felixalb/pvv-nixos-config
1
0
Fork 0
mirror of https://git.pvv.ntnu.no/Drift/pvv-nixos-config.git synced 2025-12-13 05:37:14 +01:00
Code Issues Projects Releases Wiki Activity

Compare commits

base: felixalb:year-of-the-lord-25-11
Branches Tags
felixalb:main felixalb:year-of-the-lord-25-11 felixalb:bluemap-use-kartverket-python felixalb:gitea-vaskepersonalet felixalb:errorpages felixalb:create-flake-input-exporter felixalb:fix-import-gitea-users-script felixalb:gitea-runners-secrets felixalb:25.05 felixalb:new_nodes felixalb:grg-ip felixalb:nom felixalb:add-skrott felixalb:pvvvvv felixalb:setup-git-mirroring-on-bicep felixalb:init-bakke felixalb:gitea-show-license-in-list-view felixalb:nix-topology felixalb:gitea-robots-txt felixalb:dagali-heimdal-openldap-sasl-stack felixalb:gitea-navbar-get-started felixalb:backup-databases felixalb:openwebui felixalb:setup-openvpn-tunnel felixalb:gitea-gpg-signing felixalb:sleipner-authorised-keys felixalb:openstack-image-builder felixalb:elysium felixalb:smartd-notifs felixalb:systemd-journald-remote felixalb:skrot felixalb:deploy-doorbell felixalb:misc-gitea-fixes felixalb:spotifyd felixalb:remote felixalb:setup-bikkje-login felixalb:ozai-prod felixalb:add-bluemap felixalb:ozai felixalb:setup-postfix-for-service-machines felixalb:fix-gitea-ci-runner-network-issues felixalb:heimdal-openldap-sasl-testing-on-salsa-on-buskerud felixalb:gitea-metrics felixalb:misc1 felixalb:add-simple-saml-theme felixalb:misc-extra-gitea-setup felixalb:setup-kerberos felixalb:setup-home-areas felixalb:shark-kanidm felixalb:prometheusexim
..
compare: felixalb:pvvvvv
Branches Tags
felixalb:main felixalb:year-of-the-lord-25-11 felixalb:bluemap-use-kartverket-python felixalb:gitea-vaskepersonalet felixalb:errorpages felixalb:create-flake-input-exporter felixalb:fix-import-gitea-users-script felixalb:gitea-runners-secrets felixalb:25.05 felixalb:new_nodes felixalb:grg-ip felixalb:nom felixalb:add-skrott felixalb:pvvvvv felixalb:setup-git-mirroring-on-bicep felixalb:init-bakke felixalb:gitea-show-license-in-list-view felixalb:nix-topology felixalb:gitea-robots-txt felixalb:dagali-heimdal-openldap-sasl-stack felixalb:gitea-navbar-get-started felixalb:backup-databases felixalb:openwebui felixalb:setup-openvpn-tunnel felixalb:gitea-gpg-signing felixalb:sleipner-authorised-keys felixalb:openstack-image-builder felixalb:elysium felixalb:smartd-notifs felixalb:systemd-journald-remote felixalb:skrot felixalb:deploy-doorbell felixalb:misc-gitea-fixes felixalb:spotifyd felixalb:remote felixalb:setup-bikkje-login felixalb:ozai-prod felixalb:add-bluemap felixalb:ozai felixalb:setup-postfix-for-service-machines felixalb:fix-gitea-ci-runner-network-issues felixalb:heimdal-openldap-sasl-testing-on-salsa-on-buskerud felixalb:gitea-metrics felixalb:misc1 felixalb:add-simple-saml-theme felixalb:misc-extra-gitea-setup felixalb:setup-kerberos felixalb:setup-home-areas felixalb:shark-kanidm felixalb:prometheusexim

10 Commits
year-of-th ... pvvvvv

Author SHA1 Message Date
Daniel Olsen
1fe3972aa5 diskonaut is dead 2025-05-24 17:18:59 +02:00
Daniel Olsen
e269c1165d update flake.lock 2025-05-24 17:18:59 +02:00
Daniel Olsen
0db8cb5737 kvernberg/taler: various fixes 2025-05-24 17:18:59 +02:00
Daniel Olsen
0880ebb9dc kvernberg/taler: move behind nginx 2025-05-24 17:18:59 +02:00
Daniel Olsen
af8a4890ea kvernberg/taler/bank: init 2025-05-24 17:18:59 +02:00
Daniel Olsen
bf071c64ff kvernberg/taler/exchange: Add more denominations 2025-05-24 17:18:59 +02:00
Daniel Olsen
4dfaf52220 Maybe this sets up the exchange idk.... 2025-05-24 17:18:56 +02:00
Daniel Olsen
767d233dd6 drop when #332699 is used: Use nixpkgs taler branch 2025-05-24 17:17:36 +02:00
Daniel Olsen
14c1365758 kvernberg: temporarily autoupgrade to this branch DROP BEFORE MERGE 2025-05-24 17:17:36 +02:00
Daniel Olsen
a1c8a64c01 kvernberg: init 2025-05-24 17:17:33 +02:00
66 changed files with 1291 additions and 1860 deletions
Expand all files Collapse all files

2
.gitea/workflows/eval.yml
View File

@@ -8,6 +8,6 @@ jobs:
steps: steps:
- uses: actions/checkout@v3 - uses: actions/checkout@v3
- run: apt-get update && apt-get -y install sudo - run: apt-get update && apt-get -y install sudo
- uses: https://github.com/cachix/install-nix-action@v31 - uses: https://github.com/cachix/install-nix-action@v23
- run: echo -e "show-trace = true\nmax-jobs = auto\ntrusted-users = root\nexperimental-features = nix-command flakes\nbuild-users-group =" > /etc/nix/nix.conf - run: echo -e "show-trace = true\nmax-jobs = auto\ntrusted-users = root\nexperimental-features = nix-command flakes\nbuild-users-group =" > /etc/nix/nix.conf
- run: nix flake check - run: nix flake check

25
.mailmap
View File

@@ -1,25 +0,0 @@
Daniel Løvbrøtte Olsen <danio@pvv.ntnu.no> <daniel.olsen99@gmail.com>
Daniel Løvbrøtte Olsen <danio@pvv.ntnu.no> Daniel <danio@pvv.ntnu.no>
Daniel Løvbrøtte Olsen <danio@pvv.ntnu.no> Daniel Lovbrotte Olsen <danio@pvv.ntnu.no>
Daniel Løvbrøtte Olsen <danio@pvv.ntnu.no> Daniel Olsen <danio@pvv.ntnu.no>
Daniel Løvbrøtte Olsen <danio@pvv.ntnu.no> danio <danio@pvv.ntnu.no>
Daniel Løvbrøtte Olsen <danio@pvv.ntnu.no> Daniel Olsen <danio@bicep.pvv.ntnu.no>
Øystein Kristoffer Tveit <oysteikt@pvv.ntnu.no> h7x4 <h7x4@nani.wtf>
Øystein Kristoffer Tveit <oysteikt@pvv.ntnu.no> Øystein Tveit <oysteikt@pvv.ntnu.no>
Øystein Kristoffer Tveit <oysteikt@pvv.ntnu.no> oysteikt <oysteikt@pvv.ntnu.no>
Øystein Kristoffer Tveit <oysteikt@pvv.ntnu.no> Øystein <oysteikt@pvv.org>
Øystein Kristoffer Tveit <oysteikt@pvv.ntnu.no> Oystein Kristoffer Tveit <oysteikt@pvv.ntnu.no>
Felix Albrigtsen <felixalb@pvv.ntnu.no> <felix@albrigtsen.it>
Felix Albrigtsen <felixalb@pvv.ntnu.no> <felixalbrigtsen@gmail.com>
Felix Albrigtsen <felixalb@pvv.ntnu.no> felixalb <felixalb@pvv.ntnu.no>
Peder Bergebakken Sundt <pederbs@pvv.ntnu.no> <pbsds@hotmail.com>
Adrian Gunnar Lauterer <adriangl@pvv.ntnu.no> Adrian G L <adrian@lauterer.it>
Adrian Gunnar Lauterer <adriangl@pvv.ntnu.no> Adrian Gunnar Lauterer <adrian@lauterer.it>
Fredrik Robertsen <frero@pvv.ntnu.no> frero <frero@pvv.ntnu.no>
Fredrik Robertsen <frero@pvv.ntnu.no> fredrikr79 <fredrikrobertsen7@gmail.com>

30
.sops.yaml
View File

@@ -1,6 +1,6 @@
keys: keys:
# Users # Users
- &user_danio age1ug30gg4y7ftuya0wdv7q0vh4egn00wlv2th7mt7cgc2ze46wmvyq9lq6ge - &user_danio age17tagmpwqjk3mdy45rfesrfey6h863x8wfq38wh33tkrlrywxducs0k6tpq
- &user_felixalb age1mrnldl334l2nszuta6ywvewng0fswv2dz9l5g4qcwe3nj4yxf92qjskdx6 - &user_felixalb age1mrnldl334l2nszuta6ywvewng0fswv2dz9l5g4qcwe3nj4yxf92qjskdx6
- &user_oysteikt F7D37890228A907440E1FD4846B9228E814A2AAC - &user_oysteikt F7D37890228A907440E1FD4846B9228E814A2AAC
- &user_eirikwit age1ju7rd26llahz3g8tz7cy5ld52swj8gsmg0flrmrxngc0nj0avq3ssh0sn5 - &user_eirikwit age1ju7rd26llahz3g8tz7cy5ld52swj8gsmg0flrmrxngc0nj0avq3ssh0sn5
@@ -12,14 +12,10 @@ keys:
- &host_jokum age1gp8ye4g2mmw3may5xg0zsy7mm04glfz3788mmdx9cvcsdxs9hg0s0cc9kt - &host_jokum age1gp8ye4g2mmw3may5xg0zsy7mm04glfz3788mmdx9cvcsdxs9hg0s0cc9kt
- &host_ildkule age1x28hmzvuv6f2n66c0jtqcca3h9rput8d7j5uek6jcpx8n9egd52sqpejq0 - &host_ildkule age1x28hmzvuv6f2n66c0jtqcca3h9rput8d7j5uek6jcpx8n9egd52sqpejq0
- &host_bekkalokk age12nj59tguy9wg882updc2vjdusx5srnxmjyfaqve4zx6jnnsaw3qsyjq6zd - &host_bekkalokk age12nj59tguy9wg882updc2vjdusx5srnxmjyfaqve4zx6jnnsaw3qsyjq6zd
- &host_bicep age19nk55kcs7s0358jpkn75xnr57dfq6fq3p43nartvsprx0su22v7qcgcjdx - &host_bicep age1sl43gc9cw939z5tgha2lpwf0xxxgcnlw7w4xem4sqgmt2pt264vq0dmwx2
- &host_ustetind age1hffjafs4slznksefmtqrlj7rdaqgzqncn4un938rhr053237ry8s3rs0v8 - &host_ustetind age1hffjafs4slznksefmtqrlj7rdaqgzqncn4un938rhr053237ry8s3rs0v8
- &host_kommode age1mt4d0hg5g76qp7j0884llemy0k2ymr5up8vfudz6vzvsflk5nptqqd32ly - &host_kommode age1mt4d0hg5g76qp7j0884llemy0k2ymr5up8vfudz6vzvsflk5nptqqd32ly
- &host_lupine-1 age1fkrypl6fu4ldsa7te4g3v4qsegnk7sd6qhkquuwzh04vguy96qus08902e - &host_kvernberg age19rlntxt0m27waa0n288g9wgpksa6ndlzz8eneeqya7w3zd7may0sqzhcvz
- &host_lupine-2 age1mu0ej57n4s30ghealhyju3enls83qyjua69986la35t2yh0q2s0seruz5n
- &host_lupine-3 age1j2u876z8hu87q5npfxzzpfgllyw8ypj66d7cgelmzmnrf3xud34qzkntp9
- &host_lupine-4 age1t8zlawqkmhye737pn8yx0z3p9cl947d9ktv2cajdc6hnvn52d3fsc59s2k
- &host_lupine-5 age199zkqq4jp4yc3d0hx2q0ksxdtp42xhmjsqwyngh8tswuck34ke3smrfyqu
creation_rules: creation_rules:
# Global secrets # Global secrets
@@ -109,19 +105,9 @@ creation_rules:
- *user_pederbs_bjarte - *user_pederbs_bjarte
pgp: pgp:
- *user_oysteikt - *user_oysteikt
- path_regex: secrets/lupine/[^/]+\.yaml$ - path_regex: secrets/kvernberg/[^/]+$
key_groups: key_groups:
- age: - age:
- *host_lupine-1 - *host_kvernberg
- *host_lupine-2 - *user_danio
- *host_lupine-3
- *host_lupine-4
- *host_lupine-5
- *user_danio
- *user_felixalb
- *user_pederbs_sopp
- *user_pederbs_nord
- *user_pederbs_bjarte
pgp:
- *user_oysteikt

23
base/default.nix
View File

@@ -1,9 +1,4 @@
{ { pkgs, lib, fp, ... }:
pkgs,
lib,
fp,
...
}:
{ {
imports = [ imports = [
@@ -12,11 +7,8 @@
./networking.nix ./networking.nix
./nix.nix ./nix.nix
./vm.nix
./flake-input-exporter.nix
./services/acme.nix ./services/acme.nix
./services/uptimed.nix
./services/auto-upgrade.nix ./services/auto-upgrade.nix
./services/dbus.nix ./services/dbus.nix
./services/fwupd.nix ./services/fwupd.nix
@@ -63,16 +55,16 @@
# home-manager usually handles this for you: https://github.com/nix-community/home-manager/blob/22a36aa709de7dd42b562a433b9cefecf104a6ee/modules/programs/bash.nix#L203-L209 # home-manager usually handles this for you: https://github.com/nix-community/home-manager/blob/22a36aa709de7dd42b562a433b9cefecf104a6ee/modules/programs/bash.nix#L203-L209
# btw, programs.bash.shellInit just goes into environment.shellInit which in turn goes into /etc/profile, spooky shit # btw, programs.bash.shellInit just goes into environment.shellInit which in turn goes into /etc/profile, spooky shit
programs.bash.shellInit = '' programs.bash.shellInit = ''
if [ -n "''${BASH_VERSION:-}" ]; then if [ -n "''${BASH_VERSION:-}" ]; then
if [[ ! -f ~/.bash_profile && ! -f ~/.bash_login ]]; then if [[ ! -f ~/.bash_profile && ! -f ~/.bash_login ]]; then
[[ -f ~/.bashrc ]] && . ~/.bashrc [[ -f ~/.bashrc ]] && . ~/.bashrc
fi fi
fi fi
''; '';
programs.zsh.enable = true; programs.zsh.enable = true;
# security.lockKernelModules = true; security.lockKernelModules = true;
security.protectKernelImage = true; security.protectKernelImage = true;
security.sudo.execWheelOnly = true; security.sudo.execWheelOnly = true;
security.sudo.extraConfig = '' security.sudo.extraConfig = ''
@@ -84,3 +76,4 @@
# Trusted users on the nix builder machines # Trusted users on the nix builder machines
users.groups."nix-builder-users".name = "nix-builder-users"; users.groups."nix-builder-users".name = "nix-builder-users";
} }

55
base/flake-input-exporter.nix
View File

@@ -1,55 +0,0 @@
{
config,
inputs,
lib,
pkgs,
values,
...
}:
let
data = lib.flip lib.mapAttrs inputs (
name: input: {
inherit (input)
lastModified
;
}
);
folder = pkgs.writeTextDir "share/flake-inputs" (
lib.concatMapStringsSep "\n" (
{ name, value }: ''nixos_last_modified_input{flake="${name}"} ${toString value.lastModified}''
) (lib.attrsToList data)
);
port = 9102;
in
{
services.nginx.virtualHosts."${config.networking.fqdn}-nixos-metrics" = {
serverName = config.networking.fqdn;
serverAliases = [
"${config.networking.hostName}.pvv.org"
];
locations."/metrics" = {
root = "${folder}/share";
tryFiles = "/flake-inputs =404";
extraConfig = ''
default_type text/plain;
'';
};
listen = [
{
inherit port;
addr = "0.0.0.0";
}
];
extraConfig = ''
allow ${values.hosts.ildkule.ipv4}/32;
allow ${values.hosts.ildkule.ipv6}/128;
allow 127.0.0.1/32;
allow ::1/128;
allow 129.241.210.128/25;
allow 2001:700:300:1900::/64;
deny all;
'';
};
networking.firewall.allowedTCPPorts = [ port ];
}

20
base/nix.nix
View File

@@ -1,4 +1,4 @@
{ lib, config, inputs, ... }: { inputs, ... }:
{ {
nix = { nix = {
gc = { gc = {
@@ -9,9 +9,8 @@
settings = { settings = {
allow-dirty = true; allow-dirty = true;
auto-allocate-uids = true;
builders-use-substitutes = true; builders-use-substitutes = true;
experimental-features = [ "nix-command" "flakes" "auto-allocate-uids" ]; experimental-features = [ "nix-command" "flakes" ];
log-lines = 50; log-lines = 50;
use-xdg-base-directories = true; use-xdg-base-directories = true;
}; };
@@ -22,16 +21,11 @@
** use the same channel the system ** use the same channel the system
** was built with ** was built with
*/ */
registry = lib.mkMerge [ registry = {
{ "nixpkgs".flake = inputs.nixpkgs;
"nixpkgs".flake = inputs.nixpkgs; "nixpkgs-unstable".flake = inputs.nixpkgs-unstable;
"nixpkgs-unstable".flake = inputs.nixpkgs-unstable; "pvv-nix".flake = inputs.self;
} };
# We avoid the reference to self in vmVariant to get a stable system .outPath for equivalence testing
(lib.mkIf (!config.virtualisation.isVmVariant) {
"pvv-nix".flake = inputs.self;
})
];
nixPath = [ nixPath = [
"nixpkgs=${inputs.nixpkgs}" "nixpkgs=${inputs.nixpkgs}"
"unstable=${inputs.nixpkgs-unstable}" "unstable=${inputs.nixpkgs-unstable}"

43
base/services/auto-upgrade.nix
View File

@@ -1,39 +1,26 @@
{ config, inputs, pkgs, lib, ... }: { inputs, pkgs, lib, ... }:
let
inputUrls = lib.mapAttrs (input: value: value.url) (import "${inputs.self}/flake.nix").inputs;
in
{ {
system.autoUpgrade = { system.autoUpgrade = {
enable = true; enable = true;
flake = "git+https://git.pvv.ntnu.no/Drift/pvv-nixos-config.git"; flake = "git+https://git.pvv.ntnu.no/Drift/pvv-nixos-config.git?ref=pvvvvv";
flags = [ flags = [
"--refresh"
"--no-write-lock-file"
# --update-input is deprecated since nix 2.22, and removed in lix 2.90 # --update-input is deprecated since nix 2.22, and removed in lix 2.90
# as such we instead use --override-input combined with --refresh
# https://git.lix.systems/lix-project/lix/issues/400 # https://git.lix.systems/lix-project/lix/issues/400
] ++ (lib.pipe inputUrls [ "--refresh"
(lib.intersectAttrs { "--override-input" "nixpkgs" "github:nixos/nixpkgs/nixos-unstable-small"
nixpkgs = { }; "--override-input" "nixpkgs-unstable" "github:nixos/nixpkgs/nixos-unstable-small"
nixpkgs-unstable = { }; "--no-write-lock-file"
}) ];
(lib.mapAttrsToList (input: url: ["--override-input" input url]))
lib.concatLists
]);
}; };
# workaround for https://github.com/NixOS/nix/issues/6895 # workaround for https://github.com/NixOS/nix/issues/6895
# via https://git.lix.systems/lix-project/lix/issues/400 # via https://git.lix.systems/lix-project/lix/issues/400
environment.etc = lib.mkIf (!config.virtualisation.isVmVariant) { environment.etc."current-system-flake-inputs.json".source
"current-system-flake-inputs.json".source = pkgs.writers.writeJSON "flake-inputs.json" (
= pkgs.writers.writeJSON "flake-inputs.json" ( lib.flip lib.mapAttrs inputs (name: input:
lib.flip lib.mapAttrs inputs (name: input: # inputs.*.sourceInfo sans outPath, since writeJSON will otherwise serialize sourceInfo like a derivation
# inputs.*.sourceInfo sans outPath, since writeJSON will otherwise serialize sourceInfo like a derivation lib.removeAttrs (input.sourceInfo or {}) [ "outPath" ]
lib.removeAttrs (input.sourceInfo or {}) [ "outPath" ] // { store-path = input.outPath; } # comment this line if you don't want to retain a store reference to the flake inputs
// { store-path = input.outPath; } # comment this line if you don't want to retain a store reference to the flake inputs )
) );
);
};
} }

17
base/services/postfix.nix
View File

@@ -6,17 +6,18 @@ in
services.postfix = { services.postfix = {
enable = true; enable = true;
settings.main = { hostname = "${config.networking.hostName}.pvv.ntnu.no";
myhostname = "${config.networking.hostName}.pvv.ntnu.no"; domain = "pvv.ntnu.no";
mydomain = "pvv.ntnu.no";
# Nothing should be delivered to this machine relayHost = "smtp.pvv.ntnu.no";
mydestination = [ ]; relayPort = 465;
relayhost = [ "smtp.pvv.ntnu.no:465" ];
config = {
smtp_tls_wrappermode = "yes"; smtp_tls_wrappermode = "yes";
smtp_tls_security_level = "encrypt"; smtp_tls_security_level = "encrypt";
}; };
# Nothing should be delivered to this machine
destination = [ ];
}; };
} }

59
base/services/uptimed.nix
View File

@@ -1,59 +0,0 @@
{ config, pkgs, lib, ... }:
let
cfg = config.services.uptimed;
in
{
options.services.uptimed.settings = lib.mkOption {
description = "";
default = { };
type = lib.types.submodule {
freeformType = with lib.types; attrsOf (either str (listOf str));
};
};
config = {
services.uptimed = {
enable = true;
settings = let
stateDir = "/var/lib/uptimed";
in {
PIDFILE = "${stateDir}/pid";
SENDMAIL = lib.mkDefault "${pkgs.system-sendmail}/bin/sendmail -t";
};
};
systemd.services.uptimed = lib.mkIf (cfg.enable) {
serviceConfig = let
uptimed = pkgs.uptimed.overrideAttrs (prev: {
postPatch = ''
substituteInPlace Makefile.am \
--replace-fail '$(sysconfdir)/uptimed.conf' '/var/lib/uptimed/uptimed.conf'
substituteInPlace src/Makefile.am \
--replace-fail '$(sysconfdir)/uptimed.conf' '/var/lib/uptimed/uptimed.conf'
'';
});
in {
Type = "notify";
ExecStart = lib.mkForce "${uptimed}/sbin/uptimed -f";
BindReadOnlyPaths = let
configFile = lib.pipe cfg.settings [
(lib.mapAttrsToList
(k: v:
if builtins.isList v
then lib.mapConcatStringsSep "\n" (v': "${k}=${v'}") v
else "${k}=${v}")
)
(lib.concatStringsSep "\n")
(pkgs.writeText "uptimed.conf")
];
in [
"${configFile}:/var/lib/uptimed/uptimed.conf"
];
};
};
};
}

15
base/vm.nix
View File

@@ -1,15 +0,0 @@
{ lib, ... }:
# This enables
# lib.mkIf (!config.virtualisation.isVmVariant) { ... }
{
options.virtualisation.isVmVariant = lib.mkOption {
description = "`true` if system is build with 'nixos-rebuild build-vm'";
type = lib.types.bool;
default = false;
};
config.virtualisation.vmVariant = {
virtualisation.isVmVariant = true;
};
}

158
flake.lock generated
View File

@@ -7,11 +7,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1764627417, "lastModified": 1739634831,
"narHash": "sha256-D6xc3Rl8Ab6wucJWdvjNsGYGSxNjQHzRc2EZ6eeQ6l4=", "narHash": "sha256-xFnU+uUl48Icas2wPQ+ZzlL2O3n8f6J2LrzNK9f2nng=",
"owner": "nix-community", "owner": "nix-community",
"repo": "disko", "repo": "disko",
"rev": "5a88a6eceb8fd732b983e72b732f6f4b8269bef3", "rev": "fa5746ecea1772cf59b3f34c5816ab3531478142",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -27,11 +27,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1764868579, "lastModified": 1736621371,
"narHash": "sha256-rfTUOIc0wnC4+19gLVfPbHfXx/ilfuUix6bWY+yaM2U=", "narHash": "sha256-45UIQSQA7R5iU4YWvilo7mQbhY1Liql9bHBvYa3qRI0=",
"ref": "refs/heads/main", "ref": "refs/heads/main",
"rev": "9c923d1d50daa6a3b28c3214ad2300bfaf6c8fcd", "rev": "3729796c1213fe76e568ac28f1df8de4e596950b",
"revCount": 22, "revCount": 20,
"type": "git", "type": "git",
"url": "https://git.pvv.ntnu.no/Grzegorz/gergle.git" "url": "https://git.pvv.ntnu.no/Grzegorz/gergle.git"
}, },
@@ -48,11 +48,11 @@
"rust-overlay": "rust-overlay" "rust-overlay": "rust-overlay"
}, },
"locked": { "locked": {
"lastModified": 1764868843, "lastModified": 1736545379,
"narHash": "sha256-ZXYLXKO+VjAJr2f5zz+7SuKFICfI2eZnmTgS/626YE0=", "narHash": "sha256-PeTTmGumdOX3rd6OKI7QMCrZovCDkrckZbcHr+znxWA=",
"ref": "refs/heads/main", "ref": "refs/heads/main",
"rev": "c095533c50e80dd18ac48046f1479cf4d83c631c", "rev": "74f5316121776db2769385927ec0d0c2cc2b23e4",
"revCount": 52, "revCount": 42,
"type": "git", "type": "git",
"url": "https://git.pvv.ntnu.no/Grzegorz/greg-ng.git" "url": "https://git.pvv.ntnu.no/Grzegorz/greg-ng.git"
}, },
@@ -68,11 +68,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1764867811, "lastModified": 1736178795,
"narHash": "sha256-UWHiwr8tIcGcVxMLvAdNxDbQ8QuHf3REHboyxvFkYEI=", "narHash": "sha256-mPdi8cgvIDYcgG3FRG7A4BOIMu2Jef96TPMnV00uXlM=",
"ref": "refs/heads/master", "ref": "refs/heads/master",
"rev": "c9983e947efe047ea9d6f97157a1f90e49d0eab3", "rev": "fde738910de1fd8293535a6382c2f0c2749dd7c1",
"revCount": 81, "revCount": 79,
"type": "git", "type": "git",
"url": "https://git.pvv.ntnu.no/Grzegorz/grzegorz-clients.git" "url": "https://git.pvv.ntnu.no/Grzegorz/grzegorz-clients.git"
}, },
@@ -88,58 +88,33 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1764844095, "lastModified": 1727410897,
"narHash": "sha256-Drf1orxsmFDzO+UbPo85gHjXW7QzAM+6oTPvI7vOSik=", "narHash": "sha256-tWsyxvf421ieWUJYgjV7m1eTdr2ZkO3vId7vmtvfFpQ=",
"owner": "dali99", "owner": "dali99",
"repo": "nixos-matrix-modules", "repo": "nixos-matrix-modules",
"rev": "25b9f31ef1dbc3987b4c716de716239f2b283701", "rev": "ff787d410cba17882cd7b6e2e22cc88d4064193c",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "dali99", "owner": "dali99",
"ref": "master", "ref": "v0.6.1",
"repo": "nixos-matrix-modules", "repo": "nixos-matrix-modules",
"type": "github" "type": "github"
} }
}, },
"minecraft-heatmap": { "minecraft-data": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": { "locked": {
"lastModified": 1756124334, "lastModified": 1725277886,
"narHash": "sha256-DXFmSpgI8FrqcdqY7wg5l/lpssWjslHq5ufvyp/5k4o=", "narHash": "sha256-Fw4VbbE3EfypQWSgPDFfvVH47BHeg3ptsO715NlUM8Q=",
"ref": "refs/heads/main", "ref": "refs/heads/master",
"rev": "83760b1ebcd9722ddf58a4117d29555da65538ad", "rev": "1b4087bd3322a2e2ba84271c8fcc013e6b641a58",
"revCount": 13, "revCount": 2,
"type": "git", "type": "git",
"url": "https://git.pvv.ntnu.no/Projects/minecraft-heatmap.git" "url": "https://git.pvv.ntnu.no/Drift/minecraft-data.git"
}, },
"original": { "original": {
"type": "git", "type": "git",
"url": "https://git.pvv.ntnu.no/Projects/minecraft-heatmap.git" "url": "https://git.pvv.ntnu.no/Drift/minecraft-data.git"
}
},
"minecraft-kartverket": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1764830810,
"narHash": "sha256-I/pVqi4STwmJbpFDI9TmU9PS1lKuYdbJLcztukvZ3PU=",
"ref": "refs/heads/main",
"rev": "df52aa968679a62745bf42c272de53fdd9a035ac",
"revCount": 16,
"type": "git",
"url": "https://git.pvv.ntnu.no/Projects/minecraft-kartverket.git"
},
"original": {
"type": "git",
"url": "https://git.pvv.ntnu.no/Projects/minecraft-kartverket.git"
} }
}, },
"nix-gitea-themes": { "nix-gitea-themes": {
@@ -149,43 +124,49 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1743881366, "lastModified": 1736531400,
"narHash": "sha256-ScGA2IHPk9ugf9bqEZnp+YB/OJgrkZblnG/XLEKvJAo=", "narHash": "sha256-+X/HVI1AwoPcud28wI35XRrc1kDgkYdDUGABJBAkxDI=",
"ref": "refs/heads/main", "ref": "refs/heads/main",
"rev": "db2e4becf1b11e5dfd33de12a90a7d089fcf68ec", "rev": "e4dafd06b3d7e9e6e07617766e9c3743134571b7",
"revCount": 11, "revCount": 7,
"type": "git", "type": "git",
"url": "https://git.pvv.ntnu.no/Drift/nix-gitea-themes.git" "url": "https://git.pvv.ntnu.no/oysteikt/nix-gitea-themes.git"
}, },
"original": { "original": {
"type": "git", "type": "git",
"url": "https://git.pvv.ntnu.no/Drift/nix-gitea-themes.git" "url": "https://git.pvv.ntnu.no/oysteikt/nix-gitea-themes.git"
} }
}, },
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1764806471, "lastModified": 1739611738,
"narHash": "sha256-Qk0SArnS83KqyS9wNt1YoTkkYKDraNrjRWKUtB9DKoM=", "narHash": "sha256-3bnOIZz8KXtzcaXGuH9Eriv0HiQyr1EIfcye+VHLQZE=",
"rev": "6707b1809330d0f912f5813963bb29f6f194ee81", "owner": "NixOS",
"type": "tarball", "repo": "nixpkgs",
"url": "https://releases.nixos.org/nixos/25.11-small/nixos-25.11.896.6707b1809330/nixexprs.tar.xz" "rev": "31ff66eb77d02e9ac34b7256a02edb1c43fb9998",
"type": "github"
}, },
"original": { "original": {
"type": "tarball", "owner": "NixOS",
"url": "https://nixos.org/channels/nixos-25.11-small/nixexprs.tar.xz" "ref": "nixos-unstable-small",
"repo": "nixpkgs",
"type": "github"
} }
}, },
"nixpkgs-unstable": { "nixpkgs-unstable": {
"locked": { "locked": {
"lastModified": 1764854611, "lastModified": 1739611738,
"narHash": "sha256-MVzFp4ZKwdh6U1wy4fJe/GY3Hb4cvvyJbAZOhaeBQoo=", "narHash": "sha256-3bnOIZz8KXtzcaXGuH9Eriv0HiQyr1EIfcye+VHLQZE=",
"rev": "3a4b875aef660bbd148e86b92cffea2a360c3275", "owner": "NixOS",
"type": "tarball", "repo": "nixpkgs",
"url": "https://releases.nixos.org/nixos/unstable-small/nixos-26.05pre906534.3a4b875aef66/nixexprs.tar.xz" "rev": "31ff66eb77d02e9ac34b7256a02edb1c43fb9998",
"type": "github"
}, },
"original": { "original": {
"type": "tarball", "owner": "NixOS",
"url": "https://nixos.org/channels/nixos-unstable-small/nixexprs.tar.xz" "ref": "nixos-unstable-small",
"repo": "nixpkgs",
"type": "github"
} }
}, },
"pvv-calendar-bot": { "pvv-calendar-bot": {
@@ -195,11 +176,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1764869785, "lastModified": 1723850344,
"narHash": "sha256-FGTIpC7gB4lbeL0bfYzn1Ge0PaCpd7VqWBLhJBx0i4A=", "narHash": "sha256-aT37O9l9eclWEnqxASVNBL1dKwDHZUOqdbA4VO9DJvw=",
"ref": "refs/heads/main", "ref": "refs/heads/main",
"rev": "8ce7fb0b1918bdb3d1489a40d73895693955e8b2", "rev": "38b66677ab8c01aee10cd59e745af9ce3ea88092",
"revCount": 23, "revCount": 19,
"type": "git", "type": "git",
"url": "https://git.pvv.ntnu.no/Projects/calendar-bot.git" "url": "https://git.pvv.ntnu.no/Projects/calendar-bot.git"
}, },
@@ -215,11 +196,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1757332682, "lastModified": 1737151758,
"narHash": "sha256-4p4aVQWs7jHu3xb6TJlGik20lqbUU/Fc0/EHpzoRlO0=", "narHash": "sha256-yZBsefIarFUEhFRj+rCGMp9Zvag3MCafqV/JfGVRVwc=",
"ref": "refs/heads/main", "ref": "refs/heads/master",
"rev": "da1113341ad9881d8d333d1e29790317bd7701e7", "rev": "a4ebe6ded0c8c124561a41cb329ff30891914b5e",
"revCount": 518, "revCount": 475,
"type": "git", "type": "git",
"url": "https://git.pvv.ntnu.no/Projects/nettsiden.git" "url": "https://git.pvv.ntnu.no/Projects/nettsiden.git"
}, },
@@ -235,8 +216,7 @@
"greg-ng": "greg-ng", "greg-ng": "greg-ng",
"grzegorz-clients": "grzegorz-clients", "grzegorz-clients": "grzegorz-clients",
"matrix-next": "matrix-next", "matrix-next": "matrix-next",
"minecraft-heatmap": "minecraft-heatmap", "minecraft-data": "minecraft-data",
"minecraft-kartverket": "minecraft-kartverket",
"nix-gitea-themes": "nix-gitea-themes", "nix-gitea-themes": "nix-gitea-themes",
"nixpkgs": "nixpkgs", "nixpkgs": "nixpkgs",
"nixpkgs-unstable": "nixpkgs-unstable", "nixpkgs-unstable": "nixpkgs-unstable",
@@ -253,11 +233,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1764816035, "lastModified": 1729391507,
"narHash": "sha256-F0IQSmSj4t2ThkbWZooAhkCTO+YpZSd2Pqiv2uoYEHo=", "narHash": "sha256-as0I9xieJUHf7kiK2a9znDsVZQTFWhM1pLivII43Gi0=",
"owner": "oxalica", "owner": "oxalica",
"repo": "rust-overlay", "repo": "rust-overlay",
"rev": "74d9abb7c5c030469f90d97a67d127cc5d76c238", "rev": "784981a9feeba406de38c1c9a3decf966d853cca",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -273,11 +253,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1764483358, "lastModified": 1739262228,
"narHash": "sha256-EyyvCzXoHrbL467YSsQBTWWg4sR96MH1sPpKoSOelB4=", "narHash": "sha256-7JAGezJ0Dn5qIyA2+T4Dt/xQgAbhCglh6lzCekTVMeU=",
"owner": "Mic92", "owner": "Mic92",
"repo": "sops-nix", "repo": "sops-nix",
"rev": "5aca6ff67264321d47856a2ed183729271107c9c", "rev": "07af005bb7d60c7f118d9d9f5530485da5d1e975",
"type": "github" "type": "github"
}, },
"original": { "original": {

82
flake.nix
View File

@@ -2,8 +2,8 @@
description = "PVV System flake"; description = "PVV System flake";
inputs = { inputs = {
nixpkgs.url = "https://nixos.org/channels/nixos-25.11-small/nixexprs.tar.xz"; nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable-small"; # remember to also update the url in base/services/auto-upgrade.nix
nixpkgs-unstable.url = "https://nixos.org/channels/nixos-unstable-small/nixexprs.tar.xz"; nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixos-unstable-small";
sops-nix.url = "github:Mic92/sops-nix"; sops-nix.url = "github:Mic92/sops-nix";
sops-nix.inputs.nixpkgs.follows = "nixpkgs"; sops-nix.inputs.nixpkgs.follows = "nixpkgs";
@@ -17,15 +17,12 @@
pvv-calendar-bot.url = "git+https://git.pvv.ntnu.no/Projects/calendar-bot.git"; pvv-calendar-bot.url = "git+https://git.pvv.ntnu.no/Projects/calendar-bot.git";
pvv-calendar-bot.inputs.nixpkgs.follows = "nixpkgs"; pvv-calendar-bot.inputs.nixpkgs.follows = "nixpkgs";
matrix-next.url = "github:dali99/nixos-matrix-modules/master"; matrix-next.url = "github:dali99/nixos-matrix-modules/0.7.0";
matrix-next.inputs.nixpkgs.follows = "nixpkgs"; matrix-next.inputs.nixpkgs.follows = "nixpkgs";
nix-gitea-themes.url = "git+https://git.pvv.ntnu.no/Drift/nix-gitea-themes.git"; nix-gitea-themes.url = "git+https://git.pvv.ntnu.no/Drift/nix-gitea-themes.git";
nix-gitea-themes.inputs.nixpkgs.follows = "nixpkgs"; nix-gitea-themes.inputs.nixpkgs.follows = "nixpkgs";
minecraft-heatmap.url = "git+https://git.pvv.ntnu.no/Projects/minecraft-heatmap.git";
minecraft-heatmap.inputs.nixpkgs.follows = "nixpkgs";
greg-ng.url = "git+https://git.pvv.ntnu.no/Grzegorz/greg-ng.git"; greg-ng.url = "git+https://git.pvv.ntnu.no/Grzegorz/greg-ng.git";
greg-ng.inputs.nixpkgs.follows = "nixpkgs"; greg-ng.inputs.nixpkgs.follows = "nixpkgs";
gergle.url = "git+https://git.pvv.ntnu.no/Grzegorz/gergle.git"; gergle.url = "git+https://git.pvv.ntnu.no/Grzegorz/gergle.git";
@@ -33,8 +30,7 @@
grzegorz-clients.url = "git+https://git.pvv.ntnu.no/Grzegorz/grzegorz-clients.git"; grzegorz-clients.url = "git+https://git.pvv.ntnu.no/Grzegorz/grzegorz-clients.git";
grzegorz-clients.inputs.nixpkgs.follows = "nixpkgs"; grzegorz-clients.inputs.nixpkgs.follows = "nixpkgs";
minecraft-kartverket.url = "git+https://git.pvv.ntnu.no/Projects/minecraft-kartverket.git"; minecraft-data.url = "git+https://git.pvv.ntnu.no/Projects/minecraft-kartverket.git";
minecraft-kartverket.inputs.nixpkgs.follows = "nixpkgs";
}; };
outputs = { self, nixpkgs, nixpkgs-unstable, sops-nix, disko, ... }@inputs: outputs = { self, nixpkgs, nixpkgs-unstable, sops-nix, disko, ... }@inputs:
@@ -59,28 +55,19 @@
nixosConfigurations = let nixosConfigurations = let
unstablePkgs = nixpkgs-unstable.legacyPackages.x86_64-linux; unstablePkgs = nixpkgs-unstable.legacyPackages.x86_64-linux;
nixosConfig = nixpkgs: name: config: lib.nixosSystem (lib.recursiveUpdate
nixosConfig = rec {
nixpkgs:
name:
configurationPath:
extraArgs:
lib.nixosSystem (lib.recursiveUpdate
(let
system = "x86_64-linux"; system = "x86_64-linux";
in {
inherit system;
specialArgs = { specialArgs = {
inherit unstablePkgs inputs; inherit unstablePkgs inputs;
values = import ./values.nix; values = import ./values.nix;
fp = path: ./${path}; fp = path: ./${path};
} // extraArgs.specialArgs or { }; };
modules = [ modules = [
configurationPath ./hosts/${name}/configuration.nix
sops-nix.nixosModules.sops sops-nix.nixosModules.sops
] ++ extraArgs.modules or []; ] ++ config.modules or [];
pkgs = import nixpkgs { pkgs = import nixpkgs {
inherit system; inherit system;
@@ -91,33 +78,23 @@
]; ];
overlays = [ overlays = [
# Global overlays go here # Global overlays go here
] ++ extraArgs.overlays or [ ]; ] ++ config.overlays or [ ];
}; };
}) }
(builtins.removeAttrs extraArgs [ (removeAttrs config [ "modules" "overlays" ])
"modules"
"overlays"
"specialArgs"
])
); );
stableNixosConfig = name: extraArgs: stableNixosConfig = nixosConfig nixpkgs;
nixosConfig nixpkgs name ./hosts/${name}/configuration.nix extraArgs; unstableNixosConfig = nixosConfig nixpkgs-unstable;
in { in {
bicep = stableNixosConfig "bicep" { bicep = stableNixosConfig "bicep" {
modules = [ modules = [
inputs.matrix-next.nixosModules.default inputs.matrix-next.nixosModules.default
inputs.pvv-calendar-bot.nixosModules.default inputs.pvv-calendar-bot.nixosModules.default
inputs.minecraft-heatmap.nixosModules.default
self.nixosModules.gickup self.nixosModules.gickup
self.nixosModules.matrix-ooye
]; ];
overlays = [ overlays = [
inputs.pvv-calendar-bot.overlays.default inputs.pvv-calendar-bot.overlays.x86_64-linux.default
inputs.minecraft-heatmap.overlays.default
(final: prev: {
inherit (self.packages.${prev.system}) out-of-your-element;
})
]; ];
}; };
bekkalokk = stableNixosConfig "bekkalokk" { bekkalokk = stableNixosConfig "bekkalokk" {
@@ -134,6 +111,12 @@
inputs.pvv-nettsiden.nixosModules.default inputs.pvv-nettsiden.nixosModules.default
]; ];
}; };
bob = stableNixosConfig "bob" {
modules = [
disko.nixosModules.disko
{ disko.devices.disk.disk1.device = "/dev/vda"; }
];
};
ildkule = stableNixosConfig "ildkule" { }; ildkule = stableNixosConfig "ildkule" { };
#ildkule-unstable = unstableNixosConfig "ildkule" { }; #ildkule-unstable = unstableNixosConfig "ildkule" { };
shark = stableNixosConfig "shark" { }; shark = stableNixosConfig "shark" { };
@@ -176,29 +159,25 @@
inputs.gergle.overlays.default inputs.gergle.overlays.default
]; ];
}; };
} kvernberg = stableNixosConfig "kvernberg" {
// modules = [
(let disko.nixosModules.disko
machineNames = map (i: "lupine-${toString i}") (lib.range 1 5); { disko.devices.disk.disk1.device = "/dev/sda"; }
stableLupineNixosConfig = name: extraArgs: ];
nixosConfig nixpkgs name ./hosts/lupine/configuration.nix extraArgs; };
in lib.genAttrs machineNames (name: stableLupineNixosConfig name { };
modules = [{ networking.hostName = name; }];
specialArgs.lupineName = name;
}));
nixosModules = { nixosModules = {
snakeoil-certs = ./modules/snakeoil-certs.nix; snakeoil-certs = ./modules/snakeoil-certs.nix;
snappymail = ./modules/snappymail.nix; snappymail = ./modules/snappymail.nix;
robots-txt = ./modules/robots-txt.nix; robots-txt = ./modules/robots-txt.nix;
gickup = ./modules/gickup; gickup = ./modules/gickup;
matrix-ooye = ./modules/matrix-ooye.nix;
}; };
devShells = forAllSystems (system: { devShells = forAllSystems (system: {
default = nixpkgs-unstable.legacyPackages.${system}.callPackage ./shell.nix { }; default = nixpkgs.legacyPackages.${system}.callPackage ./shell.nix { };
cuda = let cuda = let
cuda-pkgs = import nixpkgs-unstable { cuda-pkgs = import nixpkgs {
inherit system; inherit system;
config = { config = {
allowUnfree = true; allowUnfree = true;
@@ -220,7 +199,6 @@
simplesamlphp = pkgs.callPackage ./packages/simplesamlphp { }; simplesamlphp = pkgs.callPackage ./packages/simplesamlphp { };
out-of-your-element = pkgs.callPackage ./packages/out-of-your-element.nix { };
} // } //
(lib.pipe null [ (lib.pipe null [
(_: pkgs.callPackage ./packages/mediawiki-extensions { }) (_: pkgs.callPackage ./packages/mediawiki-extensions { })

18
hosts/bekkalokk/services/bluemap/default.nix
View File

@@ -1,7 +1,6 @@
{ config, lib, pkgs, inputs, ... }: { config, lib, pkgs, inputs, ... }:
let let
vanillaSurvival = "/var/lib/bluemap/vanilla_survival_world"; vanillaSurvival = "/var/lib/bluemap/vanilla_survival_world";
format = pkgs.formats.hocon { };
in { in {
imports = [ imports = [
./module.nix # From danio, pending upstreaming ./module.nix # From danio, pending upstreaming
@@ -15,24 +14,20 @@ in {
services.bluemap = { services.bluemap = {
enable = true; enable = true;
package = pkgs.callPackage ./package.nix { }; package = pkgs.callPackage ./package.nix { };
eula = true; eula = true;
onCalendar = "*-*-* 05:45:00"; # a little over an hour after auto-upgrade onCalendar = "*-*-* 05:45:00"; # a little over an hour after auto-upgrade
host = "minecraft.pvv.ntnu.no"; host = "minecraft.pvv.ntnu.no";
maps = let maps = {
inherit (inputs.minecraft-kartverket.packages.${pkgs.stdenv.hostPlatform.system}) bluemap-export;
in {
"verden" = { "verden" = {
settings = { settings = {
world = vanillaSurvival; world = vanillaSurvival;
sorting = 0; sorting = 0;
ambient-light = 0.1; ambient-light = 0.1;
cave-detection-ocean-floor = -5; cave-detection-ocean-floor = -5;
marker-sets = { marker-sets = inputs.minecraft-data.map-markers.vanillaSurvival.verden;
_includes = [ (format.lib.mkInclude "${bluemap-export}/overworld.hocon") ];
};
}; };
}; };
"underverden" = { "underverden" = {
@@ -47,9 +42,7 @@ in {
cave-detection-ocean-floor = -5; cave-detection-ocean-floor = -5;
cave-detection-uses-block-light = true; cave-detection-uses-block-light = true;
max-y = 90; max-y = 90;
marker-sets = { marker-sets = inputs.minecraft-data.map-markers.vanillaSurvival.underverden;
_includes = [ (format.lib.mkInclude "${bluemap-export}/nether.hocon") ];
};
}; };
}; };
"enden" = { "enden" = {
@@ -62,9 +55,6 @@ in {
world-sky-light = 0; world-sky-light = 0;
remove-caves-below-y = -10000; remove-caves-below-y = -10000;
cave-detection-ocean-floor = -5; cave-detection-ocean-floor = -5;
marker-sets = {
_includes = [ (format.lib.mkInclude "${bluemap-export}/the-end.hocon") ];
};
}; };
}; };
}; };

20
hosts/bicep/configuration.nix
View File

@@ -8,8 +8,7 @@
./services/nginx ./services/nginx
./services/calendar-bot.nix ./services/calendar-bot.nix
#./services/git-mirrors ./services/git-mirrors
#./services/minecraft-heatmap.nix
./services/mysql.nix ./services/mysql.nix
./services/postgres.nix ./services/postgres.nix
@@ -21,15 +20,13 @@
sops.age.keyFile = "/var/lib/sops-nix/key.txt"; sops.age.keyFile = "/var/lib/sops-nix/key.txt";
sops.age.generateKey = true; sops.age.generateKey = true;
boot.loader.systemd-boot.enable = true; boot.loader.grub.enable = true;
boot.loader.efi.canTouchEfiVariables = true; boot.loader.grub.device = "/dev/disk/by-id/scsi-3600508b1001cb1a8751c137b30610682";
networking.hostName = "bicep"; networking.hostName = "bicep";
#systemd.network.networks."30-enp6s0f0" = values.defaultNetworkConfig // { systemd.network.networks."30-enp6s0f0" = values.defaultNetworkConfig // {
systemd.network.networks."30-ens18" = values.defaultNetworkConfig // { matchConfig.Name = "enp6s0f0";
#matchConfig.Name = "enp6s0f0";
matchConfig.Name = "ens18";
address = with values.hosts.bicep; [ (ipv4 + "/25") (ipv6 + "/64") ] address = with values.hosts.bicep; [ (ipv4 + "/25") (ipv6 + "/64") ]
++ (with values.services.turn; [ (ipv4 + "/25") (ipv6 + "/64") ]); ++ (with values.services.turn; [ (ipv4 + "/25") (ipv6 + "/64") ]);
}; };
@@ -40,13 +37,6 @@
# There are no smart devices # There are no smart devices
services.smartd.enable = false; services.smartd.enable = false;
# we are a vm now
services.qemuGuest.enable = true;
# Enable the OpenSSH daemon.
services.openssh.enable = true;
services.sshguard.enable = true;
# Do not change, even during upgrades. # Do not change, even during upgrades.
# See https://search.nixos.org/options?show=system.stateVersion # See https://search.nixos.org/options?show=system.stateVersion
system.stateVersion = "22.11"; system.stateVersion = "22.11";

25
hosts/bicep/hardware-configuration.nix
View File

@@ -5,29 +5,22 @@
{ {
imports = imports =
[ (modulesPath + "/profiles/qemu-guest.nix") [ (modulesPath + "/installer/scan/not-detected.nix")
]; ];
boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "ahci" "sd_mod" "sr_mod" ]; boot.initrd.availableKernelModules = [ "uhci_hcd" "ehci_pci" "hpsa" "ohci_pci" "usbhid" "sd_mod" ];
boot.initrd.kernelModules = [ ]; boot.initrd.kernelModules = [ ];
boot.kernelModules = [ ]; boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ]; boot.extraModulePackages = [ ];
fileSystems."/" = fileSystems."/" =
{ device = "/dev/disk/by-uuid/20e06202-7a09-47cc-8ef6-5e7afe19453a"; { device = "/dev/disk/by-uuid/31a67903-dc00-448a-a24a-36e820318fe5";
fsType = "ext4"; fsType = "ext4";
}; };
# temp data disk, only 128gb not enough until we can add another disk to the system.
fileSystems."/data" = fileSystems."/data" =
{ device = "/dev/disk/by-uuid/c81af266-0781-4084-b8eb-c2587cbcf1ba"; { device = "/dev/disk/by-uuid/79e93eed-ad95-45c9-b115-4ef92afcc8c0";
fsType = "ext4"; fsType = "f2fs";
};
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/198B-E363";
fsType = "vfat";
options = [ "fmask=0022" "dmask=0022" ];
}; };
swapDevices = [ ]; swapDevices = [ ];
@@ -37,7 +30,11 @@
# still possible to use this option, but it's recommended to use it in conjunction # still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`. # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true; networking.useDHCP = lib.mkDefault true;
# networking.interfaces.ens18.useDHCP = lib.mkDefault true; # networking.interfaces.enp6s0f0.useDHCP = lib.mkDefault true;
# networking.interfaces.enp6s0f1.useDHCP = lib.mkDefault true;
# networking.interfaces.enp6s0f2.useDHCP = lib.mkDefault true;
# networking.interfaces.enp6s0f3.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
} }

8
hosts/bicep/services/git-mirrors/default.nix
View File

@@ -17,7 +17,7 @@ in
zip = false; zip = false;
keep = 10; keep = 10;
bare = true; bare = true;
lfs = false; lfs = true;
}; };
instances = let instances = let
@@ -59,7 +59,7 @@ in
}; };
services.cgit = let services.cgit = let
domain = "mirrors.pvv.ntnu.no"; domain = "bicep.pvv.ntnu.no";
in { in {
${domain} = { ${domain} = {
enable = true; enable = true;
@@ -81,7 +81,7 @@ in
}; };
}; };
services.nginx.virtualHosts."mirrors.pvv.ntnu.no" = { services.nginx.virtualHosts."bicep.pvv.ntnu.no" = {
forceSSL = true; forceSSL = true;
enableACME = true; enableACME = true;
@@ -94,7 +94,7 @@ in
in toString small-pvv-logo; in toString small-pvv-logo;
}; };
systemd.services."fcgiwrap-cgit-mirrors.pvv.ntnu.no" = { systemd.services."fcgiwrap-cgit-bicep.pvv.ntnu.no" = {
serviceConfig.BindReadOnlyPaths = [ cfg.dataDir ]; serviceConfig.BindReadOnlyPaths = [ cfg.dataDir ];
}; };
} }

3
hosts/bicep/services/matrix/default.nix
View File

@@ -9,8 +9,7 @@
./coturn.nix ./coturn.nix
./mjolnir.nix ./mjolnir.nix
# ./discord.nix ./discord.nix
./out-of-your-element.nix
./hookshot ./hookshot
]; ];

2
hosts/bicep/services/matrix/discord.nix
View File

@@ -45,7 +45,7 @@ in
}; };
services.mx-puppet-discord.enable = false; services.mx-puppet-discord.enable = true;
services.mx-puppet-discord.settings = { services.mx-puppet-discord.settings = {
bridge = { bridge = {
bindAddress = "localhost"; bindAddress = "localhost";

10
hosts/bicep/services/matrix/hookshot/default.nix
View File

@@ -77,14 +77,14 @@ in
outbound = true; outbound = true;
urlPrefix = "https://hookshot.pvv.ntnu.no/webhook/"; urlPrefix = "https://hookshot.pvv.ntnu.no/webhook/";
userIdPrefix = "_webhooks_"; userIdPrefix = "_webhooks_";
allowJsTransformationFunctions = true; allowJsTransformationFunctions = false;
waitForComplete = false; waitForComplete = false;
}; };
feeds = { feeds = {
enabled = true; enabled = true;
pollIntervalSeconds = 600; pollIntervalSeconds = 600;
}; };
serviceBots = [ serviceBots = [
{ localpart = "bot_feeds"; { localpart = "bot_feeds";
displayname = "Aya"; displayname = "Aya";
@@ -94,11 +94,6 @@ in
} }
]; ];
widgets = {
roomSetupWidget.addOnInvite = false;
publicUrl = "https://hookshot.pvv.ntnu.no/widgetapi/v1/static";
};
permissions = [ permissions = [
# Users of the PVV Server # Users of the PVV Server
{ actor = "pvv.ntnu.no"; { actor = "pvv.ntnu.no";
@@ -133,7 +128,6 @@ in
services.nginx.virtualHosts."hookshot.pvv.ntnu.no" = { services.nginx.virtualHosts."hookshot.pvv.ntnu.no" = {
enableACME = true; enableACME = true;
addSSL = true;
locations."/" = { locations."/" = {
proxyPass = "http://${webhookListenAddress}:${toString webhookListenPort}"; proxyPass = "http://${webhookListenAddress}:${toString webhookListenPort}";
}; };

66
hosts/bicep/services/matrix/out-of-your-element.nix
View File

@@ -1,66 +0,0 @@
{ config, pkgs, fp, ... }:
let
cfg = config.services.matrix-ooye;
in
{
users.groups.keys-matrix-registrations = { };
sops.secrets = {
"matrix/ooye/as_token" = {
sopsFile = fp /secrets/bicep/matrix.yaml;
key = "ooye/as_token";
};
"matrix/ooye/hs_token" = {
sopsFile = fp /secrets/bicep/matrix.yaml;
key = "ooye/hs_token";
};
"matrix/ooye/discord_token" = {
sopsFile = fp /secrets/bicep/matrix.yaml;
key = "ooye/discord_token";
};
"matrix/ooye/discord_client_secret" = {
sopsFile = fp /secrets/bicep/matrix.yaml;
key = "ooye/discord_client_secret";
};
};
services.matrix-ooye = {
enable = true;
homeserver = "https://matrix.pvv.ntnu.no";
homeserverName = "pvv.ntnu.no";
discordTokenPath = config.sops.secrets."matrix/ooye/discord_token".path;
discordClientSecretPath = config.sops.secrets."matrix/ooye/discord_client_secret".path;
bridgeOrigin = "https://ooye.pvv.ntnu.no";
enableSynapseIntegration = false;
};
systemd.services."matrix-synapse" = {
after = [
"matrix-ooye-pre-start.service"
"network-online.target"
];
requires = [ "matrix-ooye-pre-start.service" ];
serviceConfig = {
LoadCredential = [
"matrix-ooye-registration:/var/lib/matrix-ooye/registration.yaml"
];
ExecStartPre = [
"+${pkgs.coreutils}/bin/cp /run/credentials/matrix-synapse.service/matrix-ooye-registration ${config.services.matrix-synapse-next.dataDir}/ooye-registration.yaml"
"+${pkgs.coreutils}/bin/chown matrix-synapse:keys-matrix-registrations ${config.services.matrix-synapse-next.dataDir}/ooye-registration.yaml"
];
};
};
services.matrix-synapse-next.settings = {
app_service_config_files = [
"${config.services.matrix-synapse-next.dataDir}/ooye-registration.yaml"
];
};
services.nginx.virtualHosts."ooye.pvv.ntnu.no" = {
forceSSL = true;
enableACME = true;
locations."/".proxyPass = "http://localhost:${cfg.socket}";
};
}

5
hosts/bicep/services/matrix/smtp-authenticator/default.nix
View File

@@ -1,4 +1,4 @@
{ lib, buildPythonPackage, fetchFromGitHub, setuptools }: { lib, buildPythonPackage, fetchFromGitHub }:
buildPythonPackage rec { buildPythonPackage rec {
pname = "matrix-synapse-smtp-auth"; pname = "matrix-synapse-smtp-auth";
@@ -6,9 +6,6 @@ buildPythonPackage rec {
src = ./.; src = ./.;
pyproject = true;
build-system = [ setuptools ];
doCheck = false; doCheck = false;
meta = with lib; { meta = with lib; {

49
hosts/bicep/services/minecraft-heatmap.nix
View File

@@ -1,49 +0,0 @@
{ config, lib, pkgs, ... }:
let
cfg = config.services.minecraft-heatmap;
in
{
sops.secrets."minecraft-heatmap/ssh-key/private" = {
mode = "600";
};
sops.secrets."minecraft-heatmap/postgres-passwd" = {
mode = "600";
};
services.minecraft-heatmap = {
enable = true;
database = {
host = "postgres.pvv.ntnu.no";
port = 5432;
name = "minecraft_heatmap";
user = "minecraft_heatmap";
passwordFile = config.sops.secrets."minecraft-heatmap/postgres-passwd".path;
};
};
systemd.services.minecraft-heatmap-ingest-logs = {
serviceConfig.LoadCredential = [
"sshkey:${config.sops.secrets."minecraft-heatmap/ssh-key/private".path}"
];
preStart = let
knownHostsFile = pkgs.writeText "minecraft-heatmap-known-hosts" ''
innovation.pvv.ntnu.no ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE9O/y5uqcLKCodg2Q+XfZPH/AoUIyBlDhigImU+4+Kn
innovation.pvv.ntnu.no ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQClR9GvWeVPZHudlnFXhGHUX5sGX9nscsOsotnlQ4uVuGsgvRifsVsuDULlAFXwoV1tYp4vnyXlsVtMddpLI5ANOIDcZ4fgDxpfSQmtHKssNpDcfMhFJbfRVyacipjA4osxTxvLox/yjtVt+URjTHUA1MWzEwc26KfiOvWO5tCBTan7doN/4KOyT05GwBxwzUAwUmoGTacIITck2Y9qp4+xFYqehbXqPdBb15hFyd38OCQhtU1hWV2Yi18+hJ4nyjc/g5pr6mW09ULlFghe/BaTUXrTisYC6bMcJZsTDwsvld9581KPvoNZOTQhZPTEQCZZ1h54fe0ZHuveVB3TIHovZyjoUuaf4uiFOjJVaKRB+Ig+Il6r7tMUn9CyHtus/Nd86E0TFBzoKxM0OFu88oaUlDtZVrUJL5En1lGoimajebb1JPxllFN5hqIT+gVyMY6nRzkcfS7ieny/U4rzXY2rfz98selftgh3LsBywwADv65i+mPw1A/1QdND1R6fV4U=
innovation.pvv.ntnu.no ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBNjl3HfsDqmALWCL9uhz9k93RAD2565ndBqUh4N/rvI7MCwEJ6iRCdDev0YzB1Fpg24oriyYoxZRP24ifC2sQf8=
'';
in ''
mkdir -p '${cfg.minecraftLogsDir}'
"${lib.getExe pkgs.rsync}" \
--archive \
--verbose \
--progress \
--no-owner \
--no-group \
--rsh="${pkgs.openssh}/bin/ssh -o UserKnownHostsFile=\"${knownHostsFile}\" -i \"$CREDENTIALS_DIRECTORY\"/sshkey" \
root@innovation.pvv.ntnu.no:/ \
'${cfg.minecraftLogsDir}'/
'';
};
}

46
hosts/bob/configuration.nix Normal file
View File

@@ -0,0 +1,46 @@
{ config, fp, pkgs, values, ... }:
{
imports = [
# Include the results of the hardware scan.
./hardware-configuration.nix
(fp /base)
(fp /misc/metrics-exporters.nix)
./disks.nix
(fp /misc/builder.nix)
];
sops.defaultSopsFile = fp /secrets/bob/bob.yaml;
sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
sops.age.keyFile = "/var/lib/sops-nix/key.txt";
sops.age.generateKey = true;
boot.loader.grub = {
enable = true;
efiSupport = true;
efiInstallAsRemovable = true;
};
networking.hostName = "bob"; # Define your hostname.
systemd.network.networks."30-all" = values.defaultNetworkConfig // {
matchConfig.Name = "en*";
DHCP = "yes";
gateway = [ ];
};
# List packages installed in system profile
environment.systemPackages = with pkgs; [
];
# List services that you want to enable:
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. Its perfectly fine and recommended to leave
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "23.05"; # Did you read the comment?
}

39
hosts/bob/disks.nix Normal file
View File

@@ -0,0 +1,39 @@
# Example to create a bios compatible gpt partition
{ lib, ... }:
{
disko.devices = {
disk.disk1 = {
device = lib.mkDefault "/dev/sda";
type = "disk";
content = {
type = "gpt";
partitions = {
boot = {
name = "boot";
size = "1M";
type = "EF02";
};
esp = {
name = "ESP";
size = "500M";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
};
};
root = {
name = "root";
size = "100%";
content = {
type = "filesystem";
format = "ext4";
mountpoint = "/";
};
};
};
};
};
};
}

24
hosts/lupine/hardware-configuration/lupine-1.nix → hosts/bob/hardware-configuration.nix
View File

@@ -5,36 +5,20 @@
{ {
imports = imports =
[ (modulesPath + "/installer/scan/not-detected.nix") [ (modulesPath + "/profiles/qemu-guest.nix")
]; ];
boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usbhid" "sd_mod" ]; boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "virtio_blk" ];
boot.initrd.kernelModules = [ ]; boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ]; boot.kernelModules = [ ];
boot.extraModulePackages = [ ]; boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "/dev/disk/by-uuid/a949e2e8-d973-4925-83e4-bcd815e65af7";
fsType = "ext4";
};
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/81D6-38D3";
fsType = "vfat";
options = [ "fmask=0077" "dmask=0077" ];
};
swapDevices =
[ { device = "/dev/disk/by-uuid/82c2d7fa-7cd0-4398-8cf6-c892bc56264b"; }
];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's # (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction # still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`. # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true; networking.useDHCP = lib.mkDefault true;
# networking.interfaces.enp0s31f6.useDHCP = lib.mkDefault true; # networking.interfaces.ens3.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
} }

22
hosts/georg/configuration.nix
View File

@@ -8,7 +8,7 @@
(fp /modules/grzegorz.nix) (fp /modules/grzegorz.nix)
]; ];
services.spotifyd.enable = true;
boot.loader.systemd-boot.enable = true; boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true; boot.loader.efi.canTouchEfiVariables = true;
@@ -25,26 +25,6 @@
# List services that you want to enable: # List services that you want to enable:
services.spotifyd = {
enable = true;
settings.global = {
device_name = "georg";
use_mpris = false;
#dbus_type = "system";
#zeroconf_port = 1234;
};
};
networking.firewall.allowedTCPPorts = [
# config.services.spotifyd.settings.zeroconf_port
5353 # spotifyd is its own mDNS service wtf
];
# This value determines the NixOS release from which the default # This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions # settings for stateful data, like file locations and database versions
# on your system were taken. Its perfectly fine and recommended to leave # on your system were taken. Its perfectly fine and recommended to leave

3
hosts/ildkule/services/monitoring/prometheus/default.nix
View File

@@ -2,12 +2,11 @@
stateDir = "/data/monitoring/prometheus"; stateDir = "/data/monitoring/prometheus";
in { in {
imports = [ imports = [
./exim.nix
./gitea.nix ./gitea.nix
./machines.nix
./matrix-synapse.nix ./matrix-synapse.nix
./mysqld.nix ./mysqld.nix
./postgres.nix ./postgres.nix
./machines.nix
]; ];
services.prometheus = { services.prometheus = {

14
hosts/ildkule/services/monitoring/prometheus/exim.nix
View File

@@ -1,14 +0,0 @@
{ ... }:
{
services.prometheus = {
scrapeConfigs = [
{
job_name = "exim";
scrape_interval = "15s";
static_configs = [{
targets = [ "microbel.pvv.ntnu.no:9636" ];
}];
}
];
};
}

85
hosts/ildkule/services/monitoring/prometheus/machines.nix
View File

@@ -1,37 +1,66 @@
{ config, ... }: let { config, ... }: let
cfg = config.services.prometheus; cfg = config.services.prometheus;
mkHostScrapeConfig = name: ports: {
labels.hostname = name;
targets = map (port: "${name}.pvv.ntnu.no:${toString port}") ports;
};
defaultNodeExporterPort = 9100;
defaultSystemdExporterPort = 9101;
defaultNixosExporterPort = 9102;
in { in {
services.prometheus.scrapeConfigs = [{ services.prometheus.scrapeConfigs = [{
job_name = "base_info"; job_name = "base_info";
static_configs = [ static_configs = [
(mkHostScrapeConfig "ildkule" [ cfg.exporters.node.port cfg.exporters.systemd.port defaultNixosExporterPort ]) { labels.hostname = "ildkule";
targets = [
(mkHostScrapeConfig "bekkalokk" [ defaultNodeExporterPort defaultSystemdExporterPort defaultNixosExporterPort ]) "ildkule.pvv.ntnu.no:${toString cfg.exporters.node.port}"
(mkHostScrapeConfig "bicep" [ defaultNodeExporterPort defaultSystemdExporterPort defaultNixosExporterPort ]) "ildkule.pvv.ntnu.no:${toString cfg.exporters.systemd.port}"
(mkHostScrapeConfig "brzeczyszczykiewicz" [ defaultNodeExporterPort defaultSystemdExporterPort defaultNixosExporterPort ]) ];
(mkHostScrapeConfig "georg" [ defaultNodeExporterPort defaultSystemdExporterPort defaultNixosExporterPort ]) }
(mkHostScrapeConfig "kommode" [ defaultNodeExporterPort defaultSystemdExporterPort defaultNixosExporterPort ]) { labels.hostname = "bekkalokk";
(mkHostScrapeConfig "ustetind" [ defaultNodeExporterPort defaultSystemdExporterPort defaultNixosExporterPort ]) targets = [
(mkHostScrapeConfig "wenche" [ defaultNodeExporterPort defaultSystemdExporterPort defaultNixosExporterPort ]) "bekkalokk.pvv.ntnu.no:9100"
"bekkalokk.pvv.ntnu.no:9101"
(mkHostScrapeConfig "lupine-1" [ defaultNodeExporterPort defaultSystemdExporterPort defaultNixosExporterPort ]) ];
# (mkHostScrapeConfig "lupine-2" [ defaultNodeExporterPort defaultSystemdExporterPort ]) }
(mkHostScrapeConfig "lupine-3" [ defaultNodeExporterPort defaultSystemdExporterPort defaultNixosExporterPort ]) { labels.hostname = "kommode";
(mkHostScrapeConfig "lupine-4" [ defaultNodeExporterPort defaultSystemdExporterPort defaultNixosExporterPort ]) targets = [
(mkHostScrapeConfig "lupine-5" [ defaultNodeExporterPort defaultSystemdExporterPort defaultNixosExporterPort ]) "kommode.pvv.ntnu.no:9100"
"kommode.pvv.ntnu.no:9101"
(mkHostScrapeConfig "hildring" [ defaultNodeExporterPort ]) ];
(mkHostScrapeConfig "isvegg" [ defaultNodeExporterPort ]) }
(mkHostScrapeConfig "microbel" [ defaultNodeExporterPort ]) { labels.hostname = "bicep";
targets = [
"bicep.pvv.ntnu.no:9100"
"bicep.pvv.ntnu.no:9101"
];
}
{ labels.hostname = "brzeczyszczykiewicz";
targets = [
"brzeczyszczykiewicz.pvv.ntnu.no:9100"
"brzeczyszczykiewicz.pvv.ntnu.no:9101"
];
}
{ labels.hostname = "georg";
targets = [
"georg.pvv.ntnu.no:9100"
"georg.pvv.ntnu.no:9101"
];
}
{ labels.hostname = "ustetind";
targets = [
"ustetind.pvv.ntnu.no:9100"
"ustetind.pvv.ntnu.no:9101"
];
}
{ labels.hostname = "hildring";
targets = [
"hildring.pvv.ntnu.no:9100"
];
}
{ labels.hostname = "isvegg";
targets = [
"isvegg.pvv.ntnu.no:9100"
];
}
{ labels.hostname = "microbel";
targets = [
"microbel.pvv.ntnu.no:9100"
];
}
]; ];
}]; }];
} }

7
hosts/kommode/services/gitea/customization/default.nix
View File

@@ -3,12 +3,7 @@ let
cfg = config.services.gitea; cfg = config.services.gitea;
in in
{ {
services.gitea-themes = { services.gitea-themes.monokai = pkgs.gitea-theme-monokai;
monokai = pkgs.gitea-theme-monokai;
earl-grey = pkgs.gitea-theme-earl-grey;
pitch-black = pkgs.gitea-theme-pitch-black;
catppuccin = pkgs.gitea-theme-catppuccin;
};
systemd.services.gitea-customization = lib.mkIf cfg.enable { systemd.services.gitea-customization = lib.mkIf cfg.enable {
description = "Install extra customization in gitea's CUSTOM_DIR"; description = "Install extra customization in gitea's CUSTOM_DIR";

60
hosts/kommode/services/gitea/default.nix
View File

@@ -1,4 +1,4 @@
{ config, values, lib, pkgs, unstablePkgs, ... }: { config, values, lib, unstablePkgs, ... }:
let let
cfg = config.services.gitea; cfg = config.services.gitea;
domain = "git.pvv.ntnu.no"; domain = "git.pvv.ntnu.no";
@@ -11,17 +11,15 @@ in {
./web-secret-provider ./web-secret-provider
]; ];
sops.secrets = let sops.secrets = {
defaultConfig = { "gitea/database" = {
owner = "gitea";
group = "gitea";
};
"gitea/email-password" = {
owner = "gitea"; owner = "gitea";
group = "gitea"; group = "gitea";
}; };
in {
"gitea/database" = defaultConfig;
"gitea/email-password" = defaultConfig;
"gitea/lfs-jwt-secret" = defaultConfig;
"gitea/oauth2-jwt-secret" = defaultConfig;
"gitea/secret-key" = defaultConfig;
}; };
services.gitea = { services.gitea = {
@@ -47,15 +45,9 @@ in {
ROOT_URL = "https://${domain}/"; ROOT_URL = "https://${domain}/";
PROTOCOL = "http+unix"; PROTOCOL = "http+unix";
SSH_PORT = sshPort; SSH_PORT = sshPort;
LANDING_PAGE = "explore";
START_SSH_SERVER = true; START_SSH_SERVER = true;
START_LFS_SERVER = true; START_LFS_SERVER = true;
LFS_JWT_SECRET = lib.mkForce ""; LANDING_PAGE = "explore";
LFS_JWT_SECRET_URI = "file:${config.sops.secrets."gitea/lfs-jwt-secret".path}";
};
oauth2 = {
JWT_SECRET = lib.mkForce "";
JWT_SECRET_URI = "file:${config.sops.secrets."gitea/oauth2-jwt-secret".path}";
}; };
"git.timeout" = { "git.timeout" = {
MIGRATE = 3600; MIGRATE = 3600;
@@ -83,10 +75,6 @@ in {
}; };
admin.DEFAULT_EMAIL_NOTIFICATIONS = "onmention"; admin.DEFAULT_EMAIL_NOTIFICATIONS = "onmention";
session.COOKIE_SECURE = true; session.COOKIE_SECURE = true;
security = {
SECRET_KEY = lib.mkForce "";
SECRET_KEY_URI = "file:${config.sops.secrets."gitea/secret-key".path}";
};
database.LOG_SQL = false; database.LOG_SQL = false;
repository = { repository = {
PREFERRED_LICENSES = lib.concatStringsSep "," [ PREFERRED_LICENSES = lib.concatStringsSep "," [
@@ -161,11 +149,6 @@ in {
systemd.services.gitea.serviceConfig.CPUSchedulingPolicy = "batch"; systemd.services.gitea.serviceConfig.CPUSchedulingPolicy = "batch";
systemd.services.gitea.serviceConfig.CacheDirectory = "gitea/repo-archive";
systemd.services.gitea.serviceConfig.BindPaths = [
"%C/gitea/repo-archive:${cfg.stateDir}/data/repo-archive"
];
services.nginx.virtualHosts."${domain}" = { services.nginx.virtualHosts."${domain}" = {
forceSSL = true; forceSSL = true;
enableACME = true; enableACME = true;
@@ -189,31 +172,4 @@ in {
}; };
networking.firewall.allowedTCPPorts = [ sshPort ]; networking.firewall.allowedTCPPorts = [ sshPort ];
systemd.services.gitea-dump = {
serviceConfig.ExecStart = let
args = lib.cli.toGNUCommandLineShell { } {
type = cfg.dump.type;
# This should be declarative on nixos, no need to backup.
skip-custom-dir = true;
# This can be regenerated, no need to backup
skip-index = true;
# Logs are stored in the systemd journal
skip-log = true;
};
in lib.mkForce "${lib.getExe cfg.package} ${args}";
# Only keep n backup files at a time
postStop = let
cu = prog: "'${lib.getExe' pkgs.coreutils prog}'";
backupCount = 3;
in ''
for file in $(${cu "ls"} -t1 '${cfg.dump.backupDir}' | ${cu "sort"} --reverse | ${cu "tail"} -n+${toString (backupCount + 1)}); do
${cu "rm"} "$file"
done
'';
};
} }

4
hosts/kommode/services/gitea/import-users/default.nix
View File

@@ -11,8 +11,7 @@ in
systemd.services.gitea-import-users = lib.mkIf cfg.enable { systemd.services.gitea-import-users = lib.mkIf cfg.enable {
enable = true; enable = true;
preStart=''${pkgs.rsync}/bin/rsync -e "${pkgs.openssh}/bin/ssh -o UserKnownHostsFile=$CREDENTIALS_DIRECTORY/ssh-known-hosts -i $CREDENTIALS_DIRECTORY/sshkey" -a pvv@smtp.pvv.ntnu.no:/etc/passwd /run/gitea-import-users/passwd''; preStart=''${pkgs.rsync}/bin/rsync -e "${pkgs.openssh}/bin/ssh -o UserKnownHostsFile=$CREDENTIALS_DIRECTORY/ssh-known-hosts -i $CREDENTIALS_DIRECTORY/sshkey" -a pvv@smtp.pvv.ntnu.no:/etc/passwd /tmp/passwd-import'';
environment.PASSWD_FILE_PATH = "/run/gitea-import-users/passwd";
serviceConfig = { serviceConfig = {
ExecStart = pkgs.writers.writePython3 "gitea-import-users" { ExecStart = pkgs.writers.writePython3 "gitea-import-users" {
flakeIgnore = [ flakeIgnore = [
@@ -26,7 +25,6 @@ in
]; ];
DynamicUser="yes"; DynamicUser="yes";
EnvironmentFile=config.sops.secrets."gitea/import-user-env".path; EnvironmentFile=config.sops.secrets."gitea/import-user-env".path;
RuntimeDirectory = "gitea-import-users";
}; };
}; };

7
hosts/kommode/services/gitea/import-users/gitea-import-users.py
View File

@@ -17,10 +17,6 @@ GITEA_API_URL = os.getenv('GITEA_API_URL')
if GITEA_API_URL is None: if GITEA_API_URL is None:
GITEA_API_URL = 'https://git.pvv.ntnu.no/api/v1' GITEA_API_URL = 'https://git.pvv.ntnu.no/api/v1'
PASSWD_FILE_PATH = os.getenv('PASSWD_FILE_PATH')
if PASSWD_FILE_PATH is None:
PASSWD_FILE_PATH = '/tmp/passwd-import'
def gitea_list_all_users() -> dict[str, dict[str, any]] | None: def gitea_list_all_users() -> dict[str, dict[str, any]] | None:
r = requests.get( r = requests.get(
@@ -191,8 +187,7 @@ def main():
if existing_users is None: if existing_users is None:
exit(1) exit(1)
print(f"Reading passwd entries from {PASSWD_FILE_PATH}") for username, name in passwd_file_parser("/tmp/passwd-import"):
for username, name in passwd_file_parser(PASSWD_FILE_PATH):
print(f"Processing {username}") print(f"Processing {username}")
add_or_patch_gitea_user(username, name, existing_users) add_or_patch_gitea_user(username, name, existing_users)
for org, team_name in COMMON_USER_TEAMS: for org, team_name in COMMON_USER_TEAMS:

45
hosts/kvernberg/configuration.nix Normal file
View File

@@ -0,0 +1,45 @@
{ config, fp, pkgs, values, ... }:
{
imports = [
# Include the results of the hardware scan.
./hardware-configuration.nix
(fp /base)
(fp /misc/metrics-exporters.nix)
./disks.nix
./services/nginx.nix
./services/pvvvvvv
];
sops.defaultSopsFile = fp /secrets/kvernberg/kvernberg.yaml;
sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
sops.age.keyFile = "/var/lib/sops-nix/key.txt";
sops.age.generateKey = true;
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
networking.hostName = "kvernberg"; # Define your hostname.
systemd.network.networks."30-all" = values.defaultNetworkConfig // {
matchConfig.Name = "en*";
address = with values.hosts.kvernberg; [ (ipv4 + "/25") (ipv6 + "/64") ];
};
# List packages installed in system profile
environment.systemPackages = with pkgs; [
];
# No devices with SMART
services.smartd.enable = false;
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. Its perfectly fine and recommended to leave
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "24.05"; # Did you read the comment?
}

39
hosts/kvernberg/disks.nix Normal file
View File

@@ -0,0 +1,39 @@
# Example to create a bios compatible gpt partition
{ lib, ... }:
{
disko.devices = {
disk.disk1 = {
device = lib.mkDefault "/dev/sda";
type = "disk";
content = {
type = "gpt";
partitions = {
boot = {
name = "boot";
size = "1M";
type = "EF02";
};
esp = {
name = "ESP";
size = "500M";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
};
};
root = {
name = "root";
size = "100%";
content = {
type = "filesystem";
format = "ext4";
mountpoint = "/";
};
};
};
};
};
};
}

18
hosts/lupine/hardware-configuration/lupine-4.nix → hosts/kvernberg/hardware-configuration.nix
View File

@@ -5,30 +5,22 @@
{ {
imports = imports =
[ (modulesPath + "/installer/scan/not-detected.nix") [ (modulesPath + "/profiles/qemu-guest.nix")
]; ];
boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usbhid" "sd_mod" ]; boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod" ];
boot.initrd.kernelModules = [ ]; boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ]; boot.kernelModules = [ ];
boot.extraModulePackages = [ ]; boot.extraModulePackages = [ ];
fileSystems."/" = swapDevices = [ ];
{ device = "/dev/disk/by-uuid/c7bbb293-a0a3-4995-8892-0ec63e8c67dd";
fsType = "ext4";
};
swapDevices =
[ { device = "/dev/disk/by-uuid/a86ffda8-8ecb-42a1-bf9f-926072e90ca5"; }
];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's # (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction # still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`. # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true; networking.useDHCP = lib.mkDefault true;
# networking.interfaces.enp0s31f6.useDHCP = lib.mkDefault true; # networking.interfaces.ens18.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
} }

5
hosts/kvernberg/services/nginx.nix Normal file
View File

@@ -0,0 +1,5 @@
{ config, lib, ... }:
{
services.nginx.enable = true;
}

51
hosts/kvernberg/services/pvvvvvv/bank.nix Normal file
View File

@@ -0,0 +1,51 @@
{ config, lib, pkgs, ... }:
let
cfg = config.services.libeufin.bank;
tcfg = config.services.taler;
inherit (tcfg.settings.taler) CURRENCY;
in {
services.libeufin.bank = {
enable = true;
debug = true;
createLocalDatabase = true;
initialAccounts = [
{ username = "exchange";
password = "exchange";
name = "Exchange";
}
];
settings = {
libeufin-bank = {
WIRE_TYPE = "x-taler-bank";
X_TALER_BANK_PAYTO_HOSTNAME = "bank.kvernberg.pvv.ntnu.no";
BASE_URL = "bank.kvernberg.pvv.ntnu.no/";
ALLOW_REGISTRATION = "yes";
REGISTRATION_BONUS_ENABLED = "yes";
REGISTRATION_BONUS = "${CURRENCY}:500";
DEFAULT_DEBT_LIMIT = "${CURRENCY}:0";
ALLOW_CONVERSION = "no";
ALLOW_EDIT_CASHOUT_PAYTO_URI = "yes";
SUGGESTED_WITHDRAWAL_EXCHANGE = "https://exchange.kvernberg.pvv.ntnu.no/";
inherit CURRENCY;
};
};
};
services.nginx.virtualHosts."bank.kvernberg.pvv.ntnu.no" = {
enableACME = true;
forceSSL = true;
kTLS = true;
locations."/" = {
proxyPass = "http://127.0.0.1:8082";
extraConfig = ''
proxy_read_timeout 300s;
'';
};
};
}

17
hosts/kvernberg/services/pvvvvvv/default.nix Normal file
View File

@@ -0,0 +1,17 @@
{ config, lib, pkgs, ... }:
let
cfg = config.services.taler;
in
{
imports = [
./exchange.nix
./bank.nix
];
services.taler = {
settings = {
taler.CURRENCY = "SCHPENN";
taler.CURRENCY_ROUND_UNIT = "${cfg.settings.taler.CURRENCY}:1";
};
};
}

187
hosts/kvernberg/services/pvvvvvv/exchange.nix Normal file
View File

@@ -0,0 +1,187 @@
{ config, lib, fp, pkgs, ... }:
let
cfg = config.services.taler;
inherit (cfg.settings.taler) CURRENCY;
in {
sops.secrets.exchange-offline-master = {
format = "binary";
sopsFile = fp /secrets/kvernberg/exhange-offline-master.priv;
};
services.taler.exchange = {
enable = true;
debug = true;
denominationConfig = ''
## Old denomination names cannot be used again
# [COIN-${CURRENCY}-k1-1-0]
## NOK Denominations
[coin-${CURRENCY}-nok-1-0]
VALUE = ${CURRENCY}:1
DURATION_WITHDRAW = 7 days
DURATION_SPEND = 1 years
DURATION_LEGAL = 3 years
FEE_WITHDRAW = ${CURRENCY}:0
FEE_DEPOSIT = ${CURRENCY}:0
FEE_REFRESH = ${CURRENCY}:0
FEE_REFUND = ${CURRENCY}:0
RSA_KEYSIZE = 2048
CIPHER = RSA
[coin-${CURRENCY}-nok-5-0]
VALUE = ${CURRENCY}:5
DURATION_WITHDRAW = 7 days
DURATION_SPEND = 1 years
DURATION_LEGAL = 3 years
FEE_WITHDRAW = ${CURRENCY}:0
FEE_DEPOSIT = ${CURRENCY}:0
FEE_REFRESH = ${CURRENCY}:0
FEE_REFUND = ${CURRENCY}:0
RSA_KEYSIZE = 2048
CIPHER = RSA
[coin-${CURRENCY}-nok-10-0]
VALUE = ${CURRENCY}:10
DURATION_WITHDRAW = 7 days
DURATION_SPEND = 1 years
DURATION_LEGAL = 3 years
FEE_WITHDRAW = ${CURRENCY}:0
FEE_DEPOSIT = ${CURRENCY}:0
FEE_REFRESH = ${CURRENCY}:0
FEE_REFUND = ${CURRENCY}:0
RSA_KEYSIZE = 2048
CIPHER = RSA
[coin-${CURRENCY}-nok-20-0]
VALUE = ${CURRENCY}:20
DURATION_WITHDRAW = 7 days
DURATION_SPEND = 1 years
DURATION_LEGAL = 3 years
FEE_WITHDRAW = ${CURRENCY}:0
FEE_DEPOSIT = ${CURRENCY}:0
FEE_REFRESH = ${CURRENCY}:0
FEE_REFUND = ${CURRENCY}:0
RSA_KEYSIZE = 2048
CIPHER = RSA
[coin-${CURRENCY}-nok-50-0]
VALUE = ${CURRENCY}:50
DURATION_WITHDRAW = 7 days
DURATION_SPEND = 1 years
DURATION_LEGAL = 3 years
FEE_WITHDRAW = ${CURRENCY}:0
FEE_DEPOSIT = ${CURRENCY}:0
FEE_REFRESH = ${CURRENCY}:0
FEE_REFUND = ${CURRENCY}:0
RSA_KEYSIZE = 2048
CIPHER = RSA
[coin-${CURRENCY}-nok-100-0]
VALUE = ${CURRENCY}:100
DURATION_WITHDRAW = 7 days
DURATION_SPEND = 1 years
DURATION_LEGAL = 3 years
FEE_WITHDRAW = ${CURRENCY}:0
FEE_DEPOSIT = ${CURRENCY}:0
FEE_REFRESH = ${CURRENCY}:0
FEE_REFUND = ${CURRENCY}:0
RSA_KEYSIZE = 2048
CIPHER = RSA
[coin-${CURRENCY}-nok-200-0]
VALUE = ${CURRENCY}:200
DURATION_WITHDRAW = 7 days
DURATION_SPEND = 1 years
DURATION_LEGAL = 3 years
FEE_WITHDRAW = ${CURRENCY}:0
FEE_DEPOSIT = ${CURRENCY}:0
FEE_REFRESH = ${CURRENCY}:0
FEE_REFUND = ${CURRENCY}:0
RSA_KEYSIZE = 2048
CIPHER = RSA
[coin-${CURRENCY}-nok-500-0]
VALUE = ${CURRENCY}:500
DURATION_WITHDRAW = 7 days
DURATION_SPEND = 1 years
DURATION_LEGAL = 3 years
FEE_WITHDRAW = ${CURRENCY}:0
FEE_DEPOSIT = ${CURRENCY}:0
FEE_REFRESH = ${CURRENCY}:0
FEE_REFUND = ${CURRENCY}:0
RSA_KEYSIZE = 2048
CIPHER = RSA
[coin-${CURRENCY}-nok-1000-0]
VALUE = ${CURRENCY}:1000
DURATION_WITHDRAW = 7 days
DURATION_SPEND = 1 years
DURATION_LEGAL = 3 years
FEE_WITHDRAW = ${CURRENCY}:0
FEE_DEPOSIT = ${CURRENCY}:0
FEE_REFRESH = ${CURRENCY}:0
FEE_REFUND = ${CURRENCY}:0
RSA_KEYSIZE = 2048
CIPHER = RSA
## PVV Special Prices
# 2024 pizza egenandel
[coin-${CURRENCY}-pvv-64-0]
VALUE = ${CURRENCY}:64
DURATION_WITHDRAW = 7 days
DURATION_SPEND = 1 years
DURATION_LEGAL = 3 years
FEE_WITHDRAW = ${CURRENCY}:0
FEE_DEPOSIT = ${CURRENCY}:0
FEE_REFRESH = ${CURRENCY}:0
FEE_REFUND = ${CURRENCY}:0
RSA_KEYSIZE = 2048
CIPHER = RSA
'';
settings = {
exchange = {
inherit (config.services.taler.settings.taler) CURRENCY CURRENCY_ROUND_UNIT;
MASTER_PUBLIC_KEY = "J331T37C8E58P9CVE686P1JFH11DWSRJ3RE4GVDTXKES9M24ERZG";
BASE_URL = "https://exchange.kvernberg.pvv.ntnu.no/";
TERMS_DIR = "${./terms}";
TERMS_ETAG = "0";
ENABLE_KYC = "NO";
};
exchange-offline = {
MASTER_PRIV_FILE = config.sops.secrets.exchange-offline-master.path;
};
exchange-account-test = {
PAYTO_URI = "payto://x-taler-bank/bank.kvernberg.pvv.ntnu.no/exchange?receiver-name=Exchange";
ENABLE_DEBIT = "YES";
ENABLE_CREDIT = "YES";
};
exchange-accountcredentials-test = {
WIRE_GATEWAY_URL = "https://bank.kvernberg.pvv.ntnu.no/accounts/exchange/taler-wire-gateway/";
WIRE_GATEWAY_AUTH_METHOD = "BASIC";
USERNAME = "exchange";
PASSWORD = "exchange";
};
"currency-${CURRENCY}" = {
ENABLED = "YES";
CODE = "SCHPENN";
NAME = "SCHPENN";
FRACTIONAL_NORMAL_DIGITS = 0;
FRACTIONAL_INPUT_DIGITS = 0;
FRACTIONAL_TRAILING_ZERO_DIGITS = 0;
ALT_UNIT_NAMES = "{\"0\": \"S\"}";
};
};
};
services.nginx.virtualHosts."exchange.kvernberg.pvv.ntnu.no" = {
enableACME = true;
forceSSL = true;
kTLS = true;
locations."/" = {
proxyPass = "http://127.0.0.1:8081";
extraConfig = ''
proxy_read_timeout 300s;
'';
};
};
}

147
hosts/kvernberg/services/pvvvvvv/terms/en/0.txt Normal file
View File

@@ -0,0 +1,147 @@
Terms of Service
================
Last update: 19.11.2024
----------------------
Welcome! A subset of PVVers who cares about Dibbler (“we,” “our,” or “us”) provides a experimental payment service
through our Internet presence (collectively the “Services”). Before using our
Services, please read the Terms of Service (the “Terms” or the “Agreement”)
carefully.
Overview
--------
This section provides a brief summary of the highlights of this
Agreement. Please note that when you accept this Agreement, you are accepting
all of the terms and conditions and not just this section. We and possibly
other third parties provide Internet services which interact with the Taler
Wallets self-hosted personal payment application. When using the Taler Wallet
to interact with our Services, you are agreeing to our Terms, so please read
carefully.
Research
----------
This is research, any dibbler credits sent to the dibbler account could be lost at any time.
We would make an effort to send the credits back to their canonical owners, but this may be difficult.
We make no guarantees on the state of this. The dibbler economy is totally unsecured, and so are these services!
Usage is wholly on your own risk.
Highlights:
-----------
* You are responsible for keeping the data in your Taler Wallet at all times under your control. Any losses arising from you not being in control of your private information are your problem.
* For our Services, we may charge transaction fees. The specific fee structure is provided based on the Taler protocol and should be shown to you when you withdraw electronic coins using a Taler Wallet. You agree and understand that the Taler protocol allows for the fee structure to change.
* You agree to not intentionally overwhelm our systems with requests and follow responsible disclosure if you find security issues in our services.
* We cannot be held accountable for our Services not being available due to circumstances beyond our control. If we modify or terminate our services, we will try to give you the opportunity to recover your funds. However, given the experimental state of the Services today, this may not be possible. You are strongly advised to limit your use of the Service to small-scale experiments expecting total loss of all funds.
These terms outline approved uses of our Services. The Services and these
Terms are still at an experimental stage. If you have any questions or
comments related to this Agreement, please send us a message on IRC, or on our Matrix server.
If you do not agree to this Agreement, you must not use our Services.
How you accept this policy
--------------------------
By sending funds to us (to top-up your Taler Wallet), you acknowledge that you
have read, understood, and agreed to these Terms. We reserve the right to
change these Terms at any time. If you disagree with the change, we may in the
future offer you with an easy option to recover your unspent funds. However,
in the current experimental period you acknowledge that this feature is not
yet available, resulting in your funds being lost unless you accept the new
Terms. If you continue to use our Services other than to recover your unspent
funds, your continued use of our Services following any such change will
signify your acceptance to be bound by the then current Terms. Please check
the effective date above to determine if there have been any changes since you
have last reviewed these Terms.
Services
--------
We will try to transfer funds that we hold in escrow for our users to any
legal recipient to the best of our ability and within the limitations of the
law and our implementation. However, the Services offered today are highly
experimental and the set of recipients of funds is severely restricted. The
Taler Wallet can be loaded by exchanging ordinary dibbler credit for electronic
coins. We are providing this exchange service. Once your Taler Wallet is
loaded with electronic coins they can be spent for purchases if the seller is
accepting Taler as a means of payment. We are not guaranteeing that any seller
is accepting Taler at all or a particular seller. The seller or recipient of
deposits of electronic coins must specify the target account, as per the
design of the Taler protocol. They are responsible for following the protocol
and specifying the correct dibbler account, and are solely liable for any losses
that may arise from specifying the wrong account. We will allow the government
to link wire transfers to the underlying contract hash. It is the
responsibility of recipients to preserve the full contracts and to pay
whatever taxes and charges may be applicable. Technical issues may lead to
situations where we are unable to make transfers at all or lead to incorrect
transfers that cannot be reversed. We will only refuse to execute transfers if
the transfers are prohibited by a competent legal authority and we are ordered
to do so.
When using our Services, you agree to not take any action that intentionally
imposes an unreasonable load on our infrastructure. If you find security
problems in our Services, you agree to first report them to
security@taler-systems.com and grant us the right to publish your report. We
warrant that we will ourselves publicly disclose any issues reported within 3
months, and that we will not prosecute anyone reporting security issues if
they did not exploit the issue beyond a proof-of-concept, and followed the
above responsible disclosure practice.
Fees
----
You agree to pay the fees for exchanges and withdrawals completed via the
Taler Wallet ("Fees") as defined by us, which we may change from time to
time.
Copyrights and trademarks
-------------------------
The Taler Wallet is released under the terms of the GNU General Public License
(GNU GPL). You have the right to access, use, and share the Taler Wallet, in
modified or unmodified form. However, the GPL is a strong copyleft license,
which means that any derivative works must be distributed under the same
license terms as the original software. If you have any questions, you should
review the GNU GPLs full terms and conditions on the GNU GPL Licenses page
(https://www.gnu.org/licenses/). “Taler” itself is a trademark
of Taler Systems SA. You are welcome to use the name in relation to processing
payments based on the Taler protocol, assuming your use is compatible with an
official release from the GNU Project that is not older than two years.
Discontinuance of services and Force majeure
--------------------------------------------
We may, in our sole discretion and without cost to you, with or without prior
notice, and at any time, modify or discontinue, temporarily or permanently,
any portion of our Services. We will use the Taler protocols provisions to
notify Wallets if our Services are to be discontinued. It is your
responsibility to ensure that the Taler Wallet is online at least once every
three months to observe these notifications. We shall not be held responsible
or liable for any loss of funds in the event that we discontinue or depreciate
the Services and your Taler Wallet fails to transfer out the coins within a
three months notification period.
We shall not be held liable for any delays, failure in performance, or
interruptions of service which result directly or indirectly from any cause or
condition beyond our reasonable control, including but not limited to: any
delay or failure due to any act of God, act of civil or military authorities,
act of terrorism, civil disturbance, war, strike or other labor dispute, fire,
interruption in telecommunications or Internet services or network provider
services, failure of equipment and/or software, other catastrophe, or any
other occurrence which is beyond our reasonable control and shall not affect
the validity and enforceability of any remaining provisions.
Questions or comments
---------------------
We welcome comments, questions, concerns, or suggestions. Please send us a
message via the usual communication channels at PVV

35
hosts/lupine/configuration.nix
View File

@@ -1,35 +0,0 @@
{ fp, values, lupineName, ... }:
{
imports = [
./hardware-configuration/${lupineName}.nix
(fp /base)
(fp /misc/metrics-exporters.nix)
./services/gitea-runner.nix
];
sops.defaultSopsFile = fp /secrets/lupine/lupine.yaml;
sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
sops.age.keyFile = "/var/lib/sops-nix/key.txt";
sops.age.generateKey = true;
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
systemd.network.networks."30-enp0s31f6" = values.defaultNetworkConfig // {
matchConfig.Name = "enp0s31f6";
address = with values.hosts.${lupineName}; [ (ipv4 + "/25") (ipv6 + "/64") ];
networkConfig.LLDP = false;
};
systemd.network.wait-online = {
anyInterface = true;
};
# There are no smart devices
services.smartd.enable = false;
# Do not change, even during upgrades.
# See https://search.nixos.org/options?show=system.stateVersion
system.stateVersion = "25.05";
}

40
hosts/lupine/hardware-configuration/lupine-2.nix
View File

@@ -1,40 +0,0 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usbhid" "sd_mod" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "/dev/disk/by-uuid/aa81d439-800b-403d-ac10-9d2aac3619d0";
fsType = "ext4";
};
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/4A34-6AE5";
fsType = "vfat";
options = [ "fmask=0077" "dmask=0077" ];
};
swapDevices =
[ { device = "/dev/disk/by-uuid/efb7cd0c-c1ae-4a86-8bc2-8e7fd0066650"; }
];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.enp0s31f6.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

40
hosts/lupine/hardware-configuration/lupine-3.nix
View File

@@ -1,40 +0,0 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usbhid" "sd_mod" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "/dev/disk/by-uuid/39ba059b-3205-4701-a832-e72c0122cb88";
fsType = "ext4";
};
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/63FA-297B";
fsType = "vfat";
options = [ "fmask=0077" "dmask=0077" ];
};
swapDevices =
[ { device = "/dev/disk/by-uuid/9c72eb54-ea8c-4b09-808a-8be9b9a33869"; }
];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.enp0s31f6.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

40
hosts/lupine/hardware-configuration/lupine-5.nix
View File

@@ -1,40 +0,0 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usbhid" "sd_mod" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "/dev/disk/by-uuid/5f8418ad-8ec1-4f9e-939e-f3a4c36ef343";
fsType = "ext4";
};
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/F372-37DF";
fsType = "vfat";
options = [ "fmask=0077" "dmask=0077" ];
};
swapDevices =
[ { device = "/dev/disk/by-uuid/27bf292d-bbb3-48c4-a86e-456e0f1f648f"; }
];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.enp0s31f6.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

71
hosts/lupine/services/gitea-runner.nix
View File

@@ -1,71 +0,0 @@
{ config, lupineName, ... }:
{
# This is unfortunately state, and has to be generated one at a time :(
# To do that, comment out all except one of the runners, fill in its token
# inside the sops file, rebuild the system, and only after this runner has
# successfully registered will gitea give you the next token.
# - oysteikt Sep 2023
sops = {
secrets."gitea/runners/token" = {
key = "gitea/runners/${lupineName}";
};
templates."gitea-runner-envfile" = {
restartUnits = [
"gitea-runner-${lupineName}.service"
];
content = ''
TOKEN="${config.sops.placeholder."gitea/runners/token"}"
'';
};
};
services.gitea-actions-runner.instances = {
${lupineName} = {
enable = true;
name = "git-runner-${lupineName}";
url = "https://git.pvv.ntnu.no";
# NOTE: gitea actions runners need node inside their docker images,
# so we are a bit limited here.
labels = [
"debian-latest:docker://node:current-trixie"
"debian-trixie:docker://node:current-trixie"
"debian-bookworm:docker://node:current-bookworm"
"debian-bullseye:docker://node:current-bullseye"
"debian-latest-slim:docker://node:current-trixie-slim"
"debian-trixie-slim:docker://node:current-trixie-slim"
"debian-bookworm-slim:docker://node:current-bookworm-slim"
"debian-bullseye-slim:docker://node:current-bullseye-slim"
"alpine-latest:docker://node:current-alpine"
"alpine-3.22:docker://node:current-alpine3.22"
"alpine-3.21:docker://node:current-alpine3.21"
# See https://gitea.com/gitea/runner-images
"ubuntu-latest:docker://docker.gitea.com/runner-images:ubuntu-latest"
"ubuntu-24.04:docker://docker.gitea.com/runner-images:ubuntu-24.04"
"ubuntu-noble:docker://docker.gitea.com/runner-images:ubuntu-24.04"
"ubuntu-22.04:docker://docker.gitea.com/runner-images:ubuntu-22.04"
"ubuntu-jammy:docker://docker.gitea.com/runner-images:ubuntu-22.04"
"ubuntu-latest-slim:docker://docker.gitea.com/runner-images:ubuntu-latest-slim"
"ubuntu-24.04-slim:docker://docker.gitea.com/runner-images:ubuntu-24.04-slim"
"ubuntu-noble-slim:docker://docker.gitea.com/runner-images:ubuntu-24.04-slim"
"ubuntu-22.04-slim:docker://docker.gitea.com/runner-images:ubuntu-22.04-slim"
"ubuntu-jammy-slim:docker://docker.gitea.com/runner-images:ubuntu-22.04-slim"
];
tokenFile = config.sops.templates."gitea-runner-envfile".path;
};
};
virtualisation.podman = {
enable = true;
defaultNetwork.settings.dns_enabled = true;
autoPrune.enable = true;
};
networking.dhcpcd.IPv6rs = false;
networking.firewall.interfaces."podman+".allowedUDPPorts = [53 5353];
}

57
justfile
View File

@@ -1,56 +1,25 @@
set positional-arguments # makes variables accesible as $1 $2 $@
export GUM_FILTER_HEIGHT := "15" export GUM_FILTER_HEIGHT := "15"
nom := `if [[ -t 1 ]] && command -v nom >/dev/null; then echo nom; else echo nix; fi` nom := `if command -v nom >/dev/null; then echo nom; else echo nix; fi`
nix_eval_opts := "--log-format raw --option warn-dirty false"
@_default: @_default:
just "$(gum choose --ordered --header "Pick a recipie..." $(just --summary --unsorted))" just "$(gum choose --ordered --header "Pick a recipie..." $(just --summary --unsorted))"
check *_: check:
nix flake check --keep-going "$@" nix flake check --keep-going
build-machine machine=`just _a_machine` *_: build-machine machine=`just _a_machine`:
{{nom}} build .#nixosConfigurations.{{ machine }}.config.system.build.toplevel "${@:2}" {{nom}} build .#nixosConfigurations.{{ machine }}.config.system.build.toplevel
run-vm machine=`just _a_machine` *_: run-vm machine=`just _a_machine`:
nixos-rebuild build-vm --flake .#{{ machine }} "${@:2}" nixos-rebuild build-vm --flake .#{{ machine }}
QEMU_NET_OPTS="hostfwd=tcp::8080-:80,hostfwd=tcp::8081-:443,hostfwd=tcp::2222-:22" ./result/bin/run-*-vm QEMU_NET_OPTS="hostfwd=tcp::8080-:80,hostfwd=tcp::8081-:443,hostfwd=tcp::2222-:22" ./result/bin/run-*-vm
@update-inputs *_: @update-inputs:
@git reset flake.lock nix eval .#inputs --apply builtins.attrNames --json \
@git restore flake.lock | jq '.[]' -r \
nix eval {{nix_eval_opts}} --file flake.nix --apply 'x: builtins.attrNames x.inputs' --json \ | gum choose --no-limit --height=15 \
| { printf "%s\n" --commit-lock-file; jq '.[]' -r | grep -vxF "self" ||:; } \ | xargs -L 1 nix flake lock --update-input
| gum choose --no-limit --header "Choose extra arguments:" \
| tee >(xargs -d'\n' echo + nix flake update "$@" >&2) \
| xargs -d'\n' nix flake update "$@"
@repl $machine=`just _a_machine` *_:
set -v; nixos-rebuild --flake .#"$machine" repl "${@:2}"
@eval $machine=`just _a_machine` $attrpath="system.build.toplevel.outPath" *_:
set -v; nix eval {{nix_eval_opts}} ".#nixosConfigurations.\"$machine\".config.$attrpath" --show-trace "${@:3}"
@eval-vm $machine=`just _a_machine` $attrpath="system.build.toplevel.outPath" *_:
just eval "$machine" "virtualisation.vmVariant.$attrpath" "${@:3}"
# helpers
[no-exit-message]
_a_machine: _a_machine:
#!/usr/bin/env -S sh -euo pipefail nix eval .#nixosConfigurations --apply builtins.attrNames --json | jq .[] -r | gum filter
machines="$(
nix eval {{nix_eval_opts}} .#nixosConfigurations --apply builtins.attrNames --json | jq .[] -r
)"
[ -n "$machines" ] || { echo >&2 "ERROR: no machines found"; false; }
if [ -s .direnv/vars/last-machine.txt ]; then
machines="$(
grep <<<"$machines" -xF "$(cat .direnv/vars/last-machine.txt)" ||:
grep <<<"$machines" -xFv "$(cat .direnv/vars/last-machine.txt)" ||:
)"
fi
choice="$(gum filter <<<"$machines")"
mkdir -p .direnv/vars
cat <<<"$choice" >.direnv/vars/last-machine.txt
cat <<<"$choice"

61
keys/oysteikt.pub
View File

@@ -26,40 +26,29 @@ eJAiipB0QOH9SEa5Io6BSiqsBQJmqp4CBQkFpUs7AIF2IAQZFgoAHRYhBPPNqGzF
Wp8Q16BpgZ8vfYJQ81FGBQJi5oZHAAoJEJ8vfYJQ81FGFZgBALN+Rh4m323TaM5z Wp8Q16BpgZ8vfYJQ81FGBQJi5oZHAAoJEJ8vfYJQ81FGFZgBALN+Rh4m323TaM5z
dJfCTV7V0aP3J0RdKmtKvz/Y9a7uAP4oP8UlbM9ucyG252gZ8IjM0VprNzP9CpNl dJfCTV7V0aP3J0RdKmtKvz/Y9a7uAP4oP8UlbM9ucyG252gZ8IjM0VprNzP9CpNl
4GzpD4CRDgkQRrkijoFKKqwYoQEAz0D3G/dD6DBYBf7p6pGYqXd2X0Dv8nmnalol 4GzpD4CRDgkQRrkijoFKKqwYoQEAz0D3G/dD6DBYBf7p6pGYqXd2X0Dv8nmnalol
Z6SxfUMA/jT/XjPh7c4Ui8nZO7XDzYWrbV/eZwGMd1zXq2mU42MLiPUEGBYKACYC Z6SxfUMA/jT/XjPh7c4Ui8nZO7XDzYWrbV/eZwGMd1zXq2mU42MLuQINBGLmhnoB
GwIWIQT303iQIoqQdEDh/UhGuSKOgUoqrAUCaI6lzgUJCWqGhwCBdiAEGRYKAB0W EADa1yBK0NKxVIto3hSh21hooYpWcEXWqMPXHO34rcAhktVFOOHIl2bFGScQAZXt
IQTzzahsxVqfENegaYGfL32CUPNRRgUCYuaGRwAKCRCfL32CUPNRRhWYAQCzfkYe jAcqUmMyC+PMs1DZoocFk+9PJt17hAa/s6CRrw8vK+1fVqhj0XOLtevGV9iC6IRv
Jt9t02jOc3SXwk1e1dGj9ydEXSprSr8/2PWu7gD+KD/FJWzPbnMhtudoGfCIzNFa hPxzTsOaeOssgMGIU8xDmMKT2nGHGNUkqOXGld63E3NKsK3lnl+BCdpJ0f3GEB7a
azcz/QqTZeBs6Q+AkQ4JEEa5Io6BSiqsCG0BALDNFlploZWjQ0Xn3B9fd+1sTUmY SQ+pk6k1uzODXX/mhAUJmL1MkVZ6jJA3vhsre0Kfa9p+C5mP4hLJ6jF+oESvA4HC
+e0s95lEY7XqVkF2AQCkKzMd2mHsymyVtY32bSsZ0iJxHTmxomS0uQ/TGIugB7kC +LuCSGm66gIDMC39jnLo6hwYEEjfPXD7CUAN4S2eISSFd+ZclN2vYcrKYgsCZS0h
DQRi5oZ6ARAA2tcgStDSsVSLaN4UodtYaKGKVnBF1qjD1xzt+K3AIZLVRTjhyJdm BFOgDhKKCHBuMwP12AIM8y8L64/eOWFpR7s2StAPjjYbZeZECHLWZt1zGVvkS7Xp
xRknEAGV7YwHKlJjMgvjzLNQ2aKHBZPvTybde4QGv7Ogka8PLyvtX1aoY9Fzi7Xr 6lsAg6/T8EysKG7vTl2Qq9W0BmzNgk2ODTZkhv0gqqXppdr8eRiq+h0qMfJptG0G
xlfYguiEb4T8c07DmnjrLIDBiFPMQ5jCk9pxhxjVJKjlxpXetxNzSrCt5Z5fgQna ycOvqb9PoEO2dfNCjjII8VfaSGfSEYo8UwsqYTtfgdoNnFCXKd1r7QmvrdbNsFDR
SdH9xhAe2kkPqZOpNbszg11/5oQFCZi9TJFWeoyQN74bK3tCn2vafguZj+ISyeox mkv+wWJoipwUaVquyb2KN652jSlpwMECW6fSEsT/5C3mJLgAmi6l6yosw6HdIY6j
fqBErwOBwvi7gkhpuuoCAzAt/Y5y6OocGBBI3z1w+wlADeEtniEkhXfmXJTdr2HK gpCGtxnHW2zReIS6ezZdtxYBCkEHK70yASyaIHrLLDknw+DuKvXAWOAecob8GNBH
ymILAmUtIQRToA4SighwbjMD9dgCDPMvC+uP3jlhaUe7NkrQD442G2XmRAhy1mbd OjXZe3LzBt2rVgOCRa+W7milNgjUCsz+R3rM8XfR+wNEGwARAQABiH4EGBYKACYW
cxlb5Eu16epbAIOv0/BMrChu705dkKvVtAZszYJNjg02ZIb9IKql6aXa/HkYqvod IQT303iQIoqQdEDh/UhGuSKOgUoqrAUCYuaGegIbDAUJA8JnAAAKCRBGuSKOgUoq
KjHyabRtBsnDr6m/T6BDtnXzQo4yCPFX2khn0hGKPFMLKmE7X4HaDZxQlynda+0J rDE0AQDBxRsmW9L60mxGCp1CpNWBXD2T6D605PlNiNCcM+cOCgD/c2OitSSG50M0
r63WzbBQ0ZpL/sFiaIqcFGlarsm9ijeudo0pacDBAlun0hLE/+Qt5iS4AJoupesq YRbyh1LPYL6YQePL0dQkYsjm6XVmrAKIfgQYFgoAJgIbDBYhBPfTeJAiipB0QOH9
LMOh3SGOo4KQhrcZx1ts0XiEuns2XbcWAQpBByu9MgEsmiB6yyw5J8Pg7ir1wFjg SEa5Io6BSiqsBQJmqp4FBQkFpUsIAAoJEEa5Io6BSiqsydsA/ihBulpSSLg4B9pJ
HnKG/BjQRzo12Xty8wbdq1YDgkWvlu5opTYI1ArM/kd6zPF30fsDRBsAEQEAAYh+ sffqphMht7yT3Dnz57iexUEgj3jBAQDedI+gwpZlMjV6IdH/Epz244j82Ta04cqk
BBgWCgAmFiEE99N4kCKKkHRA4f1IRrkijoFKKqwFAmLmhnoCGwwFCQPCZwAACgkQ SOz2Y63LBrgzBGLmhsUWCSsGAQQB2kcPAQEHQFg/avgj0sZbxqL58tZEpcaieeL1
RrkijoFKKqwxNAEAwcUbJlvS+tJsRgqdQqTVgVw9k+g+tOT5TYjQnDPnDgoA/3Nj OWOoVU3mZX/K7GU+iH4EGBYKACYWIQT303iQIoqQdEDh/UhGuSKOgUoqrAUCYuaG
orUkhudDNGEW8odSz2C+mEHjy9HUJGLI5ul1ZqwCiH4EGBYKACYCGwwWIQT303iQ xQIbIAUJA8JnAAAKCRBGuSKOgUoqrN5jAP96aO0MEPQSIKdLaa9+ilpPp+glJ9du
IoqQdEDh/UhGuSKOgUoqrAUCZqqeBQUJBaVLCAAKCRBGuSKOgUoqrMnbAP4oQbpa IJ7zdR0U15tONAEA0WqeRc8Jhv10UjIz/Q3UlcfvKPzVW6yVKo+Lg1FI2QSIfgQY
Uki4OAfaSbH36qYTIbe8k9w58+e4nsVBII94wQEA3nSPoMKWZTI1eiHR/xKc9uOI FgoAJgIbIBYhBPfTeJAiipB0QOH9SEa5Io6BSiqsBQJmqp4GBQkFpUq9AAoJEEa5
/Nk2tOHKpEjs9mOtywaIfgQYFgoAJgIbDBYhBPfTeJAiipB0QOH9SEa5Io6BSiqs Io6BSiqsjF0BAJn0EBEJfszskYiZzMshFHW5k0QUF+Ak3JNh2UG+M6FJAQCQVY/l
BQJojqXOBQkJaoZUAAoJEEa5Io6BSiqsiXkBAJ0JTRmdQQpEK9KSh8V7FEkblIsm DkrvOytuFnKbkDrCaTrtLh/JAmBXpSERIejmDw==
Ngko2cs+OhNSUgW9AQD0a7FHM3Dx32a7yD0zE3QwWi5VgeZZVIPyhItrOaANDbgz =7cFp
BGLmhsUWCSsGAQQB2kcPAQEHQFg/avgj0sZbxqL58tZEpcaieeL1OWOoVU3mZX/K
7GU+iH4EGBYKACYWIQT303iQIoqQdEDh/UhGuSKOgUoqrAUCYuaGxQIbIAUJA8Jn
AAAKCRBGuSKOgUoqrN5jAP96aO0MEPQSIKdLaa9+ilpPp+glJ9duIJ7zdR0U15tO
NAEA0WqeRc8Jhv10UjIz/Q3UlcfvKPzVW6yVKo+Lg1FI2QSIfgQYFgoAJgIbIBYh
BPfTeJAiipB0QOH9SEa5Io6BSiqsBQJmqp4GBQkFpUq9AAoJEEa5Io6BSiqsjF0B
AJn0EBEJfszskYiZzMshFHW5k0QUF+Ak3JNh2UG+M6FJAQCQVY/lDkrvOytuFnKb
kDrCaTrtLh/JAmBXpSERIejmD4h+BBgWCgAmAhsgFiEE99N4kCKKkHRA4f1IRrki
joFKKqwFAmiOpc4FCQlqhgkACgkQRrkijoFKKqwSMAD/bbO/uwwdFEJVgcNRexZU
6aoSxAGI1vjS92hSyfxZ9AABAK8KYO8sBGGCiVu+vWUpoUYmp3lfYTJHtf+36WMc
D5MD
=Gubf
-----END PGP PUBLIC KEY BLOCK----- -----END PGP PUBLIC KEY BLOCK-----

13
modules/grzegorz.nix
View File

@@ -1,4 +1,4 @@
{ config, lib, pkgs, unstablePkgs, ... }: {config, lib, pkgs, ...}:
let let
grg = config.services.greg-ng; grg = config.services.greg-ng;
grgw = config.services.grzegorz-webui; grgw = config.services.grzegorz-webui;
@@ -11,8 +11,6 @@ in {
settings.port = 31337; settings.port = 31337;
enableSway = true; enableSway = true;
enablePipewire = true; enablePipewire = true;
mpvPackage = unstablePkgs.mpv;
}; };
systemd.user.services.restart-greg-ng = { systemd.user.services.restart-greg-ng = {
@@ -48,15 +46,6 @@ in {
allow 2001:700:300:1900::/64; allow 2001:700:300:1900::/64;
deny all; deny all;
''; '';
locations."/docs" = {
proxyPass = "http://${grg.settings.host}:${toString grg.settings.port}";
};
locations."/api" = {
proxyPass = "http://${grg.settings.host}:${toString grg.settings.port}";
proxyWebsockets = true;
};
}; };
"${machine}-backend.pvv.ntnu.no" = { "${machine}-backend.pvv.ntnu.no" = {

211
modules/matrix-ooye.nix
View File

@@ -1,211 +0,0 @@
# Original from: https://cgit.rory.gay/nix/OOYE-module.git/
{
config,
lib,
pkgs,
...
}:
let
cfg = config.services.matrix-ooye;
mkStringOption =
name: default:
lib.mkOption {
type = lib.types.str;
default = default;
};
in
{
options = {
services.matrix-ooye = {
enable = lib.mkEnableOption "Enable OOYE service";
package = lib.mkOption {
type = lib.types.package;
default = pkgs.out-of-your-element;
};
appserviceId = mkStringOption "The ID of the appservice." "ooye";
homeserver = mkStringOption "The homeserver to connect to." "http://localhost:8006";
homeserverName = mkStringOption "The name of the homeserver to connect to." "localhost";
namespace = mkStringOption "The prefix to use for the MXIDs/aliases of bridged users/rooms. Should end with a _!" "_ooye_";
discordTokenPath = mkStringOption "The path to the discord token file." "/etc/ooye-discord-token";
discordClientSecretPath = mkStringOption "The path to the discord token file." "/etc/ooye-discord-client-secret";
socket = mkStringOption "The socket to listen on, can either be a port number or a unix socket path." "6693";
bridgeOrigin = mkStringOption "The web frontend URL for the bridge, defaults to http://localhost:{socket}" "";
enableSynapseIntegration = lib.mkEnableOption "Enable Synapse integration";
};
};
config = lib.mkIf cfg.enable (
let
baseConfig = pkgs.writeText "matrix-ooye-config.json" (
builtins.toJSON {
id = cfg.appserviceId;
namespaces = {
users = [
{
exclusive = true;
regex = "@${cfg.namespace}.*:${cfg.homeserverName}";
}
];
aliases = [
{
exclusive = true;
regex = "#${cfg.namespace}.*:${cfg.homeserverName}";
}
];
};
protocols = [ "discord" ];
sender_localpart = "${cfg.namespace}bot";
rate_limited = false;
socket = cfg.socket; # Can either be a TCP port or a unix socket path
url = if (lib.hasPrefix "/" cfg.socket) then "unix:${cfg.socket}" else "http://localhost:${cfg.socket}";
ooye = {
server_name = cfg.homeserverName;
namespace_prefix = cfg.namespace;
max_file_size = 5000000;
content_length_workaround = false;
include_user_id_in_mxid = true;
server_origin = cfg.homeserver;
bridge_origin = if (cfg.bridgeOrigin == "") then "http://localhost:${cfg.socket}" else cfg.bridgeOrigin;
};
}
);
script = pkgs.writeScript "matrix-ooye-pre-start.sh" ''
#!${lib.getExe pkgs.bash}
REGISTRATION_FILE=registration.yaml
id
echo "Before if statement"
stat ''${REGISTRATION_FILE}
if [[ ! -f ''${REGISTRATION_FILE} ]]; then
echo "No registration file found at '$REGISTRATION_FILE'"
cp --no-preserve=mode,ownership ${baseConfig} ''${REGISTRATION_FILE}
fi
echo "After if statement"
stat ''${REGISTRATION_FILE}
AS_TOKEN=$(${lib.getExe pkgs.jq} -r .as_token ''${REGISTRATION_FILE})
HS_TOKEN=$(${lib.getExe pkgs.jq} -r .hs_token ''${REGISTRATION_FILE})
DISCORD_TOKEN=$(cat /run/credentials/matrix-ooye-pre-start.service/discord_token)
DISCORD_CLIENT_SECRET=$(cat /run/credentials/matrix-ooye-pre-start.service/discord_client_secret)
# Check if we have all required tokens
if [[ -z "$AS_TOKEN" || "$AS_TOKEN" == "null" ]]; then
AS_TOKEN=$(${lib.getExe pkgs.openssl} rand -hex 64)
echo "Generated new AS token: ''${AS_TOKEN}"
fi
if [[ -z "$HS_TOKEN" || "$HS_TOKEN" == "null" ]]; then
HS_TOKEN=$(${lib.getExe pkgs.openssl} rand -hex 64)
echo "Generated new HS token: ''${HS_TOKEN}"
fi
if [[ -z "$DISCORD_TOKEN" ]]; then
echo "No Discord token found at '${cfg.discordTokenPath}'"
echo "You can find this on the 'Bot' tab of your Discord application."
exit 1
fi
if [[ -z "$DISCORD_CLIENT_SECRET" ]]; then
echo "No Discord client secret found at '${cfg.discordTokenPath}'"
echo "You can find this on the 'OAuth2' tab of your Discord application."
exit 1
fi
shred -u ''${REGISTRATION_FILE}
cp --no-preserve=mode,ownership ${baseConfig} ''${REGISTRATION_FILE}
${lib.getExe pkgs.jq} '.as_token = "'$AS_TOKEN'" | .hs_token = "'$HS_TOKEN'" | .ooye.discord_token = "'$DISCORD_TOKEN'" | .ooye.discord_client_secret = "'$DISCORD_CLIENT_SECRET'"' ''${REGISTRATION_FILE} > ''${REGISTRATION_FILE}.tmp
shred -u ''${REGISTRATION_FILE}
mv ''${REGISTRATION_FILE}.tmp ''${REGISTRATION_FILE}
'';
in
{
warnings =
lib.optionals ((builtins.substring (lib.stringLength cfg.namespace - 1) 1 cfg.namespace) != "_") [
"OOYE namespace does not end with an underscore! This is recommended to have better ID formatting. Provided: '${cfg.namespace}'"
]
++ lib.optionals ((builtins.substring 0 1 cfg.namespace) != "_") [
"OOYE namespace does not start with an underscore! This is recommended to avoid conflicts with registered users. Provided: '${cfg.namespace}'"
];
environment.systemPackages = [ cfg.package ];
systemd.services."matrix-ooye-pre-start" = {
enable = true;
wantedBy = [ "multi-user.target" ];
serviceConfig = {
ExecStart = script;
WorkingDirectory = "/var/lib/matrix-ooye";
StateDirectory = "matrix-ooye";
DynamicUser = true;
RemainAfterExit = true;
Type = "oneshot";
LoadCredential = [
"discord_token:${cfg.discordTokenPath}"
"discord_client_secret:${cfg.discordClientSecretPath}"
];
};
};
systemd.services."matrix-ooye" = {
enable = true;
description = "Out of Your Element - a Discord bridge for Matrix.";
wants = [
"network-online.target"
"matrix-synapse.service"
"conduit.service"
"dendrite.service"
];
after = [
"matrix-ooye-pre-start.service"
"network-online.target"
];
requires = [ "matrix-ooye-pre-start.service" ];
wantedBy = [ "multi-user.target" ];
serviceConfig = {
ExecStart = lib.getExe config.services.matrix-ooye.package;
WorkingDirectory = "/var/lib/matrix-ooye";
StateDirectory = "matrix-ooye";
#ProtectSystem = "strict";
#ProtectHome = true;
#PrivateTmp = true;
#NoNewPrivileges = true;
#PrivateDevices = true;
Restart = "on-failure";
DynamicUser = true;
};
};
systemd.services."matrix-synapse" = lib.mkIf cfg.enableSynapseIntegration {
after = [
"matrix-ooye-pre-start.service"
"network-online.target"
];
requires = [ "matrix-ooye-pre-start.service" ];
serviceConfig = {
LoadCredential = [
"matrix-ooye-registration:/var/lib/matrix-ooye/registration.yaml"
];
ExecStartPre = [
"+${pkgs.coreutils}/bin/cp /run/credentials/matrix-synapse.service/matrix-ooye-registration ${config.services.matrix-synapse.dataDir}/ooye-registration.yaml"
"+${pkgs.coreutils}/bin/chown matrix-synapse:matrix-synapse ${config.services.matrix-synapse.dataDir}/ooye-registration.yaml"
];
};
};
services.matrix-synapse.settings.app_service_config_files = lib.mkIf cfg.enableSynapseIntegration [
"${config.services.matrix-synapse.dataDir}/ooye-registration.yaml"
];
}
);
}

50
packages/mediawiki-extensions/default.nix
View File

@@ -12,7 +12,7 @@ let
name name
, commit , commit
, hash , hash
, tracking-branch ? "REL1_44" , tracking-branch ? "REL1_42"
, kebab-name ? kebab-case-name name , kebab-name ? kebab-case-name name
, fetchgit ? pkgs.fetchgit , fetchgit ? pkgs.fetchgit
}: }:
@@ -33,63 +33,63 @@ in
lib.mergeAttrsList [ lib.mergeAttrsList [
(mw-ext { (mw-ext {
name = "CodeEditor"; name = "CodeEditor";
commit = "9f19fe510beb671d6ea3076e2e7cbd1025451924"; commit = "9f69f2cf7616342d236726608a702d651b611938";
hash = "sha256-Bl0evDM4TpsoU5gvZ02UaH5ehFatJcn8YJPbUWRcK9s="; hash = "sha256-sRaYj34+7aghJUw18RoowzEiMx0aOANU1a7YT8jivBw=";
}) })
(mw-ext { (mw-ext {
name = "CodeMirror"; name = "CodeMirror";
commit = "050d8257c942dfd95b98525c0a61290a89fe8ef4"; commit = "1a1048c770795789676adcf8a33c1b69f6f5d3ae";
hash = "sha256-3DnY9wlaG9BrnSgt8GMM6fzp3nAAPno49vr2QAz50Ho="; hash = "sha256-Y5ePrtLNiko2uU/sesm8jdYmxZkYzQDHfkIG1Q0v47I=";
}) })
(mw-ext { (mw-ext {
name = "DeleteBatch"; name = "DeleteBatch";
commit = "122072bbfb4eab96ed8c1451a3e74b5557054c58"; commit = "b76bb482e026453079104d00f9675b4ab851947e";
hash = "sha256-L6AXoyFJEZoAQpLO6knJvYtQ6JJPMtaa+WhpnwbJeNU="; hash = "sha256-GebF9B3RVwpPw8CYKDDT6zHv/MrrzV6h2TEIvNlRmcw=";
}) })
(mw-ext { (mw-ext {
name = "PluggableAuth"; name = "PluggableAuth";
commit = "5caf605b9dfdd482cb439d1ba2000cba37f8b018"; commit = "1da98f447fd8321316d4286d8106953a6665f1cc";
hash = "sha256-TYJqR9ZvaWJ7i1t0XfgUS05qqqCgxAH8tRTklz/Bmlg="; hash = "sha256-DKDVcAfWL90FmZbSsdx1J5PkGu47EsDQmjlCpcgLCn4=";
}) })
(mw-ext { (mw-ext {
name = "Popups"; name = "Popups";
commit = "4c22b8604b0dca04f001d9e2bc13b1ea4f934835"; commit = "9b9e986316b9662b1b45ce307a58dd0320dd33cf";
hash = "sha256-mul9m5zPFSBCfBHZJihJrxP55kFMo/YJ18+JLt5X6zA="; hash = "sha256-rSOZHT3yFIxA3tPhIvztwMSmSef/XHKmNfQl1JtGrUA=";
}) })
(mw-ext { (mw-ext {
name = "Scribunto"; name = "Scribunto";
commit = "4a917ed13212f60c33dbc82d3d18c7f5b8461fdc"; commit = "eb6a987e90db47b09b0454fd06cddb69fdde9c40";
hash = "sha256-3qQgXyPb00V9McN8fxgZlU+MeBzQm5ikH/vkXazibY8="; hash = "sha256-Nr0ZLIrS5jnpiBgGnd90lzi6KshcsxeC+xGmNsB/g88=";
}) })
(mw-ext { (mw-ext {
name = "SimpleSAMLphp"; name = "SimpleSAMLphp";
kebab-name = "simple-saml-php"; kebab-name = "simple-saml-php";
commit = "d41b4efd3cc44ca3f9f12e35385fc64337873c2a"; commit = "fd4d49cf48d16efdb91ae8128cdd507efe84d311";
hash = "sha256-wfzXtsEEEjQlW5QE4Rf8pasAW/KSJsLkrez13baxeqA="; hash = "sha256-Qdtroew2j3AsZYlhAAUKQXXS2kUzUeQFnuR6ZHdFhAQ=";
}) })
(mw-ext { (mw-ext {
name = "TemplateData"; name = "TemplateData";
commit = "1b02875f3e668fa9033849a663c5f5e450581071"; commit = "836e3ca277301addd2578b2e746498ff6eb8e574";
hash = "sha256-vQ/o7X7puTN1OQzX3bwKsW3IyVbK1IzvQKV9KtV2kRA="; hash = "sha256-UMcRLYxYn+AormwTYjKjjZZjA806goMY2TRQ4KoS5fY=";
}) })
(mw-ext { (mw-ext {
name = "TemplateStyles"; name = "TemplateStyles";
commit = "0f7b94a0b094edee1c2a9063a3c42a1bdc0282d9"; commit = "06a2587689eba0a17945fd9bd4bb61674d3a7853";
hash = "sha256-R406FgNcIip9St1hurtZoPPykRQXBrkJRKA9hapG81I="; hash = "sha256-C7j0jCkMeVZiLKpk+55X+lLnbG4aeH+hWIm3P5fF4fw=";
}) })
(mw-ext { (mw-ext {
name = "UserMerge"; name = "UserMerge";
commit = "d1917817dd287e7d883e879459d2d2d7bc6966f2"; commit = "41759d0c61377074d159f7d84130a095822bc7a3";
hash = "sha256-la3/AQ38DMsrZ2f24T/z3yKzIrbyi3w6FIB5YfxGK9U="; hash = "sha256-pGjA7r30StRw4ff0QzzZYUhgD3dC3ZuiidoSEz8kA8Q=";
}) })
(mw-ext { (mw-ext {
name = "VisualEditor"; name = "VisualEditor";
commit = "3cca60141dec1150d3019bd14bd9865cf120362d"; commit = "a128b11fe109aa882de5a40d2be0cdd0947ab11b";
hash = "sha256-HwbmRVaQObYoJdABeHn19WBoq8aw+Q6QU8xr9YvDcJU="; hash = "sha256-bv1TkomouOxe+DKzthyLyppdEUFSXJ9uE0zsteVU+D4=";
}) })
(mw-ext { (mw-ext {
name = "WikiEditor"; name = "WikiEditor";
commit = "d5e6856eeba114fcd1653f3e7ae629989f5ced56"; commit = "21383e39a4c9169000acd03edfbbeec4451d7974";
hash = "sha256-U5ism/ni9uAxiD4wOVE0/8FFUc4zQCPqYmQ1AL5+E7Q="; hash = "sha256-aPVpE6e4qLLliN9U5TA36e8tFrIt7Fl8RT1cGPUWoNI=";
}) })
] ]

42
packages/out-of-your-element.nix
View File

@@ -1,42 +0,0 @@
{
lib,
fetchgit,
makeWrapper,
nodejs,
buildNpmPackage,
}:
buildNpmPackage {
pname = "delete-your-element";
version = "3.1-unstable-2025-06-23";
src = fetchgit {
url = "https://git.pvv.ntnu.no/Drift/delete-your-element.git";
rev = "67658bf68026918163a2e5c2a30007364c9b2d2d";
sha256 = "sha256-jSQ588kwvAYCe6ogmO+jDB6Hi3ACJ/3+rC8M94OVMNw=";
};
npmDepsHash = "sha256-HNHEGez8X7CsoGYXqzB49o1pcCImfmGYIw9QKF2SbHo=";
dontNpmBuild = true;
nativeBuildInputs = [makeWrapper];
installPhase = ''
runHook preInstall
mkdir -p $out/share
cp -a . $out/share/ooye
makeWrapper ${nodejs}/bin/node $out/bin/matrix-ooye --add-flags $out/share/ooye/start.js
makeWrapper ${nodejs}/bin/node $out/bin/matrix-ooye-addbot --add-flags $out/share/ooye/addbot.js
runHook postInstall
'';
meta = with lib; {
description = "Matrix-Discord bridge with modern features.";
homepage = "https://gitdab.com/cadence/out-of-your-element";
longDescription = ''
Modern Matrix-to-Discord appservice bridge, created by @cadence:cadence.moe.
'';
license = licenses.gpl3;
# maintainers = with maintainers; [ RorySys ];
mainProgram = "matrix-ooye";
};
}

8
packages/simplesamlphp/default.nix
View File

@@ -8,18 +8,18 @@
php.buildComposerProject rec { php.buildComposerProject rec {
pname = "simplesamlphp"; pname = "simplesamlphp";
version = "2.4.3"; version = "2.2.1";
src = fetchFromGitHub { src = fetchFromGitHub {
owner = "simplesamlphp"; owner = "simplesamlphp";
repo = "simplesamlphp"; repo = "simplesamlphp";
tag = "v${version}"; rev = "v${version}";
hash = "sha256-vv4gzcnPfMapd8gER2Vsng1SBloHKWrJJltnw2HUnX4="; hash = "sha256-jo7xma60M4VZgeDgyFumvJp1Sm+RP4XaugDkttQVB+k=";
}; };
composerStrictValidation = false; composerStrictValidation = false;
vendorHash = "sha256-vu3Iz6fRk3Gnh9Psn46jgRYKkmqGte+5xHBRmvdgKG4="; vendorHash = "sha256-n6lJ/Fb6xI124PkKJMbJBDiuISlukWQcHl043uHoBb4=";
# TODO: metadata could be fetched automagically with these: # TODO: metadata could be fetched automagically with these:
# - https://simplesamlphp.org/docs/contrib_modules/metarefresh/simplesamlphp-automated_metadata.html # - https://simplesamlphp.org/docs/contrib_modules/metarefresh/simplesamlphp-automated_metadata.html

96
secrets/bekkalokk/bekkalokk.yaml
View File

@@ -35,82 +35,86 @@ bluemap:
ssh-key: ENC[AES256_GCM,data:nPwsT4RYbMbGp2MChLUh6NXW4ckYr7SQcd6Gy2G8CEU+ugew5pt4d6GOK1fyekspDtet3EkPL2F1AsoPFBB2Rv0boARMslAhBqwWSsbBJTXeTEgAABSMxTPJRBtfJucvv426nyIj3uApoknz6mDCQh1OI6mER0fis7MPaM1506HlDlnIT0FV9EairEsaAmbd0yddByGJSccKIza2vW0qWqrz83P+xrakEONxFz0fJlkO5PRXCcQJVBCqWQfnaHNrWeBWv0QA7vAHlT0yjqJCpDRxN2KYrPWsz7sUbB4UZOtykCRM5kKFq73GUaOKqVECJQhcJi6tERhpJELwjjS8MSqvBD90UTKTshGugfuygTaOyUx4wou3atxMR2Rah9+uZ6mBrLAOLX3JKiAtyhFewPMWjd/UhbMPuzNageVBNz2EMpa4POSVwz5MyViKNSgr9cPcNGqmrnjvr/W/lnj6Ec+W80RiXQlADSE4Q6diLLwB9nlHvKs8NTDgv6sUafcPHpJ2+N4Jkb96dE14bMffQ385SI4vLDcQ8xCQ,iv:WdJIHRzjlm8bEldolCx1Q7pZJvjxGkNZALSOy3IjizU=,tag:5ZAikiqttq/76+thG+4LMw==,type:str] ssh-key: ENC[AES256_GCM,data:nPwsT4RYbMbGp2MChLUh6NXW4ckYr7SQcd6Gy2G8CEU+ugew5pt4d6GOK1fyekspDtet3EkPL2F1AsoPFBB2Rv0boARMslAhBqwWSsbBJTXeTEgAABSMxTPJRBtfJucvv426nyIj3uApoknz6mDCQh1OI6mER0fis7MPaM1506HlDlnIT0FV9EairEsaAmbd0yddByGJSccKIza2vW0qWqrz83P+xrakEONxFz0fJlkO5PRXCcQJVBCqWQfnaHNrWeBWv0QA7vAHlT0yjqJCpDRxN2KYrPWsz7sUbB4UZOtykCRM5kKFq73GUaOKqVECJQhcJi6tERhpJELwjjS8MSqvBD90UTKTshGugfuygTaOyUx4wou3atxMR2Rah9+uZ6mBrLAOLX3JKiAtyhFewPMWjd/UhbMPuzNageVBNz2EMpa4POSVwz5MyViKNSgr9cPcNGqmrnjvr/W/lnj6Ec+W80RiXQlADSE4Q6diLLwB9nlHvKs8NTDgv6sUafcPHpJ2+N4Jkb96dE14bMffQ385SI4vLDcQ8xCQ,iv:WdJIHRzjlm8bEldolCx1Q7pZJvjxGkNZALSOy3IjizU=,tag:5ZAikiqttq/76+thG+4LMw==,type:str]
ssh-known-hosts: ENC[AES256_GCM,data:J6V+NJ9TvYUL2gmcqWWYt8X+n0M7i0RpDpBelWAbFMH64+e9ztHNnC491sm+RogDxqKk0kwQyX2Mz00iq3Gc3wDYyozGOdv3tBKrp7/LcfjUQ9T9hi0yTD3eNV0LAjlAWMTdlW65VGHqGst8ncKbUuVxbBASVlh3A321toZgD+xxUAtNz7qKFa6fDbOS0xLD1+CmTwVp+aPos//QIKzjuk1HqxfBNK82maKtD4JHPS+Y3be2wIEjGWq3H6JYN/RDojD88D/jzo9RwvEjpqLXoOVfy8uX/fbEsgkgfAmPiaG+ePCnchSExEe3a6Y0E+I6YIzvP+tGThJpu4HaT/yW2Rww/jvsxKrXSUhtBZI/SIX5ZAIFB3sFjJXQefJjfNpQTQWhbspLfdemafGaRiDnzVgKDhNL1HNMNsXKDfWa0SLs4//dqerom/QCCNsaqV+4HVzv5x44srChGERadQI/Wh4UG2R19xxbdyIsKPHzv7BhEKufJkjc5upBjWygQrGAkTRHugFpw2Tdkz9yUQSujMkaeRKhVkA+ZUAjwnY5TwqNZBj7U3K2JXoNVHAq194XmrA2dNghh0OmRrvKGwM3HKexX22SXT0bPlpdWRQpMbUgV+uHLMerlDpNMFTIueEBkaF/FWeSW2N5WUrUb1uJ91QcJ8JBgN1riuD1Oxv9RRPrY9VVNJMrYjpAAREN8i8brMTOCJ35s7jnqIei0dNmnNXOoQZPs9kUMeEtUc/Df1E8/aO2Y4yU9gHUuevXnAJWFAiu2IxssgPk6CcNxvapJEmlwkLK/JyuDsWwFxVOHfw5QIEsoDVWXt6eMhquqUgzJI1q7QrTWUQsBb5A5sQKYWQHempOaXuQn1bzA7mU3Gzsr8bNNc6tpy+6j3zTXYR067EX00yqPG+kqRn4QVIuhByxXP3cwXLUG9uD1lsqWrGzs6WCnHr7txhRBXf4WbBVmXModO3uf36cDYEwrUa6yBsARtSl8PJ0UadfY/xULcT5PFvu9+Hi2qj3vp4IU3JCJa9AvXB+11pbSdawprjuDhwQtPwkJ4CQyvZsom3/BOrmwYM5+EyMDIluEQ0z6eDE5buiIVbX6IvXnDCKbrnqVwavX2wqyiDduFLjRfWL/3U2O1yRim78smrDMJABJZvtW+a+GfmlnTd/gnFvS70Fmm/lgtY051ISL/iFx6toJRoBMMiI/Zvy13uQry+w/HbyFl42DIank8tf7kuN3E9M7ADGMubRJJ0AZOcQddrFnR4Gl2nU2+3RS5fLHaBf9QHK6W92/n//xmPkYqrkPacew4eBjUqM32jVGuBpDc964fK9kdtIdw8q5P1s/ph3I79Y24kGeuO1AVJuZvkaTv1Z7GgI9+K9TstKJ9XpRCidLpLSP+uHOWkqcNsQlt6ilTlfHj+MKoD85dKZ315QMmpiuYEvzCSP1aYTb9dpd61Su/IVuM3r2NuINNEZ166YlHQVsLNpDn8E5ahk3ZInOAg6/kaKTmjUI8KEvX4BR3PbbViAlJJb3suJ0oZBGPUlrW5uLRmADvf2mMDVO5zY7/m9DQwxjt4Miu0l8ZaUc0YJQ850lBKucQ==,iv:GI8w7h7xX8gMHuAoWUyrW+BQb85LNlASoYvGBPlCZaI=,tag:WnHNMevfFSMc0ikBZwWn/g==,type:str] ssh-known-hosts: ENC[AES256_GCM,data:J6V+NJ9TvYUL2gmcqWWYt8X+n0M7i0RpDpBelWAbFMH64+e9ztHNnC491sm+RogDxqKk0kwQyX2Mz00iq3Gc3wDYyozGOdv3tBKrp7/LcfjUQ9T9hi0yTD3eNV0LAjlAWMTdlW65VGHqGst8ncKbUuVxbBASVlh3A321toZgD+xxUAtNz7qKFa6fDbOS0xLD1+CmTwVp+aPos//QIKzjuk1HqxfBNK82maKtD4JHPS+Y3be2wIEjGWq3H6JYN/RDojD88D/jzo9RwvEjpqLXoOVfy8uX/fbEsgkgfAmPiaG+ePCnchSExEe3a6Y0E+I6YIzvP+tGThJpu4HaT/yW2Rww/jvsxKrXSUhtBZI/SIX5ZAIFB3sFjJXQefJjfNpQTQWhbspLfdemafGaRiDnzVgKDhNL1HNMNsXKDfWa0SLs4//dqerom/QCCNsaqV+4HVzv5x44srChGERadQI/Wh4UG2R19xxbdyIsKPHzv7BhEKufJkjc5upBjWygQrGAkTRHugFpw2Tdkz9yUQSujMkaeRKhVkA+ZUAjwnY5TwqNZBj7U3K2JXoNVHAq194XmrA2dNghh0OmRrvKGwM3HKexX22SXT0bPlpdWRQpMbUgV+uHLMerlDpNMFTIueEBkaF/FWeSW2N5WUrUb1uJ91QcJ8JBgN1riuD1Oxv9RRPrY9VVNJMrYjpAAREN8i8brMTOCJ35s7jnqIei0dNmnNXOoQZPs9kUMeEtUc/Df1E8/aO2Y4yU9gHUuevXnAJWFAiu2IxssgPk6CcNxvapJEmlwkLK/JyuDsWwFxVOHfw5QIEsoDVWXt6eMhquqUgzJI1q7QrTWUQsBb5A5sQKYWQHempOaXuQn1bzA7mU3Gzsr8bNNc6tpy+6j3zTXYR067EX00yqPG+kqRn4QVIuhByxXP3cwXLUG9uD1lsqWrGzs6WCnHr7txhRBXf4WbBVmXModO3uf36cDYEwrUa6yBsARtSl8PJ0UadfY/xULcT5PFvu9+Hi2qj3vp4IU3JCJa9AvXB+11pbSdawprjuDhwQtPwkJ4CQyvZsom3/BOrmwYM5+EyMDIluEQ0z6eDE5buiIVbX6IvXnDCKbrnqVwavX2wqyiDduFLjRfWL/3U2O1yRim78smrDMJABJZvtW+a+GfmlnTd/gnFvS70Fmm/lgtY051ISL/iFx6toJRoBMMiI/Zvy13uQry+w/HbyFl42DIank8tf7kuN3E9M7ADGMubRJJ0AZOcQddrFnR4Gl2nU2+3RS5fLHaBf9QHK6W92/n//xmPkYqrkPacew4eBjUqM32jVGuBpDc964fK9kdtIdw8q5P1s/ph3I79Y24kGeuO1AVJuZvkaTv1Z7GgI9+K9TstKJ9XpRCidLpLSP+uHOWkqcNsQlt6ilTlfHj+MKoD85dKZ315QMmpiuYEvzCSP1aYTb9dpd61Su/IVuM3r2NuINNEZ166YlHQVsLNpDn8E5ahk3ZInOAg6/kaKTmjUI8KEvX4BR3PbbViAlJJb3suJ0oZBGPUlrW5uLRmADvf2mMDVO5zY7/m9DQwxjt4Miu0l8ZaUc0YJQ850lBKucQ==,iv:GI8w7h7xX8gMHuAoWUyrW+BQb85LNlASoYvGBPlCZaI=,tag:WnHNMevfFSMc0ikBZwWn/g==,type:str]
sops: sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age: age:
- recipient: age12nj59tguy9wg882updc2vjdusx5srnxmjyfaqve4zx6jnnsaw3qsyjq6zd - recipient: age12nj59tguy9wg882updc2vjdusx5srnxmjyfaqve4zx6jnnsaw3qsyjq6zd
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvQjZvVEplU2pMQmgrQXE2 YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNbjFxWk5lY0kxaStxcnVh
Qy9FY1NRZEhpSTVCdy9rVEFHekM4NHJEVlRvCkNnVUlCQzdGenlKOW56ZGY4bzJm SnlYamw5WXBRTkU0ZGFEWnZvME1nZk94TlIwCmlhVGFtckJpN1RZdXRBYkxDbnVS
K1c1N25ZbDFNMDY0YzlGMTlMN2htSEEKLS0tIEYvWEVoMUVtVDRkeEt5eWFZckJs UmZtWENzZWNYRmptY2kwem42ek1LbXcKLS0tIElsRXBmNHNmdjdqTmFLL2ltMnFC
aFRsYmhNMkQwdFlDa1ROWXdhWGFKUUEKqixofKZBMXpV8q801HtVoHzZWJhsifSB VG11M3ZpeUJPUGlEQmExOEdSZFJERE0KSIo1pzx8AcoJWEzNzEDoV3eM7194IHxL
DLPHbOAWpXjKygNJ1ogi66FWBFfRL0KGffQEuaIozTA1r1NafSCLKA== 4pCSSztKDCF+XdJZLh5sgudaYLJGtX5n7q1hbuL0wOmotM9bN2YLog==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1ug30gg4y7ftuya0wdv7q0vh4egn00wlv2th7mt7cgc2ze46wmvyq9lq6ge - recipient: age17tagmpwqjk3mdy45rfesrfey6h863x8wfq38wh33tkrlrywxducs0k6tpq
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB1YmhFNHNuaXlFZXMxNmtR YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBybXRjNEM3ZDYwa21LdWpE
S3ZIM25xVnYxNE5kL0RJR0lpNWo1c2ZTczFRCkRKakRNek8xdVcxcFN5Wkc1VDJ5 dDg1MUxaeHlJSHRhWk40TndYbHZLWHVsVWk4CkxkRVJ4c1lhaXZodGxhNGhkUy9q
QjJuQjcwZ25RVkpoMXFpQXltU21MOTQKLS0tIFVrNVJ1alAwM1RtTy9zUUIzMkpi M0I1SHdjeXVXL1E4OXgxS2x0cU9ESFkKLS0tIFpNMjNKLzNDWWtvTkhHRDFSTklH
bnFVWG5xWW1hSDZob0NzZVZNOHdqRTAKci5uPZI7K/ljVRZ1j2qQFABpf+Anuj2a T1k1cXp4NXVvVGdkYXp0VVNJejVJRkkK6K31gqRRvo0mbJy6aCTKotVmrfqZoARG
yqz92A7DbMUSUqmUNCHWg2vKmMwuRL3CXLPzZoXgIN07dpYQlk6qgg== w6wKe1TJLWJv8RAD3GQrub9MJwQhUG38Jtj1WrXgNMlF24zFPlZDEQ==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1mrnldl334l2nszuta6ywvewng0fswv2dz9l5g4qcwe3nj4yxf92qjskdx6 - recipient: age1mrnldl334l2nszuta6ywvewng0fswv2dz9l5g4qcwe3nj4yxf92qjskdx6
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBUZExMODZvbUo5VWt4UWs4 YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB2azhwMEJRZ3JQRnhDNlFR
ZXRXWkdDczQxcGRJbUFyU3V5bDllampVWTF3CndVSzZESmlwUFcxMjZKODhPY1pz a283MitGTTdaMTZURmFYam85TU43RkdXYTI0CnQxWnRUZ2F6MHd1TWlHMDZ4b1p0
WHo5aC9JOUg0VndhdGIxeU1PU2t2QWMKLS0tIExQelVMSWUrMkUrY3htMVIxTHFo WStOVndGTUpmdncvd1k0WlV3c0xKYmMKLS0tIFpSb1hKbHJyM1dCOVBMa1Jabndp
blNkNG02ZTFHR1ZjL1dBbjlDNXk5VmMK+EbzW0Rdq5cxIm8EnQ2P87BTxfMKywyM NWlGSFhQUngvWG5BQ1lyOFAxanlGdlEKt09a9bMErR3wqbutxhDRfSWp40mmfShJ
Q3LGAw4RDR/Gstj9hzpTPnNjb4D5tMcQmeQlAvBriZPFXCrmq5WCXA== KAAO2TEMKkEGFvaxYu+G9rbR37h/ZttikJMvIVlfRzmVADlFwO7eHw==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1hmpdk4h69wxpwqk9tkud39f66hprhehxtzhgw97r6dvr7v0mx5jscsuhkn - recipient: age1hmpdk4h69wxpwqk9tkud39f66hprhehxtzhgw97r6dvr7v0mx5jscsuhkn
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrSGFIdjJwTkpRdzdIQ2Iz YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtYVJLMTZma08xZVo3cEZs
WW1jamZFY1JrTTBZRjM5enZmNkNEMTRaQ24wCjdJY2l4OVJyU2pVR3dQZFg0cHRl Ym1FTU9ZdmxlcUxselltWDRwdUhUdU1udnpjCmh4TlJEK09UdlNFLzN0YnN3WGtt
dU1xS0gwbWM0MktPL2d6dG1wN1ZsWEkKLS0tIHJscElDRVFrakJCZmtMbk0xaVp4 aGpzd25Vckc1TmVCamQ0ekk2QWpraUEKLS0tIG9CNzBOM1g2aTRlQmt3WWVrTlNB
MDBoekhiMWZaeU9IWkcybFNWczVtUUUK4BOBttXkGhmUYTjR68ZvaT0BpbIw67rr ZWsrZy9HSWt4OUdMb3ZZQmNjNGZNZjQKMhvkRnis8P2iV3hoigiN2IXeIFvFuYRK
Ls5XV6Azkid7GAttNayqb/OjshUco1xIbAyGRz77b5uzMzM1cM6+dA== FeMG/cNOtAUsOgHMs4xDPqpLrhpay7IEvwQukBxscd/88I8/ZdGeHQ==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1wrssr4z4g6vl3fd3qme5cewchmmhm0j2xe6wf2meu4r6ycn37anse98mfs - recipient: age1wrssr4z4g6vl3fd3qme5cewchmmhm0j2xe6wf2meu4r6ycn37anse98mfs
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNSmVyNkNiWkxob05lakJI YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtazZ2RUo3ZjdKeStLWW0r
N1dWVWl4bnd0cWV0bzlzQTdhMTZ6aWZJMFU4CkYwc29NTW5PODVVTU5DNFdCV0RO bm1NVWJRbjZpZTVRcEFWTnJwYkp2YUN3OTM4CnhRa2RpOS83MW9zaWlUV1M4b21t
RTJHaDVmbWZ1WFdSRVE4Tk9SbHhsdUkKLS0tIFhiN3M1aGJtY2ZqTkIwYjB6S095 OG5Ub3VkK1dSMkVzN2VtT0JrWkFSTkEKLS0tIGMvOFU2U243RnpUTThRRWthaHpZ
WkpCQWlab2s5anVIa2Vlak1vNzI5U0kKRhPzmr9IW0fVDRKzfR1du7KgevNUchxJ SjBhZjJpNGlUclF3bXRKOXk0KzlHdzQKp/asp39bRfNXyetc3ySVpnzfO6it9D/e
GDz5B/EekvwZwhcAGvkE6uwHIAIMaau49S9iwqK4NjIcBIGagoqiDQ== XWyhq0yKRFAC8yMYeAuA4kIcNM4DGRc0PnwA/ce3IgHsV1ZNdvdWfg==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1zhxul786an743u0fascv4wtc5xduu7qfy803lfs539yzhgmlq5ds2lznt5 - recipient: age1zhxul786an743u0fascv4wtc5xduu7qfy803lfs539yzhgmlq5ds2lznt5
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpSXJKL3RzUEMzZXN5Qmsw YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBnT3lTUEFaN3pOMGhsQ1Ra
aFRrMXE2b2dNU05NeWNuaEZOdkcyMWpvUlM0ClVkMVJoS3Y5SnJxQ3RtaUtncDcw SVZ6cE90a1BteXgzaldsN3ZTSGZpZXlyWHdvClhJM2ZDRHR0VzVSQXd0b1drK3hG
cWRKYjdFbEJ3aWE1ei9wYnpVRGhBd00KLS0tIFFycFgyWGVvMFc3azN3T2Z4aHln aW8zUWlHcVFkTFpJYXpxWlAwVHV0ckUKLS0tIGVmR0g2Vk56dlZCU01Dd3NzUFZU
UzR0dUp5MHFWdDFya0hlRXM4M1d5YVUKhaXAFsId/SGv5wmKvjTLSAAlDNuSH80H UHpLRkdQTnhkeGlWVG9VS1hkWktyckEKAdwnA9URLYZ50lMtXrU9Q09d0L3Zfsyr
SahjRm7nj5Z6ZHJfBZu9cGoZ5ZdvPsr1DtLgErSndnOnh7TWA8SgGQ== 4UsvjjdnFtsXwEZ9ZzOQrpiN0Oz24s3csw5KckDni6kslaloJZsLGg==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2024-12-09T21:18:23Z" lastmodified: "2024-12-09T21:18:23Z"
mac: ENC[AES256_GCM,data:scdduZPcJZgeT9LarRgxVr/obYsGrJAbMoLGJPPPp19qxOJMTdvYfMz8bxPjCikB4MacEgVZmcnKIn5aCzHJAnCI/7F2wm1DDtW9ZI5qbhDJKSSld+m2leOSPfR8VY/0qj6UNgGnwkwx7dfcAlv8cP2Sp3o1M2oyQxeXPr5FWEg=,iv:JEAwkCewMp0ERmYU62kZkbl7+FET1ZeRr6xeEwt6ioM=,tag:jxvli935X3JyZYe7fFbnLg==,type:str] mac: ENC[AES256_GCM,data:scdduZPcJZgeT9LarRgxVr/obYsGrJAbMoLGJPPPp19qxOJMTdvYfMz8bxPjCikB4MacEgVZmcnKIn5aCzHJAnCI/7F2wm1DDtW9ZI5qbhDJKSSld+m2leOSPfR8VY/0qj6UNgGnwkwx7dfcAlv8cP2Sp3o1M2oyQxeXPr5FWEg=,iv:JEAwkCewMp0ERmYU62kZkbl7+FET1ZeRr6xeEwt6ioM=,tag:jxvli935X3JyZYe7fFbnLg==,type:str]
pgp: pgp:
- created_at: "2025-12-01T10:58:17Z" - created_at: "2024-08-04T00:03:28Z"
enc: |- enc: |-
-----BEGIN PGP MESSAGE----- -----BEGIN PGP MESSAGE-----
hQIMA0av/duuklWYAQ/+IxSo/UF0bv0ktR4aYDhZF/7y8Xv56jaZbW+bI8os57SY hQIMA0av/duuklWYAQ/7BlyYej03uyhLheXS406h3Ew7v7D+rHHvHjiw3FCJxHoC
mk7MbCqMmujf31gDlWwvytn3sEBTs69tre2rJH0JhDnfxrfL4uHJqD2Idtfhejgv 1revUrMa/M6iTNQteaBvBcYVR4+SpUpRyN/6BSzEQBrNhUBR+70VWL2yzeeb6Bw7
6ezh37/aFy0GgkUKUMpVG3sksZjQrKrSvJiHgfIAaiEiNU6grc6EDLPqDrgO0s1V GBtuyS7O3DEd0froE3aFETR0NfQ1FfcndOBd3SDKOsCgL5nfJSyOPQtr1OMLKzoW
RBUiv2VMyg6a2MBf6TSrdoHw/HtK/PvOgrQ/C3q3jjUzVLUnScIsewwTq0zdmVf6 +CARt457xEx0KY7IIpN6e57IT7bVjJx5UuDcN0ZncUyuGUAKHdn0nAHzWqiSZV9w
WPG5/sTjKoIYRdjrEZOIZglU61Q2/d0GTGkI7nkr5xl+iJicRO8O4cYmZ2NivMLt bIftLJ936zvBOhhl3DkzvALnI9+//KPSMM3o/1ti07FoAx8cK2w83VA5Ia9qeNkB
pjsYGQ+Kyuxzmgqjh2aRv5uu7p4g1fYIBZdcqmm14Jc/IznNUAdfpgoRGUxEbnGW wfVuE6f5a2KP/KrfnVCfvweMh/MIEUGb14XEaniyYwvlW5vwF9YgPH6HGc0c+lH6
R6C2eTzvhZGFj0+jssLwcWtGxa2xxPAHL8TbAvroffzx7W9IdyWkmOEaMuyHFAWT UWy8+Iw7kXkUEJuhtNWyBPJeVKheSBieoWUBZZAK4uWUpChJxfc5M3+P3mgzTIP+
FpsdlSkYmQs1H5YCdRnapFkNbaIPsQy/c4dQhzYakrheMdpXo6efSPmk9RdjKZrd 7P04xdtS0GwrNwMBiQFqc56hoYDAwMYbn9lFzM3LLq+h8Ztg2G4X9LXjD956TP5C
HvJaepwJA7Uf9+eY+LgPVTKY4ObJziJEEIM8QwmBW4h7ZujbntUHXhL1dt2Bc8nZ bPV7BFcjTSaAt1TDJcDJRxfrtx6Mo/DLknpGTMRM0UfQ/22uMz2GAH38L0C7lD9B
5foSRmLA0lsd59QSPA3lg30TpJARC8aq4dlYsTFqQgHVTHA2W1m5gYvIgNKlhR/F RrKlpDuMKzj/LUihO33Ry9J0IpZ3XF6oaSl/+P+uO9QYNxA/zkuxuSWfqoysldyN
NGNaAWW0+3V6NeQF5UVp/ug4RbJK+qbrQw/+jeyRaPj3TWaFobOfs+Ad5zcL5QfS bSo1dHGapY/+PVMjM0E/2Dkk9T2IbQUlkVxPrlvuUd3YfrJ7bCva2GDjLvXSp7LS
XgG1ix1Re4pnbeGbTE0QsFQ/Ir0mwPGuNzr1CFuVQWvPUYqA4iv8nlxIj2E43gcL XgGgLgrj54YoOn4uUFsxzDIS7yVps3fCkByVtc1Lc3C8uPPF1B+jOX7O87kZOHag
4ihGEE6dKrrwLJuALNq4p7mqnCMJ7/kjLNTRUSmWY8fHaVmX/QL0uGZwYH1Y5P4= XvT2ze2ITfdxPzoyZO1nWVIGO8rAtQ/vK/Iv2/hHtc4gfzL+gy7GeUWGHkvZ1Kk=
=2j4b =wDmH
-----END PGP MESSAGE----- -----END PGP MESSAGE-----
fp: F7D37890228A907440E1FD4846B9228E814A2AAC fp: F7D37890228A907440E1FD4846B9228E814A2AAC
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted

109
secrets/bicep/bicep.yaml
View File

@@ -5,89 +5,88 @@ mysql:
password: ENC[AES256_GCM,data:KqEe0TVdeMIzPKsmFg9x0X9xWijnOk306ycyXTm2Tpqo/O0F,iv:Y+hlQ8n1ZIP9ncXBzd2kCSs/DWVTWhiEluFVwZFKRCA=,tag:xlaUk0Wftk62LpYE5pKNQw==,type:str] password: ENC[AES256_GCM,data:KqEe0TVdeMIzPKsmFg9x0X9xWijnOk306ycyXTm2Tpqo/O0F,iv:Y+hlQ8n1ZIP9ncXBzd2kCSs/DWVTWhiEluFVwZFKRCA=,tag:xlaUk0Wftk62LpYE5pKNQw==,type:str]
gickup: gickup:
github-token: ENC[AES256_GCM,data:H/yBDLIvEXunmaUha3c2vUWKLRIbl9QrC0t13AQDRCTnrvhabeiUFLNxZ/F+4B6sZ2aPSgZoB69WwnHvh1wLdiFp1qLWKW/jQPvzZOxE4n+jXrnSOutUWktbPzVj,iv:KFW4jRru93JIl9doVFtcNkJDWp89NlzWjPDflHxcL/U=,tag:YtgyRxkoZO9MkuP3DJh7zA==,type:str] github-token: ENC[AES256_GCM,data:H/yBDLIvEXunmaUha3c2vUWKLRIbl9QrC0t13AQDRCTnrvhabeiUFLNxZ/F+4B6sZ2aPSgZoB69WwnHvh1wLdiFp1qLWKW/jQPvzZOxE4n+jXrnSOutUWktbPzVj,iv:KFW4jRru93JIl9doVFtcNkJDWp89NlzWjPDflHxcL/U=,tag:YtgyRxkoZO9MkuP3DJh7zA==,type:str]
minecraft-heatmap:
postgres-passwd: ENC[AES256_GCM,data:T8s9xct07AJ4/Z6MQjNrqZQq7FerHz8Op+ea8zO2MDLPWWgU7/hBfrr+T4sc1TgT3e5vtE0dVcqCSbZCZj+6zQ==,iv:prx6d8c92OvbL8IjBLAvi1Vqk69D6ZIkAp7E8CSljok=,tag:UA5YS4YwViYZJ2PWzIIM3g==,type:str]
ssh-key:
private: ENC[AES256_GCM,data:h9OtD6hxrxyokFDe9bveAkMICrs3YrsAEqg0RVHV+xCkgkNAdoh85wb1QI8FJ0tga4Bfq8ZxZTdMnexQvbYWL8m/N/P6gWoPPJd7dwGuxaUZu5lqngVuHIhH0yWFWtPXjQ0Zyl5Q1aBKyjzJMvJc/H2iprgVH4YFs/fWf/KDEp17Plvvz0AoPGPrOZErDmne4MtLbW3pUm1r5ACo/41OyXYwjHk1Ywgsoz1CMxe/DrmkADnf7jSDWL6Q0mz8hIIYi8GbToJS4BIJ2plttraxV9sqpIPzS/1jMERNchItlkCppSYIy/eohVmskP8dAySm5Z7HNGGtzWSSGLxq15xKc7OVFYPMI+B35nPnp1LVOUWqBHAqVo7dwxc3VXOlVat7AMknUZnr67d4TIIl5BOdy/rvAxzXS/fDV0zntIs5o3phKStVvq07eZFaOVva45B7Pyyn0PdBhHBt2JcBtm+Xtg9i3xvZdwQgbeeJRhnYgDqK6BVhmtTuirwp1GOyslqaFCjg0MJj+W+d8R9gbbfyFR6YrZQAkcd/o/yZGg86z7Phe18=,iv:nt/+qPBwPZKQt43VJ9FbKjLYioFwCxD7VK9WNCJCmpQ=,tag:MuDfnTiro3VVJq9x5rkEQg==,type:str]
public: ENC[AES256_GCM,data:+fiCO8VRSmV7tmyweYSpZJMOuMORLHkWetYbr20aTQ1vRYr927nYGes4E464t+Dv9OyJPCLmHBdgt7UvxJWuC3pZE8iStnBYnej3D4ebMzi2SMfOkJjGuQSplXtl8QeAYe1YvROmtQ==,iv:thgGQUyWdXfwUt1E/vudoNjl8JjnksFd1rb/asTry+g=,tag:t1iQPocvfI+JafuJycaLuw==,type:str]
sops: sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age: age:
- recipient: age19nk55kcs7s0358jpkn75xnr57dfq6fq3p43nartvsprx0su22v7qcgcjdx - recipient: age1sl43gc9cw939z5tgha2lpwf0xxxgcnlw7w4xem4sqgmt2pt264vq0dmwx2
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBSWXVrN3MwSkh4RUJHcmRu YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBiOVc1eXg1bU9BZmc0cXhM
V0YrMkhIVGZtLzFsbEZ4dmNSV1FmT1Y2M3prCnhWOSs5VElEOUhuQU1xa2FmRlIw L0dpbVBvQTNzcnFWcktSaW5rQXhnZks4dlhRCmVla3kzWDlJN2V0dDFYWkxJUUVo
YXQvZFpGYXh1eTMwVkZEempxdHA5eGsKLS0tIHlGQXlHc1ZJaWlPNitrSlQ3R25h RTlqNWM4c0lmbkc3cUM0dTgyWGpSNWcKLS0tIEx4SkxDdTFGUi9OQ0NRVGxXeSs4
a28xWWRwbTlaZjIrbUpxUDJzMnp1alkK3awAxPMvmrh42Pwhv4mBUvWH5ev+OK+i b3Zaa3p1MnU1UTk1T3hmejVkM2RDLzAKmk63I60GEenLt0l4FHmz9mBAumw105Qs
nKWXHOMyYPudYg062Ex7iAHS5WTw71bsMkUEwmU0Mt5XbopkXCyyZA== mDbQBfAj1m1FTE6tl38J8wVyFI8LT550bqYdymvnT2mnEIAIP/04ag==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1ug30gg4y7ftuya0wdv7q0vh4egn00wlv2th7mt7cgc2ze46wmvyq9lq6ge - recipient: age17tagmpwqjk3mdy45rfesrfey6h863x8wfq38wh33tkrlrywxducs0k6tpq
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBZZ3k1VjN4SlVPcHhkNXpw YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB5dmJpdUxVcllPYXpxRlN6
MTFncDF6cDdKVmVSQUdDQUQwNW5scjZ6TUdFCnY0UkJjdE5DaUFNZm00VEVmZG92 ZnYyc25sbjdWNUNEQnE3UU5Ea0JPK3o0Ukc0CnFIOU0rOU5lV0tGb2NuNnQzejhw
U0VINHJqbDd4RGFnOWdxaVhoMjRYN0EKLS0tICtESEFUbHBDamFJelphbTlMNmNQ cTBkOFJHTXJIMFhzZ0tpODJ6N1pJRTgKLS0tIEhPVlBMcjdHNVRKWDhkTXFTOFFu
amJIdU5iaWNLQ28wYXJxZ0ptVUxRQVEKZtVEIcBrGHpmg/wGCzDshYZ83pJUf5CY NUREdmFNR2NkY0Uzcm9tbmhteHFtSTgKSUTGoNb2/0rljN7oojVk1fMAulK669ud
I4hmsoPRnq7Zh45eCuE7j+RNhGiQWGi8q/+sUnSJQMGjzIHf0QfVkA== fpacGQFBJzJOusx29YC01W6mn8TW8Cdw6mKmS3QEsYYx7S4HpX0v1g==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1mrnldl334l2nszuta6ywvewng0fswv2dz9l5g4qcwe3nj4yxf92qjskdx6 - recipient: age1mrnldl334l2nszuta6ywvewng0fswv2dz9l5g4qcwe3nj4yxf92qjskdx6
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB0TXZuS2pvOTd0RmdtU1ZE YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBRUmNyQWU2Ym5NMjJnUUpu
MmIzUUxFV2NKcXJtempJdVpUQVZwWVBlZm5ZCkJZeVZiUjNPdW1XZlJ0YWxDa092 Vi9yeWhFM0NDTGZtRThXQWMxYVI2aEUrNUVvCklxTldQRnp4dTVXMjRXWU5DNWhz
aGs5R3VUYkdBbVQ0V2dzcGV5alZxQ00KLS0tIHJqdGExb05DVFhka3duRTY1dFhz dzllOXp1RVRaMDFNWExuK01maFk0blEKLS0tIC9hUENybThmWlBab3IwSTQxSHBj
MGFxVlJDcEZjc0Jxc3loV1ZjNkl0TjQKu+gUS5uyfWBNn67WFt1NwjzkwYWG4r04 Q0IyL20vdlRBNWZyNXc3MGVtcUNza1UKLDq74TMy5hXhimnDA06/Ku5RJQcDvkjn
hFh9hxB8efiMxYiDp2fc9EKvn1FlTBQJE1KWyiD88twzhKDKaDqQJg== QKSGCxZ6FJ/io22qNiw0vDRzTfW1Dz+9/Yog3Pi870IcAljkdmoxEA==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1hmpdk4h69wxpwqk9tkud39f66hprhehxtzhgw97r6dvr7v0mx5jscsuhkn - recipient: age1hmpdk4h69wxpwqk9tkud39f66hprhehxtzhgw97r6dvr7v0mx5jscsuhkn
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSArQTF3bXhXa1AxazZqZWZv YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBOTUpYam1KQ2laek42V1NE
dWFpWGwyUDZkZnczc2NpbnBWeTJGQUVBSFFzCkwyRFVVa0l3dS9GaGN3Mm5TY3dh eUY2TlY2Q0JNTHR6QUEvZEhhem5ZKzhPQ0JFClZldDE3dDVIeTQrOVpJNGI5dDlR
Z0VkRU1uZGVscnlLNXArZVMyVFhxTWMKLS0tIHV2ZExtVnFONTlQRVNMTFRzQnFu YStuTlRDcXdiWE9LdThaUERnbEpkU28KLS0tIDNidFQ3ZTdINXpTZGljZmh3Q1ky
ZmtGTVJqKzlGWDBaUWs1Qk1PSnc2WE0KrIJy3b1TdI7ur02ZzOfWJGWl6WuSUFV4 Ynk3aUtFOFdGV1NHb2d4YXJXb0xNYU0K07jwIfF+US++qz9rKn0TgR/vZam12vvr
h9Bb3uSpVZLWb0MRKTK5RIeedQZ0NuVOqAP3hCglzzNkZ10/r7ly2Q== lq5s694hHkSRmAP5uJ4lNQKUkacH9qlBXB+aU+D98vKRDGYIkKhlQg==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1wrssr4z4g6vl3fd3qme5cewchmmhm0j2xe6wf2meu4r6ycn37anse98mfs - recipient: age1wrssr4z4g6vl3fd3qme5cewchmmhm0j2xe6wf2meu4r6ycn37anse98mfs
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB5L0hVVnE0bVp4d3MwQXo3 YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBjaURPbENOQ2l2N2lsd2l4
bnl5aWMxajZRNHFHQzhXVDZtK2k3TjJGRlFZCnRORzNTVEJOeTZ6OGZFNDNlQzZG aUdQNlUyWjNFM2JhcXF1Z1NJZ0lzZWFjYmhNCnF0VmZzd0hJSjJvekpzN3hoYnlq
MmFHRFpQMW0vSVl1c29yTFoySFEyNEkKLS0tIHVPUlhIdHlxWHV3a1Nra0lEN21Z UDg0VHVlMUFTc2xNdGtLb2VXVzBySHMKLS0tIHdVWjlnTmdxSGpMR09zOFpVYmZF
cWxLUTBIeEZ0Sy9Ta2Jsajh5eVd4bTQKvmpiIPGbgPjqssx4sc/bqaCLeGIPcRfF M3ljcDgyUHB3Zm00bUxWeHRvK3o1bE0KGWWaSuPmvzA4PqBg3y+XOpnVCkv34eV3
BVWm8tEpDmpjvFPgRKhgIKFAQZXumd/9ykWAJE02OWeOOD/LjfSSMA== ZEnPJood5bkBlVqfiBbwJaF98rCH1f5WI6S0NA/5ol5kckDpfwpePg==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1zhxul786an743u0fascv4wtc5xduu7qfy803lfs539yzhgmlq5ds2lznt5 - recipient: age1zhxul786an743u0fascv4wtc5xduu7qfy803lfs539yzhgmlq5ds2lznt5
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBUczg1MEI0VFhFNUxYcCtj YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBMczFnbUlONTI0M083bzNB
UXZZaUhPNEZ3cDkvc2lZMm9ZYnZGTit4U3lnCmR0cC94dDVQcjJYWTh0Zkhkclps RVdYQ3ZIT2dwbVJVS3pjZjc4d1htMVQxZGtZCjlPejdVNFVrV0t2MjJ5NEZuYklt
WkVrZmdCSE0wdzYwNXMra0hLYWEzU1UKLS0tIHY5MG1LZkFpeisxeDNXQkFrdm9J U0ZiUWgzdytMSHd1N3FPdmNmb3B3UkEKLS0tIGtPdmhpT0NQSGpPWWVublF6dVZt
dndlQmsyTFBOQlIrcnJlOVdWS214aTAK4RSsxV89Ccb5K8JP20J+R621LWdtuQJ6 cTh5bnJ3WW90aXRCSUp6NHFYeU1tZ0kK4afdtJwGNu6wLRI0fuu+mBVeqVeB0rgX
vwWhWkbtBU1Ck3NeEa4UanRqFJxl0bkpdFzHWoQnCm9TmzRf+Oikfw== 0q5hwyzjiRnHnyjF38CmcGgydSfDRmF6P+WIMbCwXC6LwfRhAmBGPg==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2025-08-25T12:27:53Z" lastmodified: "2025-05-07T21:34:48Z"
mac: ENC[AES256_GCM,data:GoJ2en7e+D4wjyPJqq7i1s8JPdgFO3wcxrtXOgSKTxi6HTibuIcP4KQcKrCMRAZmXOEL1vpnWFA2uk7S00Av7/QOnzP0Zrk3aPBM6lbB+p9XSabN0sOe1UpZDtAM3bzvS9JZzyztT5nHKvO/eV2rP71y/tYbsT6yvj7Y9zxpvKg=,iv:tQiCr7zpo7g5jZpt2VD9jtFKo32XUWs94Jay+T4XWys=,tag:npBqmlbUUfN+ztttajva3w==,type:str] mac: ENC[AES256_GCM,data:n6GHD+nQmZL17WvUZiMCBLRHbtpoKU6U8o/Oraj0VSRi/pQ74QWGVEcIX87kFjBvR2C+UPd3KwXzjQHhjUfHpz9EjIGi6tXLTTo8K3ptd2wCL8MW418TVO4KV+BFmHGT4kwlbdoqaJ2SA7HcfXNaC68e/2CTXhtkLpIwGXtYWJA=,iv:iC5QX/JMwno4mBljPdorNmcQSD2wy/wOYvGrUoC2yzg=,tag:GuFNQ6+d6o9DYC6Do/IEqQ==,type:str]
pgp: pgp:
- created_at: "2025-12-02T00:51:13Z" - created_at: "2024-08-04T00:03:40Z"
enc: |- enc: |-
-----BEGIN PGP MESSAGE----- -----BEGIN PGP MESSAGE-----
hQIMA0av/duuklWYAQ//eMoBqyI6G8T7c+LwLWl0KxVl4bPv8B1w6l2h+DbwYbki hQIMA0av/duuklWYAQ//XP1HnmkjG/wdSC2lQm2XJkB5hMU+eJxglsPVaQpqTODr
s/u0EToWGFKNTcoio1Xwwhb8pVnUprLONKe1LHgDSsWhvZXBaq3OHxWJuGQ+T0lS dtVslBr/4nvCLypWhwYCG4jSz9YHU1sI9kDOsuo7PtwCrhfefeOL6CO+O40ECFMR
1nEOZt1aRp9ff4RA4BLS2LIB5+2lkVvQ2jWhgzzrEgC4FXI+d5XMhgXtPlO8Dgv7 CEMmPLrTXg3LV3TzulchXY6x72LRzJ/aJ1Ra/6sGmffL7JHJ7vHz+U63oXyYivdX
Dwp+zTkYyCRny3FzL/AhHCYkqxHuuH19u4j9taN5VidKp9a1EKvjYZW4+xPM0gek 9zsxP+iGRpQBK6wcA+Wg30rFV1ENE77H5Wh3PGRRXBSVE1fF6I3USgOxlQvGGnK8
9AR89EIzVeLGMSVUFToAfmZ2jFOfMj42pmbQg29Dr3iUVvOZ1sP+w6Jt/1j4FoNe cobLecH6V2TwSAptVcGk1gEmn6RUZdxATBnt0vE/Wr/zxZLuoRJgxmiwXuL5+kYW
iylriaZtSMLb6kjqN6xf0TnA6exa7hHuAlK3WbPv6JAYrGxs7+l9lGLJkgdXqkzt QjCvCgAAEyFJtDRycwPPpDtTCBECPV97Ryev0Z8PdrYHfjNcgNVgDwNH9L3TuIEY
oxyJTilv1+YJuXy4O2oW6hV8yymOfAKGHt/dkEnPX6UtddH+RDCo+HdWmXWy1Feo QL/f/+9PgNuUjf/7nktn1c5eAvmMyKJCiy9yKYZ1H9ynwN5Bxf+KJflVtTWbdJJo
skEfvwsbzKPCHInPGbo9Yq5NIgJgaisJlHVf5XHxuVVWdEgmpPZ1XxRvmk5B/9lu ITXP2RyU2ttM2WjAM87E0HJD3XZ9x9I8Se/f5eQbg2Om7E2HXYr/v2uWf2ByRn5y
gvr+kG4nN2ZxjBC8sZmHQrvuF93x3mXmHIyu/W2LV5era7Q7tUjaikBMba3a3Rpo PV232/rR/whf/vpiwChDsBT97ZfZJibU8Xot7WMkQhgjCJaYH0wzYcrnvg3EIAo6
OQw0auB1OBSmZOFWMa4ppWU3H5V1hOBoD6tygpJvRvuKxJIVGMg1XWBuLJuAhLF8 MBN1ufKNAp8BoXrM2P4yu+UOjrN8O+54Sxg7CSwg/a/ldDdjUnsGfbf3vzY1EJcY
Sdz9AtHR7zeHtNG+4/da/5iYFLi8e0j0H16TlKlW+BuN9kXfmuw1UC1cl+gRLPrS 2lhLZ8sOQyl+Ppe095pcTLvcYp2FOihf6d3i7GGG6Q9Uh2Ljs7EB02GDKP1XozjS
XAEXT6KxURapNNTZTbM66rJNdP60J4u8LhvBD4RLQNGXYQe8Q6RrOdrVRCYO1cjx XgEsx/GScE/PE15VKlOHhrrF7OJj8P+uvlriVqk/MSWUVO2+X1yS09gXFtazLZBo
71Sydx+N+XLbNHfgi1AnaVXmWmZ5PRsAxt4xXPWZb0lV8heh8T1FBKeQM35p yqK2yWAOsjFnrMv4A8YHM7COkKvJ9BGdefsoGQu1O838/T7R9+e1OK9iDhfbcMM=
=Ur6q =vMG8
-----END PGP MESSAGE----- -----END PGP MESSAGE-----
fp: F7D37890228A907440E1FD4846B9228E814A2AAC fp: F7D37890228A907440E1FD4846B9228E814A2AAC
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.10.2 version: 3.9.4

109
secrets/bicep/matrix.yaml
View File

@@ -9,92 +9,91 @@ mjolnir:
discord: discord:
as_token: ENC[AES256_GCM,data:cnPZjBbODZUA1p0kLNeWpKh1oGkDPxDw/g7163XnoRCIgpqk,iv:Uu4L36uDPMBgzdXE2Lt9U0qrBSl3Xuufh1313BD8B/U=,tag:nTm6s7IGd4vNzZ95mfxDpA==,type:str] as_token: ENC[AES256_GCM,data:cnPZjBbODZUA1p0kLNeWpKh1oGkDPxDw/g7163XnoRCIgpqk,iv:Uu4L36uDPMBgzdXE2Lt9U0qrBSl3Xuufh1313BD8B/U=,tag:nTm6s7IGd4vNzZ95mfxDpA==,type:str]
hs_token: ENC[AES256_GCM,data:UzcaNsJtJPKvFT4gQDNfat0nmyJzmQ6OcSI73pANibzOVrWl,iv:ujgRM2jb1rbeloPB4UPLBEvQ7uue4a+bHiqsZAHIqtk=,tag:uIfuaTWSTeVvpQx5o28HPA==,type:str] hs_token: ENC[AES256_GCM,data:UzcaNsJtJPKvFT4gQDNfat0nmyJzmQ6OcSI73pANibzOVrWl,iv:ujgRM2jb1rbeloPB4UPLBEvQ7uue4a+bHiqsZAHIqtk=,tag:uIfuaTWSTeVvpQx5o28HPA==,type:str]
ooye:
hs_token: ENC[AES256_GCM,data:QBrdRt4ozAh2XYJtssm82uHlk9aGO1Nr0fEZetmWfLvmw52FZEq8ijyKOgwS6uTcndMi4gGKkq9r4eapLwcMdQ==,iv:VHOAqxR1WGzZ9dmNx+FmjGAKRpUFjWOwyOVmgDswpE0=,tag:k5it/yx7pOfGbJXZUlV69Q==,type:str]
as_token: ENC[AES256_GCM,data:RMkY0xVj14FwDbYaAysSmzB0IlJuk0ucicNhhTmVAEgiU05PxWG+qk3/elFcaFwaXRFgQQtVyGFZEcK5gpE9hA==,iv:8JgNrTe7GQqPMdUCxEaxJ9qV7Uec2fkYBmF9LmH4X3o=,tag:tRnFpRAZs9kO3u2SDMwNnA==,type:str]
discord_token: ENC[AES256_GCM,data:6rzv3glW03jcYiJ7sAvDcvDmQHs9iVbV11tIFwgD3GuTkVn6mbAoQhjUaz3zpb/OeoGt+j/pCBRlZgk=,iv:JwkqLpeGYhgwLX7SACNh0AUO53XSx9IKgncI0+KkvyU=,tag:30C0X9nVSlEYPITVzuN0qA==,type:str]
discord_client_secret: ENC[AES256_GCM,data:wbM7bPZCWa2+UNUqXi27fP0ppdinRkEC4N9KB68TJzg=,iv:Y2j+8oI+kI7DMrBfFU3G5HtFWguNxDpxbNvJkpK5lQs=,tag:GntocbTCybCVqZ2T3lNSIQ==,type:str]
hookshot: hookshot:
as_token: ENC[AES256_GCM,data:L4vEw5r4RhcgritOeDTLHN5E/dM=,iv:pC8BLzxf6NaVAGsotoq6chOceBVdMLvrsQn1LGw9H9w=,tag:SI3CDFHAvgQZEvf/oms3EA==,type:str] as_token: ENC[AES256_GCM,data:L4vEw5r4RhcgritOeDTLHN5E/dM=,iv:pC8BLzxf6NaVAGsotoq6chOceBVdMLvrsQn1LGw9H9w=,tag:SI3CDFHAvgQZEvf/oms3EA==,type:str]
hs_token: ENC[AES256_GCM,data:2ufSJfYzzAB5IO+edwKSra5d/+M=,iv:cmTycGzNL+IeRRKZGbkhTtiksYTtbxED0k0B5haFw7k=,tag:FmWe5sGi9rlapUeAE6lKvg==,type:str] hs_token: ENC[AES256_GCM,data:2ufSJfYzzAB5IO+edwKSra5d/+M=,iv:cmTycGzNL+IeRRKZGbkhTtiksYTtbxED0k0B5haFw7k=,tag:FmWe5sGi9rlapUeAE6lKvg==,type:str]
sops: sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age: age:
- recipient: age19nk55kcs7s0358jpkn75xnr57dfq6fq3p43nartvsprx0su22v7qcgcjdx - recipient: age1sl43gc9cw939z5tgha2lpwf0xxxgcnlw7w4xem4sqgmt2pt264vq0dmwx2
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBPL2Z6RVEyWnBPSXZXZFNn YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJcndkMFhyZzdCK0JDN2FZ
dTlKd2xPREVLVjIrcnB4MTRHNU9LQklodGo4CjNuZmwrV2hCSlBXbWMzQk56WStE ME4rTWo5dm9yVGFSQS92M0FpaW5WMGpzRm13CnZ3OEluNWNnMHJWaTBuZXc1dk9X
MW9uVk1ZOWtZb0dFQjZFS1VUZ2ZOd2cKLS0tIFkvU0s4L0h4TS9zemVLc1JyTVhB VXRDOHlXUmloYUVYT2pzT2llYU8rK2sKLS0tIENJVUgxUzFxTFg0S1BScm5tNU5x
WEU3d1ZsMVdyYXNFNVpyallMSk1QaG8KYtDGiTY2Cf5YmmAKgr2s0FNeZDRpUCUD M09CZ0Y3NTQzUVY2ZXA3cG9pYUx1SG8KkZXHZmB5yBh/zoMBMdMwlHyjIQE31EK7
vJEm+1XFJI4fkOytpOZt0ZywTDZZd6JkXD1V713Kvr+sDCvuT6HW2A== cwAfWYVLjk0CDM1JScTCy7RoQpbqNsMWFyUpu1p+1N0FE8IgefOU6w==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1ug30gg4y7ftuya0wdv7q0vh4egn00wlv2th7mt7cgc2ze46wmvyq9lq6ge - recipient: age17tagmpwqjk3mdy45rfesrfey6h863x8wfq38wh33tkrlrywxducs0k6tpq
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBoeTFLdGNER2lRZWlWT3RS YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBTekd4bHhLeVh3RkNsRjBu
RXQ5UmMyNm4wRklwRTUyK2RsVlRxMUU3RGdJCmtLa0VTNmFoSWRsc3Nhc0ZhQklJ V2h0azluRmJzalZGdy9MR2RENkY2WkpyakN3CkdFWHB3cUhQYkZlU2Q3d1ZtcUlr
MVV6M3pvQzdtVTR5Lyt4VmpjMkFhcGcKLS0tIDZzcnpDclZLM21MYjFlbkRKUi9P UTBzUU1lVFZZaHUrUENiWlFCYXErT3cKLS0tIEZUcVNRN1QwdnNPYnI0ejRyNDBJ
L1NFL3RQSlh5c0hjVXJ4RWZObUExaWsKyU9dDDimP60N7aF8wda4g+Uqw1Hcx13R QXJzMmFkdDh3SHJCSjlCQmVSKy9McU0Ki8UxAzALy7EPr6Nve8UGLmOCqstCcOfP
9kuemMqS1cj9HPRuEhCOINAHIqtnYGmHaow6UlEc/nuKrsV6Ibbvmw== OkTpjXFcTBJ9wMj1ZXCoH3KYqvJSu0gvB97phnkN9X8aXkf2DsOCfQ==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1mrnldl334l2nszuta6ywvewng0fswv2dz9l5g4qcwe3nj4yxf92qjskdx6 - recipient: age1mrnldl334l2nszuta6ywvewng0fswv2dz9l5g4qcwe3nj4yxf92qjskdx6
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpdFphcGt3V2I1UGdVcFJW YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwT05zbjVqY0NNQ2ozdEhx
RUt2cXNIaUlJbjE3bVRLcFlRalhZODM4ajNrCjdjSC92a0cweG0yWFVBR3BBOUsz MWFlMWpvMUorR2RnY1Nva3h3VHRjZTJiQlFjCjNtUzZxRlRlZkxGNncyQVExSVN4
OVloN1craG1PdGVnTFdXSllOVkpRb2sKLS0tIDI0UE1QMFpwUG9Xemp2TjJRWTRS UTJINkxHZU13aXpOdDhRNW56M3RXMUUKLS0tIHBqWHNIZ0dYTWNaclVDVk5sS3I5
UUFYczFnSExjZEJkQzhYc0M3ZFJOOVEKxqyXt/2CmKiuIBKdA24atjD8Ns84mV3C YlFkckxlcjROank3eXdtdWhMY2N2Sm8Khqzk4NUSeaPBYkMbHBhBkagFBQs7Z9MX
6i2H1P7+XCDTjT+MyaRV7TlOyGPv/AqcXnAgKxk0CNX5O3qoAXmjqg== HYLiY5pOdCkOteDSOGlqSdiKI7yVNsETjDXeXybLHk/RNaJbhvhqwg==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1hmpdk4h69wxpwqk9tkud39f66hprhehxtzhgw97r6dvr7v0mx5jscsuhkn - recipient: age1hmpdk4h69wxpwqk9tkud39f66hprhehxtzhgw97r6dvr7v0mx5jscsuhkn
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBXVTVyMy9mOGtnK01hRG02 YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQNUU3aE84RnpaR1pET1l1
TG56MSt6Mzk5Qm9jNE1uTVQ4bUh6M1ZJS3hJCkxlZ004TXJwZUxIYTQrRy9KaGdQ b2dDYjZmSVd3N05iMTloKzVTc3phOVVGYlRrCkpGMUZhL0Ywd1dEZm5TYStCNjlX
U0VHdHptVmIzazBMMmVjMmt1WXhlOFUKLS0tIGJpNHZxbEhFWENhdDNBS3JZbVBO ZUJnWU8yZ0htbHowMzNBekNRSDBjWVkKLS0tIDlXczh1VDNsdDYzTDMvK1U3TWxQ
WFdFdjNPNXRRdUFBZERjRVhLbWhYa1kKDULOz7tab3nP/o3W+2lYQVZy+5R1r5dg V2tXdk9BUG50c2ZCMVRoY0hxeFlkYkkK+XdRap/LtxzZ3q4ulPRb3LQyeeuO0mu8
V82DVkqygJwhjMD+UHV9KnkHSnaSfwQxF1pVKq1ZZN1l+mgNcISbjA== So+7G2acSDhcNqZtW4jsu/NzSNqcv1bwd4XcKe7xqVDVYRpN8LBb2Q==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1wrssr4z4g6vl3fd3qme5cewchmmhm0j2xe6wf2meu4r6ycn37anse98mfs - recipient: age1wrssr4z4g6vl3fd3qme5cewchmmhm0j2xe6wf2meu4r6ycn37anse98mfs
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBjaFl6VUtDN0JFeDB5ODUx YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBhMW8wMi9rdStMSkx5dlpL
Q3dEeUFlWWtCV3p3TWUyWHFMc0pTamo2Q1RNCllyR211ZmdTaTdRNzBDVXhqc2xi V250UlpET1k0NmZzaFpYRG15OG9NWVBKMGtnClFxeERxc1kvS1QxNTc0WFFQTDU4
Rk1Tc2thTGZLNW1hejJzdUpOOTBDUDAKLS0tIEFhb3BPQTcrMXhlenZpeExCNHNH UmNGaTluelF4NElXUWhHQ3ZnN2FYa1EKLS0tIEJHT1FZZEFwc3lxYWJFc083ZG92
OU9sN3hoTHIxWXUxRGFQekJDaVB2S1UK20kKBwClp4zSlgMShCC5l9EmhbTZ4jwT TllFaWFqOXZhVldlcVJwQ09TSGRFMzQK+smZIE1hYx8urWrAqqAb9zId6ZblQesr
m82tXz1tCuYqJeyklyHW5vol4jE5To2AL3im7WyepD9C5pgA1xNiZA== pc7lDe5AAumIh8t8tzFwl72XtSMrStDqaneibbRjr0N39L0xN/nhTw==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1zhxul786an743u0fascv4wtc5xduu7qfy803lfs539yzhgmlq5ds2lznt5 - recipient: age1zhxul786an743u0fascv4wtc5xduu7qfy803lfs539yzhgmlq5ds2lznt5
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBRQjFGZVdKTGRXdHBtMjY4 YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBnZ2gvZXFXNmdod1IxWm1o
Yi83alRTNnpZTnl1c1R2ajJYRXYrRnZUYUY0CkE5THJVSXYwT0lHTGZvMGFCcnY2 djN2Sm1iVkpHYTJ4LzdLWVI3dGJIZTdQK0VrCjJqVnA5NFlXVGFFUDhXdE9GZmRJ
YTJhS3ZyY1ZqNTZmL0ZnZHRUNmhmWmcKLS0tIC9nc0xIMmIzSGl3aG9kaEM1Kzlo K3ZNTnVDZ2w2NjZEemRNUnVoaXJhN28KLS0tIFVxa0NBNlVVNlBDZ1pxSWRZNFY5
aENqOUhnSjZpNi93SDBaRy96MWhjblUKqvy6v1CdL1pqOt3N1gEPCT01ypwd/SG5 WEh5NFN6SFF1TlltdWFWTGw4MHRHUkUKrKIvC87xjEmwxPQhH8dN+ZuaJTCgPY28
dVaVKV2nEWoAS0/+mho0KmdHQNJi1Qejhk5RSkoaZRd/jSC8sR8hdA== pR62KxmoKFICLTHPpYP3euiAx5M9BWvgvCnA/US/5klpk8MtlreNFA==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2025-06-21T21:23:24Z" lastmodified: "2024-10-13T23:30:01Z"
mac: ENC[AES256_GCM,data:bEJoCzxph/MOnTOJKdrRiQmbVWmAgsKy8vbD5YBeWagWUCJPDAZNDFLzEzmPvt0jDBol04JosrSIKZS1JzJIIm0zRkcOWSqERQCgjgtGdAYmfp0V6ddseDUVfKlZYJDkt6Bdkqg+9LzrP8dDVm2tMDXpo8vzs02o9dTYFm7imVQ=,iv:buP/297JMfvEm9+IdMWRGV7AgZwF0+G6Z2YIeYw/z1o=,tag:+zG612MJA4Ui8CZBgxM+AQ==,type:str] mac: ENC[AES256_GCM,data:vdsAZmg7gPqzeucBhLhPemtRVkcxRecIdB6PXZ4paU+Uv5UorBKcTZ3jseN2cLi6ot3ycTIm+UI6uhlCy87vAJVynVJhuJS+ICFRS2+DfoVyuttLjZQGC2sr3+dEBHxIH7sZJSo9PIzbIWw3qHrpOPAZj0//1pFyp/k15k3vidM=,iv:jWtV+WAPt08lgdrVvtXOl35rDB4QflkZWuGBW1+ESyw=,tag:YxSHncZZOAW5uDxXtb/krw==,type:str]
pgp: pgp:
- created_at: "2025-12-02T00:51:22Z" - created_at: "2024-08-04T00:03:46Z"
enc: |- enc: |-
-----BEGIN PGP MESSAGE----- -----BEGIN PGP MESSAGE-----
hQIMA0av/duuklWYAQ//ScZ/w12TKrcPdjlPMgE25vVMG3oH5ozWfVdnzSpDJF/O hQIMA0av/duuklWYAQ//TtjTsxf5xHnu4g5Y22qvyMud17MN4j4hCoLXjRSbzG8K
ELT0FRqoDOQfW+XCi6os3ovWQUqDSxuflLdLUkWJFC801LV9gn63loCZlwvMga5C /E+0Gs08P3QqV6DddmLvxeAcnLBTAdE4XCMFsRX9eK0BLqPe++yoamOpoPe896zm
TWcw1ZwGw+El4I8GklzHc5t+vcWvfICjBj9c0s6b+NlmPhRDt9k9cCtvX2QTHbTm BW2BXn/oemGdOFVOf43LRuMEYn32pjg4RNzR4bn3om2TY3S0nr7GP5J9B1QrSPfH
9tO9371o3CuEwzPCBou1WvAvhQHH61j6KmWo+gfaGv2MjF+spB2CDhKGlQZAfaPy AFdR78MwX7PrOkkh4jSLPftjAI8jUtvS/TzX8AXnzy1A8xSkWxww00GMvTvSSAwZ
Q5SspigrBwv6JhqqqrBMT364OI/mNUfm+y8yX+EdQ/4ZIDmA9JCLmDmA1GMaXBqS wxU6fePkLwuxVwZVqI5pdsjAscwy7FE7NWDgE9GMIxxwAJRRwJcsJ+eVM6ykWMyq
XjANHb0rGStNuQKhluUmqYEguzicDWpHDaoFXiJ4C3x9NF2u56cb8IauJ5rBqdC1 Xqo24kWkAqgs7vbxU55gOqPVHN50M22fQ4+RYaLnLyj6BO+0WegW1OmK88q0flaA
xyeCc1Ja8dUIHQkTwEvIOXfyxtDrVT2B8gM1AYHHTxNjRgJTXIVBUo826ccN4Uyb QADZHLGrsuiVgc4KxHskwQou1RuHZnPUSqn+Nhnsp8rtAfboHS28v7ekRNTmhTWG
GdprWu7Dy0RjC8v2IyVvQiDGzekE4l5ddSgz1N9HIAfbo+j/6vCMTycdsp2FRJ9O qPVPlOlVnY0AemohDjBnk3o4rCxJhviL9KTjmAtIGTK03Fqzk2v23H3+LRo/rocm
1CHzgcQfBRnIgOkgSfxh+b7eKKkL11x4SbT36f9zWL+wSSCtO6p66BxK5kJgQO0X gQCXzN6Igdwn7n9x8wXmuO6iL9Jftu4MoaQ0W55hZiBfh8pG76TGdNhycZr2T40w
ACWE1gqKdJJlgw3QcBZwCxFT/cIGjfqRE9Rwyi26NvHyd4EnH/BU6xcKtZ3cZkIl MBnRX3ydwH2T+y2pGM9tJY+nlgGsyTiOw01SN7/mio3YdCSvChXTkV3PaX28u+CJ
D599+UTygoyWz7l2s6h0O2t5KFNP0DarcRHlv6BPJ4KuNwq0+nGa1E54kDHeqfzS 5TaYLM2IP8W5DJU3r3dV3I3JYED1O5Arq7Xrv5Z4qr8vwamnCN6SZGe2qCqxTOrS
XgEg7wqYz9QXtiHHofPEgVOo2MD6FTYNTBQ3Fj91CW65ME0hBfzsliqoLq9B2mvZ XgEHGwiK1pFQIBxkI0gFmGX0ckd1NYUfsUCyYrFkcAsicWetBhdlgMjLc86bVHwQ
3t7SL3uR1vngmtFaXxCyERcsAnAQz1ClSK9Ee5vzAWLazC58xvctwam1eXKkuew= 7p4iGLGsr7GZEArBnP0J5Ee+Hr9MCiW/OCLY4M4jlTsyimlsdgDgyr+RqoOnvig=
=G9kW =SRZU
-----END PGP MESSAGE----- -----END PGP MESSAGE-----
fp: F7D37890228A907440E1FD4846B9228E814A2AAC fp: F7D37890228A907440E1FD4846B9228E814A2AAC
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.10.2 version: 3.8.1

96
secrets/ildkule/ildkule.yaml
View File

@@ -8,82 +8,86 @@ keys:
postgres_exporter_env: ENC[AES256_GCM,data:8MEoikoA6tFNm9qZbk0DFWANd7nRs5QSqrsGLoLKPIc1xykJaXTlyP5v8ywVGR8j7bfPs4p6QfpUIWK8CCnfQ1QhsFPXUMksl8p+K+xuMakYZr9OoWigGqvOHpFb9blfBN1FBdRrk38REXWAMUn74KSRI9v+0i5lpC4=,iv:anpjWVUadKfSAm9XbkeAKu+jAk+LxcpVYQ+gUe5szYw=,tag:4tzb/8B/e1uVoqTsQGlcKA==,type:str] postgres_exporter_env: ENC[AES256_GCM,data:8MEoikoA6tFNm9qZbk0DFWANd7nRs5QSqrsGLoLKPIc1xykJaXTlyP5v8ywVGR8j7bfPs4p6QfpUIWK8CCnfQ1QhsFPXUMksl8p+K+xuMakYZr9OoWigGqvOHpFb9blfBN1FBdRrk38REXWAMUn74KSRI9v+0i5lpC4=,iv:anpjWVUadKfSAm9XbkeAKu+jAk+LxcpVYQ+gUe5szYw=,tag:4tzb/8B/e1uVoqTsQGlcKA==,type:str]
postgres_exporter_knakelibrak_env: ENC[AES256_GCM,data:xjC7DGXrW2GIJq8XioIZb+jSe/Hzcz0tv9cUHmX/n1nhI+D64lYt+EKnq1+RX/vJzU4sTaKjveKBh88Qqnv6RQm+MZC//dIxcvnnAdl50qnHZyBCaFFEzSNI8I8vGyArMk8Ja72clBq3kMpUz/pLBP0qDrjblKDoWkU=,iv:ZW98hJy8A5t4Oxtu17R3tM7gou183VLbgBsHA8LFuJY=,tag:VMOvQz3X/XDylV1YFg2Jsg==,type:str] postgres_exporter_knakelibrak_env: ENC[AES256_GCM,data:xjC7DGXrW2GIJq8XioIZb+jSe/Hzcz0tv9cUHmX/n1nhI+D64lYt+EKnq1+RX/vJzU4sTaKjveKBh88Qqnv6RQm+MZC//dIxcvnnAdl50qnHZyBCaFFEzSNI8I8vGyArMk8Ja72clBq3kMpUz/pLBP0qDrjblKDoWkU=,iv:ZW98hJy8A5t4Oxtu17R3tM7gou183VLbgBsHA8LFuJY=,tag:VMOvQz3X/XDylV1YFg2Jsg==,type:str]
sops: sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age: age:
- recipient: age1x28hmzvuv6f2n66c0jtqcca3h9rput8d7j5uek6jcpx8n9egd52sqpejq0 - recipient: age1x28hmzvuv6f2n66c0jtqcca3h9rput8d7j5uek6jcpx8n9egd52sqpejq0
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBTVFo0QzdTbnE3QUN3NGwz YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNbW1FZmt2ZDRZcWs4SEkr
VlYwYkVMd1ZWMlVZcm10cGtDVTdFZGxBdGd3ClArQWRxZ0V5RWY1dXF5MUorTS9P R3ZDaUgyVlVvRHNNRTZCS2pxQThsT0NmYkFJCkk1Y1NpT1RSTFp1MWJ4aVNrelVx
RjhMaXFKaThud3ROcTYrTmt1aUZkSjgKLS0tIGZZczNJVFMrNlBRKzN0dE9rZUsv blYvS0l3ZHczaVcvZDE3U0k4ejVtZmsKLS0tIC84WEE0WERiTCtKNTN0NmZUbDhV
bkx4ZVg4OXFUWUhPcTRmRERSQmZDUlUK4jdVIeagp0RJ0511jqT8GL9Y2gezzWD6 c1QwV1l5b1ZQNitFRnFhQmIzSWNZd2MKokg6XMIFfjxB6sO8EBjBc7E7Ur3zBw1o
hIYAXFePO/CkN/RA7DF0Y72fawmRWdPjipaFOMMZcKn7FClsZzqVtw== akXuA4I1Xw2H1W8B6HkVSDp4BpBEe8xi0z8TUmzkA9/IBoypG5EJKA==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1ug30gg4y7ftuya0wdv7q0vh4egn00wlv2th7mt7cgc2ze46wmvyq9lq6ge - recipient: age17tagmpwqjk3mdy45rfesrfey6h863x8wfq38wh33tkrlrywxducs0k6tpq
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBWcnBRdEJodU8wbGZlV01t YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrQzVtTFRFTnNNQTFXL2dF
VDBPOXRJY2NtK1l0UTZhSHFDQk1JWHVtcWlBCnBEeWRkZnUvbnZMV0hNbjkrNkZD UC84d1o5Z0p2by80QW9Sck8zVHJvMjdjd25nCitBRWtzVVdTUU85RzFpN1FmOVQ1
MjFwaUFyVjlkN3o4SHMxMlFpcnpEZlEKLS0tIFFxN0doOExOak5kUFhyZWVtWWRk SlNESXBKc1BUdTRaWk5nSENvUXdraWMKLS0tIDlkUFZRVUV2Qi9iSUpFRmN1Tm5S
QlEyZUlveXVvZ2d3M1dqSkVlV0s2djgK4QAE3eKNYKN12CBteu897jQ8+4sbxBAM dW9lTkxsNXBBN0wwZ0NFbThRdzlvOU0KbLzteBt0VTr825sfKLNs3i3FT0/dgn2z
wC/mzVvdlf2WXIF6m+R1ugDyQdWZeWZiGcZMX+BwwqE7Qu2egUdxqg== kOpJQf7KZKEVBkInUOkPmobtw6oM9vfWha035tTJPYjWy+Lp939tBw==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1mrnldl334l2nszuta6ywvewng0fswv2dz9l5g4qcwe3nj4yxf92qjskdx6 - recipient: age1mrnldl334l2nszuta6ywvewng0fswv2dz9l5g4qcwe3nj4yxf92qjskdx6
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB4ZHNYRldRR3N2eVR0TFhO YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBCR25sQzNkMHhETzY5cXRm
bi83WnNRT2lRUUVUSDhhQXg5U2RmQTN6RW0wCkswRlgycCs2RWxVQUVTcWcreTVp Y3QzYXZOemFTTmN3aTVpODlQclB1Y0JRNlRRCi9wQWVGUVFYd3ppMUVMdUVQNnBC
R1JScWViT1FXUGhVYW1KNTZ6eFdaeEEKLS0tIFpyeCtmRDZtOWY0OEZRZk4vVUhh bVVRVHlsTWIzMitqNlQxN2NKcWl3a28KLS0tIEJrNk44TEN0ZzJ5L0JaKzFZaE9M
VnlnZFFDOHNKejBQNEUvUG5xTkphOW8KXskAnKTfKQmQOhgcmGsIA3XXfWfubBeA MmxPN3RUT0hDRW9MSm92LzZJY1lCZlUKM+r/35me5K74KkidKLUTZxqMqR++izHK
QQQ3YSlLKPd9czV13SpSo9IDr/jWCUHF5SblpOD4t/ZFZR4ajV/VQQ== 69gXZEHY+ZSvJ+9IBzcIxcFdSFyVUAN7wobBWZGDxmGJRClS/8jcHw==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1hmpdk4h69wxpwqk9tkud39f66hprhehxtzhgw97r6dvr7v0mx5jscsuhkn - recipient: age1hmpdk4h69wxpwqk9tkud39f66hprhehxtzhgw97r6dvr7v0mx5jscsuhkn
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBEQTdHaXRLTFROWVE3dVR5 YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBXbzZHMHVqVkVrTVdiUmli
YlV4VGNsd0hCNjc1U3ZOZFVHRVB1cFF3QXdnCkExQTlqalJXVkp1Umt4SDZJME5q OVhhVTZhbVRVU3VKd1Jxa0Y5dlFReXQ0QmlZCkVtVEhCcVlHamozeDYrQlVvRjlZ
R2tmbmNaKzRISkRQN2MrQXY3OGdINU0KLS0tIEtjcDI5WlVPQmFVU1NzNWxZSHQw YUNXM3FML2ZLOW5PZ0tpZjlPc2lpdlkKLS0tIHVXZHoyRmlscSt2TlpLb2lDd3Bt
dE9kZW9OK3FPRHc3YUVobjlwZVpUNDgKeIL32Sbecv/d0FFX+FKYxQqyyiipZbW4 bmJJS3JPWlVMd0FRaExUZEZMdXk5N0kKY6qYVva2aOkvo1huKH50gkT1iQAUhZCB
GxOVsjUaZsifGsCdT9V2xNlXsuYmoc98azFqRHq9W1VbXP+sUuk9mg== ieUD1aQumHe1OYVeEWJCf2nYgApwq1tPjea5nqc4VzOogTbLVcKMFA==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1wrssr4z4g6vl3fd3qme5cewchmmhm0j2xe6wf2meu4r6ycn37anse98mfs - recipient: age1wrssr4z4g6vl3fd3qme5cewchmmhm0j2xe6wf2meu4r6ycn37anse98mfs
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB1Q3lUUS9wMGI5V1NiOWZZ YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrNWc0RVNQRzJkRTBKS2xD
dXppS0ZsL0VXODdsZTlnZW9OS1VjWGticHlzClZPNFBmWjA1dXFvMXlPekZoOEpr R3ArQ2lkc3F3QXN3bldZbkJMaFhoaDI4Mm1RClhuSmdRbWxlM1lxOURRWWVocC9X
NHJtSEIxNU1nb1VDcFdqd3BCWVFEYkUKLS0tIEEwczZSSS80U1MyaW5yTnFZWDFO dWFSOG5yN2x3Vm9CZ0pSN1BLTWk1ZmsKLS0tIHRpRmJmL3FmaTFpL0czV0tIOWhX
eVRpUDB1VjZkZTNVSFRRSFlqVUpBVUkK6X6Y0du2C6eslGR9O7r5Wg0P6GO/KBP7 NHZLaEx3dEozc21MR3ROWHRBQzR3T00KQQiQ4SxpyMTDZyGY7TZrdQEioZAB+BQ/
HQibU10/HhLOjdzj0LKQldHWDnDUzisUHQH2srRSzCg+RQ/FL+BmUg== u24WgbBdSP6VDvqmq2gG8BqZ3Aog2/7SQ0CVzrsimAoXi7YCWCTetA==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1zhxul786an743u0fascv4wtc5xduu7qfy803lfs539yzhgmlq5ds2lznt5 - recipient: age1zhxul786an743u0fascv4wtc5xduu7qfy803lfs539yzhgmlq5ds2lznt5
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAwUFZ1N01mQzZUOGdQemhM YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVcERwTTJmdlgvZjhWeTBP
VUYvSW53U3VpSnZIN2pHMlBlVzN2UFBiSzJZCkFUeGd2QTRud0tSWHZSSXVNT2dp eGJ0aG5RQ0xrRVBSMldEMEFpUHo0TnM1aFNzCkhReEZ2dWVGelNadjdITCthcTZn
Z2UrTFFZeTV0dTNUSW0wbkFHV2tqZ1EKLS0tIHJJWGZYeEdSS2hSemtnMmh2c0xt RzlQZmh0MzF5RmZGRW5UVXhYL3RHRFkKLS0tIEtrV1ZjQkovZFlmcDM2OUNYaHZx
MkZJS1JJUGZBSkU2bWRONHVNK1ZjNTQKbwBOAnmCTTlILx4MVZjt4qg4yIENrrgv WDRSdDZRa1lIbEVTdDlhU1dwUXUzQTgK5iE4Cf/zjsPYHKcqYA0rFqY0TNcCnzNU
x3IogdZAHt5TNBM6TzFT7eEpvmS1WWMveeetT9jFb/rlTVroturzqQ== vTM+cEPaA+/FXTwLfPpaiSkg5Fq8k2XdeMQsjQnglTBSWCwAJin27g==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2025-03-16T20:08:18Z" lastmodified: "2025-03-16T20:08:18Z"
mac: ENC[AES256_GCM,data:C2tpWppc13jKJq5d4nmAKQOaNWHm27TKwxAxm1fi2lejN1lqUaoz5bHfTBA7MfaWvuP5uZnfbtG32eeu48mnlWpo58XRUFFecAhb9JUpW9s5IR3/nbzLNkGU7H5C0oWPrxI4thd+bAVduIgBjjFyGj1pe6J9db3c0yUWRwNlwGU=,iv:YpoQ4psiFYOWLGipxv1QvRvr034XFsyn2Bhyy39HmOo=,tag:ByiCWygFC/VokVTbdLoLgg==,type:str] mac: ENC[AES256_GCM,data:C2tpWppc13jKJq5d4nmAKQOaNWHm27TKwxAxm1fi2lejN1lqUaoz5bHfTBA7MfaWvuP5uZnfbtG32eeu48mnlWpo58XRUFFecAhb9JUpW9s5IR3/nbzLNkGU7H5C0oWPrxI4thd+bAVduIgBjjFyGj1pe6J9db3c0yUWRwNlwGU=,iv:YpoQ4psiFYOWLGipxv1QvRvr034XFsyn2Bhyy39HmOo=,tag:ByiCWygFC/VokVTbdLoLgg==,type:str]
pgp: pgp:
- created_at: "2025-12-01T10:58:21Z" - created_at: "2024-08-04T00:03:54Z"
enc: |- enc: |-
-----BEGIN PGP MESSAGE----- -----BEGIN PGP MESSAGE-----
hQIMA0av/duuklWYAQ//fm0H3oXbEcd0f5QwmAggrRzyy49KMXXpZVFm3xa9K2AX hQIMA0av/duuklWYARAAs0o2EHlphoU4JcO5fhmplhmHQp7GXjaUc5zakGACrl0w
W9+GJb9YDiCQ2shiKYas1QNcwxF8EQKWqDGGP5vHpUNb3el89sfE54qnz+MGcAiS 0NVVLXf3hlb3saPgbRkf+ugVXd5dRDYfa3vbIDKpQwHVLSNVrVb7M8eIc0RXM41q
eVqggFbtHlDFG6iYt4Rgng4CmVnPv+CKdFuRs0WWO4ouNbG8NKIuqXuDrGw7yxBE MqpueXLo6YfxbgOvsfNlgCvDFgMoBMVv/rWz0QGTj8VCvD5AkxiLQJxZ8TnlKn0w
i4AvIynHHkrQ8Bu4KAgjhZOCTAd53TH6EFPa4qy1x9fe8Ki1QTJsBcNk4KXIT5ws NF6yQ7LCGgKVU8YHpKYjPmmDU/VegRYVe6wz4ackk0MZ5ITSFXF4qOG93Uj2SZfe
LUzbcCFths5JzpEdCLEViaFP7joSSlXBKQ7AtAXdznmmrX5JhoiBIEHusYY7Hjoe ocpPYZ9BrOnxzCYd9ZS1yUmMRLRC61l66oG1hGrBTN7fcmHZaycCdcvABWOB/fxJ
urzppufh38LF6KFCRAl7EltJPlenA6NhMlTg4jEEi2v6IjqcEGrj9kyAgBnS3uz8 940zMb5NYK6whToCWY++m3I6123k+/vLJe+3NoFc/wYdvpnxVqLZqijxYPZZkbRN
MtFovJ2IzENgsIWZxUxr9vbQQY5PYy9ZcJpEPBRVRDfP+tlNs+kA58AD5ZqLkZwM gCtRE67AFWny0VQ2k1CGzBGbRAxM2EtIfDlbNgMUNBNuGST4tgxApp5QEa1yecHC
NOZmQZyjRP0L+8HfCiWRBt3dSJGabO4jNIBydKU40/2bTOIY8MnnYR9pss3qIRzf mr3jDhR8UuFdIrq2sTz/uMUptTrsB3oaZmfuZ47pCVHtDNc2ri4U1gsI6oI03utO
TpePQd7PoGwcU446FV3py3yKecBUMEfb8uA0TYfp+7WMbJqetuQ+fGxCCNDDJKar u/q6nMHiJlf8HUwI59GemBaHTiMgzKl0REAoV3SpdfjWSDZiro42au6E20M1dgup
gMSEhFhduTSvQQPGjZemI89qZhO/0HCxyMMYpIPNYwiohqIGXFfFzCjz+CCt9xOj rQG8Gz33QnIHg5ezEHcTSeHk3SgMTbAqQy7/aD3pqI6wEgXqU2neDFZEkNu4FnzD
5eTg+MSV6R8njgbiOpYyrNJE1K9LpKtCZop6QWNtSusaoKOT1jCVQLhvFSNfOeTS ofnm1oAGnbOIH2+SFtd33hDe/2nuFBo3CYEyz/fezhbMwCwoA4Iwd7FBQW4ideXS
XAFdZOYFB/qtaxBF5Uu++jz2MkFZKbSkD+1niVgmusJV/dGwNUU+pvX6Ua1tH3mi XAGU2gt1hdPfgMQ55GeRI01C2dqiLQOpvTHy2uBl9ekPtSw2Ws27hVhdHvU7B5ZG
WAN4e6EtqtlL2BTIOAv6xPqMFYe7wQw5fdky8J8diGbBd1v77YXpibZoNWfd Jr388jC5d5dKGNv1I8nVNlfmPvb4hwGazrHdCYiQdwrpggajFtWD/LIgUcW2
=Z56A =aK5J
-----END PGP MESSAGE----- -----END PGP MESSAGE-----
fp: F7D37890228A907440E1FD4846B9228E814A2AAC fp: F7D37890228A907440E1FD4846B9228E814A2AAC
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted

96
secrets/jokum/jokum.yaml
View File

@@ -11,82 +11,86 @@ matrix:
registrations: registrations:
mx-puppet-discord: ENC[AES256_GCM,data:nvWSaZ4we8BD50Op/bZMrlMXGBwzvG3IXGPGJe2paCZ10tTm9v4+aYGYhILNhcQM095AD9KdEJ44TAyPxZ/c5iYLqb/LJzEpa5X2jKoiF6r7PjNFGevKQs7fzJk4Y9MxHwZ2KJT+uHjtXF8erJvFDs3S3WgmuAQW1U9b5fYQNc4ZF0tY+BsWU2ehqMejpx7w93TkcIiZY7Uoj4kPMEp8aI6v/7VPIjM9g7b+R5KGZ1/yIpiNCzZuT+x2mxCtqGfbOynWON8PaCIojp7sbLaRWhX2bd4GG2wP3T5MsgwjJzQSfyXjK1Dyxzr8fVmh0R2mJoZHTYNQLLwYncLwqXQEHr6tXNWPTwxPslW+BdLsp/8//m0F04vUf4Z0dbf22NSaPkH9GdRLB3zXh07VxqG+B7OvAjDULHUmA5uwgtZq9h0G73TWDJ8U75eAxrTdsgQgmIsyhpLljFW2QSnOPL/93ieovh5qRgXjgyqrljDOkB+fhC0gdQalPeBM8l5zPI8aaJsVp/l15rx4nUIrFka0g+v+SRhAIPtQAKA=,iv:3gzyGz7T9PK/J92X46YXYT98bpTnx1uPiiwXuls/kOA=,tag:Vm+zNmA53HIb2dP8FIgP6Q==,type:str] mx-puppet-discord: ENC[AES256_GCM,data:nvWSaZ4we8BD50Op/bZMrlMXGBwzvG3IXGPGJe2paCZ10tTm9v4+aYGYhILNhcQM095AD9KdEJ44TAyPxZ/c5iYLqb/LJzEpa5X2jKoiF6r7PjNFGevKQs7fzJk4Y9MxHwZ2KJT+uHjtXF8erJvFDs3S3WgmuAQW1U9b5fYQNc4ZF0tY+BsWU2ehqMejpx7w93TkcIiZY7Uoj4kPMEp8aI6v/7VPIjM9g7b+R5KGZ1/yIpiNCzZuT+x2mxCtqGfbOynWON8PaCIojp7sbLaRWhX2bd4GG2wP3T5MsgwjJzQSfyXjK1Dyxzr8fVmh0R2mJoZHTYNQLLwYncLwqXQEHr6tXNWPTwxPslW+BdLsp/8//m0F04vUf4Z0dbf22NSaPkH9GdRLB3zXh07VxqG+B7OvAjDULHUmA5uwgtZq9h0G73TWDJ8U75eAxrTdsgQgmIsyhpLljFW2QSnOPL/93ieovh5qRgXjgyqrljDOkB+fhC0gdQalPeBM8l5zPI8aaJsVp/l15rx4nUIrFka0g+v+SRhAIPtQAKA=,iv:3gzyGz7T9PK/J92X46YXYT98bpTnx1uPiiwXuls/kOA=,tag:Vm+zNmA53HIb2dP8FIgP6Q==,type:str]
sops: sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age: age:
- recipient: age1gp8ye4g2mmw3may5xg0zsy7mm04glfz3788mmdx9cvcsdxs9hg0s0cc9kt - recipient: age1gp8ye4g2mmw3may5xg0zsy7mm04glfz3788mmdx9cvcsdxs9hg0s0cc9kt
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBvKzl4b1VWTHQ2bGI4bXJl YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBmLzAzMzNCdGxSMVdiNUVK
SFNhY2xVNm9XdG56akFWZkR5NHliUnpFaTFJCkhRY2hONTVvRkZaN0JrM0lkZUVu SFlJeTEyRW5SenQrMnFGZEJ5TGJxNDIvSmhzCkdBUnYvNDVxZ1ZNSkYxanZQY3Iw
N3kxWVBWOUV2WHJMZ3Jsd24rOS9hc2cKLS0tIHFDWXBMcmppeHJBb3RLZ08rdVlE akhuK01haFVRTUlKcjloVU9QVmhldGMKLS0tIDZmMjk1WlNNYUFXN2pWQ0oxRjRv
R00zS0R1Q29QYUlTamI3MkhNNWpaZ2cKMTZ8G2ZVNsAKgZj8B857eH4yfw/fvwtJ bzFmcnJUaUJmU2pCZTRnRTZZZHVkQnMKrKLbYFE2+0rj5BUchhYtWghzbRJTFDaY
YmDTcA0w+uXI+qTtSLs/UPQ54KcW7zNvMUUSoyKrYSDul0SFUDk+Vw== +RQpJC+5gSinmUuP3nMGR2bv+gL9v/EOJKeVrC7/sZM9mQeXI36CUg==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1ug30gg4y7ftuya0wdv7q0vh4egn00wlv2th7mt7cgc2ze46wmvyq9lq6ge - recipient: age17tagmpwqjk3mdy45rfesrfey6h863x8wfq38wh33tkrlrywxducs0k6tpq
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA3U1hmbE0rWVYvenhwQUpQ YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtU0xjY0NEelJvaFJEdjl0
NFlKcFZtMWVWNGU3cVkvcVY1Mklyb0x6cHg0CkhGTHZPZEFCSnV1aFB0eG1ZOHNU YVVDYXFxbFg4d241ZjdRRjZVM1lJd0R3NldJCjJQRW9EOGMrcHRUNlRhNEJ3cWhS
UGJLY3BxOHF6V3NuWGZJUWkzcEVUc2cKLS0tIHhVY2xjaXZCdXR3VU92UUE4eWFF UWlycHYvaXA4TkxEVjZ1QThQUTlrcjAKLS0tIHNXWk1mQWJFcmU1Qmp4a3YrRngy
RHNtb1RlUmdpd0RibFlES0FDRjg3RFUKFBfH7eVw3j9wFWYjK3nwd5BuW9V4R29U LzZ3bU1nd0FLa0hNR25CY0hzNS9GZjQKRoRMDXESUtwRGDat2gJ9Fjqy/m6FThzk
sD/5X7wLRmfo0zCNkf50RnN3oxiP5Sj8zprQnaZMX95EGZXgqeWuWQ== k6byBSt605skrUd2YQZ+JF9cUs6p9y9Fm6t+HfK/kHQ7jchiS3ZLmQ==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1mrnldl334l2nszuta6ywvewng0fswv2dz9l5g4qcwe3nj4yxf92qjskdx6 - recipient: age1mrnldl334l2nszuta6ywvewng0fswv2dz9l5g4qcwe3nj4yxf92qjskdx6
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBXMGc0a2FyTU9MaThIUDlz YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBuSjFQb0I4eHlhL0NMN1ZF
VWJTOC9ZUktuejl6WFRtdlV5VEFIakZHeENvCkpFRDF4RDRQMnpjZTNCdkE1cWlO WldhZ2ZiTTZDMXM3aXgxeHUyZm43dmVVNlFvCnQzd0VYdVd1azB4dlJkdDd3bE0r
VExPNXdxcGk5RTVEUE5KcHY1U1M5VTAKLS0tIEIramZ4R2sycnFnS3AvMWZ2Q1RK VHlwMFZzaUhkVzhhanl4cWxGWUlDWFEKLS0tIFdWck9qVVRoTWZsK2RNYzF2WEhN
dGhDZnVraGlQQkFzdHBRUjEyWEJFMlkK0M3q1NqZdaC9E1hSUOwdTOUWdyvW1xPb eFpOY1UzWHpYb3p4eDNRU1VSdnJyZ0UKrF9vihQPmmv4nrDf+tPAssfZLNJbdK1L
E/9SHuRZ+YTzXiECIEx/4ZiQEEcCWOS/wLTQjYpzoozBrmrjGaKC3Q== N4IlFTUPchiPW1ss22bjtiooekHAuP4ygePYLKlKEi3w1SsKa9REGg==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1hmpdk4h69wxpwqk9tkud39f66hprhehxtzhgw97r6dvr7v0mx5jscsuhkn - recipient: age1hmpdk4h69wxpwqk9tkud39f66hprhehxtzhgw97r6dvr7v0mx5jscsuhkn
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJTXJkckNBWERIWUNXMERK YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBEZEhYTVRBWVJkYndjOEZq
UzRnL2FJaUlLTmxvYTBQTXlvSTRvbmhmajFJCnNCZjdxUXpVNDlwY1JDaDNCbWlH WlF1UCtJN3Uwb0FNdHJITTdiTXZVRWQyUFh3CkJOOHRHSHhXdW5uTEhVeTFHWWNi
ZWJFR1o2YkxLMlVNWStoYnFYL2pNcmsKLS0tIEEzM1ZIN3dBb2paeWcxa0hJSDN2 QTd1cW5YTkFJZTRaN2RaMnRKQi93T1UKLS0tIEwzSnVleWduTkRhMnduNVFEMjFL
a01lK3hSa3prWERxQ1Z6Q3A5OW42NnMKxfCqjDityZvhOoH1DG0JJuEvowlzFBVv NmVHOFd6eVhXdTQ3RE1adkhUaHB3TVEKPFmS1njkM6FPToIKML396vfM3T39co/v
WOofbRQ7HdB17OyZh3u5Kbd37D65bbse4HVUaL3NDbdfpUxsbZIUAg== mvyOUCq921mTIzlPfVpfpXd9pmiyMKi/spDS4xZ2nFLyHMhXMKW20A==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1wrssr4z4g6vl3fd3qme5cewchmmhm0j2xe6wf2meu4r6ycn37anse98mfs - recipient: age1wrssr4z4g6vl3fd3qme5cewchmmhm0j2xe6wf2meu4r6ycn37anse98mfs
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBkcExDUDNndXRLY2J5NnpD YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBXbDVRaU9pTkROV0VoNm5p
YTFnWndXYWZvRG1EdGZZekZXYUtBOXFVOVVvCmJJOEc2MVhqSDJPRTBVRU0xcElK VUhsenhxR1cyTFZVeDJZd1gvVUx6TXdQY3hzCnBwUDZmaE5FdFdVODZFN0lxbTdB
SzJYS092eXc2WWExVFFheUZnLzlHb3cKLS0tIHJPRUt0RnlzWGozM1NtTlNzbzVK dXRBVHpUak00RnZBRUpGeFRuajhZK2cKLS0tIGRaODBlM1FnRU5iV0RrWDlEMHUr
WUtwa3NvWDlsYmwyalYyL2FoNVBhaDgKiRmCO8OOU94uxnzUmGwnUjipDBVeF88x U3AybkRZV2EzVjE1QktEcjdwNG00dXcKnWaJwHyA4Q5RFgOWg3wbPwL4E8Mgijph
hF92Hj7+9yBaEi4O1Je0b3ShjHfEsg690ajQKkzojGDX/awkdlcF1Q== wCuujSzIUMGBqIBzr6ADbQ38lnUSKjGz8EQyrIa4/vILXzuJ/44SbQ==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1zhxul786an743u0fascv4wtc5xduu7qfy803lfs539yzhgmlq5ds2lznt5 - recipient: age1zhxul786an743u0fascv4wtc5xduu7qfy803lfs539yzhgmlq5ds2lznt5
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAyc1NLMmZzRUt5TWpyaXhH YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAyQ3RYV2tYVy9ubFQ2cTg3
c01CYTJsQUdBWmZ5eEVRWXduL2ZLQ1crTHgwCndRYzQ1ZU9ybmxlRlZtUVFnL21m L0xqNlcycHZiU2hlRGxmd05EZldMa0xMWENzCkhHdmR0dVRYMjZkdit0Mjc4dy9X
eDhYZy82RFJqb1Y4Q1pZMTRRRHpQa2sKLS0tIEk0enhSL0Jjcld0QXNCbjNKNjJm ZEtLY3hrbUZjaXpCdHBhVm9wZkJ0WlUKLS0tIHdsNHhNSEZVSHRuWE9tOXdoY3ZK
c241QUEvbE9iL2RPTFJCQ1dvVW9kVkEK3N7ojkIdpcN/ui1xw7IEzBKduk9aDKrt Ti9TOVhUWVdsVmw2U2ZvazVKajJSRTAKnAxtMLh5U4xL3UsLehdo2JMBRcX9Vy+X
KajZLOkcaJWsYZISxP8kmN3CGOBlOx77MxC/rV1yM+/Su0S0TxIC1A== oWlgVviORYtHaaU7Y9MFTmhV3OS+He38wX0l4NZOI0d8mZ/6uJ1JMA==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2023-02-13T00:12:03Z" lastmodified: "2023-02-13T00:12:03Z"
mac: ENC[AES256_GCM,data:FolV94dIwYSL5r1ZHTPdmqMKVTAhrnePG+5M4S1H/wBYbED3sr6oPPmmxwiwm5E4K0YR1+ou4yR/vGTV3lfRdxIGWhfAT0WW8WGTZVIlcJCEk5H7Rels6rkma12BCjZ1zOGjZZCcFTm+4NI2KNv+zTc29zry4539jkkxk+8Skog=,iv:KBxSFVaFI3S5J9xG2Lc7FINUI8TRKxPtrbP3f2wXkHo=,tag:TWAtix03ZnB71+O7cF8b4A==,type:str] mac: ENC[AES256_GCM,data:FolV94dIwYSL5r1ZHTPdmqMKVTAhrnePG+5M4S1H/wBYbED3sr6oPPmmxwiwm5E4K0YR1+ou4yR/vGTV3lfRdxIGWhfAT0WW8WGTZVIlcJCEk5H7Rels6rkma12BCjZ1zOGjZZCcFTm+4NI2KNv+zTc29zry4539jkkxk+8Skog=,iv:KBxSFVaFI3S5J9xG2Lc7FINUI8TRKxPtrbP3f2wXkHo=,tag:TWAtix03ZnB71+O7cF8b4A==,type:str]
pgp: pgp:
- created_at: "2025-12-01T10:58:23Z" - created_at: "2024-08-04T00:04:00Z"
enc: |- enc: |-
-----BEGIN PGP MESSAGE----- -----BEGIN PGP MESSAGE-----
hQIMA0av/duuklWYAQ//R733yCFFSYFZX2bORvyI/xgHjzxNxWPkVZagrWDvjthK hQIMA0av/duuklWYAQ//QIfxaAOVl0QStvZe6irI0GHS8+7EExn88dP1QdMnVijv
zJH6EiHZrivSRx6cXQIQ4SoR0LWHNidmIj188l8oB/Dh7jj42zd93+U99EeUhVNs W/IiVffs/Bb0t0hcNFY3SaU4ea+zOT5bdMOlQGA383hTYvwXXdI+uSFmn3hrysZS
qPN9C88/e/tEWs05HTSm4oUQpoSeDVBeZEd+du+eP+DJWypSi63fh5sqjPrPHXdq eY7394Z9c8jubEDXfJOHTt0mbpfzOglZjiCcQYnZlhkgOzilDXMCjVsjVvuAN0bz
apayt9XGSGBIhWsACb9d56VqCb1eNF/SOcOTLPHWvA074TxmvcbWH5CfiqQLcYGd MFN/DjC50fIdlaeWe7h7NgK3Mu9j39tUrgDCGn2YlCycxcpPz8+83Ge8bOnyskZs
r600nWol5qhmCqgiLFueUiYDikKVHi+MitatCM15yrnMi0ZLp3B32n3zPjbTUpAh P/04wfkOGSrwb1ingxHjZP9lR2NABdqOqSBzC+x7EQs6xNAmC4XayeTnASBDYp8B
0NHtXHhH4ihBqWxnVSTqAqWiqM+oMORhzVatq0PjUq20XayELsY8yn7YvtJMZLjD +H/3Hiv1nWtS//PQr/5+KHR1/iLaSNI2fUAUFimIwEQTU1vpMaV2tVmJtpmSQRAg
CstNQc6NqYxwjLpsuqZQHse5MnAgXapp5ogKLpjxRX9ZKWo5QD1VDB4wELG16sdv MpwljVoCSWvhmU4oZU8ObTjcMy58YfWHIOcIN2HHgWBVdITve3sca6J1VHs0rWFm
h/ZvS7nh0mMWRRyXAe5OL8vTJIeiQBday5aVgqk58OrdhzVtqp3isIKRb5W92W4z 4tqPElsfa59WPy3HKLGg8pPahoBlj4X1PGJVHxXBMJsPnbX0gg6V7ajQaVdOsJAF
53Cw23prLhZnVssMLQiKUVFTIu2f1d907Kj+sH5AUybkbt93T7m/NCaEpDyxPPur LMgAel7eNq0KBzk/rrVRoV5ii2lipUtKmb+FKTXKvSnwgqhVNkRppsl9BqgeXvTR
QDOT1KFFVTQIBHLyqg8pASJyJMiuSuQ3cbFkTDWrOWpKEDfpxo9Vy64dEKNCeWMb P7AsKnNgQBydz9vDTkDOuspyTluDmhXkwNQyhjH0enPAyeQWN2qs/A8qgmfdTXff
XhVHWMIJXmLXalPePDaCEYCkR8usWZpQsRei2DHaRbXt1dcOjWuLOZeHNizy7CbS TzvlfOEy/6r4zl7V+L+qcw0pYrzi5K2CtemN8TlGhRvAYgiURY/78kD6EGrjMLLS
XAGkGgNySuI5IFbVBfKG0OaYXu6PM4Kbh8XBnxxREaSH+EiEe11ig6CImV2pbcbU XAHBQn0q8dYgKf2uA0JcfNehgpI5fr3gZxQFKhnuXkXRa5h9hMn1mzdhtO4VyN1e
pfHSdTioB03UnQvgVSP2M2DgMr3dkJnqXKrzRO80kVBd9uwR4I/1TUzsk0K+ d8eL57iFeApC9SAmAGMOz0DBbskD470qnYObUliViWQpcj2VR6W4BwZG28QX
=4Nje =iviy
-----END PGP MESSAGE----- -----END PGP MESSAGE-----
fp: F7D37890228A907440E1FD4846B9228E814A2AAC fp: F7D37890228A907440E1FD4846B9228E814A2AAC
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted

105
secrets/kommode/kommode.yaml
View File

@@ -8,87 +8,88 @@ gitea:
gpg-signing-key: ENC[AES256_GCM,data:AyafTF3H8p1qDk9xsNvT68BksoKGLwE2uE3hjz0TrT2XPxCRDOIlfAVYEPSu2Ih6l5a2uruEJhHPtU2fPCB2hln3Bv3gZfFGLb3GFWkSvdePIYFxG56uqGK5dE1KaMccc2cTi+raDImKqSTbp7Qpdo/c6C0WYVglYrD+2l8Y4QOiFuazyLY9zwcX0qG7pIjJ+akCUjfE4rJDAW6H/v+OqvHpcED3q4iXOYuw9sj/UeIgZfJ5Xc/uVrRmPewP4yALnA8o9gsaaLdjWRFIILe7VRwPr0YqwQ6XGgc+pEartkV8AzxjCq6DOtifOOzmu8EI1U1yoaOViYCAMbSHfP6SIKr7pJbrdU+YDBq9mvRx8KPXWUU2uNGrMObATEzlqMYAYA/HJeOdV4w3Axvq8RG2FLkJxJJniwNP5VZRF3bbbI3w+hprRP2yAwgeQw19KBU8yF8upKga/GdMNScpKJvRyVLjZtI0rsfvSC81lHawouuje6aPXT3dH1S5ROJBHMTeV0sP0vK6liBevz9RZpvNs6JVyNCgiRRtRSSYqsgwPJonDKuPeI/Zpgih7HboA8HqhIibqpO96h5/4yO69oJAbLUYV3zlKQcMDTaqadL4Ox5Z+8ygSAL3l1ufZIFGSj73SNHGQqQlIS/a3dAccRi5fPqv0gOmGFAAUJPKfeauFn3TclwojKzu5vwmQxZ5g50txEpTSTaYOy++qq6UZa/dXEyDC7fle75dXhqXyqMCf9kDwZZl5E9eBsabNdTF+auQCp82iLQivdBy7uJX2hkJFSg84fF9MLgH4mOcMQc2E/z961uNzEgoyvVhbDY6+SIJ+6SGmnardbFW7mYrj/QqnSUiMc4tHukAB4NGQYHgjOYRZMpHfVO/6dLbjmTOljnPsnfQUCepvb9rGim8NazvnARaVzezx4t3tfbNR8uLQudSeLZzn/Fu1mKSQvpP+IjdglmyAgp6QhB4OCDPbiaMRDUtOQIzlVILdz1/geUVzhZkJ4xzkm5klGukhtv+3TqjiTcEnoVJC+A1jRvxBQUfEE92GFuupJUfrw8bIDqsWQLkHPCNUMgdoKa/q2OkrWeQz2zm2yUqMAJn1/puoLHdSH5aCELUggx1gQZoc480pSBUvSCML+Qc4B4Cd6hX2PPp+/KQeKtfqHIsKz2I+DMT6KDirReX6WHxqk+s2DtLw7Wx/j65PWCIWLCz,iv:c9BDRxQImWTmwq11+T2CW0S00Dixd8d0od5xn5zZmY8=,tag:brnMedsdTwlkbaHaLa2w2g==,type:str] gpg-signing-key: ENC[AES256_GCM,data:AyafTF3H8p1qDk9xsNvT68BksoKGLwE2uE3hjz0TrT2XPxCRDOIlfAVYEPSu2Ih6l5a2uruEJhHPtU2fPCB2hln3Bv3gZfFGLb3GFWkSvdePIYFxG56uqGK5dE1KaMccc2cTi+raDImKqSTbp7Qpdo/c6C0WYVglYrD+2l8Y4QOiFuazyLY9zwcX0qG7pIjJ+akCUjfE4rJDAW6H/v+OqvHpcED3q4iXOYuw9sj/UeIgZfJ5Xc/uVrRmPewP4yALnA8o9gsaaLdjWRFIILe7VRwPr0YqwQ6XGgc+pEartkV8AzxjCq6DOtifOOzmu8EI1U1yoaOViYCAMbSHfP6SIKr7pJbrdU+YDBq9mvRx8KPXWUU2uNGrMObATEzlqMYAYA/HJeOdV4w3Axvq8RG2FLkJxJJniwNP5VZRF3bbbI3w+hprRP2yAwgeQw19KBU8yF8upKga/GdMNScpKJvRyVLjZtI0rsfvSC81lHawouuje6aPXT3dH1S5ROJBHMTeV0sP0vK6liBevz9RZpvNs6JVyNCgiRRtRSSYqsgwPJonDKuPeI/Zpgih7HboA8HqhIibqpO96h5/4yO69oJAbLUYV3zlKQcMDTaqadL4Ox5Z+8ygSAL3l1ufZIFGSj73SNHGQqQlIS/a3dAccRi5fPqv0gOmGFAAUJPKfeauFn3TclwojKzu5vwmQxZ5g50txEpTSTaYOy++qq6UZa/dXEyDC7fle75dXhqXyqMCf9kDwZZl5E9eBsabNdTF+auQCp82iLQivdBy7uJX2hkJFSg84fF9MLgH4mOcMQc2E/z961uNzEgoyvVhbDY6+SIJ+6SGmnardbFW7mYrj/QqnSUiMc4tHukAB4NGQYHgjOYRZMpHfVO/6dLbjmTOljnPsnfQUCepvb9rGim8NazvnARaVzezx4t3tfbNR8uLQudSeLZzn/Fu1mKSQvpP+IjdglmyAgp6QhB4OCDPbiaMRDUtOQIzlVILdz1/geUVzhZkJ4xzkm5klGukhtv+3TqjiTcEnoVJC+A1jRvxBQUfEE92GFuupJUfrw8bIDqsWQLkHPCNUMgdoKa/q2OkrWeQz2zm2yUqMAJn1/puoLHdSH5aCELUggx1gQZoc480pSBUvSCML+Qc4B4Cd6hX2PPp+/KQeKtfqHIsKz2I+DMT6KDirReX6WHxqk+s2DtLw7Wx/j65PWCIWLCz,iv:c9BDRxQImWTmwq11+T2CW0S00Dixd8d0od5xn5zZmY8=,tag:brnMedsdTwlkbaHaLa2w2g==,type:str]
ssh-known-hosts: ENC[AES256_GCM,data:P6hKaCpcZdXIy4rE/1b1+66Md/3Kmviileb0OIT3Vz4IVsDLecBh3IiadHq66V4KocXC4LBUNFjcrxlVVGIonHJ3qd6VpQUwG0n83yhj6LD5hgxmZ5phAyR77Ri8BiH1lWUcg51L2k0U+WJFPP6JkumT9MEz1t1+JYr5Imij6GKRWRKFwTbU6QJwFH4tCA/iGw0ElrzIjSHiNiwIKfbm8yas9vlOhr4y7vCeV10hVyvV,iv:dZ8hQxhn7pokWbQG/8rQ2vFDpPYut7WCG3xy9g6kzNs=,tag:xMyPtJJoh8kjJcOT4t9aRA==,type:str] ssh-known-hosts: ENC[AES256_GCM,data:P6hKaCpcZdXIy4rE/1b1+66Md/3Kmviileb0OIT3Vz4IVsDLecBh3IiadHq66V4KocXC4LBUNFjcrxlVVGIonHJ3qd6VpQUwG0n83yhj6LD5hgxmZ5phAyR77Ri8BiH1lWUcg51L2k0U+WJFPP6JkumT9MEz1t1+JYr5Imij6GKRWRKFwTbU6QJwFH4tCA/iGw0ElrzIjSHiNiwIKfbm8yas9vlOhr4y7vCeV10hVyvV,iv:dZ8hQxhn7pokWbQG/8rQ2vFDpPYut7WCG3xy9g6kzNs=,tag:xMyPtJJoh8kjJcOT4t9aRA==,type:str]
import-user-env: ENC[AES256_GCM,data:9SE2k3/IJqbdexj0QFSQBQ1+u1AduWNjt+0XIHryJlxIEdvv9a+6hP4EXPo+31GnaE4=,iv:qZlWOBV5owr3ESTyFaV/R8VwlGl04kaui80I2zYk4zY=,tag:PhjRfEC1xoHaYyl648yCVw==,type:str] import-user-env: ENC[AES256_GCM,data:9SE2k3/IJqbdexj0QFSQBQ1+u1AduWNjt+0XIHryJlxIEdvv9a+6hP4EXPo+31GnaE4=,iv:qZlWOBV5owr3ESTyFaV/R8VwlGl04kaui80I2zYk4zY=,tag:PhjRfEC1xoHaYyl648yCVw==,type:str]
secret-key: ENC[AES256_GCM,data:YqwSJazPqz1OOsUVIPKsGvIHbX7SyJqryan1KWSRGRJkt9yZlaiRtQG/mQugAM6IvLFD3pj+gPTcXyqenaAQKA==,iv:nyPnL7wuhpb0kl0tm1JhOHmF7KI9vVcTN1SRGTgD2o8=,tag:Rt/IPC/YtBcmTx5osGlbBg==,type:str]
oauth2-jwt-secret: ENC[AES256_GCM,data:YUVbf0xgnzeNoahu57yzoib2XSB0rR2AAIkdlEe8eC9AFEdv4vE0S372jw==,iv:k1cEa/sWqJZ9b/NetVSR37BYy6UUOM4qAnbsfLEw+5Y=,tag:CrUh0xDWA77dAFp8FY0jPA==,type:str]
lfs-jwt-secret: ENC[AES256_GCM,data:fAirrt7Ue1XpHYB12e8l+47x1dY/eIsDV61KrDA/sRSKvZherRNnahtLQw==,iv:S6+rQHf3TL/1tKcknX/jHJ7k79GCU1BRBZHhuqXSRME=,tag:WUjNaP8bb1HvZnAX3+vXoQ==,type:str]
sops: sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age: age:
- recipient: age1mt4d0hg5g76qp7j0884llemy0k2ymr5up8vfudz6vzvsflk5nptqqd32ly - recipient: age1mt4d0hg5g76qp7j0884llemy0k2ymr5up8vfudz6vzvsflk5nptqqd32ly
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxQXdwU1FtbkZ0MUw3UXg4 YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBjWnlOa1NGME00dVhBQ3Z2
WmJWdUFKT0NaTkpjUWFlWTN2cFk0dmJNTG53ClVzUE9jS3RQcjN5WHBacERlZ09N UE1HZlc0Nldrb1VwZTk0Z2I2Nm5ZazV6WndFCnNoM2JaWFJnazJaWlltVW9uNGhm
eHRRcnVMaitpeVBGVjNmMzBkNVVBOFUKLS0tIFFxcjBUTjNmVDVLNGw0VENpL1pK UmdPSWlsdllORFhyMzRhYXBKQjRqWmcKLS0tIC91RmRCNG91UW1xb1pETXczSDlM
NDJCVVNUNG5samc5WTlyYVZvYUNZVGMKvd5QBRv+HRc/DDILlmyhQVqhEDk/ZbBg aStmM20xL0hHT3VnMWpTSEltZEpqT1kKj7Io72QSR/dgggQRBZ0gjs0Q7Y3GIP9K
nsqPf4wmzhqg7l1Fu8FQcjcSwTv/0nCKyWpLC+TvYjnQ5ZSn/eukFA== GPgvKGxEi8CcrUj5J9u7rDUed1/TowgWWs/ujt/8q2zfli7AjTpS1w==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1ug30gg4y7ftuya0wdv7q0vh4egn00wlv2th7mt7cgc2ze46wmvyq9lq6ge - recipient: age17tagmpwqjk3mdy45rfesrfey6h863x8wfq38wh33tkrlrywxducs0k6tpq
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNRHo0UHhmZmUxdS9KUS9P YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSByclROelpuQUFPQlFpREJr
TDk3Uk1NL2pxSjJYTDlLaTFCRmhzbXZueFI0ClNWTEttaFNmbTNZQWRROEl5OUdr NjhlUDA0TGw4R2FKbmRwWEVCSldrem9neVI0CmU1Q29qUUNZbmZDSkx0UmZmNkVL
c1RTRW9IaEtXakZSMTYrTERPK0dCRWsKLS0tIHZzSVI3WW5EaE1rRDNmamZnRkhG dmNQMEJjRjJtcWFYNE1SamV5SUozZVUKLS0tIFBMdFB5TTV4dGRoeVNnYWV5dERY
QTVMaEJxMzB6dFRlY3BXbEl3Mm9CM0EKZ2pXa04/YjjrEPo5SRzFHeT5twZkTqRP ejV3RTlSMjNlcGNreXM0YjhpUkVxUzQK2xB69WIRrMPNdZuJUzwuNM/a/Qzpyp7b
mcIO5tm9dmZOXPoauFh8iu1ElbNicfQjELnhAwYLlkjzHcw6HKHnEA== nInPmTCCOhqc3eNFSc+od6y5urMeW+r2i2iNV4B2rIdJTdLl1434eg==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1mrnldl334l2nszuta6ywvewng0fswv2dz9l5g4qcwe3nj4yxf92qjskdx6 - recipient: age1mrnldl334l2nszuta6ywvewng0fswv2dz9l5g4qcwe3nj4yxf92qjskdx6
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBMdVkyOTRQWEhrSmYzaDNi YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBuVFEyaWtlV0F1d0QvMGpU
K2RJMEJHK0JNYkFETXRZN1ZQbHVQeDZmY1VFCjdNdXBWL0ZTZ1RFbFp3TzdkNENu KzUxdGpXRUMzOWhSODJNYU1Id1Evbm1QelVzCmNZS3NSNWZlZDhPYUVCS3ZIUXRM
STV3SktsVDBuTVMveFVTZUU3dTROem8KLS0tIHRFU3B4K2lETnRPZDJpd2R3ZVh4 aVdScUI5aFI0aXU1ZUx0VjBBQW1hRUUKLS0tIGtOcmFNTXIxdEV0RlI0akJpWEM0
eHJEUU1WS2R2TTY0Y0xWY3lzT3FTVncKb6dOw1CM7Z1XzdOfjJug7StgdM2HSYDd bk9lWDZkS3BrM0t6V2xEbVdtZlQ1aTgKv7bIQpdGIoXMxPZDmLzqunIEaqQ5M63r
wHCqZEF5Fbz/wLLnNdUExyOysw5jjemBStCsy3TNZ1bJOEGE6ST2cQ== Qu1oFC+yZh2UlkjGxKE6HMlMGn0CnBcTa8XvBaEVMfchVR/2WVq8TQ==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1hmpdk4h69wxpwqk9tkud39f66hprhehxtzhgw97r6dvr7v0mx5jscsuhkn - recipient: age1hmpdk4h69wxpwqk9tkud39f66hprhehxtzhgw97r6dvr7v0mx5jscsuhkn
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB0N0paRTJhSk8zak9pYVdk YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGQWM5dlFCbTIrSXlZYnBw
YXFITC9qb2NuM01udUhBL2ZKbGZMUFU2aG1zCkRHVmlVb2lvdVM3c3NMMnNWb2ZX VVQzK1ZiaXpQcTcwQzV5YVV3d1A2L012K1NBCmpXNnNnenNrNTZDUjdXdzNXd2R2
b1VhZjFzTjFxak5vbEJmWW5tSHJoTlUKLS0tIDBmSStwTmtWdVhUc1NtV3E0MTFH T3FSc3BLdUUxWEs2OXlRNEdieXU1bEkKLS0tIFJkU0ZGcjd4bEUyOWFZeHVUMHow
bVBqRk94byt5M1Y3LzdhajBhZTZuTlEKCDchRx9INlVgBz80g5FYP8hrMuDlWBHT dVNTbk41S0VUNndQLzRoZ2ZpVTVqNU0Kp6okYalYtbI1CFuJq/881ZyOVpFoRq0j
hN7jLWcbvzJBsVWTOGMaraEKmebSpOuCSakbu9iYE0lKIZa/YbedlA== DvG2E2U+go6XftSaJ59DIUC6rzVBg1JKpJX3TS6SJhe+T+1paoxG/A==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1wrssr4z4g6vl3fd3qme5cewchmmhm0j2xe6wf2meu4r6ycn37anse98mfs - recipient: age1wrssr4z4g6vl3fd3qme5cewchmmhm0j2xe6wf2meu4r6ycn37anse98mfs
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBnU0Z4eklkNUpJVnh5ZkRD YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSArYVdXc2hrQ0JFQnF6NFpG
YVUrYjlidTRFRy9BRTBnRUFKMXBwcnBxeW5JCkFiK25UTlY0b0FaZ21jUitsSXdB UWVMVTN5U0JuQkRxU1ExdUlpWkV4RHlvYUNZCmIzOFI5QnVrMU84VTV6WmcxdjdZ
SmM3Sm5FOWFNK1hVbC9VWTk1WHFQQTAKLS0tIDN2a2EraldQRWxzSThGa1AvTVk1 aTZpOWZNdGNoSnJ2c0R2UzJ2cU1TRmMKLS0tIGFxTkxaYjUvaUxsRmhxRmpVeFFD
eFhPcnlBQW5tVCtBSmtjUU9rS2kwQ3MKwuktSYQpOPyj43kks2XL4Vs++Kdw+FJ6 aWt5dnlUYWxoUUlHTjRnWEVBU0NzODQKQ2v9oCbXhUhRnURyHWbAIJHGjgb/eVp1
xoZjfxmyUi5dOl+GPB7+AKyAXWUU4eQPcGHDPp7x+FZfa49jvE4aRA== h9Tdld0TWTxxbyN8JkRa80B8JpUVwHgeqJmq2krnhDrYLN9zaugVMQ==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1zhxul786an743u0fascv4wtc5xduu7qfy803lfs539yzhgmlq5ds2lznt5 - recipient: age1zhxul786an743u0fascv4wtc5xduu7qfy803lfs539yzhgmlq5ds2lznt5
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB0T1ZnRFliTE96alg1eDFt YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4bFd5OGpvY0YxczdkVnVY
dCsvelJHTUxyQUFPemZjbjZOeTRmWTd6ampNCkVTdTdoeGdjcHpzelJDbU1tNWll ZXExNnY1UXBtb0d4MFNYR3JrMTN1SXhNOUhrCi9xVm1HZDhHZmpEdmdJNVBFcWhv
b1hHTGZSbTVzNWU3YWJ1YmVHU2RKT0EKLS0tIEs1Qm92N1NCZFI1TjR4Z2pxMzZT UjI3VDNycEpKdTNnbVU1eVFUeUZuZTAKLS0tIE5GdEJ3Nk1oam9KYUVCMk9CVmpL
ZWRCSXpESTNpbnQzU3A3VG1xSE1BeXcKDr35W9phmGfEQtNb7V/f+g4GIcbk/klU OCtLcUZwL084TUp0QmpSQXNtSFhHYkUKwGvXXE9AWlrlDgRl2ECCmej7IMztO+fx
+1EJsJ+jK1qCSDgO7omQge5Jx1XqSAg8H+21fnHA4JLhfIeZbntBTQ== 852Vu610cI9FLv5oghlKM769+/A2QP82KwdxZ4MaRSDvJwXKBi16aw==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2025-08-03T01:35:52Z" lastmodified: "2025-03-16T13:03:12Z"
mac: ENC[AES256_GCM,data:wQPIW9zRhB6IjK1OQy69Ln+dj6OMNLnNKIzFIhv/vbQ4GllMJ3N/gZjuzMJIumcVND+jEY/qiYnsCFSptStlDYtB3/zHWo1e6It2pM4igtoTP29uiQME0vPJSz0guakZlDMa20mOTN0vVZODEbeBiQNXWtnTbl93R2JVJlZrWcI=,iv:L9Dk5S+hbBO0LTM0irfLuqjLYHzVtY5Tq+Q7m65u6p8=,tag:0GT9IyPeGY5YM6PP/LNs/Q==,type:str] mac: ENC[AES256_GCM,data:cuMHvEjR3nA/LqGHwIGOD+rWwmvg0fPiFtVTDLATKuc0Ulf+0PKogv9cddmXlmqaBOLMkmZue44egEpiLoNm38kEr7gPfP7XKj3kkwL2U4BiS43JEokt5CEq44sSETKylEMEVajgOEwyWn1od4MLxa7xsuhbvGvDpsbvjyPvzh0=,iv:zWFNpOS9cgCs36rdW9FcJ+jG3HrjRmcw2Ogz7QZuyJQ=,tag:L3x6Bsu+7n5A0/Dx0HghkA==,type:str]
pgp: pgp:
- created_at: "2025-12-01T10:58:24Z" - created_at: "2025-03-16T13:02:45Z"
enc: |- enc: |-
-----BEGIN PGP MESSAGE----- -----BEGIN PGP MESSAGE-----
hQIMA0av/duuklWYAQ//TluENVomEd/KwhRiN54IeFeknRyVGWqkTMm2bCV3BGs5 hQIMA0av/duuklWYAQ/9Ey8zpaRU7DuvVaKTaybgkLCPTKNyq6mKXAusKqC0adMu
1ehbfO+9djAXfDeOfq+66XUWOjKs1arhrv2MeQdxhuJ7Ywa73UGMGSMi+sEobTXv 9G4M8G18uEoo6/Oa1LpJsQneU05EFuStZPaCs9+zxe5ZU2YhcVcDGAHgCDFBbI27
w6iYRxJpzCkcpqhmX3L/FbXDWOVBzJv9Y5itc6sn8/0JXk9CHfZU8CfDB1U9A2H9 7kzUVxA/n5cK61CfIslNYdJolceJeLyH9HSrS3k3eI3V6zEQL9Yz05dDz7Nlma4q
oRlCT4bTRsAfLirZLZss389zjtV+84cJ+zCnekEZD0pS+wcoo8MICPW3DkFBM76a AKsnGtLY4og0j2k7HZcK39ikhJGkllZHhsM4RT8/UVeVZF9CxKzwQ2OKbHkhJZyn
EJLe8Asx3xlaxht5uxEpWrBseaBfKLEXTgtDW8MZYM7A50aDEvSJ8zolWBH1GTX/ LGEpioYAKuIIWm/20y/DQwIYpAilltWkg+RWQUnYeAINAZKSzFNi9vd3N4n6e41t
6kCvKyTRqbm+mEQ08fktNJW5hd1799+XH9U9gOPP7fme79H98cMrFMNk4cTV8p9I ikq8Ukpjbesy42w0ju9sbNWayga14OG5STg/qacrCDjp+wY55VJCcEEM/6kPj1rf
5W3RXROwgnlRdVQIHj6lfkOP+kx7YYrL7UqtKPj3vIVpNeAXEvx0RpnIjJGqOpTP e2dBR+eN8VMgcPOlexOf1pkrVhNqz9eDfEfaEtDbFDIgznt0pmLeeYcL3NBa5+Xf
QZWHBUM+UT6QyRTAFsWuNPjo3MwItOfP1WyD0480FKKWFVmwdj8SSk9dsjPhNNv/ vpGXG3fmgoXvQYW05yY4efBRiex9f70lbhnnngeY9ZbmSpy3ZuzIKq8RgBxy1ve+
SiYzJ2elr3/i1R7jf4PqaxSDRjyC1JMmRtKxhhklNi1tIvb1xf2H6EGJLYZpNAxA 4B6RYC2Ag8Tndj1xYfHcrqSNfmxq+xNieFV49PMGDO1hjJF++VASqPuRtX9lz3tZ
14q8A9i0GUSaxD2xMaQeF7eVmgMyhcHxNHBydCG8mzP9xuPmOlpkYRBNuB2EBDyd Y7E7VPtTESaxEp9IuUgLYYnvSHh1SNIRl3OtcctL+bwbF2wNk5iBha+jC/aXNRU/
77gGy6xad7KEu4sGaheB/XbHzFSAw6Yet/bvafP3+jKimPP1OsmKhkat/NuueGLS PoRv1y+G+0R6aV3hLJjoC+Hrm2JX3FIksk64LRDM9mSI7Yl7MfEFrIzcH4HEzlTS
XAGt64/PXo8iDY6iPOifElmFEbepxMaE20Xp1GbF2P5acvBp7v3uDeB4cwUU27QV XAHugaMjpRCntUxlaP2tq4jlrv+PQLh7+uBzzbhLBK6qSjybKiqHBKeluxfYVsDs
lTX8wlmKIH3m3nCwk20CBuEnGD1j+/eviUu91Pkz7VAgZrRxOJnPQ3qhH7v5 rJJicnclRfI1eJPfZDlCr2iggd+2ABYG7uINQVrZYuw2dfb4IvvrqCQz/fBy
=fg2d =Qb5k
-----END PGP MESSAGE----- -----END PGP MESSAGE-----
fp: F7D37890228A907440E1FD4846B9228E814A2AAC fp: F7D37890228A907440E1FD4846B9228E814A2AAC
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.10.2 version: 3.9.4

24
secrets/kvernberg/exhange-offline-master.priv Normal file
View File

@@ -0,0 +1,24 @@
{
"data": "ENC[AES256_GCM,data:dhVo1B+ZG1B6s0bTLgph4ipPmi0mveaObbJAffDQbpY=,iv:P5plvu4DQYa99cQZQ6B/gEFcSffu3lTY3+Z80Cfoj94=,tag:4xcqCbn6fFSmCbYmmEgQEg==,type:str]",
"sops": {
"kms": null,
"gcp_kms": null,
"azure_kv": null,
"hc_vault": null,
"age": [
{
"recipient": "age19rlntxt0m27waa0n288g9wgpksa6ndlzz8eneeqya7w3zd7may0sqzhcvz",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA5MzVHSE15Nk9MODQxc2g0\nbHlqNmFKclBYbUNKQTNUOGo0VThiaEZTVzJFCmU2YkYwMXlyeHM3ZzAxOWZpa3k4\nUUJLanVFbkNMa25RcGZmOTBsVmtzazQKLS0tIE1sTTBqT3VJMDFOYXl0T1JvcDRV\nRFpsZGNOZzFzMFc3YzcxeXdIK1d6QUUKzy0n7DJsOmrNvU03Tn6Zcj/l/kAylzzP\nhNnFLXfStdKl3A/qrzBPhTVbYD73yFkZuQ+bDr7/IMsHAmDsztuA9g==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age17tagmpwqjk3mdy45rfesrfey6h863x8wfq38wh33tkrlrywxducs0k6tpq",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBnbEdBWjdEbmtNYWJHQnFj\nSU1yb0NYVG4xVlZkYTdUWUpDcGdmbFF6U1NrCjBlWFZkcC9FMVJLYUtDNlBTUWcw\nNHBwWFNESDBQQmJNb3NDN2tDekM4eUUKLS0tICtMVGc1L2JFQ1BqKzM3eWFPRmRQ\nWXlQUWpvdUdOUlZ1OFhtS0ErL0JKSlUKzxLKbsnXvEqnR2HVsTxNqmM7YPjWfCjG\nZ4Bf046NdseomkNuTvWuPzjzPTe4GvjudMYc4ODchkIMOo6hXyf5kw==\n-----END AGE ENCRYPTED FILE-----\n"
}
],
"lastmodified": "2024-11-17T01:12:23Z",
"mac": "ENC[AES256_GCM,data:aXIM/pmgVmfNSa+PwpfK6Efh/kCWXUqZNcKLkyhRwl++vaIBQUIQgQjv09hWHOF77V3ZjRQjh2E1uNe2baBLEmrDT5Au+7VABW+j49KX/vKMd+1l4w47l3DukOVnoo50bsOQFtH+amSl2P2imxpO15sjVDu9/nUeu2qXrtbIUh8=,iv:BQVs3P9p86uzTH2BfuSOxycpE6di4ZIwSz7OTZdcQPg=,tag:mT4Ek8dDbVINGp4Odt62zw==,type:str]",
"pgp": null,
"unencrypted_suffix": "_unencrypted",
"version": "3.9.1"
}
}

124
secrets/lupine/lupine.yaml
View File

@@ -1,124 +0,0 @@
gitea:
runners:
lupine-1: ENC[AES256_GCM,data:x8uPQSPid/dJkR/OrYOX9qrCyWTrAj2mRT/B/rSMgYyaI70+8I/l6w==,iv:Kx90gGKAscNXW3RUI5+xH5IcYnyNHtvzCakyd6TLUUA=,tag:esgEMeN+n6cgocMvV9XIuQ==,type:str]
lupine-2: ENC[AES256_GCM,data:yNdtPGHuIJoCIJJPt7/iDwG3cgYcmkTLHUGNbWSYEtAbmh14jAjnQQ==,iv:ffcuL9ivs2Mag9Q+foHG2hS4IWWBwGyrZXXdiZV64hs=,tag:/27xqi65VqBz5Sw/fekN/Q==,type:str]
lupine-3: ENC[AES256_GCM,data:STJw6hmlOFcy14nfev+E9nin+WJzxAgGwV4IKIVuoqjF7rIqniY4MQ==,iv:+72Qro4naAzdqXvCGi7utHVkT1xeyQkXktahpOTpRjQ=,tag:R66yUHSOT/czhlNcTPXRtg==,type:str]
lupine-4: ENC[AES256_GCM,data:5Yw/iv2P1WxarZbRuT7XjxZfdYI9msOBJrl5l4XusivX+BOq95hcSw==,iv:TY9K+8NCCof6oq1CI1E8h3GeF4oJM1KgF5+cufXIfdg=,tag:Cd6+hgxfClsQAlsS+cZTjQ==,type:str]
lupine-5: ENC[AES256_GCM,data:+PYUtLBx9MdIebR0nWSNGKKCyKcGpI62BXj7AN1iV4wU4+2awrWZ2Q==,iv:PALEU/sYebhPTO4ZXEm2uV6z9hN678ZxqOSnaHVlyro=,tag:Enb08N6TYlOh+x70pcpJYA==,type:str]
sops:
age:
- recipient: age1fkrypl6fu4ldsa7te4g3v4qsegnk7sd6qhkquuwzh04vguy96qus08902e
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvVlBuRVBBRFVndWV4L3ZJ
eE1qWEZWdUpRd1pOQ3VjVExEQjFWcCtmdkM4CmZyQVJWTEw3NnFGeHcxZjRta3ox
eTVaNmZ4WC9wTVpYeGpLNHpXbStteUUKLS0tIFZTL3BNZFR5YVNDZE1zKzJLZWNM
UkJyek9tcWdwejVqR3hzSDFiaW1zdDgKNqzd1dNco9Ynys03GNOpuKmL9Kyea2Ko
xzsDBG08XQc9wpAcjTzXbqujhVvLQJi3IOSUQW4LOAx3BxTsZBHaQw==
-----END AGE ENCRYPTED FILE-----
- recipient: age1mu0ej57n4s30ghealhyju3enls83qyjua69986la35t2yh0q2s0seruz5n
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqTnFTSUlSWE9vNmc3Ui9p
MFJsNnU5MzdaRGdoMUNlSW5qVi95Z3pFTG5jClBRRXNabUZWKy8xTmVpYllXT0d1
a25zY1BmQW5VdTRrT2l0Q3VqSmFYL2cKLS0tIGVvK1luSWNsVnBBd3N3L2Z1VlY1
WThsUEhIUE0wV01XR1dMS08vQW1oNDQKRu2REcJeR2vTbbiU8Mt7aVjCgpT33lUg
N+UW2oYPh8G+DmLLy203+WeyktuAZR1+b+1pyeaF0O3SWNvgxnyMLw==
-----END AGE ENCRYPTED FILE-----
- recipient: age1j2u876z8hu87q5npfxzzpfgllyw8ypj66d7cgelmzmnrf3xud34qzkntp9
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVT0JmS2FPbE4xMU5MbHdt
cktSSitNU21XblBXWldPR3hsam5rYXF0Q0Y4CnkyWnk4K0VndG1WRndMUm00azls
aURrbFh0MWlwUGQ4ajZoNXRubFQ1R2MKLS0tIGtlcGwrQzNEc3Y5cTNuSHplZFRV
SnhzRFIycVdSaTh2OWRmVDJDWmltemsKc1M2gWp+RQ1LYPI3u3Z+qqPLhB/2vQtZ
HieQVRYITLdZ73RKn7jhgvu8cGNdvhkWRNFBcsZ7JsqW1FQ3qs9wLw==
-----END AGE ENCRYPTED FILE-----
- recipient: age1t8zlawqkmhye737pn8yx0z3p9cl947d9ktv2cajdc6hnvn52d3fsc59s2k
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAwNHlSbmRyejljUzc0VFdZ
VW9SV1E1ZGREZWZ6bUMvYWExR3FIUTB2NUNRCnFmdUtjUjJiUHRQbG1vZDB5S0xq
bDVkai9EdW5IUjE1alBiL2JST2dTblUKLS0tIE56SFhxU2IvNmFxS0YzYUNnQTFv
M09tSCtCVTlndkNZSWtQc1lrV3FxeTgKfgJuAE34QcFnnL1/MajJU9Kv2ygDhHlA
LVlfRAfrNsJf4JGus8VuADbsSPpvGJMJMq6UAY10FbMO7KfNaIVA6w==
-----END AGE ENCRYPTED FILE-----
- recipient: age199zkqq4jp4yc3d0hx2q0ksxdtp42xhmjsqwyngh8tswuck34ke3smrfyqu
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvVVQzRG5ySzNLb2xvMTAw
K2RORGxzVU1YWnFteVZadTdTU3BVZW04VWg4CjNBMHFwUmpSaEs2S3ZneFhBNVBO
ZHVaTXQrQVBQaHZhT3RiNVJ5QVV3VGsKLS0tIDFTSGNuVFpsK0txeENkQjI0cXpZ
NFF0VHl2V2NSNzN5L3FhcUZwR2RjanMKKLZVnAGuv1tcAUzFabvgf0i5N4Jtyujm
/oYMZHJy0nETeSpDb/tCEwFThQoEY/qdEmvbg4FOOVZH6tfV0nLnuA==
-----END AGE ENCRYPTED FILE-----
- recipient: age1ug30gg4y7ftuya0wdv7q0vh4egn00wlv2th7mt7cgc2ze46wmvyq9lq6ge
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB6NDJ3WUEyZmJIdGxhcmkv
M0VSK3NCZ2FVRTB6RnlSZlVXRUNzR0xpZHpJCkJZVXlXbUhEZHI0MlhMK0FtUlhU
ZmZBZXdpTURWQTZEWGgrQ0c2RG1JQVUKLS0tIFhkaGxGVVV4NzBKOU5PVURnWmwz
MFBiNUtvakhISUR4SjJ3OWhSeUVsT0UKJbo5zlvD17GYTlRzkNCC7zCCCWSyKRUg
IChEvMpUKNgYA1xKHOwfPuXuZ4RtcJq/ra4GeVD4OmIGrnXpPWah8A==
-----END AGE ENCRYPTED FILE-----
- recipient: age1mrnldl334l2nszuta6ywvewng0fswv2dz9l5g4qcwe3nj4yxf92qjskdx6
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGemlWOHMwR0RFRGk3alN5
ek9idytadU1NeEtzUmpyNnNFM2hZek80S1dBCkxYeEtDdlRac1hvcjZZVEdqY3BR
Ynp5MlBycW9MSGlnMWx3QldTZzZ6cDgKLS0tIGNweEh0cDhOZHZvY2RUYXVJMTcy
S1J5Ujd6Y1gxTExuVzhaZ1UwazhHd0EKAgDI4cNTj2txorTKKwwQIAvgUPRaMlzU
4j/JTrNjlFLQrxdigAY0toJfX8ByWWOGMLWm5G7knAi9zR/KH95wNg==
-----END AGE ENCRYPTED FILE-----
- recipient: age1hmpdk4h69wxpwqk9tkud39f66hprhehxtzhgw97r6dvr7v0mx5jscsuhkn
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGQys4dFZDZ2pnQ1ZlWUc5
YmtJNk1VZGExNDk3VTJ3V0ZDcjdOTFZkQ1dNCjVESFFjb09PWG94eU9BQWFDMEg0
SHZXU1Fla252eGtNbFk1OFE0T2R6ZlEKLS0tIEIybTFFWGp2T2NiWHFMdlVkVWkw
bjFkSTR2OWNCV2NadGZJSmxxUG9FVW8KTeF00gXMc9ws3QbvHXvRIIDa3KCYh5/H
5mdUFmOBO1JYrab6M5HRVF9DovyMMM7IrBBL8KOtxUk3UeOpijZioA==
-----END AGE ENCRYPTED FILE-----
- recipient: age1wrssr4z4g6vl3fd3qme5cewchmmhm0j2xe6wf2meu4r6ycn37anse98mfs
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBPdGZQZDBPUmFMK2JhNE9G
d0gweTV0b3lRNkQyRTlHYWtrZ3lwSzlMM3kwCmRPTUN4WTEydy91ZDQxNkkyelhH
UEFsd1ZRQUc3emg5Qk50Z2xSZzZjNlUKLS0tIFVsNWs4Und6bjgxZWt0ZllwRTlk
SzJ0YlIrK0Jlazkzc3F5U3dXT3dIcG8KkaqYMrJqDGlLN+JwvnJfcGJt1ot+X7ep
8st2H2uwLo8groSw1bEnwJhoqaBgu5dBFUCKhSbHMYVIfT7M0JHPGw==
-----END AGE ENCRYPTED FILE-----
- recipient: age1zhxul786an743u0fascv4wtc5xduu7qfy803lfs539yzhgmlq5ds2lznt5
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBEZUtqMHgrakhhQ3k3dCtN
T3cranZIVFdLRWJlOWMzaDF0NTZCM3poWFFjCkY4TFdmOXdwK1pLcWQzWENTNHR4
TkpWNEt4VTdWUG5XdzEwOXY1ZzVsbFEKLS0tIC9RR1MvdmJoYlFiMWM4TUEzNHNv
RjQxS2g4QStNeXpKcmFqK21MNGdvM3MKOCnDVWJa5F1Vss2D7l7GMq1xCNurjfRz
vvK8S091itHZVy6wamTz2/jAj7YYXDjSu0V1sKPOLdThKNZZcBe1hw==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-12-04T05:53:51Z"
mac: ENC[AES256_GCM,data:o55keAaJEXVOAGvoMp8FWvtlxMgfF/qR50FGnNM1whYz+5+naRJ1dAOW9NKYHWbtOa/ZXEMTkjoFrTJidAaIXza1Ot8llbTGYh56fsnu0FKZfVM+rvecRDhXKWxiAqyiLUvtUfA2fSg9LGveh2U+0dulcU25sb3Wf0RcFrtM3xI=,iv:3/UllekmGIaluv8y8I6Azd/52dJzk+C5ah6XLJj7Zik=,tag:T5ILXiC5hK++0jGOnHCMYA==,type:str]
pgp:
- created_at: "2025-12-01T10:58:24Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMA0av/duuklWYARAAmW8iNyzlWC9aeHxLSs3OuZza2Sxmmm+RbtA/n1X2M/iI
FeQsvO4m+HB0Y6H7cy8hjyJHa/kGwL4kenDCF+unqJCfF6XQQm+S740+uWndFVFi
u02svjncMnGTTrkxazj90ULASXxT0Z5Z+2heCkuQe/spfX+qVJVa5RvzTPBj/Bjm
k2NafAW0cfM5MyyeVkF1Rei1LJ860b442vUMpNmU1Av+fbgIyG4f/LEswv/upJWX
UdNFvU5yW98FXvUDP6ThJRg6OJqN1ZIYix2UJ6OakUuJN51sywVO4LBZmdsJ21SY
cdEjyi+vvAoOsBD2jX+64KzvzoSHkV2MWcez19ZMPguaCwNU9wmrdGD/vVKq8WOl
Zs/0BOnOCJ0nEbprzCUCE+RtRZxkKUYmDKYxbu70FSsHWCnRyybKsj7CVak59EZE
Ok7IuK6mQ0HT00FQfOCy4ZytgTQSB2fXEGyZsVv65RDdorfapAkwMM1TYVc4j2mD
ImoY85xMo/E/KwfAhzL2E2lJLXpAamvBj86RcNW/FEytEEI+l5CIZr6l6UDSDO+W
ETYbNcqK8utLTmH539czbXGZ9Cid8i0+QyLtZ8ApHn7s1FsFOAzMpxMyKPYKRSnA
VospnGQ3TbdPbbOfVHQvD32iaGw8idP1xb3XNXelD0RZ9OuVxHGELO7re7n/G2jS
XgEOiTCRtyQONpfIiii1s7613OfbliWWe5ufhnm0Qsr6Om7jSsm3JfLkSmd/alxf
cEk3MFResmtancl1D/2sGhM1ROR6huUChxtgGmz6ZdE2sb8JIXtQOFHzfRw9xo4=
=3liy
-----END PGP MESSAGE-----
fp: F7D37890228A907440E1FD4846B9228E814A2AAC
unencrypted_suffix: _unencrypted
version: 3.11.0

96
secrets/ustetind/ustetind.yaml
View File

@@ -4,82 +4,86 @@ gitea:
beta: ENC[AES256_GCM,data:HmdjBvW8eO5MkzXf7KEzSNQAptF/RKN8Bh03Ru7Ru/Ky+eJJtk91aqSSIjFa+Q==,iv:Hz9HE3U6CFfZFcPmYMd6wSzZkSvszt92L2gV+pUlMis=,tag:LG3NfsS7B1EdRFvnP3XESQ==,type:str] beta: ENC[AES256_GCM,data:HmdjBvW8eO5MkzXf7KEzSNQAptF/RKN8Bh03Ru7Ru/Ky+eJJtk91aqSSIjFa+Q==,iv:Hz9HE3U6CFfZFcPmYMd6wSzZkSvszt92L2gV+pUlMis=,tag:LG3NfsS7B1EdRFvnP3XESQ==,type:str]
epsilon: ENC[AES256_GCM,data:wfGxwWwDzb6AJaFnxe/93WNZGtuTpCkLci/Cc5MTCTKJz6XlNuy3m/1Xsnw0hA==,iv:I6Zl+4BBAUTXym2qUlFfdnoLTHShu+VyxPMjRlFzMis=,tag:jjTyZs1Nzqlhjd8rAldxDw==,type:str] epsilon: ENC[AES256_GCM,data:wfGxwWwDzb6AJaFnxe/93WNZGtuTpCkLci/Cc5MTCTKJz6XlNuy3m/1Xsnw0hA==,iv:I6Zl+4BBAUTXym2qUlFfdnoLTHShu+VyxPMjRlFzMis=,tag:jjTyZs1Nzqlhjd8rAldxDw==,type:str]
sops: sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age: age:
- recipient: age1hffjafs4slznksefmtqrlj7rdaqgzqncn4un938rhr053237ry8s3rs0v8 - recipient: age1hffjafs4slznksefmtqrlj7rdaqgzqncn4un938rhr053237ry8s3rs0v8
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBTG0xUXQ2OTJDVnVtb2xp YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBIYVl6ZnI5TkhxK0JKNnlL
M2NEaENPUDJvL1Y5QWtaQ1lQaTBRRzd4bmh3CkdZd3V4bzFJZHAvWVVNVGhZdzhn WE5YZUZ2T1JEbCtvSVUxemZ1QUs4R2pjMWc0ClJ0cnU0c0d5bU5jWU1aVGd6WE45
WTBoSmUzbUs5azZHZzIwVWtSSGFtNTAKLS0tIDFFb2lBbkdBRW4wZ0RkYTBsMDJj Wm9OT0xPaTJ3Y2kxMU5RTHdRKy81b2sKLS0tIEx4SkFoV240VUJieWFlc3hRWU1Y
TWlNa25udytHRkR4RW92TmRCRkxPR00KXf2XPR/+16GpNdIfaa1biMFSFJ48UIC8 SWlwZnNOT3paRHRsTC9CQUp5SlBvTncKdcMI8pWtsfBpgeUagOmZUXIC6svkfmwE
5+MLAu+2I/NROLKmg3tOfsxQ2xnlF4FGRdmMuxaeKTZGD580sYiQ6Q== QF3GpWZgeVvo8e2oT2kBjerCDlUlzd0jJ8aK+B56xifTm7ii3oCAIA==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1ug30gg4y7ftuya0wdv7q0vh4egn00wlv2th7mt7cgc2ze46wmvyq9lq6ge - recipient: age17tagmpwqjk3mdy45rfesrfey6h863x8wfq38wh33tkrlrywxducs0k6tpq
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBWZVFmMFZWeDBCS0dta3pR YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3QVBaQWlSZk43dEtHVWF1
czJYV0ZhRmpMWVIvYVFEK2tVbHc3WENhTEhVCnpYSjIxZWtFcEc3ZHFVaDZmM1BD WmFBcmx3eFUvU2lrd0RCUGx3a2hDWHEzTUR3Cm9BclM3OU9SUnpySDZJZHRudmtO
aGNIWnp0aDVjeXZPdkdLdE40UjZNV28KLS0tIDg1Y3dYU3ZDWU50NlBoaWc4VUVx Ulp5OEZvZmMyRGJvQXJnUDVLdVRJUVkKLS0tIHE3M3MycE9pU1huYUREN3luWEZV
dUk3VG9ZeWVmY1VwWGViUVU2dEtnb2cKo5sHSm3HQNOYlyYirZ1oMz/InAT0QT7x WlNuN3BWeHhqL1dEOUJBSVNTaVJ3eTgKb5MRfeaay22PI9V5hni5mhnb0QF8PG8H
8aYL0afUQ/D++gvX7tGDbBgIkO1Zud+KiKO9CGqz1Wn9krFL20cjJA== bKWbc2SwdMNolrxhUiiIhdppEtXGHqLyBel786tuOdtEwVcy+m/rtA==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1mrnldl334l2nszuta6ywvewng0fswv2dz9l5g4qcwe3nj4yxf92qjskdx6 - recipient: age1mrnldl334l2nszuta6ywvewng0fswv2dz9l5g4qcwe3nj4yxf92qjskdx6
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVdWxWTlFJSnA3VHljM0Ix YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQaDB6enozMFpqcWxFdU93
SVN5aGdaREJEYjVWNWNUOWdGT2lDUklMZXlvCjNKaHBweDVpdUhuNlluUERzVDdq MEg5RTRzZExzWGppenlBTlZZRlpqWDBPT0UwCnhOaXI5R3Jrd0hWY0xqc1VXaDJZ
eVc2RlFKR1dHdGFDb2dRcGl0TDNqRGsKLS0tIDQzTFpYUk5LaTlPZUxxNHVZd0o4 TUxwSTZDcHd0bnZPR2N2d0JVTUJONnMKLS0tIENzOW9PM0tQSndVNmF1bTZ4anpw
dzNCbzdkdC9DNDFYZjVPSjNVd3ErbWcKkJcjk/4zy458WLyOs+NTXbrQ3EkxCBVH b1RzL0NEOWg0dGZUa0Jpd3hiTlRGSm8KleRV5c/Xoe0B1VtnR3y0sgXpmhMS8pKl
bX3+b5yH2YGyvTS2vHnCEY7Zis7KhuxAAIrdLobzKlwLf8LB+p14XQ== TWaAQTRlM9X2Pk5M/J/bu369ncmw/kycJKjK6W1yluaGwBNuEP+K4Q==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1hmpdk4h69wxpwqk9tkud39f66hprhehxtzhgw97r6dvr7v0mx5jscsuhkn - recipient: age1hmpdk4h69wxpwqk9tkud39f66hprhehxtzhgw97r6dvr7v0mx5jscsuhkn
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBydmhTM1Mrc1dpWkE4M09s YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0N1JvRVE0Y0xOMERMVXdB
MitqYjJuY0UwVVlITFRlTDB6UUFtdis5bFc0CjNIQURZaURwTEllQTVoZUZiS3BG enZiNk1DZTJTUnluRVBIWm9WNmFPc21rU0FZCjBIeHErSHgveFFFdk9ybWwrRXZG
blM5Y1F6VE5HZXBuNVFlNGtHaXJPem8KLS0tIGFUQ3JHb0dVVllIMlVnY2pZMFZE WGpVcHliUW9Qb3dLb2Q0aWlrZmpiVm8KLS0tIG0wcXJVK2dMeG9NUTFQSzVtY2RG
TU84Tkp3OWxoY1o0LzAvc3BrcXdyME0KyTv0mHUi9voKj0ZTXZ6CEkouTdupYl+F UE1FS3MvSXlxdEtJVWxJVDRFSkRmQkkK/2z7Lu6LVd6RLZAXKs+JsPc+1kcqFAET
/wLMQn1h4D6Jl3kxh12h4yACLCE9mOAM9wuylzOf/MpbDLbakymWew== 0zlTTTU0goTBLuXZ7uxFVZtqc1Nmoarf5Ksm/zcZ2B80P5ox9CzcWQ==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1wrssr4z4g6vl3fd3qme5cewchmmhm0j2xe6wf2meu4r6ycn37anse98mfs - recipient: age1wrssr4z4g6vl3fd3qme5cewchmmhm0j2xe6wf2meu4r6ycn37anse98mfs
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB4ek5lZTdFK0ROYUNUeEtp YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB4SFpKcVBTTlp3SXhVaGQy
bHVhWUF6VkdEUWpUL0ltWW54dFg1Q2wxckZvCi9OYllUN2xnL1dEMlE0RVkrbEMw QVVEV3h6dTZVcmx6aFc1eHF4UzJPbXQ2RnhvCkZiOEYydWhCYUtwcUdieGpBeTZh
dTd1SS8wQnhrdm1peWRMbVI4YXBzbnMKLS0tIFFIcVlIcWpxT2RPSlR0dzh3UHZ3 Z3dYVno5bFNkOUszNHBJNTdQWS9jUTQKLS0tIEhPVEdLK0RaclVvdklFNUJCcHNi
LzZLaDdMZlAzV0hBTHpWb1cwNElpUEEKrgfWuu6RKq9dolGP00CiGZsZ0me20PCX OXVobVJCTjhQZ2RTQ21xK2dUY0h5RGcKcPBgD5FIWuyQBhmPt5aqrWgEG1tzhtr0
NKHY/eQ2RGF6YLF35v3rBGuH73d2cqmCh/6d0DELX+F/nzOi+ZWb1Q== gVyLxgtMFGeeShjdpivgcWI/GZZlhWJilJOoZo7f6TknvCIIKsrUSA==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1zhxul786an743u0fascv4wtc5xduu7qfy803lfs539yzhgmlq5ds2lznt5 - recipient: age1zhxul786an743u0fascv4wtc5xduu7qfy803lfs539yzhgmlq5ds2lznt5
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBuUkxPN0VIWUNydmJPRmZW YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBYWlhiS1dxekZGZkRCQU9O
V0o3UmZGYkd2NktMdlc0dlpjS0htL24yVVN3ClVjbEViV25ibEwxb3c0TlNOSDB5 SktHRHRXL2VhNUJSRVhBeEM5UEZ1R0pFdXdrCnZQOUZaYitpSlJ0aXFpZXFrRFJj
SjlvNUpSZGpnU3R2aGVIaExBby9qYkEKLS0tIGtJNCtaOGw4OUQrc2JxZExnUHA1 MmZiLytvekZtVXYzamJDakc1RjdIREEKLS0tICtiOTZMRGZuWEdHTmZwRjZ2dUNT
bjBzby9HZjFKc2lEMzVLUGxJTndrSzQK7iOGVTi6XuodwBargQ7fUl2gtqIMEnL4 aU4xWjVYYlNvSmYxajVGdzk5dTQ4WG8Klq12bSegsW29xp4qteuCB5Tzis6EhVCk
Ql0K8J2F2qXtk7/wMHxFAIxwDP5KS5O8uLFjcmOTdGJeAal7Cvv1hQ== 53jqtYe5UG9MjFVQYiSi2jJz5/dxfqSINMZ/Y/EB5LxbwgbFws8Yuw==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2024-12-12T12:20:19Z" lastmodified: "2024-12-12T12:20:19Z"
mac: ENC[AES256_GCM,data:D9/NAd/zrF6pHFdZjTUqI+u4WiwJqt0w5Y+SYCS1o/dAXJE/ajHzse/vCSGXZIjP0yqe+S/NyTvhf+stw2B4dk6Njtabjd+PhG0hR4L0X07FtFqzB3u5pLHCb0bH9QLG5zWcyMkwNiNTCvhRUZzbcqLEGqqJ7ZjZAEUfYSR+Jls=,iv:5xPfODPxtQjgbl8delUHsmhD0TI2gHjrxpHV+qiFE00=,tag:HHLo5G8jhy/sKB3R+sKmwQ==,type:str] mac: ENC[AES256_GCM,data:D9/NAd/zrF6pHFdZjTUqI+u4WiwJqt0w5Y+SYCS1o/dAXJE/ajHzse/vCSGXZIjP0yqe+S/NyTvhf+stw2B4dk6Njtabjd+PhG0hR4L0X07FtFqzB3u5pLHCb0bH9QLG5zWcyMkwNiNTCvhRUZzbcqLEGqqJ7ZjZAEUfYSR+Jls=,iv:5xPfODPxtQjgbl8delUHsmhD0TI2gHjrxpHV+qiFE00=,tag:HHLo5G8jhy/sKB3R+sKmwQ==,type:str]
pgp: pgp:
- created_at: "2025-12-01T10:58:25Z" - created_at: "2024-12-09T21:17:27Z"
enc: |- enc: |-
-----BEGIN PGP MESSAGE----- -----BEGIN PGP MESSAGE-----
hQIMA0av/duuklWYAQ/+NLY+1iw6BqMfPzgcoiR3i7e/8G6MVP91zGjoUx3D6rGQ hQIMA0av/duuklWYARAAv2XS2jzoymOzpRHquUbYpUtbIeKXhPS8i9uk2zBvSKnr
EhUrdz6xdRY5KnqC2Wt7BJLO4jl/pvKo+w530Ik3wEzXiaZg1AGiUjUi4JhqueUi b/jZCpvtkCcSz1UFm+HzSn/i1eNkj9ghObisifvqY6JbO0DIa1jFlx1TfE9pj8dE
EQk41mWYifS6nd9T84x8C6luAUjxYXmZDpIY1/lRDEeh4GG9qE4v32f/66+nxFdV rrNTsYfxNwdGOvklPBHm3vKY5qPiGlE71TaKkJcO79vE5jxwhUqzWI9SWAZY3cFw
icblN90D7Rz6KTinX7RWVYRXHd3Te74NHhzOTPYkouxwnwvFiS2qN4k+7oIKl3+S IVJN44DT0I4ctTlwPM9eAYYodL8QP8OMXHJ/mjI4SPODRsvrOyy6rpip40Q+dU/N
OyYKeaAVSc3+nfVxuphNlVvl8ih9/f2tWz8XTPu7ohtck9T//5PXawvR51cateXe DwRupzrRlxJ8BDSh/x6J/AryZSwkmChX9cYyGaDknJ3ONQ0XLhVUtLkAvPWtWeow
2A9HNgefysd90XyCozQ8N7uunZsUKxgngqPhzgP2f0FRYeNWqrIOUWjrmI7nYg+A 6NVHmUOJ39ockT1clhYy2P5rQTraZESuI7vaSS9zVIuScBnJwbSRZ5xgxSD6Fj+C
w7Z7TRQwVzptVUAe+v9WfWkWBYFreb3NlbfEQfEC0xAAFQ5TPqL66PlXXMJqyBhN Y/JyogXa8FtyG6xeMgIwW7t/m/rbXL5OkP4w8D+CJs+4I55WXz054XOZ937EisVH
wWhBY50ETDBvhCv2hTghiRy9tczAgyBKoPr2yZNctqyNTuJlaql4o5LT6RTHusK+ XAlNBIHixjQVckbb+sS7rEmegfoC+rvOXA0irpwXFiapAbMGUePCwQHdSBMP8orC
vUGGYY/qj9XwrcQBi+bRr/Q9zHHjXowwKPr1/UVbdVa6ntMMjUL1D+T26QPhTT2Q Tb3E8kqHATN40b8CpUBcPw6HCQKmbhe8o+R8NG6TZh6JH7kSztl2+SIIuMzhDflr
7gT57JmXLJKk85MUGyAG3y4TNNdCbxH096kb1Z1O7VwHZfQDNoYXhPXGhYvnz/4q 1AphY047Ku2RANaWfo+xyVZMWgAQcnoaUOeYaHJ9nZ7f2klJ3fnRtdXJn1gcO3i3
YWHnYLLApuGN6apqETbE8xizKkUR4k0ReXCjHNvsky/nf30k4iUetDeGBwLJRjzS NZVRjjYHJgzCVCIZJa1b1TMGep84naF7NmRkNlS4wyv6MXGqSpHHZUGUBAQOCMPS
XAGCykcK7VviDM7YOMlXIbeUBK3Rb2rGsgkBby/cPiNh3zS8HzqOti2vn7ioLMbJ XAEqjZt8va0LKtsPsBOTGQDuzTar+2069fu6TjS07mJM2sTp/G8bGBnvjc0TIplZ
Peic2r2TAUUp/aVmU34YqREi071fKpL0zho75IJ2ZtavDOYmDPopEiluIVuV M5FOiCilI9yX7vQ0O3LUKJW5zELWnW2d+3okpGjgkr0BFERtM7BMCp6nxR6+
=JCHR =rEY5
-----END PGP MESSAGE----- -----END PGP MESSAGE-----
fp: F7D37890228A907440E1FD4846B9228E814A2AAC fp: F7D37890228A907440E1FD4846B9228E814A2AAC
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted

1
shell.nix
View File

@@ -5,7 +5,6 @@ pkgs.mkShellNoCC {
jq jq
gum gum
sops sops
ssh-to-age
gnupg gnupg
statix statix
openstackclient openstackclient

23
users/albertba.nix
View File

@@ -1,23 +0,0 @@
{ pkgs, ... }:
{
users.users.albertba = {
isNormalUser = true;
extraGroups = [ "wheel" "drift" "nix-builder-users" ];
packages = with pkgs; [
htop
neovim
ripgrep
fd
tmux
];
shell = pkgs.zsh;
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICheSCAxsYc/6g8hq2lXXHoUWPjWvntzzTA7OhG8waMN albert@Arch"
];
};
}

22
users/vegardbm.nix
View File

@@ -1,22 +0,0 @@
{ pkgs, ... }:
{
users.users.vegardbm = {
isNormalUser = true;
description = "noe";
extraGroups = [
"wheel"
"drift"
"nix-builder-users"
];
packages = with pkgs; [
btop
eza
neovim
ripgrep
tmux
];
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDVA3HqEx3je6L1AC+bP8sTxu3ZTKvTCR0npCyOVAYK5 vbm@arch-xeon"
];
};
}

27
values.nix
View File

@@ -41,6 +41,10 @@ in rec {
ipv4 = pvv-ipv4 209; ipv4 = pvv-ipv4 209;
ipv6 = pvv-ipv6 209; ipv6 = pvv-ipv6 209;
}; };
bob = {
ipv4 = "129.241.152.254";
# ipv6 = ;
};
knutsen = { knutsen = {
ipv4 = pvv-ipv4 191; ipv4 = pvv-ipv4 191;
}; };
@@ -67,26 +71,9 @@ in rec {
wenche = { wenche = {
ipv4 = pvv-ipv4 240; ipv4 = pvv-ipv4 240;
ipv6 = pvv-ipv6 240; ipv6 = pvv-ipv6 240;
}; kvernberg = {
lupine-1 = { ipv4 = pvv-ipv4 206;
ipv4 = pvv-ipv4 224; ipv6 = pvv-ipv6 "1:206";
ipv6 = pvv-ipv6 224;
};
lupine-2 = {
ipv4 = pvv-ipv4 225;
ipv6 = pvv-ipv6 225;
};
lupine-3 = {
ipv4 = pvv-ipv4 226;
ipv6 = pvv-ipv6 226;
};
lupine-4 = {
ipv4 = pvv-ipv4 227;
ipv6 = pvv-ipv6 227;
};
lupine-5 = {
ipv4 = pvv-ipv4 228;
ipv6 = pvv-ipv6 228;
}; };
}; };