search = values.defaultNetworkConfig.domains;
|
||||
nameservers = values.defaultNetworkConfig.dns;
|
||||
defaultGateway.address = hostConf.ipv4_internal_gw;
|
||||
|
||||
interfaces."ens3" = {
|
||||
ipv4.addresses = [
|
||||
{
|
||||
address = hostConf.ipv4;
|
||||
prefixLength = 32;
|
||||
}
|
||||
{
|
||||
address = hostConf.ipv4_internal;
|
||||
prefixLength = 24;
|
||||
}
|
||||
];
|
||||
ipv6.addresses = [
|
||||
{
|
||||
address = hostConf.ipv6;
|
||||
prefixLength = 64;
|
||||
}
|
||||
];
|
||||
};
|
||||
};
|
||||
|
||||
system.stateVersion = "25.11"; # Don't change unless you know what you are doing.
|
||||
}
|
||||
@@ -1,45 +0,0 @@
|
||||
# Do not modify this file! It was generated by ‘nixos-generate-config’
|
||||
# and may be overwritten by future invocations. Please make changes
|
||||
# to /etc/nixos/configuration.nix instead.
|
||||
{
|
||||
config,
|
||||
lib,
|
||||
pkgs,
|
||||
modulesPath,
|
||||
...
|
||||
}:
|
||||
|
||||
{
|
||||
imports = [
|
||||
(modulesPath + "/profiles/qemu-guest.nix")
|
||||
];
|
||||
|
||||
boot.initrd.availableKernelModules = [
|
||||
"ata_piix"
|
||||
"uhci_hcd"
|
||||
"virtio_pci"
|
||||
"virtio_scsi"
|
||||
"sd_mod"
|
||||
];
|
||||
boot.initrd.kernelModules = [ "dm-snapshot" ];
|
||||
boot.kernelModules = [ ];
|
||||
boot.extraModulePackages = [ ];
|
||||
|
||||
fileSystems."/" = {
|
||||
device = "/dev/mapper/pool-root";
|
||||
fsType = "ext4";
|
||||
};
|
||||
|
||||
fileSystems."/boot" = {
|
||||
device = "/dev/disk/by-uuid/D00A-B488";
|
||||
fsType = "vfat";
|
||||
options = [
|
||||
"fmask=0077"
|
||||
"dmask=0077"
|
||||
];
|
||||
};
|
||||
|
||||
swapDevices = [ ];
|
||||
|
||||
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
|
||||
}
|
||||
@@ -4,10 +4,10 @@
|
||||
# Include the results of the hardware scan.
|
||||
./hardware-configuration.nix
|
||||
(fp /base)
|
||||
(fp /misc/metrics-exporters.nix)
|
||||
|
||||
./services/monitoring
|
||||
./services/nginx
|
||||
./services/journald-remote.nix
|
||||
];
|
||||
|
||||
sops.defaultSopsFile = fp /secrets/ildkule/ildkule.yaml;
|
||||
|
||||
@@ -1,58 +0,0 @@
|
||||
{ config, lib, values, ... }:
|
||||
let
|
||||
cfg = config.services.journald.remote;
|
||||
domainName = "journald.pvv.ntnu.no";
|
||||
in
|
||||
{
|
||||
security.acme.certs.${domainName} = {
|
||||
webroot = "/var/lib/acme/acme-challenge/";
|
||||
group = config.services.nginx.group;
|
||||
};
|
||||
|
||||
services.nginx = {
|
||||
enable = true;
|
||||
virtualHosts.${domainName} = {
|
||||
forceSSL = true;
|
||||
useACMEHost = "${domainName}";
|
||||
locations."/.well-known/".root = "/var/lib/acme/acme-challenge/";
|
||||
};
|
||||
};
|
||||
|
||||
services.journald.upload.enable = lib.mkForce false;
|
||||
|
||||
services.journald.remote = {
|
||||
enable = true;
|
||||
settings.Remote = let
|
||||
inherit (config.security.acme.certs.${domainName}) directory;
|
||||
in {
|
||||
ServerKeyFile = "/run/credentials/systemd-journal-remote.service/key.pem";
|
||||
ServerCertificateFile = "/run/credentials/systemd-journal-remote.service/cert.pem";
|
||||
TrustedCertificateFile = "-";
|
||||
};
|
||||
};
|
||||
|
||||
systemd.sockets."systemd-journal-remote" = {
|
||||
socketConfig = {
|
||||
IPAddressDeny = "any";
|
||||
IPAddressAllow = [
|
||||
"127.0.0.1"
|
||||
"::1"
|
||||
values.ipv4-space
|
||||
values.ipv6-space
|
||||
];
|
||||
};
|
||||
};
|
||||
|
||||
networking.firewall.allowedTCPPorts = [ cfg.port ];
|
||||
|
||||
systemd.services."systemd-journal-remote" = {
|
||||
socketConfig = {
|
||||
LoadCredential = let
|
||||
inherit (config.security.acme.certs.${domainName}) directory;
|
||||
in [
|
||||
"key.pem:${directory}/key.pem"
|
||||
"cert.pem:${directory}/cert.pem"
|
||||
];
|
||||
};
|
||||
};
|
||||
}
|
||||
@@ -8,26 +8,25 @@
|
||||
|
||||
defaultNodeExporterPort = 9100;
|
||||
defaultSystemdExporterPort = 9101;
|
||||
defaultNixosExporterPort = 9102;
|
||||
in {
|
||||
services.prometheus.scrapeConfigs = [{
|
||||
job_name = "base_info";
|
||||
static_configs = [
|
||||
(mkHostScrapeConfig "ildkule" [ cfg.exporters.node.port cfg.exporters.systemd.port defaultNixosExporterPort ])
|
||||
(mkHostScrapeConfig "ildkule" [ cfg.exporters.node.port cfg.exporters.systemd.port ])
|
||||
|
||||
(mkHostScrapeConfig "bekkalokk" [ defaultNodeExporterPort defaultSystemdExporterPort defaultNixosExporterPort ])
|
||||
(mkHostScrapeConfig "bicep" [ defaultNodeExporterPort defaultSystemdExporterPort defaultNixosExporterPort ])
|
||||
(mkHostScrapeConfig "brzeczyszczykiewicz" [ defaultNodeExporterPort defaultSystemdExporterPort defaultNixosExporterPort ])
|
||||
(mkHostScrapeConfig "georg" [ defaultNodeExporterPort defaultSystemdExporterPort defaultNixosExporterPort ])
|
||||
(mkHostScrapeConfig "kommode" [ defaultNodeExporterPort defaultSystemdExporterPort defaultNixosExporterPort ])
|
||||
(mkHostScrapeConfig "ustetind" [ defaultNodeExporterPort defaultSystemdExporterPort defaultNixosExporterPort ])
|
||||
(mkHostScrapeConfig "wenche" [ defaultNodeExporterPort defaultSystemdExporterPort defaultNixosExporterPort ])
|
||||
(mkHostScrapeConfig "bekkalokk" [ defaultNodeExporterPort defaultSystemdExporterPort ])
|
||||
(mkHostScrapeConfig "bicep" [ defaultNodeExporterPort defaultSystemdExporterPort ])
|
||||
(mkHostScrapeConfig "brzeczyszczykiewicz" [ defaultNodeExporterPort defaultSystemdExporterPort ])
|
||||
(mkHostScrapeConfig "georg" [ defaultNodeExporterPort defaultSystemdExporterPort ])
|
||||
(mkHostScrapeConfig "kommode" [ defaultNodeExporterPort defaultSystemdExporterPort ])
|
||||
(mkHostScrapeConfig "ustetind" [ defaultNodeExporterPort defaultSystemdExporterPort ])
|
||||
(mkHostScrapeConfig "wenche" [ defaultNodeExporterPort defaultSystemdExporterPort ])
|
||||
|
||||
(mkHostScrapeConfig "lupine-1" [ defaultNodeExporterPort defaultSystemdExporterPort defaultNixosExporterPort ])
|
||||
(mkHostScrapeConfig "lupine-1" [ defaultNodeExporterPort defaultSystemdExporterPort ])
|
||||
# (mkHostScrapeConfig "lupine-2" [ defaultNodeExporterPort defaultSystemdExporterPort ])
|
||||
(mkHostScrapeConfig "lupine-3" [ defaultNodeExporterPort defaultSystemdExporterPort defaultNixosExporterPort ])
|
||||
(mkHostScrapeConfig "lupine-4" [ defaultNodeExporterPort defaultSystemdExporterPort defaultNixosExporterPort ])
|
||||
(mkHostScrapeConfig "lupine-5" [ defaultNodeExporterPort defaultSystemdExporterPort defaultNixosExporterPort ])
|
||||
(mkHostScrapeConfig "lupine-3" [ defaultNodeExporterPort defaultSystemdExporterPort ])
|
||||
(mkHostScrapeConfig "lupine-4" [ defaultNodeExporterPort defaultSystemdExporterPort ])
|
||||
(mkHostScrapeConfig "lupine-5" [ defaultNodeExporterPort defaultSystemdExporterPort ])
|
||||
|
||||
(mkHostScrapeConfig "hildring" [ defaultNodeExporterPort ])
|
||||
(mkHostScrapeConfig "isvegg" [ defaultNodeExporterPort ])
|
||||
|
||||
@@ -10,7 +10,7 @@ in {
|
||||
inherit (config.sops) placeholder;
|
||||
in ''
|
||||
[client]
|
||||
host = mysql.pvv.ntnu.no
|
||||
host = bicep.pvv.ntnu.no
|
||||
port = 3306
|
||||
user = prometheus_mysqld_exporter
|
||||
password = ${placeholder."config/mysqld_exporter_password"}
|
||||
|
||||
@@ -4,6 +4,7 @@
|
||||
# Include the results of the hardware scan.
|
||||
./hardware-configuration.nix
|
||||
(fp /base)
|
||||
(fp /misc/metrics-exporters.nix)
|
||||
|
||||
./services/gitea
|
||||
./services/nginx.nix
|
||||
@@ -30,3 +31,4 @@
|
||||
|
||||
system.stateVersion = "24.11";
|
||||
}
|
||||
|
||||
|
||||
@@ -24,15 +24,10 @@ in
|
||||
script = let
|
||||
logo-svg = fp /assets/logo_blue_regular.svg;
|
||||
logo-png = fp /assets/logo_blue_regular.png;
|
||||
|
||||
extraLinks = pkgs.writeText "gitea-extra-links.tmpl" ''
|
||||
<a class="item" href="https://git.pvv.ntnu.no/Drift/-/projects/4">Tokyo Drift Issues</a>
|
||||
'';
|
||||
|
||||
extraLinksFooter = pkgs.writeText "gitea-extra-links-footer.tmpl" ''
|
||||
<a class="item" href="https://www.pvv.ntnu.no/">PVV</a>
|
||||
<a class="item" href="https://wiki.pvv.ntnu.no/">Wiki</a>
|
||||
<a class="item" href="https://wiki.pvv.ntnu.no/wiki/Tjenester/Kodelager">PVV Gitea Howto</a>
|
||||
<a class="item" href="https://git.pvv.ntnu.no/Drift/-/projects/4">Tokyo Drift Issues</a>
|
||||
'';
|
||||
|
||||
project-labels = (pkgs.formats.yaml { }).generate "gitea-project-labels.yaml" {
|
||||
@@ -47,14 +42,13 @@ in
|
||||
} ''
|
||||
# Bigger icons
|
||||
install -Dm444 "${cfg.package.src}/templates/repo/icon.tmpl" "$out/repo/icon.tmpl"
|
||||
sed -i -e 's/24/60/g' "$out/repo/icon.tmpl"
|
||||
sed -i -e 's/24/48/g' "$out/repo/icon.tmpl"
|
||||
'';
|
||||
in ''
|
||||
install -Dm444 ${logo-svg} ${cfg.customDir}/public/assets/img/logo.svg
|
||||
install -Dm444 ${logo-png} ${cfg.customDir}/public/assets/img/logo.png
|
||||
install -Dm444 ${./loading.apng} ${cfg.customDir}/public/assets/img/loading.png
|
||||
install -Dm444 ${extraLinks} ${cfg.customDir}/templates/custom/extra_links.tmpl
|
||||
install -Dm444 ${extraLinksFooter} ${cfg.customDir}/templates/custom/extra_links_footer.tmpl
|
||||
install -Dm444 ${project-labels} ${cfg.customDir}/options/label/project-labels.yaml
|
||||
|
||||
"${lib.getExe pkgs.rsync}" -a "${customTemplates}/" ${cfg.customDir}/templates/
|
||||
|
||||
@@ -35,12 +35,6 @@
|
||||
"color": "#ed1111",
|
||||
"description": "Report an oopsie"
|
||||
},
|
||||
{
|
||||
"name": "developer experience",
|
||||
"exclusive": false,
|
||||
"color": "#eb6420",
|
||||
"description": "Think about the developers"
|
||||
},
|
||||
{
|
||||
"name": "disputed",
|
||||
"exclusive": false,
|
||||
|
||||
@@ -15,7 +15,6 @@ in {
|
||||
defaultConfig = {
|
||||
owner = "gitea";
|
||||
group = "gitea";
|
||||
restartUnits = [ "gitea.service" ];
|
||||
};
|
||||
in {
|
||||
"gitea/database" = defaultConfig;
|
||||
@@ -122,10 +121,6 @@ in {
|
||||
picture = {
|
||||
DISABLE_GRAVATAR = true;
|
||||
ENABLE_FEDERATED_AVATAR = false;
|
||||
|
||||
AVATAR_MAX_FILE_SIZE = 1024 * 1024 * 5;
|
||||
# NOTE: go any bigger than this, and gitea will freeze your gif >:(
|
||||
AVATAR_MAX_ORIGIN_SIZE = 1024 * 1024 * 2;
|
||||
};
|
||||
actions.ENABLED = true;
|
||||
ui = {
|
||||
@@ -164,6 +159,10 @@ in {
|
||||
|
||||
environment.systemPackages = [ cfg.package ];
|
||||
|
||||
systemd.services.gitea.serviceConfig.Type = lib.mkForce "notify";
|
||||
|
||||
systemd.services.gitea.serviceConfig.WatchdogSec = "60";
|
||||
|
||||
systemd.services.gitea.serviceConfig.CPUSchedulingPolicy = "batch";
|
||||
|
||||
systemd.services.gitea.serviceConfig.CacheDirectory = "gitea/repo-archive";
|
||||
|
||||
@@ -4,23 +4,9 @@ let
|
||||
GNUPGHOME = "${config.users.users.gitea.home}/gnupg";
|
||||
in
|
||||
{
|
||||
sops.secrets = {
|
||||
"gitea/gpg-signing-key-public" = {
|
||||
owner = cfg.user;
|
||||
inherit (cfg) group;
|
||||
restartUnits = [
|
||||
"gitea.service"
|
||||
"gitea-ensure-gnupg-homedir.service"
|
||||
];
|
||||
};
|
||||
"gitea/gpg-signing-key-private" = {
|
||||
owner = cfg.user;
|
||||
inherit (cfg) group;
|
||||
restartUnits = [
|
||||
"gitea.service"
|
||||
"gitea-ensure-gnupg-homedir.service"
|
||||
];
|
||||
};
|
||||
sops.secrets."gitea/gpg-signing-key" = {
|
||||
owner = cfg.user;
|
||||
inherit (cfg) group;
|
||||
};
|
||||
|
||||
systemd.services.gitea.environment = { inherit GNUPGHOME; };
|
||||
@@ -32,7 +18,6 @@ in
|
||||
|
||||
systemd.services.gitea-ensure-gnupg-homedir = {
|
||||
description = "Import gpg key for gitea";
|
||||
before = [ "gitea.service" ];
|
||||
environment = { inherit GNUPGHOME; };
|
||||
serviceConfig = {
|
||||
Type = "oneshot";
|
||||
@@ -40,8 +25,7 @@ in
|
||||
PrivateNetwork = true;
|
||||
};
|
||||
script = ''
|
||||
${lib.getExe pkgs.gnupg} --import ${config.sops.secrets."gitea/gpg-signing-key-public".path}
|
||||
${lib.getExe pkgs.gnupg} --import ${config.sops.secrets."gitea/gpg-signing-key-private".path}
|
||||
${lib.getExe pkgs.gnupg} --import ${config.sops.secrets."gitea/gpg-signing-key".path}
|
||||
'';
|
||||
};
|
||||
|
||||
@@ -50,6 +34,5 @@ in
|
||||
SIGNING_NAME = "PVV Git";
|
||||
SIGNING_EMAIL = "gitea@git.pvv.ntnu.no";
|
||||
INITIAL_COMMIT = "always";
|
||||
WIKI = "always";
|
||||
};
|
||||
}
|
||||
|
||||
@@ -4,6 +4,7 @@
|
||||
./hardware-configuration/${lupineName}.nix
|
||||
|
||||
(fp /base)
|
||||
(fp /misc/metrics-exporters.nix)
|
||||
|
||||
./services/gitea-runner.nix
|
||||
];
|
||||
|
||||
@@ -25,35 +25,9 @@
|
||||
enable = true;
|
||||
name = "git-runner-${lupineName}";
|
||||
url = "https://git.pvv.ntnu.no";
|
||||
# NOTE: gitea actions runners need node inside their docker images,
|
||||
# so we are a bit limited here.
|
||||
labels = [
|
||||
"debian-latest:docker://node:current-trixie"
|
||||
"debian-trixie:docker://node:current-trixie"
|
||||
"debian-bookworm:docker://node:current-bookworm"
|
||||
"debian-bullseye:docker://node:current-bullseye"
|
||||
|
||||
"debian-latest-slim:docker://node:current-trixie-slim"
|
||||
"debian-trixie-slim:docker://node:current-trixie-slim"
|
||||
"debian-bookworm-slim:docker://node:current-bookworm-slim"
|
||||
"debian-bullseye-slim:docker://node:current-bullseye-slim"
|
||||
|
||||
"alpine-latest:docker://node:current-alpine"
|
||||
"alpine-3.22:docker://node:current-alpine3.22"
|
||||
"alpine-3.21:docker://node:current-alpine3.21"
|
||||
|
||||
# See https://gitea.com/gitea/runner-images
|
||||
"ubuntu-latest:docker://docker.gitea.com/runner-images:ubuntu-latest"
|
||||
"ubuntu-24.04:docker://docker.gitea.com/runner-images:ubuntu-24.04"
|
||||
"ubuntu-noble:docker://docker.gitea.com/runner-images:ubuntu-24.04"
|
||||
"ubuntu-22.04:docker://docker.gitea.com/runner-images:ubuntu-22.04"
|
||||
"ubuntu-jammy:docker://docker.gitea.com/runner-images:ubuntu-22.04"
|
||||
|
||||
"ubuntu-latest-slim:docker://docker.gitea.com/runner-images:ubuntu-latest-slim"
|
||||
"ubuntu-24.04-slim:docker://docker.gitea.com/runner-images:ubuntu-24.04-slim"
|
||||
"ubuntu-noble-slim:docker://docker.gitea.com/runner-images:ubuntu-24.04-slim"
|
||||
"ubuntu-22.04-slim:docker://docker.gitea.com/runner-images:ubuntu-22.04-slim"
|
||||
"ubuntu-jammy-slim:docker://docker.gitea.com/runner-images:ubuntu-22.04-slim"
|
||||
"debian-latest:docker://node:current-bookworm"
|
||||
"ubuntu-latest:docker://node:current-bookworm"
|
||||
];
|
||||
tokenFile = config.sops.templates."gitea-runner-envfile".path;
|
||||
};
|
||||
|
||||
@@ -4,6 +4,7 @@
|
||||
# Include the results of the hardware scan.
|
||||
./hardware-configuration.nix
|
||||
(fp /base)
|
||||
(fp /misc/metrics-exporters.nix)
|
||||
];
|
||||
|
||||
sops.defaultSopsFile = fp /secrets/shark/shark.yaml;
|
||||
|
||||
@@ -1,73 +0,0 @@
|
||||
{ config, pkgs, lib, fp, ... }: {
|
||||
imports = [
|
||||
# ./hardware-configuration.nix
|
||||
|
||||
(fp /base)
|
||||
];
|
||||
|
||||
boot = {
|
||||
consoleLogLevel = 0;
|
||||
enableContainers = false;
|
||||
loader.grub.enable = false;
|
||||
kernelPackages = pkgs.linuxPackages;
|
||||
};
|
||||
|
||||
# Now turn off a bunch of stuff lol
|
||||
system.autoUpgrade.enable = lib.mkForce false;
|
||||
services.irqbalance.enable = lib.mkForce false;
|
||||
services.logrotate.enable = lib.mkForce false;
|
||||
services.nginx.enable = lib.mkForce false;
|
||||
services.postfix.enable = lib.mkForce false;
|
||||
|
||||
# TODO: can we reduce further?
|
||||
|
||||
system.stateVersion = "25.05";
|
||||
|
||||
sops.defaultSopsFile = fp /secrets/skrott/skrott.yaml;
|
||||
sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
|
||||
sops.age.keyFile = "/var/lib/sops-nix/key.txt";
|
||||
sops.age.generateKey = true;
|
||||
|
||||
sops.secrets = {
|
||||
"dibbler/postgresql/url" = {
|
||||
owner = "dibbler";
|
||||
group = "dibbler";
|
||||
};
|
||||
};
|
||||
|
||||
# zramSwap.enable = true;
|
||||
|
||||
networking = {
|
||||
hostName = "skrot";
|
||||
interfaces.eth0 = {
|
||||
useDHCP = false;
|
||||
ipv4.addresses = [{
|
||||
address = "129.241.210.235";
|
||||
prefixLength = 25;
|
||||
}];
|
||||
};
|
||||
};
|
||||
|
||||
services.dibbler = {
|
||||
enable = true;
|
||||
kioskMode = true;
|
||||
limitScreenWidth = 80;
|
||||
limitScreenHeight = 42;
|
||||
|
||||
settings = {
|
||||
general.quit_allowed = false;
|
||||
database.url = config.sops.secrets."dibbler/postgresql/url".path;
|
||||
};
|
||||
};
|
||||
|
||||
# https://github.com/NixOS/nixpkgs/issues/84105
|
||||
boot.kernelParams = [
|
||||
"console=ttyUSB0,9600"
|
||||
# "console=tty1" # Already part of the module
|
||||
];
|
||||
systemd.services."serial-getty@ttyUSB0" = {
|
||||
enable = true;
|
||||
wantedBy = [ "getty.target" ]; # to start at boot
|
||||
serviceConfig.Restart = "always"; # restart when session is closed
|
||||
};
|
||||
}
|
||||
@@ -1,39 +0,0 @@
|
||||
{ config, fp, pkgs, values, ... }:
|
||||
{
|
||||
imports = [
|
||||
# Include the results of the hardware scan.
|
||||
./hardware-configuration.nix
|
||||
(fp /base)
|
||||
|
||||
./services/nfs-mounts.nix
|
||||
];
|
||||
|
||||
# sops.defaultSopsFile = fp /secrets/shark/shark.yaml;
|
||||
# sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
|
||||
# sops.age.keyFile = "/var/lib/sops-nix/key.txt";
|
||||
# sops.age.generateKey = true;
|
||||
|
||||
boot.loader.systemd-boot.enable = true;
|
||||
boot.loader.efi.canTouchEfiVariables = true;
|
||||
|
||||
networking.hostName = "temmie"; # Define your hostname.
|
||||
|
||||
systemd.network.networks."30-ens18" = values.defaultNetworkConfig // {
|
||||
matchConfig.Name = "ens18";
|
||||
address = with values.hosts.temmie; [ (ipv4 + "/25") (ipv6 + "/64") ];
|
||||
};
|
||||
|
||||
# List packages installed in system profile
|
||||
environment.systemPackages = with pkgs; [
|
||||
];
|
||||
|
||||
# List services that you want to enable:
|
||||
|
||||
# This value determines the NixOS release from which the default
|
||||
# settings for stateful data, like file locations and database versions
|
||||
# on your system were taken. It‘s perfectly fine and recommended to leave
|
||||
# this value at the release version of the first install of this system.
|
||||
# Before changing this value read the documentation for this option
|
||||
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
|
||||
system.stateVersion = "25.11"; # Did you read the comment?
|
||||
}
|
||||
@@ -1,30 +0,0 @@
|
||||
# Do not modify this file! It was generated by ‘nixos-generate-config’
|
||||
# and may be overwritten by future invocations. Please make changes
|
||||
# to /etc/nixos/configuration.nix instead.
|
||||
{ config, lib, pkgs, modulesPath, ... }:
|
||||
|
||||
{
|
||||
imports =
|
||||
[ (modulesPath + "/profiles/qemu-guest.nix")
|
||||
];
|
||||
|
||||
boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod" ];
|
||||
boot.initrd.kernelModules = [ ];
|
||||
boot.kernelModules = [ ];
|
||||
boot.extraModulePackages = [ ];
|
||||
|
||||
fileSystems."/" =
|
||||
{ device = "/dev/disk/by-uuid/c3aed415-0054-4ac5-8d29-75a99cc26451";
|
||||
fsType = "btrfs";
|
||||
};
|
||||
|
||||
fileSystems."/boot" =
|
||||
{ device = "/dev/disk/by-uuid/A367-83FD";
|
||||
fsType = "vfat";
|
||||
options = [ "fmask=0022" "dmask=0022" ];
|
||||
};
|
||||
|
||||
swapDevices = [ ];
|
||||
|
||||
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
|
||||
}
|
||||
@@ -1,21 +0,0 @@
|
||||
{ pkgs, lib, ... }:
|
||||
{
|
||||
fileSystems = let
|
||||
# See microbel:/etc/exports
|
||||
shorthandAreas = lib.listToAttrs (map
|
||||
(l: lib.nameValuePair "/run/pvv-home-mounts/${l}" "homepvv${l}.pvv.ntnu.no:/export/home/pvv/${l}")
|
||||
[ "a" "b" "c" "d" "h" "i" "j" "k" "l" "m" "z" ]);
|
||||
in { }
|
||||
//
|
||||
(lib.mapAttrs (_: device: {
|
||||
inherit device;
|
||||
fsType = "nfs";
|
||||
options = [
|
||||
"nfsvers=3"
|
||||
"noauto"
|
||||
"proto=tcp"
|
||||
"x-systemd.automount"
|
||||
"x-systemd.idle-timeout=300"
|
||||
];
|
||||
}) shorthandAreas);
|
||||
}
|
||||
@@ -3,6 +3,7 @@
|
||||
{
|
||||
imports = [
|
||||
(fp /base)
|
||||
(fp /misc/metrics-exporters.nix)
|
||||
|
||||
./services/gitea-runners.nix
|
||||
];
|
||||
|
||||
@@ -4,16 +4,11 @@
|
||||
# Include the results of the hardware scan.
|
||||
./hardware-configuration.nix
|
||||
(fp /base)
|
||||
(fp /misc/metrics-exporters.nix)
|
||||
|
||||
(fp /misc/builder.nix)
|
||||
];
|
||||
|
||||
nix.settings.trusted-users = [ "@nix-builder-users" ];
|
||||
nix.daemonCPUSchedPolicy = "batch";
|
||||
|
||||
boot.binfmt.emulatedSystems = [
|
||||
"aarch64-linux"
|
||||
"armv7l-linux"
|
||||
];
|
||||
|
||||
sops.defaultSopsFile = fp /secrets/wenche/wenche.yaml;
|
||||
sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
|
||||
sops.age.keyFile = "/var/lib/sops-nix/key.txt";
|
||||
|
||||
11
misc/builder.nix
Normal file
11
misc/builder.nix
Normal file
@@ -0,0 +1,11 @@
|
||||
{ ... }:
|
||||
|
||||
{
|
||||
nix.settings.trusted-users = [ "@nix-builder-users" ];
|
||||
nix.daemonCPUSchedPolicy = "batch";
|
||||
|
||||
boot.binfmt.emulatedSystems = [
|
||||
"aarch64-linux"
|
||||
"armv7l-linux"
|
||||
];
|
||||
}
|
||||
80
misc/metrics-exporters.nix
Normal file
80
misc/metrics-exporters.nix
Normal file
@@ -0,0 +1,80 @@
|
||||
{ config, pkgs, values, ... }:
|
||||
|
||||
{
|
||||
services.prometheus.exporters.node = {
|
||||
enable = true;
|
||||
port = 9100;
|
||||
enabledCollectors = [ "systemd" ];
|
||||
};
|
||||
|
||||
systemd.services.prometheus-node-exporter.serviceConfig = {
|
||||
IPAddressDeny = "any";
|
||||
IPAddressAllow = [
|
||||
"127.0.0.1"
|
||||
"::1"
|
||||
values.hosts.ildkule.ipv4
|
||||
values.hosts.ildkule.ipv6
|
||||
];
|
||||
};
|
||||
|
||||
|
||||
services.prometheus.exporters.systemd = {
|
||||
enable = true;
|
||||
port = 9101;
|
||||
extraFlags = [
|
||||
"--systemd.collector.enable-restart-count"
|
||||
"--systemd.collector.enable-ip-accounting"
|
||||
];
|
||||
};
|
||||
|
||||
systemd.services.prometheus-systemd-exporter.serviceConfig = {
|
||||
IPAddressDeny = "any";
|
||||
IPAddressAllow = [
|
||||
"127.0.0.1"
|
||||
"::1"
|
||||
values.hosts.ildkule.ipv4
|
||||
values.hosts.ildkule.ipv6
|
||||
];
|
||||
};
|
||||
|
||||
|
||||
networking.firewall.allowedTCPPorts = [ 9100 9101 ];
|
||||
|
||||
services.promtail = {
|
||||
enable = true;
|
||||
configuration = {
|
||||
server = {
|
||||
http_listen_port = 28183;
|
||||
grpc_listen_port = 0;
|
||||
};
|
||||
clients = [
|
||||
{
|
||||
url = "http://ildkule.pvv.ntnu.no:3100/loki/api/v1/push";
|
||||
}
|
||||
];
|
||||
scrape_configs = [
|
||||
{
|
||||
job_name = "systemd-journal";
|
||||
journal = {
|
||||
max_age = "12h";
|
||||
labels = {
|
||||
job = "systemd-journal";
|
||||
host = config.networking.hostName;
|
||||
};
|
||||
};
|
||||
relabel_configs = [
|
||||
{
|
||||
source_labels = [ "__journal__systemd_unit" ];
|
||||
target_label = "unit";
|
||||
}
|
||||
{
|
||||
source_labels = [ "__journal_priority_keyword" ];
|
||||
target_label = "level";
|
||||
}
|
||||
];
|
||||
}
|
||||
];
|
||||
};
|
||||
};
|
||||
|
||||
}
|
||||
86
misc/rust-motd.nix
Normal file
86
misc/rust-motd.nix
Normal file
@@ -0,0 +1,86 @@
|
||||
{ pkgs, lib, config, ... }:
|
||||
{
|
||||
environment = {
|
||||
systemPackages = with pkgs; [
|
||||
rust-motd
|
||||
toilet
|
||||
];
|
||||
|
||||
loginShellInit = let
|
||||
motd = "${pkgs.rust-motd}/bin/rust-motd /etc/${config.environment.etc.rustMotdConfig.target}";
|
||||
in ''
|
||||
# Assure stdout is a terminal, so headless programs won't be broken
|
||||
if [ "x''${SSH_TTY}" != "x" ]; then
|
||||
${motd}
|
||||
fi
|
||||
'';
|
||||
|
||||
etc.rustMotdConfig = {
|
||||
target = "rust-motd-config.toml";
|
||||
source = let
|
||||
|
||||
cfg = {
|
||||
global = {
|
||||
progress_full_character = "=";
|
||||
progress_empty_character = "=";
|
||||
progress_prefix = "[";
|
||||
progress_suffix = "]";
|
||||
time_format = "%Y-%m-%d %H:%M:%S";
|
||||
};
|
||||
|
||||
banner = {
|
||||
color = "red";
|
||||
command = "hostname | ${pkgs.toilet}/bin/toilet -f mono9";
|
||||
};
|
||||
|
||||
service_status = {
|
||||
Accounts = "accounts-daemon";
|
||||
Cron = "cron";
|
||||
Docker = "docker";
|
||||
Matrix = "matrix-synapse";
|
||||
sshd = "sshd";
|
||||
};
|
||||
|
||||
uptime = {
|
||||
prefix = "Uptime: ";
|
||||
};
|
||||
|
||||
# Not relevant for server
|
||||
# user_service_status = {
|
||||
# Gpg-agent = "gpg-agent";
|
||||
# };
|
||||
|
||||
filesystems = let
|
||||
inherit (lib.attrsets) attrNames listToAttrs nameValuePair;
|
||||
inherit (lib.lists) imap1;
|
||||
inherit (config) fileSystems;
|
||||
|
||||
imap1Attrs' = f: set:
|
||||
listToAttrs (imap1 (i: attr: f i attr set.${attr}) (attrNames set));
|
||||
|
||||
getName = i: v: if (v.label != null) then v.label else "<? ${toString i}>";
|
||||
in
|
||||
imap1Attrs' (i: n: v: nameValuePair (getName i v) n) fileSystems;
|
||||
|
||||
memory = {
|
||||
swap_pos = "beside"; # or "below" or "none"
|
||||
};
|
||||
|
||||
last_login = let
|
||||
inherit (lib.lists) imap1;
|
||||
inherit (lib.attrsets) filterAttrs nameValuePair attrValues listToAttrs;
|
||||
inherit (config.users) users;
|
||||
|
||||
normalUsers = filterAttrs (n: v: v.isNormalUser || n == "root") users;
|
||||
userNPVs = imap1 (index: user: nameValuePair user.name index) (attrValues normalUsers);
|
||||
in listToAttrs userNPVs;
|
||||
|
||||
last_run = {};
|
||||
};
|
||||
|
||||
toml = pkgs.formats.toml {};
|
||||
|
||||
in toml.generate "rust-motd.toml" cfg;
|
||||
};
|
||||
};
|
||||
}
|
||||
@@ -16,8 +16,6 @@ in
|
||||
|
||||
# TODO: update symlink for one repo at a time (e.g. gickup-linktree@<instance>.service)
|
||||
systemd.services."gickup-linktree" = {
|
||||
after = map ({ slug, ... }: "gickup@${slug}.service") (lib.attrValues cfg.instances);
|
||||
wantedBy = [ "gickup.target" ];
|
||||
serviceConfig = {
|
||||
Type = "oneshot";
|
||||
ExecStart = let
|
||||
|
||||
@@ -1,4 +1,4 @@
|
||||
{config, lib, pkgs, unstablePkgs, values, ...}:
|
||||
{ config, lib, pkgs, unstablePkgs, ... }:
|
||||
let
|
||||
grg = config.services.greg-ng;
|
||||
grgw = config.services.grzegorz-webui;
|
||||
@@ -44,12 +44,8 @@ in {
|
||||
"${machine}.pvv.org"
|
||||
];
|
||||
extraConfig = ''
|
||||
# pvv
|
||||
allow ${values.ipv4-space};
|
||||
allow ${values.ipv6-space};
|
||||
# ntnu
|
||||
allow ${values.ntnu.ipv4-space};
|
||||
allow ${values.ntnu.ipv6-space};
|
||||
allow 129.241.210.128/25;
|
||||
allow 2001:700:300:1900::/64;
|
||||
deny all;
|
||||
'';
|
||||
|
||||
@@ -71,12 +67,8 @@ in {
|
||||
"${machine}-backend.pvv.org"
|
||||
];
|
||||
extraConfig = ''
|
||||
# pvv
|
||||
allow ${values.ipv4-space};
|
||||
allow ${values.ipv6-space};
|
||||
# ntnu
|
||||
allow ${values.ntnu.ipv4-space};
|
||||
allow ${values.ntnu.ipv6-space};
|
||||
allow 129.241.210.128/25;
|
||||
allow 2001:700:300:1900::/64;
|
||||
deny all;
|
||||
'';
|
||||
|
||||
@@ -94,12 +86,8 @@ in {
|
||||
"${machine}-old.pvv.org"
|
||||
];
|
||||
extraConfig = ''
|
||||
# pvv
|
||||
allow ${values.ipv4-space};
|
||||
allow ${values.ipv6-space};
|
||||
# ntnu
|
||||
allow ${values.ntnu.ipv4-space};
|
||||
allow ${values.ntnu.ipv6-space};
|
||||
allow 129.241.210.128/25;
|
||||
allow 2001:700:300:1900::/64;
|
||||
deny all;
|
||||
'';
|
||||
|
||||
|
||||
@@ -2,11 +2,11 @@
|
||||
|
||||
stdenvNoCC.mkDerivation rec {
|
||||
pname = "bluemap";
|
||||
version = "5.15";
|
||||
version = "5.2";
|
||||
|
||||
src = fetchurl {
|
||||
url = "https://github.com/BlueMap-Minecraft/BlueMap/releases/download/v${version}/BlueMap-${version}-cli.jar";
|
||||
hash = "sha256-g50V/4LtHaHNRMTt+PK/ZTf4Tber2D6ZHJvuAXQLaFI=";
|
||||
hash = "sha256-4vld+NBwzBxdwbMtsKuqvO6immkbh4HB//6wdjXaxoU=";
|
||||
};
|
||||
|
||||
dontUnpack = true;
|
||||
|
||||
@@ -12,7 +12,7 @@ let
|
||||
name
|
||||
, commit
|
||||
, hash
|
||||
, tracking-branch ? "REL1_44"
|
||||
, tracking-branch ? "REL1_42"
|
||||
, kebab-name ? kebab-case-name name
|
||||
, fetchgit ? pkgs.fetchgit
|
||||
}:
|
||||
@@ -33,63 +33,63 @@ in
|
||||
lib.mergeAttrsList [
|
||||
(mw-ext {
|
||||
name = "CodeEditor";
|
||||
commit = "6e5b06e8cf2d040c0abb53ac3735f9f3c96a7a4f";
|
||||
hash = "sha256-Jee+Ws9REUohywhbuemixXKaTRc54+cIlyUNDCyYcEM=";
|
||||
commit = "9f69f2cf7616342d236726608a702d651b611938";
|
||||
hash = "sha256-sRaYj34+7aghJUw18RoowzEiMx0aOANU1a7YT8jivBw=";
|
||||
})
|
||||
(mw-ext {
|
||||
name = "CodeMirror";
|
||||
commit = "da9c5d4f03e6425f6f2cf68b75d21311e0f7e77e";
|
||||
hash = "sha256-aL+v9xeqKHGmQVUWVczh54BkReu+fP49PT1NP7eTC6k=";
|
||||
commit = "1a1048c770795789676adcf8a33c1b69f6f5d3ae";
|
||||
hash = "sha256-Y5ePrtLNiko2uU/sesm8jdYmxZkYzQDHfkIG1Q0v47I=";
|
||||
})
|
||||
(mw-ext {
|
||||
name = "DeleteBatch";
|
||||
commit = "122072bbfb4eab96ed8c1451a3e74b5557054c58";
|
||||
hash = "sha256-L6AXoyFJEZoAQpLO6knJvYtQ6JJPMtaa+WhpnwbJeNU=";
|
||||
commit = "b76bb482e026453079104d00f9675b4ab851947e";
|
||||
hash = "sha256-GebF9B3RVwpPw8CYKDDT6zHv/MrrzV6h2TEIvNlRmcw=";
|
||||
})
|
||||
(mw-ext {
|
||||
name = "PluggableAuth";
|
||||
commit = "5caf605b9dfdd482cb439d1ba2000cba37f8b018";
|
||||
hash = "sha256-TYJqR9ZvaWJ7i1t0XfgUS05qqqCgxAH8tRTklz/Bmlg=";
|
||||
commit = "1da98f447fd8321316d4286d8106953a6665f1cc";
|
||||
hash = "sha256-DKDVcAfWL90FmZbSsdx1J5PkGu47EsDQmjlCpcgLCn4=";
|
||||
})
|
||||
(mw-ext {
|
||||
name = "Popups";
|
||||
commit = "7ed940a09f83f869cbc0bc20f3ca92f85b534951";
|
||||
hash = "sha256-pcDPcu4kSvMHfSOuShrod694TKI9Oo3AEpMP9DXp9oY=";
|
||||
commit = "9b9e986316b9662b1b45ce307a58dd0320dd33cf";
|
||||
hash = "sha256-rSOZHT3yFIxA3tPhIvztwMSmSef/XHKmNfQl1JtGrUA=";
|
||||
})
|
||||
(mw-ext {
|
||||
name = "Scribunto";
|
||||
commit = "e755852a8e28a030a21ded2d5dd7270eb933b683";
|
||||
hash = "sha256-zyI5nSE+KuodJOWyV0CQM7G0GfkKEgfoF/czi2/qk98=";
|
||||
commit = "eb6a987e90db47b09b0454fd06cddb69fdde9c40";
|
||||
hash = "sha256-Nr0ZLIrS5jnpiBgGnd90lzi6KshcsxeC+xGmNsB/g88=";
|
||||
})
|
||||
(mw-ext {
|
||||
name = "SimpleSAMLphp";
|
||||
kebab-name = "simple-saml-php";
|
||||
commit = "d41b4efd3cc44ca3f9f12e35385fc64337873c2a";
|
||||
hash = "sha256-wfzXtsEEEjQlW5QE4Rf8pasAW/KSJsLkrez13baxeqA=";
|
||||
commit = "fd4d49cf48d16efdb91ae8128cdd507efe84d311";
|
||||
hash = "sha256-Qdtroew2j3AsZYlhAAUKQXXS2kUzUeQFnuR6ZHdFhAQ=";
|
||||
})
|
||||
(mw-ext {
|
||||
name = "TemplateData";
|
||||
commit = "fd7cf4d95a70ef564130266f2a6b18f33a2a2ff9";
|
||||
hash = "sha256-5OhDPFhIi55Eh5+ovMP1QTjNBb9Sm/3vyArNCApAgSw=";
|
||||
commit = "836e3ca277301addd2578b2e746498ff6eb8e574";
|
||||
hash = "sha256-UMcRLYxYn+AormwTYjKjjZZjA806goMY2TRQ4KoS5fY=";
|
||||
})
|
||||
(mw-ext {
|
||||
name = "TemplateStyles";
|
||||
commit = "0f7b94a0b094edee1c2a9063a3c42a1bdc0282d9";
|
||||
hash = "sha256-R406FgNcIip9St1hurtZoPPykRQXBrkJRKA9hapG81I=";
|
||||
commit = "06a2587689eba0a17945fd9bd4bb61674d3a7853";
|
||||
hash = "sha256-C7j0jCkMeVZiLKpk+55X+lLnbG4aeH+hWIm3P5fF4fw=";
|
||||
})
|
||||
(mw-ext {
|
||||
name = "UserMerge";
|
||||
commit = "d1917817dd287e7d883e879459d2d2d7bc6966f2";
|
||||
hash = "sha256-la3/AQ38DMsrZ2f24T/z3yKzIrbyi3w6FIB5YfxGK9U=";
|
||||
commit = "41759d0c61377074d159f7d84130a095822bc7a3";
|
||||
hash = "sha256-pGjA7r30StRw4ff0QzzZYUhgD3dC3ZuiidoSEz8kA8Q=";
|
||||
})
|
||||
(mw-ext {
|
||||
name = "VisualEditor";
|
||||
commit = "032364cfdff33818e6ae0dfa251fe3973b0ae4f3";
|
||||
hash = "sha256-AQDdq9r6rSo8h4u1ERonH14/1i1BgLGdzANEiQ065PU=";
|
||||
commit = "a128b11fe109aa882de5a40d2be0cdd0947ab11b";
|
||||
hash = "sha256-bv1TkomouOxe+DKzthyLyppdEUFSXJ9uE0zsteVU+D4=";
|
||||
})
|
||||
(mw-ext {
|
||||
name = "WikiEditor";
|
||||
commit = "cb9f7e06a9c59b6d3b31c653e5886b7f53583d01";
|
||||
hash = "sha256-UWi3Ac+LCOLliLkXnS8YL0rD/HguuPH5MseqOm0z7s4=";
|
||||
commit = "21383e39a4c9169000acd03edfbbeec4451d7974";
|
||||
hash = "sha256-aPVpE6e4qLLliN9U5TA36e8tFrIt7Fl8RT1cGPUWoNI=";
|
||||
})
|
||||
]
|
||||
|
||||
@@ -1,36 +1,22 @@
|
||||
{
|
||||
lib,
|
||||
fetchFromGitea,
|
||||
fetchgit,
|
||||
makeWrapper,
|
||||
nodejs,
|
||||
buildNpmPackage,
|
||||
fetchpatch,
|
||||
}:
|
||||
buildNpmPackage {
|
||||
pname = "delete-your-element";
|
||||
version = "3.3-unstable-2025-12-09";
|
||||
src = fetchFromGitea {
|
||||
domain = "git.pvv.ntnu.no";
|
||||
owner = "Drift";
|
||||
repo = "delete-your-element";
|
||||
rev = "1c0c545a024ef7215a1a3483c10acce853f79765";
|
||||
hash = "sha256-ow/PdlHfU7PCwsjJUEzoETzONs1KoKTRMRQ9ADN0tGk=";
|
||||
version = "3.1-unstable-2025-06-23";
|
||||
src = fetchgit {
|
||||
url = "https://git.pvv.ntnu.no/Drift/delete-your-element.git";
|
||||
rev = "67658bf68026918163a2e5c2a30007364c9b2d2d";
|
||||
sha256 = "sha256-jSQ588kwvAYCe6ogmO+jDB6Hi3ACJ/3+rC8M94OVMNw=";
|
||||
};
|
||||
|
||||
patches = [
|
||||
(fetchpatch {
|
||||
name = "ooye-fix-package-lock-0001.patch";
|
||||
url = "https://cgit.rory.gay/nix/OOYE-module.git/plain/pl.patch?h=ee126389d997ba14be3fe3ef360ba37b3617a9b2";
|
||||
hash = "sha256-dP6WEHb0KksDraYML+jcR5DftH9BiXvwevUg38ALOrc=";
|
||||
})
|
||||
];
|
||||
|
||||
npmDepsHash = "sha256-OXOyO6LxK/WYYVysSxkol0ilMUZB+osLYUE5DpJlbps=";
|
||||
# npmDepsHash = "sha256-Y+vgp7+7pIDm64AYSs8ltoAiON0EPpJInbmgn3/LkVA=";
|
||||
npmDepsHash = "sha256-HNHEGez8X7CsoGYXqzB49o1pcCImfmGYIw9QKF2SbHo=";
|
||||
dontNpmBuild = true;
|
||||
makeCacheWritable = true;
|
||||
|
||||
nativeBuildInputs = [ makeWrapper ];
|
||||
nativeBuildInputs = [makeWrapper];
|
||||
|
||||
installPhase = ''
|
||||
runHook preInstall
|
||||
|
||||
@@ -8,18 +8,18 @@
|
||||
|
||||
php.buildComposerProject rec {
|
||||
pname = "simplesamlphp";
|
||||
version = "2.4.3";
|
||||
version = "2.2.1";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "simplesamlphp";
|
||||
repo = "simplesamlphp";
|
||||
tag = "v${version}";
|
||||
hash = "sha256-vv4gzcnPfMapd8gER2Vsng1SBloHKWrJJltnw2HUnX4=";
|
||||
rev = "v${version}";
|
||||
hash = "sha256-jo7xma60M4VZgeDgyFumvJp1Sm+RP4XaugDkttQVB+k=";
|
||||
};
|
||||
|
||||
composerStrictValidation = false;
|
||||
|
||||
vendorHash = "sha256-vu3Iz6fRk3Gnh9Psn46jgRYKkmqGte+5xHBRmvdgKG4=";
|
||||
vendorHash = "sha256-n6lJ/Fb6xI124PkKJMbJBDiuISlukWQcHl043uHoBb4=";
|
||||
|
||||
# TODO: metadata could be fetched automagically with these:
|
||||
# - https://simplesamlphp.org/docs/contrib_modules/metarefresh/simplesamlphp-automated_metadata.html
|
||||
|
||||
@@ -1,99 +0,0 @@
|
||||
hello: ENC[AES256_GCM,data:+GWORSIf9TxmJLw1ytZwPbve2yz5H9ewVE5sOpQzkrRpct6Wes+vTE19Ij8W1g==,iv:C/WhXNBBM/bidC9xynZzk34nYXF3mUjAd4nPXpUlYHs=,tag:OJXSwuI8aNDnHFFTkwyGBQ==,type:str]
|
||||
example_key: ENC[AES256_GCM,data:ojSsrFYo5YD0YtiqcA==,iv:nvNtG6c0OqnQovzWQLMjcn9vbQ4PPYSv2B43Y8z0h5s=,tag:+h7YUNRA2MTvwGJq1VZW8g==,type:str]
|
||||
#ENC[AES256_GCM,data:6EvhlBtrl5wqyf6UAGwY8Q==,iv:fzLUjBzyuT17FcP8jlmLrsKW46pu6/lAvAVLHBxje6k=,tag:n+qR1NUqa91uFRIpALKlmw==,type:comment]
|
||||
example_array:
|
||||
- ENC[AES256_GCM,data:A38KXABxJzMoKitKpHo=,iv:OlRap3R//9tvKdPLz7uP+lvBa/fD0W8xFzdxIKKFi4E=,tag:QKizPN1fYOv5zZlMVgTIOQ==,type:str]
|
||||
- ENC[AES256_GCM,data:8X2iVkHQtQMReopWdgM=,iv:2Wq3QOadwd3G3ROXNe7JQD4AL/5H/WV19TBEbxijG/8=,tag:tikKT9Wvzm4Vz5aoy6w9WQ==,type:str]
|
||||
example_number: ENC[AES256_GCM,data:0K05hiSPh2Ok1A==,iv:IVRo61xkKugv4OiPm0vt9ODm5DC1DzJFdlgQJb1TfTg=,tag:o3xXygVEUD4jaGSJr0Nxtw==,type:float]
|
||||
example_booleans:
|
||||
- ENC[AES256_GCM,data:zoykmQ==,iv:1JGy1Cg5GdAiod9qPSzW+wsG6rUgUJyYMEE4k576Tlk=,tag:RUCbytPpo78bqlAVEUsbLg==,type:bool]
|
||||
sops:
|
||||
age:
|
||||
- recipient: age1syted6kt48sumjjucggh6r3uca4x2ppp4mfungf3lamkt2le05csc99633
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBsOE50MkkxV1p0UlVUT0dE
|
||||
WCtLMEk0ZSttY25UMjNHSHB1QzJ4N2l5WnpFCkNpdmlCY1VxWVo0ZStVclZ0amo4
|
||||
dGhSRWY1SElRZXZzdWo5UDNjUHMzUjAKLS0tIDI3elNXSXJHQU5qb3hCSHYwWnoy
|
||||
N3BhNmJQZjIrbWlVRytxZ3dFMjBtL1kKn7/DTPfJtdBomSplnBomYhsxJbX7kJQa
|
||||
1Qsr+bmugWxHFIPhoDwPIBpChQkLvAo8exQpduos18FsXgvMmB0guQ==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1ug30gg4y7ftuya0wdv7q0vh4egn00wlv2th7mt7cgc2ze46wmvyq9lq6ge
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBXdnNSSEJoaUQwdTNTMDY4
|
||||
QUxuLzRIWVNkM25QNTZ5VTBwQlYvT2p3SURzCnJmd2g1YUY0cmdLL3FkQTQ4NURL
|
||||
YncyY3VROTFUeDc5ZlB1aWdXVGNNdjgKLS0tIEtXeDdRLzl4RXhpS2o5ZUE4YkpI
|
||||
RjBObVhlWncrRnVidEtGN2N0ZitzNlUK/ooEeWCY5nDgny43q45wvl/e6qq/X4B/
|
||||
7Q/DPj13BcrWRgoCYeHlq6VlIerz5ERNgxyR/qKuVSGAVroSVY6spA==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1mrnldl334l2nszuta6ywvewng0fswv2dz9l5g4qcwe3nj4yxf92qjskdx6
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBoRy9CaHY1WEEzOXdUSjd2
|
||||
aFlGU3NGcW5MeHg3U2d0UEk0SXJIcmg4RVFzCkpwODhBWld6T1VNS2haSkpxL0hn
|
||||
b0VRWVNFcTE5c0t3VkFZQ1R1d2dnbmMKLS0tIDdNMHBrU0RRSmlBZUJobXQxZUt2
|
||||
MzZSYlM5bjYzUlRYNXkzNzZlWmx3L0UKkH6WOXHFRRbCprSjxcONSVUN/9NEQvtS
|
||||
Jg+dJSMviq6GvUfUNmNvPJHfyy+CYT6a2Zd+4NdYCetRLsRJPc6p3A==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1hmpdk4h69wxpwqk9tkud39f66hprhehxtzhgw97r6dvr7v0mx5jscsuhkn
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBUckpiMzYrU1NnNFJ4MGps
|
||||
OEt0c0o3Ty9QejhEM29wZFMrNTNyMHlHWlRBCnBHUUdvcmxoL0FqVEtBSHlma25P
|
||||
c2tITUtZTGVzOGdidC84OUYvRlpxSjAKLS0tIFNMVmdiWmJNZUdLS1g3T3ZINUh6
|
||||
Mjg5RHdKYnV3Z2V0L3E3ZlA2WDB0WlkKJr4Vg6rnKqGpL6N143QYfLqS4lQIED/J
|
||||
SYQds8mCiyCNGvV6ON4k096jXcuMAZ1w+0bA16AHlTXnqgIgfaHpKA==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1wrssr4z4g6vl3fd3qme5cewchmmhm0j2xe6wf2meu4r6ycn37anse98mfs
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBHL1QvSUlWUTN4OTBKOURa
|
||||
VkVVb29McWgxa3gwb2lkVTdSZmUrVVZpSERjCm9oTTFRckg3SUM1a0tJRVlaU3RL
|
||||
dUtsU0FpY1JyNkx6K1U1MWcrSjNYbUUKLS0tICtvTjJVdG1PSXF4TVltZ204SnVu
|
||||
VE9aT3l2dGgxMWNHUXQ0bDN2RjVOek0KwOa/vczHZa+SRr8j6KvkfZZ0kajxXOq0
|
||||
5AoDz2Mtcs+qBctTuogdLCZoL2ZpRVV7v1dGI+Fm1cVLoutV19IvTQ==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1zhxul786an743u0fascv4wtc5xduu7qfy803lfs539yzhgmlq5ds2lznt5
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBWVFp0ZlRhU29DNUhMSmRy
|
||||
Y3VVV2pmajJmaU9qN0tHR1E3ekFMS3o0K2pRClIwek5GYzNNZEliK2ZTT1NVZklQ
|
||||
YWpqY3poN0E1ZTVOTVRhL3FQSVZmZW8KLS0tIHpuWktoa1EwcXc1bEJJYk5VbEw3
|
||||
blE2VXBuTDdlbHJTVjRzOWdyem1UWTQKg5uZRhcLpmiVcadqdJoscqsBD2u6UGx+
|
||||
qT0IoSVOzsBlJw2t9rH1zR7WfRSlCXT1NYzu9aTWGqQaB8qvEtyk4g==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1sqs7urnzsdy64efmd0zukzv3gs5pnjksuxd7nqmdwdy5l0nqnunq6hyune
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBFdjhMM1ZpM2xFVXlvOXZK
|
||||
MlRZT2U5YzhMUVR1L0FqVVdiSTFTYUpyN25rCjB6ajMwTnNTaWk5d21vM0Zza243
|
||||
dHhSOHM0c3cwS1c5dGxhbzBNVm9DeFEKLS0tIEpOY1lWVE04UkNYNDdCcUdnTUhI
|
||||
NC9xOENWZUNyay9SeXRjSUdkMlE4UXcKiygSIWelRUZQPbiK2ASQya7poe1KCXmo
|
||||
XIlgOaUe1+lvY8s2bjdud0+7QlPOKeyciCSFNNqIxzHMYSEKwNCbpg==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2025-03-15T21:42:17Z"
|
||||
mac: ENC[AES256_GCM,data:2gH/ZaxSA6ShRu53dxj7V3jk7FsVdYS+PSHQyFT8qMvKM1hsQ/nWrKt00PUl9I7Gb4uomP9Ga3SyphYOXRBzKoV+x52oEWOJE3Q4iPrwdCkyHlxEezhTd/ZRQVatG6dvHpLuDNS9Dyph4f7Mw5USI+m4WeVdgCvHTydw+4KIfP4=,iv:yimfq96WVsagvKr8HTg1RdZBSrVGcCWPvv8XOXkOfcg=,tag:zHzdrE0PX5+AeD2lpqeJVQ==,type:str]
|
||||
pgp:
|
||||
- created_at: "2026-01-16T06:34:38Z"
|
||||
enc: |-
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
hQIMA0av/duuklWYAQ/+O1tft/OfS52K8cmcQE7I7aFb85P2L+7u1TdmTjHwNFkC
|
||||
3jhvzPkNDQDkMIc5EPZKX5WLUS8F1UaqCw4b8zZtqoTqKDpu0S92KL500iXwBxft
|
||||
D3cRMFFb6GBoSlPJVBt6LMRJjGLWCkBihlYL1AknoVV7VERj8m1cvcstdp3qbEd7
|
||||
c+X6t5B+7N0/QPdh2KyrHWXyCzFc/6emVjNGy2EoXRt7idFF2yTbafobCs/hZ8LZ
|
||||
RJyhpGyR9QPtAwFP9Und62tCd4ZwG5FazZBLevRrmD7AOW1WnQhyYvxBvqQp/Oz+
|
||||
lFmhcirLw5CaC1AbF2k3uNoAHXVWyexaQeu2gsNYXq+lpsdCWT8WtrAtNCyC2StI
|
||||
PtdrdQ9oikJptmoWQ0zEBXKXdV8AhukLSX0wtis74KbmcS+2YyNKvQksGF2ZfHBh
|
||||
U9ycfJr1kwm7TAg5Lg6XOmKrdOJkPoIcUCk2QW7MfS3nwwMLt3BjhhpRVUfeUmjB
|
||||
Jjjs+jUXEusnmwmvGGgEU2pT944FLuFClSI8JTnIZ61YkjF7zAtrURvsNKlqu/UG
|
||||
JLrWR+dnnh1YK0qQEcqt6giNSX2IWrw5SpJ8Jekt0TWfB1HDHybQUyFC/n/je/XK
|
||||
0ouAeDL9oqh0eRU3ng4KKhOXNn+WO3/HrnG//KFwokc//BNNvP8qM0CTtPQbQ1HS
|
||||
XgFjhTfzV0T4LyUryuict4rLVI+DDbzWGRp0umdobvQE1CGLhKCanrd2/Ng6fAny
|
||||
9G09vYF5zK95uzqFBCTh1zFr6+rhfbMI501TwBu1KxOaJdYs3vzLiTGWoyI48JM=
|
||||
=5fyo
|
||||
-----END PGP MESSAGE-----
|
||||
fp: F7D37890228A907440E1FD4846B9228E814A2AAC
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.8.1
|
||||
@@ -35,91 +35,86 @@ bluemap:
|
||||
ssh-key: ENC[AES256_GCM,data:nPwsT4RYbMbGp2MChLUh6NXW4ckYr7SQcd6Gy2G8CEU+ugew5pt4d6GOK1fyekspDtet3EkPL2F1AsoPFBB2Rv0boARMslAhBqwWSsbBJTXeTEgAABSMxTPJRBtfJucvv426nyIj3uApoknz6mDCQh1OI6mER0fis7MPaM1506HlDlnIT0FV9EairEsaAmbd0yddByGJSccKIza2vW0qWqrz83P+xrakEONxFz0fJlkO5PRXCcQJVBCqWQfnaHNrWeBWv0QA7vAHlT0yjqJCpDRxN2KYrPWsz7sUbB4UZOtykCRM5kKFq73GUaOKqVECJQhcJi6tERhpJELwjjS8MSqvBD90UTKTshGugfuygTaOyUx4wou3atxMR2Rah9+uZ6mBrLAOLX3JKiAtyhFewPMWjd/UhbMPuzNageVBNz2EMpa4POSVwz5MyViKNSgr9cPcNGqmrnjvr/W/lnj6Ec+W80RiXQlADSE4Q6diLLwB9nlHvKs8NTDgv6sUafcPHpJ2+N4Jkb96dE14bMffQ385SI4vLDcQ8xCQ,iv:WdJIHRzjlm8bEldolCx1Q7pZJvjxGkNZALSOy3IjizU=,tag:5ZAikiqttq/76+thG+4LMw==,type:str]
|
||||
ssh-known-hosts: ENC[AES256_GCM,data:J6V+NJ9TvYUL2gmcqWWYt8X+n0M7i0RpDpBelWAbFMH64+e9ztHNnC491sm+RogDxqKk0kwQyX2Mz00iq3Gc3wDYyozGOdv3tBKrp7/LcfjUQ9T9hi0yTD3eNV0LAjlAWMTdlW65VGHqGst8ncKbUuVxbBASVlh3A321toZgD+xxUAtNz7qKFa6fDbOS0xLD1+CmTwVp+aPos//QIKzjuk1HqxfBNK82maKtD4JHPS+Y3be2wIEjGWq3H6JYN/RDojD88D/jzo9RwvEjpqLXoOVfy8uX/fbEsgkgfAmPiaG+ePCnchSExEe3a6Y0E+I6YIzvP+tGThJpu4HaT/yW2Rww/jvsxKrXSUhtBZI/SIX5ZAIFB3sFjJXQefJjfNpQTQWhbspLfdemafGaRiDnzVgKDhNL1HNMNsXKDfWa0SLs4//dqerom/QCCNsaqV+4HVzv5x44srChGERadQI/Wh4UG2R19xxbdyIsKPHzv7BhEKufJkjc5upBjWygQrGAkTRHugFpw2Tdkz9yUQSujMkaeRKhVkA+ZUAjwnY5TwqNZBj7U3K2JXoNVHAq194XmrA2dNghh0OmRrvKGwM3HKexX22SXT0bPlpdWRQpMbUgV+uHLMerlDpNMFTIueEBkaF/FWeSW2N5WUrUb1uJ91QcJ8JBgN1riuD1Oxv9RRPrY9VVNJMrYjpAAREN8i8brMTOCJ35s7jnqIei0dNmnNXOoQZPs9kUMeEtUc/Df1E8/aO2Y4yU9gHUuevXnAJWFAiu2IxssgPk6CcNxvapJEmlwkLK/JyuDsWwFxVOHfw5QIEsoDVWXt6eMhquqUgzJI1q7QrTWUQsBb5A5sQKYWQHempOaXuQn1bzA7mU3Gzsr8bNNc6tpy+6j3zTXYR067EX00yqPG+kqRn4QVIuhByxXP3cwXLUG9uD1lsqWrGzs6WCnHr7txhRBXf4WbBVmXModO3uf36cDYEwrUa6yBsARtSl8PJ0UadfY/xULcT5PFvu9+Hi2qj3vp4IU3JCJa9AvXB+11pbSdawprjuDhwQtPwkJ4CQyvZsom3/BOrmwYM5+EyMDIluEQ0z6eDE5buiIVbX6IvXnDCKbrnqVwavX2wqyiDduFLjRfWL/3U2O1yRim78smrDMJABJZvtW+a+GfmlnTd/gnFvS70Fmm/lgtY051ISL/iFx6toJRoBMMiI/Zvy13uQry+w/HbyFl42DIank8tf7kuN3E9M7ADGMubRJJ0AZOcQddrFnR4Gl2nU2+3RS5fLHaBf9QHK6W92/n//xmPkYqrkPacew4eBjUqM32jVGuBpDc964fK9kdtIdw8q5P1s/ph3I79Y24kGeuO1AVJuZvkaTv1Z7GgI9+K9TstKJ9XpRCidLpLSP+uHOWkqcNsQlt6ilTlfHj+MKoD85dKZ315QMmpiuYEvzCSP1aYTb9dpd61Su/IVuM3r2NuINNEZ166YlHQVsLNpDn8E5ahk3ZInOAg6/kaKTmjUI8KEvX4BR3PbbViAlJJb3suJ0oZBGPUlrW5uLRmADvf2mMDVO5zY7/m9DQwxjt4Miu0l8ZaUc0YJQ850lBKucQ==,iv:GI8w7h7xX8gMHuAoWUyrW+BQb85LNlASoYvGBPlCZaI=,tag:WnHNMevfFSMc0ikBZwWn/g==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
azure_kv: []
|
||||
hc_vault: []
|
||||
age:
|
||||
- recipient: age12nj59tguy9wg882updc2vjdusx5srnxmjyfaqve4zx6jnnsaw3qsyjq6zd
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBzMVM0T0Y4Wjg1OGNsR0Iv
|
||||
VmxoNmRMcjlWRHFhc3l2Sy9aZnF4b0ZsTnhnCkd6UnEvWi9kRU9qSmVLZkdiWGJh
|
||||
SW1SS3FDWnZTZnBhTmFvTW5FMCtUK0UKLS0tIFJDdHFoT3pPaEJLZmR3R2Jsd2pt
|
||||
R0RmcXJwRlkvSVhRbGwxZytLNmlqeFkKw/0nGPzgzH39udFyJVkjNTMTmffiQh6/
|
||||
HT1O7imvPymx5kXrnfciAP9bnCV4o/HiVkuDxBP7gG5nBUgY6PIC7Q==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNbjFxWk5lY0kxaStxcnVh
|
||||
SnlYamw5WXBRTkU0ZGFEWnZvME1nZk94TlIwCmlhVGFtckJpN1RZdXRBYkxDbnVS
|
||||
UmZtWENzZWNYRmptY2kwem42ek1LbXcKLS0tIElsRXBmNHNmdjdqTmFLL2ltMnFC
|
||||
VG11M3ZpeUJPUGlEQmExOEdSZFJERE0KSIo1pzx8AcoJWEzNzEDoV3eM7194IHxL
|
||||
4pCSSztKDCF+XdJZLh5sgudaYLJGtX5n7q1hbuL0wOmotM9bN2YLog==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1ug30gg4y7ftuya0wdv7q0vh4egn00wlv2th7mt7cgc2ze46wmvyq9lq6ge
|
||||
- recipient: age17tagmpwqjk3mdy45rfesrfey6h863x8wfq38wh33tkrlrywxducs0k6tpq
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBCV2ptWkhqNjcrM0hXOWEv
|
||||
Y21GNkVJUXY3dHV1OUdUdlJZNHhka3g3QVdNCk9vak0wSDBhS3pZSWk2anVsMnVY
|
||||
UmVuamF3ZGw1MGZ5M3ppSThWK3FPR2sKLS0tIDlQRENlQjh6THZRZlpEWnE0djNo
|
||||
cXl3S2tRdExvSjRNUHpwbFNzVXdQVmcK65zb8MPh67TyHkjLA2vLgv2eOQOSUDih
|
||||
JeHkryWGQXzlYL5tZZ24ae1mqYiYQ6DsbWXopA0q0OmndYByXct6FA==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBybXRjNEM3ZDYwa21LdWpE
|
||||
dDg1MUxaeHlJSHRhWk40TndYbHZLWHVsVWk4CkxkRVJ4c1lhaXZodGxhNGhkUy9q
|
||||
M0I1SHdjeXVXL1E4OXgxS2x0cU9ESFkKLS0tIFpNMjNKLzNDWWtvTkhHRDFSTklH
|
||||
T1k1cXp4NXVvVGdkYXp0VVNJejVJRkkK6K31gqRRvo0mbJy6aCTKotVmrfqZoARG
|
||||
w6wKe1TJLWJv8RAD3GQrub9MJwQhUG38Jtj1WrXgNMlF24zFPlZDEQ==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1mrnldl334l2nszuta6ywvewng0fswv2dz9l5g4qcwe3nj4yxf92qjskdx6
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBCSnU5dml1bjY5ejZHUGRQ
|
||||
V1pNQnBXWUx0c1R5WkY5d3NFOFlKTkFrMUN3CkNqMjc5NDRMb05tSW9wV3lkUUVU
|
||||
Mml0VWc5N2NBZDQzVXMrWGpqVzY4NUEKLS0tIHBoNTZlOVBMdFJXOC9QRjJ4bHh2
|
||||
SzM4Rml4dFNjMWxxYXlVdTdxTTB1ZzQKvoBpb4PPNM5yl85wTcTTqZmkXmwZGyvS
|
||||
PMPFNqEkzcZFtC1BfYGIlKAuisGhQ6rFAkyTZXTLP0HjPEcH00+WMw==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB2azhwMEJRZ3JQRnhDNlFR
|
||||
a283MitGTTdaMTZURmFYam85TU43RkdXYTI0CnQxWnRUZ2F6MHd1TWlHMDZ4b1p0
|
||||
WStOVndGTUpmdncvd1k0WlV3c0xKYmMKLS0tIFpSb1hKbHJyM1dCOVBMa1Jabndp
|
||||
NWlGSFhQUngvWG5BQ1lyOFAxanlGdlEKt09a9bMErR3wqbutxhDRfSWp40mmfShJ
|
||||
KAAO2TEMKkEGFvaxYu+G9rbR37h/ZttikJMvIVlfRzmVADlFwO7eHw==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1hmpdk4h69wxpwqk9tkud39f66hprhehxtzhgw97r6dvr7v0mx5jscsuhkn
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDbGdTVUU3UVUwZytQancy
|
||||
ZXY1Ullmck9qZ0dsSmZqUHF0NGpSZlJWRjBJCndmbGh6Y3lUWmdEWUdHNkZwd0dM
|
||||
OWpaTk4xdzlLak1iMFhhU3BnT1NYTE0KLS0tIElxOFVmUnVDUXhUeVBEVjJhR0Rv
|
||||
NmloODFNNXU1TG9FeWxKYTBGOG5qR1kKXGAQyRVO6Sh0LNlFD5nx0F3m2KYP8hYl
|
||||
/g3mwi4NI4UIR2dYXsgNJuF7axxP1IbaZ/j2NLNYbVe2+iZvscvBTw==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtYVJLMTZma08xZVo3cEZs
|
||||
Ym1FTU9ZdmxlcUxselltWDRwdUhUdU1udnpjCmh4TlJEK09UdlNFLzN0YnN3WGtt
|
||||
aGpzd25Vckc1TmVCamQ0ekk2QWpraUEKLS0tIG9CNzBOM1g2aTRlQmt3WWVrTlNB
|
||||
ZWsrZy9HSWt4OUdMb3ZZQmNjNGZNZjQKMhvkRnis8P2iV3hoigiN2IXeIFvFuYRK
|
||||
FeMG/cNOtAUsOgHMs4xDPqpLrhpay7IEvwQukBxscd/88I8/ZdGeHQ==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1wrssr4z4g6vl3fd3qme5cewchmmhm0j2xe6wf2meu4r6ycn37anse98mfs
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtWkVyLzJWM01ybHB3cmpq
|
||||
cTJTM3VWaEk3djcxb0RnbVZXUGRyMWQxcWlFCmhQUmtGZm0wczdsLzZUNHFqRnZW
|
||||
R0JaUDhmUXB6OTBwNEFja2xhbm1JNXMKLS0tIHNVUFltMjZjalJya2x2UzVHcUoy
|
||||
RGs3aStCRUJmMG9JRFZyRFJWeTZKWGsK8oTccCGCXPsQEGnn57ml5IwYCHgYoBpC
|
||||
2U7uT/Z10crtrqgPGi3/jYr5IEacLBvbuGLBwSlCo7NGz/6XnVIyaQ==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtazZ2RUo3ZjdKeStLWW0r
|
||||
bm1NVWJRbjZpZTVRcEFWTnJwYkp2YUN3OTM4CnhRa2RpOS83MW9zaWlUV1M4b21t
|
||||
OG5Ub3VkK1dSMkVzN2VtT0JrWkFSTkEKLS0tIGMvOFU2U243RnpUTThRRWthaHpZ
|
||||
SjBhZjJpNGlUclF3bXRKOXk0KzlHdzQKp/asp39bRfNXyetc3ySVpnzfO6it9D/e
|
||||
XWyhq0yKRFAC8yMYeAuA4kIcNM4DGRc0PnwA/ce3IgHsV1ZNdvdWfg==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1zhxul786an743u0fascv4wtc5xduu7qfy803lfs539yzhgmlq5ds2lznt5
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBSTlJPQk9DTFNKMjA2bTRj
|
||||
OE5uaWxEQkhUdmRvT2h4TDJvREo4TlQ4MFZrCjNjd2ErOXcxQkJrNzlOdGNFSDNW
|
||||
S1gyaG1SSGpyNmtXZXpqZzVnN3o2MkUKLS0tIGdkbEROYUNjNk54RmFuR2VkK0Zq
|
||||
RlRMc0R3dDllUGRHcmNDTDBSS09mUUUKhdxXMEuwLviNY134uA4SELXiHo4rCC9h
|
||||
pT2iqOV+VDquwE99h9OIo2Kfmblzje/TGpok1i4cxytg8fly3LZD+Q==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1sqs7urnzsdy64efmd0zukzv3gs5pnjksuxd7nqmdwdy5l0nqnunq6hyune
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQcHVjN3MvVUEwazNraXFQ
|
||||
anVTbU1EY1JUQ0FyeSt3bWJ6TVcwY1UwZ1cwClRtOTE1QWNXaUdzejh5a3BUdTFv
|
||||
M25HcGZBY1IrVkdXV21vWnVMTHY2VXcKLS0tIGVKMFFCRjhJaGJPWjhlNEFna1hB
|
||||
SU5zanlva1p2QjVndVJwUnlkdkFuTDAKbQRrSfG9MGsGvF2ywoGhDSuriDsbQ+k2
|
||||
29mxere0efSSGGq8y9YrPC8UX5hZRfqg/dfbL+PFc4NHfbxB/oSzQw==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBnT3lTUEFaN3pOMGhsQ1Ra
|
||||
SVZ6cE90a1BteXgzaldsN3ZTSGZpZXlyWHdvClhJM2ZDRHR0VzVSQXd0b1drK3hG
|
||||
aW8zUWlHcVFkTFpJYXpxWlAwVHV0ckUKLS0tIGVmR0g2Vk56dlZCU01Dd3NzUFZU
|
||||
UHpLRkdQTnhkeGlWVG9VS1hkWktyckEKAdwnA9URLYZ50lMtXrU9Q09d0L3Zfsyr
|
||||
4UsvjjdnFtsXwEZ9ZzOQrpiN0Oz24s3csw5KckDni6kslaloJZsLGg==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2024-12-09T21:18:23Z"
|
||||
mac: ENC[AES256_GCM,data:scdduZPcJZgeT9LarRgxVr/obYsGrJAbMoLGJPPPp19qxOJMTdvYfMz8bxPjCikB4MacEgVZmcnKIn5aCzHJAnCI/7F2wm1DDtW9ZI5qbhDJKSSld+m2leOSPfR8VY/0qj6UNgGnwkwx7dfcAlv8cP2Sp3o1M2oyQxeXPr5FWEg=,iv:JEAwkCewMp0ERmYU62kZkbl7+FET1ZeRr6xeEwt6ioM=,tag:jxvli935X3JyZYe7fFbnLg==,type:str]
|
||||
pgp:
|
||||
- created_at: "2026-01-16T06:34:44Z"
|
||||
- created_at: "2024-08-04T00:03:28Z"
|
||||
enc: |-
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
hQIMA0av/duuklWYAQ/7BX4o2qvoL2bJN4zkyjqUBgFi0rS3UXsP2D81nxDmlEYP
|
||||
iAm7uQ56/QLbxQ4nW+aBy+ijy4+a9w6yOEfy4DBwXQLebWJUFn2BJ88+6rOlAz51
|
||||
hxHlAOAkN7aFm5a2Y8SQVGnsM/HFx3xJJU5seD5QhJgoPcaDlD/f3zrmmKzvgwX9
|
||||
CHPI4lmQjzwjyG8BJRDlCdXtjXqYT2prs0raLUESwt9p3Hu+zZ5DZfZcnx0s5F2y
|
||||
nj7cFncmFci204EUzCoYrJNkjYKZSDhlNGyzZzF+7ve6LYW2snet86gDFWNsJqfj
|
||||
/1Xp+pDSZVFs3Sp2iSTKqG0wQaRgmyP/r9IagNwTJxjgCjJall2qmdrj4xi4EJef
|
||||
40ZGn9BGmk5EBAVhErqwFwZTlEDuGRWSzStRMpyi8YMA8DMd/mNxdXetrg7zw+ro
|
||||
iaj+izF+FDjPAm2dCaO9r1zZiFKZk84Q2tYNVAs+2t3a/GJYGAs0qzqWcyJzYk8q
|
||||
CHpXUDHVGFXFjgm067nowjtETLyBtegM1bIfoFJEqJUgWT+NU9kON638Dp0HuV/X
|
||||
DkBbwYCRCRSnumslEHlUxw/I1pZijCiJf6m0hbjWEKxUM8N0fKLLxdoYLSY36/8L
|
||||
kyA9T59+qwNIfpKmpF9jvyIX7/Chers8ebgwwpJrP1UwueKQoxhO2mL99by9+P3S
|
||||
XgE5D3lqS+OQqJfRd5VMjy6Skq5N1kRhtP+dujwBnX/MxClrh1HbgVaNKqwiBKBj
|
||||
CV9oTxtI8LDC06KOws841HmUuGe9/4H0MNu/dz+VMh62RD0MVher7JYs5fuFHVo=
|
||||
=7yLr
|
||||
hQIMA0av/duuklWYAQ/7BlyYej03uyhLheXS406h3Ew7v7D+rHHvHjiw3FCJxHoC
|
||||
1revUrMa/M6iTNQteaBvBcYVR4+SpUpRyN/6BSzEQBrNhUBR+70VWL2yzeeb6Bw7
|
||||
GBtuyS7O3DEd0froE3aFETR0NfQ1FfcndOBd3SDKOsCgL5nfJSyOPQtr1OMLKzoW
|
||||
+CARt457xEx0KY7IIpN6e57IT7bVjJx5UuDcN0ZncUyuGUAKHdn0nAHzWqiSZV9w
|
||||
bIftLJ936zvBOhhl3DkzvALnI9+//KPSMM3o/1ti07FoAx8cK2w83VA5Ia9qeNkB
|
||||
wfVuE6f5a2KP/KrfnVCfvweMh/MIEUGb14XEaniyYwvlW5vwF9YgPH6HGc0c+lH6
|
||||
UWy8+Iw7kXkUEJuhtNWyBPJeVKheSBieoWUBZZAK4uWUpChJxfc5M3+P3mgzTIP+
|
||||
7P04xdtS0GwrNwMBiQFqc56hoYDAwMYbn9lFzM3LLq+h8Ztg2G4X9LXjD956TP5C
|
||||
bPV7BFcjTSaAt1TDJcDJRxfrtx6Mo/DLknpGTMRM0UfQ/22uMz2GAH38L0C7lD9B
|
||||
RrKlpDuMKzj/LUihO33Ry9J0IpZ3XF6oaSl/+P+uO9QYNxA/zkuxuSWfqoysldyN
|
||||
bSo1dHGapY/+PVMjM0E/2Dkk9T2IbQUlkVxPrlvuUd3YfrJ7bCva2GDjLvXSp7LS
|
||||
XgGgLgrj54YoOn4uUFsxzDIS7yVps3fCkByVtc1Lc3C8uPPF1B+jOX7O87kZOHag
|
||||
XvT2ze2ITfdxPzoyZO1nWVIGO8rAtQ/vK/Iv2/hHtc4gfzL+gy7GeUWGHkvZ1Kk=
|
||||
=wDmH
|
||||
-----END PGP MESSAGE-----
|
||||
fp: F7D37890228A907440E1FD4846B9228E814A2AAC
|
||||
unencrypted_suffix: _unencrypted
|
||||
|
||||
@@ -12,90 +12,81 @@ minecraft-heatmap:
|
||||
public: ENC[AES256_GCM,data:+fiCO8VRSmV7tmyweYSpZJMOuMORLHkWetYbr20aTQ1vRYr927nYGes4E464t+Dv9OyJPCLmHBdgt7UvxJWuC3pZE8iStnBYnej3D4ebMzi2SMfOkJjGuQSplXtl8QeAYe1YvROmtQ==,iv:thgGQUyWdXfwUt1E/vudoNjl8JjnksFd1rb/asTry+g=,tag:t1iQPocvfI+JafuJycaLuw==,type:str]
|
||||
sops:
|
||||
age:
|
||||
- recipient: age19nk55kcs7s0358jpkn75xnr57dfq6fq3p43nartvsprx0su22v7qcgcjdx
|
||||
- recipient: age1sl43gc9cw939z5tgha2lpwf0xxxgcnlw7w4xem4sqgmt2pt264vq0dmwx2
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBoeFE5T1FHeVczVU1aVmhC
|
||||
UE9aKzRHVWdDOG4xMXBtV1Y5dW5sVmZzcWtVCjd1ck1CRmZxZHduZmMzRnRodi9n
|
||||
ZVRNckIyQzErVmJUaDdDb1A1bkRUNkEKLS0tIEJWL3EzTkFYQ2tNRnliRWJISHVr
|
||||
aCtGUFhRYkdPdG1uTVdGN3lITzJJc2MKt9TDBg1CV3a6FhlROVZ3ruKVdehQcuSN
|
||||
hv0vUdbR1uOX89+P1oqNMRMQJI0V4oWi138m+uqA+jozvz+Vn5z/3w==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBiOVc1eXg1bU9BZmc0cXhM
|
||||
L0dpbVBvQTNzcnFWcktSaW5rQXhnZks4dlhRCmVla3kzWDlJN2V0dDFYWkxJUUVo
|
||||
RTlqNWM4c0lmbkc3cUM0dTgyWGpSNWcKLS0tIEx4SkxDdTFGUi9OQ0NRVGxXeSs4
|
||||
b3Zaa3p1MnU1UTk1T3hmejVkM2RDLzAKmk63I60GEenLt0l4FHmz9mBAumw105Qs
|
||||
mDbQBfAj1m1FTE6tl38J8wVyFI8LT550bqYdymvnT2mnEIAIP/04ag==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1ug30gg4y7ftuya0wdv7q0vh4egn00wlv2th7mt7cgc2ze46wmvyq9lq6ge
|
||||
- recipient: age17tagmpwqjk3mdy45rfesrfey6h863x8wfq38wh33tkrlrywxducs0k6tpq
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDYUNsemZ4TDR3S3EzcnNI
|
||||
eTduanpyc09XYnBSTk04dEZSME8rYjdvalZFCnd5dDluWStCR0lvRFlkYnpKUVlz
|
||||
dzR6cHU4T01TUGdFamRqZlBGb2NBYUEKLS0tIGRCTTdjVnU4ZjY1czZjZnhJdzdw
|
||||
M0swSS9wQVpIQ29XeGRJelk3aHVNcTQKv2Nuia6fkUIu+P2RcP/iHonc6B3y5GJL
|
||||
eiGHywJ5QnQAVOkaNiMZSNfo6OWL/49GnULWJwvbaS/Hong/ax9GBQ==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB5dmJpdUxVcllPYXpxRlN6
|
||||
ZnYyc25sbjdWNUNEQnE3UU5Ea0JPK3o0Ukc0CnFIOU0rOU5lV0tGb2NuNnQzejhw
|
||||
cTBkOFJHTXJIMFhzZ0tpODJ6N1pJRTgKLS0tIEhPVlBMcjdHNVRKWDhkTXFTOFFu
|
||||
NUREdmFNR2NkY0Uzcm9tbmhteHFtSTgKSUTGoNb2/0rljN7oojVk1fMAulK669ud
|
||||
fpacGQFBJzJOusx29YC01W6mn8TW8Cdw6mKmS3QEsYYx7S4HpX0v1g==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1mrnldl334l2nszuta6ywvewng0fswv2dz9l5g4qcwe3nj4yxf92qjskdx6
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBlOHJGNWN4ajA0Q2xrWHlX
|
||||
UkZYVGRtcXkrTkl0YWRVd2JOa3o3b215cWlBCkRjWlJCWXlmWTdia1pUOTIvdlNI
|
||||
aHowK29KT3d3a2xuTWlwd01JK3VPZ0kKLS0tIGkxUElSUVVXODZtZHFuTGpqZTd1
|
||||
TzIwUHBIRG0vSHRpM05vQUJYQ01HYVEKFrDzolWZAsiOLhls4hdIkjRXAsYYVq9k
|
||||
aKbS+DAKVP6AnhMC+Xz8zp7N1bvcXI6tKTmrlg+mo7bsc+vOl12AGg==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBRUmNyQWU2Ym5NMjJnUUpu
|
||||
Vi9yeWhFM0NDTGZtRThXQWMxYVI2aEUrNUVvCklxTldQRnp4dTVXMjRXWU5DNWhz
|
||||
dzllOXp1RVRaMDFNWExuK01maFk0blEKLS0tIC9hUENybThmWlBab3IwSTQxSHBj
|
||||
Q0IyL20vdlRBNWZyNXc3MGVtcUNza1UKLDq74TMy5hXhimnDA06/Ku5RJQcDvkjn
|
||||
QKSGCxZ6FJ/io22qNiw0vDRzTfW1Dz+9/Yog3Pi870IcAljkdmoxEA==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1hmpdk4h69wxpwqk9tkud39f66hprhehxtzhgw97r6dvr7v0mx5jscsuhkn
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBZmg1a3d0ZU9idCtMelYw
|
||||
YnZlaFZSc0pCWG4yYVMrZXNkN3RVOXhJTFFVClBXa0NqZjB6TDFCWGRRaG9JWHZx
|
||||
SVZ0SXExU3hBb08xNVQvU3FRRkRXSFkKLS0tIFlmUXJSc25jZVVhaFFNejY5d1Ux
|
||||
TWVyQVRjWFBpOGc2Z0xCRlBBclVmQlEKwdADPZ/JtBznYW5ngAehdFD7dJKjy826
|
||||
G9JaApg1xGj3OQzB88rlyQwE+WSV9yCdJ1BzIK8HVSaBOsitRoJDKQ==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBOTUpYam1KQ2laek42V1NE
|
||||
eUY2TlY2Q0JNTHR6QUEvZEhhem5ZKzhPQ0JFClZldDE3dDVIeTQrOVpJNGI5dDlR
|
||||
YStuTlRDcXdiWE9LdThaUERnbEpkU28KLS0tIDNidFQ3ZTdINXpTZGljZmh3Q1ky
|
||||
Ynk3aUtFOFdGV1NHb2d4YXJXb0xNYU0K07jwIfF+US++qz9rKn0TgR/vZam12vvr
|
||||
lq5s694hHkSRmAP5uJ4lNQKUkacH9qlBXB+aU+D98vKRDGYIkKhlQg==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1wrssr4z4g6vl3fd3qme5cewchmmhm0j2xe6wf2meu4r6ycn37anse98mfs
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBFZ05hM2N0QUNHWmpHMHdq
|
||||
cHJLTWdaMkIxSlRsZ205VjJYU0IwNmtEb0h3CmhBN3hmQ0pscFVQMmNwemY2UnhT
|
||||
OFlRL1VPa01NaDh4Q2xxdUYzU1E1QzgKLS0tIDB4ZjEwRmtSb1hXWFpSdHA1ZzZL
|
||||
YStGSVJYUGE2cDhiYkJhY3dMQ1F0dEEKLexDk8xrQ/7SGGUjGIjt+PiL98LeIm6z
|
||||
Bs+2xr/egd8X8ISwPTjgTutDqTM4Oc6HaDJ/mG8H3ewic4ey7TmuPQ==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBjaURPbENOQ2l2N2lsd2l4
|
||||
aUdQNlUyWjNFM2JhcXF1Z1NJZ0lzZWFjYmhNCnF0VmZzd0hJSjJvekpzN3hoYnlq
|
||||
UDg0VHVlMUFTc2xNdGtLb2VXVzBySHMKLS0tIHdVWjlnTmdxSGpMR09zOFpVYmZF
|
||||
M3ljcDgyUHB3Zm00bUxWeHRvK3o1bE0KGWWaSuPmvzA4PqBg3y+XOpnVCkv34eV3
|
||||
ZEnPJood5bkBlVqfiBbwJaF98rCH1f5WI6S0NA/5ol5kckDpfwpePg==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1zhxul786an743u0fascv4wtc5xduu7qfy803lfs539yzhgmlq5ds2lznt5
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBmNkxBQjBDSEt2MllQbzJL
|
||||
VzJrUFhHRzduTDZLUGlTZlBFVUozc1VlY1g4CjM5VzIrbTdZMlJzcTh3MWlGNWNK
|
||||
amVnbnJwbzFxalNSYUJQRjZ0dFllL28KLS0tIFV2SmV3TkNxSEhDTTAweStMUVIy
|
||||
UHVhenNpRGxweWpIQXl6N1B2NEtuYXcKgE62N2ThlFFp+b0T2Rix+H+rmBwrfQDx
|
||||
5jXxPFWOdeEowXMM6kUi4xzeUH7/CGXlg+5uNF9jWMpJ09eAKPoO/g==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1sqs7urnzsdy64efmd0zukzv3gs5pnjksuxd7nqmdwdy5l0nqnunq6hyune
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBIa3dxbkQwWktRcFI2ZW80
|
||||
S0N5MXZWaWxBTmkwV1o2bzVvZlQ2MldiY0d3CmFyRWk1clJCeEptNkcwVkdwUURR
|
||||
MGVzcldGbUpxWDN6K2RGT3ErajBZRU0KLS0tIFZadXVXbDNsT2Q5eGtJaEtOaTlX
|
||||
U3IrZTB3YUJiREZDQkgzUFMvb3VxU1kKJhYYVcCT8hNJkEK1nD3GBekVGDOI3Nin
|
||||
iBat3LwB4Ijzx1jA+jKJ1Ilf4MgdoL2ox6l/uWft27vvsRaQ501VvA==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBMczFnbUlONTI0M083bzNB
|
||||
RVdYQ3ZIT2dwbVJVS3pjZjc4d1htMVQxZGtZCjlPejdVNFVrV0t2MjJ5NEZuYklt
|
||||
U0ZiUWgzdytMSHd1N3FPdmNmb3B3UkEKLS0tIGtPdmhpT0NQSGpPWWVublF6dVZt
|
||||
cTh5bnJ3WW90aXRCSUp6NHFYeU1tZ0kK4afdtJwGNu6wLRI0fuu+mBVeqVeB0rgX
|
||||
0q5hwyzjiRnHnyjF38CmcGgydSfDRmF6P+WIMbCwXC6LwfRhAmBGPg==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2025-08-25T12:27:53Z"
|
||||
mac: ENC[AES256_GCM,data:GoJ2en7e+D4wjyPJqq7i1s8JPdgFO3wcxrtXOgSKTxi6HTibuIcP4KQcKrCMRAZmXOEL1vpnWFA2uk7S00Av7/QOnzP0Zrk3aPBM6lbB+p9XSabN0sOe1UpZDtAM3bzvS9JZzyztT5nHKvO/eV2rP71y/tYbsT6yvj7Y9zxpvKg=,iv:tQiCr7zpo7g5jZpt2VD9jtFKo32XUWs94Jay+T4XWys=,tag:npBqmlbUUfN+ztttajva3w==,type:str]
|
||||
pgp:
|
||||
- created_at: "2026-01-16T06:34:45Z"
|
||||
- created_at: "2024-08-04T00:03:40Z"
|
||||
enc: |-
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
hQIMA0av/duuklWYAQ//Wr/FkredBdFTg1pft56pSfVNVScGeETZXT/EVr0esNb1
|
||||
8bO2SUxWSSKAFaHy5YJ/C7B9Ok267dmecvDiCpBN/UwAVKnbXIwMwQVEpdwFI7Zp
|
||||
g41BaxZ87ogphyXmmPmTtekbV6hJZE1FJ2D1rDlEuIHECGhn+lViuF2T+WmCE5iN
|
||||
UvcU194RjL5cWy4Rgap7bo9UaowDXRHYTuvc0lEBkoCaNbb252KhC+C/4OXIjV3z
|
||||
BoOxF3jF7xLgeK/7swMfwVpQjwD/aM1IKkCLFdf7GbUfUjdKdEiPCpRCMSmSUtXk
|
||||
JDAJz7lzej6r/fCHSsmntSf2RoaHDk3kKMNSvqR9UkCiF/LHBhIeDz2rJiOx+suR
|
||||
gPQLehedeF66+A6m7WwQarklPqMhPRw/IiVxXgsDR8Ws7Dr5wPmNkuQ+LvO4rPEG
|
||||
iC8pOTs2+Eb0ulxtjY9o3DNkCbXGzorSLZ6MBkhQhNUmCuubVQ0gpw6RR7uflgGL
|
||||
AYvv8GYpoY+uWWAbsnVdeK8XuGccjP5toK25PiOKzIdRXczngGMLdhNpQmS2cfh/
|
||||
A69QRFprjTt1/sAqzbe9V68PZ1Opa3EH/fvWgXbUTJbxhAMJoZy03KGnQC8kNw0O
|
||||
RFMSmX2fnK4ppmahnO5rn+5InF1TGSd34O9yPacSB9glb3hvClmNOsC9b/Ow/FnS
|
||||
XgGY8d7IGU6zlCwJyIEKsekexJ+UiooT1AoyORHvzHw1J9jlrybSZTK+IzSGlpzf
|
||||
bfiUk6yOyYNU82LhJBc+gdl6QVeO7VoQrN8iJq752A9yrk5eZsBWOeZybezJQos=
|
||||
=WTmp
|
||||
hQIMA0av/duuklWYAQ//XP1HnmkjG/wdSC2lQm2XJkB5hMU+eJxglsPVaQpqTODr
|
||||
dtVslBr/4nvCLypWhwYCG4jSz9YHU1sI9kDOsuo7PtwCrhfefeOL6CO+O40ECFMR
|
||||
CEMmPLrTXg3LV3TzulchXY6x72LRzJ/aJ1Ra/6sGmffL7JHJ7vHz+U63oXyYivdX
|
||||
9zsxP+iGRpQBK6wcA+Wg30rFV1ENE77H5Wh3PGRRXBSVE1fF6I3USgOxlQvGGnK8
|
||||
cobLecH6V2TwSAptVcGk1gEmn6RUZdxATBnt0vE/Wr/zxZLuoRJgxmiwXuL5+kYW
|
||||
QjCvCgAAEyFJtDRycwPPpDtTCBECPV97Ryev0Z8PdrYHfjNcgNVgDwNH9L3TuIEY
|
||||
QL/f/+9PgNuUjf/7nktn1c5eAvmMyKJCiy9yKYZ1H9ynwN5Bxf+KJflVtTWbdJJo
|
||||
ITXP2RyU2ttM2WjAM87E0HJD3XZ9x9I8Se/f5eQbg2Om7E2HXYr/v2uWf2ByRn5y
|
||||
PV232/rR/whf/vpiwChDsBT97ZfZJibU8Xot7WMkQhgjCJaYH0wzYcrnvg3EIAo6
|
||||
MBN1ufKNAp8BoXrM2P4yu+UOjrN8O+54Sxg7CSwg/a/ldDdjUnsGfbf3vzY1EJcY
|
||||
2lhLZ8sOQyl+Ppe095pcTLvcYp2FOihf6d3i7GGG6Q9Uh2Ljs7EB02GDKP1XozjS
|
||||
XgEsx/GScE/PE15VKlOHhrrF7OJj8P+uvlriVqk/MSWUVO2+X1yS09gXFtazLZBo
|
||||
yqK2yWAOsjFnrMv4A8YHM7COkKvJ9BGdefsoGQu1O838/T7R9+e1OK9iDhfbcMM=
|
||||
=vMG8
|
||||
-----END PGP MESSAGE-----
|
||||
fp: F7D37890228A907440E1FD4846B9228E814A2AAC
|
||||
unencrypted_suffix: _unencrypted
|
||||
|
||||
@@ -19,90 +19,81 @@ hookshot:
|
||||
hs_token: ENC[AES256_GCM,data:2ufSJfYzzAB5IO+edwKSra5d/+M=,iv:cmTycGzNL+IeRRKZGbkhTtiksYTtbxED0k0B5haFw7k=,tag:FmWe5sGi9rlapUeAE6lKvg==,type:str]
|
||||
sops:
|
||||
age:
|
||||
- recipient: age19nk55kcs7s0358jpkn75xnr57dfq6fq3p43nartvsprx0su22v7qcgcjdx
|
||||
- recipient: age1sl43gc9cw939z5tgha2lpwf0xxxgcnlw7w4xem4sqgmt2pt264vq0dmwx2
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBlVGNjVTQyWHloRkxWWjJy
|
||||
ODJ1cEg0aCt3YjkwY2pKa2d4a2N1VUwzcXhVCkpKbkFsZ3lNY2tkdXhuRXRLeTdU
|
||||
b3U1OThkT1BubUVnbHBOaDY3ZDB5enMKLS0tIGZYUU9QeHFRT1BwRVpDdDZRUXVn
|
||||
M2lmWTRiMG5oaUs4NFZCb1NXUVdUZ0kKq28skWDPKQ8U4H+vRu7N3I8vURHj5eMX
|
||||
XKYf6wQ8kyrpT2+nZhWeVP26kpDvHcsMSqQR1ldHOGQAq7fAz8Qwyg==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJcndkMFhyZzdCK0JDN2FZ
|
||||
ME4rTWo5dm9yVGFSQS92M0FpaW5WMGpzRm13CnZ3OEluNWNnMHJWaTBuZXc1dk9X
|
||||
VXRDOHlXUmloYUVYT2pzT2llYU8rK2sKLS0tIENJVUgxUzFxTFg0S1BScm5tNU5x
|
||||
M09CZ0Y3NTQzUVY2ZXA3cG9pYUx1SG8KkZXHZmB5yBh/zoMBMdMwlHyjIQE31EK7
|
||||
cwAfWYVLjk0CDM1JScTCy7RoQpbqNsMWFyUpu1p+1N0FE8IgefOU6w==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1ug30gg4y7ftuya0wdv7q0vh4egn00wlv2th7mt7cgc2ze46wmvyq9lq6ge
|
||||
- recipient: age17tagmpwqjk3mdy45rfesrfey6h863x8wfq38wh33tkrlrywxducs0k6tpq
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA5ZSt0QnRMb0lvYlBYTnVq
|
||||
RHNha08xWS9KNURKTTRpQkZUYVJTeXMwc2xNCkplb0JDU2hyakFCN1JjdWd3elZ5
|
||||
QUtzSksrVjhZajJ2Rm5HbkF4aGo3TnMKLS0tIFR3ZFpGZVRNY0MxTEIwbm4wL2oy
|
||||
VFdEczZXV2ZlbElQSjR2MER1YzhMV0EKHT3aX1BnddpVNuzzCKf7f4lqe4hTYPYt
|
||||
+udTQ6pc0XqXEiJmEJN/XrhkS1BOtMBbP4rIse4x663KHREEG1K1OQ==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBTekd4bHhLeVh3RkNsRjBu
|
||||
V2h0azluRmJzalZGdy9MR2RENkY2WkpyakN3CkdFWHB3cUhQYkZlU2Q3d1ZtcUlr
|
||||
UTBzUU1lVFZZaHUrUENiWlFCYXErT3cKLS0tIEZUcVNRN1QwdnNPYnI0ejRyNDBJ
|
||||
QXJzMmFkdDh3SHJCSjlCQmVSKy9McU0Ki8UxAzALy7EPr6Nve8UGLmOCqstCcOfP
|
||||
OkTpjXFcTBJ9wMj1ZXCoH3KYqvJSu0gvB97phnkN9X8aXkf2DsOCfQ==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1mrnldl334l2nszuta6ywvewng0fswv2dz9l5g4qcwe3nj4yxf92qjskdx6
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBoZEluNjRwRjNHaEZzNHR5
|
||||
ZW5RVll2K0NwUWtOTERwL05HZXJuMUxhUDNZCld6Yjh3Y1N6NHRzSG50Wmh1cUxv
|
||||
MW1OWXB6aWR6cHdHUU0rNGZML3pocVkKLS0tIHA5a0JmdFQ3cUdQYXBKTWxpdUty
|
||||
dFJhWnBsSzVyVkdMSHhEcWNvUmp1WG8KRB4/5AeDmkJ9I/ZMvqs9Rnrtl0FmOpYP
|
||||
hwV87Zznh0jA7vxqB21wH4spqu47VrFo9A7OhTp8e/ogtSJjyJkQHA==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwT05zbjVqY0NNQ2ozdEhx
|
||||
MWFlMWpvMUorR2RnY1Nva3h3VHRjZTJiQlFjCjNtUzZxRlRlZkxGNncyQVExSVN4
|
||||
UTJINkxHZU13aXpOdDhRNW56M3RXMUUKLS0tIHBqWHNIZ0dYTWNaclVDVk5sS3I5
|
||||
YlFkckxlcjROank3eXdtdWhMY2N2Sm8Khqzk4NUSeaPBYkMbHBhBkagFBQs7Z9MX
|
||||
HYLiY5pOdCkOteDSOGlqSdiKI7yVNsETjDXeXybLHk/RNaJbhvhqwg==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1hmpdk4h69wxpwqk9tkud39f66hprhehxtzhgw97r6dvr7v0mx5jscsuhkn
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBocEU3amQvazVLRjFzOE1X
|
||||
dHpkQXlIWFptTFNTZmJtak84ODVZZThKSDNzClJrYzBrU01TK3ZNM2prQk5mU01H
|
||||
T1Zyd2N3YVcwQkpsMWJIK3hKaUVQWm8KLS0tIFU2QnZVaHRaZjR3RVlveEVmTjdu
|
||||
SVlaajJ0SThZdUpQUTZBZks4RDcxNnMK33zYR5DuSOe1gJQmaW61Z/CNRvSV5LzC
|
||||
+UeqdUsYxOPUzFHRLwUd1YD/uPO+wfQph/WVDh8ELqsG4i0o/l3ycQ==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQNUU3aE84RnpaR1pET1l1
|
||||
b2dDYjZmSVd3N05iMTloKzVTc3phOVVGYlRrCkpGMUZhL0Ywd1dEZm5TYStCNjlX
|
||||
ZUJnWU8yZ0htbHowMzNBekNRSDBjWVkKLS0tIDlXczh1VDNsdDYzTDMvK1U3TWxQ
|
||||
V2tXdk9BUG50c2ZCMVRoY0hxeFlkYkkK+XdRap/LtxzZ3q4ulPRb3LQyeeuO0mu8
|
||||
So+7G2acSDhcNqZtW4jsu/NzSNqcv1bwd4XcKe7xqVDVYRpN8LBb2Q==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1wrssr4z4g6vl3fd3qme5cewchmmhm0j2xe6wf2meu4r6ycn37anse98mfs
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSArYTRCeXJpVi81WE4xWGli
|
||||
TDQ5M0g0MDRYb2ovbzFjbkloeG5LWmdBTUI0CmZSV1FleDhtb3Q3WGhwcEN2OEhN
|
||||
YW1rVEJNVGtWeTNmWnpsQ0J4b1k2b0EKLS0tIHBkVU15a09DdHBQa0x5L3p2THd1
|
||||
VFBQUFZXZ1pKVVoycHVuNnVxem9Gd3cKW6ZqzSjbVZDZcv/cWN31AF+5HlyvbThj
|
||||
W/qDquapYsf6dybP9F3GJ3pyDdSJbkVvInBL1aZWz/mzvny4SPSJLA==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBhMW8wMi9rdStMSkx5dlpL
|
||||
V250UlpET1k0NmZzaFpYRG15OG9NWVBKMGtnClFxeERxc1kvS1QxNTc0WFFQTDU4
|
||||
UmNGaTluelF4NElXUWhHQ3ZnN2FYa1EKLS0tIEJHT1FZZEFwc3lxYWJFc083ZG92
|
||||
TllFaWFqOXZhVldlcVJwQ09TSGRFMzQK+smZIE1hYx8urWrAqqAb9zId6ZblQesr
|
||||
pc7lDe5AAumIh8t8tzFwl72XtSMrStDqaneibbRjr0N39L0xN/nhTw==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1zhxul786an743u0fascv4wtc5xduu7qfy803lfs539yzhgmlq5ds2lznt5
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBhN2V0ajNZTWhlb2RlTllF
|
||||
KzdCd29lenR3dEJTclhvTnJDTkFNbVA5QUNFCjd3VFFtOUZxeFR2TmNLTGlZQ3k0
|
||||
SStaKzJHRHdYVEVqTDNnQyttVWFPZm8KLS0tIHNQMHk5QXJQQUZyUmZyUzE1czZk
|
||||
ZmNETDhaT01VL0pQTDhXQnRxUUpWdVUKLxDyNyTKs5hl9CkPGQLOe4JVz1EZN6sR
|
||||
drKTDoEOPdMT+ki0DwfLUcmEOJGg2ZOtmlee6s5jalBIrPZ8MXEndg==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1sqs7urnzsdy64efmd0zukzv3gs5pnjksuxd7nqmdwdy5l0nqnunq6hyune
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqSUNaM0gzTzJ2d2VQUWd3
|
||||
RlVCdkNUblBKcnV3VEx3dmFXeTI0VEJHMUY4CmpoWHVsdHJzZlJXcjRNWCtVa29E
|
||||
dkNLcnExUUJLQ1NiYWVhSkhMMXFnczAKLS0tIFlhd3c4clBYNDNDKzNuZkhRNmhW
|
||||
Qnh1djQ0ZDFhRmxsU2g0eHJZeFlkcU0Kj5H/dHrOwSgiZIzpv3nOc7AWeNMofJg7
|
||||
OzSVdRry72qPqYU8YLWjAcoP3ddITZnWr53/yYBVmssW/KeyVyPy9A==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBnZ2gvZXFXNmdod1IxWm1o
|
||||
djN2Sm1iVkpHYTJ4LzdLWVI3dGJIZTdQK0VrCjJqVnA5NFlXVGFFUDhXdE9GZmRJ
|
||||
K3ZNTnVDZ2w2NjZEemRNUnVoaXJhN28KLS0tIFVxa0NBNlVVNlBDZ1pxSWRZNFY5
|
||||
WEh5NFN6SFF1TlltdWFWTGw4MHRHUkUKrKIvC87xjEmwxPQhH8dN+ZuaJTCgPY28
|
||||
pR62KxmoKFICLTHPpYP3euiAx5M9BWvgvCnA/US/5klpk8MtlreNFA==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2025-06-21T21:23:24Z"
|
||||
mac: ENC[AES256_GCM,data:bEJoCzxph/MOnTOJKdrRiQmbVWmAgsKy8vbD5YBeWagWUCJPDAZNDFLzEzmPvt0jDBol04JosrSIKZS1JzJIIm0zRkcOWSqERQCgjgtGdAYmfp0V6ddseDUVfKlZYJDkt6Bdkqg+9LzrP8dDVm2tMDXpo8vzs02o9dTYFm7imVQ=,iv:buP/297JMfvEm9+IdMWRGV7AgZwF0+G6Z2YIeYw/z1o=,tag:+zG612MJA4Ui8CZBgxM+AQ==,type:str]
|
||||
pgp:
|
||||
- created_at: "2026-01-16T06:34:46Z"
|
||||
- created_at: "2024-08-04T00:03:46Z"
|
||||
enc: |-
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
hQIMA0av/duuklWYAQ/+L4rjUWtF3NuYc9UlnyPpwSQvsLbw7gsPuLHYd4cq2VGd
|
||||
p8s0Vreq6smVJlFV64PySIJjFuFhc1IuDDYtgym2Lf4PTOSv3brbO3ypMb+J2yKC
|
||||
pH7xwOQBn+YzKfLu4sX26S2IGSKeytXdHv6hlkt9Ca1i5RKS0ymYfn94vf6e56ZX
|
||||
SLVjq2GprTTt4oNymxkZ5JvDNXyG8XjW3MjowfQcNHUqAhmYN8ngv7HMdiIb7GGN
|
||||
JL9u999H4MCi932Nyc1+/OP4nPdUkiqFxDfo4Zgmj/F+LketzV6QCiV7Es9Vmz1I
|
||||
OX/NXzYKYnEl2FLvPZLEtge2qTFs6/Ur+VBPz5tOP9J0Xejmz62+HgtwaJI7Q4mP
|
||||
O+5FCOh/Jxf0QWq+OPQf+Rxj/dxuMHUfXF9IELmBwpGDslKcyxTOCR0kw3aZO+1F
|
||||
Zs3QOoUpz46fTXs94h+7dLoboppug0P4jAwKLbdqmyEDTqiWOfR/ZIbp7RCLFq0F
|
||||
wNPWnB03RTgSKRIXyBhNqP62ZOohHhFSA0oo+IDPzqFWOLTnD8FBJ3SPDFjpHwNJ
|
||||
3bjzqZRPU15dk286S3hMkp47H2iIBW3hlhl9g03UTdlt+MRiUHIXyt053TK2cbuo
|
||||
Jy7YiQr+dq09NoBBVxEo5hszJ154NNF9JxvN1TNHwouw3DxokQWokRtF4g9MSPbS
|
||||
XgFrAw/VlobYHBXNczlKyIaTdHQbosz9EZ7wO8Q1jLlzGF8a2e8F5ca+2I3begns
|
||||
CM4iU9uUpReZC4672sqHX622dZAGf7m0Dt3vVaNjGj90rezeGuajNMnYOEd+PAU=
|
||||
=Lgup
|
||||
hQIMA0av/duuklWYAQ//TtjTsxf5xHnu4g5Y22qvyMud17MN4j4hCoLXjRSbzG8K
|
||||
/E+0Gs08P3QqV6DddmLvxeAcnLBTAdE4XCMFsRX9eK0BLqPe++yoamOpoPe896zm
|
||||
BW2BXn/oemGdOFVOf43LRuMEYn32pjg4RNzR4bn3om2TY3S0nr7GP5J9B1QrSPfH
|
||||
AFdR78MwX7PrOkkh4jSLPftjAI8jUtvS/TzX8AXnzy1A8xSkWxww00GMvTvSSAwZ
|
||||
wxU6fePkLwuxVwZVqI5pdsjAscwy7FE7NWDgE9GMIxxwAJRRwJcsJ+eVM6ykWMyq
|
||||
Xqo24kWkAqgs7vbxU55gOqPVHN50M22fQ4+RYaLnLyj6BO+0WegW1OmK88q0flaA
|
||||
QADZHLGrsuiVgc4KxHskwQou1RuHZnPUSqn+Nhnsp8rtAfboHS28v7ekRNTmhTWG
|
||||
qPVPlOlVnY0AemohDjBnk3o4rCxJhviL9KTjmAtIGTK03Fqzk2v23H3+LRo/rocm
|
||||
gQCXzN6Igdwn7n9x8wXmuO6iL9Jftu4MoaQ0W55hZiBfh8pG76TGdNhycZr2T40w
|
||||
MBnRX3ydwH2T+y2pGM9tJY+nlgGsyTiOw01SN7/mio3YdCSvChXTkV3PaX28u+CJ
|
||||
5TaYLM2IP8W5DJU3r3dV3I3JYED1O5Arq7Xrv5Z4qr8vwamnCN6SZGe2qCqxTOrS
|
||||
XgEHGwiK1pFQIBxkI0gFmGX0ckd1NYUfsUCyYrFkcAsicWetBhdlgMjLc86bVHwQ
|
||||
7p4iGLGsr7GZEArBnP0J5Ee+Hr9MCiW/OCLY4M4jlTsyimlsdgDgyr+RqoOnvig=
|
||||
=SRZU
|
||||
-----END PGP MESSAGE-----
|
||||
fp: F7D37890228A907440E1FD4846B9228E814A2AAC
|
||||
unencrypted_suffix: _unencrypted
|
||||
|
||||
@@ -8,91 +8,86 @@ keys:
|
||||
postgres_exporter_env: ENC[AES256_GCM,data:8MEoikoA6tFNm9qZbk0DFWANd7nRs5QSqrsGLoLKPIc1xykJaXTlyP5v8ywVGR8j7bfPs4p6QfpUIWK8CCnfQ1QhsFPXUMksl8p+K+xuMakYZr9OoWigGqvOHpFb9blfBN1FBdRrk38REXWAMUn74KSRI9v+0i5lpC4=,iv:anpjWVUadKfSAm9XbkeAKu+jAk+LxcpVYQ+gUe5szYw=,tag:4tzb/8B/e1uVoqTsQGlcKA==,type:str]
|
||||
postgres_exporter_knakelibrak_env: ENC[AES256_GCM,data:xjC7DGXrW2GIJq8XioIZb+jSe/Hzcz0tv9cUHmX/n1nhI+D64lYt+EKnq1+RX/vJzU4sTaKjveKBh88Qqnv6RQm+MZC//dIxcvnnAdl50qnHZyBCaFFEzSNI8I8vGyArMk8Ja72clBq3kMpUz/pLBP0qDrjblKDoWkU=,iv:ZW98hJy8A5t4Oxtu17R3tM7gou183VLbgBsHA8LFuJY=,tag:VMOvQz3X/XDylV1YFg2Jsg==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
azure_kv: []
|
||||
hc_vault: []
|
||||
age:
|
||||
- recipient: age1x28hmzvuv6f2n66c0jtqcca3h9rput8d7j5uek6jcpx8n9egd52sqpejq0
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBIRm5XY3kydDJSRUYrcmRk
|
||||
K21WUEZSSEpYOHFrVkFyOVJYYnRUSU1aYkV3CkVEUllvUm0wZjlmOFU0VSt3OStL
|
||||
Tmdkc3JHRWplS3lnQWlkT3ROVkxkVUEKLS0tIFRJRkFEeE15Q3A1Z24wQzNlbUx1
|
||||
a2tmd21zSWUzbmw5NDdSRUVDcmVwbHcKn+DJ1PnlQApX8fwJoN9DtMqeKzoih6Hr
|
||||
sSh2z6rsTj1UmXocbBm1SduattqZFjvO5XGpp25mM9ZBlpcnVjB/hg==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNbW1FZmt2ZDRZcWs4SEkr
|
||||
R3ZDaUgyVlVvRHNNRTZCS2pxQThsT0NmYkFJCkk1Y1NpT1RSTFp1MWJ4aVNrelVx
|
||||
blYvS0l3ZHczaVcvZDE3U0k4ejVtZmsKLS0tIC84WEE0WERiTCtKNTN0NmZUbDhV
|
||||
c1QwV1l5b1ZQNitFRnFhQmIzSWNZd2MKokg6XMIFfjxB6sO8EBjBc7E7Ur3zBw1o
|
||||
akXuA4I1Xw2H1W8B6HkVSDp4BpBEe8xi0z8TUmzkA9/IBoypG5EJKA==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1ug30gg4y7ftuya0wdv7q0vh4egn00wlv2th7mt7cgc2ze46wmvyq9lq6ge
|
||||
- recipient: age17tagmpwqjk3mdy45rfesrfey6h863x8wfq38wh33tkrlrywxducs0k6tpq
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVaEdlWnJCdHVpM0ZHTlJj
|
||||
WmNrQnIxYmxmWlJ4Z29WKytHd1plUURPSDBFCnBHU1MyMS9FNnRCMmJ6Ymd4UWcr
|
||||
RGV6QmhrbDFObDM1MW1NdTdDU3ZIVU0KLS0tIEtBR01OOVdITExFcUN1dHEyaklD
|
||||
TVFnZXRva3FUZjcxYlRuQnpFTDhpZzQKxZM0ZB6dVwFr5QkT6YmEA+3RhhsX0pl4
|
||||
SolLZXFal1BluDERtZ2Clb5VzrcV3PUfFo8Yx6ncFjcisyFXUHVnYg==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrQzVtTFRFTnNNQTFXL2dF
|
||||
UC84d1o5Z0p2by80QW9Sck8zVHJvMjdjd25nCitBRWtzVVdTUU85RzFpN1FmOVQ1
|
||||
SlNESXBKc1BUdTRaWk5nSENvUXdraWMKLS0tIDlkUFZRVUV2Qi9iSUpFRmN1Tm5S
|
||||
dW9lTkxsNXBBN0wwZ0NFbThRdzlvOU0KbLzteBt0VTr825sfKLNs3i3FT0/dgn2z
|
||||
kOpJQf7KZKEVBkInUOkPmobtw6oM9vfWha035tTJPYjWy+Lp939tBw==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1mrnldl334l2nszuta6ywvewng0fswv2dz9l5g4qcwe3nj4yxf92qjskdx6
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBvYmNZSTBrUzg5d3NPSHhM
|
||||
Z2s4KzlVZldKVitmL3RFNHFiQnJlcmlCS3k0CkZ4YlBvbW1DTzEzRTZMUVBOWDNT
|
||||
SHQwcTBQL0NQbXA3WHVZcFhjZW5ZeE0KLS0tIHU2TVErZ0I0dGRuTGIzZkVoeDJC
|
||||
MHJkcXlGdFN2Y1p4Q08rT0phODlLOVEKhSEO8hUZ0d3SA1tFvXN2HuZR35SRzhUq
|
||||
+J3eN/qUBu0LcuiBq+qbGYIAHggXy9ZSGCGfrNw35czzGpzfbK/fwQ==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBCR25sQzNkMHhETzY5cXRm
|
||||
Y3QzYXZOemFTTmN3aTVpODlQclB1Y0JRNlRRCi9wQWVGUVFYd3ppMUVMdUVQNnBC
|
||||
bVVRVHlsTWIzMitqNlQxN2NKcWl3a28KLS0tIEJrNk44TEN0ZzJ5L0JaKzFZaE9M
|
||||
MmxPN3RUT0hDRW9MSm92LzZJY1lCZlUKM+r/35me5K74KkidKLUTZxqMqR++izHK
|
||||
69gXZEHY+ZSvJ+9IBzcIxcFdSFyVUAN7wobBWZGDxmGJRClS/8jcHw==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1hmpdk4h69wxpwqk9tkud39f66hprhehxtzhgw97r6dvr7v0mx5jscsuhkn
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBhdDBxd3J5MWZ0R1IwVWRw
|
||||
cklOOENFM2R4Q01JdFd2cDZCQ2pSTGNucmhrClgra0tCSGdqZExLbWNoaDZkSzJD
|
||||
aDc3YXdOZi9jMDdwc1duTWdKbEdUVDgKLS0tIGxKbTYzRnAyRVlwbUxGS3JySFJS
|
||||
VXNrSldhMDV4V2preEJ3ZDk5UlZ1YzgK8K2R4LETFFKpUZVdofJoE6eXw/tlz3+9
|
||||
k0iXQX6zMj1uSDmenjztU04FIfRxzIur5xifd8hCJnWmxlOCFDqLag==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBXbzZHMHVqVkVrTVdiUmli
|
||||
OVhhVTZhbVRVU3VKd1Jxa0Y5dlFReXQ0QmlZCkVtVEhCcVlHamozeDYrQlVvRjlZ
|
||||
YUNXM3FML2ZLOW5PZ0tpZjlPc2lpdlkKLS0tIHVXZHoyRmlscSt2TlpLb2lDd3Bt
|
||||
bmJJS3JPWlVMd0FRaExUZEZMdXk5N0kKY6qYVva2aOkvo1huKH50gkT1iQAUhZCB
|
||||
ieUD1aQumHe1OYVeEWJCf2nYgApwq1tPjea5nqc4VzOogTbLVcKMFA==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1wrssr4z4g6vl3fd3qme5cewchmmhm0j2xe6wf2meu4r6ycn37anse98mfs
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBPc2dCdGNSeWo4RkovV1Vn
|
||||
ckRYYW1xZldjVDRuSjM4elQyRVFROWduL1QwCmNSVzk3aG90MHNWZWlzVDg5RE55
|
||||
L3JKODZlMDJudTZYNGVNQldaNEhPcjQKLS0tIE41dDYxWE84Wk9XbG9iMUhpMHBu
|
||||
VlJZM1VMYkRkQXNlSVVoT3RYZXRaRU0KqqIjxe05oO67IUt/LMIYsUAaZw1qQFNv
|
||||
mmVu5GvHdpSrp3PttxlZC7OiP84Jzj7zM/idj0wBIeVCWedWO59aKQ==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrNWc0RVNQRzJkRTBKS2xD
|
||||
R3ArQ2lkc3F3QXN3bldZbkJMaFhoaDI4Mm1RClhuSmdRbWxlM1lxOURRWWVocC9X
|
||||
dWFSOG5yN2x3Vm9CZ0pSN1BLTWk1ZmsKLS0tIHRpRmJmL3FmaTFpL0czV0tIOWhX
|
||||
NHZLaEx3dEozc21MR3ROWHRBQzR3T00KQQiQ4SxpyMTDZyGY7TZrdQEioZAB+BQ/
|
||||
u24WgbBdSP6VDvqmq2gG8BqZ3Aog2/7SQ0CVzrsimAoXi7YCWCTetA==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1zhxul786an743u0fascv4wtc5xduu7qfy803lfs539yzhgmlq5ds2lznt5
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBHL3RId3Q4SGJkYjM5STJu
|
||||
ZU9BbkgxaXdva3g5ek1hZUF5YWcvZHI5c0VRClhLazhueTRLU2N0T2c2REllT0R1
|
||||
LzFrdDdiVVhLQ3BPdkwvVTg1RjdscG8KLS0tIHRYTmg4NFF2c2FpVHphUFdqWmhH
|
||||
TFNhSDNUMEo0Z05mbmlwRUs5VHhUWHMKJUCyLDJx2voDttv4UrpFKYyNz+HhtyFj
|
||||
X3OrNbmJQYuNpq4hzQs7jN5UD/4YCtFi9mb5pmFr8MTHLb6UsZN++A==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1sqs7urnzsdy64efmd0zukzv3gs5pnjksuxd7nqmdwdy5l0nqnunq6hyune
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKNzZ4Y2U2NXpXWHA3Y3Zw
|
||||
S1BKbTNXaGxRaE55QkZNSFV6b3VURFBXWlEwCmpJUjM3VVJRc0dwdjFLOGdQQTlz
|
||||
a0hVUC9tSXNDQ3NyTnlnVlNNalFOZmcKLS0tIFNXYThsRHd2eUQyOGtVT1RLaTdR
|
||||
RmlST2JZS2gwbDBpZ2xMblpWNzB5ZWcKTkKF9aonrBMolxqcj9a5d9JLoCj229KU
|
||||
It2KjhlzBcgcJUIiIPWMoV9VbEpKkTsCLkWxFSLle++ryOUYh3kgaA==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVcERwTTJmdlgvZjhWeTBP
|
||||
eGJ0aG5RQ0xrRVBSMldEMEFpUHo0TnM1aFNzCkhReEZ2dWVGelNadjdITCthcTZn
|
||||
RzlQZmh0MzF5RmZGRW5UVXhYL3RHRFkKLS0tIEtrV1ZjQkovZFlmcDM2OUNYaHZx
|
||||
WDRSdDZRa1lIbEVTdDlhU1dwUXUzQTgK5iE4Cf/zjsPYHKcqYA0rFqY0TNcCnzNU
|
||||
vTM+cEPaA+/FXTwLfPpaiSkg5Fq8k2XdeMQsjQnglTBSWCwAJin27g==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2025-03-16T20:08:18Z"
|
||||
mac: ENC[AES256_GCM,data:C2tpWppc13jKJq5d4nmAKQOaNWHm27TKwxAxm1fi2lejN1lqUaoz5bHfTBA7MfaWvuP5uZnfbtG32eeu48mnlWpo58XRUFFecAhb9JUpW9s5IR3/nbzLNkGU7H5C0oWPrxI4thd+bAVduIgBjjFyGj1pe6J9db3c0yUWRwNlwGU=,iv:YpoQ4psiFYOWLGipxv1QvRvr034XFsyn2Bhyy39HmOo=,tag:ByiCWygFC/VokVTbdLoLgg==,type:str]
|
||||
pgp:
|
||||
- created_at: "2026-01-16T06:34:50Z"
|
||||
- created_at: "2024-08-04T00:03:54Z"
|
||||
enc: |-
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
hQIMA0av/duuklWYARAAgrn0irD12kqDfIEvpLpa0Ys/hMG9GwCMeU186iFfJ193
|
||||
72UVEzx2GwIfSt0qQlpBFZtueL9Bb7ka81IrqhAepq8J5//WxEGvv6H9aIm8V7ov
|
||||
ZkS4eZpFksu0ZRFP5HWQvEQwRKj8WxYQY/TS/5QGNSPeHOZYnpQcBhAVLjn9Uj/O
|
||||
6ojnIVoKxDdo235fuDQdiLwCpPXsKi2OQuSFOwq7Acg/fm1pvc76h9dqr5DqrspZ
|
||||
c3stdbYwVOedgYjRrdSYpkplGSqNeVtYYJ3apdauMSRNaKmgMwbkxkzXO9YrWASa
|
||||
beYilvhNgr0rnQB617IhgBZrgik9CvqrqGZqim0fWI+s4bcbgfvK8UORt4+QgJjO
|
||||
FPqAtVE6sNGzElKQ6ZZPWZoXeK7vfIfxwxU+oLcijAnUmLy88zqIUjUZKzmyhDZa
|
||||
YAAwxBL1nh+UzIbn4GGeVbYHLbKJ6XnznF7zfTWph6GbeFfdWuaSwxmnGjE6n1y2
|
||||
ye3GQaW2aeq7RKoqyLJO3oIHyGHZXFe4pB4adz60uKNPJz47/gtA5OofNs0qbxqQ
|
||||
Dp5fmrvZZtDa/TYIV9o1bSp7cYk49TGKHPbX7tLjEIIfRxd4y6rYgwNpPdukjZsk
|
||||
bbdxypWrJkMx+9xk84DGo3e+RY738JgLjc0ylDO+pIzThUruBOcDjUKeGNmVQYnS
|
||||
XAGofG3JSI97wFdYOB+4yoYPqs5rovgPbkGGuT5SBIxH5zVv3X+SE4wCGu3CLFC4
|
||||
A4cdwXmuERPxszVZW+V8CSGq9XnH/OzrpiWVhzqXCRH03F2BmnAx9Fp/zMTH
|
||||
=DooK
|
||||
hQIMA0av/duuklWYARAAs0o2EHlphoU4JcO5fhmplhmHQp7GXjaUc5zakGACrl0w
|
||||
0NVVLXf3hlb3saPgbRkf+ugVXd5dRDYfa3vbIDKpQwHVLSNVrVb7M8eIc0RXM41q
|
||||
MqpueXLo6YfxbgOvsfNlgCvDFgMoBMVv/rWz0QGTj8VCvD5AkxiLQJxZ8TnlKn0w
|
||||
NF6yQ7LCGgKVU8YHpKYjPmmDU/VegRYVe6wz4ackk0MZ5ITSFXF4qOG93Uj2SZfe
|
||||
ocpPYZ9BrOnxzCYd9ZS1yUmMRLRC61l66oG1hGrBTN7fcmHZaycCdcvABWOB/fxJ
|
||||
940zMb5NYK6whToCWY++m3I6123k+/vLJe+3NoFc/wYdvpnxVqLZqijxYPZZkbRN
|
||||
gCtRE67AFWny0VQ2k1CGzBGbRAxM2EtIfDlbNgMUNBNuGST4tgxApp5QEa1yecHC
|
||||
mr3jDhR8UuFdIrq2sTz/uMUptTrsB3oaZmfuZ47pCVHtDNc2ri4U1gsI6oI03utO
|
||||
u/q6nMHiJlf8HUwI59GemBaHTiMgzKl0REAoV3SpdfjWSDZiro42au6E20M1dgup
|
||||
rQG8Gz33QnIHg5ezEHcTSeHk3SgMTbAqQy7/aD3pqI6wEgXqU2neDFZEkNu4FnzD
|
||||
ofnm1oAGnbOIH2+SFtd33hDe/2nuFBo3CYEyz/fezhbMwCwoA4Iwd7FBQW4ideXS
|
||||
XAGU2gt1hdPfgMQ55GeRI01C2dqiLQOpvTHy2uBl9ekPtSw2Ws27hVhdHvU7B5ZG
|
||||
Jr388jC5d5dKGNv1I8nVNlfmPvb4hwGazrHdCYiQdwrpggajFtWD/LIgUcW2
|
||||
=aK5J
|
||||
-----END PGP MESSAGE-----
|
||||
fp: F7D37890228A907440E1FD4846B9228E814A2AAC
|
||||
unencrypted_suffix: _unencrypted
|
||||
|
||||
@@ -11,82 +11,86 @@ matrix:
|
||||
registrations:
|
||||
mx-puppet-discord: ENC[AES256_GCM,data:nvWSaZ4we8BD50Op/bZMrlMXGBwzvG3IXGPGJe2paCZ10tTm9v4+aYGYhILNhcQM095AD9KdEJ44TAyPxZ/c5iYLqb/LJzEpa5X2jKoiF6r7PjNFGevKQs7fzJk4Y9MxHwZ2KJT+uHjtXF8erJvFDs3S3WgmuAQW1U9b5fYQNc4ZF0tY+BsWU2ehqMejpx7w93TkcIiZY7Uoj4kPMEp8aI6v/7VPIjM9g7b+R5KGZ1/yIpiNCzZuT+x2mxCtqGfbOynWON8PaCIojp7sbLaRWhX2bd4GG2wP3T5MsgwjJzQSfyXjK1Dyxzr8fVmh0R2mJoZHTYNQLLwYncLwqXQEHr6tXNWPTwxPslW+BdLsp/8//m0F04vUf4Z0dbf22NSaPkH9GdRLB3zXh07VxqG+B7OvAjDULHUmA5uwgtZq9h0G73TWDJ8U75eAxrTdsgQgmIsyhpLljFW2QSnOPL/93ieovh5qRgXjgyqrljDOkB+fhC0gdQalPeBM8l5zPI8aaJsVp/l15rx4nUIrFka0g+v+SRhAIPtQAKA=,iv:3gzyGz7T9PK/J92X46YXYT98bpTnx1uPiiwXuls/kOA=,tag:Vm+zNmA53HIb2dP8FIgP6Q==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
azure_kv: []
|
||||
hc_vault: []
|
||||
age:
|
||||
- recipient: age1gp8ye4g2mmw3may5xg0zsy7mm04glfz3788mmdx9cvcsdxs9hg0s0cc9kt
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBvKzl4b1VWTHQ2bGI4bXJl
|
||||
SFNhY2xVNm9XdG56akFWZkR5NHliUnpFaTFJCkhRY2hONTVvRkZaN0JrM0lkZUVu
|
||||
N3kxWVBWOUV2WHJMZ3Jsd24rOS9hc2cKLS0tIHFDWXBMcmppeHJBb3RLZ08rdVlE
|
||||
R00zS0R1Q29QYUlTamI3MkhNNWpaZ2cKMTZ8G2ZVNsAKgZj8B857eH4yfw/fvwtJ
|
||||
YmDTcA0w+uXI+qTtSLs/UPQ54KcW7zNvMUUSoyKrYSDul0SFUDk+Vw==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBmLzAzMzNCdGxSMVdiNUVK
|
||||
SFlJeTEyRW5SenQrMnFGZEJ5TGJxNDIvSmhzCkdBUnYvNDVxZ1ZNSkYxanZQY3Iw
|
||||
akhuK01haFVRTUlKcjloVU9QVmhldGMKLS0tIDZmMjk1WlNNYUFXN2pWQ0oxRjRv
|
||||
bzFmcnJUaUJmU2pCZTRnRTZZZHVkQnMKrKLbYFE2+0rj5BUchhYtWghzbRJTFDaY
|
||||
+RQpJC+5gSinmUuP3nMGR2bv+gL9v/EOJKeVrC7/sZM9mQeXI36CUg==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1ug30gg4y7ftuya0wdv7q0vh4egn00wlv2th7mt7cgc2ze46wmvyq9lq6ge
|
||||
- recipient: age17tagmpwqjk3mdy45rfesrfey6h863x8wfq38wh33tkrlrywxducs0k6tpq
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA3U1hmbE0rWVYvenhwQUpQ
|
||||
NFlKcFZtMWVWNGU3cVkvcVY1Mklyb0x6cHg0CkhGTHZPZEFCSnV1aFB0eG1ZOHNU
|
||||
UGJLY3BxOHF6V3NuWGZJUWkzcEVUc2cKLS0tIHhVY2xjaXZCdXR3VU92UUE4eWFF
|
||||
RHNtb1RlUmdpd0RibFlES0FDRjg3RFUKFBfH7eVw3j9wFWYjK3nwd5BuW9V4R29U
|
||||
sD/5X7wLRmfo0zCNkf50RnN3oxiP5Sj8zprQnaZMX95EGZXgqeWuWQ==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtU0xjY0NEelJvaFJEdjl0
|
||||
YVVDYXFxbFg4d241ZjdRRjZVM1lJd0R3NldJCjJQRW9EOGMrcHRUNlRhNEJ3cWhS
|
||||
UWlycHYvaXA4TkxEVjZ1QThQUTlrcjAKLS0tIHNXWk1mQWJFcmU1Qmp4a3YrRngy
|
||||
LzZ3bU1nd0FLa0hNR25CY0hzNS9GZjQKRoRMDXESUtwRGDat2gJ9Fjqy/m6FThzk
|
||||
k6byBSt605skrUd2YQZ+JF9cUs6p9y9Fm6t+HfK/kHQ7jchiS3ZLmQ==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1mrnldl334l2nszuta6ywvewng0fswv2dz9l5g4qcwe3nj4yxf92qjskdx6
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBXMGc0a2FyTU9MaThIUDlz
|
||||
VWJTOC9ZUktuejl6WFRtdlV5VEFIakZHeENvCkpFRDF4RDRQMnpjZTNCdkE1cWlO
|
||||
VExPNXdxcGk5RTVEUE5KcHY1U1M5VTAKLS0tIEIramZ4R2sycnFnS3AvMWZ2Q1RK
|
||||
dGhDZnVraGlQQkFzdHBRUjEyWEJFMlkK0M3q1NqZdaC9E1hSUOwdTOUWdyvW1xPb
|
||||
E/9SHuRZ+YTzXiECIEx/4ZiQEEcCWOS/wLTQjYpzoozBrmrjGaKC3Q==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBuSjFQb0I4eHlhL0NMN1ZF
|
||||
WldhZ2ZiTTZDMXM3aXgxeHUyZm43dmVVNlFvCnQzd0VYdVd1azB4dlJkdDd3bE0r
|
||||
VHlwMFZzaUhkVzhhanl4cWxGWUlDWFEKLS0tIFdWck9qVVRoTWZsK2RNYzF2WEhN
|
||||
eFpOY1UzWHpYb3p4eDNRU1VSdnJyZ0UKrF9vihQPmmv4nrDf+tPAssfZLNJbdK1L
|
||||
N4IlFTUPchiPW1ss22bjtiooekHAuP4ygePYLKlKEi3w1SsKa9REGg==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1hmpdk4h69wxpwqk9tkud39f66hprhehxtzhgw97r6dvr7v0mx5jscsuhkn
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJTXJkckNBWERIWUNXMERK
|
||||
UzRnL2FJaUlLTmxvYTBQTXlvSTRvbmhmajFJCnNCZjdxUXpVNDlwY1JDaDNCbWlH
|
||||
ZWJFR1o2YkxLMlVNWStoYnFYL2pNcmsKLS0tIEEzM1ZIN3dBb2paeWcxa0hJSDN2
|
||||
a01lK3hSa3prWERxQ1Z6Q3A5OW42NnMKxfCqjDityZvhOoH1DG0JJuEvowlzFBVv
|
||||
WOofbRQ7HdB17OyZh3u5Kbd37D65bbse4HVUaL3NDbdfpUxsbZIUAg==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBEZEhYTVRBWVJkYndjOEZq
|
||||
WlF1UCtJN3Uwb0FNdHJITTdiTXZVRWQyUFh3CkJOOHRHSHhXdW5uTEhVeTFHWWNi
|
||||
QTd1cW5YTkFJZTRaN2RaMnRKQi93T1UKLS0tIEwzSnVleWduTkRhMnduNVFEMjFL
|
||||
NmVHOFd6eVhXdTQ3RE1adkhUaHB3TVEKPFmS1njkM6FPToIKML396vfM3T39co/v
|
||||
mvyOUCq921mTIzlPfVpfpXd9pmiyMKi/spDS4xZ2nFLyHMhXMKW20A==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1wrssr4z4g6vl3fd3qme5cewchmmhm0j2xe6wf2meu4r6ycn37anse98mfs
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBkcExDUDNndXRLY2J5NnpD
|
||||
YTFnWndXYWZvRG1EdGZZekZXYUtBOXFVOVVvCmJJOEc2MVhqSDJPRTBVRU0xcElK
|
||||
SzJYS092eXc2WWExVFFheUZnLzlHb3cKLS0tIHJPRUt0RnlzWGozM1NtTlNzbzVK
|
||||
WUtwa3NvWDlsYmwyalYyL2FoNVBhaDgKiRmCO8OOU94uxnzUmGwnUjipDBVeF88x
|
||||
hF92Hj7+9yBaEi4O1Je0b3ShjHfEsg690ajQKkzojGDX/awkdlcF1Q==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBXbDVRaU9pTkROV0VoNm5p
|
||||
VUhsenhxR1cyTFZVeDJZd1gvVUx6TXdQY3hzCnBwUDZmaE5FdFdVODZFN0lxbTdB
|
||||
dXRBVHpUak00RnZBRUpGeFRuajhZK2cKLS0tIGRaODBlM1FnRU5iV0RrWDlEMHUr
|
||||
U3AybkRZV2EzVjE1QktEcjdwNG00dXcKnWaJwHyA4Q5RFgOWg3wbPwL4E8Mgijph
|
||||
wCuujSzIUMGBqIBzr6ADbQ38lnUSKjGz8EQyrIa4/vILXzuJ/44SbQ==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1zhxul786an743u0fascv4wtc5xduu7qfy803lfs539yzhgmlq5ds2lznt5
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAyc1NLMmZzRUt5TWpyaXhH
|
||||
c01CYTJsQUdBWmZ5eEVRWXduL2ZLQ1crTHgwCndRYzQ1ZU9ybmxlRlZtUVFnL21m
|
||||
eDhYZy82RFJqb1Y4Q1pZMTRRRHpQa2sKLS0tIEk0enhSL0Jjcld0QXNCbjNKNjJm
|
||||
c241QUEvbE9iL2RPTFJCQ1dvVW9kVkEK3N7ojkIdpcN/ui1xw7IEzBKduk9aDKrt
|
||||
KajZLOkcaJWsYZISxP8kmN3CGOBlOx77MxC/rV1yM+/Su0S0TxIC1A==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAyQ3RYV2tYVy9ubFQ2cTg3
|
||||
L0xqNlcycHZiU2hlRGxmd05EZldMa0xMWENzCkhHdmR0dVRYMjZkdit0Mjc4dy9X
|
||||
ZEtLY3hrbUZjaXpCdHBhVm9wZkJ0WlUKLS0tIHdsNHhNSEZVSHRuWE9tOXdoY3ZK
|
||||
Ti9TOVhUWVdsVmw2U2ZvazVKajJSRTAKnAxtMLh5U4xL3UsLehdo2JMBRcX9Vy+X
|
||||
oWlgVviORYtHaaU7Y9MFTmhV3OS+He38wX0l4NZOI0d8mZ/6uJ1JMA==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2023-02-13T00:12:03Z"
|
||||
mac: ENC[AES256_GCM,data:FolV94dIwYSL5r1ZHTPdmqMKVTAhrnePG+5M4S1H/wBYbED3sr6oPPmmxwiwm5E4K0YR1+ou4yR/vGTV3lfRdxIGWhfAT0WW8WGTZVIlcJCEk5H7Rels6rkma12BCjZ1zOGjZZCcFTm+4NI2KNv+zTc29zry4539jkkxk+8Skog=,iv:KBxSFVaFI3S5J9xG2Lc7FINUI8TRKxPtrbP3f2wXkHo=,tag:TWAtix03ZnB71+O7cF8b4A==,type:str]
|
||||
pgp:
|
||||
- created_at: "2025-12-01T10:58:23Z"
|
||||
- created_at: "2024-08-04T00:04:00Z"
|
||||
enc: |-
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
hQIMA0av/duuklWYAQ//R733yCFFSYFZX2bORvyI/xgHjzxNxWPkVZagrWDvjthK
|
||||
zJH6EiHZrivSRx6cXQIQ4SoR0LWHNidmIj188l8oB/Dh7jj42zd93+U99EeUhVNs
|
||||
qPN9C88/e/tEWs05HTSm4oUQpoSeDVBeZEd+du+eP+DJWypSi63fh5sqjPrPHXdq
|
||||
apayt9XGSGBIhWsACb9d56VqCb1eNF/SOcOTLPHWvA074TxmvcbWH5CfiqQLcYGd
|
||||
r600nWol5qhmCqgiLFueUiYDikKVHi+MitatCM15yrnMi0ZLp3B32n3zPjbTUpAh
|
||||
0NHtXHhH4ihBqWxnVSTqAqWiqM+oMORhzVatq0PjUq20XayELsY8yn7YvtJMZLjD
|
||||
CstNQc6NqYxwjLpsuqZQHse5MnAgXapp5ogKLpjxRX9ZKWo5QD1VDB4wELG16sdv
|
||||
h/ZvS7nh0mMWRRyXAe5OL8vTJIeiQBday5aVgqk58OrdhzVtqp3isIKRb5W92W4z
|
||||
53Cw23prLhZnVssMLQiKUVFTIu2f1d907Kj+sH5AUybkbt93T7m/NCaEpDyxPPur
|
||||
QDOT1KFFVTQIBHLyqg8pASJyJMiuSuQ3cbFkTDWrOWpKEDfpxo9Vy64dEKNCeWMb
|
||||
XhVHWMIJXmLXalPePDaCEYCkR8usWZpQsRei2DHaRbXt1dcOjWuLOZeHNizy7CbS
|
||||
XAGkGgNySuI5IFbVBfKG0OaYXu6PM4Kbh8XBnxxREaSH+EiEe11ig6CImV2pbcbU
|
||||
pfHSdTioB03UnQvgVSP2M2DgMr3dkJnqXKrzRO80kVBd9uwR4I/1TUzsk0K+
|
||||
=4Nje
|
||||
hQIMA0av/duuklWYAQ//QIfxaAOVl0QStvZe6irI0GHS8+7EExn88dP1QdMnVijv
|
||||
W/IiVffs/Bb0t0hcNFY3SaU4ea+zOT5bdMOlQGA383hTYvwXXdI+uSFmn3hrysZS
|
||||
eY7394Z9c8jubEDXfJOHTt0mbpfzOglZjiCcQYnZlhkgOzilDXMCjVsjVvuAN0bz
|
||||
MFN/DjC50fIdlaeWe7h7NgK3Mu9j39tUrgDCGn2YlCycxcpPz8+83Ge8bOnyskZs
|
||||
P/04wfkOGSrwb1ingxHjZP9lR2NABdqOqSBzC+x7EQs6xNAmC4XayeTnASBDYp8B
|
||||
+H/3Hiv1nWtS//PQr/5+KHR1/iLaSNI2fUAUFimIwEQTU1vpMaV2tVmJtpmSQRAg
|
||||
MpwljVoCSWvhmU4oZU8ObTjcMy58YfWHIOcIN2HHgWBVdITve3sca6J1VHs0rWFm
|
||||
4tqPElsfa59WPy3HKLGg8pPahoBlj4X1PGJVHxXBMJsPnbX0gg6V7ajQaVdOsJAF
|
||||
LMgAel7eNq0KBzk/rrVRoV5ii2lipUtKmb+FKTXKvSnwgqhVNkRppsl9BqgeXvTR
|
||||
P7AsKnNgQBydz9vDTkDOuspyTluDmhXkwNQyhjH0enPAyeQWN2qs/A8qgmfdTXff
|
||||
TzvlfOEy/6r4zl7V+L+qcw0pYrzi5K2CtemN8TlGhRvAYgiURY/78kD6EGrjMLLS
|
||||
XAHBQn0q8dYgKf2uA0JcfNehgpI5fr3gZxQFKhnuXkXRa5h9hMn1mzdhtO4VyN1e
|
||||
d8eL57iFeApC9SAmAGMOz0DBbskD470qnYObUliViWQpcj2VR6W4BwZG28QX
|
||||
=iviy
|
||||
-----END PGP MESSAGE-----
|
||||
fp: F7D37890228A907440E1FD4846B9228E814A2AAC
|
||||
unencrypted_suffix: _unencrypted
|
||||
|
||||
@@ -5,8 +5,7 @@ gitea:
|
||||
database: ENC[AES256_GCM,data:nDZqnSBKijyhslBjhSu9weqLVJzUiBD8Ltu/nmllicadraeISylyEk3pOA==,iv:XFzM1pGv98jehdgvlZN217LrsK8TcAMFK5eDrPi2bm0=,tag:+YpXqMmvMTrnt7cDK/Sa7A==,type:str]
|
||||
email-password: ENC[AES256_GCM,data:tasMZ2Zu449o/mH6uSSPM7cFOlBg4vC+,iv:lDNMvXh5P3HNy9pW6nBsSLCyij/3HiSRunVuLeKAmbI=,tag:ApqGWYE9MSE8m6iYLK6Yww==,type:str]
|
||||
passwd-ssh-key: ENC[AES256_GCM,data:VOp8vqVoX9IFJhzpKy0J+AzyX3TvxEIBvv3dXpD1f8szmUyPwd4gDOlaFpqTSDu8ebmK3m/D0FMTkfBkPVhUG6XTPo7YIV37gLhfsBF6CuwCMXxTQAd23nfpwJKcDIn3R5h8Mu4MMme2Ev/4PNDztktmIYv3KoEbPglzBMS4LrZqJsDilvIYKEIDUExhSAkESKQZiIzK1TdtWDQSUzvUZ3OsbxONZgaTw5e+xz3qk/q+IR5eRNp9fpeZQ8EkpC7aa/JDIwxzNIuMFi8W9PWh6ANmAOm6GK7JSKiHYQL8GofVifhUGUanAnjgDTYkIWpDiSsuHjfDPGupFCeONNd+Wd4NpJZsej3p9ldLOVxa01Le2tIVYY80jUWT0dpV9IJ5syp4gVaky5Vk6i2QhvjunDoEUnArSRGyMTxWfxAxZLvbLYMNAJDoWzy25vf3jteNB43lVHckEW1F8w/RtzoKzbjKYiANHg+eNLVq0HK67gX2twpblNN4OBt9d03ZbV2lZjTMXGzJXHGFT5ZPDwTkxcDooNvoRuCMe8t8dpuksHFaIp4=,iv:3sgiIgGD9pmCMLVRk0Q8+7GZajYIWsokDUx9JuNrO2c=,tag:WDXyNYtqjdAMePEsnA0hbw==,type:str]
|
||||
gpg-signing-key-public: ENC[AES256_GCM,data:WgEr+ehNJa9ivlPYnsTD2772MUmsu3uvGtuwn2htqHtNxJwNG6rlnAWr1zG5D69A3G01u61mWCxLYETzjg6GsLW3rKadzUSP934kl5VQMISW2iW3XDaPLpO8dPfk2IaT4oXpui0zk0z+Viy87yl/p6JVLJ2HHFTwh7QTl+gZj8JXF5zpst8Y1op+JuBlePCUgBIE4YCF/m1kKuCDEUnZ5b4QKrogOtlN8AXwIKgrEADGgufXee5B+mg/KYBfX3/JB6evfz3rAn3gLyT8nO9T8V7RJjVeastHw0tPEx7Ep12rQxZ7uOQ66n1D0WIYB5FgiqDoY9AJxMJi02roiW1d2bqvkKfikWnYkk8zkKPWzbLWkL/gaXR5wrvK4x5kLg3GUdNzGKLUrNOy/3QjCUOe4RDXBDPgvB+LNmoME9hGGhtPRBzAsM5n7HKCTRksDRHWnArP2JsNhxeUoJWp09lBIbQ6qoF5x9C/mcxdbfuzP8+PrWiTNbxb7ZWwfhc/NYzS2YYYBUdc30xJwqgPVtJdo2FHLwQFlLNnQzvSTL/ed11EGLaNDQ4ybLVymJE1NGdsqTxzhkh0bejIkl5AcYmuw7qdzjc4bKEokT7EixVNqzw9wohyLrOfaN1fSWt8hWgULkeYNbxUMAicLIyrrBxz0D88wrug6LzNhxAC28RRs4ALhFhXpYQKnr8ldLWgoDUq8uefnWiRCiXPBB6u8BhzwTUR68lbjXjZDTUOLEubdBavRtHsWF2sy7nex8oVcMuD5+YGb+coEB4Js/QhcBSf/ewWFMmg/UIGfCkIpzpsbRTJZtHIgI7eQ8RQ0zRFlNPDeQ0Us05Qza8YcGEtIwyZgc7rJXZ2+6VtQrGuCkOAHiZzlkauDD0RZkB+oAI9RW3HoW0HdfXNwLAlHldNEMNkl2lf5fYNfZIXv6GbHXVnhGo13K8arLMqo6o5DUO3f57PWUk821kNaw5vr6dMb92rx0k0yNp1kxAug8JWYWmUcBypJHNEHTvNiMDO45HwS1C7e670NB8c2MWE2akimbSZTWF1U3RiSAD3MRUjMnT4yvpumhJlKlC9tRsKmE5WapCvwNxwIkGhFV2c0rml+8wBae0Y9CxVGWVwDnJc,iv:LpQufJB8jurx+2b1zvMd87z+byT3kKCITN0PQlW6yE4=,tag:K9tdQyFwbmk8J/6yHz27lQ==,type:str]
|
||||
gpg-signing-key-private: ENC[AES256_GCM,data:WoFK9E4vCkQ68WTgSrmTwf3qaDfpjd/MVi1wSEiwJLqtWvm6BhWzTD+LQlgqrqZkSbX7bEcRwY2XT2DDLqK32xA8NgmOFinf3Xj3XsVTxTUWB7QoEksl1FVtrzTiJV+5Ztk/irhRnyCBnWSl6dHallY9RxbPVRMdgFzYP09FKhgJ90nmTtbfRzTO+jVsUp886kRwrJhitjie+nJlNrZwdh7YtqazJrmggPs6Z8cF/GkQrpSZpVHPGh6uNWRyxf50R8dcjLTHOHgVMuPo8UHX2w4lSGmEfNVa6VKKiZg86laTr998H1oUzC00erII5RENDb+PulVe3Gy8aSxd+swybM+3QTSGg/2q6hk2rS/uDQ8nDN80xKqho9T5IDqSbVamS9X5n/adY2wDoJMwlF7oha6mrmaUiGaWVoRkhw0YpwH4xY9US5O5BfUgJ+NAAo4U+YQGAJvQkO1txkFifv/lLptRRexvfRQJ5nNP0Dn0Yvolz/Xwx78IykWIHzv1mx3odKc8wDDKfzPEA9Y3KgiSHb8B3CL4XQqcW0ADAO1gfeLRBWTy0wtrgoYKdLW+eNTjy/WW5qWf81CrrjDb0hDwRQRaO0elCjS3tg1FYQYfyc2dg0XPANhCACbBajP9l6MShzpj9+0WWBTrc1e+bKy42FiteYk42f3oI5k9EGsYqlpyTCUyk0Iezwskl5ui/3Jce9G8BhpWH5YQpIg8iXiKkLwaAMDgfrZe5I8ad44L798LVZM+0kXjBW1pbt6ok2PkhQh75sDKubiNKFGVyR70QguQyAfr1FKGC2W351OzX/2CMJ2426/M2IXBfaXxZLDjlMN1KMhwGAGQOPRv8EqZABvPUUP8fIDhUhtAn0AhLs7cga1Xoz0DmY2x+0aVvfYjZIPzrrJA1LIJtTFvJzUltpf6e3UWX+r6MoDfpp4vNLi2x3mDWM8sC75Ouv4jKL2o3VA3C0EuIUK8L/aDh+V53L0Yvc0AZxv+eV3cZjveEgcwSBhv6hXpZYYOHrAOSrHQFns5jUqxZcGMWGDOtl/tmKW9cRuxeSHKB9bNHoJWtMDX2ojcU0l4APCFeM2RRXFSohJRS/0lDgWz0JwI9xXkqDfdB8r7WS0cLKxcHmAxF+d9+qoJRwMc5AVIRFfH8NyDhS5ngFJgeVE1ae0ng6nIauxwjpmtjdWl7a2XOKAtbh+jwHe0OqlG20/i,iv:D7QmF6bx/r9JX2S1Tb8IpDqX/yD3deNPqqNHXJHrhqs=,tag:NSEP9RCcaZBgbaRnmR/p7g==,type:str]
|
||||
gpg-signing-key: ENC[AES256_GCM,data:AyafTF3H8p1qDk9xsNvT68BksoKGLwE2uE3hjz0TrT2XPxCRDOIlfAVYEPSu2Ih6l5a2uruEJhHPtU2fPCB2hln3Bv3gZfFGLb3GFWkSvdePIYFxG56uqGK5dE1KaMccc2cTi+raDImKqSTbp7Qpdo/c6C0WYVglYrD+2l8Y4QOiFuazyLY9zwcX0qG7pIjJ+akCUjfE4rJDAW6H/v+OqvHpcED3q4iXOYuw9sj/UeIgZfJ5Xc/uVrRmPewP4yALnA8o9gsaaLdjWRFIILe7VRwPr0YqwQ6XGgc+pEartkV8AzxjCq6DOtifOOzmu8EI1U1yoaOViYCAMbSHfP6SIKr7pJbrdU+YDBq9mvRx8KPXWUU2uNGrMObATEzlqMYAYA/HJeOdV4w3Axvq8RG2FLkJxJJniwNP5VZRF3bbbI3w+hprRP2yAwgeQw19KBU8yF8upKga/GdMNScpKJvRyVLjZtI0rsfvSC81lHawouuje6aPXT3dH1S5ROJBHMTeV0sP0vK6liBevz9RZpvNs6JVyNCgiRRtRSSYqsgwPJonDKuPeI/Zpgih7HboA8HqhIibqpO96h5/4yO69oJAbLUYV3zlKQcMDTaqadL4Ox5Z+8ygSAL3l1ufZIFGSj73SNHGQqQlIS/a3dAccRi5fPqv0gOmGFAAUJPKfeauFn3TclwojKzu5vwmQxZ5g50txEpTSTaYOy++qq6UZa/dXEyDC7fle75dXhqXyqMCf9kDwZZl5E9eBsabNdTF+auQCp82iLQivdBy7uJX2hkJFSg84fF9MLgH4mOcMQc2E/z961uNzEgoyvVhbDY6+SIJ+6SGmnardbFW7mYrj/QqnSUiMc4tHukAB4NGQYHgjOYRZMpHfVO/6dLbjmTOljnPsnfQUCepvb9rGim8NazvnARaVzezx4t3tfbNR8uLQudSeLZzn/Fu1mKSQvpP+IjdglmyAgp6QhB4OCDPbiaMRDUtOQIzlVILdz1/geUVzhZkJ4xzkm5klGukhtv+3TqjiTcEnoVJC+A1jRvxBQUfEE92GFuupJUfrw8bIDqsWQLkHPCNUMgdoKa/q2OkrWeQz2zm2yUqMAJn1/puoLHdSH5aCELUggx1gQZoc480pSBUvSCML+Qc4B4Cd6hX2PPp+/KQeKtfqHIsKz2I+DMT6KDirReX6WHxqk+s2DtLw7Wx/j65PWCIWLCz,iv:c9BDRxQImWTmwq11+T2CW0S00Dixd8d0od5xn5zZmY8=,tag:brnMedsdTwlkbaHaLa2w2g==,type:str]
|
||||
ssh-known-hosts: ENC[AES256_GCM,data:P6hKaCpcZdXIy4rE/1b1+66Md/3Kmviileb0OIT3Vz4IVsDLecBh3IiadHq66V4KocXC4LBUNFjcrxlVVGIonHJ3qd6VpQUwG0n83yhj6LD5hgxmZ5phAyR77Ri8BiH1lWUcg51L2k0U+WJFPP6JkumT9MEz1t1+JYr5Imij6GKRWRKFwTbU6QJwFH4tCA/iGw0ElrzIjSHiNiwIKfbm8yas9vlOhr4y7vCeV10hVyvV,iv:dZ8hQxhn7pokWbQG/8rQ2vFDpPYut7WCG3xy9g6kzNs=,tag:xMyPtJJoh8kjJcOT4t9aRA==,type:str]
|
||||
import-user-env: ENC[AES256_GCM,data:9SE2k3/IJqbdexj0QFSQBQ1+u1AduWNjt+0XIHryJlxIEdvv9a+6hP4EXPo+31GnaE4=,iv:qZlWOBV5owr3ESTyFaV/R8VwlGl04kaui80I2zYk4zY=,tag:PhjRfEC1xoHaYyl648yCVw==,type:str]
|
||||
secret-key: ENC[AES256_GCM,data:YqwSJazPqz1OOsUVIPKsGvIHbX7SyJqryan1KWSRGRJkt9yZlaiRtQG/mQugAM6IvLFD3pj+gPTcXyqenaAQKA==,iv:nyPnL7wuhpb0kl0tm1JhOHmF7KI9vVcTN1SRGTgD2o8=,tag:Rt/IPC/YtBcmTx5osGlbBg==,type:str]
|
||||
@@ -17,88 +16,79 @@ sops:
|
||||
- recipient: age1mt4d0hg5g76qp7j0884llemy0k2ymr5up8vfudz6vzvsflk5nptqqd32ly
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBHVmVrZyt6cDE5SUp4OFVm
|
||||
c1hhb3BjNVByaFJEMEZ0Wk41OTIzNmJvd2xjCmtlV2tRNzFUUmdoejJHWXNXRzMy
|
||||
M0QxSWd4WkV6V0JrVzJ3V2QwbDdRekEKLS0tIFpHbXlGMEdvY1J0MjYyVHR3OFlw
|
||||
U2FlRW9SS2RSbm9DeE5WWlJuSWUvcFEKrdtH3UVnpfayfViq459RC93otXzaZBYH
|
||||
O4P1Jb35qjcN5p5+LSMmODPLTawsvil9/Pl4wiK65PbvnY41pJkUMA==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBjWnlOa1NGME00dVhBQ3Z2
|
||||
UE1HZlc0Nldrb1VwZTk0Z2I2Nm5ZazV6WndFCnNoM2JaWFJnazJaWlltVW9uNGhm
|
||||
UmdPSWlsdllORFhyMzRhYXBKQjRqWmcKLS0tIC91RmRCNG91UW1xb1pETXczSDlM
|
||||
aStmM20xL0hHT3VnMWpTSEltZEpqT1kKj7Io72QSR/dgggQRBZ0gjs0Q7Y3GIP9K
|
||||
GPgvKGxEi8CcrUj5J9u7rDUed1/TowgWWs/ujt/8q2zfli7AjTpS1w==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1ug30gg4y7ftuya0wdv7q0vh4egn00wlv2th7mt7cgc2ze46wmvyq9lq6ge
|
||||
- recipient: age17tagmpwqjk3mdy45rfesrfey6h863x8wfq38wh33tkrlrywxducs0k6tpq
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBjMzRKU0s3L2s3UFJyTVJz
|
||||
VFdlOE83c1JiWk40MU9xeFpObVFZQnl1dG1nCnovRTA1NUFORzVKblJLRDBNWU1E
|
||||
ckpOVE9oNWxHMHRMZmtYWVF0VXRkd2sKLS0tIHpIb1RmVUlYdWpBa1ptOG1GcXZa
|
||||
b1c4djEzRWc4UEdURVFBY0dDNGtFbFEKwV9RWuW9gdfiVoIW+eD1XL1Lox1eqXmj
|
||||
d1U3T61W/qTElUGEo55TPcphCBRdqwGUm22xfc4GZltrBOUmxYWAGg==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSByclROelpuQUFPQlFpREJr
|
||||
NjhlUDA0TGw4R2FKbmRwWEVCSldrem9neVI0CmU1Q29qUUNZbmZDSkx0UmZmNkVL
|
||||
dmNQMEJjRjJtcWFYNE1SamV5SUozZVUKLS0tIFBMdFB5TTV4dGRoeVNnYWV5dERY
|
||||
ejV3RTlSMjNlcGNreXM0YjhpUkVxUzQK2xB69WIRrMPNdZuJUzwuNM/a/Qzpyp7b
|
||||
nInPmTCCOhqc3eNFSc+od6y5urMeW+r2i2iNV4B2rIdJTdLl1434eg==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1mrnldl334l2nszuta6ywvewng0fswv2dz9l5g4qcwe3nj4yxf92qjskdx6
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB4QnM5NFVJZ3ZYdlBzZTFJ
|
||||
dWVSU2s2NTBqUXEzTlEvR1UwRG4yMm9xdVhJCm1vRStmZUN6RTRlcWx1WllXTDNw
|
||||
cjlmWUd1cUhEYlMralArbUdKQ3lUT0EKLS0tIEtXZmp1WWN3VXZPeFFjM3YrWlBE
|
||||
ZDhPKzh1NkxyZWd5UkhkWjJhakJEbVUKWQcJR4w84ZVodBBEkQ4AS4jrJz8l2MqJ
|
||||
xX1mjv0TnAlMF273/NiYB5OiivqFMjFR/slnZ1k1j2FWGhVKyyN1vw==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBuVFEyaWtlV0F1d0QvMGpU
|
||||
KzUxdGpXRUMzOWhSODJNYU1Id1Evbm1QelVzCmNZS3NSNWZlZDhPYUVCS3ZIUXRM
|
||||
aVdScUI5aFI0aXU1ZUx0VjBBQW1hRUUKLS0tIGtOcmFNTXIxdEV0RlI0akJpWEM0
|
||||
bk9lWDZkS3BrM0t6V2xEbVdtZlQ1aTgKv7bIQpdGIoXMxPZDmLzqunIEaqQ5M63r
|
||||
Qu1oFC+yZh2UlkjGxKE6HMlMGn0CnBcTa8XvBaEVMfchVR/2WVq8TQ==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1hmpdk4h69wxpwqk9tkud39f66hprhehxtzhgw97r6dvr7v0mx5jscsuhkn
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4Nktja0Z6N09IdkQvTHE3
|
||||
VllabDY5aTd2NE9aQnlDRFlRbTV6WlNnZ2xrCitNM2VOT0NndTk3THRma2ROWXJ0
|
||||
WUlLZ3dqYndOVDNLaThaNmNobTZkTTQKLS0tIFdaWU95LzhQa0txTTh0Q2k5WklI
|
||||
OTdZOHdUSEVQU1N5RkE1QzVXT3R5V0UKtvPQD1HHUBA/C2Fzxixtwc+nJvTwXfGt
|
||||
cg4nYSgFcMTud3VLhcMQuRf++gO3J3xuLepBlhUeD/3Li4MDDZF5vw==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGQWM5dlFCbTIrSXlZYnBw
|
||||
VVQzK1ZiaXpQcTcwQzV5YVV3d1A2L012K1NBCmpXNnNnenNrNTZDUjdXdzNXd2R2
|
||||
T3FSc3BLdUUxWEs2OXlRNEdieXU1bEkKLS0tIFJkU0ZGcjd4bEUyOWFZeHVUMHow
|
||||
dVNTbk41S0VUNndQLzRoZ2ZpVTVqNU0Kp6okYalYtbI1CFuJq/881ZyOVpFoRq0j
|
||||
DvG2E2U+go6XftSaJ59DIUC6rzVBg1JKpJX3TS6SJhe+T+1paoxG/A==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1wrssr4z4g6vl3fd3qme5cewchmmhm0j2xe6wf2meu4r6ycn37anse98mfs
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBiSWVMTnlVNWxYRXVuWmVZ
|
||||
K1ZIMnpWRUZ2SDFML25wZVpxMXpLcnFHckNrClVmaWlIRlFDSEg2OERBbDJaUlYx
|
||||
dEZ5OVpDYUxFZk81R2piWEVKRkcwOTAKLS0tIHhHSlRKU3VWZm5sRFk0RHhXR2Vz
|
||||
SCtwa25aL3BhUUtGOU5UZk5sWU91RzQKJh7ldnkCBgztyWIwdUjtu5EpEWhRemVG
|
||||
QzjezfDmeSnOd0n0OVwSan62OaUJzJjDpIDb9CT2fvE/qRg8j8rEmA==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSArYVdXc2hrQ0JFQnF6NFpG
|
||||
UWVMVTN5U0JuQkRxU1ExdUlpWkV4RHlvYUNZCmIzOFI5QnVrMU84VTV6WmcxdjdZ
|
||||
aTZpOWZNdGNoSnJ2c0R2UzJ2cU1TRmMKLS0tIGFxTkxaYjUvaUxsRmhxRmpVeFFD
|
||||
aWt5dnlUYWxoUUlHTjRnWEVBU0NzODQKQ2v9oCbXhUhRnURyHWbAIJHGjgb/eVp1
|
||||
h9Tdld0TWTxxbyN8JkRa80B8JpUVwHgeqJmq2krnhDrYLN9zaugVMQ==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1zhxul786an743u0fascv4wtc5xduu7qfy803lfs539yzhgmlq5ds2lznt5
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDOXVkenREdWQwUEJka2tE
|
||||
d1ZiNXF6QUxMdldUZzc1UXMzWEV3WHd4WkVVCkxTR2JqQzVaVGo5QnZpY0U0eFQ1
|
||||
MmtqVVpmZWNQZE52NGthei9ZTEdQc1kKLS0tIGdTb0hxZzY3R3ZtQ1pxMnI4bDFO
|
||||
QUtySXBaNmlESHdXZUt4TkNKeC80SW8KRuCXbe2TA4pLOk0Z6E2UI7hwuWo942Oc
|
||||
qpb0DEdv3rX5+yH1WEos0gvOKnx4q/gra7wYj2toUMW+C2VfKdl6Nw==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4bFd5OGpvY0YxczdkVnVY
|
||||
ZXExNnY1UXBtb0d4MFNYR3JrMTN1SXhNOUhrCi9xVm1HZDhHZmpEdmdJNVBFcWhv
|
||||
UjI3VDNycEpKdTNnbVU1eVFUeUZuZTAKLS0tIE5GdEJ3Nk1oam9KYUVCMk9CVmpL
|
||||
OCtLcUZwL084TUp0QmpSQXNtSFhHYkUKwGvXXE9AWlrlDgRl2ECCmej7IMztO+fx
|
||||
852Vu610cI9FLv5oghlKM769+/A2QP82KwdxZ4MaRSDvJwXKBi16aw==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1sqs7urnzsdy64efmd0zukzv3gs5pnjksuxd7nqmdwdy5l0nqnunq6hyune
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBjRVhkS2RkczdQZ1pKc2Uw
|
||||
bTkrSjg1QzhSOGx1cjNicGgxb2ltMDcybEZjClltMVk5bHZGNHpQNnAxZXVON0RC
|
||||
Rmp2eFZ1dmlZSmgxa0xWOFhRNVI1TGsKLS0tIHlXWHBxb2tSSUlkSWczWndhSXRR
|
||||
cUNweDFqOFpYd05EVGxlRythRDczQ2cK7VR9UmJHrgRRuKkqQfptDSLwKUOYjSQ9
|
||||
U7Yb1Zk3cEymdTQlnvX0/h1uavWDnJ1fIaqOIJMuTO/sAk1fcJtGDA==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2025-12-22T06:35:29Z"
|
||||
mac: ENC[AES256_GCM,data:Tvj7CzTOFGTMJyNMTjx4XTmrBGBTkOKb2kIHNEtvhCfc5fSbAjzl/keONaq6LGMhyc83jp0XZpM22vN8d+TqTsUiFGwlXIEJ9aa2N/IFlixd/FGRIZUihQj65Uctbk1x5y0LHUDl53aUa/FFEeuF7aPlUB70Q2SiLME1ATtG9+0=,iv:b0Fp4fQUzhgmSKH7caegMXbstWkj2by/8ABQXUJjdIQ=,tag:uzkkvggilx6KWaeMhYRBEQ==,type:str]
|
||||
lastmodified: "2025-08-03T01:35:52Z"
|
||||
mac: ENC[AES256_GCM,data:wQPIW9zRhB6IjK1OQy69Ln+dj6OMNLnNKIzFIhv/vbQ4GllMJ3N/gZjuzMJIumcVND+jEY/qiYnsCFSptStlDYtB3/zHWo1e6It2pM4igtoTP29uiQME0vPJSz0guakZlDMa20mOTN0vVZODEbeBiQNXWtnTbl93R2JVJlZrWcI=,iv:L9Dk5S+hbBO0LTM0irfLuqjLYHzVtY5Tq+Q7m65u6p8=,tag:0GT9IyPeGY5YM6PP/LNs/Q==,type:str]
|
||||
pgp:
|
||||
- created_at: "2026-01-16T06:34:50Z"
|
||||
- created_at: "2025-03-16T13:02:45Z"
|
||||
enc: |-
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
hQIMA0av/duuklWYARAA2prIKKdT6eIJQM06tm+VZ6wqD3+ch4pz6vKVrf2+XINy
|
||||
g+nMlOyJfRu2tntJt6OrG9VTeBLtnvivUMAz54QNqPplDHdHelZQerkmKgBzOllq
|
||||
/XQxbH8KJE3G6izBrpWuRHR7rLMRTXLHhI1If+fH8f0SaB9dhS9jHzxJdYJYcDXY
|
||||
Kz1maOxXzlfaiYC+sARwhQnxEHbE5Z4t66JNSiVhaK4jG85Wl16RDY6Q5bvWmwaG
|
||||
7S79Qwf0T2USWHJmQ/KI+NggB2dtXLL3vEo3FV4OVJE6rltxuFTGIcxdD5rp81Fc
|
||||
DNpj/tNeepnjwCUJtitIDn05v2e4nxbHZEbtsLeHxX/tqH02arOPrRqJIntV0Uay
|
||||
ESxv7NTgrdgEDzFMx6qaNvZx7cscFuaR61BgdrL1qHu96bMVt2llypA2BVP0SM6+
|
||||
EGrkRCDX3w+lAl6ZKSJi4myrRv5EMH606zLwj1V3+//0Ndh0cZmK8TlhvQd9j40H
|
||||
UG5ywugyLEom7V/rCdh2uHxWY+t2CD9RVfgz3uGP+tAHB5eTLi0imPRyqGay+U+E
|
||||
y8x0l0QnKwll5Uq8M/25L3efJakUrLvf6Sf3UIyCdmHpRXNjOorqkgKDscVo8IsC
|
||||
XbYSgjopPh5lUsdjicmp1iD9nb/LvukmgHPiPFGN/xw5bvxtqyBPs3qjbd8uHi3S
|
||||
XAGnd1uAMEcGhAhAL3XmPA7Wb9U6Oa918crBl8vOAJzTuvtu9i6lME1LOc1myv+P
|
||||
WsLtp/Kh20xwbOM+LmYMYSEg6lON82TJ+uaXAw8poVFnCQ4uI1Js7ToONSM3
|
||||
=ZTqn
|
||||
hQIMA0av/duuklWYAQ/9Ey8zpaRU7DuvVaKTaybgkLCPTKNyq6mKXAusKqC0adMu
|
||||
9G4M8G18uEoo6/Oa1LpJsQneU05EFuStZPaCs9+zxe5ZU2YhcVcDGAHgCDFBbI27
|
||||
7kzUVxA/n5cK61CfIslNYdJolceJeLyH9HSrS3k3eI3V6zEQL9Yz05dDz7Nlma4q
|
||||
AKsnGtLY4og0j2k7HZcK39ikhJGkllZHhsM4RT8/UVeVZF9CxKzwQ2OKbHkhJZyn
|
||||
LGEpioYAKuIIWm/20y/DQwIYpAilltWkg+RWQUnYeAINAZKSzFNi9vd3N4n6e41t
|
||||
ikq8Ukpjbesy42w0ju9sbNWayga14OG5STg/qacrCDjp+wY55VJCcEEM/6kPj1rf
|
||||
e2dBR+eN8VMgcPOlexOf1pkrVhNqz9eDfEfaEtDbFDIgznt0pmLeeYcL3NBa5+Xf
|
||||
vpGXG3fmgoXvQYW05yY4efBRiex9f70lbhnnngeY9ZbmSpy3ZuzIKq8RgBxy1ve+
|
||||
4B6RYC2Ag8Tndj1xYfHcrqSNfmxq+xNieFV49PMGDO1hjJF++VASqPuRtX9lz3tZ
|
||||
Y7E7VPtTESaxEp9IuUgLYYnvSHh1SNIRl3OtcctL+bwbF2wNk5iBha+jC/aXNRU/
|
||||
PoRv1y+G+0R6aV3hLJjoC+Hrm2JX3FIksk64LRDM9mSI7Yl7MfEFrIzcH4HEzlTS
|
||||
XAHugaMjpRCntUxlaP2tq4jlrv+PQLh7+uBzzbhLBK6qSjybKiqHBKeluxfYVsDs
|
||||
rJJicnclRfI1eJPfZDlCr2iggd+2ABYG7uINQVrZYuw2dfb4IvvrqCQz/fBy
|
||||
=Qb5k
|
||||
-----END PGP MESSAGE-----
|
||||
fp: F7D37890228A907440E1FD4846B9228E814A2AAC
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.11.0
|
||||
version: 3.10.2
|
||||
|
||||
@@ -1,133 +1,124 @@
|
||||
gitea:
|
||||
runners:
|
||||
lupine-1: ENC[AES256_GCM,data:x8uPQSPid/dJkR/OrYOX9qrCyWTrAj2mRT/B/rSMgYyaI70+8I/l6w==,iv:Kx90gGKAscNXW3RUI5+xH5IcYnyNHtvzCakyd6TLUUA=,tag:esgEMeN+n6cgocMvV9XIuQ==,type:str]
|
||||
lupine-2: ENC[AES256_GCM,data:yNdtPGHuIJoCIJJPt7/iDwG3cgYcmkTLHUGNbWSYEtAbmh14jAjnQQ==,iv:ffcuL9ivs2Mag9Q+foHG2hS4IWWBwGyrZXXdiZV64hs=,tag:/27xqi65VqBz5Sw/fekN/Q==,type:str]
|
||||
lupine-3: ENC[AES256_GCM,data:STJw6hmlOFcy14nfev+E9nin+WJzxAgGwV4IKIVuoqjF7rIqniY4MQ==,iv:+72Qro4naAzdqXvCGi7utHVkT1xeyQkXktahpOTpRjQ=,tag:R66yUHSOT/czhlNcTPXRtg==,type:str]
|
||||
lupine-4: ENC[AES256_GCM,data:5Yw/iv2P1WxarZbRuT7XjxZfdYI9msOBJrl5l4XusivX+BOq95hcSw==,iv:TY9K+8NCCof6oq1CI1E8h3GeF4oJM1KgF5+cufXIfdg=,tag:Cd6+hgxfClsQAlsS+cZTjQ==,type:str]
|
||||
lupine-5: ENC[AES256_GCM,data:+PYUtLBx9MdIebR0nWSNGKKCyKcGpI62BXj7AN1iV4wU4+2awrWZ2Q==,iv:PALEU/sYebhPTO4ZXEm2uV6z9hN678ZxqOSnaHVlyro=,tag:Enb08N6TYlOh+x70pcpJYA==,type:str]
|
||||
lupine-1: ENC[AES256_GCM,data:UcZB2p/dInvcl0yNBEohzbmcVxg/QQPXlIsaVB3M3hyxFg1gtGfUGA==,iv:OigyPfPoRIjvyiId7hiiWdNrZqyZqI3OonvJC+zYEzI=,tag:SjBsvo/IJKhFQs+PiI596g==,type:str]
|
||||
lupine-2: null
|
||||
lupine-3: null
|
||||
lupine-4: null
|
||||
lupine-5: null
|
||||
sops:
|
||||
age:
|
||||
- recipient: age1fkrypl6fu4ldsa7te4g3v4qsegnk7sd6qhkquuwzh04vguy96qus08902e
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBXOTAzdEFVNmRWUFNzY211
|
||||
NUpoMnpoVmpCeFIzU3JacDIxcjNYUTBCZTFrCnpFMUtydndyUDY3emdVVEp4dUpy
|
||||
ZWhTRGEvdG9pQ2JvQ3pGL2s0M3Z1WHcKLS0tIExjaWh3MHk5WEZVQS9lYnkyemxE
|
||||
UjhRL0swUnBJNmNzaGtUMjE2WlZ2VDAKYV8T2iXVEr77e0vuV8e8xpbhStxUoM9l
|
||||
Jpn3XiYuoWHk/bmQyjQIQzjB4oqx4TqEnHccSmN3XtUIPGr296zwMg==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBncnd2NVdqdjU1WWx4YWJr
|
||||
RUVuSThBWWdyVnpFT0kzZjBrVjZiN1FiU0ZBCmNCbGVZK09YaFNGSUE2QWpidEFw
|
||||
aEZEVndkODRzYmNLWDRzSGMzOWZKajAKLS0tIE00b3NiclFrOEk3R1lkeWM0VHY3
|
||||
dUFQcG04bWNwYjRjTlNWV0pXNnlTN28KEc8nM7jzMuh2B6Q9vDS9apmVZDH9fAGi
|
||||
dyze2SHCvfbr6So6GtJnZQy5J7tPoHBd3zwjojYV11kR9Ci1GszrVw==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1mu0ej57n4s30ghealhyju3enls83qyjua69986la35t2yh0q2s0seruz5n
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBuVVdmdEdZcTYxajVHQmtF
|
||||
L1pad0ZxVUdlWXVjNHl3eEIxZlNtdlY2WGlBCi9NUUVEakZLV044dldDSkZzaFhS
|
||||
U3FJanBaL0JGV3AyS2daTFNrM0J1M1EKLS0tIGs5ZjRZcVREenN0L2RPaWp5c0s1
|
||||
U3AxOEpvdmozU3RRMGYzZGZOZGVhSWsKHEz+eL/fHgLUuixFIeA2dUAjZekzRIHy
|
||||
NgYmzaWhY7IlPg4mZRIW7hW+ckfr9brdgOR3Gn5Fp3tPbAL9GO7bnQ==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBuVzdFdXdETEN3bjdIY0hi
|
||||
TUV3YjFSUHBhNTIyUDd6MC93R2xRZmZGTkd3CkZuNWRZY25nY1FMZjV1QzJuUUZN
|
||||
d0hzMUplY0w4c0hVK0dCbHVzVURvUm8KLS0tIGt2UEozYTdzMDRGUlRYeWpLY0Q3
|
||||
bmFMZGRhWGZQZlpwMFZsV3VwdEljRUkKwS1gGaLCY/+wv2blCiDWHXOTl7eRVDPH
|
||||
NPk33fXDa0y4AxFmwJ9caHL+UHWhSCVvi6odl1F6OA4blNLHRZAyzQ==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1j2u876z8hu87q5npfxzzpfgllyw8ypj66d7cgelmzmnrf3xud34qzkntp9
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB5THp4MkRiUGd0VDVERjU2
|
||||
bmR5OWlkTFFmQUM2QmRNWU5DSUI3eFV4djBVCnF3dTV1aGlMUTd2UWlyUWtXcnlG
|
||||
TFFRdUp4dnpXZ2FLSGZoRUsvRlR6ekUKLS0tIDVBMC9oUnBuQXpkcEZHSUd0NzNp
|
||||
U2czY3YxRG10aW9hVGJsbkJwWTEwV0kKaNQRm6qmIIbztzrmw6nZSA131lxw7PA9
|
||||
MBPmPQmskIbGJ/bQCfZ7Sp/Pe51sL3moA8tWMqGZEVa+xuxa/KEKSQ==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDdmZXREhrUk5kWHgyMzI0
|
||||
RnR0bVE1cm9GQkpwc0VWZ3ZmUjMxMzF2WVhFCkcrcEI4enlRN09wNzF4M0tTNXZi
|
||||
TWg1TTkwUlNYUU1ReUVSU1dTdFoxeWcKLS0tIGZaMmVmZ1kxbFVVMmsxTzczYU9j
|
||||
N3Y3Qm9SQ2Z0bWNhM043czdnWC9RR0kK61W5sqXybAbjTUR8D05dYMInLl683Rzj
|
||||
G+0MZEzvfYONGU1gduRB5quHAwZLG5b9N6zorRSFON1meni+v/Ciww==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1t8zlawqkmhye737pn8yx0z3p9cl947d9ktv2cajdc6hnvn52d3fsc59s2k
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBmYUJkQkhJbjU4a3ZNbzJM
|
||||
NGFXS2ZDSjM0Nk9BVVVCNUx0Um9mbmVXT21BCmRjL0pNcUs1NWdxYkQyc25nMG53
|
||||
c1lkaHVyRnloRGZmWk82K3RZVzNnTjAKLS0tIERndWk2TFJWSFUraldwczFOVm13
|
||||
NWRDWGdMNXFraE5ueTM0ZG9hMHpKTjgK4xTJKPcrk3EHwMoXlTHzqeDgx9ZJl962
|
||||
8lyQMOSeICyXLzRgKQWuXssDMuev0CZfvnXeWp8megmXuU5Eq1GW5A==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBod1RDR1NLZlhQQWw4Nk8z
|
||||
TTZHZitTNjFxUHVIZWY3N2VDd3pXRGt4N0JFClNzQ2REbSt5T0FXaVBhS09zcS9y
|
||||
TW5PTW1mSzlyOHppSm1yMWp6by9ZUWMKLS0tIFVsYkJZbHE3K3B5TS95amJhbDYy
|
||||
dFV1REdKYmIweWw1MDJ4L3p0cW9nVWMKQndDoniGQOn01SnscX7u7y6l119Eb++q
|
||||
JoTZELALPIyGdI4pXd6zCfRyLFaqWd4CO0RFtl8FTcm75W+ETmqqlQ==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age199zkqq4jp4yc3d0hx2q0ksxdtp42xhmjsqwyngh8tswuck34ke3smrfyqu
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBUY1p6QjViNmdHcjY2and5
|
||||
aEYvOXpxWEtqUnRTNEgxeE44NzZ3VW00OEZFCjJVN0Q4c0FJNEZEaDVXZlNkMTlr
|
||||
cGQ1WWhMY0JCTEVLUDNGMHZFZDAvOU0KLS0tIDE4ZklUMWtKL3JlbzlrUXdvekJt
|
||||
cjhrRmQrQ3g0UG8wKzZHMllidmRaQ0EKVG9D8Fh7xMzNPXecdX6zTfank2/ZNnjl
|
||||
mwxCXnM2e5udtviQURJstLvlCElNtvdY5WdMkUoCXwHoMspPwGByFw==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBjdlhET094ZGJsZU9tZnhz
|
||||
d20wcnltVU1MS09Qb3lzV2RjNi9OZjhDdFRBCndRY3hwQ3VHQWF2MVRFUU1MQkhh
|
||||
bGRQdEVaSzF0YTgxTGdITGN2dDlYc1kKLS0tIEw1MmFkUHJaKzZGRU93T2VTTkxK
|
||||
VU0xV0gwQ1NnbVIrS3lHTnJ5bU9IcGMKDWSWfA7iBQ+8iclmXDVf5Qjv67D2WbJg
|
||||
ovrYcT1F5+qE4xkuUkzVaGn9vgT+/kkzFucBz0c0iD5KCoa52z5AlQ==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1ug30gg4y7ftuya0wdv7q0vh4egn00wlv2th7mt7cgc2ze46wmvyq9lq6ge
|
||||
- recipient: age17tagmpwqjk3mdy45rfesrfey6h863x8wfq38wh33tkrlrywxducs0k6tpq
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3NGpoWUVmK2ttVno2cG44
|
||||
aGRVSStsc280cGFZL0xERUdrNjJVV01HemdBCmZBSEg0V3FHNVEzWDBId1RYck4w
|
||||
dEd3WnVhUk0wdHRxOE9WUnpaUThLa2MKLS0tIHhWbXJmZ1Y4RWZ3Y1g3dTI0MzMw
|
||||
eGdwemRYSCtoM0FseXhLd0Fzc1dzUG8KdPDyA/XJSgjHFycEwSg7KWX4fMA30CDq
|
||||
GIWYDVDicgzbxjNKcQdGzFvL02B1igogHtuIJn1qE/bNrK6L9PQ3pA==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtV2R5VzdCbkFDTGRJUG81
|
||||
bUk3Y3F6NkJGYUk1VW1XQnFOSTlwMTduL0Y0CjJ4N1Q5MXZjQXhsTk5Hbk40U1pU
|
||||
aFNxeFIyaGJpd3dMZFpQL0R2M1dHbk0KLS0tIGpUVGMyRSt6aDZVOERRWnRSY1Ns
|
||||
dXptcUNmeGRHcEs3WStpL3BuZUtJbjAKhqJEec4vjSC18oRl1dTNkF2Ev4YtudE4
|
||||
Lp2vbcSHXwrZhqbFlQ8stCpUJvjCBEr2cT/shrG38aP0MzgeSmMacQ==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1mrnldl334l2nszuta6ywvewng0fswv2dz9l5g4qcwe3nj4yxf92qjskdx6
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxTG81cS96bWtOWHJTK0RC
|
||||
WlAzWWdiZkhncWRBVXZtVXdQeTR4WEl5MVJ3CkY5NEpnMmdpVnh1eXBCajhPT1Rr
|
||||
ZWpkUm40WHpFcVdQcStWWVZWZU41VjgKLS0tIGRyUnBsb3FnRE9IL3RkTktjN3dO
|
||||
ZEY3d0I3WVVhQUNPcmhKYW1sVlBGSmsKTsZwHdholYxIhOn49WTdb3pnjT8oTkH5
|
||||
mfayWji2cOBRRRB9X40OaVg8SCIhVAQNdvbn64XaJWqWbXFtXamgLw==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBURXhRWEFHU2Rtd0pyZGUw
|
||||
b09VQ1JhYjhJYlpnY2FCZndEcU1Ed3k1K0UwCit1NVIyL2xuZlAzbEJwY3V0UTB3
|
||||
Unk1L3p6cHlVWjllMjcvcTdDcnlxcGcKLS0tIGdGa3MvTmJiSGF4YnBZbE1wdGEv
|
||||
eFArZE5MaXlvOE9XN1I4eEtNMEpzcU0KVNUfcUJM+IVY/+b8mQiHKvuFnsih+zHx
|
||||
ZdUD+FPjghqrzJB4MOl/PYAxJ4lga6gPbcRWD5UUDuyDGOUwRpOt7w==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1hmpdk4h69wxpwqk9tkud39f66hprhehxtzhgw97r6dvr7v0mx5jscsuhkn
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBhejJHU2N3cVF0TnNqZytD
|
||||
UERpTmNnT0FJMysvbVYvNGM5ejNVcE5wemhjCjhyYVpsaDJlNHI2aVg1eXZtV21a
|
||||
eHVFL1ljWXRkYlFrTkgvWHhKS2NZOHcKLS0tIEVLRFhKR0tyeUJ3Z3ZoREY2c2VI
|
||||
c29MWkcvUFlzU0VCTnFTV01rWkxDVGsKcyKsGo6Ep7f2dBwaUYoMsqSqQrn3Obzm
|
||||
sDovKBx+Y7+Yn6fnxy3ISQ9FUjupMtKffiO2AAK7AAI3MFjDOUb9zg==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNUnhIOHVLUG1meWFlZ24w
|
||||
SVlFenR1aWZXK21HSXpHU1NSZ2llQ1EwSnpnCmJYRXR3b3IvclZvaGpGdEpOUk9D
|
||||
eDg2eFFJQ0M4TEJqZDVUQUZGa2h3V3cKLS0tIEhWTzhoMVg1UEM2M1k1TVZTUDlL
|
||||
RDE1RCtUV2dDR3haclBMZDFhYXcyV2sKjwEI2dY4rluumihyEggLYDDvZZAK4SZw
|
||||
FWkwIUpMCZzg2fCeDMnTSAWfAZbiDcPLoCieJ2bpGXPTzyasRlOakg==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1wrssr4z4g6vl3fd3qme5cewchmmhm0j2xe6wf2meu4r6ycn37anse98mfs
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBPVGVOcE9TdVFDYURFeEE5
|
||||
M0t1Zm95SUZpNzdFR0N3UVYwdG1yOWErUTNBCjB4WWtRdXNJV1FVd0xNODUzTDZD
|
||||
ZXRteEpwendneS95alVhckJyMXZucXMKLS0tIDZLNFdGUTNMTm5KUkF2TWxPNk1O
|
||||
V0FISGRYNmZ0N3dXc3RHdGNpQldOVE0Kkc7MRhVvpKlIVGKRvvPGyW/DzatxM7+Z
|
||||
VP4kAf0Vu6DyKZINDXH5XQh6qxeAccYXhv/QhxdSuCW4bjplMMBSnw==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxamdXMXJ4K3hMV2g1WmUy
|
||||
Ry80dG5wdWlLc1paY1VoSE8vWk1ra1g5cldFClN1eXlVUGVndnovQ3dxQTdzQjRV
|
||||
Wm9NNWg5VVR4NVNsRjM0VHFya1FQeWsKLS0tIG43bTdKVjNrQlBUWHJoNjIyOW85
|
||||
TGd1Tng1akExRDd0TFZmQ3JnS3FtK3cKn2t7/4yIDZT2oy8fyJibF62usPjhuBOb
|
||||
9qQjChRm5h5mNSWdAzyf48wID7czzJiZjqtfE4vjLYLsWKMzz9j3xg==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1zhxul786an743u0fascv4wtc5xduu7qfy803lfs539yzhgmlq5ds2lznt5
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrVDZVbDBOR0d2VDJHY0Q5
|
||||
VkdETUV2dFVWcUM0N3pwU0dlekJqYzZPZEhZCkZWd0dVS25jYm5Eb1hES3Z5SmFk
|
||||
WnVEYmFtRURTa2FUYXhpQkNLUnhjbFUKLS0tIForS3RPcFkvenJNaW9wMFAyOEpP
|
||||
c2g3UlRHc1ljVGZaWVRlTUVORzNoczQKFvxD6ty10YobBU2BuyVpDsqGI1nie4Oh
|
||||
eQbvBEqfTN3zR38ujT6/tLfyNrtj71oGzI9M+vUUGbrmob+/y2VABg==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKQm5UalBhV1NWa2ZQNzVQ
|
||||
OEZXODkrYXRGR2lRMzMwSk5KV01WK3pLZlZ3ClNwZTV6aGRvZlV2UXJaNm9IOVVR
|
||||
VFZscVZhVkFaMlk5a1ZCcWJReVN5YWcKLS0tIEhHMnRKdWJvTkREbFlWb25YRXg3
|
||||
YU5mMDlRckJCMDAzcHYyMWN1clRJRVEK77PiAQP+2+WblGYEgAf6bx6RTh0JHiSZ
|
||||
/jPIN/rbAKNv36wpZDbuLV8tcMuvhleNMRSSqbIloLSzww+Z5nOU4A==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1sqs7urnzsdy64efmd0zukzv3gs5pnjksuxd7nqmdwdy5l0nqnunq6hyune
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBOblRZRERwT1k0cUVkeXlF
|
||||
bXZ6VnU1TmE2dFlaU1IwMXV0V09FZjR1bUFFCnFUa0hzeXhvTjlaSk9lZFZHT1d2
|
||||
RU5NQXJBb1FISTVnSFJheEZLTFNWa28KLS0tIFEzUWFvOXE4WGRkWmxtd1hvUGZu
|
||||
QlBkaCsxdlEyT1hhbVA0c3J4bkhHU0EKbdPpiKgu416P0Ciacs3wkH0OAeHKyzQE
|
||||
ekyNhHHKT7IqJSvEl47PpTIsgk99SrLgImNKY8sDieOqDVuM0bhgTA==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2025-12-04T05:53:51Z"
|
||||
mac: ENC[AES256_GCM,data:o55keAaJEXVOAGvoMp8FWvtlxMgfF/qR50FGnNM1whYz+5+naRJ1dAOW9NKYHWbtOa/ZXEMTkjoFrTJidAaIXza1Ot8llbTGYh56fsnu0FKZfVM+rvecRDhXKWxiAqyiLUvtUfA2fSg9LGveh2U+0dulcU25sb3Wf0RcFrtM3xI=,iv:3/UllekmGIaluv8y8I6Azd/52dJzk+C5ah6XLJj7Zik=,tag:T5ILXiC5hK++0jGOnHCMYA==,type:str]
|
||||
lastmodified: "2025-07-30T18:29:08Z"
|
||||
mac: ENC[AES256_GCM,data:47cki5ucPTVd4JuEyK0QkDCCEqj1pW6SA5I6ihC/MEja6TIuHTcEPFpje8+LvpGjpP9uobKX4g3UcyvkJ63j/k3hU0xPYQX3Z1ee00KIMKB0GHNjUR8ENtnwd3TU7kp5ohtXeCtcyzCjdFFuXp8AINGv3vpbU2MzauctUxn5B1Y=,iv:1mpk/f1QlRtHfA9dqyNLBrvfVPgtLnZ7ibj8qNrEGD8=,tag:drEK1+qeJy97rgeQJyqucA==,type:str]
|
||||
pgp:
|
||||
- created_at: "2026-01-16T06:34:51Z"
|
||||
- created_at: "2025-07-30T18:27:50Z"
|
||||
enc: |-
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
hQIMA0av/duuklWYAQ//S5CPlAJka09zfxhQCKY9SnHOlkNL3mQxSN9EcxiKFgQD
|
||||
G2/qlFze7CiswTr608TXNQ/lPb+SJHgLrJvcBwISh0MCKKOZtyNjfSIIdR1A/JTE
|
||||
OaA/JCJ76j2W7YWYrL18dY57n7DOMmhf/BZj0hI4PtDqh+dB2vX/U2i3kWdODb/K
|
||||
fowmPrqustOLGAXOhuKegtQ8K5KLsP3NHjrp5TiOYmI7fDVkwvBnqXj52n94pw3n
|
||||
o+HpvmyWFSm7QExGsjbbMbtDEmJJ/u8arx+Tb+ELumrz7QgwXt9ZGoPpJnmz9SsC
|
||||
4MoTF8Ul4HRwMoMyGEQAzb1J32THFKWSUtWaLjNDOW91l/eiLpY0Kk5f1BTVcD4W
|
||||
GsA63BsSqnIDB4Tisz4ZRhaRGY6sxyXHDSnHzVQmKrv3kwTJm8ODA18gu+HZ021h
|
||||
ShG+m81PYrGkeqYwJHnEMfSo4XY4/lHdsZ0yldF8eSjZ2raPbsw+lmadot8mc1eE
|
||||
leiEJOP6+ZOs60dJ+dOwaeCb5CDjFaCrq6c0+6ESWpN354tN9L9DZGLlYIt2AlcM
|
||||
/N/5DO5F81jxlBbxI4IFwRvBDBwO81eQlVtjQB5V1+dbeIaZYS6GN72xHUSjICNJ
|
||||
0Wv8iDwxKRjQI2uol7KmPN0Vr9siMIMAP4yCppnmdxF5VcGbLWNu9lZfxlj5o4fS
|
||||
XgHq8TJTMWKGF2Yq25/5rKmIb/8cCOU8XLNZ3xT4X2dErqV+nWtmXgmNySCphn+C
|
||||
xK/cKHseztzXzffdqCrJCaeo2KmTou+gMyDEmJrVLhrcIMayptt9dc0dgJ12N3s=
|
||||
=pLWS
|
||||
hQIMA0av/duuklWYAQ/9HdDiIXAQjcAbokD7yliGC+p7j+RxD2FDh5aXtDIS14dM
|
||||
pF7wdTdY7PvcXoSCQ5ZC7bjIY86MDfD+BT63MwjOczIgBJJ9wrGDZ2o9DnzzYsI1
|
||||
XdUgQscjtbAycNlaczI6IXrYlWqjt6qpp/OADXdMXZo3W+pTR3aSdrj/FcMzJad1
|
||||
AMQt8raqrD5LxIj0yWEYvob5z7NA6slBvVJRszsbYgz3aJWqG2DhlUBph6j2Rgmq
|
||||
/W796+fywrunmY/dmzptT5Epp5gZ55BAqg09qHj/+crTxIt7SNpsfps2ki8JBVq0
|
||||
4ooaUktBBMnhsZBA8NIauesokZkLO0MvyvjMBPGR8jun2EXoNtFmWZqUqD1fb0B5
|
||||
xe0SVg8XIzS/AFnKVAWfj6h9lM4guLL/kxu3aPAJwOj+YtIAXx4vojs81Led8nlQ
|
||||
jXvfy7Y94EQhKTLWuK12QC+bw2vy4V9L98nyDKB3ZuN2l3A2CN1ZLXArk/oez56d
|
||||
5t/0C43qEPfzQH87kygGuuQmlZvQupnHN4iCvExmoiX362/3S9h1wS5QcKdC3Lk/
|
||||
f3yr0+r1uOYuoQuofwitLZaq66aCmqYUmXhLvGujPjg8YuNXQ5k1MlOilDqoZnxk
|
||||
0V8RQbTpvUcqRLgczofC0ovgE2W13khS2BGxG3ZPmAbUGiaIP9OkfebI7hJJE7LS
|
||||
XgE4cU06C5jj4wLkOj3y4nEKwaFrEGRO3YQa1kl5/sExOg0Jd7fehozVh8+opGOZ
|
||||
MhmVHghd/RYZzBi3NZL28xnAvsawE1m6h6WEGk6JaVEdJh9W009AQCtVyChs9Og=
|
||||
=4gbo
|
||||
-----END PGP MESSAGE-----
|
||||
fp: F7D37890228A907440E1FD4846B9228E814A2AAC
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.11.0
|
||||
version: 3.10.2
|
||||
|
||||
@@ -1,75 +0,0 @@
|
||||
dibbler:
|
||||
postgresql:
|
||||
url: ENC[AES256_GCM,data:rHmeviBKp5b33gZ+nRweJ9YSobG4OSOxypMcyGb3/Za5DyVjydEgWBkcugrLuy1fUYIu1UV93JizCRLqOOsNkg7ON2AGhw==,iv:mWgLeAmnVaRNuKI4jIKRtW5ZPjnt2tGqjfDbZkuAIXk=,tag:iHSkFcMmTWEFlIH7lVmN1Q==,type:str]
|
||||
sops:
|
||||
age:
|
||||
- recipient: age1ug30gg4y7ftuya0wdv7q0vh4egn00wlv2th7mt7cgc2ze46wmvyq9lq6ge
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0aGQwRlJxN2w0Kzh6OFhC
|
||||
RXFFN1g2RXlmbVpCYTF1Ulg3bHlkSmlZTERBCndWbmNibUZUSjh5MkdwNGQyeDdz
|
||||
dDRVZTliQy80aGxUYWFaQnFqMEEzbkkKLS0tIGVURnFUd0dtVlMvN1lDVUIvaGJy
|
||||
QmZDdk9JOTdDeXg1NUJIcllIdXk5ZHMKFROfzKzo9y1e6siuWsU5q4WiIUhkQTDi
|
||||
05fhUbrS8/OZQfG+KncuF1n3bWQis/USqwW1vEsTDkn6RlU9nGP9hQ==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1mrnldl334l2nszuta6ywvewng0fswv2dz9l5g4qcwe3nj4yxf92qjskdx6
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA3QmVRSVMwdkQzT2dJTUlu
|
||||
NDIvUHJvaWNwKzBZaE0wVEVnQml5NHU1Y0Z3CkdhbVpFSG1Oc3lERlVpMDArRnhP
|
||||
SFp0dGtSbVBUcnZpQkd5cGVUWXhXQlEKLS0tIDVBckwvUGtBVGc5RVJjN1F4cDJ2
|
||||
a1NiREtXMG9kcXFMeFNnMk0rQ2c5Z2MKKWK3+P9QshvgP2TCa2H5SFE+ZesaUZ9M
|
||||
qBhPT6t44/dr7foowgVGyEVvnuaUu4GHnSKyYiwZ+bjp6E3Wm2fMRA==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1hmpdk4h69wxpwqk9tkud39f66hprhehxtzhgw97r6dvr7v0mx5jscsuhkn
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBRTkdCQ1dtQWJtWEJsU2ZU
|
||||
bzdpTzZnUUlrbmU3eDNvRlJ4bEk3RmF4cTJRCkNZTEdTWHVHUUU3eEpJNEJFRXM1
|
||||
Si9RZjNVQUpNaVU1Y1owTU1zakpvRzQKLS0tIENSUTFDNktpeWR3VCtpY1pFdXQy
|
||||
aWE0UkRBL29wMTh0RGZUUjdNdDloQlUK9+3fPifkgB3jsqaZrWvp5GoogwOiGuMQ
|
||||
VA8JNJ9Nlph7pom0oxu6wc50WLbUdyOerz37TowXwys9+Lu/XJVGRw==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1wrssr4z4g6vl3fd3qme5cewchmmhm0j2xe6wf2meu4r6ycn37anse98mfs
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBTb2xWOWY4V3Mxd1Z5bklT
|
||||
RXI1bjNtZ3hORkpOOUpFSXUrQ0lpODhsWHlFCmhteWJWam5mU2Nhc2tlTURRbC9i
|
||||
OE1SUE5iczkvdWRTdDRKd2NVNGhHS1kKLS0tIFZWYXA4TnF0dHc4K1FlYW9Cemta
|
||||
a0lzbUNKMzVrcmgwQWIyUWo2VExMYWcKAOwJ8tA9L/jQ1lCPaUMNNJaYz14tLbMH
|
||||
4c+lYZJX3PKjfkc5UnteWNsaXTF/vXoALDnaPBRwBFWFfCVsX5XYnQ==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1zhxul786an743u0fascv4wtc5xduu7qfy803lfs539yzhgmlq5ds2lznt5
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKZGpMbC9yVTdObFEyZ1pH
|
||||
a0ZOMXhDVGdFNUNOMmJldjZKTElzdHI2bmljCnJtcEUyY1hDUnczZkFSNGErbEtE
|
||||
Y1lyZnFOVTVIL1FKczJ4dUIwdjg2T0kKLS0tIEpSZmN3YUJDUjB1ZnNtT2hCb3c2
|
||||
ZE5tMXJOYlFMOVNJU3FEZFB4TlZ1U00KHnunzKMy91oc92ptcaKCE1sfkhFGvf0S
|
||||
vRX/nyQnBGqD3X3yfvkt+aQnoLxcjoanpJVM9VeigyPu1mRg0OOxXg==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2026-01-11T17:28:43Z"
|
||||
mac: ENC[AES256_GCM,data:l43vquKg33LndSXOm0hsPcalQRXjqbb30QvptXuBsmQrcEVVh20Aqp92l+rwgv60P03ZtK4SKxm/udVVoqViFTwCLYtCC5GEn4OqbD94LQKzl+XLe7yLWwv2WF8ueu170YpZ97uFxUrhOoaOaKUgnAV+4CocixG5hfadpqA3yYE=,iv:a6RRILzz4gDUuiSZPVoqjlIMu4NZG+D5Q+brusfh9PU=,tag:Y8nKbnctjka44eH15x8oCA==,type:str]
|
||||
pgp:
|
||||
- created_at: "2026-01-11T17:12:49Z"
|
||||
enc: |-
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
hQIMA0av/duuklWYAQ/9EOJGjNnLgEPo+/pP/4TVt8ECLRRbxsjwpnxuRf2QcmtF
|
||||
p+ZnX+X5mBVdriuTUTFyUvPXBPwG2byrc7w/+zZBvYGWdSZgi+ACBRiAzvXMUYUq
|
||||
ZCY6z4v4dkvbbVW2QE1JmzfZFVC4Vdwup6q+OXtXvQe6n2/GgIHRfyMnG3dynldt
|
||||
1cmEY8ujuZzv+St5tInaGod5pZ4i2/RDvQSk7JHtb9LqsyyIKdxYa1Sc8U7WN9qx
|
||||
Ucwo56HZ9tlAvA4nEqYIaZFGM4XDXO3BV6ltsa57dMXJSzYjG8qYB7Z4CCTmn6HL
|
||||
h7A4NK8yj7El5q9EScbSzJQ8LNMYAPhLMhvOGYio/k2Jnn3woioozCdUEvg4aoAT
|
||||
Y+UVyl/O5MrM6ZcgWVQ7gbhYvAHSyiyr5hlEfzjtxwiETkIXFPiWtOpyq1GIYa7w
|
||||
k93OvrFbbTevzY2ea4gQh4pmzGDfXEqtBm9DjQwUmiTM877bR/sY4b0HV/CA3Txh
|
||||
Xz22dLp8pfvAtBtHuEARJeQ8DeFslICuZZSiDscNe63dqxg9tWmwFqWecOGb5DXG
|
||||
xEbLTyO0YBESsk3jt7JCtx8Dfnb9fVOqCiQN2Ywd1TkSMnM1H627MpaZJNKEXQPT
|
||||
+gWa7QqthW84Vc42wuAYmLAw+1Ob/BgPojogV8XUIr2johzp1tY2jdsDJko84PPS
|
||||
XgEprHVVj49JHRR5ixjJwoO4WbYsN4Tqej7I2Ns00tCzHAKPFQvFlHNLt1CrM88X
|
||||
0HRLTEn7z1F5r54inNP0DIvDJlTSqJdJDA5k0HChQA7by2le+ERpvI4CmTkNyvk=
|
||||
=c+Rd
|
||||
-----END PGP MESSAGE-----
|
||||
fp: F7D37890228A907440E1FD4846B9228E814A2AAC
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.11.0
|
||||
@@ -4,91 +4,86 @@ gitea:
|
||||
beta: ENC[AES256_GCM,data:HmdjBvW8eO5MkzXf7KEzSNQAptF/RKN8Bh03Ru7Ru/Ky+eJJtk91aqSSIjFa+Q==,iv:Hz9HE3U6CFfZFcPmYMd6wSzZkSvszt92L2gV+pUlMis=,tag:LG3NfsS7B1EdRFvnP3XESQ==,type:str]
|
||||
epsilon: ENC[AES256_GCM,data:wfGxwWwDzb6AJaFnxe/93WNZGtuTpCkLci/Cc5MTCTKJz6XlNuy3m/1Xsnw0hA==,iv:I6Zl+4BBAUTXym2qUlFfdnoLTHShu+VyxPMjRlFzMis=,tag:jjTyZs1Nzqlhjd8rAldxDw==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
azure_kv: []
|
||||
hc_vault: []
|
||||
age:
|
||||
- recipient: age1hffjafs4slznksefmtqrlj7rdaqgzqncn4un938rhr053237ry8s3rs0v8
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQYkhoL1F0VHhTN3ZKYnha
|
||||
eFJtSTlOalFEejNqdlRQWkZsQlRjTUZrMm5nCkFRbEpTNkk4UGdDRjI0TDdiaG1v
|
||||
WUZ6eTQ0TzFNRFBudVMrN1QzN2MwaGMKLS0tIEFNQmVlSHJ3ZWtPZ2d0VldWTlhy
|
||||
YjNac29pT1RPazc4THcvQTI5dmVrbGcKp2TJ4NfI6x/C9LHj5e7VZ3PQHNUsF4FN
|
||||
yDmgTG2ys/k8vzN1j1dFdt+FA6NBkk5KBIoZYtP0vLKxotQWsAwI6g==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBIYVl6ZnI5TkhxK0JKNnlL
|
||||
WE5YZUZ2T1JEbCtvSVUxemZ1QUs4R2pjMWc0ClJ0cnU0c0d5bU5jWU1aVGd6WE45
|
||||
Wm9OT0xPaTJ3Y2kxMU5RTHdRKy81b2sKLS0tIEx4SkFoV240VUJieWFlc3hRWU1Y
|
||||
SWlwZnNOT3paRHRsTC9CQUp5SlBvTncKdcMI8pWtsfBpgeUagOmZUXIC6svkfmwE
|
||||
QF3GpWZgeVvo8e2oT2kBjerCDlUlzd0jJ8aK+B56xifTm7ii3oCAIA==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1ug30gg4y7ftuya0wdv7q0vh4egn00wlv2th7mt7cgc2ze46wmvyq9lq6ge
|
||||
- recipient: age17tagmpwqjk3mdy45rfesrfey6h863x8wfq38wh33tkrlrywxducs0k6tpq
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxU21sVGNlWlZnOXZDcWk3
|
||||
NXZkR0VZNXE5cXlLdDB4YzVmUVFjUE1SUmpNCkU1MVQxUEMwSkZXdW1YcnZ2Uzh6
|
||||
QmxlanEzU3MxK1NlVzc4QkU3a0x1QlEKLS0tIEw5Sm5PcXkzQ0xGRmo3RDFOa3Zm
|
||||
VVF0Y1dRQVI1RGxkMVNPT1g3MFR6aU0KR8ubYMWQunbwnFcMUlRJzvHM3i6YiPVU
|
||||
4G2DHZDG8+DJvyALNaOFav86pSSLn/+OtzxC15U+i66J6oWAcaYZUQ==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3QVBaQWlSZk43dEtHVWF1
|
||||
WmFBcmx3eFUvU2lrd0RCUGx3a2hDWHEzTUR3Cm9BclM3OU9SUnpySDZJZHRudmtO
|
||||
Ulp5OEZvZmMyRGJvQXJnUDVLdVRJUVkKLS0tIHE3M3MycE9pU1huYUREN3luWEZV
|
||||
WlNuN3BWeHhqL1dEOUJBSVNTaVJ3eTgKb5MRfeaay22PI9V5hni5mhnb0QF8PG8H
|
||||
bKWbc2SwdMNolrxhUiiIhdppEtXGHqLyBel786tuOdtEwVcy+m/rtA==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1mrnldl334l2nszuta6ywvewng0fswv2dz9l5g4qcwe3nj4yxf92qjskdx6
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSByN3JLYnNCYUJNWS9hWHJY
|
||||
YmpXeUFUZlpodDNnTEgrb3ZXK1BEczdlUEhJCjFCMlpwd2c5dGUyR1VXNjM1MFNR
|
||||
aWJXUkNWS3RYK2FaZzFxM2luWEtwV0UKLS0tIHBJNTVGUitNQnpNa0lEakU4QitJ
|
||||
THJ2ZU1paGdhUUhTMitGZTg4WG1WU28KvqBTNQn36JvCDuJFIg7cA/9UagFCv7bA
|
||||
wFCg7K/Ldc+j6ZMz4rqBgGP9US9M8SJAsAU1ZakX3gh5K2hibTpVvg==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQaDB6enozMFpqcWxFdU93
|
||||
MEg5RTRzZExzWGppenlBTlZZRlpqWDBPT0UwCnhOaXI5R3Jrd0hWY0xqc1VXaDJZ
|
||||
TUxwSTZDcHd0bnZPR2N2d0JVTUJONnMKLS0tIENzOW9PM0tQSndVNmF1bTZ4anpw
|
||||
b1RzL0NEOWg0dGZUa0Jpd3hiTlRGSm8KleRV5c/Xoe0B1VtnR3y0sgXpmhMS8pKl
|
||||
TWaAQTRlM9X2Pk5M/J/bu369ncmw/kycJKjK6W1yluaGwBNuEP+K4Q==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1hmpdk4h69wxpwqk9tkud39f66hprhehxtzhgw97r6dvr7v0mx5jscsuhkn
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLUy9QUHFnTEdyWXJQbmtl
|
||||
dzdDRkRxejM5Rm5ZWGZrQklDSEoxWmtnL0FZCnlvbE52RlJFL3VtNUhoN1pVY3lL
|
||||
OEh6UU4xdm8xenVYQUlyVExmTDA1cEEKLS0tIE91ZUk5dzlxT1N4d2lMTFRaT2N2
|
||||
OERvK25YdEZEd0FicmFQV1lLaEdlZE0KITNdS3ekChSbKyjSS55A//xBbpdfUOMD
|
||||
QojnqFcYaBzv7CrM+tKh1bepkUKwncg+tzuc0uoCgQoRDjEVloQuIg==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0N1JvRVE0Y0xOMERMVXdB
|
||||
enZiNk1DZTJTUnluRVBIWm9WNmFPc21rU0FZCjBIeHErSHgveFFFdk9ybWwrRXZG
|
||||
WGpVcHliUW9Qb3dLb2Q0aWlrZmpiVm8KLS0tIG0wcXJVK2dMeG9NUTFQSzVtY2RG
|
||||
UE1FS3MvSXlxdEtJVWxJVDRFSkRmQkkK/2z7Lu6LVd6RLZAXKs+JsPc+1kcqFAET
|
||||
0zlTTTU0goTBLuXZ7uxFVZtqc1Nmoarf5Ksm/zcZ2B80P5ox9CzcWQ==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1wrssr4z4g6vl3fd3qme5cewchmmhm0j2xe6wf2meu4r6ycn37anse98mfs
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBzS1hiWVVqRzFlS0JjQzQr
|
||||
dnprcExlQyt5SC8zZFFCMTMrcEZPT2dLTkZ3CkdZNm9aSFJlR0JpRFAwSW16OVBw
|
||||
KzcwbklvNklLN0U2ckN6NWVwV1NmMkUKLS0tIGhXcUlOYzdkbUdzV3B0QWx4M3dj
|
||||
OUIwMFR1ZDVxWURIbzJzRXpZVVEreDgKSpQ23S+criRsNhT5WP6IxyoRXKMjZNr/
|
||||
8ZK6MvGpCw9oRlNciVOJP6uEcHXZ89FSzqfRB4C+pLOKFlH88XSftA==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB4SFpKcVBTTlp3SXhVaGQy
|
||||
QVVEV3h6dTZVcmx6aFc1eHF4UzJPbXQ2RnhvCkZiOEYydWhCYUtwcUdieGpBeTZh
|
||||
Z3dYVno5bFNkOUszNHBJNTdQWS9jUTQKLS0tIEhPVEdLK0RaclVvdklFNUJCcHNi
|
||||
OXVobVJCTjhQZ2RTQ21xK2dUY0h5RGcKcPBgD5FIWuyQBhmPt5aqrWgEG1tzhtr0
|
||||
gVyLxgtMFGeeShjdpivgcWI/GZZlhWJilJOoZo7f6TknvCIIKsrUSA==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1zhxul786an743u0fascv4wtc5xduu7qfy803lfs539yzhgmlq5ds2lznt5
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA1aGdBSFVjakJvSE42NkhI
|
||||
dUgzcENnMXJOTGFQdkQra1MyNU5KYkJzSlNFCkl0VFdnb21uWkdsd28rVXBsQ0Nj
|
||||
K09VT2FRU3JjZXM5UzZYeTJ4eTRNZXMKLS0tIE9HcFNjeDRZMlpYZlRBYnJyaExY
|
||||
QlVIRXJnSHpBb0hNUzZsRXB1eTdFUG8KsmZLEJHlA9rtxp3PpQDdmtI8L39ollvy
|
||||
DKpfZjCTqj8fbNMHiIhCr0G515w0Ad++bS2DbIbPfZLufiAEuOW00Q==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1sqs7urnzsdy64efmd0zukzv3gs5pnjksuxd7nqmdwdy5l0nqnunq6hyune
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0Ny9xTUpqZitYZXRDTjE0
|
||||
am1XM1NkbXpPT1ZxM0tZd3Y5KzU2YjdwZ21nCjRySEJmMjAzcXUzSEFPMWtoQ1hn
|
||||
UFdkTjNsMFBxYkVocjBUR1NURE15RlEKLS0tIGUwRG0rc3dZSWlLVHZpUzArTWZx
|
||||
NmZOSGhlNlpiUzF6R29haGFaRVYyWjAKWjde4l2J5wb8zn5JBP5ETReRBni6DFwj
|
||||
1uKU5ecrRrTwNkHGPPSifRB5HdC77PWe1ZLWZhHGmSXFan8fnKGc1Q==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBYWlhiS1dxekZGZkRCQU9O
|
||||
SktHRHRXL2VhNUJSRVhBeEM5UEZ1R0pFdXdrCnZQOUZaYitpSlJ0aXFpZXFrRFJj
|
||||
MmZiLytvekZtVXYzamJDakc1RjdIREEKLS0tICtiOTZMRGZuWEdHTmZwRjZ2dUNT
|
||||
aU4xWjVYYlNvSmYxajVGdzk5dTQ4WG8Klq12bSegsW29xp4qteuCB5Tzis6EhVCk
|
||||
53jqtYe5UG9MjFVQYiSi2jJz5/dxfqSINMZ/Y/EB5LxbwgbFws8Yuw==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2024-12-12T12:20:19Z"
|
||||
mac: ENC[AES256_GCM,data:D9/NAd/zrF6pHFdZjTUqI+u4WiwJqt0w5Y+SYCS1o/dAXJE/ajHzse/vCSGXZIjP0yqe+S/NyTvhf+stw2B4dk6Njtabjd+PhG0hR4L0X07FtFqzB3u5pLHCb0bH9QLG5zWcyMkwNiNTCvhRUZzbcqLEGqqJ7ZjZAEUfYSR+Jls=,iv:5xPfODPxtQjgbl8delUHsmhD0TI2gHjrxpHV+qiFE00=,tag:HHLo5G8jhy/sKB3R+sKmwQ==,type:str]
|
||||
pgp:
|
||||
- created_at: "2026-01-16T06:34:52Z"
|
||||
- created_at: "2024-12-09T21:17:27Z"
|
||||
enc: |-
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
hQIMA0av/duuklWYARAAmHD3R6tDuGGv1VTJ6S/HjLcVlt0+kXOmcjlqMMa8xA6l
|
||||
L3hRSlJz5RGVgNny+AJvj1X7l8pzLMKvufShiNEwkG1dIDLGQqg0msJkhXVB5rIZ
|
||||
a8eG8zne3rYy9rb4MHJM6pvIK76PnzxoqltDYzmk+xXhGfTfcQ2ebc4NDeZPXllA
|
||||
mS6TyqLabR6aI9O3eXqTDdgXtOqvMuces0MZ7T/1RT6wfG8QxZNHW/PZLicMYVLC
|
||||
ouojMBpDgHg5XSa2rk2apukphIxm26Y7tJ/ZZVFTTuS+H9h5In815l26Dl84+aDI
|
||||
i34deyKq2QkVesZV+rhPfOMD5AsaW3NzQD0Qlsg4DLk9qXofsGxS9lP+m6L2yKws
|
||||
iA3JKskLC62boFFAlvsAuot/UNKGdYusDvy1Ez3N7B7aITFawyN34md/7q7fcyOh
|
||||
oDtsV9eGtlQfYDM0ZM1vkE4MPF1Yt1Ozdyxf8oI+ymSywLYV8sB8V5m15ureRfnC
|
||||
Zl+sR/m8Qa52Du/RgxzuTElkF8hYK/3Vmiq4WneZq8YXslPgEmFbdWvhD643H843
|
||||
Ml/k9zcLjx0xB2KW8nr60WTFx2dqbQlTMrWMXSj9qSfEwg2M3ZlOav1Hlm8M/g7x
|
||||
vtOvxgg6sZmFJGgt8BwFib2OD9Rt6w+Qj++vAZnT87xthiGkkbMgDq5SPCi5h8XS
|
||||
XAHnlbcp3okHQaJHxA7i2c1wt8BjZlF75B2STsi3F5KGrM/NONGSsbRcgnZUopx0
|
||||
emOo0W/1Ouq14juHG5aDwHOA8Uh5pNCT5RxeqO83ACXDYaYHU9qM0eorqfRD
|
||||
=N3eL
|
||||
hQIMA0av/duuklWYARAAv2XS2jzoymOzpRHquUbYpUtbIeKXhPS8i9uk2zBvSKnr
|
||||
b/jZCpvtkCcSz1UFm+HzSn/i1eNkj9ghObisifvqY6JbO0DIa1jFlx1TfE9pj8dE
|
||||
rrNTsYfxNwdGOvklPBHm3vKY5qPiGlE71TaKkJcO79vE5jxwhUqzWI9SWAZY3cFw
|
||||
IVJN44DT0I4ctTlwPM9eAYYodL8QP8OMXHJ/mjI4SPODRsvrOyy6rpip40Q+dU/N
|
||||
DwRupzrRlxJ8BDSh/x6J/AryZSwkmChX9cYyGaDknJ3ONQ0XLhVUtLkAvPWtWeow
|
||||
6NVHmUOJ39ockT1clhYy2P5rQTraZESuI7vaSS9zVIuScBnJwbSRZ5xgxSD6Fj+C
|
||||
Y/JyogXa8FtyG6xeMgIwW7t/m/rbXL5OkP4w8D+CJs+4I55WXz054XOZ937EisVH
|
||||
XAlNBIHixjQVckbb+sS7rEmegfoC+rvOXA0irpwXFiapAbMGUePCwQHdSBMP8orC
|
||||
Tb3E8kqHATN40b8CpUBcPw6HCQKmbhe8o+R8NG6TZh6JH7kSztl2+SIIuMzhDflr
|
||||
1AphY047Ku2RANaWfo+xyVZMWgAQcnoaUOeYaHJ9nZ7f2klJ3fnRtdXJn1gcO3i3
|
||||
NZVRjjYHJgzCVCIZJa1b1TMGep84naF7NmRkNlS4wyv6MXGqSpHHZUGUBAQOCMPS
|
||||
XAEqjZt8va0LKtsPsBOTGQDuzTar+2069fu6TjS07mJM2sTp/G8bGBnvjc0TIplZ
|
||||
M5FOiCilI9yX7vQ0O3LUKJW5zELWnW2d+3okpGjgkr0BFERtM7BMCp6nxR6+
|
||||
=rEY5
|
||||
-----END PGP MESSAGE-----
|
||||
fp: F7D37890228A907440E1FD4846B9228E814A2AAC
|
||||
unencrypted_suffix: _unencrypted
|
||||
|
||||
@@ -5,7 +5,6 @@ pkgs.mkShellNoCC {
|
||||
jq
|
||||
gum
|
||||
sops
|
||||
ssh-to-age
|
||||
gnupg
|
||||
statix
|
||||
openstackclient
|
||||
|
||||
@@ -1,264 +0,0 @@
|
||||
{ config, pkgs, lib, values, ... }:
|
||||
let
|
||||
inherit
|
||||
(config.lib.topology)
|
||||
mkInternet
|
||||
mkRouter
|
||||
mkSwitch
|
||||
mkDevice
|
||||
mkConnection
|
||||
mkConnectionRev;
|
||||
in {
|
||||
imports = [
|
||||
./non-nixos-machines.nix
|
||||
];
|
||||
|
||||
### Networks
|
||||
|
||||
networks.pvv = {
|
||||
name = "PVV Network";
|
||||
cidrv4 = values.ipv4-space;
|
||||
cidrv6 = values.ipv6-space;
|
||||
};
|
||||
|
||||
networks.site-vpn = {
|
||||
name = "OpenVPN Site to Site";
|
||||
style = {
|
||||
primaryColor = "#9dd68d";
|
||||
secondaryColor = null;
|
||||
pattern = "dashed";
|
||||
};
|
||||
};
|
||||
|
||||
networks.ntnu = {
|
||||
name = "NTNU";
|
||||
cidrv4 = values.ntnu.ipv4-space;
|
||||
cidrv6 = values.ntnu.ipv6-space;
|
||||
};
|
||||
|
||||
nodes.internet = mkInternet {
|
||||
connections = mkConnection "ntnu" "wan1";
|
||||
};
|
||||
|
||||
nodes.ntnu = mkRouter "NTNU" {
|
||||
interfaceGroups = [ ["wan1"] ["eth1" "eth2" "eth3"] ];
|
||||
connections.eth1 = mkConnection "ntnu-pvv-router" "wan1";
|
||||
connections.eth2 = mkConnection "ntnu-veggen" "wan1";
|
||||
connections.eth3 = mkConnection "stackit" "*";
|
||||
interfaces.eth1.network = "ntnu";
|
||||
};
|
||||
|
||||
### Brus
|
||||
|
||||
nodes.ntnu-pvv-router = mkRouter "NTNU PVV Gateway" {
|
||||
interfaceGroups = [ ["wan1"] ["eth1"] ];
|
||||
connections.eth1 = mkConnection "knutsen" "em1";
|
||||
interfaces.eth1.network = "pvv";
|
||||
};
|
||||
|
||||
nodes.knutsen = mkRouter "knutsen" {
|
||||
deviceIcon = "${pkgs.super-tiny-icons}/share/icons/SuperTinyIcons/svg/freebsd.svg";
|
||||
|
||||
interfaceGroups = [ ["em0"] ["em1"] ["vpn1"] ];
|
||||
|
||||
connections.em0 = mkConnection "nintendo" "eth0";
|
||||
|
||||
# connections.vpn1 = mkConnection "ludvigsen" "vpn1";
|
||||
interfaces.vpn1.network = "site-vpn";
|
||||
interfaces.vpn1.virtual = true;
|
||||
interfaces.vpn1.icon = "${pkgs.super-tiny-icons}/share/icons/SuperTinyIcons/svg/openvpn.svg";
|
||||
|
||||
interfaces.em0.network = "pvv";
|
||||
interfaces.em1.network = "ntnu";
|
||||
};
|
||||
|
||||
nodes.nintendo = mkSwitch "Nintendo (brus switch)" {
|
||||
interfaceGroups = [ (lib.genList (i: "eth${toString i}") 16) ];
|
||||
|
||||
connections = let
|
||||
connections' = [
|
||||
(mkConnection "bekkalokk" "enp2s0")
|
||||
# (mkConnection "bicep" "enp6s0f0") # NOTE: physical machine is dead at the moment
|
||||
(mkConnection "buskerud" "eth1")
|
||||
# (mkConnection "knutsen" "eth1")
|
||||
(mkConnection "powerpuff-cluster" "eth1")
|
||||
(mkConnection "lupine-1" "enp0s31f6")
|
||||
(mkConnection "lupine-2" "enp0s31f6")
|
||||
(mkConnection "lupine-3" "enp0s31f6")
|
||||
(mkConnection "lupine-4" "enp0s31f6")
|
||||
(mkConnection "lupine-5" "enp0s31f6")
|
||||
(mkConnection "innovation" "em0")
|
||||
(mkConnection "microbel" "eth0")
|
||||
(mkConnection "isvegg" "eth0")
|
||||
(mkConnection "ameno" "eth0")
|
||||
(mkConnection "sleipner" "eno0")
|
||||
];
|
||||
in
|
||||
assert (lib.length connections' <= 15);
|
||||
builtins.listToAttrs (
|
||||
lib.zipListsWith
|
||||
(a: b: lib.nameValuePair a b)
|
||||
(lib.genList (i: "eth${toString (i + 1)}") 15)
|
||||
connections'
|
||||
);
|
||||
};
|
||||
|
||||
nodes.bekkalokk.hardware.info = "Supermicro X9SCL/X9SCM";
|
||||
|
||||
nodes.lupine-1.hardware.info = "Dell OptiPlex 7040";
|
||||
# nodes.lupine-2.hardware.info = "Dell OptiPlex 5050";
|
||||
nodes.lupine-3.hardware.info = "Dell OptiPlex 5050";
|
||||
nodes.lupine-4.hardware.info = "Dell OptiPlex 5050";
|
||||
# nodes.lupine-5.hardware.info = "Dell OptiPlex 5050";
|
||||
|
||||
nodes.buskerud = mkDevice "buskerud" {
|
||||
deviceIcon = ./icons/proxmox.svg;
|
||||
interfaceGroups = [ [ "eth1" ] ];
|
||||
|
||||
interfaces.eth1.network = "pvv";
|
||||
|
||||
services = {
|
||||
proxmox = {
|
||||
name = "Proxmox web interface";
|
||||
info = "https://buskerud.pvv.ntnu.no:8006/";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
nodes.shark = {
|
||||
guestType = "proxmox";
|
||||
parent = config.nodes.buskerud.id;
|
||||
|
||||
interfaces.ens18.network = "pvv";
|
||||
};
|
||||
|
||||
### Powerpuff
|
||||
|
||||
nodes.powerpuff-cluster = mkDevice "Powerpuff Cluster" {
|
||||
deviceIcon = ./icons/proxmox.svg;
|
||||
|
||||
hardware.info = "Dell PowerEdge R730 x 3";
|
||||
|
||||
interfaceGroups = [ [ "eth1" ] ];
|
||||
|
||||
services = {
|
||||
proxmox = {
|
||||
name = "Proxmox web interface";
|
||||
details.bubbles.text = "https://bubbles.pvv.ntnu.no:8006/";
|
||||
details.blossom.text = "https://blossom.pvv.ntnu.no:8006/";
|
||||
details.buttercup.text = "https://buttercup.pvv.ntnu.no:8006/";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
nodes.kommode = {
|
||||
guestType = "proxmox";
|
||||
parent = config.nodes.powerpuff-cluster.id;
|
||||
|
||||
interfaces.ens18.network = "pvv";
|
||||
};
|
||||
|
||||
nodes.bicep = {
|
||||
guestType = "proxmox";
|
||||
parent = config.nodes.powerpuff-cluster.id;
|
||||
|
||||
# hardware.info = "HP Proliant DL370G6";
|
||||
|
||||
interfaces.ens18.network = "pvv";
|
||||
};
|
||||
|
||||
nodes.ustetind = {
|
||||
guestType = "proxmox LXC";
|
||||
parent = config.nodes.powerpuff-cluster.id;
|
||||
|
||||
# TODO: the interface name is likely wrong
|
||||
# interfaceGroups = [ [ "eth0" ] ];
|
||||
interfaces.eth0 = {
|
||||
network = "pvv";
|
||||
# mac = "";
|
||||
addresses = [
|
||||
"129.241.210.234"
|
||||
"2001:700:300:1900::234"
|
||||
];
|
||||
gateways = [
|
||||
values.hosts.gateway
|
||||
values.hosts.gateway6
|
||||
];
|
||||
};
|
||||
};
|
||||
|
||||
### PVV
|
||||
|
||||
nodes.ntnu-veggen = mkRouter "NTNU-Veggen" {
|
||||
interfaceGroups = [ ["wan1"] ["eth1"] ];
|
||||
connections.eth1 = mkConnection "ludvigsen" "re0";
|
||||
};
|
||||
|
||||
nodes.ludvigsen = mkRouter "ludvigsen" {
|
||||
deviceIcon = "${pkgs.super-tiny-icons}/share/icons/SuperTinyIcons/svg/freebsd.svg";
|
||||
|
||||
interfaceGroups = [ [ "re0" ] [ "em0" ] [ "vpn1" ] ];
|
||||
|
||||
connections.em0 = mkConnection "pvv-switch" "eth0";
|
||||
|
||||
interfaces.vpn1.network = "site-vpn";
|
||||
interfaces.vpn1.virtual = true;
|
||||
interfaces.vpn1.icon = "${pkgs.super-tiny-icons}/share/icons/SuperTinyIcons/svg/openvpn.svg";
|
||||
|
||||
interfaces.re0.network = "ntnu";
|
||||
interfaces.em0.network = "pvv";
|
||||
};
|
||||
|
||||
nodes.pvv-switch = mkSwitch "PVV Switch (Terminalrommet)" {
|
||||
interfaceGroups = [ (lib.genList (i: "eth${toString i}") 16) ];
|
||||
connections = let
|
||||
connections' = [
|
||||
(mkConnection "brzeczyszczykiewicz" "eno1")
|
||||
(mkConnection "georg" "eno1")
|
||||
(mkConnection "wegonke" "enp4s0")
|
||||
(mkConnection "demiurgen" "eno1")
|
||||
(mkConnection "sanctuary" "ethernet_0")
|
||||
(mkConnection "torskas" "eth0")
|
||||
(mkConnection "skrott" "eth0")
|
||||
(mkConnection "homeassistant" "eth0")
|
||||
(mkConnection "orchid" "eth0")
|
||||
(mkConnection "principal" "em0")
|
||||
];
|
||||
in
|
||||
assert (lib.length connections' <= 15);
|
||||
builtins.listToAttrs (
|
||||
lib.zipListsWith
|
||||
(a: b: lib.nameValuePair a b)
|
||||
(lib.genList (i: "eth${toString (i + 1)}") 15)
|
||||
connections'
|
||||
);
|
||||
};
|
||||
|
||||
|
||||
### Openstack
|
||||
|
||||
nodes.stackit = mkDevice "stackit" {
|
||||
interfaceGroups = [ [ "*" ] ];
|
||||
|
||||
interfaces."*".network = "ntnu";
|
||||
};
|
||||
|
||||
nodes.ildkule = {
|
||||
guestType = "openstack";
|
||||
parent = config.nodes.stackit.id;
|
||||
|
||||
interfaces.ens4.network = "ntnu";
|
||||
};
|
||||
nodes.wenche = {
|
||||
guestType = "openstack";
|
||||
parent = config.nodes.stackit.id;
|
||||
|
||||
interfaces.ens18.network = "pvv";
|
||||
};
|
||||
nodes.bakke = {
|
||||
guestType = "openstack";
|
||||
parent = config.nodes.stackit.id;
|
||||
|
||||
interfaces.enp2s0.network = "pvv";
|
||||
};
|
||||
}
|
||||
Binary file not shown.
|
Before Width: | Height: | Size: 13 KiB |
Binary file not shown.
|
Before Width: | Height: | Size: 40 KiB |
@@ -1,5 +0,0 @@
|
||||
<?xml version="1.0" encoding="utf-8"?><!-- Uploaded to: SVG Repo, www.svgrepo.com, Generator: SVG Repo Mixer Tools -->
|
||||
<svg width="800px" height="800px" viewBox="0 0 1024 1024" xmlns="http://www.w3.org/2000/svg">
|
||||
<circle cx="512" cy="512" r="512" style="fill:#e57000"/>
|
||||
<path d="M512 497.8 342.7 311.6c6.6-6.6 14.2-11.7 22.9-15.5 8.7-3.8 18.1-5.7 28.1-5.7 10.7.1 20.4 2.2 29.3 6.3 8.9 4.1 16.6 9.8 23.1 17l65.8 71.9 65.4-71.9c6.8-7.2 14.7-12.9 23.6-17 9-4.1 18.7-6.2 29.2-6.3 10 .1 19.4 2 28.1 5.7 8.7 3.8 16.4 8.9 22.9 15.5L512 497.8m0 28.4L342.7 712.4c6.6 6.6 14.2 11.7 22.9 15.5 8.7 3.8 18.1 5.7 28.1 5.7 10.5-.1 20.2-2.2 29.2-6.3s16.9-9.8 23.6-17l65.4-71.9 65.8 71.9c6.5 7.2 14.2 12.9 23.1 17 8.9 4.1 18.6 6.2 29.3 6.3 10-.1 19.4-2 28.1-5.7 8.7-3.8 16.4-8.9 22.9-15.5L512 526.2M497.8 512 370.3 372.2c-7.4-7.9-16-14.1-25.9-18.7-9.8-4.5-20.5-6.8-31.9-6.9-11 .1-21.3 2.2-30.8 6.3-9.6 4.1-17.9 9.8-25.1 16.9L385.9 512 256.5 654.2c7.2 7.4 15.6 13.2 25.1 17.4 9.6 4.2 19.8 6.3 30.8 6.3 11.5-.1 22.2-2.4 32.1-6.9 9.9-4.5 18.5-10.8 25.7-18.7L497.8 512m28.4 0 127.5 140.3c7.2 7.9 15.8 14.1 25.7 18.7 9.9 4.5 20.6 6.8 32.1 6.9 11-.1 21.3-2.2 30.8-6.3 9.6-4.2 17.9-9.9 25.1-17.4L638.1 512l129.4-142.2c-7.2-7.2-15.6-12.8-25.1-16.9-9.6-4.1-19.8-6.2-30.8-6.3-11.4.1-22.1 2.4-31.9 6.9-9.8 4.5-18.5 10.8-25.9 18.7L526.2 512" style="fill:#fff"/>
|
||||
</svg>
|
||||
|
Before Width: | Height: | Size: 1.3 KiB |
@@ -1,402 +0,0 @@
|
||||
{ config, pkgs, lib, values, ... }:
|
||||
let
|
||||
inherit (config.lib.topology) mkDevice;
|
||||
in {
|
||||
nodes.balduzius = mkDevice "balduzius" {
|
||||
guestType = "proxmox";
|
||||
parent = config.nodes.powerpuff-cluster.id;
|
||||
deviceIcon = "${pkgs.super-tiny-icons}/share/icons/SuperTinyIcons/svg/debian.svg";
|
||||
|
||||
interfaceGroups = [ [ "ens18" ] ];
|
||||
interfaces.ens18 = {
|
||||
network = "pvv";
|
||||
mac = "00:0c:29:de:05:0f";
|
||||
addresses = [
|
||||
"129.241.210.192"
|
||||
"2001:700:300:1900::1:42"
|
||||
];
|
||||
gateways = [
|
||||
values.hosts.gateway
|
||||
values.hosts.gateway6
|
||||
];
|
||||
};
|
||||
|
||||
services = {
|
||||
kdc = {
|
||||
name = "Heimdal KDC";
|
||||
info = "kdc.pvv.ntnu.no";
|
||||
details.kdc.text = "0.0.0.0:88";
|
||||
details.kpasswd.text = "0.0.0.0:464";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
nodes.tom = mkDevice "tom" {
|
||||
guestType = "proxmox";
|
||||
parent = config.nodes.powerpuff-cluster.id;
|
||||
deviceIcon = "${pkgs.super-tiny-icons}/share/icons/SuperTinyIcons/svg/debian.svg";
|
||||
|
||||
interfaceGroups = [ [ "ens18" ] ];
|
||||
interfaces.ens18 = {
|
||||
network = "pvv";
|
||||
mac = "00:0c:29:4d:f7:56";
|
||||
addresses = [
|
||||
"129.241.210.180"
|
||||
"2001:700:300:1900::180"
|
||||
];
|
||||
gateways = [
|
||||
values.hosts.gateway
|
||||
values.hosts.gateway6
|
||||
];
|
||||
};
|
||||
|
||||
services = {
|
||||
apache2 = {
|
||||
name = "Apache2 - user websites";
|
||||
info = "www.pvv.ntnu.no/~";
|
||||
details.listen.text = "0.0.0.0:443";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
nodes.hildring = mkDevice "hildring" {
|
||||
guestType = "proxmox";
|
||||
parent = config.nodes.powerpuff-cluster.id;
|
||||
deviceType = "loginbox";
|
||||
deviceIcon = "${pkgs.super-tiny-icons}/share/icons/SuperTinyIcons/svg/debian.svg";
|
||||
|
||||
interfaceGroups = [ [ "eth0" ] ];
|
||||
interfaces.eth0 = {
|
||||
network = "pvv";
|
||||
mac = "00:0c:29:e7:dd:79";
|
||||
addresses = [
|
||||
"129.241.210.176"
|
||||
"2001:700:300:1900::1:9"
|
||||
];
|
||||
gateways = [
|
||||
values.hosts.gateway
|
||||
values.hosts.gateway6
|
||||
];
|
||||
};
|
||||
};
|
||||
|
||||
nodes.drolsum = mkDevice "drolsum" {
|
||||
guestType = "proxmox";
|
||||
parent = config.nodes.powerpuff-cluster.id;
|
||||
deviceType = "loginbox";
|
||||
deviceIcon = "${pkgs.super-tiny-icons}/share/icons/SuperTinyIcons/svg/debian.svg";
|
||||
|
||||
# TODO: the interface name is likely wrong
|
||||
interfaceGroups = [ [ "eth0" ] ];
|
||||
interfaces.eth0 = {
|
||||
network = "pvv";
|
||||
# mac = "";
|
||||
addresses = [
|
||||
"129.241.210.217"
|
||||
"2001:700:300:1900::217"
|
||||
"2001:700:300:1900::1:217"
|
||||
];
|
||||
gateways = [
|
||||
values.hosts.gateway
|
||||
values.hosts.gateway6
|
||||
];
|
||||
};
|
||||
};
|
||||
|
||||
nodes.microbel = mkDevice "microbel" {
|
||||
deviceIcon = "${pkgs.super-tiny-icons}/share/icons/SuperTinyIcons/svg/debian.svg";
|
||||
|
||||
hardware.info = "Supermicro X8ST3";
|
||||
|
||||
interfaceGroups = [ [ "eth0" "eth1" ] ];
|
||||
interfaces.eth0 = {
|
||||
mac = "00:25:90:24:76:2c";
|
||||
addresses = [
|
||||
"129.241.210.179"
|
||||
"2001:700:300:1900::1:2"
|
||||
];
|
||||
gateways = [
|
||||
values.hosts.gateway
|
||||
values.hosts.gateway6
|
||||
];
|
||||
};
|
||||
|
||||
services = {
|
||||
dovecot = {
|
||||
name = "Dovecot";
|
||||
info = "imap.pvv.ntnu.no pop.pvv.ntnu.no";
|
||||
icon = "${pkgs.super-tiny-icons}/share/icons/SuperTinyIcons/svg/dovecot.svg";
|
||||
details.imap.text = "0.0.0.0:993";
|
||||
details.pop3.text = "0.0.0.0:995";
|
||||
};
|
||||
|
||||
exim4 = {
|
||||
name = "Exim4";
|
||||
info = "mail.pvv.ntnu.no mailhost.pvv.ntnu.no";
|
||||
details.smtp.text = "0.0.0.0:25";
|
||||
details.smtps.text = "0.0.0.0:465";
|
||||
details.starttls.text = "0.0.0.0:587";
|
||||
};
|
||||
|
||||
nfs = {
|
||||
name = "NFS";
|
||||
info = "homepvv.pvv.ntnu.no";
|
||||
details.rpcbind.text = "0.0.0.0:111";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
nodes.innovation = mkDevice "innovation" {
|
||||
deviceIcon = "${pkgs.super-tiny-icons}/share/icons/SuperTinyIcons/svg/freebsd.svg";
|
||||
|
||||
hardware.info = "Dell Optiplex 9010";
|
||||
|
||||
interfaceGroups = [ [ "em0" ] ];
|
||||
interfaces.em0 = {
|
||||
mac = "18:03:73:20:18:d3";
|
||||
addresses = [
|
||||
"129.241.210.214"
|
||||
"2001:700:300:1900::1:56"
|
||||
];
|
||||
gateways = [
|
||||
values.hosts.gateway
|
||||
values.hosts.gateway6
|
||||
];
|
||||
};
|
||||
services = {
|
||||
minecraft = {
|
||||
name = "Minecraft";
|
||||
icon = "services.minecraft";
|
||||
info = "minecraft.pvv.ntnu.no";
|
||||
details.listen.text = "0.0.0.0:25565";
|
||||
details.directory.text = "/srv/minecraft-pvv";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
nodes.principal = mkDevice "principal" {
|
||||
deviceIcon = "${pkgs.super-tiny-icons}/share/icons/SuperTinyIcons/svg/freebsd.svg";
|
||||
|
||||
# TODO: the interface name is likely wrong
|
||||
interfaceGroups = [ [ "em0" ] ];
|
||||
interfaces.em0 = {
|
||||
# mac = "";
|
||||
addresses = [
|
||||
"129.241.210.233"
|
||||
"2001:700:300:1900::1:233"
|
||||
];
|
||||
gateways = [
|
||||
values.hosts.gateway
|
||||
values.hosts.gateway6
|
||||
];
|
||||
};
|
||||
};
|
||||
|
||||
nodes.homeassistant = mkDevice "homeassistant" {
|
||||
deviceIcon = "services.home-assistant";
|
||||
|
||||
hardware.info = "Raspberry Pi 4B";
|
||||
|
||||
# TODO: the interface name is likely wrong
|
||||
interfaceGroups = [ [ "eth0" ] ];
|
||||
interfaces.eth0 = {
|
||||
# mac = "";
|
||||
addresses = [
|
||||
"129.241.210.229"
|
||||
"2001:700:300:1900::4:229"
|
||||
];
|
||||
gateways = [
|
||||
values.hosts.gateway
|
||||
values.hosts.gateway6
|
||||
];
|
||||
};
|
||||
};
|
||||
|
||||
nodes.sleipner = mkDevice "sleipner" {
|
||||
deviceIcon = "${pkgs.super-tiny-icons}/share/icons/SuperTinyIcons/svg/debian.svg";
|
||||
|
||||
interfaceGroups = [ [ "eno0" "enp2s0" ] ];
|
||||
interfaces.enp2s0 = {
|
||||
mac = "00:25:90:57:35:8e";
|
||||
addresses = [
|
||||
"129.241.210.193"
|
||||
"2001:700:300:1900:fab:cab:dab:7ab"
|
||||
];
|
||||
gateways = [
|
||||
values.hosts.gateway
|
||||
values.hosts.gateway6
|
||||
];
|
||||
};
|
||||
};
|
||||
|
||||
nodes.isvegg = mkDevice "isvegg" {
|
||||
deviceIcon = "${pkgs.super-tiny-icons}/share/icons/SuperTinyIcons/svg/debian.svg";
|
||||
|
||||
# TODO: the interface name is likely wrong
|
||||
interfaceGroups = [ [ "eth0" ] ];
|
||||
interfaces.eth0 = {
|
||||
# mac = "";
|
||||
addresses = [
|
||||
"129.241.210.175"
|
||||
"2001:700:300:1900::1:a"
|
||||
];
|
||||
gateways = [
|
||||
values.hosts.gateway
|
||||
values.hosts.gateway6
|
||||
];
|
||||
};
|
||||
|
||||
services = {
|
||||
mapcrafter = {
|
||||
name = "Mapcrafter Minecraft Map";
|
||||
info = "http://isvegg.pvv.ntnu.no/kart/";
|
||||
details.directory.text = "/scratch/mckart/kart";
|
||||
};
|
||||
gophernicus = {
|
||||
name = "Gophernicus";
|
||||
info = "gopher://gopher.pvv.ntnu.no/";
|
||||
details.directory.text = "/var/gopher";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
nodes.ameno = mkDevice "ameno" {
|
||||
deviceIcon = "${pkgs.super-tiny-icons}/share/icons/SuperTinyIcons/svg/ubuntu.svg";
|
||||
|
||||
hardware.info = "Raspberry Pi 2B 1.1";
|
||||
|
||||
interfaceGroups = [ [ "eth0" ] ];
|
||||
interfaces.eth0 = {
|
||||
mac = "b8:27:eb:62:1d:d8";
|
||||
addresses = [
|
||||
"129.241.210.230"
|
||||
"129.241.210.211"
|
||||
"129.241.210.153"
|
||||
"2001:700:300:1900:ba27:ebff:fe62:1dd8"
|
||||
"2001:700:300:1900::4:230"
|
||||
];
|
||||
gateways = [
|
||||
values.hosts.gateway
|
||||
values.hosts.gateway6
|
||||
];
|
||||
};
|
||||
services = {
|
||||
bind = {
|
||||
name = "Bind DNS";
|
||||
icon = ./icons/bind9.png;
|
||||
info = "hostmaster.pvv.ntnu.no";
|
||||
details.listen.text = "0.0.0.0:53";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
nodes.skrott = mkDevice "skrott" {
|
||||
# TODO: the interface name is likely wrong
|
||||
interfaceGroups = [ [ "eth0" ] ];
|
||||
interfaces.eth0 = {
|
||||
# mac = "";
|
||||
addresses = [
|
||||
"129.241.210.235"
|
||||
];
|
||||
gateways = [
|
||||
values.hosts.gateway
|
||||
values.hosts.gateway6
|
||||
];
|
||||
};
|
||||
};
|
||||
|
||||
nodes.torskas = mkDevice "torskas" {
|
||||
deviceIcon = "${pkgs.super-tiny-icons}/share/icons/SuperTinyIcons/svg/arch_linux.svg";
|
||||
|
||||
hardware.info = "Raspberry pi 4B";
|
||||
|
||||
# TODO: the interface name is likely wrong
|
||||
interfaceGroups = [ [ "eth0" ] ];
|
||||
interfaces.eth0 = {
|
||||
# mac = "";
|
||||
addresses = [
|
||||
"129.241.210.241"
|
||||
"2001:700:300:1900::241"
|
||||
];
|
||||
gateways = [
|
||||
values.hosts.gateway
|
||||
values.hosts.gateway6
|
||||
];
|
||||
};
|
||||
};
|
||||
|
||||
nodes.wegonke = mkDevice "wegonke" {
|
||||
deviceType = "terminal";
|
||||
deviceIcon = "${pkgs.super-tiny-icons}/share/icons/SuperTinyIcons/svg/debian.svg";
|
||||
|
||||
hardware.info = "ASUSTeK G11CD-K";
|
||||
|
||||
interfaceGroups = [ [ "enp4s0" ] ];
|
||||
interfaces.enp4s0 = {
|
||||
mac = "70:4d:7b:a3:32:57";
|
||||
addresses = [
|
||||
"129.241.210.218"
|
||||
"2001:700:300:1900::1:218"
|
||||
];
|
||||
gateways = [
|
||||
values.hosts.gateway
|
||||
values.hosts.gateway6
|
||||
];
|
||||
};
|
||||
};
|
||||
|
||||
nodes.demiurgen = mkDevice "demiurgen" {
|
||||
deviceType = "terminal";
|
||||
deviceIcon = "${pkgs.super-tiny-icons}/share/icons/SuperTinyIcons/svg/debian.svg";
|
||||
|
||||
interfaceGroups = [ [ "eno1" ] ];
|
||||
interfaces.eno1 = {
|
||||
mac = "18:03:73:1f:f4:1f";
|
||||
addresses = [
|
||||
"129.241.210.201"
|
||||
"2001:700:300:1900::1:4e"
|
||||
];
|
||||
gateways = [
|
||||
values.hosts.gateway
|
||||
values.hosts.gateway6
|
||||
];
|
||||
};
|
||||
};
|
||||
|
||||
nodes.sanctuary = mkDevice "sanctuary" {
|
||||
deviceType = "terminal";
|
||||
deviceIcon = "${pkgs.super-tiny-icons}/share/icons/SuperTinyIcons/svg/windows.svg";
|
||||
|
||||
interfaceGroups = [ [ "ethernet_0" ] ];
|
||||
interfaces.ethernet_0 = {
|
||||
addresses = [
|
||||
"129.241.210.170"
|
||||
"2001:700:300:1900::1337"
|
||||
];
|
||||
gateways = [
|
||||
values.hosts.gateway
|
||||
values.hosts.gateway6
|
||||
];
|
||||
};
|
||||
};
|
||||
|
||||
nodes.orchid = mkDevice "orchid" {
|
||||
deviceType = "terminal";
|
||||
deviceIcon = "${pkgs.super-tiny-icons}/share/icons/SuperTinyIcons/svg/debian.svg";
|
||||
|
||||
hardware.info = "Ryzen1600 Nvidia GTX 1060";
|
||||
|
||||
# TODO: the interface name is likely wrong
|
||||
interfaceGroups = [ [ "eth0" ] ];
|
||||
interfaces.eth0 = {
|
||||
addresses = [
|
||||
"129.241.210.210"
|
||||
"2001:700:300:1900::210"
|
||||
];
|
||||
gateways = [
|
||||
values.hosts.gateway
|
||||
values.hosts.gateway6
|
||||
];
|
||||
};
|
||||
};
|
||||
}
|
||||
@@ -1,13 +0,0 @@
|
||||
{ config, unstablePkgs, lib, ... }:
|
||||
let
|
||||
cfg = config.services.gitea-actions-runner;
|
||||
in
|
||||
{
|
||||
config.topology.self.services = lib.mapAttrs' (name: instance: {
|
||||
name = "gitea-runner-${name}";
|
||||
value = {
|
||||
name = "Gitea runner ${name}";
|
||||
icon = "services.gitea";
|
||||
};
|
||||
}) (lib.filterAttrs (_: instance: instance.enable) cfg.instances);
|
||||
}
|
||||
Some files were not shown because too many files have changed in this diff Show More
Reference in New Issue
Block a user