new tlms release
This commit is contained in:
commit
e2281f8b41
|
@ -28,7 +28,7 @@ keys:
|
|||
# aachen
|
||||
- &traffic-stop-box-7 age1z5n0seu0qpt3y86gmz92mnmts0x8jd0a646e9ld2x5dqvvu5kgzsu93um4
|
||||
# C3H
|
||||
- &traffic-stop-box-8 age1cchq3tzcl2jnvq4pc9y8yusak9a2552fnrhhll4q22agm8ncycuqesj3rg
|
||||
- &traffic-stop-box-8 age1x0j3jpeqw3c5qd7wgqavfg3quse6phxdzze62zj8zl8ds9y46p3qecwgxm
|
||||
# dumpdvb_bugdorf
|
||||
- &traffic-stop-box-9 age1ger9j5fk5v7hcnnl688g9rcnt9uu7c6605ptgcl338l6xl3u9q8s5p7kys
|
||||
# CLT
|
||||
|
|
72
flake.lock
72
flake.lock
|
@ -203,11 +203,11 @@
|
|||
"documentation-src": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
"lastModified": 1669248915,
|
||||
"narHash": "sha256-+pJzcS8jraCdvXwbxjMCdVqK2kyXih+61gaCCPX+txg=",
|
||||
"lastModified": 1693223762,
|
||||
"narHash": "sha256-ZZNR/zzAhfUcWPvJdoaVaz19XV+4hleJI4AF6JY2tqc=",
|
||||
"owner": "tlm-solutions",
|
||||
"repo": "documentation",
|
||||
"rev": "c65ea26a7720e90fb54fc31fba5d0c048bd404be",
|
||||
"rev": "22b1328f19a5201a47b8b82c4fb3c7db7c1ded47",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -348,11 +348,11 @@
|
|||
"systems": "systems_3"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1692799911,
|
||||
"narHash": "sha256-3eihraek4qL744EvQXsK1Ha6C3CR7nnT8X2qWap4RNk=",
|
||||
"lastModified": 1694529238,
|
||||
"narHash": "sha256-zsNZZGTGnMOf9YpHKJqMSsa0dXbfmxeoJ7xHlrt+xmY=",
|
||||
"owner": "numtide",
|
||||
"repo": "flake-utils",
|
||||
"rev": "f9e7cf818399d17d347f847525c5a5a8032e4e44",
|
||||
"rev": "ff7b65b44d01cf9ba6a71320833626af21126384",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -425,29 +425,6 @@
|
|||
"type": "github"
|
||||
}
|
||||
},
|
||||
"kindergarten": {
|
||||
"inputs": {
|
||||
"nixpkgs": [
|
||||
"nixpkgs"
|
||||
],
|
||||
"utils": [
|
||||
"flake-utils"
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1683915762,
|
||||
"narHash": "sha256-FNiZ2qRgkcqFVhNSREL7Y+PDat5R5EqVPqaJmnfIl1w=",
|
||||
"owner": "tlm-solutions",
|
||||
"repo": "kindergarten",
|
||||
"rev": "e9beec3024175db0a9526026e0d8b9f57e865d13",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "tlm-solutions",
|
||||
"repo": "kindergarten",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"lizard": {
|
||||
"inputs": {
|
||||
"crane": "crane_3",
|
||||
|
@ -482,11 +459,11 @@
|
|||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1692274616,
|
||||
"narHash": "sha256-UttCk5/sl0lLrBVO9kpmtDlFXcI2UkyOaSp7+grLRRE=",
|
||||
"lastModified": 1694526290,
|
||||
"narHash": "sha256-HiWr+tfJE/hcn8atRC0S5KweSUknQLEduPLTEiSr5J8=",
|
||||
"owner": "astro",
|
||||
"repo": "microvm.nix",
|
||||
"rev": "a291d324915f26d1fd86443bd486089099e8b541",
|
||||
"rev": "03e7f11cf915a911277c2cdea5d7da9717597aa2",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -544,11 +521,11 @@
|
|||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1692351612,
|
||||
"narHash": "sha256-KTGonidcdaLadRnv9KFgwSMh1ZbXoR/OBmPjeNMhFwU=",
|
||||
"lastModified": 1694081375,
|
||||
"narHash": "sha256-vzJXOUnmkMCm3xw8yfPP5m8kypQ3BhAIRe4RRCWpzy8=",
|
||||
"owner": "nix-community",
|
||||
"repo": "naersk",
|
||||
"rev": "78789c30d64dea2396c9da516bbcc8db3a475207",
|
||||
"rev": "3f976d822b7b37fc6fb8e6f157c2dd05e7e94e89",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -575,11 +552,11 @@
|
|||
},
|
||||
"nixpkgs-stable": {
|
||||
"locked": {
|
||||
"lastModified": 1693097136,
|
||||
"narHash": "sha256-fBZSMdBaoZ0INFbyZ5s0DOF7zDNcLsLxgkwdDh3l9Pc=",
|
||||
"lastModified": 1693675694,
|
||||
"narHash": "sha256-2pIOyQwGyy2FtFAUIb8YeKVmOCcPOTVphbAvmshudLE=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "9117c4e9dc117a6cd0319cca40f2349ed333669d",
|
||||
"rev": "5601118d39ca9105f8e7b39d4c221d3388c0419d",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -639,11 +616,11 @@
|
|||
},
|
||||
"nixpkgs_5": {
|
||||
"locked": {
|
||||
"lastModified": 1693341273,
|
||||
"narHash": "sha256-wrsPjsIx2767909MPGhSIOmkpGELM9eufqLQOPxmZQg=",
|
||||
"lastModified": 1694753796,
|
||||
"narHash": "sha256-QPE7dqcicQH/nq9aywVXJWWtci4FvxHaM+BSIEbGBvA=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "2ab91c8d65c00fd22a441c69bbf1bc9b420d5ea1",
|
||||
"rev": "360a7d31c30abefdc490d203f80e3221b7a24af2",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -664,7 +641,6 @@
|
|||
"flake-utils": "flake-utils",
|
||||
"funnel": "funnel",
|
||||
"gnuradio-decoder": "gnuradio-decoder",
|
||||
"kindergarten": "kindergarten",
|
||||
"lizard": "lizard",
|
||||
"microvm": "microvm",
|
||||
"naersk": "naersk_3",
|
||||
|
@ -832,11 +808,11 @@
|
|||
"nixpkgs-stable": "nixpkgs-stable"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1693404499,
|
||||
"narHash": "sha256-cx/7yvM/AP+o/3wPJmA9W9F+WHemJk5t+Xcr+Qwkqhg=",
|
||||
"lastModified": 1694495315,
|
||||
"narHash": "sha256-sZEYXs9T1NVHZSSbMqBEtEm2PGa7dEDcx0ttQkArORc=",
|
||||
"owner": "Mic92",
|
||||
"repo": "sops-nix",
|
||||
"rev": "d9c5dc41c4b1f74c77f0dbffd0f3a4ebde447b7a",
|
||||
"rev": "ea208e55f8742fdcc0986b256bdfa8986f5e4415",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -989,11 +965,11 @@
|
|||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1684521319,
|
||||
"narHash": "sha256-1XL1NOOXTv9sxTrpM2XJ8/JggirMhDITnQahohJmxxg=",
|
||||
"lastModified": 1689950204,
|
||||
"narHash": "sha256-L75e2u2AXmnYXHHE9f8JruhuMcR7sSXN/xOkaNaJDp4=",
|
||||
"owner": "tlm-solutions",
|
||||
"repo": "trekkie",
|
||||
"rev": "248c71c8c46fce31805b0b673189d59f632b9268",
|
||||
"rev": "0a6308a6594d99dbd8b58a1f78dc6ddc78b87d98",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
|
28
flake.nix
28
flake.nix
|
@ -43,12 +43,6 @@
|
|||
url = "github:tlm-solutions/datacare";
|
||||
};
|
||||
|
||||
kindergarten = {
|
||||
url = "github:tlm-solutions/kindergarten";
|
||||
inputs.nixpkgs.follows = "nixpkgs";
|
||||
inputs.utils.follows = "flake-utils";
|
||||
};
|
||||
|
||||
telegram-decoder = {
|
||||
url = "github:tlm-solutions/telegram-decoder";
|
||||
inputs = {
|
||||
|
@ -112,7 +106,6 @@
|
|||
, documentation-src
|
||||
, funnel
|
||||
, gnuradio-decoder
|
||||
, kindergarten
|
||||
, microvm
|
||||
, nixpkgs
|
||||
, sops-nix
|
||||
|
@ -142,7 +135,6 @@
|
|||
{
|
||||
nixpkgs.overlays = [
|
||||
datacare.overlays.default
|
||||
kindergarten.overlays.default
|
||||
trekkie.overlays.default
|
||||
lizard.overlays.default
|
||||
bureaucrat.overlays.default
|
||||
|
@ -215,12 +207,6 @@
|
|||
arch = "x86_64-linux";
|
||||
monitoring = true;
|
||||
}
|
||||
# {
|
||||
# # Chemnitz
|
||||
# id = 2;
|
||||
# arch = "x86_64-linux";
|
||||
# monitoring = false;
|
||||
# }
|
||||
{
|
||||
# Wundstr. 9
|
||||
id = 4;
|
||||
|
@ -228,10 +214,9 @@
|
|||
monitoring = true;
|
||||
}
|
||||
{
|
||||
# Warpzone
|
||||
id = 6;
|
||||
arch = "x86_64-linux";
|
||||
monitoring = true;
|
||||
id = 8;
|
||||
arch ="aarch64-linux";
|
||||
monitoring = false;
|
||||
}
|
||||
];
|
||||
|
||||
|
@ -249,7 +234,7 @@
|
|||
}).optionsCommonMark;
|
||||
};
|
||||
}
|
||||
// (import ./pkgs/deployment.nix { inherit self pkgs lib;})
|
||||
// (import ./pkgs/deployment.nix { inherit self pkgs lib; })
|
||||
// (lib.foldl (x: y: lib.mergeAttrs x { "${y.config.system.name}-vm" = y.config.system.build.vm; }) { } (lib.attrValues self.nixosConfigurations));
|
||||
|
||||
in
|
||||
|
@ -319,6 +304,7 @@
|
|||
|
||||
./modules/TLMS
|
||||
./hosts/uranus
|
||||
{ deployment-TLMS.monitoring.enable = true; }
|
||||
];
|
||||
};
|
||||
|
||||
|
@ -328,12 +314,10 @@
|
|||
program = "${self.packages."x86_64-linux".test-vm-wrapper}";
|
||||
};
|
||||
|
||||
nixosModules."x86_64-linux".watch-me-senpai = import ./modules/watch-me-senpai;
|
||||
|
||||
hydraJobs =
|
||||
let
|
||||
get-toplevel = (host: nixSystem: nixSystem.config.microvm.declaredRunner or nixSystem.config.system.build.toplevel);
|
||||
in
|
||||
nixpkgs.lib.mapAttrs get-toplevel self.nixosConfigurations;
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
{ config, lib, ... }:
|
||||
{ config, lib, pkgs, ... }:
|
||||
|
||||
{
|
||||
# The global useDHCP flag is deprecated, therefore explicitly set to false here.
|
||||
|
@ -30,6 +30,8 @@
|
|||
boot.initrd.availableKernelModules = [ "xhci_pci" "usbhid" "usb_storage" "sd_mod" "sdhci_pci" "sdhci_acpi" ];
|
||||
boot.initrd.kernelModules = [ ];
|
||||
boot.extraModulePackages = [ ];
|
||||
# some whoopsie in kernel 6.1.x maybe?
|
||||
boot.kernelPackages = pkgs.linuxKernel.packages.linux_5_15;
|
||||
|
||||
swapDevices = [ ];
|
||||
fileSystems."/" =
|
||||
|
|
|
@ -20,7 +20,7 @@ in
|
|||
port = 9501;
|
||||
listenAddress = config.deployment-TLMS.net.wg.addr4;
|
||||
globalConfig = {
|
||||
scrape_interval = "17s";
|
||||
scrape_interval = "131s";
|
||||
};
|
||||
scrapeConfigs =
|
||||
let
|
||||
|
@ -62,9 +62,27 @@ in
|
|||
|
||||
TLMSScrapeConfigs = lib.lists.flatten (map lib.attrValues (lib.attrValues ScrapeConfigByHost));
|
||||
in
|
||||
TLMSScrapeConfigs;
|
||||
TLMSScrapeConfigs ++ [
|
||||
{
|
||||
job_name = "funnel-connections-prod";
|
||||
static_configs = [{
|
||||
targets = [ "10.13.37.1:9010" ];
|
||||
}];
|
||||
}
|
||||
{
|
||||
job_name = "funnel-connections-staging";
|
||||
static_configs = [{
|
||||
targets = [ "10.13.37.5:9010" ];
|
||||
}];
|
||||
}
|
||||
{
|
||||
job_name = "funnel-connections-borken";
|
||||
static_configs = [{
|
||||
targets = [ "10.13.37.7:9010" ];
|
||||
}];
|
||||
}
|
||||
];
|
||||
};
|
||||
|
||||
# log collector
|
||||
loki = {
|
||||
enable = true;
|
||||
|
@ -124,12 +142,15 @@ in
|
|||
};
|
||||
|
||||
table_manager = {
|
||||
retention_deletes_enabled = false;
|
||||
retention_period = "0s";
|
||||
retention_deletes_enabled = true;
|
||||
retention_period = "720h";
|
||||
};
|
||||
|
||||
compactor = {
|
||||
working_directory = "/var/lib/loki";
|
||||
compaction_interval = "10m";
|
||||
retention_enabled = true;
|
||||
retention_delete_delay = "1m";
|
||||
shared_store = "filesystem";
|
||||
compactor_ring = {
|
||||
kvstore = {
|
||||
|
|
|
@ -1,6 +1,14 @@
|
|||
{ pkgs, packages, bind-ip ? "0.0.0.0", bind-port ? 8080, ... }:
|
||||
{ pkgs
|
||||
, lib
|
||||
, packages
|
||||
, jupyterUsers
|
||||
, jupyterAdminGroup ? "uranus-owner"
|
||||
, bind-ip ? "0.0.0.0"
|
||||
, bind-port ? 8080
|
||||
, ...
|
||||
}:
|
||||
let
|
||||
miniconda-alpine-dockerhub = pkgs.dockerTools.pullImage {
|
||||
miniconda-dockerhub = pkgs.dockerTools.pullImage {
|
||||
imageName = "continuumio/miniconda3";
|
||||
imageDigest = "sha256:a4b665d2075d9bf4b2c5aa896c059439a0baa5538ca67589a673121c31b4c35d";
|
||||
sha256 = "sha256-boIAZ8PaPckWLzYYTqrqMEL7HGbyl9grCJrXOpsBMhg=";
|
||||
|
@ -12,20 +20,69 @@ in
|
|||
pkgs.dockerTools.buildImage {
|
||||
name = "stateful-jupyterlab";
|
||||
tag = "latest";
|
||||
fromImage = miniconda-alpine-dockerhub;
|
||||
fromImage = miniconda-dockerhub;
|
||||
runAsRoot =
|
||||
let
|
||||
entrypoint = pkgs.writeScriptBin "entrypoint.sh" ''
|
||||
#!/bin/bash
|
||||
conda install -c conda-forge ${packages} \
|
||||
jupyterlab
|
||||
cont-interpreter = "/bin/bash";
|
||||
useradd-string = (user: is-admin: ''
|
||||
set +x # don't leak the hashed password
|
||||
echo "creating user ${user}"
|
||||
useradd \
|
||||
-m \
|
||||
${if is-admin then "-g ${jupyterAdminGroup}" else ""} \
|
||||
-p $(cat /pw/hashed-password-${user}) \
|
||||
${user} \
|
||||
&& chown -R ${user}:${jupyterAdminGroup} /home/${user} \
|
||||
&& ln --force -s /workdir /home/${user}/shared-workdir
|
||||
set -x
|
||||
'');
|
||||
|
||||
jupyter-lab --ip=${bind-ip} --port=${toString bind-port} --no-browser --allow-root
|
||||
create-all-users-script = (lib.strings.concatStringsSep "\n" (builtins.map (u: (useradd-string u.username u.isAdmin)) jupyterUsers));
|
||||
jupyterhub-config = pkgs.writeText "jupyterhub-config.py" ''
|
||||
c = get_config()
|
||||
|
||||
c.PAMAuthenticator.admin_groups = {'${jupyterAdminGroup}'}
|
||||
|
||||
c.Spawner.notebook_dir='/workdir'
|
||||
c.Spawner.default_url='/lab'
|
||||
'';
|
||||
|
||||
entrypoint = pkgs.writeScriptBin "entrypoint.sh" ''
|
||||
#!${cont-interpreter}
|
||||
set -ex
|
||||
|
||||
# Update the System
|
||||
apt update -y
|
||||
apt dist-upgrade -y
|
||||
|
||||
# create jupyter group
|
||||
groupadd ${jupyterAdminGroup}
|
||||
chown -R root:${jupyterAdminGroup} /workdir
|
||||
chmod -R g+rwx /workdir
|
||||
|
||||
# create all the users
|
||||
${create-all-users-script}
|
||||
|
||||
# install the python environ
|
||||
conda install -c conda-forge mamba
|
||||
|
||||
mamba install -c conda-forge ${packages} \
|
||||
jupyterlab \
|
||||
jupyterhub
|
||||
|
||||
|
||||
# off to the races
|
||||
jupyterhub --ip=${bind-ip} --port=${toString bind-port} -f /jupyterhub-config.py
|
||||
'';
|
||||
in
|
||||
''
|
||||
#!${pkgs.runtimeShell}
|
||||
mkdir -p /workdir
|
||||
|
||||
# make temp store for pw hashes
|
||||
mkdir -p /pw
|
||||
|
||||
cp ${jupyterhub-config} /jupyterhub-config.py
|
||||
cp ${entrypoint}/bin/entrypoint.sh /entrypoint.sh
|
||||
'';
|
||||
config = {
|
||||
|
|
|
@ -1,5 +1,33 @@
|
|||
{ pkgs, lib, ... }:
|
||||
{ pkgs, config, lib, ... }:
|
||||
let
|
||||
jupyterUsers = [
|
||||
{
|
||||
username = "0xa";
|
||||
userPasswordFile = config.sops.secrets.hashed-password-0xa.path;
|
||||
isAdmin = true;
|
||||
}
|
||||
{
|
||||
username = "tassilo";
|
||||
userPasswordFile = config.sops.secrets.hashed-password-tassilo.path;
|
||||
isAdmin = true;
|
||||
}
|
||||
{
|
||||
username = "marenz";
|
||||
userPasswordFile = config.sops.secrets.hashed-password-marenz.path;
|
||||
isAdmin = true;
|
||||
}
|
||||
];
|
||||
|
||||
# move the secrets to the volume
|
||||
secret-setup = (lib.strings.concatStringsSep "\n" (builtins.map (u: "cp --force --dereference ${u.userPasswordFile} /var/lib/pw/") jupyterUsers));
|
||||
in
|
||||
{
|
||||
sops.secrets = {
|
||||
hashed-password-0xa = { };
|
||||
hashed-password-tassilo = { };
|
||||
hashed-password-marenz = { };
|
||||
};
|
||||
|
||||
virtualisation.docker = {
|
||||
enable = true;
|
||||
# magic from marenz to make it work on ceph
|
||||
|
@ -18,10 +46,12 @@
|
|||
volumes = [
|
||||
"/var/lib/jupyter-volume:/workdir"
|
||||
"/var/lib/root-home:/root"
|
||||
"/var/lib/pw:/pw"
|
||||
"/var/lib/users-home:/home"
|
||||
];
|
||||
imageFile =
|
||||
let
|
||||
package-string = lib.concatStringsSep " " [
|
||||
packages = lib.concatStringsSep " " [
|
||||
# alphabetically `:sort`ed plz
|
||||
"geojson"
|
||||
"matplotlib"
|
||||
|
@ -31,14 +61,30 @@
|
|||
"psycopg"
|
||||
"scipy"
|
||||
"seaborn"
|
||||
"bitstring"
|
||||
];
|
||||
in
|
||||
(import ./jupyter-container.nix {
|
||||
inherit pkgs;
|
||||
packages = package-string;
|
||||
inherit pkgs lib jupyterUsers packages;
|
||||
});
|
||||
image = "stateful-jupyterlab";
|
||||
};
|
||||
};
|
||||
|
||||
systemd.services = {
|
||||
setup-docker-pws = {
|
||||
description = "copy the user passwords to docker volume";
|
||||
wantedBy = [ "jupyterlab-stateful.service" ];
|
||||
serviceConfig = {
|
||||
Type = "oneshot";
|
||||
RemainAfterExit = true;
|
||||
};
|
||||
script = secret-setup;
|
||||
};
|
||||
docker-jupyterlab-stateful = {
|
||||
after = [ "setup-docker-pws.service" ];
|
||||
requires = [ "setup-docker-pws.service" ];
|
||||
};
|
||||
};
|
||||
|
||||
}
|
||||
|
|
|
@ -1,2 +1,2 @@
|
|||
# The plan is to try out how broken the stateless jupyter lab in nixos
|
||||
{}
|
||||
{ }
|
||||
|
|
|
@ -1,9 +1,11 @@
|
|||
{ config, ... }:
|
||||
{
|
||||
let
|
||||
service_number = 3;
|
||||
in {
|
||||
TLMS.chemo = {
|
||||
enable = true;
|
||||
host = "127.0.0.1";
|
||||
port = 50053;
|
||||
port = 50050 + service_number;
|
||||
database = {
|
||||
host = "127.0.0.1";
|
||||
port = config.services.postgresql.port;
|
||||
|
|
|
@ -13,7 +13,7 @@
|
|||
enableACME = true;
|
||||
forceSSL = true;
|
||||
locations."~ ^/(de|en)" = {
|
||||
root = if (config.deployment-TLMS.domain == "tlm.solutions") then "${pkgs.kindergarten}/bin/" else "${pkgs.kindergarten-staging}/bin/";
|
||||
root = "/var/lib/kindergarten/";
|
||||
# index = "index.html";
|
||||
tryFiles = "$uri /$1/index.html =404";
|
||||
extraConfig = ''
|
||||
|
|
|
@ -1,21 +1,21 @@
|
|||
{ config, ... }:
|
||||
let
|
||||
serice_number = 2;
|
||||
service_number = 2;
|
||||
in
|
||||
{
|
||||
TLMS.funnel = {
|
||||
enable = true;
|
||||
GRPC = {
|
||||
host = "127.0.0.1";
|
||||
port = 50050 + serice_number;
|
||||
port = 50050 + service_number;
|
||||
};
|
||||
defaultWebsocket = {
|
||||
host = "127.0.0.1";
|
||||
port = 9000 + serice_number;
|
||||
port = 9000 + service_number;
|
||||
};
|
||||
metrics = {
|
||||
port = 9010;
|
||||
host = "0.0.0.0";
|
||||
port = 10010 + service_number ;
|
||||
host = config.deployment-TLMS.net.wg.addr4;
|
||||
};
|
||||
};
|
||||
services = {
|
||||
|
|
|
@ -1,10 +1,13 @@
|
|||
{ config, ... }:
|
||||
{ pkgs, config, self, ... }:
|
||||
|
||||
{
|
||||
boot.tmp.useTmpfs = true;
|
||||
|
||||
networking.hostName = "traffic-stop-box-${toString config.deployment-TLMS.systemNumber}"; # Define your hostname.
|
||||
|
||||
# reboot 60 seconds after kernel panic
|
||||
boot.kernel.sysctl."kernel.panic" = 60;
|
||||
|
||||
# Set your time zone.
|
||||
time.timeZone = "Europe/Berlin";
|
||||
|
||||
|
@ -16,12 +19,5 @@
|
|||
};
|
||||
};
|
||||
|
||||
# This value determines the NixOS release from which the default
|
||||
# settings for stateful data, like file locations and database versions
|
||||
# on your system were taken. It‘s perfectly fine and recommended to leave
|
||||
# this value at the release version of the first install of this system.
|
||||
# Before changing this value read the documentation for this option
|
||||
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
|
||||
system.stateVersion = "21.11"; # Did you read the comment?
|
||||
|
||||
}
|
||||
|
|
|
@ -1,4 +1,8 @@
|
|||
{ self, pkgs, lib }:
|
||||
|
||||
# This generates deployement scripts **ONLY** for non-microvm (e.g. bare-metal
|
||||
# or conventional vm) hosts
|
||||
|
||||
let
|
||||
# filter out deployable (aka not microvm or container) systems
|
||||
filterHosts = k: v: !(builtins.hasAttr "microvm" v.config);
|
||||
|
@ -27,17 +31,88 @@ let
|
|||
fi
|
||||
''));
|
||||
|
||||
# garbage collect everything
|
||||
garbageCollect = (system:
|
||||
let
|
||||
ip = system.config.deployment-TLMS.net.wg.addr4;
|
||||
host = system.config.networking.hostName;
|
||||
in
|
||||
(pkgs.writeScriptBin "deploy" ''
|
||||
#!${pkgs.runtimeShell}
|
||||
set -e
|
||||
|
||||
echo -e "\033[0;33mChecking if ${host} is up (ip: ${ip})\033[0m"
|
||||
|
||||
if ping -c 1 ${ip} > /dev/null
|
||||
then
|
||||
echo -e "\033[0;32mCollecting garbage on ${host} with \"nix-collect-garbage -d\"\033[0m"
|
||||
ssh root@${ip} -- nix-collect-garbage -d
|
||||
else
|
||||
echo -e "\033[0;31m${ip} seems to be down!\033[0m"
|
||||
exit 1
|
||||
fi
|
||||
''));
|
||||
|
||||
# reboot everything
|
||||
reboot = (system:
|
||||
let
|
||||
ip = system.config.deployment-TLMS.net.wg.addr4;
|
||||
host = system.config.networking.hostName;
|
||||
in
|
||||
(pkgs.writeScriptBin "deploy" ''
|
||||
#!${pkgs.runtimeShell}
|
||||
set -e
|
||||
|
||||
echo -e "\033[0;33mChecking if ${host} is up (ip: ${ip})\033[0m"
|
||||
|
||||
if ping -c 1 ${ip} > /dev/null
|
||||
then
|
||||
echo -e "\033[0;32mRebooting ${host}\033[0m"
|
||||
ssh root@${ip} -- shutdown -r 1
|
||||
echo -e "\033[0;31m${host} IS SCHEDULED FOR REBOOT IN 1 MINUTE\033[0m"
|
||||
else
|
||||
echo -e "\033[0;31m${ip} seems to be down!\033[0m"
|
||||
exit 1
|
||||
fi
|
||||
''));
|
||||
|
||||
# individual script generation
|
||||
deployScriptWriter = (command:
|
||||
pkgs.lib.mapAttrs'
|
||||
lib.mapAttrs'
|
||||
(name: system:
|
||||
lib.nameValuePair ("rebuild-" + command + "-" + name) (deployScriptTemplate system command))
|
||||
nonVmHosts);
|
||||
|
||||
supported_commands = [
|
||||
"switch"
|
||||
"boot"
|
||||
];
|
||||
switchInstallScripts = deployScriptWriter "switch";
|
||||
bootInstallScripts = deployScriptWriter "boot";
|
||||
installScripts = bootInstallScripts // switchInstallScripts;
|
||||
|
||||
garbageCollectScripts = lib.mapAttrs' (name: system: lib.nameValuePair ("collect-garbage-" + name) (garbageCollect system)) nonVmHosts;
|
||||
|
||||
rebootScripts = lib.mapAttrs' (name: system: lib.nameValuePair ("reboot-" + name) (reboot system)) nonVmHosts;
|
||||
|
||||
## all at once
|
||||
switchAll = lib.strings.concatMapStringsSep "\n" (path: "${path}/bin/deploy") (builtins.attrValues switchInstallScripts);
|
||||
bootAll = lib.strings.concatMapStringsSep "\n" (path: "${path}/bin/deploy") (builtins.attrValues bootInstallScripts);
|
||||
rebootAll = lib.strings.concatMapStringsSep "\n" (path: "${path}/bin/deploy") (builtins.attrValues rebootScripts);
|
||||
garbageAll = lib.strings.concatMapStringsSep "\n" (path: "${path}/bin/deploy") (builtins.attrValues garbageCollectScripts);
|
||||
|
||||
nukeAll = lib.mapAttrs'
|
||||
(name: scripts: lib.nameValuePair (name) (pkgs.writeScriptBin "${name}" ''
|
||||
#!${pkgs.runtimeShell}
|
||||
set -x
|
||||
|
||||
${scripts}
|
||||
''))
|
||||
{
|
||||
rebuild-boot-all = bootAll;
|
||||
rebuild-switch-all = switchAll;
|
||||
reboot-all = rebootAll;
|
||||
garbage-collect-all = garbageAll;
|
||||
};
|
||||
|
||||
installScripts = lib.foldl (attr: cmd: lib.mergeAttrs attr (deployScriptWriter cmd)) { } supported_commands;
|
||||
in
|
||||
installScripts
|
||||
installScripts //
|
||||
garbageCollectScripts //
|
||||
rebootScripts //
|
||||
nukeAll
|
||||
|
|
|
@ -6,86 +6,86 @@ sops:
|
|||
azure_kv: []
|
||||
hc_vault: []
|
||||
age:
|
||||
- recipient: age1cchq3tzcl2jnvq4pc9y8yusak9a2552fnrhhll4q22agm8ncycuqesj3rg
|
||||
- recipient: age1x0j3jpeqw3c5qd7wgqavfg3quse6phxdzze62zj8zl8ds9y46p3qecwgxm
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBSSmV4VFBpTlFaK0hNZDRh
|
||||
cy9tUFVPUmNoSlExRzN2NzZSam5vNjNYRm5BCmxQWGVOOWhnR2ZMMlQ3L3Vhc0xa
|
||||
N2VIVk4xSElJeXV1N3RzNTE1OGQ2bWcKLS0tIHFsQ0NDWHZUbUdrZHoya0J2YWk4
|
||||
N3VTSlhtVmxTeXgvNHBKSHp4eFBSdm8Kl78noQp3OomAmK1t9C3wE93DGQS24c8Y
|
||||
+P2Nqvm9hO/k6kYm+iT9dh2HIa16ntptOUW8wPUw4kSNgdlibssh7Q==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB5OERnSXdmNlF2SHVtQW8x
|
||||
ZG5LcEFzUHppdEJ3ejJyQW1YOWRKeCtob0JRCjRTeC9ZMk9OaXh5OUFLYVZhaGFY
|
||||
SXBQL003Rzl4VTRqSGdKWnVYZjAyc1EKLS0tIEFHZFQ2bzU1ZkxCMWxlZ2ZNbS8x
|
||||
UlMvdUhqWEFjWXh6RWxtK3gvMWYrR28KteyDX6snSaU4JRFfsd5yCYPvNPFH1MUV
|
||||
AO1PgiAY19z3cI8vlEobuNB0t+O7lZaiU5dWTUb+bIKyMRUTHOD2Sw==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2022-11-28T18:15:34Z"
|
||||
mac: ENC[AES256_GCM,data:DYYhTAdxOt7qwWNLsl2urAqAIez+359Z3r+ZMOcs6wuD6Q6OLuyV8E7zzWhpt+hrAcRICzkRSzVMRatHckKZz5/Ej7AkYeKUML3QfWJ2dQDhmijLayYXXXeH0HrZh4DqD8xOhIFVIWxNQtIRboUMvMkz0+ao7nvMqLGaRaqiIT8=,iv:S5zQE6YOTo+Tx65Z6q7xhb/niC0ZbxqWD6jji3Ody1A=,tag:n/MfLMBi1yeXeUY3riVYPA==,type:str]
|
||||
pgp:
|
||||
- created_at: "2022-11-28T20:39:35Z"
|
||||
- created_at: "2023-09-14T15:59:02Z"
|
||||
enc: |-
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
wcFMA7zUOKwzpAE7AQ//V9xaoQ9eEzy57iPTsNdjbNvE0eUkpMxqy2eZrkeYeNcG
|
||||
mqpvgjQ52vuV4gT01w093aHxorurQOb8htokZfJD7aC+FMw8vWV6HxLWE5FjXiQc
|
||||
OoJiHcIhE1U+STvVcynMut8Gz8bLIbD7ifX9TUT+RYNX63HRhwBjF7yrl+VXiwY7
|
||||
NeJNhgEWO90ajcbP4rbKq51TZZCS613eOsGrLtulry3WedKiV/UYxVXD4YT0ElXh
|
||||
34y3dvuh5pi7nEVyQHq58cHgPZcC82Jru90Y8G7Kq9EmARikmgJYRzsqpfhJCyge
|
||||
qaJtjQ+jUe+WjzfDKEJO4MGfxT/gmeaAs5hZX7r+15MPBfoEL/I+ELjWHDdC790f
|
||||
S0jLMWi87PSa9LGpgcOmbNIlbpyK5aK9JOoPx0rgtOnajq+wdstVj9qfLQmw7MFp
|
||||
1EtY+xY5AOYJPdsfPnKm4Rj1G0X1g1z35xo4lu+0Jbz0wPPhGBT+bzrWCO7EcxEw
|
||||
COIf4EHLx/mayKJkWW9ksIppdrdES616weLDu5JxiOsHm8D6D/il+N/zk5+k1AMK
|
||||
fzs/+jfTTrEWXPTTHLaGdvQs9TIud5KmV9C83rgy8N1VevAcGI5EvzNUqOXHNVLA
|
||||
DVY8xtnJb/ZSN547XMCsmRGQ1T02F7fUP0DQHCS1coCja3RAMiabcACFw00UoX7S
|
||||
UQFe8yaiVbhbiqBSGpp1t1tsX9z5szWeG17sO85r6Fmv61hzCYSdx7ZreGUZl+H+
|
||||
AX5yTZhQIbjpCY+lypiOcGsV4VDsxl0aAyTUhABUSGJBEw==
|
||||
=Ss0B
|
||||
wcFMA7zUOKwzpAE7ARAAhtspBDeP1NjkIVWgwaa/uIYg1ZeYymo6kFGuhQxn5ObB
|
||||
gxcl/sgvCjqc6vcHjjnG7Qf0/ZSyCohYZlcFzcA4Qo2/K0EaLunDTd4/mYOhBfLZ
|
||||
p1wnvayF7716DC9Dqxx5731rr5pdB/tPguKaKmccDRlA+ckboA5gjAI9QvnOJNV+
|
||||
RViP9tesLoD+muoiavh04wWACMl+1LAO7xZoFU4bFx1ElHvc7ZVaMFt6j87hDCHn
|
||||
CcmBBm9zPFrfMq+993YQJEc9aE1LGkqEijxyekqhDB0ASrdjv8i4onWvOdwFhyfY
|
||||
0dSC6wtkRHFVF5eBhdeLO5fXfa2FKbag4JQj1F2Ae7eixUzmbU3z3VUwKeUWd8Y9
|
||||
GLwkQeVRLkgMFyaSjliRByPj156n4YvocZLsodcdaZ4JRUp5oINj7Klx4vpFQVGF
|
||||
dpZ9aDThMyaDhxIFrCMf4fWgx5In/LPxRmbTprYqFYgzR85weF32XzsiUnjhDPXx
|
||||
zE63liCxXT6d4r1oSBlB9tCMse4vmbmFG1AjMuO2Kn/vRINDdpZTEwiyeId1TUQG
|
||||
RoYjte7JS85+jze/g3sH/CVKbxCBo8Q5hT1wwamNg91YF2L9+ahxgGnzFcvPcIL7
|
||||
uo9T5CRoi6fR/rGeANwinblz+TYXwhFBbpUlPlXhacQSUswPgCAmdV48Axk0D6nS
|
||||
UQGxzsjgNouXriVX4KeF7LYKdQY6d1l2vwxbNEQ6QTQtsKGKBt7wyfI8CQmfzTkp
|
||||
iPCRs15HSrUN2yRSKN2URndCWKUh2kXe9nVE2qw9RzlScQ==
|
||||
=MdNQ
|
||||
-----END PGP MESSAGE-----
|
||||
fp: DD0998E6CDF294537FC604F991FA5E5BF9AA901C
|
||||
- created_at: "2022-11-28T20:39:35Z"
|
||||
- created_at: "2023-09-14T15:59:02Z"
|
||||
enc: |
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
hQIMA/YLzOYaRIJJARAAsM9sI4zDmFok0TaeLfTuhPM8Lzf5bSfoy1jrqdag1bMo
|
||||
H1QOs9j+Md9GgGSUc92sy/3X0khmnCxjOhS0hpKuD2QbUkcpZ+hjaHno0e2QBjTd
|
||||
Pj+JqNZUkfLcOnU0VlODChj63p9Mh/ha5XNH+6wKMeF2fVuPU3UMB0DQdTj4iCYL
|
||||
bc43AxTkfMQg9qXr5eE95jaSF4SukhYmuPL/bhnaiYb03BF0bBDEDRenbnHz1T0B
|
||||
Z/b2+62ppv44QCYp3Rqv47gnJH8bjtnLy04BRfrqv9oEXAk8fBarF6IkvnkCcSha
|
||||
9j2OnBfsgSWn7Fx8BN/IfMF3Z45qtP8iRjUBwMKFejujtf96EaaCOMtKvVhqBFuZ
|
||||
BX7biPuT+Vx/qzN5k8YOCzfq8Jgf9EtRUZ006DaKOz+5Q4ObsuF7FnxnwdMmG2ci
|
||||
dlME/V7ByULLxl+vs6zzBd29JXZkxRd4TRA7Ct1Q0H1HGTi61PaCMXBY0bnHX7cz
|
||||
zFGfZX6bMTVroNcVWuQYin7yiR9RduA1KCVaxgS/k7VNXqB2RgQlV5LK6DdzncmS
|
||||
HSG5l0ymBoZ4CtQgwdiQ1HTvJdzx5wdfAwXZCqe8Kbqal1AA/uO+3df/ab3smbFb
|
||||
raOAkpFuSVWIO+9/5gV+Zy8CHtNSX4j+Qiu4NFiCtSStqR2mjkafTJ25LbQjvKTS
|
||||
XAGJw4O5t+PRx+koybKAC4YU6+t6YzdzbQaPcHKZ96LU26FyCIpXEa2p98r2d5d6
|
||||
i0ZfHD5LchrATqGvfg0eypKzw9LR/yBq9nkcV9c79hjaNQYZ78yDEdym/JQ2
|
||||
=2dqd
|
||||
hQIMA/YLzOYaRIJJAQ/6A1ExArKZHhuHxPmgCAvPZKNXEyPPCz+kUv6ZK5FBiMhD
|
||||
5Ftb3PqlKbTdKSO/ctl2854i3DVoHgwapMRN19/S2HC2hLCJ0r3KBNJHQ3SeiuX8
|
||||
/1chpjIPVR0Iqbk19Qu/1uFioSkHX8b6acjGJwYVkNUB5rQ+b+bjpnFE3CbPGMGG
|
||||
XIrTonylB0+tHUBB4UP1fGNlFLDNi1uDPfeZu+DUYK+UfdstyqeVC07bqMYiqPGG
|
||||
gGfLsbN9nyurcZKUfXJL4Wzf9OytSk3rdfGRSIYU2zKTz9HVFjICJz/rr5ZArCZ6
|
||||
j+/Mx2Qg/2zy8X1YqDBhOzeQmPAskbpo3H+J+mwChCRzUL4tViE4stwLv8A/V09n
|
||||
J07eqU84WYmop291wYXeh23EBC1Tuk2AD6rPHWaMvZH+y2nK7zh16Id3wREqkkEc
|
||||
r82NyJPzKuxaWjj5RVKJ6mt/ogc9t0kL15kxUqQUlrNsK2Xz3o75+08lmH6Udyhh
|
||||
1WtHb78rJWtbOJwdBxWc2w2j4HzbEnWwS+ld/C6fPDbMzTNomRuX5cMv2GMElzTv
|
||||
DOCwVH6OeXMNq/K2d1zrvjsp7J+VOMA9lUdAF0unuqi2U9wNXGX0SCtMPFbiXEeO
|
||||
C9QASY8XRjPf50f5cmolFZrIzc++3eVOg8s0PfC/+rXav0MSGGg4/lCxIsM6OlvS
|
||||
XgGbMn0N/TYNhabdEPIPV/z+v4lza1XJSjfiLrsF7iXvGhvWJ4xD+wkujPWH8LsB
|
||||
vWHlhlv7ue7mskVaKeDJCtqNbmT3PEQJRKi0V0UmNIiF1JB/hL6ZUM7fm5i1/+0=
|
||||
=MYoI
|
||||
-----END PGP MESSAGE-----
|
||||
fp: 91EBE87016391323642A6803B966009D57E69CC6
|
||||
- created_at: "2022-11-28T20:39:35Z"
|
||||
- created_at: "2023-09-14T15:59:02Z"
|
||||
enc: |
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
hQEMA1N/l9+zlMQzAQf9GZVOd3+70TOm4STX+gODqfhQKBsOMlE/t0i0sBp8f2V2
|
||||
XSwiYu/MvfgLwn3yRnmEwIJvQNcoLrNdLmhwhfA4wvyBGXco1EX2drlBzBF5YbyM
|
||||
kq9TubrSRaps1zmmiuNnt3qT8Q+DEXMuKbBy2eWTDIqaD4pDkqEvzGzsfn7/L4wa
|
||||
57RAi3NPIzj3wkojIyjZePGYPa648faWK32TYc/wM2fs/e4bOfH4D52uE7FKghDg
|
||||
5bSR7SdbnZSQbCxkHqgtJP+1VBFusTlmAxXuSCDOqZSNHnk7NXhzJnN4D/aTrS+o
|
||||
uNFVJCh1mNZuO+Pb2i7/SkcTmMKm0vqu9dyhZaGUMNJcAR32sJzU9wcdctdGl9S1
|
||||
RxIp3sybPf+BzELiEO6T3+F2wLJEOfMSqpzgam1UYCcn1m6EjMDH3vslqiiwaF6E
|
||||
sVfmsSecVH2JvhTgkF6LyGenEvRqwj57WI4x1KQ=
|
||||
=9+5E
|
||||
hQEMA1N/l9+zlMQzAQf+OH908FtvIyfsJwdG0ff3Ji6s6Z2MJQ3JGzOQ4bB8LtBV
|
||||
vfwe9w+WLF/iAa/cUoCP8YJs8JfVq1CxDtFwGDrbD3+L62nSNrwsR92BmxdUleZ/
|
||||
a0qz8BWU2awprugCL5Wpx3ISnwnsjE0cooUhED0e6iGHRHSQ9POs+bDw3h3G6w9U
|
||||
gyNZwYQlUnlpWliEPaxfGM2XaDw2JnIH+WLziK7lsRrKoStTDwltZg9ZBkk18lCz
|
||||
XB3bdwNKfeI+R0Nk8f/Pj7cWlXh/j6YbnVnf4P4HHkzs7DZXrKJUn9twrsqfYmqB
|
||||
AM3AMh+OWbHp2lmjiRMuas7a83aD7bOr4CtvrKLcx9JeAX3k/dVuHgZg8cv08aA5
|
||||
Ypkp9xxvlxRkeEMxXzZBM9vZXLPzz/M2VhSAoTLqAZcta95eEr0ta7fXYz2iW7CQ
|
||||
c17yaVewQO2Tu6mQtp/opqTigxhpwzR+Y6CZYE7rYA==
|
||||
=AOiP
|
||||
-----END PGP MESSAGE-----
|
||||
fp: 069836A578F7939612DB4934F77D0F7E247A1EE4
|
||||
- created_at: "2022-11-28T20:39:35Z"
|
||||
- created_at: "2023-09-14T15:59:02Z"
|
||||
enc: |
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
hQEMA1N/l9+zlMQzAQf/X7rsO49FKeclClSwhM9djME9Fs83FgDsNoIUydho/AHb
|
||||
R1fqOVvRXA2Gn96zZSs2W8AcaJoH2uf7eTF/swt1J9nzuvr5PIoci76WxOeKVfNw
|
||||
54TIY5w9NytB3zhpkqbU/kVe8OwavOiD3esBDdeApi9bSeHaOpfJ8c8rtQG0g8Ny
|
||||
oKMJmrDr4Di0ysCSOH5sJcXr86c6GBNwlQKIrQIkD8wfoqb90EH8rg2mZ6xaaafs
|
||||
hzGYfP2B2bB62CBE7taeLkrdY163k1tNYyH4C8gegsBHXEGzOBbATvN467Bfmi+7
|
||||
4S1cKO1X8E5T+t70gSaawlAoQ59pl2m9jQHq8Exf0dJcAWv6g9KAvWwWqBXZYENb
|
||||
kq92xcmWHTLFuV83MgqE7kUytgWxUhklhREkwHG2qYgyYOHgrg//p+17XSoI8e+X
|
||||
g+6WlKuO+Uyu+YNy3IzjMwn5LctFviPDl0F+BhA=
|
||||
=lD9P
|
||||
hQEMA1N/l9+zlMQzAQf+MRjWWewxGEE3/ABd4D7cZhNVAXAzh8I1YtwOFvZP8aWm
|
||||
9xp4Klo4qP5YOXtTKK7joslbKEonsxoxCI9Lij3bIuVem/4JrSnTPM0csVdrYdi9
|
||||
zSzR2iBLT9Dc5KF7u5z/Kwi8WTgFFywtljXljvJhkK/iSb+8Gn81L2r6Luz9pJtP
|
||||
bK/vOK82iyr4wMlhD+/TZw9hMWfbwXaRfnJN2i76l2RE6eo6JWsWFFez8i6VVzjS
|
||||
gs9etK9GDch+cnBQo6TqdMW5zoOTENsd3WgU4rzuugHOL44dS8cH6Wxi/c0Pv7gt
|
||||
lehqdLThM01nhEB/bxbNVqqmTk3BJGxhA1Ulq/qKxtJeAR+KROqwef74beEmrCoJ
|
||||
+zX2QkIITRU5Q9EhhGVcPYsuUAX8tpCwGX8uFbx8c9jetMlIAsim8+dQdArJYcyF
|
||||
3wBv6whQPjXr1VpzrNO2njqc5yCQNc0uPlE+EivuDQ==
|
||||
=pT4X
|
||||
-----END PGP MESSAGE-----
|
||||
fp: ED06986DFAAE6A61B751DC2F537F97DFB394C433
|
||||
unencrypted_suffix: _unencrypted
|
||||
|
|
|
@ -1,4 +1,7 @@
|
|||
wg-seckey: ENC[AES256_GCM,data:mUFBjQpHC0Flpyw82lXUInLVm0TJW1wB51evA7hXiit7JcK4z/HCyD5UGQU=,iv:O2/UP+WjCmasU6kP/58B1zXL0XAmzUOcM/1ONE31+/o=,tag:ObN6viKQm7ghuXKVeUydjg==,type:str]
|
||||
hashed-password-0xa: ENC[AES256_GCM,data:Tofb7PL5/fZHSLx/nN0o+6w7f0lfITQXoAV4Pu7JGzADi+vY9rfuOLzDapHh82bz1d3vbzPGECzpvYN6Bp/UMHivou0JD5ozIQ==,iv:7bPTP84NcwPCsIZaxBNinIcmewf+pWW5U21OTO1WGeY=,tag:ohaDbKZuXDhq9YBg/8wu/A==,type:str]
|
||||
hashed-password-tassilo: ENC[AES256_GCM,data:z3DD3ZMGjPdNPLRRY3mfdrJzEIizdSV0RnFAI2m+KjHPybtT3araf2bc/zt6iPMcFC1OvJhvm31jCTorZLKT6bknxnIAu2EKHw==,iv:9twbZWdVpQFKqop9dpnoNpZ7jOQp9LluSffZAQXMTd8=,tag:oVMBdTNZfgqbDdrNIFexmA==,type:str]
|
||||
hashed-password-marenz: ENC[AES256_GCM,data:+7Exam93GwUmUkzYOta39d83+8FaQzIbfq4Z+PIoCEwomn6W5Qa7LHKATovKwq5sZVnPJ6jSQ0ruxjmbG9/FykaKxXKGeCv9xQ==,iv:aqibnzdlRkA7sruGIlENspEUQYlo+QVOdANRmAeMYWM=,tag:G1K14+1QmlkP0njB56seUw==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
|
@ -14,8 +17,8 @@ sops:
|
|||
YVFMQ3pZYS9oM3RERDg4NHA1OHRoUEkKYIKvmU6cMiWqrDASPeDZAs3jHOn41onU
|
||||
YtnMpjNQncMbvzDjuijjsCusgxL1DOEWvkg5xn8u4yGhguV6hEW4mQ==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2023-05-30T13:44:49Z"
|
||||
mac: ENC[AES256_GCM,data:iLT8KrlibgljBzhZAFEdlKs/+c0XjxFkCHchjuO9dQJb576HpFsQj6LD5opWPAizdhRG0IniP1g9lUTrpE9Wb/XmQWIuVAJGpCiIWaFM0ENZ5fEcZDoWkBNJVmELe4M7yffD1N1EYffd0uwjyzHoPgEnFC8GrNMeBZdCuu08tR8=,iv:clpxUJLj8o4FRTW9oBxxnU23MYBvRDhxW9df85n4/AM=,tag:abTl8mvDRRknDHbP+01ZKg==,type:str]
|
||||
lastmodified: "2023-06-10T21:35:03Z"
|
||||
mac: ENC[AES256_GCM,data:ESL2J916TklAXe7Lpdh1sn3mhHuNiBZ7xq4KAwn2nV1nErRRPcaA/U3Qf+nY5x95DdIkrDBpGx+rC4LAgs5FBx/lZNYgiuFCJuF6U1ZfaOhIQEatZ/isZ8xa88ENL3rrAQuU17HGfAu3FxseGRGiJ44cR4RHLzjWz87//Sx9Xkk=,iv:erdyt4i5ndRC/QGi2RMl34WKojFEjAPGmKzd7o3dYrY=,tag:J/5A8lvrFvdqNtnYFB62EQ==,type:str]
|
||||
pgp:
|
||||
- created_at: "2023-05-30T14:29:01Z"
|
||||
enc: |-
|
||||
|
|
Loading…
Reference in New Issue