felixalb/nixos-config
felixalb
/
nixos-config
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

defiant #2

Merged
felixalb merged 6 commits from defiant into main 2023-12-25 02:09:25 +01:00
Conversation 0 Commits 6 Files Changed 23 +362 -363
23 changed files with 362 additions and 363 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
.sops.yaml
View File

@ -2,8 +2,7 @@ keys:
- &user_felixalb_old age1n6j9umxfn5ekvmsrqngdhux0y994yh72sd5xdt6sxec86k4dyu9shsgjkw - &user_felixalb_old age1n6j9umxfn5ekvmsrqngdhux0y994yh72sd5xdt6sxec86k4dyu9shsgjkw
- &user_felixalb age1nj7ju6f3jfvzw4c0sxywthjmztwp7rwqceun8xw2tlfrt7qymatser4vqf - &user_felixalb age1nj7ju6f3jfvzw4c0sxywthjmztwp7rwqceun8xw2tlfrt7qymatser4vqf
- &host_voyager age14jzavfeg47pgnrstea6yzvh3s3a578nj8hkk8g79vxyzpn86gslscp23qu - &host_voyager age14jzavfeg47pgnrstea6yzvh3s3a578nj8hkk8g79vxyzpn86gslscp23qu
- &host_sarek age1yjc08ykd5d687p9tmn6mpsna3azryreuuz6akj2p0dtft9xqq5lsuamljk - &host_defiant age128md9emufxu35kgww3a90sw40vvc60f5xul9n9ndvw4lfnj3ndaqq44u64
- &host_janeway age1sjk38fy5dk2nn0q0rmxuvr9uw3ttgz7mq4632f8jllzqryft0y3s46j65k
creation_rules: creation_rules:
# Global secrets # Global secrets
@ -21,16 +20,8 @@ creation_rules:
- *user_felixalb_old - *user_felixalb_old
- *user_felixalb - *user_felixalb
- path_regex: secrets/sarek/[^/]+\.yaml$ - path_regex: secrets/defiant/[^/]+\.yaml$
key_groups: key_groups:
- age: - age:
- *host_sarek - *host_defiant
- *user_felixalb_old
- *user_felixalb
- path_regex: secrets/janeway/[^/]+\.yaml$
key_groups:
- age:
- *host_janeway
- *user_felixalb_old
- *user_felixalb - *user_felixalb

11
README.md
View File

@ -1,11 +1,10 @@
# Work In Progress! ## Felixalbs nixos config
Notice, these things might be missing:
- Functionality Contains configurations for some nixos servers, some nixos desktops and a [nix-darwin](https://github.com/LnL7/nix-darwin) host.
- Style Secrets are managed with [sops-nix](https://github.com/Mic92/sops-nix).
- Safety
### Build: ### Build:
- Build locally on another machine (verify) - Build locally on another machine:
``` ```
nix --extra-experimental-features "nix-command flakes" build ".#nixosConfigurations.sarek.config.system.build.toplevel" nix --extra-experimental-features "nix-command flakes" build ".#nixosConfigurations.sarek.config.system.build.toplevel"
``` ```

2
base.nix
View File

@ -6,7 +6,7 @@
networking = { networking = {
domain = "home.feal.no"; domain = "home.feal.no";
nameservers = [ "192.168.10.3" "192.168.11.100" "1.1.1.1" ]; nameservers = [ "192.168.10.175" "192.168.10.1" "1.1.1.1" ];
useDHCP = lib.mkDefault false; useDHCP = lib.mkDefault false;
}; };

51
flake.nix
View File

@ -51,6 +51,25 @@
} }
]; ];
}; };
defiant = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
specialArgs = {
inherit inputs;
};
modules = [
# Overlays-module makes "pkgs.unstable" available in configuration.nix
({ config, pkgs, ... }: { nixpkgs.overlays = [ overlay-unstable ]; })
./hosts/defiant/configuration.nix
sops-nix.nixosModules.sops
matrix-synapse-next.nixosModules.default
home-manager.nixosModules.home-manager {
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
home-manager.users."felixalb" = import ./hosts/defiant/home.nix;
}
];
};
edison = nixpkgs.lib.nixosSystem { edison = nixpkgs.lib.nixosSystem {
system = "x86_64-linux"; system = "x86_64-linux";
specialArgs = { specialArgs = {
@ -69,38 +88,6 @@
} }
]; ];
}; };
sarek = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
specialArgs = {
inherit inputs;
};
modules = [
# Overlays-module makes "pkgs.unstable" available in configuration.nix
({ config, pkgs, ... }: { nixpkgs.overlays = [ overlay-unstable ]; })
./hosts/sarek/configuration.nix
sops-nix.nixosModules.sops
home-manager.nixosModules.home-manager {
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
home-manager.users."felixalb" = import ./hosts/sarek/home.nix;
}
];
};
janeway = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
specialArgs = {
inherit inputs;
};
modules = [
# Overlays-module makes "pkgs.unstable" available in configuration.nix
({ config, pkgs, ... }: { nixpkgs.overlays = [ overlay-unstable ]; })
./hosts/janeway/configuration.nix
sops-nix.nixosModules.sops
matrix-synapse-next.nixosModules.default
];
};
redshirt = nixpkgs.lib.nixosSystem { redshirt = nixpkgs.lib.nixosSystem {
system = "x86_64-linux"; system = "x86_64-linux";
specialArgs = { specialArgs = {

41
hosts/defiant/configuration.nix Normal file
View File

@ -0,0 +1,41 @@
{ config, pkgs, ... }:
{
imports =
[
../../base.nix
../../common/metrics-exporters.nix
./hardware-configuration.nix
./services/postgresql.nix
./services/nginx.nix
./services/matrix-synapse.nix
./services/flame.nix
./services/hedgedoc.nix
./services/pihole.nix
];
networking = {
hostName = "defiant";
defaultGateway = "192.168.10.1";
interfaces.enp3s0.ipv4 = {
addresses = [
{ address = "192.168.10.175"; prefixLength = 24; } # Main IP for defiant, internal
];
};
hostId = "8e84f235";
};
sops.defaultSopsFile = ../../secrets/defiant/defiant.yaml;
environment.variables = { EDITOR = "vim"; };
environment.systemPackages = with pkgs; [
zfs
];
virtualisation.docker.enable = true;
virtualisation.oci-containers.backend = "docker";
system.stateVersion = "23.11";
}

36
hosts/defiant/hardware-configuration.nix Normal file
View File

@ -0,0 +1,36 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-amd" ];
boot.extraModulePackages = [ ];
fileSystems."/" = {
device = "/dev/disk/by-uuid/45ceae6b-cf6d-42d6-9694-d14c1d42b49f";
fsType = "ext4";
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/DDDC-5C0C";
fsType = "vfat";
};
swapDevices = [ {
device = "/swapfile";
size = 8*1024;
} ];
networking.useDHCP = lib.mkDefault false;
# networking.interfaces.enp3s0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

1
hosts/sarek/home.nix → hosts/defiant/home.nix
View File

@ -5,7 +5,6 @@
bottom bottom
ncdu ncdu
neofetch neofetch
nix-index
]; ];
imports = [ imports = [

22
hosts/defiant/services/flame.nix Normal file
View File

@ -0,0 +1,22 @@
{ config, pkgs, lib, ... }:
let
domain = "flame.home.feal.no";
host = "127.0.1.2";
port = "5005";
in {
# Flame - Homelab dashboard/linktree
virtualisation.oci-containers.containers = {
flame = {
image = "pawelmalak/flame";
ports = [ "${host}:${port}:5005" ];
volumes = [
"/var/lib/flame/data:/app/data/"
];
};
};
services.nginx.virtualHosts."${domain}" = {
locations."/".proxyPass = "http://${host}:${port}";
};
}

117
hosts/defiant/services/hedgedoc.nix Normal file
View File

@ -0,0 +1,117 @@
{ config, pkgs, lib, ... }:
let
cfg = config.services.hedgedoc.settings;
domain = "md.feal.no";
port = 3300;
host = "127.0.1.2";
authServerUrl = "https://auth.feal.no";
in {
# Contains CMD_SESSION_SECRET and CMD_OAUTH2_CLIENT_SECRET
sops.secrets."hedgedoc/env" = {
restartUnits = [ "hedgedoc.service" ];
};
services.hedgedoc = {
enable = true;
environmentFile = config.sops.secrets."hedgedoc/env".path;
settings = {
inherit domain port host;
protocolUseSSL = true;
sessionSecret = "$CMD_SESSION_SECRET";
allowFreeURL = true;
allowAnonymous = false;
allowAnonymousEdits = true; # Allow anonymous edits with the "freely" permission
# dbURL = "postgres://hedgedoc@localhost/hedgedoc";
db = {
username = "hedgedoc";
database = "hedgedoc";
host = "/run/postgresql";
dialect = "postgresql";
};
email = false;
oauth2 = {
baseURL = "${authServerUrl}/oauth2";
tokenURL = "${authServerUrl}/oauth2/token";
authorizationURL = "${authServerUrl}/ui/oauth2";
userProfileURL = "${authServerUrl}/oauth2/openid/hedgedoc/userinfo";
clientID = "hedgedoc";
clientSecret = "$CMD_OAUTH2_CLIENT_SECRET";
scope = "openid email profile";
userProfileUsernameAttr = "name";
userProfileEmailAttr = "email";
userProfileDisplayNameAttr = "displayname";
providerName = "KaniDM";
};
};
};
systemd.services.hedgedoc = {
requires = [
"postgresql.service"
# "kanidm.service"
];
serviceConfig = let
workDir = "/var/lib/hedgedoc";
in {
WorkingDirectory = lib.mkForce workDir;
StateDirectory = lib.mkForce [ "hedgedoc" "hedgedoc/uploads" ];
# Better safe than sorry :)
CapabilityBoundingSet = "";
LockPersonality = true;
NoNewPrivileges = true;
PrivateDevices = true;
PrivateMounts = true;
PrivateTmp = true;
PrivateUsers = true;
ProtectClock = true;
ProtectHome = true;
ProtectHostname = true;
ProtectKernelLogs = true;
ProtectKernelModules = true;
ProtectKernelTunables = true;
ProtectProc = "invisible";
ProtectSystem = "strict";
ReadWritePaths = [ workDir ];
RemoveIPC = true;
RestrictSUIDSGID = true;
UMask = "0007";
RestrictAddressFamilies = [ "AF_UNIX AF_INET AF_INET6" ];
SystemCallArchitectures = "native";
# SystemCallFilter = "~@clock @cpu-emulation @debug @keyring @module @mount @obsolete @raw-io @reboot @setuid @swap";
};
};
services.postgresql = {
ensureDatabases = [ "hedgedoc" ];
ensureUsers = [{
name = "hedgedoc";
ensureDBOwnership = true;
}];
};
services.nginx.virtualHosts."${domain}" = {
listen = [
{ addr = "192.168.10.175"; port = 43443; ssl = true; }
{ addr = "192.168.10.175"; port = 43080; ssl = false; }
];
enableACME = true;
forceSSL = true;
locations = {
"/" = {
proxyPass = "http://${host}:${toString port}";
};
"/socket.io" = {
proxyPass = "http://${host}:${toString port}";
proxyWebsockets = true;
};
};
};
}

7
hosts/janeway/services/matrix-synapse.nix → hosts/defiant/services/matrix-synapse.nix
View File

@ -73,11 +73,12 @@
}; };
services.redis.servers."".enable = true; services.redis.servers."".enable = true;
networking.firewall.allowedTCPPorts = [ 80 443 ];
services.nginx.virtualHosts."matrix.feal.no" = { services.nginx.virtualHosts."matrix.feal.no" = {
enableACME = lib.mkForce false; listen = [
forceSSL = lib.mkForce false; { addr = "192.168.10.175"; port = 43443; ssl = true; }
{ addr = "192.168.10.175"; port = 43080; ssl = false; }
];
}; };
} }

48
hosts/defiant/services/nginx.nix Normal file
View File

@ -0,0 +1,48 @@
{ config, values, ... }:
{
services.nginx = {
enable = true;
enableReload = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
recommendedGzipSettings = true;
recommendedOptimisation = true;
defaultListen = [
{
addr = "192.168.10.175";
port = 80;
ssl = false;
}
];
};
networking.firewall.allowedTCPPorts = [
80 443 # Internal / Default
43080 43443 # External / Publicly exposed
];
security.acme = {
acceptTerms = true;
defaults.email = "felix@albrigtsen.it";
};
# Publicly exposed services:
services.nginx.virtualHosts = let
publicProxy = upstream: {
listen = [
{ addr = "192.168.10.175"; port = 43443; ssl = true; }
{ addr = "192.168.10.175"; port = 43080; ssl = false; }
];
enableACME = true;
forceSSL = true;
locations."/".proxyPass = "${upstream}";
};
in {
"jf.feal.no" = publicProxy "http://jellyfin.home.feal.no/";
"wiki.wackattack.eu" = publicProxy "http://pascal.wackattack.home.feal.no/";
};
}

30
hosts/defiant/services/pihole.nix Normal file
View File

@ -0,0 +1,30 @@
{ config, pkgs, lib, ... }:
let
domain = "pihole.home.feal.no";
dnsHost = "192.168.10.175";
webuiListen = "127.0.1.2:5053";
in {
# Flame - Homelab dashboard/linktree
virtualisation.oci-containers.containers = {
pihole = {
image = "pihole/pihole";
ports = [
"${dnsHost}:53:53/tcp"
"${dnsHost}:53:53/udp"
"${webuiListen}:80"
];
environment.TZ = "Europe/Oslo";
volumes = [
"/var/lib/pihole/etc:/etc/pihole"
"/var/lib/pihole/dnsmasq:/etc/dnsmasq.d"
];
};
};
services.nginx.virtualHosts."${domain}" = {
locations."/".proxyPass = "http://${webuiListen}";
};
}

3
hosts/janeway/services/postgresql.nix → hosts/defiant/services/postgresql.nix
View File

@ -6,12 +6,11 @@
}; };
services.postgresqlBackup = { services.postgresqlBackup = {
enable = true; # enable = true;
location = "/data/backup/postgresql/"; location = "/data/backup/postgresql/";
startAt = "*-*-* 03:15:00"; startAt = "*-*-* 03:15:00";
backupAll = true; backupAll = true;
}; };
environment.systemPackages = [ config.services.postgresql.package ]; environment.systemPackages = [ config.services.postgresql.package ];
} }

40
hosts/janeway/configuration.nix
View File

@ -1,40 +0,0 @@
{ config, pkgs, lib, modulesPath, ... }:
{
imports =
[
(modulesPath + "/virtualisation/proxmox-lxc.nix")
../../base.nix
../../common/metrics-exporters.nix
./services/nginx.nix
./services/postgresql.nix
./services/matrix-synapse.nix
];
# Boot and console is handled by proxmoxLXC.
boot.loader.systemd-boot.enable = lib.mkForce false; # Enabled in base.nix, forced off here.
# Override proxmox networking
proxmoxLXC.manageNetwork = true;
networking = {
hostName = "janeway";
defaultGateway = "192.168.10.1";
interfaces."eth0".ipv4 = {
addresses = [
{ address = "192.168.10.183"; prefixLength = 24; }
];
};
hostId = "bed956ff";
};
environment.systemPackages = with pkgs; [
vim
bottom
];
sops.defaultSopsFile = ../../secrets/janeway/janeway.yaml;
system.stateVersion = "23.05";
}

33
hosts/janeway/services/bridge-discord.nix
View File

@ -1,33 +0,0 @@
{ config, pkgs, ... }:
{
services.mx-puppet-discord = {
enable = true;
serviceDependencies = [
"matrix-synapse.service"
"postgresql.service"
];
settings = {
bridge = {
bindAddress = "localhost";
domain = "feal.no";
homeserverUrl = "https://matrix.feal.no";
# homeserverUrl = "http://127.0.1.2:8008";
port = 8434;
enableGroupSync = true;
};
database.connString = "postgresql://mx-puppet-discord@localhost/mx-puppet-discord?sslmode=disable";
provisioning.whitelist = [ "@felixalb:feal\\.no" ];
relay.whitelist = [ ".*" ];
selfService.whitelist = [ "@felixalb:feal\\.no" ];
};
};
services.matrix-synapse.settings.app_service_config_files = [ /var/lib/mx-puppet-discord/discord-registration.yaml ];
}

19
hosts/janeway/services/nginx.nix
View File

@ -1,19 +0,0 @@
{ config, values, ... }:
{
services.nginx = {
enable = true;
enableReload = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
recommendedGzipSettings = true;
recommendedOptimisation = true;
};
networking.firewall.allowedTCPPorts = [ 80 443 ];
/* security.acme = { */
/* acceptTerms = true; */
/* email = "felix@albrigtsen.it"; */
/* }; */
}

54
hosts/sarek/configuration.nix
View File

@ -1,54 +0,0 @@
{ config, pkgs, lib, modulesPath, ... }:
{
imports =
[
(modulesPath + "/virtualisation/proxmox-lxc.nix")
../../base.nix
../../common/metrics-exporters.nix
./services/flame.nix
./services/hedgedoc.nix
./services/nginx.nix
./services/postgresql.nix
];
# Boot and console is handled by proxmoxLXC.
boot.loader.systemd-boot.enable = lib.mkForce false; # Enabled in base.nix, forced off here.
# Override proxmox networking
proxmoxLXC.manageNetwork = true;
networking = {
hostName = "sarek";
defaultGateway = "192.168.10.1";
interfaces."eth0".ipv4 = {
addresses = [
{ address = "192.168.10.181"; prefixLength = 24; }
];
};
hostId = "15dd36bc";
};
sops.defaultSopsFile = ../../secrets/sarek/sarek.yaml;
virtualisation.docker.enable = true;
virtualisation.oci-containers.backend = "docker";
# Undo https://github.com/NixOS/nixpkgs/commit/59e37267556eb917146ca3110ab7c96905b9ffbd to work on unprivileged LXC containers
system.activationScripts.var = lib.mkForce ''
# Various log/runtime directories.
mkdir -p /var/tmp
chmod 1777 /var/tmp
# Empty, immutable home directory of many system accounts.
mkdir -p /var/empty
# Make sure it's really empty
${pkgs.e2fsprogs}/bin/chattr -f -i /var/empty || true
find /var/empty -mindepth 1 -delete
chmod 0555 /var/empty
chown root:root /var/empty
${pkgs.e2fsprogs}/bin/chattr -f +i /var/empty || true
'';
systemd.tmpfiles.rules = lib.mkForce [];
system.stateVersion = "23.05";
}

24
hosts/sarek/services/flame.nix
View File

@ -1,24 +0,0 @@
{ config, pkgs, lib, ... }:
let
domain = "flame.home.feal.no";
host = "127.0.1.2";
port = "5005";
in {
# Flame - Homelab dashboard/linktree
virtualisation.oci-containers.containers = {
flame = {
image = "pawelmalak/flame";
ports = [ "${host}:${port}:5005" ];
volumes = [
"/var/lib/flame/data:/app/data/"
];
};
};
services.nginx.virtualHosts."${domain}" = {
locations."/" = {
proxyPass = "http://${host}:${port}";
};
};
}

94
hosts/sarek/services/hedgedoc.nix
View File

@ -1,94 +0,0 @@
{ config, pkgs, lib, ... }:
let
cfg = config.services.hedgedoc.settings;
domain = "md.feal.no";
port = 3300;
host = "0.0.0.0";
authServerUrl = "https://auth.feal.no";
in {
# Contains CMD_SESSION_SECRET and CMD_OAUTH2_CLIENT_SECRET
sops.secrets."hedgedoc/env" = {
restartUnits = [ "hedgedoc.service" ];
};
services.hedgedoc = {
enable = true;
environmentFile = config.sops.secrets."hedgedoc/env".path;
settings = {
inherit domain port host;
protocolUseSSL = true;
sessionSecret = "$CMD_SESSION_SECRET";
allowFreeURL = true;
allowAnonymous = false;
allowAnonymousEdits = true; # Allow anonymous edits with the "freely" permission
dbURL = "postgres://hedgedoc:@localhost/hedgedoc";
email = false;
oauth2 = {
baseURL = "${authServerUrl}/oauth2";
tokenURL = "${authServerUrl}/oauth2/token";
authorizationURL = "${authServerUrl}/ui/oauth2";
userProfileURL = "${authServerUrl}/oauth2/openid/hedgedoc/userinfo";
clientID = "hedgedoc";
clientSecret = "$CMD_OAUTH2_CLIENT_SECRET";
scope = "openid email profile";
userProfileUsernameAttr = "name";
userProfileEmailAttr = "email";
userProfileDisplayNameAttr = "displayname";
providerName = "KaniDM";
};
};
};
systemd.services.hedgedoc = {
requires = [
"postgresql.service"
# "kanidm.service"
];
serviceConfig = let
workDir = "/var/lib/hedgedoc";
in {
WorkingDirectory = lib.mkForce workDir;
StateDirectory = lib.mkForce [ "hedgedoc" "hedgedoc/uploads" ];
# Better safe than sorry :)
CapabilityBoundingSet = "";
LockPersonality = true;
NoNewPrivileges = true;
PrivateDevices = true;
PrivateMounts = true;
PrivateTmp = true;
PrivateUsers = true;
ProtectClock = true;
ProtectHome = true;
ProtectHostname = true;
ProtectKernelLogs = true;
ProtectKernelModules = true;
ProtectKernelTunables = true;
ProtectProc = "invisible";
ProtectSystem = "strict";
ReadWritePaths = [ workDir ];
RemoveIPC = true;
RestrictSUIDSGID = true;
UMask = "0007";
RestrictAddressFamilies = [ "AF_UNIX AF_INET AF_INET6" ];
SystemCallArchitectures = "native";
# SystemCallFilter = "~@clock @cpu-emulation @debug @keyring @module @mount @obsolete @raw-io @reboot @setuid @swap";
};
};
networking.firewall.allowedTCPPorts = [ port ];
services.postgresql = {
ensureDatabases = [ "hedgedoc" ];
ensureUsers = [{
name = "hedgedoc";
ensureDBOwnership = true;
}];
};
}

19
hosts/sarek/services/nginx.nix
View File

@ -1,19 +0,0 @@
{ config, values, ... }:
{
services.nginx = {
enable = true;
enableReload = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
recommendedGzipSettings = true;
recommendedOptimisation = true;
};
networking.firewall.allowedTCPPorts = [ 80 443 ];
/* security.acme = { */
/* acceptTerms = true; */
/* email = "felix@albrigtsen.it"; */
/* }; */
}

22
hosts/sarek/services/postgresql.nix
View File

@ -1,22 +0,0 @@
{ config, pkgs, lib, ... }:
{
services.postgresql = {
enable = true;
enableTCPIP = true; # Expose on the network
authentication = pkgs.lib.mkOverride 10 ''
local all all trust
host all all 127.0.0.1/32 trust
host all all ::1/128 trust
'';
};
services.postgresqlBackup = {
enable = true;
location = "/backup/postgresql/";
startAt = "*-*-* 03:15:00";
backupAll = true;
};
environment.systemPackages = [ config.services.postgresql.package ];
}

2
hosts/worf/configuration.nix
View File

@ -34,7 +34,7 @@
sshKey = "/var/root/.ssh/nix-builder"; sshKey = "/var/root/.ssh/nix-builder";
} }
{ {
hostName = "sarek.home.feal.no"; hostName = "defiant.home.feal.no";
system = "x86_64-linux"; system = "x86_64-linux";
maxJobs = 6; maxJobs = 6;

34
secrets/defiant/defiant.yaml Normal file
View File

@ -0,0 +1,34 @@
matrix:
synapse:
registrationsecret: ENC[AES256_GCM,data:6gRW6t080VSyNRAmIrMqXL/oj7dj0JbcQekG3lac7zcdvJbgkUaqEGoWdrym2XiEOSLBOVMthnpLdalC2wcyJdmxB7xMNsYS4RfjR3PMKIo1Ap7JSmuKBl3eeaOalHk=,iv:dZl4/qFMoqEbSwL4JF/sjG21e6DuKVxbXwrGHkxfW4U=,tag:LWdCcmUUeTO4YAHkHOSJuw==,type:str]
hedgedoc:
env: ENC[AES256_GCM,data:7UU8MNo3AEpG1L0lpbfow4mGsIj7qMgtldCxv2T8rimintl1PN+avb2yxXz2P+1MqxNhacYYfBn5AkVqUJvAvo/HaQmsu+M1iFuMG6vEQuMGZZ1bjcslKxjVFWe9Rxzb9O33jqielsBiUmkP7f0MoGzfdyncpRuGjge+ADL7YXdRdH2zyDLW0txM3P593MQYiGo9wzwb7ZpycX4NsuE=,iv:4QE4RwD6c7KQS/w15YP/P2u7iOTWd36/YhpA2Jtdu0U=,tag:QBvO3q5C9TK0oSeso367/Q==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age128md9emufxu35kgww3a90sw40vvc60f5xul9n9ndvw4lfnj3ndaqq44u64
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBhQXEzMHQzaTU2YW85Yjhh
eDZ1eG15UytULzhYaTBZemlRak5USmVrMlhRCmtOUmNqYS9xa0VHU2J1V0E0NjN0
ZDRhek9xNXJNY0FhZUJCVjJpYW1ZNHcKLS0tIER3OFlyV2Q3b2l0RkkzVkZMaHdt
MHI3WEV0RnZvWGw5a3BIV21kMlJxdU0Kpa1mjuwYoyk8Qfsst1k/pGGONYQf/sdZ
kfTZV2btleBISsP5aBDTF+I4AJZesumJuNVA0gPsI88GaQuf3rqb8w==
-----END AGE ENCRYPTED FILE-----
- recipient: age1nj7ju6f3jfvzw4c0sxywthjmztwp7rwqceun8xw2tlfrt7qymatser4vqf
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBjRi9mRDMvcDhBN3RVcG90
Q2Y5NGhTVmVOaW9VRTl0R25QQXJsb2FQOTFrCnNsL0M2OTQ1KzJKSXJaVlVrL01v
R1RnOURGcDU3V2JldTdlRitQeDBIZE0KLS0tIHB2T3ZGQjZZRUlUL0FUSzhoZ1Ez
RXcvQU1JYnl0bUtocTZuNkRxcGQwR2MKnyAYtF2y7XBmNuIYi6RzqEJEPPg7B22A
fQVeDfIhiNSVva784KTU+y4TU1UPxumriRrLRFPF3h42ZEq2zQAgrQ==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2023-12-24T23:15:29Z"
mac: ENC[AES256_GCM,data:h+omoqeN7ssm7lfF/kdUCX7umQwWtTeph2C9tJQEAP7naL+Sm5WgXl/6PYHjjDSJ8X56tQgNdA2F5P5xIwTEfi6ip0Xbqy9vL+TfqjRhaT897O9W3Gka0zKTIkLFH2klgv3FXRd1CybxfyZpuz8Gpyy/tHZMcdIbEt+snlAII/A=,iv:+MgU7SfErnTMc63liEr8SmJLAthlbG8kU/xY6fUC7jU=,tag:I56xwXpVOF38QelGqW0XPg==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.8.1