Compare commits
3 Commits
master
...
nixos-23.1
Author | SHA1 | Date |
---|---|---|
Astro | 287989d19c | |
Astro | 4694ce0d08 | |
Astro | 039b56b833 |
|
@ -1,2 +1 @@
|
|||
# see https://github.com/getsops/sops/blob/main/README.rst#47showing-diffs-in-cleartext-in-git how to use this
|
||||
*.yaml diff=sops
|
||||
*/**.yaml diff=sops
|
||||
|
|
|
@ -2,4 +2,3 @@
|
|||
*.retry
|
||||
result
|
||||
result-*
|
||||
/hosts/mediawiki/MediaWikiExtensionsComposer/
|
||||
|
|
102
.sops.yaml
102
.sops.yaml
|
@ -3,7 +3,6 @@ keys:
|
|||
- &admins
|
||||
- DD0998E6CDF294537FC604F991FA5E5BF9AA901C # 0xA
|
||||
- A5EE826D645DBE35F9B0993358512AE87A69900F # astro
|
||||
- 8F79E6CD6434700615867480D11A514F5095BFA8 # dennis
|
||||
- 4F9F44A64CC2E438979329E1F122F05437696FCE # poelzi
|
||||
- 91EBE87016391323642A6803B966009D57E69CC6 # revol-xut
|
||||
- 53B26AEDC08246715E15504B236B6291555E8401 # sandro
|
||||
|
@ -12,24 +11,27 @@ keys:
|
|||
|
||||
- &users
|
||||
- A5EE826D645DBE35F9B0993358512AE87A69900F # astro
|
||||
- 8F79E6CD6434700615867480D11A514F5095BFA8 # dennis
|
||||
- 53B26AEDC08246715E15504B236B6291555E8401 # sandro
|
||||
- 9580391316684474BFBD41EC3E8C55248C19AF2A # xyrill
|
||||
|
||||
- &polygon-snowflake age12aukzah0pt2rck52hwn08kezyxueqz2f49ld7hpyuzmu847vavdqkunn5c # polygon
|
||||
|
||||
# Generate AGE keys from SSH keys with:
|
||||
# nix-shell -p ssh-to-age --run 'ssh some.serv.zentralwerk.org cat /etc/ssh/ssh_host_ed25519_key.pub | ssh-to-age'
|
||||
- &activity-relay age1a8k72egc2vg4jn445wwcr0a68y9xu5ft68s2xwehugs5sjawpv4q5nnrmy
|
||||
# nix shell nixpkgs#ssh-to-age
|
||||
# ssh-to-age < /etc/ssh/ssh_host_ed25519_key.pub
|
||||
- &auth age1y7lxpxskqclwqluft2ct2c3u8weehus6t8evwk7cdnpakxzgcquspn827x
|
||||
- &activity-relay age1a8k72egc2vg4jn445wwcr0a68y9xu5ft68s2xwehugs5sjawpv4q5nnrmy
|
||||
- &bind age1hfzpctkk5tz0ddc86ul9t0nf8c37jtngawepvgxk5rxlvv938vusx4kuc6
|
||||
- &blogs age1lccjvj9z8de4hfrdeumm9eu7awef4d9jygv3w7zdash3fhv6e53quy53wz
|
||||
- &broker age1dj0d0339f4law7qvuzcv2fs6sf8why63s3l8tja0f8vsj7wefcds9drvte
|
||||
- &buzzrelay age1j2euh5qt4a7cvx0t93uj4n9t8y8tkv9h3nefszc6g2q7t7gvngxswhrve0
|
||||
- &c3d2-web age18h6vmfduhmj28wxdgur8wugn7scm5vwvwkj5sr4f7nl0czr2zvaqscsdsv
|
||||
- &caveman age13dl5qjzddaazmquf7zfecru5tr4ld8l8xd7xpmhaqqzmchpua4usswqykd
|
||||
- &dacbert age1g2ewsxcu5uqlesaznp2qwlcz8w66pxh4qxkul8wu7x8g2hw83saqxynpyk
|
||||
- &dacbert age1hg0mmua5y82ct7l6q9gpc8w940ce5seqcjhm4dgx7tlzvflznyas7v3hf4
|
||||
- &direkthilfe age1qe8wvy8kdmfdxh505apkqnnquqgtvykd6x6qlxmzqp93cv6wjy4qlu5mpj
|
||||
- &dn42 age1726t33dl7pv3xrxxlafj2sexh7c0jm8pza84yu6l3wpz3fw5dauqxlass3
|
||||
- &drone age1w6u8zjfya63q9rjfll98eegnfdsvyaspnwn802t2mxh47gt8p30q0kn898
|
||||
- &factorio age1av4ww0zzyas0egzwkpdaj4crwz3vwnhpq0nfez2zad4me38zss7sjz5kw2
|
||||
- &freifunk age17rrjtdgzzwgjatyqqv27pftx42t8xhksls46jc3f78juzw4g04vsd7lr7e
|
||||
- &ftp age1lkr5rkf3z0976g8snmznf755gnexhjkwpzsw8xxwyesqmneawa4qgsqx77
|
||||
- &gitea age12n5k6c4rxp4mjnexw9uw83yp34sallt44kldupfmxr2xkppj8a8sdsmv8h
|
||||
|
@ -40,34 +42,35 @@ keys:
|
|||
- &home-assistant age1l2tld2cttpkj4vpuh9hm4xjwq94rmf8vukjgvdzcvwwtze6k6s6qjf0s5r
|
||||
- &hydra age1px8sjpcmnz27ayczzu883n0p5ad34vnzj6rl9y2eyye546v0m3dqfqx459
|
||||
- &jabber age1tnq862ekxepjkes6efr282uj9gtcsqru04s5k0l2enq5djxyt5as0k0c2a
|
||||
- &knot age1hfzpctkk5tz0ddc86ul9t0nf8c37jtngawepvgxk5rxlvv938vusx4kuc6
|
||||
- &mail age15t7hj27j6ccs8u7mfz8su3aa74g4dxp4crkgc3c0rs28hct7q4ssgk8zcm
|
||||
- &leon age1cm0cjk2764s4pv5g7e67as34g9xtcltex96ga87wckndw62wqqlsvkscqc
|
||||
- &leoncloud age1aw9s4kcd6ys64ddzzfya9ajzln2tv8pm9uvz6d85v0r6eq4dudqq5vts86
|
||||
- &mailtngbert age1jr5mc4ekmjf4uk2ue4xcuy0yl202phlu2t6c544qfj45ahzag56s4d0kzj
|
||||
- &mastodon age1dcpd6u4psq3hehjyjrt3s7kzmnvxd20vsc8urjcdv6anr5v7ky2sq9rhtt
|
||||
- &matemat age15vmz2evhnkn26fyt4vqvgztfrsr2s8qavd2m6zfjmkh84q2g75csnc5kr6
|
||||
- &matrix age1s2ww76ll6nclz74gny27tk42xfsepl23z2k0849a8jv8xpnmpe3shgunxr
|
||||
- &mediawiki age1xjvep7hsnfefgxvuwall8nq0486qu8yknhzwhf0cskw5xlpm8qws9txc56
|
||||
- &mobilizon age182ms3ygypflk7mtpemp4k4ks9rz4gwhvzc9jlk95u4py5q68ppxstzu2e3
|
||||
- &mucbot age1qen44cx5sx0y299zl93cz3tflx8agt8y9vtm0d4uxw42t9gyecdsw9jade
|
||||
- &mucbot age1cqeh03zq0hvz5l78r678q93ey5mlw49lqy4whvgqxgenudth7g6skee6kh
|
||||
- &nfsroot age18yxgwpakrkzq8ca2enayf79py25se3d8dsed2q523869re30jcaqx6rjln
|
||||
- &nncp age15853dr2kd6r2329tkcanwnruh6zd2xvsu5twc7gnxeyu3h7t6q5scckaq8
|
||||
- &oparl age14aq8fscrwkgmu5yv86vj7p7kmxclzs6dp7fpvdhvrnmce83ztphqc4mr9q
|
||||
- &owncast age1cp9gsuyfu52exk0hr3fvj404v5njhahakzwlugwtneyrs4vgdyaq0sg92f
|
||||
- &pretalx age1u6xeayzwfdj9l0mg3f4xvjd8e9nemz5psqavauvacjgp2nku95yqc4f29s
|
||||
- &prometheus age13xhxqulvswuckmpkmy2fgeqd5jx0ar8e2hst33leljt69r6hsvnsrdw63k
|
||||
- &public-access-proxy age1xcj6peyaf5xvj2673vl9j0z7supwtw7hzuk782zk7gt69k2ykytqe65mg5
|
||||
- &pulsebert age12hdk2stter0cjexxwx3sqn9wx3vmptkxszvx7knq9zgm9uqzjs7suvkcqu
|
||||
- &radiobert age1lga6hjmxa95fmtdn3frlmy64ej3hyswxrcuz25qvw0kfsxkqeugs8gjw8q
|
||||
- &riscbert age148d87gqw59lmst5jv3vynhsu3tv4t4sj49s4lktvnplfcrjq2y5sjcwsu8
|
||||
- &scrape age1p60rg45qrzpv2hcfzxl8d8k9afkk7dtrhr98cngeyuhlega83ynssmtx5k
|
||||
- &sdrweb age1makkpv2t74lxmw0nk6m89nespva7j700pmt83pl5a4ldtj2k8fzqakw8h7
|
||||
- &server10 age15qj8latetnrmgzd7krq02y65kn7lhq2pcwv8cvzej2783u5a9scqs79nmf
|
||||
- &server6 age15tyk8zlm2v3fkv9gsdm9g75eeef23358wrddeg3slpu2vjncj96q8lu6x5
|
||||
- &server7 age1xd8x0m27zhvvsm7rq2amtu3a4nvpfnlcdgp9tqt3g47hfzchsa9svgmemz
|
||||
- &server8 age12jcu0jtw7m96evxnd0vu6lvsm8uswslrdhxd2u655vjrwhljmqdsptry37
|
||||
- &server9 age15vrlmtckjf4j242juw7l5e0s6eunn67ejr9acaztnl3tmvwpufrsevntva
|
||||
- &server10 age15qj8latetnrmgzd7krq02y65kn7lhq2pcwv8cvzej2783u5a9scqs79nmf
|
||||
- &spaceapi age125k9uyqw5ae5jqkfsak4d6c6rcx9q63ywuusk62pmxdnhwzqxgqq2jsau7
|
||||
- &storage-ng age1qjvds58pedjdk9rj0yqfvad4xhpteapr9chvfucwcgwrsr8n7axqyhg2vu
|
||||
- &stream age14h2npkt6m40ewkkaee7zx49redew5rjsjpm70qhka8cwkekmspqqpspy4g
|
||||
- &storage-ng age1qjvds58pedjdk9rj0yqfvad4xhpteapr9chvfucwcgwrsr8n7axqyhg2vu
|
||||
- &ticker age1kdrpaqsy7gdnf80fpq6qrrc98nqjuzzlqx955uk2pkky3xcxky8sw9cdjl
|
||||
- &vaultwarden age1xs22728ltpl3yh8hzvwt4g3gk8uc32lg8cqh86fp5d8c2jlvp3gshmejun
|
||||
- &prometheus age13xhxqulvswuckmpkmy2fgeqd5jx0ar8e2hst33leljt69r6hsvnsrdw63k
|
||||
|
||||
creation_rules:
|
||||
- path_regex: modules/backup\.yaml$
|
||||
|
@ -86,17 +89,14 @@ creation_rules:
|
|||
- *home-assistant
|
||||
- *hydra
|
||||
- *jabber
|
||||
- *mail
|
||||
- *mailtngbert
|
||||
- *mastodon
|
||||
- *matemat
|
||||
- *matrix
|
||||
- *mediawiki
|
||||
- *mobilizon
|
||||
- *owncast
|
||||
- *pretalx
|
||||
- *sdrweb
|
||||
- *ticker
|
||||
- *vaultwarden
|
||||
- *polygon-snowflake
|
||||
|
||||
- path_regex: modules/cluster/[^/]+\.yaml$
|
||||
|
@ -104,6 +104,8 @@ creation_rules:
|
|||
- pgp: *admins
|
||||
age:
|
||||
- *hydra
|
||||
- *server6
|
||||
- *server7
|
||||
- *server8
|
||||
- *server9
|
||||
- *server10
|
||||
|
@ -115,12 +117,15 @@ creation_rules:
|
|||
age:
|
||||
- *polygon-snowflake
|
||||
- *auth
|
||||
- *bind
|
||||
- *blogs
|
||||
- *broker
|
||||
- *buzzrelay
|
||||
- *c3d2-web
|
||||
- *dacbert
|
||||
- *direkthilfe
|
||||
- *dn42
|
||||
- *factorio
|
||||
- *freifunk
|
||||
- *ftp
|
||||
- *gitea
|
||||
|
@ -130,8 +135,9 @@ creation_rules:
|
|||
- *hedgedoc
|
||||
- *hydra
|
||||
- *jabber
|
||||
- *knot
|
||||
- *mail
|
||||
- *leon
|
||||
- *leoncloud
|
||||
- *mailtngbert
|
||||
- *mastodon
|
||||
- *matemat
|
||||
- *matrix
|
||||
|
@ -139,7 +145,6 @@ creation_rules:
|
|||
- *mucbot
|
||||
- *nfsroot
|
||||
- *oparl
|
||||
- *pretalx
|
||||
- *prometheus
|
||||
- *public-access-proxy
|
||||
- *pulsebert
|
||||
|
@ -147,14 +152,15 @@ creation_rules:
|
|||
- *riscbert
|
||||
- *scrape
|
||||
- *sdrweb
|
||||
- *server6
|
||||
- *server7
|
||||
- *server8
|
||||
- *server9
|
||||
- *server10
|
||||
- *spaceapi
|
||||
- *storage-ng
|
||||
- *stream
|
||||
- *storage-ng
|
||||
- *ticker
|
||||
- *vaultwarden
|
||||
|
||||
- path_regex: hosts/activity-relay/secrets\.yaml$
|
||||
key_groups:
|
||||
|
@ -170,11 +176,11 @@ creation_rules:
|
|||
- *auth
|
||||
- *polygon-snowflake
|
||||
|
||||
- path_regex: hosts/knot/secrets\.yaml$
|
||||
- path_regex: hosts/bind/secrets\.yaml$
|
||||
key_groups:
|
||||
- pgp: *admins
|
||||
age:
|
||||
- *knot
|
||||
- *bind
|
||||
- *polygon-snowflake
|
||||
|
||||
- path_regex: hosts/blogs/secrets\.yaml$
|
||||
|
@ -288,13 +294,17 @@ creation_rules:
|
|||
- *jabber
|
||||
- *polygon-snowflake
|
||||
|
||||
- path_regex: hosts/mail/secrets\.yaml$
|
||||
- path_regex: hosts/mailtngbert/secrets\.yaml$
|
||||
key_groups:
|
||||
- pgp: *admins
|
||||
age:
|
||||
- *mail
|
||||
- *mailtngbert
|
||||
- *polygon-snowflake
|
||||
|
||||
- path_regex: hosts/mastodon/accounts\.yaml$
|
||||
key_groups:
|
||||
- pgp: *users
|
||||
|
||||
- path_regex: hosts/mastodon/secrets\.yaml$
|
||||
key_groups:
|
||||
- pgp: *admins
|
||||
|
@ -329,14 +339,6 @@ creation_rules:
|
|||
age:
|
||||
- *mobilizon
|
||||
- *polygon-snowflake
|
||||
|
||||
- path_regex: hosts/mucbot/secrets\.yaml$
|
||||
key_groups:
|
||||
- pgp: *admins
|
||||
age:
|
||||
- *mucbot
|
||||
- *polygon-snowflake
|
||||
|
||||
- path_regex: hosts/oparl/secrets\.yaml$
|
||||
key_groups:
|
||||
- pgp: *admins
|
||||
|
@ -351,20 +353,6 @@ creation_rules:
|
|||
- *owncast
|
||||
- *polygon-snowflake
|
||||
|
||||
- path_regex: hosts/pretalx/secrets\.yaml$
|
||||
key_groups:
|
||||
- pgp: *admins
|
||||
age:
|
||||
- *pretalx
|
||||
- *polygon-snowflake
|
||||
|
||||
- path_regex: hosts/sdrweb/secrets\.yaml$
|
||||
key_groups:
|
||||
- pgp: *admins
|
||||
age:
|
||||
- *sdrweb
|
||||
- *polygon-snowflake
|
||||
|
||||
- path_regex: hosts/radiobert/secrets\.yaml$
|
||||
key_groups:
|
||||
- pgp: *admins
|
||||
|
@ -372,11 +360,18 @@ creation_rules:
|
|||
- *radiobert
|
||||
- *polygon-snowflake
|
||||
|
||||
- path_regex: hosts/scrape/secrets\.yaml$
|
||||
- path_regex: hosts/server6/secrets\.yaml$
|
||||
key_groups:
|
||||
- pgp: *admins
|
||||
age:
|
||||
- *scrape
|
||||
- *server6
|
||||
- *polygon-snowflake
|
||||
|
||||
- path_regex: hosts/server7/secrets\.yaml$
|
||||
key_groups:
|
||||
- pgp: *admins
|
||||
age:
|
||||
- *server7
|
||||
- *polygon-snowflake
|
||||
|
||||
- path_regex: hosts/server8/secrets\.yaml$
|
||||
|
@ -427,10 +422,3 @@ creation_rules:
|
|||
age:
|
||||
- *stream
|
||||
- *polygon-snowflake
|
||||
|
||||
- path_regex: hosts/vaultwarden/secrets\.yaml$
|
||||
key_groups:
|
||||
- pgp: *admins
|
||||
age:
|
||||
- *vaultwarden
|
||||
- *polygon-snowflake
|
||||
|
|
|
@ -34,7 +34,6 @@ If you want to have an additional backport, cherry-pick or other change, please
|
|||
### nixos-modules repo
|
||||
|
||||
The nixos-modules repo lives at <https://github.com/supersandro2000/nixos-modules> and is mirrored to <https://gitea.c3d2.de/c3d2/nixos-modules>.
|
||||
Auto generated documentation about all options is available at <https://supersandro2000.github.io/nixos-modules/>.
|
||||
It contains options sandro shares between his private nixos configs and the C3D2 one.
|
||||
It sets many options by default and when searching for a particular setting you should always grep this repo, too.
|
||||
In question ask sandro and consider improving the documentation about this with comments and readme explanations.
|
||||
|
@ -267,7 +266,7 @@ For the deployment options take a look at [deployment](https://gitea.c3d2.de/c3d
|
|||
Set the `disko` options for the machine and run:
|
||||
|
||||
```shell
|
||||
$(nix build --print-out-paths --no-link -L '.#nixosConfigurations.HOSTNAME.config.system.build.disko')
|
||||
$(nix build --print-out-paths --no-link -L '.#nixosConfigurations.HOSTNAME.config.system.build.diskoNoDeps')
|
||||
```
|
||||
|
||||
When adding new disks the paths under ``/dev/disk/by-id/`` should be used, so that the script is idempotent across device restarts.
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
{ config, hostRegistry, lib, nixos, pkgs, ssh-public-keys, zentralwerk, ... }:
|
||||
{ config, lib, nixos, pkgs, ssh-public-keys, zentralwerk, ... }:
|
||||
|
||||
# this file contains default configuration that may be turned on depending on other config settings.
|
||||
# options should go to modules.
|
||||
|
@ -16,17 +16,13 @@
|
|||
];
|
||||
|
||||
boot = {
|
||||
enableContainers = false; # should be enabled explicitly
|
||||
loader.systemd-boot = {
|
||||
configurationLimit = lib.mkDefault 10;
|
||||
editor = false;
|
||||
graceful = true;
|
||||
};
|
||||
tmp.cleanOnBoot = true;
|
||||
kernel.sysctl = {
|
||||
"kernel.panic" = 60; # reset 60 seconds after a kernel panic
|
||||
"net.ipv4.tcp_congestion_control" = "bbr";
|
||||
};
|
||||
tmp.cleanOnBoot = true;
|
||||
# recommend to turn off, only on by default for backwards compatibility
|
||||
zfs.forceImportRoot = false;
|
||||
};
|
||||
|
||||
c3d2 = {
|
||||
|
@ -39,12 +35,6 @@
|
|||
documentation.enable = false;
|
||||
|
||||
environment = {
|
||||
etc."resolv.conf" = lib.mkIf (!config.services.resolved.enable) {
|
||||
text = lib.concatMapStrings (ns: ''
|
||||
nameserver ${ns}
|
||||
'') config.networking.nameservers;
|
||||
};
|
||||
|
||||
gnome.excludePackages = with pkgs; with gnome; [
|
||||
baobab
|
||||
cheese
|
||||
|
@ -61,14 +51,11 @@
|
|||
totem
|
||||
yelp # less webkitgtk's
|
||||
];
|
||||
|
||||
interactiveShellInit = /* sh */ ''
|
||||
# raise some awareness torwards failed services
|
||||
systemctl --no-pager --failed || true
|
||||
'';
|
||||
|
||||
noXlibs = !config.services.xserver.enable;
|
||||
|
||||
systemPackages = with pkgs; [
|
||||
bmon
|
||||
curl
|
||||
|
@ -78,24 +65,10 @@
|
|||
git
|
||||
htop
|
||||
iotop
|
||||
(iproute2.overrideAttrs ({ configureFlags ? [], src, ... }: let
|
||||
version = "6.8.0";
|
||||
in {
|
||||
inherit version;
|
||||
src = pkgs.fetchurl {
|
||||
url = "mirror://kernel/linux/utils/net/iproute2/iproute2-${version}.tar.xz";
|
||||
hash = "sha256-A6bMo9cakI0fFfe0lb4rj+hR+UFFjcRmSQDX9F/PaM4=";
|
||||
};
|
||||
configureFlags = configureFlags ++ [
|
||||
"--color" "auto"
|
||||
];
|
||||
}))
|
||||
jq
|
||||
lsof # to find lingering nix processes locking files in nix store
|
||||
mtr
|
||||
pv
|
||||
ripgrep
|
||||
rsync
|
||||
screen
|
||||
strace
|
||||
tcpdump
|
||||
|
@ -115,27 +88,11 @@
|
|||
];
|
||||
};
|
||||
|
||||
networking = {
|
||||
firewall.allowedTCPPorts = lib.mkIf config.services.nginx.enable [
|
||||
# proxy protocol used by public-access-proxy
|
||||
8080
|
||||
8443
|
||||
];
|
||||
nameservers = with hostRegistry.dnscache; [
|
||||
ip4
|
||||
ip6
|
||||
] ++ (if config.services.resolved.enable then [
|
||||
"9.9.9.9#dns.quad9.net"
|
||||
"1.1.1.1#cloudflare-dns.com"
|
||||
] else [
|
||||
"9.9.9.9"
|
||||
"1.1.1.1"
|
||||
]);
|
||||
useHostResolvConf = lib.mkIf (!config.services.resolved.enable) true;
|
||||
};
|
||||
|
||||
# TODO: drop when https://github.com/Mic92/sops-nix/pull/555 is merged
|
||||
sops.environment.SOPS_GPG_EXEC = lib.getExe (pkgs.gnupg.override { enableMinimal = true; });
|
||||
networking.firewall.allowedTCPPorts = lib.mkIf config.services.nginx.enable [
|
||||
# proxy protocol used by public-access-proxy
|
||||
8080
|
||||
8443
|
||||
];
|
||||
|
||||
nix = {
|
||||
deleteChannels = true;
|
||||
|
@ -153,13 +110,12 @@
|
|||
];
|
||||
registry.nixpkgs.flake = nixos;
|
||||
settings = {
|
||||
extra-experimental-features = "ca-derivations";
|
||||
# if a download from hydra fails, we want to stop and retry it, instead of building it
|
||||
fallback = false;
|
||||
trusted-public-keys = [
|
||||
"nix-cache.hq.c3d2.de:KZRGGnwOYzys6pxgM8jlur36RmkJQ/y8y62e52fj1ps="
|
||||
];
|
||||
stalled-download-timeout = 30; # in case hydra is not reachable fail faster
|
||||
stalled-download-timeout = 60; # in case hydra is not reachable fail faster
|
||||
# don't self feed hydra
|
||||
substituters = lib.mkIf (config.networking.hostName != "hydra") (
|
||||
lib.mkBefore [ "https://nix-cache.hq.c3d2.de" ]
|
||||
|
@ -188,7 +144,7 @@
|
|||
tmux = {
|
||||
enable = true;
|
||||
historyLimit = 50000;
|
||||
extraConfig = /* tmux */ ''
|
||||
extraConfig = ''
|
||||
# mouse control
|
||||
set -g mouse on
|
||||
|
||||
|
@ -226,10 +182,7 @@
|
|||
|
||||
hedgedoc.ldap.userGroup = "hedgedoc-users";
|
||||
|
||||
home-assistant.ldap = {
|
||||
adminGroup = "home-assistant-admins";
|
||||
userGroup = "home-assistant-users";
|
||||
};
|
||||
home-assistant.ldap.userGroup = "home-assistant-users";
|
||||
|
||||
hydra.ldap = {
|
||||
roleMappings = [
|
||||
|
@ -266,7 +219,6 @@
|
|||
# Required for deployment and sops
|
||||
enable = true;
|
||||
settings = {
|
||||
AcceptEnv = "SYSTEMD_PAGER";
|
||||
LoginGraceTime = 30; # throw out unauthenticated connections earlier than the 120 default
|
||||
PasswordAuthentication = lib.mkIf (!config.c3d2.k-ot.enable) false;
|
||||
PermitRootLogin = lib.mkOverride 900 "prohibit-password";
|
||||
|
@ -279,15 +231,12 @@
|
|||
internalIp6 = hosts6.up4.auth;
|
||||
ldapPreset = true;
|
||||
# those can't be under hosts/*/default.nix because those are not imported for the auth microvm
|
||||
seedSettings.groups = map (n: {
|
||||
long_name = n;
|
||||
name = lib.toLower (lib.replaceStrings [" "] ["-"] n);
|
||||
permissions = { };
|
||||
}) [
|
||||
"Mail Users"
|
||||
"Mobilizon Users"
|
||||
"Vaultwarden Users"
|
||||
"Vaultwarden Social Media Accounts"
|
||||
seedSettings.groups = [
|
||||
{
|
||||
long_name = "Mobilizon Users";
|
||||
name = "mobilizon-users";
|
||||
permissions = {};
|
||||
}
|
||||
];
|
||||
};
|
||||
|
||||
|
@ -318,9 +267,6 @@
|
|||
'';
|
||||
|
||||
systemd = {
|
||||
# don't kick us out if one disk is missing
|
||||
enableEmergencyMode = false;
|
||||
|
||||
# maybe set enable = false instead?
|
||||
network.wait-online.anyInterface = true;
|
||||
|
||||
|
|
337
flake.lock
337
flake.lock
|
@ -103,22 +103,6 @@
|
|||
"url": "https://gitea.c3d2.de/astro/bevy-mandelbrot.git"
|
||||
}
|
||||
},
|
||||
"blobs": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
"lastModified": 1604995301,
|
||||
"narHash": "sha256-wcLzgLec6SGJA8fx1OEN1yV/Py5b+U5iyYpksUY/yLw=",
|
||||
"owner": "simple-nixos-mailserver",
|
||||
"repo": "blobs",
|
||||
"rev": "2cccdf1ca48316f2cfd1c9a0017e8de5a7156265",
|
||||
"type": "gitlab"
|
||||
},
|
||||
"original": {
|
||||
"owner": "simple-nixos-mailserver",
|
||||
"repo": "blobs",
|
||||
"type": "gitlab"
|
||||
}
|
||||
},
|
||||
"buzzrelay": {
|
||||
"inputs": {
|
||||
"naersk": [
|
||||
|
@ -132,11 +116,11 @@
|
|||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1714004061,
|
||||
"narHash": "sha256-gvRG8CkCFxQ3jqdiU+O6s9YdZRTPU53yK7XmEwPO3mk=",
|
||||
"lastModified": 1701026248,
|
||||
"narHash": "sha256-kr4tV1Y35TuKWs9gcHDpq+aJxsT0gUBIGjL5iUCQvs8=",
|
||||
"owner": "astro",
|
||||
"repo": "buzzrelay",
|
||||
"rev": "c5fddfba89fd2d8dd7f415248a8ed878ffdb1f10",
|
||||
"rev": "2e39f284ad0585be8f0aaa820121ea633a856271",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -150,16 +134,16 @@
|
|||
"nixos-modules": [
|
||||
"nixos-modules"
|
||||
],
|
||||
"nixpkgs": [
|
||||
"nixpkgs-lib": [
|
||||
"nixos"
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1710844300,
|
||||
"narHash": "sha256-pSP6v7VqWWWgekbYnASTrZXgOW270I7MoDIXLz960KY=",
|
||||
"lastModified": 1698539257,
|
||||
"narHash": "sha256-7ql+k40kLpaB41cUzkw0/Ww1ujSYlvG9AEXBi8Nk6r8=",
|
||||
"ref": "refs/heads/master",
|
||||
"rev": "319dffc67b5c17c98d3ab77959568fc2b7c46513",
|
||||
"revCount": 62,
|
||||
"rev": "c822e0c34fac14b6d037ada62e74af09a4bcea40",
|
||||
"revCount": 41,
|
||||
"type": "git",
|
||||
"url": "https://gitea.c3d2.de/c3d2/nix-user-module.git"
|
||||
},
|
||||
|
@ -184,11 +168,11 @@
|
|||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1713402078,
|
||||
"narHash": "sha256-gFkpX4PA5hEmuvQxZX+TWBOdIGmwzOXs5bgGAwOEdvA=",
|
||||
"lastModified": 1699655581,
|
||||
"narHash": "sha256-NYrnxvrliFrq/izZiusrfIiC5cT3vAaoSqVgKpaVr4U=",
|
||||
"ref": "main",
|
||||
"rev": "bc45f3513e952e95660c2e063e7a2a79b350b024",
|
||||
"revCount": 347,
|
||||
"rev": "03968b9cbbc279913337ab45a1abaa2a93cdf61d",
|
||||
"revCount": 338,
|
||||
"type": "git",
|
||||
"url": "https://gitea.c3d2.de/astro/caveman.git"
|
||||
},
|
||||
|
@ -225,11 +209,11 @@
|
|||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1714612856,
|
||||
"narHash": "sha256-W7+rtMzRmdovzndN2NYUv5xzkbMudtQ3jbyFuGk0O1E=",
|
||||
"lastModified": 1700927249,
|
||||
"narHash": "sha256-iqmIWiEng890/ru7ZBf4nUezFPyRm2fjRTvuwwxqk2o=",
|
||||
"owner": "nix-community",
|
||||
"repo": "disko",
|
||||
"rev": "d57058eb09dd5ec00c746df34fe0a603ea744370",
|
||||
"rev": "3cb78c93e6a02f494aaf6aeb37481c27a2e2ee22",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -238,28 +222,6 @@
|
|||
"type": "github"
|
||||
}
|
||||
},
|
||||
"dns-nix": {
|
||||
"inputs": {
|
||||
"flake-utils": "flake-utils_2",
|
||||
"nixpkgs": [
|
||||
"zentralwerk",
|
||||
"nixpkgs"
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1703643450,
|
||||
"narHash": "sha256-EUUF5oxFFPX/etKm0FNQg+7MPHQlNjmM1XhNgyDf7A0=",
|
||||
"owner": "SuperSandro2000",
|
||||
"repo": "dns.nix",
|
||||
"rev": "70dcce71560d4253f63812fa36dee994c81ae814",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "SuperSandro2000",
|
||||
"repo": "dns.nix",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"fenix": {
|
||||
"inputs": {
|
||||
"nixpkgs": [
|
||||
|
@ -268,11 +230,11 @@
|
|||
"rust-analyzer-src": "rust-analyzer-src"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1714544767,
|
||||
"narHash": "sha256-kF1bX+YFMedf1g0PAJYwGUkzh22JmULtj8Rm4IXAQKs=",
|
||||
"lastModified": 1698819743,
|
||||
"narHash": "sha256-L3vZfifHmog7sJvzXk8qiKISkpyltb+GaThqMJ7PU9Y=",
|
||||
"owner": "nix-community",
|
||||
"repo": "fenix",
|
||||
"rev": "73124e1356bde9411b163d636b39fe4804b7ca45",
|
||||
"rev": "1a92c6d75963fd594116913c23041da48ed9e020",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -282,47 +244,16 @@
|
|||
"type": "github"
|
||||
}
|
||||
},
|
||||
"flake-compat": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
"lastModified": 1668681692,
|
||||
"narHash": "sha256-Ht91NGdewz8IQLtWZ9LCeNXMSXHUss+9COoqu6JLmXU=",
|
||||
"owner": "edolstra",
|
||||
"repo": "flake-compat",
|
||||
"rev": "009399224d5e398d03b22badca40a37ac85412a1",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "edolstra",
|
||||
"repo": "flake-compat",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"flake-utils": {
|
||||
"inputs": {
|
||||
"systems": "systems"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1710146030,
|
||||
"narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=",
|
||||
"lastModified": 1694529238,
|
||||
"narHash": "sha256-zsNZZGTGnMOf9YpHKJqMSsa0dXbfmxeoJ7xHlrt+xmY=",
|
||||
"owner": "numtide",
|
||||
"repo": "flake-utils",
|
||||
"rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "numtide",
|
||||
"repo": "flake-utils",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"flake-utils_2": {
|
||||
"locked": {
|
||||
"lastModified": 1614513358,
|
||||
"narHash": "sha256-LakhOx3S1dRjnh0b5Dg3mbZyH0ToC9I8Y2wKSkBaTzU=",
|
||||
"owner": "numtide",
|
||||
"repo": "flake-utils",
|
||||
"rev": "5466c5bbece17adaab2d82fae80b46e807611bf3",
|
||||
"rev": "ff7b65b44d01cf9ba6a71320833626af21126384",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -347,11 +278,11 @@
|
|||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1713125817,
|
||||
"narHash": "sha256-GpW5PN4JIV5SYp6ZuAeN2qRQH3hyiOUWNbR5J0Jhh2E=",
|
||||
"lastModified": 1695426234,
|
||||
"narHash": "sha256-fPLVqhGt9G72MrKrnal31ovp2NXpy4PT6uGV9+BYxtk=",
|
||||
"ref": "refs/heads/master",
|
||||
"rev": "9172dc5abd036707d5b5a21bcff5c61f6e55fde1",
|
||||
"revCount": 73,
|
||||
"rev": "bb82574d4a36b743b8678e23a0cd3c8b0eaf1821",
|
||||
"revCount": 68,
|
||||
"type": "git",
|
||||
"url": "https://gitea.c3d2.de/astro/heliwatch.git"
|
||||
},
|
||||
|
@ -367,15 +298,14 @@
|
|||
],
|
||||
"nixpkgs": [
|
||||
"nixos"
|
||||
],
|
||||
"spectrum": "spectrum"
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1714764302,
|
||||
"narHash": "sha256-MmIZR67wOP3Nr9b3XpsvHSZSTDcTmd9cQn2Z8pW1/Hw=",
|
||||
"lastModified": 1700320345,
|
||||
"narHash": "sha256-HDBVj9gEOG2ZBGc+UGtjqDsOIvYOQtDxDRGrbiWOXl0=",
|
||||
"owner": "astro",
|
||||
"repo": "microvm.nix",
|
||||
"rev": "e9977efbe34b554c3e393dc9a18509905a4080e5",
|
||||
"rev": "b16e6261ad2f0bca6ac2a4b7a4d3377cf5e3d95d",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -391,11 +321,11 @@
|
|||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1713520724,
|
||||
"narHash": "sha256-CO8MmVDmqZX2FovL75pu5BvwhW+Vugc7Q6ze7Hj8heI=",
|
||||
"lastModified": 1698420672,
|
||||
"narHash": "sha256-/TdeHMPRjjdJub7p7+w55vyABrsJlt5QkznPYy55vKA=",
|
||||
"owner": "nix-community",
|
||||
"repo": "naersk",
|
||||
"rev": "c5037590290c6c7dae2e42e7da1e247e54ed2d49",
|
||||
"rev": "aeb58d5e8faead8980a807c840232697982d47b9",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -432,11 +362,11 @@
|
|||
},
|
||||
"nixos": {
|
||||
"locked": {
|
||||
"lastModified": 1714905756,
|
||||
"narHash": "sha256-JyB6bzbG5F2fHouZNHf7DJo5boMirnZO8izrJY502RA=",
|
||||
"lastModified": 1701650192,
|
||||
"narHash": "sha256-OlW7awIgrWkAAdFO+fjkzKD0NHneHRr023r3Ld3JBGQ=",
|
||||
"owner": "SuperSandro2000",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "a0744ef2215a1feb76086167cf6a6dcf2f6e435d",
|
||||
"rev": "093be9832c89b19c94aebf78186562ef2fc267f1",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -448,11 +378,11 @@
|
|||
},
|
||||
"nixos-hardware": {
|
||||
"locked": {
|
||||
"lastModified": 1714885415,
|
||||
"narHash": "sha256-LG+2IVqVi1fy724rSDAkgqae+f47fGGko4cJhtkN8PE=",
|
||||
"lastModified": 1701020860,
|
||||
"narHash": "sha256-NwnRn04C8s+hH+KdVtGmVB1FFNIG7DtPJmQSCBDaET4=",
|
||||
"owner": "nixos",
|
||||
"repo": "nixos-hardware",
|
||||
"rev": "753176b57b3fcddb140c1c012868e62c025120bd",
|
||||
"rev": "b006ec52fce23b1d57f6ab4a42d7400732e9a0a2",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -463,19 +393,16 @@
|
|||
},
|
||||
"nixos-modules": {
|
||||
"inputs": {
|
||||
"flake-utils": [
|
||||
"flake-utils"
|
||||
],
|
||||
"nixpkgs": [
|
||||
"nixpkgs-lib": [
|
||||
"nixos"
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1714345437,
|
||||
"narHash": "sha256-95Jrew6RACxyEATJg1asSfFq/dzDadLGBAxItb6/LRA=",
|
||||
"lastModified": 1701643093,
|
||||
"narHash": "sha256-cJves2E255uJHoQLxdwB/Ipd718IYohE2HRBBse3Q9w=",
|
||||
"owner": "SuperSandro2000",
|
||||
"repo": "nixos-modules",
|
||||
"rev": "1aeeba70ada1b0f1f8bc408ea3131882d35f15c3",
|
||||
"rev": "bfc7e254acbf9ab43658893e367f3944811f9685",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -484,52 +411,6 @@
|
|||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nixos-unstable": {
|
||||
"locked": {
|
||||
"lastModified": 1714905535,
|
||||
"narHash": "sha256-eHjqlZBXypIzJYpb4YWv/NGXC+TG67q4sBYeLFPgUOc=",
|
||||
"owner": "SuperSandro2000",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "204e25c59d57c5b987df18c21120217d0ca6a915",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "SuperSandro2000",
|
||||
"ref": "nixos-unstable",
|
||||
"repo": "nixpkgs",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nixpkgs-23_05": {
|
||||
"locked": {
|
||||
"lastModified": 1704290814,
|
||||
"narHash": "sha256-LWvKHp7kGxk/GEtlrGYV68qIvPHkU9iToomNFGagixU=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "70bdadeb94ffc8806c0570eb5c2695ad29f0e421",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"id": "nixpkgs",
|
||||
"ref": "nixos-23.05",
|
||||
"type": "indirect"
|
||||
}
|
||||
},
|
||||
"nixpkgs-23_11": {
|
||||
"locked": {
|
||||
"lastModified": 1706098335,
|
||||
"narHash": "sha256-r3dWjT8P9/Ah5m5ul4WqIWD8muj5F+/gbCdjiNVBKmU=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "a77ab169a83a4175169d78684ddd2e54486ac651",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"id": "nixpkgs",
|
||||
"ref": "nixos-23.11",
|
||||
"type": "indirect"
|
||||
}
|
||||
},
|
||||
"oparl-scraper": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
|
@ -571,11 +452,11 @@
|
|||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1714901161,
|
||||
"narHash": "sha256-8f+IP2lVzE9AuH3WHFeG+GzLraLVAV0uekgHVEC0KOk=",
|
||||
"lastModified": 1701083718,
|
||||
"narHash": "sha256-+XgLJTcOfRLjNa5zGgAuK2vPy1CShn/7a4bdRrH1Mgk=",
|
||||
"owner": "astro",
|
||||
"repo": "nix-openwrt-imagebuilder",
|
||||
"rev": "da7077e22fab0e865ecb62bea2fa0b0e2c0eb0cf",
|
||||
"rev": "34caf0a0a3cab485491433bd1509bfc4072298b7",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -604,13 +485,12 @@
|
|||
"nixos": "nixos",
|
||||
"nixos-hardware": "nixos-hardware",
|
||||
"nixos-modules": "nixos-modules",
|
||||
"nixos-unstable": "nixos-unstable",
|
||||
"oparl-scraper": "oparl-scraper",
|
||||
"openwrt": "openwrt",
|
||||
"openwrt-imagebuilder": "openwrt-imagebuilder",
|
||||
"rust-overlay": "rust-overlay",
|
||||
"scrapers": "scrapers",
|
||||
"simple-nixos-mailserver": "simple-nixos-mailserver",
|
||||
"secrets": "secrets",
|
||||
"skyflake": "skyflake",
|
||||
"sops-nix": "sops-nix",
|
||||
"spacemsg": "spacemsg",
|
||||
|
@ -625,11 +505,11 @@
|
|||
"rust-analyzer-src": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
"lastModified": 1714501997,
|
||||
"narHash": "sha256-g31zfxwUFzkPgX0Q8sZLcrqGmOxwjEZ/iqJjNx4fEGo=",
|
||||
"lastModified": 1698762780,
|
||||
"narHash": "sha256-WzuwMjpitp41dacdNzrdGjjP72Z0fFyGuQR2PJk48pE=",
|
||||
"owner": "rust-lang",
|
||||
"repo": "rust-analyzer",
|
||||
"rev": "49e502b277a8126a9ad10c802d1aaa3ef1a280ef",
|
||||
"rev": "99e94d2938a743f8f48c6b729de4c517eeced99d",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -649,11 +529,11 @@
|
|||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1714702555,
|
||||
"narHash": "sha256-/NoUbE5S5xpK1FU3nlHhQ/tL126+JcisXdzy3Ng4pDU=",
|
||||
"lastModified": 1700187354,
|
||||
"narHash": "sha256-RRIVKv+tiI1yn1PqZiVGQ9YlQGZ+/9iEkA4rst1QiNk=",
|
||||
"owner": "oxalica",
|
||||
"repo": "rust-overlay",
|
||||
"rev": "7f0e3ef7b7fbed78e12e5100851175d28af4b7c6",
|
||||
"rev": "e3ebc177291f5de627d6dfbac817b4a661b15d1c",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -666,11 +546,11 @@
|
|||
"scrapers": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
"lastModified": 1713211784,
|
||||
"narHash": "sha256-WeTVBaVN9UZvw7dy8jkH0Vz8zWhcEqFlwqK9R+VYa0k=",
|
||||
"lastModified": 1693949006,
|
||||
"narHash": "sha256-ofwDlj+hBXlIH2rrMYjqaJD/OBqpxFAb7hay2BOIHGI=",
|
||||
"ref": "refs/heads/master",
|
||||
"rev": "4bdef3adf8ca8beefc2ebf6a838bb351bf8ca113",
|
||||
"revCount": 71,
|
||||
"rev": "d93045ab74f1a9fbd2a360fd24ca624c7cc2c62f",
|
||||
"revCount": 70,
|
||||
"type": "git",
|
||||
"url": "https://gitea.c3d2.de/astro/scrapers.git"
|
||||
},
|
||||
|
@ -679,30 +559,19 @@
|
|||
"url": "https://gitea.c3d2.de/astro/scrapers.git"
|
||||
}
|
||||
},
|
||||
"simple-nixos-mailserver": {
|
||||
"inputs": {
|
||||
"blobs": "blobs",
|
||||
"flake-compat": "flake-compat",
|
||||
"nixpkgs": [
|
||||
"nixos"
|
||||
],
|
||||
"nixpkgs-23_05": "nixpkgs-23_05",
|
||||
"nixpkgs-23_11": "nixpkgs-23_11",
|
||||
"utils": "utils"
|
||||
},
|
||||
"secrets": {
|
||||
"locked": {
|
||||
"lastModified": 1713017338,
|
||||
"narHash": "sha256-BGXZdqdEc8+nFiX08q/kd8rWHgyiO42tacBpt39diMI=",
|
||||
"owner": "SuperSandro2000",
|
||||
"repo": "nixos-mailserver",
|
||||
"rev": "04490c0872d91da865b925a8b7f8ccd3ba982cbb",
|
||||
"type": "gitlab"
|
||||
"lastModified": 1699654813,
|
||||
"narHash": "sha256-cZH9FL8DOSZvLWL8jWiNszeV/g5eHJw80L88R8dPjvI=",
|
||||
"ref": "refs/heads/master",
|
||||
"rev": "f4d44f2c75f149c4aeadb635348ee87db4448b86",
|
||||
"revCount": 164,
|
||||
"type": "git",
|
||||
"url": "ssh://gitea@gitea.c3d2.de/c3d2-admins/secrets.git"
|
||||
},
|
||||
"original": {
|
||||
"owner": "SuperSandro2000",
|
||||
"ref": "quote-ldap-password",
|
||||
"repo": "nixos-mailserver",
|
||||
"type": "gitlab"
|
||||
"type": "git",
|
||||
"url": "ssh://gitea@gitea.c3d2.de/c3d2-admins/secrets.git"
|
||||
}
|
||||
},
|
||||
"skyflake": {
|
||||
|
@ -741,11 +610,11 @@
|
|||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1714878026,
|
||||
"narHash": "sha256-YJ1k/jyd6vKqmVgGkkAb4n+ZfPPAt8+L5a73eAThqFU=",
|
||||
"lastModified": 1700967639,
|
||||
"narHash": "sha256-uuUwD/O1QcVk+TWPZFwl4ioUkC8iACj0jEXSyE/wGPI=",
|
||||
"owner": "Mic92",
|
||||
"repo": "sops-nix",
|
||||
"rev": "10dc39496d5b027912038bde8d68c836576ad0bc",
|
||||
"rev": "4be58d802693d7def8622ff34d36714f8db40371",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -757,11 +626,11 @@
|
|||
"spacemsg": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
"lastModified": 1712512415,
|
||||
"narHash": "sha256-X4JrvBfD9rKi7UN8R+Qwc1k7tqGIwgRFE4T1OGd1YcY=",
|
||||
"lastModified": 1697572060,
|
||||
"narHash": "sha256-p+5TdW/0N47PTLElbtgJaCMr5eVAafXgDkqi41TG/c0=",
|
||||
"owner": "astro",
|
||||
"repo": "spacemsg",
|
||||
"rev": "8842c2ab4144a1b1a9cc5feda5000858882c9617",
|
||||
"rev": "37c3784940f2b68361d2180f8e7a583baa242b8f",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -770,22 +639,6 @@
|
|||
"type": "github"
|
||||
}
|
||||
},
|
||||
"spectrum": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
"lastModified": 1708358594,
|
||||
"narHash": "sha256-e71YOotu2FYA67HoC/voJDTFsiPpZNRwmiQb4f94OxQ=",
|
||||
"ref": "refs/heads/main",
|
||||
"rev": "6d0e73864d28794cdbd26ab7b37259ab0e1e044c",
|
||||
"revCount": 614,
|
||||
"type": "git",
|
||||
"url": "https://spectrum-os.org/git/spectrum"
|
||||
},
|
||||
"original": {
|
||||
"type": "git",
|
||||
"url": "https://spectrum-os.org/git/spectrum"
|
||||
}
|
||||
},
|
||||
"sshlogd": {
|
||||
"inputs": {
|
||||
"fenix": [
|
||||
|
@ -847,11 +700,11 @@
|
|||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1711570353,
|
||||
"narHash": "sha256-kpipz1JwZzXD/BxfmWVDFIY2NisteJsubkcMYyIl8rk=",
|
||||
"lastModified": 1684441791,
|
||||
"narHash": "sha256-2ZVWrk+Gdt4bmi08bVKnW5LRekVFWDUQW1wdOI2Q/cs=",
|
||||
"ref": "refs/heads/master",
|
||||
"rev": "f76b7bc517ffd068972b3660daa67b1f6b22c4cb",
|
||||
"revCount": 140,
|
||||
"rev": "eb732ca1254f823770c4cdc3198484d1307ae83a",
|
||||
"revCount": 133,
|
||||
"type": "git",
|
||||
"url": "https://gitea.c3d2.de/astro/ticker.git"
|
||||
},
|
||||
|
@ -863,11 +716,11 @@
|
|||
"tigger": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
"lastModified": 1713196297,
|
||||
"narHash": "sha256-xgEtm7r6AS8UetLWtAKm1Zy9N0Cm4MP9SPjNyksRv6Q=",
|
||||
"lastModified": 1688587276,
|
||||
"narHash": "sha256-WsLVsnBYqZxH9QXYJ0Uutqd/g2KNARVNMjd847XLP88=",
|
||||
"owner": "astro",
|
||||
"repo": "tigger",
|
||||
"rev": "073cc63fcd6e25cba775b0b4ad8056c6200da03f",
|
||||
"rev": "0f6a4776eabb0469ef199b65b8955b56b4b3df52",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -902,21 +755,6 @@
|
|||
"url": "https://gitea.c3d2.de/astro/tracer"
|
||||
}
|
||||
},
|
||||
"utils": {
|
||||
"locked": {
|
||||
"lastModified": 1605370193,
|
||||
"narHash": "sha256-YyMTf3URDL/otKdKgtoMChu4vfVL3vCMkRqpGifhUn0=",
|
||||
"owner": "numtide",
|
||||
"repo": "flake-utils",
|
||||
"rev": "5021eac20303a61fafe17224c087f5519baed54d",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "numtide",
|
||||
"repo": "flake-utils",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"yammat": {
|
||||
"inputs": {
|
||||
"nixpkgs": [
|
||||
|
@ -924,11 +762,11 @@
|
|||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1705059643,
|
||||
"narHash": "sha256-Y9SI1WGMXrnv02SOGoNdFIFTAbF6lxgtGBtaO3m+uOo=",
|
||||
"lastModified": 1696367506,
|
||||
"narHash": "sha256-oWD8onHmZsWaUdU4V1zgWZcpSkJrnD4rVv+5zy7AGXA=",
|
||||
"ref": "refs/heads/master",
|
||||
"rev": "fc279ce4becf8e44d53a2d8a5d68edbf36f19361",
|
||||
"revCount": 425,
|
||||
"rev": "5fd3882e04981fa42784eced5d3cb910de60e624",
|
||||
"revCount": 424,
|
||||
"type": "git",
|
||||
"url": "https://gitea.c3d2.de/c3d2/yammat.git"
|
||||
},
|
||||
|
@ -939,7 +777,6 @@
|
|||
},
|
||||
"zentralwerk": {
|
||||
"inputs": {
|
||||
"dns-nix": "dns-nix",
|
||||
"nixpkgs": [
|
||||
"nixos"
|
||||
],
|
||||
|
@ -951,11 +788,11 @@
|
|||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1714598147,
|
||||
"narHash": "sha256-FxGkLFzY3pWubNHoiXh710FExyZRR5NHXb911BG0QDg=",
|
||||
"lastModified": 1701027734,
|
||||
"narHash": "sha256-bUGH+ME3MG0UA1EyYMg1Ly7Bj4q6VYj5jhLjenDU4q0=",
|
||||
"ref": "refs/heads/master",
|
||||
"rev": "af5cf82ed28811fa2922edb476cb73e88a90660e",
|
||||
"revCount": 2029,
|
||||
"rev": "072867a2a6ad06c356c9c39f92b9f766bc4cf94c",
|
||||
"revCount": 1886,
|
||||
"type": "git",
|
||||
"url": "https://gitea.c3d2.de/zentralwerk/network.git"
|
||||
},
|
||||
|
|
101
flake.nix
101
flake.nix
|
@ -9,7 +9,6 @@
|
|||
inputs = {
|
||||
# use sandro's fork full with cherry-picked fixes
|
||||
nixos.url = "github:SuperSandro2000/nixpkgs/nixos-23.11";
|
||||
nixos-unstable.url = "github:SuperSandro2000/nixpkgs/nixos-unstable";
|
||||
nixos-hardware.url = "github:nixos/nixos-hardware";
|
||||
|
||||
affection-src = {
|
||||
|
@ -66,7 +65,7 @@
|
|||
url = "git+https://gitea.c3d2.de/c3d2/nix-user-module.git";
|
||||
inputs = {
|
||||
nixos-modules.follows = "nixos-modules";
|
||||
nixpkgs.follows = "nixos";
|
||||
nixpkgs-lib.follows = "nixos";
|
||||
};
|
||||
};
|
||||
deployment = {
|
||||
|
@ -93,6 +92,7 @@
|
|||
utils.follows = "flake-utils";
|
||||
};
|
||||
};
|
||||
# hydra-ca.url = "github:mlabs-haskell/hydra/aciceri/ca-derivations";
|
||||
microvm = {
|
||||
url = "github:astro/microvm.nix";
|
||||
inputs = {
|
||||
|
@ -118,10 +118,7 @@
|
|||
# NOTE: mirrored to https://gitea.c3d2.de/c3d2/nixos-modules
|
||||
# If there are questions, things should be added or changed, contact sandro
|
||||
url = "github:SuperSandro2000/nixos-modules";
|
||||
inputs = {
|
||||
flake-utils.follows = "flake-utils";
|
||||
nixpkgs.follows = "nixos";
|
||||
};
|
||||
inputs.nixpkgs-lib.follows = "nixos";
|
||||
};
|
||||
oparl-scraper = {
|
||||
url = "github:offenesdresden/ratsinfo-scraper/oparl";
|
||||
|
@ -165,13 +162,8 @@
|
|||
fenix.follows = "fenix";
|
||||
};
|
||||
};
|
||||
simple-nixos-mailserver = {
|
||||
# url = "gitlab:simple-nixos-mailserver/nixos-mailserver/nixos-23.11";
|
||||
url = "gitlab:SuperSandro2000/nixos-mailserver/quote-ldap-password";
|
||||
inputs = {
|
||||
nixpkgs.follows = "nixos";
|
||||
};
|
||||
};
|
||||
# deprecated
|
||||
secrets.url = "git+ssh://gitea@gitea.c3d2.de/c3d2-admins/secrets.git";
|
||||
sops-nix = {
|
||||
url = "github:Mic92/sops-nix";
|
||||
inputs = {
|
||||
|
@ -219,7 +211,7 @@
|
|||
};
|
||||
};
|
||||
|
||||
outputs = inputs@{ self, alert2muc, c3d2-user-module, deployment, disko, fenix, heliwatch, microvm, naersk, nixos, nixos-hardware, nixos-modules, buzzrelay, caveman, oparl-scraper, simple-nixos-mailserver, scrapers, skyflake, sshlogd, sops-nix, spacemsg, ticker, tigger, yammat, zentralwerk, ... }:
|
||||
outputs = inputs@{ self, alert2muc, c3d2-user-module, deployment, disko, fenix, heliwatch, microvm, naersk, nixos, nixos-hardware, nixos-modules, buzzrelay, caveman, oparl-scraper, scrapers, secrets, skyflake, sshlogd, sops-nix, spacemsg, ticker, tigger, yammat, zentralwerk, ... }:
|
||||
let
|
||||
inherit (nixos) lib;
|
||||
|
||||
|
@ -246,13 +238,16 @@
|
|||
inherit system;
|
||||
|
||||
modules = [
|
||||
{
|
||||
({ pkgs, ... }: {
|
||||
_module.args = {
|
||||
inherit hostRegistry libC nixos ssh-public-keys zentralwerk;
|
||||
|
||||
# TODO: drop!
|
||||
is2305 = (lib.versions.majorMinor pkgs.lib.version) == "23.05";
|
||||
};
|
||||
|
||||
nixpkgs.overlays = overlayList;
|
||||
}
|
||||
})
|
||||
|
||||
self.nixosModules.c3d2
|
||||
] ++ modules;
|
||||
|
@ -284,6 +279,13 @@
|
|||
];
|
||||
};
|
||||
|
||||
bind = nixosSystem' {
|
||||
modules = [
|
||||
self.nixosModules.microvm
|
||||
./hosts/bind
|
||||
];
|
||||
};
|
||||
|
||||
blogs = nixosSystem' {
|
||||
modules = [
|
||||
self.nixosModules.microvm
|
||||
|
@ -340,13 +342,10 @@
|
|||
modules = [
|
||||
self.nixosModules.microvm
|
||||
./hosts/dn42
|
||||
];
|
||||
};
|
||||
|
||||
knot = nixosSystem' {
|
||||
modules = [
|
||||
self.nixosModules.microvm
|
||||
./hosts/knot
|
||||
{
|
||||
# TODO: migrate to sops
|
||||
nixpkgs.overlays = [ secrets.overlays.dn42 ];
|
||||
}
|
||||
];
|
||||
};
|
||||
|
||||
|
@ -374,8 +373,6 @@
|
|||
gitea = nixosSystem' {
|
||||
modules = [
|
||||
self.nixosModules.microvm
|
||||
self.nixosModules.gitea-actions-registrar
|
||||
self.nixosModules.gitea-actions-runner
|
||||
./hosts/gitea
|
||||
];
|
||||
};
|
||||
|
@ -410,7 +407,6 @@
|
|||
};
|
||||
|
||||
home-assistant = nixosSystem' {
|
||||
nixos = inputs.nixos-unstable;
|
||||
modules = [
|
||||
self.nixosModules.microvm
|
||||
./hosts/home-assistant
|
||||
|
@ -420,7 +416,6 @@
|
|||
hydra = nixosSystem' {
|
||||
modules = [
|
||||
self.nixosModules.cluster
|
||||
self.nixosModules.gitea-actions-runner
|
||||
# skyflake.nixosModules.default
|
||||
./hosts/hydra
|
||||
];
|
||||
|
@ -449,11 +444,10 @@
|
|||
];
|
||||
};
|
||||
|
||||
mail = nixosSystem' {
|
||||
mailtngbert = nixosSystem' {
|
||||
modules = [
|
||||
self.nixosModules.microvm
|
||||
simple-nixos-mailserver.nixosModules.mailserver
|
||||
./hosts/mail
|
||||
./hosts/mailtngbert
|
||||
];
|
||||
};
|
||||
|
||||
|
@ -496,6 +490,10 @@
|
|||
mucbot = nixosSystem' {
|
||||
modules = [
|
||||
"${tigger}/module.nix"
|
||||
{
|
||||
# TODO: migrate to sops
|
||||
nixpkgs.overlays = [ secrets.overlays.mucbot ];
|
||||
}
|
||||
./hosts/mucbot
|
||||
self.nixosModules.cluster-options
|
||||
self.nixosModules.microvm
|
||||
|
@ -524,6 +522,7 @@
|
|||
nncp = nixosSystem' {
|
||||
modules = [
|
||||
self.nixosModules.microvm
|
||||
self.nixosModules.nncp
|
||||
./hosts/nncp
|
||||
];
|
||||
};
|
||||
|
@ -552,13 +551,6 @@
|
|||
];
|
||||
};
|
||||
|
||||
pretalx = nixosSystem' {
|
||||
modules = [
|
||||
self.nixosModules.microvm
|
||||
./hosts/pretalx
|
||||
];
|
||||
};
|
||||
|
||||
prometheus = nixosSystem' {
|
||||
modules = [
|
||||
self.nixosModules.microvm
|
||||
|
@ -622,12 +614,23 @@
|
|||
system = "aarch64-linux";
|
||||
};
|
||||
|
||||
schalter = nixosSystem' {
|
||||
modules = [
|
||||
"${nixos}/nixos/modules/installer/sd-card/sd-image-raspberrypi.nix"
|
||||
./hosts/schalter
|
||||
];
|
||||
system = "x86_64-linux";
|
||||
};
|
||||
|
||||
scrape = nixosSystem' {
|
||||
modules = [
|
||||
self.nixosModules.microvm
|
||||
./hosts/scrape
|
||||
{
|
||||
_module.args = { inherit scrapers; };
|
||||
|
||||
# TODO: migrate to sops
|
||||
nixpkgs.overlays = [ secrets.overlays.scrape ];
|
||||
}
|
||||
];
|
||||
};
|
||||
|
@ -635,6 +638,10 @@
|
|||
sdrweb = nixosSystem' {
|
||||
modules = [
|
||||
./hosts/sdrweb
|
||||
{
|
||||
# TODO: migrate to sops
|
||||
nixpkgs.overlays = [ secrets.overlays.mucbot ];
|
||||
}
|
||||
heliwatch.nixosModules.heliwatch
|
||||
self.nixosModules.microvm
|
||||
self.nixosModules.cluster-options
|
||||
|
@ -705,25 +712,11 @@
|
|||
./hosts/ticker
|
||||
];
|
||||
};
|
||||
|
||||
vaultwarden = nixosSystem' {
|
||||
modules = [
|
||||
self.nixosModules.microvm
|
||||
./hosts/vaultwarden
|
||||
];
|
||||
};
|
||||
};
|
||||
|
||||
nixosModules = {
|
||||
c3d2 = {
|
||||
imports = [
|
||||
# adds config.system.build.isoImage which can be used to build an iso for any system
|
||||
# which is very useful to get its networking configuration
|
||||
# ({ config, modulesPath, ... }: {
|
||||
# imports = lib.singleton "${modulesPath}/installer/cd-dvd/installation-cd-minimal.nix";
|
||||
# isoImage.edition = lib.mkForce config.networking.hostName;
|
||||
# })
|
||||
|
||||
c3d2-user-module.nixosModule
|
||||
disko.nixosModules.disko
|
||||
nixos-modules.nixosModule
|
||||
|
@ -735,6 +728,7 @@
|
|||
./modules/baremetal.nix
|
||||
./modules/c3d2.nix
|
||||
./modules/disko.nix
|
||||
./modules/nncp.nix
|
||||
./modules/pi-sensors.nix
|
||||
./modules/plume.nix
|
||||
./modules/stats.nix
|
||||
|
@ -753,12 +747,11 @@
|
|||
./modules/microvm.nix
|
||||
];
|
||||
microvm-host.imports = [
|
||||
microvm.nixosModules.host
|
||||
microvm.nixosModules.host
|
||||
./modules/microvm-host.nix
|
||||
];
|
||||
nncp = ./modules/nncp.nix;
|
||||
rpi-netboot = ./modules/rpi-netboot.nix;
|
||||
gitea-actions-registrar = ./modules/gitea-actions-registrar.nix;
|
||||
gitea-actions-runner = ./modules/gitea-actions-runner.nix;
|
||||
};
|
||||
|
||||
# `nix develop`
|
||||
|
|
|
@ -12,6 +12,6 @@ See the grafana configuration to see an example on how to use OAuth.
|
|||
To create a new application edit the dex configuration next to portunus.
|
||||
The aplication credentials are saved in sops.
|
||||
|
||||
For an exmaple ldap configuration see the gitea, hydra or mail.
|
||||
For an exmaple ldap configuration see the gitea, hydra or mailtngbert.
|
||||
The ldap settings are documented in portunus in detail.
|
||||
To connect to `auth.c3d2.de` the nixos-modules option `services.portunus.addToHosts` should be set to true.
|
||||
|
|
|
@ -0,0 +1,120 @@
|
|||
{ zentralwerk, config, pkgs, ... }:
|
||||
let
|
||||
# wrap reload in freeze/thaw so that zones are reloaded that had
|
||||
# been updated by dyndns
|
||||
reloadCommand = with pkgs; writeScriptBin "reload-bind" ''
|
||||
#!${runtimeShell}
|
||||
|
||||
rndc() {
|
||||
${bind}/sbin/rndc -k /etc/bind/rndc.key $@
|
||||
}
|
||||
|
||||
chmod a+rwx /var/lib/c3d2-dns/zones
|
||||
rndc freeze
|
||||
rndc reload
|
||||
rndc thaw
|
||||
'';
|
||||
in
|
||||
{
|
||||
c3d2 = {
|
||||
hq.statistics.enable = true;
|
||||
deployment.server = "server10";
|
||||
};
|
||||
|
||||
environment = {
|
||||
etc.gitconfig.text = ''
|
||||
[url "gitea@gitea.c3d2.de:"]
|
||||
insteadOf = https://gitea.c3d2.de/
|
||||
'';
|
||||
systemPackages = with pkgs; [
|
||||
rsync # used in drone CI
|
||||
];
|
||||
};
|
||||
|
||||
networking = {
|
||||
hostName = "bind";
|
||||
firewall = {
|
||||
allowedTCPPorts = [
|
||||
# DNS
|
||||
53
|
||||
];
|
||||
allowedUDPPorts = [
|
||||
# DNS
|
||||
53
|
||||
];
|
||||
};
|
||||
};
|
||||
|
||||
# Privileged commands triggered by deploy-c3d2-dns
|
||||
security.sudo.extraRules = [ {
|
||||
users = [ "c3d2-dns" ];
|
||||
commands = [ {
|
||||
command = "${reloadCommand}/bin/reload-bind";
|
||||
options = [ "NOPASSWD" ];
|
||||
} ];
|
||||
} ];
|
||||
|
||||
# DNS server
|
||||
services.bind = {
|
||||
enable = true;
|
||||
extraConfig = ''
|
||||
include "${config.users.users.c3d2-dns.home}/zones.conf";
|
||||
include "${zentralwerk.packages.${pkgs.system}.dns-slaves}";
|
||||
|
||||
# for collectd
|
||||
statistics-channels {
|
||||
inet 127.0.0.1 port 8053;
|
||||
};
|
||||
'';
|
||||
};
|
||||
|
||||
# BIND statistics in Grafana
|
||||
services.collectd.plugins.bind = ''
|
||||
URL "http://127.0.0.1:8053/";
|
||||
ParseTime false
|
||||
OpCodes true
|
||||
QTypes true
|
||||
ServerStats true
|
||||
ZoneMaintStats true
|
||||
ResolverStats false
|
||||
MemoryStats true
|
||||
'';
|
||||
|
||||
sops = {
|
||||
defaultSopsFile = ./secrets.yaml;
|
||||
secrets = {
|
||||
"ssh-keys/c3d2-dns/private" = {
|
||||
owner = "c3d2-dns";
|
||||
path = "/var/lib/c3d2-dns/.ssh/id_ed25519";
|
||||
};
|
||||
"ssh-keys/c3d2-dns/public" = {
|
||||
owner = "c3d2-dns";
|
||||
path = "/var/lib/c3d2-dns/.ssh/id_ed25519.pub";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
system.stateVersion = "22.05";
|
||||
|
||||
systemd.services.bind.serviceConfig = {
|
||||
Restart = "always";
|
||||
RestartSec = "5s";
|
||||
};
|
||||
|
||||
systemd.tmpfiles.rules = [
|
||||
"d ${config.users.users.c3d2-dns.home} 0755 c3d2-dns ${config.users.users.c3d2-dns.group} - -"
|
||||
"d /var/lib/bind/slave 0755 named nogroup - -"
|
||||
];
|
||||
|
||||
# Build user
|
||||
users.groups.c3d2-dns = {};
|
||||
users.users.c3d2-dns = {
|
||||
isNormalUser = true;
|
||||
group = "c3d2-dns";
|
||||
home = "/var/lib/c3d2-dns";
|
||||
openssh.authorizedKeys.keys = [
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHIkIN1gi5cX2wV2WuNph/QzVK7vvYkvqnR/P69s36mZ drone@c3d2"
|
||||
];
|
||||
packages = [ reloadCommand ];
|
||||
};
|
||||
}
|
|
@ -1,9 +1,7 @@
|
|||
knot:
|
||||
keyFile: ENC[AES256_GCM,data:AIljRkmOy8qjkJHM3er0JVJdE3iD2oFJ/hDXsrBDvQ5u2G08/eqz+e9KQoYLaSg7GU5+Io1O6ADUPlCi2g5pGz4rkLFlhLFCVTOUFgex9dkchIQ9gMELPCAm6kAMZlPnfv2UnG9EaQCtT0LpCOItpQ==,iv:d3ARHmPo/+VU/4Dmxth2ar7y1AMF0ruO/7ddqPqTsdA=,tag:F7JuHNkusL92sTgp5a1oRg==,type:str]
|
||||
ssh-keys:
|
||||
knot:
|
||||
public: ENC[AES256_GCM,data:HOKwyNGhZhL0cnK0R3km4nzNi2x7W2RNabfP/pyW/sa7cHe9bOscpsgYz89O47tTkWxGz5eKgr/j+mfNg/QCPLq1AZZp7BwT7WHPlFPDEGhUqxpmgkR/iWEcN/pFHw==,iv:B1WqzrnWxtrfd21QxQUEHtjzG58EdVgW18AlJGmR5a8=,tag:pqIp5yDdxqkCPi5SQ4SpVA==,type:str]
|
||||
private: ENC[AES256_GCM,data:609QcNk4i7ASGgAmXp4O75Hg/A1j/xmWTDPHPxywBgTe4pW6RBGakzxgKlfqsbTvZKJxDaORJuDb2HMA2cYc5raDMNr6yzquruDHTNu6YgY+0/mOJIOccLk1WSnK9JKLJ/vPRXs30+mZooD2UK8v6FuODGxWcxx7UJXbhCeN8HXqg71D7EaJvpKxfUZDgw4XsOeBGT8MyjZHE7w+k29HZluhYF9Rz3odTdzMFsrWKdWwTlGHxNsRkCUMcHl1P4A/vVEoINBHkjnHRNLFC1SyGUhoiUKikqExLIqbwMk0VuwThNAcwcfX+IWubieySVDtn1zBrvZ2vC+sfwQGibrCqXCWaIP2mRM7YSj79GRwkBLCJZRQwT3c6vyUGPMP27NnEkdIqm/fH/Icd1pQS3ktCnvSFnLJPMH/mRX4VWcuqRyOxaQhXWDsskMcOUkBfmOFdDqFCHqqolwy2D82NxKqHKOXlsQIB7vSQr2XrRnLG2MjasRahGNRolp0vbtK8ygpzlzDmV5N3cXYIpwNpV1r,iv:uwy3u/GMLBnkfRDS4LUfS7A64DWlMjY4BujPC6tZPcI=,tag:PHRZD5I9ftzce2tek/YVdQ==,type:str]
|
||||
c3d2-dns:
|
||||
public: ENC[AES256_GCM,data:I+gaK6an/zSCAh4FDH0udy1CYbuSHWdQ5LMV2x80TbRTV7xb8Zvq9ziSqVx/u2A9UtTQTdpU75g/kWOi64GokE38NgUOjhPYwQ4P9FRqRnYEHWLQHLPah7fluy52Mg==,iv:UWSne9LMRwWJEVffAWn8PxRy1/Kqp8ncPbLCso7zHFA=,tag:SHPaVkS1M65Zmsp2To1Pbg==,type:str]
|
||||
private: ENC[AES256_GCM,data:rQ0VrunyA85O0MarBjN8u7GVtjielMcIzPpsR8utrOkhlLBjkg0zt+uFWhBOGu3cNibqgag63j+xTJ+U/BUSVAOSW7lNm53I8fUKfvh3h1XP2WkcOqBFGl6ai2N0RG5lD5/LcxWb3esmRPHdoD4hmDb522uAzXxe/ayqKr1JUTKO3pElMx3Yh55pKjy5z4LFEps+3AH2yEcpQg5kl4uj6SohcZbQBhXgvcu+6O9f9uKj6k36cYZw1ZOxtqfcfKimil03WeY5MmjwD5JyR1ERTy2t7wfZYmbgph/ZwMMLzMnBZObmrhUkMZeRr4Mm1LLKfgjOUKfqQu3SXg/UVYfVWjuERoHTwWdcrVoTfR5pRjwvOflPfOfou1P73jrOEdC4s539xttdU3pUbPuUChQN+rHHqtUb3b47Ogd6I8A1YYFTXk4Ha7MHFBOUc+hlAXR5aM6ngDECDmOHIBf32e5YC8H9KGJYva/cUmwS4XTCWiqXzv1paCldZQzi3bYzvIswzR5RBwzJj51CxKdXvZsA,iv:AdUU5x5cGh471+aTeqljkC3/6wSXWIFNACd772AQjpg=,tag:pdZSG63OwHt0AMDv3NhMsA==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
|
@ -28,8 +26,8 @@ sops:
|
|||
RyswT3E2Rnh2aTZMdXI0QnJRQVFNYVUKu9yv8wZ7X6mmFc3wj/4cOL9mZrP0Q6F7
|
||||
fXtdZr93TmTK9cG5EuBYuGDvOooFsPeSLSjP6BFRG+2+X+QxK7nSFg==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2024-05-05T13:44:20Z"
|
||||
mac: ENC[AES256_GCM,data:4mKJn5LVx0TsBZNoJeEHpL6BPJ4Hg7QQ5rAAZ+S6OEjtRR/Jku7SwH0FLNNoQZK49MnLhWVqrcW9YLNSPzUCcW1KY4k0ErbnlVJ7sVeTu8IRyNBbHR0neRLxP+6d4CzZY8O0VucbtGbKgOgxxNIUZDr5TNvSJ3uTx3ARfwcy5w8=,iv:IWjhjv5BkSPd/5NXTcMlOiUSNGRbjNXQ2+LydXAe8dA=,tag:6NLnKkfvCTBq73oQjfQ4gw==,type:str]
|
||||
lastmodified: "2023-03-23T20:33:02Z"
|
||||
mac: ENC[AES256_GCM,data:wGBfQRtmPZypEIHrImQ5U/N4QGCkdz8x7WC8UY/Z65oDt8OQUv0W0sTglANM7JlZHmnQejJuUa6olJoZDamYNenC+prkcyRej+tgFrEhoaOlpVH/+2OwRyIouQpVAyD328rcgu+tcLw+TmJEeF1LywgowSvlK7owm7GlqSPiK6U=,iv:wtnGIMNSOyNTot6cPxb7dT7IkAKrLP9ln3XYi8w/Fxg=,tag:b81yMYeTTXj29ITkJqrgFw==,type:str]
|
||||
pgp:
|
||||
- created_at: "2023-08-08T22:43:21Z"
|
||||
enc: |
|
||||
|
@ -169,4 +167,4 @@ sops:
|
|||
-----END PGP MESSAGE-----
|
||||
fp: DD0998E6CDF294537FC604F991FA5E5BF9AA901C
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.8.1
|
||||
version: 3.7.3
|
|
@ -1,7 +1,7 @@
|
|||
{ config, ... }:
|
||||
|
||||
{
|
||||
microvm.mem = 3 * 1024;
|
||||
microvm.mem = 2048;
|
||||
c3d2.deployment.server = "server10";
|
||||
|
||||
networking.hostName = "blogs";
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
{ config, pkgs, ... }:
|
||||
|
||||
let
|
||||
mymqttui = pkgs.writeScriptBin "mqttui" ''
|
||||
|
@ -132,11 +132,11 @@ in
|
|||
};
|
||||
};
|
||||
|
||||
environment.systemPackages = [
|
||||
environment.systemPackages = with pkgs; [
|
||||
mymqttui
|
||||
];
|
||||
|
||||
users.motdFile = lib.mkForce ./motd;
|
||||
users.motdFile = ./motd;
|
||||
|
||||
system.stateVersion = "22.05";
|
||||
}
|
||||
|
|
|
@ -2,16 +2,8 @@
|
|||
|
||||
{
|
||||
microvm = {
|
||||
# Running on server10 which has 40 threads on 20 cores
|
||||
vcpu = 8;
|
||||
# drone-ssh-runner clones the git repo into tmpfs which requires some RAM
|
||||
mem = 2 * 1024;
|
||||
};
|
||||
|
||||
# drone-ssh-runner clones into /tmp which needs to be bigger than the default rootfs tmpfs
|
||||
boot.tmp = {
|
||||
useTmpfs = true;
|
||||
tmpfsSize = "80%";
|
||||
vcpu = 4;
|
||||
mem = 2 * 1024; # drone-ssh-runner clones the git repo which requires some RAM
|
||||
};
|
||||
|
||||
c3d2.deployment = {
|
||||
|
@ -57,41 +49,35 @@
|
|||
'';
|
||||
locations = {
|
||||
# Mastodon
|
||||
"~ ^/\\.well-known/webfinger".return = "301 https://c3d2.social/.well-known/webfinger?resource=acct%3ac3d2%40c3d2.social";
|
||||
"~ ^/.well-known/webfinger".return = "301 https://c3d2.social/.well-known/webfinger?resource=acct%3ac3d2%40c3d2.social";
|
||||
|
||||
# Matrix
|
||||
"~ ^/\\.well-known/matrix/server" = {
|
||||
"~ ^/.well-known/matrix/server" = {
|
||||
return = "200 '{\"m.server\": \"matrix.c3d2.de:443\"}'";
|
||||
extraConfig = ''
|
||||
default_type application/json;
|
||||
'';
|
||||
};
|
||||
"~ ^/\\.well-known/matrix/client" = {
|
||||
"~ ^/.well-known/matrix/client" = {
|
||||
return = "200 '{\"m.homeserver\": {\"base_url\": \"https://matrix.c3d2.de\"}}'";
|
||||
extraConfig = /* nginx */ ''
|
||||
extraConfig = ''
|
||||
default_type application/json;
|
||||
add_header "Access-Control-Allow-Origin" *;
|
||||
'';
|
||||
};
|
||||
|
||||
"~ ^/schule$".return = "307 /schule/";
|
||||
"/schule/" = {
|
||||
alias = "/var/www/cms-slides/";
|
||||
extraConfig = ''
|
||||
index index.html;
|
||||
'';
|
||||
};
|
||||
|
||||
# SpaceAPI
|
||||
"/status.png".proxyPass = "http://[${hostRegistry.spaceapi.ip6}]:3000/status.png";
|
||||
"/spaceapi.json".proxyPass = "http://[${hostRegistry.spaceapi.ip6}]:3000/spaceapi.json";
|
||||
|
||||
# WKD: Web Key Directory for PGP Keys
|
||||
"~ ^/openpgp".extraConfig = ''
|
||||
autoindex off;
|
||||
default_type "application/octet-stream";
|
||||
add_header Access-Control-Allow-Origin "* always";
|
||||
'';
|
||||
"~ ^/openpgp" = {
|
||||
extraConfig = ''
|
||||
autoindex off;
|
||||
default_type "application/octet-stream";
|
||||
add_header Access-Control-Allow-Origin "* always";
|
||||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
|
@ -103,9 +89,9 @@
|
|||
enableACME = true;
|
||||
forceSSL = true;
|
||||
root = "/var/www/c3d2/datenspuren";
|
||||
extraConfig = /* nginx */ ''
|
||||
extraConfig = ''
|
||||
index index.html;
|
||||
rewrite ^/$ /2024/ redirect;
|
||||
rewrite ^/$ /2023/ redirect;
|
||||
'';
|
||||
# Mastodon
|
||||
locations."~ ^/.well-known/webfinger".return = "301 https://c3d2.social/.well-known/webfinger?resource=acct%3adatenspuren%40c3d2.social";
|
||||
|
@ -114,7 +100,7 @@
|
|||
"autotopia.c3d2.de" = {
|
||||
enableACME = true;
|
||||
forceSSL = true;
|
||||
locations."/".root = "/var/www/c3d2/autotopia";
|
||||
root = "/var/www/c3d2/autotopia";
|
||||
extraConfig = ''
|
||||
index index.html;
|
||||
rewrite ^/$ /2020/ redirect;
|
||||
|
|
|
@ -9,7 +9,7 @@
|
|||
};
|
||||
microvm = {
|
||||
vcpu = 8;
|
||||
mem = 12 * 1024;
|
||||
mem = 20 * 1024;
|
||||
};
|
||||
|
||||
networking = {
|
||||
|
|
|
@ -107,7 +107,7 @@ in
|
|||
fileSystems."/" = {
|
||||
device = "${hostRegistry.nfsroot.ip4}:/var/lib/nfsroot/dacbert";
|
||||
fsType = "nfs";
|
||||
options = [ "nfsvers=3" "proto=tcp" "nolock" "hard" "async" "rw" "fsc" ];
|
||||
options = [ "nfsvers=3" "proto=tcp" "nolock" "hard" "async" "rw" ];
|
||||
};
|
||||
|
||||
networking = {
|
||||
|
@ -115,10 +115,6 @@ in
|
|||
hostName = "dacbert"; # Define your hostname.
|
||||
useDHCP = false;
|
||||
interfaces.eth0.useDHCP = true;
|
||||
firewall.allowedTCPPorts = [
|
||||
# RDP
|
||||
3389
|
||||
];
|
||||
};
|
||||
|
||||
nix = {
|
||||
|
@ -210,10 +206,6 @@ in
|
|||
};
|
||||
};
|
||||
|
||||
# /modules/baremetal.nix assumptions that don't make sense for netboot
|
||||
services.smartd.enable = lib.mkForce false;
|
||||
services.fstrim.enable = lib.mkForce true;
|
||||
|
||||
systemd = {
|
||||
services.nix-daemon.serviceConfig = {
|
||||
LimitNOFILE = lib.mkForce 8192;
|
||||
|
|
|
@ -6,161 +6,163 @@ sops:
|
|||
azure_kv: []
|
||||
hc_vault: []
|
||||
age:
|
||||
- recipient: age1g2ewsxcu5uqlesaznp2qwlcz8w66pxh4qxkul8wu7x8g2hw83saqxynpyk
|
||||
- recipient: age1hg0mmua5y82ct7l6q9gpc8w940ce5seqcjhm4dgx7tlzvflznyas7v3hf4
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3UHhuYmNSaXZxQ0l0K1ps
|
||||
bGo5SFZyQ0ZTVzY4WEdHU2pLSUFieVZvMVVRCkkzcCtkZWI1dXpOck9oSEpTU0Vq
|
||||
amxKR2VjbXdTTG5QYlBjSi81MW1TVEUKLS0tIDI4Vkx5c2syeXFJczhmR0xnREJL
|
||||
b1RpVUZBdlY1K2RxVHpJOEFScEEyZkEKYlIVqGQornLAs1FZXoN/xiMliC0Rhx/F
|
||||
ELOsJciJrx67iOjHawSpZQf7+bGm2uPB8M0toM20w1uY7ZZoWQ/qIw==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBWUWg5U05pUTFPVTdlWENm
|
||||
YUxpODJvaDNmZEpOZU5yR2Jaa1lKVWlxN0JrClZLcXJ2TGxWcG1oTnU2a1U5ODQ4
|
||||
U09tejNwVWhST20wYUY0eUpYVTdlV1UKLS0tIGNsMXN4ZTRlam1SK2JadUxuVzlv
|
||||
VFZaUDg1TTV5RjVrNElMenRoclBjeHMKvxVO8MPEIyParOQrzbrGLhe8+66DnIhC
|
||||
pd7EvaIRYhRxkrp4aD5p+bV0sS0YUGlppD3kyHyNeSFzRp2nijM6Eg==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age12aukzah0pt2rck52hwn08kezyxueqz2f49ld7hpyuzmu847vavdqkunn5c
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwZU4xL05Na2dnSHdsNFZi
|
||||
OUQ0ci9ldTdwTm94OTVHeDBLOWczekZ6K0gwCkhiTnR3ZVdHeGRFblAzeForWHZr
|
||||
KzI0ZEV1LzQzeFpzeFU2UUs1QzJoVjgKLS0tIFgyL2dRbk93WWFLcXJWTUtpY0VC
|
||||
aStsdEQ2VUdRbkZqNHlhWXZuS3JUM2cKUVQdJx0SH7iUjBgn3Yw3X264q3W/BxDF
|
||||
Pyw6mqGR4ODXTuBh+wNSAOveb9v2EwdRrhIYvHOnKid2aO+QVuh1hA==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB6c0xCbEpPUnk0UEFxaGJn
|
||||
ZjRBNTZhVlNtVnVZaE9rNzlJS3FvMEhZNXdFCjR4aXl6UHlQTFJXalNabndObTYy
|
||||
TXQ0QktFYmZmME11S3B6RjRGRkNEZzAKLS0tIEszcUdxOHRwRy9wZVRGeHZWNlpr
|
||||
T0QvWjA1cnFMT25pWUQyZUo5TnBqUk0KBdvbz5lWy2zkmhvj0nLUW3MEyBOZoEsm
|
||||
7Bm8YgF9G8Oo+Z14a9PxphW06SSVD4kaF+Fk9tX14HFreXoiuAVdgQ==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2022-12-04T21:39:27Z"
|
||||
mac: ENC[AES256_GCM,data:PQtTAEXBgp6MuPl5+6SE/zaOuYGvDRpl0w9XYgUJJHhDqiIEQfcAYIUEKv+Dvtxj94TQZ3v2kjT4Y3FF0ROYIcN8H1K1PtVXRLu+vptr2+wZ1Mahg6K4Ukk1s0eiBB3vsGrMONqaky5Jqy4My3+0NMnBuIvlqErpoUT3Gin37do=,iv:RUTAvD/hczbaX7w7ROPQZNII3kTRnEBG6aMMkTHuV/M=,tag:XLgfZnnDM1ffv6uBLYJXmg==,type:str]
|
||||
pgp:
|
||||
- created_at: "2024-01-25T22:24:28Z"
|
||||
enc: |-
|
||||
- created_at: "2023-08-08T22:43:27Z"
|
||||
enc: |
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
wcFMA7zUOKwzpAE7AQ//c6WjwRlhTNzipOZ/5wIRDbfXdUvOntLEkVKm/Nb5MXCN
|
||||
WAOYhUwxujEAlxxr75JDpS7yglRN+pG2aL6HW26n3CglEJB8BssypnPonMfobKhR
|
||||
m0eAHFjBtYUxuFmupwss+p5CPoiR68zA/dZsbwukeyUSE77kiSp/L52PC9s5xUkv
|
||||
FYS5fhCk1mwHwmm/yygMyWWlKiG2Er6pDzBruZrPeV0tP1e15gglyrFVKDadrWqG
|
||||
Mgh5ifT8dBqgpwaP4rizLxDR4yh6gJ41mvKv3vFh/meb0NzzlrlYi9rpAdt3p/GR
|
||||
AcJaSWTSOQKcM8b3RqufEzebl2ncf42sDTvLRulxoH/nAtgftch/8Swn6CDX8v39
|
||||
cwSW97DlXd7M1T7bNpLaXegeH7ZrgsFKM4/uHeoqE2a2ujLCPFxoqTh6K/o5CeyK
|
||||
Ecg2BKgB1Rvr1/nKPci2ymgi2SqJXAOddN4L/4jk9O/d8CPXOjBEsUaafSxiGUS/
|
||||
3r0xOY+SFoxdivdVlBRRdMv+Re2Fyp/BFNOdt3JZ6lUMZGoY6QcjQ/kOyNbTXM+r
|
||||
+dyTwD8e0rVTNgXoewseOU0h+4NJ1kocvePHPlgzEyZh7MuRuVtCdXVC8zGEyClg
|
||||
jybFAPJU1y6xNxztWlpaL6QYdUKn6+MpRYECKAGz30Bu3lLigw21cfDDG8bOyqDS
|
||||
UQGfrNgCFwpjLAHeDIPCmvQU0SUegxwGY6wka1slA0a40hzqGL4hGCTZk+0x0abC
|
||||
AuLGg8PgoFO9UC4MHMCDLDcKkdM4tVRwCav3wkdMMseVew==
|
||||
=sEDg
|
||||
-----END PGP MESSAGE-----
|
||||
fp: DD0998E6CDF294537FC604F991FA5E5BF9AA901C
|
||||
- created_at: "2024-01-25T22:24:28Z"
|
||||
enc: |-
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
wcFMA6j84+xkv3y7AQ//QT7Slu59mgb31jzpHKi0l7aFJGhsHKLKj+JvYfVCBQxu
|
||||
CG5d/WI4hCwFftPFMjWJ2bzIvalmy8osRmydor5uPaWfKn+4olY59WwJ8np8Bbr1
|
||||
U9pLHPTijB122zLXPC3uaKSfUJQhZKfi5ugDT5ZJKqo713AMhnERcFTz/OnnXCTj
|
||||
SgEETZuukJFpRk4uppZhydgdqtaelGyAWleY6Z040CTroQD5t1VAC1Wqvswyj5dw
|
||||
Kw2D3ebvlXdLhIJpFdTcJXRpqYWQgUNWb//u0Itlf9j0BIJ1Bpy1ZNfVE7N/uPHs
|
||||
+Co1eYAbzpa1bELZ5veyjjXKH8QnkgMW0JIhVl6dGFr4R26rzwiOVJml1W5/aMDY
|
||||
uISZjImGKnvVKqZHpRI19N3YlJCLnSVPVC79HrwXZcv6hXqX/Xk5o+l66KlCLYlL
|
||||
ZvK4opqnPJHRgyX0xx1dm0Qq82bCMP7QXD7Ap50hE5v2FL3lrZv6XKc/n3y6IOEz
|
||||
bp5hJIDpcIzSk3ZI+Sl7NdoPfT9oXbozW2v/aWB2FnJXmltIOEv2Es5AA6fNEr7u
|
||||
NORXHo6HZjdRaGz3bx/MQ3v4HKasS2yMd91gvwx+AnfIcWE3j6nhWyxlOtl6jlXV
|
||||
P6+TXTGO4SKmayMtXYUQzHz1mL7jCvxcAKWJM15IEAgMtsd74Vbt4SPo8k9TfajS
|
||||
UQE1yXVoUERVJrI+YD0wOXpk2MTN85ozzCLbF7U12SjE3fm46fBiLY3gdKMiXMqi
|
||||
4GZ9LgrT0m3L5ObSA4f+GuVTpk7o0BwVoJC4BzvBia5zLg==
|
||||
=vAXK
|
||||
hQIMA6j84+xkv3y7AQ/+I/dA8dcr1Grt4J6bKlwZzjx3AGVRqEBJEwDCkghqUZMR
|
||||
riXHZxQaz9QFSKCxIgAQMbVDehyAyK4Xn6h9eEh5ltPlaU/pM31mkZaISvZ66mQT
|
||||
5vj4J7lJeqM+DuTlp3NVEPRsxW3RVt+Gs+HpMCU2ZgywH5ratahdqvYRkrTOD2kX
|
||||
rbpJwU/tzzdbePWhf1LiGYVjD9p7/+0lWC7FQ/QXrgxJ5x0guUSYokNzZZ6ok9iU
|
||||
Wypkgepfxpa8jvxECYUZMdFQPesm/dOcq4ppnpz6ne4ZaQxDy1237OmPDJI5fNbE
|
||||
kXbuTqdS6ipT4kn5Uw2Urm/5Bd0iPQfhABCHMoubDTEq9Bap7gv7Zp1Up4BlUbdZ
|
||||
rquHs7iKf13RekvgCtrl1+J/arh8K9GexfzQyHkVfQufibIYeiKi30O52wOzUrwg
|
||||
9gN2YSCdRNXTvAJS4eTsAtb626nY9lggX6knHLga3kcJaRYXzKA3qqyJuJK5hoy7
|
||||
nt2c/vNO/8JSx94pa7ualI/iKW51WWjP3p4xvaJ3rf/AkC0UUMS8i9Qii7zMPNli
|
||||
1uw9HhTYaJ7XPQCLgsolOuHuMA+XXzgJRllOMBfh0YBXKocux6wJSh1aCe3ZY8vM
|
||||
fgEsx2SCDZ3RZpNa/aDUTWdgWKMWG1zM+K+3iKsv3EWnh9ySWZVqqqI52p22BRHS
|
||||
XAGVJHi8cKkmOvU9JEOwDoakbJt1UXYrvRzUzwQzhTST31rbDCRmcsmOxuwhTAiv
|
||||
RTyy7+mBerGCSlMytSFhYag2iR4risUmUiTnYkG2pHgwK5HJ2STNx0vnI0Ht
|
||||
=3vVQ
|
||||
-----END PGP MESSAGE-----
|
||||
fp: A5EE826D645DBE35F9B0993358512AE87A69900F
|
||||
- created_at: "2024-01-25T22:24:28Z"
|
||||
enc: |-
|
||||
- created_at: "2023-08-08T22:43:27Z"
|
||||
enc: |
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
wcFMAwMCBBrc/JA6AQ//XP54PiwjVinhRdjUz1a+tQHjAqyFSNrkauzTst+BHZSN
|
||||
cMzipv5F8VxPKgFaSSHHHuWw1Kx5eYvMQXXgROSVot5AJbk5Rd5t6AC/6ZQTMbwB
|
||||
HAvhvn66cRxQ4ybG9RkPeGRpHOXfY3ie8r3LDA0Th0ktQetbh3escUXqH9/Q67/y
|
||||
mcaPQiU9qIbaZkXBnCKxV3t1CUmmEZAWN59hTNrQDbbVg8sgs6X9Hwep9U1A2vlu
|
||||
eESqEQ7FiKxpqb40IRRGIQLxegPmKUsvKtcpl1a23YI54CK6cV6Mj884P3XcVqY6
|
||||
MriBUsbTCwjlnNGa5k/9kiVLneHsCYmEZdjTyODaiL+zaKdcGbG+JPKvabTBU5X5
|
||||
SXcTAZ43cASjF9ODfh/pJ/MXaQNby0PhdkbxOa9wsvqsoOn2Rydd14NLvMnqiWft
|
||||
XWAZ3UEEoLSMYw44zc17t3z7aCFbK7eJ/ebLgvQcvpdWASjiXJQNrrFPpBS1Nx61
|
||||
PO+N7dxLa2YXeD4NoScNn9qrk25lWjK7dd0Uqx+EDnMTkbb/qF6tkjBR8UEJaDru
|
||||
rlDdsTXHGmxJO+TCIwxprlVp1AccdXcF05t4WTKfv1KzDXkpcYQfB2YoUT/bvuha
|
||||
UuIqdb/rtccF72anyBlCrSOY39F3QdfI53BtrVB6pdByOlBQMPRWwpLyHS1DHgDS
|
||||
UQEm7Gy9W1yBSr/2qV4iLmgMAu9neMXBTCL672eV0ixGTz/vu+rEq5uRSeUdyvbd
|
||||
gRQiFJlS5WsWv5/NQaVZOzma9xg67k6meYjtj2vU1vUgSA==
|
||||
=hqjz
|
||||
-----END PGP MESSAGE-----
|
||||
fp: 4F9F44A64CC2E438979329E1F122F05437696FCE
|
||||
- created_at: "2024-01-25T22:24:28Z"
|
||||
enc: |-
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
wcFMA/YLzOYaRIJJARAArYjI+XeF/p4orvMtdUdsYhvyPdguESKmuj5GQ9dcfu9T
|
||||
rx+RvDwSPSYVP+o2XFfV0LhlPVXBIYKzfrEcShVedgbL7qVMYwjdeDUvJ8ZWOSr9
|
||||
lD4+xSXXd5ac+cXNJvba4XcBc5xLsEpGb1BmqMscF3ELw4BdQXXSHs3FrL1lOIKc
|
||||
aw6FcVIYMQxQFAFE2CboF3hSPqyPnyOxkyFDQl7DUtNBM+3dnTj1+vx72MDLUYAt
|
||||
YVYbpelSQBO4xjxx1HshBYbPbkBqwzm9eXcXfsjWnN3IA9TyIP2YsgFl/aENqFK0
|
||||
uhDShzwPvawwK8841z9kcaya/EwDvXngLnQXGKV/WHiVDgdJq7ZkXSXChAdE42O+
|
||||
rpHzEwdY9xkZ5s6OzTexIW6aXsahi5jsH38QVAYbc9p0ONKKgfep72195S9MWSX6
|
||||
wYQWFufc5RSkhG1qlVAdjRbA39ywYftpCj3XZ0hW6VMulDVV5rATZbuWWuJ59ON0
|
||||
++ExJIfmTD1PrZNTHVX791CzoBJgiH/mAmb9Wsu9N0qsB+eWKXQRc5eilIBu9B/G
|
||||
QpiJ7n174N8Y7bHZiFffF/Sm3QyYRahWjR0e51jOO0IjjRZxvYgHO0DhRuJrf1fr
|
||||
fCm5pt5Ln8zDrSMnwReiIKz1cwZrd8CQLBnQRnZULoR6ydLrnqFRqfIENzhCTFrS
|
||||
UQGZ6LvF0ALnwwKS+tjSjAUgpr3nJhlejlwf+GhkuPaLYDzEqlU8SzSN+W++RYwM
|
||||
5wzRD2g+w1ilcALf97GGuCqf641wmH6QpS2jilHi6uUSrQ==
|
||||
=Jb2A
|
||||
-----END PGP MESSAGE-----
|
||||
fp: 91EBE87016391323642A6803B966009D57E69CC6
|
||||
- created_at: "2024-01-25T22:24:28Z"
|
||||
enc: |-
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
wcFMA9qJIVK2WMV7AQ//SrZDDmsI7Q+JKZNobBD5fY2Kk3cYue42L2Ek07+5UrEH
|
||||
ccvlQTTvHzQMfGBHYTFPNFI6rQKEMTI93WWgShCyrL5cY4CsFkxBgf/pzeWkTEbW
|
||||
LWBrtdzVvJMC/1D+V/RnVNj+E6Yc1K2MlG1VNvz9eeReQBELBbPCsy07WvSUREVo
|
||||
n/lSJ9EqA5Mcq9BS71UqaCBnehH3VWxZlJ8zBoHt8TrIxWr9Ha3iHb2rF7CmGvUT
|
||||
KrqJzIhvgIJhOf73bgMi6tKG+R3LcAso9+an34KUBkQTdLx2UtBbLiEC9tR3hKG3
|
||||
kkIAHa4dluOEpNB83KZT/DU8aGIVO+YfoHJoMKrXloR+JiWvfgO6PYtE8gLR1fqT
|
||||
t2wn0W0N5xSfDh7Pat9NOSh3Z3Ft3clrFasGRrOWQsJABUgzkEU4WXfVnxQeAXc1
|
||||
5AHISWErVklsSNf8tsDi900HmR9Cy3EyAmSliwU6R1Zulz5NoDQ433SYHK/+F11f
|
||||
pPite+xoruwGm9mieToewZdWsGaQkNmYz1kTLERp0hVrjjojsb1zf8VxEQzrgwO6
|
||||
Fg1+evXneUnvPYdCHO8gvXJqIpcebmcW8iUb3DwXrsVassmwVvb8Iev0L/TnJy0z
|
||||
G1yzCOc9ek75QidOUzunVvDpYtoFfCc0EMXv1lax8fjZXN18pfRrdjw8IcncyhzS
|
||||
UQHZr8Zfg/6nqzktqoYsNO5CLFLz0NFhkkiKMGgB/XWAp1GqXG3YLIWlDnosW8Pj
|
||||
2UGP+3k7r6Iyvwz5dRCsSdSH4Y3APDNkVDgNEroO9C/xOg==
|
||||
=HitH
|
||||
-----END PGP MESSAGE-----
|
||||
fp: 53B26AEDC08246715E15504B236B6291555E8401
|
||||
- created_at: "2024-01-25T22:24:28Z"
|
||||
enc: |-
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
wcFMA9XEenRNYVGHAQ//ThxdstNeean1d+W5wCjsu8zlv726qJfaewXdujZWK8J3
|
||||
ptzZtFUl6WbmEB+8ywDcDY0GMqlbU9pMr81aoRgkYbxxJ/OdNCZ78aSQJklmcfuG
|
||||
5qw1sqoWCMSWEjCTGgICSVQixhePI/k5T9vijoc7c/kT/ZYRrwBv5K+qRjY32y0u
|
||||
fsCdSMclXbnH973tDEZmNvAEgo5YALMMF6Lmmq6Joq9Kd2Wh7YkFPL5b8DYJX91l
|
||||
khgxwkV+YiCec1xiuXIpDyAUd76MTCLATbA9TpKPK2mcv9un5dEO8DEBTnL2knDG
|
||||
1ks1bNKqbdr8PyvEvpFJKVzVW+Tl1yB+tTLh9oVLOiLzRy+P6Nx8+DiwIeFNoDPF
|
||||
OwWuQ+eluLuQxs0rbFvTu97j0UGmynd7PKIbM7xyzFgrZlkEavdF1SK0F29aVA5d
|
||||
eNjLYjecyDGAuQ2tqMN1TuOTMP0QJSoSWPAQ538IgxuVZCiUCrn3pNQw4qZyrSln
|
||||
m2kmYlhYrpJD5Vdujhubgi239dTYQMhPDuvKJbtYMquT01/Gv7XNJQc+4NVPj5mP
|
||||
/qWhIsda+ZyVXNapOFeoZhSblQEbyGUuWrylhDBwgIU/GPyjq9leOCQbp8F7Hv7n
|
||||
zjMszLraT/HgEw6xCTbyZ9giKn9pZvrjjPQq7usrAxzLD/MQUlZnHV9AKZ1MzWDS
|
||||
UQHOIluqXp+3guITV8vTM+pqukvVenmDPpru0P4dxuGa25qmDVLLHKmjDNuIX8QZ
|
||||
+VGHi1xIxfMeG6l7ZnlRg1ccWH4CCpUACusYcYuL6eiwLA==
|
||||
=ewXp
|
||||
-----END PGP MESSAGE-----
|
||||
fp: 4B12EFA69166CA8C23FC47E49CD3A46248B660CA
|
||||
- created_at: "2024-01-25T22:24:28Z"
|
||||
enc: |-
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
wcBMA45bZkLXmBFpAQf/Tlbk9V3PFbUWHux7iodUqGF+NzYnZhLu5z8OLZ9zvyxU
|
||||
RuVIK0sofnF7h1+W0sDFOkyFPXOq9lwhiKSmbStaBLwwmalogFYP4GMmaAorcNXt
|
||||
UuCDzX7imaTNbcemgc6Q+DaU5VhTUkrcJD+Ipq+fN29FuACtlPMiPf94PEaV3hVa
|
||||
h+PhJ+ryZcxhXZN3s1X9k8IC7i/IsGevoodpEMlX7ClFYrgIdMlcv0fsGXq6QdhO
|
||||
nX/XSP//ifNX+TyvWV4oilxj3KCL+3F+hd7oyCr27fvH2XyCBdvzWKR1KcfFLOti
|
||||
NeBDQRzvwcprhfjHxbehsN37tF1BRYz7B4Wo/0wL8dJRAReA1QjQjsqahcwR/U/g
|
||||
dQliYypHdEjy/lMSl8zN9vW4joY20q1nehaRfPgFlV4UMoIqUHFR3xmBWWBxE8Aw
|
||||
EUMSxPMPEUXchXjvgXWzUT5z
|
||||
=opMv
|
||||
hQEMA45bZkLXmBFpAQf/T5A1TKNhvhXsqHk+oMgnomqoh6u5MSc8Lx4ST0+HKANm
|
||||
zqJC7gq/lqEedcQcfiqIljBhlR/szWxp1R7ciB9uISGLNYJXT9duCjIiMJHCqC/Z
|
||||
DgxIF2HdKmJKGxbzFeAxcOrPDUrZYEk0V2APfTC451lWjcI5Rx6K/limKm9yn8/A
|
||||
62i4BbH+hcGXl5905y5rGIQNUrcD2IsdondtRIIT4R5TQ8PGIXle1R7NLbNyLsJD
|
||||
I+qwy5wczmHz2u2vIxGY6T/Vr4kObB8gZuEijNY9tldGvhnpySmuIvVRFUAt5Pab
|
||||
fZmU3v7G1DvjvX2fuc3/iQR0xjn6btev04i1clMobdJcAVt6KbyLar78Z8m1vMWS
|
||||
VoCXvAk/HHkzc25h74s8aq8SgLmpBedXXzoQmq+an64YNEUTyxjB1GveNm91EdoN
|
||||
44fcAHG6Ue9v6i9hmEGafBULYfyd6VUsMR2W07g=
|
||||
=Fg/N
|
||||
-----END PGP MESSAGE-----
|
||||
fp: A4B0F5A80C2E2448A97BEC25BB829C4DECA6CCB9
|
||||
- created_at: "2023-08-08T22:43:27Z"
|
||||
enc: |
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
hQIMAwMCBBrc/JA6AQ/9HBv8xJUvy3C7pl5V9FeaA+QU5Yz7G+NT9i8vuJVYkR44
|
||||
pnbWgZqua3VtkvLCUwAVELCzL45M0QQEP9dWYtR529eC7wJ27QB3yuLFhN6UfRwt
|
||||
qzBM2GDm9XnG0Sp0+tcEb4dy0EAPZH75pswdGv2ndexS1BUzmDDOmxFZ2uq4dNv9
|
||||
HlnXSWgZ6dTsY238zlQCtw2v827bLQX0pFHL8twFKWw3KBN5l9fR7rgPjOBf8UPM
|
||||
Zkb7PLcql3mGylioEElOYxLDT9UtSwmvbSxVO8DGPSN8Be0p5Qj1Pe75uqawmJrA
|
||||
cMHnY/woaLa+iBZIOo8iqMcwSdT9ZxIXewJv06P185V7D8fhlIyebgfIvIIQVKJm
|
||||
ov0EPEmEhr90/hX0MzzjcWpiJxd+TXJiToFZ2QhsANQ/8pQLNy1wq4moNquPmmRj
|
||||
d+atejF+HohzjtDIDcpUtZLr0uzuAZu3qDQt+1o4nlVjtFAJGAYQ3x0kl3dpxp6L
|
||||
QDvsioufBoeMnI0WB+d3N2lW873JdZXG9BLTndjl8/50HTMoIMpObZ7xY12cbywh
|
||||
36GF02w8u8iGtTjQWpGUk5uAL72nbUbssCvCOOKaiaTKwz+oqcGXs4qOCEejHI7b
|
||||
Nx3W6K1NyrL+v321/evKbXvq2u3NW2l2g/paTbNR1psxraa0yCpOu+NWaZOsVJDS
|
||||
mgH/c6DIt0EidrA+6FNLGkg0ieGxVnthQDZ3dScneQcXX/MX9d0HgdbHyZuSH56y
|
||||
3y1iRpwNuFnIUWqMWAN+xcRERVV4rG1xFglnUrSKvlTI/iKFim4ASQMqmah39Y4R
|
||||
TYAZZisU7V/Tiv5S2yDWncOwR88FKE2DjmgecwUuh0F5/qjGRtlou9YfKiIb9VKp
|
||||
ymcToacDPVmw3pM=
|
||||
=wukA
|
||||
-----END PGP MESSAGE-----
|
||||
fp: 4F9F44A64CC2E438979329E1F122F05437696FCE
|
||||
- created_at: "2023-08-08T22:43:27Z"
|
||||
enc: |
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
hQIMA9XEenRNYVGHAQ/+JbHT8tY2exeqU5c7Nrqvehnhqc1AQxqrbB4lUDl3d2sV
|
||||
gSoEsUOT2R5L43bGrM2om4/+ENMQq2n8OqgkV0u30yfDWdnWk5IH+MyoMEADfzpw
|
||||
Xc9xr3qJx+IoCUqrXx8GnBQUsYc3iOY8TFRksjq1nBwEfMOB8DJ23jbJFc1fM92K
|
||||
3NtKUU/1T3TTBPsSrpekQK5T9jPPqTRyDbaNYSEOrniHwnNbRX6sn2BnACis437E
|
||||
CyjyHS5WDL+oJO/9Upeq0667HriDL+M/pE6MJiNaucpblBALRPbgL78unfPDF5vr
|
||||
MVzvr2Y8yTGbcfME9Joj2TwostKdwvE6cKsHzF7wtbWxzdSh0B3BlajbsRhusNoo
|
||||
1oEsMtr/HfUjHtTaRs2a0lv9QywPxWmsVxu9uKPq1ELfU6yPodEKxycsLecMVQIk
|
||||
W3enP68kLDk80MJvzKUBldcdDtKbm33Ix9jeot3pAhSNxV9rZ3eJc5JastkcsGcl
|
||||
o3l6imet8cfvk7KcxoVKe3eHotNPDciejDlG9GQm5dPObya6ZBjMxnPXySOtwjO5
|
||||
FyuMNhizdkp8/IFrWSdxFprvcEKlhOHiUaInxaViWEYFdOqxt18HNHeFDF2ZEMHk
|
||||
czX73VQXsrSMXOomm3x/PV0uhvRl8iYHKeO7u3RwR5qB+whoq6yuykYPR00OEi3S
|
||||
XAEbohXhiNeK2Is+XhwSuZ6wwDYmzu5EkuQHGIaokQiNzLhM11GbtcVbdma5wogc
|
||||
vLmz4s2HdgjGhPkJRc6bkabeh5SxrVIEM+tiEQ5kDMN0CXGtb/HMK9oCSyEQ
|
||||
=Yogj
|
||||
-----END PGP MESSAGE-----
|
||||
fp: 4B12EFA69166CA8C23FC47E49CD3A46248B660CA
|
||||
- created_at: "2023-08-08T22:43:27Z"
|
||||
enc: |-
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
wcFMA9qJIVK2WMV7AQ/7BGNJ3fGELpuD8QovJ7SxSDBQoWeDI+ooKLgjCq9LsKhV
|
||||
Qq5n3o01/LbZofAHt95gc+mnFlEswp9SEzWplVqw/Jz8FR8hTAl9ltZMYeN+Xo5H
|
||||
/EcIt/ekjCJVTvSNR+xaB5B4UI7tDE7Eq8o0RovZmqri5VHFPwe3kGAzgGF9uTiN
|
||||
qX8Gn4PVfHbTAMyEKbHgpK1mS26rMPNLzp3O6OPqpO6dYhGNpvMSPfoxFEYgGm3j
|
||||
qUXiP6g6xrxBgYA0bOKmTCWr3c41m5uWl5cm1Qbb/dF3PNI8kG38XMOuG9v9/56p
|
||||
pbG52JGL1+5lmhWNiBwPtyXtog8dKlMCfYFHJ9NmYfcDsnX+mu2U+G3ZExYGygfJ
|
||||
2xEyMAwURrm/BEmFtW/RWTDV2QM45VG6K/n1tthiucjVoOjrR21kECZl7JRYfuvb
|
||||
ikLxDTOVzFigjTUFEluw978uqcyFAeQ5trfdCaBvbvJdlKDRPSZxUszjSCkwaS9Z
|
||||
wO02Em69vYgUwTnXPOFy5gdDdCG30ng1zMwUHPUqBU5YT4FsYvMxvlTNFnP8jNCc
|
||||
egPpHVM45ymYF5jX76M3xAnlg0v8f4jqanjfSRX/f9mOOymZZ9egE54dw1RaglXL
|
||||
dk13NESKOLe1ciMTFb5tcPFc8Z6Q8OSpLxJX3bCKYcAFeRP4fIvROi0jua3nefXS
|
||||
UQF2MHhUsKHYRy2OcdO1uYCfZ+t7l+6KJW3q+2LL4NkO50GFeOgUQc8fuCEI8ZDt
|
||||
NtHVl1YkHL0LIP1fdtVhF/EERv9l5NAVCyqbkGVIxvNLvg==
|
||||
=4SpI
|
||||
-----END PGP MESSAGE-----
|
||||
fp: 53B26AEDC08246715E15504B236B6291555E8401
|
||||
- created_at: "2023-08-08T22:43:27Z"
|
||||
enc: |
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
hQIMA/YLzOYaRIJJAQ/+KMsmtkmpApARmcgnysREIK2gSyZku2fm25C4wC+gEksH
|
||||
TZ4mKETUpgJ4PwKqJ/1Y58P9+icUM7UsEJWwtJTEDWqLw95NfPjSdOijiKZg0r0/
|
||||
5HR3lYd6bnNghgTRflvh7dOCSzWKurVLTsn+yWjAY1USIEf/rqCYHzTxqKvYVR3d
|
||||
yMUiECMkLteLaOlBaj7lRQPV2tELyaql7ja5tYp3by883nwZ/FBemD6GV9UHD1YO
|
||||
iRp0NsPVYrpw46C9HmKCNqGPQT8AS0NKlZucKMWXSyHGFFu3nHvF8ab1VkA3p7rx
|
||||
yKW7cunjJlN+wrfWo3uB4zuEfgj6JT5xHn97lvxpWH0pYDkdRdOV5w0e76J6FotZ
|
||||
gkC0LeH2srsFwNMDRJvNO7s2ZxNwF1RYtNTsg+05Z06VOupDLauTKQGzSHhppcS+
|
||||
D0U30MyvUYZVJJPe21Ygk/7BMR8bj0SDsM1JTEKT6/cS7Ojvmf1uF78wf/l+l4B5
|
||||
+/La0LtdWR7ootFcxgzOmA6dx/2gEdmsdY+KqDC+G8f4jl5fSTcVhCvsuc2BaZbJ
|
||||
yAkvYNnWTlCz0h+3SPpFWIlXGvzCD98DpVMH53+HYZ9+ZgwqlsSBXaS4wmrI9w/D
|
||||
YQF07JZczgczNqNxEleHQeT/j8sDXDxe8dyAg35/mFkFRsbNHJiGpMwMrarF6YTS
|
||||
XAGUWXqy/akJgaxAftxkYtbBheVVA91NAAaF0ihYpduS8ODORrXgaROwgGNNc0K5
|
||||
MPbniVpaQyl0lVU13eZxxXJx1Iuhl7yPosHUVYA+Arnj5VNG8h9wDS2DfpXR
|
||||
=nMM4
|
||||
-----END PGP MESSAGE-----
|
||||
fp: 91EBE87016391323642A6803B966009D57E69CC6
|
||||
- created_at: "2023-08-08T22:43:27Z"
|
||||
enc: |-
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
wcFMA7zUOKwzpAE7AQ//bAvQABQJBfWf1A95ciTCCRY47U6/IUpLUF5C/te0c3xp
|
||||
yiEL3Ic9/vGGf1mXonAuewy4RBM9W/g5TDwwNPblNQ5B4xqr8MCg0n0GECHcQip1
|
||||
dsP/VW4DPpUiR7jjfVy3XFpYon4ciWhGis7J3FP57v4FLtwxlPZLEHvyzhbU40f3
|
||||
mp5phiRBzFViUl77Y1iZdsGXovuLmbvtoRfwpH+UrE/Ko78msmRXYvUcRw5iGoST
|
||||
jkWnLTzgoIeDQR1C7h1o9Gfnok26PPkRFg5iX2LHJea6MMC+mIqomwoIy+wLztgg
|
||||
r+pjv69fGvR3jrqQrP6U0koZ9Bq1qGVVtAnKaWwict9lVYbulGWLdMorrj20ppDh
|
||||
6b8xb0bZXwhdcPb6RHtimzBq+9/N/Ip/oWtIlpQwJiCYPZgdOsqrNlNe4GQA0e3S
|
||||
mWr7COl0N/NIiJDAxlkHz0Mq6pl2+sH7hqqsbaqHY0aDoPo7uRj8ImP68n7h3gBu
|
||||
D6+1sIIhLqEpc2y8CUnYeF0z3bk6czdysurL87vVunfCgsqf2xS84dsKi5+qn5Vy
|
||||
IUeYLudYfvM1V/fo02QSSuWtc1BSgysBAmDSqJtLsd3tHSVVkh7JDIHiiSBzDdkA
|
||||
6pP9WqvIjzax24n5zJFKvdgrj0m2+ipN8/eD0UPQ7UaVV+4CArng4pRZo80U2lnS
|
||||
UQGsTGrz177oe4P34kouqnkXUSTsxpjT2PZctkBZoQQhJa1uaWY0AIpHWcY6a7dq
|
||||
b5WL+6Qwh0uDA+847vyhFZkS363TWnC1cYfyU/jb03fVeg==
|
||||
=AXtg
|
||||
-----END PGP MESSAGE-----
|
||||
fp: DD0998E6CDF294537FC604F991FA5E5BF9AA901C
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.7.3
|
||||
|
|
|
@ -3,7 +3,7 @@
|
|||
let
|
||||
address4 = "172.22.99.253";
|
||||
address6 = "fe80::deca:fbad";
|
||||
neighbors = import ./neighbors.nix;
|
||||
inherit (pkgs) neighbors;
|
||||
in
|
||||
{
|
||||
networking = {
|
||||
|
@ -92,9 +92,7 @@ in
|
|||
'';
|
||||
up = ''
|
||||
${pkgs.iproute}/bin/ip addr flush dev $1
|
||||
${lib.optionalString (conf ? address4) ''
|
||||
${pkgs.iproute}/bin/ip addr add ${address4} dev ${name} peer ${conf.address4}/32
|
||||
''}
|
||||
${pkgs.iproute}/bin/ip addr add ${address4} dev ${name} peer ${conf.address4}/32
|
||||
${pkgs.iproute}/bin/ip addr add ${address6}/64 dev $1
|
||||
'';
|
||||
};
|
||||
|
|
|
@ -1,142 +0,0 @@
|
|||
{
|
||||
dc16 = {
|
||||
address4 = "172.22.16.1";
|
||||
address6 = "fe80::250:bfff:fe41:5e57";
|
||||
asn = 64616;
|
||||
description = "Astro";
|
||||
wireguard = {
|
||||
listenPort = 2325;
|
||||
publicKey = "vCtPRpRc2SbTVRxKB6v7qL4DwaGvBAwh4z3uVFeh9BU=";
|
||||
};
|
||||
};
|
||||
dc24 = {
|
||||
address4 = "172.22.24.1";
|
||||
address6 = "fe80::cafe:babe";
|
||||
asn = 64624;
|
||||
description = "spaceboyz.net";
|
||||
wireguard = {
|
||||
publicKey = "5GyoCIRvTeUp6nSusZ8CMNVK/kjUTk1qkOSxKDW8Ng8=";
|
||||
listenPort = 2399;
|
||||
endpoint = "spaceboyz.net:2399";
|
||||
};
|
||||
};
|
||||
dc98 = {
|
||||
address4 = "172.22.100.254";
|
||||
address6 = "fe80::c3d2";
|
||||
asn = 64698;
|
||||
description = "inbert.c3d2.de";
|
||||
openvpn = ''
|
||||
remote 217.197.84.54 # dn42.c3d2.de
|
||||
port 2327
|
||||
comp-lzo
|
||||
'';
|
||||
};
|
||||
zw = {
|
||||
interface = "eth0";
|
||||
address4 = "172.22.99.250";
|
||||
address6 = "fe80::814:48ff:fe01:2201";
|
||||
asn = "4242421127";
|
||||
description = "bgp.c3d2.zentralwerk.org";
|
||||
};
|
||||
dc113 = {
|
||||
address4 = "172.22.113.244";
|
||||
asn = "64713";
|
||||
description = "martin89";
|
||||
openvpn = ''
|
||||
remote tunnel1.martin89.de 40533 udp4
|
||||
comp-lzo
|
||||
'';
|
||||
};
|
||||
dc4242421374 = {
|
||||
asn = "4242421374";
|
||||
description = "eri";
|
||||
address4 = "172.23.64.129";
|
||||
address6 = "fe80::0302";
|
||||
wireguard = {
|
||||
listenPort = 2338;
|
||||
publicKey = "rve99NGZIJLB4mPj2M7mjQmTHWMkLo5sXvFuur6TKiU=";
|
||||
};
|
||||
};
|
||||
dc4242421789 = {
|
||||
asn = "4242421789";
|
||||
description = "gregoire.boillet@protonmail.com";
|
||||
address4 = "172.21.93.97";
|
||||
address6 = "fe80::17:89";
|
||||
wireguard = {
|
||||
listenPort = 64699;
|
||||
endpoint = "217.12.209.150:64699";
|
||||
publicKey = "ifxB+zSOdT5vJ/HfdXjvphy962rfezrA9CWYe4ISTgE=";
|
||||
};
|
||||
};
|
||||
dc4242421602 = {
|
||||
asn = "4242421602";
|
||||
description = "toon";
|
||||
address4 = "172.23.162.33";
|
||||
address6 = "fe80::1602";
|
||||
wireguard = {
|
||||
listenPort = 2339;
|
||||
publicKey = "D9swl/xZOhTDT57IMf9QKq+FR7plZHCtbMo+SE7uJg0=";
|
||||
};
|
||||
};
|
||||
|
||||
dc4242420604 = {
|
||||
asn = "4242420604";
|
||||
description = "http://blog.cas7.moe/peering/";
|
||||
address4 = "172.23.89.3";
|
||||
address6 = "fe80::604:3";
|
||||
multiprotocol = "ipv6";
|
||||
wireguard = {
|
||||
listenPort = 2337;
|
||||
endpoint = "de1.dn42.cas7.moe:34699";
|
||||
publicKey = "1dJpFLegKHKButkXqbv1KLLMTmS6KtFkWBz6GRo2uxE=";
|
||||
};
|
||||
};
|
||||
|
||||
dc4242420197 = {
|
||||
asn = "4242420197";
|
||||
description = "https://md.n0emis.eu/s/dn42";
|
||||
address4 = "172.20.190.96";
|
||||
address6 = "fe80::42:42:1";
|
||||
multiprotocol = "ipv6";
|
||||
wireguard = {
|
||||
listenPort = 24699;
|
||||
endpoint = "himalia.dn42.n0emis.eu:24699";
|
||||
publicKey = "ObF+xGC6DdddJer0IUw6nzC0RqzeKWwEiQU0ieowzhg=";
|
||||
};
|
||||
};
|
||||
|
||||
dc4242423804 = {
|
||||
asn = "4242423804";
|
||||
description = "eXO.cat";
|
||||
address4 = "172.20.206.33";
|
||||
address6 = "fe80::4242:3804";
|
||||
wireguard = {
|
||||
listenPort = 2340;
|
||||
publicKey = "uAsya5O3yoCQFSpZiDhUwsjWQIaw64//eegHf8D1+ko=";
|
||||
};
|
||||
};
|
||||
|
||||
dc64738 = {
|
||||
asn = "64738";
|
||||
description = "welterde";
|
||||
# address4 = "";
|
||||
address6 = "fe80::fcbb";
|
||||
wireguard = {
|
||||
listenPort = 2341;
|
||||
endpoint = "vpngw.edge0.denue3.welterde.net:41003";
|
||||
publicKey = "In8V093CGV1sLK0XZBh86fJvGW1SCVkYbxR5/MJXinM=";
|
||||
};
|
||||
};
|
||||
|
||||
dc76140 = {
|
||||
asn = "76140";
|
||||
description = "feuerrot";
|
||||
address4 = "172.23.148.1";
|
||||
address6 = "fe80::2342";
|
||||
wireguard = {
|
||||
listenPort = 2342;
|
||||
endpoint = "home.dn42.feuerrot.org:51839";
|
||||
publicKey = "aoq7ctyAf3P9aohQYLhbFa1LbPMFx93tWYpFRr1CfB4=";
|
||||
};
|
||||
};
|
||||
}
|
|
@ -29,12 +29,6 @@ neighbors:
|
|||
dc4242423804:
|
||||
wireguard:
|
||||
privateKey: ENC[AES256_GCM,data:O04wJJ+YIbyXgNbr5Z6T1uFr/8xQDK28Hciu1hLu3cf48c4efSro5aCyXYA=,iv:lOoTvVpqb6lSUDXi/EIIXlLjFbd44hCgzmPUVllRrVg=,tag:KHWh1a6JjjSRvYcv2onVGA==,type:str]
|
||||
dc64738:
|
||||
wireguard:
|
||||
privateKey: ENC[AES256_GCM,data:br0ZyD3yU0Ix+JyXntbsbogtvRmBVE1DCIuE4DHZy5Ha+VFiXf49oAcqq1A=,iv:wvdYurVY7UG9XcutsEAOkFzGYod85lUdcbDkbEcAf2w=,tag:zZdIEoJxaJ/FffGngOWVEA==,type:str]
|
||||
dc76140:
|
||||
wireguard:
|
||||
privateKey: ENC[AES256_GCM,data:1+5eJa6lbQlQ5Wh6BxSZXqICbiammadEqgLrTyrx+sBKN9HKmRxBmTdhsf8=,iv:k/QerH5iFq2xJSohiEljS1hybLWmOecl4+TFswZV1kM=,tag:4jmVPTP7NPx8fwLS75OQNg==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
|
@ -59,8 +53,8 @@ sops:
|
|||
UW9MRTM0M0RiUDRVQTE3bGxaeGNuWWsKMwFqlntiTNn/5pFpEFyuKvyKJPUJFXui
|
||||
7W5COcr0Gzcy9Jvho/RoJVptCNjt1am8GNvayN61BtL2AvxqmM5s3Q==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2023-12-28T20:13:47Z"
|
||||
mac: ENC[AES256_GCM,data:Plw3BJLWuG4E3TKODiMj9InVr5yR8T9Ui4R1yCOdNPZHFtWaPfbPmi7BBt5aLG5812FtTF6yAkusKVHhih1NLNcZ5fAPktV0PW7MgQ5kdfquofzOdWTrYoYT1VMtbzu0fyP4HoiDsxp9VvA7u/r1nuJ5wAPBLvPx0hAm2XRsPf0=,iv:L9UH19Wk11iIfs3UppPD33PyhaOre+5pFszoQYzHdts=,tag:+40C5hyRZBh2IrCLVWnAEA==,type:str]
|
||||
lastmodified: "2022-01-06T22:45:31Z"
|
||||
mac: ENC[AES256_GCM,data:6ooG3L6RBMn+DZ4jFsmc1WuS7Pu2hkYM74uGu6lxGEwwOqTPXsEAORtcMdTeCL2OtDKZradmMqcGPNJwm0MrHNwemgmmfn9GGHjM44SfyIdApa9H8Gpql06QjpcX/r7H8XXdvJT6YpwBX7S5htO0kyJc6P0435dg275Jl8m8+bY=,iv:nH3Gz/h0Ikq9kV7n0nHH7fxYuDoPHqwZsdLlAngZopQ=,tag:UJVpBYg+7sjiGqODirON1g==,type:str]
|
||||
pgp:
|
||||
- created_at: "2023-08-08T22:43:28Z"
|
||||
enc: |
|
||||
|
@ -200,4 +194,4 @@ sops:
|
|||
-----END PGP MESSAGE-----
|
||||
fp: DD0998E6CDF294537FC604F991FA5E5BF9AA901C
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.8.1
|
||||
version: 3.7.1
|
||||
|
|
|
@ -1,5 +1,8 @@
|
|||
{ config, libC, pkgs, ... }:
|
||||
|
||||
let
|
||||
hostname = "drone.hq.c3d2.de";
|
||||
in
|
||||
{
|
||||
c3d2.deployment.server = "server10";
|
||||
|
||||
|
@ -10,12 +13,11 @@
|
|||
services = {
|
||||
nginx = {
|
||||
enable = true;
|
||||
virtualHosts."drone.hq.c3d2.de" = {
|
||||
virtualHosts.${hostname} = {
|
||||
forceSSL = true;
|
||||
enableACME = true;
|
||||
listen = libC.defaultListen;
|
||||
locations."/".proxyPass = "http://localhost:5000";
|
||||
serverAliases = [ "drone.c3d2.de" ];
|
||||
};
|
||||
};
|
||||
|
||||
|
@ -69,7 +71,7 @@
|
|||
"DRONE_DATADOG_ENABLED=false"
|
||||
"DRONE_DATADOG_ENDPOINT=null"
|
||||
"DRONE_GITEA_SERVER=https://gitea.c3d2.de"
|
||||
"DRONE_SERVER_HOST=drone.c3d2.de"
|
||||
"DRONE_SERVER_HOST=${hostname}"
|
||||
"DRONE_SERVER_PORT=:5000"
|
||||
"DRONE_SERVER_PROTO=https"
|
||||
"DRONE_USER_CREATE=username:sandro,admin:true"
|
||||
|
|
|
@ -48,12 +48,9 @@
|
|||
|
||||
locations."/" = {
|
||||
root = "/var/www/ftp.c3d2.de";
|
||||
extraConfig = /* nginx */ ''
|
||||
extraConfig = ''
|
||||
charset UTF-8; # fix mojibake
|
||||
|
||||
# better wget scraping ;)
|
||||
rewrite /(.*)index.html?$ /$1;
|
||||
|
||||
fancyindex on;
|
||||
fancyindex_exact_size off;
|
||||
fancyindex_css_href /.theme/style.css;
|
||||
|
|
|
@ -0,0 +1,55 @@
|
|||
## Migration from [inbert to zentralwerk](https://codimd.c3d2.de/inbert-2021)
|
||||
|
||||
[based on https://docs.gitea.io/en-us/backup-and-restore/](https://docs.gitea.io/en-us/backup-and-restore/)
|
||||
|
||||
### @inbert
|
||||
```shell
|
||||
sudo -u git gitea dump -c /etc/gitea/app.ini
|
||||
```
|
||||
|
||||
### @gitea.hq.c3d2.de (lxc 315 @server6)
|
||||
|
||||
- copied `gitea-dump-*.zip` from inbert to `/tmp/`
|
||||
|
||||
```shell
|
||||
/etc/nixos/migrate.sh
|
||||
```
|
||||
|
||||
Check consistency:
|
||||
|
||||
```shell
|
||||
su gitea
|
||||
cd
|
||||
export GITEA_WORK_DIR=/var/lib/gitea
|
||||
/nix/store/*-gitea-1.15.2/bin/gitea doctor --all
|
||||
```
|
||||
|
||||
#### Fix problems caused by database schema changes between Gitea 1.8.3 and 1.15.2
|
||||
|
||||
2 Factor Auth didn't work, but was only used by 2 users anyway. We delete the old settings:
|
||||
|
||||
```sql
|
||||
delete from two_factor;
|
||||
```
|
||||
|
||||
There is a new column `repository.owner_name` that needs be set. Otherwise the web frontend displayed links starting with `//`.
|
||||
|
||||
Before fixing, we checked the `owner_names` queried by joining via `"user".id = repo.owner_id`:
|
||||
|
||||
```sql
|
||||
select "user".lower_name, repo.owner_name, repo.lower_name from repository as repo inner join "user" on "user".id = repo.owner_id;
|
||||
```
|
||||
|
||||
```sql
|
||||
UPDATE repository
|
||||
SET owner_name = map.name
|
||||
FROM (SELECT "user".lower_name AS name, repository.owner_id AS id
|
||||
FROM repository INNER JOIN "user" ON "user".id = repository.owner_id
|
||||
) AS map
|
||||
WHERE map.id = repository.owner_id;
|
||||
```
|
||||
|
||||
#### Problems with old logins
|
||||
|
||||
Till now `PASSWORD_HASH_ALGO` `argon2` was used, but seems not to work in the new version.
|
||||
Using the password recovery works.
|
|
@ -1,10 +1,7 @@
|
|||
{ config, pkgs, lib, libC, ... }:
|
||||
|
||||
{
|
||||
c3d2 = {
|
||||
deployment.server = "server10";
|
||||
hq.sendmail = true;
|
||||
};
|
||||
c3d2.deployment.server = "server10";
|
||||
|
||||
microvm.mem = 4 * 1024;
|
||||
|
||||
|
@ -27,7 +24,7 @@
|
|||
|
||||
gitea = {
|
||||
enable = true;
|
||||
appName = "Gitea: with a cup of Mate";
|
||||
appName = "Gitea: with a cup of Kolle Mate";
|
||||
database.type = "postgres";
|
||||
lfs.enable = true;
|
||||
repositoryRoot = "/var/lib/gitea/repositories";
|
||||
|
@ -41,14 +38,19 @@
|
|||
|
||||
ldap = {
|
||||
enable = true;
|
||||
searchUserPasswordFile = config.sops.secrets."gitea/ldapSearchUserPassword".path;
|
||||
bindPasswordFile = config.sops.secrets."gitea/ldapSearchUserPassword".path;
|
||||
};
|
||||
|
||||
settings = {
|
||||
# we use drone for internal tasks and don't want people to execute code on our infrastructure
|
||||
actions.ENABLED = true;
|
||||
actions.ENABLED = false;
|
||||
"cron.delete_generated_repository_avatars".ENABLED = true;
|
||||
"cron.delete_old_system_notices".ENABLED = true;
|
||||
"cron.repo_health_check".TIMEOUT = "300s";
|
||||
"cron.resync_all_sshkeys" = {
|
||||
ENABLED = true;
|
||||
RUN_AT_START = true;
|
||||
};
|
||||
database.LOG_SQL = false;
|
||||
# enable if it is actually useful
|
||||
# federation.ENABLED = true;
|
||||
|
@ -108,8 +110,6 @@
|
|||
};
|
||||
};
|
||||
|
||||
gitea-actions.enableRegistrar = true;
|
||||
|
||||
nginx = {
|
||||
enable = true;
|
||||
virtualHosts."gitea.c3d2.de" = {
|
||||
|
@ -146,5 +146,18 @@
|
|||
};
|
||||
};
|
||||
|
||||
programs.msmtp = {
|
||||
enable = true;
|
||||
accounts.default = {
|
||||
host = "mail.c3d2.de";
|
||||
port = 587;
|
||||
tls = true;
|
||||
tls_starttls = true;
|
||||
auth = false;
|
||||
domain = "gitea.c3d2.de";
|
||||
from = "mail@c3d2.de";
|
||||
};
|
||||
};
|
||||
|
||||
system.stateVersion = "21.11";
|
||||
}
|
||||
|
|
|
@ -0,0 +1,19 @@
|
|||
#/usr/bin/env bash -e
|
||||
|
||||
DUMP=gitea-dump-1633035257
|
||||
USER=gitea
|
||||
DATABASE=gitea
|
||||
|
||||
cd /tmp/
|
||||
unzip ${DUMP}.zip
|
||||
unzip gitea-repo.zip
|
||||
|
||||
systemctl stop gitea
|
||||
|
||||
rm -r /var/lib/gitea/repositories/*
|
||||
mv gitea-repositories/* /var/lib/gitea/repositories/
|
||||
chown -R gitea:gitea /var/lib/gitea
|
||||
|
||||
sudo -u gitea psql -U $USER -d $DATABASE < gitea-db.sql
|
||||
|
||||
systemctl start gitea
|
|
@ -1,31 +1,37 @@
|
|||
{ lib, pkgs, ... }:
|
||||
{ pkgs, ... }:
|
||||
|
||||
{
|
||||
imports = [ ./hardware-configuration.nix ];
|
||||
|
||||
c3d2 = {
|
||||
autoUpdate = true;
|
||||
baremetal = true;
|
||||
hq.interface = "enp0s25";
|
||||
k-ot.enable = true;
|
||||
};
|
||||
|
||||
disko.disks = [ {
|
||||
device = "/dev/disk/by-id/ata-SSD0240S00_20201124BC41037";
|
||||
name = ""; # empty because disk was formatted before the naming convention
|
||||
withCeph = false;
|
||||
withLuks = false;
|
||||
} ];
|
||||
|
||||
nix.settings = {
|
||||
cores = 4;
|
||||
max-jobs = 4;
|
||||
};
|
||||
|
||||
sops = {
|
||||
age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
|
||||
defaultSopsFile = ./secrets.yaml;
|
||||
};
|
||||
|
||||
boot.loader = {
|
||||
efi.canTouchEfiVariables = true;
|
||||
systemd-boot.enable = true;
|
||||
};
|
||||
|
||||
disko.disks = [ {
|
||||
device = "/dev/disk/by-id/ata-SSD0240S00_20201124BC41037";
|
||||
name = "glotzbert";
|
||||
withCeph = false;
|
||||
withLuks = false;
|
||||
} ];
|
||||
|
||||
networking = {
|
||||
domain = "hq.c3d2.de";
|
||||
firewall = {
|
||||
|
@ -56,8 +62,10 @@
|
|||
wantedBy = [ "graphical-session.target" ];
|
||||
partOf = [ "graphical-session.target" ];
|
||||
serviceConfig = {
|
||||
ExecStart = "${lib.getExe pkgs.x11vnc} -forever -shared -passwd k-ot";
|
||||
RestartSec = 5;
|
||||
ExecStart = ''
|
||||
${pkgs.x11vnc}/bin/x11vnc -shared -forever -passwd k-ot
|
||||
'';
|
||||
RestartSec = 3;
|
||||
Restart = "always";
|
||||
};
|
||||
};
|
||||
|
@ -123,17 +131,10 @@
|
|||
wheelNeedsPassword = false;
|
||||
};
|
||||
|
||||
sops = {
|
||||
age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
|
||||
defaultSopsFile = ./secrets.yaml;
|
||||
};
|
||||
|
||||
users = {
|
||||
groups."k-ot".gid = 1000;
|
||||
users."k-ot" = {
|
||||
group = "k-ot";
|
||||
extraGroups = [ "networkmanager" ];
|
||||
};
|
||||
users.groups."k-ot".gid = 1000;
|
||||
users.users."k-ot" = {
|
||||
group = "k-ot";
|
||||
extraGroups = [ "networkmanager" ];
|
||||
};
|
||||
|
||||
system.stateVersion = "22.11";
|
||||
|
|
|
@ -8,67 +8,10 @@
|
|||
[ (modulesPath + "/installer/scan/not-detected.nix")
|
||||
];
|
||||
|
||||
boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "sd_mod" "sr_mod" "rtsx_usb_sdmmc" ];
|
||||
boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "usb_storage" "sd_mod" "sr_mod" "rtsx_usb_sdmmc" ];
|
||||
boot.initrd.kernelModules = [ ];
|
||||
boot.kernelModules = [ "kvm-intel" ];
|
||||
|
||||
fileSystems."/" =
|
||||
{ device = "glotzbert/data";
|
||||
fsType = "zfs";
|
||||
options = [ "zfsutil" ];
|
||||
};
|
||||
|
||||
fileSystems."/etc" =
|
||||
{ device = "glotzbert/data/etc";
|
||||
fsType = "zfs";
|
||||
options = [ "zfsutil" ];
|
||||
};
|
||||
|
||||
fileSystems."/nix" =
|
||||
{ device = "glotzbert/nixos/nix";
|
||||
fsType = "zfs";
|
||||
options = [ "zfsutil" ];
|
||||
};
|
||||
|
||||
fileSystems."/nix/store" =
|
||||
{ device = "glotzbert/nixos/nix/store";
|
||||
fsType = "zfs";
|
||||
options = [ "zfsutil" ];
|
||||
};
|
||||
|
||||
fileSystems."/var" =
|
||||
{ device = "glotzbert/data/var";
|
||||
fsType = "zfs";
|
||||
options = [ "zfsutil" ];
|
||||
};
|
||||
|
||||
fileSystems."/var/lib" =
|
||||
{ device = "glotzbert/data/var/lib";
|
||||
fsType = "zfs";
|
||||
options = [ "zfsutil" ];
|
||||
};
|
||||
|
||||
fileSystems."/var/log" =
|
||||
{ device = "glotzbert/data/var/log";
|
||||
fsType = "zfs";
|
||||
options = [ "zfsutil" ];
|
||||
};
|
||||
|
||||
fileSystems."/home" =
|
||||
{ device = "glotzbert/data/home";
|
||||
fsType = "zfs";
|
||||
options = [ "zfsutil" ];
|
||||
};
|
||||
|
||||
fileSystems."/nix/var" =
|
||||
{ device = "glotzbert/nixos/nix/var";
|
||||
fsType = "zfs";
|
||||
options = [ "zfsutil" ];
|
||||
};
|
||||
|
||||
fileSystems."/boot" =
|
||||
{ device = "/dev/disk/by-uuid/D1E3-1422";
|
||||
fsType = "vfat";
|
||||
};
|
||||
boot.extraModulePackages = [ ];
|
||||
|
||||
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
|
||||
# (the default) this is the recommended approach. When using systemd-networkd it's
|
||||
|
|
|
@ -112,13 +112,22 @@
|
|||
};
|
||||
};
|
||||
|
||||
systemd.services = {
|
||||
# work around our slow storage that can't keep up
|
||||
influxdb.serviceConfig.LimitNOFILE = "1048576:1048576";
|
||||
influxdb.serviceConfig.TimeoutStartSec = "infinity";
|
||||
};
|
||||
systemd.services =
|
||||
builtins.foldl'
|
||||
(services: service:
|
||||
services // {
|
||||
"${service}".serviceConfig = {
|
||||
RestartSec = 60;
|
||||
Restart = "always";
|
||||
};
|
||||
}
|
||||
)
|
||||
{ } [ "grafana" "influxdb" ]
|
||||
// {
|
||||
# work around our slow storage that can't keep up
|
||||
influxdb.serviceConfig.LimitNOFILE = "1048576:1048576";
|
||||
influxdb.serviceConfig.TimeoutStartSec = "infinity";
|
||||
};
|
||||
|
||||
system.stateVersion = "22.05";
|
||||
|
||||
users.users.nginx.extraGroups = [ "grafana" ];
|
||||
}
|
||||
|
|
|
@ -3,48 +3,6 @@
|
|||
{
|
||||
c3d2.deployment.server = "server10";
|
||||
|
||||
environment.systemPackages = [
|
||||
# TODO: move into nixos-modules
|
||||
(with pkgs.python3.pkgs; buildPythonApplication {
|
||||
pname = "hedgedoc-util";
|
||||
version = "unstable-2022-04-20";
|
||||
format = "other";
|
||||
|
||||
src = pkgs.fetchFromGitLab {
|
||||
domain = "git.cccv.de";
|
||||
owner = "infra/ansible/roles";
|
||||
repo = "hedgedoc";
|
||||
rev = "d69cef4bf6c7fe4e67570363659e4c20b0e102af";
|
||||
hash = "sha256-dWZtPnQ9ZtS9EEwMA5p9Bhu6zoDQS4fGxVaJ1lPMw/s=";
|
||||
};
|
||||
|
||||
# TODO: upstream this?
|
||||
patches = [ ./hedgedoc-util-postgres.diff ];
|
||||
|
||||
dontBuild = true;
|
||||
|
||||
propagatedBuildInputs = [
|
||||
click
|
||||
psycopg2
|
||||
];
|
||||
|
||||
installPhase = let
|
||||
wrapper = pkgs.writeShellScriptBin "hedgedoc-util" ''
|
||||
cd /var/lib/hedgedoc
|
||||
sudo=exec
|
||||
if [[ "$USER" != hedgedoc ]]; then
|
||||
sudo='exec /run/wrappers/bin/sudo -u hedgedoc --preserve-env'
|
||||
fi
|
||||
$sudo $(dirname "$0")/.hedgedoc-util "$@"
|
||||
'';
|
||||
in ''
|
||||
mkdir -p $out/bin
|
||||
cp files/hedgedoc-util.py $out/bin/.hedgedoc-util
|
||||
ln -s ${lib.getExe wrapper} $out/bin/hedgedoc-util
|
||||
'';
|
||||
})
|
||||
];
|
||||
|
||||
microvm.mem = 1536;
|
||||
|
||||
networking.hostName = "hedgedoc";
|
||||
|
@ -60,7 +18,6 @@
|
|||
ldap.enable = true;
|
||||
settings = {
|
||||
allowAnonymousEdits = true;
|
||||
allowEmailRegister = false;
|
||||
allowFreeURL = true;
|
||||
allowOrigin = [ "hedgedoc.c3d2.de" ];
|
||||
csp = {
|
||||
|
@ -74,7 +31,6 @@
|
|||
};
|
||||
defaultPermission = "freely";
|
||||
domain = "hedgedoc.c3d2.de";
|
||||
email = false; # only allow ldap login
|
||||
loglevel = "warn";
|
||||
path = "/run/hedgedoc/hedgedoc.sock";
|
||||
protocolUseSSL = true;
|
||||
|
@ -103,7 +59,7 @@
|
|||
forceSSL = true;
|
||||
enableACME = true;
|
||||
locations = {
|
||||
"^~ /robots\\.txt".return = "200 'User-agent: *\\nDisallow: /'";
|
||||
"^~ /robots.txt".return = "200 'User-agent: *\\nDisallow: /'";
|
||||
"/".proxyPass = "http://hedgedoc";
|
||||
};
|
||||
};
|
||||
|
|
|
@ -1,166 +0,0 @@
|
|||
--- a/files/hedgedoc-util.py 2024-02-03 23:19:47.720921062 +0100
|
||||
+++ b/files/hedgedoc-util.py 2024-02-03 23:19:42.926928390 +0100
|
||||
@@ -7,9 +7,7 @@
|
||||
from subprocess import Popen, PIPE
|
||||
|
||||
import click
|
||||
-import pymysql
|
||||
-import pymysql.cursors
|
||||
-import configparser
|
||||
+import psycopg2
|
||||
|
||||
class GlobalState():
|
||||
def __init__(self, options):
|
||||
@@ -21,23 +19,17 @@
|
||||
except Exception as e:
|
||||
click.echo("Database connection failed: {}".format(repr(e)))
|
||||
sys.exit(2)
|
||||
- self._check_schema()
|
||||
|
||||
def _get_connection(self):
|
||||
- return pymysql.connect(host=self.config['dbhost'],
|
||||
- user=self.config['dbuser'],
|
||||
- password=self.config['dbpw'],
|
||||
- database=self.config['dbname'],
|
||||
- charset='utf8mb4',
|
||||
- cursorclass=pymysql.cursors.DictCursor)
|
||||
+ dsn = "host="+self.config['dbhost']
|
||||
+ if 'dbuser' in self.config:
|
||||
+ dsn += "user="+self.config['dbuser']
|
||||
+ if 'dbpw' in self.config:
|
||||
+ dsn += "password="+self.config['dbpw']
|
||||
+ if 'dbname' in self.config:
|
||||
+ dsn += "dbname="+self.config['dbname']
|
||||
|
||||
- def _check_schema(self):
|
||||
- with self.db.cursor() as cursor:
|
||||
- cursor.execute('SELECT name from SequelizeMeta ORDER BY name ASC')
|
||||
- schema = ','.join([i['name'] for i in cursor.fetchall()])
|
||||
- if schema != self.config['dbschema']:
|
||||
- click.echo("Unsupportet db schema: {}".format(schema))
|
||||
- sys.exit(2)
|
||||
+ return psycopg2.connect(dsn)
|
||||
|
||||
def _load_config(self, path):
|
||||
result = {}
|
||||
@@ -69,6 +61,9 @@
|
||||
|
||||
def _decode_nested_json(data, fieldnames):
|
||||
for i in data:
|
||||
+ if i == None:
|
||||
+ continue
|
||||
+
|
||||
for fieldname in fieldnames:
|
||||
if fieldname in i:
|
||||
if i[fieldname] == None:
|
||||
@@ -84,34 +79,40 @@
|
||||
def note_id_encode_to_url(input_id):
|
||||
return base64.urlsafe_b64encode(binascii.unhexlify(input_id.replace('-', '').encode())).decode().replace('=', '')
|
||||
|
||||
-def pad_list(db, columns, last_change_older=0, owner=0):
|
||||
+def pad_list(db, columns, last_change_older, owner):
|
||||
+ if owner == None:
|
||||
+ owner = "00000000-0000-0000-0000-000000000000"
|
||||
with db.cursor() as cursor:
|
||||
# this is no sql injection vulnerability because we let click verify the content of "columns" to match a whitelist
|
||||
- cursor.execute(F"SELECT {','.join(columns)} FROM Notes WHERE (%(last_change_older)s = 0 OR DATEDIFF(NOW(), lastchangeAt) > %(last_change_older)s OR (lastchangeAt IS NULL AND DATEDIFF(NOW(), createdAt) > %(last_change_older)s) AND (%(owner)s = '' OR ownerId = %(owner)s)) ORDER BY id", {'last_change_older': last_change_older, 'owner': owner})
|
||||
+ cursor.execute(F"SELECT {','.join(columns)} FROM \"Notes\" WHERE (%(last_change_older)s = 0 OR NOW() - \"lastchangeAt\" > interval '%(last_change_older)s' OR (\"lastchangeAt\" IS NULL AND NOW() - \"createdAt\" > interval '%(last_change_older)s') AND (%(owner)s = '' OR \"ownerId\" = %(owner)s::uuid)) ORDER BY id", {'last_change_older': last_change_older, 'owner': owner})
|
||||
return _decode_nested_json(cursor.fetchall(), ['authorship'])
|
||||
|
||||
def pad_get(db, id):
|
||||
with db.cursor() as cursor:
|
||||
- cursor.execute('SELECT * FROM Notes WHERE id=%s', (id))
|
||||
+ cursor.execute('SELECT * FROM "Notes" WHERE id=%s', (id,))
|
||||
return _decode_nested_json([cursor.fetchone()], ['authorship'])[0]
|
||||
|
||||
def pad_get_content(db, id):
|
||||
return pad_get(db, id).get('content', '')
|
||||
|
||||
-def pad_delete(db, id):
|
||||
- pad = pad_get(db, id)
|
||||
- urlid = note_id_encode_to_url(id)
|
||||
- with db:
|
||||
- with db.cursor() as cursor:
|
||||
- cursor.execute('DELETE FROM Revisions WHERE noteId=%s', (id))
|
||||
- cursor.execute('DELETE FROM Notes WHERE id=%s', (id))
|
||||
- cursor.execute('SELECT id,history FROM Users WHERE JSON_SEARCH(history, "one", %s, "", "$[*].id") is not null;', (urlid))
|
||||
- with db.cursor() as usercursor:
|
||||
- for i in cursor:
|
||||
- history = json.loads(i['history'] or '[]')
|
||||
- history = [ j for j in history if not j.get('id') == urlid ]
|
||||
- usercursor.execute('UPDATE Users set history=%s WHERE id=%s;', (json.dumps(history), i['id']))
|
||||
- db.commit()
|
||||
+def pad_delete(db, ids):
|
||||
+ for id in ids:
|
||||
+ if id == "--":
|
||||
+ continue
|
||||
+
|
||||
+ pad = pad_get(db, id)
|
||||
+ urlid = note_id_encode_to_url(id)
|
||||
+ with db:
|
||||
+ with db.cursor() as cursor:
|
||||
+ cursor.execute('DELETE FROM "Revisions" WHERE "noteId"=%s', (id,))
|
||||
+ cursor.execute('DELETE FROM "Notes" WHERE id=%s', (id,))
|
||||
+ cursor.execute('SELECT id,history FROM "Users" u, json_array_elements(u.history::json) h WHERE h->>\'id\'=%s is not null;', (urlid,))
|
||||
+ with db.cursor() as usercursor:
|
||||
+ for i in cursor:
|
||||
+ history = json.loads(i[1] or '[]')
|
||||
+ history = [ j for j in history if not j.get('id') == urlid ]
|
||||
+ usercursor.execute('UPDATE "Users" set history=%s WHERE id=%s;', (json.dumps(history), i[0]))
|
||||
+ db.commit()
|
||||
|
||||
def pad_mail(db, id, template, formats):
|
||||
with db.cursor() as cursor:
|
||||
@@ -144,12 +145,12 @@
|
||||
def user_list(db, columns):
|
||||
with db.cursor() as cursor:
|
||||
# this is no sql injection vulnerability because we let click verify the content of "columns" to match a whitelist
|
||||
- cursor.execute('SELECT {} FROM Users ORDER BY id'.format(','.join(columns)))
|
||||
+ cursor.execute('SELECT {} FROM "Users" ORDER BY id'.format(','.join(columns)))
|
||||
return _decode_nested_json(cursor.fetchall(), ['profile', 'history'])
|
||||
|
||||
def user_get(db, id):
|
||||
with db.cursor() as cursor:
|
||||
- cursor.execute('SELECT * FROM Users WHERE id=%s', (id))
|
||||
+ cursor.execute('SELECT * FROM "Users" WHERE id=%s', (id,))
|
||||
return _decode_nested_json([cursor.fetchone()], ['profile', 'history'])[0]
|
||||
|
||||
def user_get_mail(db, id):
|
||||
@@ -192,12 +193,11 @@
|
||||
|
||||
@click.group()
|
||||
@click.option('-o', '--output', type=click.Choice(['text', 'json', 'tsv', 'tsv-noheader']), default='text', help='Select output format', show_default=True, show_envvar=True)
|
||||
-@click.option('--config', default='/usr/local/etc/hedgedoc-util/hedgedoc-util.cfg', type=click.Path(), help='Config to load db and template default settings from', show_envvar=True, show_default=True)
|
||||
+@click.option('--config', default='/etc/hedgedoc-util/hedgedoc-util.cfg', type=click.Path(), help='Config to load db and template default settings from', show_envvar=True, show_default=True)
|
||||
@click.option('--dbuser', help='User name used for the db connection', show_envvar=True)
|
||||
@click.option('--dbpw', help='Password used for the db connection', show_envvar=True)
|
||||
@click.option('--dbname', help='Database used', show_envvar=True)
|
||||
-@click.option('--dbhost', help='Host the db is running on', show_envvar=True)
|
||||
-@click.option('--dbschema', help='Schema string to verify the db schema against', show_envvar=True)
|
||||
+@click.option('--dbhost', help='Host the db is running on', default='/run/postgresql/', show_envvar=True)
|
||||
@click.pass_context
|
||||
def cli(ctx, **kwargs):
|
||||
ctx.obj = GlobalState(kwargs)
|
||||
@@ -219,7 +219,7 @@
|
||||
@cli_pad.command(name="list", help="List all pads")
|
||||
@click.option('-c', '--columns', default=['id'], type=click.Choice(['id', 'title', 'content', 'ownerId', 'createdAt', 'updatedAt', 'shortid', 'permission', 'viewcount', 'lastchangeuserId', 'lastchangeAt', 'alias', 'deletedAt', 'authorship']), help="Select what data to display. Can be passed multiple times.", multiple=True, show_default=True, show_envvar=True)
|
||||
@click.option('--last-change-older', type=click.INT, default=0, help='Only list those pads which are older than this value. In days.', show_envvar=True)
|
||||
-@click.option('--owner', type=click.STRING, default='', help='Only list pads with this owner, pass the user id', show_envvar=True)
|
||||
+@click.option('--owner', type=click.STRING, help='Only list pads with this owner, pass the user id', show_envvar=True)
|
||||
@click.pass_obj
|
||||
def _pad_list(obj, columns, last_change_older, owner):
|
||||
output_object(pad_list(obj.db, columns, last_change_older=last_change_older, owner=owner))
|
||||
@@ -231,10 +231,10 @@
|
||||
output_object(pad_get(obj.db, id))
|
||||
|
||||
@cli_pad.command(name="delete", help="Deletes a pad")
|
||||
-@click.argument('id')
|
||||
+@click.argument('ids', nargs=-1)
|
||||
@click.pass_obj
|
||||
-def _pad_delete(obj, id):
|
||||
- pad_delete(obj.db, id)
|
||||
+def _pad_delete(obj, ids):
|
||||
+ pad_delete(obj.db, ids)
|
||||
|
||||
@cli_pad.command(name="get-content", help="Get the content of one pad by its id")
|
||||
@click.argument('id')
|
|
@ -24,20 +24,14 @@ in
|
|||
linkConfig.Name = "c3d2";
|
||||
};
|
||||
networks."40-c3d2" = {
|
||||
dhcpV4Config.UseRoutes = "no";
|
||||
matchConfig.MACAddress = c3d2MacAddress;
|
||||
networkConfig = {
|
||||
DHCP = "no";
|
||||
IPv6AcceptRA = "no";
|
||||
LinkLocalAddressing = "yes";
|
||||
IPv6AcceptRA = "no";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
nixpkgs.config.permittedInsecurePackages = [
|
||||
"openssl-1.1.1w"
|
||||
];
|
||||
|
||||
services = {
|
||||
avahi.enable = true;
|
||||
|
||||
|
@ -49,6 +43,7 @@ in
|
|||
home-assistant = {
|
||||
enable = true;
|
||||
config = {
|
||||
automation = "!include automations.yaml";
|
||||
binary_sensor = [
|
||||
{
|
||||
platform = "rest";
|
||||
|
@ -65,11 +60,11 @@ in
|
|||
platform = "rest";
|
||||
name = "c3d2";
|
||||
unique_id = "status_c3d2";
|
||||
resource = "http://schalter.hq.c3d2.de/schalter.json";
|
||||
resource = "https://c3d2.de/spaceapi.json";
|
||||
method = "GET";
|
||||
scan_interval = 60;
|
||||
verify_ssl = true;
|
||||
value_template = "{{ value_json['status'] }}";
|
||||
value_template = "{{ value_json['state']['open'] }}";
|
||||
device_class = "door";
|
||||
}
|
||||
];
|
||||
|
@ -92,15 +87,11 @@ in
|
|||
};
|
||||
};
|
||||
extraComponents = [
|
||||
"esphome"
|
||||
"met" # Meteorologisk institutt aka the weather widget
|
||||
"mqtt"
|
||||
"radio_browser"
|
||||
# extra things we use
|
||||
"wled"
|
||||
"zha" # Zigbee
|
||||
];
|
||||
ldap.enable = true;
|
||||
package = pkgs.home-assistant.override {
|
||||
package = (pkgs.home-assistant.override {
|
||||
# those tests take a long(er) time and can't be sped up with pytest-xdist
|
||||
packageOverrides = _: prev: let
|
||||
noTests.doCheck = false;
|
||||
|
@ -108,7 +99,7 @@ in
|
|||
aws-sam-translator = prev.aws-sam-translator.overridePythonAttrs (_: noTests);
|
||||
moto = prev.moto.overridePythonAttrs (_: noTests);
|
||||
};
|
||||
};
|
||||
});
|
||||
};
|
||||
|
||||
nginx = {
|
||||
|
|
|
@ -1,5 +1,8 @@
|
|||
{ config, lib, libS, pkgs, ... }:
|
||||
|
||||
let
|
||||
cachePort = 5000;
|
||||
in
|
||||
{
|
||||
imports = [
|
||||
./hardware-configuration.nix
|
||||
|
@ -53,22 +56,22 @@
|
|||
{
|
||||
hostName = "client@dacbert.hq.c3d2.de";
|
||||
system = lib.concatStringsSep "," [
|
||||
"aarch64-linux" # very slow compared to gallium
|
||||
# "aarch64-linux" # very slow compared to gallium
|
||||
"armv6l-linux" "armv7l-linux"
|
||||
];
|
||||
speedFactor = 1;
|
||||
supportedFeatures = [ "kvm" "nixos-test" ];
|
||||
maxJobs = 1;
|
||||
}
|
||||
# {
|
||||
# hostName = "gallium.s6o.de";
|
||||
# maxJobs = 4;
|
||||
# speedFactor = 10;
|
||||
# sshUser = config.nix.remoteBuilder.name;
|
||||
# # kvm is not supported because /dev/kvm does not exist
|
||||
# supportedFeatures = [ "big-parallel" "nixos-test" "benchmark" ];
|
||||
# system = "aarch64-linux";
|
||||
# }
|
||||
{
|
||||
hostName = "gallium.supersandro.de";
|
||||
maxJobs = 4;
|
||||
speedFactor = 10;
|
||||
sshUser = config.nix.remoteBuilder.name;
|
||||
# kvm is not supported because /dev/kvm does not exist
|
||||
supportedFeatures = [ "big-parallel" "nixos-test" "benchmark" ];
|
||||
system = "aarch64-linux";
|
||||
}
|
||||
];
|
||||
daemonCPUSchedPolicy = "idle";
|
||||
daemonIOSchedClass = "idle";
|
||||
|
@ -98,10 +101,89 @@
|
|||
'';
|
||||
};
|
||||
|
||||
containers = {
|
||||
# hydra-binfmt-builder = {
|
||||
# autoStart = true;
|
||||
# config = { ... }: {
|
||||
# imports = [ (modulesPath + "/profiles/minimal.nix") ];
|
||||
|
||||
# networking.firewall.allowedTCPPorts = [ 22 ];
|
||||
|
||||
# nix = {
|
||||
# settings = config.nix.settings;
|
||||
# extraOptions = config.nix.extraOptions;
|
||||
# };
|
||||
|
||||
# services.openssh.enable = true;
|
||||
|
||||
# system.stateVersion = "22.11";
|
||||
|
||||
# users.users."root".openssh.authorizedKeys.keys = [
|
||||
# "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBga6vW8lnbFKl+Yd2xBiF71FRyV14eDUnqcMc2AWifI root@hydra"
|
||||
# ];
|
||||
# };
|
||||
# hostAddress = "192.168.100.1";
|
||||
# localAddress = "192.168.100.3";
|
||||
# privateNetwork = true;
|
||||
# };
|
||||
|
||||
# disabled because currently it display `ARRAY(0x4ec2040)` on the website and also uses a perl array in store paths instead of /nix/store
|
||||
# hydra-ca = {
|
||||
# autoStart = true;
|
||||
# config = { ... }: {
|
||||
# imports = [
|
||||
# hydra-ca.nixosModules.hydra
|
||||
# ];
|
||||
|
||||
# environment.systemPackages = with pkgs; [ git ];
|
||||
|
||||
# networking.firewall.allowedTCPPorts = [ 3001 ];
|
||||
|
||||
# nix = {
|
||||
# settings = {
|
||||
# allowed-uris = "https://gitea.c3d2.de/ https://github.com/ https://gitlab.com/ ssh://gitea@gitea.c3d2.de/";
|
||||
# builders-use-substitutes = true;
|
||||
# experimental-features = "ca-derivations nix-command flakes";
|
||||
# extra-substituters = "https://cache.ngi0.nixos.org/";
|
||||
# extra-trusted-public-keys = "cache.ngi0.nixos.org-1:KqH5CBLNSyX184S9BKZJo1LxrxJ9ltnY2uAs5c/f1MA=";
|
||||
# substituters = [
|
||||
# "https://cache.ngi0.nixos.org/"
|
||||
# ];
|
||||
# trusted-public-keys = [
|
||||
# "cache.ngi0.nixos.org-1:KqH5CBLNSyX184S9BKZJo1LxrxJ9ltnY2uAs5c/f1MA="
|
||||
# ];
|
||||
# };
|
||||
# };
|
||||
|
||||
# nixpkgs = {
|
||||
# # config.contentAddressedByDefault = true;
|
||||
# overlays = [ self.overlay ];
|
||||
# };
|
||||
|
||||
# services = {
|
||||
# hydra-dev = lib.recursiveUpdate config.services.hydra-dev {
|
||||
# hydraURL = "https://hydra-ca.hq.c3d2.de";
|
||||
# port = 3001;
|
||||
# };
|
||||
# };
|
||||
|
||||
# system.stateVersion = "22.05"; # Did you read the comment? No.
|
||||
# };
|
||||
# hostAddress = "192.168.100.1";
|
||||
# localAddress = "192.168.100.2";
|
||||
# privateNetwork = true;
|
||||
# };
|
||||
};
|
||||
|
||||
networking = {
|
||||
hostId = "3f0c4ec4";
|
||||
hostName = "hydra";
|
||||
nameservers = [ "172.20.73.8" "9.9.9.9" ];
|
||||
# nat = {
|
||||
# enable = true;
|
||||
# externalInterface = "serv";
|
||||
# internalInterfaces = [ "ve-hydra-biLqAU" ];
|
||||
# };
|
||||
};
|
||||
|
||||
programs.ssh.knownHosts = lib.mkMerge [
|
||||
|
@ -124,13 +206,6 @@
|
|||
];
|
||||
};
|
||||
|
||||
gitea-actions = {
|
||||
enableRunner = true;
|
||||
kvm = true;
|
||||
zfsDataset = "hydra/data/podman";
|
||||
giteaUrl = "https://gitea.c3d2.de";
|
||||
};
|
||||
|
||||
hydra = {
|
||||
enable = true;
|
||||
buildMachinesFiles = [
|
||||
|
@ -159,11 +234,15 @@
|
|||
'';
|
||||
};
|
||||
|
||||
# A rust nix binary cache
|
||||
harmonia = {
|
||||
enable = true;
|
||||
domain = "nix-cache.hq.c3d2.de";
|
||||
port = 5000;
|
||||
settings.workers = 20;
|
||||
settings = {
|
||||
bind = "[::]:${toString cachePort}";
|
||||
workers = 20;
|
||||
max_connection_rate = 1024;
|
||||
priority = 50;
|
||||
};
|
||||
signKeyPath = config.sops.secrets."nix/signing-key/secretKey".path;
|
||||
};
|
||||
|
||||
|
@ -176,12 +255,22 @@
|
|||
forceSSL = true;
|
||||
locations."/".proxyPass = "http://127.0.0.1:${toString config.services.hydra.port}";
|
||||
serverAliases = [
|
||||
"hydra-ca.hq.c3d2.de"
|
||||
"hydra.serv.zentralwerk.org"
|
||||
];
|
||||
};
|
||||
# "hydra-ca.hq.c3d2.de" = {
|
||||
# enableACME = true;
|
||||
# forceSSL = true;
|
||||
# locations."/".proxyPass = "http://192.168.100.2:3001";
|
||||
# };
|
||||
"nix-cache.hq.c3d2.de" = {
|
||||
forceSSL = true;
|
||||
enableACME = true;
|
||||
locations."/".proxyPass = "http://127.0.0.1:${toString cachePort}";
|
||||
serverAliases = [
|
||||
"nix-serve.hq.c3d2.de"
|
||||
];
|
||||
};
|
||||
};
|
||||
};
|
||||
|
@ -221,7 +310,6 @@
|
|||
};
|
||||
"ssh-keys/hydra/private" = {
|
||||
owner = "hydra";
|
||||
# used for cloning flake inputs
|
||||
path = "/var/lib/hydra/.ssh/id_ed25519";
|
||||
};
|
||||
"ssh-keys/hydra/public" = {
|
||||
|
@ -231,7 +319,6 @@
|
|||
};
|
||||
"ssh-keys/root/private" = {
|
||||
owner = "hydra-queue-runner";
|
||||
# used to build the actual derivations
|
||||
path = "/var/lib/hydra/queue-runner/.ssh/id_ed25519";
|
||||
};
|
||||
"ssh-keys/root/public" = {
|
||||
|
|
|
@ -1,261 +0,0 @@
|
|||
{ config, pkgs, zentralwerk, ... }:
|
||||
|
||||
{
|
||||
c3d2 = {
|
||||
hq.statistics.enable = true;
|
||||
deployment.server = "server10";
|
||||
};
|
||||
|
||||
environment = {
|
||||
etc.gitconfig.text = /* gitconfig */ ''
|
||||
[url "gitea@gitea.c3d2.de:"]
|
||||
insteadOf = https://gitea.c3d2.de/
|
||||
'';
|
||||
systemPackages = with pkgs; [
|
||||
rsync # used in drone CI
|
||||
];
|
||||
};
|
||||
|
||||
# changes in knot config cause a rebuild because tools like keymgr are wrapped with the config file *and* contain the man pages
|
||||
documentation.man.generateCaches = false;
|
||||
|
||||
networking = {
|
||||
hostName = "knot";
|
||||
firewall = {
|
||||
allowedTCPPorts = [
|
||||
# DNS
|
||||
53
|
||||
];
|
||||
allowedUDPPorts = [
|
||||
# DNS
|
||||
53
|
||||
];
|
||||
};
|
||||
};
|
||||
|
||||
# required for CI
|
||||
microvm = let
|
||||
writableStoreOverlayImage = "/var/tmp/nix-store-overlay.img";
|
||||
in {
|
||||
preStart = ''
|
||||
# Discard old writable store overlay
|
||||
rm -f "${writableStoreOverlayImage}"
|
||||
'';
|
||||
volumes = [ {
|
||||
image = writableStoreOverlayImage;
|
||||
mountPoint = config.microvm.writableStoreOverlay;
|
||||
size = 1 * 1024;
|
||||
} ];
|
||||
writableStoreOverlay = "/nix/.rw-store";
|
||||
};
|
||||
nix.enable = true;
|
||||
|
||||
services.knot = {
|
||||
enable = true;
|
||||
keyFiles = [ config.sops.secrets."knot/keyFile".path ];
|
||||
settings = {
|
||||
acl = [
|
||||
{
|
||||
id = "jabber";
|
||||
key = "jabber.c3d2.de";
|
||||
action = "update";
|
||||
update-owner = "name";
|
||||
update-owner-match = "sub-or-equal";
|
||||
update-owner-name = [ "jabber.c3d2.de." ];
|
||||
}
|
||||
{
|
||||
id = "axfr";
|
||||
address = [
|
||||
# Inbert
|
||||
"2001:67c:1400:2240::1/128"
|
||||
# dns.serv.zentralwerk.org
|
||||
"172.20.73.2/32"
|
||||
"2a00:8180:2c00:282:2::2"
|
||||
];
|
||||
action = [ "transfer" "notify" ];
|
||||
}
|
||||
{
|
||||
# https://www.knot-dns.cz/docs/3.3/singlehtml/index.html#catalog-zones-configuration-examples
|
||||
id = "zone_xfr";
|
||||
address = [
|
||||
# ns.spaceboyz.net
|
||||
"95.217.229.209" "2a01:4f9:4b:39ec::4"
|
||||
# ns1.supersandro.de
|
||||
"188.34.196.104" "2a01:4f8:1c1c:1d38::1"
|
||||
];
|
||||
action = "transfer";
|
||||
}
|
||||
{
|
||||
id = "dns.serv.zentralwerk.org_notify";
|
||||
address = [ /*"172.20.73.2"*/ "2a00:8180:2c00:282:2::2" ];
|
||||
action = "notify";
|
||||
}
|
||||
];
|
||||
|
||||
log = [ {
|
||||
target = "syslog";
|
||||
any = "info";
|
||||
} ];
|
||||
|
||||
mod-stats = [ {
|
||||
id = "default";
|
||||
query-type = "on";
|
||||
} ];
|
||||
|
||||
remote = [
|
||||
{
|
||||
id = "ns.spaceboyz.net";
|
||||
address = [ "95.217.229.209" "2a01:4f9:4b:39ec::4" ];
|
||||
} {
|
||||
# TODO: drop
|
||||
id = "ns0.q-ix.net";
|
||||
address = [ "217.115.12.65" "2a00:1328:e101:b01::1" ];
|
||||
} {
|
||||
id = "ns1.supersandro.de";
|
||||
# IPv4 doesn't work because of nat
|
||||
address = [ /*"188.34.196.104"*/ "2a01:4f8:1c1c:1d38::1" ];
|
||||
} {
|
||||
id = "dns.serv.zentralwerk.org";
|
||||
address = [ "172.20.73.2" "2a00:8180:2c00:282:2::2" ];
|
||||
}
|
||||
];
|
||||
|
||||
remotes = [
|
||||
{
|
||||
id = "all";
|
||||
remote = [ "ns.spaceboyz.net" "ns1.supersandro.de" ];
|
||||
}
|
||||
{
|
||||
# TODO: drop
|
||||
id = "q-ix";
|
||||
remote = [ "ns0.q-ix.net" ];
|
||||
}
|
||||
];
|
||||
|
||||
server = {
|
||||
answer-rotation = true;
|
||||
automatic-acl = true;
|
||||
identity = "ns.c3d2.de";
|
||||
listen = with zentralwerk.lib.config.site.net.serv; [
|
||||
"127.0.0.1"
|
||||
"::1"
|
||||
hosts4.knot hosts6.up4.knot hosts6.dn42.knot
|
||||
"2a00:8180:2c00:282:2041:cbff:fe0c:8516"
|
||||
"fd23:42:c3d2:582:2041:cbff:fe0c:8516"
|
||||
];
|
||||
tcp-fastopen = true;
|
||||
version = null;
|
||||
};
|
||||
|
||||
template = [
|
||||
{
|
||||
# default is a magic name and is always loaded.
|
||||
# Because we want to use catalog-role/catalog-zone settings for all zones *except* the catalog zone itself, we must split the templates
|
||||
id = "default";
|
||||
global-module = [ "mod-stats" ];
|
||||
}
|
||||
{
|
||||
id = "c3d2";
|
||||
catalog-role = "member";
|
||||
catalog-zone = "c3d2.";
|
||||
dnssec-signing = true;
|
||||
file = "%s.zone";
|
||||
journal-content = "all"; # required for zonefile-load=difference-no-serial and makes cold starts like zone reloads
|
||||
module = "mod-stats/default";
|
||||
semantic-checks = true;
|
||||
serial-policy = "dateserial";
|
||||
storage = "/var/lib/knot/zones";
|
||||
zonefile-load = "difference-no-serial";
|
||||
}
|
||||
{
|
||||
id = "zentralwerk_template";
|
||||
acl = "dns.serv.zentralwerk.org_notify";
|
||||
master = "dns.serv.zentralwerk.org";
|
||||
storage = "/var/lib/knot/catalog/zentralwerk";
|
||||
}
|
||||
];
|
||||
|
||||
zone = [
|
||||
{
|
||||
acl = "zone_xfr";
|
||||
catalog-role = "generate";
|
||||
domain = "c3d2.";
|
||||
notify = [ "ns1.supersandro.de" ];
|
||||
storage = "/var/lib/knot/catalog";
|
||||
}
|
||||
{
|
||||
acl = "dns.serv.zentralwerk.org_notify";
|
||||
catalog-role = "interpret";
|
||||
catalog-template = "zentralwerk_template";
|
||||
domain = "zentralwerk.";
|
||||
master = "dns.serv.zentralwerk.org";
|
||||
storage = "/var/lib/knot/catalog";
|
||||
}
|
||||
] ++ map ({ acl ? [], notify ? [], ... }@zone: {
|
||||
inherit (zone) domain;
|
||||
template = "c3d2";
|
||||
notify = [ "all" ] ++ notify;
|
||||
acl = [ "axfr" "zone_xfr" ] ++ acl;
|
||||
}) [
|
||||
{ domain = "c3dd.de"; notify = [ "q-ix" ]; }
|
||||
{ domain = "c3d2.de"; acl = [ "jabber" ]; }
|
||||
{ domain = "hq.c3d2.de"; }
|
||||
{ domain = "dyn.hq.c3d2.de"; }
|
||||
# TODO: consolidate
|
||||
{ domain = "inbert.c3d2.de"; }
|
||||
{ domain = "c3d2.ffdd"; }
|
||||
{ domain = "c3d2.space"; }
|
||||
{ domain = "c3d2.social"; }
|
||||
{ domain = "cccdd.de"; notify = [ "q-ix" ]; }
|
||||
{ domain = "dresden.ccc.de"; }
|
||||
{ domain = "datenspuren.de"; }
|
||||
{ domain = "netzbiotop.org"; }
|
||||
{ domain = "pentamedia.org"; notify = [ "q-ix" ]; }
|
||||
{ domain = "zentralwerk.ffdd"; }
|
||||
|
||||
{ domain = "2001-67c0-1400-2240.ip6.arpa"; }
|
||||
{ domain = "2a0f-5382-acab-1400.ip6.arpa"; }
|
||||
{ domain = "40.158.45.in-addr.arpa"; }
|
||||
{ domain = "99.22.172.in-addr.arpa"; }
|
||||
];
|
||||
};
|
||||
};
|
||||
|
||||
security.sudo.extraRules = [ {
|
||||
users = [ "knot" ];
|
||||
commands = [ {
|
||||
command = "/etc/profiles/per-user/knot/bin/reload-knot";
|
||||
options = [ "NOPASSWD" ];
|
||||
} ];
|
||||
} ];
|
||||
|
||||
sops = {
|
||||
defaultSopsFile = ./secrets.yaml;
|
||||
secrets = {
|
||||
"knot/keyFile".owner = "knot";
|
||||
"ssh-keys/knot/private" = {
|
||||
owner = "knot";
|
||||
path = "${config.users.users.knot.home}/.ssh/id_ed25519";
|
||||
};
|
||||
"ssh-keys/knot/public" = {
|
||||
owner = "knot";
|
||||
path = "${config.users.users.knot.home}/.ssh/id_ed25519.pub";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
system.stateVersion = "23.11";
|
||||
|
||||
users.users.knot = {
|
||||
home = "/var/lib/knot/zones/";
|
||||
openssh.authorizedKeys.keys = [
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHIkIN1gi5cX2wV2WuNph/QzVK7vvYkvqnR/P69s36mZ drone@c3d2"
|
||||
];
|
||||
packages = [
|
||||
(pkgs.writeScriptBin "reload-knot" ''
|
||||
knotc reload
|
||||
'')
|
||||
];
|
||||
useDefaultShell = true;
|
||||
};
|
||||
}
|
|
@ -1,197 +0,0 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
|
||||
{
|
||||
microvm.mem = 2048;
|
||||
|
||||
networking.hostName = "mail";
|
||||
|
||||
c3d2 = {
|
||||
deployment.server = "server10";
|
||||
};
|
||||
|
||||
mailserver = let
|
||||
inherit (config.security) ldap;
|
||||
ldapFilter = ldap.searchFilterWithGroupFilter "mail-users" "(uid=%n)";
|
||||
in {
|
||||
enable = true;
|
||||
certificateScheme = "acme-nginx";
|
||||
dmarcReporting = {
|
||||
# enable = true;
|
||||
# domain = "c3d2.de";
|
||||
organizationName = "Netzbiotop Dresden e.V.";
|
||||
};
|
||||
debug = true;
|
||||
domains = [
|
||||
"c3d2.social"
|
||||
"netzbiotop.org"
|
||||
];
|
||||
dkimKeyBits = 2048;
|
||||
dkimSelector = "default";
|
||||
dkimSigning = true;
|
||||
enableImap = true;
|
||||
enableImapSsl = true;
|
||||
enableManageSieve = true;
|
||||
enablePop3 = true;
|
||||
enablePop3Ssl = true;
|
||||
enableSubmission = true;
|
||||
enableSubmissionSsl = true;
|
||||
extraVirtualAliases = {};
|
||||
fqdn = "mail.flpk.zentralwerk.org";
|
||||
ldap = {
|
||||
enable = true;
|
||||
bind = {
|
||||
dn = ldap.bindDN;
|
||||
passwordFile = config.sops.secrets."dovecot/ldapSearchUserPassword".path;
|
||||
};
|
||||
dovecot = {
|
||||
passFilter = ldapFilter;
|
||||
# userAttrs = "uidNumber=uid";
|
||||
userFilter = ldapFilter;
|
||||
};
|
||||
postfix = {
|
||||
filter = ldap.groupFilter "mail-users";
|
||||
mailAttribute = "uid";
|
||||
# uidAttribute = "uid";
|
||||
};
|
||||
searchBase = ldap.userBaseDN;
|
||||
uris = [ "ldaps://${ldap.domainName}" ];
|
||||
};
|
||||
mailboxes = {
|
||||
Drafts = {
|
||||
auto = "subscribe";
|
||||
specialUse = "Drafts";
|
||||
};
|
||||
Sent = {
|
||||
auto = "subscribe";
|
||||
specialUse = "Sent";
|
||||
};
|
||||
Spam = {
|
||||
auto = "subscribe";
|
||||
specialUse = "Junk";
|
||||
};
|
||||
Trash = {
|
||||
auto = "subscribe";
|
||||
specialUse = "Trash";
|
||||
};
|
||||
};
|
||||
maxConnectionsPerUser = 10;
|
||||
messageSizeLimit = 10240000; # 10 MiB
|
||||
monitoring = {
|
||||
# enable = true;
|
||||
# alertAddress = "example@c3d2.de";
|
||||
};
|
||||
rejectRecipients = [ config.mailserver.dmarcReporting.localpart ];
|
||||
virusScanning = false;
|
||||
vmailGroupName = "vmail";
|
||||
vmailUserName = "vmail";
|
||||
};
|
||||
|
||||
networking.enableIPv6 = false; # mail is stuck in the 80s
|
||||
|
||||
services = {
|
||||
backup = {
|
||||
enable = true;
|
||||
paths = [
|
||||
"/var/lib/dovecot/"
|
||||
"/var/lib/postfix/"
|
||||
"/var/dkim/"
|
||||
"/var/sieve/"
|
||||
"/var/vmail/"
|
||||
];
|
||||
};
|
||||
|
||||
nginx = {
|
||||
enable = true;
|
||||
commonHttpConfig = /* nginx */ ''
|
||||
proxy_headers_hash_bucket_size 96;
|
||||
'';
|
||||
virtualHosts."autoconfig.netzbiotop.org" = {
|
||||
enableACME = true;
|
||||
forceSSL = true;
|
||||
serverAliases = [
|
||||
"autoconfig.netzbiotop.org"
|
||||
"autodiscover.netzbiotop.org"
|
||||
];
|
||||
locations = {
|
||||
"/".proxyPass = "http://127.0.0.1:4243/";
|
||||
"/initdb".extraConfig = ''
|
||||
# Limit access to clients connecting from localhost
|
||||
allow 127.0.0.1;
|
||||
deny all;
|
||||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
portunus.addToHosts = true;
|
||||
|
||||
postfix.mapFiles."valias" = lib.mkForce "/home/root/valias";
|
||||
|
||||
roundcube = {
|
||||
enable = true;
|
||||
hostName = config.mailserver.fqdn;
|
||||
extraConfig = /* php */ ''
|
||||
# starttls needed for authentication, so the fqdn required to match the certificate
|
||||
$config['smtp_server'] = "tls://${config.mailserver.fqdn}";
|
||||
$config['smtp_user'] = "%u";
|
||||
$config['smtp_pass'] = "%p";
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
sops = {
|
||||
defaultSopsFile = ./secrets.yaml;
|
||||
secrets."dovecot/ldapSearchUserPassword" = {
|
||||
owner = config.users.users.dovecot2.name;
|
||||
};
|
||||
};
|
||||
|
||||
systemd.services.automx2 = {
|
||||
after = [ "network.target" ];
|
||||
postStart = let
|
||||
json = pkgs.writeText "data.json" (builtins.toJSON {
|
||||
provider = config.mailserver.dmarcReporting.organizationName;
|
||||
domains = config.mailserver.domains;
|
||||
servers = [
|
||||
{ name = config.mailserver.fqdn; type = "imap"; }
|
||||
{ name = config.mailserver.fqdn; type = "pop3"; }
|
||||
{ name = config.mailserver.fqdn; type = "smtp"; }
|
||||
];
|
||||
});
|
||||
in ''
|
||||
sleep 3 && ${lib.getExe pkgs.curl} -X POST --json @${json} http://127.0.0.1:4243/initdb/
|
||||
'';
|
||||
serviceConfig = {
|
||||
Environment = [
|
||||
"AUTOMX2_CONF=${pkgs.writeText "automx2-conf" /* toml */ ''
|
||||
[automx2]
|
||||
loglevel = WARNING
|
||||
db_uri = sqlite:///:memory:
|
||||
proxy_count = 1
|
||||
''}"
|
||||
"FLASK_APP=automx2.server:app"
|
||||
"FLASK_CONFIG=production"
|
||||
];
|
||||
ExecStart = "${pkgs.python3.buildEnv.override { extraLibs = [ pkgs.python3Packages.automx2 ]; }}/bin/flask run --host=127.0.0.1 --port=4243";
|
||||
Restart = "always";
|
||||
StateDirectory = "automx2";
|
||||
User = "automx2";
|
||||
WorkingDirectory = "/var/lib/automx2";
|
||||
};
|
||||
unitConfig = {
|
||||
Description = "MUA configuration service";
|
||||
Documentation = "https://rseichter.github.io/automx2/";
|
||||
};
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
};
|
||||
|
||||
system.stateVersion = "23.11";
|
||||
|
||||
users = {
|
||||
groups.automx2 = {};
|
||||
users.automx2 = {
|
||||
group = "automx2";
|
||||
isSystemUser = true;
|
||||
};
|
||||
};
|
||||
}
|
|
@ -1,184 +0,0 @@
|
|||
dovecot:
|
||||
ldapSearchUserPassword: ENC[AES256_GCM,data:NPbf6YO3JQjXOnx/1V+nkltTovO0/x9OlPp2d+kkZ/U=,iv:lKbrhoNw9zKXkVGtpw//w67xAXiTgEi2N9Z1SdWj4KA=,tag:DbekEccg9FZVpQcYcXiYLg==,type:str]
|
||||
restic:
|
||||
password: ENC[AES256_GCM,data:VMbQ/QX6naNqc7CxJ6ctd18sUyAoS4ssYYQdQtWQGxM=,iv:oB4x5p6CcMebk0wDcpqTkyZ7Mv7YN1Xhfxj4pR3u3Hw=,tag:G9eBnZHzq3YtLI1u12qhDg==,type:str]
|
||||
repositories:
|
||||
server9: ENC[AES256_GCM,data:Rvp0i87VAC30JQiJvcI0QSqXDeRXr7JqRGrLmxMI5GccSTjleK8Br0WgDTqpgKM8oqTX6PH5qcCeP58KhG6W7Ow7N6YKZhCc9w9fPQkQ+zIsqtQs7aXAINNtSH2P0A==,iv:wDRf3lv//WMyq1mL1UEVPJtb6Ye5Pr5KIGlBFSzV/x0=,tag:o0LLDwYUeB8GutG7ZOo4Sg==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
azure_kv: []
|
||||
hc_vault: []
|
||||
age:
|
||||
- recipient: age15t7hj27j6ccs8u7mfz8su3aa74g4dxp4crkgc3c0rs28hct7q4ssgk8zcm
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAwQ0p1NFJNZ2UzRkRQaVoz
|
||||
YnlXVzJLdS9pT0hhVi9OUzc0cjJlWFdGVG1rClczcGE2MGJYcEJBeU9aREJVVlRo
|
||||
alZCaVhrWE1DMXMyYXdibm51OG95TjAKLS0tIHFnMUpPT0thS2xBeXB1MUZOOFVK
|
||||
azBEdklKUTZwTVZBaGNGd1lwTlNva1kK6oiSn61SWRJhvzCQu4+AYfH+iCDta3lS
|
||||
gfXfwU+uMK8z9wcE+XRgzyaSLmJ7Dt4M4zse/HKAntEPL3R9o7K4Aw==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age12aukzah0pt2rck52hwn08kezyxueqz2f49ld7hpyuzmu847vavdqkunn5c
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBRNUVlUFI0K1M1anRxT2p0
|
||||
Y0pCdVVFWTJJbHpQalVlT1lnU2dIc0x2dVU0Cm4xQjVrZW9NQjZwTlFZVHJDeEJk
|
||||
Q0lSaUJrSDBOenFuVkliaEJMV2hCeU0KLS0tIHEzVzhqVklkUThjdzZQdStVQjRj
|
||||
ZUdaTUxGTWVOY2NwZEcvcmg5RThmbkEKXRRI+pIzT9dHD8OUfUxSY2pk/P8xgv5H
|
||||
Y5iOTS7t4QnS8O3jy1qwd4WraqQZXsTPUxvcJuVz+jHdLVmdU6ihow==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2024-04-13T13:28:43Z"
|
||||
mac: ENC[AES256_GCM,data:zp6O3C1BGvsXP/D26x1wQpTGabk/7cwVfeTpMS+je6co813xRku6yt4FTtd4HUocl2nORc94fIWJlnuSiLbYpXMkoZk6Mc0aupqwrOXJmLQ4rZMwxVWHaaFQUSFqRLABtTB8uTbJ3uHjhwZRdMxbtGR2K2elq5T6j0gzsBFQQ84=,iv:VtbpVlcS2rqHECltJ19g8NTSfnXCf2fqVxaolNKlqHc=,tag:8bLvwYML4ssb+uE4U+u0/w==,type:str]
|
||||
pgp:
|
||||
- created_at: "2024-04-12T19:32:17Z"
|
||||
enc: |-
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
hQIMA7zUOKwzpAE7AQ/+Jutci6b5WzHhPUcG6qjx9ijRu5A7E5WrbpqSovGY14k2
|
||||
EBZ8Bb+em54wnZeNZ+54d5pfLtl0Vh1W16rICoopRMEpfSIL0WQokz+TzhIAuOOw
|
||||
wDZLDhVx/sxL0FE/+tJ4tNTTlRvhwKdsPeQeR8vhIA2waZDGEptuz3frIoltaLsl
|
||||
0Kzv81KaDSKIJisodYFteKEKV4U85lV/MnfGYeZCb+KpCRlFtgJkQWyehHNEMZB/
|
||||
paH47FHDrs5oF7mvW75X+yAJZQpwiyRrBTrJRMUHHzRy8HuYXyfKeQt0tkAsjNa9
|
||||
tOWimEUC///TmoBAuxd7yKMvS/l4JAiFVdiBIsgRCByk9zljOT9x+cg/5cOTeS3H
|
||||
+aKaSkET5Hiiz1oGFxi8cHI0EmSUb9PomcEJHno6u6FiIqlPWVhKAB2lY8rKCRWH
|
||||
kQwJ67RlSNtc9d1/YSp0fpvx46GJw+TKX6sxJq3sy61NIjeAdbIhOotTISn7fgyK
|
||||
2H8MujtM3ExXbIxgpFbSuGc7s/zoDzdwx79xm5gNmk3jvUjv9VM3Kwj2Hwx3RrXe
|
||||
vaYPMxl1w9JAf59rwmjLDAMptXRd/qdk+idh7HVJI4IIrd1h0UqTsfDu9Dt/HfDC
|
||||
aukb3l1QxiQ4crz9HCDQP2YGuLrX5tclgs5diielEK/Tl6PSe91BKcETKwogrEzS
|
||||
XgGRyZY6PYX8WDj8nEaCjABzc5zH9Hjuu/LvXtiD7zUn2ogpPkjo6waiuVuE5lEn
|
||||
jFBr10p9P8XIvwLEy4FaK4Hc8A1jkp1fcW98+6kABzEG6arVSgr1o3vcxmbIg1w=
|
||||
=vFHQ
|
||||
-----END PGP MESSAGE-----
|
||||
fp: DD0998E6CDF294537FC604F991FA5E5BF9AA901C
|
||||
- created_at: "2024-04-12T19:32:17Z"
|
||||
enc: |-
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
hQIMA6j84+xkv3y7AQ/9HH3vPEKR84vKlzQuYs5aY3F0ZRuqmxBrNwyZxo53xM0b
|
||||
fq/wQ/b1BB9JjjI9i0u946QrIaYUjiC82v5ajWogAjpXuHt0IrQZqdORgNBZVSOg
|
||||
4VBhExIPLVza6SvvN/1M9VZQEgycnC684Fq3YZBy2LJVcb8m+ZuwJoehRbuI/Bzf
|
||||
4VPnjYK3wvmSN6lOk63c5jPG2gVzqBzvpC16DI3KLGbP/IR8tJjcMEnqpHbtdPwp
|
||||
9ngn5DLZMji97M3PBOuuY/0W99ObV1aizIEGdKDcQkwuUJGXfv1EU/X+w1W2JAm/
|
||||
dPUgX80+xPzT5z+ka1v7/BUs4jmW8EosNJDshqIMPKPONHK1zy/sCb5tyF0bULhg
|
||||
hwp6Vzea5ogPpoX/jqZKiyrUBRapcuqMwRqSFOuN8b5btKxebEqBvhWEIdK0cs4Y
|
||||
KWPfd23OHWiMBl1DIplS9lURTuMv+onUEKQYvVukznOmPrfxnhzJj5B1f+kFCB13
|
||||
D4ZDE1HUhPUpnDCnNtSui0cCW3r66aqODsVdbQhnk6FZmWj1aRk3OxTl5jUQYGst
|
||||
ynLRXR/Kwo4ReSchNAeOoTWuT4uhDeIF0PjtG4C+uNRLWXizG0XEzNQdS5Jut95E
|
||||
fe0hrgQSzx+/Z1VBFJMuA3y11uP9Oq5T+isMquGKjpEEeLyd4M1q3Bh+T2iFjorS
|
||||
XgEHwRbOxiQvC0TIc1Znjk3bh+sch8jVsZM+GPxculrXwLVydrEeBx8kXdPUgieG
|
||||
p9RqP1wkeXO2Yr6lJfW6t9J+56DDDycn5EHqaPhcN22fvjrcUsQMGYMo8lg9/xM=
|
||||
=zKJj
|
||||
-----END PGP MESSAGE-----
|
||||
fp: A5EE826D645DBE35F9B0993358512AE87A69900F
|
||||
- created_at: "2024-04-12T19:32:17Z"
|
||||
enc: |-
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
hF4DqDJbhoEBo+ISAQdAslG8/2evMgjnjd79b0Y++mYS5CUAy3Z7DDVESSjjrAcw
|
||||
fcVKtjacM+mmV0ngtVhYrqkeYv1PqOlfmiQRNVu/8pftEIOu5ehL0rDqLM6iEYef
|
||||
1GgBCQIQTadoM7Nhu+2LDDbRDQsI4G3TNrX+lnfTL3XxYW4wA6Eq/94KppMoIfjF
|
||||
uU6/jEs7V1iUERTUtwttag1abH0zwNrNngz2TSlIGtj36HCMilB+4ArJdysITLh3
|
||||
CMbn1VZTBBq9/g==
|
||||
=wRSW
|
||||
-----END PGP MESSAGE-----
|
||||
fp: 8F79E6CD6434700615867480D11A514F5095BFA8
|
||||
- created_at: "2024-04-12T19:32:17Z"
|
||||
enc: |-
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
hQIMAwMCBBrc/JA6ARAAx9hrzJmgjV21zsuDAtF3It0H5dqsEBiTPxQLNvzXn4xd
|
||||
PqO6gJ5nn1tTlgJW9vD+4jK7DmmbebwBPT3jHYblQRSjldwI9l7N0XDWR3zoyVNp
|
||||
PDHcGy6dUPa5h7EP1eK408qWBXdZV/5dxrMSWCTsDJlsyJwpn8+4csf5YSD5Mc/y
|
||||
EnzS3/5xOkQytNAioqA9KsNxgIv91kjJrtZErvoLZfeHsEyoRhUkmwIl0PY2Ff8s
|
||||
PPwxUKGgeosjX7mwkg9B8KGn51CRemqeuPMGhdJB5g6+gViMa8qHOIzYYCCTun9W
|
||||
089HgvqdkkrflJsdTSsGi+l+Rw006DXiZ61Kn18CQ+yESUjB/hZUJl7ZSrDfM+CV
|
||||
3UM1/Szplne6xDK0tMRqdHqpJ2aFAXh8C7mSno2mDRc1WNXGfky6Hpc296aNY2rH
|
||||
NalRQ7lnk241j6iFRMAajkOO7xhb8pyGSIC3ZWvwJ3C05kFpQlmeC9goUUzALNEY
|
||||
XQBAZ4VYsi66CWQeMVkYHT775d2ybVW1RU7E96AygcMVPK9YsH0pmxOIG+AAud4K
|
||||
dSKCi6UuF/ucfvLbUheIuxjc6EHArB+ZWclS7jn4sDlt8YO9KoG5bMXPh8+UMXrV
|
||||
rI4FGsaqVK7Y3VMl1dpl1170RSxNK3CjGvxPXf9VWm1AX5DEzn0kvc33HkLJ1VDS
|
||||
lAGfoxjeKYlpVE72QCQiEHvdrNmeaXo2lSdEp3sowH1Xv78Zi0ppZgxIdy+TPNA1
|
||||
qZ8LqA2U26eUqDEA2jgdLzOcqZbTB3pRwzDpE8uJAuPfqHzvh+JuxB8QDD44i5Tb
|
||||
Ulj5pM3f32wkzn45EIPmgtCiqBHeOv06l8VSRJbh7DUolfNKEMZXHTlG90TuWMJ2
|
||||
67zxQeQ=
|
||||
=vdi4
|
||||
-----END PGP MESSAGE-----
|
||||
fp: 4F9F44A64CC2E438979329E1F122F05437696FCE
|
||||
- created_at: "2024-04-12T19:32:17Z"
|
||||
enc: |-
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
hQIMA/YLzOYaRIJJAQ//b9K4yJ/Kh+9QOYfWiwysUBoBR8H4veFe4K3dY0FWFdPk
|
||||
dAua/g89MmA731qsNU4m93I4uYMUpR7ALL0rWBnjp0pmnXtPF321obM63JXRYX/a
|
||||
SiVlgp+M99Z/G3ENBtJ4mTkA8uD4PYwbefIA4CucnE52d4dl/Lpu8E2gdMigceo4
|
||||
Ev88sF9Tncqpl1xBxlPSAXSR4b2zjQYceF+1HZmGdRp41odrbU+ZrL9BHreVp0R9
|
||||
+WDqXLrYQhP1t1n7Fg95wuQCsLvtdJDP1w8DQqYcynl4XbgG4vQ9Bcl0RguOT+CO
|
||||
ndzJddivIoJpiT17kxHjl+o5L55blo7pdI/+mSjxo6HhvFcnCAYnJBSoWvFaDXm2
|
||||
j2+hYTR/ff98vCT+c56KrTjtP7b5z9ceR4VTYtugtFz7pQHUyHv7sl0Z9ljPOYjX
|
||||
4z5KVgJ2KzHsp2DR/EscZdcQKsrhAHImpIDoi6JDXDuXJS7emEjdzFaLOwqZqX5A
|
||||
r2wUAZi2YUCks5etqE5wQNJxR3zQSt2YX8iIr0ru0oYYcOsD1VDzz5n/84/2DxO1
|
||||
DtRpwVT6oh/ZxWVs6gAPqCGUZMDn8d5v6bmwWFrTVnaSGa4r3ek8J3s1eUMJql0h
|
||||
+I1vhiYqQJd1z2qNh8G/J4Wp/ryzwvTiqpMJ6f6zZfwaXruDdQNSpFwfCx54v6jS
|
||||
XgGcrxTlO6i6BrHiVlSJgATqQWq8YRljxHYKgDeh6X+PcmKk/yXLEyLZg0mBLqxF
|
||||
0EtPVN35XDji4s4j1Q3EVETZJ9z9EElheA+MIdiRnr6KdrEAQtPGj4xj59y51LA=
|
||||
=5yZb
|
||||
-----END PGP MESSAGE-----
|
||||
fp: 91EBE87016391323642A6803B966009D57E69CC6
|
||||
- created_at: "2024-04-12T19:32:17Z"
|
||||
enc: |-
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
hQIMA9qJIVK2WMV7ARAAga2P3hNj81tj/syTQpAxiohjNTiyyO8VKMErfMLByxcy
|
||||
gQRDBUT7K5UhuxGyiQZ9qvQinih9P559zIGe8hH4kF6+PoQ++O2BmqtcT4TiAWe5
|
||||
U1TWmhleDAv1b0M0MQ3r+cImLctnsjbIt29DiEOpiv/Qo3TGpen/cy6Rdng68jFp
|
||||
UAJVRJmpy65RsHCr6PbkxS0U9CgmgccsZKt6eoijeOBA4mvHqhP5Nf/JXvmuF9dU
|
||||
KSkkYdTs8IinQEeOthW8zT8Tm8UAcPTJPK185qbOEGStGS+8rXDgK5x1TTLOc0Sq
|
||||
9YVhJgKwLMinCjFK4KFyV2GuUhqGAg4r6X21uyjiHrfnlZjn3Pv2l0rbCqjJ8KGp
|
||||
FNrJTBUGAELHjd+PjAd0yBFp+xorexx3Y/X7Zawa5CqfXyLLGaV8BCjziqyL2MEl
|
||||
olHwo7nf0kv7jr44NwSI8JNJ2TOe6la4xYhYbSidqOIKT1c4YymxMMqWtD12b/iz
|
||||
pxbJa0DfnuX99oXsUgTQMrpC1AZxFfQgoac1CA6SFQh+HYEObuS6oaQogLVTo08s
|
||||
aqNpZOI4ZeyCdwVh5nLFoFeIa9fb9iszhmrlYlKaTmfZXDs5zkaSzt9AXLitCp+0
|
||||
0UwKTLvHYj2JmuICHOg/67ymb0P2NCOforkfwkEJDfP0njmLNBeEe/EBlytRel7S
|
||||
XgHWaH2Qlb6BNMj9Snyp5m7bYHjwwmqblSZoXPXL/qvtdrAM3xBYNlt+6gBCBQnu
|
||||
37hczx3Baj2RXaHDcIiQchCs8ohJRJfM0jB8y6lXL4v5ri6qMsPBVdt1BOdCiDY=
|
||||
=Zuev
|
||||
-----END PGP MESSAGE-----
|
||||
fp: 53B26AEDC08246715E15504B236B6291555E8401
|
||||
- created_at: "2024-04-12T19:32:17Z"
|
||||
enc: |-
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
hQIMA9XEenRNYVGHARAAw3q74FPqPAo+kcRPfjTcb25AkuEuV5hH8zTidv4z6sp5
|
||||
eeEk58eZj94VRmHDHHv6dVzXKFxfxgK1hWNNjt9EDdPxcS7WxRSTSG9YhV7OAcFt
|
||||
lyTQQt9PhRsMXyIdS7hZu+mF27N5/7+kkHf66yaoruShvrIXjHhIMhjBHqNw/wa2
|
||||
PCWSQgRsqg5lscfikuP2bHCmk20g4sdkU/oiF5Yux7Z9SYDobwCpOxqO3a0r18vJ
|
||||
sY7aQVQ2XRstpVv1OzQVsydSb3hatFNPNFsU8/mvMuRsbcZh08151N/bmR5XnEDf
|
||||
wuhRem1Yr8A0h0c31ar7LpoUZmbyRUacz3Ylq7V4IMFsFJxW4bHJ9AgPumAYRDN6
|
||||
ZKWSQhZaug6+bsjM56WreG89eWItqRnD3RxKC28/sNJvMYdycjiUaEKdi0lz8Lrb
|
||||
XWUI7yiJlsW6C2dbryiZrJHG99ErqZUyCxrOiSqgBWGZuFaErdpWAjvPmrHaevNT
|
||||
yIJg9Ax4G7j6MdKwoQvCefjKmPj4mVLtXu5n9dnOT+LHl7lXGGISqEFN1pKno0uz
|
||||
npXLVWex149EkZztj9X+MxN6r4Tr5Qwcc2R4UTtQj7eG0lZC9ZGBc0Er0d4CFCBi
|
||||
Odc7/wPYRM9Jr3NJrtVCrwYFyXveE1dN+lO+Pj88UxeIhWNDTF7ysy0Rn9oFgbPS
|
||||
XgEbvAeGJD6XEMG5p2FXnYj8vG9azr88/ecwb7B80xyaHJk4TEvcQqbBdr7cI/tl
|
||||
98KTRuWMQI/ztpsR3bNDSdk8fXPoMWSAYpCiuzkxwaEwo4KMakt+kTjkAFLkhxQ=
|
||||
=+38B
|
||||
-----END PGP MESSAGE-----
|
||||
fp: 4B12EFA69166CA8C23FC47E49CD3A46248B660CA
|
||||
- created_at: "2024-04-12T19:32:17Z"
|
||||
enc: |-
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
hQEMA45bZkLXmBFpAQf9GGtPG2Q/RgsLBM0rNwLRd8PT68FkeWZXyiGwQCzBRiZ4
|
||||
oVi6TMdezVPT5Gjo9HTbM5LOCvewup4VV0w1/4R8jdpP80hRJFpOrwIbjNyGYfYl
|
||||
oQ3wiM12AdlT4/xBdJuN6eQqCo2CoI5CkqoCjaNw6PqT/8xWt22pA/rBHT9b0V3+
|
||||
e/0Hf1eHCQscKrzALCw0zuVhXLfvJyuRMjm4mSB558FRz0teAHJd9we/7KfHbCuH
|
||||
f3DKp0Dy4GE0HGrA3huOOY71Z3Ij+/azNTXSt6XohmiCUwqRbT/iKABM5k2mQU9R
|
||||
AyLio3mfcVhM4FzacZpPEFbhojWGQtASnT3pP08MttJeAf8oGSuHTkt+6liTOjQr
|
||||
TnNxTq14TnL/I9dBhS86pSMTYG33zHHvc3qNbBW0a3R3DFtcE1xmwH51YI0ieg5U
|
||||
jyQszbYEmfLLjuhtEo8K+WSzwwbL+Qu7/qm/6BgHPw==
|
||||
=c+XU
|
||||
-----END PGP MESSAGE-----
|
||||
fp: A4B0F5A80C2E2448A97BEC25BB829C4DECA6CCB9
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.8.1
|
|
@ -0,0 +1,228 @@
|
|||
{ config, pkgs, lib, ... }:
|
||||
|
||||
let
|
||||
domain = "mailtngbert.c3d2.de";
|
||||
|
||||
ldap-auth-config = pkgs.writeText "ldap-auth-settings" ''
|
||||
uris = ldaps://auth.c3d2.de
|
||||
dn = uid=search,ou=users,dc=c3d2,dc=de
|
||||
!include ${config.sops.secrets."ldap/search-user-pw".path}
|
||||
|
||||
auth_bind = yes
|
||||
auth_bind_userdn = uid=%n,ou=users,dc=c3d2,dc=de
|
||||
ldap_version = 3
|
||||
base = ou=users,dc=c3d2,dc=de
|
||||
scope = subtree
|
||||
user_attrs = homeDirectory=home,uidNumber=uid,gidNumber=gid
|
||||
|
||||
user_filter = (&(objectClass=person)(uid=%n))
|
||||
pass_filter = (&(objectClass=person)(uid=%n))
|
||||
'';
|
||||
|
||||
in
|
||||
{
|
||||
microvm.mem = 2048;
|
||||
|
||||
networking = {
|
||||
hostName = "mailtngbert";
|
||||
firewall.allowedTCPPorts = [
|
||||
# postfix (smtp and submission)
|
||||
25 587
|
||||
# dovecot (imap)
|
||||
143
|
||||
# managesieve
|
||||
4190
|
||||
];
|
||||
};
|
||||
|
||||
c3d2 = {
|
||||
deployment.server = "server10";
|
||||
hq.statistics.enable = true;
|
||||
};
|
||||
|
||||
services = {
|
||||
backup = {
|
||||
enable = true;
|
||||
paths = [ "/var/lib/dovecot/" "/var/lib/postfix/" ];
|
||||
};
|
||||
|
||||
portunus.addToHosts = true;
|
||||
|
||||
postfix = {
|
||||
enable = true;
|
||||
enableSmtp = true;
|
||||
enableSubmission = true;
|
||||
enableHeaderChecks = true;
|
||||
domain = "${domain}";
|
||||
hostname = "${domain}";
|
||||
sslCert = "/var/lib/acme/${domain}/fullchain.pem";
|
||||
sslKey = "/var/lib/acme/${domain}/key.pem";
|
||||
networks = [
|
||||
"127.0.0.1"
|
||||
"172.20.77.10" #TODO: take ip directly from server10 config
|
||||
"[2a00:8180:2c00:284::]/64"
|
||||
];
|
||||
virtual = ''
|
||||
postmaster root
|
||||
abuse root
|
||||
root root
|
||||
garbage root
|
||||
'';
|
||||
#TODO: where does root get received?
|
||||
config = {
|
||||
myorigin = "${domain}";
|
||||
mydestination = [
|
||||
"127.0.0.1"
|
||||
];
|
||||
mail_owner = "postfix";
|
||||
smtp_use_tls = true;
|
||||
smtp_tls_security_level = "encrypt";
|
||||
smtpd_use_tls = true;
|
||||
smtpd_tls_security_level = lib.mkForce "encrypt";
|
||||
smtpd_recipient_restrictions = [
|
||||
"permit_mynetworks"
|
||||
"permit_sasl_authenticated"
|
||||
"reject_unauth_destination"
|
||||
];
|
||||
smtpd_relay_restrictions = [
|
||||
"permit_mynetworks"
|
||||
"permit_sasl_authenticated"
|
||||
"reject_unauth_destination"
|
||||
];
|
||||
smtpd_sasl_auth_enable = true;
|
||||
smtpd_tls_auth_only = true;
|
||||
smtpd_tls_protocols = [
|
||||
"!SSLv2"
|
||||
"!SSLv3"
|
||||
"!TLSv1"
|
||||
"!TLSv1.1"
|
||||
];
|
||||
smtpd_tls_mandatory_ciphers = "high";
|
||||
smtpd_sasl_path = "/var/lib/postfix/auth";
|
||||
smtpd_sasl_type = "dovecot";
|
||||
virtual_mailbox_domains = [
|
||||
"${domain}"
|
||||
];
|
||||
virtual_gid_maps = "static:5000";
|
||||
virtual_uid_maps = "static:5000";
|
||||
virtual_minimum_uid = "1000";
|
||||
virtual_transport = "lmtp:unix:/run/dovecot2/dovecot-lmtp";
|
||||
virtual_mailbox_base = "/var/spool/mail";
|
||||
message_size_limit = "40960000";
|
||||
};
|
||||
};
|
||||
dovecot2 = {
|
||||
enable = true;
|
||||
enableImap = true;
|
||||
enableLmtp = true;
|
||||
enablePop3 = false;
|
||||
enablePAM = false;
|
||||
enableQuota = true;
|
||||
createMailUser = true;
|
||||
mailLocation = "maildir:/var/mail/%u";
|
||||
mailboxes = {
|
||||
Spam = {
|
||||
auto = "create";
|
||||
specialUse = "Junk";
|
||||
};
|
||||
Sent = {
|
||||
auto = "create";
|
||||
specialUse = "Sent";
|
||||
};
|
||||
Drafts = {
|
||||
auto = "create";
|
||||
specialUse = "Drafts";
|
||||
};
|
||||
Trash = {
|
||||
auto = "create";
|
||||
specialUse = "Trash";
|
||||
};
|
||||
};
|
||||
modules = [
|
||||
pkgs.dovecot_pigeonhole
|
||||
];
|
||||
quotaGlobalPerUser = "1G";
|
||||
sslServerCert = "/var/lib/acme/${domain}/fullchain.pem";
|
||||
sslServerKey = "/var/lib/acme/${domain}/key.pem";
|
||||
protocols = [ ];
|
||||
mailPlugins = {
|
||||
perProtocol = {
|
||||
imap = {
|
||||
enable = [ ];
|
||||
};
|
||||
lmtp = {
|
||||
enable = [ ];
|
||||
};
|
||||
};
|
||||
};
|
||||
extraConfig = ''
|
||||
passdb {
|
||||
driver = ldap
|
||||
args = ${ldap-auth-config}
|
||||
}
|
||||
userdb {
|
||||
driver = ldap
|
||||
args = ${ldap-auth-config}
|
||||
}
|
||||
service lmtp {
|
||||
unix_listener dovecot-lmtp {
|
||||
group = postfix
|
||||
mode = 0660
|
||||
user = postfix
|
||||
}
|
||||
}
|
||||
service auth {
|
||||
unix_listener /var/lib/postfix/auth {
|
||||
group = postfix
|
||||
mode = 0660
|
||||
user = postfix
|
||||
}
|
||||
user = dovecot2
|
||||
}
|
||||
|
||||
protocol lmtp {
|
||||
postmaster_address = root@c3d2.de
|
||||
}
|
||||
|
||||
protocol imap {
|
||||
mail_max_userip_connections = 100
|
||||
}
|
||||
mail_uid = ${config.users.users.dovecot2.name}
|
||||
mail_gid = ${config.users.users.dovecot2.group}
|
||||
first_valid_uid = ${toString config.users.users.dovecot2.uid}
|
||||
'';
|
||||
};
|
||||
nginx = {
|
||||
enable = true;
|
||||
virtualHosts."${domain}" = {
|
||||
forceSSL = true;
|
||||
enableACME = true;
|
||||
/*
|
||||
locations."/rspamd/" = {
|
||||
proxyPass = "http://127.0.0.1:11334/";
|
||||
extraConfig = ''
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
'';
|
||||
};
|
||||
*/
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
security.acme.certs."${domain}" = {
|
||||
reloadServices = [
|
||||
"postfix.service"
|
||||
"dovecot2.service"
|
||||
];
|
||||
};
|
||||
|
||||
sops = {
|
||||
defaultSopsFile = ./secrets.yaml;
|
||||
secrets."ldap/search-user-pw" = {
|
||||
owner = config.users.users.dovecot2.name;
|
||||
};
|
||||
};
|
||||
|
||||
system.stateVersion = "22.11";
|
||||
}
|
|
@ -0,0 +1,172 @@
|
|||
ldap:
|
||||
search-user-pw: ENC[AES256_GCM,data:Mq7/jNiK98v5GiE3cIORRlqHCWEdQyPuKKrpfiUsc3cguZQU4gLtKl7CKEw=,iv:PI1+hYfIvswbFxwVhpJtK9wnVoi/4CBjy6JrG3YIR9w=,tag:yehHG79bH+FzpP6wJ8dPyw==,type:str]
|
||||
restic:
|
||||
password: ENC[AES256_GCM,data:VMbQ/QX6naNqc7CxJ6ctd18sUyAoS4ssYYQdQtWQGxM=,iv:oB4x5p6CcMebk0wDcpqTkyZ7Mv7YN1Xhfxj4pR3u3Hw=,tag:G9eBnZHzq3YtLI1u12qhDg==,type:str]
|
||||
repositories:
|
||||
server9: ENC[AES256_GCM,data:I5x8C/KHQGx+TeLLQ8C+FK1mS7H0mnUpMfZNNn1pzSIhwofMpb4gE/df59egBoAuYh3WPC7TkhcgQlmzXod63HQj/n4pbjzu25LlzXBdsP+9MnIRSSINieg0mb4mJvRYRpyXasA1UzT8hmr9,iv:maerDVaopXLRsjdGC7FKOPj4Qd1UTW0KCbMpjx0CSTo=,tag:OBzP99qYNMIXh02cqJ8Axg==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
azure_kv: []
|
||||
hc_vault: []
|
||||
age:
|
||||
- recipient: age1jr5mc4ekmjf4uk2ue4xcuy0yl202phlu2t6c544qfj45ahzag56s4d0kzj
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAwWmdxZHFybE0wYWo1TU80
|
||||
NjY2TjgrTzdWYm52dDlMVkVDMUlKYWNlMTBnClRxMk5UcGI5VXA3ZExDSGZqWWFC
|
||||
Qk42a04yZWQwT2FSSUcrSldpQ3pLSncKLS0tIFhKWGs0NHVsQjNoNVdCOGQ1OVFX
|
||||
NFNGbzlNVG1DdVpaWjlLRWxMdUtUQ0UKZIWRyo9dSedG5koms/KYvR7LNF6CtZ85
|
||||
AJEG+a7RKgBV5vVRI/rDqjvWR7fv8r0hlKtLOtUsbysW5Ka74rAj7w==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age12aukzah0pt2rck52hwn08kezyxueqz2f49ld7hpyuzmu847vavdqkunn5c
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA3bE5NbVFXcFdrcDVZWVpz
|
||||
SzlMcnd3M3FYM3NMUmR0RHo1NHBKdlphZzE4CkhLYkgwZEVxS3NnMTRneHN3KzVu
|
||||
a2FkS1Q3ZVFiK2tnY3NsSVpDcVlQTnMKLS0tIGVjV1NmdEZubmZWR0srOUJZUjlN
|
||||
TUszOVJBSVFJKzBPQ3N0eGtydEViKzQKaxLy4cTrbfaXAh8EygkUEozRzOjKjlfn
|
||||
rBnDbsrjgWyab26LcTij2hNxIKUYjxQQso/Qnf2V4oKGtBpUhciwJA==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2023-11-14T01:38:16Z"
|
||||
mac: ENC[AES256_GCM,data:qcLIH2hfTpqH2+OdM04bw4Acz9UId1MZg6hiiXm0QMOl1tLfLD2snhGf1O7rVyra6kyBpw0XWbsrfChb5faoMfQrWvB730cA//lSCdnctbYqAx03uGEhF/ngmTqEYnExWmmafssxiqW55PbB88wqxHY0GUYc0UVgZs+9K7t84ts=,iv:CI8OXru8/j2/SlE5vhvq3FFc9WXmbTHyq4SgvU3xMSk=,tag:tQIa/wHFaO+Z6yvGLVS9fg==,type:str]
|
||||
pgp:
|
||||
- created_at: "2023-08-08T22:43:37Z"
|
||||
enc: |
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
hQIMA6j84+xkv3y7ARAAmFOc5++8Z7Qjhd+4Q4vStusJMwcfbvAMv8R+ZXVoRSE6
|
||||
rSKSjVtKny1W8PD+8Uv/J5Os17VAQssLPvsLs+PkDYHLF9mTFH89oJaORQMgyHt4
|
||||
BnEvsYvOOvdlNHFLeYbFY+YoF1hURdrVqDF65Yzi6XrSlBsOPqyvQZzznTdlUyCX
|
||||
HUUk5KI6bIicxu2Ltz2fs1hT1K2yKlY92vSd+qrsqNsV2jFwS47cR1K6ffNcqLvP
|
||||
CVoUk/KwJ2JNoTfzVoPr+yfL3mD4i4kc3qFmvUQxzneEAm1uXMo6oXrxgNZfT8By
|
||||
YxFQ3uR38zBCiRHxA1FHSX8/MshkVyjGiUuhFrr/tGWKQZamnmsmUNFpAwTgbg8K
|
||||
FQYTkpFpzm+C3ozOa1gzmcHiolvKCapUU5FbCcnPoq+MsTClOiy5JvSSUNWPbH/z
|
||||
sH0fyNKFZxjJ2rBhuyp7LeuN7qM7OfcQi0EWoLYV63DrUXHvCo0IEha4LvhKFzCH
|
||||
/ezqAIyRYw4lMyyXQJMoZJnZrKz0s6tQHJ1htRwtt0/Bf75Xz2gr60pXsi3ojqer
|
||||
zNMJHFlMvMURjwcaBhQS6EkbLLG115pUIXT5n+U3coFe8kzS9m1PeuXGagtDhUIu
|
||||
Y9RaWeusSYc6MowraM8oBsUVSoTBqeBYtz1KKpPM1vX6PeOM06BO9a5bncMkP6DS
|
||||
XgEkLhC6DQZ7rOhn2jPRPO43AHujhfKmYd8YLy440GKlLWQtPomg42uv4a6vSdre
|
||||
CCGkoedPfrZ7xDUxdIRgdxtahIVeNMPbaEt7fDFspSSGLiKOuFYHiqlsGx1O42Y=
|
||||
=93DD
|
||||
-----END PGP MESSAGE-----
|
||||
fp: A5EE826D645DBE35F9B0993358512AE87A69900F
|
||||
- created_at: "2023-08-08T22:43:37Z"
|
||||
enc: |
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
hQEMA45bZkLXmBFpAQf+LdS4p0p3nSZCBszkGSKmJ4MXitvZGSViKmMBk7kz/Ux5
|
||||
aJC9NYUExu6fVmSHF5xtbuBbF4zu+p/cgcfZE6vF1xgRMwd05yLqvMdEEP4PwqF/
|
||||
F1J7dIJvjFKsOMdc+FnZBS9aKAdL5JW8LxblEbgGx7E7gU429dVPyxNTfTqFa5g7
|
||||
ypS0nZtXgUpLNvnU0jEoL0+fkLJ977WXz5EtZkX4xgi7FooNuspnndTsmTiPifI9
|
||||
PpLpdAcrzD0RcwBFt+dTgQnQHZltpgkaOHiDijepkK3zADtIrBpCjmIjBuPKUn8r
|
||||
3eMN4Fh1nCmXM08XVgeyfCACOsvDDdReC4ShctJL2tJeAQPE9rhw0ByW1iFQ3rG9
|
||||
D2JRF4rgnS1ADNdeOg7H29YXBpCnE/VBU9CSui5kX2O2bqaFtLfQqLSXwyQoJ+5V
|
||||
gKhF7r7/dUQ53CzbxJRyRvG/HcsqpUMkcC5Cu45zgA==
|
||||
=pbkF
|
||||
-----END PGP MESSAGE-----
|
||||
fp: A4B0F5A80C2E2448A97BEC25BB829C4DECA6CCB9
|
||||
- created_at: "2023-08-08T22:43:37Z"
|
||||
enc: |
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
hQIMAwMCBBrc/JA6AQ/9FIPT7v8T6o4Paf9XQWQJuTbEJ5lC7ULeRF198553gSgR
|
||||
IJwSvCsGHWxJ58H3x1cW7zpidp2eZE7bkAFCKK+v7ed3JQeEQ5/LnrSV1ePKHImy
|
||||
lN8SWesmoHo2TjrYUeZRSZnhzrNllGP9kMXBzjOYC6R/3CCGB4ZBdiWxg55gMzoy
|
||||
vks/Xnv5+WTyHXo0HiDnQHEz2Y4/wEfLAO1G8b/cRMtUzRbwaEgvHgEgoFWBa/21
|
||||
pGv7LLaCMi55JJ5L8mUkYjasPCmJ92RTQkf6oCvxTbi+MLDt+4nF4Fw6Lx79ksQk
|
||||
zyEW9Zz+9J4d7Zzxefk/m7mforL44J6IanXiY0SiC4Y+aSTg1DqEQedzIQZNqroR
|
||||
cFFAolnCnLmqfGpNo8WUaxiUaVsP2qoYTY/zM6gW22Tq5V+TxPg7e9zUGTIX5Rt6
|
||||
mEQf+9lx8TJX1JJe976Oerr6GAgateYOda0tj9MiXFx1vcwedRO0uUzNUb7GWRzc
|
||||
ERvojvMDQQf3bITZQabnifYh/7SfT+Tobryd2fOpPuYtkKNQGYiX0QWO4+IqN7Gd
|
||||
VH/UxSxbJlu/ETYzMUYjG2RU/9kypOBFK4nhdZroR6USBMPiz9flkjr1zEQKX5de
|
||||
/JMFXNi/KHPJ/x0NqcNT+m8pj/Wz0+KV3A/gwYUOL4BX0Z9WwAKxle+O/kYmylnS
|
||||
lgGnN/QfKQrE8fVQfA4fMEfY27i8dSissZEiaZqDy4dQ5AEF3mVzjCbiwb6dD4TF
|
||||
L/gRVJveHEOTKaWvec2gkX2iyNpC0njOcIYZiXgE6d8hJja8twYy7AxjPMwlvMW5
|
||||
8/P7TgHfXsbvIdkLp4iYv8abRHeOqaFrbPyyA38ju4tdjUfnEb3pZX8XWgIX5oUR
|
||||
SQQkCPCxPw==
|
||||
=8KfW
|
||||
-----END PGP MESSAGE-----
|
||||
fp: 4F9F44A64CC2E438979329E1F122F05437696FCE
|
||||
- created_at: "2023-08-08T22:43:37Z"
|
||||
enc: |
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
hQIMA9XEenRNYVGHARAAgSvJTTwVvCIYED6Z1hpUNr7SG4KaqQ38LuRCJL5jbhHj
|
||||
5vpFy2LQtjCJjLVSf6qgcmuaGEZiOgAO4GGbza7/ITwblP3kEH4LRp5lvXnLdZa1
|
||||
P8A9F58UTpXgHgxNOl7XG7EiYs7OcY7fXSpEla2R7TDY+fn1PUShI2vkuUYM9Dum
|
||||
4Npcg5hezqa10tRTu51LAqLHNdjSDfLjrKnS0JKBG3Wd34bIIu+m4t7NEkl2fQib
|
||||
qT1axQ0NH2+KTx0I2XLqfjL76CPWP+O19jhIdzL1SESjTAtgfdaBo+EE2+MzAsRR
|
||||
/ZMmutjdBa8eh2kmGtnP/YUBy1OXHnBjUhVSgInF1F/bnV9ojkQFfZVycOW/qXFZ
|
||||
yoIWvt4ta9CZjnPbBc2LdbSIe+8VoAMiMltxwYq9X4SiX5fHe1VXU8FkMxJziVb0
|
||||
jKCt1yI6shqBD0UV2aZEzu6KqNFtF62PFSo0elrA8zpQkKrYMWwu0mrOPkJigigz
|
||||
9HGFJGgdJue3ciEhiktHN1PDSs/wM+6gN2DbAkSvfK+5JUY8cHyYrozhGROHmlxJ
|
||||
1rtEzthUgoXXvAb5Vswc0i4wppMMIBvDiHhLpRO7xRZeMW+OPaWh8jXlUBLI8hbc
|
||||
k44k5SD9KOYuq8OfsDxiNqOrOXHKq1LqefoRrQo0kn143mPFwrp5Iz6RXr87Mh7S
|
||||
XgHozQ6/tcyzOr1+4CYMcLG/JF3j2MJZMDMd++4UczLEu64h5p2vwd6YvrH36VNG
|
||||
WD2HCIhwnCPh7HS/Ix/H0X1Ru+zOdDUKF2UDxnzgel9tTjk/wX+Wspk/ScdqePg=
|
||||
=nNAZ
|
||||
-----END PGP MESSAGE-----
|
||||
fp: 4B12EFA69166CA8C23FC47E49CD3A46248B660CA
|
||||
- created_at: "2023-08-08T22:43:37Z"
|
||||
enc: |-
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
wcFMA9qJIVK2WMV7AQ//aoP1NdEm02LofcDbue9K+gYnSOa1/6PBaC36c02nfloi
|
||||
alSFWOjKP3XPXPYiIifF+VFfosIvAepF8UjiHarieaHsKmuShn4gbdm75QAAu+9Q
|
||||
sBMxaOREh2B0GoieVKtJBbpXINPKCUpGGobPP7j15L/Pl2tK9YKt2H1kmaTAdfMr
|
||||
Rh4iFDGuwl9tN17X/oLdJE3X+kkb9K3do9IwgDPJs9DX+Pg/b77y4JB34z/RbRnv
|
||||
AiPmyn6zV8EBu4ANgOfNcwrI+ql3IEneiBFCP+H3G7a9CzCztXd6bHpvF07ooqK1
|
||||
v/kZ64iEHUqXfARs5zrvEZhvi6bq18oT7XKKXwIO9tVQ1Y+J8anIIDhsflAGMJuE
|
||||
9auctVJfoJqAVDHLDF0SkGdQLpCkSPcCmXdD9QgK79crzCHbW5i1WFYza6pYVKAE
|
||||
W9MKZBkRT/3T8yL9CgZW2BwUOyAcwWu7oeCcyXb7EaZ08er3gfDA7clbzLviBUNG
|
||||
eJjk0u4Wxcz+6/xdPEwXIXZC0f8K5HVaR0b9vrRLenyf97+hgeMXk645QFtI7ZZa
|
||||
wd41y4Np9sX+iydhPb2K/7sEFY1X2fCEKCRQ8jU2YtZwDxwtMT69218iPeIlAyff
|
||||
CGVMH2Wo4l9kM0DUI1KrKs2ssjV/E0xDmo9+7iaGDVNIkaN2R3V3QeyI5oDZIcrS
|
||||
UQGPTZkqXDPhfgmDL++oaYPd9hDNoWNVfJBdy1l8rkeRwQW0tuAD4T7K8G0ulkIw
|
||||
QvtXjiLgPK2IZb1dbRbwPu3wK9+eMWKTABLCD3XgJsl07w==
|
||||
=E1R+
|
||||
-----END PGP MESSAGE-----
|
||||
fp: 53B26AEDC08246715E15504B236B6291555E8401
|
||||
- created_at: "2023-08-08T22:43:37Z"
|
||||
enc: |
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
hQIMA/YLzOYaRIJJAQ/+NPcayuOcJch5Xz7HIJMjZvAXonvQYM4h0/IQ7/3JMnKS
|
||||
WBu55P/vCtQCI/w4EfDwrcTOrmesuai4Zs/fcGwEMNA0acz2kLzJ5zXjl14+AXyg
|
||||
S00JfUD5h06wR000s2xYPbtlwOiilRQtuGp+9V8PbBstygcAX1LWNrBTh7HPf/I7
|
||||
rjpaia8qMV9UciXvWIMlmOL1s3M56BUQDDGoHNKUYB0pHhXPhAjP5wVVHZx5cNBQ
|
||||
KGHwud8UGu2hZDUDf0bn8mEHFetd2YJ1jBCFoITEk89nKGyJfWDDqrlZDAbaOM77
|
||||
wl1rJBB27+FcmJNNefgkXKFmDDWCs8xA18Bf3ajTdTuw35VqNnrZuge76zSGk1x0
|
||||
2S2ZVrO0/OJ+8GsWBAfLn+i4XLpwjEFmqLxwVDMLSMWMswc7gPMoPi0+Fbz9ACZG
|
||||
sT3WDaHiThE9fdPzCUXVbiV9KNfYTNqeDwRsgq6RQamVj4ZpFpyY2iDgO4m7xa6G
|
||||
SrnW/fMbtw95LqpS+lBblKMZZVg1TAOfDkyz9AxlkjirNmDfTR8t//ppBI9fDKpx
|
||||
e0yiUuWoJOBJEnK+zAZ3Ux1OrkCHT1pQjKmFiUeYnHmsPKtcOGS35sBxowvZc385
|
||||
RLgsmY+uKfduZxegWutVHAjxaoYaeGmcYflk4Rzb4rSL41CWT/3FzEK4oJDt/jbS
|
||||
XgFwYdeXgSTC+YMiQ8FdvvKntGCWHNwa+i5ZZ7TQDoI609YWKui6RdpMMVGvZl1M
|
||||
qTj8aGNLD/QYV5m/hajyv2DDvu/KX0Y09otPmaXFJ6OVQUXMAheWbYvoATrWF98=
|
||||
=h44Y
|
||||
-----END PGP MESSAGE-----
|
||||
fp: 91EBE87016391323642A6803B966009D57E69CC6
|
||||
- created_at: "2023-08-08T22:43:37Z"
|
||||
enc: |-
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
wcFMA7zUOKwzpAE7AQ/7BBPyzS81qOcOm9ZN/UJ4NrmQ0B9iL/Vcn7Or6sbBvW+x
|
||||
Nfz/VqXUIOLZrCPpD/8hf7wCYIrC+MdJtC+bEwnaXgYxpwaNqlr7NehTBRr1iJVa
|
||||
fDUrpx6RGoClgSkgAs/yQ4QEq+4e+aF+ttEJAItipfc9+FYwlTY0Oh43FOxPWVyl
|
||||
/muKktyJnJzOXNz/k8YQzi3nP8sgCOvJdQftqIv1afhgeOClQukYVqLViCyl/cnn
|
||||
lmpjPFBVB3jsLeFGpStmlaFGOSWSNz4XZ4LqdwGM6oYEH5x4+mJCMHCbK+dZ613H
|
||||
RejgWioG+mJv4rF+5JeHPgcfqBzIr9sci63Ds7xUb8eXugqcKoDniGvoX2SZZ+AB
|
||||
bJo9mfqQ2ieEDlS3FOxxJXgtgtgjw0FCeqqwuUdfFr7H9YqRm5H7Ko9fbWqMCBsV
|
||||
D7XOjXm/gorROYehdSt3usE3JZ9pqfB7EmRJTdM2x2zf5dKN1Zzr/wzj3udUIkbs
|
||||
UbsIxu0+KXo9xjTNG9owGshAwH2LfrXllu1DsF1gVpkyS3JWSFOGxl/7ELwhUOmO
|
||||
weA7HPd/xQNfjKWL0XF2IXhCAX/l4LDLxUuVr0y9ALaZUOoK7REMgXO4gSG6JCd+
|
||||
WTUmytgLSJFq+Pw3F7KEqnB4ssE5uavi2GKsaDOOn5PIlhxyRAUUvjgxUYbbv+/S
|
||||
UQHjN4ZkVrK1y39fRH9ZZJSvJjtfsJiCmCtggIsGUaJe1DKqz2/heZr0fwxejLna
|
||||
h6gMWMvMA+4lf23vHc/vrS+LK1s07EBmv81tJhuinnL/ig==
|
||||
=ckwS
|
||||
-----END PGP MESSAGE-----
|
||||
fp: DD0998E6CDF294537FC604F991FA5E5BF9AA901C
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.8.1
|
|
@ -0,0 +1,76 @@
|
|||
c3d2.social:
|
||||
- '@mail@c3d2.de': ENC[AES256_GCM,data:u7o43T2FlE/bjzcKj5Hax9hbV8P1dIW8ztBJb4x3ppM=,iv:agUE6B8rmF6olyWM3/bu9sNej1oV2nw7EMLbh0TV8fg=,tag:xxt7yLsIBdLqpF3j2UMK4g==,type:str]
|
||||
- '@datenspuren@c3d2.de': ENC[AES256_GCM,data:dBaDf23yr/iOA4vYVek/n0Q5Iqyn7n87FjfqxPlhPP4=,iv:ViAvydufbTGFrccKOMgabOml6dvnoaeagfndcQ6Wda0=,tag:zesMmIuJVdDGbibI3CzifA==,type:str]
|
||||
- '@pentaradio@c3d2.de': ENC[AES256_GCM,data:f6IXL7FEqxL4mhXdIVl4nGmpGqX3ikkMZOcElX3LLOA=,iv:2AlrdC1M2uby7McHcxirRzqx3Y6gdeB04Vukmec5ChQ=,tag:R0zwSaxcNul7juvLb0Lclw==,type:str]
|
||||
- '@spacepi@c3d2.de': ENC[AES256_GCM,data:UiDYRSxcIHdOm8Oj5Lxq6LWmcdAvdz+6hgGDWTQcudU=,iv:HsFFP7217DGQ1LHuOmg9/XWYpa1+Dcx8mecQ34RqvJQ=,tag:x6EMoHUfEiZfiCAz1MgODA==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
azure_kv: []
|
||||
hc_vault: []
|
||||
age: []
|
||||
lastmodified: "2023-10-03T22:12:30Z"
|
||||
mac: ENC[AES256_GCM,data:kcUKoBX/pUhVM3GnHJiGZVAg5J4hFIfwpX8v+X24/EFz4f3RVPiJVCIskEwpIOQezy1O5vTYnwSUecH7SwfHD0ftMdaMcfBF0EkByPM/OuOjp2rSh87MCQ/tgHXmovQRa+hUiAyvIupLz+1Iyd4k+g4sI9ezaWGLh3ljpX4xCis=,iv:kIYkQTTPq7nj5676zroBH5IHtQDXdy9rHefwKWbX6LQ=,tag:iqa2Q3oyUJY1/rlxkbSU/Q==,type:str]
|
||||
pgp:
|
||||
- created_at: "2023-10-25T09:46:25Z"
|
||||
enc: |-
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
hQIMA6j84+xkv3y7ARAAgaNPeQRpW55d7cWEOSO/OHBCYVmTkXGKOzxsmz5GcT7C
|
||||
P//poPc0iooch/0qseAcSnqduM0ENMIvRIYT/kGzHGpm9Pj1XqrdVeeP0ALlnnC4
|
||||
Iad5wBS+glbXtaGwD3uHpiZjJeg0vEqsZWZ8G/gQs8UWaGsOORrj6UCOQjVkID76
|
||||
Y1wK+DXzM8Kv2PDMpI0+x4RqTFJss6B5WR6bGtxxDl8yv9HcdfZ7Z5sCxLS/UEJz
|
||||
MrRXSqJvm/ZWvxdhVQOBfSyYvrYZr2qjhs2bBzj4maHX6S/hK/0Gs6IreLBjqWfZ
|
||||
1R3ne+9SWKBC9pu6ZQw0/x8nZFoTz0uljY7vYxiGSiwJNT8MHsOS8LwgNTuyW6iX
|
||||
20JK7YepTpl/Z3CDDlkKU1o3uUMnE+reeSiXJNpI6AbYm90gZT6AC1KiyaYMiYG0
|
||||
JQGNbr0c59jJjxzK1GInu8k3vAL2ACrSvrBZp0IODeaX7HfE+f+tAwVQYugEXH/x
|
||||
cQ4jtBr/t+ur6ya/Al/T2aeRHOgVH0CPyjUuRHfaxpKuEEuSE6ifPkJ86PKdV8oH
|
||||
HDyS/S0+tjzJIk4nhgaKBV60gsy9SLeip46kyb8WEi8c5hcJ9IN5DL46eBfav5AE
|
||||
qfZFR+DarPC30Malz0hd3vtGED//zZdH/PpWgYPjzJXQNPrvfX8Mb2z+VPvf0hzS
|
||||
XgHKu3RNZ79ZXX0Yet3s+a2stDN48saLcy4c3KKUqCyhwcjTDbjCCGWtVE6NvkYB
|
||||
Xi++tU2CiWfTFHMiJKtRLuDvXSKJvDfk0phUVty7L8B/V1N+fcELknG0FCL+/c0=
|
||||
=oyA7
|
||||
-----END PGP MESSAGE-----
|
||||
fp: A5EE826D645DBE35F9B0993358512AE87A69900F
|
||||
- created_at: "2023-10-25T09:46:25Z"
|
||||
enc: |-
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
hQIMA9qJIVK2WMV7AQ//XCmAsNouI3zSkMC3o32SE+5GToIRINaZ+5FI+NXnfilZ
|
||||
j5YfG8XPf9GhaIQdzToUM+cF5ILiqzJ2SqIzwhxVwT5Aw3ybabFQM1db41t/AYFs
|
||||
k+ICfq1eScrLkfRMwB6vEMo1nOIUUytsnf80Sw10mmtcCxy3JyOEjnRNm63cMJfu
|
||||
qdciGmiw66q11Hrd80OBjBiBZTVWznvqTA2vUl316AarFq+DZcWmknE321RQRcxG
|
||||
9uZkQiNujcB5+OKbyVQkE3GhkhgATzuXonsCSL8j/zH2lerIhRiCE4QjR0TaiGls
|
||||
7Itt1l897P9f1SUOi4LfS8Ou48xMGlyqOWXqrZDvt5lSdwS94x8pM0877UBkkNX9
|
||||
ScGCk/L2/R8yXZ87niCfr9j/bEOhZtfFuO932O5VprAZzWezePtTfZyZHG2LZkw4
|
||||
aQt5iityZ+i9NJl0Kb3R1KOgJ3goHAf+r0Mkc4fAe2s5ccVTAAd3GvRmiZIpNk7O
|
||||
BjsXAZnhzUh1WzvK7+J3Ap+dRhtXoUNFKKkayqs7X8OW23jVMGcPKWDkqXM/ZMfz
|
||||
+nFNQheyq27E0V+pNR9Be7cQWQJqJ8o5uPEYN9Qr5VhgpEdhWj2zHq9czIqcEXl4
|
||||
wLplJJ69EQOybT4sikFEjK556OfDt445bLNEObi8DJAQhMU8hMzcuIZ41DknbSrS
|
||||
XgGQYXdmLVqVsBmEIoM2HLjECX5EuPe3NelPfAg5/P1aArTfxS9ehs+fQlzqvtxH
|
||||
ze8PE8H0alnbSkUvj8Y+lzlt3pFStdZFBVZ99jzMCrgFLmKx4KsfPRYln/Bjs7k=
|
||||
=CNfD
|
||||
-----END PGP MESSAGE-----
|
||||
fp: 53B26AEDC08246715E15504B236B6291555E8401
|
||||
- created_at: "2023-10-25T09:46:25Z"
|
||||
enc: |-
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
hQIMA1mAEpDp7QgcAQ//QAKEFAN5Jls6zUQSAVS0/yIQN8i4DO4VJqiDNoI1DKK0
|
||||
had/9JVQ3CTUQurJA4mVj8W8mwMe+TpF9lLbWD1VtAL1Q4LPA/Yi2jSsyqXcc/I4
|
||||
LB6YiW78cQYz2Su7Bciv/hf8mzilMmujVtmcWyT+5ARZKo/GNbElCiABDQ0hikOs
|
||||
RChB4S1QcX7+sMfJuFfG5rRS2g8uG6MC9WyTVldqcYbqn2nHZ2xfqjCdQl7FR3Zs
|
||||
wKk0FXODAq3v/hVQGvFeGMnEGYQvs7wj5fVvLfP7K3CT7KC/2rKjsWD/De0+8Vwy
|
||||
ZyN+h5f0M7gfozJkQ5y8XL/xQdGoHY1Q66tmzu6/09IenphZH4XVcAFI82lMDTdl
|
||||
wzxGcsUmQlYAq3gqIowD8ldIGOomxH1CaOp05JfshxjcnGzBbzFj0QChRJtH17kU
|
||||
eg21+RldUV7bO8t45QVPLBcHzMtYOfDI4jz+vuEyPDKEOPoofoT3PKW3j1AbBxMd
|
||||
iPNTrKYOd5DZoh0d2T3rJXvvNxtKwU6gkUyy80FESzXnjFBO48KiFlCFnMi+HJrf
|
||||
TkoJJ5DjbkbiOFk1UpHM2EBsFL71fAsF0Bx9gihYe27KSumpq+D92KhW53Uy5Ox7
|
||||
mZ9zQuDMNgU/lJs5hcNAK/uK2gJrjWBTYbuvhPpsG4DzyicMWabmO+W1iiKqhonS
|
||||
XgHgnG61KxQBPPqM8kcDkUOCUm7bUX38m0ggzJt2wEvxFM84WnyiJhIjezMEUmJ4
|
||||
ddOx3Lu3yxql9ak5WudgRJPkIQxILnDf0STl/5Da1/Sqao6FhQxTwt1cjUC0PGQ=
|
||||
=9JEe
|
||||
-----END PGP MESSAGE-----
|
||||
fp: 9580391316684474BFBD41EC3E8C55248C19AF2A
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.8.0
|
|
@ -1,13 +1,10 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
{
|
||||
c3d2 = {
|
||||
deployment.server = "server10";
|
||||
hq.statistics.enable = true;
|
||||
};
|
||||
|
||||
c3d2.hq.statistics.enable = true;
|
||||
c3d2.deployment.server = "server10";
|
||||
microvm = {
|
||||
mem = 8 * 1024;
|
||||
vcpu = 8;
|
||||
mem = 16 * 1024;
|
||||
vcpu = 16;
|
||||
};
|
||||
|
||||
networking.hostName = "mastodon";
|
||||
|
@ -120,16 +117,17 @@
|
|||
enableBirdUITheme = true;
|
||||
configureNginx = true;
|
||||
elasticsearch.host = "127.0.0.1";
|
||||
ldap.enable = true;
|
||||
streamingProcesses = config.microvm.vcpu - 1;
|
||||
extraConfig = {
|
||||
ALTERNATE_DOMAINS = lib.concatStringsSep "," config.services.nginx.virtualHosts.${config.services.mastodon.localDomain}.serverAliases;
|
||||
DEFAULT_LOCALE = "de";
|
||||
WEB_CONCURRENCY = toString config.microvm.vcpu;
|
||||
# MAX_THREADS = toString config.microvm.vcpu;
|
||||
};
|
||||
ldap.enable = true;
|
||||
streamingProcesses = config.microvm.vcpu - 1;
|
||||
localDomain = "c3d2.social";
|
||||
otpSecretFile = config.sops.secrets."mastodon/otp-secret".path;
|
||||
secretKeyBaseFile = config.sops.secrets."mastodon/secret-key".path;
|
||||
sidekiqThreads = 40; # default 25 are just not doing it anymore, especially after issues
|
||||
smtp = {
|
||||
host = "mail.c3d2.de";
|
||||
port = 587;
|
||||
|
@ -163,8 +161,6 @@
|
|||
sops = {
|
||||
defaultSopsFile = ./secrets.yaml;
|
||||
secrets = {
|
||||
"fedifetcher/access-tokens/1".owner = "mastodon";
|
||||
"fedifetcher/access-tokens/2".owner = "mastodon";
|
||||
"mastodon/env".owner = "mastodon";
|
||||
"mastodon/otp-secret".owner = "mastodon";
|
||||
"mastodon/secret-key".owner = "mastodon";
|
||||
|
@ -173,52 +169,10 @@
|
|||
};
|
||||
};
|
||||
|
||||
systemd = {
|
||||
services = {
|
||||
fedifetcher = let
|
||||
configFormat = pkgs.formats.json {};
|
||||
configFile = configFormat.generate "fedifetcher.json" {
|
||||
server = "c3d2.social";
|
||||
home-timeline-length = 100;
|
||||
max-bookmarks = 5;
|
||||
max-favourites = 5;
|
||||
max-followers = 10;
|
||||
max-followings = 10;
|
||||
from-notifications = 10;
|
||||
};
|
||||
in rec {
|
||||
wants = [ "mastodon-web.service" ];
|
||||
after = wants;
|
||||
script = /* bash */ ''
|
||||
rm -f /var/lib/fedifetcher/lock.lock
|
||||
${lib.getExe pkgs.fedifetcher} --config "${configFile}" --state-dir "/var/lib/fedifetcher/" \
|
||||
--access-token "$(cat ${config.sops.secrets."fedifetcher/access-tokens/1".path})" \
|
||||
--access-token "$(cat ${config.sops.secrets."fedifetcher/access-tokens/2".path})"
|
||||
'';
|
||||
serviceConfig = {
|
||||
User = config.services.mastodon.user;
|
||||
StateDirectory = "fedifetcher";
|
||||
WorkingDirectory = "%S/fedifetcher";
|
||||
};
|
||||
};
|
||||
|
||||
# Inject LDAP secrets
|
||||
mastodon-init-dirs.script = lib.mkAfter ''
|
||||
cat ${config.sops.secrets."mastodon/env".path} >> /var/lib/mastodon/.secrets_env
|
||||
'';
|
||||
};
|
||||
|
||||
timers.fedifetcher = {
|
||||
wantedBy = [ "timers.target" ];
|
||||
after = [ "network-online.target" ];
|
||||
timerConfig = {
|
||||
Persistent = true;
|
||||
OnBootSec = "10min";
|
||||
OnUnitActiveSec = "10min";
|
||||
Unit = "fedifetcher.service";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
system.stateVersion = "22.11";
|
||||
|
||||
# Inject LDAP secrets
|
||||
systemd.services.mastodon-init-dirs.script = lib.mkAfter ''
|
||||
cat ${config.sops.secrets."mastodon/env".path} >> /var/lib/mastodon/.secrets_env
|
||||
'';
|
||||
}
|
||||
|
|
|
@ -1,9 +1,3 @@
|
|||
fedifetcher:
|
||||
access-tokens:
|
||||
#ENC[AES256_GCM,data:dyz84C6bTQ==,iv:Fa5YgW7oEqFxEIF1hKyAefWvTx9nBrnhEfAA/BmsiH4=,tag:veJzHYfPRlC1cuirX51ahw==,type:comment]
|
||||
"1": ENC[AES256_GCM,data:IlVxGXuYRIDAog4xVwI2wNKDEwnJRPdjdIM7Fu16w0Jl49wTtd6uchKNUA==,iv:UJusssHdB35v+bBIA9f9zOaZ27QcoWeqDNddIkEu+ac=,tag:LtNzsrff7lu0U3uFOPJtEg==,type:str]
|
||||
#ENC[AES256_GCM,data:XQtc0BeQ,iv:bNpjj54yGxq7+XlcurA27ihicmfoCGgznZxTEbajqT0=,tag:mXjucPgc+Kklkmynhni/LA==,type:comment]
|
||||
"2": ENC[AES256_GCM,data:o6aWdruEk0LXl1/8BjvIRYxpkZHE/9j9CCOOxI5DTOa9J+a39Uh6Jj2FeA==,iv:F96DXxHDpwOVXY6mUhqkYOl8+UIe26P83B1OVR1iabM=,tag:kXCy1W9O/mwYc03Yr+mNjA==,type:str]
|
||||
mastodon:
|
||||
env: ENC[AES256_GCM,data:m7NvIAydlGvvNEShlqH8GngjPb6z3TIGkZNcFcBoAWYHCimcp+0c8NNVf4cP7sq3Xg==,iv:PMC4vVN4felWaa7FDUyoYzNk4Eiy56pxK1cOxbAfZ9c=,tag:NQXqWljloBTxXC1tlxylpQ==,type:str]
|
||||
otp-secret: ENC[AES256_GCM,data:E0aMqXWxy9OwYCn4xalkMOTZi+/Nn0mU605J4BiacAr+QQVu4FHRrf9hnJOnqJH8Wx2ANLBda7W/JqGKHQVYfwmu7brrWWR5tHG+nn2PzldhrcHE40LN0znqtWeDZawwyZZPpAN4O+UF4AycinHp/ZRzyjjcUwZ6E5tQv3DjqPc=,iv:73KJeUdXugklBYJC5VryyjqRv3oopv7xo0p+NVK74UE=,tag:bmjS4Smehi6X4mUYyM+TNw==,type:str]
|
||||
|
@ -38,8 +32,8 @@ sops:
|
|||
VHVUSnJScGxiNkZzWVJjcEpwcElGZ1UKWc3YkbI020m5jG65fb4H/K2k0P/gvf26
|
||||
BuiCWPt29GEgekrj0CKtO1MZRJrbxDTGgpPs07SpqEIZWj9R5n9wyw==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2023-12-20T23:12:56Z"
|
||||
mac: ENC[AES256_GCM,data:9Fb7MN+Zq699rU8j4+HzvYURxuXj5Zv5xLd0bIwE9ZDBnvQgXyDb8prwxZX57DXmWfNnA0mwRtxeELzv0BlajEhcRI4M2rVgH9R6oboyLdhw/EPhNRMs4thtFtcnZU+U9Iy0RG/7c+P/PSdY+80F5UbIAZzsXhzQPiB+R1hSqZg=,iv:hquI3gIaWc+TsU79ojWfbDjh3IUdR/NYvPQtk/99k4U=,tag:nEu4XTLYADroJ/cpb+gwog==,type:str]
|
||||
lastmodified: "2023-11-11T22:41:34Z"
|
||||
mac: ENC[AES256_GCM,data:K70YWwWQJGe0in54t2VgXdELe6D5v+JY9oWsoGa3eregqay70lJcvG07hMS+jDGx0lOkVXnwi0eOyGJ7+iWxSuY74GoT4H7qxfFtnUXiWkb1kXKtdmZS+dHeRuDuEY9b5n13VALp4uqukhhXeXKvGJGVZhbQuj/96vIyAK6HOvc=,iv:m0lonNMsK/h1Dc8CIPyPYuh7mrCzzJzgJwQO5JGh9vw=,tag:xaCck6+qP2r6afBvfzW3Nw==,type:str]
|
||||
pgp:
|
||||
- created_at: "2023-08-08T22:43:38Z"
|
||||
enc: |
|
||||
|
|
|
@ -16,17 +16,13 @@
|
|||
default = true;
|
||||
forceSSL = true;
|
||||
enableACME = true;
|
||||
listen = libC.defaultListen;
|
||||
locations."/" = {
|
||||
proxyPass = "http://127.0.0.1:3000";
|
||||
proxyPass = "http://localhost:3000";
|
||||
extraConfig = libC.hqNetworkOnly + ''
|
||||
add_header X-Robots-Tag "noindex" always;
|
||||
|
||||
auth_basic secured;
|
||||
auth_basic_user_file ${config.sops.secrets."nginx/basic-auth".path};
|
||||
'';
|
||||
};
|
||||
serverAliases = [ "mate.c3d2.de" "matemat.c3d2.de" ];
|
||||
};
|
||||
};
|
||||
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
{ config, libC, pkgs, ... }:
|
||||
{ config, pkgs, ... }:
|
||||
|
||||
{
|
||||
c3d2.deployment.server = "server10";
|
||||
|
@ -9,9 +9,11 @@
|
|||
|
||||
networking.hostName = "matrix";
|
||||
|
||||
#
|
||||
nixpkgs.overlays = [
|
||||
(final: prev: {
|
||||
matrix-synapse = prev.matrix-synapse.overrideAttrs (_: {
|
||||
# NOTE: using config.services.matrix-synapse.package does not work because it does not override the matrix-synapse used in matrix-synapse.plugins.matrix-synapse-ldap3
|
||||
matrix-synapse = prev.matrix-synapse.overridePythonAttrs (_: {
|
||||
# fail and take a good amount of time
|
||||
doCheck = false;
|
||||
});
|
||||
|
@ -35,7 +37,7 @@
|
|||
];
|
||||
ldap = {
|
||||
enable = true;
|
||||
searchUserPasswordFile = config.sops.secrets."matrix-synapse/ldapSearchUserPassword".path;
|
||||
bindPasswordFile = config.sops.secrets."matrix-synapse/ldapSearchUserPassword".path;
|
||||
};
|
||||
settings = {
|
||||
admin_contact = "mailto:mail@c3d2.de";
|
||||
|
@ -82,11 +84,9 @@
|
|||
|
||||
nginx = {
|
||||
enable = true;
|
||||
virtualHosts."element.c3d2.de".listen = libC.defaultListen;
|
||||
virtualHosts."matrix.c3d2.de" = {
|
||||
forceSSL = true;
|
||||
enableACME = true;
|
||||
listen = libC.defaultListen;
|
||||
locations = {
|
||||
"/".proxyPass = "http://127.0.0.1:8008";
|
||||
"^~ /_synapse/admin/".return = "403";
|
||||
|
|
|
@ -1,3 +0,0 @@
|
|||
/composer.json
|
||||
/extensions/
|
||||
/vendor/
|
|
@ -1,5 +0,0 @@
|
|||
{
|
||||
"require": {
|
||||
"mediawiki/semantic-media-wiki": "^4.1"
|
||||
}
|
||||
}
|
File diff suppressed because it is too large
Load Diff
|
@ -11,12 +11,9 @@ in
|
|||
message = "Please keep mediawiki on LTS versions which is required by the LDAP extension";
|
||||
}
|
||||
];
|
||||
c3d2 = {
|
||||
deployment.server = "server10";
|
||||
hq.sendmail = true;
|
||||
};
|
||||
c3d2.deployment.server = "server10";
|
||||
|
||||
microvm.mem = 1536;
|
||||
microvm.mem = 1024;
|
||||
|
||||
networking = {
|
||||
firewall.allowedTCPPorts = [ 80 443 ]; # httpd, not nginx :(
|
||||
|
@ -70,49 +67,20 @@ in
|
|||
sha256 = "sha256-N1+OV1UdzvU4iXhaS/+fuEoAXqrkVyyEPDirk0vrT8A=";
|
||||
};
|
||||
};
|
||||
|
||||
name = "C3D2";
|
||||
nginx.hostName = "wiki.c3d2.de";
|
||||
package = pkgs.php81.buildComposerProject {
|
||||
pname = "mediawiki-pre-full";
|
||||
inherit (pkgs.mediawiki) version postPatch;
|
||||
|
||||
src = pkgs.applyPatches {
|
||||
inherit (pkgs.mediawiki) src;
|
||||
# update by running the following commands
|
||||
# nix build .#nixosConfigurations.mediawiki.pkgs.mediawiki
|
||||
# cp result/share/mediawiki/composer.json .
|
||||
# composer update
|
||||
# and updating the vendorHash by trying to deploy once
|
||||
postPatch = ''
|
||||
cp ${./composer.local.json} composer.local.json
|
||||
cp ${./composer.lock} composer.lock
|
||||
'';
|
||||
};
|
||||
|
||||
composerNoPlugins = false;
|
||||
vendorHash = "sha256-Ki+rTFWxlWRl5pfeTdVeirgKOFGzXsZ9LQ1QZ0nenhU=";
|
||||
|
||||
postInstall = ''
|
||||
mv $out/share/{php/mediawiki-pre-full,mediawiki}/
|
||||
rm -r $out/share/php
|
||||
|
||||
# https://github.com/NixOS/nixpkgs/blob/master/pkgs/servers/web-apps/mediawiki/default.nix#L21-L23
|
||||
echo "<?php
|
||||
return require(getenv('MEDIAWIKI_CONFIG'));
|
||||
?>" > $out/share/mediawiki/LocalSettings.php
|
||||
|
||||
substituteInPlace $out/share/mediawiki/includes/config-schema.php \
|
||||
--replace "\$path/convert" "${pkgs.imagemagick}/bin/convert"
|
||||
'';
|
||||
};
|
||||
#skins = {
|
||||
# Vector = "${config.services.mediawiki.package}/share/mediawiki/skins/Vector";
|
||||
# Hector = "${config.services.mediawiki.package}/share/mediawiki/skins/Hector";
|
||||
#};
|
||||
|
||||
# initial admin user password
|
||||
passwordFile = config.sops.secrets."mediawiki/adminPassword".path;
|
||||
uploadsDir = "/var/lib/mediawiki/uploads";
|
||||
webserver = "nginx";
|
||||
|
||||
extraConfig = /* php */ ''
|
||||
$wgAllowUserCss = true;
|
||||
$wgDBmwschema = "mediawiki";
|
||||
|
@ -123,9 +91,6 @@ in
|
|||
|
||||
$wgFavicon = "https://c3d2.de/favicon.ico";
|
||||
$wgLogos = [
|
||||
'1x' => "https://www.c3d2.de/images/ck.png",
|
||||
'1.5x' => "https://www.c3d2.de/images/ck.png",
|
||||
'2x' => "https://www.c3d2.de/images/ck.png",
|
||||
'icon' => "https://www.c3d2.de/images/ck.png",
|
||||
];
|
||||
$wgEmergencyContact = "wiki@c3d2.de";
|
||||
|
@ -136,14 +101,12 @@ in
|
|||
$wgGroupPermissions['user']['edit'] = true;
|
||||
$wgGroupPermissions['sysop']['userrights'] = true;
|
||||
|
||||
$wgNamespacesWithSubpages[NS_MAIN] = true;
|
||||
|
||||
define("NS_INTERN", 100);
|
||||
define("NS_INTERN_TALK", 101);
|
||||
|
||||
$wgExtraNamespaces[NS_INTERN] = "Intern";
|
||||
$wgExtraNamespaces[NS_INTERN_TALK] = "Intern_Diskussion";
|
||||
$wgNamespacesWithSubpages[NS_INTERN] = true;
|
||||
$wgNamespacesWithSubpages[NS_INTERN_TALK] = true;
|
||||
|
||||
$wgGroupPermissions['intern']['move'] = true;
|
||||
$wgGroupPermissions['intern']['move-subpages'] = true;
|
||||
$wgGroupPermissions['intern']['move-rootuserpages'] = true; // can move root userpages
|
||||
|
@ -158,6 +121,7 @@ in
|
|||
$wgGroupPermissions['intern']['minoredit'] = true;
|
||||
$wgGroupPermissions['intern']['purge'] = true; // can use ?action=purge without clicking "ok"
|
||||
$wgGroupPermissions['intern']['sendemail'] = true;
|
||||
|
||||
$wgNamespacePermissionLockdown[NS_INTERN]['*'] = array('intern');
|
||||
$wgNamespacePermissionLockdown[NS_INTERN_TALK]['*'] = array('intern');
|
||||
|
||||
|
@ -165,8 +129,6 @@ in
|
|||
define("NS_I4R_TALK", 103);
|
||||
$wgExtraNamespaces[NS_I4R] = "IT4Refugees";
|
||||
$wgExtraNamespaces[NS_I4R_TALK] = "IT4Refugees_Diskussion";
|
||||
$wgNamespacesWithSubpages[NS_I4R] = true;
|
||||
$wgNamespacesWithSubpages[NS_I4R_TALK] = true;
|
||||
$wgGroupPermissions['i4r']['move'] = true;
|
||||
$wgGroupPermissions['i4r']['move-subpages'] = true;
|
||||
$wgGroupPermissions['i4r']['move-rootuserpages'] = true; // can move root userpages
|
||||
|
@ -189,16 +151,15 @@ in
|
|||
|
||||
wfLoadExtension('ConfirmEdit/QuestyCaptcha');
|
||||
$wgCaptchaClass = 'QuestyCaptcha';
|
||||
$wgCaptchaQuestions[] = array('question' => 'How is C3D2 logo in ascii?', 'answer' => '<<</>>');
|
||||
$wgCaptchaQuestions[] = array( 'question' => 'How is C3D2 logo in ascii?', 'answer' => '<<</>>' );
|
||||
|
||||
wfLoadExtension('Interwiki');
|
||||
wfLoadExtension( 'Interwiki' );
|
||||
$wgGroupPermissions['sysop']['interwiki'] = true;
|
||||
|
||||
wfLoadExtension('Cite');
|
||||
wfLoadExtension('CiteThisPage');
|
||||
wfLoadExtension('ConfirmEdit');
|
||||
wfLoadExtension('ParserFunctions');
|
||||
wfLoadExtension('SyntaxHighlight_GeSHi');
|
||||
wfLoadExtension('WikiEditor');
|
||||
|
||||
// TODO: what about $wgUpgradeKey ?
|
||||
|
@ -211,20 +172,6 @@ in
|
|||
# LDAP
|
||||
$LDAPProviderDomainConfigs = "${config.sops.secrets."mediawiki/ldapprovider".path}";
|
||||
$wgPluggableAuth_EnableLocalLogin = true;
|
||||
|
||||
# SemanticMediaWiki
|
||||
wfLoadExtension('SemanticMediaWiki');
|
||||
# TODO: expose https://github.com/NixOS/nixpkgs/blob/nixos-unstable/nixos/modules/services/web-apps/mediawiki.nix#L19
|
||||
$smwgConfigFileDir = "/var/lib/mediawiki";
|
||||
# default was 100 which is already occupied, using 200 to 215
|
||||
# https://www.semantic-mediawiki.org/wiki/Help:$smwgNamespaceIndex
|
||||
$smwgNamespaceIndex = 200;
|
||||
enableSemantics('${config.services.mediawiki.nginx.hostName}');
|
||||
$smwgURITypeSchemeList = array_merge(
|
||||
$smwgURITypeSchemeList, [
|
||||
'xmpp', 'mumble', 'ssh'
|
||||
]
|
||||
);
|
||||
'';
|
||||
};
|
||||
|
||||
|
@ -234,7 +181,7 @@ in
|
|||
# for some reason nginx adds a port for the 301 redirect from / to /wiki/
|
||||
port_in_redirect off;
|
||||
'';
|
||||
virtualHosts."${config.services.mediawiki.nginx.hostName}" = {
|
||||
virtualHosts."wiki.c3d2.de" = {
|
||||
enableACME = true;
|
||||
forceSSL = true;
|
||||
listen = libC.defaultListen;
|
||||
|
|
|
@ -3,7 +3,7 @@
|
|||
c3d2.deployment.server = "server10";
|
||||
|
||||
microvm = {
|
||||
mem = 2 * 1024;
|
||||
mem = 1024;
|
||||
vcpu = 2;
|
||||
};
|
||||
|
||||
|
|
|
@ -1,35 +1,24 @@
|
|||
{ config, ... }:
|
||||
{ pkgs, ... }:
|
||||
|
||||
{
|
||||
c3d2.deployment.server = "server10";
|
||||
|
||||
networking.hostName = "mucbot";
|
||||
|
||||
users.users.tigger = {
|
||||
createHome = true;
|
||||
isNormalUser = true;
|
||||
group = "tigger";
|
||||
};
|
||||
users.groups.tigger = { };
|
||||
services.tigger = {
|
||||
enable = true;
|
||||
user = "tigger";
|
||||
group = "tigger";
|
||||
jid = "astrobot@jabber.c3d2.de";
|
||||
passwordFile = config.sops.secrets."mucbot/password".path;
|
||||
inherit (pkgs.mucbot) password;
|
||||
mucs = [ "c3d2@chat.c3d2.de/Astrobot" "international@chat.c3d2.de/Astrobot" ];
|
||||
};
|
||||
|
||||
sops = {
|
||||
defaultSopsFile = ./secrets.yaml;
|
||||
secrets = {
|
||||
"mucbot/password".owner = "tigger";
|
||||
};
|
||||
};
|
||||
|
||||
system.stateVersion = "18.09";
|
||||
|
||||
users = {
|
||||
groups.tigger = { };
|
||||
|
||||
users.tigger = {
|
||||
createHome = true;
|
||||
isNormalUser = true;
|
||||
group = "tigger";
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
|
@ -1,180 +0,0 @@
|
|||
mucbot:
|
||||
password: ENC[AES256_GCM,data:v1nRBPi20vZvPw==,iv:EByBbBWMw1cEDHhUSQuLktzaSK4Pbikb23xkfRk24KA=,tag:qUMfpJHT0+Y8tq1JpJAShA==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
azure_kv: []
|
||||
hc_vault: []
|
||||
age:
|
||||
- recipient: age1qen44cx5sx0y299zl93cz3tflx8agt8y9vtm0d4uxw42t9gyecdsw9jade
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBPR2UyQlBuaXdYNno5S1hK
|
||||
endRMTdDZ2JSRjJ5cGJ3eC8vM0xqNGY3UTJzCjRXNzVyMllOYlo4WGl4QjZreVU2
|
||||
RGZWQnpIaUVtZnRVQlQ1SXpuRFUzSTgKLS0tIExvdnFDVVg0OXArVk1yWTkvS3gv
|
||||
S1FSeXpiS0NVbVd3Wnc5TGZrc3I2KzQK54pedUIwQKik1reXzOYTEfGfjq6bLEoV
|
||||
obVCr6UbNvG8y7we3qZNGtcMpShfxuvWxXxW08W2YTxcK0QmLYx3cw==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age12aukzah0pt2rck52hwn08kezyxueqz2f49ld7hpyuzmu847vavdqkunn5c
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBOVjBDaGlhOGVJaml0T2Vo
|
||||
ZlhMdEIzSWxZU3RpcUNaMk5zZEg0YlZib1hjCkRSb3MzT1phejZ1QWl1cFJnUElT
|
||||
dG9keE02WjUzOFdIazhSR0g5N0J3YUkKLS0tIFNRek1nYVAvQitDaFp2RDBXM2tU
|
||||
YVBDTjlDa1hrcWovREoyc28zOGFiMXcKiUUODpXROMdNM3rshh8mpc0cR/uqQhtb
|
||||
kFvpOmXqrPpSp3Yb8sFqRoTymraqGL+yUBoEqgMAuVhWLSzgU+0yLg==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2024-04-15T13:31:21Z"
|
||||
mac: ENC[AES256_GCM,data:Y1tnGTS3Wr3zbpZej+5wlIy1jaOoqHcKHP00hmKpWWR39RberESVkPQViPhP8DmwkKdbU/k+HRgb9Pn+1wgTwv8dFQyYmtWWQ3QHtB6exP3DGvQfI1Jms1Y8FaBIcFyv0BP0Fc8XipKyTG4K+T2j8TPszBCqRrUzgqiezj5Pei0=,iv:8dTU5Hi9qyx5VIGdouR2FVbc9VE4j16tiliv7KvZ0Zs=,tag:zfm2pKWmA0t2tccNinpaNA==,type:str]
|
||||
pgp:
|
||||
- created_at: "2024-04-15T14:07:39Z"
|
||||
enc: |-
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
hQIMA7zUOKwzpAE7AQ/+P9Wy1kLzRBdb3YFUksDFOi19vOL5WUfp5d2Qh8ZtFtaT
|
||||
csC/SJyB1MW2ZQ8YVRDbj36I+wFRmMQbVZ5SHEq/xSOoxqMkwk43228tXj+o1em6
|
||||
6cyKyMgrO8iPlyztvZvBDHHoHBB4sBRHJKuCMzxClKTl2asXwHEn7gmEDWlJ8pBq
|
||||
FBs0NZY9Z6ZtrzuDvz3n2wdng3whkCHJPsAQPfU1Eo2lx8jotVG5oYhWYdUEbAZz
|
||||
/0fVZb3mtZoINaxXE8RyDQsYQecrHFJ/Cs//2aQE89QJlLotNt/e7z0ZmKOKnLDY
|
||||
w/hRk+VlWQy3K5ggD/PZkH+qpz0burh+E7emPYXPdJg4TH9sRVvYM6imQ66NVKwr
|
||||
S+Ewq/LalOQkptVvHEdqdpLQ6meC2tIM/2upHZfqIjBfx/3NHzDeTKQVOwENZ05y
|
||||
eNl74+Bom72bTze6/lbpofIsfYVVXLB7i7zChDoBMPIgkDH/glWzVRuBHsuPakG6
|
||||
7dnPtXaP/qUjyDeuhtHnO3w5upb6DrirD4ilI4Kq+vkX5b+Cfim/fa6qywT1QGqL
|
||||
0jWnzqt89KGj1WSWm8mr8ZkMj9B1+HmsskSzTRVEans2CPR6alSh+VUzhGPyPjVd
|
||||
nnLMZpzhBaj5CjTKsT5FGNg9rc8W4XPsS89YFJM5DEOo8DJNg/2uxS6wCWhqGbLS
|
||||
XgEPGq/Km+ZMC35B0x+mK4A+s9+XOj47TIk0hYzb6mn0aH7sfa1V+TUKmuzsIJq5
|
||||
h/Mngt3MypP2JiQ7MuHc9jynehi4kMtpXR8Pzby6Rnx5pDMJnaGw67J5a1UIX3w=
|
||||
=CdIL
|
||||
-----END PGP MESSAGE-----
|
||||
fp: DD0998E6CDF294537FC604F991FA5E5BF9AA901C
|
||||
- created_at: "2024-04-15T14:07:39Z"
|
||||
enc: |-
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
hQIMA6j84+xkv3y7ARAAgIbXUv9xixa2gfzQXYYU1etLEp9CUeJ/Dk3+KgrtyBKD
|
||||
JzcKb/R3htSFSd7eLtNW542TQ9xgYufBfM0g7sHR/CJGqx1vKFHS4p6ij79jnCSd
|
||||
qvzSCSx+b3QAsBweuCeOrjsZzdj0+bwrrpU1t8UL6LDbFQuEXGNQQZ9skGY2CQ2o
|
||||
bn6KqKtJehU/O5puomdKev0UiFxkeyBtmhVs/1l84eYKFnZ+rvJRCJKnL+hRu+dM
|
||||
avV/NB5NuXDjAZutC0QfX+g/S88Ar82w4tmV2VKG4OQwfOpH6lKUSaENPVm/i9g7
|
||||
UO7lbiMxO2dsUwQGejq+naCIA2Fkw/g3AlSJhYcrShCnVyFtyOTsg7SHGe4SwGqn
|
||||
cWO8AT9BfXVC6wb3S7JcqYvBZbA1oqF4PYqpsqo5sErEoSSsciYxpr5Ah2DkGdv5
|
||||
1RiASHa4yNVRwb3VoOXkW9c3App6Vf7ZQx2Y5OFcAUEWubczWVuB0nKeyDkhhtes
|
||||
CuxCvtpnXXolR8d9e2BCU/TUG5w0F+vJK4kqbmknaHvnsn+R1VXlV4bAp2hQhlXS
|
||||
W1cSKZ5C6SnQgftM+kjx5FCuPha5iTe/ui9MUiLX64GV0x+NTeeM1PxBJYQpANO6
|
||||
YJEFcvnoK0sB77BKkQKY7ruVpCBhEaEiFq/JS2bBMgx/KTcomHZGnyptKpAIif3S
|
||||
XgFZZz8vR051UjGcMTpCNWwtHDx33jdfxM92MFD4Xz7b37yWs52oyeTtm5thEHVN
|
||||
m/6P49y7IbKVrzYRq576PhWTMxYMkqd+xjW2rJF37TX1clSz0mRf1Ht15MofDq8=
|
||||
=ULlL
|
||||
-----END PGP MESSAGE-----
|
||||
fp: A5EE826D645DBE35F9B0993358512AE87A69900F
|
||||
- created_at: "2024-04-15T14:07:39Z"
|
||||
enc: |-
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
hF4DqDJbhoEBo+ISAQdAuQWfbvMYRvbUy42RXdWE/4kgrP3i5TMuui1p2Jrv82kw
|
||||
IuqMCiY5tF30GukG9KF22t+K6N8oVNTXnEzzMEDN8HIZFzt915XK6EkTfNpnSA4p
|
||||
1GgBCQIQiGZYsovtPhqnZOvORisPiRK7Tt0xSTUe0atBFc+1q7z9oRafI1DA73Ut
|
||||
VXoq87sYMz2ntgVVMAzFs4hXyfef+1/0PHjc9jA5dZkab+iliGEyipxU/0nHRTO9
|
||||
aKxkvwfBDRPP3w==
|
||||
=ZqXK
|
||||
-----END PGP MESSAGE-----
|
||||
fp: 8F79E6CD6434700615867480D11A514F5095BFA8
|
||||
- created_at: "2024-04-15T14:07:39Z"
|
||||
enc: |-
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
hQIMAwMCBBrc/JA6ARAAsQNxjPOdnjkHOTpjDZ3LjSBvhYNO3BGaEsuLGqxygWoR
|
||||
HVwE4SGbDI8mWxXYpXd5EyRGsg4zBTmXTQ+kWvT4U4wuRflW/Sm8mwWphY1loxQF
|
||||
VKduPz5XhzYGCb3nHfihMMpn2SNvZOitXW9BGAJLZX1+o/hLUD/3FibvBQycEs6I
|
||||
zBLbB1D7sHr6YUuXtwP5i7l/j2DGyF4yWKizrpiTjW0mBy4Ii/0zBkaPUbC6B5kL
|
||||
X31o5LfRXoIqdZqMRsIRfmXCb8FjpGOmGtATMQ1GK+zWl0CWyQ53G4D/BPAmTosc
|
||||
8exugzJj4T9lDtIsvOHdMwBws/ppCWhFE8YyVAGhmgfOb9w2paXZkYbb9Lkgu5+O
|
||||
/SWykyzaFOWOEENJwGQkbfHi+FKmrMX04GHo/m1S9xMyk03hWbOjOw/pt+E9j7F+
|
||||
3Nxwn/Shz/WB5DPAyqn8NRi1pW9WXIVHxGidpexgn1x5IY1p9fyaCpLAOXtTmBVG
|
||||
S76BA7v6LvyiZw6OfCHO/09KzjFumTkM+7Z1TK2SauUgzD8DTLQqbn7x3RbB1nYG
|
||||
eu1grJzETftWwVAwOguXi+1YIPCFsYALjjxRMJA3X3rclMsFr5F653id3aFwYtNJ
|
||||
XMxSXoKFiRk0NSwTBYtbGtF7h9Irza96Og8HSqx26yuKqhk8JBkdoR5hc/SnQk/S
|
||||
kgEdEzVM5ffPwskUpUnRHY9vMTACs/A6PbGMawz79YoM9iEQpR963W3cOxNOLkPJ
|
||||
Jj6rbrTebK7n8GlcHuBHQC7a/tQRWptawFlsVSgixpYZJhK9JMxBKwgqDJdKfHj7
|
||||
xkmpNPcuyRaTRM2BUpZW/AcZnRq9/j2U15gDmMDFfS3ND/I/1NQv+KM5t7AVVDJi
|
||||
HJj6
|
||||
=ZU97
|
||||
-----END PGP MESSAGE-----
|
||||
fp: 4F9F44A64CC2E438979329E1F122F05437696FCE
|
||||
- created_at: "2024-04-15T14:07:39Z"
|
||||
enc: |-
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
hQIMA/YLzOYaRIJJAQ/9FuJdG5Zw/wdrzn7EOi3IQXDv3fA9kyQp8Gl7I16Ng9re
|
||||
KSMufSG03xqrDC93VV8faSTZ/qlMEv8yMKCf1hwSdiTOll3FDl3J9D1227MOG9kE
|
||||
beP/QHtH4HljuWahiMq3ygfPK1sGUtfm33uA6hRu4FfzEtXDqVdZshStmCysqAjZ
|
||||
4HYNmkr4jK3GhsCtyHrV8SAMOopv/KmFmiit5iAVI4SMwcf6Gr+y4V2QGzhtl0bb
|
||||
+d6aLYn5oWQgLGmBhViW+Fxf03RGfDHLP+SagUk09b7Yl2zaf1FKDf//gVnlSHyb
|
||||
H6UfI132zQsdU/lKDlLOocxbk3Lq7/BkE2rTuD7ukMfSzf2xy5KArcAbxHo9l56R
|
||||
WZzvZmd44D2+hlzAdIy5Ie34PEnGvAn6z8qCnIGKQtduVMIdYtDuIVBAJaHea9jg
|
||||
lWFZNY+IRJlblFupK2ZKshuZgJ9yDr0846UN/WD+OE733g65pmfpYqZHBhuwdAlS
|
||||
5KQB5UEbEu6AwqHNhrCHYQ9fOYYMHLDl7qEHawdSBkWA9uLZ7YXvkUKMu7KbgKib
|
||||
T9JdJqWkHZpyx6GZfnk5CwCZ1hwkiyavCUMmTyOgDaKswt4Vh53lojCXtVoptk/8
|
||||
8wf/kfWLThzcIq2l8n8NAuUd/E9028xLjBL4LgAkvTcYLM1CgN2s0kwWlUQYLzzS
|
||||
XgGZV10LBzmUoQ9uQlIgEZh/eJP/0e3rSJC22iXp1e5CIKK+TRpmROMpsrIBTcu9
|
||||
/1kH8inz8S9cDAPl9qcqQvLWsh4r+YS80ENKYvzxSM4ok9SaCAh0eRwFEwH/318=
|
||||
=fxj7
|
||||
-----END PGP MESSAGE-----
|
||||
fp: 91EBE87016391323642A6803B966009D57E69CC6
|
||||
- created_at: "2024-04-15T14:07:39Z"
|
||||
enc: |-
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
hQIMA9qJIVK2WMV7ARAAtb8I0j2+bHZACeJ/3r/vIZc85SH+ydppoRlmkgyDL6nj
|
||||
iuEmjbLqA2ocYjUE0HTUcI6HFbYBU4e4c1pduazTbyv65NnvhmWiu1+6iDSr/Nzw
|
||||
WIz7JGkar4yOm9LCtPJAvTqSC0dSoKs52gwhgd+hJn6rmBerVCHMpkdaldO04Ykg
|
||||
AzDf39KGa1upAAhk0t8IQwCfCGqrk7P9IsM2oYtplWRwLLuf1IEbNtwSn4iSk5G9
|
||||
5zM1yNY8iMUd1zbnffXUDvOusZHL1tEIiK7Y+16Bxi0IJebguPNeiBY1gymIzzuh
|
||||
TE0vicN/jbCBv40wc9IKJbN+3/jbLj7lHezsMrSrR8Sr1uCG3EBijZ59WSjNFu0d
|
||||
MDZqqzAjJ9Ftg4gc/f3x7oQDHWQ6eJMMWx6H0IOTQ1+uD8bgEvAcFsCEW8kO708T
|
||||
bxZQAfOysC6JFFo+/DGaBbBvhnfRTKNXyvSPcmYbOEVB/JC7+kksnuKXAcPO949K
|
||||
ZHcxk4ND2cOZw+kDS49PMymQaDoBiitir4XXM8Eaq5VZoCvBzLvmE6R+TQlgR+/i
|
||||
Cm6dlZcvalpX3MhE7TrlMl2rOgGROAAmz3A8BjAsNkyfT9UAtRgMRdjRxx9oP7Aa
|
||||
gCqSo9ycpHEAvxJBzHMZz1sEwL+UoC9rk0RrQJ55MCeERSsGzKpZvT0JGzwm4qfS
|
||||
XgFamsh0OMgy4MyAb6dRwkSOlkqK1h/o2Zsh1Q7cwCp0m+tJfROvUYoiCgbFLQhN
|
||||
AfH0/JkG5Ny2oKXkSfRM71scdJcp2dqfRTfwGTCdjh8T20ngPEYjhhsvn7p9j9o=
|
||||
=C7Zg
|
||||
-----END PGP MESSAGE-----
|
||||
fp: 53B26AEDC08246715E15504B236B6291555E8401
|
||||
- created_at: "2024-04-15T14:07:39Z"
|
||||
enc: |-
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
hQIMA9XEenRNYVGHARAArGZz6dTadgt8eX4RNmkI/b688E4czr3fncktw4gXX37j
|
||||
jdV/jUrCAchM0BXPIrqtDZjkX9OFKroIJjjfLphrIYV8zi/y46tPllRs+94bJAsc
|
||||
t5Bg8fwE0ZkUadclFXuvwGZZCguBB7hcp/cYSeOVmDc9O448P931k3QTT4UX77UN
|
||||
/V62HPmgywHTaMp6+cOmNYiPH8+G5LowdJ7o89XH3zunGV6+ObTKDcxLeGz8le7p
|
||||
cIZQKS8ZEUYI+Sgzu/oAmP2l0xbM92mJxDS6DMhJmLbP2OUbpwnT0+wc6khzW0Xp
|
||||
nxsCK9q1oi3Ku05ZnwkCcnurAYwfrbjRrf2YoGypHp+aON4xzA3z5g88U+hI8Ul1
|
||||
8xHywSGVEkOl4B3OJ7oMT2UeH7/Dd6BNV4uvTQy5nh5EcSKR5fA83+/LnWZnz+Hu
|
||||
ILvgt8RHktT7Lqk7ujCCGbXwS1HHTqESIz5NvRqSJZaPEDTSPCYdgV0ykYMqLUYW
|
||||
bE4X6bjkNXEf0Hp+ZQaLC4qBC5tFa6wvSUyIfDPdyOy+bMeqslBsNCnUpss7KqR+
|
||||
xx4WFAaaRxCu8/gAn1ULLSp2/TitO/SDOHWiJRVaxS2HqLOg7E1F+9eboEAKjcPX
|
||||
8VyIJuAgHvJ2J1SDY0BOkCZV9R6eZo6Jjo8ov+wYzsNvoIABruLnsEGyg3FCsK7S
|
||||
XgGmwHYh4jBjasA31vrziHhyj2Zjmqtm1DAS95UNtnacUuGV+jJoK2jVr4NyuMNW
|
||||
DfiV0woC8eOOOtUmH/OdXF3lAENcNFy3MuapliXzihgEe0lJ+5URudM1l9+Rqv0=
|
||||
=OQIw
|
||||
-----END PGP MESSAGE-----
|
||||
fp: 4B12EFA69166CA8C23FC47E49CD3A46248B660CA
|
||||
- created_at: "2024-04-15T14:07:39Z"
|
||||
enc: |-
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
hQEMA45bZkLXmBFpAQgAopA+PRoSMUMo5AWeHRhWtYu86MtGhQIQgfWtMf4/znxz
|
||||
0ljSU7NWbXBcCwSjdE6mLRDOWRcDjkFVfn6YwwcbS5k2QyITixGzPRaXcw4S+3LA
|
||||
vw6/ZhiVoY1VugrhBwf627eWKK62rFCmvbcR5/nOb+myqHBaOBzlWGtHKl5BOLfA
|
||||
RWKHACZUZnTAYp7JOQDz1/urssQdrmKf3zi8KBzV7vdDZWKP7Lcc3ShmUOkIhrdq
|
||||
dZSlloFWystXs9O7r4R2eoWSf7OlHRd7mlZdWirKp9DZoW/dcODiG1gdS9//M+jq
|
||||
KiFkeFUrNPC0V8llodpZ89vSURPtr47NSR87oim98tJeAW5TuqcYAaofMdB1+VVO
|
||||
nGMduTCTg6ujkYXnNfwEzGWxWtoWU0vdn5NgaUCHoTu3EgjF8IF+LZ14Tg0wpA5G
|
||||
cdu2Vg40aBhLu4PrC3QoIl/PFmEMDU3578859s3dOA==
|
||||
=qhBh
|
||||
-----END PGP MESSAGE-----
|
||||
fp: A4B0F5A80C2E2448A97BEC25BB829C4DECA6CCB9
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.8.1
|
|
@ -14,7 +14,7 @@
|
|||
virtualHosts."www.zentralwerk.org" = {
|
||||
forceSSL = true;
|
||||
enableACME = true;
|
||||
locations."/".root = "${zentralwerk.packages.${pkgs.system}.homepage}/share/doc/zentralwerk/www";
|
||||
root = "${zentralwerk.packages.${pkgs.system}.homepage}/share/doc/zentralwerk/www";
|
||||
};
|
||||
virtualHosts."zentralwerk.org" = virtualHosts."www.zentralwerk.org" // {
|
||||
default = true;
|
||||
|
|
|
@ -1,29 +1,10 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
{ lib, ... }:
|
||||
let
|
||||
nfsExports = [
|
||||
"var/lib/nfsroot/dacbert"
|
||||
"var/lib/nfsroot/riscbert"
|
||||
"var/lib/dump-dvb/whoopsie"
|
||||
];
|
||||
|
||||
reinstallDacbert = pkgs.writeScriptBin "reinstall-dacbert" ''
|
||||
SYSTEM=$(${lib.getExe pkgs.curl} -sLH "Accept: application/json" \
|
||||
https://hydra.hq.c3d2.de/job/c3d2/nix-config/dacbert/latest \
|
||||
| ${lib.getExe pkgs.jq} -er .buildoutputs.out.path
|
||||
)
|
||||
BOOT=$(${lib.getExe pkgs.curl} -sLH "Accept: application/json" \
|
||||
https://hydra.hq.c3d2.de/job/c3d2/nix-config/dacbert-tftproot/latest \
|
||||
| ${lib.getExe pkgs.jq} -er .buildoutputs.out.path
|
||||
)
|
||||
${lib.getExe config.nix.package} --extra-experimental-features nix-command \
|
||||
copy \
|
||||
--from https://nix-cache.hq.c3d2.de \
|
||||
--to /var/lib/nfsroot/dacbert \
|
||||
--no-check-sigs \
|
||||
$SYSTEM $BOOT
|
||||
cp /var/lib/nfsroot/dacbert/$BOOT/* /var/lib/nfsroot/dacbert/boot/
|
||||
'';
|
||||
|
||||
in {
|
||||
imports = [
|
||||
./tftp.nix
|
||||
|
@ -34,29 +15,24 @@ in {
|
|||
hypervisor = "cloud-hypervisor";
|
||||
mem = 2048;
|
||||
|
||||
# shares break nfs
|
||||
shares = lib.mkForce [];
|
||||
storeDiskType = "erofs";
|
||||
|
||||
volumes = map (export: {
|
||||
mountPoint = "/${export}";
|
||||
image = "/dev/zvol/server10-root/vm/nfsroot/${builtins.baseNameOf export}";
|
||||
image = "/dev/zvol/server10/vm/nfsroot/${builtins.baseNameOf export}";
|
||||
autoCreate = false;
|
||||
}) nfsExports;
|
||||
};
|
||||
|
||||
c3d2.deployment = {
|
||||
server = "server10";
|
||||
};
|
||||
c3d2.deployment.server = "server10";
|
||||
|
||||
fileSystems = builtins.foldl' (fileSystems: export: fileSystems // {
|
||||
"/${export}".options = [ "relatime" "discard" ];
|
||||
}) {} nfsExports;
|
||||
|
||||
networking = {
|
||||
hostName = "nfsroot";
|
||||
firewall.enable = false;
|
||||
};
|
||||
|
||||
environment.systemPackages = [ reinstallDacbert ];
|
||||
networking.hostName = "nfsroot";
|
||||
|
||||
system.stateVersion = "22.05";
|
||||
}
|
||||
|
|
|
@ -13,6 +13,12 @@
|
|||
hq.statistics.enable = true;
|
||||
};
|
||||
|
||||
# deployment = {
|
||||
# vcpu = 8;
|
||||
# mem = 2048;
|
||||
# persistedShares = [ "/etc" "/home" "/var" ];
|
||||
# };
|
||||
|
||||
networking.hostName = "owncast";
|
||||
|
||||
services = {
|
||||
|
|
|
@ -27,8 +27,7 @@
|
|||
rule = {
|
||||
matches = {
|
||||
{
|
||||
-- get node name via: pw-cli ls Node
|
||||
{ "node.name", "equals", "alsa_output.usb-Roland_UA-22-00.analog-stereo" },
|
||||
{ "node.name", "equals", "alsa_output.usb-0c76_USB_PnP_Audio_Device-00.analog-stereo" },
|
||||
},
|
||||
},
|
||||
apply_properties = {
|
||||
|
@ -96,7 +95,6 @@
|
|||
default = true;
|
||||
enableACME = true;
|
||||
forceSSL = true;
|
||||
listen = libC.defaultListen;
|
||||
locations."/" = {
|
||||
proxyPass = "http://127.0.0.1:${toString config.services.octoprint.port}";
|
||||
proxyWebsockets = true;
|
||||
|
@ -163,6 +161,7 @@
|
|||
|
||||
octoprint = {
|
||||
enable = true;
|
||||
port = 8080;
|
||||
# extraConfig.webcam = {
|
||||
# snapshot = "http://localhost:3020?action=snapshot";
|
||||
# stream = "https://drkkr.hq.c3d2.de/cam/stream";
|
||||
|
|
|
@ -1,56 +0,0 @@
|
|||
{ pkgs, ... }:
|
||||
|
||||
{
|
||||
c3d2.deployment.server = "server10";
|
||||
|
||||
microvm.mem = 3 * 1024;
|
||||
|
||||
networking.hostName = "pretalx";
|
||||
|
||||
services = {
|
||||
backup.enable = true;
|
||||
|
||||
nginx = {
|
||||
enable = true;
|
||||
commonHttpConfig = /* nginx */ ''
|
||||
proxy_headers_hash_bucket_size 64;
|
||||
'';
|
||||
virtualHosts."talks.datenspuren.de" = {
|
||||
default = true;
|
||||
forceSSL = true;
|
||||
enableACME = true;
|
||||
serverAliases = [ "pretalx.c3d2.de" ];
|
||||
};
|
||||
};
|
||||
|
||||
postgresql = {
|
||||
enable = true;
|
||||
package = pkgs.postgresql_16;
|
||||
upgrade.stopServices = [ "pretalx-web" "pretalx-worker" ];
|
||||
};
|
||||
|
||||
pretalx = {
|
||||
enable = true;
|
||||
gunicorn.extraArgs = [
|
||||
"--name=pretalx"
|
||||
"--workers=4"
|
||||
"--max-requests=1200"
|
||||
"--max-requests-jitter=50"
|
||||
"--log-level=info"
|
||||
];
|
||||
nginx.domain = "talks.datenspuren.de";
|
||||
settings.mail = {
|
||||
from = "noreply@c3d2.de";
|
||||
host = "mail.c3d2.de";
|
||||
port = "587";
|
||||
tls = true;
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
sops = {
|
||||
defaultSopsFile = ./secrets.yaml;
|
||||
};
|
||||
|
||||
system.stateVersion = "23.11";
|
||||
}
|
|
@ -1,170 +0,0 @@
|
|||
restic:
|
||||
password: ENC[AES256_GCM,data:Ftfewu0ZRptm3WMHhej+pVK3NbiG5OHwQ7+Zh2U9TpE=,iv:cLhRPE81QvCHdaX94Qs0K8ol4SUV/J5WFZ3uUlNUqCQ=,tag:tUXxZSEkJiTfZYYS/t26gg==,type:str]
|
||||
repositories:
|
||||
server9: ENC[AES256_GCM,data:8/V1EN6JnO91w1FcNDc3pg7O0wl6PlD7qxTIvIKYND88JMKG4Z30sjhjFkwEd56eeWvkaMPfz7VpiFAoDB2jpijGT85Zx8WnzTlfEqxN6hOutdeedgleMDEyUeMpiwxO+VhAtg==,iv:2PuXLSjOisaILTgOBExHagNnZ8iLTgm2IqEmVfm4P+8=,tag:K31fg8C8+mbneuLFEqqoBA==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
azure_kv: []
|
||||
hc_vault: []
|
||||
age:
|
||||
- recipient: age1u6xeayzwfdj9l0mg3f4xvjd8e9nemz5psqavauvacjgp2nku95yqc4f29s
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAzcTNPVDZFaXk0ZFJ0Wk9Q
|
||||
YjRYL1FLTWlSQ3c0YVpuQzY1a0lWUkMrSXhzCnAvRVJDSmg2SGJSLys2MG9pV3JH
|
||||
am95ajFaOXJyV0sxSGVRMXBmRC9EUjgKLS0tICtBYVBzVjFaelI2L0kxcm5lN2lj
|
||||
TFBRNDdFWFVjMytOSVFKMlFmMDIramcKKiBLQiLeEgC1Y07ZiPQ1DrreUckGdNJH
|
||||
AZSpXHM8NnBPRaOnsfwG1HpQHyPzR2JlgtHeCKRcZlYVU80+e2In2A==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age12aukzah0pt2rck52hwn08kezyxueqz2f49ld7hpyuzmu847vavdqkunn5c
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBiOWZSSTZCR29sLzl0M3A5
|
||||
aG5kQmpiamhSZGVSb2RZdWgxQnBjRmlCS1FnClVKSTQxSHpZTWZLZktUY3JYQ3VT
|
||||
ejRRZC9tWEpkcGdxRDJQc1lHNnU1bDAKLS0tIG9HbnpsZEVxQ2FEYnJxdVB2UEJQ
|
||||
TWk4MUlIMkNRUDg3Skw4UWhaQUk2cFEKuFT0WRhztMTRgT2uoU7V7pvn9JPUoI36
|
||||
QkL+mwZC4cU5dD/4gAJPcdbyBCTZbdyixpuEG3lKzMO6YkFp0EK/zw==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2024-01-10T23:28:01Z"
|
||||
mac: ENC[AES256_GCM,data:Ya9cPSZIymDQ1COrKy9avy6zPVjPHRCEXXsQvwWHffKXZYU4YvkgL8mteLkY+ehzzsO6OrLcyJEjOQmNal+eO2E6aA5Q4T+1jVLdzEnsC7aI/O3idg1i+2NJG/PBPiFToXoFUNvFrl4e+9TRKMFNcEuAoodSGpY9q0bmvtUDQlI=,iv:R//QJSFAq0pHvelhEWkeFVEb0qHoFcsSTKyhM/3BOgA=,tag:kQ5qgLkAfO4/RgxKocbwFA==,type:str]
|
||||
pgp:
|
||||
- created_at: "2024-01-10T23:25:57Z"
|
||||
enc: |-
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
hQIMA7zUOKwzpAE7AQ//ZrRUgB+kVbq8nQL+m25dI3SJW5Wn9Voqx1WizP6VM0Mv
|
||||
gOX6fqPAaz7+RpfFESHdybEEOJwWMCH4A0MrvgevEiiqfTeInzuDyLz51/ggcE7X
|
||||
TBHfbftD18CbK30pKSVy4T1yYO/igjGgIN/iX1YvHPbYXB4pmKCEZABxLaJrnCiP
|
||||
wMEcMxYP3qCIIMt81u0t1eIPCVpCca5u9D5JDJKBnvk7IeRoqwx6BQjIpvvdUn+q
|
||||
h8ek4VS7bTaS18Y47XF/FwfzgZoK5LTCMz/lB/3erGXzjzJ7Xpvmc828MUGqK3Po
|
||||
DDaeYM3X4o/p4vNUpQjGzrkB8/DE4UCDdQtFR90qgddMW6T8wKI2U1TTBECKaN5V
|
||||
t68UEEdnQUa++PteQhfK31B/EF6aVP0QAjMCCQYP9JUe+2mtbQcXpDdrO60QQNEG
|
||||
iNYeyCpLrQrveq7U9Iun35yY+mg9X+CX2mrq8kCG/9tynYPgFJ7NDSXNkIbdzYZF
|
||||
ONORPd/ka7ec1fLc5eWy8PQHTm7p/q9EBiWsCNsybR1RhXUyZ0n/G2x1SJ4llBi3
|
||||
oIRBx9QOIzr/gxPhuU8mUxx0lRaVW3n3jruGO0VsCIJSPqghC7xmN+ej0tUVvJty
|
||||
g+k4VHUGQYAPhUghOaNyaKA8G3dPwayjEsmjDdyhxIzxwdaSfZOwVA0zF+TS2zbS
|
||||
XAHeUuew4kPUR1uT7WNLyWglodmNb52Wyre0ysp83pDaFANRKgIefhUqWQkxzCGD
|
||||
vzxYAeIqv7flJvUcgQ4CdxiQO7NxgFL2M8wuPzpTiZnAotJxSTQo/u7rNiZG
|
||||
=W/mL
|
||||
-----END PGP MESSAGE-----
|
||||
fp: DD0998E6CDF294537FC604F991FA5E5BF9AA901C
|
||||
- created_at: "2024-01-10T23:25:57Z"
|
||||
enc: |-
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
hQIMA6j84+xkv3y7AQ//XQMb8Jl9JODaIUaR91XAzd2rq1SiRFmqcuIGY/Q+iAzx
|
||||
/G4+KJD6QQE7AWu9sofTTWDjyyKfGNCeqXBHBSLtaEbicAT7xZ5g8WEkEiF4fkc8
|
||||
ZMkPIzbP33jG1xnPXUOf9GjEUqNl6IbVKB1yg7lH9igpuesXWR8j/k0IcqTnJNRq
|
||||
CjBVlXra+Uv75ocYl+asrT19u2+YOLBZmOdS3WiSYS5lBtZf1wg4nUmC+amh7fSh
|
||||
mlTR5EfowvJvcHSbUvjehR4th57vNO0zyCeUxMeF3o174A5eUqZBc0VXDmDItncQ
|
||||
6cI5NkCNPZqGFh7g+IFpcwZAAYvBTaD+0n+cRtOYOg8uoIgrQD/6B3SCc021lWO7
|
||||
yeA31Q6Erjl5888tfbELhSx9/4zOfsQshEkMUdfdLGu/BvdH7XCT5BlmZA5gfxkC
|
||||
GHyJBrRB0m38QjcoKRn9TuFHb3jFJV/pO7j/EAvt3n2RJk5vAE6UnyT6kyvugdX0
|
||||
QEfQ0XKwG1o0WrT3LCsI56uRDOIELbKa58jNiyb51xCY146y0A+jB395SAM1NYrk
|
||||
Q7nt2udMIZDxwBLksZ6pobjYA6Lg1NMJ1IJdKYURVxZipeDPkpk+8pDQcfPiLfxS
|
||||
KYaWD6cKjKmufuDmXN0Ah4qv5x4KCRswZz8tkf1KNT9cRWOrutd4VlYTeP8csefS
|
||||
XAHX5Z8otY+wpTS+L/88VgnQCnsGh5+Vy/PEBhdY3Rs3IzVaxSsmlkwrH+I5eLL3
|
||||
MZFwmQxa5PA17zuK0f9QFXR8E8u8Q0qIhXwVizCgzTqhei2sNsq4NurExQOm
|
||||
=kD81
|
||||
-----END PGP MESSAGE-----
|
||||
fp: A5EE826D645DBE35F9B0993358512AE87A69900F
|
||||
- created_at: "2024-01-10T23:25:57Z"
|
||||
enc: |-
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
hQIMAwMCBBrc/JA6AQ/9EGyIqwto5nDXEbIt11hCPysW5GV45Y7xHhuwe1ir3Qd5
|
||||
6E7xnlvZ2LpHv4mLprowlzeVgyFi5Xn27V+di0XWTPjgLTNaXE59PQmHl8FV4rmI
|
||||
kuSb8xe6xDIXEvAKcs6I/00tZIAmB2Kbz/us+o6Lv+m1fH4aLDexNQeiTdOWNGrP
|
||||
ELGHq3++kMN2eFKdj7+bGPnUFa70vcMIVLVLMcc6hk8Dx2njaGqUPBJc82qSoFWo
|
||||
n4gJ3XYrjfmiRuIk+UsR2Wz4XP6U7HvtZh5e9thPlFxBTovJYpR4+yFQFDgCcCpM
|
||||
eN6p49w2LR/UmVxlq5R4j5l0+KWD3nPYF/kRz7CpnpFdXL4Hh9tMoBA3SnVbyrty
|
||||
rkanz8pNB2leQZBaYE9yQICe+x0bgQr4UceCzLgciqi/Sa6dttDFSUYy4NeIYd+H
|
||||
pK1JWXEhYb4b2qxy/LjU/KA4W0I9SgN2M2tuPuo9mVMVFNT21vtTF/7sQO906pR7
|
||||
JZ2IyesK0j89XPfj0pXl/Wz2lICmWmgEtdKCDiHe+jsNxk+KEHigvV0nBFV1OZ+h
|
||||
OnX3Jcy8DfuDH2o6I8E1GK41E1SNVElU2re4Lf0VFzdS12ZWxkKB1Mh/RNWXAO2m
|
||||
2hBQBYq/8XFVkmeqymQTkGqPWGDKt1KP5cydFcDxFXuICS5qK+iaLxbTdtdp30PS
|
||||
lgEuyDh5h3lRPj2kGMopH6Kx3l596kwk5jB1s2UAG9kpBRRic9osVdpjnoSlVncs
|
||||
S7PZN6K9wR25aiRY4HD7u/4Gh+64Umimxq7PeMNMepzwldylhX8VkDOG0Zor8+zS
|
||||
mU0bnMtU82SJ57O+mwbha48ANnNGiKL6a9EkN5IohJ76pimdMo2/Fsm1JDTWIKKm
|
||||
+vr5YhHH0g==
|
||||
=ZUzH
|
||||
-----END PGP MESSAGE-----
|
||||
fp: 4F9F44A64CC2E438979329E1F122F05437696FCE
|
||||
- created_at: "2024-01-10T23:25:57Z"
|
||||
enc: |-
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
hQIMA/YLzOYaRIJJAQ/8CBJxvFqXLzEejnklM1bxJzpsgR1RzcegR2vaFUoZCbbm
|
||||
uh+3A8blElVrN+tLajxfvJ8y0gqETR5WoBGkScfVOOFKO8YTDzeYxX5WKCRvrIW4
|
||||
5+8HlQMhPo0UOVaWpyTK2c5lhpiVIYovMgv+Xm0kQPaoZFlL8XigFRC3TLh2OlVC
|
||||
yR8AJ9D9GcjGn/1eF7Nn/qfJ/i6x7DH7LomsHUm7wYuSJlHpZkQk9WeKSu/nP+EO
|
||||
H5Db3z5M4T4iQG6K+WM4WvOSqXtgwsFKKsFcizNWeEko4VSM/X/rEgXZwLlt4orZ
|
||||
fhsWD71GpJcoCBlXYQcBzej8JzrfISeHHc0i7HGbdxWx/HlilMBBKt9XOWEVpz8P
|
||||
uAZh+nITgB2Z/B0HNMZry1kAUKTGnRFwGs8O0mY2PYsdqEb9JkjCutcT32qQRn8o
|
||||
GdRYV9D4APuD4OlUBOM2gGK42kgrnV718oi2ETPf1o7e0JRGP+Q1QgNqrzo1dbx5
|
||||
jAAFC9YWpgOI0VDAF0gK717/ZK2IbAT+PlD0r9GC/FnytMwt/J1IYlZUpG0uDAwb
|
||||
iSnFjTzIIAbj6iRSvj6GrHStZzZXhnma6GXDpaRNG12jQs5xJNQFkoQOBI4G9bEr
|
||||
GBu5GidrjcV9rNBQykHF00zVE1YxXfUNZNehjWX8MgIlL++Jx0yZ2TYEVFbIcDvS
|
||||
XAF0A6WnSFp3i6h2Ib++UAStbvlOd11TKWoUB7tiS+5jsqV1O3Ju0H23VVg2cbac
|
||||
qAkf+juCXgjBbWo2MNWt3wF1InnW5LdBtNQ/Ew7MDdxckN4bfpAby3ZyP4Ct
|
||||
=fTgs
|
||||
-----END PGP MESSAGE-----
|
||||
fp: 91EBE87016391323642A6803B966009D57E69CC6
|
||||
- created_at: "2024-01-10T23:25:57Z"
|
||||
enc: |-
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
hQIMA9qJIVK2WMV7ARAAiU7Mo3JpIQvRQbEOVo9sKaZyrcKQr9LZkkS/mSYAS97J
|
||||
pqsgCTOMptOxVLs/AGIlXzjCySa7hN0taOhmq24AYWalWaUS5M+/3jMLuVFmipjz
|
||||
+zN8atyXePP/mi454VfI5etJvyKFD/k9emf9GZUcccjWUsCAgLAuxrOsKwof1mG8
|
||||
pK4otyjqwzIHDAD2wvGEaOn4JsDk5fpu+mAoxnftFUQNXNzpMdNmYqWaJ8gqJPQT
|
||||
u/Qfd/q+V3zIjn4ac7xvpbSNW3K0MHgJBE0HjUUmcjZAOv35+Gh1kebjxBmVBcz5
|
||||
ZBYGZn23rJXEJ1B3ll63Hu/bI3cxsJCSQwY0m4gVMaCmcdP6J4Gz2rmfsUofD6/s
|
||||
hxOz3bd7XtRv3VnwuPg+i55mHKVo+gOV9PKLLo2Qg6qJC/1nTa1tA2S4nz7/tNku
|
||||
2WUP7EKltchE7UiOcDqzNGBQ0/O/tRm7phRtPQZujqO5IkGdCKrnKx3ufbjgS8lr
|
||||
m0BeqEXTOv8MnQUj+Ij7WEphnlQZP72D0yn+z43abt7vKDuCQCg4DOkdtvMmSgy3
|
||||
ozQQ3Nxp0Yq9k7NNNFcXr2CP3wULay4lTEaYkP9069p2IJUlhFuzMdxgZYeaImxP
|
||||
Y9KeHVjBvCgZC6vDTrpGzruxSTjqPoIuYsZNFB72bGFRHA0mIyg1ulaXH+EtWLLS
|
||||
XAFeLYmBL/WVdHyTv0qMUiiTxjnXUBggevJKELuG5DQFcGUfqJXiTz4GgPs8MFnU
|
||||
XNW3PfuUAfBnjUL/lMShK8RwjGV5rB9BMFLiW6KBA4SQtR19+VDj4f6/UG1o
|
||||
=N2EP
|
||||
-----END PGP MESSAGE-----
|
||||
fp: 53B26AEDC08246715E15504B236B6291555E8401
|
||||
- created_at: "2024-01-10T23:25:57Z"
|
||||
enc: |-
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
hQIMA9XEenRNYVGHAQ/9FKMrVDwiq7jRUKQ4bKmxxeHEzw2q3Vd6Rg60zYen6i9s
|
||||
lloXo0FPW50Z6pMVWzjaY5Q/5hYZg+ZyZaBQ/7SmPMwx302fWhXhZA8sWOc9IBQM
|
||||
WodC+Se3/UzbF4y+GMr2McaLb+hWI21v5fxR2dNxamlLkwCsD6uI/6OMM8wb9cwn
|
||||
/n5Z+b/ZTbWDrIQsCMyoDl3X/K53tq6XMB8JeQRk5T4XS9viTwpFTVh3Z2qfpDbi
|
||||
IqdQDBtZy+RwQaStsaInfujJ6i2Q+DY9uFeH9gZfpGyv2I/jV834tVt/01XcpMsX
|
||||
WODs8WFCXV102FQmgE/FtSidHDUZhFanep1Np9289eqBQyPNA6Puc5JaTXJQebH9
|
||||
1Pkh0gadHXb0AKo5JC9qU64hYHuZj1XVBKiY/FYZYWf9t1UgOD3svd4ARvB3SXYk
|
||||
zUlXE4IG48tgMypPzsXoWWoKWrZdknk9f3XCAiSMpsGVexSyIBw6MRBUhLy2P+UN
|
||||
2VTY90HxDot+mMX25ReO7GZuSP0zC0c46pFTnjceDyYLOLX0zEg+C6WVt41n8eh4
|
||||
21J/Y44z3EOsSV9Se0c0JY6g0SbcoEeeksl6y7/QOGi5lE4+iiZvLycIUSSuAr1w
|
||||
0KZog7LPFx4x1ldbxSM9IwHP4rjeAKGEcBiurkUwMJONg880KGFiw7Sa4Hj6xzHS
|
||||
XAGLnEMoxLOAQIOsXnKwJaLE9WlvJygtNWUGjAnJ6QkgbQYLvVxKQKO0qX1OQftC
|
||||
YL8AbVFIOVEy1Amv3SOV7Clf/eYf/KJstxfuVDtYS6ExZjZP4vPvQwMFv5MC
|
||||
=QIMx
|
||||
-----END PGP MESSAGE-----
|
||||
fp: 4B12EFA69166CA8C23FC47E49CD3A46248B660CA
|
||||
- created_at: "2024-01-10T23:25:57Z"
|
||||
enc: |-
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
hQEMA45bZkLXmBFpAQf/WSGRCrTOEjDV9BjWKarS1OxtZxst4Q4mDQpK1P16TbnI
|
||||
re32mQWTyJ90RHhO00YOM7vbdT4+QMoIjhprsY5bdktHFXt5S7eyUszpKUif2dCj
|
||||
rt5FaX1R9F/bT6epcWacKknz9ZAlY4R5ZmRb+q4RI50xdFcAUmBzXkKPj2b8jeP/
|
||||
ONbCVl/tjWlrgpja3D1hnJ94Yo0AtmoioZQXjHKM/8jz8EBAty3clVwEbwaF3pRW
|
||||
q8gKeoUiQT12Tsp4bUt7ZxrMFiVDRRhxGvlg1hUSn/NEnOH82Bnd/pRWWUAiCUA8
|
||||
LYskoTfPC359Zv17W1Fx/REmRVRt9bBhZtmt72lj9tJcAf13pB7rFJ40p1E3BAMH
|
||||
3PsFDEYQVbDKGhdDe2HaSLVDq85sMpCyG+MmkpoukQrgK6VOfh+YqqGjmsqBZLoJ
|
||||
aHuGUKpRqORu8RkTbiSIFXlnoO2yg/qFLaS1ouE=
|
||||
=Q2L0
|
||||
-----END PGP MESSAGE-----
|
||||
fp: A4B0F5A80C2E2448A97BEC25BB829C4DECA6CCB9
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.8.1
|
|
@ -6,12 +6,6 @@
|
|||
./stats.nix
|
||||
];
|
||||
|
||||
boot.kernel.sysctl = {
|
||||
# table overflow causing packets from nginx to the service to drop
|
||||
# nf_conntrack: nf_conntrack: table full, dropping packet
|
||||
"net.netfilter.nf_conntrack_max" = toString (4096*32);
|
||||
};
|
||||
|
||||
c3d2.deployment.server = "server10";
|
||||
|
||||
networking.hostName = "public-access-proxy";
|
||||
|
@ -19,9 +13,12 @@
|
|||
services.proxy = {
|
||||
enable = true;
|
||||
proxyHosts = [ {
|
||||
hostNames = [ "vps1.nixvita.de" "vps1.codetu.be" "nixvita.de" ];
|
||||
proxyTo.host = "172.20.73.51";
|
||||
matchArg = "-m end";
|
||||
} {
|
||||
hostNames = [ "auth.c3d2.de" ];
|
||||
proxyTo.host = hostRegistry.auth.ip4;
|
||||
proxyProtocol = true;
|
||||
} {
|
||||
hostNames = [ "jabber.c3d2.de" ];
|
||||
proxyTo = {
|
||||
|
@ -50,6 +47,15 @@
|
|||
host = "172.20.73.69";
|
||||
};
|
||||
matchArg = "-m end";
|
||||
} {
|
||||
hostNames = [ "c3d2.host.dresden.zone" ];
|
||||
proxyTo = {
|
||||
host = "172.20.73.73";
|
||||
};
|
||||
matchArg = "-m end";
|
||||
} {
|
||||
hostNames = [ "bind.serv.zentralwerk.org" ];
|
||||
proxyTo.host = hostRegistry.bind.ip4;
|
||||
} {
|
||||
hostNames = [ "blogs.c3d2.de" ];
|
||||
proxyTo.host = hostRegistry.blogs.ip4;
|
||||
|
@ -82,11 +88,11 @@
|
|||
} {
|
||||
hostNames = [
|
||||
"hydra.hq.c3d2.de"
|
||||
"hydra-ca.hq.c3d2.de"
|
||||
"nix-cache.hq.c3d2.de"
|
||||
"nix-serve.hq.c3d2.de"
|
||||
];
|
||||
proxyTo.host = hostRegistry.hydra.ip4;
|
||||
# TODO: enable in hydra
|
||||
# proxyProtocol = true;
|
||||
} {
|
||||
hostNames = [
|
||||
"zentralwerk.org"
|
||||
|
@ -94,23 +100,20 @@
|
|||
];
|
||||
proxyTo.host = hostRegistry.network-homepage.ip4;
|
||||
} {
|
||||
hostNames = [ "mate.c3d2.de" "matemat.c3d2.de" "matemat.hq.c3d2.de" ];
|
||||
hostNames = [ "matemat.hq.c3d2.de" ];
|
||||
proxyTo.host = hostRegistry.matemat.ip4;
|
||||
proxyProtocol = true;
|
||||
} {
|
||||
hostNames = [
|
||||
"element.c3d2.de"
|
||||
"matrix.c3d2.de"
|
||||
];
|
||||
proxyTo.host = hostRegistry.matrix.ip4;
|
||||
proxyProtocol = true;
|
||||
} {
|
||||
hostNames = [ "mobilizon.c3d2.de" ];
|
||||
proxyTo.host = hostRegistry.mobilizon.ip4;
|
||||
} {
|
||||
hostNames = [ "drkkr.hq.c3d2.de" ];
|
||||
proxyTo.host = hostRegistry.pulsebert.ip4;
|
||||
proxyProtocol = true;
|
||||
} {
|
||||
hostNames = [ "scrape.hq.c3d2.de" ];
|
||||
proxyTo.host = hostRegistry.scrape.ip4;
|
||||
|
@ -131,37 +134,22 @@
|
|||
} {
|
||||
hostNames = [ "wiki.c3d2.de" ];
|
||||
proxyTo.host = hostRegistry.mediawiki.ip4;
|
||||
proxyProtocol = true;
|
||||
} {
|
||||
hostNames = [ "owncast.c3d2.de" ];
|
||||
proxyTo.host = hostRegistry.owncast.ip4;
|
||||
} {
|
||||
hostNames = [ "c3d2.social" ];
|
||||
proxyTo.host = hostRegistry.mastodon.ip4;
|
||||
# TODO: enable in mastodon
|
||||
# proxyProtocol = true;
|
||||
} {
|
||||
hostNames = [ "relay.fedi.buzz" ];
|
||||
proxyTo.host = zentralwerk.lib.config.site.net.serv.hosts4.buzzrelay;
|
||||
} {
|
||||
hostNames = [ "drone.c3d2.de" "drone.hq.c3d2.de" ];
|
||||
hostNames = [ "drone.hq.c3d2.de" ];
|
||||
proxyTo.host = hostRegistry.drone.ip4;
|
||||
proxyProtocol = true;
|
||||
} {
|
||||
hostNames = [ "home-assistant.hq.c3d2.de" ];
|
||||
proxyTo.host = hostRegistry.home-assistant.ip4;
|
||||
# TODO: enable in home-assistant
|
||||
# proxyProtocol = true;
|
||||
} {
|
||||
hostNames = [ "pretalx.c3d2.de" "talks.datenspuren.de" ];
|
||||
proxyTo.host = hostRegistry.pretalx.ip4;
|
||||
# TODO: enable in pretalx
|
||||
# proxyProtocol = true;
|
||||
} {
|
||||
hostNames = [ "vaultwarden.c3d2.de" ];
|
||||
proxyTo.host = hostRegistry.vaultwarden.ip4;
|
||||
# TODO: enable in vaultwarden
|
||||
# proxyProtocol = true;
|
||||
} ];
|
||||
};
|
||||
|
||||
|
|
|
@ -28,7 +28,7 @@ in
|
|||
type = lib.types.submodule {
|
||||
options = {
|
||||
host = lib.mkOption {
|
||||
type = with lib.types; nullOr str;
|
||||
type = with lib.types; nullOr string;
|
||||
default = null;
|
||||
description = ''
|
||||
Host to forward traffic to.
|
||||
|
@ -73,7 +73,7 @@ in
|
|||
|
||||
proxyProtocol = lib.mkOption {
|
||||
type = lib.types.bool;
|
||||
default = false;
|
||||
default = true;
|
||||
description = "Whether to use proxy protocol to connect to the server.";
|
||||
};
|
||||
|
||||
|
@ -137,10 +137,8 @@ in
|
|||
lib.concatMapStrings (hostname: ''
|
||||
|
||||
use-server ${canonicalize hostname}-http if { req.hdr(host) -i ${matchArg} ${hostname} }
|
||||
server ${canonicalize hostname}-http ${proxyTo.host}:${
|
||||
if proxyProtocol then "${toString proxyTo.proxyHttpPort} check send-proxy-v2"
|
||||
else "${toString proxyTo.httpPort} check"
|
||||
}
|
||||
server ${canonicalize hostname}-http ${proxyTo.host}:${toString proxyTo.httpPort} check ${lib.optionalString proxyProtocol "backup"}
|
||||
${lib.optionalString proxyProtocol "server ${canonicalize hostname}-proxy-http ${proxyTo.host}:${toString proxyTo.proxyHttpPort} check send-proxy-v2"}
|
||||
'') hostNames
|
||||
)
|
||||
) cfg.proxyHosts
|
||||
|
@ -161,10 +159,8 @@ in
|
|||
${lib.concatMapStrings ({ proxyTo, proxyProtocol, ... }: ''
|
||||
|
||||
backend ${canonicalize proxyTo.host}-https
|
||||
server ${canonicalize proxyTo.host}-https ${proxyTo.host}:${
|
||||
if proxyProtocol then "${toString proxyTo.proxyHttpsPort} check send-proxy-v2"
|
||||
else "${toString proxyTo.httpsPort} check"
|
||||
}
|
||||
server ${canonicalize proxyTo.host}-https ${proxyTo.host}:${toString proxyTo.httpsPort} check ${lib.optionalString proxyProtocol "backup"}
|
||||
${lib.optionalString proxyProtocol "server ${canonicalize proxyTo.host}-proxy-https ${proxyTo.host}:${toString proxyTo.proxyHttpsPort} check send-proxy-v2"}
|
||||
'') cfg.proxyHosts}
|
||||
'';
|
||||
};
|
||||
|
|
|
@ -0,0 +1,40 @@
|
|||
{ lib, ... }:
|
||||
|
||||
{
|
||||
networking.hostName = "schalter";
|
||||
hardware.enableRedistributableFirmware = true;
|
||||
powerManagement.cpuFreqGovernor = lib.mkDefault "performance";
|
||||
|
||||
boot = {
|
||||
loader = {
|
||||
grub.enable = false;
|
||||
raspberryPi = {
|
||||
enable = true;
|
||||
version = 1;
|
||||
uboot.enable = false;
|
||||
};
|
||||
generic-extlinux-compatible.enable = lib.mkForce false;
|
||||
};
|
||||
# no zfs required
|
||||
supportedFilesystems = lib.mkForce [ "vfat" "ext4" ];
|
||||
|
||||
tmp.useTmpfs = true;
|
||||
};
|
||||
|
||||
nixpkgs.config.packageOverrides = pkgs: {
|
||||
makeModulesClosure = x:
|
||||
# prevent kernel install fail due to missing modules
|
||||
pkgs.makeModulesClosure (x // { allowMissing = true; });
|
||||
};
|
||||
|
||||
sdImage = {
|
||||
compressImage = false;
|
||||
imageBaseName = "schalter";
|
||||
firmwareSize = 512;
|
||||
};
|
||||
|
||||
# can't find zstd library on armv6...
|
||||
services.nginx.recommendedZstdSettings = lib.mkForce false;
|
||||
|
||||
nixpkgs.crossSystem = lib.systems.examples.raspberryPi;
|
||||
}
|
|
@ -1,4 +1,4 @@
|
|||
{ lib, config, pkgs, scrapers, ... }:
|
||||
{ pkgs, config, scrapers, ... }:
|
||||
|
||||
let
|
||||
freifunkNodes = {
|
||||
|
@ -30,36 +30,21 @@ in {
|
|||
default = true;
|
||||
forceSSL = true;
|
||||
enableACME = true;
|
||||
locations."/".root = config.users.users.scrape.home;
|
||||
root = config.users.users.scrape.home;
|
||||
extraConfig = ''
|
||||
autoindex on;
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
sops = {
|
||||
defaultSopsFile = ./secrets.yaml;
|
||||
secrets = {
|
||||
"scrape/matemat/user".owner = config.users.users.scrape.name;
|
||||
"scrape/matemat/password".owner = config.users.users.scrape.name;
|
||||
"scrape/xeri/user".owner = config.users.users.scrape.name;
|
||||
"scrape/xeri/password".owner = config.users.users.scrape.name;
|
||||
};
|
||||
};
|
||||
|
||||
systemd.services = let
|
||||
serviceConfig = {
|
||||
User = config.users.users.scrape.name;
|
||||
Group = config.users.users.scrape.group;
|
||||
};
|
||||
scraperPkgs = import scrapers { inherit pkgs; };
|
||||
makeService = {
|
||||
script,
|
||||
host ? "",
|
||||
userFile ? "",
|
||||
passwordFile ? ""
|
||||
}: {
|
||||
script = "${lib.getExe scraperPkgs."${script}"} ${host} ${lib.optionalString (userFile != "") ''"$(cat ${userFile})"''} ${lib.optionalString (passwordFile != "") ''"$(cat ${passwordFile})"''}";
|
||||
makeService = { script, host ? "", user ? "", password ? "" }: {
|
||||
script = "${scraperPkgs."${script}"}/bin/${script} ${host} ${user} ${password}";
|
||||
inherit serviceConfig;
|
||||
};
|
||||
makeNodeScraper = nodeId: {
|
||||
|
@ -82,18 +67,21 @@ in {
|
|||
scrape-xeri = makeService {
|
||||
script = "xerox";
|
||||
host = "xeri.hq.c3d2.de";
|
||||
userFile = config.sops.secrets."scrape/xeri/user".path;
|
||||
passwordFile = config.sops.secrets."scrape/xeri/password".path;
|
||||
inherit (pkgs.scrape-xeri-login) user password;
|
||||
};
|
||||
scrape-roxi = makeService {
|
||||
script = "xerox";
|
||||
host = "roxi.hq.c3d2.de";
|
||||
};
|
||||
scrape-fhem = makeService {
|
||||
script = "fhem";
|
||||
host = "fhem.hq.c3d2.de";
|
||||
inherit (pkgs.scrape-fhem-login) user password;
|
||||
};
|
||||
scrape-matemat = makeService {
|
||||
script = "matemat";
|
||||
host = "matemat.hq.c3d2.de";
|
||||
userFile = config.sops.secrets."scrape/matemat/user".path;
|
||||
passwordFile = config.sops.secrets."scrape/matemat/password".path;
|
||||
inherit (pkgs.scrape-matemat-login) user password;
|
||||
};
|
||||
scrape-impfee = makeService {
|
||||
script = "impfee";
|
||||
|
|
|
@ -1,185 +0,0 @@
|
|||
scrape:
|
||||
matemat:
|
||||
user: ENC[AES256_GCM,data:ApTjMg==,iv:GW5r7RKp7bFCKCSz0svezWOovOvSVil2QcDVRZum3n8=,tag:ZELz/h1lpSWJnkxk3hrzrA==,type:str]
|
||||
password: ENC[AES256_GCM,data:mWp0GQ==,iv:74Kt126u85Mup/hgRXP0txXWpwdL8bsljm437CAQVEI=,tag:BB5qx9XRKLXBO4rBiDsAFg==,type:str]
|
||||
xeri:
|
||||
user: ENC[AES256_GCM,data:S8wqkzQ=,iv:X7q4MZd6YvtGOmSSyIk46zJNqUNWMnqlZN5U28+6sAg=,tag:VyQxKFuGvF855/e0dQiPgg==,type:str]
|
||||
password: ENC[AES256_GCM,data:0CByy8YUzg==,iv:egZ7zNVkgU7S3qlp2TSzWWJgNIYxMavRmYrChsiLfW8=,tag:tMzGmy4QtDkZLXlyuwjlzA==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
azure_kv: []
|
||||
hc_vault: []
|
||||
age:
|
||||
- recipient: age1p60rg45qrzpv2hcfzxl8d8k9afkk7dtrhr98cngeyuhlega83ynssmtx5k
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBiSU1uaDhuV0dXV1h5R0pC
|
||||
SDNtd2hLNDdPT29yTUV0cXJLWmMwKzV6VERzCnpIYmtXOGZjK0dUWnkwNTRrNmZX
|
||||
SmVJekx3QTNZeHBYRVZRRmFIRlFRRTAKLS0tIGNjM0RVWHB3NGVEd2FIWk83cmwr
|
||||
R21DUzZqdmx0NVFyUUxncHhFbHFGS0UKfXEJ8xRIgxl6tIYCHdX7lLZrkeMajM9e
|
||||
ZBRZ3O+MEDoggFFuX+BG9Vgzqnx/VZLqKfV1lPdRTw4MO6FJa3b7Cw==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age12aukzah0pt2rck52hwn08kezyxueqz2f49ld7hpyuzmu847vavdqkunn5c
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBnTGZhVEpDU1NVd3VaVWk4
|
||||
WW9XZHA4WktSZ2c5VEZCL0t0amp3MVRBb25rCkpEc25iekVtUkpCNUluQ051aE1k
|
||||
b0FYbHAxZE9CS0FHNmxTNGFNcnlJMEEKLS0tIEQxWDFvNCtvRlJtUm8wZkkzU0VJ
|
||||
TENFenF2aXkzdGNIN3RMS2wrVElZTEkKsGGldAOhRoVpCHqwRb3I2HwimFYRKWT0
|
||||
YeBqNT5Dy27i5BDuPZwXtMrtcHri6Tm6VPhqDO+nZJN9NPZZYm1Kjw==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2024-04-15T21:12:51Z"
|
||||
mac: ENC[AES256_GCM,data:YMuDMci1dROUd6Jt7fS6kQVUQL1bsE86Fl9SlCxGWGLhkYMBfWBMSdPU32P6bnalGv/R7MRmMagfKBLbOYNsOSssIqBQVkvdHL+SgO480ffrwlLFJBtxxe55xbtG9wtVGisUT57/YO2/EOB7/SMie3GFgaCw2LZ9vvG+rHm2a2U=,iv:gk0d/6c08Fc4BdWZ3uMsGjt60CpZTFwf7YiL7+KNS2s=,tag:wXNax0sDjFI8MdI+o+QmQA==,type:str]
|
||||
pgp:
|
||||
- created_at: "2024-04-15T19:33:46Z"
|
||||
enc: |-
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
hQIMA7zUOKwzpAE7ARAAg52rUu9zqY5bp0jU7QMjNfmrrioIC76HdYrFfcHrvFWa
|
||||
at8F6RS0HjHrqboe25anQHIqs5rR2hmHFbok91238FLE34JDziDxsTzg8y9ZFaAJ
|
||||
3fDLJUxtpmqA+pPTp+agiMArSwjBj9zaGwkaZB/RUFxh2AsGuAae1aoH4jrhrczb
|
||||
PhXaUtA8iTWtPxVG+vnWAHYaW1ETmdi40jMInmxJFYW33tokQQY8QZmMd4yqVLXy
|
||||
tXv74cw4EFp+G4YV+LZ/PA3naq9UdjO5e1la4Xo5PQt5B7tOhphpCrhLxBQ5Oklq
|
||||
QT8XprZZBUrHj9eu4XrG/0OldwhruSXtYc+uLJjSytw2omqq6iqkQ4h6BmToCMdu
|
||||
p+LSNc0s2RCLZtK/j1Q2RRXcsdplzT4vA3n7mb02xYqxyDKtNqDPNjDY3INwgNVj
|
||||
DRldSCv7NSuKyDanRLOoVQwO7YnhpyMB7jSnNtHqzlGokQXiQiNFy6Jhm+yT2c7R
|
||||
BZHXG2QxM1Yo0uvsksIgFmlz+3vbPhjU2HiOMu1yF37AT8iEqSRfdhjJ3Rp8PejN
|
||||
ZWquOqm4WVbSbkzLvcYzfNXyHROwniqi1ej2t66E6kSwMn0WGxDiCuJpMwxvjXNY
|
||||
BqjTA5psnMGKOsOEBUNfuDbFRZeUK0LMEq0NNmr5d57bXdUB7tyGjz7XiD/48wvS
|
||||
XgEk4ykHUoQQbVCXibQaK4YBxFWFbwPVmUccAuqm04PiQxM+zNw+j7gIasC4p7a4
|
||||
XkMrEMQlR+GbfA8FX9TpHfRDSRNKfGPd9JS4F4J7rRGc5TfLrXnza3qJ+VWIrp0=
|
||||
=Ah7a
|
||||
-----END PGP MESSAGE-----
|
||||
fp: DD0998E6CDF294537FC604F991FA5E5BF9AA901C
|
||||
- created_at: "2024-04-15T19:33:46Z"
|
||||
enc: |-
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
hQIMA6j84+xkv3y7AQ//aSAxvtWOX3F3DpefehuwM1fzdjbWC2KBuTFof5iLBuCQ
|
||||
AFMZ7eyRw1pc1Pztgf3e5C8T8hioiTZqSycwBCWg5onaYTh60pBU/HpyJ9t/9f+q
|
||||
A7xXlG3YWG1Dg8iLmmIMIzSXmELl5fnibpr+FJ4h7xLaDU5NoER3FOFGB4UdLpbM
|
||||
olgekLPvrrRdvntdrDAMtTIOqLiHiTLg5WF37jasLaSfIBaGDJFeNQS4XGjAsujU
|
||||
XjNzFFdsswzY09AeK5Bea4jt5vubuF02mIwaUG/oNDADCrJg0Ipb5JMY7GPfsrK9
|
||||
kSoS5JuPQX8yxCCloyxDY+KwDj/HpaR9NHMPGis4ZUbvekCdwIRf6AU+Ozy9sH11
|
||||
TtSN9HIu3vWVJnRZaxsIP1kq0gqWNVLFpzF2Q9CwkxkL5+QTc6Ginq8wdOAoKciJ
|
||||
lV6WpYYNomhzNb3Fg0tQ+ToxnKYk7mq8Rj9Hk8Y8klyk4CkdakdZOuBY+HsJg6Cs
|
||||
AW6kxln/6IKufJ+vqJabK7VEA9DDILe6etzrgBXOpIrgv2IkFWqMRiy343O0eIFJ
|
||||
z1g32Qk4XjgLQjPWFZcAup6BDGa8LrcuQRzR8LLE2Cn6m3l2cPzRfAIXw1JF3I0Q
|
||||
EJzrYtfxeYJ7uvmfCrP5xxeeu6CS8W9BonVmBwg8uUf7xpWqB9im3rbWwiOno5LS
|
||||
XgFPFk3GTTJ3epZttrBQb1UCj/qRz6syzCJBhWphZ7IDMHCMwz0ciz85s7+1Zx/s
|
||||
eN6fGW1/eDmLEFbPcJQaOlIoP2m2quyLm2CV1jDWzICaU5vNwNBqx4bAEO1dUWI=
|
||||
=pzrL
|
||||
-----END PGP MESSAGE-----
|
||||
fp: A5EE826D645DBE35F9B0993358512AE87A69900F
|
||||
- created_at: "2024-04-15T19:33:46Z"
|
||||
enc: |-
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
hF4DqDJbhoEBo+ISAQdAaNoODKpQSzZlxoH64hqL6PHGvUqW+VW82LHnncGPlWIw
|
||||
SNhLu1YlZoP5Im/ypPAbBmCLwingTW6nCs86TyFT0yuTckgg9/lG2gR1dp1xGLmt
|
||||
1GgBCQIQw4aYzB5FZF+TXerFEznHAZbfLEPslnCdGvbHNY8iVLONIXXL4d0/w/Hd
|
||||
Pg/61K3sqELrKHJ0WKoLJs1mbVJsMJQZlccrB/nsQgOT6vb/VsvVBjz0Hz2H2jhH
|
||||
YTa+odDFFyf4/w==
|
||||
=gnax
|
||||
-----END PGP MESSAGE-----
|
||||
fp: 8F79E6CD6434700615867480D11A514F5095BFA8
|
||||
- created_at: "2024-04-15T19:33:46Z"
|
||||
enc: |-
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
hQIMAwMCBBrc/JA6AQ/+MfHuowztzKaPYiztsu5SjjCYRuo7F0Hy8BPTm+pwOVl5
|
||||
omTzwKZN3y4ntG/tHKMQWf0eNC5KTYFGzEfrSUkoYYq8S3Sc9NHja/Z9dxaXOdeD
|
||||
G35K7j5SrarbJ0DqbM5ocY0z6LlXn6pjzb/0sytmS+2lqG8+RV8k5oQoDpoenu9M
|
||||
3JgQGONstgUJa7a8+2o81h7hQNyL74UvHts2dzaHCJADePlbbnC1mu/7+SuGcaoc
|
||||
WXOj9TopgqlkOhfnNFQuDevdwpnyNP3rSnVx5bIdU8exqbLEXRIuPH1x/Je1/d94
|
||||
ZP80x3CKu+u6PUexg+9hmva9eqhxBvaCcov8kYSw7fx+3ln6/nocIrjTGtZJhyca
|
||||
VASrknMDPAwfl/YtpIwSnJzLL48+QAOv0o65eEiKZpVlP+hgHeQa5R8FoYbvb8Az
|
||||
oGQbsKrDcljHW38OsHZfeblGQgK8h4aq1LtnxDgEpFrOPy8awSzSyUMrLDh7iqI7
|
||||
Z8ANEjDOyfoNpzC/076mhKnvdqx4d+ZkqXpc69/abuwem2PK4U9FJg5vrn5X8PDT
|
||||
XMNiJDDe7vUs/8qXp5KfGrgLMVEJH0yI5rbMmPamsUtluuSOIiSkNcqVgaxTb9gL
|
||||
vJplfBUrpq0L9y4AZYNQ5tUDiZ2a9g0yg/ZZJi2eE23qBWGhaBrta1OtJ3/C+lPS
|
||||
kAGDffOrSR8xoIAKzCmMhkFoGfOFMpR07tXSqSnaF0sKQ6cCL8BMXErcpDVKJhWc
|
||||
QtZL/oL9J3WE6mr+264owKzfDnTZJsLoroTFTYzNZ2+5IYrPhtOgRwfu+YSmOd99
|
||||
vAuc1OmWXaKoJYaMoPCkpHTxrWSGdOcm8UKNRG3qGEopN0giOuXj277jlPvFl9rh
|
||||
Dw==
|
||||
=Iy0+
|
||||
-----END PGP MESSAGE-----
|
||||
fp: 4F9F44A64CC2E438979329E1F122F05437696FCE
|
||||
- created_at: "2024-04-15T19:33:46Z"
|
||||
enc: |-
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
hQIMA/YLzOYaRIJJAQ/7BZqV4SwzIdBlwXm+9ZA5NTIvLcrmBvensjzIduCtqWHT
|
||||
l8+SK5Mhh0wTjZI5oppuOqxVjo7pdrq2v92gIowHkIQp7WrR5l2UnMzebjvaAS8M
|
||||
yOdzuFGUpyJADEvdsJoLzXXOhrbK10wflbLsduSm1nEJGMu79kj8xM3esaN88fjH
|
||||
PgkmuyBcfQQvArUjxhJ7hKVusJZDhrlyj6XiaQDAF45Is+XctpwLbc8E2t1gbgPI
|
||||
8Q43BXHBvfYLoUQkztqP5kFsRe2v5QtKESGIiKurE4JhF0CgSny8n/HLCK1Dg26F
|
||||
JzfQ1yfmUbd4wEvovqn260sUd00H5WAUg2B6sZIqeo72EizeaA2ElIcWETRT1tqG
|
||||
FabAkJuqh4doJ+rUCv0LmJmOL4b9Uja7xjcZPtyW4JOnuY6xDTh5YO88XUA6ktsB
|
||||
4s3heYYwdUTEB99VrSBI89ooineCPL+d7oRuZwJT/OJKd0Jxtt2cMhJe0xNeNcwX
|
||||
ILm7kQnzqq2pK0Zx3VsFDlAsqWdMsmrv1GwfCN98MSd3JIcB5JgAbrACjvQNc77N
|
||||
fqnZ4FQlBSp9rCdgcnb8mahctgf6IvGLUHg8ySj+k7zq410JxfAIYeCaUllyd90q
|
||||
/QfqfhehMlXWZZN5R0+BoGI8zj16osU7yi51g8n2u4DgvBV6A19nIb7TanTFCyfS
|
||||
XgH6t33tJcjqCCnwLacoixny6WJy4GBxEtHmogWKNrpiduS642JmBd6LXx9sYWCO
|
||||
qu+Vhf69wDc5GFfaOZ9tT1Tj8Go5njBiy/fZlDZ8Sa4DHZwnxjPZ6Xf216lKww8=
|
||||
=V0vD
|
||||
-----END PGP MESSAGE-----
|
||||
fp: 91EBE87016391323642A6803B966009D57E69CC6
|
||||
- created_at: "2024-04-15T19:33:46Z"
|
||||
enc: |-
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
hQIMA9qJIVK2WMV7AQ//UbLwI42i3PdIUgYhIVQlGcLzBIefxdr2JnFudwqa1GOW
|
||||
ASX46ZqIz+AUUxrmHARpeUZkeju66JbOvYane3LSSggBtgo7UVLIw4L98ag8Rj7P
|
||||
yNgaE4ugpjH0OJt7WTo9rjIHFiYcFMSRSLn6Jwr+ri5DSKwwUn7x4bPv2XKduo7W
|
||||
EKXuZ2GSMTvNqiXRhPXNuFapi7XGi06bfp8t0TkFBvBGQj4m8VRWBBqUXaehO9lB
|
||||
bX9wmJ9HCcTWbRHRKU72Q/rEa44Q2Kakkf+Nwcr2I7e9qrMyYIDIgs5NDY28eMUD
|
||||
e1Ieu1DIxy8uAKMTK9jDGB3/0+Tl3PLNorjjE0YFOGSgtzClJjbHH16Z+QaRIFL6
|
||||
4Yat+UxptHqla+eJVznBQ/V1Q5YHkFT5PstdnKWK4Qs9NnGw3rul+f9Q+VzOHhgf
|
||||
zUGg2yPxhrX+sIfTjqQFIMQgAChV/tonu2hjS8ul2v7y3B7udKuo8knCdohkUE1C
|
||||
I7PRg5HuO+bfLuIB8p7/u6S9D1ZLCgu4JfCU5hQSJNofJD0NuRUXtysw7sR+oyXB
|
||||
ti3QltJveCCduz7/Qmor2QrU8EvHguI/MTT6M7bhNjh9W/5M4gxyoSvQafHM825C
|
||||
gwM2BdTbZ4sRz4LRRtW9fUAlV+ILJZ56yhQVVdQ1CWwUQXxbu0caeBxnchdXDoDS
|
||||
XgHREHC7hYgOjrAJtC59DKUiugV+Mx7FY51/4pD6xvjUoYX2iRwrk1k0irVyqq4J
|
||||
d8xNX5/zYAyzKIzPrjOC1DKDVVveLbxDeRiVTMhZm+Buk5pP1f0s3H6EV4ydKQk=
|
||||
=ZMLo
|
||||
-----END PGP MESSAGE-----
|
||||
fp: 53B26AEDC08246715E15504B236B6291555E8401
|
||||
- created_at: "2024-04-15T19:33:46Z"
|
||||
enc: |-
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
hQIMA9XEenRNYVGHARAA1pYvIYefAJF95cIcB3tqOwMCWfCnpVa1Xp8HxxoJ1HMk
|
||||
i/IhIzK+Fg/nhF/Z90Zmr/YQNtojC4BQ3gSdU0mN0i9nuYRSK6rR86me9T4F+u+8
|
||||
pOJ9qfhBwaRkRPFEodfOaaaJmm6DJOOMwdb0lqB3vlaK5iW/nAi18YpaSEhPz3fL
|
||||
GXQ62ralUrGKGxrpm6nYGO5bGmOzuRIqraLsouFuOJkHVjMGWVDdbUs7g/0s46y6
|
||||
nJbJ4ihfDhNc+NNk9A0Iv+vZb2goKKjFah1Y/hOLOTZITDajP4jRSuvGvP1pMNmV
|
||||
BbBel2PvoPfGpFommG0QRtEmc9VfXy3TnuSOOrC0BZooDyLSb8HMt1cmeX9t4bOL
|
||||
lJLlD1/SzP6IGw+X2HmCakRCVW42NDWbOPuHj+YRSMsP95OEGSTVTSus2UJB33f3
|
||||
A6pbnc2NVDJpsNDZFrhajhrt2TH4dFBiWCKREGeDWxm6XJOXeLX9Zm1vVtM6HtYy
|
||||
9j47vB2T+GvTdnWXKbU1fL/x6jFWEwZJV0sXRp6HCez4pOt+Ki5wAN3/ZdEFaD8O
|
||||
LGgRm9Zui7qqx0lXQv3HIFOpGawhwroUl1BO4yec+wm+IpFW25f+TdhmxDIG7Js0
|
||||
TU3Vfj0hPnsRjwmmbm/mImtY0Bz5ch2VosV+9sqn2ehzFu7AifKi/yzu3kYcqs3S
|
||||
XgGLN8npMBxBg/cevoiAq9Qkn1RXhko2FhH9hxazTvjzdJ65UiUZ9suFfAXPOsMw
|
||||
i6l64MaF31TAVIpJaCPIjsx39NIsG7dn2oBhbpv+xc0W0xBsuzMj8spe5ToakEg=
|
||||
=/76w
|
||||
-----END PGP MESSAGE-----
|
||||
fp: 4B12EFA69166CA8C23FC47E49CD3A46248B660CA
|
||||
- created_at: "2024-04-15T19:33:46Z"
|
||||
enc: |-
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
hQEMA45bZkLXmBFpAQgAmkXZJVHiyEkgLimBwLLQf1zhxd90N9CfJDOt6WMO+3rc
|
||||
S78RCYhaQZyt5AEbX1VJZiqyJCrSItcoY6GNasSarYT1EWsbLGQ8XD3P46eGeMVP
|
||||
3clQqvt0hc7T3y+TZvjqTYDb7/ype77ELl7VyQRPqNI2e3VHcdvmziLJfTUniqoZ
|
||||
bc/fs2EKRz312WhzN568fqQMck4wdkGrip2sfusCvkxzSMmE6faC1OVacKXlIFLh
|
||||
RWK2nuzK3oEqS3Tak9CYBsF3mO7jBpMg6WOychiaSkqVeaMiBq0ztlBVDNewlwye
|
||||
WTM5AFgPFR0jX0R9nefoksxlw0wrrBQ4t67ymLnCydJeAcleGr35GpT9WT3ecFZu
|
||||
+A7aqU1b+t6rLUJVABtpsrEpYvKcRWimn+dZ3elw2b/n46XFN1isGFk+RalpDpDE
|
||||
b84B1kYvwYQatDuLeOYr72PttJZtqKp6FWny+jIGqA==
|
||||
=12or
|
||||
-----END PGP MESSAGE-----
|
||||
fp: A4B0F5A80C2E2448A97BEC25BB829C4DECA6CCB9
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.8.1
|
|
@ -1,9 +1,5 @@
|
|||
{ hostRegistry, config, pkgs, ... }:
|
||||
{ hostRegistry, pkgs, ... }:
|
||||
{
|
||||
microvm = {
|
||||
mem = 2048;
|
||||
vcpu = 8;
|
||||
};
|
||||
c3d2 = {
|
||||
deployment.server = "server10";
|
||||
hq.statistics.enable = true;
|
||||
|
@ -57,13 +53,6 @@
|
|||
'';
|
||||
};
|
||||
|
||||
heliwatch = {
|
||||
enable = true;
|
||||
jid = "astrobot@jabber.c3d2.de";
|
||||
passwordFile = config.sops.secrets."heliwatch/passwordFile".path;
|
||||
muc = "luftraum@chat.c3d2.de/Hubschraubereinsatz";
|
||||
};
|
||||
|
||||
nginx = {
|
||||
enable = true;
|
||||
virtualHosts."sdr.hq.c3d2.de" = {
|
||||
|
@ -95,8 +84,10 @@
|
|||
openwebrx.enable = true;
|
||||
};
|
||||
|
||||
sops = {
|
||||
defaultSopsFile = ./secrets.yaml;
|
||||
secrets."heliwatch/passwordFile".owner = "heliwatch";
|
||||
services.heliwatch = {
|
||||
enable = true;
|
||||
jid = "astrobot@jabber.c3d2.de";
|
||||
inherit (pkgs.mucbot) password;
|
||||
muc = "luftraum@chat.c3d2.de/Hubschraubereinsatz";
|
||||
};
|
||||
}
|
||||
|
|
|
@ -1,172 +0,0 @@
|
|||
restic:
|
||||
password: ENC[AES256_GCM,data:rF82Jo3uXFuTGfMNEkrWmJKTg4W0tSEp4RhWU91Us8E=,iv:6lNjPlSZoRhVNwhkiUUOyi9PyxsFCNeA6syNUPaJIa8=,tag:UTX8Vve6Zj3Un+A0uTihpg==,type:str]
|
||||
repositories:
|
||||
server9: ENC[AES256_GCM,data:ok/fhJJ7ABH6YfnP1o2DWpH8vbPwST8/7RwsASiQrWdkvyaC4jC4fAie1XofN8GcoC/55b56UbdnH8htdq2ulUVuIfsWHTUeVHbgIB60cum4+QfK/IxNBeV7J7A/7xjlubU=,iv:FAIZ+bhCojiQLVq8WTb/5NFkcV+kqcg6cxiv0wu1Dng=,tag:YB7OzI8jdYx0odqkTXGfFw==,type:str]
|
||||
heliwatch:
|
||||
passwordFile: ENC[AES256_GCM,data:RovkihQU9uq1Iw==,iv:GZ/NBBsEi4KUydyMDC8TrktWKa/nDUP4JU5M78v6Y5c=,tag:FySsAVsocDer0X5znGrF/A==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
azure_kv: []
|
||||
hc_vault: []
|
||||
age:
|
||||
- recipient: age1makkpv2t74lxmw0nk6m89nespva7j700pmt83pl5a4ldtj2k8fzqakw8h7
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqbTRwMU9jQStCUkRjZUpF
|
||||
Q2ZEbXlNR29Xa1JMT2t0emVPNWJvdGF2S0FRCjdZMEZLR2N1emVHZGpZdXZGZ1pC
|
||||
OEpFRWRpZkNCdndNa1BmSXRBOEI1WkkKLS0tIHo0UkxCS3pMbkQwNzFVK3prMFJX
|
||||
ZFlvRG5kY3EyNFU1eXNwNFl1TEZsa28KHxeUn3NhpMmMSNuY346+jDKNXWXKCMb1
|
||||
hFhUHtoCa/nMuRmtM00d9omcQ44p597qbRCfhMpgQpF8m1IiKDqX/w==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age12aukzah0pt2rck52hwn08kezyxueqz2f49ld7hpyuzmu847vavdqkunn5c
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB2UnVtMnovTTJ6QS9Odjl1
|
||||
K0YvZzV6bDBKckExMEJqWkhuV0FubzdqeWprCmZ0WEg5aHppaUd1REFsRWFiUmxT
|
||||
MUVRSHZmMjYxbERaSkd3ZVU3SHN0U1EKLS0tIGR0Qlp5ODd2VWJ0eUZ4QTRMc3JC
|
||||
T01GdFR0MWxwQkpuSjB3R21xdDZXR0UKGHXjDM1KiL8O+MV/TR0ZDTi14Aovklws
|
||||
qMIUH/4Sc8+HaMKGrwQYOzdUzLT+n4bsmYsz9H149y8MIpSxADsHJQ==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2024-04-13T02:21:09Z"
|
||||
mac: ENC[AES256_GCM,data:m0BfbJbOQG5odFNxEQcnNFqbvcoGRi1QWZSl0AomFK0efP2JgDQrOEcsp1+LsBbuO1e+zndSEekGhqCpdJf3ZEXitPJYLjHUdVpSnONAh5LIQpe4QqmbLsGq7KxP1iWm9IscUplQxiJy5xRkA1AbmqDnh1e8NS/5Fk0YBz3b++M=,iv:hoMP3yruykzI6WpmMu6sF6oamKM/bftJALd9+LD3ZUM=,tag:rJnYnIN5J1UoHBZyPHgW9g==,type:str]
|
||||
pgp:
|
||||
- created_at: "2023-12-11T23:40:37Z"
|
||||
enc: |-
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
hQIMA7zUOKwzpAE7AQ//Z+ifKYU3S8nr9iQmp+w7Gspm+tat05Ex9245u4vPMC6P
|
||||
NdD24qjXKDBX4fIhzD3pNNjKQUi46uKly10lrnQUgUJsb8tHHvlsY9OetnZSwhcb
|
||||
7agKpiKMZTR84U7MSO3acjeqTiqrJSULQt+K+9mGgWXLfCncAn9FrIfE55DZtgTa
|
||||
/XuCAaDzZD+eTbI5y0KsX6/oN5l0Hr5p6Z4+z8aUFtS0pL5fm1R6oZ1qQgKfw8z3
|
||||
X5jimY/HRLbJlgZ/t1uuiETlV8UkILtN/crlK4DKCyA1/USk3fmZErqGfZVS6SA6
|
||||
ySXBCtlRc0feTyABeCyk5B2ORdRDC+6u0U1ZKyIaRW6qSGwrYTa0lnPCEGQUQp8p
|
||||
OahfSGAuJ3I8/aBchBaUdI2SCOl+yLwGs0WNztKSAgT335MBtQ0QuxSZ2vZvfsEp
|
||||
iH4AYbuHxwhqkKmroBRi62h++alctquqCfr6XTXbaGCrrgg++WFHMaEryHkt8TAS
|
||||
T+lm+bmJMeXGsVWgYRr/I+hIeaxVmkJQDtlj92Fa6yDgRxlZ6B4rF5PfzCjRaSze
|
||||
gg9w3ROou0uKH+xksOw6+6jeRQUB/p/akAFXVx/Rir7oApgo+9VRE585WC/q6lRv
|
||||
NFvEJmT9TgyOIRFqNRoDk+lio3OxbhObvTP3WritujdDysNmZk4a0Im6VkwErabS
|
||||
XgHQqIW5UayP6U2vxWHtmhqmIfs7hE26X02J6TIqrSu+R7S1fTj/MY38H+LysPr7
|
||||
yjX7F2mDYXVRoSeYmLmbDRw6CST3EvC119hMElEJTWs34ghpubqgP8qVmW1vRAY=
|
||||
=ybnG
|
||||
-----END PGP MESSAGE-----
|
||||
fp: DD0998E6CDF294537FC604F991FA5E5BF9AA901C
|
||||
- created_at: "2023-12-11T23:40:37Z"
|
||||
enc: |-
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
hQIMA6j84+xkv3y7ARAAh77nk1QyKqwrDQ6kEuKxcL9o8BwXkORMW1tarWJQq4de
|
||||
3funtqw42K6N0mqNTiWdIOqZQw6x/mobzePljNleS/Cpa65X6NDgEKLTSSUB9WOL
|
||||
8YeOhgb06y1cDmVMKl3yj8HHkoIZy9ZezVcQE+FVk0v0WyediRXvVyIgqEn1e7KS
|
||||
oSOHgx5dyTGO4yFok/Bd3IjXImahMv+wkZvbQFOS6y5iBIhhWahf7HFyl8uRI61D
|
||||
ojeMYcWegF6U5mAioRj05WvWZSwpiMFzqNR/o/Ejh8TfSUge+F6giVCqmv/bZJI9
|
||||
e+lEQkU8M6W6dvCYSS0qlPjSVYC/xv+R2AU0tqwHO4jwLgvG6fKLJF8irtIy0Z/u
|
||||
RGrMUgw+GuFjCn7XclomncCiSJR4kjQRzCBe/LrnkohJoekY0kDvq3yBgpZeJ1vD
|
||||
eHRl/wiULPf5ZarIBgDgexIgaRenQWrgHFzjK+hdRjXGsAiNz435EUCeZ46Gi1vp
|
||||
/9uaTeXMX8VCVJrU+I5yWZZ61Hclh9miKumBPqTtkv8LRPrNu2T3aj939kHHxyLc
|
||||
3KK0BVw4iFzUiMppgA5a/u+hBfz7p5heLeNAKMqkXrvua5pBnJMmM2Bf9mAGZo0f
|
||||
50BunsSP4JJigEQYWqaVrvnXoC4WJdFrQDNmZjuG2oI2pc46eusQ2yoea0cbwKDS
|
||||
XgF8+hos7Lh0STEc0aLPIBSr1O7UUZvW3VA1hq4GeoIi4j0YDjEu9J9JKVerDdKU
|
||||
SfqAGoDqh44eOjAl//deH96DM7+1JOfbW15f7sgMpPiWvbsyA7xdd4KrFXQ2FHk=
|
||||
=dQcw
|
||||
-----END PGP MESSAGE-----
|
||||
fp: A5EE826D645DBE35F9B0993358512AE87A69900F
|
||||
- created_at: "2023-12-11T23:40:37Z"
|
||||
enc: |-
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
hQIMAwMCBBrc/JA6ARAAisYq4281veEQ++HVQxVMwWt7QV1gV++46HglDZrMRl/s
|
||||
CnL4pdJO5U4EuqI6UyN3fQVKryHrADW4x158U3DozAIDd3BPowEDNBvKIkcTWAK2
|
||||
mVhAVbocu8zO/mMFaoQIp/T0R4hOLGv9wLf3CYdh20sLpVo5EdL5VI0v4vBgGcRp
|
||||
2HESkED/mLzspYDvaqqmaMgsCVJYaYRgR1AEWRdlg1nX/btJcbDkJFPpqDhaP8s3
|
||||
BB0dMPwRipLUxtuypNrLs7tJBA6H4aHCDmfY7bo9PYJdT0RIx8f8roQPC8nTMNS+
|
||||
hutNQHFCSw0hv+qRqTJYReVOkUf6Tm4oQFiuatDp3L2X6iGtyELEewaO4a4Iu/8I
|
||||
tSXpVW5R2jFfOsZDKTwa92ujkFo9R+qzbvOVwRYDzzeWxENc7Wt52dEBL6uXbzU2
|
||||
Bo3nKRCD/u+H0w2g/fm7XBe8YwDJyVuAfi9GgepASddvOlDbmZFyPPt9AKIsSOCv
|
||||
o2SJGlE8u7xTFeoNdogVTHfBIHib5CjjWdD+2Wm3ID6ElTrBjmTOP9RQJ12BnRtJ
|
||||
EdFUbKhT/803oM1bw3/AxfkFBtb73AkJPnS91xoVNrH0npnVU1idHqAd71BC9iBt
|
||||
s4HATui1B3JDIHVfH4aFpinJZNdWzarUU4QeHVbZ3ijd3EkyjVUQIRrLe8iC/CLS
|
||||
lgFeN06Dy7FNP5KWqDZ4/rYg3RKd11TiyBXYmdNbwZ5LbWuI2EPLNG2S8cTtbf8S
|
||||
iG3UrG0tTPQrCauu0kGegS89iCWVl9rK1kYCr/ffgfDHoDG/gtDqExZI9dnoqIzt
|
||||
+U8p6Wgp91VlTG8X86ih8ZU+QbQ3C06jVEb5b6J6/rCfU68IE1lOFgliKTj871qO
|
||||
5NILCcUpWA==
|
||||
=RNJJ
|
||||
-----END PGP MESSAGE-----
|
||||
fp: 4F9F44A64CC2E438979329E1F122F05437696FCE
|
||||
- created_at: "2023-12-11T23:40:37Z"
|
||||
enc: |-
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
hQIMA/YLzOYaRIJJARAAthMLIosUSuxILN1pYxWaBhGrcoeqB45ysq79aXhJCAH0
|
||||
MsA7rNrtbdL6MwOEVsBa9OPuwrkf+chje8FICFfyn1SMESm3I+RSHcvSFfe+wYIW
|
||||
+dt3WGfmq4u4O3feH0wEzW/j8n9/lGgvUoy3dzPD4WzF1uBJx8JCrXDDo1dUDNTI
|
||||
DQlVfCOROrVX0hE4Ui2tBza6c7W4HByVHAdoQV94VUEj5bA1xPfjKaq0MUXIVm8i
|
||||
6d4T1VEjVSiBOHlsaLqzsjeSMfrLOFIluW5F7IVo4ndifC5B3WGxfTl5DV5IBMdg
|
||||
8wCy7q8wZSashr6DJSdqsa+FiIp/+jwYh9OkXr3YBt2S/xDpzYZmC5OhJDfvmwMP
|
||||
vHEo/TmgGf4lKV50oKsBrx7E5sguQMAW0dJxGQV26SidnWxSJIPtQa4UoiH8hkwW
|
||||
x4Ywlle+SZArilyGxLc6MUebIbGxDFnu3p82PuoB6LiQJarhealG8TRvcgDZ12/l
|
||||
UVOVEgH3N3lKII53nBqT4PttEwtycu88yUcT7jV4JvgLFHObWT4u9lvKHyf0MGqT
|
||||
MWAatTWmojLaAeQCLmnh24dd6eSQlARY4vABCl0LCTDPXRH7g10m6kYiHChJnksI
|
||||
N4NmI4I5Y72/uzN3XUHu4v2Uf0hd8fCOcfnbiwpdJK3wlVgreEKx4iBUvSDWkkrS
|
||||
XgFRMoHL0ken07S1k3Hd4p1xP0j37FCuWgkGkvSZY0sr7LfQ//n4D9NFVQ3PDwP5
|
||||
v39CKPxjMGEdLjMuHXbdWuN+2+muLnvQ0YSjBqkUBrqtAW/IBZ/fqIAj+OfBe7w=
|
||||
=TyGR
|
||||
-----END PGP MESSAGE-----
|
||||
fp: 91EBE87016391323642A6803B966009D57E69CC6
|
||||
- created_at: "2023-12-11T23:40:37Z"
|
||||
enc: |-
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
hQIMA9qJIVK2WMV7AQ//U4ohdw6nu7GjcEpIR2ZN9Zuv/krzzckpe0UAxoyy717v
|
||||
8kQeid+wK64B5aevu+T9EHLcxHsCjTwDF1OmNo51JNhGIhdWK1jojqtCsPywQpWT
|
||||
T8WB8OROfPtvN0AZcZulh4UGYoqB4nVN+ScyENCo/nTWJgbX19/XoPPJPZLav3uZ
|
||||
U+Jy4yo0EgHQ8/RMpnsosL+7Reu32oFehTSn9ct4Gh9n2YomRPSRewK6SmBbNSg0
|
||||
h+LgHwhWJQpSgqMqZiKz4xYmqO/Vj8i87aT0/5v9XizFtgtHl1DcxIx5M/c8K3u+
|
||||
FqU0SDyP7E38LRL3Z8ltH2wD4ZCcaNDVbeBvWwnkuo8O0/uKVptvpA8Qq4u+mKcj
|
||||
n+9YXgoGPfpgs7+Yz8oJ7+HQ5Rd4lvzSaJi/2MWz0lBeaaSljgMJPScXaIYYdwld
|
||||
hPzGOSakiq2iCvdM0RKlTnq4Z9TJOiaszWUfmwnYUaMasgODhAJ3+9J/hKb5gTLO
|
||||
uh/ZJb9wK0XSpXcAtLUqBAITkVlbvcJPmdmFtBn0o7F/9WubWORBNfqfqyoQy6ob
|
||||
HwobFHLFu6F+p8cdG9pLbs4978gMW4NbUWFJYYHagZLSyv0M+ziZhnTuLjf1CgjL
|
||||
+B/4OwK0QgQUqKuF8zWLA1To1Xq0DtLl9PLS7I9b700FnMG3nM933iQ/dQl64zfS
|
||||
XgFeGtE56O/eB2Bqf5X66rGejDoWqZYPyKFIEMYwji0CAeHBVyGsVIl+TzULq52b
|
||||
IEWB3QBfVHRLBxKWP0TQqzwYgwNxKMZ/TuqVc02aDgl/nxYyV/bJSvpmaxRzeXI=
|
||||
=Fr+U
|
||||
-----END PGP MESSAGE-----
|
||||
fp: 53B26AEDC08246715E15504B236B6291555E8401
|
||||
- created_at: "2023-12-11T23:40:37Z"
|
||||
enc: |-
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
hQIMA9XEenRNYVGHAQ/+LCGF/gd5KoGCemqd9NIvPYdkf/EVyAbC9z+lhN0SyzGi
|
||||
LDMSAxaOSC33sCL/b2QmFQOSAdi8hjitoLr8HY2HvfnBRACIcOyVfzC/2VgDXueW
|
||||
8359lQmKWM6pMdHsMCWQVU6fb1alXIxUH2sWgjSzz54cvyYTZIHGkeC3+KllrRGX
|
||||
mdiCC5oZ5861o5VmjKGtWw7PEDwwWQ2dn/AA1JaYl8kSzVRNRhm+7f84kM7ddHHF
|
||||
2WhFD7mMXAoX1wyu+efSSCN2KZIbq/TyAZDLalHXAH3YPsV8S/sZ9o2clqs9gl7R
|
||||
TsLQpVFogLFKs1jFEt5Yp2hZ2ilc/e78tZZ58xDRdyFaEd7HGYYuSw34lyTMUaFG
|
||||
u+3EiQU3sLkfwjb8HbWzna5wvpERhiMpKUTGVa89tHw2lJsHGtx4Q36nt9q1xKaB
|
||||
bKZdpe7WhofAWg8FM7UjPZT8/yR+GfpArBFKnx4b4wsImMYfyXXsTzSiJGv5QrQn
|
||||
i+gYK5ZtlkqKqvVjaJKd95tTXow7QMytMHvpWBuvSiDly0CeAfi9nGMy3ewOtWvJ
|
||||
2s2oTwpPQUBpIi9mEGo25AEJmk+vQFrFVBxMGT7rSpa5zGcYy6MzBWPqWkWrBa+X
|
||||
ucj1rTPGKoSigR3WNyamGZzh3yix3RZF9gNeIgVAavWZBwwDJXM75X68Fe1d69jS
|
||||
XgGvQ157jXgb6aGo8EX815gJCE+muINHjuSGmVL+cc1hXuLkte9CXt2to90+cNSu
|
||||
oc7PbW1Jchj3/cTXoVn5K5+/vlPTKjNak6fgHWbPqe3iKkWWJKzEUkN1/5aXfkk=
|
||||
=0DV6
|
||||
-----END PGP MESSAGE-----
|
||||
fp: 4B12EFA69166CA8C23FC47E49CD3A46248B660CA
|
||||
- created_at: "2023-12-11T23:40:37Z"
|
||||
enc: |-
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
hQEMA45bZkLXmBFpAQf/ZI5YUJbMHBmZOS1cEARAvapO8tltcnzuVGsF+Pt99P8l
|
||||
kxQcSYzEdR2zAMlM9m6bhz+/j70SO2a2tS77WuV8xXe0x7FfwJTG7M2aUadxuPXF
|
||||
AZkBFmDQXxBW6t82DJuiwEVrxQ+VwGz1jvpHc/fbYSda4MX2F+scoGRZTCt2x6ya
|
||||
zgF7sW+AiYtSAXVSD0NdD5aFrTCrKN/L4YJtyGaHyqO0f9if9vRsk9xv8s+c9vhk
|
||||
uniMe6D9t5JxYvk2VdwnwKaiXgLj7lmccV1NFE+e1ClBeUxnX5wiwkDjrEhuiRfu
|
||||
3lM/POENqV0qgU70tRS7+iQfai7dOWQSxq0Qh2wpPNJeATz0FKEdmygDX5Mr02v8
|
||||
PHBm0Ju25kTa+P6PLfbb2zVSgUEZMraBsJVt2Olrnxsksiq331QH28Cikx37wXoj
|
||||
l2UxUxYBohcgS7CiDVONueEchrHy6t7f10QzfNsojg==
|
||||
=NOne
|
||||
-----END PGP MESSAGE-----
|
||||
fp: A4B0F5A80C2E2448A97BEC25BB829C4DECA6CCB9
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.8.1
|
|
@ -1,4 +1,4 @@
|
|||
{ config, lib, options, pkgs, ... }:
|
||||
{ config, lib, pkgs, ... }:
|
||||
|
||||
{
|
||||
imports = [
|
||||
|
@ -8,19 +8,12 @@
|
|||
|
||||
c3d2 = {
|
||||
baremetal = true;
|
||||
deployment.microvmBaseZfsDataset = "server10-root/vm";
|
||||
deployment.microvmBaseZfsDataset = "server10/vm";
|
||||
hq.statistics.enable = true;
|
||||
};
|
||||
|
||||
boot = {
|
||||
initrd = {
|
||||
availableKernelModules = [ "e1000e" ];
|
||||
network = {
|
||||
enable = true;
|
||||
ssh.enable = true;
|
||||
};
|
||||
};
|
||||
loader.grub = lib.mkIf (!options?isoImage) {
|
||||
loader.grub = {
|
||||
enable = true;
|
||||
device = "/dev/sda";
|
||||
};
|
||||
|
@ -35,15 +28,6 @@
|
|||
};
|
||||
};
|
||||
|
||||
# NOTE: stop the raid with: mdadm --stop /dev/md127
|
||||
disko.disks = [ {
|
||||
device = "/dev/disk/by-id/ata-Samsung_SSD_860_EVO_1TB_S3Z9NB0M203733F";
|
||||
name = "root";
|
||||
partitionTableFormat = "msdos";
|
||||
withBoot = true;
|
||||
withLuks = true;
|
||||
} ];
|
||||
|
||||
networking = {
|
||||
hostName = "server10";
|
||||
# TODO: change that to something more random
|
||||
|
|
|
@ -5,76 +5,49 @@
|
|||
[ (modulesPath + "/installer/scan/not-detected.nix")
|
||||
];
|
||||
|
||||
boot.initrd.availableKernelModules = [ "ehci_pci" "ahci" "usb_storage" "usbhid" "sd_mod" ];
|
||||
boot.initrd.availableKernelModules = [ "uhci_hcd" "ehci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ];
|
||||
boot.initrd.kernelModules = [ ];
|
||||
boot.kernelModules = [ "kvm-intel" ];
|
||||
|
||||
boot.initrd.luks.devices."server10-root".device = "/dev/disk/by-uuid/b4904afe-22b3-4abe-bd53-049817c1332f";
|
||||
boot.extraModulePackages = [ ];
|
||||
boot.supportedFilesystems = [ "ext2" "zfs" ];
|
||||
boot.zfs.devNodes = "/dev/";
|
||||
|
||||
fileSystems."/" =
|
||||
{ device = "server10-root/root";
|
||||
{ device = "server10/nixos";
|
||||
fsType = "zfs";
|
||||
options = [ "zfsutil" ];
|
||||
};
|
||||
|
||||
fileSystems."/boot" =
|
||||
{ device = "/dev/disk/by-uuid/EB9B-15AA";
|
||||
fsType = "vfat";
|
||||
};
|
||||
|
||||
fileSystems."/etc" =
|
||||
{ device = "server10-root/data/etc";
|
||||
fsType = "zfs";
|
||||
options = [ "zfsutil" ];
|
||||
};
|
||||
|
||||
fileSystems."/home" =
|
||||
{ device = "server10-root/home";
|
||||
fsType = "zfs";
|
||||
options = [ "zfsutil" ];
|
||||
};
|
||||
|
||||
fileSystems."/nix" =
|
||||
{ device = "server10-root/nix";
|
||||
{ device = "server10/nixos/nix";
|
||||
fsType = "zfs";
|
||||
options = [ "zfsutil" ];
|
||||
};
|
||||
|
||||
fileSystems."/nix/store" =
|
||||
{ device = "server10-root/nix/store";
|
||||
fsType = "zfs";
|
||||
options = [ "zfsutil" ];
|
||||
};
|
||||
|
||||
fileSystems."/nix/var" =
|
||||
{ device = "server10-root/nix/var";
|
||||
{ device = "server10/nixos/nix/var";
|
||||
fsType = "zfs";
|
||||
options = [ "zfsutil" ];
|
||||
};
|
||||
|
||||
fileSystems."/var/backup" =
|
||||
{ device = "server10-root/data/backup";
|
||||
fileSystems."/nix/store" =
|
||||
{ device = "server10/nixos/nix/store";
|
||||
fsType = "zfs";
|
||||
options = [ "zfsutil" ];
|
||||
};
|
||||
|
||||
fileSystems."/var/lib" =
|
||||
{ device = "server10-root/data/lib";
|
||||
fileSystems."/var" =
|
||||
{ device = "server10/nixos/var";
|
||||
fsType = "zfs";
|
||||
options = [ "zfsutil" ];
|
||||
};
|
||||
|
||||
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
|
||||
# (the default) this is the recommended approach. When using systemd-networkd it's
|
||||
# still possible to use this option, but it's recommended to use it in conjunction
|
||||
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
|
||||
networking.useDHCP = lib.mkDefault true;
|
||||
# networking.interfaces.enp2s0f0.useDHCP = lib.mkDefault true;
|
||||
# networking.interfaces.enp2s0f1.useDHCP = lib.mkDefault true;
|
||||
# networking.interfaces.enp6s0f0.useDHCP = lib.mkDefault true;
|
||||
# networking.interfaces.enp6s0f1.useDHCP = lib.mkDefault true;
|
||||
# networking.interfaces.enp7s0f0.useDHCP = lib.mkDefault true;
|
||||
# networking.interfaces.enp7s0f1.useDHCP = lib.mkDefault true;
|
||||
fileSystems."/home" =
|
||||
{ device = "server10/home";
|
||||
fsType = "zfs";
|
||||
};
|
||||
|
||||
fileSystems."/boot" =
|
||||
{ device = "/dev/disk/by-uuid/b13a876b-2488-47a3-b9bd-3b03fbac6c85";
|
||||
fsType = "ext2";
|
||||
};
|
||||
|
||||
swapDevices = [ ];
|
||||
|
||||
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
|
||||
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
|
||||
}
|
||||
|
|
|
@ -4,7 +4,7 @@ let
|
|||
staging-data-hoarder.flakeref = "git+https://github.com/tlm-solutions/nix-config";
|
||||
tram-borzoi.flakeref = "git+file:///tmp/tlms-tram-borzoi";
|
||||
};
|
||||
realizeFlake = with pkgs; "${writeScriptBin "realize-flake" /* bash */ ''
|
||||
realizeFlake = with pkgs; "${writeScriptBin "realize-flake" ''
|
||||
#! ${runtimeShell} -e
|
||||
set -x
|
||||
NAME=$1
|
||||
|
@ -43,6 +43,7 @@ in
|
|||
microvm.autostart = builtins.attrNames microvms;
|
||||
|
||||
systemd.services = {
|
||||
|
||||
"microvm-update@" = {
|
||||
description = "Update MicroVMs automatically";
|
||||
after = [ "network-online.target" ];
|
||||
|
|
|
@ -1,4 +1,3 @@
|
|||
luks: ENC[AES256_GCM,data:oUwlNQPbCfGOY5nT9th4QhAlDwNXSDgKIyBAtZbPnH+6tqvPPS10AI7amwRgnLuJUwsE1+RzFHNA1poIlKrfjA==,iv:ivhIa2ufbgSpoPpJCC1eE8Tdaz2KeGeky/rUAyNJ5uE=,tag:zMdIbtMuAVmpeTrpxyXuXQ==,type:str]
|
||||
machine-id: ENC[AES256_GCM,data:Ix/XS0rRXZhWePe41VmMarJ39a/f1kjz2ZALwWGzKa4=,iv:36fENZzal9gR/3DD4CVDq3yMmLr0rxtbMKaRDGH1Kpc=,tag:M/UmDJD0obr2wh8AnjrMSA==,type:str]
|
||||
ceph:
|
||||
osd.4:
|
||||
|
@ -27,8 +26,8 @@ sops:
|
|||
TWp5Ym1YNUJVVXAzSXVqMzZQY09sdWcKc1Ke2iT6RYpMxhZF6eoxeuPK2CVCygy9
|
||||
uxrb+MMsUJJaybt7UKpMEgOhttCqfGPoh2lmXOOU8RKF8SgJilVuTg==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2024-04-15T22:22:52Z"
|
||||
mac: ENC[AES256_GCM,data:bVYN0wsSdHLKyv6Vu1HWjaI8NMqw9gbJg2KZfTbP3cjUbYpjnkyKXcDVRqX4NPhPNOxoyl/VMWYdv7DESyqkGUTFPQ/hf3LvTT/sjNVmn3wJ++bsR3QUGIbmftNvCKEFopa0L25giFK+15DEEsgcD49U++xwK1PR7+kh/YjTvYs=,iv:WCtDjc7r2dTCC9xjnY5HKXLLha3V061mB91l1vWUvsE=,tag:VmLKS4gBJfHivb8xKs395w==,type:str]
|
||||
lastmodified: "2023-01-07T00:22:48Z"
|
||||
mac: ENC[AES256_GCM,data:jaVrE7H3QO4+kvo7/rO6of8YnxGL67Ey2dIwfa3hpl2WDSwdmIOsav3F9BqTbYKw/MH8BeLb0skEosmoJY/991C8j2B5RNTiEIOJHVakxhRzo0vopBu33Q4C59/zOlwqqJEPRUvwhr5VizZ8HshUApOxpDbDBlBEZNXj1i2N2zM=,iv:emsmabR65nNVoKRBAJMneiIdkJIcL2g1aiV8m8PmMDY=,tag:cs3nrvcutdQUJE027wm/6Q==,type:str]
|
||||
pgp:
|
||||
- created_at: "2023-08-08T22:43:51Z"
|
||||
enc: |
|
||||
|
@ -168,4 +167,4 @@ sops:
|
|||
-----END PGP MESSAGE-----
|
||||
fp: DD0998E6CDF294537FC604F991FA5E5BF9AA901C
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.8.1
|
||||
version: 3.7.3
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
{ config, pkgs, ... }:
|
||||
{ config, lib, pkgs, ... }:
|
||||
|
||||
{
|
||||
imports = [
|
||||
|
@ -14,7 +14,7 @@
|
|||
boot = {
|
||||
loader.grub = {
|
||||
enable = true;
|
||||
device = "/dev/disk/by-id/wwn-0x600300570140a0c027cece63a99e8a65";
|
||||
device = "/dev/sdc";
|
||||
};
|
||||
kernelParams = [
|
||||
"preempt=none"
|
||||
|
@ -54,7 +54,7 @@
|
|||
locations = {
|
||||
"/archive".return = "307 /archive/";
|
||||
"/archive/" = {
|
||||
alias = "/tank/owncast-archive/";
|
||||
alias = "/tank/owncloud-archive/";
|
||||
extraConfig = ''
|
||||
fancyindex on;
|
||||
fancyindex_exact_size off;
|
||||
|
|
|
@ -27,61 +27,43 @@
|
|||
fileSystems."/tank" =
|
||||
{ device = "tank";
|
||||
fsType = "zfs";
|
||||
options = [ "zfsutil" "nofail" ];
|
||||
options = [ "zfsutil" ];
|
||||
};
|
||||
|
||||
fileSystems."/tank/poelzi" =
|
||||
{ device = "tank/poelzi";
|
||||
fsType = "zfs";
|
||||
options = [ "zfsutil" "nofail" ];
|
||||
options = [ "zfsutil" ];
|
||||
};
|
||||
|
||||
fileSystems."/tank/storage" =
|
||||
{ device = "tank/storage";
|
||||
fsType = "zfs";
|
||||
options = [ "zfsutil" "nofail" ];
|
||||
options = [ "zfsutil" ];
|
||||
};
|
||||
|
||||
fileSystems."/tank/backup_vms_ceph_migration" =
|
||||
{ device = "tank/backup_vms_ceph_migration";
|
||||
fsType = "zfs";
|
||||
options = [ "zfsutil" "nofail" ];
|
||||
options = [ "zfsutil" ];
|
||||
};
|
||||
|
||||
fileSystems."/tank/dump-dvb-iq-storage" =
|
||||
{ device = "tank/dump-dvb-iq-storage";
|
||||
fsType = "zfs";
|
||||
options = [ "zfsutil" "nofail" ];
|
||||
};
|
||||
|
||||
fileSystems."/tank/erisbert" =
|
||||
{ device = "tank/erisbert";
|
||||
fsType = "zfs";
|
||||
options = [ "zfsutil" "nofail" ];
|
||||
};
|
||||
|
||||
fileSystems."/tank/shits-and-giggles" =
|
||||
{ device = "tank/shits-and-giggles";
|
||||
fsType = "zfs";
|
||||
options = [ "zfsutil" "nofail" ];
|
||||
options = [ "zfsutil" ];
|
||||
};
|
||||
|
||||
fileSystems."/tank/storage/ftp" =
|
||||
{ device = "tank/storage/ftp";
|
||||
fsType = "zfs";
|
||||
options = [ "zfsutil" "nofail" ];
|
||||
};
|
||||
|
||||
fileSystems."/tank/storage/sshlog" =
|
||||
{ device = "tank/storage/sshlog";
|
||||
fsType = "zfs";
|
||||
options = [ "zfsutil" "nofail" ];
|
||||
options = [ "zfsutil" ];
|
||||
};
|
||||
|
||||
fileSystems."/tank/storage/stream" =
|
||||
{ device = "tank/storage/stream";
|
||||
fsType = "zfs";
|
||||
options = [ "zfsutil" "nofail" ];
|
||||
options = [ "zfsutil" ];
|
||||
};
|
||||
|
||||
swapDevices = [ ];
|
||||
|
|
|
@ -5,9 +5,9 @@ ceph:
|
|||
osd.7:
|
||||
keyfile: ENC[AES256_GCM,data:yUDQ8bwnK7a++XFAVRJscbIxuBsLgef9ueGG6qujWNUyrmAZGvCMdg==,iv:MuLAqz5vcM92IuHEC/OeexSmXMdVYiwZgoxunlM0GHs=,tag:pR/JXDJSF1px7dzelpySeg==,type:str]
|
||||
restic:
|
||||
password: ENC[AES256_GCM,data:vK2WSxJ6Vsd3WMbVm19x95WRQbdG/QvZxpyzVnPRKHTMRkqFPyA9y4sHNz4LrQZFziQDE0b7TidyNMo0USoBLaWe5GKbQoeevnlQC6Etkbn6/O7hIu187RTzNRcvPD/58mu5LFE7Ng65NsuO5OUBv7g3mLjCiA1j/e3piM3U2SJmKwyQ+Af2UE5oXEtz/KcgCA8NfgOJUikbXMJy6uyl6MLdWZvmwrmwAdhuO9ePljXQpZ/BX3ZvUPSzv/Y5e+sniy1H+9+qYg3ZbJ5MSGeyPLwhR8JvIqISxzQeBDZX42dHwel7cZQ5ZNOJx8SmpFTB4u6mZRvt64kSjsPuMNQ0fixH6xUpQKAYLw5DRe0N+KPIlIxLMwKgV+wV8wyC2/KZb9MHnsiYqDLHwv+Y4vzZy4y4v89W2xSTcVIU/Q1wHTxmxrQsoBqgrPHTD14YxZ49p6CEYSOR3gfztClKGUY0DMFKQoCgGKoe3mL9qVcRZDTLdqOg6l0cHmfW2RzW8+b5Q+u8ggV8Z2j9BBzsjBPbAZSY4/khSqnIswoWTC/xN9mebk3ja5fIqFpt9hAM3OO0M8TbZRiDY2oHoh3f7K7SnX9rvdipip/lE9bw4eHcJ/ydolpZS2bb6zrGBu0E7DVF3itsOHBYnwNXexQLxQx85SDux/nQ8zk3SLBhRESamsqGQjNSMOUKqp83AHMoqT928ouq7c6vkOYE8stT3cNdikct6YWW870hb3qEV8AcKeUlo8dviMHVWSdXwRQ0Pjppm5Z+isXSzg3Z2HDpAhDfZHuNnh/TOBAIa9AjJxIccmI5anNeTF9ll3PGEPXUWvUbQGPHpstP/BRa3u9B0Wie0ZBmt6/pFHGSnPPerjdR9YViVj9OZ7iobMoSPhiJBJ09D9MX3H09KqaPgVyeNdjov+K8qbQ47AzN1shxltY6oKwHD6mBKEKVE51nev245fK22sTd1rPboenrWcBgS+8SIBmp2JxLeKk0AQ1kUIMQkwPZZhFGDREeLnYtc1+P9+mBjsy+FUAt4SkhLnBoR2jkMsT362XcptLgHoTJwgbV967u2cRPClLMromve7Uaj2NnRXtA2UdZNKxMat3km5xuAXOulzk4x7XsDaiNXJOpIQG56I8g8WH4sZxaB8dIV7s4nxIBuDuu7CXeTxKgfmfCU54M4LKvQkHBdF0eUTUEjTIqSobUDjAPfcOpJvrj/hoP1z8IqVi5gT0ZK2ndxWqh+3cNpfKrT3R8olHFuEkRA+Uh2NIggF7g,iv:T23GpbDj1OEV8PTMmswLM1EvD0z//MkhLAtXLw5q7hM=,tag:o/RXrQnXbAPzgFP7fzfqow==,type:str]
|
||||
password: ENC[AES256_GCM,data:t69DwikgQ4DpqVzJf/zmrTbEQZcgoOIG5w5It9Dr2FBY8DAhZbmYQi/qizVpXHio6wwIbahwqhR/urWAUUrQ6S/3B6+b9112PAWg/cTJr5kXqqin9WjzDk7Ak6baWCVaMM90VYhP/E2jF9f8bQPVpuHPwhcoYU4FeNjS1ieqP1j73DKdD3tpLjuaCJilOvbTAw0zXbb4qf2Tt3+d2AObvM5p/r0k9vXFxxq1rBjcQVU9gEm6x4KukYGzlkHI1S+BL/Xb/RPCtu6PcBZseuBzuxrLDDAgEE/asu0cwQsp1QGnXCA8kR7PcIthGYstzwL9laUc5rKSVFiWS+DYjYRFBWtFtfr7Q0n4VlQejR6DEplUu6nBkRlijh1xjw6Tt+XTG1xMFJncDenvnTqg+FzpZidpGt0uCX2BcOPleoU7LhO7AVJHglV9m1KxlaCBaKzfbwsKcRK/QV9oq5K+JQ+5gRb8IpEvRzfhBBVaqaFqovFNMv9ig6w4KSfC1ewUwv888eJPcOaui6HF8f3tlWqFs7G/qdGMLOmUOJtridTCsu74+uoVY38cXOFrjy+bTbFoATziDpi6hBCzkH4mRkcCdnwF7DNbIHI0zDLK7vTTNJIUh1gdWaNI+e5+OOhVcV2jFr7I1Iazkmhu9z9h97ZvfIULf1KmDUYX+VMtOKIydO70MCBXQ9qdYmtbZLObH4DRhhllom8t4bi+IUpfo+khHlJvLHiNlMcGyUKHv1uERDFoCCh671jUFywUgscP93vR7Ben3RjqLQGvtCHY0v0hsgWQnxzuN/y9k/8IEP2QOiged50nuHE1J/js8LdYNO/j+JYy5Bw1zMlkeQrbr+rVCRMn6IPGSsYiMA8Jjsz/BqFrGqbHQvOBbUFmYyVm7xmMt79+fi5F/BnrF9NCkZmZFfni20fktclxBbQp37QXiJ4cBzWrukNbe7l4fHhqNGJvs7MDkl7y37acdLcdQY7XvgXFEZCb5b8qATbh7wBF60Mo/q8nMWPovLwpjhYuMsZWMWvfHeC2AuaKsUY3MVGKhwcn/gRd9vzWsjBxsCMKTaFoikPnGIt0Z8jK7XjabUd049yak0WwPt//a831EF/T1w==,iv:GxU7Cw9NW91e+HqhbhvPjkc6iKo3xYFrkVFvpliGWt8=,tag:WWwzq3xsPlMcRzYCJmmEUA==,type:str]
|
||||
#ENC[AES256_GCM,data:PHm96Uz+irAo1jFg8CISWCkQNnXwmCDjBMcMFF0wl513tYYbUvLgxFXqiEDvQZlG9HTB,iv:QK9amqrVzWqzeYhELFWMpoo67uTNfouqMKK0/9Cd4+A=,tag:Y2Ds/bEz/L3FN8C4aq/Trw==,type:comment]
|
||||
htpasswd: ENC[AES256_GCM,data:HLRSktWJK7w8YZDom2M1O5oKkkgTYUwKthqb45sFpt1IT5+33SEjf1JTzS9cAg0BvmrG3aHCc9zqLG0nY0Nwf/JhoqlN4W4BQAuSWRwAw3P7aFe5Kp/Qcy9mxDPDgqRZ0t6H3FP+DIeuU5Jtz8eOxlEU7ak6z6HWd1kWiFpGXnmrvVaQfoylaGDy9Hx5or46DNCKbs2PLxq2jyNqoqjcYVWQyqoJeMrJvKpYPCZtPbP7fkKbFEt6LpJYHd/1veVcj42uQ1kJEA+CH05Ir3ag2VBJ9QCaE8lCK1lMdI1tSOsOFLYPF2vgJq/ePlIP8sYda2FNZOe0kzjfFSZsuLLUwX1+YvbCYUHG0J25dnOmeKabXTy2kSYFLHpKVDMX+fotCeB3Rts64B/HGUmxmbS6Igg0mxMyyVSfQgLyZDD1hLw1DOlkYqg7WBMtA07k6WZToAqXWwUI7xz+1Y6fZeSfObGsGyVQeyfYtvbqczKqITnJJGs7d/aqyrYx0Au7qmBZPWQle7ClT9KaVev/HAMj6pnOsHkruG9BQDRQ73fHF5VwkFZO+pWJdnRsNMBjJSC5baL7FbqTnl/TIhTJuq1WjTQ6rhEnj6ccIU5qGBkzz42uDbC9iom6712aE8wFtqU1Qg/5qJX1CMuXCgJQzsEgKTJoVMI9jR/JOU+eXPtBtRD9tXLEE6sZehSikW+SwaSCJxKk583r6u8px/CRjgrJgiwShs0IuSnFLDnTt1Q544pdjQrmievV2dVNupo/zsr3D6aMqoJOUH1u75qKmI8Bnls9ZhjU6iX+/wu5/YS3i2vIzS9HPBTMasfy3yHwrm0IxGavvrk0IEkDetM4dHSg7lg/I7STAknEqJB8soWVfh+B3DZPoqIDAoBQIohaNook3pHQVkZXdcgLBVYWifdnsYAunLQOI21U+CIpSkIkEY4Ao2QSIdolaSXBgxUf9lyJVJYUZjq2uHZorhTr9u1m/8itp3t/R5IlgYhz8LriZgFT39gTTiKvHmHzN975G+jNtjUpcBxb/WdcffTMc6rBOzaWbpDhfOSH9AaZLBSMRsDMGJDeSoiAMAWD6lBtjWvq/CJfIyTtqEC9OaeRb4z0iyClENT7VDp+eL+lTBjwoA2UR4ouiVQhFbp+uRiOCxfbRPYi1yNOHM86D503XmzP+vlOUWeP8PW5GyOd9UwlNNmC6EUnS5oN973GmkMqqTb5kbvDd0WaYkgPQI60S3gKLCSKzZe9Vc2YR12TApG8jGPoCf538/U4fPrI98j/bmuQ+K94befQpKGuUDDXqI3dpT9Z+b4gLDEjYZV3mhoMZXM2/oZQ1i4fl4Xm6VkndsXoZ/CaMcDQ2XzYFITy+wg6y6Jqzg5k76HpZp+YgX2PEeBKaz6hGOkj7icOdJzbob6WhVZz8ju6F6ZBRyVJ2dlSjVZQYq9Lq7sJryxqhilu7SDseZQ3om+hrxR9vLqMeqZNuHEBAZk47z1TxJThYojL4JxbVFxD2gFmtJ+ddtirzlHb5zAIJm9GTkNwV/BcI7LKRHgYyjbGwtclVFh5G/Hj7DKFl9ky1Vf8OJFPRht1an6HFRap3b3++6ovO2KCpFKz1+V2ItD9/674jgBQIS3Bw4JHgLo35iqD93cFzytk9uj9rrE1o0NT3tD4mCDn8CL9fYgv1bveEsTd4ZTQTX9tPDnoGcnSbaVsgrmCiL5D1s3nb4few7wFp7ZomCt7af1SwZUTy0ZSbK3QJAfcbIhSPIlhe6qo2ac5YSiuOTfw4dOuCZ9eeFGTbG7cNIVj4Uk2WTBPr+1Fnuw/u55ZMZwyxAU1jpwgYfyybHYp8T0uBbAMYFppe2H0Q29P1F7Lq9DHKls6AvCZkqzyU1aZbarZrHq2Y3HWO2VzFSG6ZtGZaPY+B2cg7vxVKUpIYjczSCAt/0njKYfyJeFmDGSHmzxQwnODYaI3iCNa7wjGsZ0Vhmqwy36NMwxRPAZfEZpUi+ZKGm8G08i6Pf5MVLUlH9g8MXE53VbnwNTXjZCDB5T7CRDGBComWTXJoqmMopPZS/8S45Cte2YcqwvbcJYI1MyqzPOv4PYqur6Ehh3jQt5LBMhw49tiaccon7LQV6C3Q+emq5HfLF8aRUibvFA=,iv:JdMbWgSVyMsryaPRPI3mmzPB/lwsKzTqpuMH6zF4Hmg=,tag:bWKh3uY4+1q5sep8nkMXNA==,type:str]
|
||||
htpasswd: ENC[AES256_GCM,data:qlGvRx57fgNXeUPrm1aTm+swpn0neptF58rIwXeh5aQy6819+6PkS48Q1gPaJwpR3hGdOSIegRqC6NKWorvXHUZYykE8RXl1N5KsgKzO0Heg+PN/Muxbc0j5Y6/UZH5zCoMFWiUPfCLB2QT/COgpuy8QCjRJvukCiu1qKPcmoshsuzCjASTTfpTBolDCZX9KkwtzzAdmYco9MNS6/o2uBK055OTHVBuEicFARL9laHWDqwUB+RP8uVRMN9qRTZe2s11cddJ6PzJpJWA03/AtCnTeaM4nEqcel91WSCX+JD/DcqMZVpeuMVbhKwcvhxtbKoJwlEjw6ec7A2GWpQL8KM4bvJ2NosdAgn+JAqrodxgkNzdzALPSCW6/aea8rinBLpela6F1c5Ef1LzcUPkw60pfPlDWffTzcLrufaMbs2e7dSuO7s/ut0lnHq95CVcbcOwQ+HpTk8+qJKcR12u70zYTH5BSD8CMmg+j7NLo/9cLM3Sv5NIQhhQhgUSvzIH0ZQ+gEh+e9IrTiXjFUzHrcdhZxfJ5D/E4ZE7twgeK0eutVa8oX6K+A4xQZqKY+RmnjRdkXPnZuWvR5pacTHQzSLwlRRSIckew5MYveEjzNRHJx4mUV32+OIs1hORNmGQIWoDrSXz6ljNWlLo71IA3o3eXkQV3MhPtnMyoVD5FwK8xldTk0hRqrTtTd04ZlJb+tD5coNQ06ZrtU5KK+XSRnqAcTm7HYUayBjRvIdaVuM7h2v7G2MPgU28Y/1kPTFGmDf1hSzLaeEBw3Hq5B75ti78iiMCSNLyZftm36Q9OYa9HxkoLey7gZjWGHcMojpcO+LG8mUdTdhbGdH8qGEsT3Apz0TTI0GXndtIJ+I3OigwI2nv1+DtWKSxhxxWcbj78PUK6aOI8Otmz4Dz9dr1l0gJerQAwjLfyCEPiYOIMXZbeYaWuWoCReMdRNN4+HU45bbc+0yQa43c8vuhz9Hgs6Y01U/nOKRy8mZeTAk2TpsULt95M3epLrkwG3kXDXY3istIdKdeTh2JowsXvx4MwPPzqtt4ippMF/B2jeObc2yn2e4AM7tU8Ax84USXRRz+DSzLB7vcU//1sZ2ESc74fShTyShP3XbC2joZkn9x4yHiX76nfUiYjbKPy+m0+1hEgFm5mYUr43LqyeCIQCkIQWzrR9lUAg7JNO2HSoQkYaYha8j0PgjLKcwS+KuEiMmfYqtt5EHXgVleqvUSd12Us0lRfDZ8d9q07fU/syn7OLPuBB5nfBVDnASlJU6x7W06obyNuw+Qo4G5KvATJXBUyyUQ1zpEuHgXTGaOB1jCQrBuZ/+jf6ruOWFmv/W7++pHwi3jYimtIIq8eTahQ2rviP9uIxVEZibfhy2dUZ4RltHvO8gLQpb1kPJPRqT5BSEz60IPG6G10LHawuqwe44wVVJGUeVWocmsuLSd0MPDiGFwM+uOJXC1THMzi4wO+233hfEheJFiM0U3hepPYVERBuDs0zXevcGLGJfExa3TiVz0vbUq/zyH1xIovIQk5hd44vagcW8c+6oh7bGwIv6VlChc/CD5F10LtV+5qRDD6e+lxN2GS5PsPa+dr2vfTFJlqnLi19XmeybakXndvBzGxVQlpQM5ROa7eCx0l4Cw966qdvZehOnKw5ShQEjZ8E68y4zk65pp7I79VADnZAhe4EVAWhNPPGsVkql445VMZehCYokMuAwF8w1YHli+3jV+eNxCNUFmeN4YUADEszfdsJhzQJQfu0YTzlKQvOh+s4E7f8XPMBBloN8eV41kwhNal3An2jN3VikEyuUY96LpQ+bAS7fTlSrBIeAKYAtMzSqChnc6UZVDnkkmVldsoWvVn,iv:S9atTZFn5WEM1V7RU3MgPf+UvQUVwBpajZ+zkt+Jc84=,tag:GFldR/bV+yQG6ZcQey9K2Q==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
|
@ -32,8 +32,8 @@ sops:
|
|||
cjNaNGNGNVRFU0VCYUp2V3RrY3JHM0UKHyu9ugwq1UJc01UXNKTp16R8mZCs1cSn
|
||||
kpCNZTBID4lWHTV5lCJ1qtgS5zzjZTzIBm0l7XiwPXBXXhxe9YL9Lw==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2024-04-27T21:55:28Z"
|
||||
mac: ENC[AES256_GCM,data:4ruLaXYc2DeS5Oid8UM3cux9sEfIZUqnMP2f9kDTbeiiycBNf16HZucWJ1O+PtjZoPNztPpwwKRCGk6GKT/Fxq9VHf7l40jZipJVpLGTF2CSAMmz0oVSgGZwegnVcE1yj1r1YJYCBzPsAPNWcRbib6GCIlXC4b+9IJDFW/j9WCc=,iv:pF5vkcNd8xd5xujXXJuQcW7ZKUd/ZYjSsVZvG9b3Fq8=,tag:lySjx22Cb60lSeKCIw1J+Q==,type:str]
|
||||
lastmodified: "2023-11-14T01:34:19Z"
|
||||
mac: ENC[AES256_GCM,data:RyhLgw6/+f7M0oPZmcfvE1cdStsNzKRAq9p+1HMtPZ2nHPr5CyjuiyjGXK1slfXoA2rBb9fo0E+KlcnglP9d6CKnIku9gpNYypXVsitW8StoydE+BB0I7V2aTd7SeBT6fy2nQu+Rt3HqTOc1KTO9JJSNVRb245xAt8QoIHEiV7I=,iv:Vg8Ro4KVDmgjYyXx18jIqj7t/C3BAfgzmjRVPfR4hZc=,tag:69c7gqwhdmHAi6MWBXVohg==,type:str]
|
||||
pgp:
|
||||
- created_at: "2023-08-08T22:43:55Z"
|
||||
enc: |
|
||||
|
|
|
@ -145,6 +145,10 @@
|
|||
url = "https://gaertjen.de/kalender/?ical=1";
|
||||
color = "#3FDFAF";
|
||||
};
|
||||
klimacamp-dresden = {
|
||||
url = "https://spaceboyz.net/~astro/KlimacampDresden.ics";
|
||||
color = "#7B996A";
|
||||
};
|
||||
gefilte-fest-dresden = {
|
||||
url = "http://gefilte-fest-dresden.de/feed/my-calendar-google/";
|
||||
color = "#4B693A";
|
||||
|
@ -337,10 +341,6 @@
|
|||
url = "https://talks.datenspuren.de/ds23/schedule/export/schedule.ics";
|
||||
color = "#DFDF2F";
|
||||
};
|
||||
terminal-digital = {
|
||||
url = "https://terminal.digital/?ical=1";
|
||||
color = "#8787c4";
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
|
|
|
@ -1,107 +0,0 @@
|
|||
{ config, pkgs, ... }:
|
||||
|
||||
{
|
||||
c3d2 = {
|
||||
deployment.server = "server10";
|
||||
hq.sendmail = true;
|
||||
};
|
||||
|
||||
networking.hostName = "vaultwarden";
|
||||
|
||||
services = {
|
||||
backup = {
|
||||
enable = true;
|
||||
paths = [ "/var/lib/vaultwarden/" ];
|
||||
exclude = [
|
||||
"/var/lib/vaultwarden/icon_cache/"
|
||||
"/var/lib/vaultwarden/tmp/"
|
||||
];
|
||||
};
|
||||
|
||||
bitwarden-directory-connector-cli = {
|
||||
enable = true;
|
||||
inherit (config.services.vaultwarden) domain;
|
||||
ldap = {
|
||||
ad = false;
|
||||
hostname = "auth.c3d2.de";
|
||||
port = 636;
|
||||
rootPath = "dc=c3d2,dc=de";
|
||||
ssl = true;
|
||||
startTls = false;
|
||||
username = "uid=search,ou=users,dc=c3d2,dc=de";
|
||||
};
|
||||
secrets = {
|
||||
bitwarden = {
|
||||
client_path_id = config.sops.secrets."bwdc/client-id".path;
|
||||
client_path_secret = config.sops.secrets."bwdc/client-secret".path;
|
||||
};
|
||||
ldap = config.sops.secrets."bwdc/ldap-password".path;
|
||||
};
|
||||
sync = {
|
||||
creationDateAttribute = "";
|
||||
groups = true;
|
||||
groupFilter = "(cn=vaultwarden-*)";
|
||||
groupNameAttribute = "cn";
|
||||
groupObjectClass = "groupOfNames";
|
||||
groupPath = "ou=groups";
|
||||
largeImport = false;
|
||||
memberAttribute = "member";
|
||||
overwriteExisting = false;
|
||||
removeDisabled = true;
|
||||
revisionDateAttribute = "";
|
||||
useEmailPrefixSuffix = false;
|
||||
userEmailAttribute = "mail";
|
||||
userFilter = "(isMemberOf=cn=vaultwarden-users,ou=groups,dc=c3d2,dc=de)";
|
||||
userObjectClass = "person";
|
||||
userPath = "ou=users";
|
||||
users = true;
|
||||
};
|
||||
};
|
||||
|
||||
nginx = {
|
||||
enable = true;
|
||||
virtualHosts."vaultwarden.c3d2.de" = {
|
||||
forceSSL = true;
|
||||
enableACME = true;
|
||||
};
|
||||
};
|
||||
|
||||
portunus.addToHosts = true;
|
||||
|
||||
postgresql = {
|
||||
package = pkgs.postgresql_16;
|
||||
upgrade.stopServices = [ "vaultwarden" ];
|
||||
};
|
||||
|
||||
vaultwarden = {
|
||||
enable = true;
|
||||
config = {
|
||||
PUSH_ENABLED = true;
|
||||
PUSH_IDENTITY_URI = "https://identity.bitwarden.eu";
|
||||
PUSH_RELAY_URI = "https://push.bitwarden.eu";
|
||||
SENDMAIL_COMMAND = "/run/wrappers/bin/sendmail";
|
||||
SMTP_DEBUG = false;
|
||||
SMTP_FROM = "noreply@c3d2.de";
|
||||
SMTP_FROM_NAME = "Vaultwarden";
|
||||
SHOW_PASSWORD_HINT = false;
|
||||
SIGNUPS_ALLOWED = false;
|
||||
USE_SENDMAIL = true;
|
||||
};
|
||||
dbBackend = "postgresql";
|
||||
domain = "vaultwarden.c3d2.de";
|
||||
environmentFile = config.sops.secrets."vaultwarden/environment".path;
|
||||
};
|
||||
};
|
||||
|
||||
sops = {
|
||||
defaultSopsFile = ./secrets.yaml;
|
||||
secrets = {
|
||||
"bwdc/client-id".owner = "bwdc";
|
||||
"bwdc/client-secret".owner = "bwdc";
|
||||
"bwdc/ldap-password".owner = "bwdc";
|
||||
"vaultwarden/environment".owner = "vaultwarden";
|
||||
};
|
||||
};
|
||||
|
||||
system.stateVersion = "23.11";
|
||||
}
|
|
@ -1,176 +0,0 @@
|
|||
bwdc:
|
||||
client-id: ENC[AES256_GCM,data:pFDg11xfXbx/X40z7Rs9Ps35GuK9ncBbB25VYZJMaRyv17fCbMaVJmnvlnFZOkVidg==,iv:SG7QcH/QHJtEAd6eHzakMIHVs5W6EiaPNsh+G9Zku9A=,tag:ZEL1UGJy9lR9himlbGpSoA==,type:str]
|
||||
client-secret: ENC[AES256_GCM,data:41ivEval7TegKbYl+Bla2Dgs2h+P1kTBKUr39qPD,iv:BvsO1GcwGbhYCN92yjSFMZiIhX7s3KlrGd0mJEXN1hA=,tag:G2EbHWjz2N5cqOM9MWqStQ==,type:str]
|
||||
ldap-password: ENC[AES256_GCM,data:DXVH3RNBH+1OguL/yAFPvFUoU1EocEi4TQBT5qVFBF4=,iv:A7IPtApfow+0mWTpNSsZVPWzBw7WjvN4NEAgn9Q8cvY=,tag:7VcvkOjpaDfdPF6fyBbZiQ==,type:str]
|
||||
restic:
|
||||
password: ENC[AES256_GCM,data:3t8PjT9cOsv4D6rhRwFSyehsQzofXaXqt/EXK7FiBPg=,iv:HlyNiUsmlma47BhNvLeuew4lx4uldDqL/O8fIsSFOPU=,tag:LBDt+WTU2+z+LfWQ8hqoIw==,type:str]
|
||||
repositories:
|
||||
server9: ENC[AES256_GCM,data:bU7kWorWJkUuyjJobONcif/bBhTRX1zxNI+ZjUAXos5pzpiTEMe+VrLtDPusH3Qi+tTB/kqHreb2z0o/P78pow5RjcShawWPVPqTi9DqDmM+AujI0MPW11NVf4OAnoXzkWIUGiB0lEsPEIwt,iv:nqRtZB9/XAV37Ji3t5LUvS7B5v3EnCwFM33peRe2ytA=,tag:8D6Gukx6xwaCUyEQZrpiwg==,type:str]
|
||||
vaultwarden:
|
||||
environment: ENC[AES256_GCM,data:LdFZlwHkw4VTBvvO8gXcSD1I0AHBVQznDME1FSbofB5WrtfKH3Bu2Kh9NsB9O94QgPolQewHgmdxVPM0OG3Gl+xC1uv8/+sof6U7xiwiJbVE/SRy9urm8/oNh0T3Br1+C+/326Wnn9+yq1ssX9RAFQkq+YVLUCgq09Janbr/RF3VddMEZjhtl6JvbFKb3wNI4wv1E7BTfehThkGykZXlKKPw5EYxynrKZ7IUsrS+Fk30RS+FRpX3NBlCNnR8kil2hlG85EwHRM1+DaB8WFQ386mEHbS+ak5C2lxtU8yx3WnBlI7mC/BVp+aXoP6Pau/Bk9m1/bsZ3oorS2aFO/UumFlr8GDvw3ajbj3vYhMoVqfpWlq8v+JiH2kaHmzTKMJ4csg5ip9mulgMtRlqgwl/qKluTaqC2G6MftnumrOreex0huH+KRAAcZHHzvS1G7VKWFGb5bg=,iv:8EXDbhA76N6Ml+JOD0fCHhUINlDntWIxLrvt+4rZ4pY=,tag:yEvo70FfwifefoCbiMx7yQ==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
azure_kv: []
|
||||
hc_vault: []
|
||||
age:
|
||||
- recipient: age1xs22728ltpl3yh8hzvwt4g3gk8uc32lg8cqh86fp5d8c2jlvp3gshmejun
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB0cGdRV2RFTlA4cUJ2aGJr
|
||||
Rnp5TWJlMDFBVEZYWXBBVnVnVktVbXBzbEg4CnFwU2pIT2diUEZqWWl3L1FSME85
|
||||
ejM2bkI4ckN3cFY2eE9HZTdFTXBDVzQKLS0tIFRhei82Z2hNeitraytKR0tvbHMx
|
||||
N3FoUmorc2JSWThaMU40TXBxeG5xeUEKLz+AkDz4oFSB0YND8N0PAvKJ2Cl2hE2S
|
||||
zJ6t30pNNPjsJFBEOtVW6yhLBIRGwZdOiAzI3MfxxOVNSGSbZxVc3g==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age12aukzah0pt2rck52hwn08kezyxueqz2f49ld7hpyuzmu847vavdqkunn5c
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4V0dxMFgxSkVuZ2VJNng0
|
||||
WmpWbTNNdExrdGtiZkNVOXdZeFExR0hUb25VClNmSllBb0pNNkFLTzBTM09Ba1k3
|
||||
VGlTSHpFWFk2RkdtbVRsTXd0UmM5cUkKLS0tIEwyODd1cGFrcStFTDdPM3ozR01H
|
||||
YVljODQybmFBaENvdlZtcGJNaXdyWjAK7TenBrprqo++EzurqXqatEJncCU5g0JH
|
||||
9aUpNebhTuauCJQcObj89tjx0EKuafe7Nn2wgiV3hNPIGa4+YXnsSw==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2023-12-25T19:09:35Z"
|
||||
mac: ENC[AES256_GCM,data:rsQw8nYs78jCTKWHhwOuU8d3SS2pCnKpCo6U3RpWCGIdKMFq8QGBgarycAZgxbGc9ErEct4K4XhZ0pcX5qJgRFPE6YhDuRnKm/kQkmgXe63wPncQhUUq0U3P9q/G1Hs3uJbMyWgnjQQ2Vo8sv9mTbseS8ettbuJUNjK6mnblzIM=,iv:476qCdupCylLCvd9tb+VIDtbbqlw1Z/tezQh/d4jjIo=,tag:azw4aUqFD6zszCCYAny/KA==,type:str]
|
||||
pgp:
|
||||
- created_at: "2023-12-20T20:48:53Z"
|
||||
enc: |-
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
hQIMA7zUOKwzpAE7AQ/+IRfyl1VjFVpsr4Rwkv0kibZdnxqvSpr5sCErUvrPoJdK
|
||||
yVWEO+Ps7z5G7WpWwOnGKeWqpXjTqhVps34R3/RPMy+4zL9a3izGa0zKGvrJTNma
|
||||
b7clOH71InPPp5RQDxyox0StM3Wwk5ItrelfGWSJxfJCxNkKjfhtrsya1bJf6zmo
|
||||
/KkIlKWMYoiYqpJMvt+sQhOD9HAm3R66D5RdufF76GoeqaGAfdL36hqODs5TC7Lo
|
||||
0Nf1NlpLQEyvJmZax2sv28H2gySIXocXrZhsCfEnI3VeNbCsuIEfHIS4A9bRRekQ
|
||||
NzQbwPfYIoy0PkFhCUGtM8i5qUpLiK5TkpNe+Fi6BTLuY8bO5QxtGhAxoDges6Zx
|
||||
VgFCD6n9ZNiV5saA07pPxsA5gglIuuRf5G53y0uD3RG4itOXJpI6ScY7emgSnSOx
|
||||
ildpGPmnpzJVeNIhelRRZaJURmeVsMqIfjvzDBHbA30n7AMvqdGqzzSnt5g1qS7e
|
||||
QtWE7Ei12p86XO4Xg6gkNebLJJI/nR4U9CNkaHHfYDdE1OkIiA4B6kwcjfmnZ236
|
||||
kg3S+RTFBqp4LtpDBov//hpieiWn2OJQz6Nn8etF5CZp/8uvp0XCDJ2VQuhOfg4r
|
||||
Pl1Ihc2K3IffPS7mFqY/tXpOGFCnSSwj0cBjtYWEIbqEiKjIQfIQl+LyHfNWFRzS
|
||||
XgEdpRhxuZqMqjwZwN9N7rc/d7zzBbDQLK8CGIYKfqqpuavK+eV+f844Uz4K4hzp
|
||||
wqd8MCRqeJyji8wh8tSNEEsj9kPQwxpqcno+9T37UaAj249+wIFNA3e5lHhldTQ=
|
||||
=KkQQ
|
||||
-----END PGP MESSAGE-----
|
||||
fp: DD0998E6CDF294537FC604F991FA5E5BF9AA901C
|
||||
- created_at: "2023-12-20T20:48:53Z"
|
||||
enc: |-
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
hQIMA6j84+xkv3y7AQ/9G3gkCoMFiE+80YZw6lBQqIrMSVZPGgEe8PjLx2biqi8C
|
||||
SJZJNjLvLn5XdGAY/6374TEOi0Yu+vKKt/aOfpkPrhJ3ldg1M1DaWvjFgGB0SvJ1
|
||||
SPkoW3dBk2V127Bz0lgzXpzCJrUFPYgXKsJAD6b1DA9lcidoIoDNGMGx7U/iylHF
|
||||
7TSSzI/qjyYDX6mmPxowxC1ydzhFhDRvctY/sIy5ouCLzEAbROyVexGTeQBQWdqm
|
||||
ba1e39rIq04CXDFWG8Hupz29CDqwlKldRiCRoMjctSvpr+PABWlq89uv5WaHYbje
|
||||
gUMnOFSNLcWiCGF2oQOPDGgj6Y+p9qU2tZ8SIS+B/ovw54GWG14G8uvfxe4ktWOg
|
||||
IyynsmeMkhI1GfEJbZ+4GafMuY9ylQiesTuf7GGya5RvYlEJXZl0aGr28kdUlWBc
|
||||
I0dBKHjRhmqbkpJLB8TXtxfBBt79kQkDfw5UrXpBlovX7UmYGl7rF+07TdrEaAKD
|
||||
tU4MkOIiFgUkJ6nPv/U1RCU63ISi7UK4eEBkUQyYZQSym9/FUYYaL9m/sTF5wMwd
|
||||
O1OaHcW9fy6DebtJuUIQdC+ng5riiTFpRiEqkem4G45+nHvI+2lkYYSDiBKtZeW0
|
||||
uAKZqxXfvOls7UztXcH2hwsdwlSan+Ju+KWoPn9vYBEWDo2JIjFWghkpw/gDPuvS
|
||||
XgH7R+ZGwqij2yFr/Uu7NQceM//dHlZyuOQtM30+GkfB/kMJj6h4ib4p8USXpgZK
|
||||
8BgGA4KQHfb4BbiE3l6woCKdCoUAOKSqvzINisYh4w8/Rr/r4UX3M809xs4EsEE=
|
||||
=fOp0
|
||||
-----END PGP MESSAGE-----
|
||||
fp: A5EE826D645DBE35F9B0993358512AE87A69900F
|
||||
- created_at: "2023-12-20T20:48:53Z"
|
||||
enc: |-
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
hQIMAwMCBBrc/JA6AQ//X0BH4wWWs3DCmXzpF5XF03LlTCbPyBr4mfQo5SV9OwiC
|
||||
wif9ykFPeGgVMJpYeod3qU8IGu17e9qqJmSOcTRCVgNA/SgjDHExe8qUGrC0hOwO
|
||||
eg20s3dmgZqkiCLtg/7D7P9QSp8SBxpdkKqLNDq2sLPAGdXQRhVEyIyCfuTg98hJ
|
||||
Y4ANSdCtUqFpvX82oNLK8k7xL2GwDEBLubNMSjDBkYIPXmQ/vnOHWTQFLqihqV1p
|
||||
xtNkAtqP6qLWD3k0W+PeF/vJKxK6FfFlw0PpivXhyxy/sPA4xnCVIBUdCvPkkdmp
|
||||
Vfsa8CZpahxaxL5rfyT3vxPswh1nUyWlBF7+tTeui5L189iVdY5IclCBo3v2yuUt
|
||||
JnxVrck77jpRyW31CvKiR3DC5XroybpLRUTlL5ac9rSHeEt7vK8yItRArz/lSHcq
|
||||
JdVSYxlNL/89gURJMcncdRE/QavQWd/HEclYznpGwQHAypTvE4IeTJrx3whyFRB3
|
||||
2HB7rlmQ7ggCUMDjxFSDbVAgRdXDYFbnlxVd+TK0SFQldo5R7Uodj5u4WjqPI81D
|
||||
nTcbK494lxAKuXfjtElAJGcVB7wy9npqG35qTca7Pa5D2V1IiOSG5lTF1uTr4mgW
|
||||
cFDFk3fAIj8wk1iegX68DI6+vkPin6x42IUjvjBlpzpjxPLwPKdP8m40YyL0VcHS
|
||||
mAFAGzt9GQ6GFMq8FYjPd+I/J/txJIZe3mUW1KIWEjHg+6LvfBn07UXdyIEeSHQz
|
||||
KhX7QIBTEULA+uEGexbqNpk70l6IG2DMiJTglySKhcBnZ+qU0iGt1wxPxdEa8nL/
|
||||
5SjftbgiHJ9P+Halaqw/lDSVVaaCuvoPmKoSHZziz8RbyZUQ9fMaRKFpNbVR4CeV
|
||||
K9kY537JxHDv
|
||||
=Ar0v
|
||||
-----END PGP MESSAGE-----
|
||||
fp: 4F9F44A64CC2E438979329E1F122F05437696FCE
|
||||
- created_at: "2023-12-20T20:48:53Z"
|
||||
enc: |-
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
hQIMA/YLzOYaRIJJARAAyS0biIjy6/JASoBY5b6adOEsQ83Cu3vKGF22aZeMqWsv
|
||||
CuTY67k6n/oP1mBFLSsEdpDN86BFUW+UfztmunLrxBwLeLy+qPUCopGD4hCiTcD4
|
||||
CPl9dcbz07y2iTWDdc3U1HHgVn37MRA+Swzx9UN1k0NRjse3KdX4LZl/xiUs63R+
|
||||
pndwNEfKalcv73oCl/K4I+SOiaEK84jWscxtBM7H1GU0EgHfoY5WFSieBsep+cN6
|
||||
Twaz04fEyrw9E7FWKtMMqf8wSgl+tLyj6YyLh/+XVG55+qfnzLX7cp4fm3R2ceMF
|
||||
+FJV3Ao3btXNRBFZHDfUZ61xH82lWWlVgNCqtpwVhUoPDV0AMz41uMkjMhy5EGSY
|
||||
rU+CWv9v/RKQsKV57u21vjAtiMUQQh1MMj4fwq1hvKVgIvaY45qiYCgrtn9Dzi+0
|
||||
gwwkTKsGnARh9mLvAlCwBxRxk4a8ync3hO1XxNR9SjvJL7fS3mI9/693M3wGjdBZ
|
||||
vnmp8bR+e54Q8YuMuL68ND4HBZeZWY92yjF1peTYryepbi9MIDNwqFNeCpT4URSH
|
||||
7yzE2oo3161tz58FWuAUFSSqbzcV1tdTV0xYhjqrMj1j7i/MWvIxg04sfGIEGbNv
|
||||
Zju7ZoacNTuL+BNIDqAWAkrfMGxlu1zAXALdKLCF+kRQQrK/wjxpbQf8q1X9CszS
|
||||
XgHPuqqnbm2mru2VFcYbCC7i7TI4Tvm8UPw5dZDPhnJGUVLoz69w9QDO5gcrOS2P
|
||||
/2uKNc7pFAON/Sk2KVR1ZOkcvqzbOCu/XUO3EY+PmOxTtws4C+ishzKyw+lLMjc=
|
||||
=8++X
|
||||
-----END PGP MESSAGE-----
|
||||
fp: 91EBE87016391323642A6803B966009D57E69CC6
|
||||
- created_at: "2023-12-20T20:48:53Z"
|
||||
enc: |-
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
hQIMA9qJIVK2WMV7AQ/9GC/AT6iMCK1Yakdafd/e2jt89hZb1cyyG+IuK1ms9D87
|
||||
66+0xdeQ3vu+i0xxUFeZSQD/jS3KQpyaSlXoAVt5crnrcN/HOP3PAMzvGuwofrG8
|
||||
EEQbK1O4WzIYuuFUdZ9ayddLE0952fqBg9h6HoNX2qAFdXJMOldBRevse5TqFGKp
|
||||
vVQKFxUIu8FpR2mlWprBdbCc4jMfn7m1R0T9L3qLU/9/Sk4muaQOeBPB2zXxP5qJ
|
||||
5zlPlBtAvBV2vkLe/Jzg+2XqxBysyPu8wbexLpcefzbxXTPkMgBf++9L2H15/d+E
|
||||
IcoNTWOJwnd2bLq0jSgwzoFu499+Yl5v5F8E1a7CQ+3qK3u8rgfaZpbwrSvoq2mq
|
||||
Zi1vBgFLhdghooRS+JW0YLM67bPjRvNDDSRio5Z2By9WlHYqQGMzKwhNatrU8rF2
|
||||
xfbH7HQxO5A4InsmA3NRAkcj1O5Nfr+XKgPCVWVEw8iD/RaV/Mg6ZNpRZCdWdrlS
|
||||
6y5il4feL/GcRes/MJD4zQJc4lYE9hvfkptWEsL6VVK+gaSt3FY0vkI6jPu/Sszv
|
||||
X5LIZJV88Py9+biL5Ro3i1hCPYxERGEFk1g2lZXEz2Gzn8OrXH1NA7L7LCzyiCFc
|
||||
7RIY/Su1SCOXHxa1Gjg/YCm1zOATXb72zG2od6X9uW7A5vhqZw1fLJB0cDZuI5XS
|
||||
XgFY2Mp2+TsbDA8PbFT5+krk2k/58pbjibHvNcxKdV1j5rCVV9w2Pro4PpSLNBU7
|
||||
saONoM+CGhXypwmfQh1fpbeObPpNkNBeykldQoZz12D1EoaYPUkxlSMD9W0QFOU=
|
||||
=YI8r
|
||||
-----END PGP MESSAGE-----
|
||||
fp: 53B26AEDC08246715E15504B236B6291555E8401
|
||||
- created_at: "2023-12-20T20:48:53Z"
|
||||
enc: |-
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
hQIMA9XEenRNYVGHAQ//Q1bDCF6aIkppEyCHw6082/W3JsDJy/use/miRpM3KS9k
|
||||
v1WBAXe49P9RY8LD6IM9AipK8kprOfZq10P8CZvbfenA0MdbFQYAQcux+OmjqhBv
|
||||
jW7d0hNMBKyUp4f2wtpnBZCjYil8R1LFKXUfDLfCP2GDvWUcL/j9xAL3f+EfD0JC
|
||||
fNs1LMH5WXaEf/lo51G++Di6hyng3VPT1gId7nsrqSnoIw7A7KqxCoEgwYMYy1tR
|
||||
SGW2FATQ37WwygHInIgpZStbFQO03SNe+kEtXjODufxr6BqZZ+oZ1K3ZcvaRwDLI
|
||||
g+nzt2R0ncg+vUYEqfbXvlg6VxApMXirziCwfEKN//foltpm3Umh/T1daN0AIxIv
|
||||
Zi0euE2sGAC+0VRipFxPR4MERugwF+dcpJsl3opF/XYESiWvH/I8PSRBrlVxSSEw
|
||||
JxRd8kJ21d38CgzCNBOTMtZL1rOfmUHWsA/Z8oCmdFVMzy7x/lCJa+BxY/zy6KBz
|
||||
xflMLosEhuPEj29gzEuPpZjzgMyMLRZbpHvJDVrJMIFHH02OqPHMHn3nMuFWu9y2
|
||||
ZvO0CsILXS2ZIvhjB2fLkvwuu1f1AihVQCN7ed0AV12B/Y06rvXoxS5cFDXjiNK5
|
||||
TQGnWjyONok1bcEqbmSFixAOVgjHptvowGJ528EsFD2WrQMwINmPl1xh4I1JOKrS
|
||||
XgHuU9QT/du1gqy0/6SdFJebGi1D5soZZCc7SSAFq2g56iLtgNa1TF8XuEh2rbgb
|
||||
Fz8EauxQC6EFmFrmjnKY8ZNkJw+JtghA4+i/F/i6ufxkiO3lCno8uKZm5T7n7AE=
|
||||
=OZxN
|
||||
-----END PGP MESSAGE-----
|
||||
fp: 4B12EFA69166CA8C23FC47E49CD3A46248B660CA
|
||||
- created_at: "2023-12-20T20:48:53Z"
|
||||
enc: |-
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
hQEMA45bZkLXmBFpAQf/dKhs1CUnhYGxmJEeaDHblnLrJN8T0o2PJ0FOexeaejrJ
|
||||
BwtJX4pMGJVCAcZQRsavKsIKQuYEc9x5EE8gndIeIbchNpg7c8Sa6m9t82bdp0Tn
|
||||
cUqj67U7BMuEvxcgs6vJwfQeiRF+buz9z5TQTlmfpeQXTbS5UoZFknjWJAg6iQf4
|
||||
IaGbz7vnZPZZmM5g2mzz3KI/DeWtjH2svJH8tfJfCkUssFH1HG2oWDXjuV+PNaqt
|
||||
nb6mfOWCLUqv5S3LQ05bIo/c67jO/zMDkfMw40xjsXv7vhwp8R9YTfTgSR2lnVZn
|
||||
/dFKeFJ+Fa7O+uurFA/JBTm1wnQU61cV6LjlJcfE4NJeAd/uK7WAvJFHqkKChyVP
|
||||
Iyq6OWfmUfX73mkJK8dvnHqcDIaB/hQrs5bcvy6RZS7/w8KnfG2RIw433LA7vXzb
|
||||
Jl2pJAFoeDYvBEG5bm4CvoKoiHU3Prm0VGSW/+RdKQ==
|
||||
=U6O/
|
||||
-----END PGP MESSAGE-----
|
||||
fp: A4B0F5A80C2E2448A97BEC25BB829C4DECA6CCB9
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.8.1
|
|
@ -1,26 +0,0 @@
|
|||
-----BEGIN PGP PUBLIC KEY BLOCK-----
|
||||
|
||||
mDMEZHhWiRYJKwYBBAHaRw8BAQdApLSB6EIA/rIChQzJ/DTuZo0xjZqLd0YanYZN
|
||||
Hk65RDe0LkRlbm5pcyBXdWl0eiAoTUFJTikgPGRlbm5pcy5oZW5yaXF1ZUB3dWl0
|
||||
ei5kZT6IkwQTFgoAOxYhBI955s1kNHAGFYZ0gNEaUU9Qlb+oBQJkeFaJAhsDBQsJ
|
||||
CAcCAiICBhUKCQgLAgQWAgMBAh4HAheAAAoJENEaUU9Qlb+oJEkA/jV6SgEqfLBH
|
||||
Te5cctEeKi1I6NhF9ygQaQ3E1iOawKjNAP9AKaJU9FZxBkkdQYRUwBT1HT5a9AE5
|
||||
Sc9Kv0gGjJOxBrg4BGR4VokSCisGAQQBl1UBBQEBB0CIoOJNjVR40yMwH/tJRfvE
|
||||
FvVc8Vf6S/H0Gn0jqMT5QQMBCAeIeAQYFgoAIBYhBI955s1kNHAGFYZ0gNEaUU9Q
|
||||
lb+oBQJkeFaJAhsMAAoJENEaUU9Qlb+ozsYA/1WRuFNfGvkGnfxekqZVSFWzV8+7
|
||||
dxTsdFH6Rp4ShU2IAQC7p0YlJ86tH4cUKX1vgp3Fd5MwysFgwoI9GmPkIjX4BLgz
|
||||
BGR4V2kWCSsGAQQB2kcPAQEHQJYHv/LMo8N6iM3zFvOKrF7ZLp3eAG/cOED0yDzr
|
||||
vgkdiO8EGBYKACAWIQSPeebNZDRwBhWGdIDRGlFPUJW/qAUCZHhXaQIbIgCBCRDR
|
||||
GlFPUJW/qHYgBBkWCgAdFiEErfK/dQolfE3HjkAfURC2OXTM6bgFAmR4V2kACgkQ
|
||||
URC2OXTM6bjzbwD9Hpa0WcBU6yeSXR/6rmXImdEZSQUrT2T/KGBQQGMoDO8BAO2Z
|
||||
hb8Twi+tkgabc4+6QzrnnF8owCNi0snngcaqXBwIECoA/io/Rc9XwHYgwI8QkQjU
|
||||
SwRrkWSL2nHJBOyTNr51aw6jAPwJGFgjiiiqaTPtVJmGhVvjr06W66RMK6IRejPl
|
||||
AwNBBrgzBGR4WCQWCSsGAQQB2kcPAQEHQAoyEdbEjTAt540SMi4qA3YqioPuE2Y0
|
||||
omU1cNECTDpKiO8EGBYKACAWIQSPeebNZDRwBhWGdIDRGlFPUJW/qAUCZHhYJAIb
|
||||
AgCBCRDRGlFPUJW/qHYgBBkWCgAdFiEEaRWBxbY0svsuEwNkS1ay/lwzFeQFAmR4
|
||||
WCQACgkQS1ay/lwzFeRL6AEAy+o1W/rY3Bwqws+NtEQmZp8ImuNL/VryMy/fvV1g
|
||||
WJcA/Rr7pVW424dMWNz9MzAJBtxT8DLzwqC+lLl4uduoEIkAPcIA+wSosu1Stl03
|
||||
qaZg4TW6yawfUu9ixjKRbIv/THjQ26n8AP42LYM+BgT98KHYpCvP5TnNDJ3EX3Jy
|
||||
1lnOvas0EEuhAA==
|
||||
=tFtY
|
||||
-----END PGP PUBLIC KEY BLOCK-----
|
309
keys/sandro.asc
309
keys/sandro.asc
|
@ -36,202 +36,115 @@ Wtb8GNmAqtK6WCXEHcj7r1FpXaiVkoDzWfc2pOlNmW9unTCJmHR/UYrSf3ZDvwCP
|
|||
koHEsfARdtrgrA8FWinTn8l0qOAmMfmbyEetqY1wNlZ0DD2b5MLmd5gHGL2cwXRl
|
||||
F1Jv/fdGBWhqxCWpsGYbZNinL+j4mh1rXBwHnq8A5o5SGtspUmKxRAi4pe3hCh/b
|
||||
eiQhsMNuivWE/Mpg2jIhPDP2rB9aapiS77VYkYNRYVVVAFjRkSUTbOvQDSsR3/zz
|
||||
TN4pX4dxTmkwjab9yu4tbE9FTOGzRN0PUnkM6Ngg0mYqA6zFF6kh4f2JAlQEEwEK
|
||||
AD4CGwMFCwkIBwMFFQoJCAsFFgIDAQACHgECF4AWIQRTsmrtwIJGcV4VUEsja2KR
|
||||
VV6EAQUCZO9W7gUJDLPi1AAKCRAja2KRVV6EAQ11D/4901LWzobOukwK11vn6cBd
|
||||
dfU8Wpb3X/yjizSX7Ombnt4u9xCgpA25vETI3as21cGtNQPTSgwwxcJGKwYfCFks
|
||||
qYTnIFGnMR/rSTR3BhiUZe27B7qOwD3uWxux5CQpVX/BQo9b8qHzHF/8j1EB5GRV
|
||||
oiLcX6nI8NEZY1JciNQqV1PiPKyg4p2zS5W//bnSbmqIgGBrmuLo91fWS5Y2L4Ge
|
||||
0KzFIiJTAHmb0Wwm8nXbORfxqfO4k8E0vaZQKAldVU1CB4A4zYB1uaICaaedlPmh
|
||||
ATX6fwTCWouu1gi+wKHg/GEnrKR0L1voxYIxAkS9cEZzCx54Qe/ZRnqWLk+CeFM/
|
||||
1vRvDtpuxjwXuw6Us/zzKALK3XSPzmX75Yo1zsoXD15QqO1QNGRRVQ8hthsfTc2j
|
||||
nQbGIn6eincaQyTygo8gSI6NV5sVivPagA2wBbVCi3Uw/KPtjuDY6VHFD4ii+vgt
|
||||
qCO5zhfDmU2Zb+79G69rldBnhVzyNg8h5c+QA1o8and4d+xINQFpoDhwZCS3yPg/
|
||||
2urNSuDcjpnGydi45Jk+Xynfbdd5wk4ll+0EUwqGNuOSnMPwneHuNuxfj4wkUf1J
|
||||
HxNTzge6Q3V0n45rg5Fyd0tp5P2xyMGBR30yNtu9vHC87vmyG48Np/pvqUu+6nv1
|
||||
z6bVQtyHHUXKVpa9KdlaDLQXU2FuZHJvIDxzYW5kcm9AYzNkMi5kZT6JAlQEEwEK
|
||||
AD4CGwMFCwkIBwMFFQoJCAsFFgIDAQACHgECF4AWIQRTsmrtwIJGcV4VUEsja2KR
|
||||
VV6EAQUCZMrbjQUJDI9ncwAKCRAja2KRVV6EAQ3BD/4g3G+XWUz1gR4daNUAhN5N
|
||||
mWROIvNxnERmjMvxM71Tcq8891IkTvA3nkbKlb4LcmBV/afto3mPTCuP9VKOyIxy
|
||||
HXRSzhvcS2xM5KdkgRgXk2k/2T8F4oXtd0jIXGatDFdb57042U+ZfH/YHdtgXms3
|
||||
zuH82zF7p+MquLewqFm8DI4oqMlqnZDen3nHB1yK57ho0mfK0mJZdbnvqmd5k/Gi
|
||||
koDvdLAPZTYs2p7NRoMePNi8emrArcNeJ3sZ+zcC9j72TYpRG7PerUd+Epm/YxVt
|
||||
BXZAiIlEsYnJRrzSohVpavqvypP+wEPXqbsPtBhEU8Ovn8oeVyxMyMVnwkH6tFQ9
|
||||
Phu9LZCnT/p8MNIQ9JMojn6dJIS1U5hs9x3UI5JRDJqo5BsrIuJaOHkUd1ouSHUs
|
||||
28Zs15uElGarAGdQ9SSNKLWxh56+zd1ymVOq4epAWZbi2kYGC9FwE9jKs7Ew6Ci9
|
||||
dqkhAesTm/5wTNui1zP6kJWIv5hN5WnaC5hWtN2FFEaZY62K2LGUbaMDD4Z2XLJl
|
||||
9mRrmc8NqjALYs97pOhTgJ8UhtPhbiNt8qI4dXXqvlquIbtIKyzVevxLjHHB0T9w
|
||||
I8xlLMTB1adKAU4n3f4hOGuX+4UUkOs50DKdBzq4cNKmod9iRlVOvUZ2KoKQfBui
|
||||
uEtASUBNc7lwRl3Vji3xkYkCVAQTAQoAPhYhBFOyau3AgkZxXhVQSyNrYpFVXoQB
|
||||
BQJfKxVlAhsDBQkFBi8IBQsJCAcDBRUKCQgLBRYCAwEAAh4BAheAAAoJECNrYpFV
|
||||
XoQBAbcQAJ/mTH3yIxS/Qsg6cdeGYw5/sLUGYxKuEM4BehvMTgFX6xmvfxj/WArs
|
||||
gpoeRwh4tdTCj6YL5YhzN1y2racCAzi5r97qjgRjvQ0u6sPsuYyTK3Sth81dexo3
|
||||
arqhOEOwzjRUpZNzXraEO/NodiKsnw+Rtz2DwJiaVmnshOys0RaEy0vQXjUmjIZP
|
||||
onpVgF9olHMUfFBJjtgO3wot69JYtu2qWhnNlBnUpl9j+1HuGX+8HwYryFAQ1wPf
|
||||
8asxZ5u9C7Y9kKu5pWwZPP9zYMrEW/khOsulHu/R4yY8xmZtuYNi6ZsKnI9YUlG5
|
||||
S2V+DKoiDzHfJyaGGB+rqHz1FA5l9hDD0jG5zhyswI8IT0IEbLeapeCJImrJuFeG
|
||||
89lhIMnDd2XjsmSkbfg+ja/6MlfQQVDgRvby5MO+u10Qx5gtKn3BAsfBpK1xV09/
|
||||
dr855rAYFpYaZdTW7eooaMVzb3wP1dOcHguERlBX2jhB5KYNyyhKITLJ9rIhCXeu
|
||||
RnLsNACZmD7adHD78tChbBivMp30T1U1u7EqRjm5I4xh8tRKho6CiSVrNOmKQGuN
|
||||
EP6XznqNJS+SI+YMyc8Jxml9zgwQNzABI7Q9el9BzFnpY+S6wrHpekt2JiqgUGwD
|
||||
3+leBzmLEuyAyTGqn4CE0CCA+JKQ4ZnWCuYSrqNoVQR+5fmljYyLiQJUBBMBCgA+
|
||||
AhsDBQsJCAcDBRUKCQgLBRYCAwEAAh4BAheAFiEEU7Jq7cCCRnFeFVBLI2tikVVe
|
||||
hAEFAmTvVu4FCQyz4tQACgkQI2tikVVehAEoZw/8DvHjVgZy4r+qmtEALU09y/KS
|
||||
dBlCTFhkudzRVvTq24zT7uo91zwaOnfhMum/NV7OhMWQGR90fpRqASrSXj/HItf+
|
||||
B8VgC3aNnShqkXc5B31TDWUSOcq5lh2j7buL8ynuf+XRfVYiTVnoKqImSX4JeRs7
|
||||
vFpnbBbHRidylLs0o4GwdNSmdm9fhJEfbZLPp1UuTef4/X1JHIv4OKefFL4YA81r
|
||||
hdZtwZnrkYtQhhTSP65p6OauW00HXJfQbV+JZqOSfVA9rA/vfjD3uLpPiCbzYC81
|
||||
3meagy1M8g1hCJHvFLmqc1bDzpSGEdFO+jUUpCCGLD2wtXCfGNZHsJ09KKiEdzVI
|
||||
Dyoxjs2ssKmVKh8vGd97r2fJQC7h3wwUjTPuhKNsZBi9Qb9A8vT7XVsjWLMrOnj1
|
||||
CLD1Jku3M6XCpyHx8krWjAPezsjxr1WLYRUP2sUerx3rRx986FUIONeVbTfs7Rhy
|
||||
t/vgjazrpxF8yF4cCdvJOg3psScnSt3Dxp0Fk6G0FxGIW4m3oSwfg9VC2V8nD631
|
||||
NZxEKy49wkY7y532SYQjX24/va0M3eGxrUWXb1GlqdBuPsthnF59NdH6vg/VExRc
|
||||
Q+IxplaEkbAdYVWBECfXH8DL+OPGDLeWLwAlIswjonvhaNEzl694GWg2BZhZgaEP
|
||||
bcyd9J2G1BvJ1woMonC0KVNhbmRybyBKw6Rja2VsIDxzYW5kcm8uamFlY2tlbEBn
|
||||
bWFpbC5jb20+iQJUBBMBCgA+AhsDBQsJCAcDBRUKCQgLBRYCAwEAAh4BAheAFiEE
|
||||
U7Jq7cCCRnFeFVBLI2tikVVehAEFAmTK240FCQyPZ3MACgkQI2tikVVehAEE2hAA
|
||||
mIuZ7PNTnnrTh/RVtvjJstrF3vkMZYydaRRngv2cw8ObROT4mFpImUscxnRi9d/I
|
||||
8Z49TDeuP/ZS+6jTCJiktlNZypFgmlFImhP0u/cI85s2iDsDBWQSvVgPZzxIxr/k
|
||||
Hb8ciIQpEfkOCGOH2TY0Z119yV0YT0vRCVirScnvXiZQ8eOtdgbmquOSEuwLrdWO
|
||||
tVNNw8RVHnn+f+NFNanAzjMU1W7V6WIVKbnUmjx7ClKhV5bfRuuDCbMgI4WUOOou
|
||||
6CV+TEgtLnZappB6a8LMe73T9GgLWhWmXxd32o7SLgBaHKU29bI4jW1mvBmiXX6Y
|
||||
ZNhjfJW522SY+igq1TptVIrsopWzsEsHuV1j70DiuE6Jo8N2uNd0eI0qsgt5BU6o
|
||||
GRmiM4yY2rvS3bWHTPWKHnqQssXAzig2M1IiguU3S7GReJhYiZEZXYSBy/Bi2l3N
|
||||
PiIzI4q2gICNVG8u6OMVjWdEN/vh7RyLXUVq4AWKVFIXuL/IKTvIVU9zzIjmuXP/
|
||||
jvy6IRU8PGGOjVoBp1amtQs74GLyrL6QHM8U5fZW4JQCubufHAm6oM0+zKWRff4k
|
||||
fbCFcTN1hU6QLHmLh52YKr3L68SWqxCrDI3ril9/YF0oeK3H1ZhBKK8egRv7V1Fp
|
||||
SomQQ4YXpjKz4J2cSt/JUQb/Vzlg95dZvIO1K4WYqpmJAlQEEwEKAD4WIQRTsmrt
|
||||
wIJGcV4VUEsja2KRVV6EAQUCXUGl+gIbAwUJBQYvCAULCQgHAwUVCgkICwUWAgMB
|
||||
AAIeAQIXgAAKCRAja2KRVV6EAa0nD/wK6OesHttVztozNaw1RocA+ICuQJvDr8oD
|
||||
jCnTA+aVMXOLDe1NrjfXOCDHsNj9FOGpwMVF+cximZFyTirSbsLM+7oH7lGTFwsb
|
||||
vcw+6Kit3wheE/fImzrQirsOuEvBiv15VYfzsvThITLLDz0bxqxE3IWtPVemj+Hp
|
||||
csLcPcJIEEouGPsSHMhUwVt6+GMxIuqHZtSqph2ITy1uMNQLeIecfm0Xox4PN5qy
|
||||
UA/g72BfUv8BGKzfcrFGYgzPg5Yemo69uCq3pf3SHRscgwWVYUcxpJ+IPCCPGv1F
|
||||
ruAIkkPOOJ8f7o2E34POdOPGhasU4GyNVPVttOVpHUq7xTxRI5DajcFWjvGIQAdL
|
||||
S4i2xy7UcGFq7FMXHUfiYRjoDukgBoIv6p5CpINAfPVrWTAmMe5RR/0qJ9just/Z
|
||||
Aelk7up5up4bqP/W3CtnJ5nyphvmqEEFPXGYrb/NsC8+y85p+DnSy4qQrAAoqd38
|
||||
IaKUxC9DQgZf3omOXT1bR9w7VsnKqIX8JSMPIrNkauDNvXco+zT1YB+rm8HNHANU
|
||||
OSQAZ1eMZFPs61KGU17iwy4AiEn8mbOoB/9k3FI8RARe7KYkMGdt96h0H9rkWEaE
|
||||
op2o0l46NR7+HuT6TMpF4K9ICjhqx5sJZLJ5sp/lUSWW4wVoFCIKtOcyOEIj27KX
|
||||
+tFhFElfmIkCVAQTAQoAPgIbAwULCQgHAwUVCgkICwUWAgMBAAIeAQIXgBYhBFOy
|
||||
au3AgkZxXhVQSyNrYpFVXoQBBQJk71buBQkMs+LUAAoJECNrYpFVXoQBRAcP/j34
|
||||
ZpKufnFQ8nX1HZ7nN+oDyZL0vZUlYmAahP2Q4nAFF4XGupybW+u8frybpA/3uiKw
|
||||
dGpvijQYeHZZXFVcY+V8M9YlgYNCK1ws+f6yd18NQ6Kj6DrLGp6WUfNkIWBArXwG
|
||||
kpTCzIdvYfesCF23pGg6Kg5uLZwbZk0v0rND9CxwF0K0U3PdKto9EnEkG7UMoQZc
|
||||
hqXI6Wr3g+8zEz0C9wOLPW6wokML5jag0EV8A/2sXwGbXT4zgGUVkCzARd+CIF/g
|
||||
0cUBjVP15u+SidnH3IsEqVTLQoS33qI6egMw3GUGHTPlpLXa/X5zIuC7TYmMXYmR
|
||||
WcTCd+NtCXGvLLiYytBzuXXDAkVz4Sc9TzJVbSb6q0SkDduLfKFaEaXBXfZiDfSa
|
||||
A9svoU/v5MEF4OVFnjZoqxel0+eZrBc2sa/RB7XdNe0UCStTPpZ8zX10wugRRemT
|
||||
3BnPEs5D+49WMhjvQTgdc4QMLrPfb84srOOZQXadcs1onWHiG/9y7Mdbg4vqDHA+
|
||||
dJAAn04cTDwFGcjk2JSomCq4TWHnuVPqTUEvQ8kFXraKbty2qarQwmsow39JUPSx
|
||||
QCiJDfnHgVYEL0CZZhiVL1gsrSfsC2VoxCJznbIVZKCeVRjdM6jvRFAnE5erprAv
|
||||
03CGfe5Pl6wZQwQymHdEaIA9mYsCJ213Dp+W2YHDtCZTYW5kcm8gSsOkY2tlbCA8
|
||||
c2FuZHJvQHN1cGVyc2FuZHJvLmRlPokCUgQTAQoAPBYhBFOyau3AgkZxXhVQSyNr
|
||||
YpFVXoQBBQJlsX3wAhsDBQkMs+LUBAsJCAcEFQoJCAUWAgMBAAIeBQIXgAAKCRAj
|
||||
a2KRVV6EARgHD/0daLy614F97UxfXEKPfuMsxK9ng3Lb939CkyA/iQQMD38vzDj9
|
||||
WF6wqdlv9u9L7kNjq3xhPQwc38AjP6DTmG/KZAA2c+AuH48sNapbKEtNIucbQU+i
|
||||
ptQU9UXcPJjrSm0t4ZxAbNZruRdDAA6PjhJOTdKdDaILWjcp+eGM2iAEdO3FKe6M
|
||||
tdyifmb3h3ZTWpu1cqJeCzV8xvtEG6UtQ/jt5kkb4254p8PHqudDyywT52DIqDmk
|
||||
M58V5n/xqj108helQOoIHAnfyE4Zcw/tVvocLc3q5nQmCHM+zZ+micjaB8NCygh/
|
||||
NM4XjvztyoeVkVlZnoPKBCGQT+KRA2B/wGd3IMPWQNkCrg5/tl4fd5FCBI0hh83t
|
||||
TFZsczxHRmP5Hoe9mCVi0keLQk93cQBH/RzBTJVoIbcVBcih44b3k7jtn12qLwAr
|
||||
XOwt6rCXe27Zi/URLdW6U+dHR3fmsOFZXxigFvPyVB4uYhnxyTfqQsudtY07oeP/
|
||||
60Ck+hFAZEj3HLwR3T8aXjXDDkX9ywb2OaQPaVdi1ZjG/rN09eaB/0O4B4fJ2lEZ
|
||||
NtB4iWMwtidysz4oQEj60sWk+slDfYhtBMJMStGo2zVn61hR0xsq8cHF7MP9pgV9
|
||||
/gVBWW82nc6ejfW+N4y+hCcqUrZIGLfS8Lc2HUvkmkZsC+zTY/HZCe/cmLkCDQRb
|
||||
/dsaARAAwIVj31NgTrJ23CFu9SHPxHgQYCj70lheRYvCgp3R+co4Kpjvqf+C/ctm
|
||||
nGDPybFaSKm7zXg4SAjUBB/KC5wTbUkQiRdmThPbfwoL52P3XEZhfkLUCsCOj+Hg
|
||||
fdgLNsixNDSBHZZSwZ7DmzsLNKpRV+kr3QqVxk1zw+fHO2dngjazkw/HZSQ+qoIU
|
||||
7IXA9q6sJ0Bh2QrgiRSHu4otUps4y6rzWEutZwjI1OhUoG5NeLc4rAUjNDQ6r2zl
|
||||
okpAOC+LKEqI3/d+6muVREOC8xZEEUJ1KJCbn/1lnw/d7yq5BZYyZSOu9byP1fNL
|
||||
USieEoWp3FTVEwgl1Gbb1pYGSLMTmSh38vVBFcsutTVUTsDrAWzThS2iG++kb3rj
|
||||
JEjyp7/5tlZjOh/94ElbqGEkZzTzUIiAOjtCbNA7pxw4wI0CtkKwyg+raOZP9vrT
|
||||
UghiOLy1INzRLZyLRIr3xpJawcoyAgMiN7ndaWTgMV7R6Ougmq/TcAWvGu7CAHwb
|
||||
WlwBy0xB0vAiSu728EwVIu34Pztg5ub8LWPpzosOPNaOegrDi3vhW09e4/+uuR5F
|
||||
9oSGLfh5HxBJ59BITHGNMq+BaJai0wjykdveZob+Cdr0jMr8fwC9o2jdCIlb6z2i
|
||||
K+cj3mcmyYtT2BaaLgA3cZdK9QM5eL4XnXnZBWJE9jgBAf+67G8AEQEAAYkCPAQY
|
||||
AQoAJgIbDBYhBFOyau3AgkZxXhVQSyNrYpFVXoQBBQJkytvfBQkMj2fFAAoJECNr
|
||||
YpFVXoQBGhQP/iTL/M4Kn9qOB02PFl6FAe/uaSuA5DMilnpW2ulg7OeQ2BvVnEpq
|
||||
himMOjQM2nkh36bfaBi+oCQcIbdx1Hka7RSrlXiWEVOafk+RxwKpLzO5XjUjPjLt
|
||||
3b3fwWUYH6cQNAGA0Eaae7PxP3sNEO2kOPqT8okKhHD0F6WaFC69sh8ITmKjd2/Z
|
||||
eykfjWsDf5NokwplsNfbmXlWroJ9svcLNH9gipt8ImkNpluH/jlvHcVgl5C0VCNm
|
||||
29J0kbKj7iDiYFDvU+J3LyC80WLMgOVK/wSJf34NRvYCxm8x6dF7ywPhcMTNYaF0
|
||||
1/mqLmQOdjcJSR41M6wfy2TuStconve3kegstoJTrjWdiGQqV0EoWx/vGob/J0Bb
|
||||
z8u9/IIgOTbXhVRdLMDK4ByIwMvIAHqVJ2hdi2VPL00/OPEknfDKQ5QVZRCxgo3U
|
||||
jngACao6GfzMn2vTPxM+EpiLZqvtigDsWngSquJsWUzthlWkEuJDphqsMIqvlpUC
|
||||
f2smEWOWQpuRixboqEhFM02/ft7uEsL2DIBkuQQj1WvZzKjX+oDk7qcjdn8NrDgy
|
||||
pLE+ZFdf5P+U8WCVB5+82wP4ga+u4Rl5IbsbldC3SmaSXqmclfEjO/tQZG2GU7cV
|
||||
HeRZEvqUr30JVdI58M0KVvAu+YV9c1bI4Ym/AskZSZ5Ophsc70xIsxBBiQI8BBgB
|
||||
CgAmAhsMFiEEU7Jq7cCCRnFeFVBLI2tikVVehAEFAmTvVxgFCQyz4v4ACgkQI2ti
|
||||
kVVehAHDzxAAizEy93/xcOq7olWMUQVOxXcQuJsK3F3kyncXhsR93HCI83UgD1uw
|
||||
Gylhil0YZr6VLNrajGwuLREL2QezshfuJBJhQHPCoak7Om0l6RoEUk1SwsLw9aq9
|
||||
xjIYA2BRbLW+zWnbTLD7mNxPuZKyxHFDGio7LA9SzRxFrMBMivMdLhL/WHLh+o7b
|
||||
Cu82imbCcr6F8ImqBue8stEzHX2UY4sb4uVgEB0NK7HMu8HC+PAudYsz/6zZh5Aw
|
||||
aj0IQYpa+5wAGwysvZSkIwy6NTGQfLojCCmwCRslhkZO+4k0i8KwcjX4nePQfluu
|
||||
W5KTmjPscgGDypdHiVVB/lbpPVX1dZ3NgrZeSE+o8osHlBSz8SkmjLOs8UAsdcnM
|
||||
PVmS7DWu7uh8x0YxXInarkvR3UahNEOq9qX1tpsOKDFEF6KXFJBifE8KF2zy/W7W
|
||||
dJ6JSqbaMX4/OT9VPYOgeV7IsuIdMh4xcYtwWUBZq41a7TSYeL9GRjsg7LuIp9az
|
||||
FjWvRG4DIqsyX4IPFTyVM+I0JWbJxWI0ib+MptercULe/KNniAb4Zk+hOQz4vvf+
|
||||
fMRd/soY0u4Qi4Aug5f0GNOfaVBvg9i/7g/zqhSgfHoJx9KGVe/KuOAlEQYF/fUj
|
||||
YcVi8rRN1XUCCjkUE538VSOrbtpoLaAkcBexOmhfe7iHgU6R78HjTpC5Ag0EXSt+
|
||||
4AEQALQI+DXcnrfEtDVVK7esJ2n7pvcxqKd/yKhO/FMVYpWmzL2ZpnQE2+Rc+fPN
|
||||
YO6rj7KBVLU0sp0Q5ittJ6R1wwc5jP0kOLiBt6qs2W93VQ4ZGpkDbjmiEE7gZ+pX
|
||||
VD0sgphFyvr6iostuMW0xG8iLf3PrjctswYhs3ic1sblO/z+S3Azg7p6u0Q2Mco8
|
||||
N//ocZwp9LhIcEapZplJXyohjiPtyiaubSFUHyrBMQKz+ZIHkx+TjFDGzTNkPe3P
|
||||
y3V1JUtRby7YUr1u95pKj0rOqp9ePeGwYGEVPj6ua4knxyaXdy7/b24b/zLj/8WA
|
||||
1HfX3Q8kYS79gJSUkkqYRjivDwhSlVdqKMNgSapci+1w1fWiE1ltwGaFz9QjitTc
|
||||
rwogsQU5UO42QRR3EauCMJub7vzsLY23gjB1lwqOS1uKYOAfEQ0114BQqjk0Ht1S
|
||||
AemrWkjcZHZav0Zas91ZPd8GTDCbjh4IdJto4T94DPwBMCBF6q/pC0VO0vcqrZSl
|
||||
A2Kw51QezsFpk77BR2J8eHiCjyO7etPR751RuH/i6j63topTJ6zG2m/OS/WGAyp+
|
||||
mhMt20Pa7BJXYM4TnXUxuPy1b7V2GS42H4/7M+7c8WFWbWepkDjRdNp0JV4DfxQt
|
||||
scSY1zECcYwzyp4c9+X8IoaZ1Tw7mENNZooZPbG4Gl0Dp7xdABEBAAGJBHIEGAEK
|
||||
ACYCGwIWIQRTsmrtwIJGcV4VUEsja2KRVV6EAQUCZMrb3wUJC2HD/wJAwXQgBBkB
|
||||
CgAdFiEEhxQmicBftapI7EklOvWkOj7swuUFAl0rfuAACgkQOvWkOj7swuXc6g//
|
||||
Rihq/6PPxQKc0MN8lsWOP4KDoK+J6/5FB3t+NjWDEQ0r6ZK11opiHqZQ3CJU5oQ1
|
||||
S8nEDwM3hC1c1Ja1gJIjDifDWKbndtFunaDBEDN6k3DAAzkP7NoiA1RDO2bjJPfN
|
||||
Wgre4BNxfO1zSNI6oINJgZmFRdPfBeWXrj5byioieZW7DO7X3TSOAVt5zBeEJjbl
|
||||
N1PBhDEP9u0WRGyca3HO6ssbqoyxatPJRxKbgnMMeKyriisct1cU0SfxYULwv6bW
|
||||
0btZd9LbHY7mvHQT4T9ORkRKMaV5TcyeD3lvo+2qw5dSWN9epi4qTZl2l88FC7VE
|
||||
1Af/pnWDFpW+ha1/AP02Co51EUU27RCygknO50Hy++Wu4qeeYkEI67zzrcNYPyDW
|
||||
HiqyptYVhrAPxEpKY8B791WVWiyyUrZbQQmHX+FeX0/nEJqnqtgp/XJYdYfNe/uY
|
||||
XIggJj3OvpHBvE4bXjK3cKCWkV3wqO2COgpFFtt4LtTYPwzl95/kXsm6N62EqLPI
|
||||
xD7dmnq0fJfRMfu8aqpynh9d+DvnERGDeRk+9Nt4GrN+RVxtaxFJeaRGGULaJib3
|
||||
Og7z9TbB6kw+nSN5zneHSuzNwm0B+KjNVL9JBIPQc8zg2JEluK75TiWIMsZBhKbV
|
||||
rSb/QTYRJ/6x9ZpupX1y8s8r94/hYgqptZgXlM031mcJECNrYpFVXoQBTmkQALEk
|
||||
sU8+wabPJy49hCiJE47tBg4XsCaNN5AfjLn6QVvKwljINJgA4+xPYM01i4JfLlHE
|
||||
rtEdU71GBM7SwRx8CTyEPxrZpA7TFVWVcFWcwt7/c+o1bIREwcbGfRZbIkPQUZd4
|
||||
FZAVmARTpZPQRnc6Ff1nSvLAbqOzljIRwqA7Xgqxt3k4TW6s16/9CVo4YW2wCudN
|
||||
xqxGqK4WE76jeQJoTxjI3rU3ZGD4AgtXMAntnNot3I1AVDJRB6HBnQWqB1PUoniZ
|
||||
oo+N916p7mz2UnE6zMi7mP/WG7oW+nbRiCHczkOGaSg0W1KpL3a1//e3GLK9KqLc
|
||||
bX2ycxqIzBYmJ8Cj0frpoiS9xOLZXl/RV9ZcfCUtqaYcEQOzugLsvyWmnyeJFRyy
|
||||
1nayKvxdQvL1yVLJ0PECAq0TPTrQ+KRA2xvAuYFsMEM1Jl5crEhXa9qYFA2/lQm/
|
||||
gd4+p+D24o7W0W/F5X4FdI9cKqG45Jb3U6GLZPettF5PC7Ogs5IDDhdGQ9Gk3ZAU
|
||||
hmaIEeOdyv2y5uI1a31kbQbkWGCydg9XJwtJOhj28TTTrImw7scvRl3gfHA5kk8g
|
||||
BiC30kQLFWmOxAk9sP8yOD0G+2n7thH9xucBhCz6K51Kf9G7qHY7gL0c5Hf9uX3E
|
||||
XpjdtBeHVbkHxk1yi5/QleEgHGRH6k86p918jgQfiQRyBBgBCgAmAhsCFiEEU7Jq
|
||||
7cCCRnFeFVBLI2tikVVehAEFAmTvVxgFCQuGPzgCQMF0IAQZAQoAHRYhBIcUJonA
|
||||
X7WqSOxJJTr1pDo+7MLlBQJdK37gAAoJEDr1pDo+7MLl3OoP/0Yoav+jz8UCnNDD
|
||||
fJbFjj+Cg6Cviev+RQd7fjY1gxENK+mStdaKYh6mUNwiVOaENUvJxA8DN4QtXNSW
|
||||
tYCSIw4nw1im53bRbp2gwRAzepNwwAM5D+zaIgNUQztm4yT3zVoK3uATcXztc0jS
|
||||
OqCDSYGZhUXT3wXll64+W8oqInmVuwzu1900jgFbecwXhCY25TdTwYQxD/btFkRs
|
||||
nGtxzurLG6qMsWrTyUcSm4JzDHisq4orHLdXFNEn8WFC8L+m1tG7WXfS2x2O5rx0
|
||||
E+E/TkZESjGleU3Mng95b6PtqsOXUljfXqYuKk2ZdpfPBQu1RNQH/6Z1gxaVvoWt
|
||||
fwD9NgqOdRFFNu0QsoJJzudB8vvlruKnnmJBCOu8863DWD8g1h4qsqbWFYawD8RK
|
||||
SmPAe/dVlVosslK2W0EJh1/hXl9P5xCap6rYKf1yWHWHzXv7mFyIICY9zr6RwbxO
|
||||
G14yt3CglpFd8KjtgjoKRRbbeC7U2D8M5fef5F7JujethKizyMQ+3Zp6tHyX0TH7
|
||||
vGqqcp4fXfg75xERg3kZPvTbeBqzfkVcbWsRSXmkRhlC2iYm9zoO8/U2wepMPp0j
|
||||
ec53h0rszcJtAfiozVS/SQSD0HPM4NiRJbiu+U4liDLGQYSm1a0m/0E2ESf+sfWa
|
||||
bqV9cvLPK/eP4WIKqbWYF5TNN9ZnCRAja2KRVV6EAbb+D/9bezmLf54ITSb8aTDu
|
||||
ATRTnIwPIcOnl0IzawdS/IuPu66ZYP6cTkS6NEp/QH8ZikqUQr/q/eSf1JBdkEL6
|
||||
MkMel+qqykyqd4wA/vU7mOad5P9eENfbyDNBjqEZGYA7p+Kxu9u/qSyf14UoHkyJ
|
||||
TigK05CsoFqZD1Unf/cNDydiCelPSVV9DFY3vDNomQEOUYdNE3Dxekgs+i4o/iVO
|
||||
jrPzkHavOFHWMBm97bTmezgI8a5kf0Gj00G+PxjlQ6PrESLv88PlKYEWLqZTssng
|
||||
U5g4bI4l1ggZ8hGFta9TsJeaBar6RKp4A6Yt5ub1My61aq143ALZKMKM3YmumSvC
|
||||
n7GjsFDElBJab0T2TLYeDOLdlf4f8f2F2I6v8fgxhr9GdnbkLbF4TRSMHTi4MoN7
|
||||
kDzqi3PbfVuqjRhBwIRJgb2acv8AhWi0VoKpdSX+YdtrKlsv4ET9yMGH6RitfJ7h
|
||||
6d9ZBdV1lo9LEQZBqzaBh1s5+7xiZeAPtb0an8ogn0OZPfGc8pd+06THbgNPsv7M
|
||||
6e46/BEsAqrx9d6BjPPyQ/eZoxwgyHK8VQktVuEMLSC1K5HyW5Hu85ibBsynW3mQ
|
||||
shz/VNW2oQfTVTDNCZsBgyoeP1fE6YdDpSs1+NPVV+08QuGtM9xBzSmH39jsob0X
|
||||
G9KeiV2rKVzF9mbZnoNGEfzLAg==
|
||||
=TXvy
|
||||
TN4pX4dxTmkwjab9yu4tbE9FTOGzRN0PUnkM6Ngg0mYqA6zFF6kh4f20F1NhbmRy
|
||||
byA8c2FuZHJvQGMzZDIuZGU+iQJUBBMBCgA+AhsDBQsJCAcDBRUKCQgLBRYCAwEA
|
||||
Ah4BAheAFiEEU7Jq7cCCRnFeFVBLI2tikVVehAEFAmTK240FCQyPZ3MACgkQI2ti
|
||||
kVVehAENwQ/+INxvl1lM9YEeHWjVAITeTZlkTiLzcZxEZozL8TO9U3KvPPdSJE7w
|
||||
N55GypW+C3JgVf2n7aN5j0wrj/VSjsiMch10Us4b3EtsTOSnZIEYF5NpP9k/BeKF
|
||||
7XdIyFxmrQxXW+e9ONlPmXx/2B3bYF5rN87h/Nsxe6fjKri3sKhZvAyOKKjJap2Q
|
||||
3p95xwdciue4aNJnytJiWXW576pneZPxopKA73SwD2U2LNqezUaDHjzYvHpqwK3D
|
||||
Xid7Gfs3AvY+9k2KURuz3q1HfhKZv2MVbQV2QIiJRLGJyUa80qIVaWr6r8qT/sBD
|
||||
16m7D7QYRFPDr5/KHlcsTMjFZ8JB+rRUPT4bvS2Qp0/6fDDSEPSTKI5+nSSEtVOY
|
||||
bPcd1COSUQyaqOQbKyLiWjh5FHdaLkh1LNvGbNebhJRmqwBnUPUkjSi1sYeevs3d
|
||||
cplTquHqQFmW4tpGBgvRcBPYyrOxMOgovXapIQHrE5v+cEzbotcz+pCViL+YTeVp
|
||||
2guYVrTdhRRGmWOtitixlG2jAw+GdlyyZfZka5nPDaowC2LPe6ToU4CfFIbT4W4j
|
||||
bfKiOHV16r5ariG7SCss1Xr8S4xxwdE/cCPMZSzEwdWnSgFOJ93+IThrl/uFFJDr
|
||||
OdAynQc6uHDSpqHfYkZVTr1GdiqCkHwborhLQElATXO5cEZd1Y4t8ZGJAlQEEwEK
|
||||
AD4WIQRTsmrtwIJGcV4VUEsja2KRVV6EAQUCXysVZQIbAwUJBQYvCAULCQgHAwUV
|
||||
CgkICwUWAgMBAAIeAQIXgAAKCRAja2KRVV6EAQG3EACf5kx98iMUv0LIOnHXhmMO
|
||||
f7C1BmMSrhDOAXobzE4BV+sZr38Y/1gK7IKaHkcIeLXUwo+mC+WIczdctq2nAgM4
|
||||
ua/e6o4EY70NLurD7LmMkyt0rYfNXXsaN2q6oThDsM40VKWTc162hDvzaHYirJ8P
|
||||
kbc9g8CYmlZp7ITsrNEWhMtL0F41JoyGT6J6VYBfaJRzFHxQSY7YDt8KLevSWLbt
|
||||
qloZzZQZ1KZfY/tR7hl/vB8GK8hQENcD3/GrMWebvQu2PZCruaVsGTz/c2DKxFv5
|
||||
ITrLpR7v0eMmPMZmbbmDYumbCpyPWFJRuUtlfgyqIg8x3ycmhhgfq6h89RQOZfYQ
|
||||
w9Ixuc4crMCPCE9CBGy3mqXgiSJqybhXhvPZYSDJw3dl47JkpG34Po2v+jJX0EFQ
|
||||
4Eb28uTDvrtdEMeYLSp9wQLHwaStcVdPf3a/OeawGBaWGmXU1u3qKGjFc298D9XT
|
||||
nB4LhEZQV9o4QeSmDcsoSiEyyfayIQl3rkZy7DQAmZg+2nRw+/LQoWwYrzKd9E9V
|
||||
NbuxKkY5uSOMYfLUSoaOgoklazTpikBrjRD+l856jSUvkiPmDMnPCcZpfc4MEDcw
|
||||
ASO0PXpfQcxZ6WPkusKx6XpLdiYqoFBsA9/pXgc5ixLsgMkxqp+AhNAggPiSkOGZ
|
||||
1grmEq6jaFUEfuX5pY2Mi7QpU2FuZHJvIErDpGNrZWwgPHNhbmRyby5qYWVja2Vs
|
||||
QGdtYWlsLmNvbT6JAlQEEwEKAD4CGwMFCwkIBwMFFQoJCAsFFgIDAQACHgECF4AW
|
||||
IQRTsmrtwIJGcV4VUEsja2KRVV6EAQUCZMrbjQUJDI9ncwAKCRAja2KRVV6EAQTa
|
||||
EACYi5ns81OeetOH9FW2+Mmy2sXe+QxljJ1pFGeC/ZzDw5tE5PiYWkiZSxzGdGL1
|
||||
38jxnj1MN64/9lL7qNMImKS2U1nKkWCaUUiaE/S79wjzmzaIOwMFZBK9WA9nPEjG
|
||||
v+QdvxyIhCkR+Q4IY4fZNjRnXX3JXRhPS9EJWKtJye9eJlDx4612Buaq45IS7Aut
|
||||
1Y61U03DxFUeef5/40U1qcDOMxTVbtXpYhUpudSaPHsKUqFXlt9G64MJsyAjhZQ4
|
||||
6i7oJX5MSC0udlqmkHprwsx7vdP0aAtaFaZfF3fajtIuAFocpTb1sjiNbWa8GaJd
|
||||
fphk2GN8lbnbZJj6KCrVOm1UiuyilbOwSwe5XWPvQOK4Tomjw3a413R4jSqyC3kF
|
||||
TqgZGaIzjJjau9LdtYdM9YoeepCyxcDOKDYzUiKC5TdLsZF4mFiJkRldhIHL8GLa
|
||||
Xc0+IjMjiraAgI1Uby7o4xWNZ0Q3++HtHItdRWrgBYpUUhe4v8gpO8hVT3PMiOa5
|
||||
c/+O/LohFTw8YY6NWgGnVqa1CzvgYvKsvpAczxTl9lbglAK5u58cCbqgzT7MpZF9
|
||||
/iR9sIVxM3WFTpAseYuHnZgqvcvrxJarEKsMjeuKX39gXSh4rcfVmEEorx6BG/tX
|
||||
UWlKiZBDhhemMrPgnZxK38lRBv9XOWD3l1m8g7UrhZiqmYkCVAQTAQoAPhYhBFOy
|
||||
au3AgkZxXhVQSyNrYpFVXoQBBQJdQaX6AhsDBQkFBi8IBQsJCAcDBRUKCQgLBRYC
|
||||
AwEAAh4BAheAAAoJECNrYpFVXoQBrScP/Aro56we21XO2jM1rDVGhwD4gK5Am8Ov
|
||||
ygOMKdMD5pUxc4sN7U2uN9c4IMew2P0U4anAxUX5zGKZkXJOKtJuwsz7ugfuUZMX
|
||||
Cxu9zD7oqK3fCF4T98ibOtCKuw64S8GK/XlVh/Oy9OEhMssPPRvGrETcha09V6aP
|
||||
4elywtw9wkgQSi4Y+xIcyFTBW3r4YzEi6odm1KqmHYhPLW4w1At4h5x+bRejHg83
|
||||
mrJQD+DvYF9S/wEYrN9ysUZiDM+Dlh6ajr24Krel/dIdGxyDBZVhRzGkn4g8II8a
|
||||
/UWu4AiSQ844nx/ujYTfg85048aFqxTgbI1U9W205WkdSrvFPFEjkNqNwVaO8YhA
|
||||
B0tLiLbHLtRwYWrsUxcdR+JhGOgO6SAGgi/qnkKkg0B89WtZMCYx7lFH/Son2O6y
|
||||
39kB6WTu6nm6nhuo/9bcK2cnmfKmG+aoQQU9cZitv82wLz7Lzmn4OdLLipCsACip
|
||||
3fwhopTEL0NCBl/eiY5dPVtH3DtWycqohfwlIw8is2Rq4M29dyj7NPVgH6ubwc0c
|
||||
A1Q5JABnV4xkU+zrUoZTXuLDLgCISfyZs6gH/2TcUjxEBF7spiQwZ233qHQf2uRY
|
||||
RoSinajSXjo1Hv4e5PpMykXgr0gKOGrHmwlksnmyn+VRJZbjBWgUIgq05zI4QiPb
|
||||
spf60WEUSV+YuQINBFv92xoBEADAhWPfU2BOsnbcIW71Ic/EeBBgKPvSWF5Fi8KC
|
||||
ndH5yjgqmO+p/4L9y2acYM/JsVpIqbvNeDhICNQEH8oLnBNtSRCJF2ZOE9t/Cgvn
|
||||
Y/dcRmF+QtQKwI6P4eB92As2yLE0NIEdllLBnsObOws0qlFX6SvdCpXGTXPD58c7
|
||||
Z2eCNrOTD8dlJD6qghTshcD2rqwnQGHZCuCJFIe7ii1SmzjLqvNYS61nCMjU6FSg
|
||||
bk14tzisBSM0NDqvbOWiSkA4L4soSojf937qa5VEQ4LzFkQRQnUokJuf/WWfD93v
|
||||
KrkFljJlI671vI/V80tRKJ4ShancVNUTCCXUZtvWlgZIsxOZKHfy9UEVyy61NVRO
|
||||
wOsBbNOFLaIb76RveuMkSPKnv/m2VmM6H/3gSVuoYSRnNPNQiIA6O0Js0DunHDjA
|
||||
jQK2QrDKD6to5k/2+tNSCGI4vLUg3NEtnItEivfGklrByjICAyI3ud1pZOAxXtHo
|
||||
66Car9NwBa8a7sIAfBtaXAHLTEHS8CJK7vbwTBUi7fg/O2Dm5vwtY+nOiw481o56
|
||||
CsOLe+FbT17j/665HkX2hIYt+HkfEEnn0EhMcY0yr4FolqLTCPKR295mhv4J2vSM
|
||||
yvx/AL2jaN0IiVvrPaIr5yPeZybJi1PYFpouADdxl0r1Azl4vhededkFYkT2OAEB
|
||||
/7rsbwARAQABiQI8BBgBCgAmAhsMFiEEU7Jq7cCCRnFeFVBLI2tikVVehAEFAmTK
|
||||
298FCQyPZ8UACgkQI2tikVVehAEaFA/+JMv8zgqf2o4HTY8WXoUB7+5pK4DkMyKW
|
||||
elba6WDs55DYG9WcSmqGKYw6NAzaeSHfpt9oGL6gJBwht3HUeRrtFKuVeJYRU5p+
|
||||
T5HHAqkvM7leNSM+Mu3dvd/BZRgfpxA0AYDQRpp7s/E/ew0Q7aQ4+pPyiQqEcPQX
|
||||
pZoULr2yHwhOYqN3b9l7KR+NawN/k2iTCmWw19uZeVaugn2y9ws0f2CKm3wiaQ2m
|
||||
W4f+OW8dxWCXkLRUI2bb0nSRsqPuIOJgUO9T4ncvILzRYsyA5Ur/BIl/fg1G9gLG
|
||||
bzHp0XvLA+FwxM1hoXTX+aouZA52NwlJHjUzrB/LZO5K1yie97eR6Cy2glOuNZ2I
|
||||
ZCpXQShbH+8ahv8nQFvPy738giA5NteFVF0swMrgHIjAy8gAepUnaF2LZU8vTT84
|
||||
8SSd8MpDlBVlELGCjdSOeAAJqjoZ/Myfa9M/Ez4SmItmq+2KAOxaeBKq4mxZTO2G
|
||||
VaQS4kOmGqwwiq+WlQJ/ayYRY5ZCm5GLFuioSEUzTb9+3u4SwvYMgGS5BCPVa9nM
|
||||
qNf6gOTupyN2fw2sODKksT5kV1/k/5TxYJUHn7zbA/iBr67hGXkhuxuV0LdKZpJe
|
||||
qZyV8SM7+1BkbYZTtxUd5FkS+pSvfQlV0jnwzQpW8C75hX1zVsjhib8CyRlJnk6m
|
||||
GxzvTEizEEG5Ag0EXSt+4AEQALQI+DXcnrfEtDVVK7esJ2n7pvcxqKd/yKhO/FMV
|
||||
YpWmzL2ZpnQE2+Rc+fPNYO6rj7KBVLU0sp0Q5ittJ6R1wwc5jP0kOLiBt6qs2W93
|
||||
VQ4ZGpkDbjmiEE7gZ+pXVD0sgphFyvr6iostuMW0xG8iLf3PrjctswYhs3ic1sbl
|
||||
O/z+S3Azg7p6u0Q2Mco8N//ocZwp9LhIcEapZplJXyohjiPtyiaubSFUHyrBMQKz
|
||||
+ZIHkx+TjFDGzTNkPe3Py3V1JUtRby7YUr1u95pKj0rOqp9ePeGwYGEVPj6ua4kn
|
||||
xyaXdy7/b24b/zLj/8WA1HfX3Q8kYS79gJSUkkqYRjivDwhSlVdqKMNgSapci+1w
|
||||
1fWiE1ltwGaFz9QjitTcrwogsQU5UO42QRR3EauCMJub7vzsLY23gjB1lwqOS1uK
|
||||
YOAfEQ0114BQqjk0Ht1SAemrWkjcZHZav0Zas91ZPd8GTDCbjh4IdJto4T94DPwB
|
||||
MCBF6q/pC0VO0vcqrZSlA2Kw51QezsFpk77BR2J8eHiCjyO7etPR751RuH/i6j63
|
||||
topTJ6zG2m/OS/WGAyp+mhMt20Pa7BJXYM4TnXUxuPy1b7V2GS42H4/7M+7c8WFW
|
||||
bWepkDjRdNp0JV4DfxQtscSY1zECcYwzyp4c9+X8IoaZ1Tw7mENNZooZPbG4Gl0D
|
||||
p7xdABEBAAGJBHIEGAEKACYCGwIWIQRTsmrtwIJGcV4VUEsja2KRVV6EAQUCZMrb
|
||||
3wUJC2HD/wJAwXQgBBkBCgAdFiEEhxQmicBftapI7EklOvWkOj7swuUFAl0rfuAA
|
||||
CgkQOvWkOj7swuXc6g//Rihq/6PPxQKc0MN8lsWOP4KDoK+J6/5FB3t+NjWDEQ0r
|
||||
6ZK11opiHqZQ3CJU5oQ1S8nEDwM3hC1c1Ja1gJIjDifDWKbndtFunaDBEDN6k3DA
|
||||
AzkP7NoiA1RDO2bjJPfNWgre4BNxfO1zSNI6oINJgZmFRdPfBeWXrj5byioieZW7
|
||||
DO7X3TSOAVt5zBeEJjblN1PBhDEP9u0WRGyca3HO6ssbqoyxatPJRxKbgnMMeKyr
|
||||
iisct1cU0SfxYULwv6bW0btZd9LbHY7mvHQT4T9ORkRKMaV5TcyeD3lvo+2qw5dS
|
||||
WN9epi4qTZl2l88FC7VE1Af/pnWDFpW+ha1/AP02Co51EUU27RCygknO50Hy++Wu
|
||||
4qeeYkEI67zzrcNYPyDWHiqyptYVhrAPxEpKY8B791WVWiyyUrZbQQmHX+FeX0/n
|
||||
EJqnqtgp/XJYdYfNe/uYXIggJj3OvpHBvE4bXjK3cKCWkV3wqO2COgpFFtt4LtTY
|
||||
Pwzl95/kXsm6N62EqLPIxD7dmnq0fJfRMfu8aqpynh9d+DvnERGDeRk+9Nt4GrN+
|
||||
RVxtaxFJeaRGGULaJib3Og7z9TbB6kw+nSN5zneHSuzNwm0B+KjNVL9JBIPQc8zg
|
||||
2JEluK75TiWIMsZBhKbVrSb/QTYRJ/6x9ZpupX1y8s8r94/hYgqptZgXlM031mcJ
|
||||
ECNrYpFVXoQBTmkQALEksU8+wabPJy49hCiJE47tBg4XsCaNN5AfjLn6QVvKwljI
|
||||
NJgA4+xPYM01i4JfLlHErtEdU71GBM7SwRx8CTyEPxrZpA7TFVWVcFWcwt7/c+o1
|
||||
bIREwcbGfRZbIkPQUZd4FZAVmARTpZPQRnc6Ff1nSvLAbqOzljIRwqA7Xgqxt3k4
|
||||
TW6s16/9CVo4YW2wCudNxqxGqK4WE76jeQJoTxjI3rU3ZGD4AgtXMAntnNot3I1A
|
||||
VDJRB6HBnQWqB1PUoniZoo+N916p7mz2UnE6zMi7mP/WG7oW+nbRiCHczkOGaSg0
|
||||
W1KpL3a1//e3GLK9KqLcbX2ycxqIzBYmJ8Cj0frpoiS9xOLZXl/RV9ZcfCUtqaYc
|
||||
EQOzugLsvyWmnyeJFRyy1nayKvxdQvL1yVLJ0PECAq0TPTrQ+KRA2xvAuYFsMEM1
|
||||
Jl5crEhXa9qYFA2/lQm/gd4+p+D24o7W0W/F5X4FdI9cKqG45Jb3U6GLZPettF5P
|
||||
C7Ogs5IDDhdGQ9Gk3ZAUhmaIEeOdyv2y5uI1a31kbQbkWGCydg9XJwtJOhj28TTT
|
||||
rImw7scvRl3gfHA5kk8gBiC30kQLFWmOxAk9sP8yOD0G+2n7thH9xucBhCz6K51K
|
||||
f9G7qHY7gL0c5Hf9uX3EXpjdtBeHVbkHxk1yi5/QleEgHGRH6k86p918jgQf
|
||||
=YdQV
|
||||
-----END PGP PUBLIC KEY BLOCK-----
|
||||
|
|
|
@ -1,6 +1,47 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
{ config, is2305, lib, pkgs, ... }:
|
||||
|
||||
let
|
||||
# _____ _______ ____ _____
|
||||
# / ____|__ __/ __ \| __ \
|
||||
# | (___ | | | | | | |__) |
|
||||
# \___ \ | | | | | | ___/
|
||||
# ____) | | | | |__| | |
|
||||
# |_____/ |_| \____/|_|
|
||||
#
|
||||
# errors such as:
|
||||
# mod.zeroconf-publish: error id:47 seq:349 res:-2 (No such file or directory): enum params id:16 (Spa:Enum:ParamId:ProcessLatency) failed
|
||||
# are harmless and can be ignored. You most likely want to restart your local avahi-daemon: sudo systemctl restart avahi-daemon
|
||||
pipewireCfg = contextExec: let
|
||||
pactl = "${pkgs.pulseaudio}/bin/pactl";
|
||||
in {
|
||||
"context.exec" = contextExec ++ [
|
||||
# should be loaded by "server.address" but that is either to late or razy on 23.05
|
||||
{
|
||||
"path" = pactl;
|
||||
"args" = "load-module module-native-protocol-tcp";
|
||||
} {
|
||||
"path" = pactl;
|
||||
"args" = "load-module module-zeroconf-publish";
|
||||
}
|
||||
];
|
||||
"pulse.properties" = {
|
||||
"auth-ip-acl" = [
|
||||
"127.0.0.0/8"
|
||||
"::1/128"
|
||||
"fd23:42:c3d2:500::/56"
|
||||
"172.22.99.0/24"
|
||||
"172.20.72.0/21"
|
||||
"2a00:8180:2c00:200::/56"
|
||||
"2a0f:5382:acab:1400::/56"
|
||||
];
|
||||
"pulse.default.tlength" = "96000/48000";
|
||||
"server.address" = [
|
||||
"unix:native"
|
||||
"tcp:4713"
|
||||
];
|
||||
};
|
||||
};
|
||||
|
||||
cfg = config.c3d2.audioServer;
|
||||
in
|
||||
{
|
||||
|
@ -14,55 +55,12 @@ in
|
|||
boot.kernelPackages = lib.mkOverride 900 pkgs.linuxPackages-rt_latest;
|
||||
|
||||
environment = {
|
||||
# _____ _______ ____ _____
|
||||
# / ____|__ __/ __ \| __ \
|
||||
# | (___ | | | | | | |__) |
|
||||
# \___ \ | | | | | | ___/
|
||||
# ____) | | | | |__| | |
|
||||
# |_____/ |_| \____/|_|
|
||||
#
|
||||
# errors such as:
|
||||
# mod.zeroconf-publish: error id:47 seq:349 res:-2 (No such file or directory): enum params id:16 (Spa:Enum:ParamId:ProcessLatency) failed
|
||||
# are harmless and can be ignored. You most likely want to restart your local avahi-daemon: sudo systemctl restart avahi-daemon
|
||||
etc = {
|
||||
"pipewire/pipewire.conf.d/audio-server.conf".text = builtins.toJSON {
|
||||
"context.modules" = [ {
|
||||
# https://wiki.archlinux.org/title/PulseAudio/Examples#PulseAudio_over_network
|
||||
name = "libpipewire-module-rtp-sap";
|
||||
args = {
|
||||
"sap.ip" = "0.0.0.0";
|
||||
"sess.latency.msec" = 10;
|
||||
};
|
||||
} ];
|
||||
};
|
||||
"pipewire/pipewire-pulse.conf.d/audio-server.conf".text = builtins.toJSON {
|
||||
"context.exec" = [ {
|
||||
path = "${pkgs.pulseaudio}/bin/pactl";
|
||||
args = "load-module module-zeroconf-publish";
|
||||
} ];
|
||||
"pulse.properties" = {
|
||||
"auth-ip-acl" = [
|
||||
"127.0.0.0/8"
|
||||
"::1/128"
|
||||
"fd23:42:c3d2:500::/56"
|
||||
"172.22.99.0/24"
|
||||
"172.20.72.0/21"
|
||||
"2a00:8180:2c00:200::/56"
|
||||
"2a0f:5382:acab:1400::/56"
|
||||
];
|
||||
"pulse.default.tlength" = "96000/48000";
|
||||
"server.address" = [
|
||||
"unix:native"
|
||||
"tcp:4713"
|
||||
];
|
||||
};
|
||||
};
|
||||
etc = lib.optionalAttrs is2305 {
|
||||
"pipewire/pipewire.conf.d/audio-server.conf".text = builtins.toJSON (pipewireCfg [ ]);
|
||||
};
|
||||
|
||||
systemPackages = with pkgs; [
|
||||
mpd
|
||||
# draws in mesa
|
||||
(wrapMpv (mpv-unwrapped.override { drmSupport = false; }) { })
|
||||
mpv
|
||||
ncmpcpp
|
||||
ncpamixer
|
||||
pulseaudio # required for pactl
|
||||
|
@ -105,16 +103,22 @@ in
|
|||
|
||||
networking.firewall = {
|
||||
allowedTCPPorts = lib.optional cfg.ledfx 80 ++ [
|
||||
4713 # pulseaudio/pipewire tcp sink
|
||||
4713 # pulseaudio/pipewire network sync
|
||||
];
|
||||
allowedUDPPorts = [
|
||||
5353 # mdns
|
||||
9875 # pulseaudio/pipewire rtp sink
|
||||
];
|
||||
};
|
||||
|
||||
nixpkgs.overlays = [
|
||||
(final: prev: {
|
||||
ledfx = prev.ledfx.overrideAttrs ({ postPatch ? "", ... }: {
|
||||
postPatch = postPatch + ''
|
||||
substituteInPlace setup.py \
|
||||
--replace '"pystray>=0.17",' ""
|
||||
'';
|
||||
});
|
||||
|
||||
python3 = prev.python3.override {
|
||||
packageOverrides = python-final: python-prev:
|
||||
(lib.optionalAttrs config.environment.noXlibs {
|
||||
|
@ -156,13 +160,20 @@ in
|
|||
services.pipewire = {
|
||||
enable = true;
|
||||
alsa.enable = lib.mkIf cfg.ledfx true; # required for ledfx
|
||||
config = lib.mkIf (!is2305) {
|
||||
pipewire-pulse =
|
||||
let
|
||||
default-pipewire-pulse = lib.importJSON (pkgs.path + "/nixos/modules/services/desktops/pipewire/daemon/pipewire-pulse.conf.json");
|
||||
in
|
||||
default-pipewire-pulse // (pipewireCfg default-pipewire-pulse."context.exec");
|
||||
};
|
||||
pulse.enable = true;
|
||||
};
|
||||
|
||||
# tell Avahi to publish services like Pipewire/PulseAudio
|
||||
services.avahi = {
|
||||
enable = true;
|
||||
nssmdns4 = true;
|
||||
nssmdns = true;
|
||||
publish = {
|
||||
enable = true;
|
||||
addresses = true;
|
||||
|
@ -172,11 +183,13 @@ in
|
|||
|
||||
sound.enable = true;
|
||||
|
||||
system.userActivationScripts.symlinkPipewireSystemdUnit.text = lib.mkIf config.c3d2.k-ot.enable /* bash */ ''
|
||||
if [[ $USERNAME == k-ot ]]; then
|
||||
systemctl --user enable pipewire-pulse
|
||||
fi
|
||||
'';
|
||||
# TODO: change to users.k-ot.lingering when updating to 23.11
|
||||
system.activationScripts.enableLingering = lib.optionalString config.services.pipewire.pulse.enable (''
|
||||
rm -r /var/lib/systemd/linger
|
||||
mkdir /var/lib/systemd/linger
|
||||
'' + lib.optionalString config.c3d2.k-ot.enable ''
|
||||
touch /var/lib/systemd/linger/k-ot
|
||||
'');
|
||||
|
||||
systemd = {
|
||||
services = {
|
||||
|
@ -195,7 +208,7 @@ in
|
|||
|
||||
mpv-pause = {
|
||||
script = ''
|
||||
echo '{ "command": ["set_property", "pause", true] }' | ${lib.getExe pkgs.socat} - /tmp/mpvsocket
|
||||
echo '{ "command": ["set_property", "pause", true] }' | ${pkgs.socat}/bin/socat - /tmp/mpvsocket
|
||||
'';
|
||||
serviceConfig = {
|
||||
Type = "oneshot";
|
||||
|
@ -232,7 +245,6 @@ in
|
|||
"pulse-access" # required for system wide pulseaudio
|
||||
"rtkit"
|
||||
];
|
||||
linger = true;
|
||||
packages = with pkgs; [
|
||||
(yt-dlp.override { withAlias = true; })
|
||||
];
|
||||
|
|
|
@ -12,366 +12,330 @@ sops:
|
|||
- recipient: age1a8k72egc2vg4jn445wwcr0a68y9xu5ft68s2xwehugs5sjawpv4q5nnrmy
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrMjdmQmcraXU5d0REMEkv
|
||||
bUcxdXlUY2dSTWRZbEloOXBnamcwd01WblhvCnVFa2cvNDBKSnpFQzhkMTAzVjZv
|
||||
bWlLS0xvTktqWVo3UTBqd3BhUHoxWW8KLS0tIElRcU5rL0hkSFZ1Q0N6OElldE9r
|
||||
N2dCelAveDVaWnl5VWRNOXFyZjVwK1UKHBKL7tyhxm1WFn8rHWI3ibiWd2ZtOK+o
|
||||
5WhA5jE8Rq9olmKD8EVw2VvpLuOXrXqTAcSz71PkQnOKgMknPXbvlA==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBOUUJUNWJTT291amowWHgw
|
||||
SlRBL1Z2eVE0UHcrVG5BUlJ0MXB4MmZxbUFvCmdkbS9Ld01JRTREWHBic2M4aGFh
|
||||
dzdJRTQyMzZ4RjlhdlA0emdTblpoajAKLS0tIHV5Q3dWRHdvb0Zid0d5SmpDQ3A4
|
||||
b2VvZ1p3TVRrRVlSVDgrMkpaSjB6NncKGbURRHJz7VK8HQWC4l5sGO48tLygoLqE
|
||||
qwAF0XrOPj7JNiHgTaMCnErL0qlC+fSdF5qJzVDUmVIGylxAiDxfCw==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1y7lxpxskqclwqluft2ct2c3u8weehus6t8evwk7cdnpakxzgcquspn827x
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKSi80QjJua1BtRVJUMDJP
|
||||
aHl2UTh3bmY5NXJvYWRrNGdFL0NDeVRsRFM0CjI0OGtXVklmekh3RTdVUnNaZE1W
|
||||
Tnd3UC9PRjRVZjVIQlVhT2k1R0c2cTQKLS0tIFFaL2lwQjhRZy9XVjV0SjFFS21w
|
||||
QjI0R3poaDFUU2YwQ29IWG0xV3FFSjQKwqGUYdlUBmXxq/DigFvDIKb3acOppMph
|
||||
rxwZtVSHyGERasIwrHM0XM5iHUxLMrYdB7PWiOJ5retq45kLrFtN4A==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA5Z0ZtUzNBdU8yV3hNUXRp
|
||||
Rmhyc2plWWRCNlFoTmQ5WmUrQUFTZzA3QkdjCnlxdXVBSnNaL2hpRUF6V2RaaFRF
|
||||
QWh2eWUrS3B6a3N0WXdOOVZmMUpsR3MKLS0tIFFuNWxSR29wcXVkRlVidWlxWFV2
|
||||
S2VYQVhJQkp4WXRwRzFkWWgwL3N2THcKM1+IVyVAf4dweSYOqxbiXeGK8bjOx36g
|
||||
YOljEhvpD75JITSs5o46mqZ8WFGIIRK3ejKaFzX+h9OSBWPKJpe+Ew==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1lccjvj9z8de4hfrdeumm9eu7awef4d9jygv3w7zdash3fhv6e53quy53wz
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBFaE04M2lDTUVvR1pnRTZH
|
||||
ODZYNFJaZ3h4VHNMSW1sck9xUmtwcFY4LzA0Cm5HNk53Y3BaTkNuODNGV3JqVlNH
|
||||
MDJQNWRpSU5VeGFDM25Ncm8zaE9UeTQKLS0tIGpva2JOR0VXZk9HdG5RK2FuMDRy
|
||||
TUFRbUtHMjhldVRyU0FtRUN1azFCVVkKchvcml8FWgWxyj71iFIeC2qGzvKAUlnG
|
||||
oJVGDCL9938prZ97nroLx4ec85W+JYjnzhsTK4kBI4SExc3TgmPJDA==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBkODQybGYyb2ZUK1ZjQ2Zp
|
||||
TEF0NXQrcjNBYkYvaU1pREJ3WUpCYUFyNFVFCmVxQVdtMVh1eEt5MWM1VlFwSFFa
|
||||
V0lSQm4yZUlVWGFBVjlCbHJlYUdMZXMKLS0tIFRQZGc2QkJpM1RMK3djUWR3dnpw
|
||||
d3kzTlovNmhTV2xTKzhsamU0eStQOFUKUpPpGkCOylehKIe6MgVzllYrn10BIeR4
|
||||
89nJAC2evVgv4WCwkffwNDR/qfJrQBDjyA3uf8Y6qE8u9UgWuNaLHg==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1j2euh5qt4a7cvx0t93uj4n9t8y8tkv9h3nefszc6g2q7t7gvngxswhrve0
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBoWFEvUGhOT2VxRWFMNWV1
|
||||
QlN3VzV6a0hUd3JHRC9LQU1LbTVlMUM2ajA0Citwemt5MGRZbEJmNXp2UnRvNWly
|
||||
MmpPY1NNc2Nqc2REVTJQcm8yQjFOaDQKLS0tIDZVWU9YbEhYM0pKYUJsVTVVSFpE
|
||||
L2xicjB4OXNRbzRLY01HZ3M4RlhuU3cKJW42aO3fUK6USE5V8t6nn76D2FIeN+Ob
|
||||
aVysYubnrh6ISPoKT6+bP8eD99rhIHZ7DK6Crd9bSgU/tlypN9lVzQ==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDZXB6NC8wbENLTTN5ODlp
|
||||
RlI0T2ZjUi9BWFd6YTBiWE0yc1R3OTQwOVVFCnJ3bTVGaGh0ajZnOHVJQVFpaklN
|
||||
cU9zZUo2NmxndlpoRnd6TTFCZlVESFEKLS0tIFVjZm1iRTFaNHlhdEhFa25GVk54
|
||||
dlZ3RUhXc0tnK2ZUY3BDaWtmNVlHek0K6NorZtxBnvrwWZsNeTAWqeVPgJEhbv4I
|
||||
NJ0wW/H7kNdoMJt9fzdTXUhaxbIox64fBvMMfnMBvRvcyKc4o+02Dw==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age13dl5qjzddaazmquf7zfecru5tr4ld8l8xd7xpmhaqqzmchpua4usswqykd
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBmd1JSNEQ1MVliK01hVWJl
|
||||
Q2wrbjFVcDBFTmJncGJkT2d1OHhuT3dYSzBJCkFlWmxLbWlmVEJUYmh4SzkyUEVO
|
||||
TkNieTNuY3AwNUNBUXJPVjNmcmJ2TU0KLS0tIEJOek5leWNJcnFqWnBNWitncU5D
|
||||
Z1U3L1JpdzFXL1hMWjRXaGd6cDJ5aVUK+47RF6CeOpalMdqvxLDloJNs15HqpMAH
|
||||
Jz8PP1lyJxRtbvhAhvGAP0pi4oZBKIy9ax4395oWh7EQuwGMJUiA3Q==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxdnc2V2Z5QWtzeExiWFVm
|
||||
SnAvQTRjTkp1NTUvbFlkN2NNczNnTEdZd0VFCkZQa2FTRHdON2YrdU1GRWFlVmlp
|
||||
dkNES3d0dU9jM3hRd0UxaTF6YzBvNUUKLS0tIC9nYm9jQ2sxQmVPcVdjc3dCRVdm
|
||||
ZmpRcVZKMmM0a3dlYnU0UE9tTVVmaEUKbDVa5Ic5mTaVBFAQyRZ0LTzQfz2jSxwe
|
||||
KbXYMFbEmMQ5Y3RCOIJqkFUgyPFAmmlIKmXxmF1LVWpQP1Tv+IraUQ==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1w6u8zjfya63q9rjfll98eegnfdsvyaspnwn802t2mxh47gt8p30q0kn898
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBIcHFIcDRidzFiYjNZVGVi
|
||||
bzVSLzh3YmdkdHVEY05NT1VwWGNFSlFOdWprClJpeUFodTBHU0FHT216VUhBWkVz
|
||||
NnpDWEdJYzRDd25JLzdjL1hWdS9ORW8KLS0tIDRyRlhyUzgxMk9GY2FoSlF2MW1V
|
||||
QlRFc2hMZEh6OTFpWmt0czBHdnRmTGsKtuFvPrMDSIO4rKoV8XXAUdNrEtocW02r
|
||||
NttYLrUzAewvVen08ANBs6d4H8g/5aswxLm0iXWBEj/hlunYy5i0lg==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBlbzNrekNDNTcwSnNrOHZE
|
||||
Z1UrSWFjbnA1R0I3bXpYYUY0L0tQTmpLL1hnCllCN1lCSHZ4dE5KZzBjd3FCc3li
|
||||
b0U0V0ViNHMxVjVDNjdqSi9aVUs1b3cKLS0tIGFZbytsRXVNNmlSUzUvTG85eXJv
|
||||
ZjYvWE9IZ3QyUkFKOWxvRDFUME80OEEKNVC1mWSBCDN5XiaB00YtPsluVEtEa6zt
|
||||
h9foSEx7GksMRS/Z/EeItRPyyoEDvzJCU7IFT9DEUDqvxmXhb8bMKA==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age12n5k6c4rxp4mjnexw9uw83yp34sallt44kldupfmxr2xkppj8a8sdsmv8h
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBuNks1OVlaQlZZR3JoN2tq
|
||||
L0lXbU40dU1LZThLNnBxMTlCR1EwOFNwa21RCm9tZUFYNDdzekNwT3lqRVlCSFhx
|
||||
MWpheFZHWWlka3lZUlk1eDV3eU9XSEUKLS0tIGExSVBnenc5eG9uSFpEZEswYVdH
|
||||
YUdCR1A2cEhMb3k2NFI5cjRjSVBKeHcKqfuNijzpjuX7icgvfhXWKaz0xtFwiAsQ
|
||||
XcVn6lYxtVPcIF6BWAsoSzyVk+cW1pTVQMWh0MiRO8XUE6bk6NUj8Q==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLTmd4MWtEQk5EemM3OGRs
|
||||
SzFaUmtjYW5JNHlEVXVxTnZWaXFxWEVzQTAwCjBHS3ZZcHFrZGZTZmtVNExhV1I2
|
||||
Q2VNK0h5Y0ZVR0ZHYUNPTE1ySmVFZG8KLS0tIERNTmcyZnVyQ0lOdmxydExsa1FR
|
||||
RjMyWVZ0ZE9rSWgwS21hczlZN2gzaXMKB5kyJ7IOc31IhS7Ah2TetGuo8dC/IOjy
|
||||
Jz3I8gtey1sTTpmfPam99HeCO70bxSFvYjrvKFRmZmVQtk8uJc79uw==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1yahhqn2620300n20k68az5lr2u42wdgtjwysgqyr99a4cj52ay0qjw02pl
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNeE1xR3ZwVFRlR3dTREVD
|
||||
L1BYa3lyTVlxV0dIT2s1eXdoS3ZZWENCOUVnCi9TMVJrWENyZmFIeEdNZHpUMGFa
|
||||
WnJDZGlYeVFHc01wOFpjOENIWkpyQ1UKLS0tIGJPVXNtYVRWSjVPdTlBek9Idk1i
|
||||
cS81bHBjTDVhT3g0eWVqb0lxK3g0WFUKDVMVhIt6FtHzO/Bxp62mOCapvg2zwR4t
|
||||
mW1YpzojZr3rt7/su+Ck5M7vVD99pPRB4sVRpGZ+W60YvzJ7iWJ1UQ==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBIeWQ5SThoUWdxbmw4Rk5V
|
||||
RFVBOWU5bGlpZmhyb1FoL29HdkdqLy8vUWxRCkNuNVRXUTNjaWdBMzdIcUlDSHZ3
|
||||
OHJIN3hmRFhLdjBwcmdXV1AzMzNMN3MKLS0tIFVsT2laODJrQnBHRFNGcm52d3F5
|
||||
M1hFRWNuT05oZ1FPczV3K0p5Z2hvd3MKEVXISQgPLaTTU6YA/IIA4UKyLmCoHWf7
|
||||
k2/rXVlumhW+WPmMdjJtJ9bc1wNwjiQ1n70jWKN1a9R9c19mR8epcw==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1jt5pj0c0fvmzg7quaucq4n2rzcx9ajzstp8ruwc8ewjpay5vqfqsdjaal8
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBlRklqS2s2djFrbVh1Z3or
|
||||
OGIwcnFQT2Rqd1AzNlArWWpyeWdmeFRjZ3pvCldhc0tWKzAwWUFWTnJ4ci91U0ph
|
||||
dDNiNmx6Yk9EVXhBTkVlN1JmU2pORFUKLS0tIDVnK1dGektxQllEdWF3MllNSjkv
|
||||
dmFLaUZrLzFLai9KaE5HcU1OZWxKT00Kji+tv+tXIe3wRWZoxA2Qh8VmyfsKZ9eV
|
||||
LxL3/jmNy6F0aDX4kJYBO6F/wzQt5jsTcmuHrAI6US8nHYiQtjp54g==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBZMUsyeTJINWVSOXVENlpC
|
||||
SVhERkNTSUNZMXI0YXRVR3VKWG9OaGdOUkZrCmxEajNMUnN3UDl4bTFlaXpmUG9l
|
||||
dS9uOFRnMnp1MCt4aXREY0xjbTQ1SHcKLS0tIDhuNVptL00rcndLWWxndU9HZzZW
|
||||
emRNYk5LNTJRcVF0NzhmNGpVT3pEVmcKm32u460zGZXKSjuitae9y+LUg8T8+BoQ
|
||||
W3rHqpIhV2gEGwHyLch86hzmpnihBvzq703vChSF7iJhE4Jb6lvqcg==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1l2tld2cttpkj4vpuh9hm4xjwq94rmf8vukjgvdzcvwwtze6k6s6qjf0s5r
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBTUnVMcHVlS0l6M1dxRFo5
|
||||
WmVJRnUxT3Y1eHJHUFZSVVJUQk9wUXAxYkZBCjF2OGlyYW5RZ0dva2V3b2RMT0Ew
|
||||
bmFTYmQzdzdEQ3d0QS9ZOHc0NW4rM0EKLS0tIE5SaC9pRjREUGpEM1VuT2ZCSUxH
|
||||
cDMwWUwybkdNMTFsQmt0dW9GTmpCZWMK9DLVZzlCqyFBhL1sxO3pBe09ymcFvut+
|
||||
JRgeRZvCW2qiftLLe+MRBeqDtkZ9Axw66B8PHOuZLypzBLBZotPZ3A==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqYjB3ZTBvK2JlSEhnUkc4
|
||||
NlRUWktpazl2LzRSNzBJb2RRcG13ODd5Zm0wCmNIY3ZYWjdvcUd3ZGNtcmxSMWpD
|
||||
Yzk2NHpvZnh0QjYvZEdWaUM5NFZyMmMKLS0tIFBwdm15NjlMOXNheUJSUWZxOTRD
|
||||
bEJtcjArYk5scVZoWDJoZXl1dThaWnMKdEnFNJkEYmbdnOVg88YwLN6VIsNv9brN
|
||||
+b8EPF8ZGyxlofXPRVtgx0RKOMVJeL9KstBAsJxrWbBlwgeQsYygHQ==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1px8sjpcmnz27ayczzu883n0p5ad34vnzj6rl9y2eyye546v0m3dqfqx459
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxWXBRU3dCWm4xSko4Ym9V
|
||||
WDM3c1p0OEJ3bkIvR0wzMi9PUnJDOFhQeVVzCm0vaFJiaWJWbGNsRXl1SEphVXo5
|
||||
RWlZeE1Ga0Rka1kvQ2k3SXFuYzJ5ck0KLS0tIFowWXNtaWh3Y2NpUWlHZGpsVTJ3
|
||||
T3lDSnFCNUhwOFhQdjBvVDJlcnE2S1EKJUxaE7NW0UkduN4sEKwl2X0Q+DVyLkyV
|
||||
zFtLsfepX6LMFT5AXxaaUCnmPPq3y94FSEZn3F21xnNLrAUcyv/TFg==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAwbmNOWmh5ekFhaDZJN2pP
|
||||
a0szVzNlNXhJVkw2RHNpZGY3QnJ0S3JtbFVzCkRwRWJRMEhpZWJOK3dXTVBVZytF
|
||||
VTVTVW1tditZaFNjc2NZVE8zQlh5ZlUKLS0tIGtBUWYrVEFrbUNjWWlPbklmMmNq
|
||||
dXdHcDFJejRRQkJadGlRczVocUl0Q00KMdLrz6l5caU+ZBbHho89PKvUBVXa+0EG
|
||||
Hnsi7t0fpj44svhXpRyAD/4xhesxTAoSntLzh8z50rAG02uIMzcZLQ==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1tnq862ekxepjkes6efr282uj9gtcsqru04s5k0l2enq5djxyt5as0k0c2a
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBjcEtQOU8zVVNvQzRuVDlu
|
||||
TVlBRnBKdFlSSXJCVHlOOVd5YVhnaXlJcVU0CmFhbmROUmRCdlR6cDZyMTdQSC9N
|
||||
Z01Vd09qSWpnRE5vZm1sZUFuRjhOem8KLS0tIDY2V0pFWUpwcHUyYWVubGZFVWNX
|
||||
SWt3OURIWDhSWlgrSktzWE1zdFI0cTQKU/lahLOisqiKam+A4wf+n9/EhzF61cX0
|
||||
0GKt8sn7MWZBEwgDEW0vRkybweKK0E6DTGnlHCFi4iRnoHCHKdxreQ==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpQXlyU1JteWREU2U3WjYr
|
||||
Wjl5VXFZaThDVmo1VFFzRW5yS0hjWWFCeFVnCjF0N1FFZm1OZGcrcHpVRCtFck0z
|
||||
ekF5UGZKNzhCREZGZHFJVWM5NXJHbDAKLS0tIFRwZXBLSXU1VmEzS29HVXh4ejRw
|
||||
MEVJc3NrOCtOYkZkYzdLUWlmZzQrK2cKg5Gs+UUFk+e5IwhM2/Ye7OjIXnxnsH+a
|
||||
zOHgdk7Z3ccTvEpqIAWdkyfpXve+U7IAOn7yLK9Qzp8qlB8wMuWV0A==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age15t7hj27j6ccs8u7mfz8su3aa74g4dxp4crkgc3c0rs28hct7q4ssgk8zcm
|
||||
- recipient: age1jr5mc4ekmjf4uk2ue4xcuy0yl202phlu2t6c544qfj45ahzag56s4d0kzj
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBRQ09SRmpzQXRLelByMmRK
|
||||
eU5SOWdYNWs4K1JyaURHTTF5MzFaZ1k2SGxJClBQbjZjRWluekRheng2YVA1Umto
|
||||
b0RBeFhlbktGMWFtRWk3cDMrVUFpNzQKLS0tIElvS3M5ekkweEcwV0p3TTA1Qnhn
|
||||
YXRoWVU3cHpnUm5nUmlpNXNBbHFBWVkK3HjjYpL60fU7n3d2OJZ2W2YHHuyX47rN
|
||||
g0jqQ3WZ+f5mH28oLnkx1FWMvTc+D5WsTivMIL6gatHLS1KKwHR2fA==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBlak0reVV3WkEyNWxNZ2Fs
|
||||
UFF2UWRabnMzVE5jNWZsSU9CemgyT3ZWNUg0CkhjNzBJajBzS1JJTkt6NWpialRU
|
||||
RDRTM2VMVzh5TGdKTll2cUZObm5aMGcKLS0tIGx2TTcwTWNvMWdiU1gwNzcvQjNa
|
||||
Mnh3VEFnZ2hEb0lzY2hwRkxVY0pSNzgKRCptD042StOhvcTvP5Wgx/r8hjhaaSHJ
|
||||
Ba/Ru7kCWpeYZ7VMCxDkvEoqqCCVdAJ9GANal+u7jWgsIvRWy9HJ/w==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1dcpd6u4psq3hehjyjrt3s7kzmnvxd20vsc8urjcdv6anr5v7ky2sq9rhtt
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBjS3grTFVsdXNHaFhXd3ZX
|
||||
L05uQjZBV24yZmxyTytWZGFtOHRlcFN6ZVg4CnRQalMxbFliSlJPanZva3FKWk80
|
||||
Z3VIY3pQTnBsZys0dWxYaEM0KysxYmsKLS0tIE9PMm9SVkVjenVsWDl2SWZMeUtq
|
||||
SGpIN3g3cEJCVVpSSGVwMkFhTm9YV0kKi8vRWv5/vpsFI4cG4KSA2lEb8Dr7uk6b
|
||||
7RXnNe7oFCYoKIydzeSrPmp7ZZZhU8oOzSP9uksypMbo0PK2gwgCwQ==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB0OHVXRDhtNnZFaG45UEJ1
|
||||
emtvci83aUpQYUIwSUQ1RjlaMXQ2YTdCYWxnCnhZOThsNkUwbS9mZmJsUFhTQ2s5
|
||||
Wm1UNGNRbmtIdVhmRzVJblR0V21rMlUKLS0tIHRYN29NMEppeG8xZ2RYc1RKdXIw
|
||||
TXZOZlMwVlZvUHJCalNSbTcxaHlWTjAKXLUP2+LaPGGc0YUFUkf3lw1nZBd0iwRF
|
||||
P0jqpKGE0YB1twFAkW0xjRgu0Smtz5kjO7oalxsKtcDD5+YL/pa36A==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age15vmz2evhnkn26fyt4vqvgztfrsr2s8qavd2m6zfjmkh84q2g75csnc5kr6
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBuNkQxa3lSRml0WHMzWHNh
|
||||
NlhYQmtHaWZ4Qm50U2o4ZDQzY1hqK2lXOTNrCkJETCtnWEsyTmtndXU2Z28vR1Ux
|
||||
Z1czR2lTa3lIS2xibUV4S1h3N0NYTEEKLS0tIEM3WVFDdHVUN2dmbjhBL1p0LzY1
|
||||
TVFKVTNCSGl3aXluYzlXZUxRS3RYY1EK3oLbAGt0PRwAuqqFdvn/y9Gr2gThkAXg
|
||||
jRB0zD6RF4UQm50w/U/3EocYAGQt0Qez2+oUCWehGAimyH34s9FgwA==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBFdmRzUUd6VURnTS92MHBG
|
||||
dXJwOVcxQ3JhU1FiZ0lzSGZ2S1RnZy92bDM4Ci94czJHRmdVTTBXU0p2bjB1c1FP
|
||||
V0hIeldMaHU0Sm9YRFd1MlFQNTN1YXMKLS0tIEhPeTBIb21WMjBuUzVqQ0JWcW9Q
|
||||
emRja3Y3TXcxRWNjdXpNYTdmTVRoVkEKcADVTAHmLBnZt9LE4aalXt4ephW8xHMF
|
||||
IW1WL6LsodilwEMs42rkCirCf8bsBbTuzUfPkEvHbkucpgkrr9JG7w==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1s2ww76ll6nclz74gny27tk42xfsepl23z2k0849a8jv8xpnmpe3shgunxr
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBnQ3RPTTJFTnhtekhSQlhs
|
||||
QWtmTFNmaDh5dmZ6VGhnYlFqTXdLaXVWanhzCk8welNTeG1MZDF0SzJvelZxTElZ
|
||||
ODJYLzJtMWc0ZmVCS2taVm9Ic0J3UFEKLS0tIHg0RzRtMU9jY3A0RDNSUHRMTUxV
|
||||
SHU3LzNKVmg0Z1dsQlBlR3U5MjNpVmcKS0lHBTMy3iqyInpIamaz2gY+0dUWQkfU
|
||||
212SUmDG6qhZQUhjxgutI/Vh96oJUPPyz7IhCNPqNkUb+x6uqmwzuA==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBOSFlXUlBvc2w4VXFFclBG
|
||||
eHgxSndXTHJ4T3pmaExGaDJpQXM3dWlCczFjCk9aUTZEUlBwWHNIZGpxSFp4dnl0
|
||||
MFZEakRUNzhua3N6anFzYjhBWGhYZUUKLS0tIGM3TXRKRk9vUHh2Y0FETkxQMWNx
|
||||
UThva29zdWNuVHRyd09aRTNvM3NmYUEKVw3hLRB04UXDfdRd6MafCHBDaqtJ7zs1
|
||||
D3ROK/UyhyptQAWhozZ5WlgPxQTydZoBfZegEpQUd8HvOWX8nqLU/Q==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1xjvep7hsnfefgxvuwall8nq0486qu8yknhzwhf0cskw5xlpm8qws9txc56
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSByazMwU0lhVzUvMXoyblF5
|
||||
aTdISXQ3ZXFZMnhFTWdPNTJaRDdqdnpkdEVZClhicVhwNTR6eTV4bGJPcE5ucG5Z
|
||||
SWpNQWd2RGtRcUx1T21Ec1FDdVJWekEKLS0tIEU1dDFHaUVaaWk5K0crdXVCNDZy
|
||||
bE02THRmdHNUdDUzNHEwMUZ6c0w4cEkKyuN5cJI3z6tlQxKeZtsiqH8DC3E2Z6kR
|
||||
f+xl6LWO4VzihjDMIUw6B9NTLZVGyOumZsLKiV1SiyIp0ZSwPONOCA==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBjMXdKNXJaaEdTQ2w5dFJT
|
||||
SitoMHJNZC9KaE9QSFlLSkpidU5UQ2FRcFdFCmd2TXAxbnE5QXZIYURQdy9RZWNh
|
||||
d2s4VTZHRzk0RDQ1ZUtQMHA3MC9vREkKLS0tIFpIRnZ0dDZRSnBGYnF3R2VCRUo3
|
||||
UytmTGpQZjU0TTFnWk5TY2M5ZzZ3aXcKSIwQV+t5FAv3Ig3w6u++FNqlmgOm/4sE
|
||||
FOK5FCtyDgowyQwc1yEnvve9UgamUXdaDQCTRNRfzOxFJH9mix8Ezg==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age182ms3ygypflk7mtpemp4k4ks9rz4gwhvzc9jlk95u4py5q68ppxstzu2e3
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBsc0F6YkhCTkh4QVRMYkh5
|
||||
MVNsbmZaM0czc2w1QXJvMXFLUGM1Y01ZUFEwCk5xZVR5b1JiOWtzL3dub2Nyd21H
|
||||
SUFzVXBHU3Q4NjFZamc0YW5RR1J6aGMKLS0tIHkrY3dzOURFR3R3Nk5HaG45RVJs
|
||||
UlBKL0VWZGRjWE1wV3FPbktkWE9YMFkKNj6rBosrnREzjGYSAJ+rbto+H/H8d4JN
|
||||
frdT7xwicVWXbXdddwdnVShx5LyqBEZXCYEpjfZe92NnuHb93Wod3A==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBvUHFkWTBQM0VXbEtXRk1p
|
||||
V2VsWUhpODlxSjV6a21YME52Ym13MExpM3hnCmVCMTAxVngvcWVUVzNHTis3Rk5r
|
||||
SnA4RmlwSWlCbW51NTJ6QWNtajd6SVkKLS0tIGZYTDRyU3JTYTJLd0Nhdkh6MlFC
|
||||
ckVudW1qMWpwN3MyNkFCZ3BSL1lqUFEKmtlo+UIa+UMD4pXOdPyzyNgHEQ78juvL
|
||||
Rddx+YQFw/ZbKJp8ca5NEDjAlXj8CRMOKRr1rcPr1Pg3v799kGCpNg==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1cp9gsuyfu52exk0hr3fvj404v5njhahakzwlugwtneyrs4vgdyaq0sg92f
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBkYy9LL0owOVlVVVJ4NFZq
|
||||
Um1GVUpZYmFUOU9VT2dnQkJSdkNKVEU2N1E0CnNXZFFrWDJEcW14WnBSblFrOENE
|
||||
eG11eXdsQVoySm1Jc0Z6aFA3N3VFcjQKLS0tIGNOYk15czBiWldOK2ZMY09uTHUw
|
||||
YmVaeEdkcDRlS0ZDMWUrZzVpTVhkeEUKpayxamzNQTp3TAVLb+IibPpqIizvTAkW
|
||||
y9wzQRq1mB3B3TW4LCpE3Ld0WIEQv/5pXE5Qtz5HpLck226SFhDc6g==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1u6xeayzwfdj9l0mg3f4xvjd8e9nemz5psqavauvacjgp2nku95yqc4f29s
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQUVV5aTFOdHIxT3U4a2l1
|
||||
djIyb05Gc1VJQ0d6TGFvTXdDK29ITGRNSWx3CmVLeG5za21weDFMWm9WWUlzcVZ0
|
||||
YmY2TDVTdk9yNFo4Q2pPU0t4TXVhTk0KLS0tIFN1bGtrWURIamUwWW9LUFdSQVVP
|
||||
S2RaKzZ6TDFmbldoako2TzBaUFBFSlEKdIeae287NYngsVxv05EbznwfAYWTxSJU
|
||||
8u0I7aMylnk7Sicu88bAWU4Xd3gF/F47U3UbFYnknh55eSd5LyWRNw==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1makkpv2t74lxmw0nk6m89nespva7j700pmt83pl5a4ldtj2k8fzqakw8h7
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2RUpMQ0s4UXMyOUJzclJ1
|
||||
eGUzSVdvZzY3cFBPcHFDdlhTbTI2bDZPaGtZCkdMeXNBeXJDTmowY2l1eDErajdD
|
||||
RFpYWmJFM1ZYajhIYWY1anFaNjhyWE0KLS0tIHQwY2dsSzE0elFRMG5qbEJLc2dy
|
||||
M0xMWDFlV3lNRXNQeGJNNUZ6RThaZTAKCScgBGFndzjFJC5VhnmHQr9ZPlLJBnH1
|
||||
JJDfHS6Y3AXcO6e+IiRLdtU1N6FvYf9kjN1tEoBPQitunm9Gks9Waw==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0SjJwS2Q3aVdkTkxHYng5
|
||||
R2VJTnIrWFRyKzlTMDNnTEJzaEtjaE1ZblJFCnVaNy8xNWpVT1U3bzRTVlFBZktR
|
||||
KzIra2lVL2NNSFBBVUdLOUVyTkx4dnMKLS0tIGloSjgrUUVJR1BzbEplakcrVVpF
|
||||
V0lNdVB3dW0yWlc0amptRm12L1gzbEUKEIfwgZbDLv9M6+Z7TL6QkZoV8tgSj4iX
|
||||
cULGrfBDEcb9qSOaMIGIh3xMHby3eDnMwnrKvMLQk0831ddBZcvpkA==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1kdrpaqsy7gdnf80fpq6qrrc98nqjuzzlqx955uk2pkky3xcxky8sw9cdjl
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrWGJUZHN5eTgydFRsUHpG
|
||||
Z29mUFdwNzNhQXp5b3MyQkpqd2hRSmZuRFE4CmpXZnpCdnRKT2RXU3ZDMXozV2Iw
|
||||
STJrVnM2WjFpWUR0dWJGNkFsWTg4cE0KLS0tIHJsR3h5S1R5UW56RFRNMUd3V2F5
|
||||
YzFnbmo2QXZYaDNMY1plckt2WDl4U00KMo7wLgGtRI95LHBR2VlLvdKG5EZDq1L6
|
||||
XgxdaQ6tB9+8RgAeFXA1Yj286clHW4wGa3iZ5kBOEUY/FVrwQPsf7Q==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1xs22728ltpl3yh8hzvwt4g3gk8uc32lg8cqh86fp5d8c2jlvp3gshmejun
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3RExXbVJBeDBCYzdmUFpE
|
||||
R1BXVit1YVNVTC9zcUZNY0NYVFFrNXZIN1JnCmVkNnJrazdaOEhvR1pUK1ZmVlVp
|
||||
YzdRalhKcEJQY1ZMQVJYaEE4QTVYNUUKLS0tIDJEcjhGU3Z4djJ5YW9DVDJXbGcx
|
||||
TEpRMTlkL1RvZXBsOHRlcWcrLzFWeG8KD80dS3HA+qgaqX9rdQ2mbLcglT5VHRFF
|
||||
D6Rg2bLdQ33C0k/k6Jj2ZKmRC2DUts7AfrZCN9641yUtDoz8hQcTJw==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3TCtyUkFsTElUZ24xWXJT
|
||||
UHEyQW83Z0FKWVVFUDR5N0VyYkF6VTRVNVNZCmFtdE0xcy85UUVkSWRmeTNTelA2
|
||||
b0dCRGJpa3YvRzRVYlFBNUtLV0k0QTQKLS0tIEtaL29mU2E2bEpueXhKelp1eUJF
|
||||
R05UcVFla3RJaTZVbk11aC9Lam0xTHMKQf+dGKhKONHjenWcYR9K1CheKpn5N8Yv
|
||||
czDM3NPB9M3aT83RYjAnMWwPa3I7idf9cZbP02V208Mm1a4qRLdrHA==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age12aukzah0pt2rck52hwn08kezyxueqz2f49ld7hpyuzmu847vavdqkunn5c
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBRTU50TDdyNXFYeEovbGJ5
|
||||
UkpLaFdXOUJRcXJuMUdNRHc2VllHQkpYdmk0CjZXS3ZMYnRUa0xTY3JGMXFJaFk3
|
||||
MnF5a0Jia0tWbWNZeG8ydlRMMUJQWU0KLS0tIFlzeGxNYVBFRXN6S3pla0FPQTAv
|
||||
YWhlcnRXMENTaTRaY1pLRGtYTktETUkK0CiQKJaM+xs4mP2yZ8AzxPEyYzd0gNXD
|
||||
UVX/GxFBdnwlMpA0J6QGPdrs4+LLXLM3A4qrDxZ87Een+wRU4zlTzA==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB6OFozcEpQb1orM3ZoM3FO
|
||||
RWx3N0xGS0R5WVZvbTJmZEp4c1ZmQmtudDBVCndoTm9TUFNDWEp5aXIzRFZkZDF4
|
||||
Q0tuNnBpSVFHeDZucnFBM2VkbER3amMKLS0tIGhvaThLRVFyZlJpT1JKQk5oUDJM
|
||||
VTRRK3paS1hILzJOVDVMZis3dzBEMWMKMGmWdiFvZrRaqx6ddJzrNLWJHn/hMV1/
|
||||
iNpJF4A0B9tWekqPjedGjVs/45ZTDN7dMzp9zqpMHgVP0qxW8jQxKA==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2023-05-16T23:43:55Z"
|
||||
mac: ENC[AES256_GCM,data:OAFdTBgFBtobgRR8WTQR+hfByJBeTM1t4gBxjBmcm9rClz2XgDuFQ/rDYRYEoAEKXoztCZhRqa82DSFsEZkaseaMOX6NeGlcsnXGKHzAmjRJrtEdYawpbH6i0o4r9kTBeMbjzCkP6NhxfjY6kvwMAgmUjzj7sQiSUgOLpeZt9tw=,iv:NTQuU4lN2LvvPKT/IpUQlycTaQayqgHEqFHUCWw4dME=,tag:VFfeht6E9xTL1+s7pt+hAQ==,type:str]
|
||||
pgp:
|
||||
- created_at: "2024-04-13T21:10:30Z"
|
||||
- created_at: "2023-11-14T01:43:10Z"
|
||||
enc: |-
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
wcFMA7zUOKwzpAE7AQ//TJfvgrRgA3Dp/ijlDD7d29BeGimvV0FCel8YiWkUAyg0
|
||||
PN4lW0cimNm0SoP5gIOrP3o5i6uC6/Cnd0L1/nbvLcwousC3gBI5RhyNFepzRHhx
|
||||
8YsdXQ5JWUQMcNbA7gu/3JgPpRXOy2L6sRSRZYqX5pK9NSv3P62QP3vOftG391Ex
|
||||
som2Ma6JxrV3SeJ5NhnXaQkOs6d7+c/kwJRNGfQjOaflmrAO5UHDPxlhQdH6jHQ4
|
||||
SngIKvg5v3dpZeCLO1zjtbBdL8Qa1IksUr33nEYRm+1T1Jwb/Ds0jPGGJFk6rI7h
|
||||
Ruum2QqJacnYjLXwEJ08tlZmumY2ru6bSras0ZtWej2GQ/mrrUrDwBVBuN9uqcGb
|
||||
8vw+02D5/jifFKlxwzWkp48nTA2uf70cQiXDrXJgJW9rnmFcreQctPGV7mF/naBM
|
||||
7D+0pKYudR83glYxGlPXvvABqPlkWZH753LFvzzrYgTa/FV5XdqCWvEDaoolNY0T
|
||||
iqEfZ8aW/AKUzpRoRGbaVzPk5ktqZ3HzcDMuc/euPiL7wXZtHUhZO5Q7rtIG6Wip
|
||||
B14Dpu3F43bk2VKqdCahLcPb3fUfLZdOxpE2KM5Lq5Dm/CBthnZUiBylgEkpjQp9
|
||||
xnQPKjWcWUMq8n6ac1XtR2PkRXRNHsVSaVSQ1tMPtAff5FoE3BODXE58y5BsI0zS
|
||||
UQFIS3N4GGPTq6C0XQ96uO2oBKKkqhdoSd6DGVq24pJPACc3c0fIfYNCneuqLbj3
|
||||
Le/K0ph/7SEhKWItslYg3B8OBzGg3w/uVSikAcoNYNYbwA==
|
||||
=97ou
|
||||
hQIMA7zUOKwzpAE7ARAAlqZKSAkMHpW0F3cwQjm0vzGL8P2Nt3M+5P4rqwg2Pigm
|
||||
r5SmkWZ8PC1yI8Rf5jlnfq13ouolXTqJsD9Wg2L8/OiI7g/r4s+flOCnVwcfxsQ2
|
||||
ni1fCl9sQ/LBbEok3l3MKZnWIWrZkYrd/WrF2l7xYYyJl54sLDY3fGz3Vkndvw3n
|
||||
jd8Pxm22jCZl6hz8COIT8n+AXXpxDEuKpjjBKk9idyGrRuDKmsFXOz4Ebvhqewq5
|
||||
n/g1eCnJVXQ/752bN2VFAqC9oc3dI4BehHuyUp5/ErgUdfDn8hQNu0Xpofk+Aexe
|
||||
bjytwODqGLrkO0ssf3eeGrb+/Xq4LyaKcRgh2z8IhBLmGO3kkl7jverdZzSJvjGV
|
||||
X/t3oK+gaICyM+HyMtbfDrtoIic91LhhiyK8SCpup1f1N58TbcCtd/Tty5JhW92O
|
||||
cHwXthqR6C4eTU84f+CLLc82okvh7Lv1snUvV50+zT0co3CnE5l/HVXHDGzfr9qo
|
||||
JpeW/xIFTvTgbUC7E38g290P1AQ2NHNTmVbpqS8AxsRjLQSZwn3VXlj+JTFUiTOE
|
||||
yfYT8YHy6Zv8/ArZj/l4c+KVkkyaubhkpqZi5en4p8UYTgU+joozwn5KGiiTSZd4
|
||||
x/9AnzQgvRDf1+8rKI3+zw3uFh5JZmiS/ac9fg4YjfR9ZooQHLdqA7d6m7aS8CrS
|
||||
XgEnwkUBjy93phgVY9ziVgtCORZ2sdmEZagP5gu91xJXV+6uNuO9BgN8ucrd08qc
|
||||
FRQ0Yd3vx5RBJbyQwrT7e387MxhFbD6SRN91pzC1HKF7xPMA7zCdWq3K22a2u7Y=
|
||||
=Dehd
|
||||
-----END PGP MESSAGE-----
|
||||
fp: DD0998E6CDF294537FC604F991FA5E5BF9AA901C
|
||||
- created_at: "2024-04-13T21:10:30Z"
|
||||
- created_at: "2023-11-14T01:43:10Z"
|
||||
enc: |-
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
wcFMA6j84+xkv3y7ARAAqOh5UZoVOb0ahU1QcC9HX2RITj/Vsgx5XZAulgyHdROw
|
||||
6cu8TtMxg436MFm60DLU818MIZ28imEGmaEstr9Fkrd6UC4el0BtY+EhWrO4E2Lv
|
||||
0AXuDx2SiSx8YR8aBd24TwtScU6d6NWMe/1a/Jfls2jnVN6Bp1cU0mmKyFbFAHbo
|
||||
30dr9tuvEvvJaNzlHTZcrcEQ03nN0e70+4shQNRlpVNqJzTxZinPj1i43Lb9Myxl
|
||||
JowBF0Tn6gQJ4Q0IE6E74cFPzkEPVTTZGI89ZoSDLcwfXDB7wbXZt6adPIQeY7m0
|
||||
K8E7DbxAkTjmb4Geq2n3ljJ6pFzAEHsi1OflWRuJsokfrNvU8AP+rLSuLa2RIfRk
|
||||
x5gA/OWELpC+Mg7wjxliexjvyAYucfzP6uTG95AxSvVYN6yVuJhHGZKnLG0Z2Aqi
|
||||
f4bPzW+8LqHjRf2dZryJN1kHFkoLu89K6rIGpXSdsltkXLkp7bjMKxuS5Ui7aMzo
|
||||
R6qiv6FLIZIudbjaeHetM+/3Es0N+vWiZDA+8LH7Mp/bO6cA9OLQ4Z/9Vy7NAKyM
|
||||
QrXLoanIMvxFQMPpsxG7xTFPcGfMFY9EQCpNKRKBUpr0SmurSvDEcfK2Anv+Uyo0
|
||||
y8REnMska6HI2t08ZvpTfB0uwtEiqxtHV6Bq63mjQAg391b3oG0v0YNeMIovRKnS
|
||||
UQFPafkK6ADBOICosgr9u9vlSTk0IzWg0CnT3JvetUAvLcu0rSo0Qhsq2hRnLB+k
|
||||
HNGyH6MX+CeJRLBHoE4eURVl3Tvf5b+Yox8F3x6j+PqYrw==
|
||||
=gRFd
|
||||
hQIMA6j84+xkv3y7ARAArgOtJ0YG/kUDu4W6R3kxxfj2tJCymQIAVPTii7/J7egc
|
||||
Pap+YgAHcSLiGAeG5cHqeNtXw1ApInVv/dlFxipewdiS53GmUMkr691VEIR9diaj
|
||||
Ju0FNiS8NZ6JPyLEZ4i+4rWnFwez64WaeliKEjUNau/eyqc/YH0aGgsQrNqmK12/
|
||||
HeKwmBaNuCgw+JtEZgFYYjEv7zyQbwoTltr15PtdLKPL7qwtkywf0d0f7zNqDbZp
|
||||
k8YG5CAKq46n9IYnY5hSdFTo8CbJQHilTHJ8NWsVw8Wf8bxTLRuCTqxyThUmk7mf
|
||||
FoAPgd33WIJSQXCEt+tBMJaj2LlRNh57W23FqcVh6eSt9Vs3WjHdSKPW2NPv+800
|
||||
0Yc9R3mgNC2YxNVSozjK4pFMJWfPC1cDkV2q0SQwfpTzFS3qZwoBX0T+PpPcRy5M
|
||||
x01jLA1O1imsWp3D227QwPwW5h5gba5FNqeFbh0/rWLQv4NqUzdDZvtzcwjic5N3
|
||||
/tvTgw9qEum6v2yOMn8znkmSM2eI8ks7Ljj/BGmFhp6Vpme+XfRLl+lqM/tbBb7P
|
||||
OUrmICb58knukyjsVWfYTQR14zSwBjn5uFrAUFD9lyWdENVNnniNzFWmnCV1Ukr1
|
||||
fxgiGNO/3IJZ/65idY7RjDaVlk+2tCPe71n9mRNorx4LsVmMUUmr/hspbFkXXJ/S
|
||||
XgEb8FpV3g2lZW7v4i5M6NDiO5hctLMlIlAXIXkv7MW2diuSmFjzRB371aE9R76p
|
||||
EUbQbM5StTkWaqBxG3kg9FDVvEa74WyP/qk1rrBvhfAhZN6dW1slM9Ncd65nIag=
|
||||
=YeQ7
|
||||
-----END PGP MESSAGE-----
|
||||
fp: A5EE826D645DBE35F9B0993358512AE87A69900F
|
||||
- created_at: "2024-04-13T21:10:30Z"
|
||||
- created_at: "2023-11-14T01:43:10Z"
|
||||
enc: |-
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
wV4DqDJbhoEBo+ISAQdANKgSMX4+H+dTgQPQU/heGLLK/kFW4S4bjTWfDGaFwkow
|
||||
L8K0GkjtgSMP3jhJ9q9ch7GhzriAPUqQsjqIiWiu5zCGndwcCraXaVrl5qzpk6cI
|
||||
0lEBcMNP7fMNd+nC8BEOca2EVmlOI3BqsR50adoi7dqGqcZNkAmOHjShpPIO6eV6
|
||||
CucESy2hoELxRY6yOsVEA56fcOQsLWwukzVSkxTrb9Zp13s=
|
||||
=75Km
|
||||
-----END PGP MESSAGE-----
|
||||
fp: 8F79E6CD6434700615867480D11A514F5095BFA8
|
||||
- created_at: "2024-04-13T21:10:30Z"
|
||||
enc: |-
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
wcFMAwMCBBrc/JA6AQ/9FbEeBaPRH2KOr2PnVVBi+plAsXpxJ//11P46yMk5Nq5S
|
||||
8FHi2HLyY305rcCy79TvnKAab4LXlrraAwQIQVmMLoYWqp+pzOT/L9wLtHzaR5Hb
|
||||
xjSlpwpKwVpOg9bNJkKfyDmcNcUq51LMLUVffUFnNOOVFSeMXHYhV/17OfM4i4U7
|
||||
lDCW8BOvJBJRNXsXvCmuSpQszlXU1cQGAKSFltjvMqQkoicfLPrHNvUdRmSD/qyV
|
||||
p6q9gmtskp1KYqoXBoUjb9USFyrpnFDRnZUnMHsy5pB/DIHcWDhjduGhoGJnMloI
|
||||
gOQIoEnN+8yHE0VgcrrtSUvi8pv8S0uXPlrG78EAifrBWfJGsn2cd39KwuX8neWH
|
||||
vnze1wSxCMfGgwvmf7UHHL39ynIVnhMoSuz7s8AonPkmn7D0TuFkhLoFeks7sUzT
|
||||
ulWXgR2PyU93vUUN+Kd2B2XMEFk+l/qXjDvOqojz7bBlZadHifGb2STYmONX6OEi
|
||||
rvmBENcYIfkAKNs790+p1KwPEFbi5KsPmSl+BDJfyXgcoRoOeQuI3SVBKFntwfz2
|
||||
R13m5NgcoJqkrBAM5UiLnym+LdPQlW8tNytx4Ysy5rz7ZvipFYLnZVx63DCANBYg
|
||||
IFIEmwbtOjwMquvuBFraHPYfbOr5jvnCKuGVg6tTZHFJ0INT/hnr8JTfv6FlBRXS
|
||||
UQGJS7R6GY5ih8rgAPu7lrAEQqpbAFwUS5iFaexP+6+py4XO7d/bQIRYfGDPo4Q4
|
||||
IVuSStsWRluZ5EB3jXBJtcQ2DIb1TU6q8jtggcU3NeKOVQ==
|
||||
=LMIi
|
||||
hQIMAwMCBBrc/JA6ARAAmPX2VyJu9MIMOOsKWDZrvCUHJDf0I41W86t0vrloFk/a
|
||||
U3ZK1lOnbGZJFMZUk2gT1MQrqz0sccvb+AxcXysTNJMF5G2y9s4BIW00wBmkaqxM
|
||||
gGtWEwcu1au/rsrxXYGxMREB1sHyaccTurTB/mokzO0v1RL8A5hJXgjAA5YuQWqG
|
||||
zaTUG6mJ5he1MTpDb7to80ljR/bmJTqp0Vt3bgmpFaTXiR8x1VukbX/A8/TWdheL
|
||||
lgJNVRcR9GWiKaHi1agsfJIvtmaOjfgDQvhrHISNCwKpGvMTextMUuixJUG+ZFH8
|
||||
dAwD0CVkReI78De2oRoISXj2eNSiJ8zVFlfWKNIPZSHWLsewvfcKCVKelRo6SFne
|
||||
tlr56Wsri5Agp5qZ0hq5wdcjbaYbruCiHS0xbvX3Cb7zIM685ZOxNtVpWwZtiFSV
|
||||
7grErwFgJoxxkcvbZby4ruLd3pMFpQJ1WxraDqWgL+Fd+Ah31cRQUanMncQzoNRX
|
||||
i+0ukzj0GH1oYISPYn8+mt0UALvi+UPKiIhSsPctVpv6r6rt6Jqoj1E/QlhYGLPw
|
||||
k1cuVshYkNEjTOUgwzuYCUtHzv2PmqfrOB3wfFFmnDNbtJWk/ej55XcW87hwjnhB
|
||||
Jnpmhcx2AIRlMFRXRncNwhKexHpTJRZQTlYKC9FZwbzTw3kPxdauu3X38fL8UB/S
|
||||
mAEKy9N03Hp+FQGoglvpbkpioHtUT1bMIC8tSWKMAbXOgQVSJhjkXnX/pQyFzINZ
|
||||
/6X7HovoTv4TFhpXWYpa5dQw0ywJ6H4x1YdZbrrne5m9t8lJo9C035K5g1aw3nYa
|
||||
h4D/pYI0HT1xACMbhtohS24JLJDBd9Cnqj/pQYbxeo2VTf6nJp8ZBUT+3R8NtOnw
|
||||
zs79AdvfiGSn
|
||||
=9Q6o
|
||||
-----END PGP MESSAGE-----
|
||||
fp: 4F9F44A64CC2E438979329E1F122F05437696FCE
|
||||
- created_at: "2024-04-13T21:10:30Z"
|
||||
- created_at: "2023-11-14T01:43:10Z"
|
||||
enc: |-
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
wcFMA/YLzOYaRIJJARAAsJP1LaPktuk1nUNuXNhPydRxfCh/PQvOv9P37U148bRo
|
||||
UlLJtxSCOHHsHXvRD0KIrnhyoLgWTjxzUctAmJgEH/g7uAUxZpwLVk6WGKB5/7jS
|
||||
Tu9H9aBediJIipLJTj8DrC7A3OuNACUZeRZVe9XviR7Rl6jt+1t69o+57+cTSVxV
|
||||
IcgNKanf2q9Zfxhnb/P6QsfrFHPnzbaSvtf8tUsGR7GLTLJ8C6GgJoSRQOIGJHp4
|
||||
4PTPeu7rIMbWlU0E4YBa29l4thxDsgicq1jL9PmLi4xVACTozuBJ5TDeiIAxPsN0
|
||||
K4d+dxHpYcX+5pBggJ3WWqpOmHIttcfJnmiY5cibNZdhRfQFovqstdtiDXxMLpIt
|
||||
6hy/GJJNF7cGQ7/b/eVEcAnYbZEugV9fgaE+5x/9DFAwak3i+1PKkiBC58nyT7dD
|
||||
qCXwWtog6ke6OPaJ5kYaDAe3HNJVJbcgjdhxyjrRy4YAXkqDU51GMZcFLI4/7qMK
|
||||
fyRVT7YZ72obZhmJXnYKJOYxFB38BKL8/Pu+lAz0mtvFFy20xGLmuJbPEQr7Lid7
|
||||
7IKxOzZHjftJ3DgvmE6fhjR2YQ0lb+Vjh8p3aXNgov+2/0lllcYFM9epfBV0+dDK
|
||||
AnAWt5UfsxxANYUwVn8WQ7LC5NJMjq1yvD1zftG0ZiAGitQeTzYvuX0a2ySvU2PS
|
||||
UQFVxqFMvUQ7m49j6UiRaT+YAAFFJYsTUgPNMVC3Mn4m+c5hI4fGSJrgx1v6l0Ry
|
||||
Xu2JYNbR94eN2cyjVirmtEqY6okbVgDRSjI+08clSYa1XA==
|
||||
=rBTq
|
||||
hQIMA/YLzOYaRIJJAQ//ZBWVucA6Rpfwjs8DEYHV0PIrZ5qfx1bOmbGWNqo+V3rh
|
||||
A4j4gGy72LecVzVE2l2qAfGNuXFEoOn2Gw+9yg/33CnyuESIugCPHzqt1fOZRQzn
|
||||
Blfe1O8l1KJp9UkKGkyKvSAj4ET0rOqbk4aINGB8Tbr+ohIs1HA3soEE3/pe2eA7
|
||||
aIJ26zg8+sxzFGO0bMksT+fIZ64a+LgOl0MvJKBZWC052tif53ItUcgmqdWHoDSI
|
||||
rRxKicKzt0wRE511k5CbjHQ+Z+hG49sbOYgda4Njp65/iM3wNw3K2U2dh1XfLMLg
|
||||
MtL6/DzFBORghhHc1/R4RldhYYMVuBTXtXJOuJggdaCxC8AMq88TegVHzOKPR5gb
|
||||
rbP88F4H7x2+K4ofIFCuL7U8vi9f4qraoetaFg1JY3lDei0qcLSWjcgts57UmvVV
|
||||
3BtWIEapMOsY3d7PLNm//1WiQAc2qcBypD/j38ZDfiGIQj69cL2BlJV70LMhyyFc
|
||||
aTR809loHLdCucWWkQCiZmoV/e7xYJ1Ge9n+oJdERRkXkBO1L/409YP16Al8zeO/
|
||||
9GuVjFUjIVj7f4WYqRVNrENBxHs6uT64alwSa/pfnjR+r3UFQL9CJ3VXaZcJziG7
|
||||
yHvl9m8IyvSQoiIEujjNSMzpecTe2EbgHzwIx0+MEZyBDBzO01Vj3SU3Ps1KVMHS
|
||||
XgFlCHqpHfnpsog7ZRnpOuNpCHShvVq7h7ar27uLLPzNC/363GRPfS/8eoI0tRHV
|
||||
P1cgVAJTf9u/BGvxh1dgzrE7tUF0PgJL+HbHIZQZBl+rUFuMQHozr8I1zwtArcw=
|
||||
=2SAM
|
||||
-----END PGP MESSAGE-----
|
||||
fp: 91EBE87016391323642A6803B966009D57E69CC6
|
||||
- created_at: "2024-04-13T21:10:30Z"
|
||||
- created_at: "2023-11-14T01:43:10Z"
|
||||
enc: |-
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
wcFMA9qJIVK2WMV7ARAAtRClrIzX3js9BDbrgrPQL7Xpkvj5GWd47vhw6zVscG21
|
||||
Nss/i3xyN44Xz8IaK5swaPVyqFJtC79vFSSIxQDI4kIosNFxWcee0RdVF+tljqwl
|
||||
WNAJIsxzYcTX2YyQbsilqlUzrtamMwc8chBYuZJZQmIcKAwQLqzra1TwWC9PHWT2
|
||||
AiDankn7rAYFT2EFQjap+Va93ZckktCSWcuC5MdZ/HyG3Vgj+Vu+k0PyL4DxxSr7
|
||||
oURRUyuNjQpycQrOTGIPN9O2MA10J3rYj1Gbfrqn4p6al3vKT5zWckrbAwRHBW/c
|
||||
VnagBneF5bdAdwXCrq+pEhggghs5cXlOZlXrn59NqHPh1zOeAwCkWVgMLEBdn/j1
|
||||
BnynOzh7Cf1T5ksJuf8bkL0cGxj5GfPcwpr32smM8WqlcIUk3gUBPh7uCTjRbhDz
|
||||
6gxFv1gEO9MrFu7/yV5TV18JtJXXyXtN6qaBbfMEM6ZkYf5AqSP+QODoxaxcagWy
|
||||
y9dqfBGNLjmi0JrwGIMmLdyOBF06rPmJOSB2M6XaZac5hPeanz6D9jCE6zkhBuVL
|
||||
+vO41gXecbYPMDl6ok51L74zY8pnXRdIC6VLs2Y9GN1Yhavy0qkZy/3CrZ/IrcQv
|
||||
fj2s3UABuQ8zEYOzteWk7ZLQ1WjDZHJibh/96IHaSSy4zHcVQqtPvRtKg+Rr+oTS
|
||||
UQELH4mBQWoTcX5jr+XIoIvDXTNiSVnh1JU3aD6n5SyzHV8IESbg9+0KWgD+KyU5
|
||||
cHhNISMyKNYkJ059lgUN1uzomXUQNng32b/AriYsqn7k9Q==
|
||||
=KYMC
|
||||
hQIMA9qJIVK2WMV7AQ/+Lms8Kgv5TzbMa7qF3g4oXbJFXk2eHvkP14DqJkxsMdWn
|
||||
ttdEze77gyhkR9U08HDF6g4++oLJP/wvf7aZFyBUTr7PciLiA0x1rIyAoHVcrXfm
|
||||
3KxO69Fs2VpYVEXwAMwUnT4mhiQ/Rmh9rvvgSQ2Ds3G2yFLhFogBQ3M1oUxvNRut
|
||||
ckc31EG0sUtf1XDUSKTP2vOLMuUvMEs9G8BUJx6le29xtCfdYXFtDFJoyM7faitA
|
||||
pM8vYkZhJ3nY7Kfz8VTyqeHQKSBbqc6Qd+Ki14xa++9m5pY7YCmosAe2Yz9wmiHd
|
||||
/gPxKIXIwsXnYCKqWBzcoAaT3HIXeOHdM8iPAPguTyZcuyFA1FzjqzZHvhoE3wBk
|
||||
Kt2ByWvlf4RiJXUOLjPNXkq+XKR7nzXcXqvqqLytzI7L4vWJjidma30mt8F4xsJt
|
||||
rt0iqBTcIkDO/c+bjvl4Vl8DnilN1sO0spDy6hvLX30jRgwB9Ce/HAScneKkxTOu
|
||||
Fz8Nkir1uB3mGWgEVu8Sy5c9f352+8ZbQ49jUtjDz4LZ6Rqo/+9WeHPgRDhY7mEL
|
||||
fG5YKFbpTMYavNUzELEfYMe7XxKsR8qpvsgTVIVOIBR1065W5sufCnfecqyVhsRh
|
||||
LPmwfg10h4YrEU25Ob4s2arB3ZH+UPudM3E6RiCVBmXmG4wPxSpxWZKSj8pn9h/S
|
||||
XgFXKs4S6eJN0tCXcw7i/AwC5u2J0nKjVJWZyGt0tYlhOGlswd+Dos9ApRB/gHCi
|
||||
jdk96IveATfIQ5hu7tdbbWTRbXZYHT1dFli0ufciV1G1UI0TuFX3xH7kvtQa+WE=
|
||||
=cl4y
|
||||
-----END PGP MESSAGE-----
|
||||
fp: 53B26AEDC08246715E15504B236B6291555E8401
|
||||
- created_at: "2024-04-13T21:10:30Z"
|
||||
- created_at: "2023-11-14T01:43:10Z"
|
||||
enc: |-
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
wcFMA9XEenRNYVGHAQ//aORJBdUUiYRVo0Vu6CxzCU36Xz6M8tqZW8jJ7cQ5fFc4
|
||||
l8+sqKdoMprg7epXGcfhsRl/s4nUpZIEgbSL1sH2TiBRnTSO92ajLljTpN5J5lPP
|
||||
HzqKR6K8r/CPAaP7ZNdGiF+kZIwJGYJrbsuI6xtphShTBGBomXsp72XOZmMaREYJ
|
||||
fmMzLx2n5zXxHTd/DlCVt4qINbQyz0AtktyRWHUUUYiaYy3hGfkJlBm0E2nYu7/u
|
||||
BnUR4Yp+L3780Ch9jQJWjp2/jatkHnTCiJB0IhlSyNfOYK2iWAeK4zktSJ7S60BF
|
||||
f4Cqb/7f6hu4UUJR8G7UZZ4aTBxQAIFVPNvuEwxKBmcnl3PXDE/9SNTP7rcYN/jb
|
||||
+L3QIrg9ww+eFEyPHuJnRixYdXyRMP20LaZH5gQ0ZRYEMAfPcUPJMEri5XPRdE1d
|
||||
B4DWQAOpw7M+hbjWpUcuS76E3vEU+CsHxViQcbxAWulSgejzmzF2br5HokfFHAJB
|
||||
QusZjqrZNpdo01b3JCI98qGdil+vTUjI+6oaClgx+IyA1Zjf4xcQqIK0zMSb25UM
|
||||
aLpudR6+mVFnY/UpIZ+Diu9T/iofh8SBsqMxSEzTvMzOr7tCpS7XSPqVkTaqHJwe
|
||||
hfUD5XFmW4mEKk1WawcOzxnVEpbHwbD3brubpgRGh5X4SRo7QgWfrkLgXMlV4V/S
|
||||
UQFD/wzg/1gmF3iOuLm35QHcB6tg2I0Pr9tPgum4+mMz7CSeLDx+/owWKUxDGfRp
|
||||
oXYIspMalqlb/J9a1pFZiPvSKHiDl3MHC51vEFnWpwkhMg==
|
||||
=Vxi/
|
||||
hQIMA9XEenRNYVGHARAAtrIk+dS79ndijDRCUPneUqJ/w98RIQRu2vVC+Q601nrJ
|
||||
Y48vHPMZKLAaXn4NAhJRtAph5aIPgHldgsNHKx+uT+IIIQKPAG/bTr/tlwABo7yw
|
||||
rfCKkOuVwCzNTIBzpgSm7/YpAuOpgVU6FlfUrNBXcQ1YCgMkE+veKaXtIGUbvs1U
|
||||
dd5HfNHpoTY/TNATB7BvcaQMXsUtw4ZAVCkOK4H4xp+7mlSD1cmTdKAOXcAXHWLd
|
||||
HqTYVyuyn4mhHcmWuVV+30FZEGoZcgiC6Mxwxr1blEMbOm5DSaTGLADnQwVt1dxx
|
||||
rvHMOO7fPFXbhXxYFDvxD0/ChGvSw5gtvnBK2LVKLztrGEkuW9TRnC/9oriQv+W3
|
||||
jpo97rGxvLZ6cBVPPRnlaYbkXSr+QF7WGweagXJ+HI2+W1l7UMdNmJpsrqcrjLxm
|
||||
ng/1VCwAEflyki5OlfAMj2VtFghbx8uYXPew/XhxEkPDKwI+Q5dm9dvchNfZtg9J
|
||||
1Ln2rcD7YpANxEyko+MEuUcWJZNV2EFSQws/WoviVd+GoHClP/iyxZSn6uN881Sv
|
||||
+rXVr/aihXjsw70RB2v2lrEnGJj9tA+ntGQFyDiS9+82h5fbG32r3hOneHqn0I11
|
||||
lxafEw8NL/h/fObJuMdFnVkNKXemJuyu1Y+CyqG5OWCXQWgmqGDWsfwhjloJ/TjS
|
||||
XgFkR2Id2j8J4KoyCVWsIJmj4z2SkYrdRS9JhtT1WD8czP5rMef30rcGh1TC44aL
|
||||
rJC/tQLao+d0dV2HZQioXOrkMrkpFG7dkN/Y7VxXDRh+EDTBYPUSGWi/kbGQz04=
|
||||
=j6DP
|
||||
-----END PGP MESSAGE-----
|
||||
fp: 4B12EFA69166CA8C23FC47E49CD3A46248B660CA
|
||||
- created_at: "2024-04-13T21:10:30Z"
|
||||
- created_at: "2023-11-14T01:43:10Z"
|
||||
enc: |-
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
wcBMA45bZkLXmBFpAQf6Am+HdTbceo5UD+fomUqGwWGx62lfcC5OwRZfJaODr2C+
|
||||
sLFTFAo+x7HupBOi5+WFcplJDqOgeGsfb9E8YELU3E31V7jJ9wjZrSlcfxfSScL6
|
||||
5LOt6ognD4rJ8HUSUyUl4ZJhR3ZAJUHVQJwwBALW/apZZXCu0zSIuh/lFCFx+Rjy
|
||||
8eJ92NXVpXw5gsOWT4PKW7BINhYOEquJ1hW8+sna3JYpQkAIwePCrBOZ2KKmG8wb
|
||||
PboEM8fFSc6iUzTTypWq3gedJcZpCIXS12KFBIsU9Jw9ep799hg9lPPYM9JTqSXo
|
||||
E/r28bkPXBI41ZmT3dsvONEMsrYMEq4pEcC5zoJL2dJRAWnJDJ0cB3tcpspFKHgV
|
||||
FevuO8mi+HoP0uaCBQ3Tcq1fjurkbdcCQrIz/WGyV+x/poypBqqq+6N1jO3ytF7y
|
||||
yJU1rmqjIv49MHTS3ygHdsst
|
||||
=iRkw
|
||||
hQEMA45bZkLXmBFpAQf/c4Jzrcw9062U3O1Yh2Bc5L+vLwO0m8+meJ8nAvKEdZ/X
|
||||
u8Xx+PMKBqwqEBnFZW3F1xZmEHjRSExNAg7cebmplQdcF+v346D8+HH93ziF1qzQ
|
||||
hph0qeGjezSC5TmugaCdIiXZcJu5BDu6UGHkJEU86kzy2hBYCc9EGgKIgtJ8g4t1
|
||||
XYpM7rfeX1nG0xNL20Igh0wS45h7I/OEpsyHgrbo8vyKG4UXsNaMWivuilLj23gP
|
||||
gb7HY1UxWLdPE0ow+pFMZ0yesDol/2XvTWfQ/t+5oKgw55Kw7oRMhynenRARW8i+
|
||||
cdAaqD+0qCm+APO958GyzuLC+h5H4KbpHtApamrwMNJeATMLsf3zZs0JvKB09pH/
|
||||
LZCnoTNJUmmvIL67PBUnPvSmvt7l7ccSwjWxIMdDe9s1V+MvkkptEIROoTmCQrGl
|
||||
oDEJhiwKgGBrQ5vYWMTf83zMaWdXmxz2UViT0FNfeg==
|
||||
=gfvH
|
||||
-----END PGP MESSAGE-----
|
||||
fp: A4B0F5A80C2E2448A97BEC25BB829C4DECA6CCB9
|
||||
unencrypted_suffix: _unencrypted
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
{ config, lib, pkgs, utils, ... }:
|
||||
{ config, lib, pkgs, ... }:
|
||||
|
||||
{
|
||||
options.c3d2.baremetal = lib.mkEnableOption "baremetal";
|
||||
|
@ -15,40 +15,23 @@
|
|||
];
|
||||
|
||||
boot = {
|
||||
initrd = {
|
||||
# make sure to set availableKernelModules to the kernel module used by the connected interface(s) otherwise things will not work!
|
||||
# the module can be found in a booted system by running `dmesg | rg "Link"` and looking at the first word after the date
|
||||
availableKernelModules = [ "bridge" "bonding" "8021q" ];
|
||||
network = {
|
||||
ssh = {
|
||||
authorizedKeys = config.users.users.root.openssh.authorizedKeys.keys;
|
||||
hostKeys = [
|
||||
initrdEd2219Key
|
||||
initrdRsaKey
|
||||
];
|
||||
port = 4748;
|
||||
};
|
||||
postCommands = lib.mkIf (!config.boot.initrd.systemd.enable) ''
|
||||
cat <<EOF > /root/.profile
|
||||
cryptsetup-askpass
|
||||
EOF
|
||||
'';
|
||||
};
|
||||
systemd = {
|
||||
enable = true;
|
||||
inherit (config.systemd) network;
|
||||
contents."/etc/profile".text = ''
|
||||
systemd-tty-ask-password-agent
|
||||
'';
|
||||
services = lib.mkIf config.boot.zfs.enabled {
|
||||
zfs-import-rpool = let
|
||||
devices = map (name: "dev-mapper-${utils.escapeSystemdPath name}.device") (lib.attrNames config.boot.initrd.luks.devices);
|
||||
in {
|
||||
wants = devices;
|
||||
after = devices;
|
||||
};
|
||||
};
|
||||
initrd.network = {
|
||||
enable = true;
|
||||
ssh = {
|
||||
# TODO: enable now per machine
|
||||
# enable = true;
|
||||
authorizedKeys = config.users.users.root.openssh.authorizedKeys.keys;
|
||||
hostKeys = [
|
||||
initrdEd2219Key
|
||||
initrdRsaKey
|
||||
];
|
||||
port = 4748;
|
||||
};
|
||||
postCommands = ''
|
||||
cat <<EOF > /root/.profile
|
||||
cryptsetup-askpass
|
||||
EOF
|
||||
'';
|
||||
};
|
||||
kernelParams = [
|
||||
# "boot.shell_on_fail"
|
||||
|
@ -72,17 +55,12 @@
|
|||
services = {
|
||||
# just assume there are ssd's everywhere
|
||||
fstrim.enable = true;
|
||||
resolved.extraConfig = /* systemd */ ''
|
||||
# don't cache NXDOMAIN which often happened for nix-cache.hq.c3d2.de after a restart
|
||||
Cache=no-negative
|
||||
'';
|
||||
smartd.enable = true;
|
||||
};
|
||||
|
||||
# this needs to be unconditional because the keys need to be inplace when activating the feature
|
||||
system.activationScripts.generateInitrdOpensshHostKeys = let
|
||||
sshKeygen = "${config.programs.ssh.package}/bin/ssh-keygen";
|
||||
in lib.mkIf config.boot.initrd.network.enable ''
|
||||
in lib.mkIf config.boot.initrd.network.ssh.enable ''
|
||||
if [[ ! -e ${initrdEd2219Key} || ! -e ${initrdRsaKey} ]]; then
|
||||
echo "Generating initrd OpenSSH hostkeys..."
|
||||
mkdir -m700 -p /etc/ssh/initrd/
|
||||
|
|
106
modules/c3d2.nix
106
modules/c3d2.nix
|
@ -1,4 +1,4 @@
|
|||
{ zentralwerk, config, lib, pkgs, ... }:
|
||||
{ zentralwerk, hostRegistry, config, options, lib, pkgs, ... }:
|
||||
|
||||
let
|
||||
cfg = config.c3d2;
|
||||
|
@ -58,14 +58,6 @@ in
|
|||
# broken :(
|
||||
default = false;
|
||||
};
|
||||
|
||||
sendmail = lib.mkOption {
|
||||
type = lib.types.bool;
|
||||
default = false;
|
||||
description = ''
|
||||
Wether to configure sendmail via msmtp.
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
nncp = {
|
||||
|
@ -90,29 +82,38 @@ in
|
|||
};
|
||||
|
||||
config = {
|
||||
networking.interfaces = lib.mkIf (cfg.hq.interface != null) {
|
||||
"${cfg.hq.interface}".ipv6.addresses = [{
|
||||
address = toHqPrivateAddress config.networking.hostName;
|
||||
prefixLength = 64;
|
||||
}];
|
||||
};
|
||||
programs.nncp.settings = lib.optionalAttrs cfg.nncp.mergeSettings cfg.nncp;
|
||||
|
||||
programs = {
|
||||
nncp.settings = lib.optionalAttrs cfg.nncp.mergeSettings cfg.nncp;
|
||||
users =
|
||||
let
|
||||
adminKeys = with builtins; lib.lists.flatten (attrValues cfg.sshKeys);
|
||||
in
|
||||
{
|
||||
users = {
|
||||
k-ot = lib.mkIf cfg.k-ot.enable {
|
||||
createHome = true;
|
||||
isNormalUser = true;
|
||||
uid = 1000;
|
||||
extraGroups = [
|
||||
"audio"
|
||||
"video"
|
||||
"wheel"
|
||||
];
|
||||
# get by running mkpasswd logged in as the user
|
||||
hashedPassword = "$y$j9T$AoK/PRviZS4BDJ6jX/Qt6/$FDM/JfANEU7H0RAIuN0DL2hjYujVAVDdI0jgN5wGwB5";
|
||||
openssh.authorizedKeys.keys = adminKeys;
|
||||
};
|
||||
|
||||
msmtp = lib.mkIf cfg.hq.sendmail {
|
||||
enable = true;
|
||||
accounts.default = {
|
||||
host = "mail.c3d2.de";
|
||||
port = 587;
|
||||
tls = true;
|
||||
tls_starttls = true;
|
||||
auth = false;
|
||||
domain = "gitea.c3d2.de";
|
||||
from = "mail@c3d2.de";
|
||||
# TODO: change when on 23.05
|
||||
# https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/profiles/installation-device.nix#L23
|
||||
# nixos = lib.mkIf (config.system.nixos.variant_id == "installer") { openssh.authorizedKeys.keys = adminKeys; };
|
||||
# using proxy option to detect iso
|
||||
# https://github.com/NixOS/nixpkgs/blob/nixos-22.11/nixos/modules/profiles/installation-device.nix#L48
|
||||
nixos = lib.mkIf (config.services.getty.autologinUser == "nixos") { openssh.authorizedKeys.keys = adminKeys; };
|
||||
|
||||
root.openssh.authorizedKeys.keys = adminKeys;
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
services.vector = lib.mkIf config.c3d2.hq.journalToMqtt {
|
||||
enable = true;
|
||||
|
@ -137,7 +138,7 @@ in
|
|||
};
|
||||
secret.mqtt =
|
||||
let
|
||||
catSecrets = pkgs.writeScript "cat-vector-secrets" /* bash */ ''
|
||||
catSecrets = pkgs.writeScript "cat-vector-secrets" ''
|
||||
#!${pkgs.runtimeShell} -e
|
||||
echo '{'
|
||||
COMMA=n
|
||||
|
@ -184,31 +185,28 @@ in
|
|||
}];
|
||||
};
|
||||
|
||||
users =
|
||||
let
|
||||
adminKeys = with builtins; lib.lists.flatten (attrValues cfg.sshKeys);
|
||||
in
|
||||
{
|
||||
users = {
|
||||
k-ot = lib.mkIf cfg.k-ot.enable {
|
||||
createHome = true;
|
||||
isNormalUser = true;
|
||||
uid = 1000;
|
||||
extraGroups = [
|
||||
"audio"
|
||||
"video"
|
||||
"wheel"
|
||||
];
|
||||
# get by running mkpasswd logged in as the user
|
||||
hashedPassword = "$y$j9T$AoK/PRviZS4BDJ6jX/Qt6/$FDM/JfANEU7H0RAIuN0DL2hjYujVAVDdI0jgN5wGwB5";
|
||||
openssh.authorizedKeys.keys = adminKeys;
|
||||
};
|
||||
|
||||
# https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/profiles/installation-device.nix#L23
|
||||
nixos = lib.mkIf (config.system.nixos.variant_id == "installer") { openssh.authorizedKeys.keys = adminKeys; };
|
||||
|
||||
root.openssh.authorizedKeys.keys = adminKeys;
|
||||
};
|
||||
networking = {
|
||||
interfaces = lib.mkIf (cfg.hq.interface != null) {
|
||||
"${cfg.hq.interface}".ipv6.addresses = [{
|
||||
address = toHqPrivateAddress config.networking.hostName;
|
||||
prefixLength = 64;
|
||||
}];
|
||||
};
|
||||
|
||||
nameservers = with hostRegistry.dnscache; [
|
||||
ip4
|
||||
ip6
|
||||
"9.9.9.9"
|
||||
];
|
||||
useHostResolvConf = lib.mkIf (!config.services.resolved.enable) true;
|
||||
};
|
||||
|
||||
environment.etc."resolv.conf" = lib.mkIf (!config.services.resolved.enable) {
|
||||
text = lib.concatMapStrings
|
||||
(ns: ''
|
||||
nameserver ${ns}
|
||||
'')
|
||||
config.networking.nameservers;
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
|
@ -10,187 +10,240 @@ sops:
|
|||
- recipient: age1px8sjpcmnz27ayczzu883n0p5ad34vnzj6rl9y2eyye546v0m3dqfqx459
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBCSDNRZWJXZ2ZreThjVzZy
|
||||
TENrbDFKRkZCVXhaQ2VDZnpYTjIwY3FtUnhVCkxOVk9OY0sxeSt5cDFua05oa3pF
|
||||
blRlTER5T08yMDMwQ3NVNXlZR21rY0UKLS0tIGtqSlZ5RmQxV3hUbzdJWUJtNjdE
|
||||
cWRhRVpqNHBqTStZZW9tQkVSUXVIV1EKb+auXbwFGHtXk/Ehpk1bcwoDaltnRAPF
|
||||
xDg40WITKf9hXHTtkqcLwrTZA2T33rw9SVPKiUcbgWkRcKJk6rCc6w==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDSkUzVmJyWjZZb3VsTnVV
|
||||
QnRVbUpINVJSZ2tSaEVBZWhoMjQ3dVpEcGlZClpXa1NMclFEWmZ0aDM5QWsxYnRw
|
||||
Q1dFUC8vK1NpeCtrUEtrMVduVzFPN28KLS0tIFY0NWZDaG12b2R3NGR3cjlNM21I
|
||||
cnYxc0xCZmthNlNZYkYyUXRJZHdLeXcKIXP6kvdgt5m8TrrczYFFe3vuVkR+IMjf
|
||||
G1EWkfnmZJ2Lji/py5i59g1re5pcBGcA7io5XctULjVYtd1lwhzAzQ==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age15tyk8zlm2v3fkv9gsdm9g75eeef23358wrddeg3slpu2vjncj96q8lu6x5
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAwekRsL0RqV04vWHY5VVU4
|
||||
V3VIcER0aEVIejBrNDRsc3ByQng4eVpvMTFnCmxibWFLTlkvU2tnR3dlb3Ixc0Vm
|
||||
WS95clBLZWZlZVlNUHdtd0d0ZzhGU3MKLS0tIE55eXpzVk1jS0xXeFB4cUdqc2VD
|
||||
M0NHWnRWaDNwN2orUERMRnZOaXlvT3cKxLo3ModJfGn/XyrU66eLJzF1k4g0wA5C
|
||||
qWpqzrHHromQNbbAoU4HRdRh/BBSkLZ2P1XQWJ5oiyGgGZwRUsTwrw==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1xd8x0m27zhvvsm7rq2amtu3a4nvpfnlcdgp9tqt3g47hfzchsa9svgmemz
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3RXgxYjVQbi9ueG9wUk91
|
||||
MkU4dmlpTXR5Si93QTVobEN6SE1JbzIxR2hJCmhFZ1AxbnErSkVDZlhBQ0JqQjVQ
|
||||
K3cwRDN5dEdLWGF2dnRveFRuZWExaHMKLS0tIGxEVTU1eUp5Q255UTVsUk0vbFRC
|
||||
OElhejZ2QUhsTHlvTzR4NVowTTVSZEUK8gi637nM8IULhCQMfVvJ3HZIgWQlje9p
|
||||
AWh88RoLEm+HYpUFryLPquMNuYh+QDRrwaJk5vLRV0dK//1wlGPh+Q==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age12jcu0jtw7m96evxnd0vu6lvsm8uswslrdhxd2u655vjrwhljmqdsptry37
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBCRWl2Q1VONXJJdGJFdi9E
|
||||
YmlYRzl5L29iTWFwS3NFQjBDUDVETVora0hJCktvOE5YNW55OTlMSWl2a2JEdmpC
|
||||
SWJ5TTdZY28vejMyQ2RDa1lFTTY4UUkKLS0tIEpkWkNEajZERWlIZnV3NzZTZDFS
|
||||
emRlUThGUFllU0tCSlpmRHMzYzk1S2cKj9Ib8+ErXAg153Q0d7jzoGTwxfBuYKKR
|
||||
rza/qk5snAjNm2q9pow6h1+iG5UrZxO7YwBDMdopNayO0GtBlPsNoA==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBcG5hUlFJUVZIUmhVbkx5
|
||||
enFhNzhzdUcyR3R6bys5SFB2WGhkK1FxU1dJCmo4Zm9BUHg4eFZqeUgrTjJZcWVn
|
||||
N0RXRDVEUWJyOU5JbDZnNGU1dHdIOTgKLS0tIHNCOXNTTWhueXYvNTJrRXJVR0Ru
|
||||
eE9mWGVRaUxXUXJzVDRpajFybmkySncKAEzUlczwVk92DwOzni6UmcrLBsdMnM7V
|
||||
GhZRe3tOB9ixBKD6sv417X/+WtkpHCpFIgi9jv2VZFdwXUwYO2O0mA==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age15vrlmtckjf4j242juw7l5e0s6eunn67ejr9acaztnl3tmvwpufrsevntva
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB5RzRUTUFVMERLRkpGWFB6
|
||||
cVdlcTJaNEZSRXJWVy9jOFZ5dVJMSHh3Y1F3CitYUXBSd1N1RmxsUFF5WXd1ZGVw
|
||||
SHA1WWhyQmxIT0VjVitYanNQekRpQ0kKLS0tIGhza0ttdklaS2hZalRwcVVMUXNB
|
||||
djdEREZzbWsycC9Mc2NzTExkTHBrNm8Kmk8j5f/FBTTitw8EVBwCm744PVP1Yo8X
|
||||
/lrsYiOWmsXQxRe/S7ONM7hJGeLqaPZtQ88q5XEH4p1RUr8PwG1Cww==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBna0phS3pzWlRER05UNDQ2
|
||||
SHNJRlZ1UlJ6cVBnWkNoQWk3ckdERmp1OHdJCjhIR2craUNhd0ZhSXFCM2pnK2to
|
||||
N1NmeWlRejdBeDdRaWpua3B3MlVsa0UKLS0tIHVpSEU3dTYyckpldDhGbjF0dnhN
|
||||
eWZkOUlCcGZCcUJFOFU3QXBSOElWckkKrqu/FAn9mliG1QQ9MZuoQzISrJS2b7xP
|
||||
cpmjPUIjcXmgs6yjo54BoIVeLMwnb+sS4qTyaIdYwxiijWlPkTpAGw==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age15qj8latetnrmgzd7krq02y65kn7lhq2pcwv8cvzej2783u5a9scqs79nmf
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBUWDdsMFhuVmFmZ05xNmNj
|
||||
cUVJODhzSVRtaFJOYzBCVzJuT2htTTg0L1FnCkc0bFpNMWVkai9QVEpGeW5KSGU3
|
||||
dkwyZERSeDgyTVJ4TEdkQW90eS9ITTQKLS0tIE5tazVRRGIxSkE4WHVkUUMwTmhZ
|
||||
MUVTTUJEL0cwYnZ4R0pTUzlPTUZCK0EK5AW+WZ9Eon1s1pmLeSgTf3XJb9fWGZo9
|
||||
C1q0Vw/nsgU1h6EWJ4or/69uQSQ0Kz8RhjZG2g49eg5Llz4adoMGsQ==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB0T3pzdStidzAzYlozcDY2
|
||||
SDFybGUrM0FsektOZWxDMnJNNkRKaW9OUEZRClN3K2Y1YXRwaVdRRFJrR0tVdk9r
|
||||
RVRkMG1YZ3I4dWE0NTdsbGo1MWd0NHcKLS0tIEYyZHlDbHNqMGFBeDdDMmJrRzh4
|
||||
dktQM1E2K0lhdGFzeWU5bGp2YmlWNU0KfzR0LBBWgjjFgLokmMd+zi4oF9g9Mv4f
|
||||
q4KKvfJeZLD2XNli4ALvzATCwVs1980K2WbuNmu42N+Xp/LoFHIolA==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age12aukzah0pt2rck52hwn08kezyxueqz2f49ld7hpyuzmu847vavdqkunn5c
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0dnUwR3ZqdVlTaFZiNVBU
|
||||
NmMxYzY5aEI5QkFBM2tsemhlcVRkQVBDc1dFCkJ5RVJJbkt5K2hNUUIwN0lxYjNv
|
||||
Z2FJRzl1RUtMdEg2Q3h0d2R2MmZxbFUKLS0tIGJyeWxvODJ2ZjBPZUg3bVhkOU1X
|
||||
Q2Z0cFpCZmcxT09zZFd6Nk85MTlJU3MKPpiSH9FzBd6g8nFz/kMkSHhm2mobF6D1
|
||||
AylfvAWn39Fi/+yc3Er44QOWDXbr6IHyPQKbmQdtn/yn1C7F4OhG6A==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAzUkRFM01sZmRmczFVV0Vu
|
||||
ZmlJSWFBakh3NkZBN0JIaXFQeDRoOXlJZ1E0Cm04L2xIK0dJaDhpaXdZSnRvdmp4
|
||||
VzB1Umd6TDZtaG53N3I4Z3Z2NGQ1YjAKLS0tIFVBeGJzWUU0VjArbVc3YzV3OUJL
|
||||
WlA0RHUvdHJpTXdyMnhiL1NzR2NNcXcKf+DIOhY5rTmT83dtRj9AK7MPnMJh1ZDi
|
||||
bFoWIo1aung6g1zoYVGDACMpyBDw0t6ZAcLVSQS8Lu3S7J1KeKp6Iw==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2023-01-06T21:58:08Z"
|
||||
mac: ENC[AES256_GCM,data:Zw6HzWSo4xnjZJQ9u1J08V/E0zoV4LGoKfY8WgRN5dS04LUxb+O0A5fFEwFTsGs5Ch0IA/0MJ6k4fqGkg97X18w0lK+TLlxl/tcjW1yA5ECbQhNKEUuSajw7rgDdqGGqxJ0BoGOH/Rv5I3VBstoSS6Ad4hmDnRuLiY9VpRYA+RM=,iv:CK0jB87RBsnIv3mOQs7fz0VjBYczE/unP6+14X90qCI=,tag:8SJ1a7Kd9mc7yfdIv/a1Vw==,type:str]
|
||||
pgp:
|
||||
- created_at: "2024-01-27T21:08:55Z"
|
||||
enc: |-
|
||||
- created_at: "2023-05-21T20:00:30Z"
|
||||
enc: |
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
hQIMA7zUOKwzpAE7AQ//aWKCLT+jh3lav2IK49w+ey30IxIUiI8bZBAqlWtv4KxE
|
||||
Bi/TjgECE6XTomqihdcRBMo0X3vtns6EIYtoxcsiloYztJT41rzOVr8sbwPaaL6p
|
||||
T06OvmUTSGYAypvpNVY5qsJh/NCpVlnwj/0CdFHG2MEZVnpxJD786kVw2G+QWNiJ
|
||||
JLEw7pyot16X3WYxoHhawspyXt2y/+MwR9o7ctE9ECssf9l72EcVcAW0jot+rDC9
|
||||
KHeAXeT3s0dIO+AXUKfe4xr3CQOX8UF5hH2viQ07DnXToAeGPYF0hnmtSz6oXv3Z
|
||||
llxLp8wNH7iGLxgMOBMEu0fyYNACpOTECtqs9UHvSctH3dIN1/DIp2qw+QB9yGXH
|
||||
/YFpWKcg5H67AIimGE3vpxr4H5jQmWFobYcTJinf2FEt+ppp+HCc8fqyQ+9yrCoo
|
||||
xRNJuTXMHbiwGtxfFjFYiYuUhON5pZdV84SP+SquRqKf8Tv36jdzAFjoqgflsTN+
|
||||
KDUdFSibTXP36Sl5UzTkA1RLyOY8jQQdaYckr/zVzBfcdzYDw5hUunztdjYbLyqr
|
||||
obs8q40cEAwK7tc7q8PKY2LxGMUdCzQnC6OEgevuSB9AjRfBNzC8BmHlS45FhNEe
|
||||
VH0C8iK2Km0C2MwmYtt1ZCNv8dYl2WIf/32yrbx9iIdYJkIQWWrKNoMMxOrLGdnS
|
||||
XAHHwq4mpA9cAMYXXdZMGn2nZP7maNtDsQ9ebrduc9Gqc8g3ciKkU+c03R8OA1ph
|
||||
+hjNXmaEEGy16xw0HumlxF/FDFZx/Drn89QfYoWOb139m7RBvEf/GGqpn9WR
|
||||
=D95K
|
||||
-----END PGP MESSAGE-----
|
||||
fp: DD0998E6CDF294537FC604F991FA5E5BF9AA901C
|
||||
- created_at: "2024-01-27T21:08:55Z"
|
||||
enc: |-
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
hQIMA6j84+xkv3y7ARAAs/UVudpaOMr66QudZSsefriyq8DL2im9R57zL95FB11v
|
||||
PKTb3ZSEtrPMYWouc6C6uaz3kBFO/O3LK8W8QQH7wVCKuoKyn2lnBYmezahINDXQ
|
||||
Rww673bqwJTwXMJxWhI/JM9UcQkqQELLiElHpA8mtkboXHtBKORiRSBZV4NhFy17
|
||||
HRkSU8s+OccM2kLwz7AVf/jJSd1gQaBgQCXbJWfzQivJpfXdssE1ZDslICjETgw4
|
||||
Hk+mBrwDoS0YdP7jZ6Pnu2fGfMedGYX4gqN7+SYvFDsd+GkZIZVXZPw+xaSnYZw8
|
||||
YPnqWHP6ZNikTQV38O54jGhHpoSWACp5kqF9pfFXD4tYGpCE7d0/EdtyZ+x8mHFD
|
||||
VWecKINC/krTkaPVk4Z/YoWV16/TF7tC6KUuYoiJy1HLVYylAh773kzekdoT/aWw
|
||||
dDCU6FUW41Mwnm+PjDmB+JpqI5U9Dk3v4/knS/fC+a1462KxVVIaGUyHsH99UTFi
|
||||
aiEYTcrsOoLqz+w5t8JNZEnwUy8xDHM/kTcG4AAH/7TQn7wW6gd95pzABbD6pWb1
|
||||
1eV5MMpydlIVMAbCwwo0IWpsUnFpHpwG0Yh2W2yj0+SXi3ESFvn78Av/dDZcqd46
|
||||
zRHHqmkulYM/sUXBhJ0JqWGdueA/XaU0S3SrlfQZSu8kaNmkkYNlf1/ojHY5sT/S
|
||||
XAE68afCVpvzX0/V0csIVV05R5tXs9GMdyT2JGp0MEvx4xXUok6ApGfKMFp4Z4s8
|
||||
2fAB7q2PrEyC74B8gXHtOJ4s80WODPUgflgLxw0iK/sJvDAY1lFtRdgnW/G/
|
||||
=9y4F
|
||||
hQIMA6j84+xkv3y7AQ//ZFDOKjy5jhqoY75ZedPBpj4jL6cPAToGod/SPi3w5mg+
|
||||
OUzhPsz9aZm9nFHs8BGpqyMS3Q+jQsHoexNUeQLpjVUF6F5mQoYq53+aF7q75tvh
|
||||
1xG8BO9ic73/FNQulFoBviXKASv0J2+yKNOHFlMIxKTs+CTEdixbGPNhKWY2VW3q
|
||||
QMXsPiOFty46JV9SiqFammULe9atJbdypHFKnvVYf8yqFRAKMMvgC/qgWtAIsw+l
|
||||
9KnRdvAzjuoZlva3kXsApi79dqESdzPHSJ1USEdtLYoaCdr2zBXPI3uqi2TkI8CP
|
||||
7XD+e4lIDoAOqGsywZbrK2iwSaoh6e1qE8lYr/K0AQoJ0v87oD3zQpFcKIeGblZD
|
||||
o/Zs8nhGF0lqwr2gB58a+JityOjInvrALGCS/rAj39HIquJuuaFo3qo3jN3FgvFR
|
||||
YYiNuheI2iW/7fEFJCLhtPQwb8nLS1JxH9ZT/eUK2dE6Nw3g33WT6eVWt38nrlTm
|
||||
DrMBYmI2I6OXllYKzzcyXNMIpzddGw8ERwli3NC859lS5yWbK+Q7MbYFEkA6vMUt
|
||||
24inM6bK6I2UA0xnkojadcKdSRVxMT5pIFOmW3b8qDmQYTNwDdSBR5Gcay0tsisu
|
||||
BQqcwBT0RO37/E0GAHkAFdH0RA1t3H7rvz/YwIiDJz7aNB5ZAeszbeCWVyrDIKrS
|
||||
XAEs7JzgTFdhWzNcpUiJsjCwdti3G5+JJnjRetiGUgIORGVLkGDjua/pJf/8ufu6
|
||||
XlWYyCbxIzEiyiLwDAlclAepvA6kZcenKDucuX0DFgJOvjQhDmo4qW8wVBsU
|
||||
=yUwh
|
||||
-----END PGP MESSAGE-----
|
||||
fp: A5EE826D645DBE35F9B0993358512AE87A69900F
|
||||
- created_at: "2024-01-27T21:08:55Z"
|
||||
enc: |-
|
||||
- created_at: "2023-05-21T20:00:30Z"
|
||||
enc: |
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
hQIMAwMCBBrc/JA6ARAAu/4iBqxmT52IvRIJVyalDrZvIdqTJtv3OQ5oQfJIJvh2
|
||||
JpoyjHwVzaxYfR079deooQ2xu9u270+a9eyzjV/NRb5J8aDBAFKKIWVMcHX3wwjz
|
||||
qfzFygqtvmucxZd56H9k15OEqgh2esTGmxmpkwG8GNucqWbfI3AqEJ21oEOhpADs
|
||||
WvsRRFnncKWQ5EFDWonNDOzB1TneQUUpHfW3sOb2uUNhi8FaYqX9EK4cqIGrjMWC
|
||||
oR+EVl4naa6BEqtJLENfKdoqAX02rTN/JLrTwYovjPHPtrmYc4AMKX7EwCwtlmEZ
|
||||
Z18KzQgfoWZ/Vh26J16MX89RG3o46bt2spR5vP6f3ES7n2sHkmtXTVsG1Zur4dD7
|
||||
8cQ61vav6HaAb52ow5H/S5MYtLXamP+u2UAuUFVTKj5T2reb07at+Mu5BKKh0BbZ
|
||||
Th+R3LpblMKgtvJ1/fN39x29Y1vbXT1aqmOof1cR2EBsVD9TrQcKQe/qEbuF9U4s
|
||||
6rY0exCPuJtXxH/yd3RrMiOp2df4kSnETbklimCSzHiJYGD+VFghO0UTf8hcHpQe
|
||||
2A5VHHc74HGa3fGw7uuP1F7W7YN447JmH2kUth2KDhPVQn8uyTnUMsx50AsousHk
|
||||
zH8C02A+Ur8S0xlIF+15K6z0nIUHWnW6u8xocNu8NX1zOrQyYW//Hyj+JQOvGrHS
|
||||
kwGhDFYvyT3kobFglO4YmOj5SSgtL4W2Lf7noh+B8WNw2uDHFY2sE/o0RslETJMk
|
||||
SrMXTL4ea+NUcZpSPyr3Xi9yeENMKDI+WfciZV82k4ACbPReUTljI9ygAxp3SKoI
|
||||
hv+LxERKFerOluvpmgtM94BWL8L4odPuBVQf1SXuZHLAeYLJoXaTPH0XaPoShdHX
|
||||
IfTjnw==
|
||||
=PVA/
|
||||
hQIMA8zMZ+ak7y/zARAAsESKIaxIHFAz4dLmQBC5eGx85V368gdx/+kRnYo7IMTS
|
||||
h8kfJyrcPi8Tv3UYr/KpceS7zsVIJiscJJjiIDKk02ibjSRb2kl+aJLobjWjUZic
|
||||
stVT8Y7FdHi7jaEgDc0EtNMK93rlXS9pWASDjRalxjturxeTv/5jAZcsCg6+FfAO
|
||||
1CSc+xrGSd6Nq9pkFs09w6eybA+DFCcPpUrlEQpcBMK9/quMfc20zE1HvcxonIU/
|
||||
lY4LR5VVppSxnDNnXXreBcVv09nv/YuUvEvd7KvIgp+68icdKUhRT1nAvObAypTe
|
||||
iInhVKLWrckCfmeg8Z3y2Ba/yIZ6z7fpMfnNIm4mjzQLVkqKb3v6w3icj04SsmKi
|
||||
3vkB6Zo7rLm/KeK9xVr0zCY2R3Xpvv79bgY1Bmx/um0MIYwQT7iH2GU2JWPfVX3p
|
||||
PU/n5Wyt6P0fGvWM1LA+hzgwbAYe2xUpP+OQV/oul/wYGb5yLTgQhiq4ubT9zOXv
|
||||
Vz1eQRMMvnVRbi8pXNi11FHJ16nLkh/RXUhTMhFZ06VcZC5rCscneoj8GzM3xGg4
|
||||
2io7e8FfiTKybAKYQPja3URLSR6mY4vcRoOHt9qfRFohIhN/QL1u6A8xSMJ8YN83
|
||||
S1UPhfxEl8hk2CvdChpp2yKR+uufBcDbLOC9BVjtHOJBGxa0l2zhZX6BOVDDHn7S
|
||||
XAHjpNP4mX9RbasF9xiNEiVV8WHUfskQVN1L/QryHzq7opqTaRKoOl73DEUroeVc
|
||||
t4xVxtW55MCBwWwMft+0EtljOwPvdR8uNR1Im0eoQwDXmnbnc3AgS1lJCLd5
|
||||
=ly0Q
|
||||
-----END PGP MESSAGE-----
|
||||
fp: 4F9F44A64CC2E438979329E1F122F05437696FCE
|
||||
- created_at: "2024-01-27T21:08:55Z"
|
||||
enc: |-
|
||||
fp: D4E89C6A0A58EE803EF708EFA9B23715F7AA3F1A
|
||||
- created_at: "2023-05-21T20:00:30Z"
|
||||
enc: |
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
hQIMA/YLzOYaRIJJAQ/+Ps4KNjhM5yckRaurYHI8blWZegGsInCr+IEKFc52cq4l
|
||||
vpzqbUAB4/2kflWzm0o5kF1jJLba/B8ljiXJSdgf1uxXlrx+ZNkWcspECZ27X7oM
|
||||
L17E2E+cY/31EIgqkGpl39xoW8nnJmMJyXwEZhf3Iw9KAQ9+R2Vx3Y/15YySR7eY
|
||||
s40Q+BhZwBhFTtiCd3JsEogndicBeVQT5SbJD9sgAoOtbj4CJ0QRdfVDOVCy/5AP
|
||||
a3Z62FJEY91XszxnfhEv0H1ySyohF0KihfhqQ4LgzLkV7M8k7XsggnCMsFbn36bJ
|
||||
FLL9xTa4d0D7jwhqACWVXH8a6An3cDdl8WSB8ksjxxM5EIJOzT12scqr7R9LWOft
|
||||
7p85k+VjEa4pnjCOGKLSDx+unHtcirl1+chB9Hixa8Sqw+arlbEDu0/QiO7p77Vg
|
||||
aHtXmu8w9GthhcxiegFURzwL4oer/UDI7Is71v/ZMlgDLk71A2/uunUT5rOB4QY5
|
||||
SXq28MUzouDUFu5fYnhHSA92Lj2WM5YVvfzYAZhfQTcTj75OyfPSga6S1tSrt6Sj
|
||||
LfYlXJJR61kR9IvHWHMVaU5tXWUHAc6IUTgaO0OH69r2r4Cb8O6iTj4yX3crRdRB
|
||||
x8GQ9IaRckruCxc0JCsuEj0XL4Dr2FND6tW1Yri4EIpS1Ol8gzlGn/AFQbb5sQDS
|
||||
XAG06eRAu+k/50ob7griqSOrAfPPUiBrHSsQOfNsxw33JqVCBGUWYp7bQfxNAp77
|
||||
EID2pJQCn9OyeEucrYxfo2AWCZ/dmaTHFJDMiY7zeWfqjkiNetwRHKUScSfN
|
||||
=MXAe
|
||||
-----END PGP MESSAGE-----
|
||||
fp: 91EBE87016391323642A6803B966009D57E69CC6
|
||||
- created_at: "2024-01-27T21:08:55Z"
|
||||
enc: |-
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
hQIMA9qJIVK2WMV7ARAAj4sMCPmAs8sB3bxQAGUPfICIHhlFM+kIBhtvQAUxWbir
|
||||
t7dJ6KfL6J5oZ9zkLNlF4EbETXn+7ytn1CSWig6ZMV8j3ChXFBHf/hUY3v/jz8DY
|
||||
cptKajNKOJpwfonCh71V5FAJk9PmqJxKt+sycLYniT1BLKhqEcRyYil+wEif+a3f
|
||||
TW7PTXyeZtMeyeHWg72/aweNRPGMePoOiDpU90JAJgJK8bzZsI2xnTe/5AkIEPGc
|
||||
mSsxkVZd3nBSNPQYeMU1Qxwg0ciPw0QqIrVwBQbxiNoWfzEy7+XwfZdGAMEP2tHA
|
||||
/75dcNaVvJAnNi6taM0JZ1CsHNt2XchA/7VRy6bmPqjMwivXU/Ai01zdWqTbt/F3
|
||||
uH/mOODga87+dw5zOXvP47pM5AutkTi1f2oayEqSOlvnkMGM5QSZhBlXPWpGxDzU
|
||||
0J+/RPb46DjagYIHw8V76yqe9ksZjmXLBJFAfC9Ll5eGHAkg+eDWQxxEuHWxvgZy
|
||||
NEdL3FlpJiiyQ/53mQGx2LsnXLDAaOuqTRmkHimVrc4vGGmmsllCdyvH+tMat9/r
|
||||
Y3pKiEH3NU+L60zn43zkBKifnLL/f0sl4VgT31JBGgy2NPw5cUuxj6jWi3zktAzd
|
||||
GuSmSYOAbvzFRal54SrrFM3/D0snEMmJ3j4boWWNDjIjT9Zh/4TZIurJ17hm9DjS
|
||||
XAFCYu1FKxaiYJFV4xiaBM+2/J1PdA5AE+6DyGOrFkD9si9iVJDEubiV3XYSrDGS
|
||||
MiF/rB5UCg6YeS9SXFmWG82Rbtxi5zA/tChfo2OFM/S3mprXp8Wjr23qp/Ns
|
||||
=GY6B
|
||||
-----END PGP MESSAGE-----
|
||||
fp: 53B26AEDC08246715E15504B236B6291555E8401
|
||||
- created_at: "2024-01-27T21:08:55Z"
|
||||
enc: |-
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
hQIMA9XEenRNYVGHAQ//baeCvZLiRU1d8DH3Ds4t3VqSf9p3sEZSOhOXcujL1D49
|
||||
D0ccjDw+hqgSAZmwocBF/ircCMUaA8FADbqpQQO4oLbMP2gbaS4RyLFMwq8Cj605
|
||||
ndyKOwiRXn3YXLAX2NwhFoBxnuUnOeLsinutMLfYxOPuso1Yr/FFA3kgfqFU4in4
|
||||
Fdluvm36qrRrGNdCHzJW2ZgYZkuDREwGd3xQTWclJXAtPOESqMpQydcCGdY/E/3o
|
||||
RueMBGqicQnaj3Oi6lrDoUh6NsjvbYACQZlEv3EIwyeOHIz9e9iN+5HVGa7Tiofv
|
||||
7IxbvRFmTHTJnOFY9ZkTUzVD2ReFyByQzcg1akfndXVyQ0LHFErfr+fyPpmUx7kf
|
||||
RxDSI8AJ/oS8aVNOPBuIqS5Si00blvaw4OWUbHoKf/eyhgz5I4EWYJr1yQpg+QD+
|
||||
uVDJcbIkgWRfFrGvY1Jtt2LavDssTLcHdjr+AnE+EkqZu/F+1i52W4i8snmhCBLG
|
||||
yYBhm6SzUWh+dO/5zBRkfS9eh7oWsCjT5igVOVS3WhCaoclezfz8vWZ6E55dr9+U
|
||||
h52LEOorDGw5H0k+sam/DSEgmX7aDmyG+rcO72AMfRJ78pA6/XQIwt3T7l8E4H8H
|
||||
E5W9BCARpSJ7DrMEKWDIrEGrpV3WMqgKUfppdG24UK2Mnlkl92DHjA8JE71Tw+3S
|
||||
XAHY90u7TPpGRQ3ACRvgZR72K//9KiihEV9xdZziGDfSBGE/KY2tsf4Hrnf+2xCq
|
||||
IJVrN+DuC+lAuub+1Encpivt83vB8WYNQrisPAR4m83XGDYx0N1muhZ8Iaqt
|
||||
=GoZo
|
||||
-----END PGP MESSAGE-----
|
||||
fp: 4B12EFA69166CA8C23FC47E49CD3A46248B660CA
|
||||
- created_at: "2024-01-27T21:08:55Z"
|
||||
enc: |-
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
hQEMA45bZkLXmBFpAQf/cJgbblAJdKu87Awpf9Gp88TijOTeXt1mDjFWuDSJuurA
|
||||
QTq6i1lREAmHODb/WcMkZFc2Q3FodCdFf4Jmj4lDEq4wFLMkPPFo6kHNRjgQj/cQ
|
||||
MAHrUfFbThFOIj4lGrdP4KmJ4J9BenBMcPWe0EXXEJIS7DUUsHSOkq/VpvnWzvnB
|
||||
Z5ZyUf2pAGnpplBFdt4/8ImJyiZYYWfiJSGbouFvvJc+SOhlyMplh3l2Omdk5djL
|
||||
rtGxNXFZGtr14r1/QRYS72yKF7DmfCLKWx3D49D/dwLB67+kS0KvtLfLM4LIKksV
|
||||
+bN19b2dgdXzkCjGrqDjtBLRtaJvY5iv7QgN+guVFtJcAUyEhfZmtHhCCssLFr58
|
||||
Usgdxauc9gSvSUx7q6GEVXc+MrzOiACH1NmGEUgz16gnXhcdYfgFdGwzG3fa4hPu
|
||||
V0v1/tYHjI80Ukqq+BcKmhBzwBiN973tfOcatQ0=
|
||||
=uMgx
|
||||
hQEMA45bZkLXmBFpAQf/UJ1SFixS5BZHe1offIfWtuWUbyfqFSbxuPJ0nE6Y2Gw5
|
||||
HnVRqmgROlX+4fWQI5hvaFUc1j4VPGQtaQJPWpp2h8I4AdXPfksxwVkwhYUJhKgf
|
||||
Hif54BuStkRSWzHg57eRUV648UZ4XJhHLNbZPALdf74MXJum1MauO2y3Lpe/HR00
|
||||
TEDBjHkKMG9O0ZKaNRF84lIVKGUYv+HpihehIy+puF2dJBPj8AB6H0kgdb+bQ9ds
|
||||
VUfGgRKcmf02LAYv+bdflOV+i+E9IAQCBVHHmBvBSfwGqzIhMJ3OgCRWUhZlvaMJ
|
||||
WnrUt5IQCp6CwdrM4YxoDehZDpKyG9Lu/nz2ZXBXRdJcAbKmKOdZq093a4lGmweo
|
||||
oZpQb9Mp9oPl0SGCSoSk5Dy4IsimXXWvUWFjdW4EPknRs6Rl4zHIEmEyCuIi30y2
|
||||
o+ENdF987Ya7kU30VfA+40u16+U7OnATrERQrUo=
|
||||
=bCvy
|
||||
-----END PGP MESSAGE-----
|
||||
fp: A4B0F5A80C2E2448A97BEC25BB829C4DECA6CCB9
|
||||
- created_at: "2023-05-21T20:00:30Z"
|
||||
enc: |
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
hQIMAwMCBBrc/JA6AQ/+OLQGMR6eBh3BcXejYe0MgFkXAdmtdBjqYDK3h6TnizSS
|
||||
7B4FWBZpGumD3Ej742e/4aXJr3KLPgX6pMafxonzx7IgVmgCOGIlLP8jgeV++U4j
|
||||
cYiVUGkl/dLFhvSCU54y1C2+1FutwJQ4+4CUi40cyaNzLUFqWvlEL2ZynDeJHWW+
|
||||
ya1KcG1L9RP5OChyIuKV4i5xlUzSBMlUic5Qqzjn6CzY7roRZsrXGR9n63UP4Ong
|
||||
ih3JINu5Gm/rdKU0pubZOHd/i5nhFyA0zHsPPtIytFnjgnvx2O1EIXkeOIKBrLf3
|
||||
rq5FOAREJOTMiZwxN3u5vmGldsSzJUBiAlLWo5rIYXZv6Sxsrrk3/GUid/c0E0eB
|
||||
SbV/P2mfawK8rNdhdyY4JcJe9KV3vBk5Os4m92ehz+UjxjFi4mlbhlzUM4PKU0fR
|
||||
/sGC+DwsJH7K4q29q6SarIEcmH5jUk+x8ox/78MNXs1alp9G3RBdaga03fwpFpS+
|
||||
sELTVz72BFrMJjvByWx2gFfyKBsC7Au5z9po0iYfjXtoVXpm8qqJMdQQbiDRoCg3
|
||||
rMcDYOI7a/n5v+awzW0SR0bqmqLGMM1gSGK2n51Ld/3kA2mBoLgvS/iyX5bWzNYE
|
||||
uhfZ9XLJYbJ5nscRiHJzORHv+aQWOzQkx30Ku5usMrhWjGTjt4HLP25L4LJEy07S
|
||||
kwHH9bWg6GB2TAG7LnFxdHCNv6qAwiVJZ9QZF3LbHw2avQiC8RD/9CJm3uK9E2Kp
|
||||
V4heHaf3ew6qEqKsY/OaV9Sn8/NFzwvsqqMyUitIA44zimJsX6oga4hyjlCraNib
|
||||
ZqHCGE4mpi4+aW7r0ulLj8ZU9vESNl+H3qvq3i7xLjYLQRYWLMfCgkfLnUlToleX
|
||||
RlXoaA==
|
||||
=sVzd
|
||||
-----END PGP MESSAGE-----
|
||||
fp: 4F9F44A64CC2E438979329E1F122F05437696FCE
|
||||
- created_at: "2023-05-21T20:00:30Z"
|
||||
enc: |
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
hQIMA9XEenRNYVGHARAA4yLGlhHNFUwhhYp2IQm88M/X9PmGOMbg5i+01ol7CTEd
|
||||
Y0QSq+v4SyYCns3JXOJqjPF+McK+wC4qsLcE7muF4PkAN31Jh245DRi6wAWhw/tJ
|
||||
tEgjeMchVPY2z1sM5xvjaxPisJxKCytHTv9VM9mDlx2V0xy5+9txwhxRNwc2whUR
|
||||
PXqE0dGsm09Q+bdtPSyFLObcTHqivwdnFMCWLDn2es/i93yoA+zGFzVyICMGdhFi
|
||||
l3G1A5xCaRxGgwuhWH8yZkCGx4Ts/imEK2iAJdnU2JbYIVtHDA/Qbd/uCj9u5h4r
|
||||
gqiE/a9IknHCGB1WN5OEcFCcYFBCkNrFYM1skFOO4LKvMfuFSSifmVCbWRpcNb64
|
||||
F737d1Oh7EZNvkgf9DEoVFOtQZFktde7CqDeyt/5IiDMFbarS+qMMyTqHBbS85fx
|
||||
YLt2335l4cvNATnv9nkWLNGRehD0ryn0g7PRs0xGOgiLCnVRqQCi7hEK513924QT
|
||||
Xo088VUE2nEekr3RQWnM/XQN0JOTmL+l5pnnK/YkFuBWzvzoAd3YPlF4C4+FvrEg
|
||||
lijRLUXex8FGjTIdHU5valSVfsQt1j8Kd3ipQpTfR6yWmk9NTc7XeUjV69y5GTEG
|
||||
jJzU70bSXyD865xRidLLGa3eJw1dwyHBWmd6VorOhxbwAaFutIOQ6Vj4omavXU/S
|
||||
XAHTiJ21yWMmyiD56gw/aq879WrnqXIj8ZqRYehmXKzUPEH+HzPSnHr9G05IBw3V
|
||||
zSmx+SRQcGV9vLoI3hA74Lwf+kSfIywin91olJy2P98ezUsO/Rza7Vpo8oZ1
|
||||
=4DcY
|
||||
-----END PGP MESSAGE-----
|
||||
fp: 4B12EFA69166CA8C23FC47E49CD3A46248B660CA
|
||||
- created_at: "2023-05-21T20:00:30Z"
|
||||
enc: |-
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
wcBMA/Z87ylQaotQAQf7BXLjJE079OKPU+K6aMZxDyZxJD0UhY4j7rpK+smnEVB5
|
||||
nLXsEdBP99AgOmzonpX00t1TwP7h6xbdgtA3srzIYQt7E/LieE3oE0mBE3E7D/Am
|
||||
kMfdRBKtD2OpKz2eKEaPE3Q3MV8uhpL7ZsFGCozjhqT/56T9YiGU5gbTu5It390F
|
||||
t75jF2BvQcqyvfrGUSDLh3Rl1g4Yh5AR/QTZhxCm7uP6HfCAm6X4vGLGqH5b68bx
|
||||
5krBtB/uL3FoIWrF8ZSCLwZZIe9PWg50/0czxuKod6HE2VQi5/0bzNzFbpFbqNwR
|
||||
brEWWfMjHhH6t4vhBMADFZYgEjUgsUWhHWI4S56Ao9JRAffrCoTfUkhucncvKSyV
|
||||
0beA0pL2u0p/95OFo/Je4t1/IGWw5Gu8RntqulscV4XIxXR3yMXPe5cyBUQf/8qH
|
||||
4IQQcDfiIRqg8qRboKBxHViK
|
||||
=XLIn
|
||||
-----END PGP MESSAGE-----
|
||||
fp: 9EA68B7F21204979645182E4287B083353C3241C
|
||||
- created_at: "2023-05-21T20:00:30Z"
|
||||
enc: |-
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
wcFMA9qJIVK2WMV7ARAAtcqR/tECrfAAHt5FpLHjdMsO+q5YoyccpSs0hNfJXVX5
|
||||
H9AMPCJ9My/9cJNyN3dQzqMwsLdaVHbZIzasq54XwIXnS0nOb9XmadNBBzy2bO5y
|
||||
vRIXeL/zVoG1TwhDxZBpEHWrAKVgzKsBKmkhZBQGMa7VseD/0drJu3fMmj9nQRob
|
||||
ONsjiJHi2Aj5Nh5ml3T4uce8ls1p3WprWy5thJ69wgqc3g/Dqz+7iD9yWlgHVu5n
|
||||
VorTnYpKmcbtyINArKM3+gGFqKEIDUTlNYUB1y6M6aWb591dhWd1iPui9HioUzy3
|
||||
5326cNOSFgxupnQhar1PIWzvdC/X1ahfhRgmsZtNVJmxG6O+bNGN3TO8SUSv4UFr
|
||||
WqecvoTvhDzYCI0DS1CIJqVnk8sCNpCjL8uSgMT4cIhdwysXyU8+353yumdDaJIW
|
||||
lEWqlRatGjRJeVicon8qoj9YhdnAHloIvrSK7P4dcBlsTUqnDzyJX+/3grtVKVIT
|
||||
nwB6BmpsX5c24EmML32qyvE5AtC9+MR9kCg9d/hSKMvWptYSq85IgUdBthgzYvpT
|
||||
20C+QePH+fXCUKfjRimI+aiGttBtfN1uqFPmRnLyqBzaN8OltA7z5cCny1lT0hLT
|
||||
rUL4uNK5QctnJ/99dwv8y/hD8kl3n00IAli8/gyytk1zEhpFmn7LqRQm9mO8x2nS
|
||||
UQFpB9gr9VilwURFGUy/fFVhzykrEzEx9P+fCFR1QDpDU6JM5irwJHzWIyJGxsEk
|
||||
MHjlJWLoOPyXSxyIywrXk6tivhGH0tJi8ronbyZIoN0/Xg==
|
||||
=o7U5
|
||||
-----END PGP MESSAGE-----
|
||||
fp: 53B26AEDC08246715E15504B236B6291555E8401
|
||||
- created_at: "2023-05-21T20:00:30Z"
|
||||
enc: |
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
hQIMA/YLzOYaRIJJARAAjJm2UXGtwA00xIqSf1qwyuS6evHG/WcBBZwe3+BLY1Nc
|
||||
uAxVkk7jkQt7J8+Wthl5p2O9QvMWQ4xoztf5OUab/h9ZDxaNI4poIMyheBhX3hMJ
|
||||
yCHG2qrnow6UANT2IzwWwVZKbBZ+Yd0xzcit4CzScPcQ0e2I9vfZHpXzL/u17ayp
|
||||
0rR0oXuN09+A9Qev6wHbG4DBqD8lDzdQfiKcGdH0rooFm37VmoZQbP4xWdCEEnE3
|
||||
vyk2ZX6TZIXfub7gDg0wZGG7JpykLQn8z8xq/ujVH5e0oqA9XRX3wNwrixpxSs19
|
||||
BXFM6YrV3imN4W50UZOh/Dyhat2ewEEwiv4UZcytLCSNevVxyETwzCkzI+dg8ESu
|
||||
130tCQPbaDCN0TxqT4MiJVKWuAgp27jv0tQuViitgbwbMV8QaKu7HHHLDcsuHbNJ
|
||||
IgTZle/AVxwzWwNl/1LsMzH4U8Oqbnnr/I6nkbUtRWs4MMbnsPjLJb1B5hZ7LHk3
|
||||
yfcAkGwrQG1Etie/FbqvJb2uOi7+GukuuGJvPwNE6Lir2R50Bk3e+l7XoIzjoMiC
|
||||
C5ApHl78tKw66r967RFDIVsSqXs81rsdAwZL66R5oWOl07IH0XVmPsnuF8LYgIw6
|
||||
x8AoGavvBj4sp1ConpmOeH5siHvizJKNC+PvYfi+Tig/TERnZ2K5Kyhz0A2QXxfS
|
||||
XAEzwzxOO2PJm7Kff4ftQxnMX7yZzOg3bqa3C2z7Al5QVTqca6o1tScSyT3wr7Ci
|
||||
uPX5Tj06T/aDzSrQIdkM3iVjj5Ufqo/xPje68WV8M9Pj9LRC25SOb4aZjpD0
|
||||
=ky91
|
||||
-----END PGP MESSAGE-----
|
||||
fp: 91EBE87016391323642A6803B966009D57E69CC6
|
||||
- created_at: "2023-05-21T20:00:30Z"
|
||||
enc: |-
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
wcFMA7zUOKwzpAE7AQ//esVo4/13PbtJFjlpYSA4XvV3PSe9RiCcM6KCtOi493MU
|
||||
kHrM7sbk54BmJ3rtFtVfn1p417fv9JQfHXwCbx/qY1yFnVQKJSkx6ZezCqTXxJa/
|
||||
qt42JZ4VzRWxtcrhukl21hT6Ue55tvCuLKmUzwDLfqL5bnOTlJfw9/5qt9B/0Dho
|
||||
0gKkeFILAc0sHW1z9OWtKj5rLT4gxgIbq5w53n/oXHPbcw/q4YkAFllRfanXcZbd
|
||||
YRd+ri56U8zYKc9X1+XuAr3wlT2QAhtwhlAGXPnFzIi+/XyYy8AhpJCcXAZcWUil
|
||||
gTtxEAr6qUaa1ZqfQOPtsgOcdL8vB905mk/ljmBzQuBZV265iQcsLpgfKmLnKN6Z
|
||||
F/dIpUVFtzPcyMPqByW5XgRd8uZ1BzpxxfBhtfWBxXlTng0SS1k937fcAnU7TooL
|
||||
ZSwSG83wGGYMZ6RJx0QJTG1+s08XORJ6oeynfuyokf8z4fdOvzHuoc/Y0ajuxiVv
|
||||
9z5O+p71nKSNPFrs4nXa5biw6KM4gKHz2xfBJOd6zsw7JE4k5siEfsRggh8JwV1S
|
||||
btjK1AgCmWnwfrRCj4kYlAhZ/T7zsE16Rq94J96vTqCuHurPIsuB1HoAac2o9NqJ
|
||||
iYROKfpvozQN7qXbcGJyN7Pe3jes8TiT0f89iuT/Z/+pdvWzF5yVxyi3ih5F6ovS
|
||||
UQExn7RX9hfc1k5lxRTCqDI6Q0LhCENhP6W/Q6+6nx0TERiouBvdsCBrSTsjs4dT
|
||||
pdxoz21XrhmIUeMJlR6a/Y/tgPp09xdJ8CsUCDekfOmdpw==
|
||||
=zus9
|
||||
-----END PGP MESSAGE-----
|
||||
fp: DD0998E6CDF294537FC604F991FA5E5BF9AA901C
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.7.3
|
||||
|
|
|
@ -50,10 +50,10 @@ in
|
|||
Name = "${net}";
|
||||
};
|
||||
extraConfig = ''
|
||||
[Bridge]
|
||||
ForwardDelaySec=2
|
||||
STP=true
|
||||
'';
|
||||
[Bridge]
|
||||
ForwardDelaySec=2
|
||||
STP=true
|
||||
'';
|
||||
};
|
||||
# External VLAN interface
|
||||
"ext-${net}" = {
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
{ config, lib, ... }:
|
||||
|
||||
let
|
||||
cfg = config.disko.disks;
|
||||
cfg = config.disko;
|
||||
in
|
||||
{
|
||||
options.disko.disks = lib.mkOption {
|
||||
|
@ -22,12 +22,6 @@ in
|
|||
description = "Name of the disk.";
|
||||
};
|
||||
|
||||
partitionTableFormat = lib.mkOption {
|
||||
type = lib.types.enum [ "gpt" "msdos" ];
|
||||
default = "gpt";
|
||||
description = "Which parition table format to use.";
|
||||
};
|
||||
|
||||
withBoot = lib.mkOption {
|
||||
type = lib.types.bool;
|
||||
default = true;
|
||||
|
@ -36,7 +30,7 @@ in
|
|||
|
||||
withCeph = lib.mkOption {
|
||||
type = lib.types.bool;
|
||||
default = false;
|
||||
default = true;
|
||||
description = "Wether to include a ceph partition.";
|
||||
};
|
||||
|
||||
|
@ -57,7 +51,7 @@ in
|
|||
};
|
||||
|
||||
config = {
|
||||
assertions = lib.mkIf (cfg != [ ]) (lib.head (map
|
||||
assertions = lib.mkIf (cfg.disks != [ ]) (lib.head (map
|
||||
(disk: [
|
||||
{
|
||||
assertion = disk.withCeph || disk.withZfs;
|
||||
|
@ -68,31 +62,33 @@ in
|
|||
message = "Ceph requires Luks!";
|
||||
}
|
||||
])
|
||||
cfg));
|
||||
cfg.disks));
|
||||
|
||||
disko = {
|
||||
devices = lib.mkIf (cfg != [ ]) (lib.head (map
|
||||
(disk:
|
||||
let
|
||||
diskName = if disk.name != "" then "-${disk.name}" else "";
|
||||
luksName = "crypt-${config.networking.hostName}${diskName}";
|
||||
zfs = {
|
||||
size = "100%FREE";
|
||||
content = {
|
||||
pool = zfsName;
|
||||
type = "zfs";
|
||||
};
|
||||
disko.devices = lib.mkIf (cfg.disks != [ ]) (lib.head (map
|
||||
(disk:
|
||||
let
|
||||
diskName = if disk.name != "" then "-${disk.name}" else "";
|
||||
luksName = "crypt-${config.networking.hostName}${diskName}";
|
||||
rootSize = 200; # size of the zfs partition if inside of lvm
|
||||
vgName = "lvm-${config.networking.hostName}${diskName}";
|
||||
zfs = {
|
||||
size = if (!disk.withCeph) then "100%FREE" else "${toString rootSize}GiB";
|
||||
content = {
|
||||
pool = zfsName;
|
||||
type = "zfs";
|
||||
};
|
||||
zfsName = "${config.networking.hostName}${diskName}";
|
||||
in
|
||||
{
|
||||
disk.${disk.device} = {
|
||||
inherit (disk) device;
|
||||
type = "disk";
|
||||
content = {
|
||||
type = "table";
|
||||
format = disk.partitionTableFormat;
|
||||
partitions = lib.optional disk.withZfs {
|
||||
};
|
||||
zfsName = "${config.networking.hostName}${diskName}";
|
||||
in
|
||||
{
|
||||
disk.${disk.device} = {
|
||||
inherit (disk) device;
|
||||
type = "disk";
|
||||
content = {
|
||||
type = "table";
|
||||
format = "gpt";
|
||||
partitions = lib.optional disk.withZfs
|
||||
{
|
||||
name = "ESP";
|
||||
start = "1MiB";
|
||||
end = "512MiB";
|
||||
|
@ -103,87 +99,92 @@ in
|
|||
mountpoint = "/boot";
|
||||
};
|
||||
} ++ [
|
||||
{
|
||||
name = "root";
|
||||
start = if disk.withZfs then "512MiB" else "1MiB";
|
||||
end = "100%";
|
||||
part-type = "primary";
|
||||
content = lib.optionalAttrs disk.withLuks {
|
||||
{
|
||||
name = "root";
|
||||
start = if disk.withZfs then "512MiB" else "1MiB";
|
||||
end = "100%";
|
||||
part-type = "primary";
|
||||
content = lib.optionalAttrs disk.withLuks
|
||||
{
|
||||
type = "luks";
|
||||
name = luksName;
|
||||
askPassword = true;
|
||||
inherit (zfs) content;
|
||||
# trim potential new lines to not have them in the password
|
||||
keyFile = "tr -d '\n' </$PWD/keyFile";
|
||||
content = {
|
||||
type = "lvm_pv";
|
||||
vg = vgName;
|
||||
};
|
||||
} // lib.optionalAttrs (!disk.withLuks) zfs.content;
|
||||
}
|
||||
];
|
||||
};
|
||||
}
|
||||
];
|
||||
};
|
||||
} // {
|
||||
zpool.${zfsName} = {
|
||||
type = "zpool";
|
||||
# -O
|
||||
rootFsOptions = {
|
||||
acltype = "posixacl";
|
||||
compression = "zstd";
|
||||
dnodesize = "auto";
|
||||
normalization = "formD";
|
||||
xattr = "sa";
|
||||
};
|
||||
# -o
|
||||
options = {
|
||||
ashift = "12";
|
||||
autotrim = "on";
|
||||
};
|
||||
datasets =
|
||||
let
|
||||
dataset = mountpoint: {
|
||||
};
|
||||
} // lib.optionalAttrs disk.withLuks {
|
||||
lvm_vg.${vgName} = {
|
||||
type = "lvm_vg";
|
||||
lvs = lib.optionalAttrs disk.withCeph
|
||||
{
|
||||
ceph.size = "100%FREE";
|
||||
} // lib.optionalAttrs disk.withZfs { inherit zfs; };
|
||||
};
|
||||
} // {
|
||||
zpool.${zfsName} = {
|
||||
type = "zpool";
|
||||
rootFsOptions.acltype = "posixacl";
|
||||
options = {
|
||||
ashift = "12";
|
||||
autotrim = "on";
|
||||
};
|
||||
datasets =
|
||||
let
|
||||
dataset = mountpoint: {
|
||||
inherit mountpoint;
|
||||
options = {
|
||||
canmount = "on";
|
||||
compression = "zstd";
|
||||
dnodesize = "auto";
|
||||
normalization = "formD";
|
||||
xattr = "sa";
|
||||
inherit mountpoint;
|
||||
options = {
|
||||
canmount = "on";
|
||||
inherit mountpoint;
|
||||
};
|
||||
type = "zfs_fs";
|
||||
};
|
||||
|
||||
datasetNoMount = {
|
||||
mountpoint = null;
|
||||
options = {
|
||||
canmount = "off";
|
||||
mountpoint = "none";
|
||||
};
|
||||
type = "zfs_fs";
|
||||
};
|
||||
in
|
||||
{
|
||||
"root" = dataset "/";
|
||||
"data" = datasetNoMount;
|
||||
# used by services.postgresqlBackup and later by restic
|
||||
"data/backup" = dataset "/var/backup";
|
||||
"data/etc" = dataset "/etc";
|
||||
"data/lib" = dataset "/var/lib";
|
||||
"home" = dataset "/home";
|
||||
"nix" = lib.recursiveUpdate (dataset "/nix") {
|
||||
options.atime = "off";
|
||||
};
|
||||
"nix/store" = dataset "/nix/store";
|
||||
"nix/var" = dataset "/nix/var";
|
||||
# zfs uses copy on write and requires some free space to delete files when the disk is completely filled
|
||||
"reserved" = lib.recursiveUpdate (dataset "reserved") {
|
||||
mountpoint = null;
|
||||
options = {
|
||||
canmount = "off";
|
||||
mountpoint = "none";
|
||||
reservation = "5GiB";
|
||||
};
|
||||
type = "zfs_fs";
|
||||
};
|
||||
type = "zfs_fs";
|
||||
};
|
||||
};
|
||||
})
|
||||
cfg));
|
||||
|
||||
# we do not want changes to this module render machines unbootable
|
||||
enableConfig = false;
|
||||
};
|
||||
in
|
||||
{
|
||||
"data" = dataset "/";
|
||||
"data/etc" = dataset "/etc";
|
||||
"data/home" = dataset "/home";
|
||||
"data/var" = dataset "/var";
|
||||
# used by services.postgresqlBackup and later by restic
|
||||
"data/var/backup" = dataset "/var/backup";
|
||||
"data/var/lib" = dataset "/var/lib";
|
||||
"data/var/log" = dataset "/var/log";
|
||||
"nixos" = lib.recursiveUpdate (dataset "nixos") {
|
||||
mountpoint = null;
|
||||
options = {
|
||||
canmount = "off";
|
||||
mountpoint = "none";
|
||||
};
|
||||
type = "zfs_fs";
|
||||
};
|
||||
"nixos/nix" = dataset "/nix";
|
||||
"nixos/nix/store" = lib.recursiveUpdate (dataset "/nix/store") {
|
||||
options.atime = "off";
|
||||
};
|
||||
"nixos/nix/var" = dataset "/nix/var";
|
||||
# zfs uses copy on write and requires some free space to delete files when the disk is completely filled
|
||||
"reserved" = lib.recursiveUpdate (dataset "reserved") {
|
||||
mountpoint = null;
|
||||
options = {
|
||||
canmount = "off";
|
||||
mountpoint = "none";
|
||||
reservation = "5GiB";
|
||||
};
|
||||
type = "zfs_fs";
|
||||
};
|
||||
};
|
||||
};
|
||||
})
|
||||
cfg.disks));
|
||||
};
|
||||
}
|
||||
|
|
|
@ -1,30 +0,0 @@
|
|||
{ config, lib, ... }:
|
||||
let
|
||||
cfg = config.services.gitea-actions;
|
||||
in {
|
||||
options.services.gitea-actions.enableRegistrar = lib.mkEnableOption "gitea";
|
||||
|
||||
config.systemd.services = lib.genAttrs (builtins.genList (n: "gitea-runner-nix${builtins.toString n}-token") cfg.numInstances) (name: {
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
after = lib.optional config.services.gitea.enable "gitea.service";
|
||||
unitConfig.ConditionPathExists = [ "!/var/lib/gitea-registration/${name}" ];
|
||||
script = ''
|
||||
set -euo pipefail
|
||||
token=$(${lib.getExe config.services.gitea.package} actions generate-runner-token)
|
||||
echo "TOKEN=$token" > /var/lib/gitea-registration/${name}
|
||||
'';
|
||||
|
||||
environment = {
|
||||
GITEA_CUSTOM = "/var/lib/gitea/custom";
|
||||
GITEA_WORK_DIR = "/var/lib/gitea";
|
||||
};
|
||||
|
||||
serviceConfig = {
|
||||
User = "gitea";
|
||||
Group = "gitea";
|
||||
StateDirectory = "gitea-registration";
|
||||
Type = "oneshot";
|
||||
RemainAfterExit = true;
|
||||
};
|
||||
});
|
||||
}
|
|
@ -1,220 +0,0 @@
|
|||
{ config, pkgs, lib, ... }:
|
||||
let
|
||||
cfg = config.services.gitea-actions;
|
||||
storeDeps = pkgs.buildEnv {
|
||||
name = "store-deps";
|
||||
paths = (with pkgs; [
|
||||
bash
|
||||
cacert
|
||||
coreutils
|
||||
curl
|
||||
findutils
|
||||
gawk
|
||||
git
|
||||
gnugrep
|
||||
jq
|
||||
nix
|
||||
nodejs
|
||||
openssh
|
||||
]) ++ cfg.storeDependencies;
|
||||
};
|
||||
in {
|
||||
options = {
|
||||
services.gitea-actions = {
|
||||
enableRunner = lib.mkEnableOption "gitea-actions-runner";
|
||||
|
||||
giteaUrl = lib.mkOption {
|
||||
type = lib.types.str;
|
||||
default = config.services.gitea.settings.server.ROOT_URL;
|
||||
};
|
||||
|
||||
numInstances = lib.mkOption {
|
||||
type = lib.types.ints.unsigned;
|
||||
default = 2;
|
||||
description = "Number of instances of the gitea-actions-runner service to create";
|
||||
};
|
||||
|
||||
storeDependencies = lib.mkOption {
|
||||
type = lib.types.listOf lib.types.package;
|
||||
default = [];
|
||||
description = "List of packages to symlink into the container";
|
||||
};
|
||||
|
||||
additionalFlakeConfig = lib.mkOption {
|
||||
type = lib.types.str;
|
||||
default = "";
|
||||
example = "accept-flake-config = true";
|
||||
description = "Additional configuration to add to the nix.conf file";
|
||||
};
|
||||
|
||||
kvm = lib.mkOption {
|
||||
type = lib.types.bool;
|
||||
default = false;
|
||||
description = "Enable KVM passthrough for the container";
|
||||
};
|
||||
|
||||
zfsDataset = lib.mkOption {
|
||||
type = lib.types.str;
|
||||
default = "zroot/root/podman";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
config = lib.mkIf cfg.enableRunner (lib.mkMerge [
|
||||
{
|
||||
systemd.services.gitea-runner-nix-image = {
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
after = [ "podman.service" ];
|
||||
requires = [ "podman.service" ];
|
||||
script = ''
|
||||
set -eu -o pipefail
|
||||
mkdir -p etc/nix
|
||||
|
||||
# Create an unpriveleged user that we can use also without the run-as-user.sh script
|
||||
touch etc/passwd etc/group
|
||||
groupid=$(cut -d: -f3 < <(getent group gitea-actions))
|
||||
userid=$(cut -d: -f3 < <(getent passwd gitea-actions))
|
||||
groupadd --prefix $(pwd) --gid "$groupid" gitea-actions
|
||||
emptypassword='$y$j9T$dLJlazrLCVKcOQ/zmu60E1$bAkbdgDaiz7niknOCasvKW3Tjxeca6WA/1fNe4UpeeC'
|
||||
useradd --prefix $(pwd) -p "$emptypassword" -m -d /tmp -u "$userid" -g "$groupid" -G gitea-actions gitea-actions
|
||||
|
||||
cat <<NIX_CONFIG > etc/nix/nix.conf
|
||||
experimental-features = nix-command flakes
|
||||
${cfg.additionalFlakeConfig}
|
||||
NIX_CONFIG
|
||||
|
||||
cat <<NSSWITCH > etc/nsswitch.conf
|
||||
passwd: files mymachines systemd
|
||||
group: files mymachines systemd
|
||||
shadow: files
|
||||
|
||||
hosts: files mymachines dns myhostname
|
||||
networks: files
|
||||
|
||||
ethers: files
|
||||
services: files
|
||||
protocols: files
|
||||
rpc: files
|
||||
NSSWITCH
|
||||
|
||||
# list the content as it will be imported into the container
|
||||
tar -cv . | tar -tvf -
|
||||
tar -cv . | podman import - gitea-runner-nix
|
||||
'';
|
||||
|
||||
path = with pkgs; [
|
||||
config.virtualisation.podman.package
|
||||
getent
|
||||
gnutar
|
||||
shadow
|
||||
];
|
||||
|
||||
serviceConfig = {
|
||||
RuntimeDirectory = "gitea-runner-nix-image";
|
||||
WorkingDirectory = "/run/gitea-runner-nix-image";
|
||||
Type = "oneshot";
|
||||
RemainAfterExit = true;
|
||||
};
|
||||
};
|
||||
|
||||
users = {
|
||||
groups.gitea-actions = { };
|
||||
users.gitea-actions = {
|
||||
group = "gitea-actions";
|
||||
description = "Used for running nix ci jobs";
|
||||
home = "/run/gitea-runner-nix-image";
|
||||
isSystemUser = true;
|
||||
};
|
||||
};
|
||||
}
|
||||
{
|
||||
virtualisation = {
|
||||
podman.enable = true;
|
||||
containers = {
|
||||
# remove domain name from DoT addresses
|
||||
containersConf.settings.containers.dns_servers = map (addr: toString (lib.take 1 (builtins.split "#" addr))) config.networking.nameservers;
|
||||
storage.settings.storage.options.zfs.fsname = lib.mkIf config.boot.zfs.enabled "${cfg.zfsDataset}";
|
||||
};
|
||||
};
|
||||
}
|
||||
{
|
||||
systemd.services = lib.genAttrs (builtins.genList (n: "gitea-runner-nix${builtins.toString n}") cfg.numInstances) (name: {
|
||||
after = [
|
||||
"gitea-runner-nix-image.service"
|
||||
];
|
||||
|
||||
requires = [
|
||||
"gitea-runner-nix-image.service"
|
||||
];
|
||||
|
||||
serviceConfig = {
|
||||
AmbientCapabilities = "";
|
||||
CapabilityBoundingSet = "";
|
||||
DeviceAllow = "";
|
||||
NoNewPrivileges = true;
|
||||
PrivateDevices = true;
|
||||
PrivateMounts = true;
|
||||
PrivateTmp = true;
|
||||
PrivateUsers = true;
|
||||
ProtectClock = true;
|
||||
ProtectControlGroups = true;
|
||||
ProtectHome = true;
|
||||
ProtectHostname = true;
|
||||
ProtectKernelLogs = true;
|
||||
ProtectKernelModules = true;
|
||||
ProtectKernelTunables = true;
|
||||
ProtectSystem = "strict";
|
||||
RemoveIPC = true;
|
||||
RestrictNamespaces = true;
|
||||
RestrictRealtime = true;
|
||||
RestrictSUIDSGID = true;
|
||||
UMask = "0066";
|
||||
ProtectProc = "invisible";
|
||||
PrivateNetwork = false;
|
||||
MemoryDenyWriteExecute = false;
|
||||
ProcSubset = "all";
|
||||
LockPersonality = false;
|
||||
DynamicUser = true;
|
||||
SystemCallFilter = [
|
||||
"~@clock"
|
||||
"~@cpu-emulation"
|
||||
"~@module"
|
||||
"~@mount"
|
||||
"~@obsolete"
|
||||
"~@privileged"
|
||||
"~@raw-io"
|
||||
"~@reboot"
|
||||
"~@swap"
|
||||
"~capset"
|
||||
"~setdomainname"
|
||||
"~sethostname"
|
||||
];
|
||||
|
||||
RestrictAddressFamilies = [
|
||||
"AF_INET"
|
||||
"AF_INET6"
|
||||
"AF_UNIX"
|
||||
"AF_NETLINK"
|
||||
];
|
||||
};
|
||||
});
|
||||
|
||||
services.gitea-actions-runner.instances = lib.genAttrs (builtins.genList (n: "nix${builtins.toString n}") cfg.numInstances) (iname: {
|
||||
enable = true;
|
||||
name = config.networking.hostName;
|
||||
url = cfg.giteaUrl;
|
||||
tokenFile = "/var/lib/gitea-runner/${iname}/token";
|
||||
labels = [ "nix:docker://gitea-runner-nix" ];
|
||||
settings.container = {
|
||||
options = "-e NIX_BUILD_SHELL=/bin/bash -e PAGER=cat -e PATH=/bin -e SSL_CERT_FILE=/etc/ssl/certs/ca-bundle.crt${lib.optionalString cfg.kvm " --device /dev/kvm"} -v /nix:/nix -v ${storeDeps}/bin:/bin -v ${storeDeps}/etc/ssl:/etc/ssl --user gitea-actions";
|
||||
network = "host";
|
||||
valid_volumes = [
|
||||
"/nix"
|
||||
"${storeDeps}/bin"
|
||||
"${storeDeps}/etc/ssl"
|
||||
];
|
||||
};
|
||||
});
|
||||
}
|
||||
]);
|
||||
}
|
|
@ -9,10 +9,6 @@
|
|||
|
||||
boot = {
|
||||
loader.grub.enable = false;
|
||||
initrd.kernelModules = [
|
||||
# required for net.netfilter.nf_conntrack_max appearing in sysfs early at boot
|
||||
"nf_conntrack"
|
||||
];
|
||||
kernel.sysctl =
|
||||
let
|
||||
mem = if (config?microvm) then config.microvm.mem else config.deployment.mem;
|
||||
|
@ -20,8 +16,12 @@
|
|||
lib.optionalAttrs (mem <= 2*1024) {
|
||||
# table overflow causing packets from nginx to the service to drop
|
||||
# nf_conntrack: nf_conntrack: table full, dropping packet
|
||||
"net.netfilter.nf_conntrack_max" = lib.mkDefault "65536";
|
||||
"net.netfilter.nf_conntrack_max" = "65536";
|
||||
};
|
||||
kernelModules = [
|
||||
# required for net.netfilter.nf_conntrack_max appearing in sysfs early at boot
|
||||
"nf_conntrack"
|
||||
];
|
||||
kernelParams = [
|
||||
"preempt=none"
|
||||
# No server/router runs any untrusted user code
|
||||
|
@ -37,9 +37,8 @@
|
|||
|
||||
# nix store is mounted read only
|
||||
nix = {
|
||||
enable = lib.mkDefault false;
|
||||
enable = false;
|
||||
gc.automatic = false;
|
||||
optimise.automatic = false;
|
||||
};
|
||||
|
||||
systemd.tmpfiles.rules = [
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
{ self, config, lib, options, pkgs, ... }:
|
||||
{ self, config, lib, pkgs, ... }:
|
||||
{
|
||||
options = with lib; {
|
||||
c3d2.deployment.microvmBaseZfsDataset = mkOption {
|
||||
|
@ -21,14 +21,8 @@
|
|||
builtins.filter (name:
|
||||
(self.nixosConfigurations.${name}.config.c3d2.deployment.server or null) == config.networking.hostName
|
||||
) (builtins.attrNames self.nixosConfigurations);
|
||||
|
||||
# don't enable microvm host options in live iso's
|
||||
host.enable = if (options?isoImage) then false else true;
|
||||
};
|
||||
|
||||
# allow microvm access to zvol
|
||||
users.users.microvm.extraGroups = [ "disk" ];
|
||||
|
||||
systemd.services = {
|
||||
"microvm-virtiofsd@" = {
|
||||
requires = [ "microvm-zfs-datasets@%i.service" ];
|
||||
|
@ -48,7 +42,7 @@
|
|||
};
|
||||
path = with pkgs; [ zfs ];
|
||||
scriptArgs = "%i";
|
||||
script = /* bash */ ''
|
||||
script = ''
|
||||
zfsExists() {
|
||||
zfs list $1 >/dev/null 2>/dev/null
|
||||
}
|
||||
|
@ -80,7 +74,7 @@
|
|||
environment.systemPackages = [ (
|
||||
# Provide a manual updating script that fetches the latest
|
||||
# updated+built system from Hydra
|
||||
pkgs.writeScriptBin "update-microvm" /* bash */ ''
|
||||
pkgs.writeScriptBin "update-microvm" ''
|
||||
#! ${pkgs.runtimeShell} -e
|
||||
|
||||
if [ $# -lt 1 ]; then
|
||||
|
|
|
@ -56,6 +56,7 @@ in
|
|||
mounts = mkOption {
|
||||
description = "Persistent filesystems to create, without leading /.";
|
||||
type = with types; listOf str;
|
||||
default = [ "etc" "home" "var" ];
|
||||
};
|
||||
|
||||
mountBase = mkOption {
|
||||
|
@ -66,12 +67,6 @@ in
|
|||
};
|
||||
|
||||
config = {
|
||||
c3d2.deployment.mounts = [ "etc" "home" "var" ];
|
||||
|
||||
# make mounts like /etc /home /var available early so that they can be used in system.activationScripts
|
||||
fileSystems = lib.genAttrs (map (x: "/" + x) config.c3d2.deployment.mounts)
|
||||
(_: { neededForBoot = true; });
|
||||
|
||||
microvm = {
|
||||
hypervisor = lib.mkDefault "cloud-hypervisor";
|
||||
mem = lib.mkDefault 512;
|
||||
|
|
|
@ -0,0 +1,133 @@
|
|||
{ config, lib, ... }:
|
||||
|
||||
let
|
||||
nncpCfgFile = "/run/nncp.hjson";
|
||||
programCfg = lib.optionalAttrs (config.programs ? nncp) config.programs.nncp;
|
||||
callerCfg = config.services.nncp.caller;
|
||||
daemonCfg = config.services.nncp.daemon;
|
||||
pkg = programCfg.package;
|
||||
in
|
||||
{
|
||||
options = {
|
||||
|
||||
services.nncp = {
|
||||
caller = {
|
||||
enable = lib.mkEnableOption ''
|
||||
croned NNCP TCP daemon caller.
|
||||
The daemon will take configuration from
|
||||
<xref linkend="opt-programs.nncp.settings"/>
|
||||
'';
|
||||
extraArgs = lib.mkOption {
|
||||
type = with lib.types; listOf str;
|
||||
description = "Extra command-line arguments to pass to caller.";
|
||||
default = [ ];
|
||||
example = [ "-autotoss" ];
|
||||
};
|
||||
};
|
||||
|
||||
daemon = {
|
||||
enable = lib.mkEnableOption ''
|
||||
NNCP TCP synronization daemon.
|
||||
The daemon will take configuration from
|
||||
<xref linkend="opt-programs.nncp.settings"/>
|
||||
'';
|
||||
|
||||
socketActivation = {
|
||||
enable = lib.mkEnableOption ''
|
||||
Whether to run nncp-daemon persistently or socket-activated.
|
||||
'';
|
||||
listenStreams = lib.mkOption {
|
||||
type = with lib.types; listOf str;
|
||||
description = ''
|
||||
TCP sockets to bind to.
|
||||
See <xref linkend="opt-systemd.sockets._name_.listenStreams"/>.
|
||||
'';
|
||||
default = [ "5400" ];
|
||||
};
|
||||
};
|
||||
|
||||
extraArgs = lib.mkOption {
|
||||
type = with lib.types; listOf str;
|
||||
description = "Extra command-line arguments to pass to daemon.";
|
||||
default = [ ];
|
||||
example = [ "-autotoss" ];
|
||||
};
|
||||
};
|
||||
|
||||
};
|
||||
};
|
||||
|
||||
config = lib.mkIf (programCfg.enable or callerCfg.enable or daemonCfg.enable) {
|
||||
assertions = [{
|
||||
assertion =
|
||||
let
|
||||
callerCongfigured =
|
||||
let neigh = config.programs.nncp.settings.neigh or { };
|
||||
in lib.lists.any (x: lib.hasAttr "calls" x && x.calls != [ ])
|
||||
(lib.attrValues neigh);
|
||||
in
|
||||
!callerCfg.enable || callerCongfigured;
|
||||
message = "NNCP caller enabled but call configuration is missing";
|
||||
}];
|
||||
|
||||
systemd.services = {
|
||||
"nncp-caller" = {
|
||||
inherit (callerCfg) enable;
|
||||
description = "Croned NNCP TCP daemon caller.";
|
||||
documentation = [ "http://www.nncpgo.org/nncp_002dcaller.html" ];
|
||||
after = [ "network.target" ];
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
serviceConfig = {
|
||||
ExecStart = ''
|
||||
${pkg}/bin/nncp-caller -noprogress -cfg "${nncpCfgFile}" ${
|
||||
lib.strings.escapeShellArgs callerCfg.extraArgs
|
||||
}'';
|
||||
Group = "uucp";
|
||||
UMask = "0002";
|
||||
};
|
||||
};
|
||||
|
||||
"nncp-daemon" = lib.mkIf daemonCfg.enable {
|
||||
enable = !daemonCfg.socketActivation.enable;
|
||||
description = "NNCP TCP syncronization daemon.";
|
||||
documentation = [ "http://www.nncpgo.org/nncp_002ddaemon.html" ];
|
||||
after = [ "network.target" ];
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
serviceConfig = {
|
||||
ExecStart = ''
|
||||
${pkg}/bin/nncp-daemon -noprogress -cfg "${nncpCfgFile}" ${
|
||||
lib.strings.escapeShellArgs daemonCfg.extraArgs
|
||||
}'';
|
||||
Restart = "on-failure";
|
||||
Group = "uucp";
|
||||
UMask = "0002";
|
||||
};
|
||||
};
|
||||
|
||||
"nncp-daemon@" = lib.mkIf daemonCfg.socketActivation.enable {
|
||||
description = "NNCP TCP syncronization daemon.";
|
||||
documentation = [ "http://www.nncpgo.org/nncp_002ddaemon.html" ];
|
||||
after = [ "network.target" ];
|
||||
serviceConfig = {
|
||||
ExecStart = ''
|
||||
${pkg}/bin/nncp-daemon -noprogress -ucspi -cfg "${nncpCfgFile}" ${
|
||||
lib.strings.escapeShellArgs daemonCfg.extraArgs
|
||||
}'';
|
||||
Group = "uucp";
|
||||
UMask = "0002";
|
||||
StandardInput = "socket";
|
||||
StandardOutput = "inherit";
|
||||
StandardError = "journal";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
systemd.sockets.nncp-daemon = lib.mkIf daemonCfg.socketActivation.enable {
|
||||
inherit (daemonCfg.socketActivation) listenStreams;
|
||||
description = "socket for NNCP TCP syncronization.";
|
||||
conflicts = [ "nncp-daemon.service" ];
|
||||
wantedBy = [ "sockets.target" ];
|
||||
socketConfig.Accept = true;
|
||||
};
|
||||
};
|
||||
}
|
|
@ -71,7 +71,6 @@ in
|
|||
serviceConfig = {
|
||||
User = cfg.user;
|
||||
Group = cfg.group;
|
||||
Restart = "on-failure";
|
||||
WorkingDirectory = config.users.users.${cfg.user}.home;
|
||||
};
|
||||
};
|
||||
|
|
|
@ -24,7 +24,7 @@
|
|||
enable = true;
|
||||
flushBeforeStage2 = false;
|
||||
# DHCP: 120 tries every 1 second
|
||||
udhcpc.extraArgs = lib.mkIf (!config.boot.initrd.systemd.enable) [ "-t" "120" "-T" "1" ];
|
||||
udhcpc.extraArgs = [ "-t" "120" "-T" "1" ];
|
||||
};
|
||||
supportedFilesystems = lib.mkForce [
|
||||
"nfs"
|
||||
|
@ -34,8 +34,6 @@
|
|||
"genet"
|
||||
"usbhid"
|
||||
];
|
||||
# TODO: pending https://github.com/NixOS/nixpkgs/pull/270611
|
||||
systemd.enable = lib.mkForce false;
|
||||
};
|
||||
|
||||
tmp.useTmpfs = true;
|
||||
|
|
|
@ -40,15 +40,15 @@ in
|
|||
entropy = "";
|
||||
load = "";
|
||||
swap = "";
|
||||
cgroups = "";
|
||||
vmem = "";
|
||||
interface = "";
|
||||
} // lib.optionalAttrs isMetal {
|
||||
sensors = "";
|
||||
cpufreq = "";
|
||||
irq = "";
|
||||
thermal = "";
|
||||
} // lib.optionalAttrs (isMetal && config.nixpkgs.system == "x86_64-linux") {
|
||||
ipmi = "";
|
||||
thermal = "";
|
||||
} // lib.optionalAttrs config.services.nginx.enable {
|
||||
nginx = ''
|
||||
URL "http://localhost:${toString nginxStatusPort}/nginx_status"
|
||||
|
|
|
@ -79,6 +79,19 @@ with final; {
|
|||
|
||||
mlat-client = python3Packages.callPackage ./mlat-client.nix { };
|
||||
|
||||
nixVersions = prev.nixVersions // {
|
||||
stable = (prev.nixVersions.stable.override { withAWS = false; }).overrideAttrs ({ patches ? [ ], ...}: {
|
||||
patches = patches ++ [
|
||||
# request compression
|
||||
# TODO: drop with 23.11
|
||||
(fetchpatch {
|
||||
url = "https://github.com/NixOS/nix/pull/7712.patch";
|
||||
sha256 = "sha256-mAx2h0/r7HayvTjMMxmewaD+L4OOB2gRJaQb3JEb0rk=";
|
||||
})
|
||||
];
|
||||
});
|
||||
};
|
||||
|
||||
openssh = prev.openssh.overrideAttrs (_: {
|
||||
# takes 30 minutes
|
||||
doCheck = false;
|
||||
|
@ -92,6 +105,8 @@ with final; {
|
|||
|
||||
readsb = callPackage ./readsb.nix { };
|
||||
|
||||
schalterd = callPackage ./schalterd.nix { };
|
||||
|
||||
telme10 = callPackage ./telme10.nix { };
|
||||
|
||||
tracer-game =
|
||||
|
|
|
@ -2,12 +2,12 @@
|
|||
|
||||
buildPythonApplication rec {
|
||||
pname = "mlat-client";
|
||||
version = "unstable-2023-12-22";
|
||||
version = "0.4.2";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "adsbxchange";
|
||||
repo = "mlat-client";
|
||||
rev = "fabefdc3543702c6ef950111b94981162c45147d";
|
||||
hash = "sha256-7FgyoZ08hGoMJWb1O/duIfiVb0udt8jwSoRSDTQ1Y+g=";
|
||||
rev = "v${version}";
|
||||
hash = "sha256-V//LpYmBXtT8haX1aZ4XldzzyUY2YN7x3lTpQ2csTmw=";
|
||||
};
|
||||
}
|
||||
|
|
|
@ -0,0 +1,15 @@
|
|||
{ pkgsCross, fetchFromGitHub }:
|
||||
|
||||
pkgsCross.armv7l-hf-multiplatform.pkgsStatic.rustPlatform.buildRustPackage {
|
||||
name = "schalterd";
|
||||
|
||||
src = "${fetchFromGitHub {
|
||||
owner = "astro";
|
||||
repo = "spacemsg";
|
||||
# master of 2023-07-02
|
||||
rev = "a825a738544e62c285f4497c151a73d417326da2";
|
||||
sha256 = "sha256-8sM2GdQ2nJ3YCCF5+ZW0vBNTKL3/ulY1/fmyw++5UQQ=";
|
||||
}}/schalterd";
|
||||
|
||||
cargoSha256 = "sha256-OdNztl4XQML2UqK/4BLzKed3pBJNd9rIwHEXaIzLQ4U=";
|
||||
}
|
58
packages.nix
58
packages.nix
|
@ -30,7 +30,7 @@ lib.attrsets.mapAttrs
|
|||
ln -s $src $out
|
||||
'';
|
||||
|
||||
list-upgradable = pkgs.writeShellScriptBin "list-upgradable" ''
|
||||
list-upgradable = pkgs.writeScriptBin "list-upgradable" ''
|
||||
set -eou pipefail
|
||||
|
||||
NORMAL="\033[0m"
|
||||
|
@ -41,7 +41,7 @@ lib.attrsets.mapAttrs
|
|||
${lib.concatMapStringsSep "\n" (name:
|
||||
let
|
||||
addr = getHostAddr name;
|
||||
in lib.optionalString (addr != null) /* bash */ ''
|
||||
in lib.optionalString (addr != null) ''
|
||||
echo -n -e "${name}: $RED"
|
||||
RUNNING=$(ssh -o PreferredAuthentications=publickey -o StrictHostKeyChecking=accept-new root@"${addr}" "readlink /run/current-system")
|
||||
if [ $? = 0 ] && [ -n "$RUNNING" ]; then
|
||||
|
@ -77,7 +77,7 @@ lib.attrsets.mapAttrs
|
|||
'') (builtins.attrNames self.nixosConfigurations)}
|
||||
'';
|
||||
|
||||
prebuild-all-remote = pkgs.writeShellScriptBin "prebuild-all" ''
|
||||
prebuild-all-remote = pkgs.writeScriptBin "prebuild-all" ''
|
||||
set -eou pipefail
|
||||
|
||||
nix copy --no-check-sigs --to ssh-ng://$1 ${inputPaths}
|
||||
|
@ -93,11 +93,10 @@ lib.attrsets.mapAttrs
|
|||
let
|
||||
discardStringCtx = builtins.unsafeDiscardStringContext;
|
||||
host = getHostAddr name;
|
||||
target = "root@${host}";
|
||||
target = ''root@"${host}"'';
|
||||
rebuildArg = "--flake ${self}#${name} ${overrideInputsArgs} --accept-flake-config";
|
||||
hostConfig = self.nixosConfigurations."${name}".config;
|
||||
declaredRunnerDrvPath = discardStringCtx hostConfig.microvm.declaredRunner.drvPath;
|
||||
declaredRunnerOutPath = discardStringCtx hostConfig.microvm.declaredRunner.outPath;
|
||||
toplevelDrvPath = discardStringCtx hostConfig.system.build.toplevel.drvPath;
|
||||
toplevelOutPath = discardStringCtx hostConfig.system.build.toplevel.outPath;
|
||||
# let /var/lib/microvm/*/flake point to the flake-update branch so that
|
||||
|
@ -108,7 +107,7 @@ lib.attrsets.mapAttrs
|
|||
# Generate a small script for copying this flake to the
|
||||
# remote machine and bulding and switching there.
|
||||
# Can be run with `nix run c3d2#…-nixos-rebuild switch`
|
||||
"${name}-nixos-rebuild" = pkgs.writeShellScriptBin "${name}-nixos-rebuild" ''
|
||||
"${name}-nixos-rebuild" = pkgs.writeScriptBin "${name}-nixos-rebuild" ''
|
||||
set -eou pipefail
|
||||
|
||||
${lib.optionalString (hostConfig.c3d2.deployment.server or "" != "") ''
|
||||
|
@ -127,13 +126,13 @@ lib.attrsets.mapAttrs
|
|||
ssh ${target} bash -e <<END
|
||||
set -eou pipefail
|
||||
|
||||
nix build --no-link ${toplevelDrvPath}^*
|
||||
nix build --no-link ${toplevelDrvPath}
|
||||
${discardStringCtx hostConfig.nix.package}/bin/nix-env -p /nix/var/nix/profiles/system --set ${toplevelOutPath}
|
||||
${toplevelOutPath}/bin/switch-to-configuration "''${@:-switch}"
|
||||
END
|
||||
'';
|
||||
|
||||
"${name}-nixos-rebuild-hydra" = pkgs.writeShellScriptBin "${name}-nixos-rebuild" /* bash */ ''
|
||||
"${name}-nixos-rebuild-hydra" = pkgs.writeScriptBin "${name}-nixos-rebuild" ''
|
||||
set -eou pipefail
|
||||
|
||||
echo Copying Flakes
|
||||
|
@ -160,11 +159,11 @@ lib.attrsets.mapAttrs
|
|||
EOF
|
||||
'';
|
||||
|
||||
"${name}-nixos-rebuild-local" = pkgs.writeShellScriptBin "${name}-nixos-rebuild" /* bash */ ''
|
||||
"${name}-nixos-rebuild-local" = pkgs.writeScriptBin "${name}-nixos-rebuild" ''
|
||||
set -eou pipefail
|
||||
|
||||
if [[ ''${1:-} == build ]]; then
|
||||
hostname="$(ssh root@${target} cat /etc/hostname)"
|
||||
if [[ ''${1:-} == build; then
|
||||
hostname=$(ssh root@${target} cat /etc/hostname)"
|
||||
if [[ "$hostname" != ${name} ]]; then
|
||||
echo "hostname of ${target} was expected to be ${name} but is $hostname. Aborting to be safe..."
|
||||
exit 2
|
||||
|
@ -174,12 +173,12 @@ lib.attrsets.mapAttrs
|
|||
_NIXOS_REBUILD_REEXEC=1 ${lib.getExe pkgs.nixos-rebuild} ${rebuildArg} --target-host ${target} --use-remote-sudo "$@"
|
||||
'';
|
||||
|
||||
"${name}-cleanup" = pkgs.writeShellScriptBin "${name}-cleanup" ''
|
||||
"${name}-cleanup" = pkgs.writeScriptBin "${name}-cleanup" ''
|
||||
set -eou pipefail
|
||||
ssh ${target} "time nix-collect-garbage -d && time nix-store --optimise"
|
||||
'';
|
||||
} // (let
|
||||
createDirsCopyCurrent = name: /* bash */ ''
|
||||
createDirsCopyCurrent = name: ''
|
||||
mkdir -p /var/lib/microvms/${name}
|
||||
cd /var/lib/microvms/${name}
|
||||
chown root:kvm .
|
||||
|
@ -188,35 +187,32 @@ lib.attrsets.mapAttrs
|
|||
rm -f old
|
||||
[ -e current ] && cp --no-dereference current old
|
||||
'';
|
||||
createSymlinks = name: let
|
||||
gcrootDir = "/nix/var/nix/gcroots/microvm";
|
||||
in /* bash */ ''
|
||||
createSymlinks = name: ''
|
||||
if [[ -e old ]]; then
|
||||
echo System package diff:
|
||||
nix --extra-experimental-features nix-command store diff-closures ./old ./current || true
|
||||
fi
|
||||
|
||||
mkdir -p ${gcrootDir}
|
||||
ln -sfT \$PWD/current ${gcrootDir}/${name}
|
||||
ln -sfT \$PWD/booted ${gcrootDir}/booted-${name}
|
||||
ln -sfT \$PWD/old ${gcrootDir}/old-${name}
|
||||
ln -sfT \$PWD/current /nix/var/nix/gcroots/microvm/${name}
|
||||
ln -sfT \$PWD/booted /nix/var/nix/gcroots/microvm/booted-${name}
|
||||
ln -sfT \$PWD/old /nix/var/nix/gcroots/microvm/old-${name}
|
||||
'';
|
||||
in {
|
||||
|
||||
"microvm-update-${name}" = pkgs.writeShellScriptBin "microvm-update-${name}" (
|
||||
"microvm-update-${name}" = pkgs.writeScriptBin "microvm-update-${name}" (
|
||||
if builtins.elem (hostConfig.c3d2.deployment.server or null) [ "server9" "server10" ]
|
||||
then let
|
||||
closureInfo = pkgs.closureInfo { rootPaths = [ hostConfig.system.build.toplevel ]; };
|
||||
in ''
|
||||
set -eou pipefail
|
||||
|
||||
${hostConfig.system.build.copyToServer} ${declaredRunnerDrvPath} ${discardStringCtx closureInfo.drvPath} ${discardStringCtx hostConfig.nix.package}
|
||||
${hostConfig.system.build.copyToServer} ${declaredRunnerDrvPath} ${discardStringCtx closureInfo.drvPath}
|
||||
|
||||
${hostConfig.system.build.runOnServer} NIXOS_REBUILD="''${NIXOS_REBUILD:-}" bash -e <<END
|
||||
${createDirsCopyCurrent name}
|
||||
|
||||
nix build -L --accept-flake-config -o current ${declaredRunnerDrvPath}^*
|
||||
nix build -L --accept-flake-config --no-link ${discardStringCtx closureInfo.drvPath}^*
|
||||
nix build -L --accept-flake-config -o current ${declaredRunnerDrvPath}
|
||||
nix build -L --accept-flake-config --no-link ${discardStringCtx closureInfo.drvPath}
|
||||
echo '${selfRef}' > flake
|
||||
|
||||
${createSymlinks name}
|
||||
|
@ -250,7 +246,7 @@ lib.attrsets.mapAttrs
|
|||
else throw "${name} is not configured to run on microvm.nix. Is it a physical host or is it deployed in Skyflake?"
|
||||
);
|
||||
|
||||
"microvm-update-${name}-local" = pkgs.writeShellScriptBin "microvm-update-${name}" ''
|
||||
"microvm-update-${name}-local" = pkgs.writeScriptBin "microvm-update-${name}" ''
|
||||
set -eou pipefail
|
||||
|
||||
${lib.optionalString (!builtins.elem (hostConfig.c3d2.deployment.server or null) [ "server9" "server10" ]) ''
|
||||
|
@ -258,15 +254,21 @@ lib.attrsets.mapAttrs
|
|||
exit 2
|
||||
''}
|
||||
|
||||
nix build -L --no-link ${declaredRunnerDrvPath}^*
|
||||
${hostConfig.system.build.copyToServer} ${declaredRunnerOutPath}
|
||||
${hostConfig.system.build.copyToServer} ${declaredRunnerDrvPath}
|
||||
|
||||
${hostConfig.system.build.runOnServer} bash -e <<END
|
||||
set -eou pipefail
|
||||
hostname=\$(cat /etc/hostname)
|
||||
if [[ "\$hostname" != ${name} ]]; then
|
||||
echo "hostname of ${target} was expected to be ${name} but is \$hostname. Aborting to be safe..."
|
||||
exit 2
|
||||
fi
|
||||
|
||||
${createDirsCopyCurrent name}
|
||||
ln -sfT ${declaredRunnerOutPath} current
|
||||
|
||||
ln -sfT ${hostConfig.microvm.declaredRunner} current
|
||||
echo '${selfRef}' > flake
|
||||
|
||||
${createSymlinks name}
|
||||
|
||||
systemctl restart microvm@${name}.service
|
||||
|
|
|
@ -1,16 +1,27 @@
|
|||
{
|
||||
# Please use ed25519 keys!
|
||||
|
||||
antrares = [
|
||||
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDC6Io8mHskJhkUh+vaSo95pi1E/gAoesQ0v+s+7DCTgjpOkB+W6vdJ8U6rblFxrETaWFAIVfkg+I/ZYvNWqCAxu1iWXaZ3IEK2ZiP5Vg0HevAP0ratfIHw50V8wfsyA8/lLVGdpX76xqexdY3G1SYZUcedq6AqWx6FpyoKGVOL2+jlJhmxCoEYfOJe6HbTi02UtAw1qavaD2acvuLksHOiwRAq1+ijPo/OmU3LmaErheceiPC97Wn4H/a98HdnWXJ3AXZCpPzp784/gUxOd/fvKRQPv0Lza9dytmpkAVc9efLMAQZm60w9InpIY0VxJRu2iFDc6msMF/iJp1UXSJfk4hTxUvXL8rPXc4GYKDSQlWO4UXoKd2gZEmCdcsIN/re6VR1lJWcm4eKxI9zJAQRZDrYHZP3ALBJrBY+7pJUHGSB+jCdZ73zkvkiNWUHZ9Wwp4RvdFoCR9qT+AoDU2SMiBMn8/hNMZRUs6RKjUzzn2vhCbZh19QIDxivaFg3DOKq7CCI3XNR3M781MFdmeTXKBLnv2YEVXy5XDIMvucQaZIUoD14fSF2wnncuP9h0gs2H1zG7nQfMagGpE+ro56FO3rBQqfRzz/U528yuq8uf/6TD9u3jTu7ngZ0YpDvAwAh8yG3b2KGFbrcYc3N1zEQOz7IqKixmIt/f3VOOjQ3Yww== antrares@c3d2.de"
|
||||
];
|
||||
astro = [
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGJJTSJdpDh82486uPiMhhyhnci4tScp5uUe7156MBC8 astro"
|
||||
];
|
||||
dennis = [
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJYHv/LMo8N6iM3zFvOKrF7ZLp3eAG/cOED0yDzrvgkd openpgp:0x74CCE9B8"
|
||||
];
|
||||
emery = [
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICgL2kRs+cXAcUzOO2Tp+mtMBVuHqMuslQy3LN+HLSP4 emery"
|
||||
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCqAXBEROEfldkHdUbF3TinBhfeX5l4DQ/5MAOhLh09avqCqcHY2FanZN+qmWpD695UZ71Cl+XF6Bj0KO7Rt4SAemvkEDPMBoidkt+ZjLsdnb8GVvbDhu/62JnqW9meYTN5GcjfmKMPDtKFbgSx9PPcjsDaO6LI/GWeyTz+EYQqwTdc7TKffjLXp6bREYLf0oKIBTvW9/oPCBI7ywYmyBaadFKrYSnujJbMejH91L+JN2fJoxjjhsGcRR78ottbjz4q6JxYjt9CG5oa7Lm60xdZkiiA3c4dMuHU9+EWGshjBKL1Fb9BafeAKhHobcs7UG8IVlqHRJC5VAGQlmus/fNagAArz9PnGW4MAOgg+yLjQJLLKqePBMsAsMHZ9XT+sqPyJfcai5dWynGXFP1B63C/oosVMkeZAlBIwDz/CmufpKBCJZXCfFoC3PotWsH/JT3ir/RSdtVHQ169CEgm+AUd7gjBuRwn6j2eBHcYkn0nCbQ93KLPlnYCLXzjByGved8= emery@fuji"
|
||||
];
|
||||
eri = [
|
||||
# TODO: use a RSA4096 or ed25519 key
|
||||
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCqnwexxYY4LG043c53KetolvV06Wz9nnEi8dO2Du3DSMmvKs6+eTqmj83oEyVJkZxGXPsfdx1s3TLc01Opx0n5USCozUXHaaxUK7vrDPGJoz+Uc4f2OszFdKZSeLzEl0Vq6aWOkCKS6539mfbPx5oErT1Nt98GCOWi17cd3CTFA2m83oY5gFiaej3r/jfn5laCZ/NSqlZ9akzE54SXQl0p3/4L1C/QKockRscV8/4iD2+jqdPqaMI0DYKozNtsym5En3n9qt5a0RqGPENBXA1H5ie0ZE5/FXaqiXAY7YJMznnXbv4N8zQP2cFiPhqUNej+lU4RSHRLGaGkfLgYwn2z eri"
|
||||
];
|
||||
j03 = [
|
||||
# TODO: use a RSA4096 or ed25519 key
|
||||
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDW+YfsFtRz1h/0ubcKU+LyGfxH505yUkbWa5VtRFNWF2fjTAYGj6o5M4dt+fv1h370HXvvOBtt8sIlWQgMsD10+9mvjdXWhTcpnYPx4yWuyEERE1/1BhItrog6XJKAedbCDpQQ+POoewouiHWVAUfFByPj5RXuE8zKUeIEkGev/QKrKTLnTcS8zFs/yrokf1qYYR571B3U8IPDjpV/Y1GieG3MSNaefIMCwAAup1gPkUA0XZ4A1L7NdEiUEHlceKVu9eYiWUM+wDRunBXnLHubeGyP8KmBA7PNKgml3WWRNTZjqNQk4u9Bl+Qea5eCkD8KI257EqgXYXy0QBWNyF8X j03@l302"
|
||||
];
|
||||
laalsaas = [
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEhcrBEpbCOM4KTVqjvuEOAcKOPScQ7U4TsNJzzrQW/k laalsaas"
|
||||
];
|
||||
marenz = [
|
||||
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDixJ6x0QnSk/ebIJ9zlsRM5olZbqrxDaIt0QQmZOuAbbz441SVW+/0/7ks80GMIMxzUy5YpNvrkY+6q/dZVvNybZLm/csdoFB2soOI/F1NUOppM+r2f33db/5ae3iaun/xBOW/D5lQTbm6IfrYjN9z3gW6tTYFPauZyctizZz5P1egwtCrAnMti8aBE3G+lGXVIVbjsjYruqgSN86WM0YM9HH9XB8Kd/TDCI/j9prXFkoj9EuzOQtIDNRA4Asmi08ZmoVKqadbuZAXoYEngPe2nigiiBoV/5fyyWIJSliWPZ8YDXk8X6pRJaOgZyc6mmot0/BLJo+DkhoUDA7wp3wr cardno:000609614306 - marenz"
|
||||
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC6edpEvI6/0IBBolm3fX67U7UhA42hBVXPcN2hrTe9DiaRTMC1EnsgHSLYAuV1Ltu9gkDxHZ4aTpa69La7C7I0WPAhzXWAE1BNl2/93CETAcZoum2IYl9CZNGFG5D2Uxd8lnyZH9WtgN5WYLaKm/xFSVclYwbnYtTjI2T9mYmrrDf4bwvvjg6p6KBQUgaotwC+qyADGTJjfSiIsYU8cJhA4XROudmiKa6LAlw0VrkgQoITRYoWvmrdHMgzeCJa5UvKGxyGRqGcPB7wVFQpv2uxJVtCjb5Uhk8ZHzbc/rANBXwCgMr9tmyKDsO9imtcucQXZT7O06mkD5OYCVSdtVsx cardno:000610670724 - marenz"
|
||||
|
|
Loading…
Reference in New Issue