mirror of
https://git.pvv.ntnu.no/Drift/pvv-nixos-config.git
synced 2026-07-04 17:51:48 +02:00
Compare commits
20 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
| 7eb6351471 | |||
| 7429b334ca | |||
| 1595f67c55 | |||
| 3f5eadcb87 | |||
| 70c0ad8724 | |||
| 61ea0181a1 | |||
| 3e22c1a47e | |||
| 0319858cad | |||
| efd50868e0 | |||
| 7a23cf7f25 | |||
| 57963fadd7 | |||
| 792f111a5d | |||
| b27859c0fa | |||
| eb0eb6d93b | |||
| 6a943dd7b0 | |||
| c59c00f3fc | |||
| 53670b4d05 | |||
| d92a5f13ad | |||
| 16d3251ee2 | |||
| 09163b77da |
@@ -45,6 +45,7 @@ revert the changes on the next nightly rebuild (tends to happen when everybody i
|
||||
| [lupine][lup] | Physical | Gitea CI/CD runners |
|
||||
| shark | Virtual | Test host for authentication, absolutely horrendous |
|
||||
| [skrot][skr] | Physical | Kiosk, snacks and soda |
|
||||
| [temmie][tem] | Virtual | User websites |
|
||||
| [wenche][wen] | Virtual | Nix-builders, general purpose compute |
|
||||
|
||||
## Documentation
|
||||
@@ -63,4 +64,5 @@ revert the changes on the next nightly rebuild (tends to happen when everybody i
|
||||
[kom]: https://wiki.pvv.ntnu.no/wiki/Maskiner/kommode
|
||||
[lup]: https://wiki.pvv.ntnu.no/wiki/Maskiner/lupine
|
||||
[skr]: https://wiki.pvv.ntnu.no/wiki/Maskiner/Skrot
|
||||
[tem]: https://wiki.pvv.ntnu.no/wiki/Maskiner/temmie
|
||||
[wen]: https://wiki.pvv.ntnu.no/wiki/Maskiner/wenche
|
||||
|
||||
+4
-4
@@ -77,10 +77,10 @@
|
||||
'';
|
||||
|
||||
# These are servers, sleep is for the weak
|
||||
systemd.sleep.extraConfig = lib.mkDefault ''
|
||||
AllowSuspend=no
|
||||
AllowHibernation=no
|
||||
'';
|
||||
systemd.sleep.settings.Sleep = {
|
||||
AllowSuspend = lib.mkDefault false;
|
||||
AllowHibernation = lib.mkDefault false;
|
||||
};
|
||||
|
||||
# users.mutableUsers = lib.mkDefault false;
|
||||
|
||||
|
||||
+1
-1
@@ -8,6 +8,6 @@
|
||||
|
||||
services.resolved = {
|
||||
enable = lib.mkDefault true;
|
||||
dnssec = "false"; # Supposdly this keeps breaking and the default is to allow downgrades anyways...
|
||||
settings.Resolve.DNSSEC = false; # Supposdly this keeps breaking and the default is to allow downgrades anyways...
|
||||
};
|
||||
}
|
||||
|
||||
@@ -6,8 +6,7 @@ in
|
||||
services.journald.upload = {
|
||||
enable = lib.mkDefault true;
|
||||
settings.Upload = {
|
||||
# URL = "https://journald.pvv.ntnu.no:${toString config.services.journald.remote.port}";
|
||||
URL = "https://${values.hosts.ildkule.ipv4}:${toString config.services.journald.remote.port}";
|
||||
URL = "https://journald.pvv.ntnu.no:${toString config.services.journald.remote.port}";
|
||||
ServerKeyFile = "-";
|
||||
ServerCertificateFile = "-";
|
||||
TrustedCertificateFile = "-";
|
||||
|
||||
Generated
+9
-9
@@ -43,16 +43,16 @@
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1736864502,
|
||||
"narHash": "sha256-ItkIZyebGvNH2dK9jVGzJHGPtb6BSWLN8Gmef16NeY0=",
|
||||
"lastModified": 1768920986,
|
||||
"narHash": "sha256-CNzzBsRhq7gg4BMBuTDObiWDH/rFYHEuDRVOwCcwXw4=",
|
||||
"owner": "nix-community",
|
||||
"repo": "disko",
|
||||
"rev": "0141aabed359f063de7413f80d906e1d98c0c123",
|
||||
"rev": "de5708739256238fb912c62f03988815db89ec9a",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "nix-community",
|
||||
"ref": "v1.11.0",
|
||||
"ref": "v1.13.0",
|
||||
"repo": "disko",
|
||||
"type": "github"
|
||||
}
|
||||
@@ -248,15 +248,15 @@
|
||||
},
|
||||
"nixpkgs": {
|
||||
"locked": {
|
||||
"lastModified": 1778544512,
|
||||
"narHash": "sha256-VIsPgfIpZ/01XUO6WN+o1NZbP5iKPKPHdHPWqfm4XIg=",
|
||||
"rev": "c417517f9d525181ee5619c683419d308ee29fe8",
|
||||
"lastModified": 1779622335,
|
||||
"narHash": "sha256-06G98ieM6l+OI7EMhlvchgDBDn+DvIWCNj40LDhKpmc=",
|
||||
"rev": "705e9929918b43bd7b715dc0a878ac870449bb03",
|
||||
"type": "tarball",
|
||||
"url": "https://releases.nixos.org/nixos/25.11-small/nixos-25.11.10745.c417517f9d52/nixexprs.tar.xz"
|
||||
"url": "https://releases.nixos.org/nixos/26.05-small/nixos-26.05beta1.705e9929918b/nixexprs.tar.xz"
|
||||
},
|
||||
"original": {
|
||||
"type": "tarball",
|
||||
"url": "https://nixos.org/channels/nixos-25.11-small/nixexprs.tar.xz"
|
||||
"url": "https://nixos.org/channels/nixos-26.05-small/nixexprs.tar.xz"
|
||||
}
|
||||
},
|
||||
"nixpkgs-lib": {
|
||||
|
||||
@@ -2,13 +2,13 @@
|
||||
description = "PVV System flake";
|
||||
|
||||
inputs = {
|
||||
nixpkgs.url = "https://nixos.org/channels/nixos-25.11-small/nixexprs.tar.xz";
|
||||
nixpkgs.url = "https://nixos.org/channels/nixos-26.05-small/nixexprs.tar.xz";
|
||||
nixpkgs-unstable.url = "https://nixos.org/channels/nixos-unstable-small/nixexprs.tar.xz";
|
||||
|
||||
sops-nix.url = "github:Mic92/sops-nix/master";
|
||||
sops-nix.inputs.nixpkgs.follows = "nixpkgs";
|
||||
|
||||
disko.url = "github:nix-community/disko/v1.11.0";
|
||||
disko.url = "github:nix-community/disko/v1.13.0";
|
||||
disko.inputs.nixpkgs.follows = "nixpkgs";
|
||||
|
||||
nix-topology.url = "github:oddlama/nix-topology/main";
|
||||
@@ -85,6 +85,7 @@
|
||||
[
|
||||
"nvidia-x11"
|
||||
"nvidia-settings"
|
||||
"nvidia-kernel-modules"
|
||||
];
|
||||
});
|
||||
|
||||
@@ -105,6 +106,7 @@
|
||||
[
|
||||
"nvidia-x11"
|
||||
"nvidia-settings"
|
||||
"nvidia-kernel-modules"
|
||||
];
|
||||
overlays =
|
||||
(lib.optionals enableDefaults [
|
||||
@@ -189,14 +191,12 @@
|
||||
(final: prev: {
|
||||
mediawiki-extensions = final.callPackage ./packages/mediawiki-extensions {};
|
||||
simplesamlphp = final.callPackage ./packages/simplesamlphp {};
|
||||
bluemap = final.callPackage ./packages/bluemap.nix {};
|
||||
})
|
||||
inputs.pvv-nettsiden.overlays.default
|
||||
inputs.qotd.overlays.default
|
||||
];
|
||||
modules = [
|
||||
inputs.pvv-nettsiden.nixosModules.default
|
||||
self.nixosModules.bluemap
|
||||
inputs.qotd.nixosModules.default
|
||||
];
|
||||
};
|
||||
@@ -232,6 +232,20 @@
|
||||
];
|
||||
};
|
||||
|
||||
grevling = stableNixosConfig "grevling" {
|
||||
modules = [
|
||||
./hosts/grevling/configuration.nix
|
||||
sops-nix.nixosModules.sops
|
||||
];
|
||||
};
|
||||
|
||||
tuba = stableNixosConfig "grevling" {
|
||||
modules = [
|
||||
./hosts/tuba/configuration.nix
|
||||
sops-nix.nixosModules.sops
|
||||
];
|
||||
};
|
||||
|
||||
brzeczyszczykiewicz = stableNixosConfig "brzeczyszczykiewicz" {
|
||||
modules = [
|
||||
inputs.grzegorz-clients.nixosModules.grzegorz-webui
|
||||
|
||||
@@ -1,105 +1,10 @@
|
||||
{ config, lib, pkgs, inputs, ... }:
|
||||
{ values, ... }:
|
||||
let
|
||||
vanillaSurvival = "/var/lib/bluemap/vanilla_survival_world";
|
||||
format = pkgs.formats.hocon { };
|
||||
webExport = "/var/lib/bluemap/web";
|
||||
in {
|
||||
# NOTE: our versino of the module gets added in flake.nix
|
||||
# NOTE: our version of the module gets added in flake.nix
|
||||
disabledModules = [ "services/web-apps/bluemap.nix" ];
|
||||
|
||||
sops.secrets."bluemap/ssh-key" = { };
|
||||
sops.secrets."bluemap/ssh-known-hosts" = { };
|
||||
|
||||
services.bluemap = {
|
||||
enable = true;
|
||||
|
||||
eula = true;
|
||||
onCalendar = "*-*-* 05:45:00"; # a little over an hour after auto-upgrade
|
||||
|
||||
host = "minecraft.pvv.ntnu.no";
|
||||
|
||||
maps = let
|
||||
inherit (inputs.minecraft-kartverket.packages.${pkgs.stdenv.hostPlatform.system}) bluemap-export;
|
||||
in {
|
||||
"verden" = {
|
||||
extraHoconMarkersFile = "${bluemap-export}/overworld.hocon";
|
||||
settings = {
|
||||
world = vanillaSurvival;
|
||||
dimension = "minecraft:overworld";
|
||||
name = "Verden";
|
||||
sorting = 0;
|
||||
start-pos = {
|
||||
x = 0;
|
||||
z = 0;
|
||||
};
|
||||
ambient-light = 0.1;
|
||||
cave-detection-ocean-floor = -5;
|
||||
};
|
||||
};
|
||||
"underverden" = {
|
||||
extraHoconMarkersFile = "${bluemap-export}/nether.hocon";
|
||||
settings = {
|
||||
world = vanillaSurvival;
|
||||
dimension = "minecraft:the_nether";
|
||||
name = "Underverden";
|
||||
sorting = 100;
|
||||
start-pos = {
|
||||
x = 0;
|
||||
z = 0;
|
||||
};
|
||||
sky-color = "#290000";
|
||||
void-color = "#150000";
|
||||
sky-light = 1;
|
||||
ambient-light = 0.6;
|
||||
remove-caves-below-y = -10000;
|
||||
cave-detection-ocean-floor = -5;
|
||||
cave-detection-uses-block-light = true;
|
||||
render-mask = [{
|
||||
max-y = 90;
|
||||
}];
|
||||
};
|
||||
};
|
||||
"enden" = {
|
||||
extraHoconMarkersFile = "${bluemap-export}/the-end.hocon";
|
||||
settings = {
|
||||
world = vanillaSurvival;
|
||||
dimension = "minecraft:the_end";
|
||||
name = "Enden";
|
||||
sorting = 200;
|
||||
start-pos = {
|
||||
x = 0;
|
||||
z = 0;
|
||||
};
|
||||
sky-color = "#080010";
|
||||
void-color = "#080010";
|
||||
sky-light = 1;
|
||||
ambient-light = 0.6;
|
||||
remove-caves-below-y = -10000;
|
||||
cave-detection-ocean-floor = -5;
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
systemd.services."render-bluemap-maps" = {
|
||||
serviceConfig = {
|
||||
StateDirectory = [ "bluemap/world" ];
|
||||
ExecStartPre = let
|
||||
rsyncArgs = lib.cli.toCommandLineShellGNU { } {
|
||||
archive = true;
|
||||
compress = true;
|
||||
verbose = true;
|
||||
no-owner = true;
|
||||
no-group = true;
|
||||
rsh = "${pkgs.openssh}/bin/ssh -o UserKnownHostsFile=%d/ssh-known-hosts -i %d/sshkey";
|
||||
};
|
||||
in "${lib.getExe pkgs.rsync} ${rsyncArgs} root@innovation.pvv.ntnu.no:/ ${vanillaSurvival}";
|
||||
LoadCredential = [
|
||||
"sshkey:${config.sops.secrets."bluemap/ssh-key".path}"
|
||||
"ssh-known-hosts:${config.sops.secrets."bluemap/ssh-known-hosts".path}"
|
||||
];
|
||||
};
|
||||
};
|
||||
|
||||
services.nginx.virtualHosts."minecraft.pvv.ntnu.no" = {
|
||||
enableACME = true;
|
||||
forceSSL = true;
|
||||
@@ -115,6 +20,30 @@ in {
|
||||
quic_retry on;
|
||||
add_header Alt-Svc 'h3=":$server_port"; ma=86400';
|
||||
'';
|
||||
root = webExport;
|
||||
locations = {
|
||||
"~* ^/maps/[^/]*/tiles/".extraConfig = ''
|
||||
error_page 404 = @empty;
|
||||
'';
|
||||
"@empty".return = "204";
|
||||
};
|
||||
};
|
||||
|
||||
services.rsync-pull-targets = {
|
||||
enable = true;
|
||||
locations.${webExport} = {
|
||||
user = "root";
|
||||
rrsyncArgs.wo = true;
|
||||
authorizedKeysAttrs = [
|
||||
"restrict"
|
||||
"from=\"gluttony.pvv.ntnu.no,${values.hosts.gluttony.ipv6},${values.hosts.gluttony.ipv4}\""
|
||||
"no-agent-forwarding"
|
||||
"no-port-forwarding"
|
||||
"no-pty"
|
||||
"no-X11-forwarding"
|
||||
];
|
||||
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH5jrqMovXlWaFWZAV/aKyQReHvUQp5kb+7Ja4gnevSr root@gluttony bluemap";
|
||||
};
|
||||
};
|
||||
|
||||
networking.firewall.allowedUDPPorts = [ 443 ];
|
||||
|
||||
@@ -64,11 +64,4 @@ in
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
networking.firewall.allowedUDPPortRanges = [
|
||||
{
|
||||
from = cfg.settings.rtc.port_range_start;
|
||||
to = cfg.settings.rtc.port_range_end;
|
||||
}
|
||||
];
|
||||
}
|
||||
|
||||
@@ -1,10 +1,8 @@
|
||||
{ config, lib, pkgs, inputs, ... }:
|
||||
let
|
||||
vanillaSurvival = "/var/lib/bluemap/vanilla_survival_world";
|
||||
webExport = "/var/lib/bluemap/web";
|
||||
format = pkgs.formats.hocon { };
|
||||
in {
|
||||
# NOTE: our versino of the module gets added in flake.nix
|
||||
# NOTE: our version of the module gets added in flake.nix
|
||||
disabledModules = [ "services/web-apps/bluemap.nix" ];
|
||||
|
||||
sops.secrets."bluemap/ssh-key" = { };
|
||||
@@ -16,6 +14,8 @@ in {
|
||||
eula = true;
|
||||
onCalendar = "*-*-* 05:45:00"; # a little over an hour after auto-upgrade
|
||||
|
||||
enableNginx = false;
|
||||
|
||||
host = "minecraft.pvv.ntnu.no";
|
||||
|
||||
maps = let
|
||||
@@ -103,30 +103,11 @@ in {
|
||||
no-group = true;
|
||||
rsh = "${pkgs.openssh}/bin/ssh -o UserKnownHostsFile=%d/ssh-known-hosts -i %d/sshkey";
|
||||
};
|
||||
in "${lib.getExe pkgs.rsync} ${rsyncArgs} ${webExport} root@bekkalokk.pvv.ntnu.no:${webExport}";
|
||||
in "${lib.getExe pkgs.rsync} ${rsyncArgs} --groupmap=root:nginx ${config.services.bluemap.webRoot}/ root@bekkalokk.pvv.ntnu.no:/";
|
||||
LoadCredential = [
|
||||
"sshkey:${config.sops.secrets."bluemap/ssh-key".path}"
|
||||
"ssh-known-hosts:${config.sops.secrets."bluemap/ssh-known-hosts".path}"
|
||||
];
|
||||
};
|
||||
};
|
||||
|
||||
services.nginx.virtualHosts."minecraft.pvv.ntnu.no" = {
|
||||
enableACME = true;
|
||||
forceSSL = true;
|
||||
kTLS = true;
|
||||
http3 = true;
|
||||
quic = true;
|
||||
http3_hq = true;
|
||||
extraConfig = ''
|
||||
# Enabling QUIC 0-RTT
|
||||
ssl_early_data on;
|
||||
|
||||
quic_gso on;
|
||||
quic_retry on;
|
||||
add_header Alt-Svc 'h3=":$server_port"; ma=86400';
|
||||
'';
|
||||
};
|
||||
|
||||
networking.firewall.allowedUDPPorts = [ 443 ];
|
||||
}
|
||||
|
||||
@@ -0,0 +1,36 @@
|
||||
{ config, pkgs, values, ... }:
|
||||
{
|
||||
imports = [
|
||||
# Include the results of the hardware scan.
|
||||
./hardware-configuration.nix
|
||||
../../base.nix
|
||||
../../misc/metrics-exporters.nix
|
||||
|
||||
./services/openvpn
|
||||
];
|
||||
|
||||
boot.loader.systemd-boot.enable = true;
|
||||
boot.loader.efi.canTouchEfiVariables = true;
|
||||
|
||||
networking.hostName = "grevling";
|
||||
|
||||
# systemd.network.networks."30-eno1" = values.defaultNetworkConfig // {
|
||||
# matchConfig.Name = "eno1";
|
||||
# address = with values.hosts.georg; [ (ipv4 + "/25") (ipv6 + "/64") ];
|
||||
# };
|
||||
|
||||
# List packages installed in system profile
|
||||
environment.systemPackages = with pkgs; [
|
||||
];
|
||||
|
||||
# List services that you want to enable:
|
||||
|
||||
# This value determines the NixOS release from which the default
|
||||
# settings for stateful data, like file locations and database versions
|
||||
# on your system were taken. It‘s perfectly fine and recommended to leave
|
||||
# this value at the release version of the first install of this system.
|
||||
# Before changing this value read the documentation for this option
|
||||
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
|
||||
system.stateVersion = "23.05"; # Did you read the comment?
|
||||
|
||||
}
|
||||
@@ -0,0 +1,40 @@
|
||||
# Do not modify this file! It was generated by ‘nixos-generate-config’
|
||||
# and may be overwritten by future invocations. Please make changes
|
||||
# to /etc/nixos/configuration.nix instead.
|
||||
{ config, lib, pkgs, modulesPath, ... }:
|
||||
|
||||
{
|
||||
imports =
|
||||
[ (modulesPath + "/installer/scan/not-detected.nix")
|
||||
];
|
||||
|
||||
boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "usb_storage" "usbhid" "sd_mod" ];
|
||||
boot.initrd.kernelModules = [ ];
|
||||
boot.kernelModules = [ "kvm-intel" ];
|
||||
boot.extraModulePackages = [ ];
|
||||
|
||||
fileSystems."/" =
|
||||
{ device = "/dev/disk/by-uuid/33825f0d-5a63-40fc-83db-bfa1ebb72ba0";
|
||||
fsType = "ext4";
|
||||
};
|
||||
|
||||
fileSystems."/boot" =
|
||||
{ device = "/dev/disk/by-uuid/145E-7362";
|
||||
fsType = "vfat";
|
||||
};
|
||||
|
||||
swapDevices =
|
||||
[ { device = "/dev/disk/by-uuid/7ed27e21-3247-44cd-8bcc-5d4a2efebf57"; }
|
||||
];
|
||||
|
||||
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
|
||||
# (the default) this is the recommended approach. When using systemd-networkd it's
|
||||
# still possible to use this option, but it's recommended to use it in conjunction
|
||||
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
|
||||
networking.useDHCP = lib.mkDefault true;
|
||||
# networking.interfaces.eno1.useDHCP = lib.mkDefault true;
|
||||
# networking.interfaces.enp2s2.useDHCP = lib.mkDefault true;
|
||||
|
||||
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
|
||||
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
|
||||
}
|
||||
@@ -0,0 +1,77 @@
|
||||
{ pkgs, lib, values, ... }:
|
||||
{
|
||||
services.openvpn.servers."ov-tunnel" = {
|
||||
config = let
|
||||
conf = {
|
||||
# TODO: use aliases
|
||||
local = "129.241.210.191";
|
||||
port = 1194;
|
||||
proto = "udp";
|
||||
dev = "tap";
|
||||
|
||||
# TODO: set up
|
||||
ca = "";
|
||||
cert = "";
|
||||
key = "";
|
||||
dh = "";
|
||||
|
||||
# Maintain a record of client <-> virtual IP address
|
||||
# associations in this file. If OpenVPN goes down or
|
||||
# is restarted, reconnecting clients can be assigned
|
||||
# the same virtual IP address from the pool that was
|
||||
# previously assigned.
|
||||
ifconfig-pool-persist = ./ipp.txt;
|
||||
|
||||
server-bridge = builtins.concatStringsSep " " [
|
||||
"129.241.210.129"
|
||||
"255.255.255.128"
|
||||
"129.241.210.253"
|
||||
"129.241.210.254"
|
||||
];
|
||||
|
||||
keepalive = "10 120";
|
||||
cipher = "none";
|
||||
|
||||
user = "nobody";
|
||||
group = "nobody";
|
||||
|
||||
status = "/var/log/openvpn-status.log";
|
||||
|
||||
client-config-dir = pkgs.writeTextDir "tuba" ''
|
||||
# Sett IP-adr. for tap0 til tubas PVV-adr.
|
||||
ifconfig-push ${values.services.tuba-tap} 255.255.255.128
|
||||
# Hvordan skal man faa dette til aa funke, tro?
|
||||
#ifconfig-ipv6-push 2001:700:300:1900::xxx/64
|
||||
|
||||
# La tuba bruke std. PVV-gateway til all trafikk (unntatt
|
||||
# VPN-tunnellen).
|
||||
push "redirect-gateway"
|
||||
'';
|
||||
|
||||
persist-key = true;
|
||||
persist-tun = true;
|
||||
|
||||
verb = 5;
|
||||
|
||||
explicit-exit-notify = 1;
|
||||
};
|
||||
in lib.pipe conf [
|
||||
(lib.filterAttrs (_: value: !(builtins.isNull value || value == false)))
|
||||
(builtins.mapAttrs (_: value:
|
||||
if builtins.isList value then builtins.concatStringsSep " " (map toString value)
|
||||
else if value == true then value
|
||||
else if builtins.any (f: f value) [
|
||||
builtins.isString
|
||||
builtins.isInt
|
||||
builtins.isFloat
|
||||
lib.isPath
|
||||
lib.isDerivation
|
||||
] then toString value
|
||||
else throw "Unknown value in grevling openvpn config, deading now\n${value}"
|
||||
))
|
||||
(lib.mapAttrsToList (name: value: if value == true then name else "${name} ${value}"))
|
||||
(builtins.concatStringsSep "\n")
|
||||
(x: x + "\n\n")
|
||||
];
|
||||
};
|
||||
}
|
||||
@@ -0,0 +1,36 @@
|
||||
{ config, pkgs, values, ... }:
|
||||
{
|
||||
imports = [
|
||||
# Include the results of the hardware scan.
|
||||
./hardware-configuration.nix
|
||||
../../base.nix
|
||||
../../misc/metrics-exporters.nix
|
||||
|
||||
./services/openvpn
|
||||
];
|
||||
|
||||
boot.loader.systemd-boot.enable = true;
|
||||
boot.loader.efi.canTouchEfiVariables = true;
|
||||
|
||||
networking.hostName = "tuba";
|
||||
|
||||
# systemd.network.networks."30-eno1" = values.defaultNetworkConfig // {
|
||||
# matchConfig.Name = "eno1";
|
||||
# address = with values.hosts.georg; [ (ipv4 + "/25") (ipv6 + "/64") ];
|
||||
# };
|
||||
|
||||
# List packages installed in system profile
|
||||
environment.systemPackages = with pkgs; [
|
||||
];
|
||||
|
||||
# List services that you want to enable:
|
||||
|
||||
# This value determines the NixOS release from which the default
|
||||
# settings for stateful data, like file locations and database versions
|
||||
# on your system were taken. It‘s perfectly fine and recommended to leave
|
||||
# this value at the release version of the first install of this system.
|
||||
# Before changing this value read the documentation for this option
|
||||
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
|
||||
system.stateVersion = "23.05"; # Did you read the comment?
|
||||
|
||||
}
|
||||
@@ -0,0 +1,40 @@
|
||||
# Do not modify this file! It was generated by ‘nixos-generate-config’
|
||||
# and may be overwritten by future invocations. Please make changes
|
||||
# to /etc/nixos/configuration.nix instead.
|
||||
{ config, lib, pkgs, modulesPath, ... }:
|
||||
|
||||
{
|
||||
imports =
|
||||
[ (modulesPath + "/installer/scan/not-detected.nix")
|
||||
];
|
||||
|
||||
boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "usb_storage" "usbhid" "sd_mod" ];
|
||||
boot.initrd.kernelModules = [ ];
|
||||
boot.kernelModules = [ "kvm-intel" ];
|
||||
boot.extraModulePackages = [ ];
|
||||
|
||||
fileSystems."/" =
|
||||
{ device = "/dev/disk/by-uuid/33825f0d-5a63-40fc-83db-bfa1ebb72ba0";
|
||||
fsType = "ext4";
|
||||
};
|
||||
|
||||
fileSystems."/boot" =
|
||||
{ device = "/dev/disk/by-uuid/145E-7362";
|
||||
fsType = "vfat";
|
||||
};
|
||||
|
||||
swapDevices =
|
||||
[ { device = "/dev/disk/by-uuid/7ed27e21-3247-44cd-8bcc-5d4a2efebf57"; }
|
||||
];
|
||||
|
||||
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
|
||||
# (the default) this is the recommended approach. When using systemd-networkd it's
|
||||
# still possible to use this option, but it's recommended to use it in conjunction
|
||||
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
|
||||
networking.useDHCP = lib.mkDefault true;
|
||||
# networking.interfaces.eno1.useDHCP = lib.mkDefault true;
|
||||
# networking.interfaces.enp2s2.useDHCP = lib.mkDefault true;
|
||||
|
||||
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
|
||||
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
|
||||
}
|
||||
@@ -0,0 +1,54 @@
|
||||
{ lib, values, ... }:
|
||||
{
|
||||
services.openvpn.servers."ov-tunnel" = {
|
||||
config = let
|
||||
conf = {
|
||||
# TODO: use aliases
|
||||
client = true;
|
||||
dev = "tap";
|
||||
proto = "udp";
|
||||
remote = "129.241.210.191 1194";
|
||||
|
||||
resolv-retry = "infinite";
|
||||
nobind = true;
|
||||
|
||||
# # TODO: set up
|
||||
ca = "";
|
||||
cert = "";
|
||||
key = "";
|
||||
remote-cert-tls = "server";
|
||||
cipher = "none";
|
||||
|
||||
user = "nobody";
|
||||
group = "nobody";
|
||||
|
||||
status = "/var/log/openvpn-status.log";
|
||||
|
||||
persist-key = true;
|
||||
persist-tun = true;
|
||||
|
||||
verb = 5;
|
||||
|
||||
# script-security = 2;
|
||||
# up = "systemctl restart rwhod";
|
||||
};
|
||||
in lib.pipe conf [
|
||||
(lib.filterAttrs (_: value: !(builtins.isNull value || value == false)))
|
||||
(builtins.mapAttrs (_: value:
|
||||
if builtins.isList value then builtins.concatStringsSep " " (map toString value)
|
||||
else if value == true then value
|
||||
else if builtins.any (f: f value) [
|
||||
builtins.isString
|
||||
builtins.isInt
|
||||
builtins.isFloat
|
||||
lib.isPath
|
||||
lib.isDerivation
|
||||
] then toString value
|
||||
else throw "Unknown value in tuba openvpn config, deading now\n${value}"
|
||||
))
|
||||
(lib.mapAttrsToList (name: value: if value == true then name else "${name} ${value}"))
|
||||
(builtins.concatStringsSep "\n")
|
||||
(x: x + "\n\n")
|
||||
];
|
||||
};
|
||||
}
|
||||
@@ -12,7 +12,7 @@ let
|
||||
name
|
||||
, commit
|
||||
, hash
|
||||
, tracking-branch ? "REL1_44"
|
||||
, tracking-branch ? "REL1_45"
|
||||
, kebab-name ? kebab-case-name name
|
||||
, fetchgit ? pkgs.fetchgit
|
||||
}:
|
||||
@@ -33,63 +33,63 @@ in
|
||||
lib.mergeAttrsList [
|
||||
(mw-ext {
|
||||
name = "CodeEditor";
|
||||
commit = "2db9c9cef35d88a0696b926e8e4ea2d479d0d73a";
|
||||
hash = "sha256-f0tWJl/4hml+RCp7OoIpQ4WSGKE3/z8DTYOAOHbLA9A=";
|
||||
commit = "af7e82f24ba4b68393712fece6f1b5fa4bb049ec";
|
||||
hash = "sha256-XT8E4O6MEZYHSs6Q+A/dfYaUvJ4kY13Kd/cq30dA5NA=";
|
||||
})
|
||||
(mw-ext {
|
||||
name = "CodeMirror";
|
||||
commit = "b16e614c3c4ba68c346b8dd7393ab005ab127441";
|
||||
hash = "sha256-J/TJPo5Oxgpy6UQINivLKl8jzJp4k/mKv6br3kcCSMQ=";
|
||||
commit = "f06dfd40a08562a841ddf11b4ae3444ef06c98c7";
|
||||
hash = "sha256-5zXkBjOwFdoQezkPRJ2AcBZLZEEpGG6FawO2K3KzllI=";
|
||||
})
|
||||
(mw-ext {
|
||||
name = "DeleteBatch";
|
||||
commit = "1b947c0f80249cf052b58138f830b379edf080bc";
|
||||
hash = "sha256-629RCz+38m2pfyJe/CrYutRoDyN1HzD0KzDdC2wwqlI=";
|
||||
commit = "9bc75a753efefedfc88c598fb01f18a7e4b61f00";
|
||||
hash = "sha256-1xA758fsvoioN9xuq0hRqZKtPXMQViVLtuRINDtowdk=";
|
||||
})
|
||||
(mw-ext {
|
||||
name = "PluggableAuth";
|
||||
commit = "56893b8ee9ecd03eaee256e08c38bc82657ee0a1";
|
||||
hash = "sha256-gvoJey7YLMk+toutQTdWxpaedNDr59E+3xXWmXWCGl0=";
|
||||
commit = "64133683b73d8eeea8069fe7ed9cb7237fd5c212";
|
||||
hash = "sha256-wqpfgVLenZp6XC510nrsrbvK1IMEPcWVYq5YuAOt5+c=";
|
||||
})
|
||||
(mw-ext {
|
||||
name = "Popups";
|
||||
commit = "6732d8d195bd8312779d8514e92bad372ef63096";
|
||||
hash = "sha256-XZzhA9UjAOUMcoGYYwiqRg2uInZ927JOZ9/IrZtarJU=";
|
||||
commit = "f74a8639f57232898978d9f3792293eb2d370e40";
|
||||
hash = "sha256-uunUtN3M/ksW/kcbeIzDVTdb1P/PHTeTwaTsvspMLko=";
|
||||
})
|
||||
(mw-ext {
|
||||
name = "Scribunto";
|
||||
commit = "fc9658623bd37fad352e326ce81b2a08ef55f04d";
|
||||
hash = "sha256-P9WQk8O9qP+vXsBS9A5eXX+bRhnfqHetbkXwU3+c1Vk=";
|
||||
commit = "cbab0c740e03c8e6184fd647d95e24e0826d20cb";
|
||||
hash = "sha256-vXS3+wrUBVtPsETa19pMvud9sALGt4Ao9mM5rQRbBQc=";
|
||||
})
|
||||
(mw-ext {
|
||||
name = "SimpleSAMLphp";
|
||||
kebab-name = "simple-saml-php";
|
||||
commit = "4c615a9203860bb908f2476a5467573e3287d224";
|
||||
hash = "sha256-zNKvzInhdW3B101Hcghk/8m0Y+Qk/7XN7n0i/x/5hSE=";
|
||||
commit = "fc5ad4501434fe85198f0b1f0087d798efa91f9f";
|
||||
hash = "sha256-se0krTglo1fShJXj38bPLhw65tZC5P54Ywt7oeZrLes=";
|
||||
})
|
||||
(mw-ext {
|
||||
name = "TemplateData";
|
||||
commit = "6884b10e603dce82ee39632f839ee5ccd8a6fbe3";
|
||||
hash = "sha256-jcLe3r5fPIrQlp89N+PdIUSC7bkdd7pTmiYppSpdKVQ=";
|
||||
commit = "d37b02f6ed194138ac7193a0782bbf6efb9164f8";
|
||||
hash = "sha256-NpzVBzX7qfXkIE+jh33ndooS9GE8ZF3/Jynm22in7IQ=";
|
||||
})
|
||||
(mw-ext {
|
||||
name = "TemplateStyles";
|
||||
commit = "f0401a6b82528c8fd5a0375f1e55e72d1211f2ab";
|
||||
hash = "sha256-tEcCNBz/i9OaE3mNrqw0J2K336BAf6it30TLhQkbtKs=";
|
||||
commit = "f85614c26a0057a9f418342f89214a04c9de9988";
|
||||
hash = "sha256-XZOtM3iadjE5vavsjkx7kfJNhLZlnnFt1CN+mv6XVHQ=";
|
||||
})
|
||||
(mw-ext {
|
||||
name = "UserMerge";
|
||||
commit = "6c138ffc65991766fd58ff4739fcb7febf097146";
|
||||
hash = "sha256-366Nb0ilmXixWgk5NgCuoxj82Mf0iRu1bC/L/eofAxU=";
|
||||
commit = "2f2432c909a36691ca0002daf6fb304d6c182beb";
|
||||
hash = "sha256-ZP8Tp6u+uJxx3I39YGMmkP0sTnjAQUSaxImAJaRv+Ek=";
|
||||
})
|
||||
(mw-ext {
|
||||
name = "VisualEditor";
|
||||
commit = "9cfcca3195bf88225844f136da90ab7a1f6dd0b9";
|
||||
hash = "sha256-jHw3RnUB3bQa1OvmzhEBqadZlFPWH62iGl5BLXi3nZ4=";
|
||||
commit = "1508d49d0dd71fdc1d18badd23671441b3bc327b";
|
||||
hash = "sha256-VNiCVNrCAImAr1tS9T28KPPzzNsKPz5ELFRIBtng+So=";
|
||||
})
|
||||
(mw-ext {
|
||||
name = "WikiEditor";
|
||||
commit = "fe5329ba7a8c71ac8236cd0e940a64de2645b780";
|
||||
hash = "sha256-no6kH7esqKiZv34btidzy2zLd75SBVb8EaYVhfRPQSI=";
|
||||
commit = "aba5e7c6701877a6b43583709751658fec606d47";
|
||||
hash = "sha256-XmbQy0NXuY3oVGkkgC233kkzfBfx32HDylloGYXU/Nc=";
|
||||
})
|
||||
]
|
||||
|
||||
@@ -37,12 +37,10 @@ vaultwarden:
|
||||
SMTP_PASSWORD: ENC[AES256_GCM,data:Nr+4wZSvq6KjfzB169v4ojvWHa25Aw==,iv:HM4VYLUCI0HaBT8cDzusYA+49LpuJeg7v/Pz4nfulmM=,tag:T4TkDt+NdWnqbCDaRUERJw==,type:str]
|
||||
rsa_key.pem: ENC[AES256_GCM,data:bYZzFj2ImB0jfiIP9N9V+nk1ROjql4PEuDcJIhVV96BeE++Kq+DGORrnfCyJaubNlqT7+nlMGN/D6bfzwKWivuXDd7T5s6wXplk480anOrFU4cJ9NYXHJjoT8Cn+jKSb7JEWO42cVwraB+qGWFZevOrRtdBM328ffOH4IDqVYgIonnM+pHe7oGglg2Xc97x3GQ46ODWKFZsAqU3ZZv+4SGJXJJorPv+cOIoVvXpqec7TuD2MnfdXvLQEl6o/zsGuV/yQkbJus/BqKUUR+RZ9i/0xuzCd/hJS9yFbHHBj82fDh6+D4TG+1PM+dVRSolkkxhcBvvBJtUPqRewTe5cNO9wZP1ocf9GNmXMbvopaNdAxh6uPJNH1Z6aZ+kLShF5ddE4FuKSvucEPgUdscZw01LeJIehZ7uzHCC99jmojU8rlsWFPvJqUfp0xAZDFDJgCIGt6AbKwBCCeFGuvqYT6w5GQ8uT8OQVBmRxUCZuplcDTUMsBXDxa/Q/5Q/O2zIev7jw7Rm0cJ23ovllu40VvLD+Xu/uQVYzivOOHkvUhQkjVkfbk073ZjrhlIMO3BOuA7PDKUsMBz3UVndtrYU+OOtCI0CoCVVP/K/CamNBGGHdvBoQ13bVn04OgdgJYgz04gP6MqFkr8AWoPFHVZe8+Z/tlW5DtV6SRoUfGFlnROWhiBVZpNuUj/ef1gUY1OoFuqY4GRc3nkC/Fwxi81+lSbAQ2ZdtqroJxquoVJhoUWuSonNDBtOYU0yczvF70R84AFzWKh1eJ7hr2iwcMJPSkhTzTm7LTrr0mQqU8qMxUz4pa0yxOZW0UkC2koz6jKdYlwXHMjjyiUZqfc2y9DrRF6Sa/NUPTrzIvikYk9yr3thnh4VtcsYdqvwlsnkbM/HtGvcmmtZjT4npLyD5t/7tUOs453Ntoo1BOto7+X+0IrFs9yHheBOqfj8dA1M2am0cjrS9LyaSnqBREgBFWVJdpSB0aDdh0M8vmpCBcdrzGPLCUXhNWihiZFEVh1ZrwzXWndRtqmhFLFfXmnEAhtEQL6l/GuA5WEYPHIThq+33BDhXAUB5oBcQQSI8TGPWw0IkOci8Q+SlUd81h2JtAmek/L+1kGZwmyolg1iA9c0LVxapM9cpSNVnmON/O2q3tFisQS82/ysKnNggeyD/ByY0dGMUZILAeONBqm41UcVGoAP5N5KE6Cb7FlppBRitn4QejVvLExPtK8NwQl503Yjq+yBTjSjhuZbB2mQaFgJeKhXrm34I3ZMKKm58j+NAGVJTi7RPzSfTW3kvPvtfm8GvM+vuOOxvNzdid8jR241pQl35d6hOYS3wvbkDVmkvbcjTJBPslvq6pGmAVPyHLHshgyTvvTweX1yodoV+4Z3dtrBb9wZKADT6VfTmEo4RXNjIoZFQrTJTdBeVQbgxejySKHAy2G0/8ZipvToj7zRULSOHh6yS4no8b7U7ZY9tEdxs8uxhDob0nkGy7VQUGG8YNXuwGsjLjVsTiawXiWnqdxeFLuTkKEvtMEEmDUfIRErY2juZbra4AKKWdjegc4ayW1ZyUq5i12eRdnpNbdXBQBtBjagvo3A29bse1TMV3Hww+B7oZ0wsHFD72byD159DdEqnLYlxzRjXns3E2qX8f5xvIUFkBIFNDqkKVaq9wqCrmS0vpbHvuiEJDwyr+nu32nWYT9M+RO41Ri/W63juukd/wf75QKVNNjV5WVrJaN2lgr1+3ux0LE5qs01nZZKqv0jzk4P2SnrPJLMq9NbEgXgKjmwqABnQm8KkeHpPQ8ns4JAY7L5pV6faf1rKWQnE71t9qpKSNMlOgtcv2Jd+5HZuUYbYw5SdDYmwsd+OT0cVu0jURz22k/OmT9GY09SnYpvgHrXLNjvEtY0Tr2vpX1SL5qTx6MWDs/nr47+t/DUEMC/JmUrIOE3OSZXpS9AO4BsBmTV0DF5SlvYBDnHAqkHuJbzRdQ1FjGg/wZLFDmIUy3F7m7bGB+5NX+1ZO1BmG2f0ICpHiR1SGnaK81mY3gmfUD8al7gmmKmAltfvw2kP+Z+Hv2d+XGqVk2csRlfq9e5wu0jFKgcGIs4NuA71V0oKfwL7a3gN0Drd270frH1lYzET0NRSQkqw4oeTt0y4my5TvYGmLEHE05IORdrmHUkHefUtomTEB6YQYY+wLyxVBo6z6MFLN7eCe1HtxjUBp8LFxTT+2l7IusDgIs+6I05Krrrz5GHgNHdMBhw==,iv:CtmysYvEFew/839Gj+vZEDoqu6TvrZ9bUIg9GwejIX0=,tag:CnTEOKLYDsVGRVrQDwfFKQ==,type:str]
|
||||
rsa_key.pub.pem: ENC[AES256_GCM,data:B/2SQrEQ4zRie6A89jneHl5tXfHraYzVEBshY+IrRoufI9YpQw16VjGgrNVCpaG5+PSsCNjz8lXM33oQwg7HU1IWHmvrZdEgkguYv722Ngdb4D8IKHL1nsL9/gkVQFFFvty9ru3LDTfrFKF3cLX+6eIQMFk5W+qLuVO5Pbxh3LKWmN7zG8XHa/b+tvMQclHrtY2iomIThyxKi8w03uE1Fs6V80hyuMA/3TdIz9nUwl5WpiGxaelwaJyts2b5KoBzJ0zZbdR4IHCTYYqBkdjo8929M/gfPS6ZqZS2FPDReoWiujJSAyyoC9xZxglUk/g7vU/8CVwcrtVzn5DEbUot/om98p/1Hq/1Hk4zli49Ysy8nbPhlshZeH5RNSQIDkY6wT7TYD5m3QXjXV+siH7ClKAfri2zp4S4k9uEXvL27NTPqvoXKIUpSEl1b0A/ApQt761PODEMtEXx2PmlRKhg9T9cvLRNYbJavg3FMNivZ+2oQNZXeJZWUEjtqsEoPBAbEHklMtKJiQiThtIPHL3eEdTAhOVhjxBGYU2Kase2hU7g2YvgC3+8u48OarXZbZYgcJkoCHrm+hocYm5DZJ64rxURZQ==,iv:6x0vx8tiGOsQxHsp+qO+nvdUmqNKWINdFO1wXOnORVo=,tag:zuPNh7IfEG/c4lsFVNRYog==,type:str]
|
||||
bluemap:
|
||||
ssh-key: ENC[AES256_GCM,data:nPwsT4RYbMbGp2MChLUh6NXW4ckYr7SQcd6Gy2G8CEU+ugew5pt4d6GOK1fyekspDtet3EkPL2F1AsoPFBB2Rv0boARMslAhBqwWSsbBJTXeTEgAABSMxTPJRBtfJucvv426nyIj3uApoknz6mDCQh1OI6mER0fis7MPaM1506HlDlnIT0FV9EairEsaAmbd0yddByGJSccKIza2vW0qWqrz83P+xrakEONxFz0fJlkO5PRXCcQJVBCqWQfnaHNrWeBWv0QA7vAHlT0yjqJCpDRxN2KYrPWsz7sUbB4UZOtykCRM5kKFq73GUaOKqVECJQhcJi6tERhpJELwjjS8MSqvBD90UTKTshGugfuygTaOyUx4wou3atxMR2Rah9+uZ6mBrLAOLX3JKiAtyhFewPMWjd/UhbMPuzNageVBNz2EMpa4POSVwz5MyViKNSgr9cPcNGqmrnjvr/W/lnj6Ec+W80RiXQlADSE4Q6diLLwB9nlHvKs8NTDgv6sUafcPHpJ2+N4Jkb96dE14bMffQ385SI4vLDcQ8xCQ,iv:WdJIHRzjlm8bEldolCx1Q7pZJvjxGkNZALSOy3IjizU=,tag:5ZAikiqttq/76+thG+4LMw==,type:str]
|
||||
ssh-known-hosts: ENC[AES256_GCM,data:J6V+NJ9TvYUL2gmcqWWYt8X+n0M7i0RpDpBelWAbFMH64+e9ztHNnC491sm+RogDxqKk0kwQyX2Mz00iq3Gc3wDYyozGOdv3tBKrp7/LcfjUQ9T9hi0yTD3eNV0LAjlAWMTdlW65VGHqGst8ncKbUuVxbBASVlh3A321toZgD+xxUAtNz7qKFa6fDbOS0xLD1+CmTwVp+aPos//QIKzjuk1HqxfBNK82maKtD4JHPS+Y3be2wIEjGWq3H6JYN/RDojD88D/jzo9RwvEjpqLXoOVfy8uX/fbEsgkgfAmPiaG+ePCnchSExEe3a6Y0E+I6YIzvP+tGThJpu4HaT/yW2Rww/jvsxKrXSUhtBZI/SIX5ZAIFB3sFjJXQefJjfNpQTQWhbspLfdemafGaRiDnzVgKDhNL1HNMNsXKDfWa0SLs4//dqerom/QCCNsaqV+4HVzv5x44srChGERadQI/Wh4UG2R19xxbdyIsKPHzv7BhEKufJkjc5upBjWygQrGAkTRHugFpw2Tdkz9yUQSujMkaeRKhVkA+ZUAjwnY5TwqNZBj7U3K2JXoNVHAq194XmrA2dNghh0OmRrvKGwM3HKexX22SXT0bPlpdWRQpMbUgV+uHLMerlDpNMFTIueEBkaF/FWeSW2N5WUrUb1uJ91QcJ8JBgN1riuD1Oxv9RRPrY9VVNJMrYjpAAREN8i8brMTOCJ35s7jnqIei0dNmnNXOoQZPs9kUMeEtUc/Df1E8/aO2Y4yU9gHUuevXnAJWFAiu2IxssgPk6CcNxvapJEmlwkLK/JyuDsWwFxVOHfw5QIEsoDVWXt6eMhquqUgzJI1q7QrTWUQsBb5A5sQKYWQHempOaXuQn1bzA7mU3Gzsr8bNNc6tpy+6j3zTXYR067EX00yqPG+kqRn4QVIuhByxXP3cwXLUG9uD1lsqWrGzs6WCnHr7txhRBXf4WbBVmXModO3uf36cDYEwrUa6yBsARtSl8PJ0UadfY/xULcT5PFvu9+Hi2qj3vp4IU3JCJa9AvXB+11pbSdawprjuDhwQtPwkJ4CQyvZsom3/BOrmwYM5+EyMDIluEQ0z6eDE5buiIVbX6IvXnDCKbrnqVwavX2wqyiDduFLjRfWL/3U2O1yRim78smrDMJABJZvtW+a+GfmlnTd/gnFvS70Fmm/lgtY051ISL/iFx6toJRoBMMiI/Zvy13uQry+w/HbyFl42DIank8tf7kuN3E9M7ADGMubRJJ0AZOcQddrFnR4Gl2nU2+3RS5fLHaBf9QHK6W92/n//xmPkYqrkPacew4eBjUqM32jVGuBpDc964fK9kdtIdw8q5P1s/ph3I79Y24kGeuO1AVJuZvkaTv1Z7GgI9+K9TstKJ9XpRCidLpLSP+uHOWkqcNsQlt6ilTlfHj+MKoD85dKZ315QMmpiuYEvzCSP1aYTb9dpd61Su/IVuM3r2NuINNEZ166YlHQVsLNpDn8E5ahk3ZInOAg6/kaKTmjUI8KEvX4BR3PbbViAlJJb3suJ0oZBGPUlrW5uLRmADvf2mMDVO5zY7/m9DQwxjt4Miu0l8ZaUc0YJQ850lBKucQ==,iv:GI8w7h7xX8gMHuAoWUyrW+BQb85LNlASoYvGBPlCZaI=,tag:WnHNMevfFSMc0ikBZwWn/g==,type:str]
|
||||
sops:
|
||||
age:
|
||||
- enc: |
|
||||
- recipient: age12nj59tguy9wg882updc2vjdusx5srnxmjyfaqve4zx6jnnsaw3qsyjq6zd
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBzMVM0T0Y4Wjg1OGNsR0Iv
|
||||
VmxoNmRMcjlWRHFhc3l2Sy9aZnF4b0ZsTnhnCkd6UnEvWi9kRU9qSmVLZkdiWGJh
|
||||
@@ -50,8 +48,8 @@ sops:
|
||||
R0RmcXJwRlkvSVhRbGwxZytLNmlqeFkKw/0nGPzgzH39udFyJVkjNTMTmffiQh6/
|
||||
HT1O7imvPymx5kXrnfciAP9bnCV4o/HiVkuDxBP7gG5nBUgY6PIC7Q==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
recipient: age12nj59tguy9wg882updc2vjdusx5srnxmjyfaqve4zx6jnnsaw3qsyjq6zd
|
||||
- enc: |
|
||||
- recipient: age1ug30gg4y7ftuya0wdv7q0vh4egn00wlv2th7mt7cgc2ze46wmvyq9lq6ge
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBCV2ptWkhqNjcrM0hXOWEv
|
||||
Y21GNkVJUXY3dHV1OUdUdlJZNHhka3g3QVdNCk9vak0wSDBhS3pZSWk2anVsMnVY
|
||||
@@ -59,8 +57,8 @@ sops:
|
||||
cXl3S2tRdExvSjRNUHpwbFNzVXdQVmcK65zb8MPh67TyHkjLA2vLgv2eOQOSUDih
|
||||
JeHkryWGQXzlYL5tZZ24ae1mqYiYQ6DsbWXopA0q0OmndYByXct6FA==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
recipient: age1ug30gg4y7ftuya0wdv7q0vh4egn00wlv2th7mt7cgc2ze46wmvyq9lq6ge
|
||||
- enc: |
|
||||
- recipient: age1mrnldl334l2nszuta6ywvewng0fswv2dz9l5g4qcwe3nj4yxf92qjskdx6
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBCSnU5dml1bjY5ejZHUGRQ
|
||||
V1pNQnBXWUx0c1R5WkY5d3NFOFlKTkFrMUN3CkNqMjc5NDRMb05tSW9wV3lkUUVU
|
||||
@@ -68,8 +66,8 @@ sops:
|
||||
SzM4Rml4dFNjMWxxYXlVdTdxTTB1ZzQKvoBpb4PPNM5yl85wTcTTqZmkXmwZGyvS
|
||||
PMPFNqEkzcZFtC1BfYGIlKAuisGhQ6rFAkyTZXTLP0HjPEcH00+WMw==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
recipient: age1mrnldl334l2nszuta6ywvewng0fswv2dz9l5g4qcwe3nj4yxf92qjskdx6
|
||||
- enc: |
|
||||
- recipient: age1hmpdk4h69wxpwqk9tkud39f66hprhehxtzhgw97r6dvr7v0mx5jscsuhkn
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDbGdTVUU3UVUwZytQancy
|
||||
ZXY1Ullmck9qZ0dsSmZqUHF0NGpSZlJWRjBJCndmbGh6Y3lUWmdEWUdHNkZwd0dM
|
||||
@@ -77,8 +75,8 @@ sops:
|
||||
NmloODFNNXU1TG9FeWxKYTBGOG5qR1kKXGAQyRVO6Sh0LNlFD5nx0F3m2KYP8hYl
|
||||
/g3mwi4NI4UIR2dYXsgNJuF7axxP1IbaZ/j2NLNYbVe2+iZvscvBTw==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
recipient: age1hmpdk4h69wxpwqk9tkud39f66hprhehxtzhgw97r6dvr7v0mx5jscsuhkn
|
||||
- enc: |
|
||||
- recipient: age1wrssr4z4g6vl3fd3qme5cewchmmhm0j2xe6wf2meu4r6ycn37anse98mfs
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtWkVyLzJWM01ybHB3cmpq
|
||||
cTJTM3VWaEk3djcxb0RnbVZXUGRyMWQxcWlFCmhQUmtGZm0wczdsLzZUNHFqRnZW
|
||||
@@ -86,8 +84,8 @@ sops:
|
||||
RGs3aStCRUJmMG9JRFZyRFJWeTZKWGsK8oTccCGCXPsQEGnn57ml5IwYCHgYoBpC
|
||||
2U7uT/Z10crtrqgPGi3/jYr5IEacLBvbuGLBwSlCo7NGz/6XnVIyaQ==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
recipient: age1wrssr4z4g6vl3fd3qme5cewchmmhm0j2xe6wf2meu4r6ycn37anse98mfs
|
||||
- enc: |
|
||||
- recipient: age1zhxul786an743u0fascv4wtc5xduu7qfy803lfs539yzhgmlq5ds2lznt5
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBSTlJPQk9DTFNKMjA2bTRj
|
||||
OE5uaWxEQkhUdmRvT2h4TDJvREo4TlQ4MFZrCjNjd2ErOXcxQkJrNzlOdGNFSDNW
|
||||
@@ -95,8 +93,8 @@ sops:
|
||||
RlRMc0R3dDllUGRHcmNDTDBSS09mUUUKhdxXMEuwLviNY134uA4SELXiHo4rCC9h
|
||||
pT2iqOV+VDquwE99h9OIo2Kfmblzje/TGpok1i4cxytg8fly3LZD+Q==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
recipient: age1zhxul786an743u0fascv4wtc5xduu7qfy803lfs539yzhgmlq5ds2lznt5
|
||||
- enc: |
|
||||
- recipient: age1sqs7urnzsdy64efmd0zukzv3gs5pnjksuxd7nqmdwdy5l0nqnunq6hyune
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQcHVjN3MvVUEwazNraXFQ
|
||||
anVTbU1EY1JUQ0FyeSt3bWJ6TVcwY1UwZ1cwClRtOTE1QWNXaUdzejh5a3BUdTFv
|
||||
@@ -104,9 +102,8 @@ sops:
|
||||
SU5zanlva1p2QjVndVJwUnlkdkFuTDAKbQRrSfG9MGsGvF2ywoGhDSuriDsbQ+k2
|
||||
29mxere0efSSGGq8y9YrPC8UX5hZRfqg/dfbL+PFc4NHfbxB/oSzQw==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
recipient: age1sqs7urnzsdy64efmd0zukzv3gs5pnjksuxd7nqmdwdy5l0nqnunq6hyune
|
||||
lastmodified: "2026-05-22T08:58:19Z"
|
||||
mac: ENC[AES256_GCM,data:EYU8RCXRMdQn+yLB0iWBw7JULZya3PqkScAFtlP0d0zTyud4MGVCTINtrn7EgboYONvEWgi4yRvJVHUDPArRA6WlHx/tx175DJbVq6sdnl0xsL0Y9dt18HbdEgDDyOxbCjTOjAV1WPINOmpVvyXMp4+cc0oU3g+2ANjiodkU+t4=,iv:wAi+m9VkKx1bCxz5kZyEgNQcPE9aa5f9TlaYEohnwu0=,tag:3ZtP78aCmyqW0A0zvgpUTw==,type:str]
|
||||
lastmodified: "2026-05-24T07:03:34Z"
|
||||
mac: ENC[AES256_GCM,data:J9RFBasxTwjIMIV5ou7eEytKY4YBCmGq7DEw/thDIxd5nfPmM/T8OIyFYE9130OsMJu5LabmskaypxTQ2d7sW5ovqMfs3BVCI8FNjUiCmWfmwnFZ29hlDWMD3BYShgOVxI6XTlPiY/2AakQ4T5OwvQfO0sqIGReP+zhT1FIzZFk=,iv:J6v6qhRYFKq76OctU4zOCFqiaYcHbclQcfWMlj6Tig0=,tag:TYc0JcXheOlAidBZC3D6Sg==,type:str]
|
||||
pgp:
|
||||
- created_at: "2026-01-16T06:34:44Z"
|
||||
enc: |-
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
bluemap:
|
||||
ssh-key: ENC[AES256_GCM,data:zkEB6Sn02U9Xd66xsFRwUkOAfApuvjfuvmpB0DmcyOB+QzZqMg4G9cEmeZ/L9t+k0CiX3dIBlC0qVuf+49gJ27uhOX0vzlVNe99Bt7yWBf47PROhK/FhHes+BvBU2Qtwd1ObtZwcD2BDj2f/BEXZ2rRAeqno95/3JlCrZvaGrWuZUBmODlfDcyKZv93QUd4opekpo7iAkQa+0wYJKf8ojXrDzjGIzBrkPWNh1OUEFM0qTENy9ajEEhPy4FShIVzLt8QmKAgObegpKoDykjGI+KPaNb+fD+RAKZjQ8j4Enkofpbdr4MB9UIcffPgZo1b+JR9zg2UTfsVzYrDCAm8k/FFsXOWWa2ZHcR2sDryUVFTZYdw/Qyb055F0Shxs3nHb7oJcP6XdWbAmz2AMffBHr5uJtkNid6mKuF0VQmDMwwtOkOgDkFtHyoMe0+nMIU7UBF4iwGURqsNnG/89KjfayDte21vMGTTtg2Owvty/tU9PWwztKVrBn47NMl8q/u2VkoHX3ZtjVsuEDsGqkWUGQBJVf5xngRtcKMnC,iv:vPEFXXaQX7e5FVf65MhjR13FI+JhIECLIY/xgqasFKY=,tag:/c6ZtCs3ivorIqFdlg9G9Q==,type:str]
|
||||
ssh-key: ENC[AES256_GCM,data:UzXcgraLe6A+BjVx6Zzj4aX2M5J3mt5Rpc8iuNOYwWGz+SCzrfLNcCKGXtp5MkAu/CbxovptxqKYLb42fdjFT1TjOV4TipxUYN0e+PtKV16jfY4INJ+rqUykYXEcMTQc9Bwaor5yKxRV8+/V+T1qo9uHpr54n9o0mnU1cMZ/2yVBouSWIBuHXNxeG5STqe+0sqtFurMREUelLEHqMLIq4TtO3obf8l6vWQSUOvHBGINKjByIu38WtJ3eLKrZp+BQ6/t5vSgMUNlugrh8JQvgIyQanNCZbfT3/Q2oK4RsRJ6lLe6Z3wxsIQCvsYqgoX1/9xSZXt9JIuzJo+QP+bBEgk7JgKyW/UBdJlZnoPuRJc16fDbuJjZsWmSMNQ7wtbqNXY4gnwp9eoCUGaK6OScKBg9IzOj1tevlzg1jEcjU0em515m8mIySRWyBWlYyp4PLyyiBLgnwlCQDFHoNqL6hl3ZUO/zXxr55EFFtwsZtYMf5GttlUvaVPoxUXKOVMb33Y4CCmt1YpXzIY1NPaVQomIF8oritefL6PDm5,iv:y54tfAJqR9Qrv015wPl76jqRvfJfor+5BdsKMkYBMXY=,tag:QWNW2GsJDXl4Af64kPo42w==,type:str]
|
||||
ssh-known-hosts: ENC[AES256_GCM,data:0RhRWtrj3U8ZJk40MvFwvUnbRzdAbVB7Z0DUsXJME7Hw4Gbg+CYX3JOQLwD3DZMMEKXcjyP6tkJdR9U1R2BwDs1GVUFgmIuNNE/Qz/5HTCIKHWmE3ZwMMKJhqBrEecr2wWABHMZbLscLoimvjX8CIKxxbsBFIFlsucG9PuIRMGXHE9VRhJxR/wMFVn7a6Ez0iLt8j4G8ebQQi1JJjyCvEjLCkoDvJ7XH3MoZ3PsMR2RCOvNzVACAsDE9GLIat/10/e26xTZ/C1HAC9OUDcQUSQIp6cWxcD4E3w6n02Zhl6att3sJm3eboJMp+0GfsqhC8AlUpvc/VXTeZIvmrKTN29mPv+KAcjgnHroicznVdv9rnNP5Rp0I/3fXBD9yZSedZtucNpX8O6CvYX8NOdItJMz/ya4TFuXaTrFOfuqhL5UvJ/JleU3DdELr+QStgtIUpUvIrTn/XrakSrDRprtje9d8+kFVRYM3V4nCLwWkP26xabiBeRLRrnpuiBj8e2j7g55AaDivBdYo24h57oxglgy0WrJt08+MKRPlek5QQl/E2dBCYcyh7pGaarKVYVvi4yjMlA0wvX4GPgAZkm345lWHS/pXKyGsrlRRUi9Pcghw2uO9zw2iaKecphK/Sps/zsShOQyaPd7TM8qfeUHRGPMxxbMo+N5Zxdy4X7c5z5UdgYJWrc0TZS3im9KHL4iOGQw38LisSD2hWjrzEjfQk4ijShJEDxM20TCkVsCJeIm4xlj3cODMX0c2T+PeFrqKqTlp44w4EFes/QNhsCofP4FVhxXT25mWK2pygtzspPfYb/Z9pqbFFtDC7/WZJ4sZXThkG1yMvf9SJCDWWWt/TDp5I6U7Z0525nBAyRxtvXa8T7PjS9dhBBh7nFIa8ZofRgZ2Ci0TAAuC2fD8uOvRoQTmvVr6In/6EpBpHZG9CCKvMRu3BPBOPqPEywop3fgRglRaJhnvpJ4eOQQNNQ3pgSX5hmxUQoSMM/IkOuwp6VaxyTlji0JJFUdiHIe83u17ZZ2BxYMmdqO7lRRCnEARgro6bKOnhoscbvPzcy8486DUYwwptdjUO6HVzLknFSCLd0318Tpm7fXdlrdK846mkZZ1INZ7aIB1oSnDR/0BS31oXRijJFQ/E0j8/5Cmoxqj0TP+JkLpkOnYPUXN07+HKB9Zx75StXeorGUQFuu++OZcYfyjTrparMVJDJaMEgtQ52L1dlqmdhEhS3TNMzxYmd4pQQt89Woe+mck3t2nFDj6pqC++wDJov0xhdnf+DMW/7LFT/mVdgy3/Ni6Z2/8SZd8Qh3CVdaMh8Tv/vF28uAd9ptGiE2KT2Zbu89n9wzyihrBf3DwK9mj+5DLPkCVbV048C/3SOcwuDzSrFuYZvikfhxT86bmHeHbNDi50Y3WmNoEPUuIyrDjKdUr/xp9V/i32X/OMr2IzLSeX23/pTKjLnGHnvje2MYTi+aIWJZxfFYH2Kkn5RqOt8pNZLT5c69zswsz9wRkyVbQwgwqk7VIsxiB64M44Nq2XoRwUtb3jHfGqsiS8tQmWYOUI5DM5erisqd0EKeOSUgzXEi6XmdpikSdSHiiVl1OqR3LE7/k9l4as8x3zwP9JT1Elv0Rf96fnW87s6UPrK0XU3OQiQjm+Csga5ZvHXXtQk2d+JVJ5G0bqNiQ2Oc5Exqjs6xgE4ES2bIZy/6mHd+bd0MoryOx4cs6F6tXiGw3wPgmjy20saCadICzdG2kHXu9tFK3oJCq5bgJH9XEbxvgptVlOU4MFjbaAnHs8ARo+oHHmvIFkQz2JBnhM3uwKGTraX1oHa+J1yW7Fv6wzKXKP/UDZhMaGtdu9egTpZANOzHay/l1ggdtIW6rVyUjHgUIMxpLV9qswldb1Yos+bhNofULrqV+p7CpJu/UKtP7i5luTiH2AOTiqBVxPvH79OSaG9IWLrF+6K/zxSlpCGG77LmxwTWRcMW/h0HVOYnZCvYs8QB0wnK5lriO3RSj5BHWibQLmMndOKx3+hk8RatbIIwAyGm9fGGdDX2Cuij+Ys6rQtHeEgEdnWgY9OF59TDPg8TbeCD1DjNnXpveGapDmNVlQoXkRteHmGpmI3sxmGB9hFplNJuQFJffxdoGXN9+DDqscqYwnxpre8JtGvC8AK2k5dnooOCLEUafr+XdTQa1s3I7p3v6FKI+8QcpyARIrQPLNAzO43ftRjtQf8GTeV7mjLfZiI6malOnZWTgHNhiOtbQuWN/JGfVw9KxndwkkXgt0mYjKD4heOZ4NWNMfkmWxNSp3Gr3X9tCvXgIrJKXqURDAd+y7ad0buZyuPpSiX5EbgznFGTctmTzZ/mPBwk2gQTcaLiz4RxJsmfrgA3xRv91jHWgeRbuk6eeBW9C9AlUC52b9LuUOR8EUGdo2sh0K5As9rUnqxZ0nNYc6Fg5zJW+xJ9GkcVUdBvUCOikOnMvJYmGxMtQ8VlqRcUukdGhPwLnDBjDIzOBMQlwaEYPpHNqIz4S9S4kr92VhXe0KOh9TF3HDODURt/VSdoit+FTWSHdAINjfkE0nlqfpE7fpFJbR309gnLKF8Pt/hTgweApiv3UAC4Be98Vkazs/aiuOOyML8fZykjiJboIcRqwznkoYp1AXeufyQBTn3fqRh+xU89HVyQtqyXxofaJXj2OqK6tOzbcu1JvgNGN9xK/L386SjWzLrhpmKo9fkV+JXSUBY99CClTSueLZ2H2pBOOsYfX+lwAJ491avUDVvwnWMcFL3uNNOozMAqSvz/0lCbtduhk2mSxwFYIplTgpXCKxrg=,iv:8Jcg3GQCTzOfVc47rlD9QXcsC+3Jxjsmyi6YDjQisNQ=,tag:KjZmgsi6HlVp6BiwI9BuKA==,type:str]
|
||||
sops:
|
||||
age:
|
||||
@@ -66,8 +66,8 @@ sops:
|
||||
WWE5WUVPVXVwMW9QY0F4RUo4K1JJSzgKu8KUfNcYkVPTIIy+AsqmbNsRwhe2OVH+
|
||||
iTBo4DixGc4XFsflBYxTmu212DE8/Mr2spqZpa4brfbblF4JAmak6A==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2026-05-23T20:43:35Z"
|
||||
mac: ENC[AES256_GCM,data:N8rI6as2fJDfZA4DMLfD2JzHAYhMnIJO4hImB0z1BFVNWoxZ1W3HmYTJIHOfsn0EP2w7l+8cInppTVna7HPhWewLKhxV+nziwwuGx4xpptcVxaKuiOKcg2gq/ck/VqNwlxDABvvAgYzuKhPQpmKWsW/ZRCZwScpNzTi/MryqJhM=,iv:vK7NC7Y+vR+AxGLGYh3HEbE69yD8cjrfSHLiLG3FzZk=,tag:iteqTb59pKlf3t7uYAOxuA==,type:str]
|
||||
lastmodified: "2026-05-24T04:34:10Z"
|
||||
mac: ENC[AES256_GCM,data:FUX4TsCKt41KnV1Cgo2E6ucL558fVgH0pEEoITM/5g3Pj4cMKPHIalzqt3U12pBbxzNpuQm+HIwcwx8jktsmWnb9KaSxNLSfnhf7RlyxVOS+S17yTV6O89/lyTqub9Z2tybLeEeGSTbghPrCEgNb4d2NswPYXW/rZawpvgQlc84=,iv:I+NJ0t3n9x3gA/3s0PgRMX4AI/3X8M89UqN+QKAxfoM=,tag:6X+LT5FyfL7xZUSUiz3lpw==,type:str]
|
||||
pgp:
|
||||
- created_at: "2026-05-23T17:17:16Z"
|
||||
enc: |-
|
||||
|
||||
+6
-6
@@ -22,12 +22,12 @@ pkgs.mkShell {
|
||||
stdenv.cc
|
||||
unzip
|
||||
util-linux
|
||||
xorg.libX11
|
||||
xorg.libXext
|
||||
xorg.libXi
|
||||
xorg.libXmu
|
||||
xorg.libXrandr
|
||||
xorg.libXv
|
||||
libX11
|
||||
libXext
|
||||
libXi
|
||||
libXmu
|
||||
libXrandr
|
||||
libXv
|
||||
zlib
|
||||
|
||||
cudatoolkit
|
||||
|
||||
+14
@@ -26,6 +26,12 @@ in rec {
|
||||
ipv4 = pvv-ipv4 213;
|
||||
ipv6 = pvv-ipv6 213;
|
||||
};
|
||||
grevling-tap = {
|
||||
ipv4 = pvv-ipv4 251;
|
||||
};
|
||||
tuba-tap = {
|
||||
ipv4 = pvv-ipv4 252;
|
||||
};
|
||||
};
|
||||
|
||||
hosts = {
|
||||
@@ -111,6 +117,14 @@ in rec {
|
||||
ipv4 = pvv-ipv4 228;
|
||||
ipv6 = pvv-ipv6 228;
|
||||
};
|
||||
grevling = {
|
||||
ipv4 = pvv-ipv4 198;
|
||||
ipv6 = pvv-ipv6 198;
|
||||
};
|
||||
tuba = {
|
||||
ipv4 = pvv-ipv4 199;
|
||||
ipv6 = pvv-ipv6 199;
|
||||
};
|
||||
};
|
||||
|
||||
defaultNetworkConfig = {
|
||||
|
||||
Reference in New Issue
Block a user