Compare commits
30 Commits
skrott-cro
...
kommode-di
| Author | SHA1 | Date | |
|---|---|---|---|
f3201b2ce8
|
|||
|
8a84069dcf
|
|||
|
cda84be5b0
|
|||
|
79a46ce3f6
|
|||
|
19e45be83a
|
|||
|
a8892e2fb2
|
|||
|
a149f97ac0
|
|||
|
e76c656378
|
|||
|
5877ef60b1
|
|||
|
73456de527
|
|||
|
2f8e9ea190
|
|||
|
c3c98392ad
|
|||
|
e01fd902eb
|
|||
|
ce8d759f79
|
|||
|
ea6296f47a
|
|||
|
c28fc3f229
|
|||
|
c124183d95
|
|||
|
d7bb316056
|
|||
|
c78c29aaa6
|
|||
|
7d451f1db5
|
|||
|
1d57cec04d
|
|||
|
f50372fabd
|
|||
|
0f355046de
|
|||
|
285f5b6a84
|
|||
|
20eec03cd4
|
|||
|
fffdf77d6f
|
|||
|
42bbb1eca1
|
|||
|
34fdc9159c
|
|||
|
1b6ff9876d
|
|||
|
0206c159a2
|
6
.mailmap
6
.mailmap
@@ -23,3 +23,9 @@ Adrian Gunnar Lauterer <adriangl@pvv.ntnu.no> Adrian Gunnar Lauterer <adrian@lau
|
||||
|
||||
Fredrik Robertsen <frero@pvv.ntnu.no> frero <frero@pvv.ntnu.no>
|
||||
Fredrik Robertsen <frero@pvv.ntnu.no> fredrikr79 <fredrikrobertsen7@gmail.com>
|
||||
Fredrik Robertsen <frero@pvv.ntnu.no> fredrik <fredrikr79@pm.me>
|
||||
|
||||
Vegard Bieker Matthey <vegardbm@pvv.ntnu.no> Vegard Matthey <VegardMatthey@protonmail.com>
|
||||
Vegard Bieker Matthey <vegardbm@pvv.ntnu.no> Vegard Bieker Matthey <VegardMatthey@protonmail.com>
|
||||
|
||||
Albert Bayazidi <albertba@pvv.ntnu.no> Albert <albert.bayazidi@gmail.com>
|
||||
|
||||
@@ -20,6 +20,7 @@ keys:
|
||||
- &host_lupine-3 age1j2u876z8hu87q5npfxzzpfgllyw8ypj66d7cgelmzmnrf3xud34qzkntp9
|
||||
- &host_lupine-4 age1t8zlawqkmhye737pn8yx0z3p9cl947d9ktv2cajdc6hnvn52d3fsc59s2k
|
||||
- &host_lupine-5 age199zkqq4jp4yc3d0hx2q0ksxdtp42xhmjsqwyngh8tswuck34ke3smrfyqu
|
||||
- &host_skrott age1hlvwswsljxsvrtp4leuw8a8rf8l2q6y06xvxtafvzpq54xm9aegs0kqw2e
|
||||
- &host_ustetind age1hffjafs4slznksefmtqrlj7rdaqgzqncn4un938rhr053237ry8s3rs0v8
|
||||
|
||||
creation_rules:
|
||||
@@ -137,6 +138,7 @@ creation_rules:
|
||||
- path_regex: secrets/skrott/[^/]+\.yaml$
|
||||
key_groups:
|
||||
- age:
|
||||
- *host_skrott
|
||||
- *user_danio
|
||||
- *user_felixalb
|
||||
- *user_pederbs_sopp
|
||||
|
||||
@@ -13,6 +13,9 @@
|
||||
# Debug and find files
|
||||
file
|
||||
|
||||
# Process json data
|
||||
jq
|
||||
|
||||
# Check computer specs
|
||||
lshw
|
||||
|
||||
@@ -54,6 +57,8 @@
|
||||
programs.nano.enable = true;
|
||||
# Same reasoning as nano
|
||||
programs.vim.enable = true;
|
||||
# Same reasoning as vim
|
||||
programs.neovim.enable = true;
|
||||
|
||||
# Some people like this shell for some reason
|
||||
programs.zsh.enable = true;
|
||||
|
||||
@@ -8,8 +8,6 @@
|
||||
# Let's not spam LetsEncrypt in `nixos-rebuild build-vm` mode:
|
||||
virtualisation.vmVariant = {
|
||||
security.acme.defaults.server = "https://127.0.0.1";
|
||||
security.acme.preliminarySelfsigned = true;
|
||||
|
||||
users.users.root.initialPassword = "root";
|
||||
};
|
||||
}
|
||||
}
|
||||
|
||||
@@ -28,7 +28,7 @@ in
|
||||
|
||||
# workaround for https://github.com/NixOS/nix/issues/6895
|
||||
# via https://git.lix.systems/lix-project/lix/issues/400
|
||||
environment.etc = lib.mkIf (!config.virtualisation.isVmVariant) {
|
||||
environment.etc = lib.mkIf (!config.virtualisation.isVmVariant && config.system.autoUpgrade.enable) {
|
||||
"current-system-flake-inputs.json".source
|
||||
= pkgs.writers.writeJSON "flake-inputs.json" (
|
||||
lib.flip lib.mapAttrs inputs (name: input:
|
||||
|
||||
@@ -11,5 +11,6 @@
|
||||
};
|
||||
config.virtualisation.vmVariant = {
|
||||
virtualisation.isVmVariant = true;
|
||||
virtualisation.graphics = false;
|
||||
};
|
||||
}
|
||||
|
||||
41
flake.lock
generated
41
flake.lock
generated
@@ -2,17 +2,16 @@
|
||||
"nodes": {
|
||||
"dibbler": {
|
||||
"inputs": {
|
||||
"flake-utils": "flake-utils",
|
||||
"nixpkgs": [
|
||||
"nixpkgs"
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1769362210,
|
||||
"narHash": "sha256-QCQD7Ofin5UYL0i5Sv34gfJ0p5pv1hwZspE/Ufe84L8=",
|
||||
"lastModified": 1769400154,
|
||||
"narHash": "sha256-K0OeXzFCUZTkCBxUDr3U3ah0odS/urtNVG09WDl+HAA=",
|
||||
"ref": "main",
|
||||
"rev": "1d01e1b2cb8fb2adee96c0b4f065c43c45eae290",
|
||||
"revCount": 229,
|
||||
"rev": "8e84669d9bf963d5e46bac37fe9b0aa8e8be2d01",
|
||||
"revCount": 230,
|
||||
"type": "git",
|
||||
"url": "https://git.pvv.ntnu.no/Projects/dibbler.git"
|
||||
},
|
||||
@@ -61,23 +60,6 @@
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"flake-utils": {
|
||||
"inputs": {
|
||||
"systems": "systems"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1731533236,
|
||||
"narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
|
||||
"owner": "numtide",
|
||||
"repo": "flake-utils",
|
||||
"rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"id": "flake-utils",
|
||||
"type": "indirect"
|
||||
}
|
||||
},
|
||||
"gergle": {
|
||||
"inputs": {
|
||||
"nixpkgs": [
|
||||
@@ -479,21 +461,6 @@
|
||||
"repo": "sops-nix",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"systems": {
|
||||
"locked": {
|
||||
"lastModified": 1681028828,
|
||||
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
|
||||
"owner": "nix-systems",
|
||||
"repo": "default",
|
||||
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "nix-systems",
|
||||
"repo": "default",
|
||||
"type": "github"
|
||||
}
|
||||
}
|
||||
},
|
||||
"root": "root",
|
||||
|
||||
57
flake.nix
57
flake.nix
@@ -129,6 +129,7 @@
|
||||
] ++ (lib.optionals enableDefaults [
|
||||
sops-nix.nixosModules.sops
|
||||
inputs.roowho2.nixosModules.default
|
||||
self.nixosModules.rsync-pull-targets
|
||||
]) ++ modules;
|
||||
}
|
||||
(builtins.removeAttrs extraArgs [
|
||||
@@ -146,7 +147,7 @@
|
||||
in {
|
||||
bakke = stableNixosConfig "bakke" {
|
||||
modules = [
|
||||
disko.nixosModules.disko
|
||||
inputs.disko.nixosModules.disko
|
||||
];
|
||||
};
|
||||
bicep = stableNixosConfig "bicep" {
|
||||
@@ -194,6 +195,7 @@
|
||||
];
|
||||
modules = [
|
||||
inputs.nix-gitea-themes.nixosModules.default
|
||||
inputs.disko.nixosModules.disko
|
||||
];
|
||||
};
|
||||
|
||||
@@ -225,17 +227,39 @@
|
||||
inputs.gergle.overlays.default
|
||||
];
|
||||
};
|
||||
skrott = stableNixosConfig "skrott" {
|
||||
crossSystem = "aarch64-linux";
|
||||
}
|
||||
//
|
||||
(let
|
||||
skrottConfig = {
|
||||
modules = [
|
||||
(nixpkgs + "/nixos/modules/installer/sd-card/sd-image-aarch64.nix")
|
||||
inputs.dibbler.nixosModules.default
|
||||
];
|
||||
overlays = [
|
||||
inputs.dibbler.overlays.default
|
||||
(final: prev: {
|
||||
# NOTE: Yeetus (these break crosscompile ¯\_(ツ)_/¯)
|
||||
atool = prev.emptyDirectory;
|
||||
micro = prev.emptyDirectory;
|
||||
ncdu = prev.emptyDirectory;
|
||||
})
|
||||
];
|
||||
};
|
||||
}
|
||||
in {
|
||||
skrott = self.nixosConfigurations.skrott-native;
|
||||
skrott-native = stableNixosConfig "skrott" (skrottConfig // {
|
||||
localSystem = "aarch64-linux";
|
||||
crossSystem = "aarch64-linux";
|
||||
});
|
||||
skrott-cross = stableNixosConfig "skrott" (skrottConfig // {
|
||||
localSystem = "x86_64-linux";
|
||||
crossSystem = "aarch64-linux";
|
||||
});
|
||||
skrott-x86_64 = stableNixosConfig "skrott" (skrottConfig // {
|
||||
localSystem = "x86_64-linux";
|
||||
crossSystem = "x86_64-linux";
|
||||
});
|
||||
})
|
||||
//
|
||||
(let
|
||||
machineNames = map (i: "lupine-${toString i}") (lib.range 1 5);
|
||||
@@ -248,11 +272,12 @@
|
||||
|
||||
nixosModules = {
|
||||
bluemap = ./modules/bluemap.nix;
|
||||
snakeoil-certs = ./modules/snakeoil-certs.nix;
|
||||
snappymail = ./modules/snappymail.nix;
|
||||
robots-txt = ./modules/robots-txt.nix;
|
||||
gickup = ./modules/gickup;
|
||||
matrix-ooye = ./modules/matrix-ooye.nix;
|
||||
robots-txt = ./modules/robots-txt.nix;
|
||||
rsync-pull-targets = ./modules/rsync-pull-targets.nix;
|
||||
snakeoil-certs = ./modules/snakeoil-certs.nix;
|
||||
snappymail = ./modules/snappymail.nix;
|
||||
};
|
||||
|
||||
devShells = forAllSystems (system: {
|
||||
@@ -270,13 +295,14 @@
|
||||
|
||||
packages = {
|
||||
"x86_64-linux" = let
|
||||
pkgs = nixpkgs.legacyPackages."x86_64-linux";
|
||||
system = "x86_64-linux";
|
||||
pkgs = nixpkgs.legacyPackages.${system};
|
||||
in rec {
|
||||
default = important-machines;
|
||||
important-machines = pkgs.linkFarm "important-machines"
|
||||
(lib.getAttrs importantMachines self.packages.x86_64-linux);
|
||||
(lib.getAttrs importantMachines self.packages.${system});
|
||||
all-machines = pkgs.linkFarm "all-machines"
|
||||
(lib.getAttrs allMachines self.packages.x86_64-linux);
|
||||
(lib.getAttrs allMachines self.packages.${system});
|
||||
|
||||
simplesamlphp = pkgs.callPackage ./packages/simplesamlphp { };
|
||||
|
||||
@@ -298,18 +324,23 @@
|
||||
//
|
||||
# Skrott is exception
|
||||
{
|
||||
skrott = self.nixosConfigurations.skrott.config.system.build.sdImage;
|
||||
skrott = self.packages.${system}.skrott-native-sd;
|
||||
skrott-native = self.nixosConfigurations.skrott-native.config.system.build.toplevel;
|
||||
skrott-native-sd = self.nixosConfigurations.skrott-native.config.system.build.sdImage;
|
||||
skrott-cross = self.nixosConfigurations.skrott-cross.config.system.build.toplevel;
|
||||
skrott-cross-sd = self.nixosConfigurations.skrott-cross.config.system.build.sdImage;
|
||||
skrott-x86_64 = self.nixosConfigurations.skrott-x86_64.config.system.build.toplevel;
|
||||
}
|
||||
//
|
||||
# Nix-topology
|
||||
(let
|
||||
topology' = import inputs.nix-topology {
|
||||
pkgs = import nixpkgs {
|
||||
system = "x86_64-linux";
|
||||
inherit system;
|
||||
overlays = [
|
||||
inputs.nix-topology.overlays.default
|
||||
(final: prev: {
|
||||
inherit (nixpkgs-unstable.legacyPackages.x86_64-linux) super-tiny-icons;
|
||||
inherit (nixpkgs-unstable.legacyPackages.${system}) super-tiny-icons;
|
||||
})
|
||||
];
|
||||
};
|
||||
|
||||
@@ -1,17 +1,17 @@
|
||||
{ config, pkgs, lib, ... }:
|
||||
{ pkgs,... }:
|
||||
{
|
||||
# Boot drives:
|
||||
boot.swraid.enable = true;
|
||||
|
||||
# ZFS Data pool:
|
||||
environment.systemPackages = with pkgs; [ zfs ];
|
||||
boot = {
|
||||
zfs = {
|
||||
extraPools = [ "tank" ];
|
||||
requestEncryptionCredentials = false;
|
||||
};
|
||||
supportedFilesystems = [ "zfs" ];
|
||||
kernelPackages = config.boot.zfs.package.latestCompatibleLinuxPackages;
|
||||
supportedFilesystems.zfs = true;
|
||||
# Use stable linux packages, these work with zfs
|
||||
kernelPackages = pkgs.linuxPackages;
|
||||
};
|
||||
services.zfs.autoScrub = {
|
||||
enable = true;
|
||||
|
||||
@@ -28,5 +28,5 @@
|
||||
|
||||
# Don't change (even during upgrades) unless you know what you are doing.
|
||||
# See https://search.nixos.org/options?show=system.stateVersion
|
||||
system.stateVersion = "22.11";
|
||||
system.stateVersion = "25.11";
|
||||
}
|
||||
|
||||
@@ -1,4 +1,4 @@
|
||||
{ pkgs, lib, fp, config, values, pkgs-unstable, ... }: let
|
||||
{ pkgs, lib, fp, config, values, ... }: let
|
||||
cfg = config.services.mediawiki;
|
||||
|
||||
# "mediawiki"
|
||||
@@ -34,6 +34,7 @@ in {
|
||||
services.idp.sp-remote-metadata = [ "https://wiki.pvv.ntnu.no/simplesaml/" ];
|
||||
|
||||
sops.secrets = lib.pipe [
|
||||
"mediawiki/secret-key"
|
||||
"mediawiki/password"
|
||||
"mediawiki/postgres_password"
|
||||
"mediawiki/simplesamlphp/postgres_password"
|
||||
@@ -48,6 +49,24 @@ in {
|
||||
lib.listToAttrs
|
||||
];
|
||||
|
||||
services.rsync-pull-targets = {
|
||||
enable = true;
|
||||
locations.${cfg.uploadsDir} = {
|
||||
user = config.services.root;
|
||||
rrsyncArgs.ro = true;
|
||||
authorizedKeysAttrs = [
|
||||
"restrict"
|
||||
"no-agent-forwarding"
|
||||
"no-port-forwarding"
|
||||
"no-pty"
|
||||
"no-X11-forwarding"
|
||||
];
|
||||
# TODO: create new key on principal
|
||||
enable = false;
|
||||
publicKey = "";
|
||||
};
|
||||
};
|
||||
|
||||
services.mediawiki = {
|
||||
enable = true;
|
||||
name = "Programvareverkstedet";
|
||||
@@ -179,15 +198,15 @@ in {
|
||||
|
||||
# Cache directory for simplesamlphp
|
||||
# systemd.services.phpfpm-mediawiki.serviceConfig.CacheDirectory = "mediawiki/simplesamlphp";
|
||||
systemd.tmpfiles.settings."10-mediawiki"."/var/cache/mediawiki/simplesamlphp".d = {
|
||||
systemd.tmpfiles.settings."10-mediawiki"."/var/cache/mediawiki/simplesamlphp".d = lib.mkIf cfg.enable {
|
||||
user = "mediawiki";
|
||||
group = "mediawiki";
|
||||
mode = "0770";
|
||||
};
|
||||
|
||||
users.groups.mediawiki.members = [ "nginx" ];
|
||||
users.groups.mediawiki.members = lib.mkIf cfg.enable [ "nginx" ];
|
||||
|
||||
services.nginx.virtualHosts."wiki.pvv.ntnu.no" = {
|
||||
services.nginx.virtualHosts."wiki.pvv.ntnu.no" = lib.mkIf cfg.enable {
|
||||
kTLS = true;
|
||||
forceSSL = true;
|
||||
enableACME = true;
|
||||
@@ -233,4 +252,20 @@ in {
|
||||
};
|
||||
|
||||
};
|
||||
|
||||
systemd.services.mediawiki-init = lib.mkIf cfg.enable {
|
||||
after = [ "sops-install-secrets.service" ];
|
||||
serviceConfig = {
|
||||
BindReadOnlyPaths = [ "/run/credentials/mediawiki-init.service/secret-key:/var/lib/mediawiki/secret.key" ];
|
||||
LoadCredential = [ "secret-key:${config.sops.secrets."mediawiki/secret-key".path}" ];
|
||||
};
|
||||
};
|
||||
|
||||
systemd.services.phpfpm-mediawiki = lib.mkIf cfg.enable {
|
||||
after = [ "sops-install-secrets.service" ];
|
||||
serviceConfig = {
|
||||
BindReadOnlyPaths = [ "/run/credentials/phpfpm-mediawiki.service/secret-key:/var/lib/mediawiki/secret.key" ];
|
||||
LoadCredential = [ "secret-key:${config.sops.secrets."mediawiki/secret-key".path}" ];
|
||||
};
|
||||
};
|
||||
}
|
||||
|
||||
@@ -3,13 +3,21 @@ let
|
||||
galleryDir = config.services.pvv-nettsiden.settings.GALLERY.DIR;
|
||||
transferDir = "${config.services.pvv-nettsiden.settings.GALLERY.DIR}-transfer";
|
||||
in {
|
||||
users.users.${config.services.pvv-nettsiden.user} = {
|
||||
useDefaultShell = true;
|
||||
|
||||
# This is pushed from microbel:/var/www/www-gallery/build-gallery.sh
|
||||
openssh.authorizedKeys.keys = [
|
||||
''command="${pkgs.rrsync}/bin/rrsync -wo ${transferDir}",restrict,no-agent-forwarding,no-port-forwarding,no-pty,no-X11-forwarding ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIjHhC2dikhWs/gG+m7qP1eSohWzTehn4ToNzDSOImyR gallery-publish''
|
||||
];
|
||||
# This is pushed from microbel:/var/www/www-gallery/build-gallery.sh
|
||||
services.rsync-pull-targets = {
|
||||
enable = true;
|
||||
locations.${transferDir} = {
|
||||
user = config.services.pvv-nettsiden.user;
|
||||
rrsyncArgs.wo = true;
|
||||
authorizedKeysAttrs = [
|
||||
"restrict"
|
||||
"no-agent-forwarding"
|
||||
"no-port-forwarding"
|
||||
"no-pty"
|
||||
"no-X11-forwarding"
|
||||
];
|
||||
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIjHhC2dikhWs/gG+m7qP1eSohWzTehn4ToNzDSOImyR gallery-publish";
|
||||
};
|
||||
};
|
||||
|
||||
systemd.paths.pvv-nettsiden-gallery-update = {
|
||||
|
||||
@@ -6,7 +6,11 @@ Contact: mailto:cert@pvv.ntnu.no
|
||||
Preferred-Languages: no, en
|
||||
|
||||
Expires: 2032-12-31T23:59:59.000Z
|
||||
# This file was last updated 2024-09-14.
|
||||
# This file was last updated 2026-02-27.
|
||||
|
||||
# You can find a wikipage for our security policies at:
|
||||
# https://wiki.pvv.ntnu.no/wiki/CERT
|
||||
|
||||
# Please note that we are a student organization, and unfortunately we do not
|
||||
# have a bug bounty program or offer monetary compensation for disclosure of
|
||||
# security vulnerabilities.
|
||||
|
||||
@@ -30,5 +30,5 @@
|
||||
|
||||
# Don't change (even during upgrades) unless you know what you are doing.
|
||||
# See https://search.nixos.org/options?show=system.stateVersion
|
||||
system.stateVersion = "22.11";
|
||||
system.stateVersion = "25.11";
|
||||
}
|
||||
|
||||
@@ -37,6 +37,7 @@ in {
|
||||
# element call group calls
|
||||
feature_group_calls = true;
|
||||
};
|
||||
default_country_code = "NO";
|
||||
default_theme = "dark";
|
||||
# Servers in this list should provide some sort of valuable scoping
|
||||
# matrix.org is not useful compared to matrixrooms.info,
|
||||
|
||||
@@ -14,6 +14,10 @@ in
|
||||
sopsFile = fp /secrets/bicep/matrix.yaml;
|
||||
key = "hookshot/hs_token";
|
||||
};
|
||||
sops.secrets."matrix/hookshot/passkey" = {
|
||||
sopsFile = fp /secrets/bicep/matrix.yaml;
|
||||
key = "hookshot/passkey";
|
||||
};
|
||||
|
||||
sops.templates."hookshot-registration.yaml" = {
|
||||
owner = config.users.users.matrix-synapse.name;
|
||||
@@ -44,9 +48,14 @@ in
|
||||
};
|
||||
|
||||
systemd.services.matrix-hookshot = {
|
||||
serviceConfig.SupplementaryGroups = [
|
||||
config.users.groups.keys-matrix-registrations.name
|
||||
];
|
||||
serviceConfig = {
|
||||
SupplementaryGroups = [
|
||||
config.users.groups.keys-matrix-registrations.name
|
||||
];
|
||||
LoadCredential = [
|
||||
"passkey.pem:${config.sops.secrets."matrix/hookshot/passkey".path}"
|
||||
];
|
||||
};
|
||||
};
|
||||
|
||||
services.matrix-hookshot = {
|
||||
@@ -54,6 +63,8 @@ in
|
||||
package = unstablePkgs.matrix-hookshot;
|
||||
registrationFile = config.sops.templates."hookshot-registration.yaml".path;
|
||||
settings = {
|
||||
passFile = "/run/credentials/matrix-hookshot.service/passkey.pem";
|
||||
|
||||
bridge = {
|
||||
bindAddress = "127.0.0.1";
|
||||
domain = "pvv.ntnu.no";
|
||||
@@ -61,6 +72,7 @@ in
|
||||
mediaUrl = "https://matrix.pvv.ntnu.no";
|
||||
port = 9993;
|
||||
};
|
||||
|
||||
listeners = [
|
||||
{
|
||||
bindAddress = webhookListenAddress;
|
||||
@@ -73,6 +85,7 @@ in
|
||||
];
|
||||
}
|
||||
];
|
||||
|
||||
generic = {
|
||||
enabled = true;
|
||||
outbound = true;
|
||||
|
||||
@@ -27,6 +27,24 @@ in {
|
||||
'';
|
||||
};
|
||||
|
||||
services.rsync-pull-targets = {
|
||||
enable = true;
|
||||
locations.${cfg.settings.media_store_path} = {
|
||||
user = config.services.root;
|
||||
rrsyncArgs.ro = true;
|
||||
authorizedKeysAttrs = [
|
||||
"restrict"
|
||||
"no-agent-forwarding"
|
||||
"no-port-forwarding"
|
||||
"no-pty"
|
||||
"no-X11-forwarding"
|
||||
];
|
||||
# TODO: create new key on principal
|
||||
enable = false;
|
||||
publicKey = "";
|
||||
};
|
||||
};
|
||||
|
||||
services.matrix-synapse-next = {
|
||||
enable = true;
|
||||
|
||||
|
||||
@@ -1,4 +1,8 @@
|
||||
{ pkgs, lib, config, values, ... }:
|
||||
{ config, pkgs, lib, values, ... }:
|
||||
let
|
||||
cfg = config.services.mysql;
|
||||
dataDir = "/data/mysql";
|
||||
in
|
||||
{
|
||||
sops.secrets."mysql/password" = {
|
||||
owner = "mysql";
|
||||
@@ -9,7 +13,6 @@
|
||||
|
||||
services.mysql = {
|
||||
enable = true;
|
||||
dataDir = "/data/mysql";
|
||||
package = pkgs.mariadb;
|
||||
settings = {
|
||||
mysqld = {
|
||||
@@ -36,20 +39,34 @@
|
||||
}];
|
||||
};
|
||||
|
||||
services.mysqlBackup = {
|
||||
services.mysqlBackup = lib.mkIf cfg.enable {
|
||||
enable = true;
|
||||
location = "/var/lib/mysql/backups";
|
||||
};
|
||||
|
||||
networking.firewall.allowedTCPPorts = [ 3306 ];
|
||||
networking.firewall.allowedTCPPorts = lib.mkIf cfg.enable [ 3306 ];
|
||||
|
||||
systemd.services.mysql.serviceConfig = {
|
||||
IPAddressDeny = "any";
|
||||
IPAddressAllow = [
|
||||
values.ipv4-space
|
||||
values.ipv6-space
|
||||
values.hosts.ildkule.ipv4
|
||||
values.hosts.ildkule.ipv6
|
||||
systemd.tmpfiles.settings."10-mysql".${dataDir}.d = lib.mkIf cfg.enable {
|
||||
inherit (cfg) user group;
|
||||
mode = "0700";
|
||||
};
|
||||
|
||||
systemd.services.mysql = lib.mkIf cfg.enable {
|
||||
after = [
|
||||
"systemd-tmpfiles-setup.service"
|
||||
"systemd-tmpfiles-resetup.service"
|
||||
];
|
||||
|
||||
serviceConfig = {
|
||||
BindPaths = [ "${dataDir}:${cfg.dataDir}" ];
|
||||
|
||||
IPAddressDeny = "any";
|
||||
IPAddressAllow = [
|
||||
values.ipv4-space
|
||||
values.ipv6-space
|
||||
values.hosts.ildkule.ipv4
|
||||
values.hosts.ildkule.ipv6
|
||||
];
|
||||
};
|
||||
};
|
||||
}
|
||||
|
||||
@@ -17,5 +17,5 @@
|
||||
|
||||
# Don't change (even during upgrades) unless you know what you are doing.
|
||||
# See https://search.nixos.org/options?show=system.stateVersion
|
||||
system.stateVersion = "23.05";
|
||||
system.stateVersion = "25.11";
|
||||
}
|
||||
|
||||
@@ -32,5 +32,5 @@
|
||||
|
||||
# Don't change (even during upgrades) unless you know what you are doing.
|
||||
# See https://search.nixos.org/options?show=system.stateVersion
|
||||
system.stateVersion = "23.05";
|
||||
system.stateVersion = "25.11";
|
||||
}
|
||||
|
||||
@@ -19,15 +19,18 @@ in {
|
||||
(mkHostScrapeConfig "bicep" [ defaultNodeExporterPort defaultSystemdExporterPort defaultNixosExporterPort ])
|
||||
(mkHostScrapeConfig "brzeczyszczykiewicz" [ defaultNodeExporterPort defaultSystemdExporterPort defaultNixosExporterPort ])
|
||||
(mkHostScrapeConfig "georg" [ defaultNodeExporterPort defaultSystemdExporterPort defaultNixosExporterPort ])
|
||||
(mkHostScrapeConfig "gluttony" [ defaultNodeExporterPort defaultSystemdExporterPort defaultNixosExporterPort ])
|
||||
(mkHostScrapeConfig "kommode" [ defaultNodeExporterPort defaultSystemdExporterPort defaultNixosExporterPort ])
|
||||
(mkHostScrapeConfig "ustetind" [ defaultNodeExporterPort defaultSystemdExporterPort defaultNixosExporterPort ])
|
||||
(mkHostScrapeConfig "wenche" [ defaultNodeExporterPort defaultSystemdExporterPort defaultNixosExporterPort ])
|
||||
|
||||
(mkHostScrapeConfig "lupine-1" [ defaultNodeExporterPort defaultSystemdExporterPort defaultNixosExporterPort ])
|
||||
# (mkHostScrapeConfig "lupine-2" [ defaultNodeExporterPort defaultSystemdExporterPort ])
|
||||
(mkHostScrapeConfig "lupine-2" [ defaultNodeExporterPort defaultSystemdExporterPort defaultNixosExporterPort ])
|
||||
(mkHostScrapeConfig "lupine-3" [ defaultNodeExporterPort defaultSystemdExporterPort defaultNixosExporterPort ])
|
||||
(mkHostScrapeConfig "lupine-4" [ defaultNodeExporterPort defaultSystemdExporterPort defaultNixosExporterPort ])
|
||||
(mkHostScrapeConfig "lupine-5" [ defaultNodeExporterPort defaultSystemdExporterPort defaultNixosExporterPort ])
|
||||
(mkHostScrapeConfig "temmie" [ defaultNodeExporterPort defaultSystemdExporterPort defaultNixosExporterPort ])
|
||||
(mkHostScrapeConfig "ustetind" [ defaultNodeExporterPort defaultSystemdExporterPort defaultNixosExporterPort ])
|
||||
(mkHostScrapeConfig "wenche" [ defaultNodeExporterPort defaultSystemdExporterPort defaultNixosExporterPort ])
|
||||
|
||||
(mkHostScrapeConfig "skrott" [ defaultNodeExporterPort defaultSystemdExporterPort ])
|
||||
|
||||
(mkHostScrapeConfig "hildring" [ defaultNodeExporterPort ])
|
||||
(mkHostScrapeConfig "isvegg" [ defaultNodeExporterPort ])
|
||||
|
||||
@@ -4,6 +4,7 @@
|
||||
# Include the results of the hardware scan.
|
||||
./hardware-configuration.nix
|
||||
(fp /base)
|
||||
./disks.nix
|
||||
|
||||
./services/gitea
|
||||
./services/nginx.nix
|
||||
|
||||
80
hosts/kommode/disks.nix
Normal file
80
hosts/kommode/disks.nix
Normal file
@@ -0,0 +1,80 @@
|
||||
{ lib, ... }:
|
||||
{
|
||||
disko.devices = {
|
||||
disk = {
|
||||
sda = {
|
||||
type = "disk";
|
||||
device = "/dev/sda";
|
||||
content = {
|
||||
type = "gpt";
|
||||
partitions = {
|
||||
root = {
|
||||
name = "root";
|
||||
label = "root";
|
||||
start = "1MiB";
|
||||
end = "-5G";
|
||||
content = {
|
||||
type = "btrfs";
|
||||
extraArgs = [ "-f" ]; # Override existing partition
|
||||
# subvolumes = let
|
||||
# makeSnapshottable = subvolPath: mountOptions: let
|
||||
# name = lib.replaceString "/" "-" subvolPath;
|
||||
# in {
|
||||
# "@${name}/active" = {
|
||||
# mountPoint = subvolPath;
|
||||
# inherit mountOptions;
|
||||
# };
|
||||
# "@${name}/snapshots" = {
|
||||
# mountPoint = "${subvolPath}/.snapshots";
|
||||
# inherit mountOptions;
|
||||
# };
|
||||
# };
|
||||
# in {
|
||||
# "@" = { };
|
||||
# "@/swap" = {
|
||||
# mountpoint = "/.swapvol";
|
||||
# swap.swapfile.size = "4G";
|
||||
# };
|
||||
# "@/root" = {
|
||||
# mountpoint = "/";
|
||||
# mountOptions = [ "compress=zstd" "noatime" ];
|
||||
# };
|
||||
# }
|
||||
# // (makeSnapshottable "/home" [ "compress=zstd" "noatime" ])
|
||||
# // (makeSnapshottable "/nix" [ "compress=zstd" "noatime" ])
|
||||
# // (makeSnapshottable "/var/lib" [ "compress=zstd" "noatime" ])
|
||||
# // (makeSnapshottable "/var/log" [ "compress=zstd" "noatime" ])
|
||||
# // (makeSnapshottable "/var/cache" [ "compress=zstd" "noatime" ]);
|
||||
|
||||
# swap.swapfile.size = "4G";
|
||||
mountpoint = "/";
|
||||
};
|
||||
};
|
||||
|
||||
swap = {
|
||||
name = "swap";
|
||||
label = "swap";
|
||||
start = "-5G";
|
||||
end = "-1G";
|
||||
content.type = "swap";
|
||||
};
|
||||
|
||||
ESP = {
|
||||
name = "ESP";
|
||||
label = "ESP";
|
||||
start = "-1G";
|
||||
end = "100%";
|
||||
type = "EF00";
|
||||
content = {
|
||||
type = "filesystem";
|
||||
format = "vfat";
|
||||
mountpoint = "/boot";
|
||||
mountOptions = [ "umask=0077" ];
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
||||
@@ -13,21 +13,6 @@
|
||||
boot.kernelModules = [ ];
|
||||
boot.extraModulePackages = [ ];
|
||||
|
||||
fileSystems."/" =
|
||||
{ device = "/dev/disk/by-uuid/d421538f-a260-44ae-8e03-47cac369dcc1";
|
||||
fsType = "btrfs";
|
||||
};
|
||||
|
||||
fileSystems."/boot" =
|
||||
{ device = "/dev/disk/by-uuid/86CD-4C23";
|
||||
fsType = "vfat";
|
||||
options = [ "fmask=0077" "dmask=0077" ];
|
||||
};
|
||||
|
||||
swapDevices =
|
||||
[ { device = "/dev/disk/by-uuid/4cfbb41e-801f-40dd-8c58-0a0c1a6025f6"; }
|
||||
];
|
||||
|
||||
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
|
||||
# (the default) this is the recommended approach. When using systemd-networkd it's
|
||||
# still possible to use this option, but it's recommended to use it in conjunction
|
||||
|
||||
@@ -15,5 +15,5 @@
|
||||
|
||||
# Don't change (even during upgrades) unless you know what you are doing.
|
||||
# See https://search.nixos.org/options?show=system.stateVersion
|
||||
system.stateVersion = "23.05";
|
||||
system.stateVersion = "25.11";
|
||||
}
|
||||
|
||||
@@ -1,10 +1,13 @@
|
||||
{ config, pkgs, lib, fp, values, ... }: {
|
||||
{ config, pkgs, lib, modulesPath, fp, values, ... }: {
|
||||
imports = [
|
||||
# ./hardware-configuration.nix
|
||||
(modulesPath + "/profiles/perlless.nix")
|
||||
|
||||
(fp /base)
|
||||
];
|
||||
|
||||
# Disable import of a bunch of tools we don't need from nixpkgs.
|
||||
disabledModules = [ "profiles/base.nix" ];
|
||||
|
||||
sops.defaultSopsFile = fp /secrets/skrott/skrott.yaml;
|
||||
|
||||
boot = {
|
||||
@@ -15,7 +18,14 @@
|
||||
kernelPackages = pkgs.linuxPackages;
|
||||
};
|
||||
|
||||
hardware = {
|
||||
enableAllHardware = lib.mkForce false;
|
||||
firmware = [ pkgs.raspberrypiWirelessFirmware ];
|
||||
};
|
||||
|
||||
# Now turn off a bunch of stuff lol
|
||||
# TODO: can we reduce further?
|
||||
# See also https://nixcademy.com/posts/minimizing-nixos-images/
|
||||
system.autoUpgrade.enable = lib.mkForce false;
|
||||
services.irqbalance.enable = lib.mkForce false;
|
||||
services.logrotate.enable = lib.mkForce false;
|
||||
@@ -25,10 +35,19 @@
|
||||
services.udisks2.enable = lib.mkForce false;
|
||||
services.thermald.enable = lib.mkForce false;
|
||||
services.promtail.enable = lib.mkForce false;
|
||||
boot.supportedFilesystems.zfs = lib.mkForce false;
|
||||
# There aren't really that many firmware updates for rbpi3 anyway
|
||||
services.fwupd.enable = lib.mkForce false;
|
||||
|
||||
documentation.enable = lib.mkForce false;
|
||||
|
||||
# TODO: can we reduce further?
|
||||
environment.enableAllTerminfo = lib.mkForce false;
|
||||
|
||||
programs.neovim.enable = lib.mkForce false;
|
||||
programs.zsh.enable = lib.mkForce false;
|
||||
programs.git.package = pkgs.gitMinimal;
|
||||
|
||||
nix.registry = lib.mkForce { };
|
||||
nix.nixPath = lib.mkForce [ ];
|
||||
|
||||
sops.secrets = {
|
||||
"dibbler/postgresql/password" = {
|
||||
@@ -77,11 +96,11 @@
|
||||
};
|
||||
|
||||
# https://github.com/NixOS/nixpkgs/issues/84105
|
||||
boot.kernelParams = [
|
||||
boot.kernelParams = lib.mkIf (!config.virtualisation.isVmVariant) [
|
||||
"console=ttyUSB0,9600"
|
||||
# "console=tty1" # Already part of the module
|
||||
];
|
||||
systemd.services."serial-getty@ttyUSB0" = {
|
||||
systemd.services."serial-getty@ttyUSB0" = lib.mkIf (!config.virtualisation.isVmVariant) {
|
||||
enable = true;
|
||||
wantedBy = [ "getty.target" ]; # to start at boot
|
||||
serviceConfig.Restart = "always"; # restart when session is closed
|
||||
|
||||
140
modules/rsync-pull-targets.nix
Normal file
140
modules/rsync-pull-targets.nix
Normal file
@@ -0,0 +1,140 @@
|
||||
{ config, lib, pkgs, ... }:
|
||||
let
|
||||
cfg = config.services.rsync-pull-targets;
|
||||
in
|
||||
{
|
||||
options.services.rsync-pull-targets = {
|
||||
enable = lib.mkEnableOption "";
|
||||
|
||||
rrsyncPackage = lib.mkPackageOption pkgs "rrsync" { };
|
||||
|
||||
locations = lib.mkOption {
|
||||
type = lib.types.attrsOf (lib.types.submodule ({ name, ... }@submoduleArgs: {
|
||||
options = {
|
||||
enable = lib.mkEnableOption "" // {
|
||||
default = true;
|
||||
example = false;
|
||||
};
|
||||
|
||||
user = lib.mkOption {
|
||||
type = lib.types.str;
|
||||
description = "Which user to use as SSH login";
|
||||
example = "root";
|
||||
};
|
||||
|
||||
location = lib.mkOption {
|
||||
type = lib.types.path;
|
||||
default = name;
|
||||
defaultText = lib.literalExpression "<name>";
|
||||
example = "/path/to/rsyncable/item";
|
||||
};
|
||||
|
||||
# TODO: handle autogeneration of keys
|
||||
# autoGenerateSSHKeypair = lib.mkOption {
|
||||
# type = lib.types.bool;
|
||||
# default = config.publicKey == null;
|
||||
# defaultText = lib.literalExpression "config.services.rsync-pull-targets.<name>.publicKey != null";
|
||||
# example = true;
|
||||
# };
|
||||
|
||||
publicKey = lib.mkOption {
|
||||
type = lib.types.str;
|
||||
# type = lib.types.nullOr lib.types.str;
|
||||
# default = null;
|
||||
example = "ssh-ed25519 AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA comment";
|
||||
};
|
||||
|
||||
rrsyncPackage = lib.mkPackageOption pkgs "rrsync" { } // {
|
||||
default = cfg.rrsyncPackage;
|
||||
defaultText = lib.literalExpression "config.services.rsync-pull-targets.rrsyncPackage";
|
||||
};
|
||||
|
||||
enableRecommendedHardening = lib.mkEnableOption "a commonly used security profile for authorizedKeys attributes and rrsync args";
|
||||
|
||||
rrsyncArgs = {
|
||||
ro = lib.mkEnableOption "" // {
|
||||
description = "Allow only reading from the DIR. Implies -no-del and -no-lock.";
|
||||
};
|
||||
wo = lib.mkEnableOption "" // {
|
||||
description = "Allow only writing to the DIR.";
|
||||
};
|
||||
munge = lib.mkEnableOption "" // {
|
||||
description = "Enable rsync's --munge-links on the server side.";
|
||||
# TODO: set a default?
|
||||
};
|
||||
no-del = lib.mkEnableOption "" // {
|
||||
description = "Disable rsync's --delete* and --remove* options.";
|
||||
default = submoduleArgs.config.enableRecommendedHardening;
|
||||
defaultText = lib.literalExpression "config.services.rsync-pull-targets.<name>.enableRecommendedHardening";
|
||||
};
|
||||
no-lock = lib.mkEnableOption "" // {
|
||||
description = "Avoid the single-run (per-user) lock check.";
|
||||
default = submoduleArgs.config.enableRecommendedHardening;
|
||||
defaultText = lib.literalExpression "config.services.rsync-pull-targets.<name>.enableRecommendedHardening";
|
||||
};
|
||||
no-overwrite = lib.mkEnableOption "" // {
|
||||
description = "Prevent overwriting existing files by enforcing --ignore-existing";
|
||||
default = submoduleArgs.config.enableRecommendedHardening;
|
||||
defaultText = lib.literalExpression "config.services.rsync-pull-targets.<name>.enableRecommendedHardening";
|
||||
};
|
||||
};
|
||||
|
||||
authorizedKeysAttrs = lib.mkOption {
|
||||
type = lib.types.listOf lib.types.str;
|
||||
default = lib.optionals submoduleArgs.config.enableRecommendedHardening [
|
||||
"restrict"
|
||||
"no-agent-forwarding"
|
||||
"no-port-forwarding"
|
||||
"no-pty"
|
||||
"no-X11-forwarding"
|
||||
];
|
||||
defaultText = lib.literalExpression ''
|
||||
lib.optionals config.services.rsync-pull-targets.<name>.enableRecommendedHardening [
|
||||
"restrict"
|
||||
"no-agent-forwarding"
|
||||
"no-port-forwarding"
|
||||
"no-pty"
|
||||
"no-X11-forwarding"
|
||||
]
|
||||
'';
|
||||
example = [
|
||||
"restrict"
|
||||
"no-agent-forwarding"
|
||||
"no-port-forwarding"
|
||||
"no-pty"
|
||||
"no-X11-forwarding"
|
||||
];
|
||||
};
|
||||
};
|
||||
}));
|
||||
};
|
||||
};
|
||||
|
||||
config = lib.mkIf cfg.enable {
|
||||
# assertions = lib.pipe cfg.locations [
|
||||
# (lib.filterAttrs (_: value: value.enable))
|
||||
# TODO: assert that there are no duplicate (user, publicKey) pairs.
|
||||
# if there are then ssh won't know which command to provide and might provide a random one, not sure.
|
||||
# (lib.mapAttrsToList (_: { user, location, publicKey, ... }: {
|
||||
# assertion =
|
||||
# message = "";
|
||||
# })
|
||||
# ];
|
||||
|
||||
services.openssh.enable = true;
|
||||
users.users = lib.pipe cfg.locations [
|
||||
(lib.filterAttrs (_: value: value.enable))
|
||||
(lib.mapAttrs' (_: { user, location, rrsyncPackage, rrsyncArgs, authorizedKeysAttrs, publicKey, ... }: let
|
||||
rrsyncArgString = lib.cli.toCommandLineShellGNU {
|
||||
isLong = _: false;
|
||||
} rrsyncArgs;
|
||||
# TODO: handle " in location
|
||||
in {
|
||||
name = user;
|
||||
value.openssh.authorizedKeys.keys = [
|
||||
"command=\"${lib.getExe rrsyncPackage} ${rrsyncArgString} ${location}\",${lib.concatStringsSep "," authorizedKeysAttrs} ${publicKey}"
|
||||
];
|
||||
}))
|
||||
];
|
||||
};
|
||||
}
|
||||
@@ -9,6 +9,7 @@ gitea:
|
||||
ssh-known-hosts: ENC[AES256_GCM,data:zlRLoelQeumMxGqPmgMTB69X1RVWXIs2jWwc67lk0wrdNOHUs5UzV5TUA1JnQ43RslBU92+js7DkyvE5enGzw7zZE5F1ZYdGv/eCgvkTMC9BoLfzHzP6OzayPLYEt3xJ5PRocN8JUAD55cuu4LgsuebuydHPi2oWOfpbSUBKSeCh6dvk5Pp1XRDprPS5SzGLW8Xjq98QlzmfGv50meI9CDJZVF9Wq/72gkyfgtb3YVdr,iv:AF06TBitHegfWk6w07CdkHklh4ripQCmA45vswDQgss=,tag:zKh7WVXMJN2o9ZIwIkby3Q==,type:str]
|
||||
import-user-env: ENC[AES256_GCM,data:wArFwTd0ZoB4VXHPpichfnmykxGxN8y2EQsMgOPHv7zsm6A+m2rG9BWDGskQPr5Ns9o=,iv:gPUzYFSNoALJb1N0dsbNlgHIb7+xG7E9ANpmVNZURQ0=,tag:JghfRy2OcDFWKS9zX1XJ9A==,type:str]
|
||||
mediawiki:
|
||||
secret-key: ENC[AES256_GCM,data:ixG9vGifYcz44y/copU+eHIjWLcxJ4v7pi8l1P3YHIdGwAk5DNZQWlaA/L3w0g50zM0ESEXL9k2r3jNI1nLGJw==,iv:fwHV4hYDEjP9f/8Bw74EhYDUN8UV+qIwqd6yXa5KtFs=,tag:3c9J/lVoJeRE1b/TTWJNZw==,type:str]
|
||||
password: ENC[AES256_GCM,data:HsBuA1E7187roGnKuFPfPDYxA16GFjAUucgUtrdUFmcOzmTNiFH+NWY2ZQ==,iv:vDYUmmZftcrkDtJxNYKAJSx9j+AQcmQarC62QRHR4IM=,tag:3TKjNrGRivFWoK3djC748g==,type:str]
|
||||
postgres_password: ENC[AES256_GCM,data:XIOmrOVXWvMMcPJtmovhdyZvLlhmrsrwjuMMkdEY1NIXWjevj5XEkp6Cpw==,iv:KMPTRzu3H/ewfEhc/O0q3o230QNkABfPYF/D1SYL2R8=,tag:sFZiFPHWxwzD9HndPmH3pQ==,type:str]
|
||||
simplesamlphp:
|
||||
@@ -99,8 +100,8 @@ sops:
|
||||
SU5zanlva1p2QjVndVJwUnlkdkFuTDAKbQRrSfG9MGsGvF2ywoGhDSuriDsbQ+k2
|
||||
29mxere0efSSGGq8y9YrPC8UX5hZRfqg/dfbL+PFc4NHfbxB/oSzQw==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2024-12-09T21:18:23Z"
|
||||
mac: ENC[AES256_GCM,data:scdduZPcJZgeT9LarRgxVr/obYsGrJAbMoLGJPPPp19qxOJMTdvYfMz8bxPjCikB4MacEgVZmcnKIn5aCzHJAnCI/7F2wm1DDtW9ZI5qbhDJKSSld+m2leOSPfR8VY/0qj6UNgGnwkwx7dfcAlv8cP2Sp3o1M2oyQxeXPr5FWEg=,iv:JEAwkCewMp0ERmYU62kZkbl7+FET1ZeRr6xeEwt6ioM=,tag:jxvli935X3JyZYe7fFbnLg==,type:str]
|
||||
lastmodified: "2026-01-26T08:40:13Z"
|
||||
mac: ENC[AES256_GCM,data:ppgpARft/YDKP24QF4bLYVhxN4nRrCsf4wBug3UD4MXgQwdFyWPAHn086uONeMbVOvH8IdwlaNBc8h36I7M66cqwK1VsRc/vf9Ud2VnD/WkWijMSrJ80frIvuvREp7aMNlYbD20bjrp4sYohjcJ8KPqyPUFPj71dA+9LZvXJthQ=,iv:lr3R14lRx7RzclknKbOa/bHa6axGbMPqj1FRTjx34xE=,tag:pBHzSArxYs4bqq355T4yog==,type:str]
|
||||
pgp:
|
||||
- created_at: "2026-01-16T06:34:44Z"
|
||||
enc: |-
|
||||
@@ -123,4 +124,4 @@ sops:
|
||||
-----END PGP MESSAGE-----
|
||||
fp: F7D37890228A907440E1FD4846B9228E814A2AAC
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.9.1
|
||||
version: 3.11.0
|
||||
|
||||
@@ -17,6 +17,7 @@ ooye:
|
||||
hookshot:
|
||||
as_token: ENC[AES256_GCM,data:L4vEw5r4RhcgritOeDTLHN5E/dM=,iv:pC8BLzxf6NaVAGsotoq6chOceBVdMLvrsQn1LGw9H9w=,tag:SI3CDFHAvgQZEvf/oms3EA==,type:str]
|
||||
hs_token: ENC[AES256_GCM,data:2ufSJfYzzAB5IO+edwKSra5d/+M=,iv:cmTycGzNL+IeRRKZGbkhTtiksYTtbxED0k0B5haFw7k=,tag:FmWe5sGi9rlapUeAE6lKvg==,type:str]
|
||||
passkey: ENC[AES256_GCM,data:sR3ZdvNe+321WalGA57Nsb7eIRnOgAWX4P4aahynS5kD8nZ40axO3H29pciTn3rgBLsKPYAbJ24Ch40SL5emlz9UL1nH//khCEAXUXR5+RA83TvRrog1BdiCTX3wYY6SvM8BRwAEcWbAavfRHyNM0stSRjamdam70OvEEHlOUafs4lfQghYXVN+YV6bT+gan9eMRwhTsuWB/V01SAUot5pgFtprpvFs/l90E9sZFxxejlLniy/4nHjO9rcXAeCz/8cw5P56AqCzqyliYxKM3qbhwp+Pz/RVH+7PKQwABP80tw4HLvBz2nwYzPHJrSejIH/lxE1sJH8ttUQ8mHIFpv0GGB0oENyfYCekoSXWL+wuFEE+xjyak1KUDfohaJ9QMZa+A4jHiGoWHAwfU083uNFNdE1NxPpa55xQ/Q5fGE58qmZVbHUoL1EFOi0Nc15vp9kRojjQoEENvEQKwZHlauhm+940s6IwBE/bHk5WBjWM6BM/7Y8dj23uo1Vj0gy5IK0xYk62+IXNINPeDnS5sZJJweOKvS9JDYNw/9oC5ptmsqkGWryWm22Mwq9AIWm1Zt+0nIZRrOM+JHWJCtCqXhD5+UL1fl6wt7IgvOqgOtsFUM39n2hS4UWyVohToLy2u8VFKDIx1yb530y+Q2HfT6oKPYtcm5+b/dgDaqph1JSuqxWoiXMdx/DvGLhM6nIfPnAi5EImXDQIxkh4tJ6P+z+4vOPiX5fKflXk2eioVL77BQ4jXLunu4zBu/bOCePHigAD/+E9IgHnVSMxpTgDQ3w7WI7FCY9wjbXqbsL3QB1BOizIFNqHDcX2COeJV7X8Aia0HBpZgQpFX5XtMJAKnO2BR2EA94xSk9/rAPgZpJkZXTHl5MpPz9+WLv4uFy0daIJ/y7jkxLXK2UNw9VVfkq/I6cteQMwHPe0V9XZc1DIXOjJ23r9qNtx11Dx7Zumh3EQvp/8D/i0G6lhW1y3xP0Uu1iuxfnvhacBTwiRTSrKhT0HKlFG9cG2SaZH5D8zLyhrQhp8V5AdAdikmQUfDigDTzd45YpWRaNEGM1wcAI5cWBdPHY6Hv3NHQoX3yx6jm3Qo1QqIVlhqHqEeM6++H1Sfd3xg8zMSSGXlQT6EYE0+raOvKrmbnGCW3GnguHEjU1vCE/w7u8LCct7IBCSL7XQpLg39SmSx/MdL5OWXaUCxbVMM38q/4PXNzRVNaHRZFXm35+q1gZ/fx9a3vY/YS9+qEhcsvNQaNyuVcbigz9fqEWoAnFh2rCIMT3XMc+N0V0+TSIF4nU/Im82wu1+ujcrJ6OpGubcf208y8giwOgdKAARTKtybInUx31+JkzMw9A4q+CxRLHcrYYhIHz0MyhAVY3JKQp6DvoRwT58/MEENv6hSvsf0PhrgIkPTYeNeasJwFt8tKPmEkFYINhigC3XPmid+hMJfp/w8MnFLAIX9Cp+7adQPPW5RZqHuuf0rV+vdVqU3nFmnet8KZd3SrZiWAXcKViyHYAWb3c60TMO2C37goHkTMd6olZ09ZEfrTpdX+MEHswW65p4rJgNZIbVquD73DpZuE30HsrUBsPeWpQy2JGNUPq8tCvcREVgmnIt7yJn8sC8D+RwgXCXHf6qDMjANi7nvD6uWTik4P68e9lVztO4QudwdZdPieflfFADH4sFPhXwCpGOkR37RSrqe6t3CR3ZI0aXqHdZ1l1JcJv+5WEXmJZfNUOPBGpvatmc7ygJYDxuQoJ5FDFsyZffrAYOcEXC6gDaq6NTGgo4JZAYQsHg8JaFWQPEToagiSQhhErMeA5nTUvNjJ4/0HHIvsjsGabAv3GiT2lcVnowt8qwEyLnQStNiAxv0bURhW82BLCHq5cHx7mtUNqDQjrc48iQZiZd20orTq7PmxwWBa6T9EwuEOQiX69inIbSU7kGbRmVUS+RPKfFoCXXOSlBjzoLM448Ymbf0FsEgATb0I5sJ6R2k9mlh3WgRur/u8ODtXJO9TLjVvAm1WmHWXn8ZSvKRS+/VSGg3RzKGyVqh2gJmpDJmF4BwzqslhaCdvdkwBW+7oZN///1h41NX6Fo68l+P/Rl/ZFvCF2VD18E1EjmnOs8sxmMjsDct3HNd7xB1PJLKtNTCLEF0vLDOM5qGaWfBVZtwHiz7fhbPxeE4ND8ygHhUUVzDsC3uHeVHwBMghSY92wnNq6SJP5HMC5knoEFxGnr5te8GcMT6iD6KMKjzqPnp7raGSFo96d5qDiug8krD3vEpbE+3L0XRye5m+2N/wVL7u888JZ0Yj9uWZoAmg41G9y5NU1g8Sns9gY1jalZFaY1+S2nCAfgZRNzx0gLa4CY7SClib1+qDCKIVLJyCqlbKRkIbNXV/B+/L6MAUwTRn8NLhm1+U1QgqD3X+cTJoys/1laSEBXcupT0CrCkR2wguGh1tfkyZ0yLJcbyIfRHzmEooMHWgL5N+mNYCwxLyIfDmBSacZI7AUBfGD+RT24W0vl976zd/sBzIZtQGFPKDtb5bzNE5FNfSfser+afqBG+S+gr1GUn2ZQMGN2095uqnYiwCUtxmczGlOLixbQMnYPbxClB7i4NFvZj2GbnX+yRgv8OFWTnp0C1aPsQHgZzWKAe0cDaRJpAOTTbaGaSJiwIIu689xqYGKej3oQLaAHqlRyRhJngUOj4panxNb/ZFbP6lfUF0fehNJFJaR3WKSiRAjv6ommtSFDQ26TrhYE9d+yG1KApzkhlPTLNA4fVRQxfZi41hbfHDg4kwZMpc86BSCq85qnzW+nMJiWTLxTKYSzjpiWSnMzBvBYf0vntz5+ltwJwyVMX/TdAoYGyHOCINLSxhKoajORJ0g6zEyBRdG+kg0qZCFi894fR4eAz5/fvbrhOhhnCOaVCJlvLo2jXiizQlsqbvLr8bTbyMF5yJPEPV8H/B8uhzzjCIxvbbc3Ac3rPX47FBdEc5869c7JgL/2HD9GZzJXfRBzyhSTFMMh7J+K7LgEIGsItTsJM9wa4BC9ZicZRifuGxBKATOIVeTpJJHA80yhmL6lsazUrrAlyA93mR4CsuInmum6QMyjkmcXBnEtybSeuUjX7aFmzSz9Il7C9iR/4QRWyzgSIh7sbqEl/v4mQtJMlydbZdd0aT65AShTHUIkNZxOg/IuEW26v8pyZi5msfPBjwmknQkXPTf1fCcgVuY6OoQBPzYR1BFTjpY5lTfAMYH9sDW+xxRTFftsNNRzIctX0IEv5haWxLDhuN7eagltf2v3GubrbsYTeVwuCFJnabgzXan4vvpPVIPhrhE2k6G0FfDhIpQL9oweNBG2hefoXoOr+piHYcc1hJSHnSUp9qRxQxXzjvaFulfRO+2GoMAg6E6pz1Fz8e8mHRubREH6NOLvz070D0u1o7Tb6LE2cmw2XdRaVqO+Jo3u7pZUUVYllF31Uxb8ngHarWQ3dOBneZQHsW3AFpRofz9BcHII6dd4BhAM+sl7+cBEFuNn9nkDBR8PLx7O0G+b99qSAnOdvY6wWTwMbWC2JLcv6QTwqe/bAdEg3hNi2GOoqwvs0e6BO/7GS88egcwqZEe2Tpvtzb+NCia/A3oc/VNWTucmQcv9K10QaloZjHMXAMsDESr3LJ0enaoqc90bbHWEuoyRJoDDuW2NXHpCILLAxCUDZnArlE78J2B15Yc2sBkgHyYrILaZo1dBVR23R+QX4bZXt69EZC74IdcELt4qw4ANK+xKtSRJ5vnVml58/71IukUp5GOwEzImEC4YG5G7O7hpMWZmM48RvOuhmqk3LvCggjHPploLqw3PY46twgbKTBai4PbYZ2NaFAHkgc4jqoKSgzQD0jqUkNxFZNSXmvC6QGksns/GaI/qZJVSWAxr95P3oEyZrsfY+KFvhpGJWAa/TIyJslTsKjSv+VFg9jm93yT6P+Jfp1sR+tnyTgrDUF3SIi1/HbM4DlgbyHon25B+4fabgbGajl0Ua/zNyFmWcGN4yRQfXgK47vhQFyfAaOliIKbvsCEnfLniDhPg9FlnxBHSVPHNxeEufocboCUJzm0pU2r2iRRN6fKiiIZubjxeXDjRHTsJAffstPp6pSDxgtZzivquUkj1669QmZaHhV6VyAhGOz/A3VWWB0FGdToeuS5FciNyYVmfJ8moHP1skV/jR4Ke3R/gHato0Un0nUr39ftB81uVomTYlVYuXAUUfJnAU/i8PbdjWCXSlAIeqCUeEf9oLq4n/xtUvJGBzxPgRJPaWxnckS2umi+6CRCs9f1EzwORgOosnQDJxALsGV3Nl4dR1o8ygAHkiBiqKyaEk0ulVM6XrfGFcQMkRgK2PVIZHNCEY72jU42/LlzWumXH2uoivR0toT7kk919VJYa5+2ac=,iv:BqwTfYEtqtFazQGfhL6rxfIUrZ2cin+jy070FDaGIuc=,tag:MMUGNmH6m4aNR4U8KAac6w==,type:str]
|
||||
livekit:
|
||||
keyfile:
|
||||
#ENC[AES256_GCM,data:M+SfmEuhPL8sqxOl3uL8mE6Z6pC6naQNxFRskMPbVpLVWYM1Be+QOoLEiTMtWqH2PAf2NZXLcNY63Q99bYINz+BTt/ekllye,iv:DSZJxoZUlUZxPpzfpXyZ4ECeJjq6/WW8I2fvTXIjmfU=,tag:HwHhdQA8yuSKYxM5LcZV/w==,type:comment]
|
||||
@@ -86,8 +87,8 @@ sops:
|
||||
Qnh1djQ0ZDFhRmxsU2g0eHJZeFlkcU0Kj5H/dHrOwSgiZIzpv3nOc7AWeNMofJg7
|
||||
OzSVdRry72qPqYU8YLWjAcoP3ddITZnWr53/yYBVmssW/KeyVyPy9A==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2026-01-21T02:03:24Z"
|
||||
mac: ENC[AES256_GCM,data:yVe+78V7zYgYveLFBghKdAeibg97DRafgsRRCZPYkWu8t2iadtD5UqRK0KS4Zcc55ojHJ11otgadaPHQyl8EIzt7Dwlm7ZOVEmmPAYdaweWfnPRdFhDAxcgj8Ejh03LAdLQK8WwlfTF/09Avub2ZUnN0aPwFCen/qD6dYmcGDNk=,iv:y4YE9AqlVVBBtRGoIdfIcNGE4chChBOR0Euy68xkQBA=,tag:/yopCpkvFaEzr2iXxLd3uw==,type:str]
|
||||
lastmodified: "2026-01-26T12:49:23Z"
|
||||
mac: ENC[AES256_GCM,data:+rkFq7pYZrGTtLIjjwa5DQC6WFpeV3JS80w6xADcn+kNnjg94p70GVZ3zP6p+f4PZ/Rupjg1cmm3w0g/ranx+FEmmX43N+zSY97NYOC2oxOhlNDDyrnRDElaiCOq41Jd13FxnjX3Jg9gxkD3szGS9hG+gv3wSf9NabOhFFL79GQ=,iv:+9UDVsvfr581CSNdtLRTfrjQ7rsLgMLmyK4cof0NZUU=,tag:9/xq9ThqrDzg+Snh3vSkVw==,type:str]
|
||||
pgp:
|
||||
- created_at: "2026-01-16T06:34:46Z"
|
||||
enc: |-
|
||||
|
||||
@@ -1,93 +0,0 @@
|
||||
matrix:
|
||||
synapse:
|
||||
dbconfig: ENC[AES256_GCM,data:R7y+867fwnVXHaknUj9RpBtkEATfUo9AoaNId/ODLkHCJyQP1761pJLqeSkQTZAnzZxqACYorV0P57tEQ5bE0aKLOL7tSClx82x7Tki0MiWME4FgxJC2fQk/vP0Ca2zufnw0s697zkfsnyx/1pjjo69amXc207NXAHCtxXO0ztWp0Q==,iv:BsbOLl/hlQIjOLnik8lZWO3+jhMEZ//fisxLon7HdE0=,tag:6sv6ySztGbxAgn+WV0I5NA==,type:str]
|
||||
turnconfig: ENC[AES256_GCM,data:eyUQID6nHiMH1cm418ItI3DEAjAPoR9NR7DvhfYCTvYM1LyHKVg=,iv:Jz7LEOUwTI8LCMOKqB2vN/0Zs+S0IJkHY3wpAC0q5YI=,tag:4SImxB+5JI8VtsZVy0cYIQ==,type:str]
|
||||
user_registration: ENC[AES256_GCM,data:qWtVuNc0YWetsVVtXt+nlaUPq7QzbsDIb+KV2jgEfLZXU/h+vS0PL+k=,iv:72fvhUo3Bhvxj9A16sTL3teLKA0tGEk7pbgKoooOJSo=,tag:Q5vl2+ZJZqtcmMH+tNqVag==,type:str]
|
||||
signing_key: ENC[AES256_GCM,data:3EeV+9X9TtqhBL7QyULTS7tNyH7ayhe88B7UtNZ/TMlQSW2E1WtSVEecqs+097A1SmdKoYVr6iz0ew==,iv:TDfAdYROu7o7FIwn6oOs60surQ7zFy0+9bqhx8LtwXg=,tag:8MpNBw5TbDMxXHF9+tmZfQ==,type:str]
|
||||
coturn:
|
||||
static-auth-secret: ENC[AES256_GCM,data:bDVbTU3QaanU0fPhQF4Fil4=,iv:MVoFWgqHm88JXaCYa5l57SkX3fSmP97Z7IzvwumHWY8=,tag:ZX121OshXiLC6eRxz2Be0g==,type:str]
|
||||
mjolnir:
|
||||
access_token: ENC[AES256_GCM,data:z+BG3nJyUTrJJq0eGNzT3tFatKXffgBzg3E608pqBaPvtJYsnEy4mo1vZig=,iv:VGdnprNYOArhLdY38B1BO/V9YiYGZEy39gnJyh8atgY=,tag:qJ+UryjNPTH0F6ZP5JJlEw==,type:str]
|
||||
registrations:
|
||||
mx-puppet-discord: ENC[AES256_GCM,data:nvWSaZ4we8BD50Op/bZMrlMXGBwzvG3IXGPGJe2paCZ10tTm9v4+aYGYhILNhcQM095AD9KdEJ44TAyPxZ/c5iYLqb/LJzEpa5X2jKoiF6r7PjNFGevKQs7fzJk4Y9MxHwZ2KJT+uHjtXF8erJvFDs3S3WgmuAQW1U9b5fYQNc4ZF0tY+BsWU2ehqMejpx7w93TkcIiZY7Uoj4kPMEp8aI6v/7VPIjM9g7b+R5KGZ1/yIpiNCzZuT+x2mxCtqGfbOynWON8PaCIojp7sbLaRWhX2bd4GG2wP3T5MsgwjJzQSfyXjK1Dyxzr8fVmh0R2mJoZHTYNQLLwYncLwqXQEHr6tXNWPTwxPslW+BdLsp/8//m0F04vUf4Z0dbf22NSaPkH9GdRLB3zXh07VxqG+B7OvAjDULHUmA5uwgtZq9h0G73TWDJ8U75eAxrTdsgQgmIsyhpLljFW2QSnOPL/93ieovh5qRgXjgyqrljDOkB+fhC0gdQalPeBM8l5zPI8aaJsVp/l15rx4nUIrFka0g+v+SRhAIPtQAKA=,iv:3gzyGz7T9PK/J92X46YXYT98bpTnx1uPiiwXuls/kOA=,tag:Vm+zNmA53HIb2dP8FIgP6Q==,type:str]
|
||||
sops:
|
||||
age:
|
||||
- recipient: age1gp8ye4g2mmw3may5xg0zsy7mm04glfz3788mmdx9cvcsdxs9hg0s0cc9kt
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBvKzl4b1VWTHQ2bGI4bXJl
|
||||
SFNhY2xVNm9XdG56akFWZkR5NHliUnpFaTFJCkhRY2hONTVvRkZaN0JrM0lkZUVu
|
||||
N3kxWVBWOUV2WHJMZ3Jsd24rOS9hc2cKLS0tIHFDWXBMcmppeHJBb3RLZ08rdVlE
|
||||
R00zS0R1Q29QYUlTamI3MkhNNWpaZ2cKMTZ8G2ZVNsAKgZj8B857eH4yfw/fvwtJ
|
||||
YmDTcA0w+uXI+qTtSLs/UPQ54KcW7zNvMUUSoyKrYSDul0SFUDk+Vw==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1ug30gg4y7ftuya0wdv7q0vh4egn00wlv2th7mt7cgc2ze46wmvyq9lq6ge
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA3U1hmbE0rWVYvenhwQUpQ
|
||||
NFlKcFZtMWVWNGU3cVkvcVY1Mklyb0x6cHg0CkhGTHZPZEFCSnV1aFB0eG1ZOHNU
|
||||
UGJLY3BxOHF6V3NuWGZJUWkzcEVUc2cKLS0tIHhVY2xjaXZCdXR3VU92UUE4eWFF
|
||||
RHNtb1RlUmdpd0RibFlES0FDRjg3RFUKFBfH7eVw3j9wFWYjK3nwd5BuW9V4R29U
|
||||
sD/5X7wLRmfo0zCNkf50RnN3oxiP5Sj8zprQnaZMX95EGZXgqeWuWQ==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1mrnldl334l2nszuta6ywvewng0fswv2dz9l5g4qcwe3nj4yxf92qjskdx6
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBXMGc0a2FyTU9MaThIUDlz
|
||||
VWJTOC9ZUktuejl6WFRtdlV5VEFIakZHeENvCkpFRDF4RDRQMnpjZTNCdkE1cWlO
|
||||
VExPNXdxcGk5RTVEUE5KcHY1U1M5VTAKLS0tIEIramZ4R2sycnFnS3AvMWZ2Q1RK
|
||||
dGhDZnVraGlQQkFzdHBRUjEyWEJFMlkK0M3q1NqZdaC9E1hSUOwdTOUWdyvW1xPb
|
||||
E/9SHuRZ+YTzXiECIEx/4ZiQEEcCWOS/wLTQjYpzoozBrmrjGaKC3Q==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1hmpdk4h69wxpwqk9tkud39f66hprhehxtzhgw97r6dvr7v0mx5jscsuhkn
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJTXJkckNBWERIWUNXMERK
|
||||
UzRnL2FJaUlLTmxvYTBQTXlvSTRvbmhmajFJCnNCZjdxUXpVNDlwY1JDaDNCbWlH
|
||||
ZWJFR1o2YkxLMlVNWStoYnFYL2pNcmsKLS0tIEEzM1ZIN3dBb2paeWcxa0hJSDN2
|
||||
a01lK3hSa3prWERxQ1Z6Q3A5OW42NnMKxfCqjDityZvhOoH1DG0JJuEvowlzFBVv
|
||||
WOofbRQ7HdB17OyZh3u5Kbd37D65bbse4HVUaL3NDbdfpUxsbZIUAg==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1wrssr4z4g6vl3fd3qme5cewchmmhm0j2xe6wf2meu4r6ycn37anse98mfs
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBkcExDUDNndXRLY2J5NnpD
|
||||
YTFnWndXYWZvRG1EdGZZekZXYUtBOXFVOVVvCmJJOEc2MVhqSDJPRTBVRU0xcElK
|
||||
SzJYS092eXc2WWExVFFheUZnLzlHb3cKLS0tIHJPRUt0RnlzWGozM1NtTlNzbzVK
|
||||
WUtwa3NvWDlsYmwyalYyL2FoNVBhaDgKiRmCO8OOU94uxnzUmGwnUjipDBVeF88x
|
||||
hF92Hj7+9yBaEi4O1Je0b3ShjHfEsg690ajQKkzojGDX/awkdlcF1Q==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1zhxul786an743u0fascv4wtc5xduu7qfy803lfs539yzhgmlq5ds2lznt5
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAyc1NLMmZzRUt5TWpyaXhH
|
||||
c01CYTJsQUdBWmZ5eEVRWXduL2ZLQ1crTHgwCndRYzQ1ZU9ybmxlRlZtUVFnL21m
|
||||
eDhYZy82RFJqb1Y4Q1pZMTRRRHpQa2sKLS0tIEk0enhSL0Jjcld0QXNCbjNKNjJm
|
||||
c241QUEvbE9iL2RPTFJCQ1dvVW9kVkEK3N7ojkIdpcN/ui1xw7IEzBKduk9aDKrt
|
||||
KajZLOkcaJWsYZISxP8kmN3CGOBlOx77MxC/rV1yM+/Su0S0TxIC1A==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2023-02-13T00:12:03Z"
|
||||
mac: ENC[AES256_GCM,data:FolV94dIwYSL5r1ZHTPdmqMKVTAhrnePG+5M4S1H/wBYbED3sr6oPPmmxwiwm5E4K0YR1+ou4yR/vGTV3lfRdxIGWhfAT0WW8WGTZVIlcJCEk5H7Rels6rkma12BCjZ1zOGjZZCcFTm+4NI2KNv+zTc29zry4539jkkxk+8Skog=,iv:KBxSFVaFI3S5J9xG2Lc7FINUI8TRKxPtrbP3f2wXkHo=,tag:TWAtix03ZnB71+O7cF8b4A==,type:str]
|
||||
pgp:
|
||||
- created_at: "2025-12-01T10:58:23Z"
|
||||
enc: |-
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
hQIMA0av/duuklWYAQ//R733yCFFSYFZX2bORvyI/xgHjzxNxWPkVZagrWDvjthK
|
||||
zJH6EiHZrivSRx6cXQIQ4SoR0LWHNidmIj188l8oB/Dh7jj42zd93+U99EeUhVNs
|
||||
qPN9C88/e/tEWs05HTSm4oUQpoSeDVBeZEd+du+eP+DJWypSi63fh5sqjPrPHXdq
|
||||
apayt9XGSGBIhWsACb9d56VqCb1eNF/SOcOTLPHWvA074TxmvcbWH5CfiqQLcYGd
|
||||
r600nWol5qhmCqgiLFueUiYDikKVHi+MitatCM15yrnMi0ZLp3B32n3zPjbTUpAh
|
||||
0NHtXHhH4ihBqWxnVSTqAqWiqM+oMORhzVatq0PjUq20XayELsY8yn7YvtJMZLjD
|
||||
CstNQc6NqYxwjLpsuqZQHse5MnAgXapp5ogKLpjxRX9ZKWo5QD1VDB4wELG16sdv
|
||||
h/ZvS7nh0mMWRRyXAe5OL8vTJIeiQBday5aVgqk58OrdhzVtqp3isIKRb5W92W4z
|
||||
53Cw23prLhZnVssMLQiKUVFTIu2f1d907Kj+sH5AUybkbt93T7m/NCaEpDyxPPur
|
||||
QDOT1KFFVTQIBHLyqg8pASJyJMiuSuQ3cbFkTDWrOWpKEDfpxo9Vy64dEKNCeWMb
|
||||
XhVHWMIJXmLXalPePDaCEYCkR8usWZpQsRei2DHaRbXt1dcOjWuLOZeHNizy7CbS
|
||||
XAGkGgNySuI5IFbVBfKG0OaYXu6PM4Kbh8XBnxxREaSH+EiEe11ig6CImV2pbcbU
|
||||
pfHSdTioB03UnQvgVSP2M2DgMr3dkJnqXKrzRO80kVBd9uwR4I/1TUzsk0K+
|
||||
=4Nje
|
||||
-----END PGP MESSAGE-----
|
||||
fp: F7D37890228A907440E1FD4846B9228E814A2AAC
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.7.3
|
||||
@@ -3,72 +3,81 @@ dibbler:
|
||||
password: ENC[AES256_GCM,data:2n85TO709GJc7/qoYp2RXO8Ttfo=,iv:5ZCZPEQQXPGYfDd1qPhDwDfm1Gds1M8PEX9IiCsHcrw=,tag:PAseyFBAe56pLj5Uv8Jd7A==,type:str]
|
||||
sops:
|
||||
age:
|
||||
- recipient: age1hlvwswsljxsvrtp4leuw8a8rf8l2q6y06xvxtafvzpq54xm9aegs0kqw2e
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4WllOQ1dRSUJ6a1pvNFg2
|
||||
N0YrQVBtMFZKRml0dG5PUGVhcU9VUXVHc25nClNFSXowUVRRVVhNeHUrTVVZRGRC
|
||||
YkpVYlcrZm1NTE1IT1pSTDdOZGNHYlEKLS0tIHlJbkNBb3o0TlJlbEtsQ2ZsYlJn
|
||||
Wis3T2V5QVYvQi9laUdoaE1DbUZZZE0K/liRzp6TJeufyTzemv+zBTOwzkeJRID4
|
||||
ZviYwwODWopB9/rCd8sIQaNXvEtvuXNWwcV1/p8DsJ9NHwqtdYHpmw==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1ug30gg4y7ftuya0wdv7q0vh4egn00wlv2th7mt7cgc2ze46wmvyq9lq6ge
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0aGQwRlJxN2w0Kzh6OFhC
|
||||
RXFFN1g2RXlmbVpCYTF1Ulg3bHlkSmlZTERBCndWbmNibUZUSjh5MkdwNGQyeDdz
|
||||
dDRVZTliQy80aGxUYWFaQnFqMEEzbkkKLS0tIGVURnFUd0dtVlMvN1lDVUIvaGJy
|
||||
QmZDdk9JOTdDeXg1NUJIcllIdXk5ZHMKFROfzKzo9y1e6siuWsU5q4WiIUhkQTDi
|
||||
05fhUbrS8/OZQfG+KncuF1n3bWQis/USqwW1vEsTDkn6RlU9nGP9hQ==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSByY0dTMWc2VEVRdTJyOXo4
|
||||
R3BYb1VETHI2RktGVnVJUzg4WUsxbTNsK2tVCjVqVml3d29lK21wUXFnRm5GNHdX
|
||||
blV4NEFZU01ZS3Qwc2FSMlVDRlU0SEEKLS0tIExwWXFJZGRTaTBSbjZtdTBXSXNJ
|
||||
TUhJWkIrdGg5UDdDQkdnQk50YTQ0M0UKqoMwtPlOSIqMcLvII/EVuZGrNDeULJHK
|
||||
l7xCzQM0n72E/zxPuO7koVXVcUNwn4kNQCRLOHLcuqx2ZRD8Oc+zNA==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1mrnldl334l2nszuta6ywvewng0fswv2dz9l5g4qcwe3nj4yxf92qjskdx6
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA3QmVRSVMwdkQzT2dJTUlu
|
||||
NDIvUHJvaWNwKzBZaE0wVEVnQml5NHU1Y0Z3CkdhbVpFSG1Oc3lERlVpMDArRnhP
|
||||
SFp0dGtSbVBUcnZpQkd5cGVUWXhXQlEKLS0tIDVBckwvUGtBVGc5RVJjN1F4cDJ2
|
||||
a1NiREtXMG9kcXFMeFNnMk0rQ2c5Z2MKKWK3+P9QshvgP2TCa2H5SFE+ZesaUZ9M
|
||||
qBhPT6t44/dr7foowgVGyEVvnuaUu4GHnSKyYiwZ+bjp6E3Wm2fMRA==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxNy8rcHpJclk1b0h2T0dw
|
||||
U0pBYlJvQXlZTG1PeTRCV2hONEJlUWFqdUIwClJ4QnQyOGt4d1NEcVZYek9JUC9X
|
||||
UW0wNjArK2YvZDRMMGpRU1N1dk9jSDQKLS0tIGJMbkZxLzZBVm4wNXVTNFpoRDNo
|
||||
a3dwemI2Wlh2RE8zN0xsbmY5YnJUeTAKhkSpB4RgrfbDpK7IwLs1KGXCj8v0Rze3
|
||||
YZh3BHW2WZLS7uQcIe/tnpIHwPrQnadKeYIw7xBmXu9dWyim9/5RyQ==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1hmpdk4h69wxpwqk9tkud39f66hprhehxtzhgw97r6dvr7v0mx5jscsuhkn
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBRTkdCQ1dtQWJtWEJsU2ZU
|
||||
bzdpTzZnUUlrbmU3eDNvRlJ4bEk3RmF4cTJRCkNZTEdTWHVHUUU3eEpJNEJFRXM1
|
||||
Si9RZjNVQUpNaVU1Y1owTU1zakpvRzQKLS0tIENSUTFDNktpeWR3VCtpY1pFdXQy
|
||||
aWE0UkRBL29wMTh0RGZUUjdNdDloQlUK9+3fPifkgB3jsqaZrWvp5GoogwOiGuMQ
|
||||
VA8JNJ9Nlph7pom0oxu6wc50WLbUdyOerz37TowXwys9+Lu/XJVGRw==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxUnA5SXNucGN4bi9zeGlU
|
||||
TzJPUGk5SWVONFVVYnNnejJBdFJmL3d1S0Y0Ci9SOVZmVUMzRWNicGN2dE5aRy80
|
||||
MFh3MUNTSE5EWEhQcUFsUENDdWlWYkkKLS0tIDYrb2RzVm9OTHlzKzBCdEtPYnF3
|
||||
L2VmNm5ITEUwUVJ3WXRmVGZnY0RSNE0KraXjJSZ9HKV8SO93khWVjBJcEYQLI0Rm
|
||||
lQuagfkZ5oaedsPGNqaXWo/cd3g2SZOfhmmRxY9R9gxmnjpP4L6gGg==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1wrssr4z4g6vl3fd3qme5cewchmmhm0j2xe6wf2meu4r6ycn37anse98mfs
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBTb2xWOWY4V3Mxd1Z5bklT
|
||||
RXI1bjNtZ3hORkpOOUpFSXUrQ0lpODhsWHlFCmhteWJWam5mU2Nhc2tlTURRbC9i
|
||||
OE1SUE5iczkvdWRTdDRKd2NVNGhHS1kKLS0tIFZWYXA4TnF0dHc4K1FlYW9Cemta
|
||||
a0lzbUNKMzVrcmgwQWIyUWo2VExMYWcKAOwJ8tA9L/jQ1lCPaUMNNJaYz14tLbMH
|
||||
4c+lYZJX3PKjfkc5UnteWNsaXTF/vXoALDnaPBRwBFWFfCVsX5XYnQ==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKTlgxOGJwbDYrbXNDWmNY
|
||||
YzZGTTdlQXBFRUEySW1Rd0Z4bi90akZIOGpBCjdseUJIeGlJZVB1WDNFeU5LZDE0
|
||||
cExQSFBPTWlUbVRjREdJaXROTjRwWTgKLS0tIENPM2VnZGtyaUowZmx5ZVdZVjRz
|
||||
SW9kSTVBbDJUWHBzV0xBYTlReGloSkEKq6Q3HVKRnw2B0CUvgXlUkQUBgmCNLP80
|
||||
fY5/ePAWZKt4P6TxzPNFH3aANWcnVC2/QxF2RgYfDXKKp1AVlAIlTA==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1zhxul786an743u0fascv4wtc5xduu7qfy803lfs539yzhgmlq5ds2lznt5
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKZGpMbC9yVTdObFEyZ1pH
|
||||
a0ZOMXhDVGdFNUNOMmJldjZKTElzdHI2bmljCnJtcEUyY1hDUnczZkFSNGErbEtE
|
||||
Y1lyZnFOVTVIL1FKczJ4dUIwdjg2T0kKLS0tIEpSZmN3YUJDUjB1ZnNtT2hCb3c2
|
||||
ZE5tMXJOYlFMOVNJU3FEZFB4TlZ1U00KHnunzKMy91oc92ptcaKCE1sfkhFGvf0S
|
||||
vRX/nyQnBGqD3X3yfvkt+aQnoLxcjoanpJVM9VeigyPu1mRg0OOxXg==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvS2gzN0ZyakcyVjlYRUZU
|
||||
OFNmUHhsTysxV0JIV1JlM3hLNW9KRm9oY0gwCkh3SWxUV3ZqRXluVVRyRC9OQzVa
|
||||
ODE0NnE2ZHdZc1Qrdkp0YWZFZ0xnMWMKLS0tIFFsNElqVlZ3Sm56b2ZNcEpQMXo4
|
||||
RGJCWmpyd1g1NC9Ud3I3TWRBZ2llblEKVrHE0kPVjapor98D4Z1gCtQsuWS/iAuE
|
||||
5cje1AZdpYVdHoRtzRxKwPekfm9xa/knzFckjjO0JizTQWTPYg0gsQ==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2026-01-25T14:03:57Z"
|
||||
mac: ENC[AES256_GCM,data:RBf3LjVNSclsPN7I4QPaDUjWbKlaccjk3rzsRNdRe3+OvJSd7MsS9RfpUFCqUtO7ZkkocXHmkHA8z8LNxs6vejT9czMsLLQD14qHZS6fFdTnToOx3Kt5UuviPO/2UryVI+6HWORkH1aqFJhzkSMop2TO5mzuOTfbCEBLYUUuS6s=,iv:NQs8O1hIbjzGBTZo+gCuisj3edraFGk/Y146HmfPmQY=,tag:4g9IXw2UFC5V9EIHuWJqdA==,type:str]
|
||||
pgp:
|
||||
- created_at: "2026-01-11T17:12:49Z"
|
||||
- created_at: "2026-01-26T04:52:39Z"
|
||||
enc: |-
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
hQIMA0av/duuklWYAQ/9EOJGjNnLgEPo+/pP/4TVt8ECLRRbxsjwpnxuRf2QcmtF
|
||||
p+ZnX+X5mBVdriuTUTFyUvPXBPwG2byrc7w/+zZBvYGWdSZgi+ACBRiAzvXMUYUq
|
||||
ZCY6z4v4dkvbbVW2QE1JmzfZFVC4Vdwup6q+OXtXvQe6n2/GgIHRfyMnG3dynldt
|
||||
1cmEY8ujuZzv+St5tInaGod5pZ4i2/RDvQSk7JHtb9LqsyyIKdxYa1Sc8U7WN9qx
|
||||
Ucwo56HZ9tlAvA4nEqYIaZFGM4XDXO3BV6ltsa57dMXJSzYjG8qYB7Z4CCTmn6HL
|
||||
h7A4NK8yj7El5q9EScbSzJQ8LNMYAPhLMhvOGYio/k2Jnn3woioozCdUEvg4aoAT
|
||||
Y+UVyl/O5MrM6ZcgWVQ7gbhYvAHSyiyr5hlEfzjtxwiETkIXFPiWtOpyq1GIYa7w
|
||||
k93OvrFbbTevzY2ea4gQh4pmzGDfXEqtBm9DjQwUmiTM877bR/sY4b0HV/CA3Txh
|
||||
Xz22dLp8pfvAtBtHuEARJeQ8DeFslICuZZSiDscNe63dqxg9tWmwFqWecOGb5DXG
|
||||
xEbLTyO0YBESsk3jt7JCtx8Dfnb9fVOqCiQN2Ywd1TkSMnM1H627MpaZJNKEXQPT
|
||||
+gWa7QqthW84Vc42wuAYmLAw+1Ob/BgPojogV8XUIr2johzp1tY2jdsDJko84PPS
|
||||
XgEprHVVj49JHRR5ixjJwoO4WbYsN4Tqej7I2Ns00tCzHAKPFQvFlHNLt1CrM88X
|
||||
0HRLTEn7z1F5r54inNP0DIvDJlTSqJdJDA5k0HChQA7by2le+ERpvI4CmTkNyvk=
|
||||
=c+Rd
|
||||
hQIMA0av/duuklWYARAAtSg5bRhk7DN14CpdTtG9XPwQfZAP2EvCpFqXcU1LnIqi
|
||||
odRqr1vzFlgXH/A/36C/c/JN7M0673PWivUidiMU38/WExgzxPTe/mpwoTHqRRgG
|
||||
aSP5or2UjhwbN7M844JGbTMNAIUh9bVG2/Qm6cLFhv2HalAVhhnWsbIdJIjUmpjU
|
||||
cMjCfxO36uTVp1SajeJKd9x9n+AbWY84SzN/7HYrFcJQomOyb6FcioIwHcIe2YdN
|
||||
GEdNkA13+hTNBR2ZYW3wrPxr39qK4R3mEJambwZLhQfRwUaqIB6PqvXICdqeLbRc
|
||||
2OfzR5oN5HE3Z7QGwDDM8x8diegLYUyTyY3yhJ8PcCs44mXL2XN6XGefgNWuxxDd
|
||||
o8189NRNXD2xloiIcbBJQ6Mpix+qlEI4VRnaxiGI3huv/vpKqSxBZFCu4x4kxGwj
|
||||
OuaX3cPsvjzj0WEFsAvmrUB/Qdabfhhdm1TgY1PqoXfCudyLuDYqRg8sjIIUjmtA
|
||||
/EyXTO6Ah+vc/NP3mLcHeFAh91Lzvxvm6jEmpN7/jg9zbIzs0jNeVchFYxxVZuRn
|
||||
J6ySrkQ5x4FC1DdJlxv36uOLdbsosgia8q3WHOfbt/Lyp/n1RuQX2Kjysi/C79ap
|
||||
xYaozqRmuJIy4Ph4PbhA737PFS4GEyKsHfvskWeGvpGiu/XHP+R+AfE45Mac1O/S
|
||||
XgEgpNsTDb4GS70fjYBjaSyLcgCeAhqt4Mm4O3UTrYWLfziVLMI7vl9zTznGmY9n
|
||||
fS70cnezoSWVj9Nfz+EmmsRWwAYRebzqLWaAtPmrrS5IbWZkLgpay7ga1y9cACo=
|
||||
=0Z+d
|
||||
-----END PGP MESSAGE-----
|
||||
fp: F7D37890228A907440E1FD4846B9228E814A2AAC
|
||||
unencrypted_suffix: _unencrypted
|
||||
|
||||
@@ -1,4 +1,4 @@
|
||||
{ pkgs, ... }:
|
||||
{ ... }:
|
||||
{
|
||||
users.users.adriangl = {
|
||||
isNormalUser = true;
|
||||
@@ -9,14 +9,6 @@
|
||||
"nix-builder-users"
|
||||
];
|
||||
|
||||
packages = with pkgs; [
|
||||
neovim
|
||||
htop
|
||||
ripgrep
|
||||
vim
|
||||
foot.terminfo
|
||||
];
|
||||
|
||||
openssh.authorizedKeys.keys = [
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFa5y7KyLn2tjxed1czMbyM5scnEpo9v/GfnhL/28ckM legolas"
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICf7SlyHR6KgP7+IeFr/Iuiu2lL5vaSlzqPonaO8XU0J gunalx@aragon"
|
||||
|
||||
@@ -1,18 +1,14 @@
|
||||
{ pkgs, ... }:
|
||||
{ config, pkgs, ... }:
|
||||
{
|
||||
users.users.albertba = {
|
||||
isNormalUser = true;
|
||||
extraGroups = [ "wheel" "drift" "nix-builder-users" ];
|
||||
|
||||
packages = with pkgs; [
|
||||
htop
|
||||
neovim
|
||||
ripgrep
|
||||
fd
|
||||
tmux
|
||||
];
|
||||
|
||||
shell = pkgs.zsh;
|
||||
shell = if config.programs.zsh.enable then pkgs.zsh else pkgs.bash;
|
||||
|
||||
openssh.authorizedKeys.keys = [
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICheSCAxsYc/6g8hq2lXXHoUWPjWvntzzTA7OhG8waMN albert@Arch"
|
||||
@@ -20,4 +16,3 @@
|
||||
};
|
||||
|
||||
}
|
||||
|
||||
|
||||
@@ -1,13 +1,12 @@
|
||||
{pkgs, ...}:
|
||||
{ config, pkgs, ... }:
|
||||
|
||||
{
|
||||
users.users.alfhj = {
|
||||
isNormalUser = true;
|
||||
extraGroups = [ "wheel" ];
|
||||
shell = pkgs.zsh;
|
||||
shell = if config.programs.zsh.enable then pkgs.zsh else pkgs.bash;
|
||||
openssh.authorizedKeys.keys = [
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMCAYE0U3sFizm/NSbKCs0jEhZ1mpAWPcijFevejiFL1 alfhj"
|
||||
];
|
||||
};
|
||||
}
|
||||
|
||||
|
||||
@@ -1,10 +1,10 @@
|
||||
{pkgs, ...}:
|
||||
{ config, pkgs, ... }:
|
||||
|
||||
{
|
||||
users.users.amalieem = {
|
||||
isNormalUser = true;
|
||||
extraGroups = [ "wheel" ];
|
||||
shell = pkgs.zsh;
|
||||
shell = if config.programs.zsh.enable then pkgs.zsh else pkgs.bash;
|
||||
openssh.authorizedKeys.keys = [
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPsMtFIj4Dem/onwMoWYbosOcU4y7A5nTjVwqWaU33E1 amalieem@matey-aug22"
|
||||
];
|
||||
|
||||
@@ -1,10 +1,10 @@
|
||||
{pkgs, ...}:
|
||||
{ config, pkgs, ... }:
|
||||
|
||||
{
|
||||
users.users.danio = {
|
||||
isNormalUser = true;
|
||||
extraGroups = [ "drift" "nix-builder-users" "wheel" ];
|
||||
shell = pkgs.zsh;
|
||||
shell = if config.programs.zsh.enable then pkgs.zsh else pkgs.bash;
|
||||
|
||||
openssh.authorizedKeys.keys = [
|
||||
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCp8iMOx3eTiG5AmDh2KjKcigf7xdRKn9M7iZQ4RqP0np0UN2NUbu+VAMJmkWFyi3JpxmLuhszU0F1xY+3qM3ARduy1cs89B/bBE85xlOeYhcYVmpcgPR5xduS+TuHTBzFAgp+IU7/lgxdjcJ3PH4K0ruGRcX1xrytmk/vdY8IeSk3GVWDRrRbH6brO4cCCFjX0zJ7G6hBQueTPQoOy3jrUvgpRkzZY4ZCuljXtxbuX5X/2qWAkp8ca0iTQ5FzNA5JUyj+DWeEzjIEz6GrckOdV2LjWpT9+CtOqoPZOUudE1J9mJk4snNlMQjE06It7Kr50bpwoPqnxjo7ZjlHFLezl"
|
||||
|
||||
@@ -1,4 +1,4 @@
|
||||
{lib, ...}:
|
||||
{ lib, ... }:
|
||||
with lib;
|
||||
let
|
||||
# get all files in folder
|
||||
|
||||
@@ -1,4 +1,4 @@
|
||||
{ pkgs, lib, config, ... }:
|
||||
{ config, pkgs, lib, ... }:
|
||||
{
|
||||
users.users.felixalb = {
|
||||
isNormalUser = true;
|
||||
@@ -7,7 +7,7 @@
|
||||
] ++ lib.optionals ( config.users.groups ? "libvirtd" ) [
|
||||
"libvirtd"
|
||||
];
|
||||
shell = pkgs.zsh;
|
||||
shell = if config.programs.zsh.enable then pkgs.zsh else pkgs.bash;
|
||||
openssh.authorizedKeys.keys = [
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBTXSL0w7OUcz1LzEt1T3I3K5RgyNV+MYz0x/1RbpDHQ felixalb@worf"
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDKzPICGew7uN0cmvRmbwkwTCodTBUgEhkoftQnZuO4Q felixalb@pvv.ntnu.no"
|
||||
|
||||
@@ -1,9 +1,9 @@
|
||||
{ pkgs, ... }:
|
||||
{ config, pkgs, ... }:
|
||||
{
|
||||
users.users.frero = {
|
||||
isNormalUser = true;
|
||||
extraGroups = [ "wheel" "drift" "nix-builder-users" ];
|
||||
shell = pkgs.zsh;
|
||||
shell = if config.programs.zsh.enable then pkgs.zsh else pkgs.bash;
|
||||
openssh.authorizedKeys.keys = [
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAII09JbtSUMurvmHpJ7TmUQctXpNVhjFYhoJ3+1ZITmMx"
|
||||
];
|
||||
|
||||
@@ -1,10 +1,10 @@
|
||||
{pkgs, ...}:
|
||||
{ config, pkgs, ... }:
|
||||
|
||||
{
|
||||
users.users.jonmro = {
|
||||
isNormalUser = true;
|
||||
extraGroups = [ "wheel" "drift" "nix-builder-users" ];
|
||||
shell = pkgs.zsh;
|
||||
shell = if config.programs.zsh.enable then pkgs.zsh else pkgs.bash;
|
||||
openssh.authorizedKeys.keys = [
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEm5PfYmfl/0fnAP/3coVlvTw3/TYNLT6r/NwJHZbLAK jonrodtang@gmail.com"
|
||||
];
|
||||
|
||||
@@ -12,9 +12,6 @@
|
||||
packages = with pkgs; [
|
||||
bottom
|
||||
eza
|
||||
neovim
|
||||
ripgrep
|
||||
tmux
|
||||
];
|
||||
|
||||
openssh.authorizedKeys.keys = [
|
||||
|
||||
@@ -14,14 +14,9 @@
|
||||
bat
|
||||
edir
|
||||
fd
|
||||
htop
|
||||
jq
|
||||
micro
|
||||
ncdu
|
||||
ripgrep
|
||||
sd
|
||||
tmux
|
||||
wget
|
||||
xe
|
||||
yq
|
||||
];
|
||||
|
||||
@@ -11,9 +11,6 @@
|
||||
packages = with pkgs; [
|
||||
btop
|
||||
eza
|
||||
neovim
|
||||
ripgrep
|
||||
tmux
|
||||
];
|
||||
openssh.authorizedKeys.keys = [
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDVA3HqEx3je6L1AC+bP8sTxu3ZTKvTCR0npCyOVAYK5 vbm@arch-xeon"
|
||||
|
||||
Reference in New Issue
Block a user