mirror of
https://github.com/dump-dvb/nix-config.git
synced 2024-06-09 17:54:07 +02:00
new tlms release
This commit is contained in:
commit
e2281f8b41
|
@ -28,7 +28,7 @@ keys:
|
||||||
# aachen
|
# aachen
|
||||||
- &traffic-stop-box-7 age1z5n0seu0qpt3y86gmz92mnmts0x8jd0a646e9ld2x5dqvvu5kgzsu93um4
|
- &traffic-stop-box-7 age1z5n0seu0qpt3y86gmz92mnmts0x8jd0a646e9ld2x5dqvvu5kgzsu93um4
|
||||||
# C3H
|
# C3H
|
||||||
- &traffic-stop-box-8 age1cchq3tzcl2jnvq4pc9y8yusak9a2552fnrhhll4q22agm8ncycuqesj3rg
|
- &traffic-stop-box-8 age1x0j3jpeqw3c5qd7wgqavfg3quse6phxdzze62zj8zl8ds9y46p3qecwgxm
|
||||||
# dumpdvb_bugdorf
|
# dumpdvb_bugdorf
|
||||||
- &traffic-stop-box-9 age1ger9j5fk5v7hcnnl688g9rcnt9uu7c6605ptgcl338l6xl3u9q8s5p7kys
|
- &traffic-stop-box-9 age1ger9j5fk5v7hcnnl688g9rcnt9uu7c6605ptgcl338l6xl3u9q8s5p7kys
|
||||||
# CLT
|
# CLT
|
||||||
|
|
72
flake.lock
72
flake.lock
|
@ -203,11 +203,11 @@
|
||||||
"documentation-src": {
|
"documentation-src": {
|
||||||
"flake": false,
|
"flake": false,
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1669248915,
|
"lastModified": 1693223762,
|
||||||
"narHash": "sha256-+pJzcS8jraCdvXwbxjMCdVqK2kyXih+61gaCCPX+txg=",
|
"narHash": "sha256-ZZNR/zzAhfUcWPvJdoaVaz19XV+4hleJI4AF6JY2tqc=",
|
||||||
"owner": "tlm-solutions",
|
"owner": "tlm-solutions",
|
||||||
"repo": "documentation",
|
"repo": "documentation",
|
||||||
"rev": "c65ea26a7720e90fb54fc31fba5d0c048bd404be",
|
"rev": "22b1328f19a5201a47b8b82c4fb3c7db7c1ded47",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -348,11 +348,11 @@
|
||||||
"systems": "systems_3"
|
"systems": "systems_3"
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1692799911,
|
"lastModified": 1694529238,
|
||||||
"narHash": "sha256-3eihraek4qL744EvQXsK1Ha6C3CR7nnT8X2qWap4RNk=",
|
"narHash": "sha256-zsNZZGTGnMOf9YpHKJqMSsa0dXbfmxeoJ7xHlrt+xmY=",
|
||||||
"owner": "numtide",
|
"owner": "numtide",
|
||||||
"repo": "flake-utils",
|
"repo": "flake-utils",
|
||||||
"rev": "f9e7cf818399d17d347f847525c5a5a8032e4e44",
|
"rev": "ff7b65b44d01cf9ba6a71320833626af21126384",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -425,29 +425,6 @@
|
||||||
"type": "github"
|
"type": "github"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"kindergarten": {
|
|
||||||
"inputs": {
|
|
||||||
"nixpkgs": [
|
|
||||||
"nixpkgs"
|
|
||||||
],
|
|
||||||
"utils": [
|
|
||||||
"flake-utils"
|
|
||||||
]
|
|
||||||
},
|
|
||||||
"locked": {
|
|
||||||
"lastModified": 1683915762,
|
|
||||||
"narHash": "sha256-FNiZ2qRgkcqFVhNSREL7Y+PDat5R5EqVPqaJmnfIl1w=",
|
|
||||||
"owner": "tlm-solutions",
|
|
||||||
"repo": "kindergarten",
|
|
||||||
"rev": "e9beec3024175db0a9526026e0d8b9f57e865d13",
|
|
||||||
"type": "github"
|
|
||||||
},
|
|
||||||
"original": {
|
|
||||||
"owner": "tlm-solutions",
|
|
||||||
"repo": "kindergarten",
|
|
||||||
"type": "github"
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"lizard": {
|
"lizard": {
|
||||||
"inputs": {
|
"inputs": {
|
||||||
"crane": "crane_3",
|
"crane": "crane_3",
|
||||||
|
@ -482,11 +459,11 @@
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1692274616,
|
"lastModified": 1694526290,
|
||||||
"narHash": "sha256-UttCk5/sl0lLrBVO9kpmtDlFXcI2UkyOaSp7+grLRRE=",
|
"narHash": "sha256-HiWr+tfJE/hcn8atRC0S5KweSUknQLEduPLTEiSr5J8=",
|
||||||
"owner": "astro",
|
"owner": "astro",
|
||||||
"repo": "microvm.nix",
|
"repo": "microvm.nix",
|
||||||
"rev": "a291d324915f26d1fd86443bd486089099e8b541",
|
"rev": "03e7f11cf915a911277c2cdea5d7da9717597aa2",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -544,11 +521,11 @@
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1692351612,
|
"lastModified": 1694081375,
|
||||||
"narHash": "sha256-KTGonidcdaLadRnv9KFgwSMh1ZbXoR/OBmPjeNMhFwU=",
|
"narHash": "sha256-vzJXOUnmkMCm3xw8yfPP5m8kypQ3BhAIRe4RRCWpzy8=",
|
||||||
"owner": "nix-community",
|
"owner": "nix-community",
|
||||||
"repo": "naersk",
|
"repo": "naersk",
|
||||||
"rev": "78789c30d64dea2396c9da516bbcc8db3a475207",
|
"rev": "3f976d822b7b37fc6fb8e6f157c2dd05e7e94e89",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -575,11 +552,11 @@
|
||||||
},
|
},
|
||||||
"nixpkgs-stable": {
|
"nixpkgs-stable": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1693097136,
|
"lastModified": 1693675694,
|
||||||
"narHash": "sha256-fBZSMdBaoZ0INFbyZ5s0DOF7zDNcLsLxgkwdDh3l9Pc=",
|
"narHash": "sha256-2pIOyQwGyy2FtFAUIb8YeKVmOCcPOTVphbAvmshudLE=",
|
||||||
"owner": "NixOS",
|
"owner": "NixOS",
|
||||||
"repo": "nixpkgs",
|
"repo": "nixpkgs",
|
||||||
"rev": "9117c4e9dc117a6cd0319cca40f2349ed333669d",
|
"rev": "5601118d39ca9105f8e7b39d4c221d3388c0419d",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -639,11 +616,11 @@
|
||||||
},
|
},
|
||||||
"nixpkgs_5": {
|
"nixpkgs_5": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1693341273,
|
"lastModified": 1694753796,
|
||||||
"narHash": "sha256-wrsPjsIx2767909MPGhSIOmkpGELM9eufqLQOPxmZQg=",
|
"narHash": "sha256-QPE7dqcicQH/nq9aywVXJWWtci4FvxHaM+BSIEbGBvA=",
|
||||||
"owner": "NixOS",
|
"owner": "NixOS",
|
||||||
"repo": "nixpkgs",
|
"repo": "nixpkgs",
|
||||||
"rev": "2ab91c8d65c00fd22a441c69bbf1bc9b420d5ea1",
|
"rev": "360a7d31c30abefdc490d203f80e3221b7a24af2",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -664,7 +641,6 @@
|
||||||
"flake-utils": "flake-utils",
|
"flake-utils": "flake-utils",
|
||||||
"funnel": "funnel",
|
"funnel": "funnel",
|
||||||
"gnuradio-decoder": "gnuradio-decoder",
|
"gnuradio-decoder": "gnuradio-decoder",
|
||||||
"kindergarten": "kindergarten",
|
|
||||||
"lizard": "lizard",
|
"lizard": "lizard",
|
||||||
"microvm": "microvm",
|
"microvm": "microvm",
|
||||||
"naersk": "naersk_3",
|
"naersk": "naersk_3",
|
||||||
|
@ -832,11 +808,11 @@
|
||||||
"nixpkgs-stable": "nixpkgs-stable"
|
"nixpkgs-stable": "nixpkgs-stable"
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1693404499,
|
"lastModified": 1694495315,
|
||||||
"narHash": "sha256-cx/7yvM/AP+o/3wPJmA9W9F+WHemJk5t+Xcr+Qwkqhg=",
|
"narHash": "sha256-sZEYXs9T1NVHZSSbMqBEtEm2PGa7dEDcx0ttQkArORc=",
|
||||||
"owner": "Mic92",
|
"owner": "Mic92",
|
||||||
"repo": "sops-nix",
|
"repo": "sops-nix",
|
||||||
"rev": "d9c5dc41c4b1f74c77f0dbffd0f3a4ebde447b7a",
|
"rev": "ea208e55f8742fdcc0986b256bdfa8986f5e4415",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -989,11 +965,11 @@
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1684521319,
|
"lastModified": 1689950204,
|
||||||
"narHash": "sha256-1XL1NOOXTv9sxTrpM2XJ8/JggirMhDITnQahohJmxxg=",
|
"narHash": "sha256-L75e2u2AXmnYXHHE9f8JruhuMcR7sSXN/xOkaNaJDp4=",
|
||||||
"owner": "tlm-solutions",
|
"owner": "tlm-solutions",
|
||||||
"repo": "trekkie",
|
"repo": "trekkie",
|
||||||
"rev": "248c71c8c46fce31805b0b673189d59f632b9268",
|
"rev": "0a6308a6594d99dbd8b58a1f78dc6ddc78b87d98",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
|
28
flake.nix
28
flake.nix
|
@ -43,12 +43,6 @@
|
||||||
url = "github:tlm-solutions/datacare";
|
url = "github:tlm-solutions/datacare";
|
||||||
};
|
};
|
||||||
|
|
||||||
kindergarten = {
|
|
||||||
url = "github:tlm-solutions/kindergarten";
|
|
||||||
inputs.nixpkgs.follows = "nixpkgs";
|
|
||||||
inputs.utils.follows = "flake-utils";
|
|
||||||
};
|
|
||||||
|
|
||||||
telegram-decoder = {
|
telegram-decoder = {
|
||||||
url = "github:tlm-solutions/telegram-decoder";
|
url = "github:tlm-solutions/telegram-decoder";
|
||||||
inputs = {
|
inputs = {
|
||||||
|
@ -112,7 +106,6 @@
|
||||||
, documentation-src
|
, documentation-src
|
||||||
, funnel
|
, funnel
|
||||||
, gnuradio-decoder
|
, gnuradio-decoder
|
||||||
, kindergarten
|
|
||||||
, microvm
|
, microvm
|
||||||
, nixpkgs
|
, nixpkgs
|
||||||
, sops-nix
|
, sops-nix
|
||||||
|
@ -142,7 +135,6 @@
|
||||||
{
|
{
|
||||||
nixpkgs.overlays = [
|
nixpkgs.overlays = [
|
||||||
datacare.overlays.default
|
datacare.overlays.default
|
||||||
kindergarten.overlays.default
|
|
||||||
trekkie.overlays.default
|
trekkie.overlays.default
|
||||||
lizard.overlays.default
|
lizard.overlays.default
|
||||||
bureaucrat.overlays.default
|
bureaucrat.overlays.default
|
||||||
|
@ -215,12 +207,6 @@
|
||||||
arch = "x86_64-linux";
|
arch = "x86_64-linux";
|
||||||
monitoring = true;
|
monitoring = true;
|
||||||
}
|
}
|
||||||
# {
|
|
||||||
# # Chemnitz
|
|
||||||
# id = 2;
|
|
||||||
# arch = "x86_64-linux";
|
|
||||||
# monitoring = false;
|
|
||||||
# }
|
|
||||||
{
|
{
|
||||||
# Wundstr. 9
|
# Wundstr. 9
|
||||||
id = 4;
|
id = 4;
|
||||||
|
@ -228,10 +214,9 @@
|
||||||
monitoring = true;
|
monitoring = true;
|
||||||
}
|
}
|
||||||
{
|
{
|
||||||
# Warpzone
|
id = 8;
|
||||||
id = 6;
|
arch ="aarch64-linux";
|
||||||
arch = "x86_64-linux";
|
monitoring = false;
|
||||||
monitoring = true;
|
|
||||||
}
|
}
|
||||||
];
|
];
|
||||||
|
|
||||||
|
@ -249,7 +234,7 @@
|
||||||
}).optionsCommonMark;
|
}).optionsCommonMark;
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
// (import ./pkgs/deployment.nix { inherit self pkgs lib;})
|
// (import ./pkgs/deployment.nix { inherit self pkgs lib; })
|
||||||
// (lib.foldl (x: y: lib.mergeAttrs x { "${y.config.system.name}-vm" = y.config.system.build.vm; }) { } (lib.attrValues self.nixosConfigurations));
|
// (lib.foldl (x: y: lib.mergeAttrs x { "${y.config.system.name}-vm" = y.config.system.build.vm; }) { } (lib.attrValues self.nixosConfigurations));
|
||||||
|
|
||||||
in
|
in
|
||||||
|
@ -319,6 +304,7 @@
|
||||||
|
|
||||||
./modules/TLMS
|
./modules/TLMS
|
||||||
./hosts/uranus
|
./hosts/uranus
|
||||||
|
{ deployment-TLMS.monitoring.enable = true; }
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
|
||||||
|
@ -328,12 +314,10 @@
|
||||||
program = "${self.packages."x86_64-linux".test-vm-wrapper}";
|
program = "${self.packages."x86_64-linux".test-vm-wrapper}";
|
||||||
};
|
};
|
||||||
|
|
||||||
nixosModules."x86_64-linux".watch-me-senpai = import ./modules/watch-me-senpai;
|
|
||||||
|
|
||||||
hydraJobs =
|
hydraJobs =
|
||||||
let
|
let
|
||||||
get-toplevel = (host: nixSystem: nixSystem.config.microvm.declaredRunner or nixSystem.config.system.build.toplevel);
|
get-toplevel = (host: nixSystem: nixSystem.config.microvm.declaredRunner or nixSystem.config.system.build.toplevel);
|
||||||
in
|
in
|
||||||
nixpkgs.lib.mapAttrs get-toplevel self.nixosConfigurations;
|
nixpkgs.lib.mapAttrs get-toplevel self.nixosConfigurations;
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
{ config, lib, ... }:
|
{ config, lib, pkgs, ... }:
|
||||||
|
|
||||||
{
|
{
|
||||||
# The global useDHCP flag is deprecated, therefore explicitly set to false here.
|
# The global useDHCP flag is deprecated, therefore explicitly set to false here.
|
||||||
|
@ -30,6 +30,8 @@
|
||||||
boot.initrd.availableKernelModules = [ "xhci_pci" "usbhid" "usb_storage" "sd_mod" "sdhci_pci" "sdhci_acpi" ];
|
boot.initrd.availableKernelModules = [ "xhci_pci" "usbhid" "usb_storage" "sd_mod" "sdhci_pci" "sdhci_acpi" ];
|
||||||
boot.initrd.kernelModules = [ ];
|
boot.initrd.kernelModules = [ ];
|
||||||
boot.extraModulePackages = [ ];
|
boot.extraModulePackages = [ ];
|
||||||
|
# some whoopsie in kernel 6.1.x maybe?
|
||||||
|
boot.kernelPackages = pkgs.linuxKernel.packages.linux_5_15;
|
||||||
|
|
||||||
swapDevices = [ ];
|
swapDevices = [ ];
|
||||||
fileSystems."/" =
|
fileSystems."/" =
|
||||||
|
|
|
@ -20,7 +20,7 @@ in
|
||||||
port = 9501;
|
port = 9501;
|
||||||
listenAddress = config.deployment-TLMS.net.wg.addr4;
|
listenAddress = config.deployment-TLMS.net.wg.addr4;
|
||||||
globalConfig = {
|
globalConfig = {
|
||||||
scrape_interval = "17s";
|
scrape_interval = "131s";
|
||||||
};
|
};
|
||||||
scrapeConfigs =
|
scrapeConfigs =
|
||||||
let
|
let
|
||||||
|
@ -62,9 +62,27 @@ in
|
||||||
|
|
||||||
TLMSScrapeConfigs = lib.lists.flatten (map lib.attrValues (lib.attrValues ScrapeConfigByHost));
|
TLMSScrapeConfigs = lib.lists.flatten (map lib.attrValues (lib.attrValues ScrapeConfigByHost));
|
||||||
in
|
in
|
||||||
TLMSScrapeConfigs;
|
TLMSScrapeConfigs ++ [
|
||||||
|
{
|
||||||
|
job_name = "funnel-connections-prod";
|
||||||
|
static_configs = [{
|
||||||
|
targets = [ "10.13.37.1:9010" ];
|
||||||
|
}];
|
||||||
|
}
|
||||||
|
{
|
||||||
|
job_name = "funnel-connections-staging";
|
||||||
|
static_configs = [{
|
||||||
|
targets = [ "10.13.37.5:9010" ];
|
||||||
|
}];
|
||||||
|
}
|
||||||
|
{
|
||||||
|
job_name = "funnel-connections-borken";
|
||||||
|
static_configs = [{
|
||||||
|
targets = [ "10.13.37.7:9010" ];
|
||||||
|
}];
|
||||||
|
}
|
||||||
|
];
|
||||||
};
|
};
|
||||||
|
|
||||||
# log collector
|
# log collector
|
||||||
loki = {
|
loki = {
|
||||||
enable = true;
|
enable = true;
|
||||||
|
@ -124,12 +142,15 @@ in
|
||||||
};
|
};
|
||||||
|
|
||||||
table_manager = {
|
table_manager = {
|
||||||
retention_deletes_enabled = false;
|
retention_deletes_enabled = true;
|
||||||
retention_period = "0s";
|
retention_period = "720h";
|
||||||
};
|
};
|
||||||
|
|
||||||
compactor = {
|
compactor = {
|
||||||
working_directory = "/var/lib/loki";
|
working_directory = "/var/lib/loki";
|
||||||
|
compaction_interval = "10m";
|
||||||
|
retention_enabled = true;
|
||||||
|
retention_delete_delay = "1m";
|
||||||
shared_store = "filesystem";
|
shared_store = "filesystem";
|
||||||
compactor_ring = {
|
compactor_ring = {
|
||||||
kvstore = {
|
kvstore = {
|
||||||
|
|
|
@ -1,6 +1,14 @@
|
||||||
{ pkgs, packages, bind-ip ? "0.0.0.0", bind-port ? 8080, ... }:
|
{ pkgs
|
||||||
|
, lib
|
||||||
|
, packages
|
||||||
|
, jupyterUsers
|
||||||
|
, jupyterAdminGroup ? "uranus-owner"
|
||||||
|
, bind-ip ? "0.0.0.0"
|
||||||
|
, bind-port ? 8080
|
||||||
|
, ...
|
||||||
|
}:
|
||||||
let
|
let
|
||||||
miniconda-alpine-dockerhub = pkgs.dockerTools.pullImage {
|
miniconda-dockerhub = pkgs.dockerTools.pullImage {
|
||||||
imageName = "continuumio/miniconda3";
|
imageName = "continuumio/miniconda3";
|
||||||
imageDigest = "sha256:a4b665d2075d9bf4b2c5aa896c059439a0baa5538ca67589a673121c31b4c35d";
|
imageDigest = "sha256:a4b665d2075d9bf4b2c5aa896c059439a0baa5538ca67589a673121c31b4c35d";
|
||||||
sha256 = "sha256-boIAZ8PaPckWLzYYTqrqMEL7HGbyl9grCJrXOpsBMhg=";
|
sha256 = "sha256-boIAZ8PaPckWLzYYTqrqMEL7HGbyl9grCJrXOpsBMhg=";
|
||||||
|
@ -12,20 +20,69 @@ in
|
||||||
pkgs.dockerTools.buildImage {
|
pkgs.dockerTools.buildImage {
|
||||||
name = "stateful-jupyterlab";
|
name = "stateful-jupyterlab";
|
||||||
tag = "latest";
|
tag = "latest";
|
||||||
fromImage = miniconda-alpine-dockerhub;
|
fromImage = miniconda-dockerhub;
|
||||||
runAsRoot =
|
runAsRoot =
|
||||||
let
|
let
|
||||||
entrypoint = pkgs.writeScriptBin "entrypoint.sh" ''
|
cont-interpreter = "/bin/bash";
|
||||||
#!/bin/bash
|
useradd-string = (user: is-admin: ''
|
||||||
conda install -c conda-forge ${packages} \
|
set +x # don't leak the hashed password
|
||||||
jupyterlab
|
echo "creating user ${user}"
|
||||||
|
useradd \
|
||||||
|
-m \
|
||||||
|
${if is-admin then "-g ${jupyterAdminGroup}" else ""} \
|
||||||
|
-p $(cat /pw/hashed-password-${user}) \
|
||||||
|
${user} \
|
||||||
|
&& chown -R ${user}:${jupyterAdminGroup} /home/${user} \
|
||||||
|
&& ln --force -s /workdir /home/${user}/shared-workdir
|
||||||
|
set -x
|
||||||
|
'');
|
||||||
|
|
||||||
jupyter-lab --ip=${bind-ip} --port=${toString bind-port} --no-browser --allow-root
|
create-all-users-script = (lib.strings.concatStringsSep "\n" (builtins.map (u: (useradd-string u.username u.isAdmin)) jupyterUsers));
|
||||||
|
jupyterhub-config = pkgs.writeText "jupyterhub-config.py" ''
|
||||||
|
c = get_config()
|
||||||
|
|
||||||
|
c.PAMAuthenticator.admin_groups = {'${jupyterAdminGroup}'}
|
||||||
|
|
||||||
|
c.Spawner.notebook_dir='/workdir'
|
||||||
|
c.Spawner.default_url='/lab'
|
||||||
|
'';
|
||||||
|
|
||||||
|
entrypoint = pkgs.writeScriptBin "entrypoint.sh" ''
|
||||||
|
#!${cont-interpreter}
|
||||||
|
set -ex
|
||||||
|
|
||||||
|
# Update the System
|
||||||
|
apt update -y
|
||||||
|
apt dist-upgrade -y
|
||||||
|
|
||||||
|
# create jupyter group
|
||||||
|
groupadd ${jupyterAdminGroup}
|
||||||
|
chown -R root:${jupyterAdminGroup} /workdir
|
||||||
|
chmod -R g+rwx /workdir
|
||||||
|
|
||||||
|
# create all the users
|
||||||
|
${create-all-users-script}
|
||||||
|
|
||||||
|
# install the python environ
|
||||||
|
conda install -c conda-forge mamba
|
||||||
|
|
||||||
|
mamba install -c conda-forge ${packages} \
|
||||||
|
jupyterlab \
|
||||||
|
jupyterhub
|
||||||
|
|
||||||
|
|
||||||
|
# off to the races
|
||||||
|
jupyterhub --ip=${bind-ip} --port=${toString bind-port} -f /jupyterhub-config.py
|
||||||
'';
|
'';
|
||||||
in
|
in
|
||||||
''
|
''
|
||||||
#!${pkgs.runtimeShell}
|
#!${pkgs.runtimeShell}
|
||||||
mkdir -p /workdir
|
mkdir -p /workdir
|
||||||
|
|
||||||
|
# make temp store for pw hashes
|
||||||
|
mkdir -p /pw
|
||||||
|
|
||||||
|
cp ${jupyterhub-config} /jupyterhub-config.py
|
||||||
cp ${entrypoint}/bin/entrypoint.sh /entrypoint.sh
|
cp ${entrypoint}/bin/entrypoint.sh /entrypoint.sh
|
||||||
'';
|
'';
|
||||||
config = {
|
config = {
|
||||||
|
|
|
@ -1,5 +1,33 @@
|
||||||
{ pkgs, lib, ... }:
|
{ pkgs, config, lib, ... }:
|
||||||
|
let
|
||||||
|
jupyterUsers = [
|
||||||
|
{
|
||||||
|
username = "0xa";
|
||||||
|
userPasswordFile = config.sops.secrets.hashed-password-0xa.path;
|
||||||
|
isAdmin = true;
|
||||||
|
}
|
||||||
|
{
|
||||||
|
username = "tassilo";
|
||||||
|
userPasswordFile = config.sops.secrets.hashed-password-tassilo.path;
|
||||||
|
isAdmin = true;
|
||||||
|
}
|
||||||
|
{
|
||||||
|
username = "marenz";
|
||||||
|
userPasswordFile = config.sops.secrets.hashed-password-marenz.path;
|
||||||
|
isAdmin = true;
|
||||||
|
}
|
||||||
|
];
|
||||||
|
|
||||||
|
# move the secrets to the volume
|
||||||
|
secret-setup = (lib.strings.concatStringsSep "\n" (builtins.map (u: "cp --force --dereference ${u.userPasswordFile} /var/lib/pw/") jupyterUsers));
|
||||||
|
in
|
||||||
{
|
{
|
||||||
|
sops.secrets = {
|
||||||
|
hashed-password-0xa = { };
|
||||||
|
hashed-password-tassilo = { };
|
||||||
|
hashed-password-marenz = { };
|
||||||
|
};
|
||||||
|
|
||||||
virtualisation.docker = {
|
virtualisation.docker = {
|
||||||
enable = true;
|
enable = true;
|
||||||
# magic from marenz to make it work on ceph
|
# magic from marenz to make it work on ceph
|
||||||
|
@ -18,10 +46,12 @@
|
||||||
volumes = [
|
volumes = [
|
||||||
"/var/lib/jupyter-volume:/workdir"
|
"/var/lib/jupyter-volume:/workdir"
|
||||||
"/var/lib/root-home:/root"
|
"/var/lib/root-home:/root"
|
||||||
|
"/var/lib/pw:/pw"
|
||||||
|
"/var/lib/users-home:/home"
|
||||||
];
|
];
|
||||||
imageFile =
|
imageFile =
|
||||||
let
|
let
|
||||||
package-string = lib.concatStringsSep " " [
|
packages = lib.concatStringsSep " " [
|
||||||
# alphabetically `:sort`ed plz
|
# alphabetically `:sort`ed plz
|
||||||
"geojson"
|
"geojson"
|
||||||
"matplotlib"
|
"matplotlib"
|
||||||
|
@ -31,14 +61,30 @@
|
||||||
"psycopg"
|
"psycopg"
|
||||||
"scipy"
|
"scipy"
|
||||||
"seaborn"
|
"seaborn"
|
||||||
|
"bitstring"
|
||||||
];
|
];
|
||||||
in
|
in
|
||||||
(import ./jupyter-container.nix {
|
(import ./jupyter-container.nix {
|
||||||
inherit pkgs;
|
inherit pkgs lib jupyterUsers packages;
|
||||||
packages = package-string;
|
|
||||||
});
|
});
|
||||||
image = "stateful-jupyterlab";
|
image = "stateful-jupyterlab";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
systemd.services = {
|
||||||
|
setup-docker-pws = {
|
||||||
|
description = "copy the user passwords to docker volume";
|
||||||
|
wantedBy = [ "jupyterlab-stateful.service" ];
|
||||||
|
serviceConfig = {
|
||||||
|
Type = "oneshot";
|
||||||
|
RemainAfterExit = true;
|
||||||
|
};
|
||||||
|
script = secret-setup;
|
||||||
|
};
|
||||||
|
docker-jupyterlab-stateful = {
|
||||||
|
after = [ "setup-docker-pws.service" ];
|
||||||
|
requires = [ "setup-docker-pws.service" ];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,2 +1,2 @@
|
||||||
# The plan is to try out how broken the stateless jupyter lab in nixos
|
# The plan is to try out how broken the stateless jupyter lab in nixos
|
||||||
{}
|
{ }
|
||||||
|
|
|
@ -1,9 +1,11 @@
|
||||||
{ config, ... }:
|
{ config, ... }:
|
||||||
{
|
let
|
||||||
|
service_number = 3;
|
||||||
|
in {
|
||||||
TLMS.chemo = {
|
TLMS.chemo = {
|
||||||
enable = true;
|
enable = true;
|
||||||
host = "127.0.0.1";
|
host = "127.0.0.1";
|
||||||
port = 50053;
|
port = 50050 + service_number;
|
||||||
database = {
|
database = {
|
||||||
host = "127.0.0.1";
|
host = "127.0.0.1";
|
||||||
port = config.services.postgresql.port;
|
port = config.services.postgresql.port;
|
||||||
|
|
|
@ -13,7 +13,7 @@
|
||||||
enableACME = true;
|
enableACME = true;
|
||||||
forceSSL = true;
|
forceSSL = true;
|
||||||
locations."~ ^/(de|en)" = {
|
locations."~ ^/(de|en)" = {
|
||||||
root = if (config.deployment-TLMS.domain == "tlm.solutions") then "${pkgs.kindergarten}/bin/" else "${pkgs.kindergarten-staging}/bin/";
|
root = "/var/lib/kindergarten/";
|
||||||
# index = "index.html";
|
# index = "index.html";
|
||||||
tryFiles = "$uri /$1/index.html =404";
|
tryFiles = "$uri /$1/index.html =404";
|
||||||
extraConfig = ''
|
extraConfig = ''
|
||||||
|
|
|
@ -1,21 +1,21 @@
|
||||||
{ config, ... }:
|
{ config, ... }:
|
||||||
let
|
let
|
||||||
serice_number = 2;
|
service_number = 2;
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
TLMS.funnel = {
|
TLMS.funnel = {
|
||||||
enable = true;
|
enable = true;
|
||||||
GRPC = {
|
GRPC = {
|
||||||
host = "127.0.0.1";
|
host = "127.0.0.1";
|
||||||
port = 50050 + serice_number;
|
port = 50050 + service_number;
|
||||||
};
|
};
|
||||||
defaultWebsocket = {
|
defaultWebsocket = {
|
||||||
host = "127.0.0.1";
|
host = "127.0.0.1";
|
||||||
port = 9000 + serice_number;
|
port = 9000 + service_number;
|
||||||
};
|
};
|
||||||
metrics = {
|
metrics = {
|
||||||
port = 9010;
|
port = 10010 + service_number ;
|
||||||
host = "0.0.0.0";
|
host = config.deployment-TLMS.net.wg.addr4;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
services = {
|
services = {
|
||||||
|
|
|
@ -1,10 +1,13 @@
|
||||||
{ config, ... }:
|
{ pkgs, config, self, ... }:
|
||||||
|
|
||||||
{
|
{
|
||||||
boot.tmp.useTmpfs = true;
|
boot.tmp.useTmpfs = true;
|
||||||
|
|
||||||
networking.hostName = "traffic-stop-box-${toString config.deployment-TLMS.systemNumber}"; # Define your hostname.
|
networking.hostName = "traffic-stop-box-${toString config.deployment-TLMS.systemNumber}"; # Define your hostname.
|
||||||
|
|
||||||
|
# reboot 60 seconds after kernel panic
|
||||||
|
boot.kernel.sysctl."kernel.panic" = 60;
|
||||||
|
|
||||||
# Set your time zone.
|
# Set your time zone.
|
||||||
time.timeZone = "Europe/Berlin";
|
time.timeZone = "Europe/Berlin";
|
||||||
|
|
||||||
|
@ -16,12 +19,5 @@
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
# This value determines the NixOS release from which the default
|
|
||||||
# settings for stateful data, like file locations and database versions
|
|
||||||
# on your system were taken. It‘s perfectly fine and recommended to leave
|
|
||||||
# this value at the release version of the first install of this system.
|
|
||||||
# Before changing this value read the documentation for this option
|
|
||||||
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
|
|
||||||
system.stateVersion = "21.11"; # Did you read the comment?
|
system.stateVersion = "21.11"; # Did you read the comment?
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,4 +1,8 @@
|
||||||
{ self, pkgs, lib }:
|
{ self, pkgs, lib }:
|
||||||
|
|
||||||
|
# This generates deployement scripts **ONLY** for non-microvm (e.g. bare-metal
|
||||||
|
# or conventional vm) hosts
|
||||||
|
|
||||||
let
|
let
|
||||||
# filter out deployable (aka not microvm or container) systems
|
# filter out deployable (aka not microvm or container) systems
|
||||||
filterHosts = k: v: !(builtins.hasAttr "microvm" v.config);
|
filterHosts = k: v: !(builtins.hasAttr "microvm" v.config);
|
||||||
|
@ -27,17 +31,88 @@ let
|
||||||
fi
|
fi
|
||||||
''));
|
''));
|
||||||
|
|
||||||
|
# garbage collect everything
|
||||||
|
garbageCollect = (system:
|
||||||
|
let
|
||||||
|
ip = system.config.deployment-TLMS.net.wg.addr4;
|
||||||
|
host = system.config.networking.hostName;
|
||||||
|
in
|
||||||
|
(pkgs.writeScriptBin "deploy" ''
|
||||||
|
#!${pkgs.runtimeShell}
|
||||||
|
set -e
|
||||||
|
|
||||||
|
echo -e "\033[0;33mChecking if ${host} is up (ip: ${ip})\033[0m"
|
||||||
|
|
||||||
|
if ping -c 1 ${ip} > /dev/null
|
||||||
|
then
|
||||||
|
echo -e "\033[0;32mCollecting garbage on ${host} with \"nix-collect-garbage -d\"\033[0m"
|
||||||
|
ssh root@${ip} -- nix-collect-garbage -d
|
||||||
|
else
|
||||||
|
echo -e "\033[0;31m${ip} seems to be down!\033[0m"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
''));
|
||||||
|
|
||||||
|
# reboot everything
|
||||||
|
reboot = (system:
|
||||||
|
let
|
||||||
|
ip = system.config.deployment-TLMS.net.wg.addr4;
|
||||||
|
host = system.config.networking.hostName;
|
||||||
|
in
|
||||||
|
(pkgs.writeScriptBin "deploy" ''
|
||||||
|
#!${pkgs.runtimeShell}
|
||||||
|
set -e
|
||||||
|
|
||||||
|
echo -e "\033[0;33mChecking if ${host} is up (ip: ${ip})\033[0m"
|
||||||
|
|
||||||
|
if ping -c 1 ${ip} > /dev/null
|
||||||
|
then
|
||||||
|
echo -e "\033[0;32mRebooting ${host}\033[0m"
|
||||||
|
ssh root@${ip} -- shutdown -r 1
|
||||||
|
echo -e "\033[0;31m${host} IS SCHEDULED FOR REBOOT IN 1 MINUTE\033[0m"
|
||||||
|
else
|
||||||
|
echo -e "\033[0;31m${ip} seems to be down!\033[0m"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
''));
|
||||||
|
|
||||||
|
# individual script generation
|
||||||
deployScriptWriter = (command:
|
deployScriptWriter = (command:
|
||||||
pkgs.lib.mapAttrs'
|
lib.mapAttrs'
|
||||||
(name: system:
|
(name: system:
|
||||||
lib.nameValuePair ("rebuild-" + command + "-" + name) (deployScriptTemplate system command))
|
lib.nameValuePair ("rebuild-" + command + "-" + name) (deployScriptTemplate system command))
|
||||||
nonVmHosts);
|
nonVmHosts);
|
||||||
|
|
||||||
supported_commands = [
|
switchInstallScripts = deployScriptWriter "switch";
|
||||||
"switch"
|
bootInstallScripts = deployScriptWriter "boot";
|
||||||
"boot"
|
installScripts = bootInstallScripts // switchInstallScripts;
|
||||||
];
|
|
||||||
|
garbageCollectScripts = lib.mapAttrs' (name: system: lib.nameValuePair ("collect-garbage-" + name) (garbageCollect system)) nonVmHosts;
|
||||||
|
|
||||||
|
rebootScripts = lib.mapAttrs' (name: system: lib.nameValuePair ("reboot-" + name) (reboot system)) nonVmHosts;
|
||||||
|
|
||||||
|
## all at once
|
||||||
|
switchAll = lib.strings.concatMapStringsSep "\n" (path: "${path}/bin/deploy") (builtins.attrValues switchInstallScripts);
|
||||||
|
bootAll = lib.strings.concatMapStringsSep "\n" (path: "${path}/bin/deploy") (builtins.attrValues bootInstallScripts);
|
||||||
|
rebootAll = lib.strings.concatMapStringsSep "\n" (path: "${path}/bin/deploy") (builtins.attrValues rebootScripts);
|
||||||
|
garbageAll = lib.strings.concatMapStringsSep "\n" (path: "${path}/bin/deploy") (builtins.attrValues garbageCollectScripts);
|
||||||
|
|
||||||
|
nukeAll = lib.mapAttrs'
|
||||||
|
(name: scripts: lib.nameValuePair (name) (pkgs.writeScriptBin "${name}" ''
|
||||||
|
#!${pkgs.runtimeShell}
|
||||||
|
set -x
|
||||||
|
|
||||||
|
${scripts}
|
||||||
|
''))
|
||||||
|
{
|
||||||
|
rebuild-boot-all = bootAll;
|
||||||
|
rebuild-switch-all = switchAll;
|
||||||
|
reboot-all = rebootAll;
|
||||||
|
garbage-collect-all = garbageAll;
|
||||||
|
};
|
||||||
|
|
||||||
installScripts = lib.foldl (attr: cmd: lib.mergeAttrs attr (deployScriptWriter cmd)) { } supported_commands;
|
|
||||||
in
|
in
|
||||||
installScripts
|
installScripts //
|
||||||
|
garbageCollectScripts //
|
||||||
|
rebootScripts //
|
||||||
|
nukeAll
|
||||||
|
|
|
@ -6,86 +6,86 @@ sops:
|
||||||
azure_kv: []
|
azure_kv: []
|
||||||
hc_vault: []
|
hc_vault: []
|
||||||
age:
|
age:
|
||||||
- recipient: age1cchq3tzcl2jnvq4pc9y8yusak9a2552fnrhhll4q22agm8ncycuqesj3rg
|
- recipient: age1x0j3jpeqw3c5qd7wgqavfg3quse6phxdzze62zj8zl8ds9y46p3qecwgxm
|
||||||
enc: |
|
enc: |
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBSSmV4VFBpTlFaK0hNZDRh
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB5OERnSXdmNlF2SHVtQW8x
|
||||||
cy9tUFVPUmNoSlExRzN2NzZSam5vNjNYRm5BCmxQWGVOOWhnR2ZMMlQ3L3Vhc0xa
|
ZG5LcEFzUHppdEJ3ejJyQW1YOWRKeCtob0JRCjRTeC9ZMk9OaXh5OUFLYVZhaGFY
|
||||||
N2VIVk4xSElJeXV1N3RzNTE1OGQ2bWcKLS0tIHFsQ0NDWHZUbUdrZHoya0J2YWk4
|
SXBQL003Rzl4VTRqSGdKWnVYZjAyc1EKLS0tIEFHZFQ2bzU1ZkxCMWxlZ2ZNbS8x
|
||||||
N3VTSlhtVmxTeXgvNHBKSHp4eFBSdm8Kl78noQp3OomAmK1t9C3wE93DGQS24c8Y
|
UlMvdUhqWEFjWXh6RWxtK3gvMWYrR28KteyDX6snSaU4JRFfsd5yCYPvNPFH1MUV
|
||||||
+P2Nqvm9hO/k6kYm+iT9dh2HIa16ntptOUW8wPUw4kSNgdlibssh7Q==
|
AO1PgiAY19z3cI8vlEobuNB0t+O7lZaiU5dWTUb+bIKyMRUTHOD2Sw==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
lastmodified: "2022-11-28T18:15:34Z"
|
lastmodified: "2022-11-28T18:15:34Z"
|
||||||
mac: ENC[AES256_GCM,data:DYYhTAdxOt7qwWNLsl2urAqAIez+359Z3r+ZMOcs6wuD6Q6OLuyV8E7zzWhpt+hrAcRICzkRSzVMRatHckKZz5/Ej7AkYeKUML3QfWJ2dQDhmijLayYXXXeH0HrZh4DqD8xOhIFVIWxNQtIRboUMvMkz0+ao7nvMqLGaRaqiIT8=,iv:S5zQE6YOTo+Tx65Z6q7xhb/niC0ZbxqWD6jji3Ody1A=,tag:n/MfLMBi1yeXeUY3riVYPA==,type:str]
|
mac: ENC[AES256_GCM,data:DYYhTAdxOt7qwWNLsl2urAqAIez+359Z3r+ZMOcs6wuD6Q6OLuyV8E7zzWhpt+hrAcRICzkRSzVMRatHckKZz5/Ej7AkYeKUML3QfWJ2dQDhmijLayYXXXeH0HrZh4DqD8xOhIFVIWxNQtIRboUMvMkz0+ao7nvMqLGaRaqiIT8=,iv:S5zQE6YOTo+Tx65Z6q7xhb/niC0ZbxqWD6jji3Ody1A=,tag:n/MfLMBi1yeXeUY3riVYPA==,type:str]
|
||||||
pgp:
|
pgp:
|
||||||
- created_at: "2022-11-28T20:39:35Z"
|
- created_at: "2023-09-14T15:59:02Z"
|
||||||
enc: |-
|
enc: |-
|
||||||
-----BEGIN PGP MESSAGE-----
|
-----BEGIN PGP MESSAGE-----
|
||||||
|
|
||||||
wcFMA7zUOKwzpAE7AQ//V9xaoQ9eEzy57iPTsNdjbNvE0eUkpMxqy2eZrkeYeNcG
|
wcFMA7zUOKwzpAE7ARAAhtspBDeP1NjkIVWgwaa/uIYg1ZeYymo6kFGuhQxn5ObB
|
||||||
mqpvgjQ52vuV4gT01w093aHxorurQOb8htokZfJD7aC+FMw8vWV6HxLWE5FjXiQc
|
gxcl/sgvCjqc6vcHjjnG7Qf0/ZSyCohYZlcFzcA4Qo2/K0EaLunDTd4/mYOhBfLZ
|
||||||
OoJiHcIhE1U+STvVcynMut8Gz8bLIbD7ifX9TUT+RYNX63HRhwBjF7yrl+VXiwY7
|
p1wnvayF7716DC9Dqxx5731rr5pdB/tPguKaKmccDRlA+ckboA5gjAI9QvnOJNV+
|
||||||
NeJNhgEWO90ajcbP4rbKq51TZZCS613eOsGrLtulry3WedKiV/UYxVXD4YT0ElXh
|
RViP9tesLoD+muoiavh04wWACMl+1LAO7xZoFU4bFx1ElHvc7ZVaMFt6j87hDCHn
|
||||||
34y3dvuh5pi7nEVyQHq58cHgPZcC82Jru90Y8G7Kq9EmARikmgJYRzsqpfhJCyge
|
CcmBBm9zPFrfMq+993YQJEc9aE1LGkqEijxyekqhDB0ASrdjv8i4onWvOdwFhyfY
|
||||||
qaJtjQ+jUe+WjzfDKEJO4MGfxT/gmeaAs5hZX7r+15MPBfoEL/I+ELjWHDdC790f
|
0dSC6wtkRHFVF5eBhdeLO5fXfa2FKbag4JQj1F2Ae7eixUzmbU3z3VUwKeUWd8Y9
|
||||||
S0jLMWi87PSa9LGpgcOmbNIlbpyK5aK9JOoPx0rgtOnajq+wdstVj9qfLQmw7MFp
|
GLwkQeVRLkgMFyaSjliRByPj156n4YvocZLsodcdaZ4JRUp5oINj7Klx4vpFQVGF
|
||||||
1EtY+xY5AOYJPdsfPnKm4Rj1G0X1g1z35xo4lu+0Jbz0wPPhGBT+bzrWCO7EcxEw
|
dpZ9aDThMyaDhxIFrCMf4fWgx5In/LPxRmbTprYqFYgzR85weF32XzsiUnjhDPXx
|
||||||
COIf4EHLx/mayKJkWW9ksIppdrdES616weLDu5JxiOsHm8D6D/il+N/zk5+k1AMK
|
zE63liCxXT6d4r1oSBlB9tCMse4vmbmFG1AjMuO2Kn/vRINDdpZTEwiyeId1TUQG
|
||||||
fzs/+jfTTrEWXPTTHLaGdvQs9TIud5KmV9C83rgy8N1VevAcGI5EvzNUqOXHNVLA
|
RoYjte7JS85+jze/g3sH/CVKbxCBo8Q5hT1wwamNg91YF2L9+ahxgGnzFcvPcIL7
|
||||||
DVY8xtnJb/ZSN547XMCsmRGQ1T02F7fUP0DQHCS1coCja3RAMiabcACFw00UoX7S
|
uo9T5CRoi6fR/rGeANwinblz+TYXwhFBbpUlPlXhacQSUswPgCAmdV48Axk0D6nS
|
||||||
UQFe8yaiVbhbiqBSGpp1t1tsX9z5szWeG17sO85r6Fmv61hzCYSdx7ZreGUZl+H+
|
UQGxzsjgNouXriVX4KeF7LYKdQY6d1l2vwxbNEQ6QTQtsKGKBt7wyfI8CQmfzTkp
|
||||||
AX5yTZhQIbjpCY+lypiOcGsV4VDsxl0aAyTUhABUSGJBEw==
|
iPCRs15HSrUN2yRSKN2URndCWKUh2kXe9nVE2qw9RzlScQ==
|
||||||
=Ss0B
|
=MdNQ
|
||||||
-----END PGP MESSAGE-----
|
-----END PGP MESSAGE-----
|
||||||
fp: DD0998E6CDF294537FC604F991FA5E5BF9AA901C
|
fp: DD0998E6CDF294537FC604F991FA5E5BF9AA901C
|
||||||
- created_at: "2022-11-28T20:39:35Z"
|
- created_at: "2023-09-14T15:59:02Z"
|
||||||
enc: |
|
enc: |
|
||||||
-----BEGIN PGP MESSAGE-----
|
-----BEGIN PGP MESSAGE-----
|
||||||
|
|
||||||
hQIMA/YLzOYaRIJJARAAsM9sI4zDmFok0TaeLfTuhPM8Lzf5bSfoy1jrqdag1bMo
|
hQIMA/YLzOYaRIJJAQ/6A1ExArKZHhuHxPmgCAvPZKNXEyPPCz+kUv6ZK5FBiMhD
|
||||||
H1QOs9j+Md9GgGSUc92sy/3X0khmnCxjOhS0hpKuD2QbUkcpZ+hjaHno0e2QBjTd
|
5Ftb3PqlKbTdKSO/ctl2854i3DVoHgwapMRN19/S2HC2hLCJ0r3KBNJHQ3SeiuX8
|
||||||
Pj+JqNZUkfLcOnU0VlODChj63p9Mh/ha5XNH+6wKMeF2fVuPU3UMB0DQdTj4iCYL
|
/1chpjIPVR0Iqbk19Qu/1uFioSkHX8b6acjGJwYVkNUB5rQ+b+bjpnFE3CbPGMGG
|
||||||
bc43AxTkfMQg9qXr5eE95jaSF4SukhYmuPL/bhnaiYb03BF0bBDEDRenbnHz1T0B
|
XIrTonylB0+tHUBB4UP1fGNlFLDNi1uDPfeZu+DUYK+UfdstyqeVC07bqMYiqPGG
|
||||||
Z/b2+62ppv44QCYp3Rqv47gnJH8bjtnLy04BRfrqv9oEXAk8fBarF6IkvnkCcSha
|
gGfLsbN9nyurcZKUfXJL4Wzf9OytSk3rdfGRSIYU2zKTz9HVFjICJz/rr5ZArCZ6
|
||||||
9j2OnBfsgSWn7Fx8BN/IfMF3Z45qtP8iRjUBwMKFejujtf96EaaCOMtKvVhqBFuZ
|
j+/Mx2Qg/2zy8X1YqDBhOzeQmPAskbpo3H+J+mwChCRzUL4tViE4stwLv8A/V09n
|
||||||
BX7biPuT+Vx/qzN5k8YOCzfq8Jgf9EtRUZ006DaKOz+5Q4ObsuF7FnxnwdMmG2ci
|
J07eqU84WYmop291wYXeh23EBC1Tuk2AD6rPHWaMvZH+y2nK7zh16Id3wREqkkEc
|
||||||
dlME/V7ByULLxl+vs6zzBd29JXZkxRd4TRA7Ct1Q0H1HGTi61PaCMXBY0bnHX7cz
|
r82NyJPzKuxaWjj5RVKJ6mt/ogc9t0kL15kxUqQUlrNsK2Xz3o75+08lmH6Udyhh
|
||||||
zFGfZX6bMTVroNcVWuQYin7yiR9RduA1KCVaxgS/k7VNXqB2RgQlV5LK6DdzncmS
|
1WtHb78rJWtbOJwdBxWc2w2j4HzbEnWwS+ld/C6fPDbMzTNomRuX5cMv2GMElzTv
|
||||||
HSG5l0ymBoZ4CtQgwdiQ1HTvJdzx5wdfAwXZCqe8Kbqal1AA/uO+3df/ab3smbFb
|
DOCwVH6OeXMNq/K2d1zrvjsp7J+VOMA9lUdAF0unuqi2U9wNXGX0SCtMPFbiXEeO
|
||||||
raOAkpFuSVWIO+9/5gV+Zy8CHtNSX4j+Qiu4NFiCtSStqR2mjkafTJ25LbQjvKTS
|
C9QASY8XRjPf50f5cmolFZrIzc++3eVOg8s0PfC/+rXav0MSGGg4/lCxIsM6OlvS
|
||||||
XAGJw4O5t+PRx+koybKAC4YU6+t6YzdzbQaPcHKZ96LU26FyCIpXEa2p98r2d5d6
|
XgGbMn0N/TYNhabdEPIPV/z+v4lza1XJSjfiLrsF7iXvGhvWJ4xD+wkujPWH8LsB
|
||||||
i0ZfHD5LchrATqGvfg0eypKzw9LR/yBq9nkcV9c79hjaNQYZ78yDEdym/JQ2
|
vWHlhlv7ue7mskVaKeDJCtqNbmT3PEQJRKi0V0UmNIiF1JB/hL6ZUM7fm5i1/+0=
|
||||||
=2dqd
|
=MYoI
|
||||||
-----END PGP MESSAGE-----
|
-----END PGP MESSAGE-----
|
||||||
fp: 91EBE87016391323642A6803B966009D57E69CC6
|
fp: 91EBE87016391323642A6803B966009D57E69CC6
|
||||||
- created_at: "2022-11-28T20:39:35Z"
|
- created_at: "2023-09-14T15:59:02Z"
|
||||||
enc: |
|
enc: |
|
||||||
-----BEGIN PGP MESSAGE-----
|
-----BEGIN PGP MESSAGE-----
|
||||||
|
|
||||||
hQEMA1N/l9+zlMQzAQf9GZVOd3+70TOm4STX+gODqfhQKBsOMlE/t0i0sBp8f2V2
|
hQEMA1N/l9+zlMQzAQf+OH908FtvIyfsJwdG0ff3Ji6s6Z2MJQ3JGzOQ4bB8LtBV
|
||||||
XSwiYu/MvfgLwn3yRnmEwIJvQNcoLrNdLmhwhfA4wvyBGXco1EX2drlBzBF5YbyM
|
vfwe9w+WLF/iAa/cUoCP8YJs8JfVq1CxDtFwGDrbD3+L62nSNrwsR92BmxdUleZ/
|
||||||
kq9TubrSRaps1zmmiuNnt3qT8Q+DEXMuKbBy2eWTDIqaD4pDkqEvzGzsfn7/L4wa
|
a0qz8BWU2awprugCL5Wpx3ISnwnsjE0cooUhED0e6iGHRHSQ9POs+bDw3h3G6w9U
|
||||||
57RAi3NPIzj3wkojIyjZePGYPa648faWK32TYc/wM2fs/e4bOfH4D52uE7FKghDg
|
gyNZwYQlUnlpWliEPaxfGM2XaDw2JnIH+WLziK7lsRrKoStTDwltZg9ZBkk18lCz
|
||||||
5bSR7SdbnZSQbCxkHqgtJP+1VBFusTlmAxXuSCDOqZSNHnk7NXhzJnN4D/aTrS+o
|
XB3bdwNKfeI+R0Nk8f/Pj7cWlXh/j6YbnVnf4P4HHkzs7DZXrKJUn9twrsqfYmqB
|
||||||
uNFVJCh1mNZuO+Pb2i7/SkcTmMKm0vqu9dyhZaGUMNJcAR32sJzU9wcdctdGl9S1
|
AM3AMh+OWbHp2lmjiRMuas7a83aD7bOr4CtvrKLcx9JeAX3k/dVuHgZg8cv08aA5
|
||||||
RxIp3sybPf+BzELiEO6T3+F2wLJEOfMSqpzgam1UYCcn1m6EjMDH3vslqiiwaF6E
|
Ypkp9xxvlxRkeEMxXzZBM9vZXLPzz/M2VhSAoTLqAZcta95eEr0ta7fXYz2iW7CQ
|
||||||
sVfmsSecVH2JvhTgkF6LyGenEvRqwj57WI4x1KQ=
|
c17yaVewQO2Tu6mQtp/opqTigxhpwzR+Y6CZYE7rYA==
|
||||||
=9+5E
|
=AOiP
|
||||||
-----END PGP MESSAGE-----
|
-----END PGP MESSAGE-----
|
||||||
fp: 069836A578F7939612DB4934F77D0F7E247A1EE4
|
fp: 069836A578F7939612DB4934F77D0F7E247A1EE4
|
||||||
- created_at: "2022-11-28T20:39:35Z"
|
- created_at: "2023-09-14T15:59:02Z"
|
||||||
enc: |
|
enc: |
|
||||||
-----BEGIN PGP MESSAGE-----
|
-----BEGIN PGP MESSAGE-----
|
||||||
|
|
||||||
hQEMA1N/l9+zlMQzAQf/X7rsO49FKeclClSwhM9djME9Fs83FgDsNoIUydho/AHb
|
hQEMA1N/l9+zlMQzAQf+MRjWWewxGEE3/ABd4D7cZhNVAXAzh8I1YtwOFvZP8aWm
|
||||||
R1fqOVvRXA2Gn96zZSs2W8AcaJoH2uf7eTF/swt1J9nzuvr5PIoci76WxOeKVfNw
|
9xp4Klo4qP5YOXtTKK7joslbKEonsxoxCI9Lij3bIuVem/4JrSnTPM0csVdrYdi9
|
||||||
54TIY5w9NytB3zhpkqbU/kVe8OwavOiD3esBDdeApi9bSeHaOpfJ8c8rtQG0g8Ny
|
zSzR2iBLT9Dc5KF7u5z/Kwi8WTgFFywtljXljvJhkK/iSb+8Gn81L2r6Luz9pJtP
|
||||||
oKMJmrDr4Di0ysCSOH5sJcXr86c6GBNwlQKIrQIkD8wfoqb90EH8rg2mZ6xaaafs
|
bK/vOK82iyr4wMlhD+/TZw9hMWfbwXaRfnJN2i76l2RE6eo6JWsWFFez8i6VVzjS
|
||||||
hzGYfP2B2bB62CBE7taeLkrdY163k1tNYyH4C8gegsBHXEGzOBbATvN467Bfmi+7
|
gs9etK9GDch+cnBQo6TqdMW5zoOTENsd3WgU4rzuugHOL44dS8cH6Wxi/c0Pv7gt
|
||||||
4S1cKO1X8E5T+t70gSaawlAoQ59pl2m9jQHq8Exf0dJcAWv6g9KAvWwWqBXZYENb
|
lehqdLThM01nhEB/bxbNVqqmTk3BJGxhA1Ulq/qKxtJeAR+KROqwef74beEmrCoJ
|
||||||
kq92xcmWHTLFuV83MgqE7kUytgWxUhklhREkwHG2qYgyYOHgrg//p+17XSoI8e+X
|
+zX2QkIITRU5Q9EhhGVcPYsuUAX8tpCwGX8uFbx8c9jetMlIAsim8+dQdArJYcyF
|
||||||
g+6WlKuO+Uyu+YNy3IzjMwn5LctFviPDl0F+BhA=
|
3wBv6whQPjXr1VpzrNO2njqc5yCQNc0uPlE+EivuDQ==
|
||||||
=lD9P
|
=pT4X
|
||||||
-----END PGP MESSAGE-----
|
-----END PGP MESSAGE-----
|
||||||
fp: ED06986DFAAE6A61B751DC2F537F97DFB394C433
|
fp: ED06986DFAAE6A61B751DC2F537F97DFB394C433
|
||||||
unencrypted_suffix: _unencrypted
|
unencrypted_suffix: _unencrypted
|
||||||
|
|
|
@ -1,4 +1,7 @@
|
||||||
wg-seckey: ENC[AES256_GCM,data:mUFBjQpHC0Flpyw82lXUInLVm0TJW1wB51evA7hXiit7JcK4z/HCyD5UGQU=,iv:O2/UP+WjCmasU6kP/58B1zXL0XAmzUOcM/1ONE31+/o=,tag:ObN6viKQm7ghuXKVeUydjg==,type:str]
|
wg-seckey: ENC[AES256_GCM,data:mUFBjQpHC0Flpyw82lXUInLVm0TJW1wB51evA7hXiit7JcK4z/HCyD5UGQU=,iv:O2/UP+WjCmasU6kP/58B1zXL0XAmzUOcM/1ONE31+/o=,tag:ObN6viKQm7ghuXKVeUydjg==,type:str]
|
||||||
|
hashed-password-0xa: ENC[AES256_GCM,data:Tofb7PL5/fZHSLx/nN0o+6w7f0lfITQXoAV4Pu7JGzADi+vY9rfuOLzDapHh82bz1d3vbzPGECzpvYN6Bp/UMHivou0JD5ozIQ==,iv:7bPTP84NcwPCsIZaxBNinIcmewf+pWW5U21OTO1WGeY=,tag:ohaDbKZuXDhq9YBg/8wu/A==,type:str]
|
||||||
|
hashed-password-tassilo: ENC[AES256_GCM,data:z3DD3ZMGjPdNPLRRY3mfdrJzEIizdSV0RnFAI2m+KjHPybtT3araf2bc/zt6iPMcFC1OvJhvm31jCTorZLKT6bknxnIAu2EKHw==,iv:9twbZWdVpQFKqop9dpnoNpZ7jOQp9LluSffZAQXMTd8=,tag:oVMBdTNZfgqbDdrNIFexmA==,type:str]
|
||||||
|
hashed-password-marenz: ENC[AES256_GCM,data:+7Exam93GwUmUkzYOta39d83+8FaQzIbfq4Z+PIoCEwomn6W5Qa7LHKATovKwq5sZVnPJ6jSQ0ruxjmbG9/FykaKxXKGeCv9xQ==,iv:aqibnzdlRkA7sruGIlENspEUQYlo+QVOdANRmAeMYWM=,tag:G1K14+1QmlkP0njB56seUw==,type:str]
|
||||||
sops:
|
sops:
|
||||||
kms: []
|
kms: []
|
||||||
gcp_kms: []
|
gcp_kms: []
|
||||||
|
@ -14,8 +17,8 @@ sops:
|
||||||
YVFMQ3pZYS9oM3RERDg4NHA1OHRoUEkKYIKvmU6cMiWqrDASPeDZAs3jHOn41onU
|
YVFMQ3pZYS9oM3RERDg4NHA1OHRoUEkKYIKvmU6cMiWqrDASPeDZAs3jHOn41onU
|
||||||
YtnMpjNQncMbvzDjuijjsCusgxL1DOEWvkg5xn8u4yGhguV6hEW4mQ==
|
YtnMpjNQncMbvzDjuijjsCusgxL1DOEWvkg5xn8u4yGhguV6hEW4mQ==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
lastmodified: "2023-05-30T13:44:49Z"
|
lastmodified: "2023-06-10T21:35:03Z"
|
||||||
mac: ENC[AES256_GCM,data:iLT8KrlibgljBzhZAFEdlKs/+c0XjxFkCHchjuO9dQJb576HpFsQj6LD5opWPAizdhRG0IniP1g9lUTrpE9Wb/XmQWIuVAJGpCiIWaFM0ENZ5fEcZDoWkBNJVmELe4M7yffD1N1EYffd0uwjyzHoPgEnFC8GrNMeBZdCuu08tR8=,iv:clpxUJLj8o4FRTW9oBxxnU23MYBvRDhxW9df85n4/AM=,tag:abTl8mvDRRknDHbP+01ZKg==,type:str]
|
mac: ENC[AES256_GCM,data:ESL2J916TklAXe7Lpdh1sn3mhHuNiBZ7xq4KAwn2nV1nErRRPcaA/U3Qf+nY5x95DdIkrDBpGx+rC4LAgs5FBx/lZNYgiuFCJuF6U1ZfaOhIQEatZ/isZ8xa88ENL3rrAQuU17HGfAu3FxseGRGiJ44cR4RHLzjWz87//Sx9Xkk=,iv:erdyt4i5ndRC/QGi2RMl34WKojFEjAPGmKzd7o3dYrY=,tag:J/5A8lvrFvdqNtnYFB62EQ==,type:str]
|
||||||
pgp:
|
pgp:
|
||||||
- created_at: "2023-05-30T14:29:01Z"
|
- created_at: "2023-05-30T14:29:01Z"
|
||||||
enc: |-
|
enc: |-
|
||||||
|
|
Loading…
Reference in New Issue
Block a user