dump-dvb/nix-config
dump-dvb
/
nix-config
mirror of https://github.com/dump-dvb/nix-config.git
3
0
Fork 0
Code Issues Projects Releases Wiki Activity

new tlms release

This commit is contained in:
Tassilo - 2023-09-16 20:03:06 +02:00
parent e792b44816 bd315f0e10
commit e2281f8b41
Signed by: revol-xut
GPG Key ID: 4F56FF7759627D07
15 changed files with 333 additions and 171 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.sops.yaml
View File

@ -28,7 +28,7 @@ keys:
# aachen
- &traffic-stop-box-7 age1z5n0seu0qpt3y86gmz92mnmts0x8jd0a646e9ld2x5dqvvu5kgzsu93um4
# C3H
- &traffic-stop-box-8 age1cchq3tzcl2jnvq4pc9y8yusak9a2552fnrhhll4q22agm8ncycuqesj3rg
- &traffic-stop-box-8 age1x0j3jpeqw3c5qd7wgqavfg3quse6phxdzze62zj8zl8ds9y46p3qecwgxm
# dumpdvb_bugdorf
- &traffic-stop-box-9 age1ger9j5fk5v7hcnnl688g9rcnt9uu7c6605ptgcl338l6xl3u9q8s5p7kys
# CLT

72
flake.lock
View File

@ -203,11 +203,11 @@
"documentation-src": {
"flake": false,
"locked": {
"lastModified": 1669248915,
"narHash": "sha256-+pJzcS8jraCdvXwbxjMCdVqK2kyXih+61gaCCPX+txg=",
"lastModified": 1693223762,
"narHash": "sha256-ZZNR/zzAhfUcWPvJdoaVaz19XV+4hleJI4AF6JY2tqc=",
"owner": "tlm-solutions",
"repo": "documentation",
"rev": "c65ea26a7720e90fb54fc31fba5d0c048bd404be",
"rev": "22b1328f19a5201a47b8b82c4fb3c7db7c1ded47",
"type": "github"
},
"original": {
@ -348,11 +348,11 @@
"systems": "systems_3"
},
"locked": {
"lastModified": 1692799911,
"narHash": "sha256-3eihraek4qL744EvQXsK1Ha6C3CR7nnT8X2qWap4RNk=",
"lastModified": 1694529238,
"narHash": "sha256-zsNZZGTGnMOf9YpHKJqMSsa0dXbfmxeoJ7xHlrt+xmY=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "f9e7cf818399d17d347f847525c5a5a8032e4e44",
"rev": "ff7b65b44d01cf9ba6a71320833626af21126384",
"type": "github"
},
"original": {
@ -425,29 +425,6 @@
"type": "github"
}
},
"kindergarten": {
"inputs": {
"nixpkgs": [
"nixpkgs"
],
"utils": [
"flake-utils"
]
},
"locked": {
"lastModified": 1683915762,
"narHash": "sha256-FNiZ2qRgkcqFVhNSREL7Y+PDat5R5EqVPqaJmnfIl1w=",
"owner": "tlm-solutions",
"repo": "kindergarten",
"rev": "e9beec3024175db0a9526026e0d8b9f57e865d13",
"type": "github"
},
"original": {
"owner": "tlm-solutions",
"repo": "kindergarten",
"type": "github"
}
},
"lizard": {
"inputs": {
"crane": "crane_3",
@ -482,11 +459,11 @@
]
},
"locked": {
"lastModified": 1692274616,
"narHash": "sha256-UttCk5/sl0lLrBVO9kpmtDlFXcI2UkyOaSp7+grLRRE=",
"lastModified": 1694526290,
"narHash": "sha256-HiWr+tfJE/hcn8atRC0S5KweSUknQLEduPLTEiSr5J8=",
"owner": "astro",
"repo": "microvm.nix",
"rev": "a291d324915f26d1fd86443bd486089099e8b541",
"rev": "03e7f11cf915a911277c2cdea5d7da9717597aa2",
"type": "github"
},
"original": {
@ -544,11 +521,11 @@
]
},
"locked": {
"lastModified": 1692351612,
"narHash": "sha256-KTGonidcdaLadRnv9KFgwSMh1ZbXoR/OBmPjeNMhFwU=",
"lastModified": 1694081375,
"narHash": "sha256-vzJXOUnmkMCm3xw8yfPP5m8kypQ3BhAIRe4RRCWpzy8=",
"owner": "nix-community",
"repo": "naersk",
"rev": "78789c30d64dea2396c9da516bbcc8db3a475207",
"rev": "3f976d822b7b37fc6fb8e6f157c2dd05e7e94e89",
"type": "github"
},
"original": {
@ -575,11 +552,11 @@
},
"nixpkgs-stable": {
"locked": {
"lastModified": 1693097136,
"narHash": "sha256-fBZSMdBaoZ0INFbyZ5s0DOF7zDNcLsLxgkwdDh3l9Pc=",
"lastModified": 1693675694,
"narHash": "sha256-2pIOyQwGyy2FtFAUIb8YeKVmOCcPOTVphbAvmshudLE=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "9117c4e9dc117a6cd0319cca40f2349ed333669d",
"rev": "5601118d39ca9105f8e7b39d4c221d3388c0419d",
"type": "github"
},
"original": {
@ -639,11 +616,11 @@
},
"nixpkgs_5": {
"locked": {
"lastModified": 1693341273,
"narHash": "sha256-wrsPjsIx2767909MPGhSIOmkpGELM9eufqLQOPxmZQg=",
"lastModified": 1694753796,
"narHash": "sha256-QPE7dqcicQH/nq9aywVXJWWtci4FvxHaM+BSIEbGBvA=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "2ab91c8d65c00fd22a441c69bbf1bc9b420d5ea1",
"rev": "360a7d31c30abefdc490d203f80e3221b7a24af2",
"type": "github"
},
"original": {
@ -664,7 +641,6 @@
"flake-utils": "flake-utils",
"funnel": "funnel",
"gnuradio-decoder": "gnuradio-decoder",
"kindergarten": "kindergarten",
"lizard": "lizard",
"microvm": "microvm",
"naersk": "naersk_3",
@ -832,11 +808,11 @@
"nixpkgs-stable": "nixpkgs-stable"
},
"locked": {
"lastModified": 1693404499,
"narHash": "sha256-cx/7yvM/AP+o/3wPJmA9W9F+WHemJk5t+Xcr+Qwkqhg=",
"lastModified": 1694495315,
"narHash": "sha256-sZEYXs9T1NVHZSSbMqBEtEm2PGa7dEDcx0ttQkArORc=",
"owner": "Mic92",
"repo": "sops-nix",
"rev": "d9c5dc41c4b1f74c77f0dbffd0f3a4ebde447b7a",
"rev": "ea208e55f8742fdcc0986b256bdfa8986f5e4415",
"type": "github"
},
"original": {
@ -989,11 +965,11 @@
]
},
"locked": {
"lastModified": 1684521319,
"narHash": "sha256-1XL1NOOXTv9sxTrpM2XJ8/JggirMhDITnQahohJmxxg=",
"lastModified": 1689950204,
"narHash": "sha256-L75e2u2AXmnYXHHE9f8JruhuMcR7sSXN/xOkaNaJDp4=",
"owner": "tlm-solutions",
"repo": "trekkie",
"rev": "248c71c8c46fce31805b0b673189d59f632b9268",
"rev": "0a6308a6594d99dbd8b58a1f78dc6ddc78b87d98",
"type": "github"
},
"original": {

28
flake.nix
View File

@ -43,12 +43,6 @@
url = "github:tlm-solutions/datacare";
};
kindergarten = {
url = "github:tlm-solutions/kindergarten";
inputs.nixpkgs.follows = "nixpkgs";
inputs.utils.follows = "flake-utils";
};
telegram-decoder = {
url = "github:tlm-solutions/telegram-decoder";
inputs = {
@ -112,7 +106,6 @@
, documentation-src
, funnel
, gnuradio-decoder
, kindergarten
, microvm
, nixpkgs
, sops-nix
@ -142,7 +135,6 @@
{
nixpkgs.overlays = [
datacare.overlays.default
kindergarten.overlays.default
trekkie.overlays.default
lizard.overlays.default
bureaucrat.overlays.default
@ -215,12 +207,6 @@
arch = "x86_64-linux";
monitoring = true;
}
# {
# # Chemnitz
# id = 2;
# arch = "x86_64-linux";
# monitoring = false;
# }
{
# Wundstr. 9
id = 4;
@ -228,10 +214,9 @@
monitoring = true;
}
{
# Warpzone
id = 6;
arch = "x86_64-linux";
monitoring = true;
id = 8;
arch ="aarch64-linux";
monitoring = false;
}
];
@ -249,7 +234,7 @@
}).optionsCommonMark;
};
}
// (import ./pkgs/deployment.nix { inherit self pkgs lib;})
// (import ./pkgs/deployment.nix { inherit self pkgs lib; })
// (lib.foldl (x: y: lib.mergeAttrs x { "${y.config.system.name}-vm" = y.config.system.build.vm; }) { } (lib.attrValues self.nixosConfigurations));
in
@ -319,6 +304,7 @@
./modules/TLMS
./hosts/uranus
{ deployment-TLMS.monitoring.enable = true; }
];
};
@ -328,12 +314,10 @@
program = "${self.packages."x86_64-linux".test-vm-wrapper}";
};
nixosModules."x86_64-linux".watch-me-senpai = import ./modules/watch-me-senpai;
hydraJobs =
let
get-toplevel = (host: nixSystem: nixSystem.config.microvm.declaredRunner or nixSystem.config.system.build.toplevel);
in
nixpkgs.lib.mapAttrs get-toplevel self.nixosConfigurations;
};
};
}

4
hardware/dell-wyse-3040.nix
View File

@ -1,4 +1,4 @@
{ config, lib, ... }:
{ config, lib, pkgs, ... }:
{
# The global useDHCP flag is deprecated, therefore explicitly set to false here.
@ -30,6 +30,8 @@
boot.initrd.availableKernelModules = [ "xhci_pci" "usbhid" "usb_storage" "sd_mod" "sdhci_pci" "sdhci_acpi" ];
boot.initrd.kernelModules = [ ];
boot.extraModulePackages = [ ];
# some whoopsie in kernel 6.1.x maybe?
boot.kernelPackages = pkgs.linuxKernel.packages.linux_5_15;
swapDevices = [ ];
fileSystems."/" =

31
hosts/notice-me-senpai/grafana.nix
View File

@ -20,7 +20,7 @@ in
port = 9501;
listenAddress = config.deployment-TLMS.net.wg.addr4;
globalConfig = {
scrape_interval = "17s";
scrape_interval = "131s";
};
scrapeConfigs =
let
@ -62,9 +62,27 @@ in
TLMSScrapeConfigs = lib.lists.flatten (map lib.attrValues (lib.attrValues ScrapeConfigByHost));
in
TLMSScrapeConfigs;
TLMSScrapeConfigs ++ [
{
job_name = "funnel-connections-prod";
static_configs = [{
targets = [ "10.13.37.1:9010" ];
}];
}
{
job_name = "funnel-connections-staging";
static_configs = [{
targets = [ "10.13.37.5:9010" ];
}];
}
{
job_name = "funnel-connections-borken";
static_configs = [{
targets = [ "10.13.37.7:9010" ];
}];
}
];
};
# log collector
loki = {
enable = true;
@ -124,12 +142,15 @@ in
};
table_manager = {
retention_deletes_enabled = false;
retention_period = "0s";
retention_deletes_enabled = true;
retention_period = "720h";
};
compactor = {
working_directory = "/var/lib/loki";
compaction_interval = "10m";
retention_enabled = true;
retention_delete_delay = "1m";
shared_store = "filesystem";
compactor_ring = {
kvstore = {

73
hosts/uranus/jupyter-container.nix
View File

@ -1,6 +1,14 @@
{ pkgs, packages, bind-ip ? "0.0.0.0", bind-port ? 8080, ... }:
{ pkgs
, lib
, packages
, jupyterUsers
, jupyterAdminGroup ? "uranus-owner"
, bind-ip ? "0.0.0.0"
, bind-port ? 8080
, ...
}:
let
miniconda-alpine-dockerhub = pkgs.dockerTools.pullImage {
miniconda-dockerhub = pkgs.dockerTools.pullImage {
imageName = "continuumio/miniconda3";
imageDigest = "sha256:a4b665d2075d9bf4b2c5aa896c059439a0baa5538ca67589a673121c31b4c35d";
sha256 = "sha256-boIAZ8PaPckWLzYYTqrqMEL7HGbyl9grCJrXOpsBMhg=";
@ -12,20 +20,69 @@ in
pkgs.dockerTools.buildImage {
name = "stateful-jupyterlab";
tag = "latest";
fromImage = miniconda-alpine-dockerhub;
fromImage = miniconda-dockerhub;
runAsRoot =
let
entrypoint = pkgs.writeScriptBin "entrypoint.sh" ''
#!/bin/bash
conda install -c conda-forge ${packages} \
jupyterlab
cont-interpreter = "/bin/bash";
useradd-string = (user: is-admin: ''
set +x # don't leak the hashed password
echo "creating user ${user}"
useradd \
-m \
${if is-admin then "-g ${jupyterAdminGroup}" else ""} \
-p $(cat /pw/hashed-password-${user}) \
${user} \
&& chown -R ${user}:${jupyterAdminGroup} /home/${user} \
&& ln --force -s /workdir /home/${user}/shared-workdir
set -x
'');
jupyter-lab --ip=${bind-ip} --port=${toString bind-port} --no-browser --allow-root
create-all-users-script = (lib.strings.concatStringsSep "\n" (builtins.map (u: (useradd-string u.username u.isAdmin)) jupyterUsers));
jupyterhub-config = pkgs.writeText "jupyterhub-config.py" ''
c = get_config()
c.PAMAuthenticator.admin_groups = {'${jupyterAdminGroup}'}
c.Spawner.notebook_dir='/workdir'
c.Spawner.default_url='/lab'
'';
entrypoint = pkgs.writeScriptBin "entrypoint.sh" ''
#!${cont-interpreter}
set -ex
# Update the System
apt update -y
apt dist-upgrade -y
# create jupyter group
groupadd ${jupyterAdminGroup}
chown -R root:${jupyterAdminGroup} /workdir
chmod -R g+rwx /workdir
# create all the users
${create-all-users-script}
# install the python environ
conda install -c conda-forge mamba
mamba install -c conda-forge ${packages} \
jupyterlab \
jupyterhub
# off to the races
jupyterhub --ip=${bind-ip} --port=${toString bind-port} -f /jupyterhub-config.py
'';
in
''
#!${pkgs.runtimeShell}
mkdir -p /workdir
# make temp store for pw hashes
mkdir -p /pw
cp ${jupyterhub-config} /jupyterhub-config.py
cp ${entrypoint}/bin/entrypoint.sh /entrypoint.sh
'';
config = {

54
hosts/uranus/stateful-jupyter.nix
View File

@ -1,5 +1,33 @@
{ pkgs, lib, ... }:
{ pkgs, config, lib, ... }:
let
jupyterUsers = [
{
username = "0xa";
userPasswordFile = config.sops.secrets.hashed-password-0xa.path;
isAdmin = true;
}
{
username = "tassilo";
userPasswordFile = config.sops.secrets.hashed-password-tassilo.path;
isAdmin = true;
}
{
username = "marenz";
userPasswordFile = config.sops.secrets.hashed-password-marenz.path;
isAdmin = true;
}
];
# move the secrets to the volume
secret-setup = (lib.strings.concatStringsSep "\n" (builtins.map (u: "cp --force --dereference ${u.userPasswordFile} /var/lib/pw/") jupyterUsers));
in
{
sops.secrets = {
hashed-password-0xa = { };
hashed-password-tassilo = { };
hashed-password-marenz = { };
};
virtualisation.docker = {
enable = true;
# magic from marenz to make it work on ceph
@ -18,10 +46,12 @@
volumes = [
"/var/lib/jupyter-volume:/workdir"
"/var/lib/root-home:/root"
"/var/lib/pw:/pw"
"/var/lib/users-home:/home"
];
imageFile =
let
package-string = lib.concatStringsSep " " [
packages = lib.concatStringsSep " " [
# alphabetically `:sort`ed plz
"geojson"
"matplotlib"
@ -31,14 +61,30 @@
"psycopg"
"scipy"
"seaborn"
"bitstring"
];
in
(import ./jupyter-container.nix {
inherit pkgs;
packages = package-string;
inherit pkgs lib jupyterUsers packages;
});
image = "stateful-jupyterlab";
};
};
systemd.services = {
setup-docker-pws = {
description = "copy the user passwords to docker volume";
wantedBy = [ "jupyterlab-stateful.service" ];
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
};
script = secret-setup;
};
docker-jupyterlab-stateful = {
after = [ "setup-docker-pws.service" ];
requires = [ "setup-docker-pws.service" ];
};
};
}

2
hosts/uranus/stateless-jupyter.nix
View File

@ -1,2 +1,2 @@
# The plan is to try out how broken the stateless jupyter lab in nixos
{}
{ }

6
modules/data-hoarder/chemo.nix
View File

@ -1,9 +1,11 @@
{ config, ... }:
{
let
service_number = 3;
in {
TLMS.chemo = {
enable = true;
host = "127.0.0.1";
port = 50053;
port = 50050 + service_number;
database = {
host = "127.0.0.1";
port = config.services.postgresql.port;

2
modules/data-hoarder/kindergarten.nix
View File

@ -13,7 +13,7 @@
enableACME = true;
forceSSL = true;
locations."~ ^/(de|en)" = {
root = if (config.deployment-TLMS.domain == "tlm.solutions") then "${pkgs.kindergarten}/bin/" else "${pkgs.kindergarten-staging}/bin/";
root = "/var/lib/kindergarten/";
# index = "index.html";
tryFiles = "$uri /$1/index.html =404";
extraConfig = ''

10
modules/data-hoarder/socket.nix
View File

@ -1,21 +1,21 @@
{ config, ... }:
let
serice_number = 2;
service_number = 2;
in
{
TLMS.funnel = {
enable = true;
GRPC = {
host = "127.0.0.1";
port = 50050 + serice_number;
port = 50050 + service_number;
};
defaultWebsocket = {
host = "127.0.0.1";
port = 9000 + serice_number;
port = 9000 + service_number;
};
metrics = {
port = 9010;
host = "0.0.0.0";
port = 10010 + service_number ;
host = config.deployment-TLMS.net.wg.addr4;
};
};
services = {

12
modules/traffic-stop-box/configuration.nix
View File

@ -1,10 +1,13 @@
{ config, ... }:
{ pkgs, config, self, ... }:
{
boot.tmp.useTmpfs = true;
networking.hostName = "traffic-stop-box-${toString config.deployment-TLMS.systemNumber}"; # Define your hostname.
# reboot 60 seconds after kernel panic
boot.kernel.sysctl."kernel.panic" = 60;
# Set your time zone.
time.timeZone = "Europe/Berlin";
@ -16,12 +19,5 @@
};
};
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. Its perfectly fine and recommended to leave
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "21.11"; # Did you read the comment?
}

89
pkgs/deployment.nix
View File

@ -1,4 +1,8 @@
{ self, pkgs, lib }:
# This generates deployement scripts **ONLY** for non-microvm (e.g. bare-metal
# or conventional vm) hosts
let
# filter out deployable (aka not microvm or container) systems
filterHosts = k: v: !(builtins.hasAttr "microvm" v.config);
@ -27,17 +31,88 @@ let
fi
''));
# garbage collect everything
garbageCollect = (system:
let
ip = system.config.deployment-TLMS.net.wg.addr4;
host = system.config.networking.hostName;
in
(pkgs.writeScriptBin "deploy" ''
#!${pkgs.runtimeShell}
set -e
echo -e "\033[0;33mChecking if ${host} is up (ip: ${ip})\033[0m"
if ping -c 1 ${ip} > /dev/null
then
echo -e "\033[0;32mCollecting garbage on ${host} with \"nix-collect-garbage -d\"\033[0m"
ssh root@${ip} -- nix-collect-garbage -d
else
echo -e "\033[0;31m${ip} seems to be down!\033[0m"
exit 1
fi
''));
# reboot everything
reboot = (system:
let
ip = system.config.deployment-TLMS.net.wg.addr4;
host = system.config.networking.hostName;
in
(pkgs.writeScriptBin "deploy" ''
#!${pkgs.runtimeShell}
set -e
echo -e "\033[0;33mChecking if ${host} is up (ip: ${ip})\033[0m"
if ping -c 1 ${ip} > /dev/null
then
echo -e "\033[0;32mRebooting ${host}\033[0m"
ssh root@${ip} -- shutdown -r 1
echo -e "\033[0;31m${host} IS SCHEDULED FOR REBOOT IN 1 MINUTE\033[0m"
else
echo -e "\033[0;31m${ip} seems to be down!\033[0m"
exit 1
fi
''));
# individual script generation
deployScriptWriter = (command:
pkgs.lib.mapAttrs'
lib.mapAttrs'
(name: system:
lib.nameValuePair ("rebuild-" + command + "-" + name) (deployScriptTemplate system command))
nonVmHosts);
supported_commands = [
"switch"
"boot"
];
switchInstallScripts = deployScriptWriter "switch";
bootInstallScripts = deployScriptWriter "boot";
installScripts = bootInstallScripts // switchInstallScripts;
garbageCollectScripts = lib.mapAttrs' (name: system: lib.nameValuePair ("collect-garbage-" + name) (garbageCollect system)) nonVmHosts;
rebootScripts = lib.mapAttrs' (name: system: lib.nameValuePair ("reboot-" + name) (reboot system)) nonVmHosts;
## all at once
switchAll = lib.strings.concatMapStringsSep "\n" (path: "${path}/bin/deploy") (builtins.attrValues switchInstallScripts);
bootAll = lib.strings.concatMapStringsSep "\n" (path: "${path}/bin/deploy") (builtins.attrValues bootInstallScripts);
rebootAll = lib.strings.concatMapStringsSep "\n" (path: "${path}/bin/deploy") (builtins.attrValues rebootScripts);
garbageAll = lib.strings.concatMapStringsSep "\n" (path: "${path}/bin/deploy") (builtins.attrValues garbageCollectScripts);
nukeAll = lib.mapAttrs'
(name: scripts: lib.nameValuePair (name) (pkgs.writeScriptBin "${name}" ''
#!${pkgs.runtimeShell}
set -x
${scripts}
''))
{
rebuild-boot-all = bootAll;
rebuild-switch-all = switchAll;
reboot-all = rebootAll;
garbage-collect-all = garbageAll;
};
installScripts = lib.foldl (attr: cmd: lib.mergeAttrs attr (deployScriptWriter cmd)) { } supported_commands;
in
installScripts
installScripts //
garbageCollectScripts //
rebootScripts //
nukeAll

112
secrets/traffic-stop-box-8/secrets.yaml
View File

@ -6,86 +6,86 @@ sops:
azure_kv: []
hc_vault: []
age:
- recipient: age1cchq3tzcl2jnvq4pc9y8yusak9a2552fnrhhll4q22agm8ncycuqesj3rg
- recipient: age1x0j3jpeqw3c5qd7wgqavfg3quse6phxdzze62zj8zl8ds9y46p3qecwgxm
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBSSmV4VFBpTlFaK0hNZDRh
cy9tUFVPUmNoSlExRzN2NzZSam5vNjNYRm5BCmxQWGVOOWhnR2ZMMlQ3L3Vhc0xa
N2VIVk4xSElJeXV1N3RzNTE1OGQ2bWcKLS0tIHFsQ0NDWHZUbUdrZHoya0J2YWk4
N3VTSlhtVmxTeXgvNHBKSHp4eFBSdm8Kl78noQp3OomAmK1t9C3wE93DGQS24c8Y
+P2Nqvm9hO/k6kYm+iT9dh2HIa16ntptOUW8wPUw4kSNgdlibssh7Q==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB5OERnSXdmNlF2SHVtQW8x
ZG5LcEFzUHppdEJ3ejJyQW1YOWRKeCtob0JRCjRTeC9ZMk9OaXh5OUFLYVZhaGFY
SXBQL003Rzl4VTRqSGdKWnVYZjAyc1EKLS0tIEFHZFQ2bzU1ZkxCMWxlZ2ZNbS8x
UlMvdUhqWEFjWXh6RWxtK3gvMWYrR28KteyDX6snSaU4JRFfsd5yCYPvNPFH1MUV
AO1PgiAY19z3cI8vlEobuNB0t+O7lZaiU5dWTUb+bIKyMRUTHOD2Sw==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2022-11-28T18:15:34Z"
mac: ENC[AES256_GCM,data:DYYhTAdxOt7qwWNLsl2urAqAIez+359Z3r+ZMOcs6wuD6Q6OLuyV8E7zzWhpt+hrAcRICzkRSzVMRatHckKZz5/Ej7AkYeKUML3QfWJ2dQDhmijLayYXXXeH0HrZh4DqD8xOhIFVIWxNQtIRboUMvMkz0+ao7nvMqLGaRaqiIT8=,iv:S5zQE6YOTo+Tx65Z6q7xhb/niC0ZbxqWD6jji3Ody1A=,tag:n/MfLMBi1yeXeUY3riVYPA==,type:str]
pgp:
- created_at: "2022-11-28T20:39:35Z"
- created_at: "2023-09-14T15:59:02Z"
enc: |-
-----BEGIN PGP MESSAGE-----
wcFMA7zUOKwzpAE7AQ//V9xaoQ9eEzy57iPTsNdjbNvE0eUkpMxqy2eZrkeYeNcG
mqpvgjQ52vuV4gT01w093aHxorurQOb8htokZfJD7aC+FMw8vWV6HxLWE5FjXiQc
OoJiHcIhE1U+STvVcynMut8Gz8bLIbD7ifX9TUT+RYNX63HRhwBjF7yrl+VXiwY7
NeJNhgEWO90ajcbP4rbKq51TZZCS613eOsGrLtulry3WedKiV/UYxVXD4YT0ElXh
34y3dvuh5pi7nEVyQHq58cHgPZcC82Jru90Y8G7Kq9EmARikmgJYRzsqpfhJCyge
qaJtjQ+jUe+WjzfDKEJO4MGfxT/gmeaAs5hZX7r+15MPBfoEL/I+ELjWHDdC790f
S0jLMWi87PSa9LGpgcOmbNIlbpyK5aK9JOoPx0rgtOnajq+wdstVj9qfLQmw7MFp
1EtY+xY5AOYJPdsfPnKm4Rj1G0X1g1z35xo4lu+0Jbz0wPPhGBT+bzrWCO7EcxEw
COIf4EHLx/mayKJkWW9ksIppdrdES616weLDu5JxiOsHm8D6D/il+N/zk5+k1AMK
fzs/+jfTTrEWXPTTHLaGdvQs9TIud5KmV9C83rgy8N1VevAcGI5EvzNUqOXHNVLA
DVY8xtnJb/ZSN547XMCsmRGQ1T02F7fUP0DQHCS1coCja3RAMiabcACFw00UoX7S
UQFe8yaiVbhbiqBSGpp1t1tsX9z5szWeG17sO85r6Fmv61hzCYSdx7ZreGUZl+H+
AX5yTZhQIbjpCY+lypiOcGsV4VDsxl0aAyTUhABUSGJBEw==
=Ss0B
wcFMA7zUOKwzpAE7ARAAhtspBDeP1NjkIVWgwaa/uIYg1ZeYymo6kFGuhQxn5ObB
gxcl/sgvCjqc6vcHjjnG7Qf0/ZSyCohYZlcFzcA4Qo2/K0EaLunDTd4/mYOhBfLZ
p1wnvayF7716DC9Dqxx5731rr5pdB/tPguKaKmccDRlA+ckboA5gjAI9QvnOJNV+
RViP9tesLoD+muoiavh04wWACMl+1LAO7xZoFU4bFx1ElHvc7ZVaMFt6j87hDCHn
CcmBBm9zPFrfMq+993YQJEc9aE1LGkqEijxyekqhDB0ASrdjv8i4onWvOdwFhyfY
0dSC6wtkRHFVF5eBhdeLO5fXfa2FKbag4JQj1F2Ae7eixUzmbU3z3VUwKeUWd8Y9
GLwkQeVRLkgMFyaSjliRByPj156n4YvocZLsodcdaZ4JRUp5oINj7Klx4vpFQVGF
dpZ9aDThMyaDhxIFrCMf4fWgx5In/LPxRmbTprYqFYgzR85weF32XzsiUnjhDPXx
zE63liCxXT6d4r1oSBlB9tCMse4vmbmFG1AjMuO2Kn/vRINDdpZTEwiyeId1TUQG
RoYjte7JS85+jze/g3sH/CVKbxCBo8Q5hT1wwamNg91YF2L9+ahxgGnzFcvPcIL7
uo9T5CRoi6fR/rGeANwinblz+TYXwhFBbpUlPlXhacQSUswPgCAmdV48Axk0D6nS
UQGxzsjgNouXriVX4KeF7LYKdQY6d1l2vwxbNEQ6QTQtsKGKBt7wyfI8CQmfzTkp
iPCRs15HSrUN2yRSKN2URndCWKUh2kXe9nVE2qw9RzlScQ==
=MdNQ
-----END PGP MESSAGE-----
fp: DD0998E6CDF294537FC604F991FA5E5BF9AA901C
- created_at: "2022-11-28T20:39:35Z"
- created_at: "2023-09-14T15:59:02Z"
enc: |
-----BEGIN PGP MESSAGE-----
hQIMA/YLzOYaRIJJARAAsM9sI4zDmFok0TaeLfTuhPM8Lzf5bSfoy1jrqdag1bMo
H1QOs9j+Md9GgGSUc92sy/3X0khmnCxjOhS0hpKuD2QbUkcpZ+hjaHno0e2QBjTd
Pj+JqNZUkfLcOnU0VlODChj63p9Mh/ha5XNH+6wKMeF2fVuPU3UMB0DQdTj4iCYL
bc43AxTkfMQg9qXr5eE95jaSF4SukhYmuPL/bhnaiYb03BF0bBDEDRenbnHz1T0B
Z/b2+62ppv44QCYp3Rqv47gnJH8bjtnLy04BRfrqv9oEXAk8fBarF6IkvnkCcSha
9j2OnBfsgSWn7Fx8BN/IfMF3Z45qtP8iRjUBwMKFejujtf96EaaCOMtKvVhqBFuZ
BX7biPuT+Vx/qzN5k8YOCzfq8Jgf9EtRUZ006DaKOz+5Q4ObsuF7FnxnwdMmG2ci
dlME/V7ByULLxl+vs6zzBd29JXZkxRd4TRA7Ct1Q0H1HGTi61PaCMXBY0bnHX7cz
zFGfZX6bMTVroNcVWuQYin7yiR9RduA1KCVaxgS/k7VNXqB2RgQlV5LK6DdzncmS
HSG5l0ymBoZ4CtQgwdiQ1HTvJdzx5wdfAwXZCqe8Kbqal1AA/uO+3df/ab3smbFb
raOAkpFuSVWIO+9/5gV+Zy8CHtNSX4j+Qiu4NFiCtSStqR2mjkafTJ25LbQjvKTS
XAGJw4O5t+PRx+koybKAC4YU6+t6YzdzbQaPcHKZ96LU26FyCIpXEa2p98r2d5d6
i0ZfHD5LchrATqGvfg0eypKzw9LR/yBq9nkcV9c79hjaNQYZ78yDEdym/JQ2
=2dqd
hQIMA/YLzOYaRIJJAQ/6A1ExArKZHhuHxPmgCAvPZKNXEyPPCz+kUv6ZK5FBiMhD
5Ftb3PqlKbTdKSO/ctl2854i3DVoHgwapMRN19/S2HC2hLCJ0r3KBNJHQ3SeiuX8
/1chpjIPVR0Iqbk19Qu/1uFioSkHX8b6acjGJwYVkNUB5rQ+b+bjpnFE3CbPGMGG
XIrTonylB0+tHUBB4UP1fGNlFLDNi1uDPfeZu+DUYK+UfdstyqeVC07bqMYiqPGG
gGfLsbN9nyurcZKUfXJL4Wzf9OytSk3rdfGRSIYU2zKTz9HVFjICJz/rr5ZArCZ6
j+/Mx2Qg/2zy8X1YqDBhOzeQmPAskbpo3H+J+mwChCRzUL4tViE4stwLv8A/V09n
J07eqU84WYmop291wYXeh23EBC1Tuk2AD6rPHWaMvZH+y2nK7zh16Id3wREqkkEc
r82NyJPzKuxaWjj5RVKJ6mt/ogc9t0kL15kxUqQUlrNsK2Xz3o75+08lmH6Udyhh
1WtHb78rJWtbOJwdBxWc2w2j4HzbEnWwS+ld/C6fPDbMzTNomRuX5cMv2GMElzTv
DOCwVH6OeXMNq/K2d1zrvjsp7J+VOMA9lUdAF0unuqi2U9wNXGX0SCtMPFbiXEeO
C9QASY8XRjPf50f5cmolFZrIzc++3eVOg8s0PfC/+rXav0MSGGg4/lCxIsM6OlvS
XgGbMn0N/TYNhabdEPIPV/z+v4lza1XJSjfiLrsF7iXvGhvWJ4xD+wkujPWH8LsB
vWHlhlv7ue7mskVaKeDJCtqNbmT3PEQJRKi0V0UmNIiF1JB/hL6ZUM7fm5i1/+0=
=MYoI
-----END PGP MESSAGE-----
fp: 91EBE87016391323642A6803B966009D57E69CC6
- created_at: "2022-11-28T20:39:35Z"
- created_at: "2023-09-14T15:59:02Z"
enc: |
-----BEGIN PGP MESSAGE-----
hQEMA1N/l9+zlMQzAQf9GZVOd3+70TOm4STX+gODqfhQKBsOMlE/t0i0sBp8f2V2
XSwiYu/MvfgLwn3yRnmEwIJvQNcoLrNdLmhwhfA4wvyBGXco1EX2drlBzBF5YbyM
kq9TubrSRaps1zmmiuNnt3qT8Q+DEXMuKbBy2eWTDIqaD4pDkqEvzGzsfn7/L4wa
57RAi3NPIzj3wkojIyjZePGYPa648faWK32TYc/wM2fs/e4bOfH4D52uE7FKghDg
5bSR7SdbnZSQbCxkHqgtJP+1VBFusTlmAxXuSCDOqZSNHnk7NXhzJnN4D/aTrS+o
uNFVJCh1mNZuO+Pb2i7/SkcTmMKm0vqu9dyhZaGUMNJcAR32sJzU9wcdctdGl9S1
RxIp3sybPf+BzELiEO6T3+F2wLJEOfMSqpzgam1UYCcn1m6EjMDH3vslqiiwaF6E
sVfmsSecVH2JvhTgkF6LyGenEvRqwj57WI4x1KQ=
=9+5E
hQEMA1N/l9+zlMQzAQf+OH908FtvIyfsJwdG0ff3Ji6s6Z2MJQ3JGzOQ4bB8LtBV
vfwe9w+WLF/iAa/cUoCP8YJs8JfVq1CxDtFwGDrbD3+L62nSNrwsR92BmxdUleZ/
a0qz8BWU2awprugCL5Wpx3ISnwnsjE0cooUhED0e6iGHRHSQ9POs+bDw3h3G6w9U
gyNZwYQlUnlpWliEPaxfGM2XaDw2JnIH+WLziK7lsRrKoStTDwltZg9ZBkk18lCz
XB3bdwNKfeI+R0Nk8f/Pj7cWlXh/j6YbnVnf4P4HHkzs7DZXrKJUn9twrsqfYmqB
AM3AMh+OWbHp2lmjiRMuas7a83aD7bOr4CtvrKLcx9JeAX3k/dVuHgZg8cv08aA5
Ypkp9xxvlxRkeEMxXzZBM9vZXLPzz/M2VhSAoTLqAZcta95eEr0ta7fXYz2iW7CQ
c17yaVewQO2Tu6mQtp/opqTigxhpwzR+Y6CZYE7rYA==
=AOiP
-----END PGP MESSAGE-----
fp: 069836A578F7939612DB4934F77D0F7E247A1EE4
- created_at: "2022-11-28T20:39:35Z"
- created_at: "2023-09-14T15:59:02Z"
enc: |
-----BEGIN PGP MESSAGE-----
hQEMA1N/l9+zlMQzAQf/X7rsO49FKeclClSwhM9djME9Fs83FgDsNoIUydho/AHb
R1fqOVvRXA2Gn96zZSs2W8AcaJoH2uf7eTF/swt1J9nzuvr5PIoci76WxOeKVfNw
54TIY5w9NytB3zhpkqbU/kVe8OwavOiD3esBDdeApi9bSeHaOpfJ8c8rtQG0g8Ny
oKMJmrDr4Di0ysCSOH5sJcXr86c6GBNwlQKIrQIkD8wfoqb90EH8rg2mZ6xaaafs
hzGYfP2B2bB62CBE7taeLkrdY163k1tNYyH4C8gegsBHXEGzOBbATvN467Bfmi+7
4S1cKO1X8E5T+t70gSaawlAoQ59pl2m9jQHq8Exf0dJcAWv6g9KAvWwWqBXZYENb
kq92xcmWHTLFuV83MgqE7kUytgWxUhklhREkwHG2qYgyYOHgrg//p+17XSoI8e+X
g+6WlKuO+Uyu+YNy3IzjMwn5LctFviPDl0F+BhA=
=lD9P
hQEMA1N/l9+zlMQzAQf+MRjWWewxGEE3/ABd4D7cZhNVAXAzh8I1YtwOFvZP8aWm
9xp4Klo4qP5YOXtTKK7joslbKEonsxoxCI9Lij3bIuVem/4JrSnTPM0csVdrYdi9
zSzR2iBLT9Dc5KF7u5z/Kwi8WTgFFywtljXljvJhkK/iSb+8Gn81L2r6Luz9pJtP
bK/vOK82iyr4wMlhD+/TZw9hMWfbwXaRfnJN2i76l2RE6eo6JWsWFFez8i6VVzjS
gs9etK9GDch+cnBQo6TqdMW5zoOTENsd3WgU4rzuugHOL44dS8cH6Wxi/c0Pv7gt
lehqdLThM01nhEB/bxbNVqqmTk3BJGxhA1Ulq/qKxtJeAR+KROqwef74beEmrCoJ
+zX2QkIITRU5Q9EhhGVcPYsuUAX8tpCwGX8uFbx8c9jetMlIAsim8+dQdArJYcyF
3wBv6whQPjXr1VpzrNO2njqc5yCQNc0uPlE+EivuDQ==
=pT4X
-----END PGP MESSAGE-----
fp: ED06986DFAAE6A61B751DC2F537F97DFB394C433
unencrypted_suffix: _unencrypted

7
secrets/uranus/secrets.yaml
View File

@ -1,4 +1,7 @@
wg-seckey: ENC[AES256_GCM,data:mUFBjQpHC0Flpyw82lXUInLVm0TJW1wB51evA7hXiit7JcK4z/HCyD5UGQU=,iv:O2/UP+WjCmasU6kP/58B1zXL0XAmzUOcM/1ONE31+/o=,tag:ObN6viKQm7ghuXKVeUydjg==,type:str]
hashed-password-0xa: ENC[AES256_GCM,data:Tofb7PL5/fZHSLx/nN0o+6w7f0lfITQXoAV4Pu7JGzADi+vY9rfuOLzDapHh82bz1d3vbzPGECzpvYN6Bp/UMHivou0JD5ozIQ==,iv:7bPTP84NcwPCsIZaxBNinIcmewf+pWW5U21OTO1WGeY=,tag:ohaDbKZuXDhq9YBg/8wu/A==,type:str]
hashed-password-tassilo: ENC[AES256_GCM,data:z3DD3ZMGjPdNPLRRY3mfdrJzEIizdSV0RnFAI2m+KjHPybtT3araf2bc/zt6iPMcFC1OvJhvm31jCTorZLKT6bknxnIAu2EKHw==,iv:9twbZWdVpQFKqop9dpnoNpZ7jOQp9LluSffZAQXMTd8=,tag:oVMBdTNZfgqbDdrNIFexmA==,type:str]
hashed-password-marenz: ENC[AES256_GCM,data:+7Exam93GwUmUkzYOta39d83+8FaQzIbfq4Z+PIoCEwomn6W5Qa7LHKATovKwq5sZVnPJ6jSQ0ruxjmbG9/FykaKxXKGeCv9xQ==,iv:aqibnzdlRkA7sruGIlENspEUQYlo+QVOdANRmAeMYWM=,tag:G1K14+1QmlkP0njB56seUw==,type:str]
sops:
kms: []
gcp_kms: []
@ -14,8 +17,8 @@ sops:
YVFMQ3pZYS9oM3RERDg4NHA1OHRoUEkKYIKvmU6cMiWqrDASPeDZAs3jHOn41onU
YtnMpjNQncMbvzDjuijjsCusgxL1DOEWvkg5xn8u4yGhguV6hEW4mQ==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2023-05-30T13:44:49Z"
mac: ENC[AES256_GCM,data:iLT8KrlibgljBzhZAFEdlKs/+c0XjxFkCHchjuO9dQJb576HpFsQj6LD5opWPAizdhRG0IniP1g9lUTrpE9Wb/XmQWIuVAJGpCiIWaFM0ENZ5fEcZDoWkBNJVmELe4M7yffD1N1EYffd0uwjyzHoPgEnFC8GrNMeBZdCuu08tR8=,iv:clpxUJLj8o4FRTW9oBxxnU23MYBvRDhxW9df85n4/AM=,tag:abTl8mvDRRknDHbP+01ZKg==,type:str]
lastmodified: "2023-06-10T21:35:03Z"
mac: ENC[AES256_GCM,data:ESL2J916TklAXe7Lpdh1sn3mhHuNiBZ7xq4KAwn2nV1nErRRPcaA/U3Qf+nY5x95DdIkrDBpGx+rC4LAgs5FBx/lZNYgiuFCJuF6U1ZfaOhIQEatZ/isZ8xa88ENL3rrAQuU17HGfAu3FxseGRGiJ44cR4RHLzjWz87//Sx9Xkk=,iv:erdyt4i5ndRC/QGi2RMl34WKojFEjAPGmKzd7o3dYrY=,tag:J/5A8lvrFvdqNtnYFB62EQ==,type:str]
pgp:
- created_at: "2023-05-30T14:29:01Z"
enc: |-