Compare commits

..

30 Commits

Author SHA1 Message Date
h7x4 e9bc07d6e9 grr: fix the heccin quotes
... of the day
2026-05-26 22:26:39 +09:00
h7x4 3372712e26 modules/ooye: move StartLimit* options to correct section 2026-05-26 15:03:27 +09:00
h7x4 7e586e082e flake.lock: bump pvv-calendar-bot 2026-05-26 14:55:58 +09:00
h7x4 47a744f68f ildkule/uptime-kuma: set up rsync pull target for principal 2026-05-26 13:37:29 +09:00
Vegard Bieker Matthey da505d4fe2 kommode: sign merge commits and sign crud actions 2026-05-25 20:21:23 +02:00
h7x4 18ab1ef982 temmie/userweb: set -i and -t in sendmail wrapper 2026-05-25 18:49:57 +09:00
h7x4 5023edeb13 temmie/userweb: install mod_perl with custom env 2026-05-25 18:24:23 +09:00
h7x4 0d8c26c548 temmie/userweb: send propagatedBuildInputs through perl env wrapper 2026-05-25 17:05:02 +09:00
h7x4 bd244e7797 temmie/userweb: add www2 server alias 2026-05-25 16:24:35 +09:00
h7x4 e9220bb31e temmie/userweb: use www-datas UID + GID for backwards compat 2026-05-25 15:25:26 +09:00
h7x4 6beb9c62c3 temmie/userweb: use bro to proxy sendmail requests out of sandbox 2026-05-25 15:02:40 +09:00
h7x4 7429b334ca README: add temmie to machine overview 2026-05-25 11:59:17 +09:00
h7x4 1595f67c55 flake.nix: allow nvidia-kernel-modules for wenche 2026-05-25 11:35:25 +09:00
h7x4 3f5eadcb87 base/resolved: use RFC42 format 2026-05-25 10:40:04 +09:00
h7x4 70c0ad8724 base: use RFC42 format for systemd.sleep 2026-05-25 10:40:04 +09:00
h7x4 61ea0181a1 packages/mediawiki-extensions: REL1_44 -> REL1_45 2026-05-25 10:40:04 +09:00
h7x4 3e22c1a47e nixpkgs 26.05 🎉 2026-05-25 10:40:02 +09:00
Vegard Bieker Matthey 0319858cad Merge branch 'gluttony-bluemap' 2026-05-25 03:32:15 +02:00
Vegard Bieker Matthey efd50868e0 bekkalokk: add back config added through bluemap module 2026-05-25 03:28:49 +02:00
Vegard Bieker Matthey 7a23cf7f25 bekkalokk: remove bluemap 2026-05-25 03:28:30 +02:00
Vegard Bieker Matthey 57963fadd7 gluttony: add private key and set public key for bekkalokk 2026-05-25 03:22:13 +02:00
Vegard Bieker Matthey 792f111a5d bekkalokk: pull rendered map from gluttony 2026-05-25 03:22:13 +02:00
Vegard Bieker Matthey b27859c0fa gluttony: export rendered bluemap to bekkalokk 2026-05-25 03:22:09 +02:00
Vegard Bieker Matthey eb0eb6d93b add bekkalokk to known_hosts 2026-05-25 03:20:25 +02:00
Vegard Bieker Matthey 6a943dd7b0 bluemap: set group to nginx only if nginx is enabled 2026-05-25 03:20:25 +02:00
Vegard Bieker Matthey c59c00f3fc gluttony: setup bluemap 2026-05-25 03:20:21 +02:00
h7x4 53670b4d05 flake.nix/inputs/disko: v1.11.0 -> v1.13.0 2026-05-24 23:05:48 +09:00
h7x4 d92a5f13ad base/journald-upload: fix target url 2026-05-24 16:41:54 +09:00
h7x4 16d3251ee2 shells/cuda: fix deprecated package attr warnings 2026-05-24 15:23:33 +09:00
Daniel Olsen 09163b77da Revert "bicep/matrix/livekit: open the rtc ports"
This reverts commit 4a67eddf52.
2026-05-23 23:23:41 +02:00
18 changed files with 350 additions and 242 deletions
+2
View File
@@ -45,6 +45,7 @@ revert the changes on the next nightly rebuild (tends to happen when everybody i
| [lupine][lup] | Physical | Gitea CI/CD runners | | [lupine][lup] | Physical | Gitea CI/CD runners |
| shark | Virtual | Test host for authentication, absolutely horrendous | | shark | Virtual | Test host for authentication, absolutely horrendous |
| [skrot][skr] | Physical | Kiosk, snacks and soda | | [skrot][skr] | Physical | Kiosk, snacks and soda |
| [temmie][tem] | Virtual | User websites |
| [wenche][wen] | Virtual | Nix-builders, general purpose compute | | [wenche][wen] | Virtual | Nix-builders, general purpose compute |
## Documentation ## Documentation
@@ -63,4 +64,5 @@ revert the changes on the next nightly rebuild (tends to happen when everybody i
[kom]: https://wiki.pvv.ntnu.no/wiki/Maskiner/kommode [kom]: https://wiki.pvv.ntnu.no/wiki/Maskiner/kommode
[lup]: https://wiki.pvv.ntnu.no/wiki/Maskiner/lupine [lup]: https://wiki.pvv.ntnu.no/wiki/Maskiner/lupine
[skr]: https://wiki.pvv.ntnu.no/wiki/Maskiner/Skrot [skr]: https://wiki.pvv.ntnu.no/wiki/Maskiner/Skrot
[tem]: https://wiki.pvv.ntnu.no/wiki/Maskiner/temmie
[wen]: https://wiki.pvv.ntnu.no/wiki/Maskiner/wenche [wen]: https://wiki.pvv.ntnu.no/wiki/Maskiner/wenche
+4 -4
View File
@@ -77,10 +77,10 @@
''; '';
# These are servers, sleep is for the weak # These are servers, sleep is for the weak
systemd.sleep.extraConfig = lib.mkDefault '' systemd.sleep.settings.Sleep = {
AllowSuspend=no AllowSuspend = lib.mkDefault false;
AllowHibernation=no AllowHibernation = lib.mkDefault false;
''; };
# users.mutableUsers = lib.mkDefault false; # users.mutableUsers = lib.mkDefault false;
+1 -1
View File
@@ -8,6 +8,6 @@
services.resolved = { services.resolved = {
enable = lib.mkDefault true; enable = lib.mkDefault true;
dnssec = "false"; # Supposdly this keeps breaking and the default is to allow downgrades anyways... settings.Resolve.DNSSEC = false; # Supposdly this keeps breaking and the default is to allow downgrades anyways...
}; };
} }
+1 -2
View File
@@ -6,8 +6,7 @@ in
services.journald.upload = { services.journald.upload = {
enable = lib.mkDefault true; enable = lib.mkDefault true;
settings.Upload = { settings.Upload = {
# URL = "https://journald.pvv.ntnu.no:${toString config.services.journald.remote.port}"; URL = "https://journald.pvv.ntnu.no:${toString config.services.journald.remote.port}";
URL = "https://${values.hosts.ildkule.ipv4}:${toString config.services.journald.remote.port}";
ServerKeyFile = "-"; ServerKeyFile = "-";
ServerCertificateFile = "-"; ServerCertificateFile = "-";
TrustedCertificateFile = "-"; TrustedCertificateFile = "-";
Generated
+62 -18
View File
@@ -1,5 +1,27 @@
{ {
"nodes": { "nodes": {
"bro": {
"inputs": {
"nixpkgs": [
"nixpkgs"
],
"rust-overlay": "rust-overlay"
},
"locked": {
"lastModified": 1779629827,
"narHash": "sha256-nrlB50/oelB8oFx9DhOoXI5z0VoTZGEA6XxYvkvpqDA=",
"ref": "main",
"rev": "7d0f35e12e4dec39f981c08fc33515589f41f4a5",
"revCount": 3,
"type": "git",
"url": "https://git.pvv.ntnu.no/Projects/bro.git"
},
"original": {
"ref": "main",
"type": "git",
"url": "https://git.pvv.ntnu.no/Projects/bro.git"
}
},
"crane": { "crane": {
"locked": { "locked": {
"lastModified": 1776635034, "lastModified": 1776635034,
@@ -43,16 +65,16 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1736864502, "lastModified": 1768920986,
"narHash": "sha256-ItkIZyebGvNH2dK9jVGzJHGPtb6BSWLN8Gmef16NeY0=", "narHash": "sha256-CNzzBsRhq7gg4BMBuTDObiWDH/rFYHEuDRVOwCcwXw4=",
"owner": "nix-community", "owner": "nix-community",
"repo": "disko", "repo": "disko",
"rev": "0141aabed359f063de7413f80d906e1d98c0c123", "rev": "de5708739256238fb912c62f03988815db89ec9a",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "nix-community", "owner": "nix-community",
"ref": "v1.11.0", "ref": "v1.13.0",
"repo": "disko", "repo": "disko",
"type": "github" "type": "github"
} }
@@ -101,7 +123,7 @@
"nixpkgs": [ "nixpkgs": [
"nixpkgs-unstable" "nixpkgs-unstable"
], ],
"rust-overlay": "rust-overlay" "rust-overlay": "rust-overlay_2"
}, },
"locked": { "locked": {
"lastModified": 1777019032, "lastModified": 1777019032,
@@ -165,7 +187,7 @@
"nixpkgs": [ "nixpkgs": [
"nixpkgs" "nixpkgs"
], ],
"rust-overlay": "rust-overlay_2" "rust-overlay": "rust-overlay_3"
}, },
"locked": { "locked": {
"lastModified": 1767906976, "lastModified": 1767906976,
@@ -248,15 +270,15 @@
}, },
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1778544512, "lastModified": 1779622335,
"narHash": "sha256-VIsPgfIpZ/01XUO6WN+o1NZbP5iKPKPHdHPWqfm4XIg=", "narHash": "sha256-06G98ieM6l+OI7EMhlvchgDBDn+DvIWCNj40LDhKpmc=",
"rev": "c417517f9d525181ee5619c683419d308ee29fe8", "rev": "705e9929918b43bd7b715dc0a878ac870449bb03",
"type": "tarball", "type": "tarball",
"url": "https://releases.nixos.org/nixos/25.11-small/nixos-25.11.10745.c417517f9d52/nixexprs.tar.xz" "url": "https://releases.nixos.org/nixos/26.05-small/nixos-26.05beta1.705e9929918b/nixexprs.tar.xz"
}, },
"original": { "original": {
"type": "tarball", "type": "tarball",
"url": "https://nixos.org/channels/nixos-25.11-small/nixexprs.tar.xz" "url": "https://nixos.org/channels/nixos-26.05-small/nixexprs.tar.xz"
} }
}, },
"nixpkgs-lib": { "nixpkgs-lib": {
@@ -294,11 +316,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1764869785, "lastModified": 1779774845,
"narHash": "sha256-FGTIpC7gB4lbeL0bfYzn1Ge0PaCpd7VqWBLhJBx0i4A=", "narHash": "sha256-QJU1J4eupwjRrtvWGzRut0GY3woql92RS9O/acWkJkk=",
"ref": "main", "ref": "main",
"rev": "8ce7fb0b1918bdb3d1489a40d73895693955e8b2", "rev": "13667cd216db260ab549e6f1b6281aa230d2f9e0",
"revCount": 23, "revCount": 29,
"type": "git", "type": "git",
"url": "https://git.pvv.ntnu.no/Projects/calendar-bot.git" "url": "https://git.pvv.ntnu.no/Projects/calendar-bot.git"
}, },
@@ -352,6 +374,7 @@
}, },
"root": { "root": {
"inputs": { "inputs": {
"bro": "bro",
"dibbler": "dibbler", "dibbler": "dibbler",
"disko": "disko", "disko": "disko",
"gergle": "gergle", "gergle": "gergle",
@@ -377,7 +400,7 @@
"nixpkgs": [ "nixpkgs": [
"nixpkgs" "nixpkgs"
], ],
"rust-overlay": "rust-overlay_3" "rust-overlay": "rust-overlay_4"
}, },
"locked": { "locked": {
"lastModified": 1778600367, "lastModified": 1778600367,
@@ -396,6 +419,27 @@
} }
}, },
"rust-overlay": { "rust-overlay": {
"inputs": {
"nixpkgs": [
"bro",
"nixpkgs"
]
},
"locked": {
"lastModified": 1779419951,
"narHash": "sha256-dMX0PUslUHPajP6o8FEoRdFv9afq/dec4POR0vVfjK4=",
"owner": "oxalica",
"repo": "rust-overlay",
"rev": "5b5c521d6cae9ef4aa32f888eb2c0ce595c9be52",
"type": "github"
},
"original": {
"owner": "oxalica",
"repo": "rust-overlay",
"type": "github"
}
},
"rust-overlay_2": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
"greg-ng", "greg-ng",
@@ -416,7 +460,7 @@
"type": "github" "type": "github"
} }
}, },
"rust-overlay_2": { "rust-overlay_3": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
"minecraft-heatmap", "minecraft-heatmap",
@@ -437,7 +481,7 @@
"type": "github" "type": "github"
} }
}, },
"rust-overlay_3": { "rust-overlay_4": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
"roowho2", "roowho2",
+15 -5
View File
@@ -2,13 +2,13 @@
description = "PVV System flake"; description = "PVV System flake";
inputs = { inputs = {
nixpkgs.url = "https://nixos.org/channels/nixos-25.11-small/nixexprs.tar.xz"; nixpkgs.url = "https://nixos.org/channels/nixos-26.05-small/nixexprs.tar.xz";
nixpkgs-unstable.url = "https://nixos.org/channels/nixos-unstable-small/nixexprs.tar.xz"; nixpkgs-unstable.url = "https://nixos.org/channels/nixos-unstable-small/nixexprs.tar.xz";
sops-nix.url = "github:Mic92/sops-nix/master"; sops-nix.url = "github:Mic92/sops-nix/master";
sops-nix.inputs.nixpkgs.follows = "nixpkgs"; sops-nix.inputs.nixpkgs.follows = "nixpkgs";
disko.url = "github:nix-community/disko/v1.11.0"; disko.url = "github:nix-community/disko/v1.13.0";
disko.inputs.nixpkgs.follows = "nixpkgs"; disko.inputs.nixpkgs.follows = "nixpkgs";
nix-topology.url = "github:oddlama/nix-topology/main"; nix-topology.url = "github:oddlama/nix-topology/main";
@@ -47,6 +47,9 @@
qotd.url = "git+https://git.pvv.ntnu.no/Projects/qotd.git?ref=main"; qotd.url = "git+https://git.pvv.ntnu.no/Projects/qotd.git?ref=main";
qotd.inputs.nixpkgs.follows = "nixpkgs"; qotd.inputs.nixpkgs.follows = "nixpkgs";
bro.url = "git+https://git.pvv.ntnu.no/Projects/bro.git?ref=main";
bro.inputs.nixpkgs.follows = "nixpkgs";
}; };
outputs = { outputs = {
@@ -85,6 +88,7 @@
[ [
"nvidia-x11" "nvidia-x11"
"nvidia-settings" "nvidia-settings"
"nvidia-kernel-modules"
]; ];
}); });
@@ -105,6 +109,7 @@
[ [
"nvidia-x11" "nvidia-x11"
"nvidia-settings" "nvidia-settings"
"nvidia-kernel-modules"
]; ];
overlays = overlays =
(lib.optionals enableDefaults [ (lib.optionals enableDefaults [
@@ -189,14 +194,12 @@
(final: prev: { (final: prev: {
mediawiki-extensions = final.callPackage ./packages/mediawiki-extensions {}; mediawiki-extensions = final.callPackage ./packages/mediawiki-extensions {};
simplesamlphp = final.callPackage ./packages/simplesamlphp {}; simplesamlphp = final.callPackage ./packages/simplesamlphp {};
bluemap = final.callPackage ./packages/bluemap.nix {};
}) })
inputs.pvv-nettsiden.overlays.default inputs.pvv-nettsiden.overlays.default
inputs.qotd.overlays.default inputs.qotd.overlays.default
]; ];
modules = [ modules = [
inputs.pvv-nettsiden.nixosModules.default inputs.pvv-nettsiden.nixosModules.default
self.nixosModules.bluemap
inputs.qotd.nixosModules.default inputs.qotd.nixosModules.default
]; ];
}; };
@@ -214,7 +217,14 @@
}; };
shark = stableNixosConfig "shark" {}; shark = stableNixosConfig "shark" {};
wenche = stableNixosConfig "wenche" {}; wenche = stableNixosConfig "wenche" {};
temmie = stableNixosConfig "temmie" {}; temmie = stableNixosConfig "temmie" {
overlays = [
inputs.bro.overlays.default
];
modules = [
inputs.bro.nixosModules.default
];
};
gluttony = stableNixosConfig "gluttony" { gluttony = stableNixosConfig "gluttony" {
overlays = [ overlays = [
(final: prev: { bluemap = final.callPackage ./packages/bluemap.nix {}; }) (final: prev: { bluemap = final.callPackage ./packages/bluemap.nix {}; })
+9 -98
View File
@@ -1,106 +1,10 @@
{ config, lib, pkgs, inputs, values, ... }: { values, ... }:
let let
vanillaSurvival = "/var/lib/bluemap/vanilla_survival_world";
webExport = "/var/lib/bluemap/web"; webExport = "/var/lib/bluemap/web";
format = pkgs.formats.hocon { };
in { in {
# NOTE: our versino of the module gets added in flake.nix # NOTE: our version of the module gets added in flake.nix
disabledModules = [ "services/web-apps/bluemap.nix" ]; disabledModules = [ "services/web-apps/bluemap.nix" ];
sops.secrets."bluemap/ssh-key" = { };
sops.secrets."bluemap/ssh-known-hosts" = { };
services.bluemap = {
enable = true;
eula = true;
onCalendar = "*-*-* 05:45:00"; # a little over an hour after auto-upgrade
host = "minecraft.pvv.ntnu.no";
maps = let
inherit (inputs.minecraft-kartverket.packages.${pkgs.stdenv.hostPlatform.system}) bluemap-export;
in {
"verden" = {
extraHoconMarkersFile = "${bluemap-export}/overworld.hocon";
settings = {
world = vanillaSurvival;
dimension = "minecraft:overworld";
name = "Verden";
sorting = 0;
start-pos = {
x = 0;
z = 0;
};
ambient-light = 0.1;
cave-detection-ocean-floor = -5;
};
};
"underverden" = {
extraHoconMarkersFile = "${bluemap-export}/nether.hocon";
settings = {
world = vanillaSurvival;
dimension = "minecraft:the_nether";
name = "Underverden";
sorting = 100;
start-pos = {
x = 0;
z = 0;
};
sky-color = "#290000";
void-color = "#150000";
sky-light = 1;
ambient-light = 0.6;
remove-caves-below-y = -10000;
cave-detection-ocean-floor = -5;
cave-detection-uses-block-light = true;
render-mask = [{
max-y = 90;
}];
};
};
"enden" = {
extraHoconMarkersFile = "${bluemap-export}/the-end.hocon";
settings = {
world = vanillaSurvival;
dimension = "minecraft:the_end";
name = "Enden";
sorting = 200;
start-pos = {
x = 0;
z = 0;
};
sky-color = "#080010";
void-color = "#080010";
sky-light = 1;
ambient-light = 0.6;
remove-caves-below-y = -10000;
cave-detection-ocean-floor = -5;
};
};
};
};
systemd.services."render-bluemap-maps" = {
serviceConfig = {
StateDirectory = [ "bluemap/world" ];
ExecStartPre = let
rsyncArgs = lib.cli.toCommandLineShellGNU { } {
archive = true;
compress = true;
verbose = true;
no-owner = true;
no-group = true;
rsh = "${pkgs.openssh}/bin/ssh -o UserKnownHostsFile=%d/ssh-known-hosts -i %d/sshkey";
};
in "${lib.getExe pkgs.rsync} ${rsyncArgs} root@innovation.pvv.ntnu.no:/ ${vanillaSurvival}";
LoadCredential = [
"sshkey:${config.sops.secrets."bluemap/ssh-key".path}"
"ssh-known-hosts:${config.sops.secrets."bluemap/ssh-known-hosts".path}"
];
};
};
services.nginx.virtualHosts."minecraft.pvv.ntnu.no" = { services.nginx.virtualHosts."minecraft.pvv.ntnu.no" = {
enableACME = true; enableACME = true;
forceSSL = true; forceSSL = true;
@@ -116,6 +20,13 @@ in {
quic_retry on; quic_retry on;
add_header Alt-Svc 'h3=":$server_port"; ma=86400'; add_header Alt-Svc 'h3=":$server_port"; ma=86400';
''; '';
root = webExport;
locations = {
"~* ^/maps/[^/]*/tiles/".extraConfig = ''
error_page 404 = @empty;
'';
"@empty".return = "204";
};
}; };
services.rsync-pull-targets = { services.rsync-pull-targets = {
-7
View File
@@ -64,11 +64,4 @@ in
''; '';
}; };
}; };
networking.firewall.allowedUDPPortRanges = [
{
from = cfg.settings.rtc.port_range_start;
to = cfg.settings.rtc.port_range_end;
}
];
} }
+39
View File
@@ -0,0 +1,39 @@
# Do modify this file! It was generated by „nixos-generate-config“
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix and run ⟪nix-env --switch-profile⟫ instead.
{ config, lib, pkgs, modulesPath, home-manager, ... }:
{
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "ehci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" "af_alg" "esp4" "esp6" "rds" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-amd" ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "/dev/sdj1";
fsType = "bcachefs";
};
fileSystems."/boott" =
{ device = "/dev/disk/by-uuid/AAAA-AAAA";
fsType = "vfat";
};
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with networking.interfaces.<interface>.useDHCP.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.em1.useDHCP = lib.mkDefault true;
# networking.interfaces.em2.useDHCP = lib.mkDefault true;
# networking.interfaces.pflog0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "i686-freebsd";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
hardware.infiniband.enable = true;
hardware.flipperzero.enable = lib.mkIf (config.security.isolate.cgRoot == "auto:/run/isolate/tank") true;
}
+2 -23
View File
@@ -1,10 +1,8 @@
{ config, lib, pkgs, inputs, ... }: { config, lib, pkgs, inputs, ... }:
let let
vanillaSurvival = "/var/lib/bluemap/vanilla_survival_world"; vanillaSurvival = "/var/lib/bluemap/vanilla_survival_world";
webExport = "/var/lib/bluemap/web";
format = pkgs.formats.hocon { };
in { in {
# NOTE: our versino of the module gets added in flake.nix # NOTE: our version of the module gets added in flake.nix
disabledModules = [ "services/web-apps/bluemap.nix" ]; disabledModules = [ "services/web-apps/bluemap.nix" ];
sops.secrets."bluemap/ssh-key" = { }; sops.secrets."bluemap/ssh-key" = { };
@@ -105,30 +103,11 @@ in {
no-group = true; no-group = true;
rsh = "${pkgs.openssh}/bin/ssh -o UserKnownHostsFile=%d/ssh-known-hosts -i %d/sshkey"; rsh = "${pkgs.openssh}/bin/ssh -o UserKnownHostsFile=%d/ssh-known-hosts -i %d/sshkey";
}; };
in "${lib.getExe pkgs.rsync} ${rsyncArgs} ${webExport} root@bekkalokk.pvv.ntnu.no:/"; in "${lib.getExe pkgs.rsync} ${rsyncArgs} --groupmap=root:nginx ${config.services.bluemap.webRoot}/ root@bekkalokk.pvv.ntnu.no:/";
LoadCredential = [ LoadCredential = [
"sshkey:${config.sops.secrets."bluemap/ssh-key".path}" "sshkey:${config.sops.secrets."bluemap/ssh-key".path}"
"ssh-known-hosts:${config.sops.secrets."bluemap/ssh-known-hosts".path}" "ssh-known-hosts:${config.sops.secrets."bluemap/ssh-known-hosts".path}"
]; ];
}; };
}; };
services.nginx.virtualHosts."minecraft.pvv.ntnu.no" = {
enableACME = true;
forceSSL = true;
kTLS = true;
http3 = true;
quic = true;
http3_hq = true;
extraConfig = ''
# Enabling QUIC 0-RTT
ssl_early_data on;
quic_gso on;
quic_retry on;
add_header Alt-Svc 'h3=":$server_port"; ma=86400';
'';
};
networking.firewall.allowedUDPPorts = [ 443 ];
} }
@@ -1,4 +1,4 @@
{ config, pkgs, lib, ... }: { config, pkgs, lib, values, ... }:
let let
cfg = config.services.uptime-kuma; cfg = config.services.uptime-kuma;
domain = "status.pvv.ntnu.no"; domain = "status.pvv.ntnu.no";
@@ -24,4 +24,21 @@ in {
fsType = "bind"; fsType = "bind";
options = [ "bind" ]; options = [ "bind" ];
}; };
services.rsync-pull-targets = {
enable = true;
locations.${stateDir} = {
user = "root";
rrsyncArgs.ro = true;
authorizedKeysAttrs = [
"restrict"
"from=\"principal.pvv.ntnu.no,${values.hosts.principal.ipv6},${values.hosts.principal.ipv4}\""
"no-agent-forwarding"
"no-port-forwarding"
"no-pty"
"no-X11-forwarding"
];
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJXzcDm6cVr4NmWzUSroy33FlielKqaG83wY0RCMC0p/ uptime_kuma rsync backup";
};
};
} }
+2
View File
@@ -50,6 +50,8 @@ in
SIGNING_NAME = "PVV Git"; SIGNING_NAME = "PVV Git";
SIGNING_EMAIL = "gitea@git.pvv.ntnu.no"; SIGNING_EMAIL = "gitea@git.pvv.ntnu.no";
INITIAL_COMMIT = "always"; INITIAL_COMMIT = "always";
MERGES = lib.concatStringsSep "," [ "always" ];
CRUD_ACTIONS = lib.concatStringsSep "," [ "always" ];
WIKI = "always"; WIKI = "always";
}; };
} }
+37 -30
View File
@@ -39,7 +39,7 @@ let
extraConfig = phpOptions; extraConfig = phpOptions;
}; };
perlEnv = pkgs.perl.withPackages (ps: with ps; [ perlEnv = (pkgs.perl.withPackages (ps: with ps; [
pkgs.exiftool pkgs.exiftool
pkgs.ikiwiki pkgs.ikiwiki
pkgs.irssi pkgs.irssi
@@ -54,7 +54,14 @@ let
ImageMagick ImageMagick
JSON JSON
TemplateToolkit TemplateToolkit
]); ])).overrideAttrs (prev: {
# NOTE: `pkgs.perl.propagatedBuildInputs` don't actually propagate through the
# wrapper derivation created by `withPackages`. This should compensate
# for that.
postBuild = prev.postBuild + ''
cp -r '${pkgs.perl}/nix-support' "$out"/nix-support
'';
});
# https://nixos.org/manual/nixpkgs/stable/#python.buildenv-function # https://nixos.org/manual/nixpkgs/stable/#python.buildenv-function
pythonEnv = pkgs.python3.buildEnv.override { pythonEnv = pkgs.python3.buildEnv.override {
@@ -67,21 +74,6 @@ let
ignoreCollisions = true; ignoreCollisions = true;
}; };
sendmailWrapper = pkgs.writeShellApplication {
name = "sendmail";
runtimeInputs = [ ];
text = ''
args=("$@")
if [[ -z "$USERDIR_USER" ]] && [[ "$USERDIR_USER" != "pvv" ]]; then
# Prepend -fusername to the argument list, so bounces go to the user
args=("-f$USERDIR_USER" "''${args[@]}")
fi
exec '${lib.getExe pkgs.system-sendmail}' "''${args[@]}"
'';
};
# https://nixos.org/manual/nixpkgs/stable/#sec-building-environment # https://nixos.org/manual/nixpkgs/stable/#sec-building-environment
fhsEnv = pkgs.buildEnv { fhsEnv = pkgs.buildEnv {
name = "userweb-env"; name = "userweb-env";
@@ -89,7 +81,7 @@ let
paths = with pkgs; [ paths = with pkgs; [
bash bash
sendmailWrapper config.services.bro.instances.userweb-sendmail.client.package
perlEnv perlEnv
pythonEnv pythonEnv
@@ -184,17 +176,21 @@ in
extraModules = [ extraModules = [
"systemd" "systemd"
"userdir" "userdir"
# TODO: I think the compilation steps of pkgs.apacheHttpdPackages.mod_perl might have some {
# incorrect or restrictive assumptions upstream, either nixpkgs or source name = "perl";
# { path = let
# name = "perl"; mod_perl = pkgs.symlinkJoin {
# path = let name = "userweb_modperl_with_custom_perl_env";
# mod_perl = pkgs.apacheHttpdPackages.mod_perl.override { ignoreCollisions = true;
# apacheHttpd = cfg.package.out; paths = [
# perl = perlEnv; (pkgs.apacheHttpdPackages.mod_perl.override {
# }; apacheHttpd = cfg.package.out;
# in "${mod_perl}/modules/mod_perl.so"; })
# } perlEnv
];
};
in "${mod_perl}/modules/mod_perl.so";
}
]; ];
extraConfig = '' extraConfig = ''
@@ -203,11 +199,14 @@ in
ScriptLog ${cfg.logDir}/cgi.log ScriptLog ${cfg.logDir}/cgi.log
''; '';
# virtualHosts."userweb.pvv.ntnu.no" = {
virtualHosts."temmie.pvv.ntnu.no" = { virtualHosts."temmie.pvv.ntnu.no" = {
forceSSL = true; forceSSL = true;
enableACME = true; enableACME = true;
serverAliases = [
"www2.pvv.ntnu.no"
];
extraConfig = '' extraConfig = ''
UserDir ${lib.concatMapStringsSep " " (l: "/home/pvv/${l}/*/web-docs") homeLetters} UserDir ${lib.concatMapStringsSep " " (l: "/home/pvv/${l}/*/web-docs") homeLetters}
UserDir disabled root UserDir disabled root
@@ -258,6 +257,14 @@ in
# ]; # ];
# }; # };
# NOTE: 54 -> 33, this is the UID/GID we used for www-data on tom in the past.
# Any files accessed by or created by httpd will do so over NFS with this
# UID/GID pair as its credentials.
# This overlaps with the hardcoded `disnix` uid in nixpkgs, but we *probably*
# won't be using that for the foreseeable future.
users.users."wwwrun".uid = lib.mkForce 33;
users.groups."wwwrun".gid = lib.mkForce 33;
systemd.services.httpd = { systemd.services.httpd = {
after = [ "pvv-homedirs.target" ]; after = [ "pvv-homedirs.target" ];
requires = [ "pvv-homedirs.target" ]; requires = [ "pvv-homedirs.target" ];
+108 -1
View File
@@ -1,4 +1,4 @@
{ config, lib, ... }: { config, lib, pkgs, ... }:
{ {
services.postfix.enable = lib.mkForce false; services.postfix.enable = lib.mkForce false;
@@ -9,4 +9,111 @@
remotes = "mail.pvv.ntnu.no smtp --port=25"; remotes = "mail.pvv.ntnu.no smtp --port=25";
}; };
}; };
services.bro = {
enable = true;
instances.userweb-sendmail = {
enable = true;
client = {
settings.BRO_FILE_FLAGS = [
"-C"
];
};
server = {
settings = {
executable = let
sendmailWrapper = pkgs.writeShellApplication {
name = "sendmail";
runtimeInputs = [ ];
bashOptions = [
"errexit"
"pipefail"
];
text = ''
args=("$@")
if [[ -z "$USERDIR_USER" ]] && [[ "$USERDIR_USER" != "pvv" ]]; then
# Prepend -fusername to the argument list, so bounces go to the user
args=("-f$USERDIR_USER" "''${args[@]}")
fi
exec '${lib.getExe pkgs.system-sendmail}' -t -i "''${args[@]}"
'';
};
in lib.getExe sendmailWrapper;
allowed-env = [ "USERDIR_USER" ];
};
};
};
};
environment.systemPackages = [
(config.services.bro.instances.userweb-sendmail.client.package.overrideAttrs (prev: {
buildCommand = prev.buildCommand + ''
mv "$out/bin/sendmail" "$out/bin/bro-sendmail"
'';
}))
];
users.users.nullmailer-user = {
enable = true;
isSystemUser = true;
group = "nullmailer-user";
};
users.groups.nullmailer-user = { };
systemd.services.bro-userweb-sendmail = {
serviceConfig = {
User = "nullmailer-user";
Group = "nullmailer-user";
ReadWritePaths = [
"/var/spool/nullmailer"
];
AmbientCapabilities = "";
CapabilityBoundingSet = "";
NoNewPrivileges = false;
ProtectSystem = "strict";
ProtectHome = true;
PrivateTmp = true;
PrivateDevices = true;
PrivateUsers = false;
ProtectHostname = true;
ProtectClock = true;
ProtectKernelTunables = true;
ProtectKernelModules = true;
ProtectKernelLogs = true;
ProtectControlGroups = true;
RestrictAddressFamilies = [
"AF_UNIX"
"AF_INET"
"AF_INET6"
"AF_NETLINK"
];
LockPersonality = true;
MemoryDenyWriteExecute = true;
PrivateMounts = true;
ProcSubset = "pid";
ProtectProc = "invisible";
RemoveIPC = true;
RestrictNamespaces = true;
RestrictRealtime = true;
RestrictSUIDSGID = true;
SystemCallArchitectures = "native";
SystemCallFilter = [
"@system-service"
"~@resources"
];
UMask = "0077";
};
};
systemd.services.httpd.serviceConfig = {
BindPaths = [ (lib.head config.systemd.sockets.bro-userweb-sendmail.listenStreams) ];
};
} }
+3 -2
View File
@@ -171,6 +171,9 @@ in
requires = [ "matrix-ooye-pre-start.service" ]; requires = [ "matrix-ooye-pre-start.service" ];
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
startLimitIntervalSec = 5;
startLimitBurst = 5;
serviceConfig = { serviceConfig = {
ExecStart = lib.getExe config.services.matrix-ooye.package; ExecStart = lib.getExe config.services.matrix-ooye.package;
WorkingDirectory = "/var/lib/matrix-ooye"; WorkingDirectory = "/var/lib/matrix-ooye";
@@ -182,8 +185,6 @@ in
#PrivateDevices = true; #PrivateDevices = true;
Restart = "on-failure"; Restart = "on-failure";
RestartSec = "5s"; RestartSec = "5s";
StartLimitIntervalSec = "5s";
StartLimitBurst = "5";
DynamicUser = true; DynamicUser = true;
}; };
}; };
+25 -25
View File
@@ -12,7 +12,7 @@ let
name name
, commit , commit
, hash , hash
, tracking-branch ? "REL1_44" , tracking-branch ? "REL1_45"
, kebab-name ? kebab-case-name name , kebab-name ? kebab-case-name name
, fetchgit ? pkgs.fetchgit , fetchgit ? pkgs.fetchgit
}: }:
@@ -33,63 +33,63 @@ in
lib.mergeAttrsList [ lib.mergeAttrsList [
(mw-ext { (mw-ext {
name = "CodeEditor"; name = "CodeEditor";
commit = "2db9c9cef35d88a0696b926e8e4ea2d479d0d73a"; commit = "af7e82f24ba4b68393712fece6f1b5fa4bb049ec";
hash = "sha256-f0tWJl/4hml+RCp7OoIpQ4WSGKE3/z8DTYOAOHbLA9A="; hash = "sha256-XT8E4O6MEZYHSs6Q+A/dfYaUvJ4kY13Kd/cq30dA5NA=";
}) })
(mw-ext { (mw-ext {
name = "CodeMirror"; name = "CodeMirror";
commit = "b16e614c3c4ba68c346b8dd7393ab005ab127441"; commit = "f06dfd40a08562a841ddf11b4ae3444ef06c98c7";
hash = "sha256-J/TJPo5Oxgpy6UQINivLKl8jzJp4k/mKv6br3kcCSMQ="; hash = "sha256-5zXkBjOwFdoQezkPRJ2AcBZLZEEpGG6FawO2K3KzllI=";
}) })
(mw-ext { (mw-ext {
name = "DeleteBatch"; name = "DeleteBatch";
commit = "1b947c0f80249cf052b58138f830b379edf080bc"; commit = "9bc75a753efefedfc88c598fb01f18a7e4b61f00";
hash = "sha256-629RCz+38m2pfyJe/CrYutRoDyN1HzD0KzDdC2wwqlI="; hash = "sha256-1xA758fsvoioN9xuq0hRqZKtPXMQViVLtuRINDtowdk=";
}) })
(mw-ext { (mw-ext {
name = "PluggableAuth"; name = "PluggableAuth";
commit = "56893b8ee9ecd03eaee256e08c38bc82657ee0a1"; commit = "64133683b73d8eeea8069fe7ed9cb7237fd5c212";
hash = "sha256-gvoJey7YLMk+toutQTdWxpaedNDr59E+3xXWmXWCGl0="; hash = "sha256-wqpfgVLenZp6XC510nrsrbvK1IMEPcWVYq5YuAOt5+c=";
}) })
(mw-ext { (mw-ext {
name = "Popups"; name = "Popups";
commit = "6732d8d195bd8312779d8514e92bad372ef63096"; commit = "f74a8639f57232898978d9f3792293eb2d370e40";
hash = "sha256-XZzhA9UjAOUMcoGYYwiqRg2uInZ927JOZ9/IrZtarJU="; hash = "sha256-uunUtN3M/ksW/kcbeIzDVTdb1P/PHTeTwaTsvspMLko=";
}) })
(mw-ext { (mw-ext {
name = "Scribunto"; name = "Scribunto";
commit = "fc9658623bd37fad352e326ce81b2a08ef55f04d"; commit = "cbab0c740e03c8e6184fd647d95e24e0826d20cb";
hash = "sha256-P9WQk8O9qP+vXsBS9A5eXX+bRhnfqHetbkXwU3+c1Vk="; hash = "sha256-vXS3+wrUBVtPsETa19pMvud9sALGt4Ao9mM5rQRbBQc=";
}) })
(mw-ext { (mw-ext {
name = "SimpleSAMLphp"; name = "SimpleSAMLphp";
kebab-name = "simple-saml-php"; kebab-name = "simple-saml-php";
commit = "4c615a9203860bb908f2476a5467573e3287d224"; commit = "fc5ad4501434fe85198f0b1f0087d798efa91f9f";
hash = "sha256-zNKvzInhdW3B101Hcghk/8m0Y+Qk/7XN7n0i/x/5hSE="; hash = "sha256-se0krTglo1fShJXj38bPLhw65tZC5P54Ywt7oeZrLes=";
}) })
(mw-ext { (mw-ext {
name = "TemplateData"; name = "TemplateData";
commit = "6884b10e603dce82ee39632f839ee5ccd8a6fbe3"; commit = "d37b02f6ed194138ac7193a0782bbf6efb9164f8";
hash = "sha256-jcLe3r5fPIrQlp89N+PdIUSC7bkdd7pTmiYppSpdKVQ="; hash = "sha256-NpzVBzX7qfXkIE+jh33ndooS9GE8ZF3/Jynm22in7IQ=";
}) })
(mw-ext { (mw-ext {
name = "TemplateStyles"; name = "TemplateStyles";
commit = "f0401a6b82528c8fd5a0375f1e55e72d1211f2ab"; commit = "f85614c26a0057a9f418342f89214a04c9de9988";
hash = "sha256-tEcCNBz/i9OaE3mNrqw0J2K336BAf6it30TLhQkbtKs="; hash = "sha256-XZOtM3iadjE5vavsjkx7kfJNhLZlnnFt1CN+mv6XVHQ=";
}) })
(mw-ext { (mw-ext {
name = "UserMerge"; name = "UserMerge";
commit = "6c138ffc65991766fd58ff4739fcb7febf097146"; commit = "2f2432c909a36691ca0002daf6fb304d6c182beb";
hash = "sha256-366Nb0ilmXixWgk5NgCuoxj82Mf0iRu1bC/L/eofAxU="; hash = "sha256-ZP8Tp6u+uJxx3I39YGMmkP0sTnjAQUSaxImAJaRv+Ek=";
}) })
(mw-ext { (mw-ext {
name = "VisualEditor"; name = "VisualEditor";
commit = "9cfcca3195bf88225844f136da90ab7a1f6dd0b9"; commit = "1508d49d0dd71fdc1d18badd23671441b3bc327b";
hash = "sha256-jHw3RnUB3bQa1OvmzhEBqadZlFPWH62iGl5BLXi3nZ4="; hash = "sha256-VNiCVNrCAImAr1tS9T28KPPzzNsKPz5ELFRIBtng+So=";
}) })
(mw-ext { (mw-ext {
name = "WikiEditor"; name = "WikiEditor";
commit = "fe5329ba7a8c71ac8236cd0e940a64de2645b780"; commit = "aba5e7c6701877a6b43583709751658fec606d47";
hash = "sha256-no6kH7esqKiZv34btidzy2zLd75SBVb8EaYVhfRPQSI="; hash = "sha256-XmbQy0NXuY3oVGkkgC233kkzfBfx32HDylloGYXU/Nc=";
}) })
] ]
+16 -19
View File
@@ -37,12 +37,10 @@ vaultwarden:
SMTP_PASSWORD: ENC[AES256_GCM,data:Nr+4wZSvq6KjfzB169v4ojvWHa25Aw==,iv:HM4VYLUCI0HaBT8cDzusYA+49LpuJeg7v/Pz4nfulmM=,tag:T4TkDt+NdWnqbCDaRUERJw==,type:str] SMTP_PASSWORD: ENC[AES256_GCM,data:Nr+4wZSvq6KjfzB169v4ojvWHa25Aw==,iv:HM4VYLUCI0HaBT8cDzusYA+49LpuJeg7v/Pz4nfulmM=,tag:T4TkDt+NdWnqbCDaRUERJw==,type:str]
rsa_key.pem: ENC[AES256_GCM,data:bYZzFj2ImB0jfiIP9N9V+nk1ROjql4PEuDcJIhVV96BeE++Kq+DGORrnfCyJaubNlqT7+nlMGN/D6bfzwKWivuXDd7T5s6wXplk480anOrFU4cJ9NYXHJjoT8Cn+jKSb7JEWO42cVwraB+qGWFZevOrRtdBM328ffOH4IDqVYgIonnM+pHe7oGglg2Xc97x3GQ46ODWKFZsAqU3ZZv+4SGJXJJorPv+cOIoVvXpqec7TuD2MnfdXvLQEl6o/zsGuV/yQkbJus/BqKUUR+RZ9i/0xuzCd/hJS9yFbHHBj82fDh6+D4TG+1PM+dVRSolkkxhcBvvBJtUPqRewTe5cNO9wZP1ocf9GNmXMbvopaNdAxh6uPJNH1Z6aZ+kLShF5ddE4FuKSvucEPgUdscZw01LeJIehZ7uzHCC99jmojU8rlsWFPvJqUfp0xAZDFDJgCIGt6AbKwBCCeFGuvqYT6w5GQ8uT8OQVBmRxUCZuplcDTUMsBXDxa/Q/5Q/O2zIev7jw7Rm0cJ23ovllu40VvLD+Xu/uQVYzivOOHkvUhQkjVkfbk073ZjrhlIMO3BOuA7PDKUsMBz3UVndtrYU+OOtCI0CoCVVP/K/CamNBGGHdvBoQ13bVn04OgdgJYgz04gP6MqFkr8AWoPFHVZe8+Z/tlW5DtV6SRoUfGFlnROWhiBVZpNuUj/ef1gUY1OoFuqY4GRc3nkC/Fwxi81+lSbAQ2ZdtqroJxquoVJhoUWuSonNDBtOYU0yczvF70R84AFzWKh1eJ7hr2iwcMJPSkhTzTm7LTrr0mQqU8qMxUz4pa0yxOZW0UkC2koz6jKdYlwXHMjjyiUZqfc2y9DrRF6Sa/NUPTrzIvikYk9yr3thnh4VtcsYdqvwlsnkbM/HtGvcmmtZjT4npLyD5t/7tUOs453Ntoo1BOto7+X+0IrFs9yHheBOqfj8dA1M2am0cjrS9LyaSnqBREgBFWVJdpSB0aDdh0M8vmpCBcdrzGPLCUXhNWihiZFEVh1ZrwzXWndRtqmhFLFfXmnEAhtEQL6l/GuA5WEYPHIThq+33BDhXAUB5oBcQQSI8TGPWw0IkOci8Q+SlUd81h2JtAmek/L+1kGZwmyolg1iA9c0LVxapM9cpSNVnmON/O2q3tFisQS82/ysKnNggeyD/ByY0dGMUZILAeONBqm41UcVGoAP5N5KE6Cb7FlppBRitn4QejVvLExPtK8NwQl503Yjq+yBTjSjhuZbB2mQaFgJeKhXrm34I3ZMKKm58j+NAGVJTi7RPzSfTW3kvPvtfm8GvM+vuOOxvNzdid8jR241pQl35d6hOYS3wvbkDVmkvbcjTJBPslvq6pGmAVPyHLHshgyTvvTweX1yodoV+4Z3dtrBb9wZKADT6VfTmEo4RXNjIoZFQrTJTdBeVQbgxejySKHAy2G0/8ZipvToj7zRULSOHh6yS4no8b7U7ZY9tEdxs8uxhDob0nkGy7VQUGG8YNXuwGsjLjVsTiawXiWnqdxeFLuTkKEvtMEEmDUfIRErY2juZbra4AKKWdjegc4ayW1ZyUq5i12eRdnpNbdXBQBtBjagvo3A29bse1TMV3Hww+B7oZ0wsHFD72byD159DdEqnLYlxzRjXns3E2qX8f5xvIUFkBIFNDqkKVaq9wqCrmS0vpbHvuiEJDwyr+nu32nWYT9M+RO41Ri/W63juukd/wf75QKVNNjV5WVrJaN2lgr1+3ux0LE5qs01nZZKqv0jzk4P2SnrPJLMq9NbEgXgKjmwqABnQm8KkeHpPQ8ns4JAY7L5pV6faf1rKWQnE71t9qpKSNMlOgtcv2Jd+5HZuUYbYw5SdDYmwsd+OT0cVu0jURz22k/OmT9GY09SnYpvgHrXLNjvEtY0Tr2vpX1SL5qTx6MWDs/nr47+t/DUEMC/JmUrIOE3OSZXpS9AO4BsBmTV0DF5SlvYBDnHAqkHuJbzRdQ1FjGg/wZLFDmIUy3F7m7bGB+5NX+1ZO1BmG2f0ICpHiR1SGnaK81mY3gmfUD8al7gmmKmAltfvw2kP+Z+Hv2d+XGqVk2csRlfq9e5wu0jFKgcGIs4NuA71V0oKfwL7a3gN0Drd270frH1lYzET0NRSQkqw4oeTt0y4my5TvYGmLEHE05IORdrmHUkHefUtomTEB6YQYY+wLyxVBo6z6MFLN7eCe1HtxjUBp8LFxTT+2l7IusDgIs+6I05Krrrz5GHgNHdMBhw==,iv:CtmysYvEFew/839Gj+vZEDoqu6TvrZ9bUIg9GwejIX0=,tag:CnTEOKLYDsVGRVrQDwfFKQ==,type:str] rsa_key.pem: ENC[AES256_GCM,data:bYZzFj2ImB0jfiIP9N9V+nk1ROjql4PEuDcJIhVV96BeE++Kq+DGORrnfCyJaubNlqT7+nlMGN/D6bfzwKWivuXDd7T5s6wXplk480anOrFU4cJ9NYXHJjoT8Cn+jKSb7JEWO42cVwraB+qGWFZevOrRtdBM328ffOH4IDqVYgIonnM+pHe7oGglg2Xc97x3GQ46ODWKFZsAqU3ZZv+4SGJXJJorPv+cOIoVvXpqec7TuD2MnfdXvLQEl6o/zsGuV/yQkbJus/BqKUUR+RZ9i/0xuzCd/hJS9yFbHHBj82fDh6+D4TG+1PM+dVRSolkkxhcBvvBJtUPqRewTe5cNO9wZP1ocf9GNmXMbvopaNdAxh6uPJNH1Z6aZ+kLShF5ddE4FuKSvucEPgUdscZw01LeJIehZ7uzHCC99jmojU8rlsWFPvJqUfp0xAZDFDJgCIGt6AbKwBCCeFGuvqYT6w5GQ8uT8OQVBmRxUCZuplcDTUMsBXDxa/Q/5Q/O2zIev7jw7Rm0cJ23ovllu40VvLD+Xu/uQVYzivOOHkvUhQkjVkfbk073ZjrhlIMO3BOuA7PDKUsMBz3UVndtrYU+OOtCI0CoCVVP/K/CamNBGGHdvBoQ13bVn04OgdgJYgz04gP6MqFkr8AWoPFHVZe8+Z/tlW5DtV6SRoUfGFlnROWhiBVZpNuUj/ef1gUY1OoFuqY4GRc3nkC/Fwxi81+lSbAQ2ZdtqroJxquoVJhoUWuSonNDBtOYU0yczvF70R84AFzWKh1eJ7hr2iwcMJPSkhTzTm7LTrr0mQqU8qMxUz4pa0yxOZW0UkC2koz6jKdYlwXHMjjyiUZqfc2y9DrRF6Sa/NUPTrzIvikYk9yr3thnh4VtcsYdqvwlsnkbM/HtGvcmmtZjT4npLyD5t/7tUOs453Ntoo1BOto7+X+0IrFs9yHheBOqfj8dA1M2am0cjrS9LyaSnqBREgBFWVJdpSB0aDdh0M8vmpCBcdrzGPLCUXhNWihiZFEVh1ZrwzXWndRtqmhFLFfXmnEAhtEQL6l/GuA5WEYPHIThq+33BDhXAUB5oBcQQSI8TGPWw0IkOci8Q+SlUd81h2JtAmek/L+1kGZwmyolg1iA9c0LVxapM9cpSNVnmON/O2q3tFisQS82/ysKnNggeyD/ByY0dGMUZILAeONBqm41UcVGoAP5N5KE6Cb7FlppBRitn4QejVvLExPtK8NwQl503Yjq+yBTjSjhuZbB2mQaFgJeKhXrm34I3ZMKKm58j+NAGVJTi7RPzSfTW3kvPvtfm8GvM+vuOOxvNzdid8jR241pQl35d6hOYS3wvbkDVmkvbcjTJBPslvq6pGmAVPyHLHshgyTvvTweX1yodoV+4Z3dtrBb9wZKADT6VfTmEo4RXNjIoZFQrTJTdBeVQbgxejySKHAy2G0/8ZipvToj7zRULSOHh6yS4no8b7U7ZY9tEdxs8uxhDob0nkGy7VQUGG8YNXuwGsjLjVsTiawXiWnqdxeFLuTkKEvtMEEmDUfIRErY2juZbra4AKKWdjegc4ayW1ZyUq5i12eRdnpNbdXBQBtBjagvo3A29bse1TMV3Hww+B7oZ0wsHFD72byD159DdEqnLYlxzRjXns3E2qX8f5xvIUFkBIFNDqkKVaq9wqCrmS0vpbHvuiEJDwyr+nu32nWYT9M+RO41Ri/W63juukd/wf75QKVNNjV5WVrJaN2lgr1+3ux0LE5qs01nZZKqv0jzk4P2SnrPJLMq9NbEgXgKjmwqABnQm8KkeHpPQ8ns4JAY7L5pV6faf1rKWQnE71t9qpKSNMlOgtcv2Jd+5HZuUYbYw5SdDYmwsd+OT0cVu0jURz22k/OmT9GY09SnYpvgHrXLNjvEtY0Tr2vpX1SL5qTx6MWDs/nr47+t/DUEMC/JmUrIOE3OSZXpS9AO4BsBmTV0DF5SlvYBDnHAqkHuJbzRdQ1FjGg/wZLFDmIUy3F7m7bGB+5NX+1ZO1BmG2f0ICpHiR1SGnaK81mY3gmfUD8al7gmmKmAltfvw2kP+Z+Hv2d+XGqVk2csRlfq9e5wu0jFKgcGIs4NuA71V0oKfwL7a3gN0Drd270frH1lYzET0NRSQkqw4oeTt0y4my5TvYGmLEHE05IORdrmHUkHefUtomTEB6YQYY+wLyxVBo6z6MFLN7eCe1HtxjUBp8LFxTT+2l7IusDgIs+6I05Krrrz5GHgNHdMBhw==,iv:CtmysYvEFew/839Gj+vZEDoqu6TvrZ9bUIg9GwejIX0=,tag:CnTEOKLYDsVGRVrQDwfFKQ==,type:str]
rsa_key.pub.pem: ENC[AES256_GCM,data:B/2SQrEQ4zRie6A89jneHl5tXfHraYzVEBshY+IrRoufI9YpQw16VjGgrNVCpaG5+PSsCNjz8lXM33oQwg7HU1IWHmvrZdEgkguYv722Ngdb4D8IKHL1nsL9/gkVQFFFvty9ru3LDTfrFKF3cLX+6eIQMFk5W+qLuVO5Pbxh3LKWmN7zG8XHa/b+tvMQclHrtY2iomIThyxKi8w03uE1Fs6V80hyuMA/3TdIz9nUwl5WpiGxaelwaJyts2b5KoBzJ0zZbdR4IHCTYYqBkdjo8929M/gfPS6ZqZS2FPDReoWiujJSAyyoC9xZxglUk/g7vU/8CVwcrtVzn5DEbUot/om98p/1Hq/1Hk4zli49Ysy8nbPhlshZeH5RNSQIDkY6wT7TYD5m3QXjXV+siH7ClKAfri2zp4S4k9uEXvL27NTPqvoXKIUpSEl1b0A/ApQt761PODEMtEXx2PmlRKhg9T9cvLRNYbJavg3FMNivZ+2oQNZXeJZWUEjtqsEoPBAbEHklMtKJiQiThtIPHL3eEdTAhOVhjxBGYU2Kase2hU7g2YvgC3+8u48OarXZbZYgcJkoCHrm+hocYm5DZJ64rxURZQ==,iv:6x0vx8tiGOsQxHsp+qO+nvdUmqNKWINdFO1wXOnORVo=,tag:zuPNh7IfEG/c4lsFVNRYog==,type:str] rsa_key.pub.pem: ENC[AES256_GCM,data:B/2SQrEQ4zRie6A89jneHl5tXfHraYzVEBshY+IrRoufI9YpQw16VjGgrNVCpaG5+PSsCNjz8lXM33oQwg7HU1IWHmvrZdEgkguYv722Ngdb4D8IKHL1nsL9/gkVQFFFvty9ru3LDTfrFKF3cLX+6eIQMFk5W+qLuVO5Pbxh3LKWmN7zG8XHa/b+tvMQclHrtY2iomIThyxKi8w03uE1Fs6V80hyuMA/3TdIz9nUwl5WpiGxaelwaJyts2b5KoBzJ0zZbdR4IHCTYYqBkdjo8929M/gfPS6ZqZS2FPDReoWiujJSAyyoC9xZxglUk/g7vU/8CVwcrtVzn5DEbUot/om98p/1Hq/1Hk4zli49Ysy8nbPhlshZeH5RNSQIDkY6wT7TYD5m3QXjXV+siH7ClKAfri2zp4S4k9uEXvL27NTPqvoXKIUpSEl1b0A/ApQt761PODEMtEXx2PmlRKhg9T9cvLRNYbJavg3FMNivZ+2oQNZXeJZWUEjtqsEoPBAbEHklMtKJiQiThtIPHL3eEdTAhOVhjxBGYU2Kase2hU7g2YvgC3+8u48OarXZbZYgcJkoCHrm+hocYm5DZJ64rxURZQ==,iv:6x0vx8tiGOsQxHsp+qO+nvdUmqNKWINdFO1wXOnORVo=,tag:zuPNh7IfEG/c4lsFVNRYog==,type:str]
bluemap:
ssh-key: ENC[AES256_GCM,data:nPwsT4RYbMbGp2MChLUh6NXW4ckYr7SQcd6Gy2G8CEU+ugew5pt4d6GOK1fyekspDtet3EkPL2F1AsoPFBB2Rv0boARMslAhBqwWSsbBJTXeTEgAABSMxTPJRBtfJucvv426nyIj3uApoknz6mDCQh1OI6mER0fis7MPaM1506HlDlnIT0FV9EairEsaAmbd0yddByGJSccKIza2vW0qWqrz83P+xrakEONxFz0fJlkO5PRXCcQJVBCqWQfnaHNrWeBWv0QA7vAHlT0yjqJCpDRxN2KYrPWsz7sUbB4UZOtykCRM5kKFq73GUaOKqVECJQhcJi6tERhpJELwjjS8MSqvBD90UTKTshGugfuygTaOyUx4wou3atxMR2Rah9+uZ6mBrLAOLX3JKiAtyhFewPMWjd/UhbMPuzNageVBNz2EMpa4POSVwz5MyViKNSgr9cPcNGqmrnjvr/W/lnj6Ec+W80RiXQlADSE4Q6diLLwB9nlHvKs8NTDgv6sUafcPHpJ2+N4Jkb96dE14bMffQ385SI4vLDcQ8xCQ,iv:WdJIHRzjlm8bEldolCx1Q7pZJvjxGkNZALSOy3IjizU=,tag:5ZAikiqttq/76+thG+4LMw==,type:str]
ssh-known-hosts: ENC[AES256_GCM,data:J6V+NJ9TvYUL2gmcqWWYt8X+n0M7i0RpDpBelWAbFMH64+e9ztHNnC491sm+RogDxqKk0kwQyX2Mz00iq3Gc3wDYyozGOdv3tBKrp7/LcfjUQ9T9hi0yTD3eNV0LAjlAWMTdlW65VGHqGst8ncKbUuVxbBASVlh3A321toZgD+xxUAtNz7qKFa6fDbOS0xLD1+CmTwVp+aPos//QIKzjuk1HqxfBNK82maKtD4JHPS+Y3be2wIEjGWq3H6JYN/RDojD88D/jzo9RwvEjpqLXoOVfy8uX/fbEsgkgfAmPiaG+ePCnchSExEe3a6Y0E+I6YIzvP+tGThJpu4HaT/yW2Rww/jvsxKrXSUhtBZI/SIX5ZAIFB3sFjJXQefJjfNpQTQWhbspLfdemafGaRiDnzVgKDhNL1HNMNsXKDfWa0SLs4//dqerom/QCCNsaqV+4HVzv5x44srChGERadQI/Wh4UG2R19xxbdyIsKPHzv7BhEKufJkjc5upBjWygQrGAkTRHugFpw2Tdkz9yUQSujMkaeRKhVkA+ZUAjwnY5TwqNZBj7U3K2JXoNVHAq194XmrA2dNghh0OmRrvKGwM3HKexX22SXT0bPlpdWRQpMbUgV+uHLMerlDpNMFTIueEBkaF/FWeSW2N5WUrUb1uJ91QcJ8JBgN1riuD1Oxv9RRPrY9VVNJMrYjpAAREN8i8brMTOCJ35s7jnqIei0dNmnNXOoQZPs9kUMeEtUc/Df1E8/aO2Y4yU9gHUuevXnAJWFAiu2IxssgPk6CcNxvapJEmlwkLK/JyuDsWwFxVOHfw5QIEsoDVWXt6eMhquqUgzJI1q7QrTWUQsBb5A5sQKYWQHempOaXuQn1bzA7mU3Gzsr8bNNc6tpy+6j3zTXYR067EX00yqPG+kqRn4QVIuhByxXP3cwXLUG9uD1lsqWrGzs6WCnHr7txhRBXf4WbBVmXModO3uf36cDYEwrUa6yBsARtSl8PJ0UadfY/xULcT5PFvu9+Hi2qj3vp4IU3JCJa9AvXB+11pbSdawprjuDhwQtPwkJ4CQyvZsom3/BOrmwYM5+EyMDIluEQ0z6eDE5buiIVbX6IvXnDCKbrnqVwavX2wqyiDduFLjRfWL/3U2O1yRim78smrDMJABJZvtW+a+GfmlnTd/gnFvS70Fmm/lgtY051ISL/iFx6toJRoBMMiI/Zvy13uQry+w/HbyFl42DIank8tf7kuN3E9M7ADGMubRJJ0AZOcQddrFnR4Gl2nU2+3RS5fLHaBf9QHK6W92/n//xmPkYqrkPacew4eBjUqM32jVGuBpDc964fK9kdtIdw8q5P1s/ph3I79Y24kGeuO1AVJuZvkaTv1Z7GgI9+K9TstKJ9XpRCidLpLSP+uHOWkqcNsQlt6ilTlfHj+MKoD85dKZ315QMmpiuYEvzCSP1aYTb9dpd61Su/IVuM3r2NuINNEZ166YlHQVsLNpDn8E5ahk3ZInOAg6/kaKTmjUI8KEvX4BR3PbbViAlJJb3suJ0oZBGPUlrW5uLRmADvf2mMDVO5zY7/m9DQwxjt4Miu0l8ZaUc0YJQ850lBKucQ==,iv:GI8w7h7xX8gMHuAoWUyrW+BQb85LNlASoYvGBPlCZaI=,tag:WnHNMevfFSMc0ikBZwWn/g==,type:str]
sops: sops:
age: age:
- enc: | - recipient: age12nj59tguy9wg882updc2vjdusx5srnxmjyfaqve4zx6jnnsaw3qsyjq6zd
enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBzMVM0T0Y4Wjg1OGNsR0Iv YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBzMVM0T0Y4Wjg1OGNsR0Iv
VmxoNmRMcjlWRHFhc3l2Sy9aZnF4b0ZsTnhnCkd6UnEvWi9kRU9qSmVLZkdiWGJh VmxoNmRMcjlWRHFhc3l2Sy9aZnF4b0ZsTnhnCkd6UnEvWi9kRU9qSmVLZkdiWGJh
@@ -50,8 +48,8 @@ sops:
R0RmcXJwRlkvSVhRbGwxZytLNmlqeFkKw/0nGPzgzH39udFyJVkjNTMTmffiQh6/ R0RmcXJwRlkvSVhRbGwxZytLNmlqeFkKw/0nGPzgzH39udFyJVkjNTMTmffiQh6/
HT1O7imvPymx5kXrnfciAP9bnCV4o/HiVkuDxBP7gG5nBUgY6PIC7Q== HT1O7imvPymx5kXrnfciAP9bnCV4o/HiVkuDxBP7gG5nBUgY6PIC7Q==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
recipient: age12nj59tguy9wg882updc2vjdusx5srnxmjyfaqve4zx6jnnsaw3qsyjq6zd - recipient: age1ug30gg4y7ftuya0wdv7q0vh4egn00wlv2th7mt7cgc2ze46wmvyq9lq6ge
- enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBCV2ptWkhqNjcrM0hXOWEv YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBCV2ptWkhqNjcrM0hXOWEv
Y21GNkVJUXY3dHV1OUdUdlJZNHhka3g3QVdNCk9vak0wSDBhS3pZSWk2anVsMnVY Y21GNkVJUXY3dHV1OUdUdlJZNHhka3g3QVdNCk9vak0wSDBhS3pZSWk2anVsMnVY
@@ -59,8 +57,8 @@ sops:
cXl3S2tRdExvSjRNUHpwbFNzVXdQVmcK65zb8MPh67TyHkjLA2vLgv2eOQOSUDih cXl3S2tRdExvSjRNUHpwbFNzVXdQVmcK65zb8MPh67TyHkjLA2vLgv2eOQOSUDih
JeHkryWGQXzlYL5tZZ24ae1mqYiYQ6DsbWXopA0q0OmndYByXct6FA== JeHkryWGQXzlYL5tZZ24ae1mqYiYQ6DsbWXopA0q0OmndYByXct6FA==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
recipient: age1ug30gg4y7ftuya0wdv7q0vh4egn00wlv2th7mt7cgc2ze46wmvyq9lq6ge - recipient: age1mrnldl334l2nszuta6ywvewng0fswv2dz9l5g4qcwe3nj4yxf92qjskdx6
- enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBCSnU5dml1bjY5ejZHUGRQ YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBCSnU5dml1bjY5ejZHUGRQ
V1pNQnBXWUx0c1R5WkY5d3NFOFlKTkFrMUN3CkNqMjc5NDRMb05tSW9wV3lkUUVU V1pNQnBXWUx0c1R5WkY5d3NFOFlKTkFrMUN3CkNqMjc5NDRMb05tSW9wV3lkUUVU
@@ -68,8 +66,8 @@ sops:
SzM4Rml4dFNjMWxxYXlVdTdxTTB1ZzQKvoBpb4PPNM5yl85wTcTTqZmkXmwZGyvS SzM4Rml4dFNjMWxxYXlVdTdxTTB1ZzQKvoBpb4PPNM5yl85wTcTTqZmkXmwZGyvS
PMPFNqEkzcZFtC1BfYGIlKAuisGhQ6rFAkyTZXTLP0HjPEcH00+WMw== PMPFNqEkzcZFtC1BfYGIlKAuisGhQ6rFAkyTZXTLP0HjPEcH00+WMw==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
recipient: age1mrnldl334l2nszuta6ywvewng0fswv2dz9l5g4qcwe3nj4yxf92qjskdx6 - recipient: age1hmpdk4h69wxpwqk9tkud39f66hprhehxtzhgw97r6dvr7v0mx5jscsuhkn
- enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDbGdTVUU3UVUwZytQancy YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDbGdTVUU3UVUwZytQancy
ZXY1Ullmck9qZ0dsSmZqUHF0NGpSZlJWRjBJCndmbGh6Y3lUWmdEWUdHNkZwd0dM ZXY1Ullmck9qZ0dsSmZqUHF0NGpSZlJWRjBJCndmbGh6Y3lUWmdEWUdHNkZwd0dM
@@ -77,8 +75,8 @@ sops:
NmloODFNNXU1TG9FeWxKYTBGOG5qR1kKXGAQyRVO6Sh0LNlFD5nx0F3m2KYP8hYl NmloODFNNXU1TG9FeWxKYTBGOG5qR1kKXGAQyRVO6Sh0LNlFD5nx0F3m2KYP8hYl
/g3mwi4NI4UIR2dYXsgNJuF7axxP1IbaZ/j2NLNYbVe2+iZvscvBTw== /g3mwi4NI4UIR2dYXsgNJuF7axxP1IbaZ/j2NLNYbVe2+iZvscvBTw==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
recipient: age1hmpdk4h69wxpwqk9tkud39f66hprhehxtzhgw97r6dvr7v0mx5jscsuhkn - recipient: age1wrssr4z4g6vl3fd3qme5cewchmmhm0j2xe6wf2meu4r6ycn37anse98mfs
- enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtWkVyLzJWM01ybHB3cmpq YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtWkVyLzJWM01ybHB3cmpq
cTJTM3VWaEk3djcxb0RnbVZXUGRyMWQxcWlFCmhQUmtGZm0wczdsLzZUNHFqRnZW cTJTM3VWaEk3djcxb0RnbVZXUGRyMWQxcWlFCmhQUmtGZm0wczdsLzZUNHFqRnZW
@@ -86,8 +84,8 @@ sops:
RGs3aStCRUJmMG9JRFZyRFJWeTZKWGsK8oTccCGCXPsQEGnn57ml5IwYCHgYoBpC RGs3aStCRUJmMG9JRFZyRFJWeTZKWGsK8oTccCGCXPsQEGnn57ml5IwYCHgYoBpC
2U7uT/Z10crtrqgPGi3/jYr5IEacLBvbuGLBwSlCo7NGz/6XnVIyaQ== 2U7uT/Z10crtrqgPGi3/jYr5IEacLBvbuGLBwSlCo7NGz/6XnVIyaQ==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
recipient: age1wrssr4z4g6vl3fd3qme5cewchmmhm0j2xe6wf2meu4r6ycn37anse98mfs - recipient: age1zhxul786an743u0fascv4wtc5xduu7qfy803lfs539yzhgmlq5ds2lznt5
- enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBSTlJPQk9DTFNKMjA2bTRj YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBSTlJPQk9DTFNKMjA2bTRj
OE5uaWxEQkhUdmRvT2h4TDJvREo4TlQ4MFZrCjNjd2ErOXcxQkJrNzlOdGNFSDNW OE5uaWxEQkhUdmRvT2h4TDJvREo4TlQ4MFZrCjNjd2ErOXcxQkJrNzlOdGNFSDNW
@@ -95,8 +93,8 @@ sops:
RlRMc0R3dDllUGRHcmNDTDBSS09mUUUKhdxXMEuwLviNY134uA4SELXiHo4rCC9h RlRMc0R3dDllUGRHcmNDTDBSS09mUUUKhdxXMEuwLviNY134uA4SELXiHo4rCC9h
pT2iqOV+VDquwE99h9OIo2Kfmblzje/TGpok1i4cxytg8fly3LZD+Q== pT2iqOV+VDquwE99h9OIo2Kfmblzje/TGpok1i4cxytg8fly3LZD+Q==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
recipient: age1zhxul786an743u0fascv4wtc5xduu7qfy803lfs539yzhgmlq5ds2lznt5 - recipient: age1sqs7urnzsdy64efmd0zukzv3gs5pnjksuxd7nqmdwdy5l0nqnunq6hyune
- enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQcHVjN3MvVUEwazNraXFQ YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQcHVjN3MvVUEwazNraXFQ
anVTbU1EY1JUQ0FyeSt3bWJ6TVcwY1UwZ1cwClRtOTE1QWNXaUdzejh5a3BUdTFv anVTbU1EY1JUQ0FyeSt3bWJ6TVcwY1UwZ1cwClRtOTE1QWNXaUdzejh5a3BUdTFv
@@ -104,9 +102,8 @@ sops:
SU5zanlva1p2QjVndVJwUnlkdkFuTDAKbQRrSfG9MGsGvF2ywoGhDSuriDsbQ+k2 SU5zanlva1p2QjVndVJwUnlkdkFuTDAKbQRrSfG9MGsGvF2ywoGhDSuriDsbQ+k2
29mxere0efSSGGq8y9YrPC8UX5hZRfqg/dfbL+PFc4NHfbxB/oSzQw== 29mxere0efSSGGq8y9YrPC8UX5hZRfqg/dfbL+PFc4NHfbxB/oSzQw==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
recipient: age1sqs7urnzsdy64efmd0zukzv3gs5pnjksuxd7nqmdwdy5l0nqnunq6hyune lastmodified: "2026-05-24T07:03:34Z"
lastmodified: "2026-05-22T08:58:19Z" mac: ENC[AES256_GCM,data:J9RFBasxTwjIMIV5ou7eEytKY4YBCmGq7DEw/thDIxd5nfPmM/T8OIyFYE9130OsMJu5LabmskaypxTQ2d7sW5ovqMfs3BVCI8FNjUiCmWfmwnFZ29hlDWMD3BYShgOVxI6XTlPiY/2AakQ4T5OwvQfO0sqIGReP+zhT1FIzZFk=,iv:J6v6qhRYFKq76OctU4zOCFqiaYcHbclQcfWMlj6Tig0=,tag:TYc0JcXheOlAidBZC3D6Sg==,type:str]
mac: ENC[AES256_GCM,data:EYU8RCXRMdQn+yLB0iWBw7JULZya3PqkScAFtlP0d0zTyud4MGVCTINtrn7EgboYONvEWgi4yRvJVHUDPArRA6WlHx/tx175DJbVq6sdnl0xsL0Y9dt18HbdEgDDyOxbCjTOjAV1WPINOmpVvyXMp4+cc0oU3g+2ANjiodkU+t4=,iv:wAi+m9VkKx1bCxz5kZyEgNQcPE9aa5f9TlaYEohnwu0=,tag:3ZtP78aCmyqW0A0zvgpUTw==,type:str]
pgp: pgp:
- created_at: "2026-01-16T06:34:44Z" - created_at: "2026-01-16T06:34:44Z"
enc: |- enc: |-
+6 -6
View File
@@ -22,12 +22,12 @@ pkgs.mkShell {
stdenv.cc stdenv.cc
unzip unzip
util-linux util-linux
xorg.libX11 libX11
xorg.libXext libXext
xorg.libXi libXi
xorg.libXmu libXmu
xorg.libXrandr libXrandr
xorg.libXv libXv
zlib zlib
cudatoolkit cudatoolkit