mirror of
https://git.pvv.ntnu.no/Drift/pvv-nixos-config.git
synced 2026-07-04 09:51:47 +02:00
Compare commits
38 Commits
9c6a812334
...
47188f6c40
| Author | SHA1 | Date | |
|---|---|---|---|
| 47188f6c40 | |||
| 82ab97fb45 | |||
| 543fd19f8d | |||
| 6f99fa575d | |||
| 3141b1f76b | |||
| 475f6a8c9b | |||
| 9c1687f8f2 | |||
| 0f53bcd731 | |||
| f433ae1e15 | |||
| 5745648f87 | |||
| 2c34a93abf | |||
| 9ebc947eab | |||
| 6fcc19f0a2 | |||
| 9224f04bd1 | |||
| 9c93f15569 | |||
| 5d6c153007 | |||
| 8b483a92f8 | |||
| 0d7f05e56d | |||
| 4a67eddf52 | |||
| 08a23bd380 | |||
| 28b67c3578 | |||
| e5804c043a | |||
| 9c227f3022 | |||
| 69fdf709d7 | |||
| 30ec70fa5f | |||
| 1024b428ac | |||
| 1e6b692fbf | |||
| beac6e91dd | |||
| 0fd41c214a | |||
| 5c1ee958ea | |||
| d8e97715c9 | |||
| 33297b0436 | |||
| be33c95c83 | |||
| 2abf36a9af | |||
| a60be532ce | |||
| 9c142fd56f | |||
| b98e8679e6 | |||
| ea092ec0b3 |
+1
-15
@@ -12,14 +12,13 @@ keys:
|
|||||||
# Hosts
|
# Hosts
|
||||||
- &host_bekkalokk age12nj59tguy9wg882updc2vjdusx5srnxmjyfaqve4zx6jnnsaw3qsyjq6zd
|
- &host_bekkalokk age12nj59tguy9wg882updc2vjdusx5srnxmjyfaqve4zx6jnnsaw3qsyjq6zd
|
||||||
- &host_bicep age19nk55kcs7s0358jpkn75xnr57dfq6fq3p43nartvsprx0su22v7qcgcjdx
|
- &host_bicep age19nk55kcs7s0358jpkn75xnr57dfq6fq3p43nartvsprx0su22v7qcgcjdx
|
||||||
- &host_ildkule age1x28hmzvuv6f2n66c0jtqcca3h9rput8d7j5uek6jcpx8n9egd52sqpejq0
|
- &host_ildkule age102e6y8gah0ntr6fxqnkpepc8ar29p6ls7ks9ka7v8w87q8scm9yqmc2u8d
|
||||||
- &host_kommode age1mt4d0hg5g76qp7j0884llemy0k2ymr5up8vfudz6vzvsflk5nptqqd32ly
|
- &host_kommode age1mt4d0hg5g76qp7j0884llemy0k2ymr5up8vfudz6vzvsflk5nptqqd32ly
|
||||||
- &host_lupine-1 age18lta9d683yekz487xwtd99da236d8mgk4ftlmv2jffx858p9qf2s9j868l
|
- &host_lupine-1 age18lta9d683yekz487xwtd99da236d8mgk4ftlmv2jffx858p9qf2s9j868l
|
||||||
- &host_lupine-2 age1e0a4ru707v637wzmuxqv0xywmlkhunzgyfy4mrkjc7a23qq8msgq7nqtvt
|
- &host_lupine-2 age1e0a4ru707v637wzmuxqv0xywmlkhunzgyfy4mrkjc7a23qq8msgq7nqtvt
|
||||||
- &host_lupine-3 age1wmrrhd5deatmgflkas636u3rzuk46u9knl02v4t39ncs37xqquhq9vwzye
|
- &host_lupine-3 age1wmrrhd5deatmgflkas636u3rzuk46u9knl02v4t39ncs37xqquhq9vwzye
|
||||||
- &host_lupine-4 age1ml48zztcmnrdrhrdsjrlyxf09jtmjgz46u8td4zm59wn3fm4g57qs4wg0l
|
- &host_lupine-4 age1ml48zztcmnrdrhrdsjrlyxf09jtmjgz46u8td4zm59wn3fm4g57qs4wg0l
|
||||||
- &host_lupine-5 age12gws5nws69vxryd3kt7q0ayngch90efmhqcrfhnnsmj00lkgxd4qsdkvqn
|
- &host_lupine-5 age12gws5nws69vxryd3kt7q0ayngch90efmhqcrfhnnsmj00lkgxd4qsdkvqn
|
||||||
- &host_ustetind age1hffjafs4slznksefmtqrlj7rdaqgzqncn4un938rhr053237ry8s3rs0v8
|
|
||||||
- &host_skrot age1hzkvnktkr8t5gvtq0ccw69e44z5z6wf00n3xhk3hj24emf07je5s6q2evr
|
- &host_skrot age1hzkvnktkr8t5gvtq0ccw69e44z5z6wf00n3xhk3hj24emf07je5s6q2evr
|
||||||
|
|
||||||
creation_rules:
|
creation_rules:
|
||||||
@@ -91,19 +90,6 @@ creation_rules:
|
|||||||
pgp:
|
pgp:
|
||||||
- *user_oysteikt
|
- *user_oysteikt
|
||||||
|
|
||||||
- path_regex: secrets/ustetind/[^/]+\.yaml$
|
|
||||||
key_groups:
|
|
||||||
- age:
|
|
||||||
- *host_ustetind
|
|
||||||
- *user_danio
|
|
||||||
- *user_felixalb
|
|
||||||
- *user_pederbs_sopp
|
|
||||||
- *user_pederbs_nord
|
|
||||||
- *user_pederbs_bjarte
|
|
||||||
- *user_vegardbm
|
|
||||||
pgp:
|
|
||||||
- *user_oysteikt
|
|
||||||
|
|
||||||
- path_regex: secrets/lupine/[^/]+\.yaml$
|
- path_regex: secrets/lupine/[^/]+\.yaml$
|
||||||
key_groups:
|
key_groups:
|
||||||
- age:
|
- age:
|
||||||
|
|||||||
@@ -39,6 +39,7 @@ revert the changes on the next nightly rebuild (tends to happen when everybody i
|
|||||||
| bikkje | Virtual | Experimental login box |
|
| bikkje | Virtual | Experimental login box |
|
||||||
| [brzeczyszczykiewicz][brz] | Physical | Shared music player |
|
| [brzeczyszczykiewicz][brz] | Physical | Shared music player |
|
||||||
| [georg][geo] | Physical | Shared music player |
|
| [georg][geo] | Physical | Shared music player |
|
||||||
|
| [gluttony][glu] | Virtual | General purpose compute |
|
||||||
| [ildkule][ild] | Virtual | Logging and monitoring host, prometheus, grafana, ... |
|
| [ildkule][ild] | Virtual | Logging and monitoring host, prometheus, grafana, ... |
|
||||||
| [kommode][kom] | Virtual | Gitea + Gitea pages |
|
| [kommode][kom] | Virtual | Gitea + Gitea pages |
|
||||||
| [lupine][lup] | Physical | Gitea CI/CD runners |
|
| [lupine][lup] | Physical | Gitea CI/CD runners |
|
||||||
@@ -57,6 +58,7 @@ revert the changes on the next nightly rebuild (tends to happen when everybody i
|
|||||||
[bic]: https://wiki.pvv.ntnu.no/wiki/Maskiner/bicep
|
[bic]: https://wiki.pvv.ntnu.no/wiki/Maskiner/bicep
|
||||||
[brz]: https://wiki.pvv.ntnu.no/wiki/Maskiner/brzęczyszczykiewicz
|
[brz]: https://wiki.pvv.ntnu.no/wiki/Maskiner/brzęczyszczykiewicz
|
||||||
[geo]: https://wiki.pvv.ntnu.no/wiki/Maskiner/georg
|
[geo]: https://wiki.pvv.ntnu.no/wiki/Maskiner/georg
|
||||||
|
[glu]: https://wiki.pvv.ntnu.no/wiki/Maskiner/gluttony
|
||||||
[ild]: https://wiki.pvv.ntnu.no/wiki/Maskiner/ildkule
|
[ild]: https://wiki.pvv.ntnu.no/wiki/Maskiner/ildkule
|
||||||
[kom]: https://wiki.pvv.ntnu.no/wiki/Maskiner/kommode
|
[kom]: https://wiki.pvv.ntnu.no/wiki/Maskiner/kommode
|
||||||
[lup]: https://wiki.pvv.ntnu.no/wiki/Maskiner/lupine
|
[lup]: https://wiki.pvv.ntnu.no/wiki/Maskiner/lupine
|
||||||
|
|||||||
+1
-1
@@ -23,6 +23,7 @@
|
|||||||
./services/acme.nix
|
./services/acme.nix
|
||||||
./services/auto-upgrade.nix
|
./services/auto-upgrade.nix
|
||||||
./services/dbus.nix
|
./services/dbus.nix
|
||||||
|
./services/fluentbit.nix
|
||||||
./services/fwupd.nix
|
./services/fwupd.nix
|
||||||
./services/irqbalance.nix
|
./services/irqbalance.nix
|
||||||
./services/journald-upload.nix
|
./services/journald-upload.nix
|
||||||
@@ -33,7 +34,6 @@
|
|||||||
./services/postfix.nix
|
./services/postfix.nix
|
||||||
./services/prometheus-node-exporter.nix
|
./services/prometheus-node-exporter.nix
|
||||||
./services/prometheus-systemd-exporter.nix
|
./services/prometheus-systemd-exporter.nix
|
||||||
./services/promtail.nix
|
|
||||||
./services/roowho2.nix
|
./services/roowho2.nix
|
||||||
./services/smartd.nix
|
./services/smartd.nix
|
||||||
./services/thermald.nix
|
./services/thermald.nix
|
||||||
|
|||||||
+8
-1
@@ -7,7 +7,13 @@
|
|||||||
"ax25"
|
"ax25"
|
||||||
"batman-adv"
|
"batman-adv"
|
||||||
"can"
|
"can"
|
||||||
|
"dccp"
|
||||||
|
"ipx"
|
||||||
|
"llc"
|
||||||
|
"n-hdlc"
|
||||||
"netrom"
|
"netrom"
|
||||||
|
"p8022"
|
||||||
|
"p8023"
|
||||||
"psnap"
|
"psnap"
|
||||||
"rds"
|
"rds"
|
||||||
"rose"
|
"rose"
|
||||||
@@ -23,7 +29,6 @@
|
|||||||
"cramfs"
|
"cramfs"
|
||||||
"efs"
|
"efs"
|
||||||
"exofs"
|
"exofs"
|
||||||
"orangefs"
|
|
||||||
"freevxfs"
|
"freevxfs"
|
||||||
"gfs2"
|
"gfs2"
|
||||||
"hfs"
|
"hfs"
|
||||||
@@ -35,10 +40,12 @@
|
|||||||
"nilfs2"
|
"nilfs2"
|
||||||
"ntfs"
|
"ntfs"
|
||||||
"omfs"
|
"omfs"
|
||||||
|
"orangefs"
|
||||||
"qnx4"
|
"qnx4"
|
||||||
"qnx6"
|
"qnx6"
|
||||||
"sysv"
|
"sysv"
|
||||||
"ubifs"
|
"ubifs"
|
||||||
|
"udf"
|
||||||
"ufs"
|
"ufs"
|
||||||
|
|
||||||
# Legacy hardware
|
# Legacy hardware
|
||||||
|
|||||||
+21
-14
@@ -1,17 +1,24 @@
|
|||||||
{ ... }:
|
{ pkgs, lib, ... }:
|
||||||
|
let
|
||||||
|
modulesToBan = [
|
||||||
|
# copy.fail
|
||||||
|
"af_alg"
|
||||||
|
"algif_aead"
|
||||||
|
"algif_hash"
|
||||||
|
"algif_rng"
|
||||||
|
"algif_skcipher"
|
||||||
|
|
||||||
|
# dirtyfrag / Fragnesia
|
||||||
|
"esp4"
|
||||||
|
"esp6"
|
||||||
|
"rxrpc"
|
||||||
|
|
||||||
|
# PinTheft
|
||||||
|
"rds"
|
||||||
|
];
|
||||||
|
in
|
||||||
{
|
{
|
||||||
boot.blacklistedKernelModules = [
|
boot.blacklistedKernelModules = modulesToBan;
|
||||||
"rxrpc" # dirtyfrag
|
|
||||||
"esp6" # dirtyfrag
|
boot.extraModprobeConfig = lib.concatMapStringsSep "\n" (mod: "install ${mod} ${lib.getExe' pkgs.coreutils "false"}") modulesToBan;
|
||||||
"esp4" # dirtyfrag
|
|
||||||
];
|
|
||||||
boot.extraModprobeConfig = ''
|
|
||||||
# dirtyfrag
|
|
||||||
install esp4 /bin/false
|
|
||||||
# dirtyfrag
|
|
||||||
install esp6 /bin/false
|
|
||||||
# dirtyfrag
|
|
||||||
install rxrpc /bin/false
|
|
||||||
'';
|
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -0,0 +1,135 @@
|
|||||||
|
{ config, lib, ... }:
|
||||||
|
let
|
||||||
|
cfg = config.services.fluent-bit;
|
||||||
|
in
|
||||||
|
{
|
||||||
|
services.fluent-bit = {
|
||||||
|
enable = lib.mkDefault true;
|
||||||
|
settings = {
|
||||||
|
service = {
|
||||||
|
flush = 1;
|
||||||
|
log_level = "warn";
|
||||||
|
|
||||||
|
http_server = "on";
|
||||||
|
http_listen = "127.0.0.1";
|
||||||
|
http_port = 28183;
|
||||||
|
|
||||||
|
# filesystem-backed buffering so logs survives potential outages.
|
||||||
|
"storage.path" = "/var/lib/fluent-bit/storage";
|
||||||
|
"storage.sync" = "normal";
|
||||||
|
"storage.max_chunks_up" = 64;
|
||||||
|
"storage.backlog.mem_limit" = "16M";
|
||||||
|
};
|
||||||
|
|
||||||
|
pipeline = {
|
||||||
|
inputs = [{
|
||||||
|
name = "systemd";
|
||||||
|
tag = "journal.*";
|
||||||
|
|
||||||
|
db = "/var/lib/fluent-bit/journal.db";
|
||||||
|
read_from_tail = true;
|
||||||
|
strip_underscores = true;
|
||||||
|
lowercase = true;
|
||||||
|
max_entries = 1000;
|
||||||
|
"storage.type" = "filesystem";
|
||||||
|
}];
|
||||||
|
|
||||||
|
filters = [{
|
||||||
|
name = "modify";
|
||||||
|
match = "journal.*";
|
||||||
|
rename = [
|
||||||
|
"hostname host"
|
||||||
|
"priority level"
|
||||||
|
"systemd_unit unit"
|
||||||
|
];
|
||||||
|
}] ++ (lib.mapAttrsToList (k: v: {
|
||||||
|
name = "modify";
|
||||||
|
match = "journal.*";
|
||||||
|
condition = "Key_value_equals level ${k}";
|
||||||
|
set = "level ${v}";
|
||||||
|
}) {
|
||||||
|
"7" = "debug";
|
||||||
|
"6" = "info";
|
||||||
|
"5" = "notice";
|
||||||
|
"4" = "warning";
|
||||||
|
"3" = "error";
|
||||||
|
"2" = "crit";
|
||||||
|
"1" = "alert";
|
||||||
|
"0" = "emergency";
|
||||||
|
});
|
||||||
|
|
||||||
|
outputs = [{
|
||||||
|
name = "loki";
|
||||||
|
match = "*";
|
||||||
|
|
||||||
|
host = "ildkule.pvv.ntnu.no";
|
||||||
|
port = 3100;
|
||||||
|
uri = "/loki/api/v1/push";
|
||||||
|
compress = "gzip";
|
||||||
|
|
||||||
|
labels = lib.concatStringsSep ", " [
|
||||||
|
"job=systemd-journal"
|
||||||
|
];
|
||||||
|
label_keys = lib.concatMapStringsSep "," (k: "$" + k) [
|
||||||
|
"host"
|
||||||
|
"unit"
|
||||||
|
"level"
|
||||||
|
];
|
||||||
|
|
||||||
|
# JSON is probably fine for now, then we just extract the keys we want with the grafana web ui
|
||||||
|
# line_format = "key_value";
|
||||||
|
# drop_single_key = true;
|
||||||
|
|
||||||
|
"storage.total_limit_size" = "256M";
|
||||||
|
}];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
systemd.services.fluent-bit = lib.mkIf cfg.enable {
|
||||||
|
serviceConfig = {
|
||||||
|
StateDirectory = "fluent-bit";
|
||||||
|
|
||||||
|
# NOTE: This hardening might be way too strong for general purpose use, don't upstream this.
|
||||||
|
AmbientCapabilities = [ "" ];
|
||||||
|
CapabilityBoundingSet = [ "" ];
|
||||||
|
DeviceAllow = [ "" ];
|
||||||
|
LockPersonality = true;
|
||||||
|
# Lua JIT, maybe other things
|
||||||
|
MemoryDenyWriteExecute = false;
|
||||||
|
NoNewPrivileges = true;
|
||||||
|
PrivateDevices = true;
|
||||||
|
PrivateMounts = true;
|
||||||
|
PrivateTmp = true;
|
||||||
|
PrivateUsers = true;
|
||||||
|
ProtectClock = true;
|
||||||
|
ProtectControlGroups = true;
|
||||||
|
ProtectHome = true;
|
||||||
|
ProtectHostname = true;
|
||||||
|
ProtectKernelLogs = true;
|
||||||
|
ProtectKernelModules = true;
|
||||||
|
ProtectKernelTunables = true;
|
||||||
|
ProtectProc = "invisible";
|
||||||
|
ProtectSystem = "strict";
|
||||||
|
RestrictAddressFamilies = [
|
||||||
|
"AF_INET"
|
||||||
|
"AF_INET6"
|
||||||
|
"AF_UNIX"
|
||||||
|
];
|
||||||
|
RestrictNamespaces = true;
|
||||||
|
RestrictRealtime = true;
|
||||||
|
RestrictSUIDSGID = true;
|
||||||
|
SystemCallArchitectures = "native";
|
||||||
|
SystemCallFilter = [
|
||||||
|
"@system-service"
|
||||||
|
"~@privileged"
|
||||||
|
"~@resources"
|
||||||
|
];
|
||||||
|
UMask = "0077";
|
||||||
|
|
||||||
|
BindReadOnlyPaths = [
|
||||||
|
"/run/systemd/journal"
|
||||||
|
];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
||||||
@@ -1,38 +0,0 @@
|
|||||||
{ config, lib, values, ... }:
|
|
||||||
let
|
|
||||||
cfg = config.services.prometheus.exporters.node;
|
|
||||||
in
|
|
||||||
{
|
|
||||||
services.promtail = {
|
|
||||||
enable = lib.mkDefault true;
|
|
||||||
configuration = {
|
|
||||||
server = {
|
|
||||||
http_listen_port = 28183;
|
|
||||||
grpc_listen_port = 0;
|
|
||||||
};
|
|
||||||
clients = [{
|
|
||||||
url = "http://ildkule.pvv.ntnu.no:3100/loki/api/v1/push";
|
|
||||||
}];
|
|
||||||
scrape_configs = [{
|
|
||||||
job_name = "systemd-journal";
|
|
||||||
journal = {
|
|
||||||
max_age = "12h";
|
|
||||||
labels = {
|
|
||||||
job = "systemd-journal";
|
|
||||||
host = config.networking.hostName;
|
|
||||||
};
|
|
||||||
};
|
|
||||||
relabel_configs = [
|
|
||||||
{
|
|
||||||
source_labels = [ "__journal__systemd_unit" ];
|
|
||||||
target_label = "unit";
|
|
||||||
}
|
|
||||||
{
|
|
||||||
source_labels = [ "__journal_priority_keyword" ];
|
|
||||||
target_label = "level";
|
|
||||||
}
|
|
||||||
];
|
|
||||||
}];
|
|
||||||
};
|
|
||||||
};
|
|
||||||
}
|
|
||||||
Generated
+20
-20
@@ -232,11 +232,11 @@
|
|||||||
]
|
]
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1777808420,
|
"lastModified": 1778407980,
|
||||||
"narHash": "sha256-hh9XBz0K1ypZ+neezgIPCSsnWFKEq8VfV/1aUSPu3OA=",
|
"narHash": "sha256-r980BhsReZQe6FkmyNZkwCZpvzARo5jZgTl8HxjAssY=",
|
||||||
"owner": "oddlama",
|
"owner": "oddlama",
|
||||||
"repo": "nix-topology",
|
"repo": "nix-topology",
|
||||||
"rev": "28e9dc901ff38a8fa2d24bccd5f89511d6d8324e",
|
"rev": "ca0a602f650306d00d6f3e3c76d0f4c48a5c5adc",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
@@ -248,11 +248,11 @@
|
|||||||
},
|
},
|
||||||
"nixpkgs": {
|
"nixpkgs": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1778125667,
|
"lastModified": 1778544512,
|
||||||
"narHash": "sha256-swcxqlW+XrZFBqjcV3AV8AR64/eI234AZRFKs6q4DFo=",
|
"narHash": "sha256-VIsPgfIpZ/01XUO6WN+o1NZbP5iKPKPHdHPWqfm4XIg=",
|
||||||
"rev": "75636a69ad3115ff64d4cb3090e66c8275dda9c2",
|
"rev": "c417517f9d525181ee5619c683419d308ee29fe8",
|
||||||
"type": "tarball",
|
"type": "tarball",
|
||||||
"url": "https://releases.nixos.org/nixos/25.11-small/nixos-25.11.10534.75636a69ad31/nixexprs.tar.xz"
|
"url": "https://releases.nixos.org/nixos/25.11-small/nixos-25.11.10745.c417517f9d52/nixexprs.tar.xz"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
"type": "tarball",
|
"type": "tarball",
|
||||||
@@ -276,11 +276,11 @@
|
|||||||
},
|
},
|
||||||
"nixpkgs-unstable": {
|
"nixpkgs-unstable": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1778157832,
|
"lastModified": 1778586796,
|
||||||
"narHash": "sha256-lSl05j1UzI5MioSJWUa7oUp5a88zzv3sXMwWC4d1N70=",
|
"narHash": "sha256-XmDljcG4x8slQDlsWOc77pCA1YVuYn8JGumkYlhfTxI=",
|
||||||
"rev": "ec299c6a33eee9baf5b4d72881ca2f15c06b4f01",
|
"rev": "b25e938b89759b5f9466fc53c4a970244f84dc39",
|
||||||
"type": "tarball",
|
"type": "tarball",
|
||||||
"url": "https://releases.nixos.org/nixos/unstable-small/nixos-26.05pre993859.ec299c6a33ee/nixexprs.tar.xz"
|
"url": "https://releases.nixos.org/nixos/unstable-small/nixos-26.05pre996582.b25e938b8975/nixexprs.tar.xz"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
"type": "tarball",
|
"type": "tarball",
|
||||||
@@ -315,11 +315,11 @@
|
|||||||
]
|
]
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1769009806,
|
"lastModified": 1778960428,
|
||||||
"narHash": "sha256-52xTtAOc9B+MBRMRZ8HI6ybNsRLMlHHLh+qwAbaJjRY=",
|
"narHash": "sha256-YAs3LbFGlBLJW3xHeoQfTq2GBBXTvuSKl2WXDtloczU=",
|
||||||
"ref": "main",
|
"ref": "main",
|
||||||
"rev": "aa8adfc6a4d5b6222752e2d15d4a6d3b3b85252e",
|
"rev": "927748790b1f7159adfe32a3ad9ec01d22e9c5a2",
|
||||||
"revCount": 575,
|
"revCount": 583,
|
||||||
"type": "git",
|
"type": "git",
|
||||||
"url": "https://git.pvv.ntnu.no/Projects/nettsiden.git"
|
"url": "https://git.pvv.ntnu.no/Projects/nettsiden.git"
|
||||||
},
|
},
|
||||||
@@ -380,17 +380,17 @@
|
|||||||
"rust-overlay": "rust-overlay_3"
|
"rust-overlay": "rust-overlay_3"
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1777418851,
|
"lastModified": 1778600367,
|
||||||
"narHash": "sha256-M6LntO3jkxwgcKkaa9de1Vqu+LsV12Yz8Bv3/9/k018=",
|
"narHash": "sha256-YB0b2xUf4D8792D5Ay//7C3AjHyv+9yoy8K1mTe+wvE=",
|
||||||
"ref": "main",
|
"ref": "main",
|
||||||
"rev": "16b2bc5c2759e20ecb952374509f1e1f9d6c06e7",
|
"rev": "8e5f2849ff7c9616100fe928261512a7ad647939",
|
||||||
"revCount": 83,
|
"revCount": 91,
|
||||||
"type": "git",
|
"type": "git",
|
||||||
"url": "https://git.pvv.ntnu.no/Projects/roowho2.git"
|
"url": "https://git.pvv.ntnu.no/Projects/roowho2.git"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
"ref": "main",
|
"ref": "main",
|
||||||
"rev": "16b2bc5c2759e20ecb952374509f1e1f9d6c06e7",
|
"rev": "8e5f2849ff7c9616100fe928261512a7ad647939",
|
||||||
"type": "git",
|
"type": "git",
|
||||||
"url": "https://git.pvv.ntnu.no/Projects/roowho2.git"
|
"url": "https://git.pvv.ntnu.no/Projects/roowho2.git"
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -32,7 +32,7 @@
|
|||||||
minecraft-heatmap.url = "git+https://git.pvv.ntnu.no/Projects/minecraft-heatmap.git?ref=main";
|
minecraft-heatmap.url = "git+https://git.pvv.ntnu.no/Projects/minecraft-heatmap.git?ref=main";
|
||||||
minecraft-heatmap.inputs.nixpkgs.follows = "nixpkgs";
|
minecraft-heatmap.inputs.nixpkgs.follows = "nixpkgs";
|
||||||
|
|
||||||
roowho2.url = "git+https://git.pvv.ntnu.no/Projects/roowho2.git?ref=main&rev=16b2bc5c2759e20ecb952374509f1e1f9d6c06e7";
|
roowho2.url = "git+https://git.pvv.ntnu.no/Projects/roowho2.git?ref=main&rev=8e5f2849ff7c9616100fe928261512a7ad647939";
|
||||||
roowho2.inputs.nixpkgs.follows = "nixpkgs";
|
roowho2.inputs.nixpkgs.follows = "nixpkgs";
|
||||||
|
|
||||||
greg-ng.url = "git+https://git.pvv.ntnu.no/Grzegorz/greg-ng.git?ref=main";
|
greg-ng.url = "git+https://git.pvv.ntnu.no/Grzegorz/greg-ng.git?ref=main";
|
||||||
@@ -49,8 +49,14 @@
|
|||||||
qotd.inputs.nixpkgs.follows = "nixpkgs";
|
qotd.inputs.nixpkgs.follows = "nixpkgs";
|
||||||
};
|
};
|
||||||
|
|
||||||
outputs = { self, nixpkgs, nixpkgs-unstable, sops-nix, disko, ... }@inputs:
|
outputs = {
|
||||||
let
|
self,
|
||||||
|
nixpkgs,
|
||||||
|
nixpkgs-unstable,
|
||||||
|
sops-nix,
|
||||||
|
disko,
|
||||||
|
...
|
||||||
|
} @ inputs: let
|
||||||
inherit (nixpkgs) lib;
|
inherit (nixpkgs) lib;
|
||||||
systems = [
|
systems = [
|
||||||
"x86_64-linux"
|
"x86_64-linux"
|
||||||
@@ -71,178 +77,190 @@
|
|||||||
in {
|
in {
|
||||||
inputs = lib.mapAttrs (_: src: src.outPath) inputs;
|
inputs = lib.mapAttrs (_: src: src.outPath) inputs;
|
||||||
|
|
||||||
pkgs = forAllSystems (system: import nixpkgs {
|
pkgs = forAllSystems (system:
|
||||||
inherit system;
|
import nixpkgs {
|
||||||
config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg)
|
inherit system;
|
||||||
[
|
config.allowUnfreePredicate = pkg:
|
||||||
"nvidia-x11"
|
builtins.elem (lib.getName pkg)
|
||||||
"nvidia-settings"
|
[
|
||||||
];
|
"nvidia-x11"
|
||||||
});
|
"nvidia-settings"
|
||||||
|
];
|
||||||
|
});
|
||||||
|
|
||||||
nixosConfigurations = let
|
nixosConfigurations = let
|
||||||
nixosConfig =
|
nixosConfig = nixpkgs: name: configurationPath: extraArgs @ {
|
||||||
nixpkgs:
|
localSystem ? "x86_64-linux", # buildPlatform
|
||||||
name:
|
crossSystem ? "x86_64-linux", # hostPlatform
|
||||||
configurationPath:
|
specialArgs ? {},
|
||||||
extraArgs@{
|
modules ? [],
|
||||||
localSystem ? "x86_64-linux", # buildPlatform
|
overlays ? [],
|
||||||
crossSystem ? "x86_64-linux", # hostPlatform
|
enableDefaults ? true,
|
||||||
specialArgs ? { },
|
...
|
||||||
modules ? [ ],
|
}: let
|
||||||
overlays ? [ ],
|
commonPkgsConfig =
|
||||||
enableDefaults ? true,
|
{
|
||||||
...
|
config.allowUnfreePredicate = pkg:
|
||||||
}:
|
builtins.elem (lib.getName pkg)
|
||||||
let
|
|
||||||
commonPkgsConfig = {
|
|
||||||
config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg)
|
|
||||||
[
|
[
|
||||||
"nvidia-x11"
|
"nvidia-x11"
|
||||||
"nvidia-settings"
|
"nvidia-settings"
|
||||||
];
|
];
|
||||||
overlays = (lib.optionals enableDefaults [
|
overlays =
|
||||||
# Global overlays go here
|
(lib.optionals enableDefaults [
|
||||||
inputs.roowho2.overlays.default
|
# Global overlays go here
|
||||||
]) ++ overlays;
|
inputs.roowho2.overlays.default
|
||||||
} // (if localSystem != crossSystem then {
|
])
|
||||||
inherit localSystem crossSystem;
|
++ overlays;
|
||||||
} else {
|
}
|
||||||
system = crossSystem;
|
// (
|
||||||
});
|
if localSystem != crossSystem
|
||||||
pkgs = import nixpkgs commonPkgsConfig;
|
then {
|
||||||
unstablePkgs = import nixpkgs-unstable commonPkgsConfig;
|
inherit localSystem crossSystem;
|
||||||
in
|
|
||||||
lib.nixosSystem (lib.recursiveUpdate
|
|
||||||
{
|
|
||||||
system = crossSystem;
|
|
||||||
|
|
||||||
inherit pkgs;
|
|
||||||
|
|
||||||
specialArgs = {
|
|
||||||
inherit inputs unstablePkgs;
|
|
||||||
values = import ./values.nix;
|
|
||||||
fp = path: ./${path};
|
|
||||||
} // specialArgs;
|
|
||||||
|
|
||||||
modules = [
|
|
||||||
{
|
|
||||||
networking.hostName = lib.mkDefault name;
|
|
||||||
}
|
}
|
||||||
configurationPath
|
else {
|
||||||
] ++ (lib.optionals enableDefaults [
|
system = crossSystem;
|
||||||
sops-nix.nixosModules.sops
|
}
|
||||||
inputs.roowho2.nixosModules.default
|
);
|
||||||
self.nixosModules.rsync-pull-targets
|
pkgs = import nixpkgs commonPkgsConfig;
|
||||||
]) ++ modules;
|
unstablePkgs = import nixpkgs-unstable commonPkgsConfig;
|
||||||
}
|
in
|
||||||
(builtins.removeAttrs extraArgs [
|
lib.nixosSystem (
|
||||||
"localSystem"
|
lib.recursiveUpdate
|
||||||
"crossSystem"
|
{
|
||||||
"modules"
|
system = crossSystem;
|
||||||
"overlays"
|
|
||||||
"specialArgs"
|
inherit pkgs;
|
||||||
"enableDefaults"
|
|
||||||
])
|
specialArgs =
|
||||||
);
|
{
|
||||||
|
inherit inputs unstablePkgs;
|
||||||
|
values = import ./values.nix;
|
||||||
|
fp = path: ./${path};
|
||||||
|
}
|
||||||
|
// specialArgs;
|
||||||
|
|
||||||
|
modules =
|
||||||
|
[
|
||||||
|
{
|
||||||
|
networking.hostName = lib.mkDefault name;
|
||||||
|
}
|
||||||
|
configurationPath
|
||||||
|
]
|
||||||
|
++ (lib.optionals enableDefaults [
|
||||||
|
sops-nix.nixosModules.sops
|
||||||
|
inputs.roowho2.nixosModules.default
|
||||||
|
self.nixosModules.rsync-pull-targets
|
||||||
|
])
|
||||||
|
++ modules;
|
||||||
|
}
|
||||||
|
(builtins.removeAttrs extraArgs [
|
||||||
|
"localSystem"
|
||||||
|
"crossSystem"
|
||||||
|
"modules"
|
||||||
|
"overlays"
|
||||||
|
"specialArgs"
|
||||||
|
"enableDefaults"
|
||||||
|
])
|
||||||
|
);
|
||||||
|
|
||||||
stableNixosConfig = name: extraArgs:
|
stableNixosConfig = name: extraArgs:
|
||||||
nixosConfig nixpkgs name ./hosts/${name}/configuration.nix extraArgs;
|
nixosConfig nixpkgs name ./hosts/${name}/configuration.nix extraArgs;
|
||||||
in {
|
in
|
||||||
bicep = stableNixosConfig "bicep" {
|
{
|
||||||
modules = [
|
bicep = stableNixosConfig "bicep" {
|
||||||
inputs.matrix-next.nixosModules.default
|
modules = [
|
||||||
inputs.pvv-calendar-bot.nixosModules.default
|
inputs.matrix-next.nixosModules.default
|
||||||
inputs.minecraft-heatmap.nixosModules.default
|
inputs.pvv-calendar-bot.nixosModules.default
|
||||||
self.nixosModules.gickup
|
inputs.minecraft-heatmap.nixosModules.default
|
||||||
self.nixosModules.matrix-ooye
|
self.nixosModules.gickup
|
||||||
];
|
self.nixosModules.matrix-ooye
|
||||||
overlays = [
|
];
|
||||||
inputs.pvv-calendar-bot.overlays.default
|
overlays = [
|
||||||
inputs.minecraft-heatmap.overlays.default
|
inputs.pvv-calendar-bot.overlays.default
|
||||||
(final: prev: {
|
inputs.minecraft-heatmap.overlays.default
|
||||||
inherit (self.packages.${prev.stdenv.hostPlatform.system}) out-of-your-element;
|
(final: prev: {
|
||||||
})
|
inherit (self.packages.${prev.stdenv.hostPlatform.system}) out-of-your-element;
|
||||||
];
|
})
|
||||||
};
|
];
|
||||||
bekkalokk = stableNixosConfig "bekkalokk" {
|
};
|
||||||
overlays = [
|
bekkalokk = stableNixosConfig "bekkalokk" {
|
||||||
(final: prev: {
|
overlays = [
|
||||||
mediawiki-extensions = final.callPackage ./packages/mediawiki-extensions { };
|
(final: prev: {
|
||||||
simplesamlphp = final.callPackage ./packages/simplesamlphp { };
|
mediawiki-extensions = final.callPackage ./packages/mediawiki-extensions {};
|
||||||
bluemap = final.callPackage ./packages/bluemap.nix { };
|
simplesamlphp = final.callPackage ./packages/simplesamlphp {};
|
||||||
})
|
bluemap = final.callPackage ./packages/bluemap.nix {};
|
||||||
inputs.pvv-nettsiden.overlays.default
|
})
|
||||||
inputs.qotd.overlays.default
|
inputs.pvv-nettsiden.overlays.default
|
||||||
];
|
inputs.qotd.overlays.default
|
||||||
modules = [
|
];
|
||||||
inputs.pvv-nettsiden.nixosModules.default
|
modules = [
|
||||||
self.nixosModules.bluemap
|
inputs.pvv-nettsiden.nixosModules.default
|
||||||
inputs.qotd.nixosModules.default
|
self.nixosModules.bluemap
|
||||||
];
|
inputs.qotd.nixosModules.default
|
||||||
};
|
];
|
||||||
ildkule = stableNixosConfig "ildkule" { };
|
};
|
||||||
#ildkule-unstable = unstableNixosConfig "ildkule" { };
|
ildkule = stableNixosConfig "ildkule" {
|
||||||
skrot = stableNixosConfig "skrot" {
|
modules = [
|
||||||
modules = [
|
inputs.disko.nixosModules.disko
|
||||||
inputs.disko.nixosModules.disko
|
];
|
||||||
inputs.dibbler.nixosModules.default
|
};
|
||||||
];
|
#ildkule-unstable = unstableNixosConfig "ildkule" { };
|
||||||
overlays = [inputs.dibbler.overlays.default];
|
skrot = stableNixosConfig "skrot" {
|
||||||
};
|
modules = [
|
||||||
shark = stableNixosConfig "shark" { };
|
inputs.disko.nixosModules.disko
|
||||||
wenche = stableNixosConfig "wenche" { };
|
inputs.dibbler.nixosModules.default
|
||||||
temmie = stableNixosConfig "temmie" { };
|
];
|
||||||
gluttony = stableNixosConfig "gluttony" { };
|
overlays = [inputs.dibbler.overlays.default];
|
||||||
|
};
|
||||||
|
shark = stableNixosConfig "shark" {};
|
||||||
|
wenche = stableNixosConfig "wenche" {};
|
||||||
|
temmie = stableNixosConfig "temmie" {};
|
||||||
|
gluttony = stableNixosConfig "gluttony" {};
|
||||||
|
|
||||||
kommode = stableNixosConfig "kommode" {
|
kommode = stableNixosConfig "kommode" {
|
||||||
overlays = [
|
overlays = [
|
||||||
inputs.nix-gitea-themes.overlays.default
|
inputs.nix-gitea-themes.overlays.default
|
||||||
];
|
];
|
||||||
modules = [
|
modules = [
|
||||||
inputs.nix-gitea-themes.nixosModules.default
|
inputs.nix-gitea-themes.nixosModules.default
|
||||||
inputs.disko.nixosModules.disko
|
inputs.disko.nixosModules.disko
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
|
||||||
ustetind = stableNixosConfig "ustetind" {
|
brzeczyszczykiewicz = stableNixosConfig "brzeczyszczykiewicz" {
|
||||||
modules = [
|
modules = [
|
||||||
"${nixpkgs}/nixos/modules/virtualisation/lxc-container.nix"
|
inputs.grzegorz-clients.nixosModules.grzegorz-webui
|
||||||
];
|
inputs.gergle.nixosModules.default
|
||||||
};
|
inputs.greg-ng.nixosModules.default
|
||||||
|
];
|
||||||
brzeczyszczykiewicz = stableNixosConfig "brzeczyszczykiewicz" {
|
overlays = [
|
||||||
modules = [
|
inputs.greg-ng.overlays.default
|
||||||
inputs.grzegorz-clients.nixosModules.grzegorz-webui
|
inputs.gergle.overlays.default
|
||||||
inputs.gergle.nixosModules.default
|
];
|
||||||
inputs.greg-ng.nixosModules.default
|
};
|
||||||
];
|
georg = stableNixosConfig "georg" {
|
||||||
overlays = [
|
modules = [
|
||||||
inputs.greg-ng.overlays.default
|
inputs.grzegorz-clients.nixosModules.grzegorz-webui
|
||||||
inputs.gergle.overlays.default
|
inputs.gergle.nixosModules.default
|
||||||
];
|
inputs.greg-ng.nixosModules.default
|
||||||
};
|
];
|
||||||
georg = stableNixosConfig "georg" {
|
overlays = [
|
||||||
modules = [
|
inputs.greg-ng.overlays.default
|
||||||
inputs.grzegorz-clients.nixosModules.grzegorz-webui
|
inputs.gergle.overlays.default
|
||||||
inputs.gergle.nixosModules.default
|
];
|
||||||
inputs.greg-ng.nixosModules.default
|
};
|
||||||
];
|
}
|
||||||
overlays = [
|
// (let
|
||||||
inputs.greg-ng.overlays.default
|
machineNames = map (i: "lupine-${toString i}") (lib.range 1 5);
|
||||||
inputs.gergle.overlays.default
|
stableLupineNixosConfig = name: extraArgs:
|
||||||
];
|
|
||||||
};
|
|
||||||
}
|
|
||||||
//
|
|
||||||
(let
|
|
||||||
machineNames = map (i: "lupine-${toString i}") (lib.range 1 5);
|
|
||||||
stableLupineNixosConfig = name: extraArgs:
|
|
||||||
nixosConfig nixpkgs name ./hosts/lupine/configuration.nix extraArgs;
|
nixosConfig nixpkgs name ./hosts/lupine/configuration.nix extraArgs;
|
||||||
in lib.genAttrs machineNames (name: stableLupineNixosConfig name {
|
in
|
||||||
modules = [{ networking.hostName = name; }];
|
lib.genAttrs machineNames (name:
|
||||||
specialArgs.lupineName = name;
|
stableLupineNixosConfig name {
|
||||||
}));
|
modules = [{networking.hostName = name;}];
|
||||||
|
specialArgs.lupineName = name;
|
||||||
|
}));
|
||||||
|
|
||||||
nixosModules = {
|
nixosModules = {
|
||||||
bluemap = ./modules/bluemap.nix;
|
bluemap = ./modules/bluemap.nix;
|
||||||
@@ -264,7 +282,8 @@
|
|||||||
})
|
})
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
in pkgs.callPackage ./shell.nix { };
|
in
|
||||||
|
pkgs.callPackage ./shell.nix {};
|
||||||
cuda = let
|
cuda = let
|
||||||
cuda-pkgs = import nixpkgs-unstable {
|
cuda-pkgs = import nixpkgs-unstable {
|
||||||
inherit system;
|
inherit system;
|
||||||
@@ -273,81 +292,88 @@
|
|||||||
cudaSupport = true;
|
cudaSupport = true;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
in cuda-pkgs.callPackage ./shells/cuda.nix { };
|
in
|
||||||
|
cuda-pkgs.callPackage ./shells/cuda.nix {};
|
||||||
});
|
});
|
||||||
|
|
||||||
packages = {
|
packages = {
|
||||||
"x86_64-linux" = let
|
"x86_64-linux" = let
|
||||||
system = "x86_64-linux";
|
system = "x86_64-linux";
|
||||||
pkgs = nixpkgs.legacyPackages.${system};
|
pkgs = nixpkgs.legacyPackages.${system};
|
||||||
in rec {
|
in
|
||||||
default = important-machines;
|
rec {
|
||||||
important-machines = pkgs.linkFarm "important-machines"
|
default = important-machines;
|
||||||
(lib.getAttrs importantMachines self.packages.${system});
|
important-machines =
|
||||||
all-machines = pkgs.linkFarm "all-machines"
|
pkgs.linkFarm "important-machines"
|
||||||
(lib.getAttrs allMachines self.packages.${system});
|
(lib.getAttrs importantMachines self.packages.${system});
|
||||||
|
all-machines =
|
||||||
|
pkgs.linkFarm "all-machines"
|
||||||
|
(lib.getAttrs allMachines self.packages.${system});
|
||||||
|
|
||||||
simplesamlphp = pkgs.callPackage ./packages/simplesamlphp { };
|
simplesamlphp = pkgs.callPackage ./packages/simplesamlphp {};
|
||||||
|
|
||||||
bluemap = pkgs.callPackage ./packages/bluemap.nix { };
|
bluemap = pkgs.callPackage ./packages/bluemap.nix {};
|
||||||
|
|
||||||
out-of-your-element = pkgs.callPackage ./packages/ooye/package.nix { };
|
out-of-your-element = pkgs.callPackage ./packages/ooye/package.nix {};
|
||||||
}
|
}
|
||||||
//
|
//
|
||||||
# Mediawiki extensions
|
# Mediawiki extensions
|
||||||
(lib.pipe null [
|
(lib.pipe null [
|
||||||
(_: pkgs.callPackage ./packages/mediawiki-extensions { })
|
(_: pkgs.callPackage ./packages/mediawiki-extensions {})
|
||||||
(lib.flip builtins.removeAttrs ["override" "overrideDerivation"])
|
(lib.flip builtins.removeAttrs ["override" "overrideDerivation"])
|
||||||
(lib.mapAttrs' (name: lib.nameValuePair "mediawiki-${name}"))
|
(lib.mapAttrs' (name: lib.nameValuePair "mediawiki-${name}"))
|
||||||
])
|
])
|
||||||
//
|
//
|
||||||
# Machines
|
# Machines
|
||||||
lib.genAttrs allMachines
|
lib.genAttrs allMachines
|
||||||
(machine: self.nixosConfigurations.${machine}.config.system.build.toplevel)
|
(machine: self.nixosConfigurations.${machine}.config.system.build.toplevel)
|
||||||
//
|
//
|
||||||
# Nix-topology
|
# Nix-topology
|
||||||
(let
|
(let
|
||||||
topology' = import inputs.nix-topology {
|
topology' = import inputs.nix-topology {
|
||||||
pkgs = import nixpkgs {
|
pkgs = import nixpkgs {
|
||||||
inherit system;
|
inherit system;
|
||||||
overlays = [
|
overlays = [
|
||||||
inputs.nix-topology.overlays.default
|
inputs.nix-topology.overlays.default
|
||||||
(final: prev: {
|
(final: prev: {
|
||||||
inherit (nixpkgs-unstable.legacyPackages.${system}) super-tiny-icons;
|
inherit (nixpkgs-unstable.legacyPackages.${system}) super-tiny-icons;
|
||||||
})
|
})
|
||||||
|
];
|
||||||
|
};
|
||||||
|
|
||||||
|
specialArgs = {
|
||||||
|
values = import ./values.nix;
|
||||||
|
};
|
||||||
|
|
||||||
|
modules = [
|
||||||
|
./topology
|
||||||
|
{
|
||||||
|
nixosConfigurations = lib.mapAttrs (_name: nixosCfg:
|
||||||
|
nixosCfg.extendModules {
|
||||||
|
modules = [
|
||||||
|
inputs.nix-topology.nixosModules.default
|
||||||
|
./topology/service-extractors/greg-ng.nix
|
||||||
|
./topology/service-extractors/postgresql.nix
|
||||||
|
./topology/service-extractors/mysql.nix
|
||||||
|
./topology/service-extractors/gitea-runners.nix
|
||||||
|
];
|
||||||
|
})
|
||||||
|
self.nixosConfigurations;
|
||||||
|
}
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
in {
|
||||||
specialArgs = {
|
topology = topology'.config.output;
|
||||||
values = import ./values.nix;
|
topology-png =
|
||||||
};
|
pkgs.runCommand "pvv-config-topology-png" {
|
||||||
|
nativeBuildInputs = [pkgs.writableTmpDirAsHomeHook];
|
||||||
modules = [
|
} ''
|
||||||
./topology
|
mkdir -p "$out"
|
||||||
{
|
for file in '${topology'.config.output}'/*.svg; do
|
||||||
nixosConfigurations = lib.mapAttrs (_name: nixosCfg: nixosCfg.extendModules {
|
${lib.getExe pkgs.imagemagick} -density 300 -background none "$file" "$out"/"$(basename "''${file%.svg}.png")"
|
||||||
modules = [
|
done
|
||||||
inputs.nix-topology.nixosModules.default
|
'';
|
||||||
./topology/service-extractors/greg-ng.nix
|
});
|
||||||
./topology/service-extractors/postgresql.nix
|
|
||||||
./topology/service-extractors/mysql.nix
|
|
||||||
./topology/service-extractors/gitea-runners.nix
|
|
||||||
];
|
|
||||||
}) self.nixosConfigurations;
|
|
||||||
}
|
|
||||||
];
|
|
||||||
};
|
|
||||||
in {
|
|
||||||
topology = topology'.config.output;
|
|
||||||
topology-png = pkgs.runCommand "pvv-config-topology-png" {
|
|
||||||
nativeBuildInputs = [ pkgs.writableTmpDirAsHomeHook ];
|
|
||||||
} ''
|
|
||||||
mkdir -p "$out"
|
|
||||||
for file in '${topology'.config.output}'/*.svg; do
|
|
||||||
${lib.getExe pkgs.imagemagick} -density 300 -background none "$file" "$out"/"$(basename "''${file%.svg}.png")"
|
|
||||||
done
|
|
||||||
'';
|
|
||||||
});
|
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -6,40 +6,58 @@ let
|
|||||||
port = 3011;
|
port = 3011;
|
||||||
wsPort = 3012;
|
wsPort = 3012;
|
||||||
in {
|
in {
|
||||||
sops.secrets."vaultwarden/environ" = {
|
sops.secrets."vaultwarden/rsa_key.pem" = {
|
||||||
owner = "vaultwarden";
|
owner = "vaultwarden";
|
||||||
group = "vaultwarden";
|
group = "vaultwarden";
|
||||||
|
mode = "440";
|
||||||
|
restartUnits = [ "vaultwarden.service" ];
|
||||||
|
};
|
||||||
|
sops.secrets."vaultwarden/rsa_key.pub.pem" = {
|
||||||
|
owner = "vaultwarden";
|
||||||
|
group = "vaultwarden";
|
||||||
|
mode = "440";
|
||||||
|
restartUnits = [ "vaultwarden.service" ];
|
||||||
|
};
|
||||||
|
sops.secrets."vaultwarden/env/DATABASE_PASSWORD" = { };
|
||||||
|
sops.secrets."vaultwarden/env/SMTP_PASSWORD" = { };
|
||||||
|
sops.templates."vaultwarden/environment_file" = {
|
||||||
|
owner = "vaultwarden";
|
||||||
|
group = "vaultwarden";
|
||||||
|
mode = "440";
|
||||||
|
restartUnits = [ "vaultwarden.service" ];
|
||||||
|
content = ''
|
||||||
|
DATABASE_URL=postgresql://vaultwarden:${config.sops.placeholder."vaultwarden/env/DATABASE_PASSWORD"}@postgres.pvv.ntnu.no/vaultwarden
|
||||||
|
SMTP_PASSWORD=${config.sops.placeholder."vaultwarden/env/SMTP_PASSWORD"}
|
||||||
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
services.vaultwarden = {
|
services.vaultwarden = {
|
||||||
enable = true;
|
enable = true;
|
||||||
dbBackend = "postgresql";
|
dbBackend = "postgresql";
|
||||||
environmentFile = config.sops.secrets."vaultwarden/environ".path;
|
environmentFile = config.sops.templates."vaultwarden/environment_file".path;
|
||||||
config = {
|
config = {
|
||||||
domain = "https://${domain}";
|
DOMAIN = "https://${domain}";
|
||||||
|
|
||||||
rocketAddress = address;
|
ROCKET_ADDRESS = address;
|
||||||
rocketPort = port;
|
ROCKET_PORT = port;
|
||||||
|
|
||||||
websocketEnabled = true;
|
WEBSOCKET_ENABLED = true;
|
||||||
websocketAddress = address;
|
WEBSOCKET_ADDRESS = address;
|
||||||
websocketPort = wsPort;
|
WEBSOCKET_PORT = wsPort;
|
||||||
|
|
||||||
signupsAllowed = true;
|
SIGNUPS_ALLOWED = true;
|
||||||
signupsVerify = true;
|
SIGNUPS_VERIFY = true;
|
||||||
signupsDomainsWhitelist = "pvv.ntnu.no";
|
SIGNUPS_DOMAINS_WHITELIST = "pvv.ntnu.no";
|
||||||
|
|
||||||
smtpFrom = "vaultwarden@pvv.ntnu.no";
|
SMTP_FROM = "vaultwarden@pvv.ntnu.no";
|
||||||
smtpFromName = "VaultWarden PVV";
|
SMTP_FROM_NAME = "VaultWarden PVV";
|
||||||
|
|
||||||
smtpHost = "smtp.pvv.ntnu.no";
|
SMTP_HOST = "smtp.pvv.ntnu.no";
|
||||||
smtpUsername = "vaultwarden";
|
SMTP_USERNAME = "vaultwarden";
|
||||||
smtpSecurity = "force_tls";
|
SMTP_SECURITY = "force_tls";
|
||||||
smtpAuthMechanism = "Login";
|
SMTP_AUTH_MECHANISM = "Login";
|
||||||
|
|
||||||
# Configured in environ:
|
RSA_KEY_FILENAME = lib.removeSuffix ".pem" config.sops.secrets."vaultwarden/rsa_key.pem".path;
|
||||||
# databaseUrl = "postgresql://vaultwarden@/vaultwarden";
|
|
||||||
# smtpPassword = hemli
|
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
@@ -66,40 +84,6 @@ in {
|
|||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
systemd.services.vaultwarden = lib.mkIf cfg.enable {
|
|
||||||
serviceConfig = {
|
|
||||||
AmbientCapabilities = [ "" ];
|
|
||||||
CapabilityBoundingSet = [ "" ];
|
|
||||||
DeviceAllow = [ "" ];
|
|
||||||
LockPersonality = true;
|
|
||||||
NoNewPrivileges = true;
|
|
||||||
# MemoryDenyWriteExecute = true;
|
|
||||||
PrivateMounts = true;
|
|
||||||
PrivateUsers = true;
|
|
||||||
ProcSubset = "pid";
|
|
||||||
ProtectClock = true;
|
|
||||||
ProtectControlGroups = true;
|
|
||||||
ProtectHostname = true;
|
|
||||||
ProtectKernelLogs = true;
|
|
||||||
ProtectKernelModules = true;
|
|
||||||
ProtectKernelTunables = true;
|
|
||||||
RestrictAddressFamilies = [
|
|
||||||
"AF_INET"
|
|
||||||
"AF_INET6"
|
|
||||||
"AF_UNIX"
|
|
||||||
];
|
|
||||||
RemoveIPC = true;
|
|
||||||
RestrictNamespaces = true;
|
|
||||||
RestrictRealtime = true;
|
|
||||||
RestrictSUIDSGID = true;
|
|
||||||
SystemCallArchitectures = "native";
|
|
||||||
SystemCallFilter = [
|
|
||||||
"@system-service"
|
|
||||||
"~@privileged"
|
|
||||||
];
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
services.rsync-pull-targets = {
|
services.rsync-pull-targets = {
|
||||||
enable = true;
|
enable = true;
|
||||||
locations."/var/lib/vaultwarden" = {
|
locations."/var/lib/vaultwarden" = {
|
||||||
|
|||||||
@@ -9,6 +9,12 @@ in
|
|||||||
sops.secrets."roundcube/postgres_password" = {
|
sops.secrets."roundcube/postgres_password" = {
|
||||||
owner = "nginx";
|
owner = "nginx";
|
||||||
group = "nginx";
|
group = "nginx";
|
||||||
|
restartUnits = [ "phpfpm-roundcube.service" ];
|
||||||
|
};
|
||||||
|
sops.secrets."roundcube/des_key" = {
|
||||||
|
owner = "nginx";
|
||||||
|
group = "nginx";
|
||||||
|
restartUnits = [ "phpfpm-roundcube.service" ];
|
||||||
};
|
};
|
||||||
|
|
||||||
services.roundcube = {
|
services.roundcube = {
|
||||||
@@ -39,6 +45,7 @@ in
|
|||||||
$config['mail_domain'] = "pvv.ntnu.no";
|
$config['mail_domain'] = "pvv.ntnu.no";
|
||||||
$config['smtp_user'] = "%u";
|
$config['smtp_user'] = "%u";
|
||||||
$config['support_url'] = "";
|
$config['support_url'] = "";
|
||||||
|
$config['des_key'] = "${config.sops.secrets."roundcube/des_key".path}";
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|||||||
@@ -80,9 +80,40 @@ in {
|
|||||||
};
|
};
|
||||||
|
|
||||||
services.phpfpm.pools."pvv-nettsiden".settings = {
|
services.phpfpm.pools."pvv-nettsiden".settings = {
|
||||||
# "php_admin_value[error_log]" = "stderr";
|
"php_admin_value[error_log]" = "syslog";
|
||||||
"php_admin_flag[log_errors]" = true;
|
"php_admin_flag[log_errors]" = true;
|
||||||
"catch_workers_output" = true;
|
"catch_workers_output" = true;
|
||||||
|
|
||||||
|
"php_admin_value[max_execution_time]" = "30";
|
||||||
|
"request_terminate_timeout" = "60s";
|
||||||
|
|
||||||
|
"php_admin_value[sendmail_path]" = let
|
||||||
|
fakeSendmail = pkgs.writeShellApplication {
|
||||||
|
name = "fake-sendmail";
|
||||||
|
text = ''
|
||||||
|
TIMESTAMP="$(date +%Y-%m-%d-%H-%M-%S-%N)"
|
||||||
|
(
|
||||||
|
echo "SENDMAIL ARGS:"
|
||||||
|
echo "$@"
|
||||||
|
echo "SENDMAIL STDIN:"
|
||||||
|
cat -
|
||||||
|
) > "/var/lib/pvv-nettsiden/emails/$TIMESTAMP.mail"
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
in lib.getExe fakeSendmail;
|
||||||
|
|
||||||
|
"php_admin_value[disable_functions]" = lib.concatStringsSep "," [
|
||||||
|
"curl_exec"
|
||||||
|
"curl_multi_exec"
|
||||||
|
"exec"
|
||||||
|
"parse_ini_file"
|
||||||
|
"passthru"
|
||||||
|
"popen"
|
||||||
|
"proc_open"
|
||||||
|
"shell_exec"
|
||||||
|
"show_source"
|
||||||
|
"system"
|
||||||
|
];
|
||||||
};
|
};
|
||||||
|
|
||||||
services.nginx.virtualHosts."pvv.ntnu.no" = {
|
services.nginx.virtualHosts."pvv.ntnu.no" = {
|
||||||
|
|||||||
@@ -40,7 +40,7 @@ in {
|
|||||||
path = with pkgs; [ imagemagick gnutar gzip ];
|
path = with pkgs; [ imagemagick gnutar gzip ];
|
||||||
|
|
||||||
script = ''
|
script = ''
|
||||||
tar ${lib.cli.toGNUCommandLineShell {} {
|
tar ${lib.cli.toCommandLineShellGNU { } {
|
||||||
extract = true;
|
extract = true;
|
||||||
file = "${transferDir}/gallery.tar.gz";
|
file = "${transferDir}/gallery.tar.gz";
|
||||||
directory = ".";
|
directory = ".";
|
||||||
|
|||||||
@@ -64,4 +64,11 @@ in
|
|||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
networking.firewall.allowedUDPPortRanges = [
|
||||||
|
{
|
||||||
|
from = cfg.settings.rtc.port_range_start;
|
||||||
|
to = cfg.settings.rtc.port_range_end;
|
||||||
|
}
|
||||||
|
];
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -0,0 +1,37 @@
|
|||||||
|
{ config, lib, pkgs, ... }:
|
||||||
|
let
|
||||||
|
cfg = config.services.postgresql;
|
||||||
|
in
|
||||||
|
{
|
||||||
|
config = lib.mkIf cfg.enable {
|
||||||
|
systemd.services = {
|
||||||
|
postgresql-repack = {
|
||||||
|
requires = [ "postgresql.service" ];
|
||||||
|
after = [ "postgresql.target" ];
|
||||||
|
description = "Repack all PostgreSQL databases";
|
||||||
|
startAt = "Mon 06:00:00";
|
||||||
|
serviceConfig = {
|
||||||
|
Type = "oneshot";
|
||||||
|
User = "postgres";
|
||||||
|
Group = "postgres";
|
||||||
|
|
||||||
|
ExecStart = "${lib.getExe cfg.package.pkgs.pg_repack} --host=/run/postgresql --no-kill-backend --wait-timeout=30 --all";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
postgresql-vacuum-analyze = {
|
||||||
|
requires = [ "postgresql.service" ];
|
||||||
|
after = [ "postgresql.target" ];
|
||||||
|
description = "Vacuum and analyze all PostgreSQL databases";
|
||||||
|
startAt = "Tue 06:00:00";
|
||||||
|
serviceConfig = {
|
||||||
|
Type = "oneshot";
|
||||||
|
User = "postgres";
|
||||||
|
Group = "postgres";
|
||||||
|
|
||||||
|
ExecStart = "${lib.getExe' cfg.package "psql"} --port=${builtins.toString cfg.settings.port} -tAc 'VACUUM ANALYZE'";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
||||||
@@ -3,11 +3,15 @@ let
|
|||||||
cfg = config.services.postgresql;
|
cfg = config.services.postgresql;
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
imports = [ ./backup.nix ];
|
imports = [
|
||||||
|
./backup.nix
|
||||||
|
./cleanup-timers.nix
|
||||||
|
];
|
||||||
|
|
||||||
services.postgresql = {
|
services.postgresql = {
|
||||||
enable = true;
|
enable = true;
|
||||||
package = pkgs.postgresql_18;
|
package = pkgs.postgresql_18;
|
||||||
|
extensions = ps: with ps; [ pg_repack ];
|
||||||
enableTCPIP = true;
|
enableTCPIP = true;
|
||||||
|
|
||||||
authentication = ''
|
authentication = ''
|
||||||
|
|||||||
@@ -22,7 +22,7 @@
|
|||||||
"sd_mod"
|
"sd_mod"
|
||||||
];
|
];
|
||||||
boot.initrd.kernelModules = [ "dm-snapshot" ];
|
boot.initrd.kernelModules = [ "dm-snapshot" ];
|
||||||
boot.kernelModules = [ ];
|
boot.kernelModules = [ "kvm-intel" ];
|
||||||
boot.extraModulePackages = [ ];
|
boot.extraModulePackages = [ ];
|
||||||
|
|
||||||
fileSystems."/" = {
|
fileSystems."/" = {
|
||||||
@@ -31,7 +31,7 @@
|
|||||||
};
|
};
|
||||||
|
|
||||||
fileSystems."/boot" = {
|
fileSystems."/boot" = {
|
||||||
device = "/dev/disk/by-uuid/933A-3005";
|
device = "/dev/disk/by-uuid/BD97-FCA0";
|
||||||
fsType = "vfat";
|
fsType = "vfat";
|
||||||
options = [
|
options = [
|
||||||
"fmask=0077"
|
"fmask=0077"
|
||||||
|
|||||||
@@ -1,17 +1,23 @@
|
|||||||
{ config, fp, pkgs, lib, values, ... }:
|
|
||||||
{
|
{
|
||||||
|
config,
|
||||||
|
fp,
|
||||||
|
pkgs,
|
||||||
|
lib,
|
||||||
|
values,
|
||||||
|
...
|
||||||
|
}: {
|
||||||
imports = [
|
imports = [
|
||||||
# Include the results of the hardware scan.
|
./hardware-configuration.nix
|
||||||
./hardware-configuration.nix
|
./disks.nix
|
||||||
(fp /base)
|
(fp /base)
|
||||||
|
|
||||||
./services/monitoring
|
./services/monitoring
|
||||||
./services/nginx
|
./services/nginx
|
||||||
./services/journald-remote.nix
|
./services/journald-remote.nix
|
||||||
];
|
];
|
||||||
|
|
||||||
boot.loader.systemd-boot.enable = false;
|
boot.loader.grub.enable = true;
|
||||||
boot.loader.grub.device = "/dev/vda";
|
boot.loader.systemd-boot.enable = lib.mkForce false;
|
||||||
boot.tmp.cleanOnBoot = true;
|
boot.tmp.cleanOnBoot = true;
|
||||||
zramSwap.enable = true;
|
zramSwap.enable = true;
|
||||||
|
|
||||||
@@ -27,13 +33,22 @@
|
|||||||
nameservers = values.defaultNetworkConfig.dns;
|
nameservers = values.defaultNetworkConfig.dns;
|
||||||
defaultGateway.address = hostConf.ipv4_internal_gw;
|
defaultGateway.address = hostConf.ipv4_internal_gw;
|
||||||
|
|
||||||
interfaces."ens4" = {
|
interfaces."ens3" = {
|
||||||
ipv4.addresses = [
|
ipv4.addresses = [
|
||||||
{ address = hostConf.ipv4; prefixLength = 32; }
|
{
|
||||||
{ address = hostConf.ipv4_internal; prefixLength = 24; }
|
address = hostConf.ipv4;
|
||||||
|
prefixLength = 32;
|
||||||
|
}
|
||||||
|
{
|
||||||
|
address = hostConf.ipv4_internal;
|
||||||
|
prefixLength = 24;
|
||||||
|
}
|
||||||
];
|
];
|
||||||
ipv6.addresses = [
|
ipv6.addresses = [
|
||||||
{ address = hostConf.ipv6; prefixLength = 64; }
|
{
|
||||||
|
address = hostConf.ipv6;
|
||||||
|
prefixLength = 64;
|
||||||
|
}
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|||||||
@@ -0,0 +1,27 @@
|
|||||||
|
{
|
||||||
|
disko.devices = {
|
||||||
|
disk = {
|
||||||
|
sda = {
|
||||||
|
device = "/dev/sda";
|
||||||
|
type = "disk";
|
||||||
|
content = {
|
||||||
|
type = "gpt";
|
||||||
|
partitions = {
|
||||||
|
bios = {
|
||||||
|
size = "1M";
|
||||||
|
type = "EF02";
|
||||||
|
};
|
||||||
|
root = {
|
||||||
|
size = "100%";
|
||||||
|
content = {
|
||||||
|
type = "filesystem";
|
||||||
|
format = "ext4";
|
||||||
|
mountpoint = "/";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
||||||
@@ -1,16 +1,24 @@
|
|||||||
{ modulesPath, lib, ... }:
|
# Do not modify this file! It was generated by 'nixos-generate-config'
|
||||||
{
|
# and may be overwritten by future invocations. Please make changes
|
||||||
imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
|
# to /etc/nixos/configuration.nix instead.
|
||||||
boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "xen_blkfront" "vmw_pvscsi" ];
|
{ config, lib, pkgs, modulesPath, ... }:
|
||||||
boot.initrd.kernelModules = [ "nvme" ];
|
|
||||||
fileSystems."/" = {
|
|
||||||
device = "/dev/disk/by-uuid/e35eb4ce-aac3-4f91-8383-6e7cd8bbf942";
|
|
||||||
fsType = "ext4";
|
|
||||||
};
|
|
||||||
fileSystems."/data" = {
|
|
||||||
device = "/dev/disk/by-uuid/0a4c1234-02d3-4b53-aeca-d95c4c8d534b";
|
|
||||||
fsType = "ext4";
|
|
||||||
};
|
|
||||||
|
|
||||||
|
{
|
||||||
|
imports =
|
||||||
|
[ (modulesPath + "/profiles/qemu-guest.nix")
|
||||||
|
];
|
||||||
|
|
||||||
|
boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "virtio_scsi" "sd_mod" ];
|
||||||
|
boot.initrd.kernelModules = [ ];
|
||||||
|
boot.kernelModules = [ "kvm-intel" ];
|
||||||
|
boot.extraModulePackages = [ ];
|
||||||
|
|
||||||
|
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
|
||||||
|
# (the default) this is the recommended approach. When using systemd-networkd it's
|
||||||
|
# still possible to use this option, but it's recommended to use it in conjunction
|
||||||
|
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
|
||||||
networking.useDHCP = lib.mkDefault true;
|
networking.useDHCP = lib.mkDefault true;
|
||||||
|
# networking.interfaces.ens3.useDHCP = lib.mkDefault true;
|
||||||
|
|
||||||
|
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -21,6 +21,7 @@ in {
|
|||||||
|
|
||||||
fileSystems."/var/lib/prometheus2" = {
|
fileSystems."/var/lib/prometheus2" = {
|
||||||
device = stateDir;
|
device = stateDir;
|
||||||
|
fsType = "bind";
|
||||||
options = [ "bind" ];
|
options = [ "bind" ];
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -27,7 +27,6 @@ in {
|
|||||||
(mkHostScrapeConfig "lupine-4" [ defaultNodeExporterPort defaultSystemdExporterPort defaultNixosExporterPort ])
|
(mkHostScrapeConfig "lupine-4" [ defaultNodeExporterPort defaultSystemdExporterPort defaultNixosExporterPort ])
|
||||||
(mkHostScrapeConfig "lupine-5" [ defaultNodeExporterPort defaultSystemdExporterPort defaultNixosExporterPort ])
|
(mkHostScrapeConfig "lupine-5" [ defaultNodeExporterPort defaultSystemdExporterPort defaultNixosExporterPort ])
|
||||||
(mkHostScrapeConfig "temmie" [ defaultNodeExporterPort defaultSystemdExporterPort defaultNixosExporterPort ])
|
(mkHostScrapeConfig "temmie" [ defaultNodeExporterPort defaultSystemdExporterPort defaultNixosExporterPort ])
|
||||||
(mkHostScrapeConfig "ustetind" [ defaultNodeExporterPort defaultSystemdExporterPort defaultNixosExporterPort ])
|
|
||||||
(mkHostScrapeConfig "wenche" [ defaultNodeExporterPort defaultSystemdExporterPort defaultNixosExporterPort ])
|
(mkHostScrapeConfig "wenche" [ defaultNodeExporterPort defaultSystemdExporterPort defaultNixosExporterPort ])
|
||||||
|
|
||||||
(mkHostScrapeConfig "hildring" [ defaultNodeExporterPort ])
|
(mkHostScrapeConfig "hildring" [ defaultNodeExporterPort ])
|
||||||
|
|||||||
@@ -21,6 +21,7 @@ in {
|
|||||||
|
|
||||||
fileSystems."/var/lib/uptime-kuma" = {
|
fileSystems."/var/lib/uptime-kuma" = {
|
||||||
device = stateDir;
|
device = stateDir;
|
||||||
|
fsType = "bind";
|
||||||
options = [ "bind" ];
|
options = [ "bind" ];
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -134,9 +134,6 @@ in {
|
|||||||
ALLOW_FORK_INTO_SAME_OWNER = true;
|
ALLOW_FORK_INTO_SAME_OWNER = true;
|
||||||
};
|
};
|
||||||
picture = {
|
picture = {
|
||||||
DISABLE_GRAVATAR = true;
|
|
||||||
ENABLE_FEDERATED_AVATAR = false;
|
|
||||||
|
|
||||||
AVATAR_MAX_FILE_SIZE = 1024 * 1024 * 5;
|
AVATAR_MAX_FILE_SIZE = 1024 * 1024 * 5;
|
||||||
# NOTE: go any bigger than this, and gitea will freeze your gif >:(
|
# NOTE: go any bigger than this, and gitea will freeze your gif >:(
|
||||||
AVATAR_MAX_ORIGIN_SIZE = 1024 * 1024 * 2;
|
AVATAR_MAX_ORIGIN_SIZE = 1024 * 1024 * 2;
|
||||||
@@ -217,7 +214,7 @@ in {
|
|||||||
|
|
||||||
systemd.services.gitea-dump = {
|
systemd.services.gitea-dump = {
|
||||||
serviceConfig.ExecStart = let
|
serviceConfig.ExecStart = let
|
||||||
args = lib.cli.toGNUCommandLineShell { } {
|
args = lib.cli.toCommandLineShellGNU { } {
|
||||||
type = cfg.dump.type;
|
type = cfg.dump.type;
|
||||||
|
|
||||||
# This should be declarative on nixos, no need to backup.
|
# This should be declarative on nixos, no need to backup.
|
||||||
@@ -229,7 +226,7 @@ in {
|
|||||||
# Logs are stored in the systemd journal
|
# Logs are stored in the systemd journal
|
||||||
skip-log = true;
|
skip-log = true;
|
||||||
};
|
};
|
||||||
in lib.mkForce "${lib.getExe cfg.package} ${args}";
|
in lib.mkForce "${lib.getExe cfg.package} dump ${args}";
|
||||||
|
|
||||||
# Only keep n backup files at a time
|
# Only keep n backup files at a time
|
||||||
postStop = let
|
postStop = let
|
||||||
|
|||||||
@@ -53,7 +53,7 @@ in
|
|||||||
Slice = "system-giteaweb.slice";
|
Slice = "system-giteaweb.slice";
|
||||||
Type = "oneshot";
|
Type = "oneshot";
|
||||||
ExecStart = let
|
ExecStart = let
|
||||||
args = lib.cli.toGNUCommandLineShell { } {
|
args = lib.cli.toCommandLineShellGNU { } {
|
||||||
org = "%i";
|
org = "%i";
|
||||||
token-path = "%d/token";
|
token-path = "%d/token";
|
||||||
api-url = "${giteaCfg.settings.server.ROOT_URL}api/v1";
|
api-url = "${giteaCfg.settings.server.ROOT_URL}api/v1";
|
||||||
|
|||||||
@@ -1,4 +1,4 @@
|
|||||||
# Do not modify this file! It was generated by ‘nixos-generate-config’
|
# Do not modify this file! It was generated by 'nixos-generate-config'
|
||||||
# and may be overwritten by future invocations. Please make changes
|
# and may be overwritten by future invocations. Please make changes
|
||||||
# to /etc/nixos/configuration.nix instead.
|
# to /etc/nixos/configuration.nix instead.
|
||||||
{ config, lib, pkgs, modulesPath, ... }:
|
{ config, lib, pkgs, modulesPath, ... }:
|
||||||
|
|||||||
@@ -1,4 +1,4 @@
|
|||||||
# Do not modify this file! It was generated by ‘nixos-generate-config’
|
# Do not modify this file! It was generated by 'nixos-generate-config'
|
||||||
# and may be overwritten by future invocations. Please make changes
|
# and may be overwritten by future invocations. Please make changes
|
||||||
# to /etc/nixos/configuration.nix instead.
|
# to /etc/nixos/configuration.nix instead.
|
||||||
{ config, lib, pkgs, modulesPath, ... }:
|
{ config, lib, pkgs, modulesPath, ... }:
|
||||||
|
|||||||
@@ -1,4 +1,4 @@
|
|||||||
# Do not modify this file! It was generated by ‘nixos-generate-config’
|
# Do not modify this file! It was generated by 'nixos-generate-config'
|
||||||
# and may be overwritten by future invocations. Please make changes
|
# and may be overwritten by future invocations. Please make changes
|
||||||
# to /etc/nixos/configuration.nix instead.
|
# to /etc/nixos/configuration.nix instead.
|
||||||
{ config, lib, pkgs, modulesPath, ... }:
|
{ config, lib, pkgs, modulesPath, ... }:
|
||||||
|
|||||||
@@ -4,6 +4,13 @@ let
|
|||||||
|
|
||||||
homeLetters = [ "a" "b" "c" "d" "h" "i" "j" "k" "l" "m" "z" ];
|
homeLetters = [ "a" "b" "c" "d" "h" "i" "j" "k" "l" "m" "z" ];
|
||||||
|
|
||||||
|
phpOptions = lib.concatStringsSep "\n" (lib.mapAttrsToList (k: v: "${k} = ${v}"){
|
||||||
|
display_errors = "Off";
|
||||||
|
display_startup_errors = "Off";
|
||||||
|
post_max_size = "40M";
|
||||||
|
upload_max_filesize = "40M";
|
||||||
|
});
|
||||||
|
|
||||||
# https://nixos.org/manual/nixpkgs/stable/#ssec-php-user-guide-installing-with-extensions
|
# https://nixos.org/manual/nixpkgs/stable/#ssec-php-user-guide-installing-with-extensions
|
||||||
phpEnv = pkgs.php.buildEnv {
|
phpEnv = pkgs.php.buildEnv {
|
||||||
extensions = { all, ... }: with all; [
|
extensions = { all, ... }: with all; [
|
||||||
@@ -29,11 +36,7 @@ let
|
|||||||
pdo_sqlite
|
pdo_sqlite
|
||||||
];
|
];
|
||||||
|
|
||||||
extraConfig = ''
|
extraConfig = phpOptions;
|
||||||
display_errors=0
|
|
||||||
post_max_size = 40M
|
|
||||||
upload_max_filesize = 40M
|
|
||||||
'';
|
|
||||||
};
|
};
|
||||||
|
|
||||||
perlEnv = pkgs.perl.withPackages (ps: with ps; [
|
perlEnv = pkgs.perl.withPackages (ps: with ps; [
|
||||||
@@ -70,9 +73,9 @@ let
|
|||||||
text = ''
|
text = ''
|
||||||
args=("$@")
|
args=("$@")
|
||||||
|
|
||||||
if [[ "''${PWD:-}" =~ ^/home/pvv/[^/]+/([^/]+) ]] && [[ "''${BASH_REMATCH[1]}" != "pvv" ]]; then
|
if [[ -z "$USERDIR_USER" ]] && [[ "$USERDIR_USER" != "pvv" ]]; then
|
||||||
# Prepend -fusername to the argument list, so bounces go to the user
|
# Prepend -fusername to the argument list, so bounces go to the user
|
||||||
args=("-f''${BASH_REMATCH[1]}" "''${args[@]}")
|
args=("-f$USERDIR_USER" "''${args[@]}")
|
||||||
fi
|
fi
|
||||||
|
|
||||||
exec '${lib.getExe pkgs.system-sendmail}' "''${args[@]}"
|
exec '${lib.getExe pkgs.system-sendmail}' "''${args[@]}"
|
||||||
@@ -173,6 +176,7 @@ in
|
|||||||
|
|
||||||
enablePHP = true;
|
enablePHP = true;
|
||||||
phpPackage = phpEnv;
|
phpPackage = phpEnv;
|
||||||
|
inherit phpOptions;
|
||||||
|
|
||||||
enablePerl = true;
|
enablePerl = true;
|
||||||
|
|
||||||
@@ -209,6 +213,7 @@ in
|
|||||||
UserDir disabled root
|
UserDir disabled root
|
||||||
AddHandler cgi-script .cgi
|
AddHandler cgi-script .cgi
|
||||||
DirectoryIndex index.html index.html.var index.php index.php3 index.cgi index.phtml index.shtml meg.html
|
DirectoryIndex index.html index.html.var index.php index.php3 index.cgi index.phtml index.shtml meg.html
|
||||||
|
SetEnvIf Request_URI "^/~([^/]+)" USERDIR_USER=$1
|
||||||
|
|
||||||
<Directory "/home/pvv/?/*/web-docs">
|
<Directory "/home/pvv/?/*/web-docs">
|
||||||
Options MultiViews Indexes SymLinksIfOwnerMatch ExecCGI IncludesNoExec
|
Options MultiViews Indexes SymLinksIfOwnerMatch ExecCGI IncludesNoExec
|
||||||
|
|||||||
@@ -1,4 +1,4 @@
|
|||||||
{ config, lib, ... }:
|
{ config, lib, pkgs, ... }:
|
||||||
{
|
{
|
||||||
services.postfix.enable = lib.mkForce false;
|
services.postfix.enable = lib.mkForce false;
|
||||||
|
|
||||||
@@ -9,4 +9,26 @@
|
|||||||
remotes = "mail.pvv.ntnu.no smtp --port=25";
|
remotes = "mail.pvv.ntnu.no smtp --port=25";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
systemd.sockets.userweb-sendmail-sandbox-proxy = {
|
||||||
|
wantedBy = [ "sockets.target" ];
|
||||||
|
listenStreams = [ "/run/userweb-sendmail-sandbox-proxy.sock" ];
|
||||||
|
socketConfig = {
|
||||||
|
# Accept = true;
|
||||||
|
SocketUser = "httpd";
|
||||||
|
SocketGroup = "httpd"; # TODO: is wwwrun(54) in this group?
|
||||||
|
SocketMode = "0660";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
systemd.services.userweb-sendmail-sandbox-proxy = {
|
||||||
|
serviceConfig = {
|
||||||
|
User = "root";
|
||||||
|
Group = "root";
|
||||||
|
Sockets = [
|
||||||
|
"userweb-sendmail-sandbox-proxy.socket"
|
||||||
|
];
|
||||||
|
ExecStart = "${lib.getExe pkgs.hello}";
|
||||||
|
};
|
||||||
|
};
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -1,40 +0,0 @@
|
|||||||
{ config, fp, pkgs, lib, values, ... }:
|
|
||||||
|
|
||||||
{
|
|
||||||
imports = [
|
|
||||||
(fp /base)
|
|
||||||
|
|
||||||
./services/gitea-runners.nix
|
|
||||||
];
|
|
||||||
|
|
||||||
boot.loader.systemd-boot.enable = false;
|
|
||||||
|
|
||||||
networking.useHostResolvConf = lib.mkForce false;
|
|
||||||
|
|
||||||
systemd.network.networks = {
|
|
||||||
"30-lxc-eth" = values.defaultNetworkConfig // {
|
|
||||||
matchConfig = {
|
|
||||||
Type = "ether";
|
|
||||||
Kind = "veth";
|
|
||||||
Name = [
|
|
||||||
"eth*"
|
|
||||||
];
|
|
||||||
};
|
|
||||||
address = with values.hosts.ustetind; [ (ipv4 + "/25") (ipv6 + "/64") ];
|
|
||||||
};
|
|
||||||
"40-podman-veth" = values.defaultNetworkConfig // {
|
|
||||||
matchConfig = {
|
|
||||||
Type = "ether";
|
|
||||||
Kind = "veth";
|
|
||||||
Name = [
|
|
||||||
"veth*"
|
|
||||||
];
|
|
||||||
};
|
|
||||||
DHCP = "yes";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
# Don't change (even during upgrades) unless you know what you are doing.
|
|
||||||
# See https://search.nixos.org/options?show=system.stateVersion
|
|
||||||
system.stateVersion = "24.11";
|
|
||||||
}
|
|
||||||
@@ -1,41 +0,0 @@
|
|||||||
{ config, lib, values, ... }:
|
|
||||||
let
|
|
||||||
mkRunner = name: {
|
|
||||||
# This is unfortunately state, and has to be generated one at a time :(
|
|
||||||
# To do that, comment out all except one of the runners, fill in its token
|
|
||||||
# inside the sops file, rebuild the system, and only after this runner has
|
|
||||||
# successfully registered will gitea give you the next token.
|
|
||||||
# - oysteikt Sep 2023
|
|
||||||
sops.secrets."gitea/runners/${name}".restartUnits = [
|
|
||||||
"gitea-runner-${name}.service"
|
|
||||||
];
|
|
||||||
|
|
||||||
services.gitea-actions-runner.instances = {
|
|
||||||
${name} = {
|
|
||||||
enable = true;
|
|
||||||
name = "git-runner-${name}"; url = "https://git.pvv.ntnu.no";
|
|
||||||
labels = [
|
|
||||||
"debian-latest:docker://node:current-bookworm"
|
|
||||||
"ubuntu-latest:docker://node:current-bookworm"
|
|
||||||
];
|
|
||||||
tokenFile = config.sops.secrets."gitea/runners/${name}".path;
|
|
||||||
};
|
|
||||||
};
|
|
||||||
};
|
|
||||||
in
|
|
||||||
lib.mkMerge [
|
|
||||||
(mkRunner "alpha")
|
|
||||||
(mkRunner "beta")
|
|
||||||
(mkRunner "epsilon")
|
|
||||||
{
|
|
||||||
virtualisation.podman = {
|
|
||||||
enable = true;
|
|
||||||
defaultNetwork.settings.dns_enabled = true;
|
|
||||||
autoPrune.enable = true;
|
|
||||||
};
|
|
||||||
|
|
||||||
networking.dhcpcd.IPv6rs = false;
|
|
||||||
|
|
||||||
networking.firewall.interfaces."podman+".allowedUDPPorts = [53 5353];
|
|
||||||
}
|
|
||||||
]
|
|
||||||
@@ -33,63 +33,63 @@ in
|
|||||||
lib.mergeAttrsList [
|
lib.mergeAttrsList [
|
||||||
(mw-ext {
|
(mw-ext {
|
||||||
name = "CodeEditor";
|
name = "CodeEditor";
|
||||||
commit = "83e1d0c13f34746f0d7049e38b00e9ab0a47c23f";
|
commit = "2db9c9cef35d88a0696b926e8e4ea2d479d0d73a";
|
||||||
hash = "sha256-qH9fSQZGA+z6tBSh1DaTKLcujqA6K/vQmZML9w5X8mU=";
|
hash = "sha256-f0tWJl/4hml+RCp7OoIpQ4WSGKE3/z8DTYOAOHbLA9A=";
|
||||||
})
|
})
|
||||||
(mw-ext {
|
(mw-ext {
|
||||||
name = "CodeMirror";
|
name = "CodeMirror";
|
||||||
commit = "af2b08b9ad2b89a64b2626cf80b026c5b45e9922";
|
commit = "b16e614c3c4ba68c346b8dd7393ab005ab127441";
|
||||||
hash = "sha256-CxXPwCKUlF9Tg4JhwLaKQyvt43owq75jCugVtb3VX+I=";
|
hash = "sha256-J/TJPo5Oxgpy6UQINivLKl8jzJp4k/mKv6br3kcCSMQ=";
|
||||||
})
|
})
|
||||||
(mw-ext {
|
(mw-ext {
|
||||||
name = "DeleteBatch";
|
name = "DeleteBatch";
|
||||||
commit = "3d6f2fd0e3efdae1087dd0cc8b1f96fe0edf734f";
|
commit = "1b947c0f80249cf052b58138f830b379edf080bc";
|
||||||
hash = "sha256-iD9EjDIW7AGpZan74SIRcr54dV8W7xMKIDjatjdVkKs=";
|
hash = "sha256-629RCz+38m2pfyJe/CrYutRoDyN1HzD0KzDdC2wwqlI=";
|
||||||
})
|
})
|
||||||
(mw-ext {
|
(mw-ext {
|
||||||
name = "PluggableAuth";
|
name = "PluggableAuth";
|
||||||
commit = "85e96acd1ac0ebcdaa29c20eae721767a938f426";
|
commit = "56893b8ee9ecd03eaee256e08c38bc82657ee0a1";
|
||||||
hash = "sha256-bMVhrg8FsfWhXF605Cj5TgI0A6Jy/MIQ5aaUcLQQ0Ss=";
|
hash = "sha256-gvoJey7YLMk+toutQTdWxpaedNDr59E+3xXWmXWCGl0=";
|
||||||
})
|
})
|
||||||
(mw-ext {
|
(mw-ext {
|
||||||
name = "Popups";
|
name = "Popups";
|
||||||
commit = "410e2343c32a7b18dcdc2bbd995b0bfdf3bf5f37";
|
commit = "6732d8d195bd8312779d8514e92bad372ef63096";
|
||||||
hash = "sha256-u2AlR75x54rCpiK9Mz00D9odJCn8fmi6DRU4QKmKqSc=";
|
hash = "sha256-XZzhA9UjAOUMcoGYYwiqRg2uInZ927JOZ9/IrZtarJU=";
|
||||||
})
|
})
|
||||||
(mw-ext {
|
(mw-ext {
|
||||||
name = "Scribunto";
|
name = "Scribunto";
|
||||||
commit = "904f323f343dba5ff6a6cdd143c4a8ef5b7d2c55";
|
commit = "fc9658623bd37fad352e326ce81b2a08ef55f04d";
|
||||||
hash = "sha256-ZOVYhjMMyWbqwZOBb39hMIRmzzCPEnz2y8Q2jgyeERw=";
|
hash = "sha256-P9WQk8O9qP+vXsBS9A5eXX+bRhnfqHetbkXwU3+c1Vk=";
|
||||||
})
|
})
|
||||||
(mw-ext {
|
(mw-ext {
|
||||||
name = "SimpleSAMLphp";
|
name = "SimpleSAMLphp";
|
||||||
kebab-name = "simple-saml-php";
|
kebab-name = "simple-saml-php";
|
||||||
commit = "a2f77374713473d594e368de24539aebcc1a800a";
|
commit = "4c615a9203860bb908f2476a5467573e3287d224";
|
||||||
hash = "sha256-5+t3VQFKcrIffDNPJ4RWBIWS6K1gTOcEleYWmM6xWms=";
|
hash = "sha256-zNKvzInhdW3B101Hcghk/8m0Y+Qk/7XN7n0i/x/5hSE=";
|
||||||
})
|
})
|
||||||
(mw-ext {
|
(mw-ext {
|
||||||
name = "TemplateData";
|
name = "TemplateData";
|
||||||
commit = "76a6a04bd13a606923847ba68750b5d98372cacd";
|
commit = "6884b10e603dce82ee39632f839ee5ccd8a6fbe3";
|
||||||
hash = "sha256-X2+U5PMqzkSljw2ypIvJUSaPDaonTkQx89OgKzf5scw=";
|
hash = "sha256-jcLe3r5fPIrQlp89N+PdIUSC7bkdd7pTmiYppSpdKVQ=";
|
||||||
})
|
})
|
||||||
(mw-ext {
|
(mw-ext {
|
||||||
name = "TemplateStyles";
|
name = "TemplateStyles";
|
||||||
commit = "7de60a8da6576d7930f293d19ef83529abf52704";
|
commit = "f0401a6b82528c8fd5a0375f1e55e72d1211f2ab";
|
||||||
hash = "sha256-iPmFDoO5V4964CVyd1mBSQcNlW34odbvpm2CfDBlPBU=";
|
hash = "sha256-tEcCNBz/i9OaE3mNrqw0J2K336BAf6it30TLhQkbtKs=";
|
||||||
})
|
})
|
||||||
(mw-ext {
|
(mw-ext {
|
||||||
name = "UserMerge";
|
name = "UserMerge";
|
||||||
commit = "71eb53ff4289ac4efaa31685ab8b6483c165a584";
|
commit = "6c138ffc65991766fd58ff4739fcb7febf097146";
|
||||||
hash = "sha256-OfKSEPgctfr659oh5jf99T0Rzqn+60JhNaZq+2gfubk=";
|
hash = "sha256-366Nb0ilmXixWgk5NgCuoxj82Mf0iRu1bC/L/eofAxU=";
|
||||||
})
|
})
|
||||||
(mw-ext {
|
(mw-ext {
|
||||||
name = "VisualEditor";
|
name = "VisualEditor";
|
||||||
commit = "a6a63f53605c4d596c3df1dcc2583ffd3eb8d929";
|
commit = "9cfcca3195bf88225844f136da90ab7a1f6dd0b9";
|
||||||
hash = "sha256-4d8picO66uzKoxh1TdyvKLHebc6ZL7N2DdXLV2vgBL4=";
|
hash = "sha256-jHw3RnUB3bQa1OvmzhEBqadZlFPWH62iGl5BLXi3nZ4=";
|
||||||
})
|
})
|
||||||
(mw-ext {
|
(mw-ext {
|
||||||
name = "WikiEditor";
|
name = "WikiEditor";
|
||||||
commit = "0a5719bb95326123dd0fee1f88658358321ed7be";
|
commit = "fe5329ba7a8c71ac8236cd0e940a64de2645b780";
|
||||||
hash = "sha256-eQMyjhdm1E6TkktIHad1NMeMo8QNoO8z4A05FYOMCwQ=";
|
hash = "sha256-no6kH7esqKiZv34btidzy2zLd75SBVb8EaYVhfRPQSI=";
|
||||||
})
|
})
|
||||||
]
|
]
|
||||||
|
|||||||
@@ -8,18 +8,18 @@
|
|||||||
|
|
||||||
php.buildComposerProject rec {
|
php.buildComposerProject rec {
|
||||||
pname = "simplesamlphp";
|
pname = "simplesamlphp";
|
||||||
version = "2.4.3";
|
version = "2.5.0";
|
||||||
|
|
||||||
src = fetchFromGitHub {
|
src = fetchFromGitHub {
|
||||||
owner = "simplesamlphp";
|
owner = "simplesamlphp";
|
||||||
repo = "simplesamlphp";
|
repo = "simplesamlphp";
|
||||||
tag = "v${version}";
|
tag = "v${version}";
|
||||||
hash = "sha256-vv4gzcnPfMapd8gER2Vsng1SBloHKWrJJltnw2HUnX4=";
|
hash = "sha256-Md07vWhB/5MDUH+SPQEs8PYiUrkEgAyqQl+LO+ap0Sw=";
|
||||||
};
|
};
|
||||||
|
|
||||||
composerStrictValidation = false;
|
composerStrictValidation = false;
|
||||||
|
|
||||||
vendorHash = "sha256-vu3Iz6fRk3Gnh9Psn46jgRYKkmqGte+5xHBRmvdgKG4=";
|
vendorHash = "sha256-GrEoGJXEyI1Ib+06GIuo5eRwxQ0UMKeX5RswShu2CHM=";
|
||||||
|
|
||||||
# TODO: metadata could be fetched automagically with these:
|
# TODO: metadata could be fetched automagically with these:
|
||||||
# - https://simplesamlphp.org/docs/contrib_modules/metarefresh/simplesamlphp-automated_metadata.html
|
# - https://simplesamlphp.org/docs/contrib_modules/metarefresh/simplesamlphp-automated_metadata.html
|
||||||
|
|||||||
@@ -18,6 +18,7 @@ mediawiki:
|
|||||||
admin_password: ENC[AES256_GCM,data:4eUXvcO7NLOWke9XShfKzj+x3FvqPONa,iv:3iZ+BTBTZ7yMJ0HT14cEMebKZattWUcYEevRsl/6WOk=,tag:CU0iDhPP2ndztdX5U5A4cw==,type:str]
|
admin_password: ENC[AES256_GCM,data:4eUXvcO7NLOWke9XShfKzj+x3FvqPONa,iv:3iZ+BTBTZ7yMJ0HT14cEMebKZattWUcYEevRsl/6WOk=,tag:CU0iDhPP2ndztdX5U5A4cw==,type:str]
|
||||||
roundcube:
|
roundcube:
|
||||||
postgres_password: ENC[AES256_GCM,data:fGHmq6r/ZCeIseHL8/gmm5DfWQYorI3OJq1TW0EHvh7rHL62M4TE+Lrlrmq8AIlmGLSWtO8AQzOP3toxidL6xWX3pcwLxtTefa1gom2oQf6ZL4TbAZLidHksdiro6pWtpMOO66bb8O9eXvZmns4=,iv:Irnb2/bgx8WilDyRLleWfo6HHafZ+vlDEwxIcgm1f18=,tag:eTNBUELmLwO7DsQN9CLX7Q==,type:str]
|
postgres_password: ENC[AES256_GCM,data:fGHmq6r/ZCeIseHL8/gmm5DfWQYorI3OJq1TW0EHvh7rHL62M4TE+Lrlrmq8AIlmGLSWtO8AQzOP3toxidL6xWX3pcwLxtTefa1gom2oQf6ZL4TbAZLidHksdiro6pWtpMOO66bb8O9eXvZmns4=,iv:Irnb2/bgx8WilDyRLleWfo6HHafZ+vlDEwxIcgm1f18=,tag:eTNBUELmLwO7DsQN9CLX7Q==,type:str]
|
||||||
|
des_key: ENC[AES256_GCM,data:U5AHdFgDtidjN7XqPSJkT/anS/q29/9p,iv:okLPMdnNW3dawiqirLA6VmnhXsbPyP4QnqbRo0wfd58=,tag:ZVmCzJK9uhw6CvxK1On1Sg==,type:str]
|
||||||
idp:
|
idp:
|
||||||
cookie_salt: ENC[AES256_GCM,data:cyV6HDCPHKQIa8T1+rFBFh6EuHtG5B508lg6uFYENK7qVpYuiTUIokdVQhY8SRLs2mECx/ampgnUHxCRB/Cc/A==,iv:QRrRUhzRQrLkmg38rrYtCEfF8U4/7ZHZUDSEq++BlbI=,tag:fLqFSLd+CKqJvmCh1fx8vg==,type:str]
|
cookie_salt: ENC[AES256_GCM,data:cyV6HDCPHKQIa8T1+rFBFh6EuHtG5B508lg6uFYENK7qVpYuiTUIokdVQhY8SRLs2mECx/ampgnUHxCRB/Cc/A==,iv:QRrRUhzRQrLkmg38rrYtCEfF8U4/7ZHZUDSEq++BlbI=,tag:fLqFSLd+CKqJvmCh1fx8vg==,type:str]
|
||||||
admin_password: ENC[AES256_GCM,data:Vf33Oenk6x6BIij1uW8RQDjTPcKhUVYA,iv:RNeyCNpTAYdBPrZwE3Y6CCjoAML/3XUvjfJCrr06IEU=,tag:zVOrx1oXnEyr/VwFCFaCDQ==,type:str]
|
admin_password: ENC[AES256_GCM,data:Vf33Oenk6x6BIij1uW8RQDjTPcKhUVYA,iv:RNeyCNpTAYdBPrZwE3Y6CCjoAML/3XUvjfJCrr06IEU=,tag:zVOrx1oXnEyr/VwFCFaCDQ==,type:str]
|
||||||
@@ -31,14 +32,17 @@ nettsiden:
|
|||||||
cookie_salt: ENC[AES256_GCM,data:VmODSLOP1YDBrpHdk/49qx9BS+aveEYDQ1D24d4zCi06kZsCENCr+vdPAnTeM1pw98RTr3yZAEQTh4s90b6v8Q==,iv:vRClu6neyYPFdtD63kjnvK2iNOIHMbh+9qEGph7CI60=,tag:66fgppVxY0egs4+9XfDBPA==,type:str]
|
cookie_salt: ENC[AES256_GCM,data:VmODSLOP1YDBrpHdk/49qx9BS+aveEYDQ1D24d4zCi06kZsCENCr+vdPAnTeM1pw98RTr3yZAEQTh4s90b6v8Q==,iv:vRClu6neyYPFdtD63kjnvK2iNOIHMbh+9qEGph7CI60=,tag:66fgppVxY0egs4+9XfDBPA==,type:str]
|
||||||
admin_password: ENC[AES256_GCM,data:SADr/zN3F0tW339kSK1nD9Pb38rw7hz8,iv:s5jgl1djXd5JKwx1WG/w2Q4STMMpjJP91qxOwAoNcL0=,tag:N8bKnO9N0ei06HDkSGt6XQ==,type:str]
|
admin_password: ENC[AES256_GCM,data:SADr/zN3F0tW339kSK1nD9Pb38rw7hz8,iv:s5jgl1djXd5JKwx1WG/w2Q4STMMpjJP91qxOwAoNcL0=,tag:N8bKnO9N0ei06HDkSGt6XQ==,type:str]
|
||||||
vaultwarden:
|
vaultwarden:
|
||||||
environ: ENC[AES256_GCM,data:CST5I8x8qAkrTy/wbMLL6aFSPDPIU7aWsD1L1MnIATRmk7fcUhfTSFds7quJmIpb2znsIT/WxNI/V/7UW+9ZdPKI64hfPR8MtvrJcbOhU5Fe2IiytFymFbhcOgWAXjbGzs7knQmpfMxSl98sU71oLkRuFdkousdnh4VQFZhUCYM=,iv:Is6xQ7DGdcAQgrrXCS9NbJk67O2uR82rbKOXBTzZHWw=,tag:XVEjCEM5t8qJl6jL89zrkw==,type:str]
|
env:
|
||||||
|
DATABASE_PASSWORD: ENC[AES256_GCM,data:uSaQuyx4yn1QfUABWpEjf8x97Imh6A==,iv:pukLl3k8X+ITRZ4bZfOPjsWKCHjVCo8Zd6qEHRERAYc=,tag:4y03dQbEhS+mTXUhzt54bA==,type:str]
|
||||||
|
SMTP_PASSWORD: ENC[AES256_GCM,data:Nr+4wZSvq6KjfzB169v4ojvWHa25Aw==,iv:HM4VYLUCI0HaBT8cDzusYA+49LpuJeg7v/Pz4nfulmM=,tag:T4TkDt+NdWnqbCDaRUERJw==,type:str]
|
||||||
|
rsa_key.pem: ENC[AES256_GCM,data:bYZzFj2ImB0jfiIP9N9V+nk1ROjql4PEuDcJIhVV96BeE++Kq+DGORrnfCyJaubNlqT7+nlMGN/D6bfzwKWivuXDd7T5s6wXplk480anOrFU4cJ9NYXHJjoT8Cn+jKSb7JEWO42cVwraB+qGWFZevOrRtdBM328ffOH4IDqVYgIonnM+pHe7oGglg2Xc97x3GQ46ODWKFZsAqU3ZZv+4SGJXJJorPv+cOIoVvXpqec7TuD2MnfdXvLQEl6o/zsGuV/yQkbJus/BqKUUR+RZ9i/0xuzCd/hJS9yFbHHBj82fDh6+D4TG+1PM+dVRSolkkxhcBvvBJtUPqRewTe5cNO9wZP1ocf9GNmXMbvopaNdAxh6uPJNH1Z6aZ+kLShF5ddE4FuKSvucEPgUdscZw01LeJIehZ7uzHCC99jmojU8rlsWFPvJqUfp0xAZDFDJgCIGt6AbKwBCCeFGuvqYT6w5GQ8uT8OQVBmRxUCZuplcDTUMsBXDxa/Q/5Q/O2zIev7jw7Rm0cJ23ovllu40VvLD+Xu/uQVYzivOOHkvUhQkjVkfbk073ZjrhlIMO3BOuA7PDKUsMBz3UVndtrYU+OOtCI0CoCVVP/K/CamNBGGHdvBoQ13bVn04OgdgJYgz04gP6MqFkr8AWoPFHVZe8+Z/tlW5DtV6SRoUfGFlnROWhiBVZpNuUj/ef1gUY1OoFuqY4GRc3nkC/Fwxi81+lSbAQ2ZdtqroJxquoVJhoUWuSonNDBtOYU0yczvF70R84AFzWKh1eJ7hr2iwcMJPSkhTzTm7LTrr0mQqU8qMxUz4pa0yxOZW0UkC2koz6jKdYlwXHMjjyiUZqfc2y9DrRF6Sa/NUPTrzIvikYk9yr3thnh4VtcsYdqvwlsnkbM/HtGvcmmtZjT4npLyD5t/7tUOs453Ntoo1BOto7+X+0IrFs9yHheBOqfj8dA1M2am0cjrS9LyaSnqBREgBFWVJdpSB0aDdh0M8vmpCBcdrzGPLCUXhNWihiZFEVh1ZrwzXWndRtqmhFLFfXmnEAhtEQL6l/GuA5WEYPHIThq+33BDhXAUB5oBcQQSI8TGPWw0IkOci8Q+SlUd81h2JtAmek/L+1kGZwmyolg1iA9c0LVxapM9cpSNVnmON/O2q3tFisQS82/ysKnNggeyD/ByY0dGMUZILAeONBqm41UcVGoAP5N5KE6Cb7FlppBRitn4QejVvLExPtK8NwQl503Yjq+yBTjSjhuZbB2mQaFgJeKhXrm34I3ZMKKm58j+NAGVJTi7RPzSfTW3kvPvtfm8GvM+vuOOxvNzdid8jR241pQl35d6hOYS3wvbkDVmkvbcjTJBPslvq6pGmAVPyHLHshgyTvvTweX1yodoV+4Z3dtrBb9wZKADT6VfTmEo4RXNjIoZFQrTJTdBeVQbgxejySKHAy2G0/8ZipvToj7zRULSOHh6yS4no8b7U7ZY9tEdxs8uxhDob0nkGy7VQUGG8YNXuwGsjLjVsTiawXiWnqdxeFLuTkKEvtMEEmDUfIRErY2juZbra4AKKWdjegc4ayW1ZyUq5i12eRdnpNbdXBQBtBjagvo3A29bse1TMV3Hww+B7oZ0wsHFD72byD159DdEqnLYlxzRjXns3E2qX8f5xvIUFkBIFNDqkKVaq9wqCrmS0vpbHvuiEJDwyr+nu32nWYT9M+RO41Ri/W63juukd/wf75QKVNNjV5WVrJaN2lgr1+3ux0LE5qs01nZZKqv0jzk4P2SnrPJLMq9NbEgXgKjmwqABnQm8KkeHpPQ8ns4JAY7L5pV6faf1rKWQnE71t9qpKSNMlOgtcv2Jd+5HZuUYbYw5SdDYmwsd+OT0cVu0jURz22k/OmT9GY09SnYpvgHrXLNjvEtY0Tr2vpX1SL5qTx6MWDs/nr47+t/DUEMC/JmUrIOE3OSZXpS9AO4BsBmTV0DF5SlvYBDnHAqkHuJbzRdQ1FjGg/wZLFDmIUy3F7m7bGB+5NX+1ZO1BmG2f0ICpHiR1SGnaK81mY3gmfUD8al7gmmKmAltfvw2kP+Z+Hv2d+XGqVk2csRlfq9e5wu0jFKgcGIs4NuA71V0oKfwL7a3gN0Drd270frH1lYzET0NRSQkqw4oeTt0y4my5TvYGmLEHE05IORdrmHUkHefUtomTEB6YQYY+wLyxVBo6z6MFLN7eCe1HtxjUBp8LFxTT+2l7IusDgIs+6I05Krrrz5GHgNHdMBhw==,iv:CtmysYvEFew/839Gj+vZEDoqu6TvrZ9bUIg9GwejIX0=,tag:CnTEOKLYDsVGRVrQDwfFKQ==,type:str]
|
||||||
|
rsa_key.pub.pem: ENC[AES256_GCM,data:B/2SQrEQ4zRie6A89jneHl5tXfHraYzVEBshY+IrRoufI9YpQw16VjGgrNVCpaG5+PSsCNjz8lXM33oQwg7HU1IWHmvrZdEgkguYv722Ngdb4D8IKHL1nsL9/gkVQFFFvty9ru3LDTfrFKF3cLX+6eIQMFk5W+qLuVO5Pbxh3LKWmN7zG8XHa/b+tvMQclHrtY2iomIThyxKi8w03uE1Fs6V80hyuMA/3TdIz9nUwl5WpiGxaelwaJyts2b5KoBzJ0zZbdR4IHCTYYqBkdjo8929M/gfPS6ZqZS2FPDReoWiujJSAyyoC9xZxglUk/g7vU/8CVwcrtVzn5DEbUot/om98p/1Hq/1Hk4zli49Ysy8nbPhlshZeH5RNSQIDkY6wT7TYD5m3QXjXV+siH7ClKAfri2zp4S4k9uEXvL27NTPqvoXKIUpSEl1b0A/ApQt761PODEMtEXx2PmlRKhg9T9cvLRNYbJavg3FMNivZ+2oQNZXeJZWUEjtqsEoPBAbEHklMtKJiQiThtIPHL3eEdTAhOVhjxBGYU2Kase2hU7g2YvgC3+8u48OarXZbZYgcJkoCHrm+hocYm5DZJ64rxURZQ==,iv:6x0vx8tiGOsQxHsp+qO+nvdUmqNKWINdFO1wXOnORVo=,tag:zuPNh7IfEG/c4lsFVNRYog==,type:str]
|
||||||
bluemap:
|
bluemap:
|
||||||
ssh-key: ENC[AES256_GCM,data:nPwsT4RYbMbGp2MChLUh6NXW4ckYr7SQcd6Gy2G8CEU+ugew5pt4d6GOK1fyekspDtet3EkPL2F1AsoPFBB2Rv0boARMslAhBqwWSsbBJTXeTEgAABSMxTPJRBtfJucvv426nyIj3uApoknz6mDCQh1OI6mER0fis7MPaM1506HlDlnIT0FV9EairEsaAmbd0yddByGJSccKIza2vW0qWqrz83P+xrakEONxFz0fJlkO5PRXCcQJVBCqWQfnaHNrWeBWv0QA7vAHlT0yjqJCpDRxN2KYrPWsz7sUbB4UZOtykCRM5kKFq73GUaOKqVECJQhcJi6tERhpJELwjjS8MSqvBD90UTKTshGugfuygTaOyUx4wou3atxMR2Rah9+uZ6mBrLAOLX3JKiAtyhFewPMWjd/UhbMPuzNageVBNz2EMpa4POSVwz5MyViKNSgr9cPcNGqmrnjvr/W/lnj6Ec+W80RiXQlADSE4Q6diLLwB9nlHvKs8NTDgv6sUafcPHpJ2+N4Jkb96dE14bMffQ385SI4vLDcQ8xCQ,iv:WdJIHRzjlm8bEldolCx1Q7pZJvjxGkNZALSOy3IjizU=,tag:5ZAikiqttq/76+thG+4LMw==,type:str]
|
ssh-key: ENC[AES256_GCM,data:nPwsT4RYbMbGp2MChLUh6NXW4ckYr7SQcd6Gy2G8CEU+ugew5pt4d6GOK1fyekspDtet3EkPL2F1AsoPFBB2Rv0boARMslAhBqwWSsbBJTXeTEgAABSMxTPJRBtfJucvv426nyIj3uApoknz6mDCQh1OI6mER0fis7MPaM1506HlDlnIT0FV9EairEsaAmbd0yddByGJSccKIza2vW0qWqrz83P+xrakEONxFz0fJlkO5PRXCcQJVBCqWQfnaHNrWeBWv0QA7vAHlT0yjqJCpDRxN2KYrPWsz7sUbB4UZOtykCRM5kKFq73GUaOKqVECJQhcJi6tERhpJELwjjS8MSqvBD90UTKTshGugfuygTaOyUx4wou3atxMR2Rah9+uZ6mBrLAOLX3JKiAtyhFewPMWjd/UhbMPuzNageVBNz2EMpa4POSVwz5MyViKNSgr9cPcNGqmrnjvr/W/lnj6Ec+W80RiXQlADSE4Q6diLLwB9nlHvKs8NTDgv6sUafcPHpJ2+N4Jkb96dE14bMffQ385SI4vLDcQ8xCQ,iv:WdJIHRzjlm8bEldolCx1Q7pZJvjxGkNZALSOy3IjizU=,tag:5ZAikiqttq/76+thG+4LMw==,type:str]
|
||||||
ssh-known-hosts: ENC[AES256_GCM,data:J6V+NJ9TvYUL2gmcqWWYt8X+n0M7i0RpDpBelWAbFMH64+e9ztHNnC491sm+RogDxqKk0kwQyX2Mz00iq3Gc3wDYyozGOdv3tBKrp7/LcfjUQ9T9hi0yTD3eNV0LAjlAWMTdlW65VGHqGst8ncKbUuVxbBASVlh3A321toZgD+xxUAtNz7qKFa6fDbOS0xLD1+CmTwVp+aPos//QIKzjuk1HqxfBNK82maKtD4JHPS+Y3be2wIEjGWq3H6JYN/RDojD88D/jzo9RwvEjpqLXoOVfy8uX/fbEsgkgfAmPiaG+ePCnchSExEe3a6Y0E+I6YIzvP+tGThJpu4HaT/yW2Rww/jvsxKrXSUhtBZI/SIX5ZAIFB3sFjJXQefJjfNpQTQWhbspLfdemafGaRiDnzVgKDhNL1HNMNsXKDfWa0SLs4//dqerom/QCCNsaqV+4HVzv5x44srChGERadQI/Wh4UG2R19xxbdyIsKPHzv7BhEKufJkjc5upBjWygQrGAkTRHugFpw2Tdkz9yUQSujMkaeRKhVkA+ZUAjwnY5TwqNZBj7U3K2JXoNVHAq194XmrA2dNghh0OmRrvKGwM3HKexX22SXT0bPlpdWRQpMbUgV+uHLMerlDpNMFTIueEBkaF/FWeSW2N5WUrUb1uJ91QcJ8JBgN1riuD1Oxv9RRPrY9VVNJMrYjpAAREN8i8brMTOCJ35s7jnqIei0dNmnNXOoQZPs9kUMeEtUc/Df1E8/aO2Y4yU9gHUuevXnAJWFAiu2IxssgPk6CcNxvapJEmlwkLK/JyuDsWwFxVOHfw5QIEsoDVWXt6eMhquqUgzJI1q7QrTWUQsBb5A5sQKYWQHempOaXuQn1bzA7mU3Gzsr8bNNc6tpy+6j3zTXYR067EX00yqPG+kqRn4QVIuhByxXP3cwXLUG9uD1lsqWrGzs6WCnHr7txhRBXf4WbBVmXModO3uf36cDYEwrUa6yBsARtSl8PJ0UadfY/xULcT5PFvu9+Hi2qj3vp4IU3JCJa9AvXB+11pbSdawprjuDhwQtPwkJ4CQyvZsom3/BOrmwYM5+EyMDIluEQ0z6eDE5buiIVbX6IvXnDCKbrnqVwavX2wqyiDduFLjRfWL/3U2O1yRim78smrDMJABJZvtW+a+GfmlnTd/gnFvS70Fmm/lgtY051ISL/iFx6toJRoBMMiI/Zvy13uQry+w/HbyFl42DIank8tf7kuN3E9M7ADGMubRJJ0AZOcQddrFnR4Gl2nU2+3RS5fLHaBf9QHK6W92/n//xmPkYqrkPacew4eBjUqM32jVGuBpDc964fK9kdtIdw8q5P1s/ph3I79Y24kGeuO1AVJuZvkaTv1Z7GgI9+K9TstKJ9XpRCidLpLSP+uHOWkqcNsQlt6ilTlfHj+MKoD85dKZ315QMmpiuYEvzCSP1aYTb9dpd61Su/IVuM3r2NuINNEZ166YlHQVsLNpDn8E5ahk3ZInOAg6/kaKTmjUI8KEvX4BR3PbbViAlJJb3suJ0oZBGPUlrW5uLRmADvf2mMDVO5zY7/m9DQwxjt4Miu0l8ZaUc0YJQ850lBKucQ==,iv:GI8w7h7xX8gMHuAoWUyrW+BQb85LNlASoYvGBPlCZaI=,tag:WnHNMevfFSMc0ikBZwWn/g==,type:str]
|
ssh-known-hosts: ENC[AES256_GCM,data:J6V+NJ9TvYUL2gmcqWWYt8X+n0M7i0RpDpBelWAbFMH64+e9ztHNnC491sm+RogDxqKk0kwQyX2Mz00iq3Gc3wDYyozGOdv3tBKrp7/LcfjUQ9T9hi0yTD3eNV0LAjlAWMTdlW65VGHqGst8ncKbUuVxbBASVlh3A321toZgD+xxUAtNz7qKFa6fDbOS0xLD1+CmTwVp+aPos//QIKzjuk1HqxfBNK82maKtD4JHPS+Y3be2wIEjGWq3H6JYN/RDojD88D/jzo9RwvEjpqLXoOVfy8uX/fbEsgkgfAmPiaG+ePCnchSExEe3a6Y0E+I6YIzvP+tGThJpu4HaT/yW2Rww/jvsxKrXSUhtBZI/SIX5ZAIFB3sFjJXQefJjfNpQTQWhbspLfdemafGaRiDnzVgKDhNL1HNMNsXKDfWa0SLs4//dqerom/QCCNsaqV+4HVzv5x44srChGERadQI/Wh4UG2R19xxbdyIsKPHzv7BhEKufJkjc5upBjWygQrGAkTRHugFpw2Tdkz9yUQSujMkaeRKhVkA+ZUAjwnY5TwqNZBj7U3K2JXoNVHAq194XmrA2dNghh0OmRrvKGwM3HKexX22SXT0bPlpdWRQpMbUgV+uHLMerlDpNMFTIueEBkaF/FWeSW2N5WUrUb1uJ91QcJ8JBgN1riuD1Oxv9RRPrY9VVNJMrYjpAAREN8i8brMTOCJ35s7jnqIei0dNmnNXOoQZPs9kUMeEtUc/Df1E8/aO2Y4yU9gHUuevXnAJWFAiu2IxssgPk6CcNxvapJEmlwkLK/JyuDsWwFxVOHfw5QIEsoDVWXt6eMhquqUgzJI1q7QrTWUQsBb5A5sQKYWQHempOaXuQn1bzA7mU3Gzsr8bNNc6tpy+6j3zTXYR067EX00yqPG+kqRn4QVIuhByxXP3cwXLUG9uD1lsqWrGzs6WCnHr7txhRBXf4WbBVmXModO3uf36cDYEwrUa6yBsARtSl8PJ0UadfY/xULcT5PFvu9+Hi2qj3vp4IU3JCJa9AvXB+11pbSdawprjuDhwQtPwkJ4CQyvZsom3/BOrmwYM5+EyMDIluEQ0z6eDE5buiIVbX6IvXnDCKbrnqVwavX2wqyiDduFLjRfWL/3U2O1yRim78smrDMJABJZvtW+a+GfmlnTd/gnFvS70Fmm/lgtY051ISL/iFx6toJRoBMMiI/Zvy13uQry+w/HbyFl42DIank8tf7kuN3E9M7ADGMubRJJ0AZOcQddrFnR4Gl2nU2+3RS5fLHaBf9QHK6W92/n//xmPkYqrkPacew4eBjUqM32jVGuBpDc964fK9kdtIdw8q5P1s/ph3I79Y24kGeuO1AVJuZvkaTv1Z7GgI9+K9TstKJ9XpRCidLpLSP+uHOWkqcNsQlt6ilTlfHj+MKoD85dKZ315QMmpiuYEvzCSP1aYTb9dpd61Su/IVuM3r2NuINNEZ166YlHQVsLNpDn8E5ahk3ZInOAg6/kaKTmjUI8KEvX4BR3PbbViAlJJb3suJ0oZBGPUlrW5uLRmADvf2mMDVO5zY7/m9DQwxjt4Miu0l8ZaUc0YJQ850lBKucQ==,iv:GI8w7h7xX8gMHuAoWUyrW+BQb85LNlASoYvGBPlCZaI=,tag:WnHNMevfFSMc0ikBZwWn/g==,type:str]
|
||||||
sops:
|
sops:
|
||||||
age:
|
age:
|
||||||
- recipient: age12nj59tguy9wg882updc2vjdusx5srnxmjyfaqve4zx6jnnsaw3qsyjq6zd
|
- enc: |
|
||||||
enc: |
|
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBzMVM0T0Y4Wjg1OGNsR0Iv
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBzMVM0T0Y4Wjg1OGNsR0Iv
|
||||||
VmxoNmRMcjlWRHFhc3l2Sy9aZnF4b0ZsTnhnCkd6UnEvWi9kRU9qSmVLZkdiWGJh
|
VmxoNmRMcjlWRHFhc3l2Sy9aZnF4b0ZsTnhnCkd6UnEvWi9kRU9qSmVLZkdiWGJh
|
||||||
@@ -46,8 +50,8 @@ sops:
|
|||||||
R0RmcXJwRlkvSVhRbGwxZytLNmlqeFkKw/0nGPzgzH39udFyJVkjNTMTmffiQh6/
|
R0RmcXJwRlkvSVhRbGwxZytLNmlqeFkKw/0nGPzgzH39udFyJVkjNTMTmffiQh6/
|
||||||
HT1O7imvPymx5kXrnfciAP9bnCV4o/HiVkuDxBP7gG5nBUgY6PIC7Q==
|
HT1O7imvPymx5kXrnfciAP9bnCV4o/HiVkuDxBP7gG5nBUgY6PIC7Q==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
- recipient: age1ug30gg4y7ftuya0wdv7q0vh4egn00wlv2th7mt7cgc2ze46wmvyq9lq6ge
|
recipient: age12nj59tguy9wg882updc2vjdusx5srnxmjyfaqve4zx6jnnsaw3qsyjq6zd
|
||||||
enc: |
|
- enc: |
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBCV2ptWkhqNjcrM0hXOWEv
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBCV2ptWkhqNjcrM0hXOWEv
|
||||||
Y21GNkVJUXY3dHV1OUdUdlJZNHhka3g3QVdNCk9vak0wSDBhS3pZSWk2anVsMnVY
|
Y21GNkVJUXY3dHV1OUdUdlJZNHhka3g3QVdNCk9vak0wSDBhS3pZSWk2anVsMnVY
|
||||||
@@ -55,8 +59,8 @@ sops:
|
|||||||
cXl3S2tRdExvSjRNUHpwbFNzVXdQVmcK65zb8MPh67TyHkjLA2vLgv2eOQOSUDih
|
cXl3S2tRdExvSjRNUHpwbFNzVXdQVmcK65zb8MPh67TyHkjLA2vLgv2eOQOSUDih
|
||||||
JeHkryWGQXzlYL5tZZ24ae1mqYiYQ6DsbWXopA0q0OmndYByXct6FA==
|
JeHkryWGQXzlYL5tZZ24ae1mqYiYQ6DsbWXopA0q0OmndYByXct6FA==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
- recipient: age1mrnldl334l2nszuta6ywvewng0fswv2dz9l5g4qcwe3nj4yxf92qjskdx6
|
recipient: age1ug30gg4y7ftuya0wdv7q0vh4egn00wlv2th7mt7cgc2ze46wmvyq9lq6ge
|
||||||
enc: |
|
- enc: |
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBCSnU5dml1bjY5ejZHUGRQ
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBCSnU5dml1bjY5ejZHUGRQ
|
||||||
V1pNQnBXWUx0c1R5WkY5d3NFOFlKTkFrMUN3CkNqMjc5NDRMb05tSW9wV3lkUUVU
|
V1pNQnBXWUx0c1R5WkY5d3NFOFlKTkFrMUN3CkNqMjc5NDRMb05tSW9wV3lkUUVU
|
||||||
@@ -64,8 +68,8 @@ sops:
|
|||||||
SzM4Rml4dFNjMWxxYXlVdTdxTTB1ZzQKvoBpb4PPNM5yl85wTcTTqZmkXmwZGyvS
|
SzM4Rml4dFNjMWxxYXlVdTdxTTB1ZzQKvoBpb4PPNM5yl85wTcTTqZmkXmwZGyvS
|
||||||
PMPFNqEkzcZFtC1BfYGIlKAuisGhQ6rFAkyTZXTLP0HjPEcH00+WMw==
|
PMPFNqEkzcZFtC1BfYGIlKAuisGhQ6rFAkyTZXTLP0HjPEcH00+WMw==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
- recipient: age1hmpdk4h69wxpwqk9tkud39f66hprhehxtzhgw97r6dvr7v0mx5jscsuhkn
|
recipient: age1mrnldl334l2nszuta6ywvewng0fswv2dz9l5g4qcwe3nj4yxf92qjskdx6
|
||||||
enc: |
|
- enc: |
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDbGdTVUU3UVUwZytQancy
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDbGdTVUU3UVUwZytQancy
|
||||||
ZXY1Ullmck9qZ0dsSmZqUHF0NGpSZlJWRjBJCndmbGh6Y3lUWmdEWUdHNkZwd0dM
|
ZXY1Ullmck9qZ0dsSmZqUHF0NGpSZlJWRjBJCndmbGh6Y3lUWmdEWUdHNkZwd0dM
|
||||||
@@ -73,8 +77,8 @@ sops:
|
|||||||
NmloODFNNXU1TG9FeWxKYTBGOG5qR1kKXGAQyRVO6Sh0LNlFD5nx0F3m2KYP8hYl
|
NmloODFNNXU1TG9FeWxKYTBGOG5qR1kKXGAQyRVO6Sh0LNlFD5nx0F3m2KYP8hYl
|
||||||
/g3mwi4NI4UIR2dYXsgNJuF7axxP1IbaZ/j2NLNYbVe2+iZvscvBTw==
|
/g3mwi4NI4UIR2dYXsgNJuF7axxP1IbaZ/j2NLNYbVe2+iZvscvBTw==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
- recipient: age1wrssr4z4g6vl3fd3qme5cewchmmhm0j2xe6wf2meu4r6ycn37anse98mfs
|
recipient: age1hmpdk4h69wxpwqk9tkud39f66hprhehxtzhgw97r6dvr7v0mx5jscsuhkn
|
||||||
enc: |
|
- enc: |
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtWkVyLzJWM01ybHB3cmpq
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtWkVyLzJWM01ybHB3cmpq
|
||||||
cTJTM3VWaEk3djcxb0RnbVZXUGRyMWQxcWlFCmhQUmtGZm0wczdsLzZUNHFqRnZW
|
cTJTM3VWaEk3djcxb0RnbVZXUGRyMWQxcWlFCmhQUmtGZm0wczdsLzZUNHFqRnZW
|
||||||
@@ -82,8 +86,8 @@ sops:
|
|||||||
RGs3aStCRUJmMG9JRFZyRFJWeTZKWGsK8oTccCGCXPsQEGnn57ml5IwYCHgYoBpC
|
RGs3aStCRUJmMG9JRFZyRFJWeTZKWGsK8oTccCGCXPsQEGnn57ml5IwYCHgYoBpC
|
||||||
2U7uT/Z10crtrqgPGi3/jYr5IEacLBvbuGLBwSlCo7NGz/6XnVIyaQ==
|
2U7uT/Z10crtrqgPGi3/jYr5IEacLBvbuGLBwSlCo7NGz/6XnVIyaQ==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
- recipient: age1zhxul786an743u0fascv4wtc5xduu7qfy803lfs539yzhgmlq5ds2lznt5
|
recipient: age1wrssr4z4g6vl3fd3qme5cewchmmhm0j2xe6wf2meu4r6ycn37anse98mfs
|
||||||
enc: |
|
- enc: |
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBSTlJPQk9DTFNKMjA2bTRj
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBSTlJPQk9DTFNKMjA2bTRj
|
||||||
OE5uaWxEQkhUdmRvT2h4TDJvREo4TlQ4MFZrCjNjd2ErOXcxQkJrNzlOdGNFSDNW
|
OE5uaWxEQkhUdmRvT2h4TDJvREo4TlQ4MFZrCjNjd2ErOXcxQkJrNzlOdGNFSDNW
|
||||||
@@ -91,8 +95,8 @@ sops:
|
|||||||
RlRMc0R3dDllUGRHcmNDTDBSS09mUUUKhdxXMEuwLviNY134uA4SELXiHo4rCC9h
|
RlRMc0R3dDllUGRHcmNDTDBSS09mUUUKhdxXMEuwLviNY134uA4SELXiHo4rCC9h
|
||||||
pT2iqOV+VDquwE99h9OIo2Kfmblzje/TGpok1i4cxytg8fly3LZD+Q==
|
pT2iqOV+VDquwE99h9OIo2Kfmblzje/TGpok1i4cxytg8fly3LZD+Q==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
- recipient: age1sqs7urnzsdy64efmd0zukzv3gs5pnjksuxd7nqmdwdy5l0nqnunq6hyune
|
recipient: age1zhxul786an743u0fascv4wtc5xduu7qfy803lfs539yzhgmlq5ds2lznt5
|
||||||
enc: |
|
- enc: |
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQcHVjN3MvVUEwazNraXFQ
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQcHVjN3MvVUEwazNraXFQ
|
||||||
anVTbU1EY1JUQ0FyeSt3bWJ6TVcwY1UwZ1cwClRtOTE1QWNXaUdzejh5a3BUdTFv
|
anVTbU1EY1JUQ0FyeSt3bWJ6TVcwY1UwZ1cwClRtOTE1QWNXaUdzejh5a3BUdTFv
|
||||||
@@ -100,8 +104,9 @@ sops:
|
|||||||
SU5zanlva1p2QjVndVJwUnlkdkFuTDAKbQRrSfG9MGsGvF2ywoGhDSuriDsbQ+k2
|
SU5zanlva1p2QjVndVJwUnlkdkFuTDAKbQRrSfG9MGsGvF2ywoGhDSuriDsbQ+k2
|
||||||
29mxere0efSSGGq8y9YrPC8UX5hZRfqg/dfbL+PFc4NHfbxB/oSzQw==
|
29mxere0efSSGGq8y9YrPC8UX5hZRfqg/dfbL+PFc4NHfbxB/oSzQw==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
lastmodified: "2026-01-26T08:40:13Z"
|
recipient: age1sqs7urnzsdy64efmd0zukzv3gs5pnjksuxd7nqmdwdy5l0nqnunq6hyune
|
||||||
mac: ENC[AES256_GCM,data:ppgpARft/YDKP24QF4bLYVhxN4nRrCsf4wBug3UD4MXgQwdFyWPAHn086uONeMbVOvH8IdwlaNBc8h36I7M66cqwK1VsRc/vf9Ud2VnD/WkWijMSrJ80frIvuvREp7aMNlYbD20bjrp4sYohjcJ8KPqyPUFPj71dA+9LZvXJthQ=,iv:lr3R14lRx7RzclknKbOa/bHa6axGbMPqj1FRTjx34xE=,tag:pBHzSArxYs4bqq355T4yog==,type:str]
|
lastmodified: "2026-05-22T08:58:19Z"
|
||||||
|
mac: ENC[AES256_GCM,data:EYU8RCXRMdQn+yLB0iWBw7JULZya3PqkScAFtlP0d0zTyud4MGVCTINtrn7EgboYONvEWgi4yRvJVHUDPArRA6WlHx/tx175DJbVq6sdnl0xsL0Y9dt18HbdEgDDyOxbCjTOjAV1WPINOmpVvyXMp4+cc0oU3g+2ANjiodkU+t4=,iv:wAi+m9VkKx1bCxz5kZyEgNQcPE9aa5f9TlaYEohnwu0=,tag:3ZtP78aCmyqW0A0zvgpUTw==,type:str]
|
||||||
pgp:
|
pgp:
|
||||||
- created_at: "2026-01-16T06:34:44Z"
|
- created_at: "2026-01-16T06:34:44Z"
|
||||||
enc: |-
|
enc: |-
|
||||||
@@ -124,4 +129,4 @@ sops:
|
|||||||
-----END PGP MESSAGE-----
|
-----END PGP MESSAGE-----
|
||||||
fp: F7D37890228A907440E1FD4846B9228E814A2AAC
|
fp: F7D37890228A907440E1FD4846B9228E814A2AAC
|
||||||
unencrypted_suffix: _unencrypted
|
unencrypted_suffix: _unencrypted
|
||||||
version: 3.11.0
|
version: 3.13.0
|
||||||
|
|||||||
@@ -9,90 +9,90 @@ keys:
|
|||||||
postgres_exporter_knakelibrak_env: ENC[AES256_GCM,data:xjC7DGXrW2GIJq8XioIZb+jSe/Hzcz0tv9cUHmX/n1nhI+D64lYt+EKnq1+RX/vJzU4sTaKjveKBh88Qqnv6RQm+MZC//dIxcvnnAdl50qnHZyBCaFFEzSNI8I8vGyArMk8Ja72clBq3kMpUz/pLBP0qDrjblKDoWkU=,iv:ZW98hJy8A5t4Oxtu17R3tM7gou183VLbgBsHA8LFuJY=,tag:VMOvQz3X/XDylV1YFg2Jsg==,type:str]
|
postgres_exporter_knakelibrak_env: ENC[AES256_GCM,data:xjC7DGXrW2GIJq8XioIZb+jSe/Hzcz0tv9cUHmX/n1nhI+D64lYt+EKnq1+RX/vJzU4sTaKjveKBh88Qqnv6RQm+MZC//dIxcvnnAdl50qnHZyBCaFFEzSNI8I8vGyArMk8Ja72clBq3kMpUz/pLBP0qDrjblKDoWkU=,iv:ZW98hJy8A5t4Oxtu17R3tM7gou183VLbgBsHA8LFuJY=,tag:VMOvQz3X/XDylV1YFg2Jsg==,type:str]
|
||||||
sops:
|
sops:
|
||||||
age:
|
age:
|
||||||
- recipient: age1x28hmzvuv6f2n66c0jtqcca3h9rput8d7j5uek6jcpx8n9egd52sqpejq0
|
- recipient: age102e6y8gah0ntr6fxqnkpepc8ar29p6ls7ks9ka7v8w87q8scm9yqmc2u8d
|
||||||
enc: |
|
enc: |
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBIRm5XY3kydDJSRUYrcmRk
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAyTWRSM3IwMmxtTmZVcCsw
|
||||||
K21WUEZSSEpYOHFrVkFyOVJYYnRUSU1aYkV3CkVEUllvUm0wZjlmOFU0VSt3OStL
|
OUhlakxHZzgrSEhEdUZFTXE1anNjQ2wvdkZFCnB6S1l3TXQ3ZGFYWmtYM1cwMFZT
|
||||||
Tmdkc3JHRWplS3lnQWlkT3ROVkxkVUEKLS0tIFRJRkFEeE15Q3A1Z24wQzNlbUx1
|
V2UrTkk0Z1BVQ1U2N1hsaTc5NjFsVUEKLS0tIGZYV041M01DYndQWUNCVGxUVXZa
|
||||||
a2tmd21zSWUzbmw5NDdSRUVDcmVwbHcKn+DJ1PnlQApX8fwJoN9DtMqeKzoih6Hr
|
YlltQ3FBU3RBYUx4TnNPRk1SUWNqZG8KAJjc09x553ncaWduGLsnIHdroaOmMasP
|
||||||
sSh2z6rsTj1UmXocbBm1SduattqZFjvO5XGpp25mM9ZBlpcnVjB/hg==
|
/fq0GzW6UNfmE2rQ6qrQti21B37/sN0WMLCSPLUPG45kBgx20GG4hQ==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
- recipient: age1ug30gg4y7ftuya0wdv7q0vh4egn00wlv2th7mt7cgc2ze46wmvyq9lq6ge
|
- recipient: age1ug30gg4y7ftuya0wdv7q0vh4egn00wlv2th7mt7cgc2ze46wmvyq9lq6ge
|
||||||
enc: |
|
enc: |
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVaEdlWnJCdHVpM0ZHTlJj
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBTOWFvcFFzc1lmNVdmV3lX
|
||||||
WmNrQnIxYmxmWlJ4Z29WKytHd1plUURPSDBFCnBHU1MyMS9FNnRCMmJ6Ymd4UWcr
|
cVVLNHowcGdENzI5UUJLZTNSMHhjNlI2c0FnCmdwOS9oL1kwTnhwbXRodWxxWVE3
|
||||||
RGV6QmhrbDFObDM1MW1NdTdDU3ZIVU0KLS0tIEtBR01OOVdITExFcUN1dHEyaklD
|
TEtzVmMyN0lkdDBPNzhSR0J6SVhwM3MKLS0tIHhSOFA2TEdMdEd5TlpJb3h0N2xr
|
||||||
TVFnZXRva3FUZjcxYlRuQnpFTDhpZzQKxZM0ZB6dVwFr5QkT6YmEA+3RhhsX0pl4
|
eDVwd2dKMG9FRW1OY1pyUkhLeWw3b0EKtJpsQ/Ss39ZLiRNqUhn8sdB3hpQy7Syv
|
||||||
SolLZXFal1BluDERtZ2Clb5VzrcV3PUfFo8Yx6ncFjcisyFXUHVnYg==
|
ererqhMkqmDugGEHPk6KpZuj7DVSK1di7JgA2qZOUPzI7UpxjaC0Kg==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
- recipient: age1mrnldl334l2nszuta6ywvewng0fswv2dz9l5g4qcwe3nj4yxf92qjskdx6
|
- recipient: age1mrnldl334l2nszuta6ywvewng0fswv2dz9l5g4qcwe3nj4yxf92qjskdx6
|
||||||
enc: |
|
enc: |
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBvYmNZSTBrUzg5d3NPSHhM
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBOQU1iVXRkQmo4b3F1Vngz
|
||||||
Z2s4KzlVZldKVitmL3RFNHFiQnJlcmlCS3k0CkZ4YlBvbW1DTzEzRTZMUVBOWDNT
|
S0pkNkVFR1FUb1djdmI0eHh3V3BBTDJTSTJZClA0S0Z0cTdFRmRaOEZQdHQzdGZ3
|
||||||
SHQwcTBQL0NQbXA3WHVZcFhjZW5ZeE0KLS0tIHU2TVErZ0I0dGRuTGIzZkVoeDJC
|
SC9HRkF3eHQ3MHh6VUFiTW1MZmZoQ2sKLS0tIGlXcWtCczBuOXZBTE9IcVQ1aFJz
|
||||||
MHJkcXlGdFN2Y1p4Q08rT0phODlLOVEKhSEO8hUZ0d3SA1tFvXN2HuZR35SRzhUq
|
REdjRFZyY2pNdEd6cmgvQisyVDhLUEkKRItJ0CGbzlEB5RNAyem4feMVhTfcLef3
|
||||||
+J3eN/qUBu0LcuiBq+qbGYIAHggXy9ZSGCGfrNw35czzGpzfbK/fwQ==
|
QIqltZ2l4LLexnkECi3FCJZHxrbUa+/RF6p1DsueUw7LLUnOcphB9A==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
- recipient: age1hmpdk4h69wxpwqk9tkud39f66hprhehxtzhgw97r6dvr7v0mx5jscsuhkn
|
- recipient: age1hmpdk4h69wxpwqk9tkud39f66hprhehxtzhgw97r6dvr7v0mx5jscsuhkn
|
||||||
enc: |
|
enc: |
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBhdDBxd3J5MWZ0R1IwVWRw
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvZTBpaWM0c1hmODBaK0Iw
|
||||||
cklOOENFM2R4Q01JdFd2cDZCQ2pSTGNucmhrClgra0tCSGdqZExLbWNoaDZkSzJD
|
bmp1NzRacklXMHU0K2J2d0g5ajBiNlRNWGhRCm1DOWI0cm5BdTdlNmFzM2JVekNk
|
||||||
aDc3YXdOZi9jMDdwc1duTWdKbEdUVDgKLS0tIGxKbTYzRnAyRVlwbUxGS3JySFJS
|
U0VnQmJKMU9ZczZBN0o3czAxOXc4TkkKLS0tIDA1aFRsS3VHdmFtUDY3S25qK01p
|
||||||
VXNrSldhMDV4V2preEJ3ZDk5UlZ1YzgK8K2R4LETFFKpUZVdofJoE6eXw/tlz3+9
|
U0ZCT2toZ1ZMZ3E0bXRhSTQvNGFWNVkKhxfQDIDe2LQW7OMBJv0J267AW1wI32df
|
||||||
k0iXQX6zMj1uSDmenjztU04FIfRxzIur5xifd8hCJnWmxlOCFDqLag==
|
ZQxd657TEqzm7i19azrCS0jyRbfj2MYzEJAtTGiGZaNC9uKDFzBhKw==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
- recipient: age1wrssr4z4g6vl3fd3qme5cewchmmhm0j2xe6wf2meu4r6ycn37anse98mfs
|
- recipient: age1wrssr4z4g6vl3fd3qme5cewchmmhm0j2xe6wf2meu4r6ycn37anse98mfs
|
||||||
enc: |
|
enc: |
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBPc2dCdGNSeWo4RkovV1Vn
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBmRlJROHRKb21YUnlicmc1
|
||||||
ckRYYW1xZldjVDRuSjM4elQyRVFROWduL1QwCmNSVzk3aG90MHNWZWlzVDg5RE55
|
MlptQllEcXFhajNKS1krMDdUMWk5QWo4eVJBCndGSlhXS1Vaa2RSTllIcmF1ZVpl
|
||||||
L3JKODZlMDJudTZYNGVNQldaNEhPcjQKLS0tIE41dDYxWE84Wk9XbG9iMUhpMHBu
|
V28wUGpPVE04Q3VPdzFYdlNpdXBPWHMKLS0tIGJLNStURVJ2NkZKNHVURXh3SjBL
|
||||||
VlJZM1VMYkRkQXNlSVVoT3RYZXRaRU0KqqIjxe05oO67IUt/LMIYsUAaZw1qQFNv
|
TE41aFdjU0h0ekQ2Zjg4Z3VQVjFWcnMK6zjSalqeYjyc4NH6nOeghlhYJydrz4pM
|
||||||
mmVu5GvHdpSrp3PttxlZC7OiP84Jzj7zM/idj0wBIeVCWedWO59aKQ==
|
N5ZcXjRbrIVFdhbYnvQGKvGKZm0kK6vjzBjdT7BM6ctr8cq/qrz1xQ==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
- recipient: age1zhxul786an743u0fascv4wtc5xduu7qfy803lfs539yzhgmlq5ds2lznt5
|
- recipient: age1zhxul786an743u0fascv4wtc5xduu7qfy803lfs539yzhgmlq5ds2lznt5
|
||||||
enc: |
|
enc: |
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBHL3RId3Q4SGJkYjM5STJu
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBIRXpBa2tYc2xEeldub0VK
|
||||||
ZU9BbkgxaXdva3g5ek1hZUF5YWcvZHI5c0VRClhLazhueTRLU2N0T2c2REllT0R1
|
bkFwOFdlUGRZM0FVT0tyUW1RWnl0TjRUTUh3CnZlMC92MU1hRW1yZU1NSUdoUEZh
|
||||||
LzFrdDdiVVhLQ3BPdkwvVTg1RjdscG8KLS0tIHRYTmg4NFF2c2FpVHphUFdqWmhH
|
YmhHN3pjd0lhOXk3KzFqRVhaU2IvWFUKLS0tIGxVRGNmZmd1QS9sc0NMVFZMNGVB
|
||||||
TFNhSDNUMEo0Z05mbmlwRUs5VHhUWHMKJUCyLDJx2voDttv4UrpFKYyNz+HhtyFj
|
aXFQWlNVQ2laVm1ETStRemNZRXc3TUEKlPYSU3gp67dsPfbEJkru4ieMvspC7+pu
|
||||||
X3OrNbmJQYuNpq4hzQs7jN5UD/4YCtFi9mb5pmFr8MTHLb6UsZN++A==
|
rfp315HLyj1FGhrA8f2qOxE/PYI2rn0yKm80KffWBV7ylX/uonm4Fg==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
- recipient: age1sqs7urnzsdy64efmd0zukzv3gs5pnjksuxd7nqmdwdy5l0nqnunq6hyune
|
- recipient: age1sqs7urnzsdy64efmd0zukzv3gs5pnjksuxd7nqmdwdy5l0nqnunq6hyune
|
||||||
enc: |
|
enc: |
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKNzZ4Y2U2NXpXWHA3Y3Zw
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBsaTEzOFBEeG9LVThSVmQ5
|
||||||
S1BKbTNXaGxRaE55QkZNSFV6b3VURFBXWlEwCmpJUjM3VVJRc0dwdjFLOGdQQTlz
|
VXBoaFpueFRCbFJ1akE4RWc1aE1HUmVGcXdZCjFnbU0wd2drazNsTmNBMHNuOFhO
|
||||||
a0hVUC9tSXNDQ3NyTnlnVlNNalFOZmcKLS0tIFNXYThsRHd2eUQyOGtVT1RLaTdR
|
b21MZmNPSVNDU2RycEtXTys1V3BVVVEKLS0tIG5oc0VoTXlzeVh3b2NjcFl6WE9U
|
||||||
RmlST2JZS2gwbDBpZ2xMblpWNzB5ZWcKTkKF9aonrBMolxqcj9a5d9JLoCj229KU
|
dC9meDZlc3d3aUJEVjc4REF0Y1BLcGcK79LbJzc5KVgEgyJR11crGuX8YcVoJBbT
|
||||||
It2KjhlzBcgcJUIiIPWMoV9VbEpKkTsCLkWxFSLle++ryOUYh3kgaA==
|
Fin7Zoon06L7qx0Zw5u27wV7RKMnYT7hOMiWs6660ZTLcYJ5M1aEZQ==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
lastmodified: "2025-03-16T20:08:18Z"
|
lastmodified: "2025-03-16T20:08:18Z"
|
||||||
mac: ENC[AES256_GCM,data:C2tpWppc13jKJq5d4nmAKQOaNWHm27TKwxAxm1fi2lejN1lqUaoz5bHfTBA7MfaWvuP5uZnfbtG32eeu48mnlWpo58XRUFFecAhb9JUpW9s5IR3/nbzLNkGU7H5C0oWPrxI4thd+bAVduIgBjjFyGj1pe6J9db3c0yUWRwNlwGU=,iv:YpoQ4psiFYOWLGipxv1QvRvr034XFsyn2Bhyy39HmOo=,tag:ByiCWygFC/VokVTbdLoLgg==,type:str]
|
mac: ENC[AES256_GCM,data:C2tpWppc13jKJq5d4nmAKQOaNWHm27TKwxAxm1fi2lejN1lqUaoz5bHfTBA7MfaWvuP5uZnfbtG32eeu48mnlWpo58XRUFFecAhb9JUpW9s5IR3/nbzLNkGU7H5C0oWPrxI4thd+bAVduIgBjjFyGj1pe6J9db3c0yUWRwNlwGU=,iv:YpoQ4psiFYOWLGipxv1QvRvr034XFsyn2Bhyy39HmOo=,tag:ByiCWygFC/VokVTbdLoLgg==,type:str]
|
||||||
pgp:
|
pgp:
|
||||||
- created_at: "2026-01-16T06:34:50Z"
|
- created_at: "2026-05-20T17:35:58Z"
|
||||||
enc: |-
|
enc: |-
|
||||||
-----BEGIN PGP MESSAGE-----
|
-----BEGIN PGP MESSAGE-----
|
||||||
|
|
||||||
hQIMA0av/duuklWYARAAgrn0irD12kqDfIEvpLpa0Ys/hMG9GwCMeU186iFfJ193
|
hQIMA0av/duuklWYAQ/+ONarLX0spY0m0iLGEp4Qe9YcfKrf4G0QLbiYMW8Bko7M
|
||||||
72UVEzx2GwIfSt0qQlpBFZtueL9Bb7ka81IrqhAepq8J5//WxEGvv6H9aIm8V7ov
|
iV5PSn4MeDlu5vIkNy1vbYqN2kCQZJDNtirtVqggoq+h/lEvXlkgmkJXeMnnVugy
|
||||||
ZkS4eZpFksu0ZRFP5HWQvEQwRKj8WxYQY/TS/5QGNSPeHOZYnpQcBhAVLjn9Uj/O
|
xJZCG1SnGnx9BD/tWaFZp4IY9m8sQtEqcpQIvitQTCgovdWPb7NddlDaHbn4R95t
|
||||||
6ojnIVoKxDdo235fuDQdiLwCpPXsKi2OQuSFOwq7Acg/fm1pvc76h9dqr5DqrspZ
|
SeTZxnxT2MCYiGHyESMrdy8JEFER81O4XIGuccBV4GyoDcEAxDD7PXf7Y5YlwUQk
|
||||||
c3stdbYwVOedgYjRrdSYpkplGSqNeVtYYJ3apdauMSRNaKmgMwbkxkzXO9YrWASa
|
/sQ3awgsy1WJF4YzQ4zCvK8dO4meiD6asEijQEXNTyrXrkkIX6pS14l9HLzg8HLT
|
||||||
beYilvhNgr0rnQB617IhgBZrgik9CvqrqGZqim0fWI+s4bcbgfvK8UORt4+QgJjO
|
ZLelRyCYeIGEPyEJtbBKxMEu28SAmCMESCdLImqz3RnT0Z6QV1Z+DqAPck3aij2v
|
||||||
FPqAtVE6sNGzElKQ6ZZPWZoXeK7vfIfxwxU+oLcijAnUmLy88zqIUjUZKzmyhDZa
|
VCeJZgK7tmjuusThzi0ymSb0tC14JS7eK/BNGIvVK/41TlzI0qBeA1yYf8Fdtsqt
|
||||||
YAAwxBL1nh+UzIbn4GGeVbYHLbKJ6XnznF7zfTWph6GbeFfdWuaSwxmnGjE6n1y2
|
7OGfCR7aUdBn7yweGuo9L9eHRFiJvoB9tNiPnw7rdr/SrptL0ovsML7m1nvg6mO1
|
||||||
ye3GQaW2aeq7RKoqyLJO3oIHyGHZXFe4pB4adz60uKNPJz47/gtA5OofNs0qbxqQ
|
os1JCL5E6u7d6cGbqaTmjwKLhvNuI1keJoVGtlOYt95tfEAwWeuG2ML6wJ6u6oJ4
|
||||||
Dp5fmrvZZtDa/TYIV9o1bSp7cYk49TGKHPbX7tLjEIIfRxd4y6rYgwNpPdukjZsk
|
WAw/g5Tqb4jeLpcgw8iclhK5JzAL9Uz3G95VXkS6CcTrOfQfvIJHxs5JtsxFC98l
|
||||||
bbdxypWrJkMx+9xk84DGo3e+RY738JgLjc0ylDO+pIzThUruBOcDjUKeGNmVQYnS
|
xMgnMY4SNQ6sHAHZ+6Wku8X+lnZ0uKZkYlRqpH95/VTp+I6QpuqydIOeZ+ILn+jS
|
||||||
XAGofG3JSI97wFdYOB+4yoYPqs5rovgPbkGGuT5SBIxH5zVv3X+SE4wCGu3CLFC4
|
XAHa6CahC07yA93g8kgTeMhI3ezqOQD0gYnY3QROX5kKVD/bNu3JwNTprO5b/kRK
|
||||||
A4cdwXmuERPxszVZW+V8CSGq9XnH/OzrpiWVhzqXCRH03F2BmnAx9Fp/zMTH
|
2Ehg8D0wdaJ9OM+pShGyf6CK5wVBvSq2VQHKxjEIifi62RYtUvnf+sx/ob9h
|
||||||
=DooK
|
=9nB8
|
||||||
-----END PGP MESSAGE-----
|
-----END PGP MESSAGE-----
|
||||||
fp: F7D37890228A907440E1FD4846B9228E814A2AAC
|
fp: F7D37890228A907440E1FD4846B9228E814A2AAC
|
||||||
unencrypted_suffix: _unencrypted
|
unencrypted_suffix: _unencrypted
|
||||||
|
|||||||
@@ -176,26 +176,6 @@ in {
|
|||||||
interfaces.ens18.network = "pvv";
|
interfaces.ens18.network = "pvv";
|
||||||
};
|
};
|
||||||
|
|
||||||
nodes.ustetind = {
|
|
||||||
guestType = "proxmox LXC";
|
|
||||||
parent = config.nodes.powerpuff-cluster.id;
|
|
||||||
|
|
||||||
# TODO: the interface name is likely wrong
|
|
||||||
# interfaceGroups = [ [ "eth0" ] ];
|
|
||||||
interfaces.eth0 = {
|
|
||||||
network = "pvv";
|
|
||||||
# mac = "";
|
|
||||||
addresses = [
|
|
||||||
"129.241.210.234"
|
|
||||||
"2001:700:300:1900::234"
|
|
||||||
];
|
|
||||||
gateways = [
|
|
||||||
values.hosts.gateway
|
|
||||||
values.hosts.gateway6
|
|
||||||
];
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
### PVV
|
### PVV
|
||||||
|
|
||||||
nodes.ntnu-veggen = mkRouter "NTNU-Veggen" {
|
nodes.ntnu-veggen = mkRouter "NTNU-Veggen" {
|
||||||
|
|||||||
+11
-15
@@ -37,10 +37,10 @@ in rec {
|
|||||||
ipv6 = pvv-ipv6 168;
|
ipv6 = pvv-ipv6 168;
|
||||||
};
|
};
|
||||||
ildkule = {
|
ildkule = {
|
||||||
ipv4 = "129.241.153.213";
|
ipv4 = "129.241.100.145";
|
||||||
ipv4_internal = "192.168.12.209";
|
ipv4_internal = "192.168.1.17";
|
||||||
ipv4_internal_gw = "192.168.12.1";
|
ipv4_internal_gw = "192.168.1.1";
|
||||||
ipv6 = "2001:700:300:6026:f816:3eff:fe58:f1e8";
|
ipv6 = "2001:700:305:8a0f:f816:3eff:fef5:e400";
|
||||||
};
|
};
|
||||||
bicep = {
|
bicep = {
|
||||||
ipv4 = pvv-ipv4 209;
|
ipv4 = pvv-ipv4 209;
|
||||||
@@ -73,10 +73,6 @@ in rec {
|
|||||||
ipv4 = pvv-ipv4 233;
|
ipv4 = pvv-ipv4 233;
|
||||||
ipv6 = pvv-ipv6 "4:233";
|
ipv6 = pvv-ipv6 "4:233";
|
||||||
};
|
};
|
||||||
ustetind = {
|
|
||||||
ipv4 = pvv-ipv4 234;
|
|
||||||
ipv6 = pvv-ipv6 234;
|
|
||||||
};
|
|
||||||
skrot = {
|
skrot = {
|
||||||
ipv4 = pvv-ipv4 237;
|
ipv4 = pvv-ipv4 237;
|
||||||
ipv6 = pvv-ipv6 237;
|
ipv6 = pvv-ipv6 237;
|
||||||
@@ -86,10 +82,10 @@ in rec {
|
|||||||
ipv6 = pvv-ipv6 167;
|
ipv6 = pvv-ipv6 167;
|
||||||
};
|
};
|
||||||
gluttony = {
|
gluttony = {
|
||||||
ipv4 = "129.241.100.118";
|
ipv4 = "129.241.100.37";
|
||||||
ipv4_internal = "192.168.20.77";
|
ipv4_internal = "192.168.1.219";
|
||||||
ipv4_internal_gw = "192.168.20.1";
|
ipv4_internal_gw = "192.168.1.1";
|
||||||
ipv6 = "2001:700:305:aa07::3b3";
|
ipv6 = "2001:700:305:8a0f:f816:3eff:fe9b:7a46";
|
||||||
};
|
};
|
||||||
wenche = {
|
wenche = {
|
||||||
ipv4 = pvv-ipv4 240;
|
ipv4 = pvv-ipv4 240;
|
||||||
@@ -118,9 +114,9 @@ in rec {
|
|||||||
};
|
};
|
||||||
|
|
||||||
defaultNetworkConfig = {
|
defaultNetworkConfig = {
|
||||||
dns = [ "129.241.0.200" "129.241.0.201" "2001:700:300:1900::200" "2001:700:300:1900::201" ];
|
dns = ["129.241.0.200" "129.241.0.201" "2001:700:300:1900::200" "2001:700:300:1900::201"];
|
||||||
domains = [ "pvv.ntnu.no" "pvv.org" ];
|
domains = ["pvv.ntnu.no" "pvv.org"];
|
||||||
gateway = [ hosts.gateway hosts.gateway6 ];
|
gateway = [hosts.gateway hosts.gateway6];
|
||||||
|
|
||||||
networkConfig.IPv6AcceptRA = "no";
|
networkConfig.IPv6AcceptRA = "no";
|
||||||
DHCP = "no";
|
DHCP = "no";
|
||||||
|
|||||||
Reference in New Issue
Block a user