Compare commits
82 commits
ptouch-pri
...
main
Author | SHA1 | Date | |
---|---|---|---|
christian | 1fcd8c6421 | ||
christian | ff1a12846a | ||
June | 2ba371f8cd | ||
June | c8e7bd1ccf | ||
jopejoe1 | 4fc8e31df0 | ||
9d9b8ede02 | |||
June | 4f789adb21 | ||
June | ec64eebfd6 | ||
June | fefff391b7 | ||
dequis | 9d1521c485 | ||
June | accd31173b | ||
June | 8165d22159 | ||
June | ecdaa2d5f6 | ||
Stefan Bethke | de2390c78d | ||
June | 2fe65b0513 | ||
June | 804094aaeb | ||
christian | da8e2bbbf4 | ||
June | 05b96b8fae | ||
June | c54b655b0e | ||
June | 68f11ad955 | ||
June | 445bf05842 | ||
cd8108fc9b | |||
June | 1b755b4eab | ||
June | b26320f999 | ||
June | 0395484ea9 | ||
dequis | 9b751fa1ed | ||
5bbc8aa03e | |||
June | 178777007f | ||
June | faffcb7d54 | ||
June | 1ffc959ce3 | ||
June | 028b5dc9e8 | ||
June | 35e5fbc8a2 | ||
June | b30015fee1 | ||
June | e88982d7c7 | ||
June | a2102b064f | ||
christian | 59b540c9e3 | ||
June | a271fddff8 | ||
June | 1185f9bb41 | ||
June | 9f56692222 | ||
June | 7058ec3582 | ||
June | 026e47d055 | ||
June | be7f6e4917 | ||
June | f5432bd682 | ||
June | 1aff46745a | ||
June | df17b25009 | ||
June | dfcb961fd3 | ||
June | 3059843e1a | ||
June | f3f5d5a611 | ||
June | 33599951ef | ||
June | 6411ae8b80 | ||
christian | b30952a049 | ||
fi | 8a2d406d4e | ||
June | bb2f1e1252 | ||
June | d08007fd1c | ||
echtnurich | 22eff92488 | ||
June | bc98327cda | ||
June | 06e52eed74 | ||
christian | 579b63fe89 | ||
June | ef1710b09f | ||
June | 46e43e51aa | ||
June | 9d7f9d0ec8 | ||
June | 41f04732c2 | ||
June | a7541eefa8 | ||
June | 58ec317b02 | ||
June | 7c7da0db05 | ||
June | 3aae597752 | ||
June | dc439abefe | ||
June | 154edc1972 | ||
June | 361ccac69f | ||
June | 88e3da11a6 | ||
June | eab3523033 | ||
June | ca816ba50b | ||
June | 475ab8cc66 | ||
June | 320f4afb4a | ||
June | c378fc64c6 | ||
June | c96486aa91 | ||
June | 14bbdea9dc | ||
June | 856c4ac696 | ||
June | bc6af32a36 | ||
June | b229494eac | ||
June | c97f169b77 | ||
christian | 6a0218c132 |
23
.editorconfig
Normal file
23
.editorconfig
Normal file
|
@ -0,0 +1,23 @@
|
||||||
|
root = true
|
||||||
|
|
||||||
|
[*]
|
||||||
|
end_of_line = lf
|
||||||
|
insert_final_newline = true
|
||||||
|
indent_style = space
|
||||||
|
charset = utf-8
|
||||||
|
|
||||||
|
[*.nix]
|
||||||
|
indent_size = 2
|
||||||
|
trim_trailing_whitespace = true
|
||||||
|
|
||||||
|
[*.md]
|
||||||
|
indent_size = 2
|
||||||
|
trim_trailing_whitespace = false
|
||||||
|
|
||||||
|
[*.json]
|
||||||
|
indent_size = 2
|
||||||
|
trim_trailing_whitespace = true
|
||||||
|
|
||||||
|
[*.yaml]
|
||||||
|
indent_size = 2
|
||||||
|
trim_trailing_whitespace = true
|
165
.sops.yaml
Normal file
165
.sops.yaml
Normal file
|
@ -0,0 +1,165 @@
|
||||||
|
keys:
|
||||||
|
- &admin_gpg_djerun EF643F59E008414882232C78FFA8331EEB7D6B70
|
||||||
|
- &admin_gpg_stb F155144FC925A1BEA1F8A2C59A2A4CD59BFDC5EC
|
||||||
|
- &admin_gpg_jtbx 18DFCE01456DAB52EA38A6584EDC64F35FA1D6A5
|
||||||
|
- &admin_gpg_yuri 87AB00D45D37C9E9167B5A5A333448678B60E505
|
||||||
|
- &admin_gpg_june 91213ABAA73B0B73D3C02B5B4E5F372D17BBE67C
|
||||||
|
- &admin_gpg_haegar F38C9D4228FC6F674E322D9C3326D914EB9B8F55
|
||||||
|
- &admin_gpg_dario 5DA93D5C9D7320E1BD3522C79C78172B3551C9FD
|
||||||
|
- &admin_gpg_echtnurich 8996B62CBD159DCADD3B6DC08BB33A8ABCF7BC4A
|
||||||
|
- &admin_gpg_max 9DFA033E3DAEBAD7FDD71B056C7AAA54BE05F7BA
|
||||||
|
- &admin_gpg_c6ristian B71138A6A8964A3C3B8899857B4F70C356765BAB
|
||||||
|
- &admin_gpg_dante 3D70F61E07F64EC4E4EF417BEFCD9D20F58784EF
|
||||||
|
- &host_age_git age18zaq9xg9nhqyl8g7mvrqhsx4qstay5l9cekq2g80vx4920pswdfqpeafd7
|
||||||
|
- &host_age_forgejo_actions_runner age10xz2l7ghul7023awcydf4q3wurmszy2tafnadlarj0tvm7kl033sjw5f8t
|
||||||
|
- &host_age_matrix age1f7ams0n2zy994pzt0u30h8tex6xdcernj59t4d70z4kjsyzrr3wsy87xzk
|
||||||
|
- &host_age_netbox age13fqs76z2vl5l84dvmmlqjj5xkfsfe85xls8uueul7re9j3ksjs0sw2xc9e
|
||||||
|
- &host_age_public_web_static age19s7r8sf7j6zk24x9vumawgxpd2q8epyv7p9qsjntw7v9s3v045mqhmsfp0
|
||||||
|
- &host_age_mjolnir age1ej52kwuj8xraxdq685eejj4dmxpfmpgt4d8jka98rtpal6xcueqq9a6wae
|
||||||
|
- &host_age_woodpecker age1klxtcr23hers0lh4f5zdd53tyrtg0jud35rhydstyjq9fjymf9hsn2a8ch
|
||||||
|
- &host_age_penpot age10ku5rphtsf2lcxg78za7f2dad5cx5x9urgkce0d7tyqwq2enva9sqf7g8r
|
||||||
|
creation_rules:
|
||||||
|
- path_regex: config/hosts/git/.*
|
||||||
|
key_groups:
|
||||||
|
- pgp:
|
||||||
|
- *admin_gpg_djerun
|
||||||
|
- *admin_gpg_stb
|
||||||
|
- *admin_gpg_jtbx
|
||||||
|
- *admin_gpg_yuri
|
||||||
|
- *admin_gpg_june
|
||||||
|
- *admin_gpg_haegar
|
||||||
|
- *admin_gpg_dario
|
||||||
|
- *admin_gpg_echtnurich
|
||||||
|
- *admin_gpg_max
|
||||||
|
- *admin_gpg_c6ristian
|
||||||
|
- *admin_gpg_dante
|
||||||
|
age:
|
||||||
|
- *host_age_git
|
||||||
|
- path_regex: config/hosts/forgejo-actions-runner/.*
|
||||||
|
key_groups:
|
||||||
|
- pgp:
|
||||||
|
- *admin_gpg_djerun
|
||||||
|
- *admin_gpg_stb
|
||||||
|
- *admin_gpg_jtbx
|
||||||
|
- *admin_gpg_yuri
|
||||||
|
- *admin_gpg_june
|
||||||
|
- *admin_gpg_haegar
|
||||||
|
- *admin_gpg_dario
|
||||||
|
- *admin_gpg_echtnurich
|
||||||
|
- *admin_gpg_max
|
||||||
|
- *admin_gpg_c6ristian
|
||||||
|
- *admin_gpg_dante
|
||||||
|
age:
|
||||||
|
- *host_age_forgejo_actions_runner
|
||||||
|
- path_regex: config/hosts/matrix/.*
|
||||||
|
key_groups:
|
||||||
|
- pgp:
|
||||||
|
- *admin_gpg_djerun
|
||||||
|
- *admin_gpg_stb
|
||||||
|
- *admin_gpg_jtbx
|
||||||
|
- *admin_gpg_yuri
|
||||||
|
- *admin_gpg_june
|
||||||
|
- *admin_gpg_haegar
|
||||||
|
- *admin_gpg_dario
|
||||||
|
- *admin_gpg_echtnurich
|
||||||
|
- *admin_gpg_max
|
||||||
|
- *admin_gpg_c6ristian
|
||||||
|
- *admin_gpg_dante
|
||||||
|
age:
|
||||||
|
- *host_age_matrix
|
||||||
|
- path_regex: config/hosts/netbox/.*
|
||||||
|
key_groups:
|
||||||
|
- pgp:
|
||||||
|
- *admin_gpg_djerun
|
||||||
|
- *admin_gpg_stb
|
||||||
|
- *admin_gpg_jtbx
|
||||||
|
- *admin_gpg_yuri
|
||||||
|
- *admin_gpg_june
|
||||||
|
- *admin_gpg_haegar
|
||||||
|
- *admin_gpg_dario
|
||||||
|
- *admin_gpg_echtnurich
|
||||||
|
- *admin_gpg_max
|
||||||
|
- *admin_gpg_c6ristian
|
||||||
|
- *admin_gpg_dante
|
||||||
|
age:
|
||||||
|
- *host_age_netbox
|
||||||
|
- path_regex: config/hosts/public-web-static/.*
|
||||||
|
key_groups:
|
||||||
|
- pgp:
|
||||||
|
- *admin_gpg_djerun
|
||||||
|
- *admin_gpg_stb
|
||||||
|
- *admin_gpg_jtbx
|
||||||
|
- *admin_gpg_yuri
|
||||||
|
- *admin_gpg_june
|
||||||
|
- *admin_gpg_haegar
|
||||||
|
- *admin_gpg_dario
|
||||||
|
- *admin_gpg_echtnurich
|
||||||
|
- *admin_gpg_max
|
||||||
|
- *admin_gpg_c6ristian
|
||||||
|
- *admin_gpg_dante
|
||||||
|
age:
|
||||||
|
- *host_age_public_web_static
|
||||||
|
- path_regex: config/hosts/mjolnir/.*
|
||||||
|
key_groups:
|
||||||
|
- pgp:
|
||||||
|
- *admin_gpg_djerun
|
||||||
|
- *admin_gpg_stb
|
||||||
|
- *admin_gpg_jtbx
|
||||||
|
- *admin_gpg_yuri
|
||||||
|
- *admin_gpg_june
|
||||||
|
- *admin_gpg_haegar
|
||||||
|
- *admin_gpg_dario
|
||||||
|
- *admin_gpg_echtnurich
|
||||||
|
- *admin_gpg_max
|
||||||
|
- *admin_gpg_c6ristian
|
||||||
|
- *admin_gpg_dante
|
||||||
|
age:
|
||||||
|
- *host_age_mjolnir
|
||||||
|
- path_regex: config/hosts/woodpecker/.*
|
||||||
|
key_groups:
|
||||||
|
- pgp:
|
||||||
|
- *admin_gpg_djerun
|
||||||
|
- *admin_gpg_stb
|
||||||
|
- *admin_gpg_jtbx
|
||||||
|
- *admin_gpg_yuri
|
||||||
|
- *admin_gpg_june
|
||||||
|
- *admin_gpg_haegar
|
||||||
|
- *admin_gpg_dario
|
||||||
|
- *admin_gpg_echtnurich
|
||||||
|
- *admin_gpg_max
|
||||||
|
- *admin_gpg_c6ristian
|
||||||
|
- *admin_gpg_dante
|
||||||
|
age:
|
||||||
|
- *host_age_woodpecker
|
||||||
|
- path_regex: config/hosts/penpot/.*
|
||||||
|
key_groups:
|
||||||
|
- pgp:
|
||||||
|
- *admin_gpg_djerun
|
||||||
|
- *admin_gpg_stb
|
||||||
|
- *admin_gpg_jtbx
|
||||||
|
- *admin_gpg_yuri
|
||||||
|
- *admin_gpg_june
|
||||||
|
- *admin_gpg_haegar
|
||||||
|
- *admin_gpg_dario
|
||||||
|
- *admin_gpg_echtnurich
|
||||||
|
- *admin_gpg_max
|
||||||
|
- *admin_gpg_c6ristian
|
||||||
|
- *admin_gpg_dante
|
||||||
|
age:
|
||||||
|
- *host_age_penpot
|
||||||
|
- key_groups:
|
||||||
|
- pgp:
|
||||||
|
- *admin_gpg_djerun
|
||||||
|
- *admin_gpg_stb
|
||||||
|
- *admin_gpg_jtbx
|
||||||
|
- *admin_gpg_yuri
|
||||||
|
- *admin_gpg_june
|
||||||
|
- *admin_gpg_haegar
|
||||||
|
- *admin_gpg_dario
|
||||||
|
- *admin_gpg_echtnurich
|
||||||
|
- *admin_gpg_max
|
||||||
|
- *admin_gpg_c6ristian
|
||||||
|
- *admin_gpg_dante
|
||||||
|
stores:
|
||||||
|
yaml:
|
||||||
|
indent: 2
|
75
README.md
Normal file
75
README.md
Normal file
|
@ -0,0 +1,75 @@
|
||||||
|
# nix-infra
|
||||||
|
|
||||||
|
nix infrastructure configuration for CCCHH.
|
||||||
|
|
||||||
|
For deployment we're using [infra-rebuild](https://git.hamburg.ccc.de/CCCHH/infra-rebuild). \
|
||||||
|
To easily get a shell with `infra-rebuild` going, use the following command:
|
||||||
|
|
||||||
|
```
|
||||||
|
nix shell git+https://git.hamburg.ccc.de/CCCHH/infra-rebuild#infra-rebuild
|
||||||
|
```
|
||||||
|
|
||||||
|
After that you can simply run the following to deploy e.g. the git and matrix hosts:
|
||||||
|
|
||||||
|
```
|
||||||
|
infra-rebuild switch git matrix
|
||||||
|
```
|
||||||
|
|
||||||
|
By default infra-rebuild tries to use the FQDN from the nixosConfiguration of the host for deployment.
|
||||||
|
However to override individual parts of the deployment target, a [`deployment_configuration.json`](./deployment_configuration.json) can be used.
|
||||||
|
This is exactly what we're doing to set the default deployment user to `colmena-deploy` and have custom target hostnames for Chaosknoten hosts, since they don't have an FQDN defined in their nixosConfiguration.
|
||||||
|
|
||||||
|
## Setting up secrets with sops-nix for a host
|
||||||
|
|
||||||
|
1. Convert the hosts SSH host public key to an age public key.
|
||||||
|
This can be done by connecting to the host and running:
|
||||||
|
```
|
||||||
|
cat /etc/ssh/ssh_host_ed25519_key.pub | ssh-to-age
|
||||||
|
```
|
||||||
|
2. Add the resulting age public key to the `.sops.yaml` as a YAML anchor in keys.
|
||||||
|
It should be named something like: `host_age_hostname`
|
||||||
|
3. Add a new creation rule for the hosts config directory.
|
||||||
|
It should probably have all admin keys and the hosts age key. \
|
||||||
|
You can use existing creation rules as a reference.
|
||||||
|
4. Create a file containing the relevant secrets in the hosts config directory.
|
||||||
|
This can be accomplished with a command similar to this:
|
||||||
|
```
|
||||||
|
sops config/hosts/hostname/secrets.yaml
|
||||||
|
```
|
||||||
|
Note: Nested keys don't seem to be compatible with sops-nix.
|
||||||
|
5. Add the following entry to the modules of the hosts `nixosConfiguration`:
|
||||||
|
```nix
|
||||||
|
sops-nix.nixosModules.sops
|
||||||
|
```
|
||||||
|
6. Create a `sops.nix` in the hosts config directory containing the following content to include the `secrets.yaml`:
|
||||||
|
```nix
|
||||||
|
{ ... }:
|
||||||
|
|
||||||
|
{
|
||||||
|
sops = {
|
||||||
|
defaultSopsFile = ./secrets.yaml;
|
||||||
|
};
|
||||||
|
}
|
||||||
|
```
|
||||||
|
7. Make sure the `sops.nix` gets imported. For example in the `default.nix`.
|
||||||
|
8. To use a secret stored under e.g. `forgejo_git_smtp_password`, you can then do something like the following:
|
||||||
|
```nix
|
||||||
|
sops.secrets."forgejo_git_smtp_password" = {
|
||||||
|
mode = "0440";
|
||||||
|
owner = "forgejo";
|
||||||
|
group = "forgejo";
|
||||||
|
restartUnits = [ "forgejo.service" ];
|
||||||
|
};
|
||||||
|
```
|
||||||
|
This secret would then be available under `/run/secrets/forgejo_git_smtp_password` on the host.
|
||||||
|
|
||||||
|
## Build NixOS Proxmox VE Template
|
||||||
|
|
||||||
|
Build a new NixOS Proxmox VE Template for the thinkcccore's:
|
||||||
|
```shell
|
||||||
|
nix build .#proxmox-nixos-template
|
||||||
|
```
|
||||||
|
Build a new NixOS Proxmox VE Template for the chaosknoten:
|
||||||
|
```shell
|
||||||
|
nix build .#proxmox-chaosknoten-nixos-template
|
||||||
|
```
|
22
config/common/admin-environment.nix
Normal file
22
config/common/admin-environment.nix
Normal file
|
@ -0,0 +1,22 @@
|
||||||
|
{ config, pkgs, ... }:
|
||||||
|
|
||||||
|
{
|
||||||
|
environment.systemPackages = with pkgs; [
|
||||||
|
vim
|
||||||
|
joe
|
||||||
|
nano
|
||||||
|
htop
|
||||||
|
btop
|
||||||
|
ripgrep
|
||||||
|
fd
|
||||||
|
tmux
|
||||||
|
git
|
||||||
|
curl
|
||||||
|
rsync
|
||||||
|
ssh-to-age
|
||||||
|
usbutils
|
||||||
|
nix-tree
|
||||||
|
# For kitty terminfo.
|
||||||
|
kitty
|
||||||
|
];
|
||||||
|
}
|
|
@ -13,5 +13,5 @@
|
||||||
# this value at the release version of the first install of this system.
|
# this value at the release version of the first install of this system.
|
||||||
# Before changing this value read the documentation for this option
|
# Before changing this value read the documentation for this option
|
||||||
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
|
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
|
||||||
system.stateVersion = lib.mkDefault "23.05";
|
system.stateVersion = lib.mkDefault "24.05";
|
||||||
}
|
}
|
||||||
|
|
|
@ -3,6 +3,7 @@
|
||||||
{
|
{
|
||||||
imports = [
|
imports = [
|
||||||
./acme.nix
|
./acme.nix
|
||||||
|
./admin-environment.nix
|
||||||
./default-host-platform.nix
|
./default-host-platform.nix
|
||||||
./default-state-version.nix
|
./default-state-version.nix
|
||||||
./localization.nix
|
./localization.nix
|
||||||
|
|
|
@ -9,10 +9,10 @@
|
||||||
{ config, pkgs, lib, ... }:
|
{ config, pkgs, lib, ... }:
|
||||||
|
|
||||||
let
|
let
|
||||||
authorizedKeysRepo = builtins.fetchGit {
|
authorizedKeysRepo = pkgs.fetchgit {
|
||||||
url = "forgejo@git.hamburg.ccc.de:CCCHH/infrastructure-authorized-keys.git";
|
url = "https://git.hamburg.ccc.de/CCCHH/infrastructure-authorized-keys";
|
||||||
ref = "trunk";
|
rev = "b6a29dc7af0a45a8c0b4904290c7cb0c5bc51413";
|
||||||
rev = "0db6df46b68c07edbefe2a5f9ce4002fb6462980";
|
hash = "sha256-c0aH0wQeJtfXJG5wAbS6aO8yILLI1NNkFAHAeOm8RXA=";
|
||||||
};
|
};
|
||||||
authorizedKeys = builtins.filter (item: item != "") (lib.strings.splitString "\n" (builtins.readFile "${authorizedKeysRepo}/authorized_keys"));
|
authorizedKeys = builtins.filter (item: item != "") (lib.strings.splitString "\n" (builtins.readFile "${authorizedKeysRepo}/authorized_keys"));
|
||||||
in
|
in
|
||||||
|
|
8
config/extra/prometheus-exporter.nix
Normal file
8
config/extra/prometheus-exporter.nix
Normal file
|
@ -0,0 +1,8 @@
|
||||||
|
{ ... }:
|
||||||
|
|
||||||
|
{
|
||||||
|
services.prometheus.exporters.node = {
|
||||||
|
enable = true;
|
||||||
|
openFirewall = true;
|
||||||
|
};
|
||||||
|
}
|
|
@ -8,6 +8,7 @@
|
||||||
enable = true;
|
enable = true;
|
||||||
name = "Audio Hauptraum Küche";
|
name = "Audio Hauptraum Küche";
|
||||||
};
|
};
|
||||||
|
services.mpd.musicDirectory = "smb://beamer:beamer@beamer.z9.ccchh.net/music";
|
||||||
|
|
||||||
users.users.chaos.extraGroups = [ "pipewire" ];
|
users.users.chaos.extraGroups = [ "pipewire" ];
|
||||||
}
|
}
|
||||||
|
|
|
@ -2,6 +2,7 @@
|
||||||
{
|
{
|
||||||
networking = {
|
networking = {
|
||||||
hostName = "audio-hauptraum-kueche";
|
hostName = "audio-hauptraum-kueche";
|
||||||
|
domain = "z9.ccchh.net";
|
||||||
};
|
};
|
||||||
|
|
||||||
system.stateVersion = "23.05";
|
system.stateVersion = "23.05";
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
{ config, pkgs, ... }:
|
{ ... }:
|
||||||
|
|
||||||
{
|
{
|
||||||
networking = {
|
networking = {
|
||||||
|
@ -11,10 +11,9 @@
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
defaultGateway = "10.31.210.1";
|
defaultGateway = "10.31.210.1";
|
||||||
nameservers = [
|
nameservers = [ "10.31.210.1" ];
|
||||||
"10.31.210.1"
|
|
||||||
];
|
|
||||||
};
|
};
|
||||||
|
|
||||||
systemd.network.links."10-net0" = {
|
systemd.network.links."10-net0" = {
|
||||||
matchConfig.MACAddress = "1E:EF:2D:92:81:DA";
|
matchConfig.MACAddress = "1E:EF:2D:92:81:DA";
|
||||||
linkConfig.Name = "net0";
|
linkConfig.Name = "net0";
|
||||||
|
|
|
@ -8,6 +8,7 @@
|
||||||
enable = true;
|
enable = true;
|
||||||
name = "Audio Hauptraum Tafel";
|
name = "Audio Hauptraum Tafel";
|
||||||
};
|
};
|
||||||
|
services.mpd.musicDirectory = "smb://beamer:beamer@beamer.z9.ccchh.net/music";
|
||||||
|
|
||||||
users.users.chaos.extraGroups = [ "pipewire" ];
|
users.users.chaos.extraGroups = [ "pipewire" ];
|
||||||
}
|
}
|
||||||
|
|
|
@ -2,6 +2,7 @@
|
||||||
{
|
{
|
||||||
networking = {
|
networking = {
|
||||||
hostName = "audio-hauptraum-tafel";
|
hostName = "audio-hauptraum-tafel";
|
||||||
|
domain = "z9.ccchh.net";
|
||||||
};
|
};
|
||||||
|
|
||||||
system.stateVersion = "23.05";
|
system.stateVersion = "23.05";
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
{ config, pkgs, ... }:
|
{ ... }:
|
||||||
|
|
||||||
{
|
{
|
||||||
networking = {
|
networking = {
|
||||||
|
@ -11,10 +11,9 @@
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
defaultGateway = "10.31.210.1";
|
defaultGateway = "10.31.210.1";
|
||||||
nameservers = [
|
nameservers = [ "10.31.210.1" ];
|
||||||
"10.31.210.1"
|
|
||||||
];
|
|
||||||
};
|
};
|
||||||
|
|
||||||
systemd.network.links."10-net0" = {
|
systemd.network.links."10-net0" = {
|
||||||
matchConfig.MACAddress = "D2:10:33:B1:72:C3";
|
matchConfig.MACAddress = "D2:10:33:B1:72:C3";
|
||||||
linkConfig.Name = "net0";
|
linkConfig.Name = "net0";
|
||||||
|
|
7
config/hosts/eh22-wiki/configuration.nix
Normal file
7
config/hosts/eh22-wiki/configuration.nix
Normal file
|
@ -0,0 +1,7 @@
|
||||||
|
{ ... }:
|
||||||
|
|
||||||
|
{
|
||||||
|
networking.hostName = "eh22-wiki";
|
||||||
|
|
||||||
|
system.stateVersion = "23.11";
|
||||||
|
}
|
9
config/hosts/eh22-wiki/default.nix
Normal file
9
config/hosts/eh22-wiki/default.nix
Normal file
|
@ -0,0 +1,9 @@
|
||||||
|
{ config, pkgs, ... }:
|
||||||
|
|
||||||
|
{
|
||||||
|
imports = [
|
||||||
|
./configuration.nix
|
||||||
|
./dokuwiki.nix
|
||||||
|
./networking.nix
|
||||||
|
];
|
||||||
|
}
|
165
config/hosts/eh22-wiki/dokuwiki.nix
Normal file
165
config/hosts/eh22-wiki/dokuwiki.nix
Normal file
|
@ -0,0 +1,165 @@
|
||||||
|
# Sources for this configuration:
|
||||||
|
# - https://www.dokuwiki.org/dokuwiki
|
||||||
|
# - https://www.dokuwiki.org/install
|
||||||
|
# - https://www.dokuwiki.org/requirements
|
||||||
|
# - https://www.dokuwiki.org/install:php
|
||||||
|
# - https://www.dokuwiki.org/security
|
||||||
|
# - https://www.dokuwiki.org/config:xsendfile
|
||||||
|
# - https://www.dokuwiki.org/install:nginx
|
||||||
|
# - https://www.dokuwiki.org/faq:uploadsize
|
||||||
|
# - https://nixos.wiki/wiki/Phpfpm
|
||||||
|
# - https://wiki.archlinux.org/title/Nginx#FastCGI
|
||||||
|
# - https://github.com/NixOS/nixpkgs/blob/84c0cb1471eee15e77ed97e7ae1e8cdae8835c61/nixos/modules/services/web-apps/dokuwiki.nix
|
||||||
|
# - https://git.hamburg.ccc.de/CCCHH/ansible-infra/src/commit/81c8bfe16b311d5bf4635947fa02dfb65aea7f91/playbooks/files/chaosknoten/configs/wiki/nginx/wiki.hamburg.ccc.de.conf
|
||||||
|
# - https://www.php.net/manual/en/install.fpm.php
|
||||||
|
# - https://www.php.net/manual/en/install.fpm.configuration.php
|
||||||
|
|
||||||
|
{ config, pkgs, ... }:
|
||||||
|
|
||||||
|
let
|
||||||
|
# This is also used for user and group names.
|
||||||
|
app = "dokuwiki";
|
||||||
|
domain = "eh22.easterhegg.eu";
|
||||||
|
dataDir = "/srv/www/${domain}";
|
||||||
|
in {
|
||||||
|
systemd.tmpfiles.rules = [
|
||||||
|
"d ${dataDir} 0755 ${app} ${app}"
|
||||||
|
];
|
||||||
|
|
||||||
|
services.phpfpm.pools."${app}" = {
|
||||||
|
user = "${app}";
|
||||||
|
group = "${app}";
|
||||||
|
phpOptions = ''
|
||||||
|
short_open_tag = Off
|
||||||
|
open_basedir =
|
||||||
|
output_buffering = Off
|
||||||
|
output_handler =
|
||||||
|
zlib.output_compression = Off
|
||||||
|
implicit_flush = Off
|
||||||
|
allow_call_time_pass_reference = Off
|
||||||
|
max_execution_time = 30
|
||||||
|
max_input_time = 60
|
||||||
|
max_input_vars = 10000
|
||||||
|
memory_limit = 128M
|
||||||
|
error_reporting = E_ALL & ~E_NOTICE
|
||||||
|
display_errors = Off
|
||||||
|
display_startup_errors = Off
|
||||||
|
log_errors = On
|
||||||
|
; error_log should be handled by NixOS.
|
||||||
|
variables_order = "EGPCS"
|
||||||
|
register_argc_argv = Off
|
||||||
|
file_uploads = On
|
||||||
|
upload_max_filesize = 20M
|
||||||
|
post_max_size = 20M
|
||||||
|
session.use_cookies = 1
|
||||||
|
; Checked the default NixOS PHP extensions and the only one missing from
|
||||||
|
; DokuWikis list of PHP extensions was bz2, so add that.
|
||||||
|
; Checked with NixOS 23.11 on 2024-05-02.
|
||||||
|
extension = ${pkgs.phpExtensions.bz2}/lib/php/extensions/bz2.so
|
||||||
|
'';
|
||||||
|
settings = {
|
||||||
|
"listen.owner" = "${config.services.nginx.user}";
|
||||||
|
"listen.group" = "${config.services.nginx.group}";
|
||||||
|
"pm" = "dynamic";
|
||||||
|
"pm.max_children" = 32;
|
||||||
|
"pm.start_servers" = 2;
|
||||||
|
"pm.min_spare_servers" = 2;
|
||||||
|
"pm.max_spare_servers" = 4;
|
||||||
|
"pm.max_requests" = 500;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
services.nginx = {
|
||||||
|
enable = true;
|
||||||
|
|
||||||
|
virtualHosts."acme-${domain}" = {
|
||||||
|
default = true;
|
||||||
|
enableACME = true;
|
||||||
|
serverName = "${domain}";
|
||||||
|
|
||||||
|
listen = [
|
||||||
|
{
|
||||||
|
addr = "0.0.0.0";
|
||||||
|
port = 31820;
|
||||||
|
}
|
||||||
|
];
|
||||||
|
};
|
||||||
|
|
||||||
|
virtualHosts."${domain}" = {
|
||||||
|
default = true;
|
||||||
|
forceSSL = true;
|
||||||
|
useACMEHost = "${domain}";
|
||||||
|
|
||||||
|
listen = [
|
||||||
|
{
|
||||||
|
addr = "0.0.0.0";
|
||||||
|
port = 8443;
|
||||||
|
ssl = true;
|
||||||
|
proxyProtocol = true;
|
||||||
|
}
|
||||||
|
];
|
||||||
|
|
||||||
|
root = "${dataDir}";
|
||||||
|
|
||||||
|
locations = {
|
||||||
|
"~ /(conf|bin|inc|vendor)/" = {
|
||||||
|
extraConfig = "deny all;";
|
||||||
|
};
|
||||||
|
|
||||||
|
"~ /install.php" = {
|
||||||
|
extraConfig = "deny all;";
|
||||||
|
};
|
||||||
|
|
||||||
|
"~ ^/data/" = {
|
||||||
|
extraConfig = "internal;";
|
||||||
|
};
|
||||||
|
|
||||||
|
"~ ^/lib.*\.(js|css|gif|png|ico|jpg|jpeg)$" = {
|
||||||
|
extraConfig = "expires 31d;";
|
||||||
|
};
|
||||||
|
|
||||||
|
"/" = {
|
||||||
|
index = "doku.php";
|
||||||
|
extraConfig = "try_files $uri $uri/ @dokuwiki;";
|
||||||
|
};
|
||||||
|
|
||||||
|
"@dokuwiki" = {
|
||||||
|
extraConfig = ''
|
||||||
|
# Rewrites "doku.php/" out of the URLs if the userwrite setting is
|
||||||
|
# set to .htaccess in the DokuWiki config page.
|
||||||
|
rewrite ^/_media/(.*) /lib/exe/fetch.php?media=$1 last;
|
||||||
|
rewrite ^/_detail/(.*) /lib/exe/detail.php?media=$1 last;
|
||||||
|
rewrite ^/_export/([^/]+)/(.*) /doku.php?do=export_$1&id=$2 last;
|
||||||
|
rewrite ^/(.*) /doku.php?id=$1&$args last;
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
"~ \\.php$" = {
|
||||||
|
extraConfig = ''
|
||||||
|
try_files $uri $uri/ /doku.php;
|
||||||
|
include ${config.services.nginx.package}/conf/fastcgi_params;
|
||||||
|
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
|
||||||
|
fastcgi_param REDIRECT_STATUS 200;
|
||||||
|
fastcgi_pass unix:${config.services.phpfpm.pools."${app}".socket};
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
extraConfig = ''
|
||||||
|
# Set maximum file upload size to 20MB (same as upload_max_filesize and
|
||||||
|
# post_max_size in the phpOptions).
|
||||||
|
client_max_body_size 20M;
|
||||||
|
client_body_buffer_size 128k;
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
networking.firewall.allowedTCPPorts = [ 8443 31820 ];
|
||||||
|
networking.firewall.allowedUDPPorts = [ 8443 ];
|
||||||
|
|
||||||
|
users.users."${app}" = {
|
||||||
|
isSystemUser = true;
|
||||||
|
group = "${app}";
|
||||||
|
};
|
||||||
|
users.groups."${app}" = { };
|
||||||
|
}
|
22
config/hosts/eh22-wiki/networking.nix
Normal file
22
config/hosts/eh22-wiki/networking.nix
Normal file
|
@ -0,0 +1,22 @@
|
||||||
|
{ ... }:
|
||||||
|
|
||||||
|
{
|
||||||
|
networking = {
|
||||||
|
interfaces.net0 = {
|
||||||
|
ipv4.addresses = [
|
||||||
|
{
|
||||||
|
address = "172.31.17.159";
|
||||||
|
prefixLength = 25;
|
||||||
|
}
|
||||||
|
];
|
||||||
|
};
|
||||||
|
defaultGateway = "172.31.17.129";
|
||||||
|
nameservers = [ "212.12.50.158" "192.76.134.90" ];
|
||||||
|
search = [ "hamburg.ccc.de" ];
|
||||||
|
};
|
||||||
|
|
||||||
|
systemd.network.links."10-net0" = {
|
||||||
|
matchConfig.MACAddress = "BC:24:11:37:F0:AB";
|
||||||
|
linkConfig.Name = "net0";
|
||||||
|
};
|
||||||
|
}
|
|
@ -2,6 +2,7 @@
|
||||||
{
|
{
|
||||||
networking = {
|
networking = {
|
||||||
hostName = "esphome";
|
hostName = "esphome";
|
||||||
|
domain = "z9.ccchh.net";
|
||||||
};
|
};
|
||||||
|
|
||||||
system.stateVersion = "23.05";
|
system.stateVersion = "23.05";
|
||||||
|
|
|
@ -3,6 +3,7 @@
|
||||||
imports = [
|
imports = [
|
||||||
./configuration.nix
|
./configuration.nix
|
||||||
./esphome.nix
|
./esphome.nix
|
||||||
|
./networking.nix
|
||||||
./nginx.nix
|
./nginx.nix
|
||||||
];
|
];
|
||||||
}
|
}
|
||||||
|
|
29
config/hosts/esphome/networking.nix
Normal file
29
config/hosts/esphome/networking.nix
Normal file
|
@ -0,0 +1,29 @@
|
||||||
|
{ ... }:
|
||||||
|
|
||||||
|
{
|
||||||
|
networking = {
|
||||||
|
interfaces.net0 = {
|
||||||
|
ipv4.addresses = [
|
||||||
|
{
|
||||||
|
address = "10.31.208.24";
|
||||||
|
prefixLength = 23;
|
||||||
|
}
|
||||||
|
];
|
||||||
|
ipv6.addresses = [
|
||||||
|
{
|
||||||
|
address = "2a07:c480:0:1d0::66";
|
||||||
|
prefixLength = 64;
|
||||||
|
}
|
||||||
|
];
|
||||||
|
};
|
||||||
|
defaultGateway = "10.31.208.1";
|
||||||
|
defaultGateway6 = "2a07:c480:0:1d0::1";
|
||||||
|
nameservers = [ "10.31.208.1" "2a07:c480:0:1d0::1" ];
|
||||||
|
search = [ "z9.ccchh.net" ];
|
||||||
|
};
|
||||||
|
|
||||||
|
systemd.network.links."10-net0" = {
|
||||||
|
matchConfig.MACAddress = "7E:3C:F0:77:8A:F4";
|
||||||
|
linkConfig.Name = "net0";
|
||||||
|
};
|
||||||
|
}
|
|
@ -1,35 +1,34 @@
|
||||||
{ config, ... }:
|
{ config, ... }:
|
||||||
|
|
||||||
{
|
{
|
||||||
services.nginx = {
|
services.nginx = {
|
||||||
enable = true;
|
enable = true;
|
||||||
|
|
||||||
virtualHosts = {
|
virtualHosts = {
|
||||||
"acme-esphome.ccchh.net" = {
|
|
||||||
enableACME = true;
|
|
||||||
serverName = "esphome.ccchh.net";
|
|
||||||
|
|
||||||
listen = [
|
|
||||||
{
|
|
||||||
addr = "0.0.0.0";
|
|
||||||
port = 31820;
|
|
||||||
}
|
|
||||||
];
|
|
||||||
};
|
|
||||||
|
|
||||||
"esphome.ccchh.net" = {
|
"esphome.ccchh.net" = {
|
||||||
forceSSL = true;
|
forceSSL = true;
|
||||||
useACMEHost = "esphome.ccchh.net";
|
enableACME = true;
|
||||||
|
serverName = "esphome.ccchh.net";
|
||||||
|
|
||||||
listen = [
|
listen = [
|
||||||
{
|
{
|
||||||
addr = "0.0.0.0";
|
addr = "0.0.0.0";
|
||||||
port = 80;
|
port = 80;
|
||||||
}
|
}
|
||||||
|
{
|
||||||
|
addr = "[::]";
|
||||||
|
port = 80;
|
||||||
|
}
|
||||||
{
|
{
|
||||||
addr = "0.0.0.0";
|
addr = "0.0.0.0";
|
||||||
port = 443;
|
port = 443;
|
||||||
ssl = true;
|
ssl = true;
|
||||||
}
|
}
|
||||||
|
{
|
||||||
|
addr = "[::]";
|
||||||
|
port = 443;
|
||||||
|
ssl = true;
|
||||||
|
}
|
||||||
];
|
];
|
||||||
|
|
||||||
locations."/" = {
|
locations."/" = {
|
||||||
|
@ -37,9 +36,38 @@
|
||||||
proxyWebsockets = true;
|
proxyWebsockets = true;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
"esphome.z9.ccchh.net" = {
|
||||||
|
forceSSL = true;
|
||||||
|
useACMEHost = "esphome.ccchh.net";
|
||||||
|
serverName = "esphome.z9.ccchh.net";
|
||||||
|
|
||||||
};
|
listen = [
|
||||||
};
|
{
|
||||||
|
addr = "0.0.0.0";
|
||||||
networking.firewall.allowedTCPPorts = [ 80 443 31820 ];
|
port = 80;
|
||||||
|
}
|
||||||
|
{
|
||||||
|
addr = "[::]";
|
||||||
|
port = 80;
|
||||||
|
}
|
||||||
|
{
|
||||||
|
addr = "0.0.0.0";
|
||||||
|
port = 443;
|
||||||
|
ssl = true;
|
||||||
|
}
|
||||||
|
{
|
||||||
|
addr = "[::]";
|
||||||
|
port = 443;
|
||||||
|
ssl = true;
|
||||||
|
}
|
||||||
|
];
|
||||||
|
|
||||||
|
globalRedirect = "esphome.ccchh.net";
|
||||||
|
redirectCode = 307;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
security.acme.certs."esphome.ccchh.net".extraDomainNames = [ "esphome.z9.ccchh.net" ];
|
||||||
|
|
||||||
|
networking.firewall.allowedTCPPorts = [ 80 443 ];
|
||||||
}
|
}
|
||||||
|
|
|
@ -6,5 +6,6 @@
|
||||||
./docker.nix
|
./docker.nix
|
||||||
./forgejo-actions-runner.nix
|
./forgejo-actions-runner.nix
|
||||||
./networking.nix
|
./networking.nix
|
||||||
|
./sops.nix
|
||||||
];
|
];
|
||||||
}
|
}
|
||||||
|
|
|
@ -12,19 +12,15 @@
|
||||||
enable = true;
|
enable = true;
|
||||||
name = "Global Docker Forgejo Actions Runner";
|
name = "Global Docker Forgejo Actions Runner";
|
||||||
url = "https://git.hamburg.ccc.de/";
|
url = "https://git.hamburg.ccc.de/";
|
||||||
tokenFile = "/secrets/registration-token.secret";
|
tokenFile = "/run/secrets/forgejo_actions_runner_registration_token";
|
||||||
labels = [ "docker:docker://node:current-bookworm" ];
|
labels = [ "docker:docker://node:current-bookworm" ];
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
deployment.keys = {
|
sops.secrets."forgejo_actions_runner_registration_token" = {
|
||||||
"registration-token.secret" = {
|
mode = "0440";
|
||||||
keyCommand = [ "pass" "noc/services/forgejo-actions-runner/registration_token" ];
|
owner = "root";
|
||||||
destDir = "/secrets";
|
group = "root";
|
||||||
user = "gitea-runner";
|
restartUnits = [ "gitea-runner-ccchh\\x2dforgejo\\x2dglobal\\x2ddocker.service" ];
|
||||||
group = "gitea-runner";
|
|
||||||
permissions = "0640";
|
|
||||||
uploadAt = "pre-activation";
|
|
||||||
};
|
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,7 +1,8 @@
|
||||||
{ config, pkgs, ... }:
|
{ ... }:
|
||||||
|
|
||||||
{
|
{
|
||||||
networking.interfaces.net0 = {
|
networking = {
|
||||||
|
interfaces.net0 = {
|
||||||
ipv4.addresses = [
|
ipv4.addresses = [
|
||||||
{
|
{
|
||||||
address = "172.31.17.155";
|
address = "172.31.17.155";
|
||||||
|
@ -9,9 +10,10 @@
|
||||||
}
|
}
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
networking.defaultGateway = "172.31.17.129";
|
defaultGateway = "172.31.17.129";
|
||||||
networking.nameservers = [ "212.12.50.158" "192.76.134.90" ];
|
nameservers = [ "212.12.50.158" "192.76.134.90" ];
|
||||||
networking.search = [ "hamburg.ccc.de" ];
|
search = [ "hamburg.ccc.de" ];
|
||||||
|
};
|
||||||
|
|
||||||
systemd.network.links."10-net0" = {
|
systemd.network.links."10-net0" = {
|
||||||
matchConfig.MACAddress = "1E:E0:4E:D0:DA:BE";
|
matchConfig.MACAddress = "1E:E0:4E:D0:DA:BE";
|
||||||
|
|
233
config/hosts/forgejo-actions-runner/secrets.yaml
Normal file
233
config/hosts/forgejo-actions-runner/secrets.yaml
Normal file
|
@ -0,0 +1,233 @@
|
||||||
|
forgejo_actions_runner_registration_token: ENC[AES256_GCM,data:gAR2ffrffeuuaOwO6mWcif2e6csKIVoLqrux19iBlrTkFHgo/IlHVL0eSUGqnw==,iv:i12yx/quwT9kj6fPECszo/iG9cVhKX+7dAA6/N09URc=,tag:eO+mWhumgvWzQxYqiRUXbA==,type:str]
|
||||||
|
sops:
|
||||||
|
kms: []
|
||||||
|
gcp_kms: []
|
||||||
|
azure_kv: []
|
||||||
|
hc_vault: []
|
||||||
|
age:
|
||||||
|
- recipient: age10xz2l7ghul7023awcydf4q3wurmszy2tafnadlarj0tvm7kl033sjw5f8t
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKZEFkeThaUkhoVlVXV1V0
|
||||||
|
eXBja2hueWJzZm5RNVdaNTdKNGp6OC9mVmt3Cit6S2tBQjNGb0N0RkdDdWtpR1Vv
|
||||||
|
REd5WjJrTnJYR0lGRkFGU2RXTjZkdncKLS0tIHJoV3I0YTNkcHdZQWZySVNyVm4y
|
||||||
|
TGR6Sm9uZ0ZQeEFNK1lJRE82eUluclUKL4mGDJkQ3mQu+7Xc2KflVqLUjbr/5a16
|
||||||
|
VlYUplTqUCYXtkzq/3RKZV/pM4RVYBDHvuSzVr4hXBSxW5j93dhezA==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
lastmodified: "2024-05-26T00:29:52Z"
|
||||||
|
mac: ENC[AES256_GCM,data:c0261ungapxYViyviTpNsSJZs6OMQ8fyHNqBpvTBp9jEEbbvJBSbqJtwJvVDg8Kv3xrZjC0jZSQOWkvYJlb2PFuW2/GXy5YpLCo7k3ZhXhUbotsDFPe30bvfVxZWhMpaS2rEXlxCqHeVmqoslL34jpLuFx04FmoBh91yjDMoiTw=,iv:njo4Bu4FzAbU6t7CSbqw7hcJ960oqsIKuV/qUGF8c1I=,tag:dzFxW8vyZsDFkd/ARkt5jw==,type:str]
|
||||||
|
pgp:
|
||||||
|
- created_at: "2024-05-26T00:28:49Z"
|
||||||
|
enc: |-
|
||||||
|
-----BEGIN PGP MESSAGE-----
|
||||||
|
|
||||||
|
hQIMAxK/JaB2/SdtARAAoDySYGJ2Xf27El8y/UTYOUaM51stw95ZfnU7JtKfPNyM
|
||||||
|
Ct+xymnyxAwR2OJ7oDluxwEItdPufp/Mr96zkw+TfrqI5lowTiH4YGtDsbioiScN
|
||||||
|
qxiZgHN4qVZcRHwzgmLcDa6GSIg6rEcDcBygakprmoI4Qeqp3Bioii0/OMuLeleN
|
||||||
|
igauRUzroFLIlS0QCgI5PaUSIPtSMxgKiEc5yM91EBh6w93RaoQmG0k9TWpfLmgo
|
||||||
|
ZVB164SYCCW45vts6T7WQ8cE7Pxkkti+rrOrjaDfB4ape1u4gS6xKc4dFJ+nWcE8
|
||||||
|
5l6MXoDLRd69VWRN6P+G5YGQzB5QRicNnuwk6H2q7CwIqZyi7ZqaCIZfcpvuUzCJ
|
||||||
|
OGJQInCFFVSdLj/3WFyXk+wemmZPna5xFxFb6WVwfSU1ikM/umrZ5yBly+mvDGzs
|
||||||
|
l+8YGcsZ9D//qjVIsWbiRwhGgeA3eU6f7SwdZdX/zOFy8bP85xwDcbwdOSkhifAA
|
||||||
|
l3Ud3rswmAnzSYAw5wK9tcSxS+G4JeCPU1iKABifugLohgME09Z31ljvyqWPBRe/
|
||||||
|
Rct5zvcQV2yjMbToudXafvRUb9nU+uJuWUEUe8xFSrAC1ijA3mBYfIrGNvD2eVCY
|
||||||
|
MTYK1ugKA9X7Sgls3vQ0A7fLHeR6C3+zhl7SzGHUZC3bh5+oXTq6cuXD8DjCwV/U
|
||||||
|
ZgEJAhAkZc7MICSMkACItUHxyyEMbBYNpIJ6P7GQA6ErhLcV1VpKWo6abJVVES36
|
||||||
|
j97RpaD1tL3OyGPfiivMkk650MkPrgpMKR0hasl770B8jkjVPyDV9mSn+sc7N+tK
|
||||||
|
D7IbDW18mA==
|
||||||
|
=EhAw
|
||||||
|
-----END PGP MESSAGE-----
|
||||||
|
fp: EF643F59E008414882232C78FFA8331EEB7D6B70
|
||||||
|
- created_at: "2024-05-26T00:28:49Z"
|
||||||
|
enc: |-
|
||||||
|
-----BEGIN PGP MESSAGE-----
|
||||||
|
|
||||||
|
hQIMA6EyPtWBEI+2ARAArCPbAnHJrNpP4B755wKuDEzwVMsqCR+gumSX/XcuQJMI
|
||||||
|
O3/34FJOI+++S/+z94y4O+A7XPsG4xr+UpDIGdGFAsOQBrbxyqD7c0BIToJgq6iG
|
||||||
|
22j7y6N6OZFo0g8hGkUVSMeAZXCkg/t70e2POeHeEwnlsNX3cRuFWC54KxfVwr4w
|
||||||
|
UjlQmjV26+r1uZd3DKj/+eMi5E63XTsgUhAlJqixpHt3PEKZ5UNtnCAbYXqF2FOF
|
||||||
|
qqNyB5X1M2ncee+RGzLqnXaQTSEdKmlEwteVlXWtsqBs4gICOz+6ehfA+gk6r+si
|
||||||
|
Hv5dW5W7OjHsZfRfLxaF05vBUqQ+M5FdYl0hBFZzco3zuNQ+c9om+c/3Fd+B0tZC
|
||||||
|
0pUs4JiNa/chjuSCiJ0ZJE8kh7xCmmjIrFqsvWi4ZiTk2GWPEeuPq91TC/azfQea
|
||||||
|
ZV/Ozh09wAMGnGYUY0OqH7BIGsV6mEFKy/oEpwvoPuI1sNLiMig3ZAMHcIdqYzta
|
||||||
|
S16/JVmVirTnOTCL7p0CZLtiQuQH158gn9F2T7WCfX/XA8ifVSAyjWnYL3+rJUr1
|
||||||
|
zuhndbJTXD+5K9RKVM+FXC+G5VRzmWKNN9riijtLFhPKuOqDwPDst81XGsO23gGn
|
||||||
|
QIFGGEfQ8vuC9lmF8jDPHZfgUWy3kMVaLW+ti7y5IWhWEJASYVXF2JknKeOw2zjS
|
||||||
|
XAE4hG6ck97ZiT9V5bKC/fk/Ep/GWPnQTMdISinbak9hZigPPQ3KCyf4WZoJ1+sE
|
||||||
|
r+rk9v7NO1N5rnVQokL+kO/sBCV/t9XrHuFDx16cZrSHpHubQUi9daxc6EQ1
|
||||||
|
=7d/s
|
||||||
|
-----END PGP MESSAGE-----
|
||||||
|
fp: F155144FC925A1BEA1F8A2C59A2A4CD59BFDC5EC
|
||||||
|
- created_at: "2024-05-26T00:28:49Z"
|
||||||
|
enc: |-
|
||||||
|
-----BEGIN PGP MESSAGE-----
|
||||||
|
|
||||||
|
hQIMAz5uSgHG2iMJAQ//QF80EGvpode+J0kDjrrFKdSXREPhfCtFU+EpmE+f+aGO
|
||||||
|
mMPZ0SEuBX4g+5K8u0IdeWR2weqYqY0O9Ar2m18YlpniSWFBZqzmW+/yk7vmDzqr
|
||||||
|
l9pV/SdRomGrKyXk9JehkLm5vwUrj/xlPAU0DQEKIPLZ/MMRh7bIfL5Fdujc9cLD
|
||||||
|
nybCqSXccYy59SDqVku5Q6A9FTTzLL8uFf5D3mthp/FgWpxIEQIau8G16PZm0aSJ
|
||||||
|
cBu2eZ3XDjmgIQLG+TMrW77lp/2AhFe23RtK4y5aZjzGhzO+Ax3Cn7pZI9zTGW6X
|
||||||
|
iF/ePoR+AQeXMWfwIujGR5Zy4NvdNKSfniFrjgXpsWSMjCp8pKTOlhkknL3gE+HU
|
||||||
|
etQDmPPCYvaVUwITpmrEAswTNPw0xekXGUe1HgETfhWAGw8zAEYRlOqw3Jt9mMX2
|
||||||
|
QczfXc2sA5Z4TcylESIUcpTAFQVMVMB9bZM762tZu3bM9qg6qybNVJBk9UPpi0RW
|
||||||
|
ZFbXA6lkOnJLG5/m/Ie4UDoxXxtOOqkFzjV57GEBy/HtYuC15LeyOuAgDp0Ta57L
|
||||||
|
0f/ufET/T3z5qBE8GN2zSTO7gGnFAEQ+028ZB0vGVR9C0JdCwVBMlGglC6NiaKqP
|
||||||
|
xPDLPdBqrCczUQyIJ4f7JJaFCfndLszuchb7IzCy95I7nMmATREpP06uRbnuRU3S
|
||||||
|
XAHno1TtKtfy/+T536cmGhke9gNLZXBjSg+W9ndHPo7r115Ytap5nlQqhM84qOyE
|
||||||
|
bhKZlipM9hkhfeT/6X2NzYL48/hsxJ7nh2sbmJQ0d/2DtmXT2gRGkbYq/f9+
|
||||||
|
=tuO+
|
||||||
|
-----END PGP MESSAGE-----
|
||||||
|
fp: 18DFCE01456DAB52EA38A6584EDC64F35FA1D6A5
|
||||||
|
- created_at: "2024-05-26T00:28:49Z"
|
||||||
|
enc: |-
|
||||||
|
-----BEGIN PGP MESSAGE-----
|
||||||
|
|
||||||
|
hQIMAw5vwmoEJHQ1AQ/+IK+UPsLOltPFjdvN21ICHY4De1c6qqMrrDAskqeDWZet
|
||||||
|
9eoal403d0fY6E03o1Acq3XlTzR4srWLp9qo+soAhruZ3+W5M/6zBaq/f2XF4fu2
|
||||||
|
U+bjVplM5U/pHTtGb05nHJ+UN7dgq2OJkURAe7aLSwLLScxTH9cggHAo6wpsaUTQ
|
||||||
|
Uujbo508P5/Vt0efbnyNbk54M/UMH0s93YmWSuxu4XvyUPaVFcjXkh61Tfc8vY+v
|
||||||
|
l5P1qDEjQrRjSE11/xzqAmZ5x58cMK1Q9yB+cy5Lw6K+rFT+5r1jdJem5NBsIRFP
|
||||||
|
eJjmTj/rzehujAciA1EOCF16ZsVIG6HFb3SLcNoRRL3DDgQIHgjHT38qbKrobjGr
|
||||||
|
Ww2Trekg17t2C48+qa/fGZO8dSz+/97gfAMMA2DdWHPlZxVCraucZMG0p9CkNxcO
|
||||||
|
kEtpD5hYJE456MqJQJoF2x2m+/SylJntfeKstKDhD5MZevTkNhD3MRE/8XPW/abE
|
||||||
|
byO8hxz7g76l2OKSjJdOUkYTDsjr23qKAuYq3/tENOMC+Z0eTKjQbzyLdSitQkM4
|
||||||
|
eOxRMm1qJZM7Y27kYLZcLadkewuBgmXqpDePcH6lHuLZp6S9o9LmrzvAsG79RjGs
|
||||||
|
wWiITzj4oG7ROT1Np9h9iCrfKiQ3fM/5/4zJvFvGm62DaeqNSwVT9NSLodrpj/XS
|
||||||
|
XAF3ozQWD5ib0d/yUKcwZZcbbJyn7HyaCn/95zxOMu+C4K0qhJLZeMyOYQOj2pfb
|
||||||
|
T7EnwyXB5vdL3JJlhVmnFCTMFv/RjhNOJX4qbDnV1sqTj5fFMgcbA067BLEQ
|
||||||
|
=TU7Q
|
||||||
|
-----END PGP MESSAGE-----
|
||||||
|
fp: 87AB00D45D37C9E9167B5A5A333448678B60E505
|
||||||
|
- created_at: "2024-05-26T00:28:49Z"
|
||||||
|
enc: |-
|
||||||
|
-----BEGIN PGP MESSAGE-----
|
||||||
|
|
||||||
|
hQIMA4HMJd/cQYrVAQ/8C0go1iw89B1ibjbrJTxnmYD6iep01wAwZjHNm9/cC3BV
|
||||||
|
yFRj/D7d84gO2YX2hZxnjlnFQYRsNez7HpsjZvUmp6FN9LpJNDp2NvukebtS5v86
|
||||||
|
hrcqODTdHNa+/ffHIhUoXVSjw5kwpQNT0JI6PR3EyV7kjCGkFAFMzHbaNRbdup5O
|
||||||
|
vC5cD6Ty+aihB/E0st7/KUw2PH7bMiJ+lAlx53Z4v7xZYSxS0vFXRDAJRYd6Bt2t
|
||||||
|
LvHO68aRMF7czDB0JoV8BOSohSvv+ZXBqe2zCZwl8kUZoW3n9eym8iF7yZ+itT2M
|
||||||
|
OdLTOg6SIhhtxcm7qFRHsOsBMjmT+MuzQVNGKDQ6Gga6NiiboyuURso64L7F0SbA
|
||||||
|
3MnHeYoTm39hUs50xqWXdFfi8G3d/SfYcxYghJJx+SwlTd1ZhdSDxQ1uJtUi7ccK
|
||||||
|
8pHwIVCdkOF1hvko3w0/B9kHmnlWKBUF1wN8QHTmlViCOo4vIpepowzN4fLlpTug
|
||||||
|
VtyW08lbdMWqq17OcTUK3O7Z6hDDUaIKV8vGvjxrJ7wJp3kok5cI7jXOYEPjxfSr
|
||||||
|
ZjJpcdrAuJTZjSIsFFopGXFbUkI8bqRpo75lDuK2fA6x38WQqedwNo6YTXvtMn0V
|
||||||
|
bhYLeEt5VeRSohGWNsdGvpjB6BtPhKoD6hK+aQAeOhhxyuF2cH4o0/lFZSkDo0/S
|
||||||
|
XAFiYzGNuu1nJulLjaAGGeoiom42N+MEmQvlIfG7AR/XgMSXs5d0JH/COJkL3V6W
|
||||||
|
zyhAGxTzEmDYmddbhelxXn38obOnsAJU92GXwLg+PXT7ZkFHrCfg9jEvgwmT
|
||||||
|
=98Lv
|
||||||
|
-----END PGP MESSAGE-----
|
||||||
|
fp: 91213ABAA73B0B73D3C02B5B4E5F372D17BBE67C
|
||||||
|
- created_at: "2024-05-26T00:28:49Z"
|
||||||
|
enc: |-
|
||||||
|
-----BEGIN PGP MESSAGE-----
|
||||||
|
|
||||||
|
hQIMAxjNhCKPP69fAQ/+M0Y24jgYhl4VEAT8ymoiCiNIsqGuk4yIXO6LrTIsNGlc
|
||||||
|
6YwkJu9Gj52AH8XKdvLuBGtWstjVoVrBOFyTtS2vzW01Eh+sFKfm3tF8CywjSMZ+
|
||||||
|
Xg/v+rtbj7s0EZ2JeE0DOk2X1zg26HsNd4X0HkIqTAm89gNVSTMWGGhDbTBSxtFx
|
||||||
|
ain5e14rUMM5qeIZg4IEMlY0mEbpGC7AqV1LKclN8pp2e0/6AS4fxamoMtPOhwld
|
||||||
|
/feF4/9AwZ04HIwF0ucbrDDkoZrW7YaYZPapxBTCMU0alkX4c+WTBMKTWICC1DkZ
|
||||||
|
lVF1zmLm2rhxebM0AaIw+eT2MymaecTcVrEHdhbtCGbfIL0sram2Qw0ZfeYDxIas
|
||||||
|
5W2z0a+qSQtlaCZfq/kc3UBQpRgv0Vrc0CBoZJhFmhfsH0F7uPE5rThqeT1w6TMd
|
||||||
|
bc6Y09Yorfyio+ZhbB8BJ5fzlolEo8opSZLm1K3YAik5Tw7toIvZqeXZoS6DfZhk
|
||||||
|
o7K/uUJTDKHuscxRLAfFKqBoZOBuf7d+ski5arMcjMqOYvmGKCn2pzs0TuO0ZaDG
|
||||||
|
gKbvSz2a6KyUSU822W0l2HSfM36HxxH7bDdJ12iqbBtWPcob+KcKrLowpbzzHpMT
|
||||||
|
o23ct/g5qpKpEvH+AkXQ9nOO9VKXx7voQyFM0gS0LXZGJcXeeeVbttcD28Td7WvS
|
||||||
|
XAFWumenh3Yc2VUSF4PUICL4g7o/4sLPjHhctlNHQ4+iaF6beZljWD/lwFkKxbqt
|
||||||
|
oHFjNx+ajtTxQpzpBQgqO6twKwLjND4lQ1yRlXp3mGm3U0BI7QUCRp+D+RcK
|
||||||
|
=N//k
|
||||||
|
-----END PGP MESSAGE-----
|
||||||
|
fp: F38C9D4228FC6F674E322D9C3326D914EB9B8F55
|
||||||
|
- created_at: "2024-05-26T00:28:49Z"
|
||||||
|
enc: |-
|
||||||
|
-----BEGIN PGP MESSAGE-----
|
||||||
|
|
||||||
|
hQIMA1Hthzn+T1OoARAAtsPz8vCvZ84eAoI3bZwP69V1coDW0SgSVqAi0XDfsRbo
|
||||||
|
LJIU//nkp4pKjUMoBgc++TdLa94/mqeFVhXozAW2T7nFhYOOK2HoVl+JqvgvTGVy
|
||||||
|
ZhGEWTud++inzjSAKAEll6x89dYE07DLtbLNaLs8w3X/cSDF9fZekmTvyaks9AwQ
|
||||||
|
oI+RXPK1ao3Nvgw0pkvRzFze7HJansA25+Ojcr3wnhP3qtKqfHjbXRs5Qu46fB3b
|
||||||
|
mz3SPNcN/JihodKBhZ0suCk+HZx69EXbBV8i9EDBOX+2Azxn3aCGh0jlDAyCMMNp
|
||||||
|
CWiDuYduzYFV0mF5vAGQC8ifrQZDOjvJR1qqJ2115c2bB9cP0asTS7ZoJEEqfkz1
|
||||||
|
mGLHsOhhuP/DkHhX2B61nDl0LQ+eoc1ZdZEcDV0hrKptiFlxmPySlOXD1LpOU+uk
|
||||||
|
JFBot/Sc9GEZzaInyNSmSvd2Y6SiNOl9t7QAwIPwmGYGY3iNDPD6RRl/CQb7raLG
|
||||||
|
rfNH04BYltboG7HQeEqiEEijn7xctTSNp1O3EKrcdEpg/sAlQzarCOmEUvLXWeBj
|
||||||
|
YhPRH6Z3+PMyn7m2Jb8VFO3hAX4zfb7eJcXhsKHBhfYIXViyuuzJNBoXYnorqSRK
|
||||||
|
n5OobCGQAhxeLHOrG2J059HbfUgGtfD/4MJNiGxuCGmXJc5oSJVRhy3d11ttGIzS
|
||||||
|
XAGuD/Vw5GUqWVZKNp/k2Kfuxauqu6jDPI534dLf35qaROkvbWz2bbfwPx4hxtkE
|
||||||
|
dZCVWILFq/BbXXiCVEMeJf6FrXcB2rJETBgknQWtxRP18Q7Rb4a2jybv5TDk
|
||||||
|
=ATJq
|
||||||
|
-----END PGP MESSAGE-----
|
||||||
|
fp: 5DA93D5C9D7320E1BD3522C79C78172B3551C9FD
|
||||||
|
- created_at: "2024-05-26T00:28:49Z"
|
||||||
|
enc: |-
|
||||||
|
-----BEGIN PGP MESSAGE-----
|
||||||
|
|
||||||
|
hQIMA46L6MuPqfJqAQ//WVgNIjTv+F0kaoyM5stNqV7lDHPNF3jKVLOZBV1d8wbL
|
||||||
|
NhHnNRiadls8SwazCHgds/ahoaUTv+4IF9hvmyLvksN6iEN5/YnyHa1nFDBC8kow
|
||||||
|
pzA97WD6/bo5SjCk5oqLHjbR7ApKAYHOnI/XDum3QyWUV3KzO5wQQBAVki736l6q
|
||||||
|
ccUVeYLgjcnlTSlz42TcNnPw5DbudAizU4DRu4KyqQX1hBJEYA9lLDvFxvjrSidb
|
||||||
|
TzGWzyY0ERkrgrW73K9il9xqGsnyDZLvHPZ3f+nwEuNjM+ITxliZrsfxmqbWZ29f
|
||||||
|
sid5Z8Z9lZ88jIC2VR4+XW1q3LAe4WPhp3MjvhELfKLUWTRp3zRN6kabxuBtJcuC
|
||||||
|
0s212dm2ctKbkTaDbn7Q0NyJ2CLX+5IMjWs/i1NoLAyjre6hFmie2Ldx0RGwxrJp
|
||||||
|
wCA7EiZ02UJcLQw4QT3o/2Pxg8Spi+eGmqxSmMV/PDJ1gSdUv85gPobdDcotky6n
|
||||||
|
ng3I3G1o2XRUKnfDwv//4mFbDHXsCPXs7fMLwsSYZi5Cp49NhfbCbQHeusCdchLY
|
||||||
|
dA0Eik9ckUDH6ihyEN8DyVcZyspxoIFONFqly21rNECcKy1i2HxTsq5SbkZmmUS5
|
||||||
|
XiNQTGoLsx0CKI78oAXNfgY3wdpi02Xykkctjga4U2L/u8Wg7dVRgUFmq64rJfDS
|
||||||
|
XAGHB1X4194RVvPcpYP6tScEDnmQCs55wsiEuWPUyvclwb/aO8y5K1o6Uz5IW7/o
|
||||||
|
8lfAj6gHs775Z5xZE3FD8O1NkXVOyLmzkH2bJbkZAQ+JVfQS2UKshMtnQgz7
|
||||||
|
=dG/+
|
||||||
|
-----END PGP MESSAGE-----
|
||||||
|
fp: 8996B62CBD159DCADD3B6DC08BB33A8ABCF7BC4A
|
||||||
|
- created_at: "2024-05-26T00:28:49Z"
|
||||||
|
enc: |-
|
||||||
|
-----BEGIN PGP MESSAGE-----
|
||||||
|
|
||||||
|
hQIMA4EEKdYEzV0pAQ/9He59UueuO4GXg4uBxLASQiaGKS/F1pPfTU9W4E1f+C4k
|
||||||
|
Dw8hwiLIZWRDsj0huYd+klyg2VJnjmPf0tB8qj5nrHo0bTKH0oJpiDpX8Bi/8j7d
|
||||||
|
WBNyS8LmUrSub3TdM3Ob1muUt/nHvgGQmWKt3dH+Jkc/um0B/+Og3Yka/JcKRF0Q
|
||||||
|
IAYkzVFlPdh95IhPEJ0Lo7zyN1FU0UwlyMasjB8Xae7VoyDhtgwur60gTktNIuyU
|
||||||
|
tAvLPKSSyu//Uz9olGW8RKw5//5A/EYNlP8WrVV0crDNBGegTlX68EsZlZQp1uXc
|
||||||
|
GK0ZB0OtphMUJiF9dUXNfzbGz02l3voLs5DUIpE+EAyEDu7hZEDgU8e9oTJRv05f
|
||||||
|
TumOjDlgSrhALyewO1ig92fU407JxxwW9aNl8gFv2Ph9lEbSaQWpo/VAHA178x/p
|
||||||
|
j5caXUUh5qUFGYhtOoHB9KtxL9X+F7Z5FjHmHxFQBtLrxP/olmQ/5jjbiz5sgf8A
|
||||||
|
iW7bRu2tBmiT5TrMcDxFSf3d+v5o0kOngwPl+8e9NC681uXuddI9g4s76f7KrpuE
|
||||||
|
bb483XW0CZUdpt8eFXAvk6CJ97gi9H9iZBrqhMKjGnWbE6e0683PE8WNTwCafoYz
|
||||||
|
mCelVHHjX1Qsk8Zg/vI0EBEHkeigCiev9O85dUVbCxHVniBkvIF4ZNo9n7NRnAbS
|
||||||
|
XAHQ23ARYRtF676DYWSH50sHJ5v98BTKn+Ca1QWMRCb2kyqUSfn+XzgyP9Sv2nqx
|
||||||
|
dT8DO2oTOraOaFS2+j9N3wRjbocVRuTV2EPwdgPVPg9IakNaO3qBUwEnNM+b
|
||||||
|
=EzwG
|
||||||
|
-----END PGP MESSAGE-----
|
||||||
|
fp: 9DFA033E3DAEBAD7FDD71B056C7AAA54BE05F7BA
|
||||||
|
- created_at: "2024-05-26T00:28:49Z"
|
||||||
|
enc: |-
|
||||||
|
-----BEGIN PGP MESSAGE-----
|
||||||
|
|
||||||
|
hF4DQrf1tCqiJxoSAQdAy+TLSybMtug+TfJVBd4WJP4q5V6Qf0yPtgj4YUF4YCsw
|
||||||
|
rUctAxIueheQq5uqoPm3bTeLUYeticEVf090hr0613uh+l5DZcD/vqoHUK5dx7Zs
|
||||||
|
0lwBTi6sRElMIJiXplIvCMyYAOne/QZG3WaLx+LqqaNlNKPz8OVPhbokC++VNpwz
|
||||||
|
l5GE8Cv1ZoEDxbjLWurS772NiIumo+lAnjQMAxhHo4lVPXTxZZCqx3/98agyKQ==
|
||||||
|
=oiZp
|
||||||
|
-----END PGP MESSAGE-----
|
||||||
|
fp: B71138A6A8964A3C3B8899857B4F70C356765BAB
|
||||||
|
- created_at: "2024-05-26T00:28:49Z"
|
||||||
|
enc: |-
|
||||||
|
-----BEGIN PGP MESSAGE-----
|
||||||
|
|
||||||
|
hQIMAzdAjw8ldn6CARAAvnyyMeBLfWLFU6dBK2lNAzJy/gHb674YQbCe4W/w9Cjl
|
||||||
|
2pbiw1Hhpe0P7d7MGy2mB3Hi7cLygklFZADkHnrOoRIaJ8KqJELsNSHjapIE4+jW
|
||||||
|
8NWIcRSyZzOQFeKGFPNCJgyYd68clNmiLNlIAI/Xuxf4xSb3BLkBDRx1cIoug5gZ
|
||||||
|
pn7RrWYDPgrUyn9YfAJDr5OJsBcJD70sdi1TmCK6X6UCGZpNUI22yqS40LX6aCvj
|
||||||
|
WzZ6gd+nyjLlHXBBSG8R2lywPdoEVo4Y0pWvd5oK85Xl80gtlXSpFBfEg+EWbLCa
|
||||||
|
EkiAXthSAWwgBfjV0UCM+Qd5aiwNb8Q9j90AqPhIAawnsGWRrSL40finvJOdf4lW
|
||||||
|
f8R8Xk38RovBlHii1u0iw9O3Efur0UJ+aEntIEjaoND6K+32oJI56CWev0ARgR9N
|
||||||
|
ECROL+57Z1121S4QfDGp3LuClgAJDPB/LTL9ly39jOVaPZ7Ym+8qe45C0nkO3SDI
|
||||||
|
nyIkv+GA/gz9EuClfShc4N3T+XPjSe+wz7gt9hACpSai+Muea+2ruUpa9Kn8hasi
|
||||||
|
1zq7qR+3+ueJc5+8P6xIyCKxBTneBM2VNlh2e0GZlCxqCrx5Vt0spr4fijM/JvEo
|
||||||
|
+/2oIRv75NtF9zAwk7foSbyw8WQCReW61hLr9rVnYMoCkhYhlEIEGBZiq/94SHzS
|
||||||
|
XAEUZMZIyLdgzXVIoP8GVEqCErVYT5qCpo8Ett/v8efm27ucV797SrRibqiFEwIo
|
||||||
|
SsEKMoULNyHXQfnuKviNnuG1ril/azjsAtiucJvTdol7pY2nRWeYXIVecX0G
|
||||||
|
=Dlro
|
||||||
|
-----END PGP MESSAGE-----
|
||||||
|
fp: 3D70F61E07F64EC4E4EF417BEFCD9D20F58784EF
|
||||||
|
unencrypted_suffix: _unencrypted
|
||||||
|
version: 3.8.1
|
7
config/hosts/forgejo-actions-runner/sops.nix
Normal file
7
config/hosts/forgejo-actions-runner/sops.nix
Normal file
|
@ -0,0 +1,7 @@
|
||||||
|
{ ... }:
|
||||||
|
|
||||||
|
{
|
||||||
|
sops = {
|
||||||
|
defaultSopsFile = ./secrets.yaml;
|
||||||
|
};
|
||||||
|
}
|
|
@ -8,5 +8,6 @@
|
||||||
./nginx.nix
|
./nginx.nix
|
||||||
./opensearch.nix
|
./opensearch.nix
|
||||||
./redis.nix
|
./redis.nix
|
||||||
|
./sops.nix
|
||||||
];
|
];
|
||||||
}
|
}
|
||||||
|
|
|
@ -12,9 +12,8 @@
|
||||||
{
|
{
|
||||||
services.forgejo = {
|
services.forgejo = {
|
||||||
enable = true;
|
enable = true;
|
||||||
package = pkgs-unstable.forgejo;
|
|
||||||
database.type = "postgres";
|
database.type = "postgres";
|
||||||
mailerPasswordFile = "/secrets/forgejo-git-smtp-password.secret";
|
mailerPasswordFile = "/run/secrets/forgejo_git_smtp_password";
|
||||||
|
|
||||||
settings = {
|
settings = {
|
||||||
DEFAULT = {
|
DEFAULT = {
|
||||||
|
@ -46,6 +45,9 @@
|
||||||
DEFAULT_USER_VISIBILITY = "limited";
|
DEFAULT_USER_VISIBILITY = "limited";
|
||||||
DEFAULT_KEEP_EMAIL_PRIVATE = true;
|
DEFAULT_KEEP_EMAIL_PRIVATE = true;
|
||||||
ENABLE_BASIC_AUTHENTICATION = false;
|
ENABLE_BASIC_AUTHENTICATION = false;
|
||||||
|
ENABLE_NOTIFY_MAIL = true;
|
||||||
|
AUTO_WATCH_NEW_REPOS = false;
|
||||||
|
AUTO_WATCH_ON_CHANGES = false;
|
||||||
};
|
};
|
||||||
repo = {
|
repo = {
|
||||||
DEFAULT_REPO_UNITS = "repo.code,repo.issues,repo.pulls";
|
DEFAULT_REPO_UNITS = "repo.code,repo.issues,repo.pulls";
|
||||||
|
@ -77,14 +79,10 @@
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
deployment.keys = {
|
sops.secrets."forgejo_git_smtp_password" = {
|
||||||
"forgejo-git-smtp-password.secret" = {
|
mode = "0440";
|
||||||
keyCommand = [ "pass" "noc/vm-secrets/chaosknoten/git/smtp_password" ];
|
owner = "forgejo";
|
||||||
destDir = "/secrets";
|
|
||||||
user = "forgejo";
|
|
||||||
group = "forgejo";
|
group = "forgejo";
|
||||||
permissions = "0640";
|
restartUnits = [ "forgejo.service" ];
|
||||||
uploadAt = "pre-activation";
|
|
||||||
};
|
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -4,19 +4,18 @@
|
||||||
{ ... }:
|
{ ... }:
|
||||||
|
|
||||||
{
|
{
|
||||||
networking.interfaces.net0 = {
|
networking = {
|
||||||
|
interfaces.net0 = {
|
||||||
ipv4.addresses = [
|
ipv4.addresses = [
|
||||||
{
|
{
|
||||||
address = "212.12.51.136";
|
address = "212.12.51.136";
|
||||||
prefixLength = 28;
|
prefixLength = 28;
|
||||||
}
|
}
|
||||||
|
{
|
||||||
|
address = "172.31.17.154";
|
||||||
|
prefixLength = 25;
|
||||||
|
}
|
||||||
];
|
];
|
||||||
};
|
|
||||||
networking.defaultGateway = "212.12.51.129";
|
|
||||||
networking.nameservers = [ "212.12.50.158" "192.76.134.90" ];
|
|
||||||
networking.search = [ "hamburg.ccc.de" ];
|
|
||||||
|
|
||||||
networking.interfaces.net0 = {
|
|
||||||
ipv6.addresses = [
|
ipv6.addresses = [
|
||||||
{
|
{
|
||||||
address = "2a00:14b0:f000:23:51:136::1";
|
address = "2a00:14b0:f000:23:51:136::1";
|
||||||
|
@ -24,7 +23,11 @@
|
||||||
}
|
}
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
networking.defaultGateway6 = "2a00:14b0:f000:23::1";
|
defaultGateway = "212.12.51.129";
|
||||||
|
defaultGateway6 = "2a00:14b0:f000:23::1";
|
||||||
|
nameservers = [ "212.12.50.158" "192.76.134.90" ];
|
||||||
|
search = [ "hamburg.ccc.de" ];
|
||||||
|
};
|
||||||
|
|
||||||
systemd.network.links."10-net0" = {
|
systemd.network.links."10-net0" = {
|
||||||
matchConfig.MACAddress = "92:7B:E6:12:A4:FA";
|
matchConfig.MACAddress = "92:7B:E6:12:A4:FA";
|
||||||
|
|
|
@ -34,6 +34,10 @@
|
||||||
return = "200 \"User-agent: *\\nDisallow: /*/*/archive/\\n\"";
|
return = "200 \"User-agent: *\\nDisallow: /*/*/archive/\\n\"";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
# Disable checking of client request body size to make container registry
|
||||||
|
# image uploads work.
|
||||||
|
clientMaxBodySize = "0";
|
||||||
};
|
};
|
||||||
|
|
||||||
networking.firewall.allowedTCPPorts = [ 80 443 ];
|
networking.firewall.allowedTCPPorts = [ 80 443 ];
|
||||||
|
|
233
config/hosts/git/secrets.yaml
Normal file
233
config/hosts/git/secrets.yaml
Normal file
|
@ -0,0 +1,233 @@
|
||||||
|
forgejo_git_smtp_password: ENC[AES256_GCM,data:ZRj5GpQKRlTxdu5CfbJirRGAKPCLAIG1F0V5USz5m5D49V3lu5uLomxHapmEwb0yYoE7e7ZLYK4VQUoQgpUnSw==,iv:K7+9E2gi8cdYu0lX/HgWitLxnxARywIwh5glEL0uOsM=,tag:s9UC8e+E5E3vM6cTKW7Vqw==,type:str]
|
||||||
|
sops:
|
||||||
|
kms: []
|
||||||
|
gcp_kms: []
|
||||||
|
azure_kv: []
|
||||||
|
hc_vault: []
|
||||||
|
age:
|
||||||
|
- recipient: age18zaq9xg9nhqyl8g7mvrqhsx4qstay5l9cekq2g80vx4920pswdfqpeafd7
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2ZFhrMlF1YnV6bHlJZFp1
|
||||||
|
SExjNXk0aTE3U2pBd0lHODlkZW9La1M2cHhjCjd1VTdKWkE2ZWxoMWFjREsvLzdS
|
||||||
|
K3lSSkRMZ3lLZ0tSaDZMRkt4MXBMeXcKLS0tIDFlVjNXcktpbHdJc2hraGNrNGJh
|
||||||
|
UHlJWFN4NW1tNWFCU2EyNjkveXZML3cKrKk1w3IBAgdmicuFyGOaU26fwpULAcy9
|
||||||
|
eZPlcbRPUPHoRhy9GhNTAcXXDQzimKL39XZGAd0U29Kt9AvWAf8Qpg==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
lastmodified: "2024-05-25T14:17:29Z"
|
||||||
|
mac: ENC[AES256_GCM,data:JeqYsVtogbB4oMWNEpLsF6zxsgUoAt7UzRUL2JzxDUtXDUndW/AxJxVxQaipYvblA3q2MzRyQN+j9khavlL02DR/ANtZFLQmH3OREV7M9eHmeeCa4Lm5D7gFYmqWkULJ7yEJsKz5AaiJTWlWgCcBITB901H3Z12dsz2a1+4WrUc=,iv:5Xm5Rjw8PS7hkTcRD1kj5XS5uiOgsPwXYeaMqUReB7E=,tag:2Y5R1/Why1TQd+ZYTF0qDA==,type:str]
|
||||||
|
pgp:
|
||||||
|
- created_at: "2024-05-25T14:42:41Z"
|
||||||
|
enc: |-
|
||||||
|
-----BEGIN PGP MESSAGE-----
|
||||||
|
|
||||||
|
hQIMAxK/JaB2/SdtAQ/+Pw0v8i3ZGw4QNjAu9NX6ZJ5hvBHJgtcOWch3ZHlIAuxs
|
||||||
|
rNoPYhuKaYZL6QJcPTjP8AHVkFIEp+mVbXnsS3PCNUxPnwBS3DfAk+b9OmIJ5U8i
|
||||||
|
H0VYv4FpdAblyq59GPYx5cBaKUxAagATqlYmMh8b530DYBGcoAHPtzhCaZj+aJI9
|
||||||
|
ybakmmNfSqtdhJoWwRaRekqhbZ++wmS7axeefawuicXpdlNxhypEMKBUpGA847cH
|
||||||
|
lI4hw1/+KvyN/BT1q66vQanYpM8NNFLyyamT6HeBxQ1lP6gfb/T0a805qnaCXaZY
|
||||||
|
z2Ui6XJL/lbUWzG/0xnSJIFiQc7hIqMGIz+EHyYep5NBu/hiIUK1RpIFL4ClEOh3
|
||||||
|
kfVlWC16ys3fGHlFOTTBc3yJPGtyPjd5lGGfFmawwnegPH2wdNIt5tjrA7+vwKRE
|
||||||
|
f+RFNzvfc11o8rhGnbGd4ZGNgexuhxVaRGDSNqO0aixprSurcOa21Z1U76tvnJGq
|
||||||
|
IoeFtZf5KutqqLIyLoK0JM0YkSb92S/BHkIKpUO9fsKLRdQdnvm++8NRLJ/jXLVz
|
||||||
|
lZZnLxMC7QvKMyxE7J8GKye7nQa6S6CkEcqUsgXSMaxB3GMe9MiGWS9nqh16tHDX
|
||||||
|
p9YR9FVj8BUKWsTbIPKkomIaoxhRJvW6cakVcM7RG0rySVjGxrc2oAvYgjpVmmDU
|
||||||
|
aAEJAhAxPM/qlV+JghqnmnjP9Kn6KTIvGV2NGvX5YbY4k/NgL/sZ7VLsGZldemiu
|
||||||
|
1ogKtLzjRnvtruPhXBXPv3Ivw+a4ie7YBPsyyyh4RFfnZq7abAwBVDZDVXPA2GUS
|
||||||
|
9JOUdkYe2Q1T
|
||||||
|
=1km6
|
||||||
|
-----END PGP MESSAGE-----
|
||||||
|
fp: EF643F59E008414882232C78FFA8331EEB7D6B70
|
||||||
|
- created_at: "2024-05-25T14:42:41Z"
|
||||||
|
enc: |-
|
||||||
|
-----BEGIN PGP MESSAGE-----
|
||||||
|
|
||||||
|
hQIMA6EyPtWBEI+2ARAAiyKB1LVhFUxkC/bKs7TmtXGbA+2xWwrtt9gUACD+GNlT
|
||||||
|
P0jQJ4N7x0xpvgo+ELNx4Owq4EXFYH8bI27zUxW9FmJu672uFVIpud4nZX+2AfFs
|
||||||
|
+Iy7VBp95kfS77Mc9VClJTJEaLMZOvciqlY58p1FB6C4pNwOuEhMvZ7athLVLlEz
|
||||||
|
hOrKkJAAtnjWXOFLBkq7BKCBVsxSLOUXMBgmK1Fr4dTJPifiXIIbO2BdNXanzMpv
|
||||||
|
8ANtENZ4JpqBHDW/DGoACkAh/hqu8p4B4TBC3L7szvFktsxy93w3i59CDXUroKXO
|
||||||
|
cG//41R5OH/EguctfO84qUWCe+eqA2D2ZuWIqSD6Aa4izQE+aTl+WDx/oxKuQcJB
|
||||||
|
UgKiLm/HXI7w1Zp7v2oRUt4BFr2EXHicsEkV+ztCGDMMPw0zBA3EE4fMFDmM9BXh
|
||||||
|
Y6bOT1cV/TQ1IgWvH6gMe4qdJscqYEfNMJNl6kZzylUSLBxK0YAfqxSnvV6lZ2D7
|
||||||
|
82KLl0TRZOiCWO0EMcRuN2L8AasrO4PaBGI/kbU2dCr8q4ku3qTjW7b77d6pVW29
|
||||||
|
Gh2eV+goXcdnk9tJt4hPcmz3vYIFJL8Pbmy5mSO0BetFdFVFnIhBuQzrXwe+Iq7z
|
||||||
|
nQ2L1eeDT0WI4PMEIz+YM0QVCMM52d0fK+JeiVz8H/bO7NcPCYTylcK68BA6QaLS
|
||||||
|
XgEP7Vp6aB2qQPbLYI1CfNrjiHLyCHXBJwyWGR3sSFB6LmvHsfx3tsHWdKxyrz3E
|
||||||
|
9AM9WvP+taIpK0F7OjDBcadaMo3Bzl74WVEtznaEmu9Vex7HxNXIMXXBHMj5RAU=
|
||||||
|
=CbYz
|
||||||
|
-----END PGP MESSAGE-----
|
||||||
|
fp: F155144FC925A1BEA1F8A2C59A2A4CD59BFDC5EC
|
||||||
|
- created_at: "2024-05-25T14:42:41Z"
|
||||||
|
enc: |-
|
||||||
|
-----BEGIN PGP MESSAGE-----
|
||||||
|
|
||||||
|
hQIMAz5uSgHG2iMJAQ//RSjkwW/PxItmHjB0luZ8pP6sMP5iTrgvwie04F3y1gu6
|
||||||
|
mIdAvh8QgCn/5Q/IqKZo7zdUzTQhyuq03DNUzuKyB/Sel6klohnW0QXes8Jt3vUe
|
||||||
|
W9bFFmIaFTk4mDc/tD5Vleph0ruNMXHlQRO4ia5wcYpVw0LtT3pKM5XApNl/9UKT
|
||||||
|
UFZ9/Fvad2a/p277Ai/N5dPUwM535s8H3Kkz473BvoS4Az7cjVnyxKHhguNQH9pw
|
||||||
|
n6hgXEjvyzDrzWvJwrX1T84KvCsPh0idAA9W5YfMU/4loL4RJUqvjkUvn2ErsPrl
|
||||||
|
gNoPTRY+BiivW2HV2uWRkiOyKTwVLdgs/oawZX7LB4aIaI9b5y8rcmHV4fKP8OEh
|
||||||
|
3q7LB5HU1peGmd6agwu1/ejbIc3+4WytVfoqHDI7MJ7jPE3iyfAxaZm1x5PFbVhA
|
||||||
|
7zmYs6tXs891l3ZJps84I/S1uSHjxJbMuGh954RHMmPHCrnLosS8yeNLEO2AHpQi
|
||||||
|
m2FFxbXCRFx7Xd8SvW2lAaKfeU+x36yUYCf7APaQeb59QLTnustIle6i4XQl070m
|
||||||
|
7GK/Hj2uanq6TEhAKWJlyVAucw4gruCfrjC7extPyY4pC4yXVUpM0jqJO37yCw+F
|
||||||
|
k64syU8yhR6whTmOPA/c2JsYoGKbV22NYRj6WIK9cIyiL34ellZVO9Ccsz6QGgHS
|
||||||
|
XgHve1EpLmsR1h1OKCKyUJNnNjvOnehZwyjCFwqT/DrIS1NUgoOaFr7As50YMfhU
|
||||||
|
ymMhQyDGYjjMHdmGoqmgPMOrJf/MJIECdzx/K/0e+eKM1RsC5XpwZnwKme+cVJc=
|
||||||
|
=5GW+
|
||||||
|
-----END PGP MESSAGE-----
|
||||||
|
fp: 18DFCE01456DAB52EA38A6584EDC64F35FA1D6A5
|
||||||
|
- created_at: "2024-05-25T14:42:41Z"
|
||||||
|
enc: |-
|
||||||
|
-----BEGIN PGP MESSAGE-----
|
||||||
|
|
||||||
|
hQIMAw5vwmoEJHQ1AQ//djObFBa/PnDRF/Q9ngtQy6VmuyUfErLqj9x1OOojB0g6
|
||||||
|
yMCvqH9zrN4JT82rb2xqvjbqEtZGq/35B2GccMXBifJy5JQj3SHOyTEPuoVr+yVK
|
||||||
|
4fzZ9k6vEUYl7FicEZABud8uasfoIGC/jn7EpYgP4v49RtXsESF0aTCnrcwqg03E
|
||||||
|
/cVJW4ovtIQM6UiE/BQPIdbUNPgVrwbDSxilNQrShvJvu3jVfCkdXuyOqlhF/lnH
|
||||||
|
weR/P1dNRhtNzZKLFYHNJRiJA3RuS+h2BFxG1pKhBfMfI/s46g74GkP/R+SEX3o1
|
||||||
|
l83P18t0br2pqqEE/qGHeLQ8PvEsTVHzxAzX8Qgx6qJQQfCDm2jDb6FlsxX6HT0y
|
||||||
|
TC3leI5q0u1A7Oj6nEl7p70/NjW2+W+cXWw4hmwMMnV0xNXsOBBDqk3sA9rJ8Mwx
|
||||||
|
oO6CuLqsWMsO0jGWptLebIzGnwMvaSWMGTMRgweW4gKNzcmiOXUrv5OT4ImJxgwt
|
||||||
|
7rFFPGcrVWUzBdGtTquLryAN1Gf1Co59ndG2SS0LKxVnY1sYspwd1FINpJA6x+99
|
||||||
|
kX4zJlK5qA8wcqkgj5WhTTXIQGLKD+R58pGjizEJzDt4aMB536uZa86ntP4bd1/5
|
||||||
|
Q4zjzwF0aIMWX9FdaCilFMjWjT+iMOl6m2dI3EBcUuTzqL8JTKbBxQ9z+Hc+yELS
|
||||||
|
XgHe79QN5IUbyoH/Fi7jNA7XEUwI6WIrhZ8TWF4nS3HgZkVfsZ/oK1DFBdVcZ5Zd
|
||||||
|
/rJaKqgeQLCxoRFroI1vZYsBRKInRs+7yziK8YtbFhmX0azW5G0NiUtsYXBOguU=
|
||||||
|
=YSsr
|
||||||
|
-----END PGP MESSAGE-----
|
||||||
|
fp: 87AB00D45D37C9E9167B5A5A333448678B60E505
|
||||||
|
- created_at: "2024-05-25T14:42:41Z"
|
||||||
|
enc: |-
|
||||||
|
-----BEGIN PGP MESSAGE-----
|
||||||
|
|
||||||
|
hQIMA4HMJd/cQYrVAQ//byQSYLjXciKE2ryqYXiz3/OgDd0pIVr9HZLlxwUFJFMR
|
||||||
|
DLuxWPK+SxUj6F81mi4A9xq9CmTa3jMEVkGgblvjGoWjtEKKgJrdllMCvo5Q/Gcu
|
||||||
|
CLbMPXGfs/eDEjqEbX1rAdzR31TcFl9FI6bGUIXxGE21DeLIDCgInl5gNzVL+Ser
|
||||||
|
M5OAxpQCqe23wUMPya16XTzpaxug+mertfyOxC3XUk2A23y/8gey0pjAnaDTPIhD
|
||||||
|
q35ni2gA1eigiitJv2IWxIfbZ7rFuwmb9qi+vpBeqMTNLBBbhKgbSg4PUl6usFeC
|
||||||
|
65uRvNJOeMeXfwpPgMlphtz7pABg4ihW7tusVe//Utrph7QJs8bsiokXA/RYtTQO
|
||||||
|
uMK8oYdre9c4FboINGL4hznzUi02ZRiMh2Hf+V4cf4VK+YoBKsRYfO79lHytFHPF
|
||||||
|
6XCv9hh6qLuzTCHlUrAfOYbXbduS5mMLcfX6OYay4lYTEpx3dKBZz34wtg3TtMpP
|
||||||
|
eDuafUXNOfpx/E+4ZtB5X8Y99ax+3resPv9IQMTNOHQJ/vPa4JT8Avkrv/q4wIsJ
|
||||||
|
yMOixzR2bIPjetZbY4ykOwJxL2b0F/Bm5yu0rVHQp9+lYqrypjAzt5vhbdAMkDZD
|
||||||
|
CPxhEU/Kq7DC4fSE6ysTGEBBW+s4i7lwqvfds6RqHbQXL/0jginU4zSxZuZ26xvS
|
||||||
|
XgFinTWqnia1WkhfAZsH+UobDK92lKDiQRtM/xhWkNCB/WZQB4Q4EpJJeXIidTse
|
||||||
|
xQpG0tREIIuS75dJ6nD+Kh2CkOnalSVVvb3VVN8Ft9PEPLf76mE+x9Zk4Mu0vOc=
|
||||||
|
=BDOC
|
||||||
|
-----END PGP MESSAGE-----
|
||||||
|
fp: 91213ABAA73B0B73D3C02B5B4E5F372D17BBE67C
|
||||||
|
- created_at: "2024-05-25T14:42:41Z"
|
||||||
|
enc: |-
|
||||||
|
-----BEGIN PGP MESSAGE-----
|
||||||
|
|
||||||
|
hQIMAxjNhCKPP69fAQ/+P1WAWxpVnCVQpoHmEFNnK8x1ZeDN9IyYvFFpFRbRJ4f5
|
||||||
|
naL0ROxP/E19LGtD/bGbdBfVU4nNXdiXbGYtAlvAybAky9/8a8AJ97n2KVULR3xX
|
||||||
|
JnsXIjavi57MB3ty+Nop4Fgmv4p4AAsPOzDQtc07Uj5xzxrK9ARtv7w7UyJooOiG
|
||||||
|
Sp692SFChyskAjTVHWU9WKomqsqZY7XvbHJPQT6Y+wUbAjx9iAhpv0CEJcxX/irF
|
||||||
|
D3SkUD1tCJ0NHlzCZ0ORLdhDos+FNCASbhYZiCyUJn1mBfW6PcHmNevzaqSQQaoM
|
||||||
|
hd3vOxx5MFO81K3GtE/r1RA0waY/7knBHk0cBuscBOLhs6MC6i6mMfY711WoiOTj
|
||||||
|
Y9xCjAIYdOeK22fceg0Wk/FMtivFbgddpk+jOrAR6Wh6n2qJZDJFdxFpcaSF2fHj
|
||||||
|
dBZuJ/q5vRedjdLYFnL2uTejAKkQLthqL3F4m2Fzyr5wk80eGRYqQHDtSlwagVLD
|
||||||
|
ZoTLCtGp8qnSLF6Z+nnS9lmsf+X0286wAmRtxHsrTTGm2CDhBmvQjNeq086Bdhp4
|
||||||
|
z6S3WlgX5oMbTS3hD0BIr4euKIUT3CZcbyXzicuS4iwYOq1iaQEMGvXJ2TKkaOsI
|
||||||
|
9W2CPSySkIzp/z5Cpet4Z2JFBcO4QwgCvScm3yK53ZXkRoSwkUWBiWUO8GihgWzS
|
||||||
|
XgEGOQGCaBNxYr/B1ePYUTxZG7gz3qe3QzzrYebHUmYlEFcC1BkyD0CfWZy59oM6
|
||||||
|
mHL30p7LuuoQbO0VocvsnxR8ObQhXsncc+EyZx03zyeDSIbOFqs1sSQ/w+K1708=
|
||||||
|
=dnme
|
||||||
|
-----END PGP MESSAGE-----
|
||||||
|
fp: F38C9D4228FC6F674E322D9C3326D914EB9B8F55
|
||||||
|
- created_at: "2024-05-25T14:42:41Z"
|
||||||
|
enc: |-
|
||||||
|
-----BEGIN PGP MESSAGE-----
|
||||||
|
|
||||||
|
hQIMA1Hthzn+T1OoAQ/+IDsMHXF8Xpm7Mz8EuZ6OjINDfe1aVJqkq6dislIuniSn
|
||||||
|
z62K3gIlYKVCkPC4uQ5KAQBC6mCv/IYmy82OFmexeaHO1uYhLiM5z+5efxkbChK6
|
||||||
|
jxKYudsVe0l0vd7JpJVCO+GSw/jelALUhwtrr/A5URNQ+fQZrTAd5SE9bFEFf0P7
|
||||||
|
exTBlw6Cus5671R+s7G7OGbKgx47Kf4CDzMizYruRBvjwDPkKOAPAGnoNApjl598
|
||||||
|
m2uR4PmlqUJ0z/aFcBtcs1au05vGmVvckSMz8BiqpGsmlbZEVIQRiXqsZ5A7X88B
|
||||||
|
D6Nx0nb0t4WM1EV1UUbSLPFwwcVkOSHHfs8SGk3gaStCNWunkrPGQStUFBmU1TpL
|
||||||
|
2exHEKopll2gQ+XKfvE+mPF0cqd8dq2SfZpLZgp80pKieuHXN/DJhEHoBSELixDe
|
||||||
|
zRXB5/s6Gr2Hlgd3lfp910UndiycP5ROJZbEwJ6O0x8QRxeIqbpk4eXiIK/4lxiK
|
||||||
|
ENepdeFSk8/DS/yEMc4M1kWxxm0rkQO/dxn3SvYV49eNFvkRMWkWimMrSbaIUKNM
|
||||||
|
k8KSLYr6JuoKP0v3NZHGcBZUGd8KuDi8R0A9KZtqz0pHyRIh/Ox+to+Gmlw7EP0r
|
||||||
|
ARPQOBQBUjcxqW6BRJ31onE24AxZN0b3pAAPMt7Z7KXmveHGGqolU1peZfeATKrS
|
||||||
|
XgHJDBQkCm1SOX89yw0O0DVZ43z0b9UqyP157R4JgdyEleNsMbPl+KDPCPx6vAnm
|
||||||
|
iGrsjpWeKMwA3s2biSYUb8T00KD48vH1nidc+XEjfQ/fBDJIsR8Ku7YMZtzKmNY=
|
||||||
|
=xEYv
|
||||||
|
-----END PGP MESSAGE-----
|
||||||
|
fp: 5DA93D5C9D7320E1BD3522C79C78172B3551C9FD
|
||||||
|
- created_at: "2024-05-25T14:42:41Z"
|
||||||
|
enc: |-
|
||||||
|
-----BEGIN PGP MESSAGE-----
|
||||||
|
|
||||||
|
hQIMA46L6MuPqfJqARAAkAuIMiq8rw37IFlLlVv1tzQbGMmWjNhQndBAlwA/dAaf
|
||||||
|
zk8dNuKA8wlmAFv6uwbmfOzvdiwunoYq8cgIRdaP7ieNPRppHIm+pbojWKOvXoZZ
|
||||||
|
6b2+ILacE6JBHpk5o+KbrILrnn1ciyfhGq6CX9gCi9+vvQkZk3+WexgaHEOfFL6x
|
||||||
|
zCp5jVEIbVeDMZIxVbDDVHMiXBy2qmpYrSDMnky05/szu9BBJodcsqZFAqgumVf2
|
||||||
|
kBFFvnzdhJgKWBfJ2H2CfVOWx3CUhLXidqJyFgzs338aGhSNO4jGKvOn1Yx/PLlg
|
||||||
|
LSRphptnmzM83BS4ev9/ejvYiWbxorKSBTPZBqehpKFtPdNNUqbWMpq/lmAn3yLu
|
||||||
|
S+yAVAklCHSDtKEdS9YHAFqycgxvj1VNxLx1DI2mNPyUBoOgzfdD1NiUDQp2s3j4
|
||||||
|
EX8EsH1+b1eKk93751yLKMaSfLjU6lnd2d/h++WIt5tDx71XvIJ91yV3NJVr2wIo
|
||||||
|
MVIUJFh16+zQOWvc6rKCQh8U5cu3AVcB8EfoRrn5fCNh6tu7Aw/fHxz/l/U0vzId
|
||||||
|
cWFZCYFrg4i3T5w3U+ZV5kgoMQaRDh6T8yVXZQTzKSi5qAQW/qeGn6h2zHWARznC
|
||||||
|
J3IJ6M9pX6zibz1ao9oc0ePhU3Vy2vNFdFcpGgLe3gl10BM7GbU7rrmAlHFgG4nS
|
||||||
|
XgHhWFZtUAcYwEuhuOVDfmN4J/QNWlzl20RML92pf0UNCx1VHrStAbA64MqyvE4V
|
||||||
|
Dgallu5Dr+u5SHLgAaNj9HfgAGuDLPCXGrCoYK8KLUR8fIYwkuO13FN2A0YnHOY=
|
||||||
|
=IKCU
|
||||||
|
-----END PGP MESSAGE-----
|
||||||
|
fp: 8996B62CBD159DCADD3B6DC08BB33A8ABCF7BC4A
|
||||||
|
- created_at: "2024-05-25T14:42:41Z"
|
||||||
|
enc: |-
|
||||||
|
-----BEGIN PGP MESSAGE-----
|
||||||
|
|
||||||
|
hQIMA4EEKdYEzV0pARAAomxJSaPmNrFFIiqfWzwdemWBUK4oujqRSvfRmnK3fg7s
|
||||||
|
p+Q/eV8/jYqxPk1q/P9thQSu9gq3OXLkgT2TlMwcsFBG1+xnksu3Xcqr47ON7N9H
|
||||||
|
J5K6a0KPX07O9fuP6VZtn4cDatLq6ag7RYLp2D7v68eRMi1Kyc3W3mZyz2AlbrUO
|
||||||
|
7T/tOqQzD1Zb/vwIy0Vfn8w2KMCPBi3TxlfSdohPsZWehrIAAKZHDRp2931iKPXQ
|
||||||
|
0gDwjTd0sEdXwi+sfXxq00988R4uXIjJhBd+ZFOxIHg9yEcXSW02eUauVwETuLzv
|
||||||
|
2ohAB/LOKQx59mVyE9gFxtMM7oo3vb5zWcnX9pHG+N0UE/RU2C+aR8a3KCOtysk9
|
||||||
|
cHwBLT6Iv3zijeJCeKG7IvSgsp/WW71rqDZCMphs5cFZdzEola+lRXNPIpz6YJ/t
|
||||||
|
qyTFbu4BG76LZyRRTg+i35NhS/GiQCUMyZoUxW0mLgjDsbYS55FQdFP3xaH5BaPg
|
||||||
|
81UrfF3hV1Vrwe6DHbSEYe3qutk3p4NMruHvIIJJLwimIe3i6+MP3/N+ACLV1wBl
|
||||||
|
caNH/e7H4KStDwuNFb3BjXEXHBLPgnnbdkTSTHZFtmEA0o2avrM/EzVDvvVxTCT2
|
||||||
|
e9pbfNCAoXCNo6nstaWRPKjwP8u5HN7RCxjufpZnySt0H/5Ux4qy2v/01i7OARrS
|
||||||
|
XgE58F0/szyLPmsigEpWhFPIunfIF6esq+4u9OVyqBicYFZHfUddyqTLl64swDHk
|
||||||
|
r7vxwxH/A8QMGj2GSmQez25MDU/NBTBTotEzRSyxvqZFTxn7IOxKDblSYPhEfCY=
|
||||||
|
=Tf91
|
||||||
|
-----END PGP MESSAGE-----
|
||||||
|
fp: 9DFA033E3DAEBAD7FDD71B056C7AAA54BE05F7BA
|
||||||
|
- created_at: "2024-05-25T14:42:41Z"
|
||||||
|
enc: |-
|
||||||
|
-----BEGIN PGP MESSAGE-----
|
||||||
|
|
||||||
|
hF4DQrf1tCqiJxoSAQdAhuqKLIrt0ortv8L+5ex4c8h3ZbiIDTLSGhML7jbMAUww
|
||||||
|
ntvI7quM3pEBFfdBT4BuPCrgka9gA9KRKGRwxYX3uSe5jPtgnH8GI1+gImeyWIu5
|
||||||
|
0l4BEMzlg3LOwADrDONa9xStlwAIlxgH53bqmCVQ2t6zHkxAcSGeHLn2y+aCh6wI
|
||||||
|
9oicvnC69DuQLkMwBFMEMUNiQwwGH8EMfQRacoFAEtH5YqiwBT1qxsnOC8ALfZ+9
|
||||||
|
=1uoR
|
||||||
|
-----END PGP MESSAGE-----
|
||||||
|
fp: B71138A6A8964A3C3B8899857B4F70C356765BAB
|
||||||
|
- created_at: "2024-05-25T14:42:41Z"
|
||||||
|
enc: |-
|
||||||
|
-----BEGIN PGP MESSAGE-----
|
||||||
|
|
||||||
|
hQIMAzdAjw8ldn6CAQ/7BfqXXAGvvQVGeGJDi3+XhvZ0wKQvfS4UmjP7FFa4gm26
|
||||||
|
4W1eS5hM007yxpjOH7NAsVbWpej8jYA6dDfeuo7P34owws61F7LQLa0X61mC1qOZ
|
||||||
|
IXx4n4kdYSV/CyqJa8HrDe56B0dpou01vjbVZ383Pbf8+VzxaKeJ2X2y3ioRijZJ
|
||||||
|
+T+rCkDHx4neOrrUkutOTJhiezQaeOnFWPEAbNRVfdLAM9jFuuG0uKtnd7hkXf0W
|
||||||
|
8sv7z1xEYN8VF3bE70IGuyZtiTeXwhbTD0gq5kze8LldMLwBIxsrTd/xrH/Oc5Od
|
||||||
|
nY8vvdiLMlAwBrI4z+JI12Hi+b1nglldk3Hu34KaV7jG8DjgBGBy8yolqvKo0cT/
|
||||||
|
9T4aAe9eLANvyHpYfA1CkcFW4CHWOBRS79rC2HcHM1tQ8+coq+jxrzlYEBRwQcpE
|
||||||
|
2jBcP7mnIGPm1csIhB6u/UUKVMqlnZ57MdKHwwXja1vzxfnRNBqFdzq5uZEyU+OQ
|
||||||
|
dDJmURqxK4zCdhk+De7Nm/wR8J7xtIJLUszu2lDJ6SWQEsut2cNUVUvmd5XV1BWV
|
||||||
|
kZaIFKADZI9qcbivci6fpCEH1/qoU5jIZJ+zvOEOZLsIJXBw1M1/fgfSZ8Aosl2t
|
||||||
|
RpikITTF0S1HL2QLbWoogdgBp6X+6xjpoWIhHVi5lqm5CX8HTRwqrJL+hPi0GW3S
|
||||||
|
XgGQv0OqaxGfD6lwyVjokWvCSEoEfK0e7se+ZyJifwAlarGaLvG0PU/iW5cVUolV
|
||||||
|
QT3TwrxD94ZB412nL2+4/QPCT/ZtOXcO+9dhLiSLneHrNrSReByIAOE1s1ZU8MM=
|
||||||
|
=XvKN
|
||||||
|
-----END PGP MESSAGE-----
|
||||||
|
fp: 3D70F61E07F64EC4E4EF417BEFCD9D20F58784EF
|
||||||
|
unencrypted_suffix: _unencrypted
|
||||||
|
version: 3.8.1
|
7
config/hosts/git/sops.nix
Normal file
7
config/hosts/git/sops.nix
Normal file
|
@ -0,0 +1,7 @@
|
||||||
|
{ ... }:
|
||||||
|
|
||||||
|
{
|
||||||
|
sops = {
|
||||||
|
defaultSopsFile = ./secrets.yaml;
|
||||||
|
};
|
||||||
|
}
|
9
config/hosts/hydra/configuration.nix
Normal file
9
config/hosts/hydra/configuration.nix
Normal file
|
@ -0,0 +1,9 @@
|
||||||
|
{ ... }:
|
||||||
|
|
||||||
|
{
|
||||||
|
networking = {
|
||||||
|
hostName = "hydra";
|
||||||
|
};
|
||||||
|
|
||||||
|
system.stateVersion = "24.05";
|
||||||
|
}
|
11
config/hosts/hydra/default.nix
Normal file
11
config/hosts/hydra/default.nix
Normal file
|
@ -0,0 +1,11 @@
|
||||||
|
{ ... }:
|
||||||
|
|
||||||
|
{
|
||||||
|
imports = [
|
||||||
|
./configuration.nix
|
||||||
|
./hydra.nix
|
||||||
|
./networking.nix
|
||||||
|
./nginx.nix
|
||||||
|
./nix.nix
|
||||||
|
];
|
||||||
|
}
|
15
config/hosts/hydra/hydra.nix
Normal file
15
config/hosts/hydra/hydra.nix
Normal file
|
@ -0,0 +1,15 @@
|
||||||
|
{ ... }:
|
||||||
|
|
||||||
|
{
|
||||||
|
services.hydra = {
|
||||||
|
enable = true;
|
||||||
|
listenHost = "localhost";
|
||||||
|
port = 3000;
|
||||||
|
hydraURL = "https://hydra.hamburg.ccc.de/";
|
||||||
|
# E-Mail configuration requires some work/investigation still.
|
||||||
|
notificationSender = "no-reply@hydra.hamburg.ccc.de";
|
||||||
|
useSubstitutes = true;
|
||||||
|
minimumDiskFree = 8;
|
||||||
|
minimumDiskFreeEvaluator = 2;
|
||||||
|
};
|
||||||
|
}
|
22
config/hosts/hydra/networking.nix
Normal file
22
config/hosts/hydra/networking.nix
Normal file
|
@ -0,0 +1,22 @@
|
||||||
|
{ ... }:
|
||||||
|
|
||||||
|
{
|
||||||
|
networking = {
|
||||||
|
interfaces.net0 = {
|
||||||
|
ipv4.addresses = [
|
||||||
|
{
|
||||||
|
address = "172.31.17.163";
|
||||||
|
prefixLength = 25;
|
||||||
|
}
|
||||||
|
];
|
||||||
|
};
|
||||||
|
defaultGateway = "172.31.17.129";
|
||||||
|
nameservers = [ "212.12.50.158" "192.76.134.90" ];
|
||||||
|
search = [ "hamburg.ccc.de" ];
|
||||||
|
};
|
||||||
|
|
||||||
|
systemd.network.links."10-net0" = {
|
||||||
|
matchConfig.MACAddress = "BC:24:11:45:7C:D6";
|
||||||
|
linkConfig.Name = "net0";
|
||||||
|
};
|
||||||
|
}
|
58
config/hosts/hydra/nginx.nix
Normal file
58
config/hosts/hydra/nginx.nix
Normal file
|
@ -0,0 +1,58 @@
|
||||||
|
{ config, pkgs, ... }:
|
||||||
|
|
||||||
|
let
|
||||||
|
domain = "hydra.hamburg.ccc.de";
|
||||||
|
in
|
||||||
|
{
|
||||||
|
services.nginx = {
|
||||||
|
enable = true;
|
||||||
|
|
||||||
|
virtualHosts = {
|
||||||
|
"acme-${domain}" = {
|
||||||
|
default = true;
|
||||||
|
enableACME = true;
|
||||||
|
serverName = "${domain}";
|
||||||
|
|
||||||
|
listen = [
|
||||||
|
{
|
||||||
|
addr = "0.0.0.0";
|
||||||
|
port = 31820;
|
||||||
|
}
|
||||||
|
];
|
||||||
|
};
|
||||||
|
|
||||||
|
"${domain}" = {
|
||||||
|
default = true;
|
||||||
|
forceSSL = true;
|
||||||
|
useACMEHost = "${domain}";
|
||||||
|
|
||||||
|
listen = [
|
||||||
|
{
|
||||||
|
addr = "0.0.0.0";
|
||||||
|
port = 8443;
|
||||||
|
ssl = true;
|
||||||
|
proxyProtocol = true;
|
||||||
|
}
|
||||||
|
];
|
||||||
|
|
||||||
|
locations."/" = {
|
||||||
|
proxyPass = "http://${config.services.hydra.listenHost}:${builtins.toString config.services.hydra.port}";
|
||||||
|
};
|
||||||
|
|
||||||
|
extraConfig = ''
|
||||||
|
# Make use of the ngx_http_realip_module to set the $remote_addr and
|
||||||
|
# $remote_port to the client address and client port, when using proxy
|
||||||
|
# protocol.
|
||||||
|
# First set our proxy protocol proxy as trusted.
|
||||||
|
set_real_ip_from 172.31.17.140;
|
||||||
|
# Then tell the realip_module to get the addreses from the proxy protocol
|
||||||
|
# header.
|
||||||
|
real_ip_header proxy_protocol;
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
networking.firewall.allowedTCPPorts = [ 8443 31820 ];
|
||||||
|
networking.firewall.allowedUDPPorts = [ 8443 ];
|
||||||
|
}
|
10
config/hosts/hydra/nix.nix
Normal file
10
config/hosts/hydra/nix.nix
Normal file
|
@ -0,0 +1,10 @@
|
||||||
|
{ ... }:
|
||||||
|
|
||||||
|
{
|
||||||
|
# Allow Hydra to fetch flake inputs.
|
||||||
|
nix.settings.allowed-uris = [
|
||||||
|
"github:"
|
||||||
|
"https://github.com/"
|
||||||
|
"https://git.hamburg.ccc.de/"
|
||||||
|
];
|
||||||
|
}
|
|
@ -7,5 +7,6 @@
|
||||||
./postgresql.nix
|
./postgresql.nix
|
||||||
./matrix-synapse.nix
|
./matrix-synapse.nix
|
||||||
./nginx.nix
|
./nginx.nix
|
||||||
|
./sops.nix
|
||||||
];
|
];
|
||||||
}
|
}
|
||||||
|
|
|
@ -44,20 +44,16 @@
|
||||||
};
|
};
|
||||||
|
|
||||||
extraConfigFiles = [
|
extraConfigFiles = [
|
||||||
"/secrets/matrix-registration-shared-secret.secret"
|
"/run/secrets/matrix_registration_shared_secret"
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
|
||||||
systemd.services.matrix-synapse.serviceConfig.ReadWritePaths = [ config.services.matrix-synapse.settings.media_store_path ];
|
systemd.services.matrix-synapse.serviceConfig.ReadWritePaths = [ config.services.matrix-synapse.settings.media_store_path ];
|
||||||
|
|
||||||
deployment.keys = {
|
sops.secrets."matrix_registration_shared_secret" = {
|
||||||
"matrix-registration-shared-secret.secret" = {
|
mode = "0440";
|
||||||
keyCommand = [ "pass" "noc/vm-secrets/chaosknoten/matrix/registration-shared-secret" ];
|
owner = "matrix-synapse";
|
||||||
destDir = "/secrets";
|
|
||||||
user = "matrix-synapse";
|
|
||||||
group = "matrix-synapse";
|
group = "matrix-synapse";
|
||||||
permissions = "0640";
|
restartUnits = [ "matrix-synapse.service" ];
|
||||||
uploadAt = "pre-activation";
|
|
||||||
};
|
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,7 +1,8 @@
|
||||||
{ ... }:
|
{ ... }:
|
||||||
|
|
||||||
{
|
{
|
||||||
networking.interfaces.net0 = {
|
networking = {
|
||||||
|
interfaces.net0 = {
|
||||||
ipv4.addresses = [
|
ipv4.addresses = [
|
||||||
{
|
{
|
||||||
address = "172.31.17.150";
|
address = "172.31.17.150";
|
||||||
|
@ -9,9 +10,10 @@
|
||||||
}
|
}
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
networking.defaultGateway = "172.31.17.129";
|
defaultGateway = "172.31.17.129";
|
||||||
networking.nameservers = [ "212.12.50.158" "192.76.134.90" ];
|
nameservers = [ "212.12.50.158" "192.76.134.90" ];
|
||||||
networking.search = [ "hamburg.ccc.de" ];
|
search = [ "hamburg.ccc.de" ];
|
||||||
|
};
|
||||||
|
|
||||||
systemd.network.links."10-net0" = {
|
systemd.network.links."10-net0" = {
|
||||||
matchConfig.MACAddress = "2A:A5:80:C3:8E:32";
|
matchConfig.MACAddress = "2A:A5:80:C3:8E:32";
|
||||||
|
|
233
config/hosts/matrix/secrets.yaml
Normal file
233
config/hosts/matrix/secrets.yaml
Normal file
|
@ -0,0 +1,233 @@
|
||||||
|
matrix_registration_shared_secret: ENC[AES256_GCM,data:5fKfTqwoUreSIPbua5t1lYZFRnQQjNzFvrIBVIBfKWu20kH4BhlDboL/zYnhWLELq/KykX/EUvijoZxxTnUiN7T8H3L6fKOCQKacZkIwKfg/JjqLVnXIaY0JOwg=,iv:Cazhdo7YR0zSgiyQoHLsk2e4dWGSoSfEtOuMA1LEJcg=,tag:KsbnGvEyRbzbIXuAayQk5A==,type:str]
|
||||||
|
sops:
|
||||||
|
kms: []
|
||||||
|
gcp_kms: []
|
||||||
|
azure_kv: []
|
||||||
|
hc_vault: []
|
||||||
|
age:
|
||||||
|
- recipient: age1f7ams0n2zy994pzt0u30h8tex6xdcernj59t4d70z4kjsyzrr3wsy87xzk
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBvZzNVUm1keldaNExycVNM
|
||||||
|
OEV5SUZQNC9uSW8zMVNZOHQrMUQrNm01Tmg0ClF4Wm9uSzRTL055ZnlHUlplUHFO
|
||||||
|
QmhXQU5yMFJDMytyMjFiaWFXa1RuR3cKLS0tIDM2d014TTRySXVtOEJieVRxdlVp
|
||||||
|
NG95TjFjUjZFMXh2STIyakxqbUJnRlUKQ64ahDiNJ4nPUQ5pLH4Jb5yidNrK11dT
|
||||||
|
YSg9QNr++FTdYaQ/TXmYTg0d4kF3yb/xyG1vZMcpZP6+omwN73DSfg==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
lastmodified: "2024-05-26T00:55:05Z"
|
||||||
|
mac: ENC[AES256_GCM,data:ix01bcc6i1dTxoYkXbnEbLgMC1bcplI/hZhyO1mFzPAyjfn8h2d4AHUS9CG8UnIDYGky8Wx3BqrC6MmWMtt829m8bS6t83JTPxOEm1pFEa41sUkW9NYuNPL4LQ8X2BzwteQaI8nfscIuwOZ0nK5CmArZneuUookQEszAGX2R0Mw=,iv:mZlEG2pPfKLgZ+6k9iN+NexRzlibYi1HzqBzbrVFj3w=,tag:PIXA+vyOSaZdU0CaI+03/A==,type:str]
|
||||||
|
pgp:
|
||||||
|
- created_at: "2024-05-26T00:53:53Z"
|
||||||
|
enc: |-
|
||||||
|
-----BEGIN PGP MESSAGE-----
|
||||||
|
|
||||||
|
hQIMAxK/JaB2/SdtAQ//Zi8QfQ8Ahr8WyEeaJIvXBRGUzmyg84aboRweI9D/MeJ2
|
||||||
|
CnVm91xr74HylD6sAXbGcTnwTtWChrrgSJ7vGBj5t2UOuW9zpKFl/pgs7o4jzwoc
|
||||||
|
C2Kmgug7S/chaQJsfKTkAs0t/MTHO+DZru+O/pT90zgdQEig/19i1smnrseBuAiU
|
||||||
|
zow7lc9mwBTIEsTlkYoIr1+Ihoiizv/q9oeMvfaZr8hKV4wYTp1Cx9xCgXxVcv+X
|
||||||
|
SpzIqqTT/lm87znJcSWCQY9fTRrhAQu4RdhXzEIxTODljmFhQcx/Nug82EAc1Xjh
|
||||||
|
B7qMIsblbabJyrBUk5BypvDHJiso8qLd/6/i/rRztzK1q3vtT37XPKk8KIJz84cy
|
||||||
|
ZDqAGDWj8jWDctwac0xTAFKVr/5oF4TGIf1Ydwv7+GMOeXvn2ZInmiMGUKxdGhwW
|
||||||
|
vg2azqqatmRQxI+kHUHz+FBiQSTgKIkVplg8daCIhQVK4r4CkOU5dPvDjw7FLahV
|
||||||
|
LN7XVNVCZw7p9yACd5KkjWX2E7bfpHr/EADOr5epc/EZwOmblFmGPzFPNR/IfF+E
|
||||||
|
QJrw2bTDuMGZRzvn+6CozZOnOFpSrYtzbUHTvdt+iskHS1jD237NOvPe4j2Od401
|
||||||
|
c2LjekRPo9BpkrufIlDQrgjflH6RGHOLdgqPE9j2zIOfmKjdIYiQlIIjNlh/xeDU
|
||||||
|
aAEJAhCoQ0WS+mj/YL0Y7lu2/GEf5FxjkOwa0o6SOd7iR17zrTwRkBdSfsSUAiu1
|
||||||
|
pw4vkDFzgvwR+80vYfZcnYyCGOQKMYcn0PLtmnQfy/LUUGW+B1/kxqSHZDDhCuWr
|
||||||
|
o287s9GBxBoQ
|
||||||
|
=BImL
|
||||||
|
-----END PGP MESSAGE-----
|
||||||
|
fp: EF643F59E008414882232C78FFA8331EEB7D6B70
|
||||||
|
- created_at: "2024-05-26T00:53:53Z"
|
||||||
|
enc: |-
|
||||||
|
-----BEGIN PGP MESSAGE-----
|
||||||
|
|
||||||
|
hQIMA6EyPtWBEI+2AQ//VYKib9HvGAxzknrRfI15qFSHdvRxWDiR0M8Jo7JWTOCJ
|
||||||
|
e0BGytT/dkYAKXeZvLX4W/65jQ4GhBMi20NSnyfqsWt/ENoLc3v9mXX3JleBRceX
|
||||||
|
8Gyz7tlqjg+pVW7lUtotz4vM6TeKBJUT6tHm5K0OiQBeAtjitphIkmakw4wrS0+Y
|
||||||
|
+3Y7dOpktefQDSWVDPtbDOImcMFS6EYn5JCPG9xOhsX7XoK7/wCmZuSF3p/q6/CV
|
||||||
|
3NgTK0W2L68CiUye+ajrtn4545f3jnQXiu+JkZGcHdKsHaexW6dzpTsSgsSc1S+t
|
||||||
|
NlhEty6Q7kXXylG3OAtoEhsA3PP2Av2o0oaIpn1Syd5czHvmV7M+QT1M9HU6U96l
|
||||||
|
Nwio5cSX7faMrlGfaBNY681kVtOiOSFDMvDes8oPEqrqKEDkIiIQwMnh68iCTXzX
|
||||||
|
jRj+dpCLLfrHdo1+oB1JI151eB3ofUPbvTSdz/pASJ9gkFJBgGCl89atxZ7BDNQZ
|
||||||
|
oCbk0NxorDG4RBA2mliITnctqAe8ZcpBrOJoGO8oJ6u4fH2SNNuoc5A+7tMEHCqb
|
||||||
|
2E06TYmUASROR87g0yZdtffK6+ZlLZzzNI4riTUGaGUu3wXDh1ZbXB1CwF5LJ67d
|
||||||
|
4P3gJApHJ+ZDrJGnWr/4Tx0NlvPJgJ9bKNT6F45ZZcQzq6bt+RUh6RC1Axvdns7S
|
||||||
|
XgE7EN6IttIGME/AAeNdGh6O/1XnE2CEiqwqTePb9kgwIufoJWLarnz19qcbnMp6
|
||||||
|
mfHNrJlF5FSVuipVtgCYgfWDos7ft1qDqvgRSD1awmdFIk/2ct3wjXKxyB52Vxg=
|
||||||
|
=5zOY
|
||||||
|
-----END PGP MESSAGE-----
|
||||||
|
fp: F155144FC925A1BEA1F8A2C59A2A4CD59BFDC5EC
|
||||||
|
- created_at: "2024-05-26T00:53:53Z"
|
||||||
|
enc: |-
|
||||||
|
-----BEGIN PGP MESSAGE-----
|
||||||
|
|
||||||
|
hQIMAz5uSgHG2iMJAQ//cBAsMfpoC02vbVtRPf02VS4NIVu2lM1JdB/IcPo0BHSF
|
||||||
|
PHNaVh3bl2a3cqbfMvNG9nquFVpDgtAXcSaIvozlsWgMuBIukfYKgeoFNh4fhyy1
|
||||||
|
Wgcl26wZj15Tpu4rYHK27CmXBHVusQUyTZVx2CUZwoSdtI2zveWqs7+Qvfhdjb6r
|
||||||
|
Yt1bDr+Zkrd+AxUuU5Njlp2eGOcuxINGLln2lh8jrdSytOzKll+G/nI8yBdk1Vql
|
||||||
|
P7iTQ4hHlCzs6HBsgeA7mpkJMP/h0Ts18DQ9sOYCi1SB8JR1eOqZWUu/1nSAk/hV
|
||||||
|
ntHk3+FnOta4wx7VqYNjRi2JROpvi935JBu0UqwGkVVMdqQNB33/qnJdzcdcfoa1
|
||||||
|
3o5UtsQNuFZW/SgJ3uiPYshIZZGujH3j05aKZV2yULyBRfP7j4KrIq+3dQLlW4J6
|
||||||
|
TihPL1Y3aqVvlU0rGOjjKeBL/nTEbEQtbkyCcIrW6WjdWvUYtTeIGnBJt+ExkyH2
|
||||||
|
cmuoch5XjiwMrXDnIFzOqeKbLsIZIAatFOzP0jsy66w2VAeNY9AyXCJI4cTqE6py
|
||||||
|
RVc1QK6+ynhrQ/zJ5XKJD4ATequVJidshC8ci900KBW/1R3XLm7zGQtw3gj5QQ6M
|
||||||
|
lMfA3bPS3H/DzFHq9NWbQ7Lfkm8N5W8ZSQwBKum9o1uWJC/79lFkyfgf4JqDjDzS
|
||||||
|
XgFfOjk/KKVSrS7P/3V6YHfQscFuq+Tiepr3LCNt8o+0IbNJbsr1Zg+sutuMFhrq
|
||||||
|
2lblr+MKkvUpYBhUYYen/PULpr8c6QZYiVX14xJQqFzYk4U/4WoFZm/8dXuAQ8s=
|
||||||
|
=z9Gs
|
||||||
|
-----END PGP MESSAGE-----
|
||||||
|
fp: 18DFCE01456DAB52EA38A6584EDC64F35FA1D6A5
|
||||||
|
- created_at: "2024-05-26T00:53:53Z"
|
||||||
|
enc: |-
|
||||||
|
-----BEGIN PGP MESSAGE-----
|
||||||
|
|
||||||
|
hQIMAw5vwmoEJHQ1AQ/+JcEj7POTdpKoqBO0W8sxpvNafGlxWBmGF9nVMKsCe6r0
|
||||||
|
+z2iyj0TF2ffRe822djXoG0Kod4Gf1Ihg+u/EKGgoL41CRt3DhszervSesm/pHJU
|
||||||
|
9+IMJYj7Wz64GekkIVkYgcLkJr7AeIYM47W9kr5XGWCI4ogQLHJEVgrwFMWVsynV
|
||||||
|
meIBjn8ntS1aI9xZQC0EePlBekD6zvwQHOyEkar1MD4NaMqLKf+9x7IAErY0msXz
|
||||||
|
czBfBVZY74q0Aq27YqfUcl2QkksxfLsti3WrB4Nb2YIqzGJ6bED9TsqRhy9CQRBf
|
||||||
|
TSN+jh9Snit8NgLMAD2eyBgGUcQbwvyW2OHEYWpDXqsMbGmXQ21wygBAN0vfSCyx
|
||||||
|
v9m2+DSJ0jG9icBj31JqZcztI5fRsaForxIRmuT6EwGHc0YfuJwk8LWW1YOTRhYq
|
||||||
|
KbOMzGZnB1aNI9i7jVYHgraU1vB6u6R3hU2hOJq0zzqP7w/XuSitzb4+EzwuFkw8
|
||||||
|
zVRNJ406ZYJvMhZp8NQ878WkJRqsV3C++LevnLkHLNfMOfDcD+nltmctVXf99Fc6
|
||||||
|
ebc7FQj6jOsUlbNQMxnqOZ/6fV9WesjPgCsUMJFxC7/5/5th8CU5VJHYOwwMUEMS
|
||||||
|
+zbwM41MxUeknII7dc22MHUXxMocVkhlmGPYNc+jRv85nuDwbYqMa9Ht4JychK7S
|
||||||
|
XgEZyWSvHupNW3XMwspeyYZMS3pSDO+2YExopgpP6c9Uq1TgvkHo2L66SXj/E4EA
|
||||||
|
RaUR/bY7EoEdNTrqWlHpuLyRihgqHLHzlRsdJZYBinaIfwmKzvINRiQbGjqhKLs=
|
||||||
|
=mbJg
|
||||||
|
-----END PGP MESSAGE-----
|
||||||
|
fp: 87AB00D45D37C9E9167B5A5A333448678B60E505
|
||||||
|
- created_at: "2024-05-26T00:53:53Z"
|
||||||
|
enc: |-
|
||||||
|
-----BEGIN PGP MESSAGE-----
|
||||||
|
|
||||||
|
hQIMA4HMJd/cQYrVAQ//Vo1ZEeqpfN2gJUEKHZs6L3dXmRSd5RedwTxivQSDUZaw
|
||||||
|
CS5CQgBHd6H8ly5Phc2+QrXSjn6sJubDPaCAVmWKOf4WTMOATgdbp7eNEKlX06iT
|
||||||
|
igr5UuptY04tM6AauuXNLatD9F/2p545VkLUYVNQriVMgXjrSd2MWo7/J3P7G7lA
|
||||||
|
xupGHMQ/L3gwU2A50sJUtAc1/SW6h9RMNwHjx6FVRvQtdWUdAoRYCT+r2fICKs1m
|
||||||
|
MKYOUzOA4CW3uURM2NZEFrVdmES0izv0vNAQqx0lVxAL/qhqwsGqTAZkXryef39J
|
||||||
|
WkIpqwQWWutvwmpVu07yBllfWU5XzoxaH+ye64p7+3SyrRwdrZc7IVW8NM9NSAru
|
||||||
|
+2lio54b/dp1Sh7GGV2Y3hNMmGuPOym/PEOLVG99mkfZaPDG+Ui6enV1Ol+dFRaJ
|
||||||
|
9VqSa1zIo5N1QdW4iy/Rke7oMlTINcJDCA/KgYeLXK5IRz/iv6q1QyzhR+dNH/pu
|
||||||
|
JzxDSru/ZSTP+oMXZ1AgGf9UDUy258A7oDRt/ECN2c3oggj+Oh/HfnPXfD+9Mlzq
|
||||||
|
c/FGIRDQE7lLQoHqBaEgp9pejepAAocCci3UMgAO3ZTgIlXwJyE7fWZKrbATIqEX
|
||||||
|
GYr/tLNIyb1df4Cg2Pp+kS0i5+KnPqcbPkN+IhJq1BA3qG0rzFJiQtIR5Yn7BxXS
|
||||||
|
XgEVc+mwjUlUnQuVxFzfyZSlVh8tipwLZck6aG3IrLn/9WSHMY22GDOprsy3bMta
|
||||||
|
OOy9KLyPgZIdPr1v4BmX77x+2Z5EeijAEswFgfPvSPEuWKSiqkXvaVDy9w+U8kM=
|
||||||
|
=0phM
|
||||||
|
-----END PGP MESSAGE-----
|
||||||
|
fp: 91213ABAA73B0B73D3C02B5B4E5F372D17BBE67C
|
||||||
|
- created_at: "2024-05-26T00:53:53Z"
|
||||||
|
enc: |-
|
||||||
|
-----BEGIN PGP MESSAGE-----
|
||||||
|
|
||||||
|
hQIMAxjNhCKPP69fARAAleXLoRXh1RP5u4Hk4zsVpSbbhKKW8dypXDBVMa4trCi/
|
||||||
|
Xq5Z7XM/Nip1iBCUHoLRaJdi2MlM2aDfVFo+PEx4JagpjxFjzqW21WUa5vqct9Fy
|
||||||
|
UVgdsssSVq8hNrMvlxDJwYVYfyQIOUqKyzDMbXOGh6AaOHaZsNsWtOBDJRqHMSXy
|
||||||
|
ULXMH9xxHmheDDV/ZnlOl4fOBJT+qC/F02Yo92Q7rMHWMcNs5NITGN3DDYrQqs6i
|
||||||
|
uHopbwuTpRMggnHldaMM2l2n4eCBiKxxz0dGit7FlpFL0kgsZROGBkQUyAZdkkwQ
|
||||||
|
LKnaqgodCv9t/6VZNATp8+iJP7ji5IvXeW6WQOztb8+h8JV3j8pHdadNzgXxH4av
|
||||||
|
LVnqAABQMhay9jEGlPzgQFT7zDbaAiUd3bSLz1i02Dyi/FYCIylHFEmBErr5RBsn
|
||||||
|
lqbG/vAxJPKOkiDL31nkjugd09UeFYNp2WqO1DpeoYQoMltFD26TvUnbOAQo+v/y
|
||||||
|
xxl7hhCTzbd6kF1VxSCNtv0LhDdirq0+eiFN89E+5ijLjhmpg23S2E90etuRgjuF
|
||||||
|
b050aoEJyXosRqgXVl0qkOEnXgQDbAXrEobbbRixrIQRHmNN1NjRCudzJjxs+p39
|
||||||
|
tucfUPZJO5np8ITgE7XCt82IYxW7b3HO2kejJAluIfUxOkdBgORKuc79vEaP+rrS
|
||||||
|
XgGAqi7CdzN/lfoLononCBOhce9XgdgpbpQRohO+jLp+abqmbnEzI1ZnzxpWXo8Z
|
||||||
|
taWKvUIySWbN8bWhmiIky9TyUXEfRVKe9I0MUC3Q94NAnlnj+dNXXr3mS/AxNcQ=
|
||||||
|
=ZYXj
|
||||||
|
-----END PGP MESSAGE-----
|
||||||
|
fp: F38C9D4228FC6F674E322D9C3326D914EB9B8F55
|
||||||
|
- created_at: "2024-05-26T00:53:53Z"
|
||||||
|
enc: |-
|
||||||
|
-----BEGIN PGP MESSAGE-----
|
||||||
|
|
||||||
|
hQIMA1Hthzn+T1OoARAAsBC/uAbTVpBWv3dmzvVglih0Zlnumbz6wcDbeDTVP3r+
|
||||||
|
XiUyiDFE/Hdnm5J0be2jSj7s5RIXj8Gb5BkXPoytAkGF6NMtHjZJLmeo7NciQ6Bo
|
||||||
|
wDf5IXCmv/PbyuydqkHJEztsSMWoCQbGQo+dMeWoAY+WKt+dQGyGmoB8BbeUjuH+
|
||||||
|
lgKlUk3W1INTV74Qz6avuEQpwc+6hvb1w3Vb5kdzgRjplLUB4w45wP+79HE8Ub3V
|
||||||
|
7PhhEQMza/CIyYqHEGQ8fKzd+tuX/naYXnbfTCu64eyKCz2fQZOMdqKNA49aMWGC
|
||||||
|
vo8K38Nd8haQ+tcJvT9Vuis3n5X0Qdzpk/8u+M2XM4UQLHSaKSQRnJLpslumLJGK
|
||||||
|
fI2ErQJoD/TR+vvwrKXmCOEeiFjs0GC8zQEVP6Qa1JE7Fr8iKIEtYYXmGK0Q5Sku
|
||||||
|
5eUkrzJC9Lh4rBvGXLX1PZefBVxnnlBMNk0Cae7vGnKKKuARE4aYgRkIhzIp0GuG
|
||||||
|
pdwSir1iTVMKtfrkpJ7BqPANKxApbLzYHBi9rFWJboA7HAXe/E73HD4Ov0tIs1La
|
||||||
|
9rwRiJ0LYUixsngf6YvtGuj0ZiuTe0t+VhYzg9sYOcBWW8z/AAuZ3FQoBWLdOFPA
|
||||||
|
GBVI2KV+vr5h4dy7+yCqPxpqhkKe5ObCdwksBrl9tiaPVoQuN6Zv63kLlCtkP7jS
|
||||||
|
XgFYwBL4tKcCPfG+9J61T3LqItNLmzrT56LMN6LIz3pvRtASRbSRRnqKuuPgAL9g
|
||||||
|
IeFHe8lblLErRwKz+iNre6wwQCEfwbVf5NPF+rLh3nfEIZzCf/CF3qrxBpdYzwQ=
|
||||||
|
=P+bx
|
||||||
|
-----END PGP MESSAGE-----
|
||||||
|
fp: 5DA93D5C9D7320E1BD3522C79C78172B3551C9FD
|
||||||
|
- created_at: "2024-05-26T00:53:53Z"
|
||||||
|
enc: |-
|
||||||
|
-----BEGIN PGP MESSAGE-----
|
||||||
|
|
||||||
|
hQIMA46L6MuPqfJqARAAtl2tC6rlB5O8+4t+b7ZEo4GU578OHN06nJKxxFQHG5zn
|
||||||
|
mkcANcm5gVDSRAOecM2FyZe4ns18rH4OCvp+uegEQyMVN/XNUEj4/+bGzgXX0NZf
|
||||||
|
AazE5s2+0i2NETv9bhPjJB0RR+U47PEgx9vKf4EnvL9MAfWyPbGwzR6HdXXDEE/I
|
||||||
|
c3GNaIOY7YWBgXEuX5LnZbON5hQhbFADY/BRhP1S0d7Wzff6sYgtJhbtaTQFSX2p
|
||||||
|
j2+pTA3D+tI2h9VvKnZw3n1t8Jc9apP81KNFCURpNpdR8Jh8KQ0aSEcYWTusjah9
|
||||||
|
QOX8RmsnFnvWKTN+gU6tffcSbu/r76gmXyUCF47mWvn89ETVA8azp/66zfLTTTvO
|
||||||
|
CmFVx8+2X1TK04SIKa+MQcpAuS5cTHH6bw7N8u1YfX6O8mbHX/ZH7NJi/Bhxmube
|
||||||
|
Cau4DtdZ8mX4yz0EjUF62skJoaYYUl3UBrkGXl5A4NXK75ZHlBHT9Cn4YQYIPP1b
|
||||||
|
5MAnTsy6UtsGVBZPf6O/kvkA2gAQNjtOjQ2nB1FF6fjqEFFopzmLnAgGvW7lWkeo
|
||||||
|
lTbrylmv6SrrvX/0wN5Dsayni2iRb7pisEAFs7JAythm463PDrzaRmLoPBNBmJz9
|
||||||
|
l88QlYWDQaet4QbJ1AnEaOu5K03coEy6CTzJYqgkTWdLuFC4tUyKsD3P/1EANonS
|
||||||
|
XgG1y8ifC6F27sgwQribg28RPRvwoiRSGszAXCAeIwo834NQLIvswid5C4VCvPje
|
||||||
|
XG4X8m9pipP+BoXF8UuX7naRFnIGfXBOVH9N+1+SoTeZtXRX4GIWUGcRtk4nrJQ=
|
||||||
|
=FQZ1
|
||||||
|
-----END PGP MESSAGE-----
|
||||||
|
fp: 8996B62CBD159DCADD3B6DC08BB33A8ABCF7BC4A
|
||||||
|
- created_at: "2024-05-26T00:53:53Z"
|
||||||
|
enc: |-
|
||||||
|
-----BEGIN PGP MESSAGE-----
|
||||||
|
|
||||||
|
hQIMA4EEKdYEzV0pAQ/+MLPIERHeZTiyNPEUc6YnWYcfW3Zgnsnc7EzfFn7NJla7
|
||||||
|
HpD82Y14w1gpQrUiPu7wdjzh7xeOQ3fnk2819g4wEXU32M5rCUay9XUWqWFnzpMZ
|
||||||
|
/Gy0tdwE9TgwrSQ6GDNd6JO93hLNByq1QqhsIkKEL640Wv6doLVfQW07O59hDrPd
|
||||||
|
AQ3UxWnohbNbD333yXa3kjfYcNugjtERM2wZ6qqZoXp58SG2RE0A2wMV77H0jOQj
|
||||||
|
Rx0arENCNBS5XZlIJW6v+I1Ak1wYnW5vAlVRMcUXo8vJNu93WaZ906EnmVCQ0cYn
|
||||||
|
LeNVH2ajcuOud/uiVntwdYKMr85rMBl9eOlsPP3dHqbhsrXn/+Oqagh7YUwEvJ8g
|
||||||
|
LK1krKc4Jlj9a5J6dPl0lCsEAv6vGaVCICJkNnd0JikTViu7DhajImfGrSLrA6y+
|
||||||
|
81hx/TTKqisAL1xBwOOu+LbwlhFZrkrTQaKnueswKzwrS3utxSX7OIepui7Ib7JK
|
||||||
|
h5R5VDq1bTCbRvo/rRpCaOt1KI6g4ZX+o5TI/60TUcGvzLRRAv7jZZ05PKhcfRuJ
|
||||||
|
4ZrKoRu2qKVxA6+kcOfy4Gi5MgkI4Keue4tgJsYJ+LCP8tV7+Jntxf4XXVMLoFCH
|
||||||
|
jQDe3vIHOxNKqlPUEnLlVmv+g3K9Y7N5uBLuk3xkVYrxWRhBmY6e0WtTVEF/lWjS
|
||||||
|
XgFWqfLHx/JAJgIU2tiO9oLkJWcdHuXAHNYDvTKP+a8WLcJDZdS8X1feqOpWYbaH
|
||||||
|
zVbYkg4MGJqO7K9f3jlCtyszh3Kpu5CFbfXA0MZ3M2eRoJTv91iWViIWY7UP3VI=
|
||||||
|
=vsm4
|
||||||
|
-----END PGP MESSAGE-----
|
||||||
|
fp: 9DFA033E3DAEBAD7FDD71B056C7AAA54BE05F7BA
|
||||||
|
- created_at: "2024-05-26T00:53:53Z"
|
||||||
|
enc: |-
|
||||||
|
-----BEGIN PGP MESSAGE-----
|
||||||
|
|
||||||
|
hF4DQrf1tCqiJxoSAQdANu3CeUuv/SDkBQG+aROPeiWBauWaQBDUm6UdXAhEBXUw
|
||||||
|
Tuj49QiBBCQ440R3SBkHOzOOUUTMPkWo/wESnJm+EPla800tb9B8rOvUj7PnkbiY
|
||||||
|
0l4Boe0q5XPHSysz9eIQ7zRwSKoClgd+zi/GOtcsvxkLWlISoBzAVOVEvk55OeKb
|
||||||
|
7J70fuIMl5rZPPFBzbF9gjnCHxAtfSyze5774nPfFI/zoQo3WaDfL/9viRhP7Eqb
|
||||||
|
=i8o+
|
||||||
|
-----END PGP MESSAGE-----
|
||||||
|
fp: B71138A6A8964A3C3B8899857B4F70C356765BAB
|
||||||
|
- created_at: "2024-05-26T00:53:53Z"
|
||||||
|
enc: |-
|
||||||
|
-----BEGIN PGP MESSAGE-----
|
||||||
|
|
||||||
|
hQIMAzdAjw8ldn6CAQ/+N5yVnEm3ejyw10aDPkLjJoUIoxZl0Nof6pGZxdWYgiF5
|
||||||
|
VrEsLv9vYQD8Wp7/nXuI2HW7OoA+vTG9KBZt2Tw9R0iPIMXpEf0fewPSBZ2n10lk
|
||||||
|
KJPvkMP4w2OV1AfGT+PrRPLaX8/2E4p6dE8BPviWEh9HptYKodhs9lRlcq2C3Kjh
|
||||||
|
sE88eJOSA+fQpASVZLNHKYn1UrXXENRTHE4tw3+OIpE2KSxHvIv7sI8LuXZb8Jxy
|
||||||
|
OpmUP+v9fmhsPJYIlP7SAvITMgZdMHceH7SDgOZn0kVU0inr7MJ+FCcNQkQOl7aP
|
||||||
|
jMp2B7qSXOdC2NHUmdYvzeUx6B8O9Bn19VM5LGte9n1RBnknw6TQfQO+fkQTjUyl
|
||||||
|
3FhVqQAxrutOBjud5xn7H0Grj+7oqRI51LLUjLQdOzpEi4hul9Of3FfGnKxjOxUf
|
||||||
|
yVBHqZzFco5rcN2fzMgWytjuSED0AE8UPS/tcd01oXXEsTj4YBSKWox0gZuyn9B1
|
||||||
|
mspU7vr9I39igceGVE6LJQ4EBnpR8xC7v5CDFpEbCr1qt4VlaH4nUgfN2tEGtOGW
|
||||||
|
2mmrX2nGC1r1VRm0K+ACRW4htDsOsBzSxQttVJ/5IWkP5fqegcwIajjo18VXz8IH
|
||||||
|
BtZdJKzXuhQLG0B+sXndOAgACWkVQw4F2hD5CYRpiFtungAqUbtSDbeb43x7ICjS
|
||||||
|
XgFrmwLxkGfZYKOPehbp8L9glbHpfHYE4CopRHPtUkhLTNWTqzEyE7YQYYVu9Cui
|
||||||
|
E9Q3v2/+2swn6nKOQtB1Adu8ItCqu8Om+d3IJQvKVS24k4+fKPWa7/ccmkXz7OU=
|
||||||
|
=w7hs
|
||||||
|
-----END PGP MESSAGE-----
|
||||||
|
fp: 3D70F61E07F64EC4E4EF417BEFCD9D20F58784EF
|
||||||
|
unencrypted_suffix: _unencrypted
|
||||||
|
version: 3.8.1
|
7
config/hosts/matrix/sops.nix
Normal file
7
config/hosts/matrix/sops.nix
Normal file
|
@ -0,0 +1,7 @@
|
||||||
|
{ ... }:
|
||||||
|
|
||||||
|
{
|
||||||
|
sops = {
|
||||||
|
defaultSopsFile = ./secrets.yaml;
|
||||||
|
};
|
||||||
|
}
|
9
config/hosts/mjolnir/configuration.nix
Normal file
9
config/hosts/mjolnir/configuration.nix
Normal file
|
@ -0,0 +1,9 @@
|
||||||
|
{ ... }:
|
||||||
|
|
||||||
|
{
|
||||||
|
networking = {
|
||||||
|
hostName = "mjolnir";
|
||||||
|
};
|
||||||
|
|
||||||
|
system.stateVersion = "24.05";
|
||||||
|
}
|
10
config/hosts/mjolnir/default.nix
Normal file
10
config/hosts/mjolnir/default.nix
Normal file
|
@ -0,0 +1,10 @@
|
||||||
|
{ ... }:
|
||||||
|
|
||||||
|
{
|
||||||
|
imports = [
|
||||||
|
./configuration.nix
|
||||||
|
./mjolnir.nix
|
||||||
|
./networking.nix
|
||||||
|
./sops.nix
|
||||||
|
];
|
||||||
|
}
|
36
config/hosts/mjolnir/mjolnir.nix
Normal file
36
config/hosts/mjolnir/mjolnir.nix
Normal file
|
@ -0,0 +1,36 @@
|
||||||
|
# Sources for this configuration:
|
||||||
|
# - https://github.com/matrix-org/mjolnir/blob/main/docs/setup.md
|
||||||
|
# - https://github.com/matrix-org/mjolnir/blob/main/config/default.yaml
|
||||||
|
|
||||||
|
{ ... }:
|
||||||
|
|
||||||
|
{
|
||||||
|
# Allow deprecated, apparently somewhat insecure libolm to be able to update
|
||||||
|
# the moderation bot.
|
||||||
|
# The security issues aren't real world exploitable apparently:
|
||||||
|
# https://matrix.org/blog/2024/08/libolm-deprecation/
|
||||||
|
nixpkgs.config.permittedInsecurePackages = [ "olm-3.2.16" ];
|
||||||
|
services.mjolnir = {
|
||||||
|
enable = true;
|
||||||
|
homeserverUrl = "https://matrix.hamburg.ccc.de";
|
||||||
|
managementRoom = "#moderation-management:hamburg.ccc.de";
|
||||||
|
settings = {
|
||||||
|
verboseLogging = false;
|
||||||
|
};
|
||||||
|
pantalaimon = {
|
||||||
|
enable = true;
|
||||||
|
username = "moderation";
|
||||||
|
passwordFile = "/run/secrets/matrix_moderation_user_password";
|
||||||
|
options = {
|
||||||
|
ssl = true;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
sops.secrets."matrix_moderation_user_password" = {
|
||||||
|
mode = "0440";
|
||||||
|
owner = "mjolnir";
|
||||||
|
group = "mjolnir";
|
||||||
|
restartUnits = [ "mjolnir.service" ];
|
||||||
|
};
|
||||||
|
}
|
22
config/hosts/mjolnir/networking.nix
Normal file
22
config/hosts/mjolnir/networking.nix
Normal file
|
@ -0,0 +1,22 @@
|
||||||
|
{ ... }:
|
||||||
|
|
||||||
|
{
|
||||||
|
networking = {
|
||||||
|
interfaces.net0 = {
|
||||||
|
ipv4.addresses = [
|
||||||
|
{
|
||||||
|
address = "172.31.17.161";
|
||||||
|
prefixLength = 25;
|
||||||
|
}
|
||||||
|
];
|
||||||
|
};
|
||||||
|
defaultGateway = "172.31.17.129";
|
||||||
|
nameservers = [ "212.12.50.158" "192.76.134.90" ];
|
||||||
|
search = [ "hamburg.ccc.de" ];
|
||||||
|
};
|
||||||
|
|
||||||
|
systemd.network.links."10-net0" = {
|
||||||
|
matchConfig.MACAddress = "BC:24:11:C9:F8:C5";
|
||||||
|
linkConfig.Name = "net0";
|
||||||
|
};
|
||||||
|
}
|
233
config/hosts/mjolnir/secrets.yaml
Normal file
233
config/hosts/mjolnir/secrets.yaml
Normal file
|
@ -0,0 +1,233 @@
|
||||||
|
matrix_moderation_user_password: ENC[AES256_GCM,data:NXJrbRh0A+NQh6Jy9iVAfYhsGR1BSOSuk1LjmArSiVF6jnuJAP9f750cRP7bu7Ai8xgxTlhjAtv9ck6SqlJ6Vw==,iv:IN/siIPCFKE+Nfl/aogYRYAHVgEGhMtTbmEZKZWQYgM=,tag:xxlnl5GU+uusSeh1OvoU1g==,type:str]
|
||||||
|
sops:
|
||||||
|
kms: []
|
||||||
|
gcp_kms: []
|
||||||
|
azure_kv: []
|
||||||
|
hc_vault: []
|
||||||
|
age:
|
||||||
|
- recipient: age1ej52kwuj8xraxdq685eejj4dmxpfmpgt4d8jka98rtpal6xcueqq9a6wae
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBZTEhUMThoY3Nuc253NnBX
|
||||||
|
ZkplNmRzOGZFNWlQNDVpL08yRk5VTHZDUkZNCnIxMUJoUHJBYlJpbUViMW9GUmhR
|
||||||
|
V1F6SWh2NjRGWk9RWjMycGZYZXFZbkkKLS0tIE5MNk0xekwxY0NYYm9mc1ZGZFlH
|
||||||
|
NDN2dUpuQWFFMTZQRzFIS0ZieTRzQm8KUDRpPJwcWwePKMp6KQMnQLhqqyvuhgQh
|
||||||
|
rXpKW5fjxyT0Sh2u3FM2ET/9U0TUfpBVYBJojAJBFs1ntI8kFmqSYg==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
lastmodified: "2024-06-20T20:02:16Z"
|
||||||
|
mac: ENC[AES256_GCM,data:5BhSo3YpF3QNqgGnx6YnymaEQB6pchMhokaJqk4rHg22xhbUAzOhWg4BQepT7vrCQlfOZIq4o//dGO+NQxqliiyyywrSYm3CBWD4xfZ9cdfinHC7Pc9lj6Dd4uPNxRjgTRNFuMyC+ATIABI2mHKpg+T2bxSalroIlvNr4vXWZo4=,iv:yPHJZ5PvI5zJlQIMRdbJ6eKGe1xN+teKF5GluD2pyK8=,tag:s4hO9RCdkHDsQ1W+KfXq7A==,type:str]
|
||||||
|
pgp:
|
||||||
|
- created_at: "2024-06-20T20:01:32Z"
|
||||||
|
enc: |-
|
||||||
|
-----BEGIN PGP MESSAGE-----
|
||||||
|
|
||||||
|
hQIMAxK/JaB2/SdtAQ//Y/GVthqtuK7bY8Ne5CNfn/CD1RUTdX1+KwX1zy3YsgUC
|
||||||
|
CGxhoFFy1UoXR3QB4Hxnk8R/vaFVHezCWKWY45MAuPtwM1VGwjVsuknrJnSs8k7/
|
||||||
|
jrzVO9xXgTd26H6DLmPVfH1hKB0/lh84hwVgF5rlPS/P7l92LL0hDIIwZz3dB0kU
|
||||||
|
d6jLa1Fajqd4MSdLWbZRBPcioC5v1Ip/SXYAJp7IGLDgXm5MN+MnAdybAFsl1K5p
|
||||||
|
dCUmGqK5IjyPVP564TqL0ZEIXMxSSwex47in3cTYPaOO0L8P3kbKDNWxZQLaqZkn
|
||||||
|
4RZC4/aBqlfD2STxMez/ksi6kCcPuC7UPRzuq4oH3kOcJHxwIN8Df+DZYA4PJKsl
|
||||||
|
T9QDL1EylHBhsPIZCoxpmnGl3j+hVmONj2V1awlCaOagbgDlClEUEMyw7QCVVbtK
|
||||||
|
CW4DOgVnnTxcUaLHep8BgHxKkYjIDIbDMmg315h2ekT86gGgZavL8IiFTWSLzSrK
|
||||||
|
XChIjUdjpKZhanmSWpj4w8ZpdGOOjernL2EBWtSC23AibBZmQe9OB/QzMpLTdCvV
|
||||||
|
9t9mMoSayP61oJylBtOKhDnEW0Xib0U7tqzwpaow2V+CU2dr27qie1jh5GqMaoJR
|
||||||
|
qpu1KT3Z9eqpF3Dl8aI3dEovbmvDMVXErU3pmFu2zRJtm6TOXp4NNOYWCetUfxPU
|
||||||
|
aAEJAhCFerTI/ow/LWkCQ78cCMFjgKrYabA3lHu11Mr/PiHirwJ/vCmsUMiOhdRw
|
||||||
|
49lsyqJlO3IA79yW4exG5tYXvPgeJMTdz36fseUEKsewfrPEqMUa2T4onet2+GN6
|
||||||
|
GALPdepytjg+
|
||||||
|
=v+qv
|
||||||
|
-----END PGP MESSAGE-----
|
||||||
|
fp: EF643F59E008414882232C78FFA8331EEB7D6B70
|
||||||
|
- created_at: "2024-06-20T20:01:32Z"
|
||||||
|
enc: |-
|
||||||
|
-----BEGIN PGP MESSAGE-----
|
||||||
|
|
||||||
|
hQILA6EyPtWBEI+2AQ/2L7fbbhBH3BfgD7IbgtVn+nEhNJw5tWR2+0z1k72TIr9j
|
||||||
|
rPAvV6NQY8oVV2+uNLa4fMl+ueqYTFd3/E4IsRXkmexjx+vos27LjDNSu6w0OPJU
|
||||||
|
BSq5TFqZWYIPiWaivQz4+rt+vbxvpv4Lh3FAXlV9YubprJ4GRrlwyheve/l3F0BN
|
||||||
|
3vCDLsfXijZjxaptb9nf7WiT9vvWrY0sD4g71ARZdWi7Lb+TgCxzbQMue+4VC0Zu
|
||||||
|
y/AWIymVo13BD+apoYltVYYvkn7yz3REzsx3NN4bkJyoCAevr6UeO2fGvlT7b7eG
|
||||||
|
F7CN/TusFlOqWV9M0VbiOGLfL7Q9tGAG3xDAyFh+yMQNadp0M3m9UiYUlHps5DRT
|
||||||
|
CVsIPnPUr3V/oycRm3s+UeVyBg3rpdzWyNtETOjNY/AqVmRQ0toqZOm//ZOg609U
|
||||||
|
6+EX1Oc/GosfNoHWJuFmfKJRhPpy2gXZX2rQuLWaVJUXzzKM5sbLnycCV03S24PU
|
||||||
|
Fi7Z5lIu334QTLG8PV6agO5UprZb946qPmW+b/QnUol23XXcgh1GIgMV+lEK8+83
|
||||||
|
UPT0aUkdtOTaKbWUg5xokx+0Ni9syJ4Nl7naQq57qOGiecMnBbeE3TYxaNOcjTBh
|
||||||
|
CY0/hdcrZYH6VPeDye4yghSDF9WCaNUvzZNePGzdqKK3F9O/NmBSiYd/cToyDdJe
|
||||||
|
AZMZCKxSw0/HyBqTRd3wC/VhC9uO2I4HWE3LuqBPUXYFWc4W1buJs+P8pFjqT5rZ
|
||||||
|
puHPH8IxIeIiVNO5SFhdL8ecSu/nawakvih65aMGSa102e6B2HfP6tD4SmarmA==
|
||||||
|
=tr5G
|
||||||
|
-----END PGP MESSAGE-----
|
||||||
|
fp: F155144FC925A1BEA1F8A2C59A2A4CD59BFDC5EC
|
||||||
|
- created_at: "2024-06-20T20:01:32Z"
|
||||||
|
enc: |-
|
||||||
|
-----BEGIN PGP MESSAGE-----
|
||||||
|
|
||||||
|
hQIMAz5uSgHG2iMJARAA02rGmKxyQkvxoXM1i2dLOiH6Gw/pUcdDxYSwKfdkNU3X
|
||||||
|
zc0He4FNG8CAURVq5jARD066VecamkBmlr+rwFJlaeqDPEiITfkz7DEGO8pPxKG0
|
||||||
|
GBnFVA9r/+OU351yLjHYB+72jvw1ey0PPHvKg6/sKjovssYvQLipUcktH33kPqVQ
|
||||||
|
yJzuQWFMWA7Jn/wTa/TP/53o0e//Kw9df69J3BSmnw9F6rKHGsIXLBmyR9HpQsLR
|
||||||
|
KAuClMzjPqHszCICND7vUDEzUvCcOVyizZAcRzWfDi/llwKGUanvEGUVXvyDXw/E
|
||||||
|
Q/FyR+VJXCzRlhsFTTuavjy6nhDsRf/N8N0Vsd9euDXOPQ4wuPAgpvdi58CPBmzP
|
||||||
|
8jU3xpFSXStYBIMt5u7t+UJT4IwdbjnClyIrSuyaV/7N5UQdYTv0fBy1mRrYLBAj
|
||||||
|
VhlRDa1y79n22Kg8mvDqJ16rC3VypkkQ6DaPvyDwlrG8iRLG/xi3Zz8HHnXxAGAm
|
||||||
|
SzliIolwEDHJZHI9ZE3YzpFJkB6UyOpXS1zMsDycupFvQ4jd2fQ0C7w5OaJHCkeQ
|
||||||
|
3zTKgtufjJGo7R2Nf0bTWTfi85GU3jpMsOHCEcChgBVXcO32ZZ/zzmqtXa/u3m5v
|
||||||
|
sjUstyBXEmG9eyIaiEtRAMAblwRsJPMszLaCUuBpzQw+mm9uTCsIaf5Xdud7GFzS
|
||||||
|
XgH+whlmbv/UeUC7bo65uxrG8SgTVAaPZpcQ2dP3rXYs45zYmYGKJaZuW+Hrl+nZ
|
||||||
|
pd6zT6rb6R8TMmXkNA1TjhvZ/A+ONlza1fH0dmsh7U9oqINXNFJU7Qm2r7imFvg=
|
||||||
|
=ZIDr
|
||||||
|
-----END PGP MESSAGE-----
|
||||||
|
fp: 18DFCE01456DAB52EA38A6584EDC64F35FA1D6A5
|
||||||
|
- created_at: "2024-06-20T20:01:32Z"
|
||||||
|
enc: |-
|
||||||
|
-----BEGIN PGP MESSAGE-----
|
||||||
|
|
||||||
|
hQIMAw5vwmoEJHQ1AQ//f51KkC9oViW/0EA0TLdWgXa76ZXMeu4b3UhWaQvYDT9+
|
||||||
|
8wuWE+slGEWsRnFZ+pgWZoV3HIv2p+xisX2lmBvepOufaRh6cyNpQaZNl0kFtpBo
|
||||||
|
ShQ66SmkorunYyM+OIh3ceI4PC7ca4KsRKB8nWkA935NWssFN9zMlkVW6GjqzTft
|
||||||
|
2JVJFL8GRlhIRMhJwSzp8zZ3XiYD0sB/2y+ffCMAOSCnDVcDjANyiSds6MPxfPy0
|
||||||
|
/kaNTXuUI7H50tHQP6vzJ3q1mRpAhUTIxubnmBTdvAQz/kaD0qPt55z+Q0xSXsLa
|
||||||
|
yfb+Zd2g/2o+IFiCrwqcki5yX49Ol89l69JRyIWe1T2VtqBSUVIiiYreX5OnmWPQ
|
||||||
|
OjJ1mAn9tpIlVSHzlaONtmJEmAJ+n55rP0itBMs1CrIBiQleLaCbSWqp6q3RfaJr
|
||||||
|
gpXnfHQpsU7cKEDQeyvxmH8qgrSR9AVh/knyGOJy8LnJQ93aQpr3xr/2MiFPYiKz
|
||||||
|
dcSrxHesrfx2Zl7bNB5OZ7VZTWFSunZQUnOn3F3+7yaaT9ePsvWsyTKBOSGUiA7s
|
||||||
|
VMxT5+P8QM6UOC8KxJj/q1eAVrWvN7vYbCA25+SzbdTtr1RweOVHzNgqZH5/Q2ZY
|
||||||
|
fguwHlCGg5Q7UKYKBk4QJFg6oClDgzBYCFL76K4aymtR7rxKl4sJxWoug84oP6DS
|
||||||
|
XgEZvNS3xsY8Pxm0bAmor93Q08Mii1svnNZ74Eqmbo9GxBjHReIGKDDZ08SaPhbc
|
||||||
|
NJxAP2C2sRUda2R4GvsNYmXHzGYfFTrfe+AXqEV42ZSD9vHDJMCiX9JrY/r4uSM=
|
||||||
|
=+F4l
|
||||||
|
-----END PGP MESSAGE-----
|
||||||
|
fp: 87AB00D45D37C9E9167B5A5A333448678B60E505
|
||||||
|
- created_at: "2024-06-20T20:01:32Z"
|
||||||
|
enc: |-
|
||||||
|
-----BEGIN PGP MESSAGE-----
|
||||||
|
|
||||||
|
hQIMA4HMJd/cQYrVARAAq/cP9y/7kxSXDFOD/xhI/3RjGzIN5dyHlfrmEQWJ8J7z
|
||||||
|
ov0VfBCJp6gFht37dGWuLtWi1qqWRgN+9hiBnkj2zONoph0SRGP9uNfadBSzYSD4
|
||||||
|
wvlOFrWeM9cswnk4i0q8Go+qdCC6U0g1szjirdifF7I9KdqKpOFwXzjnzsPTF42o
|
||||||
|
9oFCP32esOYv++DfTBgrSv8/STublJYABcs+lzjvURqBsFvdz7PBphH66++yxt7v
|
||||||
|
bTTmu8O9WHC8/5QTfUzOBAfgyu4CwF3YLRZd81ERtzO/udNYgGO3bifofCfpv+nY
|
||||||
|
MMyCbGxoiAfBWcAHhka+8nMnBj0as+ln220O99N6zH1rTmqqDxRQkEiYek1MqEU1
|
||||||
|
f319u3KqB6STWmZvjlwQ5AhwSLCLT2VpIJX4CpMClWlLb3E2rpZ+B1uBRMQQ3fMe
|
||||||
|
jSynatL2vXn3rKWzxIEIxA/BkVKQ8zXgOT9JyqyCZdHTvjEmWuQitILi7wKWJb7/
|
||||||
|
qhTGEBoQbjIKP2Bpso286RKhS3erE0wqLeXXFb7e6bkEEHXa/jVHCZk8/qDcAAIB
|
||||||
|
3eIb5SNnLxQwo07JlWdDPzCvqeC4fx5AWxXmHsKWI+91PA0jdNjcEPt2sxwAEQYq
|
||||||
|
LWBW6BL22Hqo/VOBXhM1T5mFKomqySLSrxTYeWXtJLZwh0aHbm6RyGGMjHpCiU3S
|
||||||
|
XgE8EQeKefLHoTixb1Rl/amIvtOUUcTtdqlyat9hhIdMl/7ZMesmNuD1ZsEzdCJd
|
||||||
|
20/DgHzFE7WvZKrjt73GDETUjwLHZSl5fydQMgcNFgzU2mdV6nYNhF18gE/af74=
|
||||||
|
=UA8K
|
||||||
|
-----END PGP MESSAGE-----
|
||||||
|
fp: 91213ABAA73B0B73D3C02B5B4E5F372D17BBE67C
|
||||||
|
- created_at: "2024-06-20T20:01:32Z"
|
||||||
|
enc: |-
|
||||||
|
-----BEGIN PGP MESSAGE-----
|
||||||
|
|
||||||
|
hQIMAxjNhCKPP69fAQ//RVzQX4Ua5XZHTIe7ffYiqMxy/KoJdbCxpgjbdD0sx2ou
|
||||||
|
zCB13t13UkLjLo5GkTE7kRGtyKOdhQ/7NUA7tOZ+rwWOq3NehOTLfU0wMkgT7tOh
|
||||||
|
byWwNHrY9VHz3ndFnya5nNcnrqILA1rEn32PnioNyWcU6832jyUWvtRqwF+JRrKr
|
||||||
|
yRJMvz4T8vmLwrxqarB1uqU0OVHXy8bq8d9/pVrAmk6+C/H5FINFlApD0dKYftd2
|
||||||
|
phoTSA5WG8j1e0v5p4+r9cRHlYXFMinMMkpzD/JMyNB1WVZ9aGQxU7WiuYzuv1bh
|
||||||
|
PKN/LEgfh3ypI8W960NHv/OMRjVs/VxA+G3ml3Lw6acRnaLr++MhF2G7ZBTx8rgi
|
||||||
|
fjyF6m4XtacwIKYZ7SNt9eQewGI8VU30o8np33qb9KeOt7v8PrMH1G3X+bTLnJGw
|
||||||
|
VjxjvaBaePmPplYYS7xaPuUnzFNabDXTE8XCQpdJMy26ef77gaWr6TQwXbRlZXrx
|
||||||
|
S60EecMLwUj+daR0PkVBkCDxXkW8+0uPkt6EEn5rmPdMXoh4DUw+4A14t7yyUU50
|
||||||
|
j3M9tv6DuYs/KhgZYfLe+6hVD7fY4lAs5Ge6QGLA/TljAatE3zpSZQK+b7C4HKJS
|
||||||
|
3eRpcAt6CJFhXaCBwl4+gigrg3voX1ykh62oqY/4ecKbAiiVXLIrcflv9kx2Ht7S
|
||||||
|
XgEDhoIRIvXoOUy6j/qjp/OFxwu5y6MpBX4vHxlpL36daL2yShMkCYyY3ajea4eX
|
||||||
|
9k7B9fpRu3sjbDTNr1heffI+5n/HKc8j9a52hzu5eF0e+v+vKY32uk1jlUhZdj4=
|
||||||
|
=R/pX
|
||||||
|
-----END PGP MESSAGE-----
|
||||||
|
fp: F38C9D4228FC6F674E322D9C3326D914EB9B8F55
|
||||||
|
- created_at: "2024-06-20T20:01:32Z"
|
||||||
|
enc: |-
|
||||||
|
-----BEGIN PGP MESSAGE-----
|
||||||
|
|
||||||
|
hQIMA1Hthzn+T1OoAQ/+OHZshi2zBfbVQ91WKLqei7bT4CZGiPxQsl7aogv8JkyL
|
||||||
|
D8p+VgIReMvq4F5QFaIsA8yqMSnjxfIi5bFd9SKjuhOKvuQjyh1rSsFb0t8ESuYi
|
||||||
|
fHBnVw4tDNfTEGQa9YhNJPTq60TwR4P2xYFEgc//AQqfs9XH0cTbvkFS9dkug092
|
||||||
|
u4yJfB2aZEJa0Eh0AenUYzP13bFH0sJwL1hQop1v9gF44JeKHpRNd0Yixlp0Yucs
|
||||||
|
Ccww+WaNFVQ4+zvyW7MnI8/D27/SQGRXXqQE6sOQlsg5SUzF2vIpYbIeuu1NR5WK
|
||||||
|
v1ZB0DlWVuOshIB7M9WUCZcAS5cMAWKc1vvZ/K0l+6tNskZvGE4p/lv1bmZ5zfc3
|
||||||
|
gT/2L6ENuoKW7RoF071SsG9Xn7VJync+iNTtg0m7Je7HRAZAGGc8vfIkrTXAmoIE
|
||||||
|
QkGuog0R+EZxq9L1WMbppV/bnbBxiutFxwWOGTxzsn+DksVrVLvyI/EbHJvcEwzN
|
||||||
|
hISPFmAiCEKzGAGfaO24F5Xcs+U6AgumS5V5kwY6zA/kZpJEdQm38rcC12ZpXR9C
|
||||||
|
oHGs9ACtgf+g8H3/Ks5DL48FTbYuZADamVA5+pV97B7xCS8TxYChuFNPLwU2s52G
|
||||||
|
liiZV9NevlFlbsXFZS/EWgR8b0aH9Nhjl5TAPOajBOu0Nm/83XEP9nbbbjJjGRHS
|
||||||
|
XgHop/OMkJRuZZ35JQjUS6dIBzSivqplpr51wHbyilxbvOHdvuu6w9kqGY9VhuVt
|
||||||
|
nCszg+IQ0SM8YFuu1M5UPO4txYQTHx8zO5SD/d8kh5HEu9fmTNyJXblRcyAzYZc=
|
||||||
|
=TxDz
|
||||||
|
-----END PGP MESSAGE-----
|
||||||
|
fp: 5DA93D5C9D7320E1BD3522C79C78172B3551C9FD
|
||||||
|
- created_at: "2024-06-20T20:01:32Z"
|
||||||
|
enc: |-
|
||||||
|
-----BEGIN PGP MESSAGE-----
|
||||||
|
|
||||||
|
hQIMA46L6MuPqfJqAQ//co7jg6v5QUB7eHXJPMLxsgtbC/VYp7C7QqXQda5qhohW
|
||||||
|
t0F9lysBybhIGoYuvfZGzNMYqqkVpFxzlOO2vFlcYFsQhjCpJrHBWYT4XOmIBR64
|
||||||
|
6Az/iKqNLS+cG+rFIIuc8BqRk3r4lrM32dCqz0a+3qRkdmbff4yKuzg8FTPlv1RI
|
||||||
|
O9SzRqfptcKDXItnQF+8CAziqcGyy4jL2wnl1Q2I2Pksr+Zw1eZVbFfHmCpG7A5C
|
||||||
|
TVihozz51jeXlggDp9/NPJOQDsmV+KdpvNx2Eqj6PQ6aGWtyYv5YZG3X/eRKW90+
|
||||||
|
qUOJxwpW5KGcROnuvQt1AggcXquOTLHFyJ85M8tpJcl+JYVZsIeNDo+LO8sbrCTA
|
||||||
|
cjp/YSLOms+GullbGAwrJh4TYtwJE9sEKr9OAFUvd+AxVFWj08BqMe1eN5YBbwwB
|
||||||
|
vNurVdvjE8jaTCmZgPPOIP5KXSrsG8bA02YlZ4MnzodYidIhTudJ8VB4NYCtNgOL
|
||||||
|
G/x7h/KA5KYgDWEtr21z2oy0QkGijtrcNa02GpslirjufZ6TPGCbJjAeEsPbYBm7
|
||||||
|
mDXm5+PzZpb1pbcSVNlVG5Ry73JrZxBpYCPGnxLs5yAmWOlNa/xcgDHBU+iXyVg0
|
||||||
|
Wm8pHRAVNfbvL7NB8yeaxSDoTSE7/BsisL6tUHoV+bdlpVsTF26bQZBc/zhxiZrS
|
||||||
|
XgGJ8ChRZbpi2qUzP4nA2jPkYtQ4cquA+ftDx4i+ZqVNtAhVSnTiBZoYu/21+BUB
|
||||||
|
oxDa5m2vD0s0t0fGfmmIvpLZKZIF7NcwnCdNVQve/D3qNNa4T3YnXb8JTGH0PYc=
|
||||||
|
=mu1s
|
||||||
|
-----END PGP MESSAGE-----
|
||||||
|
fp: 8996B62CBD159DCADD3B6DC08BB33A8ABCF7BC4A
|
||||||
|
- created_at: "2024-06-20T20:01:32Z"
|
||||||
|
enc: |-
|
||||||
|
-----BEGIN PGP MESSAGE-----
|
||||||
|
|
||||||
|
hQIMA4EEKdYEzV0pAQ/8D4mAcC6vsHLkSryz1yIYoBqqtJnG62pITFEbafhVLR6V
|
||||||
|
nWAw/zP9DqNj15MsrM67xaQxlMVgkVM7QTchgp0CjXsyZ/gWPgDl0NaC92Uj93Ov
|
||||||
|
Gi2OpkfHQFaAW6JsAFl5NrF0ZBw/flx8X0l2klIxBV+ztpkLADEtXWsoGsmz5L4m
|
||||||
|
n41icEp9+nb9nwy7p+Je0s4jZCBB0sVlbkX9i4IpMOgEhA0HcWemc940VJp3UyRg
|
||||||
|
LkOs5C0J4Y4qjS12248y16gV/IhNaJ4PCPgVwSj1Xzz6VXauQosmWhnUbnqJbi3F
|
||||||
|
KWEV0IJJO+dlj5VShzFDnkN2bM1GeyQx1S+FkNp+Mmm6JNrUK+CZL8fUYka06O0V
|
||||||
|
DD/sg1Pyq8VawNG5RxwAWA5F1F1SIrJzF0T4HyIN1UFRCjWC466sdrBTQLtx472k
|
||||||
|
NdBCvabHS/bx5miPKF5iglJYzz4biUdevc3EU7q4hwgMYM2oep3m2EsaTbKWzjnY
|
||||||
|
PLB4d0bCsRlya0YfHaFX5f3xSNb/FzBcUlTHzX2asyB2DolMug1VqS3jCEkWGbk/
|
||||||
|
vfNfR5yRuwkwNlJRqHbGIfH7fYEgwSTW+VW2iUdY7Dra7xjgTzqZgLi5W8QwKJqq
|
||||||
|
1V5H4KlRQNYwloVJzQZCwoPcY+tBfTZ4LsDKtjyJzFY9vdTGGGqb9lAG7YBUdubS
|
||||||
|
XgE72UuZvbPQZuI7uVKMEORGVssQjwZFhs4InR/Ixe03a7hb8fdRHfu/ueS/3KQx
|
||||||
|
mRXVino/iVQ6M936mtibfeH9TpBpjqH8sBKNHv2hgnoap9QpkrVn1yWqrOcpht8=
|
||||||
|
=+sXL
|
||||||
|
-----END PGP MESSAGE-----
|
||||||
|
fp: 9DFA033E3DAEBAD7FDD71B056C7AAA54BE05F7BA
|
||||||
|
- created_at: "2024-06-20T20:01:32Z"
|
||||||
|
enc: |-
|
||||||
|
-----BEGIN PGP MESSAGE-----
|
||||||
|
|
||||||
|
hF4DQrf1tCqiJxoSAQdA/tIZCvQv0E4dHN5jBHsAGclKEeLFhyf4lIQx+xa+uwQw
|
||||||
|
/VGCdNT8U13EawRC66KLXRrRgsNPpwUg15wAoTzQ8gW/tLpgvL5nsEYPfaowYwBD
|
||||||
|
0l4BmNV4o4J+NHF7Tk1af2kx0pp6kF9eJynn6irr336tGzY004lZfZlqwgeOk+qN
|
||||||
|
93XcSfdAOlIktfex1q1oTPrSpGIv32zsLPoRNVa50dO+IKu1tmYAxi9N9sQgbWa4
|
||||||
|
=rnF9
|
||||||
|
-----END PGP MESSAGE-----
|
||||||
|
fp: B71138A6A8964A3C3B8899857B4F70C356765BAB
|
||||||
|
- created_at: "2024-06-20T20:01:32Z"
|
||||||
|
enc: |-
|
||||||
|
-----BEGIN PGP MESSAGE-----
|
||||||
|
|
||||||
|
hQIMAzdAjw8ldn6CAQ/9HNG41mTgq8VavF9DBX7+upnsmoDtwblck18l3rurJ1mo
|
||||||
|
k2ki7tWwIxRyLLHtsUxJ9S55cmXuhhPJK8Kzc32SnY5irDkqK/4JZnDvofg+z68B
|
||||||
|
8pQOunN1BQp50k8vd4Mha43re8s24iqrM+fj59uHM2YYsQYt9TCR/NvUopOdi6l2
|
||||||
|
8OnKI2KdRvYhtzzCY3wmQKhG7p0hc8y8pP/0DmPW5IGQ6OP4zO+Qnc4EbVnA9Uhr
|
||||||
|
tZ4sTNn0o80kfvILKANkAm81v86KdSRXdd3+1IpH1c7rTqm9o+DEm8nKnwWOF63O
|
||||||
|
P0klsYLlfqiZyQ0AyS67RHPTw/y57mAyWVFbABDLtXQQHWcIkADMLKTJLpnhKkRn
|
||||||
|
Cp94EXBBBwViAUBUzzskE4lgKXncl1h5ogLum8btU+cLky0qa8Hzie5QqszlErf8
|
||||||
|
fci0AEHV8u+Kf5EARf1FiY6K2aVnFOJchdeL98qllwRu6f8zz7+bfLq1UXcGBlQS
|
||||||
|
JnbAlXiL4vEBxQyW5awYYzpaMUTW1ejjujZUitdaUeIQJdv/IJvHe9y6/F0uukdt
|
||||||
|
AMrDI7E+JKa6hLPe4g6H1hUzh6GcaHuNU9z2NSDfzxcOHkqALsCDLVDxsjPhahCc
|
||||||
|
UZkSn8ebyqv7/jpTgWnsls0Fx8XqvKKJNoqXfK81oIvWlJsEwqSaBczkq9HQbO7S
|
||||||
|
XgH2N8XPOJWmqDc+xS26eERNJ8ZlhYaODWwatgqt2si6EdBpVRZL4PXsOrOlI8Xi
|
||||||
|
Uaag1/Uljqbk5mN18+CtSfSt0ded79d44B9zAbc70hgvkRrpcotDBnO8YQ9MxB0=
|
||||||
|
=O0Sg
|
||||||
|
-----END PGP MESSAGE-----
|
||||||
|
fp: 3D70F61E07F64EC4E4EF417BEFCD9D20F58784EF
|
||||||
|
unencrypted_suffix: _unencrypted
|
||||||
|
version: 3.8.1
|
7
config/hosts/mjolnir/sops.nix
Normal file
7
config/hosts/mjolnir/sops.nix
Normal file
|
@ -0,0 +1,7 @@
|
||||||
|
{ ... }:
|
||||||
|
|
||||||
|
{
|
||||||
|
sops = {
|
||||||
|
defaultSopsFile = ./secrets.yaml;
|
||||||
|
};
|
||||||
|
}
|
10
config/hosts/mqtt/configuration.nix
Normal file
10
config/hosts/mqtt/configuration.nix
Normal file
|
@ -0,0 +1,10 @@
|
||||||
|
{ ... }:
|
||||||
|
|
||||||
|
{
|
||||||
|
networking = {
|
||||||
|
hostName = "mqtt";
|
||||||
|
domain = "z9.ccchh.net";
|
||||||
|
};
|
||||||
|
|
||||||
|
system.stateVersion = "23.11";
|
||||||
|
}
|
9
config/hosts/mqtt/default.nix
Normal file
9
config/hosts/mqtt/default.nix
Normal file
|
@ -0,0 +1,9 @@
|
||||||
|
{ pkgs, ... }:
|
||||||
|
|
||||||
|
{
|
||||||
|
imports = [
|
||||||
|
./configuration.nix
|
||||||
|
./networking.nix
|
||||||
|
./mosquitto.nix
|
||||||
|
];
|
||||||
|
}
|
33
config/hosts/mqtt/mosquitto.nix
Normal file
33
config/hosts/mqtt/mosquitto.nix
Normal file
|
@ -0,0 +1,33 @@
|
||||||
|
# Sources for this configuration:
|
||||||
|
# - https://search.nixos.org/options?sort=relevance&type=packages&query=services.mosquitto
|
||||||
|
# - https://mosquitto.org/man/mosquitto-conf-5.html
|
||||||
|
# - https://winkekatze24.de
|
||||||
|
{ ... }:
|
||||||
|
|
||||||
|
{
|
||||||
|
services.mosquitto = {
|
||||||
|
enable = true;
|
||||||
|
persistence = true;
|
||||||
|
|
||||||
|
# set config for all listeners
|
||||||
|
listeners = [ {
|
||||||
|
settings.allow_anonymous = true;
|
||||||
|
omitPasswordAuth = true;
|
||||||
|
acl = ["topic readwrite #"];
|
||||||
|
} ];
|
||||||
|
|
||||||
|
bridges.winkekatz = {
|
||||||
|
addresses = [
|
||||||
|
{ address = "mqtt.winkekatze24.de"; }
|
||||||
|
];
|
||||||
|
topics = [
|
||||||
|
"winkekatze/allcats/eye/set in 2"
|
||||||
|
"winkekatze/allcats in 2"
|
||||||
|
"+/status out 2 winkekatze/ \"\""
|
||||||
|
"+/connected out 2 winkekatze/ \"\""
|
||||||
|
];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
networking.firewall.allowedTCPPorts = [ 1883 ];
|
||||||
|
}
|
21
config/hosts/mqtt/networking.nix
Normal file
21
config/hosts/mqtt/networking.nix
Normal file
|
@ -0,0 +1,21 @@
|
||||||
|
{ ... }:
|
||||||
|
|
||||||
|
{
|
||||||
|
networking = {
|
||||||
|
interfaces.net0 = {
|
||||||
|
ipv4.addresses = [
|
||||||
|
{
|
||||||
|
address = "10.31.208.14";
|
||||||
|
prefixLength = 23;
|
||||||
|
}
|
||||||
|
];
|
||||||
|
};
|
||||||
|
defaultGateway = "10.31.208.1";
|
||||||
|
nameservers = [ "10.31.210.1" ];
|
||||||
|
};
|
||||||
|
|
||||||
|
systemd.network.links."10-net0" = {
|
||||||
|
matchConfig.MACAddress = "BC:24:11:48:85:73";
|
||||||
|
linkConfig.Name = "net0";
|
||||||
|
};
|
||||||
|
}
|
|
@ -7,5 +7,6 @@
|
||||||
./networking.nix
|
./networking.nix
|
||||||
./nginx.nix
|
./nginx.nix
|
||||||
./postgresql.nix
|
./postgresql.nix
|
||||||
|
./sops.nix
|
||||||
];
|
];
|
||||||
}
|
}
|
||||||
|
|
|
@ -10,21 +10,33 @@
|
||||||
services.netbox = {
|
services.netbox = {
|
||||||
enable = true;
|
enable = true;
|
||||||
package = pkgs.netbox;
|
package = pkgs.netbox;
|
||||||
secretKeyFile = "/secrets/netbox-secret-key.secret";
|
secretKeyFile = "/run/secrets/netbox_secret_key";
|
||||||
|
keycloakClientSecret = "/run/secrets/netbox_keycloak_secret";
|
||||||
settings = {
|
settings = {
|
||||||
ALLOWED_HOSTS = [ "netbox.hamburg.ccc.de" ];
|
ALLOWED_HOSTS = [ "netbox.hamburg.ccc.de" ];
|
||||||
SESSION_COOKIE_SECURE = true;
|
SESSION_COOKIE_SECURE = true;
|
||||||
|
# CCCHH ID (Keycloak) integration.
|
||||||
|
# https://github.com/python-social-auth/social-core/blob/0925304a9e437f8b729862687d3a808c7fb88a95/social_core/backends/keycloak.py#L7
|
||||||
|
# https://python-social-auth.readthedocs.io/en/latest/backends/keycloak.html
|
||||||
|
REMOTE_AUTH_BACKEND = "social_core.backends.keycloak.KeycloakOAuth2";
|
||||||
|
SOCIAL_AUTH_KEYCLOAK_KEY = "netbox";
|
||||||
|
# SOCIAL_AUTH_KEYCLOAK_SECRET set via keycloakClientSecret option.
|
||||||
|
SOCIAL_AUTH_KEYCLOAK_PUBLIC_KEY = "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi/Shi+b2OyYNGVFPsa6qf9SesEpRl5U5rpwgmt8H7NawMvwpPUYVW9o46QW0ulYcDmysT3BzpP3tagO/SFNoOjZdYe0D9nJ7vEp8KHbzR09KCfkyQIi0wLssKnDotVHL5JeUY+iKk+gjiwF9FSFSHPBqsST7hXVAut9LkOvs2aDod9AzbTH/uYbt4wfUm5l/1Ii8D+K7YcsFGUIqxv4XS/ylKqObqN4M2dac69iIwapoh6reaBQEm66vrOzJ+3yi4DZuPrkShJqi2hddtoyZihyCkF+eJJKEI5LrBf1KZB3Ec2YUrqk93ZGUGs/XY6R87QSfR3hJ82B1wnF+c2pw+QIDAQAB";
|
||||||
|
SOCIAL_AUTH_KEYCLOAK_AUTHORIZATION_URL = "https://id.hamburg.ccc.de/realms/ccchh/protocol/openid-connect/auth";
|
||||||
|
SOCIAL_AUTH_KEYCLOAK_ACCESS_TOKEN_URL = "https://id.hamburg.ccc.de/realms/ccchh/protocol/openid-connect/token";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
deployment.keys."netbox-secret-key.secret" = {
|
sops.secrets."netbox_secret_key" = {
|
||||||
keyCommand = [ "env" "pass" "noc/vm-secrets/z9/netbox/netbox_secret_key" ];
|
mode = "0440";
|
||||||
|
owner = "netbox";
|
||||||
destDir = "/secrets";
|
|
||||||
user = "netbox";
|
|
||||||
group = "netbox";
|
group = "netbox";
|
||||||
permissions = "0440";
|
restartUnits = [ "netbox.service" "netbox-rq.service" ];
|
||||||
|
};
|
||||||
uploadAt = "pre-activation";
|
sops.secrets."netbox_keycloak_secret" = {
|
||||||
|
mode = "0440";
|
||||||
|
owner = "netbox";
|
||||||
|
group = "netbox";
|
||||||
|
restartUnits = [ "netbox.service" "netbox-rq.service" ];
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,13 +1,8 @@
|
||||||
# Networking configuration for the host.
|
{ ... }:
|
||||||
# Sources for this configuration:
|
|
||||||
# - https://nixos.org/manual/nixos/stable/#sec-networking
|
|
||||||
# - https://nixos.wiki/wiki/Systemd-networkd
|
|
||||||
# - https://wiki.archlinux.org/title/Systemd-networkd
|
|
||||||
|
|
||||||
{ config, pkgs, ... }:
|
|
||||||
|
|
||||||
{
|
{
|
||||||
networking.interfaces.net0 = {
|
networking = {
|
||||||
|
interfaces.net0 = {
|
||||||
ipv4.addresses = [
|
ipv4.addresses = [
|
||||||
{
|
{
|
||||||
address = "172.31.17.149";
|
address = "172.31.17.149";
|
||||||
|
@ -15,9 +10,10 @@
|
||||||
}
|
}
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
networking.defaultGateway = "172.31.17.129";
|
defaultGateway = "172.31.17.129";
|
||||||
networking.nameservers = [ "212.12.50.158" "192.76.134.90" ];
|
nameservers = [ "212.12.50.158" "192.76.134.90" ];
|
||||||
networking.search = [ "hamburg.ccc.de" ];
|
search = [ "hamburg.ccc.de" ];
|
||||||
|
};
|
||||||
|
|
||||||
systemd.network.links."10-net0" = {
|
systemd.network.links."10-net0" = {
|
||||||
matchConfig.MACAddress = "62:ED:44:20:7C:C1";
|
matchConfig.MACAddress = "62:ED:44:20:7C:C1";
|
||||||
|
|
234
config/hosts/netbox/secrets.yaml
Normal file
234
config/hosts/netbox/secrets.yaml
Normal file
|
@ -0,0 +1,234 @@
|
||||||
|
netbox_secret_key: ENC[AES256_GCM,data:7cVGSlrCo3MEjeLjfeZrL0VZi3+yZqsC3qI+rx+xadic78H0egWCCNaYEHIgtilgFjw=,iv:gnearzPduWcrVLU/FuzS05eNPZ5srX0hqZyElq+19ek=,tag:9MKgFb4eVYE6a5ncx9sgpw==,type:str]
|
||||||
|
netbox_keycloak_secret: ENC[AES256_GCM,data:WLPCwl6KmHhyGwpqchZUmTr0XwA1T9asAEXNOSQMfGU=,iv:fsO+Ho18Uz6+y2iohbve1bUKhCR/c2zNrbODR2Jrh3Q=,tag:MWeh7GhdyUJnSzrndA3l3Q==,type:str]
|
||||||
|
sops:
|
||||||
|
kms: []
|
||||||
|
gcp_kms: []
|
||||||
|
azure_kv: []
|
||||||
|
hc_vault: []
|
||||||
|
age:
|
||||||
|
- recipient: age13fqs76z2vl5l84dvmmlqjj5xkfsfe85xls8uueul7re9j3ksjs0sw2xc9e
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKaTJ5OEJPeGVPTHp5V2tX
|
||||||
|
c0xYcWtKNG00d3lCQ1JZRERkUFZsaXpyMERJClQwdDFnTVdCRjB0S3hEYkVmclE5
|
||||||
|
dGRUQThYSWhpK2dCQWxSVjhuNEY4TUEKLS0tIC9RS3hSdFZCbTd4eFNNSTgyaXdU
|
||||||
|
V1lQK3YzTWI5ZGdyeGtFQ0E3QXQ3YnMK8sBStC8xBKwpeWkF/HrryWi0hZA69nuw
|
||||||
|
a73HiZuED8KEp5OPME3yC6Ode71uEEaE/av2zp7WUYbCqVpWnwcjSg==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
lastmodified: "2024-10-08T23:54:23Z"
|
||||||
|
mac: ENC[AES256_GCM,data:6KwBwJ1uTuOaCTcBs9sgvX+E/bV37ylJmDqYupa3545ba5Y3VMuF2Hx72zzRYPmh5/DmwzDxc/f7TZUheO5jwwwMGGNCYuX2c+nkzLgtovT/yCXTo8vPHNf03fQRHlOq28ztQIG8Ug1s/t4XkA+iuqPdbvyNKLbsJfJBqg4SF44=,iv:SUXPFtW3/pSTBnjAh77G6pJTucHy4VEhUVkELiMJ4JU=,tag:SfLCwPpJuvL7RrIRmN5PGg==,type:str]
|
||||||
|
pgp:
|
||||||
|
- created_at: "2024-05-26T01:07:22Z"
|
||||||
|
enc: |-
|
||||||
|
-----BEGIN PGP MESSAGE-----
|
||||||
|
|
||||||
|
hQIMAxK/JaB2/SdtARAAgiNMTfquNZeRDR0p1DQbGPVx/tCxKng4aQ+6A8x7H3Ul
|
||||||
|
UFSjn+85rFBqTRswDnFM4gSfokBHLW1Ltztqw4aKuYoNLs0vUGJWrkf5dHsJv2Mb
|
||||||
|
YJaHm1iqSwIrgmyI1PWvrZ+cUjgUWBriJOTNlYi2iHWBWqDSQ7O7TUqpeCxiHAp9
|
||||||
|
e6UydzIxsLjl+7gaDW2M/FRJNVKxtq8UBEdg33xLi/eE6O5/fNyo8qBjUUWnG4xb
|
||||||
|
fiuKWgn83n7vsVsmvNJPlsOUrrZoYJAOSm5nymkXlAEQv1LPrSXXYHz8WoOTPDs8
|
||||||
|
29YAX8gvIwK+lc7xFFZAsjQ8JzqcVMyFHsT9N8zWSdaOyGcFcsDwBEICOvVSabb9
|
||||||
|
g3yrI8PKoEkQigeLnzKrkLZX+1vqVkSO7MBWn5xAMMhTTZvH0+MknlYO0pU3ziME
|
||||||
|
Yp6EbvU4OeRbcB6gMt21KQDhiEkPNdwcyxoOtFIWw8tCK57Leyyyb1YU2W7T96M4
|
||||||
|
2fcoAzr5x3xapdvOEgUr7OFzTrc2DRrpx7FKoJFBIy4HEvtJKJvKxcq4aUqznSPG
|
||||||
|
ILpbnH3CEQuWmcGu5fTZ3ggQZW7bM523cz+cwOJjUokhW49D+h7wZjffUuSK1AWS
|
||||||
|
7FwncFVVkNcLAs77p1DFn4A3mUjdh3jl+VAXudgQfOGtLeLDY4+qlMMQSGPoj4fU
|
||||||
|
aAEJAhB0l1X5jqjGE7o/PRwgoaeFl/zwiX8n0k26++hPw2+Vt/b3sT3Ce0zNr30p
|
||||||
|
Yc7h4H8UoN9j6zD96R9MAATHikz7a5EprAshqzV6uy7VNI6bcKVKilLoxVa47Y1p
|
||||||
|
6PA24RxtGxVm
|
||||||
|
=ES/O
|
||||||
|
-----END PGP MESSAGE-----
|
||||||
|
fp: EF643F59E008414882232C78FFA8331EEB7D6B70
|
||||||
|
- created_at: "2024-05-26T01:07:22Z"
|
||||||
|
enc: |-
|
||||||
|
-----BEGIN PGP MESSAGE-----
|
||||||
|
|
||||||
|
hQIMA6EyPtWBEI+2AQ/+OBSrAP5xkjanku4jcpbYrYDMTWRxVfEgNesvuTyQsxVr
|
||||||
|
kKK9THm7MUHbVBkx1xirvpv6XLcLtCwdMnYlBkSCVaztGmb1aowmCn5tWZiVDyE+
|
||||||
|
UPCF0bTXmxjLM+Cav8aweylfD3vAQsPvFLS3XvCBHKWqZ7dNkro+5VTxKmQ+XiZ6
|
||||||
|
t67M5DtltUm8IWOE2DScAgGiBQlCSY23O/zy4U5Sj3Ii+eRHxC1B7NB0Crj01pi7
|
||||||
|
2v6J7yNZnw4vfH3UiRO5Vg9q0QLPp3XR6Xb1J/TJJS6vCUarSbL1/oBjujHkF4hK
|
||||||
|
MEZ+Q3qGnv+dGOzUch4xkEkuWyfIcMTY6JOa3TpkhfkbQwXsph/sD/SaHpRD70Ra
|
||||||
|
PX0vBzSdbtEMea8/pVTOxfFEjPGQIFI1+pdNmCfzhWNbrH6EqjrSOyZXSr6+U3dI
|
||||||
|
Xhpyv2wKuNho0c9jWYqPzY4vhSGRjc9416nfV/o7Ebv659ypBKHtMDcL5kebkCB4
|
||||||
|
W0OwscSRPUXUz2S9XfSa3J80Aakv5S5xvlXo6R/8TDaMWJtZP2vtF4y0elNGOfZM
|
||||||
|
Vn/zlv1htaezQDNznJK+E8bHEF3p92hiuSjO8yMZByIFrAV1AyqY4kiMmW68scA6
|
||||||
|
NBOlxah9xCV7XnD8B1ZCR9FruuYYj9cpwES0lLvISBXJvh1viyHN8Js0uApePInS
|
||||||
|
XgGzDhaZWWyt5TK+Uv2fu8wh6hbX8hmzT9vBLfPz0Gx6Z78RnwflsTqF8svtjSuB
|
||||||
|
zv4z9d/zrysfHY93Gd8kdKkG955f1THz9dELEpYLIwyLoTx1vHlymVP87TuPqxc=
|
||||||
|
=zG3F
|
||||||
|
-----END PGP MESSAGE-----
|
||||||
|
fp: F155144FC925A1BEA1F8A2C59A2A4CD59BFDC5EC
|
||||||
|
- created_at: "2024-05-26T01:07:22Z"
|
||||||
|
enc: |-
|
||||||
|
-----BEGIN PGP MESSAGE-----
|
||||||
|
|
||||||
|
hQIMAz5uSgHG2iMJARAAjT7YVbq2/QthKii2fmj1EZgsDm7ZkcAKJ7Bo0jm7Vgxm
|
||||||
|
wGeBULB0bBoYEiFFO7Kc420Yk6IK+uUG8S8X3bJHUbMzvY/K/kG0eVpXwDJwJPf8
|
||||||
|
o46blkjpmhIiTvvQ4K74AJgsT9W0yXRrPxGz5HIuOG8P8CAqOabZ79ORfd3KFebJ
|
||||||
|
yOvBSyor//XoMB60a7uqQoaWw/+UwRKpz2yncLafD23nyuS5uXsoHNuySHLsI4va
|
||||||
|
y6Nhp4LdpYjjx/DIuzrl/3SCeLgisHL5u5kJ1QaGsfd2z7Tjxk+GoVgs/Wb51uHs
|
||||||
|
vPk0diKrv/kouW7rN20a2ywQETenik7/z2JcEFyZiOPH9KhHk3QGoXdlVVqESz5O
|
||||||
|
OMV5d/ijFW92Z7yuis1jSewGKDDp1FqyR3gIMONl2vK7Pzl1A8v8yQBbY5/fObuM
|
||||||
|
xTs/qwwoqYimokqM3WrjjKgx8oFFstWWzKBT24aCQTajA8vl83v1jfjR7EjBrrAu
|
||||||
|
+J+wBFNpnJiXgECPmJgOtQB+4IA023X1cdgDm2GlR+sPKKSBP+AySMOOp4zMoS4J
|
||||||
|
9xd30ltQp1ncNvU7KaTV0VXRaGb7CEJnlhiN2naYcpcsX+G8bfcrCuZwxtBFiZvY
|
||||||
|
9Ey47LLHP5SPPOWxhnsrPOYidNJd056+uyvnnbUYArjb6s5JUh6KQgjELKCEOIXS
|
||||||
|
XgEUryr5jMrBHLQi7wYHEqWkouH8cFsPAu5O/KOIYvZVIoOzB3DDPtJ4CknNfAMa
|
||||||
|
CTvlOJHJSuweQ4Mq0c+247aWu12V9ZMcTQT4e3g5DYq5TWm58Uidbd/g3FDwLgg=
|
||||||
|
=PqbF
|
||||||
|
-----END PGP MESSAGE-----
|
||||||
|
fp: 18DFCE01456DAB52EA38A6584EDC64F35FA1D6A5
|
||||||
|
- created_at: "2024-05-26T01:07:22Z"
|
||||||
|
enc: |-
|
||||||
|
-----BEGIN PGP MESSAGE-----
|
||||||
|
|
||||||
|
hQIMAw5vwmoEJHQ1AQ//baYynNo2MfmuqEKles0xnZpfPemIyQUnPmRKEtZUl6T6
|
||||||
|
eweGXKF3Ms32ErPhZaT8RNYAk2XX+RRlpJvTcMvLv/rxVTf2QcCAz6vxukmh5una
|
||||||
|
5CJe1H1tcDmXrQ7zkGffktkGcT90/OpRbhMJtp7MKcEzfpdgcw5yCeDpYCRn2r9E
|
||||||
|
/0Eaf72R60ecnr6CaOSIdbpy1QiDMydgmg/QCONBT97RQMJaGN+qAuPz1Fpb/Z+N
|
||||||
|
E/bmtqS39ADYZoB36sy+LCzp+oMLI0DpCHz2ngfFnKbeYeNU9gMXCAda9/ZyMbaI
|
||||||
|
aFjvwlTBsvAklWN36pvG/YxoO1XkN/Mj1N1QBvxP2LYg28X7uBnVUZAyvvQPL6xN
|
||||||
|
U110qThvDvLxgHC1DAfoMygKCDig2oSg3njf8LS1y5XkTag/B1JJT3NcgFI+MMvT
|
||||||
|
5NMaw6HRAgOwWcJ1pJokFZ6zIpLlIbToutJu/Ep4tisyg/G3ybbthqaywg5jkbCT
|
||||||
|
vbhzXpsbqkE+jyx2dWziBbQR9lOoTycRwIs6um+pKuPF7TzfD1GRyqTwtU9TN58D
|
||||||
|
Yl1GN3oz8ZFeGkdy1dXBxMP4EXR1BTdLk14vFGFPbjQ0bAAohOgTSgtGm+iZ73Q/
|
||||||
|
PFNf/3gGt8/Gk0cMl20PFzk3FMyUDOLFl5dOre0THGQelpVbN7fvZuaXOSZjuYXS
|
||||||
|
XgHGFmChf+zsmbKnT0tQfzGtFQb0cHHvkenxC5MCCCPibxwVeHEwcJTtPvvF1QqF
|
||||||
|
9kR3XEpuVFMNFrxsQd/31c5RUTC+sr7W+PRIVgIhdU6RtikIMsmekrunnPeB99U=
|
||||||
|
=o7cj
|
||||||
|
-----END PGP MESSAGE-----
|
||||||
|
fp: 87AB00D45D37C9E9167B5A5A333448678B60E505
|
||||||
|
- created_at: "2024-05-26T01:07:22Z"
|
||||||
|
enc: |-
|
||||||
|
-----BEGIN PGP MESSAGE-----
|
||||||
|
|
||||||
|
hQIMA4HMJd/cQYrVAQ/6A6ealIO6x8Xq3xzjIvZt1R4TvbnF+LmKpW2iG1nO3aVY
|
||||||
|
QOEGUCVdEveWbQBOexKXl1TgfhxIOrPVixJ2KgIZnNxobhgABfF/H/EqXsxUI6n6
|
||||||
|
2mZt8r0ibknzoPn7MmC7ceJt0t8UVFgPlPuT7zb5T2nDrm61WD50tbubJTYTuWmY
|
||||||
|
NE5qhd051/Ohqf1RGB7MEfesDNj0S+J3E0TAjOsAcFoAUwSohUtxONcCSwjiygqM
|
||||||
|
vCC9Z51tMe6pC9n/2MNgb47xd5eqFs9rzfKXxPlnhhRmS1jOmE5fVfmOg9KOkGCu
|
||||||
|
PskiO+hgyQK3q2a+/e/MGuKv3ChCrTloTUBarQW5oRoQnWdoiZh7rVwyNVasGfHW
|
||||||
|
FLEhZuBlyV8w9JqOQTiOx3FN8IhVL2lJIa72Ng+O+AMYuvuSCxv5r+1D88IUlF9B
|
||||||
|
n01qAMC7fUfOpkUPM0yXQ9GTIWt02Mp/7z15t49Uk3izYCGluxVNhLNFxvAZOZh8
|
||||||
|
nfT2Hpf5mkJHMvUD9F9rWFVWPyCD0ORN8k770ziOVEYMadSJ7/HpCHxg5m+TqNnM
|
||||||
|
TNQXID/f7AyoO10zcS8TD0IgDLEjTaPMTPZ1EZ0MvgLQ7MgzPdjdvXOGc0g8L6oa
|
||||||
|
ac9a/NDWeZGDNfj5T88pZStoLJKnTvuuwxk0haabClxCAOysifxINqJ7U6AfkpnS
|
||||||
|
XgHR1vDF871X9kwm/c2zrbJca2sH5pNU/HiLf3IMRTAnmIewYxQAvn3JH+0jUUKH
|
||||||
|
fEt+fZuW9dgfvDzaw4C3FbGxFViRXXFrjqSDGN9JT6VprCmX3Or0RdIjHwdvvhY=
|
||||||
|
=4agQ
|
||||||
|
-----END PGP MESSAGE-----
|
||||||
|
fp: 91213ABAA73B0B73D3C02B5B4E5F372D17BBE67C
|
||||||
|
- created_at: "2024-05-26T01:07:22Z"
|
||||||
|
enc: |-
|
||||||
|
-----BEGIN PGP MESSAGE-----
|
||||||
|
|
||||||
|
hQIMAxjNhCKPP69fAQ//R+9lFm16WjGtRkq3zcPbva2SpijBjVBfuL2veFyeDq5G
|
||||||
|
H09EL0+A9IJ5rPI4Y6HJ2LhnqUWg7NRHbmM48bHla5NDtCNB+YsU1rNc4oGIf/TJ
|
||||||
|
JRob3u660+BxRiEO/Agc925BeQS7xoPSIQTTkzMKEGih2aUj3Im0JHBd6p3UWnsn
|
||||||
|
ZTUy4rkZHhUot1vHSOh1RTRDQHdDMTFpzPA66nH2y9tyz79jhqEFUCZIVIB5dGWv
|
||||||
|
blFqZgoVf9Piw/7ic9FHuNRy/5tia7SGN6xIu3OlR3TU+z7fvjUAHG9Afm0FINfm
|
||||||
|
fS7SRg+y/6wUWVGL8NSQWQLdnMnUt7E2DSu5IY6S6ToZTDxpNM9Waw89GQbUe+Jg
|
||||||
|
APzUtmXt2VNZ7faIE+tE0LJs2x5OGNxALKgj+K9ZFl6oIL8E7PB4ncxDlTsCRiz/
|
||||||
|
H15LzKYMWcYAntMVuVbyyzKUh/3KdZWfs31PV+JIQuazVUQgO9R3myn1Y9SnvZdQ
|
||||||
|
dIwvfYBOmwhC6oCkJB3Pj4yOoE6gtacZBeeUZwScDxH6h+D3MFrF/1bgiKZs26m+
|
||||||
|
VfuTS2vxUAln9werKIGAbQWZmtCOkRdyVIJyeo31zO3hy/xdfzlZdBijcOqZDeho
|
||||||
|
FP+WDUAySkSahqV1pr+jIMsaejRglJo/GfCGPdtBYAuB872VpdiQ8g3i0CW7eSfS
|
||||||
|
XgH5YBfA4EgJSxRdCpBO25i0SyxlNK2WJ9INQbu4xyfBfsZYyhKo1RbmD+60t/xw
|
||||||
|
Lxeg8plFAuBPvQCRCGvda1y9uw66Hmxt0QKtScd3MXwOk2Q2u04cIPDZ/KAtC4g=
|
||||||
|
=x1QX
|
||||||
|
-----END PGP MESSAGE-----
|
||||||
|
fp: F38C9D4228FC6F674E322D9C3326D914EB9B8F55
|
||||||
|
- created_at: "2024-05-26T01:07:22Z"
|
||||||
|
enc: |-
|
||||||
|
-----BEGIN PGP MESSAGE-----
|
||||||
|
|
||||||
|
hQIMA1Hthzn+T1OoAQ/6AgZkGRrZDbtTDEkksKQ84CsGyRBMioOrYfHDSyRb7URZ
|
||||||
|
RDVLfqr25Iz48kYR1n2nMo+O7QyayjTwaEAwFLFSTIpRKN6/9fT2ZVJxUfgLUWhH
|
||||||
|
I1OYMmRr9f/30OUMw8uTlCMqznkdoSjBmm0CX2Mu3YyRDUokzZa+ixRHX9TRBrKz
|
||||||
|
GSfJvHm77HTamvJLZcHnrVi9YH0KL7cQ8ileNHbUbCqmG+rrhiwz+gRp9aJ7pbnw
|
||||||
|
Qp7TaafrQKFh0Zsbmwuzcv030TJvuZboWpMIuGoeOWqv6tzSFhUV8eUu6UnM/2fg
|
||||||
|
arflryayYFRDUkysHONGoHviygefHr3+dIkneVO7tJ4ePYnFYhLvUsps4KASoHMF
|
||||||
|
dHMOwaPQDnBYo/ADiar1fgagYD/1Yns2SpsA1eqWwTE+hp+jwQi0mzYMLM3xl9YA
|
||||||
|
cMuqIOnXvpnuXYIRmooFtf/JkoJkYDV+8gbowZU52FJbB15QsPUgN47aixkWzJxj
|
||||||
|
6iV34LoF783DGQTnoMzgV9bDXa3RE1UgxjdFV6TNsPQvmWQJe+NNhqdkhH3MwLTG
|
||||||
|
jMGAwUNsPnmvCg4xPZlZMiuGhi3vxC4Fj6MWUw8uJbxCv83FPYwmpHCGVNwpDhFC
|
||||||
|
rRLk9vo1Dsm0oMHHLDxS9gTlg7FCrEyXinHBEq/11wigACM217oyg28nWxd6iA/S
|
||||||
|
XgHgxWlTQiYOWBRdJuJrPwXpNIHlsNDuE5YantoGFx6ykGT5H42HFlll7xGq6xVq
|
||||||
|
pssSfJK++lqWpvX076vh9tfwa40N2neO/vQ+8jBXr3dP6Vj/FUA8IUDVjc9xxAc=
|
||||||
|
=FXTF
|
||||||
|
-----END PGP MESSAGE-----
|
||||||
|
fp: 5DA93D5C9D7320E1BD3522C79C78172B3551C9FD
|
||||||
|
- created_at: "2024-05-26T01:07:22Z"
|
||||||
|
enc: |-
|
||||||
|
-----BEGIN PGP MESSAGE-----
|
||||||
|
|
||||||
|
hQIMA46L6MuPqfJqARAAlG+nZhDVZX/+nHA+dPdw2RSGeXrIaxe0gjkGShZOVhmq
|
||||||
|
/iOfY7IgRzfp03BCJxRZwTYZu9hcg25jmW1havkmv5NPMDrmhgg9nX1AgyJaOgTo
|
||||||
|
FCPlXAvBSyWPGv+xgi63ttakHhobOympBj4hSzXdLg3RhkZ7KHci4Qz7XVfOpJ+j
|
||||||
|
wl/HKkNmkLiPiA7kYk8SOwJMFO89dMphHQBc81cZAptwfz9snTP7v6iBVvQDvF8h
|
||||||
|
3y5QPpfKEJZy0+GlqbMvRASHNx+w2GXIk6F/ldMt9rq9IJvR0od0p15aXCcO6TzC
|
||||||
|
Yzo7lIyyxqp9NQyN0S/DwzH0Uqj2CFMYdoKeFTNXG4a9fkVorj8+4rmJPewDxc4a
|
||||||
|
6Pc1hrQc6qoN+7o0Fj4xYkSO615gmVwZprWLQqgdkSMSPklecMX1d7WmkmIHNBk8
|
||||||
|
wkFUT0yBoedBiOTIHXRXhnQ8/4fkbRw7HYA3R4CqT7njtvqC0VWfwLISubuQ38tf
|
||||||
|
wbGKg5Bzzt+T176VoOfjau4aDoy3S1aGQcVKD19egj4l/eO+SvHl3UVZNUipkB3C
|
||||||
|
7MUqORS2kOh+IIqdSjYKvn7+MuAM5UP5GdzIoHaPPSCTUPdUjOLFPb+bjonTReQM
|
||||||
|
N4slvyssD3pgy9cwNofVtsmgVrc4Cv9mTo6rygeAq7wWxkl5hvVcmkhRN6zXD4TS
|
||||||
|
XgHV1a+C7ZWICtKI1u19NVYkjDkRrbQx96UdAkKquofpaQjxxXsz4SDi94BB2dCS
|
||||||
|
z+S2ZjOtweynhey1QPOLLmNUvZLE+SGsKmwkrMCBdtSyTbRXHSqPHt0Lc77tUhE=
|
||||||
|
=7WGw
|
||||||
|
-----END PGP MESSAGE-----
|
||||||
|
fp: 8996B62CBD159DCADD3B6DC08BB33A8ABCF7BC4A
|
||||||
|
- created_at: "2024-05-26T01:07:22Z"
|
||||||
|
enc: |-
|
||||||
|
-----BEGIN PGP MESSAGE-----
|
||||||
|
|
||||||
|
hQIMA4EEKdYEzV0pAQ/9Ek8xSUknHMyj7pFgR6oME3Q/az5CykwxpkKFZgafhxWQ
|
||||||
|
nA2Ge4y3Px+rSoPPPtxtb32lw4PcWV+P1Y4EdtpinsuW9xlSWJvE8Yp6C0BBFceu
|
||||||
|
3k3O2sPHlF0yeJgjS+rhpqPppRn5nlvmD+E9ZiJGQNOEUxmrdgoNLonazlLqcgjO
|
||||||
|
07CQdgHp9AuBthhlEU+UgdVdfHMV83KhhyOIf+mhEUU4cQWL3X/J2Sm6jtAowA92
|
||||||
|
fiAA7U8UXEt4lFEXle6Xj/1LtBI5zI8YHrE3xX6kN0Byf+ydtAM1eqjGb0dL7u6W
|
||||||
|
24CavCODfgWepuK97Jo++umTfN8wkLlfpbaNro2EpAdD5Q9CeGSzXk1PjFmsZgAb
|
||||||
|
QVOxo8kiTULEgMTI55pqg4GT4pglbofsQRMuk2IZPj1a9ScJjOxZIm0VUXG9AAZi
|
||||||
|
BogAuiObch3orMm2KGeSX1s6HyHrvQjuXDNPHoC2yFJ2oBu1QIHy/hAFLnOcNW/U
|
||||||
|
3JfhWHLpMHQgu9lFzkTlobg+4Lg1MHlXtSApwdmMIcrAJcm/l/7+x1J/TVVRQAdP
|
||||||
|
zyzWLA9AGjRv0Vud6lhCnL2FjsUVUWA+S8G+OYqxpkp70Ku1a5z3e7P8CoAtzDoe
|
||||||
|
RZLRwjawjgfyKpEvbN+s2UvWqtgvRPqiudG4cAZs5GecLxO8ItahyklRZ47G8JnS
|
||||||
|
XgEdyiiO06vx5LMszt/tFXtoIKlaWnbB0oLyIwm8un55VnJija5OVrFfdQYhp4fQ
|
||||||
|
yvRQ9uAM32WVjQ+gKVVQ3pAHgF2Lu67E7HtZtdmdLkWafybEWUsqGZyDzDvchZs=
|
||||||
|
=pFkW
|
||||||
|
-----END PGP MESSAGE-----
|
||||||
|
fp: 9DFA033E3DAEBAD7FDD71B056C7AAA54BE05F7BA
|
||||||
|
- created_at: "2024-05-26T01:07:22Z"
|
||||||
|
enc: |-
|
||||||
|
-----BEGIN PGP MESSAGE-----
|
||||||
|
|
||||||
|
hF4DQrf1tCqiJxoSAQdAeCb2j6cmTulJV2huSow62xTILgzf8/OOo5lED9+T5VQw
|
||||||
|
kBqubSVgy3jiW7lfjAK8U5Wh0ITb+6AR9kDLRE0WCxNbrOaeGado1VEalTw00Q58
|
||||||
|
0l4B+PeAZBg82rPUegAvU7UnnUIC3nGVzN4CEdPRpPcrG99V6VvXOks+s4DLky16
|
||||||
|
5FOihlYbf5nCD7OFbc3yys3MbUVuHda8x8H0BkuxDR81Wf4Q+HXCg8OUhncB57zN
|
||||||
|
=Lvnj
|
||||||
|
-----END PGP MESSAGE-----
|
||||||
|
fp: B71138A6A8964A3C3B8899857B4F70C356765BAB
|
||||||
|
- created_at: "2024-05-26T01:07:22Z"
|
||||||
|
enc: |-
|
||||||
|
-----BEGIN PGP MESSAGE-----
|
||||||
|
|
||||||
|
hQIMAzdAjw8ldn6CAQ//UFokgDfUkScPVlJ+YnFw+W8eLk6y2YVI+nTCCZO9fhPB
|
||||||
|
77aDFY+yJG/BfEzjZNwQbISBjt+OuxVSSam52B+4FQkolr3KRhkfkuS16Fe9PwOg
|
||||||
|
XLMRoDba416ZtwAKz9HznFnPAzyPOwAn8yuF9RMp0KFP3ko+NSRAvOgja+jjPOl7
|
||||||
|
4BNkH6w5SAoE8u5jyQKIV9OB4W8RCVX30bYo2XzxjOcK1L+9EygoR+1CVOkbx8p/
|
||||||
|
T2i3mBdy3EtQ+86nSMPjGrSqURaUaKbCN/ygrSMhN/Pl/FvLiEEHamj2dVXPdHRV
|
||||||
|
k4bR51ZjO+U056PAB2Z5yK1Mpp0d0xpi5+QdOdi3eEqnGCXFq4Xz7NHUrmdy8Zug
|
||||||
|
QPnlMqibC3Wqdee4uhPbCHe0veF/VLaNAlyGkBHw7q66Ln2MY8coKPoiR8K4CD8o
|
||||||
|
9dtsV/qDvdFhziqsWCBjTwtFct2x/qEcRnzm1kvpyKwe2zV15lHA9WLafZVQ8eNk
|
||||||
|
U8yxBDETa8Bwd9voJ9NqYTcnyQLRJ3sZcvfkWQ7D5NOvmdHD5vF+gm5zJzR4EGN2
|
||||||
|
kSiqwZvztVuQCm6EOe0pJqp774KZXWW9eHc6CaNwkT5cmWjWu1wdHYhRk32HdhxX
|
||||||
|
1FQF3MxxACwDg9kj/s7gpWLlsofN4NM/QtHoGRh1wDQJGm8IZyH2qxpsgcXX9YHS
|
||||||
|
XgGX4oCWpHLRyRuHPb0xvjAdVX20WQKLzAtXvJkRMUd+Xt348nkZ4ZCqqfQ4eKPU
|
||||||
|
02FoWeCVqWTUyoaaHC87HFXUNJ4Gc+9AsWlbB9yA8nAm1z4wWHHFqZS2duu28ow=
|
||||||
|
=WqHP
|
||||||
|
-----END PGP MESSAGE-----
|
||||||
|
fp: 3D70F61E07F64EC4E4EF417BEFCD9D20F58784EF
|
||||||
|
unencrypted_suffix: _unencrypted
|
||||||
|
version: 3.8.1
|
7
config/hosts/netbox/sops.nix
Normal file
7
config/hosts/netbox/sops.nix
Normal file
|
@ -0,0 +1,7 @@
|
||||||
|
{ ... }:
|
||||||
|
|
||||||
|
{
|
||||||
|
sops = {
|
||||||
|
defaultSopsFile = ./secrets.yaml;
|
||||||
|
};
|
||||||
|
}
|
7
config/hosts/nix-box-june/configuration.nix
Normal file
7
config/hosts/nix-box-june/configuration.nix
Normal file
|
@ -0,0 +1,7 @@
|
||||||
|
{ config, pkgs, ... }:
|
||||||
|
|
||||||
|
{
|
||||||
|
networking.hostName = "nix-box-june";
|
||||||
|
|
||||||
|
system.stateVersion = "23.11";
|
||||||
|
}
|
10
config/hosts/nix-box-june/default.nix
Normal file
10
config/hosts/nix-box-june/default.nix
Normal file
|
@ -0,0 +1,10 @@
|
||||||
|
{ config, pkgs, ... }:
|
||||||
|
|
||||||
|
{
|
||||||
|
imports = [
|
||||||
|
./configuration.nix
|
||||||
|
./emulated-systems.nix
|
||||||
|
./networking.nix
|
||||||
|
./users.nix
|
||||||
|
];
|
||||||
|
}
|
5
config/hosts/nix-box-june/emulated-systems.nix
Normal file
5
config/hosts/nix-box-june/emulated-systems.nix
Normal file
|
@ -0,0 +1,5 @@
|
||||||
|
{ config, pkgs, ... }:
|
||||||
|
|
||||||
|
{
|
||||||
|
boot.binfmt.emulatedSystems = [ "aarch64-linux" ];
|
||||||
|
}
|
22
config/hosts/nix-box-june/networking.nix
Normal file
22
config/hosts/nix-box-june/networking.nix
Normal file
|
@ -0,0 +1,22 @@
|
||||||
|
{ ... }:
|
||||||
|
|
||||||
|
{
|
||||||
|
networking = {
|
||||||
|
interfaces.net0 = {
|
||||||
|
ipv4.addresses = [
|
||||||
|
{
|
||||||
|
address = "172.31.17.158";
|
||||||
|
prefixLength = 25;
|
||||||
|
}
|
||||||
|
];
|
||||||
|
};
|
||||||
|
defaultGateway = "172.31.17.129";
|
||||||
|
nameservers = [ "212.12.50.158" "192.76.134.90" ];
|
||||||
|
search = [ "hamburg.ccc.de" ];
|
||||||
|
};
|
||||||
|
|
||||||
|
systemd.network.links."10-net0" = {
|
||||||
|
matchConfig.MACAddress = "BC:24:11:6A:33:5F";
|
||||||
|
linkConfig.Name = "net0";
|
||||||
|
};
|
||||||
|
}
|
59
config/hosts/nix-box-june/users.nix
Normal file
59
config/hosts/nix-box-june/users.nix
Normal file
|
@ -0,0 +1,59 @@
|
||||||
|
{ lib, ... }:
|
||||||
|
|
||||||
|
{
|
||||||
|
users.users = {
|
||||||
|
chaos.openssh.authorizedKeys.keys = lib.mkForce [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOqCxniUEAZAYqL5zbisFfYcQx+7iDRrMo4Pz4uWXq5b julian@01_id_ed25519" ];
|
||||||
|
colmena-deploy.openssh.authorizedKeys.keys = lib.mkForce [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOqCxniUEAZAYqL5zbisFfYcQx+7iDRrMo4Pz4uWXq5b julian@01_id_ed25519" ];
|
||||||
|
|
||||||
|
djerun = {
|
||||||
|
isNormalUser = true;
|
||||||
|
openssh.authorizedKeys.keys = [
|
||||||
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGWXk9N9GoDyvaB0mnX448IvzKKsMv0eFZKvjqmsJ3In djerun@chaos.ferrum.local"
|
||||||
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINQsu6WSAXsF45wGmw2spQUWopsgioUuFI8hKLBW/WVk djerun@chaos-noc.ferrum.local"
|
||||||
|
];
|
||||||
|
};
|
||||||
|
june = {
|
||||||
|
isNormalUser = true;
|
||||||
|
openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOqCxniUEAZAYqL5zbisFfYcQx+7iDRrMo4Pz4uWXq5b julian@01_id_ed25519" ];
|
||||||
|
};
|
||||||
|
jtbx = {
|
||||||
|
isNormalUser = true;
|
||||||
|
openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIBQgnQAq6FUSDK8bxtYPjx3oRCAKG+xy9J3Gas2ztJk jannik@Magrathea.local" ];
|
||||||
|
};
|
||||||
|
dario = {
|
||||||
|
isNormalUser = true;
|
||||||
|
openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPZtJwNPEIfNsAxBfWgxAeoKX1ajORPvs6L5S+qipJ7J dario@ccchh" ];
|
||||||
|
};
|
||||||
|
yuri = {
|
||||||
|
isNormalUser = true;
|
||||||
|
openssh.authorizedKeys.keys = [
|
||||||
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDdk3FLQRoCWxdOxg4kHcPqAu3QQOs/rY9na2Al2ilGl yuri@violet"
|
||||||
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJEvM35w+UaSpDTuaG5pGPgfHcfwscr+wSZN9Z5Jle82 yuri@kiara"
|
||||||
|
];
|
||||||
|
};
|
||||||
|
max = {
|
||||||
|
isNormalUser = true;
|
||||||
|
openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINHNGDzZqmiFUH75oq1npZTyxV0B7eSJES/29UJxTXBc max@iridium" ];
|
||||||
|
};
|
||||||
|
haegar = {
|
||||||
|
isNormalUser = true;
|
||||||
|
openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMhWTkvLI/rp6eyTemuFZRbt2xxRtal7fu668nnb/ekU haegar@aurora" ];
|
||||||
|
};
|
||||||
|
stb = {
|
||||||
|
isNormalUser = true;
|
||||||
|
openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEgVuX9phyXImxqvof+49UXhiSQ+VGizeU4LrPcZY1Hy stb@lassitu.de 20230418" ];
|
||||||
|
};
|
||||||
|
hansenerd = {
|
||||||
|
isNormalUser = true;
|
||||||
|
openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBxujzHK49IBtYKPgnTCDQEiIxgzzlQ846tmU+6TcMIi hansenerd" ];
|
||||||
|
};
|
||||||
|
echtnurich = {
|
||||||
|
isNormalUser = true;
|
||||||
|
openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOWWxkGFje1CJbZTB2Kv8hxZpvRR8qyw2IarRIHnQj3+ echtnurich" ];
|
||||||
|
};
|
||||||
|
c6ristian = {
|
||||||
|
isNormalUser = true;
|
||||||
|
openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOgfWcCrsVSXvYEssbfMOy2DnfkGSx+ZRnPLtjVNSxbf c6ristian" ];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
7
config/hosts/penpot/configuration.nix
Normal file
7
config/hosts/penpot/configuration.nix
Normal file
|
@ -0,0 +1,7 @@
|
||||||
|
{ config, pkgs, ... }:
|
||||||
|
|
||||||
|
{
|
||||||
|
networking.hostName = "penpot";
|
||||||
|
|
||||||
|
system.stateVersion = "24.05";
|
||||||
|
}
|
11
config/hosts/penpot/default.nix
Normal file
11
config/hosts/penpot/default.nix
Normal file
|
@ -0,0 +1,11 @@
|
||||||
|
{ config, pkgs, ... }:
|
||||||
|
|
||||||
|
{
|
||||||
|
imports = [
|
||||||
|
./configuration.nix
|
||||||
|
./networking.nix
|
||||||
|
./nginx.nix
|
||||||
|
./penpot.nix
|
||||||
|
./sops.nix
|
||||||
|
];
|
||||||
|
}
|
20
config/hosts/penpot/networking.nix
Normal file
20
config/hosts/penpot/networking.nix
Normal file
|
@ -0,0 +1,20 @@
|
||||||
|
{ ... }:
|
||||||
|
|
||||||
|
{
|
||||||
|
networking.interfaces.net0 = {
|
||||||
|
ipv4.addresses = [
|
||||||
|
{
|
||||||
|
address = "172.31.17.162";
|
||||||
|
prefixLength = 25;
|
||||||
|
}
|
||||||
|
];
|
||||||
|
};
|
||||||
|
networking.defaultGateway = "172.31.17.129";
|
||||||
|
networking.nameservers = [ "212.12.50.158" "192.76.134.90" ];
|
||||||
|
networking.search = [ "hamburg.ccc.de" ];
|
||||||
|
|
||||||
|
systemd.network.links."10-net0" = {
|
||||||
|
matchConfig.MACAddress = "BC:24:11:26:1C:8A";
|
||||||
|
linkConfig.Name = "net0";
|
||||||
|
};
|
||||||
|
}
|
63
config/hosts/penpot/nginx.nix
Normal file
63
config/hosts/penpot/nginx.nix
Normal file
|
@ -0,0 +1,63 @@
|
||||||
|
{ config, pkgs, ... }:
|
||||||
|
|
||||||
|
let
|
||||||
|
domain = "design.hamburg.ccc.de";
|
||||||
|
in
|
||||||
|
{
|
||||||
|
services.nginx = {
|
||||||
|
enable = true;
|
||||||
|
|
||||||
|
virtualHosts = {
|
||||||
|
"acme-${domain}" = {
|
||||||
|
default = true;
|
||||||
|
enableACME = true;
|
||||||
|
serverName = "${domain}";
|
||||||
|
|
||||||
|
listen = [
|
||||||
|
{
|
||||||
|
addr = "0.0.0.0";
|
||||||
|
port = 31820;
|
||||||
|
}
|
||||||
|
];
|
||||||
|
};
|
||||||
|
|
||||||
|
"${domain}" = {
|
||||||
|
default = true;
|
||||||
|
forceSSL = true;
|
||||||
|
useACMEHost = "${domain}";
|
||||||
|
|
||||||
|
listen = [
|
||||||
|
{
|
||||||
|
addr = "0.0.0.0";
|
||||||
|
port = 8443;
|
||||||
|
ssl = true;
|
||||||
|
proxyProtocol = true;
|
||||||
|
}
|
||||||
|
];
|
||||||
|
|
||||||
|
locations."/" = {
|
||||||
|
proxyPass = "http://127.0.0.1:9001";
|
||||||
|
};
|
||||||
|
|
||||||
|
locations."/ws/notifications" = {
|
||||||
|
proxyPass = "http://127.0.0.1:9001";
|
||||||
|
proxyWebsockets = true;
|
||||||
|
};
|
||||||
|
|
||||||
|
extraConfig = ''
|
||||||
|
# Make use of the ngx_http_realip_module to set the $remote_addr and
|
||||||
|
# $remote_port to the client address and client port, when using proxy
|
||||||
|
# protocol.
|
||||||
|
# First set our proxy protocol proxy as trusted.
|
||||||
|
set_real_ip_from 172.31.17.140;
|
||||||
|
# Then tell the realip_module to get the addreses from the proxy protocol
|
||||||
|
# header.
|
||||||
|
real_ip_header proxy_protocol;
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
networking.firewall.allowedTCPPorts = [ 8443 31820 ];
|
||||||
|
networking.firewall.allowedUDPPorts = [ 8443 ];
|
||||||
|
}
|
198
config/hosts/penpot/penpot.nix
Normal file
198
config/hosts/penpot/penpot.nix
Normal file
|
@ -0,0 +1,198 @@
|
||||||
|
# Sources used for this configuration:
|
||||||
|
# - https://github.com/penpot/penpot/blob/2.1.0/docker/images/docker-compose.yaml
|
||||||
|
# - https://raw.githubusercontent.com/penpot/penpot/2.1.0/docker/images/docker-compose.yaml
|
||||||
|
# - https://help.penpot.app/technical-guide/configuration/
|
||||||
|
# - https://medium.com/@social.iodols/managing-docker-containers-in-nixos-fbda0f666dd1
|
||||||
|
# - https://madison-technologies.com/take-your-nixos-container-config-and-shove-it/
|
||||||
|
|
||||||
|
{ config, pkgs, ... }:
|
||||||
|
|
||||||
|
let
|
||||||
|
# Flags for both frontend and backend.
|
||||||
|
# https://help.penpot.app/technical-guide/configuration/#common
|
||||||
|
# https://github.com/penpot/penpot/commit/ea7ad2aaa096f8d190d740f693f22f3ed1f05088
|
||||||
|
commonPenpotFlags = "disable-registration enable-oidc-registration disable-login-with-password enable-login-with-oidc";
|
||||||
|
penpotVersion = "2.1.3";
|
||||||
|
in
|
||||||
|
{
|
||||||
|
virtualisation.docker.enable = true;
|
||||||
|
virtualisation.oci-containers = {
|
||||||
|
backend = "docker";
|
||||||
|
containers = {
|
||||||
|
"penpot-frontend" = {
|
||||||
|
autoStart = true;
|
||||||
|
image = "docker.io/penpotapp/frontend:${penpotVersion}";
|
||||||
|
extraOptions = [ "--network=penpot" ];
|
||||||
|
ports = [ "9001:80" ];
|
||||||
|
volumes = [ "penpot_assets:/opt/data/assets" ];
|
||||||
|
dependsOn = [
|
||||||
|
"penpot-backend"
|
||||||
|
"penpot-exporter"
|
||||||
|
];
|
||||||
|
environment = {
|
||||||
|
# https://help.penpot.app/technical-guide/configuration/#frontend
|
||||||
|
# https://github.com/penpot/penpot/blob/develop/docker/images/docker-compose.yaml#L78
|
||||||
|
|
||||||
|
PENPOT_FLAGS = "${commonPenpotFlags} disable-onboarding";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
"penpot-backend" = {
|
||||||
|
autoStart = true;
|
||||||
|
image = "docker.io/penpotapp/backend:${penpotVersion}";
|
||||||
|
extraOptions = [ "--network=penpot" ];
|
||||||
|
volumes = [ "penpot_assets:/opt/data/assets" ];
|
||||||
|
dependsOn = [
|
||||||
|
"penpot-postgres"
|
||||||
|
"penpot-redis"
|
||||||
|
];
|
||||||
|
environment = {
|
||||||
|
# https://help.penpot.app/technical-guide/configuration/#backend
|
||||||
|
# https://github.com/penpot/penpot/blob/develop/docker/images/docker-compose.yaml#L112
|
||||||
|
|
||||||
|
PENPOT_FLAGS = "${commonPenpotFlags} enable-smtp";
|
||||||
|
|
||||||
|
# PENPOT_SECRET_KEY st via environmentFile.
|
||||||
|
PENPOT_TELEMETRY_ENABLED = "false";
|
||||||
|
|
||||||
|
# OpenID Connect configuration.
|
||||||
|
# https://help.penpot.app/technical-guide/configuration/#openid-connect
|
||||||
|
PENPOT_OIDC_CLIENT_ID = "penpot";
|
||||||
|
PENPOT_OIDC_BASE_URI = "https://id.hamburg.ccc.de/realms/ccchh/";
|
||||||
|
# PENPOT_OIDC_CLIENT_SECRET set via environmentFile.
|
||||||
|
PENPOT_OIDC_ROLES = "user";
|
||||||
|
PENPOT_OIDC_ROLES_ATTR = "roles";
|
||||||
|
|
||||||
|
# Database configuration.
|
||||||
|
# https://help.penpot.app/technical-guide/configuration/#database
|
||||||
|
PENPOT_DATABASE_USERNAME = "penpot";
|
||||||
|
# PENPOT_DATABASE_PASSWORD set via environmentFile.
|
||||||
|
PENPOT_DATABASE_URI = "postgresql://penpot-postgres/penpot";
|
||||||
|
|
||||||
|
# Email configuration.
|
||||||
|
# https://help.penpot.app/technical-guide/configuration/#email-(smtp)
|
||||||
|
PENPOT_SMTP_HOST = "cow.hamburg.ccc.de";
|
||||||
|
PENPOT_SMTP_PORT = "465";
|
||||||
|
PENPOT_SMTP_USERNAME = "no-reply@design.hamburg.ccc.de";
|
||||||
|
# PENPOT_SMTP_PASSWORD set via environmentFile.
|
||||||
|
PENPOT_SMTP_SSL = "true";
|
||||||
|
PENPOT_SMTP_DEFAULT_REPLY_TO = "Penpot <no-reply@design.hamburg.ccc.de>";
|
||||||
|
PENPOT_SMTP_DEFAULT_FROM = "Penpot <no-reply@design.hamburg.ccc.de>";
|
||||||
|
|
||||||
|
# Storage
|
||||||
|
# https://help.penpot.app/technical-guide/configuration/#storage
|
||||||
|
PENPOT_ASSETS_STORAGE_BACKEND = "assets-fs";
|
||||||
|
PENPOT_STORAGE_ASSETS_FS_DIRECTORY = "/opt/data/assets";
|
||||||
|
|
||||||
|
# Redis
|
||||||
|
# https://help.penpot.app/technical-guide/configuration/#redis
|
||||||
|
PENPOT_REDIS_URI = "redis://penpot-redis/0";
|
||||||
|
|
||||||
|
PENPOT_PUBLIC_URI = "https://design.hamburg.ccc.de";
|
||||||
|
};
|
||||||
|
environmentFiles = [ "/run/secrets/penpot_backend_environment_file" ];
|
||||||
|
};
|
||||||
|
|
||||||
|
"penpot-exporter" = {
|
||||||
|
autoStart = true;
|
||||||
|
image = "docker.io/penpotapp/exporter:${penpotVersion}";
|
||||||
|
extraOptions = [ "--network=penpot" ];
|
||||||
|
environment = {
|
||||||
|
# https://help.penpot.app/technical-guide/configuration/#exporter
|
||||||
|
# https://github.com/penpot/penpot/blob/develop/docker/images/docker-compose.yaml#L221
|
||||||
|
PENPOT_PUBLIC_URI = "http://penpot-frontend";
|
||||||
|
PENPOT_REDIS_URI = "redis://penpot-redis/0";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
"penpot-postgres" = {
|
||||||
|
autoStart = true;
|
||||||
|
image = "docker.io/library/postgres:15";
|
||||||
|
extraOptions = [ "--stop-signal=SIGINT" "--network=penpot" ];
|
||||||
|
volumes = [ "penpot_postgres_v15:/var/lib/postgresql/data" ];
|
||||||
|
environment = {
|
||||||
|
# https://github.com/penpot/penpot/blob/develop/docker/images/docker-compose.yaml#L240
|
||||||
|
|
||||||
|
POSTGRES_INITDB_ARGS = "--data-checksums";
|
||||||
|
POSTGRES_DB = "penpot";
|
||||||
|
POSTGRES_USER = "penpot";
|
||||||
|
# POSTGRES_PASSWORD set via environmentFile.
|
||||||
|
};
|
||||||
|
environmentFiles = [ "/run/secrets/penpot_postgres_environment_file" ];
|
||||||
|
};
|
||||||
|
|
||||||
|
"penpot-redis" = {
|
||||||
|
autoStart = true;
|
||||||
|
image = "docker.io/library/redis:7";
|
||||||
|
extraOptions = [ "--network=penpot" ];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
# Docker networks.
|
||||||
|
systemd.services."docker-network-penpot" = {
|
||||||
|
serviceConfig = {
|
||||||
|
Type = "oneshot";
|
||||||
|
RemainAfterExit = true;
|
||||||
|
ExecStop = "${pkgs.docker}/bin/docker network rm -f penpot";
|
||||||
|
};
|
||||||
|
script = "${pkgs.docker}/bin/docker network inspect penpot || ${pkgs.docker}/bin/docker network create penpot";
|
||||||
|
requiredBy = [
|
||||||
|
"docker-penpot-frontend.service"
|
||||||
|
"docker-penpot-backend.service"
|
||||||
|
"docker-penpot-exporter.service"
|
||||||
|
"docker-penpot-postgres.service"
|
||||||
|
"docker-penpot-redis.service"
|
||||||
|
];
|
||||||
|
before = [
|
||||||
|
"docker-penpot-frontend.service"
|
||||||
|
"docker-penpot-backend.service"
|
||||||
|
"docker-penpot-exporter.service"
|
||||||
|
"docker-penpot-postgres.service"
|
||||||
|
"docker-penpot-redis.service"
|
||||||
|
];
|
||||||
|
};
|
||||||
|
|
||||||
|
# Pull docker images prior to starting container services, so that a container
|
||||||
|
# service isn't considered up, if it actually is still just pulling the
|
||||||
|
# relevant image.
|
||||||
|
systemd.services."docker-images-penpot" = {
|
||||||
|
serviceConfig = {
|
||||||
|
Type = "oneshot";
|
||||||
|
RemainAfterExit = true;
|
||||||
|
};
|
||||||
|
script = ''
|
||||||
|
${pkgs.docker}/bin/docker pull ${config.virtualisation.oci-containers.containers."penpot-frontend".image}
|
||||||
|
${pkgs.docker}/bin/docker pull ${config.virtualisation.oci-containers.containers."penpot-backend".image}
|
||||||
|
${pkgs.docker}/bin/docker pull ${config.virtualisation.oci-containers.containers."penpot-exporter".image}
|
||||||
|
${pkgs.docker}/bin/docker pull ${config.virtualisation.oci-containers.containers."penpot-postgres".image}
|
||||||
|
${pkgs.docker}/bin/docker pull ${config.virtualisation.oci-containers.containers."penpot-redis".image}
|
||||||
|
'';
|
||||||
|
requiredBy = [
|
||||||
|
"docker-penpot-frontend.service"
|
||||||
|
"docker-penpot-backend.service"
|
||||||
|
"docker-penpot-exporter.service"
|
||||||
|
"docker-penpot-postgres.service"
|
||||||
|
"docker-penpot-redis.service"
|
||||||
|
];
|
||||||
|
before = [
|
||||||
|
"docker-penpot-frontend.service"
|
||||||
|
"docker-penpot-backend.service"
|
||||||
|
"docker-penpot-exporter.service"
|
||||||
|
"docker-penpot-postgres.service"
|
||||||
|
"docker-penpot-redis.service"
|
||||||
|
];
|
||||||
|
};
|
||||||
|
|
||||||
|
sops.secrets."penpot_backend_environment_file" = {
|
||||||
|
mode = "0440";
|
||||||
|
owner = "root";
|
||||||
|
group = "root";
|
||||||
|
};
|
||||||
|
|
||||||
|
sops.secrets."penpot_postgres_environment_file" = {
|
||||||
|
mode = "0440";
|
||||||
|
owner = "root";
|
||||||
|
group = "root";
|
||||||
|
};
|
||||||
|
}
|
234
config/hosts/penpot/secrets.yaml
Normal file
234
config/hosts/penpot/secrets.yaml
Normal file
|
@ -0,0 +1,234 @@
|
||||||
|
penpot_backend_environment_file: ENC[AES256_GCM,data:+MJbbAjzslBIYlQ9xe0VzM8ON2U5dktJGGHmoUu0HW0mvU4pRYrQXlWdW85RXAyYU9yOiL6TNAHOWUQyqOdo23whuer2jL/Qe17DEhapE4b9W9JqBX7H0VZZKHS70AgGZdWmbj/bWAROg/qGPVKjZLhgKxoVTVbvAIJEXUDAbGfvHlY3BP67yUTXvbmtd/Rdhn6i1HafY7YHFNAW8SkikglW6wR5igEZMFAefMOMgq7aYmNXOr1bImjCPEko0DvumJZM4YMjmb3Wc97wL7OMP9G/V0k9fRclhOj9+lNpeeCKL+VL3Bgo8vqgrB+WIi4a0EwerT8srx351txrU+ITxoHciRQtOpeXVHWL1snW9o7xCoOcil0NS93D9GhW+Hd75Is/xHN08UHmahF1r71nbDK4CmSiUzZzFLl1oWkSTU/31zBUnllHOt5nDMKT42xiniAJcQ==,iv:vtIlNGIh9+e9W+OebTac+UUQp9glBIolC6KQwQMzDn4=,tag:kBBTu7LVp+3xJ/MstLyomw==,type:str]
|
||||||
|
penpot_postgres_environment_file: ENC[AES256_GCM,data:VT36kHkRH8ghnU1oyPpAQZW2LR8GNmG1cQXVjU4f+rGy9hViTivd7qxzMusisy7IcWfVaQuXFvUCT+pCMD/fhSAQZOY/1Rs8LBXJtsuPButOG9Q=,iv:pUjAkvvHjsnzn0xRRmdZXatOgLm9dx8Ggt7lEfiQllQ=,tag:FZRqlcxQWu/FgnJfoukIcA==,type:str]
|
||||||
|
sops:
|
||||||
|
kms: []
|
||||||
|
gcp_kms: []
|
||||||
|
azure_kv: []
|
||||||
|
hc_vault: []
|
||||||
|
age:
|
||||||
|
- recipient: age10ku5rphtsf2lcxg78za7f2dad5cx5x9urgkce0d7tyqwq2enva9sqf7g8r
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBiZVA5WE9JcDBOQVdPbGkz
|
||||||
|
SnNkWEJvaUtGaWVOajd6SzJ6aGNxSXZQaVhnCmgwT01kNFRZa09Gd1o2ZURyZUJQ
|
||||||
|
N0dwK21vUmk1N1duOVNtV2wrVmlyNDQKLS0tIEJtUENHdXhGcXhRRjM5VkhpdEVG
|
||||||
|
Z3UzOGFFUDhwUndoQWtCdHlMenZETW8KI0FjoFG4E1fhOxYiCIxY2BnLOmGcpoyK
|
||||||
|
EbDdNFQEMngwppEm9r1KzG/1cGMoIij2qpmK4Jz1Hzgk/6dZwvGxzw==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
lastmodified: "2024-08-10T15:40:27Z"
|
||||||
|
mac: ENC[AES256_GCM,data:hxVxH/BBwYcvbtOH4aOUnI9NnbCfAGnnwE3VQBJBJliOWo9WHm/hx4Eol4vaS+AA2t6AUU7UmzjofX2wSTbqQliDCFCSgbpMofDXP7tmlat+M9Du91fQmfOibzCd84tkqS+TRTFCFX83LmQ7/Bb2mHl77uGVAFYyHX9+IPPEUMw=,iv:w2Rdl2+o7bZRQsOogU6U5DK1UuHn+bL4Ouh3XbByYHA=,tag:6sqJal6+kzk0stP6vK6oOw==,type:str]
|
||||||
|
pgp:
|
||||||
|
- created_at: "2024-08-09T01:28:41Z"
|
||||||
|
enc: |-
|
||||||
|
-----BEGIN PGP MESSAGE-----
|
||||||
|
|
||||||
|
hQIMAxK/JaB2/SdtAQ/+JKe4fsuAKMJr6kuDt5vjv+hrXamWEwRLBfYPHHZHEUeK
|
||||||
|
AQBs9fG9Ni7Qpelv8RIbxWyophgt2TCEqP2d+7EcGTgDZkdLxx5s2LJuCh+tEZwT
|
||||||
|
bm0sPt+8eYY077MxA1ZtlBgkslMugvdnJaDckGc8xRPldUa7gRp0j3yaLULRxjA6
|
||||||
|
T0nyALAqAaDa2uHgB7mTB3pXJYk4GxZpYbVc+wxAWXEDRLR/bpT18ywAcA6iSerd
|
||||||
|
KGDzWKjgOr1TTJqUxsguqDjnVp1c+xRPirC9uENGqW8mxI7h1+4B//dJvuXV/cYh
|
||||||
|
LKi0aDUTnma78mo2v9faUSJl23LkIehWZwbVG/+Mpkk3yxscLV124Vbwj56IFCzI
|
||||||
|
AiJ7m2QVxY5eXoVLodw6Po2S62gkwg7H5Aw3J4pppNuIAIr/8mJBpJoBy6poTsG3
|
||||||
|
QhbQdEdsF5ikoLu/OV/H7mp86zJt42Q+74xGjKYx/qvLq6SDmDA03kqk9N71URyu
|
||||||
|
FRTEDysEkeAzreFFkxn3Q+K/cXvtv/2Knte1lmDTfpmhg4cFwsLPLPH37A2veaxJ
|
||||||
|
JTyWDLHgrJ8NFgii3gLrwj+XLOZOwmCY0puJKtdAnPaaQiLfyqYfeLVlt7Se4MMJ
|
||||||
|
8XaFWcaQHBxL9nRZnx7WkE9LfHIG0e+414hT0F/aER+8iKboIbt6rdEHpEMGDWnU
|
||||||
|
aAEJAhD/TpW7E+yYjFVi/xSQ3kCAruHcm6x4BDTE7by0VeTLiRFW+culxiInOYiD
|
||||||
|
kdp+dATm5f7IrQp/qemL02/Me5yqURZlZrDHra7AiCI+MVBJiCRIY/x6xZSew7PX
|
||||||
|
HC+p9sB+PBFL
|
||||||
|
=1qbt
|
||||||
|
-----END PGP MESSAGE-----
|
||||||
|
fp: EF643F59E008414882232C78FFA8331EEB7D6B70
|
||||||
|
- created_at: "2024-08-09T01:28:41Z"
|
||||||
|
enc: |-
|
||||||
|
-----BEGIN PGP MESSAGE-----
|
||||||
|
|
||||||
|
hQIMA6EyPtWBEI+2AQ/+Ijn18W+K2je/hpolpY6HmQMTTRpQJZ8YtJ5G35o5WoVP
|
||||||
|
hH+znQMrBBAtnTWeFBeIuIzk4CHjPS0yfnsE4/rP7/lSa177A2xaeiCb74F6k/Es
|
||||||
|
MtDE/TApSlNdPFruN5nkd2I8jAWh1k37nS+/NUhszReR39NNmgA+aCSc2OK04aAz
|
||||||
|
dpPXmaJ+d3zMr7eFoL2NyhNI3A/ZdVP3UmZCp12juckDRl8oeei4PBlw2T6ODJP4
|
||||||
|
tY08I9EyK/5K4auhYJyvayl1RWwRuShFV732ZjztkawLw152W0Rrg75Qoukhs9mr
|
||||||
|
TdyF0zcnVxAcOV4e5wRe13dDV6Ue7zeWFc9bb577thGzUm2Oue0u+oisty16qt9K
|
||||||
|
0vw0tVSDtT/suodG8HpvSwGQ+/xcV7w8XCH8Yx28N9iO49VZCB1ZYXQBxTHVDl2b
|
||||||
|
J/8AivaK4OOFvPWNr4u6oLaO9nz1aaX6Qsap5zn0Qa2Ls2SSBwWk2Fp/f1dq3KOy
|
||||||
|
/jGR89ocuEuImVacr2G6zxPnbukfa4S8q/FUUDbswQUqmWMcDDq3dOQ1fFPRd7vy
|
||||||
|
5a9u3P8LFW+ZPPHop3kgozgZ9pBGDOlw3nkjGjFl39lE33E+049gLE6I6+1+umG0
|
||||||
|
EWkNI9y8X+HmHMthVuYapq23Ix09H6Wa452hZmEUxNgp33M8Zx+l3s6D7o7jfrjS
|
||||||
|
XgElPJuUWyGKPoUY9mFaINyVqjOJGEtEOYRP7jvCpFWDq/xQ8jbJvvv7qBy8+i0b
|
||||||
|
cpqRrMJrvMB2PSLeD6cNWymrNhKilLLFOcG9yaIEudDhiuv3L4/ub08QMroDmo8=
|
||||||
|
=80AM
|
||||||
|
-----END PGP MESSAGE-----
|
||||||
|
fp: F155144FC925A1BEA1F8A2C59A2A4CD59BFDC5EC
|
||||||
|
- created_at: "2024-08-09T01:28:41Z"
|
||||||
|
enc: |-
|
||||||
|
-----BEGIN PGP MESSAGE-----
|
||||||
|
|
||||||
|
hQIMAz5uSgHG2iMJAQ//Vv7IVqc9ReeFgo8RWbYpl1W5atAHerZuUh0oYc4otGpb
|
||||||
|
UseJ2JInyykcUeQWlOGvTK+eauBVNET0E/6jylCoWb8lzffhSMJ4FFpvpsoYjPG9
|
||||||
|
Q8s3r8soOCYB0xscfhinZwJg5to+I2MSd8mppWIp4UCQhxv7MqQpbqEzNTfVP7YO
|
||||||
|
QEUZ/lesVovLvxMzKc2YVWyZFSW2G6HK3LTaJIg8gy5ym/crlUB+awd2ZDePGk6F
|
||||||
|
Y7DcKwL1EpCL+hoPWGF9PclYKrOBIZVznYQuwHAqG+Bxr9Ln/NmS/OoCrJDMN6gG
|
||||||
|
2YMZ3Q7GQ82zZESxYA7g+ef9/lGCm7DIkt80or72x7eS6/OP7c1bjGFgKLQNyHFU
|
||||||
|
Th6cOy/TzK8Sq2g1mWB2zyV3xk6mb9C0ETAFD5vvPGVC3Sb4549Y+epe1T3ZLFTA
|
||||||
|
t09nUIpTC05PEdGsWs5Z5MDp8ZCsPZpipbVrWENesNOfaFYG+p7aM0LjgTqZcadD
|
||||||
|
B/Foejayc3XYI0T/NoP43mAZ2nEOw2Bz9lBpwz0PeTfzyrhz9XlJ7Dw462XTFA3i
|
||||||
|
voTHA5+DzGNPf6zC1fH9GcESmpC2nqXit8ZV+Y7Zb9/cAsx3E05S8ayxdBZUrOtJ
|
||||||
|
JSWGOAfPuzGXgL6Ht3iKcmCxQ/pSi1aH0h+bYqlrxTvP9IMyNCrxmP6+YsXCv8XS
|
||||||
|
XgE0NjzRMClq4/HhQ5X0ANGHWxbZJLAbm8yfgK5rnnmvi53RNJhRUHDnNca93brF
|
||||||
|
n27gnVLKM+2FdwRjwNIznkbZV/iNM6zIfRWwmJs9gHRuX/J/XWzD1KjDsn2rmiQ=
|
||||||
|
=bAYZ
|
||||||
|
-----END PGP MESSAGE-----
|
||||||
|
fp: 18DFCE01456DAB52EA38A6584EDC64F35FA1D6A5
|
||||||
|
- created_at: "2024-08-09T01:28:41Z"
|
||||||
|
enc: |-
|
||||||
|
-----BEGIN PGP MESSAGE-----
|
||||||
|
|
||||||
|
hQIMAw5vwmoEJHQ1ARAAkdXjf9h4iyYtKPwR9V8hgIfpt3s3zMduuJN3u76ZHdfE
|
||||||
|
87t5K8eL2yIVN2DeOqtXRG28Broy3LLwMlLOJhxVxS5LAOEjT4ScZyb9H7MLnDsp
|
||||||
|
boW210SLkeQ5vTW9hgjAU9V6wbemxoiNPYTcBUsuirI8a+jpnALLY0jeOILBEmHQ
|
||||||
|
c+wbeo+VnlTQkTKCFI7TwlG1JnRnv3DMATVkOjC2PXmXPNkhr04Ivvf0+yBELY/1
|
||||||
|
hLirTfk/W6vFodPaoaRaeWjGJOo+FbqKLxr2xYzVu6SkF+i4CvDPb1x0t/laTpPA
|
||||||
|
qC6KJ1wyVwG4k7ZBLgRcf5Scn1zgGFzZexUAhdIYp0tKPycphUQxEMOI8/OeBP1V
|
||||||
|
68gBcilvv42zs+ed2RUK4j1e9YklxazZgaUhPfdrBrw/HiDJ8ILaq6LQQZSNrxZx
|
||||||
|
koAV/qw8ylU7vkciyA8bGLOiWc/Ub9vkRSuEi5TMOhmT7bVZ+W/26bWgDcAMmCpa
|
||||||
|
13H1uLXLuHnfDavdesh+RAxRgEavPTMz+HFbqhvkv8sy0RPCodyJv69J7dsS7a2C
|
||||||
|
71Ub7jyZIQyRtTGGZH5EjMQVStBMccE2KrJRzZCKbCmQDofKb4M67caaHBnVrs7D
|
||||||
|
vyx8V7JQGkNOWIgWFb23dtCtRiMzFaRk31mihFmFF2tSgg6XMqNmTp0pc3zQBarS
|
||||||
|
XgFZKRlYE7H1tMUCDwyKB7G3r1jsxBlUSbH1J6XjUBWKkTD4iMHI/4YStvghLjm2
|
||||||
|
0qqgKH/Njd9xBXc3x4Ut7kh8tFMMa07xF7/V0Pgwq+7J7EgckEfKHKA5vcQt17Q=
|
||||||
|
=23io
|
||||||
|
-----END PGP MESSAGE-----
|
||||||
|
fp: 87AB00D45D37C9E9167B5A5A333448678B60E505
|
||||||
|
- created_at: "2024-08-09T01:28:41Z"
|
||||||
|
enc: |-
|
||||||
|
-----BEGIN PGP MESSAGE-----
|
||||||
|
|
||||||
|
hQIMA4HMJd/cQYrVAQ//RH/jOrYE9MD9IjkUfsQZ79rjEwDdtmsXs+gS/XUr0MpI
|
||||||
|
f/aDyw/vfvD7ZgY86yqp68x0OQLIyRIx9O05FNB3giVN4YFvZpFblLotpMzCFa2d
|
||||||
|
5xKLIQ1oviDSnE0kKpNM+QKITKjCxyke7MgW/laXvF0zMaVdPj0qo3Zn07MUKULs
|
||||||
|
btxZgPhzwWLjveZGn+72QiBGTF0ce49TWoh6y/l7PDsXhojau2KP556hI3rp/nC0
|
||||||
|
PunbLVRntpz+bOoyOk+xvKen+8b/Vwp+GYA2NBDbZSEY9H3YF5ugZBR/jUc8da7D
|
||||||
|
9EBA35udmQVKtD2XZrIyfhETC1eqLXORo0JKld5oC03JPkqvV+QpMF+8JBjXe1Cy
|
||||||
|
qI4pBmdhTJYFoJHpvMH7eC4CWgZZRMD5mB2nk1hYd9oIiYUPABfdeGxKiFnC8zHH
|
||||||
|
cEY3jgGzetZTxnpk2mxZvFMMwFqyOJA2PnwMTv3IraARkFrLxGzUIG4uOjo+l2fp
|
||||||
|
igOKsw9p46RR1gkuKF4u3yB3/1RloDyqGCU1/n4BCWy5/UkjSQpWKShZt3qMd2G2
|
||||||
|
A6si2zgSHIQ+ubR7MPB3Q3U/Rnw7pSbTbdDc73pZ2SPZfUuJplPSDUvXICGlj8cO
|
||||||
|
jO8s926qp4X9C4mi5um6EX5nLG+pfuKowIBdB2HWmxu2idwyrmNdlIgAcWcteazS
|
||||||
|
XgF9W6THXau4lEmrBqWEiC0K/9NA0cDJqRdvj6wqZ/OIAo86q3yRlm8yY8U7D00j
|
||||||
|
wNS8WSHq+EX0K9LpwQiHAJoxNXABEx/DbRqVeuLn2FaCocZigbvu3k/pePuOsK0=
|
||||||
|
=ZLl2
|
||||||
|
-----END PGP MESSAGE-----
|
||||||
|
fp: 91213ABAA73B0B73D3C02B5B4E5F372D17BBE67C
|
||||||
|
- created_at: "2024-08-09T01:28:41Z"
|
||||||
|
enc: |-
|
||||||
|
-----BEGIN PGP MESSAGE-----
|
||||||
|
|
||||||
|
hQIMAxjNhCKPP69fAQ//dCKpiens8kqp+I9HtwP2CQOVMLLAle1VYB7pJ5pfcyzI
|
||||||
|
/3tAmwcxBmg+jhkFiqheBQYV2yNmBMHc5ulx+MxSDKd9mzCTavlGlE+intPjON8k
|
||||||
|
sis68RnU5OFsnGVXSmJji1vN37cCY4jHkf2vYzz6HJ6FLPrda/W3ZfXI+ZnOCao5
|
||||||
|
wGYrqPcYUj+7gnN1S42HM492oqeCNLcENDvegf8AxtBEgfp7UQ0V3ZC0wZEYhz0V
|
||||||
|
p9bdivFoEZ3Zo0sJTWKj3Df3IA5T6c4dbSPj8r7IZ5iNDguKAjvegXujco7pow51
|
||||||
|
fNNJB02hnYHLMRAbeRqaWyJ7qUQSWbQEgb8NuonspnXnajKc/OddgoTN91gTRgMb
|
||||||
|
op2T3HOFv3lKZPA/xIeDZpIm6GqOW6eJLjqiLP39VGvvNRYg+zxhNg/ZBVkFuSAf
|
||||||
|
U5uDPUyIAr10zdm7NqJKL8wKRbQzBg5OYovrXqSl96+KNenJqbMNv1N7kfSF6FuF
|
||||||
|
x8joEDXIaBSwINE4oXD5SN7Z5L2SuuMJ2nvuXFmmXKerRlrBiGsBzUVMt1bGqKEU
|
||||||
|
KoAAwbInZ9SprSxqJ1EkSVXpNGnFFNlbBB1j2u9BoGygOkVM4ZxIS19DBDLG0Tls
|
||||||
|
Fq6GI5d3axcf7t024UmwcU9yaP1BzrV0bDvDg3X+Azuo5JqpT3pSUvqv+Sy1C3nS
|
||||||
|
XgHK1C7XTOfcvmcxJ1f++xELwRkgNo1OqSG3cIZ8i1tKZFKTyYCiNHa/ajSr+wER
|
||||||
|
4phM7Tdr6ubjLkqvDkMeXvtiGyUoAvbtLC0wqSaE8sEZ28eFGEAaECV/uOW81X0=
|
||||||
|
=0jv9
|
||||||
|
-----END PGP MESSAGE-----
|
||||||
|
fp: F38C9D4228FC6F674E322D9C3326D914EB9B8F55
|
||||||
|
- created_at: "2024-08-09T01:28:41Z"
|
||||||
|
enc: |-
|
||||||
|
-----BEGIN PGP MESSAGE-----
|
||||||
|
|
||||||
|
hQIMA1Hthzn+T1OoAQ/9GTEI65w8icqppqTuvQD50vaR+lCY1NjWT0HekgvNuCLV
|
||||||
|
4gL1cYv7tJ5UU6jOnREoScamWnUTYf/sLINIfa+FgvH+apswQeQCFrdCb8/61/Xc
|
||||||
|
3hsJ8gwmguP1zJabKFI6/Yo3vPPa+kpj0Am6M7dUUxEKw4Lqy6Hc32O6ULNJOvdo
|
||||||
|
56oqr6KoemrpU0TzqkKTpgAZaQjFfVzPWfC8moUL1pvxrHm7rqDPiYcl7fZP3JFD
|
||||||
|
gQMZokH205u1elxiFxuQGtW8jbeBqCZUm1UorEgD2EJYEPfyphIaHaQnCpW8zXkI
|
||||||
|
gt9QT3cqJpGJAobCPbh6vKPtbGPEqZOzOaCMFl07pkOSGPAVGMVfV+FdsfszPYY6
|
||||||
|
Rqsk7zlCFv/iNFWKpkdfI66JLvhmgNwXRv+rkYzH3QrQikjLmAeTzyL69SPujgDK
|
||||||
|
qXBRZiAPwEDScr2Qcum36jDVrT3jRfC1opzwpRxM2ompJ0F6caBPNVjY10BScl7Y
|
||||||
|
RWVmkFrPL9MdEelFLscG17K+y5S/50sLcU+sGbMkmPsmizA0boK5XBXJz3cTadYy
|
||||||
|
Asr2b4aWTqBS5iW1vbWIGJVrUUk3U1S4fFaSvsL3I6O0E+sOB3eEEpQZqpF9Genr
|
||||||
|
hCE8GVE5yQWb3YYK0ZA7j4u+dwA+QfRIuQuMWFoRKp8oqEitjjix3je2R3u8/ILS
|
||||||
|
XgFcAp8Jh+VbnQg/pq92u3dX6afGv6nENpMVPn73yob+sfE5xUFEfEzE1E1WCWdR
|
||||||
|
HiLZVOgpVOYmo2s8/UW60hLNBULpqyf6ZTQsr7IqaGw4g+Ew116cwDawywRSJMg=
|
||||||
|
=T0nI
|
||||||
|
-----END PGP MESSAGE-----
|
||||||
|
fp: 5DA93D5C9D7320E1BD3522C79C78172B3551C9FD
|
||||||
|
- created_at: "2024-08-09T01:28:41Z"
|
||||||
|
enc: |-
|
||||||
|
-----BEGIN PGP MESSAGE-----
|
||||||
|
|
||||||
|
hQIMA46L6MuPqfJqARAApsnPRzTCIkbKT6jaVHixgP6wyCjfVmvgb0NnMrN2Ygup
|
||||||
|
pafb6GNWoFq9WdiSqwFIJPZlZxJFiIgSxplDI63Wj1MgfvQBEnKUQvnvR+UtnB22
|
||||||
|
bGr9mIrq/wKgslhPLFB0qT81RK/GqJKvRNpI3trGmB1pBnDdb5jiFeDHStv41XrP
|
||||||
|
hezAvmDGBKlM74fehu0pKOanIspyvFAjs31NULSHGJGzBxyM6OGcg/XLt9ea6bI5
|
||||||
|
jHwu3+M/7nixjtaIdCtEFPv/Mdimq9p64+c6AvbEVikUH/omRebRFIRrJCotYENT
|
||||||
|
ak6/2F+Fze2cof6pJPaq1KTF7LQHi1ZaQ/N+YNDsMJIYYuX3lVg/ClEjeo5k1HJ4
|
||||||
|
Jc+ul2KF/dAh8UsJPIdhJDlxIPdnof7xBLax1xmOQTHpqsfhZe5BP/0KMeeXzG6s
|
||||||
|
TlozMaCY0ok4JiQmiJcs+TjHX+uiiih6Wi756v7qwpCk5u3/BM+veHB/slD5Xezn
|
||||||
|
KmuHzwcbaP1n5JlOtv1PLAPfqX9EDsAVr2xhYTBISZiIKXyfagUWzPNX6toYtBfV
|
||||||
|
cQ/m9nfc5/STna7XGucnKkYFG5U2a+olIqCcbbNkN4NcW5ly0M5g1VW3oh02NO8r
|
||||||
|
A/4aU8ECj+79XXx0XCuVojnkGdTT3SQex7bkV2stBpuc5xfESbuOMWXgK0qZrYrS
|
||||||
|
XgEfX0ySVVrCxhtJgsQvZl0zrOwIttomV6hlQgo+n23HNPwjEf4nf1p2sje0uPvb
|
||||||
|
bPC7u5y1eDdy5E0XyWkAg4hxPLg7yOj7ET84Bg9S3NE8cE0nM50qL0N6aCAb4II=
|
||||||
|
=Is94
|
||||||
|
-----END PGP MESSAGE-----
|
||||||
|
fp: 8996B62CBD159DCADD3B6DC08BB33A8ABCF7BC4A
|
||||||
|
- created_at: "2024-08-09T01:28:41Z"
|
||||||
|
enc: |-
|
||||||
|
-----BEGIN PGP MESSAGE-----
|
||||||
|
|
||||||
|
hQIMA4EEKdYEzV0pAQ/7Bx/s7WlB9TE30vyqVWw6H4DoZS8s03Z21tDAtrUEK+k5
|
||||||
|
QtMPvAIE0SG4lXersM3L6VMmhvPQlwZf+zSzBnO0J5vacvMG8dch4/ZH7YTM0VX6
|
||||||
|
T0Ix9ScamEI8J5Fr1LAeBoqtTa8n1/3N2ILBVPRTTX5Wu4lSUw/voeePXAYxSSMv
|
||||||
|
9vzrxJNcRgzbd/8Fbo3i2vzn4GvrP1JzsprLrUMVFaek5khD0hRDJMM0IhBWFRRh
|
||||||
|
L241zX/IBZDQVz0x1QVUBFmkoUjyNn94CTezTmGvqCXfkLRmcKzTZXd0dhORBPFa
|
||||||
|
LygVSLdor0v5ru70rMds6YN5WvqbmG7KUY8M3gcVXutvID58vw6ZE83T8ZAYj9S5
|
||||||
|
r9hXegeb2e03tCvSrHmQFf37+298/E8/kBrBQgoevnHmm3p0yN3ZbrWLIRhbx2iF
|
||||||
|
NzL5s17PnGzmuSigoZERsN2Flx2fzUbtwVDP3AyLVpQ7NoqTZkJTcGQuvkYawnEa
|
||||||
|
3RxUQySR+a7bED38wJ6zEpVg10ye7c8mVkzQnda1Qp3lnPZxz+1qg1n25I9hjNO6
|
||||||
|
X1E8gtXx2EcwaoWcPO0W/sNBwE09SCM68KWSykwOLvZb5tq/HnhrwSisps5sAg9V
|
||||||
|
Z1c0OCwgJvYoTY46rqk7scN9YkE16LDCtAzgppZerli179E/f/7O3d59CA1mCEXS
|
||||||
|
XgHbdM2nxaBPCPgXXNRVq13R8JXiOokuxUZofwl6FaG8A6yc9z5F4Ygr/KKDeT0i
|
||||||
|
YMBezxQtQ5uKY0jIx5g2r6aSdly3QPNKiFS/rxDCrmtaBqw+OvhvLrnCn6IaRVY=
|
||||||
|
=XAoN
|
||||||
|
-----END PGP MESSAGE-----
|
||||||
|
fp: 9DFA033E3DAEBAD7FDD71B056C7AAA54BE05F7BA
|
||||||
|
- created_at: "2024-08-09T01:28:41Z"
|
||||||
|
enc: |-
|
||||||
|
-----BEGIN PGP MESSAGE-----
|
||||||
|
|
||||||
|
hF4DQrf1tCqiJxoSAQdAFvRDMKG3Vjs98kRqcs4ep+bYoUcBHbMA7WgzI7CcaGQw
|
||||||
|
FjdmSwvWaHJZQGEbGk4uDHKPHqXRD3HnD9d75Azu2HXnCA29aU2c0zn0PziIi7Aa
|
||||||
|
0l4BbcavPKNBkZpJNgW0uII7xMYJWJ/9vStTxXG/WzNia6nk/Cv7PMJW7EwIeUga
|
||||||
|
+PWB4yGfPXgqJGnJj0H1EdCVPrM/+f19GcFxNKKzkGaKTyVTW9NxntlsFl1vbmRx
|
||||||
|
=YRc6
|
||||||
|
-----END PGP MESSAGE-----
|
||||||
|
fp: B71138A6A8964A3C3B8899857B4F70C356765BAB
|
||||||
|
- created_at: "2024-08-09T01:28:41Z"
|
||||||
|
enc: |-
|
||||||
|
-----BEGIN PGP MESSAGE-----
|
||||||
|
|
||||||
|
hQIMAzdAjw8ldn6CAQ/5ARLA8sAZHMwNhHJycVof+ZergR58hXCBjbIy5zgyAwYU
|
||||||
|
IJ5OwhTpWqniZjt0b9pvlzU4JO1k73B1WrF7mAYEOKET32GPVatrQ64yInQbORSZ
|
||||||
|
zNQgX3aQ8tEtyBsKAWqwqRjOaP6Plee6G0RCksJBAkjIZik0diTOBwi+ZhgYSRLE
|
||||||
|
G1NAETqMKkLleYQbUWCFNveJOd/7pfhE4xhAEaSxL3dgXNPV2TOngvjCqMXvz0K2
|
||||||
|
hEz6OYC8idpmAJv+S+HOaZbKV+giCopsPyFnbeu8jf1UpbsBRbHPnLOO6lLby2gf
|
||||||
|
2P9MhwSeMjjCZFX/ys8vHQ2jUwXK8jfW3xfVie4hVJgh6vO+uHcomjnk2b+34SRk
|
||||||
|
7ttoozLbMFxwrcP9trV0TgT2uzjFCe4fHccpY1VLTCX/O0eYtlhDhur0Wojp1z9v
|
||||||
|
h5mcqySEtJfHXJbTXkgMA2+QSyUaTTfvZ6oJqX3yAoq5eIzC0CcF+IMa6NS1XkY0
|
||||||
|
TNd3FEhwe7TvKGCy/3bJx6jMUnhT71r6KW/w7RVIHgdp1hfUS9JBhxVB+agQVyRv
|
||||||
|
+HBmvWHqUdwnFzotGRzLU1g6soWa+fRVQQ80qAi1U8e+u9IX3EG0KoIXLjpkvXxK
|
||||||
|
y520NcOdN4wR0xILPP/+47QDN+kM6lunm/EMgrff4YDE8J83qMhH2IP5s/tV023S
|
||||||
|
XgH1hiB0U4SYt0Rp6OGDV+CjBCFaCkPPlync/SVuXddfLC1owGlY9L3jwu7j2PR7
|
||||||
|
jy2jPPTWrOvT0wZKEh4k501LRb0n6LGqW6gDTgOnZKNg2iQ6jybv2HeyyExYllg=
|
||||||
|
=1o5H
|
||||||
|
-----END PGP MESSAGE-----
|
||||||
|
fp: 3D70F61E07F64EC4E4EF417BEFCD9D20F58784EF
|
||||||
|
unencrypted_suffix: _unencrypted
|
||||||
|
version: 3.8.1
|
7
config/hosts/penpot/sops.nix
Normal file
7
config/hosts/penpot/sops.nix
Normal file
|
@ -0,0 +1,7 @@
|
||||||
|
{ ... }:
|
||||||
|
|
||||||
|
{
|
||||||
|
sops = {
|
||||||
|
defaultSopsFile = ./secrets.yaml;
|
||||||
|
};
|
||||||
|
}
|
|
@ -1,7 +1,10 @@
|
||||||
{ ... }:
|
{ ... }:
|
||||||
|
|
||||||
{
|
{
|
||||||
networking.hostName = "ptouch-print-server";
|
networking = {
|
||||||
|
hostName = "ptouch-print-server";
|
||||||
|
domain = "z9.ccchh.net";
|
||||||
|
};
|
||||||
|
|
||||||
system.stateVersion = "23.11";
|
system.stateVersion = "23.11";
|
||||||
}
|
}
|
||||||
|
|
|
@ -11,9 +11,7 @@
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
defaultGateway = "10.31.208.1";
|
defaultGateway = "10.31.208.1";
|
||||||
nameservers = [
|
nameservers = [ "10.31.208.1" ];
|
||||||
"10.31.208.1"
|
|
||||||
];
|
|
||||||
};
|
};
|
||||||
|
|
||||||
systemd.network.links."10-net0" = {
|
systemd.network.links."10-net0" = {
|
||||||
|
|
|
@ -90,9 +90,7 @@ in
|
||||||
# pam_deny.so # deny (order 12400)" for pam.d/sshd, so enable
|
# pam_deny.so # deny (order 12400)" for pam.d/sshd, so enable
|
||||||
# PasswordAuthentication to have it not do that.
|
# PasswordAuthentication to have it not do that.
|
||||||
services.openssh.settings.PasswordAuthentication = lib.mkForce true;
|
services.openssh.settings.PasswordAuthentication = lib.mkForce true;
|
||||||
# The following doesn't need to be set in order for empty passwords to work
|
security.pam.services.sshd.allowNullPassword = true;
|
||||||
# apparently:
|
|
||||||
# security.pam.services.sshd.allowNullPassword = true;
|
|
||||||
services.openssh.extraConfig = ''
|
services.openssh.extraConfig = ''
|
||||||
Match User print
|
Match User print
|
||||||
PubkeyAuthentication no
|
PubkeyAuthentication no
|
||||||
|
|
|
@ -1,7 +1,10 @@
|
||||||
{ config, pkgs, ... }:
|
{ config, pkgs, ... }:
|
||||||
|
|
||||||
{
|
{
|
||||||
networking.hostName = "public-reverse-proxy";
|
networking = {
|
||||||
|
hostName = "public-reverse-proxy";
|
||||||
|
domain = "z9.ccchh.net";
|
||||||
|
};
|
||||||
|
|
||||||
system.stateVersion = "23.05";
|
system.stateVersion = "23.05";
|
||||||
}
|
}
|
||||||
|
|
|
@ -9,6 +9,7 @@
|
||||||
services.nginx.streamConfig = ''
|
services.nginx.streamConfig = ''
|
||||||
map $ssl_preread_server_name $address {
|
map $ssl_preread_server_name $address {
|
||||||
status.ccchh.net 10.31.206.15:8443;
|
status.ccchh.net 10.31.206.15:8443;
|
||||||
|
status.hamburg.ccc.de 10.31.206.15:8443;
|
||||||
}
|
}
|
||||||
|
|
||||||
# Listen on port 443 as a reverse proxy and use PROXY Protocol for the
|
# Listen on port 443 as a reverse proxy and use PROXY Protocol for the
|
||||||
|
|
|
@ -6,6 +6,7 @@
|
||||||
./networking.nix
|
./networking.nix
|
||||||
./nginx.nix
|
./nginx.nix
|
||||||
./virtualHosts
|
./virtualHosts
|
||||||
|
./sops.nix
|
||||||
./spaceapid.nix
|
./spaceapid.nix
|
||||||
];
|
];
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,7 +1,8 @@
|
||||||
{ ... }:
|
{ ... }:
|
||||||
|
|
||||||
{
|
{
|
||||||
networking.interfaces.net0 = {
|
networking = {
|
||||||
|
interfaces.net0 = {
|
||||||
ipv4.addresses = [
|
ipv4.addresses = [
|
||||||
{
|
{
|
||||||
address = "172.31.17.151";
|
address = "172.31.17.151";
|
||||||
|
@ -9,9 +10,10 @@
|
||||||
}
|
}
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
networking.defaultGateway = "172.31.17.129";
|
defaultGateway = "172.31.17.129";
|
||||||
networking.nameservers = [ "212.12.50.158" "192.76.134.90" ];
|
nameservers = [ "212.12.50.158" "192.76.134.90" ];
|
||||||
networking.search = [ "hamburg.ccc.de" ];
|
search = [ "hamburg.ccc.de" ];
|
||||||
|
};
|
||||||
|
|
||||||
systemd.network.links."10-net0" = {
|
systemd.network.links."10-net0" = {
|
||||||
matchConfig.MACAddress = "86:72:08:F6:C0:D6";
|
matchConfig.MACAddress = "86:72:08:F6:C0:D6";
|
||||||
|
|
233
config/hosts/public-web-static/secrets.yaml
Normal file
233
config/hosts/public-web-static/secrets.yaml
Normal file
|
@ -0,0 +1,233 @@
|
||||||
|
spaceapid_config_ccchh_credentials: ENC[AES256_GCM,data:5IClrKKMO/AztQuGabrnoRFItYNeEmVWGeafomVO94pL1RKzL1sCxBxnmzvJFPb/8Y+6FXMh+Mim4DP8B2RaJMLpmqCv+76N/5+527SZ6gn9i2Klg6q0kD9RzJv40qHq/NYLCa24tpcZDt7eB0EOgqLsKUmtX2LrQjjnN3NzjAevJGKQ5ypnb7xygjft2KrpvlR1hMnZ0XpSLDTNR1AmImxE24JtDaJKzwXbptr2IZvm1UFkNslxdqHPjN+N8+MSSLhqHy/FdcY2ADvsTX1jtjnjkb+9E30QOeCiFPKSmWtSGiQ9sPcQna1yr717Vk0EiNSAWDQ2fMZyJUgBXG6w3wiZbxfJmxvshLPs5KguF9NHER+Seps1QiE0p16c0IS/0Y24UYrK2GyUIcSReGufjxUFGTJHFSsNANac34H/RTs7BkoZ,iv:8WzTRaXVeH5GKmigMVTLVBnhy6nXZnTZHLAYHcqDs2s=,tag:jTdgz0gmruMWWDBQ3h70vw==,type:str]
|
||||||
|
sops:
|
||||||
|
kms: []
|
||||||
|
gcp_kms: []
|
||||||
|
azure_kv: []
|
||||||
|
hc_vault: []
|
||||||
|
age:
|
||||||
|
- recipient: age19s7r8sf7j6zk24x9vumawgxpd2q8epyv7p9qsjntw7v9s3v045mqhmsfp0
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSByclhsVmM1TTVCY1ljcmxz
|
||||||
|
TkNMQnhUMGsvWlQyTkZtQ1RDTjhoYVBhOWlFCk9ERUdvaTNBQ1QwamtleTJPbUo4
|
||||||
|
dkpYYjVSR1J0UkJML3RtUlRXNEsvTFUKLS0tIHNTdEFGL01vYStRaVVmWFZySWZM
|
||||||
|
MzEvb2IvZUZwSTgrL282VU9WUVpGNEUKFg1INcr/YbkmV6/F/4hWbTXj3PCscAMY
|
||||||
|
dlr4Pii9Tbhn39yOXyzt3DF+XivkdMsG7fQTHSYdvzMAnvEJ1CLOtA==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
lastmodified: "2024-05-26T01:21:16Z"
|
||||||
|
mac: ENC[AES256_GCM,data:ENLJIlcUXLEt+vXp/F2YATUZrc9ZjaE4AWwvG280etdsufEw/vGAWBhG2KT+CkcZLaJ4ctVvNlJEqU/pRzae+m/43SV3GNAG+jjT2VmNm0NyNYN27bpsj4tq11D27LPn7CkfBUB0gnmGJXVKalxhFkHBf+eq3ted8dPIv9YNRt8=,iv:Yfz7scjN3qDY9lV1SYOqrejiEwf4dVSPJhiFRJyFPio=,tag:SOw4Nhx6wwYIisRJl0SSRA==,type:str]
|
||||||
|
pgp:
|
||||||
|
- created_at: "2024-05-26T01:20:22Z"
|
||||||
|
enc: |-
|
||||||
|
-----BEGIN PGP MESSAGE-----
|
||||||
|
|
||||||
|
hQIMAxK/JaB2/SdtARAAkz8cMmtau9sLQQFafUnjIkuq8UWKn9TFcAfjAWDjnLTx
|
||||||
|
WAP4RQE56FXzVCo3DXWvucOjOlVNR9Y86x99eXaMLgYLtJfOTZOCbn2nSIDxQI1S
|
||||||
|
XNHAPEXEH/UXEoQ2lffIjR+VfSOpJlwD6acfVEu13NZMvxlO9/51EOvAAo+qKa0L
|
||||||
|
EwMczgDh8QsYohBV13UIxC3Et1Hsj0Guawrx4M6pzL4OvXGUKkpDfw4NCx9to0XK
|
||||||
|
3L4k+DHur3KhpZJg4QhrM1O1XJeb8RdlkCBMCrcteXkzKMQotVeee6Avr7kfti9s
|
||||||
|
R0hYuVswmiRJP+dxkQx1n84nnFkakY85LOxXIv7Mo3CT5xV/n/teUgZhyU+97aK0
|
||||||
|
Soq68sBMBqo8v3Izrfi1wp5iF7nnjbkMBzkDVFsRkA7bqYlEpTqZenzTzdEhm/Kt
|
||||||
|
e+A1mY+hcWI5Gr3kkz8+LGOXgBHHjXjVslK5+KmOxzcpm77IBIQCXaTViUwTJPbW
|
||||||
|
kmrDT9MSiS+bpTHS6NPLgRz21FltbCL4d0QD7bCiMnLjdeYwfRzT+if/yR6YIGMb
|
||||||
|
1I2odrB2Qf42CXHZooB/fV5OO5ziUXBpos3HZLxIvCUjOHyCYnoL1s4M3A6Zjf3v
|
||||||
|
0rZvSOy0UNwYwSbxRe5G9Z2xfFddFCTE5dp0cPV2RUEVMVlNU/kgpsMtxCFwIN/U
|
||||||
|
ZgEJAhDOqBVfz4bsqSMs4t2I4Vys7oeOfYJveNT88qc/PNPqjXgEoWSWp2DZdSvV
|
||||||
|
dNHaoVQHHRyZbRxfIwe0q+xoNjv6H5NafDIMnRk0gWl0gCSJQpCIQ9j1IQrXUoPq
|
||||||
|
cArG8aqHSA==
|
||||||
|
=rUJB
|
||||||
|
-----END PGP MESSAGE-----
|
||||||
|
fp: EF643F59E008414882232C78FFA8331EEB7D6B70
|
||||||
|
- created_at: "2024-05-26T01:20:22Z"
|
||||||
|
enc: |-
|
||||||
|
-----BEGIN PGP MESSAGE-----
|
||||||
|
|
||||||
|
hQIMA6EyPtWBEI+2AQ/+PCUJ7JMkGZ37gSURfBI/fM9Ow1oRp1MH8mHiflICRsio
|
||||||
|
RJhrcuThlqWHYYSFE1OlQhha8Uu+s6oaps153LKS7ZH1dzomqr5H8LfuKsaO6GDg
|
||||||
|
QyuiSGGAfudtyQ5ILN1CHjO8ifh/4469J7P/SyKkQ2AhZGQePbGkrR4kqGhj5axn
|
||||||
|
fY3Ar8HreWssm30k797x6zSs0z3BDS5vUd8JZjpt2E1nmbVTX5dLcDud06UwE3ae
|
||||||
|
B6lC+T/lxwp4LptskgsaBiikPTYspPAL8M1yG5XxKvvQlU8a9Lta7jOoXWnJ0kYE
|
||||||
|
mLoSRFBxsQsrpir4msR3oEXS7H30gkCT5j8bLdON+vbbK3d6nE5v3SXkOZhJKm8P
|
||||||
|
Zhk70lkj1HWe1uh5XRRAjn5YDelnipuml6dQMUJdxw8YrUmnVXjL+AGT0p0gcf3S
|
||||||
|
kMU6FZfELOmdR1zqCt1HicVQDmQJA2wct2+2hXRRQ91M/FAxCILOA/mqq6jZNrw1
|
||||||
|
uz1Sa43IlI5lz/ts9bIhR8rZj/Iuq18tRgmKdLhxtuJyZKcN1v1CDiIgNOvlc67x
|
||||||
|
ydVbVHygWVs95WZyya/PjF1+K5Tuq+VkfHMIJz3cW5xDy4PwYS8GsTqG6r8gEYbx
|
||||||
|
Qn2NC3h2gtrJ76/Qo8xs+8KCbQAUgST/uSJRK8peyhvqJXSrbhFBvq7ewvJbroHS
|
||||||
|
XAHl1yNdyWNwC9t2G9twEd9c2FjLuyXGhrincAcQ0gdH1jhKHY7/LoBiVIRMBJDe
|
||||||
|
kDD+RjcCB9jXRGln/l4teKs5TeCKzpaJiONEcecl2tSqjSaOzNE8rJh0kihH
|
||||||
|
=Edso
|
||||||
|
-----END PGP MESSAGE-----
|
||||||
|
fp: F155144FC925A1BEA1F8A2C59A2A4CD59BFDC5EC
|
||||||
|
- created_at: "2024-05-26T01:20:22Z"
|
||||||
|
enc: |-
|
||||||
|
-----BEGIN PGP MESSAGE-----
|
||||||
|
|
||||||
|
hQIMAz5uSgHG2iMJARAAzGzj3TJVDsnArDe7GziE2avL5WHkHFUJNoQcEBqNhfTU
|
||||||
|
PNu8RKSpKelWeOFEFzgr3Q1imapoR1+UXzTC1dP0QL+6sEWiqImxrbHygpm9tPSp
|
||||||
|
HvLMIvAvS0zPjX9q7HFgsw2fm489To0tuEK0oTFcayatAAijpWBl63KyslFbk5f+
|
||||||
|
tHSnaYTeRZq9QkRZlNGI3uJgMXyrHnmoyUUIb5wdKKQ2tpt1nR5okh307kU6fwqb
|
||||||
|
vT5ylRSTEZ0eWDyQbb0hThJkQS2j8QnsBN/xabDN8QGTFORrPDDobW3iro22SKJv
|
||||||
|
iVyh1yAm7QiA9yTdqcB8J1QuYvnP4RzSoCSNCAK0gZ+DklPUGC9DIEK4VTdmUaWs
|
||||||
|
cJM/dZw861D8Jnavf2RToEa4binehYHvi/+TNv7vBE+2xe9cp2Y3UZq891gHKbmr
|
||||||
|
OdlaIUv5yvU6dJfV/aib33PoGxcim1jGmRnDDu+aYv215WqoUxfNniib/HcNFb9M
|
||||||
|
JT70R4Ixo6Hnp9DyvSh+wGKPGg2WRuwrspbAjFucwMdBuY4a3XoBE4QE8QhFjLWc
|
||||||
|
2JTegdfx4yKovY9raJ1U5LxYWkErpfdvPgYOpn2xIvhHBy9Y9F8RgnI5CIyQ2haO
|
||||||
|
KL82cNunEeljvluG+vH5bhbWNOjWKcRXfy474+KOBGSu8UJsZJr3s8n6RSAjmN7S
|
||||||
|
XAE8nvvN86y/RxvwxG0qUX3tEjVZwvipqrzxeAcY2lEX1zFpW8HyHzqWlnpN2LlG
|
||||||
|
pfqdqn6A6wocTpuaKhCWNc34Ws4uJ+XJd59nrNP6j/4Wl6SenxcJef7bgqru
|
||||||
|
=X/V9
|
||||||
|
-----END PGP MESSAGE-----
|
||||||
|
fp: 18DFCE01456DAB52EA38A6584EDC64F35FA1D6A5
|
||||||
|
- created_at: "2024-05-26T01:20:22Z"
|
||||||
|
enc: |-
|
||||||
|
-----BEGIN PGP MESSAGE-----
|
||||||
|
|
||||||
|
hQIMAw5vwmoEJHQ1ARAApyVhDae44C6aOlE8j+oAmoPWBiTc0j6VGAwo7y6OzRVx
|
||||||
|
p6W/l/ALDRd2eVfttzTtS/J3EZ85gQEt1RTOVTR/vTTL1j+XzNF6adPuC2+uJBAb
|
||||||
|
FFhiReuD9YGyT7aW84qmfI797kKFfdkjIUiUr62iGr+kJ/urC9JK2mNSnhKJVTct
|
||||||
|
lP0HA0vrUlEHzU1LACUWw2FylyOpO+248Nxx+SXgP8ol3kQk0hAGtEq3+p7ViQdl
|
||||||
|
K9fYMM5bxlNGmMav6WVaR8ipyjf7Q6jrwOrtNymVlxKoWfzuQy8o0ACsn2PADeG9
|
||||||
|
QZsKAmbp33S1hVYdTeXajTlPwtHhNewkxIQdahP2Ni1netzV6I8kp3HHoGO1XN0i
|
||||||
|
TtHlqZnd9/aJb5Uvuqsz4Ei+nHL0WGS7UJYKphWfw58MaYGkJ9xwEZVxoEWY9+ZQ
|
||||||
|
prQrXbIwbt6XJnuDnlgO/XZQs76/h/SAK9JQoXV13mC00SwcNqB9iav7S9+d5U3H
|
||||||
|
QOerfUDzEOjE9AehSmeruaNIdqr/V54dY9eQFGQ5hrM30JTycWdhxl0TZkAYsT+d
|
||||||
|
qd79FKXceBSodL00kg4OUS1pGwI7w6pe7RsQZ0hl9O8X8JXsRebe8Ardyh5oGe+W
|
||||||
|
yiKKGj0xi63MdzVm8r6FH4HoWPnmfTq5gcI8urUB/157aU8jlJen3TM4i4bwydzS
|
||||||
|
XAEldvNa4/1McnNpPAWGDNPGObSg71kAIR/opGGkS8atywKgkNSCUJ6wAJhyksqd
|
||||||
|
FVdrCl5Mt3GSgk5uVWeYfDuuIxM/aZ8WMjxjtxQMyOnkXQYmQD+D6dgkqiTb
|
||||||
|
=q5Tx
|
||||||
|
-----END PGP MESSAGE-----
|
||||||
|
fp: 87AB00D45D37C9E9167B5A5A333448678B60E505
|
||||||
|
- created_at: "2024-05-26T01:20:22Z"
|
||||||
|
enc: |-
|
||||||
|
-----BEGIN PGP MESSAGE-----
|
||||||
|
|
||||||
|
hQIMA4HMJd/cQYrVAQ/8Dc0JtpbZLDLway7kk2YWhLvjTmBRzIZCAaa9WSEuDVWg
|
||||||
|
u1koIDIaeAi1Y7xNUbDeEACMo1gT23mRG7Dy6QSqi+6DUY4f4v7/UCwqyJdwAb0V
|
||||||
|
ig6ENedYzYoCKZ3t/kqeeZmKnQehj2hzmIci1avzQjUmsI+u1YGJOZGDCPK9W1CA
|
||||||
|
nkZ69BlsI7ZWwkaO7J9KKd8wLp1/XVcSnRjYxvowOHmUyDd1Mlm/I+umcqWZU9De
|
||||||
|
hXc9/4cPkUk+h5c4M9XeFFqxorOozMK0dyEBjFw7Dd7BMyPfyh5OnxPazp/aqgz3
|
||||||
|
T6SxedaTv0kH8U8dNkPkGc5NYv+D8gfZb7kLdzDglGvcHwL3HTwq7JUCFVvzCD9y
|
||||||
|
PN5XvFYIzwd1cxAbozhzX54almMFgvd8d1v+03ioEjxOJbAqMXRTgd8C5xUbFvH8
|
||||||
|
SJ8v4YsN5XksT6AME3MyZAZgWgbDqdQDAtUvP2cWlBFFJz4+43+71sec4AK9bqph
|
||||||
|
mG/aTXDHAQ+JjLUGH+hul87F+mIa5WspbSYJ0hky1Sz7JBr1153X1xutFMiIqafL
|
||||||
|
GwfUzkDqIY2AKZPocqyRthLUkSaf2axLdWMi3VfErzD8fu9XhpM7xY/sI1S7sCBs
|
||||||
|
HGfjBTF2zTvyNo4cS5SPW1QXGrGoAy6cpxJDkuOQMq/YvW2kIeO4Wv+as3TUtLzS
|
||||||
|
XAFxzoYXYbes+SGlxaRYY62CONNdFpvF66q8IgDN1/QNC0j8g0gE0bNc14KOamxr
|
||||||
|
Qg43kRmxOVlB+zbpY5lYI4YL7XbFusFGM9dKJVg9g390nRgDnD4yBZXfqkq/
|
||||||
|
=rthq
|
||||||
|
-----END PGP MESSAGE-----
|
||||||
|
fp: 91213ABAA73B0B73D3C02B5B4E5F372D17BBE67C
|
||||||
|
- created_at: "2024-05-26T01:20:22Z"
|
||||||
|
enc: |-
|
||||||
|
-----BEGIN PGP MESSAGE-----
|
||||||
|
|
||||||
|
hQIMAxjNhCKPP69fAQ/5AXvpR4o2fsfev/U/qdJ5Zz8jKwGpZ+xAhEEL8E64+f/P
|
||||||
|
Y542Oqig04emeGgvZat+jnc3ihKa+Z6k1ysSd4cod/yDUAy4NVtYzTsTziDekmaF
|
||||||
|
A1nEkbZoBrwXHQVGnO0PtFttqa0JEr5LcFlYgF8NIQRTQSQQgKp8p3llUFZYx+Pb
|
||||||
|
vuhOtWbZMFtl+yq0p03nDP3mrj32nPyyLIngvj82jMRQmw0em+Zw1JAwIIg3svWq
|
||||||
|
bp6F9a++PP2Pboc/piEGT3BIq/41gjKoIwz9m+p0NoSIcDRgmIIxflS9vzG/APC9
|
||||||
|
E4lVM/U/px0OmLcrmlBTjQ7HwHhVEVEYjZiByeHCm5UjSYWF6yHcmyLp9etD3GsR
|
||||||
|
pPwFsmc2PWFiEWrM0aV+3EPGkSV1Kwkvd7v34sRqAsGkb8HO5KxtfIQMccMqwMRG
|
||||||
|
kwBUgLcVuft9H6k2N+MHY6yidr4LLopGfd2FZ8BkQGNy9kIVNdZw9v+6R5HkVpoD
|
||||||
|
cY0NpzwvX21M9CPuMoXzjwXLnoKHHt9sWoxL7L0XIjyTkvKmETFqvKIY7cPFU837
|
||||||
|
4uxnsPhVESL3UfXrIk3maCgIZfFFL60eglVHdSLUy9XvAIXkLrLzqZLTW0LVYsuY
|
||||||
|
ZAlqUkkqZ4jjrF9OlmHsjgn5znOiMlW35bcKppC+MonrNXCJHjCdGmpj1v0cc4nS
|
||||||
|
XAE0EBSF6XDG2rxXETyWzKJurkfveD1njjcRwYeBiBRZEXKKqWuICLIgR5h/WBQI
|
||||||
|
KPv2k2RhxjH6Zk6FWgc6EWhIWUM/6+zN24m5VnAgMg+DRp8d1mO6t4ZaS+WU
|
||||||
|
=p4B8
|
||||||
|
-----END PGP MESSAGE-----
|
||||||
|
fp: F38C9D4228FC6F674E322D9C3326D914EB9B8F55
|
||||||
|
- created_at: "2024-05-26T01:20:22Z"
|
||||||
|
enc: |-
|
||||||
|
-----BEGIN PGP MESSAGE-----
|
||||||
|
|
||||||
|
hQIMA1Hthzn+T1OoAQ//Z0+gyWwynvznK8WbrU9aP583JpI53BilDDl+dJ34P28f
|
||||||
|
Kd2wr/l/Aw6QZ43kp0JGA3ZMB9SbWKy56L6MXPcDXHM42ojRCN1Z3am6NZEx4M+K
|
||||||
|
cstyV9qHZp/bUQjlUna3eZBlehHgRM0tRCKn/83Gi08nNK15wRlfZR5tg0aNbdXT
|
||||||
|
4ymxyUfA3+n8k4K/rZlBxJ59UESUcuUJCb/oPiUCrS7lXJwA8f85F5/M9t7D1xwO
|
||||||
|
2AfkoYl5b2NU48JrICY7SQp+xYg0jwEB2nAC/Gpmk9FGxCMIeFIT4MfpGmMah0t6
|
||||||
|
+2qDWQFQ86TEoAHVTqcW77Qmw7WLjNm8oLh0FWYb8VxaRo2B2jnbTtC0cosLWyl2
|
||||||
|
TrOwSYfzOOclQQchbmoK1JQb5+dUV+qUN4BO4MuI0mSXk85QFys3CY9a9X2pRXSh
|
||||||
|
SW7uMCj3SQ784uoYDBNprIYv4qsfzTEgCxrG9Ev/h35JyuNUr/oKGVsVfsLETJC/
|
||||||
|
Leepo2FjQIzr9qe52AVcUe9JH++jrPOgUM6JQEHHz+jp+N9arsuTGakxu/5saNjT
|
||||||
|
+E7WtWdBM5mtr82DDoTKsKLEUJKsMKFpQovFjvz5tgCAsoMhFP5oem2gbfOVi2+A
|
||||||
|
uQjQH+xJow4OMjb58Qx7fILcky6XYDTNWn9hlf2zrXmtEnhkSwf6U/Gyo71qCtDS
|
||||||
|
XAHIEr8bpFS9ndb1tchTO8mcDANnKLWttuqs/UdN/W0nl895hIP7C6esi7vLF1gM
|
||||||
|
OfYLVy+X8FyS5hpjd9rcEd5jj7XBMJ4kHaW7QLMGWHYS2zLjGOhYHS4rt7nk
|
||||||
|
=hag6
|
||||||
|
-----END PGP MESSAGE-----
|
||||||
|
fp: 5DA93D5C9D7320E1BD3522C79C78172B3551C9FD
|
||||||
|
- created_at: "2024-05-26T01:20:22Z"
|
||||||
|
enc: |-
|
||||||
|
-----BEGIN PGP MESSAGE-----
|
||||||
|
|
||||||
|
hQIMA46L6MuPqfJqARAAi01+TuUHgBT2UH75pacaptBmEYedNUkzqhUn98AA1yr5
|
||||||
|
PtYV1NGNP/rq7LDXP367yXhCslrwr+1BO7qnfAsEsEFr6InAyhOyZmAs18u5ilwc
|
||||||
|
RxW5EXrANm8SQLODBPH3/gxltpW7vzfayxdTOTNyCUH0x22eKfYknawOfpaMevAm
|
||||||
|
95nhILE05Unqd4FSoQId+Zw6djuMdSdQ6iAANKmvRpgs1Y8RNb9P/JG1TmbVvqQm
|
||||||
|
dbx5hfoLuNnLR4q0r64tGej0iVeBljSjUDrxusjMkhwgiinFTTz8oNoLoOuPjPMm
|
||||||
|
MymkjV1m6HzdwB9JMU7kMcHDEsqhXiKcxZ5mPDQJIXSG7TTuIZndRsln2ske9ibm
|
||||||
|
uZusIC7y1868R409UWhjGXjxsoFzqOKpOCo8tFoZSdE250E6o7U8PKOgSUxRAQlb
|
||||||
|
va7LUhP10ODZof5jM9xUDorrcamT1kbnmz4SlYDIOSliR0ofsmX0ObyxZmL3CZhN
|
||||||
|
/iC5BVv9D14U7iU0PsKZl0XUOP+urJwSZSCid0zq8rjUXdqy0YH81eBG9Y360ZHB
|
||||||
|
AlfhfeaYindnJYkPpZe1XWyI0yaKOjrKgdz8/vuDTZWyNseKAcofA7cgjUHtIUvu
|
||||||
|
uMPhFk+RHd0xZnk3yrlTnEOht8MiAZxVFPk3NK/P7W3D3r0li5D5f7+2ph8RsI/S
|
||||||
|
XAFXDSRXTIDsHCWPjvTAftTKbS8dq4A28yFHJg8+Ber+RxBbOWH7NpBIgmO2SNAJ
|
||||||
|
9CkU9neCROJuNBY9h0Xl4Yp7g6XNOeFeWdgxqJgZWhoKYSR0W8ILzQD45PXj
|
||||||
|
=ALYc
|
||||||
|
-----END PGP MESSAGE-----
|
||||||
|
fp: 8996B62CBD159DCADD3B6DC08BB33A8ABCF7BC4A
|
||||||
|
- created_at: "2024-05-26T01:20:22Z"
|
||||||
|
enc: |-
|
||||||
|
-----BEGIN PGP MESSAGE-----
|
||||||
|
|
||||||
|
hQIMA4EEKdYEzV0pAQ/+L9uVnDe2jK1unhCFjKv0YhHobPNSQAhXaYoIiw2qTJ/q
|
||||||
|
ntduHgPFvLjQdeGT6EsfS+vxGcsLtS2FlG8woiLzX0iyc9sB0AmcwwKdG2FwyemY
|
||||||
|
+ZPE8BfjVKrGq0oiYASIceYxTfdp1kNX2aTIpuBzm36ccHQb/RSzUhEeZjyN4xtO
|
||||||
|
c6j8HJ6TANoh4eBG+X4LDVGFQPMToozqw/2hX5HPn+EDqP6Egprf/6hAetX4VcCk
|
||||||
|
csbP2AB2wl75U8Q8xSmlNUj/CTz4wpOpNj5tjsADP/ZlkH6EUcGIPk3+BC6ovy54
|
||||||
|
zoydEnTi6uy+gMAZDLP2bRdSgjW887TIh3qPsZiyG0SEygC3B+Fb1EY/NIL7Yh5R
|
||||||
|
mJDdMbrAb9rBSXYS1ptLvq2QSjbyIpVK2n+PLtycySsaktsAEopotlwxlbf/QSBv
|
||||||
|
FCRgws0djwZ4+qtXJ/D1pMNSHD4sdRxGANPdqNJem7S4fHmegtlVWNphDP8V2bUa
|
||||||
|
krGYBc0pn/cTusEJgkccp898ghJQ7bjKxD41qtIkfceB8FnaKgdxBrNfIrucaMjb
|
||||||
|
xv0NLk5NLTCbv/ES5R6Pb4MDKEBpInUp6gygcbaDybyn5lu/jT+6pYFp8Sq0F81B
|
||||||
|
+Vk7+iz9MsV8Yz9dHJnqIiypZREF1KRPWpenNAK9XGdy5SxezfBS7Zz1VShYgoPS
|
||||||
|
XAGKmeK4A1VarYym4wSb/AXhT6HXLBM6VWB6OFvz3sXR02sAUI7GXuZOjY2raezt
|
||||||
|
Usn+dhqFnRUHgUqgtLYGXlgyXiSjUTGQnh4c18n/mkbApUKcTdX2VigoivLo
|
||||||
|
=Xjqf
|
||||||
|
-----END PGP MESSAGE-----
|
||||||
|
fp: 9DFA033E3DAEBAD7FDD71B056C7AAA54BE05F7BA
|
||||||
|
- created_at: "2024-05-26T01:20:22Z"
|
||||||
|
enc: |-
|
||||||
|
-----BEGIN PGP MESSAGE-----
|
||||||
|
|
||||||
|
hF4DQrf1tCqiJxoSAQdAEZMgepQuERqKK4S8uiXmIYIRdeN5swy6S4hmzdL3yj8w
|
||||||
|
E45ScSNMVsvKD3pQq8EqxTFPb5pQ+2LfpP8gbbhYoDomGDm4tcbr8pyH3AXXoFwl
|
||||||
|
0lwBFFDJa1GSmHSgnJqrIaqmOZJgBE5t3IEIiDQksVjV7KTwPMwoU+wx42AAU/dS
|
||||||
|
hjxQwPAfpwO9mH6FN4JC8OTVSU1VfWLCO4e8HroG44c2gOxFfnflaMjaXuIsDA==
|
||||||
|
=kkiD
|
||||||
|
-----END PGP MESSAGE-----
|
||||||
|
fp: B71138A6A8964A3C3B8899857B4F70C356765BAB
|
||||||
|
- created_at: "2024-05-26T01:20:22Z"
|
||||||
|
enc: |-
|
||||||
|
-----BEGIN PGP MESSAGE-----
|
||||||
|
|
||||||
|
hQIMAzdAjw8ldn6CAQ//Z5yRTQUt73bYUIrnaBPwQCLB4lmlutSICdQvdlQFcqDZ
|
||||||
|
Tw0kBNBS+4dEhxlYuEmCJgM6H+2KEH+6/M5IdFErlTz8Ly0R73adlSMu0R+os/6i
|
||||||
|
clLQQAwWIyFVuRaaNxSDdJ06sl4+hZyGZlbpo9kYBjslTUpJC4urvc+6xlRnlIuf
|
||||||
|
gae9+Zmh1K9+BpUH5svExyTERwWQI1HzvcqSc+tsEYugNvJitBHTyfpFN8xjtbns
|
||||||
|
h1aDXgKo4riFHzlZHftWfaLdot8++0jgluc7fCNXfnNVYf+nREIP49A/bkDFH4Re
|
||||||
|
Lwhq1iQte48KE0JKiaXDsAwLSanNYOfEZo5LSAFYAaEGJ6gUwnyoRgH+2T9FiWoJ
|
||||||
|
Z3myWbrm0SUr8Za2k1AA1FGz8tmGppxGZp3llyqaY/hbP84myfnfpvis6IUAzyfl
|
||||||
|
xMZOGs0Q3VlOJRAYXOWS64oM6cvCg9rJiOsPMr75P+9nWhz+Ur/X8hPTPr4ku/D1
|
||||||
|
ewUhDd406/a7aAGe7m6RyRnVCK2mybuKKYt3BGu0usYvKcPIMUYq+g2zqt6/fQ5r
|
||||||
|
gS2c+uuvMqM6o9dxkRxZWt99o8E29cGH51yl9IdrXsr7F/EyymjBENQxbDApp9mG
|
||||||
|
DHokBg9QdRvwRyyC2YBttgob8QrkZTI4xE7oRFaq9wuZqhjv6VGZXO0jauIRYV7S
|
||||||
|
XAFidvRJ2EMZlPeVpDkosbXLsux2q4v0ECXy1ciRRYJn50vLN8Fqk2fKg4aKkqeV
|
||||||
|
riCQgu8aliCMtTRTa+/NQoTpXbqD9XaPz8hf9betygs+6y3zVyBn7k7WQqmj
|
||||||
|
=yfan
|
||||||
|
-----END PGP MESSAGE-----
|
||||||
|
fp: 3D70F61E07F64EC4E4EF417BEFCD9D20F58784EF
|
||||||
|
unencrypted_suffix: _unencrypted
|
||||||
|
version: 3.8.1
|
7
config/hosts/public-web-static/sops.nix
Normal file
7
config/hosts/public-web-static/sops.nix
Normal file
|
@ -0,0 +1,7 @@
|
||||||
|
{ ... }:
|
||||||
|
|
||||||
|
{
|
||||||
|
sops = {
|
||||||
|
defaultSopsFile = ./secrets.yaml;
|
||||||
|
};
|
||||||
|
}
|
|
@ -2,26 +2,6 @@
|
||||||
"dynamic": {
|
"dynamic": {
|
||||||
"sensors": {
|
"sensors": {
|
||||||
"temperature": [
|
"temperature": [
|
||||||
{
|
|
||||||
"sensor_data": {
|
|
||||||
"unit": "°C",
|
|
||||||
"location": "Hauptraum",
|
|
||||||
"description": "Sensor im Hauptraum"
|
|
||||||
},
|
|
||||||
"allowed_credentials": [
|
|
||||||
"club-assistant"
|
|
||||||
]
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"sensor_data": {
|
|
||||||
"unit": "°C",
|
|
||||||
"location": "Loetschlauch",
|
|
||||||
"description": "Sensor im Lötschlauch (Teil der Werkstatt)"
|
|
||||||
},
|
|
||||||
"allowed_credentials": [
|
|
||||||
"club-assistant"
|
|
||||||
]
|
|
||||||
},
|
|
||||||
{
|
{
|
||||||
"sensor_data": {
|
"sensor_data": {
|
||||||
"unit": "°C",
|
"unit": "°C",
|
||||||
|
@ -34,26 +14,6 @@
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
"humidity": [
|
"humidity": [
|
||||||
{
|
|
||||||
"sensor_data": {
|
|
||||||
"unit": "%",
|
|
||||||
"location": "Hauptraum",
|
|
||||||
"description": "Sensor im Hauptraum"
|
|
||||||
},
|
|
||||||
"allowed_credentials": [
|
|
||||||
"club-assistant"
|
|
||||||
]
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"sensor_data": {
|
|
||||||
"unit": "%",
|
|
||||||
"location": "Loetschlauch",
|
|
||||||
"description": "Sensor im Lötschlauch (Teil der Werkstatt)"
|
|
||||||
},
|
|
||||||
"allowed_credentials": [
|
|
||||||
"club-assistant"
|
|
||||||
]
|
|
||||||
},
|
|
||||||
{
|
{
|
||||||
"sensor_data": {
|
"sensor_data": {
|
||||||
"unit": "%",
|
"unit": "%",
|
||||||
|
@ -65,12 +25,13 @@
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
"CO2": [
|
"ext_3d_printer_busy_state": [
|
||||||
{
|
{
|
||||||
"sensor_data": {
|
"sensor_data": {
|
||||||
"unit": "ppm",
|
"unit": "bool",
|
||||||
"location": "Hauptraum",
|
"location": "Loetschlauch",
|
||||||
"description": "Sensor im Hauptraum (Typ: SCD41)"
|
"name": "mk4",
|
||||||
|
"description": "Prusa mk4 busy state"
|
||||||
},
|
},
|
||||||
"allowed_credentials": [
|
"allowed_credentials": [
|
||||||
"club-assistant"
|
"club-assistant"
|
||||||
|
@ -78,9 +39,34 @@
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"sensor_data": {
|
"sensor_data": {
|
||||||
"unit": "ppm",
|
"unit": "bool",
|
||||||
"location": "Loetschlauch",
|
"location": "Loetschlauch",
|
||||||
"description": "Sensor im Lötschlauch (Teil der Werkstatt, Typ: SCD41)"
|
"name": "mk3.5",
|
||||||
|
"description": "Prusa mk3.5 busy state"
|
||||||
|
},
|
||||||
|
"allowed_credentials": [
|
||||||
|
"club-assistant"
|
||||||
|
]
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"ext_3d_printer_minutes_remaining": [
|
||||||
|
{
|
||||||
|
"sensor_data": {
|
||||||
|
"unit": "minutes_remaining",
|
||||||
|
"location": "Loetschlauch",
|
||||||
|
"name": "mk4",
|
||||||
|
"description": "Prusa mk4 minutes remaining"
|
||||||
|
},
|
||||||
|
"allowed_credentials": [
|
||||||
|
"club-assistant"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"sensor_data": {
|
||||||
|
"unit": "minutes_remaining",
|
||||||
|
"location": "Loetschlauch",
|
||||||
|
"name": "mk3.5",
|
||||||
|
"description": "Prusa mk3.5 minutes remaining"
|
||||||
},
|
},
|
||||||
"allowed_credentials": [
|
"allowed_credentials": [
|
||||||
"club-assistant"
|
"club-assistant"
|
||||||
|
|
|
@ -4,7 +4,7 @@
|
||||||
"14"
|
"14"
|
||||||
],
|
],
|
||||||
"space": "CCCHH",
|
"space": "CCCHH",
|
||||||
"logo": "https://next.hamburg.ccc.de/images/logo.svg",
|
"logo": "https://hamburg.ccc.de/images/logo.svg",
|
||||||
"ext_ccc": "erfa",
|
"ext_ccc": "erfa",
|
||||||
"url": "https://hamburg.ccc.de/",
|
"url": "https://hamburg.ccc.de/",
|
||||||
"location": {
|
"location": {
|
||||||
|
|
|
@ -1,19 +1,20 @@
|
||||||
{ pkgs, ... }:
|
{ pkgs, ... }:
|
||||||
|
|
||||||
let
|
let
|
||||||
spaceapidSrc = builtins.fetchGit {
|
version = "v0.1.0";
|
||||||
|
spaceapidSrc = pkgs.fetchgit {
|
||||||
url = "https://git.hamburg.ccc.de/CCCHH/spaceapid.git";
|
url = "https://git.hamburg.ccc.de/CCCHH/spaceapid.git";
|
||||||
ref = "main";
|
rev = version;
|
||||||
rev = "bbeb0d0e2b4538faed275b9891fb55149bc3a2f8";
|
hash = "sha256-2SDhliltzyydPPZdNn/htDydiK/SHQcYyG/dQ0EyFrY=";
|
||||||
};
|
};
|
||||||
spaceapid = pkgs.buildGoModule rec {
|
spaceapid = pkgs.buildGoModule rec {
|
||||||
pname = "spaceapid";
|
pname = "spaceapid";
|
||||||
version = "main";
|
inherit version;
|
||||||
|
|
||||||
src = spaceapidSrc;
|
src = spaceapidSrc;
|
||||||
|
|
||||||
ldflags = [
|
ldflags = [
|
||||||
"-X main.version=${version}-${spaceapidSrc.rev}"
|
"-X main.version=${version}"
|
||||||
];
|
];
|
||||||
|
|
||||||
# Since spaceapid doesn't have any dependencies, we can set this to null and
|
# Since spaceapid doesn't have any dependencies, we can set this to null and
|
||||||
|
@ -38,7 +39,7 @@ in
|
||||||
After = [ "network.target" "network-online.target" ];
|
After = [ "network.target" "network-online.target" ];
|
||||||
};
|
};
|
||||||
serviceConfig = {
|
serviceConfig = {
|
||||||
ExecStart = "${spaceapid}/bin/spaceapid -c ${spaceapidConfigResponse},${spaceapidConfigDynamic},/secrets/spaceapid-config-ccchh-credentials.secret";
|
ExecStart = "${spaceapid}/bin/spaceapid -c ${spaceapidConfigResponse},${spaceapidConfigDynamic},/run/secrets/spaceapid_config_ccchh_credentials";
|
||||||
User = "spaceapi";
|
User = "spaceapi";
|
||||||
Group = "spaceapi";
|
Group = "spaceapi";
|
||||||
Restart = "on-failure";
|
Restart = "on-failure";
|
||||||
|
@ -47,14 +48,10 @@ in
|
||||||
wantedBy = [ "multi-user.target" ];
|
wantedBy = [ "multi-user.target" ];
|
||||||
};
|
};
|
||||||
|
|
||||||
deployment.keys = {
|
sops.secrets."spaceapid_config_ccchh_credentials" = {
|
||||||
"spaceapid-config-ccchh-credentials.secret" = {
|
mode = "0440";
|
||||||
keyCommand = [ "pass" "noc/vm-secrets/chaosknoten/public-web-static/spaceapid-config-ccchh-credentials" ];
|
owner = "spaceapi";
|
||||||
destDir = "/secrets";
|
|
||||||
user = "spaceapi";
|
|
||||||
group = "spaceapi";
|
group = "spaceapi";
|
||||||
permissions = "0640";
|
restartUnits = [ "spaceapid.service" ];
|
||||||
uploadAt = "pre-activation";
|
|
||||||
};
|
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -5,9 +5,14 @@
|
||||||
./branding-resources.hamburg.ccc.de.nix
|
./branding-resources.hamburg.ccc.de.nix
|
||||||
./c3cat.de.nix
|
./c3cat.de.nix
|
||||||
./element.hamburg.ccc.de.nix
|
./element.hamburg.ccc.de.nix
|
||||||
|
./hacker.tours.nix
|
||||||
|
./hackertours.hamburg.ccc.de.nix
|
||||||
./hamburg.ccc.de.nix
|
./hamburg.ccc.de.nix
|
||||||
./spaceapi.hamburg.ccc.de.nix
|
./spaceapi.hamburg.ccc.de.nix
|
||||||
|
./staging.hacker.tours.nix
|
||||||
|
./staging.hackertours.hamburg.ccc.de.nix
|
||||||
./staging.hamburg.ccc.de.nix
|
./staging.hamburg.ccc.de.nix
|
||||||
./www.hamburg.ccc.de.nix
|
./www.hamburg.ccc.de.nix
|
||||||
|
./historic-easterhegg
|
||||||
];
|
];
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,10 +1,10 @@
|
||||||
{ pkgs, ... }:
|
{ pkgs, ... }:
|
||||||
|
|
||||||
let
|
let
|
||||||
elementWebVersion = "1.11.59";
|
elementWebVersion = "1.11.80";
|
||||||
element-web = pkgs.fetchzip {
|
element-web = pkgs.fetchzip {
|
||||||
url = "https://github.com/vector-im/element-web/releases/download/v${elementWebVersion}/element-v${elementWebVersion}.tar.gz";
|
url = "https://github.com/vector-im/element-web/releases/download/v${elementWebVersion}/element-v${elementWebVersion}.tar.gz";
|
||||||
sha256 = "sha256-iVTd5zWUJh9wkbKMh+5hq0ucQaLLY29w1xCLxDIdQ18=";
|
sha256 = "sha256-sudWmNehxGsbZTNirTkoWQ/Bln1DC1CI30wocw9VoH8=";
|
||||||
};
|
};
|
||||||
elementSecurityHeaders = ''
|
elementSecurityHeaders = ''
|
||||||
# Configuration best practices
|
# Configuration best practices
|
||||||
|
|
63
config/hosts/public-web-static/virtualHosts/hacker.tours.nix
Normal file
63
config/hosts/public-web-static/virtualHosts/hacker.tours.nix
Normal file
|
@ -0,0 +1,63 @@
|
||||||
|
{ pkgs, ... }:
|
||||||
|
|
||||||
|
let
|
||||||
|
domain = "hacker.tours";
|
||||||
|
dataDir = "/var/www/${domain}";
|
||||||
|
deployUser = "hackertours-website-deploy";
|
||||||
|
in {
|
||||||
|
services.nginx.virtualHosts = {
|
||||||
|
"acme-${domain}" = {
|
||||||
|
enableACME = true;
|
||||||
|
serverName = "${domain}";
|
||||||
|
|
||||||
|
listen = [
|
||||||
|
{
|
||||||
|
addr = "0.0.0.0";
|
||||||
|
port = 31820;
|
||||||
|
}
|
||||||
|
];
|
||||||
|
};
|
||||||
|
|
||||||
|
"${domain}" = {
|
||||||
|
forceSSL = true;
|
||||||
|
useACMEHost = "${domain}";
|
||||||
|
|
||||||
|
listen = [
|
||||||
|
{
|
||||||
|
addr = "0.0.0.0";
|
||||||
|
port = 8443;
|
||||||
|
ssl = true;
|
||||||
|
proxyProtocol = true;
|
||||||
|
}
|
||||||
|
];
|
||||||
|
|
||||||
|
root = "${dataDir}";
|
||||||
|
|
||||||
|
extraConfig = ''
|
||||||
|
# Make use of the ngx_http_realip_module to set the $remote_addr and
|
||||||
|
# $remote_port to the client address and client port, when using proxy
|
||||||
|
# protocol.
|
||||||
|
# First set our proxy protocol proxy as trusted.
|
||||||
|
set_real_ip_from 172.31.17.140;
|
||||||
|
# Then tell the realip_module to get the addreses from the proxy protocol
|
||||||
|
# header.
|
||||||
|
real_ip_header proxy_protocol;
|
||||||
|
|
||||||
|
error_page 404 /404.html;
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
systemd.tmpfiles.rules = [
|
||||||
|
"d ${dataDir} 0755 ${deployUser} ${deployUser}"
|
||||||
|
];
|
||||||
|
|
||||||
|
users.users."${deployUser}" = {
|
||||||
|
isNormalUser = true;
|
||||||
|
group = "${deployUser}";
|
||||||
|
openssh.authorizedKeys.keys = [
|
||||||
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOrDTANfPMkcf+V7zkypzaeX2fxkfStPHmZKqC29xyqy deploy key for hacker.tours"
|
||||||
|
];
|
||||||
|
};
|
||||||
|
users.groups."${deployUser}" = { };
|
||||||
|
}
|
|
@ -0,0 +1,68 @@
|
||||||
|
{ pkgs, ... }:
|
||||||
|
|
||||||
|
let
|
||||||
|
domain = "hackertours.hamburg.ccc.de";
|
||||||
|
dataDir = "/var/www/${domain}";
|
||||||
|
deployUser = "ht-ccchh-website-deploy";
|
||||||
|
in {
|
||||||
|
services.nginx.virtualHosts = {
|
||||||
|
"acme-${domain}" = {
|
||||||
|
enableACME = true;
|
||||||
|
serverName = "${domain}";
|
||||||
|
|
||||||
|
listen = [
|
||||||
|
{
|
||||||
|
addr = "0.0.0.0";
|
||||||
|
port = 31820;
|
||||||
|
}
|
||||||
|
];
|
||||||
|
};
|
||||||
|
|
||||||
|
"${domain}" = {
|
||||||
|
forceSSL = true;
|
||||||
|
useACMEHost = "${domain}";
|
||||||
|
|
||||||
|
listen = [
|
||||||
|
{
|
||||||
|
addr = "0.0.0.0";
|
||||||
|
port = 8443;
|
||||||
|
ssl = true;
|
||||||
|
proxyProtocol = true;
|
||||||
|
}
|
||||||
|
];
|
||||||
|
|
||||||
|
root = "${dataDir}";
|
||||||
|
|
||||||
|
extraConfig = ''
|
||||||
|
# Make use of the ngx_http_realip_module to set the $remote_addr and
|
||||||
|
# $remote_port to the client address and client port, when using proxy
|
||||||
|
# protocol.
|
||||||
|
# First set our proxy protocol proxy as trusted.
|
||||||
|
set_real_ip_from 172.31.17.140;
|
||||||
|
# Then tell the realip_module to get the addreses from the proxy protocol
|
||||||
|
# header.
|
||||||
|
real_ip_header proxy_protocol;
|
||||||
|
|
||||||
|
error_page 404 /404.html;
|
||||||
|
|
||||||
|
port_in_redirect off;
|
||||||
|
|
||||||
|
rewrite ^/(de|en)/tours$ /$1/37c3 redirect;
|
||||||
|
rewrite ^/(de|en)/tours/(.*)$ /$1/37c3/$2 redirect;
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
systemd.tmpfiles.rules = [
|
||||||
|
"d ${dataDir} 0755 ${deployUser} ${deployUser}"
|
||||||
|
];
|
||||||
|
|
||||||
|
users.users."${deployUser}" = {
|
||||||
|
isNormalUser = true;
|
||||||
|
group = "${deployUser}";
|
||||||
|
openssh.authorizedKeys.keys = [
|
||||||
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILxMnllgRD6W85IQ0WrVJSwr7dKM8PLNK4pmGaJRu0OR deploy key for hackertours.hamburg.ccc.de"
|
||||||
|
];
|
||||||
|
};
|
||||||
|
users.groups."${deployUser}" = { };
|
||||||
|
}
|
|
@ -94,6 +94,8 @@
|
||||||
real_ip_header proxy_protocol;
|
real_ip_header proxy_protocol;
|
||||||
|
|
||||||
error_page 404 /404.html;
|
error_page 404 /404.html;
|
||||||
|
|
||||||
|
port_in_redirect off;
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
|
@ -0,0 +1,12 @@
|
||||||
|
{...}:
|
||||||
|
|
||||||
|
{
|
||||||
|
imports = [
|
||||||
|
./eh03.nix
|
||||||
|
./eh05.nix
|
||||||
|
./eh07.nix
|
||||||
|
./eh09.nix
|
||||||
|
./eh11.nix
|
||||||
|
./eh20.nix
|
||||||
|
];
|
||||||
|
}
|
|
@ -0,0 +1,101 @@
|
||||||
|
{ pkgs, ... }:
|
||||||
|
|
||||||
|
let
|
||||||
|
eh03 = pkgs.fetchgit {
|
||||||
|
url = "https://git.hamburg.ccc.de/CCCHH/easterhegg-2003-website.git";
|
||||||
|
rev = "74977c56486cd060566bf06678a936e801952f9e";
|
||||||
|
hash = "sha256-ded/NO+Jex2Sa4yWAIRpqANsv8i0vKmJSkM5r9KxaVk=";
|
||||||
|
};
|
||||||
|
in
|
||||||
|
{
|
||||||
|
security.acme.certs."eh03.easterhegg.eu".extraDomainNames = [
|
||||||
|
"eh2003.hamburg.ccc.de"
|
||||||
|
"www.eh2003.hamburg.ccc.de"
|
||||||
|
"easterhegg2003.hamburg.ccc.de"
|
||||||
|
"www.easterhegg2003.hamburg.ccc.de"
|
||||||
|
];
|
||||||
|
|
||||||
|
services.nginx.virtualHosts = {
|
||||||
|
"acme-eh03.easterhegg.eu" = {
|
||||||
|
enableACME = true;
|
||||||
|
serverName = "eh03.easterhegg.eu";
|
||||||
|
serverAliases = [
|
||||||
|
"eh2003.hamburg.ccc.de"
|
||||||
|
"www.eh2003.hamburg.ccc.de"
|
||||||
|
"easterhegg2003.hamburg.ccc.de"
|
||||||
|
"www.easterhegg2003.hamburg.ccc.de"
|
||||||
|
];
|
||||||
|
listen = [{
|
||||||
|
addr = "0.0.0.0";
|
||||||
|
port = 31820;
|
||||||
|
}];
|
||||||
|
};
|
||||||
|
|
||||||
|
"easterhegg2003.hamburg.ccc.de" = {
|
||||||
|
forceSSL = true;
|
||||||
|
useACMEHost = "eh03.easterhegg.eu";
|
||||||
|
serverAliases = [
|
||||||
|
"eh2003.hamburg.ccc.de"
|
||||||
|
"www.eh2003.hamburg.ccc.de"
|
||||||
|
"www.easterhegg2003.hamburg.ccc.de"
|
||||||
|
];
|
||||||
|
|
||||||
|
listen = [{
|
||||||
|
addr = "0.0.0.0";
|
||||||
|
port = 8443;
|
||||||
|
ssl = true;
|
||||||
|
proxyProtocol = true;
|
||||||
|
}];
|
||||||
|
|
||||||
|
locations."/".return = "302 https://eh03.easterhegg.eu";
|
||||||
|
|
||||||
|
extraConfig = ''
|
||||||
|
# Make use of the ngx_http_realip_module to set the $remote_addr and
|
||||||
|
# $remote_port to the client address and client port, when using proxy
|
||||||
|
# protocol.
|
||||||
|
# First set our proxy protocol proxy as trusted.
|
||||||
|
set_real_ip_from 172.31.17.140;
|
||||||
|
# Then tell the realip_module to get the addreses from the proxy protocol
|
||||||
|
# header.
|
||||||
|
real_ip_header proxy_protocol;
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
"eh03.easterhegg.eu" = {
|
||||||
|
forceSSL = true;
|
||||||
|
useACMEHost = "eh03.easterhegg.eu";
|
||||||
|
|
||||||
|
listen = [{
|
||||||
|
addr = "0.0.0.0";
|
||||||
|
port = 8443;
|
||||||
|
ssl = true;
|
||||||
|
proxyProtocol = true;
|
||||||
|
}];
|
||||||
|
|
||||||
|
locations."/" = {
|
||||||
|
index = "index.html";
|
||||||
|
root = eh03;
|
||||||
|
extraConfig = ''
|
||||||
|
# Set default_type to html
|
||||||
|
default_type text/html;
|
||||||
|
# Enable SSI
|
||||||
|
ssi on;
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
extraConfig = ''
|
||||||
|
set $chosen_lang "de";
|
||||||
|
# Make use of the ngx_http_realip_module to set the $remote_addr and
|
||||||
|
# $remote_port to the client address and client port, when using proxy
|
||||||
|
# protocol.
|
||||||
|
# First set our proxy protocol proxy as trusted.
|
||||||
|
set_real_ip_from 172.31.17.140;
|
||||||
|
# Then tell the realip_module to get the addreses from the proxy protocol
|
||||||
|
# header.
|
||||||
|
real_ip_header proxy_protocol;
|
||||||
|
# Enable SSI
|
||||||
|
ssi on;
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
|
@ -0,0 +1,100 @@
|
||||||
|
{ pkgs, ... }:
|
||||||
|
|
||||||
|
let
|
||||||
|
eh05 = pkgs.fetchgit {
|
||||||
|
url = "https://git.hamburg.ccc.de/CCCHH/easterhegg-2005-website.git";
|
||||||
|
rev = "f1455aee35b6462ab5c46f3d52c47e0b200c1315";
|
||||||
|
hash = "sha256-lA4fxO05K39nosSYNfKUtSCrK+dja1yWKILqRklSNy8=";
|
||||||
|
};
|
||||||
|
in
|
||||||
|
{
|
||||||
|
security.acme.certs."eh05.easterhegg.eu".extraDomainNames = [
|
||||||
|
"eh2005.hamburg.ccc.de"
|
||||||
|
"www.eh2005.hamburg.ccc.de"
|
||||||
|
"easterhegg2005.hamburg.ccc.de"
|
||||||
|
"www.easterhegg2005.hamburg.ccc.de"
|
||||||
|
];
|
||||||
|
|
||||||
|
services.nginx.virtualHosts = {
|
||||||
|
"acme-eh05.easterhegg.eu" = {
|
||||||
|
enableACME = true;
|
||||||
|
serverName = "eh05.easterhegg.eu";
|
||||||
|
serverAliases = [
|
||||||
|
"eh2005.hamburg.ccc.de"
|
||||||
|
"www.eh2005.hamburg.ccc.de"
|
||||||
|
"easterhegg2005.hamburg.ccc.de"
|
||||||
|
"www.easterhegg2005.hamburg.ccc.de"
|
||||||
|
];
|
||||||
|
listen = [{
|
||||||
|
addr = "0.0.0.0";
|
||||||
|
port = 31820;
|
||||||
|
}];
|
||||||
|
};
|
||||||
|
|
||||||
|
"easterhegg2005.hamburg.ccc.de" = {
|
||||||
|
forceSSL = true;
|
||||||
|
useACMEHost = "eh05.easterhegg.eu";
|
||||||
|
serverAliases = [
|
||||||
|
"eh2005.hamburg.ccc.de"
|
||||||
|
"www.eh2005.hamburg.ccc.de"
|
||||||
|
"www.easterhegg2005.hamburg.ccc.de"
|
||||||
|
];
|
||||||
|
|
||||||
|
listen = [{
|
||||||
|
addr = "0.0.0.0";
|
||||||
|
port = 8443;
|
||||||
|
ssl = true;
|
||||||
|
proxyProtocol = true;
|
||||||
|
}];
|
||||||
|
|
||||||
|
locations."/".return = "302 https://eh05.easterhegg.eu";
|
||||||
|
|
||||||
|
extraConfig = ''
|
||||||
|
# Make use of the ngx_http_realip_module to set the $remote_addr and
|
||||||
|
# $remote_port to the client address and client port, when using proxy
|
||||||
|
# protocol.
|
||||||
|
# First set our proxy protocol proxy as trusted.
|
||||||
|
set_real_ip_from 172.31.17.140;
|
||||||
|
# Then tell the realip_module to get the addreses from the proxy protocol
|
||||||
|
# header.
|
||||||
|
real_ip_header proxy_protocol;
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
"eh05.easterhegg.eu" = {
|
||||||
|
forceSSL = true;
|
||||||
|
useACMEHost = "eh05.easterhegg.eu";
|
||||||
|
|
||||||
|
listen = [{
|
||||||
|
addr = "0.0.0.0";
|
||||||
|
port = 8443;
|
||||||
|
ssl = true;
|
||||||
|
proxyProtocol = true;
|
||||||
|
}];
|
||||||
|
|
||||||
|
locations."/" = {
|
||||||
|
index = "index.shtml";
|
||||||
|
root = eh05;
|
||||||
|
extraConfig = ''
|
||||||
|
# Set default_type to html
|
||||||
|
default_type text/html;
|
||||||
|
# Enable SSI
|
||||||
|
ssi on;
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
extraConfig = ''
|
||||||
|
# Make use of the ngx_http_realip_module to set the $remote_addr and
|
||||||
|
# $remote_port to the client address and client port, when using proxy
|
||||||
|
# protocol.
|
||||||
|
# First set our proxy protocol proxy as trusted.
|
||||||
|
set_real_ip_from 172.31.17.140;
|
||||||
|
# Then tell the realip_module to get the addreses from the proxy protocol
|
||||||
|
# header.
|
||||||
|
real_ip_header proxy_protocol;
|
||||||
|
# Enable SSI
|
||||||
|
ssi on;
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
|
@ -0,0 +1,106 @@
|
||||||
|
{ pkgs, ... }:
|
||||||
|
|
||||||
|
let
|
||||||
|
eh07 = pkgs.fetchgit {
|
||||||
|
url = "https://git.hamburg.ccc.de/CCCHH/easterhegg-2007-website.git";
|
||||||
|
rev = "0bb06fd2654814ddda28469a1bf9e50a9814dd9a";
|
||||||
|
hash = "sha256-jMpDxgxbL3ipG3HLJo0ISTdWfYYrd2EfwpmoiWV0qCM=";
|
||||||
|
};
|
||||||
|
in
|
||||||
|
{
|
||||||
|
security.acme.certs."eh07.easterhegg.eu".extraDomainNames = [
|
||||||
|
"eh2007.hamburg.ccc.de"
|
||||||
|
"www.eh2007.hamburg.ccc.de"
|
||||||
|
"eh07.hamburg.ccc.de"
|
||||||
|
"www.eh07.hamburg.ccc.de"
|
||||||
|
"easterhegg2007.hamburg.ccc.de"
|
||||||
|
"www.easterhegg2007.hamburg.ccc.de"
|
||||||
|
];
|
||||||
|
|
||||||
|
services.nginx.virtualHosts = {
|
||||||
|
"acme-eh07.easterhegg.eu" = {
|
||||||
|
enableACME = true;
|
||||||
|
serverName = "eh07.easterhegg.eu";
|
||||||
|
serverAliases = [
|
||||||
|
"eh2007.hamburg.ccc.de"
|
||||||
|
"www.eh2007.hamburg.ccc.de"
|
||||||
|
"eh07.hamburg.ccc.de"
|
||||||
|
"www.eh07.hamburg.ccc.de"
|
||||||
|
"easterhegg2007.hamburg.ccc.de"
|
||||||
|
"www.easterhegg2007.hamburg.ccc.de"
|
||||||
|
];
|
||||||
|
listen = [{
|
||||||
|
addr = "0.0.0.0";
|
||||||
|
port = 31820;
|
||||||
|
}];
|
||||||
|
};
|
||||||
|
|
||||||
|
"easterhegg2007.hamburg.ccc.de" = {
|
||||||
|
forceSSL = true;
|
||||||
|
useACMEHost = "eh07.easterhegg.eu";
|
||||||
|
serverAliases = [
|
||||||
|
"eh2007.hamburg.ccc.de"
|
||||||
|
"www.eh2007.hamburg.ccc.de"
|
||||||
|
"eh07.hamburg.ccc.de"
|
||||||
|
"www.eh07.hamburg.ccc.de"
|
||||||
|
"www.easterhegg2007.hamburg.ccc.de"
|
||||||
|
];
|
||||||
|
|
||||||
|
listen = [{
|
||||||
|
addr = "0.0.0.0";
|
||||||
|
port = 8443;
|
||||||
|
ssl = true;
|
||||||
|
proxyProtocol = true;
|
||||||
|
}];
|
||||||
|
|
||||||
|
locations."/".return = "302 https://eh07.easterhegg.eu";
|
||||||
|
|
||||||
|
extraConfig = ''
|
||||||
|
# Make use of the ngx_http_realip_module to set the $remote_addr and
|
||||||
|
# $remote_port to the client address and client port, when using proxy
|
||||||
|
# protocol.
|
||||||
|
# First set our proxy protocol proxy as trusted.
|
||||||
|
set_real_ip_from 172.31.17.140;
|
||||||
|
# Then tell the realip_module to get the addreses from the proxy protocol
|
||||||
|
# header.
|
||||||
|
real_ip_header proxy_protocol;
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
"eh07.easterhegg.eu" = {
|
||||||
|
forceSSL = true;
|
||||||
|
useACMEHost = "eh07.easterhegg.eu";
|
||||||
|
|
||||||
|
listen = [{
|
||||||
|
addr = "0.0.0.0";
|
||||||
|
port = 8443;
|
||||||
|
ssl = true;
|
||||||
|
proxyProtocol = true;
|
||||||
|
}];
|
||||||
|
|
||||||
|
locations."/" = {
|
||||||
|
index = "index.shtml";
|
||||||
|
root = eh07;
|
||||||
|
extraConfig = ''
|
||||||
|
# Set default_type to html
|
||||||
|
default_type text/html;
|
||||||
|
# Enable SSI
|
||||||
|
ssi on;
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
extraConfig = ''
|
||||||
|
# Make use of the ngx_http_realip_module to set the $remote_addr and
|
||||||
|
# $remote_port to the client address and client port, when using proxy
|
||||||
|
# protocol.
|
||||||
|
# First set our proxy protocol proxy as trusted.
|
||||||
|
set_real_ip_from 172.31.17.140;
|
||||||
|
# Then tell the realip_module to get the addreses from the proxy protocol
|
||||||
|
# header.
|
||||||
|
real_ip_header proxy_protocol;
|
||||||
|
# Enable SSI
|
||||||
|
ssi on;
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
|
@ -0,0 +1,105 @@
|
||||||
|
{ pkgs, ... }:
|
||||||
|
|
||||||
|
let
|
||||||
|
eh09 = pkgs.fetchgit {
|
||||||
|
url = "https://git.hamburg.ccc.de/CCCHH/easterhegg-2009-website.git";
|
||||||
|
rev = "6d4a50c5ab23870072f0b33dd0171b0c56d6cab5";
|
||||||
|
hash = "sha256-kPJOrKseJD/scRxhYFa249DT1cYmeCjnK50Bt0IJZK8=";
|
||||||
|
};
|
||||||
|
in
|
||||||
|
{
|
||||||
|
security.acme.certs."eh09.easterhegg.eu".extraDomainNames = [
|
||||||
|
"eh2009.hamburg.ccc.de"
|
||||||
|
"www.eh2009.hamburg.ccc.de"
|
||||||
|
"eh09.hamburg.ccc.de"
|
||||||
|
"www.eh09.hamburg.ccc.de"
|
||||||
|
"easterhegg2009.hamburg.ccc.de"
|
||||||
|
"www.easterhegg2009.hamburg.ccc.de"
|
||||||
|
];
|
||||||
|
|
||||||
|
services.nginx.virtualHosts = {
|
||||||
|
"acme-eh09.easterhegg.eu" = {
|
||||||
|
enableACME = true;
|
||||||
|
serverName = "eh09.easterhegg.eu";
|
||||||
|
serverAliases = [
|
||||||
|
"eh2009.hamburg.ccc.de"
|
||||||
|
"www.eh2009.hamburg.ccc.de"
|
||||||
|
"eh09.hamburg.ccc.de"
|
||||||
|
"www.eh09.hamburg.ccc.de"
|
||||||
|
"easterhegg2009.hamburg.ccc.de"
|
||||||
|
"www.easterhegg2009.hamburg.ccc.de"
|
||||||
|
];
|
||||||
|
listen = [{
|
||||||
|
addr = "0.0.0.0";
|
||||||
|
port = 31820;
|
||||||
|
}];
|
||||||
|
};
|
||||||
|
|
||||||
|
"easterhegg2009.hamburg.ccc.de" = {
|
||||||
|
forceSSL = true;
|
||||||
|
useACMEHost = "eh09.easterhegg.eu";
|
||||||
|
serverAliases = [
|
||||||
|
"eh2009.hamburg.ccc.de"
|
||||||
|
"www.eh2009.hamburg.ccc.de"
|
||||||
|
"eh09.hamburg.ccc.de"
|
||||||
|
"www.eh09.hamburg.ccc.de"
|
||||||
|
"www.easterhegg2009.hamburg.ccc.de"
|
||||||
|
];
|
||||||
|
|
||||||
|
listen = [{
|
||||||
|
addr = "0.0.0.0";
|
||||||
|
port = 8443;
|
||||||
|
ssl = true;
|
||||||
|
proxyProtocol = true;
|
||||||
|
}];
|
||||||
|
|
||||||
|
locations."/".return = "302 https://eh09.easterhegg.eu";
|
||||||
|
|
||||||
|
extraConfig = ''
|
||||||
|
# Make use of the ngx_http_realip_module to set the $remote_addr and
|
||||||
|
# $remote_port to the client address and client port, when using proxy
|
||||||
|
# protocol.
|
||||||
|
# First set our proxy protocol proxy as trusted.
|
||||||
|
set_real_ip_from 172.31.17.140;
|
||||||
|
# Then tell the realip_module to get the addreses from the proxy protocol
|
||||||
|
# header.
|
||||||
|
real_ip_header proxy_protocol;
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
"eh09.easterhegg.eu" = {
|
||||||
|
forceSSL = true;
|
||||||
|
useACMEHost = "eh09.easterhegg.eu";
|
||||||
|
|
||||||
|
listen = [{
|
||||||
|
addr = "0.0.0.0";
|
||||||
|
port = 8443;
|
||||||
|
ssl = true;
|
||||||
|
proxyProtocol = true;
|
||||||
|
}];
|
||||||
|
|
||||||
|
locations."/" = {
|
||||||
|
index = "index.shtml";
|
||||||
|
root = eh09;
|
||||||
|
extraConfig = ''
|
||||||
|
# Set default_type to html
|
||||||
|
default_type text/html;
|
||||||
|
# Enable SSI
|
||||||
|
ssi on;
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
extraConfig = ''
|
||||||
|
# Make use of the ngx_http_realip_module to set the $remote_addr and
|
||||||
|
# $remote_port to the client address and client port, when using proxy
|
||||||
|
# protocol.
|
||||||
|
# First set our proxy protocol proxy as trusted.
|
||||||
|
set_real_ip_from 172.31.17.140;
|
||||||
|
# Then tell the realip_module to get the addreses from the proxy protocol
|
||||||
|
# header.
|
||||||
|
real_ip_header proxy_protocol;
|
||||||
|
# Enable SSI
|
||||||
|
ssi on;
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
|
@ -0,0 +1,106 @@
|
||||||
|
{ pkgs, ... }:
|
||||||
|
|
||||||
|
let
|
||||||
|
eh11 = pkgs.fetchgit {
|
||||||
|
url = "https://git.hamburg.ccc.de/CCCHH/easterhegg-2011-website.git";
|
||||||
|
rev = "c20540af71d4a0bd1fa12f49962b92d04293415b";
|
||||||
|
hash = "sha256-9hhtfU8fp2HOThcyQ4R7kuGQBjZktqMtiiYQhOas2QA=";
|
||||||
|
};
|
||||||
|
in
|
||||||
|
{
|
||||||
|
security.acme.certs."eh11.easterhegg.eu".extraDomainNames = [
|
||||||
|
"eh2011.hamburg.ccc.de"
|
||||||
|
"www.eh2011.hamburg.ccc.de"
|
||||||
|
"eh11.hamburg.ccc.de"
|
||||||
|
"www.eh11.hamburg.ccc.de"
|
||||||
|
"easterhegg2011.hamburg.ccc.de"
|
||||||
|
"www.easterhegg2011.hamburg.ccc.de"
|
||||||
|
];
|
||||||
|
|
||||||
|
services.nginx.virtualHosts = {
|
||||||
|
"acme-eh11.easterhegg.eu" = {
|
||||||
|
enableACME = true;
|
||||||
|
serverName = "eh11.easterhegg.eu";
|
||||||
|
serverAliases = [
|
||||||
|
"eh2011.hamburg.ccc.de"
|
||||||
|
"www.eh2011.hamburg.ccc.de"
|
||||||
|
"eh11.hamburg.ccc.de"
|
||||||
|
"www.eh11.hamburg.ccc.de"
|
||||||
|
"easterhegg2011.hamburg.ccc.de"
|
||||||
|
"www.easterhegg2011.hamburg.ccc.de"
|
||||||
|
];
|
||||||
|
listen = [{
|
||||||
|
addr = "0.0.0.0";
|
||||||
|
port = 31820;
|
||||||
|
}];
|
||||||
|
};
|
||||||
|
|
||||||
|
"easterhegg2011.hamburg.ccc.de" = {
|
||||||
|
forceSSL = true;
|
||||||
|
useACMEHost = "eh11.easterhegg.eu";
|
||||||
|
serverAliases = [
|
||||||
|
"eh2011.hamburg.ccc.de"
|
||||||
|
"www.eh2011.hamburg.ccc.de"
|
||||||
|
"eh11.hamburg.ccc.de"
|
||||||
|
"www.eh11.hamburg.ccc.de"
|
||||||
|
"www.easterhegg2011.hamburg.ccc.de"
|
||||||
|
];
|
||||||
|
|
||||||
|
listen = [{
|
||||||
|
addr = "0.0.0.0";
|
||||||
|
port = 8443;
|
||||||
|
ssl = true;
|
||||||
|
proxyProtocol = true;
|
||||||
|
}];
|
||||||
|
|
||||||
|
locations."/".return = "302 https://eh11.easterhegg.eu";
|
||||||
|
|
||||||
|
extraConfig = ''
|
||||||
|
# Make use of the ngx_http_realip_module to set the $remote_addr and
|
||||||
|
# $remote_port to the client address and client port, when using proxy
|
||||||
|
# protocol.
|
||||||
|
# First set our proxy protocol proxy as trusted.
|
||||||
|
set_real_ip_from 172.31.17.140;
|
||||||
|
# Then tell the realip_module to get the addreses from the proxy protocol
|
||||||
|
# header.
|
||||||
|
real_ip_header proxy_protocol;
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
"eh11.easterhegg.eu" = {
|
||||||
|
forceSSL = true;
|
||||||
|
useACMEHost = "eh11.easterhegg.eu";
|
||||||
|
|
||||||
|
listen = [{
|
||||||
|
addr = "0.0.0.0";
|
||||||
|
port = 8443;
|
||||||
|
ssl = true;
|
||||||
|
proxyProtocol = true;
|
||||||
|
}];
|
||||||
|
|
||||||
|
locations."/" = {
|
||||||
|
index = "index.shtml";
|
||||||
|
root = eh11;
|
||||||
|
extraConfig = ''
|
||||||
|
# Set default_type to html
|
||||||
|
default_type text/html;
|
||||||
|
# Enable SSI
|
||||||
|
ssi on;
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
extraConfig = ''
|
||||||
|
# Make use of the ngx_http_realip_module to set the $remote_addr and
|
||||||
|
# $remote_port to the client address and client port, when using proxy
|
||||||
|
# protocol.
|
||||||
|
# First set our proxy protocol proxy as trusted.
|
||||||
|
set_real_ip_from 172.31.17.140;
|
||||||
|
# Then tell the realip_module to get the addreses from the proxy protocol
|
||||||
|
# header.
|
||||||
|
real_ip_header proxy_protocol;
|
||||||
|
# Enable SSI
|
||||||
|
ssi on;
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
|
@ -0,0 +1,91 @@
|
||||||
|
{ pkgs, ... }:
|
||||||
|
|
||||||
|
let
|
||||||
|
eh20 = pkgs.fetchgit {
|
||||||
|
url = "https://git.hamburg.ccc.de/CCCHH/easterhegg-eh20-website.git";
|
||||||
|
rev = "026932ef2f1fb85c99269e0fb547589a25d3687c";
|
||||||
|
hash = "sha256-YYxHhPYIioJgyHXNieoX6ibasHcNw/AFk+qCNSOxke4=";
|
||||||
|
};
|
||||||
|
in
|
||||||
|
{
|
||||||
|
security.acme.certs."eh20.easterhegg.eu".extraDomainNames = [
|
||||||
|
"www.eh20.easterhegg.eu"
|
||||||
|
"eh20.hamburg.ccc.de"
|
||||||
|
];
|
||||||
|
|
||||||
|
services.nginx.virtualHosts = {
|
||||||
|
"acme-eh20.easterhegg.eu" = {
|
||||||
|
enableACME = true;
|
||||||
|
serverName = "eh20.easterhegg.eu";
|
||||||
|
serverAliases = [
|
||||||
|
"www.eh20.easterhegg.eu"
|
||||||
|
"eh20.hamburg.ccc.de"
|
||||||
|
];
|
||||||
|
listen = [{
|
||||||
|
addr = "0.0.0.0";
|
||||||
|
port = 31820;
|
||||||
|
}];
|
||||||
|
};
|
||||||
|
|
||||||
|
"www.eh20.easterhegg.eu" = {
|
||||||
|
forceSSL = true;
|
||||||
|
useACMEHost = "eh20.easterhegg.eu";
|
||||||
|
serverAliases = [
|
||||||
|
"eh20.hamburg.ccc.de"
|
||||||
|
];
|
||||||
|
|
||||||
|
listen = [{
|
||||||
|
addr = "0.0.0.0";
|
||||||
|
port = 8443;
|
||||||
|
ssl = true;
|
||||||
|
proxyProtocol = true;
|
||||||
|
}];
|
||||||
|
|
||||||
|
locations."/".return = "302 https://eh20.easterhegg.eu";
|
||||||
|
|
||||||
|
extraConfig = ''
|
||||||
|
# Make use of the ngx_http_realip_module to set the $remote_addr and
|
||||||
|
# $remote_port to the client address and client port, when using proxy
|
||||||
|
# protocol.
|
||||||
|
# First set our proxy protocol proxy as trusted.
|
||||||
|
set_real_ip_from 172.31.17.140;
|
||||||
|
# Then tell the realip_module to get the addreses from the proxy protocol
|
||||||
|
# header.
|
||||||
|
real_ip_header proxy_protocol;
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
"eh20.easterhegg.eu" = {
|
||||||
|
forceSSL = true;
|
||||||
|
useACMEHost = "eh20.easterhegg.eu";
|
||||||
|
|
||||||
|
listen = [{
|
||||||
|
addr = "0.0.0.0";
|
||||||
|
port = 8443;
|
||||||
|
ssl = true;
|
||||||
|
proxyProtocol = true;
|
||||||
|
}];
|
||||||
|
|
||||||
|
locations."/" = {
|
||||||
|
index = "start.html";
|
||||||
|
root = "${eh20}/wiki_siteexport";
|
||||||
|
};
|
||||||
|
|
||||||
|
# redirect doku.php?id=$pagename to /$pagename.html
|
||||||
|
locations."/doku.php" = {
|
||||||
|
return = "301 $scheme://$host/$arg_id.html";
|
||||||
|
};
|
||||||
|
|
||||||
|
extraConfig = ''
|
||||||
|
# Make use of the ngx_http_realip_module to set the $remote_addr and
|
||||||
|
# $remote_port to the client address and client port, when using proxy
|
||||||
|
# protocol.
|
||||||
|
# First set our proxy protocol proxy as trusted.
|
||||||
|
set_real_ip_from 172.31.17.140;
|
||||||
|
# Then tell the realip_module to get the addreses from the proxy protocol
|
||||||
|
# header.
|
||||||
|
real_ip_header proxy_protocol;
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
|
@ -0,0 +1,60 @@
|
||||||
|
{ pkgs, ... }:
|
||||||
|
|
||||||
|
let
|
||||||
|
domain = "staging.hacker.tours";
|
||||||
|
dataDir = "/var/www/${domain}";
|
||||||
|
deployUser = "hackertours-website-deploy";
|
||||||
|
in {
|
||||||
|
services.nginx.virtualHosts = {
|
||||||
|
"acme-${domain}" = {
|
||||||
|
enableACME = true;
|
||||||
|
serverName = "${domain}";
|
||||||
|
|
||||||
|
listen = [
|
||||||
|
{
|
||||||
|
addr = "0.0.0.0";
|
||||||
|
port = 31820;
|
||||||
|
}
|
||||||
|
];
|
||||||
|
};
|
||||||
|
|
||||||
|
"${domain}" = {
|
||||||
|
forceSSL = true;
|
||||||
|
useACMEHost = "${domain}";
|
||||||
|
|
||||||
|
listen = [
|
||||||
|
{
|
||||||
|
addr = "0.0.0.0";
|
||||||
|
port = 8443;
|
||||||
|
ssl = true;
|
||||||
|
proxyProtocol = true;
|
||||||
|
}
|
||||||
|
];
|
||||||
|
|
||||||
|
root = "${dataDir}";
|
||||||
|
|
||||||
|
# Disallow *, since this is staging and doesn't need to be in any search
|
||||||
|
# results.
|
||||||
|
locations."/robots.txt" = {
|
||||||
|
return = "200 \"User-agent: *\\nDisallow: *\\n\"";
|
||||||
|
};
|
||||||
|
|
||||||
|
extraConfig = ''
|
||||||
|
# Make use of the ngx_http_realip_module to set the $remote_addr and
|
||||||
|
# $remote_port to the client address and client port, when using proxy
|
||||||
|
# protocol.
|
||||||
|
# First set our proxy protocol proxy as trusted.
|
||||||
|
set_real_ip_from 172.31.17.140;
|
||||||
|
# Then tell the realip_module to get the addreses from the proxy protocol
|
||||||
|
# header.
|
||||||
|
real_ip_header proxy_protocol;
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
systemd.tmpfiles.rules = [
|
||||||
|
"d ${dataDir} 0755 ${deployUser} ${deployUser}"
|
||||||
|
];
|
||||||
|
|
||||||
|
# Hackertours deploy user already defined in hacker.tours.nix.
|
||||||
|
}
|
|
@ -0,0 +1,62 @@
|
||||||
|
{ pkgs, ... }:
|
||||||
|
|
||||||
|
let
|
||||||
|
domain = "staging.hackertours.hamburg.ccc.de";
|
||||||
|
dataDir = "/var/www/${domain}";
|
||||||
|
deployUser = "ht-ccchh-website-deploy";
|
||||||
|
in {
|
||||||
|
services.nginx.virtualHosts = {
|
||||||
|
"acme-${domain}" = {
|
||||||
|
enableACME = true;
|
||||||
|
serverName = "${domain}";
|
||||||
|
|
||||||
|
listen = [
|
||||||
|
{
|
||||||
|
addr = "0.0.0.0";
|
||||||
|
port = 31820;
|
||||||
|
}
|
||||||
|
];
|
||||||
|
};
|
||||||
|
|
||||||
|
"${domain}" = {
|
||||||
|
forceSSL = true;
|
||||||
|
useACMEHost = "${domain}";
|
||||||
|
|
||||||
|
listen = [
|
||||||
|
{
|
||||||
|
addr = "0.0.0.0";
|
||||||
|
port = 8443;
|
||||||
|
ssl = true;
|
||||||
|
proxyProtocol = true;
|
||||||
|
}
|
||||||
|
];
|
||||||
|
|
||||||
|
root = "${dataDir}";
|
||||||
|
|
||||||
|
# Disallow *, since this is staging and doesn't need to be in any search
|
||||||
|
# results.
|
||||||
|
locations."/robots.txt" = {
|
||||||
|
return = "200 \"User-agent: *\\nDisallow: *\\n\"";
|
||||||
|
};
|
||||||
|
|
||||||
|
extraConfig = ''
|
||||||
|
# Make use of the ngx_http_realip_module to set the $remote_addr and
|
||||||
|
# $remote_port to the client address and client port, when using proxy
|
||||||
|
# protocol.
|
||||||
|
# First set our proxy protocol proxy as trusted.
|
||||||
|
set_real_ip_from 172.31.17.140;
|
||||||
|
# Then tell the realip_module to get the addreses from the proxy protocol
|
||||||
|
# header.
|
||||||
|
real_ip_header proxy_protocol;
|
||||||
|
|
||||||
|
error_page 404 /404.html;
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
systemd.tmpfiles.rules = [
|
||||||
|
"d ${dataDir} 0755 ${deployUser} ${deployUser}"
|
||||||
|
];
|
||||||
|
|
||||||
|
# Hackertours CCCHH deploy user already defined in hackertours.hamburg.ccc.de.nix.
|
||||||
|
}
|
|
@ -44,6 +44,8 @@
|
||||||
# Then tell the realip_module to get the addreses from the proxy protocol
|
# Then tell the realip_module to get the addreses from the proxy protocol
|
||||||
# header.
|
# header.
|
||||||
real_ip_header proxy_protocol;
|
real_ip_header proxy_protocol;
|
||||||
|
|
||||||
|
port_in_redirect off;
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
10
config/hosts/status/configuration.nix
Normal file
10
config/hosts/status/configuration.nix
Normal file
|
@ -0,0 +1,10 @@
|
||||||
|
{ ... }:
|
||||||
|
|
||||||
|
{
|
||||||
|
networking = {
|
||||||
|
hostName = "status";
|
||||||
|
domain = "z9.ccchh.net";
|
||||||
|
};
|
||||||
|
|
||||||
|
system.stateVersion = "24.05";
|
||||||
|
}
|
10
config/hosts/status/default.nix
Normal file
10
config/hosts/status/default.nix
Normal file
|
@ -0,0 +1,10 @@
|
||||||
|
{ ... }:
|
||||||
|
|
||||||
|
{
|
||||||
|
imports = [
|
||||||
|
./configuration.nix
|
||||||
|
./networking.nix
|
||||||
|
./nginx.nix
|
||||||
|
./uptime-kuma.nix
|
||||||
|
];
|
||||||
|
}
|
Some files were not shown because too many files have changed in this diff Show more
Loading…
Reference in a new issue