diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 4d7684a..3ad4b00 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -65,12 +65,18 @@ sync_repos: - mkdir -p ~/.ssh - chmod 700 ~/.ssh +.scripts_cache: &scripts_cache + - nix --extra-experimental-features 'nix-command flakes' profile install nixpkgs#attic-client + - attic login skynet https://nix-cache.skynet.ie/ $CACHE_KEY + - attic use skynet-cache + # every commit on main will build and deploy .build_template: &builder tags: - nix before_script: - *scripts_base + - *scripts_cache rules: - changes: - applications/**/* @@ -105,6 +111,7 @@ build: <<: *builder stage: test script: + - attic watch-store skynet-cache & - colmena build -v --on @active-dns - colmena build -v --on @active-core - colmena build -v --on @active diff --git a/applications/nix_cache/nix_cache.nix b/applications/nix_cache/nix_cache.nix new file mode 100644 index 0000000..25061d4 --- /dev/null +++ b/applications/nix_cache/nix_cache.nix @@ -0,0 +1,108 @@ +/* +A nix cache for our use + + +atticd-atticadm make-token --sub "admin_username" --validity "10y" --pull "*" --push "*" --create-cache "*" --delete "*" --configure-cache "*" --configure-cache-retention "*" --destroy-cache "*" + +# for the gitlab runner, done eyarly +atticd-atticadm make-token --sub "wheatly-runner" --validity "1y" --pull "skynet-cache" --push "skynet-cache" +*/ +{ + lib, + config, + pkgs, + inputs, + ... +}: +with lib; let + name = "nix-cache"; + cfg = config.services.skynet."${name}"; +in { + imports = [ + inputs.attic.nixosModules.atticd + ../acme.nix + ../dns.nix + ]; + + options.services.skynet."${name}" = { + host = { + ip = mkOption { + type = types.str; + }; + name = mkOption { + type = types.str; + }; + }; + }; + + config = { + skynet_acme.domains = [ + "${name}.skynet.ie" + ]; + + skynet_dns.records = [ + { + record = "${name}"; + r_type = "CNAME"; + value = cfg.host.name; + } + ]; + + users.groups."nix-serve" = {}; + users.users."nix-serve" = { + isSystemUser = true; + group = "nix-serve"; + }; + + services.atticd = { + enable = true; + + # Replace with absolute path to your credentials file + credentialsFile = "/etc/atticd.env"; + + settings = { + listen = "127.0.0.1:8080"; + + # Data chunking + # + # Warning: If you change any of the values here, it will be + # difficult to reuse existing chunks for newly-uploaded NARs + # since the cutpoints will be different. As a result, the + # deduplication ratio will suffer for a while after the change. + chunking = { + # The minimum NAR size to trigger chunking + # + # If 0, chunking is disabled entirely for newly-uploaded NARs. + # If 1, all NARs are chunked. + nar-size-threshold = 64 * 1024; # 64 KiB + + # The preferred minimum size of a chunk, in bytes + min-size = 16 * 1024; # 16 KiB + + # The preferred average size of a chunk, in bytes + avg-size = 64 * 1024; # 64 KiB + + # The preferred maximum size of a chunk, in bytes + max-size = 256 * 1024; # 256 KiB + }; + }; + }; + + networking.firewall.allowedTCPPorts = [80 443]; + services.nginx = { + enable = true; + group = "acme"; + clientMaxBodySize = "100m"; + recommendedProxySettings = true; + virtualHosts = { + "${name}.skynet.ie" = { + forceSSL = true; + useACMEHost = "skynet"; + locations."/" = { + proxyPass = "http://127.0.0.1:8080"; + }; + }; + }; + }; + }; +} diff --git a/flake.lock b/flake.lock index 10be33e..0385d34 100644 --- a/flake.lock +++ b/flake.lock @@ -4,14 +4,15 @@ "inputs": { "darwin": "darwin", "home-manager": "home-manager", - "nixpkgs": "nixpkgs" + "nixpkgs": "nixpkgs", + "systems": "systems" }, "locked": { - "lastModified": 1690228878, - "narHash": "sha256-9Xe7JV0krp4RJC9W9W9WutZVlw6BlHTFMiUP/k48LQY=", + "lastModified": 1715290355, + "narHash": "sha256-2T7CHTqBXJJ3ZC6R/4TXTcKoXWHcvubKNj9SfomURnw=", "owner": "ryantm", "repo": "agenix", - "rev": "d8c973fd228949736dedf61b7f8cc1ece3236792", + "rev": "8d37c5bdeade12b6479c85acd133063ab53187a0", "type": "github" }, "original": { @@ -29,11 +30,11 @@ ] }, "locked": { - "lastModified": 1660510326, + "lastModified": 1660592437, "narHash": "sha256-xFumnivtVwu5fFBOrTxrv6fv3geHKF04RGP23EsDVaI=", "owner": "kamadorueda", "repo": "alejandra", - "rev": "ef03f7ef74ec97fd91a016a51c9c9667fb315652", + "rev": "e7eac49074b70814b542fee987af2987dd0520b5", "type": "github" }, "original": { @@ -47,14 +48,15 @@ "inputs": { "flake-parts": "flake-parts", "haskell-flake": "haskell-flake", + "hercules-ci-effects": "hercules-ci-effects", "nixpkgs": "nixpkgs_2" }, "locked": { - "lastModified": 1690376079, - "narHash": "sha256-IJiajoljCMUGlp1bwT/loXs1B3RH2FXpLepnqvcPNEY=", + "lastModified": 1714877287, + "narHash": "sha256-mf1/RfkyhzwLLeqU8AdosbBfRQuQzuVMX7XL7GejoRI=", "owner": "hercules-ci", "repo": "arion", - "rev": "f0436c8478d1b5530c115a6b1202c4478dfe2f81", + "rev": "e9945eb6cdaf5c946bacd5a330e7b5ac7b3b2fdd", "type": "github" }, "original": { @@ -63,10 +65,32 @@ "type": "github" } }, + "attic": { + "inputs": { + "crane": "crane", + "flake-compat": "flake-compat", + "flake-utils": "flake-utils", + "nixpkgs": "nixpkgs_3", + "nixpkgs-stable": "nixpkgs-stable" + }, + "locked": { + "lastModified": 1711742460, + "narHash": "sha256-0O4v6e4a1toxXZ2gf5INhg4WPE5C5T+SVvsBt+45Mcc=", + "owner": "zhaofengli", + "repo": "attic", + "rev": "4dbdbee45728d8ce5788db6461aaaa89d98081f0", + "type": "github" + }, + "original": { + "owner": "zhaofengli", + "repo": "attic", + "type": "github" + } + }, "bfom": { "inputs": { "naersk": "naersk", - "nixpkgs": "nixpkgs_5", + "nixpkgs": "nixpkgs_6", "utils": "utils" }, "locked": { @@ -101,9 +125,9 @@ }, "colmena": { "inputs": { - "flake-compat": "flake-compat", - "flake-utils": "flake-utils", - "nixpkgs": "nixpkgs_3", + "flake-compat": "flake-compat_2", + "flake-utils": "flake-utils_2", + "nixpkgs": "nixpkgs_4", "stable": "stable" }, "locked": { @@ -123,7 +147,7 @@ "compsoc_public": { "inputs": { "bfom": "bfom", - "nixpkgs": "nixpkgs_6", + "nixpkgs": "nixpkgs_7", "utils": "utils_2" }, "locked": { @@ -142,6 +166,27 @@ "type": "gitlab" } }, + "crane": { + "inputs": { + "nixpkgs": [ + "attic", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1702918879, + "narHash": "sha256-tWJqzajIvYcaRWxn+cLUB9L9Pv4dQ3Bfit/YjU5ze3g=", + "owner": "ipetkov", + "repo": "crane", + "rev": "7195c00c272fdd92fc74e7d5a0a2844b9fadb2fb", + "type": "github" + }, + "original": { + "owner": "ipetkov", + "repo": "crane", + "type": "github" + } + }, "darwin": { "inputs": { "nixpkgs": [ @@ -150,11 +195,11 @@ ] }, "locked": { - "lastModified": 1673295039, - "narHash": "sha256-AsdYgE8/GPwcelGgrntlijMg4t3hLFJFCRF3tL5WVjA=", + "lastModified": 1700795494, + "narHash": "sha256-gzGLZSiOhf155FW7262kdHo2YDeugp3VuIFb4/GGng0=", "owner": "lnl7", "repo": "nix-darwin", - "rev": "87b9d090ad39b25b2400029c64825fc2a8868943", + "rev": "4b9b83d5a92e8c1fbfd8eb27eda375908c11ec4d", "type": "github" }, "original": { @@ -187,6 +232,22 @@ } }, "flake-compat": { + "flake": false, + "locked": { + "lastModified": 1673956053, + "narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, + "flake-compat_2": { "flake": false, "locked": { "lastModified": 1650374568, @@ -202,7 +263,7 @@ "type": "github" } }, - "flake-compat_2": { + "flake-compat_3": { "flake": false, "locked": { "lastModified": 1668681692, @@ -226,11 +287,11 @@ ] }, "locked": { - "lastModified": 1675933616, - "narHash": "sha256-/rczJkJHtx16IFxMmAWu5nNYcSXNg1YYXTHoGjLrLUA=", + "lastModified": 1714641030, + "narHash": "sha256-yzcRNDoyVP7+SCNX0wmuDju1NUCt8Dz9+lyUXEI0dbI=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "47478a4a003e745402acf63be7f9a092d51b83d7", + "rev": "e5d10a24b66c3ea8f150e47dfdb0416ab7c3390e", "type": "github" }, "original": { @@ -239,7 +300,43 @@ "type": "github" } }, + "flake-parts_2": { + "inputs": { + "nixpkgs-lib": [ + "arion", + "hercules-ci-effects", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1712014858, + "narHash": "sha256-sB4SWl2lX95bExY2gMFG5HIzvva5AVMJd4Igm+GpZNw=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "9126214d0a59633752a136528f5f3b9aa8565b7d", + "type": "github" + }, + "original": { + "id": "flake-parts", + "type": "indirect" + } + }, "flake-utils": { + "locked": { + "lastModified": 1667395993, + "narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "flake-utils_2": { "locked": { "lastModified": 1659877975, "narHash": "sha256-zllb8aq3YO3h8B/U0/J1WBgAL8EX5yWf5pMj3G0NAmc=", @@ -254,16 +351,16 @@ "type": "github" } }, - "flake-utils_2": { + "flake-utils_3": { "inputs": { - "systems": "systems_2" + "systems": "systems_3" }, "locked": { - "lastModified": 1689068808, - "narHash": "sha256-6ixXo3wt24N/melDWjq70UuHQLxGV8jZvooRanIHXw0=", + "lastModified": 1710146030, + "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=", "owner": "numtide", "repo": "flake-utils", - "rev": "919d646de7be200f3bf08cb76ae1f09402b6f9b4", + "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a", "type": "github" }, "original": { @@ -304,6 +401,28 @@ "type": "github" } }, + "hercules-ci-effects": { + "inputs": { + "flake-parts": "flake-parts_2", + "nixpkgs": [ + "arion", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1713898448, + "narHash": "sha256-6q6ojsp/Z9P2goqnxyfCSzFOD92T3Uobmj8oVAicUOs=", + "owner": "hercules-ci", + "repo": "hercules-ci-effects", + "rev": "c0302ec12d569532a6b6bd218f698bc402e93adc", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "hercules-ci-effects", + "type": "github" + } + }, "home-manager": { "inputs": { "nixpkgs": [ @@ -312,11 +431,11 @@ ] }, "locked": { - "lastModified": 1682203081, - "narHash": "sha256-kRL4ejWDhi0zph/FpebFYhzqlOBrk0Pl3dzGEKSAlEw=", + "lastModified": 1703113217, + "narHash": "sha256-7ulcXOk63TIT2lVDSExj7XzFx09LpdSAPtvgtM7yQPE=", "owner": "nix-community", "repo": "home-manager", - "rev": "32d3e39c491e2f91152c84f8ad8b003420eab0a1", + "rev": "3bfaacf46133c037bb356193bd2f1765d9dc82c1", "type": "github" }, "original": { @@ -327,7 +446,7 @@ }, "naersk": { "inputs": { - "nixpkgs": "nixpkgs_4" + "nixpkgs": "nixpkgs_5" }, "locked": { "lastModified": 1652722411, @@ -345,7 +464,7 @@ }, "naersk_2": { "inputs": { - "nixpkgs": "nixpkgs_8" + "nixpkgs": "nixpkgs_9" }, "locked": { "lastModified": 1692351612, @@ -363,7 +482,7 @@ }, "naersk_3": { "inputs": { - "nixpkgs": "nixpkgs_10" + "nixpkgs": "nixpkgs_11" }, "locked": { "lastModified": 1686572087, @@ -381,11 +500,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1677676435, - "narHash": "sha256-6FxdcmQr5JeZqsQvfinIMr0XcTyTuR7EXX0H3ANShpQ=", + "lastModified": 1703013332, + "narHash": "sha256-+tFNwMvlXLbJZXiMHqYq77z/RfmpfpiI3yjL6o/Zo9M=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "a08d6979dd7c82c4cef0dcc6ac45ab16051c1169", + "rev": "54aac082a4d9bb5bbc5c4e899603abfb76a3f6d6", "type": "github" }, "original": { @@ -425,7 +544,38 @@ "type": "indirect" } }, + "nixpkgs-stable": { + "locked": { + "lastModified": 1711460390, + "narHash": "sha256-akSgjDZL6pVHEfSE6sz1DNSXuYX6hq+P/1Z5IoYWs7E=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "44733514b72e732bd49f5511bd0203dea9b9a434", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-23.11", + "repo": "nixpkgs", + "type": "github" + } + }, "nixpkgs_10": { + "locked": { + "lastModified": 1693087214, + "narHash": "sha256-Kn1SSqRfPpqcI1MDy82JXrPT1WI8c03TA2F0xu6kS+4=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "f155f0cf4ea43c4e3c8918d2d327d44777b6cad4", + "type": "github" + }, + "original": { + "id": "nixpkgs", + "ref": "nixos-23.05", + "type": "indirect" + } + }, + "nixpkgs_11": { "locked": { "lastModified": 1687011986, "narHash": "sha256-ZNSi/wBw12d7LO8YcZ4aehIlPp4lgSkKbrHaoF80IKI=", @@ -439,7 +589,7 @@ "type": "indirect" } }, - "nixpkgs_11": { + "nixpkgs_12": { "locked": { "lastModified": 1686921029, "narHash": "sha256-J1bX9plPCFhTSh6E3TWn9XSxggBh/zDD4xigyaIQBy8=", @@ -454,7 +604,7 @@ "type": "indirect" } }, - "nixpkgs_12": { + "nixpkgs_13": { "locked": { "lastModified": 1687274257, "narHash": "sha256-TutzPriQcZ8FghDhEolnHcYU2oHIG5XWF+/SUBNnAOE=", @@ -468,7 +618,7 @@ "type": "indirect" } }, - "nixpkgs_13": { + "nixpkgs_14": { "locked": { "lastModified": 1689935543, "narHash": "sha256-6GQ9ib4dA/r1leC5VUpsBo0BmDvNxLjKrX1iyL+h8mc=", @@ -482,7 +632,7 @@ "type": "indirect" } }, - "nixpkgs_14": { + "nixpkgs_15": { "locked": { "lastModified": 1690026219, "narHash": "sha256-oOduRk/kzQxOBknZXTLSEYd7tk+GoKvr8wV6Ab+t4AU=", @@ -496,7 +646,7 @@ "type": "indirect" } }, - "nixpkgs_15": { + "nixpkgs_16": { "locked": { "lastModified": 1695978539, "narHash": "sha256-lta5HToBZMWZ2hl5CautNSUgIZViR41QxN7JKbMAjgQ=", @@ -510,7 +660,7 @@ "type": "indirect" } }, - "nixpkgs_16": { + "nixpkgs_17": { "locked": { "lastModified": 1695837737, "narHash": "sha256-KcqmJ5hNacLuE7fkz5586kp/vt4NLo6+Prq3DMgrxpQ=", @@ -526,11 +676,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1676300157, - "narHash": "sha256-1HjRzfp6LOLfcj/HJHdVKWAkX9QRAouoh6AjzJiIerU=", + "lastModified": 1714635257, + "narHash": "sha256-4cPymbty65RvF1DWQfc+Bc8B233A1BWxJnNULJKQ1EY=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "545c7a31e5dedea4a6d372712a18e00ce097d462", + "rev": "63c3a29ca82437c87573e4c6919b09a24ea61b0f", "type": "github" }, "original": { @@ -541,6 +691,22 @@ } }, "nixpkgs_3": { + "locked": { + "lastModified": 1711401922, + "narHash": "sha256-QoQqXoj8ClGo0sqD/qWKFWezgEwUL0SUh37/vY2jNhc=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "07262b18b97000d16a4bdb003418bd2fb067a932", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixpkgs-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_4": { "locked": { "lastModified": 1696019113, "narHash": "sha256-X3+DKYWJm93DRSdC5M6K5hLqzSya9BjibtBsuARoPco=", @@ -556,20 +722,6 @@ "type": "github" } }, - "nixpkgs_4": { - "locked": { - "lastModified": 1652840887, - "narHash": "sha256-gEK4NNa4GwIgTZE63kt/4WTFAWRTJVSa30+h4ZjFh9U=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "52dc75a4fee3fdbcb792cb6fba009876b912bfe0", - "type": "github" - }, - "original": { - "id": "nixpkgs", - "type": "indirect" - } - }, "nixpkgs_5": { "locked": { "lastModified": 1652840887, @@ -585,6 +737,20 @@ } }, "nixpkgs_6": { + "locked": { + "lastModified": 1652840887, + "narHash": "sha256-gEK4NNa4GwIgTZE63kt/4WTFAWRTJVSa30+h4ZjFh9U=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "52dc75a4fee3fdbcb792cb6fba009876b912bfe0", + "type": "github" + }, + "original": { + "id": "nixpkgs", + "type": "indirect" + } + }, + "nixpkgs_7": { "locked": { "lastModified": 1691371061, "narHash": "sha256-BxPbPVlBIoneaXIBiHd0LVzA+L4nmvFCNBU6TmQAiMM=", @@ -598,13 +764,13 @@ "type": "indirect" } }, - "nixpkgs_7": { + "nixpkgs_8": { "locked": { - "lastModified": 1706913249, - "narHash": "sha256-x3M7iV++CsvRXI1fpyFPduGELUckZEhSv0XWnUopAG8=", + "lastModified": 1715266358, + "narHash": "sha256-doPgfj+7FFe9rfzWo1siAV2mVCasW+Bh8I1cToAXEE4=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "e92b6015881907e698782c77641aa49298330223", + "rev": "f1010e0469db743d14519a1efd37e23f8513d714", "type": "github" }, "original": { @@ -613,7 +779,7 @@ "type": "indirect" } }, - "nixpkgs_8": { + "nixpkgs_9": { "locked": { "lastModified": 1693060755, "narHash": "sha256-KNsbfqewEziFJEpPR0qvVz4rx0x6QXxw1CcunRhlFdk=", @@ -627,30 +793,16 @@ "type": "indirect" } }, - "nixpkgs_9": { - "locked": { - "lastModified": 1693087214, - "narHash": "sha256-Kn1SSqRfPpqcI1MDy82JXrPT1WI8c03TA2F0xu6kS+4=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "f155f0cf4ea43c4e3c8918d2d327d44777b6cad4", - "type": "github" - }, - "original": { - "id": "nixpkgs", - "ref": "nixos-23.05", - "type": "indirect" - } - }, "root": { "inputs": { "agenix": "agenix", "alejandra": "alejandra", "arion": "arion", + "attic": "attic", "colmena": "colmena", "compsoc_public": "compsoc_public", - "flake-utils": "flake-utils_2", - "nixpkgs": "nixpkgs_7", + "flake-utils": "flake-utils_3", + "nixpkgs": "nixpkgs_8", "simple-nixos-mailserver": "simple-nixos-mailserver", "skynet_discord_bot": "skynet_discord_bot", "skynet_ldap_backend": "skynet_ldap_backend", @@ -681,7 +833,7 @@ "simple-nixos-mailserver": { "inputs": { "blobs": "blobs", - "flake-compat": "flake-compat_2", + "flake-compat": "flake-compat_3", "nixpkgs": [ "nixpkgs" ], @@ -708,7 +860,7 @@ "skynet_discord_bot": { "inputs": { "naersk": "naersk_2", - "nixpkgs": "nixpkgs_9", + "nixpkgs": "nixpkgs_10", "utils": "utils_4" }, "locked": { @@ -730,7 +882,7 @@ "skynet_ldap_backend": { "inputs": { "naersk": "naersk_3", - "nixpkgs": "nixpkgs_11", + "nixpkgs": "nixpkgs_12", "utils": "utils_5" }, "locked": { @@ -751,7 +903,7 @@ }, "skynet_ldap_frontend": { "inputs": { - "nixpkgs": "nixpkgs_12", + "nixpkgs": "nixpkgs_13", "utils": "utils_6" }, "locked": { @@ -772,7 +924,7 @@ }, "skynet_website": { "inputs": { - "nixpkgs": "nixpkgs_13", + "nixpkgs": "nixpkgs_14", "utils": "utils_7" }, "locked": { @@ -793,7 +945,7 @@ }, "skynet_website_2016": { "inputs": { - "nixpkgs": "nixpkgs_14", + "nixpkgs": "nixpkgs_15", "utils": "utils_8" }, "locked": { @@ -814,7 +966,7 @@ }, "skynet_website_games": { "inputs": { - "nixpkgs": "nixpkgs_15", + "nixpkgs": "nixpkgs_16", "utils": "utils_9" }, "locked": { @@ -835,7 +987,7 @@ }, "skynet_website_renew": { "inputs": { - "nixpkgs": "nixpkgs_16", + "nixpkgs": "nixpkgs_17", "utils": "utils_10" }, "locked": { @@ -885,6 +1037,21 @@ "type": "github" } }, + "systems_10": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, "systems_2": { "locked": { "lastModified": 1681028828, @@ -1022,7 +1189,7 @@ }, "utils_10": { "inputs": { - "systems": "systems_9" + "systems": "systems_10" }, "locked": { "lastModified": 1694529238, @@ -1040,7 +1207,7 @@ }, "utils_2": { "inputs": { - "systems": "systems" + "systems": "systems_2" }, "locked": { "lastModified": 1689068808, @@ -1073,7 +1240,7 @@ }, "utils_4": { "inputs": { - "systems": "systems_3" + "systems": "systems_4" }, "locked": { "lastModified": 1692799911, @@ -1091,7 +1258,7 @@ }, "utils_5": { "inputs": { - "systems": "systems_4" + "systems": "systems_5" }, "locked": { "lastModified": 1685518550, @@ -1109,7 +1276,7 @@ }, "utils_6": { "inputs": { - "systems": "systems_5" + "systems": "systems_6" }, "locked": { "lastModified": 1687171271, @@ -1127,7 +1294,7 @@ }, "utils_7": { "inputs": { - "systems": "systems_6" + "systems": "systems_7" }, "locked": { "lastModified": 1689068808, @@ -1145,7 +1312,7 @@ }, "utils_8": { "inputs": { - "systems": "systems_7" + "systems": "systems_8" }, "locked": { "lastModified": 1689068808, @@ -1163,7 +1330,7 @@ }, "utils_9": { "inputs": { - "systems": "systems_8" + "systems": "systems_9" }, "locked": { "lastModified": 1694529238, diff --git a/flake.nix b/flake.nix index a1cbad4..714096b 100644 --- a/flake.nix +++ b/flake.nix @@ -16,6 +16,7 @@ inputs.nixpkgs.follows = "nixpkgs"; }; colmena.url = "github:zhaofengli/colmena"; + attic.url = github:zhaofengli/attic; # email # simple-nixos-mailserver.url = "gitlab:simple-nixos-mailserver/nixos-mailserver"; @@ -78,7 +79,11 @@ }; }; - nixConfig.bash-prompt-suffix = "[Skynet Dev] "; + nixConfig = { + bash-prompt-suffix = "[Skynet Dev] "; + extra-substituters = "https://nix-cache.skynet.ie/skynet-cache"; + extra-trusted-public-keys = "skynet-cache:OdfA4Or0JcHiHf05fsiIR4nZT2z2yDEtkoLqhntGAz4="; + }; outputs = { self, @@ -97,6 +102,7 @@ nativeBuildInputs = [ pkgs.buildPackages.git colmena.defaultPackage."x86_64-linux" + pkgs.attic-client pkgs.buildPackages.nmap ]; buildInputs = [agenix.packages.x86_64-linux.default]; @@ -158,6 +164,9 @@ # trainee server marvin = import ./machines/marvin.nix; + + # nix cache server + calculon = import ./machines/calculon.nix; }; }; } diff --git a/machines/calculon.nix b/machines/calculon.nix new file mode 100644 index 0000000..c11bb38 --- /dev/null +++ b/machines/calculon.nix @@ -0,0 +1,53 @@ +/* + +Name: +Why: Speed everything up +Type: VM +Hardware: - +From: 2024 +Role: Nix Cache +Notes: +*/ +{ + pkgs, + lib, + nodes, + inputs, + ... +}: let + name = "calculon"; + ip_pub = "193.1.99.82"; + hostname = "${name}.skynet.ie"; +in { + imports = [ + ../applications/nix_cache/nix_cache.nix + ]; + + deployment = { + targetHost = ip_pub; + targetPort = 22; + targetUser = null; + + tags = []; + }; + + # it has two network devices so two + skynet_dns.records = [ + { + record = name; + r_type = "A"; + value = ip_pub; + server = true; + } + { + record = ip_pub; + r_type = "PTR"; + value = hostname; + } + ]; + + services.skynet.nix-cache.host = { + ip = ip_pub; + name = name; + }; +} diff --git a/secrets/backup/restic.age b/secrets/backup/restic.age index 34e6e64..ee33aa4 100644 Binary files a/secrets/backup/restic.age and b/secrets/backup/restic.age differ diff --git a/secrets/backup/restic_pw.age b/secrets/backup/restic_pw.age index 16f230b..31474d1 100644 --- a/secrets/backup/restic_pw.age +++ b/secrets/backup/restic_pw.age @@ -1,17 +1,13 @@ age-encryption.org/v1 --> ssh-ed25519 V1pwNA LoF1ddALOVnrPikVoFfIO/Hrydrqoh/4W5DaSMZHkUs -Fla3oxohjlE6oUkx9tsroXcbDqQoQfi4qixrEqy2+/4 --> ssh-ed25519 4PzZog tojPturHggZ54bUlyCbr0hwLbhTPpBR/o90XT9DYf0Y -it+mlc2OKzxnEF08ao0J+aJezA20eAaRBW+ODgiX09k --> ssh-ed25519 5Nd93w W5FDJ7geDB27elGpL6SHBA54Al3uTU67FNsTt63E5H4 -1N3NVwEC3QqjpwdFk/SRWFpTUk1tTH7YPQdV2MmF/II --> ssh-ed25519 q8eJgg yJj2ImpyTpjLGiPqxQ/03tGFDnDN08Gr93rPRUYLLyk -PLSFba8JFM2na4h6XIzVeKKEw61/ZwlpQdesIHPtggY --> ssh-ed25519 3pl/Kw Zu5dWL1GkgL8ZhmFuTg56GRGTvTTDXYOXGN75/h37wQ -nvNXCSa/VsjchPWRMoFNCRLe6SK/trUrGgKa7iJkprA --> vZ[z@fHA-grease -mAV/h887fY2ispnlxuTZ+LR/EIYhV6LqbyuDpEc4p0jnwdpYhEAfU4KKZtnxae22 -q/IM3g ---- QXUMgsJS6LdbF4du60HslLfcBq5xNsazlzAHb7jSeDI -|eC >,Vĕ˝3Mb$iIs=qk܃Di -֟;S)<+)uR겗e[4}{61Wr EPI \ No newline at end of file +-> ssh-ed25519 V1pwNA olslO4c+ZlJtfdnTvlUz/JToxVa4mKVMc2eImIb3R34 +xVWXF6S38aPtZnhVdJBFcNMLZbsXyfGOyP4xvVmcqwg +-> ssh-ed25519 4PzZog zmdNvTqZx9XNzXITLXZrIrtlKm1+r3BCthr5z3JNMDo +hGyzFvvPf/OpNwBKml3R7nas8n3KihaMtZipnbB6Hx4 +-> ssh-ed25519 5Nd93w FB2Q42uQesjMDfE0WpVAp/0bob/37k1BDBBH13ul5QM +tFrXKb372CcnEMaunjm9aJ6ZBEXLK/EvhAD0Lc5haqQ +-> ssh-ed25519 q8eJgg yzncjdMSAILkSPzccY9uq4yULhbVi447IkC2mk+b5GY +YdEh5Fbr4U1Jwr2r7tNDorzrxyRVy5n5Cb9hhQG+TPs +-> ssh-ed25519 3pl/Kw sZ0skpiwJWPoqGMIhIUonQkJ5Pa1i37X9OyJHVwRngs +FqHMytq+bYoQBI/BwQvmjR1hvInhltkcuV1H6mcolUY +--- 0MouBOwGiCtj1xzuEZNiu0v/1vsqrHX349hRrTADwZs +s+7pɍ`h*pBNyb:4 T۰,"yګΓ@NR]жbuk/1jDn]'z oG \ No newline at end of file diff --git a/secrets/bitwarden/details.age b/secrets/bitwarden/details.age index 5e36846..80c4e9e 100644 Binary files a/secrets/bitwarden/details.age and b/secrets/bitwarden/details.age differ diff --git a/secrets/bitwarden/id.age b/secrets/bitwarden/id.age index f9d1e61..3176665 100644 Binary files a/secrets/bitwarden/id.age and b/secrets/bitwarden/id.age differ diff --git a/secrets/bitwarden/secret.age b/secrets/bitwarden/secret.age index bb4a338..654e6dd 100644 --- a/secrets/bitwarden/secret.age +++ b/secrets/bitwarden/secret.age @@ -1,15 +1,13 @@ age-encryption.org/v1 --> ssh-ed25519 V1pwNA BxPb6d6nlJHiTkbcwOoPrvAPBuR1iJSFAXIp9n23Ix0 -hl0X3RjOEYp2G1QU4SC6CBF5YVlCWiakMsRbGTBYkzs --> ssh-ed25519 4PzZog Nf/tUysmhTfzaoHhubwdQ5NKZw5SBd3CEs129FGkuio -750oaBtfeBEpDuasZFr7RY5uBzFZZNMNGQkRyFfEGCo --> ssh-ed25519 5Nd93w fI9TNLWkDkvLCDA8eTMfVw7fRPylWHPGzPupya737xY -wQcz+yf+EqDNmRWqldNuQjjy9tKc1zN//yumtGpGbaM --> ssh-ed25519 q8eJgg T9Iv+fRwmOLYMXe3ur6dqudA1z2wQsKQX6ogkyQT3Fw -LBYKL2OtLiwq25FkvZjT4H3tu8fOA+KFmFp5vjbncLI --> ssh-ed25519 IzAMqA O9JfKAlOUao2S14iczlnTzT2sTSAM1vOR5KjO8eJMG0 -ioTSe6X4E6jE4c9Utl2d6EUHZYilnbtRnB5QJg3S3Q4 --> 6&-grease -BkWorA2LiphyWLmdV3AeKsI ---- +MO1wX7pJf7eq4MkiWSP+xyxThI5jnfseS8jd7LbFoY -WV>dD"`i+ ǸլSмkHOjt*k؏Ԣ9P \ No newline at end of file +-> ssh-ed25519 V1pwNA GVmv4CgKJ4b8Hv52C+1f/g58CbBLacpZ1CuyMrH+P3c +2JJ0TfpA4V+ZjbcbRxVN/NKPTm/KtKQ/A5fE33n0jAU +-> ssh-ed25519 4PzZog 8ZoG98iY1oUChmdWuRzxwAY0Lk88FVwMH6M5+HctGjg +TZ6bTswrAXji/YEaqUcZpxcqZnijvZBa3nq/rDorHkc +-> ssh-ed25519 5Nd93w 1QLznyfI5HuZiFOKlDJW/tw0tRiz/VADYJTfQVxzrRg +2n5f2UMzG7BFNV7zyPw4lleQdQJsRRG+0lcbuTvP1Pg +-> ssh-ed25519 q8eJgg 1ihAcMOK6p+chq0ivA0JY5QJrjhkGc9b1AxzWHFa3Xc +nfC3dXD6J4S18qjUO91hSNxOGnukFVFykq8HqntmKv8 +-> ssh-ed25519 IzAMqA wBM3jR8cmXa6yvNi1wTsdBX6qotosuBRu1rKYLJ/FCk +MUtMJjn+8Fbx9CjpUaciJPd8NOXxsJHGT/x60OF6O1U +--- d0tAB4cQva5jGPj8G8v5GrSFu0WfmjSYU+BmvDZsaLU +w'Dzޞjǵ$d-ʢC󣘽5ݟW, FjY9[[8  \ No newline at end of file diff --git a/secrets/discord/ldap.age b/secrets/discord/ldap.age index ab6803d..f036de1 100644 --- a/secrets/discord/ldap.age +++ b/secrets/discord/ldap.age @@ -1,22 +1,20 @@ age-encryption.org/v1 --> ssh-ed25519 V1pwNA icye7bxeLugaCuSwMYAZQOrI7tcG8uc9XR5lTYBkWQ4 -HRsRB0GVkMPS0afDz0ybcTZ/oexA7zV9U6hYyyVm/hQ --> ssh-ed25519 4PzZog ihJwwtlgiICUNgrpwVVKAAcDP9JxPgBmcruW1em8RU4 -/c6JJDzrHwyEelgMaoDeADVD/yL+ptrDdgSSMFceuXs --> ssh-ed25519 5Nd93w aLRd09zpjgCnj84pFFfPd9FrJGsnemOb99EG/TPe+UM -hEM/T5j4oZI05597dI148eRbRU0P/E02RAD5ypsl1eo --> ssh-ed25519 q8eJgg dwCo6ph1KTMDgFnJLrGFtzscrHxog6WGRUaPdBOuCSo -WCxgbOjZy9vkgcYTa4t/bgc5qfxlpFOiQ3vtCvb+uWM --> ssh-ed25519 IzAMqA Q+XUnmVUAstlxgZTiXXGZN7Nzo6G0zgS3jtil8MKd0w -1VFkeEGLZLh+j7e1RJW1iCx8ueLNTljTsxpujkhwBPI --> ssh-ed25519 uZzB3g FeuGUR8zcPUHkev9PVARM2ac4Ezk9EjO3gWL15kkjjM -W7DXwMWrIKEzs2IJ4MH/diaqkUK+lYE5ocJ3qD26NyU --> ssh-ed25519 Hb0ipQ +hueeoIxI4+E0bkElclszUoD4ftHLkiqe6XGcMNbAn4 -mS/SFhLfjQYa76qhDXvMijkvbWkGRGcv7HWlszArX14 --> ssh-ed25519 IzAMqA CLf1vDYSLjW2InHfHCEfq/b7j3zyRH0TTcLSQ0Evmn4 -tuq2+h0UVzt/lTFdpLn+fr5rIYdf8mgdDny8Cak+k3c --> x-grease -Eeo9UQ7LVOjORlpR2Jf7K6P2OEdc6HWWQ6/Yt//KHWxKStUtMv2fPIHu3A8h8mHl -iQT/Xmlg ---- 0/OGiJqIu2aFUO8vqJ936PvDDNiohDSVkqpsiCxzfiE -Z l.jZEӴFx6M!:zb.tDΊz#:xc}?cF/؉;ˁ"eJM_Gve7ck\E9&O+<ړ+Պ 2Hm \ No newline at end of file +-> ssh-ed25519 V1pwNA f6xGNtufcGjWlCNkhlF1YMNhwMIjpW0ojqD7fDhPjBE +fCVybFD61VIpm20zeVvKCsOclGhzN7RwRViw6EeWY8o +-> ssh-ed25519 4PzZog nHWP3E5ZNvSwTjeNWL5qqmPsnXBWUEs/e7trIQuT2CI +n9zztxz/XTIY5mPLSkFabYfsGugSrP7bdrXzf993MTo +-> ssh-ed25519 5Nd93w 1Nxqu7Lgv+KBNSoWMem3dBou4xrafQcE4XFlGCgwpCk +vZe2WYM+FfrNXog4iEKAwlAQsAuDEp2tdl/WzhRaju0 +-> ssh-ed25519 q8eJgg ywDORriWBqKl15CDZccFC0EbX8StgGYP3nbkOwKDbTU +ULGvROpIUv8GG/WdRIxpfovjl/08knlgQxpipUJe5vk +-> ssh-ed25519 IzAMqA RgipLXB0jBR4ghCrXXMx9/Pu03E4gBYow4gWYDPzHCc +gVAHf9H0fZrPL/8+NWx5Jlr/7UrvQdpLSGXEMiNdmrQ +-> ssh-ed25519 uZzB3g UbeXy7a4ZkdEjIIBCLD/zNKmlY2ooTO0CbGl1Y9lJRg +aajwx+NrY7iwOkT9hkk9ocdUlNm1f4epqXNosPxJpr0 +-> ssh-ed25519 Hb0ipQ 8sdgjex0JqgckMibuS1jdiJgkjvWGO8tUvlpWoYmxiM +CoUeJ+vEbBit9JZhvyz0dHX5IgNywGE4XfeCtVV94GI +-> ssh-ed25519 IzAMqA 41gq5+Itn20lMFlS7AnJ5JLl6OEbJ9Q32M/1TUDl0is +PFjQ3Gb4LajOxSjJgp6s2dkZrDFinniDGL8hXtlomqE +--- vxbU9/Jgdf0fkUD3hrdHUgPV3ipn9MazV54zlh4s4Yc ++Id/ffț1/xO䮝="<( Ofsrh+=E{= +C&QsVu}44UٝUSj%iHXښ7F݆4>Ѩf0ƶ)DX)ϗ$2YXٮ%s \ No newline at end of file diff --git a/secrets/discord/token.age b/secrets/discord/token.age index c4969af..4e083ca 100644 Binary files a/secrets/discord/token.age and b/secrets/discord/token.age differ diff --git a/secrets/dns_certs.secret.age b/secrets/dns_certs.secret.age index b0bbb73..7d1f348 100644 --- a/secrets/dns_certs.secret.age +++ b/secrets/dns_certs.secret.age @@ -1,34 +1,31 @@ age-encryption.org/v1 --> ssh-ed25519 V1pwNA 2QqdIJOBGkHQYLkNX0NRvazb6IBk4SYYps1lAC8N+WM -GkubePEafiWi3SfR8GXeXU8+HH4PxdwHPd9GOgvzhWw --> ssh-ed25519 4PzZog WEUGHm/9UeG0iFVKxFkaZYRtmqlVF3b3ikRQlA4Jgyw -yl/pe3c9C147jQj/uNIN5QMkFiVSAG9CQHMEOmK8UUQ --> ssh-ed25519 5Nd93w glFj1OmRcPMfXX8ZNklv3Lpoq27u9pK7LNtFWVUwjio -FeNTpW3aqxYE84kGRze9BMR2hDRsBj9a9+439fqp23A --> ssh-ed25519 q8eJgg 2GCD+0xk/pRUefV/qWv5GKsTS/vu5hGtr7lOPteWSS8 -M4Fsni71ockMvu669XMHM9++hXiz7TdFLf6o1izc0bc --> ssh-ed25519 XSrA6w yaCOzzT0GnCzdrARp2FQHV7npbD/JnuV4tSYwIprdXE -iEIgUn1+aDXN6+qDBNj4ltdCXYqxEmXXql645cGSyrE --> ssh-ed25519 DVzSig kQJIpvtSZSw1IUDIb3z7HNRz4dw5H3jb8ozcynSe5Bk -aHT8f8DncqP8pgE9oL70619xyNtDBzxB29Hq/ma2rt8 --> ssh-ed25519 SqDBmA QDrZMYCMSsqmhFIMaNi/keyPOry3YHwS0dMGGumJLzs -Tj0oKWFsU2aR7CQSyeDYWq7nY/vbcOkMD9JrLFaq2Uo --> ssh-ed25519 UE6fcQ Hb0Bp60va2pYytRaSaLbT9sKcosbcezSJs7DNiS7jgw -41IjrgNOPB69pabq3JRhdFNocy661JSCmXLdk988Hyw --> ssh-ed25519 IzAMqA 54sUUDUo1EurSpAIHhwUYWUF4jabHauQqzdaZv+q6WU -14C6ao5GUpicJrdIzP0YibKO0xoY3ehc1GDEWdWA3Mg --> ssh-ed25519 uZzB3g I/XkpzTDdYac5rJjElfNpD9gh70hnzImBBtBnEse5z8 -9SzTUatocYlqsyoNJ3oPaA6nZ4gZaRzUUs/zSXTPLM0 --> ssh-ed25519 Hb0ipQ h/VbRE/4QmlDmxl0nuzV828L75zK14FJTlxucIgw5Fc -EbTPH0ma+TA+tbfluXrvNU7mfqrK3Onn1riikEA3t08 --> ssh-ed25519 uZzB3g M0z7FxgMYUNi5CMRYnpTueyx5RwhJtArrv8o6pj+LEI -JjlkieTaJ+kz4CxdyPN4MDR1IUoWJf/uCGZj9jc+csY --> ssh-ed25519 YFaxCg 1C4qRq/rM5B36KZ3MkGl1wT9NwsSQBoefccxiBi3qVc -TKz4Ok/TVANl7cQ5sySccxWySWBXPtvJDM+eV1dsTz4 --> !s-grease j^W+6, Ab -Io86Mr5+tdtC+WUnf7YWjuOE9oHm2iLwyRRiEKgjxDIvNtDgdiZ+0nZ7yDRmuO48 -6OKmc9Wc2nsqknT6odS8hAgR2jIPXvg ---- 4YBEXs7Qucs2NbbyqhTgQrWZhejQa4XmK1mgd5eW4yc -~#)+s?Yy>_b?L+)c(8$HmM`7'c&cOhJs|xW6kHw7@4NPzWm >"?JP 8KaU^."=g6(jAEP.yWl -3 a -M"lky Ө9#og`punҷC \ No newline at end of file +-> ssh-ed25519 V1pwNA tzgPuOSktRbzGWk2BDFHmbr1Sm05qdYjyRz2/HTx6B4 +U81/Gr5l69wte3fAtN3nYfx5OAMu5x7WTS4gygHUucc +-> ssh-ed25519 4PzZog EPHeQJYsFoEHlgScAHEsu5qvylaTzvcPw3Y2CXOSuWQ +U2PGDUHKIAR/0qovVc7ovAT9dyn/fOTncfNWrKk8ljY +-> ssh-ed25519 5Nd93w 4CHAkRax2v275ksja2Pxw+5DoZXWNKd3lHZq8+Y1W0U +Br95FoQN2AZf2io3wFTX7SCHxGoGv2O/8/kbnu2bqvg +-> ssh-ed25519 q8eJgg zds5ccfqHdh67yLnN+33eXwHF5FFKVFAxW8Ecgk7ZHg +vDZ13K30m+rx+wyteX8SuA5uEI9dZMV/vRJSt9ydKMo +-> ssh-ed25519 XSrA6w 27EVcnWYtJnsl1EJtmbucY3pyXHRZKezi8KN30bK0Vc +y41vgV5yH3aZJUx0Wl/zP29466yOl2IGgl+6ti3pAVQ +-> ssh-ed25519 DVzSig XRuB0GkA1CFvcq7mc2Nod79+jYnN26dEOfCDcRoS+nc +Oy//M5W8tspc/YmQjYK8joYYpm3SoKfrKKmrLmSy7z0 +-> ssh-ed25519 SqDBmA cSiRVHtiZbLp/OFS+5tOgmf5msgfaTUW+6U9vC8Nj1s +8pymGU7WaIx3o0WkwqFXgM9lFjvablusQF/9O9xRrcQ +-> ssh-ed25519 UE6fcQ rl54j3p+k4eMCC63Hl2hKyWkKwWAS61iBdhGolnh7g0 +fqO/fSuwRyTAW49t0w/ffTMaIAvBnJrX94grAO2f0uI +-> ssh-ed25519 8vZ9CQ old/mJ0AN9vJmvbr1/0ELh02R8tGPys+rwSj6Tq2Sh8 +W+BcsKswtQv+e7kAjHn6vrdApawGuNwIAK2hNV3SJWo +-> ssh-ed25519 IzAMqA lotJU4JW3eHjdb+ZQ3s2XN7JmZz3FFBh7CJ1t+/+Ghc +wIJsNn4SUXjtobDz1xzLSe0oEqo3nRlWjJiLqDiHv6A +-> ssh-ed25519 uZzB3g eH+/Tew6AU7j95BBMcUtwnaoReZeFp6CaF1S+JdWUCQ +VjNNv+gd1JkUVFtJx4H7qDKpOPSkgRVcsJhYFhPxbWI +-> ssh-ed25519 Hb0ipQ k732pON+GqpltKfPmArf/d6wX0L5OLVh6l56M0Vf6UU +UdEG5xrFoFnjXAb47uPO0lC957yvocPgK7iRrxwBvg0 +-> ssh-ed25519 uZzB3g 0Q1BNGOJoH41b6z8YG/QOi8wshGJsPHN7XXMAyIVTwE +ecj8oOZyRSYCXPXEQXmM/KDZktEpsgyohQtK45Du1ow +-> ssh-ed25519 YFaxCg hHWU1ehve1zeDoilyZh1QjtSiGgii0i3ks7+DCXuPmI +krPnm4YCmcg98u735WdiwCeMLG/5Ie8rk0/AE7ZP+qk +--- 6aIkITPoSXpoPQB7IqEDvbC5SqQt+91+8SiNZbfrfwQ +0fdrCT اwwTS=M(F PQжx* Tad]Dt>W0T?i}W.n0jSʫ2\~ snДle$ 3ԭ쨋8{iY.uI|vkFvOOcsA ]:3p0\91( \ No newline at end of file diff --git a/secrets/dns_dnskeys.conf.age b/secrets/dns_dnskeys.conf.age index af886e5..54ede46 100644 --- a/secrets/dns_dnskeys.conf.age +++ b/secrets/dns_dnskeys.conf.age @@ -1,18 +1,17 @@ age-encryption.org/v1 --> ssh-ed25519 V1pwNA 4DenEF3jiCxCBa/F8ehgk13NlKvLzEfIxeQVTlMvM3Y -czXCvVsOMZDmAzqxT6z0mCsGntVeLNAJX+IIz/5XS6Q --> ssh-ed25519 4PzZog 1fBsKWaKTGW1gioyrDoRsCqFhGfIThj1cq3GaPDlIjs -BFcSRxbrO3n91pEXNV7pInCRAH3W4NHFOYPDlvpPqkc --> ssh-ed25519 5Nd93w 4vy51/o4XExQqMRP3DyeVK0GJO71jYCm17qH5tC230k -UgDrJ2xPGL0O16g+BFOw/kEso19lB3QD35vLhxmQ2h4 --> ssh-ed25519 q8eJgg tAGYnvVu5NAlrs9UoEIUb6H898V5y/st/lnGm3w2o1Q -SYK1mWCClDoK3dj2KYmicOLRvgDC0qdOmhE/AFFWa+s --> ssh-ed25519 NtlN/A iXJJI8ILFcZvIPaHkWOYSUVwFJOEB5GPpZX/5EcWJlQ -XpiJUa+J2rjsAhhQT4szCwDMudGjuveslcsLs3wVSA4 --> ssh-ed25519 v2Y09A SkswYtVP5bn6FJZwL9AxxONpEyB44Oct+tz+eP4bUwE -0rDV7iOQI7GAJ0VkqozwgA3guoCRvCb5e3lgPAmhlXo --> ~=-grease -xBfYaHlWp09gHdR9CQ ---- wrlmOZpShrH1kgr4cDBNDjPk/zLA5Ro94cpUy06cH34 -hsIC -s15k|`3rUVڋ`v{ע1մNjHԡӥY+NҪs浓C+&0"VyjV⠝Ͽpܽ$-8$@ե{TFF d| \ No newline at end of file +-> ssh-ed25519 V1pwNA omE94iB1hTPkde6EfVej2cCtb8tCAczYOeHa9ZibcC8 +85+fPpShqO4OmETJ72eQlJmueOcof9nWOMW9B4Kd+Gw +-> ssh-ed25519 4PzZog gAreCKVlc+bRbbwbg706yWOeMJtbQNxNm5ZO35tETjg +XYn9InewtIZgp0hu/Z+HgU0qQLWuDtk9YH2rTG8Dy7E +-> ssh-ed25519 5Nd93w 8+RDdkA6k+L0B1FaajfF7gNKAVWi+jSOEu4qGYmrvTA +453wvNGH3ghMtQ5s69U2saSNVBxHya4h6AK73l7u7Mc +-> ssh-ed25519 q8eJgg igT5/6JbBdC5SNSSmB5c/Fe/hEbkJM7shzTa40hmKm8 +uWiet2aX+Jvhm64xEBajbvWODK2s974Qx6wGBDuTP80 +-> ssh-ed25519 NtlN/A 1c+c70Cl+2NxacvNdAQSV0APTtH99HN5iRTgN36vyV4 +rPhvangDj9jL/SFW/3ztNdXpQYQxKBQUB2uTbuS3bRY +-> ssh-ed25519 v2Y09A H0G9oRW2GOP3j8zqHSbFi+N0TaBGhMa432y1xiojdkg +5C8EzqYSUvJxn4ePw4XTIsWOuVEZCCj3e0Z5PvIwTPY +--- 4H+V7sfTROtlJ+eKrXYaKnCm7cSmnQjj39cQdY39PWI +.Jo<]W}HI*4ݸgb{ETE#5bz!?oM&L'e󇷐b +B6Nc꼔/-9ھ`. ssh-ed25519 V1pwNA /YhGxaH+uVC4EXVNEpY6akQ3cyOFTCvbqnQDobPGbHE -pcRmdrS2h6GOmhiUQmbDncgAhfBMsI7pVc/8MrCQeiM --> ssh-ed25519 4PzZog dsRhlBiY7h+WrKqU7KlCYQ5Ypwz76uH9AjZlfLwf/3M -wNvcPHNISI5y0eGQpAv2jSZbTbA9C8LGzI8/dnMn3ZY --> ssh-ed25519 5Nd93w 5z8u2rWibJcfnkKJmtIv/toSUgkJdxk2HiBJ5yi1F34 -jXWyd2UcJgQLKHyl8/SbtR5uKEBPS1TWcSV+uQ6sudQ --> ssh-ed25519 q8eJgg puPp2e3TvJOmqF68x25NsZftZOjXoQRAfT3d6dulOwE -DMKRvgnqQKJbUcKlFvFPnIWQF48v/AhR0sRG7R01LMg --> ssh-ed25519 IzAMqA bkxqFYf3QFk4Bg+ax6l2B2/qEC1Sc2v1oNIXRxA942E -TYk7gMneWdKdx9PMJoROZy6k0A9smhQGoenypCiSSjE --> ssh-ed25519 uZzB3g ouKif0gJlk8Ijg4htLxS6V9kDm1oO10pgoIDGHlnKg0 -TtChPqbY4BWc6320hBVsdjOYsN8FZ7+kK+gAa8cPrXU --> ssh-ed25519 Hb0ipQ GQu3BHKFNOffCTgN6v/9dciTpSDOPHSD9L1R6OG74Hw -j9r+idSNJR0w6XgVZCGOdVsvsFPVbyc1/Nno4uqBCUw --> ssh-ed25519 IzAMqA cQNK62FYAGQY9+0YhVvVuKMaqB9IBPLUPCnM2nSUQzI -NOMoBDtIN9w1WlxuYHTLORS2xA//D8jIip4SidBUNog --> QjVPV-grease z #u>.AWX -ZAgcrfjgpw5J778jd9fRtQUns32SsiEybe/VTFKZw7P4J9STzRlt8/KDn8EJQ2Dh -K22xl+ENBo/+YuN1UQ ---- TYTyl621sRrBSPvYgf8uC3auUXL2ytoFi0ob6+NUSOw -pns1 螔{j7i'WWȖ ˿?+/P\~B}<څwI.W;rFćdHg>?սTl"-1_KzmEܙAY{d0,V8YV  \ No newline at end of file +-> ssh-ed25519 V1pwNA mAJQEFu0p2nxajUh4C7FrKnnyTEFVagT6rtCsKqDz18 +a85pGwh2S35v+VwC8DnIL0TJobCk8EihiN7p7bwlxiI +-> ssh-ed25519 4PzZog NbDMBIfNzmoG6jSRTrDpKbHm+5pd8tVLZhZbnzvGZRk +VzXjnmCR17I7ZX5b356OCRHJF7W10aj3SBF0MCcnzwY +-> ssh-ed25519 5Nd93w sNsptEu0kFqWKSTeEXvdsa38ka+h+LKXBqrTIqmE6jY +RrPnod0YsfbXGcfwKz3BfYyVQa2+OFR18X6f5V9xqX4 +-> ssh-ed25519 q8eJgg 7YPlbAGSZPq1IvLqk2EB0S7WfemTLkUv6FC5GrZHWDE +tTGgiNjuJl/3DLc/GKIczm5G38LZGekAXTF2TXUo+PU +-> ssh-ed25519 IzAMqA PcRZNr3VHZuB9XD3sRASaY8JaL45c8pF9Am/7P+94iU +Sml3WvRZ/wrUO5fqn02cJneCfjnZ5fJr9d3dTdqyCdg +-> ssh-ed25519 uZzB3g bWlsuR71mtorLasEP7+2cuH2S2B8uM222D6nQC5Rgw4 +rUQ1sXbeaehQm1e3/JVR8cQqE2hkwmUFV/PQ9Se1H1M +-> ssh-ed25519 Hb0ipQ kgBnX7+sd0rxcp88Hglenuf3qfoo1syJQceGxMbWDSQ +rb5cvTxSjInGgJRZq33vCIa23LkeFHbLCy2s3hZXSzI +-> ssh-ed25519 IzAMqA 0pLUe6dFlP9w2JPn53Mo6xXJNuJrLHH9mqerGYp4lFM +IvjADrsuDTHI0Ljzr899pG5/bwi+V+KfCt3hn6Nf/UA +--- jAsttyHTXJjcXYQym/QFfEvD8eMk+SK9IegD0p2bZ7Y +5:-l+5ņe<ëSYƣRKCH<1et"aʉ?Q&PӐ8Cw?N PWf|&BȚ][Wr|>ӫSKʳ%-&M"uпuz \ No newline at end of file diff --git a/secrets/gitlab/db_pw.age b/secrets/gitlab/db_pw.age index f9b29ee..c175d33 100644 Binary files a/secrets/gitlab/db_pw.age and b/secrets/gitlab/db_pw.age differ diff --git a/secrets/gitlab/ldap_pw.age b/secrets/gitlab/ldap_pw.age index e0350a2..48c93b4 100644 --- a/secrets/gitlab/ldap_pw.age +++ b/secrets/gitlab/ldap_pw.age @@ -1,16 +1,14 @@ age-encryption.org/v1 --> ssh-ed25519 V1pwNA 82JAj5XsvsKT8sIuARe4FTmSiCygEhTive+jIJ7h/R8 -M3U8He0axy2HLdKnmKDyvilT99LQPEkw27FF2hUI3tI --> ssh-ed25519 4PzZog c45jK9DTUO6sXTbhs8UrUjLIELIL8XVdYiOYZsR/4yY -HS4ng3Sb4J0f9OYHZLmWHWS/c3uetn3w6HG80uZNdUY --> ssh-ed25519 5Nd93w fBv3U1fx4kIQcPWAMl1xRUeIwiM1+0FpfhJZrHQMww4 -8ANUGKVp5Tpq/wbIgXhpi5cPsxFALOuOsisMEN5A4j0 --> ssh-ed25519 q8eJgg HTr8SCqna6YrbpdEWdXf3vcR/ohxQStlXabHjZN+zW8 -vyoLfNsO0zW+S2+nIHfB1s8GaD/XjfqnPq/i3G4IJqs --> ssh-ed25519 uZzB3g f6+fXpF/3aP36u+G1sDOhaQtdaWXwxoW2aWWC5E8X0Y -KRDi36ChFupksZMkxWEnUkaNBgZujYsXEhS7ngueo8E --> /Q|[]_7-grease WOAZ6f R~_\$m7 -e0+qF+9VouiUjHXF8coBkESl7COpdlPlBQYamcTsTto6CgZUZkYqWQ ---- n0CQNPMTO1iiR+zt+dDvj0FocVteXkclIlI0EXoKV7w -OrPK]PKx>e3rd瞿ݦ9d4G cά|T7g7z -P02bڍf,Ҩ2m  z^]M$ji7uY_lNPuA%<@ c{7 \ No newline at end of file +-> ssh-ed25519 V1pwNA JVsw8ztM2WBL6uR3IHhdsrJpRddMTzcd2WwpLMTbE3Q +WSw1UmfUPZEIcJ9Rr5i1s8ZiV0O4qrEmPHPHfvzvuP0 +-> ssh-ed25519 4PzZog LgiBGLVRfnntheKxXFjqP7GNhD0hwOaTMQ70vDEkbSQ +9MGIeJUi3Y3yxUNF+NEWRj+jP52r41XRPBV0246gMDw +-> ssh-ed25519 5Nd93w 8dEhOqim1Ryg6UpeCDv3e7ykF3IMri3ut/S5yuwieyI +m56/6dPG34+lVybgmjLBQNI9ba+sz8OpUu3QapEm+BM +-> ssh-ed25519 q8eJgg wQM2ASijF3YgUBOzpB0OAIZ2XH7lLsEj0wHpzUhe72M +IycltOHlMVE/g7F31mqiIFWsCPuFAHociD2pP3bOc54 +-> ssh-ed25519 uZzB3g Q3I0tbKR4g1QRryO4Dx1B409TuS1jLcOWW+OGh0a2X8 +SjK/s4Qp/TG6ED7fg2TaFAX8FyRPVu48l9epc3wWO40 +--- CUHCxUu6RfoD6zNpkmDgWBg+SF7FvZLDZKQojCSFkg4 ++nd~op8bd@ՋGI6 [1|J7oĻWQ7yc29 Ryi ssh-ed25519 V1pwNA DqbnodZkTmARvGsqUcwZJ6Z6dRJw+Pc/u/OyvLUXNlI -ra9Q9EprYEJELcQi7yS/2+AvyrEDehZ2XjIE4SD3K4Q --> ssh-ed25519 4PzZog 1bLboYJt4kTh2oYIkPtBWOKyCdQQYY7Z/NMhdWRr7Bg -XYX6Sj2dfHJdVr52vy7F5SLNudmPw0l+qX4VXkxo5Zw --> ssh-ed25519 5Nd93w 1V+Zb7AmYGLbBnMLy/yEuC+vUdWq8no/X6j+7Zykbw0 -Cu9av/RkbqGfE31UO1HobDcemy0C52WYt3F3ZJuPD0c --> ssh-ed25519 q8eJgg JkrqxwHOf7vch7sa5iERrPS6GtH7SOz6vkiJZ9iejhM -G0OBTxAN1Ip3vv5loXQPejnv25tK6Xu6xNqYIBQch0Y --> ssh-ed25519 YFaxCg ZjtuzeSNBZLGykOpsyxmeRLF8GE2eIhZBhn84bN8X08 -WXQsIs4Are7WVJhkDafrMm+FwyWfWTOHR6JYUg7nzPY --> O1CHe-grease <`%L -yfN8CioGGgvdsecROJgtsRw1BVyHtPcNgKMk1bGsNry37eY0/8PIQA ---- jVQDWIOkjduvoYdMFhEl2Y8do4IsplwELZ1N1dlEv2E -3>pN0j{ҠqL;{{%OJ_ά3NR#4 \ No newline at end of file +-> ssh-ed25519 V1pwNA 9h+5sIlvMiZRhje5GhsNJ8ucXWTkB1hS+kZBRs+YGRI +lmZ2+18WMJY38Kup8jBZDpUjQ3QQIeSgLGc9QFH2w8I +-> ssh-ed25519 4PzZog 0FIpyjjXwCcpgKB6ElsShe238/4VMNRfDGngBpqVyUQ +WAAVgHorFOmtU80RVUILGaXwfxBeV4N4EliHvxOMfCE +-> ssh-ed25519 5Nd93w dHBRtX2dXZFWY9kw74x94UAGqdb1IVe7uqfn+xbTXm0 +mvhqFd7G3pSK/W8koJI+sRU5SOQJmUwYhXdj05sMs2o +-> ssh-ed25519 q8eJgg dBrod8ucXLwEWcCiQ7bL1YYrSGGYfJwHeEfGV6aKGWk +FMHX98NsY98sIpH+Hj6zy33/qqpUIJv4acejkvs3lNM +-> ssh-ed25519 YFaxCg SQRuisMOT2BDyXCdFnXMZZoqZgSlXf6/FRmbn5qPjng +bstuHuNKdKgflf0/8s7Nlbu46EwsN/mMj8VlDDJy8yE +--- PCjE0Ry7iVdFNMznpD7I+BfW6BHV5MExXgREFVAu2g0 +Џ+#f|M,˨6ZzAC~)#G[s#g@ubHt2ym \ No newline at end of file diff --git a/secrets/secrets.nix b/secrets/secrets.nix index 863ec5e..7fa8397 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -25,6 +25,7 @@ let earth = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMpvgQcvK7iAm0QrIp5qSvUJzDhOrSBN9MJn9JUSI31I root@earth"; cadie = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIACcwg27wzzFVvzuTytcnzRmCfGkhULwlHJA/3BeVtgf root@cadie"; marvin = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIAme2vuVpGYX4La/JtXm3zunsWNDP+SlGmBk/pWmYkH root@marvin"; + calculon = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGsmeBfh4Jw2GOL7Iyswzn4TVNzalDbxDgh7WuQotFxR root@calculon"; systems = [ agentjones @@ -41,6 +42,7 @@ let earth cadie marvin + calculon ]; dns = [ @@ -78,6 +80,10 @@ let skynet # our offical server earth + + # nix + + calculon ] # ldap servers are web facing ++ ldap diff --git a/secrets/stream_ulfm.age b/secrets/stream_ulfm.age index f549778..55710f0 100644 Binary files a/secrets/stream_ulfm.age and b/secrets/stream_ulfm.age differ diff --git a/secrets/wolves/details.age b/secrets/wolves/details.age index 88a6369..ff19a49 100644 --- a/secrets/wolves/details.age +++ b/secrets/wolves/details.age @@ -1,23 +1,20 @@ age-encryption.org/v1 --> ssh-ed25519 V1pwNA cgA5VKQ3hp5rtso89O/MhPiHLOb782QoeLziZUeU70I -L2iCt0tsUJGLLLbezIABJvoRQMFteGqVFx6NL9cNlXU --> ssh-ed25519 4PzZog 7ze9+yot/hOqFsSK5LH8i0WLPUvC6Fi+2uGMS17lEkY -WrcC0tez5IE9zty14iBdcPQ+9AmZfVMdmSDrLVltntc --> ssh-ed25519 5Nd93w /w0wTVrmd9QZ/lojJugGFuOE4J5g7YFGBjFrnKcYhQA -CNiyiqzso5T2bqTAwhG1pmFY7SO9A5Te8BSDiiOHt/I --> ssh-ed25519 q8eJgg EoCZJYcZMdXkcJX60durhxuog/TTgHJqsUYplMCoE2Y -bCCKkvmKdQ5Kry3YBJcnPSE/dj6NJe8IUVQlT7lG9+Q --> ssh-ed25519 IzAMqA lb94hWJMJwWZbHwHRa/Fv9QsJdHqFBq5GBMWk/1xPkg -2edcY2p4ne64MkqRCvrbpWMnD7tBhwpwbVLcRx1VH0E --> ssh-ed25519 uZzB3g b6I8PBhisjX0/b5tgEAfHVqV+nRDWG2sPB+FGrz+iWc -a1mi9By/uYkB/Uyam8KZBcwogoWufD7jGwQ7A8zoi4Y --> ssh-ed25519 Hb0ipQ +MVbbtGivd/I0Sd54xFAZ0NoF0vFJFE3E/1Emalk4ww -lF573uIUJKvzpPt177h7j7jU+dBX3YE2bjoitCl0OXc --> ssh-ed25519 IzAMqA pM+865cvmhU/YQrEEiVmxMAMZqfzd8nuSBFdBYFK1S8 -mqudYwRO/KHhi4i3eeC6fMRv+q/VQn/MK5MSoRnRFTc --> B5i-grease b 9OK X;B_Gxz \ - ---- x5ul4yNubEnJfVA/vpTaKfV1eauqB8ahIEunq0G0GvY -8a!Q$ p>Zv!x{EGmCx"@/u镥(P ssh-ed25519 V1pwNA 64APjQFuCdQotU0idTNsNkQq4UurzLrI+sBfKVJeERw +0v6AqFqjTYNXd+01coluHCiNbXGoRux7xi7Xe2KJwMY +-> ssh-ed25519 4PzZog Qx/4nzBzpphw5zMU/Selzp0y2hxnuxt4riw5ZHn5/FM +LgKlXPi2C38thzhDYNI6xQlD7mF97xG+gBNKaZchuR8 +-> ssh-ed25519 5Nd93w qxvohVP435hgKa5ygKlagzB98r9Jli+alqrEck//FD8 +yCD2n/m8azvH8ivPzocnlx1JDl3VkIcz7fUIlWmXV14 +-> ssh-ed25519 q8eJgg AaxsYEyjuI/n8Cz7u40ruqB6rCwqpdgf5IKb2V3MUw4 +LH+r9sWo5ckvdl92pXPcw9QIQ85+XP1maq0a2n3SrFg +-> ssh-ed25519 IzAMqA +tU6QWR+ZPb6yw94POiSIYPr+su5CrHM9zn7XqkMoDg +CadoRJA8lpvo1hKQc0Ii2P1O6alZXEH/38H3GTVNf+c +-> ssh-ed25519 uZzB3g Yt2K67ZNN6/vLL6bvSlrfPs7vgxtS+ecF242++q1cCU +DLX5zRone3QdzVwD4Nxtpgd07wLgWs28zQEbj1Q+8B8 +-> ssh-ed25519 Hb0ipQ HADfPO++23LNnITJZIjpWOCqIJ3ZbIVBd1NvnbJqEzk +TyFj/I+a4kc8omedjAzKt0glVDbEJGkIluPClO5vFGA +-> ssh-ed25519 IzAMqA r74EwP4WbYv+CnF2Czp1xNocsF66j7y/Fbp9toufYms +zXD2vZaVTmaJtkxyBRYrn1xGf6i0K8PqFKweXQUeVa0 +--- nejIZ/IUpeIeZTR2jEbVjw574rHAeDzt7uMSIGb9rxQ +ǦK5蹓LCx՘Kp`"QU 8}`