bakke: add shading

bakke: rest of the owl
bakke: uninit
2026-05-02 12:43:17 +02:00 · 2026-04-29 15:16:24 +02:00 · 2026-04-29 15:16:19 +02:00 · 2026-04-19 19:01:27 +02:00
17 changed files with 64 additions and 500 deletions
--- a/.gitea/workflows/build-topology-graph.yml
+++ b/.gitea/workflows/build-topology-graph.yml
@@ -7,19 +7,15 @@ jobs:
  evals:
    runs-on: debian-latest
    steps:
-    - name: Install sudo
-      run: apt-get install --update --assume-yes sudo
-
    - uses: actions/checkout@v6

+    - name: Install sudo
+      run: apt-get update && apt-get -y install sudo
+
    - uses: https://github.com/cachix/install-nix-action@v31
-      with:
-        extra_nix_config: |
-          show-trace = true
-          max-jobs = auto
-          trusted-users = root
-          experimental-features = nix-command flakes
-          build-users-group =
+
+    - name: Configure Nix
+      run: echo -e "show-trace = true\nmax-jobs = auto\ntrusted-users = root\nexperimental-features = nix-command flakes\nbuild-users-group =" > /etc/nix/nix.conf

    - name: Build topology graph
      run: nix build .#topology -L
--- a/.gitea/workflows/eval.yml
+++ b/.gitea/workflows/eval.yml
@@ -6,18 +6,8 @@ jobs:
  evals:
    runs-on: debian-latest
    steps:
-    - name: Install sudo
-      run: apt-get install --update --assume-yes sudo
-
    - uses: actions/checkout@v6
-
+    - run: apt-get update && apt-get -y install sudo
    - uses: https://github.com/cachix/install-nix-action@v31
-      with:
-        extra_nix_config: |
-          show-trace = true
-          max-jobs = auto
-          trusted-users = root
-          experimental-features = nix-command flakes
-          build-users-group =
-
+    - run: echo -e "show-trace = true\nmax-jobs = auto\ntrusted-users = root\nexperimental-features = nix-command flakes\nbuild-users-group =" > /etc/nix/nix.conf
    - run: nix flake check
--- a/flake.lock
+++ b/flake.lock
@@ -2,11 +2,11 @@
  "nodes": {
    "crane": {
      "locked": {
-        "lastModified": 1776635034,
-        "narHash": "sha256-OEOJrT3ZfwbChzODfIH4GzlNTtOFuZFWPtW7jIeR8xU=",
+        "lastModified": 1770419512,
+        "narHash": "sha256-o8Vcdz6B6bkiGUYkZqFwH3Pv1JwZyXht3dMtS7RchIo=",
        "owner": "ipetkov",
        "repo": "crane",
-        "rev": "dc7496d8ea6e526b1254b55d09b966e94673750f",
+        "rev": "2510f2cbc3ccd237f700bb213756a8f35c32d8d7",
        "type": "github"
      },
      "original": {
@@ -78,15 +78,15 @@
    "gergle": {
      "inputs": {
        "nixpkgs": [
-          "nixpkgs-unstable"
+          "nixpkgs"
        ]
      },
      "locked": {
-        "lastModified": 1777067150,
-        "narHash": "sha256-vqPz8jCS1zTQlvmgctUFpvnr6f9ISR5h7CPG/HgQvf0=",
+        "lastModified": 1770617355,
+        "narHash": "sha256-lauV1yKA67WxnlbiJiwhOT9xI8nTiUqqrrRlgA+rMis=",
        "ref": "main",
-        "rev": "b452a854fb78d6df9fe062b45e23a968657d115d",
-        "revCount": 35,
+        "rev": "36af0316a7370d19db05ef7c0a87e826f4a222d5",
+        "revCount": 24,
        "type": "git",
        "url": "https://git.pvv.ntnu.no/Grzegorz/gergle.git"
      },
@@ -99,16 +99,16 @@
    "greg-ng": {
      "inputs": {
        "nixpkgs": [
-          "nixpkgs-unstable"
+          "nixpkgs"
        ],
        "rust-overlay": "rust-overlay"
      },
      "locked": {
-        "lastModified": 1777019032,
-        "narHash": "sha256-29lw7THThWb5DW01rVRj1b816Apwz/P4m2wVWaSIadU=",
+        "lastModified": 1770617867,
+        "narHash": "sha256-xPLm4C13KUl0zmm1OA+A8UwDSixwtNQ/caRx/WjN+WY=",
        "ref": "main",
-        "rev": "55262afca46c96f75a834d4e00e30d5fb20affb6",
-        "revCount": 61,
+        "rev": "155752914d81a3a3c02fcfc5d840cfdfda07216d",
+        "revCount": 62,
        "type": "git",
        "url": "https://git.pvv.ntnu.no/Grzegorz/greg-ng.git"
      },
@@ -276,11 +276,11 @@
    },
    "nixpkgs-unstable": {
      "locked": {
-        "lastModified": 1777014002,
-        "narHash": "sha256-urhq48kYlNYbkGXQ/f3NjzJTGfMdG8GmJQbgFLcrcV0=",
-        "rev": "15ebe06759175c2e98dba23c0b125913589094e7",
+        "lastModified": 1775064351,
+        "narHash": "sha256-KHkwW/A1+H23YBMQGDmPb8cw5LwZFnszVKg5eZ4JWhg=",
+        "rev": "1e6f1bb5bb05d14aea16063ab587c599a68241c2",
        "type": "tarball",
-        "url": "https://releases.nixos.org/nixos/unstable-small/nixos-26.05pre986338.15ebe0675917/nixexprs.tar.xz"
+        "url": "https://releases.nixos.org/nixos/unstable-small/nixos-26.05pre973082.1e6f1bb5bb05/nixexprs.tar.xz"
      },
      "original": {
        "type": "tarball",
@@ -380,11 +380,11 @@
        "rust-overlay": "rust-overlay_3"
      },
      "locked": {
-        "lastModified": 1777418851,
-        "narHash": "sha256-M6LntO3jkxwgcKkaa9de1Vqu+LsV12Yz8Bv3/9/k018=",
+        "lastModified": 1770912859,
+        "narHash": "sha256-wtf7YgthGVDY7dhWe8cO42+CD7Y2Pkngvzirwjwvfzg=",
        "ref": "main",
-        "rev": "16b2bc5c2759e20ecb952374509f1e1f9d6c06e7",
-        "revCount": 83,
+        "rev": "9361dcf941fabb14e94f472754b0e0a26cc56e13",
+        "revCount": 59,
        "type": "git",
        "url": "https://git.pvv.ntnu.no/Projects/roowho2.git"
      },
@@ -402,11 +402,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1777000482,
-        "narHash": "sha256-CZ5FKUSA8FCJf0h9GWdPJXoVVDL9H5yC74GkVc5ubIM=",
+        "lastModified": 1770606655,
+        "narHash": "sha256-rpJf+kxvLWv32ivcgu8d+JeJooog3boJCT8J3joJvvM=",
        "owner": "oxalica",
        "repo": "rust-overlay",
-        "rev": "403c09094a877e6c4816462d00b1a56ff8198e06",
+        "rev": "11a396520bf911e4ed01e78e11633d3fc63b350e",
        "type": "github"
      },
      "original": {
@@ -444,11 +444,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1776914043,
-        "narHash": "sha256-qug5r56yW1qOsjSI99l3Jm15JNT9CvS2otkXNRNtrPI=",
+        "lastModified": 1769309768,
+        "narHash": "sha256-AbOIlNO+JoqRJkK1VrnDXhxuX6CrdtIu2hSuy4pxi3g=",
        "owner": "oxalica",
        "repo": "rust-overlay",
-        "rev": "2d35c4358d7de3a0e606a6e8b27925d981c01cc3",
+        "rev": "140c9dc582cb73ada2d63a2180524fcaa744fad5",
        "type": "github"
      },
      "original": {
--- a/flake.nix
+++ b/flake.nix
@@ -36,9 +36,9 @@
    roowho2.inputs.nixpkgs.follows = "nixpkgs";

    greg-ng.url = "git+https://git.pvv.ntnu.no/Grzegorz/greg-ng.git?ref=main";
-    greg-ng.inputs.nixpkgs.follows = "nixpkgs-unstable";
+    greg-ng.inputs.nixpkgs.follows = "nixpkgs";
    gergle.url = "git+https://git.pvv.ntnu.no/Grzegorz/gergle.git?ref=main";
-    gergle.inputs.nixpkgs.follows = "nixpkgs-unstable";
+    gergle.inputs.nixpkgs.follows = "nixpkgs";
    grzegorz-clients.url = "git+https://git.pvv.ntnu.no/Grzegorz/grzegorz-clients.git?ref=master";
    grzegorz-clients.inputs.nixpkgs.follows = "nixpkgs";

@@ -147,11 +147,6 @@
      stableNixosConfig = name: extraArgs:
          nixosConfig nixpkgs name ./hosts/${name}/configuration.nix extraArgs;
    in {
-      bakke = stableNixosConfig "bakke" {
-        modules = [
-          inputs.disko.nixosModules.disko
-        ];
-      };
      bicep = stableNixosConfig "bicep" {
        modules = [
          inputs.matrix-next.nixosModules.default
--- a/hosts/bakke/configuration.nix
+++ b/hosts/bakke/configuration.nix
@@ -1,18 +0,0 @@
-{ config, pkgs, values, ... }:
-{
-  imports = [
-      ./hardware-configuration.nix
-      ../../base
-      ./filesystems.nix
-    ];
-
-  networking.hostId = "99609ffc";
-  systemd.network.networks."30-enp2s0" = values.defaultNetworkConfig // {
-    matchConfig.Name = "enp2s0";
-    address = with values.hosts.bakke; [ (ipv4 + "/25") (ipv6 + "/64") ];
-  };
-
-  # Don't change (even during upgrades) unless you know what you are doing.
-  # See https://search.nixos.org/options?show=system.stateVersion
-  system.stateVersion = "24.05";
-}
--- a/hosts/bakke/disks.nix
+++ b/hosts/bakke/disks.nix
@@ -1,83 +0,0 @@
-{
-  # https://github.com/nix-community/disko/blob/master/example/boot-raid1.nix
-  # Note: Disko was used to create the initial md raid, but is no longer in active use on this host.
-  disko.devices = {
-    disk = {
-      one = {
-        type = "disk";
-        device = "/dev/disk/by-id/ata-WDC_WD40EFRX-68WT0N0_WD-WCC4E2EER6N6";
-        content = {
-          type = "gpt";
-          partitions = {
-            ESP = {
-              size = "500M";
-              type = "EF00";
-              content = {
-                type = "mdraid";
-                name = "boot";
-              };
-            };
-            mdadm = {
-              size = "100%";
-              content = {
-                type = "mdraid";
-                name = "raid1";
-              };
-            };
-          };
-        };
-      };
-      two = {
-        type = "disk";
-        device = "/dev/disk/by-id/ata-WDC_WD40EFRX-68WT0N0_WD-WCC4E7LPLU71";
-        content = {
-          type = "gpt";
-          partitions = {
-            ESP = {
-              size = "500M";
-              type = "EF00";
-              content = {
-                type = "mdraid";
-                name = "boot";
-              };
-            };
-            mdadm = {
-              size = "100%";
-              content = {
-                type = "mdraid";
-                name = "raid1";
-              };
-            };
-          };
-        };
-      };
-    };
-    mdadm = {
-      boot = {
-        type = "mdadm";
-        level = 1;
-        metadata = "1.0";
-        content = {
-          type = "filesystem";
-          format = "vfat";
-          mountpoint = "/boot";
-        };
-      };
-      raid1 = {
-        type = "mdadm";
-        level = 1;
-        content = {
-          type = "gpt";
-          partitions.primary = {
-            size = "100%";
-            content = {
-              type = "filesystem";
-              format = "ext4";
-              mountpoint = "/";
-            };
-          };
-        };
-      };
-    };
-  };
-}
--- a/hosts/bakke/filesystems.nix
+++ b/hosts/bakke/filesystems.nix
@@ -1,26 +0,0 @@
-{ pkgs,... }:
-{
-  # Boot drives:
-  boot.swraid.enable = true;
-
-  # ZFS Data pool:
-  boot = {
-    zfs = {
-      extraPools = [ "tank" ];
-      requestEncryptionCredentials = false;
-    };
-    supportedFilesystems.zfs = true;
-    # Use stable linux packages, these work with zfs
-    kernelPackages = pkgs.linuxPackages;
-  };
-  services.zfs.autoScrub = {
-    enable = true;
-    interval = "Wed *-*-8..14 00:00:00";
-  };
-
-  # NFS Exports:
-  #TODO
-
-  # NFS Import mounts:
-  #TODO
-}
--- a/hosts/bakke/hardware-configuration.nix
+++ b/hosts/bakke/hardware-configuration.nix
@@ -1,52 +0,0 @@
-# Do not modify this file!  It was generated by 'nixos-generate-config'
-# and may be overwritten by future invocations.  Please make changes
-# to /etc/nixos/configuration.nix instead.
-{ config, lib, pkgs, modulesPath, ... }:
-
-{
-  imports =
-    [ (modulesPath + "/installer/scan/not-detected.nix")
-    ];
-
-  boot.initrd.availableKernelModules = [ "ehci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ];
-  boot.initrd.kernelModules = [ ];
-  boot.kernelModules = [ "kvm-intel" ];
-  boot.extraModulePackages = [ ];
-
-  fileSystems."/" =
-    { device = "/dev/disk/by-uuid/0f63c3d2-fc12-4ed5-a5a5-141bfd67a571";
-      fsType = "btrfs";
-      options = [ "subvol=root" ];
-    };
-
-  fileSystems."/home" =
-    { device = "/dev/disk/by-uuid/0f63c3d2-fc12-4ed5-a5a5-141bfd67a571";
-      fsType = "btrfs";
-      options = [ "subvol=home" ];
-    };
-
-  fileSystems."/nix" =
-    { device = "/dev/disk/by-uuid/0f63c3d2-fc12-4ed5-a5a5-141bfd67a571";
-      fsType = "btrfs";
-      options = [ "subvol=nix" "noatime" ];
-    };
-
-  fileSystems."/boot" =
-    { device = "/dev/sdc2";
-      fsType = "vfat";
-      options = [ "fmask=0022" "dmask=0022" ];
-    };
-
-  swapDevices = [ ];
-
-  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
-  # (the default) this is the recommended approach. When using systemd-networkd it's
-  # still possible to use this option, but it's recommended to use it in conjunction
-  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
-  networking.useDHCP = lib.mkDefault false;
-  # networking.interfaces.eno1.useDHCP = lib.mkDefault true;
-  # networking.interfaces.enp2s0.useDHCP = lib.mkDefault true;
-
-  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
-  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
-}
--- a/hosts/bicep/configuration.nix
+++ b/hosts/bicep/configuration.nix
@@ -7,7 +7,6 @@
    ./services/nginx

    ./services/calendar-bot.nix
-    ./services/garage.nix
    #./services/git-mirrors
    ./services/minecraft-heatmap.nix
    ./services/mysql
--- a/hosts/bicep/services/garage.nix
+++ b/hosts/bicep/services/garage.nix
@@ -1,143 +0,0 @@
-{ config, lib, pkgs, ... }:
-let
-  cfg = config.services.garage;
-in
-{
-  sops.secrets = lib.mkIf cfg.enable {
-    "garage/rpc-secret" = {
-      owner = "garage";
-      group = "garage";
-      restartUnits = [ "garage.service" ];
-    };
-    "garage/admin-token" = {
-      owner = "garage";
-      group = "garage";
-      restartUnits = [ "garage.service" ];
-    };
-    "garage/metrics-token" = {
-      owner = "garage";
-      group = "garage";
-      restartUnits = [ "garage.service" ];
-    };
-  };
-
-  services.garage = {
-    enable = true;
-    package = pkgs.garage_2;
-    settings = {
-      data_dir = [
-        {
-          capacity = "50G";
-          path = "/var/lib/garage/data";
-        }
-      ];
-      metadata_dir = "/var/lib/garage/meta";
-      db_engine = "lmdb";
-      replication_factor = 1;
-
-      rpc_bind_addr = "[::]:3901";
-      rpc_secret_file = config.sops.secrets."garage/rpc-secret".path;
-
-      s3_api = {
-        s3_region = "eu-central";
-        api_bind_addr = "[::]:3900";
-        root_domain = ".garage.pvv.ntnu.no";
-      };
-
-      # s3_web = {
-      #   bind_addr = "[::]:3902";
-      #   root_domain = ".garage-web.pvv.ntnu.no";
-      #   index = "index.html";
-      # };
-
-      admin = {
-      #   api_bind_addr = "[::]:3903";
-        admin_token_file = config.sops.secrets."garage/admin-token".path;
-        metrics_token_file = config.sops.secrets."garage/metrics-token".path;
-      };
-    };
-  };
-
-  users = lib.mkIf cfg.enable {
-    users.garage = {
-      isSystemUser = true;
-      group = "garage";
-    };
-    groups.garage = { };
-  };
-
-  systemd.tmpfiles.settings."10-garage" = lib.mkIf cfg.enable {
-    "/data/garage/data".d = {
-      user = "garage";
-      group = "garage";
-      mode = "0770";
-    };
-    "/data/garage/meta".d = {
-      user = "garage";
-      group = "garage";
-      mode = "0770";
-    };
-  };
-
-  systemd.services.garage = lib.mkIf cfg.enable {
-    serviceConfig = {
-      DynamicUser = false;
-      User = "garage";
-      Group = "garage";
-
-      BindReadWritePaths = [
-        "/data/garage/data:/var/lib/garage/data"
-        "/data/garage/meta:/var/lib/garage/meta"
-      ];
-
-      LoadCredential = [
-        "rpc_secret_path:${config.sops.secrets."garage/rpc-secret".path}"
-        "admin_token_path:${config.sops.secrets."garage/admin-token".path}"
-        "metrics_token_path:${config.sops.secrets."garage/metrics-token".path}"
-      ];
-
-      Environment = [
-        "GARAGE_ALLOW_WORLD_READABLE_SECRETS=true"
-        "GARAGE_RPC_SECRET_FILE=%d/rpc_secret_path"
-        "GARAGE_ADMIN_TOKEN_FILE=%d/admin_token_path"
-        "GARAGE_METRICS_TOKEN_FILE=%d/metrics_token_path"
-      ];
-    };
-  };
-
-  services.nginx = lib.mkIf cfg.enable {
-    upstreams.s3_backend.servers = {
-      "[::1]:3900" = { };
-    };
-    # upstreams.web_backend.servers = {
-    #   "[::1]:3902" = { };
-    # };
-
-    virtualHosts."garage.pvv.ntnu.no" = {
-      serverAliases = [ "*.garage.pvv.ntnu.no" ];
-
-      enableACME = true;
-      # useACMEHost = "garage.pvv.ntnu.no";
-      forceSSL = true;
-
-      locations."/" = {
-        proxyPass = "http://s3_backend";
-        extraConfig = ''
-          client_max_body_size 64m;
-          proxy_max_temp_file_size 0;
-        '';
-      };
-    };
-
-    # virtualHosts."garage-web.pvv.ntnu.no" = {
-    #   serverAliases = [ "*.garage-web.pvv.ntnu.no" ];
-
-    #   useACMEHost = "garage-web.pvv.ntnu.no";
-    #   forceSSL = true;
-
-    #   locations."/" = {
-    #     proxyPass = "http://web_backend";
-    #   };
-    # };
-  };
-}
--- a/hosts/lupine/services/gitea-runner.nix
+++ b/hosts/lupine/services/gitea-runner.nix
@@ -39,22 +39,17 @@
        "debian-bullseye-slim:docker://node:current-bullseye-slim"

        "alpine-latest:docker://node:current-alpine"
-        "alpine-3.23:docker://node:current-alpine3.23"
        "alpine-3.22:docker://node:current-alpine3.22"
        "alpine-3.21:docker://node:current-alpine3.21"

        # See https://gitea.com/gitea/runner-images
        "ubuntu-latest:docker://docker.gitea.com/runner-images:ubuntu-latest"
-        "ubuntu-26.04:docker://docker.gitea.com/runner-images:ubuntu-26.04"
-        "ubuntu-resolute:docker://docker.gitea.com/runner-images:ubuntu-26.04"
        "ubuntu-24.04:docker://docker.gitea.com/runner-images:ubuntu-24.04"
        "ubuntu-noble:docker://docker.gitea.com/runner-images:ubuntu-24.04"
        "ubuntu-22.04:docker://docker.gitea.com/runner-images:ubuntu-22.04"
        "ubuntu-jammy:docker://docker.gitea.com/runner-images:ubuntu-22.04"

        "ubuntu-latest-slim:docker://docker.gitea.com/runner-images:ubuntu-latest-slim"
-        "ubuntu-26.04-slim:docker://docker.gitea.com/runner-images:ubuntu-26.04-slim"
-        "ubuntu-resolute-slim:docker://docker.gitea.com/runner-images:ubuntu-26.04-slim"
        "ubuntu-24.04-slim:docker://docker.gitea.com/runner-images:ubuntu-24.04-slim"
        "ubuntu-noble-slim:docker://docker.gitea.com/runner-images:ubuntu-24.04-slim"
        "ubuntu-22.04-slim:docker://docker.gitea.com/runner-images:ubuntu-22.04-slim"
--- a/secrets/bakke/bakke.yaml
+++ b/secrets/bakke/bakke.yaml
@@ -1,99 +0,0 @@
-hello: ENC[AES256_GCM,data:+GWORSIf9TxmJLw1ytZwPbve2yz5H9ewVE5sOpQzkrRpct6Wes+vTE19Ij8W1g==,iv:C/WhXNBBM/bidC9xynZzk34nYXF3mUjAd4nPXpUlYHs=,tag:OJXSwuI8aNDnHFFTkwyGBQ==,type:str]
-example_key: ENC[AES256_GCM,data:ojSsrFYo5YD0YtiqcA==,iv:nvNtG6c0OqnQovzWQLMjcn9vbQ4PPYSv2B43Y8z0h5s=,tag:+h7YUNRA2MTvwGJq1VZW8g==,type:str]
-#ENC[AES256_GCM,data:6EvhlBtrl5wqyf6UAGwY8Q==,iv:fzLUjBzyuT17FcP8jlmLrsKW46pu6/lAvAVLHBxje6k=,tag:n+qR1NUqa91uFRIpALKlmw==,type:comment]
-example_array:
-    - ENC[AES256_GCM,data:A38KXABxJzMoKitKpHo=,iv:OlRap3R//9tvKdPLz7uP+lvBa/fD0W8xFzdxIKKFi4E=,tag:QKizPN1fYOv5zZlMVgTIOQ==,type:str]
-    - ENC[AES256_GCM,data:8X2iVkHQtQMReopWdgM=,iv:2Wq3QOadwd3G3ROXNe7JQD4AL/5H/WV19TBEbxijG/8=,tag:tikKT9Wvzm4Vz5aoy6w9WQ==,type:str]
-example_number: ENC[AES256_GCM,data:0K05hiSPh2Ok1A==,iv:IVRo61xkKugv4OiPm0vt9ODm5DC1DzJFdlgQJb1TfTg=,tag:o3xXygVEUD4jaGSJr0Nxtw==,type:float]
-example_booleans:
-    - ENC[AES256_GCM,data:zoykmQ==,iv:1JGy1Cg5GdAiod9qPSzW+wsG6rUgUJyYMEE4k576Tlk=,tag:RUCbytPpo78bqlAVEUsbLg==,type:bool]
-sops:
-    age:
-        - recipient: age1syted6kt48sumjjucggh6r3uca4x2ppp4mfungf3lamkt2le05csc99633
-          enc: |
-            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBsOE50MkkxV1p0UlVUT0dE
-            WCtLMEk0ZSttY25UMjNHSHB1QzJ4N2l5WnpFCkNpdmlCY1VxWVo0ZStVclZ0amo4
-            dGhSRWY1SElRZXZzdWo5UDNjUHMzUjAKLS0tIDI3elNXSXJHQU5qb3hCSHYwWnoy
-            N3BhNmJQZjIrbWlVRytxZ3dFMjBtL1kKn7/DTPfJtdBomSplnBomYhsxJbX7kJQa
-            1Qsr+bmugWxHFIPhoDwPIBpChQkLvAo8exQpduos18FsXgvMmB0guQ==
-            -----END AGE ENCRYPTED FILE-----
-        - recipient: age1ug30gg4y7ftuya0wdv7q0vh4egn00wlv2th7mt7cgc2ze46wmvyq9lq6ge
-          enc: |
-            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBXdnNSSEJoaUQwdTNTMDY4
-            QUxuLzRIWVNkM25QNTZ5VTBwQlYvT2p3SURzCnJmd2g1YUY0cmdLL3FkQTQ4NURL
-            YncyY3VROTFUeDc5ZlB1aWdXVGNNdjgKLS0tIEtXeDdRLzl4RXhpS2o5ZUE4YkpI
-            RjBObVhlWncrRnVidEtGN2N0ZitzNlUK/ooEeWCY5nDgny43q45wvl/e6qq/X4B/
-            7Q/DPj13BcrWRgoCYeHlq6VlIerz5ERNgxyR/qKuVSGAVroSVY6spA==
-            -----END AGE ENCRYPTED FILE-----
-        - recipient: age1mrnldl334l2nszuta6ywvewng0fswv2dz9l5g4qcwe3nj4yxf92qjskdx6
-          enc: |
-            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBoRy9CaHY1WEEzOXdUSjd2
-            aFlGU3NGcW5MeHg3U2d0UEk0SXJIcmg4RVFzCkpwODhBWld6T1VNS2haSkpxL0hn
-            b0VRWVNFcTE5c0t3VkFZQ1R1d2dnbmMKLS0tIDdNMHBrU0RRSmlBZUJobXQxZUt2
-            MzZSYlM5bjYzUlRYNXkzNzZlWmx3L0UKkH6WOXHFRRbCprSjxcONSVUN/9NEQvtS
-            Jg+dJSMviq6GvUfUNmNvPJHfyy+CYT6a2Zd+4NdYCetRLsRJPc6p3A==
-            -----END AGE ENCRYPTED FILE-----
-        - recipient: age1hmpdk4h69wxpwqk9tkud39f66hprhehxtzhgw97r6dvr7v0mx5jscsuhkn
-          enc: |
-            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBUckpiMzYrU1NnNFJ4MGps
-            OEt0c0o3Ty9QejhEM29wZFMrNTNyMHlHWlRBCnBHUUdvcmxoL0FqVEtBSHlma25P
-            c2tITUtZTGVzOGdidC84OUYvRlpxSjAKLS0tIFNMVmdiWmJNZUdLS1g3T3ZINUh6
-            Mjg5RHdKYnV3Z2V0L3E3ZlA2WDB0WlkKJr4Vg6rnKqGpL6N143QYfLqS4lQIED/J
-            SYQds8mCiyCNGvV6ON4k096jXcuMAZ1w+0bA16AHlTXnqgIgfaHpKA==
-            -----END AGE ENCRYPTED FILE-----
-        - recipient: age1wrssr4z4g6vl3fd3qme5cewchmmhm0j2xe6wf2meu4r6ycn37anse98mfs
-          enc: |
-            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBHL1QvSUlWUTN4OTBKOURa
-            VkVVb29McWgxa3gwb2lkVTdSZmUrVVZpSERjCm9oTTFRckg3SUM1a0tJRVlaU3RL
-            dUtsU0FpY1JyNkx6K1U1MWcrSjNYbUUKLS0tICtvTjJVdG1PSXF4TVltZ204SnVu
-            VE9aT3l2dGgxMWNHUXQ0bDN2RjVOek0KwOa/vczHZa+SRr8j6KvkfZZ0kajxXOq0
-            5AoDz2Mtcs+qBctTuogdLCZoL2ZpRVV7v1dGI+Fm1cVLoutV19IvTQ==
-            -----END AGE ENCRYPTED FILE-----
-        - recipient: age1zhxul786an743u0fascv4wtc5xduu7qfy803lfs539yzhgmlq5ds2lznt5
-          enc: |
-            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBWVFp0ZlRhU29DNUhMSmRy
-            Y3VVV2pmajJmaU9qN0tHR1E3ekFMS3o0K2pRClIwek5GYzNNZEliK2ZTT1NVZklQ
-            YWpqY3poN0E1ZTVOTVRhL3FQSVZmZW8KLS0tIHpuWktoa1EwcXc1bEJJYk5VbEw3
-            blE2VXBuTDdlbHJTVjRzOWdyem1UWTQKg5uZRhcLpmiVcadqdJoscqsBD2u6UGx+
-            qT0IoSVOzsBlJw2t9rH1zR7WfRSlCXT1NYzu9aTWGqQaB8qvEtyk4g==
-            -----END AGE ENCRYPTED FILE-----
-        - recipient: age1sqs7urnzsdy64efmd0zukzv3gs5pnjksuxd7nqmdwdy5l0nqnunq6hyune
-          enc: |
-            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBFdjhMM1ZpM2xFVXlvOXZK
-            MlRZT2U5YzhMUVR1L0FqVVdiSTFTYUpyN25rCjB6ajMwTnNTaWk5d21vM0Zza243
-            dHhSOHM0c3cwS1c5dGxhbzBNVm9DeFEKLS0tIEpOY1lWVE04UkNYNDdCcUdnTUhI
-            NC9xOENWZUNyay9SeXRjSUdkMlE4UXcKiygSIWelRUZQPbiK2ASQya7poe1KCXmo
-            XIlgOaUe1+lvY8s2bjdud0+7QlPOKeyciCSFNNqIxzHMYSEKwNCbpg==
-            -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2025-03-15T21:42:17Z"
-    mac: ENC[AES256_GCM,data:2gH/ZaxSA6ShRu53dxj7V3jk7FsVdYS+PSHQyFT8qMvKM1hsQ/nWrKt00PUl9I7Gb4uomP9Ga3SyphYOXRBzKoV+x52oEWOJE3Q4iPrwdCkyHlxEezhTd/ZRQVatG6dvHpLuDNS9Dyph4f7Mw5USI+m4WeVdgCvHTydw+4KIfP4=,iv:yimfq96WVsagvKr8HTg1RdZBSrVGcCWPvv8XOXkOfcg=,tag:zHzdrE0PX5+AeD2lpqeJVQ==,type:str]
-    pgp:
-        - created_at: "2026-01-16T06:34:38Z"
-          enc: |-
-            -----BEGIN PGP MESSAGE-----
-
-            hQIMA0av/duuklWYAQ/+O1tft/OfS52K8cmcQE7I7aFb85P2L+7u1TdmTjHwNFkC
-            3jhvzPkNDQDkMIc5EPZKX5WLUS8F1UaqCw4b8zZtqoTqKDpu0S92KL500iXwBxft
-            D3cRMFFb6GBoSlPJVBt6LMRJjGLWCkBihlYL1AknoVV7VERj8m1cvcstdp3qbEd7
-            c+X6t5B+7N0/QPdh2KyrHWXyCzFc/6emVjNGy2EoXRt7idFF2yTbafobCs/hZ8LZ
-            RJyhpGyR9QPtAwFP9Und62tCd4ZwG5FazZBLevRrmD7AOW1WnQhyYvxBvqQp/Oz+
-            lFmhcirLw5CaC1AbF2k3uNoAHXVWyexaQeu2gsNYXq+lpsdCWT8WtrAtNCyC2StI
-            PtdrdQ9oikJptmoWQ0zEBXKXdV8AhukLSX0wtis74KbmcS+2YyNKvQksGF2ZfHBh
-            U9ycfJr1kwm7TAg5Lg6XOmKrdOJkPoIcUCk2QW7MfS3nwwMLt3BjhhpRVUfeUmjB
-            Jjjs+jUXEusnmwmvGGgEU2pT944FLuFClSI8JTnIZ61YkjF7zAtrURvsNKlqu/UG
-            JLrWR+dnnh1YK0qQEcqt6giNSX2IWrw5SpJ8Jekt0TWfB1HDHybQUyFC/n/je/XK
-            0ouAeDL9oqh0eRU3ng4KKhOXNn+WO3/HrnG//KFwokc//BNNvP8qM0CTtPQbQ1HS
-            XgFjhTfzV0T4LyUryuict4rLVI+DDbzWGRp0umdobvQE1CGLhKCanrd2/Ng6fAny
-            9G09vYF5zK95uzqFBCTh1zFr6+rhfbMI501TwBu1KxOaJdYs3vzLiTGWoyI48JM=
-            =5fyo
-            -----END PGP MESSAGE-----
-          fp: F7D37890228A907440E1FD4846B9228E814A2AAC
-    unencrypted_suffix: _unencrypted
-    version: 3.8.1
--- a/secrets/bicep/bicep.yaml
+++ b/secrets/bicep/bicep.yaml
@@ -10,10 +10,6 @@ minecraft-heatmap:
    ssh-key:
        private: ENC[AES256_GCM,data:h9OtD6hxrxyokFDe9bveAkMICrs3YrsAEqg0RVHV+xCkgkNAdoh85wb1QI8FJ0tga4Bfq8ZxZTdMnexQvbYWL8m/N/P6gWoPPJd7dwGuxaUZu5lqngVuHIhH0yWFWtPXjQ0Zyl5Q1aBKyjzJMvJc/H2iprgVH4YFs/fWf/KDEp17Plvvz0AoPGPrOZErDmne4MtLbW3pUm1r5ACo/41OyXYwjHk1Ywgsoz1CMxe/DrmkADnf7jSDWL6Q0mz8hIIYi8GbToJS4BIJ2plttraxV9sqpIPzS/1jMERNchItlkCppSYIy/eohVmskP8dAySm5Z7HNGGtzWSSGLxq15xKc7OVFYPMI+B35nPnp1LVOUWqBHAqVo7dwxc3VXOlVat7AMknUZnr67d4TIIl5BOdy/rvAxzXS/fDV0zntIs5o3phKStVvq07eZFaOVva45B7Pyyn0PdBhHBt2JcBtm+Xtg9i3xvZdwQgbeeJRhnYgDqK6BVhmtTuirwp1GOyslqaFCjg0MJj+W+d8R9gbbfyFR6YrZQAkcd/o/yZGg86z7Phe18=,iv:nt/+qPBwPZKQt43VJ9FbKjLYioFwCxD7VK9WNCJCmpQ=,tag:MuDfnTiro3VVJq9x5rkEQg==,type:str]
        public: ENC[AES256_GCM,data:+fiCO8VRSmV7tmyweYSpZJMOuMORLHkWetYbr20aTQ1vRYr927nYGes4E464t+Dv9OyJPCLmHBdgt7UvxJWuC3pZE8iStnBYnej3D4ebMzi2SMfOkJjGuQSplXtl8QeAYe1YvROmtQ==,iv:thgGQUyWdXfwUt1E/vudoNjl8JjnksFd1rb/asTry+g=,tag:t1iQPocvfI+JafuJycaLuw==,type:str]
-garage:
-    rpc-secret: ENC[AES256_GCM,data:GzLWSrVcjCiZKNC78BCjf1CFDdUxU43w5cjUCxlV2zUv4RLJ9m4rJiw749du+JW/w7CvyVgBHSM7D4ixeunvJA==,iv:VwrmBtbNX0AumaBmMNYwMd+zMHfYwXzvMd5D2uQrIis=,tag:ShHXGuYx4lrg+ORf+JXISw==,type:str]
-    admin-token: ENC[AES256_GCM,data:UFyn0s0t44oEDdV36kkeUyomvP0X+Sw4ed1g6n29Fh6PLYl53gvDnyg0OSI=,iv:w9IMARTfTcfvu/Qdh60JVH7S9W1GkV+/e3YL08WZKh8=,tag:kOx9BZ8OPBNRpvkLgmW3Zw==,type:str]
-    metrics-token: ENC[AES256_GCM,data:/dCSR1OgpEsOsRRzCeiY6OSyGvl8feKovb/Kfqg6QCQ4tb8bAkkR8xLtTxQ=,iv:4wHwBgoiJFTZETtNs9t6dshgG3f84T7HHiEi86LkOmU=,tag:3usDN18uB2ZPo8fDJZEDag==,type:str]
 sops:
    age:
        - recipient: age19nk55kcs7s0358jpkn75xnr57dfq6fq3p43nartvsprx0su22v7qcgcjdx
@@ -79,8 +75,8 @@ sops:
            U3IrZTB3YUJiREZDQkgzUFMvb3VxU1kKJhYYVcCT8hNJkEK1nD3GBekVGDOI3Nin
            iBat3LwB4Ijzx1jA+jKJ1Ilf4MgdoL2ox6l/uWft27vvsRaQ501VvA==
            -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2026-04-29T12:18:46Z"
-    mac: ENC[AES256_GCM,data:blfYRh75xbA+jeGCCxuZADBVAa4Nih+b5hcXEp8mdzOBrbdOWfL4TfuyYB0Cj/rMDsklIprczmBJ/a/cSTdKSaak/LfAzy7swR6u5R5V3+xLP6CopOhO59RaXc2inoMPEc73XAmP33jynm/kSznRM1PGA+X9oaK6PrWcTgHiM7M=,iv:SwXRz/XpyOVOQzvRjViqK41NOdHXGdTshQ3a/Qi1350=,tag:v6p6QW6qnv1T14PBBB88NQ==,type:str]
+    lastmodified: "2025-08-25T12:27:53Z"
+    mac: ENC[AES256_GCM,data:GoJ2en7e+D4wjyPJqq7i1s8JPdgFO3wcxrtXOgSKTxi6HTibuIcP4KQcKrCMRAZmXOEL1vpnWFA2uk7S00Av7/QOnzP0Zrk3aPBM6lbB+p9XSabN0sOe1UpZDtAM3bzvS9JZzyztT5nHKvO/eV2rP71y/tYbsT6yvj7Y9zxpvKg=,iv:tQiCr7zpo7g5jZpt2VD9jtFKo32XUWs94Jay+T4XWys=,tag:npBqmlbUUfN+ztttajva3w==,type:str]
    pgp:
        - created_at: "2026-01-16T06:34:45Z"
          enc: |-
@@ -103,4 +99,4 @@ sops:
            -----END PGP MESSAGE-----
          fp: F7D37890228A907440E1FD4846B9228E814A2AAC
    unencrypted_suffix: _unencrypted
-    version: 3.12.2
+    version: 3.10.2
--- a/topology/default.nix
+++ b/topology/default.nix
@@ -270,10 +270,4 @@ in {

    interfaces.ens18.network = "pvv";
  };
-  nodes.bakke = {
-    guestType = "openstack";
-    parent = config.nodes.stackit.id;
-
-    interfaces.enp2s0.network = "pvv";
-  };
 }
--- a/users/alfhj.nix
+++ b/users/alfhj.nix
@@ -0,0 +1,12 @@
+{ config, pkgs, ... }:
+
+{
+  users.users.alfhj = {
+    isNormalUser = true;
+    extraGroups = [ "wheel" ];
+    shell = if config.programs.zsh.enable then pkgs.zsh else pkgs.bash;
+    openssh.authorizedKeys.keys = [
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMCAYE0U3sFizm/NSbKCs0jEhZ1mpAWPcijFevejiFL1 alfhj"
+    ];
+  };
+}
--- a/users/amalieem.nix
+++ b/users/amalieem.nix
@@ -0,0 +1,12 @@
+{ config, pkgs, ... }:
+
+{
+  users.users.amalieem = {
+    isNormalUser = true;
+    extraGroups = [ "wheel" ];
+    shell = if config.programs.zsh.enable then pkgs.zsh else pkgs.bash;
+    openssh.authorizedKeys.keys = [
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPsMtFIj4Dem/onwMoWYbosOcU4y7A5nTjVwqWaU33E1 amalieem@matey-aug22"
+    ];
+  };
+}
--- a/values.nix
+++ b/values.nix
@@ -32,10 +32,6 @@ in rec {
    gateway = pvv-ipv4 129;
    gateway6 = pvv-ipv6 1;

-    bakke = {
-      ipv4 = pvv-ipv4 173;
-      ipv6 = pvv-ipv6 173;
-    };
    bekkalokk = {
      ipv4 = pvv-ipv4 168;
      ipv6 = pvv-ipv6 168;
Author	SHA1	Message	Date
Felix Albrigtsen	71043f6a6d	bakke: add shading	2026-04-29 15:16:24 +02:00
Felix Albrigtsen	f978ce1b25	bakke: rest of the owl	2026-04-29 15:16:19 +02:00
Felix Albrigtsen	38c62cb5e7	bakke: uninit	2026-04-19 19:01:27 +02:00