flake.lock: Update

Flake lock file updates:

• Updated input 'authorizedKeysRepo':
    '686a6af22f.tar.gz?narHash=sha256-plTYjM6zPzoBE/dp6EUrk9mCqmab278p8FqBCTX8Grc%3D&rev=686a6af22f6696f0c0595c56f463c078550049fc' (2024-11-10)
  → '686a6af22f.tar.gz?narHash=sha256-plTYjM6zPzoBE/dp6EUrk9mCqmab278p8FqBCTX8Grc%3D' (2024-11-10)
• Updated input 'nixpkgs':
    'github:nixos/nixpkgs/26d499fc9f1d567283d5d56fcf367edd815dba1d?narHash=sha256-FHlSkNqFmPxPJvy%2B6fNLaNeWnF1lZSgqVCl/eWaJRc4%3D' (2025-04-12)
  → 'github:nixos/nixpkgs/9684b53175fc6c09581e94cc85f05ab77464c7e3?narHash=sha256-AQ7M9wTa/Pa/kK5pcGTgX/DGqMHyzsyINfN7ktsI7Fo%3D' (2025-04-21)
• Updated input 'sops-nix':
    'github:Mic92/sops-nix/61154300d945f0b147b30d24ddcafa159148026a?narHash=sha256-pXyanHLUzLNd3MX9vsWG%2B6Z2hTU8niyphWstYEP3/GU%3D' (2025-04-14)
  → 'github:Mic92/sops-nix/5e3e92b16d6fdf9923425a8d4df7496b2434f39c?narHash=sha256-ePyTpKEJTgX0gvgNQWd7tQYQ3glIkbqcW778RpHlqgA%3D' (2025-04-22)

.sops.yaml

@@ -13,7 +13,6 @@ keys:
   - &host_age_git age18zaq9xg9nhqyl8g7mvrqhsx4qstay5l9cekq2g80vx4920pswdfqpeafd7
   - &host_age_forgejo_actions_runner age10xz2l7ghul7023awcydf4q3wurmszy2tafnadlarj0tvm7kl033sjw5f8t
   - &host_age_matrix age1f7ams0n2zy994pzt0u30h8tex6xdcernj59t4d70z4kjsyzrr3wsy87xzk
-  - &host_age_netbox age13fqs76z2vl5l84dvmmlqjj5xkfsfe85xls8uueul7re9j3ksjs0sw2xc9e
   - &host_age_public_web_static age19s7r8sf7j6zk24x9vumawgxpd2q8epyv7p9qsjntw7v9s3v045mqhmsfp0
   - &host_age_yate age1kxzl00cfa5v926cvtcp0l3fncwh6fgmk8jvpf4swkl4vh3hv9e5qyqsrnt
   - &host_age_mjolnir age1ej52kwuj8xraxdq685eejj4dmxpfmpgt4d8jka98rtpal6xcueqq9a6wae
@@ -68,22 +67,6 @@ creation_rules:
           - *admin_gpg_dante
         age:
           - *host_age_matrix
-  - path_regex: config/hosts/netbox/.*
-    key_groups:
-      - pgp:
-          - *admin_gpg_djerun
-          - *admin_gpg_stb
-          - *admin_gpg_jtbx
-          - *admin_gpg_yuri
-          - *admin_gpg_june
-          - *admin_gpg_haegar
-          - *admin_gpg_dario
-          - *admin_gpg_echtnurich
-          - *admin_gpg_max
-          - *admin_gpg_c6ristian
-          - *admin_gpg_dante
-        age:
-          - *host_age_netbox
   - path_regex: config/hosts/public-web-static/.*
     key_groups:
       - pgp:

config/hosts/eh22-wiki/configuration.nix

@@ -1,7 +0,0 @@
-{ ... }:
-
-{
-  networking.hostName = "eh22-wiki";
-
-  system.stateVersion = "23.11";
-}

config/hosts/eh22-wiki/default.nix

@@ -1,9 +0,0 @@
-{ config, pkgs, ... }:
-
-{
-  imports = [
-    ./configuration.nix
-    ./dokuwiki.nix
-    ./networking.nix
-  ];
-}

config/hosts/eh22-wiki/dokuwiki.nix

@@ -1,166 +0,0 @@
-# Sources for this configuration:
-# - https://www.dokuwiki.org/dokuwiki
-# - https://www.dokuwiki.org/install
-# - https://www.dokuwiki.org/requirements
-# - https://www.dokuwiki.org/install:php
-# - https://www.dokuwiki.org/security
-# - https://www.dokuwiki.org/config:xsendfile
-# - https://www.dokuwiki.org/install:nginx
-# - https://www.dokuwiki.org/faq:uploadsize
-# - https://nixos.wiki/wiki/Phpfpm
-# - https://wiki.archlinux.org/title/Nginx#FastCGI
-# - https://github.com/NixOS/nixpkgs/blob/84c0cb1471eee15e77ed97e7ae1e8cdae8835c61/nixos/modules/services/web-apps/dokuwiki.nix
-# - https://git.hamburg.ccc.de/CCCHH/ansible-infra/src/commit/81c8bfe16b311d5bf4635947fa02dfb65aea7f91/playbooks/files/chaosknoten/configs/wiki/nginx/wiki.hamburg.ccc.de.conf
-# - https://www.php.net/manual/en/install.fpm.php
-# - https://www.php.net/manual/en/install.fpm.configuration.php
-
-{ config, pkgs, ... }:
-
-let
-  # This is also used for user and group names.
-  app = "dokuwiki";
-  domain = "eh22.easterhegg.eu";
-  dataDir = "/srv/www/${domain}";
-in
-{
-  systemd.tmpfiles.rules = [
-    "d ${dataDir} 0755 ${app} ${app}"
-  ];
-
-  services.phpfpm.pools."${app}" = {
-    user = "${app}";
-    group = "${app}";
-    phpOptions = ''
-      short_open_tag = Off
-      open_basedir =
-      output_buffering = Off
-      output_handler =
-      zlib.output_compression = Off
-      implicit_flush = Off
-      allow_call_time_pass_reference = Off
-      max_execution_time = 30
-      max_input_time = 60
-      max_input_vars = 10000
-      memory_limit = 128M
-      error_reporting = E_ALL & ~E_NOTICE
-      display_errors = Off
-      display_startup_errors = Off
-      log_errors = On
-      ; error_log should be handled by NixOS.
-      variables_order = "EGPCS"
-      register_argc_argv = Off
-      file_uploads = On
-      upload_max_filesize = 20M
-      post_max_size = 20M
-      session.use_cookies = 1
-      ; Checked the default NixOS PHP extensions and the only one missing from
-      ; DokuWikis list of PHP extensions was bz2, so add that.
-      ; Checked with NixOS 23.11 on 2024-05-02.
-      extension = ${pkgs.phpExtensions.bz2}/lib/php/extensions/bz2.so
-    '';
-    settings = {
-      "listen.owner" = "${config.services.nginx.user}";
-      "listen.group" = "${config.services.nginx.group}";
-      "pm" = "dynamic";
-      "pm.max_children" = 32;
-      "pm.start_servers" = 2;
-      "pm.min_spare_servers" = 2;
-      "pm.max_spare_servers" = 4;
-      "pm.max_requests" = 500;
-    };
-  };
-
-  services.nginx = {
-    enable = true;
-
-    virtualHosts."acme-${domain}" = {
-      default = true;
-      enableACME = true;
-      serverName = "${domain}";
-
-      listen = [
-        {
-          addr = "0.0.0.0";
-          port = 31820;
-        }
-      ];
-    };
-
-    virtualHosts."${domain}" = {
-      default = true;
-      forceSSL = true;
-      useACMEHost = "${domain}";
-
-      listen = [
-        {
-          addr = "0.0.0.0";
-          port = 8443;
-          ssl = true;
-          proxyProtocol = true;
-        }
-      ];
-
-      root = "${dataDir}";
-
-      locations = {
-        "~ /(conf|bin|inc|vendor)/" = {
-          extraConfig = "deny all;";
-        };
-
-        "~ /install.php" = {
-          extraConfig = "deny all;";
-        };
-
-        "~ ^/data/" = {
-          extraConfig = "internal;";
-        };
-
-        "~ ^/lib.*\.(js|css|gif|png|ico|jpg|jpeg)$" = {
-          extraConfig = "expires 31d;";
-        };
-
-        "/" = {
-          index = "doku.php";
-          extraConfig = "try_files $uri $uri/ @dokuwiki;";
-        };
-
-        "@dokuwiki" = {
-          extraConfig = ''
-            # Rewrites "doku.php/" out of the URLs if the userwrite setting is
-            # set to .htaccess in the DokuWiki config page.
-            rewrite ^/_media/(.*) /lib/exe/fetch.php?media=$1 last;
-            rewrite ^/_detail/(.*) /lib/exe/detail.php?media=$1 last;
-            rewrite ^/_export/([^/]+)/(.*) /doku.php?do=export_$1&id=$2 last;
-            rewrite ^/(.*) /doku.php?id=$1&$args last;
-          '';
-        };
-
-        "~ \\.php$" = {
-          extraConfig = ''
-            try_files $uri $uri/ /doku.php;
-            include ${config.services.nginx.package}/conf/fastcgi_params;
-            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
-            fastcgi_param REDIRECT_STATUS 200;
-            fastcgi_pass unix:${config.services.phpfpm.pools."${app}".socket};
-          '';
-        };
-      };
-
-      extraConfig = ''
-        # Set maximum file upload size to 20MB (same as upload_max_filesize and
-        # post_max_size in the phpOptions).
-        client_max_body_size 20M;
-        client_body_buffer_size 128k;
-      '';
-    };
-  };
-
-  networking.firewall.allowedTCPPorts = [ 8443 31820 ];
-  networking.firewall.allowedUDPPorts = [ 8443 ];
-
-  users.users."${app}" = {
-    isSystemUser = true;
-    group = "${app}";
-  };
-  users.groups."${app}" = { };
-}

config/hosts/eh22-wiki/networking.nix

@@ -1,22 +0,0 @@
-{ ... }:
-
-{
-  networking = {
-    interfaces.net0 = {
-      ipv4.addresses = [
-        {
-          address = "172.31.17.159";
-          prefixLength = 25;
-        }
-      ];
-    };
-    defaultGateway = "172.31.17.129";
-    nameservers = [ "212.12.50.158" "192.76.134.90" ];
-    search = [ "hamburg.ccc.de" ];
-  };
-
-  systemd.network.links."10-net0" = {
-    matchConfig.MACAddress = "BC:24:11:37:F0:AB";
-    linkConfig.Name = "net0";
-  };
-}

config/hosts/esphome/networking.nix

@@ -11,14 +11,14 @@
       ];
       ipv6.addresses = [
         {
-          address = "2a07:c480:0:1d0::66";
+          address = "2a07:c481:1:2::66";
           prefixLength = 64;
         }
       ];
     };
     defaultGateway = "10.31.208.1";
-    defaultGateway6 = "2a07:c480:0:1d0::1";
-    nameservers = [ "10.31.208.1" "2a07:c480:0:1d0::1" ];
+    defaultGateway6 = "2a07:c481:1:2::66";
+    nameservers = [ "10.31.208.1" "2a07:c481:1:2::66" ];
     search = [ "z9.ccchh.net" ];
   };
 

config/hosts/git/forgejo.nix

@@ -49,6 +49,7 @@
       };
       service = {
         ALLOW_ONLY_EXTERNAL_REGISTRATION = true;
+        ENABLE_INTERNAL_SIGNIN = false;
         DEFAULT_USER_VISIBILITY = "limited";
         DEFAULT_KEEP_EMAIL_PRIVATE = true;
         ENABLE_BASIC_AUTHENTICATION = false;

config/hosts/mqtt/mosquitto.nix

@@ -23,6 +23,7 @@
       topics = [
         "winkekatze/allcats/eye/set in 2"
         "winkekatze/allcats in 2"
+        "+/command in 2 winkekatze/ \"\""
         "+/status out 2 winkekatze/ \"\""
         "+/connected out 2 winkekatze/ \"\""
       ];

config/hosts/netbox/configuration.nix

@@ -1,7 +0,0 @@
-{ config, pkgs, ... }:
-
-{
-  networking.hostName = "netbox";
-
-  system.stateVersion = "23.05";
-}

config/hosts/netbox/default.nix

@@ -1,12 +0,0 @@
-{ config, pkgs, ... }:
-
-{
-  imports = [
-    ./configuration.nix
-    ./netbox.nix
-    ./networking.nix
-    ./nginx.nix
-    ./postgresql.nix
-    ./sops.nix
-  ];
-}

config/hosts/netbox/netbox.nix

@@ -1,61 +0,0 @@
-# Sources for this configuration:
-# - https://docs.netbox.dev/en/stable/configuration/
-# - https://colmena.cli.rs/unstable/features/keys.html
-# - https://colmena.cli.rs/unstable/reference/deployment.html
-# - https://git.grzb.de/yuri/nix-infra/-/blob/33f2d9e324c2e3a8b1b41c20bce239001bcce9fc/hosts/netbox/secrets.nix
-
-{ config, pkgs, ... }:
-
-{
-  services.netbox = {
-    enable = true;
-    # Explicitly use the patched NetBox package.
-    package = pkgs.netbox_4_1;
-    secretKeyFile = "/run/secrets/netbox_secret_key";
-    keycloakClientSecret = "/run/secrets/netbox_keycloak_secret";
-    settings = {
-      ALLOWED_HOSTS = [ "netbox.hamburg.ccc.de" ];
-      SESSION_COOKIE_SECURE = true;
-      # CCCHH ID (Keycloak) integration.
-      # https://github.com/python-social-auth/social-core/blob/0925304a9e437f8b729862687d3a808c7fb88a95/social_core/backends/keycloak.py#L7
-      # https://python-social-auth.readthedocs.io/en/latest/backends/keycloak.html
-      REMOTE_AUTH_BACKEND = "social_core.backends.keycloak.KeycloakOAuth2";
-      SOCIAL_AUTH_KEYCLOAK_KEY = "netbox";
-      # SOCIAL_AUTH_KEYCLOAK_SECRET set via keycloakClientSecret option.
-      SOCIAL_AUTH_KEYCLOAK_PUBLIC_KEY = "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi/Shi+b2OyYNGVFPsa6qf9SesEpRl5U5rpwgmt8H7NawMvwpPUYVW9o46QW0ulYcDmysT3BzpP3tagO/SFNoOjZdYe0D9nJ7vEp8KHbzR09KCfkyQIi0wLssKnDotVHL5JeUY+iKk+gjiwF9FSFSHPBqsST7hXVAut9LkOvs2aDod9AzbTH/uYbt4wfUm5l/1Ii8D+K7YcsFGUIqxv4XS/ylKqObqN4M2dac69iIwapoh6reaBQEm66vrOzJ+3yi4DZuPrkShJqi2hddtoyZihyCkF+eJJKEI5LrBf1KZB3Ec2YUrqk93ZGUGs/XY6R87QSfR3hJ82B1wnF+c2pw+QIDAQAB";
-      SOCIAL_AUTH_KEYCLOAK_AUTHORIZATION_URL = "https://id.hamburg.ccc.de/realms/ccchh/protocol/openid-connect/auth";
-      SOCIAL_AUTH_KEYCLOAK_ACCESS_TOKEN_URL = "https://id.hamburg.ccc.de/realms/ccchh/protocol/openid-connect/token";
-      SOCIAL_AUTH_PIPELINE = [
-        # The default pipeline as can be found in:
-        # /nix/store/q2jsn56bgkj0nkz0j4w48x3klyn2x4gp-netbox-4.1.7/opt/netbox/netbox/netbox/settings.py
-        "social_core.pipeline.social_auth.social_details"
-        "social_core.pipeline.social_auth.social_uid"
-        "social_core.pipeline.social_auth.social_user"
-        "social_core.pipeline.user.get_username"
-        "social_core.pipeline.user.create_user"
-        "social_core.pipeline.social_auth.associate_user"
-        "netbox.authentication.user_default_groups_handler"
-        "social_core.pipeline.social_auth.load_extra_data"
-        "social_core.pipeline.user.user_details"
-        # Use custom pipeline functions patched in via netbox41OIDCMappingOverlay.
-        # See: https://docs.goauthentik.io/integrations/services/netbox/
-        "netbox.custom_pipeline.add_groups"
-        "netbox.custom_pipeline.remove_groups"
-        "netbox.custom_pipeline.set_roles"
-      ];
-    };
-  };
-
-  sops.secrets."netbox_secret_key" = {
-    mode = "0440";
-    owner = "netbox";
-    group = "netbox";
-    restartUnits = [ "netbox.service" "netbox-rq.service" ];
-  };
-  sops.secrets."netbox_keycloak_secret" = {
-    mode = "0440";
-    owner = "netbox";
-    group = "netbox";
-    restartUnits = [ "netbox.service" "netbox-rq.service" ];
-  };
-}

config/hosts/netbox/networking.nix

@@ -1,22 +0,0 @@
-{ ... }:
-
-{
-  networking = {
-    interfaces.net0 = {
-      ipv4.addresses = [
-        {
-          address = "172.31.17.149";
-          prefixLength = 25;
-        }
-      ];
-    };
-    defaultGateway = "172.31.17.129";
-    nameservers = [ "212.12.50.158" "192.76.134.90" ];
-    search = [ "hamburg.ccc.de" ];
-  };
-
-  systemd.network.links."10-net0" = {
-    matchConfig.MACAddress = "62:ED:44:20:7C:C1";
-    linkConfig.Name = "net0";
-  };
-}

config/hosts/netbox/nginx.nix

@@ -1,67 +0,0 @@
-# Sources for this configuration:
-# - https://nixos.org/manual/nixos/stable/#module-security-acme
-# - https://git.grzb.de/yuri/nix-infra/-/blob/33f2d9e324c2e3a8b1b41c20bce239001bcce9fc/hosts/netbox/nginx.nix
-# - https://docs.netbox.dev/en/stable/installation/5-http-server/
-# - https://github.com/netbox-community/netbox/blob/v3.5.9/contrib/nginx.conf
-
-{ config, pkgs, ... }:
-
-{
-  services.nginx = {
-    enable = true;
-    # So nginx can access the Netbox static files.
-    user = "netbox";
-
-    virtualHosts."acme-netbox.hamburg.ccc.de" = {
-      default = true;
-      enableACME = true;
-      serverName = "netbox.hamburg.ccc.de";
-
-      listen = [
-        {
-          addr = "0.0.0.0";
-          port = 31820;
-        }
-      ];
-    };
-
-    virtualHosts."netbox.hamburg.ccc.de" = {
-      default = true;
-      forceSSL = true;
-      useACMEHost = "netbox.hamburg.ccc.de";
-
-      listen = [
-        {
-          addr = "0.0.0.0";
-          port = 8443;
-          ssl = true;
-          proxyProtocol = true;
-        }
-      ];
-
-      locations."/static/" = {
-        alias = "${config.services.netbox.dataDir}/static/";
-      };
-
-      locations."/" = {
-        proxyPass = "http://${config.services.netbox.listenAddress}:${builtins.toString config.services.netbox.port}";
-      };
-
-      extraConfig = ''
-        # Make use of the ngx_http_realip_module to set the $remote_addr and
-        # $remote_port to the client address and client port, when using proxy
-        # protocol.
-        # First set our proxy protocol proxy as trusted.
-        set_real_ip_from 172.31.17.140;
-        # Then tell the realip_module to get the addreses from the proxy protocol
-        # header.
-        real_ip_header proxy_protocol;
-
-        client_max_body_size 25m;
-      '';
-    };
-  };
-
-  networking.firewall.allowedTCPPorts = [ 8443 31820 ];
-  networking.firewall.allowedUDPPorts = [ 8443 ];
-}

config/hosts/netbox/postgresql.nix

@@ -1,7 +0,0 @@
-{ pkgs, config, ... }:
-
-{
-  services.postgresql = {
-    package = pkgs.postgresql_15;
-  };
-}

config/hosts/netbox/secrets.yaml

@@ -1,234 +0,0 @@
-netbox_secret_key: ENC[AES256_GCM,data:7cVGSlrCo3MEjeLjfeZrL0VZi3+yZqsC3qI+rx+xadic78H0egWCCNaYEHIgtilgFjw=,iv:gnearzPduWcrVLU/FuzS05eNPZ5srX0hqZyElq+19ek=,tag:9MKgFb4eVYE6a5ncx9sgpw==,type:str]
-netbox_keycloak_secret: ENC[AES256_GCM,data:WLPCwl6KmHhyGwpqchZUmTr0XwA1T9asAEXNOSQMfGU=,iv:fsO+Ho18Uz6+y2iohbve1bUKhCR/c2zNrbODR2Jrh3Q=,tag:MWeh7GhdyUJnSzrndA3l3Q==,type:str]
-sops:
-    kms: []
-    gcp_kms: []
-    azure_kv: []
-    hc_vault: []
-    age:
-        - recipient: age13fqs76z2vl5l84dvmmlqjj5xkfsfe85xls8uueul7re9j3ksjs0sw2xc9e
-          enc: |
-            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKaTJ5OEJPeGVPTHp5V2tX
-            c0xYcWtKNG00d3lCQ1JZRERkUFZsaXpyMERJClQwdDFnTVdCRjB0S3hEYkVmclE5
-            dGRUQThYSWhpK2dCQWxSVjhuNEY4TUEKLS0tIC9RS3hSdFZCbTd4eFNNSTgyaXdU
-            V1lQK3YzTWI5ZGdyeGtFQ0E3QXQ3YnMK8sBStC8xBKwpeWkF/HrryWi0hZA69nuw
-            a73HiZuED8KEp5OPME3yC6Ode71uEEaE/av2zp7WUYbCqVpWnwcjSg==
-            -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2024-10-08T23:54:23Z"
-    mac: ENC[AES256_GCM,data:6KwBwJ1uTuOaCTcBs9sgvX+E/bV37ylJmDqYupa3545ba5Y3VMuF2Hx72zzRYPmh5/DmwzDxc/f7TZUheO5jwwwMGGNCYuX2c+nkzLgtovT/yCXTo8vPHNf03fQRHlOq28ztQIG8Ug1s/t4XkA+iuqPdbvyNKLbsJfJBqg4SF44=,iv:SUXPFtW3/pSTBnjAh77G6pJTucHy4VEhUVkELiMJ4JU=,tag:SfLCwPpJuvL7RrIRmN5PGg==,type:str]
-    pgp:
-        - created_at: "2024-05-26T01:07:22Z"
-          enc: |-
-            -----BEGIN PGP MESSAGE-----
-
-            hQIMAxK/JaB2/SdtARAAgiNMTfquNZeRDR0p1DQbGPVx/tCxKng4aQ+6A8x7H3Ul
-            UFSjn+85rFBqTRswDnFM4gSfokBHLW1Ltztqw4aKuYoNLs0vUGJWrkf5dHsJv2Mb
-            YJaHm1iqSwIrgmyI1PWvrZ+cUjgUWBriJOTNlYi2iHWBWqDSQ7O7TUqpeCxiHAp9
-            e6UydzIxsLjl+7gaDW2M/FRJNVKxtq8UBEdg33xLi/eE6O5/fNyo8qBjUUWnG4xb
-            fiuKWgn83n7vsVsmvNJPlsOUrrZoYJAOSm5nymkXlAEQv1LPrSXXYHz8WoOTPDs8
-            29YAX8gvIwK+lc7xFFZAsjQ8JzqcVMyFHsT9N8zWSdaOyGcFcsDwBEICOvVSabb9
-            g3yrI8PKoEkQigeLnzKrkLZX+1vqVkSO7MBWn5xAMMhTTZvH0+MknlYO0pU3ziME
-            Yp6EbvU4OeRbcB6gMt21KQDhiEkPNdwcyxoOtFIWw8tCK57Leyyyb1YU2W7T96M4
-            2fcoAzr5x3xapdvOEgUr7OFzTrc2DRrpx7FKoJFBIy4HEvtJKJvKxcq4aUqznSPG
-            ILpbnH3CEQuWmcGu5fTZ3ggQZW7bM523cz+cwOJjUokhW49D+h7wZjffUuSK1AWS
-            7FwncFVVkNcLAs77p1DFn4A3mUjdh3jl+VAXudgQfOGtLeLDY4+qlMMQSGPoj4fU
-            aAEJAhB0l1X5jqjGE7o/PRwgoaeFl/zwiX8n0k26++hPw2+Vt/b3sT3Ce0zNr30p
-            Yc7h4H8UoN9j6zD96R9MAATHikz7a5EprAshqzV6uy7VNI6bcKVKilLoxVa47Y1p
-            6PA24RxtGxVm
-            =ES/O
-            -----END PGP MESSAGE-----
-          fp: EF643F59E008414882232C78FFA8331EEB7D6B70
-        - created_at: "2024-05-26T01:07:22Z"
-          enc: |-
-            -----BEGIN PGP MESSAGE-----
-
-            hQIMA6EyPtWBEI+2AQ/+OBSrAP5xkjanku4jcpbYrYDMTWRxVfEgNesvuTyQsxVr
-            kKK9THm7MUHbVBkx1xirvpv6XLcLtCwdMnYlBkSCVaztGmb1aowmCn5tWZiVDyE+
-            UPCF0bTXmxjLM+Cav8aweylfD3vAQsPvFLS3XvCBHKWqZ7dNkro+5VTxKmQ+XiZ6
-            t67M5DtltUm8IWOE2DScAgGiBQlCSY23O/zy4U5Sj3Ii+eRHxC1B7NB0Crj01pi7
-            2v6J7yNZnw4vfH3UiRO5Vg9q0QLPp3XR6Xb1J/TJJS6vCUarSbL1/oBjujHkF4hK
-            MEZ+Q3qGnv+dGOzUch4xkEkuWyfIcMTY6JOa3TpkhfkbQwXsph/sD/SaHpRD70Ra
-            PX0vBzSdbtEMea8/pVTOxfFEjPGQIFI1+pdNmCfzhWNbrH6EqjrSOyZXSr6+U3dI
-            Xhpyv2wKuNho0c9jWYqPzY4vhSGRjc9416nfV/o7Ebv659ypBKHtMDcL5kebkCB4
-            W0OwscSRPUXUz2S9XfSa3J80Aakv5S5xvlXo6R/8TDaMWJtZP2vtF4y0elNGOfZM
-            Vn/zlv1htaezQDNznJK+E8bHEF3p92hiuSjO8yMZByIFrAV1AyqY4kiMmW68scA6
-            NBOlxah9xCV7XnD8B1ZCR9FruuYYj9cpwES0lLvISBXJvh1viyHN8Js0uApePInS
-            XgGzDhaZWWyt5TK+Uv2fu8wh6hbX8hmzT9vBLfPz0Gx6Z78RnwflsTqF8svtjSuB
-            zv4z9d/zrysfHY93Gd8kdKkG955f1THz9dELEpYLIwyLoTx1vHlymVP87TuPqxc=
-            =zG3F
-            -----END PGP MESSAGE-----
-          fp: F155144FC925A1BEA1F8A2C59A2A4CD59BFDC5EC
-        - created_at: "2024-05-26T01:07:22Z"
-          enc: |-
-            -----BEGIN PGP MESSAGE-----
-
-            hQIMAz5uSgHG2iMJARAAjT7YVbq2/QthKii2fmj1EZgsDm7ZkcAKJ7Bo0jm7Vgxm
-            wGeBULB0bBoYEiFFO7Kc420Yk6IK+uUG8S8X3bJHUbMzvY/K/kG0eVpXwDJwJPf8
-            o46blkjpmhIiTvvQ4K74AJgsT9W0yXRrPxGz5HIuOG8P8CAqOabZ79ORfd3KFebJ
-            yOvBSyor//XoMB60a7uqQoaWw/+UwRKpz2yncLafD23nyuS5uXsoHNuySHLsI4va
-            y6Nhp4LdpYjjx/DIuzrl/3SCeLgisHL5u5kJ1QaGsfd2z7Tjxk+GoVgs/Wb51uHs
-            vPk0diKrv/kouW7rN20a2ywQETenik7/z2JcEFyZiOPH9KhHk3QGoXdlVVqESz5O
-            OMV5d/ijFW92Z7yuis1jSewGKDDp1FqyR3gIMONl2vK7Pzl1A8v8yQBbY5/fObuM
-            xTs/qwwoqYimokqM3WrjjKgx8oFFstWWzKBT24aCQTajA8vl83v1jfjR7EjBrrAu
-            +J+wBFNpnJiXgECPmJgOtQB+4IA023X1cdgDm2GlR+sPKKSBP+AySMOOp4zMoS4J
-            9xd30ltQp1ncNvU7KaTV0VXRaGb7CEJnlhiN2naYcpcsX+G8bfcrCuZwxtBFiZvY
-            9Ey47LLHP5SPPOWxhnsrPOYidNJd056+uyvnnbUYArjb6s5JUh6KQgjELKCEOIXS
-            XgEUryr5jMrBHLQi7wYHEqWkouH8cFsPAu5O/KOIYvZVIoOzB3DDPtJ4CknNfAMa
-            CTvlOJHJSuweQ4Mq0c+247aWu12V9ZMcTQT4e3g5DYq5TWm58Uidbd/g3FDwLgg=
-            =PqbF
-            -----END PGP MESSAGE-----
-          fp: 18DFCE01456DAB52EA38A6584EDC64F35FA1D6A5
-        - created_at: "2024-05-26T01:07:22Z"
-          enc: |-
-            -----BEGIN PGP MESSAGE-----
-
-            hQIMAw5vwmoEJHQ1AQ//baYynNo2MfmuqEKles0xnZpfPemIyQUnPmRKEtZUl6T6
-            eweGXKF3Ms32ErPhZaT8RNYAk2XX+RRlpJvTcMvLv/rxVTf2QcCAz6vxukmh5una
-            5CJe1H1tcDmXrQ7zkGffktkGcT90/OpRbhMJtp7MKcEzfpdgcw5yCeDpYCRn2r9E
-            /0Eaf72R60ecnr6CaOSIdbpy1QiDMydgmg/QCONBT97RQMJaGN+qAuPz1Fpb/Z+N
-            E/bmtqS39ADYZoB36sy+LCzp+oMLI0DpCHz2ngfFnKbeYeNU9gMXCAda9/ZyMbaI
-            aFjvwlTBsvAklWN36pvG/YxoO1XkN/Mj1N1QBvxP2LYg28X7uBnVUZAyvvQPL6xN
-            U110qThvDvLxgHC1DAfoMygKCDig2oSg3njf8LS1y5XkTag/B1JJT3NcgFI+MMvT
-            5NMaw6HRAgOwWcJ1pJokFZ6zIpLlIbToutJu/Ep4tisyg/G3ybbthqaywg5jkbCT
-            vbhzXpsbqkE+jyx2dWziBbQR9lOoTycRwIs6um+pKuPF7TzfD1GRyqTwtU9TN58D
-            Yl1GN3oz8ZFeGkdy1dXBxMP4EXR1BTdLk14vFGFPbjQ0bAAohOgTSgtGm+iZ73Q/
-            PFNf/3gGt8/Gk0cMl20PFzk3FMyUDOLFl5dOre0THGQelpVbN7fvZuaXOSZjuYXS
-            XgHGFmChf+zsmbKnT0tQfzGtFQb0cHHvkenxC5MCCCPibxwVeHEwcJTtPvvF1QqF
-            9kR3XEpuVFMNFrxsQd/31c5RUTC+sr7W+PRIVgIhdU6RtikIMsmekrunnPeB99U=
-            =o7cj
-            -----END PGP MESSAGE-----
-          fp: 87AB00D45D37C9E9167B5A5A333448678B60E505
-        - created_at: "2024-05-26T01:07:22Z"
-          enc: |-
-            -----BEGIN PGP MESSAGE-----
-
-            hQIMA4HMJd/cQYrVAQ/6A6ealIO6x8Xq3xzjIvZt1R4TvbnF+LmKpW2iG1nO3aVY
-            QOEGUCVdEveWbQBOexKXl1TgfhxIOrPVixJ2KgIZnNxobhgABfF/H/EqXsxUI6n6
-            2mZt8r0ibknzoPn7MmC7ceJt0t8UVFgPlPuT7zb5T2nDrm61WD50tbubJTYTuWmY
-            NE5qhd051/Ohqf1RGB7MEfesDNj0S+J3E0TAjOsAcFoAUwSohUtxONcCSwjiygqM
-            vCC9Z51tMe6pC9n/2MNgb47xd5eqFs9rzfKXxPlnhhRmS1jOmE5fVfmOg9KOkGCu
-            PskiO+hgyQK3q2a+/e/MGuKv3ChCrTloTUBarQW5oRoQnWdoiZh7rVwyNVasGfHW
-            FLEhZuBlyV8w9JqOQTiOx3FN8IhVL2lJIa72Ng+O+AMYuvuSCxv5r+1D88IUlF9B
-            n01qAMC7fUfOpkUPM0yXQ9GTIWt02Mp/7z15t49Uk3izYCGluxVNhLNFxvAZOZh8
-            nfT2Hpf5mkJHMvUD9F9rWFVWPyCD0ORN8k770ziOVEYMadSJ7/HpCHxg5m+TqNnM
-            TNQXID/f7AyoO10zcS8TD0IgDLEjTaPMTPZ1EZ0MvgLQ7MgzPdjdvXOGc0g8L6oa
-            ac9a/NDWeZGDNfj5T88pZStoLJKnTvuuwxk0haabClxCAOysifxINqJ7U6AfkpnS
-            XgHR1vDF871X9kwm/c2zrbJca2sH5pNU/HiLf3IMRTAnmIewYxQAvn3JH+0jUUKH
-            fEt+fZuW9dgfvDzaw4C3FbGxFViRXXFrjqSDGN9JT6VprCmX3Or0RdIjHwdvvhY=
-            =4agQ
-            -----END PGP MESSAGE-----
-          fp: 91213ABAA73B0B73D3C02B5B4E5F372D17BBE67C
-        - created_at: "2024-05-26T01:07:22Z"
-          enc: |-
-            -----BEGIN PGP MESSAGE-----
-
-            hQIMAxjNhCKPP69fAQ//R+9lFm16WjGtRkq3zcPbva2SpijBjVBfuL2veFyeDq5G
-            H09EL0+A9IJ5rPI4Y6HJ2LhnqUWg7NRHbmM48bHla5NDtCNB+YsU1rNc4oGIf/TJ
-            JRob3u660+BxRiEO/Agc925BeQS7xoPSIQTTkzMKEGih2aUj3Im0JHBd6p3UWnsn
-            ZTUy4rkZHhUot1vHSOh1RTRDQHdDMTFpzPA66nH2y9tyz79jhqEFUCZIVIB5dGWv
-            blFqZgoVf9Piw/7ic9FHuNRy/5tia7SGN6xIu3OlR3TU+z7fvjUAHG9Afm0FINfm
-            fS7SRg+y/6wUWVGL8NSQWQLdnMnUt7E2DSu5IY6S6ToZTDxpNM9Waw89GQbUe+Jg
-            APzUtmXt2VNZ7faIE+tE0LJs2x5OGNxALKgj+K9ZFl6oIL8E7PB4ncxDlTsCRiz/
-            H15LzKYMWcYAntMVuVbyyzKUh/3KdZWfs31PV+JIQuazVUQgO9R3myn1Y9SnvZdQ
-            dIwvfYBOmwhC6oCkJB3Pj4yOoE6gtacZBeeUZwScDxH6h+D3MFrF/1bgiKZs26m+
-            VfuTS2vxUAln9werKIGAbQWZmtCOkRdyVIJyeo31zO3hy/xdfzlZdBijcOqZDeho
-            FP+WDUAySkSahqV1pr+jIMsaejRglJo/GfCGPdtBYAuB872VpdiQ8g3i0CW7eSfS
-            XgH5YBfA4EgJSxRdCpBO25i0SyxlNK2WJ9INQbu4xyfBfsZYyhKo1RbmD+60t/xw
-            Lxeg8plFAuBPvQCRCGvda1y9uw66Hmxt0QKtScd3MXwOk2Q2u04cIPDZ/KAtC4g=
-            =x1QX
-            -----END PGP MESSAGE-----
-          fp: F38C9D4228FC6F674E322D9C3326D914EB9B8F55
-        - created_at: "2024-05-26T01:07:22Z"
-          enc: |-
-            -----BEGIN PGP MESSAGE-----
-
-            hQIMA1Hthzn+T1OoAQ/6AgZkGRrZDbtTDEkksKQ84CsGyRBMioOrYfHDSyRb7URZ
-            RDVLfqr25Iz48kYR1n2nMo+O7QyayjTwaEAwFLFSTIpRKN6/9fT2ZVJxUfgLUWhH
-            I1OYMmRr9f/30OUMw8uTlCMqznkdoSjBmm0CX2Mu3YyRDUokzZa+ixRHX9TRBrKz
-            GSfJvHm77HTamvJLZcHnrVi9YH0KL7cQ8ileNHbUbCqmG+rrhiwz+gRp9aJ7pbnw
-            Qp7TaafrQKFh0Zsbmwuzcv030TJvuZboWpMIuGoeOWqv6tzSFhUV8eUu6UnM/2fg
-            arflryayYFRDUkysHONGoHviygefHr3+dIkneVO7tJ4ePYnFYhLvUsps4KASoHMF
-            dHMOwaPQDnBYo/ADiar1fgagYD/1Yns2SpsA1eqWwTE+hp+jwQi0mzYMLM3xl9YA
-            cMuqIOnXvpnuXYIRmooFtf/JkoJkYDV+8gbowZU52FJbB15QsPUgN47aixkWzJxj
-            6iV34LoF783DGQTnoMzgV9bDXa3RE1UgxjdFV6TNsPQvmWQJe+NNhqdkhH3MwLTG
-            jMGAwUNsPnmvCg4xPZlZMiuGhi3vxC4Fj6MWUw8uJbxCv83FPYwmpHCGVNwpDhFC
-            rRLk9vo1Dsm0oMHHLDxS9gTlg7FCrEyXinHBEq/11wigACM217oyg28nWxd6iA/S
-            XgHgxWlTQiYOWBRdJuJrPwXpNIHlsNDuE5YantoGFx6ykGT5H42HFlll7xGq6xVq
-            pssSfJK++lqWpvX076vh9tfwa40N2neO/vQ+8jBXr3dP6Vj/FUA8IUDVjc9xxAc=
-            =FXTF
-            -----END PGP MESSAGE-----
-          fp: 5DA93D5C9D7320E1BD3522C79C78172B3551C9FD
-        - created_at: "2024-05-26T01:07:22Z"
-          enc: |-
-            -----BEGIN PGP MESSAGE-----
-
-            hQIMA46L6MuPqfJqARAAlG+nZhDVZX/+nHA+dPdw2RSGeXrIaxe0gjkGShZOVhmq
-            /iOfY7IgRzfp03BCJxRZwTYZu9hcg25jmW1havkmv5NPMDrmhgg9nX1AgyJaOgTo
-            FCPlXAvBSyWPGv+xgi63ttakHhobOympBj4hSzXdLg3RhkZ7KHci4Qz7XVfOpJ+j
-            wl/HKkNmkLiPiA7kYk8SOwJMFO89dMphHQBc81cZAptwfz9snTP7v6iBVvQDvF8h
-            3y5QPpfKEJZy0+GlqbMvRASHNx+w2GXIk6F/ldMt9rq9IJvR0od0p15aXCcO6TzC
-            Yzo7lIyyxqp9NQyN0S/DwzH0Uqj2CFMYdoKeFTNXG4a9fkVorj8+4rmJPewDxc4a
-            6Pc1hrQc6qoN+7o0Fj4xYkSO615gmVwZprWLQqgdkSMSPklecMX1d7WmkmIHNBk8
-            wkFUT0yBoedBiOTIHXRXhnQ8/4fkbRw7HYA3R4CqT7njtvqC0VWfwLISubuQ38tf
-            wbGKg5Bzzt+T176VoOfjau4aDoy3S1aGQcVKD19egj4l/eO+SvHl3UVZNUipkB3C
-            7MUqORS2kOh+IIqdSjYKvn7+MuAM5UP5GdzIoHaPPSCTUPdUjOLFPb+bjonTReQM
-            N4slvyssD3pgy9cwNofVtsmgVrc4Cv9mTo6rygeAq7wWxkl5hvVcmkhRN6zXD4TS
-            XgHV1a+C7ZWICtKI1u19NVYkjDkRrbQx96UdAkKquofpaQjxxXsz4SDi94BB2dCS
-            z+S2ZjOtweynhey1QPOLLmNUvZLE+SGsKmwkrMCBdtSyTbRXHSqPHt0Lc77tUhE=
-            =7WGw
-            -----END PGP MESSAGE-----
-          fp: 8996B62CBD159DCADD3B6DC08BB33A8ABCF7BC4A
-        - created_at: "2024-05-26T01:07:22Z"
-          enc: |-
-            -----BEGIN PGP MESSAGE-----
-
-            hQIMA4EEKdYEzV0pAQ/9Ek8xSUknHMyj7pFgR6oME3Q/az5CykwxpkKFZgafhxWQ
-            nA2Ge4y3Px+rSoPPPtxtb32lw4PcWV+P1Y4EdtpinsuW9xlSWJvE8Yp6C0BBFceu
-            3k3O2sPHlF0yeJgjS+rhpqPppRn5nlvmD+E9ZiJGQNOEUxmrdgoNLonazlLqcgjO
-            07CQdgHp9AuBthhlEU+UgdVdfHMV83KhhyOIf+mhEUU4cQWL3X/J2Sm6jtAowA92
-            fiAA7U8UXEt4lFEXle6Xj/1LtBI5zI8YHrE3xX6kN0Byf+ydtAM1eqjGb0dL7u6W
-            24CavCODfgWepuK97Jo++umTfN8wkLlfpbaNro2EpAdD5Q9CeGSzXk1PjFmsZgAb
-            QVOxo8kiTULEgMTI55pqg4GT4pglbofsQRMuk2IZPj1a9ScJjOxZIm0VUXG9AAZi
-            BogAuiObch3orMm2KGeSX1s6HyHrvQjuXDNPHoC2yFJ2oBu1QIHy/hAFLnOcNW/U
-            3JfhWHLpMHQgu9lFzkTlobg+4Lg1MHlXtSApwdmMIcrAJcm/l/7+x1J/TVVRQAdP
-            zyzWLA9AGjRv0Vud6lhCnL2FjsUVUWA+S8G+OYqxpkp70Ku1a5z3e7P8CoAtzDoe
-            RZLRwjawjgfyKpEvbN+s2UvWqtgvRPqiudG4cAZs5GecLxO8ItahyklRZ47G8JnS
-            XgEdyiiO06vx5LMszt/tFXtoIKlaWnbB0oLyIwm8un55VnJija5OVrFfdQYhp4fQ
-            yvRQ9uAM32WVjQ+gKVVQ3pAHgF2Lu67E7HtZtdmdLkWafybEWUsqGZyDzDvchZs=
-            =pFkW
-            -----END PGP MESSAGE-----
-          fp: 9DFA033E3DAEBAD7FDD71B056C7AAA54BE05F7BA
-        - created_at: "2024-05-26T01:07:22Z"
-          enc: |-
-            -----BEGIN PGP MESSAGE-----
-
-            hF4DQrf1tCqiJxoSAQdAeCb2j6cmTulJV2huSow62xTILgzf8/OOo5lED9+T5VQw
-            kBqubSVgy3jiW7lfjAK8U5Wh0ITb+6AR9kDLRE0WCxNbrOaeGado1VEalTw00Q58
-            0l4B+PeAZBg82rPUegAvU7UnnUIC3nGVzN4CEdPRpPcrG99V6VvXOks+s4DLky16
-            5FOihlYbf5nCD7OFbc3yys3MbUVuHda8x8H0BkuxDR81Wf4Q+HXCg8OUhncB57zN
-            =Lvnj
-            -----END PGP MESSAGE-----
-          fp: B71138A6A8964A3C3B8899857B4F70C356765BAB
-        - created_at: "2024-05-26T01:07:22Z"
-          enc: |-
-            -----BEGIN PGP MESSAGE-----
-
-            hQIMAzdAjw8ldn6CAQ//UFokgDfUkScPVlJ+YnFw+W8eLk6y2YVI+nTCCZO9fhPB
-            77aDFY+yJG/BfEzjZNwQbISBjt+OuxVSSam52B+4FQkolr3KRhkfkuS16Fe9PwOg
-            XLMRoDba416ZtwAKz9HznFnPAzyPOwAn8yuF9RMp0KFP3ko+NSRAvOgja+jjPOl7
-            4BNkH6w5SAoE8u5jyQKIV9OB4W8RCVX30bYo2XzxjOcK1L+9EygoR+1CVOkbx8p/
-            T2i3mBdy3EtQ+86nSMPjGrSqURaUaKbCN/ygrSMhN/Pl/FvLiEEHamj2dVXPdHRV
-            k4bR51ZjO+U056PAB2Z5yK1Mpp0d0xpi5+QdOdi3eEqnGCXFq4Xz7NHUrmdy8Zug
-            QPnlMqibC3Wqdee4uhPbCHe0veF/VLaNAlyGkBHw7q66Ln2MY8coKPoiR8K4CD8o
-            9dtsV/qDvdFhziqsWCBjTwtFct2x/qEcRnzm1kvpyKwe2zV15lHA9WLafZVQ8eNk
-            U8yxBDETa8Bwd9voJ9NqYTcnyQLRJ3sZcvfkWQ7D5NOvmdHD5vF+gm5zJzR4EGN2
-            kSiqwZvztVuQCm6EOe0pJqp774KZXWW9eHc6CaNwkT5cmWjWu1wdHYhRk32HdhxX
-            1FQF3MxxACwDg9kj/s7gpWLlsofN4NM/QtHoGRh1wDQJGm8IZyH2qxpsgcXX9YHS
-            XgGX4oCWpHLRyRuHPb0xvjAdVX20WQKLzAtXvJkRMUd+Xt348nkZ4ZCqqfQ4eKPU
-            02FoWeCVqWTUyoaaHC87HFXUNJ4Gc+9AsWlbB9yA8nAm1z4wWHHFqZS2duu28ow=
-            =WqHP
-            -----END PGP MESSAGE-----
-          fp: 3D70F61E07F64EC4E4EF417BEFCD9D20F58784EF
-    unencrypted_suffix: _unencrypted
-    version: 3.8.1

config/hosts/netbox/sops.nix

@@ -1,7 +0,0 @@
-{ ... }:
-
-{
-  sops = {
-    defaultSopsFile = ./secrets.yaml;
-  };
-}

config/hosts/nix-box-june/configuration.nix

@@ -1,7 +0,0 @@
-{ config, pkgs, ... }:
-
-{
-  networking.hostName = "nix-box-june";
-
-  system.stateVersion = "23.11";
-}

config/hosts/nix-box-june/default.nix

@@ -1,10 +0,0 @@
-{ config, pkgs, ... }:
-
-{
-  imports = [
-    ./configuration.nix
-    ./emulated-systems.nix
-    ./networking.nix
-    ./users.nix
-  ];
-}

config/hosts/nix-box-june/emulated-systems.nix

@@ -1,5 +0,0 @@
-{ config, pkgs, ... }:
-
-{
-  boot.binfmt.emulatedSystems = [ "aarch64-linux" ];
-}

config/hosts/nix-box-june/networking.nix

@@ -1,22 +0,0 @@
-{ ... }:
-
-{
-  networking = {
-    interfaces.net0 = {
-      ipv4.addresses = [
-        {
-          address = "172.31.17.158";
-          prefixLength = 25;
-        }
-      ];
-    };
-    defaultGateway = "172.31.17.129";
-    nameservers = [ "212.12.50.158" "192.76.134.90" ];
-    search = [ "hamburg.ccc.de" ];
-  };
-
-  systemd.network.links."10-net0" = {
-    matchConfig.MACAddress = "BC:24:11:6A:33:5F";
-    linkConfig.Name = "net0";
-  };
-}

config/hosts/nix-box-june/users.nix

@@ -1,59 +0,0 @@
-{ lib, ... }:
-
-{
-  users.users = {
-    chaos.openssh.authorizedKeys.keys = lib.mkForce [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOqCxniUEAZAYqL5zbisFfYcQx+7iDRrMo4Pz4uWXq5b julian@01_id_ed25519" ];
-    colmena-deploy.openssh.authorizedKeys.keys = lib.mkForce [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOqCxniUEAZAYqL5zbisFfYcQx+7iDRrMo4Pz4uWXq5b julian@01_id_ed25519" ];
-
-    djerun = {
-      isNormalUser = true;
-      openssh.authorizedKeys.keys = [
-        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGWXk9N9GoDyvaB0mnX448IvzKKsMv0eFZKvjqmsJ3In djerun@chaos.ferrum.local"
-        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINQsu6WSAXsF45wGmw2spQUWopsgioUuFI8hKLBW/WVk djerun@chaos-noc.ferrum.local"
-      ];
-    };
-    june = {
-      isNormalUser = true;
-      openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOqCxniUEAZAYqL5zbisFfYcQx+7iDRrMo4Pz4uWXq5b julian@01_id_ed25519" ];
-    };
-    jtbx = {
-      isNormalUser = true;
-      openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIBQgnQAq6FUSDK8bxtYPjx3oRCAKG+xy9J3Gas2ztJk jannik@Magrathea.local" ];
-    };
-    dario = {
-      isNormalUser = true;
-      openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPZtJwNPEIfNsAxBfWgxAeoKX1ajORPvs6L5S+qipJ7J dario@ccchh" ];
-    };
-    yuri = {
-      isNormalUser = true;
-      openssh.authorizedKeys.keys = [
-        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDdk3FLQRoCWxdOxg4kHcPqAu3QQOs/rY9na2Al2ilGl yuri@violet"
-        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJEvM35w+UaSpDTuaG5pGPgfHcfwscr+wSZN9Z5Jle82 yuri@kiara"
-      ];
-    };
-    max = {
-      isNormalUser = true;
-      openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINHNGDzZqmiFUH75oq1npZTyxV0B7eSJES/29UJxTXBc max@iridium" ];
-    };
-    haegar = {
-      isNormalUser = true;
-      openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMhWTkvLI/rp6eyTemuFZRbt2xxRtal7fu668nnb/ekU haegar@aurora" ];
-    };
-    stb = {
-      isNormalUser = true;
-      openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEgVuX9phyXImxqvof+49UXhiSQ+VGizeU4LrPcZY1Hy stb@lassitu.de 20230418" ];
-    };
-    hansenerd = {
-      isNormalUser = true;
-      openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBxujzHK49IBtYKPgnTCDQEiIxgzzlQ846tmU+6TcMIi hansenerd" ];
-    };
-    echtnurich = {
-      isNormalUser = true;
-      openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOWWxkGFje1CJbZTB2Kv8hxZpvRR8qyw2IarRIHnQj3+ echtnurich" ];
-    };
-    c6ristian = {
-      isNormalUser = true;
-      openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOgfWcCrsVSXvYEssbfMOy2DnfkGSx+ZRnPLtjVNSxbf c6ristian" ];
-    };
-  };
-}

config/hosts/public-web-static/virtualHosts/c3cat.de.nix

@@ -40,6 +40,10 @@ in {
         return = "302 https://c3cat.de$request_uri";
       };
 
+      locations."/manuals/eh22-rgb-ears" = {
+        return = "307 https://www.c3cat.de/rgb-ears.html";
+      };
+
       extraConfig = ''
         # Make use of the ngx_http_realip_module to set the $remote_addr and
         # $remote_port to the client address and client port, when using proxy
@@ -67,6 +71,10 @@ in {
 
       root = "${dataDir}";
 
+      locations."/manuals/eh22-rgb-ears" = {
+        return = "307 https://c3cat.de/rgb-ears.html";
+      };
+
       extraConfig = ''
         # Make use of the ngx_http_realip_module to set the $remote_addr and
         # $remote_port to the client address and client port, when using proxy

config/hosts/public-web-static/virtualHosts/element.hamburg.ccc.de.nix

@@ -1,10 +1,10 @@
 { pkgs, ... }:
 
 let
-  elementWebVersion = "1.11.84";
+  elementWebVersion = "1.11.95";
   element-web = pkgs.fetchzip {
-    url = "https://github.com/vector-im/element-web/releases/download/v${elementWebVersion}/element-v${elementWebVersion}.tar.gz";
-    sha256 = "sha256-z2qaKKyUq2S/r3xUUU3ym0FgFbiQr6bcltuKvUMPbH4=";
+    url = "https://github.com/element-hq/element-web/releases/download/v${elementWebVersion}/element-v${elementWebVersion}.tar.gz";
+    sha256 = "sha256-Bs1oYfJ5xXNpQJL92U0/3s979DKfdSZsBo5febp4QGc=";
   };
   elementSecurityHeaders = ''
     # Configuration best practices

config/hosts/status/networking.nix

@@ -11,14 +11,14 @@
       ];
       ipv6.addresses = [
         {
-          address = "2a07:c480:0:1ce::f";
+          address = "2a07:c481:1:1::a";
           prefixLength = 64;
         }
       ];
     };
     defaultGateway = "10.31.206.1";
-    defaultGateway6 = "2a07:c480:0:1ce::1";
-    nameservers = [ "10.31.206.1" "2a07:c480:0:1ce::1" ];
+    defaultGateway6 = "2a07:c481:1:1::1";
+    nameservers = [ "10.31.206.1" "2a07:c481:1:1::1" ];
     search = [ "z9.ccchh.net" ];
   };
 

deployment_configuration.json

@@ -3,9 +3,6 @@
     "targetUser": "colmena-deploy"
   },
   "hosts": {
-    "netbox": {
-      "targetHostname": "netbox-intern.hamburg.ccc.de"
-    },
     "matrix": {
       "targetHostname": "matrix-intern.hamburg.ccc.de"
     },
@@ -18,12 +15,6 @@
     "forgejo-actions-runner": {
       "targetHostname": "forgejo-actions-runner-intern.hamburg.ccc.de"
     },
-    "eh22-wiki": {
-      "targetHostname": "eh22-wiki-intern.hamburg.ccc.de"
-    },
-    "nix-box-june": {
-      "targetHostname": "nix-box-june-intern.hamburg.ccc.de"
-    },
     "mjolnir": {
       "targetHostname": "mjolnir-intern.hamburg.ccc.de"
     },

flake.lock

@@ -35,11 +35,11 @@
         "nixpkgs": "nixpkgs"
       },
       "locked": {
-        "lastModified": 1737057290,
-        "narHash": "sha256-3Pe0yKlCc7EOeq1X/aJVDH0CtNL+tIBm49vpepwL1MQ=",
+        "lastModified": 1742568034,
+        "narHash": "sha256-QaMEhcnscfF2MqB7flZr+sLJMMYZPnvqO4NYf9B4G38=",
         "owner": "nix-community",
         "repo": "nixos-generators",
-        "rev": "d002ce9b6e7eb467cd1c6bb9aef9c35d191b5453",
+        "rev": "42ee229088490e3777ed7d1162cb9e9d8c3dbb11",
         "type": "github"
       },
       "original": {
@@ -66,16 +66,16 @@
     },
     "nixpkgs_2": {
       "locked": {
-        "lastModified": 1737665804,
-        "narHash": "sha256-fY95Rp63NFzOwRFO6+RGi/UTyxgqmFmKtQ/DWg+6vsQ=",
+        "lastModified": 1745279238,
+        "narHash": "sha256-AQ7M9wTa/Pa/kK5pcGTgX/DGqMHyzsyINfN7ktsI7Fo=",
         "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "c87f6eefb71ddde46ecc7fb128dd3f86e48ae69c",
+        "rev": "9684b53175fc6c09581e94cc85f05ab77464c7e3",
         "type": "github"
       },
       "original": {
         "owner": "nixos",
-        "ref": "nixos-24.11-small",
+        "ref": "nixos-24.11",
         "repo": "nixpkgs",
         "type": "github"
       }
@@ -95,11 +95,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1737411508,
-        "narHash": "sha256-j9IdflJwRtqo9WpM0OfAZml47eBblUHGNQTe62OUqTw=",
+        "lastModified": 1745310711,
+        "narHash": "sha256-ePyTpKEJTgX0gvgNQWd7tQYQ3glIkbqcW778RpHlqgA=",
         "owner": "Mic92",
         "repo": "sops-nix",
-        "rev": "015d461c16678fc02a2f405eb453abb509d4e1d4",
+        "rev": "5e3e92b16d6fdf9923425a8d4df7496b2434f39c",
         "type": "github"
       },
       "original": {

flake.nix

@@ -5,7 +5,7 @@
     # Use the NixOS small channels for nixpkgs.
     # https://nixos.org/manual/nixos/stable/#sec-upgrading
     # https://github.com/NixOS/nixpkgs
-    nixpkgs.url = "github:nixos/nixpkgs/nixos-24.11-small";
+    nixpkgs.url = "github:nixos/nixpkgs/nixos-24.11";
 
     # Add nixos-generators as an input.
     # See here: https://github.com/nix-community/nixos-generators#using-in-a-flake
@@ -40,13 +40,6 @@
         proxmox-vm = ./config/proxmox-vm;
         prometheus-exporter = ./config/extra/prometheus-exporter.nix;
       };
-      overlays = {
-        netbox41OIDCMappingOverlay = final: prev: {
-          netbox_4_1 = prev.netbox_4_1.overrideAttrs (finalAttr: previousAttr: {
-            patches = previousAttr.patches ++ [ ./patches/0001_oidc_group_and_role_mapping_custom_pipeline.patch ];
-          });
-        };
-      };
       nixosConfigurations = {
         audio-hauptraum-kueche = nixpkgs.lib.nixosSystem {
           inherit system specialArgs;
@@ -84,18 +77,6 @@
           ];
         };
 
-        netbox = nixpkgs.lib.nixosSystem {
-          inherit system specialArgs;
-          modules = [
-            self.nixosModules.common
-            self.nixosModules.proxmox-vm
-            sops-nix.nixosModules.sops
-            self.nixosModules.prometheus-exporter
-            ./config/hosts/netbox
-            { nixpkgs.overlays = [ self.overlays.netbox41OIDCMappingOverlay ]; }
-          ];
-        };
-
         matrix = nixpkgs.lib.nixosSystem {
           inherit system specialArgs;
           modules = [
@@ -149,26 +130,6 @@
           ];
         };
 
-        eh22-wiki = nixpkgs.lib.nixosSystem {
-          inherit system specialArgs;
-          modules = [
-            self.nixosModules.common
-            self.nixosModules.proxmox-vm
-            self.nixosModules.prometheus-exporter
-            ./config/hosts/eh22-wiki
-          ];
-        };
-
-        nix-box-june = nixpkgs.lib.nixosSystem {
-          inherit system specialArgs;
-          modules = [
-            self.nixosModules.common
-            self.nixosModules.proxmox-vm
-            self.nixosModules.prometheus-exporter
-            ./config/hosts/nix-box-june
-          ];
-        };
-
         yate = nixpkgs.lib.nixosSystem {
           inherit system specialArgs;
           modules = [

patches/0001_oidc_group_and_role_mapping_custom_pipeline.patch

@@ -1,61 +0,0 @@
-diff --git a/netbox/netbox/custom_pipeline.py b/netbox/netbox/custom_pipeline.py
-new file mode 100644
-index 000000000..470f388dc
---- /dev/null
-+++ b/netbox/netbox/custom_pipeline.py
-@@ -0,0 +1,55 @@
-+# Licensed under Creative Commons: CC BY-SA 4.0 license.
-+# https://github.com/goauthentik/authentik/blob/main/LICENSE
-+# https://github.com/goauthentik/authentik/blob/main/website/integrations/services/netbox/index.md
-+# https://docs.goauthentik.io/integrations/services/netbox/
-+from netbox.authentication import Group
-+
-+class AuthFailed(Exception):
-+    pass
-+
-+def add_groups(response, user, backend, *args, **kwargs):
-+    try:
-+        groups = response['groups']
-+    except KeyError:
-+        pass
-+
-+    # Add all groups from oAuth token
-+    for group in groups:
-+        group, created = Group.objects.get_or_create(name=group)
-+        user.groups.add(group)
-+
-+def remove_groups(response, user, backend, *args, **kwargs):
-+    try:
-+        groups = response['groups']
-+    except KeyError:
-+        # Remove all groups if no groups in oAuth token
-+        user.groups.clear()
-+        pass
-+
-+    # Get all groups of user
-+    user_groups = [item.name for item in user.groups.all()]
-+    # Get groups of user which are not part of oAuth token
-+    delete_groups = list(set(user_groups) - set(groups))
-+
-+    # Delete non oAuth token groups
-+    for delete_group in delete_groups:
-+        group = Group.objects.get(name=delete_group)
-+        user.groups.remove(group)
-+
-+
-+def set_roles(response, user, backend, *args, **kwargs):
-+    # Remove Roles temporary
-+    user.is_superuser = False
-+    user.is_staff = False
-+    try:
-+        groups = response['groups']
-+    except KeyError:
-+        # When no groups are set
-+        # save the user without Roles
-+        user.save()
-+        pass
-+
-+    # Set roles is role (superuser or staff) is in groups
-+    user.is_superuser = True if 'superusers' in groups else False
-+    user.is_staff = True if 'staff' in groups else False
-+    user.save()