forked from c3d2/nix-config
Compare commits
223 Commits
Author | SHA1 | Date |
---|---|---|
Leon Vita | f4e3211b2d | |
Leon Vita | 50740ac162 | |
vater c3d2 | 128fb86549 | |
Sandro - | 0000003775 | |
Sandro - | 898a748bb4 | |
Sandro - | a39d664db5 | |
Sandro - | 1111112db6 | |
Sandro - | 1285469bc0 | |
Sandro - | f79741767a | |
Sandro - | 8017024f5c | |
Astro | d5fafcb5a0 | |
Astro | a84b8b62a2 | |
Sandro - | ee846bf819 | |
Sandro - | 0000005a94 | |
Sandro - | 96576ab193 | |
Sandro - | 000002e220 | |
Sandro - | f5079090da | |
Sandro - | 67bfeb6639 | |
Sandro - | 8888888871 | |
Sandro - | ea784ab019 | |
Sandro - | 163841e347 | |
Sandro - | 888888e271 | |
Sandro - | 55555559c4 | |
Sandro - | 7b67239007 | |
Sandro - | d9430d5839 | |
Sandro - | 12098169ee | |
Sandro - | 222222f338 | |
Sandro - | fecdee3062 | |
Sandro - | 424242595e | |
Sandro - | 175d8c5494 | |
Sandro - | 5555552d45 | |
Sandro - | 000000607f | |
Sandro - | 7777770a21 | |
Sandro - | 55555551a3 | |
Sandro - | 8e134c843f | |
Sandro - | 9bcf244add | |
Sandro - | 290820c38a | |
Sandro - | d60d861120 | |
Sandro - | 999999920e | |
Sandro - | e12024d668 | |
Sandro - | 47541c5f2b | |
Sandro - | 0221f34859 | |
Sandro - | 808cc29c6c | |
Astro | e78931472e | |
Astro | 267f75a14c | |
Sandro - | 10242ac10b | |
Sandro - | 22222229df | |
Sandro - | d96f88449d | |
Sandro - | 0000000de9 | |
Sandro - | c477925b10 | |
Sandro - | 28e92d2fd9 | |
Sandro - | fdfad8b3d6 | |
Sandro - | 4bd6180f5e | |
Sandro - | f7df3aecd7 | |
Astro | 4ddaa002b0 | |
Astro | dae9fcd0ff | |
Astro | fe6490b081 | |
Sandro - | e780a3d4c5 | |
Sandro - | 102457debb | |
Sandro - | 8192e158ca | |
Sandro - | 10246704d2 | |
Sandro - | 0b1e371d45 | |
Sandro - | 3333333d1c | |
Astro | 7999a92efd | |
Astro | 05342dfacb | |
Sandro - | ea4b716c0a | |
Astro | 5851716114 | |
Sandro - | 0518bc47ba | |
Sandro - | 7b7d7c0c2a | |
Astro | 1288ec3cad | |
Markus Schmidl | 686012b734 | |
Sandro - | 96576fde30 | |
Sandro - | 11111118af | |
Sandro - | 424242fe84 | |
Sandro - | 128ba1d03d | |
Sandro - | 120981064b | |
Sandro - | 9999999b65 | |
Astro | 274e8ad4d2 | |
Sandro - | 8888888e4c | |
Sandro - | 9001e9dd92 | |
Sandro - | 120981e451 | |
Sandro - | 9657606406 | |
Sandro - | 000000710a | |
Sandro - | 00000017b2 | |
Sandro - | 00000174a6 | |
Sandro - | 7065f932d8 | |
Sandro - | 0000009ca3 | |
Sandro - | b31782f405 | |
Astro | f274b0f43a | |
Sandro - | 1a67a853a4 | |
Sandro - | 000003034b | |
Sandro - | 00000040af | |
Astro | 076c42f090 | |
Astro | f465d40cbf | |
Sandro - | 102433c3bf | |
Sandro - | 42424268f4 | |
Sandro - | 96576c95d3 | |
Sandro - | 999999be2c | |
Sandro - | 2908203db9 | |
Sandro - | c4bb6c7fa3 | |
Sandro - | 2b30cfc9ef | |
Sandro - | 4242423be2 | |
Sandro - | 0000008c13 | |
Sandro - | f936258a54 | |
Astro | 1ea2d6a85f | |
Astro | 7d7340afc3 | |
Astro | cf83619929 | |
Astro | 6957a5e31b | |
Astro | cf135d9e47 | |
Astro | 32257815dd | |
Astro | acd947e628 | |
Sandro - | 0000012f7d | |
oxapentane - | e58c0c24fa | |
Astro | 2c65075ab1 | |
Astro | 212c770b61 | |
Astro | f7428b2906 | |
Sandro - | 424242820d | |
Sandro - | 1111111f5e | |
Sandro - | 000001a17b | |
Sandro - | 00000892b0 | |
Sandro - | 6430684711 | |
Sandro - | 119279fe96 | |
Sandro - | 1283a6e409 | |
Sandro - | 10a21ecc71 | |
Astro | bbcf0abf9c | |
Sandro - | 0000004660 | |
Sandro - | 965764d70b | |
Sandro - | 25613c02ec | |
Sandro - | 0000007338 | |
Sandro - | 23230d670c | |
Sandro - | 00000093ac | |
Sandro - | 00000004b8 | |
Sandro - | 1111111b12 | |
Sandro - | 4242423a05 | |
Sandro - | 1280afd93f | |
Sandro - | 666666b6e7 | |
Sandro - | 0000042101 | |
Sandro - | 000000429a | |
Sandro - | 23232392f1 | |
Sandro - | 00000062b1 | |
Sandro - | 33333330ce | |
Sandro - | 555555a089 | |
Sandro - | 1801067aff | |
Sandro - | 7777777c41 | |
Sandro - | 3333333a00 | |
Sandro - | 20487320b7 | |
Sandro - | 0000000cdb | |
Sandro - | 96576c7ced | |
Sandro - | 420e0ea039 | |
Sandro - | 00000081ab | |
Sandro - | 0000007406 | |
Sandro - | 81920f8278 | |
Sandro - | 0000018b24 | |
Sandro - | 000000010d | |
Sandro - | 000005b776 | |
Sandro - | 9001a0ebd7 | |
Sandro - | 40960946af | |
Sandro - | 237170a2cb | |
Sandro - | 502786feab | |
Sandro - | f7dc0c3986 | |
Sandro - | f5cbfda5d1 | |
Sandro - | f81678b3f1 | |
Sandro - | 33333337c2 | |
Sandro - | 7cc618138b | |
Astro | 9117c97877 | |
Astro | e9085fa879 | |
Sandro - | 424f03b855 | |
Sandro - | 000000144d | |
Sandro - | 222222771f | |
Sandro - | 000000486d | |
Sandro - | 000006b7e2 | |
Sandro - | 90016a351b | |
Sandro - | 8888888467 | |
Sandro - | 000000bd5d | |
Sandro - | 0afa21f343 | |
Sandro - | b7ebb7c851 | |
Sandro - | c3aeb36b58 | |
Sandro - | ed296911c8 | |
Astro | ffb9ce2205 | |
Sandro - | 1024a1237e | |
Sandro - | 6e44bca864 | |
Sandro - | 4272a52f18 | |
Sandro - | c131172ce8 | |
Sandro - | 0000001fe2 | |
Sandro - | 22222227b5 | |
Sandro - | 96576625d9 | |
Sandro - | 5120c6ac5a | |
Sandro - | f10fda7c00 | |
Astro | fe690800b0 | |
Astro | 71cab5fcbe | |
Sandro - | 2bbf5dae62 | |
Astro | 87ddb8bbf2 | |
Sandro - | 222222c539 | |
Sandro - | 000000f0c5 | |
Sandro - | 3333332a03 | |
Sandro - | 66666660e0 | |
Sandro - | c98bae9cd1 | |
Sandro - | 99999961f0 | |
Sandro - | 7777776a53 | |
Sandro - | 13375a3cc5 | |
Astro | 33b9e16399 | |
Sandro - | 70593f9c94 | |
Sandro - | 40969f98c2 | |
Sandro - | 4242bf60e6 | |
Sandro - | 00000704ef | |
Sandro - | 888888d182 | |
Sandro - | 1111114826 | |
Sandro - | 1209812443 | |
Sandro - | 1209812a54 | |
Sandro - | 20ad25bf3a | |
Sandro - | 111111145d | |
Sandro - | 2323bfee8e | |
Sandro - | 5555555874 | |
Sandro - | 232323a3da | |
Sandro - | 1dd62b623a | |
Astro | 24872f0b75 | |
Astro | 69a5ebae1c | |
Astro Spaceboyz | 0b4b8108b9 | |
Sandro - | 4242ac073e | |
Sandro - | 000000821f | |
Sandro - | 965764b2ce | |
Leon Vita | cf86ed2330 | |
Sandro - | f94b29b021 |
16
.sops.yaml
16
.sops.yaml
|
@ -48,6 +48,7 @@ keys:
|
|||
- &matemat age15vmz2evhnkn26fyt4vqvgztfrsr2s8qavd2m6zfjmkh84q2g75csnc5kr6
|
||||
- &matrix age1s2ww76ll6nclz74gny27tk42xfsepl23z2k0849a8jv8xpnmpe3shgunxr
|
||||
- &mediawiki age1xjvep7hsnfefgxvuwall8nq0486qu8yknhzwhf0cskw5xlpm8qws9txc56
|
||||
- &mobilizon age182ms3ygypflk7mtpemp4k4ks9rz4gwhvzc9jlk95u4py5q68ppxstzu2e3
|
||||
- &mucbot age1cqeh03zq0hvz5l78r678q93ey5mlw49lqy4whvgqxgenudth7g6skee6kh
|
||||
- &nfsroot age18yxgwpakrkzq8ca2enayf79py25se3d8dsed2q523869re30jcaqx6rjln
|
||||
- &nncp age15853dr2kd6r2329tkcanwnruh6zd2xvsu5twc7gnxeyu3h7t6q5scckaq8
|
||||
|
@ -74,7 +75,9 @@ creation_rules:
|
|||
key_groups:
|
||||
- pgp: *admins
|
||||
age:
|
||||
- *blogs
|
||||
- *buzzrelay
|
||||
- *drone
|
||||
- *gitea
|
||||
- *hedgedoc
|
||||
- *hydra
|
||||
|
@ -83,6 +86,7 @@ creation_rules:
|
|||
- *matemat
|
||||
- *matrix
|
||||
- *mediawiki
|
||||
- *mobilizon
|
||||
- *ticker
|
||||
- *polygon-snowflake
|
||||
- path_regex: modules/cluster/[^/]+\.yaml$
|
||||
|
@ -278,6 +282,12 @@ creation_rules:
|
|||
age:
|
||||
- *mediawiki
|
||||
- *polygon-snowflake
|
||||
- path_regex: hosts/mobilizon/[^/]+\.yaml$
|
||||
key_groups:
|
||||
- pgp: *admins
|
||||
age:
|
||||
- *mobilizon
|
||||
- *polygon-snowflake
|
||||
- path_regex: hosts/oparl/secrets\.yaml$
|
||||
key_groups:
|
||||
- pgp: *admins
|
||||
|
@ -338,3 +348,9 @@ creation_rules:
|
|||
age:
|
||||
- *prometheus
|
||||
- *polygon-snowflake
|
||||
- path_regex: hosts/stream/[^/]+\.yaml$
|
||||
key_groups:
|
||||
- pgp: *admins
|
||||
age:
|
||||
- *stream
|
||||
- *polygon-snowflake
|
||||
|
|
|
@ -13,16 +13,13 @@
|
|||
assertion = lib.versions.major pkgs.ceph.version != 16;
|
||||
message = "Please pin ceph to major version 16!";
|
||||
}
|
||||
{
|
||||
assertion = lib.versions.majorMinor pkgs.mediawiki.version != 1.39;
|
||||
# https://www.mediawiki.org/wiki/Version_lifecycle
|
||||
message = "Please keep mediawiki on LTS versions which is required by the LDAP extension";
|
||||
}
|
||||
];
|
||||
|
||||
boot = {
|
||||
cleanTmpDir = true;
|
||||
tmp.cleanOnBoot = true;
|
||||
kernel.sysctl = {
|
||||
# reset 60 seconds after a kernel panic
|
||||
"kernel.panic" = 60;
|
||||
"net.ipv4.tcp_congestion_control" = "bbr";
|
||||
};
|
||||
# recommend to turn off, only on by default for backwards compatibility
|
||||
|
@ -30,7 +27,8 @@
|
|||
};
|
||||
|
||||
c3d2 = {
|
||||
addBinaryCache = true;
|
||||
# NOTE: this must be off, otherwise our nix binary cache creates a loop with itself
|
||||
addBinaryCache = lib.mkForce false;
|
||||
addKnownHosts = true;
|
||||
sshKeys = ssh-public-keys;
|
||||
};
|
||||
|
@ -53,7 +51,7 @@
|
|||
totem
|
||||
yelp # less webkitgtk's
|
||||
];
|
||||
noXlibs = !lib.any (host: host == config.networking.hostName) [ "dacbert" "glotzbert" "rpi-netboot" ];
|
||||
noXlibs = !config.services.xserver.enable;
|
||||
systemPackages = with pkgs; [
|
||||
bmon
|
||||
curl
|
||||
|
@ -84,6 +82,12 @@
|
|||
];
|
||||
};
|
||||
|
||||
networking.firewall.allowedTCPPorts = lib.mkIf config.services.nginx.enable [
|
||||
# proxy protocol used by public-access-proxy
|
||||
8080
|
||||
8443
|
||||
];
|
||||
|
||||
nix = {
|
||||
deleteChannels = true;
|
||||
deleteUserProfiles = true;
|
||||
|
@ -152,12 +156,30 @@
|
|||
security.ldap.domainComponent = [ "c3d2" "de" ];
|
||||
|
||||
services = {
|
||||
gitea.ldap = {
|
||||
adminGroup = "gitea-admins";
|
||||
userGroup = "gitea-users";
|
||||
};
|
||||
|
||||
gnome = {
|
||||
# less webkitgtk's
|
||||
evolution-data-server.enable = lib.mkForce false;
|
||||
gnome-initial-setup.enable = false;
|
||||
};
|
||||
|
||||
hedgedoc.ldap.userGroup = "hedgedoc-users";
|
||||
|
||||
hydra.ldap = {
|
||||
roleMappings = [
|
||||
{ hydra-admins = "admin"; }
|
||||
];
|
||||
userGroup = "hydra-users";
|
||||
};
|
||||
|
||||
mastodon.ldap.userGroup = "mastodon-users";
|
||||
|
||||
matrix-synapse.ldap.userGroup = "matrix-users";
|
||||
|
||||
nginx = {
|
||||
appendHttpConfig = ''
|
||||
log_format proxyCombined '$proxy_protocol_addr - $remote_user [$time_local] '
|
||||
|
@ -181,8 +203,11 @@
|
|||
openssh = {
|
||||
# Required for deployment and sops
|
||||
enable = true;
|
||||
passwordAuthentication = lib.mkIf (!config.c3d2.k-ot.enable) false;
|
||||
permitRootLogin = lib.mkOverride 900 "prohibit-password";
|
||||
settings = {
|
||||
LoginGraceTime = 30; # throw out unauthenticated connections earlier than the 120 default
|
||||
PasswordAuthentication = lib.mkIf (!config.c3d2.k-ot.enable) false;
|
||||
PermitRootLogin = lib.mkOverride 900 "prohibit-password";
|
||||
};
|
||||
};
|
||||
|
||||
portunus = with zentralwerk.lib.config.site.net.serv; {
|
||||
|
@ -190,6 +215,20 @@
|
|||
internalIp4 = hosts4.auth;
|
||||
internalIp6 = hosts6.up4.auth;
|
||||
ldapPreset = true;
|
||||
seedSettings.groups = [
|
||||
{
|
||||
long_name = "Grafana Administrators";
|
||||
name = "grafana-admins";
|
||||
manage_members = false;
|
||||
permissions = {};
|
||||
}
|
||||
{
|
||||
long_name = "Home-Assistant Users";
|
||||
name = "home-assistant-users";
|
||||
manage_members = false;
|
||||
permissions = {};
|
||||
}
|
||||
];
|
||||
};
|
||||
|
||||
postgresql.upgrade = {
|
||||
|
@ -217,7 +256,14 @@
|
|||
'';
|
||||
|
||||
systemd = {
|
||||
services.nix-daemon.serviceConfig.KillMode = "control-group";
|
||||
network.wait-online.anyInterface = true;
|
||||
|
||||
services.nix-daemon.serviceConfig = {
|
||||
# kill all worker thread when restarting
|
||||
KillMode = "control-group";
|
||||
# restart if killed eg oom killed
|
||||
Restart = "on-failure";
|
||||
};
|
||||
|
||||
# Reboot on hang
|
||||
watchdog = lib.mkIf (!config.boot.isContainer) {
|
||||
|
|
161
flake.lock
161
flake.lock
|
@ -36,11 +36,11 @@
|
|||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1672603271,
|
||||
"narHash": "sha256-vEIqx9Wltokb5Ye7dLkQ8khmU1TYeQ4Mt7Abaia5obk=",
|
||||
"lastModified": 1685997764,
|
||||
"narHash": "sha256-SMIfPyGgNq7+8uChNnhIAma4QbKRTpZJnBtmggaAhiM=",
|
||||
"ref": "refs/heads/main",
|
||||
"rev": "8722c0085c2ea1bad3a150c22c0a20637258cfd4",
|
||||
"revCount": 20,
|
||||
"rev": "0aaae8587303499c40b9c9ea726dbb1277a3e1c7",
|
||||
"revCount": 23,
|
||||
"type": "git",
|
||||
"url": "https://gitea.c3d2.de/astro/alert2muc"
|
||||
},
|
||||
|
@ -116,11 +116,11 @@
|
|||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1684106318,
|
||||
"narHash": "sha256-3f0niAAVAkraRp4BDaYFF18b/Dh/qwvuttiNKq3YhLU=",
|
||||
"lastModified": 1687654280,
|
||||
"narHash": "sha256-55MNOIvNnwleS4VbvEruw3oBORUsXoqsIver8QT5Yug=",
|
||||
"owner": "astro",
|
||||
"repo": "buzzrelay",
|
||||
"rev": "56b174bd58269f2d0a1c8061c21d9c86c8513dc3",
|
||||
"rev": "89938a7c53a3ab03c3bb0006052e106c2e699bf1",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -139,11 +139,11 @@
|
|||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1683754009,
|
||||
"narHash": "sha256-O+zkiMCGHqCbB2STWvEHqSs32V79O43bgvZIfTJdbbA=",
|
||||
"lastModified": 1688413216,
|
||||
"narHash": "sha256-Ms0xDDb6lD9oRgkfDB7gAUldkMEwS2t3InFyRbp0ejk=",
|
||||
"ref": "refs/heads/master",
|
||||
"rev": "9c66645cc97b9328cee86a394294339c791c5cce",
|
||||
"revCount": 27,
|
||||
"rev": "1209819da4566cca6abc0ca4be0347d421f3886f",
|
||||
"revCount": 37,
|
||||
"type": "git",
|
||||
"url": "https://gitea.c3d2.de/c3d2/nix-user-module.git"
|
||||
},
|
||||
|
@ -168,11 +168,11 @@
|
|||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1683306816,
|
||||
"narHash": "sha256-O4fQ+RWCtgfkYDgEVK6KMwNftEOtWuKEgz/xCi1mC5I=",
|
||||
"lastModified": 1686445068,
|
||||
"narHash": "sha256-xYf1N4u8l6rGKtui2FRlVFmGr7Q0S50Js4W8lDUYrF8=",
|
||||
"ref": "main",
|
||||
"rev": "7b5c871647bb8a6274416986b146da7e9591cc21",
|
||||
"revCount": 247,
|
||||
"rev": "bedb749acc1259fecdfe6cd0490cf724c0a57847",
|
||||
"revCount": 251,
|
||||
"type": "git",
|
||||
"url": "https://gitea.c3d2.de/astro/caveman.git"
|
||||
},
|
||||
|
@ -231,11 +231,11 @@
|
|||
"rust-analyzer-src": "rust-analyzer-src"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1682038649,
|
||||
"narHash": "sha256-HwGwWLMKdIT24xhDf+mRoCehA8yUlLmuJgS9JeMt4IM=",
|
||||
"lastModified": 1688484237,
|
||||
"narHash": "sha256-qFUn2taHGe203wm7Oio4UGFz1sAiq+kitRexY3sQ1CA=",
|
||||
"owner": "nix-community",
|
||||
"repo": "fenix",
|
||||
"rev": "37b3a6dad6d6060bd305eb7d3628d3b476c87bb6",
|
||||
"rev": "626a9e0a84010728b335f14d3982e11b99af7dc6",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -250,11 +250,11 @@
|
|||
"systems": "systems"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1681202837,
|
||||
"narHash": "sha256-H+Rh19JDwRtpVPAWp64F+rlEtxUWBAQW28eAi3SRSzg=",
|
||||
"lastModified": 1687709756,
|
||||
"narHash": "sha256-Y5wKlQSkgEK2weWdOu4J3riRd+kV/VCgHsqLNTTWQ/0=",
|
||||
"owner": "numtide",
|
||||
"repo": "flake-utils",
|
||||
"rev": "cfacdce06f30d2b68473a46042957675eebb3401",
|
||||
"rev": "dbabf0ca0c0c4bce6ea5eaf65af5cb694d2082c7",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -302,11 +302,11 @@
|
|||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1684315870,
|
||||
"narHash": "sha256-Km9p3lJ97s8JGWF+t3GoL3cCdCyFxPuqCkbE6zo/VS8=",
|
||||
"lastModified": 1688933605,
|
||||
"narHash": "sha256-eux5CjKmO+6GFoovtckoVo0es1FZ2mzupehDyHuCaCk=",
|
||||
"owner": "astro",
|
||||
"repo": "microvm.nix",
|
||||
"rev": "59008a1eda995fbd844a756412f7d685086c15a2",
|
||||
"rev": "018691bf86a70b7e5d24eb37d6aad05ce1c1b12e",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -322,11 +322,11 @@
|
|||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1679567394,
|
||||
"narHash": "sha256-ZvLuzPeARDLiQUt6zSZFGOs+HZmE+3g4QURc8mkBsfM=",
|
||||
"lastModified": 1688534083,
|
||||
"narHash": "sha256-/bI5vsioXscQTsx+Hk9X5HfweeNZz/6kVKsbdqfwW7g=",
|
||||
"owner": "nix-community",
|
||||
"repo": "naersk",
|
||||
"rev": "88cd22380154a2c36799fe8098888f0f59861a15",
|
||||
"rev": "abca1fb7a6cfdd355231fc220c3d0302dbb4369a",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -348,11 +348,11 @@
|
|||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1677107143,
|
||||
"narHash": "sha256-7JCxZgGFeHdOTkIOsV8vsOi3FMXHO5Yn8HnzunIeM/A=",
|
||||
"lastModified": 1686178371,
|
||||
"narHash": "sha256-RwyZ3ZNlkTE6O7A5Lj5JcHHNCij3ZqfmZ5Pq+PB9Sq0=",
|
||||
"owner": "astro",
|
||||
"repo": "nix-cache-cut",
|
||||
"rev": "a69adffc2a0f5216465e5fb718b8e4ca1fc54dde",
|
||||
"rev": "9133ed18136e6acfd591e76fe06e4c095a66c39f",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -363,27 +363,11 @@
|
|||
},
|
||||
"nixos": {
|
||||
"locked": {
|
||||
"lastModified": 1684533630,
|
||||
"narHash": "sha256-akvMq9xjy/EuDrsP8D9zUuktKoRg/UzIUMFATA6JQPw=",
|
||||
"lastModified": 1688998315,
|
||||
"narHash": "sha256-4aaOQRsvbTja2to/UoNdUQJ7lFyhC7ORuWTDJi3+aQ8=",
|
||||
"owner": "SuperSandro2000",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "ce8783d28a1bc79007c9fa5616fd88bca4667300",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "SuperSandro2000",
|
||||
"ref": "nixos-22.11",
|
||||
"repo": "nixpkgs",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nixos-23-05": {
|
||||
"locked": {
|
||||
"lastModified": 1684796928,
|
||||
"narHash": "sha256-GxF+TX2UsuiIj0rdLkovBBWnMdAccWmw/T9p6S00etU=",
|
||||
"owner": "SuperSandro2000",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "7582acc515fa86fb0c5797970ea987f3872a8ad6",
|
||||
"rev": "16c5018dc2650fbad8e2625aaa08ae91092f737f",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -395,11 +379,11 @@
|
|||
},
|
||||
"nixos-hardware": {
|
||||
"locked": {
|
||||
"lastModified": 1684169666,
|
||||
"narHash": "sha256-N5jrykeSxLVgvm3Dd3hZ38/XwM/jU+dltqlXgrGlYxk=",
|
||||
"lastModified": 1688966833,
|
||||
"narHash": "sha256-9ilzbSwArZmDjT/g1XYD+KYOFfmoS0WOYXSQBvZDIv4=",
|
||||
"owner": "nixos",
|
||||
"repo": "nixos-hardware",
|
||||
"rev": "71ce85372a614d418d5e303dd5702a79d1545c04",
|
||||
"rev": "f0984a5a303659bc9b73895c82a85fdfae40b87a",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -415,11 +399,11 @@
|
|||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1684273519,
|
||||
"narHash": "sha256-TGpB+DV3WJdn4OnS0F9C8DxfFzp74GQK5DfRLy0H94Q=",
|
||||
"lastModified": 1688823980,
|
||||
"narHash": "sha256-KjbiwNLWsmhSRz1mP4DEVII+3eGVRprTwdEZzVFwItk=",
|
||||
"owner": "SuperSandro2000",
|
||||
"repo": "nixos-modules",
|
||||
"rev": "75c307d7e1f7fadf644e41cf173a8cacc68205da",
|
||||
"rev": "0000000c066529e293dc26eae24c95703b92fe54",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -448,11 +432,11 @@
|
|||
"openwrt": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
"lastModified": 1683803702,
|
||||
"narHash": "sha256-73Sojfjmmbooo/rt6GrFeb6rrg/XxKR3ZOSeA+mTmDk=",
|
||||
"lastModified": 1686823292,
|
||||
"narHash": "sha256-6p65M45Hrvg/vfLZERc4Z8mbrN+3Z5melpascgHvJP0=",
|
||||
"ref": "openwrt-21.02",
|
||||
"rev": "491b784141da22d01819196e748e955cf07fd56a",
|
||||
"revCount": 51311,
|
||||
"rev": "eb8cae5391ceee679140a3d8d9abbdc47d0d6461",
|
||||
"revCount": 51313,
|
||||
"type": "git",
|
||||
"url": "https://git.openwrt.org/openwrt/openwrt.git"
|
||||
},
|
||||
|
@ -469,11 +453,11 @@
|
|||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1684494012,
|
||||
"narHash": "sha256-Q+8j1rMAi/AXl3FIM+OALJ8gIEqVS1NHZk4cenCE/6o=",
|
||||
"lastModified": 1688984955,
|
||||
"narHash": "sha256-TaYPe5rzzxWmqdt+0RreA9UC9btFnPUfrcBsqfuMH34=",
|
||||
"owner": "astro",
|
||||
"repo": "nix-openwrt-imagebuilder",
|
||||
"rev": "06d684e91397a5c14adb9b38e41869c67136276f",
|
||||
"rev": "66d574d771e2b0c6b875ab267d1a248245e2e780",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -500,7 +484,6 @@
|
|||
"naersk": "naersk",
|
||||
"nix-cache-cut": "nix-cache-cut",
|
||||
"nixos": "nixos",
|
||||
"nixos-23-05": "nixos-23-05",
|
||||
"nixos-hardware": "nixos-hardware",
|
||||
"nixos-modules": "nixos-modules",
|
||||
"oparl-scraper": "oparl-scraper",
|
||||
|
@ -523,11 +506,11 @@
|
|||
"rust-analyzer-src": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
"lastModified": 1680267680,
|
||||
"narHash": "sha256-atC3zkM5nBXdBFE1+Xoxpm/Ye42j/Rq12IR0qi5+/ao=",
|
||||
"lastModified": 1688410727,
|
||||
"narHash": "sha256-TqKZO9D64UDBCMY2sUP2ebAKP0oY7S9enrHfZaDiqBQ=",
|
||||
"owner": "rust-lang",
|
||||
"repo": "rust-analyzer",
|
||||
"rev": "853fb44a24b8d3341f52747caa949013121b24b4",
|
||||
"rev": "45272efec5fcb8bc46e303d6ced8bd2ba095a667",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -547,11 +530,11 @@
|
|||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1682024276,
|
||||
"narHash": "sha256-k8qmH9WG3C742OzqQfGmDqKqkqawIT7MwnAabk/OiZo=",
|
||||
"lastModified": 1687314899,
|
||||
"narHash": "sha256-zglbWHHXnqPUnG+oSQ0xKXR4a8hgGEwbEdGr/1Jgfm0=",
|
||||
"owner": "oxalica",
|
||||
"repo": "rust-overlay",
|
||||
"rev": "21afe9cb01cd2bb38335b09f0d0efe9cb6b0f82d",
|
||||
"rev": "417dc5995703ea9edcce098ad59bb4511271cb73",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -579,11 +562,11 @@
|
|||
},
|
||||
"secrets": {
|
||||
"locked": {
|
||||
"lastModified": 1672104460,
|
||||
"narHash": "sha256-y0xXyFWqiED1Nd5M+iGqHkSuhGgveDLn8qGiSdbWBH8=",
|
||||
"lastModified": 1687907247,
|
||||
"narHash": "sha256-5gYT9+zwgOVjtx7RwBjMbLpFQTlw6jwOuRHq0k4BJyo=",
|
||||
"ref": "refs/heads/master",
|
||||
"rev": "38c8c4f4d128c62b63d948115801750d795ec5a6",
|
||||
"revCount": 161,
|
||||
"rev": "000005a0a8830c8b530ce2fd01429ce55c6a05ad",
|
||||
"revCount": 162,
|
||||
"type": "git",
|
||||
"url": "ssh://gitea@gitea.c3d2.de/c3d2-admins/secrets.git"
|
||||
},
|
||||
|
@ -605,11 +588,11 @@
|
|||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1684708973,
|
||||
"narHash": "sha256-043T2U3frUkTUeTMVEKIa90Vowij4v3xsugR30Z4vOc=",
|
||||
"lastModified": 1688934039,
|
||||
"narHash": "sha256-Yqt4fxMVIvoY9sC2AZ6ycaAqqImkITVKjjgXASyKjWo=",
|
||||
"owner": "astro",
|
||||
"repo": "skyflake",
|
||||
"rev": "418cd805973a8d15bdd6b0f4204b6ad2fc436326",
|
||||
"rev": "1024f5c04024cd9af5f8b89e5c09532fed339c6a",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -628,11 +611,11 @@
|
|||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1684032930,
|
||||
"narHash": "sha256-ueeSYDii2e5bkKrsSdP12JhkW9sqgYrUghLC8aDfYGQ=",
|
||||
"lastModified": 1688873469,
|
||||
"narHash": "sha256-9TMSXvXmrr7bDYi+WeskWe/yho9UP01dGbV9vW5bRVc=",
|
||||
"owner": "Mic92",
|
||||
"repo": "sops-nix",
|
||||
"rev": "a376127bb5277cd2c337a9458744f370aaf2e08d",
|
||||
"rev": "b2047c8fc963407916ad3834165309007dc5a1f7",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -644,11 +627,11 @@
|
|||
"spacemsg": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
"lastModified": 1654295718,
|
||||
"narHash": "sha256-lO/mvXrFiJTWX5roRooHg3m6cozvWqJTOxgl5jZ5mGI=",
|
||||
"lastModified": 1688251777,
|
||||
"narHash": "sha256-8sM2GdQ2nJ3YCCF5+ZW0vBNTKL3/ulY1/fmyw++5UQQ=",
|
||||
"owner": "astro",
|
||||
"repo": "spacemsg",
|
||||
"rev": "64c714df0e64de23f77aeb05d74fecf5a7469f11",
|
||||
"rev": "a825a738544e62c285f4497c151a73d417326da2",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -734,11 +717,11 @@
|
|||
"tigger": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
"lastModified": 1682693055,
|
||||
"narHash": "sha256-HYvV0YrQ3r04MrfUaot73xn5V+JaFVX39lADpBaXoYs=",
|
||||
"lastModified": 1688587276,
|
||||
"narHash": "sha256-WsLVsnBYqZxH9QXYJ0Uutqd/g2KNARVNMjd847XLP88=",
|
||||
"owner": "astro",
|
||||
"repo": "tigger",
|
||||
"rev": "5a702c118d413ddb748c7d7225bc3e57a1ad7606",
|
||||
"rev": "0f6a4776eabb0469ef199b65b8955b56b4b3df52",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -806,11 +789,11 @@
|
|||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1684513748,
|
||||
"narHash": "sha256-7UUtvwukw/Mx3wlgfPk9k2sR1J/r3kTgCwSfD5mGezc=",
|
||||
"lastModified": 1688592462,
|
||||
"narHash": "sha256-Uck4ytMTwS3MdBM2NcHFDPUPfnJw25LrDVfXKnfP34Q=",
|
||||
"ref": "refs/heads/master",
|
||||
"rev": "05a140696815d0c85c0b01196946f08a1d170735",
|
||||
"revCount": 1771,
|
||||
"rev": "aa19bcb24f2661fb79d538e2114aafbe65994a2f",
|
||||
"revCount": 1800,
|
||||
"type": "git",
|
||||
"url": "https://gitea.c3d2.de/zentralwerk/network.git"
|
||||
},
|
||||
|
|
71
flake.nix
71
flake.nix
|
@ -8,8 +8,7 @@
|
|||
|
||||
inputs = {
|
||||
# use sandro's fork full with cherry-picked fixes
|
||||
nixos.url = "github:SuperSandro2000/nixpkgs/nixos-22.11";
|
||||
nixos-23-05.url = "github:SuperSandro2000/nixpkgs/nixos-23.05";
|
||||
nixos.url = "github:SuperSandro2000/nixpkgs/nixos-23.05";
|
||||
nixos-hardware.url = "github:nixos/nixos-hardware";
|
||||
|
||||
affection-src = {
|
||||
|
@ -213,14 +212,14 @@
|
|||
};
|
||||
};
|
||||
|
||||
outputs = inputs@{ self, alert2muc, c3d2-user-module, deployment, disko, fenix, heliwatch, microvm, naersk, nixos, nixos-23-05, nixos-hardware, nixos-modules, buzzrelay, caveman, oparl-scraper, scrapers, secrets, skyflake, sshlogd, sops-nix, spacemsg, ticker, tigger, yammat, zentralwerk, ... }:
|
||||
outputs = inputs@{ self, alert2muc, c3d2-user-module, deployment, disko, fenix, heliwatch, microvm, naersk, nixos, nixos-hardware, nixos-modules, buzzrelay, caveman, oparl-scraper, scrapers, secrets, skyflake, sshlogd, sops-nix, spacemsg, ticker, tigger, yammat, zentralwerk, ... }:
|
||||
let
|
||||
inherit (nixos) lib;
|
||||
|
||||
inherit (import ./lib/network.nix { inherit lib zentralwerk; }) hostRegistry;
|
||||
|
||||
libC = {
|
||||
inherit (import ./lib/nginx.nix {}) defaultListen;
|
||||
inherit (import ./lib/nginx.nix {}) defaultListen hqNetworkOnly;
|
||||
};
|
||||
|
||||
overlayList = [
|
||||
|
@ -240,9 +239,12 @@
|
|||
inherit system;
|
||||
|
||||
modules = [
|
||||
(_: {
|
||||
({ pkgs, ... }: {
|
||||
_module.args = {
|
||||
inherit hostRegistry libC nixos ssh-public-keys zentralwerk;
|
||||
|
||||
# TODO: drop!
|
||||
is2305 = (lib.versions.majorMinor pkgs.lib.version) == "23.05";
|
||||
};
|
||||
|
||||
nixpkgs.overlays = overlayList;
|
||||
|
@ -352,7 +354,7 @@
|
|||
{
|
||||
# TODO: migrate to sops
|
||||
nixpkgs.overlays = with secrets.overlays; [
|
||||
freifunk ospf
|
||||
freifunk
|
||||
];
|
||||
}
|
||||
];
|
||||
|
@ -461,7 +463,6 @@
|
|||
self.nixosModules.microvm
|
||||
./hosts/mailtngbert
|
||||
];
|
||||
system = "x86_64-linux";
|
||||
};
|
||||
|
||||
matrix = nixosSystem' {
|
||||
|
@ -493,15 +494,12 @@
|
|||
];
|
||||
};
|
||||
|
||||
mobilizon = nixosSystem' {
|
||||
# TODO: pending https://github.com/NixOS/nixpkgs/pull/119132
|
||||
# cherry-picked by sandro into his 22.11 fork
|
||||
# nixpkgs = inputs.nixos-mobilizon;
|
||||
modules = [
|
||||
self.nixosModules.microvm
|
||||
./hosts/mobilizon
|
||||
];
|
||||
};
|
||||
# mobilizon = nixosSystem' {
|
||||
# modules = [
|
||||
# self.nixosModules.microvm
|
||||
# ./hosts/mobilizon
|
||||
# ];
|
||||
# };
|
||||
|
||||
mucbot = nixosSystem' {
|
||||
modules = [
|
||||
|
@ -561,13 +559,6 @@
|
|||
];
|
||||
};
|
||||
|
||||
oxigraph = nixosSystem' {
|
||||
modules = [
|
||||
self.nixosModules.cluster-options
|
||||
./hosts/oxigraph
|
||||
];
|
||||
};
|
||||
|
||||
pipebert = nixosSystem' {
|
||||
modules = [
|
||||
./hosts/pipebert
|
||||
|
@ -752,13 +743,6 @@
|
|||
./hosts/ticker
|
||||
];
|
||||
};
|
||||
|
||||
tmppleroma = nixosSystem' {
|
||||
modules = [
|
||||
self.nixosModules.cluster-options
|
||||
./hosts/tmppleroma
|
||||
];
|
||||
};
|
||||
};
|
||||
|
||||
nixosModules = {
|
||||
|
@ -786,7 +770,6 @@
|
|||
cluster-network = ./modules/cluster/network.nix;
|
||||
cluster-options.imports = [
|
||||
deployment.nixosModules.deployment-options
|
||||
microvm.nixosModules.microvm
|
||||
./modules/microvm-defaults.nix
|
||||
];
|
||||
microvm.imports = [
|
||||
|
@ -832,19 +815,19 @@
|
|||
in
|
||||
lib.mapAttrs getBuildEntryPoint self.nixosConfigurations
|
||||
# NOTE: left here to have the code as reference if we need something like in the future, eg. on a stable update
|
||||
// lib.mapAttrs' (hostname: nixosSystem: let
|
||||
hostname' = hostname + "-23-05";
|
||||
in lib.nameValuePair
|
||||
hostname' # job display name
|
||||
(getBuildEntryPoint hostname' (nixosSystem' (nixosSystem.args // (with nixosSystem.args; {
|
||||
modules = modules ++ [
|
||||
# {
|
||||
# simd.enable = lib.mkForce true;
|
||||
# }
|
||||
];
|
||||
nixos = nixos-23-05;
|
||||
}))))
|
||||
) self.nixosConfigurations
|
||||
# // lib.mapAttrs' (hostname: nixosSystem: let
|
||||
# hostname' = hostname + "-23-05";
|
||||
# in lib.nameValuePair
|
||||
# hostname' # job display name
|
||||
# (getBuildEntryPoint hostname' (nixosSystem' (nixosSystem.args // (with nixosSystem.args; {
|
||||
# modules = modules ++ [
|
||||
# # {
|
||||
# # simd.enable = lib.mkForce true;
|
||||
# # }
|
||||
# ];
|
||||
# nixos = inputs.nixos-23-05;
|
||||
# }))))
|
||||
# ) self.nixosConfigurations
|
||||
// nixos.lib.filterAttrs (name: attr:
|
||||
(builtins.match ".+-tftproot" name != null && lib.isDerivation attr)
|
||||
) self.packages.aarch64-linux
|
||||
|
|
|
@ -23,7 +23,7 @@
|
|||
enableACME = true;
|
||||
locations = {
|
||||
"/".proxyPass = "http://localhost:${toString config.services.portunus.port}";
|
||||
"/dex".proxyPass ="http://localhost:${toString config.services.portunus.dex.port}";
|
||||
"/dex".proxyPass = "http://localhost:${toString config.services.portunus.dex.port}";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
@ -32,25 +32,59 @@
|
|||
enable = true;
|
||||
dex = {
|
||||
enable = true;
|
||||
oidcClients = [ {
|
||||
oidcClients = [{
|
||||
callbackURL = "https://grafana.hq.c3d2.de/login/generic_oauth";
|
||||
id = "grafana";
|
||||
} ];
|
||||
}];
|
||||
};
|
||||
ldap = {
|
||||
searchUserName = "search";
|
||||
suffix = "dc=c3d2,dc=de";
|
||||
tls = true;
|
||||
};
|
||||
seedPath = ./seed.json;
|
||||
removeAddGroup = true;
|
||||
seedGroups = true;
|
||||
seedSettings = {
|
||||
groups = [
|
||||
{
|
||||
long_name = "Portunus Administrators";
|
||||
name = "admins";
|
||||
manage_members = false;
|
||||
permissions.portunus.is_admin = true;
|
||||
}
|
||||
{
|
||||
long_name = "Search";
|
||||
name = "search";
|
||||
manage_members = false;
|
||||
permissions.ldap.can_read = true;
|
||||
}
|
||||
];
|
||||
users = [
|
||||
{
|
||||
family_name = "Administrator";
|
||||
given_name = "Initial";
|
||||
login_name = "admin";
|
||||
password.from_command = [ "/usr/bin/env" "cat" "/run/secrets/portunus/users/admin-password" ];
|
||||
}
|
||||
{
|
||||
email = "search@c3d2.de";
|
||||
family_name = "-";
|
||||
given_name = "Search";
|
||||
login_name = "search";
|
||||
password.from_command = [ "/usr/bin/env" "cat" "/run/secrets/portunus/users/search-password" ];
|
||||
}
|
||||
];
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
sops = {
|
||||
defaultSopsFile = ./secrets.yaml;
|
||||
secrets."dex/environment" = libS.sops.permissionForUser "dex";
|
||||
secrets."portunus/users/admin-password" = libS.sops.permissionForUser "portunus";
|
||||
secrets."portunus/users/search-password" = libS.sops.permissionForUser "portunus";
|
||||
secrets = {
|
||||
"dex/environment".owner = "dex";
|
||||
"portunus/users/admin-password".owner = "portunus";
|
||||
"portunus/users/search-password".owner = "portunus";
|
||||
};
|
||||
};
|
||||
|
||||
systemd.services.dex.serviceConfig = {
|
||||
|
|
|
@ -1,56 +0,0 @@
|
|||
{
|
||||
"groups": [
|
||||
{
|
||||
"long_name": "Portunus Administrators",
|
||||
"name": "admins",
|
||||
"permissions": {
|
||||
"portunus": {
|
||||
"is_admin": true
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"long_name": "Search",
|
||||
"name": "search",
|
||||
"permissions": {
|
||||
"ldap": {
|
||||
"can_read": true
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"long_name": "Gitea Administrators",
|
||||
"name": "gitea-admins",
|
||||
"permissions": {}
|
||||
},
|
||||
{
|
||||
"long_name": "Grafana Administrators",
|
||||
"name": "grafana-admins",
|
||||
"permissions": {}
|
||||
},
|
||||
{
|
||||
"long_name": "Hydra Administrators",
|
||||
"name": "hydra-admins",
|
||||
"permissions": {}
|
||||
}
|
||||
],
|
||||
"users": [
|
||||
{
|
||||
"family_name": "Administrator",
|
||||
"given_name": "Initial",
|
||||
"login_name": "admin",
|
||||
"password": {
|
||||
"from_command": [ "/usr/bin/env", "cat", "/run/secrets/portunus/users/admin-password" ]
|
||||
}
|
||||
},
|
||||
{
|
||||
"email": "search@c3d2.de",
|
||||
"family_name": "-",
|
||||
"given_name": "Search",
|
||||
"login_name": "search",
|
||||
"password": {
|
||||
"from_command": [ "/usr/bin/env", "cat", "/run/secrets/portunus/users/search-password" ]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
|
@ -9,6 +9,7 @@ let
|
|||
${bind}/sbin/rndc -k /etc/bind/rndc.key $@
|
||||
}
|
||||
|
||||
chmod a+rwx /var/lib/c3d2-dns/zones
|
||||
rndc freeze
|
||||
rndc reload
|
||||
rndc thaw
|
||||
|
@ -79,12 +80,10 @@ in
|
|||
secrets = {
|
||||
"ssh-keys/c3d2-dns/private" = {
|
||||
owner = "c3d2-dns";
|
||||
mode = "400";
|
||||
path = "/var/lib/c3d2-dns/.ssh/id_ed25519";
|
||||
};
|
||||
"ssh-keys/c3d2-dns/public" = {
|
||||
owner = "c3d2-dns";
|
||||
mode = "440";
|
||||
path = "/var/lib/c3d2-dns/.ssh/id_ed25519.pub";
|
||||
};
|
||||
};
|
||||
|
|
|
@ -6,10 +6,20 @@
|
|||
|
||||
networking.hostName = "blogs";
|
||||
|
||||
# See secrets/hosts/blogs for the .env file with all settings
|
||||
services.plume = {
|
||||
enable = true;
|
||||
envFile = config.sops.secrets."plume/env".path;
|
||||
services = {
|
||||
nginx = {
|
||||
enable = true;
|
||||
virtualHosts."blogs.c3d2.de" = {
|
||||
forceSSL = true;
|
||||
enableACME = true;
|
||||
locations."/".proxyPass = "http://localhost:7878";
|
||||
};
|
||||
};
|
||||
plume = {
|
||||
enable = true;
|
||||
# See secrets/hosts/blogs for the .env file with all settings
|
||||
envFile = config.sops.secrets."plume/env".path;
|
||||
};
|
||||
};
|
||||
|
||||
sops = {
|
||||
|
@ -17,15 +27,8 @@
|
|||
defaultSopsFile = ./secrets.yaml;
|
||||
secrets = {
|
||||
"plume/env".owner = config.systemd.services.plume.serviceConfig.User;
|
||||
};
|
||||
};
|
||||
|
||||
services.nginx = {
|
||||
enable = true;
|
||||
virtualHosts."blogs.c3d2.de" = {
|
||||
forceSSL = true;
|
||||
enableACME = true;
|
||||
locations."/".proxyPass = "http://localhost:7878";
|
||||
"restic/password".owner = "root";
|
||||
"restic/repository/server8".owner = "root";
|
||||
};
|
||||
};
|
||||
|
||||
|
|
|
@ -1,5 +1,9 @@
|
|||
plume:
|
||||
env: ENC[AES256_GCM,data:V7pEExE5jGT7JSCejzo1m0QlMgpKuaF5CnHvR7LCvTJSgoCeeNW9ImtVk8MtqtoRngH45jgseuC5wZNzXSMG/ltQ4c3ThDcxKP5ngLmEZ3tOqSlIdV/A3S4ww4f/UAx8YpNY4c/LlL9NuCcfpHyC4zwRFrD6odCSk7BUT0BU+zxOBDpQDAHscBz+YYTbb3cJ7iGYg1fXS6wLJHutf0eXYF5VNcc80SISEfbR+bs9t2f7Dg==,iv:3n+EDT9TO5VxCS6rXZiNKpxtCWeCDi6YT3dQsrECNmU=,tag:ysWwxhR1JNJ7WUM28TIQig==,type:str]
|
||||
restic:
|
||||
password: ENC[AES256_GCM,data:5SUmmFclsGFskWM1E0qOQN0TDB7sllEBnDFslUHTqZs=,iv:WoWtaR4byoRjnZaakBhZYHfzBFKrJ1g3ylWj6Vkom2Y=,tag:0M+MXU8Xe3Ig50rmaqwzjA==,type:str]
|
||||
repository:
|
||||
server8: ENC[AES256_GCM,data:rhZ8jaqrsZ8caom64m32D8O8qgr4KXJwzm8q8+UlcpXdMfcXVlzNkTW+Lq5D/nXJ6KUoBV4zeYNwzLgbjPd2xTJYAlUbGC039Fd8ZI19v+PZsypMAtbf4PpYQPwy1LtJ,iv:QkX5Iy7iB9yRj9YI6I1YHNXmdhF0FaUYJTOAXgJc8II=,tag:EanCBxAJQ0jH17tMkCo1kA==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
|
@ -24,8 +28,8 @@ sops:
|
|||
andNczl4SzJaeDNpQ1dhNm1PcUc0eTQKR/hEIrWWsixnW5HGb4D0Hg6RTA22NBqq
|
||||
2QeYsLP2QALu/+y+ljewr9K2nYOb70NOrx5FKD3cAgtq8871Lf59fQ==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2021-12-25T00:52:22Z"
|
||||
mac: ENC[AES256_GCM,data:g6rMFoNx35MN495v1jKB13isssJ3GbKqyI7PdA796leFuRVgAlj6aUBI99vX+SpA1LpBYkUOu6OeV1EOHtpKlchbS4/FnO5oM0AOpoNux9yjQbeC3CM6soUzHn2+cJrnGMlgPC0sX0kcHVTFKF1aJsa+uLlkKD+F1SSJboz+P7c=,iv:i5I8FDU+j7l5UxgurA3Me2b/4zE7W1Ck3ckmQPqKWrM=,tag:gZCL8bo1YVoLZlxjyTupzw==,type:str]
|
||||
lastmodified: "2023-06-05T19:00:16Z"
|
||||
mac: ENC[AES256_GCM,data:irZqZZ3wz8N1JUcX7GSM2FTdLlek49fvF2Uh6SJiwkMTizsKBhBF3RzD8nN2eh0fFkMuK5kjc24S1GRQwfPY/mBOEXfKXUn+3RRAE99UgUfgPFc+IEMH70AOl8mrsfOUXzVmkW2gDmxL900eyMIJIjWTgKd1B/jsUDiEwSeSpU4=,iv:eziRYdbRlwD809J22CmHU462es9MD/O1z6rFBB2wNrI=,tag:3+D4ngcpbZcL50Mfq7S8qA==,type:str]
|
||||
pgp:
|
||||
- created_at: "2022-12-26T19:09:33Z"
|
||||
enc: |
|
||||
|
@ -200,4 +204,4 @@ sops:
|
|||
-----END PGP MESSAGE-----
|
||||
fp: DD0998E6CDF294537FC604F991FA5E5BF9AA901C
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.7.1
|
||||
version: 3.7.3
|
||||
|
|
|
@ -6,7 +6,7 @@
|
|||
};
|
||||
|
||||
microvm = {
|
||||
mem = 1024;
|
||||
mem = 512;
|
||||
vcpu = 8;
|
||||
};
|
||||
|
||||
|
|
|
@ -4,8 +4,8 @@ let
|
|||
in
|
||||
{
|
||||
microvm = {
|
||||
vcpu = 8;
|
||||
mem = 1024;
|
||||
vcpu = 4;
|
||||
mem = 2 * 1024; # drone-ssh-runner clones the git repo which requires some RAM
|
||||
};
|
||||
c3d2.deployment = {
|
||||
# /tmp is to small for drone to clone the repo even with depth
|
||||
|
@ -130,42 +130,46 @@ in
|
|||
language = "de";
|
||||
};
|
||||
|
||||
systemd.services = {
|
||||
# lets agate access the tls certs
|
||||
agate = {
|
||||
requires = [ "agate-keys.service" ];
|
||||
after = [ "agate-keys.service" ];
|
||||
serviceConfig = {
|
||||
Group = "keys";
|
||||
systemd = {
|
||||
packages = with pkgs; [ telme10 ];
|
||||
services = {
|
||||
# lets agate access the tls certs
|
||||
agate = {
|
||||
requires = [ "agate-keys.service" ];
|
||||
after = [ "agate-keys.service" ];
|
||||
serviceConfig = {
|
||||
Group = "keys";
|
||||
};
|
||||
};
|
||||
agate-keys = {
|
||||
path = with pkgs; [ openssl ];
|
||||
script =
|
||||
let
|
||||
stateDir = "/var/lib/agate/certificates";
|
||||
in
|
||||
''
|
||||
mkdir -p ${stateDir}
|
||||
openssl x509 \
|
||||
-in /var/lib/acme/www.c3d2.de/cert.pem \
|
||||
-out ${stateDir}/cert.der \
|
||||
-outform DER
|
||||
openssl rsa \
|
||||
-in /var/lib/acme/www.c3d2.de/key.pem \
|
||||
-out ${stateDir}/key.der \
|
||||
-outform DER
|
||||
chown root:keys ${stateDir}/*
|
||||
chmod 0640 ${stateDir}/*
|
||||
'';
|
||||
serviceConfig = {
|
||||
Type = "oneshot";
|
||||
};
|
||||
};
|
||||
telme10 = {
|
||||
serviceConfig.AmbientCapabilities = "CAP_NET_BIND_SERVICE";
|
||||
};
|
||||
};
|
||||
agate-keys = {
|
||||
path = with pkgs; [ openssl ];
|
||||
script =
|
||||
let
|
||||
stateDir = "/var/lib/agate/certificates";
|
||||
in
|
||||
''
|
||||
mkdir -p ${stateDir}
|
||||
openssl x509 \
|
||||
-in /var/lib/acme/www.c3d2.de/cert.pem \
|
||||
-out ${stateDir}/cert.der \
|
||||
-outform DER
|
||||
openssl rsa \
|
||||
-in /var/lib/acme/www.c3d2.de/key.pem \
|
||||
-out ${stateDir}/key.der \
|
||||
-outform DER
|
||||
chown root:keys ${stateDir}/*
|
||||
chmod 0640 ${stateDir}/*
|
||||
'';
|
||||
serviceConfig = {
|
||||
Type = "oneshot";
|
||||
};
|
||||
};
|
||||
telm10 = {
|
||||
path = with pkgs; [ telme10 ];
|
||||
serviceConfig.AmbientCapabilities = "CAP_NET_BIND_SERVICE";
|
||||
};
|
||||
|
||||
sockets.telme10.wantedBy = [ "sockets.target" ];
|
||||
};
|
||||
|
||||
users = {
|
||||
|
|
|
@ -90,8 +90,10 @@ in
|
|||
"compat_uts_machine=armv6l"
|
||||
];
|
||||
|
||||
tmpOnTmpfs = true;
|
||||
tmpOnTmpfsSize = "80%";
|
||||
tmp = {
|
||||
useTmpfs = true;
|
||||
tmpfsSize = "80%";
|
||||
};
|
||||
};
|
||||
# hardware.raspberry-pi."4" = {
|
||||
# fkms-3d.enable = true;
|
||||
|
@ -107,7 +109,6 @@ in
|
|||
hostName = "dacbert"; # Define your hostname.
|
||||
useDHCP = false;
|
||||
interfaces.eth0.useDHCP = true;
|
||||
firewall.enable = false;
|
||||
};
|
||||
|
||||
nix = {
|
||||
|
|
|
@ -6,7 +6,7 @@ in
|
|||
{
|
||||
c3d2.deployment.server = "server10";
|
||||
|
||||
microvm.mem = 4 * 1024;
|
||||
microvm.mem = 2 * 1024;
|
||||
|
||||
networking.hostName = "drone";
|
||||
|
||||
|
@ -91,6 +91,8 @@ in
|
|||
secrets = {
|
||||
"drone/runner/environmentFile".owner = "drone";
|
||||
"drone/server/environmentFile".owner = "drone";
|
||||
"restic/password".owner = "root";
|
||||
"restic/repository/server8".owner = "root";
|
||||
};
|
||||
};
|
||||
|
||||
|
|
|
@ -5,6 +5,10 @@ drone:
|
|||
environmentFile: ENC[AES256_GCM,data:XpLbXxOpCmwUGo5t6QnYCcOYko9telMXil9pbyFTkX/1MV5SE41s8+Ap0qmn5/ZvzK7BOZ+yFgi3dPJ323mFwW9v36OWD+ZwHjp0kLHHwfx+UFqinC8mbzm5SZq34JQ31IzOfOCdzhg6WG9SBD8Rf5RYnKCPQdwTDwISgGRWZZQi629KncXAU1evQ1ur98ClwBaGQ7ndasf/D5quvd/lUvks88HrCzbKTtASQDg2SjMko+gZ5YUEmeZsiEAJ3kwGi4gSsaDXvSRqmdxZhEITGNaCPcvP0hUSaVupIxPGs1hnzpXJ4NHxirP4CDKUOFXc4fKBRw1TRdYt9YE4qSaKqWaifGgLFYHKpFLtpDL2yMjIzLJIBvbyH/qV7/ygwzhH8j2oVkh7Yjll58xea3wEFpBzlbUGH4CNfFa4MGqB26hdxfXbDnjDqwbXYZo=,iv:09r5M6rfW7wXyGxRBv7MDpzrhHfdl5LK7fWljHd3nok=,tag:WgoNwv/2SdmUSux7lcPenQ==,type:str]
|
||||
#ENC[AES256_GCM,data:Afc9MGFPONPTPzLJChaf1vX5B9yPXvrV+80/MViHSaw+M7qzt7ZDjzxTd80z/HHPYO0fw8HR4HJIrIfv3a0gGA==,iv:NFNtzIOXa9Mm8iKbEpiwYEBpr9JAT2nzITlCL/Z31S8=,tag:jB9JU2UoVUH+2+aJMzGO7A==,type:comment]
|
||||
ssh-keys: ENC[AES256_GCM,data:ZIqzARLWjqCmIDDZoXkLPoxL6PIewry6ys5TeZuqrrxzmmUA57GrVQP1tJW0cfAvgW+56u/JI9ssFSFvGOFrB78Q6G3uX8nQ54gDFalzbYPbSXGWyowAbA+fZ+/b3wwrCHcFuoN/6Ej5bP7EYLOwRwqwxrwxt9AQNGvCyYNExblMT32y3Lo0gYk2wdLulwaZ+5RB47Qi9RqtQXB4dGKzTEo/UKMghO4FoHwY5wxvmmGAdPjYyIhALve6WNgULX/+JabuSlnZfxySyfXaPpaBqdHGvqrM59nTYHvX2HL90sxoyQihro0QDPVXRzvyiF35v3MfZZAPMgmlyo7Q1C2/Hs+MoB3rzPxwRNOS+MS0bbh2SfM/dM75i02QjA2B5dI6pZZThCaeg8eFs1AIxRvuXSPoRXrle8zr/Gb++GUDLZqdHlq8m4roMQtuXzJEYts59z8JOjoguXQ4jydAzPViWRAHN52IXzluaXHEvMgrtZBMG3/FazVvSSJW5x3KDUFedcsafNjeFNoVpkxdBxNCnDrWDczCHqf4Nt29z/VG7urmJrImkSMcGdTgloDI2VAFaCxAiVvGRfM4QNnGoRMPW5z2mir38yutfq7PV498K7ns1SkhaEKFu4Gx8HBhvYsV0GXSCup+xIhCPz1E,iv:a4IDvnBlgcSLlA7v5TZW6ZzlUe0UA8yU3Mp5Bzk3BHQ=,tag:ioEokhnx9jBLlL/fKDoVzg==,type:str]
|
||||
restic:
|
||||
password: ENC[AES256_GCM,data:rBbfglIE6DAlL8SAdhGIquR7oj+qusjV1xPGWfrAADw=,iv:7mYmLy7+ymf/qsKefedx854s2/+aglrU796Bgdyi/+A=,tag:Kd2RDXOGdcKSsDhPDEbHLQ==,type:str]
|
||||
repository:
|
||||
server8: ENC[AES256_GCM,data:vOLtJmuwAwE/Gena0HuG0J4LtPqp41UAi1Fgy0xWLzVBkTiiR5m2Ab99w3nZKGxlK/OuWp34c/fYIn7SLjgRxJB2nzjkFIjAy4lAwcKbTVg9riXLiRZChjcLf5D5XnVL,iv:wdfE3ZeXOZa0YcvBeErGh/JpKAuvMHG7M9VsSNH2e8s=,tag:PRitZnspqA10dTGqkUmBpw==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
|
@ -29,8 +33,8 @@ sops:
|
|||
QUVobWZTWU1zMlhFRVVZVmZnbmRFQjAKsdNmKUyH8ThvrkFt2m2dseAhhxx9/Nr1
|
||||
PWtyKJx49hWqdq8QB/UlhdCRP4fWV/ENOLxkxx3R3YipY/439DNWLg==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2023-03-23T00:35:14Z"
|
||||
mac: ENC[AES256_GCM,data:l7MKr4ccaWDyjLuJz//tDP5cjnXlzhWazfhQ2lJmwiMj/Xw6xKnlIbkNisXyGRXdbRUTDU3IPkrsxOJi72ujWzjxLmzsYRMxwkn9X9vfkIadOTlQPQNqdUJEWD1rq/e1vDpX5kMOlgq5m5Qnx6V0lSIi2YDlWrhaxXdfwGWJSlc=,iv:QPgaRw3cOe58ZstztoVUpPZUwuFqojSu+7zrADpDyWc=,tag:cIacOsetiA/tZYHcmQnIAw==,type:str]
|
||||
lastmodified: "2023-05-23T18:29:18Z"
|
||||
mac: ENC[AES256_GCM,data:SVKmp7PQHyHZgF2Fud9ubI4Nn5j28AC8U8CxBAlJ09a6PaTT/yjTSz8Dn8rD8LEXLgf4hO95veO7WjBL6U9aNG2Wvu9ARLutE8e/CvWEzSshZJCaWX2mtkMm7IT/kC/LNW9sMsU+8Gi2WwAxFLVc2jMb6eMTfUEIABYi12dDk64=,iv:0kW6F5OL6IQV8zL5b138EjorHgi3ZFvO/54+9yNtAOQ=,tag:EOlHr8u2Toirqkwrmm9byA==,type:str]
|
||||
pgp:
|
||||
- created_at: "2023-01-29T20:31:40Z"
|
||||
enc: |
|
||||
|
|
|
@ -55,13 +55,15 @@ in {
|
|||
"${modulesPath}/profiles/minimal.nix"
|
||||
];
|
||||
|
||||
boot.tmpOnTmpfs = true;
|
||||
boot.postBootCommands = ''
|
||||
if [ ! -c /dev/net/tun ]; then
|
||||
mkdir -p /dev/net
|
||||
mknod -m 666 /dev/net/tun c 10 200
|
||||
fi
|
||||
'';
|
||||
boot = {
|
||||
postBootCommands = ''
|
||||
if [ ! -c /dev/net/tun ]; then
|
||||
mkdir -p /dev/net
|
||||
mknod -m 666 /dev/net/tun c 10 200
|
||||
fi
|
||||
'';
|
||||
tmp.useTmpfs = true;
|
||||
};
|
||||
c3d2 = {
|
||||
hq.statistics.enable = true;
|
||||
deployment = {
|
||||
|
@ -123,6 +125,9 @@ in {
|
|||
group = "systemd-network";
|
||||
mode = "0440";
|
||||
};
|
||||
secrets."bird/ospf/auth" = {
|
||||
owner = "bird2";
|
||||
};
|
||||
};
|
||||
|
||||
# unbreak wg-vpn6 ingress path
|
||||
|
@ -316,6 +321,7 @@ in {
|
|||
systemd.services.sysinfo-json = {
|
||||
script = ''
|
||||
${sysinfo-json}/bin/bmxddump.sh
|
||||
mkdir -p /run/nginx
|
||||
${sysinfo-json}/bin/sysinfo-json.cgi > /run/nginx/sysinfo.json
|
||||
'';
|
||||
};
|
||||
|
@ -328,6 +334,8 @@ in {
|
|||
# Advertise Freifunk routes to ZW core
|
||||
services.bird2 = {
|
||||
enable = true;
|
||||
# nix-build cannot access /run/secrets/
|
||||
checkConfig = false;
|
||||
config = ''
|
||||
protocol kernel K4 {
|
||||
ipv4 {
|
||||
|
@ -385,8 +393,7 @@ in {
|
|||
interface "core" {
|
||||
hello 10;
|
||||
wait 20;
|
||||
authentication cryptographic;
|
||||
password "${pkgs.zentralwerk-ospf-message-digest-key}";
|
||||
include "${config.sops.secrets."bird/ospf/auth".path}";
|
||||
};
|
||||
};
|
||||
}
|
||||
|
@ -399,8 +406,7 @@ in {
|
|||
interface "core" instance ${toString zentralwerk.lib.config.site.hosts.freifunk.ospf.upstreamInstance} {
|
||||
hello 10;
|
||||
wait 20;
|
||||
authentication cryptographic;
|
||||
password "${pkgs.zentralwerk-ospf-message-digest-key}";
|
||||
include "${config.sops.secrets."bird/ospf/auth".path}";
|
||||
};
|
||||
};
|
||||
}
|
||||
|
@ -413,8 +419,7 @@ in {
|
|||
interface "core" {
|
||||
hello 10;
|
||||
wait 20;
|
||||
authentication cryptographic;
|
||||
password "${pkgs.zentralwerk-ospf-message-digest-key}";
|
||||
include "${config.sops.secrets."bird/ospf/auth".path}";
|
||||
};
|
||||
};
|
||||
}
|
||||
|
@ -433,8 +438,7 @@ in {
|
|||
interface "core" instance ${toString zentralwerk.lib.config.site.hosts.${upstream}.ospf.upstreamInstance} {
|
||||
hello 10;
|
||||
wait 20;
|
||||
authentication cryptographic;
|
||||
password "${pkgs.zentralwerk-ospf-message-digest-key}";
|
||||
include "${config.sops.secrets."bird/ospf/auth".path}";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
@ -453,8 +457,7 @@ in {
|
|||
interface "core" instance ${toString zentralwerk.lib.config.site.hosts.${upstream}.ospf.upstreamInstance} {
|
||||
hello 10;
|
||||
wait 20;
|
||||
authentication cryptographic;
|
||||
password "${pkgs.zentralwerk-ospf-message-digest-key}";
|
||||
include "${config.sops.secrets."bird/ospf/auth".path}";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
@ -479,7 +482,7 @@ in {
|
|||
sysinfo-json = {
|
||||
alias = "/run/nginx/sysinfo.json";
|
||||
extraConfig = ''
|
||||
add_header Content-Type "application/json;charset=UTF-8";
|
||||
default_type application/json;charset=UTF-8;
|
||||
'';
|
||||
};
|
||||
in {
|
||||
|
|
|
@ -1,6 +1,9 @@
|
|||
wireguard:
|
||||
vpn6:
|
||||
privateKey: ENC[AES256_GCM,data:5xvDSbVz2r1D8MZVMgKxIeXD5oRTfXD1RfBukHaOxBz6QaDiUjK7IfZRFlw=,iv:jXZSguJofezFvOplCrRokH9vUGP67fQPkb3fea9uKYU=,tag:JXCD+ngAtAFRmf7NhP0wCQ==,type:str]
|
||||
bird:
|
||||
ospf:
|
||||
auth: ENC[AES256_GCM,data:a3lfAIOZhm8oD2bcOsb3vfIh47EqRVsyuPp8EbVYqzCbTLDADj2R0D7C9E0a/vxIXa0ibrBHdFliLG8=,iv:91lsSop8QBT/rlmxE11gcU/voKkV8HJ9ESZEco5i2DU=,tag:ytzqbP75vzt0JiHW1mvD6w==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
|
@ -25,8 +28,8 @@ sops:
|
|||
YklwNTFsUVZCU1RwZXlPeUJ6VW5iZ00KQqK0K0sizbBsKoZdfjo2QL3+syc5DQJq
|
||||
lL77+ChtwzssaX6d0zCwsoES28n1bNDN65n39K3gBmjTiSFSouvmtA==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2022-06-13T19:00:35Z"
|
||||
mac: ENC[AES256_GCM,data:RhGB+CNoIAGr6W1WxDpquG76FLZ0REF5OZwvD3DyfNxNai8XzqqDEsY6XneQ0Ac992kAcXdxleYDYC6keokvkOgnNmr+Buc4+rnASAReyRN19lIUWNjAB6oZWjqwEY2lrwklJc/yi+2LOuaigVsOLxOiMtpTs+QVtofRlmNpbGU=,iv:IqZGKWXKYTGP6m+9wb6j7sSVrSJZ++F/CcL/r2LaSYQ=,tag:6MLFHzcEayEGKtIxWZoljg==,type:str]
|
||||
lastmodified: "2023-06-26T23:30:17Z"
|
||||
mac: ENC[AES256_GCM,data:XmY5EdBpYIcg917fhafs4PyNQZU8qxAiSIf8oe8KUXl4//ZEuS8O4hUd21XExRlBa9hQEP2W6J7FFRkfNZLHF6xtYWVWo0qWWe+twwZ/tt/LEygZspYu5G+AH/uoPRmL5XWXzKhO4p80BUxIZzLT9hvgwSMNIYFnliBecP9R7i4=,iv:5uRHki4OpT+BmxtdOzpbvdBwYDLEB7sX0yvi/R9W0dY=,tag:taeVkVqSoy13dNDSduKbIQ==,type:str]
|
||||
pgp:
|
||||
- created_at: "2022-12-26T19:09:40Z"
|
||||
enc: |
|
||||
|
|
|
@ -42,7 +42,6 @@
|
|||
|
||||
ldap = {
|
||||
enable = true;
|
||||
adminGroup = "gitea-admins";
|
||||
bindPasswordFile = config.sops.secrets."gitea/ldapSearchUserPassword".path;
|
||||
};
|
||||
|
||||
|
@ -146,7 +145,7 @@
|
|||
sops = {
|
||||
defaultSopsFile = ./secrets.yaml;
|
||||
secrets = {
|
||||
"gitea/ldapSearchUserPassword" = libS.sops.permissionForUser "gitea";
|
||||
"gitea/ldapSearchUserPassword".owner = "gitea";
|
||||
"restic/password".owner = "root";
|
||||
"restic/repository/server8".owner = "root";
|
||||
};
|
||||
|
|
|
@ -136,5 +136,5 @@
|
|||
extraGroups = [ "networkmanager" ];
|
||||
};
|
||||
|
||||
system.stateVersion = "22.11"; # Did you read the comment?
|
||||
system.stateVersion = "22.11";
|
||||
}
|
||||
|
|
|
@ -8,10 +8,7 @@
|
|||
mem = 1024;
|
||||
};
|
||||
|
||||
networking = {
|
||||
hostName = "gnunet";
|
||||
firewall.enable = false;
|
||||
};
|
||||
networking.hostName = "gnunet";
|
||||
|
||||
services.gnunet = {
|
||||
enable = true;
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
{ config, pkgs, ... }:
|
||||
{ config, lib, pkgs, ... }:
|
||||
|
||||
{
|
||||
microvm.mem = 4096;
|
||||
|
@ -71,6 +71,7 @@
|
|||
users.allow_sign_up = false;
|
||||
};
|
||||
};
|
||||
|
||||
influxdb =
|
||||
let
|
||||
collectdTypes = pkgs.runCommand "collectd-types" { } ''
|
||||
|
@ -92,6 +93,7 @@
|
|||
}];
|
||||
};
|
||||
};
|
||||
|
||||
nginx = {
|
||||
enable = true;
|
||||
virtualHosts = {
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
{ config, pkgs, ... }:
|
||||
{ config, lib, pkgs, ... }:
|
||||
|
||||
{
|
||||
c3d2.deployment.server = "server10";
|
||||
|
@ -12,6 +12,7 @@
|
|||
|
||||
hedgedoc = {
|
||||
enable = true;
|
||||
ldap.enable = true;
|
||||
settings = {
|
||||
allowAnonymousEdits = true;
|
||||
allowFreeURL = true;
|
||||
|
@ -27,16 +28,6 @@
|
|||
};
|
||||
defaultPermission = "freely";
|
||||
domain = "hedgedoc.c3d2.de";
|
||||
# TODO: move to nixos-modules
|
||||
ldap = {
|
||||
url = "ldaps://auth.c3d2.de";
|
||||
bindDn = "uid=search,ou=users,dc=c3d2,dc=de";
|
||||
bindCredentials = "$bindCredentials";
|
||||
searchBase = "ou=users,dc=c3d2,dc=de";
|
||||
searchFilter = "(&(objectclass=person)(uid={{username}}))";
|
||||
tlsca = "/etc/ssl/certs/ca-certificates.crt";
|
||||
useridField = "uid";
|
||||
};
|
||||
loglevel = "warn";
|
||||
protocolUseSSL = true;
|
||||
sessionSecret = "$sessionSecret";
|
||||
|
|
|
@ -1,8 +1,7 @@
|
|||
{ config, pkgs, ... }:
|
||||
{ config, lib, pkgs, ... }:
|
||||
|
||||
let
|
||||
c3d2MacAddress = "00:0b:ad:00:1d:ea";
|
||||
|
||||
in
|
||||
{
|
||||
c3d2.deployment.server = "server10";
|
||||
|
@ -93,7 +92,7 @@ in
|
|||
ATTRS="${ldap.userField}"
|
||||
CLIENT="ldapsearch"
|
||||
DEBUG=0
|
||||
FILTER="${ldap.groupFilter "home-assistant"}"
|
||||
FILTER="${ldap.groupFilter "home-assistant-users"}"
|
||||
NAME_ATTR="${ldap.userField}"
|
||||
SCOPE="base"
|
||||
SERVER="ldaps://${ldap.domainName}"
|
||||
|
@ -175,9 +174,7 @@ in
|
|||
portunus.addToHosts = true;
|
||||
};
|
||||
|
||||
sops = {
|
||||
defaultSopsFile = ./secrets.yaml;
|
||||
};
|
||||
sops.defaultSopsFile = ./secrets.yaml;
|
||||
|
||||
system.stateVersion = "22.11";
|
||||
}
|
||||
|
|
|
@ -16,8 +16,10 @@ in
|
|||
};
|
||||
|
||||
boot = {
|
||||
tmpOnTmpfs = true;
|
||||
tmpOnTmpfsSize = "80%";
|
||||
tmp = {
|
||||
useTmpfs = true;
|
||||
tmpfsSize = "80%";
|
||||
};
|
||||
kernelModules = [ "kvm-intel" ];
|
||||
kernelParams = [ "mitigations=off" "preempt=none" ];
|
||||
loader = {
|
||||
|
@ -29,15 +31,48 @@ in
|
|||
};
|
||||
|
||||
nix = {
|
||||
buildMachines = [{
|
||||
hostName = "client@dacbert.hq.c3d2.de";
|
||||
system = lib.concatStringsSep "," [
|
||||
# "aarch64-linux" # very slow compared to gallium
|
||||
"armv6l-linux" "armv7l-linux"
|
||||
];
|
||||
supportedFeatures = [ "kvm" "nixos-test" ];
|
||||
maxJobs = 1;
|
||||
}];
|
||||
buildMachines = let
|
||||
localPlatforms = feature: !(builtins.elem feature [ "x86_64-linux" "i686-linux" ]);
|
||||
# strips features that don't make sense on qemu-user
|
||||
extraPlatforms = builtins.filter localPlatforms config.nix.settings.extra-platforms;
|
||||
in [
|
||||
{
|
||||
hostName = "localhost";
|
||||
maxJobs = config.nix.settings.max-jobs;
|
||||
protocol = null;
|
||||
speedFactor = 10;
|
||||
supportedFeatures = config.nix.settings.system-features;
|
||||
systems = [ "x86_64-linux" "i686-linux" ];
|
||||
}
|
||||
# # local container to have an extra nix daemon for binfmt
|
||||
# # NOTE: currently very, very slow and usually builds do not finish in any amount of time
|
||||
# {
|
||||
# hostName = "root@192.168.100.3";
|
||||
# maxJobs = 4;
|
||||
# speedFactors = 20;
|
||||
# supportedFeatures = [ "big-parallel" "nixos-test" "benchmark" ];
|
||||
# systems = lib.concatStringsSep "," extraPlatforms;
|
||||
# }
|
||||
{
|
||||
hostName = "client@dacbert.hq.c3d2.de";
|
||||
system = lib.concatStringsSep "," [
|
||||
# "aarch64-linux" # very slow compared to gallium
|
||||
"armv6l-linux" "armv7l-linux"
|
||||
];
|
||||
speedFactor = 1;
|
||||
supportedFeatures = [ "kvm" "nixos-test" ];
|
||||
maxJobs = 1;
|
||||
}
|
||||
{
|
||||
hostName = "gallium.supersandro.de";
|
||||
maxJobs = 4;
|
||||
speedFactor = 10;
|
||||
sshUser = config.nix.remoteBuilder.name;
|
||||
# kvm is not supported because /dev/kvm does not exist
|
||||
supportedFeatures = [ "big-parallel" "nixos-test" "benchmark" ];
|
||||
system = "aarch64-linux";
|
||||
}
|
||||
];
|
||||
daemonCPUSchedPolicy = "idle";
|
||||
daemonIOSchedClass = "idle";
|
||||
daemonIOSchedPriority = 7;
|
||||
|
@ -145,7 +180,6 @@ in
|
|||
networking = {
|
||||
hostId = "3f0c4ec4";
|
||||
hostName = "hydra";
|
||||
firewall.enable = false;
|
||||
nameservers = [ "172.20.73.8" "9.9.9.9" ];
|
||||
# nat = {
|
||||
# enable = true;
|
||||
|
@ -167,12 +201,7 @@ in
|
|||
"/var/lib/hydra/machines"
|
||||
];
|
||||
hydraURL = "https://hydra.hq.c3d2.de";
|
||||
ldap = {
|
||||
enable = true;
|
||||
roleMappings = [
|
||||
{ hydra-admins = "admin"; }
|
||||
];
|
||||
};
|
||||
ldap.enable = true;
|
||||
logo = ./c3d2.svg;
|
||||
minimumDiskFree = 50;
|
||||
minimumDiskFreeEvaluator = 50;
|
||||
|
@ -254,7 +283,6 @@ in
|
|||
"ldap/search-user-pw" = {
|
||||
mode = "440";
|
||||
owner = config.users.users.hydra-queue-runner.name;
|
||||
inherit (config.users.users.hydra-queue-runner) group;
|
||||
path = "/var/lib/hydra/ldap-password.conf";
|
||||
};
|
||||
"machine-id" = {
|
||||
|
@ -267,13 +295,11 @@ in
|
|||
"nix/signing-key/secretKey" = {
|
||||
mode = "440";
|
||||
owner = config.users.users.hydra-queue-runner.name;
|
||||
inherit (config.users.users.hydra-queue-runner) group;
|
||||
};
|
||||
"restic/password".owner = "root";
|
||||
"restic/repository/server8".owner = "root";
|
||||
"ssh-keys/hydra/private" = {
|
||||
owner = "hydra";
|
||||
mode = "400";
|
||||
path = "/var/lib/hydra/.ssh/id_ed25519";
|
||||
};
|
||||
"ssh-keys/hydra/public" = {
|
||||
|
@ -283,7 +309,6 @@ in
|
|||
};
|
||||
"ssh-keys/root/private" = {
|
||||
owner = "hydra-queue-runner";
|
||||
mode = "400";
|
||||
path = "/var/lib/hydra/queue-runner/.ssh/id_ed25519";
|
||||
};
|
||||
"ssh-keys/root/public" = {
|
||||
|
@ -293,7 +318,6 @@ in
|
|||
};
|
||||
"ssh-keys/updater/private" = {
|
||||
owner = "updater";
|
||||
mode = "400";
|
||||
path = "/var/lib/updater/.ssh/id_ed25519";
|
||||
};
|
||||
"ssh-keys/updater/public" = {
|
||||
|
@ -314,24 +338,6 @@ in
|
|||
MemorySwapMax = "64G";
|
||||
};
|
||||
|
||||
hydra-init.preStart = let
|
||||
localPlatforms = feature: !(builtins.elem feature [ "x86_64-linux" "i686-linux" ]);
|
||||
# strips features that don't make sense on qemu-user
|
||||
extraPlatforms = builtins.filter localPlatforms config.nix.settings.extra-platforms;
|
||||
in
|
||||
# both entries cannot have localhost alone because then hydra would merge them together but we want explictily two to not allow benchmarkts for binfmt emulated arches
|
||||
# multiple container max-jobs by X because binfmt is very slow especially in configure scripts
|
||||
''
|
||||
cat << EOF > ~/machines
|
||||
localhost x86_64-linux,i686-linux - ${toString config.nix.settings.max-jobs} 10 ${lib.concatStringsSep "," config.nix.settings.system-features} -
|
||||
# local container to have an extra nix daemon for binfmt
|
||||
# NOTE: currently very, very slow and usually builds do not finish in any amount of time
|
||||
# root@192.168.100.3 ${lib.concatStringsSep "," extraPlatforms} - ${toString (config.nix.settings.max-jobs * 3)} 10 big-parallel,nixos-test -
|
||||
# sandro's native aarch64 builder
|
||||
${config.nix.remoteBuilder.name}@gallium.supersandro.de aarch64-linux - 4 20 big-parallel,nixos-test,benchmark -
|
||||
EOF
|
||||
'';
|
||||
|
||||
nix-daemon.serviceConfig = {
|
||||
CPUWeight = 5;
|
||||
MemoryHigh = "64G";
|
||||
|
|
|
@ -15,25 +15,27 @@ in
|
|||
|
||||
networking = {
|
||||
hostName = "jabber";
|
||||
firewall.allowedTCPPorts = [
|
||||
# Prosody
|
||||
5222
|
||||
5223
|
||||
5269
|
||||
80
|
||||
5280
|
||||
443
|
||||
5281
|
||||
# Coturn
|
||||
3478
|
||||
3479
|
||||
];
|
||||
firewall.allowedUDPPorts = [
|
||||
# Coturn
|
||||
3478
|
||||
3479
|
||||
];
|
||||
firewall = {
|
||||
allowedTCPPorts = [
|
||||
# Prosody
|
||||
5222
|
||||
5223
|
||||
5269
|
||||
80
|
||||
5280
|
||||
443
|
||||
5281
|
||||
# Coturn
|
||||
3478
|
||||
3479
|
||||
];
|
||||
allowedUDPPorts = [
|
||||
# Coturn
|
||||
3478
|
||||
3479
|
||||
];
|
||||
# TODO: allowedSCTPPorts
|
||||
};
|
||||
};
|
||||
|
||||
security.acme.certs."${domain}" = {
|
||||
|
@ -44,6 +46,7 @@ in
|
|||
# DynDNS method
|
||||
dnsProvider = "rfc2136";
|
||||
credentialsFile = config.sops.secrets."acme/credentials-file".path;
|
||||
reloadServices = [ "prosody" ];
|
||||
# Make keys accessible by putting them in prosody's group
|
||||
inherit (config.services.prosody) group;
|
||||
};
|
||||
|
@ -154,7 +157,7 @@ in
|
|||
extraConfig =
|
||||
let
|
||||
prosodyFirewall = pkgs.writeText "antispam.pfw" ''
|
||||
%ZONE spam: creep.im, default.rs, sj.ms, anonym.im, xmpp.jp, safetyjabber.com, im.hot-chilli.net, jabb3r.org, draugr.de, laba.im, xmpp.sh, jabber.bitactive.com, 404.city, jabber.cd, jabber.jc-otto.de, jabster.pl, jabber.no, anoxinon.me, ubuntu-jabber.net, anonarchy.im, jabber.freenet.de, exploit.im, 616.pub, omemo.im, rsocks.net, chatwith.xyz, jabber.cz, jabbim.cz, blabber.im, jabber.root.cz, jabb.im, jabber.infos.ru, jabbim.pl, jabbim.com, linuxlovers.at, jabbim.ru, jabber.sk, njs.netlab.cz, jabba.biz, chatterboxtown.us, crime.io, 0nl1ne.at, verdammung.org, im.apinc.org, 0day.la, 0day.im, xabber.de, conversations.im, jabber.de, chinwag.im, jabber.ccc.de, thesecure.biz, shad0w.ru, yourdata.forsale, linux.monster, xmpp.international, paranoid.network, og.im, 4ept.net, darknet.im, ubuntu-jabber.de, deshalbfrei.org, nixnet.services, marxist.club, dw.live, 01337.io, yax.im, sqli.io, breached.im, pwned.life, jabber.fr, chatterboxtown.us, xmpp.xxx, ybgood.de, ejabber.co, jabbers.one
|
||||
%ZONE spam: creep.im, default.rs, sj.ms, anonym.im, xmpp.jp, safetyjabber.com, im.hot-chilli.net, jabb3r.org, draugr.de, laba.im, xmpp.sh, jabber.bitactive.com, 404.city, jabber.cd, jabber.jc-otto.de, jabster.pl, jabber.no, anoxinon.me, ubuntu-jabber.net, anonarchy.im, jabber.freenet.de, exploit.im, 616.pub, omemo.im, rsocks.net, chatwith.xyz, jabber.cz, jabbim.cz, blabber.im, jabber.root.cz, jabb.im, jabber.infos.ru, jabbim.pl, jabbim.com, linuxlovers.at, jabbim.ru, jabber.sk, njs.netlab.cz, jabba.biz, chatterboxtown.us, crime.io, 0nl1ne.at, verdammung.org, im.apinc.org, 0day.la, 0day.im, xabber.de, conversations.im, jabber.de, chinwag.im, jabber.ccc.de, thesecure.biz, shad0w.ru, yourdata.forsale, linux.monster, xmpp.international, paranoid.network, og.im, 4ept.net, darknet.im, ubuntu-jabber.de, deshalbfrei.org, nixnet.services, marxist.club, dw.live, 01337.io, sqli.io, breached.im, pwned.life, jabber.fr, chatterboxtown.us, xmpp.xxx, ybgood.de, ejabber.co, jabbers.one
|
||||
|
||||
IN ROSTER?
|
||||
PASS.
|
||||
|
|
|
@ -60,11 +60,14 @@
|
|||
isNormalUser = true;
|
||||
extraGroups = [ "wheel" "docker" ];
|
||||
createHome = true;
|
||||
openssh.authorizedKeys.keys = ssh-public-keys.leon;
|
||||
openssh.authorizedKeys.keys = [
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJPZoT83l0ogbJpviBs4VmO+NdF4NPtYAnyf8RRSoXsv leon@leon"
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIANupx+diz5N8sGZOc7ZXopyPh9HaML8M7Qh70aVVIaJ leon@leons-Air"
|
||||
];
|
||||
};
|
||||
networking.nameservers = ["172.20.73.8" "9.9.9.9"];
|
||||
networking.firewall = {
|
||||
allowedTCPPorts = [ 5000 22 53 80 443 8080 12000 ];
|
||||
allowedTCPPorts = [ 5000 22 53 80 443 8080 12000 465 993 3478 3479 3480 5223 ];
|
||||
allowedUDPPorts = [ 53 80 8080 18900 19900 ];
|
||||
};
|
||||
#_______________________________Begin-VPN1-Server____________________________________
|
||||
|
@ -165,33 +168,6 @@
|
|||
];
|
||||
};
|
||||
};
|
||||
#-----------------------------END-VPN---------------------------------
|
||||
|
||||
#__________________________Begin-VPN2-Server_____________________
|
||||
|
||||
networking.wireguard.interfaces = {
|
||||
#Interface. Untrusted VPN
|
||||
vpn2 = {
|
||||
#IP address && Subnet.
|
||||
ips = [ "10.10.100.1/24" ];
|
||||
|
||||
#VPN Port.
|
||||
listenPort = 19900;
|
||||
|
||||
# Path to the private key file.
|
||||
#
|
||||
privateKeyFile = "/etc/wireguard/privatekey";
|
||||
|
||||
peers = [
|
||||
# -----------------leon-Mac-------------------------.
|
||||
{
|
||||
publicKey = "6GRIp7SjHyu5sgqudtgZdN9CKbV3GYtMnwgo06F4ylo=";
|
||||
allowedIPs = [ "10.10.100.0/24" ];
|
||||
}
|
||||
];
|
||||
};
|
||||
};
|
||||
|
||||
#-----------------------------END-VPN---------------------------------
|
||||
|
||||
#-----------------------------ngin-X--------------------------------
|
||||
|
@ -230,16 +206,7 @@ networking.wireguard.interfaces = {
|
|||
proxyWebsockets = true;
|
||||
};
|
||||
};
|
||||
virtualHosts."hospital-gly.c3d2.de" = {
|
||||
forceSSL = true;
|
||||
enableACME = true;
|
||||
locations."/" = {
|
||||
proxyPass = "http://10.10.11.21";
|
||||
proxyWebsockets = true;
|
||||
};
|
||||
};
|
||||
|
||||
|
||||
|
||||
};
|
||||
#-----------------------------ngin-X--------------------------------
|
||||
|
||||
|
|
|
@ -38,7 +38,10 @@
|
|||
isNormalUser = true;
|
||||
extraGroups = [ "wheel" "docker" ];
|
||||
createHome = true;
|
||||
openssh.authorizedKeys.keys = ssh-public-keys.leon;
|
||||
openssh.authorizedKeys.keys = [
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJPZoT83l0ogbJpviBs4VmO+NdF4NPtYAnyf8RRSoXsv leon@leon"
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIANupx+diz5N8sGZOc7ZXopyPh9HaML8M7Qh70aVVIaJ leon@leons-Air"
|
||||
];
|
||||
};
|
||||
|
||||
|
||||
|
@ -76,9 +79,11 @@
|
|||
#<-----------------wireguard client---------------
|
||||
#>-----------------nextcloud----------------------
|
||||
|
||||
services.nextcloud = {
|
||||
services.nextcloud = {
|
||||
enable = true;
|
||||
enableBrokenCiphersForSSE = false; # avoid dependency on openssl1.1
|
||||
hostName = "cloud";
|
||||
package = pkgs.nextcloud25;
|
||||
config = {
|
||||
dbtype = "pgsql";
|
||||
dbuser = "nextcloud";
|
||||
|
@ -87,7 +92,7 @@ services.nextcloud = {
|
|||
adminpassFile = "/etc/nixos/next-cloud/pass";
|
||||
adminuser = "root";
|
||||
extraTrustedDomains = ["10.10.11.4" "10.10.11.1" "45.158.40.165" "bicospacetech.cloud.c3d2.de"];
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
services.backup.enable = false;
|
||||
|
|
|
@ -113,6 +113,7 @@
|
|||
|
||||
mastodon = {
|
||||
enable = true;
|
||||
enableBirdUITheme = true;
|
||||
configureNginx = true;
|
||||
elasticsearch.host = "127.0.0.1";
|
||||
ldap.enable = true;
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
{ config, lib, libC, pkgs, ... }:
|
||||
|
||||
{
|
||||
c3d2.deployment.server = "server10";
|
||||
|
@ -16,18 +16,9 @@
|
|||
enableACME = true;
|
||||
locations."/" = {
|
||||
proxyPass = "http://localhost:3000";
|
||||
# ip ranges duplicated with prometheus node exporter
|
||||
extraConfig = ''
|
||||
satisfy any;
|
||||
extraConfig = libC.hqNetworkOnly + ''
|
||||
auth_basic secured;
|
||||
auth_basic_user_file ${config.sops.secrets."nginx/basic-auth".path};
|
||||
allow 2a00:8180:2c00:200::/56;
|
||||
allow 2a0f:5382:acab:1400::/56;
|
||||
allow fd23:42:c3d2:500::/56;
|
||||
allow 30c:c3d2:b946:76d0::/64;
|
||||
allow 172.22.99.0/24;
|
||||
allow 172.20.72.0/21;
|
||||
deny all;
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
|
|
@ -9,6 +9,17 @@
|
|||
|
||||
networking.hostName = "matrix";
|
||||
|
||||
#
|
||||
nixpkgs.overlays = [
|
||||
(final: prev: {
|
||||
# NOTE: using config.services.matrix-synapse.package does not work because it does not override the matrix-synapse used in matrix-synapse.plugins.matrix-synapse-ldap3
|
||||
matrix-synapse = prev.matrix-synapse.overridePythonAttrs (_: {
|
||||
# fail and take a good amount of time
|
||||
doCheck = false;
|
||||
});
|
||||
})
|
||||
];
|
||||
|
||||
services = {
|
||||
backup.paths = [ "/var/lib/matrix-synapse/" ];
|
||||
|
||||
|
@ -24,7 +35,6 @@
|
|||
ldap = {
|
||||
enable = true;
|
||||
bindPasswordFile = config.sops.secrets."matrix-synapse/ldapSearchUserPassword".path;
|
||||
userFilter = config.security.ldap.groupFilter "matrix";
|
||||
};
|
||||
settings = {
|
||||
admin_contact = "mailto:mail@c3d2.de";
|
||||
|
@ -103,10 +113,10 @@
|
|||
|
||||
sops = {
|
||||
defaultSopsFile = ./secrets.yaml;
|
||||
secrets = with libS.sops; {
|
||||
"matterbridge/config" = permissionForUser "matterbridge";
|
||||
"matrix-synapse/config" = permissionForUser "matrix-synapse";
|
||||
"matrix-synapse/ldapSearchUserPassword" = permissionForUser "matrix-synapse";
|
||||
secrets = {
|
||||
"matterbridge/config".owner = "matterbridge";
|
||||
"matrix-synapse/config".owner = "matrix-synapse";
|
||||
"matrix-synapse/ldapSearchUserPassword".owner = "matrix-synapse";
|
||||
"restic/password".owner = "root";
|
||||
"restic/repository/server8".owner = "root";
|
||||
};
|
||||
|
|
|
@ -4,6 +4,13 @@ let
|
|||
cfg = config.services.mediawiki;
|
||||
in
|
||||
{
|
||||
assertions = [
|
||||
{
|
||||
assertion = lib.versions.majorMinor pkgs.mediawiki.version != 1.40;
|
||||
# https://www.mediawiki.org/wiki/Version_lifecycle
|
||||
message = "Please keep mediawiki on LTS versions which is required by the LDAP extension";
|
||||
}
|
||||
];
|
||||
c3d2.deployment.server = "server10";
|
||||
|
||||
microvm.mem = 1024;
|
||||
|
@ -20,7 +27,7 @@ in
|
|||
|
||||
mediawiki = {
|
||||
enable = true;
|
||||
virtualHost = {
|
||||
httpd.virtualHost = {
|
||||
adminAddr = "no-reply@c3d2.de";
|
||||
enableACME = true;
|
||||
forceSSL = true;
|
||||
|
@ -40,21 +47,20 @@ in
|
|||
#};
|
||||
name = "C3D2";
|
||||
|
||||
extraConfig = ''
|
||||
extraConfig = /* php */ ''
|
||||
$wgArticlePath = '/$1';
|
||||
|
||||
$wgShowExceptionDetails = true;
|
||||
$wgDBserver = "${config.services.mediawiki.database.socket}";
|
||||
$wgDBmwschema = "mediawiki";
|
||||
$wgDBmwschema = "mediawiki";
|
||||
|
||||
$wgLogo = "https://www.c3d2.de/images/ck.png";
|
||||
$wgLogo = "https://www.c3d2.de/images/ck.png";
|
||||
$wgEmergencyContact = "wiki@c3d2.de";
|
||||
$wgPasswordSender = "wiki@c3d2.de";
|
||||
$wgLanguageCode = "de";
|
||||
|
||||
$wgGroupPermissions['*']['edit'] = false;
|
||||
$wgGroupPermissions['user']['edit'] = true;
|
||||
$wgGroupPermissions['sysop']['interwiki'] = true;
|
||||
$wgGroupPermissions['sysop']['userrights'] = true;
|
||||
|
||||
define("NS_INTERN", 100);
|
||||
|
@ -63,20 +69,20 @@ in
|
|||
$wgExtraNamespaces[NS_INTERN] = "Intern";
|
||||
$wgExtraNamespaces[NS_INTERN_TALK] = "Intern_Diskussion";
|
||||
|
||||
$wgGroupPermissions['intern']['move'] = true;
|
||||
$wgGroupPermissions['intern']['move'] = true;
|
||||
$wgGroupPermissions['intern']['move-subpages'] = true;
|
||||
$wgGroupPermissions['intern']['move-rootuserpages'] = true; // can move root userpages
|
||||
$wgGroupPermissions['intern']['read'] = true;
|
||||
$wgGroupPermissions['intern']['edit'] = true;
|
||||
$wgGroupPermissions['intern']['createpage'] = true;
|
||||
$wgGroupPermissions['intern']['createtalk'] = true;
|
||||
$wgGroupPermissions['intern']['writeapi'] = true;
|
||||
$wgGroupPermissions['intern']['upload'] = true;
|
||||
$wgGroupPermissions['intern']['reupload'] = true;
|
||||
$wgGroupPermissions['intern']['reupload-shared'] = true;
|
||||
$wgGroupPermissions['intern']['minoredit'] = true;
|
||||
$wgGroupPermissions['intern']['purge'] = true; // can use ?action=purge without clicking "ok"
|
||||
$wgGroupPermissions['intern']['sendemail'] = true;
|
||||
$wgGroupPermissions['intern']['read'] = true;
|
||||
$wgGroupPermissions['intern']['edit'] = true;
|
||||
$wgGroupPermissions['intern']['createpage'] = true;
|
||||
$wgGroupPermissions['intern']['createtalk'] = true;
|
||||
$wgGroupPermissions['intern']['writeapi'] = true;
|
||||
$wgGroupPermissions['intern']['upload'] = true;
|
||||
$wgGroupPermissions['intern']['reupload'] = true;
|
||||
$wgGroupPermissions['intern']['reupload-shared'] = true;
|
||||
$wgGroupPermissions['intern']['minoredit'] = true;
|
||||
$wgGroupPermissions['intern']['purge'] = true; // can use ?action=purge without clicking "ok"
|
||||
$wgGroupPermissions['intern']['sendemail'] = true;
|
||||
|
||||
$wgNamespacePermissionLockdown[NS_INTERN]['*'] = array('intern');
|
||||
$wgNamespacePermissionLockdown[NS_INTERN_TALK]['*'] = array('intern');
|
||||
|
@ -109,13 +115,29 @@ in
|
|||
$wgCaptchaClass = 'QuestyCaptcha';
|
||||
$wgCaptchaQuestions[] = array( 'question' => 'How is C3D2 logo in ascii?', 'answer' => '<<</>>' );
|
||||
|
||||
# we are using the feature of the default extension interwiki for linking to other articles of the same domain
|
||||
# https://www.mediawiki.org/wiki/Extension:Interwiki
|
||||
# without loading this extension there is no page Spezial:Interwikitablle (aka Special:Interwiki) to manage the table of entries for interwiki links
|
||||
wfLoadExtension( 'Interwiki' );
|
||||
# all members of the sysop group should be able to manage entries for interwiki links
|
||||
$wgGroupPermissions['sysop']['interwiki'] = true;
|
||||
|
||||
$wgEnableAPI = true;
|
||||
$wgAllowUserCss = true;
|
||||
$wgUseAjax = true;
|
||||
$wgEnableMWSuggest = true;
|
||||
|
||||
//TODO what about $wgUpgradeKey ?
|
||||
wfLoadExtension('Cite');
|
||||
wfLoadExtension('CiteThisPage');
|
||||
wfLoadExtension('ConfirmEdit');
|
||||
wfLoadExtension('ParserFunctions');
|
||||
wfLoadExtension('WikiEditor');
|
||||
|
||||
// TODO: what about $wgUpgradeKey ?
|
||||
|
||||
// TODO: does this even work?
|
||||
// https://www.mediawiki.org/wiki/Extension:Scribunto#Requirements mentions quite some extra steps which we didn't do
|
||||
wfLoadExtension('Scribunto');
|
||||
$wgScribuntoDefaultEngine = 'luastandalone';
|
||||
|
||||
# LDAP
|
||||
|
@ -125,58 +147,34 @@ in
|
|||
# see https://extdist.wmflabs.org/dist/extensions/ for list of extensions
|
||||
# save them on https://web.archive.org/save and copy the final URL below
|
||||
extensions = {
|
||||
Cite = pkgs.fetchzip {
|
||||
url = "https://web.archive.org/web/20230516204128/https://extdist.wmflabs.org/dist/extensions/Cite-REL1_39-2540df4.tar.gz";
|
||||
sha256 = "sha256-fXE+W1nRPvMK7fOJa7q0fY3CpT0TrxDUv5R4WKPXxPc=";
|
||||
};
|
||||
CiteThisPage = pkgs.fetchzip {
|
||||
url = "https://web.archive.org/web/20230516204058/https://extdist.wmflabs.org/dist/extensions/CiteThisPage-REL1_39-1c86120.tar.gz";
|
||||
sha256 = "sha256-GU3L8rqU9RI7VDK4kcCBLDoBD26Sqk1Bu6hANhlByeQ=";
|
||||
};
|
||||
ConfirmEdit = pkgs.fetchzip {
|
||||
url = "https://web.archive.org/web/20230516203822/https://extdist.wmflabs.org/dist/extensions/ConfirmEdit-REL1_39-09a7ebc.tar.gz";
|
||||
sha256 = "sha256-G+ZYmPEva8C9arcpmvREX5yvA12PE3/zjpDpzW6dP9o=";
|
||||
};
|
||||
Lockdown = pkgs.fetchzip {
|
||||
url = "https://web.archive.org/web/20230516203722/https://extdist.wmflabs.org/dist/extensions/Lockdown-REL1_39-12dd618.tar.gz";
|
||||
sha256 = "sha256-V4Tdo04YtH6g15QgAW9RPqlVOwMOAyrGGIPbs9jH45A=";
|
||||
url = "https://web.archive.org/web/20230710141042/https://extdist.wmflabs.org/dist/extensions/Lockdown-REL1_40-7d900ed.tar.gz";
|
||||
sha256 = "sha256-TgoL9IcwY4EBNUsoVBqpUehVO7TEDT22FoH7Ep4dMxw=";
|
||||
};
|
||||
# TODO: replace with https://www.mediawiki.org/wiki/Extension:DynamicPageList3
|
||||
intersection = pkgs.fetchzip {
|
||||
url = "https://web.archive.org/web/20230516203704/https://extdist.wmflabs.org/dist/extensions/intersection-REL1_39-dbb8cfd.tar.gz";
|
||||
sha256 = "sha256-E6n+i7+SRHvmSLEIAiUR/LyGFcSkkrwTXl9INa/a4yw=";
|
||||
url = "https://web.archive.org/web/20230710142223/https://extdist.wmflabs.org/dist/extensions/intersection-REL1_40-f3c1559.tar.gz";
|
||||
sha256 = "sha256-DYq5CCm//rc6Mei9K6S2Ue+hzz6PYHnwpbJouFS5j+o=";
|
||||
};
|
||||
# requires PluggableAuth
|
||||
LDAPAuthentication2 = pkgs.fetchzip {
|
||||
url = "https://web.archive.org/web/20230516203001/https://extdist.wmflabs.org/dist/extensions/LDAPAuthentication2-REL1_39-35908c0.tar.gz";
|
||||
url = "https://web.archive.org/web/20230710142325/https://extdist.wmflabs.org/dist/extensions/LDAPAuthentication2-REL1_40-2864ae9.tar.gz";
|
||||
sha256 = "sha256-LWXpmgzUpgEaPe/4cwF2cmJxPkW8ywT7gRAlB58mDfY=";
|
||||
};
|
||||
LDAPProvider = pkgs.fetchzip {
|
||||
url = "https://web.archive.org/web/20230516202850/https://extdist.wmflabs.org/dist/extensions/LDAPProvider-REL1_39-1b79e16.tar.gz";
|
||||
sha256 = "sha256-rJGdS1mbmSdHUIgbNeRMJ56vTVihEgXzOvR6k1guDU8=";
|
||||
};
|
||||
ParserFunctions = pkgs.fetchzip {
|
||||
url = "https://web.archive.org/web/20230516202737/https://extdist.wmflabs.org/dist/extensions/ParserFunctions-REL1_39-3eb1eb9.tar.gz";
|
||||
sha256 = "sha256-wAoMVNerfa7FUP+NH51cYZf+QKQl+pdSBoKsbAS6LBE=";
|
||||
url = "https://web.archive.org/web/20230710141035/https://extdist.wmflabs.org/dist/extensions/LDAPProvider-REL1_40-99edc23.tar.gz";
|
||||
sha256 = "sha256-DYq5CCm//rc6Mei9K6S2Ue+hzz6PYHnwpbJouFS5j+o=";
|
||||
};
|
||||
PluggableAuth = pkgs.fetchzip {
|
||||
url = "https://web.archive.org/web/20230516202627/https://extdist.wmflabs.org/dist/extensions/PluggableAuth-REL1_39-1210fc3.tar.gz";
|
||||
sha256 = "sha256-F6bTMCzkK3kZwZGIsNE87WlZWqXXmTMhEjApO99YKR0=";
|
||||
};
|
||||
Scribunto = pkgs.fetchzip {
|
||||
url = "https://web.archive.org/web/20230516202513/https://extdist.wmflabs.org/dist/extensions/Scribunto-REL1_39-ebb91f2.tar.gz";
|
||||
sha256 = "sha256-WHgVyY2JpUp8lFpvtKYS3wNe7UzzYLtwsRqtIdZBhek=";
|
||||
};
|
||||
WikiEditor = pkgs.fetchzip {
|
||||
url = "https://web.archive.org/web/20230516202249/https://extdist.wmflabs.org/dist/extensions/WikiEditor-REL1_39-ed89fa9.tar.gz";
|
||||
sha256 = "sha256-Aypjzv0cjoJvPuqSqlvMrlvd8n5EtE4TC8eyxFGwmLQ=";
|
||||
url = "https://web.archive.org/web/20230710142618/https://extdist.wmflabs.org/dist/extensions/PluggableAuth-REL1_40-519c6d2.tar.gz";
|
||||
sha256 = "sha256-N1+OV1UdzvU4iXhaS/+fuEoAXqrkVyyEPDirk0vrT8A=";
|
||||
};
|
||||
};
|
||||
# initial admin user password
|
||||
passwordFile = config.sops.secrets."mediawiki/adminPassword".path;
|
||||
database = {
|
||||
type = "postgres";
|
||||
socket = "/run/postgresql";
|
||||
user = "mediawiki";
|
||||
name = "mediawiki";
|
||||
};
|
||||
uploadsDir = "/var/lib/mediawiki/uploads";
|
||||
};
|
||||
|
@ -187,14 +185,14 @@ in
|
|||
|
||||
postgresql = {
|
||||
enable = true;
|
||||
authentication = lib.mkForce ''
|
||||
# TYPE DATABASE USER ADDRESS METHOD
|
||||
local all all trust
|
||||
host all all 127.0.0.1/32 trust
|
||||
host all all 10.233.2.1/32 trust
|
||||
host all all ::1/128 trust
|
||||
'';
|
||||
enableTCPIP = true;
|
||||
# authentication = lib.mkForce ''
|
||||
# # TYPE DATABASE USER ADDRESS METHOD
|
||||
# local all all trust
|
||||
# host all all 127.0.0.1/32 trust
|
||||
# host all all 10.233.2.1/32 trust
|
||||
# host all all ::1/128 trust
|
||||
# '';
|
||||
# enableTCPIP = true;
|
||||
ensureDatabases = [ cfg.database.name ];
|
||||
ensureUsers = [{
|
||||
name = cfg.database.user;
|
||||
|
@ -216,8 +214,8 @@ in
|
|||
path = "/var/lib/mediawiki/secret.key";
|
||||
};
|
||||
"mediawiki/upgradeKey".owner = config.systemd.services.mediawiki-init.serviceConfig.User;
|
||||
"restic/password".owner = "root";
|
||||
"restic/repository/server8".owner = "root";
|
||||
"restic/password" = { };
|
||||
"restic/repository/server8" = { };
|
||||
};
|
||||
};
|
||||
|
||||
|
|
|
@ -1,50 +1,61 @@
|
|||
{ config, pkgs, ... }:
|
||||
{
|
||||
c3d2.deployment.server = "server10";
|
||||
# FIXME: mobilizon just crashes constantly and eats resources away
|
||||
# c3d2.deployment.server = "server10";
|
||||
|
||||
microvm.mem = 2048;
|
||||
|
||||
networking.hostName = "mobilizon";
|
||||
|
||||
services.mobilizon = {
|
||||
enable = true;
|
||||
settings.":mobilizon".":instance" = {
|
||||
name = "C3D2 Mobilizon";
|
||||
hostname = "mobilizon.c3d2.de";
|
||||
registrations_open = true;
|
||||
default_language = "de";
|
||||
services = {
|
||||
mobilizon = {
|
||||
enable = true;
|
||||
settings.":mobilizon".":instance" = {
|
||||
name = "C3D2 Mobilizon";
|
||||
hostname = "mobilizon.c3d2.de";
|
||||
registrations_open = true;
|
||||
default_language = "de";
|
||||
};
|
||||
settings.":mobilizon"."Mobilizon.Web.Email.Mailer" = {
|
||||
adapter = { value = "Bamboo.SMTPAdapter"; _elixirType = "raw"; };
|
||||
server = "mail.c3d2.de";
|
||||
hostname = config.networking.hostName;
|
||||
auth = false;
|
||||
port = 587;
|
||||
ssl = false;
|
||||
tls = { value = ":if_available"; _elixirType = "atom"; };
|
||||
allowed_tls_versions = { value = ''[:tlsv1, :"tlsv1.1", :"tlsv1.2"]''; _elixirType = "raw"; };
|
||||
retries = 1;
|
||||
no_mx_lookups = true;
|
||||
};
|
||||
settings.":mobilizon".":logger" = {
|
||||
level = { value = ":all"; _elixirType = "atom"; };
|
||||
};
|
||||
};
|
||||
settings.":mobilizon"."Mobilizon.Web.Email.Mailer" = {
|
||||
adapter = { value = "Bamboo.SMTPAdapter"; _elixirType = "raw"; };
|
||||
server = "mail.c3d2.de";
|
||||
hostname = config.networking.hostName;
|
||||
auth = false;
|
||||
port = 587;
|
||||
ssl = false;
|
||||
tls = { value = ":if_available"; _elixirType = "atom"; };
|
||||
allowed_tls_versions = { value = ''[:tlsv1, :"tlsv1.1", :"tlsv1.2"]''; _elixirType = "raw"; };
|
||||
retries = 1;
|
||||
no_mx_lookups = true;
|
||||
|
||||
nginx = {
|
||||
enable = true;
|
||||
virtualHosts."mobilizon.c3d2.de" = {
|
||||
default = true;
|
||||
forceSSL = true;
|
||||
enableACME = true;
|
||||
};
|
||||
};
|
||||
settings.":mobilizon".":logger" = {
|
||||
level = { value = ":all"; _elixirType = "atom"; };
|
||||
|
||||
postgresql = {
|
||||
extraPlugins = with config.services.postgresql.package.pkgs; [ postgis ];
|
||||
package = pkgs.postgresql_15;
|
||||
upgrade.stopServices = [ "mobilizon" ];
|
||||
};
|
||||
};
|
||||
|
||||
services.nginx = {
|
||||
enable = true;
|
||||
virtualHosts."mobilizon.c3d2.de" = {
|
||||
default = true;
|
||||
forceSSL = true;
|
||||
enableACME = true;
|
||||
sops = {
|
||||
defaultSopsFile = ./secrets.yaml;
|
||||
secrets = {
|
||||
"restic/password".owner = "root";
|
||||
"restic/repository/server8".owner = "root";
|
||||
};
|
||||
};
|
||||
|
||||
services.postgresql = {
|
||||
extraPlugins = with config.services.postgresql.package.pkgs; [ postgis ];
|
||||
package = pkgs.postgresql_15;
|
||||
upgrade.stopServices = [ "mobilizon" ];
|
||||
};
|
||||
|
||||
system.stateVersion = "22.05";
|
||||
}
|
||||
|
|
|
@ -0,0 +1,205 @@
|
|||
restic:
|
||||
password: ENC[AES256_GCM,data:VzlrvaX6A/TIPZHrFqQokAIB6nMWTJ1fvlANg+RkNjs=,iv:xcczjX3rDpJAmnOjQ4jvcmuAYAfoR4qRhhOVNZBn8qE=,tag:sI3hpyWOqjKi92oscWBTaw==,type:str]
|
||||
repository:
|
||||
server8: ENC[AES256_GCM,data:es9pjz9tIaoxxrjF3aGr+gqNQRKg2kgTATBcMcRzSvnnU7CTlOI7jZ5ij2ViGGW4FxPGOIM7Yakn5rUJipjqu3Bc5keDKDsgdsQ284v9URXMWw1t+dKKbUq3Pe73mB4v+HFH1gjqJtk=,iv:6b+HLJYa9uPpKYdDJtpqOxfjcbGVMX+jt5BU3qXJ2iQ=,tag:l2jen4ynpN9U4YMW4RWlJg==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
azure_kv: []
|
||||
hc_vault: []
|
||||
age:
|
||||
- recipient: age182ms3ygypflk7mtpemp4k4ks9rz4gwhvzc9jlk95u4py5q68ppxstzu2e3
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvZjJDK2dLTlFBQWFaNE1G
|
||||
VEM3NlF4OW55c3RuYlkvdHppUlNBY0U3dFh3CjhkZDVCeVFXSkxJbm1JbjZhT1hG
|
||||
OWJlV2I2L1JYWGZRaUZCdGQycngxS3MKLS0tIFFNK05rT3RybkFzZncxN3pVUnd1
|
||||
czZrQXJBOTd3TjM0WGlsS2lnYWQ1SXcKxOubvoavH0isoFu6Ov5CutSkR3XuzjKp
|
||||
2QmjyMoBBiZWlJNxhDGjKc87Kh6/lgRHTWaQs3zMJNIk1T4VfCqUag==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age12aukzah0pt2rck52hwn08kezyxueqz2f49ld7hpyuzmu847vavdqkunn5c
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA5bW5GQ2Y4VG1rYXIrRmZa
|
||||
eHhmUjFGRmtQcUY1LzBXYkpNQm9kOXhWb1NJCmR3RSt2U2FFVXFHWnBIQ29kMWpN
|
||||
akRVYnhKTVRsNDlncEN2aDg3TnhRWlEKLS0tIG55VVBmbnN3aDY1T1RZUXJTdkdr
|
||||
bnFuRXlycEE1cXlmNERDWjZROG16TzgKnbKHCu8FRFCej1YCtd9zueUM/n8K3F39
|
||||
tU/NFH/sJwqZ7jem/Ljs5Bcp5939zyGmN0RF5MsBre6YrS740YopSg==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2023-06-05T18:26:48Z"
|
||||
mac: ENC[AES256_GCM,data:SO7Q8L7PvEcB9YHeLEUOHARnKOpP6fISMhEU0cFaPICDu3HyaNga+UzUz/5qnQa9qPxtny7NpzAFw3q/McrpShUaNkD6b8sMr7QqeGomKiGE2UVOEwdO0yZSF7dCpwTdONUlDCMDz3Ze68XlYXGsKwE3x9dpToFNBVey3avzqM4=,iv:sLjS1+5vC/E7RqGiDMLNGNlwKTyZN0P5h0biGNWWSyk=,tag:VtxzO4NANM6iRAaw/Lqe8w==,type:str]
|
||||
pgp:
|
||||
- created_at: "2023-06-05T19:07:55Z"
|
||||
enc: |
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
hQIMA6j84+xkv3y7ARAA5BAoiF2l4pnglaW4WiedezZUhqxyMi+JMsIyw2b9PDTW
|
||||
gP9OpJoRypZQMOvAyALi7VHnHlo88gKGD4rgfwIcGwYENyjgQapWatqlVp+oqOX0
|
||||
rANNZR4Q86kpFfvDIhooEK4YZpjX4CcJznEePuFGr9/hTwPfgf1jo2sbOGxGWoRJ
|
||||
LYegbWosxrEHZTielLBslVZp9Ml+845lkTcZmSNEZLsdkBx7VuaVaKbhkniENb09
|
||||
t393RuUEw8vH+anKIabXVSl5xvRj9s7VCWsI9GIhD0NMkfDFZZzpAClKvlDEHvob
|
||||
0wFe0DplRReYRc1QkqtJW5LOG0clttg5GPpDGoAp7KIYHjLj/srrWzaSB7tGx6d6
|
||||
kze+Mkz1JCNAb7KKCLf9FLKO9XffRCH0+uweoFd00HiNpwH0wph4WHFL7EoKkx1O
|
||||
0naRIrZJDG2/xNvKRzB/TbpiY1+pQP5+hXGpAnzumDhHNSNOqpvaADLzFOh+zPiM
|
||||
RQZqkGo623+gcsjG3FQ482QESO/a0QH+grrRH2zpKEPa/3AvjIBMz3QHdcWb/0lE
|
||||
aIV1Pdwg8CuF2bOY5lcfciSOG12B82F++XGR44D5RCWR4saxpXjzvQGKXmOZxQg6
|
||||
uR/Uj++BDt1D30sw2X7469FhPIjONLGaJmNNdfB2p5bvF7B+247G3htnk58ATpbS
|
||||
XgFAGebWJOowmPDARVpUKjKPX0Z6mtr+7Di4/L5AQpHNAbUntRMmyzho/Xn4/H7g
|
||||
lU+aoT4nJDVuhYYHCCX1uXZegPe7QJeiAAoqyrqBCtLuoTdtPTnmETCbaW3jqyM=
|
||||
=ff3q
|
||||
-----END PGP MESSAGE-----
|
||||
fp: A5EE826D645DBE35F9B0993358512AE87A69900F
|
||||
- created_at: "2023-06-05T19:07:55Z"
|
||||
enc: |
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
hQIMA8zMZ+ak7y/zAQ/+OFGIlR31q2h+nEm1hw0nduYIAcmqMuwtV8QSajj5vqBN
|
||||
7cxQvqnypmm1MwZJIIN/DoW1QoXgvJSt4kCu+SS8GOzlOiKhC583lnijDLTWA5Yo
|
||||
wziT7bymTOOH7lQW9XVQeOHZ0EAnOn+oYqRDf1olMnu7ZX0Lm7oRRjeqK9mLBFfn
|
||||
M+2jGaF83lhdQp1ezRI//Wn405AvLyZIzQyHOiYDj/aDFLbHJjo8X8RO0MtD47nP
|
||||
3kE4UT9SJLPUbRB6aKRSwHgC2sntXi0v3H6Qw9CWAR+guoPsAIwtLjQ9+0FUn6pw
|
||||
j2LY4S40Gk5FRNS97PTXzTA8k/Vc4WllNKk+SsvgWhvsP+eiieCR11hkoFKxXzJW
|
||||
bxjWtDF6pkHPT/Xk97QPbNaV7EsIRt7WJs82VDGWIJ3cGImCWQNQ8HIDMYYth4VF
|
||||
Iq7ITeyVqosT2l6CKYq3RdjYgapRfDP8LweeLrBD9+erehO1fL+9yPuabTBNEfFi
|
||||
oh7GeB5WxCKhC5jOnH3qjnAcTsvh+OyxuHqS2+7cw5rp+Mg1DaIvShB48HmhAsph
|
||||
e8P/AYQfWY5qWsGjWcEPm/vXzYkSzEFMzOFpFwLzB416X1N5y5WCsUpGKoSMJ5tx
|
||||
0y6gNutU5Nb7q40+ssv4hi1rwyQONb0OSr4sM4QKQiycwASspZ1KpffZYGy50dDS
|
||||
XgEvTN4s0gBZEU3NlPkVVYrzN9FvDjvFgVAnRFy5E9rDGvKIdJESoRXEEqmKU/hM
|
||||
7ij2L7RrFBJSnJ1i1EJyoKOPA1fEd1VHqMIm/oGRWzgzxjubBR+MVhdUibt99Kg=
|
||||
=popK
|
||||
-----END PGP MESSAGE-----
|
||||
fp: D4E89C6A0A58EE803EF708EFA9B23715F7AA3F1A
|
||||
- created_at: "2023-06-05T19:07:55Z"
|
||||
enc: |
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
hQEMA45bZkLXmBFpAQf/XcXIDOyhfczmp51I2Ij8RtDJxhBJ+B65yHKz48s8Me2k
|
||||
f5ausZzOFlsydmm0doIahy87cOHa3ABaVjK8J3Lsl9iP53uLpAGToqPJGcmPgA31
|
||||
D0Hpo/aXCmM37WLjmn8kfyxExrl1vVHsDIXpgifDlZrAL7yQrWl40Xz90DgkgZgz
|
||||
wmObdzPA/ye/sA0nByQgcjpiYizTRxuZV3ExfcmbyTvqnDhH9B/aoLJeBAzR4+oc
|
||||
1y+cEuMWNJF4m23FtE2rq7Z/8TPDgpYnwBWghUPKd9yCHbgse3hkUZZpQoYWuqa5
|
||||
ws2i6sZLsOT5gYm3QfcLaR1ntyWqOVgZ2cqG9ZVzXdJeAbmdjTn9wuM1hbKEnq3y
|
||||
RXB494vGK8eib6668Z9rQjHis/oE5a5mtZj49fEaVhnq8SqF9UBGzGuCD9FOTfWv
|
||||
ha1roV1gjt6cdk3S8ThifLm5l4dJaTRXIGfDMt4Q/w==
|
||||
=uaBx
|
||||
-----END PGP MESSAGE-----
|
||||
fp: A4B0F5A80C2E2448A97BEC25BB829C4DECA6CCB9
|
||||
- created_at: "2023-06-05T19:07:55Z"
|
||||
enc: |
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
hQIMAwMCBBrc/JA6ARAAr7CVjMAGpWq8n7wyUNFQdD1IKKAmELa5TgloNFLPFjtP
|
||||
ReHitI7rjg+j5kDa/T2drkfvcYqYtZk6qtCRzoUTkpoGF6qB4ZaCmRzupOhclPnF
|
||||
KbtQlIMTBr9PcnzHUoxd3BKgCmRBPLknPBIsnHfsv8kJ6yWsoNIw6EdKRkx1AsXt
|
||||
tyKg6lcpZcLH2OvSGMZAeMLfzIMepJ/+YrzatC90nhjxcriG1/RCPk6UvvijU3CL
|
||||
Y+L+bllIsKqZCIWYh3ekrz+IwwTQgXa8oR0O7DcKp3s1zEQv4ynZX8Wo1r6wOoXi
|
||||
YnAnbtn1SeJ3/10ZOPq6GcewUney/BgcMnZTeo4wscfNJkYBUkguTUE94IYroM4P
|
||||
Z0CEjxBqt+Xfqwp5gvnxEZbDwt2oraPhUdmq7Iph+dQWghwyqRH7Nx63DXXpjNB1
|
||||
jtB8bbMdZDRdLZVuNbMmGJ2ApdZG84DgeRzGKOgLqk6QhDry5upcLddgfvFsUFIU
|
||||
Y9v5hlUlIqtJ2NtE0ftntg0qgwbqEcfqaOTs74IVttzpoSN2JMaUG/S++pDN4B1s
|
||||
zI4V8tYnFNW9ib4oN2PlkSTuAKjd0+8QLKVV4kSgFzmD3Jkuq6k9EC13wvl6OpAD
|
||||
mKxA5Q+dKB4np5YsZNz5VNVftNPf87rvz6i7BEHIV6CoktvvqRTA116Tpd6i7AHS
|
||||
lAEiN4gfqphOVax/HTmOwgUEHcHk2NbYCTijPHgq0eLHPaaayt49TFWVZulD+uPF
|
||||
wXg67qFPiivmtsb191tfDMjCOxH+RsJQ7s7l5MMoGKOn43pE3HBLx6xhQNSeSZyl
|
||||
H3WRcH+IU+mp6SBel9f3tVU/The1QEzaOJKPkmDuhX+x8RpAzuOpltqWx4Be/FHi
|
||||
Dsp4Bco=
|
||||
=aY2m
|
||||
-----END PGP MESSAGE-----
|
||||
fp: 4F9F44A64CC2E438979329E1F122F05437696FCE
|
||||
- created_at: "2023-06-05T19:07:55Z"
|
||||
enc: |
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
hQIMA9XEenRNYVGHAQ/9Gsmfr1QkwkbvASwfXG7uPHcYKyGSkRxULSTL7vQv9GKs
|
||||
fVjjRrbiFTiiKYX/tSqgIknNowMaiyTwrOLpYZSwzyYqCV9TL8gAcTVfhLvfnWI0
|
||||
9qVS76I1mybIRNKJw0Pght7DpwlrNfweGSPxKfS//U6D0pXj8kLtaMRnCk4osqwe
|
||||
LmJ8ql8OHOIoXjcri9aq/0Vbu3Us5CE8X+ox7+I6k/0UsEORJ4tilFn4HF2cIEjH
|
||||
pizR/UteTznXxomaglzOYweSxepDeyqwI898vJgS5SbWGOVOS/ovvle0xPmi1ByB
|
||||
O1Ukc3vUF+a92bMKAsO/WoNheGiJZDa0Olk7eLeoFPkfAyL9zYJP/S/1ipQrDpME
|
||||
ClW1ZWnU/UpSV+YJYzemxMY8+4Fe3r8N2A0AomyOYcB0y7bClp/Yoty4SZBTTA8j
|
||||
+RsU9rNbl8YHIjHE2XJLgmNqVq2WTXiTqzG37Z9Seh2WH+5djMX/zL2QcqVFG9Z7
|
||||
k+tYRw84HEzEpvEbCZv9woJXr7yrjc/jTDZVKkFtPSUDUZ0NK5NTw29FW0nNYeAH
|
||||
dvXYFBi3hS7+8EzqqSHyV38gYjcZkOt7ou3MRDtm97gaaSJfKNLjwY4JPdPGdUqe
|
||||
mdhN/xlb4yVIISojx6z5u6GdVyl2wVUEZWDB3DseO3i2bKcTLvS9mYOSA1uJA9TS
|
||||
XgHrzWGL/wPCDrfbHJfgGo29vtyBGdkx0wtTHVpokwOzOP1xCWJkwNTW8BXqvttJ
|
||||
Kknrz734huuDuVfnvj4HwosjRzZlHD6eWfpaMZSb0AqgcQPtgueMmy71L8I5Czg=
|
||||
=0RHc
|
||||
-----END PGP MESSAGE-----
|
||||
fp: 4B12EFA69166CA8C23FC47E49CD3A46248B660CA
|
||||
- created_at: "2023-06-05T19:07:55Z"
|
||||
enc: |-
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
wcBMA/Z87ylQaotQAQf+MIXZYLPhLLZ6PXgLkA5ADPRzAWyxCOXzGHuOthuyjTJ/
|
||||
7tn88URcLY4YYRdAjD4kMpf3xAWhS4nucS3vBw8dvjezxChxrPeHRfEOC2CkF0yJ
|
||||
SzDIAT71YXqXLyoFuDZvqZaCCPow/y3zhf2w67H0EQOw4VoOXERnSIhLDIiRenFR
|
||||
Q1STNDYUmQP3J/WauDXpcM9npva8UlHVednxfFgvyzO5SeEUiyF6nCFtmwE98gJo
|
||||
Xh0WCjMKBjN1UVtzu11SHCNhsAtIBSovEM13/x6jLmWtf92MiS9yDA2HNimq6Tbz
|
||||
sHp6ayTyc4Zaa7Rx6HD16GC9hgzyTjaQFYg4GHIvddJRASZW2cmZkf653hCWqEQu
|
||||
jlPb5a6AdCVIcEzXKTnTF7VKm+cGDpYPH4SjxR6CDZVfWEjppKCuImeU+YzbWMYq
|
||||
GqpwTMBO2uniVD795gJGQJFu
|
||||
=XguT
|
||||
-----END PGP MESSAGE-----
|
||||
fp: 9EA68B7F21204979645182E4287B083353C3241C
|
||||
- created_at: "2023-06-05T19:07:55Z"
|
||||
enc: |-
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
wcFMA9qJIVK2WMV7AQ/7BDJoOnR3DX/WyptS60gb4y1Ln37ZpQGO/kGH+XY2GqRU
|
||||
0ueVs6lC5GMMubrCGImZdTH1kt6oZUTurQKaiuJkaRTsDcttGqSfns16VSBdWT3d
|
||||
3ElPbBYbwH+cLqT2IryzjwIj3Gj7OTrgw5N8NH94jNbBaWsMEM6+FNtbTPlx3xf7
|
||||
UVPifzmMDd+OFGtZAULPDce/ROSKm/goaJdgEfaf6LPtIeoL15MH5Ls4JQD1j8TB
|
||||
NvPKjamPY01iVaHi33I38Zl9VvBF0TQEiIu11vCjb7JhGUslns20q+WpAkICZvmn
|
||||
K+Is0EaAQMEFVEmFUeh6uPUTXepHgBUCE6qzQveR68KsKM19HvOtRLokLsYuBXOk
|
||||
8QT5HI9657wjZpU4k9YUHZ2aTiVr70O8IC6uo2fP3W32V4BKBCToj6HOHrmtvGx9
|
||||
6xnK/Q6pAo/e6zhh5NF5gd1Ue72HBLKNkSIagU0BVIFYVcWOXjQq+Ap07KApplbs
|
||||
2lyYhgliSLW//75v01hFqzBexFBfurcCe2GF/TC+36CFLiQztPmGjFjecavQ8k22
|
||||
6aN15ejUAY4JYdNAzkgdWACFFyy3gTY7vpzvrJIVDMneN04XHXJDJOtA9dR1WsaW
|
||||
ddY0xyyhbdJVCMggWZ0DqMJ0HzLhd69OZhvPuabFGdvrVu5Rkhm2fw4tjGE31ZTS
|
||||
UQGhwB+y6ZdMx56uPhPvhW6Qn6n9Otyp0fwf7uA2y6Fbykp4M+q47C1thRVBAD64
|
||||
by/rl/mUn0jxC99qG0zIDNOe1kyea+xBX/TwqKXcgXTWDw==
|
||||
=ZIm2
|
||||
-----END PGP MESSAGE-----
|
||||
fp: 53B26AEDC08246715E15504B236B6291555E8401
|
||||
- created_at: "2023-06-05T19:07:55Z"
|
||||
enc: |
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
hQIMA/YLzOYaRIJJAQ/8DN8XmixXlZPwU3MsuF7Ti6SM0nagoXVnzVOzkSKcF2zX
|
||||
wY82QFCOzeM40BCOFkcFYt8Ego0pGfE4Y6trIZ74DQ+hzgs8k61Y3b53mgTx/FPX
|
||||
BRJPyc5Pm1fjcViBGK5MYEM+WtYAzDUQkUIu/rF71pcI0+wZWTDnlQwkoA2R0YxR
|
||||
U9g8Njt4kV8BM4qrV6RDBz+v4xoJmopK3vhPInLNBz47XpMjo+9HBN4zUOagH5zw
|
||||
13+v3dIg5KiO6It8xm+j8KLjy8eZmtVP+A80LnjUUOOMcwGNDk/iNE/AW3h8W99N
|
||||
a8VebXzQYYa2oQZXUUNNAXy0auvFJjo8luczXRolITSI+j1YBVD45j4FsOjLD8i9
|
||||
YupiSU9DxCOFYao/GVDXPUlr7MLlKyhoxcZNiPqldUlZBhBy3UEUVeFn6CbKw1mX
|
||||
nXuqvyvHe1KkCLzjeJum6jeQftgfF6kZ1kSEGBgaHkyS+p837DVF0YqOkRE79FTR
|
||||
2JZPczAmkE2sLXfNHRecXzP2qjD3oiRpMkYbLvvuzgM19lCUIxavuoRDOm5+JYJx
|
||||
SxTXcRMpaZRX5a9dlccxKnwfNpt7qcx1deKHn7sjbz2xuJV5t27srnDKWXILPFeA
|
||||
Di0Rv/i71uuvvpzCARHlRqb75tIMuQS2qKL1wHl+8t83BztwVB9JCyd4OOvHgO3S
|
||||
XgHRt/r5xT7eKPzGRENFGw44AeB1bmVJ4p3Blsd1L+cxAV03i7UVnWdpzWwOtlQ3
|
||||
Qi04Yi1vCWyL1JF5eAT+GQrHJmQYFXbFDYMuGn1E0X5LlfItb3WB1yb92vEhSzI=
|
||||
=bwYC
|
||||
-----END PGP MESSAGE-----
|
||||
fp: 91EBE87016391323642A6803B966009D57E69CC6
|
||||
- created_at: "2023-06-05T19:07:55Z"
|
||||
enc: |-
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
wcFMA7zUOKwzpAE7AQ//Zr7w6D+KQkUbE/Zn9r++iNkcMhrnVcV51QA1SejlkrtT
|
||||
9k2NXFxnciuNkkUiqqp2mkSpHYixrMiZVa6bnaVydTcDTx9nzZuhYGPR3GL8k7WS
|
||||
1+KrNMUPr2fdRF6KJeHduHRruUAjZJJBQdKDaXVRBPCx0TgjI9vfyE7A5WA0tPDc
|
||||
WJG6+lQc1akh22wwGDtkKQdHsPIoRCYu5kgpproqpsB7xzGkN+WeGNSYd4czyhId
|
||||
9FH5MvAEeVY04t5QSK19G8SM8Bty5INMN2rLZOxUaFvWOPnRiMOxgjz7CD2ELuZZ
|
||||
RsnkVsXb/vZyyGhVqLWAsf2zC7CWmCkWZzv3u+ASKW1iQSBLNah+ncwC7pY2zkEn
|
||||
67EajsWkJVzvpRguyQcmEBS0eQPNOeFtCCyXFNiv2HDnO7iGHZYxof2s5xFbCaIP
|
||||
+FddIlCqmUUMQQ+4I4Kurlrm2Sicn01BEDsNbORtHPKp4XIAoGnmX7GY8Xk8crLI
|
||||
oonYB10/4YdEyBnsoy7vfYVNMcCyYx/ACrS56aydF6TwJsUYfEaC8+i8XTPFws9A
|
||||
1csWkp0ELni7VaHsyHy2awyjgRlMhC+6mdub5E6OkwX6NXCSYhnxNJgh+wM/PK99
|
||||
c2WPKadUIN3NEXPKgUVMJb7Yf4iiOg8RFO8ZOj9y87lJZP83DZrAmdnJxbUZnjHS
|
||||
UQFxayY+jt1mxe6AJiO39VsdhBdRQmjjwkU2xSJMTjbKUE58PJcm0qBAzjRpbdKh
|
||||
5FXB2lK2whkwPUEHWdgUhaAjrTHC8PUdQ+DKnqSekN9Trg==
|
||||
=aTKf
|
||||
-----END PGP MESSAGE-----
|
||||
fp: DD0998E6CDF294537FC604F991FA5E5BF9AA901C
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.7.3
|
|
@ -17,7 +17,7 @@ in {
|
|||
|
||||
# shares break nfs
|
||||
shares = lib.mkForce [];
|
||||
bootDiskType = "erofs";
|
||||
storeDiskType = "erofs";
|
||||
|
||||
volumes = map (export: {
|
||||
mountPoint = "/${export}";
|
||||
|
@ -32,11 +32,7 @@ in {
|
|||
"/${export}".options = [ "relatime" "discard" ];
|
||||
}) {} nfsExports;
|
||||
|
||||
networking = {
|
||||
hostName = "nfsroot";
|
||||
|
||||
firewall.enable = false;
|
||||
};
|
||||
networking.hostName = "nfsroot";
|
||||
|
||||
system.stateVersion = "22.05";
|
||||
}
|
||||
|
|
|
@ -45,4 +45,10 @@
|
|||
}
|
||||
'';
|
||||
};
|
||||
|
||||
systemd.services.nfs-mountd.requires = [
|
||||
"var-lib-nfsroot-riscbert.mount"
|
||||
"var-lib-nfsroot-dacbert.mount"
|
||||
''var-lib-dump\x2ddvb-whoopsie.mount''
|
||||
];
|
||||
}
|
||||
|
|
|
@ -1,8 +1,6 @@
|
|||
{ tftproots, pkgs, ... }:
|
||||
|
||||
{
|
||||
networking.firewall.enable = false;
|
||||
|
||||
# raspberrypi boot
|
||||
services.atftpd = {
|
||||
enable = true;
|
||||
|
|
|
@ -20,10 +20,7 @@
|
|||
|
||||
system.stateVersion = "22.05";
|
||||
|
||||
networking = {
|
||||
hostName = "nncp";
|
||||
firewall.enable = false;
|
||||
};
|
||||
networking.hostName = "nncp";
|
||||
|
||||
programs.nncp = {
|
||||
enable = true;
|
||||
|
|
|
@ -9,10 +9,6 @@
|
|||
vcpu = 8;
|
||||
mem = 2048;
|
||||
persistedShares = [ "/etc" "/home" "/var" ];
|
||||
extraShares = [ {
|
||||
source = "/storage/cephfs/microvms/c3d2/config/owncast/archive";
|
||||
mountPoint = config.services.owncast-archiver.targetDir;
|
||||
} ];
|
||||
};
|
||||
c3d2.hq.statistics.enable = true;
|
||||
|
||||
|
|
|
@ -30,7 +30,7 @@ in
|
|||
|
||||
targetDir = mkOption {
|
||||
type = types.str;
|
||||
default = "/mnt/archive";
|
||||
default = "/archive";
|
||||
};
|
||||
|
||||
pollInterval = mkOption {
|
||||
|
|
|
@ -1,34 +0,0 @@
|
|||
{ config, pkgs, ... }:
|
||||
|
||||
{
|
||||
networking.hostName = "oxigraph";
|
||||
system.stateVersion = "22.11";
|
||||
c3d2.hq.statistics.enable = true;
|
||||
deployment = {
|
||||
vcpu = 16;
|
||||
mem = 8192;
|
||||
needForSpeed = true;
|
||||
};
|
||||
|
||||
users = {
|
||||
groups.oxigraph = {};
|
||||
users.oxigraph = {
|
||||
isSystemUser = true;
|
||||
group = "oxigraph";
|
||||
home = "/var/lib/oxigraph";
|
||||
createHome = true;
|
||||
};
|
||||
};
|
||||
|
||||
systemd.services.oxigraph = {
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
after = [ "network.target" ];
|
||||
serviceConfig = {
|
||||
User = "oxigraph";
|
||||
Group = "oxigraph";
|
||||
ExecStart = "${pkgs.oxigraph}/bin/oxigraph_server serve -l ${config.users.users.oxigraph.home}/data";
|
||||
};
|
||||
};
|
||||
|
||||
# curl https://dumps.wikimedia.org/wikidatawiki/entities/latest-all.nt.bz2 |bzip2 -cd - | parallel -j`nproc` --pipe -L 100000 --joblog /tmp/split_log.txt --resume-failed 'F=$(mktemp /tmp/wikidata-XXXXXX); cat > $F && time curl -X POST -H 'Content-Type:application/n-triples' -T $F "http://localhost:7878/store?graph=https://wikidata.org/"; rm $F'
|
||||
}
|
|
@ -1,4 +1,4 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
{ config, lib, libC, pkgs, ... }:
|
||||
|
||||
{
|
||||
imports = [
|
||||
|
@ -25,6 +25,7 @@
|
|||
},
|
||||
},
|
||||
apply_properties = {
|
||||
-- TODO: better name?
|
||||
["node.description"] = "Pipebert Audio Streaming",
|
||||
},
|
||||
}
|
||||
|
@ -81,7 +82,7 @@
|
|||
proxy_set_header X-Scheme $scheme;
|
||||
proxy_set_header Accept-Encoding identity;
|
||||
client_max_body_size 200M;
|
||||
'';
|
||||
'' + libC.hqNetworkOnly;
|
||||
};
|
||||
# locations."/cam/stream" = {
|
||||
# proxyPass = "http://localhost:3020/?action=stream";
|
||||
|
@ -103,6 +104,7 @@
|
|||
locations."/" = {
|
||||
proxyPass = "http://127.0.0.1:8888/";
|
||||
proxyWebsockets = true;
|
||||
extraConfig = libC.hqNetworkOnly;
|
||||
};
|
||||
};
|
||||
"mopidy.hq.c3d2.de" = {
|
||||
|
@ -111,6 +113,7 @@
|
|||
locations."/" = {
|
||||
proxyPass = "http://127.0.0.1:6680";
|
||||
proxyWebsockets = true;
|
||||
extraConfig = libC.hqNetworkOnly;
|
||||
};
|
||||
};
|
||||
"pipebert.hq.c3d2.de" = {
|
||||
|
|
|
@ -3,7 +3,7 @@ alertmanager:
|
|||
alert2muc:
|
||||
config: ENC[AES256_GCM,data:1JKSMT5yz9xzHQrx9BOZupoYhSDmYQKPO85GVZiQbiN03LkPNMhilSKteU6Mr5vTau+aWBYqKr14t9iTc9xwnClfT5YiK4CbRbDELZ7OcmENmeGnf881t8O6pLkvkkPIK0rtr78U6JRdIJ6dxp8Veg8eTEcJtGdK2/FiiW0Z384NEIDFjYv7FAhBCE14QYCgC1r/xa11mmJYW9BgmloI,iv:fkvsTnbllRVqaE4CHKV07zOKjbKPmR/M4qpp2dWAkmM=,tag:s543Eralf/eWwAIKugbZKw==,type:str]
|
||||
nginx:
|
||||
httpAuth: ENC[AES256_GCM,data:PS7icDVNB4g7XBMP7mMSbalkvQ==,iv:0GOfGl97k1AjkRxm2x2f4LpeQOuJcFqAHgdRrbceW6U=,tag:GX5L0wI5zwHwuls7ZOPlOQ==,type:str]
|
||||
httpAuth: ENC[AES256_GCM,data:37Q4IXXfC0XlEXArHefpYfBs43p7iET+vwB4z5JkLHvbI3Wj+McFf1z6pMhEat00D9aAj4Xv9s3KK/4u0/KkNp4f,iv:ODtFBPkewYGXu7UI5nvdXhWz0r4dCyv+ZZ0A0nrcy4E=,tag:Wqy8b9cGrRCp/cCZZdb2qQ==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
|
@ -28,8 +28,8 @@ sops:
|
|||
VURvRkJmaUYzMHlmdDJnT2N0WjhmYUUKx9lhKZAxIOx/R4oVAz3DKhcb0sHR6i7t
|
||||
XuXT538o2VgWUEnREbmIP7Tn/iPaqtpmtlRdIRjOc1LqZiRGTP8nlw==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2023-01-16T19:39:57Z"
|
||||
mac: ENC[AES256_GCM,data:7TI6W1heh8em+GwIv6d0RJsJqA/kfBWUkNgRKPtMxkLFfeOC8Xw6APntKaEXpG4pK/eed1FOClnTlwr2watHPDO6ssXYCZgLYXgJctjmE3FduAf6sfd6vmdrnVtP1z9KPAmXpYsJYIloQbnSldyl/oijfTLWtUotj0umpwWfFA0=,iv:0cEEVINd3Mt+n1Ci/pp41fzuDKISgVAB3DjuxcIdODw=,tag:C/ktisdUV1sI1do7K53tzQ==,type:str]
|
||||
lastmodified: "2023-06-07T23:21:00Z"
|
||||
mac: ENC[AES256_GCM,data:eUXv2R8IF4cfrO/5t5BxIkm0Ha0VUJ5zy5ZEY6tBCESreEUBqq6Tsz25amb6z04MlTIpG12rwQDlMTo6KGS/EsL5qv3ZgqOsVNo2k4RHvL5kQ6N0hFwAx1am2z05qu9y/pHN/8UKtCI9hfwgcmm/jNvSwpDjoV+O8UFgMX6ypAY=,iv:Tzuz5DJNBBo/7IlDbSsx4cAZHX+DB1y87QV6ez1EwBU=,tag:PFZv2kH/dGb2o7j686BAHg==,type:str]
|
||||
pgp:
|
||||
- created_at: "2022-12-26T19:10:09Z"
|
||||
enc: |
|
||||
|
|
|
@ -138,12 +138,6 @@
|
|||
} {
|
||||
hostNames = [ "relay.fedi.buzz" ];
|
||||
proxyTo.host = zentralwerk.lib.config.site.net.serv.hosts4.buzzrelay;
|
||||
} {
|
||||
hostNames = [ "tmppleroma.hq.c3d2.de" ];
|
||||
proxyTo.host = zentralwerk.lib.config.site.net.serv.hosts4.tmppleroma;
|
||||
} {
|
||||
hostNames = [ "oxigraph.hq.c3d2.de" ];
|
||||
proxyTo.host = zentralwerk.lib.config.site.net.serv.hosts4.oxigraph;
|
||||
} {
|
||||
hostNames = [ "drone.hq.c3d2.de" ];
|
||||
proxyTo.host = hostRegistry.drone.ip4;
|
||||
|
|
|
@ -17,7 +17,7 @@
|
|||
loader.grub.enable = false;
|
||||
loader.efi.canTouchEfiVariables = true;
|
||||
supportedFilesystems = lib.mkForce [ "vfat" "ext4" ];
|
||||
tmpOnTmpfs = true;
|
||||
tmp.useTmpfs = true;
|
||||
};
|
||||
|
||||
hardware = {
|
||||
|
|
|
@ -7,7 +7,7 @@ let
|
|||
|
||||
makeMlatClientService = args: {
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
requires = [ "readsb.service" ];
|
||||
requires = [ "dump1090.service" ];
|
||||
serviceConfig = {
|
||||
User = "mlat-client";
|
||||
Group = "adsb";
|
||||
|
@ -26,8 +26,17 @@ in {
|
|||
"dvb_usb_rtl28xxu"
|
||||
];
|
||||
|
||||
networking.firewall.allowedTCPPorts = [
|
||||
# dump1090
|
||||
30001
|
||||
30002
|
||||
30003
|
||||
30004
|
||||
30005
|
||||
];
|
||||
|
||||
environment.systemPackages = with pkgs; [
|
||||
readsb
|
||||
dump1090
|
||||
];
|
||||
|
||||
sops.secrets = {
|
||||
|
@ -45,7 +54,7 @@ in {
|
|||
isSystemUser = true;
|
||||
group = "adsb";
|
||||
};
|
||||
readsb = {
|
||||
dump1090 = {
|
||||
isSystemUser = true;
|
||||
group = "adsb";
|
||||
};
|
||||
|
@ -59,7 +68,7 @@ in {
|
|||
systemd.services = {
|
||||
dump1090-influxdb = {
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
requires = [ "readsb.service" ];
|
||||
requires = [ "dump1090.service" ];
|
||||
serviceConfig = {
|
||||
ExecStart = "${pkgs.dump1090-influxdb}/bin/dump1090-influxdb";
|
||||
User = "dump1090-influxdb";
|
||||
|
@ -109,11 +118,11 @@ in {
|
|||
# Feeds https://adsb.chaos-consulting.de/map/
|
||||
mlat-client-chaos-consulting = makeMlatClientService "--server ${config.services.stunnel.clients.mlat-client-chaos-consulting.accept} --user \"$(cat ${config.sops.secrets."chaos-consulting/user".path})\"";
|
||||
|
||||
readsb = {
|
||||
dump1090 = {
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
serviceConfig = {
|
||||
ExecStart = "${pkgs.readsb}/bin/readsb --modeac --aggressive --fix --stats-range --dcfilter --quiet --gain=-10 --lon=${lon} --lat=${lat} --net --net-ro-port=30002 --net-sbs-port=30003 --net-bo-port=30005 --net-vrs-port=30006 --net-beast-reduce-interval 1 --net-connector feed.adsbexchange.com,30005,beast_reduce_out";
|
||||
User = "readsb";
|
||||
ExecStart = "${pkgs.dump1090}/bin/dump1090 --modeac --forward-mlat --quiet --lon ${lon} --lat ${lat} --net --net-ro-port 30002 --net-sbs-port 30003 --net-bo-port 30005";
|
||||
User = "dump1090";
|
||||
Group = "adsb";
|
||||
ProtectSystem = "full";
|
||||
ProtectHome = true;
|
||||
|
@ -122,10 +131,10 @@ in {
|
|||
};
|
||||
};
|
||||
|
||||
# SHIM because readsb has no web server like dump1090
|
||||
# SHIM because dump1090 has no web server like dump1090
|
||||
sbs2json = {
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
requires = [ "readsb.service" ];
|
||||
requires = [ "dump1090.service" ];
|
||||
serviceConfig = {
|
||||
ExecStart = "${pkgs.heliwatch.http-json}/bin/http-json";
|
||||
User = "sbs2json";
|
|
@ -3,7 +3,7 @@
|
|||
{
|
||||
imports = [
|
||||
./soapysdr.nix
|
||||
./readsb.nix
|
||||
./adsb.nix
|
||||
];
|
||||
|
||||
c3d2 = {
|
||||
|
@ -47,7 +47,7 @@
|
|||
# No ZFS on latest kernel:
|
||||
supportedFilesystems = lib.mkForce [ "vfat" "ext4" ];
|
||||
|
||||
tmpOnTmpfs = true;
|
||||
tmp.useTmpfs = true;
|
||||
extraModulePackages = [ ];
|
||||
initrd = {
|
||||
availableKernelModules = [ "usbhid" ];
|
||||
|
@ -98,7 +98,6 @@
|
|||
prefixLength = zentralwerk.lib.config.site.net.serv.subnet4Len;
|
||||
}];
|
||||
defaultGateway = "172.20.73.1";
|
||||
firewall.enable = false;
|
||||
nameservers = [ "172.20.73.8" "9.9.9.9" ];
|
||||
};
|
||||
|
||||
|
@ -127,7 +126,7 @@
|
|||
'';
|
||||
systemd.services = {
|
||||
soapysdr-server.serviceConfig.CPUAffinity = "2-2";
|
||||
readsdb.serviceConfig.CPUAffinity = "3-3";
|
||||
dump1090.serviceConfig.CPUAffinity = "3-3";
|
||||
};
|
||||
|
||||
system.stateVersion = "21.05"; # Did you read the comment?
|
||||
|
|
|
@ -1,6 +1,10 @@
|
|||
{ pkgs, ... }:
|
||||
|
||||
{
|
||||
networking.firewall.allowedTCPPorts = [
|
||||
55132
|
||||
];
|
||||
|
||||
environment.systemPackages = with pkgs; [
|
||||
soapysdr-with-plugins
|
||||
hackrf
|
||||
|
|
|
@ -26,7 +26,7 @@
|
|||
];
|
||||
};
|
||||
|
||||
tmpOnTmpfs = true;
|
||||
tmp.useTmpfs = true;
|
||||
};
|
||||
|
||||
fileSystems."/mnt/sd" = {
|
||||
|
|
|
@ -27,7 +27,6 @@
|
|||
hostName = "rpi-netboot";
|
||||
useDHCP = false;
|
||||
interfaces.eth0.useDHCP = true;
|
||||
firewall.enable = false;
|
||||
};
|
||||
|
||||
fileSystems = {
|
||||
|
|
|
@ -3,7 +3,6 @@
|
|||
{
|
||||
networking.hostName = "schalter";
|
||||
hardware.enableRedistributableFirmware = true;
|
||||
#networking.wireless.enable = true;
|
||||
powerManagement.cpuFreqGovernor = lib.mkDefault "performance";
|
||||
|
||||
boot = {
|
||||
|
@ -19,7 +18,7 @@
|
|||
# no zfs required
|
||||
supportedFilesystems = lib.mkForce [ "vfat" "ext4" ];
|
||||
|
||||
tmpOnTmpfs = true;
|
||||
tmp.useTmpfs = true;
|
||||
};
|
||||
|
||||
nixpkgs.config.packageOverrides = pkgs: {
|
||||
|
@ -34,5 +33,8 @@
|
|||
firmwareSize = 512;
|
||||
};
|
||||
|
||||
# can't find zstd library on armv6
|
||||
services.nginx.recommendedZstdSettings = false;
|
||||
|
||||
nixpkgs.crossSystem = lib.systems.examples.raspberryPi;
|
||||
}
|
||||
|
|
|
@ -38,7 +38,7 @@
|
|||
color:#333;
|
||||
}
|
||||
</style>
|
||||
<script src="https://ajax.googleapis.com/ajax/libs/jquery/3.4.1/jquery.min.js"></script>
|
||||
<script src="jquery-3.7.0.min.js"></script>
|
||||
<script src="https://unpkg.com/leaflet@1.6.0/dist/leaflet.js" integrity="sha512-gZwIG9x3wUXg2hdXF6+rVkLF/0Vi9U8D2Ntg4Ga5I5BZpVkVxlJWbSQtXPSiUTtC0TjtGOmxa1AJPuV0CPthew==" crossorigin=""></script>
|
||||
<script type="text/javascript">
|
||||
Map=null;
|
||||
|
|
|
@ -28,6 +28,7 @@
|
|||
root = pkgs.runCommand "adsb-map" {} ''
|
||||
mkdir $out
|
||||
cp ${./adsb.html} $out/index.html
|
||||
cp ${./jquery-3.7.0.min.js} $out/jquery-3.7.0.min.js
|
||||
cp ${./airplane.svg} $out/airplane.svg
|
||||
'';
|
||||
extraConfig = ''
|
||||
|
|
File diff suppressed because one or more lines are too long
|
@ -1,10 +1,9 @@
|
|||
{ config, ... }:
|
||||
{ config, lib, pkgs, ... }:
|
||||
|
||||
{
|
||||
imports = [
|
||||
./hardware-configuration.nix
|
||||
./microvm-staging.nix
|
||||
./znapzend.nix
|
||||
];
|
||||
|
||||
c3d2 = {
|
||||
|
@ -16,7 +15,6 @@
|
|||
boot = {
|
||||
loader.grub = {
|
||||
enable = true;
|
||||
version = 2;
|
||||
device = "/dev/sda";
|
||||
};
|
||||
kernelParams = [
|
||||
|
@ -24,25 +22,33 @@
|
|||
# No server/router runs any untrusted user code
|
||||
"mitigations=off"
|
||||
];
|
||||
tmpOnTmpfs = true;
|
||||
tmpOnTmpfsSize = "80%";
|
||||
tmp = {
|
||||
useTmpfs = true;
|
||||
tmpfsSize = "80%";
|
||||
};
|
||||
};
|
||||
|
||||
networking = {
|
||||
firewall = {
|
||||
enable = true;
|
||||
allowedTCPPorts = [ 22 ];
|
||||
};
|
||||
hostName = "server10";
|
||||
# TODO: change that to something more random
|
||||
hostId = "10101010";
|
||||
};
|
||||
|
||||
# reserve resources for legacy MicroVMs
|
||||
services.nomad.settings.client.reserved = {
|
||||
cpu = 4200;
|
||||
# see /sys/fs/cgroup/system.slice/system-microvm.slice/memory.current
|
||||
memory = 28 * 1024;
|
||||
services = {
|
||||
ceph = {
|
||||
mds.package = pkgs.ceph_17_2;
|
||||
mgr.package = pkgs.ceph_17_2;
|
||||
mon.package = pkgs.ceph_17_2;
|
||||
osd.package = pkgs.ceph_17_2;
|
||||
rgw.package = pkgs.ceph_17_2;
|
||||
};
|
||||
|
||||
# reserve resources for legacy MicroVMs
|
||||
nomad.settings.client.reserved = {
|
||||
cpu = 4200;
|
||||
# see /sys/fs/cgroup/system.slice/system-microvm.slice/memory.current
|
||||
memory = 28 * 1024;
|
||||
};
|
||||
};
|
||||
|
||||
simd.arch = "ivybridge";
|
||||
|
@ -62,6 +68,7 @@
|
|||
"staging-data-hoarder"
|
||||
"borken-data-hoarder"
|
||||
"tram-borzoi"
|
||||
"uranus"
|
||||
];
|
||||
skyflake.nomad.client.meta."c3d2.cpuSpeed" = "4";
|
||||
skyflake.storage.ceph.osds = [ {
|
||||
|
@ -71,6 +78,8 @@
|
|||
keyfile = config.sops.secrets."ceph/osd.4/keyfile".path;
|
||||
deviceClass = "ssd";
|
||||
} ];
|
||||
# TODO: remove
|
||||
skyflake.storage.ceph.package = lib.mkForce pkgs.ceph_17_2;
|
||||
|
||||
system.stateVersion = "21.11"; # Did you read the comment?
|
||||
}
|
||||
|
|
|
@ -1,27 +0,0 @@
|
|||
# Quick full backups of all service MicroVM datasets.
|
||||
# server10 runs services, server8+9 have the storage.
|
||||
{
|
||||
services.znapzend = {
|
||||
enable = true;
|
||||
logLevel = "info";
|
||||
autoCreation = true;
|
||||
# override preexisting zetups
|
||||
pure = true;
|
||||
zetup = {
|
||||
"server10/vm" = {
|
||||
recursive = true;
|
||||
# keep a day of hourly snapshots locally on server10
|
||||
plan = "24h => 1h";
|
||||
destinations = {
|
||||
server8 = rec {
|
||||
dataset = "server8_hdd/backups/server10/vm";
|
||||
host = "server8.cluster.zentralwerk.org";
|
||||
plan = "2h => 1h, 7d => 24h";
|
||||
# just always work
|
||||
presend = "ssh-keygen -F ${host} >/dev/null || ssh-keyscan ${host} >> .ssh/known_hosts";
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
|
@ -21,8 +21,10 @@ _:
|
|||
# No server/router runs any untrusted user code
|
||||
"mitigations=off"
|
||||
];
|
||||
tmpOnTmpfs = true;
|
||||
tmpOnTmpfsSize = "80%";
|
||||
tmp = {
|
||||
useTmpfs = true;
|
||||
tmpfsSize = "80%";
|
||||
};
|
||||
};
|
||||
|
||||
disko.disks = [ {
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
{ config, ... }:
|
||||
{ config, lib, pkgs, ... }:
|
||||
|
||||
{
|
||||
imports = [
|
||||
|
@ -12,14 +12,20 @@
|
|||
};
|
||||
|
||||
boot = {
|
||||
initrd = {
|
||||
availableKernelModules = [ "igb" ];
|
||||
network.ssh.enable = true;
|
||||
};
|
||||
loader.systemd-boot.enable = true;
|
||||
kernelParams = [
|
||||
"preempt=none"
|
||||
# No server/router runs any untrusted user code
|
||||
"mitigations=off"
|
||||
];
|
||||
tmpOnTmpfs = true;
|
||||
tmpOnTmpfsSize = "80%";
|
||||
tmp = {
|
||||
useTmpfs = true;
|
||||
tmpfsSize = "80%";
|
||||
};
|
||||
};
|
||||
|
||||
networking = {
|
||||
|
@ -27,6 +33,14 @@
|
|||
hostId = "07070707";
|
||||
};
|
||||
|
||||
services.ceph = {
|
||||
mds.package = pkgs.ceph_17_2;
|
||||
mgr.package = pkgs.ceph_17_2;
|
||||
mon.package = pkgs.ceph_17_2;
|
||||
osd.package = pkgs.ceph_17_2;
|
||||
rgw.package = pkgs.ceph_17_2;
|
||||
};
|
||||
|
||||
simd.arch = "ivybridge"; # E5-2690 v2
|
||||
|
||||
sops = {
|
||||
|
@ -45,7 +59,7 @@
|
|||
fsid = "036260b7-6bff-4e90-a635-a18640223fe0";
|
||||
path = "/dev/server7_nvme0/ceph";
|
||||
keyfile = config.sops.secrets."ceph/osd.5/keyfile".path;
|
||||
deviceClass = "nvme";
|
||||
deviceClass = "ssd";
|
||||
} {
|
||||
id = 6;
|
||||
fsid = "e4dbb8be-da42-4a85-85c9-da207b17386c";
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
{ config, ... }:
|
||||
{ config, lib, pkgs, ... }:
|
||||
|
||||
{
|
||||
imports = [
|
||||
|
@ -14,7 +14,6 @@
|
|||
boot = {
|
||||
loader.grub = {
|
||||
enable = true;
|
||||
version = 2;
|
||||
# Define on which hard drive you want to install Grub.
|
||||
device = "/dev/disk/by-id/scsi-3600300570140a6102b0acad9825149f2"; # or "nodev" for efi only
|
||||
};
|
||||
|
@ -23,8 +22,10 @@
|
|||
# No server/router runs any untrusted user code
|
||||
"mitigations=off"
|
||||
];
|
||||
tmpOnTmpfs = true;
|
||||
tmpOnTmpfsSize = "80%";
|
||||
tmp = {
|
||||
useTmpfs = true;
|
||||
tmpfsSize = "80%";
|
||||
};
|
||||
};
|
||||
|
||||
networking = {
|
||||
|
@ -33,6 +34,14 @@
|
|||
};
|
||||
|
||||
services = {
|
||||
ceph = {
|
||||
mds.package = pkgs.ceph_17_2;
|
||||
mgr.package = pkgs.ceph_17_2;
|
||||
mon.package = pkgs.ceph_17_2;
|
||||
osd.package = pkgs.ceph_17_2;
|
||||
rgw.package = pkgs.ceph_17_2;
|
||||
};
|
||||
|
||||
nginx = {
|
||||
enable = true;
|
||||
virtualHosts."server8.cluster.zentralwerk.org" = {
|
||||
|
@ -68,8 +77,6 @@
|
|||
path = "/etc/machine-id";
|
||||
};
|
||||
"restic/htpasswd" = {
|
||||
group = config.systemd.services.restic-rest-server.serviceConfig.Group;
|
||||
mode = "400";
|
||||
owner = config.systemd.services.restic-rest-server.serviceConfig.User;
|
||||
path = "/var/lib/restic/.htpasswd";
|
||||
};
|
||||
|
@ -90,6 +97,8 @@
|
|||
keyfile = config.sops.secrets."ceph/osd.2/keyfile".path;
|
||||
deviceClass = "hdd";
|
||||
} ];
|
||||
# TODO: remove
|
||||
skyflake.storage.ceph.package = lib.mkForce pkgs.ceph_17_2;
|
||||
|
||||
system.stateVersion = "22.11";
|
||||
}
|
||||
|
|
|
@ -5,9 +5,9 @@ ceph:
|
|||
osd.2:
|
||||
keyfile: ENC[AES256_GCM,data:PwOm1GNXLUYVhjoTQB1Ne/X0J1OUeUBk3ucGJv2qgbgpJUH6sXR/Ng==,iv:q7JUhvn2jeyT55/DTepQTa4ocXl1zN9SdzKz1CO/XEE=,tag:lPsfERwCcfyjvaCWEd4e7w==,type:str]
|
||||
restic:
|
||||
password: ENC[AES256_GCM,data:srAGp/9yMg+MUFSJHcTGm1Vo/9a1iIQ8gLHKfLIcJIi9j3ruHYlgPcLmRzGN48C9MCZePTYfljLiFRv0/TEvxoiIwLF3N8So+dPza/3PalzXZKn6Z48fg2k6+JfxcmLKt1WgFabUb3fcA0ZqoU+IWJ9IkvtNuFuSOytr9V4R1SpnJi/4+X/G9LQokXgZapxD2bjqldAOl4XnJqnYUfWzHNIdBziVt/sw1wGOJCoTd3ijiadjnNmcxstDGc3iD69bBX5m87wG4OxzVJT8H1IvJLL+U6J3ffIJzOvtUIJ1BdZQh0mVBBCyf3UAP+M9XvmaSoJvh9E24g7ywi+BFYYfuP1GXYy9W3PhTKoZzGAzrzRdWMI4Yjf6pitDk5eXWfDKszVlWKBGnegi3KtIgYfE1FtZ1/Xl0gAk/t9b4TUewN8kPbsOgdVDDGU5nA+rMkq0DXZBh7G45MZ9rQEcd40XA60P8PCo38Cttb/t36cWHqofHsVOkDEHwG+VXqhkz2r6Ic0N8D7TSqXP1+3yTQ12ommZOVVygouF7Q==,iv:U4SQFSUJxQ2aD91zFxalhphrKRp4lWDEESh3JVLED20=,tag:U3fhdw34+fkVOLvAgCrEmA==,type:str]
|
||||
password: ENC[AES256_GCM,data:U2cJwi/wB3U7Fx7KnDjHo59dz21KYgvTGWqTOVWD9fiF4DKyCit6V7hmWzRKfYiKHxwtZafcjbrTbCcQRVOLzOjNzycMu+XjBOV8zflUZpURDJTnVLKTphd5sRod66NWcqg7BzB0aYYsTmsjh5bJk+/zzSa6Ara/AlqZJcpq522XfVGbMkguH1rrEhIFkXXmgc57Wo9HH1D/5whveNv2gf1yS+76wv42epNbaRSPXwa9NeWFjQQQOydUVCESNteg64yI6jXf4YID7H8uSQB48AHdB/oUd+nexkH6+LEoXSkBCWxW6G/saipoi6LTzDlZIBo7XTSiONQfulcV52Rwb3UhPy69akwcROKdOeJ4IYyjH2eafCBv5mBnoCmCAcR+369cR6Ga1XxCvbiIMRagEv6J1nHR7GyrHS2h0xu9n1eGRfx3xztPMhPqTqIUeafr+Wwx87CpSKsH7JaQkQgBaI1qAXvqUjbkGOEvL8+oH3o8COddIxMshnUm5gIomTfvGx/v23Sqj1wD4PLyY/spGEbYTrru2XaROwbVxDaH8hz0ujp3S0eKP91lZf+1MxOPrjdtn3Nkl8h15c4/9EV4EkkH65wMbFoacAzW3vCj0pxW6kGgnWOL53gQkosU+JRGiUXjRVSsiaDK71BYn9SAgO0Dr/PFHBsgPBKv3idv109e6baIgIYYTsEj/wxTMyWCh+M=,iv:/V9sw67SswAY2DGQX71gtqpg6AceUqheCJ46fiZ9RDA=,tag:mWDbBm/XYx3/0FxF+xeT6Q==,type:str]
|
||||
#ENC[AES256_GCM,data:wKIykk+mVh3I2Hyo2TZVftZxuPZzlAmPEIX41WO7eLka/03P01cTZQl6bmElMRprwWFY,iv:B1ujyiHpdDeNLFjntmRKaAEFknLVNzsxv52kTMx9hVw=,tag:hzyRxamPe7nSUoKFaUKJKw==,type:comment]
|
||||
htpasswd: ENC[AES256_GCM,data:LcIDGqfVsBrfP2xJQP2nPsSkH7gfQV37IWHK4HjiW0AlPftsIndpYfJLtPeYp3sO8j8pLKkHYRCaC6dCLC6XSx4oenwiOSPLip7exUBRYi1MGw1p82IIUoa8JEgDZ5EEpfSHHxALGtKM8andIW9aMHZC41KVYBgBkdnYtrSTjmT2MZC1NgWE3A6Nu30IrzLLJIU9ubxpqg/xeHcyfwwwm2BsSEJ3cu4IoaDSHCOpEQm5ZabxtgeY9wGj7RYo0vbcKPa0h21CQ8pex2fUE8FGXEma9gkQexN58g9WogXttCdMN4+1KBRh4yYX4cjIN3doP5ZoilZaqJ/qpI6Yp/6qRwDxcFrbKhJVokJV5auxZcNxa4CNwdiV/erugVtL/vc2RjjeSHeMYK0ZimBEwM9yZ78MY2vTENsmSdq1vkoyCU+wiPziRo6XfGJAMdgYcWfFlh//OESYtqfNCYG5E8rcjytojjf9ui4eSrfrB51kCeRol/t0k21+hU/pko5/z0j2YKyLyGmv9TW3cMpWWh7DHUPwWa/MdJCj95KmxVUGes/RtVxNn4ltH4r214hWgvCnNj+YD0SqmdVAk0YPHJGRMks9HQTVneGCorp+xpmalEEKGN15RjtQoN23/ENVt2R/1f1d6egsJxCQAuJl0XOyIzjDIzHFvv/OYRIFxPY4AhYOFddn1urcG1m4UGxFX2TGWY1N7ccNhWqK+TkldRIgGEhfyu7y8SdxRNfjfqeyd7iMOZ3/hlb3b7wl6vt38dxHB5cWUtuTo0OBhpHJXFqsV6UGFeXG8HEEkqwwZfg8yw4qxQnf+Lv7N4pSa+1gebzZRPmK1CKV+Qaza3spqzsGZo7HAw6aKht9EYRKYXSnaCJ1rEPAdeqrGh0UDAhe6mKNULqBvBqLpvNA590PusmtqhI=,iv:AvbeDZlkQ+/N0QlOTjcDSQzUjQ0BQRsFN8DnzQZJ0So=,tag:1b2Km5nt1p4DMxUcjeIr7A==,type:str]
|
||||
htpasswd: ENC[AES256_GCM,data:jPz5LNyFtaYLe3pGg0heC7en2nM3sOJ8XYtChhCzpuJsuZBuGrbVKo4nT/tu5UhuQy6PA+nMAtTQ6a9EETOajTb6yDxm7NeXHIll2Gv9EnepAFKNAMbuwGMLJs3fiP3vUF5ioWJBCstKq+uzFnb7BtkMivQIVv1a7iDA/Y1VpcN5/b69fO9bxpRc9UenvYC1QYXZ2T7p5gU6BUraEBAZAFdTSC5JY3l8dFsFzMYZbfT3I7d1a0oAjsgnW4CNsuDRYEvqbb9EITxQpDTwoMOZEGRynWa0vGX4QXP0RO0rI4HtQaZd/EaxkdTTzUuJgbixPFe5qPn/prWwH+E5B5Obn9blsmlM5QHNWw1ne+Pmp9oAU6l+7+SLfWP7XJcbrZbkwAoO4tUi9jwRkRXw2aTYyya0WwFPFaoBLsxfXQ/igJqzdfX7PcwCdCLoDh+nG75ePpCuaXn1fGrUzayGooQ6FtuwFiaZ2Z4nNtWS0N3ptrzi/382hLBfKTelIp9wpOrJPuh6DK+4Zp9XhjZGch8slvZnwXIihF6/vXZhKun/4o1vHYDrUCB6spVC/scJkO2vkgp8lQYVW2WOUBUq0OZDZ9ettfXEtri0iJleaZ44k57LIJTWwB07YMRoqZmaB7FBOw3cCQJ43PgTdsBaKzz+Pl4tLfikW9jbVk31u3qO+shi0NeIcL2hpJ/sEj3gQtXDYgv44JYNISjBuSQ/Ko1TjCerRrzRZr9D5jpseggB6FbsaQqrM+bMWjSwUxakq6FD0Yf4yG+WNrqm/cs4/AloZsFSOMTfXjYuK8KXR68ybVRh4AIYcH3/pm2gw2sMMXwHuap9IJhppft9zjehGgwdOwdX59yY3J/4NXfyc7tifQYqAkygWdOb5XeeWqdifmL90JSJV6xggiP45KgUJ5FIJdbfdgBTtKFthu6tM42P6ghu5apdA/CFGvSB1C4M4jWv6WYFPE48UeM61CHJf2qGM6gRv3Y5NYIfshUQ1EbbEjvUiSJHN1VBltAAXLT5oSOFgcyNi4jnUs81Jo2OOkKbcJJdmSJTIlm3SQspBPqjHevc5dIirO9kXOk49ZL55k/+3NFOpcdVgckv9hpJ40EOzVx9IxxdJVn977D0liclmtDPI1kIznNe+PpjRZWpNOqqr3jKSk4GGac2fhO7x2AFyza+/Ru7/Wjf9ACdnBf/,iv:eHSNpur/NEtslT68boyKBzOTiipY6mzuL7yOaenOUr0=,tag:gucpMWQ6nektYqq9YMF8OA==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
|
@ -32,8 +32,8 @@ sops:
|
|||
bWl4MTZUak1Bb0JWRXhRQkR4ZUFnNHMKvKQnoxb3IC7jW0P/zewbR68yJI8Uzz7U
|
||||
iPaL8MoOlmXPu5dHBSTwn39CpFR6bPxIDMHUn+y9gtCUrbIIJQAaQQ==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2023-05-21T22:45:59Z"
|
||||
mac: ENC[AES256_GCM,data:z0tocX88YIcvmITRXmcMA6QuGY8pBHcsvZMgXOr6ESt0EdjHc2PlnE75dL9wZBkM85JkxxhU5hmJZYm5ofecx07q68v3hNgVl/0vjtrqLjh1kiEfhQyYt9hIZRfCzGfhUrzyChsEMA4HCrAuHHVzuws5P9vjDHYrk94xU8drVRY=,iv:22N+fo/fR/vkrMbc+SzHwwUnCRi6D7XEAf9e57F4g6Y=,tag:ycPxZZExtTYu0n0IC1XOVQ==,type:str]
|
||||
lastmodified: "2023-06-05T18:59:40Z"
|
||||
mac: ENC[AES256_GCM,data:SqKqTPndq3ZA8G+imEuOMp0YjMDjkyndRBhxQi6wgJRVswVzjVd+u4XW9voGryiHDaalBCoCLbOYdXfxpFC6H1Cc1hYHnu9jHA80Mk9sgiJ354P8GSF1pmufiPudXiGxhnZt2oWSSeXy/cvIr6FMePdqQCVaBHWBdoxq/mQq8og=,iv:IUbi910TuLamO+qzfd+n+m2cnP7bozwhyI0tjH6+nIA=,tag:lMoXpILp9DV5iGkb61yCnA==,type:str]
|
||||
pgp:
|
||||
- created_at: "2022-12-27T23:54:07Z"
|
||||
enc: |
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
{ config, ... }:
|
||||
{ config, lib, pkgs, ... }:
|
||||
|
||||
{
|
||||
imports = [
|
||||
|
@ -14,7 +14,6 @@
|
|||
boot = {
|
||||
loader.grub = {
|
||||
enable = true;
|
||||
version = 2;
|
||||
device = "/dev/sdc";
|
||||
};
|
||||
kernelParams = [
|
||||
|
@ -22,8 +21,10 @@
|
|||
# No server/router runs any untrusted user code
|
||||
"mitigations=off"
|
||||
];
|
||||
tmpOnTmpfs = true;
|
||||
tmpOnTmpfsSize = "80%";
|
||||
tmp = {
|
||||
useTmpfs = true;
|
||||
tmpfsSize = "80%";
|
||||
};
|
||||
};
|
||||
|
||||
networking = {
|
||||
|
@ -34,10 +35,20 @@
|
|||
# required by libvirtd
|
||||
security.polkit.enable = true;
|
||||
|
||||
# reserve resources for libvirt VMs
|
||||
services.nomad.settings.client.reserved = {
|
||||
cpu = 2300;
|
||||
memory = 16 * 1024;
|
||||
services = {
|
||||
ceph = {
|
||||
mds.package = pkgs.ceph_17_2;
|
||||
mgr.package = pkgs.ceph_17_2;
|
||||
mon.package = pkgs.ceph_17_2;
|
||||
osd.package = pkgs.ceph_17_2;
|
||||
rgw.package = pkgs.ceph_17_2;
|
||||
};
|
||||
|
||||
# reserve resources for libvirt VMs
|
||||
nomad.settings.client.reserved = {
|
||||
cpu = 2300;
|
||||
memory = 16 * 1024;
|
||||
};
|
||||
};
|
||||
|
||||
simd.arch = "westmere";
|
||||
|
@ -49,6 +60,7 @@
|
|||
path = "/etc/machine-id";
|
||||
};
|
||||
secrets."ceph/osd.3/keyfile" = {};
|
||||
secrets."ceph/osd.7/keyfile" = {};
|
||||
};
|
||||
|
||||
skyflake.nomad.client.meta."c3d2.cpuSpeed" = "3";
|
||||
|
@ -58,7 +70,15 @@
|
|||
path = "/dev/zvol/tank/ceph-osd.3";
|
||||
keyfile = config.sops.secrets."ceph/osd.3/keyfile".path;
|
||||
deviceClass = "hdd";
|
||||
} {
|
||||
id = 7;
|
||||
fsid = "a5450c3b-2e20-450b-a17a-d7938ee9d262";
|
||||
path = "/dev/disk/by-id/wwn-0x600300570140a0c02c39f0863bd3c53e";
|
||||
keyfile = config.sops.secrets."ceph/osd.7/keyfile".path;
|
||||
deviceClass = "ssd";
|
||||
} ];
|
||||
# TODO: remove
|
||||
skyflake.storage.ceph.package = lib.mkForce pkgs.ceph_17_2;
|
||||
|
||||
system.stateVersion = "21.11";
|
||||
|
||||
|
|
|
@ -2,6 +2,8 @@ machine-id: ENC[AES256_GCM,data:YIOQJ21rswp+TE6sEKdNu0gP4iJ7K9ohrdXJRi5POoc=,iv:
|
|||
ceph:
|
||||
osd.3:
|
||||
keyfile: ENC[AES256_GCM,data:jz+zGf9sRCjxxHHa+5FVOjIS3S2xXvLr4CoOdnLDQIrQypT8p9rbcQ==,iv:QoCCR8EhcYZqGgT512ou8CyPXR8qGUvfmTqaoAXLLpc=,tag:LcFl3qc3W0BSlXMClfQvyQ==,type:str]
|
||||
osd.7:
|
||||
keyfile: ENC[AES256_GCM,data:yUDQ8bwnK7a++XFAVRJscbIxuBsLgef9ueGG6qujWNUyrmAZGvCMdg==,iv:MuLAqz5vcM92IuHEC/OeexSmXMdVYiwZgoxunlM0GHs=,tag:pR/JXDJSF1px7dzelpySeg==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
|
@ -26,8 +28,8 @@ sops:
|
|||
dU1TaURPUWFOVW11bVNtd2J4OFhDMVUK6YIU1s2aPhY3HL9EFrzcuRoFObiLjc/t
|
||||
HOFh/iFJd6fFPia7HYLYyJ1bv6Blcz9K6I5i9Ptb1AM8RUrBWC7BGw==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2023-01-07T00:23:15Z"
|
||||
mac: ENC[AES256_GCM,data:SaOmnwmKjGmHZbcSBaDM2QK0+s68+2PmRe1mkLBNjAANTRIK9djxxXpBf2cpk7FAof+BNRJUa3Mcmy3r1b+LPBrzxK0aGLwRunN+Vc8xGMYQhJObVHbcwQkJg490dHW+jZ6vROxunwghq0/sAeKUbRgCf64TpbBgFt2DRMz1mIM=,iv:kKCEWzQvgXPr7YVtjCwp4ld2mTFD29kQov2gotH400c=,tag:cByRU1D529KZCFuc3pXOHQ==,type:str]
|
||||
lastmodified: "2023-07-06T21:59:36Z"
|
||||
mac: ENC[AES256_GCM,data:B1Z4Raxaax1O6Es/TsD7gn+uZ5HyvVxngxTOBpRFEn3OtJFHZSNMap/4J9XxlXZg4DzYe7peLb8PJ8cMoADmQ3rucuC6PGa1zgokfU3HCpFm+I9wookeW/pPUCRaupz2DU+Av3qy0zI2QP6yOfgJy57vHq+nsLvCXWRF/sRos+I=,iv:mhaiqSsDBp4EQSRndMfJO419zDtl9WrEZwUm3gzDVv8=,tag:TGF7Ps1vUeHL3j0/Rh5Gzg==,type:str]
|
||||
pgp:
|
||||
- created_at: "2022-12-27T22:59:15Z"
|
||||
enc: |
|
||||
|
|
|
@ -4,14 +4,13 @@ _:
|
|||
c3d2.deployment.server = "server10";
|
||||
|
||||
networking = {
|
||||
firewall.enable = false;
|
||||
firewall.allowedTCPPorts = [
|
||||
3000 # spaceapi
|
||||
];
|
||||
hostName = "spaceapi";
|
||||
};
|
||||
|
||||
services.spaceapi.enable = true;
|
||||
|
||||
# HACK for ‘ekg-json-0.1.0.6’ nixos-22.05
|
||||
# nixpkgs.config.allowBroken = true;
|
||||
|
||||
system.stateVersion = "19.03";
|
||||
}
|
||||
|
|
|
@ -1,7 +1,4 @@
|
|||
{ zentralwerk, config, hostRegistry, lib, pkgs, ... }:
|
||||
let
|
||||
authFile = pkgs.writeText "htpasswd" "k-ot:sawCOTsl/fIUY";
|
||||
in
|
||||
{
|
||||
networking.hostName = "stream";
|
||||
c3d2.hq.statistics.enable = true;
|
||||
|
@ -48,6 +45,11 @@ in
|
|||
};
|
||||
services.jackett.enable = true;
|
||||
|
||||
sops = {
|
||||
defaultSopsFile = ./secrets.yaml;
|
||||
secrets."nginx/httpAuth".owner = config.systemd.services.nginx.serviceConfig.User;
|
||||
};
|
||||
|
||||
services.nginx = {
|
||||
enable = true;
|
||||
virtualHosts."stream.hq.c3d2.de" = {
|
||||
|
@ -59,7 +61,7 @@ in
|
|||
proxyWebsockets = true;
|
||||
extraConfig = ''
|
||||
auth_basic "Stream";
|
||||
auth_basic_user_file ${authFile};
|
||||
auth_basic_user_file ${config.sops.secrets."nginx/httpAuth".path};
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
@ -70,7 +72,7 @@ in
|
|||
proxyPass = "http://127.0.0.1:9117";
|
||||
extraConfig = ''
|
||||
auth_basic "Torrents";
|
||||
auth_basic_user_file ${authFile};
|
||||
auth_basic_user_file ${config.sops.secrets."nginx/httpAuth".path};
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
|
|
@ -0,0 +1,201 @@
|
|||
nginx:
|
||||
httpAuth: ENC[AES256_GCM,data:Om2ow5xTUahuAfZWgWtHgBU=,iv:yVLc94lT4Anlbw5Qd/xJ/2kEQcZxiikGMF1173gIMR4=,tag:StKZYTytyZYxBwxadklMKQ==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
azure_kv: []
|
||||
hc_vault: []
|
||||
age:
|
||||
- recipient: age1j5csp5v5s2g8am47dd85kcke8986e0qc88f0vfgd3kmvwu8azg3smslk92
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB0WXJ5MWJSTVpDWmdYMTdY
|
||||
aXA5RXN0UEdJYmdzUEFtdUlFNWtKcnhkRDNRCnRrOTJHOS9vNE83QWk4SEd5Qktx
|
||||
SDZJY1JnU1FBOHZERDhCY3JmK1h1dlUKLS0tIE9tSDlNQllSNFFUV3kxL1ZLMy81
|
||||
NnBmVVVjRzZCNmhtOC83bnJaTDhRcFUKwDE+ok9bsHy378KffumjqX7bx+o8iX2R
|
||||
pG/33VRkUAB8pD0wvBZtz5v8Qcz95GR1w4XcJMS/fox6mnLyNBC8aQ==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age12aukzah0pt2rck52hwn08kezyxueqz2f49ld7hpyuzmu847vavdqkunn5c
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxc05ieHVlYmxudlF0Y3Bn
|
||||
Ri9UZVI3TEVkMm9MMENZU3F3WmkyTG5aOEhBCmJrdFBIbW4yc0xBcXBCaFdZckJt
|
||||
QW1lTjJCVkE3WnlkdkRHVVMrMzVTY00KLS0tIDkzY25uR0tVaXFpbnBzcTJFaVVF
|
||||
UWtqU0hBYzVFbkVlMzJMYXJBZFQvcTQKrsbWfrNUCfl3ycHdDKBg6sQrNZ56bKrV
|
||||
u7BgTUjlryB35jwdrI+as3QzxqTdyjdXTfBMeEQQEkfqsNVu+j7vmQ==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2023-06-07T23:27:53Z"
|
||||
mac: ENC[AES256_GCM,data:+C6FOuncSKwj13MjV4I8Zk/wZ6vRPfHMLkOJnfoCjzKRY9/xmuXuDmeHzxp1de7qJKI/lKMQ799assfcX8wJNiFjHM+XV3TYeH6FBYABjR7xAgr14dfTgryp59bVp59vDYhGaFsIYYKwtqqxsPeIkxxioqE6WI0iEUGQVBWgij8=,iv:Z5LZe/biKdYpBr8qIo/fx0OQHI5kh0Zkpggpl5qC35c=,tag:/crmeTUW/8ie/Ed23cC+eQ==,type:str]
|
||||
pgp:
|
||||
- created_at: "2023-06-07T23:27:13Z"
|
||||
enc: |-
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
wcFMA6j84+xkv3y7ARAAk6nuflGhk3S8qdgS3pxdExTZ+bxMeWwuvOVnI6tZdRoB
|
||||
ow1ULUvfKCBp0zJoC3vKhtrAQc51sh2Dqsst3Bo+HGTqLEWHQUjQ+QXOwXadcpo+
|
||||
YyoBpcl5lXD1eEchHRFdpOu6ZGzf7ETpePH+bQQYBtw7YWPKmY0DpHv1+3vYLtXT
|
||||
xczBg9k+uQMc6tvaoLdT6PTiAov9IvT3mvVbnmKoa96nTF/tZqcW4hDrrDOy9iQ2
|
||||
zibhMK4lyoybMd4Wl8IL0wkaRxhgeCCVv0ygQ4JtdvNx4C5ifJR2dO5p2VtACAe9
|
||||
8XAOdItx8Wh4h/OeO78BO5Sf68lG7NHU9utvrIrv3n2+iPlejhqL7VZ6kI7TtdeR
|
||||
tjS14dUhhau2KEPPKgx3i434hSVyptAV2n1wMe5WSUiZlBKLPVI6yC1GV6X24+eQ
|
||||
3bq+A7h+sIZxFlylaN2CamVwu7X10jQdNrpjSMoXJ2hccYQutdNATDolISHISfq0
|
||||
2i1al/npdQXhntWFleCqgfLnkp+J60kgwTsgUkFGwQKkSPoYGfZn1W1ttAi4vQ7N
|
||||
ADhn5HuEbxB/54ud87iy6EqFm4qDF8Cq7hH2jGJEJGl79J+XANS+L0t6H1SWaDZQ
|
||||
nrOIMsnMjnvGhQCkGUhFgmibRvNLJPq660IrbyblLNDsv8RpVtUKjVBFJ/LQv3fS
|
||||
UQGv3xKTRzWK716mkxdbXAF0ZEgp8PM5RgsTk1ZzqoVPySRqVOu1JxE9C8YtPISv
|
||||
4xfj58IFn/KX/l8+ePIo/HdUurUsGecfRP4w+Oqe0bp6iQ==
|
||||
=us88
|
||||
-----END PGP MESSAGE-----
|
||||
fp: A5EE826D645DBE35F9B0993358512AE87A69900F
|
||||
- created_at: "2023-06-07T23:27:13Z"
|
||||
enc: |-
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
wcFMA8zMZ+ak7y/zAQ/8CF0XQrlmThc/OU0wZ78k9/Q5M/pBRDf5JAaHu+sqtlSh
|
||||
2y9/bofbuz43sZqKsekCHT/kS0lMHPtbb1DM6l3Rs3VRjz2sggcLEorNN+vg6+2R
|
||||
q3Aq07U6IkwP3mvTb5KO5U/+oTYi5B5yoTVtOWSx+RxctqHnWbxYj9IAV+73Ydj6
|
||||
i7hRfd5lv00rTX/xLDCLsyq1MO451O9ccrVOVRE/heTf7AxQYMG+oYUfEpSII5RI
|
||||
udl3bUUO7GYg3B5fZxMQSmtqAFZxVzmDDfxRZlIHQVbF4pke9rvIQYk9APLaCiZL
|
||||
1/BLzZC8fS8Tn9sowvw0hRjftYI/Wi243xwgdIsHWYxlZ/YlefopW5uLbk2Hl+bP
|
||||
kLw5/U5Q9tAKciiNxtFd5K8wyyEH0HUcoio5OzckbCuHAs/I8VZ1Rpoo5Lckxju9
|
||||
GwZOhIbAXqOQQfRzcrhkZiBMhvZQl3DybUMZvJBJUY1RzRZcSMpWXIptuDd1wHmo
|
||||
zxtqLPSHUVDvWUEWLD0YN8h+NIgFmOOKkH3as/rk6orzcuV+jSL+6x9sWjqM0XD+
|
||||
QDd9jZ39Jh9PUAixL/bOHFoJz4NQdLlMGlluIekp+iMgaxkdOjyyjQbW21YDiB4C
|
||||
Ne+vZApHhhnPSib7jyXBB6oSuNpidsVo5geAwFxZXbbU/pco+kv9k7L1E6ECvgrS
|
||||
UQHeUZO5GVhCgNTeAn6RFUIwKUhBRVTRF4EBZ1FzSKJ9QRh/IV6cU7x//VSiNNcp
|
||||
4x5IoueqsSDrGGIL7UuC6LH6CAbrX7u5aaJ5MNrRi0bGqQ==
|
||||
=Q64C
|
||||
-----END PGP MESSAGE-----
|
||||
fp: D4E89C6A0A58EE803EF708EFA9B23715F7AA3F1A
|
||||
- created_at: "2023-06-07T23:27:13Z"
|
||||
enc: |-
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
wcBMA45bZkLXmBFpAQf/WKeXAV7Frbt3+WW9U9kAXpEK7jvgLEbjyVLNAza4dEYd
|
||||
y4x4iUiDxZw6l6pJFELHM9ngSgqsdLU/MCFzZymgmgLSYww7mfZXTv39GnhmLsjY
|
||||
L7srNOqFsyhWPfC/epWXNsdmJdyM4S7j6YXr0oL9t83Mqpu9WoHPT8hFUfLhlnGk
|
||||
EvzuATPbg3b77qrBJVI9hK3qRXPKNUhVsAB/CqiycaC3eIBMe9GtAyafFXc1oTAC
|
||||
/flMdYFP+whHfTcMi9d7ZbqmPChuujUI2QdKg6dML9TT6gqUvY6lEWJI12KfliD3
|
||||
+8yyme+kCDev4QJCOfzIyyT4WELTw5ELe51z2LL1+NJRAX95uUAEuGYRjFveoYKw
|
||||
7XCazAU3T510WuuJKsR9kgT2k47IHO5V904zawh11etOijgoPs8jIUlm12pkwX4Z
|
||||
RRGhz0ttPyqu2HsyY3CmV1F2
|
||||
=Kfi1
|
||||
-----END PGP MESSAGE-----
|
||||
fp: A4B0F5A80C2E2448A97BEC25BB829C4DECA6CCB9
|
||||
- created_at: "2023-06-07T23:27:13Z"
|
||||
enc: |-
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
wcFMAwMCBBrc/JA6AQ//fEfEcVozIxrNDB6qaj/F2SC9qHvaptcZbSgr/7xUOFvE
|
||||
ByRwIMITycaxVhPt9Ph8VyyhZzHfDueKFb0uVmPGlx0aP8X/hpiA+ZMtDfGfR+pY
|
||||
w68vCyLue7x/A6Wb5NSP/STvcgPDyT8cZRITNRLQEtwqAUHO3lSC+f7FEH47ehZX
|
||||
SWpSx3sCRFNJBFiA3GsPZTRXZmHrRIuFnCDm5I8p4qW1SfC+HV8BfQY8Qgo3ysuO
|
||||
m0asnFJPB2o7chZ7bxTVgOd4Vd9lJd6H8LQqNwSJBXQKNffqs7toU/RdVJJw4EEY
|
||||
0lzrfCDa0yPM4aIm3LSYBdn8JQe2SaS3WtdBphZvKc13r4ZlJ7RVJz+RiNGl4P2P
|
||||
OA1xgvqzd9OlqKD6Ulq3X8VgKSsskHyxfqbmH2SgLLebTg4Z1J6onkh+SdRCkgRk
|
||||
OJRacZiJdGPbJhQeR7soqop/DDasUXchCcd86dL94kCLLjkMGtjPt50EHJ2LqaMe
|
||||
jgfh6IjmMmXEWPkjKqQaBZ8G8acfpArRZZzNznunyUsQZ7MSzScYn4CmR5rIgsRw
|
||||
/KRRInpY9cDSUJbqk73r5cjGIhXhjnKTCflN8/IE2QJILBK+uaAd6p01ks1kw1A2
|
||||
thSvRzcmiSEH/RvETeOIXY4z5PfxxGaQi/+o4RRY3NydTnvqYsMhi6gQqLBKiyXS
|
||||
UQH+UjVTas+BdcpJ+Lqn548/BgCRf72YFMEQgsyTfXsaCYF1iW0AmUyPjlsSXvzc
|
||||
CT5iSAqT6CIxIKW3BU10mEBSFOMrVhwxhtsLzJLZLWpWAg==
|
||||
=euNq
|
||||
-----END PGP MESSAGE-----
|
||||
fp: 4F9F44A64CC2E438979329E1F122F05437696FCE
|
||||
- created_at: "2023-06-07T23:27:13Z"
|
||||
enc: |-
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
wcFMA9XEenRNYVGHAQ//bSh0jHk5UiwadJNFpZTuEOMCgeMZQTmcGi93YZbQCOtV
|
||||
WcJF/qNjo4lZHeNqAAOxolU6tA2c4Kv1UO/XVNpOu3O+DNizEXG8gq9jBOPNxl2O
|
||||
1OTxLwg3BIdQjS7OvlP1q/3ZSD+8NinrWiHxICdgTVmC/JWmo4coTrqAyPgKgaJV
|
||||
yqzwhoQUfS6dMtHMdCSqFOjP64ZGcTKqJ2UbtBP/vFpGiSciyg1OYe6Wbyjjx2Kt
|
||||
WVB3MHhZSL5IKVwU/nYIP2ZZ1uugPRBLNKtmZjZWvl5heImAKhVf5WbVXwAExYLl
|
||||
m0Xeb8sYqHXNTOUvYK8CuyYwnBLz1BEBSeEMlLxzSZ+KAh7jkM9DTy8BN0aOempC
|
||||
Qtxt5X5bwITV2UBuCvFAog2+kguO8lX2l3nH3KqLsWGAD9adrJhGJVstI2N50bcV
|
||||
WLyAMNx6Wyb7p+JPS5qyJKfdvJWJJQp1DQmBaW49d6h/wVw2PinHgt4pi0ujum/0
|
||||
NCC3N1n7vTFP2SXHRGCgiZ0c7DQP3SHkKUh7QfOiB79lyuA7iapBhlXcuqhcUcVj
|
||||
gSXQTkCwD7WH/jzietSZD581hEe0NbUFlcnX6KjXg++HXXOV6ECZM4COQSbyqs/3
|
||||
LrBWku207kUypcXYoQR8cJFM83094cb84dJM1UuJ71fnrdeQWtvialmDcWCB82fS
|
||||
UQFOvgXY0jQTnc0GLSm9bvcoTu8AsJ5rGY/G/l5INtPa5+J6tlPWCcRArb3Ppt5V
|
||||
DcEKnT6QdA/4p5PooRmGQB7Wwrs9pQEnjmafEf7oJJy7HQ==
|
||||
=NMVb
|
||||
-----END PGP MESSAGE-----
|
||||
fp: 4B12EFA69166CA8C23FC47E49CD3A46248B660CA
|
||||
- created_at: "2023-06-07T23:27:13Z"
|
||||
enc: |-
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
wcBMA/Z87ylQaotQAQgAhIjff77caU9YPiV89NaEtqYbRSLwNLTopbI6Mkzfisss
|
||||
0KoFI9Iu1GKov7lmGyjyfoQzUQG8qn5pueCPDVyeFLWPtbtfZopIIsBoqTbQDxSt
|
||||
PfDqB42zCdf1XQWeKvNO74cGIkhYPDyvWE2z/JBloeVOhLL039t0RNgxRU1AFksP
|
||||
Xn10cfrxwsROPAzw4jMd3EOwxmKRuR1/SBav1B3HBfiYeyBAS7OLhL6Ah1XGWNC6
|
||||
l7HsdRmnrzeFRbENXRXlrKFAyTtxGgghNfANhYf2+ErbfGHUNvpvw1Xr06gExQRb
|
||||
UnyE9c70XKAgWseS6ilHpn25ojwp5Ta3m3KNUb2fxtJRAVGk8qcGkBDKdIbeYqZV
|
||||
pfbJyDNo5BAXAGzeEcPAxAHFBW6jrFpNDefkaMIZsm3gBsYL70i7HOPOm6Z2bbL4
|
||||
hjHEcr+rzDANAc1cuIgtHzWm
|
||||
=Ooxv
|
||||
-----END PGP MESSAGE-----
|
||||
fp: 9EA68B7F21204979645182E4287B083353C3241C
|
||||
- created_at: "2023-06-07T23:27:13Z"
|
||||
enc: |-
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
wcFMA9qJIVK2WMV7AQ/9HujZNSHp8HSGVqLvg3niuR+x9cYsvkSE0jEq/f2PM1VA
|
||||
z+qzcXV2ysBk9WZ8ubwLP5MNw6cGukdOT7wepXztMU2UWmBCDdZ7yjQgH3JhIcGq
|
||||
jKcqxzMRs91WqkvJNWrdwKnyGeOSd/ZYrXX0poqhZy9wjIjlKxdYfFwXYORwXzCA
|
||||
9m6dAqycqkehmNBJOs93QC2JAtrLP4WOVy0Llys+uoS8pWaqG4pDPpxM7WFFe70p
|
||||
/eXL9pRev9X74WCUdvWSUUDTy2orOgetsHWjzeP6swCEhllhtDnuQAdyH3y9O+PE
|
||||
Lx+I1n0Etlo4yBeBMp+kyxnlEy6e12PvknDy4+eFi4vBTkHMQIw0z7J+iZ/B1ACg
|
||||
XGeZTIAFHd0qJHABAVbb5vbTv9a3wdMxbfiIpzDgxAooka4zaXH4phMvAowx/L2Q
|
||||
k0eOrPCUHO7xYAkqj0/6SckWB82QCoGyyw6gOUdJgK1aqI6NBqok1u+Hg489R3Q2
|
||||
/m0Q5v2fD8Wejr8KjUc7eJwoR0NLlNlxKBmacAN1SZdu9wHVw4sAIlNALz/hZqvV
|
||||
BXK4TxmVJcSXjvTj5hOSKtcsHa4qDgTZuuUlHdsJ9Q8RyRaQZR2izoCecQHM5MtH
|
||||
9Lu81AYnYhR30e4GxxxhVsz6VAsojwTajBoNa3dB0y/Tgye7G3y8JZF7SSpXm7TS
|
||||
UQF+YNwXAZtHktefn4ugfoFD6d39uaSyWKDnHuhmc+39mD/I3ekIVQ0fnLcg2Qfp
|
||||
u72FaELVQU6yib216Yade7/DW1uuD3ppDa0as8EBQQYsGw==
|
||||
=W4Dg
|
||||
-----END PGP MESSAGE-----
|
||||
fp: 53B26AEDC08246715E15504B236B6291555E8401
|
||||
- created_at: "2023-06-07T23:27:13Z"
|
||||
enc: |-
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
wcFMA/YLzOYaRIJJAQ//YaO5qqVj9SypZx8bkilfggoZYNosv8wN8B0V5jNrAA9T
|
||||
TVu021ELVXAGGnZ/nqnf1TEuYebFye4Jc6NRh1r0GS1kjtBmqlSmuZ2IlrFdwz/K
|
||||
Cryi6JYel7Sh6ZBX8fqRJoac6KE1vTthr1GvxoJF89VWUxKJwNsqN90yTq3f0aLP
|
||||
3eu8YjF72fPoSzPifB6ze89BjxxOBpDhWBqGc/WbsCHFRK3rWsadWI0MIaJ1Lume
|
||||
f0or8HQfDSjxh6DTb6DHpV/QLxPfmgWQO1CuopB2MJVz5C9WBWkFNWPO1o5KM/uR
|
||||
hUxaj9Ak5N+ACtWUL8S8rT/T9XGY7NQMMS/WXCiAstyaXwhv0Lt8OefRaF5/RpG5
|
||||
2w+ZDGPFM1RTaHcwNY1slXy1MJAB58qM2UlID8jIOCpyctRlu8uuOY2niHI81L3K
|
||||
C5tYxVPRmvoFnYG5eiF6+YqUpPxZiTc4B8Rx8/gmRIzuaMjvZIQ9LWICpnB7tkxJ
|
||||
coumUVq2R8t0oY0b0hGpT9DEjEAvOlLlYS11YjN6cBF6X9BYdOH68NId/EebghH9
|
||||
dBrbRQ1nBOGRtK08vx689H+k7RM3D5h7DPSvYzku+1GPzaABCKxzGOGdBqtBF2Qh
|
||||
YIHK9NE9qL6YDQiQguWmVcyVEAua4cSd5JWcVbIk5i7jj93N65Xu6AvmG3TsMuXS
|
||||
UQE+ayMj/+frB4IkUp8FjD9A0fEzT3FcaDACTMJJup4zDOzsdgVK6fDxkRTpK71Y
|
||||
HmIDiMpGWBNUa5M93vWzk2iWmj5u3PKgHSTmWN7oynujMw==
|
||||
=f0sW
|
||||
-----END PGP MESSAGE-----
|
||||
fp: 91EBE87016391323642A6803B966009D57E69CC6
|
||||
- created_at: "2023-06-07T23:27:13Z"
|
||||
enc: |-
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
wcFMA7zUOKwzpAE7AQ/+JVSJGoklxiQ8Mjc61znOy4mx7Ufr8Z8MDWZaEGZU2RF5
|
||||
GQC2JNLfnCckW7Yhpzi7r+BgxUcUOjZK8SSEgxCwNdmtQii4AkoMC54ObLB2Zubf
|
||||
guMuByUR0zHEy9/fW7yaZ7rvIyUh87n/YwYYgJwBk5+o/S9xhN9GDdLmOLZXlp4P
|
||||
5ryLe3dHfVqQLtc3mQJN2WbbmZJRRYrC+/MAsZ82KQL/8jbxINaw9lM+g9g8KJsg
|
||||
UbldUd1PULPLttVwip9E8c9SMmW4xMYvSim6kV2mGDpyYybhna+4Y5xsF9gzKYQP
|
||||
Haf1evA/50m/vtZJVa/fwDM0vStDplBioxX9wpLPx6tHOUjpJ52UYlYlVFdoxTTK
|
||||
A6mTVe98JFZ9Xb2tkTiljzGITlZVhq+2rHarpX9DqXrl+y1UjLYyg6/RsYDDT6Xc
|
||||
Vf64TUVF66r33+HvYtojD9kG/EejfcbvXwGv5Shfyca0BeUjtnx7wsE0rWVZ5g8i
|
||||
f+uKQEffAycS2zQIDhz8EPdARMF4DbaKtAejV/Q65WUGKwNIpdYHClRN6HyH89hy
|
||||
0+pRu2ANSOznnzyWJsjer1anThE0trUU5L4T9recgCC6xWlQoumMVeLcbO0KIOAB
|
||||
H9ILe1LozGPqN+YZAD9l+OhIv6X5rckfH3oOGcMe0P7XreI+Z/ihQ0JH++or973S
|
||||
UQE98jCRWp6pfgV6kHgIbqDOf3gXslEeMYG0De56w2eI2wDxGtQVNxBVPEa7U5CJ
|
||||
xU/9WgISfvK9LlW+311hW3flDYGqADJsfl/CNJcaDDaNlA==
|
||||
=h1xD
|
||||
-----END PGP MESSAGE-----
|
||||
fp: DD0998E6CDF294537FC604F991FA5E5BF9AA901C
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.7.3
|
|
@ -53,10 +53,10 @@
|
|||
url = "https://www.google.com/calendar/ical/grhnk1uaotql6gv2dkf9ldmqjc%40group.calendar.google.com/public/basic.ics";
|
||||
color = "#A700A7";
|
||||
};
|
||||
# palaissommer = {
|
||||
# url = "https://palaissommer.de/programm/?event=all";
|
||||
# color = "#7F003F";
|
||||
# };
|
||||
palaissommer = {
|
||||
url = "https://palaissommer.de/programm/?event=all";
|
||||
color = "#7F003F";
|
||||
};
|
||||
kreta = {
|
||||
url = "https://www.kreta-dresden.org/kreta.ics";
|
||||
color = "#BF3F7F";
|
||||
|
|
|
@ -1,108 +0,0 @@
|
|||
{ pkgs, ... }:
|
||||
{
|
||||
deployment.mem = 2048;
|
||||
|
||||
networking = {
|
||||
hostName = "tmppleroma";
|
||||
firewall.allowedTCPPorts = [
|
||||
80 443
|
||||
];
|
||||
};
|
||||
|
||||
environment.systemPackages = with pkgs; [ pleroma-otp ];
|
||||
|
||||
services.postgresql = {
|
||||
enable = true;
|
||||
package = pkgs.postgresql_15;
|
||||
};
|
||||
|
||||
services.pleroma = {
|
||||
enable = true;
|
||||
secretConfigFile = "/var/lib/pleroma/secrets.exs";
|
||||
configs = [
|
||||
''
|
||||
import Config
|
||||
|
||||
config :pleroma, Pleroma.Web.Endpoint,
|
||||
url: [host: "tmppleroma.hq.c3d2.de", scheme: "https", port: 443],
|
||||
http: [ip: {127, 0, 0, 1}, port: 4000],
|
||||
secret_key_base: "lcOBbHZPbGMkpfifPgn5UwUNy0twrSnZplGYceWQ6JZtG7vaUu0QpKy/vGkBVi2o",
|
||||
signing_salt: "Li+Voq8h"
|
||||
|
||||
config :pleroma, :instance,
|
||||
name: "Temporary Pleroma Instance",
|
||||
email: "astro@c3d2.de",
|
||||
notify_email: "astro@c3d2.de",
|
||||
limit: 5000,
|
||||
registrations_open: true
|
||||
|
||||
config :pleroma, :media_proxy,
|
||||
enabled: false,
|
||||
redirect_on_failure: true
|
||||
#base_url: "https://cache.pleroma.social"
|
||||
|
||||
config :pleroma, Pleroma.Repo,
|
||||
adapter: Ecto.Adapters.Postgres,
|
||||
username: "pleroma",
|
||||
password: "ZSfzzg93MGLmEBrkKY3H//k2nhWTJZq4IBi/mDaIU9HcGE2gXdLLfSnak+Y5mpyj",
|
||||
database: "pleroma",
|
||||
hostname: "localhost"
|
||||
|
||||
# Configure web push notifications
|
||||
config :web_push_encryption, :vapid_details,
|
||||
subject: "mailto:astro@c3d2.de",
|
||||
public_key: "BIRoExJLLKr8qu5CjOcbEvv55DsxvcQrVhCmWKtKoYVi6uZRp6dL7V4_9zdyouolg60wKERt1wFaLr8v3BuZckE",
|
||||
private_key: "hch8xAe2KkkpvXKTC6ybwxGJqhfFUPMFNU1ags5dgWU"
|
||||
|
||||
config :pleroma, :database, rum_enabled: false
|
||||
config :pleroma, :instance, static_dir: "/var/lib/pleroma/static"
|
||||
config :pleroma, Pleroma.Uploaders.Local, uploads: "/var/lib/pleroma/uploads"
|
||||
|
||||
# Enable Strict-Transport-Security once SSL is working:
|
||||
# config :pleroma, :http_security,
|
||||
# sts: true
|
||||
|
||||
# Configure S3 support if desired.
|
||||
# The public S3 endpoint (base_url) is different depending on region and provider,
|
||||
# consult your S3 provider's documentation for details on what to use.
|
||||
#
|
||||
# config :pleroma, Pleroma.Upload,
|
||||
# uploader: Pleroma.Uploaders.S3,
|
||||
# base_url: "https://s3.amazonaws.com"
|
||||
#
|
||||
# config :pleroma, Pleroma.Uploaders.S3,
|
||||
# bucket: "some-bucket",
|
||||
# bucket_namespace: "my-namespace",
|
||||
# truncated_namespace: nil,
|
||||
# streaming_enabled: true
|
||||
#
|
||||
# Configure S3 credentials:
|
||||
# config :ex_aws, :s3,
|
||||
# access_key_id: "xxxxxxxxxxxxx",
|
||||
# secret_access_key: "yyyyyyyyyyyy",
|
||||
# region: "us-east-1",
|
||||
# scheme: "https://"
|
||||
#
|
||||
# For using third-party S3 clones like wasabi, also do:
|
||||
# config :ex_aws, :s3,
|
||||
# host: "s3.wasabisys.com"
|
||||
|
||||
config :joken, default_signer: "u3DwPUxgU1n2v5DQT6lBt1p1hzq1E1YfIFUoADArzY2ZGRMt1trctw5tfAa9HmNn"
|
||||
|
||||
config :pleroma, configurable_from_database: true
|
||||
''
|
||||
];
|
||||
};
|
||||
|
||||
services.nginx = {
|
||||
enable = true;
|
||||
virtualHosts."tmppleroma.hq.c3d2.de" = {
|
||||
default = true;
|
||||
forceSSL = true;
|
||||
enableACME = true;
|
||||
locations."/" = {
|
||||
proxyPass = "http://127.0.0.1:4000";
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
|
@ -26,4 +26,17 @@ _:
|
|||
];
|
||||
in
|
||||
map (x: (x // { addr = "0.0.0.0"; })) listen ++ listen;
|
||||
|
||||
hqNetworkOnly = ''
|
||||
satisfy any;
|
||||
allow 2a00:8180:2c00:200::/56;
|
||||
allow 2a0f:5382:acab:1400::/56;
|
||||
allow fd23:42:c3d2:500::/56;
|
||||
allow 30c:c3d2:b946:76d0::/64;
|
||||
allow ::1/128;
|
||||
allow 172.22.99.0/24;
|
||||
allow 172.20.72.0/21;
|
||||
allow 127.0.0.0/8;
|
||||
deny all;
|
||||
'';
|
||||
}
|
||||
|
|
|
@ -1,5 +1,46 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
{ config, is2305, lib, pkgs, ... }:
|
||||
|
||||
let
|
||||
# _____ _______ ____ _____
|
||||
# / ____|__ __/ __ \| __ \
|
||||
# | (___ | | | | | | |__) |
|
||||
# \___ \ | | | | | | ___/
|
||||
# ____) | | | | |__| | |
|
||||
# |_____/ |_| \____/|_|
|
||||
#
|
||||
# errors such as:
|
||||
# mod.zeroconf-publish: error id:47 seq:349 res:-2 (No such file or directory): enum params id:16 (Spa:Enum:ParamId:ProcessLatency) failed
|
||||
# are harmless and can be ignored. You most likely want to restart your local avahi-daemon: sudo systemctl restart avahi-daemon
|
||||
pipewireCfg = contextExec: let
|
||||
pactl = "${pkgs.pulseaudio}/bin/pactl";
|
||||
in {
|
||||
"context.exec" = contextExec ++ [
|
||||
# should be loaded by "server.address" but that is either to late or razy on 23.05
|
||||
{
|
||||
"path" = pactl;
|
||||
"args" = "load-module module-native-protocol-tcp";
|
||||
} {
|
||||
"path" = pactl;
|
||||
"args" = "load-module module-zeroconf-publish";
|
||||
}
|
||||
];
|
||||
"pulse.properties" = {
|
||||
"auth-ip-acl" = [
|
||||
"127.0.0.0/8"
|
||||
"::1/128"
|
||||
"fd23:42:c3d2:500::/56"
|
||||
"172.22.99.0/24"
|
||||
"172.20.72.0/21"
|
||||
"2a00:8180:2c00:200::/56"
|
||||
"2a0f:5382:acab:1400::/56"
|
||||
];
|
||||
"server.address" = [
|
||||
"unix:native"
|
||||
"tcp:4713"
|
||||
];
|
||||
};
|
||||
};
|
||||
in
|
||||
{
|
||||
options.c3d2.audioServer = {
|
||||
enable = lib.mkEnableOption "Enable PulseAudio and Bluetooth sinks";
|
||||
|
@ -8,14 +49,19 @@
|
|||
config = lib.mkIf config.c3d2.audioServer.enable {
|
||||
boot.kernelPackages = lib.mkOverride 900 pkgs.linuxPackages-rt_latest;
|
||||
|
||||
environment.systemPackages = with pkgs; [
|
||||
mpd
|
||||
mpv
|
||||
ncmpcpp
|
||||
ncpamixer
|
||||
pulseaudio # required for pactl
|
||||
somafm-cli
|
||||
];
|
||||
environment = {
|
||||
etc = lib.optionalAttrs is2305 {
|
||||
"pipewire/pipewire.conf.d/audio-server.conf".text = builtins.toJSON (pipewireCfg [ ]);
|
||||
};
|
||||
systemPackages = with pkgs; [
|
||||
mpd
|
||||
mpv
|
||||
ncmpcpp
|
||||
ncpamixer
|
||||
pulseaudio # required for pactl
|
||||
somafm-cli
|
||||
];
|
||||
};
|
||||
|
||||
hardware = {
|
||||
bluetooth.settings = {
|
||||
|
@ -62,13 +108,24 @@
|
|||
|
||||
nixpkgs.overlays = [
|
||||
(final: prev: {
|
||||
ledfx = prev.ledfx.overrideAttrs ({ postPatch ? "", ... }: {
|
||||
postPatch = postPatch + ''
|
||||
substituteInPlace setup.py \
|
||||
--replace '"pystray>=0.17",' ""
|
||||
'';
|
||||
});
|
||||
|
||||
python3 = prev.python3.override {
|
||||
packageOverrides = python-final: python-prev: {
|
||||
packageOverrides = python-final: python-prev:
|
||||
(lib.optionalAttrs config.environment.noXlibs {
|
||||
# remove x11 dependencies from pkgs.ledfx
|
||||
pystray = null;
|
||||
} // {
|
||||
# avoid dependency on x11 libraries
|
||||
samplerate = python-prev.samplerate.overrideAttrs (_: {
|
||||
dontUseSetuptoolsCheck = true;
|
||||
});
|
||||
};
|
||||
});
|
||||
};
|
||||
python3Packages = final.python3.pkgs;
|
||||
})
|
||||
|
@ -76,13 +133,22 @@
|
|||
|
||||
security = {
|
||||
polkit.extraConfig = /* javascript */ ''
|
||||
# https://www.reddit.com/r/voidlinux/comments/o74i76/comment/h2z9u11/?utm_source=reddit&utm_medium=web2x&context=3
|
||||
// https://www.reddit.com/r/voidlinux/comments/o74i76/comment/h2z9u11/?utm_source=reddit&utm_medium=web2x&context=3
|
||||
polkit.addRule(function(action, subject) {
|
||||
if (action.id == "org.freedesktop.RealtimeKit1.acquire-high-priority"
|
||||
|| action.id == "org.freedesktop.RealtimeKit1.acquire-real-time") {
|
||||
return polkit.Result.YES;
|
||||
}
|
||||
});
|
||||
|
||||
// broader alternative if the above ever breaks
|
||||
// polkit.addRule(function(action, subject) {
|
||||
// if (subject.isInGroup("rtkit")) {
|
||||
// if (action.id.indexOf("org.freedesktop.RealtimeKit1.") == 0) {
|
||||
// return polkit.Result.YES;
|
||||
// }
|
||||
// }
|
||||
// });
|
||||
'';
|
||||
rtkit.enable = true;
|
||||
};
|
||||
|
@ -90,43 +156,13 @@
|
|||
services.pipewire = {
|
||||
enable = true;
|
||||
alsa.enable = true; # required for ledfx
|
||||
config.pipewire-pulse =
|
||||
let
|
||||
default-pipewire-pulse = lib.importJSON (pkgs.path + "/nixos/modules/services/desktops/pipewire/daemon/pipewire-pulse.conf.json");
|
||||
in
|
||||
# _____ _______ ____ _____
|
||||
# / ____|__ __/ __ \| __ \
|
||||
# | (___ | | | | | | |__) |
|
||||
# \___ \ | | | | | | ___/
|
||||
# ____) | | | | |__| | |
|
||||
# |_____/ |_| \____/|_|
|
||||
#
|
||||
# errors such as:
|
||||
# mod.zeroconf-publish: error id:47 seq:349 res:-2 (No such file or directory): enum params id:16 (Spa:Enum:ParamId:ProcessLatency) failed
|
||||
# are harmless and can be ignored. You most likely want to restart your local avahi-daemon: sudo systemctl restart avahi-daemon
|
||||
default-pipewire-pulse // {
|
||||
"context.exec" = default-pipewire-pulse."context.exec" ++ [
|
||||
{
|
||||
"path" = "pactl";
|
||||
"args" = "load-module module-zeroconf-publish";
|
||||
}
|
||||
];
|
||||
"pulse.properties" = {
|
||||
"auth-ip-acl" = [
|
||||
"127.0.0.0/8"
|
||||
"::1/128"
|
||||
"fd23:42:c3d2:500::/56"
|
||||
"172.22.99.0/24"
|
||||
"172.20.72.0/21"
|
||||
"2a00:8180:2c00:200::/56"
|
||||
"2a0f:5382:acab:1400::/56"
|
||||
];
|
||||
"server.address" = [
|
||||
"unix:native"
|
||||
"tcp:4713"
|
||||
];
|
||||
};
|
||||
};
|
||||
config = lib.mkIf (!is2305) {
|
||||
pipewire-pulse =
|
||||
let
|
||||
default-pipewire-pulse = lib.importJSON (pkgs.path + "/nixos/modules/services/desktops/pipewire/daemon/pipewire-pulse.conf.json");
|
||||
in
|
||||
default-pipewire-pulse // (pipewireCfg default-pipewire-pulse."context.exec");
|
||||
};
|
||||
pulse.enable = true;
|
||||
};
|
||||
|
||||
|
|
|
@ -81,19 +81,16 @@ in
|
|||
|
||||
sops.secrets = lib.mkIf cfg.enable {
|
||||
"restic/offsite/private" = {
|
||||
mode = "400";
|
||||
owner = "root";
|
||||
path = "/root/.ssh/id_offsite-backup";
|
||||
sopsFile = ./backup.yaml;
|
||||
};
|
||||
"restic/offsite/public" = {
|
||||
mode = "400";
|
||||
owner = "root";
|
||||
path = "/root/.ssh/id_offsite-backup.pub";
|
||||
sopsFile = ./backup.yaml;
|
||||
};
|
||||
"restic/offsite/ssh-config" = {
|
||||
mode = "400";
|
||||
owner = "root";
|
||||
path = "/root/.ssh/config";
|
||||
sopsFile = ./backup.yaml;
|
||||
|
|
|
@ -9,278 +9,305 @@ sops:
|
|||
azure_kv: []
|
||||
hc_vault: []
|
||||
age:
|
||||
- recipient: age1lccjvj9z8de4hfrdeumm9eu7awef4d9jygv3w7zdash3fhv6e53quy53wz
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB1VCtTS0c0bmhiV25xekdk
|
||||
cXBNRnh2cW1kV0QvTU5CWWZoQm5PMjRXN3dJCk5NSlBpZk1ETUlzNlBRS1lwcXlL
|
||||
SVcyVlMzT3RScVhFU0FYZUpKWFFLYk0KLS0tIE1VeWdtUUdBMHgvQ0x0YkY3ZExy
|
||||
eWNJQXNxdmwxSE9XZTJKbXNoa2ltKzgKSId95HNIOgMEYNN10zn27SmqPXnk8SDJ
|
||||
gcgYh4e9g2UxMGHfn3MHbwJDjh2l8O5jPeyNI3K++FoVkvR2hcfgNw==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1j2euh5qt4a7cvx0t93uj4n9t8y8tkv9h3nefszc6g2q7t7gvngxswhrve0
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBnZGxzdzZPbGRXcmViNUt4
|
||||
S1Vqa3ZwdGp0WDBNWXJERW1ha2lSRUtuRVhZCkZwQ3dDVWlaVmJVd2dHdEV1M0U2
|
||||
K3BESXdWajhDdys4b2lrSGN2U3ptdkkKLS0tIFN2V2x5TFUrdTJ1bmRTMEJMUEZI
|
||||
K1Izek9WZU9CZ3pIVzF3YWtkOHlvWmMKoKrudQIj2OzvEUuJv0++qzAzPiwbC+mN
|
||||
HbnbJ/YGOyjz/0IC0EIILg1+rb9RUyAzOOF6akRySiH6FNuzPnObVg==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBd2svV1ovdFU2SUVHMTdo
|
||||
SWg0U2Q4blVVNFBkbmxKY1Q0dlNqK2ZCcFJrCmV2YUpEOUFPeVlFVklHRmZuUng4
|
||||
SSswc2JnLzNKbnBzWUU2NnRsNWFodU0KLS0tIEU0c0tpV2Q1SUJ2RjN3RVVmYUt1
|
||||
bzBQUzNoWElMTi9sY0RMRnhvallnQlUK5xi2oEC0O+EWwfdQmZln4MlTZaiTNvwM
|
||||
GjJwL6Cn6oafQ97PUwoqtUDacsHVQS2wTW+7LTNOhkSd8PULvUridA==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1w6u8zjfya63q9rjfll98eegnfdsvyaspnwn802t2mxh47gt8p30q0kn898
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDSXozb3NqbDlXZmk1VVFw
|
||||
S2Q1L2phU2F2dDlyelRmZjRYNW83T3FGaWdFCnZEWXVscVNESDRyYU1DYUh2T2g3
|
||||
cEpVSGU5STNFSmxIb1JqN0I4QXNuOFkKLS0tIGlhK2ZiR3JMMGY1MU9iMlNmWEk3
|
||||
eU5YZW51QzJGS2pSSW55VzdtRmRrS0kK31Et8rSwDP+ruzbyNUa1U/jjAS9Y0PtA
|
||||
Yh6qB+j5JMHR7ByTb8qG+VcshH/oFGZwdVxQ8zRAArS9i1iHJuKNQQ==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age12n5k6c4rxp4mjnexw9uw83yp34sallt44kldupfmxr2xkppj8a8sdsmv8h
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAzZVlnRllWMVArdFhSaXVB
|
||||
b3pNajRhQTlWdXZmRFpYWHJzeVlWSDNIbkJnCitKVmwrblp5UmVLVkF4OC85TDZY
|
||||
RW4raFMzRVpqNlh0MFlGdGE1cXEyWWcKLS0tIE5aQktKb0JvWDFNd3hNVnpveHAy
|
||||
SjJJMmlFRVd4OU1vV2Q4eDVxTXVpL0UKm6UDRROD/GBqVWiaWCNNso5W2VE6TTfP
|
||||
uGjs8dvQupeBdTSNXTSf7hr7g9o2tFukl5+WIz1+Za4p4jKsJadNAw==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxTzlITlU3L24zcC9BbHlt
|
||||
OHVMaUUyZUhmUzdwbThYSytTR2VjRmNEM0FNCnhlTzNGMWkreGJHWDZFU0ovUFFr
|
||||
blE4Zis4YTVxOThuajZDZHFZZEhZSU0KLS0tIFk5Mlk5MzFPdXZtNXNDODFCcTRJ
|
||||
OWVZeE4waVIrTXplUHVSN2dkeTlzNlkK+5UYiogeJr10xKi8lFLawtqKJRbnV3U7
|
||||
zEuTa+tc7yBbQZTZHNhPTyYpuR+coSLnI9X0yya4KgnbNW6JSHVteA==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1jt5pj0c0fvmzg7quaucq4n2rzcx9ajzstp8ruwc8ewjpay5vqfqsdjaal8
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0SklNV3grWjVBUDNZMGo1
|
||||
Qm1makRqVUxnazhyNzVCVUlTVkg1bWx5MkFFCmxiQzRacWJvTWRCaDV6ZW5IbHln
|
||||
N1h6U0hIQm9uTmNhdWtwb2VNK2ltMncKLS0tIG5Oc2lHMXJaeFB1cTVBTHpaTVd0
|
||||
blNpR3pQNGlQVGpHcVplQTlCNE1NRjAKmckhn1HQAmj+FuMB4l2Qpb2Ovw7v3hWA
|
||||
e+QZlM8FSpMcs0obwJALFwGh6zFbv1Kikhh1x7vSGkVe8XpA755ELQ==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtZTdYaTBKa2tMRU0zaHdy
|
||||
K0RYUG1MblBrVE5lMXlLSmh4L1ZROFNnRzNFClNQSjMwZ3BaLzV5WGdnOGYreCtS
|
||||
VDF6VCtzZzFLNThveXlQNlQrbFVZR2sKLS0tIC9uc2RLNnozYm5PTjdRNHlQemZu
|
||||
a1JSYnA3d25pc0dOUjk1ZGpnT1JoUTQKCHHljS2QlngSnKcnCQshu/A26csvbk9p
|
||||
1bWzw1m1/WdWi9TwRY8SHt1189YOkgyE8q5aidx88/VgM0LL8UKjzg==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1px8sjpcmnz27ayczzu883n0p5ad34vnzj6rl9y2eyye546v0m3dqfqx459
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBOeXJkbFBOK2dHNXlMREpw
|
||||
Q0x4a21Ia1B2Y2d4dmR0TUROTW5RRjZkYVNrCnkraTBCNTR0QmdvRE5rUThMck55
|
||||
Z0o1L2k3WlVSeHhVZm4rTjFSa2g3MjAKLS0tIEs0MXo2YnNNa2JkcXY2VHc3WFVi
|
||||
TkpFMk5IOVNIVUFJM2M2MzZsV1RINHMKvJBZC+2fYgJ/uwVKQMW7cRLDJXTKgI+l
|
||||
FP8YM1+CfejkNvqepIF52nK1YMVSy5K3wqYWYv73oLo531IevnRmhw==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxSGJteU8yUXg0WWdZM1dP
|
||||
SUtyWVdQUWM1aDF4cFNkYXNjS1hXK0pFeUdzCmVDOHNBVzNiR3E3cytKMTRUY0JM
|
||||
dVZxOWFIV2lvclRIWnN2MUR3eGNPOWsKLS0tIGlTa0M5bmlBQjBPWnphZkd6TnMz
|
||||
OVNzbEg0a3ErdG1kK29hTVRUM0tpY3MKqHiGzV0j4Dk9xq9o2xkyqursuPkeuEHE
|
||||
D+ifnRCOKuoGMYBeIiNgNetYGxcCcj+aMFD6GMbNEaynjTaQPTAzKQ==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1tnq862ekxepjkes6efr282uj9gtcsqru04s5k0l2enq5djxyt5as0k0c2a
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA5SUpGdHRWQ3Jody9NVSsx
|
||||
cDN5dUxHUGZJNXFaL0Q2aWowdHlRS0RZd2lzCmRhbjNYOVVpT2hEUGdma1ZNVUM0
|
||||
dVhib3JYVnhmOEV0M0xZOGZnNC93aVUKLS0tIExJNWlsWERlQVB0NE9zOGJYK2h0
|
||||
ZDRGR3RQc3cya0YvNHVMcEcxRUZPYzAKcqMyNl6lRaTJPX7U9QpBE+rNIB9KK5XK
|
||||
W8G9JH6ggZ12leYeyt1Vv2JVDW28es/T+tKN646NVPo26OMadvBR4g==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBEN1BoMFdISHptSENZSnp3
|
||||
OWVpb2FhTExVN1hDVHBjNjk1aVpxcFhKd0JNCk1zVjJmNFRoK1UrbFZOSkxiWGRx
|
||||
MXVqZ1VRU04vYnpMQ3ZqYndYK0lkM2MKLS0tIFYyNUJ1YUtyUWx2dlFDRkFhOFU1
|
||||
bkVkVUpJOWUwdnA5SHd3b0RHWWlzbXcKXqNG3XGkioIJqkGED0tgjaplQgBSFvNl
|
||||
kg53DN36cchMKr++ajC1cIAY6dlkwyP7NEkIOk6pikUezgrQ6OTd2Q==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1dcpd6u4psq3hehjyjrt3s7kzmnvxd20vsc8urjcdv6anr5v7ky2sq9rhtt
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBERlNVWU5UVVlTNlpCMUo1
|
||||
Nnc0VlhDL2kydWRTQ1V4NVBWcHRXWmJUbDFZCkp4SmgvcTEvZzhXY3RFSkYxa2VN
|
||||
eHhzWVBvWExGM3djSHgxUTBQYkQ2cTAKLS0tIGtJWUxlT09WZ21UVmJ2QnBwTjF5
|
||||
Ri9WbXpSalNraEw3OHlYb1F5ZmNIaEEKh+FlWOJoKVoAj7dIqzsOIDku9NogKpiS
|
||||
9dPKAZF4+CV1lIgl8WtqW9m6KefkzMzU+xXf61O0vydBDORSb0si4A==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLNWFTWG5mVWY4d0d0YzIz
|
||||
dGRDS3AzbS9ocnJrcDRJMENWbG84UWhOWFZNCnJzSVdTMlBFdmJvaFhZM1ArR241
|
||||
ZVY5NHBFTWVLd2FXb0RxQUhqWWU5UzgKLS0tIGNoVXdqVWc0NmpPd24yWmtnVnZ6
|
||||
RU84R2lrVnE5bjFFME50UnpRdzY5Nk0K+yjkIxnh0HYU5raiydjZZqXOCzPqJ+h3
|
||||
j1MQZMD2R6nYi/on1aLRmqBCtYf87eqWv//kE0zSHzpVsOqcTApjLw==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age15vmz2evhnkn26fyt4vqvgztfrsr2s8qavd2m6zfjmkh84q2g75csnc5kr6
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVZnloK0o0cG1abG04eVJo
|
||||
dkVvM2doVFpoc2pWMTl0RmxEU3lPVWhWRTJBCk9qWm04cVFNWHMyL1BLK05Qa2hX
|
||||
THByc0lDMHlDNWdqRnhFeWtSZTBmWU0KLS0tIHpTMi9hVEQwMG8wWFpvbHVPWmpT
|
||||
aDZnOU1ubzZRU3habzhaVUNaNnl1VDAKGUIlFZL5/Mw6YbIXOYp4HQelNjMYXgbS
|
||||
byDkDHdgMCgXAxTGgB/iP+0WFJJQRQ5O5UxvGM7mHWnViFk91IH/gQ==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxQ0xFRWU0N1c2c0czV1hT
|
||||
QmtiQS9YbzJjVVlsSzl3dDlsMXh1NzRXZWl3Ckd3YjczaGI0VFVlcWY0NENPTHZm
|
||||
bnB4K1UvWE96VTZuMmkzemRmZFdudmcKLS0tIEg1dElDOW1CRGt1THRvZ3RQTWFV
|
||||
WGZrRkREVlptekMrL0VTbFFQYjhDMU0KmmVUcueqcpVqeuHO1wg2bK3uKHAFB56v
|
||||
2IA5SXgklVEbyFslXXbqkv3VZDjZjzidUB6ZLpzDdGvDdtdKRmo6pg==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1s2ww76ll6nclz74gny27tk42xfsepl23z2k0849a8jv8xpnmpe3shgunxr
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLb1NyMTlobWU0TDZXZER6
|
||||
VHgrUmpLeTl1WmVoYzRHc1JocWs3WXZUWENVCmMxRFVwZkZLZDdQb1FPRWM2TXpH
|
||||
V3FXZXk1VXJ3V1dFRWRrUW1aY3JXV0EKLS0tIGw1Y3JyblpJbUNLWkZobUNqYitj
|
||||
OHloTkpXdlRpWlJxOGxMNW5taUlqUDQK5wtfrKArGJYupIxgAGw+KkS7ELHxfpfI
|
||||
CwuO5IIEXast85CF+33uzIEzPPPu6n3CuQAo/Vd20695OIh30+/eOQ==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBaUG5XMmlXNFg3SDcwQit1
|
||||
ZW4wcU1JUjlUd09TV29aakgwQ2dsbE1Pa0VnCmNCTmx0dE44RklERXduRTZTRWQw
|
||||
elNFSWhGZHZYTDVuQ1JqcTRGVjZaZ28KLS0tIFNqa2N1Qk9kOTR5dGREd2xpdmhm
|
||||
LzlmTCt4R0J0QlZ1cHRrb3JTa0IzMVkKhAiGbtSIpnyJmHN8ukxOCBst0dUGhT8B
|
||||
tWtxjUJ4CM4TvaVkdHaPiNqGEB08DHQ79ZBNKbHAfUZYQxaSK7phhg==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1xjvep7hsnfefgxvuwall8nq0486qu8yknhzwhf0cskw5xlpm8qws9txc56
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBoWjljNDhuY2pDdDNsdzR6
|
||||
S1U2amQwbURldFZINDg0RXJ5TGNTTlBtc2lVCkxPbFZjemFUMjhNamIzc3hhVFUr
|
||||
NnZwTy9NOU5QOHp5akhhY00xcTViVUEKLS0tIFNpenRIdk50NDFUdDIvUzdHN2x5
|
||||
VGx1WE43Q2hWRXpid044aFgzMk9zVXcK3offsI3vSqnFQer+MjCtdHnyCN5ygNAy
|
||||
Jj+sXCht9LoiCUTN2BOa7MB8JxXNtnGaFjuYRzy95biyq9mukqd+cA==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKMkhSMDNiS3RNbHI4c3ZH
|
||||
bzNGQTBEN3Zadnl2NlMvK0dGRUN6M1p5REFzCm1RanpLMjRMUnFiNVpGeXk0Mjhu
|
||||
dWNGQldHeGdCQWtRUVZhYjdZRDYySmcKLS0tIHArWnY3K2xPN1pKQm0yMUs5NFoy
|
||||
Yk5vbEdPN1VHYWVkYWJZU2ZWdjZnN0kK76Z0VEtiNfxxluRflxGVxovO9J3LUn5w
|
||||
oFoctgpjME/Yj355feeU0qbgPo99OyXtIXkCxEPrNnGjZlNawgjpOQ==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age182ms3ygypflk7mtpemp4k4ks9rz4gwhvzc9jlk95u4py5q68ppxstzu2e3
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKTloxdnY4QlBaNmZ4anly
|
||||
eTRPR2R2aWJwU1ZUWDdvNk5GM2lWYjRsaGo0Ck5tVFljbkxnYUZGalJIS21Fci9G
|
||||
NzM1eTZSQ05SMkdHZ05mZXppcmNRT2sKLS0tIExZU2pGL2VzSU5qajRxSEFFQXVz
|
||||
Z0R0dVdDZUVxeDNVOEFPVDkrS3Q3SXMK3Z5EiJSK/1/JLJg7glX3pBjPBL0OLi6p
|
||||
qGHOZaiizrgZ+/yX9XA0ZRK2NkfOldy8zCWb4yBqQ2uyEFVKUVJGUw==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1kdrpaqsy7gdnf80fpq6qrrc98nqjuzzlqx955uk2pkky3xcxky8sw9cdjl
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBvd1RlMUdVU0FBTTJ0RURl
|
||||
TXVjbExZNWZvcElyZ2JzR0RTMGdhVG9mV3dRClZ5bVNTWCtRejNtbXhmK2lXcGsv
|
||||
NzR4RzFsUkcrSlpFODNaazlaamU5L3cKLS0tIHB2S2YwWjJMbWF3QXQvcDJNNFdr
|
||||
YUxRK3VxRXRWc1VVbTFDUFlITURZWFUKmVIlwGIZnV83gLehh/Bm/zGH5Usd3GCL
|
||||
toa4Ru7Sni12kZli34qWZQ8lEgWDlvm0v3g2r36qN7sQnWp82/+C1g==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtRzNBNU9CWElzakk2cTAx
|
||||
OWJzUHZmM3BLUkRieEQwOThOUDM2ZWdzdEg0Cmd1RU5IdUIycGNHRDJXdEl5dEI0
|
||||
TDdBcGJpWjdQS0RmNUhvSlVFcXBOVlkKLS0tIFpoNFlRamF2ME1oUkEvQTVUejU5
|
||||
Sk9yVHBPVFpMcHVmMUlXNXlNaHk0MHcKorriZmZWjlbYB8wmyQL0mOpHhK7IUuxJ
|
||||
BagH0+vETZcFutnmGrkctCp5JxiMEr4TUkG8zdU2coaq1dU0l4Y2uw==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age12aukzah0pt2rck52hwn08kezyxueqz2f49ld7hpyuzmu847vavdqkunn5c
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQTTYwY1d6ZnNSWXMyQW9k
|
||||
N210aUIwSjlESmlFVEhOVFFJMDdERHdialRzCllveVIweTBkZlZDSElFd0pqb2pu
|
||||
cDlXaXlldGhtN3FtMm1IUy94WHpJZzQKLS0tIEdTWmpmMDc3T0kxRjdYdXA5SVA3
|
||||
UjBTdVhaWDVtOGNUSGVJTDlzQXhVemsKgFP8fb6PKJGj+C4/zABlEy3hXSd37U6j
|
||||
2zAezxZyFCch2vHeIHgyteV+4hRtOgAwMT3wpetEV4Q5O5YX4BqaRw==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJMEFjRERaS0NtcC9Tb1Zk
|
||||
YWhGSjZRNittaVhkWkNEWWxUMDFCZ0RHeEQ4CithV3dubUg0cWxpdjZ4ZGh5aS8v
|
||||
b1NKRGRsQzVRSjA1S3E2Q2p6TWljNVUKLS0tIHFzenVLdGpLcmx4RXdCNTdaVDlv
|
||||
Uyt2STgycHdKNW5rcERjNWlyaUU2L0kKszUfYxFXeLppZ8BJdmhrZuxJvZkRq+w5
|
||||
u8wKHdcSQfb8hzCJ696fsw/CMcGDRjqnIRiabRe3dUetRzl6tkMDiA==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2023-05-16T23:43:55Z"
|
||||
mac: ENC[AES256_GCM,data:OAFdTBgFBtobgRR8WTQR+hfByJBeTM1t4gBxjBmcm9rClz2XgDuFQ/rDYRYEoAEKXoztCZhRqa82DSFsEZkaseaMOX6NeGlcsnXGKHzAmjRJrtEdYawpbH6i0o4r9kTBeMbjzCkP6NhxfjY6kvwMAgmUjzj7sQiSUgOLpeZt9tw=,iv:NTQuU4lN2LvvPKT/IpUQlycTaQayqgHEqFHUCWw4dME=,tag:VFfeht6E9xTL1+s7pt+hAQ==,type:str]
|
||||
pgp:
|
||||
- created_at: "2023-05-21T22:51:07Z"
|
||||
- created_at: "2023-06-05T19:07:50Z"
|
||||
enc: |
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
hQIMA6j84+xkv3y7ARAAj22jz23fuNTyPpxLR0a/Q410BBNQL39O0cboQWLuxbQU
|
||||
/4sm27NjSEzsmJRycQYUuR2n1jE3i0Mozprj9sQVPpQKMtw7iKouN77rFbu+x0Cb
|
||||
0uQ4Fel69POUQ/NPALhDgTU7TOkG/i8iJY33dHuoM52ttJJJit8R7vaI4GptZktx
|
||||
6izdOPJc+m6KVWUTeuAXKe0EpbaY4x57qfvh7UqvWqnVvR1vztbKSL7GRxuq+DCf
|
||||
cNMVYh3rV6YBRsxE54OcYpgNjDeeVt4uqWDvTM+pFxgg9eeqse1Y0c1hFwEw/1FH
|
||||
uJyKYqQCl1KJuHmYS+L7wewsbmZtLsi+5wjEoFXcSMM9VpUTmYdpyTy1HhAxSNnK
|
||||
Q1GutTPDV+J3EMY9rnJFZmebjq1kdyurblmXHRLB0rMufJuyPoVL4t3FWZdR1zMn
|
||||
2Y6KeoweP0m/kyqcBcmDatqfzvBnaPwvNzZbnkMIwjqZ95ZfatOy3P4V8+YgxYLP
|
||||
Z9ws/BcVeCSSo/SW7WiQWpZOgQ8PRu3r/NaEfsZzOz612P33DKVLXJYjb9tD7e2s
|
||||
soMPC3phtk3LFVkKGMQmkusUNcrfVs3XS/4Uj4YtsEc+FESeh9mYFOMyMz40NgKl
|
||||
SMp/Mimty3zpqZflQc7hMpNSOFj4lFjhJZBUhOp4dIzQjbTKapFTmYYAp8YyiH3S
|
||||
XgFkEzLSPGQjZdE/GwUbvbhwqb8v7IJ/5cA0+z6ZLiVxwziC6xBy7t766NaF4/HA
|
||||
nqiU0YePsdOW73R/bsafytm8Ve+HLmJjX4RyBY0o1i6+reHpIHIZrOr+d4IyB5s=
|
||||
=Auu+
|
||||
hQIMA6j84+xkv3y7AQ/9FNmPwjvjeySYpGxvb562JGaeMC0zHjFRJXvU8rlqGsSV
|
||||
A3aIczVzF71EnCZ7hBcwq54l2JMv9ZNCMRAl8+7rQkQYAhx7QQprfvofOOnbn1/X
|
||||
K8J4Oeg8p09zA2xiah1HExCV9MWVbeJqqHJMlvfhTcaCNvEpYVNmQnP87Ucfx/n2
|
||||
xWH430WFx2o9/7BPj7HGAIDWRO5o9Nsqxhq3lEl3BvEm1PTu3pXoMe6if0odoo5O
|
||||
yvpIXHkiHimfUnmStsvIwscCMkkZ8Ay3FArW6XpioZq4hNOLqEKRMTPtE/DDJ7MY
|
||||
aT6Rib0bUIAHGUi1r2k2mAuV+a7x3MYPIW4U4NrKZmD15FxgwY1ZjItVAvzPck+e
|
||||
SOcBhxZYkw/KFwbJyG5CveuWdq6vQq/V4fcQyHaKchkI38p0zFe3me8KCg4tFaYn
|
||||
/KsWm8fRjGEY0dIq1kkHzsRs7UKNBFP9wd6ZAsNbl1J52i9IGti5wO1sYKCCcdf9
|
||||
gLiTQ4tN4E3vCGuXN66Ns9kwkJKn63utEW3BuvOKXm1CytofaplNbtIqp1o11+Js
|
||||
buLi6qtwrmsFi02taJILVqdvcJYZQ2F2h7IvioTWVxUOA2P8myDbtuUS10uDl06j
|
||||
KQhFr4HV/idQqvfRLGHa5+rXHpfYw663kATJ8H2svBl5zBDxgj+yC+EpkxgtJyrS
|
||||
XgHMO/ueuOMkiOHjMxKbPRoBUtmIG8Ow26sU5s5mrD//o5c/ymeRYu/VAWiILMny
|
||||
gtdiQlJNNvZ4qED3hQ7rhAySRlht9bD+rH25qXu0UAb5lqPU0kvR18TiIZmITwc=
|
||||
=4zuW
|
||||
-----END PGP MESSAGE-----
|
||||
fp: A5EE826D645DBE35F9B0993358512AE87A69900F
|
||||
- created_at: "2023-05-21T22:51:07Z"
|
||||
- created_at: "2023-06-05T19:07:50Z"
|
||||
enc: |
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
hQIMA8zMZ+ak7y/zAQ/9F5Hn9iWehGjv+B1Kyjaalo9SLwlH2MC3siVXD0onaUFu
|
||||
o4NijY0jPFlwKNJ28CLcGgiH1ECodYGjLfn4tGfciE0WB7VBaJVF3T+8GXtawwFP
|
||||
XwGl8BVrK4ykDJMyeVD8pXBdvukls4CXgFKwyh27lwqwQMRA6YyZf6/V+eNXGZqi
|
||||
0nAnjW/hLCroiM2DEuo57yAl3jVL/v4V0nGK417RxEsG/f6+naKTsuvNcfcK7YLy
|
||||
fjB4zM0Prky5aWdluClcHaLGq7JEQheJPrknjgj7uQDJ7XZzKDV+7AuCVqsVbADO
|
||||
v1Of+JZv7aquWj6ZUvE8qrVXuokW82pj5ClFJARNzm8N0I2N3U0opEp26JL9wv2F
|
||||
wH9Ip3gi8h/tpvO4PeTS56uTvlu8nFzUsK8rzApZjpZVsb644wVa4oFB6casQxD1
|
||||
0BDBDrqO4Wb7XWPBzAxf4xAAV72aE4InpXU3IkJtV4pU1EJ0xbxGwPcAKt4yta6r
|
||||
XzjC9861RQjt9vTNVVXXFF7vyjYf0a30pE2bYYnDZDVWUFVOXGofVmvlkTYc9nm7
|
||||
Q3WbbRRH7lzajGwJGsgkLBPH/llweAoOg+DhL4tlw7vhFsAk2/38ZJXxTkwym2Hi
|
||||
KHllON1sUSVefJ3mGDm3Mu3o101+cWDx5NHdeSV1tOSBQDPTqyqsTwiiXIEN8MHS
|
||||
XgH1WQO6sq4+njkFyIRIW2rVN9vGuphGIMFpWlXcgmdq7COZslPs0QuYrAIXsw4V
|
||||
s3UhFWkCNeAjuoUR9ZDCxdeAXOcUVVcTe2RIOgUNu5iKcgntMhPAaVqjxQuw5Po=
|
||||
=NQGe
|
||||
hQIMA8zMZ+ak7y/zARAAsqlV023cUfNfK5+T6HtGX6HU1lXUARvp8Gw8FAVAc54J
|
||||
l0Ly1jmYkZamJt2dA1jScmH+jom9h9LyTABOorxQjvplXosPu1sf0uQJu6SL+ZIG
|
||||
rbPJ93TZ/c1MBoQuI51PQk4RltBTXCHYsPA/y7kSJP2qv25IwPPTf9DaGeJxPRbA
|
||||
CLmHEqmCxErY+3Lq0PjNMtiXDVndmXWoxHMSM0NCxBfK4UKnK1ne54u2YxhV7rlb
|
||||
f7u+eevIf1SAVP9pjJ4jie+LrfjcnrT5SEDxT5G06KgSv4yozumNevbR5V1uPFVK
|
||||
HuppNRB9MEqFlsNawUuEQ0GWLwa6IcdCrpBdq2e23f94ScWS6RAywNcv3U447WU8
|
||||
zZVgDG/2MBV/eNvTwOODmqyk5q0LHRcWRuq4a4TUc90dYtlWYZl1R8ke2TCCF8DQ
|
||||
oKbtFZGxsVrA+Kddh9qI9AuzEhY5YgIU4Ln/8g6OkCB13/UqJk4AQnqdawE0DY/7
|
||||
6w2dm+gUhZXmInAE5FRz2mW27tr/Xr3+0HV2ZLzyxjcRJ7GMVOlw6uuj2TORBmEM
|
||||
3ioTfPTIF5XATp8LjD3/OaveayX3ck0cqrp7FAqXz/YyFMvJHTf4nLvnbr78wBLM
|
||||
lHwZ/llqjXcJMJN6AcWyHHR4xCKPFnDClRKWZPlvH+iviFGDW5vc8qdkRqjO2lbS
|
||||
XgHkXe4OgpLeUYwQWuOvjBckvw8Nxw2q+3v0spuFd3Cs8ZSrD78wynciy9RRF6dx
|
||||
QGWAsO0JoL87xPJ4q+65KHz7LhznzO3m5v1m80gjPVo67HHi50ZaqgFm5JaqgAU=
|
||||
=xKNT
|
||||
-----END PGP MESSAGE-----
|
||||
fp: D4E89C6A0A58EE803EF708EFA9B23715F7AA3F1A
|
||||
- created_at: "2023-05-21T22:51:07Z"
|
||||
- created_at: "2023-06-05T19:07:50Z"
|
||||
enc: |
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
hQEMA45bZkLXmBFpAQf/QQ6b4K2zLh2hj/3Zk34lB4qzMAq1UxlDWSz0TMbbbzrd
|
||||
nes3jJPKpQgIkUx0Nmmtu4ueipi8eDU6GJI/dLDio6rtZEToYHOFOAAbD7cZUDrh
|
||||
IgDW3bqFm28hOR5yQXg3F05dUpC61MmdjJi8LUoKP6pNcuWkkxHxfcZrZdJnntPg
|
||||
PSGqy+YFAXhO2untnS6+PdAgPWJO/9Fgrk2jsLOU3eeR+1oB+IrUxlxqSFp2Gj9x
|
||||
4aeeiJG+kaCBTMi3SNEO5Wqe8JybHg5us/dTU3GqPYxPNYKDxpCzH92CIjT6eVj9
|
||||
AVraeuCN/1eoE6Q9JyXxKqscTx/3bEgmIBKZ8FJ2AdJeAV8rYyAjQZuv6N+qM15Z
|
||||
6iMor98bpPJ4+BzKIHdUKGga7jP02y4cT7mJRIayx4P2xG8wqMKQbGAYbQz31UTU
|
||||
bs7IxC6zFx2UBe71fSOftR4gxgmR0an6Tm9CJbsxtw==
|
||||
=QJ0A
|
||||
hQEMA45bZkLXmBFpAQgAlLyUxz2Ty9KSF9epRqInIDSwQs0i8AzGW+F3lC7DBdR9
|
||||
0fnfcwKlxKcU4aMn9waP3q450p2iq51j9RL0h2WJceBTJMLArhGHWqy7SNOgDivP
|
||||
djwmu56b4ANVi5fBkAfS7uL7wgXspc3SfA3FkmlnH7HolUGFXYNFEwMD5nvYXRSm
|
||||
fLTjyRcEcrQ8fh1hXkvqI30vKGV2hD/M68Lnk7jEjE9LpBLpALNe16v8i/dmONdL
|
||||
gVkTjogfuQfTqkbBZNEWN2wyPW3Gh1hKypo8r41cDrFZVeJqefLALcv4zY1cZYxW
|
||||
Guu3XSrPa3E0Yn1jvVtTJ6KW840u9L89ULyRHa4WxNJeAb1x0ceQF3ZOSoAPzZLX
|
||||
LsNi1s1IsHENPqnbFwdhFhzNfPcrvWGRQEIatijZpkt+CyjyrjAHJpM6zJYbr1Xu
|
||||
8q+fMn0hrNI3SxCCzM3rykmuNiwIjF/DK0Glstl7XQ==
|
||||
=dUKt
|
||||
-----END PGP MESSAGE-----
|
||||
fp: A4B0F5A80C2E2448A97BEC25BB829C4DECA6CCB9
|
||||
- created_at: "2023-05-21T22:51:07Z"
|
||||
- created_at: "2023-06-05T19:07:50Z"
|
||||
enc: |
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
hQIMAwMCBBrc/JA6AQ//ec4F75cSeN51D93IA/AYA4xC6luLG56j2+VWhzIK/9bT
|
||||
2vhmJ4aoWjJq5uokLhERlk+SnAous1Jw4P3vDlVcSD8EJMIx+8ZnCe3/nPd+yIiD
|
||||
eqGIdyzpAfNzNYI0Ce1Ts2X8RQtMof49LjX3IulvJJ2IbYJPIulK3LQSOHm1uHfK
|
||||
LOZTKMyHTHP1EhDUdNOCFSIbSVpaArk+9Od9AtE+bwgVM88GbGdovRPw7pm+L1P5
|
||||
4ZeMd9O4GaVBFohi6DfN9vlllT9GDA4RbnmhbvpQ4GqUm6Vn5nrjkVpzJqmQngPb
|
||||
20dssId7fuHBAiV+j4UrPBK+M3sTBuU9yBmaKUvRnficqmazgsFQIoODAVjD/Klb
|
||||
/MamuBGY/syc/sFJSKgMZCduJ2uN5aqKIpjfqnKwSUiaogxVKa5QP1LJlWAizKyk
|
||||
Lk2yl2XT83ERxdWd8IEKt8Vm/oAng2ADRiX4V0uIGZU+Wx4Tu/RAWKgdzfz1vAcE
|
||||
rySfIBjmhyuz+BBQXdOdLhfnQ1k7AYZGH+zn9X/nvMA3S7Q6QiciTumdxXqyOg7S
|
||||
PHO9uyUU8kJaXOoGbwYo2DgGAcGAYICgJAerBibwZAYiqTFdU90HQh6A8rK0JXLL
|
||||
E/ujPUgFu+XvbIIAj/qr0KQgUqOGR/k9KMw8LvFy2TWYMaCHDuKpwgM0/02OurXS
|
||||
lwGV73VKrbcj5dTpLUZh0F4d2AXK+9gWnmCjuwCA5GuY9R8I0tLGhwzD8YSlXdvr
|
||||
pVug8wticmP/1sGZEHWtfVuHLRslCRsNH7jY+KDlOIHs+uM+LjGt9osOz9rtP5cG
|
||||
2XQz7vOwpmTaV/Gtps8rQT3/3PuKfkCspf5DvgxNfiQQwIhFA1bUfDtFjCXezwSH
|
||||
wCo7o91/zn8=
|
||||
=fbns
|
||||
hQIMAwMCBBrc/JA6ARAAiGs3PZMAiMYqO4TuZSf6lBSs/9FZ8kYaPf67BIHqnmlp
|
||||
LqtvEbSC1OI53CX4gzOLH8E8vtE+NuND9XPSbzWS4L9n4X0qZhDes5BwzVCR7X8l
|
||||
a6wuas+AvtfIrq/Sd4bt2r/a8kJtHGoylJJaMn1Z8oTwRzUoB8KlGMmzukucOkkh
|
||||
CSBH8gqnoPAUgCTT7VfaDxwCZFphmY+fYz4BOiCY37UKAXb4yAuHizM06QbnZq5k
|
||||
n3U4z5ucBwtWcr6Wv+X1Y2eu7Tlg//XuWAYyoMkKv/uiB5MNTp0+9DD+qZi3tqit
|
||||
szMk0LyxecnWeohKAy4Y/k3tyfQQFy/BCj5srCWScBtxByDQiXTWNWaN9XNis5Dk
|
||||
HBSpbxpPC0GTHCpbn0rJJRdrNLBcK920n6e27QBDUxCOE4RtQMZ4n9ggtGHMBU+s
|
||||
q8mN93oSflZAZ0XL45Yw7TX0k+aFIfX9iHg2hQPOioDT5PbOgLTHK43/PsIlVuDx
|
||||
2GTV86xR34piQK+V7nP4Y2e4Rc+5Yy5H4g1gdM27wiBzqCbLjjNkJ1cePL3d3Gko
|
||||
eH0g5CG7vNkpfi0AtEpE0uYZeIjSRP9qZlpemtdOqz2sTX+x5pfFS/7mQVpd+Qz9
|
||||
4mJQ//Todf8BxiXOqnSiRQKFt8uo9QLTFFDmNNWK4v6VvM90gGMWF7TThjw5D5HS
|
||||
mAGI6oyJZygfiLh5vSs2opoTFP/4Xxd3An1M8h17HYVtYym9m7Kbm9By7EDFgjmP
|
||||
dREhtf9ut0aEW4YJ6jx7lJY+LkOIW0tWi9CP5NH0pvGd300bgVCLjuAaXBkOPaa5
|
||||
fz79s1YMQ2+DLHe+ODgP7hnVCt8f08bQ+a1LfmXaIOtaiNBFxuZ5cVu2LBC3hfOZ
|
||||
h/4RnCm1ybl+
|
||||
=TmpY
|
||||
-----END PGP MESSAGE-----
|
||||
fp: 4F9F44A64CC2E438979329E1F122F05437696FCE
|
||||
- created_at: "2023-05-21T22:51:07Z"
|
||||
- created_at: "2023-06-05T19:07:50Z"
|
||||
enc: |
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
hQIMA9XEenRNYVGHARAAzA6akuP1mkn6l1Ap0xe+5hIPNNm5BfRAraZTVErZS6wg
|
||||
QlQxkM0ZAcwUrPH0Cj5a7J5LnX//bzTzzmHLtC4APL9wSYRG7KPx1X8i6urOVPDb
|
||||
C1DFgjRW4O3Knbw6k7yVgKzPLlf+Ysh/uzyILizupT1vDah7pGR8nUx2erjqedzy
|
||||
0iUL0v9P2vJh8zXv0C46NOyUy31o/A2opddHLGqlBLa9ak+AjO22RVCSdI3FKk8g
|
||||
3moEEeyxUrrKz661lPOyf+Qj4NFyQuG8hrsVwPlMmUFleDHeJ+qbvesTKHWvHsYC
|
||||
a2xeSTgzX7i/SLukcBBi11aPjYyQb+XZOfM6EAyVRmkLsApkb3640/BWyOw3FsYV
|
||||
+0W79xs2BJK4ZyvtB4OvdWp41p+utAbushfJGrMLfD4wjcv26RXAiald8FxgrwUo
|
||||
GhdA32P0VFJcTW5juVFW3p9DV+nSbtTUXyuvooegvT0jzTKBSlEz1twP6y0TdZ3+
|
||||
a8eacy3124mPMUM50hy3/elzAFTORWrMvYqC2KywosngNBIKhhFUidxqssUajNT6
|
||||
nO9Kc/bvRPsDY2avyD4RRuen6yIs9bHdGx3lxudSZom8L8LsxF+jk4wOpIhFAEHk
|
||||
Kubc8C33eWIUOBN/xrM9lipR159B4dxaVhjugeiXRFgTf/uENWDfB1DZ3Y7TZlTS
|
||||
XgGLRMoCxOcIavIn9YxXLl1qmv2PO4ukEIOi2VgvoqgyGeAAZdUW5fAPefs5LZdi
|
||||
F3Yt4307oD8MoFK12QJUZID6esQjx686WWiiqEOCRiWJj5UsLTC6/4T2I47+Uwc=
|
||||
=gNXa
|
||||
hQIMA9XEenRNYVGHAQ//bT3i8RoQzWDN0jLRdzAD9HQ1/evOiSosTYlETDqkolCF
|
||||
PjwmooqlgaXwFfLTJ6h4jsYA29LcGQggzwSLaA/mGf9HeEgkMEFNT5bI0SQtsAJ5
|
||||
9/uLnlN2aW6g/dJyIDVdUFtihUKNBVefF3varK2XwLscIjyZj4YLo/j/eH8SL4iL
|
||||
vf1zhQ/D/OlU5jS3R8FYKvoMFeIxwQdj242q+PGvxgZF6T4opubfDQc4tjQMdx8H
|
||||
6IMtDAG4WfR+T3HSZx2gz11z5Rr0oKgTzn1D9c3BEIwTaX2h88wTzvziMGjbRxlo
|
||||
Tz3Ldbyn9cavigz+wASi+BmILVmm7M7e8rzyZUOJxvJd0zvYT5UeZRq0xGmMjH/C
|
||||
smbLCDZRyjG4u0s/ggz0ItXkusXSjt7s7y/1oy0/W1H1VxsiYJ60/0wceFR8yMLu
|
||||
ZOmJGTmkE8Dpd4fPdRqZlEtBUJ4f9UTRT12I7rR4XEovPEUMKeck+jkx7A2kXn/J
|
||||
bBmADR1zlXNnzOjtYLqEoJMynDBNrQwKuCdNm0ixdx/9uo4p0MmXe+MMxK97jgpe
|
||||
SMIfO5jhXFoPqxqsc+2ilzzaCNKRndQXRSTRs2PRVeqTKKPp3rPEjCVo0h4F/FQu
|
||||
Tpqf8mXWdimwuFelaVsmQ5iQSDE1GhHYr3fbS9Ki7iCS5IUdi5ptf6i6EKJOUBrS
|
||||
XgGV7wmVfsEVg5b6bfGSEbAaB6rNMTs40ZIOj3xoR/4FnhvKhkklve43KWVad243
|
||||
7M22JVEEudpBl9Lc8iSTCgAMQdJKOKgU5XZJQ0tbhJ1/6TtOVBHD5L/GlZimPHU=
|
||||
=K5Yj
|
||||
-----END PGP MESSAGE-----
|
||||
fp: 4B12EFA69166CA8C23FC47E49CD3A46248B660CA
|
||||
- created_at: "2023-05-21T22:51:07Z"
|
||||
- created_at: "2023-06-05T19:07:50Z"
|
||||
enc: |-
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
wcBMA/Z87ylQaotQAQgAorrdBEubsaIC37kx+bo79Rv7zAOadlyIErthzjWJgCra
|
||||
cw1r3WiCEFXRg/d21GwMFeiPtMCbAemF4Q+/sJByw88VjRazGnA2cCpc8FUXZsez
|
||||
WhGfARQD140TytyBzQGt6x2dblLsrUyi5cUaSZ63LCQYAyBh2g2m+rt6Nc0n+72U
|
||||
pKOa4GF0I9HrWnXGKmlQBVfwoBDPNw/MUcP64dXWorar482p1fCwazimvww5/QlB
|
||||
J5ggG/TRZM//5FSkO+W+PSOdkNLBWjY24jmUWDB1YGeU86awM7bHr+db7hiooOlI
|
||||
JAXhMd5NrEGlTk5veeRAcnbdUXfqs1g799JWMbVfwNJRAWoFNJ54nB3jJ4rN2KHk
|
||||
GVS0ed7+D+xF5e+K9Eq1zb9p4LTCJQGPt5zAZe7VSRhUvT0GGz0n2QhTr7oiG1E3
|
||||
HAK8Hq73YmByhNI332CCTqmQ
|
||||
=vX+P
|
||||
wcBMA/Z87ylQaotQAQgAiCrJv1b2bMgEOq+L6bznzuBa1fgCcxzBdscWqYTzENpP
|
||||
F7hHtHuO54mfiNsNKyvo72VYS6VMNgmoiZYvmwvTaEMp5awocUYm62ie9Dl7pbkK
|
||||
GabxbDqV+vCJOE10xzf0jnWR0GhZSbZVSXj1JYbQRTDCgpEA3ddLBD47TaaotDXB
|
||||
qnyhV6UnqOPTSpp8bUY4IauTueoHgoAfvUclOMXAFFBHVj5sNA4ydD2fMwbqfLLc
|
||||
cCcZ7c5SRY0ZbzSoeMp8pHQ62hi7IswPBUEkJNb1le2RbQbBXqfwlG+TGpDlHZA+
|
||||
SDDoH7iByD2MYLKGL4G3Iz54rWYHIepR4aTQ2XoIOdJRAXk6mQd46c5JqA1ONYEt
|
||||
2vHCowb2ykcdrOxmuoHl1kmplI/Ue2GeBX8GaOd9UaxxK1RjjZSyIRQGmVqlGHQN
|
||||
cNeep13UQJnVUjpBHSDO/Ol+
|
||||
=bvaj
|
||||
-----END PGP MESSAGE-----
|
||||
fp: 9EA68B7F21204979645182E4287B083353C3241C
|
||||
- created_at: "2023-05-21T22:51:07Z"
|
||||
- created_at: "2023-06-05T19:07:50Z"
|
||||
enc: |-
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
wcFMA9qJIVK2WMV7AQ/6AroDkAJe25B4EpfNflslL29Erv616LddHF7GAXYMD0oU
|
||||
zi/c/PDM9Kfu2PohFVksWTioFshaC4EAPRzS2xM4ozQej2rGl0WkHwjQEkuXCYFm
|
||||
lCk3AcYEx2K/xGqvZSVCuwgeRSa9+DtkvTw0UXe3jz/vQ6FyqAXMWrSelGeneAlu
|
||||
8altkU3xRct6XumIqV2YeSlcv9CpbXleqXndggCi1x9kitxwWkE+y05Vn+m26Rjd
|
||||
uY81tcRgbuuNsfHSBZoq9+pPpJ/4bRR4wktHII+wjwCqryFzpteoaDQ9dAWPwO3E
|
||||
n78eZbKMZxE21WXQ26XMdRiSdexXvLZeX4Tznuqg7F8LQ77vnaW1vQfAcnhxrlDc
|
||||
jGAlD0pb9Oh9vGMeWOookoRGM7WMImCFvxkFakEcyUtSAAfX0pf++hksFZMJrEYj
|
||||
WOfvYmmEELQtWC8CEdDKOb/7DhwMlHImMJF1w7UYyzcbnOlDBY4JXrIfOcpY5ztY
|
||||
bBT5D2Ihz2UvOgIk4IozhJDfba+eCbqzo//2lMDJrS8qcocK06IIenuhTsjZi2Os
|
||||
q+/xhwSQZR0yu3VoEJQZKVS/ejMXsEt3pcCM32UDYq9kq6UAin1/gZ37NPl0w2MM
|
||||
vw/P5J3aqevS1aX+HUk1ANQOaopZxeqPgDowAtq9I3r0T9LpjwaM91f18JsnW6zS
|
||||
UQFJwMmvBNbOVN7xXv1mUb5OYGxRldLb6CRSs54k1RJW2WLgy54wo23dAN7VLBR1
|
||||
fju2hOCYOSWRiX3o6ekBWHuIkGPo3gFsiWflL3T1KGoYHQ==
|
||||
=B+Io
|
||||
wcFLA9qJIVK2WMV7AQ/4zIJz5IgPCCY9Pll/jLH6nTqif9ZRV3Yd26wZBiv7JNUh
|
||||
4JznoA42rkcNFfcwfIxkIDHFgxU1Xv2jaZ4aL4PubSyjYUGS/n+9IOshiWA2VV+s
|
||||
HALjZKIKt3RMUXPMNiUS5jNGNyclhQKHzkR/FLRpTFtsWXxh/Pu7fsviHsyP0VxY
|
||||
tSIzUnqw4FdPIYj7v8eIat/zryzAH6Ogc+hSTJ3uKoqFWs7AjauycrEaDYakBCOs
|
||||
bq5X2pAE2oODm4BUMgan38GJQi4JNcpd7MHNvZfdCVD/Ksn0urZSPZIJz8HegATB
|
||||
8X7BuFFRjYQjwEBDlm14MZ8uq2VeIggb5j+wJdybhOfcHaqgSZIXqEwpQ3jr7j1+
|
||||
eKvfBepe4D74gqH2lKZ4Z/r0pQR8YqW+23xHxGaxfdrGLSs06cBkWdE39v4eizxH
|
||||
g2rDLIdrjTDu+puY6iS0jUpd2SQXh5wqblBg3HHamTWCRF0aDpbZKhNiD92lZtVt
|
||||
b5USsmtWLdX2cFH/R5/vkD9rbVCbUHo1aeQ8QggxBDHj2WqSHf0HO5FIfrknJzH3
|
||||
yyL5WGNhq8XVCxqarrjtjrgtgs3GXJFjB8NQeYQh3olIHn2lTKiqyij+U3I7qLW0
|
||||
1xrPo23nslNYouK3ZI8T2ipLr2nLZMCQxU/cdnYhf5IDlLcY5LrW9ASN1RfhtdJR
|
||||
Aew2nBFoqOaOzLc9rdM700LXEs/19Ao16J46XUM3YyUuwxB3LNJxfDkqaf/nK8Jl
|
||||
w2BUq1iT1FDWJ0p+7w3QgsMkxaZYEke4Q5GaTM/VZ1q3
|
||||
=TlcY
|
||||
-----END PGP MESSAGE-----
|
||||
fp: 53B26AEDC08246715E15504B236B6291555E8401
|
||||
- created_at: "2023-05-21T22:51:07Z"
|
||||
- created_at: "2023-06-05T19:07:50Z"
|
||||
enc: |
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
hQIMA/YLzOYaRIJJAQ//UCtVD+TiabB9yvCv0HvyY2OaGIGtZOTr+izGb6KJfGPs
|
||||
M7vz0bppDTBJo3YiXj37+wRvIwK7bESQHvbWiFdqEadqJBHMI7NXSOdWvbVLFuAN
|
||||
+fXPEVsupaGcUTZpCLQS+mZrVFYgLE4yMs4JSu5roL6tu7y04+1PtGiYoF0QNRuf
|
||||
auLE6ItdZ96iJWe/OFK9VRKFtX4mbjOi/Z9+1nBasJAaAXb2AtVr2EBbqfx8NYgR
|
||||
NTdMvE9zbcaHxiw4eGWWAeJSVcSloP7BvN+eQe8oE7ivg55+DgmFE8o+/O4TheMp
|
||||
LUMa2vykQN/JWo6K0AYv0y37S5N+YLztdF9jw3EUZ015BhlzbQvy2Rc/pIoOFj6p
|
||||
t16Kjaa752RpK4mDTmkiha2yoSL6aHZUnpGzpeV2jiTUVIktYHo+7ISp/jauDFAu
|
||||
1ONtXJji2CLW6eM2VrIIkcazzYmCbnkkTekg08r4W/btzKSeQNZ96Teqz12Ag1eA
|
||||
F2HchbHGYARwo491UlkMXKbtqso4OIuVIyks5HApbdS065NReozQWPNQtGq8ISVe
|
||||
bAXoHDrmX+0FS+jdj8+zeWzb0CfNq8fX3Jjk1eyjUv9Q5ClEHOvh9fbmfzUJTLkm
|
||||
lxpoK5s1CxKsEbP+vwlfd4lRSM6BRARZRHUy4msScfpHhyJ5UwCIkBfmFyzw+FHS
|
||||
XgFfZL2BJdtXXTReiVJd+HR/KA3HIBXJcqYZ8vt4+hzYOnwwScaoLT8dVxtwNksC
|
||||
Tdtk1lO2lK/C3OEtexhrkmUCYCxQceauYtkwYX4Q/va8t4o2eyAdnvoHejxQTwk=
|
||||
=/Y5m
|
||||
hQIMA/YLzOYaRIJJAQ/9F0Y0q7ZWuHF1Ck11iNMDIuuiaMwbWTgq6mmCp2VHTuKP
|
||||
LBkjihQfQxnJbkqllY6v2Q4Bo2g2HnPzUDDFkxJUzYaoIGcNNL6lnY02Tb0+asVv
|
||||
gJGBbTuYNGaHNNo3MQOVi3GHp+YjAQFWFi3vXDX0HP/+eJsxVShYcStRU9giyaM5
|
||||
4DZ9P1ti6I+Y2344QdyUm6ERIQROkFdBd94FeLLSaElXKpljgAemXT6hFx1Ol09p
|
||||
FUgfDQJZrTI2zjrPP0twvnX3W2DS663JVnmW6EgZNA3Zd+wS8F6D7OLlTQsy7hpb
|
||||
KETG6BKMpB7jCagXV08ylL+Ova0JnGvBPudAnW+Tg2afmZWXq5eTRw5xbwqxxPOH
|
||||
aZMCwnq9fqJvPIoR3vOlZsjj5uPv0L6iwntp5l446qEzbpBhuctY27ij6d0KYrA2
|
||||
SwEFqPMKnTyi12pfwM1xv8cw0L0FoCTStRMaTofmlDBfvBh0N+FHUsVLGyXsqXiH
|
||||
7O3i53Ijaj+ybt/v+OfKl1MvIzUU2aVw9VFrZWht8F6Hell80bilobL9lkQnuTjs
|
||||
ohfc/nHMtttsx1F9f6NWlWQ4QknxbjkaXeLGjfviykDmQH9VSNcSjttzTXdp2JG+
|
||||
qNJGBGqNyHUuU7QbBV0b60WiVh0UXjFY5I1KW+82PLby0QRq0hue0ugoFlgZA3zS
|
||||
XgEBGeIMv+XJXWIZ3JBecJiOGoZ+a97uTM5tbSURlKJTmNMz5DkR/hHtzohCoeyt
|
||||
tF3cB/+Rn+M5J/iOAZLGdp/cjznLBmMyBIQzRBCw5SFYkZO6Ist+Fl4ZtpfYmUA=
|
||||
=zkFg
|
||||
-----END PGP MESSAGE-----
|
||||
fp: 91EBE87016391323642A6803B966009D57E69CC6
|
||||
- created_at: "2023-05-21T22:51:07Z"
|
||||
- created_at: "2023-06-05T19:07:50Z"
|
||||
enc: |-
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
wcFMA7zUOKwzpAE7AQ//c1rrZEnkBY/zxsR8nR75Rd8f+h7emqjnwkQkEsrI/ZvB
|
||||
CHXhy0nWEeBS0sSxnI0B4yGRmeUoYmoC3GFcyxvuv9VbVTjOn7zGLix5eTT69i1v
|
||||
G2kclTY9N9q+IqcBLFGotOmEYtdbo+pnuFWZhMKyl2522O827FkAsbh9TtvUthfQ
|
||||
I5BE/f4wR4Mb2zsIVSvq8iWrCx9+KWlgjZo3+X/FlHu1QWdaoXWBgq6Bv6XnLZRa
|
||||
OmtH2xKnQEXMVaVE0I/CWqh66UWRPFbNEfxX0qkMmorgmvd54dkk5XI39a1qF5Y/
|
||||
TLIm0x4Qs+auwxawM57NCPK1Z2PixX8mR5rE0xckKAMbzcosOFIWnob7y5188k3U
|
||||
f1G65DySPf9FBekAxqYNBBrA5v+w+W8n7lfHXz2EzcSHwwLuz67W5bkD8bBBDWfR
|
||||
1dBUXtiYa87gA/ZTgwpd2P14dMTZKzjWhmvjpVfFXE4lyz+ZilF5Cw61kA08J0Gr
|
||||
219Dmi2TB4mRm97Z58aR8ro55BnVU6yE0e7uCxR7HOuFq9nYQ+l7ilie3bq7266n
|
||||
dFg6riLcrmtHNX4X1HV2L/E9P02ve/ybz8BzhWRT74OedD1Uasyg3fcQapllw/ek
|
||||
YtJyNElxOH+egxoDuxRUhfruYuv3gengl76cAzz3vQCooI8asgCSuEdvQ+WaLa3S
|
||||
UQHer1vyowr4o5lqP2T5JE5h1vcYcoTb1mq2bHV41OUuqnMBfTysor98pS0WP07R
|
||||
9IeV2eirnOmfRYmneIXnKT/u+6gF4mjg2GQoGGDBdEU0rA==
|
||||
=qWRQ
|
||||
wcFMA7zUOKwzpAE7AQ//UAenuwR/veLq3VWQThJH77EpgdbKTqV2xPOXBO4iR+wj
|
||||
RHA28/rueyNDqVv7ep4rYcQ+qN+Vt2dkR4Zn28h28ndyGCxtXKF3V1qhDdYp8z+X
|
||||
acodjt9vboCvHajkR5YCMoQkv8sb4MJvXP+VwvkbjmiXkzpY2DHRjNAVr76M+5yK
|
||||
I0xU8deh6bRKj9r+F1U+oKiVRwSdwHei/IWVY76LAaT/VYmWf87GnfnKmmmHHxxE
|
||||
74NtndW3NBWX8A+of53KAEJ/E8Ls74ky4I5TwfPXLKFiLJjE7AN4GX0AW83O1Qvw
|
||||
UoMvgLXIA21UJUQx3m7/qWPLMBxMngxS00IL2MEzUzgfl+OmGBP0tk50otVlHJDS
|
||||
fvR6DCWJiS7G9i+OtN1CmHNqRvzAgZ9dwcd6NhzFrYWi3pzbo+F0KRW5V5Fmqvij
|
||||
QAVm/uCMojUtrrYNCAGA9UxaYvZiHG5nc3cAmfqYCDgZjUlMVZ5C+LxK/cAXUQQC
|
||||
VLxc1PbJkRE6npam/XpewY6irEpcFXW0gsAmTdexUN4beel3B5pcCEWXGtaGDwDr
|
||||
ffsxXhgk/A51EqJvZJzn4eKqH5J2qoGNJvpqn8quwGF5gDpQNH0P117HHpwG6Ipt
|
||||
kUcfPOwy7gb3i4jGnlVCMzlcnJ3tRePhnXSAGdV8rjfWxOhfJ3lOwbDeSaxzUpfS
|
||||
UQGbQWO7K1Bd5TUMH8xXladHum+pYtTvIBUQjdVj9XXVXiinfBXUS6L8FMfd8OkA
|
||||
MC854+d3CCkoJPk8jnxKNan34Q+xsMK4WX1RsUotwVH+4w==
|
||||
=tCRU
|
||||
-----END PGP MESSAGE-----
|
||||
fp: DD0998E6CDF294537FC604F991FA5E5BF9AA901C
|
||||
unencrypted_suffix: _unencrypted
|
||||
|
|
|
@ -40,6 +40,7 @@
|
|||
};
|
||||
|
||||
environment.systemPackages = with pkgs; [
|
||||
freeipmi
|
||||
lshw
|
||||
pciutils # lscpi
|
||||
smartmontools # for smartctl
|
||||
|
@ -49,18 +50,28 @@
|
|||
"kvm" "big-parallel" "nixos-test" "benchmark"
|
||||
];
|
||||
|
||||
powerManagement.cpuFreqGovernor = "schedutil";
|
||||
|
||||
services = {
|
||||
# just assume there are ssd's everywhere
|
||||
fstrim.enable = true;
|
||||
smartd.enable = true;
|
||||
};
|
||||
|
||||
system.activationScripts.generateInitrdOpensshHostKeys = lib.mkIf config.boot.initrd.network.ssh.enable ''
|
||||
system.activationScripts.generateInitrdOpensshHostKeys = let
|
||||
sshKeygen = "${config.programs.ssh.package}/bin/ssh-keygen";
|
||||
in lib.mkIf config.boot.initrd.network.ssh.enable ''
|
||||
if [[ ! -e ${initrdEd2219Key} || ! -e ${initrdRsaKey} ]]; then
|
||||
echo "Generating initrd OpenSSH hostkeys..."
|
||||
mkdir -m700 -p /etc/ssh/initrd/
|
||||
${pkgs.openssh}/bin/ssh-keygen -t ed25519 -N "" -f ${initrdEd2219Key}
|
||||
${pkgs.openssh}/bin/ssh-keygen -t rsa -N "" -f ${initrdRsaKey}
|
||||
${sshKeygen} -t ed25519 -N "" -f ${initrdEd2219Key}
|
||||
${sshKeygen} -t rsa -b 4096 -N "" -f ${initrdRsaKey}
|
||||
fi
|
||||
|
||||
if [[ -e ${initrdRsaKey} && $(${sshKeygen} -l -f ${initrdRsaKey} | ${pkgs.gawk}/bin/awk '{print $1}') == 3072 ]]; then
|
||||
echo "Upgrading RSA initrd OpenSSH hostkey with only 3072 bit..."
|
||||
rm -f ${initrdRsaKey} ${initrdRsaKey}.pub
|
||||
${sshKeygen} -t rsa -b 4096 -N "" -f ${initrdRsaKey}
|
||||
fi
|
||||
'';
|
||||
};
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
{ config, hostRegistry, lib, pkgs, ssh-public-keys, zentralwerk, ... }:
|
||||
{ config, hostRegistry, is2305, lib, pkgs, ssh-public-keys, zentralwerk, ... }:
|
||||
|
||||
let
|
||||
inherit (config.networking) hostName;
|
||||
|
@ -67,7 +67,10 @@ in {
|
|||
# Deployment user for leon who also uses this flake
|
||||
leon = {
|
||||
uid = 1002;
|
||||
sshKeys = with ssh-public-keys; leon ++ astro;
|
||||
sshKeys = [
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJPZoT83l0ogbJpviBs4VmO+NdF4NPtYAnyf8RRSoXsv leon@leon"
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIANupx+diz5N8sGZOc7ZXopyPh9HaML8M7Qh70aVVIaJ leon@leons-Air"
|
||||
] ++ ssh-public-keys.astro;
|
||||
home = "${skyflakeHome}/leon";
|
||||
};
|
||||
# Deployment user for neighbour Andreas Lippmann <andreaslippmann@web.de>
|
||||
|
@ -89,7 +92,8 @@ in {
|
|||
deploy.customizationModule = ./customization;
|
||||
|
||||
# Ceph storage cluster configuration
|
||||
storage.ceph = assert lib.versions.majorMinor pkgs.ceph.version == "16.2"; rec {
|
||||
storage.ceph = rec {
|
||||
package = pkgs.ceph_17_2;
|
||||
fsid = "a06b1061-ef09-46d6-a15f-2f8ce4d7d1bf";
|
||||
mons = [ "server7" "server8" "server9" "server10" ];
|
||||
mgrs = mons;
|
||||
|
@ -97,6 +101,9 @@ in {
|
|||
rbdPools.microvms = {
|
||||
params = { size = 2; class = "ssd"; };
|
||||
};
|
||||
rbdPools.microvms-hdd = {
|
||||
params = { size = 2; class = "hdd"; };
|
||||
};
|
||||
cephfs.home.mountPoint = skyflakeHome;
|
||||
# Legacy: migration to rbd
|
||||
cephfs.skyflake.mountPoint = "/storage/cephfs";
|
||||
|
|
|
@ -9,11 +9,19 @@
|
|||
|
||||
boot = {
|
||||
loader.grub.enable = false;
|
||||
kernel.sysctl = lib.optionalAttrs (config.microvm.mem <= 1024) {
|
||||
# table overflow causing packets from nginx to the service to drop
|
||||
# nf_conntrack: nf_conntrack: table full, dropping packet
|
||||
"net.netfilter.nf_conntrack_max" = "65536";
|
||||
};
|
||||
kernel.sysctl =
|
||||
let
|
||||
mem = if (config?microvm) then config.microvm.mem else config.deployment.mem;
|
||||
in
|
||||
lib.optionalAttrs (mem <= 2*1024) {
|
||||
# table overflow causing packets from nginx to the service to drop
|
||||
# nf_conntrack: nf_conntrack: table full, dropping packet
|
||||
"net.netfilter.nf_conntrack_max" = "65536";
|
||||
};
|
||||
kernelModules = [
|
||||
# required for net.netfilter.nf_conntrack_max appearing in sysfs early at boot
|
||||
"nf_conntrack"
|
||||
];
|
||||
kernelParams = [
|
||||
"preempt=none"
|
||||
# No server/router runs any untrusted user code
|
||||
|
@ -27,11 +35,11 @@
|
|||
|
||||
hardware.enableRedistributableFirmware = false;
|
||||
|
||||
# required that sysctl contains net.netfilter.nf_conntrack_max on boot
|
||||
networking.firewall.autoLoadConntrackHelpers = true;
|
||||
|
||||
# nix store is mounted read only
|
||||
nix.gc.automatic = false;
|
||||
nix = {
|
||||
enable = false;
|
||||
gc.automatic = false;
|
||||
};
|
||||
|
||||
systemd.tmpfiles.rules = [
|
||||
"d /home/root 0700 root root -" # createHome does not create it
|
||||
|
|
|
@ -8,11 +8,20 @@
|
|||
};
|
||||
|
||||
config = {
|
||||
# just all the microvms from this flake that are supposed to run on the server
|
||||
microvm.autostart =
|
||||
builtins.filter (name:
|
||||
(self.nixosConfigurations.${name}.config.c3d2.deployment.server or null) == config.networking.hostName
|
||||
) (builtins.attrNames self.nixosConfigurations);
|
||||
assertions = [
|
||||
{
|
||||
assertion = config.skyflake.storage.ceph.package != 17;
|
||||
message = "Please pin ceph to major version 17!";
|
||||
}
|
||||
];
|
||||
|
||||
microvm = {
|
||||
# just all the microvms from this flake that are supposed to run on the server
|
||||
autostart =
|
||||
builtins.filter (name:
|
||||
(self.nixosConfigurations.${name}.config.c3d2.deployment.server or null) == config.networking.hostName
|
||||
) (builtins.attrNames self.nixosConfigurations);
|
||||
};
|
||||
|
||||
systemd.services = {
|
||||
"microvm-virtiofsd@" = {
|
||||
|
|
|
@ -44,6 +44,7 @@ in
|
|||
CREATE DATABASE plume;
|
||||
GRANT ALL PRIVILEGES ON DATABASE plume TO plume;
|
||||
'';
|
||||
# TODO: update to postgresql 15
|
||||
};
|
||||
|
||||
systemd.services.plume = {
|
||||
|
|
|
@ -36,7 +36,7 @@
|
|||
];
|
||||
};
|
||||
|
||||
tmpOnTmpfs = true;
|
||||
tmp.useTmpfs = true;
|
||||
};
|
||||
|
||||
hardware.deviceTree.enable = true;
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
{ config, lib, libC, pkgs, ... }:
|
||||
|
||||
let
|
||||
cfg = config.c3d2.hq.statistics;
|
||||
|
@ -7,6 +7,7 @@ let
|
|||
!config.boot.isContainer &&
|
||||
!(config ? microvm);
|
||||
|
||||
nginxStatusPort = 9100;
|
||||
in
|
||||
{
|
||||
options.c3d2.hq.statistics = {
|
||||
|
@ -14,50 +15,50 @@ in
|
|||
};
|
||||
|
||||
config = {
|
||||
services = lib.mkMerge [
|
||||
(let
|
||||
nginxStatusPort = 9100;
|
||||
in {
|
||||
collectd = lib.mkIf cfg.enable {
|
||||
enable = true;
|
||||
extraConfig = ''
|
||||
FQDNLookup false
|
||||
Interval 10
|
||||
'';
|
||||
buildMinimalPackage = true;
|
||||
plugins = {
|
||||
logfile = ''
|
||||
LogLevel info
|
||||
File STDOUT
|
||||
'';
|
||||
network = ''
|
||||
Server "grafana.serv.zentralwerk.org" "25826"
|
||||
'';
|
||||
memory = "";
|
||||
processes = "";
|
||||
disk = "";
|
||||
df = "";
|
||||
cpu = "";
|
||||
entropy = "";
|
||||
load = "";
|
||||
swap = "";
|
||||
cgroups = "";
|
||||
vmem = "";
|
||||
interface = "";
|
||||
} // lib.optionalAttrs isMetal {
|
||||
sensors = "";
|
||||
cpufreq = "";
|
||||
irq = "";
|
||||
ipmi = "";
|
||||
thermal = "";
|
||||
} // lib.optionalAttrs config.services.nginx.enable {
|
||||
nginx = ''
|
||||
URL "http://localhost:${toString nginxStatusPort}/nginx_status"
|
||||
'';
|
||||
};
|
||||
};
|
||||
networking.firewall.allowedTCPPorts = [ 9100 ];
|
||||
|
||||
nginx = lib.mkIf config.services.nginx.enable {
|
||||
services = {
|
||||
collectd = lib.mkIf cfg.enable {
|
||||
enable = true;
|
||||
extraConfig = ''
|
||||
FQDNLookup false
|
||||
Interval 10
|
||||
'';
|
||||
buildMinimalPackage = true;
|
||||
plugins = {
|
||||
logfile = ''
|
||||
LogLevel info
|
||||
File STDOUT
|
||||
'';
|
||||
network = ''
|
||||
Server "grafana.serv.zentralwerk.org" "25826"
|
||||
'';
|
||||
memory = "";
|
||||
processes = "";
|
||||
disk = "";
|
||||
df = "";
|
||||
cpu = "";
|
||||
entropy = "";
|
||||
load = "";
|
||||
swap = "";
|
||||
cgroups = "";
|
||||
vmem = "";
|
||||
interface = "";
|
||||
} // lib.optionalAttrs isMetal {
|
||||
sensors = "";
|
||||
cpufreq = "";
|
||||
irq = "";
|
||||
ipmi = "";
|
||||
thermal = "";
|
||||
} // lib.optionalAttrs config.services.nginx.enable {
|
||||
nginx = ''
|
||||
URL "http://localhost:${toString nginxStatusPort}/nginx_status"
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
nginx = lib.mkMerge [
|
||||
(lib.mkIf config.services.nginx.enable {
|
||||
virtualHosts.localhost = {
|
||||
listen = [
|
||||
{ addr = "127.0.0.1"; port = nginxStatusPort; }
|
||||
|
@ -72,48 +73,30 @@ in
|
|||
deny all;
|
||||
'';
|
||||
};
|
||||
};
|
||||
})
|
||||
})
|
||||
|
||||
(lib.mkIf (pkgs.system != "riscv64-linux") {
|
||||
nginx = {
|
||||
(lib.mkIf (pkgs.system != "riscv64-linux") {
|
||||
enable = true;
|
||||
virtualHosts."_" = {
|
||||
listen =
|
||||
let
|
||||
port = 9100;
|
||||
in
|
||||
[
|
||||
{ addr = "0.0.0.0"; inherit port; }
|
||||
{ addr = "[::]"; inherit port; }
|
||||
];
|
||||
listen = let port = 9100; in [
|
||||
{ addr = "0.0.0.0"; inherit port; }
|
||||
{ addr = "[::]"; inherit port; }
|
||||
];
|
||||
locations."/metrics" = {
|
||||
proxyPass = "http://127.0.0.1:${toString config.services.prometheus.exporters.node.port}/metrics";
|
||||
# ip ranges duplicated with matemat
|
||||
extraConfig = ''
|
||||
satisfy any;
|
||||
allow 2a00:8180:2c00:200::/56;
|
||||
allow 2a0f:5382:acab:1400::/56;
|
||||
allow fd23:42:c3d2:500::/56;
|
||||
allow 30c:c3d2:b946:76d0::/64;
|
||||
allow ::1/128;
|
||||
allow 172.22.99.0/24;
|
||||
allow 172.20.72.0/21;
|
||||
allow 127.0.0.0/8;
|
||||
deny all;
|
||||
'';
|
||||
extraConfig = libC.hqNetworkOnly;
|
||||
};
|
||||
};
|
||||
};
|
||||
})
|
||||
];
|
||||
|
||||
prometheus.exporters.node = {
|
||||
enable = true;
|
||||
enabledCollectors = [ "ethtool" "systemd" ];
|
||||
listenAddress = "127.0.0.1";
|
||||
openFirewall = true;
|
||||
port = 9101;
|
||||
};
|
||||
})
|
||||
];
|
||||
prometheus.exporters.node = lib.mkIf (pkgs.system != "riscv64-linux") {
|
||||
enable = true;
|
||||
enabledCollectors = [ "ethtool" "systemd" ];
|
||||
listenAddress = "127.0.0.1";
|
||||
openFirewall = true;
|
||||
port = 9101;
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
|
@ -0,0 +1,11 @@
|
|||
--- a/cmake/modules/BuildSPDK.cmake
|
||||
+++ b/cmake/modules/BuildSPDK.cmake
|
||||
@@ -35,7 +35,7 @@ macro(build_spdk)
|
||||
# unset $CFLAGS, otherwise it will interfere with how SPDK sets
|
||||
# its include directory.
|
||||
# unset $LDFLAGS, otherwise SPDK will fail to mock some functions.
|
||||
- BUILD_COMMAND env -i PATH=$ENV{PATH} CC=${CMAKE_C_COMPILER} ${make_cmd} EXTRA_CFLAGS="${spdk_CFLAGS}"
|
||||
+ BUILD_COMMAND env -i PATH=$ENV{PATH} CC=${CMAKE_C_COMPILER} ${make_cmd} EXTRA_CFLAGS="${spdk_CFLAGS}" C_OPT="-mssse3"
|
||||
BUILD_IN_SOURCE 1
|
||||
INSTALL_COMMAND "true")
|
||||
unset(make_cmd)
|
|
@ -13,17 +13,27 @@ with final; {
|
|||
|
||||
bmxd = callPackage ./bmxd.nix { };
|
||||
|
||||
dex-oidc = prev.dex-oidc.override {
|
||||
buildGoModule = args: buildGoModule (args // {
|
||||
patches = args.patches or [ ] ++ [
|
||||
# remember session
|
||||
(fetchpatch {
|
||||
url = "https://github.com/dexidp/dex/commit/dd0fb05386ce89c74381ce49e903cc10b987459e.patch";
|
||||
sha256 = "sha256-71py0pysgS3jDkKeqD/K4KJ821bolz/4PTjt2rDdUy8=";
|
||||
})
|
||||
];
|
||||
ceph_17_2 = assert (lib.versions.majorMinor ceph.version) == "17.2"; prev.ceph;
|
||||
|
||||
dex-oidc = prev.dex-oidc.override {
|
||||
buildGoModule = let
|
||||
ver = lib.versions.majorMinor prev.dex-oidc.version;
|
||||
in args: buildGoModule (args // {
|
||||
patches = args.patches or [ ]
|
||||
# remember session
|
||||
# TODO: remove 2.35 when 23.05 is stable
|
||||
++ lib.optional (ver == "2.35") (fetchpatch {
|
||||
url = "https://github.com/dexidp/dex/commit/dd0fb05386ce89c74381ce49e903cc10b987459e.patch";
|
||||
hash = "sha256-71py0pysgS3jDkKeqD/K4KJ821bolz/4PTjt2rDdUy8=";
|
||||
})
|
||||
++ lib.optional (ver == "2.36") (fetchpatch {
|
||||
url = "https://github.com/dexidp/dex/commit/000004b13b876e04a6f75ec0394f7cabe84fb15e.patch";
|
||||
hash = "sha256-u85RnwfhcQt7RK11Ed/fDLUbHOuD+TKJU8UHQslZowM=";
|
||||
});
|
||||
} // lib.optionalAttrs (ver == "2.35") {
|
||||
vendorSha256 = "sha256-BxFiRHOGIJf3jTVtrw/QbnvG5gyfwAKQGd3IiWw5iVc=";
|
||||
} // lib.optionalAttrs (ver == "2.36") {
|
||||
vendorHash = "sha256-hxq7JPz8uD5WQIPO2anSf9+kzyoQy/BQ0OVTblA8qts=";
|
||||
});
|
||||
};
|
||||
|
||||
|
@ -100,14 +110,14 @@ with final; {
|
|||
doCheck = false;
|
||||
});
|
||||
|
||||
oxigraph = callPackage ./oxigraph.nix { };
|
||||
|
||||
pi-sensors = callPackage ./pi-sensors { };
|
||||
|
||||
plume = callPackage ./plume { };
|
||||
|
||||
readsb = callPackage ./readsb.nix { };
|
||||
|
||||
schalterd = callPackage ./schalterd.nix { };
|
||||
|
||||
telme10 = callPackage ./telme10.nix { };
|
||||
|
||||
tracer-game =
|
||||
|
|
|
@ -2,12 +2,12 @@
|
|||
|
||||
buildPythonApplication rec {
|
||||
pname = "mlat-client";
|
||||
version = "0.3.9";
|
||||
version = "0.4.2";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "adsbxchange";
|
||||
repo = "mlat-client";
|
||||
rev = "v${version}";
|
||||
sha256 = "0zqm9g6sg3mzq8x809x9kicc9mqpkh1ndb0xfapb3hkz5d5dnm6z";
|
||||
hash = "sha256-V//LpYmBXtT8haX1aZ4XldzzyUY2YN7x3lTpQ2csTmw=";
|
||||
};
|
||||
}
|
||||
|
|
|
@ -1,35 +0,0 @@
|
|||
{ lib
|
||||
, rustPlatform
|
||||
, fetchFromGitHub
|
||||
, pkg-config
|
||||
, llvmPackages
|
||||
}:
|
||||
|
||||
rustPlatform.buildRustPackage rec {
|
||||
pname = "oxigraph";
|
||||
version = "0.3.11";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = pname;
|
||||
repo = pname;
|
||||
rev = "v${version}";
|
||||
sha256 = "sha256-7KbDZKKJPk3QTp4siIbdB6xKbslw73Lhc7NoeOuA0Og=";
|
||||
fetchSubmodules = true;
|
||||
};
|
||||
|
||||
cargoSha256 = "sha256-Yqn6hwejg6LzcqW0MiUN3tqrOql6cpu/5plaOz+2/ns=";
|
||||
|
||||
nativeBuildInputs = [
|
||||
pkg-config llvmPackages.clang
|
||||
];
|
||||
LIBCLANG_PATH = "${llvmPackages.libclang.lib}/lib";
|
||||
|
||||
preConfigure = ''
|
||||
cd server
|
||||
'';
|
||||
postBuild = ''
|
||||
cd ..
|
||||
'';
|
||||
|
||||
doCheck = false;
|
||||
}
|
|
@ -0,0 +1,15 @@
|
|||
{ lib, pkgsStatic, fetchFromGitHub }:
|
||||
|
||||
pkgsStatic.pkgsCross.armv7l-hf-multiplatform.rustPlatform.buildRustPackage {
|
||||
name = "schalterd";
|
||||
|
||||
src = "${fetchFromGitHub {
|
||||
owner = "astro";
|
||||
repo = "spacemsg";
|
||||
# master of 2023-07-02
|
||||
rev = "a825a738544e62c285f4497c151a73d417326da2";
|
||||
sha256 = "sha256-8sM2GdQ2nJ3YCCF5+ZW0vBNTKL3/ulY1/fmyw++5UQQ=";
|
||||
}}/schalterd";
|
||||
|
||||
cargoSha256 = "sha256-OdNztl4XQML2UqK/4BLzKed3pBJNd9rIwHEXaIzLQ4U=";
|
||||
}
|
|
@ -7,17 +7,17 @@
|
|||
|
||||
buildGoModule {
|
||||
pname = "trainbot";
|
||||
version = "unstable-2023-05-07";
|
||||
version = "unstable-2023-05-25";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "jo-m";
|
||||
repo = "trainbot";
|
||||
rev = "82444a14cba5f611c620f752e79d8bf5e3c5b416";
|
||||
sha256 = "sha256-4f5TtTxsJyfT/N9wElnAYxUTuPmx90zQN9afA0UylCU=";
|
||||
rev = "3a03711c99ff157a793dddc20a59116eb7cd1664";
|
||||
sha256 = "sha256-JdilVe/jysTVBg2Q/IrLIzODVz+PG+1HGo+5AF+X6D4=";
|
||||
};
|
||||
|
||||
checkInputs = [ ffmpeg ];
|
||||
doCheck = false;
|
||||
|
||||
vendorHash = "sha256-DphXCfPW4w0aGI1e3aKQ9pDAMJ8wioPCDqRUR5gJ+Q4=";
|
||||
vendorHash = "sha256-IsYUvVmZdlwEaOoD76m9KABsldBado9yQiOa8Q8Pkp0=";
|
||||
}
|
||||
|
|
|
@ -121,8 +121,7 @@ lib.attrsets.mapAttrs
|
|||
nix copy --no-check-sigs --to ssh-ng://${target} ${inputPaths}
|
||||
|
||||
# use nixos-rebuild from target config
|
||||
nixosRebuild=$(nix build ${self}#nixosConfigurations.${name}.config.system.build.nixos-rebuild ${overrideInputsArgs} --no-link --json | ${pkgs.jq}/bin/jq -r '.[0].outputs.out')
|
||||
nix copy --no-check-sigs --to ssh-ng://${target} $nixosRebuild
|
||||
nixosRebuild=$(ssh ${target} nix build ${self}#nixosConfigurations.${name}.config.system.build.nixos-rebuild ${overrideInputsArgs} --no-link --json | ${pkgs.jq}/bin/jq -r '.[0].outputs.out')
|
||||
ssh ${target} $nixosRebuild/bin/nixos-rebuild ${rebuildArg} "$@"
|
||||
'';
|
||||
|
||||
|
|
|
@ -23,28 +23,30 @@
|
|||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEhcrBEpbCOM4KTVqjvuEOAcKOPScQ7U4TsNJzzrQW/k laalsaas"
|
||||
];
|
||||
marenz = [
|
||||
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDixJ6x0QnSk/ebIJ9zlsRM5olZbqrxDaIt0QQmZOuAbbz441SVW+/0/7ks80GMIMxzUy5YpNvrkY+6q/dZVvNybZLm/csdoFB2soOI/F1NUOppM+r2f33db/5ae3iaun/xBOW/D5lQTbm6IfrYjN9z3gW6tTYFPauZyctizZz5P1egwtCrAnMti8aBE3G+lGXVIVbjsjYruqgSN86WM0YM9HH9XB8Kd/TDCI/j9prXFkoj9EuzOQtIDNRA4Asmi08ZmoVKqadbuZAXoYEngPe2nigiiBoV/5fyyWIJSliWPZ8YDXk8X6pRJaOgZyc6mmot0/BLJo+DkhoUDA7wp3wr cardno:000609614306"
|
||||
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC6edpEvI6/0IBBolm3fX67U7UhA42hBVXPcN2hrTe9DiaRTMC1EnsgHSLYAuV1Ltu9gkDxHZ4aTpa69La7C7I0WPAhzXWAE1BNl2/93CETAcZoum2IYl9CZNGFG5D2Uxd8lnyZH9WtgN5WYLaKm/xFSVclYwbnYtTjI2T9mYmrrDf4bwvvjg6p6KBQUgaotwC+qyADGTJjfSiIsYU8cJhA4XROudmiKa6LAlw0VrkgQoITRYoWvmrdHMgzeCJa5UvKGxyGRqGcPB7wVFQpv2uxJVtCjb5Uhk8ZHzbc/rANBXwCgMr9tmyKDsO9imtcucQXZT7O06mkD5OYCVSdtVsx cardno:000610670724"
|
||||
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDixJ6x0QnSk/ebIJ9zlsRM5olZbqrxDaIt0QQmZOuAbbz441SVW+/0/7ks80GMIMxzUy5YpNvrkY+6q/dZVvNybZLm/csdoFB2soOI/F1NUOppM+r2f33db/5ae3iaun/xBOW/D5lQTbm6IfrYjN9z3gW6tTYFPauZyctizZz5P1egwtCrAnMti8aBE3G+lGXVIVbjsjYruqgSN86WM0YM9HH9XB8Kd/TDCI/j9prXFkoj9EuzOQtIDNRA4Asmi08ZmoVKqadbuZAXoYEngPe2nigiiBoV/5fyyWIJSliWPZ8YDXk8X6pRJaOgZyc6mmot0/BLJo+DkhoUDA7wp3wr cardno:000609614306 - marenz"
|
||||
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC6edpEvI6/0IBBolm3fX67U7UhA42hBVXPcN2hrTe9DiaRTMC1EnsgHSLYAuV1Ltu9gkDxHZ4aTpa69La7C7I0WPAhzXWAE1BNl2/93CETAcZoum2IYl9CZNGFG5D2Uxd8lnyZH9WtgN5WYLaKm/xFSVclYwbnYtTjI2T9mYmrrDf4bwvvjg6p6KBQUgaotwC+qyADGTJjfSiIsYU8cJhA4XROudmiKa6LAlw0VrkgQoITRYoWvmrdHMgzeCJa5UvKGxyGRqGcPB7wVFQpv2uxJVtCjb5Uhk8ZHzbc/rANBXwCgMr9tmyKDsO9imtcucQXZT7O06mkD5OYCVSdtVsx cardno:000610670724 - marenz"
|
||||
];
|
||||
nek0 = [
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILpLQaRn6wzdyU5f1MZKYgL3A9t0H/ELyZHEMK0e2I+k nek0@madness"
|
||||
];
|
||||
oxa = [
|
||||
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCou/7YU2kbeWbZv/F3kjWJLyLeZ5SGGMNr03rWjqZcliJCqEZGO4gz7jdizg/h+j7YWTV3Gn+03LY+tlfhuI7Okxe1YLphuPb4qb38QUprpdg9QTdREGUUpKeaXUOXASoC5EHAkx5GYcQ9uZAx70ZHdggwNvQOVcOfbSIv+MPTaEq4MTwf/Y5MhFvCUrQecTvaoukAPS3PEOWptz5hDDH7jjiJmDwHeICMhHK9YvesFjIsc/iQHScCDWBg+WbQAeLYSbJkmnzFz/7jbdF34Wmz/7FlUiOqqzkZ5Ykr78ae4NgbSz09QjkZ/W0wVIH+UAVHn3OQ+7aRukkve9w48lEb1XJvMo3Y1sGRY6AUOHw0B4xa9ZgXQiuAH4ExjaDSArNkUWjQrKkUvyl30j7t6HRA2Y+W5BzodYKO/JBGqaGneTvlXV2e7lFP2kmnf17dnkJmwTi2p0CQJrpsnifuj5gNDA/qZkXPK5DOPe+asW2Vc2panSbXosZG9Gk20JeahZ54gVn2UvRVk41GhQdCAuVWeuXF9+rtSyjtx2NSrQLIyi/59n6STL/hS1135wrEifP+xTCoI+8yxTB8BSd5JSQ9GeUGkevZp9asmwKOA/WkTzsESECbCrbgOstTCSsKPfQITLu45zIrLHn9cLjrwby06mNhp2B28GlAmvcDBC95NQ== mail@oxapentane.com"
|
||||
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDP6xE2ey0C8XXfvniiiHiqXsCC277jKI9RXEA+s2LQLUI5zl7v350i3Oa8H3NCcPj39lfMreqE6ncxcOhqYyzahPrrMkOqgbPAoRvq8H3ophLK+56O3xdHoKwLBwRD1yoGACjqG4UTiTrmnN2ateENgYcnTEY1e4vDw1qMj1drUXCsZ/6mkBBmHJiFfCaR4yCMt1r4gGi/dAC7ifnBP3oSyV/lJEwPxYYkGlbOBIvX/7Ar98pJS6xYPB3jHs9gwyNNON63d0fNYrwBojXPPCnGGaRZNOkBTzex3zZYp12ThINQ2xl8tRp9D8qpZ7vrLjhTD6AXkOBRzmDj+NsCeEaeTuWajqUM93iKncYUI+JxR1t7q8gA2pBMFzLesMXnx7R+5Kw7QDtSJM7a4GMIfsocPwf64BH6rzxEz68rXFE3P+J77PPM9CuaYw90JXHo3z220zYw2nMQ/1qjATVZw/hiVrLmQMVfmFJIufnGjTBs2sy3IoNyzvYm/oDeNNg1cdSV9gyyRKZhK08fxjXN5GSf9vZkfZa9tHtqaZ99HI40GQBHUVx1K2/NQJY8TVTSA+v16SFnJK8BIbmp/WFCuvDcMkgLIbqiYtDASe7P2mKIib86uOENT+P820egeLiTQ06kFw/gfUa8t69d5qEcjiQZ+lxCeYIs/E9KrEXHvRUWew== cardno:16 811 339"
|
||||
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDP6xE2ey0C8XXfvniiiHiqXsCC277jKI9RXEA+s2LQLUI5zl7v350i3Oa8H3NCcPj39lfMreqE6ncxcOhqYyzahPrrMkOqgbPAoRvq8H3ophLK+56O3xdHoKwLBwRD1yoGACjqG4UTiTrmnN2ateENgYcnTEY1e4vDw1qMj1drUXCsZ/6mkBBmHJiFfCaR4yCMt1r4gGi/dAC7ifnBP3oSyV/lJEwPxYYkGlbOBIvX/7Ar98pJS6xYPB3jHs9gwyNNON63d0fNYrwBojXPPCnGGaRZNOkBTzex3zZYp12ThINQ2xl8tRp9D8qpZ7vrLjhTD6AXkOBRzmDj+NsCeEaeTuWajqUM93iKncYUI+JxR1t7q8gA2pBMFzLesMXnx7R+5Kw7QDtSJM7a4GMIfsocPwf64BH6rzxEz68rXFE3P+J77PPM9CuaYw90JXHo3z220zYw2nMQ/1qjATVZw/hiVrLmQMVfmFJIufnGjTBs2sy3IoNyzvYm/oDeNNg1cdSV9gyyRKZhK08fxjXN5GSf9vZkfZa9tHtqaZ99HI40GQBHUVx1K2/NQJY8TVTSA+v16SFnJK8BIbmp/WFCuvDcMkgLIbqiYtDASe7P2mKIib86uOENT+P820egeLiTQ06kFw/gfUa8t69d5qEcjiQZ+lxCeYIs/E9KrEXHvRUWew== cardno:16 811 339 - oxapentane"
|
||||
];
|
||||
poelzi = [
|
||||
# TODO: use a RSA4096 or ed25519 key
|
||||
"ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAuQbziwBjiSZqzE2b4iOqz1HxjinqHbGjAv1XHLOq+AFfNwMc4wiyQ/u2LpuRG2HlwK9pBeIY/gZSUP3YJZ1RumnrEOxY2Tgmzko0W9ME+hvK1OHZcXI69QA/ctxEVgOUMvTtS8XssFLAbQfkXJYeTL/5yr/Qrs3MDDfa+1UGY7LQlyzh6c4pQ+pBgWJALyzztc0orqgSVUJ2u8naQ210Jv3dQnpE+bwfeG9IuWjQqBXWHwlqxwRDxnnDBVcUj4z24XsMmHHWd/zizD+4C0Qx/rBiFhYBDXP+320U5gpgFzRl3t1HQXiPCb/LAgp2CLpZ8Eh4u9tgIhp6Z6l9r0B+vQ== poelzi@poelzi.org"
|
||||
];
|
||||
polygon = [
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICGEKrCGXyHqD0jdTYVHnnScL9mhDU2PR9VyH7fu528J jan@nixbrett"
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICGEKrCGXyHqD0jdTYVHnnScL9mhDU2PR9VyH7fu528J jan@nixbrett - polygon"
|
||||
];
|
||||
revol-xut = [
|
||||
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC6NLB8EHnUgl2GO2uaojdf3p3YpsHH6px6CZleif8klhLN+ro5KeFK2OXC2SO3Vo4qgF/NySdsoInV9JEsssELZ2ttVbeKxI6f76V5dZgGI7qoSf4E0TXIgpS9n9K2AEmRKr65uC2jgkSJuo/T1mF+4/Nzyo706FT/GGVoiBktgq9umbYX0vIQkTMFAcw921NwFCWFQcMYRruaH01tLu6HIAdJ9FVG8MAt84hCr4D4PobD6b029bHXTzcixsguRtl+q4fQAl3WK3HAxT+txN91CDoP2eENo3gbmdTBprD2RcB/hz5iI6IaY3p1+8fTX2ehvI3loRA8Qjr/xzkzMUlpA/8NLKbJD4YxNGgFbauEmEnlC8Evq2vMrxdDr2SjnBAUwzZ63Nq+pUoBNYG/c+h+eO/s7bjnJVe0m2/2ZqPj1jWQp4hGoNzzU1cQmy6TdEWJcg2c8ints5068HN3o0gQKkp1EseNrdB8SuG+me/c/uIOX8dPASgo3Yjv9IGLhhx8GOGQxHEQN9QFC4QyZt/rrAyGmlX342PBNYmmStgVWHiYCcMVUWGlsG0XvG6bvGgmMeHNVsDf6WdMQuLj9luvxJzrd4FlKX6O0X/sIaqMVSkhIbD2+vvKNqrii7JdUTntUPs89L5h9DoDqQWkL13Plg1iQt4/VYeKTbUhYYz1lw== revo-xut@plank"
|
||||
];
|
||||
sandro = [
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFidD6Snqgd8J7avxHvdDd81rdi0zNZWSilBe3eaTIlv sandro@magnesium"
|
||||
"sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIAUDvmdH7DwqMXLg/fAXtwme44P5L6ye9dFcVIdL+wk5AAAABHNzaDo= sandro@geode"
|
||||
"sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIDZVEPkbVT3+g5PEngQ4HSmXWBppmoAYuDIrZrPYMeXrAAAABHNzaDo= sandro@prism"
|
||||
];
|
||||
tboston = [
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIINkmizml/XsSRzp3mNIumb3ZEPQoZhi/TtDU7rOUiKA tboston"
|
||||
|
@ -58,8 +60,4 @@
|
|||
wolf = [
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJa4Xl4izrsirkBPxRruPSyByWj31Tya1h+jDQ94ZuU3 vv01f@debitch"
|
||||
];
|
||||
leon = [
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJPZoT83l0ogbJpviBs4VmO+NdF4NPtYAnyf8RRSoXsv leon@leon"
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIANupx+diz5N8sGZOc7ZXopyPh9HaML8M7Qh70aVVIaJ leon@leons-Air"
|
||||
];
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue