mirror of
https://git.pvv.ntnu.no/Drift/pvv-nixos-config.git
synced 2026-05-24 23:31:12 +02:00
Compare commits
25 Commits
nixos-2605
...
gluttony-b
| Author | SHA1 | Date | |
|---|---|---|---|
|
273110b304 | ||
|
|
32a14e262f | ||
|
|
d66fef033d | ||
|
|
4d7fdcc059 | ||
|
|
52e1d693cc | ||
|
|
df54bcd853 | ||
|
|
b8ec6308bd | ||
|
|
c67e381065 | ||
|
|
6bf2ede728 | ||
|
|
7c4439dbc0 | ||
|
|
cbb587f79c | ||
|
|
33b7a420e3 | ||
|
|
e08e61d6a1 | ||
|
|
eeab3b8fa6 | ||
|
|
6cca1db3b3 | ||
|
|
bfd83c4c64 | ||
|
|
9a6fdecb03 | ||
|
|
82ab97fb45 | ||
|
|
543fd19f8d | ||
|
|
6f99fa575d | ||
|
|
3141b1f76b | ||
|
|
475f6a8c9b | ||
|
|
9c1687f8f2 | ||
|
|
0f53bcd731 | ||
|
|
f433ae1e15 |
28
.sops.yaml
28
.sops.yaml
@@ -19,8 +19,8 @@ keys:
|
||||
- &host_lupine-3 age1wmrrhd5deatmgflkas636u3rzuk46u9knl02v4t39ncs37xqquhq9vwzye
|
||||
- &host_lupine-4 age1ml48zztcmnrdrhrdsjrlyxf09jtmjgz46u8td4zm59wn3fm4g57qs4wg0l
|
||||
- &host_lupine-5 age12gws5nws69vxryd3kt7q0ayngch90efmhqcrfhnnsmj00lkgxd4qsdkvqn
|
||||
- &host_ustetind age1hffjafs4slznksefmtqrlj7rdaqgzqncn4un938rhr053237ry8s3rs0v8
|
||||
- &host_skrot age1hzkvnktkr8t5gvtq0ccw69e44z5z6wf00n3xhk3hj24emf07je5s6q2evr
|
||||
- &host_gluttony age12czfkvuw9pjk5qny5c6m2hjhd634cj9r4dsa3ss5zkux5h4vvc7s7k4urq
|
||||
|
||||
creation_rules:
|
||||
# Global secrets
|
||||
@@ -91,19 +91,6 @@ creation_rules:
|
||||
pgp:
|
||||
- *user_oysteikt
|
||||
|
||||
- path_regex: secrets/ustetind/[^/]+\.yaml$
|
||||
key_groups:
|
||||
- age:
|
||||
- *host_ustetind
|
||||
- *user_danio
|
||||
- *user_felixalb
|
||||
- *user_pederbs_sopp
|
||||
- *user_pederbs_nord
|
||||
- *user_pederbs_bjarte
|
||||
- *user_vegardbm
|
||||
pgp:
|
||||
- *user_oysteikt
|
||||
|
||||
- path_regex: secrets/lupine/[^/]+\.yaml$
|
||||
key_groups:
|
||||
- age:
|
||||
@@ -133,3 +120,16 @@ creation_rules:
|
||||
- *user_vegardbm
|
||||
pgp:
|
||||
- *user_oysteikt
|
||||
|
||||
- path_regex: secrets/gluttony/[^/]+\.yaml$
|
||||
key_groups:
|
||||
- age:
|
||||
- *host_gluttony
|
||||
- *user_danio
|
||||
- *user_felixalb
|
||||
- *user_pederbs_sopp
|
||||
- *user_pederbs_nord
|
||||
- *user_pederbs_bjarte
|
||||
- *user_vegardbm
|
||||
pgp:
|
||||
- *user_oysteikt
|
||||
|
||||
@@ -77,10 +77,10 @@
|
||||
'';
|
||||
|
||||
# These are servers, sleep is for the weak
|
||||
systemd.sleep.settings.Sleep = {
|
||||
AllowSuspend = lib.mkDefault false;
|
||||
AllowHibernation = lib.mkDefault false;
|
||||
};
|
||||
systemd.sleep.extraConfig = lib.mkDefault ''
|
||||
AllowSuspend=no
|
||||
AllowHibernation=no
|
||||
'';
|
||||
|
||||
# users.mutableUsers = lib.mkDefault false;
|
||||
|
||||
|
||||
@@ -8,6 +8,6 @@
|
||||
|
||||
services.resolved = {
|
||||
enable = lib.mkDefault true;
|
||||
settings.Resolve.DNSSEC = false; # Supposdly this keeps breaking and the default is to allow downgrades anyways...
|
||||
dnssec = "false"; # Supposdly this keeps breaking and the default is to allow downgrades anyways...
|
||||
};
|
||||
}
|
||||
|
||||
@@ -205,7 +205,6 @@
|
||||
inputs.disko.nixosModules.disko
|
||||
];
|
||||
};
|
||||
#ildkule-unstable = unstableNixosConfig "ildkule" { };
|
||||
skrot = stableNixosConfig "skrot" {
|
||||
modules = [
|
||||
inputs.disko.nixosModules.disko
|
||||
@@ -216,7 +215,12 @@
|
||||
shark = stableNixosConfig "shark" {};
|
||||
wenche = stableNixosConfig "wenche" {};
|
||||
temmie = stableNixosConfig "temmie" {};
|
||||
gluttony = stableNixosConfig "gluttony" {};
|
||||
gluttony = stableNixosConfig "gluttony" {
|
||||
overlays = [
|
||||
(final: prev: { bluemap = final.callPackage ./packages/bluemap.nix {}; })
|
||||
];
|
||||
modules = [ self.nixosModules.bluemap ];
|
||||
};
|
||||
|
||||
kommode = stableNixosConfig "kommode" {
|
||||
overlays = [
|
||||
|
||||
@@ -1,105 +1,10 @@
|
||||
{ config, lib, pkgs, inputs, ... }:
|
||||
{ values, ... }:
|
||||
let
|
||||
vanillaSurvival = "/var/lib/bluemap/vanilla_survival_world";
|
||||
format = pkgs.formats.hocon { };
|
||||
webExport = "/var/lib/bluemap/web";
|
||||
in {
|
||||
# NOTE: our versino of the module gets added in flake.nix
|
||||
# NOTE: our version of the module gets added in flake.nix
|
||||
disabledModules = [ "services/web-apps/bluemap.nix" ];
|
||||
|
||||
sops.secrets."bluemap/ssh-key" = { };
|
||||
sops.secrets."bluemap/ssh-known-hosts" = { };
|
||||
|
||||
services.bluemap = {
|
||||
enable = true;
|
||||
|
||||
eula = true;
|
||||
onCalendar = "*-*-* 05:45:00"; # a little over an hour after auto-upgrade
|
||||
|
||||
host = "minecraft.pvv.ntnu.no";
|
||||
|
||||
maps = let
|
||||
inherit (inputs.minecraft-kartverket.packages.${pkgs.stdenv.hostPlatform.system}) bluemap-export;
|
||||
in {
|
||||
"verden" = {
|
||||
extraHoconMarkersFile = "${bluemap-export}/overworld.hocon";
|
||||
settings = {
|
||||
world = vanillaSurvival;
|
||||
dimension = "minecraft:overworld";
|
||||
name = "Verden";
|
||||
sorting = 0;
|
||||
start-pos = {
|
||||
x = 0;
|
||||
z = 0;
|
||||
};
|
||||
ambient-light = 0.1;
|
||||
cave-detection-ocean-floor = -5;
|
||||
};
|
||||
};
|
||||
"underverden" = {
|
||||
extraHoconMarkersFile = "${bluemap-export}/nether.hocon";
|
||||
settings = {
|
||||
world = vanillaSurvival;
|
||||
dimension = "minecraft:the_nether";
|
||||
name = "Underverden";
|
||||
sorting = 100;
|
||||
start-pos = {
|
||||
x = 0;
|
||||
z = 0;
|
||||
};
|
||||
sky-color = "#290000";
|
||||
void-color = "#150000";
|
||||
sky-light = 1;
|
||||
ambient-light = 0.6;
|
||||
remove-caves-below-y = -10000;
|
||||
cave-detection-ocean-floor = -5;
|
||||
cave-detection-uses-block-light = true;
|
||||
render-mask = [{
|
||||
max-y = 90;
|
||||
}];
|
||||
};
|
||||
};
|
||||
"enden" = {
|
||||
extraHoconMarkersFile = "${bluemap-export}/the-end.hocon";
|
||||
settings = {
|
||||
world = vanillaSurvival;
|
||||
dimension = "minecraft:the_end";
|
||||
name = "Enden";
|
||||
sorting = 200;
|
||||
start-pos = {
|
||||
x = 0;
|
||||
z = 0;
|
||||
};
|
||||
sky-color = "#080010";
|
||||
void-color = "#080010";
|
||||
sky-light = 1;
|
||||
ambient-light = 0.6;
|
||||
remove-caves-below-y = -10000;
|
||||
cave-detection-ocean-floor = -5;
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
systemd.services."render-bluemap-maps" = {
|
||||
serviceConfig = {
|
||||
StateDirectory = [ "bluemap/world" ];
|
||||
ExecStartPre = let
|
||||
rsyncArgs = lib.cli.toCommandLineShellGNU { } {
|
||||
archive = true;
|
||||
compress = true;
|
||||
verbose = true;
|
||||
no-owner = true;
|
||||
no-group = true;
|
||||
rsh = "${pkgs.openssh}/bin/ssh -o UserKnownHostsFile=%d/ssh-known-hosts -i %d/sshkey";
|
||||
};
|
||||
in "${lib.getExe pkgs.rsync} ${rsyncArgs} root@innovation.pvv.ntnu.no:/ ${vanillaSurvival}";
|
||||
LoadCredential = [
|
||||
"sshkey:${config.sops.secrets."bluemap/ssh-key".path}"
|
||||
"ssh-known-hosts:${config.sops.secrets."bluemap/ssh-known-hosts".path}"
|
||||
];
|
||||
};
|
||||
};
|
||||
|
||||
services.nginx.virtualHosts."minecraft.pvv.ntnu.no" = {
|
||||
enableACME = true;
|
||||
forceSSL = true;
|
||||
@@ -115,6 +20,30 @@ in {
|
||||
quic_retry on;
|
||||
add_header Alt-Svc 'h3=":$server_port"; ma=86400';
|
||||
'';
|
||||
root = webExport;
|
||||
locations = {
|
||||
"~* ^/maps/[^/]*/tiles/".extraConfig = ''
|
||||
error_page 404 = @empty;
|
||||
'';
|
||||
"@empty".return = "204";
|
||||
};
|
||||
};
|
||||
|
||||
services.rsync-pull-targets = {
|
||||
enable = true;
|
||||
locations.${webExport} = {
|
||||
user = "root";
|
||||
rrsyncArgs.wo = true;
|
||||
authorizedKeysAttrs = [
|
||||
"restrict"
|
||||
"from=\"gluttony.pvv.ntnu.no,${values.hosts.gluttony.ipv6},${values.hosts.gluttony.ipv4}\""
|
||||
"no-agent-forwarding"
|
||||
"no-port-forwarding"
|
||||
"no-pty"
|
||||
"no-X11-forwarding"
|
||||
];
|
||||
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH5jrqMovXlWaFWZAV/aKyQReHvUQp5kb+7Ja4gnevSr root@gluttony bluemap";
|
||||
};
|
||||
};
|
||||
|
||||
networking.firewall.allowedUDPPorts = [ 443 ];
|
||||
|
||||
@@ -210,6 +210,8 @@ in {
|
||||
|
||||
# EXT:WikiEditor
|
||||
$wgWikiEditorRealtimePreview = true;
|
||||
|
||||
$wgSecretKey = file_get_contents("${config.sops.secrets."mediawiki/secret-key".path}");
|
||||
'';
|
||||
};
|
||||
|
||||
@@ -273,8 +275,6 @@ in {
|
||||
systemd.services.mediawiki-init = lib.mkIf cfg.enable {
|
||||
after = [ "sops-install-secrets.service" ];
|
||||
serviceConfig = {
|
||||
BindReadOnlyPaths = [ "/run/credentials/mediawiki-init.service/secret-key:/var/lib/mediawiki/secret.key" ];
|
||||
LoadCredential = [ "secret-key:${config.sops.secrets."mediawiki/secret-key".path}" ];
|
||||
UMask = lib.mkForce "0007";
|
||||
};
|
||||
};
|
||||
@@ -282,8 +282,6 @@ in {
|
||||
systemd.services.phpfpm-mediawiki = lib.mkIf cfg.enable {
|
||||
after = [ "sops-install-secrets.service" ];
|
||||
serviceConfig = {
|
||||
BindReadOnlyPaths = [ "/run/credentials/phpfpm-mediawiki.service/secret-key:/var/lib/mediawiki/secret.key" ];
|
||||
LoadCredential = [ "secret-key:${config.sops.secrets."mediawiki/secret-key".path}" ];
|
||||
UMask = lib.mkForce "0007";
|
||||
};
|
||||
};
|
||||
|
||||
@@ -6,40 +6,58 @@ let
|
||||
port = 3011;
|
||||
wsPort = 3012;
|
||||
in {
|
||||
sops.secrets."vaultwarden/environ" = {
|
||||
sops.secrets."vaultwarden/rsa_key.pem" = {
|
||||
owner = "vaultwarden";
|
||||
group = "vaultwarden";
|
||||
mode = "440";
|
||||
restartUnits = [ "vaultwarden.service" ];
|
||||
};
|
||||
sops.secrets."vaultwarden/rsa_key.pub.pem" = {
|
||||
owner = "vaultwarden";
|
||||
group = "vaultwarden";
|
||||
mode = "440";
|
||||
restartUnits = [ "vaultwarden.service" ];
|
||||
};
|
||||
sops.secrets."vaultwarden/env/DATABASE_PASSWORD" = { };
|
||||
sops.secrets."vaultwarden/env/SMTP_PASSWORD" = { };
|
||||
sops.templates."vaultwarden/environment_file" = {
|
||||
owner = "vaultwarden";
|
||||
group = "vaultwarden";
|
||||
mode = "440";
|
||||
restartUnits = [ "vaultwarden.service" ];
|
||||
content = ''
|
||||
DATABASE_URL=postgresql://vaultwarden:${config.sops.placeholder."vaultwarden/env/DATABASE_PASSWORD"}@postgres.pvv.ntnu.no/vaultwarden
|
||||
SMTP_PASSWORD=${config.sops.placeholder."vaultwarden/env/SMTP_PASSWORD"}
|
||||
'';
|
||||
};
|
||||
|
||||
services.vaultwarden = {
|
||||
enable = true;
|
||||
dbBackend = "postgresql";
|
||||
environmentFile = config.sops.secrets."vaultwarden/environ".path;
|
||||
environmentFile = config.sops.templates."vaultwarden/environment_file".path;
|
||||
config = {
|
||||
domain = "https://${domain}";
|
||||
DOMAIN = "https://${domain}";
|
||||
|
||||
rocketAddress = address;
|
||||
rocketPort = port;
|
||||
ROCKET_ADDRESS = address;
|
||||
ROCKET_PORT = port;
|
||||
|
||||
websocketEnabled = true;
|
||||
websocketAddress = address;
|
||||
websocketPort = wsPort;
|
||||
WEBSOCKET_ENABLED = true;
|
||||
WEBSOCKET_ADDRESS = address;
|
||||
WEBSOCKET_PORT = wsPort;
|
||||
|
||||
signupsAllowed = true;
|
||||
signupsVerify = true;
|
||||
signupsDomainsWhitelist = "pvv.ntnu.no";
|
||||
SIGNUPS_ALLOWED = true;
|
||||
SIGNUPS_VERIFY = true;
|
||||
SIGNUPS_DOMAINS_WHITELIST = "pvv.ntnu.no";
|
||||
|
||||
smtpFrom = "vaultwarden@pvv.ntnu.no";
|
||||
smtpFromName = "VaultWarden PVV";
|
||||
SMTP_FROM = "vaultwarden@pvv.ntnu.no";
|
||||
SMTP_FROM_NAME = "VaultWarden PVV";
|
||||
|
||||
smtpHost = "smtp.pvv.ntnu.no";
|
||||
smtpUsername = "vaultwarden";
|
||||
smtpSecurity = "force_tls";
|
||||
smtpAuthMechanism = "Login";
|
||||
SMTP_HOST = "smtp.pvv.ntnu.no";
|
||||
SMTP_USERNAME = "vaultwarden";
|
||||
SMTP_SECURITY = "force_tls";
|
||||
SMTP_AUTH_MECHANISM = "Login";
|
||||
|
||||
# Configured in environ:
|
||||
# databaseUrl = "postgresql://vaultwarden@/vaultwarden";
|
||||
# smtpPassword = hemli
|
||||
RSA_KEY_FILENAME = lib.removeSuffix ".pem" config.sops.secrets."vaultwarden/rsa_key.pem".path;
|
||||
};
|
||||
};
|
||||
|
||||
@@ -66,40 +84,6 @@ in {
|
||||
};
|
||||
};
|
||||
|
||||
systemd.services.vaultwarden = lib.mkIf cfg.enable {
|
||||
serviceConfig = {
|
||||
AmbientCapabilities = [ "" ];
|
||||
CapabilityBoundingSet = [ "" ];
|
||||
DeviceAllow = [ "" ];
|
||||
LockPersonality = true;
|
||||
NoNewPrivileges = true;
|
||||
# MemoryDenyWriteExecute = true;
|
||||
PrivateMounts = true;
|
||||
PrivateUsers = true;
|
||||
ProcSubset = "pid";
|
||||
ProtectClock = true;
|
||||
ProtectControlGroups = true;
|
||||
ProtectHostname = true;
|
||||
ProtectKernelLogs = true;
|
||||
ProtectKernelModules = true;
|
||||
ProtectKernelTunables = true;
|
||||
RestrictAddressFamilies = [
|
||||
"AF_INET"
|
||||
"AF_INET6"
|
||||
"AF_UNIX"
|
||||
];
|
||||
RemoveIPC = true;
|
||||
RestrictNamespaces = true;
|
||||
RestrictRealtime = true;
|
||||
RestrictSUIDSGID = true;
|
||||
SystemCallArchitectures = "native";
|
||||
SystemCallFilter = [
|
||||
"@system-service"
|
||||
"~@privileged"
|
||||
];
|
||||
};
|
||||
};
|
||||
|
||||
services.rsync-pull-targets = {
|
||||
enable = true;
|
||||
locations."/var/lib/vaultwarden" = {
|
||||
|
||||
@@ -9,6 +9,12 @@ in
|
||||
sops.secrets."roundcube/postgres_password" = {
|
||||
owner = "nginx";
|
||||
group = "nginx";
|
||||
restartUnits = [ "phpfpm-roundcube.service" ];
|
||||
};
|
||||
sops.secrets."roundcube/des_key" = {
|
||||
owner = "nginx";
|
||||
group = "nginx";
|
||||
restartUnits = [ "phpfpm-roundcube.service" ];
|
||||
};
|
||||
|
||||
services.roundcube = {
|
||||
@@ -39,6 +45,7 @@ in
|
||||
$config['mail_domain'] = "pvv.ntnu.no";
|
||||
$config['smtp_user'] = "%u";
|
||||
$config['support_url'] = "";
|
||||
$config['des_key'] = "${config.sops.secrets."roundcube/des_key".path}";
|
||||
'';
|
||||
};
|
||||
|
||||
|
||||
@@ -7,6 +7,7 @@
|
||||
{
|
||||
imports = [
|
||||
./hardware-configuration.nix
|
||||
./services/bluemap.nix
|
||||
(fp /base)
|
||||
];
|
||||
|
||||
|
||||
113
hosts/gluttony/services/bluemap.nix
Normal file
113
hosts/gluttony/services/bluemap.nix
Normal file
@@ -0,0 +1,113 @@
|
||||
{ config, lib, pkgs, inputs, ... }:
|
||||
let
|
||||
vanillaSurvival = "/var/lib/bluemap/vanilla_survival_world";
|
||||
in {
|
||||
# NOTE: our version of the module gets added in flake.nix
|
||||
disabledModules = [ "services/web-apps/bluemap.nix" ];
|
||||
|
||||
sops.secrets."bluemap/ssh-key" = { };
|
||||
sops.secrets."bluemap/ssh-known-hosts" = { };
|
||||
|
||||
services.bluemap = {
|
||||
enable = true;
|
||||
|
||||
eula = true;
|
||||
onCalendar = "*-*-* 05:45:00"; # a little over an hour after auto-upgrade
|
||||
|
||||
enableNginx = false;
|
||||
|
||||
host = "minecraft.pvv.ntnu.no";
|
||||
|
||||
maps = let
|
||||
inherit (inputs.minecraft-kartverket.packages.${pkgs.stdenv.hostPlatform.system}) bluemap-export;
|
||||
in {
|
||||
"verden" = {
|
||||
extraHoconMarkersFile = "${bluemap-export}/overworld.hocon";
|
||||
settings = {
|
||||
world = vanillaSurvival;
|
||||
dimension = "minecraft:overworld";
|
||||
name = "Verden";
|
||||
sorting = 0;
|
||||
start-pos = {
|
||||
x = 0;
|
||||
z = 0;
|
||||
};
|
||||
ambient-light = 0.1;
|
||||
cave-detection-ocean-floor = -5;
|
||||
};
|
||||
};
|
||||
"underverden" = {
|
||||
extraHoconMarkersFile = "${bluemap-export}/nether.hocon";
|
||||
settings = {
|
||||
world = vanillaSurvival;
|
||||
dimension = "minecraft:the_nether";
|
||||
name = "Underverden";
|
||||
sorting = 100;
|
||||
start-pos = {
|
||||
x = 0;
|
||||
z = 0;
|
||||
};
|
||||
sky-color = "#290000";
|
||||
void-color = "#150000";
|
||||
sky-light = 1;
|
||||
ambient-light = 0.6;
|
||||
remove-caves-below-y = -10000;
|
||||
cave-detection-ocean-floor = -5;
|
||||
cave-detection-uses-block-light = true;
|
||||
render-mask = [{
|
||||
max-y = 90;
|
||||
}];
|
||||
};
|
||||
};
|
||||
"enden" = {
|
||||
extraHoconMarkersFile = "${bluemap-export}/the-end.hocon";
|
||||
settings = {
|
||||
world = vanillaSurvival;
|
||||
dimension = "minecraft:the_end";
|
||||
name = "Enden";
|
||||
sorting = 200;
|
||||
start-pos = {
|
||||
x = 0;
|
||||
z = 0;
|
||||
};
|
||||
sky-color = "#080010";
|
||||
void-color = "#080010";
|
||||
sky-light = 1;
|
||||
ambient-light = 0.6;
|
||||
remove-caves-below-y = -10000;
|
||||
cave-detection-ocean-floor = -5;
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
systemd.services."render-bluemap-maps" = {
|
||||
serviceConfig = {
|
||||
StateDirectory = [ "bluemap/world" ];
|
||||
ExecStartPre = let
|
||||
rsyncArgs = lib.cli.toCommandLineShellGNU { } {
|
||||
archive = true;
|
||||
compress = true;
|
||||
verbose = true;
|
||||
no-owner = true;
|
||||
no-group = true;
|
||||
rsh = "${pkgs.openssh}/bin/ssh -o UserKnownHostsFile=%d/ssh-known-hosts -i %d/sshkey";
|
||||
};
|
||||
in "${lib.getExe pkgs.rsync} ${rsyncArgs} root@innovation.pvv.ntnu.no:/ ${vanillaSurvival}";
|
||||
ExecStartPost = let
|
||||
rsyncArgs = lib.cli.toCommandLineShellGNU { } {
|
||||
archive = true;
|
||||
compress = true;
|
||||
verbose = true;
|
||||
no-owner = true;
|
||||
no-group = true;
|
||||
rsh = "${pkgs.openssh}/bin/ssh -o UserKnownHostsFile=%d/ssh-known-hosts -i %d/sshkey";
|
||||
};
|
||||
in "${lib.getExe pkgs.rsync} ${rsyncArgs} --groupmap=root:nginx ${config.services.bluemap.webRoot}/ root@bekkalokk.pvv.ntnu.no:/";
|
||||
LoadCredential = [
|
||||
"sshkey:${config.sops.secrets."bluemap/ssh-key".path}"
|
||||
"ssh-known-hosts:${config.sops.secrets."bluemap/ssh-known-hosts".path}"
|
||||
];
|
||||
};
|
||||
};
|
||||
}
|
||||
@@ -19,7 +19,7 @@ in {
|
||||
locations."/".proxyPass = "http://${cfg.settings.HOST}:${cfg.settings.PORT}";
|
||||
};
|
||||
|
||||
fileSystems."/var/lib/uptime-kuma" = {
|
||||
fileSystems."/var/lib/private/uptime-kuma" = {
|
||||
device = stateDir;
|
||||
fsType = "bind";
|
||||
options = [ "bind" ];
|
||||
|
||||
@@ -228,14 +228,9 @@ in {
|
||||
};
|
||||
in lib.mkForce "${lib.getExe cfg.package} dump ${args}";
|
||||
|
||||
# Only keep n backup files at a time
|
||||
postStop = let
|
||||
cu = prog: "'${lib.getExe' pkgs.coreutils prog}'";
|
||||
backupCount = 3;
|
||||
in ''
|
||||
for file in $(${cu "ls"} -t1 '${cfg.dump.backupDir}' | ${cu "sort"} --reverse | ${cu "tail"} -n+${toString (backupCount + 1)}); do
|
||||
${cu "rm"} "$file"
|
||||
done
|
||||
'';
|
||||
# Only keep a single backup file at a time.
|
||||
postStop = ''
|
||||
${lib.getExe' pkgs.coreutils "mv"} '${cfg.dump.backupDir}'/gitea-dump-*.tar.gz gitea-dump.tar.gz
|
||||
'';
|
||||
};
|
||||
}
|
||||
|
||||
@@ -376,7 +376,7 @@ in {
|
||||
serviceConfig = {
|
||||
Type = "oneshot";
|
||||
CPUSchedulingPolicy = "batch";
|
||||
Group = "nginx";
|
||||
Group = lib.mkIf cfg.enableNginx "nginx";
|
||||
UMask = "026";
|
||||
ExecStart = [
|
||||
# If web folder doesnt exist generate it
|
||||
|
||||
@@ -12,7 +12,7 @@ let
|
||||
name
|
||||
, commit
|
||||
, hash
|
||||
, tracking-branch ? "REL1_45"
|
||||
, tracking-branch ? "REL1_44"
|
||||
, kebab-name ? kebab-case-name name
|
||||
, fetchgit ? pkgs.fetchgit
|
||||
}:
|
||||
@@ -33,63 +33,63 @@ in
|
||||
lib.mergeAttrsList [
|
||||
(mw-ext {
|
||||
name = "CodeEditor";
|
||||
commit = "af7e82f24ba4b68393712fece6f1b5fa4bb049ec";
|
||||
hash = "sha256-XT8E4O6MEZYHSs6Q+A/dfYaUvJ4kY13Kd/cq30dA5NA=";
|
||||
commit = "2db9c9cef35d88a0696b926e8e4ea2d479d0d73a";
|
||||
hash = "sha256-f0tWJl/4hml+RCp7OoIpQ4WSGKE3/z8DTYOAOHbLA9A=";
|
||||
})
|
||||
(mw-ext {
|
||||
name = "CodeMirror";
|
||||
commit = "f06dfd40a08562a841ddf11b4ae3444ef06c98c7";
|
||||
hash = "sha256-5zXkBjOwFdoQezkPRJ2AcBZLZEEpGG6FawO2K3KzllI=";
|
||||
commit = "b16e614c3c4ba68c346b8dd7393ab005ab127441";
|
||||
hash = "sha256-J/TJPo5Oxgpy6UQINivLKl8jzJp4k/mKv6br3kcCSMQ=";
|
||||
})
|
||||
(mw-ext {
|
||||
name = "DeleteBatch";
|
||||
commit = "9bc75a753efefedfc88c598fb01f18a7e4b61f00";
|
||||
hash = "sha256-1xA758fsvoioN9xuq0hRqZKtPXMQViVLtuRINDtowdk=";
|
||||
commit = "1b947c0f80249cf052b58138f830b379edf080bc";
|
||||
hash = "sha256-629RCz+38m2pfyJe/CrYutRoDyN1HzD0KzDdC2wwqlI=";
|
||||
})
|
||||
(mw-ext {
|
||||
name = "PluggableAuth";
|
||||
commit = "64133683b73d8eeea8069fe7ed9cb7237fd5c212";
|
||||
hash = "sha256-wqpfgVLenZp6XC510nrsrbvK1IMEPcWVYq5YuAOt5+c=";
|
||||
commit = "56893b8ee9ecd03eaee256e08c38bc82657ee0a1";
|
||||
hash = "sha256-gvoJey7YLMk+toutQTdWxpaedNDr59E+3xXWmXWCGl0=";
|
||||
})
|
||||
(mw-ext {
|
||||
name = "Popups";
|
||||
commit = "f74a8639f57232898978d9f3792293eb2d370e40";
|
||||
hash = "sha256-uunUtN3M/ksW/kcbeIzDVTdb1P/PHTeTwaTsvspMLko=";
|
||||
commit = "6732d8d195bd8312779d8514e92bad372ef63096";
|
||||
hash = "sha256-XZzhA9UjAOUMcoGYYwiqRg2uInZ927JOZ9/IrZtarJU=";
|
||||
})
|
||||
(mw-ext {
|
||||
name = "Scribunto";
|
||||
commit = "cbab0c740e03c8e6184fd647d95e24e0826d20cb";
|
||||
hash = "sha256-vXS3+wrUBVtPsETa19pMvud9sALGt4Ao9mM5rQRbBQc=";
|
||||
commit = "fc9658623bd37fad352e326ce81b2a08ef55f04d";
|
||||
hash = "sha256-P9WQk8O9qP+vXsBS9A5eXX+bRhnfqHetbkXwU3+c1Vk=";
|
||||
})
|
||||
(mw-ext {
|
||||
name = "SimpleSAMLphp";
|
||||
kebab-name = "simple-saml-php";
|
||||
commit = "fc5ad4501434fe85198f0b1f0087d798efa91f9f";
|
||||
hash = "sha256-se0krTglo1fShJXj38bPLhw65tZC5P54Ywt7oeZrLes=";
|
||||
commit = "4c615a9203860bb908f2476a5467573e3287d224";
|
||||
hash = "sha256-zNKvzInhdW3B101Hcghk/8m0Y+Qk/7XN7n0i/x/5hSE=";
|
||||
})
|
||||
(mw-ext {
|
||||
name = "TemplateData";
|
||||
commit = "d37b02f6ed194138ac7193a0782bbf6efb9164f8";
|
||||
hash = "sha256-NpzVBzX7qfXkIE+jh33ndooS9GE8ZF3/Jynm22in7IQ=";
|
||||
commit = "6884b10e603dce82ee39632f839ee5ccd8a6fbe3";
|
||||
hash = "sha256-jcLe3r5fPIrQlp89N+PdIUSC7bkdd7pTmiYppSpdKVQ=";
|
||||
})
|
||||
(mw-ext {
|
||||
name = "TemplateStyles";
|
||||
commit = "f85614c26a0057a9f418342f89214a04c9de9988";
|
||||
hash = "sha256-XZOtM3iadjE5vavsjkx7kfJNhLZlnnFt1CN+mv6XVHQ=";
|
||||
commit = "f0401a6b82528c8fd5a0375f1e55e72d1211f2ab";
|
||||
hash = "sha256-tEcCNBz/i9OaE3mNrqw0J2K336BAf6it30TLhQkbtKs=";
|
||||
})
|
||||
(mw-ext {
|
||||
name = "UserMerge";
|
||||
commit = "2f2432c909a36691ca0002daf6fb304d6c182beb";
|
||||
hash = "sha256-ZP8Tp6u+uJxx3I39YGMmkP0sTnjAQUSaxImAJaRv+Ek=";
|
||||
commit = "6c138ffc65991766fd58ff4739fcb7febf097146";
|
||||
hash = "sha256-366Nb0ilmXixWgk5NgCuoxj82Mf0iRu1bC/L/eofAxU=";
|
||||
})
|
||||
(mw-ext {
|
||||
name = "VisualEditor";
|
||||
commit = "1508d49d0dd71fdc1d18badd23671441b3bc327b";
|
||||
hash = "sha256-VNiCVNrCAImAr1tS9T28KPPzzNsKPz5ELFRIBtng+So=";
|
||||
commit = "9cfcca3195bf88225844f136da90ab7a1f6dd0b9";
|
||||
hash = "sha256-jHw3RnUB3bQa1OvmzhEBqadZlFPWH62iGl5BLXi3nZ4=";
|
||||
})
|
||||
(mw-ext {
|
||||
name = "WikiEditor";
|
||||
commit = "aba5e7c6701877a6b43583709751658fec606d47";
|
||||
hash = "sha256-XmbQy0NXuY3oVGkkgC233kkzfBfx32HDylloGYXU/Nc=";
|
||||
commit = "fe5329ba7a8c71ac8236cd0e940a64de2645b780";
|
||||
hash = "sha256-no6kH7esqKiZv34btidzy2zLd75SBVb8EaYVhfRPQSI=";
|
||||
})
|
||||
]
|
||||
|
||||
@@ -18,6 +18,7 @@ mediawiki:
|
||||
admin_password: ENC[AES256_GCM,data:4eUXvcO7NLOWke9XShfKzj+x3FvqPONa,iv:3iZ+BTBTZ7yMJ0HT14cEMebKZattWUcYEevRsl/6WOk=,tag:CU0iDhPP2ndztdX5U5A4cw==,type:str]
|
||||
roundcube:
|
||||
postgres_password: ENC[AES256_GCM,data:fGHmq6r/ZCeIseHL8/gmm5DfWQYorI3OJq1TW0EHvh7rHL62M4TE+Lrlrmq8AIlmGLSWtO8AQzOP3toxidL6xWX3pcwLxtTefa1gom2oQf6ZL4TbAZLidHksdiro6pWtpMOO66bb8O9eXvZmns4=,iv:Irnb2/bgx8WilDyRLleWfo6HHafZ+vlDEwxIcgm1f18=,tag:eTNBUELmLwO7DsQN9CLX7Q==,type:str]
|
||||
des_key: ENC[AES256_GCM,data:U5AHdFgDtidjN7XqPSJkT/anS/q29/9p,iv:okLPMdnNW3dawiqirLA6VmnhXsbPyP4QnqbRo0wfd58=,tag:ZVmCzJK9uhw6CvxK1On1Sg==,type:str]
|
||||
idp:
|
||||
cookie_salt: ENC[AES256_GCM,data:cyV6HDCPHKQIa8T1+rFBFh6EuHtG5B508lg6uFYENK7qVpYuiTUIokdVQhY8SRLs2mECx/ampgnUHxCRB/Cc/A==,iv:QRrRUhzRQrLkmg38rrYtCEfF8U4/7ZHZUDSEq++BlbI=,tag:fLqFSLd+CKqJvmCh1fx8vg==,type:str]
|
||||
admin_password: ENC[AES256_GCM,data:Vf33Oenk6x6BIij1uW8RQDjTPcKhUVYA,iv:RNeyCNpTAYdBPrZwE3Y6CCjoAML/3XUvjfJCrr06IEU=,tag:zVOrx1oXnEyr/VwFCFaCDQ==,type:str]
|
||||
@@ -31,10 +32,11 @@ nettsiden:
|
||||
cookie_salt: ENC[AES256_GCM,data:VmODSLOP1YDBrpHdk/49qx9BS+aveEYDQ1D24d4zCi06kZsCENCr+vdPAnTeM1pw98RTr3yZAEQTh4s90b6v8Q==,iv:vRClu6neyYPFdtD63kjnvK2iNOIHMbh+9qEGph7CI60=,tag:66fgppVxY0egs4+9XfDBPA==,type:str]
|
||||
admin_password: ENC[AES256_GCM,data:SADr/zN3F0tW339kSK1nD9Pb38rw7hz8,iv:s5jgl1djXd5JKwx1WG/w2Q4STMMpjJP91qxOwAoNcL0=,tag:N8bKnO9N0ei06HDkSGt6XQ==,type:str]
|
||||
vaultwarden:
|
||||
environ: ENC[AES256_GCM,data:CST5I8x8qAkrTy/wbMLL6aFSPDPIU7aWsD1L1MnIATRmk7fcUhfTSFds7quJmIpb2znsIT/WxNI/V/7UW+9ZdPKI64hfPR8MtvrJcbOhU5Fe2IiytFymFbhcOgWAXjbGzs7knQmpfMxSl98sU71oLkRuFdkousdnh4VQFZhUCYM=,iv:Is6xQ7DGdcAQgrrXCS9NbJk67O2uR82rbKOXBTzZHWw=,tag:XVEjCEM5t8qJl6jL89zrkw==,type:str]
|
||||
bluemap:
|
||||
ssh-key: ENC[AES256_GCM,data:nPwsT4RYbMbGp2MChLUh6NXW4ckYr7SQcd6Gy2G8CEU+ugew5pt4d6GOK1fyekspDtet3EkPL2F1AsoPFBB2Rv0boARMslAhBqwWSsbBJTXeTEgAABSMxTPJRBtfJucvv426nyIj3uApoknz6mDCQh1OI6mER0fis7MPaM1506HlDlnIT0FV9EairEsaAmbd0yddByGJSccKIza2vW0qWqrz83P+xrakEONxFz0fJlkO5PRXCcQJVBCqWQfnaHNrWeBWv0QA7vAHlT0yjqJCpDRxN2KYrPWsz7sUbB4UZOtykCRM5kKFq73GUaOKqVECJQhcJi6tERhpJELwjjS8MSqvBD90UTKTshGugfuygTaOyUx4wou3atxMR2Rah9+uZ6mBrLAOLX3JKiAtyhFewPMWjd/UhbMPuzNageVBNz2EMpa4POSVwz5MyViKNSgr9cPcNGqmrnjvr/W/lnj6Ec+W80RiXQlADSE4Q6diLLwB9nlHvKs8NTDgv6sUafcPHpJ2+N4Jkb96dE14bMffQ385SI4vLDcQ8xCQ,iv:WdJIHRzjlm8bEldolCx1Q7pZJvjxGkNZALSOy3IjizU=,tag:5ZAikiqttq/76+thG+4LMw==,type:str]
|
||||
ssh-known-hosts: ENC[AES256_GCM,data:J6V+NJ9TvYUL2gmcqWWYt8X+n0M7i0RpDpBelWAbFMH64+e9ztHNnC491sm+RogDxqKk0kwQyX2Mz00iq3Gc3wDYyozGOdv3tBKrp7/LcfjUQ9T9hi0yTD3eNV0LAjlAWMTdlW65VGHqGst8ncKbUuVxbBASVlh3A321toZgD+xxUAtNz7qKFa6fDbOS0xLD1+CmTwVp+aPos//QIKzjuk1HqxfBNK82maKtD4JHPS+Y3be2wIEjGWq3H6JYN/RDojD88D/jzo9RwvEjpqLXoOVfy8uX/fbEsgkgfAmPiaG+ePCnchSExEe3a6Y0E+I6YIzvP+tGThJpu4HaT/yW2Rww/jvsxKrXSUhtBZI/SIX5ZAIFB3sFjJXQefJjfNpQTQWhbspLfdemafGaRiDnzVgKDhNL1HNMNsXKDfWa0SLs4//dqerom/QCCNsaqV+4HVzv5x44srChGERadQI/Wh4UG2R19xxbdyIsKPHzv7BhEKufJkjc5upBjWygQrGAkTRHugFpw2Tdkz9yUQSujMkaeRKhVkA+ZUAjwnY5TwqNZBj7U3K2JXoNVHAq194XmrA2dNghh0OmRrvKGwM3HKexX22SXT0bPlpdWRQpMbUgV+uHLMerlDpNMFTIueEBkaF/FWeSW2N5WUrUb1uJ91QcJ8JBgN1riuD1Oxv9RRPrY9VVNJMrYjpAAREN8i8brMTOCJ35s7jnqIei0dNmnNXOoQZPs9kUMeEtUc/Df1E8/aO2Y4yU9gHUuevXnAJWFAiu2IxssgPk6CcNxvapJEmlwkLK/JyuDsWwFxVOHfw5QIEsoDVWXt6eMhquqUgzJI1q7QrTWUQsBb5A5sQKYWQHempOaXuQn1bzA7mU3Gzsr8bNNc6tpy+6j3zTXYR067EX00yqPG+kqRn4QVIuhByxXP3cwXLUG9uD1lsqWrGzs6WCnHr7txhRBXf4WbBVmXModO3uf36cDYEwrUa6yBsARtSl8PJ0UadfY/xULcT5PFvu9+Hi2qj3vp4IU3JCJa9AvXB+11pbSdawprjuDhwQtPwkJ4CQyvZsom3/BOrmwYM5+EyMDIluEQ0z6eDE5buiIVbX6IvXnDCKbrnqVwavX2wqyiDduFLjRfWL/3U2O1yRim78smrDMJABJZvtW+a+GfmlnTd/gnFvS70Fmm/lgtY051ISL/iFx6toJRoBMMiI/Zvy13uQry+w/HbyFl42DIank8tf7kuN3E9M7ADGMubRJJ0AZOcQddrFnR4Gl2nU2+3RS5fLHaBf9QHK6W92/n//xmPkYqrkPacew4eBjUqM32jVGuBpDc964fK9kdtIdw8q5P1s/ph3I79Y24kGeuO1AVJuZvkaTv1Z7GgI9+K9TstKJ9XpRCidLpLSP+uHOWkqcNsQlt6ilTlfHj+MKoD85dKZ315QMmpiuYEvzCSP1aYTb9dpd61Su/IVuM3r2NuINNEZ166YlHQVsLNpDn8E5ahk3ZInOAg6/kaKTmjUI8KEvX4BR3PbbViAlJJb3suJ0oZBGPUlrW5uLRmADvf2mMDVO5zY7/m9DQwxjt4Miu0l8ZaUc0YJQ850lBKucQ==,iv:GI8w7h7xX8gMHuAoWUyrW+BQb85LNlASoYvGBPlCZaI=,tag:WnHNMevfFSMc0ikBZwWn/g==,type:str]
|
||||
env:
|
||||
DATABASE_PASSWORD: ENC[AES256_GCM,data:uSaQuyx4yn1QfUABWpEjf8x97Imh6A==,iv:pukLl3k8X+ITRZ4bZfOPjsWKCHjVCo8Zd6qEHRERAYc=,tag:4y03dQbEhS+mTXUhzt54bA==,type:str]
|
||||
SMTP_PASSWORD: ENC[AES256_GCM,data:Nr+4wZSvq6KjfzB169v4ojvWHa25Aw==,iv:HM4VYLUCI0HaBT8cDzusYA+49LpuJeg7v/Pz4nfulmM=,tag:T4TkDt+NdWnqbCDaRUERJw==,type:str]
|
||||
rsa_key.pem: ENC[AES256_GCM,data:bYZzFj2ImB0jfiIP9N9V+nk1ROjql4PEuDcJIhVV96BeE++Kq+DGORrnfCyJaubNlqT7+nlMGN/D6bfzwKWivuXDd7T5s6wXplk480anOrFU4cJ9NYXHJjoT8Cn+jKSb7JEWO42cVwraB+qGWFZevOrRtdBM328ffOH4IDqVYgIonnM+pHe7oGglg2Xc97x3GQ46ODWKFZsAqU3ZZv+4SGJXJJorPv+cOIoVvXpqec7TuD2MnfdXvLQEl6o/zsGuV/yQkbJus/BqKUUR+RZ9i/0xuzCd/hJS9yFbHHBj82fDh6+D4TG+1PM+dVRSolkkxhcBvvBJtUPqRewTe5cNO9wZP1ocf9GNmXMbvopaNdAxh6uPJNH1Z6aZ+kLShF5ddE4FuKSvucEPgUdscZw01LeJIehZ7uzHCC99jmojU8rlsWFPvJqUfp0xAZDFDJgCIGt6AbKwBCCeFGuvqYT6w5GQ8uT8OQVBmRxUCZuplcDTUMsBXDxa/Q/5Q/O2zIev7jw7Rm0cJ23ovllu40VvLD+Xu/uQVYzivOOHkvUhQkjVkfbk073ZjrhlIMO3BOuA7PDKUsMBz3UVndtrYU+OOtCI0CoCVVP/K/CamNBGGHdvBoQ13bVn04OgdgJYgz04gP6MqFkr8AWoPFHVZe8+Z/tlW5DtV6SRoUfGFlnROWhiBVZpNuUj/ef1gUY1OoFuqY4GRc3nkC/Fwxi81+lSbAQ2ZdtqroJxquoVJhoUWuSonNDBtOYU0yczvF70R84AFzWKh1eJ7hr2iwcMJPSkhTzTm7LTrr0mQqU8qMxUz4pa0yxOZW0UkC2koz6jKdYlwXHMjjyiUZqfc2y9DrRF6Sa/NUPTrzIvikYk9yr3thnh4VtcsYdqvwlsnkbM/HtGvcmmtZjT4npLyD5t/7tUOs453Ntoo1BOto7+X+0IrFs9yHheBOqfj8dA1M2am0cjrS9LyaSnqBREgBFWVJdpSB0aDdh0M8vmpCBcdrzGPLCUXhNWihiZFEVh1ZrwzXWndRtqmhFLFfXmnEAhtEQL6l/GuA5WEYPHIThq+33BDhXAUB5oBcQQSI8TGPWw0IkOci8Q+SlUd81h2JtAmek/L+1kGZwmyolg1iA9c0LVxapM9cpSNVnmON/O2q3tFisQS82/ysKnNggeyD/ByY0dGMUZILAeONBqm41UcVGoAP5N5KE6Cb7FlppBRitn4QejVvLExPtK8NwQl503Yjq+yBTjSjhuZbB2mQaFgJeKhXrm34I3ZMKKm58j+NAGVJTi7RPzSfTW3kvPvtfm8GvM+vuOOxvNzdid8jR241pQl35d6hOYS3wvbkDVmkvbcjTJBPslvq6pGmAVPyHLHshgyTvvTweX1yodoV+4Z3dtrBb9wZKADT6VfTmEo4RXNjIoZFQrTJTdBeVQbgxejySKHAy2G0/8ZipvToj7zRULSOHh6yS4no8b7U7ZY9tEdxs8uxhDob0nkGy7VQUGG8YNXuwGsjLjVsTiawXiWnqdxeFLuTkKEvtMEEmDUfIRErY2juZbra4AKKWdjegc4ayW1ZyUq5i12eRdnpNbdXBQBtBjagvo3A29bse1TMV3Hww+B7oZ0wsHFD72byD159DdEqnLYlxzRjXns3E2qX8f5xvIUFkBIFNDqkKVaq9wqCrmS0vpbHvuiEJDwyr+nu32nWYT9M+RO41Ri/W63juukd/wf75QKVNNjV5WVrJaN2lgr1+3ux0LE5qs01nZZKqv0jzk4P2SnrPJLMq9NbEgXgKjmwqABnQm8KkeHpPQ8ns4JAY7L5pV6faf1rKWQnE71t9qpKSNMlOgtcv2Jd+5HZuUYbYw5SdDYmwsd+OT0cVu0jURz22k/OmT9GY09SnYpvgHrXLNjvEtY0Tr2vpX1SL5qTx6MWDs/nr47+t/DUEMC/JmUrIOE3OSZXpS9AO4BsBmTV0DF5SlvYBDnHAqkHuJbzRdQ1FjGg/wZLFDmIUy3F7m7bGB+5NX+1ZO1BmG2f0ICpHiR1SGnaK81mY3gmfUD8al7gmmKmAltfvw2kP+Z+Hv2d+XGqVk2csRlfq9e5wu0jFKgcGIs4NuA71V0oKfwL7a3gN0Drd270frH1lYzET0NRSQkqw4oeTt0y4my5TvYGmLEHE05IORdrmHUkHefUtomTEB6YQYY+wLyxVBo6z6MFLN7eCe1HtxjUBp8LFxTT+2l7IusDgIs+6I05Krrrz5GHgNHdMBhw==,iv:CtmysYvEFew/839Gj+vZEDoqu6TvrZ9bUIg9GwejIX0=,tag:CnTEOKLYDsVGRVrQDwfFKQ==,type:str]
|
||||
rsa_key.pub.pem: ENC[AES256_GCM,data:B/2SQrEQ4zRie6A89jneHl5tXfHraYzVEBshY+IrRoufI9YpQw16VjGgrNVCpaG5+PSsCNjz8lXM33oQwg7HU1IWHmvrZdEgkguYv722Ngdb4D8IKHL1nsL9/gkVQFFFvty9ru3LDTfrFKF3cLX+6eIQMFk5W+qLuVO5Pbxh3LKWmN7zG8XHa/b+tvMQclHrtY2iomIThyxKi8w03uE1Fs6V80hyuMA/3TdIz9nUwl5WpiGxaelwaJyts2b5KoBzJ0zZbdR4IHCTYYqBkdjo8929M/gfPS6ZqZS2FPDReoWiujJSAyyoC9xZxglUk/g7vU/8CVwcrtVzn5DEbUot/om98p/1Hq/1Hk4zli49Ysy8nbPhlshZeH5RNSQIDkY6wT7TYD5m3QXjXV+siH7ClKAfri2zp4S4k9uEXvL27NTPqvoXKIUpSEl1b0A/ApQt761PODEMtEXx2PmlRKhg9T9cvLRNYbJavg3FMNivZ+2oQNZXeJZWUEjtqsEoPBAbEHklMtKJiQiThtIPHL3eEdTAhOVhjxBGYU2Kase2hU7g2YvgC3+8u48OarXZbZYgcJkoCHrm+hocYm5DZJ64rxURZQ==,iv:6x0vx8tiGOsQxHsp+qO+nvdUmqNKWINdFO1wXOnORVo=,tag:zuPNh7IfEG/c4lsFVNRYog==,type:str]
|
||||
sops:
|
||||
age:
|
||||
- recipient: age12nj59tguy9wg882updc2vjdusx5srnxmjyfaqve4zx6jnnsaw3qsyjq6zd
|
||||
@@ -100,8 +102,8 @@ sops:
|
||||
SU5zanlva1p2QjVndVJwUnlkdkFuTDAKbQRrSfG9MGsGvF2ywoGhDSuriDsbQ+k2
|
||||
29mxere0efSSGGq8y9YrPC8UX5hZRfqg/dfbL+PFc4NHfbxB/oSzQw==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2026-01-26T08:40:13Z"
|
||||
mac: ENC[AES256_GCM,data:ppgpARft/YDKP24QF4bLYVhxN4nRrCsf4wBug3UD4MXgQwdFyWPAHn086uONeMbVOvH8IdwlaNBc8h36I7M66cqwK1VsRc/vf9Ud2VnD/WkWijMSrJ80frIvuvREp7aMNlYbD20bjrp4sYohjcJ8KPqyPUFPj71dA+9LZvXJthQ=,iv:lr3R14lRx7RzclknKbOa/bHa6axGbMPqj1FRTjx34xE=,tag:pBHzSArxYs4bqq355T4yog==,type:str]
|
||||
lastmodified: "2026-05-24T07:03:34Z"
|
||||
mac: ENC[AES256_GCM,data:J9RFBasxTwjIMIV5ou7eEytKY4YBCmGq7DEw/thDIxd5nfPmM/T8OIyFYE9130OsMJu5LabmskaypxTQ2d7sW5ovqMfs3BVCI8FNjUiCmWfmwnFZ29hlDWMD3BYShgOVxI6XTlPiY/2AakQ4T5OwvQfO0sqIGReP+zhT1FIzZFk=,iv:J6v6qhRYFKq76OctU4zOCFqiaYcHbclQcfWMlj6Tig0=,tag:TYc0JcXheOlAidBZC3D6Sg==,type:str]
|
||||
pgp:
|
||||
- created_at: "2026-01-16T06:34:44Z"
|
||||
enc: |-
|
||||
@@ -124,4 +126,4 @@ sops:
|
||||
-----END PGP MESSAGE-----
|
||||
fp: F7D37890228A907440E1FD4846B9228E814A2AAC
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.11.0
|
||||
version: 3.13.0
|
||||
|
||||
93
secrets/gluttony/gluttony.yaml
Normal file
93
secrets/gluttony/gluttony.yaml
Normal file
@@ -0,0 +1,93 @@
|
||||
bluemap:
|
||||
ssh-key: ENC[AES256_GCM,data:UzXcgraLe6A+BjVx6Zzj4aX2M5J3mt5Rpc8iuNOYwWGz+SCzrfLNcCKGXtp5MkAu/CbxovptxqKYLb42fdjFT1TjOV4TipxUYN0e+PtKV16jfY4INJ+rqUykYXEcMTQc9Bwaor5yKxRV8+/V+T1qo9uHpr54n9o0mnU1cMZ/2yVBouSWIBuHXNxeG5STqe+0sqtFurMREUelLEHqMLIq4TtO3obf8l6vWQSUOvHBGINKjByIu38WtJ3eLKrZp+BQ6/t5vSgMUNlugrh8JQvgIyQanNCZbfT3/Q2oK4RsRJ6lLe6Z3wxsIQCvsYqgoX1/9xSZXt9JIuzJo+QP+bBEgk7JgKyW/UBdJlZnoPuRJc16fDbuJjZsWmSMNQ7wtbqNXY4gnwp9eoCUGaK6OScKBg9IzOj1tevlzg1jEcjU0em515m8mIySRWyBWlYyp4PLyyiBLgnwlCQDFHoNqL6hl3ZUO/zXxr55EFFtwsZtYMf5GttlUvaVPoxUXKOVMb33Y4CCmt1YpXzIY1NPaVQomIF8oritefL6PDm5,iv:y54tfAJqR9Qrv015wPl76jqRvfJfor+5BdsKMkYBMXY=,tag:QWNW2GsJDXl4Af64kPo42w==,type:str]
|
||||
ssh-known-hosts: ENC[AES256_GCM,data:0RhRWtrj3U8ZJk40MvFwvUnbRzdAbVB7Z0DUsXJME7Hw4Gbg+CYX3JOQLwD3DZMMEKXcjyP6tkJdR9U1R2BwDs1GVUFgmIuNNE/Qz/5HTCIKHWmE3ZwMMKJhqBrEecr2wWABHMZbLscLoimvjX8CIKxxbsBFIFlsucG9PuIRMGXHE9VRhJxR/wMFVn7a6Ez0iLt8j4G8ebQQi1JJjyCvEjLCkoDvJ7XH3MoZ3PsMR2RCOvNzVACAsDE9GLIat/10/e26xTZ/C1HAC9OUDcQUSQIp6cWxcD4E3w6n02Zhl6att3sJm3eboJMp+0GfsqhC8AlUpvc/VXTeZIvmrKTN29mPv+KAcjgnHroicznVdv9rnNP5Rp0I/3fXBD9yZSedZtucNpX8O6CvYX8NOdItJMz/ya4TFuXaTrFOfuqhL5UvJ/JleU3DdELr+QStgtIUpUvIrTn/XrakSrDRprtje9d8+kFVRYM3V4nCLwWkP26xabiBeRLRrnpuiBj8e2j7g55AaDivBdYo24h57oxglgy0WrJt08+MKRPlek5QQl/E2dBCYcyh7pGaarKVYVvi4yjMlA0wvX4GPgAZkm345lWHS/pXKyGsrlRRUi9Pcghw2uO9zw2iaKecphK/Sps/zsShOQyaPd7TM8qfeUHRGPMxxbMo+N5Zxdy4X7c5z5UdgYJWrc0TZS3im9KHL4iOGQw38LisSD2hWjrzEjfQk4ijShJEDxM20TCkVsCJeIm4xlj3cODMX0c2T+PeFrqKqTlp44w4EFes/QNhsCofP4FVhxXT25mWK2pygtzspPfYb/Z9pqbFFtDC7/WZJ4sZXThkG1yMvf9SJCDWWWt/TDp5I6U7Z0525nBAyRxtvXa8T7PjS9dhBBh7nFIa8ZofRgZ2Ci0TAAuC2fD8uOvRoQTmvVr6In/6EpBpHZG9CCKvMRu3BPBOPqPEywop3fgRglRaJhnvpJ4eOQQNNQ3pgSX5hmxUQoSMM/IkOuwp6VaxyTlji0JJFUdiHIe83u17ZZ2BxYMmdqO7lRRCnEARgro6bKOnhoscbvPzcy8486DUYwwptdjUO6HVzLknFSCLd0318Tpm7fXdlrdK846mkZZ1INZ7aIB1oSnDR/0BS31oXRijJFQ/E0j8/5Cmoxqj0TP+JkLpkOnYPUXN07+HKB9Zx75StXeorGUQFuu++OZcYfyjTrparMVJDJaMEgtQ52L1dlqmdhEhS3TNMzxYmd4pQQt89Woe+mck3t2nFDj6pqC++wDJov0xhdnf+DMW/7LFT/mVdgy3/Ni6Z2/8SZd8Qh3CVdaMh8Tv/vF28uAd9ptGiE2KT2Zbu89n9wzyihrBf3DwK9mj+5DLPkCVbV048C/3SOcwuDzSrFuYZvikfhxT86bmHeHbNDi50Y3WmNoEPUuIyrDjKdUr/xp9V/i32X/OMr2IzLSeX23/pTKjLnGHnvje2MYTi+aIWJZxfFYH2Kkn5RqOt8pNZLT5c69zswsz9wRkyVbQwgwqk7VIsxiB64M44Nq2XoRwUtb3jHfGqsiS8tQmWYOUI5DM5erisqd0EKeOSUgzXEi6XmdpikSdSHiiVl1OqR3LE7/k9l4as8x3zwP9JT1Elv0Rf96fnW87s6UPrK0XU3OQiQjm+Csga5ZvHXXtQk2d+JVJ5G0bqNiQ2Oc5Exqjs6xgE4ES2bIZy/6mHd+bd0MoryOx4cs6F6tXiGw3wPgmjy20saCadICzdG2kHXu9tFK3oJCq5bgJH9XEbxvgptVlOU4MFjbaAnHs8ARo+oHHmvIFkQz2JBnhM3uwKGTraX1oHa+J1yW7Fv6wzKXKP/UDZhMaGtdu9egTpZANOzHay/l1ggdtIW6rVyUjHgUIMxpLV9qswldb1Yos+bhNofULrqV+p7CpJu/UKtP7i5luTiH2AOTiqBVxPvH79OSaG9IWLrF+6K/zxSlpCGG77LmxwTWRcMW/h0HVOYnZCvYs8QB0wnK5lriO3RSj5BHWibQLmMndOKx3+hk8RatbIIwAyGm9fGGdDX2Cuij+Ys6rQtHeEgEdnWgY9OF59TDPg8TbeCD1DjNnXpveGapDmNVlQoXkRteHmGpmI3sxmGB9hFplNJuQFJffxdoGXN9+DDqscqYwnxpre8JtGvC8AK2k5dnooOCLEUafr+XdTQa1s3I7p3v6FKI+8QcpyARIrQPLNAzO43ftRjtQf8GTeV7mjLfZiI6malOnZWTgHNhiOtbQuWN/JGfVw9KxndwkkXgt0mYjKD4heOZ4NWNMfkmWxNSp3Gr3X9tCvXgIrJKXqURDAd+y7ad0buZyuPpSiX5EbgznFGTctmTzZ/mPBwk2gQTcaLiz4RxJsmfrgA3xRv91jHWgeRbuk6eeBW9C9AlUC52b9LuUOR8EUGdo2sh0K5As9rUnqxZ0nNYc6Fg5zJW+xJ9GkcVUdBvUCOikOnMvJYmGxMtQ8VlqRcUukdGhPwLnDBjDIzOBMQlwaEYPpHNqIz4S9S4kr92VhXe0KOh9TF3HDODURt/VSdoit+FTWSHdAINjfkE0nlqfpE7fpFJbR309gnLKF8Pt/hTgweApiv3UAC4Be98Vkazs/aiuOOyML8fZykjiJboIcRqwznkoYp1AXeufyQBTn3fqRh+xU89HVyQtqyXxofaJXj2OqK6tOzbcu1JvgNGN9xK/L386SjWzLrhpmKo9fkV+JXSUBY99CClTSueLZ2H2pBOOsYfX+lwAJ491avUDVvwnWMcFL3uNNOozMAqSvz/0lCbtduhk2mSxwFYIplTgpXCKxrg=,iv:8Jcg3GQCTzOfVc47rlD9QXcsC+3Jxjsmyi6YDjQisNQ=,tag:KjZmgsi6HlVp6BiwI9BuKA==,type:str]
|
||||
sops:
|
||||
age:
|
||||
- recipient: age12czfkvuw9pjk5qny5c6m2hjhd634cj9r4dsa3ss5zkux5h4vvc7s7k4urq
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBPeHFDb2xERDdQa3FDT1Ni
|
||||
OFBBb1MzUXNqMktTVUlDWHhRWithYkN3OEcwCkd3OWlaSks4bnFhRzJud3AwZ1Bo
|
||||
c0xNYXdDVzVxRjZna3FaMEJuR3hMbVUKLS0tIGNoZGpKUFBldDBDaGF5bG1SS3R2
|
||||
VzBDc296WmFkdHcvVWVILzNFUzJKY2cKIHUNTXL28jYIgo7tMsR64gpydX6bg+1f
|
||||
PntcQBsVXmjW/XOWg0XTa23BRkuL9a8wkWPKV+EvVaRAHLA+NdrCzw==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1ug30gg4y7ftuya0wdv7q0vh4egn00wlv2th7mt7cgc2ze46wmvyq9lq6ge
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBMNXJnNGxEaUtvazVyWVBn
|
||||
NkZLbk0zYytTcmFVek5hWElPUUZ2NDc5S0J3Cll6NkRZbHBkREVtYmxSQjRiTG1w
|
||||
THJRYXE2VzhhTUtqZUQ1Q2k5d1V0c00KLS0tIEpjb3gybTVSMlpnT0pHK3U5bkFP
|
||||
aW9YZVZpbXE1Ty9tZjZWRTJXcDN1UTAK7NC7zqWWfsjwsg4RC6+pHgIRSr2NYdJU
|
||||
JnSODgTDeRWNWTnlOsGLVBB4G4cs3sr+G1TTU6ECNeScVHjm5LEXpA==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1mrnldl334l2nszuta6ywvewng0fswv2dz9l5g4qcwe3nj4yxf92qjskdx6
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBhamk3VWVheTZOUXVwUnU3
|
||||
YnAzSzF0UDFNVTJycHJTdk1zNmtkWWVHeVJBCnZTQ0xEM1hSQ3dTcHhQYmt1UDdr
|
||||
TWEzeE5SZ1FUVlhsd0N0NUdzNXB1V1kKLS0tIFlzRE4wNUdYN3kremxNUHlMRzVx
|
||||
WWRKRGZza0hlU3JXQkdwY2psQkdqbGsK7XHA7aO7AN+fK65phQ2Wjuoz0/CylAKb
|
||||
aEo6e2DDlEKoHyel6VtncYU7IytU8vx4f2KdBQuDIsypQqOCyjpcYg==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1hmpdk4h69wxpwqk9tkud39f66hprhehxtzhgw97r6dvr7v0mx5jscsuhkn
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQcXhaNVJrUnlSVTQvVE9T
|
||||
RnpDa2JBZFQwVG5oaVpUWG9ZeGM0UkNZakF3CmhsK3ByK1JaamV2cWgweTZUVjNk
|
||||
QWdtREtiVnd4TllycDQybWxSb05IaFEKLS0tIDJXZzNKZzZJL3M4bTNiV1lHQ2lq
|
||||
MW9uSUo2dzR4VzhmK09yU2Y3Vkl6T0UKz9PygM7wNx+SDO4ea4RKwENSpnzGC8jP
|
||||
5N7p/MQZQjclpNyIUO3OKQECMQD8jPqN+OlBmctQqDR4vTSq4HmCvw==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1wrssr4z4g6vl3fd3qme5cewchmmhm0j2xe6wf2meu4r6ycn37anse98mfs
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBjRVVucnNNVEk1TkRvb1V0
|
||||
ZjlCMjcyVHdVVzRwVUxmQnFSSThZblcxc1JFCnVPS1NKRGxERzNPUmpOOUZWd0pa
|
||||
bFJGZVVObzhNdEx5ZWFlWkdaOUZrS3cKLS0tIGdqV2FaNVNJM2Z0TUV3VklodDM3
|
||||
SDQ5d2p4SnB4REdTbWRRZjYxVURqNkUK3wcPruP459YHsffOw8vWHNlOleUA0Iv5
|
||||
/370YCc4uA3wp8YyLvotGsjn65IWlaZ1R9wUEiQTNa3wvChBYmtLVg==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1zhxul786an743u0fascv4wtc5xduu7qfy803lfs539yzhgmlq5ds2lznt5
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBYTW04bUZrMFMxVTdkbDNk
|
||||
Z2dWTTgrUERRT243NkZtTmY1ZkFjQ0w5bVJBCnh6cmM0Z2hwcVRyL3R0YXdSbzRa
|
||||
cFc5MmowbVhTMTZTZzFsK3ZpNXdxN1EKLS0tIERxYzN4S0dsYi9mU1UvVzRNZGZw
|
||||
TXlrR3FKWlJLQ0NpWDdQVEo0aHFNZWsK1lUGm0uye00S07JYBPGvIZtdNFuknZv3
|
||||
bViaCBUH8GKV7w+sWtnBoQlaD1F8rpoVd+l4SIW0pouEYdze4u/v9Q==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1sqs7urnzsdy64efmd0zukzv3gs5pnjksuxd7nqmdwdy5l0nqnunq6hyune
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB0RVFKdjNDMURPVHY0eFc1
|
||||
c0JUbk93RlppNjg5ZTlIMEdmRWI5Q3prWlh3CjdTNXk0YUtFeWtuNkkxVGpndVBu
|
||||
WTIrdFh0QThQWkJTc1llSWN0OUtzWVEKLS0tIHF1NytpSUtnQ2xoSUlMR3NIdytV
|
||||
WWE5WUVPVXVwMW9QY0F4RUo4K1JJSzgKu8KUfNcYkVPTIIy+AsqmbNsRwhe2OVH+
|
||||
iTBo4DixGc4XFsflBYxTmu212DE8/Mr2spqZpa4brfbblF4JAmak6A==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2026-05-24T04:34:10Z"
|
||||
mac: ENC[AES256_GCM,data:FUX4TsCKt41KnV1Cgo2E6ucL558fVgH0pEEoITM/5g3Pj4cMKPHIalzqt3U12pBbxzNpuQm+HIwcwx8jktsmWnb9KaSxNLSfnhf7RlyxVOS+S17yTV6O89/lyTqub9Z2tybLeEeGSTbghPrCEgNb4d2NswPYXW/rZawpvgQlc84=,iv:I+NJ0t3n9x3gA/3s0PgRMX4AI/3X8M89UqN+QKAxfoM=,tag:6X+LT5FyfL7xZUSUiz3lpw==,type:str]
|
||||
pgp:
|
||||
- created_at: "2026-05-23T17:17:16Z"
|
||||
enc: |-
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
hQIMA0av/duuklWYAQ/+ISNrWiNzl986g1c2S8x65xCWuJ8ntbb9k0nm56/Ve1TI
|
||||
5bkkovKFUFCBUrcVEoRPA+uVDdnd/KWkwF6BX3me8jkhe9ogXNvNJh7FVWiPa70U
|
||||
nxt0wL2TGDdj0RD2gneqTEsN3GtuwNw3gUcdRBg03vG9rmmNa3eWvVmwk/XNZ7J+
|
||||
7LEyG21tLicB5ZPBYiGLznsQPbGvLg+FguCRngvjmz0IgvpNkNpylmlkkc6pmHka
|
||||
T5UAekNgBY0H6H22T1xmD5O4/ZVsmyETHc+6TJn4jIS2fENVtfApbwJuF5B+x+Xf
|
||||
fNIx8soxYOBLjN9CdPXWw+/nAuCQVnsOYxUVcHBoNvQ3KDm8c6R4Yv8B+gndpvUN
|
||||
eRo3XQTGNCX2mvEdRHDlvJjMHgmP3a8qBsFVdKnS/7138HKO4dyIX8Ca+9gWvEmz
|
||||
UGdTXtYjRl8Wxp+8mePAsR6OaDGLqRfyIveCsSAJiwsQDaVqnVElXUZBp93QySxq
|
||||
RPY8yNrVayiw3lPLe2Q0iHJLfpUEqvIGz0WjfqCkfhMXb93lrjTywsvMRf6ocZOY
|
||||
Xb4paiRlKsJo9a6ZvyH+vuIXv75SUVtdzWs7P998TGo/C8+0Tf/dVgvGB/UfnB0p
|
||||
JkGndpicaJ98Xb+vTrE+/MNpMD0hBzWIbsKs6c50Hfml7Xjb8ngewuKAqXpvdE/S
|
||||
XAEl1l+gnC44ekV0CBWbyWXcsBHopt4plVC1VIH4CgsnHz5xPxTfrrJCTWAvTDpI
|
||||
arHX/6qD+QOMXpT4/W37WxIyTEICBUEGtn6gMbb1xU96WJ3zqp7EYjxO/IOU
|
||||
=Mkw8
|
||||
-----END PGP MESSAGE-----
|
||||
fp: F7D37890228A907440E1FD4846B9228E814A2AAC
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.12.2
|
||||
Reference in New Issue
Block a user